Only a few user’s notebook computer of the whole student dormitory building can associate with AP normally, other user’s notebook can’t correlate with AP successful.
Positioning and processing according to the reasons may cause user can not be associated:
1, check AC configuration, confirm data configuration is correct.
2, change AP, problems still exist.
3, AP on even the equipment long ping AC has no problem, ensure that physical link has no problem.
4, check POE switch port luminous situation, belongs to the normal range, to ensure that optical fiber is no problem.
5, check the IP address the user has accessed, ruled out the factors the user can't get IP address lead to can’t associate.
6, check AP set encryption related configuration, used WAP2 - PSK way, and in the global mode increased “dot1x enable” and “dot1x MAC-control command”, the allocation is right.
7, use software WirelessMon test AP signal strength is -50 db or so, in the threshold value range, ruled out room subsystem reasons or antenna reason or AP reason.
8, analysis the AP interference between network: use tool WirelessMon scan the environment signal distribution, no noticeable interference, AP peripheral also not installed other wireless devices.
9, use capture tool grab lip correlation message, found that the interaction message between AP and AC has some multicast packets, may lead to AP cannot normal association. Therefore, add “igmp snooping” configuration under the ess configuration, change the broadcast and multicast package into unicast.
10, through the capture tool grasping the package of the interface interconnected with AP, there are a large number of attack DNS radio message whose source address is 192.168.0.1, doubt is caused by virus, radio message tied up a lot of bandwidth affected the normal work of the AP interaction message. Therefore, in the upstream and downstream port of the convergent switches and POE exchange do a radio inhibition configuration, “broadcast suspension packets 15”, in all POE switch upstream ports do radio inhibition configuration, “broadcast suspension 15”. Configure ACL in the POE corresponding downstream port, stop 192.168.0.1 to send broadcast message.
The possible reasons which cause the users can't correlation are as followings:
1, AC related configuration has problem, cause AP can't online normally in the AC.
2, terminal compatibility problem, can try to change AP.
3, can use the AP even equipment long ping AC to judge the link continuity of the AP even the equipment to AC.
4, POE exchange luminescence is not in normal range.
5, users unable to get IP address, lead to can't association.
6, AP set encryption related configuration is correct or not: encryption misconfiguration can cause the user can't associate. If you use WAP2 - PSK, need add two command in the global mode: dot1x enable, dot1x MAC - control, if set WEP, need add ssid and must set up related key in the user terminal. To WAP2 need to look at other network element whether do configuration.
7, AP signal strength is not in the scope of threshold value: the signal strength is too high or too low will lead to user can not be linked, general requires wlan signal intensity between -40 dB and -65dB, need adjust power smaller when signal intensity is high. When the signal intensity is too small, need to check the reasons, it may be the room subsystem reason, antenna reason or the AP reason.
8, there is a big interference between the AP in the network: need to use wirelessmon tools scanning the environment signal distribution, making sure that no obvious disturbance, demanding around other co-channel AP strength is below - 80 db. If don't meet, need to adjust the ap channel or turn down the ap power, in addition, also need to check the other wireless equipment interference surrounding ap, such as camera etc.
9,There are a lot of lip broadcast or multicast package between AP and AC interaction message may also cause AP cannot normal association: need to add “igmp snooping” configuration under the ess configuration, change the broadcast and multicast package into unicast.
10, confirm whether the network and ap Internet interface package has abnormal attack message or radio message, leading to ascending interface bandwidth be blocked, cause ap cannot associate normally.
In order to prevent the problem that the network appears radio message tied up a lot of bandwidth and then affect normal interaction message, the best way is configure the “igmp mode” as snooping when start the configuration and create ess in AC, , can make the multicast wrapped to unicast in AP, reduce the number of message. In addition, in the wlan network, convergent switches and POE switch’s downstream ports have to do second port isolation. In the upstream and downstream ports of gathering switches and POE exchange need do a radio inhibition configuration.