WAP2000/WAP200 Blackberry Storm 2 ARP Broadcast Issue

Unanswered Question
Aug 24th, 2010
User Badges:

My Blackberry Storm 2 is able to connect via Wi-Fi (WPA2-Mixed) to either the WAP200/WAP2000 but it is then unable to connect to the Blackberry Enterprise Services (BES).  If I replace the WAP200 & WAP2000 with a WAP54G it connects to the WAP easily and establishes a connect to BES easily.


I used an ethernet pack analyer to look at the traffic from the two WAP's (2000/200) and saw that the Cisco ASA-5505 (The router they are connected to) issue an ARP broadcast for the Storm 2's MAC address.  The Storm 2 does not respond and the broadcasts continue.  The same packet trace on the WAP54G shows the same ARP broadcast but with an associated response from the Storm 2.


I created a temporary work-around by adding a static ARP entry on the ASA-5505 (w/ arp-proxy enabled on the inside interface).  Now the Storm 2 connects easily to the WAP200/WAP2000, establishes a connection to the BES and allows full e-mail, browser, etc access on the Storm 2 via Wi-Fi.


It appears that the WAP200/WAP2000 is not forwarding ARP Broadcasts to the Wi-Fi connected Storm 2 or it is not returning the Storm 2's response.  Is this is setting issue on the WAP200/WAP2000 or is this a bug?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
wittregr Wed, 08/25/2010 - 11:16
User Badges:

Update:  Not sure why I didn't think about this sooner but I decided to look at a wider range of traffic from my two WAP's (WAP200 & WAP2000) to see if there were other ARP broadcast issues.  Sure enough I saw several identical to the Storm 2 but instead from two laptops and two IP security cameras.  It was then that I remembered my son had been complaining that his "laptop keeps disconecting" and one of the security cameras kept going "off-line".  I added their MAC addresses to the ASA-5505 static ARP table, setup proxy arp and now all those problems are now also gone.


So it is clear that this problem is wider than just the Storm 2...It was just to most sensitive!

greg.baughman Thu, 08/26/2010 - 07:42
User Badges:

Are you running the 2.0.0.5 firmware?


Have you tried downgrading it?

wittregr Fri, 08/27/2010 - 08:45
User Badges:

I am running 2.0.0.5.  I have not tried downgrading.  When you suggest downgrading do you mean back to 1.0.16 or to a 2.x.x.x version.  Only 2.0.0.5 and 1.0.16 are availale on the website.

greg.baughman Fri, 08/27/2010 - 14:04
User Badges:

wittregr: You had mentioned that you had forensics demonstrating the problem.  Could you PLEASE call the cisco TAC at 866-606-1866, open a case, send those forensics, and reference my case?


Cisco has said that they are unable to replicate the problem, and that without the forensics they have nothing to go on.


Thank you SO MUCH for doing this.

wittregr Sun, 08/29/2010 - 07:15
User Badges:

Greg...No problem but I am out of town for a week and will not have access to the equipment or the time until the end of this week.

greg.baughman Sun, 08/29/2010 - 13:32
User Badges:

A different router seems to have helped for now.


Sent from my iPhone

nguyenviettoac Sun, 08/29/2010 - 21:35
User Badges:

POST removed since content violated the terms and conditions of using the community.


Regards,

Cindy Toy

Cisco Small Business

Community Manager


wittregr Mon, 08/30/2010 - 08:29
User Badges:

Greg...Curious what router you had originally and what router you are now using.

  I assume you are still using the WAP2000?  I'm surprised that changing the ruter would fix the problem.  Nonetheless, it's another piece of data.

greg.baughman Mon, 08/30/2010 - 12:05
User Badges:

I was using a Zyxel VSG-1200 v2 in the hotel that had problems.


When I went out this weekend to install a bunch of WAP2000's at another hotel, I programmed up one and tested it first.  *THAT* hotel is using a ZyXel VSG-1200 (original).  I tried updating the firmware on the VSG-1200 v2 at the hotel with the problems, but the problems persisted.  So I dropped a ZyXel B-4000 into the hotel with the problems, and the problems went away.


I suppose now that I'll be told it's a problem with my router, and to take it up with ZyXel.


BUT... it is another piece of the puzzle.  I'd like to point out, however, that this router worked fine for the last couple of years with DLink DWL-2000's and DWL-2100's without any connectivity issues.


Anyway... both hotels are up at the moment... and now I need to figure out what I'm going to do with a $1500 router that the hotel paid for that is sitting there idle at the moment.


Or perhaps the new firmware that they are developing for the WAP2000's will fix the issues, and I can put the 1200 back in service.


OH... another piece of information.  Before switching out the router, I tried downgrading the firmware on one of the WAP2000's.... same issue.

nguyenviettoac Mon, 08/30/2010 - 18:22
User Badges:

Hi Viettoac Nguyen, /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}


Your POST has been removed since your content  violated the terms and conditions of using the community. Please do not post anymore sales ads about your company.  If you continue to use this place to advertise your services, you will lose your rights to post.


Regards,

Cindy  Toy

Cisco Small Business

Community Manager


mikael_lonnroth Thu, 11/11/2010 - 11:09
User Badges:

Cheers!


I'm having the same problems with some different laptops (Sony VAIO, Lenovo Z61m for example) and also did some packet sniffing which turned out the same results as you. The problem comes and goes though, sometimes the arps go through, sometimes not.


Did you dry it with the new firmware yet?


I just upgraded but the WAP2000 is at the office so I'll have to wait until tomorrow to hopefully find out that it's working properly now.


BR,
Mikael

mikael_lonnroth Thu, 11/11/2010 - 22:55
User Badges:

Newest firmware (2.0.3.4 ? not sure about the version) didn't help.


I now had two packet sniffers logging arp packets, one on the laptop, the other on a server that I was trying to reach.


Mostly everything works ok, ie when I ping the server from the laptop the "arp who-has" packets go in both directions and everything is ok.


The problem seems to be happening sometimes randomly when the LAN-side (server) ARP entry becomes stale and the server tries to query it again, this "arp who-has" packet looking for the IP of my laptop never reaches the laptop although the layer 3 traffic works fine.


So when the error occurs heres the traffic going on:


- L3 ICMP packets FROM laptop over WLAN reach server on LAN

- ARP packets FROM server on LAN TO laptop are lost in space (so no ICMP reply even tried although I'm pretty sure it would work)


Additionally, if I remember correctly, just deleting the server address from the laptop's ARP cache (ie forcing the laptop to send a arp who-has to the server) WILL reach the server as well as magically open the gates also in the other direction so the server's arp who-has will then reach the laptop as well.


I just switched from WAP2000 to WAP54G to check whether we experience the same problems or it really is a WAP2000 issue.


We're using the WAP2000 with PoE if that makes any difference.


BR,

Mikael

wittregr Fri, 11/12/2010 - 07:06
User Badges:

Mikael,


You describe exactly what I was seeing with my packet trace. I did not have

a packet trace at the wireless end so all I knew was that ARP requests were

sent but the wireless device never responded (I didn't know if the ARP

request never arrived or the response never returned).


I use a WAP200 power by POE and a WAP2000 powered by POE. Both exhibited

the same behavior.


I have since upgraded the ASA-5505 firmware to 3.2.2, WAP2000 to 2.0.34 and

the Blackberry Storm II to 5.0.0.1015.


I no longer have the problem and was able to eliminate the static ARP table

on the ASA-5505.


Unfortunately, I did not methodically replace one component at a time and

then try without the static ARP mapping so I don't know which fix finally

worked.


-- Gerhard



On Fri, Nov 12, 2010 at 1:56 AM, mikael_lonnroth <

greg.baughman Fri, 11/12/2010 - 09:37
User Badges:

Well, I would like to put the VSG-1200v2 back inline... it gives me a lot more ability to do bandwidth shaping and so forth... but obviously until I know if the new firmware for the WAP2000 solves the ARP problem, I'm not going to risk it.


The problem is still there... I've just been sitting by waiting for a solution.


--G

mikael_lonnroth Fri, 11/12/2010 - 10:23
User Badges:

Yes. The newest firmware did not solve the issue. I've tried this with two different switches as well and same result.


After replacing the WAP2000 with a WAP54G nobody has experienced the ARP problem so I'm assuming the problem is with WAP2000.


If someone from Cisco is reading this here's the exact specs of our setup:


LAN-side SERVER: Windows 2008 R2 with "Intel(R) PRO/1000 EB Network Connection with I/O Acceleration" adapter

Switch: HP ProCurve E2510G-48

WLAN: WAP2000 with 2.0.3.4 firmware

Laptop: Lenovo Z61m with "Intel(R) PRO/Wireless 3945ABG Network Connection"


I've included a picture of a Wireshark dump of an ARP packet that didn't get through from the server to the laptop but there is (to wireshark) no difference between those that get through and those that don't.


BR,

Mikael

greg.baughman Thu, 07/28/2011 - 06:08
User Badges:

Nope.  The resulution was to replace all of the WAP2000's with WAP4410's.


Now, the WAP4410's have "WPS" turned on, and I have to figure out how to turn it off... because it asks about 1 in 40 people for a password.


Evidently, on the 4410's, WPS is turned OFF, until you change the SSID or the IP address, at which point it magically turns itself ON, and then you can't easily turn it off again.


I'm going to have to make a trip out there this weekend, upgrade the firmware, then log on using SSH and turn it off in the command line.


What a pain.

mkomar-sr Thu, 07/28/2011 - 08:35
User Badges:

That is very disappointing and unfortunate. I've got a number of these deployed and am seeing similar problems. The release notes for the firmware reference a 2.0.5.0 which was released this month ... However, the latest firmware for download remains 2.0.4.0 which was released in Feb.


How can this problem be so well documented for so long yet remain unsolved?

greg.baughman Mon, 08/15/2011 - 14:36
User Badges:

Well, I saw a note that the 2.0.5.0 firmware was released... there was a link on another thread.


I'd be curious to know if that firmware solves the ARP issues (I still have another hotel with 8 of the WAP2000's installed, but a different router that isn't having the ARP issues).


For those who want to know;


The 4410's are working, however there's a little "glitch" in the UI / firmware regarding WPS (Wireless Protected Setup).


By default, WPS is turned off on the access point.  However, as soon as you give it a static IP or change the SSID, it magically turns itself on.


First, make sure you're running the latest firmware.  This ONLY works on firmware 2.0.3.3 or greater...


So, to turn it off, you have to enable SSH connection to the access point, then make a SSH connection to the AP and issue the following command:


set wps disable

save


... that will turn off WPS (you can verify in the web UI).

Cisci REALLY needs an enable/disable checkbox on the UI for WPS.

henrik.andersson Thu, 11/24/2011 - 00:16
User Badges:

Any update on this?


I have kind of the same problem, DNS information is not received via DHCP to clients. Related to ARP not functioning?

Currently running two WAP200 and one WAP2000 with the latest EU firmware. All affected clients do work well with other APs (home, hotel, cafe etc).

Actions

This Discussion

Related Content