Wireless not working!!!

Network admins often start and end their day with a ticket with Subject: Wireless not working!!!

I often try to tackle this issue in 3 ways, the severity of the support case is often the determining factor while choosing the method-

  • A Sev 4 case is often restricted to a client or an AP or an access switch which implies the issue is local and restricted and method 1 can help finding the root cause sooner.
  • A Sev 1/2/3 case is a wider issue affecting multiple clients hence could be an issue on Core/Distribution switch or the firewall and method 2 can help finding the root cause sooner.
  • There are some corner case scenarios wherein the issue is local but needs fix from the firewall side, method 3 comes in handy in that case.

The 3 methods are as follows-

  • Method 1- Bottom to top (client –> firewall troubleshooting)
  • Method 2-Top to bottom (firewall –>client troubleshooting)
  • Method 3-When troubleshooting involves both wired and wireless issues, leveraging both methods can help troubleshoot the issue.

Method 1-Minor outage-Bottom to top

(Client to firewall/router troubleshooting)

  • This approach primarily tries to find the root cause of the issue from the client side and upwards to the firewall/router
  • Verify if the AP is powered up and client is able to see the WLANs being broadcasted.
    • If the end user reports AP is down and WLANs are not broadcasted the issue is local to the AP and addressing the PoE on the switch port can fix the issue.
  • Once the AP is powered up, is the AP joined to the WLC?
    • If the AP is not joined to the WLC, verify the AP is pointed to the correct WLC and the VLAN configuration on the AP switch port is correct. It is very unlikely going to be an issue with switch upstream port as the other APs on the same switch are functioning as expected.
  • Once the AP has joined the WLC and WLANs are not boradcasting ensure that the policy/site and rf tags assigned to the AP are correct.
  • Once the WLANs are broadcasting, verify ifthe client device trying to associate the correct WLAN and authenticating successfully.
    • The AP could be broadcasting multiple WLANs and the client might be associating to the WLAN where it is unauthorized.
    • If the client is trying to associate the correct WLAN and failing authentications verify the credentials and fix it.
  • Once the client is authenticated and associated successfully, it is important to check if it is getting an IP address, DNS from DHCP server.
    • If not verify the AP switchport configuration. In a rare scenario will this be a case that DHCP server is out of leases but worth a check.
  • Once the client has IP address but is not able to access resources on the network verify if the firewall on the client device is disabled.
  • Apart from these issues, there are some corner case scenarios like a rogue device broadcasting same WLAN in this AP’s vicinity or severe noise but these issues are often taken care via WLC configuraton like rogue mitigation and RRM.

Method 2- Major Outage (Top to bottom)

(Firewall/router to client troubleshooting)

    • Verify if the there is any power outage through all the layers of the network.
    • If all the devices are up and running determine whether the issue is restricted to wireless or both wired and wireless.
      • This helps determining whether the issue is related to WLC and AP configuration or network level issue like routing, DHCP etc.
    • If the wired network is also down, it is very unlikely that it is a wireless or WLC/AP issue, it is most likely a network issue which needs to be addressed on wired network side.
      • Verify if all the VLANs and DHCP servers are up and all VLAN interfaces and switch management IP addresses are reachable.
        • If VLANs are down the issue needs to be fixed on the core switch.
        • If clients are not getting IP addresses the issue needs to be fixed on the DHCP server.
        • If switches are not reachable the uplink and downlink switchport configurations need to be verified for trunking.
        • If issue is specific to certain building or certain switches, the issue is most likely with the uplink downlink ports between the switches in heirarchy.
    • If the VLANs interfaces and DHCP servers are working as expected we can be fairly confident that routing and switching is working, the issue might be with authentication server and firewall rules.
      • Verify if the wired devices are successfully authenticated using the credentials, if not the issue needs to be fixed on AD.
      • If the wired devices are authenticating but cannot reach resources on the network, firewall rules could be causing the issue.
    • Wired network could have STP related issues but they are usually addressed via switch configuration.

    Method 3

    • If the wired network is working as expected, it is very likely that routing, VLANs and DHCP are working as required but WLC configuration is the real issue.
      • Verify if the APs are joined to the WLC, if not verify AP and WLC management IP address connectivity.
      • If APs cannot reach the WLC IP address, verify switch port configuration on both and the DHCP server for AP VLAN.
      • If they are able reachable and CAPWAP handshake is failing, enabling CAPWAP should help.
      • Once the APs are joined verify if they are broadcasting WLANs