As your network grows and evolves, you'll likely encounter some LAN segments that have wireless capabilities-and their own set of problems. In addition, you'll more than likely want to track down issues related to your network's overall performance. In this section, let's take a closer look at how to track down and resolve problems with a wireless network, as well as some good methods for locating and fixing problems stemming from performance issues.
Wireless networks provide a whole new level of convenience to the world of networking. The ability to connect computers without having to worry about wiring-not to mention the ability to take your laptop anywhere in the office-and still maintain network connectivity is a huge plus.
Many wireless deployments fire up as soon as you connect your access point and wireless card. For example, if you're using a Plug-and-Play–capable version of Windows (like Windows XP, for example), most times, the wireless card will be instantly recognized and, security issues aside, you'll have access to the network with no problems. Regrettably, it doesn't always work that smoothly.
Like so many facets in networking, what is meant to keep the bad people out can also keep the good guys out. One of WiFi's methods of security is MAC and IP address filtering. That is, your APs (access points) can be configured to allow or reject traffic from specific IP or MAC addresses. If a client or clients are having trouble connecting, make sure their IP or MAC addresses are not being blocked by the AP. When properly configured, however, this feature is a nice way to add a layer of security.
In an 802.11b/g network, there are really only three channels that are usable: channels 1, 6, and 11. If you're having trouble with your network, you might check to see if there aren't other networks already existing on one of those channels. You may be experiencing interference from another device on your own network, or you might be experiencing complications from a neighbor's wireless network. The solution to your problem might be as simple as changing the AP and clients' channel.
The ideal means of security for your wireless network is to employ 802.1x authentication along with encryption. However, if you aren't using authentication, you should at least use encryption. An easily overlooked component of wireless networking is enabling encryption on your access points and clients. As we mentioned in Chapter 8, this is extremely important for the sake of protecting your data.
If encryption is not enabled, it is relatively easy for someone to sniff the wireless network traffic and glean all sorts of information, from user ID and password information to the contents of e-mails being sent and received.
Even though it has been found to be quite insecure, Wireless Equivalent Privacy (WEP) is the still most common encryption protocol in use today. It uses a key that you establish on the access point and then enter into your wireless-enabled devices. This key is used to encrypt the data being transmitted and decrypt incoming data. Without the key, no one else can "see" the data as it is transmitted.
The next level of wireless security is WiFi Protected Access (WPA). It's like WEP, but provides a much higher level of encryption and authentication security. It's not available on older access points, and it may take an upgrade on the client side to enable it there. If you can't use WPA, at least run WEP-some encryption, even if WEP has been cracked, is better than none at all.
It is wise to become familiar with the encryption and overall security features available on your hardware and software-the standards and technology are advancing quickly in the wireless arena, and sometimes, a more secure environment is only a firmware or software update away.
WEP With encryption, however, comes its share of problems. If your encryption scheme is incorrectly set on either the access point or clients, then expect problems.
If you're having problems getting your wireless clients to connect, the first place to start is by checking encryption settings. Follow these steps to ensure your encryption settings are correct:
Turn off encryption. Even though we just said it was important to have encryption enabled, if you turn off encryption and are still having problems, then you know encryption isn't to blame. If it turns out that everything is running fine, move on to step 2.
Count characters. Check your access point and WiFi card instructions to make sure you're entering the correct number of characters for the encryption key. For instance, when using a 40-bit WEP key, Cisco Aironet 350 requires five ASCII or ten hexadecimal characters for its encryption key (this is shown in Figure 15-11). Also, check to see if you must specify whether you are using an ASCII string or hexadecimal string for the key. Table 15-9 shows how many characters are needed for various bit-lengths of keys.
Figure 15-11: Mistyping a character in the WEP can cause WiFi networks to fail
WEP Bit Levels
Configure authentication methods. When using WiFi, there are two types of authentication employed: open system and shared key. Reconfigure the access point and client to allow open system, thus disabling WEP. When you enable WEP, change over to the shared key authentication. This provides optimal security.
Match your WEP levels. Although it's possible to mix environments in which 40/64-bit and 128-bit devices are operating (we'll talk about that more in a moment), it's best to make sure everyone is using the same level. That said, if it turns out you need to work in a mixed environment, 128-bit devices can talk to 40/64-bit WEP devices only if they are set to use 40-bit keys.
Check your passphrases. Some WiFi vendors (including Cisco) allow you to enter passphrases for key generation. That is, you don't have to come up with a string of hexadecimal characters. If you like, you can come up with a simple phrase. (For instance, Figure 15-12 shows the passphrase "chunkymonkey" turned into a hexadecimal WEP key.) This is a convenient tool, because when setting up the key, you don't need to remember a series of meaningless letters and numbers-"chunkymonkey" is easier to remember than "63B27312BB." When you use passphrases, there are a couple things you should keep in mind. First, keep the passphrase string short. You don't need to come up with phrases like "supercalifragilisticexpialidocious"-it won't result in a key that is any more secure than one generated with a shorter passphrase. Second, use letters and numbers only-don't throw spaces, punctuation, or other symbols into the mix.
Figure 15-12: Passphrases can be used to generate WEP keys
WPA If you're using WPA or WPA2, there are a lot of finicky little steps in the configuration that could lead to misconfiguration.
Look back on the WPA configuration we outlined in Chapter 8. Here are some sources of problems that might be possibilities:
With WPA, the Cipher option must be selected and TKIP chosen from the drop-down menu.
WPA requires that the encryption key be entered in key number 2, not key number 1. Ensure that this has been properly set.
The correct SSID must also be selected. This setting is made using the SSID Manager and then selecting the correct SSID from the Current SSID List.
You might also be experiencing problems depending on the authentication method you've chosen (or need to choose). The authentication method, which is also set from the SSID Manager screen, should be set based on which type of clients your WiFi network is using. If you've only got Cisco clients, select Network-EAP. If you're using third-party clients, select Open Authentication with EAP. If you're in a mixed environment with both Cisco and third-party clients, select both Network-EAP and Open Authentication with EAP.
Also, take a look back on the suggestions for WEP. Since WPA and WPA2 utilize keys, check such things as key lengths and ensure that the keys have been properly entered on both the AP and the clients.
With a wired network, you don't need to worry too much about interference from other devices. For instance, running the photocopier probably won't cause any trouble with your wired workstations, but curiously, it may cause your wireless connection to drop out. And even though your wireless-enabled laptop affords you the freedom to go anywhere in your office, you can only be from 100 to about 300 feet from your access point. After that, interference from walls, floors, and other obstructions will cause connections to slow appreciably or drop out altogether. Of course, this still beats the pants off a wired connection, which only lets you roam as far as the Cat 5 tether allows, which might be no further than one corner of your desk. Wireless networking can be worth doing, just remember to keep in mind where your wireless devices will be in relation to an access point. In most cases, try and locate your access point as centrally as possible to the clients.
No matter where you place your access points, always be aware of sources of interference. It was mentioned earlier that photocopiers have been known to reduce connectivity in WiFi networks, but be mindful of other devices that can wreak havoc on your system. A main culprit comes in the guise of the 2.4-GHz cordless telephone. Since this operates on the same frequency as 802.11b/g, it can cause some headaches. If you suspect a cordless phone or other 2.4-GHz device, try using other WiFi channels to see if things improve.
Extending Your Wireless Network's Range What if you just can't get a good signal in some areas of your space and you really want wireless there? After ruling out interference from another device, repositioning your antenna(s), and perhaps relocating your access point, you may just want to buy an additional access point. This extra access point can be used to extend the range of your wireless network, as Figure 15-13 shows.
Figure 15-13: It's possible to extend your wireless network's range with additional access points
When using an access point to extend range, you can do so without needing a wired connection by configuring the access point as a bridge from an existing access point. Just make sure you are monitoring performance and capacity as your user count grows, because the wired access point could become saturated with network traffic and become a network bottleneck.
Checking Your Levels A simple way to check your connectivity levels is to start the client in the same room or location as the access point. When you've got the two devices communicating, it's easy enough to start moving the client away from the access point. This will give you a quick and dirty idea of the range between the two.
However, you can plot your devices' connectivity with a little more finesse by using the Cisco Aironet Client Utility. Once started on your client, this application, shown in Figure 15-14, shows the quality and strength of your wireless signal.
Figure 15-14: The Cisco Aironet Client Utility shows your signal strength and quality
Point-to-Point Troubleshooting If your wireless bridge link stops working, it is possible that there is a problem with your system's antennas, cabling, or connectors. Check your antennas and ensure they have not come out of alignment.
Also, antennas and connections can be damaged by moisture. If the antennas are not sealed properly when they're installed, moisture can condense inside the antenna feedhorns, ultimately filling them with water. Moisture that makes its way into coaxial cabling can be even more problematic. Coax cables have a foam internal dielectric. This can act like a sponge, sending moisture along the length of the cable.
If you determine that coax cabling has been compromised and is sucking up moisture, replace the entire length, rather than snipping off a few feet and replacing the connector.
When problems manifest themselves in outdoor systems, the effect will appear on both ends of the link to the same degree. This is relevant to know, because if you see a degraded signal on one end of your link, don't automatically think you've found the location of the problem. It might very well be on the other side of the link. Check both ends.
On the other hand, if the receive-signal is low on one end but not the other, generally, this is a problem caused by misconfiguration of the radio units or by interference. As such, don't make a bad situation worse by realigning antennas. If you determine that the setup is correct and the equipment is working properly, check for anything that might cause interference before adjusting the antennas.
If you suspect interference as the culprit, examine your system and its behavior. Is the problem continuous, or is it intermittent? Most often, interference occurs intermittently, when the source of interference becomes active.
For point-to-point wireless networks, determining the source of interference can be a horrendous chore. First, look around the antennas at each end of your link. Are there any other antennas present? If so, do a little sleuthing to determine who owns it, who operates it, at which frequency it operates, how much power it is transmitting, and what type of antenna polarization is being used.
Once you've tracked down this data (it could be just as simple as asking around in the building on which the antenna is mounted), the next step is to ask the owner if he or she would be willing to help you determine if their system is the source of your system's interference.
When you have all the pertinent information about the interfering source, you can much more easily resolve the problem. First, consider your own antennas. Are any of them pointed at the other system's antennas? Is it possible to reposition your antennas so they are out of the other system's broadcast path?
Often, changing the polarization of your antennas to the opposite polarization of the interfering system will fix the problem. This is an easy and inexpensive solution to try first, as it doesn't require the repositioning of any equipment.
If that doesn't work, try changing the frequency of your system. Systems on different frequencies tend not to interfere with each other. One simple way to change your frequencies is to simply swap the transmit and receive frequencies on your system.
If you're trying to pinpoint and troubleshoot problems in network performance, the first, best advice is to laboriously test and document your system, its configuration, maintenance, and anything else that you do to it. That way, should the network start operating in a sub-par fashion, you have a history with which to compare it.
There are two ways you can approach troubleshooting a network with performance problems. The first is to go in, oblivious to any changes and modifications that have been made to the system. That is, you go in to fix the problem, but have no clue what has already been done. When this happens, the best you can do is start making changes here and there, based on your educated guesses and experience, not on fact. The second, and obviously better, solution is to gather basic performance trend information and refer to your network's change management log so that you have a functional baseline from which to begin the troubleshooting process.
A change management log is a document where you record each and every change and bit of maintenance that is performed on your system, no matter how big, no matter how small. If you installed a new router, that should be in the document, but so should someone going into the server room to reset a device.
There's a story about a network technician performing the simple task of blowing dust out of a router's fan. Ultimately, the dust was worked deeper into the fan, causing it to intermittently stop and cause the router to overheat. Since the technician didn't record this "simple" task in a change management document, it was never thought to be checked, until it was too late and the router burned up.
It is also helpful, when making changes to your network's configuration, to make as few changes at once as possible. That way, if your network either takes a performance hit or goes down altogether, it's easier to undo than if you've performed a dozen different things.
If you have a change management document and know when the system started having problems, you can start analyzing changes that were made to the network and its devices. You might discover that a new routing protocol was introduced or a new Quality of Service policy was implemented. If you were to shoot blindly in the dark, it could take you weeks to find these issues. If you have a change management document, however, it's much easier to pin down the problem.
An effective, well-implemented change management plan has a number of useful attributes that will help your overall network management and also aid in troubleshooting. Benefits include the following:
A checkpoint that allows you to measure performance, both before and after changes are made to the network
A journal of network updates, maintenance, and reconfigurations, allowing you to compare your network and its changes to previous configurations in your network's history
A rollback tool, which makes it easier to restore your system to an optimal configuration if the performance of a new configuration does not live up to your expectations
For best results, you'll have the proper software and hardware devices that will help you gather and analyze your performance metrics. For some suggestions, flip back to Chapter 13.
If you suspect there are performance problems with your router, consult your change management document. Have you changed anything recently? Once a networking device has been set up and is working, problems generally stem from a person trying to improve the device's performance. Assuming there isn't some hardware problem (an unplugged cable or network card improperly seated), then the next place to look is if there were any changes made to the device's configuration.
Don't dismiss hardware problems too quickly. It is always possible that someone went to perform a seemingly unrelated task and accidentally pulled a power cord a bit too hard or pinched a network cable with a floor tile or the rack door. Always inspect your hardware before you commit hours of your time to sorting through configuration files. One of the biggest sources of network snafus is cabling plugged into the wrong ports. Don't be sheepish about preparing a map showing which cables go where between your devices and making sure that all your cables are labeled properly on both ends so that you can instantly find where the cable is plugged in. It beats the tedious alternative: pulling on cables to see where they go.
Hopefully, you backed up your router's configuration file. Taking the few seconds to back up the file when it is working optimally will save you untold hours trying to restore the system. The time to back up the configuration file is when everything is working well. Backups should also be made before and after every single change is committed to the device. This allows you to see exactly what is different between the pre and post-change configuration.
If you don't have a backup of the configuration file, the next step is to study your change management documentation. This documentation should describe all the changes that have been made to the router. Examine the document and see which changes might be responsible for your router's problems. You might have to go back to the router's configuration file and undo those changes, one by one, until the problem has been resolved.
Better yet, if you don't have a backup of your router's configuration file, put this book down right now and go make one. Don't worry, we'll wait for you.
The culprit might also be changes in the device's operating system. If you've recently upgraded your operating system or applied a patch, that's a good place to check. Before adding new operating systems or applying patches, you should understand just how you can rollback the operating system to the previous, operational operating system if something goes wrong. Remember, however you attack a troubleshooting problem, the goal is to "follow the wire" and track the source of the problem down to the end.
Keep in mind that the most important thing to do when troubleshooting is to proceed carefully and logically. Don't change several variables at the same time. Make a change, observe (be patient), document if necessary, and then proceed to the next step. Fixing problems in complex systems is more about process than luck. That said, we wish you the best of luck in troubleshooting and in life.