Most often the source of connection problems stems from a misconfigured client or AP. This section explains some of the more prevalent configuration issues and how you can correct them.
In a Windows XP environment, right-clicking the wireless networking icon in the taskbar, and then selecting View Available Wireless Networks results in the window shown in Figure 13-1.
Figure 13-1. Windows XP Shows You Which Wireless Networks Are Available
You see the Wireless Network Connection dialog box. This dialog box shows the Service Set Identifier (SSID) of wireless networks on your channel to which you are not currently connected. If the network you want to connect to is shown on this list, but you are unable to connect, the connection is good; however, there is a configuration issue.
The sections that follow detail some of the more common issues related to AP configuration problems.
Ideally, you should perform a site survey before planning and deploying your WLAN. A site survey helps locate the best (and worst) spots for signal reception. If you have problems connecting, it's time to revisit this practice and perform a signal strength test.
Most client adapters (including the Cisco product line) have a signal strength application.
If your ping test on the wired network is successful, try to run the Cisco Aironet Client Utility Site Survey Utility and move around the office. You might be located in a spot that gets poor reception. This utility tests for signal strength and quality.
With Cisco devices, you can determine signal strength by going to the Aironet Desktop Utility (ADU) and clicking the Link Status icon. Third-party client adapters usually have a similar tool. Check your adapter's documentation for usage information.
Figure 13-2 shows the resulting graphic representation of your signal's strength and quality from the Aironet Desktop Utility Link Status option.
Figure 13-2. Checking Signal Strength Between an AP and Client
If you discover a weak or poor quality signal, but nothing has changed in your organization, try to change the channels on your AP and the wireless client. Again, sources of interference can creep in when you don't expect them (a new cordless phone in an adjacent office or a leaky microwave oven, for example) and to respond to that interference, channel changes can be helpful.
Remember that best practices dictate that you should have at least five channels among adjacent APs to keep interference to a minimum. Because 802.11b and 802.11g networks operate on 11 channels in the 2.4-GHz frequency, you can safely use channels 1, 6, and 11. In 5-GHz 802.11a networks, however, 23 nonoverlapping channels work.
Wi-Fi channels are explained in more detail in Appendix A, "802.11 Protocols."
If you can eliminate the source of interference (get rid of an interfering cordless phone or switch the phone to a 900-MHz model, for example), you can save yourself the trouble of reconfiguring to a new channel. However, changing channels might be the best solution. If the neighboring office has recently installed its own WLAN that uses the same channel, it might be easier to simply change channels rather than changing the neighbor's channel.
Check the SSID
Your WLAN likely has its own SSID. However, if the SSID on the client does not match the SSID of the AP, the two cannot connect. If an SSID doesn't specify the correct network, you cannot ping the AP while the client searches for a network with the correct SSID.
For example, assume the client is to associate with an AP that has an SSID of QBRANCH. However, the AP has an SSID of SPECTRE. As such, the client ignores SPECTRE as it searches for QBRANCH.
Check this setting on both the AP and the client. Users who fiddle with their laptops might alter this setting. Or, if the client has recently associated with a different WLAN, this setting might have been changed, but not reset for use in your network.
Although WEP keys do not provide an ideal level of WLAN security, using them is better than nothing. If WEP is not correctly configured, you cannot ping the AP from a wireless client.
Be cognizant of how you need to enter your WEP key, as mentioned in Chapter 5, "Installing and Configuring Access Points." Some wireless adapters require you to enter the key in hexadecimal format, whereas others require it to be in ASCII format. You should also be aware of the differences between 64- and 128-bit encryption. It is important that the settings on both the AP and client match precisely.
WEP key misconfigurations are responsible for many configuration problems. The symptoms of a WEP key mismatch sometimes mirror those of more serious problems.
For instance, if a WEP key is incorrectly entered, wireless clients won't be able to get an IP address from the Dynamic Host Configuration Protocol (DHCP) server. This is great to keep people out of your network, but not so great if a WEP key misconfiguration disrupts legitimate, authorized clients.
Wi-Fi Protected Access (WPA)
The troubleshooting process can be even more complex if you use an 802.1X solution for your security. Chapter 8, "Wireless Security: Next Steps," explains the process of enabling WPA in greater detail.
802.1X authentication has three components:
You can check three places for misconfigurations.
You must ensure that the AP is a client of the RADIUS server. If the AP is not configured to talk to the RADIUS server, the client cannot log on to the network.
Next, check for misconfigurations between the AP and client WPA settings, such as the authentication method (EAP, LEAP, and so on).
If you use Windows, you might run into a conflict between the Cisco ADU and Windows because each might attempt to manage the WPA duties. You can disable this feature on Windows XP (other versions of Windows are similar) by following these steps:
IP Address Duplication
For many networks, it makes good sense to offload DHCP services to a dedicated network server. Consider an environment that has multiple APs assigning IP addresses. If the APs assign addresses in the 192.168.0.x range (with no coordination between the two APs), it won't be long before two clients are issued the same IP address, with trouble sure to follow.
There are two ways to solve this problem:
Depending on the size of your network and your resources, your network might or might not have a DHCP server. Many APs come with their own built-in DHCP servers.
By default, these AP-based DHCP servers typically assign IP addresses in the 192.168.0.x/24 range, the public Class-C address space. Many DHCP APs do not connect with clients for which they did not issue IP addresses. A problem is that the 192.168.0.x range of IP addresses might be incompatible with your network's IP addressing scheme.
There are two ways to solve this problem:
Chapter 8 discussed MAC filtering lists, which, when used properly, are another weapon in your arsenal to keep unauthorized people out of your network. If a user's MAC address is not on the list of permitted MAC addresses, he cannot access the AP. This can work the other way, however, if misconfigured.
If you don't normally use MAC filtering, it can be a source of headache if it is accidentally turned on, as Figure 13-3 shows. Unless the clients are on that list, they cannot connect to the WLAN, regardless of other configuration settings.
Figure 13-3. Accidentally Activating MAC Filtering Can Keep Authorized Users off the WLAN
MAC filtering can also be a problem in environments that have multiple APs. Just because the administrator enters the MAC address into one AP doesn't mean that the address is propagated to other APs. A client might connect with one AP, but if it roams away from that AP, it cannot connect to an AP that isn't on its MAC list. A central RADIUS server can manage MAC addresses in an environment that has multiple APs.
Misconfigurations are the most likely sources for your connectivity problems. You must be thorough and check for the previously discussed issues when resolving network problems.