I have about eleventy-billion WET200 wireless bridges out at client sites, and I am having no end of compatibility issues.
With WET200 trying to talk to a ValuePoint MultiAP 700 or 770, I cannot associate at all, link quality stays at 0%. We had to buy another bridge solution for that site.
With WET200 trying to talk to a Routerboard AP, I associate just fine. Link quality is normal, both ends show I'm connected. However, I can't pass any non-broadcast traffic across the wireless link. I can sniff the network on the bridge, and I see STP from the remote end, I see Windows networking chatter, but I can't ping/SSH/HTTP or anything across that link. This problem is bidirectional. If I drop the network from WPA2/AES PSK to WPA1/TKIP PSK, it suddenly works just fine, except I get no DHCP leases across the link.
Is this just the most incompatible product ever? Or do you folks know some magical incantations that I do not? In both environments, multiple laptops with multiple radios can associate and pass traffic just fine. With the WET200, the *WET200* is the common denominator, and it just doesn't work.
I have tried firmware 1.0.9 and the latest (I believe 1.0.13 as of July 2009).
Thanks VERY MUCH for any help... If I cannot find a solution, I'm going to have to find a different bridge to roll out to clients.
Hello Benny ... and thanks for taking the time to post your issue in the Support Community.
A few questions regarding the setup of the ValuePoint MultiAP 700 & 770, specifically related to the operation modes:
I was not the engineer that configured the ValuePoints, but I think I can answer your questions...
They were configured as WDS bridges, as the original design called out for a wireless backbone. This was a miscommunication between the client and the wireless provider; the client actually already had a fiber backbone that the APs were to be connected to. I believe the WDS configuration was not removed.
Eleventy billion, yes. :) I think the most we have at a site is around 22 or 24, with two APs. At that site, the APs are Cisco 1242s, and they work great. The ValuePoint site mentioned above had seven APs spread out over an amusement park, with 24 bridges being called for. Because of the issues we saw, we had to remove the Cisco units and purchase other bridges. When we talked to the ValuePoint engineers, the conversation went a lot like this:
Them: "What wireless bridge are you using?"
Us: "Linksys WET200s."
Them: "Oh. Yeah, we wish you would have asked before deployment. They won't work. We've never had a customer get a WET200 talking to these APs."
The site I'm working on now (the one that won't pass traffic with WPA2/AES, and will pass traffic but not DHCP on WPA/TKIP) has a single Routerboard AP with 650mW radio, and will have a total of maybe a half dozen bridges.
There are no VLANs configured on the ValuePoint units. I'm sure the Routerboard AP *does* have VLANs, they have their network heavily VLANed. I don't know if they have DHCP available on all VLANs, but it certainly works when any of us use our laptops connecting to the same SSID (on both WPA2/AES and WPA/TKIP).
I very much appreciate any help you can give me! Thank you!
Hi Benny --
In short, the WET200 does not support WDS bridging. Although marketed as a "bridge", the WET200 only supports infrastructure and ad-hoc wireless modes. With the WET200 in infrastructure mode it acts the same as any wireless client when connecting to an AP and the Ethernet traffic is bridged over the wireless interface. In ad-hoc mode, multiple WET200's can be bridged together without the use of an AP.
Although we can't support the ValuePoint AP, you can try to remove any WDS configuration specific to the WET200 (e.g. it's MAC address) and allow the WET200 to connect as any normal infrastructure client would (e.g. like a laptop).
As for the trouble with the current site you're working on, I'd recommend testing connectivity between the Routerboard AP and WET200 without any security/encryption to eliminate any interoperability issues with security. If traffic passes we know there's a compatibility problem. If you know what wifi chipset the Routerboard AP has that will help us out a lot (hard to tell which end is the cause of the trouble).
Good luck and let me know if it helped.
Finally had a chance to get back to this site and work with it some more.
I have verified that WDS is *NOT* active at the site currently having issues.
If we revert the wireless network to WPA-Personal with TKIP encryption, it works fine (needed a default gateway on the bridge to get DHCP working). If we switch back to WPA2-Personal with AES (the only option on the WET200), it appears to associate but does not pass traffic.
Something interesting to note - the WET200 will show a good link quality in this scenario, but it is NOT associated. The other end (the Routerboard) does not show the WET200 connected as a client.
So, there is an incompatibility when using WPA2 with AES. I will try to find the chipset that this AP is using.
Thanks for all your help!
FYI, the wireless chipset on this board is an Atheros (AR5413).
I do have read-only access to this unit via Winbox, so if you have questions about the settings/etc, please let me know!
I am responding to your six-month old post, to see what you ended up doing, to remedy your WET200-related issues. I, too, have been quite disappointed with Cisco's lack of a firmware update. It is unacceptable to not fix this WPA2-related issue and to have the last firmware update dated July of 2008. So, I am curious to know what you ended up doing. Did you go with another product/vendor?
Thanks for the information and I hope things worked out well on your end.
The issue just isn't related to non-Cisco AP's, it also include's Cisco AP's.
I could not figure out why the WET200 would not pass traffic in either direction until I found this post.
I upgraded the firmware to 1.0.13, only to find the device software is now LinkSys branded.
Within minutes of changing from WPA2/AES to WPA/TKIP it started working.
This is unacceptable.
Does anyone have any recommendations for a similar device, that works as it should or as advertised ?
I have been attempting to communicate with Cisco, regarding the firmware flaws of version 1.0.13. I am stunned by the responses I have been receiving. Some have been helpful, such as the Cisco Product Security Incident Response Team (PSIRT); although, they simply point me in a different direction. I have been "communiating" with Cisco's Technical Assistance Center (TAC) (firstname.lastname@example.org). Responses from TAC indicate they are not even reading my emails, which describe the issues, in detail. Their responses go in a totally unrelated direction, indicating that my messsages imply that I cannot download firmware version 1.0.13; although, my emails specify that I have been using 1.0.13 for over 1.5 years. Then, TAC suggests that I may need to purchase additional access rights, in order to download firmware version 1.0.13, when, as I have already stated to them, I have already been using firmware version 1.0.13 for over 1.5 years! How can such a corporation continue to exist in this manner??? Does anyone have the CEO's email address? I think we should start communicating our WET200-related issues to him, since the "proper channels" are not getting us anywhere.
Do others have any thoughts?
After posting my last comment, I did some further Googling and found other posts dating back to 2008 with similar issues.
I believe it was referrred to as a LinkSys WET200. I thought it was odd as part of the instructions that came with the 'Cisco' WET200 was to upgrade firmware.
The first thing I noticed was a displeasing LinkSys UI. My guess is each will pass the buck to the other.
The WET200 is a Cisco small Business product, covered by a three year hardware warranty not a traditional Cisco product usual 90 day warranty. Please accept my apologies for your obvious frustration, other folks have been confused by the different support offerings on Cisco Small Business products when compared to traditional Cisco products.
We have been messaging this out in numerous postings, and it's something we shall have to continue to do.
For your current and future reference support on Cisco Small Business products can be found at;
Thank you for your post and for your clarification on the different departments and support options. Unfortunately, I emailed TAC after I telephoned 1-866-606-1866 and was told that there was nothing they could do, as they did not know who was responsible for creating and maintaining the firmware for the WET200. Again, I am stunned by these responses. Is there not a flow chart on who is responsible for specific departments and functions within Cisco? Why is it nearly impossible (and so far has been impossible) to escalate a firmware-based issue to the firmware development team, to bring attention to such flaws and to get a new firmware release, especially since these flaws have been known since 2008? How is this acceptable within any organization, especially an organization the size and scope of Cisco, a corporation who prides itself on being an industry leader? It goes without saying that Cisco's response to this incident is abysmal.
Again, as I have asked others at Cisco, what can we do, together, you and I, to escalate this issue with the firmware development team, to speed up the publishing of a new firmware release for the WET200, one that fixes these known issues (i.e., WPA2 and DHCP issues)? I hope you have a solution and/or can point me to someone who does. Thank you, Dave.
Please contact me at the Cisco Small Business Support Center at 1-866-606-1866. I would like to discuss your requests for new firmware for the WET 200.
I apologize for my late response; however, I wanted to follow up with everyone. While it took far too long for Cisco to release a new firmware version for the Cisco/Linksys WET200, I am extremely happy and grateful that the latest firmware, version 184.108.40.206, appears to have fixed my issues. Certainly, my WPA2-based issues have been resolved. I want to express my appreciation to everyone involved, who assisted in getting this new firmware version released. This was an extremely frustrating and reputation-harming (for Cisco) experience and I am extremely happy to have it behind me. Thank you, everyone.