Wireless Health is a feature designed to allow Administrators to quickly and easily see an overview of their wireless networks and quickly identify anything that might be contributing to poor performance or user experience.
In addition to easily identifying potential issues Wireless Health also makes it easy to look at a specific client, Access Point, or SSID that has had issues reported and clearly see what the most common points of failure are. This makes troubleshooting existing issues much easier and also helps to identify potential issues that may arise in the future, or even just areas where improvements could be made in the current deployment.
NOTE: The recommended minimum firmware version for Wireless Health is MR 24.12.
Gain additional visibility and insight into the wireless network performance beyond 'the wireless is working' or 'the wireless is not working.'
Identify areas of potential improvement
Help highlight and troubleshoot existing issues
Easily see detailed connection statistics on a per-AP, per-SSID, or per-Client basis.
Included with standard Dashboard licensing, no special licensing or additional fees required.
For more information on Meraki's APIs, please visit our dedicated API documentation website: http://meraki.io.The API reference documentation is provided in a Postman collection accessible at http://postman.meraki.com.
Wireless Health is accessed by going to Wireless > Monitor > Wireless Health in the Dashboard. The Overview page gives a quick reference point to see the overall health of the wireless network. At a glance the Overview page provides a quick reference for the percentage of failed connection attempts and average packet latency of connected wireless clients. Clicking on the percentage of Failed Connections will open the Connections tab, while clicking the Avg. Packet Latency will open the Packet Latency tab.
NOTE: If the % change from the previous time period is <1% it will not be displayed.
Below the Overview header are two tabs that give a more detailed overview of the wireless network, Health by AP and Health by Client Device Type. The Health by AP tab provides a quick reference to see if any individual Access Points are having widespread connection issues such as connectivity or latency issues, while the Health by Client Device Type tab can quickly show if a specific type of client, such as iPhones, are having unusual connectivity or latency issues compared to other types of clients.
When the Health by AP tab is selected the displayed map shows a color coded overview of all the APs in the Network.
In addition to failing client connections, very high high latency for connected clients will also cause the APs to change color to indicate an issue. Hovering over a specific AP on the Map will provide an overview of that AP including the AP Name, percentage and number of clients out of total devices with more than 50% failed connections, and the average latency for connected clients.
This section of the page lists APs in the Network and the number of clients that have experienced connection issues when attempting to connect to each AP during the selected timeframe. The respective Client Devices with Problems columns list the number and percentage of clients out of total devices that had more than 50% of connection attempts fail for the selected time frame. Clicking on the Number of Client Devices for a specific AP will open the Failed Connections page, filtered to show only failed connections for the chosen AP.
This section of the page lists each AP in the network and the average 802.11 latency for clients connected to that AP, sorted by highest average latency. Latency is measured by looking at 802.11 frames and comparing the time between when the frame leaves the AP radio and when the corresponding ACK arrives back at the AP from the client.
The Health by Client Device Type tab displays information about wireless clients based on the detected device type. For more information about how Meraki determines the client device type please check out the Client Identification section of our Applying Policies by Device Type article.
This section displays a list of detected client types and the number of clients in each of those those groups that have experienced connection issues when attempting to connect to the wireless network during the selected timeframe. The respective Client Devices with Problems columns list the number and percentage of clients out of total devices that had more than 50% of connection attempts fail for the selected time frame. Clicking on the Number of Client Devices for a specific device type will open the Failed Connections page, filtered to show failed connections for the chosen device type.
This section lists each detected client type on the network and the average 802.11 latency for connected clients of that type, sorted by highest average latency. Latency is measured by looking at 802.11 frames and comparing the time between when the frame leaves the AP radio and when the corresponding ACK arrives back at the AP from the client.
The Connections tab shows detailed information about recent client connections and connection attempts including total connection attempts for the chosen time period, the number of failed connection attempts, number clients with more than 50% of connection attempts failing, and the average number of failed connections per failing client. The Connections tab can be filtered by both SSID or by VLAN to allow for more granular tracking of connections and wireless health.
NOTE: If the % change from the previous time period is <1% it will not be displayed.
Clicking the total number of Failed Connections will bring up the Failed Connections page which provides detailed information about all connection failures for the selected time period. This includes the connection time, client device name, AP, and SSID involved in the connection attempt, in addition to the connection stage that failed and more detailed information about why it failed.
Similar to the Connections tab on the Wireless Health page, the Failed Connections page can be filtered by SSID, VLAN, Access Point, Client, or Failure Step by using the dropdown menus at the top of the page. Clicking on the Client Name will open the Client Details page for that client. Similarly, clicking on the AP name will open the Access Point Details page for that access point. Clicking the Wireless Health link at the top of the page will go back to the Connections tab on the Wireless Health page.
The Connection Steps graph quickly and easily shows each step in the process that clients go through every time they connect to an Access Point. This makes it more simple than ever before to see at what step in the process clients might be experiencing issues. From left to right we see each step in the process beginning with the Association and followed by Authentication, DHCP, and DNS resolution, culminating with the overall Success Rate of clients that have attempted to connect to the wireless network. As clients move through the connection process that data is recorded and displayed as a percentage of clients who were able to successfully complete each step in the connection process.
It is expected to see an overall Success Rate of less than 100% as no client will always connect to a wireless network properly every time. Seeing a large drop in Success Rates at a certain step in the process could indicate an issue that is potentially affecting clients abilities to connect to the network properly. For example, in the image below we can clearly see that a disproportionate number of issues happen during initial DNS resolution for connected clients, indicating that there may be an issue relating to DNS on the network.
Shows the total percentage of clients that successfully Associated to an Access Point out of those that attempted in the specified time period.
Shows the percentage of clients that successfully Associated that were also able to successfully Authenticate in the specified time period.
An 802.11 authentication occurs prior to an 802.11 association. As such, an 802.11 authentication failure will count as an Association failure. Authentication failures are WPA/WPA2 authentications that have failed, perhaps due to an incorrect pre-shared key, expired client certificate, or invalid username/password on a client, for example.
Shows the percentage of clients that successfully Associated and Authenticated that were also able to receive a valid DHCP address.
Shows the percentage of clients that successfully Associated, Authenticated, and got a DHCP address that were able to resolve their first DNS request.
Shows the percentage of clients that were able to successfully Associate, Authenticate, get a DHCP address, resolve DNS, and pass traffic on the wireless network.
The Connection Issues by AP section initially displays a color coded map of APs very similar to the Health by AP map on the Overview page. Hovering over an AP will display a popup showing the AP Name, number of clients that have had >50% of connection attempts to that AP fail, and the percentage of total clients affected by connection issues. Like the Health by AP map, as each AP experiences more client connection issues it will change color:
Below the map is a list of each AP in the network. The respective Client Devices with Problems columns display the number and percentage of total clients that have had >50% of their connection attempts to that AP fail, in addition to the most common failure stage for failed connections and the total number of failed connections by all clients to each AP. Clicking on the Number of Client Devices for a specific AP will open the Failed Connections page, filtered to show only failed connections for the chosen AP. Similarly, clicking on the Primary Failure Stage will open the Failed Connections page filtered to show only connections to the chosen AP that failed on the selected Failure Stage.
Similar to the Connection Issues by AP list, Connection Issues by Client lists individual clients that have had recent connection issues, sorted by number of failed connections. This list includes the Client Device, the percentage and number of failed connection attempts out of total connection attempts from that client, and the primary failure stage for failed connections during the selected time period. Clicking on the Number of Failed Connections or Primary Failure stage will open the Failed Connections page pre-filtered to events for the chosen client and failure stage respectively.
Clicking on the Client Name will bring up the Client Details page for that client.
This section displays a list of the detected client types and and information about any connection issues experienced by each group of devices during the selected timeframe. The respective Client Devices with Problems columns list the number and percentage of clients out of total devices in each group that had more than 50% of connection attempts fail for the selected time frame. The Primary Failure Stage column lists the most common point of failure during the connection process for each group of client devices.
The Packet Latency tab displays information about the latency for different traffic types from Access Points to their associated wireless clients. Depending on the type of traffic different values are used to determine the impact of the latency. For example, good latency for Voice Traffic is defined as <32ms from the AP to the Client, while Best Effort and Background traffic consider anything <128ms of latency to be good. Like the Connections tab, this page can be filtered by both SSID or VLAN tag.
NOTE: Latency is measured by looking at 802.11 frames and comparing the time between when the frame leaves the AP radio and when the corresponding ACK arrives back at the AP from the client.
This section provides several helpful graphs to quickly identify if there are any WLAN latency related issues on the wireless network. Traffic is automatically divided into the four categories used by 802.11e (WMM) based on detected traffic type, each of which have expected acceptable latency as described above. Below each graph are the various ranges for acceptable latency of each traffic category.
NOTE: If all traffic is only showing as Best Effort try enabling DSCP tagging or Traffic Shaping rules to help with traffic identification.
This section lists the percentage of high latency traffic for each traffic category on a per-AP basis along with the average wireless latency for connected clients on each AP.
Similar to the above section, this section lists the percentage of high latency traffic for each traffic category along with the average wireless latency and number of devices in each group of clients based on device type.
For general Wireless Troubleshooting tips feel free to check out the following articles:
Association failures are commonly caused by either a client misconfiguration or an incompatibility between the client and access point. Sometimes when a device roams between APs quickly it will not be able to fully associate to an AP before going out of range, which can contribute to low overall Success Rates without actually indicating an issue in the network. For more information about the 802.11 association process please see our 802.11 Association process article.
Authentication issues are one of the most common types of connection failures. If Authentication issues appear to be limited to specific clients ensure that those clients are connecting to the correct SSID and have the correct user credentials. One of the most common reasons for low success rates in a network is a client with incorrect credentials that is attempting to automatically re-connect to an SSID and failing repeatedly.
If Authentication issues appear to be located around a certain AP then depending on the type of Authentication configured that could indicate a potential issue with the upstream switchport configuration or a configuration error on an Authentication server, such as a RADIUS server.
If Authentication issues appear to be centered on a specific SSID, ensure that the SSID is configured as expected and that any additional configuration, such as required for 802.1X Authentication, is completed and correct on the associated server.
An example of 802.1X authentication failure reason on Wireless Health page would look like:
type='802.1X auth fail' num_eap='9' first_time='0.012724844' associated='false' radio='1' vap='7'
Most commonly when clients are experiencing DHCP issues the root cause is related to VLAN tagging either on the SSID or on an upstream switchport. If all clients on a certain SSID are failing DHCP then the first thing to check is that client addressing is set correctly on the the SSID. This can be checked by going to Wireless > Configure > Access Control and scrolling to the Client Addressing section of the page. Ensure that the addressing is configured properly and if using VLAN tagging, ensure that the SSID is using the correct VLAN tagging setup.
If DHCP issues appear to be centered around a specific AP ensure that the upstream switchport settings of that AP are configured properly to allow traffic for all the necessary VLANs to pass.
DNS Issues are typically caused by a misconfiguration on either the client or an upstream switchport. For example, if the client is trying to resolve a local hostname but attempting to use a public DNS server we may see DNS failures recorded. Alternatively, if the client is trying to resolve a hostname using a local DNS server located on another VLAN but an upstream configuration error is preventing communication between the client and server we would see DNS errors generated for multiple clients on a single AP/SSID.
Low Success Rates can be caused by a number of factors. Environments that see lots of client roaming or have a high density deployment can experience unexpectedly low success rates due to multiple incomplete connections as clients quickly roam through the range of a given access point. Other situations such as having a client with incorrect saved credentials automatically reconnecting and failing repeatedly can quickly contribute to a low overall Success Rate as well. The best way to troubleshoot a low success rate is to use the Connection Steps Graph to quickly identify where in the process the majority of connection failures are occurring, then checking the Health by AP and Health by Client sections to identify if there is an easily identifiable source for the failed connections.