WAP4410N Not Connected

Unanswered Question
Sep 9th, 2009

I have a new WAP4410 that loses connection to our LAN after various amount of time.  It doesn't even have to be in use, it just stops responding.  My wireless clients are still connected to the AP, but no traffic gets past the access point.  Similarly wired clients cannot ping/connect to the wireless clients or AP.  The up time (or down time) is not consistent. If it does not come back 'online' in after a few minutes then I must power cycle the AP.  I have been through all the discussion threads here without any resolution.  Any help with this is appreciated.

Here is my network setup:  DFL-300 Router (DHCP Server/Firewall), Dell PowerConnect 2748 Web Managed Switch, and the WAP4410N.  The AP is set to B/G mixed mode, with two SSID's broadcasting.  Each uses WPA2-Personal Mixed security.  VLAN and MAC address control are disabled.  I currently have wireless web access enabled (so I can still access it while unresponsive).  It is hardware revision 12 with the latest firmware.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
kjjump105 Thu, 09/10/2009 - 05:14

It came loaded to, but just to make sure there were not any diferences I downloaded WAP4410N-fw- and installed it yesterday.  From the logs it looks like it was down for 2 minutes around 3AM last night.  It was up when I got in this mornining, and now it's down again.  This is extremely frustrating.

gloomrider Sat, 09/12/2009 - 11:49


The thread referenced hasn't had any new information posted.  Does Cisco believe this is fixed?

streaves Mon, 09/14/2009 - 11:15

Hello KJ -- Thanks for the post. Can you please provide:

1. log file from your device and

2. verify the firmware version: 1.0.12 or



kjjump105 Mon, 09/14/2009 - 11:27

It is using firmware

Jan  1 00:00:13 kernel: [][00:21:6A:2D:BB:D0] SUBTYPE_AUTH
Jan  1 00:00:13 kernel: [PBS_WAP][00:21:6A:2D:BB:D0] Associated
Jan  1 00:00:13 hostapd: ptk update success
Jan  1 00:00:55 kernel: [][00:16:44:D2:43:91] SUBTYPE_AUTH
Jan  1 00:00:55 kernel: [PBS_WAP][00:16:44:D2:43:91] Associated
Jan  1 00:00:55 hostapd: ptk update success
Jan  1 00:02:38 kernel: [][00:21:6A:2D:BB:D0] SUBTYPE_AUTH
Jan  1 00:02:38 kernel: [PBS_WAP][00:21:6A:2D:BB:D0] Associated
Jan  1 00:02:41 kernel: [][00:21:6A:2D:BB:D0] SUBTYPE_AUTH
Jan  1 00:02:41 kernel: [PBS_WAP][00:21:6A:2D:BB:D0] Associated
Jan  1 00:02:42 hostapd: ptk update success
Jan  1 00:05:23 kernel: [PBS_WAP][00:21:6A:2D:BB:D0] Deauthenticated
Jan  1 00:05:43 kernel: [][00:21:6A:2D:BB:D0] SUBTYPE_AUTH
Jan  1 00:05:43 kernel: [PBS_WAP][00:21:6A:2D:BB:D0] Associated
Jan  1 00:05:43 hostapd: ptk update success
Sep 10 14:56:13 kernel: [PBS_WAP][00:21:6A:2D:BB:D0] Deauthenticated
Sep 10 14:56:53 Syslogd start up
Sep 10 15:14:35 kernel: [][00:23:08:74:4B:08] SUBTYPE_AUTH
Sep 10 15:14:35 kernel: [PBS_WAP][00:23:08:74:4B:08] Associated
Sep 10 15:14:35 hostapd: ptk update success
Sep 10 15:14:35 kernel: [PBS_WAP][00:23:08:74:4B:08] Deauthenticated
Sep 10 15:14:36 kernel: [][00:23:08:74:4B:08] SUBTYPE_AUTH
Sep 10 15:14:36 kernel: [PBS_WAP][00:23:08:74:4B:08] Associated
Sep 10 15:14:36 hostapd: ptk update success
Sep 10 15:16:47 kernel: [PBS_WAP][00:23:08:74:4B:08] Deauthenticated
Sep 10 15:16:48 kernel: [][00:23:08:74:4B:08] SUBTYPE_AUTH
Sep 10 15:16:48 kernel: [PBS_WAP][00:23:08:74:4B:08] Associated
Sep 10 15:16:48 hostapd: ptk update success
Sep 10 15:21:56 syslog: wlan0_isolation is change to 0
Sep 10 15:22:02 kernel: [][00:16:44:D2:43:91] SUBTYPE_AUTH
Sep 10 15:22:02 kernel: [PBS_WAP][00:16:44:D2:43:91] Associated
Sep 10 15:22:03 hostapd: ptk update success
Sep 10 15:22:07 kernel: [][00:23:08:74:4B:08] SUBTYPE_AUTH
Sep 10 15:22:07 kernel: [PBS_WAP][00:23:08:74:4B:08] Associated
Sep 10 15:22:07 hostapd: ptk update success
Sep 10 15:22:20 syslog: wlan0_isolation is change to 1
Sep 10 15:22:26 kernel: [][00:16:44:D2:43:91] SUBTYPE_AUTH
Sep 10 15:22:26 kernel: [PBS_WAP][00:16:44:D2:43:91] Associated
Sep 10 15:22:26 kernel: [][00:23:08:74:4B:08] SUBTYPE_AUTH
Sep 10 15:22:26 kernel: [PBS_WAP][00:23:08:74:4B:08] Associated
Sep 10 15:22:27 hostapd: ptk update success
Sep 10 15:22:27 hostapd: ptk update success
Sep 10 15:26:40 kernel: [PBS_WAP][00:23:08:74:4B:08] Deauthenticated
Sep 10 15:26:41 kernel: [][00:23:08:74:4B:08] SUBTYPE_AUTH
Sep 10 15:26:41 kernel: [PBS_WAP][00:23:08:74:4B:08] Associated
Sep 10 15:26:41 hostapd: ptk update success
Sep 10 15:26:48 kernel: [PBS_WAP][00:23:08:74:4B:08] Deauthenticated
Sep 10 15:26:49 kernel: [][00:23:08:74:4B:08] SUBTYPE_AUTH
Sep 10 15:26:49 kernel: [PBS_WAP][00:23:08:74:4B:08] Associated
Sep 10 15:26:49 hostapd: ptk update success
Sep 11 08:05:22 kernel: [][00:21:6A:2D:4E:64] SUBTYPE_AUTH
Sep 11 08:05:22 kernel: [PBS_WAP][00:21:6A:2D:4E:64] Associated
Sep 11 08:05:22 hostapd: ptk update success
Sep 11 09:07:55 kernel: [][00:21:6A:2D:BB:D0] SUBTYPE_AUTH
Sep 11 09:07:55 kernel: [PBS_WAP][00:21:6A:2D:BB:D0] Associated
Sep 11 09:07:55 hostapd: ptk update success
Sep 11 09:07:56 kernel: [PBS_WAP][00:21:6A:2D:BB:D0] Deauthenticated
Sep 11 10:11:54 kernel: [PBS_WAP][00:21:6A:2D:4E:64] Deauthenticated
Sep 11 14:59:40 kernel: [][00:23:08:74:4B:08] SUBTYPE_AUTH
Sep 11 14:59:40 kernel: [PBS_WAP][00:23:08:74:4B:08] Associated
Sep 11 14:59:40 hostapd: ptk update success
Sep 11 14:59:42 kernel: [PBS_WAP][00:23:08:74:4B:08] Deauthenticated
Sep 11 14:59:43 kernel: [][00:23:08:74:4B:08] SUBTYPE_AUTH
Sep 11 14:59:43 kernel: [PBS_WAP][00:23:08:74:4B:08] Associated
Sep 11 14:59:43 hostapd: ptk update success
Sep 13 23:08:10 kernel: [][00:16:44:D2:43:91] SUBTYPE_AUTH
Sep 13 23:08:10 kernel: [PBS_WAP][00:16:44:D2:43:91] Associated
Sep 13 23:08:10 kernel: [PBS_WAP][00:16:44:D2:43:91] Deauthenticated

William Childs Tue, 09/15/2009 - 00:12


I was just curious to know how secure your wireless password was, and what encryption method you are using. This looks like the type of attack a wireless hacker would use to capture the WPA/WPA2 handshake to run a bruteforce attack on it. I know of software that can do this (I have successfully done it myself for password testing purposes) and then run a dictionary attack on the handshake. It does this by knocking clients off the wireless network (sending deauth packets to the AP or the client directly) and then capturing the handshake when the client continues to use the AP. A dictionary attack ensues and eventually the password is cracked.

Only the most secure passwords will prevent this from happening. The only other way to mitigate this kind of attack is to no longer use TKIP and switch only to AES as there is currently not a way (yet that I know of) to crack AES. If your wireless clients do not support AES I would recommend upgrading the wireless cards/drivers. I am not sure whether this attack can actually shutdown an AP but if enough deauth packets are sent it would make the ap unusable for the clients.

Best of Luck,


kjjump105 Tue, 09/15/2009 - 06:24


Thanks for the reply.  I am currently using WPA2-Personal Mixed authentication, with a 25 character alphaneumaric key. We have a number of older laptops that currently do not support WPA2/AES, so I will look into updating their drivers.  Our office is in rural Indiana with closest building (not part of our offices) at least a quarter mile away.  If I understand this type of attack correctly wouldn't the hacker need to be close enough to use the wireless signal?

Would this type of attack also prevent me from logging into the web setup utility from a wired computer (or for that matter prevent me from pinging it)?

gloomrider Tue, 09/15/2009 - 06:33

While one way to interpret that log output is a "de-auth" attack, another is hardware/software bug.  The problem with clients losing connectivity to the WAP4410N is widely reported.  I suspect many AP users would take issue with the explanation that they're simply under attack and there's nothing wrong with the access point.  The only way to really troubleshoot this is to temporarily substitute an AP from another vendor and see if the problem is resolved.  In my environment, the substitution absolutely fixed the problem.  It's unfortunate that Cisco can't or (I hope this isn't the case) won't bother to try and duplicate these problems in their lab environment(s).  If the dialog in this forum is the total of effort Cisco is putting in to resolving this issue, it's pretty safe to say it will never be fixed.

William Childs Tue, 09/15/2009 - 23:17

The best way to get some resolution to this issue is to call the SBSC @ 1-866-606-1866 and open a case with the engineer. This will most likely result in doing some troubleshooting and the case being escalated. You should also point the engineer to the forum thread (this one) and have him/her note in the case everything that has been done. Then the escalation team can contact you and work on it from there. Make sure you have the serial number when you call.


kjjump105 Fri, 09/18/2009 - 05:24

I've been doing some testing with the WAP4410N.  I took it home and have been using it there.  I have had no problems with it - 4 days now.  This leads me to believe our network could be causing the problem.  Any ideas?  Again our router (D-Link DFL300) handles our DHCP and firewall,  DNS is handled by our server(s) (DNS set up on 2 servers), and everything is attached to a Dell PowerConnect 2748 switch.  We also use Symantec Endpoint Protection.

gloomrider Fri, 09/18/2009 - 05:53

I've seen similar behavior.  I narrowed it down to a laptop with Intel IPW 2200 and Windows XP.  Taking the machine out of the environment seemed to cause the WAP4410N to stay up much longer.  HOWEVER, swapping the WAP4410N with a Netgear WG302 enabled the laptop to happily coexist and the AP has been up for over 3 weeks and counting.

So yes, a client may be "causing" the problem, or you could say the WAP4410N has a problem that certain clients expose.

kjjump105 Wed, 09/23/2009 - 06:47

I believe I solved my problem.

I found an error in the DNS settings our DHCP was passing to clients, corrected that.  I also removed the DNS entries from the network section of the AP.  The WAP4410N has been up (at my office) since last Saturday, without any problems.

I hope this helps some of the people still having issues, and thanks to everyone in for their help.


This Discussion

Related Content