How to convert hundreds of Cisco Aironet or Catalyst APs from Mobility Express or Embedded Wireless Controller to Lightweight mode using Option 43

You may have used DHCP Option 43 to point an AP to its controller before. But only very few people know that Cisco APs can automatically convert themselves from the built-in controller mode (think Mobility Express or Embedded Wireless Controller) to Lightweight mode after they receive a special Option 43 from a DHCP server.

If you have a pallet of access points (or routers with built-in Wi-Fi in Mobility Express mode) next to your desk and need to convert all of them to Lightweight mode, simply configure DHCP Option 43 in the following format on your DHCP server and plug them into a PoE capable switch. After the APs boot up and receive the option from DHCP server, they automatically switch to the Lightweight mode and attempt to join the configured controller (192.168.130.2 in our case).

Option 43 format used for AP conversion

f2:05:c0:a8:82:02

“f2” tells the AP that we want it to switch to Lightweight mode

“05” means that only one controller IP address will follow

“c0:a8:82:02” is the controller IP address (192.168.130.2 in this case) in hexadecimal format, search for “IP to Hex Converter” if you do no want to do the math

Cisco IOS/IOS-XE DHCP server configuration

You can run DHCP server on a Catalyst switch. The DHCP scope configuration is straightforward. 

ip dhcp pool <pool name>
network <ip network> <netmask>
default-router <default-router IP address>
dns-server <dns server IP address>
option 43 hex f205c0a88202

WLAN Pi, Raspberry Pi and any other Linux ISC DHCP server configuration

Special thanks to Nicolas Darchis, who helped me find the “vendor-encapsulated-options” option. It lets you enter Option 43 in the hex format and all it takes is a single line of DHCP server configuration.

# eth0 DHCP scope on ISC DHCP server
subnet 192.168.130.0 netmask 255.255.255.0 {
interface eth0;
range 192.168.130.100 192.168.130.200;
option routers 192.168.130.1;
option domain-name-servers 208.67.222.220, 208.67.222.220;
default-lease-time 86400;
max-lease-time 86400;
option vendor-encapsulated-options f2:05:c0:a8:82:02;
}

DHCP server on Cisco Meraki MX appliance

If your DHCP server runs on a Cisco Meraki MX appliance, you can easily configure Option 43 using Dashboard. Here are the instructions.

Packet capture or it did not happen

Here is the DHCP Offer packet with the special Option 43 value sent from DHCP server to the APs. They will start the conversion automatically after receiving it.

Option 43 which converts the AP from ME or EWC mode to lightweight

Verify successful AP conversion to Lightweight mode

Console to one of the APs and you will notice this message:

[*08/25/2020 23:24:39.5620] Last reload reason : 2: AP type changed from ME to CAPWAP

Or you can let the AP finish its job. And then verify successful conversion to Lightweight mode whenever you are ready using the “show version” command.

9120#show version
<output omitted>
9120 uptime is 0 days, 0 hours, 5 minutes
Last reload time : Tue Aug 25 23:24:39 UTC 2020
Last reload reason : AP type changed from ME to CAPWAP
<output omitted>

Cisco Aironet and Catalyst AP Option 43 configuration for ISC DHCP server on Linux

There is great document explaining how to configure Option 43 on ISC DHCP server on the Cisco website.

If all you need is a simple DHCP server which will assign Option 43 to all devices on the network, without selectively assigning it only to specific AP models using the class construct, you can simplify your ISC DHCP server configuration to this. It works great on a WLAN Pi.

Configuration

# Linux ISC DHCP server configuration in /etc/dhcp/dhcpd.conf
option space Cisco_LWAPP_AP;
option Cisco_LWAPP_AP.server-address code 241 = array of ip-address;

# eth0 DHCP scope
subnet 192.168.73.0 netmask 255.255.255.0 {
interface eth0;
range 192.168.73.100 192.168.73.200;
option routers 192.168.73.1;
option domain-name-servers 208.67.222.222, 208.67.220.220;
default-lease-time 86400;
max-lease-time 86400;
vendor-option-space Cisco_LWAPP_AP;
option Cisco_LWAPP_AP.server-address 10.10.10.10, 10.20.20.20;
}

Verification

The access point will get its IP configuration from the DHCP server including Option 43 and will try to join these controllers.

Throughput speed test of the fastest tp-link and Devolo Magic 2 Wi-Fi power line adapters (PLC)

I am in the market of buying a new pair of power line adapters. Power line is a great alternative or complement to Ethernet and Wi-Fi. It provides low latency and jitter and is very flexible and easy to install.

The current tp-link TL-PA6010 adapters have served me well, but they are now reaching their maximum throughput. So, I decided to get a new pair of the fastest adapters on the market (Devolo Magic 2 Wi-Fi) and also a pair of the best adapters from tp-link (TL-PA9020P). These will be used to connect my home office and lab networks to my router.

Since there are multiple brands offering a variety of products with a variety of advertised speeds, I am curious to see if the more expensive adapters are worth the premium price, what real throughput they would provide and if and how much a passthrough socket improves the power line speed.

Left to right: Devolo Magic 2 Wi-Fi, tp-link TL-PA9020P, tp-link PL-PA6010 (not sold anymore, this would be an equivalent)

Specification

I tested my current low-end adapters and two new high-speed ones:

Throughput, ping, jitter, power and Wi-Fi tests

Power line speeds vary and depend on the distance between the two adapters, your electrical wiring and interference. Please take the numbers below as relative ones, which would allow you to compare how these adapters perform under the same conditions and in the same setup.

All throughput numbers below were TCP measurements taken by iPerf3 running on a WLAN Pi (a single-board computer with 1 Gbps Ethernet) and the client was my MacBook with 1 Gbps USB-C Ethernet adapter. There were no intermediate network devices between them:

MacBook iPerf3 client <-> PLC1 <-> PLC2 <-> WLAN Pi iPerf3 server

The average download speed (measured 5 times at each of the locations in my house) ranges from 13% to 26% of the advertised speeds and goes nowhere near them. With £16 per 100 Mbps, the cheapest adapter seems to be the best value for money, unless you need higher speed and are willing to pay for it. It also is the most power efficient.

Devolo Magic 2 proved to the be the fastest solution with 331 Mbps average download speeds, while TL-PA9020P provided slightly better upload speeds than Devolo.

Each of the parameters (i.e. Download average) consisted of five iPerf3 tests in each location and I then computed the average values:

Built-in Wi-Fi access point

Devolo Magic 2 Wi-Fi remote adapter comes with a built-in dual-band 802.11ac Wi-Fi AP (not just a repeater as some of the cheaper adapters), but it is unstable and resets the power line connection every single time I connect and generate some traffic. I used the latest firmware available in July 2020. If a built-in Wi-Fi is a must-have for you, do NOT buy this adapter. Wait until it gets fixed or look for alternatives.

This is what happens. The SSID is broadcast, a Wi-Fi client can associate to the AP, but when the iPerf test starts, the client gets disconnected and power line connection is torn down for 10 seconds or so and then re-establishes. I was able to reproduce this bug every single time and it was not just one-off random problem.

On the positive note, it supports 2.4 GHz only, 2.4 + 5 GHz or 5 GHz only modes. It does not let you change channel width on 5 GHz though and always uses 80 MHz, which may sound like a good idea in a small town, but it is a disaster in a shared building with many other access points and neighbours present.

If high-speed power line without Wi-Fi is what you are after, then the Magic 2 non-Wi-Fi model could be a good option for you.

Passthrough socket

Passthrough socket allows you to plug an electrical appliance to the power line adapter without generating the socket your adapter is plugged into unusable. Cheaper adapters usually do not provide this.

The other benefit is that adapters with passthrough socket use filters to suppress noise coming from the connected electrical appliance and this improves speed by 13% – 15%.

Pros and cons

Devolo Magic 2 Wi-Fi
+ Fastest average download speed
+ Comes with a mobile app and each unit has a management web GUI
– Built-in access point resets the whole unit and Wi-Fi is not usable
– It runs quite warm compared to the other two and is the largest

tp-link TL-PA9020P
+ Very good and symmetrical performance
+ Stable
– No built-in Wi-Fi
– Still quite expensive compared to the slower and cheaper units

tp-link TL-PA6010 (or similar)
+ Great value for money
+ Stable
– Relatively low speeds
– No passthrough socket, no Wi-Fi

And the winner is

My personal preferences are very likely different from yours and that is fine. I am looking for symmetrical TCP throughput of at least 200 Mbps, ideally a passthrough socket support and all other features are nice to have.

Devolo Magic 2 Wi-Fi proves to be unstable as the built-in access point crashes the whole adapter and resets the power line connection. Its back side also becomes quite warm regardless the load.

So, I decided for tp-link TL-PA9020P. It is stable, does all I need it to do and both adapters come with 2 Ethernet ports which gives me flexibility to plug my own access point in or connect using wired Ethernet connection.

Configure DHCP Option 43 on Cisco Meraki MX appliance to point AP to its WLC

Here is how to configure Option 43 on an MX appliance for a Cisco Aironet or Catalyst AP to discover its Wireless LAN Controller (WLC).

My Catalyst 9800-CL controller IP address: 173.38.219.33

Meraki MX appliance DHCP server configuration

Open Dashboard and go to Security & SD-WAN > Configure > DHCP > scroll down to the right VLAN > DHCP options > Add a DHCP option: 

Format of the hex string

In my example, the final string would be “f1:04:ad:26:db:21”

“f1:04” tells the AP that only one WLC IP address is used, followed by the actual address
“ad” is hex representation of 173
“26” is hex representation of 38
“db” is hex representation of 219
“21” is hex representation of 33

To convert the 4 decimal octets of the IP address to hexadecimal format, you can use this online tool, macOS Calculator or Windows Calculator.

Verification on the AP

Two controllers

If you provide the AP with IP addresses of 2 standalone controllers (think N+1 HA mode), then simply change “f1:04” to “f1:08” and append the second controller’s IP address in hex representation to the end of the hex string.

Primary controller IP address: 173.38.219.33
Secondary controller IP address: 173.38.219.34
Hex string: f1:08:ad:26:db:21:ad:26:db:22

iPhone USB Tethering on WLAN Pi

We have all been there. It is the night before an important training or meeting and you need to install few more packages on your WLAN Pi or push some code changes to GitHub. Guess what? There is no wired connection available in your room and the hotel Wi-Fi uses a captive portal or is very poor.

iPhone USB tethering on the WLAN Pi lets you use your iPhone or iPad as a cellular modem and share the internet connectivity with the WLAN Pi. It also charges your iPhone, which is nice.

iPhone USB tethering to WLAN Pi

How to enable iPhone USB tethering on WLAN Pi

Simply follow these steps:

  1. Connect to the WLAN Pi using SSH and run this command. Do not skip this step, it is required:
    sudo apt-get update
  2. Then install this package:
    sudo apt-get install usbmuxd
  3. Plug your iPhone into the WLAN Pi using a lightning to USB-A data cable.
  4. On the iPhone, go to Settings > Personal Hotspot > Allow Others to Join.
  5. A new eth1 interface will appear on the WLAN Pi.
  6. Tap on the Trust button on your iPhone/iPad and enter your passcode.
  7. After you click Trust, the eth1 interface will get a dynamically assigned IP address by the DHCP server running on the iPhone.
  8. Your WLAN Pi is now connected to the internet. You can verify using the Reachability tool in the Front Panel Menu System (FPMS). Go to Menu > Utils > Reachability.

Share iPhone internet connection with multiple devices on you LAN

You can even take this one step further. Perhaps you have multiple other devices connected to a switch and you need to provide temporary internet connectivity to all of them. That is where the USB Tethering mode comes to the rescue.

The easiest solution is to tweak the existing Hotspot mode on your WLAN Pi. In most cases we will replace wlan0 with eth0 and eth1.

  1. Before you start, please backup all these files or ideally start with a fresh SD card and fresh WLAN Pi image.
  2. Edit this file:
    sudo nano /etc/wlanpihotspot/default/isc-dhcp-server
  3. Update this line to:
    "INTERFACESv4="usb0 eth0"
  4. Edit this file:
    sudo nano /etc/wlanpihotspot/dhcp/dhcpd.conf
  5. Update this block to:
    # eth0 DHCP Scope
    subnet 192.168.88.0 netmask 255.255.255.0 {
    interface eth0;
  6. Edit this file:
    sudo nano /etc/wlanpihotspot/network/interfaces
  7. Update these lines and comment some out:
    allow-hotplug eth0
    iface eth0 inet static
    #Wired ethernet
    #allow-hotplug eth0
    #iface eth0 inet dhcp
  8. Edit this file:
    sudo nano /etc/wlanpihotspot/ufw/before.rules
  9. Update this line to:
    -A POSTROUTING -s 192.168.88.0/24 -o eth1 -j MASQUERADE
  10. However strange it sounds, plug a supported Wi-Fi adapter into a USB port of your WLAN Pi. Without the adapter plugged in, the WLAN Pi will not switch from the Classic mode to the Hotspot mode.
  11. Now go to Menu > Modes > Hotspot > Confirm
  12. Your WLAN Pi will reboot. Disconnect the Wi-Fi adapter, we do not need it anymore.
  13. The WLAN Pi will do PAT (Port Address Translation) on its eth1 outside interface. On the inside eth0, it will start DHCP server and share the iPhone cellular internet connection with all devices on your LAN.

Here is a traceroute output from one of the devices connected to the switch. First hop to the internet is WLAN Pi’s eth0 interface and second is the iPhone’s inside interface.

A word of caution

While this new mode is a great feature, it can potentially cause some harm. Please read before you tweak.

  • In this mode, WLAN Pi runs DHCP server on the built-in eth0 interface. At no circumstances you want to plug it to an existing corporate network and especially one which is not under your management. Your WLAN Pi might take over clients of the existing DHCP server and route all traffic via the cellular connection. If you have not already, I highly recommend you enable DHCP snooping on your switches. This is a security feature and will block untrusted DHCP servers connected to your network.
  • Double-check that your data plan is suitable for tethering. Your mobile operator will charge you for the cellular data services.
  • You are potentially opening a backdoor to the existing LAN network over the cellular connection.
  • Always switch your WLAN Pi back to the Classic mode before shutting it down. Next time you use it, it will boot up to the Classic mode, which is safe by design.

Your feedback counts

If you find this feature useful, let us know. Perhaps a new “USB Tethering” mode might be a nice addition and will save you time editing the configuration files manually.

Although the WLAN Pi team implements most of the new features into the official image, it also assesses all security aspects. At the end of the day, everyone’s goal is to maintain high standards.

My setup

I have successfully tested this setup with iPhone 8 Plus and WLAN Pi NEO2 Black running 1.9.1-RC2 release. Please add a comment to this post with your setup so that we know what has been tested and works.

WLAN Pi Wi-Fi Console – Multi-port wireless terminal server for your network devices

Programmability is a hot topic these days, but every now and then network engineers require local console access to network infrastructure devices. It is still the primary method for password recovery, staging, troubleshooting, offline image upgrades or learning.

Being able to hug the appliance might give you a warm feeling, but I bet the air conditioning unit blowing cold air usually does not;-) That is where WLAN Pi in Wi-Fi Console mode comes to the rescue.

Wi-Fi Console mode turns the WLAN Pi into a multi-port terminal server and allows you to access all console port connections wirelessly and remotely (or using a wired connection if you prefer).

Nigel Bowden has done all of the heavy lifting. Here is his GitHub repository and documentation. I have recently added support for multiple USB-to-serial adapters and Cisco USB console cables.

All you need is a WLAN Pi with a supported Wi-Fi adapter (if you want to connect wirelessly), USB hub and one or more USB-to-serial adapters or Cisco USB console cables.

WLAN Pi Wi-Fi Console with multiple adaptersConsole cables plugged into appliances

It makes an ideal terminal for your home lab – inexpensive, compact and fanless.

Cisco USB console cables

If you are a Cisco customer you may already have a box of spare Cisco USB console cables. Let’s put those to use. You can now connect up to 8 of these cables to your WLAN Pi using a USB hub and access all terminal lines wirelessly – no drivers needed!

Cisco USB console cable

Tip: Don’t have a Cisco USB console cable on you? No problem, any standard USB-A to 5-pin mini USB cable would work. 

Note: Using non-standard accessories may void the warranty. Please ask your network infrastructure vendor if you are in doubts.

USB-to-serial adapters

I like using the “noodle” console cables with FTDI chip. They are compact, do not need any additional driver, do not tangle in a bag and you can easily adjust their length.

USB to serial adapter 

Tip: Trim the cable to the preferred length and crimp a new RJ-45 connector onto it. The rest of the cable you can crimp another couple of RJ-45 connectors to and use it as an emergency UTP cable. Obviously, it will be more of a “noodle pair” than twisted pair, but you can add one to your adapter bag and it is only a matter of time before it saves the day, trust me;-)

Short ethernet cable

How to use Wi-Fi Console

Make sure your console cables are connected to the WLAN Pi and activate “Wi-Fi Console mode” by going to Menu > Modes > Wi-Fi Console. After the WLAN Pi reboots, all console lines will become accessible wirelessly (or using a wired connection if you prefer).

Connect to the “wifi_console” SSID and telnet to the IP address of the WLAN Pi on the respective TCP port.

Wireless connection to Wi-Fi Console Wi-Fi Console Terminal Lines Royal TSX

USB-to-serial adapters use these ports:

  • First USB-to-serial adapter – port 9601
  • Second USB-to-serial adapter – port 9602
  • Eight USB-to-serial adapter – port 9608

More baud rates are supported. Please check the documentation.

Cisco USB console cables accept connections on these TCP ports:

  • First Cisco USB console cable – port 2001
  • Second USB-to-serial adapter – port 2002
  • Eight USB-to-serial adapter – port 2008

You can mix and match USB-to-serial and Cisco cables on the same WLAN Pi.

Power options for the WLAN Pi

WLAN Pi can be powered using its micro USB connector. There are multiple options available and some work better for certain use cases than others.

A battery pack is the best option if you are using your WLAN Pi as a handheld tool.

For home lab use cases and iperf throughput testing I prefer a gigabit Ethernet PoE splitter with USB type A socket as it is universal and can power the WLAN Pi or even charge your phone. Enterprise switches provide perpetual PoE on the access ports and those will keep your WLAN Pi powered even during and after a switch reload.

Tip: Double-check that the PoE splitter supports gigabit Ethernet before ordering one. This is essential for throughput testing.

Alternatively, use a built-in USB port of your switch or appliance to power the WLAN Pi. Most of these ports are rated at 5 V x 0.5 A = 2.5 Watts. Please do not overload the USB port as this might void the warranty. Personally, I recommend using the WLAN Pi with no Wi-Fi adapter (which draws significant power itself) in this case and connect to the console sessions over a wired connection.

Here is a “Wired Console” WLAN Pi powered by a built-in USB port of a switch and connected to the USB console port of the same switch. The console session is available over the Ethernet interface of the WLAN Pi.

Console access in Classic mode

In fact everything apart from the wireless access is available in the WLAN Pi “Classic mode” and you can use a pre-installed “screen” command to establish console sessions.

Connect to the first USB-to-serial adapter at baud rate of 9600:

screen /dev/ttyUSB0 9600

Replace ttyUSB0 with ttyUSB1 for the second adapter and so on.

Connect to the first Cisco USB console cable:

screen /dev/ttyATM0 9600

Replace ttyATM0 with ttyATM1 for the second cable and so on.

People often joke about quitting the “vi” text editor, but screen is not the most straightforward task either;-) Here are few handy commands for your reference:

Pause screen – Doing this will detach you from the session and you can later resume it by “screen -r”

CTRL+A then CTRL+D

Exit screen – This will take you to the screen command mode. Type “quit” followed by return to exit screen

CTRL+A then type “:”

Exit all screen sessions

CTRL+A followed by \”

My features for the WLAN Pi

With the help of few others, I added some new features to the Front Panel Menu System (FPMS) of the WLAN Pi. I refer to these as “networkinfo”, if you were wondering where the name came from. I am really pleased that most of them actually made it into the official WLAN Pi image and are available to you out of the box. Here is some documentation for you so that you do not have to reverse-engineer the code.

iPhone USB Tethering on WLAN Pi

iPhone USB tethering on the WLAN Pi lets you use your iPhone or iPad as a cellular modem and share the internet connectivity with the WLAN Pi. It also charges your iPhone, which is nice.

You can even take this one step further. Perhaps you have multiple other devices connected to a switch and you need to provide temporary internet connectivity to all of them. That is where the USB Tethering mode comes to the rescue.

Here is my other blog post with step by step instructions on how to enable iPhone tethering on the WLAN Pi.

Public IP Address

“Menu > Network > Public IP Address” shows the public IP address of your WLAN Pi. Country associated to the IP address is displayed along with the AS number and reverse IP address hostname (PTR record) if available.

This feature requires internet connectivity and works with any network interface. I use a publicly available service for this called ifconfig.co.

 WLAN Pi Public IP address menu WLAN Pi Public IP address 1 WLAN Pi Public IP address 2

Reachability

Have you ever wondered if your WLAN Pi had internet connectivity? “Menu > Utils > Reachability” solves exactly this problem. It executes several network tests in parallel and tells you what is reachable and what not.

To name a few of the tests, it pings google.com, tries to browse google.com and looks for “google.com” in the body of the web page (this is to prevent false positives like captive portals), tries to resolve google.com using the primary DNS server (always statically configured to 8.8.8.8 on the WLAN Pi by default), then using secondary and tertiary DNS servers, pings the default gateway and finally arpings the default gateway, which is useful when your default gateway does not respond to a standard ICMP ping request like in the photo below.

WLAN Pi Reachability 1 WLAN Pi Reachability 2

The output refreshes every 3 seconds or so and pings and arping display the actual round-trip times.

It takes a couple of seconds to execute after you open “Menu > Utils > Reachability”. It may almost feel like the button was not pressed, but this is normal. Be patient, please.

Default timeouts are set to 2 seconds. If the Pi does not receive any response, it will display “FAIL” for this particular test. If you support satellite or other links with very high latency, you can manually increase the timeout values:

sudo nano ~/BakeBit/Software/Python/scripts/networkinfo/reachability.sh

Reachability works with any network interface and requires a default gateway to be configured – either statically or assigned by DHCP.

Speedtest

“Menu > Utils > Speedtest” utilises the Linux CLI tool developed by Speedtest.net. It takes the output generated by the tool and formats it to fit the OLED screen of the WLAN Pi. Downlink and uplink throughput and the public IP address are shown.

WLAN Pi Speedtest menu WLAN Pi Speedtest

Internet connection is required and it works with any interface. No backend server as such is needed on your network. Ookla and its partners run a network of servers.

I recommend this tool for WAN throughput testing and verification downlink or uplink rate limiting. Please note it is not designed for AP or Wi-Fi performance testing. Use WLAN Pi iperf server connected to your LAN instead.

CDP neighbour detection

Cisco Discovery Protocol (CDP) advertises details and capabilities of network infrastructure devices like APs, routers, switches and IP phones. This feature starts a packet capture on eth0 interface and waits for first the CDP packet to come in. It then parses the data and displays neighbouring device name, model, remote port number and native VLAN.

WLAN Pi CDP neighbour 1 WLAN Pi CDP neighbour 3

It only works with eth0 interface of the WLAN Pi and it automatically executes every time eth0 interface changes state to up. It then saves the output to a file located in /tmp/cdpneigh.txt. When you open “Menu > Network > CDP Neighbour”, the neighbour information will be displayed instantly as it has already been cached. Without this capability you would have to wait for up to 60 seconds (default CDP hello timer) before getting any output. Which you might not like;-)

LLDP neighbour detection

Link Layer Discovery Protocol (LLDP) advertises details and capabilities of network infrastructure devices like APs, routers, switches and IP phones and is widely used by vendors. Most of the logic is similar to the CDP tool. It does a packet capture on eth0 and waits for the first LLDP packet to come in. It then parses the output and displays neighbouring device name, model, remote port number and native VLAN.

WLAN Pi CDP and LLDP meighbour WLAN Pi LLDP neighbour

Currently, it only supports eth0 interface of the WLAN Pi and the script is automatically executed every time eth0 interface goes up. It then buffers the output to a file file located in /tmp/lldpneigh.txt. When you open “Menu > Network > LLDP Neighbour”, the neighbour information has already been captured and will be displayed instantly. Without this capability you would have to wait for up to 30 seconds (default LLDP hello timer) before getting any output.

Eth0 IP Config

“Menu > Network > Eth0” shows all IP details of the built-in eth0 interface including the name and IP address of the DHCP server (unless static IP address has been assigned to eth0), IP address, subnet mask, IP addresses of DNS servers being used (by default primary DNS server is statically configured to 8.8.8.8 on the WLAN Pi), domain name (if configured on the DHCP scope), speed and duplex.

The output automatically refreshes every few seconds or so.

WLAN Pi Eth0 IP config 1 WLAN Pi Eth0 IP config 2 WLAN Pi Eth0 IP config 3

WPA passphrase

Have you ever forgotten the WPA passphrase configured on the WLAN Pi? You can now head over to the “Menu > Network > WPA passphrase” menu and check the current passphrase there.

WLAN Pi WPA passphrase

Wi-Fi Console

This feature allows you to connect to console ports of multiple devices and access them remotely, over a wired network or wirelessly. All you need is a single WLAN Pi, a supported Wi-Fi adapter, USB hub and a few USB-to-serial adapters.

Credit to Nigel Bowden who has done all of the heavy lifting. Here is his GitHub repository and documentation. I have recently added support for up to 8 USB-to-serial adapters and up to 8 Cisco USB console cables. You can mix and match them.

Wi-Fi Console is an ideal terminal server for your home lab – inexpensive, compact and fanless. In my lab I use a standard 7-port hub connected to my WLAN Pi which provides plenty of ports for all my USB-to-serial and USB console adapters. Here is an example:

  • RJ-45 console connection to my AP
  • USB console to my Wireless LAN Controller
  • USB console to my switch

WLAN Pi Wi-Fi Console with multiple adapters Console cables plugged into appliances

To activate Wi-Fi Console go to “Menu > Modes > Wi-Fi Console”. Connect all adapters and after the WLAN Pi reboots, connect to the “wifi_console” SSID. Finally, telnet to the IP address of your WLAN Pi on respective TCP port to start the console sessions. Port numbers and a few more tips are posted here.

Wireless connection to Wi-Fi Console Wi-Fi Console Terminal Lines Royal TSX

Special thanks

Thanks to the “father” of the WLAN Pi Jerry Olla for keeping things up to date, making sure everyone is in sync and for building the official images. Nigel Bowden played a vital part of this exciting journey and inspired me, thank you sir! Kudos to Adrian Granados for developing some great integrations and tools and thanks to Francois Verges for his Hotspot feature.

There are many other contributors to the WLAN Pi project and they deserve as much kudos as everyone else. Without the right hardware and form factor, there will be no WLAN Pi. Without the Front Panel Menu System, I will not be able to display any output to you.

Thanks to all of you who helped me test and make these features even better.

It has been a pleasure working with you all and meeting you virtually and in person.

Want to get involved?

If you have any ideas on how to improve the WLAN Pi or want to get involved, please do not be shy and reach out to anyone of us, ideally on Twitter. Hashtag #WLANPi and follow @WLANPi.

How to install Cisco vWLC in VMware Fusion on your Mac

Officially, vWLC is not supported on Type-2 hosted hypervisors like Fusion or Workstation. However, if you need to build a non-production lab, portable demo or practice for your next exam, technically you can run vWLC in VMware Fusion.

The trick is to install Fusion on your Mac, create a new VM with the free ESXi Hypervisor (or the full-blown one if you have licenses) and deploy vWLC onto the ESXi:

macOS <-> VMware Fusion <-> ESXi Hypervisor running as a VM <-> vWLC VM

It may sound complex, but is actually quite easy to do and runs like a charm even on a 13″ Intel i5 MacBook Pro.

  1. Download the vWLC OVA image from Cisco.com.
  2. Download VMware vSphere Hypervisor 6.7 ISO. Register on their website to get a free license key.
  3. Download the ovftool 4.3.0 (older versions may not work correctly) for Windows and make sure you have a Windows machine or VM by hand as ovftool only runs on Windows.
  4. Create a new VM in VMware Fusion, mount the Hypervisor ISO and install ESXi. Configure networking for this VM as Bridged Networking to Wi-Fi or Ethernet. Wi-Fi is a great option as it allows you to move freely with your Mac whilst running the vWLC.
    VMware-Fusion-adapter-settings
  5. With the free ESXi Hypervisor, we have to deploy the vWLC OVA using the ovftool. This will help us get past the errors we would have otherwise ran into the ESXi web GUI. To do this we need a Windows machine.
  6. Install the ovftool in the Windows machine, transfer the vWLC OVA archive to it and deploy the OVA onto ESXi:

    C:\Program Files\VMware\VMware OVF Tool>ovftool.exe –skipManifestCheck –acceptAllEulas –noSSLVerify –noSSLVerify=true -ds=”datastore1″ –net:”VM Network”=”VM Network” –net:”VM Network 2″=”VM Network” C:\Users\Jiri\Desktop\AIR_CTVM-K9_8_5_151_0.ova vi://192.168.196.136

    The IP address in this string “vi://192.168.196.136” is our ESXi address. You may have noticed that I am using the same network for both Service Port and Management interfaces. After I deploy the OVA, I usually disable the Service Port adapter in the VM settings and use Management interface for management and for APs to join. It just keeps things simple and we don’t need to worry about multiple adapters and subnets.

  7. You can set the vWLC VM to Autostart and start it manually now.
  8. Open Console to it and press any key to activate the console access.
  9. Follow the installation guide.
  10. If you are running the evaluation license, accept the EULA. If you purchased AP licenses, add then to the controller and accept the EULA.
  11. Since vWLC only supports Flexconnect mode APs, make sure to convert your APs manually or apply this CLI command:

    config ap autoconvert flexconnect

    Autoconvert-APs-to-Flexconnect-mode

  12. Finally connect your AP to a PoE capable switch or power injector and it should be able to discover and join the virtual controller.
    vWLC-ESXi-Fusion

Note: If you installed vWLC VM directly onto Fusion with no ESXi Hypervisor layer, the controller would not be able to communicate on its Management interface.

Catalyst 9800-CL IOS-XE controller

The above scenario covers the AireOS vWLC. Cisco now has a complete range of Catalyst 9800 series controllers with feature parity between them. The new virtual controller is called Catalyst 9800-CL and it brings all the great IOS-XE features, HA SSO, programmability, hot patching and supports all AP modes.

Francois and Rowell published great step by step instructions on how to install C9800-CL onto ESXi and Fusion.