Link to home
Create AccountLog in
Avatar of m1979
m1979Flag for United Kingdom of Great Britain and Northern Ireland

asked on

Cisco Aironet 1140 ARP issue

I've got a strange problem with my Aironet Access Point. I noticed it some time ago, I tried to RDP to a PC that I turned on and could not. It was strange as I saw the wifi light on and the AP could ping it.

Long story short - arp problem. I can see that I cannot ping/access my wifi devices from time to time untill I initiate something from the wireless device.

To prove the problem is not with a switch I did the following:

Wirless laptop (.24) ----------------- Aironet ---------------------- laptop connected directly  (.199)


From the LAN laptop:
ping 172.16.1.24 -t
Pinging 172.16.1.24 with 32 bytes of data:
Reply from 172.16.1.199: Destination host unreachable.
Reply from 172.16.1.199: Destination host unreachable.
Reply from 172.16.1.199: Destination host unreachable.
Reply from 172.16.1.199: Destination host unreachable.
Reply from 172.16.1.199: Destination host unreachable.
//at that moment I went to my wireless laptop and started a ping to .199 from it//
Reply from 172.16.1.24: bytes=32 time=883ms TTL=128
Reply from 172.16.1.24: bytes=32 time=24ms TTL=128
Reply from 172.16.1.24: bytes=32 time=24ms TTL=128
Reply from 172.16.1.24: bytes=32 time=24ms TTL=128
Reply from 172.16.1.24: bytes=32 time=24ms TTL=128
Reply from 172.16.1.24: bytes=32 time=24ms TTL=128
Reply from 172.16.1.24: bytes=32 time=24ms TTL=128
Reply from 172.16.1.24: bytes=32 time=24ms TTL=128
Reply from 172.16.1.24: bytes=32 time=24ms TTL=128
Reply from 172.16.1.24: bytes=32 time=22ms TTL=128
Reply from 172.16.1.24: bytes=32 time=24ms TTL=128
Reply from 172.16.1.24: bytes=32 time=24ms TTL=128
......
I waited 10 minutes, tried again - the same, was failing until I initiated the connection from the wifi laptop. But every time I was able to ping this wifi laptop from the AP itself, I noticed that sometimes it timed out 4-10 times but eventually started to ping

No firewalls, it happened with 3 different wireless laptops so no drivers issue, I tried 3 different IOS versions...
I used to have some problems with this AP before (no wifi networks were visible) so not sure, maybe sth is wrong wit it?
Avatar of pgolding00
pgolding00
Flag of Australia image

during the time that ping does not work (and prior to pinging the other way to bring it back to life), does the AP have any arp entry for the pc? (making the assumption that AP management and pc are in same subnet). also, does whatever is normally downstream of the AP, such as switch or router, have arp entry for the pc when things dont work? if downstream is a switch, does it have a cam table entry at that time? ("show mac-addr dynamic" or similar command if cisco switch).

for your switches, what is the mac address timeout or ageing time, and arp timeout set to?
Avatar of m1979

ASKER

Thanks mate, that is why I connected a LAN cable directly to the AP to make sure the problem is not with my switch. When it happens, both sides can ping the AP and I can ping both devices from the AP. I cannot ping 'through' the AP from the LAN (no arp entry on the laptop)
right, fair enough. just in case, have you verified that the subnet mask is the same on both pc's and ap? i will assume this is all ok, and that they are all in the same subnet, but please verify.

so, at the time things are broken, does the ap believe the wireless client is associated (and authenticated if you do such - i suspect you cant have much going on in the authentication space when the ap is cabled to the test pc though?)

the cisco supportforum response seems to be going in the same direction as this discussion. i would suggest two things now:
- config static arp entry for wired machine in the wifi machine and for the wifi machine in the wired, which will completely include or exclude arp as being the cause,
- when things are broken, run wireshark on the wifi machine, then ping from the wired - do you see the echo request come over the wireless? is it preceded with any arp traffic? (do this one prior to setting any static arp entries).

and the obvious thing that everyone checks prior to everything these days - are the firewalls turned off on pc's? wireshark would prove this too, in case there were any doubt.
and just for laughs, "debug arp" on the ap and see whats going on there too.
this is not that dissimilar from your situation:
https://supportforums.cisco.com/docs/DOC-3212
so check the bridge-group config.
Avatar of m1979

ASKER

pgolding00, thanks!


Firewalls are off.
When it happens I am able to:
-ping wirelss and wired PCs from the AP (so the AP knows the arp, it is not sending an arp from the LAN to wireless clients)
wireless PC can ping the Internet and all other local PCs

My dot11 interface(s):
interface Dot11Radio0.2
 description Bridged LAN Wireless Interface
 encapsulation dot1Q 2 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled


interface Dot11Radio0.3
 description Guest Wireless Interface
 encapsulation dot1Q 3
 no ip route-cache
 bridge-group 3
 bridge-group 3 subscriber-loop-control
 bridge-group 3 block-unknown-source
 no bridge-group 3 source-learning
 no bridge-group 3 unicast-flooding
 bridge-group 3 spanning-disabled
end

Open in new window

well i almost agree with you. we just dont know for sure if the ap is or is not sending arp queries out over wireless, and by implication we dont know that the arp queries get to the ap in the first place either. wireshark on the wifi client will tell us. it seems the answer might be the ap receives them but does not forward to wifi, which would imply config of the ap or a bug.

any possibility of installing wireshark there?

out of interest you have 2 vlans, 2 ssid's, 2 subnets here at least, going by the interface config. does same prob exist on both/all subnets?
ASKER CERTIFIED SOLUTION
Avatar of m1979
m1979
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of m1979

ASKER

sorted