In this video we demonstrate how to configure Juniper Switch SSH password in Mist dashboard, where would your switch get management IP address from and how to learn what IP to use to actually connect to the switch using SSH.
Welcome to the WiFi Ninjas Video where we domonstrate how to configure a Juniper Switch using Mist Dashboard. Curious about pros, cons, limitations and what’s available for us to tinker with in this recent Juniper Mist wired integration? Dig in! We tried to cover it all 😉 Enjoy!
Welcome to our latest blog!
If you’re like me and want to have most compact, cold, silent and energy efficient ESXi server at home, you probably looked at Intel NUC more than once 😉
I’m now upgrading (or rather downgrading?) my lovely 2U ESXi that built myself 2 years ago. It is still powerful, but I have no space for it. I will tell you why.
My server room is located under the stairs. It was filled with equipment – Cisco FTD 5506x firewall, Cisco 3560cx switch, Cisco WLC3504, Cisco 9120, 9130, 3x 3702 APs, 2U ESXi server and UPS battery ensuring my NFS storage is not corrupted in the event of a power cut.
All that boxes generated so much heat, that I have decided to make space for clothes airer – my washing was dry just 2-3 hours after putting it inside the server room 🙂 This space could also be used as sauna.
I then decided to simplify my home network and lab. Moved NAS to the cloud, virtualised firewall (chosen Untangle – amazingly sleek), mounted APs properly outside of the server room and switched to Mist.
Now I’m down to just an ESXi server, 1 small, passive, lovely Juniper EX2300-C-12P switch (that can be managed from Mist cloud!) and 2x Mist APs – AP41 and AP43. No more controllers, batteries, firewalls.
Do you see what my problem is?
To fix this, I will put a dehumidifier in that room. But I need more space to do it. This is why I wanted to switch to micro server (NUC) – so I can replace the rack with massive ESXi server with dehumidifier.
I ordered 10th Gen Intel NUC with 64GB of RAM and 2TB SSD – it’s more than enough to run my production and lab networks. But since I no longer have a physical firewall, I encountered a challenge – NUC has only one wired NIC card. I now needed two – one leg connected to BT fibre converter (WAN PPPoE) and one leg connected to the switch (LAN).
After putting ESXi 7.0 on my NUC (it was quite challenging – NUC Intel wired NIC is not supported by ESXi and it required adding Intel NIC drivers to the ESXi image – thank you Bernhard @WiFi_Burns for your help!), I realised that my USB NICs are not recognised when connected.
Additional drivers are required to make it work.
Since we WiFi nerds don’t use VMware excessively, I personally found instructions available from VMware quite confusing and difficult to follow, so I’ve decided to put all steps needed to make external USB network adapters work on Intel NUC running ESXi.
![vmware• ESXi-
O The service TSM-SSH was successfully started
- dismiss
Hardware
Hos
Monitor
5.] Virtual Machines
Storage
datastorel
Monitor
More storagem
Networking
System
Sta
Name
attestd
DCUI
lbtd
ntpd
Ljcensjng
Packages
ces
Stop Restart I
e Refresh
I Actions
Description
attestd
Direct Console UI
Load-Based Teaming Daemon
Active Directory Service
NTP Daemon
PC,'SC Smart Card Daemon
PTP Daemon
CIM Server
SNMP Server
ESXi Shell
v
sfcbd-watchdog
snmpd
Security & users
Status
Stopped
Running
Stopped
Running
Stopped
Stopped
Stopped
Stopped
Stopped
Stopped
Source
Base system
Base system
Base system
Base system
Base system
Base system
Base system
Base system
Base system
Base system](https://wifininjas.net/wp-content/uploads/2020/07/image-11-1024x455.png)
![ssh root@10.10.10.5 — -ssh -l root 10.10.10.5 — 123x4
[Password:
The time and date of this login have been sent to the system logs.
WARNING:
All commands run on the ESXi shell are logged and may be included in
support bundles. Do not provide passwords directly on the command line.
Most tools can prompt for secrets or accept them from standard input.
VMware offers supported, powerful system administration tools.
Please
see www.vmware.com/go/sysadmintools for details.
The Shell can be disabled by an administrative user. See the
vSphere Security documentation for more information.
[(root@WN-ESXi7:-]
[ [ root@WN
root@WN
[[root@WN
-ESXi7:-]
-ESXi7:-]
-ESXi7:-]](https://wifininjas.net/wp-content/uploads/2020/07/image-12.png)
![vmware ESXü
Navigator
Manage
Monitor
6] Wtual Machhes
Storage
WN-ESXi7.O
G) Get vCenterServer I b Create/Register VM I
I Refresh I
WN-ESXi7.O
Version:
Uptime:
7-0.0 (Build 15843807)
Maintenance Mode (not connected to any Center Server)
0.03 days](https://wifininjas.net/wp-content/uploads/2020/07/image-14-1024x243.png)
That’s it!
Your external network adapters should now be natively supported in ESXi 6.5, 6.7 or 7.0 run on 10th Generation Intel NUC.
I have tried two different adapters, Belkin F2CU040btBLK USB-C and some very old USB-A 3.0 Adata one – both worked perfectly. I left Belkin plugged in as it’s much newer and 2 weeks after switching to NUC I can confirm that I’ve not had a single network performance issue. My USB-C wired NIC is happily used as a WAN interface by Untangle Firewall VM. Happy days!
Lastly, if you need Intel NUC 10th Gen ESXi image without having PhD in VMware PowerCLI and Google, give us a shout and we will share the image, hopefully saving you some time!
Tons of love,
WiFi Ninjas x
Hey! Welcome to our latest WiFi Ninjas Blog 🙂 We’ve been busy lately testing some available RTLS solutions from a few different major wireless players and fell absolutely in love with the topic to the point, where we shake from overexcitement when thinking or talking about it ????
This summarises how we feel:
Steve Jobs once said, “people don’t know what they want until you show it to them”. He was right.
20 years ago, WiFi was “a nice to have”. 18 years ago, paper maps were at peak of their popularity, until GPS receivers got small enough to be put in the handheld devices. Is anyone not using Google Maps on their mobile? 15 years ago, not many people felt they needed a wireless headset, until Bluetooth was introduced. 7 years ago, NFC was a niche. Today, most of us use contactless payments using cards, phones or watches.
Indoor wireless RTLS is at the early adoption stage. Technology is available, we just need to make it more interesting and rewarding to use.
Satellite-based location positioning services are not always practical indoors. We could offer wireless RTLS functionality based on WiFi, BLE or soon, possibly, Ultra Wide Band (UWB). Modern smartphones have both WiFi and BLE radios built in. Additionally, new iPhones support UWB. Wireless vendors leverage cell of origin, trilateration, triangulation, angle of arrival, proximity and more with WiFi, BLE, UWB, GPS, NFC, mobile networks or any combination of those methods and technologies, offering different levels of accuracy and functionality. RTLS market is growing fast – according to Bluetooth.com, 1.7 billion devices will use indoor BLE RTLS by 2023, translating to even 500% increase in BLE RTLS implementations in some verticals!
So, what do we need to see the RTLS market explosion? We’ll be speculating, but our hearts tell us that indoor RTLS needs solve real challenges like indoor wayfinding or call for help and simply be more interesting not only for the business’ IT and marketing, but for everyone. We also need more skilled wireless professionals willing to embrace broader wireless technologies and emerging use-cases, like BLE and RTLS, on top of WiFi design, security and analysis skills, while not forgetting about programmability elements.
But enough of the babbling, let’s cut straight to the juicy content! Here is what we will cover in this blog:
Blog Structure:
Note, that number of APs has tripled!
Generally speaking, if the design is good for RTLS, it’s also good for any
other use case (data, voice, most high-density scenarios, etc.). Sometimes some
WiFi radios need to be put into non-client-serving mode as too much WiFi can be
damaging to the performance of the network (topic for a different discussion).
Let’s look at the video showing CMX app, CMX Dashboard and Matt walking around my house ????
The video screams million words! Let’s take a look ????
Below is a quick summary showing results of our tests for different indoor RTLS solutions!
We have recently worked on project for a beautiful, listed retail store in London, where following a very successful design and implementation of Meraki data WiFi network in the store, retail RTLS topic has emerged. With RF design crafted for data, we have faced a very real challenge – would the existing placement, type and number of APs be useful for indoor Real Time Location Services with a zone-level accuracy?What would be the challenges, limitations and reasonable expectations in terms of RTLS usage and accuracy? Could Meraki API help achieve goals set by the business?
RTLS was not in the original scope and, combined with a store physical environment, we have faced some challenges:
Floor diagrams below show the difference in RF Design for Data (what we have) vs RF Design for RTLS (what we would need for WiFi Trilateration to work):
Based on the additional very detailed survey (more than 100 test locations across multiple floors with 3 different device types: flagship Windows 10 laptop, Android phone and iPhone), where we temporarily installed several new APs on tripods, we concluded that achieving satisfactory and reliable zone-location accuracy (10m 90% error distance) using WiFi trilateration would require to approximately double the number of APs. The business has decided not to install additional APs and knowing that a mixture of Meraki and Purple could not offer reliable location insights and that WiFi trilateration would not be practical to use at all (because of the design, regardless of a vendor), we looked for alternative solutions and new success criteria were defined:
We have gathered some facts: data & voice performance over WiFi, capacity, coverage and roaming were all rock solid across all WLANs (MAB/CWA for guests and EAP-TLS machine auth for corp) and for all test devices (company issued laptops, major OSes, newer and older phones). High density areas, like ground floor entrance hall, could get very busy during holiday periods (200+ associated devices in a small 15x20m area) and were covered by three high-gain dual-band sector antennas. 5GHz was almost free of channel contention with careful APs placement around atriums and use of properly tweaked RF Profiles: 20MHz channels width, limited max and min Tx power, disabled data rates of 11Mbps and lower. 2.4GHz was tweaked even more, with several APs having their radios off and max Tx power set to the level, where RSSI was generally lower on 2.4GHz than on 5GHz throughout the store and only OFDM rates were allowed. 2.4GHz was still considered best effort. Presence & analytics with Purple was spotless.
Switching focus to location zone analytics, we have confirmed with a detailed post-deployment survey, that our test clients were reliably associating with APs installed in the zones they were in. WiFi scans from unassociated devices taken in multiple spots in each zone revealed that we could use strongest RSSI reading from one best AP to accurately pinpoint the probing or associated device to the zone it was in. We concluded that we could potentially leverage two attributes to correlate WiFi devices with their current zones:
Two things to note:
To further simplify our zone analytics calculations, we have decided to use just one attribute moving forward – MAC address of the AP that reports the probing or associated devices with strongest RSSI.
We have discovered that it is possible to get the RSSI attribute for every client seen by all near APs with Meraki API location data. Readings are provided every minute and contain RSSI values covering last 60 seconds. While it’s not very fast and could not be used for a blue dot experience, it is enough for our use case – historical view of zone paths and analytics.
Using strongest RSSI proved to be 95% accurate across entire building and 100+ test spots when correlating user (reporting AP) location with a zone.
Raw Data from Meraki API – note ap_mac, seen_time, client_mac and RSSI
As we know exactly which zone all the APs are installed on, we could easily generate reports showing clients paths with zone accuracy, time spent in each zone, number of clients per zone, etc. without relying on wrongly pre-calculated Meraki XY coordinates.
To automate the zone paths visualisation and zone analytics, client’s software development team has created a tool to do just that. At this point, imagination was the limit.
Sometimes we are limited by a solution functionality when trying to meet
client’s requirements. In our example, Purple could only use Meraki
pre-calculated XY coordinates and it was not practical or accurate enough (even
for a zone-wide accuracy) to use with a data / voice RF design. Let’s answer
our initial question. Do You Need RTLS RF Design for WiFi Location, Presence
& Analytics? Short answer is “no” for presence & analytics
and “it depends” for location. Presence & analytics provide us with
network-wide stats, without the location awareness and therefore will not require
RTLS design. Location, however, requires very careful RF design to provide
different levels of accuracy. With a solid data RF design, where
association and roaming trends are reliably predictable, we could expect solid zone-wide
accuracy. Anything more accurate (trilateration, Hyperlocation, vBLE) would
require more APs, detailed survey, RTLS RF design, careful placement of
APs/antennas and pedantic maps services configuration with spotless APs
positions, height and azimuth set.
At Natilik, we’re currently in the process of upgrading our showcase with Cisco DNA. The plan is to have full SDA Fabric, C9800-based Fabric Wireless, proper RF design with Cisco 4800 APs, CMX and DNAS in one part of the office and a mixture of AP43 with BT11 in the other part. We’d love to not only showcase Cisco Hyperlocation and Mist BLE Arrays in action, but also leverage the tech to offer indoor wayfinding with turn by turn navigation and onboard guests using Hotspot 2.0 (called Open Roaming by Cisco) for our visitors WiFi.
As of today, we don’t have the new showcase fully running yet, so all we have to play with is ‘standard’ corporate WiFi design for Voice and Data.
The above shows one out of the two floors we occupy. With current design, all we can use is Cell of Origin and, around reception, WiFi Trilateration. And that’s it. Location Calculation Frequency of 11-15 seconds is not enough to offer blue dot experience, but we thought it could still be good enough to solve some wayfinding challenges!
We have Cisco AireOS Wireless with CMX, Cisco WebEx Teams and everyone has a corporate phone enrolled with Meraki MDM.
We would love to use the kit we have today to locate a colleague, zone or a meeting room by asking WebEx Teams chatbot about the location of person/location we’re after without the need to install the mobile application, as we can’t have a turn-by-turn indoor navigation just yet anyway.
Let’s imagine that Mac wants to find Matt (yeah, we don’t hold our hands all the time and sometimes attend different meetings on different floors, lol). How do I do it? How would WebEx Teams chatbot know about my or Matt’s location? How could it show or tell me how to find him? Is it really that helpful with approximately 10-12m 90% error distance accuracy? Can we still draw an indoor map showing where should Mac go to find Matt?
First, we had to set realistic expectations. We shouldn’t expect the solution to pinpoint user to his or her desk knowing, that calculated user location has 10-12m accuracy. Instead, we have decided to use zones that are big enough to account for that location accuracy.
Here are the zones we’ve created, ensuring that each zone has at least one AP. We’ve also considered expected AP association ensuring it all makes sense:
Now, we need to figure out what happens when Mac is asking WebEx Teams chatbot about Matt’s location.
Wait, what is a chatbot? Good question! Most modern enterprise messaging solutions allow to create custom chatbots with custom functionality. We are fortunate enough to have a proper coding nerd in our ranks, Darren, that finds coding chatbots as easy as you probably find putting your socks on. Darren has created NatBot (I wonder where the name comes from!), that can translate natural language with certain key words to specific actions.
To make it all fly, we’ll leverage Cisco CMX Location API, Cisco Meraki MDM API and a cloud map service (i.e. Mapwize) to visualise the results.
Finally, let’s look at detailed steps that are happening in the background when Mac is looking for Matt ????
Sounds complicated? Watching this short video should clear things up!
This is just the tip of the iceberg and we have some more ideas about what to do next, once the new showcase is in! ???? Here is the list:
Lastly, here is some stuff that we think might save you some ball ache ????
You’ve made it! This blog has almost 6000 words. Well done! ????
With tons of love,
WiFi Ninjas x
We have recently come across few production networks, where distance between two APs or APs and a client stations was much closer than I was comfortable with.
Natural reaction was to suggest moving radios at least few metres apart. But why exactly? What happens when two or more transmitting radios are too close to one another? How would placing a laptop next to the AP affect wireless network quality?
Intrigued and eager to answer questions that, interestingly, no one was asking, I have decided to lab it up, research it more deeply and document my findings. I quickly realised that there is not one, but two issues potentially affecting wireless transmission, where distances between radios were too short. Let’s discuss Channel Leakage and Near-Field Interference.
Structure:
Few months after a successful design and refresh of a WiFi estate for a financial institution in London, I came back to work on a periodic wireless survey and to assess if there is anything that would be potentially stopping them from introducing more agile working heavily relying on the new WiFi deployment.
I was told that there is a separate company that is working closely with my client in the same offices and that they use their own, separate WiFi network. They have decided to put their own APs next (few inches away) to our APs convinced that since it worked perfectly for my client, it would continue working when two overlaid networks operate simultaneously. This is how the new original vs new deployment looked like:
Having completed the survey, we have concluded that city centre location inside a multi-tenant building with multiple WiFi networks leaking from the outside and adjacent floors combined with two separate, overlaid WiFi networks contributed to very high CCI averaging at 10 or sometimes more. RF tuning across both networks has helped a lot with the contention but the overall quality of the WiFi was still not great. It felt slow despite having strong underlying infrastructure, little CCI and fast Internet pipe. Quick wireless capture has revealed excessive retransmissions rates peaking at 30% in some areas even when there were not too many clients (maybe 10 per radio, often less) competing for the airtime, channel utilisation peaking at 10% and with no obvious faults with the configuration.
Next step was to reproduce the issue in the lab, where I wanted to show how channel separation and AP-to-AP distance impacts percentage of retries in the wireless transmission.
4 different tests were performed, each test involved wireless capture over 30 seconds and was repeated 5 times to minimise measurement errors:
We can clearly see in Test 1, that close physical distance between radios combined with no channel separation resulted in 15.4% retries.
Introducing 200MHz channel separation (Test 3) without extending distance between radios has reduced retries ratio by about half, to 8.2%.
Moving APs 3 metres away from one another has further reduced the retries to 3.9% (Test2; no channel separation) and 2.3% (Test 4; 200MHz channel separation).
Unplanned channel leakage really is an adjacent-channel interference, even though our channels theoretically don’t overlap. ACI will naturally cause increased number of retries, and therefore decrease the throughput and contribute to the slow WiFi perception.
Note: we used flagship Cisco APs with great quality of components providing great RF accuracy. Using cheaper APs that pack cheaper antennas and radios would result in less stellar performance of spectral masks (algorithms applied to the levels of radio transmissions used to reduce main channel leaking to adjacent channels) and amplify the effects of intermodulation (signal modulation on two or more different, non-harmonic, frequencies), increasing effects of ACI and percentage of retries when reasonable channel separation and physical distance between AP radios are not maintained.
Another distance issue that I have frequently seen in an enterprise environment is placing receivers too close to transmitters.
Let’s start with a quick definition of what near-field is in wireless.
Near-field is a 1 wavelength region, where electromagnetic field EM charges and electric charge effects are extensively produced, potentially negatively affecting quality of the received transmission within this region.
Near-field interference decreases drastically, in a logarithmic fashion, when the receiver is moved farther away from the transmitter. It is normally considered enough to be 1 wavelength away from the transmitter to negate the impact of near-field interference. Near-field also affects reflected signal for Rx antennas.
Based on the above, we can conclude that:
How far is 1 wavelength? It depends on the frequency. The higher the frequency the shorter the wavelength. Here are the wavelength calculations for our beloved 802.11 bands:
2.4GHz frequency wavelength = 12.5cm
5GHz frequency wavelength = 6cm
Now we know, that when we position 2.4GHz radios closer than 12.5cm away from one another (or 6cm in 5GHz) we would suffer from extensive near-field interference and that the situation would improve greatly when we start increasing this distance. Bear in mind, that unwanted channel leakage might contribute to packets corruption here too, so it typically is recommended to keep at least few metres distance between the radios!
Couple of examples, where near-field interference can affect quality of WiFi transmission:
We must remember that WiFi is not NFC! ????
In this test I targeted impact of near-field interference on wireless receive quality, where receiver (AP in a sniffing mode) was within 1 wavelength of a transmitter (AP serving clients).
It was enough to perform a very simple test here – check captured packets integrity in two scenarios:
Here are the results:
Test 1 captures, where APs are fairly far away from one another, are clean. Putting transmitting and receiving radios very close together (Test 2) results in corruption of almost all packets transmitted by client-serving AP.
When receiver is placed too close to transmitter (especially
true when the distance is less than 1 wavelength apart), near field
interference will cause packets to lose integrity and result in failed Frames
Check Sequence (FCS).
As shown in the above tests, unwanted channel leakage can seriously affect the transmission quality over distances less than few metres, especially without proper channel separation on the neighbouring BSSIDs. Near-field interference can cause corruption of most of the transmitted frames, where distance between transmitting and receiving radios is less than 1 wavelength apart. Finally, after having a chat with my friend Nigel (Twitter @WiFiNigel), we have concluded that the Rx overdrive might also play a role in the frames corruption. Unfortunately, it is difficult to ascertain which phenomena impacts the frames corruption most using the home lab, so I’ll just conclude with this: don’t stack APs! 🙂 And put them away from strong reflectors. All above issues can be easily avoided by using good quality enterprise equipment, solid RF design and having a high-level understanding of how the distance induced interference can affect the quality of the wireless transmission.
In our previous blog (please start there), we were typing in all the site IDs, WLAN IDs, API authentication tokens & Mist API HTTPS URL manually. It’s no fun, right?
Since we’re likely to interact with Mist API using one Mist account, we’ll probably use one API key globally.
Additionally, we’ll probably interact with specific organisations, sites or attributes (like WLANs) that are more ‘local’. It might be separate clients in a managed service environment or separate sites under one org. Whatever it is, it makes sense to think of it as a specific, local environment, something that is not global.
Surprise! We can define our variables on both “Environment” and “Global” level in Postman.
API token will be set as a “Global” variable, and all the rest attributes we used so far will be defined inside an “Environment” called “Mist WiFi Ninjas”.
Mission:
First, note that we are not using any environments right now.
Our request still has long, manually pasted streams representing site, WLAN and Mist API URL.
Let’s create our new Environment and name it “Mist WiFi Ninjas”
Define our variables on the Environment level
Go to Globals
Define your global token.
Remember to include “Token ” prefix before pasting actual token value.
Replace our manual values with variables
Enjoy Postman environment that is easier on the eyes! Easy peasy lemon squeezy!
With love,
WiFi Ninjas x
Let’s face the truth. We can’t avoid dev stuff in WiFi forever! REST API, Python, JSON, Ansible and whatever else is needed – here we come!
It’s time. This is day 1 of our studies!
The mission for today? Actually we have a few 🙂
Extreeeemely complicated, we know 😉
Let’s assume everyone knows what the API is. In case it’s not the case, here is a quick read:
https://www.howtogeek.com/343877/what-is-an-api/
Mist (and most other Enterprise solutions) use REST:
Lastly, from Mist Documentation:
https://www.mist.com/documentation/category/api/
Steps to complete our little task below!
You can get it here:
https://www.getpostman.com/downloads/
Token is needed so the Mist Dash can authorize us to access API.
Log into Mist Dash, then go to and hit ‘POST’:
https://api.mist.com/api/v1/self/apitokens
If you hit ‘POST’ again, new token will be generated!
Take note of the “key” – it’s our token.
Let’s assume we want to list created WLANs in the test ‘WiFi Ninjas’ site.
Mist API is nicely documented. You can go to Mist API documentation page to check the URL for everything that’s possible using RESTful API:
https://api.mist.com/api/v1/docs/Home
We now know the syntax to get our WLANs.
Next we need to know the “WiFi Ninjas” Site ID to check against.
Go to Mist Dash. You can get Org ID and Site ID from the browser URL:
We now have everything we need to list our WLANs in ‘WiFi Ninjas’ site!
![O Postman
File Edit View
Q Filter
History
Help
Import
Collections
Runner
APIs BETA
Clear all
My Workspace •
Invite
NO Environment
GET https•.//api.mist.com//api/vl/sit.., •
Untitled Request
(D Save Responses
Today
https://api.mist.com//ag
O GET 98886fb1c48ef.b905-8 +
4/"' lans
May 8
Params
Authorization
upgrade
Save
Cookies Code
presets
Headers (2)
Authorization
Content-Type
Key
Temporary Headers (7) O
Body Cookies Headers ( 1 6)
Headers (9)
Test Results
Visualize
Body Pre-request Script
Tests
VALUE
Token UTEmqoKcpxImnGodssHzozcn8Sk7PCcm.
application/json
Value
status: 2000K
DESCRIPTION
Description
Time: 673ms
Bulk Edit
Size: 8.45 KB
Save Response
Pretty Raw
Preview
"class": "best effort",
"over"Arite": false
"org_id": "d2b94bf9-22be-4af1-aød1-68e162fbe199",
"dtim": 2,
"hide 55id": false,
"acct_servers": t],
"created time": 1557492085,
"disable_uapsd": false,
"allow mdns": false,
"apply_to"• "site",
"app_limit": {
"enabled": false,
"apps" •
"wxtag_id5": O
: "a88d6cdd-6aaS-4eb2-8cd9-fb8731ab18e2" ,
"vlan id": 20,
"wxtag_ids": null,
"SSI t"
v an_poo Ing :
"wlan limit dcmn": 2øøøe,
"wxtunnel id": null,
"auth serwers nas id": "
false,
"site id •
". "efc98886-fb1c-48ef-b9ø5-81920edS7dS4",
"disable Hmm": false,
"airwatch": {
"username" .
"api_key"• " ,
"console url": "
"password" • "
"enabled": false
"schedule": {](https://i0.wp.com/wifininjas.net/wp-content/uploads/2019/11/WNB018-05.png?fit=1024%2C1012&ssl=1)
We should now see the details of just “WiFiNinjas(.)(.)” WLAN.
PS. We love that (.)(.) suffix!
Let’s rename “WiFiNinjas(.)(.)” to “WiFiNinjasTitties”! 🙂
Since we’re changing WLAN config, we’ll use PUT this time.
Change request type to PUT, go to “Body” tab, ensure “JSON” type is selected and write down lines that you want changed between curly brackets.
Note, that there is no comma at the end of the line.
You can now refresh your Mist Dash or GET the WLAN info via API to check if the name was changed.
Worked like charm! 🙂
Finally, we can use Postman to translate our actions into code (we’ll stick to Python), that can be used in scripts.
That’s it!
We have successfully listed all Mist WLANs, then narrowed it down to one WLAN and finally we’ve changed the name of that WLAN. All with REST API GET and PUT requests – how cool!
With love,
WiFi Ninjas x
Upgrading Cisco Catalyst 9800 software is easy and sleek.
You could use all standards protocols to put a new image on the controller: FTP, TFTP, SFTP or HTTPS.
Here are the steps:
Installation and reload is extremely fast and takes just a minute or two (at least for the CL version).
Enjoy!
It’s simple, right? Sure! Took me a while to figure that one out.
Our goal in this post is to demo Cisco Catalyst 9800 WLC FlexConnect Configuration.
It’s assumed you’re familiar with all C9800 solution building blocks (we’ve covered it before here) but if it’s your first time, here is very quick recap:
And this is the lab. Note that VLAN 20 is now removed from the ESXi Trunk on the switch port G0/7. It is no longer needed as the AP plugged to port G0/1 will be dropping users’ data locally now.
In this example, we still have my AP registered as ‘local’ (central switching), centrally switched SSID is up, my phone is associated and has full access following the ‘central switching deployment’ blog here.
The only places where the config is different between Central and Flex are:
I’ll put more wording around the above only, as we’ve already covered all other relevant details in the ‘centrally switched’ blog post here.
This is how we registered AP as Flex and configured locally switched Flex WLAN.
For simplicity, I just deleted all Profiles and Tags except of RF Profile and RF Tag (and that’s it, I didn’t delete anything else; still, don’t worry if you start with a fresh blank config :))
“Central Switching” must be unticked to enable Flex Connect Local Switching; it also makes sense to untick “Central DHCP” as we’re probably happier with DHCP process being handled locally and not via a WLC. I also like to include the VLAN ID that we are mapping this Policy Profile to in the Name or Description, as we might have more Policy Profiles mapping different VLANs for different WLANs and it’s good to know what policy does what just by glancing at its name or description.
“VLAN/VLAN Group” is where you map WLAN to a VLAN! There is no direct equivalent to that mapping as we know from the AireOS. Please note that if you create a VLAN & name it (either through CLI: (config)# vlan 20; (config-vlan)# name LAB-WIRELESS-USERS or GUI: Configuration > Layer2 > VLAN) and use VLAN name to refer to it in a Policy Profile, it WILL NOT WORK! You must refer to a VLAN via its ID (and not a name, since it doesn’t exist on the AP!). If you want to refer a VLAN name here, you must specify 100% matching VLAN ID and corresponding VLAN name in the Flex Profile. See “Flex Profile” section below for more details.
We didn’t have to create Flex Profile for Centrally Switched WLAN, but we will need it here. We can use Flex Profile for many different things, but those are quite important:
We’ve come to the last place, where Flex relevant config sits! The second we untick “Enable Local Site”, “Flex Profile” dropdown appears. For the AP to join the WLC as a Flex AP, we need to untick “Enable Local Site” and select “Flex Profile” that the AP will use.
Since I created them in our ‘central’ switching blog and didn’t delete them, refer to our blog here to find out more about RF Profiles and Tags.
AP(s) will now reboot and should join back as a Flex AP and broadcast our SSID:
That’s it! 🙂 We massively hope it was helpful for someone!
Tons of love,
WiFi Ninjas x
Hey! And welcome to another C9800 blog 🙂 Recently, Matt has blogged about Redundancy configuration using GUI and covered HA/SSO operation here. Today, I wanted to do a deeper dive into the topic. Enjoy!
In my lab, both C9800-CL VMs will sit on a single ESXi box. In the real world, they would rather be distributed across separate VM hosts or even separate geographical locations. In any case, configuration would stay identical and same pre-reqs are still relevant. Most importantly, both vWLCs need access to the LAN on their mgmt. interface (that will also be used by APs to register to) and a separate ‘P2P’ L2 link to form & monitor HA and sync configuration.
See a full picture of my lab below:
And to make things simple, also see a simplified logical diagram of C9800-CL networking and interfaces mapping to the VMware vSwitches:
I feel CLI gives us better visibility into what is happening on both WLCs while forming HA Redundancy, therefore we will use CLI here. It is possible to use GUI too, but I am not a huge fan of “click, wait, pray and hope for the best” approach, where I can’t see what’s happening 🙂
Refer to our previous C9800-CL Redundancy blog written by Matt here
Note: Standby WLC would need to be accessible on its management IP address to use GUI for Redundancy configuration.
It is good and useful to know how to monitor, tshoot and validate HA Redundancy configuration. You can do it in both CLI (see below) and GUI (Monitoring > System > Redundancy; Dashboard > Slot: Active / Standby)
# show chassis
# show chassis ha-status local
# show redundancy
Yeh, totally get it – me too 😉 I’ll drop some useful stuff that I came across and used at some point here that might help with configuration and troubleshooting.
This is how it looks in the CLI:
Note: it’s enough to clear chassis information on the active HA Pair WLC, despite the information that the ‘other’ (Backup) chassis will keep its HA configuration. I’ve tested it and it will not! Backup chassis will also reboot with clear redundancy config!
This is how successful HA formation should look like in a console of both Active and Passive WLCs:
Successful HA/SSO Formation upon reboot once ha-interface was configured; Active (left) was elected Active due to higher priority
That’s it for now! It feels great to play around with new toys and discovering differences between old and new WLCs! Don’t hesitate to comment, add to the discussion or simply let the world know that you are enjoying beta-testing Cisco gen 1 products as much as we are 😉