No DHCP via Wireless?

[StarTrek4U]

So I'm totally stumped and I'm hoping someone might have some insight for me. Here's my problem, I have a number of WAP54G AP's floating around my company to use for wireless access to sync some PDAs we use. My problem is this, recently my APs began to not forward DHCP addresses to any wireless clients as long as there is encryption on the wireless network, the moment I take it off it works fine. All of our wired clients get DHCP addresses no problem and have for some time. I can statically assign an IP to a wireless device and have it work but this isn't a feasible solution since I have 50+ PDAs and I also clearly don't want to disable encryption either. Here's what I've done:

• Reset an AP to factory default and then re-setup the device
• Applied latest firmware and then reset and re-setup the device
• Tried 3 different APs (same model but just different devices)
• Tried different switches the APs are plugged into
• Loaded DDWRT Micro on a test AP and setup device
• Entered the WEP key as both the passphrase and as the HEX equivalent (I know, WEP is bad however the PDAs don't support anything better, I'm working on getting rid of them)
• Changed the default key to transmit

the only thing I don't have that I'm trying to get right now is a non-linksys AP to test with to see if that makes a difference.

Beyond that however I'm not sure where to go from there. Anyone have any ideas or encountered anything like this before?

 

[infamus]

Check your DHCP server or device, reboot maybe?

 

[StarTrek4U]

Check your DHCP server or device, reboot maybe?

The DHCP server is working since it will give out addresses to all wired clients as well as non-encrypted wireless ones.

Believe me, I've rebooted

 

[exchange keys]

What does the DHCP Lease say (obtained/expires) for both Wired and Wireless interfaces? If you do an "ipconfig /release" and "ipconfig /renew" does it give you a new lease with a different time stamp?

Are they both pointing to the same DHCP Server? What are their IP addresses and subnet masks? How is the DHCP Pool set up?

I'm assuming you checked this already, but the Wireless Access Points have DHCP server disabled right? They are only running DHCP forwarding/relay services, right?

I'm also assuming that the "DHCP enabled" option is on for both interfaces on the devices.

And did you only test out PDAs? I know it was mentioned that other wireless devices were tested, but nothing specific.

 

[StarTrek4U]

The DHCP leases show up correctly with the right Server & IP information when I tested on an un-encrypted connection with a laptop, which I then tested wired as well.

The DHCP Pool is 10.0.0.xx with a /24 subnet mask, first IP is 100, last IP is 240

Yes the DHCP is turned off on these devices (they actually aren't even capable of it by default)

 

[StarTrek4U]

The only other thing I can think of would be maybe due to the VLANs on the switch? But I only have 2, and since it works without I guess I'm not sure why that would be either...

 

[DatHak512]

Can you give your laptop a static IP number, connect to the encrypted wireless network and ping the DHCP server? I'm not convinced this will help troubleshooting much but it might lead to other ideas.

 

[StarTrek4U]

Can you give your laptop a static IP number, connect to the encrypted wireless network and ping the DHCP server? I'm not convinced this will help troubleshooting much but it might lead to other ideas.

Yes.

Also, it appears that something else is going on as a new AP did not solve my problem either...

 

[exchange keys]

That's annoying, lol. Can you test the wireless negotiation by using something else outside of WEP? Maybe like, WPA with PSK or AES?

Also, how strong is your WEP passphrase? is it more than 160-bit encryption? Maybe playing around with the length of characters might bring some sort of clue.

I don't think it should be your VLANs or DHCP anymore, unless something is being filtered out. The wireless connectivity should only negotiate your wireless connection from your wireless device to your wireless access point.

I guess you can try clearing out your ARP Cache Table just in case. From the command prompt, type: "netsh interface ip delete arpcache", then release and renew your IP address, and then check your DHCP lease.

 

[exchange keys]

I did not ask this, but how is the physical layout of this wireless point? Like, is the Linksys WAP54G connected on a LAN interface (not WAN/Internet interface) to an active data drop?

And if so, did you connect a laptop on the WAP54G with a network cable already to see if it gets an IP address?

 

[StarTrek4U]

That's annoying, lol.

Yes it is, lol

Different encryption schemes (WPA & WPA2) all exhibit the same issue, only wireless with no encryption works.

The WEP passphrase is 128-bit/13 char

The APs plug in to a regular access port on the switch just like any other system, connecting a different device to that port works fine. I cannot connect anything directly to the WAP since it is wireless only and has only the single LAN connection on it.

 

[Toytown]

Did you recently change your DHCP addresses? The only reason i ask is that i know some old routers (netgear i think) that wouldnt assigned IP's when 10.0.0.x was used, i know yours are different manufactuer but i thought it was worth mentioning.

 

[aaronearles]

You might be looking at this too deep, if you connect to a wep encrypted network with the wrong password/key, it will connect successfully but never receive an IP. Whereas with WPA it will say connection failed.

 

[StarTrek4U]

My DHCP addresses have stayed the same for quite awhile, although the subnet did change just slightly.

My WEP key hasn't changed in months either.

 

[exchange keys]

Then I'd suggest you take out one of the problematic WAPs away from the network, and attach it to your home's network or a different network, and test the encryption there.

Something feels like it is being overlooked though...

What is your switch's make/model?

Also, I'm assuming these WAPs are just acting as active hub/repeater and are not being managed centrally at all, right?

 

[StarTrek4U]

In order to stop wasting a crazy amount of man-hours on this problem here's what I'm doing.

We're going to get a few new APs and load them up with Tomato, and have them act as DHCP servers to the wireless clients. We will also be using better encryption (WPA) as well. I tested this out on a loaner WRT54G and we were able to get this to work successfully with only a limited amount of change required on the clients.

This will at least fix my problem until I can get rid of these damn PDAs for good.

Thanks all for the help/suggestions.

 

[infamus]

kinda sounds like the wireless is on the wrong subnet or vlan?

 

[OmegaAvenger]

static IP set on the device needing said address? that happened to be my issue on campus last week. me and the GF are "borrowing" wifi from someone who only has his router set to leave 5 DHCP addressed (hes smart, but not smart enough to switch from wep to wpa), so her laptop has a static ip for the time being since it never leaves her Apartment, and I had mine set to one while i was there.