RAATS WIFI




Wi-Fi is a Passion

blogs

Common Wired issues



If there is a Wi-Fi issue, this doesn’t mean it is a wireless cause. There are still some wired services that can have affect on the wireless network. In this blog, I want to write down how to troubleshoot the wired network for wireless purposes. We can use protocol analyzers like we use for wireless to look for problems in QoS, DNS or DHCP. Another way to troubleshoot is the operating system commands like ping, ipconfig, traceroute, nslookup, and netsh, or some hardware tools like cable testers.

DNS
There are three DNS host names that are used, where problems can occur:
- WLAN controller
- Authentication server (RADIUS for example)
- Identity Server (LDAP for example)

A way that an access point can find the controller is by DNS. If there is a spelling mistake in the DNS the access point cannot reach the controller, or what happens if the DNS server is down.

To troubleshoot DNS issues, you can check the host/a-records on the DNS server. Using ping and see if the DNS name is resolving. When you don’t have direct access to the DNS server you can use the commend nslookup and send queries to the DNS server. When you query the DNS server and the response code is 3, this means that the host record doesn’t exist. Keep in mind that the DHCP server provides the DNS server.

DHCP
The DHCP is responsible for the IP address, the subnet mask and the DNS server. If the default gateway is wrong the access point cannot reach the controller or the DNS server when it is not on the same network. As said DNS is an option to find the controller. If the DHCP is not giving the right DNS server, the access points don’t know how to reach the access point. DHCP option 43 is also a way, beside DNS, to tell the access points where the controller is. Last but not least it is also possible that the DHCP pool is full and cannot accept more clients and assign IP addresses.

The client sends a DHCPDISCOVER to the DHCP server. The DHCP server replies with a DHCPOFFER. The client responds with a DHCPREQUEST and the last step is a DHCPACK from the server. You can use this when you use wireshark on the wired network.

When the client has no IP address assigned, first check the location of the DHCP server. Is the DHCP server reachable on the local network for the client? If this is not, check the DHCP relay configuration. When you can reach the DHCP server from the client, check if the DHCP pool is not depletion, you can change the lease duration or create more pools. And last check the configuration is option 43 and is configured properly. On a client, you can also use the operating system commands for example IPCONFIG /RELEASE or /RENEW or the utility tool DHCPTEST.

Switches
For lightweight access points the switch port needs to be configured as an access point and for autonomous access points the switch port needs to be a trunk port. It is also possible that the VLAN’s are not configured properly on the trunk port for an autonomous access point, so there are multiple misconfigurations possible on the switch level as well. Check also if the switch ports are configured with the QoS parameters. Cisco uses the command “mls qos trust dscp” for access mode ports and “mls qos trust cos” for trunk mode ports. Check the access list on the switches as well.

For the access list, you need to check if the following ports are not blocked:
RADIUS authentication: 1812
RADIUS Accounting: 1813
Older versions or RADIUS used 1645 (authentication) and 1646 (accounting)
NTP: 123
CAPWAP control: 5246
CAPWAP data: 5247
LWAPP control: 12222
LWAP data: 12223
DNS: 53
DHCP: 546 and 547
All ports are UDP.

Another issue can be Power over Ethernet. When there are multiple access points connected to one switch, it is possible that the switch provides not enough power to power on the access point. Think about the power budget, 802.3af (12.95W for PD and 15.4W for PSE) and 802.3at (25.5W for PD and 30W for PSE).

Wireless LAN Controller
An access point can connect to the WLC in four different ways. One needs to be configured. Two options are already mentioned in this blog, DNS and DHCP. One other possibility is through a broadcast. This is only possible when the access points and the WLC are on the same broadcast domain. The last way is to configure it hard coded in the access point (cached or pre-configuration).

When you use different vendors in one network, you need to configure DHCP option 60.

QoS
QoS was based on IP Precedence and later it evolved into DSCP. IP Precedence used only 3 bits, where DSCP used 6 bits. There is a mapping for the decimal number to the IP Precedence and DSCP name. Some common values are:

DSCP

It is still possible that other vendors use a different list than this one. Some implementations are just CS0 to CS7 and this is closer to the layer 2 QoS Class of Services (COS) mapping 802.1p. This method is backward compatible with the IP Precedence TOS field.

COS

The CoS value is configured to a switch port and applied to an Ethernet frame, or it is interpreted form the Layer 3 value (DSCP). So, it all starts with the application. The application needs to tag their IP packets correctly.

Another very important thing is that QoS needs to be end-to-end. Every single device that the package goes through needs to be QoS compatible. When a Voice package is sent by a device and half way the switch or router doesn’t support QoS, the Voice tag will be removed and the package will be seen as best effort.

Layer 1
So, the above examples are all related to layer 3 and layer 2, but don’t forget to check layer 1 as well. Cables can be broken, or you can be using the wrong category of a cable. When you need at least 1 Gbps, you need at least a CAT5e cable. If this needs to be tested, you need to check the led on the switch or using a cable tester.

Layer 3
The last thing I want to discuss is Layer 3. Wireless acts only on Layer 1 and 2, but you need Layer 3 to access the internet. People most of the time thinks it is a wireless issue, when there is a limited internet connection is limited, but that is not always true. When Windows tells the connection is limited, you are correctly connected to the wireless network. Is the internet gateway configured on the client or throughout the network? Are there fixed IP addresses configured on the client, so the client doesn’t receive the IP address from the DHCP server? Is the DNS server correctly configured on the client?