Cisco Aironet Last Activity Counter seems not to work causing clients to drop frequently

My current Setup:

• Two SSIDs broadcasted
• SSID 1 (airlan) is configured with dot1X and dynamic vlan association
• SSID 2 (prv) with PSK and a static vlan

I've recognized, that every 60s the devices on the second SSID disconnected from the AP. After some investigation i found out, that 60s is the default activity timeout for non-aironet devices. Increasing this timeout increases the interval they disconnect as expected. This seems to solve the Problem with some devices that stopped reconnecting after some hours or days. But I don't think thats an ideal solution.

Devices connected to the first SSID (airlan) never had this problem and comparing the information given by "show dot11 association xxxx.xxxx.xxx" reveals, that on the second SSID the "Last Activity" counter constantly increases while on the first it resets when activity happens. The AP does not seem to recognize activity (whatever Cisco defines activity as).

Is this a firmware-bug or can I do something different to solve this situation?

Hardware Info

(I know, that there are two newer images, but I don't have access at the moment)

air4#show hardware
Cisco IOS Software, C1600 Software (AP1G2-K9W7-M), Version 15.2(2)JB, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Tue 11-Dec-12 04:30 by prod_rel_team

ROM: Bootstrap program is C1600 boot loader
BOOTLDR: C1600 Boot Loader (AP1G2-BOOT-M) LoaderVersion 15.2(2)JAX, RELEASE SOFTWARE (fc1)

air4 uptime is 1 day, 7 hours, 16 minutes
System returned to ROM by power-on
System restarted at 14:11:45 MET-DST Fri Sep 20 2013
System image file is "flash:/ap1g2-k9w7-mx.152-2.JB/ap1g2-k9w7-mx.152-2.JB"
Last reload reason: 

cisco AIR-SAP1602E-E-K9    (PowerPC) processor (revision A0) with 98294K/32768K bytes of memory.
Processor board ID FGL1710ZCBU
PowerPC CPU at 533Mhz, revision number 0x2151
Last reset from power-on
1 Gigabit Ethernet interface
2 802.11 Radios

32K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address: 00:06:F6:21:XX:XX
Part Number                          : 73-14508-04
PCA Assembly Number                  : 000-00000-00
PCA Revision Number                  : 
PCB Serial Number                    : 
Top Assembly Part Number             : -01
Top Assembly Serial Number           : 
Top Revision Number                  : 
Product/Model Number                 : AIR-SAP1602E-E-K9   

Running Config

Current configuration : 5150 bytes
aaa session-id common
clock timezone met 1 0

clock summer-time MET-DST recurring last Sun Mar 2:00 last Sun Oct 3:00
no ip igmp snooping
ip cef
ip name-server 10.0.1.254
!
!
dot11 syslog
dot11 activity-timeout unknown default 3000
!
dot11 ssid airlan
   vlan 5
   authentication open eap eap_methods 
   authentication key-management wpa version 2
   accounting eap_acct_methods
   mbssid guest-mode
!
dot11 ssid prv
   vlan 60
   authentication open 
   authentication key-management wpa version 2
   mbssid guest-mode
   wpa-psk ascii 7 070E274A4B07125503080E1C163C
!
!
dot11 network-map
dot11 arp-cache optional
crypto pki token default removal timeout 0
!
!
username Cisco password 7 05280F1C2243
!
!
ip ssh version 2
bridge irb
!
!
!
interface Dot11Radio0
 no ip address
 !
 encryption vlan 6 mode ciphers aes-ccm 
 !
 encryption vlan 5 mode ciphers aes-ccm 
 !
 encryption vlan 4 mode ciphers aes-ccm 
 !
 encryption vlan 60 mode ciphers aes-ccm 
 !
 encryption mode ciphers aes-ccm 
 !
 ssid airlan
 !
 ssid prv
 !
 countermeasure tkip hold-time 0
 antenna gain 0
 stbc
 beamform ofdm
 mbssid
 no preamble-short
 station-role root
 no dot11 extension aironet
 world-mode dot11d country-code DE both
!   
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.4
 encapsulation dot1Q 4
 bridge-group 4
 bridge-group 4 subscriber-loop-control
 bridge-group 4 spanning-disabled
 bridge-group 4 block-unknown-source
 no bridge-group 4 source-learning
 no bridge-group 4 unicast-flooding
!
interface Dot11Radio0.5
 encapsulation dot1Q 5
 bridge-group 5