WAP54Gs with WPA not handing out IPs from SBS2003 server

Good afternoon -

I've got a client I've set up a wifi network for. It's a domain network, with SBS2k3 as the DHCP server. We added two Linksys WAP54Gs (replacing a USR5451 AP/Router and Dell TrueMobile 1184 AP/Router that were nothing but trouble, and didn't support WPA). It's on a private range, 192.168.0.x, wired computers all working as they ought to, and most wireless computers working as they ought to. We're using WPA-PSK w/ TKIP (an upgrade from the WEP they were using).

Here's the fun part. I've got 4 laptops which aren't able to pull IP addresses. They find the wireless network, they connect (using the PSK over WPA), and then they sit trying to obtain IP addys for (seemingly) days. The traffic counters (either in the WZC util or in the card-specific utility) show passing traffic - that is to say the counters increase as time goes on - but an IP is never received. Specifying a manual IP address leads us to successfully connecting, and /appearing/ to have a full connection, but not being able to ping anything except for the single specified IP. Can't ping router, can't ping the AP's IP, can't ping the server - only the IP we configure manually.

The machines that were having issues were all Dells, until my laptop (an HP) took on the same symptoms today. The four computers experiencing the trouble are -

- Dell Inspiron 6000 w/ a Dell Wireless 1350 WLAN Mini-PCI card (rev

4.5)

- Dell Latitude D620 w/ an Intel Pro Wireless 3945ABG

- Dell Inspiron 600m with an Intel Pro Wilress 2200BG and an HP Pavilion ze4500 with a Broadcom 802.11b/g card (thats as specific as the device mgr gets - and I bought it used, so I haven't looked into it further).

I have also discovered that plugging in a Netgear PCMCIA card will allow one the computers (the Inspiron 6000) to connect right away, no questions asked. Pop the same card into the Latitude D620, and I've got the problem again. The WAPs are each configured as Access Points, rather than bridges, repeaters, etc. I've taken one of the APs and made it a seperate SSID as a testbed to find out wtf is going on. I can reproduce the problem no matter what length key, how often the key renews, TKIP or AES, SSID, or channel we use.

In bulleted points, here's what we know so far:

- The APs /do/ work - most computers can connect without issue.

- When I drop encryption, either entirely or down to WEP, the computers that are having issues can connect without fail.

- As soon as we bring up WPA, either with TKIP or AES, the trouble is reproducable.

- All the computers are using the latest drivers, bios revisions, firmware, etc.

- The APs are using the latest firmware (3.04)

- When I use a PCMCIA card on the Dell Inspiron 6000, it works fine

- When I use the same PCMCIA card on the Dell Latitude D620, it has the same problem.

- Linksys Tech-to-Tech Partner support, and the Dell Gold Support department (and their support people) are all stumped. The Linksys guy I talked to said he saw the problem once, but bringing it up to the latest drivers/firmware fixed it. No joy this time.

Anyone seen anything like this? Anyone have any suggestions? We're boggled over here.

NM

Reply to
NeoMagick
Loading thread data ...

From a quick glance at your post, everything works fine EXCEPT the dells, right? And ONLY on the dells when you increase secutity (add TKIP or AES)..

All your symptoms say it is absolutely not anything else (cuz other computers work fine), just have the problem ONLY with the dells.. Concentrate on the dells.. Look at firewall stuff and the dell drivers.. Can you temp/add a usb device to the dells? If so, and that works, it's something specific in the dell wireless implementation... Hard to debug over the net, but I would narrow it down (only on the dells), and see what happens if you use a totally different device (like a USB dongle)... Point being, the AP's work for other stuff but not the dells.. sort of silly to be asking the AP makers tech support, why not ask dell?

Reply to
Peter Pan

Did ask Dell (gold support) - they were stumped.

Other Dells work fine. Older Dells work fine. Newer Dells work fine. It's just these three particular Dell's and my HP laptop not working.

Only firewall is the inbuilt Windows firewall. Same symptoms with it either on or off. Also works fine when going hard wired, and/or with no encryption.

I started with Linksys because it's varying WiFi card mfgrs (intel, broadcom, and dell, which is (i believe) a rebranded broadcom), rather than just (i.e.) "all my intel cards" or "all my dell cards", etc. But both Linksys and Dell are without clue.

Reply to
NeoMagick

Next step I'd try an USB WiFi connection.. If it works, you know it is only the built in WiFi on those certain models of dells...

Just for fun (and free), can you boot in safe mode and have it work? That would narrow it down to hardware or software....

Reply to
Peter Pan

Tried booting to safe mode. The Inspiron 6000 won't start the network connections svc, and the dell wireless software doesn't find a network card. My HP does the same thing. I'll need to read about how to bring a WLAN up in safe mode, if it's possible (tho I imagine it would be).

Being the muppet I am, I'm taking one of the APs home to fuss with over the weekend. Three day holiday my arse...

Reply to
NeoMagick

Don't get to take the dell notebook with you and try it on other AP's? :) Too bad.. Got three here in Vegas... (i'm in Vegas on vacation, have 3 laptops and 3 AP's, but not my notes/toys like back at home/work)

Seriously though, I've only had a few that can boot/use the network in safe mode, but what the heck, was worth free and worth a shot... And it appears you may have found an interesting tidbit of info...

You did say something that's stuck in my mind but I can't think exactly why at the moment..., But, Basically it had to do with one machine didn't start network services at all, and the other couldn't find a wireless card (but the fact it started the service, and then couldn't find a card - makes me think that the internal dell/windows stuff is starting no matter what, and then wigging out cuz a driver or something it needs isn't starting cuz of the safe boot).

Got a USB dongle hanging around? You may want to give that a try, cuz even in safe mode it should look for USB devices.. Or even easier, does it have a switch for internal wlan stuff? You can just turn te internal off and let it use the dongle (so the built in and dongle don't conflict)

Reply to
Peter Pan

I'll assume you're running Windoze XP Home using Wireless Zero Config and the latest WAP54G v3 hardware.

XP wireless is stupid. There's little connection progress indication. Waiting forever for a DHCP delivered IP address is usually either an encryption key exchange failure, or for WPA-PSK, an authentication failure. I can also be the inability of the WAP54G to pass broadcasts from the SBS2003 DHCP server. The large variety of laptops that don't work points to problem with the WAP54G.

Dumb questions:

- Are you using WPA-PSK or WPA2-PSK?

- Are there any MAC or IP filters running in the WAP54G?

- SBS2003 Standard or Premium edition?

- Do you have enough IP addresses in the DHCP pool on the DHCP server?

- Is the SBS2003 DHCP server pre-filtering the clients by MAC address?

- Do you have some other form of security enabled on the SBS2003 server?

- Do you have the SBS2003 server setup with NAT using one or two ethernet cards?

I vaguely recall that the WAP54 logviewer reports authentication failures. I'm not sure. Go to the log page: |

formatting link
logging. Either point it to a machine running the crude Linksys logviewer or hit "view log" button.

Windoze XP has a WZC debugging log feature that will bury you in diagnostics. |

formatting link
|
formatting link
'm fairly sure you'll find some kind of authentication failure in there.

Reading between your lines, you mention that your HP laptop apparently worked before, but now doesn't. That sounds like running out of IP's in the DHCP pool. (Hint: If you mention that something changes, kindly disclose what it changed from).

So much for the DHCP IP pool theory. Moving a MAC address (on a card) from one machine to another should also move the IP addresses as the ARP table is unchanged. Weird(tm).

Can you find another DHCP server other than the SBS2003 server?

How many computers? Over 253 machines? If exactly 30 functional machines per WAP54G, I think I have a good guess (but no fix).

OK, so it's encryption compatibility. I'm currently having problems getting WPA2-PSK to play with an eclectic mix of hardware. When I went down to WPA-PSK, everything was fine. Weird(tm). Since DHCP works with no encryption, it's a fair bet that it's not a DHCP issue.

WPA or WPA2?

OK. 3.04 is the latest for WAP54G v3 hardware. Did you try a hard reset after upgrading the WAP54G firmware?

Yeah, but are you using Windoze Wireless Zero Config to do the wireless connection or are you using whatever came with your PCMCIA card? Uncheck "Let Windoze manage this device" to let the manufacturers driver take control.

I've seem similar problems, but not quite a weird as this.

Reply to
Jeff Liebermann

From another post/thread, this was what I recalled.... Some dell mini pci cards ONLY do wep... Sure sounds like your problem....

=========================================================

Some dell mini pci cards ONLY do wep... Sure sounds like your problem from what you wrote above....

- When I drop encryption, either entirely or down to WEP, the

========================================================= You never mentioned the model number of the dell wireless cards that don't work with WPA.... Could it be one that doesn't support it?

Reply to
Peter Pan

Thanks for the responses everyone. Here's the answer to some questions:

- Are you using WPA-PSK or WPA2-PSK?

WPA-PSK atm. WPA2-PSK gave us the same grief.

- Are there any MAC or IP filters running in the WAP54G?

None whatsoever.

- SBS2003 Standard or Premium edition?

SBS2k3 Std.

- Do you have enough IP addresses in the DHCP pool on the DHCP server?

Yes. There's not even 50 machines total on the network.

- Is the SBS2003 DHCP server pre-filtering the clients by MAC address?

No. The 2k3 DHCP server will hand an IP out to any machine that connects to the network, on the domain or not, by WiFi or wire.

- Do you have some other form of security enabled on the SBS2003 server?

No.

- Do you have the SBS2003 server setup with NAT using one or two ethernet cards?

No. NAT is running on a hardware firewall appliance. The SBS2k3 server is on a static IP on the private network behind the NAT router, and has only one active ethernet line.

- I'll assume you're running Windoze XP Home using Wireless Zero Config and the latest WAP54G v3 hardware.

All the machines are XP Pro, except for one employee's personal laptop under XP Home (which successfully connects), and an older company laptop that's running 2k Pro, which also successfully connects. Some are set up using WZC, others using the mfgr's software (Intel and Dell Wireless software). On machines that can't connect, both pieces of software produce the same results (my first thought as well). Only difference is the Intel and Dell software each report (and I quote) "Encryption: TKIP; Key Absent" - DESPITE having entered the key repeatedly, and the WZC showing a successful connection, passing traffic, but no IP address.

- Yeah, but are you using Windoze Wireless Zero Config to do the wireless connection or are you using whatever came with your PCMCIA card? Uncheck "Let Windoze manage this device" to let the manufacturers driver take control.

With the PCMCIA card, it's the WZC software. The Netgear app that the driver package installed for it SUCKS. I'll post screenshots of exactly how useless it is if you're interested.

- Can you find another DHCP server other than the SBS2003 server?

Can i find, as in is there a rogue DHCP server on the network? No, there isn't. 2k3 SBS will shut down its internal DHCP server if it finds another on the network. DHCP services have not dropped, and no other devices were put on the network that would be a DHCP server (the AP's are WAPs only), and there's no routers, only switches. Can i find, as in can I set one up? It's a good thought. I'll take a second router with me, and set up a private network with one of the APs, as I'd rather not do anything to fsck with the SBS.

- OK. 3.04 is the latest for WAP54G v3 hardware. Did you try a hard reset after upgrading the WAP54G firmware?

That's a good question - whats a hard reset defined as on these things? With my BEFSR11, a hard reset was unplugging, holding down the reset switch for 5 seconds, and plugging it back in, which would wipe out the settings. With a WRT54G (v5) i discovered a hard reset was holding down the reset switch for 30 seconds, and needed to be done after upgrading the firmware (something I discovered only after an hours worth of beating my head against a desk because the little cisco logo kept lighting white, and it would ask for a firmware file when I opened the admin page). After I upgraded the firmware, I unplugged the device for 30 seconds, and plugged it back in. Must confess, I didn't follow the mfgr's specs for firmware upgrades. Are they different? I'll look into that today.

- You did say something that's stuck in my mind but I can't think exactly why at the moment..., But, Basically it had to do with one machine didn't start network services at all, and the other couldn't find a wireless card (but the fact it started the service, and then couldn't find a card - makes me think that the internal dell/windows stuff is starting no matter what, and then wigging out cuz a driver or something it needs isn't starting cuz of the safe boot). Got a USB dongle hanging around? You may want to give that a try, cuz even in safe mode it should look for USB devices.. Or even easier, does it have a switch for internal wlan stuff? You can just turn te internal off and let it use the dongle (so the built in and dongle don't conflict)

No, no USB wifi cards around. Only that PCMCIA card. Even in safe mode tho, I think i'd have the problem I had. The 'network service' didn't start, and wouldn't start. It wouldn't give me any network devices in the network connections control panel (wired or wireless), and the mfgr's wireless software would report 'no wireless card found'.

- You never mentioned the model number of the dell wireless cards that don't work with WPA.... Could it be one that doesn't support it?

I've got them jotted down on notes onsite - I'll be able to pull them up in a couple of hours. It's not just dell wireless tho, it's also intel internal wireless. All the cards are listed as supporting WPA, and I believe they do (my experience is that cards that don't support WPA see the network, and when you try to join it says its out of range

- these aren't doing that). Dell sent out a replacement internal Mini-PCI card that I installed, and am having the same trouble with. I'll get model numbers out today.

Hope this helps - really appreciate any insight! Thanks,

NM

Reply to
NeoMagick

Thanks for the responses everyone. Here's the answer to some questions:

- Are you using WPA-PSK or WPA2-PSK?

WPA-PSK atm. WPA2-PSK gave us the same grief.

- Are there any MAC or IP filters running in the WAP54G?

None whatsoever.

- SBS2003 Standard or Premium edition?

SBS2k3 Std.

- Do you have enough IP addresses in the DHCP pool on the DHCP server?

Yes. There's not even 50 machines total on the network.

- Is the SBS2003 DHCP server pre-filtering the clients by MAC address?

No. The 2k3 DHCP server will hand an IP out to any machine that connects to the network, on the domain or not, by WiFi or wire.

- Do you have some other form of security enabled on the SBS2003 server?

No.

- Do you have the SBS2003 server setup with NAT using one or two ethernet cards?

No. NAT is running on a hardware firewall appliance. The SBS2k3 server is on a static IP on the private network behind the NAT router, and has only one active ethernet line.

- I'll assume you're running Windoze XP Home using Wireless Zero Config and the latest WAP54G v3 hardware.

All the machines are XP Pro, except for one employee's personal laptop under XP Home (which successfully connects), and an older company laptop that's running 2k Pro, which also successfully connects. Some are set up using WZC, others using the mfgr's software (Intel and Dell Wireless software). On machines that can't connect, both pieces of software produce the same results (my first thought as well). Only difference is the Intel and Dell software each report (and I quote) "Encryption: TKIP; Key Absent" - DESPITE having entered the key repeatedly, and the WZC showing a successful connection, passing traffic, but no IP address.

- Yeah, but are you using Windoze Wireless Zero Config to do the wireless connection or are you using whatever came with your PCMCIA card? Uncheck "Let Windoze manage this device" to let the manufacturers driver take control.

With the PCMCIA card, it's the WZC software. The Netgear app that the driver package installed for it SUCKS. I'll post screenshots of exactly how useless it is if you're interested.

- Can you find another DHCP server other than the SBS2003 server?

Can i find, as in is there a rogue DHCP server on the network? No, there isn't. 2k3 SBS will shut down its internal DHCP server if it finds another on the network. DHCP services have not dropped, and no other devices were put on the network that would be a DHCP server (the AP's are WAPs only), and there's no routers, only switches. Can i find, as in can I set one up? It's a good thought. I'll take a second router with me, and set up a private network with one of the APs, as I'd rather not do anything to fsck with the SBS.

- OK. 3.04 is the latest for WAP54G v3 hardware. Did you try a hard reset after upgrading the WAP54G firmware?

That's a good question - whats a hard reset defined as on these things? With my BEFSR11, a hard reset was unplugging, holding down the reset switch for 5 seconds, and plugging it back in, which would wipe out the settings. With a WRT54G (v5) i discovered a hard reset was holding down the reset switch for 30 seconds, and needed to be done after upgrading the firmware (something I discovered only after an hours worth of beating my head against a desk because the little cisco logo kept lighting white, and it would ask for a firmware file when I opened the admin page). After I upgraded the firmware, I unplugged the device for 30 seconds, and plugged it back in. Must confess, I didn't follow the mfgr's specs for firmware upgrades. Are they different? I'll look into that today.

- You did say something that's stuck in my mind but I can't think exactly why at the moment..., But, Basically it had to do with one machine didn't start network services at all, and the other couldn't find a wireless card (but the fact it started the service, and then couldn't find a card - makes me think that the internal dell/windows stuff is starting no matter what, and then wigging out cuz a driver or something it needs isn't starting cuz of the safe boot). Got a USB dongle hanging around? You may want to give that a try, cuz even in safe mode it should look for USB devices.. Or even easier, does it have a switch for internal wlan stuff? You can just turn te internal off and let it use the dongle (so the built in and dongle don't conflict)

No, no USB wifi cards around. Only that PCMCIA card. Even in safe mode tho, I think i'd have the problem I had. The 'network service' didn't start, and wouldn't start. It wouldn't give me any network devices in the network connections control panel (wired or wireless), and the mfgr's wireless software would report 'no wireless card found'.

- You never mentioned the model number of the dell wireless cards that don't work with WPA.... Could it be one that doesn't support it?

I've got them jotted down on notes onsite - I'll be able to pull them up in a couple of hours. It's not just dell wireless tho, it's also intel internal wireless. All the cards are listed as supporting WPA, and I believe they do (my experience is that cards that don't support WPA see the network, and when you try to join it says its out of range

- these aren't doing that). Dell sent out a replacement internal Mini-PCI card that I installed, and am having the same trouble with. I'll get model numbers out today.

Hope this helps - really appreciate any insight! Thanks,

NM

Reply to
NeoMagick

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.