Iuwne10 S06 L03

657 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
657
On SlideShare
0
From Embeds
0
Number of Embeds
5
Actions
Shares
0
Downloads
66
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Iuwne10 S06 L03

  1. 1. WLAN Maintenance and Troubleshooting Troubleshooting
  2. 2. Visual Elements <ul><ul><li>Physical connection </li></ul></ul><ul><ul><ul><li>Status LED on AP: steady or blinking </li></ul></ul></ul><ul><ul><ul><li>Status LED on client card </li></ul></ul></ul><ul><ul><li>Radio status: on or off </li></ul></ul><ul><ul><li>AP port status on switch </li></ul></ul><ul><ul><li>AP seen on controller </li></ul></ul><ul><ul><li>Client seen on controller </li></ul></ul>
  3. 3. Common Controller Issues <ul><li>Did a reboot occur prior to the configuration being saved on the controller? </li></ul><ul><li>Is the time on the controller correct? </li></ul><ul><ul><li>If so, are there valid times and dates on the client/server certificates? </li></ul></ul><ul><li>Is the WLAN admin status enabled? </li></ul><ul><ul><li>If so, is the WLAN associated with the correct VLAN? </li></ul></ul><ul><li>Is the virtual gateway IP address set, and the same on all controllers in the mobility group? </li></ul><ul><ul><li>If so, is it a unused and unreachable IP address? </li></ul></ul><ul><li>Is the DHCP relay address set? </li></ul><ul><ul><li>If so, can the controller ping the DHCP server? </li></ul></ul><ul><ul><li>If so, is there a configured address pool for the associate VLAN? </li></ul></ul><ul><li>Can the controller ping the RADIUS server? </li></ul><ul><ul><li>If so, is the RADIUS server IP address set correctly? </li></ul></ul><ul><ul><li>If so, Is the RADIUS server secret set correctly? </li></ul></ul>
  4. 4. Common Client Issues <ul><li>Do the 2.4-GHz or 5-GHz status lights show activity on the AP? </li></ul><ul><li>Is the SSID correct on the client and AP? </li></ul><ul><li>Is the client MAC part of an exclusion list, a MAC filter or disabled client list? </li></ul><ul><li>Are you trying to use shared-key authentication? </li></ul><ul><ul><li>If so, is the key length correct? </li></ul></ul><ul><ul><li>If so, is the key the same on the client and AP? </li></ul></ul><ul><li>Since 802.1x is the default security policy, is that the correct configuration? </li></ul><ul><li>Does the client have an IP Address? </li></ul><ul><ul><li>If so, is the address static or DHCP? </li></ul></ul><ul><li>Are there any ACLs applied that might affect this client? </li></ul><ul><li>Does the client have a firewall enabled ? </li></ul>
  5. 5. Hidden Node Issue
  6. 6. Exposed Node Issue
  7. 7. Near-Far Issue
  8. 8. Backward Compatibility Issues <ul><ul><li>Presence of 802.11b devices affects performance of 802.11g networks </li></ul></ul><ul><ul><li>Presence of non-802.11n devices affects performance of 802.11n networks </li></ul></ul>
  9. 9. CLI Command: debug <ul><li>(Cisco Controller) >debug ? </li></ul><ul><li>aaa Configures the AAA debug options. </li></ul><ul><li>airewave-director Configures the Airewave Director debug options </li></ul><ul><li>ap Configures debug of Cisco AP. </li></ul><ul><li>arp Configures debug of ARP. </li></ul><ul><li>bcast Configures debug of broadcast. </li></ul><ul><li>cac Configures the call admission control (CAC) debug options. </li></ul><ul><li>cckm Configures the CCKM debug options. </li></ul><ul><li>ccxdiag Configures the CCX Diagnostic debug options. </li></ul><ul><li>ccxrm Configures the CCX_RM debug options. </li></ul><ul><li>cdp Configures debug of cdp. </li></ul><ul><li>client Enables debugs for common client problems. </li></ul><ul><li>dhcp Configures the DHCP debug options. </li></ul><ul><li>disable-all Disables all debug messages. </li></ul><ul><li>dot1x Configures the 802.1X debug options. </li></ul><ul><li>dot11 Configures the 802.11 events debug options. </li></ul><ul><li>emweb Configures the WEB debug options. </li></ul><ul><li>ft Configures the 802.11r debug options. </li></ul><ul><li>hreap Configures debug of HREAP. </li></ul><ul><li>iapp Configures the IAPP debug options. </li></ul><ul><li>locp Configures the LOCP debug options. </li></ul><ul><li>lwapp Configures the LWAPP debug options </li></ul><ul><li>… /… </li></ul>
  10. 10. Per-Client Debug Option <ul><ul><li>Allows debug messages to be limited to a per-client basis using the client’s MAC address as the filter </li></ul></ul><ul><ul><li>Setup procedure is a two-step process: </li></ul></ul><ul><ul><ul><li>Issue the debug mac addr client-mac-address command. </li></ul></ul></ul><ul><ul><ul><li>Then issue debug commands normally. </li></ul></ul></ul><ul><ul><ul><ul><li>Applicable commands will produce output pertaining to only the client MAC address. </li></ul></ul></ul></ul><ul><ul><li>Debug disable can be used two ways: </li></ul></ul><ul><ul><ul><li>Issue the debug disable-all command. </li></ul></ul></ul><ul><ul><ul><ul><li>Clears all debug commands </li></ul></ul></ul></ul><ul><ul><ul><li>CLI timeout </li></ul></ul></ul><ul><ul><ul><ul><li>Clears all debug commands </li></ul></ul></ul></ul>
  11. 11. CLI Command: show <ul><li>(Cisco Controller) >show client summary </li></ul><ul><li>Number of Clients................................ 2 </li></ul><ul><li>MAC Address AP Name Status WLAN/Guest-Lan Auth Protocol Port Wired </li></ul><ul><li>----------------- ----------------- ------------- -------------- ---- -------- ---- ----- </li></ul><ul><li>00:1d:e0:46:f3:37 1252-1 Associated 3 Yes 802.11n 1 No </li></ul><ul><li>00:40:96:b5:fe:77 1252-1 Associated 3 Yes 802.11a 1 No </li></ul>
  12. 12. Layer 2 and Layer 3 Troubleshooting <ul><ul><li>Client sends probes on all channels, looking for an available AP, and may include the SSID in the probe </li></ul></ul><ul><ul><li>An AP may respond to a client on a channel different from the one probed </li></ul></ul><ul><ul><li>Only WEP authentication will send the challenge/response; open authentication will skip these steps </li></ul></ul>
  13. 13. CLI debug Commands: debug dot11 ? and debug dhcp ? <ul><li>(Cisco Controller) >debug dot11 ? </li></ul><ul><li>all Configures debug of all 802.11 messages. </li></ul><ul><li>load-balancing Configures debug of 802.11 load balancing events. </li></ul><ul><li>locp Configures debug of LOCP interface events. </li></ul><ul><li>management Configures debug of 802.11 MAC management messages. </li></ul><ul><li>mobile Configures debug of 802.11 mobile events. </li></ul><ul><li>rfid Configures debug of 802.11 RFID tag module. </li></ul><ul><li>rldp Configures debug of 802.11 Rogue Location Discovery. </li></ul><ul><li>rogue Configures debug of 802.11 rogue events. </li></ul><ul><li>state Configures debug of 802.11 mobile state transitions. </li></ul><ul><li>(Cisco Controller) >debug dhcp ? </li></ul><ul><li>message Configures debug of DHCP error messages. </li></ul><ul><li>packet Configures debug of mobile DHCP packets. </li></ul>
  14. 14. CLI Command: show client detail <ul><li>(Cisco Controller) >show client detail 00:40:96:b5:fe:77 </li></ul><ul><li>Client MAC Address............................... 00:40:96:b5:fe:77 </li></ul><ul><li>Client Username ................................. N/A </li></ul><ul><li>AP MAC Address................................... 00:17:df:a1:82:b0 </li></ul><ul><li>Client State..................................... Associated </li></ul><ul><li>Wireless LAN Id.................................. 3 </li></ul><ul><li>BSSID............................................ 00:17:df:a1:82:bd </li></ul><ul><li>Channel.......................................... 36 </li></ul><ul><li>IP Address....................................... 10.10.1.26 </li></ul><ul><li>Association Id................................... 3 </li></ul><ul><li>Authentication Algorithm......................... Open System </li></ul><ul><li>Reason Code...................................... 0 </li></ul><ul><li>Status Code...................................... 0 </li></ul><ul><li>Session Timeout.................................. 1800 </li></ul><ul><li>Client CCX version............................... 4 </li></ul><ul><li>… /… </li></ul><ul><li>Radio Signal Strength Indicator............ -57 dBm </li></ul><ul><li>Signal to Noise Ratio...................... 43 dB </li></ul><ul><li>… /… </li></ul><ul><li>antenna0: 17 seconds ago -66 dBm................. antenna1: 17 seconds ago -60 dBm </li></ul>
  15. 15. Monitor Clients > Details > Select Client
  16. 16. Monitor Clients > Details > Select Client (Cont.)
  17. 17. CLI debug Commands: debug aaa ? and debug dot1x ? <ul><li>(Cisco Controller) >debug dot1x ? </li></ul><ul><li>aaa Configures debug of 802.1X AAA interactions. </li></ul><ul><li>all Configures debug of all 802.1X messages. </li></ul><ul><li>events Configures debug of 802.1X events. </li></ul><ul><li>packet Configures debug of 802.1X packets. </li></ul><ul><li>states Configures debug of 802.1x state transitions. </li></ul><ul><li>(Cisco Controller) >debug aaa ? </li></ul><ul><li>all Configures debug of all AAA messages. </li></ul><ul><li>detail Configures debug of AAA detailed events. </li></ul><ul><li>events Configures debug of AAA events. </li></ul><ul><li>packet Configures debug of AAA packets. </li></ul><ul><li>ldap Configures debug of AAA LDAP events. </li></ul><ul><li>local-auth Configures debug of AAA Local Authentication. </li></ul><ul><li>tacacs Configures debug of AAA TACACS+ events. </li></ul>
  18. 18. Management > Logs > Config
  19. 19. Management > Logs > Message Logs Message logs are “first-in, first-out” logs, with a maximum of 256 entries. A syslog server is required if more than 256 entries are required.
  20. 20. Management > SNMP > General Default SNMP v3 username of “default” is used by Cisco WCS for controller monitoring and can be reconfigured only in Cisco WCS under Management > Properties.
  21. 21. Management > SNMP > Communities and Trap Receiver It is recommended that the default SNMP community of private be modified at the time of installation.
  22. 22. Management > SNMP > Trap Logs Trap logs are “first-in, first-out” logs, with a maximum of 256 entries. A syslog server is required if more than 256 entries are required.
  23. 23. Management > SNMP > Trap Controls Only those SNMP traps that are checked will be sent to Cisco WCS or trap receivers.
  24. 24. Management > Tech Support > Controller Crash
  25. 25. Management > Tech Support > AP Crash Log > Get Log
  26. 26. Cisco WCS Client Troubleshooting Tool
  27. 27. Monitor Client > Troubleshoot
  28. 28. Monitor Clients > Troubleshoot > Log Analysis
  29. 29. Third-Party Tools: Sniffers
  30. 30. Cisco Spectrum Expert
  31. 31. Summary <ul><ul><li>LEDs and connections can be checked to understand Layer 1 issues. </li></ul></ul><ul><ul><li>A few points that are common sources of connection issues can be checked on the controller and clients. </li></ul></ul><ul><ul><li>The controller has an extensive set of debug commands and displays to help the administrator understand a wireless issue. </li></ul></ul><ul><ul><li>A common way to test wireless connections is to test Layer 2, then Layer 3 connectivity. </li></ul></ul><ul><ul><li>Logs and system messages can also be used and optimized to match the local network requirements. </li></ul></ul><ul><ul><li>Cisco WCS has an integrated client troubleshooting tool. </li></ul></ul><ul><ul><li>Some third-party applications can be used to run packet analysis or RF analysis. </li></ul></ul><ul><ul><li>Cisco Spectrum Expert can be used to detect non-802.11 sources of interference. </li></ul></ul>

×