Wi-Fi 7 comes to WLAN Pi M4

With the WLAN Pi team, we have designed and launched a M.2 adapter from A-key to E-key, which allows you to install a certified Wi-Fi 7 adapter Intel BE200 to your current WLAN Pi M4.

WLAN Pi M4

Is WLAN Pi selling ‘keys’ now? 😉

What is a ‘key’? It is formed of the notch on the Wi-Fi adapter PCB, and plastic blob separating pins inside the M.2 slot. The idea is to prevent users from plugging incompatible cards to the slot, and avoid any ‘magic smoke events’. Here is more about M.2 and the individual key types if you are interested.

WLAN Pi upgrade kit

Since Intel adapters use E-key and WLAN Pi M4 uses A-key, we needed to build an adapter. Badger Wi-Fi has the upgrade kit in stock. It comprises of the Oscium M.2 A-key to E-key adapter, Intel BE200 Wi-Fi 7 adapter, and 2 little bolts to secure the adapter and the Wi-Fi module.

Here is how the ‘butterfly’ setup looks like. Intel BE200 sits onboard of the A-key to E-key adapter, installed in the M.2 slot.

We are ready to connect existing tri-band antennas, and assemble the unit.

Software support

Make sure to either upgrade Linux packages to their latest versions using sudo apt update && sudo apt upgrade command, or download and flash the latest WLAN Pi software image on your SD card. Release 3.2.0 supports Wi-Fi 7 Intel BE200 adapter out of the box with no effort whatsoever on your part.

Wi-Fi 7 in action

For this demonstration I use a consumer Wi-Fi 7 router TP-Link Deco BE85 BE19000. Simply because it is available, Wi-Fi 7 certified, and it supports 320 MHz channel width – not that one would deploy that in an enterprise environment, but mainly to test the maximum Wi-Fi throughput of the Pi.

A bug in macOS doesn’t allow Macs to correctly recognise Wi-Fi 7 networks. Instead of Wi-Fi 7 320 MHz wide network, my MacBook reports Wi-Fi 6 and 160 MHz wide channel. So, we will use another WLAN Pi and its Wi-Fi radio as a Remote Sensor in WiFi Explorer Pro – you need the Pro version to do this.

Nice, Wi-Fi 7 AP!

Wi-Fi 7 network

Connecting the WLAN Pi as a Wi-Fi 7 client only takes few lines of wpa_supplicant config.

sudo nano /etc/wpa_supplicant/wpa_supplicant.conf
Wi-Fi 7 network settings

And we have successfully connected the WLAN Pi as a Wi-Fi 7 client to the AP using this command.

sudo wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -i wlan0
WLAN Pi connected as a Wi-Fi 7 client

Run this command to make sure the WLAN Pi requests an IP address from DHCP server running on the router:

sudo dhclient -i wlan0 -v

What channel are we using? 320 MHz channel width? Indeed.

Adapter and channel details

Before you ask, distance between the Pi and the router is sub 1 meter. What is the Wi-Fi data rate? We are using Wi-Fi 7 (EHT), 2 spatial streams, MCS 12 and 4096-QAM and short guard interval of 0.8 µs.

Data rates

We can refer to Francois Verges’ MCS index tool to check how we are doing. Yes, I have tried, but I have only been able to achieve MCS 13 extremely rarely.

MCS table

How far from the AP can we maintain 4096-QAM?

I hardly ever achieved MCS 13. To maintain MCS 12, I had to stay within about 1.5 meter distance from the router. I got best results with antennas position in this ‘V’ pattern.

V-shaped antenna placement

With a different client device designed for Wi-Fi 7 from the ground up (with professional quality antennas and placement), I would hope for slightly longer MCS 12 and MCS 13 range.

It’s throughput test time

It’s time to run an iperf3 test and see how much traffic we can actually push over the air and also how much the WLAN Pi M4 can handle. Here is our test setup. I recommend the OWC 10 GbE Thunderbolt adapter (it uses Thunderbolt protocol, not USB) connected via USB-C to your Mac.

With the help of Oscium WiPry Clarity 6 GHz spectrum analyser connected to another WLAN Pi, we can monitor the life spectrum and see how much red the iperf3 test introduces. We are able to achieve download TCP speed of 2.27 Gbps and upload speed of 1.74 Gbps.

I used iperf3 -c 192.168.68.51 -P32 -R to test download speed, and iperf3 -c 192.168.68.51 -P32 for upload. Number of parallel streams set to 32 provided the best performance.

Summary

Wi-Fi 7 works well on the WLAN Pi M4. In fact, it works better than Wi-Fi 7 on Windows 11. We have covered Intel BE200 on Windows 11 in this blog posts.

I was expecting 2.5 Gbps-ish throughput, which we have got quite close to. During the test, CPU of the WLAN Pi was running around 80 % utilisation, and interrupts were reaching 100 %. So, hardware of the WLAN Pi itself posed a bottleneck.

mpstat 1 300 -P ALL
High CPU utilisation due to interrupts

Orientation of the antennas mattered more than I expected to. Best position was a ‘V’ shape with antennas positioned away from the board. With AUX antenna placed 90 degrees relative to the Main antenna, data rates and throughput dropped. Perhaps there is RF noise from the board itself coming into play.

Will faster micro SD card make my WLAN Pi M4 boot faster?

No, it will not, unless you make some bad choices. But, faster card will make your life easier and significantly speed up the image flashing process.

Tests performed

  • Flash and verify WLAN Pi 3.1.4 software image to the micro SD card using built-in card reader of MacBook Pro M2 and Balena Etcher app
Software image flashing process
  • Boot WLAN Pi M4 from the micro SD card. Measure how long it takes to boot from plugging the Ethernet cable in (and PoE power provided) to WLAN Pi home screen shown on the display
WLAN Pi M4 powered via PoE

Results

Sandisk High Endurance 32 GB U3 card is the default provided with WLAN Pi M4 by default. The U3 standard reall y makes a huge difference when it comes to writing to the card and that’s why it is our go to option.

Micro SD cards tested

From practical perspective, different size or even slightly slower card won’t really make your Pi boot any faster. If you make some bad choices and reuse an older class 6 card, you will spend extra 11 seconds of your life waiting for the WLAN Pi to boot every single time.

Flash WLAN Pi imageEffective speedBoot WLAN Pi M4
Sandisk HE 32 GB U31 min 59 seconds64 MB/s28 seconds
Sandisk HE 256 GB U31 min 53 seconds68 MB/s28 seconds
Sandisk Ultra 32 GB U13 mins 54 seconds24 MB/s28 seconds
Samsung 8 GB Class 611 mins 29 seconds8 MB/s39 seconds
Compute Module 4 with built-in eMMC storageDidn’t testDidn’t test27 seconds

Recommendation

Invest in a U3 or better card and benefit from fast write speeds. There is very little premium to pay. In future, you can reuse a fast card in other device like a dash cam, Raspberry Pi 5 workstation, or video camera.

Kingston has a great blog post about SD card standards.

Lanyard accessory for WLAN Pi R4

Some of you have asked about the lanyard I use with my WLAN Pi R4. So here is how to make yours.

What does it do?

It allows you to ‘wear’ the R4 while keeping your hands free. You can perform 2.4 GHz, 5 GHz or 6 GHz scanning, spectrum analysis, or packet capture from your Mac.

WLAN Pi R4 with 6 GHz Wi-Fi adapter and 6 GHz spectrum analyser as a remote sensor to WiFi Explorer Pro
Wearable WLAN Pi R4

What parts do I need?

My goal is to use a standard conference lanyard. Use your favourite one or order a custom one with your name or company name. In the UK, I use greencotton on eBay and they have been great.

WLAN Pi R4 lanyard, D rings and bolts

After many iterations, I discovered that these D ring picture holders work best. They are made of metal, of perfect size and readily available. So there is no reason to overengineer this or reinvent the wheel.

Finally, we need two M2.5 x 5 mm bolts to attach the D rings to the bottom of the Waveshare heatsink.

D rings attached to WLAN Pi R4
Lanyard attached to WLAN Pi R4

2.5 Gbps Ethernet on WLAN Pi M4

WLAN Pi is primarily a Wi-Fi tool, but occasionally I need an iperf server that would be able to deliver more than 1 Gbps of TCP throughput. In a controlled lab environment, I normally use PoE powered NanoPi R5S. I know the IP address of the iperf server by heart. Outside of the lab, I could really do with a WLAN Pi, its preinstalled software, display, buttons and everything it does out of the box. So the question is: “Can we add 2.5 GbE to WLAN Pi M4?”

M.2 slot to the rescue

WLAN Pi M4 doesn’t have any USB 3 ports. How do we add 2.5 Gbps Ethernet to it? If you don’t mind losing the Wi-Fi adapter in favour of 2.5 GbE mGig port, we can install this 2.5 Gbps Ethernet adapter in M4’s PCIe M.2 slot. It is based on Realtek RTL8125B chipset. I paid £17 for it including shipping to the UK.

M.2 A+E KEY 2.5G Ethernet RTL8125B PCI Express Network Adapter

It just works*

To my surprise, it just works*. Yes, I hear you, no one likes these asterisks, do you? 😉 Continue reading, it’s not the end of the story.

WLAN Pi M4 with 2.5 Gbps Ethernet
2.5 Gbps full duplex

The underwhelming default driver

Linux (and WLAN Pi image) has a driver for this adapter, but upload speeds, that is from iperf client to WLAN Pi iperf server, are very poor. We are talking 300 Mbps poor.

Poor 300 Mbps upload speed

Install Realtek’s latest driver to fix performance

Downloading, compiling and installing the latest Linux driver from Realtek’s website fixes the performance issue. We get symmetric 2.35 Gbps of TCP throughput with standard packet size.

2.35 Gbps of iperf3 TCP throughput

Installation of this driver isn’t as straightforward as it might look. I ended using vanilla Raspberry Pi OS image instead of the WLAN Pi one. Mainly because it is not easy to get the kernel headers for WLAN Pi image and we need them to be able to compile the new driver.

Summary

Yes, it is possible to achieve 2.35 Gbps symmetric TCP throughput on the WLAN Pi M4 with this adapter. But you should be aware of these facts:

  • This Ethernet adapter doesn’t fit inside WLAN Pi M4 case
  • You will have to give up the M.2 Wi-Fi adapter in favour of mGig Ethernet
  • From software perspective, the Realtek driver that ships in WLAN Pi image doesn’t unlock full performance of this adapter (iperf client pushing traffic to WLAN Pi iperf server). Installing the latest driver isn’t trivial on WLAN Pi.
  • We, WLAN Pi team, currently don’t support this setup. If you have a use case for 2.5 GbE support on the M4, please let us know.

How to mount WLAN Pi to a tripod

You might remember me saying something about designing a 3D printed WLAN Pi tripod mount. Yes, that was the plan… until I found a much better solution, which I had already owned.

Why tripod mounted? Well, occasionally I work on an outdoor Wi-Fi project. WLAN Pi can be a really useful for throughput testing, or it can share your phone’s cellular internet connectivity with your access point. This is really useful in cloud-managed surveys, labs, and projects.

Tern RidePocket Handlebar Bag

I present to you this small, well designed, and weatherproof Tern RidePocket bag. It is a fantastic bicycle bag, and as good bag for your WLAN Pi. You can purchase one in many countries around the globe and made by a big bike company, which is here to stay.

WLAN Pi in the Tern RidePocket bag on a tripod
WLAN Pi powered by PoE using PoE splitter
Cable management works really well

If you wanted to, you can battery power your Pi. Just add a battery pack of your choice.

WLAN Pi powered by a USB battery pack

Outdoor surveys involve all kinds of weather, and that’s where this rain cover becomes really useful.

Rain cover

What makes it work better than other or cheaper bags? It mounts securely, and does not slide down the tripod thanks to its strap coated with a layer of anti-slip rubber material.

Anti-slip material on the strap and a hook towards the top
Attached to a tripod
Closer look at the cable hole

If you prefer a Raspberry Pi 4, or WLAN Pi Community Edition based on Raspberry Pi 4, it fits in this bag too including a PoE splitter with little effort.

It fits Raspberry Pi 4 and PoE splitter

Lenlun Bike bag set

Do you need to interact with your WLAN Pi while it is mounted? No problem. I’ve tested a handful of other bags and Lenlun Bike bag set is the best fit. It allows you to see the display and press buttons while it protects everything stored inside.

WLAN Pi in the Lenlun bag
WLAN Pi in the Lenlun bag
Attachment to tripod is not as clean as Tern
Battery pack and WLAN Pi inside the bag

Finally, after you are done working, these bags can happily carry your keys, phone, battery pack, and wallet.

Brompton bike with Tern RidePocket

Use SSH key stored on GitHub instead of an SSH password to access your WLAN Pi

By default WLAN Pi, and Linux in general, uses a username and password-based SSH authentication. It involves quite some typing, some brain capacity to remember the password, and it is not the most secure method either.

You can create a public and private key pair. Your SSH client automatically logs in using the private key. The SSH server uses the public key to confirm that you possess the right private key. No password needed, and it also is more secure. The private key is never sent over the network, and this method protects you against man-in-the-middle attacks.

The beauty of this GitHub method is that GitHub stores your SSH public key centrally, which you can easily update, and you can install it to the machine you want to SSH to, by a single command ssh-import-id-gh. You can even add this to a startup script so that it automatically updates your trusted keys.

Let’s do this

ssh-keygen is the program that generates a public/private key pair on your local system. The private key is stored in ~/.ssh/id_rsa, and the public key is stored in ~/.ssh/id_rsa.pub.

The security of this method depends on keeping the private key safe and secure. Make sure not to leave the private key behind.

ssh-keygen -t rsa -C "your@email.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/jiri/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/jiri/.ssh/id_rsa
Your public key has been saved in /Users/jiri/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:.....
The key's randomart image is:
+---[RSA 3072]----+
.....
+----[SHA256]-----+

Display the public key, which is a text file at the end of the day, and copy its content to clipboard:

cat ~/.ssh/id_rsa.pub
ssh-rsa
.....

Save this public key to your GitHub account. Browse to github.com, log in, and open Settings:

Click New SSH key, name the key, paste your public key from the clipboard and save it:

To verify that your key has been added you can browse to https://api.github.com/users/jiribrejcha/keys, where jiribrejcha is your GitHub username:

The last step is to SSH into your WLAN Pi or Linux machine and tell it to use this public key from my GitHub, where jiribrejcha is my GitHub username:

ssh-import-id-gh jiribrejcha

If the command isn’t installed, you can fix that by:

sudo apt install ssh-import-id

Passwordless SSH access

When you authenticate to a server using public key authentication, the SSH client offers a copy of the public key to the server and the server then compares it against the keys listed in your ~/.ssh/authorized_keys file. This key was added automatically by the ssh-import-id-gh command. If the key matches, the server indicates that it is able to proceed with the authentication. The private key is then used to sign a message that includes data specific to the SSH session. The server can then use its copy of the public key to verify the signature.

We have just SSH’d to the Pi without a password prompt.

Special thanks

To Colin Vallance for sharing this tip.

Introducing Telegram Bot for the WLAN Pi

Up until now, you could only use the WLAN Pi display to see its IP address and other IP details. If you are on the same subnet you could do ping wlanpi.local. Alternatively, your DHCP server log or show ip arp on the access switch could tell you.

Telegram Bot for the WLAN Pi automates the whole process and it sends you the IP details of your WLAN Pi whenever the Pi comes online. You can then easily and remotely skim through the details, check its IP address, public IP address, current mode, uptime, switch and port details the WLAN Pi is connected to, or double-check that its Ethernet adapter successfully negotiated 1 Gbps Full Duplex.

And you can do all this from you wrist, phone, tablet or laptop.

How to enable Telegram Bot

  1. Download WLAN Pi image 2.0.1 or newer. Flash it onto an SD card. Boot up from this SD card.
  2. Create a new Telegram account if you do not have one already. Start the Telegram app.
  3. Let’s create a new Telegram bot. Find a person called Botfather and send them a message saying /newbot.
  4. Follow the instructions to create a new bot.
  5. After the new bot is created, copy the API key to a text editor.
  6. Start a new chat with the newly created bot and say Hey, Hi or something like that and welcome them to the blue planet. This is mandatory and you can send more than one message.
  7. Now SSH to the WLAN Pi and run this command with root privileges sudo telegrambot
  8. It will complain about missing API key and tell you where to paste it.
  9. Edit the configuration file, uncomment the second line and paste your own API key from step 5 using sudo nano /etc/networkinfo/telegrambot.conf.
  10. Save the file using CTRL+o (letter o) and exit the editor using CTRL+x.
  11. Make sure you sent a Telegram message in step 6 to your new bot.
  12. Connect your WLAN Pi to the internet.
  13. Finally, reboot by sudo reboot

Multiple Pi’s can use the same API key and send their IP configurations to the same chat or you can have 1 chat per WLAN Pi (my preferred option). It is completely up to you.

How often are Telegram messages sent?

Every time the WLAN Pi reboots and has internet access, it will send a new message to you.

If internet connection goes down (for example when you disconnect the Ethernet cable, DNS server stops responding or something breaks at your ISP while eth0 still remains up) for more than 10 seconds, the WLAN Pi will send you a new message with its fresh details after the internet connection goes up again.

Send a new message manually

Assuming you have completed the setup using the above instructions, you can SSH to the WLAN Pi at any time and send a new Telegram message manually using sudo telegrambot.

How to troubleshoot

If you are not receiving any message from the WLAN Pi, send another message to the Telegram bot using the Telegram app and reboot the Pi.

You can also check the logs and grep for telegrambot:
sudo cat /var/log/messages | grep telegrambot

How to convert hundreds of Cisco Aironet or Catalyst APs from Mobility Express or Embedded Wireless Controller to Lightweight mode using Option 43

You may have used DHCP Option 43 to point an AP to its controller before. But only very few people know that Cisco APs can automatically convert themselves from the built-in controller mode (think Mobility Express or Embedded Wireless Controller) to Lightweight mode after they receive a special Option 43 from a DHCP server.

If you have a pallet of access points (or routers with built-in Wi-Fi in Mobility Express mode) next to your desk and need to convert all of them to Lightweight mode, simply configure DHCP Option 43 in the following format on your DHCP server and plug them into a PoE capable switch. After the APs boot up and receive the option from DHCP server, they automatically switch to the Lightweight mode and attempt to join the configured controller (192.168.130.2 in our case).

Option 43 format used for AP conversion

f2:05:c0:a8:82:02

“f2” tells the AP that we want it to switch to Lightweight mode

“05” means that only one controller IP address will follow

“c0:a8:82:02” is the controller IP address (192.168.130.2 in this case) in hexadecimal format, search for “IP to Hex Converter” if you do no want to do the math

Cisco IOS/IOS-XE DHCP server configuration

You can run DHCP server on a Catalyst switch. The DHCP scope configuration is straightforward.

ip dhcp pool <pool name>
network <ip network> <netmask>
default-router <default-router IP address>
dns-server <dns server IP address>
option 43 hex f205c0a88202

WLAN Pi, Raspberry Pi and any other Linux ISC DHCP server configuration

Special thanks to Nicolas Darchis, who helped me find the “vendor-encapsulated-options” option. It lets you enter Option 43 in the hex format and all it takes is a single line of DHCP server configuration.

# eth0 DHCP scope on ISC DHCP server
subnet 192.168.130.0 netmask 255.255.255.0 {
interface eth0;
range 192.168.130.100 192.168.130.200;
option routers 192.168.130.1;
option domain-name-servers 208.67.222.220, 208.67.222.220;
default-lease-time 86400;
max-lease-time 86400;
option vendor-encapsulated-options f2:05:c0:a8:82:02;
}

DHCP server on Cisco Meraki MX appliance

If your DHCP server runs on a Cisco Meraki MX appliance, you can easily configure Option 43 using Dashboard. Here are the instructions.

Packet capture or it did not happen

Here is the DHCP Offer packet with the special Option 43 value sent from DHCP server to the APs. They will start the conversion automatically after receiving it.

Option 43 which converts the AP from ME or EWC mode to lightweight

Verify successful AP conversion to Lightweight mode

Console to one of the APs and you will notice this message:

[*08/25/2020 23:24:39.5620] Last reload reason : 2: AP type changed from ME to CAPWAP

Or you can let the AP finish its job. And then verify successful conversion to Lightweight mode whenever you are ready using the “show version” command.

9120#show version
<output omitted>
9120 uptime is 0 days, 0 hours, 5 minutes
Last reload time : Tue Aug 25 23:24:39 UTC 2020
Last reload reason : AP type changed from ME to CAPWAP
<output omitted>