Wi-Fi - Jiri Brejcha

Portable and affordable 2.5 Gigabit Ethernet iperf3 Server – FriendlyElec NanoPi R5S

What problem am I trying to solve?

Wi-Fi standards have developed and also WAN links are fast and reasonably priced these days. When it comes to throughput testing tools like iperf3 servers, 1 Gigabit Ethernet has become a bottleneck. A Wi-Fi 6E client can now easily generate more than 1 Gbps of traffic, but how do we measure it?

To overcome that issue, I am looking for a reasonably priced portable single-board computer, which can push more than 1 Gbps of traffic. It should be powered via USB-C, battery, or PoE powered, and should be portable to fit in my “just in case I need it” tool bag.

FriendlyElec NanoPi R5S

This little FriendlyElec NanoPi R5S single-board computer (SBC) delivers everything I mentioned above. Let’s have a look.

Dimensions and case

It comes with a well designed aluminium case, which also serves as a heatsink. The whole unit is smaller than the smallest iPhone, slightly thicker obviously. It runs silent. There is no built-in fan whatsoever.

Portable? Tick! By the way, did you know that the original WLAN Pi uses NanoPi NEO2?

Left to right: WLAN Pi, R5S, Intel-based SBC I am also testing, WLAN Pi Pro

Ports

It has two 2.5 Gigabit Ethernet interfaces (LAN1 and LAN2) and one 1 Gigabit Ethernet interface (WAN). Either of the LAN ports delivers 2.3 Gbps of actual useful iperf3 throughput with default 1500-byte MTU and single stream. I used MacBook with OWC 10 Gigabit Ethernet Thunderbolt 3 Adapter and Cisco WS-C3560CX-8XPD switch.

From client’s perspective that’s 2.27 Gbps down and 2.35 Gbps up

Power

The R5S only draws 4 Watts in idle, and can be powered by any USB-C 5V power source. Your MacBook USB-C charger, iPad/iPhone charger, or USB-C battery pack would do. Alternatively, use a 1 Gigabit Ethernet 5V PoE splitter and PoE power the unit. In my lab with a 2 meter cable, the 1 Gigabit Ethernet PoE splitter actually allowed the R5S auto negotiate stable 2.5 Gbps connection with the switch.

Software

FriedlyElec built and published two operating system SD card images for the R5S – Ubuntu and FriendlyWRT. I tested both, and for my use case FriendlyWRT works best. It has a network-centric and easy to use web UI, has iperf3 preinstalled, and delivers great performance.

Initial setup and tips

R5S ships without any micro SD card, so make sure you have one ready to use. Flash the software image to it using Balena Etcher or similar tool.

Connect the WAN port to a network with existing DHCP server. If you are in the same subnet, simply ping FriendlyWrt.local to get the IP address of the R5S.

Then access the web UI or SSH to the unit, SSH is enabled by default. Change the root password now.

Now, this is important! To achieve maximum throughput, delete the pre-configured bridge interface br0, and configure both multigigabit eth1 (LAN1 port) and eth2 (LAN2 port) as standalone unbridged interfaces. Also, tweak IP address settings to your liking while you are there.

eth1 configured as a standalone interface. Bridge interface removed.

Make iperf3 automatically start by going to System > Startup > Local Startup and add iperf3 -s and hit the Save button.

Change CPU Governor setting to Performance. And CPU Minimum Frequency to the maximum value.

Here is the FriendlyElec documentation and introduction to their FriendlyWRT distribution.

Final verdict

This little single-board computer absolutely deserves its space in my tool bag. For the 2 GB RAM model with case I paid $88 including shipping to the UK. Add a Micro SD card and that’s all you need to get started.

Finally, it you need top performance, don’t care that much about small form factor, and money is no object, the latest Apple M1 Mac Mini can be configured with built-in 10 GbE.

Cisco Catalyst C-ANT9103 antenna unboxing

If you have not had a chance to see the new Cisco Catalyst antennas for Catalyst 9130AXE access points, here are a few photos of the C-ANT9103 antenna for your reference.

Size, weight, mounting options

The official installation guide provides all this information and much more.

The optional access point “pocket”

Optionally, you can order an AP + antenna collocation “pocket”, which the Catalyst 9130AXE slides nicely in. It is aesthetically pleasing it, and all it takes to install the AP and antenna is a single mounting bracket. You don’t have to worry about mounting the access point and antenna separately. This drastically simplifies temporary deployments – just think about Cisco Live for example.

Previous generation with a separate AP bracket and antenna bracket

The new collocated, and aesthetically pleasing, solution with AP installed just behind the antenna

Unboxing

Please always refer to the official Cisco documentation for the latest information and package contents.

Hot-swappable tripod adapter for Cisco Aironet 1560 outdoor access points

If you have followed my hot-swappable series, my goal was to find a solution to swapping multiple outdoor AP + antenna combinations and a variety of AP models on the same tripod. What is the use case? I only wanted to carry a single tripod on the site survey day while still having the flexibility to survey with variety of antennas and different AP models.

After making the adapter for MR86 and MA-ANT-20 dipoles and MR86 with two MA-ANT-25 directional antennas, I realised I needed one for Aironet 1560, which, at the time of the writing, is my go-to outdoor AP.

Please excuse the DYI approach. I did this during UK’s second COVID-19 lockdown. Shops were closed, access to tools was limited and I had no access to my lab.

How it turned out?

It went surprisingly well this time as I’ve already built a similar adapter for Cisco Meraki MR APs and this time it was even easier. Same as last time, the alu tube slides inside the top tripod tube and we are ready to roll.

The actual steps

I stocked up on M6 x 30 mm bolts, cut the 16 mm aluminium tube to the right length and reused the last bit of decking from a different project.

I thought I will try making a template, which I then transferred onto the wood. That wasn’t the best idea and it seems to work best when you watch someone using this “trick” on YouTube. Next time I will go for an analog pencil and ruler, lesson learned;-)

That trick did not go as well as I thought :)

The decking is quite thick so I ended up shaving few millimeters off it. And here is the final adapter.

Did you say tripod?

Yes, here is more about this 4-meter tripod I use.

How to achieve down tilt?

Thanks to Alan Wang, who suggested I use the official articulating pole mount AIR-ACC1530PMK2 and attach it to my “back board”. Obviously azimuth you can adjust by rotating the tripod, and this allow you to change the elevation angle.

Tripod mounting adapter for Cisco Meraki MR outdoor access points

I needed to find a solution to swapping multiple outdoor AP and antenna combinations on the same tripod. Specifically MR86 with MA-ANT-20 dipoles and MR86 with two MA-ANT-25 directional antennas. Quick swapping was a key requirement. Some coverage areas required directional pattern while other locations with low traffic and low client density would really benefit from omnidirectional coverage.

MRs ship with standard pole mounting hardware, which is great for permanent installation, but it didn’t allow fast swapping of the AP and antenna sets. Also, pole mounting kit requires tools, which is not practical as it add additional weight to your survey backpack.

Please excuse the DYI approach. I did this during UK’s second COVID-19 lockdown. Shops were closed, tools were limited and I had no access to my lab.

You are smart people, so I don’t need to stress this point, but please don’t take this write-up as Cisco’s official guide or recommendation. This is just me trying to find a solution to a problem.

So, what’s the solution?

Let me show you the final adapter and we can then look into the detail.

MR86 with MA-ANT-20 dipoles and we also had some snow here down south;-)

Under the hood

It all started when I spotted my wife’s aluminium 16 mm gardening tubes;-) I realised they were perfect fit for my tripod. They slide nicely inside the top tripod tube about a couple of inches (5 cm) or so.

Tripod and mounting adapter with the standard AP bracket

Grooves in the decking board helped me align the tube

Two drill bits later: Directional adapter with AP mounted on the back for stability

What would I improve?

If I were to build a second iteration of this adapter, I would add a safety wire and attach the AP mounting bracket to the tripod. I would call this mandatory, especially if you are not the only user of these adapters or if there is going to be a person stood underneath the tripod.

Apart from that, it works really well, it is rock-solid, and allows me to swap the MR with omnis and MR with directional antennas in less than 10 seconds.

Affordable tripods for occasional Wi-Fi site surveys

As I mentioned in my battery pack review, I am fortunate to rely on our field engineers and partners when it comes to predictive design validation, wall measurements and AP on a stick surveys. Having said that, I enjoy going on site a few days a month and staying close to our projects. Which leads me to yet another blog post from the “affordable series”;-)

This time I tested 3 tripods. Key factors I considered were value for money, build quality, and suitability for outdoor surveys ability to hold anything from an indoor or outdoor AP to a camera.

Tripods

Left to right/up to down:
(A) Neewer Stainless Steel Heavy Duty Light Stand 118″/300CM
(B) Phot-R 4m Heavy Duty Photo Studio 2-in-1 Combi Light Boom Stand
(C) Neewer Heavy-Duty Light Stand 13 Feet/4 Meters Spring Cushioned Aluminum Alloy Pro Tripod

Width of the base is comparable, see the slabs

The numbers don’t lie

	Tripod A	Tripod B	Tripod C
Collapsed length	104 cm	112 cm	115 cm
Measured max height	283 cm	366 cm	393 cm
Weight	2.45 kg	2.55 kg	5.9 kg
Price	£65	£70	£68
Short summary	Very good, not tall enough for outdoor surveys	Unstable, too light, loose locking mechanism, unsuitable for holding APs	Great value for money, rock-solid, tall, heavier

Summary

I decided for tripod (C). It is high enough for outdoor surveys, rock-solid, and very stable. I also built an adapter that allows me to easily mount any outdoor Cisco AP (Catalyst, Aironet or Meraki MR). Here is more about my outdoor Meraki MR universal tripod adapter. Stay tuned for the Aironet and Catalyst one.

The only downside is its weight. Also, watch out for packaging. The first one I ordered arrived with the bottom of the box open and the head, where you insert the 1/3″ and 3/8″ adapter, was damaged. So, it took one return to get an undamaged one.

All three tripods are supplied with 1/4″ to 3/8″ adapter.

Even the replacement one had some extra tape applied, fortunately undamaged this time

Apple iOS 14 Private Address feature, per SSID Wi-Fi MAC randomisation and how it actually works

Apple published a brief summary of the newly introduced “Private Address” Wi-Fi feature. Since it does not go into the detail, I tested the public iOS 14.0 release on an iPhone SE and iPad Mini in my lab. Here is how it actually works.

New Wi-Fi networks

For SSIDs you have not connected to before, iOS 14 devices generate a random MAC “Private Address” and they use this MAC address permanently for this SSID. This address does NOT change over time. This works as expected.

Previously used Wi-Fi networks

Known Wi-Fi networks you have already connected to at least once before the upgrading to iOS 14 get a different treatment though. And this is where things are not as straightforward as the documentation suggests.

After upgrading to iOS 14, I connect to a known network which I have already used before the upgrade. The MAC address that is used is actually the real hardware MAC address of the Wi-Fi adapter for 24 hours. Note that the “Private Address” feature is enabled. This could potentially be considered a UI bug.

24 hours after first connecting from an iOS 14 device to this known SSID, the “Private Address” feature kicks in and the MAC address for this SSID automatically switches from the real MAC address to a randomly generated MAC address. Personally, I assume that this 24-hour period has been developed to allow enterprises to disable Private Address feature on their managed iOS devices using MDM, but I may be wrong.

From this point onwards the same randomly generated Private Address is permanently used for this SSID and does NOT change over time.

Schedule WLAN availability on Catalyst 9800 Series Wireless LAN Controllers

Catalyst 9800 controllers come with built-in support for WLAN availability scheduling. When a WLAN becomes disabled, APs do not broadcast the SSID and channel utilisation decreases. Also, it can be implemented as a security enhancement to prevent client devices from connecting during specified hours.

At the time of writing IOS-XE 17.3.1 does not yet offer a GUI for this capability, but there is a couple of options how to schedule WLAN availability.

Before we start, please double-check time settings on the controller, enable NTP client and set a correct timezone.

Option 1: Built-in Calendar Profile

The configuration is self-explanatory, so let’s start with that. My example enables all WLANs mapped to the “default-policy-profile” from 9 am to 5 pm every week day. Outside of these times, the SSIDs will not be available for clients to join.

configure terminal
!
wireless profile policy default-policy-profile
shutdown
!
no wireless profile calendar-profile name WEEKDAYS-9-TO-5
!
wireless profile calendar-profile name WEEKDAYS-9-TO-5
day monday
day tuesday
day wednesday
day thursday
day friday
recurrence weekly
start 09:00:00 end 17:00:00
!
wireless profile policy default-policy-profile
calendar-profile name WEEKDAYS-9-TO-5
action wlan_enable
no shutdown
!

Verification

You can verify using a Wi-Fi client. If you do “show wlan summary”, the WLANs will still appear as “Enabled” and this is expected. To verify current status of WLANs controlled by the Calendar Profile, please use “show logging | include SCHEDULED_WLAN”.

Reference

Official documentation explaining Calendar Profiles.

Option 2: EEM Script

If you like flexibility, an EEM script running on the controller triggered by CRON might work even better for you. Special thanks to Federico Ziliotto for this.

event manager applet EEM_SCHEDULE_WLAN_UP
event timer cron cron-entry "0 9 * * 1-5" name 9_AM_MON_TO_FRI
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "wlan MY_SSID"
action 4.0 cli command "no shut"
action 5.0 cli command "end"
action 6.0 syslog msg "Scheduled WLAN_SSID has been enabled"

event manager applet EEM_SCHEDULE_WLAN_DOWN
event timer cron cron-entry "0 17 * * 1-5" name 5_PM_MON_TO_FRI
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "wlan MY_SSID"
action 4.0 cli command "shut"
action 5.0 cli command "end"
action 6.0 syslog msg "Scheduled WLAN_SSID has been disabled"

Reference

Here and here are some useful and practical EEM examples for your reference.

How to convert hundreds of Cisco Aironet or Catalyst APs from Mobility Express or Embedded Wireless Controller to Lightweight mode using Option 43

You may have used DHCP Option 43 to point an AP to its controller before. But only very few people know that Cisco APs can automatically convert themselves from the built-in controller mode (think Mobility Express or Embedded Wireless Controller) to Lightweight mode after they receive a special Option 43 from a DHCP server.

If you have a pallet of access points (or routers with built-in Wi-Fi in Mobility Express mode) next to your desk and need to convert all of them to Lightweight mode, simply configure DHCP Option 43 in the following format on your DHCP server and plug them into a PoE capable switch. After the APs boot up and receive the option from DHCP server, they automatically switch to the Lightweight mode and attempt to join the configured controller (192.168.130.2 in our case).

Option 43 format used for AP conversion

f2:05:c0:a8:82:02

“f2” tells the AP that we want it to switch to Lightweight mode

“05” means that only one controller IP address will follow

“c0:a8:82:02” is the controller IP address (192.168.130.2 in this case) in hexadecimal format, search for “IP to Hex Converter” if you do no want to do the math

Cisco IOS/IOS-XE DHCP server configuration

You can run DHCP server on a Catalyst switch. The DHCP scope configuration is straightforward.

ip dhcp pool <pool name>
network <ip network> <netmask>
default-router <default-router IP address>
dns-server <dns server IP address>
option 43 hex f205c0a88202

WLAN Pi, Raspberry Pi and any other Linux ISC DHCP server configuration

Special thanks to Nicolas Darchis, who helped me find the “vendor-encapsulated-options” option. It lets you enter Option 43 in the hex format and all it takes is a single line of DHCP server configuration.

# eth0 DHCP scope on ISC DHCP server
subnet 192.168.130.0 netmask 255.255.255.0 {
interface eth0;
range 192.168.130.100 192.168.130.200;
option routers 192.168.130.1;
option domain-name-servers 208.67.222.220, 208.67.222.220;
default-lease-time 86400;
max-lease-time 86400;
option vendor-encapsulated-options f2:05:c0:a8:82:02;
}

DHCP server on Cisco Meraki MX appliance

If your DHCP server runs on a Cisco Meraki MX appliance, you can easily configure Option 43 using Dashboard. Here are the instructions.

Packet capture or it did not happen

Here is the DHCP Offer packet with the special Option 43 value sent from DHCP server to the APs. They will start the conversion automatically after receiving it.

Option 43 which converts the AP from ME or EWC mode to lightweight

Verify successful AP conversion to Lightweight mode

Console to one of the APs and you will notice this message:

[*08/25/2020 23:24:39.5620] Last reload reason : 2: AP type changed from ME to CAPWAP

Or you can let the AP finish its job. And then verify successful conversion to Lightweight mode whenever you are ready using the “show version” command.

9120#show version
<output omitted>
9120 uptime is 0 days, 0 hours, 5 minutes
Last reload time : Tue Aug 25 23:24:39 UTC 2020
Last reload reason : AP type changed from ME to CAPWAP
<output omitted>