Page 1 of 1

Unreliable wireless connections

Posted: Sun Feb 19, 2012 6:11 pm
by rickk
Hello,

I am the Assistant Clerk in the stake and also work closely with the STS group since I am a "computer guy" by trade. We have a situation in one of our buildings where we are seeing strange problems with the wireless and I hope someone here might have an idea of what we can try to fix it...

We have the 881 firewall connected to Centurylink DSL and the wired access seems to be very stable. In order to add wireless access (at the stake president's request), we purchased a couple of Cisco WAP4410N devices and have them connected to a netgear switch which provide PoE to them. The behavior that we see is that a device can connect to the wireless and will seem to be fine. Then if we try to stream a video or download a large file, the download will often stop and the device will go into a "searching for Wifi" mode and then reconnect to the wifi. It gets the same IP address and the transfer may or may not resume automatically. This makes it so none of our instructors can use the wireless in their classes and keeps me constantly making excuses for our internet... I have a Mac and have looked at the console logs and this is the common info that I see:

1/22/12 2:14:23 PM kernel Auth result for: d0:d0:fd:66:57:2f MAC AUTH succeeded
1/22/12 2:14:23 PM kernel AirPort: Link Up on en1
1/22/12 2:14:23 PM kernel com.deterministicnetworks.driver.dne: dne_event: Proto 0 interface en, event KEV_DL_LINK_ON
1/22/12 2:14:23 PM kernel com.deterministicnetworks.driver.dne: socket_event_callback: en1 link on
1/22/12 2:14:23 PM kernel AirPort: RSN handshake complete on en1
1/22/12 2:14:23 PM kernel com.deterministicnetworks.driver.dne: socket_event_callback: en1 change in IFF flags
1/22/12 2:14:23 PM kernel com.deterministicnetworks.driver.dne: socket_event_callback: en1 change in IFF flags
1/22/12 2:14:23 PM configd[14] network configuration changed.
1/22/12 2:14:23 PM mDNSResponder[9978] RegisterInterface: Frequent transitions for interface en1 (10.135.20.163)
1/22/12 2:14:24 PM ntpd[38] bind() fd 25, family 30, port 123, scope 6, addr fe80::6233:4bff:fe29:f919, in6_is_addr_multicast=0 flags=0x11 fails: Can't assign requested address
1/22/12 2:14:24 PM ntpd[38] unable to create socket on en1 (213) for fe80::6233:4bff:fe29:f919#123
1/22/12 2:14:26 PM mDNSResponder[9978] RegisterInterface: Frequent transitions for interface en1 (FE80:0000:0000:0000:6233:4BFF:FE29:F919)
1/22/12 2:14:54 PM kernel AirPort: Link Down on en1. Reason 4 (Disassociated due to inactivity).
1/22/12 2:14:54 PM kernel com.deterministicnetworks.driver.dne: dne_event: Proto 0 interface en, event KEV_DL_LINK_OFF
1/22/12 2:14:54 PM kernel com.deterministicnetworks.driver.dne: socket_event_callback: en1 link off
1/22/12 2:14:55 PM configd[14] network configuration changed.
1/22/12 2:14:55 PM mDNSResponder[9978] DeregisterInterface: Frequent transitions for interface en1 (FE80:0000:0000:0000:6233:4BFF:FE29:F919)

It kind of looks like there is something happening with the DNS, but I am not an expert in networking.

The WAPs are not set to serve DHCP addresses and the assigned addresses are all in the pool from the 881, so it seems that the basic addressing is not a problem. We have also looked at the number of devices that are active and we are not out of addresses. We have shut down one of the access points and just left a single one running (thinking maybe they were interfering with each other) and the single device has the same problem. We don't see any "outside" devices interfering (this building is in a rural location), so we are pretty much stumped. We have considered removing the 881W from the path as a test to see if somehow it is causing the problem, but we haven't done that yet (and would need to do it when the building is mostly empty and we would have minimal risk of access to inappropriate sites). Does anyone have any suggestions as to what might be the problem and how we can get things working reliably?

We are also considering whether to move to the 1041n access points but are a bit concerned about the cost and timing (since they have to come from the FM group). The access via LDS account login sounds good, but I am also concerned about not being able to shut off the wireless access during a stake conference webcast. I am reading on the forum about the 1041n WAP's but any additional thoughts on this system would be appreciated.

Thanks,
Rick Klaus

Posted: Sun Feb 19, 2012 6:43 pm
by rbeede
Official Church Headquarters (GSC) supported equipment is the Cisco 881W (I assume you meant W in your post before) and the 1041n wireless points. The GSC can remotely manage the configurations of both the firewall (881W) and the wireless AP as well as trouble shoot. This is helpful for years down the road when you are released and someone else has to maintain the network.

The FM Group is given budget to buy the official equipment. If you can you should return the Cisco WAP4410N unofficial devices you bought with stake funds and get official ones.

As for DNS issues the log seems to indicate ("kernel AirPort: Link Down on en1. Reason 4 (Disassociated due to inactivity).") disconnect due to loss of wireless connectivity. It also appears that IPv6 is enabled and might be causing issues.

Also note that if your DSL bridge/modem/router has wifi on it that could cause issues being close to other devices. Disable the wireless or replace the DSL bridge/modem/router with one (you can purchase for $50) that doesn't have wireless.

Posted: Sun Feb 19, 2012 7:01 pm
by rickk
Yes, I mean 881W. These AP's were purchased quite some time ago, so I doubt we can return them. We initially had problems that seemed to be the old firewall, so we waited until we got the new firewall installed. The original problems went away, but the new reliability issue cropped up.

I have seen the message about disconnected due to inactivity, but why am I seeing that when I am in the middle of very actively using the wireless? I really doubt that it is a configuration issue of this Mac, because the same thing happens with PC's, iPads, iPhones, etc. And these machines have no problems connecting to wireless networks in other locations - they only have this problem at the church building. We have wifi disabled on the DSL modem and we tried to get the GSC to disable the wireless on the 881W, but they wouldn't do it. We didn't install the antennas on it, so it shouldn't be a problem for the AP at the other end of the building. When I disconnected the AP next to the 881W and then went down next to the other AP (stumbler doesn't even see LDS Access from there), we still have the problem.

The remote troubleshooting is one of the benefits of going with the church system. However, I still don't understand why what we have in place should be unreliable. Just because it isn't the "church system" doesn't mean it is bound to fail. :-) The FM group is given budget, but they already have their plans in place for 2012, so it could be a full year before we could get the official system installed. I would like to have functioning wireless until we are able to transition to the new system (assuming we decide it is the best course to take).

Rick

Posted: Sun Feb 19, 2012 7:03 pm
by harddrive
rbeede, I totally agree with you. I believe that IPv6 is the default protocol on this WAP. I would suggest that you get into the WAP and shut down the IPv6 address or on your MAC and try running only IPv4 and see if that solves the issue.

Posted: Sun Feb 19, 2012 7:10 pm
by rickk
Do you meant the factory default or the default based on my log entries? I thought that I saw IPv6 turned off on the WAP when I was looking at it today, but I will double check that next time I am at the building. Thanks for that suggestion...

Posted: Sun Feb 19, 2012 8:10 pm
by rbeede
rickk wrote:Do you meant the factory default or the default based on my log entries? I thought that I saw IPv6 turned off on the WAP when I was looking at it today, but I will double check that next time I am at the building. Thanks for that suggestion...


The log you posted showed IPv6 entries and activity. I assume you've installed the latest firmware on the device.

Posted: Sat Mar 24, 2012 9:13 pm
by john84601
rickk wrote:The access via LDS account login sounds good, but I am also concerned about not being able to shut off the wireless access during a stake conference webcast.
You could do it the old fashioned way... and unplug them during Stake Conference. We're trying to get new equipment approved by the FM group... and my plan is to change the wireless password right before each stake conference. (If that doesn't work... I'll unplug them as well.)

Posted: Sat Mar 24, 2012 9:28 pm
by rbeede
john84601 wrote:You could do it the old fashioned way... and unplug them during Stake Conference. We're trying to get new equipment approved by the FM group... and my plan is to change the wireless password right before each stake conference. (If that doesn't work... I'll unplug them as well.)

The newer 801W and 1041N that are managed by CHQ GSC don't provide a way for you to easily change the wireless password. Your better off with your current wireless equipment if you want that method.

Unplugging the 801W isn't an options since that cuts off wired access too. Unhooking the antennas usually cuts the range down although inconvenient.

Posted: Sat Mar 24, 2012 9:38 pm
by jdlessley
rbeede wrote:The newer 801W...
A minor correction but the Church provided device is the Cisco 881W. The 801 is entirely different and is only an IDSL router.