cancel
Showing results for 
Search instead for 
Did you mean: 

Wireless wifi hang AP410

Wireless wifi hang AP410

Radoslaw
New Contributor

Hi everyone, I have a working Wifi network on three AP410s with one acting as a controller. I have 3 networks running, 2 using Capiveportal and one on the preshared key.
The problem are that networksby after some time hangs. Captive portla does not display welcome page, wifi with preshared key after login does not routing any trafic. After restarting the AP (only the controller), everything goes back to normal. Sometimes the AP hangs after a day of work and sometimes after a week or even two. Is there any possibility to set an automatic restart of the AP? Or how to fix this bug? In system I don’t see any errors.

Configuration of Wing (i mask the users of captive and MAC address):

ST-CON0#show running-config
!
! Configuration of AP410 version 7.3.0.0-038R
!
!
version 2.7
!
!
client-identity-group default
 load default-fingerprints
!
ip access-list BROADCAST-MULTICAST-CONTROL
 permit tcp any any rule-precedence 10 rule-description "permit all TCP traffic"
 permit udp any eq 67 any eq dhcpc rule-precedence 11 rule-description "permit DHCP replies"
 deny udp any range 137 138 any range 137 138 rule-precedence 20 rule-description "deny windows netbios"
 deny ip any 224.0.0.0/4 rule-precedence 21 rule-description "deny IP multicast"
 deny ip any host 255.255.255.255 rule-precedence 22 rule-description "deny IP local broadcast"
 permit ip any any rule-precedence 100 rule-description "permit all IP traffic"
!
ip access-list wlan2-firewall
 deny ip any 10.10.10.0/24 rule-precedence 1
 permit ip any 192.168.1.0/24 rule-precedence 2
 deny ip any 192.168.99.0/24 rule-precedence 3
 permit ip any any rule-precedence 4
 deny ip any any rule-precedence 5
!
mac access-list PERMIT-ARP-AND-IPv4
 permit any any type ip rule-precedence 10 rule-description "permit all IPv4 traffic"
 permit any any type arp rule-precedence 20 rule-description "permit all ARP traffic"
!
ip snmp-access-list default
 permit any
!
firewall-policy default
 no ip dos smurf
 no ip dos twinge
 no ip dos invalid-protocol
 no ip dos router-advt
 no ip dos router-solicit
 no ip dos option-route
 no ip dos ascend
 no ip dos chargen
 no ip dos fraggle
 no ip dos snork
 no ip dos ftp-bounce
 no ip dos tcp-intercept
 no ip dos broadcast-multicast-icmp
 no ip dos land
 no ip dos tcp-xmas-scan
 no ip dos tcp-null-scan
 no ip dos winnuke
 no ip dos tcp-fin-scan
 no ip dos udp-short-hdr
 no ip dos tcp-post-syn
 no ip dos tcphdrfrag
 no ip dos ip-ttl-zero
 no ip dos ipspoof
 no ip dos tcp-bad-sequence
 no ip dos tcp-sequence-past-window
 no ipv6 dos multicast-icmpv6
 no ipv6 dos hop-limit-zero
 no ipv6 dos tcp-intercept-mobility
 no stateful-packet-inspection-l2
 ip tcp adjust-mss 1400
!
!
mint-policy global-default
!
wlan-qos-policy default
 qos trust dscp
 qos trust wmm
!
radio-qos-policy default
!
aaa-policy default-onboard
 authentication server 1 onboard self
!
association-acl-policy Startowa-ACL
 permit 00-1D-60-19-EC-0D 00-1D-60-19-EC-0D precedence 2
 deny 00-00-00-00-00-00 FF-FF-FF-FF-FF-FF precedence 3
!
captive-portal default-onboard
 server host guest-access.net
 terms-agreement
 webpage internal org-name Startowa
 webpage internal org-signature Startowa. All Rights Reserved.
 webpage internal login header Witamy w sieci Startowa Edu Wifi.
 webpage internal login title Startowa Edu Wifi
 webpage internal welcome header Witamy.
 webpage internal welcome title Startowa Edu Wifi
 webpage internal welcome body-background-color #00cc00
 webpage internal fail title Startowa Edu Wifi
 webpage internal fail body-background-color #ff0000
 webpage internal agreement header Warunki korzystania z sieci Wifi.
 webpage internal acknowledgement header Witamy ponownie.
 webpage internal acknowledgement title Startowa Edu Wifi
 webpage internal acknowledgement body-background-color #00cc00
 webpage internal registration title Startowa Edu Wifi
 webpage internal no-service header Serwis jest niedostepny
 webpage internal no-service title Startowa Edu Wifi
 webpage internal no-service body-background-color #ff0000
 use aaa-policy default-onboard
 webpage internal registration field city type text enable label "City" placeholder "Enter City"
 webpage internal registration field street type text enable label "Address" placeholder "123 Any Street"
 webpage internal registration field name type text enable label "Full Name" placeholder "Enter First Name, Last Name"
 webpage internal registration field zip type number enable label "Zip" placeholder "Zip"
 webpage internal registration field via-sms type checkbox enable title "SMS Preferred"
 webpage internal registration field mobile type number enable label "Mobile" placeholder "Mobile Number with Country code"
 webpage internal registration field age-range type dropdown-menu enable label "Age Range" title "Age Range"
 webpage internal registration field email type e-address enable mandatory label "Email" placeholder "you@domain.com"
 webpage internal registration field via-email type checkbox enable title "Email Preferred"
!
captive-portal default-onboard2
 server host guest-access.net
 terms-agreement
 webpage internal org-name Startowa
 webpage internal login header Witamy w sieci Startowa Gosc Wifi
 webpage internal login title Startowa Edu Wifi
 webpage internal welcome header Witamy.
 webpage internal welcome title Startowa Gosc Wifi
 webpage internal welcome body-background-color #00cc00
 webpage internal fail title Startowa Gosc Wifi
 webpage internal fail body-background-color #ff0000
 webpage internal agreement header Warunki korzystania z sieci Wifi.
 webpage internal agreement title Regulamin korzystania z sieci WiFi
 webpage internal acknowledgement header Witamy ponownie.
 webpage internal acknowledgement title Startowa Gosc Wifi
 webpage internal acknowledgement body-background-color #00cc00
 webpage internal registration title Startowa Gosc Wifi
 webpage internal no-service header Serwis jest niedostepny
 webpage internal no-service title Startowa Gosc Wifi
 webpage internal no-service body-background-color #ff0000
 use aaa-policy default-onboard
 webpage internal registration field city type text enable label "City" placeholder "Enter City"
 webpage internal registration field street type text enable label "Address" placeholder "123 Any Street"
 webpage internal registration field name type text enable label "Full Name" placeholder "Enter First Name, Last Name"
 webpage internal registration field zip type number enable label "Zip" placeholder "Zip"
 webpage internal registration field via-sms type checkbox enable title "SMS Preferred"
 webpage internal registration field mobile type number enable label "Mobile" placeholder "Mobile Number with Country code"
 webpage internal registration field age-range type dropdown-menu enable label "Age Range" title "Age Range"
 webpage internal registration field email type e-address enable mandatory label "Email" placeholder "you@domain.com"
 webpage internal registration field via-email type checkbox enable title "Email Preferred"
!
wlan wlan1
 ssid ST-EDU
 vlan 2
 bridging-mode local
 encryption-type none
 authentication-type none
 no multi-band-operation
 no protected-mgmt-frames
 use captive-portal default-onboard
 captive-portal-enforcement
!
wlan wlan2
 ssid ST-Gosc
 vlan 3
 bridging-mode local
 encryption-type none
 authentication-type none
 no multi-band-operation
 no protected-mgmt-frames
 use captive-portal default-onboard2
 captive-portal-enforcement
 use ip-access-list in wlan2-firewall
 use ip-access-list out wlan2-firewall
!
wlan wlan3
 ssid ST-Approved
 vlan 2
 bridging-mode local
 encryption-type ccmp
 authentication-type none
 no multi-band-operation
 no protected-mgmt-frames
 wpa-wpa2 psk 0 P@ssw0rd
 use association-acl-policy Startowa-ACL
!
smart-rf-policy default
 no select-shutdown
 no smart-sensor
 smart-sensor auto-trigger
 smart-sensor band smart-band-5GHz
!
wips-policy default
!
radius-group Gosc-group
 guest
 policy ssid ST-Gosc
 policy session-time 60
!
radius-group Nau-Group
 policy session-time 720
!
radius-user-pool-policy Gosc-Pools
 user Gosc password 0 654321 group Gosc-group guest expiry-time 19:50 expiry-date 12/14/2021 start-time 19:50 start-date 12/15/2020 access-duration  60
!
radius-user-pool-policy Nau-Pools
 user user1 password 0 123456 group Nau-Group
 user r.dusz password 0 123456 group Nau-Group
 user x.x.6345 password 0 123456 group Nau-Group

!
radius-server-policy default
 use radius-user-pool-policy Gosc-Pools
 use radius-user-pool-policy Nau-Pools
!
dhcp-server-policy default
 dhcp-pool DHCP-EDU-Vlan2
  network 10.10.10.0/24
  address range 10.10.10.20 10.10.10.200
  default-router 10.10.10.11
  dns-server  10.10.10.11
 dhcp-pool DCHP-Gosc-Vlan3
  network 10.10.11.0/24
  address range 10.10.11.20 10.10.11.200
  lease 0 1
  default-router 10.10.11.11
  dns-server  10.10.11.11
!
!
management-policy default
 telnet
 no http server
 https server
 rest-server
 ssh
 user admin password 1 bffa869b7d3eafdb805785073800558f907fbb0f8e11417617ffe2de9edb7199 role superuser access all
 user AR password 1 c5a15be4b07aaa7d44bbf469ef180983a88374ab5840ee221bc3c3647115dae6 role web-user-admin
 snmp-server community 0 private rw
 snmp-server community 0 public ro
 snmp-server user snmptrap v3 encrypted des auth md5 0 admin123
 snmp-server user snmpmanager v3 encrypted des auth md5 0 admin123
!
event-system-policy default
!
profile ap410 default-ap410
 ip name-server 8.8.8.8
 ip name-server 192.168.1.6
 ip default-gateway 192.168.1.1
 autoinstall configuration
 autoinstall firmware
 use radius-server-policy default
 crypto ikev1 policy ikev1-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ikev2 policy ikev2-default
  isakmp-proposal default encryption aes-256 group 2 hash sha
 crypto ipsec transform-set default esp-aes-256 esp-sha-hmac
 crypto ikev1 remote-vpn
 crypto ikev2 remote-vpn
 crypto auto-ipsec-secure
 crypto load-management
 crypto remote-vpn-client
 interface radio1
  wlan wlan3 bss 1 primary
  wlan wlan1 bss 2 primary
  wlan wlan2 bss 3 primary
  antenna-mode 2x2
  no 11axSupport
 interface radio2
  wlan wlan1 bss 1 primary
  wlan wlan3 bss 2 primary
  antenna-mode 2x2
  no 11axSupport
 interface radio3
 interface bluetooth1
  shutdown
  mode le-sensor
 interface ge1
  switchport mode trunk
  switchport trunk allowed vlan 1-3
 interface ge2
 interface vlan1
  ip address dhcp
  ip address zeroconf secondary
  ip dhcp client request options all
 interface vlan2
  description "Cap ST-EDU"
  ip nat inside
 interface vlan3
  description "Cap ST-Gosc"
  ip nat inside
 use dhcp-server-policy default
 use firewall-policy default
 use captive-portal server default-onboard
 use captive-portal server default-onboard2
 ntp server 192.168.1.6
 use client-identity-group default
 ip dns-server-forward
 logging on
 ip nat inside source list BROADCAST-MULTICAST-CONTROL precedence 1 interface vlan1 overload
 service pm sys-restart
 router ospf
 adoption-mode controller
 !
rf-domain default
 location Hol
 contact raddus@wp.pl
 timezone Etc/GMT+1
 country-code pl
 !
ap410 48-9B-D5-FE-00-00
 use profile default-ap410
 use rf-domain default
 hostname ST-AP02
 ip name-server 8.8.8.8
 ip name-server 192.168.1.6
 interface vlan1
  ip address 192.168.1.223/24
 interface vlan2
  ip address 10.10.10.13/24
 interface vlan3
  ip address 10.10.11.13/24
 !
ap410 48-9B-D5-FE-00-01
 use profile default-ap410
 use rf-domain default
 hostname ST-AP01
 ip name-server 8.8.8.8
 ip name-server 192.168.1.6
 area Wysoki
 floor Ip
 use radius-server-policy default
 interface radio1
  no shutdown
 interface radio2
  no shutdown
 interface vlan1
  ip address 192.168.1.222/24
  ip address zeroconf secondary
 interface vlan2
  ip address 10.10.10.12/24
  ip nat inside
 interface vlan3
  ip address 10.10.11.12/24
 ip dns-server-forward
 !
ap410 48-9B-D5-FE-00-02
 use profile default-ap410
 use rf-domain default
 hostname ST-CON0
 ip name-server 8.8.8.8
 ip name-server 192.168.1.6
 area Aula
 floor Parter
 ip default-gateway 192.168.1.1
 use radius-server-policy default
 interface radio1
  no shutdown
  no 11axSupport
 interface radio2
  no shutdown
  no 11axSupport
 interface vlan1
  description "Virtual Interface for LAN by Wizard"
  ip address 192.168.1.221/24
  no ip dhcp client request options all
  no ip nat
 interface vlan2
  ip address 10.10.10.11/24
  ip nat inside
 interface vlan3
  ip address 10.10.11.11/24
  ip nat inside
 virtual-controller
 rf-domain-manager capable
 ip dns-server-forward
 no adoption-mode
 !
 !
 end
ST-CON0#
 

1 ACCEPTED SOLUTION

Daren_Ellis
Contributor II

Hi Radoslaw,

Before troubleshooting further can you remove DHCP from the AP profile and only enable it on the VC, also upgrade these AP to a newer version of code.
If the issue persists after the upgrade please open a ticket with GTAC and provide the tech-support before and after the reboot.

Note: 
Also provide in more details on what function(s) of the AP are stuck.

View solution in original post

1 REPLY 1

Daren_Ellis
Contributor II

Hi Radoslaw,

Before troubleshooting further can you remove DHCP from the AP profile and only enable it on the VC, also upgrade these AP to a newer version of code.
If the issue persists after the upgrade please open a ticket with GTAC and provide the tech-support before and after the reboot.

Note: 
Also provide in more details on what function(s) of the AP are stuck.

GTM-P2G8KFN