Problem: High WLAN activity

Archived from groups: alt.internet.wireless (More info?)

Our network consists of one accesspoint (802.11b), and about 25 connected
clients. About half of the clients uses a Linksys WET11, the other half uses
the Senao 2511.
From time to time all clients see high WLAN activity (blinking led), even if
the LAN side of the client is not connected. Using another AP (Senao SL-2511
AP PRO plus) doesn't solve the problem:-(
At the the high WLAN activity latency time increases so much, that it is
almost impossible to browse the internet. As a possible solution, all
clients are set to a maximum of 2 MB/s. This didnt solve the problem either.

Anyone an idea?


Kind reagrds,

Marcel


--
Posted by news://news.nb.nu
15 answers Last reply
More about problem high wlan activity
  1. Archived from groups: alt.internet.wireless (More info?)

    Is the network secured with encryption either WPA or WEP. If you are using
    WEP make sure it is not Open System or AUTO, it should be Closed System.
    Then you could also use MAC address filtering.

    If it isn't a security issue then I am not sure. I was just thinking you may
    have a freeloader who is downloading.

    Nite Rider
    "Marcel Joustra" <mrf.joustra@ditweghavank.nl> wrote in message
    news:412ecf64$1@news.nb.nu...
    > Our network consists of one accesspoint (802.11b), and about 25 connected
    > clients. About half of the clients uses a Linksys WET11, the other half
    uses
    > the Senao 2511.
    > From time to time all clients see high WLAN activity (blinking led), even
    if
    > the LAN side of the client is not connected. Using another AP (Senao
    SL-2511
    > AP PRO plus) doesn't solve the problem:-(
    > At the the high WLAN activity latency time increases so much, that it is
    > almost impossible to browse the internet. As a possible solution, all
    > clients are set to a maximum of 2 MB/s. This didnt solve the problem
    either.
    >
    > Anyone an idea?
    >
    >
    > Kind reagrds,
    >
    > Marcel
    >
    >
    > --
    > Posted by news://news.nb.nu
  2. Archived from groups: alt.internet.wireless (More info?)

    On Fri, 27 Aug 2004 07:58:38 GMT, Nite Rider spoketh

    >Is the network secured with encryption either WPA or WEP. If you are using
    >WEP make sure it is not Open System or AUTO, it should be Closed System.
    >Then you could also use MAC address filtering.
    >
    >If it isn't a security issue then I am not sure. I was just thinking you may
    >have a freeloader who is downloading.
    >

    Actually, if you are using WEP, you should use Open System because
    Closed System exposes your WEP keys...

    If you're using WPA, it doesn't matter, as the keys are not used for
    authentication.

    Since it sounds like a business, I'd suggest looking into using a Radius
    server to authenticate all the connections to the wireless network.

    Lars M. Hansen
    http://www.hansenonline.net
    (replace 'badnews' with 'news' in e-mail address)
  3. Archived from groups: alt.internet.wireless (More info?)

    "Marcel Joustra" <mrf.joustra@ditweghavank.nl> wrote:
    >clients are set to a maximum of 2 MB/s. This didnt solve the problem either.

    What's your broadband speed? At 25x2, you are requiring 50 megabits
    of bandwidth....

    Maybe a machine or a number of machines are all hitting the net at
    once silently for vrus updates or WinUp or something...
  4. Archived from groups: alt.internet.wireless (More info?)

    "Nite Rider" <niteriderxp@hotmail.com> schreef in bericht
    news:OQBXc.52987$9d6.14072@attbi_s54...
    > Is the network secured with encryption either WPA or WEP. If you are using
    > WEP make sure it is not Open System or AUTO, it should be Closed System.

    No it is not secured by WEP or WPA. All connections through the air are VPN
    encrypted tunnels.....

    > Then you could also use MAC address filtering.
    >

    We know, but discovered that intruders begin to fake MAC addresses of
    regular clients.


    > If it isn't a security issue then I am not sure. I was just thinking you
    may
    > have a freeloader who is downloading.
    >


    That's what i was thinking of. But if there is a free downloader, why should
    the WLAN led on all the other customers blink heavily? If there is traffic
    from the AP to one of the clients, other clients should not have blinking
    wlan leds.....? Or could this be the case if they use other protocols then
    tcp/ip (like netbios?)


    Marcel


    --
    Posted by news://news.nb.nu
  5. Archived from groups: alt.internet.wireless (More info?)

    "Lars M. Hansen" <badnews@hansenonline.net> schreef in bericht
    >
    > Actually, if you are using WEP, you should use Open System because
    > Closed System exposes your WEP keys...
    >

    > If you're using WPA, it doesn't matter, as the keys are not used for
    > authentication.
    >

    we don't use both.

    > Since it sounds like a business, I'd suggest looking into using a Radius
    > server to authenticate all the connections to the wireless network.
    >


    We have a radius server to allow encrypted tunnels from the AP to the
    internet. But the way is clear for clients to generate traffic from or to
    the AP...(to other clients)


    Marcel


    --
    Posted by news://news.nb.nu
  6. Archived from groups: alt.internet.wireless (More info?)

    On Fri, 27 Aug 2004 22:51:22 +0200, Marcel Joustra spoketh

    >
    >"Lars M. Hansen" <badnews@hansenonline.net> schreef in bericht
    >>
    >> Actually, if you are using WEP, you should use Open System because
    >> Closed System exposes your WEP keys...
    >>
    >
    >> If you're using WPA, it doesn't matter, as the keys are not used for
    >> authentication.
    >>
    >
    >we don't use both.
    >
    >> Since it sounds like a business, I'd suggest looking into using a Radius
    >> server to authenticate all the connections to the wireless network.
    >>
    >
    >
    >We have a radius server to allow encrypted tunnels from the AP to the
    >internet. But the way is clear for clients to generate traffic from or to
    >the AP...(to other clients)
    >
    >
    >Marcel

    If you have a radius server, then I strongly suggest that you consider
    using either WEP with Radius authentication or WPA with Radius
    authentication. It will definitely keep the intruders out, assuming you
    have a strong password policy in place.


    Lars M. Hansen
    http://www.hansenonline.net
    (replace 'badnews' with 'news' in e-mail address)
  7. Archived from groups: alt.internet.wireless (More info?)

    <William P.N. Smith> schreef in bericht
    news:apoui05mf7mh8241buo8kb77lm996ekkpa@4ax.com...


    >
    > What's your broadband speed? At 25x2, you are requiring 50 megabits
    > of bandwidth....
    >
    > Maybe a machine or a number of machines are all hitting the net at
    > once silently for vrus updates or WinUp or something...
    >

    Maximum for this AP is 5 mbit/s But we can monitor on the DSL interface that
    this speed (at the moment the problem occurs) is only 1-2 mbit/s (and
    dropping down because no clients are able to communicate on a normal way to
    the accesspoint)


    Marcel


    --
    Posted by news://news.nb.nu
  8. Archived from groups: alt.internet.wireless (More info?)

    "Lars M. Hansen" <badnews@hansenonline.net> schreef in bericht

    Hi Lars (<g> name of my son:-)

    > If you have a radius server, then I strongly suggest that you consider
    > using either WEP with Radius authentication or WPA with Radius
    > authentication. It will definitely keep the intruders out, assuming you
    > have a strong password policy in place.
    >

    Ok, but if the problem is not an intruder, but one of my clients? I have to
    determine the problem first, before i have the solution.

    What do you (or anyone else) think of the fact that all WLAN leds on all
    clients are blinking heavily? (not all the time, just for 1-60 minutes, like
    some big transferring is going on). On normal tcp/ip only the wlan led of
    the client receiving or sending is blinking, not on a client who doesn't
    have traffic. What causes this blinking on other clients? Netbios? Other
    protocols?


    Marcel.


    --
    Posted by news://news.nb.nu
  9. Archived from groups: alt.internet.wireless (More info?)

    On Fri, 27 Aug 2004 23:38:52 +0200, Marcel Joustra spoketh

    >
    >"Lars M. Hansen" <badnews@hansenonline.net> schreef in bericht
    >
    >Hi Lars (<g> name of my son:-)
    >
    >> If you have a radius server, then I strongly suggest that you consider
    >> using either WEP with Radius authentication or WPA with Radius
    >> authentication. It will definitely keep the intruders out, assuming you
    >> have a strong password policy in place.
    >>
    >
    >Ok, but if the problem is not an intruder, but one of my clients? I have to
    >determine the problem first, before i have the solution.
    >
    >What do you (or anyone else) think of the fact that all WLAN leds on all
    >clients are blinking heavily? (not all the time, just for 1-60 minutes, like
    >some big transferring is going on). On normal tcp/ip only the wlan led of
    >the client receiving or sending is blinking, not on a client who doesn't
    >have traffic. What causes this blinking on other clients? Netbios? Other
    >protocols?
    >
    >
    >Marcel.

    Wireless traffic is "broadcast", so all wireless clients will see
    everything, but only accept the traffic which has a destination address
    matching their MAC address. That's why all clients will flash even if
    only one of them are actually actively moving data across the wireless
    network.

    Lars M. Hansen
    http://www.hansenonline.net
    (replace 'badnews' with 'news' in e-mail address)
  10. Archived from groups: alt.internet.wireless (More info?)

    On Sat, 28 Aug 2004 12:20:33 -0400, Lars M. Hansen spoketh


    >
    >Wireless traffic is "broadcast", so all wireless clients will see
    >everything, but only accept the traffic which has a destination address
    >matching their MAC address. That's why all clients will flash even if
    >only one of them are actually actively moving data across the wireless
    >network.
    >
    >Lars M. Hansen
    >http://www.hansenonline.net
    >(replace 'badnews' with 'news' in e-mail address)

    I'm going to correct myself slightly. Wireless traffic is not broadcast
    in the sense that it uses the broadcast address. It's like a network hub
    pushing all packets out on all ports, rather than a network switch,
    which only pushed packets on the port(s) matching the destination
    address.

    Lars M. Hansen
    http://www.hansenonline.net
    (replace 'badnews' with 'news' in e-mail address)
  11. Archived from groups: alt.internet.wireless (More info?)

    "Marcel Joustra" <mrf.joustra@ditweghavank.nl> wrote in message
    news:412fa9f9$1@news.nb.nu...
    >
    > "Lars M. Hansen" <badnews@hansenonline.net> schreef in bericht
    >
    > Hi Lars (<g> name of my son:-)
    >
    > > If you have a radius server, then I strongly suggest that you consider
    > > using either WEP with Radius authentication or WPA with Radius
    > > authentication. It will definitely keep the intruders out, assuming you
    > > have a strong password policy in place.
    > >
    >
    > Ok, but if the problem is not an intruder, but one of my clients? I have
    to
    > determine the problem first, before i have the solution.
    >
    > What do you (or anyone else) think of the fact that all WLAN leds on all
    > clients are blinking heavily? (not all the time, just for 1-60 minutes,
    like
    > some big transferring is going on). On normal tcp/ip only the wlan led of
    > the client receiving or sending is blinking, not on a client who doesn't
    > have traffic. What causes this blinking on other clients? Netbios? Other
    > protocols?

    Run a wireless sniffer tosee what traffic is going on at the time when the
    performance goes down.

    you can get a 14 day trial on Netassyst from www.sniffer.com - this support
    ethernet and 802.11 wlan.

    you mention using encrypted tunnels, so you may be running some sort of VPN
    across the wlan - maybe that is the culprit? Do local ping times degrade
    when you have browsing problems?

    >
    >
    > Marcel.
    >
    >
    > --
    > Posted by news://news.nb.nu
    --
    Regards

    Stephen Hope - return address needs fewer xxs
  12. Archived from groups: alt.internet.wireless (More info?)

    "Lars M. Hansen" <badnews@hansenonline.net> schreef in bericht
    >
    > I'm going to correct myself slightly. Wireless traffic is not broadcast
    > in the sense that it uses the broadcast address. It's like a network hub
    > pushing all packets out on all ports, rather than a network switch,
    > which only pushed packets on the port(s) matching the destination
    > address.


    I understand. Still i see that a wireless client WLAN led only responds on
    data send to or from his own MAC address. If he doesn't send/receive data
    (i.e. unplug the LAN cable) there is normally no WLAN led activity.
    Possibily if the AP has too much traffic, it askes for all clients to resend
    packets?

    For now i have reconfigured all my clients, to only use speeds 1-2 Mbit/s.
    If the problem is caused by a client, he won't be able to consume the 11
    Mbit/s of the AP for his own. To block intruders MAC filtering is on. DHCP
    is turned off, and it is against our policy to set up a LAN card using fixed
    IP addresses. A packet sniffer will check this. (Normally all internet
    traffic is running through bandwidth controlled VPN tunnels.)


    Thanks for thinking along...


    Marcel


    --
    Posted by news://news.nb.nu
  13. Archived from groups: alt.internet.wireless (More info?)

    "stephen" <stephen_hope.xx@ntlxworld.com> schreef in bericht
    news:IG2Yc.447$477.408@newsfe6-gui.ntli.net...

    >
    > Run a wireless sniffer tosee what traffic is going on at the time when the
    > performance goes down.
    >
    > you can get a 14 day trial on Netassyst from www.sniffer.com - this
    support
    > ethernet and 802.11 wlan.
    >


    The problem is that it is a remote network. If the problem occurs, there
    will be traffic at 5.5 Mbit/s. We have to place the packet sniffer locally,
    because the internet connection stops at 2.3 Mbit/s. It is a suggestion to
    leave a desktop at the AP site.


    > you mention using encrypted tunnels, so you may be running some sort of
    VPN
    > across the wlan - maybe that is the culprit? Do local ping times degrade
    > when you have browsing problems?
    >


    Yes. Local pings run up to 200-300 ms. Is there some clue?


    Regards,


    Marcel


    --
    Posted by news://news.nb.nu
  14. Archived from groups: alt.internet.wireless (More info?)

    "Marcel Joustra" <mrf.joustra@ditweghavank.nl> wrote in message
    news:41316cf7@news.nb.nu...
    >
    > "stephen" <stephen_hope.xx@ntlxworld.com> schreef in bericht
    > news:IG2Yc.447$477.408@newsfe6-gui.ntli.net...
    >
    > >
    > > Run a wireless sniffer tosee what traffic is going on at the time when
    the
    > > performance goes down.
    > >
    > > you can get a 14 day trial on Netassyst from www.sniffer.com - this
    > support
    > > ethernet and 802.11 wlan.
    > >
    >
    >
    > The problem is that it is a remote network. If the problem occurs, there
    > will be traffic at 5.5 Mbit/s. We have to place the packet sniffer
    locally,
    > because the internet connection stops at 2.3 Mbit/s. It is a suggestion to
    > leave a desktop at the AP site.
    >
    >
    >
    > > you mention using encrypted tunnels, so you may be running some sort of
    > VPN
    > > across the wlan - maybe that is the culprit? Do local ping times degrade
    > > when you have browsing problems?
    > >
    >
    >
    > Yes. Local pings run up to 200-300 ms. Is there some clue?

    so - local traffic problem, not just the internet feed.

    i think you need more info - could you set up a sniffer with a remote
    console so you can see what is going on when problems are reported?
    >
    >
    > Regards,
    >
    >
    > Marcel
    >
    >
    > --
    > Posted by news://news.nb.nu
    --
    Regards

    Stephen Hope - return address needs fewer xxs
  15. Archived from groups: alt.internet.wireless (More info?)

    "stephen" <stephen_hope.xx@ntlxworld.com> schreef in bericht
    news:PEhYc.914$xZ3.810@newsfe2-win.ntli.net...

    >
    > i think you need more info - could you set up a sniffer with a remote
    > console so you can see what is going on when problems are reported?


    Thats the only way to discover the problem i guess. Tanks for thinking
    along..

    Marcel


    --
    Posted by news://news.nb.nu
Ask a new question

Read More

WLAN Internet Wireless Networking