Always Check The VLAN – Troubleshooting Wi-Fi

In the wired networking world, we have an adage, “Always check the physical” – meaning the PHY layer or specifically the cables, connectors, and that you have a link light. So many times problems happen at the bottom of the OSI stack.

I’ve found many times in the world of Wi-Fi we sometimes forget this maxim, and look to some RF or 802.11 problems first. Since the complaints usually come in the form of, “the Wireless network is not working”… we just follow along and start troubleshooting at the parts we can’t see.

I was reminded of this flaw a while ago when called out on an urgent, must get here today, the network isn’t working, 4-hour drive one-way, emergency troubleshooting issue. I show up on-site and hear the IT department’s complaints. Their Chromebooks were not able to use Google for web searching, Bing worked, Yahoo worked, just not Google.

After learned of this unique issue, I then took a couple of minutes of a training intervention to explain it wasn’t an ‘emergency’ since search engines and the entire access to the Internet was still working. We then got down to solving their issue.

After years and years of hearing people first blame the Wireless network – and finding the issues were never a Wi-Fi one in the past – I started by walking the IT staff through the packet flows from client device, through Access Point, switch fabric, router, firewall, ISP connection, etc.

They swore the VLAN the new Access Points that were not working, was exactly the same VLAN as the old working Access Points . So we did some empirical checking, and the Chromebooks worked on the old SSIDs via the old APs and yet failed on the new SSIDs and the new APs. Hmmm…

Just to humor me, I asked to see the switch configurations and VLAN assignments. They didn’t know how to access the switches – they were Cisco-trained folks and had HP switches. (no comments please) – So instead I just looked at the IP addresses given to clients from the older APs vs the newer APs. Funny they were from entirely different subnets, not just a little off, but public IPs on the old and private IPs on the new. So we tried to find what their external IP addresses were using http://whatismyip.com. Yep, as you would expect, totally different.

When we finally found someone to help track down access to the management side of their switches – we did find the two sets of access points were using not only different VLANs, but different DNS, different firewalls, and different ISPs.

So back to the title of this blog, “Always Check The VLAN” – should be just as ingrained in Wireless LAN Professionals, as the older, “Always Check The Physical”.This is just one simple experience out of many I’ve had over the years when if I’d just checked the VLAN status first – we would have saved a lot of time in troubleshooting the Wireless LAN.

I knew this, have taught it for years, and yet I also was seduced by the customers insistence that it was a “Wireless Problem”. Try to learn from my mistakes and Always Check The VLAN before chasing down Wi-Fi rat holes.

Happy WLANing!