Re: Cisco Aironet 1200 Series - optimization question

On Mar 26, 12:14 pm, Jeff Liebermann <j...@xxxxxxxxxxxxxxxxxxxxxx>
wrote:
jdieckm...@xxxxxxxxxxxxxxxxxxxxxxxx hath wroth:

I have a pair of Aironet 1231G units I purchased to do a bridge
between 2 buildings, & we're experiencing serious network degradation
first thing in the morning.

Yep. That's typical. I have a wireless link to the servers from a
remote office. Everything comes on at once, looks furiously for
Windoze and anti-virus updates, and cloggs the network for about 15-30
minutes. No way around it except to install SMS server with locally
stored updates.

I realize that the start of the workday
will be a bit laggy due to all the PCs on the network logging on &
requesting service,

It's way more traffic than that. My own desktop starts up with:
1. Windoze Update.
2. Anti-spyware update
3. Anti-virus update
4. Quicktime update.
5. Google Pack update (which includes Firefox, Acrobat, Thunderbird,
and Google apps updates)
7. NTP time sync
8. Office Active Sync to office server.
9. RDIST project directory synchronization.
10. Whatever else I forgot.

I suggest you do some traffic monitoring with Ethereal/WireShark and
see what's actually moving on the wireless link. I think you might be
suprised. I was accidentally replicating an ever growing monster log
file between my office for no obvious reason. Since both sides added
records to the file, it was contantly going back and forth.

I think you'll be suprised if you sniff your traffic. I've found
Bittorrent servers running on corporate LAN's and users watching
videos fed from their homes.

but I have a set of Nortel Baystack switches that
are 10/100/1000 in my main location providing the backbone, so that
shouldn't be an issue. Both domain controllers have Gig network cards
(Intel Pro), so the ability for PCs to synchronize files to their home
folders shouldn't be so hampered that it takes users 15 minutes to log
in.

Ok, so the symptom is that the system appears to be so congested that
it takes users 15 minutes to log on? Is that correct? Any other
symptoms?

In any event, I'd like to know (as somewhat of a WiFi newbie) what I
can do to possibly optimize these 2 units so they either ignore
traffic not destined for devices on the other side of the wireless (at
the remote location), or just to fine tune them so they aren't letting
all the broadcast traffic through.

My measurements of broadcast traffic on a typical Microsloth LAN is
that it accounts for no more than about 8% of the peak bandwidth. In
most cases, it's much less. Broadcast traffic is not your problem if
you have adequate wireless bandwidth.

The PCs on the remote side
communicate w/ 4 servers & a couple printers on the other side (main
office location), & occasionally we have users at the main site who
will send jobs to a network printer or two on the wireless side, as
well as myself using VNC to support users there, & our patch manager
pushing updates out as scheduled (usually during evening downtime).
Any help would be greatly appreciated.

That's all very light traffic. The print jobs might be huge if
infested with graphics. What's missing are the monster file transfers
and database updates.

What's also missing from your description are any useful numbers. For
example, at what wireless speed are you connecting betweeen offices?
In general, your thruput should be about half your connection speed.
Therefore, for a 54Mbit/sec connection, you should get about
25Mbits/sec thruput minus anywhere from 5-20% loss for encryption and
VPN.

Have you measured the wireless thruput? If not, use IPerf:
<http://dast.nlanr.net/Projects/Iperf/>
for benchmarking between both ends. Try to do it without any traffic
on the wireless. Also do it through your maze of switches and
spagetti to make sure they aren't part of the problem. I have an
IPerf daemon (service) running on some of my Unix/Linux boxes
specifically for performance testing.

The Cisco 1231G has SNMP built in. That will allow you to deploy
proper traffic monitoring. For starters, I suggest you configure the
access points for SNMP, and run MRTG on a monitoring station or
server. You'll get traffic graphs in both directions.
<http://oss.oetiker.ch/mrtg/>
What you're looking for are traffic patterns, any peaks (such as
someone running a backup over the wireless), saturation, and possibly
indications of interference. You can tell quite a bit from traffic
history. In addition, you can also add graphs for the switches and
routers if they are "managed" devices (support SNMP).

If you want something fancier, try RRDTool:
<http://oss.oetiker.ch/rrdtool/>

Once you have SNMP running on the radios, you can also use it for
troubleshooting and error reporting. For this, you'll need the
various Cisco MIB files:
<http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml>
and a MIB browser:
<http://www.wtcs.org/snmp4tpc/getif.htm> (not the best but what I use)
to look at the numbers from the wireless bridges. You can also see
some of these numbers from the IOS or web based configuration
interface. Any imparements to traffic will show up as
retransmissions, lost packets, packet corruption, or loss in thruput.

Once you have some history, a collection of performance statistics,
and some clue as to what traffic is actually moving on your WLAN, then
we can talk about optimizing your network.

--
Jeff Liebermann j...@xxxxxxxxxxxxxxxxxxxxxx
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Wow, thanks for the detailed reply. Unfortunately, my knowledge of
TCP/IP is still a bit limited, so when I try to interpret Ethereal
logs, my head starts to hurt because I have a hard time figuring out
what I'm looking at. I've also only briefly played with SNMP, though
I'd be willing to give it a go if it will help me figure out what is
causing the link to be so slow.

.

Relevant Pages

  • Re: Network slow after 2nd DC
    ... You can consider this a new network. ... It is the only DC running DNS and DHCP ... All servers have fixed IP's ... every hour for the last 3 hours because the updates did not change the ...
    (microsoft.public.windows.server.active_directory)
  • Re: Cisco Aironet 1200 Series - optimization question
    ... Windoze and anti-virus updates, and cloggs the network for about 15-30 ... see what's actually moving on the wireless link. ... Bittorrent servers running on corporate LAN's and users watching ...
    (alt.internet.wireless)
  • Re: WPA-PSK wierd problem
    ... All updates etc from Windows Update were applied and checked ... My network does not have the same name as his - I changed mine for security ... Took it back to them and although I can see their wireless network, ... When it asks for the WPA network key and I input their key, ...
    (alt.internet.wireless)
  • Re: Doesnt anyone Know anything about roaming?
    ... The clients and servers use PEAP-MS-CHAP v2 authentication with 'fast ... A laptop user will successfully authenticate against the nearest access ... > you can mix brands, operating systems, even network a Mac to a Windows PC ... > The heart of your network will be a wireless access point and the Internet ...
    (microsoft.public.internet.radius)
  • Re: Patching internet facing MS systems
    ... My network is set up similar to yours. ... one for web servers, another for sql servers, and then the LAN where ... WSUS and vice-versa. ... group in WSUS and the server doles out the updates as necessary. ...
    (Security-Basics)