Affordable battery pack for occasional Wi-Fi “AP on a stick” site surveys

Since I don’t survey every day, I could not justify the purchase of a full-blown battery pack. My goal is to get a universal battery pack, which would allow me to survey for 5 hours and provide power to my laptop or USB device (like the WLAN Pi) at the same time.

A quick research made me to test the RAVPower AC 27000 mAh Power Bank. Here is what I’ve learned after using it for a few days:

  • The 2 built-in fans kick in when AC device starts drawing more than 20 Watts. Below this threshold, the fan is off. With the fan on, it actually becomes annoyingly loud (watch this video).
  • The AC inverter seems to operate with 82% efficiency
  • MacBook Pro 61 Watt power brick charges the battery using USB type C port
  • It powers USB devices and 230V AC devices (power injector in my case)
  • Capacity of 99.9 Wh

Things I like about this battery pack:

  • It is universal and power USB and AC devices
  • Its size and capacity are great

Things I don’t like:

  • When AC load exceeds 20 Watts, the 2 fans become generate significant noise
  • The adapter from its AC socket to UK socket is really poor, does disconnect very easily and cuts power. This is a huge downside.
  • AC power automatically switches off when the connected device draws less than 8 Watts or so. If you need to power a very low power device, use the USB port or plug one more device in to increase total load.

Battery life tests

I tested a few access points powered by a PoE+ 802.3at injector:

Cisco Catalyst 9115 in site survey Embedded Wireless Controller mode stays powered for 6 hours and 24 minutes and draws around 13 Watts.

Cisco Aironet 1560I (in 2SS only mode) in Mobility Express site survey mode stays powered for 5 hours and 28 minutes and draws around 15 Watts.

Formula to estimate battery life

Cisco Aironet 1540I draws around 8 Watts (measured by a smart plug) and estimated battery life is:

Run time = Battery capacity in Wh * Battery inverter efficiency / Power drawn by device in Watts = 99.9 * 0.82 / 8 = 10.2 hours

Tested devices powered by AC power

MacBook Pro (13-inch, 2019, Four Thunderbolt 3 ports) powered using MacBook 61W USB-C power adapter connected to the battery pack charged the laptop with no problem. The only annoyance is the battery fan noice. I can’t imagine using this in an open plan office as it would disturb others. Charging while on site or in a car is not a problem.

I was able to power Cisco WLC 2504 and 3504 with no problem at all and they drew around 25 Watts. You can use the above formula to calculate estimated battery life.

Cisco Catalyst compact switch WS-C3560CX-8XPD-S is not able to be powered by this battery, the battery goes into overload mode and cuts power. I suspect the AC wave output of the inverter is far from “perfect sine” and it prevents some devices to be powered. A different battery pack with better filters would be my suggestion if you need to power a device like this.

Another Cisco Catalyst compact switch WS-C3560CG-8PC-S works perfectly fine and draws about 17 Watts with no Ethernet ports connected and no PoE provided to its downstream devices.

Maximum AC load test

It tried connecting as many devices to the battery pack and power them using the inverter. These devices can be powered concurrently just fine:

  • Cisco Meraki MS220, Cisco Small Business SF100-08P switch, Aironet 3800 AP, Catalyst 9105AXI AP, Aironet 1800S Wi-Fi active sensor, Aironet 1560I, MR32 AP, MR20 AP, Aironet 1815W, a Bluetooth speaker and Raspberry Pi 4

How I fixed the supplied AC adapter issue

As I mentioned, the provided power adapter is a joke and not fit for purpose if you want to connect a device using a UK power plug. Just the weight of the power cable itself pulls the adapter from the battery pack socket and stops power supply to the connected device.

I decided to keep the battery pack as everything else works quite well and I replaced the provided adapter by a power cable with European plug and IEC C14 to UK socket “UPS” power adapter. This on its own stays connected in the battery inverter’s socket quite nicely and I added a couple of velcro straps to keep it securely in place at all times.

Fan noise

Introducing Telegram Bot for the WLAN Pi

Up until now, you could only use the WLAN Pi display to see its IP address and other IP details. If you are on the same subnet you could do ping wlanpi.local. Alternatively, your DHCP server log or show ip arp on the access switch could tell you.

Telegram Bot for the WLAN Pi automates the whole process and it sends you the IP details of your WLAN Pi whenever the Pi comes online. You can then easily and remotely skim through the details, check its IP address, public IP address, current mode, uptime, switch and port details the WLAN Pi is connected to, or double-check that its Ethernet adapter successfully negotiated 1 Gbps Full Duplex.

And you can do all this from you wrist, phone, tablet or laptop.

How to enable Telegram Bot

  1. Download WLAN Pi image 2.0.1 or newer. Flash it onto an SD card. Boot up from this SD card.
  2. Create a new Telegram account if you do not have one already. Start the Telegram app.
  3. Let’s create a new Telegram bot. Find a person called Botfather and send them a message saying /newbot.
  4. Follow the instructions to create a new bot.
  5. After the new bot is created, copy the API key to a text editor.
  6. Start a new chat with the newly created bot and say Hey, Hi or something like that and welcome them to the blue planet. This is mandatory and you can send more than one message.
  7. Now SSH to the WLAN Pi and run this command with root privileges sudo telegrambot
  8. It will complain about missing API key and tell you where to paste it.
  9. Edit the configuration file, uncomment the second line and paste your own API key from step 5 using sudo nano /etc/networkinfo/telegrambot.conf.
  10. Save the file using CTRL+o (letter o) and exit the editor using CTRL+x.
  11. Make sure you sent a Telegram message in step 6 to your new bot.
  12. Connect your WLAN Pi to the internet.
  13. Finally, reboot by sudo reboot

Multiple Pi’s can use the same API key and send their IP configurations to the same chat or you can have 1 chat per WLAN Pi (my preferred option). It is completely up to you.

How often are Telegram messages sent?

Every time the WLAN Pi reboots and has internet access, it will send a new message to you.

If internet connection goes down (for example when you disconnect the Ethernet cable, DNS server stops responding or something breaks at your ISP while eth0 still remains up) for more than 10 seconds, the WLAN Pi will send you a new message with its fresh details after the internet connection goes up again.

Send a new message manually

Assuming you have completed the setup using the above instructions, you can SSH to the WLAN Pi at any time and send a new Telegram message manually using sudo telegrambot.

How to troubleshoot

If you are not receiving any message from the WLAN Pi, send another message to the Telegram bot using the Telegram app and reboot the Pi.

You can also check the logs and grep for telegrambot:
sudo cat /var/log/messages | grep telegrambot

Apple iOS 14 Private Address feature, per SSID Wi-Fi MAC randomisation and how it actually works

Apple published a brief summary of the newly introduced “Private Address” Wi-Fi feature. Since it does not go into the detail, I tested the public iOS 14.0 release on an iPhone SE and iPad Mini in my lab. Here is how it actually works.

New Wi-Fi networks

For SSIDs you have not connected to before, iOS 14 devices generate a random MAC “Private Address” and they use this MAC address permanently for this SSID. This address does NOT change over time. This works as expected.

Previously used Wi-Fi networks

Known Wi-Fi networks you have already connected to at least once before the upgrading to iOS 14 get a different treatment though. And this is where things are not as straightforward as the documentation suggests.

After upgrading to iOS 14, I connect to a known network which I have already used before the upgrade. The MAC address that is used is actually the real hardware MAC address of the Wi-Fi adapter for 24 hours. Note that the “Private Address” feature is enabled. This could potentially be considered a UI bug.

24 hours after first connecting from an iOS 14 device to this known SSID, the “Private Address” feature kicks in and the MAC address for this SSID automatically switches from the real MAC address to a randomly generated MAC address. Personally, I assume that this 24-hour period has been developed to allow enterprises to disable Private Address feature on their managed iOS devices using MDM, but I may be wrong.

From this point onwards the same randomly generated Private Address is permanently used for this SSID and does NOT change over time.

Schedule WLAN availability on Catalyst 9800 Series Wireless LAN Controllers

Catalyst 9800 controllers come with built-in support for WLAN availability scheduling. When a WLAN becomes disabled, APs do not broadcast the SSID and channel utilisation decreases. Also, it can be implemented as a security enhancement to prevent client devices from connecting during specified hours.

At the time of writing IOS-XE 17.3.1 does not yet offer a GUI for this capability, but there is a couple of options how to schedule WLAN availability.

Before we start, please double-check time settings on the controller, enable NTP client and set a correct timezone.

Option 1: Built-in Calendar Profile

The configuration is self-explanatory, so let’s start with that. My example enables all WLANs mapped to the “default-policy-profile” from 9 am to 5 pm every week day. Outside of these times, the SSIDs will not be available for clients to join.

configure terminal
!
wireless profile policy default-policy-profile
shutdown
!
no wireless profile calendar-profile name WEEKDAYS-9-TO-5
!
wireless profile calendar-profile name WEEKDAYS-9-TO-5
day monday
day tuesday
day wednesday
day thursday
day friday
recurrence weekly
start 09:00:00 end 17:00:00
!
wireless profile policy default-policy-profile
calendar-profile name WEEKDAYS-9-TO-5
action wlan_enable
no shutdown
!

Verification

You can verify using a Wi-Fi client. If you do “show wlan summary”, the WLANs will still appear as “Enabled” and this is expected. To verify current status of WLANs controlled by the Calendar Profile, please use “show logging | include SCHEDULED_WLAN”.

Reference

Official documentation explaining Calendar Profiles.

Option 2: EEM Script

If you like flexibility, an EEM script running on the controller triggered by CRON might work even better for you. Special thanks to Federico Ziliotto for this.

event manager applet EEM_SCHEDULE_WLAN_UP
event timer cron cron-entry "0 9 * * 1-5" name 9_AM_MON_TO_FRI
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "wlan MY_SSID"
action 4.0 cli command "no shut"
action 5.0 cli command "end"
action 6.0 syslog msg "Scheduled WLAN_SSID has been enabled"

event manager applet EEM_SCHEDULE_WLAN_DOWN
event timer cron cron-entry "0 17 * * 1-5" name 5_PM_MON_TO_FRI
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "wlan MY_SSID"
action 4.0 cli command "shut"
action 5.0 cli command "end"
action 6.0 syslog msg "Scheduled WLAN_SSID has been disabled"

Reference

Here and here are some useful and practical EEM examples for your reference.

How to convert hundreds of Cisco Aironet or Catalyst APs from Mobility Express or Embedded Wireless Controller to Lightweight mode using Option 43

You may have used DHCP Option 43 to point an AP to its controller before. But only very few people know that Cisco APs can automatically convert themselves from the built-in controller mode (think Mobility Express or Embedded Wireless Controller) to Lightweight mode after they receive a special Option 43 from a DHCP server.

If you have a pallet of access points (or routers with built-in Wi-Fi in Mobility Express mode) next to your desk and need to convert all of them to Lightweight mode, simply configure DHCP Option 43 in the following format on your DHCP server and plug them into a PoE capable switch. After the APs boot up and receive the option from DHCP server, they automatically switch to the Lightweight mode and attempt to join the configured controller (192.168.130.2 in our case).

Option 43 format used for AP conversion

f2:05:c0:a8:82:02

“f2” tells the AP that we want it to switch to Lightweight mode

“05” means that only one controller IP address will follow

“c0:a8:82:02” is the controller IP address (192.168.130.2 in this case) in hexadecimal format, search for “IP to Hex Converter” if you do no want to do the math

Cisco IOS/IOS-XE DHCP server configuration

You can run DHCP server on a Catalyst switch. The DHCP scope configuration is straightforward. 

ip dhcp pool <pool name>
network <ip network> <netmask>
default-router <default-router IP address>
dns-server <dns server IP address>
option 43 hex f205c0a88202

WLAN Pi, Raspberry Pi and any other Linux ISC DHCP server configuration

Special thanks to Nicolas Darchis, who helped me find the “vendor-encapsulated-options” option. It lets you enter Option 43 in the hex format and all it takes is a single line of DHCP server configuration.

# eth0 DHCP scope on ISC DHCP server
subnet 192.168.130.0 netmask 255.255.255.0 {
interface eth0;
range 192.168.130.100 192.168.130.200;
option routers 192.168.130.1;
option domain-name-servers 208.67.222.220, 208.67.222.220;
default-lease-time 86400;
max-lease-time 86400;
option vendor-encapsulated-options f2:05:c0:a8:82:02;
}

DHCP server on Cisco Meraki MX appliance

If your DHCP server runs on a Cisco Meraki MX appliance, you can easily configure Option 43 using Dashboard. Here are the instructions.

Packet capture or it did not happen

Here is the DHCP Offer packet with the special Option 43 value sent from DHCP server to the APs. They will start the conversion automatically after receiving it.

Option 43 which converts the AP from ME or EWC mode to lightweight

Verify successful AP conversion to Lightweight mode

Console to one of the APs and you will notice this message:

[*08/25/2020 23:24:39.5620] Last reload reason : 2: AP type changed from ME to CAPWAP

Or you can let the AP finish its job. And then verify successful conversion to Lightweight mode whenever you are ready using the “show version” command.

9120#show version
<output omitted>
9120 uptime is 0 days, 0 hours, 5 minutes
Last reload time : Tue Aug 25 23:24:39 UTC 2020
Last reload reason : AP type changed from ME to CAPWAP
<output omitted>

Cisco Aironet and Catalyst AP Option 43 configuration for ISC DHCP server on Linux

There is great document explaining how to configure Option 43 on ISC DHCP server on the Cisco website.

If all you need is a simple DHCP server which will assign Option 43 to all devices on the network, without selectively assigning it only to specific AP models using the class construct, you can simplify your ISC DHCP server configuration to this. It works great on a WLAN Pi.

Configuration

# Linux ISC DHCP server configuration in /etc/dhcp/dhcpd.conf
option space Cisco_LWAPP_AP;
option Cisco_LWAPP_AP.server-address code 241 = array of ip-address;

# eth0 DHCP scope
subnet 192.168.73.0 netmask 255.255.255.0 {
interface eth0;
range 192.168.73.100 192.168.73.200;
option routers 192.168.73.1;
option domain-name-servers 208.67.222.222, 208.67.220.220;
default-lease-time 86400;
max-lease-time 86400;
vendor-option-space Cisco_LWAPP_AP;
option Cisco_LWAPP_AP.server-address 10.10.10.10, 10.20.20.20;
}

Verification

The access point will get its IP configuration from the DHCP server including Option 43 and will try to join these controllers.

Throughput speed test of the fastest tp-link and Devolo Magic 2 Wi-Fi power line adapters (PLC)

I am in the market of buying a new pair of power line adapters. Power line is a great alternative or complement to Ethernet and Wi-Fi. It provides low latency and jitter and is very flexible and easy to install.

The current tp-link TL-PA6010 adapters have served me well, but they are now reaching their maximum throughput. So, I decided to get a new pair of the fastest adapters on the market (Devolo Magic 2 Wi-Fi) and also a pair of the best adapters from tp-link (TL-PA9020P). These will be used to connect my home office and lab networks to my router.

Since there are multiple brands offering a variety of products with a variety of advertised speeds, I am curious to see if the more expensive adapters are worth the premium price, what real throughput they would provide and if and how much a passthrough socket improves the power line speed.

Left to right: Devolo Magic 2 Wi-Fi, tp-link TL-PA9020P, tp-link PL-PA6010 (not sold anymore, this would be an equivalent)

Specification

I tested my current low-end adapters and two new high-speed ones:

Throughput, ping, jitter, power and Wi-Fi tests

Power line speeds vary and depend on the distance between the two adapters, your electrical wiring and interference. Please take the numbers below as relative ones, which would allow you to compare how these adapters perform under the same conditions and in the same setup.

All throughput numbers below were TCP measurements taken by iPerf3 running on a WLAN Pi (a single-board computer with 1 Gbps Ethernet) and the client was my MacBook with 1 Gbps USB-C Ethernet adapter. There were no intermediate network devices between them:

MacBook iPerf3 client <-> PLC1 <-> PLC2 <-> WLAN Pi iPerf3 server

The average download speed (measured 5 times at each of the locations in my house) ranges from 13% to 26% of the advertised speeds and goes nowhere near them. With £16 per 100 Mbps, the cheapest adapter seems to be the best value for money, unless you need higher speed and are willing to pay for it. It also is the most power efficient.

Devolo Magic 2 proved to the be the fastest solution with 331 Mbps average download speeds, while TL-PA9020P provided slightly better upload speeds than Devolo.

Each of the parameters (i.e. Download average) consisted of five iPerf3 tests in each location and I then computed the average values:

Built-in Wi-Fi access point

Devolo Magic 2 Wi-Fi remote adapter comes with a built-in dual-band 802.11ac Wi-Fi AP (not just a repeater as some of the cheaper adapters), but it is unstable and resets the power line connection every single time I connect and generate some traffic. I used the latest firmware available in July 2020. If a built-in Wi-Fi is a must-have for you, do NOT buy this adapter. Wait until it gets fixed or look for alternatives.

This is what happens. The SSID is broadcast, a Wi-Fi client can associate to the AP, but when the iPerf test starts, the client gets disconnected and power line connection is torn down for 10 seconds or so and then re-establishes. I was able to reproduce this bug every single time and it was not just one-off random problem.

On the positive note, it supports 2.4 GHz only, 2.4 + 5 GHz or 5 GHz only modes. It does not let you change channel width on 5 GHz though and always uses 80 MHz, which may sound like a good idea in a small town, but it is a disaster in a shared building with many other access points and neighbours present.

If high-speed power line without Wi-Fi is what you are after, then the Magic 2 non-Wi-Fi model could be a good option for you.

Passthrough socket

Passthrough socket allows you to plug an electrical appliance to the power line adapter without generating the socket your adapter is plugged into unusable. Cheaper adapters usually do not provide this.

The other benefit is that adapters with passthrough socket use filters to suppress noise coming from the connected electrical appliance and this improves speed by 13% – 15%.

Pros and cons

Devolo Magic 2 Wi-Fi
+ Fastest average download speed
+ Comes with a mobile app and each unit has a management web GUI
– Built-in access point resets the whole unit and Wi-Fi is not usable
– It runs quite warm compared to the other two and is the largest

tp-link TL-PA9020P
+ Very good and symmetrical performance
+ Stable
– No built-in Wi-Fi
– Still quite expensive compared to the slower and cheaper units

tp-link TL-PA6010 (or similar)
+ Great value for money
+ Stable
– Relatively low speeds
– No passthrough socket, no Wi-Fi

And the winner is

My personal preferences are very likely different from yours and that is fine. I am looking for symmetrical TCP throughput of at least 200 Mbps, ideally a passthrough socket support and all other features are nice to have.

Devolo Magic 2 Wi-Fi proves to be unstable as the built-in access point crashes the whole adapter and resets the power line connection. Its back side also becomes quite warm regardless the load.

So, I decided for tp-link TL-PA9020P. It is stable, does all I need it to do and both adapters come with 2 Ethernet ports which gives me flexibility to plug my own access point in or connect using wired Ethernet connection.

Configure DHCP Option 43 on Cisco Meraki MX appliance to point AP to its WLC

Here is how to configure Option 43 on an MX appliance for a Cisco Aironet or Catalyst AP to discover its Wireless LAN Controller (WLC).

My Catalyst 9800-CL controller IP address: 173.38.219.33

Meraki MX appliance DHCP server configuration

Format of the hex string

In my example, the final string would be “f1:04:ad:26:db:21”

“f1:04” tells the AP that only one WLC IP address is used, followed by the actual address
“ad” is hex representation of 173
“26” is hex representation of 38
“db” is hex representation of 219
“21” is hex representation of 33

Verification on the AP

Two controllers

If you provide the AP with IP addresses of 2 standalone controllers (think N+1 HA mode), then simply change “f1:04” to “f1:08” and append the second controller’s IP address in hex representation to the end of the hex string.

Primary controller IP address: 173.38.219.33
Secondary controller IP address: 173.38.219.34
Hex string: f1:08:ad:26:db:21:ad:26:db:22