1 ap in the room. 16 pcs. Just logging into the machines takes between 7-10 minutes per box. In other areas, it's much speedier by comparison.

Scott A. Jones, CCVP

IPLogic, Inc.

Sent from my iPhone

Hmmmm ... Somethings not right.

This particular WAP is connected on a FULL duplex link with the switch, right?

If you console into the WAP and do a "sh log", what output do you see?

I see the IDS engine detecting a replay attack about once a day, then it clears and the dot11radio0 resets. It’s full-duplex, 1Gb speed. One thing interesting yesterday—it reported the replay attack, but I was the only one in the building, trying to login to one of the PCs in question (the rest were logged off).

Check to see if the users are connecting to that ap or an ap nearby.  Is this the only dense area that you have issues with?

Great point—I did notice they all connect to that AP. There is one other area that had issues…a lab with about 2 dozen iMacs. Moved them to WPA2 security so that N would work, and they picked up a little bit. Eventually they hard-wired the lab, so that one went away. Tried that with the lab in question, issue still persists…

One thing I noticed though—on the show interface, there’s a really high number of unknown protocol drops on the gi 0 interface of the AP. Not sure if that could be related…

Can you post the show wlan

Just had a chance to jump in to the AP.  It doesn't recognize that command...i guess i should specify they're LWWAPs, so should i be running that command on the controller?

That command needs to be ran from the wlc CLI. The WLAN id is the SSID that is having the issues.

Sent from Cisco Technical Support iPhone App

Sorry about that! The joy of learning as you go…output is below

WLAN Identifier.................................. 2

Profile Name..................................... old HS wireless

Network Name (SSID).............................. HS-Wireless

Status........................................... Enabled

MAC Filtering.................................... Disabled

Broadcast SSID................................... Enabled

AAA Policy Override.............................. Disabled

Network Admission Control

Radius-NAC State............................... Disabled

SNMP-NAC State................................. Disabled

Quarantine VLAN................................ 0

Maximum number of Associated Clients............. 0

Number of Active Clients......................... 290

Exclusionlist Timeout............................ 60 seconds

Session Timeout.................................. 1800 seconds

CHD per WLAN..................................... Enabled

Webauth DHCP exclusion........................... Disabled

Interface........................................ old-hs-wireless

Multicast Interface.............................. Not Configured

More or (q)uit

WLAN ACL......................................... unconfigured

DHCP Server...................................... Default

DHCP Address Assignment Required................. Disabled

Static IP client tunneling....................... Disabled

Quality of Service............................... Silver (best effort)

Scan Defer Priority.............................. 4,5,6

Scan Defer Time.................................. 100 milliseconds

WMM.............................................. Allowed

WMM UAPSD Compliant Client Support............... Disabled

Media Stream Multicast-direct.................... Disabled

CCX - AironetIe Support.......................... Enabled

CCX - Gratuitous ProbeResponse (GPR)............. Disabled

CCX - Diagnostics Channel Capability............. Disabled

Dot11-Phone Mode (7920).......................... Disabled

Wired Protocol................................... None

IPv6 Support..................................... Disabled

Passive Client Feature........................... Disabled

Peer-to-Peer Blocking Action..................... Disabled

Radio Policy..................................... All

DTIM period for 802.11a radio.................... 1

DTIM period for 802.11b radio.................... 1

Radius Servers

Authentication................................ Global Servers

More or (q)uit

Accounting.................................... Global Servers

Dynamic Interface............................. Disabled

Local EAP Authentication......................... Disabled

Security

802.11 Authentication:........................ Open System

Static WEP Keys............................... Enabled

Key Index:...................................... 1

Encryption:..................................... 104-bit WEP

802.1X........................................ Disabled

Wi-Fi Protected Access (WPA/WPA2)............. Disabled

CKIP ......................................... Disabled

Web Based Authentication...................... Disabled

Web-Passthrough............................... Disabled

Conditional Web Redirect...................... Disabled

Splash-Page Web Redirect...................... Disabled

Auto Anchor................................... Disabled

H-REAP Local Switching........................ Disabled

H-REAP Local Authentication................... Disabled

H-REAP Learn IP Address....................... Enabled

Client MFP.................................... Optional but inactive (WPA2 not configured)

Tkip MIC Countermeasure Hold-down Timer....... 60

Call Snooping.................................... Disabled

More or (q)uit

Roamed Call Re-Anchor Policy..................... Disabled

SIP CAC Fail Send-486-Busy Policy................ Enabled

SIP CAC Fail Send Dis-Association Policy......... Disabled

Band Select...................................... Enabled

Load Balancing................................... Disabled

That’s a great tip for the a/n spectrum. I’ll do that. In the lab I’m having issues with though, it’s a bunch of PCs running b/g/n only adapters. The iMacs were a separate thing and have since been hard-wired, so they’re not so much of a problem anymore. Any thoughts on things I can tweak for the 2.4 GHz?

As far as the switch between WPA2 and WEP, the WEP is there to support machines that were moved in (they’ve only been in this building for around 3 weeks…). They won’t be able to switch things around until summer. I did try moving a couple of the PCs to the WPA2 test network, but with the same results…I wish I could test a/n but the cheap adapters prevent that.

Appreciate the help

SJ

That is okay.... You can still achieve up to 144mbps on the 2.4ghz. All you need is WPA2/AES and WMM enabled. The thing with WEP is that sometimes you can't use key #1. Maybe moving the WEP key to key #2 might help but you would need to change that on the devices also. If you have to make changes, its probably better to jut move those machines to WPA2.

Thanks,

Scott Fella

Sent from my iPhone

Ok. I’ll give it a shot and let you all know what happens. Thanks for the info.

SJ