Wireless Network Query

D'Agger

I've had one or two threads here regarding the setting up of a work Wireless network, since then I've setup the following:

- Wireless Routers/Access Points (Cisco WRT160NL Routers) located across 3 sites, all with their own (internet) IPs on a range dedicated for the WAPs i.e. WAP1 is 192.168.5.1, WAP2 is 192.168.5.2 etc. However the IP address of the WAPs are all the same - 192.168.10.1 - with each WAP giving out addresses on the .10 range to devices connecting to them

- All routers have the same SSID, security etc. creating one large network across the 3 sites

- The access points have different channels

- They tie into a Radius configuation on our Domain controllers that request Active Directory authentication when you attempt to connect to the wireless network. If you're not a member of an AD security group, then you won't be able to access


The network has been working fine but one issue has been popping up every now and again and I'm not sure how to resolve it. This issue is as follows:


Every now and again, the network will go down - I mean, my phone won't connect to the network, I go into wireless settings and it shows that I am connected to the network, I'm not picking up an IP address, I will pick up a 169 address, if I forget the network and try to connect again, it will ask me for the AD authentication however it will fail to connect to the network

From troubleshooting it, nothing seemed wrong with the routers, the Radius config etc. what works as a quick fix, is simply changing the SSID from 'WirelessNetwork' to 'WirelessNetwork2' and then changing it back again sees normal service resume

So it goes from not working, to changing the SSID on one of the WAPs to something else, then changing it back again and having the entire setup working as it was.

Would really appreciate any idea as per what I could do to stop this from occurring. It's not that frequent but at the same time I'll have management commenting that the wireless is down 'again' - you never want to hear something is down but the again word will really get me!

ZENER

Are the DHCP scopes on all 3 APs the same ? Is it possible that a client (your phone) that gets a lease on AP1 for say 192.168.10.9 then moves to another AP range and tries to maintain it's 10.9 address but it's already been leased to a different client causing an I.P. conflict. Changing the SSID (do you do this on all APs by the way ?) would cause the other connected clients to lose connectivity thus freeing up that IP for your phone ?

Completely guessing here, new to networking and still learning so like reading about these issues and trying (perhaps poorly) to figure out what's going on.

Ken

White Heart Loon

What, do you have 3 individual DHCP servers or are all DHCP requests being handled by the same device? It's best to have one and setup DHCP relaying

D'Agger

ZENER wrote: »

Are the DHCP scopes on all 3 APs the same ? Is it possible that a client (your phone) that gets a lease on AP1 for say 192.168.10.9 then moves to another AP range and tries to maintain it's 10.9 address but it's already been leased to a different client causing an I.P. conflict. Changing the SSID (do you do this on all APs by the way ?) would cause the other connected clients to lose connectivity thus freeing up that IP for your phone ?

Completely guessing here, new to networking and still learning so like reading about these issues and trying (perhaps poorly) to figure out what's going on.

Ken

They are, yes. I would have thought that you'd get individual IP conflicts if that was the case. Additionally, with all of the APs acting as a unified network, I wouldn't have thought it possible for the APs to push out the same IPs....although it is possible I guess.

I'll test what you've mentioned by changing the DHCP ranges on the individual APs

So AP1 will be 10.1-50
AP2 will be 51-100 etc. etc.

Hopefully that'll resolve it

I'm new to networking myself, I've done a CCNA prep course but from a working environment point of view, this would be my introduction to setting up and maintaining network solutions.

White Heart Loon

D'Agger wrote: »

They are, yes. I would have thought that you'd get individual IP conflicts if that was the case. Additionally, with all of the APs acting as a unified network, I would have thought it possible for the APs to push out the same IPs....although it is possible I guess.

I'll test what you've mentioned by changing the DHCP ranges on the individual APs

So AP1 will be 10.1-50
AP2 will be 51-100 etc. etc.

Hopefully that'll resolve it

I'm new to networking myself, I've done a CCNA prep course but from a working environment point of view, this would be my introduction to setting up and maintaining network solutions.

There's your problem, you have more than one device answering when devices ask for DHCP, do what I suggested above

D'Agger

White Heart Loon wrote: »

What, do you have 3 individual DHCP servers or are all DHCP requests being handled by the same device? It's best to have one and setup DHCP relaying

This is most likely it - as I said above - if the APs are pushing out DHCP addresses on the same range would that not simply cause IP conflicts which would show on Laptops etc.

I'll look to setup one as the main DCHP server and setup the relaying as you've said

D'Agger

White Heart Loon wrote: »

There's your problem, you have more than one device answering when devices ask for DHCP, do what I suggested above

Perfect, cheers for the advice lads, much appreciated!

White Heart Loon

D'Agger wrote: »

This is most likely it - as I said above - if the APs are pushing out DHCP addresses on the same range would that not simply cause IP conflicts which would show on Laptops etc.

I'll look to setup one as the main DCHP server and setup the relaying as you've said

Not if the DHCP servers were using different pools, but it would cause major issues when the lease runs out. A device looking for a DHCP lease sends it as a broadcast (as they have not got an IP) so it goes to every single device and therefore goes to all DHCP servers

D'Agger

White Heart Loon wrote: »

Not if the DHCP servers were using different pools, but it would cause major issues when the lease runs out. A device looking for a DHCP lease sends it as a broadcast (as they have not got an IP) so it goes to every single device and therefore goes to all DHCP servers

Ahhhh....explains why they would all go down across multiple sites I guess.

Thanks again

ZENER

White Heart Loon wrote: »

Not if the DHCP servers were using different pools, but it would cause major issues when the lease runs out. A device looking for a DHCP lease sends it as a broadcast (as they have not got an IP) so it goes to every single device and therefore goes to all DHCP servers

As mentioned above I'm in learning mode so this seems a typical problem someone might encounter during a typical working day so please forgive any dumb questions in advance.

When a client broadcasts a DHCP request it gets offered a lease by a DHCP server (unicast) which waits for the offer to be accepted, I get this bit. If there are multiple DHCP servers listening then isn't it the first one to respond that takes over the conversation based initially on MAC addresses ? If the other servers offer addresses then the client converses with the first respondent right ?

Another thing about this scenario that raises a question is that all the AP's have the same I.P. address, I know the addresses are routed but how would the clients on these APs react to this situation ?

Another thing that occurred to me is exactly what happens when the network "Goes Down". Is it just certain clients that loose connectivity (perhaps the ones with the same IP address as the phone or other mobile clients) or does everything on the network lose connection ? Or is the OPs phone losing connectivity and he's assuming everyone has lost it? - no offense OP.

Sorry for all the questions

Ken

D'Agger

ZENER wrote: »

Another thing that occurred to me is exactly what happens when the network "Goes Down". Is it just certain clients that loose connectivity (perhaps the ones with the same IP address as the phone or other mobile clients) or does everything on the network lose connection ? Or is the OPs phone losing connectivity and he's assuming everyone has lost it? - no offense OP.

Sorry for all the questions

Ken

When I say the network goes down - it's basically saying that devices which were connected are still showing as being connected, however their receiving 169 addresses meaning they've no internet connection.

This is across the board not just for a few devices, all devices won't have internet access on the wireless. If you disconnect from the network and try to connect again, then you're unable to connect to the network.

I would think that renaming one of the APs to a different SSID and then back again, basically removes a DHCP server and re-adds it allowing addresses to be pushed out once again?

I could be wrong in saying that however.

Cuddlesworth

ZENER wrote: »

When a client broadcasts a DHCP request it gets offered a lease by a DHCP server (unicast) which waits for the offer to be accepted, I get this bit. If there are multiple DHCP servers listening then isn't it the first one to respond that takes over the conversation based initially on MAC addresses ? If the other servers offer addresses then the client converses with the first respondent right ?

In that scenario yes. The first to answer wins the race.

In the OP's scenario, the AP's WAN address is .5, the clients are .10. I don't know how they are set up, but at a guess I would say they are operating in a standard wifi router mode, so in reality there is only 1 DHCP server on the subnet.

ZENER wrote: »

Another thing about this scenario that raises a question is that all the AP's have the same I.P. address, I know the addresses are routed but how would the clients on these APs react to this situation ?

Same subnet and same gateway IP for each, different IP on the backbone(.5).

ZENER wrote: »

Another thing that occurred to me is exactly what happens when the network "Goes Down". Is it just certain clients that loose connectivity (perhaps the ones with the same IP address as the phone or other mobile clients) or does everything on the network lose connection ? Or is the OPs phone losing connectivity and he's assuming everyone has lost it? - no offense OP.

Again guessing here, but from experience Mobile devices and other hardware that isn't a windows laptop tend to do wireless quite badly. I would assume that there is a obvious issue with the phones swapping between points and failing to get a new IP. You would need a better look at the configuration and maybe a packet sniff to figure out what was actually happening.



OP, its been a while since I looked at wi-fi properly but you set-up isn't great for a work environment. You would really want the AP's acting as layer two only with a wifi controller as both authentication, security, DHCP relay and a gateway out of the wireless network.

D'Agger

Cuddlesworth wrote: »

OP, its been a while since I looked at wi-fi properly but you set-up isn't great for a work environment. You would really want the AP's acting as layer two only with a wifi controller as both authentication, security, DHCP relay and a gateway out of the wireless network.

Oh I'll admit it's not great - the idea was to just get something that works in the short term and look to build it from there into a more sustainable wireless network that we could simply extend onto other sites of ours.

This is all part of the learning for me, I've obviously not set it up well, so hopefully making the changes you've discussed should see it come along nicely

Time will tell!

Cuddlesworth

Thinking about it, best thing you could do right now is create a new vlan across your switched infrastructure, put the three WRT devices on it, with most features turned off, DHCP, firewall, NAT. Basically turn them into Layer 2 AP's with 801.x auth turned on. Then add a new subnet and Gateway on your router with a DHCP relay back to whatever is actually supplying DHCP for your network. Then reserve IP's on the devices for management or if they can do VLAN's themselves, create a secondary VLAN for management.

gctest50

Nothing like lots of users to show up iffy Wifi gear

- they ( or just one of them ) could be doing all sorts
- maybe changing the ssid is just rebooting it and giving it the kick it needs.

OpenWRT might "do" AD auth etc -

http://wiki.openwrt.org/toh/linksys/wrt160nl



http://www.amazon.com/review/R1MOE6ZAPBFEAP/ref=cm_cr_quotes_dprb_0/180-5811711-0403925?ie=UTF8&ASIN=B0028N6VLE&nodeID=172282&store=electronics

White Heart Loon

gctest50 wrote: »

Nothing like lots of users to show up iffy Wifi gear

- they ( or just one of them ) could be doing all sorts
- maybe changing the ssid is just rebooting it and giving it the kick it needs.

OpenWRT might "do" AD auth etc -

http://wiki.openwrt.org/toh/linksys/wrt160nl



http://www.amazon.com/review/R1MOE6ZAPBFEAP/ref=cm_cr_quotes_dprb_0/180-5811711-0403925?ie=UTF8&ASIN=B0028N6VLE&nodeID=172282&store=electronics

There's most likely nothing wrong with the gear, it's the way they were configured. They should be configured for layer 2 access with a better device handling DHCP

gctest50

Lots of gear is just scrap

- doesn't matter whose name is on it
- worse it won't have the decency to just melt down and die but will drag on and kind-of work

I presume there is a good reason why these are a bit more that $100 :

http://www.tribecaexpress.com/cisco-aironet-3600e-series-indoor-access-point-air-cap3602e-a-k9.htm

and i presume there is a good reason why cisco spent 1.2 billion dollars buying meraki


This is what you need to avoid

D'Agger wrote: »

- you never want to hear something is down but the again word will really get me!

White Heart Loon

gctest50 wrote: »

Lots of gear is just scrap

- doesn't matter whose name is on it
- worse it won't have the decency to just melt down and die but will drag on and kind-of work

I presume there is a good reason why these are a bit more that $100 :

http://www.tribecaexpress.com/cisco-aironet-3600e-series-indoor-access-point-air-cap3602e-a-k9.htm

and i presume there is a good reason why cisco spent 1.2 billion dollars buying meraki


This is what you need to avoid

My experience is that Cisco make shíte (overpriced) wireless gear, no point in paying over the odds. Cisco is all about vendor lock in. Ubiquiti and Mikrotik is what I'd recommend if you want something powerful and affordable. I don't recommend Cisco Linksys (Linksys went downhill when Cisco bought them), but they usually work ok, the hardware is fine and they become even better if they have a better firmware like DD-WRT, OpenWRT or Tomato.