2024年2月2日发(作者:)

AP关联失败原因分析报告

.一、关联过程

关联主要指Station发送Association Request给AP,Association Request中携带了一下协商信息,包括加密方式、支持的速率、支持的功率以前其他的一些特性。AP如果对这些协商信息没有异议且都支持的话,则回应携带OK信息Association Response给Station同意其接入。至此,关联成功。Station可以继续发送正常的数据报文。

图1. 关联过程

但如果AP对Station的协商信息有异议,则会发送携带错误码的Association Response给Station,以拒绝其接入。

.二、关联失败的原因:

关联失败的主要原因有:

资源不足

非法,包括加密算法等

3.不支持的功率

4.不支持的速率

5.其他不支持的功能

通常我们常见的失败原因有2/3/4条。需要注意的是,通常Station在关联失败的情况下,会不断的尝试重新关联,这个频率是很快的,甚至达到每分钟2次。如果不去管Station,那么这个Station一天下来就会产生大约2800的关联失败。而一台AP一般接入10-15个Station,算上正常的上下线以及重关联,关联成功次数也就是最多几百次。但

如果存在一个不断关联的Station,那么关联失败率就会显的很高了。

.三、关联成功率:

计算公式:关联成功率===关联成功次数/关联请求数量

以下为两个节点的OID:

关联成功次数

关联请求数量

h3cDot11C不包含重关联成功次urAPID 数

h3cDot11ApStationAssocSum

h3cDot11Ch3cDot11ApStationAsh3cDot11ApurAPID socReqSum = StationAssh3cDot11ApStationAsocReqSum

socSum +

h3cDot11ApStationAssocFailSum

1.3.6.1.4.1.2011.10.2.75.2.2.3.1.1

1.3.6.1.4.1.2011.10.2.75.2.2.3.1.9

.四、关联协议标准:

协议中定义的reason code,对于association关注以disassociated开头的原因

协议内容截取:

7.2.3.3 Disassociation frame format

The frame body of a management frame of subtype Disassociation contains the information shown in

Table 7-9.

Order Information

1 Reason code

2 One or more vendor-specific information elements may appear in this frame.

7.3.1.7 Reason Code field

This Reason Code field is used to indicate the reason that an unsolicited notification management frame

of

type Disassociation, Deauthentication, DELTS, DELBA, or DLS Teardown was generated. The length of the

Reason Code field is 2 octets. The Reason Code field is illustrated in Figure 7-25.

The reason codes are defined in Table 7-22.

Table 7-22—Reason codes

Reason code Meaning

0 Reserved

1 Unspecified reason

2 Previous authentication no longer valid

3 Deauthenticated because sending STA is leaving (or has left) IBSS or ESS

4 Disassociated due to inactivity

5 Disassociated because AP is unable to handle all currently associated STAs

6 Class 2 frame received from nonauthenticated STA

7 Class 3 frame received from nonassociated STA

8 Disassociated because sending STA is leaving (or has left) BSS

9 STA requesting (re)association is not authenticated with responding STA

10 Disassociated because the information in the Power Capability element is unacceptable

11 Disassociated because the information in the Supported Channels element is unacceptable

12 Reserved

13 Invalid information element, i.e., an information element defined in this standard for

which the content does not meet the specifications in Clause 7

14 Message integrity code (MIC) failure

15 4-Way Handshake timeout

16 Group Key Handshake timeout

17 Information element in 4-Way Handshake different from (Re)Association Request/Probe

Response/Beacon frame

18 Invalid group cipher

19 Invalid pairwise cipher

20 Invalid AKMP

21 Unsupported RSN information element version

22 Invalid RSN information element capabilities

23 IEEE 802.1X authentication failed

24 Cipher suite rejected because of the security policy

25–31 Reserved

32 Disassociated for unspecified, QoS-related reason

33 Disassociated because QoS AP lacks sufficient bandwidth for this QoS STA

34 Disassociated because excessive number of frames need to be acknowledged, but are not

acknowledged due to AP transmissions and/or poor channel conditions

35 Disassociated because STA is transmitting outside the limits of its TXOPs

36 Requested from peer STA as the STA is leaving the BSS (or resetting)

37 Requested from peer STA as it does not want to use the mechanism

38 Requested from peer STA as the STA received frames using the mechanism for which a

39 Requested from peer STA due to timeout

45 Peer STA does not support the requested cipher suite