Re: WDS + WPA + RADIUS problem
- From: Jeff Liebermann <jeffl@xxxxxxxxxx>
- Date: Sat, 28 Mar 2009 21:00:05 -0700
On Sat, 28 Mar 2009 17:56:30 -0700 (PDT), "davidr (at) insane (dot)
net (dot) au" <davidr@xxxxxxxxxxxxx> wrote:
see that's the thing, the radios aren't doing any DHCP. that's all
being handled by the server.
Oops. Just for fun, dive into the router from a telnet or SSH session
and query the ARP table with:
arp -a
vlan0 is the WAN ethernet interface.
br0 is the LAN ethernet interface.
wl0 is the wireless.
the radios were storing bandwidth data to
nvram, so I disabled that, but it still reboots. infact after i
disabled logging bandwidth utilisation to the main radio (ap1, which
is still in the WDS configuration), the unit locked up.
Something is really wrong here. I'm not sure what version of Tomato
you're using but version I favor for DD-WRT is v24 SP1 (nokaid). I
tried a pre-SP2 and has some really strange problems, so I went back
to SP1.
i know the lock up is a result of a reboot, as i've previously
telnet'ed into the device and rebooted it, or clicked the reboot
option inside the web interface and it has never come backup -
requiring a hard reset.
That's all wrong. I've only been playing with alternative firmware
for perhaps 5 years and have never had a router fail to recover from
command line or menu driven reboot. I've had failures after firmware
uploads, but not ordinary reboots. What's interesting is that all
your devices are doing it to varying degrees. Are you using the exact
same firmware images on all the routers? Try a different build? If
it still hangs on reboot, it's possible you have a hardware issue.
That reminds me. The WRT54GL (WRT54G v2-v4) will tolerate a very wide
range of power supply voltages. It's possible that you may be
experiencing power glitches. Try running it off a 6V or 12V gel cell
battery or battery yet, a gel cell battery and charger.
i'll have to go look up the non-overlapping channels, but yes,
definite improvement. apparently the next building in the complex will
start construction at the end of the year. i've now convinced the
client (after all of these problems) to run fibre to the building for
the backhaul.
Fiber and multiple CAT5 cables. Don't worry, they'll find a use for
the cables (alarm, phone, internet, surveillance, HVAC, etc).
this entry is me disabling bandwidth recording to nvram last night. at
which point the router locked up again.
Mar 28 22:41:58 unilink-ap01 kernel: nvram_commit(): init
Mar 28 22:41:59 unilink-ap01 kernel: nvram_commit(): end
I was hoping to see a kernel panic. Very strange.
after that there are no more entries till 1.30am when the unit was
either power cycled or miraculously came back online all by itself
(doubtful, but haven't spoken to client this morning to ascertain).
Power glitch? They work both ways. They can hang a router, but if
the outage is long enough, they can also reboot the router. Also, see
if crontab has anything in it that smells like a reboot at 0130.
Hmmm... crontab -l doesn't seem to work on dd-wrt. Try:
# cat /tmp/crontab
or
# cd /etc/cron.d
and see what files you find.
here are entries from when ap02 (which is not in WDS) has randomly
rebooted.
No evidence of a failure. Just the usual hour markers and syslog
updates.
hrmm.. we do run snort+snortsam plus ipp2p on the linux gateway to
block all p2p type traffic.
Nope. You're blocking all P2P traffic that goes through the gateway.
You can still have P2P between clients that are all inside the LAN. Do
you have enabled "AP isolation" (also known as client isolation)
enabled in the DD-WRT Wireless -> Advanced Settings page? You need
this to keep your LAN side from becoming a private gaming network.
Obviously it's not going to be 100%, but
it generally does a decent job. That's not to say that it isn't a
result of buffer overload either. i'll dig into the settings and see
what i can find to block more thoroughly.
Don't bother. Just do some sniffing on the gateway and see what
moving through it. Also what's moving through the LAN side.
One of the posts I read regarding this random reboot problem suggested
that it could be in relation to certain wireless clients causing a
problem with WL and forcing a reboot. I've lost the post now, but
quite a few people were experiencing this problem.
Oh, I know how to crash a wireless system intentionally. However, I
don't think you're clients are doing much of that. Sniff the over the
air wireless traffic and see if you find an unusually large amount of
ARP packets. Also, an unusually large number of source MAC addresses.
Did you try the router exploits tests I suggested?
find. the other thing i didn't find (and i'm sure a quick search of
the openwrt forums would present it) is how to set the radio power..
but yer, i'll go hunting.. can't be too hard.. i assume an nvram
setting.
Almost everything to the radio is done with the "wl" command.
<http://www.dd-wrt.com/wiki/index.php/Wl_command>
There are multiple methods, some of which have been disabled in
DD-WRT.
wl curpower (return current power level setting)
wl powerindex (set power for 802.11a radio)
wl pwr_percent XX (get/set percent of tx max power)
wl txpwr1 (set tx power in assorted units)
-d dbm units
-q quarter dbm units
-m milliwatt units
-o turn on override to disable regulatory limits
wl txpwr (get/set power level in mw)
I guess(tm) that an:
nvram commit
will save the current settings.
The last one is ummm... interesting:
root@DD-WRT:~# wl txpwr
pwr in mw -2147483574
pwr in mw after override adj 74
-2147483577
Swell... Looks like I have some garbage in NVRAM.
Setting the power to +20dB and checking the results:
root@DD-WRT:~# wl txpwr1 -d 20
root@DD-WRT:~# wl txpwr
pwr in mw 80
pwr in mw after override adj 80
100
or better yet:
root@DD-WRT:~# wl txpwr1
TxPower is 80 qdbm, 20.00 dbm, 100 mW Override is Off
Nice.
Remote reboot is fairly easy. The sloppy way is with X10 type power
line modules. I have several remote sites with pager operated power
controls. I used to use garage door openers for "drive by" reboots.
There's also a setting in DD-WRT to have cron reboot the router at
regular times or intervals.
hrmm.. that's trick. i'll have to have a look into this.. for me, it
needs to be as automatic as possible, the site in quesiton is 1 1/2
hour drive by highway from where i am located..
I maintain a few mountain top weather stations. The drive is anywhere
from 1 to 4 hours depending on the weather and road conditions. The
systems usually fail when it's too hot, wet, windy, or cold. So, I
have to implement various remote reboot systems. My favorite is
butchering a Motorola Bravo page display section to act as a secondary
decoder and relay driver. All it takes is an EPROM (or mess of
diodes) hung off the display section. This allows me to use only one
pager phone number, and program all the pagers for the same capcode.
They all go off at the same time and display the same digits, but only
the one with the matching decoder code, will close the relay. You can
also get commercial systems with built in pagers:
<http://www.nighthawksystems.com> (formerly PageTap).
--
Jeff Liebermann jeffl@xxxxxxxxxx
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558
.
- References:
- Re: WDS + WPA + RADIUS problem
- From: Jeff Liebermann
- Re: WDS + WPA + RADIUS problem
- From: davidr (at) insane (dot) net (dot) au
- Re: WDS + WPA + RADIUS problem
- From: Jeff Liebermann
- Re: WDS + WPA + RADIUS problem
- From: davidr (at) insane (dot) net (dot) au
- Re: WDS + WPA + RADIUS problem
- From: davidr (at) insane (dot) net (dot) au
- Re: WDS + WPA + RADIUS problem
- From: Jeff Liebermann
- Re: WDS + WPA + RADIUS problem
- From: davidr (at) insane (dot) net (dot) au
- Re: WDS + WPA + RADIUS problem
- Prev by Date: Re: WDS + WPA + RADIUS problem
- Next by Date: Re: WDS + WPA + RADIUS problem
- Previous by thread: Re: WDS + WPA + RADIUS problem
- Next by thread: Re: WDS + WPA + RADIUS problem
- Index(es):
Relevant Pages
|
