Security optimize

How to troubleshoot your wireless network

The common hardware problems that can cause a wireless network to fail

Both the money savings and the ease of use of wireless LANs are beneficial to small offices—until something goes wrong. Then it becomes all too apparent that, while wireless networks are growing, troubleshooting resources for wireless LANs are not.

When a wireless network fails, there are a few key areas to look to first. Let's look at some of the more common hardware problems that can cause a wireless network to fail. I’ll also cover the configuration issues that can plague a wireless LAN. With this information, you can troubleshoot your wireless network with confidence. (This article assumes that you’re troubleshooting an infrastructure network, and not an ad hoc network.)

Hardware troubleshooting
When you have only one access point and only one wireless client that are having connection issues, then you’ve already determined the scope of the problem: Your one client is having trouble attaching to the network. But if you have a larger network, determining the scope of the problem becomes a little more involved.

If lots of users are having trouble connecting but there are still some users who are able to work, the problem is most likely that your network has multiple access points and that one of the access points is malfunctioning. Often, you can take an educated guess as to which access point is malfunctioning by looking at the physical locations of the users who are having the problem, and then figure out which access point serves that portion of the building.

If no one can connect to the wireless network, there are several things that could be going on. If your network uses a single wireless access point, it's possible that the access point could be malfunctioning or could contain a configuration error. The problem could also be related to radio interference or a break in the physical link between the wireless access point and the wired network.

Check connectivity to the access point
First, you should perform a communications test to see if the access point is responding. Open a Command Prompt window on a PC on your wired network and ping your wireless access point’s IP address. The wireless access point should respond to the ping. If it doesn’t, there’s either a break in the communications link or the access point is completely malfunctioning.

To figure out which is the case, try pinging the access point’s IP address from a wireless client. If the wireless client is able to ping the access point successfully, the problem is almost certainly a broken communications link, such as a damaged cable.

If the wireless client is unable to ping the access point, the access point could be malfunctioning. Try unplugging the access point to reset it and then plug it in again. Wait for about five minutes and then try pinging the access point from both the wireless and the wired clients again.

If both pings still fail, it is likely that the access point is damaged or has an invalid configuration. At this point, I recommend focusing your efforts on getting the access point to communicate with the wired network. Plug the access point in to a known-good network jack using a known-working patch cable. You should also verify the access point’s TCP/IP configuration. After doing so, try pinging the device from a wired client again. If the ping still fails, the unit has probably been damaged and should be replaced.

Configuration issues
I’ve found that wireless networking equipment is fairly reliable, and the vast majority of problems are related to the network’s configuration rather than a hardware malfunction. With this in mind, let's look at several common hardware configuration problems that lead to a disruption of wireless services.

Test the signal strength
If you can ping the wireless access point from a wired client but not from a wireless client, the access point is probably just experiencing a temporary problem. If the access point continues to have problems, I recommend checking the signal strength. Unfortunately, there’s no standard method for doing this. Most wireless NIC manufacturers, however, include some mechanism with the NIC for measuring signal strength.

Try changing channels
If you determine that you’re getting a weak signal but nothing has physically changed in your office, attempt to change channels on the access point and on one wireless client to see if a different channel improves the signal strength. I run a wireless network in my home office, and I’ve found that one of my cordless phones interferes with my wireless network when the phone is in use. 802.11b wireless networks function on the 2.4-GHz frequency, just like many higher-end cordless phones. Changing channels on all of your wireless clients can be a big undertaking, so I recommend testing the new channel with one client first. Remember that your problem could go away as soon as someone hangs up a phone or turns off a microwave oven.

Verify the SSID
A while back, I took my laptop to a friend’s house to work. Because my friend had a wireless network in place, I decided to connect to his network for the duration of my visit. Upon returning home, I didn’t use my laptop for a couple of weeks. The next time that I went to use my laptop, it wouldn’t connect to my network. The problem was that I had forgotten to reset the Service Set Identifier (SSID) back to my own network identifier. Remember, if the SSID doesn’t specify the correct network, you won’t be able to ping the access point. Instead, your laptop will ignore the access point’s existence and search for an access point with the specified SSID.

Verify the WEP key
Next, check out the wired equivalent privacy (WEP) encryption configuration. If WEP is configured incorrectly, you will not be able to ping the access point from a wireless client. Different brands of NICs and access points require you to specify the WEP encryption key differently. For example, one brand requires you to enter the encryption key in hex format, while another brand requires the key to be entered in decimal format. Likewise, some brands support 40-bit and 64-bit encryption, while other brands support only 128-bit encryption.

For WEP to function, all settings must match exactly between the client and the access point. I have run into several situations in which clients that seemed to be configured perfectly simply could not communicate with an access point that was using WEP. During these situations, I usually had to reset the access point to the factory defaults and reenter the WEP configuration information. Only then did WEP begin to function.

Tricky WEP configuration issues
By far the most common configuration-related problems involve the use of the WEP protocol, so WEP deserves some more discussion. Troubleshooting a WEP problem can be especially tricky, because a WEP mismatch has symptoms that are similar to a more serious failure. For example, if WEP is configured incorrectly, a wireless client won’t be able to get an IP address from a DHCP server (even if the access point has a built-in DHCP server). If the wireless client is configured to use static IP addresses, the wireless client won’t even be able to ping the access point’s IP address, thus giving the illusion that no connection exists.

The trick to figuring out whether a problem is related to a WEP configuration error rather than a hardware malfunction is to be aware of the diagnostic capabilities built in to the NIC driver and the operating system. For example, one of my laptops is running Windows XP and has a Linksys wireless NIC.

Notice in Figure A that if I move my mouse pointer over the top of the wireless icon in the taskbar, I see a summary of my connection information. In the Figure, the connection strength is Excellent. As long as the channel and SSID are configured correctly, you can connect to the access point, even with a WEP configuration error. Had there been a physical connection problem, the connection strength would be None, not Excellent. Linksys cards will show you the connection strength whether WEP is configured correctly or not. So you can validate that a connection exists, even if you can’t ping the access point.

Figure A
The signal strength is a big clue as to the nature of your problem.


If you right-click on the wireless networking icon in the taskbar and select the View Available Wireless Networks command from the resulting menu, you’ll see the Connect To Wireless Network dialog box. This dialog box displays the SSID of any wireless network on your present channel to which you are not currently connected. If the name of your wireless network shows up on this list, but you can’t seem to connect, rest assured that your connection is good and that you have a configuration problem.

Note
An interesting side note is that the Connect To Wireless Network dialog box also includes a field where you can enter a WEP key when you try to connect to a wireless network. There have been times when I absolutely could not connect to a particular wireless network unless I went through this dialog box and manually entered the WEP key. After doing so, the network became available to me.

DHCP configuration issues
Another tricky problem that can prevent you from successfully interacting with a wireless network is a DHCP configuration error. The DHCP server that you connect to can play a major role in whether you are able to use a wireless network.

Many of the newer access points have an integrated DHCP server. Typically, these access points assign the 192.168.0.x address range to clients. Often, DHCP access points will not accept connections from clients to which they have not issued an IP address. This means that clients with static IP addresses or clients that might have somehow acquired an IP address from another DHCP server could be unable to connect to the access point.

The first time I installed an integrated DHCP server access point onto my network, I decided to allow the access point to assign IP addresses to my wireless clients. However, my network uses the 147.100.X.Y address range. This meant that although wireless clients were able to communicate with the access point and were able to acquire an IP address, they were unable to interact with the rest of my network because of the IP address range mismatch.

There are two solutions to this problem:
  • Disable the access point’s DHCP services and allow the wireless client to lease an IP address from a normal DHCP server.
  • Override the IP address range by configuring the DHCP address scope with your own block of IP addresses.

Either solution will work, but you’ll have to work within the limitations imposed by your access point’s firmware. Many access points will allow you to use only one solution or the other, not both.

Multiple access point problems
Suppose for a moment that two access points are in use, both with the default settings. If this is the case, both access points are assigning clients' IP addresses in the 192.168.0.X address range. The problem is that the two access points are completely unaware of which IP addresses the other access point has leased. So it’s only a matter of time before there are duplicate addresses on your network.

The solution to this problem is to define a unique scope of addresses for each access point. By doing so, you’ll prevent IP address overlaps.

Watch out for client lists
Some access points contain an allowed client list, which can be the root of wireless configuration problems. The allowed client list is a list of MAC addresses of permitted wireless clients. This is a security feature that’s designed to prevent unauthorized users from connecting to your network. Normally, the allowed address feature is disabled by default. However, if a user has accidentally clicked the Enable button, the allowed address list will be enabled but won’t contain any MAC addresses. This means that no wireless clients will be able to connect to the access point, regardless of any other configuration settings.

I’ve also seen the allowed address list become a problem when multiple access points are in use. Many administrators incorrectly assume that just because they enter the allowed addresses into the list, the addresses are then globally permitted to access the network. However, in most cases, this simply grants the users permission to access the network through the designated access point. If you want users to be able to go through other access points, you’ll usually have to configure those access points separately.
0 comments