The terminal network is sometimes disconnected

                                                                     Internet

                                                                          |

                                                                     Firewall

                                                              |                      |

PC —— AP1 —— Access sw1 —— core sw 1 ==== core sw 2 —— Access sw2 —— AP2 —— PC

Core Switch makes IRF.

The FIT AP+AC local forwarding mode is used on site, the terminal accesses the AP wirelessly, and the network sometimes disconnected

1. Check AP status and radio port configuration is normal.

2. Environmental test, two terminals connected to different APs, one terminal can always ping through ping 8.8.8.8 -t, and one terminal cannot ping through using ping 8.8.8.8 -t, but sometimes the terminal can use the browser to access the Google page. There is a phenomenon that the customer said that the network is sometimes disconnected.

3. These two AP ping upstream and core switches do not lose packets.

4. Configured with Qos on the core switch to check that the device is inbound and outbound packets.

dis qos policy interface GigabitEthernet 2/2/0/1

Interface: GigabitEthernet2/2/0/1

  Direction: Inbound

  Policy: p4

   Classifier: c4

     Operator: AND

     Rule(s) :

      If-match acl 3004

     Behavior: b4

      Accounting enable:

        0 (Packets)

        0 (pps)

Interface: GigabitEthernet2/2/0/1

  Direction: Outbound

  Policy: p2

   Classifier: c2

     Operator: AND

     Rule(s) :

      If-match acl 3002

     Behavior: b2

      Accounting enable:

        0 (Packets)

        0 (pps)

dis qos policy interface GigabitEthernet 1/2/0/1

Interface: GigabitEthernet1/2/0/1

  Direction: Inbound

  Policy: p4

   Classifier: c4

     Operator: AND

     Rule(s) :

      If-match acl 3004

     Behavior: b4

      Accounting enable:

        4 (Packets)

        0 (pps)

Interface: GigabitEthernet1/2/0/1

  Direction: Outbound

  Policy: p2

   Classifier: c2

     Operator: AND

     Rule(s) :

      If-match acl 3002

     Behavior: b2

      Accounting enable:

        4 (Packets)

        0 (pps)

# Qos of unworking client -> use g2/2/0/1 port and only has the outbound packet, doesn"t have the inbound packet.

dis qos policy interface  g2/2/0/1

Interface: GigabitEthernet2/2/0/1

  Direction: Inbound

  Policy: p3

   Classifier: c3

     Operator: AND

     Rule(s) :

      If-match acl 3003

     Behavior: b3

      Accounting enable:

        0 (Packets)

        0 (pps)

Interface: GigabitEthernet2/2/0/1

  Direction: Outbound

  Policy: p1

   Classifier: c1

     Operator: AND

     Rule(s) :

      If-match acl 3001

     Behavior: b1

      Accounting enable:

        8 (Packets)

        0 (pps)

dis qos policy interface  g1/2/0/1

Interface: GigabitEthernet1/2/0/1

  Direction: Inbound

  Policy: p3

   Classifier: c3

     Operator: AND

     Rule(s) :

      If-match acl 3003

     Behavior: b3

      Accounting enable:

        0 (Packets)

        0 (pps)

Interface: GigabitEthernet1/2/0/1

  Direction: Outbound

  Policy: p1

   Classifier: c1

     Operator: AND

     Rule(s) :

      If-match acl 3001

     Behavior: b1

      Accounting enable:

        0 (Packets)

5. Check that the firewall port is only connected to port g1/2/0/1, but not connected to port g2/2/0/1.

dis lldp ne li

Chassis ID : * -- -- Nearest nontpmr bridge neighbor

             # -- -- Nearest customer bridge neighbor

             Default -- -- Nearest bridge neighbor

System Name   Local Interface     Chassis ID      Port ID

Firewall                GE1/0/2         xxxx-xxxx-xxxx  GigabitEthernet1/2/0/1

Core switch g1/2/0/1 and g2/2/0/1 are aggregated, but the g2/2/0/1 port is not connected to the uplink firewall.   In load balancing mode, some traffic exits from the g1/2/0/1 port, and some exits from the g2/2/0/1 port.   Traffic from the 1/2/0/1 port can be accessed normally.   The traffic from the g2/2/0/1 port cannot.

Connect port g2/2/0/1 to the firewall.