Cisco 851W - Numerous problems

Discussion in 'Cisco' started by ponga, May 10, 2006.

  1. ponga

    ponga Guest

    I have a customer who wanted to ditch his wired network, and go
    wireless. Okay, I say. But lose the POS Linksys and get a REAL router.
    So we picked up the Cisco 851W.
    I have to tell you, this little think has been NOTHING but problems. If
    ANYONE can help me, I would be greatly appreciative. I have always been
    a supporter of Cisco products, but the wireless on this device has be
    reconsidering my position. I'm a CCNA, just FYI. Please, any
    suggestions are welcome!

    ### Problem 1. Signal strength seems to be abnormally week. This is
    just 30 meters away, down the hall.. nearly line of sight. We have
    tried two different net cards. The behaviour is that the client see the
    ap, associates with a decent signal strength, then for NO apperant
    reason, the signal drops and the client is therefore disassociated.
    Very frustrating as this seems to be SO close to the AP for this to be
    happening. (NO other ap's are in the area and no 2.4Ghz phones either.)
    Can some one offer me ANY tips and what do do here? How to
    troubleshoot, etc. The client in question, the Cisco log has a ton of
    these regarding this specific client:
    008931: May 9 18:14:21.099 PCTime: *** TKIP Replay: TA=0014.bf77.9586,
    RSC=0x7,TSC=0x6
    008932: May 9 18:14:21.827 PCTime: *** TKIP Replay: TA=0012.1790.b512,
    RSC=0x3,TSC=0x2
    008933: May 9 18:14:21.851 PCTime: *** TKIP Replay: TA=0012.1790.b512,
    RSC=0x4,TSC=0x3
    008934: May 9 18:14:22.043 PCTime: *** TKIP Replay: TA=0012.1790.a166,
    RSC=0x6,TSC=0x5
    008935: May 9 18:14:22.835 PCTime: *** TKIP Replay: TA=0012.1790.b512,
    RSC=0x5,TSC=0x4
    008936: May 9 18:14:23.763 PCTime: *** TKIP Replay: TA=0012.1790.b512,
    RSC=0x6,TSC=0x5
    008937: May 9 18:14:23.835 PCTime: *** TKIP Replay: TA=0012.1790.b512,
    RSC=0x14,TSC=0x13008938: May 9 18:14:24.579 PCTime: *** TKIP Replay:
    TA=0012.1790.a1cd, RSC=0x3,TSC=0x2
    008939: May 9 18:14:24.591 PCTime: *** TKIP Replay: TA=0012.1790.a1cd,
    RSC=0x4,TSC=0x3
    008940: May 9 18:14:25.539 PCTime: *** TKIP Replay: TA=0012.1790.a1cd,
    RSC=0x5,TSC=0x4
    008941: May 9 18:14:26.539 PCTime: *** TKIP Replay: TA=0012.1790.a1cd,
    RSC=0x6,TSC=0x5
    008942: May 9 18:14:28.619 PCTime: *** TKIP Replay: TA=0012.1790.a166,
    RSC=0x11,TSC=0x10008943: May 9 18:14:43.131 PCTime: *** TKIP Replay:
    TA=0014.bf77.9586, RSC=0x3,TSC=0x2
    We are running WPA-PSK with TKIP, but even if we were not, I have a
    feeling something is amis elsewhere. Please help.

    ### Problem 2. When a certain client attempts to connect to the ap, ALL
    other client associations are droped by the Cisco and this shows up in
    the log:
    008914: May 9 18:13:28.919 PCTime: %DOT11-4-TKIP_MIC_FAILURE: TKIP
    Michael MIC failure was detected on a packet (TSC=0x15) received from
    0015.0039.d003.
    008915: May 9 18:13:28.919 PCTime: %DOT11-3-TKIP_MIC_FAILURE_REPEATED:
    Two TKIP Michael MIC failures were detected within 29 seconds on
    Dot11Radio0 interface. The interface will be put on MIC failure hold
    state for next 15 seconds.
    I repeat, NO clients are able to connect while this particular client
    tries to connect. This is EXTREMELY unerving that one single client can
    bring down the whoel network. Can some please help me as what to do
    here!?

    That about is, I think. There are others problem (all related to the
    network) with just overall poor performance and TERRIBLE stability. The
    customer in question used to have an Actiontec just for simple wifi
    access and the said they NEVER had a problem with it. Needless to say,
    this looks REALLY bad for Cisco and for myself.
    Again, any help is appreciated.
    ponga, May 10, 2006
    #1
    1. Advertising

  2. ponga

    Merv Guest

    post show version and config
    Merv, May 10, 2006
    #2
    1. Advertising

  3. ponga

    ponga Guest

    Merv wrote:
    > post show version and config


    =~=~=~=~=~=~=~=~=~=~=~==~=~=~=~=~=~=~=~=~=~=~==~=~=~=~=~=~=~=~=~=~=~=
    gw01#sh ver
    Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version
    12.4(4)T2, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2006 by Cisco Systems, Inc.
    Compiled Wed 22-Feb-06 21:02 by ccai

    ROM: System Bootstrap, Version 12.3(8r)YI2, RELEASE SOFTWARE

    gw01 uptime is 3 days, 13 hours, 10 minutes
    System returned to ROM by reload
    System restarted at 19:46:35 PCTime Sat May 6 2006
    System image file is "flash:c850-advsecurityk9-mz.124-4.T2.bin"


    This product contains cryptographic features and is subject to United
    States and local country laws governing import, export, transfer and
    use. Delivery of Cisco cryptographic products does not imply
    third-party authority to import, export, distribute or use encryption.
    Importers, exporters, distributors and users are responsible for
    compliance with U.S. and local country laws. By using this product you
    agree to comply with applicable laws and regulations. If you are unable
    to comply with U.S. and local laws, return this product immediately.

    A summary of U.S. laws governing Cisco cryptographic products may be
    found at:
    http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

    If you require further assistance please contact us by sending email to
    .

    Cisco 851W (MPC8272) processor (revision 0x200) with 59392K/6144K bytes
    of memory.
    Processor board ID FHK101524KR
    MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
    5 FastEthernet interfaces
    1 802.11 Radio
    128K bytes of non-volatile configuration memory.
    20480K bytes of processor board System flash (Intel Strataflash)

    Configuration register is 0x2102

    =~=~=~=~=~=~=~=~=~=~=~==~=~=~=~=~=~=~=~=~=~=~==~=~=~=~=~=~=~=~=~=~=~=
    gw01#sh run
    Building configuration...

    Current configuration : 8399 bytes
    !
    ! NVRAM config last updated at 16:34:08 PCTime Tue May 9 2006 by root
    !
    version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    !
    hostname gw01
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200 debugging
    logging console critical
    enable secret 5 $1$Whfy$f5ROw.AG345UQFdQhv/aT.
    !
    aaa new-model
    !
    !
    aaa group server radius rad_eap
    !
    aaa group server radius rad_mac
    !
    aaa group server radius rad_acct
    !
    aaa group server radius rad_admin
    !
    aaa group server tacacs+ tac_admin
    !
    aaa group server radius rad_pmip
    !
    aaa group server radius dummy
    !
    aaa authentication login eap_methods group rad_eap
    aaa authentication login mac_methods local
    aaa authorization ipmobile default group rad_pmip
    aaa accounting network acct_methods start-stop group rad_acct
    !
    aaa session-id common
    !
    resource policy
    !
    clock timezone PCTime -7
    dot11 activity-timeout unknown default 86400
    dot11 activity-timeout client default 86400
    ip subnet-zero
    no ip source-route
    no ip dhcp use vrf connected
    ip dhcp excluded-address 192.168.1.1 192.168.1.99
    ip dhcp excluded-address 192.168.1.200 192.168.1.254
    !
    ip dhcp pool sdm-pool1
    import all
    network 192.168.1.0 255.255.255.0
    dns-server 192.168.1.10
    default-router 192.168.1.2
    domain-name bizname.tld
    !
    !
    ip cef
    ip inspect name DEFAULT100 cuseeme
    ip inspect name DEFAULT100 ftp
    ip inspect name DEFAULT100 h323
    ip inspect name DEFAULT100 icmp
    ip inspect name DEFAULT100 rcmd
    ip inspect name DEFAULT100 realaudio
    ip inspect name DEFAULT100 rtsp
    ip inspect name DEFAULT100 esmtp
    ip inspect name DEFAULT100 sqlnet
    ip inspect name DEFAULT100 streamworks
    ip inspect name DEFAULT100 tftp
    ip inspect name DEFAULT100 tcp
    ip inspect name DEFAULT100 udp
    ip inspect name DEFAULT100 vdolive
    ip tcp synwait-time 10
    no ip bootp server
    ip domain name azconagg.com
    ip name-server 192.168.1.10
    ip ssh time-out 60
    ip ssh authentication-retries 2
    !
    !
    crypto pki trustpoint TP-self-signed-2008324883
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-2008324883
    revocation-check none
    rsakeypair TP-self-signed-2008324883
    !
    !
    crypto pki certificate chain TP-self-signed-2007324883
    certificate self-signed 01
    30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101
    04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D
    43657274
    69666963 6174652D 32303038 33323438 3833301E 170D3032 30333031
    30303039
    31305A17 8072198E 31303130 30303030 305A3031 312F302D 8072198E
    03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32
    30303833
    32343838 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030
    81890281
    8100E664 E710312A 16920E03 31649F34 54CCAD58 DB6DE3A9 843CAF3A
    0A8E66AF
    FA3A5771 AAE210E5 BBD4E636 8072198E 88736CC2 4B16D9B6 4C291E9C
    FC7D0089
    C467ABF9 794B3CBB 16847AD1 60A53C4B 2E42D25A E0A29A9A 49542EFE
    7E615469
    7E8D6A92 DDDB32C2 7B94BC47 BD59F206 10D60441 B66097DF 5223BF33
    BB50E33B
    999B0203 010001A3 71306F30 0F060355 1D130101 FF040530 030101FF
    301C0603
    551D1104 15301382 11677730 312E617A 636F6E61 67672E63 6F6D301F
    0603551D
    23041830 1680140C D768292E D1DDDB32 C2341A00 49C497D1 B6AA4B30
    1D060355
    1D0E0416 04140CD7 68292ED1 DDDB32C2 341A0049 C497D1B6 8072198E
    06092A86
    4886F70D 8072198E 00038181 0064A08F 1F0DE936 87D0165F 4803DAED
    383EBFDE
    0539ED4C C0E2AFA7 9E6E7DCD 17D0F36C 21305B5F 783B48C2 CF11EDA1
    4060EC8F
    4077D502 79A6EDD2 14BA6576 BAD54C4D 90457FDE 23D23864 1F3A76A3
    690AB462
    C316D8FB 541C97BF F52CC788 9D67F0E2 3F97D3D5 B4ACAF7E AD5C7917
    9F0CE002
    07B97FD2 3D9F3E0F 4F80FDAA A7
    quit
    username admin privilege 15 secret 5 $1$GVru$5m3rE2JkjdbLW8gVnmzF721
    !
    !
    !
    bridge irb
    !
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface FastEthernet4
    description $FW_OUTSIDE$$ES_WAN$
    ip address 192.168.0.254 255.255.255.0
    ip access-group 101 in
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip inspect DEFAULT100 out
    ip nat outside
    ip virtual-reassembly
    ip route-cache flow
    duplex auto
    speed auto
    !
    interface Dot11Radio0
    no ip address
    countermeasure tkip hold-time 15
    !
    encryption mode ciphers tkip
    !
    ssid azconagg
    max-associations 254
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 7 072C334D5E584B5643
    !
    speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
    station-role root
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 spanning-disabled
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    !
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
    no ip address
    bridge-group 1
    !
    interface BVI1
    description $ES_LAN$$FW_INSIDE$
    ip address 192.168.1.2 255.255.255.0
    ip access-group 100 in
    ip nat inside
    ip virtual-reassembly
    ip tcp adjust-mss 1452
    !
    ip default-gateway 192.168.0.1
    ip classless
    ip route 0.0.0.0 0.0.0.0 192.168.0.1
    !
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 5 life 86400 requests 10000
    ip nat inside source list 1 interface FastEthernet4 overload
    ip nat inside source static udp 192.168.1.10 53 interface FastEthernet4
    53
    ip nat inside source static tcp 192.168.1.10 53 interface FastEthernet4
    53
    ip nat inside source static tcp 192.168.1.10 21 interface FastEthernet4
    21
    ip nat inside source static tcp 192.168.1.10 22 interface FastEthernet4
    22
    ip nat inside source static tcp 192.168.1.10 80 interface FastEthernet4
    80
    ip nat inside source static tcp 192.168.1.10 25 interface FastEthernet4
    25
    ip nat inside source static tcp 192.168.1.10 110 interface
    FastEthernet4 110
    ip nat inside source static tcp 192.168.1.10 143 interface
    FastEthernet4 143
    ip nat inside source static tcp 192.168.1.10 443 interface
    FastEthernet4 443
    ip nat inside source static tcp 192.168.1.10 900 interface
    FastEthernet4 900
    ip nat inside source static tcp 192.168.1.10 993 interface
    FastEthernet4 993
    ip nat inside source static tcp 192.168.1.21 3389 interface
    FastEthernet4 3389
    !
    logging trap debugging
    access-list 1 remark INSIDE_IF=BVI1
    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit 192.168.1.0 0.0.0.255
    access-list 100 remark auto-generated by Cisco SDM Express firewall
    configuration
    access-list 100 remark SDM_ACL Category=1
    access-list 100 deny ip host 255.255.255.255 any
    access-list 100 deny ip 127.0.0.0 0.255.255.255 any
    access-list 100 permit ip any any
    access-list 101 remark auto-generated by Cisco SDM Express firewall
    configuration
    access-list 101 remark SDM_ACL Category=1
    access-list 101 permit tcp any any eq 3389
    access-list 101 permit tcp any any eq 993
    access-list 101 permit tcp any any eq 900
    access-list 101 permit tcp any any eq 443
    access-list 101 permit tcp any any eq 143
    access-list 101 permit tcp any any eq pop3
    access-list 101 permit tcp any any eq smtp
    access-list 101 permit tcp any any eq www
    access-list 101 permit tcp any any eq 22
    access-list 101 permit tcp any any eq ftp
    access-list 101 permit tcp any any eq domain
    access-list 101 permit udp any any eq domain
    access-list 101 permit udp host 192.168.1.10 eq domain any
    access-list 101 permit udp any eq bootps any eq bootpc
    access-list 101 deny ip 192.168.1.0 0.0.0.255 any
    access-list 101 permit icmp any any echo-reply
    access-list 101 permit icmp any any time-exceeded
    access-list 101 permit icmp any any unreachable
    access-list 101 deny ip 10.0.0.0 0.255.255.255 any
    access-list 101 deny ip 172.16.0.0 0.15.255.255 any
    access-list 101 deny ip 192.168.0.0 0.0.255.255 any
    access-list 101 deny ip 127.0.0.0 0.255.255.255 any
    access-list 101 deny ip host 255.255.255.255 any
    access-list 101 deny ip any any
    no cdp run
    radius-server attribute 32 include-in-access-req format %h
    radius-server vsa send accounting
    !
    control-plane
    !
    bridge 1 protocol ieee
    bridge 1 route ip
    banner login ^CAuthorized access only!
    Disconnect IMMEDIATELY if you are not an authorized user!^C
    !
    line con 0
    no modem enable
    transport output telnet
    line aux 0
    transport output telnet
    line vty 0 4
    privilege level 15
    transport input telnet ssh
    !
    scheduler max-task-time 5000
    scheduler allocate 4000 1000
    scheduler interval 500
    end


    -- THANKS!
    ponga, May 10, 2006
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. HellPope Huey
    Replies:
    6
    Views:
    572
    Cold Coffee
    Oct 11, 2005
  2. ponga
    Replies:
    4
    Views:
    16,846
    Aaron Leonard
    May 4, 2006
  3. James B. Wood

    PAT on Cisco 851W

    James B. Wood, Sep 22, 2006, in forum: Cisco
    Replies:
    2
    Views:
    1,741
    Matthew Melbourne
    Oct 5, 2006
  4. Steve Freides

    Router w/ VPN and wireless - Cisco 851W?

    Steve Freides, Mar 23, 2006, in forum: Computer Support
    Replies:
    4
    Views:
    506
    Dan Shea
    Mar 24, 2006
  5. mousemen
    Replies:
    4
    Views:
    2,956
Loading...

Share This Page