Unstable Cisco Aironet 1231

Unanswered Question
Mar 13th, 2007

I have one Cisco Aironet 1231 access point. It does not use any kind of (server) functionality outside the Cisco device.

I have one SSID and uses WPA-PSK (TKIP).

The configuration seams wary straight forward, but something is wrong.

The access point seams to be unstable. The clients use long time to connect to the access point and it looses connection a lot of times a day. Can I do something to speed up the ?negotiation process? ?

What could be the course of instability?

The configuration was made with the ?web configurator?, but I have a SSH/telnet dump:

Best Regards

Martin

---------------------------------------------------------------------------------

AP1#sh run

Building configuration...

Current configuration : 2227 bytes

!

version 12.3

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname AP1

!

enable secret xxx

!

clock timezone GMT 1

ip subnet-zero

ip domain name mydom.com

!

!

aaa new-model

!

!

aaa group server radius rad_eap

!

aaa group server radius rad_mac

!

aaa group server radius rad_acct

!

aaa group server radius rad_admin

!

aaa group server tacacs+ tac_admin

!

aaa group server radius rad_pmip

!

aaa group server radius dummy

!

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authorization exec default local

aaa accounting network acct_methods start-stop group rad_acct

aaa session-id common

!

dot11 ssid myssid

authentication open

authentication key-management wpa

guest-mode

wpa-psk ascii xxx

!

!

!

username Cisco password xxx

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption mode ciphers tkip

!

ssid myssid

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0

channel 2412

station-role root

no cdp enable

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

no cdp enable

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

hold-queue 160 in

!

interface BVI1

ip address 192.168.1.105 255.255.255.0

no ip route-cache

!

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

ip radius source-interface BVI1

!

access-list 111 permit tcp any any neq telnet

no cdp run

radius-server local

no authentication leap

no authentication mac

!

radius-server attribute 32 include-in-access-req format %h

radius-server vsa send accounting

!

control-plane

!

bridge 1 route ip

!

!

!

line con 0

access-class 111 in

line vty 0 4

access-class 111 in

!

sntp server 212.242.xx.207

sntp broadcast client

end

AP1#

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
scottmac Fri, 03/16/2007 - 17:30

It sounds like interference.

Run NetStumbler (www.netstumbler.com - free) on a laptop and scan the area to see which channel is clearest, and use it.

If you're using Intel NICs/chipsets, make sure they are using current drivers. Some of the older drivers / software are "a little flakey."

Good Luck

Scott

maan449mwa Sat, 03/17/2007 - 11:00

Hi thank you for your answer.

I will try to do a scanning?

But I was thinking, could it have something with the ?hardware negotiation process? to do?

Some time ago I had a cisco switch on a desktop network. The switch missed the line:

?switchport mode access?. If the line is missing the dhcp takes a long time?

On an access-point, is there a ?hardware negotiation process??

Maybe I could turn on ?switchport mode access?, or something else..?

Best regards

Martin

scottmac Mon, 03/19/2007 - 19:12

While there is a negotiation process between the AP and client, it all happens pretty quickly in a typical (i.e., not severely overloaded) system.

The "access port" problem you described was (probably) because of spanning-tree, that should not be an issue here ... the AP is connected to the switch, and the port is active .. all the spanning-tree stuff should have already occurred.

Try a scan. Find the clearest channel of 1, 6, or 11 and configure your AP for that channel and let us know how it works out.

Good Luck

Scott

maan449mwa Thu, 03/22/2007 - 08:48

Now I am using the channel 13, no one is using that one.

After some time the clients still drops the connection for a short time.

(In windows XP I see a "connected to access point" balloon-tip).

It does not disconnect for more that a second, but that is enough time for the program Navision to loose connection completely.

Can I do something I can do to force a network card to stay on access-point?

scottmac Thu, 03/22/2007 - 09:38

Check your client software; many have a "feature" that you can enable/disable for permitting the NIC to powered down by the OS when "idle."

There are some other flavors of "Power Save" mode that might be in-play as well.

Check your drivers, disable any power savers or "sleep" features.

Good Luck

Scott

maan449mwa Mon, 03/26/2007 - 01:33

If I scan the wireless network I see about 20 access-points!!

Should I consider buying a "stronger" antenna?

Maybe this one:

Cisco Aironet High Gain Omnidirectional Ceiling Mount Antenna - Antenne - omni-directional - 5.2 dBi

AIR-ANT1728

Something better?

Best Regards

Martin

scottmac Mon, 03/26/2007 - 07:44

A "stronger" (more gain) antenna probably won't help. An antenna that transmits with more gain also receives with more gain ..(basically, the same situation, but all of the signals are "louder")

The general remedy, aside from the obvious of going to the least populated channel or moving to the 802.11a band, is usually to add more access points, all using some flavor of "sector" antenna (and / or "patch" antennas) to localize the area of interest.

Because the antennas are covering a more specific area (and usually smaller area), it is usually the case that more APs are needed.

"Seeing" 20 APs is not that alarming ... check the signal strength of each, many will usually be well-below the level that would cause serious interference. The specific level will vary, depending on the location relative to the AP<->client relationship.

If you're seeing 20 APs, and their signal strength is roughly the same as your APs or a little lower, then you've got a problem that only a sectorized antenna system can cure.

Good Luck

Scott

Actions

This Discussion