Security

Zero in on wireless network problems

Wireless networks can fail for various reasons. When you start troubleshooting the problem, you'll need to investigate hardware malfunctions and configuration issues.

Tech Toolshed's new Visio flowchart, Workstation Connectivity Troubleshooter, offers a comprehensive approach to tracking down network problems. The chart steps through wired and wireless connectivity, network configuration, and security and application troubleshooting topics.

When a wireless network fails, you should look at a few key areas first. Several common hardware problems can cause failure, as well as certain configuration issues. Here are some pointers on troubleshooting your wireless network. (This article assumes that you're troubleshooting an infrastructure network, and not an ad hoc network.)

Hardware troubleshooting

When only one access point and one wireless client are having connection issues, you know that the client is having trouble attaching to the network. But if you have a larger network, figuring out the scope of the problem is more involved.

If some users are having trouble connecting but others can still work, one of your multiple access points is probably malfunctioning. Often, you can guess which one it is by looking at the physical locations of the users who are having the problem.

When no one can connect to the wireless network, several things could be going on. If your network uses a single wireless access point, it could be malfunctioning or contain a configuration error. The problem could also be related to radio interference or a break in the physical link between the wireless access point and the wired network.

Check connectivity to the access point

To identify what's causing the problem, you should perform a communications test to see whether the access point is responding. Open a Command Prompt window on a PC that's on your wired network and ping your wireless access point’s IP address. The wireless access point should respond to the ping. If it doesn’t, there’s either a break in the communications link or the access point is completely malfunctioning. To figure out which is the case, try pinging the access point’s IP address from a wireless client. If the wireless client pings the access point successfully, the problem is almost certainly a broken communications link, such as a damaged cable.

If the wireless client can't ping the access point, the access point could be malfunctioning. Try unplugging the access point to reset it and then plug it in again. Wait about five minutes and then try pinging the access point from both the wireless and the wired clients again.

If both pings still fail, the access point is probably damaged or has an invalid configuration. Focus your efforts on getting the access point to communicate with the wired network. Plug the access point in to a known-good network jack using a known-working patch cable. You should also verify the access point’s TCP/IP configuration. Then, try pinging the device from a wired client again. If the ping still fails, the unit has probably been damaged and should be replaced.

Configuration issues

Wireless networking equipment is fairly reliable, and the vast majority of problems are related to the network’s configuration rather than a hardware malfunction. With this in mind, let's look at several configuration problems that lead to a disruption of wireless services.

Test the signal strength

If you can ping the wireless access point from a wired client but not from a wireless client, the access point is probably just experiencing a temporary problem. If the access point continues to have problems, check the signal strength. Although there’s no standard method for doing this, most wireless NIC manufacturers include some mechanism with the NIC for measuring signal strength.

Try changing channels

If you determine that you’re getting a weak signal but nothing has physically changed in your office, attempt to change channels on the access point and on one wireless client to see if a different channel improves the signal strength. Changing channels on all of your wireless clients can be a big undertaking, so you should test the new channel with one client first. Remember that your problem could go away as soon as someone hangs up a phone or turns off a microwave oven.

Verify the SSID

A while back, I took my laptop to a friend's house to work. Because my friend had a wireless network in place, I decided to connect to his network for the duration of my visit. Upon returning home, I didn’t use my laptop for a couple of weeks. The next time that I went to use my laptop, it wouldn’t connect to my network. The problem was that I had forgotten to reset the Service Set Identifier (SSID) back to my own network identifier. Remember, if the Service Set Identifier (SSID) doesn’t specify the correct network, you won’t be able to ping the access point. Instead, your laptop will ignore the access point’s existence and search for an access point with the specified SSID.

Verify the WEP key

Check out the wired equivalent privacy (WEP) encryption configuration. If WEP is configured incorrectly, you won't able to ping the access point from a wireless client. Different brands of NICs and access points require you to specify the WEP encryption key differently. For example, one brand requires you to enter it in hex format, while another requires the key to be entered in decimal format. Likewise, some brands support 40-bit and 64-bit encryption, while others support only 128-bit encryption.

For WEP to function, all the client and access point settings must match exactly. I have run into several situations in which clients that seemed to be configured perfectly could not communicate with an access point that was using WEP. During these situations, I usually had to reset the access point to the factory defaults and reenter the WEP configuration information to get the WEP to function.

Tricky WEP configuration issues

By far the most common configuration-related problems involve the use of the WEP protocol. Troubleshooting a WEP problem can be especially tricky, because a WEP mismatch has symptoms that are similar to a more serious failure. For example, if WEP is configured incorrectly, a wireless client won’t be able to get an IP address from a DHCP server (even if the access point has a built-in DHCP server). If the wireless client is configured to use static IP addresses, the wireless client won’t even be able to ping the access point’s IP address, thus giving the illusion that no connection exists.

The trick to figuring out whether a problem is related to a WEP configuration error rather than a hardware malfunction is to be aware of the diagnostic capabilities built in to the NIC driver and the operating system. For example, one of my laptops is running Windows XP and has a Linksys wireless NIC. Figure A shows the summary of connection information that appears when I move the mouse over the wireless icon in the taskbar. In this case, the connection strength is Excellent. As long as the channel and SSID are configured correctly, you can connect to the access point, even with a WEP configuration error. Had there been a physical connection problem, the connection strength would be None, not Excellent. Linksys cards will show you the connection strength whether WEP is configured correctly or not. So you can validate that a connection exists, even if you can’t ping the access point.

Figure A

The signal strength is a big clue as to the nature of your problem.

If you right-click on the wireless networking icon in the taskbar and select the View Available Wireless Networks command from the resulting menu, you’ll see the Wireless Network Connection dialog box. This dialog box displays the SSID of any wireless network on your present channel to which you are not currently connected. If the name of your wireless network shows up on this list, but you can’t seem to connect, rest assured that your connection is good and that you have a configuration problem.


Note

An interesting side note is that the Wireless Network Connection dialog box also includes a field where you can enter a WEP key when you try to connect to a wireless network. There have been times when I absolutely could not connect to a particular wireless network unless I went through this dialog box and manually entered the WEP key. After doing so, the network became available to me.


DHCP configuration issues

Another tricky problem that can prevent you from successfully interacting with a wireless network is a DHCP configuration error. The DHCP server that you connect to can play a major role in whether you are able to use a wireless network.

Many of the newer access points have an integrated DHCP server. Typically, these access points assign the 192.168.0.x address range to clients. Often, DHCP access points will not accept connections from clients to which they have not issued an IP address. This means that clients with static IP addresses or clients that might have somehow acquired an IP address from another DHCP server could be unable to connect to the access point.

The first time I installed an integrated DHCP server access point onto my network, I decided to allow the access point to assign IP addresses to my wireless clients. However, my network uses the 147.100.X.Y address range. This meant that although wireless clients were able to communicate with the access point and were able to acquire an IP address, they were unable to interact with the rest of my network because of the IP address range mismatch.

There are two solutions to this problem:

  • Disable the access point's DHCP services and allow the wireless client to lease an IP address from a normal DHCP server.
  • Override the IP address range by configuring the DHCP address scope with your own block of IP addresses.

Either solution will work, but you’ll have to work within the limitations imposed by your access point’s firmware. Many access points will allow you to use only one solution or the other, not both.

Multiple access point problems

Suppose for a moment that two access points are in use, both with the default settings. If this is the case, both access points are assigning clients' IP addresses in the 192.168.0.X address range. The problem is that the two access points are completely unaware of which IP addresses the other access point has leased. So it’s only a matter of time before there are duplicate addresses on your network. The solution to this problem is to define a unique scope of addresses for each access point. By doing so, you’ll prevent IP address overlaps.

Watch out for client lists

Some access points contain an allowed client list, which can be the root of wireless configuration problems. The allowed client list is a list of MAC addresses of permitted wireless clients. This is a security feature that’s designed to prevent unauthorized users from connecting to your network. Normally, the allowed address feature is disabled by default. However, if a user has accidentally clicked the Enable button, the allowed address list will be enabled but won’t contain any MAC addresses. This means that no wireless clients will be able to connect to the access point, regardless of any other configuration settings.

I’ve also seen the allowed address list become a problem when multiple access points are in use. Many administrators incorrectly assume that just because they enter the allowed addresses into the list, the addresses are then globally permitted to access the network. However, in most cases, this simply grants the users permission to access the network through the designated access point. If you want users to be able to go through other access points, you’ll usually have to configure those access points separately.

0 comments