Wireless Connectivity Problems w/WPA

Posted on 2009-07-10
Medium Priority
Last Modified: 2013-12-27
One of our small business clients' networks has SBS 2003 (which is the DHCP server), a Cisco Catalyst 2960 Ethernet switch, and some wireless clients--some Dell (and a Sony) laptops and a Silex CWG-6700 wireless/USB print server.

Regardless of which wireless access point we use (we've tried both a cheap Linksys WAP54G and a more robust Cisco AP1121G), when security is configured to use WPA, none of the wireless clients can consistently maintain or even reliably obtain a wireless connection to the network.  The wireless net is detected, but often no IP address can be acquired ("Limited or no connectivity"--as though the encryption key wasn't entered correctly, but we know it was, in part 'cuz the issue is intermittent).  Even after an IP and good connection have been acquired, they are randomly lost.

HOWEVER, if we use WEP for security, all problems disappear; all clients obtain IPs with no problem and maintain good, uninterrupted network connectivity, rock-solid.

I've done my share of Googling and understand that WPA involves more complicated communication than WEP and can be tricky, but I haven't found anything that gave me an "aha!" moment or revealed some basic thing that I don't understand about how to use WPA.  All of our wireless devices and adapters are relatively new, with up-to-date drivers installed; they can all do WPA.  And they're various vendors' devices--Dell, Sony, Linksys, Cisco, Silex--all having exactly the same problems when WPA is used, all working perfectly when WEP is used.

I did find some suggestions, which I haven't tried yet:
--Use AES instead of TKIP
--Use fewer/more characters in WPA key
--Let WAP device auto-generate WPA key (FWIW, the WPA key we were using was a simple ten-character sting of numbers.)

Can anyone explain why we can't get a stable wireless network using WPA, and what I should do to make it work properly?
Question by:mtn_lion
LVL 16

Expert Comment

ID: 24826505
I would look at the clients, are they XP?  If so, are they at least at SP2?

Author Comment

ID: 24826595
Sorry, I should have said.  Yes, of course, they're XP Pro 2.  We don't do Vista ;-)
LVL 16

Expert Comment

ID: 24826706
Did you try broadcasting the ssid vs not?
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!


Author Comment

ID: 24826772
SSID is broadcast.

Accepted Solution

danf0x earned 1000 total points
ID: 24827188
Well here is what I know from my experience with WPA
1 it decreases the signal strength so machines that would connect fine with wep/no security could possibly have an issue with wpa
2 the key refresh rate seems to play a part in when people lose connection, the shorter the interval, the more I saw cards reconnecting
3 using the built in software vs the wireless zero connector on the computers would give me different results too.  If I did wireless zero I could always expect the same thing from every machine so if one worked, I could bet they all would.  if I used the dell connect manager or aetheros or whatever came with the card, it would be a different result everytime I setup the connection.
Hope that helps.
LVL 10

Assisted Solution

Wolfhere earned 1000 total points
ID: 24827203
SP3 updated the supplicant. SP2 should have the Microsoft WPA supplicant applied. Have you tried using the wifi device vendor driver manage the WPA?
I have experienced the problem you describe with the Notify me when this connection has limited or no connectivity.

What channel are you broadcasting on? What band? The reason I ask is, if your clients are set to G only, and your access points are doing b/g, and someone walks through the building with say a smart phone with wireless turned on....your access points will go into protected mode and 'emulate' B and will propagate the B throughout the network. Now your G-only clients will drop until the system no longer detects B and will move out of protected mode.
f you are using anything other than channels 1, 6 or 11, your frequency will overlap with another at a greater degree and cause problems with say another access point.

A faulty microwave device will cause problems too. Someone is heating up lunch in a leaky microwave and cause connectivity problems.

How far apart are your access points? Do you have enough overlap? The preferred method (I believe) is to have access points adjacent on separate channels. That way your clients machines can decide on which access point to connect to (strongest signal).

And finally, with Dell machines in particular, use the Windows supplicant rather than the broadcom. It really is more stable.

Hope this helps, I know there is a lot to consider. Best of luck

Author Comment

ID: 24827776
Danf0x and Wolfhere (do you guys know each other? ;-) -- thanks for your thoughts.  Yes, many variables....

1.  Range/strength doesn't appear to be an issue in our small space;

2.  Key refresh rate, makes sense, but I gather there's no setting that makes it NOT be a problem (?).  I mean, does this fundamentally make WPA unstable?

3.  Windows vs. proprietary supplicant: I feel better now about our practice of always using the Windows wireless client, not the Dell or whatever other utility came with the adapter.  Among other things, as you point out,  it removes one variable from the puzzle.

4.  SP3: This seems promising...but my own laptop is SP3 and suffer from similar issues on that customer's wireless network, although less frequently.  But what about the Silex box, whose precise OS and wireless suplicant specs I can't do anything about?

5.  B/G: Interesting; at the moment I don't remember how things are set, but on my next assault, perhaps I'll make sure all clients AND the AP are set to G-only and see what happens.

The next assault probably won't be 'til next week some time.  I'll leave the question open and give you at least one update before closing.  Thx again.

Author Closing Comment

ID: 31635103
Gentlemen: Sorry for long delay.  Using the "Carrier Busy" test on our new Cisco Aironet 1100 WAP, we determined that there was crazy radio interference on lots of channels.  Since we don't have a $4000 spectrum analyzer to figure out where the interference is coming from, we just did our best to pick the channels that seemed to have the least of it, and we seem to have had good luck with that.  In fact, with the Cisco WAP on channel 5, we put the little Linksys WAP54g on channel 11--and now the wireless clients are jumping right onto the Linksys WAP and staying connected.

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently purchased a Bluetooth headset called the Music Jogger (model BSH10). The control buttons on it look like this: One of my goals is to use it as the microphone and speakers for Skype calls. In that respect, it works well. However, I …
Today sees the launch of a new case study, focusing on BYOD technologies we have been working with for some time now.  But with the advent of 802.11ac wireless technologies and the story behind our landmark developments, we would like to share this …
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Suggested Courses
Course of the Month6 days, 12 hours left to enroll

593 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question