Iuwne10 S06 L03

© 2008 Cisco Systems, Inc. All rights reserved. IUWNE v1.0—6-1

WLAN Maintenance and Troubleshooting

Troubleshooting


Visual Elements

Physical connection

– Status LED on AP: steady or blinking

– Status LED on client card

Radio status: on or off

AP port status on switch

AP seen on controller

Client seen on controller


Common Controller Issues

Did a reboot occur prior to the configuration being saved on the controller?

Is the time on the controller correct? If so, are there valid times and dates on the client/server certificates?

Is the WLAN admin status enabled? If so, is the WLAN associated with the correct VLAN?

Is the virtual gateway IP address set, and the same on all controllers in the mobility group? If so, is it a unused and unreachable IP address?

Is the DHCP relay address set? If so, can the controller ping the DHCP server?

If so, is there a configured address pool for the associate VLAN?

Can the controller ping the RADIUS server? If so, is the RADIUS server IP address set correctly?

If so, Is the RADIUS server secret set correctly?


Common Client Issues

Do the 2.4-GHz or 5-GHz status lights show activity on the AP?

Is the SSID correct on the client and AP?

Is the client MAC part of an exclusion list, a MAC filter or disabled client list?

Are you trying to use shared-key authentication? If so, is the key length correct?

If so, is the key the same on the client and AP?

Since 802.1x is the default security policy, is that the correct configuration?

Does the client have an IP Address? If so, is the address static or DHCP?

Are there any ACLs applied that might affect this client?

Does the client have a firewall enabled ?


Hidden Node Issue


Exposed Node Issue


Near-Far Issue


Backward Compatibility Issues

Presence of 802.11b devices affects performance of 802.11g networks

Presence of non-802.11n devices affects performance of 802.11n networks


CLI Command: debug

(Cisco Controller) >debug ? aaa Configures the AAA debug options.airewave-director Configures the Airewave Director debug options ap Configures debug of Cisco AP. arp Configures debug of ARP.bcast Configures debug of broadcast.cac Configures the call admission control (CAC) debug options.cckm Configures the CCKM debug options.ccxdiag Configures the CCX Diagnostic debug options.ccxrm Configures the CCX_RM debug options.cdp Configures debug of cdp.client Enables debugs for common client problems.dhcp Configures the DHCP debug options.disable-all Disables all debug messages.dot1x Configures the 802.1X debug options.dot11 Configures the 802.11 events debug options.emweb Configures the WEB debug options.ft Configures the 802.11r debug options.hreap Configures debug of HREAP.iapp Configures the IAPP debug options.locp Configures the LOCP debug options.lwapp Configures the LWAPP debug options …/…


Per-Client Debug Option

Allows debug messages to be limited to a per-client basis using the client’s MAC address as the filter

Setup procedure is a two-step process:

– Issue the debug mac addr client-mac-address command.

– Then issue debug commands normally.

Applicable commands will produce output pertaining to only the client MAC address.

Debug disable can be used two ways:

– Issue the debug disable-all command.

Clears all debug commands

– CLI timeout

Clears all debug commands


CLI Command: show

(Cisco Controller) >show client summary

Number of Clients................................ 2

MAC Address AP Name Status WLAN/Guest-Lan Auth Protocol Port Wired----------------- ----------------- ------------- -------------- ---- -------- ---- -----

00:1d:e0:46:f3:37 1252-1 Associated 3 Yes 802.11n 1 No00:40:96:b5:fe:77 1252-1 Associated 3 Yes 802.11a 1 No


Layer 2 and Layer 3 Troubleshooting

Client sends probes on all channels, looking for an available AP, and may include the SSID in the probe

An AP may respond to a client on a channel different from the one probed

Only WEP authentication will send the challenge/response; open authentication will skip these steps


CLI debug Commands:debug dot11 ? and debug dhcp ?

(Cisco Controller) >debug dot11 ? all Configures debug of all 802.11 messages.load-balancing Configures debug of 802.11 load balancing events.locp Configures debug of LOCP interface events.management Configures debug of 802.11 MAC management messages.mobile Configures debug of 802.11 mobile events.rfid Configures debug of 802.11 RFID tag module.rldp Configures debug of 802.11 Rogue Location Discovery.rogue Configures debug of 802.11 rogue events.state Configures debug of 802.11 mobile state transitions. (Cisco Controller) >debug dhcp ? message Configures debug of DHCP error messages.packet Configures debug of mobile DHCP packets.


CLI Command: show client detail

(Cisco Controller) >show client detail 00:40:96:b5:fe:77Client MAC Address............................... 00:40:96:b5:fe:77Client Username ................................. N/AAP MAC Address................................... 00:17:df:a1:82:b0Client State..................................... Associated Wireless LAN Id.................................. 3 BSSID............................................ 00:17:df:a1:82:bd Channel.......................................... 36 IP Address....................................... 10.10.1.26Association Id................................... 3 Authentication Algorithm......................... Open SystemReason Code...................................... 0 Status Code...................................... 0 Session Timeout.................................. 1800Client CCX version............................... 4 …/…Radio Signal Strength Indicator............ -57 dBmSignal to Noise Ratio...................... 43 dB…/…antenna0: 17 seconds ago -66 dBm................. antenna1: 17 seconds ago -60 dBm


Monitor Clients > Details > Select Client


Monitor Clients > Details > Select Client (Cont.)


CLI debug Commands:debug aaa ? and debug dot1x ?

(Cisco Controller) >debug dot1x ? aaa Configures debug of 802.1X AAA interactions.all Configures debug of all 802.1X messages.events Configures debug of 802.1X events.packet Configures debug of 802.1X packets.states Configures debug of 802.1x state transitions. (Cisco Controller) >debug aaa ? all Configures debug of all AAA messages.detail Configures debug of AAA detailed events.events Configures debug of AAA events.packet Configures debug of AAA packets.ldap Configures debug of AAA LDAP events.local-auth Configures debug of AAA Local Authentication.tacacs Configures debug of AAA TACACS+ events.


Management > Logs > Config


Management > Logs > Message Logs

Message logs are “first-in, first-out” logs, with a maximum of 256 entries. A syslog server is required if more than 256 entries are required.


Management > SNMP > General

Default SNMP v3 username of “default” is used by Cisco WCS for controller monitoring and can be reconfigured only in Cisco WCS under Management > Properties.


Management > SNMP >Communities and Trap Receiver

It is recommended that the default SNMP community of private be modified at the time of installation.


Management > SNMP > Trap Logs

Trap logs are “first-in, first-out” logs, with a maximum of 256 entries. A syslog server is required if more than 256 entries are required.


Management > SNMP > Trap Controls

Only those SNMP traps that are checked will be sent to Cisco WCS or trap receivers.


Management > Tech Support > Controller Crash


Management > Tech Support > AP Crash Log > Get Log


Cisco WCS Client Troubleshooting Tool


Monitor Client > Troubleshoot


Monitor Clients > Troubleshoot > Log Analysis


Third-Party Tools: Sniffers


Cisco Spectrum Expert


Summary

LEDs and connections can be checked to understand Layer 1 issues.

A few points that are common sources of connection issues can be checked on the controller and clients.

The controller has an extensive set of debug commands and displays to help the administrator understand a wireless issue.

A common way to test wireless connections is to test Layer 2, then Layer 3 connectivity.

Logs and system messages can also be used and optimized to match the local network requirements.

Cisco WCS has an integrated client troubleshooting tool. Some third-party applications can be used to run packet analysis

or RF analysis. Cisco Spectrum Expert can be used to detect non-802.11 sources

of interference.


Technology

Iuwne10 S06 L03