Contents
Troubleshooting using Controller Logs
Troubleshooting Clients that Cannot Detect the AP Wi-Fi
Troubleshooting Clients that are Unable to Connect the to AP Wi-Fi
Troubleshooting Clients Unable to Obtain an IP Address
Troubleshooting Clients Unable to Access Local LAN
Troubleshooting Clients Unable to Access the Internet
Troubleshooting Poor Throughput
Troubleshooting Abnormal Client Behaviors
Objective
This article provides an overview of troubleshooting steps for commonly experienced wireless issues.
Requirements
- Omada Access Point (AP)
- Omada Controller (Software Controller/Hardware Controller/CBC, v5.9 and above)
Introduction
Your clients may occasionally experience concerns while using your Omada Wireless network. This article will discuss the common concerns a user may encounter and how to troubleshoot them.
Troubleshooting
Troubleshooting using Controller Logs
The Controller’s logs can record abnormal client behavior, such as inability to associate, roaming, or authentication. You should enable all types of client events in the controller’s log menu. This way, if the client encounters a wireless concern, the controller log can be checked to find the anomaly's cause and quickly narrow down the scope of the troubleshooting.
Troubleshooting Clients that Cannot Detect the AP Wi-Fi
Step 1. Check whether the WLAN Group used by the AP contains the target SSID.
Step 2. Check whether SSID Broadcast is enabled on the target SSID.
Step 3. Check whether the WLAN Schedule is enabled on the target SSID.
Step 4. Check whether SSID Override is enabled on the target SSID.
Step 5. Check whether the Radio is enabled on the target SSID.
Step 6. Check whether the AP's working channel is a DFS Channel.
Step 7. Confirm whether the client supports the current AP working channel.
Troubleshooting Clients that are Unable to Connect to the AP’s Wi-Fi
Step 1. Verify the client can see the network SSID in the Available network list.
Step 2. Check the Security Key and enter the correct password for the desired network.
Step 3. Check whether the Network Name contains any non-ASCII characters. If it does, the client may be unable to recognize the SSID. If so, please delete the related characters and try again.
Step 4. Check whether the clients support the configured Security Mode. If WPA3 encryption is configured, some IoT or 802.11n clients may be unable to associate with the network. In this case, you can change the Security Mode to a blended mode like WPA2/WPA3 and reconnect the clients.
Step 5. Check whether the SSID is configured with the PMF function. When the PMF function is set to Mandatory, clients that do not support PMF may be unable to connect to the network. In this case, you should turn off the PMF function and try again.
Step 6. Check the client’s signal strength. If the Wi-Fi signal strength of a client is weak, the client association will fail. In this case, you can move the client closer to the AP and re-associate.
Step 7. Confirm whether a third-party authentication server is required during the association process.
- Check whether the SSID security method is WPA-Enterprise or PPSK with Radius.
- Check whether the MAC-Based Authentication function is enabled.
- If a Radius authentication server is required, check whether the Radius Profile is configured correctly.
- If a customer uses PPSK with Radius encryption or enables MAC-Based Authentication, ensure that the MAC-Address Format is consistent with the format used in the Radius server.
Step 8. Check whether MAC-related functions are configured to prohibit access to specific clients.
- Check whether the MAC Filter is enabled. If the MAC Filter is enabled for the SSID with the deny list, clients on the list cannot associate with the SSID.
- Check the Blocked list on the Insight page. You can go to Insight > Known clients > Blocked and check. Clients in the blocked list will be unable to access the network.
- Check whether Lock to AP is enabled. If Lock to AP is enabled, the client can only associate with a specific AP. You can go to Insight > Known Clients and select the corresponding time and client to check whether the client is locked to a particular AP.
- Check the WIPS Dynamic Block List (supported only in Omada Pro Controller). If the above function is configured, turn it off and try to associate again.
Step 9. Check whether Load Balance is enabled.
- Check whether Maximum Associated Clients is enabled. Check whether the number of currently connected clients has reached the threshold if enabled.
- Check whether the RSSI Threshold is enabled. If RSSI Threshold is enabled, clients with signal strength below the set threshold cannot access the network. You can try to turn off this function or move closer to the AP to reconnect during troubleshooting.
Step 10. Check if 802.11 Rate Control is enabled. For example, if Rate Control is set to 24M on 2.4G, devices with a negotiated rate lower than this rate, such as 802.11b-only devices, will be unable to connect. In this case, you can turn off this function and try to reconnect the clients.
Step 11. Check whether Deauthenticate is enabled (supported only in the Omada Pro Controller).
Troubleshooting: Clients Unable to Obtain an IP Address
Step 1. Check whether the DHCP server is reachable. You can use the Network Check function provided by the Controller to test connectivity.
Step 2. Check whether the DHCP address pool has any available addresses. If the DHCP address pool has been fully allocated, expand the address pool.
Step 3. Check whether the VLAN configuration in the network is correct.
- Check whether SSID VLAN is enabled. If SSID VLAN is enabled, check whether the corresponding ports of the switch and gateway in the network are configured with the corresponding VLAN.
- If the SSID’s Security is PPSK without Radius, check whether the PPSK profile is configured with VLAN attributes, and check whether the corresponding ports of the switch and gateway at the front end of the network are configured with the corresponding VLAN.
- If a Radius authentication server is required, check whether VLAN is enabled in the Radius Profile and whether the VLAN authorization attribute configuration in the Radius server is correct. For example, the Tunnel-Type value is fixed to 13 (or VLAN); the Tunnel-Medium-Type value is fixed to 6; and the Tunnel-Private-Group-ID value is the divided VLAN number. Check whether it is the expected VLAN value.
- For AP models with downlink ports, also check whether the Port VLAN is enabled and whether the corresponding ports of the switches and gateways at the front end of the network are configured with the corresponding VLAN.
Troubleshooting: Clients Unable to Access Local LAN
Step 1. Check whether the SSID that the client associates has enabled Guest Network. Usually, the guest network cannot access the local LAN.
Step 2. Check whether ACL is enabled.
Step 3. Check whether the client has set up firewall rules. If not, please turn off the firewall and try again.
Troubleshooting: Clients Unable to Access the Internet
Step 1. Check whether the network parameters obtained by the client are correct.
- If an illegal DHCP server in the network assigns the client a wrong IP address or gateway, the client will be unable to access the Internet. Therefore, it is necessary to check whether the parameters, such as the IP address, subnet mask, and gateway IP address obtained by the client, are correct. If they are incorrect, find the illegal DHCP server and remove it.
- If the client uses the static IP address, ensure it is configured with the gateway IP address and the DNS server IP address.
Step 2. Check whether there is an IP conflict with the client. If an IP conflict occurs, the client's IP address cannot be used commonly. You can check for IP conflict in the following two ways:
- Check the client IP addresses in the Clients list of the Controller.
- Check whether duplicate IP addresses are in the DHCP Client List on the DHCP server.
Step 3. Check whether the connectivity between the client and the gateway is regular.
Step 4. Check whether the connectivity between the client and the DNS server is regular.
- Check whether the client can ping the DNS server.
- Check whether the DNS resolution is standard. For example, enter the nslookup command in the Windows system in the cmd window, such as nslookup www.google.com, to see if there is a response.
- Change the DNS server address to the IP address of a public DNS server, for example, 8.8.8.8, and try again.
Step 5. Check whether the wired network can usually access the Internet. Connect a wired client directly through the gateway or switch at the front end of the network to check whether the wired client can access the Internet. If not, check the wired network.
Step 6. Check whether there is severe interference in the wireless environment that prevents the client from accessing the Internet. When the channel utilization of the associated frequency band is greater than 70%, the user's Internet experience may be affected. Check the channel utilization. If it is too high, it is recommended that the client switch to a channel with lower channel utilization.
Step 7. Check whether illegal multicast or broadcast sources are occupying wireless resources. Check the multicast and broadcast message statistics on the Omada Controller (supported by Omada Controller 5.14 and above). Suppose there are too many multicast or broadcast messages in a short period. In that case, enabling Multicast/Broadcast Rate Limit (supported by Omada Controller 5.14.30 and above) or Multicast Filtering (supported by Omada Controller 5.9 and above) is recommended.
Step 8. Check whether the communication rules are configured to restrict the client's Internet access. You should turn off the particular configuration and then try to access the Internet.
- Check whether EAP ACL is enabled.
- Check whether URL Filtering is enabled.
- Check whether Portal authentication is enabled.
Step 9. Check whether the client has set up firewall rules. If not, please disable the firewall and try again.
Troubleshooting: Poor Throughput
Step 1. Check the client signal strength in the Clients list. Generally speaking, the client signal strength must be greater than -65 dBm. If the client's signal strength is too weak, you can:
- Adjust the AP's transmit power to increase coverage.
- Increase the number of APs to eliminate coverage blind spots and weak signal areas.
- Move the client closer to the AP and test again.
Step 2. Check the AP channel utilization. If the channel utilization exceeds 70%, it may affect the user's network experience. In this case, you can:
- Manually set a clean channel for testing.
- If multiple APs are deployed, it is recommended that WLAN Optimization be enabled to deploy power and channels to reduce interference between APs automatically.
Step 3. Check the multicast and broadcast traffic in the network. If there are too many multicast and broadcast messages, a large amount of air interface resources will be occupied, affecting the average network experience of the client. In this case, it is recommended to use the following methods to control multicast and broadcast traffic:
- Enable Multicast/Broadcast Rate Limit (supported by Omada Controller 5.14.30 and above).
- Enable ARP-to-Unicast Conversion (enabled by default in Omada Controller 5.14.30 and above) and Multicast-to-Unicast Conversion (enabled by default in Omada Controller 5.9 and above).
- If no multicast application exists in the network, you can enable Multicast Filtering.
Step 4. Check whether other clients in the network are performing large-volume operations, such as downloading large files. You can view each client's traffic usage information in the Clients list. In this case, you can set a Rate Limit.
- Enable SSID Rate Limit. SSID Rate Limit sets an overall speed limit for all clients associated with the SSID.
- Enable Client Rate Limit. Client Rate Limit limits the speed of a single client.
Step 5. Check whether many clients have weak signals and low rates in the network. You can view RSSI information in the Client list. You can enable RSSI Threshold to eliminate clients with weak signals in this case.
Step 6. Check whether the AP to which the client is currently connected is overloaded. If so, enable Maximum Associated Clients to control the number of clients accessing the AP.
Step 7. Check whether Band Steering is enabled (enabled by default in Omada Controller 5.14 and above). In a wireless environment, the interference in the 2.4G band is generally more substantial than in the 5G/6G band. Therefore, enabling Band Steering and setting it to Prefer 5GHz/6GHz to guide clients that support 5GHz/6GHz to associate with the 5GHz/6GHz band first is recommended.
Step 8. Check if there is any other Wi-Fi interference in the network environment. After eliminating the interference source, please conduct a comparative test.
Troubleshooting: Abnormal Client Behaviors
Use different clients to test whether the wireless issues occur only on a specific client. If yes, restart the client and try again.
This article provides a detailed troubleshooting analysis of some common wireless issues. If you encounter wireless-related problems, you can follow the troubleshooting process in this article to troubleshoot.