Router

DD-WRT WPA2/Enterprise Connection Fail

So after installing about 15 access points in an enterprise enviroment, I discovered that the NAS (wireless driver from Broadcom) proccess included in DD-WRT v24 fails miserably at WPA2 with a radius server. Any ‘rejected’ or ‘failed’ or ‘interuppted’ or ‘packet dropped’ authentication request will stall all future authentication requests for that MAC address.

To fix this very irritating problem, you can change your OS to OpenWRT (hostapd does not have this issue). However, not all devices can run OpenWRT.

The other work around is to restart NAS every once in a while.

In your startup scripts add

echo "#!/bin/sh \n killall -TERM nas \n nas -P /tmp/nas.wl0lan.pid -H 34954 -l br0 -i eth1 -A -m 64 -r RADIUS_KEY -s SSID_USED -w 4 -g 3600 -h RADIUS_SERVER_IP -p RADIUS_SERVER_PORT" >> /tmp/root/nasReset.sh
echo ' * 5 * * * root /tmp/root/nasReset.sh' >> /tmp/crontab
startservice cron

Adjust the cronjob (* 5 * * *) to restart it more/less often. Restarting the NAS proccess will kill all data connectivity on that SSID, but WinXP/Mac OS don’t even notice. Android devices will disconnect/reconnect.

Tags: , ,

Monday, November 22nd, 2010 Router 2 Comments

DD-WRT v24 pre-SP2 SNMP Clients on eth1(wl0) and wl0.1

So for a pet project I recently had to record and graph how many clients were on any SSID at one time, accross all 30+ dd-wrt enabled routers. It seems the built in SNMP client does not have this capability :( So naturally, I had to figure out my own. Here’s how I did it.

First, host this script on a webserver that can be reached by all intended routers. For this guide, it will be placed at http://192.168.1.2/ddwrtSnmpScript.txt

#!/bin/sh

place=".1.3.6.1.4.1.2021.254"

refresh() {

  # Calc total clients Eth1
  wlId="eth1"
  totalClientsEth1=0
  for mac in $(wl -i $wlId assoclist | cut -d" " -f2)
  do
   let totalClientsEth1=$totalClientsEth1+1
  done

  # Calc total clients Wl0.1
  wlId="wl0.1"
  totalClientsWl01=0

  for mac in $(wl -i $wlId assoclist | cut -d" " -f2)
  do
   let totalClientsWl01=$totalClientsWl01+1
  done

  let totalClients=$totalClientsWl01+$totalClientsEth1

  eval getnext_1361412021254="$place.3.54.1.3.32.1.27.1"

  # DESCRIPTIONS
  # Total Clients
  eval value_136141202125435413321271="Total_Clients_on_AP"
  eval type_136141202125435413321271="string"

  # Total Clients eth1
  eval getnext_136141202125435413321271="$place.3.54.1.3.32.1.27.2"
  eval value_136141202125435413321272="Total_Clients_using_eth1_on_AP"
  eval type_136141202125435413321272="string"

  # Total Clients wl0.1
  eval getnext_136141202125435413321272="$place.3.54.1.3.32.1.27.3"
  eval value_136141202125435413321273="Total_Clients_using_wl0.1_on_AP"
  eval type_136141202125435413321273="string"

  eval getnext_136141202125435413321273="$place.3.54.1.3.32.1.28.1"

  # VALUES

  # Total Clients
  eval value_136141202125435413321281=$totalClients
  eval type_136141202125435413321281="integer"

  # Total Clients eth1
  eval getnext_136141202125435413321281="$place.3.54.1.3.32.1.28.2"
  eval value_136141202125435413321282=$totalClientsEth1
  eval type_136141202125435413321282="integer"

  # Total Clients wl0.1
  eval getnext_136141202125435413321282="$place.3.54.1.3.32.1.28.3"
  eval value_136141202125435413321283=$totalClientsWl01
  eval type_136141202125435413321283="integer"

  eval getnext_13614120212543541332128${lastid}="NONE"
}

LASTREFRESH=0

while read CMD
do
  case "$CMD" in
    PING)
      echo PONG
      continue
      ;;
    getnext)
      read REQ
      let REFRESH=$(date +%s)-$LASTREFRESH
      if test $REFRESH -gt 30
      then
        LASTREFRESH=$(date +%s)
        refresh
      fi

      oid=$(echo $REQ | tr -d .)
      eval ret=\$getnext_${oid}
      if test "x$ret" = "xNONE"
      then
        echo NONE
        continue
      fi
      ;;
    *)
      read REQ
      if test "x$REQ" = "x$place"
      then
        echo NONE
        continue
      else
        ret=$REQ
      fi
      ;;
  esac

  oid=$(echo $ret | tr -d .)
  if eval test "x\$type_${oid}" != "x"
  then
    echo $ret
    eval echo "\$type_${oid}"
    eval echo "\$value_${oid}"
  else
    echo NONE
  fi

done

Next, go to your DD-WRT “Services” -> “Services” and enable SNMP (http://192.168.1.1/Services.asp).

Then go to your DD-WRT “Administration” -> “Commands” (http://192.168.1.1/Diagnostics.asp) and enter the following into your startup script.

wget http://192.168.1.2/ddwrtSnmpScript.txt -O /tmp/root/snmp.sh
chmod +x /tmp/root/snmp.sh
echo "pass_persist .1.3.6.1.4.1.2021.254 /tmp/root/snmp.sh" >> /var/snmp/snmpd.conf
killall -TERM snmpd
snmpd -c /var/snmp/snmpd.conf

Restart your router…

Then viola!

root@MONITOR-1:~# snmpwalk -v2c -c public 192.168.1.1 1.3.6.1.4.1.2021.254
UCD-SNMP-MIB::ucdavis.254.3.54.1.3.32.1.27.1 = STRING: "Total_Clients_on_AP"
UCD-SNMP-MIB::ucdavis.254.3.54.1.3.32.1.27.2 = STRING: "Total_Clients_using_eth1_on_AP"
UCD-SNMP-MIB::ucdavis.254.3.54.1.3.32.1.27.3 = STRING: "Total_Clients_using_wl0.1_on_AP"
UCD-SNMP-MIB::ucdavis.254.3.54.1.3.32.1.28.1 = INTEGER: 73
UCD-SNMP-MIB::ucdavis.254.3.54.1.3.32.1.28.2 = INTEGER: 64
UCD-SNMP-MIB::ucdavis.254.3.54.1.3.32.1.28.3 = INTEGER: 9

Tags: , ,

Wednesday, October 13th, 2010 Router 3 Comments

Pages

Search this Site

Archive

Links

Meta