This chapter covers the following subjects:
Physical Connections and LEDs: A look at trou-
bleshooting using physical features of the network.
Common Client-Side Issues: A discussion of
common client issues.
Using the CLI to Troubleshoot: A look at CLI
commands for viewing and debugging using the CLI.
Using the Controller Interface: Details of trou-
bleshooting using various web interface pages.
Using WCS Version 5.x to Troubleshoot
Clients: Overview of techniques used to trouble-
shoot clients using WCS.
Using the Cisco Spectrum Expert: A brief
introduction to the Cisco Spectrum Expert and its
use.
23_1587202115_ch20.qxp 9/29/08 2:43 PM Page 402
CHAPTER 20
Troubleshooting Wireless Networks
Table 20-1 “Do I Know This Already?” Section-to-Question Mapping
Foundation Topics Section Questions
Physical Connections and LEDs 1–2
Common Client-Side Issues 3–5
Using the CLI to Troubleshoot 6–11
Using the Controller Interface 12–13
Using WCS Version 5.x to Troubleshoot Clients 14
Using the Cisco Spectrum Expert 15
Trouble tends to be something everyone runs into at some point in time. People make ty-
pos. Cables mysteriously go bad. Stuff happens. This chapter discusses numerous issues
that can happen in a wireless network along with some of the techniques, commands, con-
figuration pages, and methods that you can use to correct them. Although everyone has a
unique style, this chapter helps you hone your skills at recognizing misconfigurations and

making corrections, using the command-line interface (CLI), the controller interface, and
the Wireless Control System (WCS).
You should do the “Do I Know This Already?” quiz first. If you score 80 percent or higher,
you might want to skip to the section “Exam Preparation Tasks.” If you score below 80
percent, you should spend the time reviewing the entire chapter. Refer to Appendix A,
“Answers to the ‘Do I Know This Already?’ Quizzes,” to confirm your answers.
“Do I Know This Already?” Quiz
The “Do I Know This Already?” quiz helps you determine your level of knowledge of this
chapter’s topics before you begin. Table 20-1 details the major topics discussed in this
chapter and their corresponding quiz questions.
23_1587202115_ch20.qxp 9/29/08 2:43 PM Page 403
404 CCNA Wireless Official Exam Certification Guide
1. At what layers of the OSI model does trouble happen most often?
a. Layer 1
b. Layers 1 through 3
c. Layers 2 through 6
d. Above Layer 7
2. What are some actions regarding physical characteristics that you can use for trou-
bleshooting? (Choose all that apply.)
a. Analyze port LEDs
b. Verify wiring
c. Check the internal fans
d. View debugs
3. Which of the following accurately describes the hidden node issue?
a. A node is hidden under a desk and used to attack the wireless network.
b. A node is accessing the network from the parking lot.
c. Two nodes are attempting to send at the same time. They are out of range of
each other but not of the AP.
d. Nodes on the network access hidden APs.
4. Which of the following best describes the exposed node issue?

a. Two nodes are sending on the same channel to different APs. The cells are too
close, so a collision occurs.
b. A node is attacking the network in plain view.
c. A node is on the wireless network without antivirus software.
d. A node is listening on undesired ports.
5. When an AP has a greater RF range than a client, the client can see the AP but annot
associate with it because the client frames do not reach the AP. What is this situation
known as?
a. The Weak Antenna syndrome
b. The Weak Link issue
c. The Half Duplex situation
d. The Near/Far issue
6. From where can you execute debug commands?
a. The GUI
b. The CLI
c. The GUI and the CLI
d. The WCS only
23_1587202115_ch20.qxp 9/29/08 2:43 PM Page 404
Chapter 20: Troubleshooting Wireless Networks 405
7. What command provides a summary of clients?
a. show clients
b. show client summary
c. show summary
d. show ap client summary
8. Examine the following output and then answer the question.
(Cisco Controller) >show client detail 00:15:af:0a:0b:71
Client MAC Address 00:15:af:0a:0b:71
Client Username N/A
AP MAC Address 00:1a:a2:fc:df:a0
Client State Probing

Wireless LAN Id N/A
BSSID 00:1a:a2:fc:df:9f
Channel 11
IP Address Unknown
Association Id 0
Authentication Algorithm Open System
Reason Code 0
Status Code 0
Session Timeout 0
Client CCX version No CCX support
Mirroring Disabled
QoS Level Silver
Diff Serv Code Point (DSCP) disabled
802.1P Priority Tag disabled
WMM Support Disabled
Mobility State None
Mobility Move Count 0
Security Policy Completed No
More or (q)uit
Policy Manager State START
Policy Manager Rule Created Yes
NPU Fast Fast Notified No
Policy Type N/A
Based on this output, does the client have full IP connectivity?
a. Ye s .
b. No, the client has partial connectivity but no DNS.
c. No, the client has no IP connectivity because he has no IP address.
d. Yes, but the network is down.
23_1587202115_ch20.qxp 9/29/08 2:43 PM Page 405
406 CCNA Wireless Official Exam Certification Guide

9. If you leave a debug turned on, what happens?
a. It consumes all the resources on the controller.
b. It runs continuously.
c. It turns off when the controller reloads.
d. It becomes disabled when the session times out.
10. Look at the following output and answer the question.
(Cisco Controller) >debug ?
aaa Configures the AAA debug options.
airewave-director Configures the Airewave Director debug options
ap Configures debug of Cisco AP.
arp Configures debug of ARP.
bcast Configures debug of broadcast.
cac Configures the call admission control (CAC) debug options.
cdp Configures debug of cdp.
crypto Configures the Hardware Crypto debug options.
dhcp Configures the DHCP debug options.
client Enables debugs for common client problems.
disable-all Disables all debug messages.
dot11 Configures the 802.11 events debug options.
dot1x Configures the 802.1X debug options.
iapp Configures the IAPP debug options.
ccxrm Configures the CCX_RM debug options.
ccxdiag Configures the CCX Diagnostic debug options.
Which debug would be used to troubleshoot issues with port-based authentication?
a. arp
b. cdp
c. dot11
d. dot1x
11. How do you enable client troubleshooting?
a. Issue the CLI command debug mac addr mac_address_of_client.

b. Click the Troubleshoot button from the Clients Summary page of the WCS.
c. Select the client from the Clients drop-down menu.
d. Use an access list to match a client and tie it to a debug.
12. Where would you find information equivalent to the show client summary command
within the controller interface?
a. MANAGEMENT > Clients
b. CONTROLLER > Clients
c. MONITOR > Clients > Detail
d. WLANs > Clients
23_1587202115_ch20.qxp 9/29/08 2:43 PM Page 406
Chapter 20: Troubleshooting Wireless Networks 407
13. Facility Level 5 is what?
a. USENET
b. SYSLOG
c. FTP DAEMONS
d. KERNEL
14. WCS is used to troubleshoot client-to-AP connectivity. True or false?
a. True
b. False
15. Which of the following devices does the Cisco Spectrum Expert provide information
about?
a. Microwave ovens
b. RC cars
c. Controllers
d. Wired clients
23_1587202115_ch20.qxp 9/29/08 2:43 PM Page 407
408 CCNA Wireless Official Exam Certification Guide
Foundation Topics
Physical Connections and LEDs
Trouble usually happens between Layer 1 and Layer 3 of the OSI reference model. That is

not to say that trouble does not occur at Layers 4 through 7, but Layers 1 through 3 are
the layers where network administrators have the most hands on. Working your way up
can often prove to be a time saver. Starting at Layer 1, physical connectivity can often save
valuable time. You can begin by visually examining the physical connections. Keep in
mind all that is involved in the path of your traffic. This can include areas related to the
following:
■ AP to switch
■ Switch to switch
■ Switch to controller
■ Controller to distribution
While you are examining the physical connectivity, note the port LED status of each de-
vice. What do the LEDs indicate? Are they green? Are they amber? Are they red? Each
device has different LEDs; for example, the LEDs on a controller are different from the
LEDs on an AP, yet they all have somewhat of a common color coding. Usually red is bad,
amber is not so good, and green is okay. Look up the Cisco documentation for details for
each product that you work with. The “References” section at the end of this chapter in-
cludes some valuable links that can help you determine issues in the network and correct
them, some using the port LEDs for verification.
After you have verified the physical connections, you can work in one of two directions:
■ Verification from the client back to the controller
■ Verification from the controller to the client
In either case, common issues arise. You might find that connectivity issues are not related
to the wireless network at all, but rather the distribution network, gateway, or Internet
service provider (ISP). Regardless, the ability to isolate problems is a requirement of those
seeking the CCNA Wireless certification. The next section explores some common client-
side issues.
Common Client-Side Issues
Client-side issues arise frequently and are often expressed in vague ways, for example, “I
cannot get to the Internet.” “Okay,” you might think, “What does that mean?” The answer
might not always be clear, but you can verify some values to quickly restore connectivity

for end users.
Note: When I worked for a large service provider, we went through a transition from bridges
to switches. During the initial deployment, none of the administrators on the local-area
23_1587202115_ch20.qxp 9/29/08 2:43 PM Page 408
Chapter 20: Troubleshooting Wireless Networks 409
network knew about the Spanning Tree Protocol (STP) or the effects it had when a device
was connected to a switchport.
I recall that first week, sitting in my little cubicle at 7:55 a.m. and hearing the voices of my
colleagues say, “The Internet is down.” And then, of course, someone would call IT and say
that nobody could get to the Internet and that he thought the Internet was down. I felt
sorry for the IT guys, because nobody called them and said, “When I came in this morning
and turned on my computer, Spanning Tree put all the ports into a blocking mode while ver-
ifying that there was no loop, so none of us could get to the Internet for about one minute.”
Had someone done that, the IT guys could have simply enabled PortFast on all the client
ports and solved the problem. My point? Users do not call and give you the answer to the
problem. Instead, they give you a symptom, and it is up to you to decipher the true issue re-
gardless of how vague the symptom they described is. Now enough of my reminiscing.
What can you do to isolate these issues?
Some of the more common issues that you can verify include the following:
■ Check that the client card is enabled. Many laptops have a hardware switch that dis-
ables the wireless card internally, which can cause issues.
■ Check that service set identifiers (SSIDs) are not incorrectly configured.
■ Verify whether the client is using a radio that is not enabled on the AP.
■ Verify whether the MAC address of the client is being “blacklisted” on the network.
■ If using 802.1x, verify whether the client side is configured to support the network
method, such as Extensible Authentication Protocol-Transport Layer Security (EAP-
TLS) with certificates.
■ Verify whether the client is getting an IP address that is blocked by an access control
list (ACL) somewhere else in the network.
■ Check the client firewall or antivirus software, because it might be blocking access.

There might not be much you can do other than asking the client to turn each of
these off temporarily for testing.
■ If performing Network Access Control (NAC), check whether the client is posturing
properly. Check the Authentication, Authorization, and Accounting (AAA) server or
the Monitoring, Analysis, and Response System (MARS) logs to determine this. From
a wireless perspective, there is not much you can do except have the users access a
“Guest” type of network that does not require security posturing.
Note: Cisco Security MARS provides security monitoring for network devices and host
applications supporting both Cisco and other vendors. You can find out more about it at
/>■ If you are using preshared keys for wireless authentication, verify that they are cor-
rectly configured on the client side. Also, verify that they are configured for the cor-
rect length.
23_1587202115_ch20.qxp 9/29/08 2:43 PM Page 409
410 CCNA Wireless Official Exam Certification Guide
Checking these common issues can shorten the time that you spend troubleshooting.
Other problems, however, include one issue called the Hidden Node issue. This happens
when more than one client tries to send on the same channel at the same time. This issue
arises because the two clients are in range of the AP but not each other. The result is that
they both send, and a collision occurs.
Methods of mitigating this issue include reducing the maximum frame size, forcing a re-
quest to send/clear to send (RTS/CTS), and reducing the transmit power of the AP and
shrinking the cell. In some cases, obstacles cause the devices not to see each other. In
these scenarios, you might need to remove the obstacle; however, sometimes removing a
wall is not an option. In these cases, take the other measures mentioned. The goal is to ei-
ther get the clients to hear each other (or an RTS/CTS) so they do not sent at the same
time or to get them onto different APs and operating on different channels. By shrinking
the cell, you get the clients on different channels, but by lowering the transmit power, you
might need to add more APs to fully cover the area. By forcing an RTS/CTS, the clients
still might be on the same channel, but at least they are not stepping on the toes of the
other.

Another common issue is called the Exposed Node issue, which occurs when you have
two wireless cells on the same channel and they are too close to each other. This happens
often in Wireless B/G networks because only three nonoverlapping channels exist. If
clients in either of the overlapping cells transmit packets, a collision can occur. The simple
fix to this is to change your topology, or at least the channel allocation. In some cases this
is not a possibility, so you might consider a change to an 802.11a deployment, where more
channels are available for allocation.
Another issue that happens between clients and APs is the Near/Far issue, which is
caused by an AP transmitter being more powerful than the client transmitter. When a
client sees an AP, because of its strong signal, it attempts to associate with it. Because the
client transmitter is weaker than the AP, it does not have the range that the AP does. This
means that the client transmission does not reach the AP, and the association fails. You
can solve this problem using features of the controller. The controller can help monitor the
client signal and adjust the radio resources as needed.
Additionally, as you might have been expecting, backward compatibility is an issue. This
issue occurs when an 802.11b client joins the 802.11g cell and when an 802.11b/g/a client
enters an 802.11n cell. The normal symptom is overall degraded data rates. To solve this is-
sue, you can lock in a G-only cell for G clients.
Using the CLI to Troubleshoot
Sometimes resolving the common issues is not easy and they require further research. In
these cases, you can use the CLI or the GUI tool to gather additional information. From
the CLI, you have a few options for troubleshooting. First, you can use show commands
on the CLI to gain valuable information related to the operational status of the controller,
the APs, and the clients. Many of these show commands are available in various pages of
the GUI tool, as you will see in later sections of this chapter.
Key
Topi
c
Key
Topi

c
Key
Topi
c
23_1587202115_ch20.qxp 9/29/08 2:43 PM Page 410
Chapter 20: Troubleshooting Wireless Networks 411
Some of the show commands you should be familiar with include the following:
■ show client summary
■ show client detail
Example 20-1 shows the output from a show client summary command. In this output,
you can see clients that are associated or trying to associate to the network. The example
has an 802.11b client with the MAC address 0:13:e8:a9:e1:29 that is probing but not asso-
ciated with an AP. Furthermore, the client is seen by the AP “Lobby-AP.”
Example 20-1 Viewing the Client Summary
(Cisco Controller) >show client summary
Number of Clients 1
MAC Address AP Name Status WLAN Auth Protocol Port

00:13:e8:a9:e1:29 Lobby-AP Probing N/A No 802.11b 1
(Cisco Controller) >
How can this assist you in the troubleshooting process? Well, suppose that a client re-
ports a problem associating, and as you further research the issue, you find that the AP
MAC address is seen by the Lobby-AP, and it is usually associated with the Research-Lab
AP. You might then ask if the client is trying to connect while in the lobby. Who knows
where this might lead you, but at least you have more information than when you
started—information that might lead to a resolution.
If you wanted to dig even deeper into the client information, you might use the show
client detail command. Example 20-2 shows the output of this command. Note the addi-
tional information you can gain there. Information includes the client username if applica-
ble, mobility information if applicable, and much more.

Example 20-2 Viewing Client Details
(Cisco Controller) >show client detail 00:15:af:0a:0b:71
Client MAC Address 00:15:af:0a:0b:71
Client Username N/A
AP MAC Address 00:1a:a2:fc:df:a0
Client State Probing
Wireless LAN Id N/A
BSSID 00:1a:a2:fc:df:9f
Channel 11
IP Address Unknown
Association Id 0
Authentication Algorithm Open System
Reason Code 0
continues
Key
Topi
c
Key
Topi
c
23_1587202115_ch20.qxp 9/29/08 2:43 PM Page 411