01-10-2024 06:28 PM
AC : NX7500 version 7.5.1.6-001R
1. The APs emitted several signals, including the W1 signal(802.1X authentication). Yesterday, the terminals connected to the W1 signal was disconnected at 17:00 and could not connect to the W1 signal. The other signals were normal, and after more than ten minutes, the W1 signal could be connected and returned to normal. May I ask how to find out what caused it?
2. The W1 signal is hidden, but the customer said that the signal can still be seen by terminals that have not connected to the W1 signal before. How should this be checked?
wlan W1
description Associate Laptops (Wireless)
ssid W1
vlan 2
bridging-mode local
encryption-type tkip-ccmp
authentication-type eap
dynamic-vlan-assignment allowed-vlans 2001,3001,1088
no broadcast-ssid
no answer-broadcast-probes
no client-client-communication
no multi-band-operation
no protected-mgmt-frames
radius vlan-assignment
accounting radius
accounting syslog host 10.x.x.x port 514 proxy-mode through-controller
use aaa-policy LinkBroad
use mac-access-list in PERMIT-ARP-AND-IPv4-DENY-IPv6
use mac-access-list out PERMIT-ARP-AND-IPv4-DENY-IPv6
proxy-arp-mode strict
Please help me, Big Shots. Thank you very much!
Solved! Go to Solution.
01-11-2024 06:02 AM
Hello Liuc,
Above data is not sufficient to determine root cause, but from above configs I would start by changing the WLAN encryption type to:
encryption-type ccmp
If issue persists, we'll need more data to analyze and would recommend opening a GTAC ticket for same.
BR,
01-12-2024 02:46 AM
hi
as you use radius for authentication, have you checked the radius log if che clients maybe get denied?
as alternative, you can debug the authentication process of the client using this commands:
remote-debug wireless rf-domain <rfd-name> clients <client mac / all> max-events <e.g.10000> duration <e.g. 500> events <eap radius wpa-wpa2>
there are more events possible > use ? to see
With options eap, radius, wpa-wpa2 you can see infos about the authentication process and the 4-way-handshake of the client.
for example, with this you can see if the radius server sends an answer and if it is a reject/accept or if the handshake fails.
nr
rmu
01-11-2024 06:02 AM
Hello Liuc,
Above data is not sufficient to determine root cause, but from above configs I would start by changing the WLAN encryption type to:
encryption-type ccmp
If issue persists, we'll need more data to analyze and would recommend opening a GTAC ticket for same.
BR,