B
Premium,MVM
join:2000-10-28
| Recurring 802.11a Dual-Band Lockups (Cisco Aironet, Dell)
Can someone assist? This has stumped me.
Access Point: Cisco Aironet 1240AG.
SSID associated on both bands, 802.11a and 802.11b/g.
Client: Dell Latitude with Dell Wireless 1490 Dual Band card
OS: XP SP2
WPA/TKIP
WZC manages connection.
I can associate for some time between 10 seconds and an hour before things just... stop working. The connection appears to be valid -- the system tray icon shows a connected status on the desired SSID -- but the connection doesn't work, no ping/ICMP, etc. Sometimes, but not always, errors shown in the log (below) act as if the station has lost radio signal, but I'm right near the AP and have tried it with two different units. Sometimes these errors do NOT appear during such lockups.
But what does work is if I go into the client NIC and disable 802.11a at the client. Then the connection becomes rock solid.
The kicker: this situation applies even when on the Access Point the 802.11a radio is completely disabled and removed from the SSID scope.
It's as if the client side keeps thinking that 802.11a is valid for the SSID and keeps flapping between the two, even though one band is completely off at the AP. (Yes, I know the log shows only 1 radio involved.) Any thoughts?
-- B
(Some errors may stem from testing:)
9 Jul 3 21:23:23.078 Information Interface Dot11Radio0, Deauthenticating Station xxxx.xxx.xxx.b27 Reason: Previous authentication no longer valid
Interface Dot11Radio0, Deauthenticating Station xxxx.xxxx.xxxx Reason: Previous authentication no longer valid
10 Jul 3 21:23:23.077 Warning Packet to client xxx.xxxx.xx27 reached max retries, removing the client
11 Jul 3 21:18:57.686 Information Interface Dot11Radio0, Station AP yyy.yyy.ceb Reassociated KEY_MGMT[WPA PSK]
12 Jul 3 21:17:10.969 Information Interface Dot11Radio0, Deauthenticating Station xxxx.xxxx.x082 Reason: Sending station has left the BSS
13 Jul 3 21:16:59.048 Information Interface Dot11Radio0, Deauthenticating Station xxx.xxx.xxxceb Reason: Sending station has left the BSS
14 Jul 3 21:07:38.622 Information Interface Dot11Radio0, Station AP xxx.xxx.b27 Associated KEY_MGMT[WPA PSK]
15 Jul 3 21:07:38.228 Debugging Station xxx.xxx.b27 Authentication failed
16 Jul 3 21:07:37.344 Information Interface Dot11Radio0, Deauthenticating Station xxx.xxx.b27 Reason: Sending station has left the BSS
17 Jul 3 21:00:43.874 Information Interface Dot11Radio0, Station AP xxx.xxx.b27 Associated KEY_MGMT[WPA PSK]
18 Jul 3 21:00:43.609 Information Interface Dot11Radio0, Deauthenticating Station xxx.xxx.b27 Reason: Sending station has left the BSS
19 Jul 3 20:37:55.003 Information Interface Dot11Radio0, Station AP xxx.xxx.b27 Associated KEY_MGMT[WPA PSK]
20 Jul 3 20:37:54.959 Information Interface Dot11Radio0, Deauthenticating Station xxx.xxx.b27 Reason: Sending station has left the BSS
--
In a realm outside causality and function |
|
tubbynet
more voices, more choices
Premium
join:2008-01-16
Mesa, AZ | not too be picky, but would you mind posting the configuration of the AP when both the A and G spectrums are live and active?
q. |
|
B
Premium,MVM
join:2000-10-28
| Sure. I wasn't going to fill up the thread unless someone asked. Thank you!
I can't access the APs right now, but here's one of the last configs I have (unfortunately the second 802.11a radio was already turned off):
XXXX_AP1#show run Building configuration... Current configuration : 2156 bytes ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname XXXX_AP1 ! enable secret 5 $xxxx ! no aaa new-model ! resource policy ! ip subnet-zero ! ! dot11 activity-timeout unknown default 60000 dot11 activity-timeout client default 60000 dot11 activity-timeout repeater default 60000 dot11 activity-timeout workgroup-bridge default 60000 dot11 activity-timeout bridge default 60000 ! dot11 ssid xxxxxxxxxxxxxxxxxxxxxxx authentication open authentication key-management wpa guest-mode infrastructure-ssid optional wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxx information-element ssidl ! dot11 network-map power inline negotiation prestandard source ! ! username Cisco privilege 15 password 7 xxxxxxxxxxxxxxxxx ! bridge irb ! ! interface Dot11Radio0 no ip address no ip route-cache ! encryption mode ciphers tkip ! ssid xxxxxxxxxxxxxxxxxxxxxxx ! packet retries 128 drop-packet channel 2462 station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface Dot11Radio1 no ip address no ip route-cache shutdown ! encryption mode ciphers tkip ! ssid xxxxxxxxxxxxxxxxxxxxxxx ! dfs band 3 block packet retries 128 drop-packet channel dfs station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding bridge-group 1 spanning-disabled ! interface FastEthernet0 no ip address no ip route-cache duplex auto speed auto bridge-group 1 no bridge-group 1 source-learning bridge-group 1 spanning-disabled ! interface BVI1 ip address 192.168.10.xxx 255.255.255.0 no ip route-cache ! ip default-gateway 192.168.10.1 ip http server no ip http secure-server ip http help-path » www.cisco.com/warp/public/779/sm···help/eagbridge 1 route ip ! ! ! line con 0 line vty 0 4 login local ! end XXXX_AP1#
--
In a realm outside causality and function |
|
tubbynet
more voices, more choices
Premium
join:2008-01-16
Mesa, AZ
 ·Sprint Mobile Broa..
 ·Cox HSI
 ·FrontierNet Intern..
| i'm curious, did you use the web-based application to configure the access point?
something seems fishy about the dot11 timeout features. something strikes me as this is not doing its job correctly.
if you did not use the web utility, where did you pull the information for some of the config used?
q. |
|
B
Premium,MVM
join:2000-10-28
| Yes, originally I did use the web GUI. (Coincidentally or not, one of the AP's GUIs is acting poorly under Seamonkey lately; it seems like the browser is screwing up the Javascript that loads settings when clicking, for example, the SSID name).
I then used the telnet CLI to copy and save the configuration settings. I may have also set some parameters via the CLI, but I don't think I did.
Come to think of it, I may have tweaked that timeout feature (drop packet) when trying to avoid this ongoing (as posted) problem, wherein it thinks the signal is too weak. The idea was to NOT drop the station merely because it didn't echo quickly enough. It didn't appear to help much though.
Still looking for earlier config samples...
-- B
--
In a realm outside causality and function |
|
tubbynet
more voices, more choices
Premium
join:2008-01-16
Mesa, AZ
·Sprint Mobile Broa..
·Cox HSI
·FrontierNet Intern..
|
i don't think that i've ever set something like this up before (i usually do multi-AP deployments using a WLC), and the defaults have always worked well for me. i can see where this is an issue as if there is an activity timeout (or say the station associates but will not pull dhcp, etc) that may lead to the drop packet condition
i assume this means repeat a packet send 128 times before dropping the packet?
if so, i really think you are dealing with some sort of timeout issues causing packet loss.
additionally, what code are you running?
q. |
|
B
Premium,MVM
join:2000-10-28
| Cisco IOS Software, C1240 Software (C1240-K9W7-M), Version 12.4(3g)JA1, RELEASE SOFTWARE (fc1) But everything works once I disable 802.11a at the client side. That is, this problem doesn't occur when I force my client side to use 802.11b/g only.
I don't understand how any of the AP timeouts come into play -- the 802.11a radio's completely off at the AP.
Any theory on this? (Thanks for the input to date.)
-- B
--
In a realm outside causality and function |
|
tubbynet
more voices, more choices
Premium
join:2008-01-16
Mesa, AZ
·Sprint Mobile Broa..
·Cox HSI
·FrontierNet Intern..
| it looks like you have the configuration applied to the Dot11Radio1 interface for the SSID as well. is there any specific reason for this? are you planning to use 802.11a for other clients? have you tried enabling a only (disabling b/g) and see if everything manifests? have you cleared any "cached" SSIDs in your wireless utility?
q. |
|
B
Premium,MVM
join:2000-10-28
| said by tubbynet  :it looks like you have the configuration applied to the Dot11Radio1 interface for the SSID as well. is there any specific reason for this? Well, yeah, the way I originally set it up I had the same SSID set for both bands. Is that a no-no? Do most places use two SSIDs, e.g., "CompanyWLAN-g" and "CompanyWLAN-a" ? (I don't think I've ever seen that.)
In any case, on the latest iterations of my testing I removed the SSID from the .a radio settings, as mentioned in my OP.
are you planning to use 802.11a for other clients? Not really; the clients will always have 802.11g, though they may have dual-band cards, so I thought I should leave both radios running. More efficient use of spectrum, resiliency, etc.
have you tried enabling a only (disabling b/g) and see if everything manifests? Nope, not yet, but that's not a bad idea for testing.
have you cleared any "cached" SSIDs in your wireless utility? Again, nope but not a bad idea. I did try to figure out where Windows keeps/caches associations between SSIDs and particular bands or other info (channel, etc.), if it even does this, but was unsuccessful. All it seems to care about / remember is the SSID per se.... but if it really is caching something funny stemming from my original connection state then this idea might clear things up! (I suppose even better would be changing the AP's SSID just in case Windows caching is perniciously persistent even after deleting the SSID...)
-- B
--
In a realm outside causality and function |
|
tubbynet
more voices, more choices
Premium
join:2008-01-16
Mesa, AZ
·Sprint Mobile Broa..
·Cox HSI
·FrontierNet Intern..
| typically, corporations will use the same SSID for both (a) and (g) bands (at least thats how they had me deploy them). in some instances i have delineated between (a) and (g) only for the sake of using (a) for wireless voice (cisco 7921) and (g) for wireless data. this shouldn't be an issue, but i'm trying to determine if we're fighting configuration or ios version issues.
you may try to remove your current SSID in windows, remove the SSID config from the dot11Radio1 interface, and see what happens. additionally, try the (a) active/(g) disabled and see what happens.
if one of the above two works, at least you may run two different SSIDs so that those who are messing with tri-band cards don't have the same issue.
q. |
|
B
Premium,MVM
join:2000-10-28
edit:
August 11th, @02:43PM
| Very good; thanks! I may get a chance to try this later this afternoon.
Edit: Windows is weird -- I finally found the location where it caches SSIDs. It stores them in the binary data of entries at
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WZCSVC\Parameters\Interfaces\{some-long-hex-sequence-ID -of-which-the-freakin-registry-is-so-fond-in-this-case-NIC-ID}
In there are names of the form "Static#0000", "Static#0008", etc. Each of these binary entries includes the SSID in question (plaintext) and who knows what else (apparently WEP keys but not WPA keys). It would be nice to find the documentation for these reg keys.
-- B
--
In a realm outside causality and function |
|
