10 Gigabit Ethernet on Raspberry Pi 5

Raspberry Pi 5 comes with PCI Express connection and a number of HATs (hardware attached on top) and Bottoms (the opposite of that) are now available for sale. That unlocks some very exciting options. Let’s see how fast can a 10 Gigabit Ethernet adapter on Raspberry Pi 5 go, shall we?

Pineberry’s HatDrive! Bottom proved to be really handy for converting Pi’s PCIe connection to M.2 M-key format. My Kalea-Informatique 10 Gigabit adapter uses exactly that, so that’s a match. Why did I choose this adapter? Very unscientifically this time – it was the first readily available and I was in a fail-fast mood :)

10 GbE adapter connected to Raspberry Pi 5
Pineberry HatDrive! Bottom board with 10 GbE network adapter
Detail of the AQC107 chip powering the network adapter

Enable PCIe port on Raspberry Pi 5

First things first. We need to enable the PCIe connector on the Pi.

sudo nano /boot/firmware/config.txt

# Enable the port
dtparam=pciex1

# Configure PCIe Gen
dtparam=pciex1_gen=2
Enable PCIe and configure mode

Build custom Linux kernel and include the Aquantia driver module

Vanilla Raspberry Pi OS doesn’t include the Aquantia AQC107 kernel module. So we need to burn a micro SD card with a vanilla Raspberry Pi OS Bookworm image, boot the Pi 5 and build a customised kernel.

git clone --depth=1 --branch rpi-6.8.y https://github.com/raspberrypi/linux
cd linux/
sudo apt install flex bison aptitude -y
sudo aptitude install libssl-dev
make bcm2712_defconfig

Edit the config file:

sudo nano .config

Add these 2 lines to .config file:

CONFIG_AQTION=m
CONFIG_AQUANTIA_PHY=m

Trigger customised kernel build on the Pi. This will take some time, so bear with us, please.

sudo make -j4 Image.gz modules dtbs
sudo make modules_install
sudo cp -v arch/arm64/boot/dts/broadcom/*.dtb /boot/firmware/
sudo cp -v arch/arm64/boot/dts/overlays/*.dtb* /boot/firmware/overlays/
sudo cp -v arch/arm64/boot/dts/overlays/README /boot/firmware/overlays/
KERNEL=kernel_2712
sudo cp -v arch/arm64/boot/Image.gz /boot/firmware/$KERNEL.img
uname -a
sudo reboot

After reboot, the LED light on the network adapter should come to life and we can capture first impressions.

Adapter recognised
10 Gbps Full Duplex
lspci -v output

Temperature

First thing you will likely notice is how hot this network adapter runs. It runs at 85° Celsius in idle which is slightly worrying and you can literally burn your fingers if you are not careful. Thumbs down on the thermal design front.

High idle temperature

Under load, surprisingly, it ‘only’ runs 0.5° warmer.

High temperature under load

How fast can it go then?

Raspberry Pi 5 officially supports PCIe Gen 1 and Gen 2. It is not certified for Gen 3.

PCIe Gen 1 mode

In this slowest mode, I got 1.71 Gbps/1.53 Gbps iperf3 TCP results with standard iperf3 settings. No jumbo frames, no other tweaks.

PCIe Gen 1 throughput

PCIe Gen 2 mode

Again, with standard iperf3 settings, I measured 3.44 Gbps/3.04 Gbps TCP throughput between 2 computers both connected to 10 Gbps switch ports via 10 GbE Full Duplex.

PCIe Gen 2 throughput

In idle conditions, this setup draws 7.5 W, and 8.9 W under 10GbE adapter iperf3 -R load (3.45 Gbps). Using more iperf3 parallel streams (the -P parameter) did not help at all.

Power draw

PCIe Gen 3 mode

The adapter supports PCIe Gen 3, but it doesn’t work with the Pi. The Pi is not certified for Gen 3, so I can’t and won’t name and shame. The Ethernet adapter is not recognised in Gen 3 mode, and no interface is present in ip a. Sometimes the Pi will fail to boot.

According to dmesg, the Pi forced Gen 2 mode:

brcm-pcie 1000110000.pcie: link down
brcm-pcie 1000120000.pcie: Forcing gen 2
Forcing PCIe Gen 2 mode athough Gen 3 has been configured

I powered my Pi from M2 MacBook USB-C port. So I thought, I might be running into under-voltage issues. I tested the official Raspberry Pi 27 W (5 V * 5 A) AC power and it made no difference.

Low CPU utilisation

One feature I really enjoyed is the extremely low CPU utilisation under load. I saw slower 2.5 GbE adapters hammer CPU with interrupts, but that’s not the case for this NIC. AQC107 does really good job at keeping the CPU cool.

Low Raspberry Pi 5 CPU load under network load

Cable analytics

Marvell supports Cable Diagnostics feature which uses TDR to measure cable length and detect Ethernet cable for defects. Unfortunately, it doesn’t seem to be supported on the AQC107 chip.

Cable Diagnostics not supported

Can you get 10 Gbps out of this adapter at all?

I am glad you asked. How does Intel NUC with 10 GbE adapter sound? That’s what I am going to test next. Stay tuned for another blog post.

Intel NUC with 10 GbE adapter

Summary

The high operating temperature really makes this adapter something I can’t recommend. With maximum throughput below 3.5 Gbps, I think you would be better off choosing a 2.5 Gigabit Ethernet adapter, which runs cool and delivers 2.35 Gbps/2.35 Gbps throughput.

Have you tested any other 10 GbE adapter? Did you get better results? Did you find any 2.5 Gbps Ethernet adapter that supports Cable Diagnostics? I am all ears.

Special thanks

Thanks to Luke Jenkins for exploring and sharing the kernel build instructions. Also, thanks to the WLAN Pi team. You can buy the team a coffee using this link.

Wi-Fi 7 comes to WLAN Pi M4

With the WLAN Pi team, we have designed and launched a M.2 adapter from A-key to E-key, which allows you to install a certified Wi-Fi 7 adapter Intel BE200 to your current WLAN Pi M4.

WLAN Pi M4

Is WLAN Pi selling ‘keys’ now? 😉

What is a ‘key’? It is formed of the notch on the Wi-Fi adapter PCB, and plastic blob separating pins inside the M.2 slot. The idea is to prevent users from plugging incompatible cards to the slot, and avoid any ‘magic smoke events’. Here is more about M.2 and the individual key types if you are interested.

WLAN Pi upgrade kit

Since Intel adapters use E-key and WLAN Pi M4 uses A-key, we needed to build an adapter. Badger Wi-Fi has the upgrade kit in stock. It comprises of the Oscium M.2 A-key to E-key adapter, Intel BE200 Wi-Fi 7 adapter, and 2 little bolts to secure the adapter and the Wi-Fi module.

Here is how the ‘butterfly’ setup looks like. Intel BE200 sits onboard of the A-key to E-key adapter, installed in the M.2 slot.

We are ready to connect existing tri-band antennas, and assemble the unit.

Software support

Make sure to either upgrade Linux packages to their latest versions using sudo apt update && sudo apt upgrade command, or download and flash the latest WLAN Pi software image on your SD card. Release 3.2.0 supports Wi-Fi 7 Intel BE200 adapter out of the box with no effort whatsoever on your part.

Wi-Fi 7 in action

For this demonstration I use a consumer Wi-Fi 7 router TP-Link Deco BE85 BE19000. Simply because it is available, Wi-Fi 7 certified, and it supports 320 MHz channel width – not that one would deploy that in an enterprise environment, but mainly to test the maximum Wi-Fi throughput of the Pi.

A bug in macOS doesn’t allow Macs to correctly recognise Wi-Fi 7 networks. Instead of Wi-Fi 7 320 MHz wide network, my MacBook reports Wi-Fi 6 and 160 MHz wide channel. So, we will use another WLAN Pi and its Wi-Fi radio as a Remote Sensor in WiFi Explorer Pro – you need the Pro version to do this.

Nice, Wi-Fi 7 AP!

Connecting the WLAN Pi as a Wi-Fi 7 client only takes few lines of wpa_supplicant config.

sudo nano /etc/wpa_supplicant/wpa_supplicant.conf

And we have successfully connected the WLAN Pi as a Wi-Fi 7 client to the AP using this command.

sudo wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -i wlan0

Run this command to make sure the WLAN Pi requests an IP address from DHCP server running on the router:

sudo dhclient -i wlan0 -v

What channel are we using? 320 MHz channel width? Indeed.

Before you ask, distance between the Pi and the router is sub 1 meter. What is the Wi-Fi data rate? We are using Wi-Fi 7 (EHT), 2 spatial streams, MCS 12 and 4096-QAM and short guard interval of 0.8 µs.

We can refer to Francois Verges’ MCS index tool to check how we are doing. Yes, I have tried, but I have only been able to achieve MCS 13 extremely rarely.

How far from the AP can we maintain 4096-QAM?

I hardly ever achieved MCS 13. To maintain MCS 12, I had to stay within about 1.5 meter distance from the router. I got best results with antennas position in this ‘V’ pattern.

With a different client device designed for Wi-Fi 7 from the ground up (with professional quality antennas and placement), I would hope for slightly longer MCS 12 and MCS 13 range.

It’s throughput test time

It’s time to run an iperf3 test and see how much traffic we can actually push over the air and also how much the WLAN Pi M4 can handle. Here is our test setup. I recommend the OWC 10 GbE Thunderbolt adapter (it uses Thunderbolt protocol, not USB) connected via USB-C to your Mac.

With the help of Oscium WiPry Clarity 6 GHz spectrum analyser connected to another WLAN Pi, we can monitor the life spectrum and see how much red the iperf3 test introduces. We are able to achieve download TCP speed of 2.27 Gbps and upload speed of 1.74 Gbps.

I used iperf3 -c 192.168.68.51 -P32 -R to test download speed, and iperf3 -c 192.168.68.51 -P32 for upload. Number of parallel streams set to 32 provided the best performance.

Summary

Wi-Fi 7 works well on the WLAN Pi M4. In fact, it works better than Wi-Fi 7 on Windows 11. But we will cover that one in one of a future blog posts.

I was expecting 2.5 Gbps-ish throughput, which we have got quite close to. During the test, CPU of the WLAN Pi was running around 80 % utilisation, and interrupts were reaching 100 %. So, hardware of the WLAN Pi itself posed a bottleneck.

mpstat 1 300 -P ALL

Orientation of the antennas mattered more than I expected to. Best position was a ‘V’ shape with antennas positioned away from the board. With AUX antenna placed 90 degrees relative to the Main antenna, data rates and throughput dropped. Perhaps there is RF noise from the board itself coming into play.

Apple iOS Shortcut: Install Wi-Fi diagnostics profile to your iPhone the easy way

Apple developed a diagnostics profile that allows you to monitor and troubleshoot Wi-Fi connectivity. Unfortunately, it is only available for 7 days after installation. After that, it get automatically removed. If you are a Wi-Fi professional, that means that you need to reinstall it every few days. Yes, it always disables when you are on site and need it the most :)

Manual installation of the profile – the hard way

Normally, I would google something along the lines of “Apple Wi-Fi diagnostics profile”, eventually I find the right link, log in, search for the iOS Wi-Fi profile on the Apple Developer website, download the profile, go to Settings > General > Profiles section, and I install it from there.

Wi-Fi diagnostics profile for iOS devices

What if there was a little tool that did most of the above for you?

The easy way

I put together a quick “Wi-Fi Profile” Apple Shortcut that removes some of these steps. Install the shortcut on your phone and it will guide you through the diagnostics profile installation every time you need it. It downloads the profile to your iPhone, lets you approve the installation and voilà, you open Wi-Fi settings and get RSSI measurements, channel details, BSSID and other useful info.

How to add the Shortcut to your phone

Download the latest version from my GitHub and follow the video instructions. Save it your home screen and execute it whenever you want to reenable Wi-Fi diagnostics.

See the shortcut in action

More shortcuts, anyone?

I wrote few other Shortcuts. Perhaps you are connected to a someone’s guest network, and would like to see who their access point vendor is? Your iPhone can tell you.

Or you use 2 iPhones and want to get a reminder when your secondary/test phone’s battery drops below 10%?

Convert Cisco Catalyst Wireless access point to Meraki cloud-managed mode

We have already converted a Cisco Meraki access point to Catalyst/DNA mode the other week.

Access point conversion from Catalyst/DNA mode (managed by Catalyst 9800 controller) to Meraki mode allows you to add a Catalyst Wireless AP to Cisco Meraki Dashboard, and fully monitor, and fully manage it from there.

Convert Catalyst/DNA AP to Meraki mode

Order the AP in the right mode

Order your access points in the right mode out of the box, and don’t worry about conversion. That’s the “-MR” SKU for cloud-management/SaaS model. If you wish to manage the APs by a Catalyst 9800 controller, simply find the right access point SKU and regulatory domain based on your coutry using this tool and reach out to your favourite Cisco Partner or distributor for a quote.

What do we need?

  • Catalyst Wireless CW9162I, CW9164I, CW9166I, CW9166D1, or CW9163E access point joined to a Catalyst 9800 series controller (hardware appliance, cloud instance, or virtual machine)
  • Cisco Meraki MR access point license

Let’s start the conversion

1. Make sure the access points you want to convert have successfully joined the Catalyst 9800 controller. Head over to Configuration > Wireless > Migrate to Meraki Management Mode.

Migrate to Meraki Management Mode

2. Select one or more APs you wish to convert and click the Migrate to Meraki Management Mode button.

Select APs

3. Wait for validation to complete. Click Next.

Validate that the AP can be converted

4. Tick Agree and continue and click Yes.

Take a deep breath and kick-start the process

5. Conversion has now finished. Note that each AP has a Cisco Serial Number and Meraki Serial Number. Copy the Meraki Serial Number.

Conversion has finished

6. While you are doing that, the AP rebooted and started the Meraki image.

AP has left the controller and is about to establish connectivity to Dashboard after reboot

During the boot process, the AP logs a message about the mode change.

Reset reason – AP converted to Meraki mode

And you will no longer have access to its Console port. If you connect a console cable, <Meraki> output will appear with no option to type any commands.

Console port output after conversion

7. Copy the Meraki Serial Number and log in to Cisco Meraki Dashboard. Open Organization > Configure > Inventory. Click Add devices, and paste the Meraki Serial Number of the AP.

Inventory
Add the AP by entering its Meraki Serial Number

8. From now on, the AP now behaves like any other Meraki cloud-managed access point. All monitoring and management features of the Dashboards are available. If you ever change your mind, and wish to convert it back to Catalyst/DNA mode, here is my step-by-step guide.

Useful WiFi Explorer Pro filters for finding rogue APs and APs with low minimum mandatory data rate

If you have not used WiFi Explorer before, get yourself a copy of the Pro version here. It is absolutely worth it and extremely useful tool if you have anything to do with Wi-Fi.

The Pro version (the Lite doesn’t) supports Filters. They allow you to filter scan results and get exactly the scan results you are interested in.

Find rogue access points

Let’s say you want to find APs that use other SSIDs than yours. This filter does just that. It shows all SSIDs other than CiscoLive or CiscoLive-WPA3. Simply paste this string into the Filters text field in the top right-hand corner.

dot11.net.ssid !~ "CiscoLive" AND dot11.net.ssid !~ "CiscoLive-WPA3"

Find APs using low minimum mandatory data rate

Other times you might want to look for access points that have minimum mandatory data rate configured to low – by mistake or by choice. In this example, I am interested in APs broadcasting these 2 SSIDs and using minimum mandatory rate of 6 or lower.

dot11.net.min_basic_rate <= 6 AND dot11.net.ssid ~~ "CiscoLive" OR dot11.net.ssid ~~ "CiscoLive-WPA3"

Download the cheat sheet

We have only scratched the surface. You can do so much more with filters.

Intuitibits, the makers of WiFi Explorer, published a great one-pager documenting the syntax. Get yourself a copy.

Convert Cisco Meraki MR access point to Catalyst DNA mode

Same hardware, your choice of management

The latest generation of Wi-Fi 6E Catalyst Wireless access points (CW9162, CW9164, CW9166 series) gives you the option to either cloud-manage them using Cisco Meraki Dashboard, or manage the APs by Cisco Catalyst 9800 series Wireless LAN Controller (WLC).

They are the exact same hardware and they ship pre-loaded with the Catalyst/DNA and Meraki software image. Depending on the mode setting, they either boot one image or the other.

What do we need

  • Catalyst Wireless CW9162I, CW9164I, CW9166I, CW9166D1, CW9163E access point in Meraki mode
  • Cisco Meraki MR access point license to perform the conversion
  • Cisco DNA Essentials or DNA Advantage access point license if you want to use join and manage the AP by a Catalyst 9800 controller

Choose AP mode before ordering

You will have the best experience when you order your access points in the right mode.

Order the right mode

Order a DNA persona AP and it will auto-discover your Catalyst 9800 controller using one of the supported methods. In the UK, I can order the “-ROW” AP and manage it by Catalyst 9800, and optionally add Catalyst Center (previously known as DNA Center) to get analytics, assurance and other great features. Find the right access point SKU and regulatory domain based on your coutry using this tool.

If you prefer, order the Meraki mode access point, connect it to the internet, and claim it in the Dashboard. Meraki APs use a single “-MR” SKU globally.

Conversion from MR to Catalyst/DNA mode

If you ordered a Meraki access point and your requirements have changed, you can convert the AP to DNA mode.

1. Make sure you have an active Meraki MR license. Why? We need the license to connect the AP to Dashboard, and to open a conversion request with Meraki technical support team.

2. Provide power and internet connectivity to the access point.

3. Log in to Dashboard. Navigate to Organization > Configure > Inventory and add the access point using its Meraki S/N.

Enter the Meraki S/N from the product label

4. Add your MR license to Dashboard under Organization > Configure > License Info.

5. Wait for the AP to connect to Dashboard and change its LED to solid green or solid blue. Perfect, the AP is now online.

6. Complete this checklist first. Disable Meshing feature and make sure your Catalyst 9800 is ready for the AP to connect after conversion has completed.

Disable Meshing feature

7. Open a new support case by clicking the (?) question mark in the top right hand corner > Cases > New Case.

8. Include all these details to speed up the conversion process. Find your Customer Number by clicking the person icon in the top right hand corner. To get your Daily Support Code, click the same person icon, then open My profile.

Hi,

Please convert my CW*****-MR AP with Meraki SN ****-****-**** to DNA mode. I do have an existing DNA license. I disabled Meshing in the Dashboard.

I have completed this checklist:
https://documentation.meraki.com/MR/Other_Topics/916X_Management_Mode_Checklist_and_Troubleshooting

I am aware that the AP will not join Dashboard after the conversion, unless I convert it back to MR mode.

Please go ahead and start the mode change immediately.

My customer number: ****-****
My support passcode for today: ****

Have a great day!

9. If this conversion is urgent, call into Meraki support. No, don’t e-mail the support team, call them. Have the case number by hand. Find the best phone number here.

10. After the support engineer starts the conversion, your AP will reboot. It is now in the Catalyst mode. You can verify that by keeping an eye on the Console port output during its boot. Just to remind you (and myself): The new Console port baud rate is 115200 from 17.12.1 release onwards.

Autoboot in 5 seconds
Catalyst Mode Selected

11. The AP should now follow the standard Catalyst LED pattern. It is ready to be managed by a Catalyst 9800 series controller – be it a hardware appliance, virtual machine, or public cloud instance.

12. Our DHCP server assigned an IP address to the AP, which has automatically discovered and joined the WLC located in the same IP subnet.

Successful WLC discovery and AP join
Followed by automatic software image upgrade
The AP has joined the WLC and is ready for use

To enable SSH and Console access, create a username, password and enable password in the Catalyst 9800 controller’s AP Join Profile > Management > User section. SSH protocol is disabled by default. You can enable it in the AP Join Profile.

You have full Console access and control over the AP

Will faster micro SD card make my WLAN Pi M4 boot faster?

No, it will not, unless you make some bad choices. But, faster card will make your life easier and significantly speed up the image flashing process.

Tests performed

  • Flash and verify WLAN Pi 3.1.4 software image to the micro SD card using built-in card reader of MacBook Pro M2 and Balena Etcher app
Software image flashing process
  • Boot WLAN Pi M4 from the micro SD card. Measure how long it takes to boot from plugging the Ethernet cable in (and PoE power provided) to WLAN Pi home screen shown on the display
WLAN Pi M4 powered via PoE

Results

Sandisk High Endurance 32 GB U3 card is the default provided with WLAN Pi M4 by default. The U3 standard reall y makes a huge difference when it comes to writing to the card and that’s why it is our go to option.

Micro SD cards tested

From practical perspective, different size or even slightly slower card won’t really make your Pi boot any faster. If you make some bad choices and reuse an older class 6 card, you will spend extra 11 seconds of your life waiting for the WLAN Pi to boot every single time.

Flash WLAN Pi imageEffective speedBoot WLAN Pi M4
Sandisk HE 32 GB U31 min 59 seconds64 MB/s28 seconds
Sandisk HE 256 GB U31 min 53 seconds68 MB/s28 seconds
Sandisk Ultra 32 GB U13 mins 54 seconds24 MB/s28 seconds
Samsung 8 GB Class 611 mins 29 seconds8 MB/s39 seconds
Compute Module 4 with built-in eMMC storageDidn’t testDidn’t test27 seconds

Recommendation

Invest in a U3 or better card and benefit from fast write speeds. There is very little premium to pay. In future, you can reuse a fast card in other device like a dash cam, Raspberry Pi 5 workstation, or video camera.

Kingston has a great blog post about SD card standards.

Apple iOS Shortcut: Remind me to charge my secondary iPhone

Let me give you one more reason why you should explore the Shortcuts framework on your iOS or macOS device.

Remind me to charge my test phone

I mainly use my primary iPhone, but for testing I use an older iPhone running iOS Beta. Up until now, I struggled to keep the test phone charged. Typically I would pull it out of the bag and … you know the rest of this story, right?

I put together this quick but very useful shortcut. Whenever charge level drops below 10 %, the secondary phone will automatically send me an iMessage with a reminder. That’s it. Simple. Useful.

Recharge reminder automatically sent to me via iMessage from the secondary device

How does it work

Simply create a new Shortcut on the secondary iOS device, using the Shortcuts app. Select Send Message action and enter your iMessage details.

Now, in the Automation section, configure the trigger that executes this action. Set it to run whenever battery level drops below 10 %.

Then hit Done.