04-30-2015 07:59 AM - edited 07-05-2021 03:07 AM
We have a AP 2700 and we are using wpa2-psk (AES) but must of the client are having disconnection problems.
And we would like to test WPA-PSK [TKIP] . Here is he current config.
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Office
!
!
logging rate-limit console 9
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
clock timezone -0500 -5 0
clock summer-time -0400 recurring
no ip source-route
no ip cef
ip domain name naranjo.com
ip name-server 8.8.8.8
ip name-server 4.2.2.2
!
!
!
!
dot11 syslog
!
dot11 ssid CIP2.4Ghz
vlan 1
authentication open
authentication key-management wpa version 2
guest-mode
wpa-psk ascii 7 132348071F0409232A292164657243
!
dot11 ssid CIP5.0Ghz
vlan 1
authentication open
authentication key-management wpa version 2
guest-mode
wpa-psk ascii 7 10AC460C333F1F020D09237C747863
!
!
!
!
!
username
!
!
ip ssh authentication-retries 5
bridge irb
!
!
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers aes-ccm
!
ssid CIP2.4Ghz
!
antenna gain 0
stbc
speed basic-1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23.
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
!
encryption vlan 1 mode ciphers aes-ccm
!
ssid CIP5.0Ghz
!
antenna gain 0
peakdetect
dfs band 3 block
stbc
speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 m0. m1. m2. m3. m4. m5. m6. m7. m8. m9. m10. m11. m12. m13. m14. m15. m16. m17. m18. m19. m20. m21. m22. m23. a1ss7 a2ss7 a3ss7
channel dfs
station-role root
!
interface Dot11Radio1.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface GigabitEthernet0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface GigabitEthernet1
no ip address
shutdown
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface BVI1
mac-address f07f.062f.e124
ip address 192.168.1.10 255.255.255.0
ipv6 address dhcp
ipv6 address autoconfig
ipv6 enable
!
ip default-gateway 192.168.1.1
ip forward-protocol nd
ip http server
ip http authentication aaa
no ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
!
snmp-server community defaultCommunity RW
!
access-list 111 permit tcp any any neq telnet
bridge 1 route ip
!
!
!
line con 0
access-class 111 in
line vty 0 4
access-class 111 in
length 0
transport input all
!
sntp server us.pool.ntp.org
sntp broadcast client
end
_________________________________________________
thanks in advance.
04-30-2015 10:18 AM
honestly, if the clients connect in the first place, I wouldn't think it was an encryption issue, more of a coverage issue.
And I wouldn't do a separate SSID for 2.4 and 5GHz, you should just have SSID for both radios.
You could be having an issue of the client being on 5GHz and having it's signal be too low, and it attempts to move to 2.4GHz but the client has to switch SSID which can cause you some weird issues.
So first thing I would try is consolidating to one SSID, and checking the signal of the 5GHz radio in your areas.
HTH,
Steve
04-30-2015 05:57 PM
Here is the log with some errors. The distance between the farthest room is less than 25. It only have one door in the middle.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide