1. Can the user “see” the WLAN?
If the utility does not show the user’s client service set indentifier (SSID) of your WLAN, you can use a WLAN WIDS or manager to identify and verify the operation of remote access point closest to the user. If all access points are operational, Use case testing portable tool to “hear” the SSID in the location of the user.
If the meter you see the SSID but no, check that there has been no hardware or software problems of the client (for example, disable the driver old / damaged). Verify that the client uses a standard and a domain compatible (ie, exclude the channel and modulation coupled correctly). Consider the signal strength: if the signal-to-noise meter is low, the access point may be too far because a client can see it very powerful. Note that the client may have difficulty seeing your SSID if your access point does not carry the broadcast SSID or multiple SSIDs do not send in the same signal.
2. Can the user connect to your WLAN?
If the utility user’s client does not show a persistent connection, use a tool to study WIDS WLAN or remote connection attempts. If necessary, use portable test tool to monitor the user while trying to join.
Alerts and traffic analysis can help understand why a client can not connect. First, exclude the reset access point, then check the client configuration. Sought any coupling problems of speed (as a client that can not support a minimum data rate of the access point) and safety (as a client that can not support encryption algorithms access point). If the AP rejects client requests, check the point about which the log to verify that there are problems or overloads in the list of access control MAC. If attempts are repeatedly interrupted by shouts of “deautenticazione,” assessed the possibility of a denial of serviced, perhaps by a WIDS who mistakenly believe that the client is not authorized.
3. Can the user authenticate on your WLAN?
In WLANs that require 802.1x, associations that break quickly indicate a problem in authentication. The diagnosis involves examining the client, server logs the authentication and access points and analyzes traffic between these three components.
On the client side, check that the driver, the operating system and client utility is required (802 x .1) support the types of Extensible Authentication Protocol (EAP) requested by your WLAN. Carefully check the client configuration, including all credentials stored by the user and server certificates configured. Make sure the access point and the authentication server communicate with each other. The potential problems here include the disconnection physical aspects of the virtual LAN or routing and RADIUS secret defective. If the server receives but refuses client requests, use the server logs (and maybe a diagnostic system) to understand why. In some cases, the problem arises between the authentication server and the user data store (eg, Active Directory, RSA / ACE Server).
4. Can you obtain an IP address?
A client connects but can not obtain an IP address (or falls into an automatic private IP address 169.254.xx) has some trouble getting a server Dynamic Host Configuration Protocol (DHCP).
In this case, you must first make sure that the DHCP server is operational and reachable from the LAN access point and the set of IP addresses has been exhausted. In WLANs that use Wi-Fi Protected Access (WPA or WPA2) Personal, look for a decoupling between the client and the pre-shared key access point. In WLAN dynamically assign the tag virtual LAN via 802.1x or SSID, controlled access point and / or the mapping of virtual LAN switches to verify that the client broadcasts reach your DHCP server. Check the DHCP replies to highlight any problems in the return path. Much of this process is already well known to technicians in traditional wired LAN.
5. Can the user log into your portal WLAN?
In WLANs that require a mandatory login to a portal, users can associate and authenticate to Layer 2 but can not send traffic on the applications. The diagnosis of a malfunction during the login begins with an examination wired or wireless traffic between the client and the portal.
On the client side, try one of the most common problems of the network, such as those that may relate to the DNS (client can not “solve” the name of the portal), routing (the client can not ping the portal) and the block traffic (the host firewall or VPN client blocking HTTP). If the client reaches the portal but can not establish an SSL session, check that there are no problems or differences in versions of the server certificate. When the portal rejects the client request, check your credentials and check the communication between portal and external authentication server. This process is already well known to those who are already using Web portals for secure remote access.
6. Can you reach the target application?
Users who are often suspected of new wireless RF or problems regarding the access point, while the real culprit is often the old or the reachability of network applications. Check out the wireless client to the wired LAN - for example, made the ping the access point through the portal and login from next-hop router.
7. Does the user often lose wireless connectivity?
The intermittent faults are frustrating for users and support staff. The malfunction during an application session can be caused by WAN or problems concerning the application server.
802.11 clients reacting to the changing environment to roam to access points that offer the best service. This can occur for many reasons: an access point fails, the door is closed, the user carries his laptop in an area not well covered or her hand moves in a way that prevents transmission. In WLAN with little or no security, roaming access point can occur without significant effect. In the WLAN using 802.1x, roaming may require re-authentication or discontinuation of latency sensitive applications like VoIP. In large WLAN, roaming may cause a change of IP address and disconnect the application sessions.
To solve problems caused by roaming - and related malfunctions or problems of RF performance - requires a good knowledge of the operation of WLAN, the analysis tool and the portable on-site visit to monitor user behavior and radio broadcasts in vicinity. The presence of a WLAN or WIDS tools might be useful to determine how performance in one area relate to others and to identify traffic patterns that trigger the intermittent malfunction.
The measurement of end-to-end performance can help determine when there is insufficient throughput or excessive latency for a given application. Problems can include non-802.11 interference, 802.11g access points that operate without protection b / g, the overhead channel with multiple access points, access points and client overloaded by excessive collisions or errors. Research malfunctions RF requires experience and specialized training.