Home Network Community > Wi-Fi Routers > repeated "IEEE 802.11 disassociated" entries flooding the system log
< Wi-Fi Routers

repeated "IEEE 802.11 disassociated" entries flooding the system log

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

repeated "IEEE 802.11 disassociated" entries flooding the system log

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
repeated "IEEE 802.11 disassociated" entries flooding the system log
repeated "IEEE 802.11 disassociated" entries flooding the system log
2022-04-15 13:36:16 - last edited 2022-04-15 13:39:35
Model: Archer C6  
Hardware Version: V2
Firmware Version: 1.1.8 Build 20210226 rel.34930(5553)

Hello!

 

I have seen another post in the forum related to my situation, but I have an additional question related to the matter not covered in the other post.

 

I have noticed my Archer's system log is being flooded with "IEEE 802.11 disassociated" entries, here's an excerpt from the log:

 

2022-04-14 18:59:01 wireless[3979]: <6> 208053 ath03:STA 44:3b:32:7f:1f:13 IEEE 802.11 disassociated
2022-04-14 18:59:01 wireless[1749]: <6> 208053 ath0:STA 44:3b:32:7f:1f:13 IEEE 802.11 disassociated
2022-04-14 18:59:01 wireless[23410]: <6> 208053 ath01:STA 44:3b:32:7f:1f:13 IEEE 802.11 disassociated
2022-04-14 18:59:01 wireless[3979]: <6> 208053 ath03:STA 44:3b:32:7b:49:87 IEEE 802.11 disassociated
2022-04-14 18:59:01 wireless[1749]: <6> 208053 ath0:STA 44:3b:32:7b:49:87 IEEE 802.11 disassociated
2022-04-14 18:59:01 wireless[23410]: <6> 208053 ath01:STA 44:3b:32:7b:49:87 IEEE 802.11 disassociated
2022-04-14 18:59:01 wireless[3979]: <6> 208053 ath03:STA 44:3b:32:19:f2:81 IEEE 802.11 disassociated
2022-04-14 18:59:01 wireless[1749]: <6> 208053 ath0:STA 44:3b:32:19:f2:81 IEEE 802.11 disassociated
2022-04-14 18:59:01 wireless[23410]: <6> 208053 ath01:STA 44:3b:32:19:f2:81 IEEE 802.11 disassociated
2022-04-14 18:59:01 wireless[3979]: <6> 208053 ath03:STA 44:3b:32:19:f2:81 IEEE 802.11 disassociated
2022-04-14 18:59:01 wireless[1749]: <6> 208053 ath0:STA 44:3b:32:19:f2:81 IEEE 802.11 disassociated
2022-04-14 18:59:01 wireless[23410]: <6> 208053 ath01:STA 44:3b:32:19:f2:81 IEEE 802.11 disassociated
2022-04-14 18:58:58 wireless[3979]: <6> 208053 ath03:STA 44:3b:32:7f:1f:13 IEEE 802.11 disassociated
2022-04-14 18:58:58 wireless[1749]: <6> 208053 ath0:STA 44:3b:32:7f:1f:13 IEEE 802.11 disassociated
2022-04-14 18:58:58 wireless[23410]: <6> 208053 ath01:STA 44:3b:32:7f:1f:13 IEEE 802.11 disassociated
2022-04-14 18:58:58 wireless[3979]: <6> 208053 ath03:STA 44:3b:32:7b:49:87 IEEE 802.11 disassociated
2022-04-14 18:58:58 wireless[3979]: <6> 208053 ath03:STA 44:3b:32:7b:49:87 IEEE 802.11 disassociated
2022-04-14 18:58:58 wireless[1749]: <6> 208053 ath0:STA 44:3b:32:7b:49:87 IEEE 802.11 disassociated
2022-04-14 18:58:58 wireless[1749]: <6> 208053 ath0:STA 44:3b:32:7b:49:87 IEEE 802.11 disassociated
2022-04-14 18:58:58 wireless[23410]: <6> 208053 ath01:STA 44:3b:32:7b:49:87 IEEE 802.11 disassociated
2022-04-14 18:58:58 wireless[23410]: <6> 208053 ath01:STA 44:3b:32:7b:49:87 IEEE 802.11 disassociated
2022-04-14 18:58:57 wireless[3979]: <6> 208053 ath03:STA 44:3b:32:7b:49:87 IEEE 802.11 disassociated
2022-04-14 18:58:57 wireless[1749]: <6> 208053 ath0:STA 44:3b:32:7b:49:87 IEEE 802.11 disassociated
2022-04-14 18:58:57 wireless[23410]: <6> 208053 ath01:STA 44:3b:32:7b:49:87 IEEE 802.11 disassociated
2022-04-14 18:58:56 wireless[3979]: <6> 208053 ath03:STA 44:3b:32:7b:49:87 IEEE 802.11 disassociated
2022-04-14 18:58:56 wireless[1749]: <6> 208053 ath0:STA 44:3b:32:7b:49:87 IEEE 802.11 disassociated
2022-04-14 18:58:56 wireless[23410]: <6> 208053 ath01:STA 44:3b:32:7b:49:87 IEEE 802.11 disassociated
2022-04-14 18:58:56 wireless[3979]: <6> 208053 ath03:STA 44:3b:32:19:f2:81 IEEE 802.11 disassociated
2022-04-14 18:58:56 wireless[1749]: <6> 208053 ath0:STA 44:3b:32:19:f2:81 IEEE 802.11 disassociated
2022-04-14 18:58:56 wireless[23410]: <6> 208053 ath01:STA 44:3b:32:19:f2:81 IEEE 802.11 disassociated

 

Notice the frequency for the entries... several per second. I have the "auto-mail" feature enabled in the router, it was set to send the log once a day. After I noticed that flood of log entries as above, I changed the setting to email the log every 1 hour (it's the shortest time value allowed in the GUI, I think) and with that, I receive every one hour a system log file by email which only contains the last 5 minutes of events (due to the sheer amount of "disassociated" entries present versus the maximum log size the router can handle before overwriting older entries).

 

As a test, I grabbed a smartphone and set up a wifi connection to my router's ssid but deliberately choosing a wrong password, the result in the log was as such:

 

2022-04-15 09:54:08 wireless[3644]: <6> 208053 ath01:STA 48:49:c7:40:49:84 IEEE 802.11 disassociated
2022-04-15 09:54:08 wireless[3644]: <6> 208055 ath01:STA 48:49:c7:40:49:84 IEEE 802.1X failed to athorize
2022-04-15 09:54:04 wireless[3644]: <6> 208052 ath01:STA 48:49:c7:40:49:84 IEEE 802.11 associated
2022-04-15 09:54:04 wireless[3644]: <6> 208051 ath01:STA 48:49:c7:40:49:84 IEEE 802.11 authenticated

 

So a failed authentication attempt yields a greater diversity of entries in the system log than what I see in the message flood.

Any ideas on what those devices are supposedly attempting against my wifi network?

 

Including the offending MACs in the router's access control black list does not help preventing the flood of log entries. Maybe because it is not actually attempting to authenticate (which furthermore, even if it did try that I believe it would fail because it is not supposed to know what the password is. I have set up WPA2 AES with a long and random string).

 

A MAC vendor lookup reveals them to be from a maker which sells networking gear and also home automation/security devices. So it could be anything from access points to wireless cameras or smart home appliances.

 

Is there anything I can try with my Archer C6 to "get back" my system log to some state of usefulness? Other than hoping this misbehaving devices get turned off or properly configured by its owner. That is, unless the log flood has some active meaning/purpose behind it, by whoever is in possession/charge of the devices. (I am not from a network security background so thinking it could be something else than a misbehaving device is pure guessing on my part).

 

Regards,

 

  0      
 
  0      
 
#1
Options
9 Reply
Re:repeated "IEEE 802.11 disassociated" entries flooding the system log
2022-04-15 14:19:10

  @FL1970 

 

It seems that this phenomenon has been reported before - here.

Try the OPs suggestion to see if you can mitigate this issue.

Another way is to try lowering Transmit Power to "Medium" and see if that will remove these messages from your router log:

 

 

If this was helpful click once on the arrow pointing upward. If this solves your issue, click once the star to mark it as a "Recommended Solution".
  0  
  0  
#2
Options
Re:repeated "IEEE 802.11 disassociated" entries flooding the system log
2022-04-16 13:59:40

  @terziyski thank you for the suggestion.

 

I need to apologize, for that post was exactly the one I was referring to in the OP. I should have linked to it for clarity.

I noticed the behavior is somehow different, for in that other thread you linked to for reference, the OP's device system log shows a succession of both "authenticated" and "disassociated" entries logged together, whereas mine only gets the "disassociated" ones.

 

Anyway, back to gist of it - I will check how a change in the transmit power setting affects the behavior I am seeing and reply back with the results.

  0  
  0  
#3
Options
Re:repeated "IEEE 802.11 disassociated" entries flooding the system log
2022-04-17 00:54:06 - last edited 2022-04-17 00:55:09

  @terziyski Changing the power level setting to "Medium" made no difference, then I tried "low" just for the sake of it and same thing.

 

After that, I disabled the wireless radio for both 2.4 GHz and 5 GHz at the same time and now it looks *very* weird, screenshots of Archer's GUI and the Archer System Log file below:

 

 

Those "disassociated" entries keep appearing even while wireless is fully disabled. 

 

Time for a bug report with TP-Link support (that's something I can do, right?) or first going for a factory reset and reconfiguring the router from zero to see if that behavior goes away?

 

Regards,

 

 

 

 

  0  
  0  
#4
Options
Re:repeated "IEEE 802.11 disassociated" entries flooding the system log
2022-04-17 02:36:39

  @FL1970 

 

Yep, you could do a factory reset as a final resort to check if that will make a difference.

One more thing - your FW allows you to turn off OneMesh feature.

Turn it off and check if that will make any difference in your system log.

If after all, this behavior persists you can contact your local tech support and report this.

If this was helpful click once on the arrow pointing upward. If this solves your issue, click once the star to mark it as a "Recommended Solution".
  3  
  3  
#5
Options
Re:repeated "IEEE 802.11 disassociated" entries flooding the system log
2022-04-24 17:20:33

  @terziyski Hi, tried all those but no luck.

 

1) Disabled OneMesh

2) Raised a ticked with local TP-Link Support for my country. Their reply was that a) no behavior like what I have described happening with the router has been reported as a bug and b) the router firmware is up-to-date, so there are no action/steps to try to help me.

3) Did a factory reset

 

 

Thank you for trying to help me with it. At this point I have no option but to give up, I suppose.

Regards!

 

  0  
  0  
#6
Options
Re:repeated "IEEE 802.11 disassociated" entries flooding the system log
2022-04-24 17:38:51 - last edited 2022-04-25 01:25:57

  @FL1970 

 

I would bet on misbehaving neighbors devices - the last screenshot reveals a Tenda made device MAC address.

This shouldn't be a security concern for you, but an unpleasant log flooding situation.

With the TP-Link's answer in mind there's nothing more you can do except talking to the neighbors about that (if possible).

The weird part for me though is - if you've turned your both radio bands OFF and the OneMesh feature is OFF, where these logs come from ?

If this was helpful click once on the arrow pointing upward. If this solves your issue, click once the star to mark it as a "Recommended Solution".
  1  
  1  
#7
Options
Re:repeated "IEEE 802.11 disassociated" entries flooding the system log
2022-04-25 13:19:04

  @terziyski You're right - it was a bit of a surprise to see new entries appearing even after turning both radios off. I should point out I did not reboot the router after unchecking the appropriate setting and clicking save - after I saw their corresponding LED indicators turning off in the router,  I thought that should be enough. Just to make sure, I will try turning them off again and then rebooting the router.

 

I live in an apartment building, with the router installed just 1m away from the outer building wall, there are quite a few surrounding houses / shops at ground level and a couple other buildings nearby. I understand the chances while trying to locate these devices, even if I get my hands on a directional antenna, are quite low. At the very minimum, for curiosity's sake, I think I will try to use kismet and confirm a wireless signal for those MACs is indeed being transmitted.

 

I was not much concerned about the misbehaving devices doing what they're doing, with the OP I just wanted to try to find a way to get the router's log back to an usability state (by stopping the message flood with some router tweaking for example).

 

Regards,

  0  
  0  
#8
Options
Re:repeated "IEEE 802.11 disassociated" entries flooding the system log
2022-04-25 13:32:18 - last edited 2022-04-25 13:36:04

  @FL1970 

 

I understand your intention to get back your router log normal appearance by your initial post.

But as you can see nothing more can be done to resolve this situation given the tech support response.

I would suggest to disable both your radio bands, as well as OneMesh feature, reboot the router and observe the logs for any wireless radio related logs.

As for pinpointing these devices there are apps like inSSIDer and Wi-Fi Analyzer which you could use to get a reasonable proximity using your phone or laptop.

 

If this was helpful click once on the arrow pointing upward. If this solves your issue, click once the star to mark it as a "Recommended Solution".
  0  
  0  
#9
Options
Re:repeated "IEEE 802.11 disassociated" entries flooding the system log
2022-04-25 15:52:04

  @terziyski Yes, I will do so (turn off radio / onemesh / reboot) and report back.

Very much appreciated for all the feedback and pointers you gave on this!

  0  
  0  
#10
Options

Information

Helpful: 0

Views: 2875

Replies: 9

Related Articles
 Igmp flood
1818 0
 Range Extender AX1500 RE505X IEEE 802.11 Band 2,4GHz. NO ax ?
699 0
e4 mDNS flood
886 0
 T4U EU2 - How to change from 802.11 a to 802.11 ac
448 0
Flood of DNS requests to NTP server
4626 0
 SysLog Entries
1011 1
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.