Cisco’s Catalyst 9130AXE access point (the external antenna model) doesn’t have any antennas built-in by design. It uses a DART connector with 8 RF lines and 16 digital lines. They carry the RF signals and allow communication between the AP and antenna.
All new C-ANT9101, C-ANT9102 and C-ANT9103 antennas connect natively using their directly-attached DART connector to the Catalyst 9130AXE access point. It significantly simplifies the deployment process, allows the AP to automatically detect the antenna model, type and gain, and it doesn’t allow any room for installation errors like loose RP-TNC connectors or swapped antenna RF ports.
Here is an example of the new bell antenna C-ANT9102 with directly-attached DART connector.
And here is one connected to the C9130AXE-E access point.
Now, if your scenario requires the antenna to be installed further away from the access point (inside of a freezer for example) there is a 3-feet DART extension cable for that sold by Cisco.
The part number is AIR-CAB003-D8-D8=.
It has 90-degree 8-port plug on one side and straight 8-port jack on the other.
Orientation of Wi-Fi access point with external antenna(s) on Cisco DNA Center maps is represented by 2 key attributes.
Azimuth tells us how many degrees we rotated the antenna around its vertical axis. It ranges from 0 to 360.
Elevation represents downtilt of the main lobe relative to horizon. It ranges from -90 to 90. Horizon equals to Elevation 0. If the antenna’s downtilt is 30° down, Elevation is -30. The minus sign tells us that the antenna is pointed downwards.
Antenna shooting above the horizon, which is not very common, would have positive (larger than 0) Elevation value.
We are going to focus exclusively on access points with external antennas in this post. If you are deploying internal antenna AP or AP with dipole antennas, here are the correct settings for you.
Everything in this post applies to all Cisco’s directional antennas. To name a few, C-ANT9103, C-ANT9104, AIR-ANT2566D4M-R, AIR-ANT2566P4W-R, AIR-ANT2513P4M-N.
Enough theory. Pictures are worth a thousand of words.
We are going to use use Cisco’s AIR-ANT2566P4W-R, which has a nicely squished pattern and changes to its orientation are very visual.
Wall-mounted external antenna
By default DNA Center sets APs with external antennas to Azimuth 0 and Elevation 0. Elevation 0 means that the antenna is wall-mounted (downtilt 0°) and its main lobe shoots parallel to horizon.
Let’s assume perfectly wall-mounted antennas with no downtilt at all in the examples below. That way we don’t need to touch the Elevation setting at all. All we need to do is to adjust the Azimuth angle depending on which wall the antenna is mounted on.
Wall-mounted antenna shooting towards the right
Azimuth 0 and Elevation 0 is the default setting for external antennas. It represents a perfectly wall-mounted antenna (that’s what Elevation 0 means) shooting in the right hand direction (that’s what Azimuth 0 does). The main lobe travels parallel to the floor.
On the floor plan, it is mounted on the ‘left wall’ of the room, shooting towards the right.
Wall-mounted antenna shooting towards the bottom of the map
Now, what if you installed the antenna on a wall, but it points towards the bottom of the map (I avoid the south as it is not true south) this time?
We rotated the antenna clockwise around it vertical axis by 90 degrees. There is Azimuth for that, so we will increase Azimuth by 90. The final setting is Azimuth 90 and Elevation 0.
The antenna appears as mounted on the ‘top wall’ of the room shooting towards the bottom of our floor plan.
Wall-mounted antenna shooting towards the left
We have now rotated the antenna by another 90 degrees clockwise. That results in Azimuth 180 and Elevation 0.
It is installed on the right wall pointed towards the left of our floor plan.
Wall-mounted antenna shooting towards the top of the map
Finally, if the antenna is mounted on the ‘bottom wall’ and it points towards the top of our floor plan, that is another 90-degree increment, and results in Azimuth 270 and Elevation 0.
Hopefully, there are no surprises there?
If your antenna uses a different orientation, simply drag the blue Azimuth arrow and point it wherever the antenna’s main lobe is shooting towards.
Ceiling-mounted antenna shooting towards the floor
Antenna mounted to the ceiling shooting towards the floor has downtilt of 90°. We simply set Elevation to -90. Don’t miss the minus sign.
This is how Azimuth 0 (antenna cables on the left, top side of the antenna on the right) and Elevation -90 looks like.
The irregular ‘oval-ish’ pattern of this patch antenna is very obvious on the map. It kisses the top and the bottom of the floor plan.
My antenna is ceiling-mounted but it is rotated?!
To rotate the antenna on the ceiling by 90° clockwise, we just need to increment Azimuth.
Azimuth 90, Elevation -90
This time the coverage area stretches from left to right, because we rotated the antenna by 90 degrees.
Azimuth 180, Elevation -90
Azimuth 270, Elevation -90
Antenna cables point towards the bottom of the map, which is yet another 90-degree increment. It is still perfectly ceiling-mounted (that’s Elevation -90).
Now, let’s apply the theory.
What Azimuth and Elevation would you configure on C-ANT9103 antenna connected to Catalyst 9130 AP mounted using AP-BRACKET-9 bracket on the ‘top wall’ (don’t let the perspective of the photo confuse you) of the floor plan with 30-degree downtilt?
The antenna is mounted on the top wall shooting to the bottom of the map. That translates to Azimuth 90. It is wall-mounted, which normally means Elevation 0, but it is tilted 30° down. So, we subtract 30 from Elevation. And here we go, that’s Elevation -30.
Cisco Catalyst Wi-Fi 6E access points in DNA persona support a new Site Survey mode. It allows you to perform AP-on-a-stick survey, it comes with a fresh web interface, and it supports 6 GHz. This new mode is included in the Lightweight access point software image.
Unlike the Embedded Wireless Controller (EWC) mode, which was available on previous generation of APs, this new Site Survey mode doesn’t require any extra software image download or reflash of the AP.
What do we need
Either of C9136I, CW9166I, CW9164I and CW9162I APs in DNA persona (controller-managed AP running Lightweight software image) works. We are going to use CW9162I-ROW DNA persona AP running 17.9.3 or newer release.
Console cable connected to the USB port of your laptop and the RJ45 Console port of the AP
PoE injector, PoE-capable battery pack, or switch with PoE support. To power CW916x APs, PoE+ (802.3af) is sufficient. You will need UPOE (802.3bt) to leverage full radio capability of C9136I.
Why the 17.9.3 or newer release
Why am I insisting on 17.9.3 or newer release? There was an issue, which prevented Site Survey mode from working on ROW regulatory domain APs used in the UK. The AP simply won’t accept the GB country code, and it won’t enable 5 GHz and 6 GHz radios. This is fixed in 17.9.3.
How to upgrade the AP to 17.9.3
Simply join the AP to an existing Catalyst 9800 controller running 17.9.3 release. During the join process, the AP will automatically upgrade its software to 17.9.3 to match your controller’s release.
Console into the Lightweight AP. Please note Catalyst APs used 9600 baud rate by default, which has recently in 17.12.1 release changed to 115200 bauds.
Switch the AP to Site Survey mode using this command, press y, and wait for it to reload:
Note: Mode change to Site Survey mode erases the AP settings and resets Console port credentials to cisco/Cisco.
After it reloads, ROW domain AP will only broadcast 2.4 GHz survey SSID. No 5 GHz. No 6 GHz. That’s because we haven’t configured any country code yet and it doesn’t know what regulatory to follow. Note the Country NONE value.
If you are using ROW (Rest Of World) domain AP, configure country code using this command using Console connection and reload:
configure ap country-code GB
The AP will boot up and broadcast the survey SSID on all 3 bands.
Connect to the survey SSID wirelessly. It is an open SSID, no passphrase needed.
Access the access point’s web interface on https://10.0.23.1. Default credentials are admin/admin. Click OK, and change default credentials.
Using the web UI, customise the RF settings to fit your survey needs. Default 6 GHz channel setting is set to Auto, which results in channel 1, which is not a Preferred Scanning Channel (PSC).
Let’s change it to channel 5 or other PSC channel.
That’s it. Take the AP with you to site and enjoy the survey. When you PoE power it, it will automatically start in the Site Survey mode with your customised settings.
To scan 6 GHz spectrum, I use WiFi Explorer Pro with WLAN Pi M4 as a remote sensor. It has a built-in tri-band Wi-Fi adapter.
New LED pattern in Site Survey mode
During boot, the LED flashes blue.
After the AP successfully starts Site Survey mode, the LED flashes red and green. This is a normal Site Survey mode pattern, and absolutely nothing to worry about.
Warning: Read before you switch back to CAPWAP mode
If you switch the AP from Site Survey mode back to CAPWAP mode, you will no longer be able to log in via its Console port. The mode change wipes all CAPWAP settings of the AP including credentials. If you proceed with switch to CAPWAP mode, you will have to perform these steps to regain Console port access:
Join the AP to a Catalyst 9800 controller
Create Console port credentials and Enable password in AP Join Profile of the controller (Configuration > AP Join)
Controller automatically pushes these newly created credentials to the AP
You can now login to the Console port of the AP and switch back to Site Survey mode or run other commands
How long does a Site Survey AP take to boot?
From plugging the Ethernet cable in to seeing the SSIDs on the air, it takes about 3-4 minutes. DFS channels take 4 minutes or so, other bands come up faster.
Does the AP need wired connectivity or IP address on its Ethernet interface?
No, wired connectivity is not needed. The AP can just be powered by a power injector with no upstream Ethernet link. No IP address is needed on the wired port of the AP.
Does internet connectivity work?
Yes, it does. If you connect AP’s Ethernet port to infrastructure that provides internet, wireless clients connected to the AP in Site Survey mode get internet access too.
The Ethernet interface of the AP gets an IP address via DHCP from the existing infrastructure. The AP has its own DHCP scope 10.0.23.0/24 enabled on its survey SSID. It then NATs traffic coming from wireless clients to the wired network.
This question comes up and every now and then. So, let’s put it to bed.
If you have a ceiling-mounted internal antenna AP (with built-in antennas), or external antenna AP with dipole antennas (AIR-ANT2524D), or with short dipole antennas (AIR-ANT2535SD), here are the correct Azimuth and Elevation angle settings.
Azimuth angle does not matter in this case (it does for directional antennas), because these antennas have the same pattern regardless of how you rotate them clockwise or counterclockwise. Simply use the default value of 0°.
My Catalyst 9800-CL controller is hosted on a cloud, so I don’t need any hardware for that. Finally, my Catalyst 9136 Wi-Fi 6E AP is powered by a Catalyst 3560CX 10 Gigabit Ethernet multigigabit switch.
Catalyst 9136 is Cisco’s premium AP with all the bells and whistles including hexa-radio architecture and built-in environmental sensors for smart building use cases. It requires an 802.3bt/UPOE power source to enable 6 GHz radio in full performance 4×4 MIMO mode. The switch I use supports 802.3at/PoE+, which is great, but 6 GHz radio downshifts to 2×2. And that’s where an 802.3bt power injector comes to the rescue.
Since the Cisco injector isn’t widely available yet, I decided to test this Zyxel one. It provides 802.3bt power and allows the AP to run in full power and full 4×4 6 GHz radio mode with no compromise.
Do I like power injectors in production?
Absolutely not! Ideally you should design for 802.3bt/UPOE switches to power all your new APs via PoE.
It allows you to:
easily, centrally and remotely monitor how much power the APs use
enable/disable power on a port to bounce an AP
leverage redundant Platinum-rated power supplies for the AC to DC power conversion
manage the solution with ease – just think how difficult it is to manage more than 1 power injector, the number of AC power sockets, and what happens when someone disconnects the injector?
Carrying a full-size switch is not really an option for me, because small form factor is my main goal. So a power injector works best for me. But if I could I would love to use a compact 802.3bt switch.
Are you wondering if the PoE splitter connected to my iperf3 server (the little black box with 3 Ethernet interfaces) actually negotiated 2.5 Gbps Full duplex with the switch? Yes, it did. But keep in mind that the PoE splitter is technically only rated for 1 GbE. So use as short patch cable as possible and ideally CAT6.
Optionally, you can order an AP + antenna collocation “pocket”, which the Catalyst 9130AXE slides nicely in. It is aesthetically pleasing it, and all it takes to install the AP and antenna is a single mounting bracket. You don’t have to worry about mounting the access point and antenna separately. This drastically simplifies temporary deployments – just think about Cisco Live for example.
Please always refer to the official Cisco documentation for the latest information and package contents.
Apple published a brief summary of the newly introduced “Private Address” Wi-Fi feature. Since it does not go into the detail, I tested the public iOS 14.0 release on an iPhone SE and iPad Mini in my lab. Here is how it actually works.
New Wi-Fi networks
For SSIDs you have not connected to before, iOS 14 devices generate a random MAC “Private Address” and they use this MAC address permanently for this SSID. This address does NOT change over time. This works as expected.
Previously used Wi-Fi networks
Known Wi-Fi networks you have already connected to at least once before the upgrading to iOS 14 get a different treatment though. And this is where things are not as straightforward as the documentation suggests.
After upgrading to iOS 14, I connect to a known network which I have already used before the upgrade. The MAC address that is used is actually the real hardware MAC address of the Wi-Fi adapter for 24 hours. Note that the “Private Address” feature is enabled. This could potentially be considered a UI bug.
24 hours after first connecting from an iOS 14 device to this known SSID, the “Private Address” feature kicks in and the MAC address for this SSID automatically switches from the real MAC address to a randomly generated MAC address. Personally, I assume that this 24-hour period has been developed to allow enterprises to disable Private Address feature on their managed iOS devices using MDM, but I may be wrong.
From this point onwards the same randomly generated Private Address is permanently used for this SSID and does NOT change over time.
Catalyst 9800 controllers come with built-in support for WLAN availability scheduling. When a WLAN becomes disabled, APs do not broadcast the SSID and channel utilisation decreases. Also, it can be implemented as a security enhancement to prevent client devices from connecting during specified hours.
At the time of writing IOS-XE 17.3.1 does not yet offer a GUI for this capability, but there is a couple of options how to schedule WLAN availability.
Before we start, please double-check time settings on the controller, enable NTP client and set a correct timezone.
Option 1: Built-in Calendar Profile
The configuration is self-explanatory, so let’s start with that. My example enables all WLANs mapped to the “default-policy-profile” from 9 am to 5 pm every week day. Outside of these times, the SSIDs will not be available for clients to join.
wireless profile policy default-policy-profile
no wireless profile calendar-profile name WEEKDAYS-9-TO-5
wireless profile calendar-profile name WEEKDAYS-9-TO-5
start 09:00:00 end 17:00:00
wireless profile policy default-policy-profile
calendar-profile name WEEKDAYS-9-TO-5
You can verify using a Wi-Fi client. If you do “show wlan summary”, the WLANs will still appear as “Enabled” and this is expected. To verify current status of WLANs controlled by the Calendar Profile, please use “show logging | include SCHEDULED_WLAN”.