Tech Toolshed’s new
Visio flowchart, Workstation
Connectivity Troubleshooter
, offers a comprehensive approach to tracking
down network problems. The chart steps through wired and wireless connectivity,
network configuration, and security and application troubleshooting topics.

When a wireless network fails, you should look at a few key
areas first. Several common hardware problems can cause failure, as well as
certain configuration issues. Here are some pointers on troubleshooting your
wireless network. (This article assumes that you’re troubleshooting an
infrastructure network, and not an ad hoc network.)

Hardware troubleshooting

When only one access point and one wireless client are
having connection issues, you know that the client is having trouble attaching
to the network. But if you have a larger network, figuring out the scope of the
problem is more involved.

If some users are having trouble connecting but others can
still work, one of your multiple access points is probably malfunctioning.
Often, you can guess which one it is by looking at the physical locations of
the users who are having the problem.

When no one can connect to the wireless network, several
things could be going on. If your network uses a single wireless access point,
it could be malfunctioning or contain a configuration error. The problem could
also be related to radio interference or a break in the physical link between
the wireless access point and the wired network.

Check connectivity to the access point

To identify what’s causing the problem, you should perform a
communications test to see whether the access point is responding. Open a
Command Prompt window on a PC that’s on your wired network and ping your
wireless access point’s IP address. The wireless access point should respond to
the ping. If it doesn’t, there’s either a break in the communications link or
the access point is completely malfunctioning. To figure out which is the case,
try pinging the access point’s IP address from a wireless client. If the
wireless client pings the access point successfully, the problem is almost
certainly a broken communications link, such as a damaged cable.

If the wireless client can’t ping the access point, the
access point could be malfunctioning. Try unplugging the access point to reset
it and then plug it in again. Wait about five minutes and then try pinging the
access point from both the wireless and the wired clients again.

If both pings still fail, the access point is probably damaged
or has an invalid configuration. Focus your efforts on getting the access point
to communicate with the wired network. Plug the access point in to a known-good
network jack using a known-working patch cable. You should also verify the
access point’s TCP/IP configuration. Then, try pinging the device from a wired
client again. If the ping still fails, the unit has probably been damaged and
should be replaced.

Configuration issues

Wireless networking equipment is fairly reliable, and the
vast majority of problems are related to the network’s configuration rather
than a hardware malfunction. With this in mind, let’s look at several configuration
problems that lead to a disruption of wireless services.

Test the signal strength

If you can ping the wireless access point from a wired
client but not from a wireless client, the access point is probably just
experiencing a temporary problem. If the access point continues to have
problems, check the signal strength. Although there’s no standard method for
doing this, most wireless NIC manufacturers include some mechanism with the NIC
for measuring signal strength.

Try changing channels

If you determine that you’re getting a weak signal but nothing
has physically changed in your office, attempt to change channels on the access
point and on one wireless client to see if a different channel improves the
signal strength. Changing channels on all of your wireless clients can be a big
undertaking, so you should test the new channel with one client first. Remember
that your problem could go away as soon as someone hangs up a phone or turns
off a microwave oven.

Verify the SSID

A while back, I took my laptop to a friend’s house to work.
Because my friend had a wireless network in place, I decided to connect to his
network for the duration of my visit. Upon returning home, I didn’t use my
laptop for a couple of weeks. The next time that I went to use my laptop, it
wouldn’t connect to my network. The problem was that I had forgotten to reset
the Service Set Identifier (SSID) back to my own network identifier. Remember, if
the Service Set Identifier (SSID) doesn’t specify the correct network, you
won’t be able to ping the access point. Instead, your laptop will ignore the
access point’s existence and search for an access point with the specified
SSID.

Verify the WEP key

Check out the wired equivalent privacy (WEP) encryption
configuration. If WEP is configured incorrectly, you won’t able to ping the
access point from a wireless client. Different brands of NICs and access points
require you to specify the WEP encryption key differently. For example, one
brand requires you to enter it in hex format, while another requires the key to
be entered in decimal format. Likewise, some brands support 40-bit and 64-bit
encryption, while others support only 128-bit encryption.

For WEP to function, all the client and access point settings
must match exactly. I have run into several situations in which clients that
seemed to be configured perfectly could not communicate with an access point
that was using WEP. During these situations, I usually had to reset the access
point to the factory defaults and reenter the WEP configuration information to
get the WEP to function.

Tricky WEP configuration issues

By far the most common configuration-related problems
involve the use of the WEP protocol. Troubleshooting a WEP problem can be
especially tricky, because a WEP mismatch has symptoms that are similar to a
more serious failure. For example, if WEP is configured incorrectly, a wireless
client won’t be able to get an IP address from a DHCP server (even if the
access point has a built-in DHCP server). If the wireless client is configured
to use static IP addresses, the wireless client won’t even be able to ping the
access point’s IP address, thus giving the illusion that no connection exists.

The trick to figuring out whether a problem is related to a
WEP configuration error rather than a hardware malfunction is to be aware of
the diagnostic capabilities built in to the NIC driver and the operating
system. For example, one of my laptops is running Windows XP and has a Linksys
wireless NIC. Figure A shows the
summary of connection information that appears when I move the mouse over the
wireless icon in the taskbar. In this case, the connection strength is
Excellent. As long as the channel and SSID are configured correctly, you can
connect to the access point, even with a WEP configuration error. Had there
been a physical connection problem, the connection strength would be None, not
Excellent. Linksys cards will show you the connection strength whether WEP is
configured correctly or not. So you can validate that a connection exists, even
if you can’t ping the access point.

Figure A

The signal strength is a big clue as to the nature of your problem.

If you right-click on the wireless networking icon in the
taskbar and select the View Available Wireless Networks command from the
resulting menu, you’ll see the Wireless Network Connection dialog box. This
dialog box displays the SSID of any wireless network on your present channel to
which you are not currently connected. If the name of your wireless network
shows up on this list, but you can’t seem to connect, rest assured that your
connection is good and that you have a configuration problem.


Note

An interesting side note is that the Wireless Network
Connection dialog box also includes a field where you can enter a WEP key when
you try to connect to a wireless network. There have been times when I
absolutely could not connect to a particular wireless network unless I went
through this dialog box and manually entered the WEP key. After doing so, the
network became available to me.


DHCP configuration issues

Another tricky problem that can prevent you from
successfully interacting with a wireless network is a DHCP configuration error.
The DHCP server that you connect to can play a major role in whether you are
able to use a wireless network.

Many of the newer access points have an integrated DHCP
server. Typically, these access points assign the 192.168.0.x address range to
clients. Often, DHCP access points will not accept connections from clients to
which they have not issued an IP address. This means that clients with static
IP addresses or clients that might have somehow acquired an IP address from
another DHCP server could be unable to connect to the access point.

The first time I installed an integrated DHCP server access
point onto my network, I decided to allow the access point to assign IP
addresses to my wireless clients. However, my network uses the 147.100.X.Y
address range. This meant that although wireless clients were able to
communicate with the access point and were able to acquire an IP address, they
were unable to interact with the rest of my network because of the IP address
range mismatch.

There are two solutions to this problem:

  • Disable
    the access point’s DHCP services and allow the wireless client to lease an
    IP address from a normal DHCP server.
  • Override
    the IP address range by configuring the DHCP address scope with your own
    block of IP addresses.

Either solution will work, but you’ll have to work within
the limitations imposed by your access point’s firmware. Many access points
will allow you to use only one solution or the other, not both.

Multiple access point problems

Suppose for a moment that two access points are in use, both
with the default settings. If this is the case, both access points are
assigning clients’ IP addresses in the 192.168.0.X address range. The problem
is that the two access points are completely unaware of which IP addresses the
other access point has leased. So it’s only a matter of time before there are
duplicate addresses on your network. The solution to this problem is to define
a unique scope of addresses for each access point. By doing so, you’ll prevent
IP address overlaps.

Watch out for client lists

Some access points contain an allowed client list, which can
be the root of wireless configuration problems. The allowed client list is a
list of MAC addresses of permitted wireless clients. This is a security feature
that’s designed to prevent unauthorized users from connecting to your network.
Normally, the allowed address feature is disabled by default. However, if a
user has accidentally clicked the Enable button, the allowed address list will
be enabled but won’t contain any MAC addresses. This means that no wireless
clients will be able to connect to the access point, regardless of any other
configuration settings.

I’ve also seen the allowed address list become a problem
when multiple access points are in use. Many administrators incorrectly assume
that just because they enter the allowed addresses into the list, the addresses
are then globally permitted to access the network. However, in most cases, this
simply grants the users permission to access the network through the designated
access point. If you want users to be able to go through other access points,
you’ll usually have to configure those access points separately.