Solved

Wireless Connectivity Problems w/WPA

Posted on 2009-07-10
8
613 Views
Last Modified: 2013-12-27
One of our small business clients' networks has SBS 2003 (which is the DHCP server), a Cisco Catalyst 2960 Ethernet switch, and some wireless clients--some Dell (and a Sony) laptops and a Silex CWG-6700 wireless/USB print server.

Regardless of which wireless access point we use (we've tried both a cheap Linksys WAP54G and a more robust Cisco AP1121G), when security is configured to use WPA, none of the wireless clients can consistently maintain or even reliably obtain a wireless connection to the network.  The wireless net is detected, but often no IP address can be acquired ("Limited or no connectivity"--as though the encryption key wasn't entered correctly, but we know it was, in part 'cuz the issue is intermittent).  Even after an IP and good connection have been acquired, they are randomly lost.

HOWEVER, if we use WEP for security, all problems disappear; all clients obtain IPs with no problem and maintain good, uninterrupted network connectivity, rock-solid.

I've done my share of Googling and understand that WPA involves more complicated communication than WEP and can be tricky, but I haven't found anything that gave me an "aha!" moment or revealed some basic thing that I don't understand about how to use WPA.  All of our wireless devices and adapters are relatively new, with up-to-date drivers installed; they can all do WPA.  And they're various vendors' devices--Dell, Sony, Linksys, Cisco, Silex--all having exactly the same problems when WPA is used, all working perfectly when WEP is used.

I did find some suggestions, which I haven't tried yet:
--Use AES instead of TKIP
--Use fewer/more characters in WPA key
--Let WAP device auto-generate WPA key (FWIW, the WPA key we were using was a simple ten-character sting of numbers.)

Can anyone explain why we can't get a stable wireless network using WPA, and what I should do to make it work properly?
0
Comment
Question by:mtn_lion
8 Comments
 
LVL 16

Expert Comment

by:2PiFL
ID: 24826505
I would look at the clients, are they XP?  If so, are they at least at SP2?
0
 

Author Comment

by:mtn_lion
ID: 24826595
Sorry, I should have said.  Yes, of course, they're XP Pro 2.  We don't do Vista ;-)
0
 
LVL 16

Expert Comment

by:2PiFL
ID: 24826706
Did you try broadcasting the ssid vs not?
0
 

Author Comment

by:mtn_lion
ID: 24826772
SSID is broadcast.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 6

Accepted Solution

by:
danf0x earned 250 total points
ID: 24827188
Well here is what I know from my experience with WPA
1 it decreases the signal strength so machines that would connect fine with wep/no security could possibly have an issue with wpa
2 the key refresh rate seems to play a part in when people lose connection, the shorter the interval, the more I saw cards reconnecting
3 using the built in software vs the wireless zero connector on the computers would give me different results too.  If I did wireless zero I could always expect the same thing from every machine so if one worked, I could bet they all would.  if I used the dell connect manager or aetheros or whatever came with the card, it would be a different result everytime I setup the connection.
Hope that helps.
0
 
LVL 10

Assisted Solution

by:Wolfhere
Wolfhere earned 250 total points
ID: 24827203
SP3 updated the supplicant. SP2 should have the Microsoft WPA supplicant applied. Have you tried using the wifi device vendor driver manage the WPA?
I have experienced the problem you describe with the Notify me when this connection has limited or no connectivity.

What channel are you broadcasting on? What band? The reason I ask is, if your clients are set to G only, and your access points are doing b/g, and someone walks through the building with say a smart phone with wireless turned on....your access points will go into protected mode and 'emulate' B and will propagate the B throughout the network. Now your G-only clients will drop until the system no longer detects B and will move out of protected mode.
I
f you are using anything other than channels 1, 6 or 11, your frequency will overlap with another at a greater degree and cause problems with say another access point.

A faulty microwave device will cause problems too. Someone is heating up lunch in a leaky microwave and cause connectivity problems.

How far apart are your access points? Do you have enough overlap? The preferred method (I believe) is to have access points adjacent on separate channels. That way your clients machines can decide on which access point to connect to (strongest signal).

And finally, with Dell machines in particular, use the Windows supplicant rather than the broadcom. It really is more stable.

Hope this helps, I know there is a lot to consider. Best of luck
0
 

Author Comment

by:mtn_lion
ID: 24827776
Danf0x and Wolfhere (do you guys know each other? ;-) -- thanks for your thoughts.  Yes, many variables....

1.  Range/strength doesn't appear to be an issue in our small space;

2.  Key refresh rate, makes sense, but I gather there's no setting that makes it NOT be a problem (?).  I mean, does this fundamentally make WPA unstable?

3.  Windows vs. proprietary supplicant: I feel better now about our practice of always using the Windows wireless client, not the Dell or whatever other utility came with the adapter.  Among other things, as you point out,  it removes one variable from the puzzle.

4.  SP3: This seems promising...but my own laptop is SP3 and suffer from similar issues on that customer's wireless network, although less frequently.  But what about the Silex box, whose precise OS and wireless suplicant specs I can't do anything about?

5.  B/G: Interesting; at the moment I don't remember how things are set, but on my next assault, perhaps I'll make sure all clients AND the AP are set to G-only and see what happens.

The next assault probably won't be 'til next week some time.  I'll leave the question open and give you at least one update before closing.  Thx again.
0
 

Author Closing Comment

by:mtn_lion
ID: 31635103
Gentlemen: Sorry for long delay.  Using the "Carrier Busy" test on our new Cisco Aironet 1100 WAP, we determined that there was crazy radio interference on lots of channels.  Since we don't have a $4000 spectrum analyzer to figure out where the interference is coming from, we just did our best to pick the channels that seemed to have the least of it, and we seem to have had good luck with that.  In fact, with the Cisco WAP on channel 5, we put the little Linksys WAP54g on channel 11--and now the wireless clients are jumping right onto the Linksys WAP and staying connected.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

This article is split into background info to start and actual review at bottom: Some time ago I wanted to sell a system with both wired and wireless capability but at minimum expense.  Having visited my trusted online auction I was pleasantly su…
For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now