871W: Wi-fi to Wi-fi unreliable

I have a laptop on the wifi. It can connect to internet no problem. It can connect to almost every host on the wired LAN without problem.

There is an IPMI destination on the wired LAN which is sometimes accessible, sometimes not. (sometimes I can just start the GUI for server monitoring, and within a few minutes it will be able to connect, after which there is no problem - this never happens on the wired LAN portion). During failed attempts, the wi-fi device does get an ARP resolution for the IPMI destination.

Now howver, I try to ping or SSH to another wi-fi device (a phone) and it fails royally. I can telnet to a wired server from the laptop, and that server has no problem pinging or SSH to the phone.

So wi-fi to LAN seems to work. LAN to Wi-Fi seems to work. But Wi-fi to wi-fi seems to be a problem.

Is this common ? What should I look at in the config ?

While I am at it, for such a router, what would be the best way to run wireshark to scan all of the wi-fi traffic ? Can I do a port monitor on the BVI10 interface ?

Reply to
JF Mezei
Loading thread data ...

To test wifi connections (or others too:) I like to send a lot of pings. fping.exe is nice for this if you have windows.

formatting link
fping -s 1300 -t 0 -n 1000

add -i if you have any weird problems/error messages

You can use >1 instance if required.

If there is anything dodgy about the link you will see it right away.

Be aware that this application can send a lot of traffic and could affect network/system performance.

To use wireshark on wifi you need linux, or windows with the wireless pcap shim. The latter is commercial software and is not free (airpcap?). Alternatively you can use the free Windows Network Monitor from Microsoft. You may be able to save the files in wireshark format or wireshark may be able to read it's files. I may be a bit out of date on this, it is possible that someone has written a free shim now.

To capture traffic other than your own you will need a wireless card *and* driver that can be put in monitor mode.

Unless there is a bug in the router I would have thought that wifiwifi traffic should be no different to wifilan. Of course there are two wireless hops in the former case and BOTH would need to be working correctly.

The later IOS software can I seem to recall do packet capture to flash/network (12.4.twentysomething). On an

87x router however I would think that the performance would soon become CPU limited. You would not I would think see ethernetethernet traffic either unless routing between vlans or maybe bridging between vlans. It would work on BVI10 I guess. Check memory requirements before upgrading. Stated flash requirements now include the Web GUI thingy which of course is not essential. If the image fits the flash then you have enough flash:) For testing/ development purposes you could always boot over the network if you did not have enough flash. Not so wise for production:))
Reply to

I admit that I didn't follow the topology here. I got lost at IPMI.

OK, I've now googled IPMI, and I still don't get where it fits in. Guess I'd need to see a picture.

monitor on

Traffic on a BVI is strictly traffic to/from the router itself (i.e. where the router is the IP endpoint.) Transit traffic in the BVI's bridge group is just bridged by the router and does not touch the BVI.

You can see packets transmitted / received on the radio interface thus:

(send the radio driver debugs to the IOS logger, rather than writing them directly the console)

no debug dot11 d0 print printf

debug dot11 d0 trace print mgmt rcv xmt

standard IOS logging best practice pertains:

- worst practice is to log to the console at 9600 bps (i.e. the default)

- less bad practice is to log to the console at 115200 bps

- good practice is "no logging console" and use "terminal monitor" in a telnet/ssh session

- best practice is to log to a logging buffer

Is there a shim to take the output of these debugs and feed them into Wireshark, e.g. via text2pcap? Nope, haven't done it yet.

Yep, Netmon 3.4 now actually works (in Windows 7, not in XP) to capture wireless traffic. The data is saved in a Netmon 2 format that the production releases of Wireshark can't grok. However the latest 1.5 dev builds can read Netmon output.


Reply to
Aaron Leonard

Nor me, but I decided that it was not likely relevant to the problem and I ignored my ignorance completely. Maybe I'll google it tomorrow, or sometime.

Reply to

Ah yes. I was not clear enough on that, thanks.

I am not at all sure however that you are exactly correct either:-)

Surely a packet capture on a BVI will capture *both* traffic to and from the router and traffic *routed* by the router via the BVI? Or perhaps even more exactly, traffic addressed to the BVI's MAC address *or* addressed to the MAC broadcast address *or* traffic transmitted by the BVI? The received traffic may not be routed since no route may exist or perhaps ACLs may subsequently block the traffic.

It would not I would think capture traffic bridged within the bridge group.

I am frankly guessing here, but guessing based on my understanding of network architectures. Other behaviour would not make sense to me.

Thanks very much for your valued contributions.

Finally. BVIs of course can be used soley for managemnt traffic however I have used them frequently for routing traffic on 87x routers. This message will in fact be sent via such an interface on an 87xW.

interface Dot11Radio0.1 encapsulation dot1Q 23 no cdp enable bridge-group 23 bridge-group 23 subscriber-loop-control bridge-group 23 spanning-disabled bridge-group 23 block-unknown-source no bridge-group 23 source-learning no bridge-group 23 unicast-flooding

BVI23 10.x.x.x YES NVRAM up up

Reply to

IPMI is a subsystem in a server that has its own IP address and allows you to monitor the hardware of the server (temperartures, fan speeds etc), turn off or on the server itself etc. (in other words, this small piece of hardware remains active even when server is powered off).

Often, it uses the same physical ethernet port as the one used by the server for its own connectivity (IP etc). In other words, for Arp, there might be 2 IP addresses pointing to the same ethernet address.

My LAN machines never have problems connecting to the IPMI interface of the server. But wi-fi connected laptop often does (but not all the time).

This is why I thought it might be significant in trying to debug the inability of a laptop to connect to another wi-fi device.

Reply to
JF Mezei

Just an update on my problem.

Yesterday, I did success in having wi-fi laptop connect to wi-fi iphone. This morning, it didn't work, but about 10 minutes later, it magically worked.

While it did not work, the laptop did not resolve ARP for the iphone. But the router had the entry for it. (I believe I have arp-cache turned off, so this SHOULDN'T matter since the router would act as a bridge and handle arp broadcasts as it would on a wired lan).

This is starting to sound similar to the IPMI probelm where sometimes it works, sometimes it doesn't.

in the "base" interface, I have:

interface Dot11Radio0 no ip address ! encryption vlan 10 mode ciphers aes-ccm tkip wep128 ! broadcast-key vlan 10 change 600

Is it possible that this "change 600" would have anything to do with this sporadic "works, doesn't work ?"

Reply to
JF Mezei

Hi JF,

Actually, I've seen an issue where two wireless clients on an ISR couldn't ping each other, unless "ip local-proxy-arp" was turned

*on*. So you might play with this.

Yeah, first I would get rid of the "wep128" ... no need to do WEP nowadays. Any client that can do wep128 can do TKIP.

Then you can try changing the broadcast key rotation interval. We have seen clients that have a problem when the group key changes.


Reply to
Aaron Leonard

On my router, the only command is (config)# ip arp proxy disable

I have tried with and with a "no" but it didn't seem to make a difference.

It won't let me get rid of it ! I guess the router has some sentimental attachement to it ! I'll have to change the config and reboot it.

Changing it did cause the Mac laptop to freeze for a short while, indicating, I guess it was renegotiating it. I changed it to 24 hour rotation instead of 10 minutes. It didn't seem to make a difference.

What puzzles me is that sometimes it works, sometimes it doesn't. The router itself has the arp valid for both devices. But when it doesn't work, the arp on a device can remain incomplete, indicating that the ethernet broadcast didn't go through.

I guess I will have to run wireshark on the laptop to see what sort of traffic it sees. I still have a VMS cluster on the LAN, and that generates raw ethernet frames (SCS protocol, not IP). The laptops should get to see the SCS broadcasts.

Reply to
JF Mezei

Bringing back an old (unsolved) thread.

I rebooted my Cisco 870 router today. And My iphone and laptop, both on wireless were able to talk to each other when I tried right away and both were able to contact the IPMI interface on the server (on ethernet).


I (now) know that this model's claim to support 5 VLANs is bogus becauise it has 4 vlans hardcoded which you can't remove (so you can only support 1 VLAN).

Is it possible that the 870 would have limits in the number of MAC addresses it can know about either gobally, or on a per interface basis ?

(The IPMI port is on the same physical ethernet cable as the server's main ethernet interface)

(IPMI is for system management and is active even when server is powered down).

The problem or two wireless devices not talking to each other seems sporadic, same with wireless devices not able to reach the IPMI. But from the wired etehernet I have no problem reaching any device, wired or not.

Reply to
JF Mezei

Works on my Vista (Windows [Version 6.0.6002]) too, apparently in monitor mode, although I haven't used it seriously so I might be missing something.

Reply to


Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version

12.4(15)T7, RELEASE SOFTWARE (fc3) Cisco 877W (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of memory.

router#sh vlan-s

VLAN Name Status Ports

---- -------------------------------- ---------


1 default active Fa3 2 family active Fa0, Fa1, Fa2 3 test active 16 VLAN0016 active 1002 fddi-default act/unsup 1003 trcrf-default act/unsup 1004 fddinet-default act/unsup 1005 trbrf-default act/unsup

Nothing bogus there as far as I can see.

You do need a non-basic Feature Set. e.g. ADVIPSERVICES.

There are very probably hardware limits in the switch as there are in all switches. In the router bit, if bridging, the forwarding database and the ARP table will be in software and you will be limited only by system memory. How many MACs have you got?

I am not a wireless expert but I think you need to consider doing a survey for interference.

formatting link
be worth considering.

I would expect to see evidence of interference in the "show dot11 int" output. e.g. Retries, switching to low data rates, use of low data rates.

alt.internet.wireless has some good people and I have posted this there too.

Reply to

I have: router1#show version Cisco IOS Software, C870 Software (C870-ADVSECURITYK9-M), Version

12.4(15)T9, RELEASE SOFTWARE (fc5)

System image file is "flash:c870-advsecurityk9-mz.124-15.T9.bin"

And it won't let me create more than one VLAN.

My switch has 2 vlans defined (on top of the useless default ones) and is in vtp server mode.

Router doesn't accept vtp client and reverts to vtp transparent. (because it can't handle the 2 extra vlans).

I tried once to go to the cisco site to find the advanced software but it doesn't seem to want to let me download software for the 800 series routers. I may try again.

show mac on the router gives 12, but it lacks some. For instance it doesn't show the mac address of the BRAS router at the other end of a PPPoE interface.

Sort of strange that after rebooting, connectivity between wi-fi devices and between them and IPMI works fine.

Perhaps it may have limits on number of wi-fi devices. Since the reboot, it has only known about two. When I have friend over, perhaps the problem will re-occur.

Reply to
JF Mezei

#sh ver Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(15)T11, RELEASE SOFTWARE (fc2)

#sh vlan-switch

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa1, Fa2 2 SDSL active Fa3 10 Telefonie active 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1 enet 100001 1500 - - - - - 1002 1003 2 enet 100002 1500 - - - - - 0 0 10 enet 100010 1500 - - - - - 0 0 1002 fddi 101002 1500 - - - - - 1 1003 1003 tr 101003 1500 1005 0 - - srb 1 1002 1004 fdnet 101004 1500 - - 1 ibm - 0 0 1005 trnet 101005 1500 - - 1 ibm - 0 0

From running-conf: interface FastEthernet0 switchport trunk allowed vlan 1,3-4094 switchport mode trunk ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 switchport access vlan 2 !

#sh vtp status VTP Version : 2 Configuration Revision : 3 Maximum VLANs supported locally : 8 Number of existing VLANs : 7

Reply to

router1#show vtp status VTP Version : 2 Configuration Revision : 0 Maximum VLANs supported locally : 6 Number of existing VLANs : 6

So with the default software version, you have 5 default VLANs which you can't delete (vlan 1 and 4 strange ones), which leaves just 1 you can define.

Since I have the "crippled" version, I have to wonder what other artificial restrictions exist on the unit. When I purchased it, I figured 6 VLANS was plenty. Didn't know 6 vlans really meant just 1.

Reply to
JF Mezei

I don't know why your model only allows 6 while mine allows 8. I use 3 vlans and I would not have enough with 6 allowed either.

I agree with you that it sucks that you cannot delete those 4 fixed vlans. I don't use token ring and I never will. I don't need a token ring vlan.

Reply to

It is, always has been, and always will be the Cisco way to sell routers or whatever with a single set of marketing blurb then to have different versions of the software for different costs that offer various subsets of the functionality.

It's no different for cars or Microsoft Windows or any other complex product.

Maybe they should do it some other way but I bet that won't happen any time soon. You need to check the features you need against the documentation before purchase. If you can't understand the documentation then you need to hire someone who does.

My view is that the products are intended to be specified by experienced professionals just as steel beams for buildings might be. Complaining to a supplier of construction materials that you didn't know what you were doing when you ordered a hundred tons of steelwork but got the wrong stuff will I would guess cut no ice at all. It is the same here. Don't be fooled that an 800 series router only costs a few hundred pounds, as I think you know it has the same software features as a router that costs hundreds or thousands of times as much. The documentation for that $300 router extends to thousands and thousands of pages (I have no estimate now but 10 years ago when you could still get paper manuals the set looked like about 10 telephone directories and there are many times the number of features now).

Good luck:)

Reply to

Excuse me, but when the technical specification state it supports 6 VLANS, with no mention that there are 5 hardcoded VLANs that you can't change, how are you supposed to know that the router only has 1 user configurable VLAN ?

I have see no documentation specific to that router. There is the generic IOS documentayyion for that version. But that documentation doesn't mention for instance that only FA4 can be used for PPPoE connections, or that you need to create a BVI device to link your LAN to the WI-FI to the external (routed) internet.

No amount of reading helped for those problem, it was trial and error and using Google (and this group). And Google is bad because 99% of stuff you find are questions such as "what is =wrong with this config". So the config examples you find don't really help when they are tagged as not working !

The reason I ask is that my experience is that Cisco did not properly document the artificial restrictions in the 800 series routers and I am wondering if there are wi0-fi limitation on number of devices supported etc.

Reply to
JF Mezei

I agree with you. I would expect that when there are 6 possible VLANs, there could be 1 that is already defined and difficult to change or remove (the default VLAN which is normally number 1). But I would not guess that there are 4 other useless VLANs that you cannot remove and never use. I have never seen those 4 VLANs defined in a switch or router before I first had a 87x router. These VLANs seem to be there only for the convenience of Cisco and they should have been clearly mentioned in any documentation about the number of VLANs supported. There is no common practice of having those fixed VLANs in a product, and even when you would have "hired someone" there would have been a fat chance that this person would not have known about this problem when he had not accidentally encountered it before.

Reply to

JF Mezei schrieb:

AFAIR the 870 series support up to 4 user defined VLANs for the built-in ethernet switch with the Advipservices or adventerprise IOS images. The default advsecurity won't ( or you use 12.4(11)XJ4 ).

I have 3 VLANs on my 876 up and running.

the difference between switchports and routed ports is not clearly stated for FE0-FE3 (switchport only) and FE4 (routed port only)

You *can* do PPPoE also on a switchport if you can sacrifice a VLAN on the ethernet switch ;-)

You can add Wireless VLANs by not bridging them to Ethernet but assigning a routed IP address to the Dot11Radio0.subinterface instead.

What I miss most in Advsecurity is DMVPN (which is included in Advsecurity for the older 1700 routers).

Reply to
Uli Link

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.