Wireless Access

Reply
Occasional Contributor II

n HTC phones. AES delays packet trans very much.

Hello all,

We are a Spanish university that uses Alcatel wifi equipment.
But Alcatel is an OEM of Aruba and we have always one eye on Alcatel and other eye on Aruba.

We have sent this issue to Alcatel support but I think it could be useful for all Aruba users.

We have AP70 and AP105 and we are using WPA-TKIP and WPA2-AES simultaneously.

Weeks ago, our end users support center told us there were some n phones that didn't navigate.
The phones CONNECT ALWAYS RIGHT but in some places they surf right by web and in other places they can't.

We discovered soon that the problem was the n APs.

We made some test with a test SSID and we found this behavior.
.-n SSID with AES encryption only. The client connects on n but the navigation doesn't work. The packet forwarding is very very slow. (See note below)
.-n SSID with TKIP encryption only. The client connects on b/g no n and the navigation work.
.-n SSID  and open or no encryption. The client connects on n and it navigates.
.-no n SSID. The encryption doesn't mind. It works always well.

These n phones work well at home n wifis.

Note: The most curious thing here in our wifi is that the n phones connected to n and AES suffer a big delay in DNS, WEB and almost any protocol, but not in ping. Any ping on the phone using IP number instead of IP name, never fails.

Equipment and versions

OAW-4650 (Aruba 7220 controller)
Alcatel/AOS 6.3.0.1
AP-70 and AP-105
HTC Desire C Android 4.0.3
HTC Desire 500 Android 4.1.2

Sony, Samsung, Iphone, etc. don't suffer this issue.

I suspect all n HTC phones are affected.

Now, you are advised.
And if you know a workaround or solution, please, tell me.

Nicolas

Universidad Autonoma de Madrid

Guru Elite

Re: n HTC phones. AES delays packet trans very much.

Are you using 802.1x?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: n HTC phones. AES delays packet trans very much.

Yes. This is our major access system.
We are in eduroam initiative.

The "unusual" access system is PSK.
But the problem is the same for both.

Thanks

Re: n HTC phones. AES delays packet trans very much.

From the description, I understand we have an issue with HTC phones using Android unable to navigate to WEB and lot of delay in http/https and DNS quereis however ping always works fine. 

 

  1.  Are we using the external (Public) DNS server ?
  2.  Do we have this issue only with Android device and IOS or laptops working fine?
  3.  Is the DHCP server configured on the controller ?
  4.  Do we see any traffic from show datapath session table ?

 

Thank you

Occasional Contributor II

Re: n HTC phones. AES delays packet trans very much.

1.-Yes, we are using our campus DNS server in our wifi network.
2.-As long as we can test, yes. Any other device works fine. There isn't any other device, including those that are far from an AP, for which web navigation it's so difficult. We have used test AP105 twenty cms near HTC phone andthe navigation is almost blocked. For any type of user, end or technical, navigation is almost useless.
3.-Yes, it is. DHCP is served by the controller.
4.-We'll check it asap and I'll replay an answer.

We are very sure about the n HTC phones because these are the phones our mobile operator (Vodafone) send us for corporate users.We have now around 20 HTC Desire 500 and all of them shows the problem.
Our end users support center talked us about navigate problems with ALL HTC phones they configured for corporate users in "some" places.
Later we discovered these places are AP105.

Thanks

 

Re: n HTC phones. AES delays packet trans very much.

When we say campus DNS servers; are they going to be public servers? Please confirm.

From your description, I understand DHCP server is on the controller. Can we try connecting the HTC phones to connect to different vlan on the controller where DHCP server is hosted and gateway is hosted outside to see if that behaves differently ?

 

Thank you.

Occasional Contributor II

Re: n HTC phones. AES delays packet trans very much.

Yes it is. DNS server for wifi clients and for controllers is our public DNS server.

 

I don't understand very well the second question.

Do you want we use an external DHCP server not hosted by the controllers?

It can be done because we have another DHCP server for non-wifi equipment.

But, I don't understand what are we looking for.

The credentials exchange and DHCP leasing works right always.

With our previous controllers, DHCP server used was the external server and always was fine.

Anyway, we'll try it.

 

Maybe tomorrow I'll post the results for the tests you ask for.

 

Thanks

Occasional Contributor II

Re: n HTC phones. AES delays packet trans very much.

Hello,

 

I send a file with sh datapath results attached.

 

The tests using a different vlan and an external dhcp server is more diffcult than I said.

Our wired equipment and firewall fellows are involved in other urgent work these days.

Sorry.

I hope next week ....

 

The Alcatel tech support ask us more data also.

 

Anyway, thank you Aruba guys.

 

And, please, if anybody suffers the same problem with any kind of n phones, please, tell us.

 

Nicolas

 

Guru Elite

Re: n HTC phones. AES delays packet trans very much.


nvelaz03 wrote:

Hello,

 

I send a file with sh datapath results attached.

 

The tests using a different vlan and an external dhcp server is more diffcult than I said.

Our wired equipment and firewall fellows are involved in other urgent work these days.

Sorry.

I hope next week ....

 

The Alcatel tech support ask us more data also.

 

Anyway, thank you Aruba guys.

 

And, please, if anybody suffers the same problem with any kind of n phones, please, tell us.

 

Nicolas

 


Question,

 

Why is DNS being given high priority?  Are you putting ALL traffic in the High Queue (the H flag)?

 

show datapath session table 172.16.226.23


Datapath Session Table Entries
------------------------------

Flags: F - fast age, S - src NAT, N - dest NAT
       D - deny, R - redirect, Y - no syn
       H - high prio, P - set prio, T - set ToS
       C - client, M - mirror, V - VOIP
       Q - Real-Time Quality analysis
       I - Deep inspect, U - Locally destined
       E - Media Deep Inspect, G - media signal

  Source IP     Destination IP  Prot SPort DPort  Cntr Prio ToS Age Destination TAge Packets   Bytes      Flags 
--------------  --------------  ---- ----- -----  ---- ---- --- --- ----------- ---- --------- ---------  -----
150.244.9.100   172.16.226.23   17   53    46876  1/3     7 0   1   tunnel 296  21   0         0          FHPI 
150.244.9.200   172.16.226.23   17   53    44901  1/3     7 0   1   tunnel 296  1d   0         0          FHPI 
172.16.226.23   150.244.9.100   17   46876 53     1/3     7 0   1   tunnel 296  21   0         0          FHPCI 
150.244.9.100   172.16.226.23   17   53    36929  1/3     7 0   1   tunnel 296  20   0         0          FHPI 
172.16.226.23   173.194.66.188  6    56539 5228   1/3     0 0   8   tunnel 296  95   0         0          C 
172.16.226.23   150.244.9.200   17   57864 53     1/3     7 0   0   tunnel 296  3    1         61         FHPCI 
172.16.226.23   150.244.9.200   17   44243 53     1/3     7 0   1   tunnel 296  1e   0         0          FHPCI 
172.16.226.23   150.244.9.100   17   27984 53     1/3     7 0   1   tunnel 296  6    1         61         FHPCI 
150.244.9.100   172.16.226.23   17   53    27984  1/3     7 0   1   tunnel 296  6    1         496        FHPI 
172.16.226.23   150.244.9.100   17   20657 53     1/3     7 0   1   tunnel 296  1c   0         0          FHPCI 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: n HTC phones. AES delays packet trans very much.

Hello

 

Maybe we made some priorities in the config to some traffics time ago for other problems.

Months ago we had another very old controllers and the config is very similar for the new controllers.

 

But, is this a question related with the problem described above?

Of course, we want to solve the problem. But we want to understand how these config questions (priority or DHCP) can crash or solve our n HTC phones connected with AES encryption.

I don't understand why these questions break n/AES but doesn't mind for g/TKIP or n/noencryption.

 

And, overall, thank very very very much, Cjoseph and Sriram.

 

Regards,

 

  Nicolas

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: