Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9410
Views
0
Helpful
13
Replies

WAP4410N Not Connected

kjjump105
Level 1
Level 1

‎09-09-2009 01:09 PM

I have a new WAP4410 that loses connection to our LAN after various amount of time.  It doesn't even have to be in use, it just stops responding.  My wireless clients are still connected to the AP, but no traffic gets past the access point.  Similarly wired clients cannot ping/connect to the wireless clients or AP.  The up time (or down time) is not consistent. If it does not come back 'online' in after a few minutes then I must power cycle the AP.  I have been through all the discussion threads here without any resolution.  Any help with this is appreciated.

Here is my network setup:  DFL-300 Router (DHCP Server/Firewall), Dell PowerConnect 2748 Web Managed Switch, and the WAP4410N.  The AP is set to B/G mixed mode, with two SSID's broadcasting.  Each uses WPA2-Personal Mixed security.  VLAN and MAC address control are disabled.  I currently have wireless web access enabled (so I can still access it while unresponsive).  It is hardware revision 12 with the latest firmware.

Labels:
0 Helpful
13 Replies 13

jestowe
Level 1
Level 1

‎09-09-2009 04:19 PM

It appears this may be a resolution in progress.  I would suggest following the conclusion of this thread: https://supportforums.cisco.com/thread/2018665#2018665

You mentioned you had the latest firmware, was it WAP4410N-fw-2.0.0.5-K9.img ?

Thanks.

0 Helpful

kjjump105
Level 1
Level 1

‎09-10-2009 05:14 AM

It came loaded to 2.0.0.5, but just to make sure there were not any diferences I downloaded WAP4410N-fw-2.0.0.5-K9 and installed it yesterday.  From the logs it looks like it was down for 2 minutes around 3AM last night.  It was up when I got in this mornining, and now it's down again.  This is extremely frustrating.

0 Helpful

gloomrider
Level 1
Level 1

‎09-12-2009 11:49 AM

Hi

The thread referenced hasn't had any new information posted.  Does Cisco believe this is fixed?

0 Helpful

kjjump105
Level 1
Level 1
In response to gloomrider

‎09-14-2009 05:22 AM

I certainly hope not, this is still an issue for me.

0 Helpful

streaves
Cisco Employee
Cisco Employee
In response to kjjump105

‎09-14-2009 11:15 AM

Hello KJ -- Thanks for the post. Can you please provide:

1. log file from your device and

2. verify the firmware version: 1.0.12 or 2.0.0.5?

Thanks,

--Stephanie

0 Helpful

kjjump105
Level 1
Level 1
In response to streaves

‎09-14-2009 11:27 AM

It is using firmware 2.0.0.5

Jan  1 00:00:13 kernel: [][00:21:6A:2D:BB:D0] SUBTYPE_AUTH
Jan  1 00:00:13 kernel: [PBS_WAP][00:21:6A:2D:BB:D0] Associated
Jan  1 00:00:13 hostapd: ptk update success
Jan  1 00:00:55 kernel: [][00:16:44:D2:43:91] SUBTYPE_AUTH
Jan  1 00:00:55 kernel: [PBS_WAP][00:16:44:D2:43:91] Associated
Jan  1 00:00:55 hostapd: ptk update success
Jan  1 00:02:38 kernel: [][00:21:6A:2D:BB:D0] SUBTYPE_AUTH
Jan  1 00:02:38 kernel: [PBS_WAP][00:21:6A:2D:BB:D0] Associated
Jan  1 00:02:41 kernel: [][00:21:6A:2D:BB:D0] SUBTYPE_AUTH
Jan  1 00:02:41 kernel: [PBS_WAP][00:21:6A:2D:BB:D0] Associated
Jan  1 00:02:42 hostapd: ptk update success
Jan  1 00:05:23 kernel: [PBS_WAP][00:21:6A:2D:BB:D0] Deauthenticated
Jan  1 00:05:43 kernel: [][00:21:6A:2D:BB:D0] SUBTYPE_AUTH
Jan  1 00:05:43 kernel: [PBS_WAP][00:21:6A:2D:BB:D0] Associated
Jan  1 00:05:43 hostapd: ptk update success
Sep 10 14:56:13 kernel: [PBS_WAP][00:21:6A:2D:BB:D0] Deauthenticated
Sep 10 14:56:53 Syslogd start up
Sep 10 15:14:35 kernel: [][00:23:08:74:4B:08] SUBTYPE_AUTH
Sep 10 15:14:35 kernel: [PBS_WAP][00:23:08:74:4B:08] Associated
Sep 10 15:14:35 hostapd: ptk update success
Sep 10 15:14:35 kernel: [PBS_WAP][00:23:08:74:4B:08] Deauthenticated
Sep 10 15:14:36 kernel: [][00:23:08:74:4B:08] SUBTYPE_AUTH
Sep 10 15:14:36 kernel: [PBS_WAP][00:23:08:74:4B:08] Associated
Sep 10 15:14:36 hostapd: ptk update success
Sep 10 15:16:47 kernel: [PBS_WAP][00:23:08:74:4B:08] Deauthenticated
Sep 10 15:16:48 kernel: [][00:23:08:74:4B:08] SUBTYPE_AUTH
Sep 10 15:16:48 kernel: [PBS_WAP][00:23:08:74:4B:08] Associated
Sep 10 15:16:48 hostapd: ptk update success
Sep 10 15:21:56 syslog: wlan0_isolation is change to 0
Sep 10 15:22:02 kernel: [][00:16:44:D2:43:91] SUBTYPE_AUTH
Sep 10 15:22:02 kernel: [PBS_WAP][00:16:44:D2:43:91] Associated
Sep 10 15:22:03 hostapd: ptk update success
Sep 10 15:22:07 kernel: [][00:23:08:74:4B:08] SUBTYPE_AUTH
Sep 10 15:22:07 kernel: [PBS_WAP][00:23:08:74:4B:08] Associated
Sep 10 15:22:07 hostapd: ptk update success
Sep 10 15:22:20 syslog: wlan0_isolation is change to 1
Sep 10 15:22:26 kernel: [][00:16:44:D2:43:91] SUBTYPE_AUTH
Sep 10 15:22:26 kernel: [PBS_WAP][00:16:44:D2:43:91] Associated
Sep 10 15:22:26 kernel: [][00:23:08:74:4B:08] SUBTYPE_AUTH
Sep 10 15:22:26 kernel: [PBS_WAP][00:23:08:74:4B:08] Associated
Sep 10 15:22:27 hostapd: ptk update success
Sep 10 15:22:27 hostapd: ptk update success
Sep 10 15:26:40 kernel: [PBS_WAP][00:23:08:74:4B:08] Deauthenticated
Sep 10 15:26:41 kernel: [][00:23:08:74:4B:08] SUBTYPE_AUTH
Sep 10 15:26:41 kernel: [PBS_WAP][00:23:08:74:4B:08] Associated
Sep 10 15:26:41 hostapd: ptk update success
Sep 10 15:26:48 kernel: [PBS_WAP][00:23:08:74:4B:08] Deauthenticated
Sep 10 15:26:49 kernel: [][00:23:08:74:4B:08] SUBTYPE_AUTH
Sep 10 15:26:49 kernel: [PBS_WAP][00:23:08:74:4B:08] Associated
Sep 10 15:26:49 hostapd: ptk update success
Sep 11 08:05:22 kernel: [][00:21:6A:2D:4E:64] SUBTYPE_AUTH
Sep 11 08:05:22 kernel: [PBS_WAP][00:21:6A:2D:4E:64] Associated
Sep 11 08:05:22 hostapd: ptk update success
Sep 11 09:07:55 kernel: [][00:21:6A:2D:BB:D0] SUBTYPE_AUTH
Sep 11 09:07:55 kernel: [PBS_WAP][00:21:6A:2D:BB:D0] Associated
Sep 11 09:07:55 hostapd: ptk update success
Sep 11 09:07:56 kernel: [PBS_WAP][00:21:6A:2D:BB:D0] Deauthenticated
Sep 11 10:11:54 kernel: [PBS_WAP][00:21:6A:2D:4E:64] Deauthenticated
Sep 11 14:59:40 kernel: [][00:23:08:74:4B:08] SUBTYPE_AUTH
Sep 11 14:59:40 kernel: [PBS_WAP][00:23:08:74:4B:08] Associated
Sep 11 14:59:40 hostapd: ptk update success
Sep 11 14:59:42 kernel: [PBS_WAP][00:23:08:74:4B:08] Deauthenticated
Sep 11 14:59:43 kernel: [][00:23:08:74:4B:08] SUBTYPE_AUTH
Sep 11 14:59:43 kernel: [PBS_WAP][00:23:08:74:4B:08] Associated
Sep 11 14:59:43 hostapd: ptk update success
Sep 13 23:08:10 kernel: [][00:16:44:D2:43:91] SUBTYPE_AUTH
Sep 13 23:08:10 kernel: [PBS_WAP][00:16:44:D2:43:91] Associated
Sep 13 23:08:10 kernel: [PBS_WAP][00:16:44:D2:43:91] Deauthenticated

0 Helpful

wichilds
Level 4
Level 4
In response to kjjump105

‎09-15-2009 12:12 AM

kj

I was just curious to know how secure your wireless password was, and what encryption method you are using. This looks like the type of attack a wireless hacker would use to capture the WPA/WPA2 handshake to run a bruteforce attack on it. I know of software that can do this (I have successfully done it myself for password testing purposes) and then run a dictionary attack on the handshake. It does this by knocking clients off the wireless network (sending deauth packets to the AP or the client directly) and then capturing the handshake when the client continues to use the AP. A dictionary attack ensues and eventually the password is cracked.

Only the most secure passwords will prevent this from happening. The only other way to mitigate this kind of attack is to no longer use TKIP and switch only to AES as there is currently not a way (yet that I know of) to crack AES. If your wireless clients do not support AES I would recommend upgrading the wireless cards/drivers. I am not sure whether this attack can actually shutdown an AP but if enough deauth packets are sent it would make the ap unusable for the clients.

Best of Luck,

Bill

0 Helpful

kjjump105
Level 1
Level 1
In response to wichilds

‎09-15-2009 06:24 AM

Bill,

Thanks for the reply.  I am currently using WPA2-Personal Mixed authentication, with a 25 character alphaneumaric key. We have a number of older laptops that currently do not support WPA2/AES, so I will look into updating their drivers.  Our office is in rural Indiana with closest building (not part of our offices) at least a quarter mile away.  If I understand this type of attack correctly wouldn't the hacker need to be close enough to use the wireless signal?

Would this type of attack also prevent me from logging into the web setup utility from a wired computer (or for that matter prevent me from pinging it)?

0 Helpful

gloomrider
Level 1
Level 1
In response to wichilds

‎09-15-2009 06:33 AM

While one way to interpret that log output is a "de-auth" attack, another is hardware/software bug.  The problem with clients losing connectivity to the WAP4410N is widely reported.  I suspect many AP users would take issue with the explanation that they're simply under attack and there's nothing wrong with the access point.  The only way to really troubleshoot this is to temporarily substitute an AP from another vendor and see if the problem is resolved.  In my environment, the substitution absolutely fixed the problem.  It's unfortunate that Cisco can't or (I hope this isn't the case) won't bother to try and duplicate these problems in their lab environment(s).  If the dialog in this forum is the total of effort Cisco is putting in to resolving this issue, it's pretty safe to say it will never be fixed.

0 Helpful

wichilds
Level 4
Level 4
In response to gloomrider

‎09-15-2009 11:17 PM

The best way to get some resolution to this issue is to call the SBSC @ 1-866-606-1866 and open a case with the engineer. This will most likely result in doing some troubleshooting and the case being escalated. You should also point the engineer to the forum thread (this one) and have him/her note in the case everything that has been done. Then the escalation team can contact you and work on it from there. Make sure you have the serial number when you call.

Bill

0 Helpful

kjjump105
Level 1
Level 1
In response to wichilds

‎09-18-2009 05:24 AM

I've been doing some testing with the WAP4410N.  I took it home and have been using it there.  I have had no problems with it - 4 days now.  This leads me to believe our network could be causing the problem.  Any ideas?  Again our router (D-Link DFL300) handles our DHCP and firewall,  DNS is handled by our server(s) (DNS set up on 2 servers), and everything is attached to a Dell PowerConnect 2748 switch.  We also use Symantec Endpoint Protection.

0 Helpful

gloomrider
Level 1
Level 1
In response to kjjump105

‎09-18-2009 05:53 AM

I've seen similar behavior.  I narrowed it down to a laptop with Intel IPW 2200 and Windows XP.  Taking the machine out of the environment seemed to cause the WAP4410N to stay up much longer.  HOWEVER, swapping the WAP4410N with a Netgear WG302 enabled the laptop to happily coexist and the AP has been up for over 3 weeks and counting.

So yes, a client may be "causing" the problem, or you could say the WAP4410N has a problem that certain clients expose.

0 Helpful

kjjump105
Level 1
Level 1
In response to gloomrider

‎09-23-2009 06:47 AM

I believe I solved my problem.

I found an error in the DNS settings our DHCP was passing to clients, corrected that.  I also removed the DNS entries from the network section of the AP.  The WAP4410N has been up (at my office) since last Saturday, without any problems.

I hope this helps some of the people still having issues, and thanks to everyone in for their help.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents