Alongside the wall plate Wi-Fi 7 wall plate access point CW9172H, Cisco also introduced a number of accessories. This desktop stand CW-ACC-DESK1-00 allows the AP to be deployed on a desk and secured by a Kensington lock. That makes it a perfect solution for micro branches, locations where mounting to ceiling is not an option, and using this access point in wireless active testing sensor mode.
The official documentation describes all included parts here. I will just equip you with few extra photos.
PackagingParts includedFully assembled AP with desktop standRear side of access points with desktop stands attached
I’ve been on a mission to fully power my Wi-Fi demo kit using a standard USB-C battery pack. That way I don’t need to worry about power sockets and power cables with the right plugs. I can temporarily install the AP at the exact location where I want it, power up my AP anywhere, and get work done while I am travelling.
With battery pack detached from the power injector, I can replace the battery back in case I need longer battery life. And when the battery pack loses capacity in few years, I can just swap the battery pack out. If I spot an AC 230 V socket nearby, I can just use a USB-C GaN charger instead and use the battery to fast-charge my phone or laptop.
“So what are your requirements?” you might ask. The solution should power a high-end access point using UPOE, 802.3bt, PoE++, PoE+++ (pick your favourite name) and allow it to negotiate up to 10 Gbps multigigabit Ethernet on its uplink. And I will take 4 hours of battery life, please.
Let me share the solution with you first. If you are interested in the (rather long, expensive and painful) journey, scroll all the way down.
It works! Here is how I use it.
Yes, yay, hurrah, sláva! It works great and does exactly what I wanted it to do! I guess you can feel my level of excitement 😊
I’ve been testing several outdoor point-to-point links. While I can power the infrastructure side AP by a PoE capable switch, I can now easily use a USB-C battery to power the remote C9124AXD AP.
Battery-powered C9124AXD outdoor access point
Let’s enable site survey mode on this large public venue CW9179F access point for a couple of colleagues. Shout-out to you, Olu and Pete. I put a quick guide together on how to enable site survey mode. Make sure that your site survey AP is only used temporarily by a trained engineer and clearly labelled as site survey equipment. It can’t be used in production by any clients. From compliance perspective, the 6 GHz LPI AP can’t be battery-powered.
USB-C battery pack delivering UPOE power to Cisco CW9179F AP
When I was measuring difference between dipole and directional patch antennas connected to CW9163E, this allowed me to easily mount the AP wherever I needed it. No strings attached. Yes, I did use a longer cable and a tripod.
CW9163E with dipoles
The CW9176I happily ran for about 3.5 hours. No reliance on 230 V sockets. Keep in mind that LPI restrictions apply, 6 GHz capable LPI AP can’t be powered by a battery.
Mobile Wi-Fi 7 CW9176I AP running in full power mode
Now, how do you join an AP to Dashboard and perform few quick configurations? You plug it in your switch, right? But what if that switch doesn’t support PoE (yes, those still exist)? I only had a small battery pack in my bag, but it still worked like a charm and gave me 1 hour of battery life.
CW9179F powered by 802.3bt using smaller USB-C battery pack
But how? Where did you buy this thing?
I tested many power injectors. Scroll all the way down if you are interested in the journey. This is the best solution that I could find for me.
Let me introduce you to Phihong POE90D-1BTP-R power injector. It takes 20-55 Volts DC on the 3-pin terminal block input and provides 802.3bt 90 W on its PoE output.
Phihong POE90D-1BTP-R 802.3bt 90W 2.5 GbE power injector
The battery packs I use are Anker A1336 (20,000 mAh). Potentially Anker 533 A1256 (5,000 mAh), but it has significantly lower capacity, and you would be pushing it to its limits with regards to power.
Always make sure that the battery pack can comfortably provide more power than the AP requires! They important part is that your battery must support 20 V on the USB-C output. Not all of them do. Check the data sheet.
Negotiation of 20 V with the battery pack is job for a USB Power Delivery (PD) trigger cable. It has a built-in chip inside the USB-C connector which tells the battery pack to supply 20 Volts.
20 cm USB PD trigger cable programmed to request 20 V
Wi-Fi is a discipline of engineering and art. So, here comes the art part! Let’s trim the trigger cable to the right length. We will keep the part with USB-C connector and keep the barrel jack with a bit of cable for another project.
Let’s terminate it onto the 3-pin terminal block of the injector. Take a deep breath. Double-check polarity to avoid any magic smoke escape moments.
USB PD trigger cable connected to injector
Finally, why don’t we make the connection aesthetically pleasing and permanent using about half sachet of black Sugru.
Cable connected to terminal block and protected by Sugru
That’s it.
All I need to power any 802.3bt access point by a USB-C battery pack
Tested access points
I am using about 2 meters of twisted pair CAT6 cable in total.
Outdoor C9124AXD and CW9163E APs worked absolutely fine.
To test backwards compatibility, Catalyst C9105AXI worked great too and used its 1 Gbps uplink.
The only valid reason for powering Wi-Fi 7 LPI APs is for site survey purposes as I mentioned above:
Cisco’s CW9176I access point as well as CW9179F large venue AP both negotiate 10 Gbps Ethernet connection. If you need a significantly longer twisted pair cable, you might want to test it first, since this injector is officially certified for 2.5 Gbps Ethernet.
Powering CW9172H wall plate access point was no problem at all. Ethernet port ran at 2.5 Gbps and the PoE Out port of the access point happily powered my WLAN Pi M4+.
Likewise, CW9172I access point negotiated at 2.5 Gbps and CW9174I ran at 5 Gbps.
If you tested any other models and vendors, share them with us in the comments below.
Incompatibility with Meraki MS220 switch
Depending on your use case, you will likely never run into this and your injector “DATA IN” uplink port will have no cable connected in it.
When I connected the 802.3bt injector uplink to MS220 switch, many of the APs switched to 802.3at “Medium Power” mode. I suspect there is something going on with LLDP negotiation between the switch and the AP. The AP doesn’t figure out that it’s actually powered by an injector and it ends up defaulting to Medium Power 802.at mode.
Most APs fall back to 802.3at mode when connected to MS220
When I connected the injector uplink to a different switch like C9200CX, the access points drew full 802.3bt power from the injector.
Fully powered by injector, injector uplink connected to C9200CX
AC power injector CW-INJ-8 vs Phihong battery-powered injector
There are purpose-built site survey PoE battery packs available from the great people at AccelTex and Ventev.
Use whatever works best for you or your customer.
The journey
This is one of the very few projects when I’ve nearly given up. I purchased and tested all of these injectors hoping that the first, second, third, will hopefully work and I kept fast-failing again and again.
“Success is not final, failure is not fatal: it is the courage to continue that counts.” Attributed to Winston Churchill.
Yet another night in the office
Few hundred pounds later, I thought I was done. Nothing seemed to work the way I wanted it to.
802.3bt and 802.3at PoE power injectors
The industrial Procet injector on the left only provided 802.3at power although it was supposed to support 802.3bt. Their documentation was also extremely poor with conflicting information about input DC power range, they were heavy and not necessarily of the best form factor.
Few weeks later I ordered the Planet industrial injector but it only provided 802.3bt power to high-end CW9176 and CW9179F access points and failed to power CW9172I and CW912H APs completely.
I found this Phihong injector data sheet online but it was out of stock in the UK. I just couldn’t win! It was about time to get out of this rabbit hole and see what was the best way to deal with all of this. I contacted the manufacturer, who kindly helped me find a nice local distributor Heading Power Limited who had one in stock and the rest of the story you’ve just read above. I just had to figure out how to power it and connect everything as nearly as possible. Happy days!!!
To paint the full picture, the 2 injectors on the right were my shot in the dark into the 802.3at (the 30-Watt standard) world. I love the right-most PoE Texas 802.3at injector so much that it found its place in my every day bag. If you are looking for a light and compact injector and don’t mind 802.3at, read more about it here (I will add link as soon as I publish it).
The safety and regulatory part
You are all smart people but let’s get the safety warning out of the way first.
Since we are modifying electrical equipment and dealing with batteries, please note that you are performing everything described in this blog post at your own risk. None of the hardware manufacturers and other parties including myself can’t be held responsible in case of any damage or harm caused.
Use caution when it comes to 6 GHz. Lower Power Indoor (LPI) 6 GHz access points shall not be battery-powered. Refer to EN 303 687 and FCC KDB 987594.
Apple has done a excellent job at seamlessly migrating iPhones 17 from Broadcom to its own N1 wireless networking chip. It packs 2×2 Wi‑Fi 7 (based on 802.11be standard), Bluetooth 6 and Thread. Most users have probably not even noticed, have you?
Executing such a significant change takes some serious efforts, so I asked myself:
What has changed? Do iPhones with N1 chip behave differently from iPhones using Broadcom?
Are all the enterprise features supported?
Do Wi-Fi capabilities of standard iPhone 17 model differ from iPhone 17 Pro Max or iPhone Air?
From over-the-air captures, can I tell if an iPhone uses Broadcom or N1 Wi-Fi chip?
Does power saving work the same way?
Let’s see how many of these questions we can answer.
Consistent Wi-Fi capabilities across all iPhone 17 models
All iPhone 17 models use the same Apple N1 chip. Their Wi-Fi capabilities are fully consistent between iPhone 17, iPhone Air, iPhone 17 Pro, and iPhone 17 Pro Max. But how can I be so sure?
I “profiled” all 4 of the new iPhones on each of the 3 Wi-Fi bands.
iPhone 17, Air, 17 Pro, and 17 Pro Max
WLAN Pi Profiler
Profiler is a Python app that runs on WLAN Pi and its Linux-based operating system. It uses a standard client Wi-Fi adapter, simulates an access point, and it broadcast beacon frames. Profiler pretends to be “the most capable access point” supporting all features and amendments.
Profiler running on WLAN Pi R4
As soon as a Wi-Fi client (think iPhone) attempts to join the Profiler SSID, Profiler captures all client’s Wi-Fi capabilities.
iPhone 17 Pro Max ready to connect to Profiler SSID
Finally, Profiler generates a client capability report – coming up in the next section. Beyond that, it also saves packet capture of the Association Request sent by the client device for future analysis.
Josh is the engineer, developer, and bright mind behind Profiler. Send him some kudos if you want the tool useful.
The 2.4 GHz band
With Profiler running on WLAN Pi on channel 11, I captured these Apple N1 capabilities. To remind us, all the iPhone 17 generation phones use the same N1 chip, and report the same Wi-Fi capabilities.
No surprises there, which is great! The usual amendments like 802.11k neighbour report, 802.11r Fast Transition, 802.11v, or 802.11w Protected Management Frames are supported.
The adapter runs in 2×2 MIMO mode, and reports maximum transmit power up to 25 dBm. Note that it indicates support for 6 GHz.
Apple N1 Wi-Fi capabilities in 2.4 GHz band
To put what we have captured for N1 into perspective, iPhone 15 Pro supports up to 21 dBm (not that you want it to run at maximum power).
iPhone 15 Pro Wi-Fi capabilities in 2.4 GHz band
The 5 GHz band
Before we dive into 5 GHz and 6 GHz, I should say that I am in the UK, my Profiler uses GB country code, and the iPhone is aware of its location too. Supported channels and transmit power levels will vary depending on which part of the world you are in.
This time we start Profiler on channel 36 and attempt to connect the iPhone to the Profiler SSID. Few seconds later we get a 5 GHz band report.
Apple N1 Wi-Fi capabilities in 5 GHz band
Here is a quick comparison to iPhone 15 Pro using the same channel. How many differences have you noticed?
iPhone 15 Pro Wi-Fi capabilities in 5 GHz band
The 6 GHz band
Since Profiler doesn’t support 6 GHz AP mode, for this test I brought my own Wi-Fi 7 access point.
I used Profiler to capture iPhone’s association request to this AP using this command sudo profiler –noAP -f 5975. What 6 GHz channel is that? Can you tell by the centre frequency? I wrote a little tool called wifichannel for conversion between frequency and channel number.
N1 supports 6 GHz channel width up to 160 MHz (not that you want to use 160 MHz and let alone 320 MHz in enterprise).
Apple N1 Wi-Fi capabilities in 6 GHz band
Let’s compare N1 profile to iPhone 15 Pro and its Wi-Fi 6E Broadcom silicon.
iPhone 15 Pro Wi-Fi capabilities in 6 GHz band
Now, why does N1 show 802.11r as “Not reported”? That’s a Layer 8 problem. I didn’t have Fast Transition enabled on my AP, and when I noticed it was too late 😊 You can spot “802.11r Off” in the screenshot below and the 160 MHz max channel width captured by the AP.
I had my 802.11r set to off
PCAP or it didn’t happen!
As we mentioned, Profiler also saves Association Requests coming sent by the client devices. Here are PCAPs of iPhone 17 Pro Max associating to Profiler SSID in 2.4 GHz, 5 GHz, and 6 GHz bands.
How to tell from a packet capture what Wi-Fi silicon does an iPhone use?
iPhones 15 Pro and 16 include Broadcom vendor tag in their Association Request frames. iPhones 17 do not.
Association Request frame – N1 vs Broadcom
2 Spatial Streams in Low Power mode
I switched iPhone 17 Pro to Low Power mode, and I was curious to see if it behaves the same way as previous generations. It doesn’t!
Unlike previous generations of iPhones which downshift from 2 spatial streams to 1 spatial stream, iPhone 17 Pro keeps using 2 streams even in Low Power mode. This might be a new behaviour, unless it changes in a future release.
I like it! Regardless of its battery level, the iPhone consistently uses 2 spatial streams. No more drift of Wi-Fi client capabilities over time.
To enable full radio capability of some of the latest access points, 802.3bt power source is required. If you don’t or can’t have a 802.3bt capable switch, power injector might be the right choice for you.
CW-INJ-8 PoE power injector
For Cisco’s CW9179F, CW9178I, CW9172H, and other APs, the correct injector is CW-INJ-8. It takes AC power and injects 802.3bt Type 3 Class 6 (up to 60 Watts) into your twisted pair copper cable, and it is designed for up to 10 Gigabit Ethernet.
Surprisingly small box
Apart from documentation, there is just the power injector in the box. If you don’t have one in your “box of cables” already, order an IEC C13 power cable separately. It is not included.
802.3bt power injector CW-INJ-8Package contents
When is injector not the best choice?
Here is my rule of thumb. If you can, power your AP using a switch. Why? Power injectors in general introduce extra points of failure. Unlike switches, they can’t be remotely monitored or controlled.
Now, if there is no switch available, use a power injector. Site survey, assuming that AC power or battery pack with inverter is available, is another good use case. Or lab use – for when you don’t have a 802.3bt switch.
Hardware overview
There are no surprises on the top side. Note the LED on the top right.
Here is a quick look at the label.
CW-INJ-8 label
The injector has RJ-45 input, RJ-45 output, and AC power connector which accepts standard IEC C13 cable.
Ethernet portsPower connector
Status LED
Solid green LED indicates that a valid IEEE 802.3bt or 802.3at AP is detected, and the AP consuming PoE power.
Very occasional flashing green indicates that AC power is provided to the injector itself. Don’t expect it to be solid green with no AP connected.
Let’s test it
Microchip makes this pocket-sized PoE tester. Let’s see what we get at the output of this power injector. As we expected, 802.3bt Type 3 Class 6 (up to 60 Watts) it is.
The fact that you are here most likely means that you already have the AP on your desk, and you are readying for a site survey. Let’s skip all product detail this time and go straight into the survey part.
CW9179F access point on a workbench
Choose the right site survey mode
All Cisco Wi-Fi 7 APs, including the CW9179F, support cloud-managed (think Meraki Dashboard) and controller-managed mode (think Catalyst). You can easily switch between them. This gives you access to Catalyst Site Survey mode, or Meraki Site Survey mode.
As of September 2025, the Catalyst Site Survey mode supports all software-configurable beam patterns – Boresight, Wide, Front-and-back. That’s what we are aiming for.
Download 17.18.1 Lightweight access point image from Cisco.com download section
No controller needed
Let’s do this
Power your AP by a switch, power injector or battery pack and connect it to internet. I am using Cisco’s 802.3bt power injector CW-INJ-8 here, and Internet Sharing feature on my Mac to get the AP online.
CW9179F AP powered by CW-INJ-8 injector
Create a new network on Meraki Dashboard, select the right country, and claim the AP in Dashboard using its Cloud ID (previously known as Meraki Serial Number). Make sure the AP connects to Dashboard and shows as online. The AP will set its country code and regulatory domain. Verify.
Verify country setting
Switch the AP from Meraki mode to Catalyst mode using the Migrate to WLC button on Dashboard.
Don’t switch the AP mode using Meraki Local Status Page (LSP)! The AP might not broadcast the survey SSID if you go down that route.
Remove the grey Console port cap and console into the AP using RJ-45 console cable and your favourite terminal app.
We are now in Catalyst Lightweight access point mode. Log in using username cisco, password Cisco, type enable command, and enter default enable password Cisco.
Console session authentication
Download the CW9179F lightweight access point image. Upgrade the AP to 17.18.1 release (or newer) which has all the survey features we need. The link is correct, this AP uses the exact same image as CW9178I.
Start a TFTP server on your laptop, and move the image file to your TFTP root folder.
Now, instruct the AP to download the image from TFTP server and upgrade its code to 17.18.1.
After it reboots, check its software version using show version command. Happy days we are running 17.18.1 now.
Finally, switch the AP to site survey mode using ap-type site-survey command. When asked for reboot, press y and enter.
In Site Survey mode, both the front and the back LEDs follow this pattern.
🟢 ⚫️ 🔴 ⚫️ 🟢 ⚫️ 🔴 ⚫️
Set a static IP address on the Ethernet interface. This is important, without static IP address on the AP, you won’t be able to access its web interface.
Log in and use this command:
capwap ap ip 192.168.2.20 255.255.255.0 192.168.2.1 208.67.222.222 208.67.220.220
The format is:
capwap ap ip <IP-address> <Mask> <Gateway> <Pri-DNS-server> <Sec-DNS-server>
The AP is now broadcasting site survey SSID.
Site survey SSID
Connect to it wirelessly.
Connected to site survey SSID
And access the Site Survey mode web interface running on https://10.0.23.1. Username admin, password admin. Change the password after first login and save it to your notes or print a label.
That’s where we make the beam pattern selection.
Beam selection
Adjust the SSID name, Tx Power, channel number, enable/disable features to your needs.
Wall plate access points provide both wired Ethernet and Wi-Fi connectivity. Cisco has just started shipping the latest CW9172H Wi-Fi 7 wall plate AP. Same as all other Cisco’s Wi-Fi 7 APs, it is designed for global use. The regulatory domain is no longer dictated by the SKU. The CW9172H can be managed either by Cisco Meraki Dashboard, or Catalyst 9800 controller and Catalyst Center.
CW9172H in a hotel room
It can be mounted onto an electrical wall plate. The twisted pair cable runs inside the wall and there are no visible cables.
Wall plate mounting with no visible cables
If no wall plate is available, you can mount the AP using a spacer accessory kit on the actual wall surface with cables clipped to the wall.
CW9172H in a hotel room
Back to unboxing. What is included in the box? Well, if you order multiple access points, select the 6-pack option referred to as “multi packaging”. Who wouldn’t want a six pack? 😊
The 6-pack box dimensions are about 33 x 20 x 25 cm and it contains 6 APs.
Inside are 6 smaller boxes with 1 access point each.
Each AP is wrapped in paper. No plastic bags anymore.
Mounting bracket and accessories are placed underneath the AP.
Accessories are packaged in paper bags. Let’s have a closer look.
Finally, there is the access point.
The passthrough port covered by a plastic cover. There is 1 PoE out port and 2 standard Ethernet downlinks for your devices.
On the side is a standard RJ-45 console port, also covered by a plastic cover mainly for aesthetics reasons. Let’s remove the cover, shall we?
The Ethernet passthrough port cover follows similar style.
Back side of the AP hosts the up to 2.5 Gbps Ethernet uplink and passthrough port.
Optional accessories
There are extra parts you can order depending on how you wish to use and mount the CW9172H.
The spacer kit is designed for mounting on the actual wall surface.
What if you were able to detect access point’s down tilt angle remotely? Perhaps that would have explained unusual client connectivity issues at a remote site, spot an AP which has been installed incorrectly, or bent AP mounting hardware in a warehouse damaged by a scissor lift.
CW9176D1 mounted at an angle
Problem statement
If you have ever deployed an access point with directional antenna (be it external or inbuilt), you know that orientation matters. Directional antennas focus the energy towards their main lobe. Access points or antennas deployed at incorrect angle mean that coverage is going to be very different from the desired one.
Location-based services and asset tracking accuracy very much depend on AP placement and orientation. What if the AP that was supposed to be mounted on a wall with 30 degree down tilt is actually sat flat on top of a network cabinet pointed towards the sky?
What if the down tilt angle of the AP changed literally overnight while maintenance was going on, and some heavy machinery was present inside your venue?
Solution
Selected Cisco’s Wi-Fi 6E and Wi-Fi 7 APs ship with built-in accelerometer. It detects and reports down tilt angle of each supported AP.
Down tilt of 0° represents an AP mounted to the ceiling surface with its LED pointed straight down towards the floor.
0° down tilt angle
AP sat flat on a desk with the LED pointed towards the ceiling reports 180°.
There is nothing you need to do on your part to enable this feature. As long as your AP is equipped with the accelerometer, you will see the down tilt angle on the Wireless > Access Points page.
Ceiling mounted CW9176I
It updates quite frequently. I would say every couple of minutes. So, if I remove the AP from its bracket and pop it on my desk, you can see that my desk desperately asks for about 2° of attention 😄
AP on a desk
As of May 2025, the angle is not available via API yet. The product manager confirmed that this was already work in progress, and he asked me to let you know.
AP managed by Catalyst 9800 controller
In Catalyst mode, accelerometer is supported since 17.15.1. By default the sensor is disabled, and no angle is visible in the web UI. We can enable it on a per access point basis.
Either from the controller web UI:
Or by this CLI command – note the “no” keyword:
ap name CW9176 no sensor environment accelerometer shutdown
To verify that accelerometer sensor is now enabled, we use this show command:
show ap sensor status
We then view the angle from the web UI:
And “Show more” provides raw detail:
As of May 2025, there isn’t a CLI command available to display the angle yet. Stay tuned.
Refresh rate of the angle in my case was 15 minutes. Hand on heart, the refresh rate isn’t important. You mount the AP and by the time you get back to your desk, the angle updates. I was just curious. Just picture me refreshing the AP 360 View page for 15 minutes. Real story 😊
