11-30-2023 06:12 AM
Hello. I have ~10 AccessPoints AP410i (wing 7.7.1.8-009R) which work in same domain and select virtual controller via option "Enable auto election of VC".
Created some vlan, linked to Wlan - Radio2 (5hz).
I see and can connect to my SSID, get ip address and can open different resources. But I have problem with delivery or get internet traffic via WiFi segment. Packets is lost or long time response when. I tried ping to my gateway and external internet resource. Problem is always, even if I stay in one place)
I configured my second interface(Ge2) and plug in to ethernet cable from my computer, get ip addres from my dhcp server and tried ping and open internal or external resource. Here is good.
Problem only via WiFi segment and I don't understand , what i can do somelse.
Can you help me?
12-05-2023 11:11 AM
@ckelly Hello. Today, thirth day and I don't see something problem with WiFi. (This is good and bad , because problem might will repeat again in wrong time).
Question, do you see this problem with all areas (all areas with the APs?) - I have checked the entire area, but didn't check distant warehouse.
How large of an area is this where all of the APs are placed - I don't have information about total area, but APs installed about 30-40 meters between itself.
What sort of environment is it? - Mixed environment. Several refrigeration chambers, a warehouse place and open space for employees
Are there neighboring networks next to yours? - There is has unknown device (near, I think it is keenetic), which broadcast 1 Wireless network on 2.4 and 5 hz. It is always works.
I'll try use your commands tommorow, when there will lot of people.
12-04-2023 06:19 AM
@Aleksandr123 wrote:
They can download and upload, but have problem with lost packet or long time response from resourse. Doesn't metter it will external or internal resource.
The config looks fine. (smart-rf policy looks to be completely default and may need some tweaking)
Based on your original comments and your clarification here, it now sounds like a wireless medium problem. Possibly channel interference or high channel utilization. Question, do you see this problem with all areas (all areas with the APs?) How large of an area is this where all of the APs are placed? What sort of environment is it? Are there neighboring networks next to yours?
Try running a few queries:
show smart-rf history
show smart-rf radio on default (will be a lot of output)
show smart-rf interterfering-ap on default
12-02-2023 12:05 AM
Hello. No, all clients have access to external or internal resources. They can download and upload, but have problem with lost packet or long time response from resourse. Doesn't metter it will external or internal resource.
Hello. Thank you for advise. I will try service command for debug traffic. I have upgraded firmware from 7.7.1 to 7.9.2 yesterday, but problem is saving. Also, between my config:
! Configuration of AP410-1 version 7.9.3.0-023R
!
!
version 2.7
!
!
client-identity-group default
load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
mac access-list PERMIT-ARP-AND-IPv4
permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
permit any
!
firewall-policy default
no ip dos tcp-sequence-past-window
no stateful-packet-inspection-l2
ip tcp adjust-mss 1400
!
!
mint-policy global-default
!
meshpoint-qos-policy default
!
wlan-qos-policy default
qos trust dscp
qos trust wmm
!
radio-qos-policy default
!
wlan FREE_TEST
ssid FREE_TEST
vlan 73
bridging-mode local
encryption-type ccmp
authentication-type none
fast-bss-transition
wpa-wpa2 psk 0 password
wpa-wpa2 exclude-wpa2-tkip
wpa-wpa2 use-sha256-akm
!
wlan Guest
ssid Guest
vlan 31
bridging-mode local
encryption-type none
authentication-type none
!
wlan PFT
ssid PFT
vlan 12
bridging-mode local
encryption-type ccmp
authentication-type none
wpa-wpa2 psk 0 password
wpa-wpa2 exclude-wpa2-tkip
wpa-wpa2 use-sha256-akm
!
smart-rf-policy default
no select-shutdown
no smart-sensor
smart-sensor auto-trigger
smart-sensor band smart-band-5GHz
smart-sensor tri-radio-only
!
wips-policy default
!
auto-provisioning-policy "Auto-Provisioning AP410-i"
adopt ap410-1 precedence 1 profile default-ap410-1 rf-domain default vlan 30
!
!
management-policy default
telnet
no http server
https server
rest-server
no ftp
ssh
ssh enable-weak-mac-algo 1
user admin password 1 6f71018a2682e24d8916a8b725e6105f286495b79097e65d14bb86bb8524a527 role superuser access all
snmp-server community 0 private rw
snmp-server community 0 public ro
snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
!
profile ap410-1 default-ap410-1
ip default-gateway 10.76.30.1
autoinstall configuration
autoinstall firmware
crypto ikev1 policy ikev1-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ikev2 policy ikev2-default
isakmp-proposal default encryption aes-256 group 2 hash sha
crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
crypto ikev1 remote-vpn
crypto ikev2 remote-vpn
crypto auto-ipsec-secure
crypto load-management
crypto remote-vpn-client
interface radio1
antenna-mode 2x2
interface radio2
wlan FREE_TEST bss 1 primary
wlan Guest bss 2 primary
wlan PFT bss 3 primary
antenna-mode 4x4
interface radio3
shutdown
interface ge1
switchport mode trunk
switchport trunk allowed vlan 12,30-31,73
switchport trunk native vlan 30
spanning-tree force-version 1
interface ge2
switchport mode trunk
switchport trunk allowed vlan 1,35
interface vlan1
ip address dhcp
ip address zeroconf secondary
ip dhcp client request options all
shutdown
interface vlan12
description TSD
interface vlan30
description Management
ip address dhcp
interface vlan31
description Guest
interface vlan35
description test
interface vlan73
description USERS
interface pppoe1
interface usb0
use firewall-policy default
use auto-provisioning-policy "Auto-Provisioning AP410-i"
use client-identity-group default
virtual-controller auto
virtual-controller management-interface ip address 10.76.30.5/24
virtual-controller management-interface vlan 30
rf-domain-manager capable
logging on
controller vlan 30
service pm sys-restart
router ospf
adoption-mode controller
!
rf-domain default
timezone Asia/Almaty
country-code kz
ad-wips-wireless-mitigation disable
ad-wips-wired-mitigation disable
!
ap410-1 B0-27-CF-CF-72-A5
use profile default-ap410-1
use rf-domain default
hostname WiFi-1
no lci-config
rf-domain-manager priority 255
!
ap410-1 B0-27-CF-CF-74-31
use profile default-ap410-1
use rf-domain default
hostname WiFi-3
no lci-config
!
ap410-1 B0-27-CF-CF-B7-21
use profile default-ap410-1
use rf-domain default
hostname WiFi-2
no lci-config
!
ap410-1 B0-27-CF-CF-B8-8F
use profile default-ap410-1
use rf-domain default
hostname WiFi-8
no lci-config
interface radio2
power 4
no rf-domain-manager priority
!
ap410-1 B0-27-CF-CF-B8-9B
use profile default-ap410-1
use rf-domain default
hostname WiFi-11
no lci-config
!
ap410-1 B0-27-CF-CF-B8-B9
use profile default-ap410-1
use rf-domain default
hostname WiFi-9
no lci-config
!
ap410-1 B0-27-CF-CF-B8-BF
use profile default-ap410-1
use rf-domain default
hostname WiFi-10
no lci-config
!
ap410-1 B0-27-CF-CF-B8-E9
use profile default-ap410-1
use rf-domain default
hostname WiFi-6
no lci-config
!
ap410-1 B0-27-CF-CF-B9-49
use profile default-ap410-1
use rf-domain default
hostname WiFi-5
no lci-config
!
ap410-1 B0-27-CF-CF-B9-79
use profile default-ap410-1
use rf-domain default
hostname WiFi-7
no lci-config
!
ap410-1 B0-27-CF-CF-B9-A9
use profile default-ap410-1
use rf-domain default
hostname WiFi-4
no lci-config
!
!
end
12-01-2023 06:46 AM
So a wireless client can access INTERNAL resources on the WLAN but not anything on the Internet, correct?
My first suspicion is DNS. From the connected wireless client, see if it can properly resolve an Internet website. (example, PING www.google.com and see if a correct IP address is returned). Also, make sure you can reach/PING your default route for the Internet.