CWAP Notes

CWAP Notes (CWAP-402)

Chapter 1: Troubleshooting Processes

Cisco troubleshooting process
Define a clear problem statement with symptoms and potential causes.
Gather the facts to help isolate the possible causes.
Consider possible problems based on the facts discovered.
Create an action plan based on the remaining potential problems and the most likely cause.
Implement the action plan.
As changes are made, gather results.
Analyze the results and determine whether the problem has been resolved.
If the problem is not resolved, create a new action plan based on the next most likely cause and proceed with steps 5-8. Repeat until resolved or escalated.

CWNP methodology
Identify the problem
Discover the scale of the problem
Define the possible causes of the problem
Narrow to the most likely cause
Create a plan of action or escalate the problem
Perform corrective actions
Verify the solution
Document the results

Networking Tools
Throughput testers are used to evaluate the useful data bits that can pass thorugh a network. They test TCP and UDP traffic. Examples are Windows iperf and Tamosoft.
Throughput testers are useful to the WLAN analyst for the following:
Verifying application performance problems
Locating intermittent performance issues
Validating the performance of a new WLAN
Proactively locating problem areas of the WLAN
Ensuring continued and consistent performance
Throughput testers evaluate the useful data throughput and not the data rate of the WLAN link. The useful throughput is always less than the data rate on WLANs because of management overhead.

Protocol analyzers allow you to capture and decode networking frames and packets. Wireless protocol analyzers require specifically compatible adapters.
Protocol analyzers are useful to the WLAN analyst for the following:
Analyzing network settings
Gathering details about unsupported networks
Checking for frame corruption and retransmissions
Locating the source of authentication and other communication problems
Identifying overloaded service sets or channels
Identifying devices on the network
Validating compliance with requirements
Discovering supported features and behaviors of wireless devices

Spectrum analyzers are used to monitor and analyze the RF activity in an area.
Spectrum analyzers are useful to the WLAN analyst for:
Locating sources of interference
Determining channel utilization for Wi-?Fi and non-Wi-Fi devices
Detecting poorly constructed hardware with improper spectral masks or inconsistent spectral masks
Discovering the presence of non-Wi-Fi activity, including incidental activity
Viewing signal strength in important coverage areas
Selecting the least busy channel for a new BSA

Operating System Tools include ping, traceroute, pathping, nslookup, netstat, and netsh (in Windows).
NETSH WLAN commands include:
SHOW INTERFACES
SHOW NETWORKS
SHOW DRIVERS
SHOW PROFILES

Chapter 2: 802.11 Communications

Network Layer – Layer 3 – Packets or Datagrams
Data Link Layer – Layer 2 – Frames
Physical Layer – Layer 1 – Bits and Bytes

802.11 State Machine
Unauthenticated/Unassociated
Authenticated/Unassociated
Authenticated/Associated
Status code 0 – association request is approved or successful
Status code 12 – association was rejected for some reason outside the scope of 802.11
Status code 17 – AP is already serving the max num of clients it can support
Status code 18 – client station doesn’t support all the basic rates required

SIFS times
-FHSS – 28us
-DSSS – 10us
-OFDM (including HT & VHT) – 16us
-HR/DSSS – 10us
-ERP – 10us

Slot Times
-DSSS – 20us
-HR/DSSS – 20us
-ERP – 20us(long); 9us(short)
-HT – 20us(long in 2.4GHz); 9us(short in 2.4GHz and always in 5GHz)
-VHT – 9us

IFS from shortest to longest:
RIFS,SIFS,PIFS,DIFS,AIFS,EIFS

Shannon-Hartley theorem defines the bandwidth capabilities of a channel
C=Blog2 (1+S/N) C-channel’s capacity in bits per second; B-channel’s bandwidth in kHz; S-received signal strength; N-noise

Chapter 3: 802.11 Frames

Frame Types
Management 00 (Beacon, Probe, Association, Disassociation, Reassociation, Authentication,
Deauthentication, Action)
Control 01 (ACK, RTS, CTS, BlockAckReq, BlockAck, Control Wrapper)
Data 10 (Data, QoS Data)

WPA2 Enterprise primary components
Supplicant (client STA)
Authenticator (AP or controller)
Authentication Server (usually RADIUS)

To DS=0 From DS=0 IBSS
To DS=1 From DS=0 From STA to AP
To DS=0 From DS=1 From AP to STA
To DS=1 From DS=1 Mesh

Chapter 4: WLAN Hardware

WLAN hardware can be divided into four basic categories:
Client Devices
Infrastructure Devices
Analyses Devices
Supporting Devices (wired devices, services, and servers)

AP Operational Modes
Root
Bridge
Repeater

AP Security Capabilities
MAC address filtering
802.1X port-based authentication
802.11i (TKIP/RC4 and CCMP/AES)
SSH and SSH2 for management access
HTTPS access to web-based management
WPA/WPA2
SNMP v3 for secure SNMP management
Various EAP types
Built-in firewalls
Support for VPN tunnel endpoints and pass-through
Content filtering

Chapter 5: Protocol Analysis

Primary software solutions for laptop-based analysis include:
Wireshark
Savvius OmniPeek
Fluke Networks Wi-Fi Analyzer Pro
TamoSoft Commview for Wi-Fi

Common Features
Frame capture
Frame decoding
Highlighting or Filtering
Expert Analysis

Chapter 6: Spectrum Analysis

RSSI is the signal strength rating that is vendor-specific, even though it is based on limited IEEE standard specifications. RSSI_MAX value determines the upper value of the RSSI rating.

Beamwidth is calculated where the signal reaches half power or –3dB.

Duty cycle measures the amount of time in which the amplitude is above some arbitrary threshold (such as –95dBm, or 15 dB above the noise floor, or –75 dBm).

Sweep is measured as a single scan of the bandwidth span.

Resolution bandwidth (RBW) is a reference to the smallest frequency that can be resolved by the receiver.

Utilization is a measurement of airtime consumed by the detected signal.

Chapter 7: Wired Issues

Common problem areas in central network services include DNS, DHCP, switch configuration, WLAN controller access by APs, and PoE.

Troubleshooting tools include operating system commands, hardware troubleshooting components, and protocol analyzers.

Operating System Commands
IPCONFIG
PING
TRACEROUTE
NSLOOKUP
NETSH

DHCP server should be configured to provide the domain name to the APs. This domain name will be used when querying DNS for the WLAN controller host records.

DHCP pool depletion results in a DHCP negative acknowledgement sent to the requesting client from the DHCP server. It may also be shown in the server logs.

When configuring DHCP option 43, the VCI (option 60) is only required if more than one option 43 must be configured. That is, if the only use for option 43 within a scope is AP controller assistance, the VCI configuration is not required, and the single option 43 entry will be automatically passed to all DHCP clients of the scope.

Common ports that should be configured properly in routers:
RADIUS: 1812 (authentication) and 1813 (accounting) UDP
Older RADIUS: 1645 (authentication) 1646 (accounting) UDP
NTP: 123 UDP
CAPWAP: 5246 (control) 5247 (data) UDP
LWAPP: 12222 (control) 12223 (data) UDP
DNS: 53 UDP
DHCP: 546 and 547 UDP

QoS Issues
QoS is applied at Layer 2 and Layer 3 of the OSI Model. At the Data Link layer 802.1p tags are used in the 802.1Q VLAN extension to the Ethernet frame. If you do not see VLAN information in the frame (even if a default VLAN is used), then you will not see QoS information in it on the wired side either.

Layer 3 QoS
IP Precedence used 3 priority bits with 8 possible priorities. DSCP uses 6 bits for a total of 64 possibilities.
DSCP 46 or IP Precedence 5 – expedited forwarding (EF) – VoIP
DSCP 34 or IP Precedence 4 – assured forwarding (AF) – video
DSCP 10 or IP Precedence 1 – used for standard data
DSCP 0 or IP Precedence 0 – best effort for background data

Layer 2 QoS
Markings are in the form of 802.1p class of service (CoS) markings or tags. CoS tags use 3 bits and range from 0 to 7. CoS values are in 802.1Q Ethernet frames.

Chapter 8: Common WLAN Issues

Insufficient Capacity
Co-Channel and Adjacent-Channel Interference
RF Noise and Noise Floor
RF Interference
Multipath
Hidden Nodes
Near-Far Problem
Weather