Wi-Fi signals are unstable and are frequently interrupted

 The customer reported that the wireless network was unstable. After the PC was connected to the AP, the Wi-Fi connection is disconnected after a period of time and need 10s to 30s for recovery.

Networking overview:

1. Billing server is a third-party product that functions as a RADIUS server.

2. The S9700 connects to the MAN through OSPF. All service gateways are on the S9700. The ACU2 is connected to the MAN. All 802.1X authentication is configured on the ACU2.

3. The Billing server is associated with the AD server. All customer authentication information is configured on the AD server, which owned by customers themselves.

4. XX-staff uses 802.1x authentication, and XX-guest uses password authentication.

Networking topology:

Configuration script:

ACU2 brief configuration:

interface Vlanif100
 mtu 1400
 ip address 10.x.x.147 255.255.255.240
#
interface Vlanif1121
 ip address 10.x.x.2 255.255.252.0
#
interface MEth0/0/1
 ip address x.x.1.1 255.255.0.0
#
interface Eth-Trunk0
 port link-type trunk
 port trunk allow-pass vlan 100 to 101
#

interface XGigabitEthernet0/0/1
 eth-trunk 0
#
interface XGigabitEthernet0/0/2
 eth-trunk 0

#
ip route-static 0.0.0.0 0.0.0.0 10.x.x.158
#
capwap source ip-address 10.x.x.147
#

security-profile name wlan-802.1x-xx-stuff
  security wpa2 dot1x aes

#

ssid-profile name wlan-ssid-xx-guest
  ssid xx-guest
ssid-profile name wlan-ssid-xx-staff
  ssid xx-staff

vap-profile name xx-staff
  service-vlan vlan-id 1120
  ssid-profile wlan-ssid-xx-staff
  security-profile wlan-802.1x-xx-stuff
  authentication-profile xx

vap-profile name wlan-ssid-xx-guest
  service-vlan vlan-id 1121
  ssid-profile wlan-ssid-xx-guest
  security-profile wlan-security-xx-guest

rrm-profile name xxx
  band-steer balance start-threshold 15
  band-steer balance gap-threshold 25
  smart-roam enable

radio-2g-profile name radio2g_xxx
  rrm-profile xx
  air-scan-profile xx

radio-5g-profile name radio5g_xx
  rrm-profile xx
  air-scan-profile xx 

ap-group name xx
  regulatory-domain-profile domain_xx
  radio 0
   radio-2g-profile radio2g_xx
   vap-profile xx-staff wlan 1 
   vap-profile wlan-ssid-xx-guest wlan 2 
  radio 1
   radio-5g-profile radio5g_xx
   vap-profile xx-staff wlan 1
   vap-profile wlan-ssid-xx-guest wlan 2

S9700 brief configuration:
#
ip pool guest
 gateway-list 10.x.x.1
 network 10.x.x.0 mask 255.255.252.0
 dns-list 10.x.x.11 8.8.8.8
#
ip pool ap
 gateway-list 10.x.x.1
 network 10.x.x.0 mask 255.255.254.0
 dns-list 10.x.x.11 4.2.2.2 8.8.8.8
 option 43 sub-option 3 ascii 10.x.x.147
#
interface Vlanif1110
 description management
 ip address 10.x.x.1 255.255.254.0
 dhcp select global
#
interface Vlanif1120
 description xx staff
 ip address 10.x.x.1 255.255.252.0
 dhcp select global
#
interface Vlanif1121
 description guest
 ip address 10.x.x.1 255.255.252.0
 dhcp select interface
 dhcp server lease day 0 hour 4 minute 0
 dhcp server dns-list 8.8.8.8 10.x.x.11
#
interface Vlanif1342
 description xx
 ip address 10.x.x.74 255.255.255.252
#

interface Eth-Trunk1
 description to xxx
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 1110 1120 to 1121
#
ospf 2
 area 0.0.0.0
  network 10.x.x.1 0.0.0.0
  network 10.x.x.1 0.0.0.0
  network 10.x.x.1 0.0.0.0
  network 10.x.x.1 0.0.0.0
  network 10.x.x.74 0.0.0.0
#
ip route-static 0.0.0.0 0.0.0.0 10.x.x.73

#

S5700 brief configuration:

#
interface Vlanif1110
 ip address 10.x.x.8 255.255.254.0
#
interface Eth-Trunk7
 description to xxx
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 1110 1120 to 1121
#
interface GigabitEthernet0/0/1
 description to xxx
 port link-type trunk
 port trunk pvid vlan 1110
 port trunk allow-pass vlan 400 1110 1120 to 1121
 port-isolate enable group 1
#
interface GigabitEthernet0/0/2
 description to xxx
 port link-type trunk
 port trunk pvid vlan 1110
 port trunk allow-pass vlan 400 1110 1120 to 1121
 port-isolate enable group 1
#

Fault symptom:

1. Record the MAC address of the AP and check the related information. It is found that the online time of the AP is incorrect. The AP may be restarted and the power supply is normal.

<X-X-ACU2-WLAN-1>display ap all | in 642

Total AP information:

cfg: config [2]

cmt: committing [3]

fault: fault [80]

idle: idle [10]

nor: normal [635]

-------------------------------------------------------------------------------------------------------------------

ID MAC Name Group IP Type State STA Uptime

-------------------------------------------------------------------------------------------------------------------

642 X-4bac-e8c0 XX-ANNEX2-0-AP-B052 XX - AP6010DN-AGN fault 0 -

-------------------------------------------------------------------------------------------------------------------

Total: 730

<X-X-ACU2-WLAN-1>display ap all | in 642

Total AP information:

cmt: committing [1]

fault: fault [70]

idle: idle [10]

nor: normal [649]

-------------------------------------------------------------------------------------------------------------------

ID MAC Name Group IP Type State STA Uptime

-------------------------------------------------------------------------------------------------------------------

642 X-4bac-e8c0 XX-ANNEX2-0-AP-B052 XX 10.2.70.83 AP6010DN-AGN nor 3 2M:26S

-------------------------------------------------------------------------------------------------------------------

2. Use ping to check the Reachability of S9700 to AP, the intermittent disconnection phenomenon occur:

Request time out

Request time out

Request time out

Request time out

Request time out

Request time out

Reply from 10.2.70.83: bytes=56 Sequence=43 ttl=251 time=1 ms

Reply from 10.2.70.83: bytes=56 Sequence=44 ttl=251 time=1 ms

Reply from 10.2.70.83: bytes=56 Sequence=45 ttl=251 time=1 ms

Reply from 10.2.70.83: bytes=56 Sequence=46 ttl=251 time=4 ms

Reply from 10.2.70.83: bytes=56 Sequence=368 ttl=251 time=1 ms

Reply from 10.2.70.83: bytes=56 Sequence=369 ttl=251 time=2 ms

Reply from 10.2.70.83: bytes=56 Sequence=370 ttl=251 time=1 ms

Reply from 10.2.70.83: bytes=56 Sequence=371 ttl=251 time=1 ms

Reply from 10.2.70.83: bytes=56 Sequence=372 ttl=251 time=1 ms

Request time out

Request time out

Request time out

Request time out

3. Check the offline information of the AP. It is found that many AP heartbeat messages are lost. As a result, the online time is abnormal.

<X-X-ACU2-WLAN-1>display ap offline-record all

------------------------------------------------------------------------------

MAC Last offline time Reason

------------------------------------------------------------------------------

x-4bad-13e0 2018-02-23/11:10:05 Echo timeout

x-aaca-39c0 2018-02-23/11:10:05 Echo timeout

x-aaca-41c0 2018-02-23/11:10:04 Echo timeout

x-9805-b100 2018-02-23/11:10:03 Echo timeout

x-4bac-e260 2018-02-23/11:10:03 Echo timeout

x-4bad-0400 2018-02-23/11:10:03 Echo timeout

x-4bac-f840 2018-02-23/11:10:02 Echo timeout

x-9805-b480 2018-02-23/11:10:01 Echo timeout

x-4bac-f5e0 2018-02-23/11:10:00 Echo timeout

x-aaca-3e40 2018-02-23/11:09:55 Echo timeout

====================================================

4. Check the topology change of the STP. It is found that the topology changes frequently. In addition, check the ARP of the AP. It is found that there is no ARP information about the AP.

<XX-WLAN-Core-SW-S9700>display stp topology-change 

 CIST topology change information

Number of topology changes :611

Time since last topology change :0 days 0h:0m:16s

Topology change initiator(notified) :Eth-Trunk14

Topology change last received from :x-4b15-3c71

Number of generated topologychange traps: 55

Number of suppressed topologychange traps: 9

<XX-WLAN-Core-SW-S9700>dis arp | in 10.2.70.83

IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE

VLAN/CEVLAN

------------------------------------------------------------------------------

------------------------------------------------------------------------------

Total:712 Dynamic:707 Static:0 Interface:5

<XX-WLAN-Core-SW-S9700>dis arp | in 10.2.70.83

IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE

VLAN/CEVLAN

------------------------------------------------------------------------------

------------------------------------------------------------------------------

Total:730 Dynamic:725 Static:0 Interface:5

<XX-WLAN-Core-SW-S9700>dis arp | in 10.2.70.83

IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE

VLAN/CEVLAN

------------------------------------------------------------------------------

------------------------------------------------------------------------------

Total:736 Dynamic:731 Static:0 Interface:5

<XX-WLAN-Core-SW-S9700>dis arp | in 10.2.70.83

IP ADDRESS MAC ADDRESS EXPIRE(M) TYPE INTERFACE VPN-INSTANCE

VLAN/CEVLAN

------------------------------------------------------------------------------

------------------------------------------------------------------------------

Total:711 Dynamic:706 Static:0 Interface:5

5. Find the port that causes the topology change. It is found that the GigabitEthernet0/0/2 port on a switch is frequently up/down..

[XX-WLAN-Core-SW-S9700]display stp topology-change  

 CIST topology change information

Number of topology changes :612

Time since last topology change :0 days 0h:0m:43s

Topology change initiator(notified) :Eth-Trunk14

Topology change last received from :x-6144-1751

Number of generated topology change traps: 55

Number of suppressed topology change traps: 9

====================================================

<XX-Annex3-WLAN-ACC-A334_link_S5700>display logbuffer

Logging buffer configuration and contents: enabled

Allowed max buffer size: 1024

Actual buffer size: 512

Channel number: 4, Channel name: logbuffer

Dropped messages: 0

Overwritten messages: 6700

Current messages: 512

Feb 23 2018 19:46:22 XX-Annex3-WLAN-ACC-A334_link_S5700%%01IFPDT/4/IF_STATE(l)[0]:Interface GigabitEthernet0/0/2 has turned into UP state.

Feb 23 2018 19:45:42 XX-Annex3-WLAN-ACC-A334_link_S5700%%01IFPDT/4/IF_STATE(l)[1]:Interface GigabitEthernet0/0/2 has turned into DOWN state.

Feb 23 2018 19:45:36 XX-Annex3-WLAN-ACC-A334_link_S5700%%01IFPDT/4/IF_STATE(l)[2]:Interface GigabitEthernet0/0/2 has turned into UP state.

Feb 23 2018 19:44:51 XX-Annex3-WLAN-ACC-A334_link_S5700%%01IFPDT/4/IF_STATE(l)[3]:Interface GigabitEthernet0/0/2 has turned into DOWN state.

Feb 23 2018 19:44:47 XX-Annex3-WLAN-ACC-A334_link_S5700%%01IFPDT/4/IF_STATE(l)[4]:Interface GigabitEthernet0/0/2 has turned into UP state.

Feb 23 2018 19:44:05 XX-Annex3-WLAN-ACC-A334_link_S5700%%01IFPDT/4/IF_STATE(l)[5]:Interface GigabitEthernet0/0/2 has turned into DOWN state.

Feb 23 2018 19:44:05 XX-Annex3-WLAN-ACC-A334_link_S5700%%01IFPDT/4/IF_STATE(l)[6]:Interface GigabitEthernet0/0/2 has turned into UP state.

Feb 23 2018 19:43:28 XX-Annex3-WLAN-ACC-A334_link_S5700%%01IFPDT/4/IF_STATE(l)[7]:Interface GigabitEthernet0/0/2 has turned into DOWN state.

Feb 23 2018 19:43:27 XX-Annex3-WLAN-ACC-A334_link_S5700%%01IFPDT/4/IF_STATE(l)[8]:Interface GigabitEthernet0/0/2 has turned into UP state.

Feb 23 2018 19:42:57 XX-Annex3-WLAN-ACC-A334_link_S5700%%01IFPDT/4/IF_STATE(l)[9]:Interface GigabitEthernet0/0/2 has turned into DOWN state.

Feb 23 2018 19:42:51 XX-Annex3-WLAN-ACC-A334_link_S5700%%01IFPDT/4/IF_STATE(l)[10]:Interface GigabitEthernet0/0/2 has turned into UP state.

Feb 23 2018 19:42:13 XX-Annex3-WLAN-ACC-A334_link_S5700%%01IFPDT/4/IF_STATE(l)[11]:Interface GigabitEthernet0/0/2 has turned into DOWN state.

Feb 23 2018 19:42:13 XX-Annex3-WLAN-ACC-A334_link_S5700%%01IFPDT/4/IF_STATE(l)[12]:Interface GigabitEthernet0/0/2 has turned into UP state.

Feb 23 2018 19:41:40 XX-Annex3-WLAN-ACC-A334_link_S5700%%01IFPDT/4/IF_STATE(l)[13]:Interface GigabitEthernet0/0/2 has turned into DOWN state.

Feb 23 2018 19:41:35 XX-Annex3-WLAN-ACC-A334_link_S5700%%01IFPDT/4/IF_STATE(l)[14]:Interface GigabitEthernet0/0/2 has turned into UP state.

Feb 23 2018 19:41:06 XX-Annex3-WLAN-ACC-A334_link_S5700%%01IFPDT/4/IF_STATE(l)[15]:Interface GigabitEthernet0/0/2 has turned into DOWN state.

Feb 23 2018 19:41:01 XX-Annex3-WLAN-ACC-A334_link_S5700%%01IFPDT/4/IF_STATE(l)[16]:Interface GigabitEthernet0/0/2 has turned into UP state.

6. Close the GigabitEthernet0/0/2. The fault is rectified.

The network cable is faulty. As a result, the port is abnormal, and the port UP/down causes the topology change frequently. As a result, the ARP table is refreshed and the AP response times out, the AP signals are unstable and the network is disconnected.

Add edge ports to each switch port connected to the AP to prevent port problems from affecting the entire network.