我目前的设置:
- 广播了两个 SSID
- SSID 1(airlan)配置了dot1X和动态vlan关联
- 带有 PSK 和静态 vlan 的 SSID 2 (prv)
我已经认识到,每隔 60 秒,第二个 SSID 上的设备就会与 AP 断开连接。经过一番调查,我发现 60 秒是非 aironet 设备的默认活动超时。增加此超时会增加它们按预期断开连接的时间间隔。这似乎解决了一些设备在几小时或几天后停止重新连接的问题。但我不认为那是理想的解决方案。
连接到第一个 SSID (airlan) 的设备从来没有出现过这个问题,比较“show dot11 association xxxx.xxxx.xxx”给出的信息显示,在第二个 SSID 上,“Last Activity”计数器不断增加,而在第一个它重置时当活动发生时。AP 似乎无法识别活动(无论 Cisco 将活动定义为什么)。
这是固件错误还是我可以做一些不同的事情来解决这种情况?
硬件信息
(我知道,有两个较新的图像,但我目前无法访问)
air4#show hardware
Cisco IOS Software, C1600 Software (AP1G2-K9W7-M), Version 15.2(2)JB, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 11-Dec-12 04:30 by prod_rel_team
ROM: Bootstrap program is C1600 boot loader
BOOTLDR: C1600 Boot Loader (AP1G2-BOOT-M) LoaderVersion 15.2(2)JAX, RELEASE SOFTWARE (fc1)
air4 uptime is 1 day, 7 hours, 16 minutes
System returned to ROM by power-on
System restarted at 14:11:45 MET-DST Fri Sep 20 2013
System image file is "flash:/ap1g2-k9w7-mx.152-2.JB/ap1g2-k9w7-mx.152-2.JB"
Last reload reason:
cisco AIR-SAP1602E-E-K9 (PowerPC) processor (revision A0) with 98294K/32768K bytes of memory.
Processor board ID FGL1710ZCBU
PowerPC CPU at 533Mhz, revision number 0x2151
Last reset from power-on
1 Gigabit Ethernet interface
2 802.11 Radios
32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:06:F6:21:XX:XX
Part Number : 73-14508-04
PCA Assembly Number : 000-00000-00
PCA Revision Number :
PCB Serial Number :
Top Assembly Part Number : -01
Top Assembly Serial Number :
Top Revision Number :
Product/Model Number : AIR-SAP1602E-E-K9
运行配置
Current configuration : 5150 bytes
aaa session-id common
clock timezone met 1 0
clock summer-time MET-DST recurring last Sun Mar 2:00 last Sun Oct 3:00
no ip igmp snooping
ip cef
ip name-server 10.0.1.254
!
!
dot11 syslog
dot11 activity-timeout unknown default 3000
!
dot11 ssid airlan
vlan 5
authentication open eap eap_methods
authentication key-management wpa version 2
accounting eap_acct_methods
mbssid guest-mode
!
dot11 ssid prv
vlan 60
authentication open
authentication key-management wpa version 2
mbssid guest-mode
wpa-psk ascii 7 070E274A4B07125503080E1C163C
!
!
dot11 network-map
dot11 arp-cache optional
crypto pki token default removal timeout 0
!
!
username Cisco password 7 05280F1C2243
!
!
ip ssh version 2
bridge irb
!
!
!
interface Dot11Radio0
no ip address
!
encryption vlan 6 mode ciphers aes-ccm
!
encryption vlan 5 mode ciphers aes-ccm
!
encryption vlan 4 mode ciphers aes-ccm
!
encryption vlan 60 mode ciphers aes-ccm
!
encryption mode ciphers aes-ccm
!
ssid airlan
!
ssid prv
!
countermeasure tkip hold-time 0
antenna gain 0
stbc
beamform ofdm
mbssid
no preamble-short
station-role root
no dot11 extension aironet
world-mode dot11d country-code DE both
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.4
encapsulation dot1Q 4
bridge-group 4
bridge-group 4 subscriber-loop-control
bridge-group 4 spanning-disabled
bridge-group 4 block-unknown-source
no bridge-group 4 source-learning
no bridge-group 4 unicast-flooding
!
interface Dot11Radio0.5
encapsulation dot1Q 5
bridge-group 5