WLAN Troubleshooting - d2cpnw0u24fjm4.cloudfront.net latest and greatest 802.11ac technology #takethepledge . Proper design reduces support calls ... 192.168.100.10 10.5.1.10 shared

WLAN Troubleshooting It ‘s not rocket science

WLAN Professionals Conference February/2016

© Aerohive Networks, Proprietary & Confidential


Overview

2

• Introduction

• Five Tenets of WLAN Troubleshooting

• Layer 1

• Layer 2

• Higher Layers

David Coleman Senior Mobility Leader - Aerohive Networks

CWNE #4

@mistermultipath

Who am I?

Sybex CWNA Study Guide

4th Edition

ISBN: 978-1119067764

Who am I?

Co-author of:

http://amzn.com/1119067766

Coming Soon: Sybex CWSP Study Guide

2nd Edition

ISBN: 978-1119211082

Amazon preorder:


Who am I?




Five Tenets of WLAN Troubleshooting

© Aerohive Networks, Proprietary & Confidential 6

• Follow troubleshooting best practices

• Move up the OSI model

• Most Wi-Fi problems are client issues

• Wi-Fi performance problems can usually

be avoided with proper WLAN design

• WLAN always gets the blame

Troubleshooting Best Practices


Identify the issue by asking questions:

•When is the problem happening?

•Where is the problem happening?

•Does the problem affect one client or numerous

clients?

•Does the problem reoccur or did it just happen

once?

•Did you make any changes recently?

Troubleshooting Best Practices

8

• Identifying the issue (ask questions)

•Recreate problem (ask questions)

•Locate and isolate the cause (ask questions)

•Formulate a plan of solving the problem

• Implement the plan

•Test to very the problem is resolved (don’t get side-tracked)

•Document the problem and the solution

•Provide feedback to the user ]\

OSI Model


7 Application

6 Presentation

5 Session

4 Transport

3 Network

2 Data Link

1 Physical

•Trouble the WLAN just like you

would troubleshoot a wired

network

•Move up the OSI model

•802.11 technology only operates

at Layer 1 and 2

• If the problem does not exist in

the first two layers, it is not a Wi-Fi

problem

OSI Model


7 Application

6 Presentation

5 Session

4 Transport

3 Network

2 Data Link

1 Physical

IP address, routing, ports firewalls

Wi-Fi: RF and configuration, drivers,

WLAN security sessions, WLAN

design, VLANs, etc.

RADIUS, Active Directory, DNS,

DHCP, NTP and user applications

The client is usually the culprit


• Is the radio on?

•Disable the WLAN NIC

•Enable the WLAN NIC

The client is usually the culprit


•Bad drivers

•Compatibility issues

• Improperly configured

supplicant

Upgrade your clients first


“Where we are going, we don’t need 802.11b”

•Customer is willing to pay $$$ for WLAN infrastructure

upgrades but not for client upgrades?

•Sadly… client-side technology updates are slow

But… it’s backward compatible!


• Legacy client

devices often cannot

connect when new

802.11 technology is

introduced

•Client drivers do not

know how to handle

new Information

Elements in Beacons

•Example: Fast BSS

Transition IE

Upgrade your clients first


clients.mikealbano.com

http://clients.mikealbano.com/

Clients are not happy on 2.4 GHz


• 2.4 GHz is a disaster zone

• Only three usable channels

• Impossible to prevent CCI

• High SNR

• Oversaturation of 802.11 devices

• Non-802.11 transmitter interference

5 GHz is the answer


Dynamic Frequency Selection

U-NII-2A

38 46 54 62

U-NII-1 U-NII-2C U-NII-3 U-NII-4

102 110 118 126 134 142 151 159

42 58 106 122 138 155

50 114

70 78 86 94

74 90

82

U-NII-2B

36

40

44

48

52

56

60

64

10

0

10

4

10

8

11

2

11

6

12

0

12

4

12

8

13

2

13

6

14

0

14

4

14

9

15

3

15

7

16

1

16

5

17

3

17

7

18

1

16

9

68

72

76

80

84

88

92

96

5.15 5.25 5.35 5.47 5.725 5.925 5.825

5.85

167 175

171

163

Take the Pledge


• Do not deploy 802.11

clients that transmit

exclusively on 2.4 GHz.

• This pledge should be for

all 802.11 devices.

• Ensure that the 5 GHz

radios support DFS

channels.

• Ensure that they support

the latest and greatest

802.11ac technology

#takethepledge

Proper design reduces support calls


•Airtime Consumption

•Reduce CCI

•Reduce L2 overhead

•Data Rate Pruning (Disable

Lower rates)

•20 MHz Channels

•40 MHz – DFS

•Static channel and power

settings

Low Power is Good High Power is BAD


•Capacity Problems

• Increase CCI

•Hidden Node

•Mismatch power

•Roaming – Sticky

problems

Blame


Your Wi-Fi sucks!

Layer 1


70 % of problems are at Layer 1

•RF Interference

•Client radio and driver problems

•Misconfigured client (supplicant)

security settings

•Power Over Ethernet (Poe)

•Firmware issues on Access Points

(Bugs)

1 Physical

7 Application

6 Presentation

5 Session

4 Transport

3 Network

2 Data Link

23

•Spectrum analysis will find

RF inference

•Learn basic Wi-Fi shapes:

(HR)-DSSS, OFDM

•Learn to recognize

narrow band and wide

band interferers.

•Bring a hammer with you.

Layer 1: RF Interference

Layer 1: PoE Power Budget

24

•Careful PoE budget planning is a must

•Access points will randomly reboot if a power budget has

been exceeded and the APs cannot draw their necessary

required power

• PoE problems will grow with the

introduction of 4x4:4 MIMO APs that

require more than 15.4 Watts.

• 802.3at (PoE+)

Layer 1: Bugs


•Often occurs after AP

firmware updates

•Supply the WLAN vendor

with packet captures and

tech data logs

Layer 2


Time to move up the OSI model

•Roaming problems

•Layer 2 retries

•Authentication and association

problems

1 Physical

2 Data Link

Layer 2: 802.11 protocol analysis


•Roaming

•Layer 2 retries affects

performance

•Authentication and

Association mechanisms

Layer 2: Roaming Problems


•Drivers (client problem)

•Sticky Problems (bad

design)

• Layer 3 roaming

AP #1 AP #2

Roaming client station

BSSID

#1

BSSID

#2

Layer 2: Fast Secure Roaming


Roam

RADIUS Server

•Do clients support

Opportunistic Key Caching

(OKC)?

•Do clients support 802.11r

and 802.11k mechanisms?

Layer 2 Retransmissions

30

Transmitting radio sends a unicast frame

CRC passes

Receiver radio sends L2 ACK frame

Layer 2 Retransmissions

31

Transmitting radio sends a unicast frame

CRC fails No ACK frame sent by receiver

Transmitting radio sends L2 retransmission

Layer 2 Retransmissions - Cause


•RF interference (Layer 1)

• Low SNR (Layer 1) (bad design)

•Adjacent cell interference (bad design)

•Hidden Node (bad design)

CRC fails

Layer 2 Retransmissions - Effect

33

• Throughput goes down

•Latency goes up

Layer 2: PSK Authentication Troubleshooting


•Passphrase mismatch

•PMKs never properly created

•4-Way Handshake fails

LDAP

EAP EAP

RADIUS CLIENT AP

Root CA cert Server cert

Layer 2: 802.1X/EAP

• Extensible Authentication

Protocol (EAP)

• Server certificate and Root

CA certificate

• Tunneled authentication using

SSL/TLS

• 802.1X: Port based access control

• Authorization Framework

• Supplicant

• Authenticator

• Authentication Server

• Integrates with LDAP

Layer 2: 802.1X/EAP Troubleshooting


Unable to reach RADIUS server



Unable to reach RADIUS server. Possible causes: • Shared secret mismatch

• Incorrect IP settings on AP or RADIUS server

• Authentication port mismatch

• LDAP communications error



LDAP RADIUS AP

•Shared secret mismatch

• Incorrect IP settings on AP or RADIUS server

•Authentication port mismatch (default is 1812)

•LDAP communications error

shared secret

Port: 1812

192.168.100.10

shared secret

Port: 1645

10.5.1.10



SSL tunnel is not successful



•SSL tunnel fails = certificate problem

•Expired certificate

•Root certificate installed in wrong store

• Incorrect clock settings

•Mismatched EAP types

LDAP

EAP EAP

RADIUS CLIENT AP




External RADIUS server could not accept the access

request from the client. Possible causes: • Expired password or user account

• Wrong password

• User does not exist in LDAP

• User authentication or machine authentication

Layer 2: 802.1X Troubleshooting


Blog URL: Troubleshooting-EAP

LDAP

EAP EAP

RADIUS CLIENT AP


http://boundless.aerohive.com/blog/troubleshooting-8021xeap-connectivity-with-hivemanager-tools.html



Layers 3-7


Not a Wi-Fi problem

•Networking problem

•Firewall problem

•Application problem

1 Physical

7 Application

6 Presentation

5 Session

4 Transport

3 Network

2 Data Link

Client cannot get an IP address


DHCP

server 10.5.1.10

Router IP Helper

10.5.1.10

Switch VLANS 2, 8, 10

CLIENT

VLAN 2 - Scope 192.168.20.0/24

VLAN 5 - Scope 192.168.30.0/24

VLAN 8 - Scope 192.168.30.0/24

SSID: Teacher – VLAN 5

SSID: Student – VLAN 8

169.255.255.202

802.1Q

DHCP Probe


DHCP

server 10.5.1.10

Router IP Helper

10.5.1.10


CLIENT



DHCP request

Lease offer

NAK

802.1Q

Points of failure


DHCP

server 10.5.1.10

Router IP Helper

10.5.1.10


CLIENT



802.1Q


Questions

47

Thank you


Documents

WLAN Troubleshooting - d2cpnw0u24fjm4.cloudfront.net latest and greatest 802.11ac technology #takethepledge . Proper design reduces support calls ... 192.168.100.10 10.5.1.10 shared