Troubleshooting Meraki Wireless

Overview

This document is designed to help get you started troubleshooting when users are having trouble connecting to meraki wireless networks.

Client Logs

The best place to start looking for errors is the client logs. Client logs offer everything from client adapter, mac address, SSID, encryption type, username, RSSI, and more.

In this case I am running Windows 10 using an Intel 7260.  To get to the logs open Windows Event Viewer and navigate to:

  • Event Viewer
    • Applications and Services Logs
      • Microsoft
        • Windows
          • WLAN-AutoConfig
            • Operational

Event Viewer - Guest Failed PSK

  • As you can see in the event summary of this information error you can determine the PSK entered for our Guest network was incorrect.
  • A successful connection will contain 6 log messages for PSK and 7 for 802.1X.
    1. AcmConnection (1) – Connection initiated.
    2. MsmAssociation (1) – Network Associated Started.
    3. MsmAssociation (2) – Network Association Succeeded.
    4. MsmSecurity (1) – Wireless Security Started.
    5. OneXAuthentication (1) – 802.1X Authenticated Started. (WPA2-ENT only)
    6. OneXAuthentication (2) – 802.1X Authentication Succeeded. (WPA2-ENT only)
    7. MsmSecurity (2) – Wireless Security Succeeded.

If you’re working on a client and not seeing what you are expecting, remember the gold rule:  sometimes clients just need to be rebooted.

Continue reading

Advertisements

Cisco Mobility Express

Cisco recently announced a solution capable of bringing controller functionality to access points, bringing new options to your small to medium deployments.  The solution, Cisco Mobility Express, allows you to convert an 1830/1850 access point into a Mobility Express AP.  In this mode you are able to control up to 25 FlexConnect APs and 500 clients in as little as ten minutes.  But, why would Cisco put a controller in an AP?

Let’s face it, wireless is a dynamic space.  We see use cases and requirements ranging from straight-forward to something resembling that of a Willy Wonka contraption.  Cisco now has a fleet of options from Controllers for traditional CAPWAP networks, to IOS-XE for networks with Unified Access in mind, Meraki for customers who prefer cloud management, and now Mobility Express for customers with small to medium deployments who can benefit from nerd-knobs expected in an enterprise deployment.  I personally hope the diversity offered does not lead to more diversity in features leading to confusion or aggravation amongst users; only time will tell.

You may have asked yourself, “How can I set up a Wireless LAN Controller in less than ten minutes?”  Well, that is a good question and has a bit of a complicated answer.  Yes it is possible to configure the 1830/1850 to be a Mobility Express AP and have a network up and running in that short of time, but you will still need to make tweaks – as with any wireless deployment.

Continue reading

Configuring a 3602 for Wireless Surveying

Cisco has recently released their new flagship access point, the 3602. This access point is nothing short of a beast. It has been completely redesigned with 4 transmit and 4 receive antennas and can sustain three spatial streams. This AP also features the first-to-market expansion slot that will be used for the Security and Spectrum Intelligence (SSI) module scheduled for release in Q1 of 2013. Cisco will then be releasing an 802.11ac capable module in the first half of 2013.

Now that you’ve invested (or are planning on investing) in this new generation of access points, you’re going to be out surveying new deployments with them. The only problem with this AP is it comes with a Lightweight IOS image preloaded. Cisco does offer a feature limited autonomous IOS that can be used for surveying – which is what we will be setting up and configuring today.

This process will require a few things:

  • Cisco 3600 Autonomous IOS (Available from Cisco.com)
  • TFTP Server (Available free from http://tftpd32.jounin.net)
  • Console Cable
  • Switch – Workstation and AP MUST be on the same VLAN

Below I have listed two options for you to choose from for converting your access point to the autonomous IOS required for active surveying. Option A is your easiest and most preferred method, Option B will work if you run into a problem using Option A.

Option A
Step 1: Change your IP Addressing on your TFTP Server to the following:

  • IP Address: 10.0.0.5

We have to do this because when we set the AP into default mode it will automatically use the address of 10.0.0.2 and will send a broadcast looking for a recovery image.

Step 2: Change the name of your Autonomous IOS to:

  • ap3g2-k9w7-tar.default

Step 3: Boot your AP while holding the MODE button. Do NOT release until you see “image_recovery: Download default IOS tar image tftp://255.255.255.255/ap3g2-k9w7-tar.default.”

At this point you will see the IOS downloading to your AP.

Step 4: Once the download is complete your AP should reboot automatically. If not, then enter the following command to boot into the autonomous IOS.
ap: boot flash:/ap3g2-k9w7-mx.152-2.JA/ap3g2-k9w7-xx.152-2.JA

Now that we have the IOS booted we need to configure the boot statements to make sure we boot into the autonomous IOS at startup.

ap.>enable
Password: Cisco (default password)
ap.#config t
ap.(config)#boot system flash:/ap3g2-k9w7-mx.152-2.JA/ap3g2-k9w7-xx.152-2.JA

Now scroll down to the Configuration section and get ready to survey!

Option B
First things first, load up your TFTP server and set it to use the folder where your IOS is stored.

Now that your TFTP server is ready, we can get your access point ready to go.

My network is addressed as a 192.168.1.0/24 network and this is the addressing we will be using for the remaining commands in this guide.

Step 1: Boot your AP while holding the MODE button. Do NOT release until you see “image_recovery: Download default IOS tar image tftp://255.255.255.255/ap3g2-k9w7-tar.default.”

Step 2: At the ‘ap:’ prompt, configure the following commands:
ap: set IP_ADDR 192.168.1.10
ap: set NETMASK 255.255.255.0
ap: set DEFAULT_ROUTER 192.168.1.1

Step 3: Prepare the AP for the TFTP transmission.
ap: ether_init
ap: tftp_init

Step 4: Using the tar command begin the TFTP transmission.
ap: tar -xtract tftp://(ServerIP)/Filename Flash:
eg: ap: tar -xtract tftp://192.168.1.5/ap3g2-k9w7-tar.152-2.JA.tar flash:

This portion may take some time, but keep an eye on it to make sure there are no prompts that may time the process out.

Step 5: Boot into the new autonomous IOS.
ap: boot flash:/ap3g2-k9w7-mx.152-2.JA/ap3g2-k9w7-xx.152-2.JA

Now that we have the IOS booted we need to configure the boot statements to make sure we boot into the autonomous IOS at startup.

ap.>enable
Password: Cisco
(default password)
ap.#config t
ap.(config)#boot system flash:/ap3g2-k9w7-mx.152-2.JA/ap3g2-k9w7-xx.152-2.JA

SSID Configuration
Finally, we can now begin configuring the AP for surveying.
What I prefer to do is to create an SSID on the 2.4GHz frequency and a separate SSID for the 5GHz frequency. It makes it easier for me while in the field to select the correct band I want to survey. We will step through the process for creating both and some of the options we can use.

Step 1: Let’s create the 5GHz SSID:
ap.#Dot11 SSID Survey-5
ap.(config-ssid)#Authentication Open
ap.(config-ssid)#guest-mode
– This tells the AP to broadcast this SSID.

Step 2: Now let’s configure the 5GHz Radio, Dot11Radio1.
ap.(config)#interface dot11radio1
ap.(config-if)#ssid Survey-5
ap.(config-if)#channel width 40-above
– Set your channel width to what you will be using in production, either 20MHz or 40MHz.
ap.(config-if)#channel 5180 – Locks the AP into using channel 36. This will come in handy when setting up your channel scanning in your surveying program.
ap.(config-if)#power local 17 – this will configure the radio to use 50mW – Refer to Cisco Radio Transmit Power for a handy conversion chart.
ap.(config-if)#no shutdown

At this point you now have the ability to connect to the access point and can survey on 5GHz. Now let’s continue by configuring the 2.4GHz Radio.

Many of the steps will be the same, with minor differences.

Step 1: Let’s create the 2.4GHz SSID:
ap.#Dot11 SSID Survey-2
ap.(config-ssid)#Authentication Open
ap.(config-ssid)#guest-mode
– This tells the AP to broadcast this SSID

Step 2: Now let’s configure the 2.4GHz Radio, Dot11Radio0.
ap.(config)#interface dot11radio0
ap.(config-if)#ssid Survey-2
ap.(config-if)#channel width 20
– This is the default and does not need to be entered, I just wanted you to know that 20MHz is the only option for 2.4GHz.
ap.(config-if)#channel 1 – Locks the AP into using channel 1. This will come in handy when setting up your channel scanning in your surveying program.
ap.(config-if)#power local 14 – This will configure the radio to use 25mW – Refer to Cisco Radio Transmit Power for a handy conversion chart.
ap.(config-if)#no shutdown

DHCP Configuration
You can enable your AP to be a DHCP server – allowing for quicker configuration changes in the field.
ap.(config)#interface BVI 1
ap.(config-if)#ip address 192.168.0.1 255.255.255.0
ap.(config-if)#exit
ap.(config)#ip dhcp excluded-address 192.168.0.1 192.168.0.5
ap.(config)#ip dhcp pool NAME
ap.(dhcp-config)#network 192.168.0.0 /24
ap.(dhcp-config)#default-router 192.168.0.1

You can now telnet into your AP using the default username Cisco and password Cisco.

Well, that’s it! You’re done and ready to go out into the wild blue yonder and survey to your hearts content!
In the next blog we will be using the SSIDs that we just created to perform surveys using Airmagnet Pro.
Please leave any feedback in the comments and feel free to ask questions.

Credit for the steps to TFTP the IOS goto Vinay Sharma