Day 9 Configuring and Troubleshooting Wireless Networks
CCNA 640-802 Exam Topics
Identify the basic parameters to configure on a wireless network to ensure that devices connect to the correct access point.
Identify common issues with implementing wireless networks (interface, misconfigurations).
Key Topics
Wireless access points can be configured through a command-line interface (CLI), or more commonly through a browser graphical user interface (GUI). Cisco Networking Academy students use a Linksys WRT300N multifunction device in a lab environment to practice configuring basic parameters. However, the CCNA 640-802 exam topics do not include the ability to configure wireless devices. Instead, you must be able to identify the basic configuration parameters as well as common issues with wireless implementations.
Therefore, our review today will not include specific configuration tasks with screenshots of a GUI, but will be a general overview of wireless implementations that are applicable to any wireless device. However, I strongly recommend that you at least practice implementing some of the technologies we reviewed on Day 10, “Wireless Standards, Components, and Security.” If you are a Cisco Networking Academy student, you also have access to Packet Tracer, which includes a simulation of a Linksys WRT300N. However, you might also have your own home router that includes a wireless access point (AP). You can practice configuring your own home wireless router with customized settings such as the service set identifier (SSID), security, and encryption.
Implementing a WLAN
Basic wireless access point parameters include SSID, radio frequency (RF) channel with optional power, and authentication (security), whereas basic wireless client parameters include only authentication. Wireless clients need fewer parameters because a wireless network interface card (NIC) scans all the available radio frequencies it can to locate the RF channel (meaning an IEEE 802.11b/g card scans the 2.4 GHz range and does not scan 5 GHz) and usually initiates the connection with a default configuration to discover the available APs. Therefore, by 802.11 design, if you are using open authentication, the result is “plug-and-play.” When security is configured with preshared keys (PSKs) for older Wired Equivalent Privacy (WEP) or current Wi-Fi Protected Access (WPA), remember that the key must be an exact match to allow connectivity.
Wireless LAN Implementation Checklist
The following basic checklist can help guide the installation of a WLAN:
Step 1 Verify the existing wired network.
The existing wired network should be operational, including virtual LANs (VLANs), Dynamic Host Configuration Protocol (DHCP) services, and Internet connectivity. Basic practices suggest connecting all APs in the same Extended Service Set (ESS) to the same VLAN. For example, in Figure 9-1 each of the APs is connected to a switch port that belongs to VLAN 2.
A quick way to test the wired network is to connect a PC to the switch port that the AP will use. If the device acquires IP addressing automatically through DHCP services, the wired network is ready for the AP.
Step 2 Install and configure the AP’s wired and IP details.
The next step is to attach the AP to the switch port with a straight-through cable and then configure or verify its connectivity to the wired network, including the AP’s IP address, mask, and default gateway. Just like a switch, the IP addressing will allow remote management of an AP, which is a Layer 2 device.
Step 3 Configure the AP’s WLAN details.
Most APs have a plug-and-play capability; however, both consumer-grade and enterprise-grade APs can be configured with a variety of parameters, including the following list (security parameters are covered in Step 6):
— IEEE standard (a, b, g, or multiple)
— Wireless channel
— SSID, which is a 32-character text identifier for the WLAN
— Transmit power
Many APs today support multiple WLAN standards. In some cases, they can support multiple standards on the same AP at the same time. However, these mixed-mode implementations, particularly with 802.11b/g in this same AP, tend to slow down the WLAN. Also note that when you configure an ESS WLAN, each of the APs should be configured with the same SSID, which allows for roaming between APs, but inside the same WLAN.
Step 4 Install and configure one wireless client.
To be a WLAN client, the device needs a WLAN NIC that supports the same WLAN standard as the AP. Typically, clients by default do not have any security enabled. When the client starts working, it tries to discover all APs by listening on all frequency channels for the WLAN standards it supports by default. For example, if a client were using the WLAN shown in Figure 9-1, with three APs, each using a different channel, the client might discover all three APs. The client would then use the AP from which the client receives the strongest signal. Also, the client learns the SSID from the AP, again removing the need for any client configuration.
Step 5 Verify that the WLAN works from the client.
The wireless client should be able to access the same resources as the wired client that was attached to the same switch port as the AP earlier in Step 1. If not, the problem might be the location of the AP or APs. During the planning stages, a site survey should have been conducted to determine the best locations for APs to ensure full coverage of the WLAN area. If the client cannot communicate, check the following in regard to the site survey:
— Is the AP at the center of the area in which the clients reside?
— Is the AP or client right next to a lot of metal?
— Is the AP or client near a source of interference?
— Is the AP’s coverage area wide enough to reach the client?
In addition to the site survey, the following list notes a few other common problems with a new installation:
— Check to make sure that the NIC’s and AP’s radios are enabled. In particular, check the physical switch as well as the software setting to enable or disable the radio.
— Check the AP to ensure that it has the latest firmware.
— Check the AP configuration—in particular, the channel configuration—to ensure that it does not use a channel that overlaps with other APs in the same location.
Step 6 Configure wireless security.
After you have verified that that the wireless client can access resources without security enabled, it’s time to implement wireless security. Configure wireless security with WPA/WPA2. Use WEP only if the AP or wireless client does not support WPA/WPA2.
Step 7 Verify the secure WLAN.
Now that security is enabled, verify that the WLAN works again in the presence of the security features by testing to make sure the wireless client can still access all the resources it could access without the security enabled.
Wireless Troubleshooting
If you follow the recommended steps for implementing a wireless network, the divide-and-conquer troubleshooting methodology will most likely isolate the problem in the most efficient manner. The following are the most common causes of configuration problems:
Configuring a defined SSID on the client that does not match the access point
Configuring incompatible security methods
Both the wireless client and access point must match for authentication method, Extensible Authentication Protocol (EAP) or PSK, and encryption method (Temporal Key Integrity Protocol [TKIP] or Advanced Encryption Standard [AES]). Other common problems resulting from initial RF installation can sometimes be identified by answering the following questions:
Is the radio enabled on both the access point and client for the correct RF (2.4 GHz ISM or 5 GHz UNII)?
Is an external antenna connected and facing the correct direction (straight upward for dipole)?
Is the antenna location too high or too low relative to wireless clients (within 20 vertical feet)?
Are there metal objects in the room reflecting RF and causing poor performance?
Is the AP the client is attempting to reach at too great of a distance?