Cisco 851W - Numerous problems

Discussion in 'Cisco' started by ponga, May 10, 2006.

  1. ponga

    ponga Guest

    I have a customer who wanted to ditch his wired network, and go
    wireless. Okay, I say. But lose the POS Linksys and get a REAL router.
    So we picked up the Cisco 851W.
    I have to tell you, this little think has been NOTHING but problems. If
    ANYONE can help me, I would be greatly appreciative. I have always been
    a supporter of Cisco products, but the wireless on this device has be
    reconsidering my position. I'm a CCNA, just FYI. Please, any
    suggestions are welcome!

    ### Problem 1. Signal strength seems to be abnormally week. This is
    just 30 meters away, down the hall.. nearly line of sight. We have
    tried two different net cards. The behaviour is that the client see the
    ap, associates with a decent signal strength, then for NO apperant
    reason, the signal drops and the client is therefore disassociated.
    Very frustrating as this seems to be SO close to the AP for this to be
    happening. (NO other ap's are in the area and no 2.4Ghz phones either.)
    Can some one offer me ANY tips and what do do here? How to
    troubleshoot, etc. The client in question, the Cisco log has a ton of
    these regarding this specific client:
    008931: May 9 18:14:21.099 PCTime: *** TKIP Replay: TA=0014.bf77.9586,
    008932: May 9 18:14:21.827 PCTime: *** TKIP Replay: TA=0012.1790.b512,
    008933: May 9 18:14:21.851 PCTime: *** TKIP Replay: TA=0012.1790.b512,
    008934: May 9 18:14:22.043 PCTime: *** TKIP Replay: TA=0012.1790.a166,
    008935: May 9 18:14:22.835 PCTime: *** TKIP Replay: TA=0012.1790.b512,
    008936: May 9 18:14:23.763 PCTime: *** TKIP Replay: TA=0012.1790.b512,
    008937: May 9 18:14:23.835 PCTime: *** TKIP Replay: TA=0012.1790.b512,
    RSC=0x14,TSC=0x13008938: May 9 18:14:24.579 PCTime: *** TKIP Replay:
    TA=0012.1790.a1cd, RSC=0x3,TSC=0x2
    008939: May 9 18:14:24.591 PCTime: *** TKIP Replay: TA=0012.1790.a1cd,
    008940: May 9 18:14:25.539 PCTime: *** TKIP Replay: TA=0012.1790.a1cd,
    008941: May 9 18:14:26.539 PCTime: *** TKIP Replay: TA=0012.1790.a1cd,
    008942: May 9 18:14:28.619 PCTime: *** TKIP Replay: TA=0012.1790.a166,
    RSC=0x11,TSC=0x10008943: May 9 18:14:43.131 PCTime: *** TKIP Replay:
    TA=0014.bf77.9586, RSC=0x3,TSC=0x2
    We are running WPA-PSK with TKIP, but even if we were not, I have a
    feeling something is amis elsewhere. Please help.

    ### Problem 2. When a certain client attempts to connect to the ap, ALL
    other client associations are droped by the Cisco and this shows up in
    the log:
    008914: May 9 18:13:28.919 PCTime: %DOT11-4-TKIP_MIC_FAILURE: TKIP
    Michael MIC failure was detected on a packet (TSC=0x15) received from
    008915: May 9 18:13:28.919 PCTime: %DOT11-3-TKIP_MIC_FAILURE_REPEATED:
    Two TKIP Michael MIC failures were detected within 29 seconds on
    Dot11Radio0 interface. The interface will be put on MIC failure hold
    state for next 15 seconds.
    I repeat, NO clients are able to connect while this particular client
    tries to connect. This is EXTREMELY unerving that one single client can
    bring down the whoel network. Can some please help me as what to do

    That about is, I think. There are others problem (all related to the
    network) with just overall poor performance and TERRIBLE stability. The
    customer in question used to have an Actiontec just for simple wifi
    access and the said they NEVER had a problem with it. Needless to say,
    this looks REALLY bad for Cisco and for myself.
    Again, any help is appreciated.
    ponga, May 10, 2006
    1. Advertisements

  2. ponga

    Merv Guest

    post show version and config
    Merv, May 10, 2006
    1. Advertisements

  3. ponga

    ponga Guest

    Merv wrote:
    > post show version and config

    gw01#sh ver
    Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version
    12.4(4)T2, RELEASE SOFTWARE (fc1)
    Technical Support:
    Copyright (c) 1986-2006 by Cisco Systems, Inc.
    Compiled Wed 22-Feb-06 21:02 by ccai

    ROM: System Bootstrap, Version 12.3(8r)YI2, RELEASE SOFTWARE

    gw01 uptime is 3 days, 13 hours, 10 minutes
    System returned to ROM by reload
    System restarted at 19:46:35 PCTime Sat May 6 2006
    System image file is "flash:c850-advsecurityk9-mz.124-4.T2.bin"

    This product contains cryptographic features and is subject to United
    States and local country laws governing import, export, transfer and
    use. Delivery of Cisco cryptographic products does not imply
    third-party authority to import, export, distribute or use encryption.
    Importers, exporters, distributors and users are responsible for
    compliance with U.S. and local country laws. By using this product you
    agree to comply with applicable laws and regulations. If you are unable
    to comply with U.S. and local laws, return this product immediately.

    A summary of U.S. laws governing Cisco cryptographic products may be
    found at:

    If you require further assistance please contact us by sending email to

    Cisco 851W (MPC8272) processor (revision 0x200) with 59392K/6144K bytes
    of memory.
    Processor board ID FHK101524KR
    MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
    5 FastEthernet interfaces
    1 802.11 Radio
    128K bytes of non-volatile configuration memory.
    20480K bytes of processor board System flash (Intel Strataflash)

    Configuration register is 0x2102

    gw01#sh run
    Building configuration...

    Current configuration : 8399 bytes
    ! NVRAM config last updated at 16:34:08 PCTime Tue May 9 2006 by root
    version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    hostname gw01
    logging buffered 51200 debugging
    logging console critical
    enable secret 5 $1$Whfy$f5ROw.AG345UQFdQhv/aT.
    aaa new-model
    aaa group server radius rad_eap
    aaa group server radius rad_mac
    aaa group server radius rad_acct
    aaa group server radius rad_admin
    aaa group server tacacs+ tac_admin
    aaa group server radius rad_pmip
    aaa group server radius dummy
    aaa authentication login eap_methods group rad_eap
    aaa authentication login mac_methods local
    aaa authorization ipmobile default group rad_pmip
    aaa accounting network acct_methods start-stop group rad_acct
    aaa session-id common
    resource policy
    clock timezone PCTime -7
    dot11 activity-timeout unknown default 86400
    dot11 activity-timeout client default 86400
    ip subnet-zero
    no ip source-route
    no ip dhcp use vrf connected
    ip dhcp excluded-address
    ip dhcp excluded-address
    ip dhcp pool sdm-pool1
    import all
    domain-name bizname.tld
    ip cef
    ip inspect name DEFAULT100 cuseeme
    ip inspect name DEFAULT100 ftp
    ip inspect name DEFAULT100 h323
    ip inspect name DEFAULT100 icmp
    ip inspect name DEFAULT100 rcmd
    ip inspect name DEFAULT100 realaudio
    ip inspect name DEFAULT100 rtsp
    ip inspect name DEFAULT100 esmtp
    ip inspect name DEFAULT100 sqlnet
    ip inspect name DEFAULT100 streamworks
    ip inspect name DEFAULT100 tftp
    ip inspect name DEFAULT100 tcp
    ip inspect name DEFAULT100 udp
    ip inspect name DEFAULT100 vdolive
    ip tcp synwait-time 10
    no ip bootp server
    ip domain name
    ip name-server
    ip ssh time-out 60
    ip ssh authentication-retries 2
    crypto pki trustpoint TP-self-signed-2008324883
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-2008324883
    revocation-check none
    rsakeypair TP-self-signed-2008324883
    crypto pki certificate chain TP-self-signed-2007324883
    certificate self-signed 01
    30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D
    69666963 6174652D 32303038 33323438 3833301E 170D3032 30333031
    31305A17 8072198E 31303130 30303030 305A3031 312F302D 8072198E
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32
    32343838 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030
    8100E664 E710312A 16920E03 31649F34 54CCAD58 DB6DE3A9 843CAF3A
    FA3A5771 AAE210E5 BBD4E636 8072198E 88736CC2 4B16D9B6 4C291E9C
    C467ABF9 794B3CBB 16847AD1 60A53C4B 2E42D25A E0A29A9A 49542EFE
    7E8D6A92 DDDB32C2 7B94BC47 BD59F206 10D60441 B66097DF 5223BF33
    999B0203 010001A3 71306F30 0F060355 1D130101 FF040530 030101FF
    551D1104 15301382 11677730 312E617A 636F6E61 67672E63 6F6D301F
    23041830 1680140C D768292E D1DDDB32 C2341A00 49C497D1 B6AA4B30
    1D0E0416 04140CD7 68292ED1 DDDB32C2 341A0049 C497D1B6 8072198E
    4886F70D 8072198E 00038181 0064A08F 1F0DE936 87D0165F 4803DAED
    0539ED4C C0E2AFA7 9E6E7DCD 17D0F36C 21305B5F 783B48C2 CF11EDA1
    4077D502 79A6EDD2 14BA6576 BAD54C4D 90457FDE 23D23864 1F3A76A3
    C316D8FB 541C97BF F52CC788 9D67F0E2 3F97D3D5 B4ACAF7E AD5C7917
    07B97FD2 3D9F3E0F 4F80FDAA A7
    username admin privilege 15 secret 5 $1$GVru$5m3rE2JkjdbLW8gVnmzF721
    bridge irb
    interface FastEthernet0
    interface FastEthernet1
    interface FastEthernet2
    interface FastEthernet3
    interface FastEthernet4
    description $FW_OUTSIDE$$ES_WAN$
    ip address
    ip access-group 101 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip inspect DEFAULT100 out
    ip nat outside
    ip virtual-reassembly
    ip route-cache flow
    duplex auto
    speed auto
    interface Dot11Radio0
    no ip address
    countermeasure tkip hold-time 15
    encryption mode ciphers tkip
    ssid azconagg
    max-associations 254
    authentication open
    authentication key-management wpa
    wpa-psk ascii 7 072C334D5E584B5643
    speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
    station-role root
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 spanning-disabled
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    interface Vlan1
    no ip address
    bridge-group 1
    interface BVI1
    description $ES_LAN$$FW_INSIDE$
    ip address
    ip access-group 100 in
    ip nat inside
    ip virtual-reassembly
    ip tcp adjust-mss 1452
    ip default-gateway
    ip classless
    ip route
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 5 life 86400 requests 10000
    ip nat inside source list 1 interface FastEthernet4 overload
    ip nat inside source static udp 53 interface FastEthernet4
    ip nat inside source static tcp 53 interface FastEthernet4
    ip nat inside source static tcp 21 interface FastEthernet4
    ip nat inside source static tcp 22 interface FastEthernet4
    ip nat inside source static tcp 80 interface FastEthernet4
    ip nat inside source static tcp 25 interface FastEthernet4
    ip nat inside source static tcp 110 interface
    FastEthernet4 110
    ip nat inside source static tcp 143 interface
    FastEthernet4 143
    ip nat inside source static tcp 443 interface
    FastEthernet4 443
    ip nat inside source static tcp 900 interface
    FastEthernet4 900
    ip nat inside source static tcp 993 interface
    FastEthernet4 993
    ip nat inside source static tcp 3389 interface
    FastEthernet4 3389
    logging trap debugging
    access-list 1 remark INSIDE_IF=BVI1
    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit
    access-list 100 remark auto-generated by Cisco SDM Express firewall
    access-list 100 remark SDM_ACL Category=1
    access-list 100 deny ip host any
    access-list 100 deny ip any
    access-list 100 permit ip any any
    access-list 101 remark auto-generated by Cisco SDM Express firewall
    access-list 101 remark SDM_ACL Category=1
    access-list 101 permit tcp any any eq 3389
    access-list 101 permit tcp any any eq 993
    access-list 101 permit tcp any any eq 900
    access-list 101 permit tcp any any eq 443
    access-list 101 permit tcp any any eq 143
    access-list 101 permit tcp any any eq pop3
    access-list 101 permit tcp any any eq smtp
    access-list 101 permit tcp any any eq www
    access-list 101 permit tcp any any eq 22
    access-list 101 permit tcp any any eq ftp
    access-list 101 permit tcp any any eq domain
    access-list 101 permit udp any any eq domain
    access-list 101 permit udp host eq domain any
    access-list 101 permit udp any eq bootps any eq bootpc
    access-list 101 deny ip any
    access-list 101 permit icmp any any echo-reply
    access-list 101 permit icmp any any time-exceeded
    access-list 101 permit icmp any any unreachable
    access-list 101 deny ip any
    access-list 101 deny ip any
    access-list 101 deny ip any
    access-list 101 deny ip any
    access-list 101 deny ip host any
    access-list 101 deny ip any any
    no cdp run
    radius-server attribute 32 include-in-access-req format %h
    radius-server vsa send accounting
    bridge 1 protocol ieee
    bridge 1 route ip
    banner login ^CAuthorized access only!
    Disconnect IMMEDIATELY if you are not an authorized user!^C
    line con 0
    no modem enable
    transport output telnet
    line aux 0
    transport output telnet
    line vty 0 4
    privilege level 15
    transport input telnet ssh
    scheduler max-task-time 5000
    scheduler allocate 4000 1000
    scheduler interval 500

    -- THANKS!
    ponga, May 10, 2006
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. HellPope Huey
    Cold Coffee
    Oct 11, 2005
  2. ponga
    Aaron Leonard
    May 4, 2006
  3. James B. Wood

    PAT on Cisco 851W

    James B. Wood, Sep 22, 2006, in forum: Cisco
    Matthew Melbourne
    Oct 5, 2006
  4. Steve Freides

    Router w/ VPN and wireless - Cisco 851W?

    Steve Freides, Mar 23, 2006, in forum: Computer Support
    Dan Shea
    Mar 24, 2006
  5. mousemen