Troubleshooting WLAN connectivity on the network

Access points

The network side of a WLAN solution consists of the APs to which the users connect, the controllers behind the APs (or intelligent APs), Layer 2 LAN switches the APs connect to, authentication servers, routers, and the protocols in use among all of these elements. All of the elements have to be configured properly in order for the user to connect to the WLAN infrastructure and for data to be transmitted successfully over that connection. Before continuing, I should mention that some WLAN solutions utilize controllers (boxes that control the APs), whereas others have the intelligence built into the APs themselves. These are commonly referred to as "thin client" (controller-based) and "fat client" (intelligent APs). For the purposes of this discussion, I am going to focus on general networking aspects rather than specific troubleshooting techniques associated with thin- or fat-client solutions.

Layer 2 and LAN issues

Let's start with Layer 2. Each AP must physically connect to a LAN switch and reside in a VLAN. These can be single-port connections (one VLAN) or trunk connections (multiple VLANs). Either way, this is the first place to begin troubleshooting. Log on to the switch and see whether the switch port the AP is plugged into recognizes that an AP is connected. On Cisco switches you can use the "show...

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Engineering Desktop virtualization network requirements Preventing hacker attacks with network behavior analysis IPS Internal cloud computing on the cheap: Free automated provisioning? Improved storage performance without adding more disk Troubleshooting -- 'Network Know-How' Chapter 17 Windows Server 2008 IP routing configuration: Static and dynamic RIPv2 Understand Windows tracert output to troubleshoot network connectivity Using tracert and TTL to troubleshoot network connectivity problems 10 Gigabit Ethernet interconnect solutions: Investigate carefully before choosing Optimization of the data center with 10 Gigabit Ethernet Troubleshooting Wireless Networks University tackles large-scale 802.11n wireless network management Why is my network adapter not working after a Vista Business upgrade? Meru reinvents wireless LAN troubleshooting and management APs drop connection in WLAN configured as a wireless mesh network How to plan for 802.11n wireless LAN upgrades Vendors strive to automate wireless LAN troubleshooting and management Fluke gets WLAN design, management, security cred with AirMagnet Wi-Fi RTLS for WLAN management, location-based security, asset tracking How radio frequency (RF) of microwaves alter wireless signal strength Distributed antenna systems and WLAN: A network management burden Troubleshooting Wireless Networks Research Wireless LAN Implementation University tackles large-scale 802.11n wireless network management Why is my network adapter not working after a Vista Business upgrade? How many wireless base stations can connect to 802.11g access points? 802.11n wireless APs bring IP video to sprawling Illinois high school No data cable? Wireless mesh networking the answer for Wi-Fi backhaul Integrated wireless and wired LAN: Brocade-Motorola deal ups the ante 802.11n WLAN architecture strategies: The 2.4 vs. 5 GHz band debate 802.11n upgrade: College ditches legacy network for new vendor 802.11n ratification will drive down wireless LAN prices How does Wi-Fi ad-hoc mode react when 802.11n and legacy peers are present?

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary 802.11a  (SearchNetworking.com) home agent  (SearchNetworking.com) iDEN  (SearchNetworking.com) radio frequency  (SearchNetworking.com) repeater  (SearchNetworking.com) spectrum analyzer  (SearchNetworking.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

port" or "show trunk" command to see whether the switch recognizes the AP. Another command you can use to verify that the switch sees the AP's MAC address is "show mac-address-table." The configurations on the switch must match the configurations on the AP as it relates to VLANs and trunk settings. This is a common oversight.

Routing

Secondary to the Layer 2 LAN/VLAN is the routing of the traffic. In most cases, the APs reside on one VLAN, the authentication servers reside on another, and DHCP servers reside on yet another. In order to communicate across VLANs, the traffic must be routed. In most cases, this requires adding the WLAN VLANs to the router interfaces. This is usually a virtual interface on a route processor (in Cisco's case, the MSFC). Once the interface is added, configured and enabled, you should log on to a router (preferably one that has the routes to the DNS server and the authentication server) and ping the AP from the router. If this is successful, you can assume that the route is being advertised properly.

Each time you connect to an AP you must put in an SSID. The SSID puts you into a VLAN from which IP addresses and such are assigned. For example, you may have a "guest" SSID and an "employee" SSID. These would need to be in separate VLAN's to segment the traffic. Each of the WLAN VLANs -- guest and employee -- would have a VLAN interface on the switch and the router.

Authentication

The next area to focus on is the authentication server. While authentication can be handled in a multitude of ways (including Active Directory and Windows authentication), the most common mechanism is to use a RADIUS server. The RADIUS server must contain usernames and passwords (or point to databases that store these, such as LDAP, AD and Windows) that map to the usernames and passwords configured on the client WLAN cards.

Remember that there is network association (SSID), then authentication, then encryption. If the WLAN is using 802.1x, the AP and the RADIUS server will most likely perform a network authentication. This means that a matching password must be configured on the AP and the RADIUS server. If there is a mismatch, it will not matter if the client and RADIUS server match.

That's the basics, but these common oversights lead to many WLAN communication problems. A best practice is to get the WLAN working and document everything so that changes and modifications can easily be identified and rectified. Instituting some form of change control (a process to track and institute network changes) can also be very beneficial in preventing a necessary change from affecting other areas of the network.

Robbie Harrell (CCIE#3873) is the National Practice Lead for Advanced Infrastructure Solutions for SBC Communications. He has more than 10 years of experience providing strategic, business and technical consulting services. Robbie lives in Atlanta and is a graduate of Clemson University. His background includes positions as a principal architect at International Network Services, Lucent, Frontway and Callisma.

Rate this Tip To rate tips, you must be a member of SearchNetworking.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.