Troubleshooting WLAN issues with 802.11 Frames – #CWAP9
I have pen down a some troubleshooting scenarios which I’ve come across while studying for CWAP exam.
To begin with,
Management Frames > Foundation of how wireless radios detect, join and operate on WLAN.
Control Frames > Frames which control the delivery of Data frames.
Data Frames > Carry actual data payload from/to layers 3-7.
Some scenarios which frames can provide an insight for.
- Client Roaming Observations – In some cases, there might be some issues with clients not able to perform seamless roaming or the roaming might be delayed when client moves from one AP to another. In some cases we may need to find which type of roaming method are supported by the AP to diagnose other issues. Let’s see how the frames can help.
- To find the roaming handoff time from one AP to another we have to examine the frames from type > Reassociation Type to the completion of 4-way handshake. E.g. frame below
- Total roaming time can be calculated by subtracting the EAPOL M4 time (0.105180) with Reassociation Request Frame(.003857)= .101323 ~ approx. 101ms
- Type of roaming method can be deduced from the Tagged Parameters set in 802.11 Wireless LAN section. Below example uses Over-the-air Fast BSS, value of 1 will denote it using Over-the-DS BSS.
- Management Retries – Generally anything under 20% of Management retries in the network is considered OK or acceptable. There is no set vendor recommended management retry. In a prod environment it is bound to have certain % of retries even if the AP or Client placement/AP Tx Power/Interference and Channel settings are set to optimal. In any case anything over constant 20% retries could indicate some concerns in the WLAN environment which need investigation.
- We can also check this on the Wireshark IO graphs as below to highlight the management retries. Below network has lot of management retries and needs further investigation
- Duration/ID field
- 16 bits in length, used for virtual carrier-sense, legacy power management & contention-free period.
In the below RTS frame, the duration value is 2048ms. The radio is asking for permission to reserve airtime to pending transmission. The receive radio can allow or deny this request. But higher duration value can indicate the delays it is causing in allowing/denying the request. This can cause some weird behavior in client operation, may also cause disruption in network services. We have to closely check the change log on the WLAN environment. If this is a result of some WLAN controller/AP software update or other updates which may cause the issues. Also NOTE: Please check the device and not always high duration value can be a problem.
![IEEE 8ø2.11 Request-to-send, Flags: ..... ...C
Type/Subtype: Request—to—send (Oxøølb)
v Frame Control Field: exb40e
. .øø = Version: 0
= Type: Control frame (1)
= Subtype: 11
løll
Flags:
øxoo
. .øø = DS status: Not leaving DS or network is operating in AD—HOC mode (To DS:
ø . — More Fragments: This is the last fragment
— Retry: Frame is not being retransmitted
- PWR MGT: STA wilt stay up
. = More Data: No data buffered
. — Protected flag: Data is not protected
Order flag: Not strictly ordered
.øøø løøø oøøø ooøø -
Duration: 2ß48 microseconds
Receiver address: App 92:ga)
Transmitter address: 7a:8a:2ø:øf:bg:6f
Frame check sequence: øx4d4e67bf (unverified]
[FCS Status: Unverified]
e From DS: e)
(exø)](https://i0.wp.com/keepcalmandping.online/wp-content/uploads/2020/02/image-3.png?resize=640%2C238&ssl=1)
- Null Data Frames / Power Management
The null data frames are in fact not null as per their description. They can help in troubleshooting few WLAN issues. Null data is categorised under control frame. It is only transmitted from a STA/Client. The sole purpose is to carry power management frames controlled field. The power management bit will either be set to 0 or 1. Below are the examples.
STA = 0, it is informing AP that it(STA) is In active power state (awake) and transmission of frames from AP to STA should be normal.
STA =1, is informing AP that it is going offline and any frames that come into the AP from this STA should be buffered at the AP till the STA returns and sends a NULL frame of 0, active state.
PSM > Power Save Mode allows the client STA to go into sleep mode. It can essentially turn of the NIC functions including the radio thereby consuming less battery and conserving it. Some devices can benefit from this but there are some which may have aggressive power save mode options. So one needs to check the client driver details to troubleshoot any issues relating to client.
Some known issues with Power Management are described in below links
Another reason why client STA may inform AP about changing the bit to 1 is when it is roaming. Suppose client has reached the roaming limits of the AP it was connected to and wants to switch to the nearby one, in order to to this it may go off the channel sending the buffer frames signal to AP and resume its connection.
[…] Troubleshooting WLAN issues with 802.11 Frames […]