Why would our APs stop broadcasting SSID and accepting associations? 1142n Aironet

donbrinkley · ‎10-29-2012

In my building, I have 15 1142n access points. They all seem to work fine (with this problem as the exception) and are autonomous. The problem isn't consistent, as it has only happened to a few of our APs so far. They work fine, then I’ll notice that a particular AP has 0 associations. I go check on it and see that it’s not an AP I can connect to (looking at the MAC I see the other APs around, but this particular AP is not offered as an option, even standing right under it). I can manage it just fine, ping it, etc, it seems “up”, just not offering out a connection. I reboot it and it works fine again, all of the sudden it’s now able to be connected to. This has happened on a few different APs across the floors, no rhyme or reason that I can find. They do all have the same IOS, but no luck so far finding others online having the same problem. Hoping that some of the more experienced people out here can give me a suggestion as what the problem may be.

Thanks in advance for your time.

Saravanan Lakshmanan · ‎10-29-2012

does the issue happens on both radios.

display - show log from affected and good APs.

use inssider and confirm SSID broadcast.

http://www.metageek.net/products/inssider/

Leo Laohoo · ‎10-29-2012

What IOS versions are the WAPs running on?

Stephen Rodriguez · ‎10-29-2012

when this happens again, cna you telnet/ssh in and pull

show controllers dot11radio 0

and

show controllers dot11radio 1

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

donbrinkley · ‎10-30-2012

Thanks for the response, everyone.

Saravanan - To clarify, Radio 0 (2.4Ghz) is down when it does this, the AP is up, and Radio 1 (5Ghz) looks to be up, but we use 2.4. I have used innsider with my test laptop and that's where I've seen (or better yet, not) the AP not offering out the SSID. After reboot, it's back up. But what causes it to go down...I have no idea.

Issuing the sh log command I see a device that has roamed to another area, as well as the point where Dot11 0 went down;

Oct 17 00:00:55.708: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset

Oct 17 00:00:56.708: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down

Leolaohoo - We are running Version 12.4(21a)JA1

Stephen - I actually haven't reset the AP yet just so I can use it for troubleshooting. Here's a sh controllers dott11 0 from the downed radio:

interface Dot11Radio0

Radio AIR-AP1140G, Base Address d4a0.2a99.8bc0, BBlock version 0.00, Software version 2.10.19

Serial number:

Number of supported simultaneous BSSID on Dot11Radio0: 16

Carrier Set: Americas (US) (-A)

Uniform Spreading Required: No

Configured Frequency: 2412 MHz Channel 1

Allowed Frequencies: 2412(1) 2417(2) 2422(3) 2427(4) 2432(5) 2437(6) 2442(7) 2447(8) 2452(9) 2457(10) 2462(11)

Listen Frequencies: 2412(1) 2417(2) 2422(3) 2427(4) 2432(5) 2437(6) 2442(7) 2447(8) 2452(9) 2457(10) 2462(11) 2467(12) 2472(13) 2484(14)

Beacon Flags: 1, Interface Flags 82010D; Beacons are enabled; Probes are enabled

Configured Power: 20 dBm

Active power levels by rate

1.0 to 11.0 , 19 dBm, changed due to regulatory maximum

6.0 to 18.0 , 16 dBm, changed due to regulatory maximum

24.0 to 24.0 , 14 dBm, changed due to regulatory maximum

36.0 to 48.0 , 13 dBm, changed due to regulatory maximum

54.0 to 54.0 , 11 dBm, changed due to regulatory maximum

6.0-bf to 18.0-b, 16 dBm, changed due to regulatory maximum

24.0-b to 24.0-b, 14 dBm, changed due to regulatory maximum

36.0-b to 48.0-b, 13 dBm, changed due to regulatory maximum

54.0-b to 54.0-b, 11 dBm, changed due to regulatory maximum

m0. to m3. , 14 dBm, changed due to regulatory maximum

m4. to m5. , 13 dBm, changed due to regulatory maximum

m6. to m6. , 11 dBm, changed due to regulatory maximum

m7. to m7. , 10 dBm, changed due to regulatory maximum

m8. to m11. , 14 dBm, changed due to regulatory maximum

m12. to m13. , 13 dBm, changed due to regulatory maximum

m14. to m14. , 11 dBm, changed due to regulatory maximum

m15. to m15. , 10 dBm, changed due to regulatory maximum

m0.-4 to m6.-4 , 11 dBm, changed due to regulatory maximum

m7.-4 to m7.-4 , 10 dBm, changed due to regulatory maximum

m8.-4 to m14.-4, 11 dBm, changed due to regulatory maximum

m15.-4 to m15.-4, 10 dBm, changed due to regulatory maximum

OffChnl Power: 20, Rate 1.0

Allowed Power Levels: -1 2 5 8 11 14 17 20

Allowed Client Power Levels: 2 5 8 11 14 17 20

Receive Antennas : right-a left-b middle-c

Transmit Antennas : right-a left-b, cck single, ofdm single

Antenna: internal, Gain: Allowed 8, Reported 0, Configured 0, In Use 8

Active Rates: basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5.m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.

Current Rates: basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5.m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.

Allowed Rates: 1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0

All Rates: 1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.

Default Rates: basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14.m15.

Best Range Rates: basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.

Best Throughput Rates: basic-1.0 basic-2.0 basic-5.5 basic-11.0 basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.

Current Voice Rates: basic-5.5 basic-11.0 6.0 12.0 24.0 [disabled until voice packet-discard enabled]

Default Voice Rates: basic-5.5 basic-11.0 6.0 12.0 24.0

Managment Rates: basic-11.0

Multicast Rates: basic-11.0

Data Rate Sensitivity (rate, SNR dB, Contention dBm)

( 1.0, 10, -93) ( 2.0, 10, -92) ( 5.5, 11, -90) (11.0, 14, -90)

( 6.0, 15, -89) ( 9.0, 16, -88) (12.0, 18, -88) (18.0, 19, -86)

(24.0, 20, -85) (36.0, 24, -81) (48.0, 27, -78) (54.0, 31, -77)

ERP settings: short slot time.

Neighbors in non-erp mode:

Thanks for the input, everyone!

Saravanan Lakshmanan · ‎10-30-2012

#just curious, are you using wpa-tkip and seeing countermeasure attack.

#does show tech shows anything odd.

#If you do shut, no shut on radio does it come back up.

#update the AP ios to latest - c1140-k9w7-tar.152-2.JA.tar, if that didn't fix it then better open tac case or RMA.

donbrinkley · ‎10-30-2012

Saravanan -

1.) We use AES CCMP / EAP. I'm not sure what you mean by countermeasure attacks. Care to expand on it a bit?

2.) Sh tech shows a lot of data, I haven't went through every line but here is the data on the radio that is down:

Dot11Radio0 is reset, line protocol is down

Hardware is 802.11N 2.4GHz Radio, address is d4a0.2a99.8bc0 (bia d4a0.2a99.8bc0)

MTU 1500 bytes, BW 54000 Kbit, DLY 1000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation 802.1Q Virtual LAN, Vlan ID 1., loopback not set

ARP type: ARPA, ARP Timeout 04:00:00

Last input 1w6d, output 00:00:00, output hang never

Last clearing of "show interface" counters never

Input queue: 0/1677/5/0 (size/max/drops/flushes); Total output drops: 785756

Queueing strategy: fifo

Output queue: 0/30 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

187284938 packets input, 986187019 bytes, 0 no buffer

Received 611980 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 input packets with dribble condition detected

27417750 packets output, 4258279884 bytes, 0 underruns

2762 output errors, 0 collisions, 12 interface resets

0 unknown protocol drops

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped out

3.) I do a shut/no shut and it shows the Software as Enabled, but Hardware is still down.

4.) I will go ahead and update the IOS and get back if/when it breaks. It doesn't happen all of the time but I'll keep an eye on it. If anyone has any other suggestions in the meantime, please let me know. Thanks.

George Stefanick · ‎10-30-2012

Can you post the show run ?

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________

donbrinkley · ‎10-30-2012

George-

Here you go, thanks for taking a look at it;

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname AP53

!

enable secret

!

aaa new-model

!

aaa group server radius rad_eap

server 10.10.4.126 auth-port 1645 acct-port 1646

!

aaa group server radius rad_mac

!

aaa group server radius rad_acct

!

aaa group server radius rad_admin

!

aaa group server tacacs+ tac_admin

!

aaa group server radius rad_pmip

!

aaa group server radius dummy

!

aaa group server radius Server1

server 10.10.4.126 auth-port 1645 acct-port 1646

!

aaa authentication login default group Server1 local

aaa authentication login eap_methods group rad_eap

aaa authentication login mac_methods local

aaa authorization exec default group Server1 local

aaa accounting network acct_methods start-stop group rad_acct

!

aaa session-id common

clock timezone CST -6

clock summer-time CST recurring

ip domain name Work

ip name-server 10.10.4.10

!

dot11 syslog

!

dot11 ssid Private

vlan 80

authentication open eap eap_methods

authentication key-management wpa version 2

mbssid guest-mode

!

dot11 ssid Public

vlan 70

authentication open

mbssid guest-mode

!

username admin password

!

ip ssh time-out 60

ip ssh version 2

bridge irb

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 80 mode ciphers aes-ccm

!

ssid Private

!

ssid Public

!

antenna gain 0

mbssid

speed basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.

channel 2412

station-role root

!

interface Dot11Radio0.70

encapsulation dot1Q 70

no ip route-cache

bridge-group 70

bridge-group 70 subscriber-loop-control

bridge-group 70 port-protected

bridge-group 70 block-unknown-source

no bridge-group 70 source-learning

no bridge-group 70 unicast-flooding

bridge-group 70 spanning-disabled

!

interface Dot11Radio0.80

encapsulation dot1Q 80 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.90

encapsulation dot1Q 90

no ip route-cache

bridge-group 90

bridge-group 90 subscriber-loop-control

bridge-group 90 block-unknown-source

no bridge-group 90 source-learning

no bridge-group 90 unicast-flooding

bridge-group 90 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

!

encryption vlan 80 mode ciphers aes-ccm

!

ssid Private

!

ssid Public

!

antenna gain 0

dfs band 3 block

mbssid

speed basic-9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15.

channel dfs

station-role root

!

interface Dot11Radio1.70

encapsulation dot1Q 70

no ip route-cache

bridge-group 70

bridge-group 70 subscriber-loop-control

bridge-group 70 port-protected

bridge-group 70 block-unknown-source

no bridge-group 70 source-learning

no bridge-group 70 unicast-flooding

bridge-group 70 spanning-disabled

!

interface Dot11Radio1.80

encapsulation dot1Q 80 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1.90

encapsulation dot1Q 90

no ip route-cache

bridge-group 90

bridge-group 90 subscriber-loop-control

bridge-group 90 block-unknown-source

no bridge-group 90 source-learning

no bridge-group 90 unicast-flooding

bridge-group 90 spanning-disabled

!

interface GigabitEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

no keepalive

!

interface GigabitEthernet0.70

encapsulation dot1Q 70

no ip route-cache

bridge-group 70

no bridge-group 70 source-learning

bridge-group 70 spanning-disabled

!

interface GigabitEthernet0.80

encapsulation dot1Q 80 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0.90

encapsulation dot1Q 90

no ip route-cache

bridge-group 90

no bridge-group 90 source-learning

bridge-group 90 spanning-disabled

!

interface BVI1

ip address 10.70.8.27 255.255.255.0

no ip route-cache

!

ip default-gateway 10.70.8.1

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

ip radius source-interface BVI1

radius-server attribute 32 include-in-access-req format %h

radius-server host 10.10.4.126 auth-port 1645 acct-port 1646

radius-server key

radius-server vsa send accounting

bridge 1 route ip

!

banner exec ^Do not attempt to log onto this network unless you are authorized to do so. If you need assistance, please contact the helpdesk.^

!

line con 0

line vty 0 4

transport input ssh

line vty 5 15

transport input ssh

!

sntp server 10.201.25.12

end

AP53#