Network admins often get a Sev 4 case that a particular wireless client is not able to access the internet. The easiest way to tackle this issue is to take the Bottom to top troubleshooting approach (Client to firewall troubleshooting).
- This approach primarily tries to find the root cause of the issue from the client side and upwards to the firewall/router because the issue is focussed to the client. The likelihood of the issue being near the client side than core network is very high.
- Verify if the AP is powered up and client is able to see the WLANs being broadcasted.
- If the end user reports AP is down and WLANs are not broadcasted the issue is local to the AP and addressing the PoE on the switch port can fix the issue.
- Once the AP is powered up, is the AP joined to the WLC?
- If the AP is not joined to the WLC, verify the AP is pointed to the correct WLC and the VLAN configuration on the AP switch port is correct. It is very unlikely that the is issue is going to be with switch upstream port or an issue on the WLC configuration as the remaining APs on the same switch/remaining network are functioning as expected.
- Once the AP has joined the WLC and WLANs are not broadcasting ensure that the policy/site and rf tags assigned to the AP are correct.
- Once the WLANs are broadcasting, verify if the client device is trying to associate the correct WLAN and authenticating successfully.
- The AP could be broadcasting multiple WLANs and the client might be associating to the WLAN where it is unauthorized.
- If the client is trying to associate the correct WLAN and failing authentications verify if the credentials used are correct.
- Once the client is authenticated and associated successfully, it is important to check if it is getting an IP address, DNS from DHCP server.
- If not verify the AP switchport configuration. In a rare scenario will this be a case that DHCP server is out of leases but worth a check.
- Once the client has IP address but is not able to access resources on the network verify if the firewall on the client device is disabled.
- Apart from these issues, there are some corner case scenarios like a rogue device broadcasting same WLAN in this AP’s vicinity or severe noise but these issues are often taken care via WLC configuraton like rogue mitigation and RRM and are not AP specific configurations.
There is a high likelihood that I could have missed an issue scenario but my intent in this blog was to highlight the approach or the method to be used to tackle the issue.
Related Blogs-
Quick Reads
Why are network admins configuring multiple WLANs?
Common Reasons affecting wireless performance
Cisco Configuration Guides
Configuring 802.1x Authentication for Enterprise Wireless
How to configure WLAN for MLO client association in 9800 WLC?
How to configure Cisco AP in Local mode?
blogscisco.com 