871W: Wi-fi to Wi-fi unreliable

871W: Wi-fi to Wi-fi unreliable

Post by bod4 » Mon, 09 Aug 2010 04:51:20



To test wifi connections (or others too:) I like to send a lot
of pings. fping.exe is nice for this if you have windows.
http://www.yqcomputer.com/

fping 10.8.37.129 -s 1300 -t 0 -n 1000

add -i if you have any weird problems/error messages

You can use >1 instance if required.

If there is anything dodgy about the link you will see it
right away.

Be aware that this application can send a lot of traffic and
could affect network/system performance.

To use wireshark on wifi you need linux, or windows with
the wireless pcap shim. The latter is commercial software
and is not free (airpcap?). Alternatively you can use the free
Windows Network Monitor from Microsoft. You may be able
to save the files in wireshark format or wireshark may be
able to read it's files. I may be a bit out of date on this, it is
possible that someone has written a free shim now.

To capture traffic other than your own you will need a
wireless card *and* driver that can be put in monitor mode.

Unless there is a bug in the router I would have thought that
wifi<->wifi traffic should be no different to wifi<->lan. Of course
there are two wireless hops in the former case and BOTH
would need to be working correctly.

The later IOS software can I seem to recall do packet
capture to flash/network (12.4.twentysomething). On an
87x router however I would think that the performance
would soon become CPU limited. You would not I
would think see ethernet<->ethernet traffic either unless
routing between vlans or maybe bridging between vlans.
It would work on BVI10 I guess. Check memory requirements
before upgrading. Stated flash requirements now include the
Web GUI thingy which of course is not essential. If the image
fits the flash then you have enough flash:) For testing/
development purposes you could always boot over the
network if you did not have enough flash. Not so wise
for production:))
 
 
 

871W: Wi-fi to Wi-fi unreliable

Post by bod4 » Mon, 09 Aug 2010 11:04:45


Nor me, but I decided that it was not likely relevant to the
problem and I ignored my ignorance completely. Maybe
I'll google it tomorrow, or sometime.

 
 
 

871W: Wi-fi to Wi-fi unreliable

Post by bod4 » Mon, 09 Aug 2010 11:04:45


Nor me, but I decided that it was not likely relevant to the
problem and I ignored my ignorance completely. Maybe
I'll google it tomorrow, or sometime.
 
 
 

871W: Wi-fi to Wi-fi unreliable

Post by bod4 » Mon, 09 Aug 2010 11:35:39


Ah yes. I was not clear enough on that, thanks.

I am not at all sure however that you are exactly correct either:-)

Surely a packet capture on a BVI will capture *both*
traffic to and from the router and traffic *routed* by the router
via the BVI? Or perhaps even more exactly, traffic addressed
to the BVI's MAC address *or* addressed to the MAC
broadcast address *or* traffic transmitted by the BVI? The
received traffic may not be routed since no route may exist or
perhaps ACLs may subsequently block the traffic.

It would not I would think capture traffic bridged within
the bridge group.

I am frankly guessing here, but guessing based on
my understanding of network architectures. Other behaviour
would not make sense to me.

Thanks very much for your valued contributions.

Finally.
BVIs of course can be used soley for managemnt traffic
however I have used them frequently for routing traffic
on 87x routers. This message will in fact be sent via
such an interface on an 87xW.

interface Dot11Radio0.1
encapsulation dot1Q 23
no cdp enable
bridge-group 23
bridge-group 23 subscriber-loop-control
bridge-group 23 spanning-disabled
bridge-group 23 block-unknown-source
no bridge-group 23 source-learning
no bridge-group 23 unicast-flooding

BVI23 10.x.x.x YES NVRAM up up
 
 
 

871W: Wi-fi to Wi-fi unreliable

Post by JF Meze » Mon, 09 Aug 2010 11:43:36


IPMI is a subsystem in a server that has its own IP address and allows
you to monitor the hardware of the server (temperartures, fan speeds
etc), turn off or on the server itself etc. (in other words, this small
piece of hardware remains active even when server is powered off).

Often, it uses the same physical ethernet port as the one used by the
server for its own connectivity (IP etc). In other words, for Arp, there
might be 2 IP addresses pointing to the same ethernet address.


My LAN machines never have problems connecting to the IPMI interface of
the server. But wi-fi connected laptop often does (but not all the time).

This is why I thought it might be significant in trying to debug the
inability of a laptop to connect to another wi-fi device.
 
 
 

871W: Wi-fi to Wi-fi unreliable

Post by JF Meze » Thu, 12 Aug 2010 06:12:35

Just an update on my problem.

Yesterday, I did success in having wi-fi laptop connect to wi-fi iphone.
This morning, it didn't work, but about 10 minutes later, it magically
worked.

While it did not work, the laptop did not resolve ARP for the iphone.
But the router had the entry for it. (I believe I have arp-cache turned
off, so this SHOULDN'T matter since the router would act as a bridge and
handle arp broadcasts as it would on a wired lan).

This is starting to sound similar to the IPMI probelm where sometimes it
works, sometimes it doesn't.


in the "base" interface, I have:

interface Dot11Radio0
no ip address
!
encryption vlan 10 mode ciphers aes-ccm tkip wep128
!
broadcast-key vlan 10 change 600



Is it possible that this "change 600" would have anything to do with
this sporadic "works, doesn't work ?"
 
 
 

871W: Wi-fi to Wi-fi unreliable

Post by Aaron Leon » Fri, 13 Aug 2010 05:41:47

Hi JF,


Actually, I've seen an issue where two wireless clients on an ISR
couldn't ping each other, unless "ip local-proxy-arp" was turned
*on*. So you might play with this.


Yeah, first I would get rid of the "wep128" ... no need to do WEP
nowadays. Any client that can do wep128 can do TKIP.

Then you can try changing the broadcast key rotation interval.
We have seen clients that have a problem when the group key
changes.

Aaron
 
 
 

871W: Wi-fi to Wi-fi unreliable

Post by JF Meze » Sun, 15 Aug 2010 10:53:26


On my router, the only command is (config)# ip arp proxy disable

I have tried with and with a "no" but it didn't seem to make a difference.



It won't let me get rid of it ! I guess the router has some sentimental
attachement to it ! I'll have to change the config and reboot it.



Changing it did cause the Mac laptop to freeze for a short while,
indicating, I guess it was renegotiating it. I changed it to 24 hour
rotation instead of 10 minutes. It didn't seem to make a difference.


What puzzles me is that sometimes it works, sometimes it doesn't. The
router itself has the arp valid for both devices. But when it doesn't
work, the arp on a device can remain incomplete, indicating that the
ethernet broadcast didn't go through.

I guess I will have to run wireshark on the laptop to see what sort of
traffic it sees. I still have a VMS cluster on the LAN, and that
generates raw ethernet frames (SCS protocol, not IP). The laptops should
get to see the SCS broadcasts.
 
 
 

871W: Wi-fi to Wi-fi unreliable

Post by bod4 » Wed, 08 Sep 2010 14:55:36


Works on my Vista (Windows [Version 6.0.6002])
too, apparently in monitor mode,
although I haven't used it seriously so I might be
missing something.
 
 
 

871W: Wi-fi to Wi-fi unreliable

Post by bod4 » Wed, 08 Sep 2010 14:57:36


Hmmm.

Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version
12.4(15)T7, RELEASE SOFTWARE (fc3)
Cisco 877W (MPC8272) processor (revision 0x200) with 118784K/12288K
bytes of memory.


router#sh vlan-s

VLAN Name Status Ports
---- -------------------------------- ---------
-------------------------------
1 default active Fa3
2 family active Fa0, Fa1, Fa2
3 test active
16 VLAN0016 active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup

Nothing bogus there as far as I can see.

You do need a non-basic Feature Set. e.g. ADVIPSERVICES.


There are very probably hardware limits in the switch as
there are in all switches. In the router bit, if bridging, the
forwarding database and the ARP table will be in software
and you will be limited only by system memory.
How many MACs have you got?



I am not a wireless expert but I think you need to consider
doing a survey for interference.

http://www.yqcomputer.com/
Might be worth considering.

I would expect to see evidence of interference
in the "show dot11 int" output. e.g. Retries, switching
to low data rates, use of low data rates.

alt.internet.wireless has some good people and I have
posted this there too.
 
 
 

871W: Wi-fi to Wi-fi unreliable

Post by JF Meze » Wed, 08 Sep 2010 18:02:52


I have:
router1#show version
Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version
12.4(15)T9, RELEASE SOFTWARE (fc5)

System image file is "flash:c870-advsecurityk9-mz.124-15.T9.bin"

And it won't let me create more than one VLAN.

My switch has 2 vlans defined (on top of the useless default ones) and
is in vtp server mode.

Router doesn't accept vtp client and reverts to vtp transparent.
(because it can't handle the 2 extra vlans).


I tried once to go to the cisco site to find the advanced software but
it doesn't seem to want to let me download software for the 800 series
routers. I may try again.




show mac on the router gives 12, but it lacks some. For instance it
doesn't show the mac address of the BRAS router at the other end of a
PPPoE interface.



Sort of strange that after rebooting, connectivity between wi-fi devices
and between them and IPMI works fine.

Perhaps it may have limits on number of wi-fi devices. Since the reboot,
it has only known about two. When I have friend over, perhaps the
problem will re-occur.
 
 
 

871W: Wi-fi to Wi-fi unreliable

Post by Rob » Wed, 08 Sep 2010 18:20:48


#sh ver
Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(15)T11, RELEASE SOFTWARE (fc2)

#sh vlan-switch

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1, Fa2
2 SDSL active Fa3
10 Telefonie active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
2 enet 100002 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 1 1003
1003 tr 101003 1500 1005 0 - - srb 1 1002
1004 fdnet 101004 1500 - - 1 ibm - 0 0
1005 trnet 101005 1500 - - 1 ibm - 0 0

From running-conf:
interface FastEthernet0
switchport trunk allowed vlan 1,3-4094
switchport mode trunk
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
switchport access vlan 2
!

#sh vtp status
VTP Version : 2
Configuration Revision : 3
Maximum VLANs supported locally : 8
Number of existing VLANs : 7
 
 
 

871W: Wi-fi to Wi-fi unreliable

Post by JF Meze » Wed, 08 Sep 2010 18:41:14


router1#show vtp status
VTP Version : 2
Configuration Revision : 0
Maximum VLANs supported locally : 6
Number of existing VLANs : 6


So with the default software version, you have 5 default VLANs which you
can't delete (vlan 1 and 4 strange ones), which leaves just 1 you can
define.

Since I have the "crippled" version, I have to wonder what other
artificial restrictions exist on the unit. When I purchased it, I
figured 6 VLANS was plenty. Didn't know 6 vlans really meant just 1.
 
 
 

871W: Wi-fi to Wi-fi unreliable

Post by Rob » Wed, 08 Sep 2010 20:11:01


I don't know why your model only allows 6 while mine allows 8.
I use 3 vlans and I would not have enough with 6 allowed either.

I agree with you that it sucks that you cannot delete those 4 fixed
vlans. I don't use token ring and I never will. I don't need a
token ring vlan.