Troubleshoot dropped wireless connections
I was recently hired in the IT department of a small company (~180 users) and one of the issues that people have been complaining about is having their wi-fi connections drop during meetings. The company is using an HP ProCurve Wireless LAN with 10 APs and a controller unit located in the server room. I don't have any experience troubleshooting WLAN in a multi-AP environment, so I'm trying to at least gather information using free or cheap tools.
I did a basic site survey using the free version of Ekahau HeatMapper and discovered the following in one of the conference rooms that has been a problem. The program picked up three access points (plus a bunch of others with much lower signals that were out of range):
AP 1: SSID: "Unknown SSID" - Signal strength: -48 dBm - -40 dBm. Channel: 2
AP 2: SSID "CompanyMain" - Signal strength: -35 dBm or greater. Channel: 2. Security: WEP (This is the main SSID for the company's WLAN.)
AP 3: SSID: "CompanyGuest" - Signal strength: -40 dBm - -35 dBm. Channel: 2. Security: WPA2 (This SSID is the company's "guest" WLAN, which was setup to allow Internet access, but prevent network access.)
Is there anything that you see that is clearly a problem from the above? I'm assuming that the unknown SSID might be a big problem, and that it is an AP from a neighboring office that is causing interference. Does that seem likely?
Also, regarding channel, should we try changing the channels of our APs to avoid interference with that unknown SSID? (Since everything seems to be on Channel 2?)
Should our APs be on different channels? In other words, should the CompanyMain and CompanyGuest APs be on different channels?
Finally, any recommendations for free/cheap tools to help me figure this out, and/or a good methodology to follow?
Thanks in advance for any help. Jack
Solution 1:
Those access points on channel 2 are probably interfering with both channel 1 and channel 6. Not bad work. You could try and move your access points to channel 11 and see if you get less interference, or have a word with your neighbours and tell them to use a more sensible channel for their access points. alt text http://jpoa.info/blog/wp-content/uploads/2008/09/80211-frequency-channel-map.jpg
you may even be able to move your access points to channel 14 (in some countries).
You need to avoid overlap. There are other sources of interference too, such as microwave oven's, street lighting, fluorescent strip lighting in offices.
you ap's should be on different channels, depending on their spacing.
Again, it maybe just the make and model of your client cards, not all wireless cards are created equally.
best to check your ap logs and see why disconnections are taking place.
http://wifi-doc.com/Cisco.Press-802.11.Wireless.Ne/1587051648/ch03lev1sec3.html
has some nice information and channel placement.
http://www.wifiyacht.net/wifi-adjacent-myth.html
Solution 2:
Jack,
Here's my effort to answer your question comprehensively. Just let me know if you need anything else.
Channels:
-
Most enterprise WLAN controllers expect you to set up the access points to use the three non-overlapping 2.4 GHz channels (1, 6, and 11), organized optimally for coverage and to control co-channel interference. If you're using non-directional dipole antennas, draw a grid of hexagons, each marked with a 1, 6, or 11. Then lay it out so that none of your tiles is adjacent to a like-numbered tile. You'll find this CWNA reference material illuminating, but basically, it looks like this:
WiFi Micro Channel Architecture http://mileserickson.com/misc/WiFiMCA.png
A few enterprise WLAN controllers offer a Single Channel Architecture, wherein all APs pretend to be a single access point on the same channel, and the collision domain is managed centrally. However this is rare. I believe that only two vendors, Meru and Extricom, support this. On any other WLAN controller, setting all APs to the same channel would cause excessive collisions and could result in major performance problems.
I think you are right to suspect that your HP ProCurve network was configured incorrectly, if all of the access points are on the same channel.
However, even after you have fixed it, CompanyMain and CompanyGuest will still show up on the same channel in each physical AP "cell", because they are virtual APs that exist on every one of your physical APs. Each physical AP transmits on only one channel at a time, but can have more than one SSID within that channel. This is not a problem. The key is that each of your physical APs will be transmissing both SSIDs together on a channel that you have selected to eliminate co-channel interference from adjacent physical APs.
Concerning "Unknown SSID":
It certainly could be a neighboring office WLAN with its SSID hidden, but the signal strength is awfully high and it's on your channel. Normally, in an office environment site survey, the "edge" of an AP coverage cell would be about -60 to -65 dBm.
It also could be a rogue or malicious device. Keep in mind that from the perspective of an intruder, WEP is no different from an open network. Anyone who wants to can sniff all the traffic they want from CompanyMain. Of course, they can do this passively without exposing an access point for you to find.
It could be another virtual AP on your enterprise WLAN, but with the SSID hidden, although this scenario seems strange to me because the signal strength is weaker than CompanyMain and CompanyGuest. Have you checked the configuration of your WLAN controller to see what SSIDs are configured there? Are CompanyMain and CompanyGuest the only SSIDs?
I also would be very curious to identify the physical location of the unknown device. You may be surprised by how quickly you can find something just by playing warmer/colder with the signal strength. At -40 dBm, it can't be extremely far. You might find a rogue Linksys router under someone's desk in short order. On the other hand, if the signal strength increases when you get closer to each of your corporate access points, then it's a virtual AP on your controller.
WEP on CompanyMain is a real problem:
Today, WEP == no security at all.
Unless your company is perfectly comfortable with having open access points on its corporate network, CompanyMain should be upgraded to WPA2 Enterprise security, authenticating against your company's AD/LDAP servers via RADIUS. You should be able to set up a separate virtual access point on your WLAN controller for testing purposes as you work through getting the authentication process set up.
Were there legacy WEP laptops that have since been retired, enabling you to proceed with the transition to WPA2 Enterprise?
If the company has specialized devices (like VoWiFi cordless phones) that still use WEP, they should be on their own virtual AP/SSID/VLAN instead of opening a massive security hole on your corporate network.
Miscellaneous:
CWNA and CWSP are very useful certifications if you're going to be administering an enterprise WLAN. Much of what I have to offer here comes from these, and I recommend them highly.
I am involved in the administration of only one enterprise WLAN, and it was already in place when I showed up. There may be others with more direct experience, e.g. as specialist contractors, who may be able to offer better advice.
Don't forget the simple things, too, e.g. 2.4 GHz phones and kitchens with microwave ovens.
When people set up corporate WLANs incorrectly, one common mistake is to set the transmit power too high on the APs. If your access points are using higher power settings than your mobile stations, this mismatch can cause excessive layer 2 retransmissions: the AP sends a frame to a station at a high power setting, the station receives the frame and sends an ACK at a lower power setting, the AP doesn't hear it, and so the AP transmits the frame again, and so on.
Solution 3:
+1 for changing the channel. I have seen this issue at several sites and it causes signals to drop as the client tries to conenct to the incorrect AP. Have also seen 2.4Ghz cordless phones in a room create enough interference to cause drops.
I have had good sucess with Ekahau Heatmapper Works well and will also allow you to overaly a map if you have one.