"Data from unknown device xx:xx:xx:xx:xx:xx, sent deauth" ?

Hi,

I have RB 493G + R52Hn (+ 8dBi antenna). Wireless is in “AP Bridge” mode. There are 6 wireless clients in the house (2x Notebook, 1x MAC, 3x Smartphone). Encryption is WPA2 PSK (aes/ccm). All of the devices are in the AccessList. Problem is with one Smartphone (HTC Desire Z, AndroidOS). Mikrotik LOG is spammed by line “Data from unknown device xx:xx:xx:xx:xx:xx, sent deauth” (the MAC belongs to the smartphone). Another phone (Samsung Galaxy, also AndroidOS) does not have this problem at all.

Anyone know how to fix the problem?

LOG:

18:13:26 wireless,debug WLAN: XX:XX:XX:XX:XX:XX attempts to associate
18:13:26 wireless,debug WLAN: XX:XX:XX:XX:XX:XX in local ACL, accept
18:13:26 wireless,info XX:XX:XX:XX:XX:XX@WLAN: connected
18:13:26 dhcp,info dhcp1 deassigned 192.168.XXX.YYY from XX:XX:XX:XX:XX:XX
18:13:26 dhcp,info dhcp1 assigned 192.168.XXX.YYY to XX:XX:XX:XX:XX:XX
18:29:56 wireless,info XX:XX:XX:XX:XX:XX@WLAN: disconnected, extensive data loss
18:30:01 wireless,info WLAN: data from unknown device XX:XX:XX:XX:XX:XX, sent deauth
18:30:16 wireless,info WLAN: data from unknown device XX:XX:XX:XX:XX:XX, sent deauth
=== Another 70 lines with the same messahe, every 5sec===
18:44:49 wireless,info WLAN: data from unknown device XX:XX:XX:XX:XX:XX, sent deauth
18:44:49 wireless,info WLAN: data from unknown device XX:XX:XX:XX:XX:XX, sent deauth
18:44:51 wireless,debug WLAN: XX:XX:XX:XX:XX:XX attempts to associate
18:44:51 wireless,debug WLAN: XX:XX:XX:XX:XX:XX in local ACL, accept
18:44:51 wireless,info XX:XX:XX:XX:XX:XX@WLAN: connected
18:44:52 dhcp,info dhcp1 deassigned 192.168.XXX.YYY from XX:XX:XX:XX:XX:XX
18:44:52 dhcp,info dhcp1 assigned 192.168.XXX.YYY to XX:XX:XX:XX:XX:XX

WLAN configuration:

/interface wireless security-profiles
set [ find default=yes ] authentication-types=“” eap-methods=passthrough group-ciphers=“” group-key-update=5m interim-update=0s management-protection=disabled management-protection-key=“” mode=none name=default radius-eap-accounting=no radius-mac-accounting=no radius-mac-authentication=no radius-mac-caching=disabled radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=none static-key-0=“” static-key-1=“” static-key-2=“” static-key-3=“” static-sta-private-algo=none static-sta-private-key=“” static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=none tls-mode=no-certificates unicast-ciphers=“” wpa-pre-shared-key=“” wpa2-pre-shared-key=“”
add authentication-types=wpa2-psk eap-methods=“” group-ciphers=aes-ccm group-key-update=5m interim-update=0s management-protection=allowed management-protection-key=XXXXXX mode=dynamic-keys name=WPA2 radius-eap-accounting=no radius-mac-accounting=no radius-mac-authentication=no radius-mac-caching=disabled radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=none static-key-0=“” static-key-1=“” static-key-2=“” static-key-3=“” static-sta-private-algo=none static-sta-private-key=“” static-transmit-key=key-0 supplicant-identity=“” tls-certificate=none tls-mode=no-certificates unicast-ciphers=aes-ccm wpa-pre-shared-key=“” wpa2-pre-shared-key=XXXXX
/interface wireless
set 0 adaptive-noise-immunity=none allow-sharedkey=no antenna-gain=0 area=“” arp=enabled band=2ghz-b/g/n basic-rates-a/g=6Mbps basic-rates-b=1Mbps bridge-mode=disabled channel-width=20/40mhz-ht-above comment=“WLAN” compression=no country=no_country_set default-ap-tx-limit=0 default-authentication=no default-client-tx-limit=0 default-forwarding=no dfs-mode=none disable-running-check=no disabled=no disconnect-timeout=3s distance=dynamic frame-lifetime=0 frequency=2462 frequency-mode=manual-txpower frequency-offset=0 hide-ssid=yes ht-ampdu-priorities=0 ht-amsdu-limit=8192 ht-amsdu-threshold=8192 ht-basic-mcs=mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7 ht-guard-interval=any ht-rxchains=0 ht-supported-mcs=mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15,mcs-16,mcs-17,mcs-18,mcs-19,mcs-20,mcs-21,mcs-22,mcs-23 ht-txchains=0 hw-fragmentation-threshold=disabled hw-protection-mode=none hw-protection-threshold=0 hw-retries=7 l2mtu=2290 mac-address=YY:YY:YY:YY:YY:YY max-station-count=7 mode=ap-bridge mtu=1500 name=WLAN noise-floor-threshold=default nv2-cell-radius=30 nv2-noise-floor-offset=default nv2-preshared-key=“” nv2-qos=default nv2-queue-count=2 nv2-security=disabled on-fail-retry-time=100ms periodic-calibration=default periodic-calibration-interval=60 preamble-mode=both proprietary-extensions=post-2.9.25 radio-name=YYYYYYYYYYYY rate-selection=advanced rate-set=default scan-list=default security-profile=WPA2 ssid=XXXXX station-bridge-clone-mac=00:00:00:00:00:00 supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps tdma-period-size=2 tx-power-mode=default update-stats-interval=disabled wds-cost-range=50-150 wds-default-bridge=none wds-default-cost=100 wds-ignore-ssid=no wds-mode=disabled wireless-protocol=any wmm-support=enabled
/interface wireless manual-tx-power-table
set WLAN comment=“WLAN” manual-tx-powers=“1Mbps:17,2Mbps:17,5.5Mbps:17,11Mbps:17,6Mbps:17,9Mbps:17,12Mbps:17,18Mbps:17,24Mbps:17,36Mbps:17,48Mbps:17,54Mbps:17,HT20-0:17,HT20-1:17,HT20-2:17,HT20-3:17,HT20-4:17,HT20-5:17,HT20-6:17,HT20-7:17,HT40-0:17,HT40-1:17,HT40-2:17,HT40-3:17,HT40-4:17,HT40-5:17,HT40-6:17,HT40-7:17”
/interface wireless nstreme
set WLAN comment=“WLAN” disable-csma=no enable-nstreme=no enable-polling=yes framer-limit=3200 framer-policy=none
/interface wireless access-list
add ap-tx-limit=0 authentication=yes client-tx-limit=0 disabled=no forwarding=yes interface=WLAN mac-address=XX:XX:XX:XX:XX:XX management-protection-key=“” private-algo=none private-key=“” private-pre-shared-key=“” signal-range=-120..120
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 audio-monitor=00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 frame-size=300 frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name=“” memory-limit=10 multiple-channels=no only-headers=no receive-errors=no streaming-enabled=no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no

THANKS !

Anyone? This is really annoying… I spend a money for WiFi card to get rid of the SOHO WiFi router and now i have more problems than before … LOG is flooded by this and i can’t see important notices …

18:30:16 wireless,info WLAN: data from unknown device XX:XX:XX:XX:XX:XX, sent deauth
=== Another 70 lines with the same messahe, every 5sec===

when you rip out the mac’s its hard to tell you what the issues is, rather just make it dev1mac,dev2mac,dev3 if you want to keep animosity,

country=no_country_set
default-authentication=no

Firstly if an device is not in the ACL then it wont be accepted, but you do need to be notified in the log file?

I am unsure as to what you want to see in the log file that will be more important, but you can set up an remote log as well with a filter, the log manual will be able to assist u as well to not see things u don’t want to see?

That MAC belongs to one of the known device (phone HTC Desire Z - Android) and it is in the AccessList like the rest of the wireless devices, but only thisone causing the problem.
The device is accepted and connected successfully, but after coupple of minutes, it gets disconnected and then the message start appearing in the logfile. (The smartphone is on the same place, 4meters from the AP, so it does not left range of the AP.)

I found some information that the smartphone maybe using power save wifi mode, but with WMM enabled it shouldn’t be a problem …

try default autenticate = yes. If it works, then u know there is something about phone or the mac provided in accesslist

easy way..!
please, set system logging off of this topic when you don't want to appear to your control divice.

regards
Hasbullah.com

This is not a solution, this is “workaround” which will also remove other system messages which i would like to have in the log.

The thing is, the device will enable power safe mode after a while, anyway the wireless should stay connected (as it was before with another router), unfortunatelly looks like Mikrotik will not receive response to this:

disconnect-timeout (time [0s..15s]; Default: 3s) … This interval is measured from third sending failure on the lowest data rate. At this point 3 * (hw-retries + 1) frame transmits on the lowest data rate had failed. During disconnect-timeout packet transmission will be retried with on-fail-retry-time interval. If no frame can be transmitted successfully during diconnect-timeout, connection is closed, and this event is logged as “extensive data loss”. Successful frame transmission resets this timer.

(I’ve set the timeout to 15sec, but it did not help)

So, Mikrotik is trying to deauth that device, but the device will not deauth, and that is the reason why the LOGfile is spammed over and over by the message.

22:45:59 wireless,info WLAN: data from unknown device <CLIENT_MAC_1>, sent deauth
22:45:59 wireless,info WLAN: data from unknown device <CLIENT_MAC_1>, sent deauth
22:45:59 wireless,info WLAN: data from unknown device <CLIENT_MAC_1>, sent deauth

After that, when i unlock the device and try to access something on network, wireless connection will drop for few sec and then it reconnect (i have autoconenct to that Wireless network) and reassociate on Mikrotik, then the connection is fine, until the phone fall into power saving mode again …

22:46:14 wireless,debug WLAN: <CLIENT_MAC_1> attempts to associate
22:46:14 wireless,debug WLAN: <CLIENT_MAC_1> in local ACL, accept
22:46:14 wireless,info <CLIENT_MAC_1>@WLAN: connected
22:46:14 dhcp,info dhcp1 deassigned 192.168.X.XX from <CLIENT_MAC_1>
22:46:14 dhcp,info dhcp1 assigned 192.168.X.XX to <CLIENT_MAC_1>

Yes, i can disable the saving mode for wireless, but this will drastically decrease the battery life (the phone will die in 3-5h), which is not acceptable at all.


And again, i did not had this kind of problems with another Wireless router (ASUS, Linksys), i hat wifi enabled on that device 24/7 and without any problems.

So, the question is, where the problem is. Is it a RouterOS bug or Mikrotik is tooo sophisticated? And the most important thing is … “how to fix this” ? Maybe some way how to exclude some device from that 15sec checking, or at least way how to exclude exact line from logfile. But the proper fix would be much appreciated, IF the problem is in Mikrotik (i did not find any arcticle, discussion or comment obout this )

Thanks,

Stun

Hi there
I am having the same problem.
plz help

same trouble on rb433 (ROS 5.15)
client’s mac added to access-list, but after 3-4 days client lose connection with message “Data from unknown device” until i have reboot router or until i have run scanning

Had the same problem. Someone was using an Ubiquiti client to try to connect. I think the problem was that he had not setup the password. Plus my MT was restarting the whole time. Never found the real problem; just asked the person to turn off the Ubiquiti radio.

Guys same happend here with RB711GA-HND working at outdoor enviorment with 30 cpes connected to it.
It was just impossible to work, I tryed contact with support team, no answare from them, had to change it
for a RocketM5 !!Now everything its back to normal.

Same problem with my HTC sensation and RB751

I had the same problem with a Samsung (android) phone. Rebooting the phone solved this issue. The AP stopped functioning for all the other clients while this DEAUTH flood was going on.

I saw a similar flooding of messages with a Nook Color.

I’d argue that the logging for that message shouldn’t be at “info” level but more like debug.

Stunherald did u try it only b/g mode
and without WPA2 PSK

+1 for this problem, Samsung Galaxy S2 (I have two devices, problem happens with both)

It is really annoying and it is impossible to keep the wifi while device is in idle mode, and it EAT all my mobile data plan.

Was on 5.2x, upgraded to 6rc7, same problem

My apologies for the thread necromancy here, but rather than start a whole new post about this I’d just like to add that I’m having the exact same problem, also caused by a Samsung Galaxy S2 on my wireless network.

I absolutely love my MikroTik router, but this one “feature” is really getting annoying. As a previous poster said, I did not have this issue with my old WRT54GL running DD-WRT or the piece of junk Asus router I had after that.

Whenever the deauth flood happens it absolutely kills all wireless access. Everything gets thrown off the WLAN and cannot connect to it until the offending device is rebooted. If I connect to the router via ethernet and look at the log, it is getting absolutely hammered with deauth messages related to the MAC of the Galaxy S2. I figure this is probably an Android bug related to the S2 but I would hope the router would handle this better.

IS there any fix for this? (Yes, rebooting the phone makes it stop but that’s not a fix!)

All right…anyone? No one? This is a common problem and we get complete silence. I’m sick of my Galaxy S2 completely knocking out my wireless. I’ve done a google search and this is a very common problem and I have yet to see any kind of an answer or solution. There is no reason why a buggy Galaxy S2 should knock out a router for hours on end with “deauth” errors. Even my piece of junk Asus router didn’t do this.

Is anyone out there listening?

Maybe a more recent thread will yield some answers, or at least posting there might draw more attention to the problem.

I have the same issue here. RB951-2n
Already updated to version 5.24 and the problem not solved either.

I keep getting this log continuosly every several seconds or minutes.
wlan1 : data from unknown device (dev1mac), sent deauth.
(dev1mac) @wlan1 : connected
(dev1mac) @wlan1 : disconnected extensive data loss.
wlan1 : data from unknown device (dev1mac), sent deauth.
wlan1 : data from unknown device (dev1mac), sent deauth.
(dev1mac) @wlan1 : connected
wlan1 : data from unknown device (dev2mac), sent deauth.
(dev2mac) @wlan1 : connected

I only use 2 client. 1 is Galaxy Phone and 1 is PC.
This deauth thing seems to be more often occured on my Galaxy phone device.
I already try various difference configuration in wireless advance mode.
hw protection mode, hw adaptive noise immunity, hw retries, preamble mode, WMM, disconnect timeout, bridging, and everything else in there but still no luck.


Anyone already got the resolve or we need to wait for the next version?