WX3510H Local Forwarding Terminal Association Exception Problem at a site

Local forwarding with authentication and association points on the AP

A local site uses WX3510H local forwarding network, the service template is configured with PSK encryption, the authentication point and association point are configured on the AP, and the remote AP is configured, but the AP is always registered. At this time, it is found that the terminal has been unable to associate. As long as the authentication point and association point are modified on the AC, it can be associated. The site also indicates that AC and AP are connected through VPN.

1, first of all, even if the remote AP is configured, but the actual AP has been the registered state, indicating that the remote AP is not in effect. The actual problem is that the authentication point and the association point on the AP will cause the terminal can not be associated.

2, check the configuration is nothing special, are simple normal configuration.

wlan service-template 1

 ssid h3c

 client association-location ap

 client forwarding-location ap vlan 1

 client-security authentication-location ap

 akm mode psk

 preshared-key pass-phrase cipher $c$3$71/K7hwQ4F2dtEYhF2Z1VJNrJYBk75VdHLkH

 cipher-suite ccmp

 security-ie rsn

 service-template enable

wlan ap-group aaa

 vlan 1

 if-match ip X.X.X.X 255.255.0.0

 hybrid-remote-ap enable

 ap-model WA5320

  map-configuration flash:/123. txt

  radio 1

   service-template 2 vlan 1

  radio 2

   service-template 2 vlan 1

  gigabitethernet 1

  gigabitethernet 2

3. Afterwards, debug wlan client mac X-X-X information is collected on the AP and the exception log is found to be

Jun 30 07:35:37:131 2020 X-X-X STAMGR/6/STAMGR_CLIENT_OFFLINE: Client X-X-X went offline from BSS X-X-X with SSID h3c on AP FitAP Radio ID 2. State Reason: Failed to synchronize client state to uplink devices.

From the logs, it seems that the AP and AC failed to synchronize the terminal information, combined with the AP and AC is a VPN connection, it is suspected that the link problem caused.

4. Configure the fragment-size command in AP view. This command is used to configure the maximum length of the CAPWAP control message or data message fragment, and the terminal can be associated normally after modification.

[Sysname-ap-ap1] fragment-size control 1300

[Sysname-ap-ap1] fragment-size data 1300

Configure the fragment-size command in AP view or AP group view to modify the maximum length of the CAPWAP control message or data message fragment.