Troubleshooting Meraki Wireless

Overview

This document is designed to help get you started troubleshooting when users are having trouble connecting to meraki wireless networks.

Client Logs

The best place to start looking for errors is the client logs. Client logs offer everything from client adapter, mac address, SSID, encryption type, username, RSSI, and more.

In this case I am running Windows 10 using an Intel 7260.  To get to the logs open Windows Event Viewer and navigate to:

  • Event Viewer
    • Applications and Services Logs
      • Microsoft
        • Windows
          • WLAN-AutoConfig
            • Operational

Event Viewer - Guest Failed PSK

  • As you can see in the event summary of this information error you can determine the PSK entered for our Guest network was incorrect.
  • A successful connection will contain 6 log messages for PSK and 7 for 802.1X.
    1. AcmConnection (1) – Connection initiated.
    2. MsmAssociation (1) – Network Associated Started.
    3. MsmAssociation (2) – Network Association Succeeded.
    4. MsmSecurity (1) – Wireless Security Started.
    5. OneXAuthentication (1) – 802.1X Authenticated Started. (WPA2-ENT only)
    6. OneXAuthentication (2) – 802.1X Authentication Succeeded. (WPA2-ENT only)
    7. MsmSecurity (2) – Wireless Security Succeeded.

If you’re working on a client and not seeing what you are expecting, remember the gold rule:  sometimes clients just need to be rebooted.

Meraki Dashboard – Event Log

Once logged into the Meraki dashboard you can view the event log from the AP side of the communication. This may offer additional clues in your troubleshooting process. Note: The Meraki event logs may not offer much information for why a client is having an issue, but is a starting point.

    1. Event logs are accessed from the navigation menu Network-wideMonitor > Event Log.
    2. To filter for a particular client you can enter either the computer name or MAC address into the Client search field.
      • Example: searching for helpdesks-Macbook-Air is the same as searching for 84:38:35:52:0d:0a.
    3. From here you are able to have a broader view of all the events that occur between the AP and the client. In this example our client is connecting to Staff SSID using WPA2-ENT.

Meraki - Event Log
For help deciphering some of the messaging listed I recommend you check out meraki’s Common Wireless Event Log Messages article.

Meraki Dashboard – Packet Capture

To view packet captures navigate to Network-widePacket Capture in the dashboard. From here you will be able to capture up to 1200 seconds or 100,000 packets.

  1. Select the Access Point(s) your client is connecting to.
  2. Select your output type. I prefer to download a PCAP file and open in Wireshark.
  3. (Optional) Enter a filter expression to specific a specific host or IP address.
  4. Start the capture.

Dashboard - Packet Capture

Once the packet capture has been download, open it in Wireshark to view the results.

Wireshark - Packet Capture
Be sure to use these great Coloring Rules from Joel Crane, available here.

Useful display filters include:

Note: Wireshark may display Meraki OUI as MS-NLB-PhysServer-X

RADIUS Connectivity

To Verify the Access Points can authenticate against RADIUS navigate to Wireless >  Access Control and select the appropriate SSID.
About halfway down the page you will find the RADIUS servers section. Ensure the IP address and port configuration is correct. To test authentication, click the Test button.

Dashboard - RADIUS Pre-Test

Enter your Active Directory credentials to begin the test.
Note: These MUST be valid credentials in order for the test to be successful.
Select Begin test.

Dashboard - RADIUS Post-Test

Here you can see we have 62 APs that are all able to reach the RADIUS server and authenticate the entered credentials.

Conclusion

In conclusion, a meraki network is simplified, but there are still some troubleshooting skills you need to know.  Hopefully these few tips will give you enough guidance to get those clients back where they belong – ON THE WIFI!

If you have any other tips or tricks please comment them below to help others in the community.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s