1. Home
  2. Cisco Systems
  3. Cisco 851W - Numerous problems

Cisco 851W - Numerous problems

I have a customer who wanted to ditch his wired network, and go wireless. Okay, I say. But lose the POS Linksys and get a REAL router. So we picked up the Cisco 851W. I have to tell you, this little think has been NOTHING but problems. If ANYONE can help me, I would be greatly appreciative. I have always been a supporter of Cisco products, but the wireless on this device has be reconsidering my position. I'm a CCNA, just FYI. Please, any suggestions are welcome!

### Problem 1. Signal strength seems to be abnormally week. This is just 30 meters away, down the hall.. nearly line of sight. We have tried two different net cards. The behaviour is that the client see the ap, associates with a decent signal strength, then for NO apperant reason, the signal drops and the client is therefore disassociated. Very frustrating as this seems to be SO close to the AP for this to be happening. (NO other ap's are in the area and no 2.4Ghz phones either.) Can some one offer me ANY tips and what do do here? How to troubleshoot, etc. The client in question, the Cisco log has a ton of these regarding this specific client:

008931: May 9 18:14:21.099 PCTime: *** TKIP Replay: TA=0014.bf77.9586, RSC=0x7,TSC=0x6 008932: May 9 18:14:21.827 PCTime: *** TKIP Replay: TA=0012.1790.b512, RSC=0x3,TSC=0x2 008933: May 9 18:14:21.851 PCTime: *** TKIP Replay: TA=0012.1790.b512, RSC=0x4,TSC=0x3 008934: May 9 18:14:22.043 PCTime: *** TKIP Replay: TA=0012.1790.a166, RSC=0x6,TSC=0x5 008935: May 9 18:14:22.835 PCTime: *** TKIP Replay: TA=0012.1790.b512, RSC=0x5,TSC=0x4 008936: May 9 18:14:23.763 PCTime: *** TKIP Replay: TA=0012.1790.b512, RSC=0x6,TSC=0x5 008937: May 9 18:14:23.835 PCTime: *** TKIP Replay: TA=0012.1790.b512, RSC=0x14,TSC=0x13008938: May 9 18:14:24.579 PCTime: *** TKIP Replay: TA=0012.1790.a1cd, RSC=0x3,TSC=0x2 008939: May 9 18:14:24.591 PCTime: *** TKIP Replay: TA=0012.1790.a1cd, RSC=0x4,TSC=0x3 008940: May 9 18:14:25.539 PCTime: *** TKIP Replay: TA=0012.1790.a1cd, RSC=0x5,TSC=0x4 008941: May 9 18:14:26.539 PCTime: *** TKIP Replay: TA=0012.1790.a1cd, RSC=0x6,TSC=0x5 008942: May 9 18:14:28.619 PCTime: *** TKIP Replay: TA=0012.1790.a166, RSC=0x11,TSC=0x10008943: May 9 18:14:43.131 PCTime: *** TKIP Replay: TA=0014.bf77.9586, RSC=0x3,TSC=0x2 We are running WPA-PSK with TKIP, but even if we were not, I have a feeling something is amis elsewhere. Please help.

### Problem 2. When a certain client attempts to connect to the ap, ALL other client associations are droped by the Cisco and this shows up in the log:

008914: May 9 18:13:28.919 PCTime: %DOT11-4-TKIP_MIC_FAILURE: TKIP Michael MIC failure was detected on a packet (TSC=0x15) received from 0015.0039.d003. 008915: May 9 18:13:28.919 PCTime: %DOT11-3-TKIP_MIC_FAILURE_REPEATED: Two TKIP Michael MIC failures were detected within 29 seconds on Dot11Radio0 interface. The interface will be put on MIC failure hold state for next 15 seconds. I repeat, NO clients are able to connect while this particular client tries to connect. This is EXTREMELY unerving that one single client can bring down the whoel network. Can some please help me as what to do here!?

That about is, I think. There are others problem (all related to the network) with just overall poor performance and TERRIBLE stability. The customer in question used to have an Actiontec just for simple wifi access and the said they NEVER had a problem with it. Needless to say, this looks REALLY bad for Cisco and for myself. Again, any help is appreciated.

Reply to
ponga
Loading thread data ...

post show version and config

Reply to
Merv

Merv wrote:

=~=~=~=~=~=~=~=~=~=~=~==~=~=~=~=~=~=~=~=~=~=~==~=~=~=~=~=~=~=~=~=~=~= gw01#sh ver Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version

12.4(4)T2, RELEASE SOFTWARE (fc1) Technical Support:
formatting link
(c) 1986-2006 by Cisco Systems, Inc. Compiled Wed 22-Feb-06 21:02 by ccai

ROM: System Bootstrap, Version 12.3(8r)YI2, RELEASE SOFTWARE

gw01 uptime is 3 days, 13 hours, 10 minutes System returned to ROM by reload System restarted at 19:46:35 PCTime Sat May 6 2006 System image file is "flash:c850-advsecurityk9-mz.124-4.T2.bin"

This product contains cryptographic features and is subject to United States and local country laws governing import, export, transfer and use. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption. Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

formatting link
If you require further assistance please contact us by sending email to snipped-for-privacy@cisco.com.

Cisco 851W (MPC8272) processor (revision 0x200) with 59392K/6144K bytes of memory. Processor board ID FHK101524KR MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10

5 FastEthernet interfaces 1 802.11 Radio 128K bytes of non-volatile configuration memory. 20480K bytes of processor board System flash (Intel Strataflash)

Configuration register is 0x2102

=~=~=~=~=~=~=~=~=~=~=~==~=~=~=~=~=~=~=~=~=~=~==~=~=~=~=~=~=~=~=~=~=~= gw01#sh run Building configuration...

Current configuration : 8399 bytes ! ! NVRAM config last updated at 16:34:08 PCTime Tue May 9 2006 by root ! version 12.4 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname gw01 ! boot-start-marker boot-end-marker ! logging buffered 51200 debugging logging console critical enable secret 5 $1$Whfy$f5ROw.AG345UQFdQhv/aT. ! aaa new-model ! ! aaa group server radius rad_eap ! aaa group server radius rad_mac ! aaa group server radius rad_acct ! aaa group server radius rad_admin ! aaa group server tacacs+ tac_admin ! aaa group server radius rad_pmip ! aaa group server radius dummy ! aaa authentication login eap_methods group rad_eap aaa authentication login mac_methods local aaa authorization ipmobile default group rad_pmip aaa accounting network acct_methods start-stop group rad_acct ! aaa session-id common ! resource policy ! clock timezone PCTime -7 dot11 activity-timeout unknown default 86400 dot11 activity-timeout client default 86400 ip subnet-zero no ip source-route no ip dhcp use vrf connected ip dhcp excluded-address 192.168.1.1 192.168.1.99 ip dhcp excluded-address 192.168.1.200 192.168.1.254 ! ip dhcp pool sdm-pool1 import all network 192.168.1.0 255.255.255.0 dns-server 192.168.1.10 default-router 192.168.1.2 domain-name bizname.tld ! ! ip cef ip inspect name DEFAULT100 cuseeme ip inspect name DEFAULT100 ftp ip inspect name DEFAULT100 h323 ip inspect name DEFAULT100 icmp ip inspect name DEFAULT100 rcmd ip inspect name DEFAULT100 realaudio ip inspect name DEFAULT100 rtsp ip inspect name DEFAULT100 esmtp ip inspect name DEFAULT100 sqlnet ip inspect name DEFAULT100 streamworks ip inspect name DEFAULT100 tftp ip inspect name DEFAULT100 tcp ip inspect name DEFAULT100 udp ip inspect name DEFAULT100 vdolive ip tcp synwait-time 10 no ip bootp server ip domain name azconagg.com ip name-server 192.168.1.10 ip ssh time-out 60 ip ssh authentication-retries 2 ! ! crypto pki trustpoint TP-self-signed-2008324883 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2008324883 revocation-check none rsakeypair TP-self-signed-2008324883 ! ! crypto pki certificate chain TP-self-signed-2007324883 certificate self-signed 01 30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101

04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32303038 33323438 3833301E 170D3032 30333031 30303039 31305A17 8072198E 31303130 30303030 305A3031 312F302D 8072198E 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 30303833 32343838 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100E664 E710312A 16920E03 31649F34 54CCAD58 DB6DE3A9 843CAF3A 0A8E66AF FA3A5771 AAE210E5 BBD4E636 8072198E 88736CC2 4B16D9B6 4C291E9C FC7D0089 C467ABF9 794B3CBB 16847AD1 60A53C4B 2E42D25A E0A29A9A 49542EFE 7E615469 7E8D6A92 DDDB32C2 7B94BC47 BD59F206 10D60441 B66097DF 5223BF33 BB50E33B 999B0203 010001A3 71306F30 0F060355 1D130101 FF040530 030101FF 301C0603 551D1104 15301382 11677730 312E617A 636F6E61 67672E63 6F6D301F 0603551D 23041830 1680140C D768292E D1DDDB32 C2341A00 49C497D1 B6AA4B30 1D060355 1D0E0416 04140CD7 68292ED1 DDDB32C2 341A0049 C497D1B6 8072198E 06092A86 4886F70D 8072198E 00038181 0064A08F 1F0DE936 87D0165F 4803DAED 383EBFDE 0539ED4C C0E2AFA7 9E6E7DCD 17D0F36C 21305B5F 783B48C2 CF11EDA1 4060EC8F 4077D502 79A6EDD2 14BA6576 BAD54C4D 90457FDE 23D23864 1F3A76A3 690AB462 C316D8FB 541C97BF F52CC788 9D67F0E2 3F97D3D5 B4ACAF7E AD5C7917 9F0CE002 07B97FD2 3D9F3E0F 4F80FDAA A7 quit username admin privilege 15 secret 5 $1$GVru$5m3rE2JkjdbLW8gVnmzF721 ! ! ! bridge irb ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 description $FW_OUTSIDE$$ES_WAN$ ip address 192.168.0.254 255.255.255.0 ip access-group 101 in no ip redirects no ip unreachables no ip proxy-arp ip inspect DEFAULT100 out ip nat outside ip virtual-reassembly ip route-cache flow duplex auto speed auto ! interface Dot11Radio0 no ip address countermeasure tkip hold-time 15 ! encryption mode ciphers tkip ! ssid azconagg max-associations 254 authentication open authentication key-management wpa guest-mode wpa-psk ascii 7 072C334D5E584B5643 ! speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$ no ip address bridge-group 1 ! interface BVI1 description $ES_LAN$$FW_INSIDE$ ip address 192.168.1.2 255.255.255.0 ip access-group 100 in ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! ip default-gateway 192.168.0.1 ip classless ip route 0.0.0.0 0.0.0.0 192.168.0.1 ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 5 life 86400 requests 10000 ip nat inside source list 1 interface FastEthernet4 overload ip nat inside source static udp 192.168.1.10 53 interface FastEthernet4 53 ip nat inside source static tcp 192.168.1.10 53 interface FastEthernet4 53 ip nat inside source static tcp 192.168.1.10 21 interface FastEthernet4 21 ip nat inside source static tcp 192.168.1.10 22 interface FastEthernet4 22 ip nat inside source static tcp 192.168.1.10 80 interface FastEthernet4 80 ip nat inside source static tcp 192.168.1.10 25 interface FastEthernet4 25 ip nat inside source static tcp 192.168.1.10 110 interface FastEthernet4 110 ip nat inside source static tcp 192.168.1.10 143 interface FastEthernet4 143 ip nat inside source static tcp 192.168.1.10 443 interface FastEthernet4 443 ip nat inside source static tcp 192.168.1.10 900 interface FastEthernet4 900 ip nat inside source static tcp 192.168.1.10 993 interface FastEthernet4 993 ip nat inside source static tcp 192.168.1.21 3389 interface FastEthernet4 3389 ! logging trap debugging access-list 1 remark INSIDE_IF=BVI1 access-list 1 remark SDM_ACL Category=2 access-list 1 permit 192.168.1.0 0.0.0.255 access-list 100 remark auto-generated by Cisco SDM Express firewall configuration access-list 100 remark SDM_ACL Category=1 access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 101 remark auto-generated by Cisco SDM Express firewall configuration access-list 101 remark SDM_ACL Category=1 access-list 101 permit tcp any any eq 3389 access-list 101 permit tcp any any eq 993 access-list 101 permit tcp any any eq 900 access-list 101 permit tcp any any eq 443 access-list 101 permit tcp any any eq 143 access-list 101 permit tcp any any eq pop3 access-list 101 permit tcp any any eq smtp access-list 101 permit tcp any any eq www access-list 101 permit tcp any any eq 22 access-list 101 permit tcp any any eq ftp access-list 101 permit tcp any any eq domain access-list 101 permit udp any any eq domain access-list 101 permit udp host 192.168.1.10 eq domain any access-list 101 permit udp any eq bootps any eq bootpc access-list 101 deny ip 192.168.1.0 0.0.0.255 any access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any time-exceeded access-list 101 permit icmp any any unreachable access-list 101 deny ip 10.0.0.0 0.255.255.255 any access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip host 255.255.255.255 any access-list 101 deny ip any any no cdp run radius-server attribute 32 include-in-access-req format %h radius-server vsa send accounting ! control-plane ! bridge 1 protocol ieee bridge 1 route ip banner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C ! line con 0 no modem enable transport output telnet line aux 0 transport output telnet line vty 0 4 privilege level 15 transport input telnet ssh ! scheduler max-task-time 5000 scheduler allocate 4000 1000 scheduler interval 500 end

-- THANKS!

Reply to
ponga

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.