Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > 871W: Wi-fi to Wi-fi unreliable

Reply
Thread Tools

871W: Wi-fi to Wi-fi unreliable

 
 
JF Mezei
Guest
Posts: n/a
 
      08-07-2010
I have a laptop on the wifi. It can connect to internet no problem. It
can connect to almost every host on the wired LAN without problem.

There is an IPMI destination on the wired LAN which is sometimes
accessible, sometimes not. (sometimes I can just start the GUI for
server monitoring, and within a few minutes it will be able to connect,
after which there is no problem - this never happens on the wired LAN
portion). During failed attempts, the wi-fi device does get an ARP
resolution for the IPMI destination.


Now howver, I try to ping or SSH to another wi-fi device (a phone) and
it fails royally. I can telnet to a wired server from the laptop, and
that server has no problem pinging or SSH to the phone.

So wi-fi to LAN seems to work.
LAN to Wi-Fi seems to work.
But Wi-fi to wi-fi seems to be a problem.

Is this common ? What should I look at in the config ?

While I am at it, for such a router, what would be the best way to run
wireshark to scan all of the wi-fi traffic ? Can I do a port monitor on
the BVI10 interface ?
 
Reply With Quote
 
 
 
 
bod43
Guest
Posts: n/a
 
      08-07-2010
On 7 Aug, 19:25, JF Mezei <(E-Mail Removed)> wrote:
> I have a laptop on the wifi. It can connect to internet no problem. It
> can connect to almost every host on the wired LAN without problem.
>
> There is an IPMI destination on the wired LAN which is sometimes
> accessible, sometimes not. (sometimes I can just start the GUI for
> server monitoring, and within a few minutes it will be able to connect,
> after which there is no problem - this never happens on the wired LAN
> portion). During failed attempts, the wi-fi device does get an ARP
> resolution for the IPMI destination.
>
> Now howver, I try to ping or SSH to another wi-fi device (a phone) and
> it fails royally. *I can telnet to a wired server from the laptop, and
> that server has no problem pinging or SSH to the phone.
>
> So wi-fi to LAN seems to work.
> LAN to Wi-Fi seems to work.
> But Wi-fi to wi-fi seems to be a problem.
>
> Is this common ? What should I look at in the config ?
>
> While I am at it, for such a router, what would be the best way to run
> wireshark to scan all of the wi-fi traffic ? Can I do a port monitor on
> the BVI10 interface ?


To test wifi connections (or others too I like to send a lot
of pings. fping.exe is nice for this if you have windows.
http://www.kwakkelflap.com/fping.html

fping 10.8.37.129 -s 1300 -t 0 -n 1000

add -i if you have any weird problems/error messages

You can use >1 instance if required.

If there is anything dodgy about the link you will see it
right away.

Be aware that this application can send a lot of traffic and
could affect network/system performance.

To use wireshark on wifi you need linux, or windows with
the wireless pcap shim. The latter is commercial software
and is not free (airpcap?). Alternatively you can use the free
Windows Network Monitor from Microsoft. You may be able
to save the files in wireshark format or wireshark may be
able to read it's files. I may be a bit out of date on this, it is
possible that someone has written a free shim now.

To capture traffic other than your own you will need a
wireless card *and* driver that can be put in monitor mode.

Unless there is a bug in the router I would have thought that
wifi<->wifi traffic should be no different to wifi<->lan. Of course
there are two wireless hops in the former case and BOTH
would need to be working correctly.

The later IOS software can I seem to recall do packet
capture to flash/network (12.4.twentysomething). On an
87x router however I would think that the performance
would soon become CPU limited. You would not I
would think see ethernet<->ethernet traffic either unless
routing between vlans or maybe bridging between vlans.
It would work on BVI10 I guess. Check memory requirements
before upgrading. Stated flash requirements now include the
Web GUI thingy which of course is not essential. If the image
fits the flash then you have enough flash For testing/
development purposes you could always boot over the
network if you did not have enough flash. Not so wise
for production)
 
Reply With Quote
 
 
 
 
bod43
Guest
Posts: n/a
 
      08-08-2010
On 7 Aug, 22:48, Aaron Leonard <(E-Mail Removed)> wrote:
> On Sat, 7 Aug 2010 12:51:20 -0700 (PDT), bod43 <(E-Mail Removed)>
> wrote:
>
> >On 7 Aug, 19:25, JF Mezei <(E-Mail Removed)> wrote:
> >> So wi-fi to LAN seems to work.
> >> LAN to Wi-Fi seems to work.
> >> But Wi-fi to wi-fi seems to be a problem.

>
> >> Is this common ? What should I look at in the config ?

>
> I admit that I didn't follow the topology here.
> I got lost at IPMI.
>
> OK, I've now googled IPMI, and I still don't get
> where it fits in. *Guess I'd need to see a picture.


Nor me, but I decided that it was not likely relevant to the
problem and I ignored my ignorance completely. Maybe
I'll google it tomorrow, or sometime.


 
Reply With Quote
 
bod43
Guest
Posts: n/a
 
      08-08-2010
On 7 Aug, 22:48, Aaron Leonard <(E-Mail Removed)> wrote:
> On Sat, 7 Aug 2010 12:51:20 -0700 (PDT), bod43 <(E-Mail Removed)>
> wrote:
>
> >On 7 Aug, 19:25, JF Mezei <(E-Mail Removed)> wrote:
> >> So wi-fi to LAN seems to work.
> >> LAN to Wi-Fi seems to work.
> >> But Wi-fi to wi-fi seems to be a problem.
> >> wireshark to scan all of the wi-fi traffic ? Can I do a port

> monitor on
> >> the BVI10 interface ?

>
> Traffic on a BVI is strictly traffic to/from the router itself
> (i.e. where the router is the IP endpoint.) *Transit traffic
> in the BVI's bridge group is just bridged by the router and does
> not touch the BVI.


Ah yes. I was not clear enough on that, thanks.

I am not at all sure however that you are exactly correct either

Surely a packet capture on a BVI will capture *both*
traffic to and from the router and traffic *routed* by the router
via the BVI? Or perhaps even more exactly, traffic addressed
to the BVI's MAC address *or* addressed to the MAC
broadcast address *or* traffic transmitted by the BVI? The
received traffic may not be routed since no route may exist or
perhaps ACLs may subsequently block the traffic.

It would not I would think capture traffic bridged within
the bridge group.

I am frankly guessing here, but guessing based on
my understanding of network architectures. Other behaviour
would not make sense to me.

Thanks very much for your valued contributions.

Finally.
BVIs of course can be used soley for managemnt traffic
however I have used them frequently for routing traffic
on 87x routers. This message will in fact be sent via
such an interface on an 87xW.

interface Dot11Radio0.1
encapsulation dot1Q 23
no cdp enable
bridge-group 23
bridge-group 23 subscriber-loop-control
bridge-group 23 spanning-disabled
bridge-group 23 block-unknown-source
no bridge-group 23 source-learning
no bridge-group 23 unicast-flooding

BVI23 10.x.x.x YES NVRAM up up





 
Reply With Quote
 
JF Mezei
Guest
Posts: n/a
 
      08-08-2010
bod43 wrote:

>> OK, I've now googled IPMI, and I still don't get
>> where it fits in. Guess I'd need to see a picture.

>
> Nor me, but I decided that it was not likely relevant to the
> problem and I ignored my ignorance completely. Maybe
> I'll google it tomorrow, or sometime.


IPMI is a subsystem in a server that has its own IP address and allows
you to monitor the hardware of the server (temperartures, fan speeds
etc), turn off or on the server itself etc. (in other words, this small
piece of hardware remains active even when server is powered off).

Often, it uses the same physical ethernet port as the one used by the
server for its own connectivity (IP etc). In other words, for Arp, there
might be 2 IP addresses pointing to the same ethernet address.


My LAN machines never have problems connecting to the IPMI interface of
the server. But wi-fi connected laptop often does (but not all the time).

This is why I thought it might be significant in trying to debug the
inability of a laptop to connect to another wi-fi device.
 
Reply With Quote
 
JF Mezei
Guest
Posts: n/a
 
      08-10-2010
Just an update on my problem.

Yesterday, I did success in having wi-fi laptop connect to wi-fi iphone.
This morning, it didn't work, but about 10 minutes later, it magically
worked.

While it did not work, the laptop did not resolve ARP for the iphone.
But the router had the entry for it. (I believe I have arp-cache turned
off, so this SHOULDN'T matter since the router would act as a bridge and
handle arp broadcasts as it would on a wired lan).

This is starting to sound similar to the IPMI probelm where sometimes it
works, sometimes it doesn't.


in the "base" interface, I have:

interface Dot11Radio0
no ip address
!
encryption vlan 10 mode ciphers aes-ccm tkip wep128
!
broadcast-key vlan 10 change 600



Is it possible that this "change 600" would have anything to do with
this sporadic "works, doesn't work ?"

 
Reply With Quote
 
JF Mezei
Guest
Posts: n/a
 
      08-14-2010
Aaron Leonard wrote:

> Actually, I've seen an issue where two wireless clients on an ISR
> couldn't ping each other, unless "ip local-proxy-arp" was turned
> *on*. So you might play with this.


On my router, the only command is (config)# ip arp proxy disable

I have tried with and with a "no" but it didn't seem to make a difference.


> Yeah, first I would get rid of the "wep128" ... no need to do WEP
> nowadays. Any client that can do wep128 can do TKIP.


It won't let me get rid of it ! I guess the router has some sentimental
attachement to it ! I'll have to change the config and reboot it.


> Then you can try changing the broadcast key rotation interval.


Changing it did cause the Mac laptop to freeze for a short while,
indicating, I guess it was renegotiating it. I changed it to 24 hour
rotation instead of 10 minutes. It didn't seem to make a difference.


What puzzles me is that sometimes it works, sometimes it doesn't. The
router itself has the arp valid for both devices. But when it doesn't
work, the arp on a device can remain incomplete, indicating that the
ethernet broadcast didn't go through.

I guess I will have to run wireshark on the laptop to see what sort of
traffic it sees. I still have a VMS cluster on the LAN, and that
generates raw ethernet frames (SCS protocol, not IP). The laptops should
get to see the SCS broadcasts.
 
Reply With Quote
 
JF Mezei
Guest
Posts: n/a
 
      09-06-2010
Bringing back an old (unsolved) thread.

I rebooted my Cisco 870 router today. And My iphone and laptop, both on
wireless were able to talk to each other when I tried right away and
both were able to contact the IPMI interface on the server (on ethernet).

Question:

I (now) know that this model's claim to support 5 VLANs is bogus
becauise it has 4 vlans hardcoded which you can't remove (so you can
only support 1 VLAN).

Is it possible that the 870 would have limits in the number of MAC
addresses it can know about either gobally, or on a per interface basis ?

(The IPMI port is on the same physical ethernet cable as the server's
main ethernet interface)


(IPMI is for system management and is active even when server is powered
down).


The problem or two wireless devices not talking to each other seems
sporadic, same with wireless devices not able to reach the IPMI. But
from the wired etehernet I have no problem reaching any device, wired or
not.
 
Reply With Quote
 
bod43
Guest
Posts: n/a
 
      09-07-2010
On 7 Aug, 22:48, Aaron Leonard <(E-Mail Removed)> wrote:
> On Sat, 7 Aug 2010 12:51:20 -0700 (PDT), bod43
> Yep, Netmon 3.4 now actually works (in Windows 7, not in XP)
> to capture wireless traffic. *The data is saved in a Netmon 2


Works on my Vista (Windows [Version 6.0.6002])
too, apparently in monitor mode,
although I haven't used it seriously so I might be
missing something.
 
Reply With Quote
 
bod43
Guest
Posts: n/a
 
      09-07-2010
On 6 Sep, 05:01, JF Mezei <(E-Mail Removed)> wrote:

> Question:
>
> I (now) know that this model's claim to support 5 VLANs is bogus
> becauise it has 4 vlans hardcoded which you can't remove (so you can
> only support 1 VLAN).


Hmmm.

Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version
12.4(15)T7, RELEASE SOFTWARE (fc3)
Cisco 877W (MPC8272) processor (revision 0x200) with 118784K/12288K
bytes of memory.


router#sh vlan-s

VLAN Name Status Ports
---- -------------------------------- ---------
-------------------------------
1 default active Fa3
2 family active Fa0, Fa1, Fa2
3 test active
16 VLAN0016 active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup

Nothing bogus there as far as I can see.

You do need a non-basic Feature Set. e.g. ADVIPSERVICES.

> Is it possible that the 870 would have limits in the number of MAC
> addresses it can know about either gobally, or on a per interface basis ?


There are very probably hardware limits in the switch as
there are in all switches. In the router bit, if bridging, the
forwarding database and the ARP table will be in software
and you will be limited only by system memory.
How many MACs have you got?


> (The IPMI port is on the same physical ethernet cable as the server's
> main ethernet interface)
>
> (IPMI is for system management and is active even when server is powered
> down).
>
> The problem or two wireless devices not talking to each other seems
> sporadic, same with wireless devices not able to reach the IPMI. But
> from the wired etehernet I have no problem reaching any device, wired or
> not.


I am not a wireless expert but I think you need to consider
doing a survey for interference.

http://www.metageek.net/products/wi-spy
Might be worth considering.

I would expect to see evidence of interference
in the "show dot11 int" output. e.g. Retries, switching
to low data rates, use of low data rates.

alt.internet.wireless has some good people and I have
posted this there too.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is Dreamweaver 8's validator unreliable? I'm finding so.. xyZed HTML 21 03-28-2006 07:41 PM
FPGA output unreliable Andrew Turner VHDL 9 08-16-2005 03:11 PM
Why is this HttpWebRequest class unreliable? sfoxover@gmail.com ASP .Net 1 07-12-2005 12:54 PM
Restore network connections unreliable Monte Grant Wireless Networking 1 08-17-2004 08:33 PM
Interface counters unreliable? Konrad Madej Cisco 6 11-27-2003 09:10 AM



Advertisments