When a user’s Wi-Fi network experience falters, frustration often ensues, and the blame is swiftly directed at the wireless network itself. Often, the culprit lies elsewhere. In this blog post, I’ll explore the often overlooked factors that can impact a device’s experience—namely, DHCP, DNS, RADIUS, and improper network segmentation, and how wireless network monitoring can help you solve the issue quickly.
Wireless network connection check #1: DHCP
DHCP (Dynamic Host Configuration Protocol) is a crucial component of Wi-Fi (and networks in general) as it automates the process of assigning IP addresses to devices connected to the network. Without a valid IP address, devices cannot establish network connectivity, leading to an inability to access the internet or communicate with other devices on the network. Here are two things to look into:
- DHCP Server Issues: If there is a problem with the DHCP server, such as it being unavailable or misconfigured, Wi-Fi users may struggle to obtain an IP address. In some cases of misconfiguration, a DHCP server may lease out an IP address that may have been statically assigned.
- Bad DHCP Lease Durations: DHCP lease duration plays a significant role in network stability. A DHCP lease determines how long an IP address is assigned to a device. If the lease duration is too short, devices may need to frequently renew their IP addresses, resulting in interruptions in network connectivity. Conversely, if the lease duration is too long, the DHCP server may exhaust its available IP addresses, preventing new devices from joining the network.
(Pro Tip: separate Wi-Fi subnets from wired subnets)
Generally speaking DHCP lease times for a Wi-Fi network should be around 8-24 hours. If you find yourself shortening lease times to free up room in the subnet, consider expanding the subnet.
Wireless network connection check #2: DNS
DNS (Domain Name System) plays a crucial role in translating human-readable domain names into IP addresses, enabling users to access websites and other network resources. Typically, symptoms of intermittent, slow performance or web page access often indicate DNS misconfiguration or DNS server unavailability. When DNS-related issues arise, several symptoms can affect users in the following ways:
- Slow or intermittent website access: DNS resolution is required to translate domain names into IP addresses for accessing websites. If there are DNS-related problems, users may experience intermittent access to websites. Pages may fail to load completely, or display errors due to the inability to resolve domain names.
- Unable to access specific websites or services: DNS issues can result in users being unable to access specific websites or online services. When the DNS lookup fails for a particular domain, users will encounter errors or be directed to alternative, unintended destinations.
- Incorrect or outdated DNS records: In an enterprise environment, managing DNS records is essential. If DNS records are incorrect or outdated, users may be directed to the wrong IP addresses or experience difficulty reaching the intended destinations.
Wireless network connection check #3: Radius Authentication Server
A RADIUS (Remote Authentication Dial-In User Service) server is commonly used for authentication, authorization, and accounting purposes in Wi-Fi networks. While RADIUS servers provide essential functionality for enterprise authentication, they can sometimes cause issues for Wi-Fi users. Here are the symptoms of RADIUS server-related problems that can affect Wi-Fi users:
- Certificate Expiration: If you haven’t seen it before, this is a common Wi-Fi networking forum topic: “My Wi-Fi network just went down”. When the RADIUS server certificate expires, clients attempting to authenticate may encounter errors or failures during the authentication process. The server’s expired certificate cannot be trusted by the client, leading to authentication problems and preventing users from successfully connecting to the network. Clients may receive error messages indicating that the server certificate is not valid or has expired.
- Authentication failures: If a RADIUS server encounters issues, such as misconfiguration or unavailability, it may fail to authenticate user credentials properly. As a result, Wi-Fi users may experience repeated authentication failures when attempting to connect, preventing them from accessing the network. They may be prompted to re-enter their credentials or receive error messages indicating authentication issues.
- Slow or delayed authentication: When a RADIUS server is under heavy load or experiences performance issues, the authentication process can become slow or delayed. Wi-Fi users may experience extended wait times during the authentication phase, leading to a delay in establishing a connection to the network. 802.11r can significantly help reduce the number of authentications against a radius server.
- User Supplicant Misconfigurations: One of the ways that a RADIUS server may become stressed is when a lot of devices are misconfigured and repeatedly attempt to authenticate to a Wi-Fi network. Personally, I’ve seen a single device attempt 80,000 authentications in a day.
(Pro Tip: MetaGeek’s Tonic can hunt down the devices failing RADIUS authentication. If you need to find something to re-configure it, give Tonic a Try.)
Wireless network connection check #4: Improper handling of Layer 2 broadcast traffic
As I mentioned above, it is best to separate wireless and wired subnets to minimize broadcast traffic. Layer 2 broadcast traffic can have an impact on wireless networks due to the inherent nature of wireless communication and the way broadcast packets are handled. Wireless networks extend layer 2 collision domains to the channels in use. In fact, with multiple SSIDs broadcasting from a single AP, just one SSID that shares a subnet with a wired network can cause issues for all Wi-Fi users. Look here to start:
- Network congestion and scalability issues: Excessive broadcast traffic can cause network congestion and scalability issues in wireless networks. As the number of devices and broadcast packets increases, the network capacity may become overwhelmed, leading to performance degradation and decreased responsiveness. This becomes particularly problematic in environments with a high density of devices or in networks with limited bandwidth.
- Increased airtime utilization: Broadcast traffic is sent to all devices within the network, and wireless devices within range will receive and process these broadcast packets. In a wireless network, this can lead to increased airtime utilization as devices spend time processing broadcast packets that are not relevant to them. This can result in reduced available bandwidth and increased latency for other types of traffic, impacting overall network performance.
- mDNS: I’m lumping this one in because it is something users now expect, but in larger networks, mDNS traffic can bring Wi-Fi performance to a crawl. mDNS allows devices to discover and resolve domain names without relying on a centralized DNS server. It simplifies the process of discovering services and devices on a local network without the need for manual configuration. However, it is important to note that excessive mDNS traffic can still impact network performance and scalability, especially in larger networks or environments with a high density of devices.
How To minimize broadcast traffic on a wireless network
To mitigate the impact of Layer 2 broadcast traffic on wireless networks, network administrators can implement various strategies:
- Segment the network: Implementing separate VLANs and subnets can help contain and control the scope of broadcast traffic. By segmenting the network, broadcast packets are confined to specific segments, reducing the impact on the entire wireless network.
- Optimize broadcast settings: Fine-tuning broadcast settings on access points, such as enabling broadcast limitations can help manage the impact of broadcast traffic. These settings can be adjusted to strike a balance between network efficiency and the need for essential broadcast communication.
By understanding the intricate interplay of these components, we can shift our focus from immediately blaming the Wi-Fi and instead adopt a more comprehensive approach to troubleshooting network issues.