Hello,

  I encounter a strange problem on several AP 1242 in version 12.4(25d)JA1 of a customer :

  He has 10 autonomous AP covering a factory and is using them for laptop connectivity and TOIP with mainly 7921 Cisco Wifi Phones.

  The phones are configured to use only 802.11a.

  The APs loose LAN connectivity randomly and therefore the clients don't work anymore.

  The AP are connected on a 2960 and a 3560 wich are in turn connected on a 3750 wich route the trafic.

  After checking spanning-tree no loops are present.

  When I check the counters on the AP involved I see the "trhottles" and "ignored" counters incrementing on the fa0 link of the AP impacted wich mean I think it can't handle the incoming traffic. This incoming traffic seems not to be too big however. I can see drops on the switch interface connecting the AP.

There is a lot of roaming on the AP due to people walking in the factory with their wifi phones.

Here is a view of the fa0 counters :

AP1242-LOGIST#sh int fa0

FastEthernet0 is up, line protocol is up

  Hardware is PowerPCElvis Ethernet, address is 001d.a1ce.26e2 (bia 001d.a1ce.26e2)

  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Full-duplex, 100Mb/s, MII

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 00:00:00, output 00:00:00, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/160/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 81000 bits/sec, 53 packets/sec

  5 minute output rate 29000 bits/sec, 26 packets/sec

     7447113 packets input, 674891974 bytes

     Received 286839 broadcasts, 0 runts, 0 giants, 549631 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 549631 ignored

     0 watchdog

     0 input packets with dribble condition detected

     4422100 packets output, 609868806 bytes, 0 underruns

     0 output errors, 0 collisions, 4 interface resets

     1 unknown protocol drops

     0 babbles, 0 late collision, 0 deferred

     0 lost carrier, 0 no carrier

     0 output buffer failures, 0 output buffers swapped out

  Here is a small part of logs concerning roaming, i don't see errors or log indicating that something is wrong nor in the switches log :

Jun  6 12:57:27.007: %DOT11-6-ASSOC: Interface Dot11Radio1, Station SEP001E4A3EE15D 001e.4a3e.e15d Associated KEY_MGMT[WPAv2 PSK]

Jun  6 12:57:42.499: %DOT11-6-ASSOC: Interface Dot11Radio1, Station SEP588D09D3A92B 588d.09d3.a92b Reassociated KEY_MGMT[WPAv2 PSK]

Jun  6 12:58:02.620: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 588d.09d3.a92b Reason: Sending station has left the BSS

Jun  6 12:58:03.653: %DOT11-6-ASSOC: Interface Dot11Radio1, Station SEP588D09D3A92B 588d.09d3.a92b Reassociated KEY_MGMT[WPAv2 PSK]

Jun  6 12:59:15.564: %DOT11-6-ROAMED: Station 588d.09d3.a92b Roamed to 001e.134c.5a50

Jun  6 12:59:15.564: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 588d.09d3.a92b Reason: Sending station has left the BSS

Jun  6 12:59:41.905: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 442b.0355.ab28 Reason: Previous authentication no longer valid

Jun  6 12:59:54.728: %DOT11-6-ASSOC: Interface Dot11Radio1, Station SEP442B0355AB28 442b.0355.ab28 Associated KEY_MGMT[WPAv2 PSK]

Jun  6 13:01:12.541: %DOT11-6-ASSOC: Interface Dot11Radio1, Station SEP588D09D3A92B 588d.09d3.a92b Reassociated KEY_MGMT[WPAv2 PSK]

Jun  6 13:02:35.841: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 001e.4a3e.d875 Reason: Previous authentication no longer valid

Jun  6 13:02:36.489: %DOT11-6-ASSOC: Interface Dot11Radio0, Station   ec85.2f7c.c837 Associated KEY_MGMT[WPAv2 PSK]

Jun  6 13:03:29.256: %DOT11-6-ROAMED: Station 588d.09d3.a92b Roamed to 001e.134c.5a50

Jun  6 13:03:29.256: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 588d.09d3.a92b Reason: Sending station has left the BSS

Jun  6 13:04:32.754: %DOT11-6-ASSOC: Interface Dot11Radio1, Station SEP001E4A3ED875 001e.4a3e.d875 Associated KEY_MGMT[WPAv2 PSK]

Jun  6 13:06:47.858: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 001e.4a3e.e15d Reason: Previous authentication no longer valid

Jun  6 13:07:18.107: %DOT11-6-ROAMED: Station 001f.6c7a.5101 Roamed to 001d.a2bb.15b0

Jun  6 13:07:18.107: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 001f.6c7a.5101 Reason: Sending station has left the BSS

Jun  6 13:07:38.109: %DOT11-6-ASSOC: Interface Dot11Radio1, Station SEP588D09D3A92B 588d.09d3.a92b Reassociated KEY_MGMT[WPAv2 PSK]

Jun  6 13:07:42.031: %DOT11-6-ROAMED: Station 588d.09d3.a92b Roamed to 001e.134c.5a50

Jun  6 13:07:42.031: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 588d.09d3.a92b Reason: Sending station has left the BSS

Jun  6 13:07:46.489: %DOT11-6-ASSOC: Interface Dot11Radio1, Station SEP001F6C7A5101 001f.6c7a.5101 Reassociated KEY_MGMT[WPAv2 PSK]

Jun  6 13:08:27.712: %DOT11-6-ASSOC: Interface Dot11Radio1, Station SEP588D09D3A92B 588d.09d3.a92b Reassociated KEY_MGMT[WPAv2 PSK]

Jun  6 13:08:44.502: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 588d.09d3.a92b Reason: Sending station has left the BSS

Jun  6 13:08:44.572: %DOT11-6-ASSOC: Interface Dot11Radio1, Station SEP588D09D3A92B 588d.09d3.a92b Associated KEY_MGMT[WPAv2 PSK]

Jun  6 13:08:56.778: %DOT11-6-ROAMED: Station 588d.09d3.a92b Roamed to 001e.134c.5a50

Jun  6 13:08:56.779: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 588d.09d3.a92b Reason: Sending station has left the BSS

Jun  6 13:09:17.874: %DOT11-6-ROAMED: Station 001f.6c7a.5101 Roamed to 003a.9a92.8d70

Jun  6 13:09:17.874: %DOT11-6-DISASSOC: Interface Dot11Radio1, Deauthenticating Station 001f.6c7a.5101 Reason: Sending station has left the BSS

The AP are configured as follow :

Current configuration : 5184 bytes

!

! No configuration change since last restart

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname AP1242-LOGIST

!

logging rate-limit console 9

!

aaa new-model

!

!

aaa authentication login default local

aaa authorization exec default local

!

aaa session-id common

clock timezone gmt+1 1

clock summer-time gmt recurring last Sun Mar 2:00 last Sun Oct 3:00

!

!

dot11 syslog

dot11 vlan-name Data vlan 11

dot11 vlan-name Voix vlan 14

dot11 vlan-name Webguest vlan 5

!

dot11 ssid WLAN_data

   vlan 11

   authentication open

   authentication key-management wpa

   mbssid guest-mode

   wpa-psk ascii 7 10600C0E261B173C252203797479633F371A29

!

dot11 ssid WLAN_voice

   vlan 14

   authentication open

   authentication key-management wpa

   mbssid guest-mode

   wpa-psk ascii 7 080F49592A1500203B2D25567A7A7622263C0C

!

dot11 ssid Webguest

   vlan 5

   authentication open

   mbssid guest-mode

!

dot11 wpa handshake timeout 1000

dot11 arp-cache

dot11 priority-map avvid

dot11 phone

power inline negotiation prestandard source

!

!

!

!

!

class-map match-all _class_voice0

match ip dscp ef

class-map match-all _class_voice1

match ip dscp cs3

!

!

policy-map voice

class _class_voice0

  set cos 6

class _class_voice1

  set cos 3

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 11 mode ciphers aes-ccm

!

encryption vlan 14 mode ciphers aes-ccm

!

ssid WLAN_data

!

ssid WLAN_voice

!

ssid Webguest

!

mbssid

power client 17

channel 2472

station-role root

dot11 qos class voice local

    admission-control

    admit-traffic narrowband max-channel 75 roam-channel 6

!

dot11 qos class voice cell

    admission-control

!

no cdp enable

infrastructure-client

!

interface Dot11Radio0.5

encapsulation dot1Q 5

no ip route-cache

no cdp enable

bridge-group 5

bridge-group 5 subscriber-loop-control

bridge-group 5 block-unknown-source

no bridge-group 5 source-learning

no bridge-group 5 unicast-flooding

bridge-group 5 spanning-disabled

!

interface Dot11Radio0.11

encapsulation dot1Q 11

no ip route-cache

no cdp enable

bridge-group 11

bridge-group 11 subscriber-loop-control

bridge-group 11 block-unknown-source

no bridge-group 11 source-learning

no bridge-group 11 unicast-flooding

bridge-group 11 spanning-disabled

!

interface Dot11Radio0.14

encapsulation dot1Q 14

no ip route-cache

no cdp enable

bridge-group 14

bridge-group 14 subscriber-loop-control

bridge-group 14 block-unknown-source

no bridge-group 14 source-learning

no bridge-group 14 unicast-flooding

bridge-group 14 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

!

encryption vlan 11 mode ciphers aes-ccm

!

encryption vlan 14 mode ciphers aes-ccm

!

ssid WLAN_data

!

ssid WLAN_voice

!

ssid Webguest

!

no dfs band block

mbssid

channel dfs

station-role root

!

interface Dot11Radio1.5

encapsulation dot1Q 5

no ip route-cache

no cdp enable

bridge-group 5

bridge-group 5 subscriber-loop-control

bridge-group 5 block-unknown-source

no bridge-group 5 source-learning

no bridge-group 5 unicast-flooding

bridge-group 5 spanning-disabled

!

interface Dot11Radio1.11

encapsulation dot1Q 11

no ip route-cache

no cdp enable

bridge-group 11

bridge-group 11 subscriber-loop-control

bridge-group 11 block-unknown-source

no bridge-group 11 source-learning

no bridge-group 11 unicast-flooding

bridge-group 11 spanning-disabled

!

interface Dot11Radio1.14

encapsulation dot1Q 14

no ip route-cache

no cdp enable

bridge-group 14

bridge-group 14 subscriber-loop-control

bridge-group 14 block-unknown-source

no bridge-group 14 source-learning

no bridge-group 14 unicast-flooding

bridge-group 14 spanning-disabled

!

interface FastEthernet0

no ip address

no ip route-cache

speed 100

full-duplex

no cdp enable

hold-queue 160 in

!

interface FastEthernet0.1

encapsulation dot1Q 1 native

no ip route-cache

no cdp enable

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface FastEthernet0.5

encapsulation dot1Q 5

no ip route-cache

no cdp enable

bridge-group 5

no bridge-group 5 source-learning

bridge-group 5 spanning-disabled

!

interface FastEthernet0.11

encapsulation dot1Q 11

no ip route-cache

no cdp enable

bridge-group 11

no bridge-group 11 source-learning

bridge-group 11 spanning-disabled

!

interface FastEthernet0.14

encapsulation dot1Q 14

no ip route-cache

no cdp enable

bridge-group 14

no bridge-group 14 source-learning

bridge-group 14 spanning-disabled

service-policy input voice

service-policy output voice

!

interface BVI1

ip address 10.17.10.5 255.255.255.0

no ip route-cache

!

ip default-gateway 10.17.10.254

ip http server

ip http authentication aaa

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

logging trap warnings

logging 10.15.51.115

no cdp run

bridge 1 route ip

!

!

!

line con 0

line vty 0 4

!

sntp server 10.15.1.50

sntp broadcast client

end

Does someone ever experienced a similar problem ?

When I shut radio interfaces they're is no more problems on the LAN. Can this be an overlapping coverage issue ?

Can someone please give me advices on how to troubleshoot this issue ?

Thank you in advance as I'm a bit stuck.

Best Regards,