[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1855
  • Last Modified:

Wirelessly connectivity with 10% of Epson Projectors on campus

We're a decent size network with multiple VLANs. We have close to 200 projectors and about 10 of those projectors started having intermittent wireless issues. These 10 projectors connect wirelessly to their own wireless SSID, WPA2 encrypted network. Most of these projectors have been working for about a year.. something has changed on your network and now I'm having an issue with just a couple.


What would be the best way to troubleshoot this issue? Wireshark? Other thoughts?


Other details:
We have all Cisco backbone, switches, WCS, WiSM, ACS.
Projectors are wirelessly connected to their own VLAN.
Projectors are set for DHCP
DHCP has correct reservations
Encrypt key, SSID info is correct on projectors

Two of are tech's can't figure it out and one contractor. Need the experts!!
0
PapaSmurff
Asked:
PapaSmurff
  • 9
  • 6
1 Solution
 
atrevidoCommented:
Just curious but are all the projectors the same make/model?  If they are then are they all at the same firmware level.  If not, then that is something to look at.

Are all 10 of the projectors located near each other?  aka do they all potentially home to the same AP?

Have you added any AP's just before they started happening?  A collapsing of WAP areas will often cause wireless clients to hop from one AP to the other continuously because they are confused.  I would do a wireless survey to ensure you haven't go any overlapping channels.

Regarding wireshark - one thing you could do is put a laptop in the IDF where the AP is for one of the projectors.  MIrror the port between the laptop & AP, run wireshark and pray for it to happen quickly otherwise the logfile will be monstrous.
0
 
PapaSmurffAuthor Commented:
Thanks for your reply.

Projectors are the same model. Other projectors with this model are working.
Problem projectors are all around the campus and aren't defined to one switch but multiple.

No new AP's have been added. Non-overlapping channels are managed but WCS. I believe the aggressive rate is set at moderate so WCS doesn't go crazy changing channels. No rogue AP's in the area.

I'll have to get back to you on the fireware. Thank-you!
0
 
atrevidoCommented:
If the firmware isn't different then I would have to resort to wireshark as mentioned in my previous post.  

So when do they "lose connectivity"?  while projecting something?  Or does someone try to use it and they have no connectivyt?  I'm wondering if it is the latter then perhaps the unit is falling asleep or going into standby mode and dropping the connection.  If its while projecting something then that is altogether different.
0
Get quick recovery of individual SharePoint items

Free tool – Veeam Explorer for Microsoft SharePoint, enables fast, easy restores of SharePoint sites, documents, libraries and lists — all with no agents to manage and no additional licenses to buy.

 
PapaSmurffAuthor Commented:
I have one in my office now.

Initial power up the projector says Authenticating for a while then fails with:

Authentication failed
Event ID: 0891

After about an hour without making any changes the projector connected to the network.
After it was working I powered it down and same thing happened. Right now its trying to auth...

Very strange.
0
 
atrevidoCommented:
are you using Radius or certificates or something?  What is the projector authenticating to?
0
 
PapaSmurffAuthor Commented:
Authenticating to a projector VLAN, with WPA2 encryption key
Wireless MAC is reserved in DHCP.
0
 
atrevidoCommented:
Then that implies that the projector is failing to auth with the AP using the WPA2 encryption key.  Are you using a key that contains any special characters or spaces?  Sometimes this messes things up.  e.g. I learned that unless you have Lion on your MACs 99% of special characters don't work for wireless keys.  My guest key has > in it and visitors with Macs that are not updated cannot authenticate.  Irritating.  I had to change my key
0
 
PapaSmurffAuthor Commented:
Thanks. This key works on 190 projectors, and authenticates half of the time without any changes.
0
 
atrevidoCommented:
i know but clearly something is wrong.  Since the projector is in your office can you set up an AP with some simple key and see if the problem remains?
0
 
PapaSmurffAuthor Commented:
Yeah, thats a good idea. I think with our Cisco system we can put in multiple encryption keys per SSID. I'll let you know. Thanks.
0
 
PapaSmurffAuthor Commented:
I tested with a plain number/letter password and it didn't connect.
0
 
atrevidoCommented:
Bizarre.  I'm leaning toward blaming the Epson projector but what does the Cisco WAP log show about its trying to connect?  Just failure?  
There are some debug commands you can put on the telent/ssh session of the Cisco WAP, here's an excerpt below but check out this Cisco debug link
WPAAlthough Wi-Fi Protected Access (WPA) is not an authentication type, it is a negotiated protocol.

•WPA negotiates between the AP and the client card.

•WPA key management negotiates after a client is successfully authenticated by an authentication server.

•WPA negotiates both a Pairwise Transient Key (PTK) and a Groupwise Transient Key (GTK) in a four-way handshake.

Note: Because WPA requires that the underlying EAP be successful, verify that clients can successfully authenticate with that EAP before you engage WPA.

These debugs are the most helpful for WPA negotiations:

•debug dot11 aaa authenticator process—The outputs of this debug start with this text: dot11_auth_dot1x_.

•debug dot11 aaa authenticator state-machine—The outputs of this debug start with this text: dot11_auth_dot1x_run_rfsm.

Relative to the other authentications in this document, WPA debugs are simple to read and analyze. A PTK message should be sent and an appropriate reply received. Next, a GTK message should be sent and another appropriate response received.

If the PTK or GTK messages are not sent, the configuration or software level on the AP can be at fault. If the PTK or GTK responses from the client are not received, check the configuration or software level on the WPA supplicant of the client card.

Hope that helps.
Did you run a wireshark trace on the AP port of your test Epson in your lab?
0
 
PapaSmurffAuthor Commented:
This is the reason code in our WCS.

Client 'a4:ee:57:f0:6a:a4 (0.0.0.0)' failed to associate with AP '100J-AP-10', interface '802.11b/g/n'. The reason code is '0'.

The projectors name is 100-Proj
in DHCP the reservation name is 100-Proj(.ourdomain)
the "domain" wasn't added by me... after I removed it he connectivity came back...

Could this be the issue?

Now the projector I'm working with currently connected fine this morning with that reservation. I lost connectivity thru-out the day with no changes.. but as soon as I removed the domain from the reservation name it but its reserved IP back.. thoughts?
0
 
PapaSmurffAuthor Commented:
Still not resolved. Going to have them hardwired.
0
 
PapaSmurffAuthor Commented:
Seems to be an issue with the projectors.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

  • 9
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now