Frequent disassociation on APs while running 802.1x

Unanswered Question
Jul 19th, 2007
User Badges:

We are running Cisco 12xx APs in autonomous mode. Wireless clients seem to to disconnect at regular intervals - for some it's about every 30 sec and for others it's about every few

minutes. We have the APs select the least congested channel dynamically. We have further tried both the default radio settings as well as experimented with Best Range and Best Throughput options but the problem seems to stay.


The utilization on APs is only a few % so it processing does not seem to be the issue. We have seen clients jumping between APs while stationary on their desk as well as reassociating with the same APs within minutes. And the strange thing is that this problem occurs on some APs and not on others with some clients and not with all of them.


Clients have wireless settings pushed through GPO (using Windows wireless settings). Most wireless cards are built-in Intel model (2200BG/3945ABG series).


This is happening only after moving from static WEP to 802.1x.


I am wondering about the Association page on APs that give an 'inactivity timeout'. I have not seen a clear definition/use of this configuration. Right now it is set to a default 60 seconds for all devices.


Appreciate any help.


Thanks.


MAG


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rnigam Thu, 07/19/2007 - 08:29
User Badges:

What do you see on the events log of the AP?

magurwara Thu, 07/19/2007 - 08:51
User Badges:

We see mostly dissassociation messages like ...


"the station has left the BSS"


and


"xxxx.xxxx.xxxx has roamed to xxxx.xxxx.xxxx"



dbrennan_1 Thu, 07/19/2007 - 11:07
User Badges:

A couple qucik things to check:

-make sure users w/ this problem do not have multiple instances of the same SSID or profile.

-disable the lower data rates(1Mbps, 2Mbps, 5.5Mbps, etc) on your APs

magurwara Thu, 07/19/2007 - 22:15
User Badges:

I checked. Only one instance of SSID profile is there.


Are you suggesting that by disabling the lower data rates we will be able to reduce/limit the effective range of the APs? Perhaps allowing clients to connect to only best available APs?

dbrennan_1 Fri, 07/20/2007 - 04:27
User Badges:

Yes this should force clients to connect only to best available APs with less hand-offs happening. The range of the APs would be more in line with the power level assignment of the AP.

andrew.brazier@... Fri, 07/20/2007 - 04:29
User Badges:
  • Bronze, 100 points or more

Make sure you're using the latest drivers for the Intel cards, you can suffer from all sorts of odd problems if using older ones.

magurwara Fri, 07/20/2007 - 06:03
User Badges:

I have recommended the following to the client:


1) Adjust Association inactivity timers on the APs (does this actually play any role...the default was set to 60 seconds and I had them change to 3600 seconds)

2) update wireless drivers to latest version

3) Install MS patch KB893357

4) Balance range/throughput settings on AP to get cells with the right amount of overlap.

5) Have an RF site survey conducted


Appreciate all the responses.


Thanks.


MAG

magurwara Fri, 07/20/2007 - 08:51
User Badges:

While there is a difference in the protocols (static WEP vs. EAP), could this cause such a marked difference in AP performance that we need to take all the suggested measures i.e. the various suggestions that have been received like .... disabling lower data rates, increasing Association inactivity timeouts, etc.


I would think it is primarily the driver side protocol processing that might be the major cause.


Essentially, what I would like to have answered is why the same set of APs are working fine with static WEP while having problems with 802.1x. There is no loss (at least no observable loss) of packets between the RADIUS server (cisco ACS 4.0) and the APs.

Actions

This Discussion

 

 

Trending Topics - Security & Network