A network administrator will often be tasked with resolving common issues on a wireless network. In this video, you’ll learn about overlapping channels, attenuation, wrong SSID configurations, captive portals, and more.
One problem you often run into on wireless networks, especially wireless networks that have a lot of different access points around, is overlapping channels. Any time the channels are overlapping, you’re creating interference with other access points in the area.
This is a 2.4 GHz frequency distribution. You can see channels 1 through channels 11 are what’s available in the United States. And you can see that two access points have been put onto this network, one on channel 6 and one on channel 11. You can see that the bandwidth used by each individual access point expands to the left and the right of that channel number, and that’s why we always recommend that you have an access point on channel 1, channel 6 and channel 11 in the United States to avoid any type of overlap with your frequencies.
Here’s what can happen if you add another access point that doesn’t take into account these existing frequencies. You can see this access point has been added on channel 8, which obviously is going to overlap with the access point on channel 6 and the one on channel 11. This is probably going to cause all of these networks to perform poorly, and would have made more sense to put this new access point down on channel 1, where it would not overlap with the access point on 6 or 11.
If you’ve ever worked on a wireless network, you know the farther away you get from that access point, the less signal will be available, and your network connection will probably run slower. This is because, as you move farther away from that antenna, there will be attenuation as that signal gets weaker and weaker.
If you need to see exactly how much attenuation, you can check the local statistics on your wireless receiver, or check with an external Wi-Fi analyzer. You may be able to control the output of the power on your access point, so if you need to increase the signal strength so that one particular area is able to connect better, you may be able to increase that on the access point. Not all access points have that functionality, so make sure you check the documentation of your access point.
You also might be able to replace the antenna that’s on your access point with one that provides more gain. A higher gain antenna may increase the signal strength on the access point, and some wireless access cards support adding an external antenna, so you might be able to add an additional antenna on your desk to be able to receive the signal better.
There’s also some signal that’s lost in the coax between the access point and the antenna. The amount of loss increases as you increase the frequency. So 5 GHz frequencies will have more loss in the coax than 2.4 GHz. You should also check and make sure the cable itself has not been damaged, especially if you have connections that are outside and are subject to being damaged by the weather.
When you first configure an access point, you assign it a name. This name is the service set identifier, or the SSID. And on a very busy network, or an area with many different access points, you might inadvertently be connected to the incorrect access point. If you’ve ever been in a public area with a lot of access points, you might have the choice to choose between public Wi-Fi internet, guest internet, and internet– all three different wireless networks.
And looking at those names, it may not be obvious which one you should be connecting to. This might also be a security concern, because you don’t want to connect to a third party access point, especially if you’re sending nonencrypted data. So make sure you confirm what the right SSID should be, and that you’re selecting that particular SSID in your wireless configuration.
If you’re in a public area you may be connecting to an open access point, but in your office or at home, there is authentication that must occur so that only authorized users gain access to that network. There may be different ways to connect to the network depending on where you are. If you’re at home you’re probably using a PSK, or preshared key, so that everybody uses the same passphrase.
But at work, you may have a username, a password, and perhaps some other type of authentication factor. If you’re at home it’s easy to troubleshoot this by making sure that everyone knows what the correct preshared key happens to be. But in the enterprise, you need to make sure that the network access control or the 802.1X system, is all working as expected. You need to make sure that your access points or wireless controllers can communicate properly to your authentication database, and then you need to make sure that each user has the correct credentials to allow them access to the network.
When connecting from a wireless device, we need to make sure that the encryption we’re using on that device is the same as the supported encryption types on the access point. If those have a mismatch, or there’s not a compatibility between those devices, your device will not connect to the wireless network.
Now the WPA2 has been out for so long, it’s difficult to find devices that can’t support a minimum of WPA2. But you may find that you have a legacy device that simply doesn’t have the technology to connect to a WPA2 or a WPA3 wireless network. In those cases, you’ll need to make a decision as to what you’ll do with that particular legacy device.
It may be that there is a wired option, or you may have to use a different access point to allow that legacy device to connect. And if this is a very old wireless device that can only support Wired Equivalent Privacy, or WEP, you may consider not connecting that to a network until you’re able to provide a firmware or hardware upgrade for that device.
As we mentioned earlier, managing the frequencies on your wireless network can be a challenge, and you want to be sure that all of your access points are sending a signal that is not going to overlap with an access point that’s nearby. This interference may cause poor throughput, or you may find that some devices aren’t able to connect to the wireless network at all.
You’ll want to see which frequencies happen to be used by the access points, and be able to find frequencies that don’t overlap with each other. This can be a challenge at 2.4 GHz because we only have so much frequency available. At 5 GHz, there are many more frequencies available, so it may be easier to find an open channel.
If you had a floor of a building, and you had seven 2.4 GHz access points, you would need to place those access points in a way that it would not overlap with these channels. You should plan on implementing channel 1, channel 6, and channel 11, because those three channels do not overlap with each other in 2.4 GHz, and then make sure that all of the channels are not overlapping with each other.
You can see that channel 1 does not overlap with each other, channel 11 is separate from each other, and channel 6 does not touch channel 6. This ensures that there will be no interference between any of these access points and you’ll have the fastest throughput possible.
You’ve probably seen captive portal when you first connect to a wireless network, and it puts a prompt up, asking you for a username, a password, or to simply check a box that you agree to the rules and regulations on this wireless network. This captive portal is created because your access point has a list of all of the devices that have already authenticated to the network. And if your device has not already authenticated, it puts this captive portal prompt so that you can then use a username, password, or some other type of authentication to gain access to the wireless network.
Normally, this authentication process has a certain time frame. So once you authenticate, you may be allowed on the network for 6 hours, 12 hours, or 24 hours. Once that time frame has elapsed, you’ll be presented again with another captive portal screen, where you have to authenticate again for that particular time frame.
If you’re using a username and password to authenticate to the wireless network, then there’s probably an authentication database in the back end. This might be LDAP, accessing an Active Directory database, it might be RADIUS, or TACACS, and if someone’s not able to authenticate properly, you’ll have to check their credentials on that authentication database to be sure they’re using the proper username, password, or any other authentication credential.
On some older wireless networks, you may find a problem associated with client disassociation. This is a denial of service attack that prevents people from accessing the wireless network. They might be working just fine on the wireless network, and then suddenly their device will disconnect. As long as someone is sending these disassociation frames, that machine will not be able to communicate to the wireless network.
If you’re wondering if your issue is associated with a disassociation attack, you can get a packet capture with Wireshark and look at the 802.11 frames. It should be very easy to see the disassociation frames in the packet capture. There are really two ways to resolve a disassociation attack.
The first one is to remove the device that is performing the attack. That would effectively allow people access to the network again. But a better solution might be to upgrade to one of the latest 802.11 standards, which has resolved this problem, and prevents any type of disassociation attack.