.comment-link {margin-left:.6em;}
Visit Freedom's Zone Donate To Project Valour

Saturday, June 19, 2010


I was up late last night studying the documentation, and this morning I went in and installed a new primary router with better wireless security at the SuperDoc's.

The people who put in the cable part of the network were supposed to have done it, but they haven't managed to in about a year, so.... I bet they were afraid to mess with it just like I was. There's so much hodgepodge from so many generations of junk.

Anyway, when I left it was all working although I did have to manually configure it, and this will take the number of network-wide routers down from three to two. Besides that there is the cable modem, and two more direct access routers that handle links to labs.

Something is failing in the system, but I have not been able to figure out what, so I am down to randomly switching stuff around and watching to see what happens. I don't like to start spending a ton of money just replacing stuff that might be fine, but this really needed to be done for security reasons. One piece of this was overlaid on the cable guys original stuff by a prescribing system which we converted out of this spring, so I had the chance to straighten out some of the kinks I couldn't before.

I have set the router for high security and on the wireless portion the only access is enumerated MAC addresses, so even if someone finds the passwords and keys, they still won't be able to log on. Wireless networks worry me in public access areas.

I have not been able to figure out why the internet piece keeps dropping out, but this week the cable modem was dead one morning, and just a couple of weeks ago the main router crashed and would not come up, so I think something is shorting out somewhere. The benefit of making this wireless router the primary (controls DHCP) is that if the old router is dying, this one has a few access ports so I could set up a mini-network to run a few machines in about 15 minutes. That would get him by for a day or two until he could get a new router.

The intermittents are driving me crazy. There is no rhyme or reason to it. I installed a new UPS and then segregated routers on two different UPS units, but it still kept happening. It looks like a power problem, but it's not coming from outside, so my hunch is that it's a short.

I am going to buy A new wireless router tomorrow as mine is toasted. I hate setting that stuff up and I expect some kind of a problem. What can you do?
Well, the consolation is that if you are doing it at home there's usually less to do. But at home you mostly have all the passwords, etc, for the internet connection, so you have to know those. The auto-setups tend to work half decently at home.

This was just static IP on the internet, so that portion wasn't hard - all you had to do was ignore all the dire warnings. It was getting the interaction with the other router right that worried me.
PS: I always use ipconfig /all on a client or two and copy down their settings to be sure.
I have put off doing this because something always goes wrong for me! The router is really crapping out now so I gotta get one tomorrow or I cannot troll the blogs and leave comments, and that is unacceptable!

Does it work w/o the encryption on?

I had a past experience where the wireless router firmware just didn't do the encryption correctly so I had to turn it off. It kept kicking my laptop or another off after a few mins (and then reconnecting if I manually reconnected it).

I ended up staying w/ a mac based access model and turning off encryption. If someone sniffs packets from the air, its not a huge issue since generally sensitive stuff is all ssl encrypted anyway.

Anyway, this might solve your problem.

BTW, thanks for your suggestion to check bloomberg regions and go down the list. It is very helpful! (trying to make a simple scraper to get that into an rss reader now...)
GYC - much sympathies. I'm not any good with this stuff either, so I approach it with great wariness and preparation.

SV E - Okay, because I need a secure network there is no way I am turning off encryption. This is people's very private info. You would damn well not like your medical info along with your name, SS and account numbers (in some cases) transmitted in the clear.

In any case, it's a total signal failure when it fails, and I was USUALLY just rebooting the bridge (takes cable input and feeds to what was the main router and the wireless). So it wasn't the wireless that was failing. I set them up so they could do that with one button, and the main always kept ticking along.

But then in recent weeks the main router crashed once catastrophically. I tried swapping out one cable, which seemed to help for a bit but then not. Anyway, hopefully this double bypass will work. If not, it's going to be in the incoming cable feed somewhere.
Speaking of firmware, I presume you've check the firmware versions and applied all the latest patches for your equipment?

It is scary the kind of bugs that get shipped only to be found and fixed later in patches.
If not, it's going to be in the incoming cable feed somewhere.

We had a bad cable modem from Comcast. We had to fight them that it was their hardware's fault, but eventually they relented and sent us a new modem. After that, everything was fine.

If you can make sense of it, there is usually good info on the internet about the various models of modem, how reliable they are, how they typically fail, and so forth.
Allan - snort. Don't get me started. The installation from the one prescription net was out of date from the day it was installed. 2002 firmware? Cut me an effing break.

They were controlling from the outside, and I tried calling them, but let's just say that was an exercise in blood-pressure escalation and epic futility. Further, when they did the conversion they left their access in open, which did not make me feel very friendly toward them.

Watch the BP congressional inquisition to get a clue as to how my attempt to deal with them worked.

I would have updated the firmware, but I suspected a problem, and trying to update firmware when you also have a hardware problem is something you should only do if you have alternate configuration available, which I now do. If this runs a week without a problem, I will update that wireless router and test it to see if the problem was there. If not, it is in the old bridge, and I need to have a backup available, so I'll get a cheap router I can swap with this one in case of emergency.
Allan - originally I suspected the cable modem, but that seems very reliable. So now I think it is either the cabling from the modem up into the router, or the old bridge/wireless router combo. Except for that once, I never ever had to do anything with the cable modem.
Cable modems do get flaky an burn out. And the newer ones are faster.
I look over the user guides and nothing is ever mentioned about a wireless setup and MAC and PC issues. Then I check tech forums and I see this is a major issue. My wife and I have PC's and the Mom in law in the in-law apartment has a MAC and this always causes problems. Wish me luck but I already have a bad feeling!
GYC - by MAC address I meant the hardware address, not the OS. But I understand your problem too.

As long as it is an 802.11g you should be able to get the Mac to work with it.

See if this helps. I find reading right through the user guide before the installation works wonders for me.

yeah I wasn't suggesting you go without encryption. more of a diagnostic test of the wireless.

But it looks like thats not where the issue is.

Good luck! I always find hardware issues very frustrating. Usually w/ software you know its most likely your bug....hardware...it could be a misconfiguration or a blown capacitor.
MoM: is it possible that one or another of the router/network boxes is overheating now and then? That can cause them to go insane and restart. My experience is that a lot of stuff sold for the consumer and soho market runs way too hot for its own good. This can include stuff that the cable company provides. Unless you are using better-grade gear, you should check how warm each box feels. If it is even a little above ambient, make sure it has good circulation. Stand it on its end, place it on small blocks so it has circulation around it, buy a bunch of stick-on heatsinks and stick them on, etc.
Hah! NJCommuter, your technical background is clear.

Yes, both the bridge and old wireless router were running hot. Believing that it was a temperature-sensitive short, I rearranged the whole closet deal, shifted them away from each other, and redistributed the power supplies to provide plenty of air space. They then ran cool, and they were running cooler than the new stuff you buy. But it didn't change anything.

So then the cable replacement, which didn't change anything.

So now a new piece of equipment - we'll see what happens with that. I do not like the quality of the newer generation stuff, so I have a replacement ready to go in to the Doc's on Monday, just in case.

That's one of the reason I hate to change out the older equipment unless it is clearly bad. The quality of the components even 7 years ago was so much better - as long as the thing did not fail in the first 48 hours, and you put it on a good quality UPS, those older routers would run forever just about. Maybe a port or two would fail, but you could just switch ports. Now that's not so.

And the old cable modems were much, much better quality than the new stuff. I call the new stuff perpetual employment for techs because it is so shoddy.
I have learned a lot from intermittent failures,between bouts of primal screaming.Good luck!
We once did troubleshooting on a VOIP issue. The guy was an audio engineer, so it was hard to tell if the issues he ran into were things only he could hear ;) Anyway, we thought that was initially a short too. He worked on the power and we replaced all the equipment along the way. Same issues. I took a long look at everything we'd done and realized we'd never replaced the modem. It seemed to be fine. When we replaced it, the issues stopped. I'd swap out the modem, just to be sure.

The link you gave at 8:36 shows setting up WEP Encryption. I hope that you didn't do this. WEP is old and insecure - anybody with enough interest to do a google and a download can break the encryption.

Spoofing of MAC addresses is also trivially easy to the badly-inclined, so MAC filtering is of little use in this application.

At a minimum you should be using WPA with TKIP. Preferable is WPA2 with AES. Use a 60 character long random Pre-Shared which you save to a thumbdrive, which you then use to set up each machine - in XP you only have to enter the pre-shared key the first time you set up the connection (though you have to enter it twice at that time). Then you (or SuperDoc) put the thumbdrive in a safe place.

Feel free to email me with any questions.
BTW, I've been very impressed at your ability to untangle things so far. I do networking professionally, so I know it's not easy.

Multiple routers and links really complicate things.
In my first post I meant that MAC filtering wasn't worth much if you were only using WEP.

I also see that it's a new wireless router that you configured with "high security", so I suspect that whatever was in the linked article, you probably got it right.
Bob - yes, it's WPA2. The old one just was WEP. I think the crappy security was one reason the old service didn't want to talk to me. They tell the docs it's secure, and it really isn't.

Since you apparently do this professionally, you'll understand. I am very concerned about the college students and HS interns he hires. The current service is designed to work with an iPhone or an iPod Touch, but almost anything will interact with it. And the MAC address screening is really so I can block out the young ones from using their own devices. That is a security risk I just don't think is reasonable. It will seem normal and natural to them, but it's not good. I do not think the kids themselves are a security risk, but I am concerned about good-natured fecklessness.

As soon as I get this done I am going to delicately suggest to the doc that he set up different accounts for the new system, which is web based. I want him to be able to track what prescriptions each person is entering. I don't want to offend anyone, but I don't seem to be quite getting across to them certain security issues.

I don't think any wireless security is all that good. I advise people never to use wireless connections, even in their homes, for banking and online transactions.

Thanks for the offer of help.
Bob - another thing, all the PCs in the office will remain connected solely via cable. The wireless piece is solely for the handheld access devices for the EHR/prescription service, which sends directly to pharmacies.

I have concerns about these services, although the government policy has been pretty much to mandate them. So far I have been mightily unimpressed by the security arrangements of most interactive health systems. In particular, many drugs have a high street value, and I expect such services to become a target. Scheduled drugs are supposed to be paper prescriptions, but apparently there's plenty of action on non-scheduled stuff.
I bought the Cisco Linksys E2000 router. What a fiing clusterf$ck.

The old wirelss router has a port for coaxial cable to attach, the E2000 does not. The coax comes in and splits into 3 lines; one for the TV, one for the modem, and another to the old router. Its the SAME LINE! I hooked up the modem to the router and it says it is not hooked up to the modem! I hate this crap so much. I am going to hire a tech geek this week to get this done I am so frustrated right now!
GYC - if this (pdf) is the correct manual, you stick your internet cable in the yellow slot. The other four ports are for cable connections to computers or other devices.

If it did not detect the internet, you probably have the cable in the wrong slot or you have to configure the internet connection.

If it is static IP, you can get the settings from running the DOS command prompt on one of your client computers and typing in:
ipconfig /all

That will give you a list of each interface adapter and its settings.
GYC, it sounds like you bought the wrong product. If your old router takes a coaxial input split off from the line feeding the TV, it is also a cable modem, as well as a wireless router. The E2000 isn't intended to do all of that that.

Odds are the separate modem you mention wasn't in use after you/whoever installed the old wireless router/modem.

Your options are to take the E2000 back and get something that does everything the old wireless router did, or keep the E2000 and get a separate cable modem device - which might even be the one you mention - working.
GYC - if you are replacing a cable modem/wireless router combo, you need to buy a cable modem/wireless router combo.

But what isn't working in the first place? And which service provider do you use?
This comment has been removed by a blog administrator.
Post a Comment

Links to this post:

Create a Link

<< Home

This page is powered by Blogger. Isn't yours?