Skip to main content
Cisco Meraki

Wireless Health

Wireless Health Overview 

Wireless Health is a feature designed to allow Administrators to quickly and easily see an overview of their wireless networks and quickly identify anything that might be contributing to poor performance or user experience.

In addition to easily identifying potential issues Wireless Health also makes it easy to look at a specific client, Access Point, or SSID that has had issues reported and clearly see what the most common points of failure are. This makes troubleshooting existing issues much easier and also helps to identify potential issues that may arise in the future, or even just areas where improvements could be made in the current deployment.

 NOTE: The recommended minimum firmware version for Wireless Health is MR 24.12.

Use Cases 

  • Gain additional visibility and insight into the wireless network performance beyond 'the wireless is working' or 'the wireless is not working.'

  • Identify areas of potential improvement 

  • Help highlight and troubleshoot existing issues

Features 

  • Easily see detailed connection statistics on a per-AP, per-SSID, or per-Client basis.

  • Included with standard Dashboard licensing, no special licensing or additional fees required.

API Access

For more information on Meraki's APIs, please visit our dedicated API documentation website: http://meraki.io.The API reference documentation is provided in a Postman collection accessible at http://postman.meraki.com.

Health Tab

Overview 

Wireless Health is accessed by going to Wireless > Access points > Health in the Dashboard. The Overview page gives a quick reference point to see the overall health of the wireless network. At a glance, the Overview page provides a quick reference for the total number of client devices facing issues from a connection and latency standpoint. The Overview tab will also show the percentage change in the values over the past hour.

Screen Shot 2021-01-04 at 4.20.44 PM.png

NOTE: If the % change from the previous time period is <1% it will not be displayed.

Below the Overview header, there is a graphical view showing client connection statistics across the entire network in a single snap shot, this is the connection steps graph. This is very useful to understand how the overall network is doing in terms of client connectivity.

The Connection Steps Graph 

The Connection Steps graph quickly and easily shows each step in the process that clients go through every time they connect to an Access Point. This makes it more simple than ever before to see at what step in the process clients might be experiencing issues. From left to right we see each step in the process beginning with the Association and followed by Authentication, DHCP, and DNS resolution, culminating with the overall Success Rate of clients that have attempted to connect to the wireless network. As clients move through the connection process that data is recorded and displayed as a percentage of clients who were able to successfully complete each step in the connection process.

It is expected to see an overall Success Rate of less than 100% as no client will always connect to a wireless network properly every time. Seeing a large drop in Success Rates at a certain step in the process could indicate an issue that is potentially affecting clients abilities to connect to the network properly. For example, in the image below we can clearly see that a disproportionate number of issues happen during initial DNS resolution for connected clients, indicating that there may be an issue relating to DNS on the network.

Connections Graph.png

Association

Shows the total percentage of clients that successfully Associated to an Access Point out of those that attempted in the specified time period.

Authentication

Shows the percentage of clients that successfully Associated that were also able to successfully Authenticate in the specified time period.

An 802.11 authentication occurs prior to an 802.11 association. As such, an 802.11 authentication failure will count as an Association failure. Authentication failures are WPA/WPA2 authentications that have failed, perhaps due to an incorrect pre-shared key, expired client certificate, or invalid username/password on a client, for example.

DHCP 

Shows the percentage of clients that successfully Associated and Authenticated that were also able to receive a valid DHCP address. 

DNS 

Shows the percentage of clients that successfully Associated, Authenticated, and got a DHCP address that were able to resolve their first DNS request. 

Success Rate 

Shows the percentage of clients that were able to successfully Associate, Authenticate, get a DHCP address, resolve DNS, and pass traffic on the wireless network.

Below the Connection Step graph, we have all different issues captured by different parameters. Below is a list of those captured issues:

Connection Issues by SSID

This section of the page lists the SSID that is having the most issues along with the number of clients impacted on the SSID. The Dashboard will further also capture the step at which the clients are facing issues on a specific SSID. This will provide a very clear indication of whether the failures are on a specific SSID or across all SSIDs in the network.

Connection Issues by Client

This section of the page lists the problematic clients that are having the highest number of issues for connection. The connection of a client is monitored across different steps: Association, Authentication, DHCP, and DNS. As a client device fails any of these steps it is captured in this section. The section also shows the number of attempts made by the client device failed along with the step on which failure was observed. 

Connection Issues by AP

This section of the page lists APs in the Network and the number of clients that have experienced connection issues when attempting to connect to each AP during the selected timeframe. The respective Client Devices with Problems columns list the number and percentage of clients out of total devices that had more than 50% of connection attempts fail for the selected time frame. Clicking on the Number of Client Devices for a specific AP will open the Failed Connections page, filtered to show only failed connections for the chosen AP.

Highest AP to Client Latency

This section of the page lists each AP in the network and the average 802.11 latency for clients connected to that AP, sorted by highest average latency. Latency is measured by looking at 802.11 frames and comparing the time between when the frame leaves the AP radio and when the corresponding ACK arrives back at the AP from the client.

Connection Issues by Client Device Type

This section displays a list of detected client types and the number of clients in each of those those groups that have experienced connection issues when attempting to connect to the wireless network during the selected timeframe. The respective Client Devices with Problems columns list the number and percentage of clients out of total devices that had more than 50% of connection attempts fail for the selected time frame. Clicking on the Number of Client Devices for a specific device type will open the Failed Connections page, filtered to show failed connections for the chosen device type.

Screen Shot 2021-01-04 at 4.39.11 PM.png

Highest Client Latency by Device Type

This section lists each detected client type on the network and the average 802.11 latency for connected clients of that type, sorted by highest average latency. Latency is measured by looking at 802.11 frames and comparing the time between when the frame leaves the AP radio and when the corresponding ACK arrives back at the AP from the client.

Map

The Map section initially displays a color coded map of APs. Hovering over an AP will display a popup showing the AP Name, number of clients that have had >50% of connection attempts to that AP fail, and the percentage of total clients affected by connection issues. Like the Health by AP map, as each AP experiences more client connection issues it will change color:

  • Green (<50% of total connection attempts failing)
  • Yellow (50-75% of total connection attempts failing)
  • Red ( >75% of total connection attempts failing). 

Screen Shot 2021-01-04 at 4.44.30 PM.png

Connection Log 

The Connections tab shows detailed information about recent client connections and connection attempts including total connection attempts for the chosen time period, the number of failed connection attempts, number clients with more than 50% of connection attempts failing, and the average number of failed connections per failing client. The Connections tab can be filtered by both SSID or by VLAN to allow for more granular tracking of connections and wireless health. 

Connections3.png

NOTE: If the % change from the previous time period is <1% it will not be displayed.

Failed Connections

Clicking the total number of Failed Connections will bring up the Failed Connections page which provides detailed information about all connection failures for the selected time period. This includes the connection time, client device name, AP, and SSID involved in the connection attempt, in addition to the connection stage that failed and more detailed information about why it failed.

Similar to the Connections tab on the Wireless Health page, the Failed Connections page can be filtered by SSID, VLAN, Access Point, Client, or Failure Step by using the dropdown menus at the top of the page. Clicking on the Client Name will open the Client Details page for that client. Similarly, clicking on the AP name will open the Access Point Details page for that access point. Clicking the Wireless Health link at the top of the page will go back to the Connections tab on the Wireless Health page. 

Failed Connections 2.png

NOTE: Clients that have never successfully associated to the listed AP and SSID combination will appear under VLAN 0.

Troubleshooting 

General Wireless Troubleshooting 

For general Wireless Troubleshooting tips feel free to check out the following articles:

Association Issues 

Association failures are commonly caused by either a client misconfiguration or an incompatibility between the client and access point. Sometimes when a device roams between APs quickly it will not be able to fully associate to an AP before going out of range, which can contribute to low overall Success Rates without actually indicating an issue in the network. For more information about the 802.11 association process please see our 802.11 Association process article.

Authentication Issues 

Authentication issues are one of the most common types of connection failures. If Authentication issues appear to be limited to specific clients ensure that those clients are connecting to the correct SSID and have the correct user credentials. One of the most common reasons for low success rates in a network is a client with incorrect credentials that is attempting to automatically re-connect to an SSID and failing repeatedly. 

If Authentication issues appear to be located around a certain AP then depending on the type of Authentication configured that could indicate a potential issue with the upstream switchport configuration or a configuration error on an Authentication server, such as a RADIUS server.

If Authentication issues appear to be centered on a specific SSID, ensure that the SSID is configured as expected and that any additional configuration, such as required for 802.1X Authentication, is completed and correct on the associated server.

Fields Seen in 802.1X Failure Reason

An example of 802.1X authentication failure reason on Wireless Health page would look like:

type='802.1X auth fail' num_eap='9' first_time='0.012724844' associated='false' radio='1' vap='7'
  • type='802.1X auth fail': Denotes that client used 802.1X to get authenticated
  • num_eap='9': Denotes that authentication failed at the 9th RADIUS packet exchange between client machine and authentication server
  • first_time='0.012724844': Tells the time it took for MR to get the first EAP packet from client machine. This information could be useful for troubleshooting and understanding latency issues.
  • associated='false': Denotes current state of the client
  • radio='1': Denotes that client is attempting to connect to 5Ghz band (0 = 2.4Ghz and 1 = 5Ghz)
  • vap='7': Denotes that client is attempting to connect to SSID#8 (vap='0' = SSID#1, vap='1' = SSID#2, and so on..)

DHCP Issues 

Most commonly when clients are experiencing DHCP issues the root cause is related to VLAN tagging either on the SSID or on an upstream switchport. If all clients on a certain SSID are failing DHCP then the first thing to check is that client addressing is set correctly on the the SSID. This can be checked by going to Wireless > Configure > Access Control and scrolling to the Client Addressing section of the page. Ensure that the addressing is configured properly and if using VLAN tagging, ensure that the SSID is using the correct VLAN tagging setup.

If DHCP issues appear to be centered around a specific AP ensure that the upstream switchport settings of that AP are configured properly to allow traffic for all the necessary VLANs to pass. 

DNS Issues 

DNS Issues are typically caused by a misconfiguration on either the client or an upstream switchport. For example, if the client is trying to resolve a local hostname but attempting to use a public DNS server we may see DNS failures recorded. Alternatively, if the client is trying to resolve a hostname using a local DNS server located on another VLAN but an upstream configuration error is preventing communication between the client and server we would see DNS errors generated for multiple clients on a single AP/SSID. 

Low Success Rates 

Low Success Rates can be caused by a number of factors. Environments that see lots of client roaming or have a high density deployment can experience unexpectedly low success rates due to multiple incomplete connections as clients quickly roam through the range of a given access point.  Other situations such as having a client with incorrect saved credentials automatically reconnecting and failing repeatedly can quickly contribute to a low overall Success Rate as well. The best way to troubleshoot a low success rate is to use the Connection Steps Graph to quickly identify where in the process the majority of connection failures are occurring, then checking the Health by AP and Health by Client sections to identify if there is an easily identifiable source for the failed connections.