A STA Fails to Go Online

WLAN Troubleshooting Guide

About This Document
Using eDesk Pro for Network Inspection and Troubleshooting
Using Troubleshooting Insights
Risky Operations
- Hardware-Related Risky Operations
- Software-Related Risky Operations
Routine Maintenance
- Routine Maintenance Overview
- Before You Start
- Checking the Device Environment
  - Checking the Equipment Room Environment
  - Checking the Cable Status
- Checking Basic Device Information
  - Checking the Indicator Status
  - Checking for Critical or Major Alarms on an AC
- Checking the Device Running Status
- Checking Interface Information
- Checking Services
  - Checking the User Status
- Fault Information Collection and Feedback
Troubleshooting: Hardware
- Hardware Overview
- Troubleshooting Guidelines for Hardware
- Troubleshooting Cases for Hardware Faults
- Hardware FAQs
Troubleshooting: STA Experience Faults
- Troubleshooting Guidelines for STA Experience Faults
- Troubleshooting Cases for STA Experience Issues
- STA Experience FAQs
Troubleshooting: AP Joining Faults
- Troubleshooting Guidelines for AP Joining Faults
  - An AP Fails to Go Online on the AC
  - An AP Goes Offline Unexpectedly
- Troubleshooting Cases for AP Onboarding Issues
- AP Onboarding FAQs
Troubleshooting: STA Onboarding Faults
- Troubleshooting Guidelines for STA Onboarding Faults
- Troubleshooting Cases for STA Onboarding Issues
- STA Onboarding FAQs
Troubleshooting: Wireless Access Authentication Issues
- 802.1X Authentication Failures
- HTTP-based External Portal Authentication Failures
- Failures in External Portal Authentication Using the Portal Protocol
- Portal Redirection Failures
- Built-in Portal LDAP or AD Authentication Failures
- Failure to Access the Built-in Portal Page
  - Key Configuration Check
  - Common Built-in Portal Page Access Failures
- Troubleshooting Cases for STA Authentication Failures
- WLAN Authentication FAQs
Troubleshooting: Device Login Faults
- Troubleshooting Guidelines for Device Login Faults
- Device Login FAQs
Troubleshooting: Device Upgrade Faults
- Troubleshooting Guidelines for Device Upgrade Faults
- Troubleshooting Cases for Device Upgrade Failures
  - Case Study: Intelligent Upgrade Fails Because the CA Certificate on the AC Does Not Match That on the HOUP Server
  - Case Study: AP5030DN Upgrade and Mode Switching Are Abnormal Because the AP5030DN Enters the Assistant Package Mode
- Device Upgrade FAQs
Troubleshooting: Device Management Faults
- Troubleshooting Guidelines for Device Management Faults
- Device Management FAQs
Troubleshooting: Reliability Faults
- Troubleshooting Guidelines for Reliability Faults
- Troubleshooting Cases for Reliability Issues
- Reliability FAQs
Troubleshooting: Wireless Bridge Service Faults
- Troubleshooting Guidelines for Wireless Bridge Service Faults
- Wireless Bridge FAQs
Troubleshooting: Radio Management Service Faults
- Troubleshooting Guidelines for Radio Management Service Faults
  - Radio Calibration Does Not Take Effect
  - AI Roaming Does Not Take Effect
- Radio Management FAQs
Troubleshooting: Cloud Management Faults
- Troubleshooting Guidelines for Cloud Management Faults
- Troubleshooting Cases for Cloud Management Faults
  - Case Study: Fit APs Managed by a Cloud AC Fail to Go Online Due to Insufficient License Resources on the Cloud Management Platform
  - Case Study: In a VRRP Backup Scenario, a Loop Occurs on the Network When ACs Connect to the Cloud in PnP Auto-Negotiation Mode
Troubleshooting: CPE Service Faults
- Troubleshooting Guidelines for CPE Service Faults
- Troubleshooting Cases for CPE Service Faults
  - Case Study: When a CPE Roams Repeatedly, Terminals Connected to the CPE Are Intermittently Disconnected
  - Case Study: An Exception Occurs on a CPE Tunnel Due to EoGRE Configuration Changes
- CPE Service FAQs
  - How Can I Know the CPE Connected to a Wired Terminal and Its Uplink AP?
  - How Do I Collect CPE Fault Information by One Click?
Troubleshooting: Others
- Troubleshooting Guidelines for Other WLAN Service Faults
  - User Rate Limiting Does Not Take Effect
- Troubleshooting Cases for Other WLAN Service Issues
  - Case Study: Two STAs Connected to the Same SSID on the Same AP Cannot Communicate with Each Other Because the traffic-optimize bcmc deny all Command Is Executed on the Device
- FAQs About Other WLAN Services
TechNotes
- WLAN Network Optimization
- How an AP Joins an AC and Troubleshooting Any Join Failures
- How to Log In to WLAN ACs and APs
- Troubleshooting WLAN Password Issues
- AP Mode Switching - Overview, Configuration Examples, and Troubleshooting
- TechNotes: Mapping Between WACs and APs
- TechNotes: Wireless Packet Obtaining
- VLAN Deployment Guide for WLAN
- WLAN Performance Test Guide
- How to Configure Option 43 When Huawei APs Are Connected to DHCP Servers of Different Vendors
- Common WLAN Configuration Errors
Appendix: Common Information Collection and Fault Diagnostic Commands
- Information Collection
- Typical Fault Information Collection
- System Maintenance Methods
- Common Fault Diagnostic Commands
Appendix: Indicators
Contacting Huawei Technical Support

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

A STA Fails to Go Online

Symptom

A STA fails to go online.

Possible Causes

No service VLAN is configured in the VAP profile, or the service VLAN is configured the same as the management VLAN.
A VLAN pool is configured in the VAP profile, but not all VLANs in the VLAN pool are enabled.
The STA blacklist or whitelist function is configured.
The radio mode on the STA is different from that on the AP.
The number of associated STAs on the AP or VAP has reached the upper limit.
The basic rate set of the STA does not match that of the AP.
In WPA/WPA2 authentication and encryption mode, the association frames sent by the STA do not carry encryption-related fields.
User call admission control (CAC) is enabled on the device.
The STA's MAC address is in the dynamic blacklist.
The AP rejects access of STAs after load balancing is configured.
The user enters an incorrect key.
Key negotiation fails.
The channel utilization of the AP radio is too high, and the air interface is busy.
The wired port profile is incorrectly configured.
The authentication server configuration is incorrect.
The SSID contains special characters.
The radios of the AP are not enabled.
In scenarios where the offline service holding function is enabled, the timeout period of the CAPWAP link between the AP and AC is too long.
Authentication is repeatedly configured on the intermediate network device.
The AP with which the STA is associated is contained by an AC on another WLAN.
The high-reliability air interface slicing function is enabled on the radio, but the STA does not support this function (in V200R022C00 and later versions).

Troubleshooting Procedure

Click to enlarge

Run the display station online-fail-record sta-mac sta-mac command to check the causes of STA online failures.

[AC-wlan-view] display station online-fail-record sta-mac f06b-ca63-313d
------------------------------------------------------------------------------
STA MAC         AP ID Ap name  Rf/WLAN    Last record time
Reason
------------------------------------------------------------------------------
f06b-ca63-313d  2     ap-10    0/1        2015-12-03/19:05:12
The STA is in the VAP's blacklist.
------------------------------------------------------------------------------
Total stations: 1 Total records: 1

The following table uses V200R022C10 as an example to describe the reasons and handling suggestions for STA onboarding failures. For other versions, see the corresponding command lines in the product documentation.

If the failure causes are displayed, rectify the fault according to the following table and subsequent operations. If the failure causes cannot be found, go to step 12.

Causes for STA Online Failures	Handling Suggestion
STA authentication times out.	Reassociate the STA with the network. If this fault persists, contact technical support personnel.
Invalid association request packet.	Reassociate the STA with the network. If this fault persists, the STA may have compatibility issues. Contact technical support personnel.
The encryption mode is inconsistent on the STA and AP.	Ensure that the encryption mode is consistent on the STA and AP.
Authentication fails in the association stage.	Reassociate the STA with the network. If this fault persists, contact technical support personnel.
The STA is not authenticated.	Reassociate the STA with the network. If this fault persists, contact technical support personnel.
The AP does not support the rate set specified in the association request packet of the STA.	Change the basic rate set in the radio profile and reassociate the STA with the network.
The encryption algorithm is inconsistent on the STA and AP.	Ensure that the encryption algorithm is consistent on the STA and AP.
Failed to decrypt the challenge packet.	Verify that the STA works properly and reassociate the STA with the network. If this fault persists, contact technical support personnel.
Access from legacy STAs is denied.	Verify that access from legacy STAs is denied. To allow access from legacy STAs, run the undo legacy-station disable command.
The number of STAs exceeds the physical specifications allowed by the AP.	Expand the network capacity or retain the current configuration as required.
The WMM capability of the STA and VAP does not match.	Check whether the WMM function is enabled in the radio profile or check the WMM configuration on the STA.
STAs have a compatibility issue(Incorrect network type flag carried by STAs) .	Verify that the STA works properly and reassociate the STA with the network. If this fault persists, contact technical support personnel.
STAs have a compatibility issue(STAs do not support short timeslots).	Check whether the STA supports 802.11g.
STAs have a compatibility issue(STAs do not support DFS.)	Check whether the STA supports 802.11h.
The number of associated STAs exceeds the maximum allowed by the AC.	Check whether the WLAN capacity needs to be expanded.
The STA is not in the global whitelist.	Check whether the STA needs to be added to the global whitelist.
The STA is in the global blacklist.	Check whether the STA needs to be added to the global blacklist.
The STA is not in the VAP's whitelist.	Check whether the STA needs to be added to the VAP's whitelist.
The STA is in the VAP's blacklist.	Check whether the STA needs to be added to the VAP's blacklist.
The STA associates with a heavily loaded radio.	Check whether the threshold for load balancing is proper.
The STA is in the dynamic blacklist.	Check the attack records and check whether the STA has initiated attacks.
The association or reassociation packet check fails.	Reassociate the STA with the network. If this fault persists, contact technical support personnel.
The number of STAs exceeds the maximum allowed in the VAP reported by the AP.	Expand the network capacity or run the max-sta-number command to increase the maximum number of STAs associated with the VAP.
The STA uses a static IP address.	Check whether the STA uses a static IP address. Unless otherwise specified, configure the STA to obtain an IP address dynamically.
The STA's SNR is below the user CAC threshold.	Check whether the SNR-based user CAC threshold is properly set. To change the threshold, run the uac client-snr threshold command, and reassociate the STA with the network. Alternatively, determine the STA location and provide coverage to the location.
The number of STAs exceeds the UAC threshold of the radio.	Check whether the user CAC threshold based on the number of users is properly set. To change the threshold, run the uac client-number threshold command, and reassociate the STA with the network.
The channel utilization of the radio has reached the upper threshold.	Check whether the user CAC threshold based on the channel utilization is properly set. To change the threshold, run the uac channel-utilization threshold command, and reassociate the STA with the network.
The STA does not send an authentication request before associating with the network.	Reassociate the STA with the network. If this fault persists, contact technical support personnel.
The key is incorrect or the STA uses the cached PMK.	Ensure that the STA uses the correct key and reassociate the STA with the network. If this fault persists, contact technical support personnel.
Failed to receive the handshake packet (2/4) from the STA.	Ensure that the STA uses the correct key and reassociate the STA with the network. If this fault persists, contact technical support personnel.
Failed to receive the handshake packet (4/4) from the STA.	Ensure that the STA uses the correct key and reassociate the STA with the network. If this fault persists, contact technical support personnel.
WAPI authentication times out.	Check the network quality or reassociate the STA with the network. If this fault persists, contact technical support personnel.
Reauthentication fails.	Check the intermediate network between the AP and AC or reassociate the STA with the network. If this fault persists, contact technical support personnel.
Authentication fails.	Reassociate the STA with the network. If this fault persists, contact technical support personnel.
The authentication request times out.	Reassociate the STA with the network. If this fault persists, contact technical support personnel.
Key negotiation fails.	Ensure that the STA uses the correct key and reassociate the STA with the network. If this fault persists, contact technical support personnel.
Exceeded the maximum number of users on the central AP.	Check whether the WLAN capacity needs to be expanded.
Key negotiation fails(the length of the key data(2/4) is invalid).	Verify that the correct password is entered on the STA. If this fault persists, contact technical support personnel.
Key negotiation fails(the length of the key data(4/4) is invalid).	Verify that the correct password is entered on the STA. If this fault persists, contact technical support personnel.
Key negotiation fails(fail to send the handshake packet).	Verify that the correct password is entered on the STA. If this fault persists, contact technical support personnel.
Key negotiation fails(the key information of the handshake packet is invalid).	Verify that the correct password is entered on the STA. If this fault persists, contact technical support personnel.
The radio type is inconsistent between the AC and AP.	Run the display ap config-info command to verify the AP radio configuration.
The navi-AC status is abnormal.	When a STA goes online through the VAP for remote authentication, the Navi AC link is not established or an exception occurs. You need to check the Navi AC configuration and network status.
VAP configurations on the Local AC and Navi AC are different.	Check the VAP configurations on the local AC and Navi AC.
The number of associated STAs exceeds the maximum specifications of the Navi AC.	Expand the WLAN capacity.
The local eap server is up but has no reply.	Check whether the local EAP configuration is correct.
Local eap authentication reject.	Check whether the user name and password are correct.
Local Authentication user block.	Run the local-user user-name state active command to activate the local user.
The MAC address of the access user is different from that configured for the PPSK account.	Run the display wlan ppsk-user all command to check whether any PPSK account allows the access from this MAC address. If so, use this PPSK account for access. If not, configure a PPSK account mapping this MAC address and use the new PPSK account for access.
The PPSK account expires.	Run the display wlan ppsk-user all command to check the PPSK account that expires. Set the timeout period of the account to a proper value.
The number of PPSK users exceeds the maximum value.	Run the display wlan ppsk-user all command to check the maximum number of access users using a PPSK account. Increase the maximum number of access users for the PPSK account.
The PPSK account does not exist.	Run the display wlan ppsk-user all command to check whether any PPSK account maps the access SSID. If so, use this PPSK account for access. If not, create a PPSK account and bind it to the SSID.
High-reliability air interface slicing is enabled but is not supported by STA.	Associate the STA with an SSID on which high-reliability air interface slicing is disabled.

Check whether the STA is added to the blacklist or not added to the whitelist. In this case, delete the STA from the blacklist or add the STA to the whitelist.

On a WLAN, a STA blacklist or whitelist can be configured to filter access requests from STAs based on specified rules, allowing authorized STAs to access the WLAN and rejecting unauthorized STAs.

After the whitelist function is enabled, only the STAs in the whitelist can connect to the WLAN.
After the blacklist function is enabled, STAs in the blacklist cannot connect to the WLAN.

If the STA whitelist or blacklist function is enabled but the whitelist or blacklist is empty, all STAs can connect to the WLAN.

The STA blacklist or whitelist function can take effect on STAs associated with VAPs of a specified AP or STAs associated with a specified VAP.

Check whether the STA blacklist or whitelist function is enabled on an AP or a VAP.

[AC6005-wlan-view] display ap-system-profile name test
------------------------------------------------------------------
AC priority                   : -
Protect AC IP address         : -
AP management VLAN            : -
Keep service                  : disable
Keep service allow new access : disable
Temporary management switch   : disable
Mesh role                     : mesh-node
STA access mode               : enable
STA whitelist profile         : -
STA blacklist profile         : black
EAPOL start mode              : multicast
EAPOL start transform         : equal-bssid
EAPOL response mode           : unicast learning
EAPOL response transform      : equal-bssid 
......
[AC6005-wlan-view] display vap-profile name zkm
------------------------------------------------------------------
Service mode                     : enable
Type                             : service
Forward mode                     : tunnel
mDNS centralized-control         : disable
Offline management               : disable
Service VLAN ID                  : 101
Service VLAN Pool                : -
Auto off service switch          : disable
Auto off starttime               : -
Auto off endtime                 : -
STA access mode                  : blacklist
STA blacklist profile            : black
STA whitelist profile            : 
Home agent                       : ap
VLAN mobility group              : 1
Layer3 roam                      : enable
Band steer                       : enable
Learn client address             : enable
......

If the STA blacklist function is configured, check whether the STA is in the blacklist.

[AC6005-wlan-view] display sta-blacklist-profile name black        
----------------------------------------------------------------- 
Index     MAC               Description
-----------------------------------------------------------------
0         0234-2212-3e23                                          
------------------------------------------------------------------
Total: 1

If the STA is blacklisted, delete the STA from the blacklist.

[AC6005-wlan-blacklist-prof-black] undo sta-mac 0234-2212-3e23

If the STA whitelist function is configured, check whether the STA is in the whitelist.

[AC6005-wlan-view] display sta-whitelist-profile name whitelist        
----------------------------------------------------------------- 
Index     MAC               Description
-----------------------------------------------------------------
0         0234-2212-3e23                                          
------------------------------------------------------------------
Total: 1

If the STA is not whitelisted, add the STA to the whitelist.

[AC6005-wlan-view] sta-whitelist-profile name white
[AC6005-wlan-whitelist-prof-white] sta-mac 0234-2212-3e23

Check whether the STA is in the dynamic blacklist.

You can configure WIDS attack detection to identify flood attacks, weak IV attacks, spoofing attacks, and brute force WPA-PSK/WPA2-PSK/WAPI-PSK/WEP-SK key cracking attacks, and record information about attack devices. If the dynamic blacklist function is enabled, the AC automatically adds attack devices to the dynamic blacklist and discards all packets sent from the attack devices. If the STA's MAC address is in the dynamic blacklist, the STA cannot connect to the network.

Check whether WIDS attack detection and dynamic blacklist are enabled on radios of the AP group and APs.

[AC6005-wlan-view] ap-group name group-0
[AC6005-wlan-ap-group-group-0] display this
#
  regulatory-domain-profile domain-0
  wids-profile wids-0
  radio 0
   radio-2g-profile 2g
   vap-profile vap-0 wlan 1 
   wids attack detect enable all
#

[AC6005-wlan-wids-prof-wids-0] display this
#
  dynamic-blacklist enable
#

If the functions are enabled, check whether the STA is in the WIDS dynamic blacklist.

[AC6005-wlan-view] display wlan ids dynamic-blacklist all
#AP: Number of monitor APs that have detected the device
act: Action frame            asr: Association request
aur: Authentication request  daf: Deauthentication frame
dar: Disassociation request  eapl: EAPOL logoff frame
pbr: Probe request           rar: Reassociation request
eaps: EAPOL start frame
-------------------------------------------------------------------------------
MAC address       Last detected time    Reason   #AP
-------------------------------------------------------------------------------
000b-c002-9c81    2014-11-20/16:15:53   pbr      1   
0024-2376-03e9    2014-11-20/16:15:53   pbr      1   
0046-4b74-691f    2014-11-20/16:15:53   act      1   
-------------------------------------------------------------------------------
Total: 3, printed: 3

Currently, only the STAs that flood attack or brute force attack for shared key authentication is detected can be added to the dynamic blacklist.

Therefore, if the STA is in the blacklist, you can cancel detection on flood attacks and brute force attacks for shared key authentication or disable the dynamic blacklist function.

<AC> system-view
[AC] wlan
[AC-wlan-view] ap-group name group-0
[AC-wlan-ap-group-group-0] radio 0
[AC-wlan-group-radio-group-0/0] undo wids attack detect enable flood  //Disable flood attack detection.
[AC-wlan-group-radio-group-0/0] undo wids attack detect enable wep-share-key  //Disable detection on the brute force attack for shared key authentication.
[AC-wlan-group-radio-group-0/0] quit
[AC-wlan-ap-group-group-0] quit
[AC-wlan-view] wids-profile name wids-0
[AC-wlan-wids-prof-wids-0] undo dynamic-blacklist enable  //Disable the dynamic blacklist function.

If WIDS attack defense and dynamic blacklist are disabled, check whether the problem is caused by broadcast flood attack detection. This function is supported since V200R006C20 and is enabled by default. When the AC detects that the number of broadcast packets (such as ARP packets) sent by a STA per second exceeds the threshold (50 by default), the AC discards the excess broadcast packets. If the attack lasts for a period of time, the AC adds the STA to the blacklist. Run the following command to check whether the STA is in the blacklist.

[AC-wlan-view] display station dynamic-blacklist ap-name ap-0
Total: 2
------------------------------------------------------------------
STA MAC        Time left(s) Reason
------------------------------------------------------------------
581f-28fc-7ead 160          other broadcast flood

If the STA is in the blacklist, perform the following operations:

In V200R010 and later versions:

Disable broadcast flood attack detection.

[AC-wlan-view] vap-profile name profile1
[AC-vap-prof-profile1] anti-attack flood other-broadcast disable

Adjust the detection threshold.

[AC-wlan-view] vap-profile name profile1
[AC-vap-prof-profile1] anti-attack flood other-broadcast sta-rate-threshold 100

Disable the flood blacklist function for broadcast packets.

[AC-wlan-view] vap-profile name profile1
[AC-vap-prof-profile1] undo anti-attack flood other-broadcast blacklist enable

In versions earlier than V200R010:

Disable broadcast flood attack detection.

[AC-wlan-view] vap-profile name profile1
[AC-vap-prof-profile1] anti-attack broadcast-flood disable

Adjust the detection threshold.

[AC-wlan-view] vap-profile name profile1
[AC-vap-prof-profile1] anti-attack broadcast-flood sta-rate-threshold 100

Disable the flood blacklist function for broadcast packets.

[AC-wlan-view] vap-profile name profile1
[AC-vap-prof-profile1] anti-attack broadcast-flood blacklist disable

Check whether the access of legacy STAs is denied.
Legacy STAs support only 802.11a, 802.11b, and 802.11g, and provide a data transmission rate far smaller than 802.11n and 802.11ac STAs. If legacy STAs connect to a WLAN, the data transmission rate of 802.11n and 802.11ac STAs will decrease. To prevent the data transmission rate of 802.11n and 802.11ac STAs from being affected, configure APs to deny access of legacy STAs. In this case, if a STA supports only 802.11a, 802.11b, and 802.11g, the STA cannot connect to the WLAN.
1. Check whether the function of denying access from legacy STAs is enabled in the SSID profile.
```
<AC> display ssid-profile name ssid-0
...
Max STA number              : 70
Reach max STA SSID hide     : enable
Legacy station              : disable  //Deny access of legacy STAs.
DTIM interval               : 1
...
```
2. If this function is enabled, disable it to allow access of legacy STAs.
```
[AC6005-wlan-view] ssid-profile name ssid-0
[AC6005-wlan-ssid-prof-ssid-0] undo legacy-station disable
```

Check whether the number of STAs associated with the AP or VAP reaches the maximum.

More STAs associated with a VAP or AP indicate fewer network resources that each STA can use. To ensure Internet access experience of users, you can set a proper maximum number of STAs that can be associated with a VAP or AP. When the number of STAs associated with a VAP or AP reaches the maximum, new STAs cannot connect to the network.

Check the number of STAs associated with the AP and the number of STAs on each radio.

[AC6005-wlan-view] display station ap-id 3
Rf/WLAN: Radio ID/WLAN ID                                                     
Rx/Tx: link receive rate/link transmit rate(Mbps)                             
----------------------------------------------------------------------------------------------
STA MAC          Rf/WLAN  Band  Type  Rx/Tx      RSSI  VLAN  IP address      SSID
----------------------------------------------------------------------------------------------
009a-cdaf-49ae   0/1      2.4G  11n   63/62      -35   101   10.10.10.251    tap
----------------------------------------------------------------------------------------------
Total: 1 2.4G: 1 5G: 0

Check whether the number of STAs associated with a VAP reaches the maximum. If so, you can change the maximum number of STAs that can associate with the VAP.

<AC> display ssid-profile name ssid-0
...
SSID hide                   : disable
Association timeout(min)    : 5
Max STA number              : 64  //A maximum of 64 STAs can be associated with a VAP.
Reach max STA SSID hide     : enable
Legacy station              : disable
...
<AC> system-view
[AC] wlan
[AC-wlan-view] ssid-profile name ssid-0
[AC-wlan-ssid-prof-ssid-0] max-sta-number 70  //Change the maximum number of STAs that can associate with a VAP to 70.

To ensure services run normally, it is recommended that a maximum of 30 STAs associate with a single-band AP, and a maximum of 50 STAs associate with a dual-band AP. You are advised to set a maximum of 30 to 50 STAs to connect to the network.

Check whether the basic rate set on the STA matches that on the AP.

The rates specified in the basic rate set must be supported by both the AP and STA; otherwise, the STA cannot associate with the AP.

Enable the STA to connect to the WLAN for several times and check whether the connection is successful.

If the STA still fails to connect to the WLAN, adjust the basic rate set in the radio profile.

<AC> display radio-2g-profile name 2.4g
...
802.11bg basic rate                    : 48 54  //The basic rate set includes rates 48 Mbit/s and 54 Mbit/s.
802.11bg support rate                  : 1 2 5 6 9 11 12 18 24 36 48 54
Multicast rate 2.4G                    : 11
...
<AC> system-view
[AC] wlan
[AC-wlan-view] radio-2g-profile name 2.4g
[AC-wlan-radio-2g-prof-2.4g] dot11bg basic-rate 1 2 5 11  //Change the rates in the basic rate set to 1 Mbit/s, 2 Mbit/s, 5.5 Mbit/s, and 11 Mbit/s. Here, the rate is not fixed. You can select the basic rate set based on site requirements.

Check whether the authentication and encryption modes of the STA and AP do not match.

STAs support different encryption modes. Some outdated STAs do not support new encryption modes. In this case, configure an encryption mode supported by a STA.

In V200R005 and earlier versions, the recommended encryption mode is WPA/WPA2+PSK+CCMP.
In V200R006 and later versions, the recommended encryption mode is WPA/WPA2+PSK+AES.

Enable the STA to connect to the WLAN for several times and check whether the connection is successful.

If the STA still fails to connect to the WLAN, change the authentication and encryption mode to WPA and WPA2.

<AC> display security-profile name sec1
------------------------------------------------------------
Security policy               : WPA  PSK  //WPA authentication is used.
Encryption                    : AES  //AES encryption is used.
------------------------------------------------------------
WEP's configuration
Key 0                         : Empty
Key 1                         : Empty
...
<AC> system-view
[AC] wlan
[AC-wlan-view] security-profile name sec1
[AC-wlan-sec-prof-sec1] security wpa-wpa2 psk pass-phrase 12345678a aes-tkip  //Configure WPA-WPA2 hybrid authentication and AES-TKIP hybrid encryption.

Check whether user CAC is enabled.

The user CAC function controls user access based on the channel utilization, number of users, or terminal signal-to-noise ratio (SNR) to ensure the Internet access quality of online users. In addition, this function restricts access of weak-signal STAs to reduce the impact of these STAs on others.

After user CAC is configured or access of weak-signal STAs is restricted, STAs that do not meet related conditions cannot connect to the WLAN.

If the STA fails to connect to the WLAN due to weak signals, check whether the signal threshold is properly set. If so, move the STA near the AP to ensure service experience.

<AC> display rrm-profile name rrm-0
------------------------------------------------------------
......
UAC check client's SNR                                 : enable  //The user CAC function based on the terminal SNR is enabled.
UAC client's SNR threshold(dB)                         : 30  //The user CAC threshold based on the terminal SNR is 30 dB.
......
<AC> system-view
[AC] wlan
[AC-wlan-view] rrm-profile name rrm-0
[AC-wlan-rrm-prof-rrm-0] uac client-snr threshold 25  //Decrease the user CAC threshold based on terminal SNR to 25 dB. Set the threshold based on site requirements.

If the STA fails to connect to the WLAN due to high channel utilization, check whether the channel utilization threshold is properly set. The channel utilization dynamically changes based on service traffic on an air interface. A larger amount of service traffic indicates higher channel utilization. You are advised to disable the user CAC function based on the channel utilization unless otherwise required.

<AC> display rrm-profile name rrm-0
------------------------------------------------------------
......
UAC check channel utilization                          : enable  //The user CAC function based on the channel utilization is enabled.
UAC channel utilization access threshold               : 85  //The user CAC threshold based on the channel utilization is 85%.
UAC channel utilization roam threshold                 : 80
......
<AC> system-view
[AC] wlan
[AC-wlan-view] rrm-profile name rrm-0
[AC-wlan-rrm-prof-rrm-0] undo uac channel-utilization enable  //Disable the user CAC function based on the channel utilization.

Check whether the number of access users reaches the user CAC threshold. If so, check whether the user CAC threshold based on the number of users is properly set.

<AC> display rrm-profile name rrm-0
------------------------------------------------------------
......
UAC check client number                                : enable  //The user CAC function based on the number of users is enabled.
UAC client number access threshold                     : 50  //The user CAC threshold based on the number of users is 50.
......
<AC> system-view
[AC] wlan
[AC-wlan-view] rrm-profile name rrm-0
[AC-wlan-rrm-prof-rrm-0] uac client-number threshold access 65  //Increase the user CAC threshold based on the number of users to 65. Set the threshold based on site requirements.

Check whether STA login failure is caused by load balancing.

Enable the STA to connect to the WLAN for several times and check whether the connection is successful.

If the STA still fails to connect to the WLAN, disable load balancing or adjust the load balancing threshold.

Static load balancing

# Display information about static load balancing.

In V200R007C10 and earlier versions:

<AC> display sta-load-balance static-group name cc
------------------------------------------------------------
Group name           : cc
Load-balance status  : balance  //The load of APs in a load balancing group is balanced.
Start threshold      : 5
Gap threshold(%)     : 20  //The load difference threshold for a static load balancing group is 20%.
Deny threshold       : 8
------------------------------------------------------------
......

In V200R007C20 and later versions:

<AC> display sta-load-balance static-group name cc 
------------------------------------------------------------------- 
Group name                             : cc 
Load-balance status                    : balance 
Load-balance mode                      : channel-utilization 
Deny threshold                         : 8 
Sta-number start threshold             : 40 
Sta-number gap threshold(%)            : 20 
Channel-utilization start threshold(%) : 50 
Channel-utilization gap threshold(%)   : 20
------------------------------------------------------------
......

# Adjust the load balancing threshold.

In V200R007C10 and earlier versions:

<AC> system-view
[AC] wlan
[AC-wlan-view] sta-load-balance static-group name cc
[AC-wlan-sta-lb-static-group-cc] gap-threshold 25  //Change the load balancing threshold to 25.

In V200R007C20 and later versions:

<AC> system-view
[AC] wlan
[AC-wlan-view] sta-load-balance static-group name cc
[AC-wlan-sta-lb-static-wlan-static] mode sta-number  //Configure static load balancing based on the number of STAs.
[AC-wlan-sta-lb-static-wlan-static] sta-number start-threshold 10  
[AC-wlan-sta-lb-static-wlan-static] sta-number gap-threshold 5

# Alternatively, disable static load balancing.

<AC> system-view
[AC] wlan
[AC-wlan-view] undo sta-load-balance static-group name cc  //Disable static load balancing.

Dynamic load balancing

# Display information about dynamic load balancing.

In V200R007C10 and earlier versions:

<AC> display rrm-profile name rrm-0
------------------------------------------------------------
......
Station load balance                                   : enable  //Dynamic load balancing is enabled.
Station load balance start threshold                   : 10
Station load balance gap threshold(%)                  : 20  //The load balancing threshold is 20%.
Station load balance deny threshold                    : 3
......

In V200R007C20 and later versions:

<AC> display rrm-profile name rrm-0
------------------------------------------------------------
......
Station load balance                                         : disable 
Station load balance mode                                    : sta-number  
Station load balance deny threshold                          : 6 
Station load balance sta-number start threshold              : 10 
Station load balance sta-number gap threshold(%)             : 20 
Station load balance channel-utilization start threshold(%)  : 50 
Station load balance channel-utilization gap threshold(%)    : 20
......

# Adjust the load balancing threshold.

In V200R007C10 and earlier versions:

<AC> system-view
[AC] wlan
[AC-wlan-view] rrm-profile name rrm-0
[AC-wlan-rrm-prof-rrm-0] sta-load-balance dynamic gap-threshold 25  //Adjust the load balancing threshold.

In V200R007C20 and later versions:

<AC> system-view
[AC] wlan
[AC-wlan-view] rrm-profile name rrm-0
[AC-wlan-rrm-prof-rrm-0] sta-load-balance dynamic sta-number start-threshold 15
[AC-wlan-rrm-prof-rrm-0] sta-load-balance dynamic sta-number gap-threshold 25

# Alternatively, disable dynamic load balancing.

<AC> system-view
[AC] wlan
[AC-wlan-view] rrm-profile name rrm-0
[AC-wlan-rrm-prof-rrm-] undo sta-load-balance dynamic enable  //Disable dynamic load balancing.

Check whether the entered key is correct. If so, enter the correct key and connect the STA to the network again.
Check whether the key negotiation fails. If so, the air interface may be busy and packets are lost. You can attempt to connect the STA to the network for several times. If the fault persists, troubleshoot packet loss on the air interface by referring to STA Packet Loss (Wireless Side).

Check whether the STA obtains the correct IP address.

Run the display ip pool { interface interface-pool-name | name ip-pool-name } used command to check allocated IP addresses. Check whether the STA has obtained an IP address based on the MAC address.

<AC> display ip pool interface Vlanif100 used
  Pool-name      : Vlanif100
  Pool-No        : 4
  Lease          : 1 Days 0 Hours 0 Minutes
  Domain-name    : -
  DNS-server0    : -
  NBNS-server0   : -
  Netbios-type   : -
  Position       : Interface       Status           : Unlocked
  Gateway-0      : 10.1.1.2
  Network        : 10.1.0.0
  Mask           : 255.255.240.0
  VPN instance   : --
  Conflicted address recycle interval: -

 -----------------------------------------------------------------------------
         Start           End     Total  Used  Idle(Expired)  Conflict  Disable
 -----------------------------------------------------------------------------
        10.1.15.1     10.1.15.254  254     4       250(0)         0        0
 -----------------------------------------------------------------------------

  Network section :
  -----------------------------------------------------------------------
  Index              IP               MAC      Lease   Status
  -----------------------------------------------------------------------
   4085     10.1.15.246    dcd2-fc9a-c800       7375   Used
   4086     10.1.15.247    1047-80af-fbc0       7369   Used
   4087     10.1.15.248    dcd2-fcf4-6420       7929   Used
   4090     10.1.15.251    dcd2-fc22-d880       9368   Used
  -----------------------------------------------------------------------

Check whether the service VLAN is created and configured correctly. Ensure that the service VLAN is different from the management VLAN.

In direct forwarding mode
Check whether a service VLAN is created on the device deployed between the AP and gateway and whether the device allows packets from the service VLAN to pass through. If not, service VLAN packets fail to be forwarded.
In tunnel forwarding mode
If the DHCP server that assigns IP addresses to STAs is not an AC, check whether a service VLAN is created on the AC and whether the AC allows packets from the service VLAN to pass through. If not, service VLAN packets fail to be forwarded.

You are advised to use different VLANs for the management VLAN and service VLAN. The management VLAN and service VLAN can be the same only when the AP is configured with the management-vlan command in direct forwarding mode and no PVID is configured for the management VLAN on the interface connecting the access switch to the AP. In other scenarios, if the management VLAN is the same as the service VLAN, STAs cannot obtain IP addresses.

# Run the display vap-profile name profile-name command to check the service VLAN configuration.

<AC> display vap-profile name default
--------------------------------------------------------------------------------
Service mode                                    : enable
Type                                            : service
Forward mode                                    : direct-forward
mDNS centralized-control                        : disable
Offline management                              : disable
Service VLAN ID                                 : 101
Service VLAN Pool                               : -
.......
--------------------------------------------------------------------------------

# If the service VLAN is not correctly configured, run the following commands to configure the service VLAN. After the configuration is complete, enable the STA to connect to the WLAN and check whether the STA can obtain an IP address.

<AC> system-view
[AC] vlan 101
[AC-vlan101] wlan 
[AC-wlan-view] vap-profile name vap1
[AC-wlan-vap-prof-vap1] service-vlan vlan-id 101

# If a VLAN pool is configured as the service VLAN, check the VLAN pool configuration.

Check whether all VLANs are created in the VLAN pool.

Run the display vlan pool name pool-name command to check VLANs in the VLAN pool.

[AC] display vlan pool name sta_pool
--------------------------------------------------------------------------------
Name       : sta_pool
Total      : 6
Assignment : hash
VLAN ID    : 1050 to 1055
--------------------------------------------------------------------------------

Run the display vlan command to check the created VLANs on the device.

[AC] display vlan
* : management-vlan
---------------------
The total number of vlans is : 13
VLAN ID Type         Status   MAC Learning Broadcast/Multicast/Unicast Property
--------------------------------------------------------------------------------
1       common       enable   enable       forward   forward   forward default
10      common       enable   enable       forward   forward   forward default
20      common       enable   enable       forward   forward   forward default
100     common       enable   enable       forward   forward   forward default
101     common       enable   enable       forward   forward   forward default
102     common       enable   enable       forward   forward   forward default
103     common       enable   enable       forward   forward   forward default
104     common       enable   enable       forward   forward   forward default
105     common       enable   enable       forward   forward   forward default
107     common       enable   enable       forward   forward   forward default
111     common       enable   enable       forward   forward   forward default
120     common       enable   enable       forward   forward   forward default
400     common       enable   enable       forward   forward   forward default

Run the following command to create all VLANs in the VLAN pool. After the configuration is complete, enable the STA to connect to the WLAN and check whether the STA can obtain an IP address.
```
[AC] vlan batch 1050 to 1055
```
Check whether an interface on the intermediate network device (such as switch) through which packets from service VLANs are allowed to pass has allowed packets from all VLANs in the VLAN pool to pass through.
```
[Switch] interface GigabitEthernet 0/0/1
[Switch-GigabitEthernet0/0/1] display this
#
interface GigabitEthernet0/0/1
 port link-type trunk
 port trunk allow-pass vlan 100 to 500 1050 to 1054 
#
[Switch-GigabitEthernet0/0/1] port trunk allow-pass vlan 1055
```
After the configuration is complete, enable the STA to connect to the WLAN and check whether the STA can obtain an IP address.

Check DHCP configurations.

Check whether DHCP snooping is configured on the access switch.
Wireless user mobility is high. A user does not send a DHCP Release packet to release the IP address upon going offline. As a result, the number of DHCP snooping binding entries reaches the maximum, and new user cannot obtain the IP address.
```
<Switch> display dhcp snooping
  DHCP snooping global running information :
  DHCPv4 snooping                          : Enable
  DHCPv6 snooping                          : Enable
  Static user max number                   : 256
  Current static user number               : 0
  Dhcp user max number                     : 256     (default)
  Current dhcp user number                 : 256
```
By default, DHCP snooping is enabled on APs for wireless users. You are advised to delete the DHCP snooping configuration from the access switch. If a wired terminal is connected to the access switch and DHCP snooping must be enabled, you are advised to run the dhcp snooping enable no-user-binding command on the interface connected to an AP so that DHCP snooping binding entries are not generated for users connected to the interface.

Check whether the DHCP trusted interface is disabled on the AP's uplink interface. By default, this function is enabled.

Run the display wired-port-profile name profile-name command to check whether the DHCP trusted interface is disabled on the AP's uplink interface.

[AC] display wired-port-profile name wired
----------------------------------------------------------------------------
Port link profile             : wired
......
Port Tagged VLAN              : -
Port untagged VLAN            : 1
Port PVID VLAN                : -
User isolate mode             : disable
Traffic filter inbound(IPv4)  : -
Traffic filter outbound(IPv4) : -
DHCP trust port               : disable
......
----------------------------------------------------------------------------

Run the dhcp trust port command to enable the DHCP trusted interface on the AP's uplink interface. Enable the STA to connect to the network again and check whether the STA can obtain an IP address.

[AC] wlan
[AC-wlan-view] wired-port-profile name wired
[AC-wlan-wired-port-prof-wired] dhcp trust port
[AC-wlan-wired-port-prof-wired] quit
[AC-wlan-view] ap-group name default
[AC6605-wlan-ap-group-default] wired-port-profile wired gigabitethernet 0
[AC-wlan-view] quit

Check whether the DHCP server is correctly configured. If so, go to the next step.

You can configure the DHCP server in one of the following situations:

If the STA and DHCP server are located on the same network segment, the DHCP server can assign an IP address to the STA from an interface address pool. Run the following commands to configure an interface address pool on VLANIF 100.
```
[AC] dhcp enable
[AC] interface vlanif 100
[AC-Vlanif100] ip address 10.23.100.1 24
[AC6605-Vlanif100] dhcp select interface
[AC-Vlanif100] quit
```

If the STA and DHCP server are located on the same network segment, the DHCP server can assign an IP address to the STA from the global address pool. Run the following commands to configure global address pool pool1 and bind the address pool to VLANIF 100.

[AC] dhcp enable
[AC] interface vlanif 100
[AC6605-Vlanif100] ip address 10.23.100.1 24
[AC-Vlanif100] dhcp select global
[AC-Vlanif100] quit
[AC] ip pool pool1
[AC6605-ip-pool-pool1] gateway-list 10.23.100.1
[AC-ip-pool-pool1] network 10.23.100.0 mask 24
[AC-ip-pool-pool1] quit

If the STA and DHCP server are located on different network segments, the DHCP server must assign an IP address to the STA from the global address pool and DHCP relay must be configured on a relay agent.

Configurations on the DHCP server:

[AC] dhcp enable
[AC] interface vlanif 100
[AC6605-Vlanif100] ip address 10.23.100.1 24
[AC-Vlanif100] dhcp select global  //The DHCP server is configured to assign IP addresses from the global address pool.
[AC6605-Vlanif100] quit
[AC] ip pool pool1
[AC6605-ip-pool-pool1] gateway-list 10.23.200.1  //The STA's gateway address is configured as the IP address of the relay agent.
[AC-ip-pool-pool1] network 10.23.200.0 mask 24
[AC6605-ip-pool-pool1] quit

Configuration on the DHCP relay agent (assume that a switch is configured as the DHCP relay agent):

[Switch] interface vlanif 200
[Switch-Vlanif200] ip address 10.23.200.1 24
[Switch-Vlanif200] dhcp select relay  //This command enables the DHCP relay function. If this function is disabled, enable it.
[Switch-Vlanif200] dhcp relay server-ip 10.23.100.1  //This command specifies an IP address for the DHCP server. If the IP address of a DHCP server is not specified or is incorrect, DHCP Request packets cannot be forwarded to the DHCP server. As a result, STAs cannot obtain IP addresses.
[Switch-Vlanif200] quit

Check whether there are available IP addresses in the DHCP address pool.
Run the display ip pool command to check whether there are available IP addresses in the address pool.
```
[AC6605] display ip pool interface Vlanif100
  Pool-name        : Vlanif100
  Pool-No          : 0
  Lease            : 1 Days 0 Hours 0 Minutes
  Domain-name      : -
  DNS-server0      : -
  NBNS-server0     : -
  Netbios-type     : -
  Position         : Interface       Status             : Unlocked
  Gateway-0        : -
  Network          : 10.23.100.0
  Mask             : 255.255.255.0
  Logging          : Disable
  Conflicted address recycle interval: -
  Address Statistic: Total       :253       Used        :253
                     Idle        :0         Expired     :0
                     Conflict    :0         Disabled    :0
-------------------------------------------------------------------------------
  Network section
         Start           End       Total    Used Idle(Expired) Conflict Disabled
 -------------------------------------------------------------------------------
   10.23.100.2   10.23.100.254     253       253        0(0)       0     0
 -------------------------------------------------------------------------------
```
If the value of Idle(Expired) is 0(0), no IP address is available in the address pool. You can run the network ip-address [ mask { mask | mask-length } ] command in the IP address pool view to extend the available IP address range of the IP address pool, or run the lease { day day [ hour hour [ minute minute ] ] | unlimited } command in the IP address pool view (or the dhcp server lease { day day [ hour hour [ minute minute ] ] | unlimited } command in the interface address pool view) to set a shorter IP address lease.

The lease and dhcp server lease commands take effect only for STAs who go online after the commands are executed. Existing online STAs can use IP addresses with the new lease only after going online again or successfully renewing the lease. Otherwise, these STAs can still use IP addresses with the old lease.

After idle IP addresses are released, enable the STA to connect to the network again and check whether the STA can obtain an IP address.
Check whether the DHCP server has been restarted and whether the address pool is cleared.
Run the display reset-reason command to check whether the DHCP server has been restarted.
```
[AC] display reset-reason
The MPU frame[0] board[0]'s reset total 9, detailed information:
--  1. 2016-05-17   14:48:41, Reset No.: 3
       Reason: Reset by user command
--  2. 2016-05-17   09:45:04, Reset No.: 2
       Reason: Reset by user command
--  3. 2016-05-16   09:26:42, Reset No.: 1
       Reason: Reset forpower off
```
Run the display history-command command to check whether the IP address pool has been cleared.
```
[AC] display history-command
  reset ip pool name 1
  display history-command
  display reset-reason
```
If the DHCP server has been restarted or the address pool information has been cleared, client information in the address pool may be lost. As a result, the DHCP server does not respond when a DHCP client goes online in two steps. In this case, you can set a fixed IP address for the DHCP client and then configure the client to obtain an IP address through DHCP, enabling the DHCP client to go online in four steps.

Check whether the link between a STA and the DHCP server is normal.
1. Check whether the gateway learns the MAC address entry of the STA.
  Run the display mac-address mac-address command on the gateway to check the MAC address in an entry.
  - If an entry is displayed in the command output, the gateway can learn the MAC address entry of the STA and the link between the STA and gateway is normal. If a DHCP relay agent exists on the network, check whether the link between the DHCP relay agent and DHCP server is normal. If no DHCP relay agent exists on the network, check whether the WLAN and DHCP configurations are correct.
```
<Huawei> display mac-address 14d6-4da7-3725
-------------------------------------------------------------------------------
MAC Address    VLAN/VSI                          Learned-From        Type
-------------------------------------------------------------------------------
14d6-4da7-3725    4094/-                  GE0/0/1                    dynamic
-------------------------------------------------------------------------------
Total items displayed = 1
```
  - If no entry is displayed in the command output, the gateway cannot learn the MAC address entry of the STA and the link between the STA and gateway is disconnected.
```
<Huawei> display mac-address 14d6-4da7-3725
-------------------------------------------------------------------------------
MAC Address    VLAN/VSI                          Learned-From        Type
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
Total items displayed = 0
```
2. Check whether the link between the DHCP relay agent and the DHCP server is normal.
  Use the IP address of the DHCP relay agent as the source IP address to ping the DHCP server.
```
<Huawei> ping -a 192.168.1.3 192.168.2.1
  PING 192.168.1.3: 56  data bytes, press CTRL_C to break
    Request time out
    Request time out
    Request time out
    Request time out
    Request time out
  --- 192.168.1.3 ping statistics ---
    5 packet(s) transmitted
    0 packet(s) received
    100.00% packet loss
```
  - If the ping operation succeeds, the DHCP relay agent and DHCP server are routable to each other. Check whether the WLAN and DHCP configurations are correct.
  - If the ping operation fails, the DHCP relay agent and DHCP server are unroutable to each other. In this case, check and add the route between the DHCP relay agent and DHCP server.

Check whether the channel utilization of the AP is within a proper range. In normal cases, the channel utilization is lower than 80%. If the channel utilization exceeds 85%, packet transmission over the air interface will be affected, and STAs cannot connect to the network. In this case, check the air interface interference, traffic on the AP's Ethernet interface, and the number of broadcast and multicast packets. Find out the causes of high channel utilization and perform channel calibration accordingly. Rectify the fault by referring to the handling procedure for high channel utilization in STA Packet Loss (Wireless Side).

[AC6005-wlan-view] display radio ap-id 0
CH/BW:Channel/Bandwidth  
CE:Current EIRP (dBm)  
ME:Max EIRP (dBm)  
CU:Channel utilization  
ST:Status  
WM:Working Mode (normal/monitor/monitor dual-band-scan/monitor proxy dual-band-scan)  
------------------------------------------------------------------------------------  
AP ID Name            RfID  Band  Type    ST  CH/BW    CE/ME   STA     CU    WM  
------------------------------------------------------------------------------------  
0     60de-4474-9640  0     2.4G  bgn     on  6/20M    24/24   0       55%   normal   
0     60de-4474-9640  1     5G    an      on  56/20M   25/25   0       13%   normal  
------------------------------------------------------------------------------------  
Total:2

Check whether an SSID contains special characters.
Some STAs may fail to identify special characters. As a result, the STAs cannot discover signals or fail to connect to the network. In this case, check whether the SSID contains special characters.
Check whether the STA fails to discover radio signals. If so, rectify the fault by referring to A STA Cannot Detect Wi-Fi Signals.

In scenarios where services are running after the AP is offline, check whether the timeout period of the CAPWAP link between the AP and AC is too long.

In such scenarios, after the link between the AC and AP is disconnected, the offline service holding function is not triggered before the CAPWAP heartbeat packet times out. As a result, services are interrupted.

Run the display capwap configuration command to check the values of Echo interval(seconds) and Echo times. If they are too large, adjust them properly.

[AC] display capwap configuration
 ---------------------------------------------------------------
 Source interface IPv4                            : vlanif10
 Source interface IPv6                            : -
 Source IPv4 address                              : -
 Source IPv6 address                              : -
 Echo interval(seconds)                           : 25
 Echo times                                       : 6
......
 ---------------------------------------------------------------

Check whether authentication is repeatedly enabled on intermediate devices in authentication scenarios.
Check whether the authentication server is correctly configured.
Common problems for the authentication server include:
- DHCP address pool configuration
- Authentication server configuration
Check whether the authentication server is correctly configured based on site requirements.

Check whether the AP with which the STA is associated is contained by devices on other networks.

In the diagnostic view of the AP, check whether BSSIDs of other networks around the AP can be detected. If there are BSSIDs of other networks and the AP cannot access the network, the AP may be contained by other devices. Add the AP to the whitelists of other networks and check whether the AP can go online.

In V200R019C00 and earlier versions:

[AP-diagnose] display wifi scan-entry radio 0 vap 0  
max_count:1024  age_time:60  current_count:257
scan entry are:  
---------------------------------------------------------------- 
MAC              RSSI CHANNEL SSID  
---------------------------------------------------------------- 
1C20-DB7D-DBA0   -39  11      HUAWEI-DBA0 Cnt: 737878
244C-0750-CB00   -45  1       HUAWEI-CB00 Cnt: 292495
...

In V200R019C10 and later versions:

[AP-diagnose] display umac calibrate neighbor info radio 1 all
---------------------------------------------------------------------
BSSID           Channel  RSSI(dBm)  SSID
---------------------------------------------------------------------
c4a4-0280-3870  64       -62        30006881
---------------------------------------------------------------------
Total: 1

Collect fault information.

STA's MAC address: xxxx-xxxx-xxxx
Collect AC version information.
```
[AC-diagnose] vrbd
```
Collect AC configuration information.
```
<AC> display current-configuration
```
Collect AP version information.
```
[Huawei-diagnose] vrbd
```
Check records of STA login failure on the AC.
```
<AC> display station online-fail-record all
```

Collect diagnostic information about the AP.

<Huawei> display diagnostic-information saved-file 
<Huawei> display diagnostic-information

Collect trace information associated with the AP.

In V200R019C00 and earlier versions:

[Huawei-diagnose] display wifi sta-trace-info
<Huawei> more trace_info.txt

In V200R019C10:

[Huawei-diagnose] display umac sta-trace-info

Collect high-end memory information about the AP (in V200R019C00 and earlier versions).

[Huawei-diagnose] display kernel-logbuf record-range 1
[Huawei-diagnose] display kernel-logbuf record-range 2
[Huawei-diagnose] display kernel-logbuf record-range 3

If the problem persists for a long time, run the following commands to export logs on the AP or AC.

<fce3-3cb6-47e0> save logfile 
[fce3-3cb6-47e0-diagnose] save diag-logfile 
<fce3-3cb6-47e0> cd logfile/ 
<fce3-3cb6-47e0> dir
Directory of flash:/logfile/

  Idx  Attr     Size(Byte)  Date        Time(LMT)  FileName 
    0  -ro-      1,113,850  Aug 31 2015 11:26:57   2015-08-31.12-29-00.dblg
    1  -ro-      1,113,970  Aug 31 2015 19:45:02   2015-08-31.23-14-59.dblg
    2  -ro-      1,113,920  May 06 2016 08:42:07   2016-05-06.08-47-07.dblg
    3  -ro-      1,113,472  May 11 2016 16:19:54   2016-06-09.17-15-52.dblg
    4  -ro-      1,114,104  Jun 14 2016 17:55:56   2016-06-14.18-29-52.dblg
    5  -ro-      1,114,031  Jun 14 2016 22:22:06   2016-06-14.22-54-08.dblg
    6  -ro-      1,113,835  Jun 17 2016 17:29:24   2016-06-17.18-08-54.dblg
    7  -ro-      1,113,843  Jun 17 2016 20:34:50   2016-06-17.20-47-59.dblg
    8  -ro-      1,113,743  Jun 22 2016 20:06:19   2016-06-22.20-50-06.dblg
    9  -ro-      1,113,271  Jun 28 2016 16:58:37   2016-06-28.19-58-45.dblg
   10  -ro-      1,113,494  Jun 29 2016 17:33:23   2016-06-29.18-32-36.dblg
   11  -ro-      1,113,824  Jun 30 2016 01:22:38   2016-06-30.02-19-21.dblg
   12  -ro-      1,113,773  Jun 30 2016 09:10:31   2016-06-30.10-09-39.dblg
   13  -ro-      1,125,418  Jun 30 2016 09:26:03   2016-06-30.12-25-03.log
   14  -ro-      1,113,801  Jul 11 2016 09:59:38   2016-07-11.10-13-26.dblg
   15  -ro-      1,113,732  Jul 13 2016 15:41:02   2016-07-13.15-54-31.dblg
   16  -ro-      1,129,531  Jul 13 2016 19:55:33   2016-07-15.10-37-46.dblg
   17  -ro-      1,113,787  Nov 26 2018 21:54:45   2018-11-27.01-02-52.dblg
   18  -ro-      1,113,604  Nov 27 2018 22:56:38   2018-11-28.00-20-24.dblg
   19  -ro-      1,113,723  Nov 28 2018 07:37:57   2018-11-28.08-40-58.dblg
   20  -ro-      1,113,744  Nov 28 2018 15:14:40   2018-11-28.16-10-55.dblg
   21  -rw-        384,570  Jul 19 2016 10:07:11   log.dblg
   22  -rw-        681,533  Jul 19 2016 10:06:57   log.log

11,144 KB total (1,512 KB free)

You must log in to the AP to collect AP logs.

In V200R008C10 and later versions, you only need to run the save logfile command to save logs. After the logs are saved, use FTP or TFTP to export the log files with the extension name .log and .dblg in the corresponding time period.

Information collection is mainly performed in the diagnostic view. To enter the diagnostic view, run the following commands.

<Huawei> system-view                                                               
[Huawei] diagnose

Symptom
Possible Causes
Troubleshooting Procedure

Translation

简体中文

Download

Updated: 2023-06-02

Document ID: EDOC1000060368

Downloads: 5813

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode

Enterprise

Huawei Cloud

Carrier

Consumer

Corporate

Symptom

Possible Causes

Troubleshooting Procedure

Related Version

Related Documents

Digital Signature File