Wi-Fi - Jiri Brejcha

Hot-swappable tripod adapter for Cisco Aironet 1560 outdoor access points

If you have followed my hot-swappable series, my goal was to find a solution to swapping multiple outdoor AP + antenna combinations and a variety of AP models on the same tripod. What is the use case? I only wanted to carry a single tripod on the site survey day while still having the flexibility to survey with variety of antennas and different AP models.

After making the adapter for MR86 and MA-ANT-20 dipoles and MR86 with two MA-ANT-25 directional antennas, I realised I needed one for Aironet 1560, which, at the time of the writing, is my go-to outdoor AP.

Please excuse the DYI approach. I did this during UK’s second COVID-19 lockdown. Shops were closed, access to tools was limited and I had no access to my lab.

How it turned out?

It went surprisingly well this time as I’ve already built a similar adapter for Cisco Meraki MR APs and this time it was even easier. Same as last time, the alu tube slides inside the top tripod tube and we are ready to roll.

The actual steps

I stocked up on M6 x 30 mm bolts, cut the 16 mm aluminium tube to the right length and reused the last bit of decking from a different project.

I thought I will try making a template, which I then transferred onto the wood. That wasn’t the best idea and it seems to work best when you watch someone using this “trick” on YouTube. Next time I will go for an analog pencil and ruler, lesson learned;-)

That trick did not go as well as I thought :)

The decking is quite thick so I ended up shaving few millimeters off it. And here is the final adapter.

Did you say tripod?

Yes, here is more about this 4-meter tripod I use.

How to achieve down tilt?

Thanks to Alan Wang, who suggested I use the official articulating pole mount AIR-ACC1530PMK2 and attach it to my “back board”. Obviously azimuth you can adjust by rotating the tripod, and this allow you to change the elevation angle.

Tripod mounting adapter for Cisco Meraki MR outdoor access points

I needed to find a solution to swapping multiple outdoor AP and antenna combinations on the same tripod. Specifically MR86 with MA-ANT-20 dipoles and MR86 with two MA-ANT-25 directional antennas. Quick swapping was a key requirement. Some coverage areas required directional pattern while other locations with low traffic and low client density would really benefit from omnidirectional coverage.

MRs ship with standard pole mounting hardware, which is great for permanent installation, but it didn’t allow fast swapping of the AP and antenna sets. Also, pole mounting kit requires tools, which is not practical as it add additional weight to your survey backpack.

Please excuse the DYI approach. I did this during UK’s second COVID-19 lockdown. Shops were closed, tools were limited and I had no access to my lab.

You are smart people, so I don’t need to stress this point, but please don’t take this write-up as Cisco’s official guide or recommendation. This is just me trying to find a solution to a problem.

So, what’s the solution?

Let me show you the final adapter and we can then look into the detail.

MR86 with MA-ANT-20 dipoles and we also had some snow here down south;-)

Under the hood

It all started when I spotted my wife’s aluminium 16 mm gardening tubes;-) I realised they were perfect fit for my tripod. They slide nicely inside the top tripod tube about a couple of inches (5 cm) or so.

Tripod and mounting adapter with the standard AP bracket

Grooves in the decking board helped me align the tube

Two drill bits later: Directional adapter with AP mounted on the back for stability

What would I improve?

If I were to build a second iteration of this adapter, I would add a safety wire and attach the AP mounting bracket to the tripod. I would call this mandatory, especially if you are not the only user of these adapters or if there is going to be a person stood underneath the tripod.

Apart from that, it works really well, it is rock-solid, and allows me to swap the MR with omnis and MR with directional antennas in less than 10 seconds.

Affordable tripods for occasional Wi-Fi site surveys

As I mentioned in my battery pack review, I am fortunate to rely on our field engineers and partners when it comes to predictive design validation, wall measurements and AP on a stick surveys. Having said that, I enjoy going on site a few days a month and staying close to our projects. Which leads me to yet another blog post from the “affordable series”;-)

This time I tested 3 tripods. Key factors I considered were value for money, build quality, and suitability for outdoor surveys ability to hold anything from an indoor or outdoor AP to a camera.

Tripods

Left to right/up to down:
(A) Neewer Stainless Steel Heavy Duty Light Stand 118″/300CM
(B) Phot-R 4m Heavy Duty Photo Studio 2-in-1 Combi Light Boom Stand
(C) Neewer Heavy-Duty Light Stand 13 Feet/4 Meters Spring Cushioned Aluminum Alloy Pro Tripod

Width of the base is comparable, see the slabs

The numbers don’t lie

	Tripod A	Tripod B	Tripod C
Collapsed length	104 cm	112 cm	115 cm
Measured max height	283 cm	366 cm	393 cm
Weight	2.45 kg	2.55 kg	5.9 kg
Price	£65	£70	£68
Short summary	Very good, not tall enough for outdoor surveys	Unstable, too light, loose locking mechanism, unsuitable for holding APs	Great value for money, rock-solid, tall, heavier

Summary

I decided for tripod (C). It is high enough for outdoor surveys, rock-solid, and very stable. I also built an adapter that allows me to easily mount any outdoor Cisco AP (Catalyst, Aironet or Meraki MR). Here is more about my outdoor Meraki MR universal tripod adapter. Stay tuned for the Aironet and Catalyst one.

The only downside is its weight. Also, watch out for packaging. The first one I ordered arrived with the bottom of the box open and the head, where you insert the 1/3″ and 3/8″ adapter, was damaged. So, it took one return to get an undamaged one.

All three tripods are supplied with 1/4″ to 3/8″ adapter.

Even the replacement one had some extra tape applied, fortunately undamaged this time

Apple iOS 14 Private Address feature, per SSID Wi-Fi MAC randomisation and how it actually works

Apple published a brief summary of the newly introduced “Private Address” Wi-Fi feature. Since it does not go into the detail, I tested the public iOS 14.0 release on an iPhone SE and iPad Mini in my lab. Here is how it actually works.

New Wi-Fi networks

For SSIDs you have not connected to before, iOS 14 devices generate a random MAC “Private Address” and they use this MAC address permanently for this SSID. This address does NOT change over time. This works as expected.

Previously used Wi-Fi networks

Known Wi-Fi networks you have already connected to at least once before the upgrading to iOS 14 get a different treatment though. And this is where things are not as straightforward as the documentation suggests.

After upgrading to iOS 14, I connect to a known network which I have already used before the upgrade. The MAC address that is used is actually the real hardware MAC address of the Wi-Fi adapter for 24 hours. Note that the “Private Address” feature is enabled. This could potentially be considered a UI bug.

24 hours after first connecting from an iOS 14 device to this known SSID, the “Private Address” feature kicks in and the MAC address for this SSID automatically switches from the real MAC address to a randomly generated MAC address. Personally, I assume that this 24-hour period has been developed to allow enterprises to disable Private Address feature on their managed iOS devices using MDM, but I may be wrong.

From this point onwards the same randomly generated Private Address is permanently used for this SSID and does NOT change over time.

Schedule WLAN availability on Catalyst 9800 Series Wireless LAN Controllers

Catalyst 9800 controllers come with built-in support for WLAN availability scheduling. When a WLAN becomes disabled, APs do not broadcast the SSID and channel utilisation decreases. Also, it can be implemented as a security enhancement to prevent client devices from connecting during specified hours.

At the time of writing IOS-XE 17.3.1 does not yet offer a GUI for this capability, but there is a couple of options how to schedule WLAN availability.

Before we start, please double-check time settings on the controller, enable NTP client and set a correct timezone.

Option 1: Built-in Calendar Profile

The configuration is self-explanatory, so let’s start with that. My example enables all WLANs mapped to the “default-policy-profile” from 9 am to 5 pm every week day. Outside of these times, the SSIDs will not be available for clients to join.

configure terminal
!
wireless profile policy default-policy-profile
shutdown
!
no wireless profile calendar-profile name WEEKDAYS-9-TO-5
!
wireless profile calendar-profile name WEEKDAYS-9-TO-5
day monday
day tuesday
day wednesday
day thursday
day friday
recurrence weekly
start 09:00:00 end 17:00:00
!
wireless profile policy default-policy-profile
calendar-profile name WEEKDAYS-9-TO-5
action wlan_enable
no shutdown
!

Verification

You can verify using a Wi-Fi client. If you do “show wlan summary”, the WLANs will still appear as “Enabled” and this is expected. To verify current status of WLANs controlled by the Calendar Profile, please use “show logging | include SCHEDULED_WLAN”.

Reference

Official documentation explaining Calendar Profiles.

Option 2: EEM Script

If you like flexibility, an EEM script running on the controller triggered by CRON might work even better for you. Special thanks to Federico Ziliotto for this.

event manager applet EEM_SCHEDULE_WLAN_UP
event timer cron cron-entry "0 9 * * 1-5" name 9_AM_MON_TO_FRI
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "wlan MY_SSID"
action 4.0 cli command "no shut"
action 5.0 cli command "end"
action 6.0 syslog msg "Scheduled WLAN_SSID has been enabled"

event manager applet EEM_SCHEDULE_WLAN_DOWN
event timer cron cron-entry "0 17 * * 1-5" name 5_PM_MON_TO_FRI
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "wlan MY_SSID"
action 4.0 cli command "shut"
action 5.0 cli command "end"
action 6.0 syslog msg "Scheduled WLAN_SSID has been disabled"

Reference

Here and here are some useful and practical EEM examples for your reference.

How to convert hundreds of Cisco Aironet or Catalyst APs from Mobility Express or Embedded Wireless Controller to Lightweight mode using Option 43

You may have used DHCP Option 43 to point an AP to its controller before. But only very few people know that Cisco APs can automatically convert themselves from the built-in controller mode (think Mobility Express or Embedded Wireless Controller) to Lightweight mode after they receive a special Option 43 from a DHCP server.

If you have a pallet of access points (or routers with built-in Wi-Fi in Mobility Express mode) next to your desk and need to convert all of them to Lightweight mode, simply configure DHCP Option 43 in the following format on your DHCP server and plug them into a PoE capable switch. After the APs boot up and receive the option from DHCP server, they automatically switch to the Lightweight mode and attempt to join the configured controller (192.168.130.2 in our case).

Option 43 format used for AP conversion

f2:05:c0:a8:82:02

“f2” tells the AP that we want it to switch to Lightweight mode

“05” means that only one controller IP address will follow

“c0:a8:82:02” is the controller IP address (192.168.130.2 in this case) in hexadecimal format, search for “IP to Hex Converter” if you do no want to do the math

Cisco IOS/IOS-XE DHCP server configuration

You can run DHCP server on a Catalyst switch. The DHCP scope configuration is straightforward.

ip dhcp pool <pool name>
network <ip network> <netmask>
default-router <default-router IP address>
dns-server <dns server IP address>
option 43 hex f205c0a88202

WLAN Pi, Raspberry Pi and any other Linux ISC DHCP server configuration

Special thanks to Nicolas Darchis, who helped me find the “vendor-encapsulated-options” option. It lets you enter Option 43 in the hex format and all it takes is a single line of DHCP server configuration.

# eth0 DHCP scope on ISC DHCP server
subnet 192.168.130.0 netmask 255.255.255.0 {
interface eth0;
range 192.168.130.100 192.168.130.200;
option routers 192.168.130.1;
option domain-name-servers 208.67.222.220, 208.67.222.220;
default-lease-time 86400;
max-lease-time 86400;
option vendor-encapsulated-options f2:05:c0:a8:82:02;
}

DHCP server on Cisco Meraki MX appliance

If your DHCP server runs on a Cisco Meraki MX appliance, you can easily configure Option 43 using Dashboard. Here are the instructions.

Packet capture or it did not happen

Here is the DHCP Offer packet with the special Option 43 value sent from DHCP server to the APs. They will start the conversion automatically after receiving it.

Option 43 which converts the AP from ME or EWC mode to lightweight

Verify successful AP conversion to Lightweight mode

Console to one of the APs and you will notice this message:

[*08/25/2020 23:24:39.5620] Last reload reason : 2: AP type changed from ME to CAPWAP

Or you can let the AP finish its job. And then verify successful conversion to Lightweight mode whenever you are ready using the “show version” command.

9120#show version
<output omitted>
9120 uptime is 0 days, 0 hours, 5 minutes
Last reload time : Tue Aug 25 23:24:39 UTC 2020
Last reload reason : AP type changed from ME to CAPWAP
<output omitted>

Cisco Aironet and Catalyst AP Option 43 configuration for ISC DHCP server on Linux

There is great document explaining how to configure Option 43 on ISC DHCP server on the Cisco website.

If all you need is a simple DHCP server which will assign Option 43 to all devices on the network, without selectively assigning it only to specific AP models using the class construct, you can simplify your ISC DHCP server configuration to this. It works great on a WLAN Pi.

Configuration

# Linux ISC DHCP server configuration in /etc/dhcp/dhcpd.conf
option space Cisco_LWAPP_AP;
option Cisco_LWAPP_AP.server-address code 241 = array of ip-address;

# eth0 DHCP scope
subnet 192.168.73.0 netmask 255.255.255.0 {
interface eth0;
range 192.168.73.100 192.168.73.200;
option routers 192.168.73.1;
option domain-name-servers 208.67.222.222, 208.67.220.220;
default-lease-time 86400;
max-lease-time 86400;
vendor-option-space Cisco_LWAPP_AP;
option Cisco_LWAPP_AP.server-address 10.10.10.10, 10.20.20.20;
}

Verification

The access point will get its IP configuration from the DHCP server including Option 43 and will try to join these controllers.

Throughput speed test of the fastest tp-link and Devolo Magic 2 Wi-Fi power line adapters (PLC)

I am in the market of buying a new pair of power line adapters. Power line is a great alternative or complement to Ethernet and Wi-Fi. It provides low latency and jitter and is very flexible and easy to install.

The current tp-link TL-PA6010 adapters have served me well, but they are now reaching their maximum throughput. So, I decided to get a new pair of the fastest adapters on the market (Devolo Magic 2 Wi-Fi) and also a pair of the best adapters from tp-link (TL-PA9020P). These will be used to connect my home office and lab networks to my router.

Since there are multiple brands offering a variety of products with a variety of advertised speeds, I am curious to see if the more expensive adapters are worth the premium price, what real throughput they would provide and if and how much a passthrough socket improves the power line speed.

Left to right: Devolo Magic 2 Wi-Fi, tp-link TL-PA9020P, tp-link PL-PA6010 (not sold anymore, this would be an equivalent)

Specification

I tested my current low-end adapters and two new high-speed ones:

Throughput, ping, jitter, power and Wi-Fi tests

Power line speeds vary and depend on the distance between the two adapters, your electrical wiring and interference. Please take the numbers below as relative ones, which would allow you to compare how these adapters perform under the same conditions and in the same setup.

All throughput numbers below were TCP measurements taken by iPerf3 running on a WLAN Pi (a single-board computer with 1 Gbps Ethernet) and the client was my MacBook with 1 Gbps USB-C Ethernet adapter. There were no intermediate network devices between them:

MacBook iPerf3 client <-> PLC1 <-> PLC2 <-> WLAN Pi iPerf3 server

The average download speed (measured 5 times at each of the locations in my house) ranges from 13% to 26% of the advertised speeds and goes nowhere near them. With £16 per 100 Mbps, the cheapest adapter seems to be the best value for money, unless you need higher speed and are willing to pay for it. It also is the most power efficient.

Devolo Magic 2 proved to the be the fastest solution with 331 Mbps average download speeds, while TL-PA9020P provided slightly better upload speeds than Devolo.

Each of the parameters (i.e. Download average) consisted of five iPerf3 tests in each location and I then computed the average values:

Built-in Wi-Fi access point

Devolo Magic 2 Wi-Fi remote adapter comes with a built-in dual-band 802.11ac Wi-Fi AP (not just a repeater as some of the cheaper adapters), but it is unstable and resets the power line connection every single time I connect and generate some traffic. I used the latest firmware available in July 2020. If a built-in Wi-Fi is a must-have for you, do NOT buy this adapter. Wait until it gets fixed or look for alternatives.

This is what happens. The SSID is broadcast, a Wi-Fi client can associate to the AP, but when the iPerf test starts, the client gets disconnected and power line connection is torn down for 10 seconds or so and then re-establishes. I was able to reproduce this bug every single time and it was not just one-off random problem.

On the positive note, it supports 2.4 GHz only, 2.4 + 5 GHz or 5 GHz only modes. It does not let you change channel width on 5 GHz though and always uses 80 MHz, which may sound like a good idea in a small town, but it is a disaster in a shared building with many other access points and neighbours present.

If high-speed power line without Wi-Fi is what you are after, then the Magic 2 non-Wi-Fi model could be a good option for you.

Passthrough socket

Passthrough socket allows you to plug an electrical appliance to the power line adapter without generating the socket your adapter is plugged into unusable. Cheaper adapters usually do not provide this.

The other benefit is that adapters with passthrough socket use filters to suppress noise coming from the connected electrical appliance and this improves speed by 13% – 15%.

Pros and cons

Devolo Magic 2 Wi-Fi
+ Fastest average download speed
+ Comes with a mobile app and each unit has a management web GUI
– Built-in access point resets the whole unit and Wi-Fi is not usable
– It runs quite warm compared to the other two and is the largest

tp-link TL-PA9020P
+ Very good and symmetrical performance
+ Stable
– No built-in Wi-Fi
– Still quite expensive compared to the slower and cheaper units

tp-link TL-PA6010 (or similar)
+ Great value for money
+ Stable
– Relatively low speeds
– No passthrough socket, no Wi-Fi

And the winner is…

My personal preferences are very likely different from yours and that is fine. I am looking for symmetrical TCP throughput of at least 200 Mbps, ideally a passthrough socket support and all other features are nice to have.

Devolo Magic 2 Wi-Fi proves to be unstable as the built-in access point crashes the whole adapter and resets the power line connection. Its back side also becomes quite warm regardless the load.

So, I decided for tp-link TL-PA9020P. It is stable, does all I need it to do and both adapters come with 2 Ethernet ports which gives me flexibility to plug my own access point in or connect using wired Ethernet connection.