Wireless Connectivity Problems w/WPA

One of our small business clients' networks has SBS 2003 (which is the DHCP server), a Cisco Catalyst 2960 Ethernet switch, and some wireless clients--some Dell (and a Sony) laptops and a Silex CWG-6700 wireless/USB print server.

Regardless of which wireless access point we use (we've tried both a cheap Linksys WAP54G and a more robust Cisco AP1121G), when security is configured to use WPA, none of the wireless clients can consistently maintain or even reliably obtain a wireless connection to the network.  The wireless net is detected, but often no IP address can be acquired ("Limited or no connectivity"--as though the encryption key wasn't entered correctly, but we know it was, in part 'cuz the issue is intermittent).  Even after an IP and good connection have been acquired, they are randomly lost.

HOWEVER, if we use WEP for security, all problems disappear; all clients obtain IPs with no problem and maintain good, uninterrupted network connectivity, rock-solid.

I've done my share of Googling and understand that WPA involves more complicated communication than WEP and can be tricky, but I haven't found anything that gave me an "aha!" moment or revealed some basic thing that I don't understand about how to use WPA.  All of our wireless devices and adapters are relatively new, with up-to-date drivers installed; they can all do WPA.  And they're various vendors' devices--Dell, Sony, Linksys, Cisco, Silex--all having exactly the same problems when WPA is used, all working perfectly when WEP is used.

I did find some suggestions, which I haven't tried yet:
--Use AES instead of TKIP
--Use fewer/more characters in WPA key
--Let WAP device auto-generate WPA key (FWIW, the WPA key we were using was a simple ten-character sting of numbers.)

Can anyone explain why we can't get a stable wireless network using WPA, and what I should do to make it work properly?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I would look at the clients, are they XP?  If so, are they at least at SP2?
mtn_lionAuthor Commented:
Sorry, I should have said.  Yes, of course, they're XP Pro 2.  We don't do Vista ;-)
Did you try broadcasting the ssid vs not?
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

mtn_lionAuthor Commented:
SSID is broadcast.
Well here is what I know from my experience with WPA
1 it decreases the signal strength so machines that would connect fine with wep/no security could possibly have an issue with wpa
2 the key refresh rate seems to play a part in when people lose connection, the shorter the interval, the more I saw cards reconnecting
3 using the built in software vs the wireless zero connector on the computers would give me different results too.  If I did wireless zero I could always expect the same thing from every machine so if one worked, I could bet they all would.  if I used the dell connect manager or aetheros or whatever came with the card, it would be a different result everytime I setup the connection.
Hope that helps.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SP3 updated the supplicant. SP2 should have the Microsoft WPA supplicant applied. Have you tried using the wifi device vendor driver manage the WPA?
I have experienced the problem you describe with the Notify me when this connection has limited or no connectivity.

What channel are you broadcasting on? What band? The reason I ask is, if your clients are set to G only, and your access points are doing b/g, and someone walks through the building with say a smart phone with wireless turned on....your access points will go into protected mode and 'emulate' B and will propagate the B throughout the network. Now your G-only clients will drop until the system no longer detects B and will move out of protected mode.
f you are using anything other than channels 1, 6 or 11, your frequency will overlap with another at a greater degree and cause problems with say another access point.

A faulty microwave device will cause problems too. Someone is heating up lunch in a leaky microwave and cause connectivity problems.

How far apart are your access points? Do you have enough overlap? The preferred method (I believe) is to have access points adjacent on separate channels. That way your clients machines can decide on which access point to connect to (strongest signal).

And finally, with Dell machines in particular, use the Windows supplicant rather than the broadcom. It really is more stable.

Hope this helps, I know there is a lot to consider. Best of luck
mtn_lionAuthor Commented:
Danf0x and Wolfhere (do you guys know each other? ;-) -- thanks for your thoughts.  Yes, many variables....

1.  Range/strength doesn't appear to be an issue in our small space;

2.  Key refresh rate, makes sense, but I gather there's no setting that makes it NOT be a problem (?).  I mean, does this fundamentally make WPA unstable?

3.  Windows vs. proprietary supplicant: I feel better now about our practice of always using the Windows wireless client, not the Dell or whatever other utility came with the adapter.  Among other things, as you point out,  it removes one variable from the puzzle.

4.  SP3: This seems promising...but my own laptop is SP3 and suffer from similar issues on that customer's wireless network, although less frequently.  But what about the Silex box, whose precise OS and wireless suplicant specs I can't do anything about?

5.  B/G: Interesting; at the moment I don't remember how things are set, but on my next assault, perhaps I'll make sure all clients AND the AP are set to G-only and see what happens.

The next assault probably won't be 'til next week some time.  I'll leave the question open and give you at least one update before closing.  Thx again.
mtn_lionAuthor Commented:
Gentlemen: Sorry for long delay.  Using the "Carrier Busy" test on our new Cisco Aironet 1100 WAP, we determined that there was crazy radio interference on lots of channels.  Since we don't have a $4000 spectrum analyzer to figure out where the interference is coming from, we just did our best to pick the channels that seemed to have the least of it, and we seem to have had good luck with that.  In fact, with the Cisco WAP on channel 5, we put the little Linksys WAP54g on channel 11--and now the wireless clients are jumping right onto the Linksys WAP and staying connected.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.