Trouble usually happens between Layer 1 and Layer 3 of the OSI reference model. That is not to say that trouble does not occur at Layers 4 through 7, but Layers 1 through 3 are the layers where network administrators have the most hands on. Working your way up can often prove to be a time saver. Starting at Layer 1, physical connectivity can often save valuable time. You can begin by visually examining the physical connections. Keep in mind all that is involved in the path of your traffic. This can include areas related to the following:
- AP to switcch
- Switch to switch
- Switch to controller
- Controller to distribution
While you are examining the physical connectivity, note the port LED status of each device. What do the LEDs indicate? Are they green? Are they amber? Are they red? Each device has different LEDs; for example, the LEDs on a controller are different from the LEDs on an AP, yet they all have somewhat of a common color coding. Usually red is bad, amber is not so good, and green is okay. Look up the Cisco documentation for details for each product that you work with. The “References” section at the end of this chapter in- cludes some valuable links that can help you determine issues in the network and correct them, some using the port LEDs for verification.
After you have verified the physical connections, you can work in one of two directions:
- Verification from the client back to the controller
- Verification from the controller to the client
In either case, common issues arise. You might find that connectivity issues are not related to the wireless network at all, but rather the distribution network, gateway, or Internet service provider (ISP). Regardless, the ability to isolate problems is a requirement of those seeking the CCNA Wireless certification. The next section explores some common client- side issues.
Common Client-Side Issues
Client-side issues arise frequently and are often expressed in vague ways, for example, “I cannot get to the Internet.” “Okay,” you might think, “What does that mean?” The answer might not always be clear, but you can verify some values to quickly restore connectivity for end users.
Some of the more common issues that you can verify include the following:
- Check that the client card is enabled. Many laptops have a hardware switch that dis- ables the wireless card internally, which can cause issues.
- Check that service set identifiers (SSIDs) are not incorrectly configured.
- Verify whether the client is using a radio that is not enabled on the AP.
- Verify whether the MAC address of the client is being “blacklisted” on the network.
- If using 802.1x, verify whether the client side is configured to support the network method, such as Extensible Authentication Protocol-Transport Layer Security (EAP- TLS) with certificates.
- Verify whether the client is getting an IP address that is blocked by an access control list (ACL) somewhere else in the network.
- Check the client firewall or antivirus software, because it might be blocking access. There might not be much you can do other than asking the client to turn each of these off temporarily for testing.
- If performing Network Access Control (NAC), check whether the client is posturing properly. Check the Authentication, Authorization, and Accounting (AAA) server or the Monitoring, Analysis, and Response System (MARS) logs to determine this. From a wireless perspective, there is not much you can do except have the users access a “Guest” type of network that does not require security posturing.
- If you are using preshared keys for wireless authentication, verify that they are cor- rectly configured on the client side. Also, verify that they are configured for the cor- rect length.