cipher-suite ccmp 在 iOS 14 下连接WIFI非常慢
- 0关注
- 1收藏,1783浏览
问题描述:
当配置 cipher-suite ccmp 的时候, iPhone手机连接WIFI非常慢, 下面两句日志中间足足隔了8秒. 而使用 cipher-suite tkip 连接WIFI就非常快。
这是哪里配置有误导致的么? 目前测试只有iOS 会这样, android, macOS, windows都是很正常的。
%Mar 23 21:09:02:068 2021 AC WMAC/6/WMAC_CLIENT_GOES_OFFLINE: Client 5af3-ce3a-0959 disconnected from WLAN TV-1. Reason code is 8.
[AC-wlan-st-4]
%Mar 23 21:09:10:380 2021 AC WMAC/6/WMAC_CLIENT_JOIN_WLAN: Client 5af3-ce3a-0959 successfully joins WLAN TV-1, on APID 4 with BSSID 84d9-317c-d600.
影响连接网络的配置段落:
wlan service-template 4 crypto
ssid TV-1
bind WLAN-ESS 4
cipher-suite ccmp
security-ie rsn
client forwarding-mode local vlan 13
service-template enable
日志如下:
#Mar 23 21:09:02:067 2021 AC WMAC/4/Station Deassociate: Station Deassoc:1.3.6.1.4.1.25506.2.75.3.2.0.5<hh3cDot11StationDeAssocTrap> StaMac1:5A:F3:CE:3A:09:59 StaMac2:5A:F3:CE:3A:09:59 UserName: StaMac3:5A:F3:CE:3A:09:59 VLANId:13 Radioid:1 SSIDName:TV-1 SessionDuration:144 APID:219801A0X59169G00168 AP Name:84d9-317c-d600 BSSID:84:D9:31:7C:D6:00
%Mar 23 21:09:02:068 2021 AC WMAC/6/WMAC_CLIENT_AUTH_LOGOFF: MAC Address:5af3-ce3a-0959, IP:10.0.13.66, UserName:5af3ce3a0959, AP-name:84d9-317c-d600, Radio id:1, Channel Number:40, SSID:TV-1, BSSID:84d9-317c-d600
%Mar 23 21:09:02:068 2021 AC WMAC/6/WMAC_CLIENT_GOES_OFFLINE: Client 5af3-ce3a-0959 disconnected from WLAN TV-1. Reason code is 8.
[AC-wlan-st-4]
%Mar 23 21:09:10:380 2021 AC WMAC/6/WMAC_CLIENT_JOIN_WLAN: Client 5af3-ce3a-0959 successfully joins WLAN TV-1, on APID 4 with BSSID 84d9-317c-d600.
%Mar 23 21:09:10:386 2021 AC PORTSEC/6/PORTSEC_MACAUTH_LOGIN_SUCC: -IfName=WLAN-DBSS4:115-MACAddr=5A:F3:CE:3A:09:59-VlanId=13-UserName=5af3ce3a0959-UserNameFormat=MAC address; The user passed MAC address authentication and got online successfully.
%Mar 23 21:09:28:251 2021 AC WMAC/6/WMAC_CLIENT_AUTH_LOGIN: MAC Address:5af3-ce3a-0959, IP:169.254.84.187, UserName:5af3ce3a0959, AP-name:84d9-317c-d600, Radio id:1, Channel Number:40, SSID:TV-1, BSSID:84d9-317c-d600
%Mar 23 21:09:29:239 2021 AC DHCPS/5/DHCPS_ALLOCATE_IP: DHCP server information: Server IP = 10.0.13.31, DHCP client IP = 10.0.13.66, DHCP client hardware address = 5af3-ce3a-0959, DHCP client lease = 86400.
%Mar 23 21:09:29:241 2021 AC WMAC/6/WMAC_CLIENT_AUTH_LOGIN: MAC Address:5af3-ce3a-0959, IP:169.254.84.187, IP:10.0.13.66, UserName:5af3ce3a0959, AP-name:84d9-317c-d600, Radio id:1, Channel Number:40, SSID:TV-1, BSSID:84d9-317c-d600
%Mar 23 21:09:30:963 2021 AC WMAC/6/WMAC_CLIENT_AUTH_LOGIN: MAC Address:5af3-ce3a-0959, IP:10.0.13.66, IP:169.254.84.187, UserName:5af3ce3a0959, AP-name:84d9-317c-d600, Radio id:1, Channel Number:40, SSID:TV-1, BSSID:84d9-317c-d600
%Mar 23 21:09:30:964 2021 AC WMAC/6/WMAC_CLIENT_AUTH_LOGIN: MAC Address:5af3-ce3a-0959, IP:169.254.84.187, IP:10.0.13.66, UserName:5af3ce3a0959, AP-name:84d9-317c-d600, Radio id:1, Channel Number:40, SSID:TV-1, BSSID:84d9-317c-d600
%Mar 23 21:16:56:073 2021 AC WMAC/6/WMAC_CLIENT_JOIN_WLAN: Client b809-8a50-f67f successfully joins WLAN WIFI-1, on APID 4 with BSSID 84d9-317c-d611.
组网及组网描述:
#
sysname AC
#
domain default enable imc
#
dns proxy enable
dns server 202.96.128.86
#
telnet server enable
#
port-security enable
#
dot1x authentication-method eap
#
wlan client learn-ipaddr enable
#
wlan auto-ap enable
wlan auto-persistent enable
#
password-recovery enable
#
vlan 1
#
vlan 12 to 13
#
radius scheme rad
server-type extended
primary authentication 111.111.111.111
primary accounting 111.111.111.111
key authentication cipher $c$3$iVKklbXCq/y1/fluFszZ6ztnaVew1WgyGzGTF8Q=
key accounting cipher $c$3$iVKklbXCq/y1/fluFszZ6ztnaVew1WgyGzGTF8Q=
user-name-format without-domain
retry stop-accounting 10
accounting-on enable send 3
dhcp server ip-pool 12
network 10.0.12.0 mask 255.255.255.0
gateway-list 10.0.12.31
#
dhcp server ip-pool 13
network 10.0.13.0 mask 255.255.255.0
gateway-list 10.0.13.11
dns-list 202.96.128.86
#
user-group system
group-attribute allow-guest
#
local-user admin
password hash cipher $h$6$otCPU+QwxP71BFly$j1fXCaIxbPfp/cg+TNrPyz2PjcV8WPZsW/PV/SlPLnpIv0FhDmHd8cth5/beqMb57lROCYZfY7mc38Krh+NVqQ==
authorization-attribute level 3
service-type telnet
service-type web
#
wlan rrm
dot11a mandatory-rate 6 12 24
dot11a supported-rate 9 18 36 48 54
dot11b mandatory-rate 1 2
dot11b supported-rate 5.5 11
dot11g mandatory-rate 1 2 5.5 11
dot11g supported-rate 6 9 12 18 24 36 48 54
#
wlan service-template 1 clear
ssid H3C
bind WLAN-ESS 1
service-template enable
#
wlan service-template 2 crypto
ssid WIFI-EAP-1
bind WLAN-ESS 2
cipher-suite ccmp
security-ie rsn
client forwarding-mode local vlan 13
#
wlan service-template 3 crypto
ssid WIFI-1
bind WLAN-ESS 3
cipher-suite ccmp
security-ie rsn
client forwarding-mode local vlan 13
service-template enable
#
wlan service-template 4 crypto
ssid TV-1
bind WLAN-ESS 4
cipher-suite ccmp
security-ie rsn
client forwarding-mode local vlan 13
service-template enable
#
ssl server-policy eap-policy
pki-domain do
#
wlan ap-group default_group
ap 307b-acb1-47a0
country-code AU
dot11a service-template 3 vlan-id 13
dot11a service-template 4 vlan-id 13
dot11bg service-template 3 vlan-id 13
dot11bg service-template 4 vlan-id 13
dot11a radio enable
dot11bg radio enable
client idle-timeout 86400
map-configuration apcfg.txt
#
interface Cellular1/0/1
async mode protocol
link-protocol ppp
#
interface NULL0
#
interface Vlan-interface1
ip address 192.168.11.31 255.255.255.0
#
interface Vlan-interface12
ip address 10.0.12.31 255.255.255.0
#
interface Vlan-interface13
ip address 10.0.13.31 255.255.255.0
#
interface GigabitEthernet1/0/5
port link-mode route
nat outbound
pppoe-client dial-bundle-number 10
dns server 202.96.128.86
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 12 to 13
port trunk pvid vlan 12
#
interface GigabitEthernet1/0/2
port link-mode bridge
#
interface GigabitEthernet1/0/3
port link-mode bridge
#
interface GigabitEthernet1/0/4
port link-mode bridge
#
interface WLAN-ESS4
port link-type hybrid
undo port hybrid vlan 1
port hybrid vlan 13 untagged
port hybrid pvid vlan 12
mac-vlan enable
port-security port-mode mac-and-psk
port-security tx-key-type 11key
port-security preshared-key pass-phrase cipher $c$3$CYdQB8V0ToKNKp47SUaofeWnMLOXMJ97/RJo
mac-authentication domain imc
#
wlan ap 84d9-317c-f6c0 model WAP712C id 5
map-configuration apcfg.txt
serial-id 219801A0X59169G00500
client idle-timeout 86400
country-code AU
radio 1
service-template 3 vlan-id 13
service-template 4 vlan-id 13
radio enable
radio 2
service-template 3 vlan-id 13
service-template 4 vlan-id 13
radio enable
#
wlan ips
malformed-detect-policy default
signature deauth_flood signature-id 1
signature broadcast_deauth_flood signature-id 2
signature disassoc_flood signature-id 3
signature broadcast_disassoc_flood signature-id 4
signature eapol_logoff_flood signature-id 5
signature eap_success_flood signature-id 6
signature eap_failure_flood signature-id 7
signature pspoll_flood signature-id 8
signature cts_flood signature-id 9
signature rts_flood signature-id 10
signature addba_req_flood signature-id 11
signature-policy default
countermeasure-policy default
attack-detect-policy default
virtual-security-domain default
attack-detect-policy default
malformed-detect-policy default
signature-policy default
countermeasure-policy default
#
ip route-static 0.0.0.0 0.0.0.0 10.0.13.11
#
snmp-agent
snmp-agent local-engineid 800063A20360DA83B40DD1
snmp-agent community read public
snmp-agent community write private
snmp-agent sys-info version all
#
dhcp server forbidden-ip 10.0.12.0 10.0.12.50
dhcp server forbidden-ip 10.0.13.0 10.0.13.50
#
dhcp enable
#
ntp-service refclock-master 2
#
dialer-rule 10 ip permit
#
local-server authentication eap-profile default-profile
#
load xml-configuration
#
user-interface con 0
idle-timeout 35791 0
user-interface tty 4
user-interface vty 0 4
authentication-mode scheme
user privilege level 3
#
return
- 2021-02-19提问
- 举报
-
(0)
您好,请知:
无线网络连接慢,以下是排查要点,请参考:
1、使用不加密看下是否能链接快。
2、看下DHCP地址池的IP空间范围是否足够使用。
3、调整下信道和功率看下是否能优化。
4、看下无线设备的软件版本是否最新,可考虑升级到最新。
- 2021-02-19回答
- 评论(0)
- 举报
-
(0)
暂无评论
麻烦参考如下案例进行优化:
1. 规划信道,附件有个扫描ap信道的软件,您电脑连上无线之后,可以看到当前网络中信道使用情况,2.4g信道优化选择1 6 11 2 7 12这几个信道,软件中扫描出来比较严重的信道不要使用,相邻的两个ap间信道不要一致。测试时请关闭无线扫描软件。
【举例】
# 设置射频的工作信道为6。
<sysname> system-view
[sysname] wlan ap ap3 model WA4320i-AGN
[sysname-wlan-ap-ap3] radio 1
[sysname-wlan-ap-ap3-radio-1] channel 6
2. ap之间如果间隔较近。建议修改ap射频的功率:
【举例】
# 配置射频的最大传输功率为5dBm。
<sysname> system-view
[sysname] wlan ap ap3 model WA4320i-ACN
[sysname-wlan-ap-ap3] radio 1
[sysname-wlan-ap-ap3-radio-1] max-power 17
3. 关闭RRM低速率
【举例】
# 配置802.11g模式的射频速率(禁用速率:1、2、5.5、6、9Mbps)。
[WX5540H-wlan-ap-test-radio-2]rate disabled 1 2 5.5 6 9 //AP radio视图
[WX5540H-wlan-ap-group-ceshi-ap-model-WA4320-ACN-radio-2]rate disabled 1 2 5.5 9 //AP 组 radio视图
4. 关闭广播Probe探测回应
【举例】
# 在ap1上开启AP不回应广播Probe request报文功能。(AP视图)
<Sysname> system-view
[Sysname] wlan ap ap1 model WA4320i-ACN
[Sysname-wlan-ap-ap1] broadcast-probe reply disable
- 2021-02-19回答
- 评论(0)
- 举报
-
(0)
暂无评论
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论