Community discussions

MikroTik App
 
sash555
just joined
Topic Author
Posts: 11
Joined: Tue Nov 09, 2010 11:28 am

RouterOS reboot when wireless clients connect or hibernat

Fri Dec 09, 2011 1:26 pm

Hello. I have the following problem. On my PC (MB:D945GCLF2+R52nM) RouterOS is installed.
Configure the wireless network. When wireless clients (two laptops) connect (rarely) or go into hibernation(more often), the RouterOS reboots.
Before installation R52nM card problems with reboot wasn't.
 
User avatar
ojsa
Member Candidate
Member Candidate
Posts: 181
Joined: Tue Jan 27, 2009 8:53 pm
Location: Norway

Re: RouterOS reboot when wireless clients connect or hiberna

Fri Dec 09, 2011 9:31 pm

And you are running current Ros release with updated firmware on the router?
 
User avatar
mramos
Member Candidate
Member Candidate
Posts: 231
Joined: Sun Nov 23, 2008 1:05 am
Location: S. B do Campo - SP - Brazil

Re: RouterOS reboot when wireless clients connect or hiberna

Sun Dec 11, 2011 2:30 am

Before installation R52nM card problems with reboot wasn't.
Just curious: I think you are using some security profile (WPA2-PSK AES, WPA-PSK TKIP, etc). Which one?

Regards;
 
sash555
just joined
Topic Author
Posts: 11
Joined: Tue Nov 09, 2010 11:28 am

Re: RouterOS reboot when wireless clients connect or hiberna

Mon Dec 12, 2011 8:14 pm

My RouterOS version 5.9. I can't update firmware. ROS installed on PC.
WPA PSK+WPA2 PSK AES
 
sash555
just joined
Topic Author
Posts: 11
Joined: Tue Nov 09, 2010 11:28 am

Re: RouterOS reboot when wireless clients connect or hiberna

Mon Dec 12, 2011 8:25 pm

/interface wireless security-profiles
set default authentication-types="" eap-methods=passthrough group-ciphers="" \
    group-key-update=5m interim-update=0s management-protection=disabled \
    management-protection-key="" mode=none name=default \
    radius-eap-accounting=no radius-mac-accounting=no \
    radius-mac-authentication=no radius-mac-caching=disabled \
    radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
    static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
    none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
    static-sta-private-algo=none static-sta-private-key="" \
    static-transmit-key=key-0 supplicant-identity=MikroTik tls-certificate=\
    none tls-mode=no-certificates unicast-ciphers="" wpa-pre-shared-key="" \
    wpa2-pre-shared-key=""
add authentication-types=wpa-psk,wpa2-psk group-ciphers=aes-ccm \
    group-key-update=5m interim-update=0s management-protection=disabled \
    management-protection-key=1234567890pp mode=dynamic-keys name=wpa_psk \
    radius-eap-accounting=no radius-mac-accounting=no \
    radius-mac-authentication=no radius-mac-caching=disabled \
    radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
    static-algo-0=none static-algo-1=none static-algo-2=none static-algo-3=\
    none static-key-0="" static-key-1="" static-key-2="" static-key-3="" \
    static-sta-private-algo=none static-sta-private-key="" \
    static-transmit-key=key-0 supplicant-identity="" tls-certificate=none \
    tls-mode=no-certificates unicast-ciphers=aes-ccm wpa-pre-shared-key=\
    1234567890pp wpa2-pre-shared-key=1234567890pp
/interface wireless
set 0 adaptive-noise-immunity=ap-and-client-mode allow-sharedkey=no \
    antenna-gain=0 area="" arp=enabled band=2ghz-b/g/n basic-rates-a/g=6Mbps \
    basic-rates-b=1Mbps bridge-mode=disabled channel-width=20mhz compression=\
    no country=no_country_set default-ap-tx-limit=0 default-authentication=\
    yes default-client-tx-limit=0 default-forwarding=yes dfs-mode=none \
    disable-running-check=no disabled=no disconnect-timeout=3s distance=\
    dynamic frame-lifetime=0 frequency=2412 frequency-mode=manual-txpower \
    frequency-offset=0 hide-ssid=no ht-ampdu-priorities=0,1 ht-amsdu-limit=\
    8192 ht-amsdu-threshold=8192 ht-basic-mcs=\
    mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,mcs-7 ht-guard-interval=any \
    ht-rxchains=0 ht-supported-mcs="mcs-0,mcs-1,mcs-2,mcs-3,mcs-4,mcs-5,mcs-6,\
    mcs-7,mcs-8,mcs-9,mcs-10,mcs-11,mcs-12,mcs-13,mcs-14,mcs-15" ht-txchains=\
    0 hw-fragmentation-threshold=disabled hw-protection-mode=none \
    hw-protection-threshold=0 hw-retries=7 l2mtu=2290 mac-address=\
    00:0C:42:64:A8:09 max-station-count=2007 mode=ap-bridge mtu=1500 name=\
    wlan1 noise-floor-threshold=default nv2-cell-radius=30 \
    nv2-noise-floor-offset=default nv2-preshared-key="" nv2-qos=default \
    nv2-queue-count=2 nv2-security=disabled on-fail-retry-time=100ms \
    periodic-calibration=default periodic-calibration-interval=60 \
    preamble-mode=both proprietary-extensions=post-2.9.25 radio-name=\
    000C4264A809 rate-selection=advanced rate-set=default scan-list=default \
    security-profile=wpa_psk ssid="" station-bridge-clone-mac=\
    00:00:00:00:00:00 supported-rates-a/g=\
    6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps supported-rates-b=\
    1Mbps,2Mbps,5.5Mbps,11Mbps tdma-period-size=2 tx-power-mode=default \
    update-stats-interval=disabled wds-cost-range=50-150 wds-default-bridge=\
    none wds-default-cost=100 wds-ignore-ssid=no wds-mode=disabled \
    wireless-protocol=any wmm-support=disabled
add area="" arp=enabled bridge-mode=enabled default-ap-tx-limit=0 \
    default-authentication=yes default-client-tx-limit=0 default-forwarding=\
    yes disable-running-check=no disabled=no hide-ssid=no l2mtu=2290 \
    mac-address=02:0C:42:64:A8:09 master-interface=wlan1 max-station-count=\
    2007 mtu=1500 name=wlan2 proprietary-extensions=post-2.9.25 \
    security-profile=wpa_psk ssid=SashWiFi update-stats-interval=disabled \
    wds-cost-range=0 wds-default-bridge=none wds-default-cost=0 \
    wds-ignore-ssid=no wds-mode=disabled wmm-support=disabled
/interface wireless manual-tx-power-table
set wlan1 manual-tx-powers="1Mbps:17,2Mbps:17,5.5Mbps:17,11Mbps:17,6Mbps:17,9M\
    bps:17,12Mbps:17,18Mbps:17,24Mbps:17,36Mbps:17,48Mbps:17,54Mbps:17,HT20-0:\
    17,HT20-1:17,HT20-2:17,HT20-3:17,HT20-4:17,HT20-5:17,HT20-6:17,HT20-7:17,H\
    T40-0:17,HT40-1:17,HT40-2:17,HT40-3:17,HT40-4:17,HT40-5:17,HT40-6:17,HT40-\
    7:17"
set wlan2
/interface wireless nstreme
set wlan1 disable-csma=no enable-nstreme=no enable-polling=yes framer-limit=\
    3200 framer-policy=none
set "(unknown)"
 
User avatar
mramos
Member Candidate
Member Candidate
Posts: 231
Joined: Sun Nov 23, 2008 1:05 am
Location: S. B do Campo - SP - Brazil

Re: RouterOS reboot when wireless clients connect or hiberna

Tue Dec 13, 2011 11:58 am

My RouterOS version 5.9. I can't update firmware. ROS installed on PC.WPA PSK+WPA2 PSK AES
Well, I use to run 5.XX + WPA2-PSK (AES) and had random reboots depending on how many clients was online - but certain clients models - not all of them (may be related to clients chipsets).

Following some debug information MT support guys sent I figure that those events was related to those specific clients family.

So ... I followed their test sugestion: left WPA2-PSK (AES) unused for now and run only WPA-PSK (TKIP) instead.

Since then no more reboots.

Of course you'll have to "edit" security configuration at the clients.

Regards;
 
sash555
just joined
Topic Author
Posts: 11
Joined: Tue Nov 09, 2010 11:28 am

Re: RouterOS reboot when wireless clients connect or hiberna

Tue Dec 20, 2011 8:56 pm

Disable AES. Left TKIP. It did not help.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26931
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: RouterOS reboot when wireless clients connect or hiberna

Thu Dec 22, 2011 3:33 pm

test sugestion
Just remember, normally TKIP is not recommended. AES uses hardware encryption, TKIP is slower.
 
User avatar
mramos
Member Candidate
Member Candidate
Posts: 231
Joined: Sun Nov 23, 2008 1:05 am
Location: S. B do Campo - SP - Brazil

Re: RouterOS reboot when wireless clients connect or hiberna

Sat Dec 24, 2011 3:12 pm

Just remember, normally TKIP is not recommended. AES uses hardware encryption, TKIP is slower.
This is interesting!

I started to face 1 ... 5 reboots a day on a 433UAH fitted with R52n and later R52nM. Both cards use AR9220 chipsets so they bring AES on it and does not depend on ROS low level routines.

Those reboots started when I introduced UBNT's Nano2 Loco "M" where I already had several Nano2 Loco (not M) before.

Untill this time (last june/july I guess) I used to run only WPA2-PSK AES.

Since then until few weeks ago I was dealing with those kernel failures folowed by router reboot several times a day (and of course driving me crazy looking for the cause, going trhu cables, power supplies, shielding, grounding, damaged cards, rb firmwares, ros versions, etc).

Then folowing a test sugestion (by Janis) I changed all CPEs (& APs) encryption to WPA-PSK TKIP. Almost two days to change all CPEs at this router area (~80).

Finally I get rid of WPA2-PSK AES at CPEs and then disabled it at ROS security profiles, keeping only WPA-PSK TKIP.

Since then no more kernel failures.

Of course that if in near future I figured what's causing this (e.g it's an AR9220 issue or Nano2 Loco M chipset issue) I'll revert this security config back to WPA2-AES.

Today this RB433UAH have 3 x R52nM on 2.4 legacy mode (ch 1, 7, 13 all 10MHz BW, noise floor ~ -112dBm) and 3 sectors (one spot 2Km away and 2 slices ~12º each). Peak is 80 autheticated CPEs ... smooth, low CPU, no more reboots.

Image

Regards;
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26931
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: RouterOS reboot when wireless clients connect or hiberna

Tue Dec 27, 2011 11:30 am

did you send autosupout.rif files from those crashes to support? if there is a problem, we need to solve it.
 
User avatar
mramos
Member Candidate
Member Candidate
Posts: 231
Joined: Sun Nov 23, 2008 1:05 am
Location: S. B do Campo - SP - Brazil

Re: RouterOS reboot when wireless clients connect or hiberna

Tue Dec 27, 2011 11:46 am

did you send autosupout.rif files from those crashes to support?
Ticket#2011102066000442 ~ Nov 15th, lots of autosupout.rif for almost 2 weeks to figure what's causing the failures.

Than cames an interesting info: several MIC failures before crashes.
<4>ap_assoc: from 0:15:6d:xx:xx:xx failed to parse
<4>aesccm_decrypt: MIC failure
<4>unaligned data access at c0167520 put_page+0x0/0x250
<4>Unhandled kernel unaligned access[#1]:
<4>Cpu 0
And the MAC of the affected CPEs belongs (+90%) to Nano2 Loco M. A few Loco2 show up but there was always one or more "M" toghether.

I put all CPEs at "WPA" only (e.g. auto selection of AES or TKIP) and set security profile to WPA-TKIP only. No more kernel failures. If I left CPEs at this "auto" mode and set security profile to AES in some time (minutes ... hours) there's a new kernel failure.

Regards;