Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco 851W - Numerous problems

Thread Tools

Cisco 851W - Numerous problems

Posts: n/a
I have a customer who wanted to ditch his wired network, and go
wireless. Okay, I say. But lose the POS Linksys and get a REAL router.
So we picked up the Cisco 851W.
I have to tell you, this little think has been NOTHING but problems. If
ANYONE can help me, I would be greatly appreciative. I have always been
a supporter of Cisco products, but the wireless on this device has be
reconsidering my position. I'm a CCNA, just FYI. Please, any
suggestions are welcome!

### Problem 1. Signal strength seems to be abnormally week. This is
just 30 meters away, down the hall.. nearly line of sight. We have
tried two different net cards. The behaviour is that the client see the
ap, associates with a decent signal strength, then for NO apperant
reason, the signal drops and the client is therefore disassociated.
Very frustrating as this seems to be SO close to the AP for this to be
happening. (NO other ap's are in the area and no 2.4Ghz phones either.)
Can some one offer me ANY tips and what do do here? How to
troubleshoot, etc. The client in question, the Cisco log has a ton of
these regarding this specific client:
008931: May 9 18:14:21.099 PCTime: *** TKIP Replay: TA=0014.bf77.9586,
008932: May 9 18:14:21.827 PCTime: *** TKIP Replay: TA=0012.1790.b512,
008933: May 9 18:14:21.851 PCTime: *** TKIP Replay: TA=0012.1790.b512,
008934: May 9 18:14:22.043 PCTime: *** TKIP Replay: TA=0012.1790.a166,
008935: May 9 18:14:22.835 PCTime: *** TKIP Replay: TA=0012.1790.b512,
008936: May 9 18:14:23.763 PCTime: *** TKIP Replay: TA=0012.1790.b512,
008937: May 9 18:14:23.835 PCTime: *** TKIP Replay: TA=0012.1790.b512,
RSC=0x14,TSC=0x13008938: May 9 18:14:24.579 PCTime: *** TKIP Replay:
TA=0012.1790.a1cd, RSC=0x3,TSC=0x2
008939: May 9 18:14:24.591 PCTime: *** TKIP Replay: TA=0012.1790.a1cd,
008940: May 9 18:14:25.539 PCTime: *** TKIP Replay: TA=0012.1790.a1cd,
008941: May 9 18:14:26.539 PCTime: *** TKIP Replay: TA=0012.1790.a1cd,
008942: May 9 18:14:28.619 PCTime: *** TKIP Replay: TA=0012.1790.a166,
RSC=0x11,TSC=0x10008943: May 9 18:14:43.131 PCTime: *** TKIP Replay:
TA=0014.bf77.9586, RSC=0x3,TSC=0x2
We are running WPA-PSK with TKIP, but even if we were not, I have a
feeling something is amis elsewhere. Please help.

### Problem 2. When a certain client attempts to connect to the ap, ALL
other client associations are droped by the Cisco and this shows up in
the log:
008914: May 9 18:13:28.919 PCTime: %DOT11-4-TKIP_MIC_FAILURE: TKIP
Michael MIC failure was detected on a packet (TSC=0x15) received from
008915: May 9 18:13:28.919 PCTime: %DOT11-3-TKIP_MIC_FAILURE_REPEATED:
Two TKIP Michael MIC failures were detected within 29 seconds on
Dot11Radio0 interface. The interface will be put on MIC failure hold
state for next 15 seconds.
I repeat, NO clients are able to connect while this particular client
tries to connect. This is EXTREMELY unerving that one single client can
bring down the whoel network. Can some please help me as what to do

That about is, I think. There are others problem (all related to the
network) with just overall poor performance and TERRIBLE stability. The
customer in question used to have an Actiontec just for simple wifi
access and the said they NEVER had a problem with it. Needless to say,
this looks REALLY bad for Cisco and for myself.
Again, any help is appreciated.

Reply With Quote
Posts: n/a
post show version and config

Reply With Quote
Posts: n/a
Merv wrote:
> post show version and config

=~=~=~=~=~=~=~=~=~=~=~==~=~=~=~=~=~=~=~=~=~=~==~=~ =~=~=~=~=~=~=~=~=~=
gw01#sh ver
Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version
12.4(4)T2, RELEASE SOFTWARE (fc1)
Technical Support:
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Wed 22-Feb-06 21:02 by ccai

ROM: System Bootstrap, Version 12.3(8r)YI2, RELEASE SOFTWARE

gw01 uptime is 3 days, 13 hours, 10 minutes
System returned to ROM by reload
System restarted at 19:46:35 PCTime Sat May 6 2006
System image file is "flash:c850-advsecurityk9-mz.124-4.T2.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be
found at:

If you require further assistance please contact us by sending email to Removed).

Cisco 851W (MPC8272) processor (revision 0x200) with 59392K/6144K bytes
of memory.
Processor board ID FHK101524KR
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
5 FastEthernet interfaces
1 802.11 Radio
128K bytes of non-volatile configuration memory.
20480K bytes of processor board System flash (Intel Strataflash)

Configuration register is 0x2102

=~=~=~=~=~=~=~=~=~=~=~==~=~=~=~=~=~=~=~=~=~=~==~=~ =~=~=~=~=~=~=~=~=~=
gw01#sh run
Building configuration...

Current configuration : 8399 bytes
! NVRAM config last updated at 16:34:08 PCTime Tue May 9 2006 by root
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname gw01
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$Whfy$f5ROw.AG345UQFdQhv/aT.
aaa new-model
aaa group server radius rad_eap
aaa group server radius rad_mac
aaa group server radius rad_acct
aaa group server radius rad_admin
aaa group server tacacs+ tac_admin
aaa group server radius rad_pmip
aaa group server radius dummy
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
aaa session-id common
resource policy
clock timezone PCTime -7
dot11 activity-timeout unknown default 86400
dot11 activity-timeout client default 86400
ip subnet-zero
no ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address
ip dhcp excluded-address
ip dhcp pool sdm-pool1
import all
domain-name bizname.tld
ip cef
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip tcp synwait-time 10
no ip bootp server
ip domain name
ip name-server
ip ssh time-out 60
ip ssh authentication-retries 2
crypto pki trustpoint TP-self-signed-2008324883
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2008324883
revocation-check none
rsakeypair TP-self-signed-2008324883
crypto pki certificate chain TP-self-signed-2007324883
certificate self-signed 01
30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D
69666963 6174652D 32303038 33323438 3833301E 170D3032 30333031
31305A17 8072198E 31303130 30303030 305A3031 312F302D 8072198E
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32
32343838 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030
8100E664 E710312A 16920E03 31649F34 54CCAD58 DB6DE3A9 843CAF3A
FA3A5771 AAE210E5 BBD4E636 8072198E 88736CC2 4B16D9B6 4C291E9C
C467ABF9 794B3CBB 16847AD1 60A53C4B 2E42D25A E0A29A9A 49542EFE
7E8D6A92 DDDB32C2 7B94BC47 BD59F206 10D60441 B66097DF 5223BF33
999B0203 010001A3 71306F30 0F060355 1D130101 FF040530 030101FF
551D1104 15301382 11677730 312E617A 636F6E61 67672E63 6F6D301F
23041830 1680140C D768292E D1DDDB32 C2341A00 49C497D1 B6AA4B30
1D0E0416 04140CD7 68292ED1 DDDB32C2 341A0049 C497D1B6 8072198E
4886F70D 8072198E 00038181 0064A08F 1F0DE936 87D0165F 4803DAED
0539ED4C C0E2AFA7 9E6E7DCD 17D0F36C 21305B5F 783B48C2 CF11EDA1
4077D502 79A6EDD2 14BA6576 BAD54C4D 90457FDE 23D23864 1F3A76A3
C316D8FB 541C97BF F52CC788 9D67F0E2 3F97D3D5 B4ACAF7E AD5C7917
07B97FD2 3D9F3E0F 4F80FDAA A7
username admin privilege 15 secret 5 $1$GVru$5m3rE2JkjdbLW8gVnmzF721
bridge irb
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description $FW_OUTSIDE$$ES_WAN$
ip address
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect DEFAULT100 out
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
interface Dot11Radio0
no ip address
countermeasure tkip hold-time 15
encryption mode ciphers tkip
ssid azconagg
max-associations 254
authentication open
authentication key-management wpa
wpa-psk ascii 7 072C334D5E584B5643
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
interface Vlan1
no ip address
bridge-group 1
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
ip default-gateway
ip classless
ip route
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static udp 53 interface FastEthernet4
ip nat inside source static tcp 53 interface FastEthernet4
ip nat inside source static tcp 21 interface FastEthernet4
ip nat inside source static tcp 22 interface FastEthernet4
ip nat inside source static tcp 80 interface FastEthernet4
ip nat inside source static tcp 25 interface FastEthernet4
ip nat inside source static tcp 110 interface
FastEthernet4 110
ip nat inside source static tcp 143 interface
FastEthernet4 143
ip nat inside source static tcp 443 interface
FastEthernet4 443
ip nat inside source static tcp 900 interface
FastEthernet4 900
ip nat inside source static tcp 993 interface
FastEthernet4 993
ip nat inside source static tcp 3389 interface
FastEthernet4 3389
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit
access-list 100 remark auto-generated by Cisco SDM Express firewall
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host any
access-list 100 deny ip any
access-list 100 permit ip any any
access-list 101 remark auto-generated by Cisco SDM Express firewall
access-list 101 remark SDM_ACL Category=1
access-list 101 permit tcp any any eq 3389
access-list 101 permit tcp any any eq 993
access-list 101 permit tcp any any eq 900
access-list 101 permit tcp any any eq 443
access-list 101 permit tcp any any eq 143
access-list 101 permit tcp any any eq pop3
access-list 101 permit tcp any any eq smtp
access-list 101 permit tcp any any eq www
access-list 101 permit tcp any any eq 22
access-list 101 permit tcp any any eq ftp
access-list 101 permit tcp any any eq domain
access-list 101 permit udp any any eq domain
access-list 101 permit udp host eq domain any
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 deny ip any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip any
access-list 101 deny ip any
access-list 101 deny ip any
access-list 101 deny ip any
access-list 101 deny ip host any
access-list 101 deny ip any any
no cdp run
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
privilege level 15
transport input telnet ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500


Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco 851W- Terminal has funny Characters mousemen Cisco 4 03-06-2009 07:00 PM
Help with firewall 851W all works great but..... GtoJon Cisco 2 12-18-2006 03:36 AM
PAT on Cisco 851W James B. Wood Cisco 2 10-05-2006 12:30 PM
Cisco 851W - No SSID Broadcast? ponga Cisco 4 05-04-2006 10:22 PM
Router w/ VPN and wireless - Cisco 851W? Steve Freides Computer Support 4 03-24-2006 02:06 AM