Apple iOS Shortcut: Install Wi-Fi diagnostics profile to your iPhone the easy way

Apple developed a diagnostics profile that allows you to monitor and troubleshoot Wi-Fi connectivity. Unfortunately, it is only available for 7 days after installation. After that, it get automatically removed. If you are a Wi-Fi professional, that means that you need to reinstall it every few days. Yes, it always disables when you are on site and need it the most :)

Manual installation of the profile – the hard way

Normally, I would google something along the lines of “Apple Wi-Fi diagnostics profile”, eventually I find the right link, log in, search for the iOS Wi-Fi profile on the Apple Developer website, download the profile, go to Settings > General > Profiles section, and I install it from there.

Wi-Fi diagnostics profile for iOS devices

What if there was a little tool that did most of the above for you?

The easy way

I put together a quick “Wi-Fi Profile” Apple Shortcut that removes some of these steps. Install the shortcut on your phone and it will guide you through the diagnostics profile installation every time you need it. It downloads the profile to your iPhone, lets you approve the installation and voilà, you open Wi-Fi settings and get RSSI measurements, channel details, BSSID and other useful info.

How to add the Shortcut to your phone

Download the latest version from my GitHub and follow the video instructions. Save it your home screen and execute it whenever you want to reenable Wi-Fi diagnostics.

See the shortcut in action

More shortcuts, anyone?

I wrote few other Shortcuts. Perhaps you are connected to a someone’s guest network, and would like to see who their access point vendor is? Your iPhone can tell you.

Or you use 2 iPhones and want to get a reminder when your secondary/test phone’s battery drops below 10%?

Convert Cisco Catalyst Wireless access point to Meraki cloud-managed mode

We have already converted a Cisco Meraki access point to Catalyst/DNA mode the other week.

Access point conversion from Catalyst/DNA mode (managed by Catalyst 9800 controller) to Meraki mode allows you to add a Catalyst Wireless AP to Cisco Meraki Dashboard, and fully monitor, and fully manage it from there.

Convert Catalyst/DNA AP to Meraki mode

Order the AP in the right mode

Order your access points in the right mode out of the box, and don’t worry about conversion. That’s the “-MR” SKU for cloud-management/SaaS model. If you wish to manage the APs by a Catalyst 9800 controller, simply find the right access point SKU and regulatory domain based on your coutry using this tool and reach out to your favourite Cisco Partner or distributor for a quote.

What do we need?

  • Catalyst Wireless CW9162I, CW9164I, CW9166I, CW9166D1, or CW9163E access point joined to a Catalyst 9800 series controller (hardware appliance, cloud instance, or virtual machine)
  • Cisco Meraki MR access point license

Let’s start the conversion

1. Make sure the access points you want to convert have successfully joined the Catalyst 9800 controller. Head over to Configuration > Wireless > Migrate to Meraki Management Mode.

Migrate to Meraki Management Mode

2. Select one or more APs you wish to convert and click the Migrate to Meraki Management Mode button.

Select APs

3. Wait for validation to complete. Click Next.

4. Tick Agree and continue and click Yes.

Take a deep breath and kick-start the process

5. Conversion has now finished. Note that each AP has a Cisco Serial Number and Meraki Serial Number. Copy the Meraki Serial Number.

Conversion has finished

6. While you are doing that, the AP rebooted and started the Meraki image.

AP has left the controller and is about to establish connectivity to Dashboard after reboot

During the boot process, the AP logs a message about the mode change.

Reset reason – AP converted to Meraki mode

And you will no longer have access to its Console port. If you connect a console cable, <Meraki> output will appear with no option to type any commands.

Console port output after conversion

7. Copy the Meraki Serial Number and log in to Cisco Meraki Dashboard. Open Organization > Configure > Inventory. Click Add devices, and paste the Meraki Serial Number of the AP.

Inventory
Add the AP by entering its Meraki Serial Number

8. From now on, the AP now behaves like any other Meraki cloud-managed access point. All monitoring and management features of the Dashboards are available. If you ever change your mind, and wish to convert it back to Catalyst/DNA mode, here is my step-by-step guide.

Useful WiFi Explorer Pro filters for finding rogue APs and APs with low minimum mandatory data rate

If you have not used WiFi Explorer before, get yourself a copy of the Pro version here. It is absolutely worth it and extremely useful tool if you have anything to do with Wi-Fi.

The Pro version (the Lite doesn’t) supports Filters. They allow you to filter scan results and get exactly the scan results you are interested in.

Find rogue access points

Let’s say you want to find APs that use other SSIDs than yours. This filter does just that. It shows all SSIDs other than CiscoLive or CiscoLive-WPA3. It excludes 2.4 GHz and U-NII-3 band – if we allow those for non-production use for example. Simply paste this string into the Filters text field in the top right-hand corner.

dot11.net.ssid !~ "CiscoLive" AND dot11.net.ssid !~ "CiscoLive-WPA3" AND dot11.net.band != 2.4 AND dot11.net.channel < 149

Find APs using low minimum mandatory data rate

Other times you might want to look for access points that have minimum mandatory data rate configured to low – by mistake or by choice. In this example, I am interested in APs broadcasting these 2 SSIDs and using minimum mandatory rate of 6 or lower.

dot11.net.min_basic_rate <= 6 AND dot11.net.ssid ~~ "CiscoLive" OR dot11.net.ssid ~~ "CiscoLive-WPA3"

Download the cheat sheet

We have only scratched the surface. You can do so much more with filters.

Intuitibits, the makers of WiFi Explorer, published a great one-pager documenting the syntax. Get yourself a copy.

Convert Cisco Meraki MR access point to Catalyst DNA mode

Same hardware, your choice of management

The latest generation of Wi-Fi 6E Catalyst Wireless access points (CW9162, CW9164, CW9166 series) gives you the option to either cloud-manage them using Cisco Meraki Dashboard, or manage the APs by Cisco Catalyst 9800 series Wireless LAN Controller (WLC).

They are the exact same hardware and they ship pre-loaded with the Catalyst/DNA and Meraki software image. Depending on the mode setting, they either boot one image or the other.

What do we need

  • Catalyst Wireless CW9162I, CW9164I, CW9166I, CW9166D1, CW9163E access point in Meraki mode
  • Cisco Meraki MR access point license to perform the conversion
  • Cisco DNA Essentials or DNA Advantage access point license if you want to use join and manage the AP by a Catalyst 9800 controller

Choose AP mode before ordering

You will have the best experience when you order your access points in the right mode.

Order the right mode

Order a DNA persona AP and it will auto-discover your Catalyst 9800 controller using one of the supported methods. In the UK, I can order the “-ROW” AP and manage it by Catalyst 9800, and optionally add Catalyst Center (previously known as DNA Center) to get analytics, assurance and other great features. Find the right access point SKU and regulatory domain based on your coutry using this tool.

If you prefer, order the Meraki mode access point, connect it to the internet, and claim it in the Dashboard. Meraki APs use a single “-MR” SKU globally.

Conversion from MR to Catalyst/DNA mode

If you ordered a Meraki access point and your requirements have changed, you can convert the AP to DNA mode.

1. Make sure you have an active Meraki MR license. Why? We need the license to connect the AP to Dashboard, and to open a conversion request with Meraki technical support team.

2. Provide power and internet connectivity to the access point.

3. Log in to Dashboard. Navigate to Organization > Configure > Inventory and add the access point using its Meraki S/N.

Enter the Meraki S/N from the product label

4. Add your MR license to Dashboard under Organization > Configure > License Info.

5. Wait for the AP to connect to Dashboard and change its LED to solid green or solid blue. Perfect, the AP is now online.

6. Complete this checklist first. Disable Meshing feature and make sure your Catalyst 9800 is ready for the AP to connect after conversion has completed.

Disable Meshing feature

7. Open a new support case by clicking the (?) question mark in the top right hand corner > Cases > New Case.

8. Include all these details to speed up the conversion process. Find your Customer Number by clicking the person icon in the top right hand corner. To get your Daily Support Code, click the same person icon, then open My profile.

Hi,

Please convert my CW*****-MR AP with Meraki SN ****-****-**** to DNA mode. I do have an existing DNA license. I disabled Meshing in the Dashboard.

I have completed this checklist:
https://documentation.meraki.com/MR/Other_Topics/916X_Management_Mode_Checklist_and_Troubleshooting

I am aware that the AP will not join Dashboard after the conversion, unless I convert it back to MR mode.

Please go ahead and start the mode change immediately.

My customer number: ****-****
My support passcode for today: ****

Have a great day!

9. If this conversion is urgent, call into Meraki support. No, don’t e-mail the support team, call them. Have the case number by hand. Find the best phone number here.

10. After the support engineer starts the conversion, your AP will reboot. It is now in the Catalyst mode. You can verify that by keeping an eye on the Console port output during its boot. Just to remind you (and myself): The new Console port baud rate is 115200 from 17.12.1 release onwards.

Autoboot in 5 seconds
Catalyst Mode Selected

11. The AP should now follow the standard Catalyst LED pattern. It is ready to be managed by a Catalyst 9800 series controller – be it a hardware appliance, virtual machine, or public cloud instance.

12. Our DHCP server assigned an IP address to the AP, which has automatically discovered and joined the WLC located in the same IP subnet.

Successful WLC discovery and AP join
Followed by automatic software image upgrade
The AP has joined the WLC and is ready for use

To enable SSH and Console access, create a username, password and enable password in the Catalyst 9800 controller’s AP Join Profile > Management > User section. SSH protocol is disabled by default. You can enable it in the AP Join Profile.

You have full Console access and control over the AP

Need to convert the AP back to Meraki mode?

If you change your mind and want to convert the AP back to cloud-managed Meraki mode, here are the instructions.

Wi-Fi Vendor – Detect vendor of a Wi-Fi access point with just your iPhone or iPad

Many of us walk into buildings and we immediately start looking for access points 🙃 Often times, the APs are not visibly installed. But how can you tell what vendor is your favourite coffee shop using, or what APs has your customer deployed?

Now, would it be cool if you could use your iPhone or iPad to find out what vendor is your customer, public venue, favourite football club, or train provider using?

Wi-Fi Vendor iOS Shortcut

I created a Shortcut for iOS, which does exactly that.

Simply connect to a Wi-Fi network and open the shortcut. We will automatically populate the input field with the BSSID of the AP you are currently connected to:

Simply connect to a Wi-Fi network and tap on the Wi-Fi Vendor icon

If you don’t want to connect to an AP, use Airport Utility to get the BSSID (aka the “wireless MAC address” of the AP) of the access points around you, and let Wi-Fi Vendor shortcut do its magic:

Scan for BSSIDs around you and detect vendor

Or you can even use the good old Copy & Paste method. Let’s say you saved the OUI to your Notes app. Copy it to clipboard and paste into Wi-Fi Vendor:

Benefits of this solution

  • iPhone or iPad is all you need. No need to open your laptop or other professional Wi-Fi tool.
  • It is free, and driven by your coffee donations 😉☕️
  • All data stays on your iPhone and iPad. No data, not even the BSSID, is sent to a cloud service.
  • Our OUI <-> Vendor database is Wi-Fi centric, open to additions of the new records by Wi-Fi professionals, it has extra entries from vendor documentation, and BSSIDs captured in the field
  • It is community-driven and customisable. Contribute new OUIs, or fork our repository and create your own tool.
  • For Cisco Meraki APs, I use an active detection method – more about this below

Cisco Meraki active vendor detection method

When there is no match based on the access point’s OUI, Wi-Fi Vendor shortcut performs an active check. Make sure you are connected to the AP, then open Wi-Fi Vendor. It will attempt to browse to the Local Status Page of the AP and if it find Cisco Meraki logo in the source code, that’s a match.

Supported iOS releases

I’ve tested Wi-Fi Vendor on these devices. Use iOS 17 or newer for the best results and all features.

  • iPad Air 2, iOS 15.7.7 – no Cisco Meraki active check, doesn’t detect BSSID you are currently connected to
  • iPhone SE 2nd gen, iOS 16.6 – no Cisco Meraki active check, doesn’t detect BSSID you are currently connected to
  • iPhone SE 2nd generation, iOS 17.0 – all features are supported
  • iPhone SE 3rd generation, iOS 17.0 – all features are supported
  • iPhone 15 Pro, iOS 18.0 – all features are supported

Download and install Wi-Fi Vendor iOS Shortcut

It takes less than a minute to install.

Follow this video guide to 🔽 download the latest version from my GitHub to your iPhone or iPad.

Install Wi-Fi Vendor shortcut

Start Wi-Fi Vendor shortcut with the iPhone Action button

iPhone 15 Pro and newer models have a new physical Action button. You can use it to start the Camera app and take a photo. Or, if you are a Wi-Fi person, simply map this shortcut to the Action button and start Wi-Fi Vendor by a press of a button.

Start Wi-Fi Vendor shortcut using the physical Action button

The mandatory boring bit

This tool is provided as is. If you spot anything that could be improved, let us know, or even better, submit a Pull Request including the fix. Blame Jiri for anything that needs to be fixed, not Cisco 😉

Cisco DART extension cable for C-ANT Wi-Fi antennas and Catalyst 9130AXE access points

Cisco’s Catalyst 9130AXE access point (the external antenna model) doesn’t have any antennas built-in by design. It uses a DART connector with 8 RF lines and 16 digital lines. They carry the RF signals and allow communication between the AP and antenna.

All new C-ANT9101, C-ANT9102 and C-ANT9103 antennas connect natively using their directly-attached DART connector to the Catalyst 9130AXE access point. It significantly simplifies the deployment process, allows the AP to automatically detect the antenna model, type and gain, and it doesn’t allow any room for installation errors like loose RP-TNC connectors or swapped antenna RF ports.

Here is an example of the new bell antenna C-ANT9102 with directly-attached DART connector.

And here is one connected to the C9130AXE-E access point.

Now, if your scenario requires the antenna to be installed further away from the access point (inside of a freezer for example) there is a 3-feet DART extension cable for that sold by Cisco.

The part number is AIR-CAB003-D8-D8=.

It has 90-degree 8-port plug on one side and straight 8-port jack on the other.

Azimuth and Elevation angles of external Wi-Fi antennas on Cisco DNA Center maps

Orientation of Wi-Fi access point with external antennas on Cisco Catalyst Center (previously known as DNA Center) maps is represented by 2 key attributes.

Azimuth tells us how many degrees we rotated the antenna around its vertical axis. It ranges from 0 to 360.

Elevation represents down tilt of the main lobe relative to horizon. It ranges from -90 to 90. Horizon equals to Elevation 0. If the antenna’s down tilt is 30° down, Elevation is -30. The minus sign tells us that the antenna is pointed downwards.

Downtilt of 30° equals to Elevation -30

Antenna shooting above the horizon, which is not very common, would have positive (larger than 0) Elevation value.

We are going to focus exclusively on access points with external antennas in this post. If you are deploying internal antenna AP or AP with dipole antennas, here are the correct settings for you.

Everything in this post applies to all Cisco’s directional antennas. To name a few, C-ANT9103, C-ANT9104, AIR-ANT2566D4M-R, AIR-ANT2566P4W-R, AIR-ANT2513P4M-N.

Enough theory. Pictures are worth a thousand of words.

We are going to use use Cisco’s AIR-ANT2566P4W-R, which has a nicely squished pattern and changes to its orientation are very visual.

Wall-mounted external antenna

By default DNA Center sets APs with external antennas to Azimuth 0 and Elevation 0. Elevation 0 means that the antenna is wall-mounted (downtilt 0°) and its main lobe shoots parallel to horizon.

Let’s assume perfectly wall-mounted antennas with no downtilt at all in the examples below. That way we don’t need to touch the Elevation setting at all. All we need to do is to adjust the Azimuth angle depending on which wall the antenna is mounted on.

Wall-mounted antenna shooting towards the right

Azimuth 0 and Elevation 0 is the default setting for external antennas. It represents a perfectly wall-mounted antenna (that’s what Elevation 0 means) shooting in the right hand direction (that’s what Azimuth 0 does). The main lobe travels parallel to the floor.

Azimuth 0, Elevation 0
Azimuth 0 and Elevation 0

On the floor plan, it is mounted on the ‘left wall’ of the room, shooting towards the right.

Wall-mounted antenna shooting towards the bottom of the map

Now, what if you installed the antenna on a wall, but it points towards the bottom of the map (I avoid the south as it is not true south) this time?

Azimuth 90 and Elevation 0

We rotated the antenna clockwise around it vertical axis by 90 degrees. There is Azimuth for that, so we will increase Azimuth by 90. The final setting is Azimuth 90 and Elevation 0.

The antenna appears as mounted on the ‘top wall’ of the room shooting towards the bottom of our floor plan.

Wall-mounted antenna shooting towards the left

We have now rotated the antenna by another 90 degrees clockwise. That results in Azimuth 180 and Elevation 0.

Azimuth 180 and Elevation 0

It is installed on the right wall pointed towards the left of our floor plan.

Wall-mounted antenna shooting towards the top of the map

Finally, if the antenna is mounted on the ‘bottom wall’ and it points towards the top of our floor plan, that is another 90-degree increment, and results in Azimuth 270 and Elevation 0.

Azimuth 270, Elevation 0

Hopefully, there are no surprises there?

If your antenna uses a different orientation, simply drag the blue Azimuth arrow and point it wherever the antenna’s main lobe is shooting towards.

Ceiling-mounted antenna

Ceiling-mounted antenna shooting towards the floor

Antenna mounted to the ceiling shooting towards the floor has downtilt of 90°. We simply set Elevation to -90. Don’t miss the minus sign.

This is how Azimuth 0 (antenna cables on the left, top side of the antenna on the right) and Elevation -90 looks like.

Azimuth 0, Elevation -90

The irregular ‘oval-ish’ pattern of this patch antenna is very obvious on the map. It kisses the top and the bottom of the floor plan.

My antenna is ceiling-mounted but it is rotated?!

To rotate the antenna on the ceiling by 90° clockwise, we just need to increment Azimuth.

Azimuth 90, Elevation -90

Azimuth 90, Elevation -90

This time the coverage area stretches from left to right, because we rotated the antenna by 90 degrees.

Azimuth 180, Elevation -90

Azimuth 180, Elevation -90

Azimuth 270, Elevation -90

Antenna cables point towards the bottom of the map, which is yet another 90-degree increment. It is still perfectly ceiling-mounted (that’s Elevation -90).

Azimuth 270, Elevation -90

Let’s practise

Now, let’s apply the theory.

What Azimuth and Elevation would you configure on C-ANT9103 antenna connected to Catalyst 9130 AP mounted using AP-BRACKET-9 bracket on the ‘top wall’ (don’t let the perspective of the photo confuse you) of the floor plan with 30-degree downtilt?

Azimuth 90, Elevation -30

The antenna is mounted on the top wall shooting to the bottom of the map. That translates to Azimuth 90. It is wall-mounted, which normally means Elevation 0, but it is tilted 30° down. So, we subtract 30 from Elevation. And here we go, that’s Elevation -30.

Generate a Wi-Fi QR code offline without relying on random web services

There are many online services that allow you to create a Wi-Fi QR code for free. The problem is that you are giving your SSID and your password (passphrase) in plain text to a random company on the internet. What happens if they sell or leak these?

There is a better way

You can easily create a QR code from your Terminal. The tool will guide you through the process.

wifi_qrcode_generator in action

What do we need?

I am using a Mac (it should work the same way on Windows) and we will install wifi_qrcode_generator, which is a Python package. No Python skills needed.

Install the tool

Open macOS Terminal and execute:

pip install wifi-qrcode-generator

Add Python to your PATH variable

You now might be able to start the tool by typing wifi-qrcode-generator in Terminal. If it fails, you might need to add Python to your PATH variable.

  1. Edit this zsh file: nano ~/.zshrc
  2. Add a new line and modify the Python version part if needed: export PATH="$HOME/Library/Python/3.9/bin:$PATH"
  3. Save the file using Control+o and exit using Control+x.

Generate a Wi-Fi QR code the easy way

Execute wifi-qrcode-generator in Terminal and follow the instructions.

wifi_qrcode_generator tool in action

If you decide to save it as PNG, the file will save to your home folder.

Generated QR code sample

Scan the QR code with the Camera app on your phone and it will save this new Wi-fi profile and it will attempt to join.

Or use 4 lines of Python to generate the QR code

Alternatively, you can use few lines of Python to generate the code.

import wifi_qrcode_generator.generator
qr_code = wifi_qrcode_generator.generator.wifi_qrcode(ssid='Jiri', hidden=False, authentication_type='WPA', password='SuperSecretP@$$w0rd')
qr_code.make_image().save('qr-jiri.png')

The outcome is the exact same.