Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > Cisco 851W - Numerous problems

Reply
Thread Tools

Cisco 851W - Numerous problems

 
 
ponga
Guest
Posts: n/a
 
      05-10-2006
I have a customer who wanted to ditch his wired network, and go
wireless. Okay, I say. But lose the POS Linksys and get a REAL router.
So we picked up the Cisco 851W.
I have to tell you, this little think has been NOTHING but problems. If
ANYONE can help me, I would be greatly appreciative. I have always been
a supporter of Cisco products, but the wireless on this device has be
reconsidering my position. I'm a CCNA, just FYI. Please, any
suggestions are welcome!

### Problem 1. Signal strength seems to be abnormally week. This is
just 30 meters away, down the hall.. nearly line of sight. We have
tried two different net cards. The behaviour is that the client see the
ap, associates with a decent signal strength, then for NO apperant
reason, the signal drops and the client is therefore disassociated.
Very frustrating as this seems to be SO close to the AP for this to be
happening. (NO other ap's are in the area and no 2.4Ghz phones either.)
Can some one offer me ANY tips and what do do here? How to
troubleshoot, etc. The client in question, the Cisco log has a ton of
these regarding this specific client:
008931: May 9 18:14:21.099 PCTime: *** TKIP Replay: TA=0014.bf77.9586,
RSC=0x7,TSC=0x6
008932: May 9 18:14:21.827 PCTime: *** TKIP Replay: TA=0012.1790.b512,
RSC=0x3,TSC=0x2
008933: May 9 18:14:21.851 PCTime: *** TKIP Replay: TA=0012.1790.b512,
RSC=0x4,TSC=0x3
008934: May 9 18:14:22.043 PCTime: *** TKIP Replay: TA=0012.1790.a166,
RSC=0x6,TSC=0x5
008935: May 9 18:14:22.835 PCTime: *** TKIP Replay: TA=0012.1790.b512,
RSC=0x5,TSC=0x4
008936: May 9 18:14:23.763 PCTime: *** TKIP Replay: TA=0012.1790.b512,
RSC=0x6,TSC=0x5
008937: May 9 18:14:23.835 PCTime: *** TKIP Replay: TA=0012.1790.b512,
RSC=0x14,TSC=0x13008938: May 9 18:14:24.579 PCTime: *** TKIP Replay:
TA=0012.1790.a1cd, RSC=0x3,TSC=0x2
008939: May 9 18:14:24.591 PCTime: *** TKIP Replay: TA=0012.1790.a1cd,
RSC=0x4,TSC=0x3
008940: May 9 18:14:25.539 PCTime: *** TKIP Replay: TA=0012.1790.a1cd,
RSC=0x5,TSC=0x4
008941: May 9 18:14:26.539 PCTime: *** TKIP Replay: TA=0012.1790.a1cd,
RSC=0x6,TSC=0x5
008942: May 9 18:14:28.619 PCTime: *** TKIP Replay: TA=0012.1790.a166,
RSC=0x11,TSC=0x10008943: May 9 18:14:43.131 PCTime: *** TKIP Replay:
TA=0014.bf77.9586, RSC=0x3,TSC=0x2
We are running WPA-PSK with TKIP, but even if we were not, I have a
feeling something is amis elsewhere. Please help.

### Problem 2. When a certain client attempts to connect to the ap, ALL
other client associations are droped by the Cisco and this shows up in
the log:
008914: May 9 18:13:28.919 PCTime: %DOT11-4-TKIP_MIC_FAILURE: TKIP
Michael MIC failure was detected on a packet (TSC=0x15) received from
0015.0039.d003.
008915: May 9 18:13:28.919 PCTime: %DOT11-3-TKIP_MIC_FAILURE_REPEATED:
Two TKIP Michael MIC failures were detected within 29 seconds on
Dot11Radio0 interface. The interface will be put on MIC failure hold
state for next 15 seconds.
I repeat, NO clients are able to connect while this particular client
tries to connect. This is EXTREMELY unerving that one single client can
bring down the whoel network. Can some please help me as what to do
here!?

That about is, I think. There are others problem (all related to the
network) with just overall poor performance and TERRIBLE stability. The
customer in question used to have an Actiontec just for simple wifi
access and the said they NEVER had a problem with it. Needless to say,
this looks REALLY bad for Cisco and for myself.
Again, any help is appreciated.

 
Reply With Quote
 
 
 
 
Merv
Guest
Posts: n/a
 
      05-10-2006
post show version and config

 
Reply With Quote
 
 
 
 
ponga
Guest
Posts: n/a
 
      05-10-2006
Merv wrote:
> post show version and config


=~=~=~=~=~=~=~=~=~=~=~==~=~=~=~=~=~=~=~=~=~=~==~=~ =~=~=~=~=~=~=~=~=~=
gw01#sh ver
Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version
12.4(4)T2, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Wed 22-Feb-06 21:02 by ccai

ROM: System Bootstrap, Version 12.3(8r)YI2, RELEASE SOFTWARE

gw01 uptime is 3 days, 13 hours, 10 minutes
System returned to ROM by reload
System restarted at 19:46:35 PCTime Sat May 6 2006
System image file is "flash:c850-advsecurityk9-mz.124-4.T2.bin"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be
found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
http://www.velocityreviews.com/forums/(E-Mail Removed).

Cisco 851W (MPC8272) processor (revision 0x200) with 59392K/6144K bytes
of memory.
Processor board ID FHK101524KR
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
5 FastEthernet interfaces
1 802.11 Radio
128K bytes of non-volatile configuration memory.
20480K bytes of processor board System flash (Intel Strataflash)

Configuration register is 0x2102

=~=~=~=~=~=~=~=~=~=~=~==~=~=~=~=~=~=~=~=~=~=~==~=~ =~=~=~=~=~=~=~=~=~=
gw01#sh run
Building configuration...

Current configuration : 8399 bytes
!
! NVRAM config last updated at 16:34:08 PCTime Tue May 9 2006 by root
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname gw01
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$Whfy$f5ROw.AG345UQFdQhv/aT.
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
!
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
!
aaa session-id common
!
resource policy
!
clock timezone PCTime -7
dot11 activity-timeout unknown default 86400
dot11 activity-timeout client default 86400
ip subnet-zero
no ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.200 192.168.1.254
!
ip dhcp pool sdm-pool1
import all
network 192.168.1.0 255.255.255.0
dns-server 192.168.1.10
default-router 192.168.1.2
domain-name bizname.tld
!
!
ip cef
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip tcp synwait-time 10
no ip bootp server
ip domain name azconagg.com
ip name-server 192.168.1.10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-2008324883
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2008324883
revocation-check none
rsakeypair TP-self-signed-2008324883
!
!
crypto pki certificate chain TP-self-signed-2007324883
certificate self-signed 01
30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101
04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D
43657274
69666963 6174652D 32303038 33323438 3833301E 170D3032 30333031
30303039
31305A17 8072198E 31303130 30303030 305A3031 312F302D 8072198E
03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32
30303833
32343838 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030
81890281
8100E664 E710312A 16920E03 31649F34 54CCAD58 DB6DE3A9 843CAF3A
0A8E66AF
FA3A5771 AAE210E5 BBD4E636 8072198E 88736CC2 4B16D9B6 4C291E9C
FC7D0089
C467ABF9 794B3CBB 16847AD1 60A53C4B 2E42D25A E0A29A9A 49542EFE
7E615469
7E8D6A92 DDDB32C2 7B94BC47 BD59F206 10D60441 B66097DF 5223BF33
BB50E33B
999B0203 010001A3 71306F30 0F060355 1D130101 FF040530 030101FF
301C0603
551D1104 15301382 11677730 312E617A 636F6E61 67672E63 6F6D301F
0603551D
23041830 1680140C D768292E D1DDDB32 C2341A00 49C497D1 B6AA4B30
1D060355
1D0E0416 04140CD7 68292ED1 DDDB32C2 341A0049 C497D1B6 8072198E
06092A86
4886F70D 8072198E 00038181 0064A08F 1F0DE936 87D0165F 4803DAED
383EBFDE
0539ED4C C0E2AFA7 9E6E7DCD 17D0F36C 21305B5F 783B48C2 CF11EDA1
4060EC8F
4077D502 79A6EDD2 14BA6576 BAD54C4D 90457FDE 23D23864 1F3A76A3
690AB462
C316D8FB 541C97BF F52CC788 9D67F0E2 3F97D3D5 B4ACAF7E AD5C7917
9F0CE002
07B97FD2 3D9F3E0F 4F80FDAA A7
quit
username admin privilege 15 secret 5 $1$GVru$5m3rE2JkjdbLW8gVnmzF721
!
!
!
bridge irb
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $FW_OUTSIDE$$ES_WAN$
ip address 192.168.0.254 255.255.255.0
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect DEFAULT100 out
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
countermeasure tkip hold-time 15
!
encryption mode ciphers tkip
!
ssid azconagg
max-associations 254
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 072C334D5E584B5643
!
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
no ip address
bridge-group 1
!
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 192.168.1.2 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip default-gateway 192.168.0.1
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static udp 192.168.1.10 53 interface FastEthernet4
53
ip nat inside source static tcp 192.168.1.10 53 interface FastEthernet4
53
ip nat inside source static tcp 192.168.1.10 21 interface FastEthernet4
21
ip nat inside source static tcp 192.168.1.10 22 interface FastEthernet4
22
ip nat inside source static tcp 192.168.1.10 80 interface FastEthernet4
80
ip nat inside source static tcp 192.168.1.10 25 interface FastEthernet4
25
ip nat inside source static tcp 192.168.1.10 110 interface
FastEthernet4 110
ip nat inside source static tcp 192.168.1.10 143 interface
FastEthernet4 143
ip nat inside source static tcp 192.168.1.10 443 interface
FastEthernet4 443
ip nat inside source static tcp 192.168.1.10 900 interface
FastEthernet4 900
ip nat inside source static tcp 192.168.1.10 993 interface
FastEthernet4 993
ip nat inside source static tcp 192.168.1.21 3389 interface
FastEthernet4 3389
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark auto-generated by Cisco SDM Express firewall
configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto-generated by Cisco SDM Express firewall
configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit tcp any any eq 3389
access-list 101 permit tcp any any eq 993
access-list 101 permit tcp any any eq 900
access-list 101 permit tcp any any eq 443
access-list 101 permit tcp any any eq 143
access-list 101 permit tcp any any eq pop3
access-list 101 permit tcp any any eq smtp
access-list 101 permit tcp any any eq www
access-list 101 permit tcp any any eq 22
access-list 101 permit tcp any any eq ftp
access-list 101 permit tcp any any eq domain
access-list 101 permit udp any any eq domain
access-list 101 permit udp host 192.168.1.10 eq domain any
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 deny ip 192.168.1.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip any any
no cdp run
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
privilege level 15
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end


-- THANKS!

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco 851W- Terminal has funny Characters mousemen Cisco 4 03-06-2009 07:00 PM
Help with firewall 851W all works great but..... GtoJon Cisco 2 12-18-2006 03:36 AM
PAT on Cisco 851W James B. Wood Cisco 2 10-05-2006 12:30 PM
Cisco 851W - No SSID Broadcast? ponga Cisco 4 05-04-2006 10:22 PM
Router w/ VPN and wireless - Cisco 851W? Steve Freides Computer Support 4 03-24-2006 02:06 AM



Advertisments