Are you graphing the stations / APs in AirControl2 or similar? This can help diagnose the problem.
On Tue, Mar 8, 2016 at 1:50 PM, Rory Conaway <[email protected]> wrote: > CCQ% is 95-98%. But it doesn’t mean it’s not an interference issue. > I’ve seen Mikrotik do serious damage to Ubiquiti. > > > > Rory > > > > *From:* Af [mailto:[email protected]] *On Behalf Of *Josh Reynolds > *Sent:* Tuesday, March 08, 2016 12:10 PM > *To:* [email protected] > *Subject:* Re: [AFMUG] I might be under attack by a competitor > > > > Yes, substantial interference will cause this, even on 5GHz. It could be > noise at the AP, but only if all stations having high CCQs. If not, the > CPEs are seeing another signal that either has very high signal or is on a > near or overlapping frequency. > > > > On Tue, Mar 8, 2016 at 12:53 PM, George Skorup <[email protected]> wrote: > > Rory, I think you're seeing somewhat normal operation from the UBNT > radios. The AP heard nothing from that CPE in a while so it tore down the > session. CPE still thinks it's registered. AP says nope. Could be > interference. We saw this all the time in the 2.4 band w/ UBNT radios. > > > > On 3/8/2016 9:03 AM, Rory Conaway wrote: > > I haven’t seen one on a Ubiquiti AP which is why I asked but when I get > back in town next week, I’m going to set it up so I can see how it works. > Our Xirrus radios have that feature. > > > > Rory > > > > *From:* Af [mailto:[email protected] <[email protected]>] *On > Behalf Of *Mike Hammett > *Sent:* Tuesday, March 08, 2016 6:02 AM > *To:* [email protected] > *Subject:* Re: [AFMUG] I might be under attack by a competitor > > > > When a deauth is happening, the laptop doing the deauth impersonates the > AP, telling the client to disconnect. What I see below doesn't look like a > deauth attack. > > > > ----- > Mike Hammett > Intelligent Computing Solutions <http://www.ics-il.com/> > [image: http://www.ics-il.com/images/fbicon.png] > <https://www.facebook.com/ICSIL>[image: > http://www.ics-il.com/images/googleicon.png] > <https://plus.google.com/+IntelligentComputingSolutionsDeKalb>[image: > http://www.ics-il.com/images/linkedinicon.png] > <https://www.linkedin.com/company/intelligent-computing-solutions>[image: > http://www.ics-il.com/images/twittericon.png] <https://twitter.com/ICSIL> > Midwest Internet Exchange <http://www.midwest-ix.com/> > [image: http://www.ics-il.com/images/fbicon.png] > <https://www.facebook.com/mdwestix>[image: > http://www.ics-il.com/images/linkedinicon.png] > <https://www.linkedin.com/company/midwest-internet-exchange>[image: > http://www.ics-il.com/images/twittericon.png] > <https://twitter.com/mdwestix> > The Brothers WISP <http://www.thebrotherswisp.com/> > [image: http://www.ics-il.com/images/fbicon.png] > <https://www.facebook.com/thebrotherswisp>[image: > http://www.ics-il.com/images/youtubeicon.png] > > > <https://www.youtube.com/channel/UCXSdfxQv7SpoRQYNyLwntZg> > ------------------------------ > > *From: *"timothy steele" <[email protected]> > *To: *[email protected] > *Sent: *Tuesday, March 8, 2016 6:28:42 AM > *Subject: *Re: [AFMUG] I might be under attack by a competitor > > 04:18:d6:e4:c0:15 Is a ubnt Mac sure you don't own that Mac? In the client > list you should see it pop up now and then maybe pop up a fake ap with same > said with passphrase ubnt should connect then you can get into the network > of who ever is doing it > > > > On Tue, Mar 8, 2016, 7:14 AM Gino Villarini <[email protected]> wrote: > > are you running 802.11n or airmax? > > > > On Tue, Mar 8, 2016 at 1:44 AM, Rory Conaway <[email protected]> > wrote: > > I’m almost done doing that. This should be interesting. > > > > Rory > > > > *From:* Af [mailto:[email protected]] *On Behalf Of *Jaime Solorza > *Sent:* Monday, March 07, 2016 9:55 PM > *To:* Animal Farm <[email protected]> > *Subject:* Re: [AFMUG] I might be under attack by a competitor > > > > Change your ssid and hide it... > > On Mar 7, 2016 9:05 PM, "Rory Conaway" <[email protected]> wrote: > > Received disassoc from 04:18:d6:e4:c0:15. Reason: Disassociated because > sending STA is leaving (or has left) BSS (8). > > Feb 13 07:17:43 wireless: ath0 STA-TRAFFIC-STAT mac=04:18:d6:e4:c0:15 > rx_packets=633675 rx_bytes=116857546 tx_packets=2225222 tx_bytes=3041234063 > > Feb 13 07:17:43 wireless: ath0 Expired node:04:18:D6:E4:C0:15 > > Feb 13 07:17:43 hostapd: ath0: STA 04:18:d6:e4:c0:15 IEEE 802.11: > disassociated > > Feb 13 07:17:43 wireless: ath0 Sending deauth to 04:18:d6:e4:c0:15. > Reason: Class 2 frame received from nonauthenticated STA ( > > > > *From:* Af [mailto:[email protected]] *On Behalf Of *Rory Conaway > *Sent:* Monday, March 07, 2016 9:03 PM > *To:* [email protected] > *Subject:* [AFMUG] I might be under attack by a competitor > > > > I have a couple of customers off the same Ubiquiti Rocket 5 AP that have > been having an issue the last couple days with going offline for a short > time and then reconnecting and coming back online. I pull the logs on the > AP and see a bunch of handshaking and several of these. I’m pretty sure > this is what happens when an enterprise radio does Rogue Access Point > Suppression. Am I reading this right or is there something I’m not aware > of like a bad CPE that can cause this? > > > > Rory > > > > > > > > > > > > >
