1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WDS Connection Issue

Discussion in 'Tomato Firmware' started by patsissons, Apr 9, 2008.

  1. patsissons

    patsissons Addicted to LI Member

    We have a 3 router setup right now that can be described as the following

    {Internet}----[router1: Access Point + WDS]

    [router2: Access Point + WDS]

    [router3: Access Point + WDS]

    each router is in a seperate room and has several components connected through cat5 cable.

    The connection issue that i'm having is that when i am connecting (my ipod touch) to the wireless from within the same room as router2. I will have the device list open for router2 and i can see my touch connected to router2 briefly. It only stays connected for about 10 to 30 seconds before it drops. The touch attempts to reconnect 0+ times until it finally connects to router1, where it stays connected. Sometimes the touch has a lot of trouble connecting to the wireless since it can't see past router2 (since the touch always chooses the bssid with the strongest signal when multiple bssid's have the same ssid). This results in me having to move the touch closer to router1 so the signal strength is improved over router2.

    the WDS on router1 is linked with router2, router2 is linked with routers 1 and 3, and router3 is linked with router2.

    if there is any more info that is needed for a good diagnosis let me know. Also if this is not the ideal setup please let me know, i would be interested to hear of better setups.

    Thanks.
     
  2. HennieM

    HennieM Network Guru Member

    Can't help with the Touch, other to say check that the setup on router2 is exactly the same as the others. Best perhaps to reset router2 to defaults, and then re-specify all settings.

    In terms of the link setup: Fine as it is. If you want more redundancy, at perhaps a tiny performance drop, you can turn Spanning Tree Protocol on on all 3 routers, and then allow them to link like this:
    1
    / \
    2--3
    This way, if you reboot one of the routers, the other 2 will still talk. This is provided that 1 and 3 can "see" each other. The only problem I have seen with such a setup, is that the weak link sometimes stay connected, even though a stronger link may be available.
     
  3. TexasFlood

    TexasFlood Network Guru Member

    I googled "ipod touch linksys" and phound a plethora of problem posts. Now I need to google "alliteration", :-D Anywho...
    Sounds like there are mysterious issues with touch wireless connectivity.
    Apparently this can happen suddenly after a period of having no issues and seemingly no changes in the environment.
    Reviewing the WDS setup sounds like a good idea, are they all set to same SSID, channel, security (a WDS friendly version), security key.
    I agree that resetting to factory and reconfiguring "from scratch" can be a good idea. I've cleared up many mysterious problems that way.
    Is there anything in the logs that might be helpful?
    Is the touch using DHCP? If so, is router 1 providing the DHCP services? Was trying to think what might be different about router 1 so wondered if somehow the touch doesn't like DHCP negotiations through router two so looks for another connection and then successfully negotiates DHCP with router 1.
     
  4. patsissons

    patsissons Addicted to LI Member

    same SSID, same channel, same security and key. not sure what a friendly version is, i have 1.17 installed on router 2, not sure what is on the other two routers but it is fairly recent. I'll probably update the other two (or have my room mates update them, they don't belong to me) in the next few days. Router 1 is the only one with a dhcp server running, i believe that is the proper way with a WDS. the touch gets assigned an address through dhcp. I don't think i can have multiple dhcp servers running in a wds, right?
     
  5. TexasFlood

    TexasFlood Network Guru Member

    My reference to WDS friendly meant that some forms of encryption work well with WDS, some not as well or not at all. I currently run "WPA Personal (PSK) + AES" and find it to be very stable with WDS. If your WDS links are working then this probably isn't an issue. Yes, running DNS on the gateway router is what you should be doing, I was just thinking out loud if that could be related.
     
  6. HennieM

    HennieM Network Guru Member

    Just ONE DHCP server per network segment (does not matter if it's WDS, wired, or whatever).
    [Technically you can have many DHCP servers on a subnet, but the client should only talk to one of them. Further, with many DHCP servers, you can get one IP address assigned to 2 or more clients. Therefore, to avoid any chance of complications, make sure you have only one DHCP server running.]

    I don't think the physical router that the DHCP server runs on should make any difference i.t.o. clients' preference for connection, as ARP- and IP conversations, and thus a client originated DHCP probe, only happens AFTER the wireless association phase.

    By the time that IP traffic is flowing over a connection, the IP stack does not know that it's running over a wireless connection. I would therefore search the logs or sniff the wireless conversation (rather than the IP conversation) for clues.

    If you are sure router2 is right, you could also try up/downgrading the wireless driver of the Touch. Another option may be to take router2 Tomato back to v1.10 - I run v1.10 on 6 out of 13 routers and have not had anything not connect to them.
     
  7. patsissons

    patsissons Addicted to LI Member

    i would like to dig a little deeper into the logging, but so far nothing seems to be getting logged (none of the ipod's connection details). is there any way to increase the logging verbosity? btw, i am watching /var/log/messages (tail -f) and dmesg for entries.

    good though on sniffing the wireless, i'll get my laptop up and running wireshark and see if i can spot anything.
     
  8. TexasFlood

    TexasFlood Network Guru Member

    There are some settings you can can in the GUI, on the status-log.asp page under "Logging Configuration". The items you can set there are:

    Log Internally
    Log to Remote System (IP Address / Port)
    Mark Interval
    Events Logged
    Access Restriction De/Activiation
    Cron
    NTP
    Connection Logging
    Inbound Connection
    Outbound Connection
    Limit Logging (60 by default)

    I just set up external logging for the first time in a while. It's amazing where all the traffic comes from. In just a couple of hours my router showed blocked traffic from Brunei, Canada, China, France, Germany, India, South Korea, Netherlands, Sierra Leone, and United Kingdom.
     
  9. patsissons

    patsissons Addicted to LI Member

    upgraded to 1.18 today and already dhcp seems to work much better. I'll post back later if things remain in good condition.
     
  10. patsissons

    patsissons Addicted to LI Member

    scratch that, the dhcp seems to only work well right after a reboot, moments later im back to the same old game.

    We're trying the STP with our wds now, and we have all upgraded to 1.18 firmware. The problem still exists and doesn't seem to feel like going away any time soon. I did some debugging with wireshark, but i wasn't happy with the results. the only packets coming from either my wii or ipod were XID packets (not really sure what they are). No other dhcp traffic over the network, so im not sure what is going on. I did manage to get things working, but we have set ranges for dhcp leases for each router. not the most elegant solution, but things are working at least.
     
  11. patsissons

    patsissons Addicted to LI Member

    ok, another update on this, did some more debugging, this time with my laptop and wpa_supplicant. It seems that wpa is the root of the evil. I'm still not entirely sure what is happening, but i have narrowed things down now.

    So I will auth with wpa_supplicant and it will accept and dhclient will give me a dhcp lease. Then out of nowhere i get this in my wpa_supplicant output:

    Michael MIC failure detected
    WPA: Sending EAPOL-Key Request (error=1 pairwise=1 ptk_set=1 len=99)
    Michael MIC failure detected
    WPA: Sending EAPOL-Key Request (error=1 pairwise=1 ptk_set=1 len=99)
    TKIP countermeasures started
    Michael MIC failure detected
    WPA: Sending EAPOL-Key Request (error=1 pairwise=1 ptk_set=1 len=99)
    TKIP countermeasures started
    Michael MIC failure detected
    WPA: Sending EAPOL-Key Request (error=1 pairwise=1 ptk_set=1 len=99)
    TKIP countermeasures started
    Michael MIC failure detected
    WPA: Sending EAPOL-Key Request (error=1 pairwise=1 ptk_set=1 len=99)
    TKIP countermeasures started
    Michael MIC failure detected
    WPA: Sending EAPOL-Key Request (error=1 pairwise=1 ptk_set=1 len=99)
    TKIP countermeasures started
    Michael MIC failure detected
    WPA: Sending EAPOL-Key Request (error=1 pairwise=1 ptk_set=1 len=99)
    TKIP countermeasures started
    CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
    CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
    WPA: TKIP countermeasures stopped

    then wpa reauths, dhclient gets a new lease and im connected again. I don't know enough about wpa to know what is going on, but this behaviour certainly explains the problems i have been seeing in the past with my ipod and wii (providing their wpa is having the same issues of course).
     
  12. HennieM

    HennieM Network Guru Member

    Don't know if it's been suggested before, but rather try AES encryption if your devices support it. TKIP is a bit slower and seemingly a bit more full of crap.
     
  13. patsissons

    patsissons Addicted to LI Member

    we just switched our wds system to wpa/wpa2 personal with aes encryption last night, and already the difference is felt. Im almost certain that this issue was tkip related. Don't know why, but aes is the win!
     
  14. HennieM

    HennieM Network Guru Member

    WDS apparently does not work with WPA2, so if your system runs with WPA/WPA2, you're getting the best of several worlds I guess. If it has more issues though, try just WPA/EAS.
     
  15. patsissons

    patsissons Addicted to LI Member

    apparently, the AP's allow clients to connect through WPA or WPA2, but the WDS itself only uses WPA. Our wireless is very stable now, so I can certainly say that TKIP was causing the problems.
     
  16. TexasFlood

    TexasFlood Network Guru Member

    I was having WDS stability issues and ended up with WPA PSK + AES and have both stability and interoperability with other firmware, specifically DD-WRT at the moment (I have one router for which DD-WRT is presently the only alternative to the stock firmware). Seems like just switching from WPA/WPA2 to WPA made my network stable as well as allowing a WDS connnection with a DD-WRT router. Going to AES certainly didn't do any harm. But maybe I'm not remembering it right. Probably need to do some test to confirm which combinations were stable for me but bottom line WPA PSK + AES works for me and I'm not likely to switch.
     

Share This Page