Help! Intermittent Network Issues

Hi Experts:  

I recently deployed a Cisco Aironet and users are experiencing issues accessing resources on the local network, but NOT the Internet.  When the issue is occurring I can successfully ping a public IP address, but not a specific internal address of a network share.  I've confirmed it is not an issue with network share because I can successfully ping it from another machine (wired) while the issue is occurring on the wireless device.

I've attached a Wireshark capture while the issue is occurring.  You can see that I'm successfully pinging 4.2.2.1 and at the same time timing out at 10.10.10.250.

Does anyone see any clues here as to why this might be occurring ?

PS: Change the file extension of the attached file to: pcapng

Thx!
10-2-13.txt
polaris101Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Fred MarshallPrincipalCommented:
My wireshark doesn't recognize it as a valid capture file.
0
tmoore1962Commented:
probably config of the AP, since you access internet ok, but not the local resource and the IP's are different probably the way the AP has its routes configured, I would double check the aironet config.
0
polaris101Author Commented:
Here is the config of the aironet.  As you can see, it is a very basic config:

version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ap
!
logging rate-limit console 9
enable secret 5 $1$w8hH$F5jNtY0tRf1mqinnFTeDN/
!
no aaa new-model
!
!
dot11 syslog
dot11 vlan-name GuestVlan vlan 3
!
dot11 ssid PMM
   vlan 1
   authentication open 
   authentication key-management wpa version 2
   guest-mode
   mbssid guest-mode
   wpa-psk ascii 7 mypresharedkey
!
dot11 ssid PMM-Guest
   vlan 3
   authentication open 
   authentication key-management wpa version 2
   mbssid guest-mode
   wpa-psk ascii 7 mypresharedkey2
!
!
!
username Cisco password 7 mypassword
!
!
bridge irb
!
!
interface Dot11Radio0
 no ip address
 no ip route-cache
 !
 encryption mode ciphers aes-ccm 
 !
 encryption vlan 1 mode ciphers aes-ccm 
 !
 encryption vlan 3 mode ciphers aes-ccm 
 !
 ssid PMM
 !
 ssid PMM-Guest
 !
 antenna gain 0
 mbssid
 station-role root
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
 bridge-group 1 spanning-disabled
!
interface Dot11Radio0.3
 encapsulation dot1Q 3
 no ip route-cache
 bridge-group 3
 bridge-group 3 subscriber-loop-control
 bridge-group 3 block-unknown-source
 no bridge-group 3 source-learning
 no bridge-group 3 unicast-flooding
 bridge-group 3 spanning-disabled
!
interface GigabitEthernet0
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 no keepalive
!
interface GigabitEthernet0.1
 encapsulation dot1Q 1 native
 no ip route-cache
 bridge-group 1
 no bridge-group 1 source-learning
 bridge-group 1 spanning-disabled
!
interface GigabitEthernet0.3
 encapsulation dot1Q 3
 no ip route-cache
 bridge-group 3
 no bridge-group 3 source-learning
 bridge-group 3 spanning-disabled
!
interface BVI1
 ip address 10.10.10.191 255.255.255.0
 no ip route-cache
!
ip default-gateway 10.10.10.1
ip http server
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
bridge 1 route ip
!
!
!
line con 0
line vty 0 4
 login local
!
end 

Open in new window

0
Webinar: Miercom Evaluates Wi-Fi Security

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom how WatchGuard's Wi-Fi security stacks up against the competition in our upcoming webinar!

polaris101Author Commented:
fmarshall, did you change the file extension to pcapng ?
0
tmoore1962Commented:
first thing I see is you have multiple ssid, try adding this to turn on the
dot11 mbssid (allows the multiple ssid)
Only other thing I see is the encryption mode ciphers that doesn't have a vlan you could try and remove that statement since you should only be encrypting for the the ssids next you can try adding to the  radio interface .3 try

no ip unreachables
no ip proxy-arp
no cdp enable
0
polaris101Author Commented:
Issue seemed to resolve itself by connecting the AP's to a PoE switch instead of directly into the ASA.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
polaris101Author Commented:
Seems to be resolved.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.