 |
 |
Why I still hate wireless security
|
|
|
|
|
Moderator  Join Date: Oct 2001
Location: San Jose, CA
Status:
Offline
|
|
This weekend, I finally set up my machines and clients to use the two routers (Airport Express and Extreme) I have to separate into separate G and N networks with wireless security enabled. For those who didn't see my prior topic, here's the network:
cable modem -> Extreme (n) -> powerline ethernet to office -> Express (g; has two printers attached)
N client: only one, my MBP
G clients:
12" PB G4
iPod Touch
Wii
DS Lite and DSi
PSP
WET54G wireless bridge with ethernet devices connected through a hub: Netflix player (I know this has wireless itself, but I'm experimenting), Slingbox, Tivo
I spent about 2 or 3 hours setting all this up and then finally enabling security on both routers (WPA/WPA2; some of these devices only do WPA). Well, now the Express router has been acting strange. I think there is something wrong with it. Occasionally, it loses connection. When I try to reconnect to its network with a Mac, I get a "Connection Timeout" error until I restart the base station, which seems to take a longer time than when I usually make changes to its configuration. I'm thinking there's something wrong with its creation of new security keys since it works fine when security is turned off. See this redacted log fragment:
Sep 14 21:52:25 Severity:5 Associated with station xx:xx:xx:xx:xx:xx
Sep 14 21:52:25 Severity:5 Installed unicast CCMP key for supplicant xx:xx:xx:xx:xx:xx
Sep 14 21:52:35 Severity:5 Disassociated with station xx:xx:xx:xx:xx:xx
Sep 14 21:52:36 Severity:5 Rotated TKIP group key.
Sep 14 21:53:16 Severity:5 Associated with station xx:xx:xx:xx:xx:xx
Sep 14 21:53:16 Severity:5 Installed unicast CCMP key for supplicant xx:xx:xx:xx:xx:xx
Sep 14 21:57:19 Severity:5 Connection accepted from [bridge0]:50095.
Sep 14 21:57:21 Severity:5 Connection accepted from [bridge0]:50104.
Sep 14 21:57:21 Severity:5 Connection accepted from [bridge0]:50105.
Sep 14 21:59:12 Severity:5 Idle timeout for station xx:xx:xx:xx:xx:xx
Sep 14 21:59:12 Severity:5 Disassociating with station xx:xx:xx:xx:xx:xx (reserved 4).
Sep 14 21:59:12 Severity:5 Disassociated with station xx:xx:xx:xx:xx:xx
Sep 14 21:59:17 Severity:5 Deauthenticating with station xx:xx:xx:xx:xx:xx (reserved 2).
Sep 14 21:59:17 Severity:5 Rotated TKIP group key.
Sep 14 21:59:17 Severity:5 Deauthenticating with station xx:xx:xx:xx:xx:xx (reserved 2).
Sep 14 21:59:17 Severity:5 Disassociated with station xx:xx:xx:xx:xx:xx
Sep 14 21:59:17 Severity:5 Disassociated with station xx:xx:xx:xx:xx:xx
The connection went down right around here somewhere. I had my WPA group key timeout set to the default of 1 hour, though it seems to change the key more frequently than that. Is that normal? I've now changed the timeout to a day, so I'll see how that holds. This was a refurb, so if you guys think there is a problem with it, I'm off to the Apple store. Any ideas?
Steve
|
|
Celebrating 10 years and 4000 posts on MacNN!
|
| |
|
|
|
|
|
|
|
Posting Junkie
Join Date: Nov 2000
Location: in front of my Mac
Status:
Offline
|
|
To me this could just as well be a WPA issue. I'm not very familiar with it because I use WPA2 though. Just for testing purposes, does disconnecting certain clients help? Does running the Express with WPA2 (just for testing, I know you need WPA for certain devices) help?
Regarding your setup, I think the Express might not be the right device for what you're doing. You have a lot of clients on the Express and you go so far as to hook up another router for wired clients. To me it sounds like you should return the Express and get an Extreme instead. The Extreme was built to handle many different clients and it also has three LAN ports so you can get rid of the extra router (with wifi and LAN simpler is always better). I'm not saying the Express can't do what you want, but it wasn't exactly meant for that. The Extreme OTOH was. It will be a simpler and less error-prone setup.
|
|
•
|
| |
|
|
|
|
|
|
|
Moderator Join Date: Oct 2001
Location: San Jose, CA
Status:
Offline
|
|
The wireless bridge is in a completely different room (my garage & "man cave") so it has to stay. The extra router is required to access my printers in the office which are not at the cable modem drop point downstairs in the living room.
As for getting another extreme, I was trying to save a buck here. I've already spent *way* more than I intended. As long as I don't have too many clients (and not all of these clients are active at the same time), there's no excuse for the Express to keep failing like this. It happened again tonight even with the extended key timeout, so I'm going to take it to the Apple store tomorrow.
I don't see why having a mixed network of WPA and WPA2 would be an issue. Any reason why this might be?
Steve
(Last edited by ibook_steve; Sep 15, 2009 at 04:24 AM.
)
|
|
Celebrating 10 years and 4000 posts on MacNN!
|
| |
|
|
|
|
|
|
|
Posting Junkie
Join Date: Oct 2005
Location: Houston, TX
Status:
Offline
|
|
Are you using the same SSID, but WPA on one AP and WPA2 on another?
|
|
|
| |
|
|
|
|
|
|
|
Moderator Join Date: Oct 2001
Location: San Jose, CA
Status:
Offline
|
|
Two different SSIDs. WPA2 personal on the Extreme and WPA/WPA2 personal on the Express.
Steve
|
|
Celebrating 10 years and 4000 posts on MacNN!
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
