iPad Pro Wi-Fi 6E Preference of 5 GHz over 6 GHz

You may have read my 6 GHz discovery test of the new Wi-Fi 6E iPad Pro. This time we ask the “Hey Siri, what is iPad Pro’s favourite band?” question.

Since Apple hasn’t published any documentation that would cover this subject, I configured a tri-band SSID on Catalyst 9136 AP. The SSID name is the same for all 2.4 GHz, 5 GHz and 6 GHz bands. Now, what band does iPad prefer?

Setup

  • Wi-Fi 6E iPad Pro 11-inch (4th generation) running iPadOS 16.1
  • Catalyst 9136 Wi-Fi 6E AP
  • C9800-CL cloud controller running 17.9.2

Max transmit power and 80 MHz wide 5 GHz channel

All 3 bands are enabled with manual Power Level 1 (PL1), which forces the AP to use highest permitted Transmit Power.

In this case, the 6 GHz SSID had the strongest absolute signal strength (RSSI) of the 3 bands.

  • 2.4 GHz enabled, PL1
  • 5 GHz channel 36, 80 MHz wide, PL1
  • 6 GHz channel 5, 80 MHz wide, PL1

The iPad prefers the 5 GHz band and joins using this band.

Reduce transmit power on 5 GHz radio

Let’s use the exact same configuration as above and reduce 5 GHz radio’s transmit power to the lowest, Power Level 8 (PL8). Will that make it prefer 6 GHz?

  • 2.4 GHz enabled, PL1 (RSSI on the iPad -31 dBm)
  • 5 GHz channel 36, 80 MHz wide, PL8 (RSSI on the iPad -55 dBm)
  • 6 GHz channel 5, 80 MHz wide, PL1 – strongest absolute RSSI (RSSI on the iPad -30 dBm)

Yes! The iPad Pro prefers 6 GHz every single time. As you can see, the 6 GHz RSSI is 25 dB stronger than the 5 GHz one, which is why (as far as I can tell).

Narrower 5 GHz channel

We are using the the same configuration as in our very first scenario, but 40 MHz we will reduce 5 GHz channel width to 40 MHz.

  • 2.4 GHz enabled, PL1
  • 5 GHz channel 36, 40 MHz wide, PL1
  • 6 GHz channel 5, 80 MHz wide, PL1

Using narrower 5 GHz channel makes the iPad connect using 6 GHz instead.

Disable 5 GHz radio

This time we disable 5 GHz radio and see if 2.4 GHz or 6 GHz wins. I have high hopes for 6 GHz, you?

  • 2.4 GHz enabled, PL1
  • 5 GHz disabled
  • 6 GHz channel 5, 80 MHz wide, PL1 – strongest absolute RSSI

Indeed, the iPad prefers 6 GHz.

Now, let forcefully shut the 6 GHz radio on the AP. iPad moves to its only available option, the 2.4 GHz radio and happily lives there. We now reenable the 6 GHz radio. The iPad doesn’t automatically jump back to 6 GHz, although 6 GHz has stronger RSSI. When we disabled iPad’s Wi-Fi radio, and reenable, it connected on 6 GHz.

Make 2.4 GHz stronger than 6 GHz and disable 5 GHz

Can we make 2.4 GHz appealing enough to the iPad so that it would prefer it over 6 GHz? Let’s disable 5 GHz radio, keep max transmit power on 2.4 GHz, and reduce 6 GHz transmit power to the lowest Power Level 8 (PL8).

  • 2.4 GHz enabled, PL1
  • 5 GHz disabled
  • 6 GHz channel 5, 80 MHz wide, PL8

The 6 GHz RSSI (-45 dBm) is now weaker than the 2.4 GHz RSSI (-33 dBm) by 12 dB. Is it good enough reason for the iPad to prefer 2.4 GHz?

Not really. It connected on 6 GHz 2 times out of 3. Once it connected on 2.4 GHz.

Summary

When 80 MHz wide 5 GHz channel is used, the iPad prefers 5 GHz. If 5 GHz drops below a certain threshold, and is much weaker than 6 GHz, it then prefers 6 GHz.

It prefers 6 GHz over 40 MHz wide 5 GHz channel.

It doesn’t use 2.4 GHz unless it has no other option.

Please take these tests with a pinch of salt. Ideally I would repeat each of them 10 or so times. Time is of the essence and I only repeated each test 3 times.

Peloton bike Wi-Fi connection to a Cisco access point stopped working after a software update

Has your bike suddenly lost its Wi-Fi connection after a Peloton software update? Is it saying “Device not connected to internet”?

Here is why and how to fix it before it hopefully gets fixed in one of the upcoming Peloton software updates.

Peloton bikes use Android operating system, and they have recently upgraded to Android 10. Unfortunately, this version has compatibility issues with Cisco Wi-Fi access points and Adaptive Fast Transition feature, which is enabled by default.

To resolve the issue, simply set Fast Transition to Enabled.

Connect to your Wireless LAN Controller, go to Configuration > Tags & Profiles > WLANs > select the network > click Edit > Security > Layer2 > Fast Transition > Enabled > Update & Apply To Device. Now, test that your bike can connect, and test few other devices to make sure everything is working as expected. Then click the floppy disk icon to save this new configuration.

Apple iOS 14 Private Address feature, per SSID Wi-Fi MAC randomisation and how it actually works

Apple published a brief summary of the newly introduced “Private Address” Wi-Fi feature. Since it does not go into the detail, I tested the public iOS 14.0 release on an iPhone SE and iPad Mini in my lab. Here is how it actually works.

New Wi-Fi networks

For SSIDs you have not connected to before, iOS 14 devices generate a random MAC “Private Address” and they use this MAC address permanently for this SSID. This address does NOT change over time. This works as expected.

Previously used Wi-Fi networks

Known Wi-Fi networks you have already connected to at least once before the upgrading to iOS 14 get a different treatment though. And this is where things are not as straightforward as the documentation suggests.

After upgrading to iOS 14, I connect to a known network which I have already used before the upgrade. The MAC address that is used is actually the real hardware MAC address of the Wi-Fi adapter for 24 hours. Note that the “Private Address” feature is enabled. This could potentially be considered a UI bug.

24 hours after first connecting from an iOS 14 device to this known SSID, the “Private Address” feature kicks in and the MAC address for this SSID automatically switches from the real MAC address to a randomly generated MAC address. Personally, I assume that this 24-hour period has been developed to allow enterprises to disable Private Address feature on their managed iOS devices using MDM, but I may be wrong.

From this point onwards the same randomly generated Private Address is permanently used for this SSID and does NOT change over time.

Schedule WLAN availability on Catalyst 9800 Series Wireless LAN Controllers

Catalyst 9800 controllers come with built-in support for WLAN availability scheduling. When a WLAN becomes disabled, APs do not broadcast the SSID and channel utilisation decreases. Also, it can be implemented as a security enhancement to prevent client devices from connecting during specified hours.

At the time of writing IOS-XE 17.3.1 does not yet offer a GUI for this capability, but there is a couple of options how to schedule WLAN availability.

Before we start, please double-check time settings on the controller, enable NTP client and set a correct timezone.

Option 1: Built-in Calendar Profile

The configuration is self-explanatory, so let’s start with that. My example enables all WLANs mapped to the “default-policy-profile” from 9 am to 5 pm every week day. Outside of these times, the SSIDs will not be available for clients to join.

configure terminal
!
wireless profile policy default-policy-profile
shutdown
!
no wireless profile calendar-profile name WEEKDAYS-9-TO-5
!
wireless profile calendar-profile name WEEKDAYS-9-TO-5
day monday
day tuesday
day wednesday
day thursday
day friday
recurrence weekly
start 09:00:00 end 17:00:00
!
wireless profile policy default-policy-profile
calendar-profile name WEEKDAYS-9-TO-5
action wlan_enable
no shutdown
!

Verification

You can verify using a Wi-Fi client. If you do “show wlan summary”, the WLANs will still appear as “Enabled” and this is expected. To verify current status of WLANs controlled by the Calendar Profile, please use “show logging | include SCHEDULED_WLAN”.

Reference

Official documentation explaining Calendar Profiles.

Option 2: EEM Script

If you like flexibility, an EEM script running on the controller triggered by CRON might work even better for you. Special thanks to Federico Ziliotto for this.

event manager applet EEM_SCHEDULE_WLAN_UP
event timer cron cron-entry "0 9 * * 1-5" name 9_AM_MON_TO_FRI
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "wlan MY_SSID"
action 4.0 cli command "no shut"
action 5.0 cli command "end"
action 6.0 syslog msg "Scheduled WLAN_SSID has been enabled"

event manager applet EEM_SCHEDULE_WLAN_DOWN
event timer cron cron-entry "0 17 * * 1-5" name 5_PM_MON_TO_FRI
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "wlan MY_SSID"
action 4.0 cli command "shut"
action 5.0 cli command "end"
action 6.0 syslog msg "Scheduled WLAN_SSID has been disabled"

Reference

Here and here are some useful and practical EEM examples for your reference.

How to convert hundreds of Cisco Aironet or Catalyst APs from Mobility Express or Embedded Wireless Controller to Lightweight mode using Option 43

You may have used DHCP Option 43 to point an AP to its controller before. But only very few people know that Cisco APs can automatically convert themselves from the built-in controller mode (think Mobility Express or Embedded Wireless Controller) to Lightweight mode after they receive a special Option 43 from a DHCP server.

If you have a pallet of access points (or routers with built-in Wi-Fi in Mobility Express mode) next to your desk and need to convert all of them to Lightweight mode, simply configure DHCP Option 43 in the following format on your DHCP server and plug them into a PoE capable switch. After the APs boot up and receive the option from DHCP server, they automatically switch to the Lightweight mode and attempt to join the configured controller (192.168.130.2 in our case).

Option 43 format used for AP conversion

f2:05:c0:a8:82:02

“f2” tells the AP that we want it to switch to Lightweight mode

“05” means that only one controller IP address will follow

“c0:a8:82:02” is the controller IP address (192.168.130.2 in this case) in hexadecimal format, search for “IP to Hex Converter” if you do no want to do the math

Cisco IOS/IOS-XE DHCP server configuration

You can run DHCP server on a Catalyst switch. The DHCP scope configuration is straightforward.

ip dhcp pool <pool name>
network <ip network> <netmask>
default-router <default-router IP address>
dns-server <dns server IP address>
option 43 hex f205c0a88202

WLAN Pi, Raspberry Pi and any other Linux ISC DHCP server configuration

Special thanks to Nicolas Darchis, who helped me find the “vendor-encapsulated-options” option. It lets you enter Option 43 in the hex format and all it takes is a single line of DHCP server configuration.

# eth0 DHCP scope on ISC DHCP server
subnet 192.168.130.0 netmask 255.255.255.0 {
interface eth0;
range 192.168.130.100 192.168.130.200;
option routers 192.168.130.1;
option domain-name-servers 208.67.222.220, 208.67.222.220;
default-lease-time 86400;
max-lease-time 86400;
option vendor-encapsulated-options f2:05:c0:a8:82:02;
}

DHCP server on Cisco Meraki MX appliance

If your DHCP server runs on a Cisco Meraki MX appliance, you can easily configure Option 43 using Dashboard. Here are the instructions.

Packet capture or it did not happen

Here is the DHCP Offer packet with the special Option 43 value sent from DHCP server to the APs. They will start the conversion automatically after receiving it.

Option 43 which converts the AP from ME or EWC mode to lightweight

Verify successful AP conversion to Lightweight mode

Console to one of the APs and you will notice this message:

[*08/25/2020 23:24:39.5620] Last reload reason : 2: AP type changed from ME to CAPWAP

Or you can let the AP finish its job. And then verify successful conversion to Lightweight mode whenever you are ready using the “show version” command.

9120#show version
<output omitted>
9120 uptime is 0 days, 0 hours, 5 minutes
Last reload time : Tue Aug 25 23:24:39 UTC 2020
Last reload reason : AP type changed from ME to CAPWAP
<output omitted>

Cisco Aironet and Catalyst AP Option 43 configuration for ISC DHCP server on Linux

There is great document explaining how to configure Option 43 on ISC DHCP server on the Cisco website.

If all you need is a simple DHCP server which will assign Option 43 to all devices on the network, without selectively assigning it only to specific AP models using the class construct, you can simplify your ISC DHCP server configuration to this. It works great on a WLAN Pi.

Configuration

# Linux ISC DHCP server configuration in /etc/dhcp/dhcpd.conf
option space Cisco_LWAPP_AP;
option Cisco_LWAPP_AP.server-address code 241 = array of ip-address;

# eth0 DHCP scope
subnet 192.168.73.0 netmask 255.255.255.0 {
interface eth0;
range 192.168.73.100 192.168.73.200;
option routers 192.168.73.1;
option domain-name-servers 208.67.222.222, 208.67.220.220;
default-lease-time 86400;
max-lease-time 86400;
vendor-option-space Cisco_LWAPP_AP;
option Cisco_LWAPP_AP.server-address 10.10.10.10, 10.20.20.20;
}

Verification

The access point will get its IP configuration from the DHCP server including Option 43 and will try to join these controllers.

iPhone USB Tethering on WLAN Pi

We have all been there. It is the night before an important training or meeting and you need to install few more packages on your WLAN Pi or push some code changes to GitHub. Guess what? There is no wired connection available in your room and the hotel Wi-Fi uses a captive portal or is very poor.

iPhone USB tethering on the WLAN Pi lets you use your iPhone or iPad as a cellular modem and share the internet connectivity with the WLAN Pi. It also charges your iPhone, which is nice.

iPhone USB tethering to WLAN Pi

How to enable iPhone USB tethering on WLAN Pi

Simply follow these steps:

  1. Connect to the WLAN Pi using SSH and run this command. Do not skip this step, it is required:
    sudo apt-get update
  2. Then install this package:
    sudo apt-get install usbmuxd
  3. Plug your iPhone into the WLAN Pi using a lightning to USB-A data cable.
  4. On the iPhone, go to Settings > Personal Hotspot > Allow Others to Join.
  5. A new eth1 interface will appear on the WLAN Pi.
  6. Tap on the Trust button on your iPhone/iPad and enter your passcode.
  7. After you click Trust, the eth1 interface will get a dynamically assigned IP address by the DHCP server running on the iPhone.
  8. Your WLAN Pi is now connected to the internet. You can verify using the Reachability tool in the Front Panel Menu System (FPMS). Go to Menu > Utils > Reachability.

Share iPhone internet connection with multiple devices on you LAN

You can even take this one step further. Perhaps you have multiple other devices connected to a switch and you need to provide temporary internet connectivity to all of them. That is where the USB Tethering mode comes to the rescue.

The easiest solution is to tweak the existing Hotspot mode on your WLAN Pi. In most cases we will replace wlan0 with eth0 and eth1.

  1. Before you start, please backup all these files or ideally start with a fresh SD card and fresh WLAN Pi image.
  2. Edit this file:
    sudo nano /etc/wlanpihotspot/default/isc-dhcp-server
  3. Update this line to:
    "INTERFACESv4="usb0 eth0"
  4. Edit this file:
    sudo nano /etc/wlanpihotspot/dhcp/dhcpd.conf
  5. Update this block to:
    # eth0 DHCP Scope
    subnet 192.168.88.0 netmask 255.255.255.0 {
    interface eth0;
  6. Edit this file:
    sudo nano /etc/wlanpihotspot/network/interfaces
  7. Update these lines and comment some out:
    allow-hotplug eth0
    iface eth0 inet static
    #Wired ethernet
    #allow-hotplug eth0
    #iface eth0 inet dhcp
  8. Edit this file:
    sudo nano /etc/wlanpihotspot/ufw/before.rules
  9. Update this line to:
    -A POSTROUTING -s 192.168.88.0/24 -o eth1 -j MASQUERADE
  10. However strange it sounds, plug a supported Wi-Fi adapter into a USB port of your WLAN Pi. Without the adapter plugged in, the WLAN Pi will not switch from the Classic mode to the Hotspot mode.
  11. Now go to Menu > Modes > Hotspot > Confirm
  12. Your WLAN Pi will reboot. Disconnect the Wi-Fi adapter, we do not need it anymore.
  13. The WLAN Pi will do PAT (Port Address Translation) on its eth1 outside interface. On the inside eth0, it will start DHCP server and share the iPhone cellular internet connection with all devices on your LAN.

Here is a traceroute output from one of the devices connected to the switch. First hop to the internet is WLAN Pi’s eth0 interface and second is the iPhone’s inside interface.

A word of caution

While this new mode is a great feature, it can potentially cause some harm. Please read before you tweak.

  • In this mode, WLAN Pi runs DHCP server on the built-in eth0 interface. At no circumstances you want to plug it to an existing corporate network and especially one which is not under your management. Your WLAN Pi might take over clients of the existing DHCP server and route all traffic via the cellular connection. If you have not already, I highly recommend you enable DHCP snooping on your switches. This is a security feature and will block untrusted DHCP servers connected to your network.
  • Double-check that your data plan is suitable for tethering. Your mobile operator will charge you for the cellular data services.
  • You are potentially opening a backdoor to the existing LAN network over the cellular connection.
  • Always switch your WLAN Pi back to the Classic mode before shutting it down. Next time you use it, it will boot up to the Classic mode, which is safe by design.

Your feedback counts

If you find this feature useful, let us know. Perhaps a new “USB Tethering” mode might be a nice addition and will save you time editing the configuration files manually.

Although the WLAN Pi team implements most of the new features into the official image, it also assesses all security aspects. At the end of the day, everyone’s goal is to maintain high standards.

My setup

I have successfully tested this setup with iPhone 8 Plus and WLAN Pi NEO2 Black running 1.9.1-RC2 release. Please add a comment to this post with your setup so that we know what has been tested and works.

WLAN Pi Wi-Fi Console – Multi-port wireless terminal server for your network devices

Programmability is a hot topic these days, but every now and then network engineers require local console access to network infrastructure devices. It is still the primary method for password recovery, staging, troubleshooting, offline image upgrades or learning.

Being able to hug the appliance might give you a warm feeling, but I bet the air conditioning unit blowing cold air usually does not;-) That is where WLAN Pi in Wi-Fi Console mode comes to the rescue.

Wi-Fi Console mode turns the WLAN Pi into a multi-port terminal server and allows you to access all console port connections wirelessly and remotely (or using a wired connection if you prefer).

Nigel Bowden has done all of the heavy lifting. Here is his GitHub repository and documentation. I have recently added support for multiple USB-to-serial adapters and Cisco USB console cables.

All you need is a WLAN Pi with a supported Wi-Fi adapter (if you want to connect wirelessly), USB hub and one or more USB-to-serial adapters or Cisco USB console cables.

WLAN Pi Wi-Fi Console with multiple adaptersConsole cables plugged into appliances

It makes an ideal terminal for your home lab – inexpensive, compact and fanless.

Cisco USB console cables

If you are a Cisco customer you may already have a box of spare Cisco USB console cables. Let’s put those to use. You can now connect up to 8 of these cables to your WLAN Pi using a USB hub and access all terminal lines wirelessly – no drivers needed!

Cisco USB console cable

Tip: Don’t have a Cisco USB console cable on you? No problem, any standard USB-A to 5-pin mini USB cable would work. 

Note: Using non-standard accessories may void the warranty. Please ask your network infrastructure vendor if you are in doubts.

USB-to-serial adapters

I like using the “noodle” console cables with FTDI chip. They are compact, do not need any additional driver, do not tangle in a bag and you can easily adjust their length.

USB to serial adapter 

Tip: Trim the cable to the preferred length and crimp a new RJ-45 connector onto it. The rest of the cable you can crimp another couple of RJ-45 connectors to and use it as an emergency UTP cable. Obviously, it will be more of a “noodle pair” than twisted pair, but you can add one to your adapter bag and it is only a matter of time before it saves the day, trust me;-)

Short ethernet cable

How to use Wi-Fi Console

Make sure your console cables are connected to the WLAN Pi and activate “Wi-Fi Console mode” by going to Menu > Modes > Wi-Fi Console. After the WLAN Pi reboots, all console lines will become accessible wirelessly (or using a wired connection if you prefer).

Connect to the “wifi_console” SSID and telnet to the IP address of the WLAN Pi on the respective TCP port.

Wireless connection to Wi-Fi Console Wi-Fi Console Terminal Lines Royal TSX

USB-to-serial adapters use these ports:

  • First USB-to-serial adapter – port 9601
  • Second USB-to-serial adapter – port 9602
  • Eight USB-to-serial adapter – port 9608

More baud rates are supported. Please check the documentation.

Cisco USB console cables accept connections on these TCP ports:

  • First Cisco USB console cable – port 2001
  • Second USB-to-serial adapter – port 2002
  • Eight USB-to-serial adapter – port 2008

You can mix and match USB-to-serial and Cisco cables on the same WLAN Pi.

Power options for the WLAN Pi

WLAN Pi can be powered using its micro USB connector. There are multiple options available and some work better for certain use cases than others.

A battery pack is the best option if you are using your WLAN Pi as a handheld tool.

For home lab use cases and iperf throughput testing I prefer a gigabit Ethernet PoE splitter with USB type A socket as it is universal and can power the WLAN Pi or even charge your phone. Enterprise switches provide perpetual PoE on the access ports and those will keep your WLAN Pi powered even during and after a switch reload.

Tip: Double-check that the PoE splitter supports gigabit Ethernet before ordering one. This is essential for throughput testing.

Alternatively, use a built-in USB port of your switch or appliance to power the WLAN Pi. Most of these ports are rated at 5 V x 0.5 A = 2.5 Watts. Please do not overload the USB port as this might void the warranty. Personally, I recommend using the WLAN Pi with no Wi-Fi adapter (which draws significant power itself) in this case and connect to the console sessions over a wired connection.

Here is a “Wired Console” WLAN Pi powered by a built-in USB port of a switch and connected to the USB console port of the same switch. The console session is available over the Ethernet interface of the WLAN Pi.

Console access in Classic mode

In fact everything apart from the wireless access is available in the WLAN Pi “Classic mode” and you can use a pre-installed “screen” command to establish console sessions.

Connect to the first USB-to-serial adapter at baud rate of 9600:

screen /dev/ttyUSB0 9600

Replace ttyUSB0 with ttyUSB1 for the second adapter and so on.

Connect to the first Cisco USB console cable:

screen /dev/ttyATM0 9600

Replace ttyATM0 with ttyATM1 for the second cable and so on.

People often joke about quitting the “vi” text editor, but screen is not the most straightforward task either;-) Here are few handy commands for your reference:

Pause screen – Doing this will detach you from the session and you can later resume it by “screen -r”

CTRL+A then CTRL+D

Exit screen – This will take you to the screen command mode. Type “quit” followed by return to exit screen

CTRL+A then type “:”

Exit all screen sessions

CTRL+A followed by \”