Wed Jul 25, 2012 6:41 pm
It's going all gaga again! Or as my son asked me when his laptop lost its connection, why am I buying cheap Latvian gear? I told him that it's because of the good support. BTW I'm still on 5.16, which it came with.
First off, some background. The initial problem for which I started this thread was caused when a WPA (not WPA2) client bridge got locked out. Its RF link was marginal. I patched it by setting it back to WEP (ugh) but I also fixed a problem with its antenna and now its link is strong and reliable. So I have been thinkng of putting it back on WPA. BUT...
Last night I was sitting at my laptop four feet from the access point 951. And I noticed that my laptop had associated with the WEP, not WPA, SSID, even though that's below it on the list. Then my son marched downstairs to tell me that his laptop (WPA2) had lost its connection too. I captured the log (fortunately raised to 250 entries) before rebooting, which fixed things.
Here's the laptop:
75 Jul/24/2012 20:37:04 memory wireless, debug wlan2: 70:F1:A1:37:F7:39 attempts to associate
76 Jul/24/2012 20:37:04 memory wireless, info 70:F1:A1:37:F7:39@wlan2: reassociating
77 Jul/24/2012 20:37:04 memory wireless, info 70:F1:A1:37:F7:39@wlan2: disconnected, ok
78 Jul/24/2012 20:37:04 memory wireless, debug wlan2: 70:F1:A1:37:F7:39 not in local ACL, by default accept
79 Jul/24/2012 20:37:04 memory wireless, info 70:F1:A1:37:F7:39@wlan2: connected
That sequence happens many times, and leaves him connected. A little while later:
152 Jul/24/2012 21:40:20 memory wireless, info 70:F1:A1:37:F7:39@wlan2: disconnected, extensive data loss
That is the last entry from his MAC address, which to be sure is not a terribly strong link, but things are starting to go nuts. The next MAC is that of my laptop, whose IP ends in .152, and which is four feet from the AP (-39 dB or so), as i am trying to get it back onto wlan2, the WPA2 virtual AP (the primary AP is WEP):
167 Jul/24/2012 21:45:44 memory wireless, info 00:18:DE:47:D8:2B@wlan2: connected
168 Jul/24/2012 21:45:44 memory wireless, info 00:18:DE:47:D8:2B@wlan2: disconnected, received deauth: unspecified (1)
169 Jul/24/2012 21:45:44 memory wireless, debug wlan2: 00:18:DE:47:D8:2B attempts to associate
170 Jul/24/2012 21:45:44 memory wireless, debug wlan2: 00:18:DE:47:D8:2B not in local ACL, by default accept
171 Jul/24/2012 21:45:44 memory wireless, info 00:18:DE:47:D8:2B@wlan2: connected
172 Jul/24/2012 21:45:49 memory wireless, info 00:18:DE:47:D8:2B@wlan2: disconnected, unicast key exchange timeout
** For some reason the key exchange decided to time out. So the laptop tries again:
173 Jul/24/2012 21:45:49 memory wireless, debug wlan2: 00:18:DE:47:D8:2B attempts to associate
174 Jul/24/2012 21:45:49 memory wireless, debug wlan2: reject 00:18:DE:47:D8:2B, banned (last failure - unicast key exchange timeout)
repeat four more times, then:
183 Jul/24/2012 21:45:54 memory wireless, debug wlan2: 00:18:DE:47:D8:2B attempts to associate
184 Jul/24/2012 21:45:54 memory wireless, debug wlan2: 00:18:DE:47:D8:2B does not provide suitable security method, reject
*** So here I've been rejected from WPA2, so it's moving to the WEP SSID instead:
185 Jul/24/2012 21:45:54 memory wireless, debug wlan1: 00:18:DE:47:D8:2B attempts to associate
186 Jul/24/2012 21:45:54 memory wireless, debug wlan1: 00:18:DE:47:D8:2B not in local ACL, by default accept
187 Jul/24/2012 21:45:54 memory wireless, info 00:18:DE:47:D8:2B@wlan1: connected
188 Jul/24/2012 21:45:55 memory dhcp, info default assigned 192.168.123.152 to 00:18:DE:47:D8:2B
But I'm trying to get to WPA:
189 Jul/24/2012 21:46:02 memory dhcp, info default deassigned 192.168.123.152 from 00:18:DE:47:D8:2B
190 Jul/24/2012 21:46:02 memory wireless, info 00:18:DE:47:D8:2B@wlan1: disconnected, received deauth: unspecified (1)
191 Jul/24/2012 21:46:03 memory wireless, debug wlan2: 00:18:DE:47:D8:2B attempts to associate
192 Jul/24/2012 21:46:03 memory wireless, debug wlan2: reject 00:18:DE:47:D8:2B, banned (last failure - association not possible: invalid AKMP (43))
** repeat five times** Then it goes back to WEP:
201 Jul/24/2012 21:46:06 memory wireless, debug wlan1: 00:18:DE:47:D8:2B attempts to associate
202 Jul/24/2012 21:46:06 memory wireless, debug wlan1: 00:18:DE:47:D8:2B not in local ACL, by default accept
203 Jul/24/2012 21:46:06 memory wireless, info 00:18:DE:47:D8:2B@wlan1: connected
204 Jul/24/2012 21:46:11 memory dhcp, info default assigned 192.168.123.152 to 00:18:DE:47:D8:2B
Then a bit later another node tries to use WPA2:
225 Jul/24/2012 21:48:03 memory wireless, debug wlan2: 00:17:AB:D5:86:62 attempts to associate
226 Jul/24/2012 21:48:03 memory wireless, debug wlan2: 00:17:AB:D5:86:62 not in local ACL, by default accept
227 Jul/24/2012 21:48:03 memory wireless, info 00:17:AB:D5:86:62@wlan2: connected
228 Jul/24/2012 21:48:03 memory wireless, info 00:17:AB:D5:86:62@wlan2: disconnected, received disassoc: sending station leaving (8)
By this point, the Registration table has gone from four to zero WPA2 clients. I reboot and everything comes back up.
So virtual access point wlan2, which uses the WPA2 security profile, lost its ability to authorize or keep even users with strong connections, not to mention ones with flaky connections. There's clearly something buggy about the code, probably the wpa2 part. Just maybe it's tied to being a virtual AP. I haven't flipped the profiles to make WPA2 the primary and WEP virtual.