871W: Wi-fi to Wi-fi unreliable

Discussion in 'Cisco' started by JF Mezei, Aug 7, 2010.

  1. JF Mezei

    JF Mezei Guest

    I have a laptop on the wifi. It can connect to internet no problem. It
    can connect to almost every host on the wired LAN without problem.

    There is an IPMI destination on the wired LAN which is sometimes
    accessible, sometimes not. (sometimes I can just start the GUI for
    server monitoring, and within a few minutes it will be able to connect,
    after which there is no problem - this never happens on the wired LAN
    portion). During failed attempts, the wi-fi device does get an ARP
    resolution for the IPMI destination.

    Now howver, I try to ping or SSH to another wi-fi device (a phone) and
    it fails royally. I can telnet to a wired server from the laptop, and
    that server has no problem pinging or SSH to the phone.

    So wi-fi to LAN seems to work.
    LAN to Wi-Fi seems to work.
    But Wi-fi to wi-fi seems to be a problem.

    Is this common ? What should I look at in the config ?

    While I am at it, for such a router, what would be the best way to run
    wireshark to scan all of the wi-fi traffic ? Can I do a port monitor on
    the BVI10 interface ?
    JF Mezei, Aug 7, 2010
    1. Advertisements

  2. JF Mezei

    bod43 Guest

    To test wifi connections (or others too:) I like to send a lot
    of pings. fping.exe is nice for this if you have windows.

    fping -s 1300 -t 0 -n 1000

    add -i if you have any weird problems/error messages

    You can use >1 instance if required.

    If there is anything dodgy about the link you will see it
    right away.

    Be aware that this application can send a lot of traffic and
    could affect network/system performance.

    To use wireshark on wifi you need linux, or windows with
    the wireless pcap shim. The latter is commercial software
    and is not free (airpcap?). Alternatively you can use the free
    Windows Network Monitor from Microsoft. You may be able
    to save the files in wireshark format or wireshark may be
    able to read it's files. I may be a bit out of date on this, it is
    possible that someone has written a free shim now.

    To capture traffic other than your own you will need a
    wireless card *and* driver that can be put in monitor mode.

    Unless there is a bug in the router I would have thought that
    wifi<->wifi traffic should be no different to wifi<->lan. Of course
    there are two wireless hops in the former case and BOTH
    would need to be working correctly.

    The later IOS software can I seem to recall do packet
    capture to flash/network (12.4.twentysomething). On an
    87x router however I would think that the performance
    would soon become CPU limited. You would not I
    would think see ethernet<->ethernet traffic either unless
    routing between vlans or maybe bridging between vlans.
    It would work on BVI10 I guess. Check memory requirements
    before upgrading. Stated flash requirements now include the
    Web GUI thingy which of course is not essential. If the image
    fits the flash then you have enough flash:) For testing/
    development purposes you could always boot over the
    network if you did not have enough flash. Not so wise
    for production:))
    bod43, Aug 7, 2010
    1. Advertisements

  3. JF Mezei

    bod43 Guest

    Nor me, but I decided that it was not likely relevant to the
    problem and I ignored my ignorance completely. Maybe
    I'll google it tomorrow, or sometime.
    bod43, Aug 8, 2010
  4. JF Mezei

    bod43 Guest

    Ah yes. I was not clear enough on that, thanks.

    I am not at all sure however that you are exactly correct either:)

    Surely a packet capture on a BVI will capture *both*
    traffic to and from the router and traffic *routed* by the router
    via the BVI? Or perhaps even more exactly, traffic addressed
    to the BVI's MAC address *or* addressed to the MAC
    broadcast address *or* traffic transmitted by the BVI? The
    received traffic may not be routed since no route may exist or
    perhaps ACLs may subsequently block the traffic.

    It would not I would think capture traffic bridged within
    the bridge group.

    I am frankly guessing here, but guessing based on
    my understanding of network architectures. Other behaviour
    would not make sense to me.

    Thanks very much for your valued contributions.

    BVIs of course can be used soley for managemnt traffic
    however I have used them frequently for routing traffic
    on 87x routers. This message will in fact be sent via
    such an interface on an 87xW.

    interface Dot11Radio0.1
    encapsulation dot1Q 23
    no cdp enable
    bridge-group 23
    bridge-group 23 subscriber-loop-control
    bridge-group 23 spanning-disabled
    bridge-group 23 block-unknown-source
    no bridge-group 23 source-learning
    no bridge-group 23 unicast-flooding

    BVI23 10.x.x.x YES NVRAM up up
    bod43, Aug 8, 2010
  5. JF Mezei

    JF Mezei Guest

    IPMI is a subsystem in a server that has its own IP address and allows
    you to monitor the hardware of the server (temperartures, fan speeds
    etc), turn off or on the server itself etc. (in other words, this small
    piece of hardware remains active even when server is powered off).

    Often, it uses the same physical ethernet port as the one used by the
    server for its own connectivity (IP etc). In other words, for Arp, there
    might be 2 IP addresses pointing to the same ethernet address.

    My LAN machines never have problems connecting to the IPMI interface of
    the server. But wi-fi connected laptop often does (but not all the time).

    This is why I thought it might be significant in trying to debug the
    inability of a laptop to connect to another wi-fi device.
    JF Mezei, Aug 8, 2010
  6. JF Mezei

    JF Mezei Guest

    Just an update on my problem.

    Yesterday, I did success in having wi-fi laptop connect to wi-fi iphone.
    This morning, it didn't work, but about 10 minutes later, it magically

    While it did not work, the laptop did not resolve ARP for the iphone.
    But the router had the entry for it. (I believe I have arp-cache turned
    off, so this SHOULDN'T matter since the router would act as a bridge and
    handle arp broadcasts as it would on a wired lan).

    This is starting to sound similar to the IPMI probelm where sometimes it
    works, sometimes it doesn't.

    in the "base" interface, I have:

    interface Dot11Radio0
    no ip address
    encryption vlan 10 mode ciphers aes-ccm tkip wep128
    broadcast-key vlan 10 change 600

    Is it possible that this "change 600" would have anything to do with
    this sporadic "works, doesn't work ?"
    JF Mezei, Aug 10, 2010
  7. JF Mezei

    JF Mezei Guest

    On my router, the only command is (config)# ip arp proxy disable

    I have tried with and with a "no" but it didn't seem to make a difference.

    It won't let me get rid of it ! I guess the router has some sentimental
    attachement to it ! I'll have to change the config and reboot it.

    Changing it did cause the Mac laptop to freeze for a short while,
    indicating, I guess it was renegotiating it. I changed it to 24 hour
    rotation instead of 10 minutes. It didn't seem to make a difference.

    What puzzles me is that sometimes it works, sometimes it doesn't. The
    router itself has the arp valid for both devices. But when it doesn't
    work, the arp on a device can remain incomplete, indicating that the
    ethernet broadcast didn't go through.

    I guess I will have to run wireshark on the laptop to see what sort of
    traffic it sees. I still have a VMS cluster on the LAN, and that
    generates raw ethernet frames (SCS protocol, not IP). The laptops should
    get to see the SCS broadcasts.
    JF Mezei, Aug 14, 2010
  8. JF Mezei

    JF Mezei Guest

    Bringing back an old (unsolved) thread.

    I rebooted my Cisco 870 router today. And My iphone and laptop, both on
    wireless were able to talk to each other when I tried right away and
    both were able to contact the IPMI interface on the server (on ethernet).


    I (now) know that this model's claim to support 5 VLANs is bogus
    becauise it has 4 vlans hardcoded which you can't remove (so you can
    only support 1 VLAN).

    Is it possible that the 870 would have limits in the number of MAC
    addresses it can know about either gobally, or on a per interface basis ?

    (The IPMI port is on the same physical ethernet cable as the server's
    main ethernet interface)

    (IPMI is for system management and is active even when server is powered

    The problem or two wireless devices not talking to each other seems
    sporadic, same with wireless devices not able to reach the IPMI. But
    from the wired etehernet I have no problem reaching any device, wired or
    JF Mezei, Sep 6, 2010
  9. JF Mezei

    bod43 Guest

    Works on my Vista (Windows [Version 6.0.6002])
    too, apparently in monitor mode,
    although I haven't used it seriously so I might be
    missing something.
    bod43, Sep 7, 2010
  10. JF Mezei

    bod43 Guest


    Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version
    12.4(15)T7, RELEASE SOFTWARE (fc3)
    Cisco 877W (MPC8272) processor (revision 0x200) with 118784K/12288K
    bytes of memory.

    router#sh vlan-s

    VLAN Name Status Ports
    ---- -------------------------------- ---------
    1 default active Fa3
    2 family active Fa0, Fa1, Fa2
    3 test active
    16 VLAN0016 active
    1002 fddi-default act/unsup
    1003 trcrf-default act/unsup
    1004 fddinet-default act/unsup
    1005 trbrf-default act/unsup

    Nothing bogus there as far as I can see.

    You do need a non-basic Feature Set. e.g. ADVIPSERVICES.
    There are very probably hardware limits in the switch as
    there are in all switches. In the router bit, if bridging, the
    forwarding database and the ARP table will be in software
    and you will be limited only by system memory.
    How many MACs have you got?

    I am not a wireless expert but I think you need to consider
    doing a survey for interference.

    Might be worth considering.

    I would expect to see evidence of interference
    in the "show dot11 int" output. e.g. Retries, switching
    to low data rates, use of low data rates.

    alt.internet.wireless has some good people and I have
    posted this there too.
    bod43, Sep 7, 2010
  11. JF Mezei

    JF Mezei Guest

    I have:
    router1#show version
    Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version
    12.4(15)T9, RELEASE SOFTWARE (fc5)

    System image file is "flash:c870-advsecurityk9-mz.124-15.T9.bin"

    And it won't let me create more than one VLAN.

    My switch has 2 vlans defined (on top of the useless default ones) and
    is in vtp server mode.

    Router doesn't accept vtp client and reverts to vtp transparent.
    (because it can't handle the 2 extra vlans).

    I tried once to go to the cisco site to find the advanced software but
    it doesn't seem to want to let me download software for the 800 series
    routers. I may try again.

    show mac on the router gives 12, but it lacks some. For instance it
    doesn't show the mac address of the BRAS router at the other end of a
    PPPoE interface.

    Sort of strange that after rebooting, connectivity between wi-fi devices
    and between them and IPMI works fine.

    Perhaps it may have limits on number of wi-fi devices. Since the reboot,
    it has only known about two. When I have friend over, perhaps the
    problem will re-occur.
    JF Mezei, Sep 7, 2010
  12. JF Mezei

    Rob Guest

    #sh ver
    Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(15)T11, RELEASE SOFTWARE (fc2)

    #sh vlan-switch

    VLAN Name Status Ports
    ---- -------------------------------- --------- -------------------------------
    1 default active Fa1, Fa2
    2 SDSL active Fa3
    10 Telefonie active
    1002 fddi-default act/unsup
    1003 token-ring-default act/unsup
    1004 fddinet-default act/unsup
    1005 trnet-default act/unsup

    VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
    ---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
    1 enet 100001 1500 - - - - - 1002 1003
    2 enet 100002 1500 - - - - - 0 0
    10 enet 100010 1500 - - - - - 0 0
    1002 fddi 101002 1500 - - - - - 1 1003
    1003 tr 101003 1500 1005 0 - - srb 1 1002
    1004 fdnet 101004 1500 - - 1 ibm - 0 0
    1005 trnet 101005 1500 - - 1 ibm - 0 0

    From running-conf:
    interface FastEthernet0
    switchport trunk allowed vlan 1,3-4094
    switchport mode trunk
    interface FastEthernet1
    interface FastEthernet2
    interface FastEthernet3
    switchport access vlan 2

    #sh vtp status
    VTP Version : 2
    Configuration Revision : 3
    Maximum VLANs supported locally : 8
    Number of existing VLANs : 7
    Rob, Sep 7, 2010
  13. JF Mezei

    Rob Guest

    I don't know why your model only allows 6 while mine allows 8.
    I use 3 vlans and I would not have enough with 6 allowed either.

    I agree with you that it sucks that you cannot delete those 4 fixed
    vlans. I don't use token ring and I never will. I don't need a
    token ring vlan.
    Rob, Sep 7, 2010
  14. JF Mezei

    bod43 Guest

    It is, always has been, and always will be the Cisco way
    to sell routers or whatever with a single set of
    marketing blurb then to have different versions of
    the software for different costs that offer various
    subsets of the functionality.

    It's no different for cars or Microsoft Windows or
    any other complex product.

    Maybe they should do it some other way but I bet that won't
    happen any time soon. You need to check the features
    you need against the documentation before purchase.
    If you can't understand the documentation then you need
    to hire someone who does.

    My view is that the products are intended to be specified
    by experienced professionals just as steel beams for
    buildings might be. Complaining to a supplier
    of construction materials that you didn't know what you
    were doing when you ordered a hundred tons of steelwork
    but got the wrong stuff will I would guess cut no ice at all.
    It is the same here. Don't be fooled that an 800 series router
    only costs a few hundred pounds, as I think you know
    it has the same software features as a router that costs
    hundreds or thousands of times as much.
    The documentation for that $300 router extends to
    thousands and thousands of pages (I have no estimate
    now but 10 years ago when you could still get paper
    manuals the set looked like about 10 telephone
    directories and there are many times the number of
    features now).

    Good luck:)
    bod43, Sep 7, 2010
  15. JF Mezei

    JF Mezei Guest

    Excuse me, but when the technical specification state it supports 6
    VLANS, with no mention that there are 5 hardcoded VLANs that you can't
    change, how are you supposed to know that the router only has 1 user
    configurable VLAN ?
    I have see no documentation specific to that router. There is the
    generic IOS documentayyion for that version. But that documentation
    doesn't mention for instance that only FA4 can be used for PPPoE
    connections, or that you need to create a BVI device to link your LAN to
    the WI-FI to the external (routed) internet.

    No amount of reading helped for those problem, it was trial and error
    and using Google (and this group). And Google is bad because 99% of
    stuff you find are questions such as "what is =wrong with this config".
    So the config examples you find don't really help when they are tagged
    as not working !

    The reason I ask is that my experience is that Cisco did not properly
    document the artificial restrictions in the 800 series routers and I am
    wondering if there are wi0-fi limitation on number of devices supported etc.
    JF Mezei, Sep 8, 2010
  16. JF Mezei

    Rob Guest

    I agree with you.
    I would expect that when there are 6 possible VLANs, there could be 1
    that is already defined and difficult to change or remove (the default
    VLAN which is normally number 1).
    But I would not guess that there are 4 other useless VLANs that you
    cannot remove and never use.
    I have never seen those 4 VLANs defined in a switch or router before
    I first had a 87x router.
    These VLANs seem to be there only for the convenience of Cisco and they
    should have been clearly mentioned in any documentation about the number
    of VLANs supported. There is no common practice of having those fixed
    VLANs in a product, and even when you would have "hired someone" there
    would have been a fat chance that this person would not have known about
    this problem when he had not accidentally encountered it before.
    Rob, Sep 8, 2010
  17. JF Mezei

    Uli Link Guest

    AFAIR the 870 series support up to 4 user defined VLANs for the built-in
    ethernet switch with the Advipservices or adventerprise IOS images. The
    default advsecurity won't ( or you use 12.4(11)XJ4 ).

    I have 3 VLANs on my 876 up and running.

    the difference between switchports and routed ports is not clearly
    stated for FE0-FE3 (switchport only) and FE4 (routed port only)

    You *can* do PPPoE also on a switchport if you can sacrifice a VLAN on
    the ethernet switch ;-)

    You can add Wireless VLANs by not bridging them to Ethernet but
    assigning a routed IP address to the Dot11Radio0.subinterface instead.

    What I miss most in Advsecurity is DMVPN (which is included in
    Advsecurity for the older 1700 routers).
    Uli Link, Sep 8, 2010
  18. JF Mezei

    Rob Guest

    Our 877 came with ADVIPSERVICES by default and it includes DMVPN.
    Rob, Sep 8, 2010
  19. JF Mezei

    JF Mezei Guest

    When I originally did the research for this, I never saw any option for
    advanced IP" in pricing. In fact, because I am in Canada, the choice opf
    stores carrying Cisco equipment was rather limited. (not allowed to buy
    from USA stores).

    How does one go about purchasing this upgrade ? Is this something Cisco
    could sell me nd bill my credit card ? Is this a reasonable price ?

    I take it flash memory is proprietary and can only be purchased from
    Cisco ? Is that just a question of openingt the box and adding a memory
    strip to the unit ? Can USB flash drives be used ? (the unit does
    support USB flash drives).
    JF Mezei, Sep 12, 2010
  20. JF Mezei

    bod43 Guest

    Others appear to have answered your prior questions so I won't try to
    elaborate further.

    Regarding the flash requirements.

    The quoted flash requirements now include
    the flash needed for the web gui interface
    thingy. If you don't need the web gui thingy
    then you only need enough flash to hold
    the image.

    For example this message is being sent via
    an 877 that has


    the image is 18950320 bytes.

    the flash is the default for old 877s of 24M.

    I need no more flash.

    As I recall it you can run

    on any 877 ever made.

    Just delete the web stuff and stick to the basics.

    The key tool for checking the features
    supported by any particular hardware
    and software combination is the Feature


    You MUST check that the features that you
    need are in the package that you are

    As mentioned, if you can't understand the
    feature navigator then you need to hire
    someone who does. Or maybe consider
    a simpler product that may perhaps be
    designed for consumer use.
    bod43, Sep 13, 2010
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.