WiFi Ninjas

WN Podcast 022 – Best of #WLPC Prague 2019 with CTS and Banters!

Listen to our joint podcast with Clear-to-Send and Wireless Banter Show, where we go behind and in front of the scenes at #WLPC EU 2019 in Prague! Thanks @Matt @Rowell @Francois @Jussi @Jerry @Joel @Keith @Peter @Gjermund @Andrew and Dick Burner aka @Nick!

Also see Clear to Send and Wireless Banter Show!

With tons of love x,

WiFi Ninjas

WN Podcast 021 – Cisco Catalyst 9800 WLC – Built & Basics

Welcome to our new WiFi Ninjas Podcast episode!

Today, we kick of the Cisco Catalyst 9800 Podcast series, where we will cover some nitty & gritty stuff and share our real world deployment tips and experiences about those new, hot WLCs!

Let’s start with basics ๐Ÿ™‚

  • What is C9800?
  • 9800-80 โ€“ 2RU Appliance
    • 80Gbps
    • 6000 APs
    • 64,000 Clients
    • 100Gbps Uplink Module Option!
  • 9800-40 โ€“ 1RU Appliance
    • 40Gbps
    • 2000 APs
    • 32,000 Clients
  • 9800-CL โ€“ Public/Private Cloud Virtual Controller
    • VMWare/KVM/AWS/GCP
    • 2Gbps of centrally-switched traffic
    • 6,000 APs
    • 64,000 Clients
    • Supported features that were not supported on the AireOS vWLC
      • SSO High Availability
      • Local or Flex Mode APs
      • Guest Anchoring
  • 9800-SW โ€“ Embedded 9300/9500 Switch Controller
    • 200 APs
    • 4,000 Clients
    • Indirect AP Support (APs can be connected to downstream switches)
  • 9800-L
    • 250 Aps
    • 5000 clients
    • Max throughput 5Gbps
    • Fixed uplinks 2 x 10gbps
  • Features
  • Built
    • VMware
      • Networking
        • 3 interfaces
        • HA considerations
        • Trunk
          • Accept Promiscuous Mode!
        • Central vs Flex
        • OOB
          • Not used
      • Kill the autoinstall, CLI (at least for us) is quicker
      • VLAN and SVI for mgmt
      • Set country code
      • Specify interface (mgmt SVI) to be used for wireless mgmt / AP join
      • Create a cert, validate its creation with sh wireless management trustpoint
      • Configure SSH
    • Physical
  • Challenges
    • Internal DHCP
      • ‘Reserved Only’ turned on by default
      • Configure DHCP Pool, starting IP, ending IP, lease time, gate, DNS, domain
      • Set DHCP Server IP address to be C9800 mgmt.
    • Prime bug
    • Compatibility with other Cisco infra
    • AAA attribute
  • Guest Flow
    • MAB CWA
    • Redirection ACL is not applied anywhere, it’s just referred to by ISE AuthZ Profile
    • Use WLAN guest ACL or have it referenced back by RADIUS

With tons of love x,

WiFi Ninjas

WN Podcast 020 – Airport WiFi Design with Jim Palmer โ€“ Part 2

Welcome to our new WiFi Ninjas Podcast episode! This is a continuation to an extremely interesting discussion about WiFi Airport Design with the best WiFi Airport Ninja in the world – Jim Palmer!

We’re discussing rate limiting effects on the network, security, authentication and more!

As mentioned on the show, here is the link for Jim’s cool video about rate limiting, that really is eyes opening! ๐Ÿ™‚

Thanks for listening and enjoy! And comment. And shout if you like it or donโ€™t like it or if youโ€™d like us to talk about anything specific in future episodes!

With tons of love x,

WiFi Ninjas

WN Podcast 019 – Airport WiFi Design with Jim Palmer โ€“ Part 1

Welcome to our new WiFi Ninjas Podcast episode! Today we kick off a very interesting discussion around WiFi Airport Design with probably the best WiFi Airport specialist in the world – Jim Palmer!

  • A bit about Jim
    • CWNE #304
    • Ekahau Master 31
    • Runs a very busy American Airport
  • Wireless Physical Design
    • APs / Antennas Placement and types
    • RF considerations
  • Wireless Configuration
    • High Density approach
    • Roaming approach
  • Apps
    • Apps used by clients
    • Apps used by stuff
  • Project Lifecycle
    • Project Management of this thing
    • Predictive, pre-deployment and post deployment surveys etc.
    • Liasing with contractors and 3rd parties
    • Additional Testing?
  • LAN & WAN
    • Internet pipe
    • LAN structure
    • Throughput concerns
    • Cabling
    • Bottlenecks
  • Security
    • Onboarding
    • Auth
    • What infra used?
    • Encryption
    • Content filtering
    • Additional security features
  • Challenges
    • DFS?
    • Distance to the switch
    • PoE
    • Mounting restrictions
    • Obstructions, metal
    • Other networks, concessions
    • Interferers
  • Ninja Tips
  • Lessons learned

Thanks for listening and enjoy! Shout if you like it or donโ€™t like it or if youโ€™d like us to talk about anything specific in future episodes โ€“ we would be delighted to know your thoughts!

With tons of love x,

WiFi Ninjas

WN Podcast 018 – Protocol Analysis Talk with Peter MacKenzie – Part 2

Welcome to our new WiFi Ninjas Podcast episode! This a second part of our protocol analysis discussion with Jedi Grandmaster Peter MacKenzie!

A bit about Peter:

  • CWNE #33
  • Head of Technical Operations at MarQuest Limited
  • Graduated from the University of Hull with a 1st class honours degree
  • Co-author of the CWAP study guide published by Wiley
  • Member of the CWNE Board of Advisers

Do we still call you Peter? We see Jim Palmer is trying to find a new nickname for you ๐Ÿ˜€

  • Peter Packets?
  • Sir sniff a lot
  • The Duke of Frames
  • Peter McPacketface

A bit about MarQuest limited: – http://www.marquest.com/

  • MarQuestโ€™s customer base includes large organisations across several sectors such as finance, education, government, retail and legal services. Operating from UK offices in Beverley (Yorkshire) and Oxford, we provide services and solutions to all national regions. Our international reputation for technical excellence has led to global provision of services and product supply to countries in mainland Europe, North America and APAC countries (including India and Australia).

Protocol Analysis

  • What is protocol analysis
  • Capturing tools
  • Capture location and duration
  • Capture on a single channel, multiple channel, 1SS, 2SS, etc.
  • Roaming in captures
  • Capture and display filters, colouring, columns, etc.
  • Decryption procedures
  • Other tools: WLAN scanners and discovery tools, captures visualisation and stats
  • Centralised captures and monitoring, alerting and forensic tools
  • Tshoot framework: Define, scale, causes, capture, analyse, observe, remedy, document

Spectrum Analysis

  • What is spectrum analysis
  • Spectrum analysis tools and views
  • Noise and SNR
  • Locate and identify WiFi and non-WiFi interferers based on their RF signature
  • Duty cycle vs spectrum utilisation
  • CCI vs ACI – understand impact of channel interference on WiFi performance
  • Identify 802.11 PHYs looking at FFT

PHY Layers and Technologies

  • PLCP and PMD sublayers
  • PHY technologies in captures: PHY headers, preambles, training fields, frame aggregation and data rates
  • Pseudo-headers: RSSI, rate, MCS, duration, channel, properties, noise, etc.
  • Protocol analysers limits: supported PHYs, SS, SGI, etc.

MAC Sublayer and Functions

  • Frame encapsulation and frame aggregation
  • MAC Frame Format
  • 802.11 Management Frame Formats
  • Data and QoS Data Frame Formats
  • 802.11 Control Frame Formats
  • BSS config: country code, rates, beacons, WMM, RSN, HT/VHT/HE, channels, SSID name, CRC

WLAN Medium Access

  • Distributed Coordination Function (DCF): carrier sense, energy detect, NAV, contention window, random backoff and spacing
  • Enhanced Distributed Channel Access (EDCA)
  • Wi-Fi Multimedia (WMM)
  • Analyse QoS configuration and operations: captures and end-to-end implementation

802.11 Frame Exchanges

  • Discovery, authentication, association
  • EAP and PSK auth
  • 4-way handshake
  • Roaming optimisations (802.11r, v and k) and considerations (sticky clients, excessive roaming)
  • ACK, RTS/CTS, QoS Data, Block ACK
  • Analyse HT/VHT/HE specific transmission methods
  • MIMO, TxBF, MU-MIMO, MRC
  • Frame aggregation (A-MSDU and A-MPDU)
  • Power Saving operations
  • Protection mechanisms
  • Band Steering 

Thanks for listening and enjoy! And comment. And shout if you like it or donโ€™t like it or if youโ€™d like us to talk about anything specific in future episodes!

With tons of love x,

WiFi Ninjas

WN Podcast 017 – Protocol Analysis Talk with Peter MacKenzie – Part 1

Welcome to our new WiFi Ninjas Podcast episode!

We are indeed very privileged to have a true WiFi Master on as our guest, Peter MacKenzie from MarQuest Limited, to discuss Wireless Protocol Analysis.

Today’s show is special to our hearts as we both think of Peter as our WiFi Sensei! ;]

A bit about Peter:

  • CWNE #33
  • Head of Technical Operations at MarQuest Limited
  • Graduated from the University of Hull with a 1st class honours degree
  • Co-author of the CWAP study guide published by Wiley
  • Member of the CWNE Board of Advisers

Do we still call you Peter? We see Jim Palmer is trying to find a new nickname for you!  

  • Peter Packets?
  • Sir sniff a lot
  • The Duke of Frames
  • Peter McPacketface

A bit about MarQuest limited: – http://www.marquest.com/

  • MarQuestโ€™s customer base includes large organisations across several sectors such as finance, education, government, retail and legal services. Operating from UK offices in Beverley (Yorkshire) and Oxford, we provide services and solutions to all national regions. Our international reputation for technical excellence has led to global provision of services and product supply to countries in mainland Europe, North America and APAC countries (including India and Australia).

Protocol Analysis

  • What is protocol analysis
  • Capturing tools
  • Capture location and duration
  • Capture on a single channel, multiple channel, 1SS, 2SS, etc.
  • Roaming in captures
  • Capture and display filters, colouring, columns, etc.
  • Decryption procedures
  • Other tools: WLAN scanners and discovery tools, captures visualisation and stats
  • Centralised captures and monitoring, alerting and forensic tools
  • Tshoot framework: Define, scale, causes, capture, analyse, observe, remedy, document

Spectrum Analysis

  • What is spectrum analysis
  • Spectrum analysis tools and views
  • Noise and SNR
  • Locate and identify WiFi and non-WiFi interferers based on their RF signature
  • Duty cycle vs spectrum utilisation
  • CCI vs ACI – understand impact of channel interference on WiFi performance
  • Identify 802.11 PHYs looking at FFT

PHY Layers and Technologies

  • PLCP and PMD sublayers
  • PHY technologies in captures: PHY headers, preambles, training fields, frame aggregation and data rates
  • Pseudo-headers: RSSI, rate, MCS, duration, channel, properties, noise, etc.
  • Protocol analysers limits: supported PHYs, SS, SGI, etc.

MAC Sublayer and Functions

  • Frame encapsulation and frame aggregation
  • MAC Frame Format
  • 802.11 Management Frame Formats
  • Data and QoS Data Frame Formats
  • 802.11 Control Frame Formats
  • BSS config: country code, rates, beacons, WMM, RSN, HT/VHT/HE, channels, SSID name, CRC

WLAN Medium Access

  • Distributed Coordination Function (DCF): carrier sense, energy detect, NAV, contention window, random backoff and spacing
  • Enhanced Distributed Channel Access (EDCA)
  • Wi-Fi Multimedia (WMM)
  • Analyse QoS configuration and operations: captures and end-to-end implementation

802.11 Frame Exchanges

  • Discovery, authentication, association
  • EAP and PSK auth
  • 4-way handshake
  • Roaming optimisations (802.11r, v and k) and considerations (sticky clients, excessive roaming)
  • ACK, RTS/CTS, QoS Data, Block ACK
  • Analyse HT/VHT/HE specific transmission methods
  • MIMO, TxBF, MU-MIMO, MRC
  • Frame aggregation (A-MSDU and A-MPDU)
  • Power Saving operations
  • Protection mechanisms
  • Band Steering 

Thanks for listening and enjoy! And comment. And shout if you like it or donโ€™t like it or if youโ€™d like us to talk about anything specific in future episodes!

With tons of love x,

WiFi Ninjas

WN Podcast 016 โ€“ WiFi 6 In The Wild โ€“ Part 2 โ€“ Real World

Hello! Welcome to our new & juicy podcast episode 16! Today we are following up with a second part of the โ€œWiFi 6 In the Wildโ€ deep dive, where weโ€™ll discuss real world of WiFi 6 operations and enhancements, trying to focus on whatโ€™s practical and important without sounding like marketing broken record ^_^

Todayโ€™s show notes will be quite short, as weโ€™ve blogged about this topic here: https://wifininjas.net/index.php/2019/07/03/wn-blog-003-wifi-6-deep-dive-real-world-testing/

Enjoy! And comment. And shout if you like it or donโ€™t like it or if youโ€™d like us to talk about anything specific in future episodes!

With tons of love x,

WiFi Ninjas

WN Blog 005 โ€“ WiFi Ninjas WiFi 6 Network Nomads Meetup

Welcome to our WiFi 6 network nomads event , where we discussed real world of WiFi 6 operations, enhancements and testing! trying to focus on whatโ€™s practical and important without sounding like a marketing broken record

With tons of love, WiFi Ninjas

WN Podcast 015 โ€“ WiFi 6 In The Wild – Part 1 – The Theory

Hello! Welcome to our new & juicy podcast episode 15! Today we are kicking off the 2-parts “WiFi 6 In the Wild” series, where we’ll discuss real world of WiFi 6 operations and enhancements, trying to focus on what’s practical and important without sounding like marketing broken record ๐Ÿ˜‰

Today’s show notes will be quite short, as we’ve blogged about this topic here: https://wifininjas.net/index.php/2019/07/03/wn-blog-003-wifi-6-deep-dive-real-world-testing/

As mentioned in the podcast, we’ll include some more info about the modulation and encoding but felt last minute that a blog post would be more appropriate than a single picture in the show notes ๐Ÿ™‚ More details here: https://wifininjas.net/index.php/2019/07/07/wn-blog-004-wifi-1-5-modulation-encoding-techniques/

Enjoy! And comment. And shout if you like it or don’t like it or if you’d like us to talk about anything specific in future episodes!

With tons of love x,

WiFi Ninjas

WN Blog 003 – WiFi 6 Deep Dive & Real World Testing

Hey, welcome to our WiFi 6 deep dive & real-world testing blog.

We’ve just hosted a WiFi 6 Network Nomads event with Natilik and put quite a lot of time and effort into preparing for this event, recorded a juicy podcast on WiFi 6 with David Coleman, studied hard & tested ax with some WiFi 6 clients on a WiFi 6 AP running beta code enabling some ax features ๐Ÿ˜‰

We both wanted to share with you our real-world findings and experience of WiFi 6.

Before we jump into our testing and finding lets first have a quick recap on the evolution of WiFi:

Evolution of WiFi
Evolution of WiFi

Just wanted to mention key milestones here:

  1. 802.11a added OFDM support and 64 QAM modulation, enabling us to use amplitude and phase to represent 64 different symbols containing more data within the same TxOP, increasing throughput substantially, from 11Mbps to 54Mbps
  2. 802.11n added support for MIMO and channel bonding – both extremely valuabe features:
    • MIMO enables us to use multiple receiving/transmitting antennas to either increase bandwidth (spacial multiplexing) or quality of transmitted or received signal (TxBF and MRC). One thing to note is that we can’t combine multiple MIMO features, so spatial multiplexing is the most popular choice there ๐Ÿ™‚
    • Channel bonding enables us to more than double (less % of null carriers in wider channels) achievable data rate every time we double the channel width. Please be aware that bonding channels might increase channel interference (CCI, ACI) and doubling the channel width decreases SNR by 3dB due to doubling the noise floor
  3. 802.11ac massively simplified complexity introduced in 802.11n. Most notably, number of available PPDU types was reduced from three in WiFi 4 (HT, legacy and mixed) to just one in WiFi 5, happily catering for the legacy devices. Additionally, there is just one TxBF implementation type specified in the standard instead of two. Main goal of ac, on top of reducing complexity, was to increase speed
  4. 802.11ax is not about speed anymore, it’s focused on efficiency instead (but it’s also faster, so can’t really complain there!)

Now that we have recapped on the evolution of WiFi – letโ€™s look at 802.11ax at a high-level overview of what’s new and improved:

802.11ax Whats new and improved
WiFi 6 – Whats new and improved

We know everyone is dying to see some techie stuff here, so there we go. Here comes our OneNote notes (forgive us not converting it to book style / essay / marketing leaflet formatting hehe). This is a mixture of knowledge gathered by listening to other ax podcasts (thanks CTS!), reading ax blogs (thanks David Coleman!) and our real world testing.

802.11ax OFDMA (mandatory UL & DL) – yes, the secret freaking sauce ๐Ÿ™‚

  • OFDMA operates in downlink OR uplink at any given time – adds a good amount of efficiency but doesn’t solve a half duplex nature of operation on a single AP
  • OFDMA in conjunction with BSS Coloring is a beast
  • Differences between OFDM and OFDMA
    • Number and size of the subcarriers
      • 4x times more subcarriers in OFDMA that we had in OFDM
      • 64 subcarriers in 20MHz channel in OFDM
        • 312.5 KHz wide
      • 256 subcarriers in 20MHz channel in OFDMA
        • 78.125 KHz wide
    • Symbol duration increased 4x in OFDMA
      • Transmission on a specific subcarrier over time
      • Guard interval is a time between each symbol transmission
      • Going from 3.2 microseconds with OFDM to 12.8 microseconds
  • Does OFDMA increase throughput when compared to OFDM? It doesn’t! Check ax MCS table showing absolutely no difference in rates with 802.11ax OFDM or OFDMA operation
    • OFDM uses 64 subcarriers, 12 GuardNull subcarriers = 18.75%
    • OFDMA uses 256 subcarriers. 22 GuardNull subcarriers = 8.5%.
    • It might suggest that OFDMA is more efficient as it has a higher percentage of tonnes carrying data, but when we also consider at least twice as long Guard Intervals used in ax (ac commonly used 0.4us, whereas ax uses 0.8us or more), it nicely balances out ๐Ÿ˜‰
  • OFDMA introduces narrower ‘baby channels’, and narrower channel = better SNR = better modulation scheme used for longer when you move farther away from the AP = happier clients and better general cell efficiency
  • Types
    • The smallest sub-channel is composed of 26 subcarriers.
    • Type of subcarriers:
      • Data subcarriers
        • Actual data
      • Pilot subcarriers
        • At least 2 per RU
        • Used to sync the comms
      • DC subcarriers
        • Direct Current
        • Approx centre frequency of the sub-channel
        • Can be easily seen in a FFT – dividing channel in half-ish
        • Depending on channel width and RUs, we can have from 3 to 7 DC subcarriers
      • Guard subcarriers
        • Located at the end of channel
      • Null subcarriers
        • Not located at the end of channel
    • RU structures
      • A 26-tone RU consists of 24 data subcarriers and 2 pilot subcarriers.
      • A 52-tone RU consists of 48 data subcarriers and 4 pilot subcarriers.
      • A 106-tone RU consists of 102 data subcarriers and 4 pilot subcarriers.
      • A 242-tone RU consists of 234 data subcarriers and 8 pilot subcarriers.
      • A 484-tone RU consists of 468 data subcarriers and 16 pilot subcarriers.
      • A 996-tone RU consists of 980 data subcarriers and 16 pilot subcarriers.
    • DC (Direct Current) subcarriers are used for the subcarriers located in the center of the channel. Depending on the channel width and the number of tone used, the number of DC subcarriers can vary (Ex: 3 or 7 for a 20MHz wide channel). Most of the time it will be 7 for the 20MHz and 80MHz wide channels and 5 for the 40MHz wide channels.
    • A 20MHz wide channels has 11 guard interval: the first 6 and the last 5 of the channel.

Easy, right? Let’s take a look at a simple diagram visualising main OFDMA concepts:

To make it even easier, this is how subcarriers look like. Not sure where Francois and Rowell at CTS have found it, but this is the best OFDMA Subcarriers structure on 20MHz channel we’ve seen so far:

Here are the diagrams extracted from the 802.11ax draft document detailing the structure of the subcarriers for each channel width using different RUs sizes:

Lastly, please see the full MCS table below. Take some time to digest it. It took us a moment to get it ๐Ÿ˜‰

Now, let’s switch our focus to BSS Colouring ๐Ÿ™‚

BSS Coloring (optional) – better take at CCI mitigation than RX-SOP

  • There is a threshold, where BSS Colouring might be used
    • Two APs on the same desk wouldn’t work – ‘crosstalk’ is too high – both consider medium as busy and contend for the airtime
    • Two APs in adjacent room would work – ‘crosstalk’ is ignored
  • BSS Colouring really fixes the CCI issues that RX-SOP attempted to fix
  • Multiple APs can operate on the same channel in the same area without adding to CCI
  • Where do you see BSS Colour
    • HE PHY > Ext Tag: HE Operation > BSS Color Information (see demo section below to see that in captures)
    • Found in beacon frames, association and re-association frames, probe responses, etc.
  • How does BSS Colours affect design
    • Design doesn’t change – still aim to limit CCI – think of legacy devices
  • AP can send BSS colour change announcement
    • If AP sees another AP one the same channel and same colour, it can decide to change colour
    • Action Frame
    • Similar to DFS channel move idea
    • Can clients report BSS / channel info back to the AP (check draft)?
  • First defined in in 802.11ah
  • Collision can still occur within a single colour area
    • Retransmission would happen as normal
  • BSSC will improve the SNR by lowering interference and decrease number of collisions
  • 63 colours / numbers available on every channel
  • Draft doesn’t say how vendors implement BSS Colouring

TWT is next on the list ๐Ÿ™‚

Target Wake Time – TWT (mandatory for APs, optional for clients)

  • WiFi 6 objectives from the draft
    • Increased efficiency without increasing power consumption
    • Improve power efficiency – TWT is the answer
    • TWT is used to help minimise contention between clients and reduce time the clients in saving mode is awake
  • AP in control of TWT scheduling
  • Introduced first in 802.11ah / HaLow
  • Aimed at IoT but hugely beneficial for mobiles and laptops
  • 3 modes of operation
    • Individual
      • Client is choosing when to wake up and go to sleep
      • Agreed with AP
      • Client can send its power schedule to the AP
      • AP receives that and has a final say
      • AP has to keep track of multiple TWT schedules for every device using it
    • Broadcast
      • Multicast and recurrent traffic mostly
    • Opportunistic Power Save
  • With TWT clients can sleep for as long as they want
    • A day, week, month etc.
    • Client can suggest its sleeping schedule to the AP
    • AP has a final say – can accept, reject or amend this schedule
    • AP must keep track of TWT schedules for all associated devices that are using it
  • On top power saving benefits, TWT reduces contention between clients

MU-MIMO (optional) – gimmick or not?

In short: MU-MIMO is used to allow multiple simultaneous AP <-> STA conversations on a single AP. Sounds great, but there are some conditions that must be met for MU-MIMO to work:

  • STAs must be on a different physical side of the AP
  • Data must be buffered to all the STAs at the same time – all STAs are transmitting OR receiving, never both at any given time
  • The frames AP have for everyone must be of a similar size
  • Client STAtions and APs must support MU-MIMO operation

When you think more about it, it adds even more complexity – we need more antennas on the AP for MU-MIMO to make sense. 4×4:3 (quite popular mix on the modern APs) would allow us to use 2×2:2 and 2×2:1 for example. Some vendors start packing the APs with 8×8 and it’s great for MU-MIMO, but how about AP power consumption? More antennas or more radios = increased power consumption, on both AP and the client side. 802.3at (30W) might no longer cut it and we’re not sure that having more antennas is worth upgrading switching infrastructure to support UPoE (Cisco, 60W) or 802.3bt (standard, 90W). Additionally, we are not aware of any clients supporting MU-MIMO in both directions.

Lastly, let’s take a look at the new modulation scheme!

1024 QAM (mandatory) – do you need to be ‘extremely’ close to the AP?

There is popular theory that 1024 QAM is a waste of time, as you need to literally place your device on the AP to achieve it. Is it true? Not necessarily! We’ve run some test (see ‘Demo’ later on in this blog) and maintained MCS 10 and 11 (both using 1024 QAM) while moving quite far away from the AP. Let’s come back to that in a sec.

Now, what is 1024 QAM and how would it change our lives? It’s just a faster modulation scheme. Iteration, not revolution, offering up to 20% gain in theoretical throughout (less in the real life). It’s still good to have. More throughout = less time spent using the airtime.

It makes even more sense when used with OFDMA and RUs – narrower ‘baby channels’ (RUs) would offer higher SNR than 20MHz OFDMA 242-tonnes or 20MHz OFDM, and therefore it would be easier to maintain 1024 QAM over even longer distances.

Let’s move to the APs. We wanted to cover and highlight some of the pre-standard APs that have been released and explain some of the wording + terminology used.

Cisco WiFi 6 WAPs:

Cisco WiFi 6 APs
Cisco WiFi 6 APs

Meraki WiFi 6 WAPs

Meraki WiFi 6 APs
Meraki WiFi 6 APs

Like us you might have been wondering what is the difference between certifiable and compatible? We reached out to our contacts at Cisco and got the following responses:

“There are some Wi-Fi 6 access points already on the market, targeted for early adopters and customers who are eager to test the new standard. The access points that are released early will be pre-standard APs because the standard will not yet have been ratified. This means key features that are part of Wi-Fi 6 may not be supported on some of these initial, pre-standard access points. However, when available, some of these access points will be able to become certified through software updates and Wi-Fi 6 features will be supported. This approach is similar to the introduction of prior generations such 802.11ac and 802.11n.

first iteration of 8×8 in the 9117 (incidentally the same as all other manufacturers with the same chipset) does not support OFDMA in UL, therefore, we are saying that this AP will be compatible with wifi6 from the WiFi alliance perspective – future versions of 8×8 APs will be certifiable. With the 9115 and 9120 we are confident that there will be no changes to the standard for those APโ€™s, so confident that they will be certifiable to WiFi Alliance WiFi 6″

A few things we want to make me clear here:

Certifiable = will be WiFi 6 compliant in the future with a software update

Compatible = follows draft but will not support all WiFi 6 features

OFDMA is a new WiFi 6 thing and it’s mandatory in both directions

No OFDMA = no WiFi 6 compliance

Ok we feel like we have recapped the evolution of WiFi, what’s new and improved in WiFi 6 and the difference in some of the WiFi 6 WAPs. Let’s move on to our testing & findings.

We finally got our hands on a WiFi 6 AP (Cisco Cat 9115 – thank you Cisco!) and 2 x WiFi 6 devices (Samsung s10e) and it was safe to say we were excited as they love anything to do with WiFi ๐Ÿ™‚

WiFi 6 testing time!

That’s what we used ๐Ÿ™‚ Cisco 9115 AP & 2x Samsung S10e:

Cisco Cat 9115 WiFi 6 APs and Samsung S10e's WiFi 6
Cisco Cat 9115 WiFi 6 APs and Samsung S10e’s WiFi 6

A very happy Mac & Matt, featuring 2 x Ekahau Sidekicks used for Spectrum Analysis and Packet Captures:

Matt & Mac Testing WiFi 6
Matt & Mac Testing WiFi 6

In this set up at Mac’s home productions network he currently has running a Cisco WLC3504 which was upgraded to AireOS 8.9 as this is the first version of software that supports WiFi 6 WAPs.

Cisco WLC 3504 on Cisco AireOS 8.9 code, 802.11ax configuration 1:

Cisco WLC 3504 on Cisco AireOS 8.9 code, 802.11ax configuration 1
Cisco WLC 3504 on Cisco AireOS 8.9 code, 802.11ax configuration pt 1

Cisco WLC 3504 802.11ax configuration 2:

o WLC 3504 802.11ax configuration 2
Cisco WLC 3504 on Cisco AireOS 8.9 code, 802.11ax configuration pt 2

Now that everything was configured correctly, we connected the two Samsung S10e’s to the Cisco 9115 AP and the little 6 logo now appeared next to the WiFi icon which we both thought was pretty cool and exciting! Mac couldn’t sleep for a week because of this over-excitement.

Samsung WiFi 6 Logo
Samsung WiFi 6 Logo

We decided to look at some wireless packet captures to see what was going on.

Cisco Cat 9115 AP beacon on 8.9 AireOS Code

Cisco Cat 9115 AP AireOS 8.9 PCAP 1
Cisco Cat 9115 AP AireOS 8.9 PCAP 1
Cisco Cat 9115 AP AireOS 8.9 PCAP 2
Cisco Cat 9115 AP AireOS 8.9 PCAP 2
Cisco Cat 9115 AP AireOS 8.9 PCAP 3
Cisco Cat 9115 AP AireOS 8.9 PCAP 3
Cisco Cat 9115 AP  AireOS 8.9 PCAP 4
Cisco Cat 9115 AP AireOS 8.9 PCAP 4
Cisco Cat 9115 AP AireOS 8.9 PCAP 5
Cisco Cat 9115 AP AireOS 8.9 PCAP 6
Cisco Cat 9115 AP AireOS 8.9 PCAP 6

As we can see above there is no support for UL & DL OFDMA, BSS Colouring, UL & DL MU-MIMO, 1024-QAM and TWT, meaning that no WiFi 6 features are supported on Cisco AP C9115 running 8.9 code!

We then moved to check our client’s ax capabilities ๐Ÿ™‚ We’ll be looking at probe request, as this gives us a clearer pic of what the client is really capable of. Looking at, in example, authentication or association request would show us client’s ‘response’ to the capabilities presented by the AP and client would most likely want to match them in its responses. So even if a client device supports more ax features, we probably wouldn’t see that in captures.

Samsung S10e Probe Request frame decodes

Samsung S10E PCAP 1
Samsung S10E PCAP 1
Samsung S10E PCAP 2
Samsung S10E PCAP 2
Samsung S10E PCAP 3
Samsung S10E PCAP 3
Samsung S10E PCAP 4
Samsung S10E PCAP 4
Samsung S10E PCAP 5
Samsung S10E PCAP 5
Samsung S10E PCAP 6
Samsung S10E PCAP 6

So, from what we could see here was that all the new features of WiFi 6 and what would make a wireless device WiFi 6, seemed to be not supported on neither the AP or either of the phones!

Now we take a look at the spectrum analysis of Xiaomi WiFi 5 device connect to WiFi 6 enabled wireless network connected to WiFi 6 Cisco Cat 9115 AP and run a nPerf speed test.

Xiaomi WiFi 5 phone:

Samsung WiFi 6 s10e:

We can clearly see both WiFi 5 & 6 devices associated with an ax AP use OFDM.

Bit confused like us that the WiFi 6 device looks to have a very similar spectrum pattern to the WiFi 5 device?

We decided to compare the beacon frame of some other vendor WAPs to see if anyone else was supporting any WiFi 6 Features yet:

Aerohive AP630 Beacon Frame decode

Aerohive AP630 Pcap 1
Aerohive AP630 Pcap 1
Aerohive AP630 Pcap 2
Aerohive AP630 Pcap 2
Aerohive AP630 Pcap 3
Aerohive AP630 Pcap 3
Aerohive AP630 Pcap 4
Aerohive AP630 Pcap 4
Aerohive AP630 Pcap 5
Aerohive AP630 Pcap 5

 We can see here the AP is using draft 3.0 and BSS Coloring is enabled as here says disabled: false

Aerohive AP630 Pcap 6
Aerohive AP630 Pcap 6

Engenius EWS357AP Beacon Frame decode

Engenius EWS357AP Pcap 1
Engenius EWS357AP Pcap 1
Engenius EWS357AP Pcap 2
Engenius EWS357AP Pcap 2
Engenius EWS357AP Pcap 3
Engenius EWS357AP Pcap 3
Engenius EWS357AP Pcap 4
Engenius EWS357AP Pcap 4
Engenius EWS357AP Pcap 5
Engenius EWS357AP Pcap 5
Engenius EWS357AP Pcap 6
Engenius EWS357AP Pcap 6

We can see here the AP is using draft 3.0 and BSS Coloring is enabled as here says disabled: false

Engenius EWS357AP Pcap 7
Engenius EWS357AP Pcap 7

Quick recap of what we’ve seen in above captures:

  • Cisco C9115 running 8.9 AireOS doesn’t support a single ax feature except MCS0-11 (10 and 11 suggest QAM 1024 support)
  • Aerohive (or shall we call it Extreme?) AP630 supports the same MCS0-11 rates and additionally supports BSS Coloring
  • Engenius EWS357AP also supports MCS0-11 rates and BSS Coloring only, but across 2 spatial streams (Cisco and Aerohive support 4SS)

We now wanted to cry (hehe) and we’ve reached out to Cisco with our findings. Cisco has confirmed that 8.9 AirOS code just provides support for the WiFi 6 WAP’s to join the WLC but no WiFi6 features – so they kindly added us to their Beta testing programme and gave us a copy of 8.10 which would turn on a couple of features of WiFi 6. Here is what’s now supported:

Cisco AireOS 8.10 BETA code supported features
Cisco AireOS 8.10 BETA code supported features

We’ve installed the Beta 8.10 Code on Mac’s production WLC3504 to his wife’s dissatisfaction and began testing again:

Cisco WLC3504 running AireOS 8.10
Cisco WLC3504 running AireOS 8.10

Checked to make sure what the Cisco Cat 9115 AP was supporting now – the below shows just loggs from the AP SSH showing that our secret features (most importantly OFDMA in both directions) should now be supported:

Cisco Cat 9115 AP AireOS 8.10
Cisco Cat 9115 AP AireOS 8.10

We’ve preformed some more wireless PCAPs, so now what features do we support that was not here before?

We have highlighted in blue everything that is still not supported from the previous screens shots in AireOS 8.9 and everything in red is what is now supported in AireOS 8.10.

Cisco Cat 9115 AP Beacon Frame decodes (running beta code 8.10)

Cisco Cat 9115 AP AireOS 8.10 PCAP 1
Cisco Cat 9115 AP AireOS 8.10 PCAP 1

Operating Mode (OM) Control Field is now supported! It allows STA to suspend participation for synchronized UL-OFDMA and contend for the medium for an independent uplink transmission.

Cisco Cat 9115 AP AireOS 8.10 PCAP 2
Cisco Cat 9115 AP AireOS 8.10 PCAP 2
Cisco Cat 9115 AP AireOS 8.10 PCAP 3
Cisco Cat 9115 AP AireOS 8.10 PCAP 3
Cisco Cat 9115 AP AireOS 8.10 PCAP 4
Cisco Cat 9115 AP AireOS 8.10 PCAP 4
Cisco Cat 9115 AP AireOS 8.10 PCAP 5
Cisco Cat 9115 AP AireOS 8.10 PCAP 5

1024 QAM for 242-tone RU (full 20MHz channel width) is also supported now! Our hopes are getting higher and higher ๐Ÿ™‚

Cisco Cat 9115 AP AireOS 8.10 PCAP 6
Cisco Cat 9115 AP AireOS 8.10 PCAP 6
Cisco Cat 9115 AP AireOS 8.10 PCAP 7
Cisco Cat 9115 AP AireOS 8.10 PCAP 7

And that’s it! Let’s quickly recap what should theoretically be supported, post upgrading our 8.9 AireOS to the new, cutting edge, breathtaking beta code version 8.10 ๐Ÿ™‚

MCS0-11 and OFDMA UL & DL are now supported on both Cisco C9115 AP and Samsung S10. Both devices use 802.11ax Draft 3.0 as a base. It’s looking promising on paper now ๐Ÿ™‚

We re-ran the same speed test and analysed the spectrum and compared the results of the Samsung S10e’s WiFi 6 vs Mac’s Xiaomi WiFi 5 device. Testing methodology didn’t change – we’ve associated one device at a time, there was completely no spectrum activity on our test channel 36, no neighbours, no interferences, very stable and low noise floor. This is what we’ve seen:

Xiaomi WiFi 5 phone (WLC running 8.10 beta):

No change here (as expected), still hitting 83%-ish in spectrum utilisation, using OFDM over 20MHz channel.

Samsung WiFi 6 s10e Test 1 (WLC running 8.10 beta):

Samsung WiFi 6 s10e Test 2 (WLC running 8.10 beta):

What’s happening on channel 36 here when running the speed tests on the Samsung s10!?

Look at Test 1. We can see that the channel is being split in half – clearly some secret sauce functionality of WiFi 6 is happening!

We’ve run multiple tests to make sure we’re not dreaming. On ‘Test 2’, client decides to use entire channel. But is OFDMA still in use? It appears it is! When you watch closely, you’ll see several ‘peaks’ inside channel 36. Those peaks look like 26-tones RUs. We are almost sure OFDMA is in use throughout both tests! Please note that in both tests spectrum utilisation peaked at around 70%.

There is one more question. Or even two ๐Ÿ™‚ Why would the same device decide to use half of the channel in one test, and entire channel in the other? Unfortunately, even after chatting about it with our Jedi Master, Peter MacKenzie, we didn’t get to a definite conclusion. Our best educated guess is that the device has decided (most likely using OFDMA Random Access – where the decision of RU allocation comes from a client) to use half of the channel to improve SNR and achieve MCS 11. Again, it’s just a guess. Let us know if you have better ideas about what happened there! ๐Ÿ™‚

Second question would be around the ax client (S10) utilising less spectrum than ac client (Xiaomi) during exactly same test. We know that our test, where we just looked at a spectrum utilisation, is not too scientific as the speedtest was capped by Mac’s Internet pipe (50Mbps) and we should really use local iperf server ideally to gauge real throughout gain in ax vs ac. We’ve run multiple tests (more than 10) throughout the day and the results were consistent – ax client (S10) was utilising approximately 15% spectrum than ac client (Xiaomi) while running nPerf.

Why would we see this improvement you ask? Great question!

Since OFDM (ac) and OFDMA (ax) really make no difference in terms of throughput for a single client, we suspected that our WiFi 5 and WiFi 6 devices were operating using different data rates.

We’ve picked up any random data packet transmitted by WiFi 5 device and realised it’s operating using MCS8, 2SS, 20MHz channel, ac and short guard interval. Data rate used was 173.3 Mbps and this is as fast as 2 Spatial Stream 802.11ac device can go over 20MHz channel.

Xiaomi MCS Index
Xiaomi Rates

Sweet, we now wanted to check the same on the WiFi 6 data captures. Wait, what data captures? Silly Ninjas. We’ve only got a 802.11ac capable packets capturing device (Ekahau Sidekick) and while we can see control frames coming from and to our beefy S10 and they’re send with a lowest mandatory BSS rates (in our test we’ve used 12Mbps mandatory, all lower disable, all higher supported), we won’t be able to see any data frames. Not a single one. None. Nada. But we know they’re there! Look at delta times after S10 has got a green light from the AP to send data (Clear-to-Send) – there is clearly something missing.

Samsung Omni Peak RTS CTS
S10 Captures with Data Frames missing

Since we couldn’t validate S10 data rates in captures, we had to rely on what the device itself was reporting back ๐Ÿ™‚ Again, not the most scientific test but we must go with what we have ๐Ÿ˜‰

We’ve used this opportunity to also check the max distance from an AP with Line-of-Sight to the S10. We’ve place the AP on the tripod, grabbed a laser tool and started moving away from the AP. With entire 20MHz used, we could maintain MCS11 (QAM 1024 5/6) over the first 6 metres. We would then drop to MCS10 (QAM 1024 3/4) when 7-10 away from the AP. We went as far from the AP as the garden allowed, and reached the wall (literally) being good 13 metres away from the AP, at which point we dropped to MCS 9 (QAM 256 5/6), which is still quite sweet.

S10 Data Rates

Max data rate achieved by S10 (286Mbps) was considerably higher than the data rate used by Xiaomi (173Mbps) and this is why we’ve seen lower spectrum utilisation while downloading 40MB file as part of our test.

See the MCS table below. We can see that both WiFi 5 and WiFi 6 test clients were operating at their highest achievable MCS rates. Our S10 devices were happily reaching MCS11, that is an ax rate. It all makes sense now. S10s were using either ax OFDM, 1024-QAM 5/6 with SGI at 2SS or ax OFDMA 24-tone RU 1024-QAM 5/6 SGI at 2SS. Either way, it’s impressive.

MCS Index table
MCS Index Table

To summarise, most of the ax features are still not entirely supported on both client and AP side but we can clearly see that software updates are bringing more and more WiFi 6 improvements. Within the last 2 weeks alone we’ve seen a juicy update from Cisco (8.10 beta) and it should be soon followed by a publicly available 8.10 AireOS version adding support for even more ax features like TWT and BSS Colouring (at which point Cisco should support all WiFi 6 enhancements!). We’ve had a Samsung S10 system update right after taking that phone out of the box. A week later (in between our 8.9 and 8.10 tests) we’ve had another S10 system update ready. Both listing ‘WiFi Improvement’ as the main feature in the changelog. Intel and the others started promoting their mobile WiFi 6 chipsets, that should find their way to consumer laptops later this year. See? 802.11ax aka WiFi 6 is indeed just behind the corner.

Samsung has started a good trend here packing ax radios into S10 line. AP vendors are super brave trying to implement new WiFi iteration before the standard is even ratified. And you know what? We should probably give those vendors a little credit. It must be challenging and expensive and without their vision and drive for innovation, we wouldn’t be adopting those new toys and big boys’ gadgets as quickly as we’re adopting them now.

Question we have been asked recently is would we upgrade to WiFi 6 APs right now – and our answer after all of the studying and real world testing is that probably yes – why not ๐Ÿ˜‰ At first you may just be getting a glorified WiFi 5 AP but it is still going to be a pretty good god damn WiFi 5 AP and when them software updates start coming and more support for the WiFi 6 features along with more WiFi 6 clients, we should see benefits all across the board.