Problem: High WLAN activity

[Guest]

Archived from groups: alt.internet.wireless (More info?)

Our network consists of one accesspoint (802.11b), and about 25 connected
clients. About half of the clients uses a Linksys WET11, the other half uses
the Senao 2511.
From time to time all clients see high WLAN activity (blinking led), even if
the LAN side of the client is not connected. Using another AP (Senao SL-2511
AP PRO plus) doesn't solve the problem:-(
At the the high WLAN activity latency time increases so much, that it is
almost impossible to browse the internet. As a possible solution, all
clients are set to a maximum of 2 MB/s. This didnt solve the problem either.

Anyone an idea?


Kind reagrds,

Marcel


--
Posted by news://news.nb.nu

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

Is the network secured with encryption either WPA or WEP. If you are using
WEP make sure it is not Open System or AUTO, it should be Closed System.
Then you could also use MAC address filtering.

If it isn't a security issue then I am not sure. I was just thinking you may
have a freeloader who is downloading.

Nite Rider
"Marcel Joustra" <mrf.joustra@ditweghavank.nl> wrote in message
news:412ecf64$1@news.nb.nu...
> Our network consists of one accesspoint (802.11b), and about 25 connected
> clients. About half of the clients uses a Linksys WET11, the other half
uses
> the Senao 2511.
> From time to time all clients see high WLAN activity (blinking led), even
if
> the LAN side of the client is not connected. Using another AP (Senao
SL-2511
> AP PRO plus) doesn't solve the problem:-(
> At the the high WLAN activity latency time increases so much, that it is
> almost impossible to browse the internet. As a possible solution, all
> clients are set to a maximum of 2 MB/s. This didnt solve the problem
either.
>
> Anyone an idea?
>
>
> Kind reagrds,
>
> Marcel
>
>
> --
> Posted by news://news.nb.nu

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

On Fri, 27 Aug 2004 07:58:38 GMT, Nite Rider spoketh

>Is the network secured with encryption either WPA or WEP. If you are using
>WEP make sure it is not Open System or AUTO, it should be Closed System.
>Then you could also use MAC address filtering.
>
>If it isn't a security issue then I am not sure. I was just thinking you may
>have a freeloader who is downloading.
>

Actually, if you are using WEP, you should use Open System because
Closed System exposes your WEP keys...

If you're using WPA, it doesn't matter, as the keys are not used for
authentication.

Since it sounds like a business, I'd suggest looking into using a Radius
server to authenticate all the connections to the wireless network.

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

"Marcel Joustra" <mrf.joustra@ditweghavank.nl> wrote:
>clients are set to a maximum of 2 MB/s. This didnt solve the problem either.

What's your broadband speed? At 25x2, you are requiring 50 megabits
of bandwidth....

Maybe a machine or a number of machines are all hitting the net at
once silently for vrus updates or WinUp or something...

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

"Nite Rider" <niteriderxp@hotmail.com> schreef in bericht
news:OQBXc.52987$9d6.14072@attbi_s54...
> Is the network secured with encryption either WPA or WEP. If you are using
> WEP make sure it is not Open System or AUTO, it should be Closed System.

No it is not secured by WEP or WPA. All connections through the air are VPN
encrypted tunnels.....

> Then you could also use MAC address filtering.
>

We know, but discovered that intruders begin to fake MAC addresses of
regular clients.



> If it isn't a security issue then I am not sure. I was just thinking you
may
> have a freeloader who is downloading.
>


That's what i was thinking of. But if there is a free downloader, why should
the WLAN led on all the other customers blink heavily? If there is traffic
from the AP to one of the clients, other clients should not have blinking
wlan leds.....? Or could this be the case if they use other protocols then
tcp/ip (like netbios?)


Marcel


--
Posted by news://news.nb.nu

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

"Lars M. Hansen" <badnews@hansenonline.net> schreef in bericht
>
> Actually, if you are using WEP, you should use Open System because
> Closed System exposes your WEP keys...
>

> If you're using WPA, it doesn't matter, as the keys are not used for
> authentication.
>

we don't use both.

> Since it sounds like a business, I'd suggest looking into using a Radius
> server to authenticate all the connections to the wireless network.
>


We have a radius server to allow encrypted tunnels from the AP to the
internet. But the way is clear for clients to generate traffic from or to
the AP...(to other clients)


Marcel


--
Posted by news://news.nb.nu

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

On Fri, 27 Aug 2004 22:51:22 +0200, Marcel Joustra spoketh

>
>"Lars M. Hansen" <badnews@hansenonline.net> schreef in bericht
>>
>> Actually, if you are using WEP, you should use Open System because
>> Closed System exposes your WEP keys...
>>
>
>> If you're using WPA, it doesn't matter, as the keys are not used for
>> authentication.
>>
>
>we don't use both.
>
>> Since it sounds like a business, I'd suggest looking into using a Radius
>> server to authenticate all the connections to the wireless network.
>>
>
>
>We have a radius server to allow encrypted tunnels from the AP to the
>internet. But the way is clear for clients to generate traffic from or to
>the AP...(to other clients)
>
>
>Marcel

If you have a radius server, then I strongly suggest that you consider
using either WEP with Radius authentication or WPA with Radius
authentication. It will definitely keep the intruders out, assuming you
have a strong password policy in place.


Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

<William P.N. Smith> schreef in bericht
news:apoui05mf7mh8241buo8kb77lm996ekkpa@4ax.com...



>
> What's your broadband speed? At 25x2, you are requiring 50 megabits
> of bandwidth....
>
> Maybe a machine or a number of machines are all hitting the net at
> once silently for vrus updates or WinUp or something...
>

Maximum for this AP is 5 mbit/s But we can monitor on the DSL interface that
this speed (at the moment the problem occurs) is only 1-2 mbit/s (and
dropping down because no clients are able to communicate on a normal way to
the accesspoint)


Marcel


--
Posted by news://news.nb.nu

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

"Lars M. Hansen" <badnews@hansenonline.net> schreef in bericht

Hi Lars (<g> name of my son

> If you have a radius server, then I strongly suggest that you consider
> using either WEP with Radius authentication or WPA with Radius
> authentication. It will definitely keep the intruders out, assuming you
> have a strong password policy in place.
>

Ok, but if the problem is not an intruder, but one of my clients? I have to
determine the problem first, before i have the solution.

What do you (or anyone else) think of the fact that all WLAN leds on all
clients are blinking heavily? (not all the time, just for 1-60 minutes, like
some big transferring is going on). On normal tcp/ip only the wlan led of
the client receiving or sending is blinking, not on a client who doesn't
have traffic. What causes this blinking on other clients? Netbios? Other
protocols?


Marcel.


--
Posted by news://news.nb.nu

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

On Fri, 27 Aug 2004 23:38:52 +0200, Marcel Joustra spoketh

>
>"Lars M. Hansen" <badnews@hansenonline.net> schreef in bericht
>
>Hi Lars (<g> name of my son
>
>> If you have a radius server, then I strongly suggest that you consider
>> using either WEP with Radius authentication or WPA with Radius
>> authentication. It will definitely keep the intruders out, assuming you
>> have a strong password policy in place.
>>
>
>Ok, but if the problem is not an intruder, but one of my clients? I have to
>determine the problem first, before i have the solution.
>
>What do you (or anyone else) think of the fact that all WLAN leds on all
>clients are blinking heavily? (not all the time, just for 1-60 minutes, like
>some big transferring is going on). On normal tcp/ip only the wlan led of
>the client receiving or sending is blinking, not on a client who doesn't
>have traffic. What causes this blinking on other clients? Netbios? Other
>protocols?
>
>
>Marcel.

Wireless traffic is "broadcast", so all wireless clients will see
everything, but only accept the traffic which has a destination address
matching their MAC address. That's why all clients will flash even if
only one of them are actually actively moving data across the wireless
network.

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

On Sat, 28 Aug 2004 12:20:33 -0400, Lars M. Hansen spoketh


>
>Wireless traffic is "broadcast", so all wireless clients will see
>everything, but only accept the traffic which has a destination address
>matching their MAC address. That's why all clients will flash even if
>only one of them are actually actively moving data across the wireless
>network.
>
>Lars M. Hansen
>http://www.hansenonline.net
>(replace 'badnews' with 'news' in e-mail address)

I'm going to correct myself slightly. Wireless traffic is not broadcast
in the sense that it uses the broadcast address. It's like a network hub
pushing all packets out on all ports, rather than a network switch,
which only pushed packets on the port(s) matching the destination
address.

Lars M. Hansen
http://www.hansenonline.net
(replace 'badnews' with 'news' in e-mail address)

 

[Stephen]

Archived from groups: alt.internet.wireless (More info?)

"Marcel Joustra" <mrf.joustra@ditweghavank.nl> wrote in message
news:412fa9f9$1@news.nb.nu...
>
> "Lars M. Hansen" <badnews@hansenonline.net> schreef in bericht
>
> Hi Lars (<g> name of my son
>
> > If you have a radius server, then I strongly suggest that you consider
> > using either WEP with Radius authentication or WPA with Radius
> > authentication. It will definitely keep the intruders out, assuming you
> > have a strong password policy in place.
> >
>
> Ok, but if the problem is not an intruder, but one of my clients? I have
to
> determine the problem first, before i have the solution.
>
> What do you (or anyone else) think of the fact that all WLAN leds on all
> clients are blinking heavily? (not all the time, just for 1-60 minutes,
like
> some big transferring is going on). On normal tcp/ip only the wlan led of
> the client receiving or sending is blinking, not on a client who doesn't
> have traffic. What causes this blinking on other clients? Netbios? Other
> protocols?

Run a wireless sniffer tosee what traffic is going on at the time when the
performance goes down.

you can get a 14 day trial on Netassyst from www.sniffer.com - this support
ethernet and 802.11 wlan.

you mention using encrypted tunnels, so you may be running some sort of VPN
across the wlan - maybe that is the culprit? Do local ping times degrade
when you have browsing problems?

>
>
> Marcel.
>
>
> --
> Posted by news://news.nb.nu
--
Regards

Stephen Hope - return address needs fewer xxs

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

"Lars M. Hansen" <badnews@hansenonline.net> schreef in bericht
>
> I'm going to correct myself slightly. Wireless traffic is not broadcast
> in the sense that it uses the broadcast address. It's like a network hub
> pushing all packets out on all ports, rather than a network switch,
> which only pushed packets on the port(s) matching the destination
> address.


I understand. Still i see that a wireless client WLAN led only responds on
data send to or from his own MAC address. If he doesn't send/receive data
(i.e. unplug the LAN cable) there is normally no WLAN led activity.
Possibily if the AP has too much traffic, it askes for all clients to resend
packets?

For now i have reconfigured all my clients, to only use speeds 1-2 Mbit/s.
If the problem is caused by a client, he won't be able to consume the 11
Mbit/s of the AP for his own. To block intruders MAC filtering is on. DHCP
is turned off, and it is against our policy to set up a LAN card using fixed
IP addresses. A packet sniffer will check this. (Normally all internet
traffic is running through bandwidth controlled VPN tunnels.)


Thanks for thinking along...


Marcel


--
Posted by news://news.nb.nu

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

"stephen" <stephen_hope.xx@ntlxworld.com> schreef in bericht
news:IG2Yc.447$477.408@newsfe6-gui.ntli.net...

>
> Run a wireless sniffer tosee what traffic is going on at the time when the
> performance goes down.
>
> you can get a 14 day trial on Netassyst from www.sniffer.com - this
support
> ethernet and 802.11 wlan.
>


The problem is that it is a remote network. If the problem occurs, there
will be traffic at 5.5 Mbit/s. We have to place the packet sniffer locally,
because the internet connection stops at 2.3 Mbit/s. It is a suggestion to
leave a desktop at the AP site.



> you mention using encrypted tunnels, so you may be running some sort of
VPN
> across the wlan - maybe that is the culprit? Do local ping times degrade
> when you have browsing problems?
>


Yes. Local pings run up to 200-300 ms. Is there some clue?


Regards,


Marcel


--
Posted by news://news.nb.nu

 

[Stephen]

Archived from groups: alt.internet.wireless (More info?)

"Marcel Joustra" <mrf.joustra@ditweghavank.nl> wrote in message
news:41316cf7@news.nb.nu...
>
> "stephen" <stephen_hope.xx@ntlxworld.com> schreef in bericht
> news:IG2Yc.447$477.408@newsfe6-gui.ntli.net...
>
> >
> > Run a wireless sniffer tosee what traffic is going on at the time when
the
> > performance goes down.
> >
> > you can get a 14 day trial on Netassyst from www.sniffer.com - this
> support
> > ethernet and 802.11 wlan.
> >
>
>
> The problem is that it is a remote network. If the problem occurs, there
> will be traffic at 5.5 Mbit/s. We have to place the packet sniffer
locally,
> because the internet connection stops at 2.3 Mbit/s. It is a suggestion to
> leave a desktop at the AP site.
>
>
>
> > you mention using encrypted tunnels, so you may be running some sort of
> VPN
> > across the wlan - maybe that is the culprit? Do local ping times degrade
> > when you have browsing problems?
> >
>
>
> Yes. Local pings run up to 200-300 ms. Is there some clue?

so - local traffic problem, not just the internet feed.

i think you need more info - could you set up a sniffer with a remote
console so you can see what is going on when problems are reported?
>
>
> Regards,
>
>
> Marcel
>
>
> --
> Posted by news://news.nb.nu
--
Regards

Stephen Hope - return address needs fewer xxs

 

[Guest]

Archived from groups: alt.internet.wireless (More info?)

"stephen" <stephen_hope.xx@ntlxworld.com> schreef in bericht
newsEhYc.914$xZ3.810@newsfe2-win.ntli.net...

>
> i think you need more info - could you set up a sniffer with a remote
> console so you can see what is going on when problems are reported?


Thats the only way to discover the problem i guess. Tanks for thinking
along..

Marcel


--
Posted by news://news.nb.nu