field notes tools

Subway wi-fi

A new subway line has opened in Milan, the M4 connecting the city airport with the city center. It’s a driverless fully automated transport system.

The active section of M4 subway in Milan.

There’s a WPA2-Personal SSID in every station, powered by Cisco APs. No wi-fi in the tunnel between stations.

As usual, quick wi-fi analysis and packet capture done with my Analiti for Android app.

You can download the pcap file here.

field notes

Wi-fi at the cinema

At my local cinema, an Apple AirPort (possibly Extreme 802.11n) quietly keeps the show running. The pcapng was captured with Analiti on Android.

field notes troubleshooting

Bruker NMR interference?

I was called to discuss the installation of an access point in a chemistry research facility where a Nuclear Magnetic Resonance (NMR) spectrometer by Bruker is operating. It’s a model slightly smaller than the one pictured below.

Credits: Mike25. Source: Wikipedia

Researchers operating the laboratory were concerned about the signal from a wi-fi access point in the same room possibly interfering with the instrument. My concern was in turn that the NMR would interfere with the wi-fi operations, given the much higher energy in play in an NMR spectrometer.

Upon discussion with the lead researcher, it was ascertained that the spectrometer works with RF below 1 Ghz, mainly in the 400 Mhz range. According to Wikipedia, it operates in the 60-1000 Mhz range.

Interestingly, a spectrum analysis with Metageek Chanalizer in the lab showed a distinctive interference on 2.4 Ghz centered on channel 2 and a lesser signal on channel 1. The measure was taken from a fixed position at 3m from the spectrometer, while it was operating.

The signal on channel 2 has a high duty cycle with 95% at -50dBm in a 20 minute interval.

At -70 dBm the duty cycle on channel 1 was above 80%.

Moving away from the NMR into adjacent rooms, the interference weakened and wasno longer detectable. I was not able to identify the exact source of the interference, besides it being related to the Bruker device operations. The access point was moved out of the room into the corridor.


Passed the CWISA exam

Last Friday I did the Certified Wireless IoT Solutions Administrator (CWISA) exam. It’s a prerequisite on the CWNE path and the starting point of the CWNP IoT track. It’s a surprisingly easy exam that draws heavily from CWNA, with an additional high-level view of cellular and IoT protocols.

Because CWISA is a prerequisite for new and renewing CWNEs, the majority of real-world CWISA takers are wireless experts with several professional wi-fi certifications under their belt.

However, the CWISA certification and exam objectives are designed for an entry level audience. The official study guide is rich in easy introductions, wide preambles, repetitions of concepts, high level overviews and market consulting summaries. It’s not a thrilling read.

The exam is 60 questions with the usual 70% minimum pass score. It’s materially impossible for a CWNE level candidate to fail. A newcomer would find it engaging, but less complex and less taxing than CWNA.

CWISA-101 will be replaced by CWISA-102 in September 2022, which will probably improve some of the shortcomings. The professional certifications in the IoT certification track look really interesting and I will probably take it in the future.


Disable AP status light in Extreme CloudIQ

This is so stupid and still not so easy to find out: to turn off the LED of an AP in Extreme Networks CloudIQ, go to Manage > Devices, select your APs, click on Utilities > Tools > Locate your device.

You will be presented a dialog to switch-off the light or start a blinking pattern.

This feature is meant for troubleshooting and device location, when you are on-site and don’t know where a specific AP is. Just configure a blinking pattern on XcloudIQ and see which AP blinks.

If you place APs in hotel rooms, student dorms or home bedrooms, you MUST turn the LED light off. Otherwise, people will cover it with chewing gum, stickers, tampons or anything at hand.


The safety of Wi-Fi in Europe

In 2015 the European Commission has published a scientific opinion on the health impact of electromagnetic field exposure, via it’s Scientific Committee on Health, Environmental and Emerging Risks (SCHEER).

The Opinion was first published in 2009 and updated in 2015 in the final official version. It is an analysis of existing research on the health impact of a broad range of EMF, including those typical in WLAN technologies.

In case you are wondering: under the conditions dictated by the European regulatory domain, wi-fi is safe.

An easy to read fact-sheet (1 page pdf) is available, in a format and language accessible to non-specialists. An easy to navigate summary of the Opinion is also published, good for high level browsing and quick drill-downs. The full document is 218 pages and is freely downloadable from the EU Commission site.

This documents can be referenced in the WLAN policy documents of your organization. Users concerned about the health aspects of the coroporate WLAN should be directed to the policy, or to the original documents.


Towards wi-fi 6E in Italy

The approval of 6Ghz spectrum for wi-fi 6E use in Europe is governed by the European Commission decision 2021/1067/UE from 17 June 2021.

This Decision harmonises the conditions for the availability and efficient use of the 5945-6425 MHz frequency band for wireless access systems including radio local area networks (WAS/RLANs).

Commission Implementing Decision (EU) 2021/1067

By 1 December 2021 Euroean member states had to make available the 5.945-6.426 Ghz frequency band. The deadline expired and as of now, only the Netherlands have harmonized it (23 December 2021) and Ireland (11/1/2022).

Frequency band allocation in Italy is regulated by the Piano Nazionale di Ripartizione delle Frequenze (PNRF) from the Ministry of Economic Development. The latest PNRF is from 2018 and does not allow 6Ghz for WAS/RLAN.

An open consultatin on a new PNRF draft (which includes the 5.945-6.426 Ghz frequency band use) is underway with a deadline at 31 January 2022. The timetable after the consultation closes is not known.

It is possible that an updated PNRF will be published in the first months of 2022, opening up the 6Ghz frequency band in Italy and making wi-fi 6E possible in Italy.

I will follow the developments closely.


Notes from GARR Workshop 2021

Interesting wi-fi talks at GARR Workshop 2021 last November.

Paul Dekkers from SURFnet speaks about Eduroam, openroaming (Hotspot2.0 and Passpoint), CAT and the geteduroam app. Geteduroam has many advantages over CAT and will eventually supersede it. Slides and video.

GARR’s Pasquale Mandato presents eduroam usage data during the 2020/2021 pandemic in Italy, GARR’s self-service tools for Eduroam technical contacts in Italy, highlights and pitfalls of geteduroam, and the little known companion app. Slides and video of the talk (Italian).

Daniele Albrizio from University of Trieste analyzes the security of eduroam and the importance of using CAT for device onboarding. Communicating with the eduroam user base is crucial, and tough choices must be made, such as phasing-out support for older, obsolete client devices. Slides and video (Italian).



I passed CWAP-403 and CWDP-303 few days ago. It has been a very rewarding study, but long and tiresome. I rushed to take the certifications before my study guides and practice tests expired at the end of October, and passed at first attempt.

CWAP is hard. I used the 2011 Wiley CWAP Study Guide as a foundation, then Matthew Gast 802.11ac Survival Guide, and the official CWAP-403 Study Guide. I did many packet captures and analysis, but the most useful inspiration and motivation came from following the WLAN community.

The practice tests were very valuable to gauge my readiness and motivate me taking the exam at last.

CWDP is often overlooked as an easy certification, perhaps because many people take it when they’re already advanced in the WLAN learning path. I used CWDP study for taking guilt-free breaks during the preparation of CWAP and it worked well for both certifications in the end.

I used the official Study Guide and the practice tests, but the real factor in passing this exam was the experience built up in my job as WLAN administrator and designer at my university.

Now I’m looking forward what to do next. On the cert/study line, an IoT exam like CWISA. Writing more on the blog, and giving back to the WLAN community, maybe by doing something local here in Europe/Italy.


Validating DFS in Extreme AP410C

Following my previous post on DFS, I’m testing a modern Extreme Networks AP410C with the Wifimetrix tool.

AP410C is a new cloud managed wi-fi 6 access point evolved from the Aerohive product line, now acquired by Extreme. Tested model: AP410C Rev: F, OS (10.1r3).

As usual, the AP is on a DFS channel, Wifimetrix sends a simulated radar wave, and the packet capture is analyzed.

Test: channel switch

After detecting a simulated radar signal, the AP does not send a channel Switch Announcement action frame. It sends a beacon frame containing a Channel Switch Announcement information element with channel switch mode 1 (clients are not allowed to transmit during the switch), destination channel, count 8 (AP will switch after the 8th beacon is transmitted), last transmitted beacon count 1 (AP switching immediately before the next TBTT). This behavior is consistent, either with and without client stations associated to the AP.

AP410C on channel 52 detects a radar and sends CSA in beacons. It then switches to channel 64. See pcap for details.
Channel Switch Announcement IE in the beacon.

Test: channel switch-back

The switch back to the original DFS channel happens after about 30 minutes and does not use any Channel Switch Announcement to inform the associated stations of the new channel.

AP410C on channel 64 switches back to channel 52. See pcap for details.
AP410C on channel 48 switches back to channel 52. There are no CSA action frames nor CSA IE in beacons. See pcap for details.

I observed that when stations are associated to the AP, they keep transmitting on the same channel after the switchback, sending probes, retries, and eventually disassociating. I had a Windows10 laptop and an iPhone associated and streaming video (Youtube), both lost connectivity and did not reconnect to the original channel. Zero-wait DFS was enabled on the AP.

Impact assessment of channel switch

With AP410C it takes about 918ms (9 TBTT) from an initial radar detection to the move to a new channel, during which clients are not allowed to transmit (mode 1). This is way more that the maximum 150ms roaming hand-off time required for VoWiFi. I can figure out 2 scenarios:

  • The client station remains associated to the AP, the voice call will suffer degradation during the channel switch.
  • The client station decides to roam away to another AP, therefore voice calls and videoconferencing are not disrupted (provided FT is enabled or PSK is used).

Which of the two scenarios is more likely depends on the roaming decisions made by the client (if roaming is feasible at all, that is).

The disruption from a radar-induced DFS event is noticeable, but very limited and quickly recovered.

Impact of channel switch-back

After a defined amount of time on the new channel, the AP switches back to the original DFS channel without any announcement to the associated stations. There are two scenarios that come to my mind:

  • The AP implements Zero-wait DFS or a similar mechanism: a client station on the channel fails to receive frames from the AP (beacons, ACKs) and either:
    • somehow it discovers the AP on the new channel and moves, keeping the original association;
    • or it roams to another AP.
  • The AP performs a Channel Availability Check (CAC) before transmitting, the client station roams to another AP.

It is unclear to me how long the roaming will take, considering the time spent by the station sending retry frames, probes, listening to beacons on different channels. I tested an SSID on a single AP and experienced complete loss of connectivity.

My personal impression is that the channel switch back is even more disruptive to service than the initial radar-triggered channel switch. Where CAC is performed (without Zero-wait DFS mechanisms), service from the original AP is disrupted for 30 seconds or more.

Final thoughts

Mitigating the impact of DFS events seems to focus on roaming. Careful roaming design is called for, including secondary converage, 802.11k (which should be enabled anyway if DFS channels are used), Fast Transition and 802.11v.