Scribd
Upload
154 views

Wireless Advanced Troubleshooting LAB Cook Book Virtual Deployment Extended

The customer is experiencing issues with wireless connections on their network. You will use various troubleshooting techniques to diagnose problems with access points not joining controllers, access points rebooting, authentication and connectivity issues for wireless users, and web page authentication. For each lab, you will note your observations and any findings from troubleshooting.

Uploaded by

Matt Hunt
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
154 views

Wireless Advanced Troubleshooting LAB Cook Book Virtual Deployment Extended

The customer is experiencing issues with wireless connections on their network. You will use various troubleshooting techniques to diagnose problems with access points not joining controllers, access points rebooting, authentication and connectivity issues for wireless users, and web page authentication. For each lab, you will note your observations and any findings from troubleshooting.

Uploaded by

Matt Hunt
Copyright
© © All Rights Reserved
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 17

Cisco Centralized WLAN

Solution, advanced
troubleshooting – LAB Cook
Book
Piotr Madera

AT&T Proprietary (Internal Use Only)


Lab guidance

You work for high critical customer, this is NO TOUCH


customer, every change need to be approved by customer
after clear explanation what has to be done to fix an issue.
SSIDs
GT3_Office_PODX
GT3_Office_PSK_PODX
GT3_Guest1_PODX
GT3_Guest2_PODX

Check network layout for IP address scheme


WLC Protocol Ports
LWAPP Data Packets : UDP 12222
LWAPP Control Messages : UDP 12223
CAPWAP Control Messages : UDP 5246
CAPWAP Data Messages : UDP 5247
Mobility Control Messages : UDP 16666 and/or UDP 16667

Some common ports :


SNMP : UDP 161 and UDP 162
Syslog : UDP 514
NTP : TCP/UDP 123
Radius Authentication : UDP 1812
Radius Accounting : UDP 1813
ACS Authentication : UDP 1645
ACS Accounting : UDP 1646
DHCP Clients : TCP/UDP 68
DHCP Server : TCP/UDP 67
TFTP : UDP 69
HTTPS : 443
HTTP : 80
Telnet : 23
SSH : 22
Usable commands
Client
WLC - show run-config, debug client <mac>, debug dhcp message enable,
debug dot1x <?> enable, debug aaa <?> enable,
AP - Show tech, show controller D<0/1>
Data - Driver/Supplicant Logs, Wireless Capture, AAA Logs, DHCP Logs
Webauth
WLC - (Client debugs),
debug webauth enable <IP>,
debug pm ssh-appgw enable,
debug pm ssh-tcp enable
Client - local capture
Mobility
WLC - debug mobility handoff enable,
debug mobility keepalive enable <IP>
Data - Wired capture
AP Join
WLC - debug capwap [events/error/packet] enable
AP - debug capwap client events, debug ip udp
Data - Wired capture
Certificate
WLC – debug pm pki enable
AP – show crypto pki certificates
Wireless troubleshooting using windows
native free tools
netsh wlan show all – list of all known SSIDs, list of SSIDs detected by
wireless NIC
netsh WLAN show networks – list of SSIDs with authentication and encryption
netsh WLAN show profiles name=„ssid_name” detailed information about ssid
netsh WLAN export profile name=„ssid_name" folder=c:\# - exports profile to
the specified folder in xml format
netsh wlan show profile name=„SSID_profile name" key=clear – PSK key in
clear text
Wireless troubleshooting using windows
free tools cont.
Packets capture

netsh ras set tracing * enabled


netsh trace start capture=yes scenario=wlan report=yes tracefile=c:\wlantrace1.etl
Netsh trace stop
Netsh ras set tracing * disabled
Open file with message analyzer

Filters:
EAPOL or
Microsoft_Windows_WLAN_Autoconfig or
Microsoft_Windows_NWiFi or
Microsoft_Windows_NDIS
LAB 1 Lightweight Access Point doesn’t
join a Wireless LAN Controller

Use known troubleshooting technics in order to find the


reason for that.
Note your observations.
LAB 2 Lightweight Access Point Not
Joining a Wireless LAN Controller

(aag-wc-flex1) >show ap join stats summary 00:1b:54:0f:9e:b8


Is the AP currently connected to controller................ No
Time at which the AP joined this controller last time...... Not applicable
Type of error that occurred last.......................... Lwapp discovery request
rejected
Reason for error that occurred last....................... Layer 3 discovery request
not received on management VLAN
Time at which the last join error occurred................ Nov 21 11:42:18.756
LAB 3 Lightweight Access Point doesn’t
join a Wireless LAN Controller
Use known troubleshooting technics in order to find the
reason for that.

Note your observations.


LAB 4 Newly installed AP keeps rebooting
or remains with antennas down (depends
on AP model)
Use known troubleshooting technics in order to find the
reason for that.
Note your observations.

show ap search "name of the LAP"


show ap config 802.11b "name of the LAP"
LAB 5 Wireless users are not able to
authenticate/assosiate with
GT3_Office_PSK_PODX
Use known troubleshooting technics in order to find the
reason for that. As per user everything worked fine
yesterday. He didn’t do any changes on his laptop, multiple
users affected.
Note your observations.
LAB 6 Wireless users keep disconnecting
while roaming SSID GT3_Office_PSK
Use known troubleshooting technics in order to find the
reason for that.
Note your observations.
LAB 7 Wireless users are not able to
authenticate/assosiate with GT3_Office
SSID

Use known troubleshooting technics in order to find the


reason for that.
Note your observations.

User: student1 pass Stu#1


User: student2 pass Stu#2
User: student3 pass Stu#3
User: student4 pass Stu#4
LAB 8 Web page authentication issue
when user connect to ‚GT3_guest2'
network
Customer lauches his browser in this case Internet Explorer and once he does that what
normally happens is a pop-up window comes up mentioning 'website certificate' then he
just clicks the 'Continue' button and then gets a username/pw pop-up window then he
logs in.
But now what happens is that after he clicks "Continue" button the browser just returns
"The webpage cannot be found"
It appears that authentication request is being redirected to another URL in the browser
itself.
Customer sent me the link that is NOT working:
https://1.1.1.1/fs/customwebauth/login.html

you joined with GSCS to multichat, GCSC told that WLC was
replaced before an issue due to HW failure, configuration was
restored from backup, all other SSID works correctly
LAB 9 Web page authentication issue
when user connect to ‚GT3_guest1'
network
Customer launches his browser in this case Internet Explorer and once he does that
what normally happens is a pop-up window comes up mentioning 'website certificate'
then he just clicks the 'Continue' button and then gets a username/pw pop-up
window then he logs in.
But now what happens is that after he clicks "Continue" button the browser just
returns "The webpage cannot be found"
It appears that authentication request is being redirected to another URL in the
browser itself.
Customer sent me the link that is NOT working:
https://172.16.27.9:8443/portal/PortalSetup.action?portal=27ffafe0-e96e-11e4-a30a-
005056bf01c9

you joined with GSCS to multichat, GCSC told that there was
ISE server failover before an issue due to HW failure, other
SSID use the same radius server and it works corectly.
LAB 10 Guest users report http sites
doesn’t work for SSID GT3_guest1

Use known troubleshooting technics in order to find the


reason for that.
Note your observations.
LAB 11 Wireless user connection keep
dropping
User connected on GT3_Office_PSK- user reporting weak
signals and connection keeps disconnecting
Checked and soft resetted AP but still user have same issue
Tech is onsite to perform troubleshooting.

You might also like