Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco 1250 Autonomous WPA2 issue

Hello,

I’m in the process of converting a wireless mobile DVR system from WEP to WPA2. The clients have static IP addresses assigned. With the current configuration, when the DVR comes into wireless range of our access point – it authenticates with WEP and a video server automatically connects and downloads video from the DVR. When the DVR leaves the wireless range it continues to record and will upload again once it’s back in range. Using WEP this configuration/setup has been working with no issues.

When I converted a DVR unit and Access Point to WPA2, they authenticate fine and upload video as it should initially – however after it leaves the wireless range and comes back in – it re-authenticates with the access point (shows up in the Associated Clients w/ IP address etc), however isn’t accessible by anything on that subnet. If I make any change on the access point (doesn’t matter what, just have to update something) and apply it – the unit is then accessible over the network.

Has this happened to any of you? I’m baffled and cannot figure out why it’s pingable when it’s first authenticated, however after it leaves range and comes back, re-authenticates, it’s not pingable until I apply any change the AP.

The clients are a hardcoded – embedded software on the DVR themselves.

Any help would be greatly appreciated.

Pete

5 REPLIES

Cisco 1250 Autonomous WPA2 issue

Pete,

Can you post a config and show ver?

Justin

New Member

Cisco 1250 Autonomous WPA2 issue

Hi Justin

Please see below -

hostname AP2
!
enable secret 5 $1$Veg4$GXod1EInNvbF7QiJKODTm1
!
no aaa new-model
!
!
!
dot11 ssid DVRWIFI
   authentication open
   authentication key-management wpa version 2
   wpa-psk ascii 7 12180416135A5D557B
!
dot11 network-map
power inline negotiation prestandard source
!
!
username Cisco password 7 14341B180F0B
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
speed  24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio1
no ip address
no ip route-cache
!       
encryption mode ciphers aes-ccm
!
ssid DVRWIFI
!
dfs band 3 block
speed  basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex full
speed 1000
no keepalive
bridge-group 1
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
!
interface BVI1
ip address 172.16.16.102 255.255.255.0
no ip route-cache
!
ip default-gateway 172.16.16.254
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
logging 172.16.16.199
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
login local
!
end


Cisco IOS Software, C1250 Software (C1250-K9W7-M), Version 12.4(10b)JA1, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2008 by Cisco Systems, Inc.
Compiled Wed 30-Jan-08 12:04 by prod_rel_team

ROM: Bootstrap program is C1250 boot loader
BOOTLDR: C1250 Boot Loader (C1250-BOOT-M) Version 12.4(10b)JA, RELEASE SOFTWARE (fc2)

AP2 uptime is 1 year, 11 weeks, 4 days, 20 hours, 56 minutes
System returned to ROM by power-on
System image file is "flash:/c1250-k9w7-mx.124-10b.JA1/c1250-k9w7-mx.124-10b.JA1"


This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

http://www.cisco.com/wwl/export/crypto/tool/stqrg.htmlIf

If

you require further assistance please contact us by sending email to
export@cisco.com.

export@cisco.com.cisco

cisco

AIR-AP1252AG-A-K9    (PowerPC 8349) processor (revision A0) with 49142K/16384K bytes of memory.
Processor board ID FCW1225Z01S
PowerPC 8349 CPU at 533Mhz, revision number 0x0031
Last reset from power-on
1 Gigabit Ethernet interface
2 802.11 Radio(s)

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:21:D8:8A:4C:68
Part Number                          : 73-10425-05
PCA Assembly Number                  : 800-27630-05
PCA Revision Number                  : A0
PCB Serial Number                    : FOC12242TL4
Top Assembly Part Number             : 800-29039-02
Top Assembly Serial Number           : FCW1225Z01S
Top Revision Number                  : A0
Product/Model Number                 : AIR-AP1252AG-A-K9  

Configuration register is 0xF

Cisco 1250 Autonomous WPA2 issue

Pete:

Just like what Justin asked for, we need to find the config and the version to know how to proceed with this.

You used the term "reauthenticate" in technical term (802.11 re-authentication) or the verbal term (meaning it reauthenticates again after it was getting disconnected)? I think the latter is what you meant. right?

In my experience, I find devices with wireless cards (DVRs, printers, handheld scanners...etc) get problems wih APs that have 802.11n support when using WPA/WPA2 (either personal or enterprise). Most of the time I've seen it was a client issue which usually solved by a newer firmware that works fine with 802.11n. But usually if there is a clinet side problem then clients would not connect at all or they connect with a lot of problems.

Some quetsions please, does the DVR still have it's IP address when it goes outside the wireless coverage? or it releases it? (from DVR point of view)?

if you turn off DVR while it is out of coverage and turn it on again (while still out of coverage) and make it enter coverage one more time, will it work fine?

Thanks.

Amjad

Rating useful replies is more useful than saying "Thank you"
New Member

Cisco 1250 Autonomous WPA2 issue

Hi Amjad,

Reauthenticate might be the wrong word – re associate with the AP is what I mean.

The DVR has a static IP, so it keeps the IP address even after leaving the wireless coverage area. I’ve tested using DHCP and experienced the same problem.

If I turn the DVR off out of coverage and turn it back on, then enter coverage, it associates with the AP (showing full signal strength on the client and it shows as an associated client on the AP GUI), however I cannot ping the address. If I change a setting in the SSID manager or Encryption Manger tab that makes the radio reset on the AP and apply it, I can then ping the address.  Even if the change I make keeps the setting exactly the same, once I hit apply - the client is then pingable.

Cisco 1250 Autonomous WPA2 issue

Thanks Pete,

Sorry I forgot that you use static address. You mentioned this already in your first note.

Are there any other devices conneccted to this AP? Do they lose connectivity when this specific DVR come back to associate to the AP again?

re-associate and reauthenticate are misleading terms. just let us say the AP comes back to connect again.

You mentioned that you need to do some chagnes on AP so the coming-back AP can connect successfully.

Does this include any kind of changes? or only changes that make the radio to reset?

I suppose other client's connecting to same SSID are not affected by this DVR going out and in, right? they are still connecting without problem no matter what the DVR goes out and in (except for the part you do the change and apply on the AP). am I right?

I think if you do AP reset (shut/no shut for the dot11radio 0 inerface) this is going also to work. can you please check?

Your image version (12.4(10b)JA1) is considered a bit old. You better think of upgrading to any of latest releases to eliminate any bug issues. There is 12.4.25d-JA1 which is the latest. (Aug 2011).

btw, your current image released in Feb 2008.

You can consider look into the logs of the AP if there is anything useufl about what is going on during the problem.

If I am not going to upgrade I would also take some wireless sniffers to see what is going exactly on when the issue reproduced. But I think if upgrade is an option then this is the first step one should take.

HTH.

Amjad

Rating useful replies is more useful than saying "Thank you"
445
Views
0
Helpful
5
Replies
CreatePlease to create content