Download the Playbooks

Second, I wanted to provide a few of the research papers I cited in the webinar. Here are the links to those:

AutoTSG: Learning and Synthesis for Incident Troubleshooting

Nissist: An Incident Mitigation Copilot based on Troubleshooting Guides

Problem-Solving and Tool Use in Office Work: The Potential of Electronic Performance Support Systems to Promote Employee Performance and Learning

Use of a Surgical Safety Checklist to Reduce Morbidity and Mortality

Emergency Airway Management: A Systematic Review on the Effectiveness of Cognitive Aids in Improving Outcomes and Provider Performance

Generating Structured Plan Representation of Procedures with LLMs

Mining Procedures from Technical Support Documents

Factors Associated with the Use of Cognitive Aids in Operating Room Crises

CACAO Security Playbooks version 2.0

Thanks for attending this month's webinar (which is archived here) and I'll see you next month.

Tom

False. It is commonly assumed that if an AP is improperly installed too close to metal, that the main reason for it performing poorly is due to multi-path. Although it is true multi-path will likely occur and cause a degradation of performance, something more sinister is occurring.

The bigger issue is the distortion of the radiation pattern itself. When an AP is too close to metal (in particular, less than one wavelength), coupling can occur with the metal and antenna, causing the metal to act as part of the antenna system itself. When this happens, you can basically throw the AP's Azimuth (horizontal) and Elevation (vertical) charts out the window. This close proximity from the antenna is referred to as the "near field".

Near Field vs. Far Field

The boundary between the near field and the far field isn't a sharp line, but it's typically considered to be within one wavelength (λ) of an electromagnetic source, with the far-field starting at roughly two wavelengths away (or greater) (https://en.wikipedia.org/wiki/Near_and_far_field).

Using the Yagi antenna design as an example to better explain this

Yagi antennas use near field resonating elements at calculated distances to create a directional effect. The spacing is crucial for best performance. The figure below is an example of an 5 element 440MHz antenna. The D.E (driven element) is ½ wavelength (effectively a dipole), while the reflector is slightly larger and "director" elements slightly smaller than the driven element (additional director elements become progressively smaller and smaller) at precise distances from each other. You can play around with this "Yagi calculator" using the source link below. The main takeaway that I want you to notice is how critical these precise distance values are (down to a 32nd of an inch).

Source: https://k7mem.com/Ant_Yagi_VHF_Quick.html

Now imagine putting some random non-resonant length of metal at some random distance from these elements. It would completely ruin the design intention and performance of this antenna. The same thing would occur with a dipole antenna. A dipole in a sense is just a "one element Yagi".

Another thing worth mentioning is that when placing a Wi-Fi access point very close to metal is that it will also likely cause a very high SWR (Standing Wave Ratio). This happens for the same reason - because the metal is in the near-field of the AP's antenna. This nearby metal is not going to be resonant at the design frequency of the actual antenna (such as 2.40-2.50GHz or 5.15-5.90GHz etc.).

This detuning means that the power transfer from transmitter to antenna will no longer be efficient. A lot of the power instead of being transmitted out the antenna will instead be reflected back towards the transmitter. https://menacerc.co.uk/vswr-return-loss-vs-power-transmitted

Antennas are designed to have a specific impedance, typically 50 ohms for Wi-Fi, to match the transmitter's output and the coaxial cable connecting them. When an antenna is placed near a large metal object, the metal acts as a reflector and can alter the antenna's electrical properties. This change in properties is known as detuning and it effectively changes the antenna's impedance.

This impedance mismatch causes a portion of the transmitted signal to be reflected back down the transmission line, which directly leads to a high SWR reading. This reflected power is not only wasted but can also cause the access point's components to overheat and, in some cases, even fail over time.

In short, putting a Wi-Fi access point too close to metal fundamentally changes how its antenna functions, creating an impedance mismatch that is measured as a high SWR and skewing the intended radiation pattern. This should be the real reason why network professionals recommend mounting access points away from large metal surfaces.

Myth #12 – The Fresnel Zone Must Be Clear

False. The Fresnel zone is not an on/off switch in that if you don't have the Frensel zone clear (or at least 60% clear), you won't have a link. Or if there is a link, it will be very poor or not work well.

If this were truly the case, how would indoor Wi-Fi work at all? Think about it. Most, if not nearly all indoor 2.4,5,and 6GHz wireless networks are NLOS. Most of the time there are walls and objects between the client device and AP. In this NLOS scenario, the entire Frensel zone is fully obstructed, yet it still works. So yes, a Wi-Fi link can still work, but performance (speed, stability, range) will be degraded significantly. For very short links like indoor Wi-Fi, it mostly lives outside the Fresnel zone.

For farther PtP/PtMP links, there is a larger amount of attenuation from FSPL (free space path loss). This large loss makes these farther links unable to handle any additional attenuation (i.e. from a blocked direct path). Unlike in an indoor short range scenario, where FSPL hasn't hit as hard yet, there is still enough signal to handle the obstruction attenuation and penalty of not being in "the Fresnel Zone".

Myth #13 – 2.4GHz, 5GHz, and 6GHz Signals Are Attenuated By Rain

It's actually true! So why would I say it's a myth then?

Because the attenuation is so small, it should not be taken into any consideration for links less than typically 10km. It only even starts to become an issue at frequencies 10GHz and up combined with distances greater than 10km. Certainly, a non-issue for any on-premise outdoor Wi-Fi networking.

Here's some numbers assuming 25mm (1in.) per hour of rainfall:

Fig.3 source: http://linklab.landseaskyspace.com/rain.html

It is generally accepted in the wireless community that rain needs to be taken into consideration for PtP links using frequencies 10GHz and up or in rare cases, very far 5GHz links. It's never a factor for an on premise 2.4GHz/5/6GHz Wi-Fi network, even if several hundred meter bridge links are in the mix. It just isn't enough to matter.

As you can see though for 60GHz, rain is a huge factor! This is why you'll see many 60GHz manufacturers provide a secondary sub-10GHz failover radio such as 5GHz (albeit at a lower throughput) but at least still up to provide service.

Myth #14 – There is Very Little Signal Outside of an Antenna's Radiation Pattern.

False. I see this commonly. We get hung up on radiation patterns with the idea that if we are just outside an antenna's radiation pattern, the signal will be terrible. An application that comes to mind is warehouse installations. There seems to be a huge emphasis on the idea that if the AP is mounted up high, it must have down-tilt or be designed specifically for this application or the signal will be RF shadowed directly below it and hardly work at all. But what is overlooked is the advantage of sheer proximity. While it is true, the closer you get to the AP, the more you will be under the radiation pattern – but you are also at the same time – GETTING CLOSER. If you are only a few feet away from the AP, directly below it, even with a huge 30dB null, you may still find yourself still with a good signal. And as you walk further away, although the FSPL is increasing, you are also working your way back into the antenna pattern.

I still recommend using an antenna for the application though! It will certainly perform better if you do! My point is that it isn't as much of a factor as it is led out to be. Many times, it will still work and additionally, if high performance is not a requirement, it can likely still work just fine.

Myth #15 – 2.4GHz Should Always Be Avoided.

False. In fact, 2.4GHz is vastly superior over 5 and 6GHz when it comes to range and signal penetration through obstructions. There is a 6 to 7dB advantage in the FSPL alone. Combining FSPL with reduced obstruction attenuation, this typically results in a 10+dB signal advantage in most indoor deployments. There are many excellent use cases for 2.4GHz. Specifically non-latency sensitive, non-bandwidth intensive devices that require longer range. Such examples are IoT devices such as a thermostat, pool controller, or a sprinkler controller. A sprinkler controller is often installed on the outside perimeter of a home, at the far end of where an access point / home router would be. And it needs just kilobits of data and is not dependent on any real time data delivery.

1. RAID: Root Cause Anomaly Identification and Diagnosis

As wireless professionals, we're all familiar with the challenge: your monitoring system alerts you that something's wrong with network performance, but figuring out why can take hours of packet capture analysis. A new research project called RAID (Root cause Anomaly Identification and Diagnosis) is tackling this problem head-on using machine learning.​​

What is RAID?
RAID is both a dataset and a methodology developed by researchers at Université de Lorraine, CNRS, Inria, LORIA, and Orange Innovation. Unlike traditional anomaly detection that just tells you "something's broken," RAID identifies the specific root cause of network impairments.​

Key capabilities:

• Detects network anomalies using contrastive learning
• Classifies specific impairment types (interference, hidden nodes, excessive retransmissions)
• Provides actionable diagnostic information for troubleshooting
• Uses real-world labeled wireless network data​

Resources:

• RAID Paper: hal.science/hal-05219367v1
• GitHub Repository: github.com/joelromanky/raid

2. Learning with LLMs: Research Proves What We Thought

For years at CWNP, we've advocated for experiential, hands-on learning over passive consumption of information. Now, emerging research on Large Language Models (LLMs) in education is validating what effective instructors have known all along: how you learn matters just as much as what you learn.​​

What the Research Shows
Multiple studies from 2024-2025 are demonstrating that LLMs, when used correctly, can significantly enhance learning outcomes by reducing cognitive load and providing adaptive scaffolding.​

Key findings:

• LLM-based scaffolding substantially improves student performance when properly guided​
• Students experience reduced cognitive load while maintaining higher retention​
• Interactive dialogue with LLMs produces better outcomes than passive use​
• The "leapfrogging effect" suggests LLMs can serve as permanent learning scaffolds when integrated thoughtfully​
• Prompting strategies and interaction approaches directly impact learning effectiveness​

Research Resources:

• Impact of Guidance and Interaction Strategies: arxiv.org/pdf/2310.13712v3
• Leapfrogging Effect Hypothesis: papers.ssrn.com/sol3/papers.cfm?abstract_id=5230565
• Dialogic Pedagogy for LLMs: arxiv.org/pdf/2506.19484v1
• LLM-Based Scaffolding Impact: hal.science/hal-05294878v1
• LLM Prompting on Students' Learning: mdpi.com/2813-4346/4/3/31

3. Building Wi-Fi Admin Apps in Gemini: Sneak-Peek of Friday's Webinar

As wireless professionals, we're constantly juggling complex requirements, validating designs, and generating documentation. We recently explored how Gemini's AI capabilities could streamline these workflows by building custom HTML applications that run directly within the Gemini environment.

What We Built
We developed two interconnected tools specifically for wireless network administrators:

• Requirements Tracker - Full-featured management system with hierarchical organization (Project → Requirement Sets → Individual Requirements), IEEE 29148-2018 compliance, and real-time editing.
• Requirements Dashboard - Visual overview providing quick-reference interface for stakeholder reviews with clean, professional presentation.

4. News Rundown

• Samsung Faces $445.5 Million Patent Infringement Verdict for Wireless Tech
• TP-Link Achieves First Wi-Fi 8 Connection in Breakthrough Test
• Verizon Nationwide Outage Exposes Wireless Infrastructure Vulnerabilities
• Neutral Host Indoor 5G and Wi-Fi 7 Demonstrations Show Convergence of Enterprise Wireless

5. Featured Podcast of the Month

Heavy Wireless Podcast: Deep technical dives into Wi-Fi, wireless tools, and certifications, hosted by Keith Parsons (CWNE #3). Covers design, standards, and testing with a practical, engineer-first perspective.

1. Using LLMs Day-to-Day as a Network Professional

Practical Uses

• Drafting configs (Cisco IOS, Juniper, Arista, AWS CLI).
• Creating your process to include LLMs, not to replace you as the admin
• Translating vendor documentation into step-by-step instructions.
• Making documentation relevant to your organization.
• Creating a RAG so you can template more effectively
• Ability to personalize to each department
• Automating repetitive tasks: regex for logs, parsing show commands.
• Is sending all your information to the Cisco DNA center our best bet, or can we do this on a budget? What would our baseline look like?
• Writing "explain like I'm 5" versions for junior team training.
• Getting complex information from your senior admins so they can focus on more complex tasks

Benefits

• Faster troubleshooting (summarizing logs, error messages).
• Telemetry logs can filter noise out
• More opportunities to attempt new processes
• Documentation support (generate topology diagrams, markdown).
• Agents that can work alongside and adjust in real time
• Do not need to be an expert at diagramming software
• Scenario testing (mock interview questions, practice labs).
• Skill up yourself and your team on new technology and procedures

Cautions

• Hallucinations: LLMs may invent commands or configs.
• LLMs are trained to never admit that they don't know but to guess
• Security: Never paste proprietary configs or sensitive IPs.
• Dependence: Still need to validate against official docs.

Resources

1. Config Generation / Translating Requirements → Device Configs

https://dejankosticgithub.github.io/documents/publications/netconfeval-conext24.pdf

https://research.redhat.com/blog/article/can-llms-facilitate-network-configuration/

2. Troubleshooting / Diagnostics / Interpreting Output & Logs

https://blog.apnic.net/2025/04/16/level-up-your-network-engineering-skills-with-llms/

https://blog.christianposta.com/ai/a-gentle-introduction-to-llms-for-platform-engineers/

3. Documentation / Simplifying & Summarizing Configs

https://networklessons.com/cisco/ccna-200-301/ai-and-ml-in-networking

https://networkphil.com/2024/10/29/beginners-guide-for-using-large-language-models-in-network-operations/

4. Research / Surveys of Broad Use Cases

https://arxiv.org/abs/2311.17474

https://arxiv.org/html/2404.12901v1

2. Gaps in Education

What traditional education misses:

• Real-world troubleshooting (packet captures, outages, system configuration).
• Labing
• Git repos
• Portfolio building to future-proof your career.
• Documentation discipline (nobody teaches Visio/Markdown well).
• Practicing, documenting and refining your processes as you learn
• Rule of 3: go all the way through, review, and refine. Make it work, make it right, and make it fast.
• Vendor diversity (school teaches Cisco, reality is multi-vendor).
• How do we get to the core principles of engineering while mixing with vendors?
• How do we curate proper baseline tech principles
• Business context: Aligning tech with ROI.
• Everyone gets silo'd but if you can think in a change cost time value equating to dollars and cents, from a business standpoint, it will have greater impact on learning.

Skills learned on the job:

• Reading RFCs and vendor-specific quirks.
• Soft skills: breaking bad news, writing emails non-techs understand.
• Security mindset: logs, SIEM, incident response.

Why it matters:

• Hiring managers value problem-solvers more than textbook memorization.
• Certifications often fill gaps (Certs vs college degree).

Resources

Understanding the Digital Divide

"The digital divide in education is the gap between those with sufficient knowledge of and access to technology and those without, according to the ACT Center for Equity in Learning. To examine the divide requires looking at who can connect to what and how they do so. For example, a student who has multiple laptops in their home and has access to high-speed broadband likely will have better educational success than someone who has one computer to share with their entire family and only has dial-up internet access."

Use of Technology in Education: How is it Bridging the Educational Gap?

"Artificial Intelligence is redefining education with its ability to create highly personalized learning experiences. AI-driven systems analyze data from students' interactions with educational content, identifying their strengths and areas for improvement."

How universities are responding to the tech skills gap

"grounded in a way that we're still teaching the fundamentals because we want to educate students that are going to be high-caliber employees 20 to 30 years from now, and not just two years from now. That's our mission."

3. Fun Certification Ideas

Industry needs comic relief:

• CBNB (Certified Bad News Breaker) → delivering outage updates.
• CCG (Certified Confusion Generator) → endless acronyms in meetings.
• CWWSP (Certified Work Without Sleep Professional) → 2am maintenance windows.
• CMEC (Certified Meme Engineer in Cybersecurity) → can only communicate with memes in Slack.
• CGA (Certified Google Artist) → Use real-time drawing applications to engage and maintain people's attention

Resources

XKCD comics on sysadmin

XKCD Wifi

4. News Rundown

1. WiFi signals can measure heart rate — no wearables needed (UC Santa Cruz)

https://news.ucsc.edu/2025/09/pulse-fi-wifi-heart-rate

High-Level Summary:
Researchers at UC Santa Cruz created "Pulse-Fi," a system that uses standard WiFi signals and low-cost devices (ESP32, Raspberry Pi) to measure human heart rate with high accuracy, no wearables required.

Why It Matters:
For everyday engineers, this highlights non-traditional uses of WiFi beyond connectivity. It raises questions around spectrum use, privacy, and the expanding role of wireless in healthcare and IoT. CWNP pros may see use cases cross into medical, smart home, or safety certifications.

Actionable Takeaway:
Stay aware of research projects that could influence regulatory or customer concerns. Be prepared to explain WiFi's role in non-connectivity applications — both opportunities and risks — when talking to clients or leadership.

2. Cisco's Lower Prices Drive Wi-Fi 7 Surge (Dell'Oro Group)

delloro.com

High-Level Summary:
Cisco's decision to lower prices on WiFi 7 APs has fueled ~16% YoY growth in enterprise WLAN, especially in North America. Vendors like Ubiquiti and CommScope are also growing fast.

Why It Matters:
For practitioners, this means WiFi 7 adoption may happen faster than expected. Network pros will face mixed environments (WiFi 6E + WiFi 7) and increased demand for AI-enhanced features and cloud-managed platforms. This can influence CWNP exams that emphasize new standards and management approaches.

Actionable Takeaway:
Brush up on WiFi 7 features, AI-driven WLAN management, and cloud vs on-prem trade-offs. Expect real-world projects to blend generations, so interoperability testing and troubleshooting will be critical skills.

3. New Dangers on Public Wi-Fi

rd.com

High-Level Summary:
A new wave of exploits targets public WiFi hotspots that lack modern protections, reminding us of the persistent risks in open wireless networks.

Why It Matters:
CWNP professionals often advise on WLAN security. This reinforces the importance of WPA3, client isolation, and secure onboarding practices. It also frames public WiFi as a reputational risk for organizations offering "guest WiFi" without robust controls.

Actionable Takeaway:
Audit any public or guest WiFi you manage. Push for WPA3 where possible, enforce secure transport (VPN, 802.1X), and educate end users. For certifications, tie this back to wireless security domains (CWSP).

4. Indoor Mid-Band Sharing: Neutral-Host vs WiFi vs Cellular (arXiv study)

arxiv.org

High-Level Summary:
A study compared indoor performance of neutral-host networks (shared spectrum like CBRS), macro cellular, and WiFi 6. Neutral-host deployments offered stronger coverage with fewer devices, but WiFi still had advantages in throughput and flexibility.

Why It Matters:
For engineers, this shows how spectrum sharing and neutral-host solutions could disrupt traditional WiFi-only indoor strategies. CWNP professionals will need to consider hybrid environments where WiFi coexists with CBRS or private LTE/5G.

Actionable Takeaway:
Stay current on CBRS and neutral-host models. If you're in enterprise design roles, start learning how to evaluate hybrid deployments. For CWDP/CWIDP candidates, expect design scenarios that go beyond WiFi alone.

Myth #6 – More antenna gain is better.

False. Gain comes from reshaping the signal to favor one area while taking away signal from others with the sum of power of all the directions in total staying the same. The greater the gain, the greater the imbalance and the more gain you have, the more potential places there are for dead zones. So no, gain is not always better. In fact, in many cases, less gain is preferred (see fig.1)

To emphasize the point, let's rephrase: "In many cases, less gain is preferred".

• In many cases, less directionality is preferred.
• In many cases, a more uniform signal in all directions is preferred.
• In many cases, having fewer dead zones is preferred.
• In many cases, signal not going much further beyond the desired coverage area is preferred.
• In many cases, more equal distribution along the horizontal and vertical planes is preferred.

A low gain dipole antenna can yield better performance where both horizontal and vertical coverage are required. For most indoor wireless networks, this is typically the case.

Myth #7 – Higher frequencies are worse for RF exposure

False. I believe this misunderstanding comes from ionizing vs. non-ionizing radiation and if you go high enough in frequency, that is, in the X-ray and Gamma-ray frequency range, it does become ionizing and extremely dangerous. This is where your electrons are literally stripped off your atoms! But radio waves (3kHz-300GHz) are much lower in frequency and therefore so much lower in energy that it isn't even close to enough energy to do anything like that. Thus, radio waves are grouped as non-ionizing type radiation.
So, we know radio waves are non-ionizing (thank goodness) but there is still the S.A.R. (specific absorption rate) (the heating effect) to worry about. If you are around very high power and/or are in very close proximity to transmitters, this can be an issue - but the worst frequency is not what you'd expect. The worst frequencies for humans are actually between 30-300MHz!

Here is a paragraph from an FCC document covering RF safety:

The quantity used to measure the rate at which RF energy is actually absorbed in a body is called the "Specific Absorption Rate" or "SAR." It is usually expressed in units of watts per kilogram (W/kg) or milliwatts per gram (mW/g). In the case of exposure of the whole body, a standing ungrounded human adult absorbs RF energy at a maximum rate when the frequency of the RF radiation is in the range of about 70 MHz. This means that the "whole-body" SAR is at a maximum under these conditions. Because of this "resonance" phenomenon and consideration of children and grounded adults, RF safety standards are generally most restrictive in the frequency range of about 30 to 300 MHz.

Source: https://www.fcc.gov/engineering-technology/electromagnetic-compatibility-division/radio-frequency-safety/faq/rf-safety

Myth #8 – Increasing power by 6dB will double distance.

False. This is only true in open space and with no obstructions. Most Wi-Fi networks are not in open space and with no obstructions. If you consider FSPL + additional attenuation from walls and objects, then to get a 2x distance, it is typically 10-12dB or more.

Example: Increase distance indoors from 10 meters to 20 meters (a 2x distance). Indoors this additional distance typically means going through at least one or two more walls and even more other possible obstructions. And just like FSPL is lower at lower frequencies, so is obstruction attenuation. This means the FSPL + obstruction attenuation is even greater at higher frequencies. The result is 5 and 6GHz frequencies will have an even greater amount of total attenuation than 2.4GHz. Keep this very important aspect in mind when designing your Wi-Fi networks! Also, don't forget RF coverage is a 3-dimensional thing.

Myth #9 – 5GHz is faster than 2.4GHz because there are more wave cycles in 5GHz.

False. If that were true, then:

1. Why are both 802.11a and 802.11g speeds the same 54mbps? 
2. If increasing the frequency itself increased the data rate, then wouldn't channel 11 be slightly faster than channel 1 in 2.4GHz, and channel 165 slightly faster than channel 36 in 5GHz?

But there really are more "phase change opportunities" in the same amount of time with 5GHz so why isn't it faster?

The reason is because we are confusing the carrier frequency with symbol frequency. The RF carrier frequency that symbols are transmitted on is not important. It's the symbol rate per second that matters.

Along with the frequency rate of the symbols, there are a few other factors that determine overall data-rate (below).

Data rate comprises of the following variables:

1. Modulation rate (symbol complexity / how many bits in each symbol) = the "QAM"
2. Error correction ratio (total bits sent divided by FEC ratio) = final actual data bits
3. How many symbols are sent at the same time (subcarriers / data sent in parallel)
4. The rate at which symbols are sent (how many symbols per second / the frequency)

Fig.2 Courtesy: https://helpfiles.keysight.com/csg/89600B/Webhelp/Subsystems/wlan-ofdm/content/ofdm_80211-overview.htm

Let's look at 802.11a and 802.11g in more detail and what matters for Data Rate

1. The maximum modulation complexity of 802.11a and 802.11g is 64QAM (for 54mbps). 64QAM means 64 different phase and magnitude possibilities which is 6 bits of data. This is called a symbol (or constellation point).
2. At 54mbps, there is a forward error correction (FEC) ratio of ¾ so the 6 bits of data is reduced down to 4.5 bits.
3. Each one of these 64QAM 6-bit symbols will be transmitted on one subcarrier each. OFDM uses multiple subcarriers. With a 20MHz 802.11a and 802.11g signal, there are 48 data subcarriers. So, if each subcarrier carries one of these 64QAM 6-bit symbols and there are 48 subcarriers, this effectively means there are 48 6-bit symbols being transmitted in parallel. In a way, it's like having 48 separate channels and 48 separate receivers, each carrying their own 6 bit symbol of data.
4. How many of these 48 symbols in parallel are sent per second? For 802.11a and 802.11g, one every 4us (3.2us + 0.8us guard interval). 4us = 250,000 per sec.

Calculating the 802.11a and 802.11g data rate

Notice that where this subcarrier is transmitted (what frequency it uses) is nowhere part of the calculation.

I'll give you that 20MHz of RF spectrum is needed due to the subcarriers, their spacing, as shown in Fig.2 but this can happen pretty much anywhere in the entire RF spectrum whether that it be between 10MHz-30MHz, 902-922MHz, 2.45-2.47GHz, or 60.02 to 60.04GHz etc.

To hit this home further, if you were to receive each subcarrier individually. Imagine all 48 subcarriers were spaced in random spots on RF spectrum. One at 10.000MHz, another at 55.000MHz, another at 905.500MHz etc. As long as they were all "collected" by the receiver, the data rate would be the same. Of course, receiving them that way wouldn't be practical but the main point is that the center transmit frequency of each of these subcarriers does not matter, instead it is the frequency of the symbols plus the three other variables mentioned (number of symbols in parallel via multiple subcarriers, the modulation complexity, and error correction overhead) and not carrier frequency itself.

Myth #10 – 60GHz cannot go through walls or is 100% purely LOS.

False. 60GHz is still RF. It still has the same fundamental characteristics as do lower frequencies. Meaning the link budget calculation still applies. It's just that the FSPL + object attenuation values are much higher. But with short distances and a high EIRP, you can still get through some pretty high attenuation material.
In fact, there is a company – Airvine, based in Irvine, CA, United States that specializes in this very thing.

Fig.3 Courtesy: https://cousides.sirv.com/collateral/Airvine-Getting-Started-Guide-Wave-Tunnel.pdf

With one interior wall and 10 feet of distance, the high gain directional beam forming antennas work together to create a "PtP" indoor link of a very good -52dBm signal despite having to go through a wall, with plenty of SNR to support over 1gbps.

Quantum computing is based on physical principles radically different from those of classical computing. In a traditional computer, information is represented by bits, which can only take two states: 0 or 1. Quantum computers, on the other hand, manipulate qubits, which can be in a superposition of states — 0 and 1 at the same time with certain probabilities. Added to this is quantum entanglement, a phenomenon by which several qubits can become correlated in such a way that the state of one instantly influences the state of the other, even when separated by large distances. Thanks to these properties, a quantum computer can explore many possibilities simultaneously, whereas a classical computer must process them one at a time. This massive parallelism does not provide a universal speed-up, but it completely changes the game for certain fundamental mathematical problems... including those on which Wi-Fi encryption relies today.

WPA2 and WPA3 protocols rely on two main families of algorithms: asymmetric algorithms (RSA, elliptic curves/ECC) used for authentication and key exchange, and symmetric algorithms (AES) used to encrypt traffic once the key is established. The former owe their robustness to the difficulty of problems such as factoring large integers or computing discrete logarithms — tasks currently beyond the reach of even the most powerful supercomputers. The latter rely on the size of the key space to be explored in a brute-force attack. But these certainties are now shaken by the emergence of two major quantum algorithms: Shor and Grover.

Shor's Algorithm:

Developed in 1994 by mathematician Peter Shor, this algorithm caused a seismic shock in the cryptographic community. Its strength lies in its ability to solve, on a quantum computer, two problems considered extremely difficult for classical machines: factoring large integers and computing the discrete logarithm. The principle is based on the use of the quantum Fourier transform to detect the period of a mathematical function carefully constructed from the original problem. Once this period is identified, it becomes possible to quickly derive the prime factors of a large number or the exponent of a discrete logarithm. Where a classical computer would require exponential time, a quantum computer using Shor's algorithm can achieve this in polynomial time — changing everything. The consequences for Wi-Fi are direct. RSA, still present in certain WPA2-Enterprise implementations (TLS authentication), and ECC, at the heart of Diffie-Hellman exchanges in WPA3-SAE or OWE, would be completely broken by Shor.

Grover's Algorithm:

Two years later, in 1996, physicist Lov Grover developed another algorithm that, without destroying symmetric cryptography, significantly weakens its resistance. Grover does not attack the mathematical structure of algorithms as Shor does, but radically optimizes exhaustive search in an unstructured space (such as an unsorted list). By exploiting quantum superposition and a process called amplitude amplification, Grover can find the correct key in about √N steps instead of N for a classical search. In other words, it halves the exponent of the complexity of a brute-force attack. For AES-128, this means that effective security drops to the level of AES-64 against a quantum attacker — a level insufficient in the long term. In contrast, AES-256 sees its security reduced to that of AES-128 in the classical world, which remains acceptable for now. In the Wi-Fi context, where AES is used to encrypt frames (AES-CCMP or AES-GCMP), Grover does not make communications immediately vulnerable, but it does require increasing key sizes to maintain a sufficient security margin.

State of the Threat

Current Wi-Fi security protocols, whether WPA2 or WPA3, rely on classical cryptographic primitives (RSA, elliptic curves, AES) whose robustness comes from the difficulty of well-known mathematical problems. This robustness is only valid against traditional computers. The arrival of quantum computing radically changes the situation. With Shor's algorithm, a sufficiently powerful quantum computer could quickly factor large numbers or solve the discrete logarithm, thus destroying the security offered by RSA and ECC. Concretely, WPA2-Enterprise often relies on a TLS or EAP exchange with RSA 2048-bit certificates to authenticate the server; in a quantum scenario, an attacker could break this asymmetric key and compromise authentication. WPA3-Enterprise, better equipped with its CNSA-aligned 192-bit suite (ECDH P-384, AES-256...), still relies on ECC and remains vulnerable to Shor in the long term.

WPA3-Personal also illustrates this fragility. The SAE (Simultaneous Authentication of Equals) protocol is based on elliptic curves to securely exchange a key without revealing the password. While SAE resists offline dictionary attacks, a quantum computer could solve the discrete logarithm used in SAE and extract the shared key from intercepted exchanges. OWE (Opportunistic Wireless Encryption), used to encrypt open networks, suffers the same weakness: its Diffie-Hellman exchange would be vulnerable to a quantum attack, allowing an adversary to compute the key and spy on hotspot traffic.

Symmetric ciphers fare better... but not indefinitely. While no known quantum algorithm can directly break AES, Grover still halves the exponent of brute-force complexity. Thus, AES-128, which requires 2^128 operations classically, would require only about 2^64 in the quantum world — insufficient security in the long term. This is why AES-256 is becoming the new standard for sensitive environments. WPA2 and WPA3 use AES-CCMP or AES-GCMP to encrypt frames: these ciphers will remain secure if the key size is increased, unlike asymmetric algorithms, which must be replaced entirely.

The main short and medium-term risk therefore lies in the exposure of authentication and key exchange mechanisms. Worse still, the threat is not only prospective: an attacker could record WPA2/WPA3 exchanges (handshake, SAE, or EAP) today and store them. The day they have access to a powerful enough quantum computer, they could decrypt them and retroactively access the transmitted data. This is the well-known Harvest Now, Decrypt Later scenario, already taken very seriously by the industry.

Why WPA3 Does Not Eliminate the Risk

Despite its advances over WPA2 (notably against the KRACK attack) and its more robust encryption, WPA3 does not natively integrate quantum-resistant cryptography. The Wi-Fi Alliance acknowledged as early as 2018 the need to move to post-quantum cryptography by the time quantum computers become available (2028–2030). As of now, no existing Wi-Fi protocol version is intrinsically resistant to a quantum-enabled attacker. The urgency is real: we must prepare the transition to post-quantum cryptographic primitives within future IEEE 802.11 standards.

Ongoing Solutions

Facing the growing quantum threat, the scientific community, standards bodies, and the Wi-Fi industry have already started adapting protocols to remain "quantum-resistant." Several complementary approaches are emerging:

Updating existing protocols: WPA2 and WPA3 suites will need to be replaced or reinforced with quantum-safe equivalents. For example, WPA3 could evolve to use a post-quantum key exchange instead of SAE, and post-quantum signatures instead of RSA/ECC certificates. Enterprise authentication (EAP-TLS) will also need to migrate to post-quantum TLS 1.3+, possibly using hybrid suites combining classical and post-quantum algorithms (e.g., Kyber or Falcon).

Introduction of WPA4: Expected around 2027–2028, WPA4 will likely embed post-quantum algorithms by default, probably from lattice-based cryptography. It could use a post-quantum Key EncapsulationMechanism (KEM) for PMK exchange and introduce dynamic session key renewal to reduce exposure windows.

Strengthening symmetric keys: Moving from AES-128 to AES-256 maintains adequate security against Grover's algorithm. WPA3-Enterprise already offers a "192-bit suite" (AES-256-GCM, SHA-384), recommended for quantum-readiness. Increasing integrity key sizes (HMAC-SHA-256 → HMAC-SHA-384/512) will also be necessary.

Dynamic key management: Shortening key lifetimes and rotating them more frequently will limit the usefulness of compromised keys. WPA3's Perfect Forward Secrecy is a good start, but more adaptive rekeying based on threat levels or data sensitivity could be implemented.

Adoption of Post-Quantum Cryptography (PQC): PQC algorithms are designed to resist Shor and Grover, relying on hard problems like lattices, error-correcting codes, and super singular isogeny curves. NIST's 2022–2023 standards include CRYSTALS-Kyber (key exchange) and CRYSTALS-Dilithium (signatures).

Quantum Key Distribution (QKD): Using entangled photons for key exchange offers theoretically unbreakable security. While QKD works over fiber and satellite links, adapting it to Wi-Fi is challenging due to hardware constraints, range limits, and mobility issues. It might be used in niche fixed, high-security wireless backhaul scenarios.

Wi-Fi networks must evolve to face the quantum computing era. This means a transition to protocols reinforced by post-quantum cryptography — a transition already underway with WPA4's planned quantum-resistant algorithms. The challenge is massive: updating millions of devices, coordinating manufacturers, and training professionals. For Wi-Fi experts, the next five years will be decisive. Testing, experimenting, and planning for this transition now is essential to avoid a sudden disruption when practical quantum computers arrive. In the longer term, quantum technology could also become a tool for optimization, orchestration, and enhanced network security with future Wi-Fi generations and 6G. Before reaping those benefits, however, the industry must clear this critical hurdle: bringing Wi-Fi into the post-quantum era. The window to act is narrow, and every month counts. Those who act now will ensure the confidentiality and resilience of their networks for decades to come.

Overview of IEEE 802.15.4

IEEE 802.15.4 is not a full-stack networking solution by itself, but rather the framework for building many of today's most widely adopted IoT protocols. Zigbee, ISA100.11a, WirelessHART, Thread, and even parts of 6LoWPAN use 802.15.4 at their core. This standard defines the Physical Layer (PHY) and Medium Access Control (MAC) layer, which correspond to Layer 1 and Layer 2 of the OSI model. These layers are responsible for how devices connect wirelessly and how they manage access to the shared communication medium.

What makes 802.15.4 especially powerful for IoT deployments is its flexibility. The protocol is designed with support for various frequency bands and transmission options, allowing implementers to tailor deployments for low power consumption, long battery life, and operation in congested radio environments. Its minimal overhead and deterministic medium access mechanisms (e.g., time-slotted channel hopping in WirelessHART) make it ideal for latency-sensitive and energy-constrained IoT environments.

For network implementers and designers, understanding this standard means having insight into the underpinnings of multiple protocols that may co-exist or interoperate in your deployment.

Frequency Bands: Multi-PHY, Multi-Band Architecture

One of the hallmarks of IEEE 802.15.4 is its multi-PHY support across a wide range of frequencies. The most common and familiar implementation is in the 2.4 GHz ISM band, which offers global availability and supports up to 16 channels. This band is particularly attractive because it's globally unlicensed, making it a go-to for standardized cross-border deployments.

However, 802.15.4 also supports operation in sub-GHz bands, such as 868 MHz (Europe) and 915 MHz (North America). These lower-frequency bands provide better propagation characteristics, more wall penetration and longer range at lower power making them ideal for large-scale sensor networks, agriculture, or industrial environments where obstacles and distance are more prominent challenges.

In addition, the standard includes support for ultra-wideband (UWB) PHYs operating in 3.1 GHz to 10.6 GHz. These offer high precision for location-based services but are less common in traditional IoT sensor deployments.

As a network manager, choosing the appropriate band can drastically impact network performance, interference management, and regulatory compliance. It is critical to factor in deployment geography, building structure, and device density when choosing between 2.4 GHz and sub-GHz options.

Data Rates: Modulation Options and Performance

IEEE 802.15.4 offers several modulation options depending on the frequency band, each affecting data rate, range, and power consumption.

The most widespread is O-QPSK (Offset Quadrature Phase Shift Keying), used in the 2.4 GHz band, which supports data rates of 250 kbps. In the sub-GHz bands, O-QPSK can operate at 100 kbps. This modulation strikes a solid balance between throughput and power efficiency, making it suitable for general-purpose IoT applications.

In contrast, BPSK (Binary Phase Shift Keying) modulation is also available, with data rates of 20 kbps and 40 kbps. While slower, BPSK is more resilient to noise and can be used in environments where reliability is more important than speed, such as industrial automation or remote monitoring applications.

Importantly, 802.15.4 specifies how power spectral density (PSD) must behave. Channels are defined as relative to a center frequency, and transmitted power must drop sharply at a certain distance from this center. For example, in 915 MHz and 780 MHz, outside 1.2 MHz from the center frequency, the signal must degrade by at least -20 dB. In 2.38 GHz and 2.45 GHz (commonly known as 2.4 GHz), outside 3.5 MHz from the center frequency, the signal must degrade by at least -20 dBm, but the absolute limit is -30 dBm. This ensures clean transmissions that minimize interference with adjacent channels or other nearby systems—a key consideration when deploying networks in crowded RF environments.

This careful control over modulation and emissions is one reason 802.15.4 performs reliably in challenging environments where Wi-Fi or Bluetooth might struggle.

Use Cases: Tailored for Low-Rate, Constrained Networks

IEEE 802.15.4 is not about high-speed data. Instead, it thrives in scenarios where low data rates, low power consumption, and predictable latency are key.

For wireless network managers, this opens a wide range of application domains:

• Smart Manufacturing: Factory automation and industrial monitoring systems can use 802.15.4 for time-synchronized sensor data reporting. The standard supports deterministic communication through mechanisms like Time-Slotted Channel Hopping (TSCH), which enhances reliability in harsh RF environments.
• Building Management and Automation: Lighting control, HVAC, and access systems frequently rely on Zigbee or Thread networks powered by 802.15.4. The protocol's low duty cycle capabilities extend battery life and reduce maintenance requirements.
• Smart Agriculture: Vast outdoor deployments benefit from the extended range and penetration of sub-GHz implementations. Soil sensors, irrigation controllers, and livestock monitoring can all be integrated into a single, power-efficient mesh.
• Smart Cities: Parking sensors, traffic flow monitors, and environmental sensing nodes often use 802.15.4 to maintain city-wide coverage with minimal power and infrastructure costs.
• Consumer Smart Home Devices: Many popular products—like smart plugs, thermostats, and locks—rely on Zigbee (and by extension, 802.15.4) to create local mesh networks that don't overburden home Wi-Fi.

802.15.4's ability to deliver years of battery life, robust mesh networking, and interoperability across vendors continues to make it a strong contender for IoT deployments, especially when paired with upper-layer protocols like Zigbee, Thread,WirelessHART or ISA100.

Summary

In a landscape increasingly dominated by high-throughput standards like Wi-Fi 6, Wi-Fi 7 and 5G, it's easy to overlook the quiet reliability of IEEE 802.15.4. But for the wireless network manager tasked with building a resilient, long-term IoT infrastructure, understanding and deploying 802.15.4 is essential.

Whether it's an industrial facility with stringent reliability needs, a smart building with hundreds of sensors, or a vast agricultural installation, 802.15.4 offers a mature, power-efficient, and interference-resilient protocol foundation. Its design for low-data-rate applications is not a limitation—it's a feature that enables scalable, sustainable IoT that can operate for years on battery (with the right technology and configuration) and get the needed data through.

WPA3-Personal Transition mode allows clients that only support WPA2-PSK to use the same SSID as those that support WPA3-SAE. Despite its ease of deployment and solution for enterprises with complex roaming requirements, it doesn't make a migrated SSID as secure as one may think.

This example WPA3-Personal Transition mode SSID allows for Management Frame Protection to be enabled, but not required. It offers two Auth Key Management (AKM) suites: AKM 2 for PSK and AKM 8 for SAE.

As a result, the SSID will still permit WPA2-PSK only clients that do not have MFP/802.11w support to connect. Using MFP to obscure management frames would make hacking through the passphrase more difficult. WPA2-PSK has vulnerabilities stemming from the ability to break the preshared key derivation and discover the SSID's password. By allowing devices with this vulnerability onto the same SSID, any security merit is lost from WPA3; Hackers can gain access to the whole Basic Service Set (BSS) and proceed with other attacks on the network.

In situations where the client can use both WPA2-PSK and WPA3-SAE, EAPoL frame message 2 will confirm which AKM the client used. In the same WPA3-Personal Transition mode SSID shown in the previous picture, the client sends this EAPoL frame message 2. In the RSN Information tag within the WPA Key Data attribute, only AKM 8 for SAE is listed for the AKM Suite that the client used in the four-way handshake.

Administrators are better off separating WPA2-PSK and WPA3-SAE clients onto separate SSIDs; this way, administrators can reduce the potential attack surface to only WPA2-PSK clients. If the WLAN must support WPA2 for internal purposes, use a passphrase with sufficient complexity. A long passphrase is the easiest way to accomplish this.

Trap 2: Using WPA3-Enterprise Transition Mode doesn't introduce any new encryption ciphers or significant differences from WPA2-Enterpise

From a protocol standpoint, WPA3-Enterprise Transition Mode is almost the same as WPA2-Enterprise with MFP/802.11w set as enabled. Unlike WPA3-Enterprise which requires MFP, WPA3-Enterprise Transition Mode allows for MFP to be enabled or required, but not completely disabled. Per the WPA3 Specification:

"When an AP's BSS is operating in WPA3-Enterprise Transition Mode:
1. The AP's BSS Configuration shall enable at least AKM suite selectors 00-0F-AC:1 (IEEE 802.1X with SHA-1) and 00-0F-AC:5 (IEEE 802.1X with SHA-256) in the BSS.*
2. The AP's BSS configuration shall be PMF Capable, i.e., AP sets MFPC to 1 and MFPR to 0".(1)

*AKM suite 00-0F-AC:1 is disallowed for EHT (Wi-Fi 7) STAs.

Here is an example of a WPA3-Enterprise Transition SSID with MFP as enabled. Fast Transition(FT)/802.11r is set to disabled. The image below shows the RSN Information tag within a Beacon frame.

As the specification states, Management Frame Protection Required is set to 0 (False) and Management Frame Protection Capable (MFPC) is set to 1 (True). Additionally, the Auth Key Management (AKM) attribute shows two suites allowed: AKM 1 for "IEEE 802.1X with SHA-1" and AKM 5 for "IEEE 802.1X with SHA-256".

Enabling WPA3-Enterprise Transition Mode while requiring MFP brings it closer to WPA3-Enterprise requirements. AKM 1 will not show anymore. This second example is also of a WPA3-Enterprise Transition SSID with FT/802.11r is set to disabled, but this time MFP is set to required. This beacon only advertises AKM 5.

Even so, SSIDs cannot use WPA3-Enterprise Transition mode on 6 GHz band due to 6 GHz requiring MFP so it will not aid in transitioning a network into fresh 6 GHz spectrum.

When using FT/802.11r with MFP as enabled, AKM 3 for "FT Authentication over IEEE 802.1X using SHA-256" will also show in WPA3-Enterprise Transition mode.

Likewise when performing the same with MFP as required, AKM 3 and 5 are advertised.

Now when comparing all this to a WPA2-Enterprise SSID with FT/802.11x and MFP set to enabled, it does not look much different. AKM 1 and 3 are advertised. We are only missing AKM 5 here.

Unless the SSID requires MFP, a WPA3-Enterprise SSID will still advertise the older AKM 1 for devices not capable of AKM5 or AKM3 with FT enabled. Consequently, devices will remain vulnerable to downgrade attacks that force authentication at AKM1. For all scenarios shown, AES is used as the Pairwise/Group Cipher Suites. Therefore, WPA3-Enterprise Transition mode does not have much increased benefit compared to WPA2-Enterprise.

Trap 3: Transition Disable modes are complex and offer little value

The Wi-Fi Alliance introduced the "Transition Disable" feature to prevent downgrade attacks on clients that are both capable of WPA2 and WPA3 suites for Enterprise, Personal, and Open SSIDs. In Cisco's case, a 9800 Wireless Controller will "use the Transition Disable indication to disable transition modes for that network on a STA" (2) The practical result of this is often unintended behavior with clients that either support transition disable with flaws or do not support transition disable mode at all.

Even the Cisco Whitepaper states "This method is not generally recommended and should be enabled only when it is absolutely necessary." under this option. Having separated SSIDs per WPA mode is usually a better option to support most clients with the potential unintended behaviors of Transition Disable modes. An "absolutely necessary" use case for this would be having to support roaming under one SSID while supporting WPA3 whenever possible.

While the Wi-Fi Alliance has created these transition mode features to provide maximum flexibility for WLAN administrators, that doesn't mean administrators should use them. WLAN administrators should carefully weigh the network architecture and clients' capabilities against the security requirements for SSID before diving head first into these modes.

1. https://www.wi-fi.org/system/files/WPA3%20Specification%20v3.4.pdf

2.https://www.cisco.com/c/en/us/td/docs/wireless/controller/9800/technical-reference/wpa3-dg.html

Defining Requirement Areas

WLAN designs may use a coverage-based approach to provide basic connectivity for areas with a low user density or a capacity-based approach to deliver a defined level of performance for areas with high user density. WLAN designs commonly require a mixture of these two approaches as requirements can differ between areas. Capacity cannot be delivered without adequate coverage. However, achieving optimal WLAN capacity also necessitates additional factors beyond just coverage.

The first step is to identify the physical areas that require WLAN coverage. Good quality floor plans with proper scale and zone labels are preferred for this step. Coverage areas can then further be divided based on usage requirements. Identify the number of users, user-to-device ratio, types of devices and their capabilities. Wi-Fi is a shared medium, so determine the least capable, most important device because it will dictate the minimum performance of the WLAN in each area. Information about the client device mix may be obtained from IT personnel, the resident WLAN controller, or other network management/analytics platforms.

The second step is to identify the applications and services in use for each requirement area. It is important to remember that not all services require constant communication over the network. VoIP and video conferencing are latency sensitive and are constant bit rate services, while services like web browsing and email are not. Also note that while most client devices may be associated with the WLAN, only a portion will be actively using the network concurrently. If historical WLAN usage data is available (such as from a WLAN analytics platform), it may be possible to identify "peak busy" times and investigate association count, number of active clients, active services or applications, and throughput achieved during those times.

Considering the Radio Frequency (RF) Environment

Beyond clients and services, physical limitations or other constraints may influence the WLAN design. Signal attenuators such as building materials or large groups of people affect AP density. Interferers, Wi-Fi or not, need to be factored into channel planning to mitigate impact on WLAN performance. Spectrum availability may also be limited by the regulatory domain and client device channel support (check drivers/firmware). Mounting restrictions, related to aesthetics or other factors, may require thoughtful AP model selection to achieve the WLAN's goals.

Capacity Planning Variables

Information gathering is critical to successful WLAN design and deployment. The activities discussed so far are pre-design efforts that replace assumptions with known data to improve the WLAN design. Capacity planning puts this information together to estimate the minimum AP count needed to handle data demand. The WLAN is a system, and its performance is based on the aggregated throughput of simultaneous transmission by multiple stations.

It is recommended to avoid including 2.4 GHz in capacity planning. With the large number of 2.4 GHz devices, including Bluetooth and microwave ovens, it should be considered for legacy devices or utility usage only. With Wi-Fi 6E and the advent of Wi-Fi 7, the 6 GHz frequency band adoption process is underway across the globe. This new frequency band will be a boon for WLAN capacity as it delivers a large amount of clean spectrum. However, client device support of 6 GHz must be confirmed or forecast before using it in capacity planning.

Capacity planning can be distilled into this simple idea: (Number of active users x Service throughput demand x Future growth factor) / AP Throughput Capacity = Estimated AP count

Unfortunately, this simple idea hides several important considerations. To start, a strong signal-to-noise ratio (SNR) is required to use a fast modulation and coding scheme (MCS) for better throughput. However, that is not the only determining factor. The MCS depends on common Wi-Fi standard, channel width, spatial streams, and guard interval. The latest feature enhancements can only be used if both the transmitter and receiver share those capabilities. Planning with the least capable, most important device will estimate the worst-case performance. When choosing a MCS as a performance target, make sure the appropriate SNR (usually 25-30 dB or higher for the faster MCSs) can be achieved. This MCS/SNR target will guide coverage planning in high-capacity areas.

Operating on wider channel widths will unlock higher data rates but there are several additional considerations. The first is that for every doubling of the channel width, the noise floor increases by 3 dB. A 40 MHz channel will add 3 dB while an 80 MHz channel will add 6 dB to the noise floor. It's important to consider this during coverage planning to maintain the desired SNR. The second consideration is spectrum availability, including channels and transmit power levels allowed within the regulatory domain. Channel planning to avoid overlapping Basic Service Sets (OBSSs) is critical as they will share airtime, degrading performance as contention increases and airtime efficiency decreases. Simultaneous transmissions increase airtime efficiency so high-density environments benefit from 20 MHz channels in most cases, especially where channel reuse can be entirely avoided.

Don't overlook the network backbone. The purpose of a WLAN is to allow wireless clients access to a wired network. The wired infrastructure must also support the capacity the WLAN can deliver. It is not uncommon for the wireless network to be blamed for poor performance when an upstream LAN issue is the cause.

Capacity planning ensures reliability and efficient network performance. However, WLAN designs are not just based solely on capacity planning. AP count estimates will vary between throughput capacity, association limits, or coverage requirements. Always choose the largest AP count estimate to meet all WLAN requirements.

Maximizing the WLAN requires understanding its clients, services, airtime, and the backhaul network. Requirement areas and design approach are defined by user density, device types, services, and throughput demand. The frequency bands used, channel widths, channel reuse, signal strength, and SNR create WLAN capacity potential. Capacity planning is the process of putting these pieces together to solve the WLAN performance puzzle.

Why Change Testing Providers?

Our primary goal has always been to deliver the most reliable, secure, and professional certification experience possible. After careful evaluation, we've selected Prometric as our new testing partner based on several key considerations including the cost of operations and the requirement of the following:

• Global Testing Infrastructure: Prometric offers a robust, technology-enabled testing infrastructure that spans global markets. Their ability to maintain a safe and consistent testing experience across different locations is crucial for our diverse community of certification candidates.
• Commitment to Candidate Experience: The testing experience is about more than just an exam. Prometric shares this philosophy, focusing on creating a supportive environment that allows candidates to demonstrate their true capabilities.
• Support for Remote Proctoring: Prometric supports remote test-takers and allows for those without the ability or desire to travel to a testing center to complete exams and acquire our certifications.

Your Potential Concerns

We recognize that some candidates may be apprehensive about this transition. The online threads discussing testing experiences highlight that no testing provider is without challenges. With PearsonVUE and Prometric being the top two testing providers, blogs, forums, and social media posts abound with comments regarding problems encountered with both providers. However, our selection of Prometric was not made lightly, and we've carefully considered the potential impact on our certification candidates. The good news is that more than 99 out of 100 test takers have no issues in the process with either testing provider.

What This Means for You

Exam Preparation: Your preparation remains the most critical factor in certification success. The core knowledge and skills we assess remain unchanged.
Testing Environment: Prometric testing centers are professional, secure environments designed to provide a fair and comfortable testing experience.
Support: We are committed to working closely with Prometric to ensure any initial transition challenges are quickly addressed.

A Note of Reassurance

Change can be uncomfortable, but it's often necessary for growth. Our decision to partner with Prometric reflects our ongoing commitment to providing the most valuable and respected certification in our industry. Your success is our goal. We will monitor the progress closely and make any adjustments required to achieve our mission: to serve the wireless networking professional community. You are our primary focus and not a particular testing provider. For this reason, we will always monitor the services we provide and ensure that you are served as best we can.

Thank you,

Tom Carpenter, CWNP Director

#WLPC Prague 2024: Shaping the Future of WLAN Technology

For anyone with a vested interest in wireless networking, the Wireless LAN Professionals Conference represents an opportunity for professional growth and engagement. It is a gathering where transformative ideas take center stage, industry leaders impart their expertise, and participants immerse in the cutting-edge technology that is defining the future of wireless LAN systems. From intensive technical bootcamps to in-depth workshops and practical labs, lots of learning possibilities will be available to attendees.

One of the distinguished aspects of #WLPC Prague 2024 is the convergence of professionals from around the world to explore contemporary trends, best practices, and real-world applications of wireless technology. Whether delving into the advancements of Wi-Fi 7 or the transformative influence of AI on network management, this event is a focal point for progressive solutions in WLAN technology.

In turn, we're eager to share valuable insights and takeaways from the conference with you! Stay tuned for updates on the latest trends, innovative ideas, and thought-stimulating discussions from the event.

If you are attending, don't miss the chance to grab a complimentary CWNP-branded gel pen—just find Melissa at the event while supplies last. Plus, we're offering exclusive IoT track eLearning courses to conference attendees. Reach out to Melissa at melissa@cwnp.com to claim yours.

We look forward to forging new connections and advancing the discourse in wireless networking at #WLPC Prague 2024.

Everyone wants to have strong cybersecurity defenses for their personal or commercial devices. After all, who wouldn't want to sleep better at night, knowing they're not getting hacked at that very moment?

Unfortunately, there are vulnerabilities everywhere in technology — even with how Wi-Fi is designed and used. Recently, New York University Abu Dhabi researcher Mathy Vanhoef found flaws that can expose virtually every Wi-Fi enabled device to some form of attack.

The flaws relate to how Wi-Fi chops up, reorders, and puts data back together when in transit to the other end so information moves as quickly as possible. If an attacker was in range for these "FragAttacks", they could potentially exfiltrate data from a victim and compromise their devices. Once a wireless network and its devices are compromised, cybercriminals can gain access to an enterprise network. For your peace of mind, basic cybersecurity tools such as firewalls, intrusion prevention systems, and anti-malware systems are necessary to protect your Wi-Fi networks. By ensuring these fundamental security features are in place, you won't need to spend as much on data recovery.

Approaching Security Through Your Wi-Fi Network

Complexity has become a growing problem in cybersecurity, however. While the environment demands additional protection, organizations typically respond by adding new tools to their security stack. Having more tools creates a complicated environment, and opens up additional vulnerabilities. The ideal set-up should have fewer tools you know how to use properly and maximize, instead of too many you don't know what to do with.

Keeping your devices updated and operating systems patched is one way to stay secure. When the news about the FragAttacks broke out, industry giants took it seriously; Microsoft shipped out patches, while a patch to the Linux kernel worked its way through the release system. These patches meant that hackers were less likely to find and abuse flaws, such as injecting malformed data and becoming a "man in the middle" of the network. Using secure passwords, backing up configuration files, and checking for an HTTPS web encryption lock on the pages you visit also helps.

Wi-Fi protocols have built-in privacy that extends from devices to routers, but nothing beyond that, which is why routers are often compromised. Using Virtual Private Networks (VPN) offers more privacy and discourages snooping on traffic, as these encrypt DNS requests. VPNs make it harder for an attacker to see what the target is doing online, or to redirect users to malicious phishing websites, which is why it's one of the most essential cybersecurity tools.

Improving Your Cybersecurity Strategy

Planning simple but strong cybersecurity strategies are essential for every business nowadays, as we are facing attacks against critical infrastructure, the growing threat of ransomware, and pandemic-related vulnerabilities on a global scale. Analysis from nonprofit association CompTIA reveals that cybersecurity is definitely on many employers' radar, with the demand for cybersecurity workers moving up from 17% of IT job postings in 2019 to 20% in 2021.

Going over strategies with a cybersecurity expert is key to protecting any system. Maryville University's cybersecurity curriculum outlines that cybersecurity graduates undergo courses on ethical hacking, network and cloud security, virtualization, and digital forensics so they can test your set-up for any weak spots. Today's wireless network security professionals must also have a thorough understanding of the latest software, tools, and trends available. With additional training and knowledge, they can protect the fort for organizations.

As we discussed in our editorial article called 'Let's Make Wireless as Boring as Possible', this is what the new CWDP (update) and CWIDP (new) certifications are all about. These certifications will help everyone working with wireless — including design, support, engineering, and development — keep up-to-date with the latest trends and threats. This way, their designs would work properly and be boringly safe. Sign-up for Wi-Fi career certification exams today.

Article written by Riley Jordyn
For the exclusive use of cwnp.com

What is Retrieval-Augmented Generation (RAG)?

Retrieval-Augmented Generation is a fancy term for a simple yet powerful idea. Think of it as connecting ChatGPT directly to the source material you are using for your study activities. Before answering your questions, the AI digs into a vast database of information, pulling in facts to make sure what it tells you is not just plausible but accurate.

This technique combines the best of both worlds: the conversational ease of AI models like GPT-3.5 and GPT-4, and the reliability of directly sourced material. So, when you ask about a technical concept, RAG ensures the AI checks its sources, significantly reducing the chance of an incorrect answer.

The diagram illustrates the retrieval-augmented generation process (sourced from IBM)

https://dataplatform.cloud.ibm.com/docs/content/wsj/analyze-data/fm-rag.html?context=wx

Why RAG Makes a Difference in Studying

For students and professionals aiming to ace certification exams, RAG-powered AI can be a game-changer. Consider the following enhancements:

• Precision-Driven Answers: With a RAG-powered AI, like a custom chatbot drawing from the CWNA (Certified Wireless Network Administrator) study material, your responses are not just accurate—they're specialized. It's akin to consulting an expert whose knowledge is specific to the topics covered by CWNA study guide.
• Strengthened Trust in Learning: The assurance that your AI companion consults CWNA or similar authoritative sources before replying means you can rely on the information being aligned with your certification's standards. This certainty in the material fortifies your study process.
• Strategic Study Sessions: By harnessing the speed of AI with the depth of the CWNA study guide or other comprehensive resources like vendor manuals or IEEE standards, you study more effectively.
• Tailored Interactivity: This AI doesn't just respond; it interacts with the specificity of a CWNA study guide, making your study time interactive and personalized. It's as if you're in a dialogue with the text itself, asking questions and getting precise, context-aware answers.

How RAG is Changing the Game

The integration of RAG in AI like ChatGPT marks a significant leap forward in educational technology. For learners, it means the difference between memorizing potentially faulty information and understanding accurate, source-backed content. This technology doesn't just reduce hallucinations; in many cases, it can eliminate them, making AI a more reliable partner in your quest for certification.

Crafting a CWNA Study Assistant

The example below was made with a special app for making chatbots named Dropchat. Dropchat uses RAG technology to build a chatbot from PDFs, websites, text, and YouTube videos. For this example, we trained it using the CWNA study guide. Now, let's see how this custom-trained chatbot performs compared to the regular ChatGPT.

ChatGPT: What is a beacon?

The screenshot illustrates the answer from ChatGPT (sourced from OpenAI)
https://chat.openai.com/

Custom Chatbot: What is a beacon?

The screenshot illustrates the answer from a custom RAG powered chatbot (sourced from Dropchat.co)
https://app.dropchat.co/guest-books/65fb2acfdf48193b0387d3b8

Embracing the Future of AI-Assisted Learning

The potential for RAG-augmented AI in education is vast. From personalized learning paths to interactive textbooks that answer your questions on the spot, the possibilities are as exciting as they are endless. For anyone studying for certifications, embracing this technology could well mean the difference between success and frustration.

We have performed a wireless scan, so the next logical step is we want our Pi to connect to a wireless network we found in the wireless scan. First reboot the Pi to clear out any configurations that could be lingering effects from the commands we ran above. The wireless radio was put into monitor mode and multiple services were stopped. It is best to get the Pi back into a safe known state to move forward.

wpa_supplicant is the name of the wireless client (STA) on the Raspberry Pi. It is a service that typically runs in the background maintaining a connection to a wireless network. We must let wpa_supplicant know certain information, such as the SSID, PSK and Country we intend to us to connect to a Wi-Fi network. This is simple enough with a handful of lines in a configuration file.

Edit the WPA Supplicant configuration file
sudo nano /etc/wpa_supplicant/wpa_supplicant.conf

Unfortunately, WPA Supplicant does not log data anywhere, so it is difficult to debug if a connection has failed and why. The wpa supplicant is a service that runs in the background by default, but it is relatively easy to run it in the foreground and look at debugging information with the following commands

sudo systemctl stop NetworkManager.service
sudo systemctl stop wpa_supplicant.service
sudo wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant.conf -iwlan0

Successful Association

This tells us a few key things: the SSID we are associated with, the BSSID and the connection was successful.

Unsuccessful Association due to bad PSK

Unsuccessful Association due to an incorrect or out of range SSID.

When a SSID or PSK is incorrect, it can be difficult to determine why, as very little information is presented in the output of wpa_supplicant. If you append the -dd parameter (increase debugging verbosity), a large amount of detailed log data will be returned from wpa_supplicant

Running with verbose logging
sudo wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant.conf -iwlan0 -dd

The wpa_supplicant running as an application is great for debugging, but it's somewhat unnecessary once a connection to a Wi-Fi network has been successful established. Plus it would be nice to use the foreground to run other applications. We will add two additional parameters to the wpa_supplicant command line

• -B Instructs wpa_supplicant to run in the background as a daemon
• -f <logfile> Any output that would have been logged to the screen will be redirected to the logfile specified.

sudo wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant.conf -iwlan0 -B -f /var/log/wpa_supplicant.log

Now the wpa_supplicant will run in the background. To kill it, use the following command
sudo killall -9 wpa_supplicant

In order to see the logged output of wpa_supplicant, you will need to look at the contents of the log file in /var/log/wpa_supplicant.log

wpa_supplicant log file output
sudo cat /var/log/wpa_supplicant.log

With wpa_supplicant handling all of the STA functionality running in the background, the next step is to request an IP address from the DHCP server and see what IP has been lease. The following two commands enable the DHCP client and report on the interface IP's

dhclient -i wlan0
ifconfig wlan0

From the output of ifconfig, the raspberry pi now has a DHCP IP address of 192.168.200.242

Raspberry Pi as an Access Point

Dare I say we have saved the best for last? Everything we have covered so far can easily be performed on really any modern OS out there without needing special hardware use freely available software. Kali Linux comes with the hostapd utility which can make most recognized Linux radios an 802.11 Wi-Fi access point with just a configuration file and an executable running.

We can easily create a simple WLAN with a few lines in a configuration file. In the following example, we will make an SSID "wifi_ssid" with the PSK "wifi_password" running on channel 6 in the 2.4 GHz frequency range using 802.11g.

sudo nano /etc/hostapd/hostapd.conf

# Now to stop all other processes which could cause interference:
sudo systemctl stop NetworkManager.service
sudo systemctl stop wpa_supplicant.service
sudo killall -9 wpa_supplicant

Connect to the Pi with the serial interface or keyboard/display before proceeding. Setting up the bridge will disconnect network traffic from the ethernet port temporarily.

# Setup a bridge to connect the ethernet port to the wlan0 interface.
sudo ip link add br0 type bridge
sudo ip link set dev eth0 master br0
sudo ip link set br0 up
sudo ifconfig eth0 0.0.0.0
sudo dhclient br0
ifconfig br0

Start HostAPD
sudo hostapd /etc/hostapd/hostapd.conf

The output of HostAPD shows the wifi_ssid WLAN being initialized with the e4:5f:01:3a:e1:70 BSSID. It also shows a STA connected, which is my phone. My phone shows I am connected to the WLAN and received an IP address within my local network range, 192.168.200.x.

Android Phone showing WLAN Successfully connected with IP

Performing a speedtest shows descent results. The radio on the Raspberry Pi is somewhat limited, so don't expect it to be competative with enterprise AP speeds.

The Aruba Utilities app on my phone confirms the BSSID is set properly, and the connection is on channel 6.

The above hostapd configuration is meant to be simple – 802.11g isn't all that exciting of a technology. Below is a much more exciting configuration for 802.11ac with an 80 Mhz wide channel. From looking at the configuration file, you can see it is much more complicated than the first example.

/etc/hostapd.conf

Aruba Utilities confirms an 80 Mhz wide channel using channels 36-48 with 40 being the primary channel.

wpa_supplicant and hostapd beyond the lab
The two tools covered in this article for connecting to Wi-Fi access points (wpa_supplicant) and a tool for creating a software access point (hostapd) are not just limited to lab environments. Ubiquiti, Inc. uses both tools in their line of wireless products. I run a few NanoStation2 2.4 Mhz wireless access points which have SSH access to the Linux subsystem. By simply running the process status (ps) command, it shows hostapd and wpa_supplicant running, along with their configuration file. Viewing the configuration file shows something that should look quite familiar – configurations very similar to what we implemented above.

hostapd running on an Ubiquiti NanoStation2

wpa_supplicant running on an Ubiquiti NanoStation2

These tools should not be seen as just something used for labs – they are hardened supported products that enterprise Wi-Fi vendors use at their core.

Next Steps
This article attempted to touch on the possibilities of the built-in radio and the capabilities of the Raspberry Pi. The wpa_supplicant and hostapd tools have many more features and configurations that can be applied. The built-in radio of the Raspberry Pi is limited to some of its features, functionality, and range. The Wi-Fi antenna on the pi is just a trace run on the PCB, clearly not as good as a proper antenna that many USB radios have. The USB radios have many more robust features that the onboard radio doesn't. There are many articles on the internet that go into depth about the USB radios that are compatible with the Pi and hostapd/wpa_supplicant specific configurations to get the most out of them.

The Raspberry Pi is extremely powerful in its Wi-Fi capabilities. In this article we will walk through the following configurations of the Pi:
1) Wireless Scanner
2) Wireless Network Sniffer
3) Wireless Station (STA)
4) Access Point (AP)

Minimum requirements for this lab:
• Raspberry Pi 4 (2 or 4 GB model)
• Existing Wireless WPA/WPA2-Personal Network (2.4 or 5 Ghz)
• Existing Wired Ethernet network
• Both above networks with DHCP and internet access
• microSD Card 16GB or larger
• microSD Card reader/writer
• HDMI Monitor with a micro HDMI Cable
• USB Keyboard (and optionally a USB mouse)
• USB-C Cable to provide power

To get started, we will need an Operating System image and a method to copy it to a boot device (microSD or USB Drive). For this article, I am going to assume you will be using a microSD as it is more universal than a USB boot drive for different hardware revisions of the Pi. Any microSD card larger than 16GB should be more than sufficient.

The Pi boots off of a microSD card, so the first step is to load an operating system onto it. There are many OS's to choose from for the Pi, for this lab we are using Kali Linux as it out of the box supports nearly all the features we will need. Start by downloading Kali Linux from the following link: https://www.kali.org/get-kali/#kali-arm

Most likely you will need the Raspberry Pi 2, 3, 4 and 400 (32-bit) download (approximately 2 GB). The downloaded OS needs to be installed onto the microSD card. This is dependent on the platform of the computer you are using to write data to the storage device. I recommend balenaEtcher as it is one of the easier tools out there, multiplatform (Windows, Mac, Linux) and it can write multiple microSD cards simultaneously, which is a time saver when it comes to setting up a lab. Using the tool is quite straightforward – select the source image you downloaded above, select the destination device(s) and then wait 10 or so minutes for the data to be written and verified.

Insert the microSD card into the Pi, connect it to a HDMI monitor and keyboard (mouse optionally), connect the ethernet cable, apply power (via USB-C) and you should see it booting. The Pi may reboot, as it resizes its image to take advantage of the full storage space on the microSD. Once you see a login prompt, log into the Pi with the default login credentials, username "kali", password "kali".

As a network engineer, I don't like to interact with many devices by plugging a monitor and keyboard into them. Also, the Pi's IP address can change every time I boot it up, or plug it into another network. There would be no easy way to know what the new IP is without a monitor and keyboard. A serial console interface would be really nice so I could access the Pi easier. The USB-C port on the Pi can be configured as to appear to the computer it's connected to via USB as a USB Serial port. This will make the Pi appear as a USB serial port to your host system and powered – by one cable!

Configuring the Pi to be accessed via a USB serial is easily accomplished in three simple steps. Editing files is outside of the scope of this article, but there are multiple good sources on how to use vi or nano to edit files. This step is completely optional – but it is here to make it easier for you if you prefer to interact with your Pi via a serial connection instead of a monitor and keyboard or SSH.

1. Enable superuser mode sudo su
2. Edit sudo nano /boot/config.txt and append the following to the end of the file on its own line: dtoverlay=dwc2
3. Edit nano /boot/cmdline.txt and append the following to the end of the first line: modules-load=dwc2,g_serial
4. Associate the gadget serial port, ttyGS0, to a console: sudo systemctl is-active getty@ttyGS0.service
5. Reboot- The Pi should appear as a USB serial device, and when you connect it should prompt you for your username and password (kali / kali).

Pi Radio Capabilities
Every radio has certain limitations as related to its capabilities. Before exploring how to use the radio in the Pi, it is important to know what to expect. For example, if the radio only supported 2.4 GHz channels, we would want to know before trying to figure out why it can't connect to an 802.11AC network. The iw phy command dumps the capabilities of the internal radio of the Pi, including, but not limited to, Supported Channels/Frequencies, Ciphers, Power Save, Channel Widths, Bitrates, VHT Spatial Streams, and more.

Partial output of iwlist wlan0

Just from this snippet of the output, you can see it supports 20, 40, and 80 Mhz wide channels, but not 160 or 80+80.

Wireless Scanning
The Kali Linux distribution comes with several useful tools for scanning wireless networks.

NetworkManager
NetworkManager is a system service within Linux that keeps connectivity to networks online. It offers the simplest method of performing a passive wireless scan. Within a few seconds it reports back, in sorted order from strongest to weakest signal, BSSID, SSID, Channel, Data Rate, Signal Strength, and Security Suites. The nmcli dev wifi command reports back beacons received by NetworkManager within the past 30 seconds.

nmcli dev wifi output

airodump-ng
NetworkManager provides a quick snapshot of the wireless network, but only for the past 30 seconds. Airodump-ng takes the network scan to the next level. Airodump-ng is part of the Aircrack-ng suite of Wi-Fi monitoring, capturing, attacking, cracking, and testing toolset. Airodump-ng is a capture tool, and we will use it to capture and report beacon and association information.

To use the Airodump-ng tool, the NetworkManager and WPA Supplicant services must be stopped to use the WLAN0 internal radio for in monitor mode. Stopping means the service will not attempt to restart, however if the Pi is rebooted, the services will still start automatically. As this is a lab exercise, we will sometimes need to manually disable these services as different labs will require the onboard radio to be placed into monitor mode. If we disabled the NetworkManager service, the nmcli tool that we used above would not work. The following are the steps needed to stop the NetworkManaget and WPA Supplicant services and configure the internal radio to run in monitor mode.

After stopping the system services and enabling monitor mode, run the sudo airodump-ng mon0 command.

sudo airodump-ng mon0

airodump-ng performs a continuous scan of the available Wi-Fi networks. It has a lot in common with the nmcli network scanner, as it shows SSID, BSSID, channel, encryption, and speed (MB). However, airodump-ng is constantly scanning (outside of the 30 second retention of nmcli). This gives us a few more BSSID's that nmcli did not pick up on (for example cadakis_shack and Linksys06571 were not in the nmcli scan results). Additionally, airodump scans the relationships between stations and their BSSID. In the lower position of the real-time report, it shows STA MAC address and if they are associated with a BSSID.

A keen eye would notice only 2.4 Ghz channels are being reported. A keener eye would see Home-5812 is using channels 2 and causing adjacent channel interference (ACI) with channel 1 and 6! By default, airodump-ng when run without any parameters other than the monitor interface will only scan 2.4 GHz channels. To scan the 5 GHz channels, the –band a parameter can be appended

sudo airodump-ng mon0 --band a

Now, we have a better picture of the 5 GHz channels and their associated AP's and STA's. In the upper left corner, you will see CH 149. This number is constantly changing to scan a channel. A radio cannot scan all channels simultaneously as it must tune into the frequency of a particular channel, listen for a short duration, and then move onto to another channel to monitor. This all takes time and leaves the possibility of missing capturing data. Airodump-ng has the ability to listen only on a single channel. For the next scan, we will monitor channel 64 and no other channels.

sudo airodump-ng mon0 --band a -c 64

This scan was run for the same duration as the previous scan – 18 seconds. However, look how much more data was received. For BSSID 18:64:72:2A:3C:F0, only 6 beacons were received within 18 seconds, compared to 186 when only a single channel was scanned. With the beacon interval typically set at 1024 time units (102.4ms), 186 beacons would seem like a much more reasonable number of beacons expected to be broadcasted in 18 seconds (roughly 10/second) than 6!

The last scan to touch on is filtering by SSID. This is accomplished by appending the --essid <SSID Name> parameter to airodump-ng:

sudo airodump-ng mon0 --band a --essid PigZoomer

iwlist
iwlist scans available wireless networks much like nmcli and airodump-ng, however, it offers much more details information on a per-BSSID basis. It is not as easy to read ad the outputs of nmcli and airodump-ng, but this tool would be something you would run after you determine which Wi-Fi network to gather further information about. To run iwlist, the monitor interface will need to be disabled (sudo ifconfig mon0 down) and both NetworkManager and WPA Supplicant services will need to be stopped.

sudo systemctl stop NetworkManager.service
sudo systemctl stop wpa_supplicant.service
sudo ifconfig mon0 down
sudo iwlist wlan0 scan

Partial output of sudo iwlist wlan0 scan

It's quite easy to see there is a lot more information on a per-BSSID basis iwlist provides – supported bitrates, Information Elements (IE's), Frequencies, and more. iwlist doesn't provide the best user interface for running a scan, it does provide superior details of the beacon frame information.

Now think big picture – take this to the next level. With some simple scripting, you could make the Pi scan the wireless network at a set interval (cron job) and at each scan report check all BSSID and SSID's accessible on your network. It could then compare these values with expected BSSID and SSID's for your network and email any rogue SSID or BSSID's. $40 Wireless IDS!

TCP/IP Network Scanning Utilities
Kali Linux not only has utilities to scan Wi-Fi 802.11 traffic, but also has a handful of utilities to scan IP networks. These tools can come in handy to discover other L2/L3 devices once connected to a Wi-Fi network.

arp-scan
The arp-scan utility sends ARP requests packets to every host on the specified interface. It then processes the responses (IP to MAC relationship) and for known MAC OUI's, displays the vendor.

sudo arp-scan --interface=wlan0 --localnet

nmap
The nmap utility probes networks for discovery, open ports, operating systems and a number of other attributes of IP devices on a network. It works by scanning all IP addresses passed, scans each one to see if it is online (at the layer 3 level, unlike layer 2 like arp-scan), and interrogates online hosts. The sudo nmap -ss -O 192.168.200.0/24
command will attempt to learn the OS of all devices on the 192.168.200.0/24 network.

Grab some popcorn for this one. Unlike everything else we have done, this utility takes quite a bit of time as it scans all known ports on all IP addresses within the given range.

sudo nmap -ss -O 192.168.200.0/24

This is just a single result of the nmap scan I ran. A lot of information was divulged with the scan – the manufacturer of the device (Dell), all of the ports/services open, and a best guess at the OS (It was actually wrong here, I am running Windows 10 with all updates).

tcpdump
The tcpdump utility is a network traffic capture utility. You can think of is like a command line version of Wireshark. Don't expect tcpdump to be the magical utility which allows you to see all information broadcasted across your WLAN. It will only show the information received and sent to the wireless adapter. If client isolation is enabled on the Wi-Fi network, other Wi-Fi client data (broadcast included) may be restricted. Use the command sudo tcpdump -i wlan0 port not 22 to capture all traffic except for port 22. Why did we make an exception for port 22? If we are SSH'd into the Pi, a majority of the traffic from tcpdump would be from the SSH session. For a better scan, we should omit our self-generated SSH traffic.

sudo tcpdump -i wlan0 port not 22

From running tcpdump for a short period of time, we can see there is at least one Windows host on the 192.168.200.0/24 network, as you can see 192.168.200.30 broadcasting UDP packets for netbios-ns.

Speed Test
What would a network analyzer be without a speedtest? Unfortunately, this seems to be the only test most people are interested in. I definitely fall into this category as anytime I receive an upgrade from my ISP, a speed test is one of the first utilities I run. The Pi does not make the best speed tester, due to limited CPU processing. Most speed tests run off of HTTPS streams, which incurs CPU intensive processing for decrypting data. If the speedtest come up a little lackluster, if could be the hardware limitations of the Pi.

The Kali Linux distribution comes with so many utilities, except the speedtest! This is no real worry as it's very easy to install with the following command:
sudo apt install speedtest-cli -y

To run it is even easier – just type speedtest and the utility will automatically find the closest server and run an upload/download bandwidth test against it.

Speedtest

At CWNP, we offer a comprehensive Wi-Fi education program that covers everything from basic Wi-Fi concepts to advanced wireless network design and security. We provide authorized learning centers all over the world where students can learn from experienced instructors, access the latest Wi-Fi technology, and earn industry-recognized certifications. Colleges and universities partnering with us can offer Wi-Fi courses that lead to a Certified Wireless Network Administrator (CWNA) certification, a Certified Wireless Security Professional (CWSP), and a Certified Wireless Design Professional (CWDP) certification. These certifications demonstrate an individual's competence and commitment to the Wi-Fi profession and give students a competitive advantage in the job market.

Additionally, partnering with CWNP helps universities and technical institutions align their Wi-Fi curriculum with industry standards. CWNP's Wi-Fi program is vendor-neutral, meaning it is not specific to a particular product or manufacturer and focuses on fundamental concepts that apply to any Wi-Fi device or platform. Therefore, institutions gain access to the latest Wi-Fi industry practices, trends, and tools, ensuring that they provide their students with the most relevant, current, and top-quality education.

CWNP also provides instructional materials, including textbooks, online courses, videos, and practice exams. Institutions that offer these courses will boost their reputation as technology and innovation hubs, attracting students, research grants, and partnerships with industry players.

Our Impact

Wi-Fi has become an essential aspect of our daily lives, and universities and technical institutions must equip themselves with the necessary curriculum to produce competent wireless network professionals. CWNP has established successful partnerships and curricula at renowned universities and learning institutions worldwide - our partners include institutions in the United States, the Netherlands, Germany, the United Kingdom, Mexico, and Poland. This is just a snapshot of our global reach. By partnering with CWNP, your institution joins a prestigious group committed to offering cutting-edge Wi-Fi education.

CWNP provides institutions with the industry's latest practices, trends, tools, and certifications. Ultimately, this benefits students and the organizations they will eventually work for. Offering these programs aligns the curriculum with industry standards and positions institutions as leading technology and innovation hubs. Together, we can make sure your institution keeps pace with this evolving industry and prepares its students to excel in this field.

Reach out to Melissa at melissa@cwnp.com to find out more.

Because Matter sits over IPv6, it is agnostic of the lower layers. This allows the protocol to communicate across Ethernet, Wi-Fi, Thread, and even Bluetooth Low Energy (BLE) if the IPv6 for BLE adaptation layer is used. A device (typically within the Smart Home realm) utilizing Matter can be a member of multiple fabrics, allowing it to be controlled by components from different vendors.

The Matter Topology

A typical Matter topology consists of the following objects:

• Bridge: Exposes devices between Matter and non-Matter networks.
• Controller: Used for commissioning and control of the devices on the fabric.
• Edge Router: Ensures interoperability of different IPv6 networks.
• Node: A Matter device that can belong to multiple Matter fabrics.

These components form the Matter fabric, as shown in Figure 1. Here, the Thread Border router & Wi-Fi Access Point are acting as edge routers. The Master Controller is also assuming the role of bridge. These components are what the different Nodes are connecting to.

Figure 1

Devices are commissioned onto a fabric through a set process.

When a device is first added to a fabric, it undergoes a series of steps.

1. Device Discovery

The discovery process will occur over BLE, Wi-Fi, or IP if already on an IP network. If utilizing Thread as the medium, the device must also support BLE for the discovery purposes. When using BLE, the discovery method is the Generic Access Profile (GAP). For Wi-Fi, it uses a Soft-AP function. An out-of-band password is obtained, usually via a QR code, which is used in the next step.

2. Security Setup using Passcode-Authenticated Session Establishment (PASE)

The outcome of this step is to establish encryption keys between the device being commissioned and the commissioner. Additionally, a challenge is created for the next stage, the Attestation phase. The image below illustrates the PASE process at a high level (Figure 2.)

Figure 2

3. Device Attestation Verification

The commissioner verifies that the device is a certified device and will notify the user if it is not certified.

4. Information Configuration

The commissioner provides the device with relevant information such as regulatory domain information, UTC time, network interface configurations, and certificates.

5. Join Network

The commissioner instructs the device to connect to the operational network. The IPv6 address is either already known or discovered by the commissioner.

6. Security Setup with Certificate Authenticated Session Establishment (CASE)

Encryption keys are derived to ensure secure communication between the commissioner and the device. All unicast messages between the commissioner and the device are encrypted using these keys.

7. Commissioning Complete Message Exchange

An encrypted exchange of messages is performed over the operational network to indicate successful commissioning.

Matter promises to revolutionize the Smart Home IoT world by unifying different wireless protocols and creating a versatile fabric over IPv6 networks. The Matter fabric enables simplicity, interoperability, reliability, and security. By embracing Matter, we are promoting a future where IoT devices of different vendors can work harmoniously in a connected environment.

Written by:

Ben Eatts, CWNE #315

References:
https://csa-iot.org/all-solutions/matter/
https://developer.nordicsemi.com/nRF_Connect_SDK/doc/2.1.2/nrf/ug_matter_overview_network_topologies.html

Multiple PSK technology, initially designed for per-device control of Wi-Fi networks, was a necessity before its introduction. Previously, WPA2 Enterprise, which uses certificates for device security, was required. Multiple PSK systems typically have a controller table mapping MAC addresses, passphrases, and VLANs for a specific SSID.

If a device with MAC address de:ad:04:20:be:ef is lost, its row is simply removed from the table. This allows for individual device access revocation without affecting others, providing a cost-effective alternative to WPA2 Enterprise architecture. The multiple PSK approach is universally compatible, unlike WPA2 Enterprise which is only supported by a subset of devices.

The MAC address in the table might seem redundant, as one could assume that revoking an individual passphrase assigned to a single device would suffice. However, if the same PSK were used on multiple devices, revoking it would disconnect all those devices from the network.

While multiple PSK Wi-Fi systems allow the use of several passphrases on the same SSID without tying them to a specific MAC, this functionality is often limited. A larger table of passphrases can be used if each is bound to a unique MAC address.

The scalability constraints stem from the WPA2 4-way handshake. The passphrase is known to both sides and isn't transferred over the air. Instead, random numbers are exchanged and multiple rounds of cryptographic hashing are performed. This process is time-consuming due to the low-performance processors in most Wi-Fi access points, which can only perform this computation a few dozen times per second.

Linking a passphrase to a specific MAC allows the hashing rounds to be computed once, verifying the passphrase's correctness. Without this link, the system must hash for every configured passphrase, which can overwhelm the computational power and cause timeouts. Therefore, mapping passphrases to MACs significantly enhances the scalability of multiple PSK Wi-Fi systems.

Sometimes, an external device may manage passphrases for scalability and centralized management in an enterprise network. For instance, a corporation with multiple locations may want a central database of all network-approved devices. If Wi-Fi system controllers are on individual premises, a centralized database of allowed passphrases and potential MAC-to-VLAN mappings would be an appropriate architecture.

Two common methods exist for syncing a centralized passphrase database with a multiple PSK Wi-Fi system. One is using an API to update the passphrase data on the Wi-Fi system, automated by the central system whenever the device database changes. This capability is available in multiple PSK Wi-Fi systems from Aruba, Cambium, Juniper, and Ruckus.

The alternative is real-time passphrase checking using an external system. Most Wi-Fi systems function as a RADIUS Network Access Server (NAS) that queries a RADIUS Server for centralized AAA. However, forwarding the client-provided passphrase from the RADIUS NAS to the RADIUS Server is impossible as the client never sends the passphrase to the RADIUS NAS. Thus, the 4-way handshake must be manipulated and interrupted.

Consider the the messages of the 4-way handshake:

The ANonce and SNonce are random numbers, while the Message Integrity Check [MIC] is a checksum and sequence number preventing replay attacks. The Group Transient Key [GTK] encrypts broadcast and multicast traffic, and the final message is an acknowledgment. Notably, the Pairwise Transient Key [PTK], which encrypts all unicast traffic, is never transmitted between the client and the Wi-Fi system.

Now consider the sequence of the calculations and the PTK in the 4-way handshake:

The PTK calculation relies on the Passphrase, ANonce, SNonce, AP MAC address, and client MAC address. The client computes the PTK before sending the second message of the 4-way handshake, and the Wi-Fi system does the same before sending the third message.

Multiple PSK Wi-Fi systems interrupt the 4-way handshake after the second message to perform a RADIUS transaction before the third message. Interrupting at this point is ideal because the Wi-Fi system must know the passphrase (or a computational derivative like the PMK) to proceed with the 4-way handshake as intended.

Adtran Bluesocket, Cambium cnMaestro, Cisco 9800, Juniper Mist, Ruckus SmartZone, and ZoneDirector can all operate as described earlier. The RADIUS Access-Request must contain the ANonce, SNonce, AP MAC address, and client MAC address. The message format sent to the RADIUS server varies by vendor. Some send the entire second message of the 4-way handshake, while others send its individual components in a parsable data structure. All four pieces of information are necessary for the AAA server to find a matching passphrase.

The AAA server responds with a RADIUS Access-Accept message containing the information needed to complete the 4-way handshake. The reply's contents vary based on the Wi-Fi system's manufacturer. Generally, the system needs to compute the PTK, so the AAA server must reply with the Passphrase or an intermediate computation like the PMK.

The passphrase search is time-consuming due to the 4-way handshake design. The Wi-Fi system typically times out the handshake during the RADIUS messaging with the AAA server and attempts to restart it. The system then completes the handshake using the passphrase or computational derivative provided by the AAA server in the RADIUS Access-Accept.

It is important to note that the AAA systems that are capable of performing these calculations are only a small fraction of the set of all RADIUS servers in existence. RUCKUS, RG Nets, and Eleven Systems are vendors known to have built AAA servers that perform this function with varying degrees of compatibility to wireless equipment manufacturers.

Power Over Ethernet (PoE) Evolution

Back in 2007, a significant concern revolved around the power consumption of 802.11n access points (APs) equipped with multiple radio chains. At that time, the prevailing PoE standard, 802.3af, provided a maximum of 12.95W, which fell short of most 802.11n APs. The good news is that within 6-9 months, 802.3at, also known as PoE+, was introduced, capable of delivering up to 25.5W. This advancement significantly eased the support for 802.11n APs, even those with multiple radio chains.

Some vendors incorporated dual-band 802.11n radios and Wireless Intrusion Prevention System (WIPS) functionality to enhance redundancy and reliability in a single enclosure. Furthermore, with the arrival of 802.3bt (PoE++), capable of delivering up to 100W of power, the power challenges for high-performance APs have largely been resolved.

Architectural Changes and WLAN Controllers

Discussions in the early days of 802.11n highlighted concerns about overwhelming WLAN controllers due to the high throughput capabilities of 802.11n. However, the adoption and deployment of 802.11n did not immediately lead to controller overload. 802.11a/g networks continued to be sufficient for many deployments for several years. The need to upgrade Ethernet infrastructure to gigabit, as initially considered, proved unnecessary, as a 10/100 Ethernet infrastructure continued to be suitable for supporting 802.11n, a fact that remains true today.

Today, the principal challenges have shifted towards RF planning and protection mechanisms, especially in high-density environments. Additionally, with the proliferation of handheld client devices, such as scanners and phones, which may not support the 802.11n PHY for some time, the focus has shifted towards optimizing network performance and security.

Distributed Data Forwarding (DDF) Architecture

Previous discussions introduced the concept of distributed data forwarding (DDF) or hybrid architectures. In this model, the data plane is moved back to the AP to enable direct data frame transmission, a concept that has gained prominence in recent years.

One approach to address Layer 3 (L3) roaming in a DDF architecture is to tunnel the data plane back to the WLAN controller exclusively for L3 roamers, allowing data to be sent directly to its destination at other times. This approach effectively mitigates issues such as VLAN tagging at the edge.

Another noteworthy development involves the incorporation of application-layer intelligence and configuration options in both the controller and AP. This enables fine-tuned control over switching frames directly to their destination (DDF) or tunneling them back to the central controller (centralized). Such flexibility caters to the diverse demands of enterprise applications, encompassing high-security and time-sensitive requirements.

In the DDF architecture, distributed encryption and decryption have become essential to optimize over-the-air bandwidth. This is particularly valuable in mesh environments, where conserving and efficiently using bandwidth resources is paramount.

The wireless landscape has seen remarkable progress since 2007. Improvements in PoE standards, the continued viability of 10/100 Ethernet infrastructure, and the evolution of architectural choices have all adapted to the escalating demands of wireless networks. The journey of 802.11n from its inception to 2023 has indeed been transformative.

[IMAGE: https://images.pexels.com/photos/3183187/pexels-photo-3183187.jpeg]
Credits: Pexels

As industries and workplaces ride the wave of digital transformation, new tech can transform employee training experiences through greater efficiency and learning outcomes. For instance, the ability of 5G and the IoT (Internet of Things) to facilitate low-latency communication has enabled employers to provide real-time information to employees with no delays or lags compared to traditional instruction. These software and applications have paved the way for data-driven training program design, implementation, and evaluation.

Yet another emerging technology that is increasingly becoming relevant in the training industry is augmented reality (AR), which refers to an interactive experience that simulates and enhances the real-world environment with computer-generated content. Here's a closer look at how the immersive nature of AR can cultivate engagement, safety, and confidence in the training process.

Boosts information retention and engagement

Whereas traditional learning relies on standard, pre-determined materials like handbooks and lectures, AR-based employee training allows for more flexibility and accessibility. In skilled labor like manufacturing, AR headsets can provide real-time, step-by-step instructions during on-the-job training, allowing workers to better retain information, knowledge, and skills.

Meanwhile, AR also benefits the gamification aspect of corporate learning, wherein employees can personalize their own learning pathways and acquire information via interactive platforms like videos, simulators, and games. Although AR with virtual reality (VR) has yet to gain the same traction in corporate settings as in education, a study predicts that 14 million US employees will use AR glasses for on-the-job tasks and training by 2025. Employees can use the tech to visualize work-related scenarios in virtual environments and emerge from the training programs feeling more productive, engaged, and happier at work.

Reduces high-risk scenarios

When used with wearable devices, AR can also reduce the risk of error and injury when training in particularly hazardous workplaces. Trainees in the construction industry can use smart glasses that can display interactive site maps, floorplans, and navigational cues in a hands-free manner instead of tablets and smartphones that can interfere with on-site work. Moreover, eyewear brand Ray-Ban's flagship smart glasses, Smart Stories, also have audio, photo, and video capabilities to capture and relay project progress in real-time, as well as communicate safety and hazard information on the job site.

Since Smart Stories are also being developed with Meta for more advanced AR capabilities, they can be utilized for life-like demonstrations of heavy machinery and complex equipment operations. Smart glasses wearers can thus see the equipment in action without having to expose themselves to hazardous materials and situations.

Prepares trainees for practical learning and applications

Lastly, the 3D visualizations and simulations in AR and VR are crucial in preparing trainees to be confident in facing complex, real-life situations. Instead of learning from textbooks and video demonstrations, medical trainees, in particular, can practice repeatable surgical exercises with ease and precision. They can train motor skills with the three-dimensional ability required in surgery, take a closer look "inside" the body for anatomy and physiology, and even train together with nurses and fellow physicians via multiplayer experiences.

This practical learning also applies beyond healthcare, extending toward advancing the knowledge and understanding of radio frequency (RF) technologies and wireless networks, as set forth by the CWNP. Imagine a scenario where you are teaching a class on the topic of IoT deployment. Instead of simply explaining the process, you have an AR-assisted learning process that includes virtualized deployment of IoT devices. Additionally, the learning process could allow the students to visualize RF moving through the space in 3D. Such a learning experience can certainly assist individuals in mastering complex wireless technologies. Overall, this hands-on learning and application can also equip them with essential soft skills like critical thinking, decision-making, and collaboration since they can directly interpret and interact with their training environments.

Just like 5G and IoT, the introduction of AR in the training industry is not without any challenges. Aside from logistics and costs, wearable AR devices can host malware and compromise personal and company data, thereby demanding cybersecurity training and awareness among employees and trainees before being deployed in the workplace.

Vendor-neutral certifications, such as those provided by the Certified Wireless Network Professional (CWNP), are designed to provide comprehensive knowledge about wireless technologies and best practices without being tied to a specific manufacturer's products. These certifications focus on the underlying principles of wireless networking, making them applicable to various equipment and solutions. By investing in these certificates, your team gains an understanding of Wi-Fi technologies, enabling them to troubleshoot effectively, design efficient networks, and stay updated with industry advancements.

Benefits of Vendor-Neutral Certifications for Your Team:

1. Broadened Skillset: While your business might work with a specific product or technology, the IT landscape is ever-evolving. Vendor-neutral certifications empower your team with a versatile skillset that can be applied to various scenarios and technologies, ensuring their expertise remains relevant.
2. In-Depth Knowledge: These certifications delve into the intricacies of wireless networking, covering topics like RF technology, network security, spectrum analysis, and more. This comprehensive knowledge enhances your team's ability to handle complex issues and optimize network performance.
3. Problem-Solving: Vendor-neutral training emphasizes troubleshooting methodologies based on fundamental principles rather than specific solutions. This approach equips your team to identify and resolve issues efficiently, reducing downtime and enhancing user satisfaction.
4. Flexibility: As your business grows, you might incorporate new technologies or diversify your offerings. Vendor-neutral certifications provide the flexibility to adapt to these changes without extensive retraining.
5. IoT Security: In an era of increasing IoT integration, security is paramount. Some vendor-neutral certifications offer specialized tracks, such as IoT security certification, ensuring your team is well-prepared to secure interconnected devices and networks.
6. Credibility: Certifications from well-respected organizations like CWNP are recognized globally and validate your team's expertise. This credibility can enhance your business's reputation and attract new clients who prioritize skilled professionals.

Investing in CWNP Products and Courses

CWNP offers a range of products and courses tailored to different experience levels and expertise to facilitate this journey toward knowledge. Whether you're looking to train new hires or upskill your existing team, CWNP's resources range from foundational knowledge to advanced techniques. By investing in CWNP products and courses, you're ensuring your team receives quality education from industry leaders, ultimately contributing to the growth and success of your business.

Embrace the world of vendor-neutral Wi-Fi training, and watch your business thrive in an ever-connected world.

The standard defines three requirements engineering processes (IEEE 29148-2018 clause 6.1):

1. Business or Mission Analysis (expanded in 29148 and outlined in ISO/IEC/IEEE 15288:2015): The purpose of the Business or Mission Analysis process is to define the business or mission problem or opportunity, characterize the solution space (environment), and determine potential solution class(es) that could address a problem or take advantage of an opportunity (IEEE 29148-2018 clause 6.2.1). Outcomes include:

• The problem or opportunity space is defined. This definition may include political, economic, social, technological, environmental, and legal aspects (PESTEL). The problem or opportunity is clearly defined within the space. (The phrases problem space, opportunity space, and solution space come from the domains of marketing and product development. The problem space or opportunity space is where no product or solution exists. It is where unfulfilled needs exist, and a solution is needed. The solution space is where the system or product is coming into existence. It includes prototypes, proof-of-concept (PoC), and the actual system.)
• The solution space is characterized. The environment within which the solution will be deployed is characterized including the definition of primary stakeholders (both internal and external), the target operating environment (including known security threats in such environments, hazards, and even discovery of existing system), and the identification of candidate alternative solution classes.
• The preferred candidate alternative solution class(es) are selected. This is achieved by assessing each candidate alternative solution class based on the defined criteria when characterizing the solution space. The assessment may include expert feedback, simulation and modeling, and other procedures. After assessment, the preferred solution class or classes have been selected. (Solution classes may be defined in varying ways. One common method is to use the three classes of: operational change, system upgrade, and new system development. That is, a solution class may require only that people do work differently while another may require upgraded or new technologies.)
• Traceability of business or mission problems and opportunities and the preferred alternative solution classes is established. The establishment of traceability in this early stage is essential so that stakeholder requirements can be linked back to the business or mission requirements and eventually the system requirements can be traced back as well. A requirements management tool may be used, and identifiers may be established, that will be used in the ensuing phases.

2. Stakeholder Needs and Requirements Definition (expanded in 29148 and outlined in ISO/IEC/IEEE 15288:2015): The purpose of this process is to define the stakeholder requirements for a system that can provide the capabilities needed by users and other stakeholders in a defined environment (IEEE 29148-2018 clause 6.3.1). Outcomes include:

• Stakeholders of the system are identified. Many stakeholders were identified in process one; however, this process should begin by exploring potential new stakeholders as well.
• Required characteristics and context of use of capabilities are defined. The context of use includes the characteristics of the users, tasks and organizational, technical and physical environment. For an IoT solution, this is the environment in which the devices will operate, the organization implementing them, and the enabling systems (also called supporting systems or supporting services) that exist. Scenarios (use cases, user stories, etc.) may be developed to analyze the operation of the system in its intended environment.
• Constraints on the system are identified. These may be imposed in the business requirements, derived from enabling systems with which the IoT solution must interface, and newly discovered constraints based on stakeholder needs. They may include budgetary constraints, regulatory constraints, and technical constraints imposed by existing systems.
• Stakeholder needs are defined and translated into stakeholder requirements. With the constraints defined and needs discovered, stakeholder requirements can be created. These should include requirements that are functional- and quality-related.
• Stakeholder needs are prioritized and transformed into clearly defined stakeholder requirements. Stakeholder requirements analysis is performed to ensure the statements are constructed according to requirements engineering best practices. It is also performed to ensure they are complete as a set (comprehensive) and prioritized. Stakeholder requirements should be necessary, implementation free, unambiguous, consistent, complete, singular, feasible, traceable, verifiable, affordable, and bounded.
• Traceability of stakeholder requirements to stakeholders and their needs is established and linked to business or mission requirements.

3. System [System/Software] Requirements Definition (expanded in 29148 and outlined in ISO/IEC/IEEE 15288:2015): The purpose of this process is to transform the stakeholder, user-oriented view of desired capabilities into a technical view of a solution that meets the operational needs of the user. The system requirements define, from the supplier's perspective, the characteristics, and functional and performance requirements the system must possess to satisfy stakeholder requirements. These requirements should not imply a specific implementation (vendor, protocol, etc.), unless constrained to do so by a higher-level requirement or constraint. Outcomes include:

• The system description, including functions and boundaries, is defined.
• System requirements (functional, non-functional, interface, etc.) and design constraints are defined.
• System requirements are analyzed to ensure proper construction and traceability to stakeholder and business or mission requirements and constraints.

Figure 1 illustrates the scope of requirements and requirement processes and inputs.

Figure 1: Requirements Scope

The specifications that come from the requirements processes depend on the scope of the requirements. The lowest levels, system element or software requirements, are constrained by the stakeholder needs in business operations and the organizational environment as well as external influences.

29148-2018 defines Requirement Engineering in clause 5.2 as, an interdisciplinary function that mediates between the domains of the acquirer and supplier or developer to establish and maintain the requirements to be met by the system, software, or service of interest. Requirements engineering is concerned with discovering, eliciting, developing, analyzing, verifying (including verification methods and strategy), validating, communicating, documenting and managing requirements. The primary result of requirements engineering is sets of requirements, each set:

• being with reference to a defined system, software or service;
• enabling an agreed understanding between stakeholders (e.g., acquirers, users, customers, operators, suppliers);
• having been validated against real-world needs;
• able to be implemented; and
• providing a reference for verifying designs and solutions.

The above description of requirements engineering is our overall framework for creation of requirements. Figure 2 illustrates the interdisciplinary nature of the process and that which each party brings to the table.

The acquirer is the stakeholder that acquires or procures a product or service from a supplier. It is the individual or group within the organization with the desire and authority to request and approve the development of a solution, in this case, a wireless IoT solution. The supplier is the organization, group, or individual that enters into an agreement with the acquirer to supply the product or service.

Both the acquirer and other intra-organizational and inter-organizational stakeholders must work together with the supplier to implement effective requirements engineering. The acquirer and other stakeholders bring vertical expertise to the process. By vertical expertise, we are referencing the business sector or group of similar organizations with similar customers or group members for whom the acquiring organization operates, such as government, manufacturing, oil & gas, retail, hospitality, healthcare, entertainment, etc. The supplier brings technical expertise to the process, which, in the case of wireless IoT solutions, means an understanding of the IoT solution architectures, protocols, applications, and data processing.

While the acquirer domain provides the stakeholders, the supplier domain provides the technical professionals. The stakeholders have knowledge of the existing environment, including constraints and needs as well as future goals and objectives. The technical professionals have knowledge of IoT solutions, and the tools, planning, soft skills, and systems required for their implementation.

Understanding the levels of requirements and the interdisciplinary nature of requirements engineering will help you advance your abilities significantly. You cannot generate requirements alone in a vacuum. It will take teamwork, communication skills, and technical knowledge combined to create an effective set of requirements. We teach this process in detail in the CWDP, CWIDP, and CWIIP learning materials to ensure that you understand the process as it relates to wireless design and integration design.

Figure 2: Interdisciplinary Requirements Engineering for IoT Solutions

Challenges

The "Home" Wireless Experience

Some of the residence halls' challenges are the students are looking for the "home" wireless experience, plug and play. Their iPhone works fine with their Apple TV at home, so they want it to work the same on campus. Some consumer products we have been asked to connect to the network include TVs, pet feeders, toys, baby monitors, microwave ovens, gaming systems, Friendship Lamps, and smart speakers. The list grows with new products being released daily.

Aesthetics

Aesthetics is always challenging in any environment. You have building architects stating nothing goes on the ceilings, then you ask about lighting, fire suppression, and detection and get the response that they are building requirements. In today's always-connected mentality, I would argue that wireless access points must be included in basic building requirements as the wireless network has become part of the Life Safety System and building automation.

I like to follow an old saying with a twist, "Children should be seen and not heard," and "APs should be heard and not seen." This can be accomplished in many ways. Some companies can create skins for your APs to match the environment (https://www.acceltex.com/skins/), and other options are paintable AP covers or enclosures (https://www.chatsworth.com/en-us/products/wireless-enclosures/ap-covers/access-point-covers). One of the first things wireless engineers do when walking into a new building or space is look up to see if they can find the APs. This is both curiosity and looking for future solutions for their own deployments. There is even a Twitter hashtag, #ApsInTheWild.

Sub-Verticals

The sub-verticals in the University all have their unique requirements. In addition to higher education, our institution offers schooling from kindergarten through high school. The challenge is that students are not provided a network account until the 5th grade, and the school introduced a one-device-to-student policy starting in 3rd grade, with tablets and laptops available for use by 1st and 2nd grades. To get these devices on the wireless network, a new SSID was created along with AP Groups to limit the location of this SSID since these devices will not be roaming across campus. Since these devices are all managed by an MDM, we implemented a PSK network with MAC authentication and planned to change the key yearly.

The University Police were deploying in-car video and body cameras that would need to be uploaded when a squad car pulled into the parking lot or the officers entered the station. However, this video must be on a private fire-walled network to meet security requirements. The solution was to place the APs in local mode and map the new SSID to a VLAN inside the firewall, thus allowing the campus SSIDs to function normally.

To provide cover in the parking garage, a MESH network was deployed to cover the basement and ground floor. We have deployed a small MESH wireless network around campus for two other applications.

The university gas station was going to implement card readers at the two gas pumps, these readers need to be connected to the wired network, and the cost of installing new cabling was uneconomical because blast-resistant concrete would be required to repair any trenching. The pump island already had available electrical and a mounting pole that could be used for an AP, so a root AP was installed outside the station and the MESH unit mounted on the pole on the island, and then a Cisco IE3400 rugged switch that the card readers would connect and the connected the uplink port to the MESH AP, with the required VLAN trunked across the link.

The second use of outdoor MESH was the university shuttles busses. We installed card readers in each bus and then connected them to an autonomous AP in bridge mode, which would then connect to the MESH APs around campus to sync data from the card readers with the central database. This allowed the university to track usage and adjust schedules as needed.

Conclusion

Higher education Wi-Fi provides ubiquitous, robust, scalable, and secure wireless internet connectivity across campuses. It supports the institution's academic, research, and administrative needs, and the "home wireless" experience for the students in the residential halls, while also enabling emerging technologies for enhanced learning and research experiences.

In order to reduce battery drain, IEEE has come over different power save mechanisms. Many mechanisms that are described in the IEEE 802.11 standard allow a wireless device to reduce its power consumption, to turn off its radios, and to wake up at the correct time to retrieve its traffic. While the APs are generally connected to an external power source, the wireless clients are often running on batteries. The purpose of power-saving features is to increase the battery life and to allow longer performance. This battery life extension can be significant for low-powered devices such as smartphones, Voice over IP phones, or handheld barcode scanners.

Several techniques for power save have evolved over the years since Wi-Fi's inception:

1. Legacy Power Save
2. WMM-Power Save
3. Spatial Multiplexing Power Save (SMPS) Method
4. TXOP Power Save
5. TWT (Target wake time)

Spatial Multiplexing Power Save (SMPS) Method

• This is also known as MIMO PS Method, which is related to MIMO transmission.
• As we know, from 11n onwards, devices can support multiple radio chains on transmit and receive sides.
• Due to multiple chains, multiple streams can be transmitted and received, and hence overall performance is increased however, it comes at the cost of battery power since it will consume higher current.
• So there is a trade-off between Battery Power and Performance, and if someone gives priority to power, then the need for power save arises.

SMPS – How it Works

SMPS is a process that allows an HT client which is capable of receiving multiple streams to operate with only one active receive chain. Other receive chains are disabled, and so Power Save is achieved.

SMPS Methods

1. Static SM Power Save
2. Dynamic SM Power Save

The client may invoke any method depending on the support and need. And the client may intimate to AP during the initial Association or anytime after the association.

1. Static SM Power Save

• This method allows the client to disable the receive of MIMO rates completely, and only one receiver chain will be active on the client.
• When the client informs the AP (either at association time or anytime after using the MIMO power save HT Action management frame) that it is in static MIMO power save mode, the AP must not transmit any frames at MIMO rates to that particular STA. Because only one receiver chain is active, the client will not understand MIMO data (transmissions higher than MCS7 will be MIMO transmissions).
• Once the STA informs the AP that it has come out of static MIMO power save, the AP may resume sending frames to that STA at MIMO rates.

2. Dynamic SM Power Save

• In this method, the client is allowed to use one receiver chain or multiple receive chains dynamically based on the AP's RTS packet.
• In other words, it allows the STA to disable the receive of MIMO rates without protection and enable receiving of MIMO rates with protection.
• When the STA informs the AP (either at association time or anytime after that using the MIMO power save HT Action management frame) that it is in dynamic MIMO power save mode, then the AP must not transmit any frames at MIMO rates without a preceding RTS/CTS to that particular STA.
• The AP may send frames at MIMO rates after it sends an RTS frame at one of the non-MIMO rates. The STA, which implements dynamic MIMO power save, is required to turn on any inactive receive chain when it receives an RTS frame in order to be able to receive a MIMO transmission.

Client Requirements to Support SMPS

1. Trigger to enter MIMO power save:

The trigger to enter MIMO power save can be based on a user configuration through the GUI or an automatic algorithm which decides when it makes sense to enter MIMO power save. For the user configuration, a knob needs to be exposed which allows the user to choose between the following

• Disable MIMO power save
• Enable dynamic MIMO power save
• Enable static MIMO power save

2. Inform the AP:

When the user (or the algorithm) triggers any change in dynamic/static MIMO power save, the client needs to do the following

• If it is already associated, generate a MIMO power save HT Action management frame to communicate the new state to the AP
• If not currently associated, save the changed state and communicate it during the association in association requests

2.1. Inform AP during Association:

• A client may use the SM Power Save subfield of the HT Capability Information field in the HT Capabilities element of the (Re)Association Request frame to change the SM Power Save mode.
• This method enables only one single receive chain after (Re)Association.
• The 2 bits of the SM Power Save subfield indicate the SM Power Save mode that is in operation immediately after (Re)Association and a capability.

Set to 0: for Static SM Power Save mode
set to 1: for Dynamic SM Power Save mode
set to 3: when SM Power Save is disabled or not supported.

2.2. Inform AP After Association:

• A client may also use an SM Power Save Action frame (HT Action frame) to manage the SM Power Save transition.
• The SM Power Save Enabled subfield is set to 1 when SM power saving is enabled at the client.
• The SM Mode subfield is set to 1 for Dynamic SM Power Save and set to 0 for Static SM Power Save mode.
• The change is validated after the frame has been successfully acknowledged.

Sniffer Capture (Association Request):

client using the association request to update the SM power save state during association to AP.

Sniffer Capture (Action Frame)

client using the action frame to update the SM power save state after association.

3. Local Actions:

• A client entering MIMO PS may change its PHY configuration to keep only one receive chain active.
• It should also disable the use of MIMO rates for its own transmissions.
• When the STA comes out of MIMO PS, it should turn on all the receive chains and can resume the use of MIMO rates for transmissions

AP Requirements to Support SMPS

1. Maintain per-STA state

The AP needs to track whether each associated client is in dynamic/static MIMO PS or not. It needs to update the state every time it receives an association frame or a MIMO PS HT Action Management frame from any STA. It needs to process the MIMO PS HT Action management frames for this.

2. Honoring Static MIMO PS

If a client is in static MIMO PS, the AP must not send any frame at MIMO rates to that STA. This implies disabling all MIMO rates from the rate adaptation table for that STA.

3. Honoring dynamic MIMO PS

If a client is in dynamic MIMO PS, the AP must precede all transmissions at MIMO rates to that STA by an RTS/CTS exchange at a legacy rate.

References:

Understanding WLAN Power Save Mode by Prasanna Chamala https://alethea.in/wlan-power-save-mode/#:~:text=In%20order%20to%20reduce%20the,sleep%20states%20to%20conserve%20energy.

802.11 Power Management with packet capture examples by dot11zen blogs On February 21, 2018 https://dot11zen.blogspot.com/2018/02/80211-power-management-with-packet.html

IEEE Standard 802.11-2016: https://standards.ieee.org/findstds/standard/802.11-2016.html

Wi-Fi Alliance WMM Specification v1.2: https://www.wi-fi.org/file/wmm-specification-v12

This is done by manipulating the phase and amplitude of the carrier wave. The number of possible phase/amplitude combinations is dependent upon the type of QAM being used (e.g., 4-QAM, 16-QAM, etc.). These phase/amplitude combinations are called symbols. Each symbol is transmitted at some fixed interval, or symbol period, to communicate one or more bits of data.

QAM does this by taking two sinusoid waves of the same frequency in quadrature and adding them together.

What does that mean?

A sinusoid is simply a smooth, continuous wave—like the cosine and sine waves you may have learned about in Math class. In fact, cosine and sine waves are two sinusoids that are 90 degrees out of phase with each other. One full cycle of a wave is considered to be 360°, so cosine and sine waves are basically two waveforms with the same frequency but offset by a quarter of their wavelength (i.e. 90°).

If you were to draw a cosine wave and a sine wave, you would draw the same basic shape for each, but they would each appear to have different origins or starting points. For example, in Figure 1 below, you'll see a green curve and a red curve. Originating at 0°, the green curve appears to be a cosine wave, and the red curve—is a sine wave. However, if you look at the red curve as originating at 90°, you will see that it now resembles a cosine wave.

Figure 1 - Sine and Cosine waves

Why Am I Telling You This?

When two waves are 90 degrees out of phase, we say they are in quadrature. We could also say that these two waves are orthogonal to each other, which could also refer to the 90° offset, but orthogonality also implies that these two waves are discrete, unrelated, independent components that will not interfere with one another, i.e., changing one does not affect the other. When these two signals are eventually summed and transmitted, this property of orthogonality is what allows the receiver to isolate and recover the individual component waves from the combined signal.

In QAM, we usually refer to one of these waves as the I, or In-Phase component, and the other as the Q, or Quadrature component. By convention, the I component will be a cosine wave and the Q component will be a sine wave.

Now, when we take I and Q signals of the same amplitude, and add them together, the resultant wave will have a phase directly between the phases of the I and Q signals. You can see this in Figure 2 below, where we are adding the I and Q waves together. You can see the resultant wave in blue with a phase of 45 degrees—exactly between 0° (the I signal) and 90° (the Q signal).

Figure 2 - Summed Cosine and Sine waves, and the resultant wave

Before we go on, I would like to say a few words about "phase." The phase of a wave indicates the location of some specific point in the wave cycle. It is expressed as an angle, usually in degrees (but, you could also use radians). For our purposes, when we mention "phase," we usually don't mean the absolute phase just described, but the phase difference between similar points on two waves.

Accordingly, when we speak of a wave having a certain phase, it's almost always in reference to another wave. So, in the above image, the blue resultant wave has a phase of 45° in reference to the In-Phase wave, or I component. Note how the I component is a cosine wave originating at 0°, and the resultant wave appears to be a cosine wave originating at 45°.

It may be confusing that we call the I component, "In-Phase." In-Phase to what? Well, it has to be called something, but really, think of it more as the reference point for the Quadrature (Q) wave.

We can invert (shift by 180°) either, or both, of these waves while still maintaining orthogonality. This gives us four distinct I/Q combinations. For example, if we invert the I signal without changing the Q signal, we get a resultant wave with a phase of 135° (see Figure 3 below). If we invert both signals, we get a resultant wave at 225°, and if we only invert the Q component, we get a resultant wave at 315°.

Figure 3 - Inverted In-Phase component and the resultant wave at 135 degrees

As long as the amplitudes of the I and Q waves are the same (can you sense the foreshadowing?), these are the four possible I/Q combinations and resultant phase shifts (45°, 135°, 225°, and 315°). These four symbols serve as the basis for 4-QAM (which is effectively the same as the QPSK modulation method used in 802.11).

The number preceding "-QAM" refers to the number of possible symbols used in said version of QAM. So, with 4-QAM, there are four possible symbols. To determine the number of bits that can be mapped to each symbol, you can use the following formula, where M is the number of possible symbols:

bits per symbol = log₂ M

Don't be intimidated. This formula is just asking, "What power of 2 can I use to get M?" We use 2 as a base because we are using binary numbers, and each bit can only hold one of two values (0 or 1).
So, with 4-QAM, this formula would become:

2 = log2 4

We know that 2² equals 4, so each symbol in 4-QAM can be mapped to 2 bits.

Encoding More Bits Per Symbol

We can see that having only four symbols limits us to being able to encode 2 bits per symbol. Since we are always looking for ways to encode more and more bits per symbol, what can we do to create additional symbols?

Well, we can do this by varying the amplitudes of the I and Q carriers.

To better illustrate this, let's compare the constellation diagrams for QPSK and 16-QAM, both taken from Figure 17-10 in the IEEE 802.11-2020 standard. As previously mentioned, QPSK—as implemented in 802.11—is essentially 4-QAM.

Figure 17-10 from the IEEE 802.11-2020 standard, p.2823

Figure 17-10 from the IEEE 802.11-2020 standard, p.2823

A constellation diagram displays the symbol set for a given modulation type. The symbols are presented as dots, or constellation points, whose positions are plotted on the diagram based on particular amplitude values of the I and Q components. The amplitudes of each component wave, or carrier, are depicted as either positive or negative numbers along the horizontal and vertical axes. The horizontal axis represents the I carrier, and the vertical axis represents the Q carrier. Negative amplitude values indicate that the wave is inverted.

The angle, or phase, of each constellation point is measured counterclockwise from the horizontal axis.

The amplitude of each symbol is measured as the distance from the constellation point to the origin of the chart where the two axes intersect.

By examining the constellation diagrams above, we can see that—as opposed to the I and Q carriers in QPSK, which are each only capable of one of two amplitude values ( 1 or +1)—16-QAM's I and Q carriers can each have one of four amplitude values ( 3, 1, +1, or +3). This gives us 16 unique phase/amplitude combinations, allowing us to encode 4 bits per symbol.

4 = log₂ 16

Using 16-QAM as an example, let's see how QAM works in action.

How It Works

Before we begin, did you notice the "B₀B₁B₂B₃" in the top right-hand corner of the 16-QAM constellation diagram? This tells us how the displayed symbols are formatted. For example, if we look at the symbol "1010," B₀ will be "1," B₁ will be "0," B₂ will be "1," and B₃ will be "0."

16-QAM can encode four bits per symbol. So, as new bits arrive to be modulated and transmitted, the input data stream is first divided into groups of four bits. These bits are numbered in the order they arrive, so the first bit is B₀, the second bit is B₁, the third is B₂, and the fourth bit is B₃.

These bits are sent through a serial-to-parallel converter, which splits these four bits into two groups of two bits—B₀B₁ and B₂B₃—that can be processed simultaneously.

These two-bit groups will then be mapped to one of the constellation points using the following 16-QAM encoding table from Figure 17-14 in the IEEE 802.11-2020 standard, where B₀B₁ will dictate the value of the I component, and B₂B₃ will dictate the value of the Q component.

Figure 17-14 from the IEEE 802.11-2020 standard, p.2825

Each two-bit group is communicated as a pulse, the amplitude—or peak voltage—of which is determined by the table above. Here, we can see that a voltage of -3 will designate a bit value of 00, a voltage of -1 will designate a bit value of 01, etc.*

*Actual voltage levels may differ in practice, depending on the implementation.

These low-frequency pulses, or baseband signals, modulate higher-frequency carrier signals generated by a Local Oscillator (LO) to create the I and Q components. Here's how this is done:

• The LO produces a high-frequency cosine signal (i.e., the carrier wave) that is multiplied by, or mixed with, the low-frequency baseband signal of B₀B₁. If the baseband signal carries a negative voltage, the carrier will invert, or shift in phase 180°. The resulting pulse amplitude modulated signal is the In-Phase, or I component.
• A 90° phase shift is applied to the LO signal, creating the sine carrier. This is multiplied by the B₂B₃ baseband signal, resulting in the Quadrature, or Q component. Again, if the baseband signal carries a negative voltage, the carrier will invert.

The I and the Q carriers are then summed together to form the 16-QAM symbol.

To visualize the entire process at a high level, here is a basic block diagram of the operation:

Beyond 16-QAM

As previously mentioned, we're always looking to cram more and more bits into each symbol. With each wireless standard, new modulation schemes are introduced—64-QAM, 256-QAM, 1024-QAM, 4096-QAM, etc., and work much in the same way as the process outlined above. The obvious differences lie in the number of bits being encoded. This means higher data rates, which is great, but there is a downside.

For example, below is Figure 21-24 from the IEEE 802.11-2020 standard which shows only the first quadrant of the 256-QAM constellation diagram.

Figure 21-24 from the IEEE 802.11-2020 standard, p.3079

As you can see, the I and Q carriers in 256-QAM are each capable of sixteen possible amplitude levels ( 15, 13, 11, ... 1, +1, ... +11, +13, +15). That's a far cry from the four found in 16-QAM. All of those extra amplitude values are needed to create the 256 phase/amplitude variations. While this makes it possible to encode 8 bits per symbol, the acceptable error vector magnitude (EVM) is significantly smaller, as the constellation points are much closer together.

Error Vector Magnitude (EVM) is a measure of the accuracy of a transmitter and receiver. The EVM, in a nutshell, is how far the phase/amplitude of a received symbol deviates from the ideal phase/amplitude of the constellation point.

This means that, for the higher-order modulations, there's a much greater chance of the receiver not being able to accurately demodulate the symbol. In order to experience these high data rates, the signal to noise ratio (SNR) of the received signal needs to be very high. This means a clean RF environment with little to no interference and also usually entails being pretty close to the transmitter, i.e., being in the same room as the Access Point.

Everything comes at a cost.

If you'd like to read more about this and similar topics, visit my blog at https://whataboutwifi.com/

Wave images created with EMANIM:
Szilágyi, András (2019): "EMANIM: Interactive visualization of electromagnetic waves". Web application available at URL https://emanim.szialab.org

Incorporating IoT technologies with a solid Wi-Fi network to provide travelers a safe, comfortable, and customized stay has helped hotels reopen and begin offering their services again to their customers.

Why should the hospitality industry consider the IoT now and in the future?

1. Contactless Technology

Contactless technologies help travelers to minimize in-person contact. Using IoT applications, guests can check in using their mobile devices, receive their mobile key, and communicate with the hotel staff.

The Mobile Key allows guests to use their mobile to access their rooms. The guest doesn't need to stop and get their plastic card from the reception during check-in. All they need is to receive the key on their mobile device, and they only need to hold their mobile devices near the door lock and wait for no more than two seconds.

A few years ago, there were some challenges in implementing the door key solution and other IoT services. There was a need for other networks to support the Zigbee and BLE applications and solid Wi-Fi network coverage.

Now, most access points come with IoT onboard, which supports Zigbee and Bluetooth to simplify the deployment and management of IoT applications.

The advantages of the Online Door Lock system are not limited to the contactless option only. It also improves the customers' experience; gone is the day when a guest needs to visit the reception to get a new key if they decide to change the room or request a late checkout. It could also improve security by configuring the system to alarm the hotel staff if a guest leaves the room and the door is not closed sufficiently.

2. Panic Buttons

Panic Buttons system is one of the significant IoT applications even before the pandemic. It's an employee safety device that can be carried by the hotel staff and provide security with the updated exact location if the hotel employee is subjected to an emergency or abuse situation. The device can be attached to the employee's clothing or belt for easy access.

The panic buttons are now mandatory in some states in the USA. However, the implementation requirements differ from one state to another. The table below shows a sample of the requirements:

3. Density Prediction and Social Distancing

Access to hotel facilities such as a swimming pool, restaurants, bars, and meeting rooms could be challenging if a hotel wants to maintain a specific density and keep a social distance between guests. Fortunately, the IoT came up with a solution for this challenge by utilizing sensors to calculate the density in a particular area. The hotel can also display this data on a screen to let the guests know if specific locations, such as a restaurant, could be accessed or if the guest should wait until it becomes available.

4. Mini-Bar Services

Adding sensors to the hotel's mini-bar minimizes in-person contact and allows the hotel's staff to check the status of the mini-bar, whether it was opened or not. More details could also be included to report the mini bar items' temperature and status.

5. Automation and Robot's Services Function

Reducing in-person contact and using the Robot's service functions add a safe and efficient experience for the hotel guest. Nowadays, some hotels use robots for Room service delivery, luggage delivery, Logistics, and support for the back-of-house offices. And to sanitize public areas and guest rooms. Using a solid Wi-Fi network, sensors, Machine Learning, IoT, and mobile applications, the guest can receive a message that their order is waiting in front of the door. The guest can get their customized order using a barcode or a passcode that opens its dedicated tray.

6. Location-Based Services

Location-based services are commonly used in resorts and big box hotels. The system sends a notification to the guest with the menu option, advertise with SPA and Gym Options when the guest is nearby, or sends a notification for the time and the location for a special event such as a night show. It could also notify the guest if a particular place, for example, the restaurant or the swimming pool, has reached the maximum allowed occupancy so the guest can hold the visit until they receive a good-to-go notification.

7. Energy and Cost Saving

Hotels are using IoT to save energy and reduce operating costs. IoT technologies allow hotels to adjust the occupancy of the guest rooms' lights and the temperature according to the room occupancy and whether it's occupied or vacant.

The hotel's engineering staff can also rely on IoT to predict equipment maintenance by monitoring the performance, which could give the staff a chance to solve the issues before the guest check in.

8. Enhance the Guest Customize Experience 

As mentioned earlier, some amenities, such as the temperature and lighting, can be adjusted using sensors and IoT. The hotels also can use the IoT to customize guest preferences. Hotels also can save the guest's favorite channels, breakfast menu, and wake-up times.

Conclusion

In conclusion, we can see that updated technology is an opportunity for hotel organizations to show that they are modernizing and thinking about the future of travel. IoT applications in the world of hospitality have increased significantly. Most of them are through the Wi-Fi guest network. A reliable Wi-Fi network will not only help the hotel's guests to browse the internet and watch their favorite shows, but it will also help to keep them safe.

Resources

MSA698 Paper 1.docx - How Has COVID-19 Affected the Hospitality Industry1.https://www.coursehero.com/file/130296742/MSA698-Paper-1docx/
Four Key Lessons That Hotel and Tourism IT Executives. https://hospitalitytech.com/four-key-lessons-hotel-and-tourism-it-executives-can-learn-covid-19
https://aethon.com/hotel-mobile-robots/
https://behrtech.com/solutions/occupancy-sensing/
https://behrtech.com/blog/7-cutting-edge-use-cases-of-iot-in-hospitality/
https://www.jethotelsolutions.com/solutions/hotel-panic-button-laws/
https://campaigns.assaabloyglobalsolutions.com/
https://hospitalitytech.com/four-key-lessons-hotel-and-tourism-it-executives-can-learn-covid-19
https://www.bu.edu/bhr/2021/05/31/impact-of-covid-19-on-the-hospitality-industry-and-implication-for-operations-and-asset-management/

One of the key advantages of 5G is its ability to support a larger number of devices and connections. 5G networks are designed to handle a much higher density of devices than 4G networks, which means that more IoT devices can be connected to the network at the same time. This will enable new applications such as smart cities, where data from IoT devices can be used to optimize traffic flow, reduce energy consumption, and improve public services. For example, sensors can be placed on street lights, traffic signals and waste bins to monitor the real-time usage of these services, this data can be used to optimize the usage of energy and resources.

5G will also enable the deployment of ultra-reliable low-latency communications (URLLC), which is a crucial requirement for many IoT applications. URLLC allows devices to communicate with each other with extremely low latency, which is essential for applications such as industrial automation, remote surgery, and self-driving cars. With 5G's faster speeds and lower latency, these applications will be able to operate more efficiently, safely, and effectively. For instance, in the case of remote surgery, the surgeon will be able to control the robotic surgical instruments with much more precision and accuracy, thanks to the low latency provided by 5G.

Another important aspect of 5G is its ability to support edge computing, which enables data processing and analysis to be done closer to the source of the data. This is important for IoT applications because it allows data to be analyzed in real-time, which enables faster decision making and more efficient use of resources. With 5G, it will be possible to deploy edge computing capabilities to more remote locations, which will enable new use cases such as remote monitoring and control of industrial equipment and machinery. For example, in the case of wind turbines, the edge computing capabilities provided by 5G will allow the turbine operator to monitor the real-time performance of the turbine and make adjustments on the fly, increasing the efficiency and reducing downtime.

5G also brings new security challenges to IoT. The increased number of connected devices and the sensitive nature of the data being collected and shared, makes IoT vulnerable to cyber-attacks. However, 5G networks have built-in security features such as network slicing, which allows for the creation of multiple virtual networks within a single physical network, each with its own security protocols. This makes it possible to create a secure network environment for IoT devices, which will help to protect them from cyber-attacks.

In conclusion, 5G and IoT are set to change the way we live and work by providing new opportunities for innovation, efficiency, and automation. The combination of 5G's faster speeds, lower latency, and more reliable connections with IoT's growing network of connected devices will enable new use cases and applications that were not possible before. With 5G, it will be possible to connect more devices, reduce latency, and enable real-time data processing and analysis, provide edge computing capabilities, which will open new possibilities for the IoT, create new opportunities for growth and innovation while addressing the security challenges.

Before you decide to roll out your new solution, there are a plethora of other things to consider. As a network engineer who's delved into the wireless side of things over the last few years, I can attest that there are things that sometimes get overlooked during the (re)design process. Let's review how things typically play out:

• Initial design meetings, where requirements are laid out
• Putting together a request for proposal and inviting vendors to submit bids...or, maybe just going to the latest and greatest from your current vendor
• Configuring everything in a lab environment to test and make sure you get the features and performance you want
• Making final decisions, composing a purchase order, and placing an order
• Updating documentation like topology diagrams, rack elevations, and procedural documents
• When the equipment is on site, getting it ready to deploy and considering a realistic schedule that can be communicated to necessary parties
• After a lot of pre-work and testing, turn up / migration day comes and you hope it all goes smoothly

That's a pretty comprehensive list, but it's not the whole story. Your access points need to connect to a switch on site. Let's say you want to buy Cisco's new Wi-Fi 6/6E capable controller, the Catalyst 9800. You want to take advantage of faster speeds and increased bandwidth. Fewer complaints of congestion and latency would be nice, right?

Not so fast—what model of switch is on site? Is it capable of 10G or higher speeds?

If your uplinks to the site gateway are only 1G and the switch isn't capable of supporting a 10G connection, it doesn't matter what the controller can do. The access points connecting to a switch that only supports a 1G connection won't be able to do anything more than that, so you'll have a traffic bottleneck and slower speeds.

Or maybe you just need new transceivers so you can upgrade your uplinks. That's an easy solution if you can swing the expense. Make sure the transceivers you're using are capable of at least 10G connections on both sides—the switches on site and the router that allows you access to the Internet.

Another thing to look at is the fiber you currently have. If you still have OM1 or OM2 fiber in your closet, it's time to upgrade. OM1 is not compatible with the other types of multimode fiber and is only good for 100ft or 33m. Chances are you aren't using it, unless you've got an old site. OM3 and OM4 can be run further distances and are capable of speeds up to 100G.

For more bandwidth and higher speeds, OM3 or OM4 are the best choices. There's a newer standard, OM5, which is a wide band multimode fiber, but it's mainly used for data centers and high-speed applications. Unless you're a service provider, you're probably not going to need it.

Once you're sure the network equipment on site can support higher speed connections from access points, you'll want to consider how much overall bandwidth the site will generate and make sure your WAN links can support that. Study traffic patterns over time to see how much bandwidth the site already uses and how saturated your links get. If you're already cutting it close, that's another piece you'll want to upgrade, or as I like to say, "get bigger pipes".

In an ideal world, your group controls all of these parts and you can easily cover your bases. If that's not the case, you need to work with the people responsible for those components to make sure you're all on the same page and consulting each other before ordering new hardware. This avoids the issues described above.

The extra work here will be well worth it when your (re)design rolls out and your customers, clients, and colleagues enjoy higher speeds and more bandwidth. And after all is said and done, please remember to update all of your documentation to reflect the new implementation.

Carrie's LinkedIn

How does that work?

It depends on the implementation of each vendor, but basically either the Authentication or Association messages received by the 2.4 GHz radio from the client device are ignored.

Image 1

That's the basic implementation of band steering. But what happens once the device is connected to the radio in the 05 GHz band and that device is moved around the coverage area resulting in a decreased signal strength? Each vendor decides on an algorithm to suggest the end device change to a different radio band:

• A threshold is defined for each radio band, which is normally based either on RSSI or SNR.
• Due to the characteristics of the 2.4 GHz radio band, like better penetration, the threshold required for this radio band is usually higher.

An algorithm like this is defined for this purpose:

Image 2

It is important to remark that the algorithm performs a suggestion to the client to change to a different radio band. Each vendor will implement this in a different way. Here is an example using 802.11v (BSS Transition request). Important: The support of 802.11v capability is exchanged between client and AP during probe request/response, association request/response, re-association request/response management frames:

1. When the AP detects that the client crossed the predefined threshold for the current radio band connected, the AP will send a BSS Transition to the client offering the possibility to use the other radio band (from the same AP). In this example a client connected to the 2.4 GHz radio is suggested to change to the 5 GHz band:

Image 3

2. The client can answer to this transition request with a positive response. In this case the status code 0 means that this transition was accepted:

Image 4

Each client Wi-Fi chipset may implement their proprietary algorithms for band change that are unwilling to accept the recommendations made by AP, other devices will always accept the recommendations made (802.11v).

Think of it like this: you are sitting on the beach, and the waves are hitting the shore. Now, count how many waves hit the shore in a minute, and that's the frequency. Now with RF we use seconds, but you get the point.

In the graphic, you can see 5G low on the left, 5G mid in the middle, and 5G High on the right.
Just like with the water, the higher the frequency, the more water is being moved. In RF, the higher frequency, the more data can be moved. The downside to higher frequencies is they are more challenging to receive and process at greater distances.

LOW

The current strategy is to use the low band to provide nationwide coverage as it travels far but has lower data rates. We are currently in what's called NSA (non standalone) 5G. This means that it is using 5G down and 4G up. Until we get to SA (standalone), the advantages of 5G lowband will not be available. Keep in mind it will still be faster than your standard 4G but not the new gigabit LTE.

MID

The Mid band is the sweet spot. Its higher frequency allows us to see 600Mbps to 1Gbps speeds down, but we also get a decent range from it. Mid band is very close to Wi-Fi frequencies and will travel in a similar fashion. The main difference is that carriers can transmit at higher power levels and can use much weaker signals to a better effect than Wi-Fi can. The strategy for this band is city metro areas, city center, and suburbs.

HIGH

The high band is extremely high throughput. We could see speeds of 10Gbps. The issue is that it is such a high frequency that it travels very poorly. It is best with line of site, and most any obstruction will block the signal significantly, if not entirely. The current strategy for this is city centers, think of the carrier putting a high band (ultrawideband is one name commonly used for it) tower on the top of the tallest building in a downtown area, and then other buildings could put a W4005 on their roof that would have a clear line of site to the tower.

Some names used for different bands by carriers

Low= nationwide 5g, 5G
Mid= 5G, C band,
High= Ultrawideband, 5G+

In computer networking and specifically wireless technologies, the beacon is used for transmitting frames (management type) that show the presence of the base station (Access Point, or AP), which broadcasts not only the SSIDs but also some other important information as well.

There are three distinct types of frames transmitted when we use Wi-Fi. In each of the three types, there exist subtypes (for example, the Beacon is a subtype of the Management type). Those frame types are:

• Management frames
• Control frames
• Data frames

The management frames are used to manage the wireless network, which we call the BSS (Basic Service Set). These frames allow for associating, authenticating, etc. of clients who connect to the same BSS.

To better understand the frame in wireless protocols, imagine there is a big container, and this container is a collection of some small containers which do not serve any purpose up until they come together and form one big container.

Now, think of the same container as a frame. The frames are divided into small parts that, by themselves, do not have any meaningful purpose until they come and work together.

Let me show you in a simple diagram what I mean. For this blog, I'll try to make it as simple as possible.

Figure 1 - 802.11 Frame Format

As you can see, the frame is divided into several parts, which are then divided into further parts. For example, the Frame Control part (field) is broken into several sub-parts (subfields). I'll focus on the first three subfields for this article.

• Protocol version: which in our case is always shown by 00, which is to indicate that 802.11 (Wireless) is in use.
• Type field indicates the following:
• (00 - means it is management frames)
• (01 - means control frames)
• (10 - means data frames)

Each one of the aforementioned has different subtypes, for example, management frames have the following Subtypes:

• 0000 - Association Request
• 0001 - Association Response
• 0010 - Re-association Request
• 0011-Reassociation Response
• 0100 - Probe Request
• 0101 - Probe Response
• 0110-Timing Advertisement
• 0111-Reserved
• 1000-Beacon
• 1001-ATIM
• 1010-Disassociation
• 1011-Authentication
• 1100-Deauthentication
• 1101-Action
• 1110-Action No Ack(NACK)
• 1111-Reserved

You may be wondering why I used this type of numbering to show the frame subtypes. The reason is that these subtypes are based on 4 bits (binary values) which start from 0, which is the Association Request frame, and the last subtype in the management type is number 15. which in total gives us 16 subtypes. This type of numbering has another benefit, which is to help us filter these subtypes in protocol analyzers such as Wireshark.

In this blog, we focus mainly on the Beacon subtype, which is 1000 in binary or number 8.

The beacon frame is generated by the AP for the BSS to provide information about its network capabilities and timestamps. It is transmitted periodically, in specific every 102.4 milliseconds or 1024 microseconds. In the documentation, they call this interval the Target Beacon Transmission Time (TBTT). It is the time at which a node (AP in a BSS, Station when in ad hoc mode (IBSS)) must attempt to send the beacon to the stations which are listening for it.

Let me show you a beacon frame by using the following filter in Wireshark to show the beacon frames based on an SSID. You can use the same and replace "XYZ" with your SSID: "wlan.ssid==xyz&&wlan.fc.type_subtype==8"

Figure 2 - Wireshark Beacon Frame Delta time is 0.1024

Figure 3 - Wireshark Beacon Frame Delta time

You may be wondering why the number 102.4 is not the exact number as shown in the frame capture in the delta time column. It's because the AP was not allowed to transmit the beacon at that particular moment. It is because, in Wi-Fi, we are dealing with "Shared Medium." The medium belongs to every wireless-capable device to transmit data across the air.

Therefore, there must be a system in place to avoid collisions among those frames over the air so everyone can talk as required without interference.

For this purpose, the researchers implemented the idea of using Carrier Sense Multiple Access with Collision Avoidance, in short, CSMA/CA, approaches to control the shared medium. That transmitter is going to make sure that there is no significant energy in the air by sensing it before it can transmit data.

As you can see in Figure 3, the delta time between frames No.1492 and 1537 is more than 200 milliseconds. So there must be something in between using the medium which did not give any chance for the beacon frame to be broadcast. Let's deep dive and see what was happening in between. I am going to remove the filter and try to see what was transmitted during that time in between.

Figure 4 - Frames between 1492 and 1537

As you can see, there are multiple management and data frames in between and before our designated AP found an opportunity to transmit its Beacon frame.

That is why you see different timing in Beacon intervals during the capture as some more than that value of 102.4 ms, which is directly related to the channel utilization and contention. The more data is on the air, the less likely the transmitter can broadcast the Beacon frame.

In the following screenshot, you can see some Beacon frames are out of the ordinary, which is normal (Not-Preferred) in an environment with multiple SSIDs broadcasted over a single AP, which creates management overhead.

Figure 5 - Delta Time Column showing beacon interval of more than 1024 microseconds

As previously mentioned, the beacons are not just providing information related to their network. they are also helping all the stations in the network to change their local clocks and synchronize.

Conclusion

Beacons are very important frames to manage the wireless network. However, there are some design criteria that a designer must follow to have an effective network with reliable performance. The first and foremost is to reduce management overhead.

The simple solution to reduce management overhead is to reduce the number of SSIDs per AP.

In my lab, I created three different SSIDs on the same AP. The less SSID each AP has, the less management overhead it produces and, consequently the less channel utilization and more chance for other wireless-capable devices to transmit and receive data across the medium.

*-BSSID: Basic Service Set is the term used to describe a collection of Wireless-Capable devices connecting to the AP to be able to communicate together and transmit data.

**-IBSS: Independent Basic Service Set, Is the simplest IEEE 802.11 simplest type of network which does not need any infrastructure to be able to connect and transmit data. The other term used for this type of network is Ad-Hoc.

Tools Used for the Lab

• MacBook Pro
• ARUBA AP (3 SSID's)
• iPhone 11 (To generate traffic)
• Wireshark
• Airtool 2

Expert Analysis

This feature is an automated, intelligent identification and reporting of performance or security issues. For this feature to work properly, you will have to create or set several baseline thresholds to be able to compare the newly received information, and this feature will also be able to notify you when one of the predefined measures is not met. There are three different baseline analyses you can set in some of the Wireless network Analyzers.

Threshold-base Analysis – Compare key statistics to pre-configure thresholds.

Heuristics-base Analysis – Compare network traffic to the pre-configure rule set.

Hybrid Analysis – Combination of threshold and heuristics.

Filtering

There are two different types of filtering when doing wireless network analysis, and it is very important to understand the difference between the two. There are capture filters, and there are also display (post-capture) filters, they are described as follows.

Capture filters – with these filters, you will keep the frames that you want, and you will discard the frames that you don't want to keep at the time of the capturing. Very important to note the frames you discard with these filters will never be able to get retrieved again because they were never captured during this analysis.

Display (post-capture) filters – with these filters, you will be able to filter what is on the display view or what you are seeing. You would be able to display filter a capture file that was also filtered during the capture.

It is recommended to filter the capture files with the display filter and not with the capture filters unless absolutely necessary or you are certain of the traffic you are looking for during this particular analysis.

Naming Nodes

This feature will allow you to view the names of the devices instead of the MAC addresses, which would help you identify devices easier and be able to follow the device during different processes of wireless communication. There are different ways you can name the devices when using this feature and they are described below.

Passive Discovery – Automatically will add the names found in the packet captures, however, for this method to work, you will have to have access to the upper layers.

Active Resolution – This method will query the names of devices via DNS or WINS, however, for this method to work, you will have to have access to the upper layers.

Manually adding – In this method, you will need to manually add the name of the devices into the Wireless network Analyzer.

Import List of devices – This method will allow you to import a list of mapping device names to MAC addresses via a text or CSV file.

Colorization

With this feature, you will be able to separate protocols/frames by color. This feature will also help you, instead of filtering the display, with visually identifying what you are looking for quicker. This feature could be set up however you would like, and it could also be saved to be used with other analyses, or you can also have multiple different colorization schemes to be used for different types of traffic captures. There are several websites offering different coloring rules.

Decrypting Frames for upper layer visibility

This feature offers you the ability to decrypt the frames captured during the analysis. However, there are a few conditions that will need to be met to decrypt the data payload on the frame.

The encryption used – This feature can only decrypt frames using WEP and frames using WPA/WPA2-PSK. This feature will not be able to decrypt frames using 802.1X EAP.

Four-way handshake – You will also need to have captured the four-way handshake along with the SSID and the passphrase to be able to decrypt the frames.
It is recommended that if you need to decrypt those frames, you will have to force the device to disconnect and reconnect to capture the four-way handshake with SSID and Pre-

Shared key then be able to decrypt the traffic.

Packet Generation

This feature allows you to generate a packet to send to either an access point or to a device on the wireless network environment. These generated packets can be modified before transmission. This feature is not available in all Wireless network Analyzers and can be used for troubleshooting and/or testing a device or access point behavior when a generated packet is received.

Conclusion

In conclusion, this series of articles has been intended to give you an idea or perspective of the different views, features, capabilities, and opportunities a Wireless network Analyzer can provide you with assistance in your daily lives as a Wireless network professional. I encourage you to decide, which Wireless network Analyzer works best for you based on budget, features, capabilities, and learn as much as possible about it by either searching online for material or by utilizing the software as much as possible.

To read this series from the start, click here.

Reference table:
Material by – CWAP (Certified Wireless Analysis Professional) Study and reference guide, CWAP-403 1st edition by Certitrek publications.
Illustrations by – Wireless Analysis and Troubleshooting CWAP bootcamp v1.1, MarQuest networking support by Peter Mackenzie.

Packet view

In this view, the Wireless network Analyzer will show you all the 802.11 frames that have been captured during particular packet capture. You will be able to see the time, the source MAC address, possibly the Vendor, the destination MAC address, the protocol in use, etc. Different Wireless network Analyzer's vendors will have different views as well. For the most part, you will have a packet list, packet decode, and hex and/or binary data available to you.

Packet List

In the packet list will find a numbered of different columns, the Wireless network Analyzer's vendors will have different columns available to you, and they can be enabled/disabled based on the needed view. Some important columns, for instance, the flag column could indicate CRC errors, retransmissions, etc. These types of frames will be something you will need to identify quickly.

Other important columns will be the time columns, and you will have three different ones.
Absolute time – is the time when the packet was originally captured.
Delta time – is the elapsed time between packets. You can identify possible contention problems in the environment.
Relative time – is a cumulative time from a selected packet. You can possibly identify the duration of a particular process during the analysis.

Decode View

This view is very important for you to understand with whichever Wireless network Analyzer you select. In this view, you will have a translation if you will from computer language (ones and zeros) to a more understandable human language. In this view, we have different sections, the first section being.
The packet info/ radio tap header – this information is generated by the Wireless network Analyzer and added to the frame when capturing. This information is not part of the 802.11 MAC frame, some of this information is derived from the PLCP header. Also, it may be provided by the device's drivers, or it may be calculated by the Wireless network Analyzer.
Field Name – these are information included in the frame, for instance, duration, destination, etc.
Field value – this is the information corresponding to a field name, for instance, 233 MS, destination's MAC address, etc. This information is often represented in three different ways, a binary value, which starts with a percentage symbol (%), a Decimal value which is represented by numbers, and a Hexadecimal value, which starts with "0x".
Interpretive text – this is information translated to be more understandable to you.
Raw Hex – this is the data in its original form at the time of the capture as it is seen by the Wireless Network Analyzer.
ASCII Encoding – this is the code used for the translation of the raw hex data.

Wireless Network Analyzer Views

These views are features that would give you a bit more granular information about different statistics or performances of the wireless environment. For instance, you will be able to see in one location how many retransmissions, you can see channel utilization, you can also see a graphical representation of top channels, top talkers, top access points, top protocols, etc. This information can be very useful when analyzing a wireless network.

Channel information

It is also very important where to see or where to find channel information when capturing data for wireless network analysis. You can find the channel information in the following.
The Radio tap header/Packet info – the channel information would be listed in this section of the packet view.
Packet list columns – the channel information would also be available in one of the columns in this section, you may have to enable it, or you may not have to enable the column view, depending on the vendor.

Channel Information in the Beacon Frame

This is important to note in some instances, the channel information when capturing a beacon frame would be in the radio tap header. However, it could also be in the direct sequence parameter set if you were able to capture it in the packet, such as 2.4 GHz traffic. Very important to notice that the channel you capture the packet on is going to be in the radio tap header, and the channel that the packet was transmitter on is going to be in the frame fields, and sometimes these two may not be the same. For instance, you may capture a packet on channel 2; However, the packet was transmitted on channel 1. The reason is those are overlapping channels, and if the transmission has enough signal strength, you would be able to capture the uncorrupted frame and be able to demodulate and decode that frame on the channel you are on, which indicates a possible problem with channel interference.

Node List

This list will give you information such as, who is your top talker in the wireless network, who is sending the most multicast traffic, you can also identify unexpected vendors/devices (rogue devices), or you also would be able to find a device sending too much traffic. You would be able to identify a problematic device and address it quickly once it is identified.

Protocol View

In this view, you will be able to see the different types of protocols/frames, you will also be able to do quick filtering on the different protocols/frames, and in some cases, you can see a brief description of the protocol/frame.

Conversation View

This view would be useful if you can decrypt the upper layer traffic. However, depending on the type of encryption on the wireless network, it is not always possible to decrypt the traffic, and it is necessary to see the upper layer traffic, then it is recommended to do a packet capture on the wire beyond the wireless access point. It would have to be on the traffic path of the particular device, it may be directly past the access point, or it may be directly after the wireless LAN controller depending on which type of wireless environment you are working on.

Click here for part 4.

One very important point when performing wireless network analysis is the placement of the wireless network analyzer, there are many different situations that would cause you to place the analyzer in different locations throughout the wireless environment.

Capturing close to the access point

If you are trying to analyze a situation where it would be necessary to see the traffic from all devices and from the AP as well, you will need to place the wireless network analyzer near the AP. Keep in mind, however, that all traffic seen at the AP level will only be traffic that can be heard and demodulated properly by that AP.

Capturing close to the device

If you are trying to analyze a situation with one device, you may want to place the wireless network analyzer near that device. Keep in mind, also, that traffic captured at the device level will include 2-way traffic (transmission and reception from and to the device).

Capturing in different locations

If you are trying to analyze a broader situation, you would want to place the wireless network analyzer throughout the environment, in different locations, to be able to capture from different sources and determine the signals that may be introducing problems or conflicts in those areas.

Wired Analysis for a Wireless issue

There will be times when you will need to perform a wired analysis to determine the cause of the problem. It is important to understand the traffic flow on a wired network to know where to capture traffic on the wired network.

Packet Capture Configuration for Wireless Network Analyzers

When setting up a packet capture, for the most part with different vendor wireless network Analyzers, you will have similar options available. The following terminology is exact to OmniPeek, but the reflected capabilities exist in most other software as well.

Capture title – It is recommended to use as much detail as possible in the title of your capture for reference purposes, i.e., where, when, why, etc.

Continuous capture – This option will recycle the capture buffer, the buffer will become a first in first out buffer, in other words the buffer will continue capturing and will remove the oldest captured frames from the buffer as needed. Without "Save to Disk", most tools will maintain statistics, but you will be unable to analyze the actual frames once removed from the buffer.

Save to disk – This option will give you the ability to save your capture to your hard drive. Keep in mind you will need to make sure you have enough space. In conjunction with continuous capture, this allows analysis of all frames captured from the start of the capture.

Packet Slicing – This option gives you the ability to ignore the capturing of data within frames, also this would save you space on your hard drive, also it ensures confidentiality. it is recommended to limit each packet size to 500 bytes due to the size of beacon frames in most cases. Warning: Avoid cutting off header information, checksums may become invalid.

Capture buffer size – This option gives you the ability to increase or decrease the size of the buffer based on your available memory in the capture system. Most software defaults to some value at or around 100 megabytes, but with modern systems often having 16 GB RAM or more, this can safely be increase in many use cases.

Adaptor/Capture Device Selection

Access point capture – This option gives you the ability to do a packet capture from an access point that supports this feature.

Aggregator/ Roaming – This option gives you the ability to add multiple supported adaptors to be able to capture on multiple channels, then this gets aggregated together based on times to form a big capture view.

Single supported adaptor – This is your most common option; you would be able to do packet capture with a single network adaptor. You want to make sure you have the appropriate drivers for this adaptor.

Channel Configuration

Fixed Channel – This option allows you to select one channel in which you would like to do a packet capture. Some wireless network Analyzers will let you capture on 40 MHz, 80 MHz, and 160 MHz channels. You will pick the channel base on the 20 MHz primary channel.

Channel Scan – This option will give you the ability to select all channels on either 2.4 GHz and/or 5 GHz. You can also select the channels you are looking to scan only. With this option you can also select the time to dwell on a channel. Keep in mind, the longer you scan on a particular channel, the more data you will be able to collect from that specific channel, in the other hand, it is only capable to scan one channel at a time, in other words, the longer you scan in one channel the more you will miss from other channels.

Click here for part 3.

Reference table:

Material by – CWAP (Certified Wireless Analysis Professional) Study and reference guide, CWAP-403 1st edition by Certitrek publications.
Illustrations by – Wireless Analysis and Troubleshooting CWAP bootcamp v1.1, MarQuest networking support by Peter Mackenzie

Wireless network Analyzer software is a tool used to capture and analyze data traffic over a communication channel. Some of the protocol analyzers options out in the market are, Wireshark, Commview for WiFi, Omnipeek, Airmagnet WiFi analyser pro, etc. Your ability to choose among these common tools would be based on the different factors such as budget, features needed, etc.

Visualization tools are dedicated to analyzing the packets and present a more user-friendly version of the interaction between the device and access point. Such tools are packet analyzers imbedded in different vendors' management platforms, i.e., Mist client insights, Extreme Cloud IQ, Meraki client packet capture, Cisco DNA Center etc. There are also visualization tools that specialize in analyzing packet capture files, such as Eye P.A. from metageek. In a nutshell, visualization tools are a rapid 802.11 packet capture and analytics solution that makes WiFi traffic visible for quick analysis and diagnosis. At a glance, you can find and fix packet loss, monitor channel capacity, minimize congestion, and shed light on network configuration and security issues.

Packet capture options

To perform wireless network protocol analysis, you will have to capture the 802.11 layer 2 frames traversing the wireless network you would like to analyze. You can do that with a portable protocol analyzer such as Commview for WiFi, Omnipeek, Airmagnet WiFi analyzer pro, Wireshark for MacOS, Wireshark for Windows (with the correct wireless adaptor set to monitor mode), Wireshark for Linux, etc. With this method you will be able to take the analyzer close to the device and capture the frames as the device is experiencing (sending and receiving).

Another method of capturing the frames will be with a wireless controller, if you are in a controller-based environment. However, this method would only give you the access points' perspectives and not the devices. Another method is using WIPS (Wireless instruction prevention systems) in which most of these systems will give you the ability to capture wireless layer 2 frames; however, these systems, like the wireless controllers, will only be able to capture at the access point or sensor locations and not at the device location.

Lastly, you can also have a distributed forensics system or monitoring system, which will use dedicated sensors for capturing the wireless layer 2 frames, system such as 7Signal, Omnipeek, or a system like Cisco DNA Center where you would have tri-band access points and you could dedicate one radio to monitor mode. However, these systems will also only be able to capture at the sensor location and not at the device location.

Selecting Adaptors for Wireless network Analyzers

RF Monitor Mode

First and foremost, when doing wireless packet captures, the wireless network adaptor will need to be in RF monitor mode and not in promiscuous mode.

The difference between the two modes is that promiscuous mode will capture everything going in and out of the wireless network adaptor, and RF monitor mode will capture everything on the channel on which the wireless adaptor is listing and that it is capable of "hearing" basde on demodulation capabilities due to the signal to noise ratio (SNR) and the capabilities of the protocol analysis adapter and software. The recommended mode for successful packet capture for wireless network analysis is RF monitor mode, for wireless network analyzer software to utilize the wireless network adaptors in RF monitor mode, you would need to install custom drivers in many systems (particularly Windows-based systems). Most of the time, these drivers will come from the vendor of the wireless network analyzer software, and in some cases like Linux it could be a driver that can change the wireless network adaptor to RF monitor mode. In some cases, the wireless network analyzer software vendor will provide you with a list of network adaptors and their corresponding drivers.

Another important point when selecting wireless network adaptors for packet capture are often done with the use of multiple adaptors with the use of a USB 3 hub. You will have to make sure you select the correct hub in order not to reduce your SNR, some USB 3 hub can reduce SNR up to 20 db, causing your wireless network analyzer not to be able to demodulate the traffic.

Adaptor Selection

The most important point is making sure you get the right wireless network adaptor for the wireless network analyzer software you are using, most of the software out there does not work with all wireless network adaptors and getting the correct wireless network adaptor for the kind of network traffic you are going to be analyzing is very important. For instance, you will need a 3 spatial streams wireless network adaptor to capture 3 spatial streams network traffic. If you are using a 2 spatial stream wireless network adaptor, and your access point is capable of 3 spatial streams, all data sent on the third spatial stream will be missing since your adaptor is only capable of capturing on two spatial streams. The illustration below shows the incorrect adaptor selection in the form of missing data, you will be able to determine it based on the duration times as illustrated.

Click here for part 2.

Reference table:

Material by – CWAP (Certified Wireless Analysis Professional) Study and reference guide, CWAP-403 1st edition by Certitrek publications.

Illustrations by – Wireless Analysis and Troubleshooting CWAP Bootcamp v1.1, MarQuest networking support by Peter Mackenzie.

• WEP (Wired Equivalent Privacy)
• WPA (Wi-Fi Protected Access)
• WPA2 (Wi-Fi Protected Access 2)
• WPA3 (Wi-Fi Protected Access 3)

WEP (Wired Equivalent Privacy)

WEP (Wired Equivalent Privacy) was the first one developed in 1997, attempting to bring, as its name describes, the same security as wired devices. Initially, it was used only with maximum 64-bit encryption until 128-bit and 256-bit WEP became available in some devices and allows by regulations.

Cybersecurity experts detected many vulnerabilities that compromised any network protected by WEP. Therefore, the Wi-Fi Alliance retired it officially in 2004. For today's world, WEP is not a secure protocol and it is outdated. It should not be used anywhere, anytime, in any way, when actual security is required.

WPA (Wi-Fi Protected Access)

Wi-Fi Protected Access (WPA) was developed in 2003 by the Wi-Fi Alliance in response to the vulnerabilities, using 256-bit WPA-PSK (Pre-Shared Key). It was not an IEEE standard (that is, not part of the 802.11 protocol) at that time, though it was in draft mode. The IEEE would incorporate it into the 802.11i-2004 amendment at a later date.

With WPA, two new security mechanisms were introduced: Message Integrity Check (MIC) and Temporal Key Integrity Protocol (TKIP). With the Message Integrity Check mechanism, it prevents active and passive man-in-the-middle attacks on the content of any packet. With TKIP, each data packet is encrypted using a different key. After a while instead of TKIP, AES (Advanced Encryption Standard) would be made available, though it was not used heavily in production networks.

There were two different modes of WPA:

• Personal Mode (WPA-PSK): Pre shared keys (PSK) were used with this mode intended for individuals.
• Enterprise Mode (WPA-EAP): Extensible Authentication Protocol (EAP) was used along with an Authentication Server, and it was more secure.

WPA is more secure than WEP. Despite this, different security vulnerabilities were discovered and it is considered outdated as well. Like WEP, WPA should not be used anywhere, anytime, in any way, when actual security is required.

WPA2 (Wi-Fi Protected Access 2)

WPA2 (Wi-Fi Protected Access 2) was developed in 2004 as a corrected and advanced version of the first WPA and in conjunction with the ratification of 802.11i, which defined the standards by which both WPA and WPA2 operated. Offering new encryption and authentication to cover the original WPA vulnerabilities (to be fair, WPA was intended only as a transitional solution for hardware unable to perform AES encryption). These were AES (Advanced Encryption Standard) and CCMP (Counter Cipher Mode with Block Chaining Message Authentication Code Protocol).

AES (Advanced Encryption Standard) was originally approved by the United States Government and its Military Forces, with the main purpose of encrypting state top secret information and as a replacement for the older DES (Data Encryption Standard) from the 1970s. After a while, it was thought that using AES on Wi-Fi networks could also improve security, and it did.

As mentioned before, WPA2 was not only a corrected version but an advanced one with improvements for Wi-Fi, too, such as fast roaming. This was due to the PMK caching support allowing for reconnections to AP's to which the client has recently been connected without the need to re-authenticate, and Pre-authentication support, allowing a client to pre-authenticate with an AP towards which it is moving while still maintaining a connection to the AP from which it's moving away.

WPA2 is the default security method for individuals and even enterprises (with the Enterprise mode). For SOHO networks, it is still a very secure option when properly implemented; nevertheless, for enterprises, it is a vulnerable one because of a discovered vulnerability where attackers can have access to the network secured with WPA2. This one is known as the KRACK attack, though most vendors patched their equipment quickly to be invulnerable to the most serious versions of this attack.

Until patched, approach WPA networks with the same caution as an open network. Since this vulnerability could potentially compromise the encryption of a wireless network, useful countermeasures were recommended until patches for specific devices were released. These countermeasures included using HTTPS for all websites and/or using a VPN to encrypt all network traffic.

WPA3 (Wi-Fi Protected Access 3)

The most recent security certification for Wireless is WPA3 (Wi-Fi Protected Access 3), and it offers improved authentication and encryption, which is the vulnerability in WPA2, based in KRACK. It is constantly being more used thanks to the 802.11ax standard, which requires it in the 6 GHz band or Wi-Fi 6E.

And speaking about Wi-Fi 6, this will bring more coverage and capacity; therefore, there will be more wireless devices connected. So better security will be needed, and for these requirements, WPA3 will be used with Wi-Fi 6 in all bands at some point; after all the clients connecting in the 2.4 GHz and 5 GHz bands support it, but it is required and used in all cases (when security other than OWE is used) in the 6 GHz band. Note that Wi-Fi 6 is simply 802.11ax in the traditional bands, while Wi-Fi 6E is extended into the 6 GHz band.

Within 802.11ax in the 6 GHz band or Wi-Fo 6E, there is another huge feature improving the known unsecure open networks. This is OWE (Opportunistic Wireless Encryption), as previously mentioned. OWE is a technology and mechanism mainly developed to be used for public or open networks. With it, encryption will occur without user interaction preventing man-in-the-middle attacks. It is similar to the way HTTPS websites work in that a secure negotiation process is used to generate encryption keys during the initial connection without requiring a pre-shared key or password.

Think about this. You are in your coffee shop working and connected with your PC, smartphone, and even tablet. With WPA3, any attacker in the same public place with you, won't be able to do a man-in-the-middle attack towards you. Unless the public network is WPA2 and unpatched, that is.

So far, it is known that dictionary attacks are used to predict passwords with many different and several attempts and work with WPA2. Hackers can do this attack even if they are not in the same network with the victim. To prevent this type of attack, WPA3 offers a new key negotiation protocol. With this protocol, it will use a secure method, Simultaneous Authentication of Equals handshake, known as SAE. Before with WPA2, the older four-way handshake was being used, and this is more vulnerable - particularly when unpatched against KRACK attacks.

WPA3 provides extra security and encryption if you compare it with its previous versions, such as WPA2, WPA, and WEP. With WPA3, all the traffic between you and the other end will be encrypted until the other end is authenticated.
Furthermore, there is also another new connection type that is coming with WPA3 called Wi-Fi Easy Connect. It reduces complexity and enhances the user experience of connecting devices to Wi-Fi networks while simultaneously incorporating the highest security standards. Wi-Fi Easy Connect introduces standardized mechanisms to simplify the provisioning and configuration of Wi-Fi devices. Provisioning and configuring devices, including those without a rich user interface, is now as simple as scanning the product's quick response (QR) code, NFC tag, or downloading device information from the cloud to enable zero-touch connection to a Wi-Fi network.

So, which one should I use?

Finally, with all this information you may be wondering "Which one should I use?". Evidently, WPA3. If it's not available, you can go with WPA2 knowing the potential weaknesses. When using WPA2 with a strong EAP method, it is still far more secure than WPA2-PSK and may continue to be used in many organizations for a few more years because of older devices in use. You can learn all the nitty-gritty details of these security solutions in the CWSP Certified Wireless Security Professional Study and Reference Guide available from CWNP.

Yury D. Morales - @WiFiTechydm
Twitter | LinkedIn | Instagram

Myth #1 - Higher frequencies don't travel as far as lower frequencies

This is false. RF signals travel the same distance regardless of frequency. On the surface it does appear that lower frequencies travel further but why?
I think the misunderstanding is that the frequency itself is the reason it doesn't travel as far. But think about it, extremely high frequency gamma rays with a frequency of around 10²⁰ Hz (wavelength of 1 nanometer) travel billions of miles, light years even, from neutron stars and pulsars all the way to us here on earth. What it comes down to is attenuation. In free space, there is no medium of which a radio wave gets attenuated so therefore it travels equally in distance regardless of frequency. But here on earth and in the real world where there are objects and obstructions, longer wavelengths have the advantage of attenuating less which makes them appear as if they go farther than higher frequencies. But it's really the medium of which radio wave must go through that determines how much it is absorbed and attenuated – which then determines how far it goes (or should I say, still heard). Longer wavelengths have less numbers of their "wavelengths" to get through an object and therefore are less absorbed, their signal is less degraded, and therefore appear to go further.

Here's an anomaly and case in point. In the 2-way radio world, it is commonly known that UHF (450-470MHz) frequencies do better than VHF (150MHz) in an indoor environment. How could this be? Well, the wavelength for VHF is approx. 6 feet while UHF is approx. 2 feet. In buildings, the windows, doors, openings etc. are larger on average than the UHF wavelength is but are on average smaller than the VHF wavelength is. In this case, the amount of total attenuation is actually less with UHF. Interestingly, if you continue to go higher in frequency (i.e. 900MHz), an even shorter wavelength puts you back at attenuation increasing again because although the openings are further increased a bit from the wavelengths perspective, everything else (all the other non-openings if you will) are attenuating the signal more. It turns out UHF 450MHz is the sweet spot. And to cover what someone may point out that UHF radios have higher gain antennas than VHF (which is true), the dB gain difference isn't enough to resolve the explanation of why UHF does so much better indoors.

Another factor is that really high frequencies require more advanced antenna systems and circuit designs to both transmit and receive effectively compared to lower frequencies. Physics (and the math of electromagnetic waves) prove that the RF is there, it is simply more challenging to receive the signals as is demonstrated in the current challenges of working with RF in the terahertz range, which will likely be a common reality in the coming years ahead.In summary, while it is a myth to say that higher frequencies don't travel as far as lower frequencies, it is true that higher frequencies are more attenuated than lower frequencies and it is also more challenging to design antenna systems that can receive higher frequencies at a greater distance.

Myth #2 – FSPL increases with frequency

When using a FSPL calculator, it assumes as you lower the frequency, you are also maintaining the same wavelength-proportionally sized antenna. In essence, you are only changing one variable (frequency, not antenna size). When changing the frequency to a lower frequency, you aren't seeing the fact that the antenna is getting bigger and bigger at the same time. But if you were to decrease the frequency while NOT increasing the size of the antenna, then dB gain would decrease accordingly and the overall system gain would stay the same.

See the example below where I adjust both frequency and antenna size (gain -3dB). FSPL is the same!

Courtesy: https://www.everythingrf.com/rf-calculators/free-space-path-loss-calculator

Myth #3 – Increasing output power is never a solution.

Hear me out! I'm not saying to turn up your AP's to 28dBm but what I am saying is there is this misnomer that you must match AP to client power, or that increasing power is never a solution. For one, the AP's receiver is usually better than a client device. Couple that with MRC (maximal ratio combining) and you can easily allow for at least 3dB better RX which can mean 3dB more AP TX to balance the system. Another thing commonly overlooked is that it is OKAY to have asymmetrical MCS rates (higher downstream) than upstream. Typical WLAN networks have clients downloading more than uploading. With a higher average MCS rates to clients, they will be on and off the wireless medium quicker, thus increasing performance of the network. It's often fine to have AP power around 15-17dBm or even a little more in some cases. Devices still roam okay while keeping co-channel interference in mind of course. This isn't to say that this is a solution to a poor design or obvious coverage holes, but don't be afraid to turn up the power a few decibels. And for Point-to-Point links, increasing power is certainly one of the easiest ways to increase performance. Also think Mesh backhaul links between AP's - if they are higher power, the average MCS rates to each other will be higher. Of course, one must take care not to create more co-channel interference and be a good neighbor etc. but you get the point.

Myth #4 – WiFi6E has more frequency space (1200MHz) than any other unlicensed band

My friends have we forgotten about our 60GHz band? Just one 802.11ad / 802.11ay channel has more RF bandwidth than all of the 900MHz, 2.4GHz, 5GHz, WiFi6E, and 24GHz bands combined!

Add them up: 900MHz = 26MHz, 2.4GHz = 83.5MHz, 5GHz = 500MHz (being generous with no gaps), 6GHz WiFi6E = 1200MHz, 24GHz = 250MHz = 1859.5MHz total.

One 802.11ad/ay channel = 2160MHz.

Myth #5 – Doubling the RF bandwidth will double your throughput

Not always! Although the PHY rate may double (which may look really nice), the actual throughput is not likely to double. Remember, narrowing the channel width by half increases SNR (lower noise floor) by 3dB and possibly more if there are other sources of interference. A 3dB improvement in SNR typically results in a jump of 1 to 2 MCS rates. And the reverse is true, doubling the RF bandwidth reduces the SNR by 3dB. This 3dB reduction in SNR can often reduce the average MCS rates by 1 or 2. This means you don't always double the throughput when doubling the RF bandwidth but likely, on average, somewhere in-between. Only if the link is so strong, with so much extra SNR beyond what is needed for the maximum MCS rate that – full MCS rates are maintained either way and throughput doubled.
Case in point, I had an outdoor PtP application where I reduced the RF bandwidth from 40MHz down to 20MHz and the throughput actually went up! Narrowing the RF bandwidth increased the SNR and reduced apparent interference. This increased the MCS rate of the link so much so that it more than made up for the lost throughput from narrowing the RF bandwidth.

First of all, a few caveats

Of course, each design and deployment is different and may/will require its own specific configurations but hopefully, you can use this as a rough guide on how to configure your Wi-Fi networks in 2022 and beyond!

No configuration can fix a bad design! Ensure you have completed a proper design - just following these recommendations alone will not give you good Wi-Fi!

Also, this blog was written before 6 GHz has really hit the market.

Let's start :)

Focus on 5 GHz

All business-critical SSIDs should be configured to use 5GHz only.

From my experience, 2.4 GHz in the enterprise space cannot be a reliable frequency that we can use for our day-to-day business-critical needs. This is because of the limited amount of frequency space we have in 2.4 GHz, limited non-overlapping channels, this frequency also propagates through material better so can be heard from farther away and lots of other non-Wi-Fi devices use the 2.4 GHz frequency band.

Single band SSIDs - why?!

It is always the Wi-Fi client's decision on which AP and frequency band it will join and roam to – we call it the green diamond algorithm, this can be simple or complex, but the decision remains in the hand of the Wi-Fi client.

We do not want to punish your good Wi-Fi clients (prob 95%+) to support the legacy Wi-Fi clients.

• Truth is if the customer can afford you to be configuring their Wi-Fi or upgrading a legacy Wi-Fi infrastructure - they should also be upgrading all their legacy clients as well!

If we do need to support these legacy clients, then what I do is create two versions of my SSIDs. Create the first version of your SSID to be 5 GHz- only and have "All bells and whistles" turned on (all the fast-roaming amendments enabled) - then create a copy of that SSID and add the word legacy to the end or something similar and make this a "vanilla" SSID. 2.4 GHz- only with none of the fast-roaming amendments enabled.

For example: - Wi-Fi Ninjas Corp and Wi-Fi Ninjas Corp Legacy

Invest in your guests!

Enough is enough with open encryption SSIDs with captive portals! Nobody and I mean nobody wants to put their details into a captive portal to access some Wi-Fi.

Look for alternatives, we have had great success recently with deploying a mPSK/iPSK solution with a nice third-party integration that your guests scan a QR code on a tablet in reception to give users a unique PSK to access the Wi-Fi.

Here is a nice example below from WiFlex.

Channels & DFS

Use all available 5 GHz channels if you can! (Check for DFS and make a decision)

DFS Checklist:
- Make sure we know what DFS channels all our Wi-Fi clients support
- Check if our site is affected by DFS events and how heavily to then make a decision if we are going to use all the DFS channels or maybe just remove some.

You may be able to check the Wi-Fi client data sheet to see what channels the device supports but there is an amazing website from Mike Albano which has details of 100s of devices and their capabilities – I would highly recommend you bookmark this website & use it.

clients.mikealbano.com

As an example, just looking at some of the iOS devices we can see that there are quite a few that do not support channel 144 – so if you were to enable the DFS channel 144 on your Wi-Fi network and one of the below devices came along, they just wouldn't be able to see your AP that is on channel 144 – therefor will probably cause you some coverage/roaming issues for this device.

How do you check to see if your site is affected by DFS events? Review the logs on your brownfield Wi-Fi infrastructure or in a greenfield environment we will need a test mobile AP.

Looking at these logs here we can see that there are quite a few events on channel 100 – so what we might want to do here rather than not using all of the DFS channels we might want to just exclude channel 100 from our APs.

2.4 GHz - Always just use 1,6 and 11.

Channel widths

On 5 GHz the rule here is using the widest channel until you can't (do not create CCI on your own Wi-Fi)

Never, ever and I mean ever mix channel widths on 5 GHz – this could cause you to create something known as OBSS where you have primary & secondary channels overlapping with each other – which is really bad for your Wi-Fi.

You want to be safe? Just stick to 20 MHz wide! In most scenarios users are not going to need higher data rates and having a cleaner RF space is much better.

2.4 GHz – we only ever stick to 20 Mhz wide.

Let's take a closer look at the 2.4 GHz and 5 GHz spectrum:

2.4 GHz = 80 MHz of usable spectrum & only 3 non overlapping channels plus tons of non-Wi-Fi interferes live here:

5 GHz = 500 MHz of usable spectrum with up to 25 x non- overlapping channel plus+ not so many non-Wi-Fi interferes:

Control the Transmit Power levels for your beautiful Wi-Fi Access Points.

My tip here is to make 2.4 GHz max Tx power at least 6 dB less than your minimum 5 GHz Tx power - why? Inverse square law and Free Space Path Loss – this will give your 2.4 GHz and 5 GHz a similar coverage cell.

Oh, by the way, Ekahau does this for you when you first drop a simulated AP in your predictive design :)

\

We of course want to use the same transmit power levels that we did in our predictive design but typically this is what I will configure for my transmit power ranges:

• 5 GHz Max Tx 17 dBm - Min Tx 14 dBm
• 2.4 GHx = Max Tx 8 dBm - Min 5 dBm

Data rates

• Disable low and legacy data rates.
• Typical density environments use 12 Mbit/s as the lowest allowed mandatory rate.
• High-density environments use 24 Mbit/s as the lowest allowed mandatory rate.

Client Load Balancing

We should be using single-band SSIDs but if for some reason you cannot then you might see a feature called something along the lines of "Client load balancing" - I do not like this feature as I have seen some clients ungracefully disconnected from the Wi-Fi in the middle of a time-sensitive application (Voice or video call) as the AP decides they have enough clients connected so it's going to move this client on to another AP!

Turn on AP hostname broadcasting!

This just makes your life easier when doing your post-deployment validation survey to check that all APs are installed in the correct place and also for troubleshooting.

Do not go crazy with the amount of SSIDs on your radios/frequencies.

SSIDs are sent out in the beacon frames, beacon frames are sent out 10 x per second per SSID, per radio & as these are management frames they are sent at the lowest configured mandatory rate - so even without any Wi-Fi clients - too many SSIDs can create lots of channel utilization.

Typically, you would not need more than 3-4 SSIDs per radio/frequency.

Here is a table with some example SSID configurations.

Remember always, always do a post-deployment validation survey to ensure that everything is working as expected, and make sure you test the Wi-Fi network with real client devices using real client applications.

That's it - that's all my top tips/recommendations for how I mostly configure my customers Wi-Fi networks now :)

A network switch (also called switching hub, bridging hub, and, by the IEEE, MAC bridge) is networking hardware that connects devices on a computer network by using packet switching to receive and forward data to the destination device.
Packet switching allows data to be sent over the telecommunications network in short bursts or "packets" that contain sequence numbers so that they can be reassembled at the destination.

A network switch is a multiport network bridge that uses MAC addresses to forward data at the data link layer (layer 2) of the OSI model. Some switches can also forward data at the network layer (layer 3) by additionally incorporating routing functionality. Such switches are commonly known as layer-3 switches or multilayer switches.

Switches are key building blocks for any network. They connect multiple devices, such as computers, wireless access points, printers, and servers, on the same network within a building or campus. A switch enables connected devices to share information and talk to each other.

ROUTER:

While switches allow different devices on a network to communicate, routers allow different networks to communicate.

A router is a device that connects two or more packet-switched networks or subnetworks. It serves two primary functions: managing traffic between these networks by forwarding data packets to their intended IP addresses and allowing multiple devices to use the same Internet connection.

There are several types of routers, but most routers pass data between LANs (local area networks) and WANs (wide area networks).

A LAN is a group of connected devices restricted to a specific geographic area. A LAN usually requires a single router.

A WAN, by contrast, is a large network spread out over a vast geographic area. Large organizations and companies that operate in multiple locations across the country, for instance, will need separate LANs for each location, which then connects to the other LANs to form a WAN. Because a WAN is distributed over a large area, it often necessitates multiple routers and switches.

GATEWAY:

While a router is used to join two similar types of networks, a gateway is used to join two dissimilar networks. Dissimilar could be used to describe networks that use different primary protocols.

A gateway is a hardware device that goes about as a "gate" between two networks. It very well might be a server, firewall, router, or another device that empowers traffic to stream all through the network. Gateways serve as an exit and entry point for a network as all data should go through or communication gateway before being routed. In most IP-based networks, the only traffic that does not go through at least one gateway is traffic flowing among nodes on the same local area network (LAN) segment.

SUBNET:

A subnet, or subnetwork, is a segmented piece of a larger network. More specifically, subnets are a logical partition of an IP network into multiple, smaller network segments. The practice of dividing a network into two or more networks is called subnetting.

Each subnet allows its connected devices to communicate with each other, while routers are used to communicate between subnets.

Subnet Mask:

When you connect a device to a network, the network assigns an IP address to the device. That IP address consists of two parts: the network portion and the host portion. The network portion of the IP address identifies the overall network while the host portion identifies the device. A subnet mask is a number that distinguishes the network address and the host address within an IP address.

FIREWALL:

A Firewall is a network security device that monitors, and filters (accepts, rejects, or drops) incoming and outgoing network traffic based on an organization's previously established security policies.

At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet. A firewall's main purpose is to allow non-threatening traffic in and to keep dangerous traffic out.

History and Need for Firewall: Before Firewalls, network security was performed by Access Control Lists (ACLs) residing on routers. ACLs are ruled that determine whether network access should be granted or denied to a specific IP address.

But ACLs cannot determine the nature of the packet it is blocking. Also, ACL alone does not have the capacity to keep threats out of the network. Hence, the Firewall was introduced.

DEMILITARIZED ZONE:

In computer security, a DMZ network (sometimes referred to as a "demilitarized zone") functions as a subnetwork containing an organization's exposed, outward-facing services. It acts as the exposed point to an untrusted network, commonly the Internet.

The goal of a DMZ is to add an extra layer of security to an organization's local area network. A protected and monitored network node that faces outside the internal network can access what is exposed in the DMZ, while the rest of the organization's network is safe behind a firewall.

When implemented properly, a DMZ Network gives organizations extra protection in detecting and mitigating security breaches before they reach the internal network, where valuable assets are stored.

Purpose of a DMZ:

The DMZ Network exists to protect the hosts most vulnerable to attack. These hosts usually involve services that extend to users outside of the local area network, the most common examples being email, web servers, and DNS servers. Because of the increased potential for attack, they are placed into the monitored subnetwork to help protect the rest of the network if they become compromised.

Hosts in the DMZ have tightly controlled access permissions to other services within the internal network because the data passed through the DMZ is not as secure. On top of that, communications between hosts in the DMZ and the external network are also restricted to help increase the protected border zone. This allows hosts in the protected network to interact with the internal and external network, while the firewall separates and manages all traffic shared between the DMZ and the internal network. Typically, an additional firewall will be responsible for protecting the DMZ from exposure to everything on the external network.

All services accessible to users on communicating from an external network can and should be placed in the DMZ if one is used. The most common services are:

• Web Servers
• Mail Servers
• FTP Servers

There's a guide in the networking world, "start troubleshooting from Layer 1", which means that you start with the hardware:

• Are all the units powered on?
• Are all the cables properly connected?
• Is the cabling functioning properly?
• If your router or access point has external antennas, are they securely fastened?

Sometimes the issue might be as simple as a cable that, for some reason, is disconnected or, even worse, a "strangled" cable. While a disconnected cable is fairly easy to detect and solve, a strangled cable might be harder. For instance, a cable might have a few centimeters under a TV cabinet leg or smashed against a wall or even with a cable strap much to tighten, or your house pet chewed something that it shouldn't. All of these might cause your network to have a random behavior, depending on the pressure that is done to the cable.

If your equipment has external antennas, check if they are properly attached.

So, if everything is powered correctly and the cabling is ok, let's look into the wireless signal. It's best to start near the wireless router or access point and verify that the signal is being broadcasted. Grab your network equipment and try to connect to the Wi-Fi:

• Is your network being broadcast?
• Can you associate with your network?

If not, the problem is most likely with your wireless source. You might try to reset the power of your equipment. If the equipment is leased from the Internet provider, you may need to call them to see if they can solve it remotely or if you have to replace your equipment. However, if the answer to both questions was positive, check the status of the signal in all areas that are required.

Ideally, your Wi-Fi signal should be above the -68 dBm mark, you may have fairly decent communication at -72 dBm for common Internet access and if you are not using it for voice or real-time video. Below that level, you'll probably get signal coverage issues and need to consider alternatives, like adding another access point or extender (mesh extender, for example). Signal extenders should only be used as the very last resort and be avoided at all costs because those solutions may use significant portions of the bandwidth just to keep their wireless links with each other (the extenders and the main wireless router). However, if you have a tri-radio router and implement multi-radio extenders or mesh nodes, they may be able to use one channel for the "network" and another for end device access.

So, how can we measure the Wi-Fi signal and check if you have enough coverage?

If you have a laptop, you can check the stats of your wireless interface, or install a wireless measuring tool, like WinFi Lite. If you have an android smartphone, you can install a wireless signal measuring app, like "WiFiman", or if you have an Apple device, you can install the "Airport" app and use it to scan the signal strength.

While you are measuring your network, you will also be able to measure neighboring networks and see if they can affect your network. It's almost impossible not to be affected by an external 2.,4 GHz so you should try to use the 5 GHz spectrum as much as possible. There are more channels to use and a lot fewer interfering networks in most residential locations (though this is far less true in apartment complexes – even still, 5 GHz is usually better and 6 GHz is even better, though your end devices will not likely support it in the near term).

If everything is ok with the coverage, how about network usage? When you had network problems, how many users were connected to your Wi-Fi and what are they using it for?

As a personal experience, four different videoconferences, plus two VPN connections and an iPad playing YouTube videos will probably make the communications on your ISP router choppy because that router wasn't built for such traffic processing demand. If you have high traffic demand you should check with your ISP if you can upgrade your wireless router, like upgrading for one that supports Wi-Fi 6, or better yet, install an additional access point to take the burden of the Wi-Fi traffic and leave your ISP router to handle other aspects of your home network. Or even better still, don't use the ISP wireless component at all, simply connect a far superior Wi-Fi router to the Ethernet port on the ISP's router.

So, the wired is fine, the coverage is there, not many users are connected, but sometimes there are still network problems. What else could be affecting your network? Maybe you're having wireless interference problems.

There are a lot of home wireless routers that only support 2.,4 GHz communications. One of the problems with that range is that, since it's cheap and has a longer range than 5 GHz, most of the manufacturers use those channels in a variety of different types of equipment:

• Do you have a baby monitor?
• Do you have a wireless video camera?
• Do communications fail when someone is using a microwave oven?
• Is there any motion detector of an alarm system?

All the previous, and more, may have a large impact on the 2.,4 GHz signals but there are other sources of interference. Unfortunately, to fully identify the interference you need a spectrum analyzer.

You might have an access point that can analyze and report the radio frequency status. Usually, this is shown in cloud-based solution access points but keep in mind that the results of these reports are based on the place where the access point is installed. A little bit of interference near the access point doesn't mean that there isn't something severely affecting the signal near the user.

And then there's also passive interference:

Is your wireless source closed inside a cabinet? Or over the ceiling? Think of wireless propagation as sound. If you have a speaker over the ceiling or closed inside a cabinet would you hear it as well?

Metal is also a nuisance for Wi-Fi propagation:

Do you have mirrored windows?
Is there a lot of metal between the access point and the users? Like metal cabinets, large fridges, armored walls.

Are any of your walls are painted with magnetic or metallic paint? While rare, it could be an issue.

And then, there is also another possibility. You might have some naughty neighbor that is doing some nasty stuff to your Wi-Fi, like a deauthentication flood attack, which is having external wireless equipment pose as your network and starts sending de-authentication packets to your users. It would be like your neighbor sneaking into your house, disguised as you, and then saying to everybody to get out. Everyone will stop what they are doing, leave your house and ring your bell until you let them all in again. As soon as they are back into your house, your sneaky neighbor will again say to them to get out of "his" house. And everyone will be leaving again and ringing at your door, and so on, and so on.
These are very hard to catch if you don't have the proper tools or knowledge. Maybe you can be fortunate enough to have an access point that can detect and report these attacks. Again, cloud-based solution access points can usually detect and report those situations.

Ok, at this point, we checked the local infrastructure, checked the coverage and interferences so let's check the integrity of your internet connection. Use your network equipment to check if you're getting an IP address. (NOTE: You might do this first, but if you have a wired device that connects to the Internet, such as a desktop computer, and it is working fine, the main Internet connection is not likely the problem.)

• Do you have an IP address?
• Can you ping your gateway?
• Do you have DNS?

Check your network stats and verify that you have a proper IP address. If you don't have a proper IP, try to register again to your home network (restart the ISP's router). If that also fails, try to reset your DHCP server, the vast majority of the time it's your home router so you will have done this in the previous step, but if you're using something different, restart it. If that also fails, check the DHCP configuration or call your ISP provider.

If you do have a proper IP address, try to ping a public site like nasa.com or google.com. If that fails, try ping a well-known public IP address like 8.8.8.8. If that works, then there may be an issue with the DNS that you have configured so you might try using public DNS servers, like 8.8.4.4 or 8.8.8.8. But if a ping to a public IP address fails, then it's either in the path between your home router and the ISP or something in the ISP itself.

Also, what exactly are you trying to connect to? Because not being able to post something on social media doesn't mean that the network is down.

It can also be an outage on the ISP service that you are trying to use.

When this happens, the common issue is a cut in the path to your ISP. Someone might have disconnected your connection in your street/building distribution panel or it can also be something in the street. There's a reason why backhoes are also called "cable finders" and if you work in networking you would probably already experience or hear of a situation where the network cable was cut by works done by heavy construction equipment.

The issue can also be with the ISP infrastructure. They can be experiencing some issues in their backbone network or their client management system. In the last few years, there have been several cases of ISPs being affected by malicious hacking events.

Just one more thing, be patient and helpful when you call your ISP. The first people that will take your call will most surely be working at a call center and, not only they are instructed to follow a script, they are evaluated on how well they follow it. Please keep this in mind and when they ask you a question, be as clear and short as possible in your answers.

Also, don't be an entitled person just because you think you might be more tech-savvy than the people on the other side of the call (particularly after reading this post). You might think that you have already checked all the buttons and knobs but you might have overlooked something during your troubleshooting process. Sometimes a fresh pair of eyes might be all that was needed to identify the problem.

What Is Radio Frequency
Radio Frequency is a range of frequencies in the electromagnetic spectrum. According to WatElectronics "Wireless Radio frequency is any of the electromagnetic wave frequencies around 3 kHz-300 GHz". Radio waves are just a small part of the electromagnetic spectrum. Microwaves are part of the electromagnetic spectrum and part of the RF range, and they also interfere with wireless devices and signals. Microwave ovens are just one example of an appliance interfering with wireless transmissions. It is important to take these appliances into consideration when implementing a WLAN.

Calculating RF Wavelengths

Figure 2 wavelength formula triangle

When calculating the wavelength, you will always have the speed of light (3.0x10^8ms^-1) to put into the formula. The next thing you will need is the frequency of the wave in kilohertz (kHz) or gigahertz (GHz) you may have to convert one to the other in order to cancel them out when dividing. Now that you have two of the numbers you can find the third one (the wavelength) by dividing the speed of light by the frequency to find the wavelength. Looking at the formula triangle makes it easy to remember where to put the numbers and what to do with them. If you were looking for the speed of light you would multiply frequency and wavelength to get it. If you are in a situation where you need answers fast and don't have time to waste doing pen and paper calculations, I would recommend using an online calculator.

Frequency vs Wavelength

Figure 3 Radio waves, television waves and microwaves have different wavelengths.

As the frequency of a wave increases the wavelength decreases. NASA defines a wavelength as "The distance between one peak or crest of a wave of light, heat, or other energy and the next peak or crest". It is important to know that a full wavelength is measured from crest to crest or two identical points on the wave. This means that a 360° rotation is a full wavelength from crest to crest and a half wavelength would be a 180° rotation measured from crest to trough.

The Relationship Between Frequency and Amplitude

It is important to know the difference between amplitude and frequency of a wave when talking about wireless communications. Amplitude is the energy or intensity of a single wave and frequency is the regularity of the wave repetition. If we have two waves with the same amplitude but one has a lower frequency than the other the lower frequency wave can be received farther than the higher frequency wave because antenna design for higher frequencies is more challenging the higher the frequency. Additionally, the higher frequency wave will attenuate faster because it is typically absorbed more easily by elements in the atmosphere and physical objects through which it must pass. A rough analogy is bouncing a basketball. If you let the ball bounce freely it will bounce for longer than if you put your hand over it making it bounce faster. The ball bouncing with a higher frequency loses energy every time it hits the ground and your hand. This is the same with radio waves the higher frequency will lose energy faster when interacting with the environment. While low frequencies can travel longer distances the downside is that they can't carry as much data as the higher frequencies. It is finding the sweet spot between power and frequency that makes the most efficient wireless networks possible.

Michael's LinkedIn and Facebook

Like working in IT and networking, you started learning about fundamental concepts like the OSI model, how to make a crossover cable, and the protocols used for a computer network to communicate. Those concepts still apply here in Wi-Fi, so you already have a leg up from someone just learning the basics of networking. It is not a contest, of course, but you can apply them to what you learn in wireless networking with some of those fundamentals.

The nice thing about learning Wi-Fi and wireless technologies is how you can, like networking, be as broad or as focused as you like. The certifications in the wireless space are proof of that. Do you want to design wireless networks? Do you want to analyze wireless networks? How about learning about security in wireless networking? You could study RF behavior and propagation to help troubleshoot small deployments, multi-tenant spaces, even places like stadiums or theme parks. How about protocols? Do the differences and advancements in 802.11 protocols intrigue you? The world is your oyster, as they say.

Next steps? Start chipping away at the rest of the concepts and break it down into those pieces of concepts and topics. The CWNP curriculums are a fantastic resource to grab those concepts from. Take the blueprints, break down the areas, and concentrate on those first few concepts. For example, in the Certified Wireless Technician, some of the first topics you cover are the basic concepts of RF components that you will encounter as a newly minted technician. Antennas, transmitters, receivers, feed lines, connections help you build the base of how a wireless radio sends out or receives its signal.

There is a multitude of topics that you could start with. Pick one and start reading up on it. From there, utilize the resources available to you. Do you have any coworkers or classmates already working on wireless networks? Pick their brain a little and look for their perspective on a topic. Look online for groups or other professionals to learn from. There are a ton of Wi-Fi professionals that are active on social media platforms that are always talking about wireless and technologies. Look out for webinars by manufacturers of the networking equipment and the tools used to help design or troubleshoot wireless.

Don't let the 10,000 hours scare you away like I said in the beginning. I'll spare you any tropes and silly phrases and leave you with a few final thoughts. Don't be afraid to take the leap or dive into a topic to start learning it. Who knows, when beginning the RF side of wireless may be intensely interesting. But then, when you start learning about the security fundamentals in wireless, you might find that you feel passionate about that instead. Your first concept to tackle may be related to a problem you are facing with a wireless network right now at home or at work. Maybe it is a combination of things. It is your adventure to choose.

The key to all of this is to take the first step. Don't be afraid to ask questions or not know something. We were all beginners at some point in our lives. For example, Ansel Adams didn't start making classic, award-winning landscape photographs the first day he picked up a camera. Learning about Wi-Fi will be the same way. And the learning never stops because the landscape in wireless is always changing and advancing. There is always something new to sink your teeth into—no better time than now to get started.

linkedin.com/in/jamesvooght/

For example, if you've faced the same problem many times and most of the time it is caused by the same issue, you will discount other causes based on this experience - and you will be right most of the time. An expert intuitively discounts unlikely causes. A novice becomes an expert by learning as much as possible about the target system/concept and gaining experience with it, which results in a large database of potential causes of effects. These causes can then be evaluated through discounting (less likely or less impacting) and augmenting (more likely or more impacting) to determine the likely issue in a given situation.

Kelley further advanced the psychological theory of attribution when addressing how people determine the cause of other people's behaviors. He suggested, in his model of attribution theory, that people behave as they do for three reasons (causes): the persons themselves, the stimulus or entity acting on them, or the circumstances surrounding the occurrence at that time. To relate this to causal analysis in wireless solution troubleshooting, we can state that there are three causal categories: the system itself (some internal error, failure, or configuration problem), the input to the system (the frames are malformed, for example), or the environment at the time (sporadic interference, for example). Let's consider an example of each:

• An AP is experiencing heat problems causing intermittent failure (the system itself).
• A client is sending frames to the AP with bits set incorrectly disallowing connection or communication (the input to the system).
• A machine generates RF energy when it is active causing interference (the environment at the time).

Each of these represents real-world problems wireless troubleshooters face and I'm sure you can come up with dozens more in each category. Developing lists of causes and effects builds an information base that you can use in the troubleshooting process. In fact, Kelley, in a 1980 paper (Attribution Theory and Research) suggests a model that is based on antecedents, attributions, and consequences:

• Antecedents
• Information
• Beliefs
• Motivation
• Attributions
• Perceived Causes
• Consequences
• Behavior
• Affect
• Expectancy

That is, your information base, beliefs, and motivations inform your perceived causes and result in particular actions. Therefore, if the foundation is wrong or weak (little information, wrong beliefs, weak motivation), you are less likely to arrive at the proper cause(s) and take the proper action(s).

Based on the information presented here as a starting point for considering the psychology of troubleshooting, you can see that the development of a list of common causes to common problems can be quite beneficial. It is for this reason that I have always been a proponent of documentation. When we document the effect (the problem) and the cause, after resolving an issue, we build such a list. Such documentation can be internal or external. For example, many wireless engineers document important findings in public blogs, which helps to forward the knowledge to the entire community. Sensitive information, such as configuration parameters used within an organization, should not be shared in the public space; however, principles and concepts are valuable to all.

So here we are, at the end, and once again I'm suggesting the need for documentation. Hopefully we hear it.

First, I want to give some background on what MU-MIMO and Explicit Beamforming on 802.11/ac is. Before 802.11/ac it was possible to communicate with one device at time and with MU-MIMO now it's possible to communicate with up to 4 devices at same time

The MU-MIMO is only supported on 802.11/ac and 802.11/ax devices. It's not supported on 802.11/n devices.

802.11/n uses SU-MIMO as shown below in the example:

Beamforming on SU-MIMO (Sounding Process):

In 802.11/n, Beamforming (TxBF) is an important mechanism that allows transmitting data using multiple antennas with various copies of the same data to the receiver in a constructive Multipath which result in a better SNR (Signal-to-Noise Ratio). It improves the signal strength concentrating the signal to the device that supports it.

Beamforming phase of SU-MIMO

Now talking about MU-MIMO and Explicit Beamforming on 802.11/ac

Beamforming on MU-MIMO (Sounding Process):

Different from TxBF shown above, explicit beamforming depends on AP and client known as Beamformer (AP) and Beamformee (Client) to communicate and this process is called channel sounding and it's based on NDP packets also known as Null Data Packet.

The idea with this article is to demonstrate below how MU-MIMO can increase the performance when sending data to multiple users. I am going to demonstrate a scenario where I disabled the MU-MIMO and tested with iperf3 traffic with single device communication with MU-MIMO disable, multiple device communication with MU-MIMO disables and the same 2 tests with MU-MIMO enabled.

The topology below is composed by a 3:3:2 AP which means 3 Tx Antennas + 3 RX Antennas and 2 Spatial Streams of data at same time. Devices with 3 Spatial Streams will only use 2 Spatial Streams because of the limitation of AP and devices with only 1 Spatial Stream will be limited to only 1 Spatial Stream communicating to AP.

Test Topology – LAN Speed – 100Mbps

The topology above shows 2 devices communicating to AP and vice-versa but the figure is only to show how the devices communicate in the infrastructure of the tests. In this topology I am not representing MU-MIMO or Beamforming, I will do this below in the tests.

Note below that when I disabled the MU-MIMO option in the controller it automatically disabled the beamforming capacity and enabled STBC (Space-Time Block Coding) which is a method where 2 or more antennas transmit same information when the number of antennas is even, in our tests we have 3 Antennas on the test AP.

1 - Test performed with MU-MIMO disable. Single client test with laptop and tablet using iperf3

Macbook Pro

iPad Pro

2 - Test performed with MU-MIMO disable. Multiple client test with laptop and tablet using iperf3

Macbook Pro

iPad Pro

3 - Test performed with MU-MIMO Enabled. Single client test with laptop and tablet using iperf3

Macbook Pro ( ~32% improvement)

iPad Pro (~16% improvement)

4 - Test performed with MU-MIMO Enabled. Multiple client test with laptop and tablet using iperf3

Macbook Pro ( ~20% improvement)

iPad Pro ( ~40% improvement)

Perhaps you got lucky and your contact at the vendor you are working with got you the documentation you asked for right away, or, (more likely) you pestered them until they put you in touch with their vendor, and then they found you someone who understood what you were asking for. Now that you've got the datasheet you can finally get started on designing an awesome Wi-Fi network for this super-critical client!

The problem now is that you've opened this 80 page PDF, and you can't make heads or tails of it...

Let's take a few steps back first, in case you were dealt a bad hand and don't have any documentation yet. There are a handful of resources that put this documentation within reach of anyone with internet access. You may need to do a lot of googling, but with persistence, you can usually find some breadcrumbs which will lead you in the right direction.

Every wireless emitting device sold in the USA is required to have an FCC ID. Approved transmitters that are certified as modules must be labeled with their FCCI ID directly on them. Devices that contain non-certified transmitters may be granted authorization, in which case the FCC ID label must be placed on the exterior of the finished product.

If you have the FCC ID of the device in question, you can search the database at FCCID.io. This may yield many documents to sift through, but right off the bat, the device's page should provide you with the operating frequencies and transmit power for each.

In addition to the frequencies and power output, you will find the grant notes section might offer some insight into the device's capabilities. You can click on these notes to investigate further, but for instance, the above code MO signifies MIMO evaluation of the device, and code ND signifies compliance with TPC (Transmit Power Control) and DFS (Dynamic Frequency Selection) requirements set forth by the FCC.

Scrolling down a bit will bring you to the Exhibits section where you can find a trove of documents such as photos taken during testing of the device, test reports, legal documents, photos of the inside & outside of the device, the FCC ID label, user manuals, and datasheets.

This can be a lot to sort through, but generally, the user manual or datasheet (if listed) will prove the most useful. You might also find propagation patterns depicting the shape of the signal as measured during the testing. This may help to determine if the module or device is installed/deployed in a sensible orientation.
If your search brought you to user manuals of a different device, or the manual does not provide sufficient detail for your purposes, we can go another layer deeper.

The websites https://wikidevi.wi-cat.ru/ & en.techinfodepot.shoutwiki.com boast powerful search capabilities and can lead you to some very detailed and useful information regarding client devices. You can search for a brand, manufacturer, model number, chipsets, and individual chips to find devices that use those chips or chipsets. In searching other devices which use the same chips, you may infer that they have the same chipset, and documentation for one may relate to the other. This should not be taken as gospel, but if there is absolutely nothing else available, it may point you in a general direction.

On the wiki page for an adapter or embedded system, you will find oodles of information about a device. There is a nice synopsis on the right-hand side and more detailed information at the bottom of the page.

Device Details for Acelink EW-7955MAC adapter from en.techinfodepot.shoutwiki.com

Device details for SeeedStudio BeagleBone Green Gateway from en.techinfodepot.shoutwiki.com

If you still do not have enough information for your purposes or have not found a datasheet, you will need to do some more digging. You can look for a datasheet of the individual chips listed on these websites, or search for chip 1 & chip 2 together to try and find the actual "set".

You can search the chip manufacturer's website or electronics vendors/distributors, a few I have found success with are arrow.com, alldatasheet.com, datasheet.es, datasheetcatalog.com, but it's a bit of a coin toss.

Your mileage may vary with any given resource, and I will spare the reader any lengthy methodology for using search engines.

Let's fast forward (or rewind) - you now have a datasheet in front of you. Data Sheets come in all shapes and sizes, and the level of detail that you find in one may not be available in another. The type of parts, number of integrated components, and capabilities will determine the length and information contained.

The first page generally offers a description of the device, key features, applications/use-cases, and will usually show a functional block diagram that maps the inputs, outputs, and logical flow of functions and components on the chipset.

This high-level view may be enough to determine if a client device will suit your needs, or meet the standards of your enterprise environment. For instance, the features section will likely reveal supported bands, QoS support, and authentication capabilities.

In the example below, we see that the device is only 2.4 GHz capable, and only supports personal modes of WPA/WPA2 authentication, though it does offer WMM, WMM-PS, and Wi-Fi Voice Personal QoS capability. The description notes that this chip is well suited for the integration of IoT applications and handheld wireless systems. It describes features and technologies which make it a good choice for highly mobile devices with power constraints and small form-factors.

If you find that a vendor has implemented/integrated a chipset in a method that greatly differs from the datasheet's suggested use-case, it might be worth investigating or inquiring as to why the chipset was chosen. You may also consider asking for case studies of other businesses which have had success with their solution, and validating with the customer if they will disclose that information.

Soon after this summary, you should find a pinout diagram. This may not seem all that relevant to someone that is not directly involved in building the equipment or machine, but knowing that it is there and what to look for can be incredibly useful. You may find yourself troubleshooting some bizarre or inexplicable behavior from a wireless client, which may be the result of connections made to the wrong pins.

The pinout diagram will number each connection on the chipset, and map it to its function either on the same page or on the flowing pages with descriptions for each pin or lead. The antenna pins may likely be of the most interest to you, especially if they are labeled as primary/auxiliary, or are different for different bands/frequencies. On a chipset with non-symmetrical Tx/Rx radio chains (ie; 2x1:1 or 3x2:2), this could be a pain point if external antennas are implemented by engineers that are not well versed in RF communications.

Pinout diagrams may look very different from one datasheet to the next, and they may seem intimidating, but after looking at a few, and knowing what you are looking for, it really isn't all that complicated.

Following pinout diagrams and associated descriptions are likely to be followed by electrical specifications, circuit characteristics, power consumption and tolerances, processing clock rates, and environmental characteristics/tolerances. Of these, the environmental characteristics may be of the most interest to you, especially if the device will be operating in any harsh conditions with extreme heat or cold.

Finally, we get to the WLAN/RF Specifications section. You may find another block diagram with more detail on the functions specifically pertaining to wireless communications. In this section, specific standards which the chipset complies with should be listed, such as 802.11i/k/v/r/w, etc.

Receiver and Transmitter performance specifications should be listed for each band supported. Here you will find receive sensitivity ratings for each supported modulation scheme on each band. This will tell you what your minimum RSSI (as measured by the device) must be to achieve each data rate. This should also list the maximum signal strength that the chipset can receive without causing damage.

These tables can also take many different shapes and levels of complexity. But they should all tell you what the RSSI and Tx power requirements are for supported MCS/data rates on each band/PHY.

The transmitter section should also provide clarification on the maximum transmit power that the chipset is capable of on any given frequency. This will allow knowing what the maximum transmit power you might want to set your APs to transmit at.

On more detailed documents, you may see some intimidating transmit power tables, I will try to break some of the fields down for you. You may also find power values that seem to be quite low. The table below describes the characteristics of a chip's output without an external PA (Power Amplifier).

Of most relevance, the following symbols/definitions will help make sense of this table.

Ftx: The range of frequencies that the device can operate on.

Pout: Output power, calculated after the determination of Input Power (Pin) and DC power consumption of components.

EVM: Error Vector Magnitude. This measures accurately the wireless system transmits symbols within a constellation. EVM measures the quality of a transmitter or receiver by identifying sources of signal degradation. Think of this as tolerance for noise in an electrical system or environment, or a standard deviation from the ideal vs reality.

SPgain: This is the size of each "step" the device can take in increasing or decreasing the transmission gain, in dB. In the table below, the chip can only increase or reduce signal strength in values of .5 decibels.

A great slide deck on some of these concepts can be found at: http://rfic.eecs.berkeley.edu/ee242/pdf/Module_6_1_PA_Sys.pdf

Every datasheet will be different, though a manufacturer may likely stick to a consistent format, it is likely that you will end up working with many different manufacturers if you stick around for a bit. Familiarizing yourself with the contents of these documents, and understanding what they can tell you about a wireless chipset (or any electronic device) will benefit you greatly, if even just for appreciating the complexity of the technology that you work with.

The order in which this information is presented is not necessarily how it may appear in the datasheet you are referencing, but hopefully, it will help you find what information you are looking for.

Twitter: @WiFi_Ben

LinkedIn

https://red7wireless.com/

The framework is comprised of four process groups, seven design processes, and a cross-cutting process for Quality Requirements. It is launched at the completion of requirements engineering or at the point when requirements engineering are sufficiently complete to begin the design process as the requirements and architecture are inputs to the framework. The groups include Network, Data, Apps, and Operations. In the Network group, the Wireless IoT Network, Wired Network, and Supporting Services are the focus. In the Data group, the IoT Data Protocols (DDS, MQTT, CoAP, HTTPS, etc.) and Data Storage and Streaming are the focus. In the Apps group, the applications are the focus including event monitoring, dashboards, analytics, reporting, AI, ML, control, and custom applications. Finally, in the Operations group, the focus is on Monitoring and Maintenance.

Each design process within a group provides the most common elements that must be considered or designed in the process. At first, it may appear that some items are missing from the lists. Consider the example of frequency. A quick glance at the framework reveals that we have not included the term frequency or the phrase frequency band in the list. However, notice that protocols and channels are in the list. Indeed, the protocols you select to use and the channels on which the network will operate determine the frequencies or frequency bands that will be implemented. It is assumed that this framework will be used by a professional who understands regulatory constraints for the target region. Therefore, regulatory agencies and regulatory control are not directly listed either.

Another example is the Hardware component in the Wireless IoT Network task. This is inclusive of end devices, gateways, FFDs, RFDs, and basically any device that is part of the wireless IoT network. Generally speaking, to design the wireless IoT network, you will start with the end devices, understanding what is required by them, and then implement the wireless IoT network design to meet these requirements. You do not typically start by choosing a wireless IoT protocol, like ISA100.11a, and then ask, "How do I make these devices work with this?" Exceptions do exist, of course, such as when an existing wireless IoT network is in place and the organization wants to add end devices to that network. The goal was to provide a framework that motivates the consideration of the important factors, which will, in turn, lead to other factors of which the professional is aware.

One final note about the framework should be made. Notice that one component is in every design task within every group: Quality Requirements. Security should be a consideration in every element of the design. Using this approach results in better security overall. Security is a cross-cutting or horizontal requirement. If you consider the wireless IoT network, wired network, supporting services, IoT Data protocols, etc., as vertical design tasks, security and other quality requirements drive horizontal design tasks. This is not unusual to a quality requirement imposed on the design. To achieve these quality requirements, they must be considered within each component of the system because the goal is end-to-end security, end-to-end QoS, end-to-end reliability, etc.

For more detailed information on the application of this framework, see the CWIDP-401 Study and Reference Guide, Chapters 6 and 7.

Spatial Stream

In the example below we have a 1:1 device that is capable of 1 Stream at time being served by one AP which is capable of 3 Streams at time. Normally devices like Tablets and Smartphones use 1 Spatial Stream to expend less energy and save more battery but in the other hand has less data transmission and throughput.

Throughput vs Data Rate

Explaining about Throughput vs Data Rate. Interferences like CCI, OBSS, Non-Wi-Fi Interference and other devices communication can reduce the airtime available making the throughput much lower than the data rate obtained by the endpoint device.

Observe in the picture above how the throughput reduced compared to the initial data rate available at the beginning

Guard Interval

− Gap between Symbols
− Protects against signal corruption due to inter-symbol interference
− Use of Short Guard Interval is configurable
− Guard Interval is used to avoid signal loss from Multipath effect

In MIMO Technology introduced with 802.11/n one of the benefits is the usage of Multipath. The RF Signals reach the receiving Antennas by multiple paths (Diffraction, Reflection, Scattering, etc.), if the last information symbol reaches the antenna too fast, signal can interfere with the earlier information symbol meaning signal degradation so guard interval put some pauses between those transmissions which increase the performance in the end. Shorter interval increases more the Data Rate and performance than Long Interval as you could observe in the table above when talked about the protocols.

Device Type comparison in 802.11n and 802.11ac

Frame Aggregation improvements on 11ac compared to 11n – see graphics below

In terms of frame aggregation, for 802.11n the largest MPDU size is 7935 octets while in 802.11ac the maximum size is 11 454 octets.

LAB Test 1 – Client test with iperf3 running 802.11n on 5Ghz – 20Mhz Channel

Information about the APs, Controller and 802.11n configuration

3 Clients with 802.11/n at 5Ghz

Controller Configuration with 802.11/n disabled

Tests with clients running iperf3 client with defined 10 times

Macbook Pro 16" - Avg 37.1 Mbps

Windows 10 - Avg 32.3 Mbps

iPad Pro 11" - Avg 18.3 Mbps

LAB Test 2 – Client test with iperf3 running 802.11ac on 5Ghz – 20Mhz Channel

Information about the APs, Controller and 802.11n configuration

3 Clients with 802.11/ac at 5Ghz

Controller Configuration with 802.11/ac enabled

Tests with clients running iperf3 client with defined 10 times

Macbook Pro 16" - Avg 64.1 Mbps

Windows 10 - Avg 43.2 Mbps

iPad Pro 11" - Avg 81.2 Mbps

Conclusions

Results:

Avg Performance

802.11/n - 29.23 Mbps

802.11/ac - 62.83 Mbps

11ac - Improvement over 11n

114.95%

Observations

During the tests we could observe that in environments with only few clients 802.11n clients had not affect in terms of performance but when connecting more clients to AP we could observe a big degradation in performance specially IOS and MacOS clients, Windows clients degraded but not much compared to Apple devices.
Because of MU-MIMO Technology used in 802.11/ac it helped on performance attending more clients at same time increasing performance in general for all clients connected to the same AP.

Click here for part 1.

Marcelo Ferreira

Wireless Specialist acting in the Wireless Field since 2005 in different projects Indoor and Outdoor for different vendors in the Market in different segments. Wireless Certifications globally recognized:

CCIE Enterprise Wireless #65117
CWNA – Certified Wireless Network Administrator
CWDP – Certified Wireless Design Professional
CWAP – Certified Wireless Analysis Professional
CWISA – Certified Wireless IoT Solutions Administrator
CWSP – Certified Wireless Security Professional

References

− CWAP Study Guide by Tom Carpenter and other Authors
− CWNA Study Guide by David Coleman
− QAM Formats - https://www.electronics-notes.com/articles/radio/modulation/quadrature-amplitude-modulation-types-8qam-16qam-32qam-64qam-128qam-256qam.php
− Modulations - https://mimomax.com/about-us/our-technologies/modulation-rates/
− Cisco Wireless eBook - http://cs.co/wirelessbook
− 802.11ac: A Survival Guide by Matthew S. Gast
− MAC level Throughput comparison: 802.11ac vs. 802.11n - Oran Sharon, Yaron Alpert

Considerations

1- We are considering the WAN is functioning correctly with good latency and performance and will not be considered as part of any comparison on this document.

2- No Tests or other comparison will be done in 2.4Ghz frequency because the 802.11/ac works only in 5Ghz and for 2.4Ghz it continues to use 802.11/n protocol which is already being used by ACME and is not part of the studies we want to demonstrate.

3- As in ACME we use in the Wireless Infrastructure a Channel Width of 20Mhz, for the purpose of the tests we will only perform tests with 5Ghz in 20Mhz channel width.

4- The tests are going to be performed with a Fast Ethernet Switch so the best Speed we will achieve will be about 90Mbps during the tests using iperf3 in the best-case scenarios.

5- The Wireless Controller we are going to use during the tests will be Cisco 9800-CL with image 17.3.4 without APSP patch applied. This image is currently the one used in Production for New WLCs at ACME.

6- The Access Points being used in the tests will be Cisco 1832i which with the following support:

802.11/n version 2.0
− 3x3 MIMO with 2 spatial streams
− Maximal Ratio Combining (MRC)
− 20- and 40-MHz channels
− PHY data rates up to 300 Mbps (40 MHz with 5 GHz)
− Packet aggregation: A-MPDU (Tx/Rx), A-MSDU (Tx/Rx)
− 802.11 Dynamic Frequency Selection (DFS)
− Cyclic Shift Diversity (CSD) support

802.11/ac Wave 1 and 2
− 3x3 MIMO with 2 spatial streams, single-user or multiuser MIMO
− Maximal Ratio Combining (MRC)
− 802.11ac beamforming (transmit beamforming)
− 20-, 40-, and 80-MHz channels
− PHY data rates up to 867 Mbps (80 MHz in 5 GHz)
− Packet aggregation: A-MPDU (Tx/Rx), A-MSDU (Tx/Rx)
− 802.11 Dynamic Frequency Selection (DFS)
− Cyclic Shift Diversity (CSD) support

7- The endpoint devices considered in the tests for this documentation are:

− Windows 10 – VMWare image with USB Wireless Card Model – Edimax AC1750 – 3 Spatial Streams
− MacBook Pro 16" – 3 Spatial Streams
− iPad Pro 11" – 2 Spatial Streams

8- Topology used for the tests:

Briefing

We are going to start this document talking about 3 main needs on Enterprise Wireless Infrastructure:

1- Coverage: Good Wireless Design, Good Devices used in the Solution, Right Protocol used (e.g.,11/n – 11/ac, etc.)
2- Capacity: Right number of users distributed per Access Point, Spatial Streams, Types of Devices, Types of Application usage
3- Roaming: Right roaming protocol in the WLCs (FT, OKC, 11v, 11k, etc.), right wireless drivers running on endpoints (Tested Standard Drivers)

Before starting with the tests, we need to give you some technical background about the two technologies involved in 11/n and 11/ac:

• The 802.11 Protocol for 11/n
•  The 802.11 Protocol for 11/ac

The 802.11 Protocol for 802.11/n

− Introduced in 2009
− Uses HT PHY – High Throughput
− Transmit Beamforming (TxBF)
− Space Time Block Code (STBC)
− Uses 20Mhz and 40Mhz divided in primary channel and secondary channel
− Operates in 2.4Ghz and 5Ghz Bands
− Introduced the Technology MIMO – Multiple Input Multiple Output – Transmits Multiple Streams of Data to the Receiver.
− Supports up to 4 Spatial Streams
− Modulation Rates – up to 64 QAM with 6 bits per Symbol – Explained later in more details
− Data Rates up to 600Mbps depending on number of Spatial Streams used by Endpoint device. – Explained later in more details

Modulation Rates

Modulation Rates means the number of the bits per symbol for transmitting data. The more bits that can be represented by a symbol the more data can be transferred across the network. Higher modulation means more data transmitted and better usage of Spectrum. 802.11/n can reach up to 64QAM Modulation. Giving some examples below:

Data Rates

Modelez Laptops are in most cases (I didn't see any with 3 Spatial Stream yet) 2 Spatial Stream capable devices. In 5GHz band using Short Guard Interval or SGI (Explained later) can reach Data Rates of 144.4 Mbps in 20Mhz Channels and without SGI reaches up to 130Mbps.

The 802.11 Protocol for 802.11/ac

− Introduced in 2013
− Uses VHT PHY – Very High Throughput
− Explicit Beamforming (advanced signal-processing technique used in multiple-antenna communications)
− Uses 20Mhz, 40Mhz , 80Mhz and 160Mhz
− Operates in 5Ghz Band only. For 2.4Ghz the protocol used is still the 802.11/n.
− MIMO and MU-MIMO – Takes advantage of Beamforming increasing capacity and performance and uses Spatial Reuse where the same channel can be used in different areas by the same access point.
− Supports up to 8 Spatial Streams. In Practical Scenarios only 4 Spatial Streams Access Points are commercialized. 8 SS is more used in 802.11/ax which is not going to be discussed in this document.
− Modulation Rates – up to 256 QAM with 8 bits per Symbol – Explained later in more details
− Data Rates up to 6933.3 Mbps with 8 Spatial Streams but in practical Scenario we can consider 4 Spatial Streams and up to 3466.7 Mbps at 160Mhz – Explained later in more details

Modulation Rates

Modulation Rates means the number of the bits per symbol for transmitting data. The more bits that can be represented by a symbol the more data can be transferred across the network. Higher modulation means more data transmitted and better usage of Spectrum. 802.11/ac can reach up to 256QAM Modulation which represents ~33,33% more bits per symbol for data transmission:

Data Rates

Modelez Laptops are in most cases 2 Spatial Stream capable devices. In 5GHz band using Short Guard Interval or SGI (Explained later) can reach Data Rates of 173.3 Mbps in 20Mhz Channel and without SGI reaches up to 156 Mbps, which increased the gain in the data rates in 20% in 20Mhz channel

Stay tuned. For part 2, click here.

The overall impact of technological advances on individuals and businesses has become immeasurable, especially in the last decade. Interconnectedness is now valued as populations grow and as people strive to improve their quality of life. Thanks to these advances, major metropolitan areas around the world have started to transition into smart cities, aiming to use information and communication technologies to develop sustainable practices.

One of the major aspects involved in this transition is the implementation of smart mobility. In fact, data from Report Linker predicts the global smart mobility market size to reach $91 billion by 2026. Moreover, the market will enjoy bright prospects such as supportive government initiatives and increasing demand for transportation support and tech professionals. This goes to show that smart mobility will be making a significant impact on smart city advancements and in today's technological developments as a whole.

What exactly is smart mobility, and what are the benefits we can expect from it?

What is Smart Mobility?

Verizon Connect defines smart mobility as an intelligent transportation and mobility network that is used in daily life and business. Traditional motor vehicles, electric vehicles, public transportation systems, and even on-demand car-sharing programs, such as Uber and Lyft, can all benefit from this particular technology. Rather than using one's own vehicles, efficiency and safety can be promoted through the use of different modes of transportation. Smart mobility can help address concerns around traffic congestion, loss of productivity and money, and even pollution. As we mentioned in our post 'What to Expect from 5G', these connected vehicles will provide the foundation for modern metropolitan areas.

What are the Benefits of Smart Mobility?

• Provides accessibility to public transportation

Smart mobility is based on the concept of Mobility as a Service (MaaS) — it makes modes of public transportation more accessible, reliable, and efficient. Intelligent Transport notes that the development of tools for commuters is being prioritized, such as contactless payment methods, adaptive algorithms that can improve over time and react to unexpected events, as well as platforms that can transmit information to potentially all transit agencies in North America.

• Decreases traffic congestion

Owning a vehicle is initially attractive because of the convenience it poses as compared to a hectic everyday commute. However, the more vehicles there are, the more congested the roads become. The American Transportation Research Institute predicts that congestion costs the U.S. freight sector $74.1 billion annually, and $66.1 billion of this occurs in urban areas. However, smart mobility can now connect traffic lights, respond to real-time traffic, and can connect with other cars to communicate for smoother navigation. This is especially useful to fleet managers, as well as auto and tech companies.

• Promotes sustainability

The rising population and urbanization demand sustainable infrastructure and systems, which smart mobility can provide. Additionally, the high demand for energy grids and smart meters has heightened the requirement for energy utilization control and the development of more sustainable models, such as smart cities. Thanks to the concept of MaaS, intelligent routing, and efficient energy management applications, smart mobility can reduce greenhouse gas emissions and traffic congestion in the city.

The smart mobility sphere is now opening areas of cooperation among its constituents; citizens who are the main consumers of the service, public authorities responsible for its management and implementation, and of course, urban planners and tech professionals who are working to develop systems better. We can expect more professionals to join the industry and anticipate the growth of the smart mobility market in the future years.

Article written by Riley Jordyn

In the same way, those of us who work with wireless from design, support, engineering, and development perspectives do not think of wireless as boring, but our users should. You see, when it's boring it means it's working. It's just there - doing its job. That's what users want. They do not care if it's 11ac, 11ax, or 11xyz. They just want it to work.

To make wireless boring, you have to:

• Make sure it's there - coverage and resiliency
• Make sure it works - functionality
• Make sure it performs - capacity
• Make sure it's safe - security

Now, we know that coverage, resilience, functionality, capacity, and security are provided through the implementation and configuration of, sometimes complex, but always exciting capabilities and designs. At least, to us.

Boring, according to the world's psychologists is "to be characterized by iteration or dullness." My use of the term here is more colloquial and means, simply, uninteresting. When is the last time you heard a user go into a coffee shop and connect to Wi-Fi only to begin singing the praises of the wireless network and the engineers who designed it? Probably never. However, if it's not boring to them, if it's interesting to them, it's because it doesn't work. Therefore, we do not want the wireless network to be "interesting," we want it to be boring - to them.

Ultimately, this is what the new CWDP (update) and CWIDP (new) certifications will be all about. They will focus on the hows and whats of good design that results in, well, a boring wireless network - whether for user access or IoT. So, as we near the release of these certifications in September of this year, get ready to be excited about creating boring wireless networks and get certified to do it.

Tom Carpenter

Access Points

If you're going to learn more about wireless networks this is almost a no-brainer. I would recommend getting a couple of enterprise-grade Access Points since you usually have much better control over the settings on them than the home-based devices, plus depending on the device you may be able to get one that will allow you to do other advanced features such as external antenna support, packet captures, 802.1X authentication, etc.

Clients

I was told, "Without wireless clients, wireless would be awesome, it's those blasted wireless clients that screw everything up." These can be a fairly easy one to come by, it could be a phone, tablet, laptop, or even some USB wireless cards. Each device performs and receives the wireless signal (RSSI) somewhat uniquely. Also, they each have a wide range of capabilities, and it's a good idea to test these clients in different situations or environments to know how they will perform also, in a controlled environment you may be able to discover what could potentially break based on a certain setting before pushing this out to production

Switches

Wait a minute, I am trying to build a wireless network lab why would I need do to anything with the wired infrastructure? This is because the wireless network is still very reliant on the wired network to function. A misconfigured wired network or device could easily affect connectivity to the wireless network. Don't worry, these could range from a simple inexpensive unmanaged switch that connects your devices in an isolated environment to a Layer 3 managed PoE switch that allows you to do all kinds of advanced features. Really I would start with something basic and move up from there as your skillset or needs require it.

Computers

Something else that I have started doing more with is having a few different computers to build some lab environments to test what-if scenarios. Again, these don't need to be anything elaborate. This could be as simple as an older machine that you can freely format and reload various operating systems on without the risk of losing any important data, a hypervisor environment that you start and stop on your local machine, to a bare metal virtual environment that you can spin up any number of virtual machines or better yet deploy prebuilt virtual appliances or applications. There are many different options and depending on your environment and use case any of these could be correct.

Other Tools

This is where you can go in quite a range of directions and depending on the use case all of them could be right.

One of the important ones is a WiFi scanner. This could be a simple app on your phone or tablet, software that is installed on your local machine to show all kinds of information about the networks around you, or a handheld scanner that gives you all sorts of information. This is something that I find that I use quite often in the beginning stages of diagnosing or troubleshooting a wireless network and can be used to discover what settings are configured on a wireless network.

Another great tool is a protocol analyzer. If you have to do any kind of advanced troubleshooting or if you need to determine the capabilities of a device to see if it is compatible with your wireless network. A Protocol analyzer will be your best friend for finding and interpreting this information.

Lastly, a spectrum analyzer is a great tool for finding and identifying nearby sources of interference that could be impacting the performance of your wireless network, these can range greatly in price depending on their features and resolution refresh rate.

Conclusion

Something that I was told in the past and seemed to quite enjoy is, "You never know how good you are until you have to undo something you just did." for me, I would much rather try and figure this out in a lab environment than a production environment, but maybe I'm just strange and don't have a sense of adventure.

The information presented in this blog post is not meant to be an all-inclusive list of all the devices or options that you could use, but more as a starting point and introduction to these tools. I hope that you have enjoyed this blog post and I want to thank you for taking the time to read it, if you have any questions reach out to me at @WiFiIan on Twitter or check out my blog at https://www.stoutwireless.com/

A Big Fat Zero!

I was excited to write about passing the CWAP Exam and that you could, too. Except, I didn't pass the exam. I didn't fail my other CWAP exams up to this point. I knew the CWAP exam's reputation was that of a difficult exam. Therefore, I'm going back to the drawing board, and in order to pass the exam on my second attempt, I'm going to breakdown the learning material into bits-'n-pieces. I hope you find these nuggets useful. Let me know because I'm happy to share additional detail and any edits I make to this framework.

But you failed it—right?

Yeah—I did.

I thought I knew the frame categories well. I didn't. I thought I understood their use and where they logically fit. That was until I took the exam, and I realized I didn't know my frame types well. In fact, improving this one area is enough to pass the exam next time. Oh yes, next time is fast approaching!

Below is a logical breakdown for Management Frames, which perform connection management. I broke them down into sub-categories on Quizlet, a free self-service quizzing platform – think electronic notecards.

source: https://quizlet.com/571739414/cwap-cards-name-your-frame-with-ss-ds-bonus-flash-cards/?new

The Executive Summary:
Use the groupings to help assist you in destroying the frame category on your upcoming CWAP exam!
MANAGEMENT:
Anything with association or dropping association, MANAGEMENT.
Anything with Probe or Beacon, MANAGEMENT.
ATIM, Authentication or Action, MANAGEMENT.
DATA FRAMES:
Anything Data
Anything QoS
Almost everything with CF... except CF-End + CF + ACK
CONTROL FRAMES - all else.

Breakdown
Management has everything to do with BEACONS & PROBE:
Beacon
Probe Request
Probe Response
Management has everything to do with ASSOCIATION:
Association Request
Association Response
Reassocation Request
Reassociation Response
Management- Everything to to join or drop the connection- hint: (Does it ADD Up?):
Authentication
Dissassocaition
Deauthentication
Management- The Odd Ones- I cannot group these, but they are management. You would say it's a hint they start with A, but Control Frames have one "A" member.
Announcement Traffic Indication Message (ATIM)
Action
Action no Action

Control Frames- assists in delivery of traffic. They all seem like direction & control.
Clear to send (CTS)
Request to Send (RTS)
Acknowledgement (ACK)
Block ACK (BlockAck)
Block ACK Request (BlockAckReq)
PS-Poll (*Requests data with power save)
Control Wrapper
Reserved
Control Frames- the odd ones:
CF-End + CF + ACK; odd because all other CF titled frames are Data
Frames, but not this one.

Data-
Collection of the data named data frames
Data
Data + CF-ACK
Data + CF-Poll
Data + CF-ACK + CF-Poll
Data- The CF Data frame combining
CF-ACK (no MSDU)
CF-Poll (no MSDU)
CF-ACK + CF-Poll (no MSDU)
Data- Collection of the QoS:
QoS Data
QoS Null (no MSDU)
QoS Data + CF-ACK
QoS Data + CF-Poll
QoS Data + CF-ACK + CF-Poll
QoS CF-Poll (no MSDU)
QoS CF-ACK + CF-Poll (no MSDU)
Data- The Odd One:
Null Function (No MSDU)
*and I do find this one really odd because it's to control/manage power. So wouldn't that be control/management? No. It belongs to data, let it be with data.

The executive data restated:
Use the groupings to help assist your brain of the correct frame category.

MANAGEMENT:
Anything with association or dropping it, MANAGEMENT.
Anything with Probe or Beacon, MANAGEMENT.
ATIM, Authentication or Action, MANAGEMENT.
DATA FRAMES:
Anything Data
Anything QoS
Almost everything with CF... except CF-End + CF + ACK
& the odd one Null Function
CONTROL FRAMES - all else.

Clear as mud? Maybe. Exposure and experience are everything, this is just another tool, but I hope it helps you with your journey.

Twitter @jamieinbox

SCADA systems aggregate data and control related to PLCs and RTUs that are then connected to sensors and actuators (and sometimes more complex aggregated devices). Because SCADA systems aggregate data from multiple sources, decisions related to one component can be made based on the state of other components, which is more challenging with traditional PLCs and RTUs alone (though the line is more blurred today).

An entire industrial automation solution may include sensors and actuators reporting to a PLC or RTU. Field HMIs may be available for engineers and staff to monitor the system locally and even provide control input. The PLC or RTU feeds the data back to the SCADA system where central monitoring and control is available and complex logic can be used to make important decisions.

If you've studied for the CWISA exam, you know that a decision must be made about control of wireless IoT devices. This decision includes the possibilities of the edge, somewhere in the middle (fog or local servers), or centralized (cloud or enterprise servers). When a near instant decision must be made for safety or defect reduction, edge processing is important. While network latency is reduced more each year, many decisions can still be made at the edge and should be. Other decisions are made for the next hour, day, week, or month based on the sensed information. These decisions can happen just about anywhere on the network - local or remote.

The primary benefit of a SCADA systems is that, typically, PLCs and RTUs are onsite. This results in the need for onsite visits to reprogram them or potentially even to monitor them. While other remote control and monitoring options may be available, the SCADA solutions are most commonly used to gain access to these remote industrial solutions (think, electrical power grid components, oil and gas pipelines, sea stations, or any other remote system that may require control).

Modern SCADA systems integrate with standard enterprise databases, such as SQL Server and Oracle, and even allow for web-based access. APIs may be available for programmatic access into the SCADA system or direct access to data stores may be used to integrate the solution with the enterprise environment.

Ultimately, a good SCADA solution will provide for data acquisition (as the name implies), network data transfer, data representation (for inter-system compatibility), and control. To accomplish this, you implement sensors and PLCs/RTUs, network connections, and SCADA software respectively.

Again, if you've studied for the CWISA, CWIIP, CWICP, or CWIDP exams, you are familiar with the Industrial IoT concept and have likely seen the similarities. An IoT sensor communicates with a gateway/controller/coordinator (like the PLC or RTU) and the data is passed on through the network, often using something like a broker (like MQTT servers), to get the data to the enterprise system (like the SCADA solution). The beauty of IIoT today is that SCADA solutions and modern wireless IIoT solutions can easily coexist. Data from the SCADA system and the wireless IIoT systems can be integrated using common protocols, languages, and databases to provide for a complete view of the systems while taking advantage of the most advanced IoT options available.

For this reason, I will present three arguments for the value of certification and the fact that it still holds value today as a general concept.

1 - Certification is Validated Training

Whether you do self-paced learning or attend a training class, certification is not just about knowledge acquisition, but about acquiring that knowledge and then proving it. Training without testing would be like going to college for four years, getting a degree at the end, but doing nothing more than sitting through lectures and participating in labs that may or may not have been successful. Thankfully, colleges (mostly) do not work this way. Certifications (not just in technology) attempt to bring this learning rigour to the continuing education market and, in my opinion, most certifications do it well. I've often told people that passing a certification exam proves you can pass the exam. Not passing it proves nothing. It's my minimalist argument for getting certified [smile].

2 - Quality Certifications Take You on a Journey

As I observe the Job Task Analyses (JTAs) we perform at CWNP each year, one thing has become clear: well-design certifications take you on a journey that would be less organized and nearly impossible, in some cases, to take on your own. A room of experts get together and talk about what an administrator, analyst, designer, integrator, or some other role must know and do to fulfill the role. Experts have built the certification content, which leads to learning materials and exams that teach and prove knowledge of and experience with that content. While I cannot speak for all certifications, I do know that most quality certifications use a similar JTA process to CWNP's process and the results are usually beneficial to the candidate. I have had significant experience with AWS certifications in the past few years and feel that they also do an excellent job of ensuring the credential has value. I've also gone through some vendor certifications and can say the same for them. They take you on a journey that is designed by experts to help you build expertise.

3 - Credentials Still Matter in 2021

Credentials that mattered in the past do not necessarily matter today. For example, less and less weight is placed on Windows-related certifications, but Linux, Programming, IoT, and networking certifications still provide value for job candidates (Windows certifications do as well, but, oddly, many companies now assume technologists have that knowledge [hand to forehead]). Many IT job postings still list certifications desired (though infrequently required). If I am applying for a job with the same experience as my competitors and I interview as well as them - all else being equal - my possession of certifications that they lack will frequently put me over the top. Even lesser-known certifications can provide value in this way. Many have reported being asked what a particular certification is during a job interview only to be informed later that it was a big part of their selection - particularly if the certification was one requiring a rigorous process.

In the end, my response is, YES, certifications have value and they matter in 2021. It's about selecting the right certifications that guide your learning journey and provide you with credentials that add value to your experience.

• Controlling Variables: Examples include temperature, pressure, fill level, size of machined objects, weight, and more. The control system can adjust heat levels, flow levels, and other factors to achieve the desired output (temperature, pressure, etc.).
• Controlling Sequences: The sequence of events is controlled based on the results or feedback from other events. For example, a conveyor belt may transport a part into a machine and stop until the machine is finished with its processing. If the machine is successful at achieving the desired results, the part is moved out of the machine and to the next phase and the next part is moved into the machine. If a failure occurs in the machine, the part is discarded or an alert is triggered. The sequence of events is controlled by the control system that monitors the systems and processes. Additionally, the actual sequence of events may be defined by the control system dependent on settings. William Bolton gives the example of a washing machine with the setting to "whites". The machine is activated for a specific sequence based on the control system, which is configured for "whites". If the setting is changed to "towels", a different sequence is initiated by the control system.
• Controling Event Occurrence: In some cases, an event should not occur unless a control system releases it to occur. The example of the waching machine fits here as well. The door lock on the washing machine acts as the control system preventing the wash from starting unless the door is closed. This control systems is particularly important for a front load waching machine.

A complex control system may indeed use all three categories of control or some combination of them.

In this context of industrial automation, a system can be defined as any unit that receives input and produces output. The concern of control is the output of each system, which may demand control of the input as well. As an analogy, consider a water filtration system in your home. The input is unfiltered water and the output is filtered water. You may not understand or care about the actual filtration process that occurs within the system. You are, however, concerned with the output being "better" than the input. The system may use one filter or it may use several filters. You care only that the output has fewer contaminants in it than the input had originally.

Industrial automation may include systems that machine parts, assemble components, heat elements, cool elements, and more. The control system ensures that these industrial systems are operating such that the output is as desired. The control system may be localized or distributed. A localized control system is like that in a washing machine (considering traditional machines and not those with IoT-enabled remote control). A distributed control system indicates that the parameters of control can be defined from a remote location at the same site or even another site.

Two types of control systems are used within industrial implementations: open-loop and closed-loop. Open-loop control systems receive no feedback from the output, they simply control the input based on a defined value or set of values. Closed-loop control systems do monitor and receive feedback from the output allowing for dynamic adjustments to the input in the achievement of the desired output.

To make is as simple as possible, think of an open-loop control system as one configured to pour 12 ounces of fluid into each container that passes by on a conveyor belt. Thinkg of a closed loop system as one that is configured to pour fluid into a container until it reaches a defined level and the level is monitored during filling. The level is fed back to the input and causes the flow to stop once the level is reached. Open-loop control systems are less expensive and are, therefore, useful in many scenarios when feedback is not required. In a later article, I'll discuss the details of how closed-loop control systems are schematically defined and mechanisms used to implement them.

Now that you understand the basics concelts of control systems, you can explore two implementations for managing them: programmable (or progammed) logic controler (PLC) and distributed control system (DCS).

A PLC is a computer-based controller that allows for simplified programming of logic, resulting in the control of industrial (or other) machinery. The washing machine example given previously proves useful here. A microprocessor is used in the modern waching machine to enable different motors at different speeds and open different valves at different levels and all at different times depending on the settings configured on the washer. The PLC differs in that it can be reprogrammed by the engineer to perform different functions. For example, one run through a process may be filling bottles that hold 12 ounces of liquid and the next run will be filling bottles that hold 20 ounces of liguide. The program on the PLC can simply be changed to manage these differences.

Productivity1000 Stackable Micro PLC (Source: AutomationDirect.com)

It is a logic controller because the program effectively says if A then B, or if A and B then D, or if A not B then C, etc. In general terms, the PLC receives input from sensors and provides output to actuators. The internal logic is used to control the actuators based on the program instructions and, possible, input from the sensors. The IEC 61131 standard defines network communication blocks that can be used to standardize the communications within and between PLC systems. These include communications such as:

• CONNECT
• READ
• WRITE
• NOTIFY
• STATUS

A common programming method for PLCs is ladder programming (LAD). LAD uses ladder diagrams to define the operations of the program. It can be implemented as a sort of visual programming where switching circuits are drawn to define the process. While it is beyond the scope of this article (and series) to go far beyond terminology definitions, a good resource is Willam Bolton's book, Programmable Logic Controllers, Sixth Edition.

PLC networks may be constructed that allow PLCs to communicate with other computer systems, the Internet, and other PLCs. This option allows for centralized control and management of all PLCs.

The line between PLCs and DCS solutions have been blurred in recent decades due to the use of PLC networks; however, a fundamental difference is that a PLC is technically a standalone control programmed for a specific task (source: Difference Between DCS and PLC) where DCS solutions function as control systems that work through multiple levels to achieve the end result. According to instrumentationtools.com, DCS solutions were designed to control processes and not discrete operations. Another key difference between PLCs and DCSs originally was that PLCs use the ladder logic programming and DCSs use the function block programming. However, that has even changed today as PLCs often support function block programming as well.

The general differences in use between PLCs and DCSs is summarized by Automation World (https://www.automationworld.com/products/control/article/13311313/plc-vs-dcs-which-is-right-for-your-operation) as follows:

• Response Time: PLCs are generally faster and more suitable for real-time safety critical scenarios.
• Scalability: DCSs are generally more scalable, though PLCs can be scaled through PLC networks and can be more complicated than DCSs when scaled.
• Redundancy: DCSs, while not technically more redundant in capabality (multiple redundant PLCs can be used), are typically more cost-effective when redundancy is required.
• Complexity of System: More complex systems tend toward the use of DCSs and less complex systems tend toward the use of PLCs.
• High Variability in Processes: PLCs are best used when the process does not change frequently and DCSs are more suited for this.

In the next article within the terminology series, we'll address remote control and management through the use of SCADA systems. When you finish reading the series, you will have a good foundational knowledge of the technologies and terminology used in industrial networking and automation, which will help you better integrate wireless IIoT solutions into these spaces.

In much the same way now, computer systems can experience the world through the senses of sight, hearing, feeling, and other senses that are not even available naturally to us as humans. They accomplish this action using sensors. Sensors have been around for many years, with some of the earliest designed nearly a century ago. However, the significant introduction of networked computing devices with sensing abilities has changed everything. This change is delivered today in wireless sensor networks (WSNs) or simply sensor networks (when wired links are used).

A sensor is a device that can perceive varying states related to the physical world. Sensors are implemented through the natural responses of particular elements, like metals and other components, to changes in state. For example, metals will introduce a slightly different resistance when bent as compared to being straight. This difference is used in many strain gages to detect the slightest bend in the metal and therefore the object (like a wall) to which the sensor is attached.

Connected sensors and actuators are sometimes called cyber-physical devices. Collections of these devices and the entire solution, including monitoring and control, are sometimes called cyber-physical systems. A cyber-physical system (CPS) is an orchestration of computers, machines, and people working together to achieve goals using computation, communications, and control (CCC) technologies. Although the term CPS was coined only in 2006 by Helen Gill of the National Science Foundation (NSF), the CCC core technologies of CPS have had a rich and long history. Significant milestones for CPS include control theory in 1868, wireless telegraphy in 1903, cybernetics feedback in 1948, embedded systems in 1961, software engineering in 1968, and ubiquitous computing in 1988 (Hausi A. Müller, The Rise of Intelligent Cyber-Physical Systems, ComputingEdge, October 2018).

A WSN is a collection of wirelessly networked sensor devices, effectively forming a core component of a CPS. These devices may connect to the network through direct connections to access points, through ad-hoc networks, through mesh networks, or even through LTE or 5G networks. WSNs are often considered a subset of the Internet of Things (IoT). Indeed, not all IoT devices are sensors, but sensors, particularly those reporting to a central cloud, may be IoT devices. It is very common to discuss Industrial IoT (IIoT) as a concept without ever using the phrase wireless sensor network even though many IIoT implementations are indeed WSNs connected to the cloud. At the same time, it is essential to realize that the WSN is the local network of sensor devices that may or may not participate in a complete IIoT solution.

As WSNs and sensor networks grew, the next evolution was the addition of interaction with the physical world. Sensors experience the world around them. Actuators interact with the world around them. A wireless sensor and actuator network (WSAN) is a wirelessly networked collection of sensors with the ability to take action or direct that actions be taken in the real world.

For example, with your sense of touch, you may determine that a surface is hot enough that it will cause you harm. That is sensing and sensing alone. However, you also have the ability to actuate a change in response to the sensed stimulus. You can quickly move your hand away from the hot surface. Your sense of touch has actuated your movement away from the heat.

In a WSAN, an actuator may cause an item to move from an area that may cause it damage, change the thermostat settings to reduce or increase the temperature in an area, or stop a conveyor belt when human danger is detected. The key is to understand that actuators can take actions in the real world.

In the next part of this series, we will discuss systems used to manage sensors, actuators, and other IoT devices from past and current use, such as SCADA and DCS solutions.

The term industry is most accurately used to reference the activities focused on manufacturing products. When we use the phrases "in industry" or "within industry", we typically mean "in factories and other product assembly or creation environments." The products could be final products for sale to consumers or they could be parts used by other manufacturers to create products from those parts. Some organizations operating within the realm of industry are better thought of as assembly operations. They simply take parts manufactured by other organizations and assemble them to create a final product. Whether assembling parts or manufacturing parts and products from raw materials, all such processes can be defined as industrial and function within the business sector of industry.

This brings us to the second part of our phrase: automation. To automate something is to cause it to occur without human intervention. A human may start the process or the process may be started by another process or device, but once started, the process completes without intervention. I could have simply said that automation is "making a process or system operate automatically," but that's just a bit reciprocal. I feel that the clarity of "without human intervention" is a better way to define the term. To be clear, a multi-step process may look more like this:

1. Step 1: A human does it.
2. Step 2: Automated.
3. Step 3: Automated.
4. Step 4: A human does it.
5. Step 5: Automated.

In other words, solutions may not be available to fully automate some processes. Enhancements in robotics, artificial intelligence (AI), and human-computer interaction continue to remove the kinds of tasks or operations that cannot be automated. For now, some operations, whether due to safety concerns or expense, continue to be performed manually or with computer assistance by humans.

When considering how computer systems can be used in automation, the model, aptly named "Roles of Computer" in the 1978 paper by Sheridan and Verplank, is a useful place to start. Their model is depicted by the following image (read the entire paper here: https://apps.dtic.mil/dtic/tr/fulltext/u2/a057655.pdf):

Roles of Computer (SOURCE: Human and Computer Control of Undersea Teleoperators, 1978, Thomas B. Sheridan and William L. Verplank)

The indication of the sketch is that a computer can be used to impact the load on humans in several ways:

• Extend - increase the capabilities of a human
• Relieve - lessen the workload of a human
• Backup - backup a human should the human be unavailable or fail to complete the workload
• Replace - completely replace a human in the process

Full automation replaces the human and a computerized system takes on the entire load or task. The other uses of computer systems can be considered as lesser levels of automation or lesser levels of digitization.

Therefore, one can think of industrial automation in different levels ranging from no automation to full automation, passing through extension, relief, and backup along the way. The authors further categorize backup and replace as "trading" as a clarification that these two models trade a computer system for a human. The extend and relieve models are categorized as "sharing" as they implement a computer system alongside the human.

In IIoT, many implementations are related to providing one or more of these levels of automation. For example, an IoT device that resides in a harsh environment to humans could gather data from with sensors and pass that information back to a monitoring solution observed by a human. This implementation effectively extends the human's reach into that harsh area. Additionally, when IoT sensors are used through a plant and send their monitoring data back to a central dashboard, it removes the requirement of the human to go to each location and read analog meters to ensure safe operations. This implementation effectively extends and relieves the human of partial workloads.

Now that you have a basic understanding of the phrase industrial automation, you are ready to explore specific systems and concepts in later parts within this series on industrial networking and automation terminology.

1. Information and Data Literacy
1. Browsing, searching, and filtering data, information, and digital content
2. Evaluating data, information, and digital content
3. Managing data, information, and digital content
2. Communication and Collaboration
4. Interacting through digital technologies
5. Sharing through digital technologies
6. Engaging in citizenship through digital technologies
7. Collaborating through digital technologies
8. Netiquette
9. Managing digital identity
3. Digital Content Creation
10. Developing digital content
11. Integrating and re-elaborating digital content
12. Copyright and licenses
13. Programming
4. Safety
14. Protecting devices
15. Protecting personal data and privacy
16. Protecting health and well-being
17. Protecting the environment
5. Problem Solving
18. Solving technical problems
19. Identifying needs and technological responses
20. Creatively using digital technologies
21. Identifying digital competence gaps

Remember, this is the list for non-IT professionals. Start here. These are competencies that most children are learning now as they reach the end of primary school (or at least, I hope they are in most areas). To function well in modern society, this is the starting point. Many of my peers in the IT profession lack basic knowledge in some of these areas because, well, they are as old as me. When we started in the IT field, many of these items were non-issues. Today, they are essential. In each of these competency areas, they recommend learning the following (they offer certification programs in all of these areas):

1. Information and Data Literacy
• Computer essentials
• Information literacy
2. Communication and Collaboration
• Online essentials
• Online collaboration
• ICT in education
3. Digital Content Creation
• Word Processing
• Spreadsheets
• Presentation
• Using databases
• Advanced word processing
• Advanced spreadsheets
• Web editing
• Image editing
• Project planning
• 2D CAD
• Advanced database
• Advanced presentation
4. Safety
• IT security
5. Problem Solving
• Computing
• ICT troubleshooting

When I look at this list, the greatest weakness is probably in 2D CAD. Maybe I should look into that.

Next, we turn to the ACS CBOK (source: ACS CBOK 2015). This body of knowledge is focused specifically on the IT professional. It defines two essential core knowledge areas:

• Professional Knowledge
• Ethics
• Professional expectations
• Teamwork concepts and issues
• Interpersonal communication
• Societal issues/legal issues/privacy
• Understanding the ICT profession
• Problem Solving
• Modeling methods and processes used to understand problems, handle abstraction, and design solutions

In addition to the two essential core knowledge areas, they define three knowledge areas related to "ICT as a broad discipline":

• Technology resources
• Hardware and software fundamentals
• Data and information management
• Networking (wired and wireless)
• Technology building
• Human factors
• Programming
• Systems development and acquisition
• ICT management
• IT governance and organizational issues
• IT project management
• Service management
• Security management

The ACS CBOK (linked above) provides references to other knowledge specifications and how they relate. I'll leave it to you to browse the document and learn more. My point here is to bring focus to the possible need for knowledge gap analysis in our careers. If gaps exist in fundamental areas of knowledge, we should seek to fill those gaps to be more effective and efficient IT professionals. BOKs like those referenced here are a good place to start that analysis. One thing that stands out to me is the lack of programming knowledge many IT professionals have and the inefficiencies in their work methods because of this - and they don't even realize it. Yet, few computer science degrees or BOKs omit programming skills from their syllabi.

Take some time, look over these lists and possibly some university course plans for computer science degrees today, and find those gaps. Then create a plan to fill them so you can be the best wireless professional you can be.

Wikipedia defines RSSI as: a measurement of the power present in a received radio signal.

Oddly, this Wikipedia definition is among the best. The reason? It is so non-specific as to leave it open for all of the varied definitions used by different standards and technical documentation. For example, the ISA100.11a standard states:

RSSI shall be reported as a signed 8-bit integer, reflecting an estimate of received signal strength in dBm. RSSI reports shall be biased by +64 dBm to give an effective range of -192
dBm to +63 dBm. For example, a reported RSSI value of -16 corresponds to a received signal strength of -80 dBm.

Therefore, an RSSI of -16 is not referencing -16 dBm, but rather it is referencing -80 dBm. For this reason, we cannot just define RSSI as the received power in dBm. We must understand how the wireless system in use defines RSSI.

Bluetooth simply links the RSSI to dBm with +/- 6 dB accuracy in some cases; however, it also allows for a remapping of RSSI based on a golden range for receiver signal strength. That is, a device may have what the specification calls a golden range of power levels that is best to receive a signal. Here is the description from the 5.2 specification for your reading pleasure:

A radio receiver may have a "golden range" of RSSI that it prefers the incoming signal to remain within. A device with such a receiver can use the Power Control Request procedure to bring the current RSSI (RSSIcurr) of the incoming signal to a preferred value within its golden range. Nevertheless, it may still be able to receive the signal at a level that is equal to or above a minimum acceptable RSSI (RSSImin) that is lower than the current RSSI. A device can use the Power Control Request procedure to check whether its peer can accept such a reduction in power and, if so, adjust its transmit power based on the response.

To clear up any mud, it's basically saying that you can "bring the current RSSI" to a preferred value, but what does that mean? Well first, under the hood, RSSI is dBm. That's a good way to think about the way the Bluetooth specification references it. However, when RSSI is requested from the HCI controller (which communicates with BR/EDR as well as LE Bluetooth controllers) using the HCI_READ_RSSI command, the RSSI returned for BR/EDR is not actually the signal strength in dBm. Note the following:

The RSSI parameter returns the difference between the measured Received Signal Strength Indication (RSSI) and the limits of the Golden Receive Power Range for a Connection_Handle to another BR/EDR Controller.

In other words, the "returned RSSI" or the contents of the RSSI parameter is the "difference between the measured RSSI and the limits of the" golden range. First, from this we see, as I said, that under the hood, RSSI is dBm (with some allowed error in accuracy). We know this because we are reporting the "difference between the measured" RSSI and the golden range. So the measured RSSI is in dBm. This will become more clear when we explore this HCI controller command in relation to LE (BLE). Second, the value reported in the RSSI parameter is not actually RSSI (wouldn't want to confuse you), but it is the variance between the RSSI and the golden range (am I the only one who loves the goldern range phrase?). When the RSSI parameter from the HCI_READ_RSSI command is positive, it indicates the RSSI is "that much" better than the best signal in the golden range. When the parameter is negative, it indicates the RSSI is "that much" worse than the golden range. When the parameter is 0, it indicates that the signal is somewhere in the golden range.

For example, if the HCI_READ_RSSI command returns 6 and the golden range is between -60 and -70 dBm, then the signal is measured at -54 dBm. However, if the command returns -6 and the same golden range is used, the signal is measured at -76 dBm. Here's the good news, if the command returns 0, the signal is somewhere between -60 and -70 dBm. I don't know where, but it's somewhere in there. The good news is that it really doesn't matter where it is in that range because you can demodulate the signal anywhere in that range, but still, all of this shows just how flexibly RSSI is used.

Now, to be clear, things change completely for BLE in relation to RSSI. In the case of the LE controller (some call it the LE PHY), the HCI_READ_RSSI command simply returns the signal strength in dBm per the following specification statement:

The meaning of the RSSI metric is an absolute receiver signal strength value in dBm to ±6 dB accuracy. If the RSSI cannot be read, the RSSI metric shall be set to 127.

I could spend the next 10,000 words documenting how various standards treat RSSI. Some use the term... some don't. Some use it to be equal to received signal strength in dBm... others, as we have seen, get more creative. But what does all of this mean for the wireless engineering, network administration, programming, and support industry? Well, it means different things to different roles in different contexts.

For example, if you are a programmer building low-level drivers, firmware or software that communicates using one of these various wireless protocols, you must understand how the information is used within that protocol and code your solutions very specifically to the way in which it is implemented. However, if you are a network designer or administrator, you will likely find yourself using the RSSI term in different ways. Indeed, if you see an RSSI report using the specification language from Bluetooth BR/EDR. you will need to understand what those values mean. However, if you are talking to a peer and simply state that, "the RSSI is too low," you are likely just referencing the signal strength in dBm - and that's just fine. We can use a term colloquially and specifically, as long as the context defines what we mean.

I haven't even touched on the use of RSSI within the 802.11 standard, it has changed a lot over the years and would add even more complexity to this post. The main point here is twofold: 1) ensure you know the meaning of RSSI in your protocols and 2) it's OK to use RSSI as a reference simply to signal strength, I'll allow it.

To get started, in your Python script, use the following command to begin your script:

import sys

This command makes all of the functions and other elements in the sys module available to your script. The sys module includes several functions, including:

• path (the system path)
• getwindowsversion (major, minor, build, platform id, and service pack level)
• stdin
• stderr
• stdout
• platform (win32/win64)

Next, you will need to read the standard input, you can loop through it to read each line of output from the piped command like this:

for line in sys.stdin:
    if '80' in line:
        if '127.0.0.1' in line or 'Bound' in line or 'Listen' in line:
            #do nothing - reserved for future use
            nonIPLinkLine=True
        else:
            print(line)

This code will use the input from stdin and process it one line at a time. If the line includes the number 80 (or characters 80), further processing is applied. If the line includes 127.0.0.1 or Bound or Listen, it is ignored. Otherwise, the line is printed. This script is effectively acting as a filter when you pipe the Get-NetTCPConnection PowerShell command to it. (NOTE: There is a cleaner way to write the filter line that looks for 127.0.0.1, Bound, or Listen - I just wanted the code to be very clear here.)

This simple example should get you started with your own piping scripts. Once you save this as a file, you can call it this way in PowerShell (assuming you saved the script as pipe.py):

Get-NetTCPConnection | python pipe.py

Yes, you can do this filtering with built-in PowerShell commands, that was not the point here. The point here was to show how to get the piped information into the script so that you can process it however you desire.

Happy scripting! Full script below:

import sys
for line in sys.stdin:
    if '80' in line:
        if '127.0.0.1 in line or 'Bound' in line or 'Listen' in line:
            #do nothing - reserved for future use
            nonIPLinkLine=True
        else:
            print(line)

On the development side, due to the massive number of devices on the market, familiarity may be more common among developers as they seek out a protocol for their IoT solutions. This familiarity can result in increased adoption rates of Bluetooth for many projects.

As to Bluetooth LE (BLE), about 7.5 billion more devices are expected to ship between 2020 and 2024. It is expected that 100% of platform devices (phones, tablets, and laptops) will support dual-mode (Bluetooth Classic and BLE) by 2024, which will open up significant development advantages derived from the stack, such as the ability to perform standard data transfers, achieve greater range, and implement mesh solutions. Today, already, most new devices are dual-mode capable and the number of "Classic-only" devices is quickly dwindling among new shipments.

The two major markets for mesh, promoted by the Bluetooth SIG, are home automation and commercial lighting. At this point, the number of Bluetooth mesh qualified products is doubling every six months. The result is that hundreds of solutions will be on the market in the next few years.

For a long time now, most have thought of Bluetooth as "a way to connect my speakers and headphones." Interestingly, in 2019 1.1 billion audio streaming devices shipped; however, in the same year 800 million data transfer devices shipped. Of greater interest is the prediction of 1.54 billlion audio devices in 2024 compared to 1.5 billion data transfer devices. The trend seen by the SIG is a significantly greater increase in use of Bluetooth for data transfer than for audio streaming. Location services are on a significant upward trend as well with a 32% CAGR rate resulting in an expected 538 million devices shipping in 2024 alone. Finally, automation systems, control systems, and monitoring systems are expected to reach 892 million shipments by 2024; however, keep in mind that 169 million shipped in 2018 and 280 million shipped in 2019, indicating that the market is already strong and it is expected to grow at 26% CAGR in the coming years.

It is very interesting to note that 90% of Bluetooth mesh networking devices are lighting focused. Clearly, this will be a large part of the market in the next few years.

You can read the full report here: https://www.bluetooth.com/bluetooth-resources/2020-bmu/

Clearly, Bluetooth is poised with an advantage as it continues to enter into and grow in the IoT market. Expect to see much more from Bluetooth in the coming years.

PBL is defined as a pedagogical system used in tertiary education both undergraduate and graduate, particularly in medicine but also in fields as diverse as law, engineering, psychology, and liberal arts. The basic principles of this method are the use of realistic problems as the starting point of self-directed, small-group-based learning guided by a tutor who acts as a process guide rather than a point of knowledge transfer. (The Wiley Handbook of Problem-Based Learning, First Edition, 2019)

To simplify, PBL is a learning model that begins with a problem, passes through learning and discussion, and ends with a solution. For example, the problem might be the need for a wireless link that spans 300 meters and the desire to implement it with inexpensive devices. After some thought, research and learning, you may determine to implement the link using two Raspberry Pi 4 devices with each Ethernet port connected to a switch and each device communicating with the other to form a bridge across the built-in 802.11ac chipset. During testing of your solution, you may determine that improved antennas must be used and so you modify it in the process. By working through this real-world scenario, you learn about several things:

• The capabilities of single board computers
• The limitations on range with on board antennas
• Linux operating system concepts
• Bridging concepts
• Power provisioning

And this is just a starter list. If you really want to master wireless, you can use these same devices to solve a myriad of problems like how to build a Bluetooth mesh, or how to implement a LoRaWAN link, or how to use ZigBee. Of course, you may need different modules to accomplish it, but the point is that through implementation of projects that solve real-world problems you are learning how the technologies work.

Short word for this? Lab! That's what we certification junkies usually call it. I cannot recommed strongly enough that you gain experience in the lab with actual wireless gear to truly master the technologies. There is so much that can only be learned by doing!

The difference between PBL and "labbing?" Simply. Most people just go into their lab and do things - anything - whatever comes to mind. This will not get you the same results as organized PBL. Define a problem, research solutions, and solve it. You will be amazed how much and how quickly you learn.

Data symbols are a variable amplitude rectangular pulse, as a function of time or represented in the time domain. Taking an FFT of the rectangular pulse produces a SIN(f)/f or SINC(f), a function in the frequency domain. SINC-functions exhibit a special property, they have a regular spacing of zero crossings or nulls in the frequency domain. By the proper choice of FFT-parameters (e.g., size) the subcarriers may be positioned at frequencies such that the peak of one subcarrier is aligned with the nulls of all other subcarriers. Each of these SINC curves represents a subcarrier!

Figure: Image Courtesy of SCTE, DOCSIS 3.1

Also, by using the correct FFT-parameters, interference between subcarriers is eliminated, producing orthogonality. In addition, improved immunity with ingress noise, a common narrowband interference is reduced. Another benefit will be less RF fading, where portions of RF are attenuated more than others.

These RF capabilities are well beyond earlier Wi-Fi multiplexing techniques such as direct sequence spread spectrum (DSSS) or frequency division multiple access (FDMA). Where DSSS and FDMA utilize the entire channel for transmitting a single-carrier RF signal. With OFDM, Wi-Fi 5 uses 64 subcarriers / 52 data-subcarriers over a 20 MHz channel, while Wi-Fi 6 uses 256 subcarriers / 234 data-subcarriers over a 20 MHz channel. The more data-subcarriers, the more data bits per Hz or throughput, as well as improved scheduling of OFDMA resources. For Wi-Fi 6, each of the 234 data-carrying subcarriers are quadrature amplitude modulated (QAM) independently. The higher the QAM order the more bits per symbol. For example, 1024 QAM utilizes 10 bits per symbol vs 256 QAM at 8 bits per symbol.

Are there other benefits of OFDMA for Wi-Fi 6? The answer is yes, improvements in carrier spacing and long symbol duration. Wi-Fi 5 uses an OFDM subcarrier spacing of 312.5 KHz wide, while Wi-Fi 6 OFDMA uses a subcarrier spacing of 78.125 KHz wide. This a four times (4x) improvement, increasing the spectral density of Wi-Fi, allowing more bits per Hz (b/Hz). Remember, to further drive more b/Hz, OFDM and OFDMA allows each subcarrier to be modulated independently up to 1024 QAM (Wi-Fi 6). The cleaner the channel's spectrum, the higher the orders of modulation that may be achieved!

The subcarrier spacing improvements result in longer symbols of time. OFDM's long symbol durations dilute impulse noise. For example, a Wi-Fi 6 OFDMA waveform with 234 data-subcarriers has 78.125 KHz subcarrier spacing. Since subcarrier spacing is equal to the reciprocal of the symbol time, then the long symbols are 1/78.125 KHz * 1000 = 12.8 µs. Compare that to a Wi-Fi 5 OFDM waveform with 52 data-subcarriers having 312.5 KHz subcarrier spacing with long symbols of 1/312.5 KHz * 1000 = 3.2 µs. The message here, the longer symbols are able to deal with noise in a short duration in time but wideband in frequency.

OFDMA aides in contention for a transmission medium. Another benefit of Wi-Fi 6 OFDMA over Wi-Fi 5 OFDM, is that Wi-Fi 6 takes a group of data-subcarriers across an RF channel and assigns the data-subcarriers to a transmission flow. Wi-Fi 6 supports 9 transmission flow groups with 26 data-subcarriers each in a 20 MHz channel. For larger channels of 40, 80 and 160 MHz, a maximum 400 data-subcarriers are supported.

The notion of using transmission flow groups is supported by multi-user OFDMA, or MU-OFDMA. Flow groups of OFDMA aides in the increased amount of IoT devices on Wi-Fi networks. Remember in traditional OFDM or single-user OFDM (SU-OFDM), clients of a Wi-Fi network are in contention with one another, leading to latency and jitter. In some other cases packet or frame loss. In devices that support MU-OFDMA, data frames may use a fraction of the data-subcarriers, therefore allowing latency and jitter to be managed by the Wi-Fi gateway device.

Finally, if you are not convinced of OFDMA's superpower yet there is always the cyclic prefix. The cyclic prefix improves the robustness of OFDMA for outdoor use. A cyclic prefix serves as a guard interval (GI) to minimize inter-symbol interference (ISI) for better quality of experience (QoE). Thus, OFDMA's benefits are truly a big leap from Wi-Fi 5, superpowers in a sense!

• 802.11ae-2012 - Prioritization of Management Frames
• 802.11aa-2012 - MAC Enhancements for Robust Audio Video Streaming
• 802.11ad-2012 - Enhancements for Very High Throughput in the 60 GHz Band
• 802.11ac-2013 - Enhancements for Very High Throughput Operation in Bands below 6 GHz
• 802.11af-2013 - Television White Spaces (TVWS)

The new 802.11-2020 roll-up will include 802.11-2016 and the following amendments:

• 802.11ai-2016 - Fast Initial Link Setup (second printing)
• 802.11ah-2016 - Sub 1 GHz License Exempt Operation
• 802.11aj-2018 - Enhancements for Very High Throughput to Support Chinese Millimeter Wave Frequency Bands (60 GHz and 45 GHz)
• 802.11ak-2018 - Enhancements for Transit Links within Bridged Networks
• 802.11aq-2018 - Preassociation Discovery

Now, it is important to note that the maintenance group (Task Group Maintenance or TGm) can edit the documents significantly, correcting errors and even introducing entirely new capabilities. While most of what they do is "clean-up" and aggregation, they do introduce new capabilities from time-to-time. I discussed this briefly in a talk at Wi-Fi Trek 2019, which can be viewed here: Things You Didn't Know You Wanted To Know About Wireless. (The link will start the video at the point where I talk about TGm updates.) In this case, I point out that TGmc (the group that created 802.11-2016) added a new capability called Fine Timing Measurement.

For the remainder of this article, I will focus on the terms obsolete and deprecated as they are used in the standard. I will limit my focus to TGm work and not individual amendments, though the concepts can apply there as well (though I could only find four historic amendments using the term obsolete in them for new obsoletion, 802.11ah (HT-delated block ack obsolete), 802.11ac (RIFS obsolete for VHT and HT), 802.11ax (draft: references obsolete security and defines rules for 6 GHz [no WEP or TKIP allowed and no PSK - must use SAE instead, excellent!]), and 802.11s (WDS obsolete)).

First of all, in the IT world of standards, APIs and other concepts, in general, the terms obsolete and deprecated are often used as synonyms. However, within the 802.11 standard, they have very different implications based on historic use. The term deprecated indicates a feature that is no longer maintained and may have technical errors in that portion of the 802.11 standard. The term obsolete also indicates this. However, the term deprecated has been used historically for features that remain for ten years, or more, of TGm updates. For example, WEP was deprecated all the way back in 2004 with the ratification of 802.11i-2004; however, it still remains in the standard and will still be in the 802.11-2020 roll-up (unless something changes before the final document is delivered). But, an important change is coming in 802.11-2020 and that is that WEP, for the first time in a roll-up, is labeled as obsolete.

We can get insight into the process by looking at the freely available group notes, which can be downloaded here: IEEE 802.11 documents. When exploring these documents, we see that a commentor, Michael Montemurro, stated that, "WEP is obsolete and has not been maintained (comments on it in previous ballots were rejected on the basis it was obsolete and was going to be deleted), so implementations based on the current wording are likely to be erroneous." He further suggested as a proposed change, "Delete the referenced subclause." This was in reference to subclause 12.3.3.3 Shared Key Authentication.

The resolution response to this comment stated, "The task group discussed removal of WEP and/or TKIP from the standard and decided to not change the standard based on strawpolls in the direction for the resolution. The strawpolls were held during the Warsaw meeting (2018-05-08) and the option to keep WEP and TKIP text as-is received most support." A further ad-hoc note stated, "There are known implementations of these features in the market, so we choose not to remove them at this time. The Group did not come to consensus on removal of these two features." The following image shows this discussion in the downloadable Excel spreadsheet from the link above.

As you can see, the discussions are open for all to view and they provide insight into the decision process. However, though they chose not to remove WEP as of yet, they did (based on other comments and responses) choose to mark it as obsolete. What does this mean for the future of WEP in the standard? Let me answer that question by analyzing what has happened to obsolete elements in the past.

In the 802.11-2016 roll-up, 34 entries are found for the term obsolete. Two of these are found in the following paragraph early in the document:

In addition, this revision specifies technical corrections and clarifications to IEEE Std 802.11 as well as enhancements to the existing medium access control (MAC) and physical layer (PHY) functions. In addition, this revision removes some features previously marked as obsolete and adds new indications of other obsolete features.

IEEE 802.11-2016

This paragraph makes it clear that they had removed "some features previously marked as obsolete" and that new indications were found in the 802.11-2016 document indicating feature obselescense. Interestingly, 802.11-2012 used the term obsolete 14 times and every single one of those obsolete items was removed in the 802.11-2016 roll-up, including the entire FHSS and Infrared PHYs. That's a 100% removal rate from 802.11-2012 to 802.11-2016.

Now, let's explore the removal rate, at the time of draft 3.2, for 802.11-2020 based on obsolete items in 802.11-2016. 802.11-2016 has, as stated previously, 34 entries for the word obsolete. However, two of them were used simply to explain the term in the standard (though, in my opinion, they don't explain it well as history shows obsolete means something very different in results from deprecated). An additional three of them are used to reference obsolete allocation, which is in reference to service period (SP) allocation and not to an obsolete feature. This leaves 29 to be evaluated.

The analysis showed that out of 29 obsolete entries, 25 of them were removed in the 802.11-2020 draft, though hints of their existence may remain for backward compatibility, such as the need to be able to interpret a frame that references the feature even though it is not supported in the standard as ratified. This is a removal rate of 86%. The average, therefore, between the removals from 802.11-2012 to 802.11-2016 and the removals from 802.11-2016 to 802.11-2020 is 93% removal.

Now, I said that WEP is now obsolete. Technically, it is a Pre-RSNA solution and all Pre-RSNA solutions have been referenced as obsolete before. However, Shared Key authentication and WEP were individually and specifically called out as deprecated in the past. For example, the "Definitions specific to IEEE Std 802.11" defined WEP as, "A deprecated cryptographic data confidentiality algorithm specified by this standard." in 802.11-2016. Now, in 802.11-2020, it is defined as, "An obsolete cryptographic data confidentiality algorithm specified by this standard." This might seem insignificant, but when you consider the historic use of deprecated versus obsolete in the 802.11 standard, it is anything but insignificant.

Do you need further weight of evidence that WEP is doomed? TKIP is still referenced as deprecated and this is intentional. Per comment 2140 in the TGm, a commentor suggested that both WEP and TKIP be changed to an obsolete reference and the group decided not to comply. Instead, they chose to reference WEP as obsolete and TKIP as deprecated. This decision suggests, quite clearly, that the group feels WEP is closer to removal than TKIP.

• No Pre-RSNA security methods at all
• No Open System authentication without encryption
• Stations should use OWE instead of Open System authentication without encryption
• No PSK at all
• Stations should use SAE instead of PSK

Clearly, they are completely disallowing use of WEP, TKIP, Shared Key authentication, and Open System authentication without encryption in the new band.

While this was a pleasant analysis experiment, it also gives us hope for some final removals from the standard that those supporting it in the community have long desired.

Oh, by the way, PCF is dead! Thank you TGm.

VSWR (sometimes shortened to SWR in ham radio and other RF use cases) worsens with impedance mismatches and while many components may have specification sheets that say they are 50 ohms, which is a common impedance rating for Wi-Fi gear and many other wireless systems, actual measurements can show that they are 48.8 ohms or 50.3 ohms or some other variation. The result is that you never have truly perfect match in the components and some level of VSWR will result. No systems, using cables and connectors to connect an antenna to a radio, will have a VSWR of perfection 1.0:1. We are, after all, humans engineering these things. Therefore, the explanations that refer to a VSWR of 1.0:1 as "ideal" should be understood in the same way as an isotropic radiating antenna - theoretical - for the most part.

Before I get into more on VSWR and specifically explaining return loss, I want to spend a moment explaining why poor VSWR and therefore poor return loss values matter. As an example, in one test with LoRaWAN connectivity, an antenna with poor VSWR ratings could not even connect to the LoRaWAN network from the exact same location that two other antennas with better VSWR ratings could. This, in spite of the fact that the poor performing antenna was stated to have a higher gain value. All three antennas were omnidirectional. The antenna with poor VSWR was showing a VSWR of 5.8:1 (using a VSWR/SWR meter) while the other two antennas were rated at 1.3:1 or better. While a VSWR of 5.8:1 is rare in purchased antennas, this real case reveals the potential for problem.

So why does this happen and what does VSWR have to do with return loss? Return loss is the measurement of the reflected signal strength traveling back to the transmitter from the antenna. So you have an incident wave or forward wave, which is the one that travels from the radio transmitter to the antenna. You also have a reflected wave or reverse wave, which is the one that is reflected from the antenna (or another connectivity element) back to the radio transmitter. To be clear, reflections go back and forth in the line, but most analysis considers only the impact of the initial reflection because the back-and-forth energy is attenuated to eventual untraceability.

You can calculate return loss when the VSWR is known. Many antenna specification sheets list the VSWR and some list the return loss, but many do not. When the VSWR is known, the return loss can be calculated as:

Or in Excel, use the following formula:

=20*LOG10((I2-1)/(I2+1))*-1

Where I2 is the cell containing the VSWR. Note that the *-1 portion is added to the Excel formula to convert it to a positive value.

Higher return loss values are better. This statement might seem counterintuitive, so let me explain. Imagine that you are measuring the power of the reflected signal (from the antenna or another component) close to the radio transmitter. The measurement of the amplitude of the reflected signal at that point compared to the amplitude of the original transmitted signal (before reflection) gives you the return loss. Therefore, a higher return loss value indicates less reflection in the wires. With a better VSWR you also have a higher return loss. As the VSWR worsens, the return loss also decreases. This reality is why you actually want loss in this case. High return loss is a good thing. In a perfect system (no reflection), return loss is infinity as there is no reflection. Our systems, of course, are not perfect so some return loss exists. For example, with a VSWR of 1.01:1, using the above formula or equation, you can see that the return loss would be roughly 46 dB and a VSWR nearing perfection of 1.00001:1 gives a return loss of 106 dB.

Next, when the VSWR and/or return loss is known, you can also determine the percentage of reflected power. A VSWR of infinity (infinity:1) would have 100% of the power reflected back. A VSWR of 1.0:1 would have 0% of the power reflected back. With all VSWR values between infinity and 1, some percentage between 0 and 100 is reflected. To calculate the percentage of reflected power when the VSWR is known, use the following Excel formula:

=(((I2-1)/(I2+1))^2)

Where I2 is the cell containing the VSWR value. You are first calculating VSWR-1 and then VSWR+1 and then dividing the former by the latter. Finnaly, you raise the results to the power of 2 to determine the percentage of the power reflected.

Now, returning to our example of 900 MHz antennas used with LoRaWAN, the VSWR of 5.8 results in a reflection percentage of nearly 50% (49.8269896193772% to be exact). This means that, if my radio transmitter is transmitting at 100 mW, as an example, my real power passing through the antenna is only 50% of that or 50 mW from the initial forward wave (not factoring in cable losses and other phenomena occuring in the antenna beyond the scope of this article). Next, the 50% that is reflected will re-reflect at the initial insertion point from the radio transmitter and travel back to the antenna where 50% of the 50% will be reflected back again and this process will continue until the power is fully attenuated to zero. Now you can start to see why this antenna was unable to connect. Given the same output power from the radio transmitter for the other two antennas, the gain of the poor performing antenna was not enough for the communications to effectively reach the gateway.

To be fair, depending on the length of the cable and other factors, some of the energy will reflect from the radio transmitter back to the antenna and increase the radiated power as I've indicated, but let's leave that complexity alone for today as to further analysis of it. In most cases, significantly poor VSWR, such at the 5.8:1 referenced here, must exist before it will introduce significant radiated power differences. Typically losses are on the scale of less than 2 dB with more typical VSWR ratings. However, if you are purchasing cheap components or using an antenna engineered for a completely different frequency range than your use case, you can notice significant problems such as those reported here.

Have you heard of OPM (other people's money). It's a great way to live! It also applies here with a slight tweak: OPE - other people's engineering. The good news is that for systems with integrated antennas (such as Wi-Fi access points, tablets, mobile phones, and many IoT devices) OPE gives you an acceptable or even well-performing system. However, in this age of self-engineered IoT solutions or when building Wi-Fi bridge links, this knowledge plays an important role in your design/engineering decisions.

Pay close attention to VSWR and return loss values as they significantly impact the connectivity of your wireless solutions when they have significantly poor values. Thankfully, unlike broadcast radio stations, we don't have to worry as much about melting things down due to the low powers at which we transmit; however, we do have to be concerned about providing a stable link. Use the shortest cable run possible and use low VSWR-rated components and you should be able to achieve a quality link given the appropriate range and frequency use.

For example, if you have a physical server processing data from your IoT devices and it is installed on your network, this could be categorized as edge computing. A common concept states that edge computing works on stream data or live data while cloud computing works on big data or stored data. But this differentiation quickly disappears in today's cloud environments where real-time data processing is supported. It is better to define edge computing as on-premises, near the network edge, real-time processing while cloud computing is defined as virtualization-based or microservice-based computing with full abstraction of physical hardware. This is a more meaningful differentiation and applicable to technologies in use today.

The primary motivator for edge computing of real-time data, as opposed to cloud computing of the same, is the reduced latency. If you have IoT actuators in your environment and decisions and actions need to be made and taken within a fraction of a second, sending the decision data to an Internet-based cloud to make the decision may take too much time. Instead, edge computing can be used to provide the decision process with lower round trip times.

That's the cloud and the edge, so what is the fog? Well, imagine that you install a private cloud at the edge of your network. What would you have? Technically, you would have a private cloud; however, you have also implemented a fog architecture. Why differentiate between a private cloud at the edge and a fog architecture? That's a great question and, to be honest with you, I was slow to grasp it. For the first several months of contemplating fog computing and where it fits into distributed application design (that's what it's all about in the end), I was in the "it's just a private cloud at the edge" camp. However, with further thought, and many hours of contemplation, I have decided that it is actually beneficial to think of the fog as something different from a private cloud at the edge. For me, the primary difference is that the fog is integrated with the public cloud (Internet-based cloud) in most implementations, whereas a strictly private cloud is not.

By the way, in all this time of contemplation, I spent a lot of time reading what others thought about the fog and it became obvious that many were, well, a bit foggy themselves about what it really is. Consider this definition from the Wikipedia article on Fog Computing:

Fog computing... is an architecture that uses edge devices to carry out a substantial amount of computation, storage and communication locally and routed over the Internet backbone.

What? So it's just a fancy word for edge... um... computation, or edge computing? Well, no. A key word in the definition differentiates it from edge computing: architecture. At first glance, this definition seems to say that fog computing is simple edge computing with a different name, but remember that edge computing is just that - computing. Fog computing happens in the fog and if there is a fog, there is more than just computing. Let's explore another definition to understand why this is true.

In a paper from 2011, fog computing was defined as:

a highly virtualized platform that provides compute, storage, and networking services between end devices and traditional Cloud Computing Data Centers, typically, but not exclusively located at the edge of network.

F. Bonomi, R. Milito, J. Zhu, and S. Addepalli. Fog Computing and Its Role in the Internet of Things. 2012.

Note the use of the term platform in this definition. We have the terms architecture and platform, which begin to reveal how fog is different from "edge" even though it may be implemented at the edge. Edge computing requires only that computing happen at the edge and demands no platform or architecture. A platform is a collection of technologies on which a solution is built. An architecture is the logical design of a system and the connections that exist between the components of a system. You could say that the platform is physical and the architecture is logical (though the lines here are often blurred as well). With this understanding, you can see that edge computing is a technology used by the fog architecture or fog platform. In the same way, edge storage may be used by the fog as well as edge networking services. Therefore, fog networking references the networking services of the fog architecture, fog computing references the edge computing of the fog architecture, and fog storage references the storage in the fog architecture. I won't even bother to address the previously cited 2012 definition's use of the phrase, "but not exclusively located at the edge of the network," except to say that fog architectures, at least originally, are intended to integrate with the cloud as well regardless of whether they are at the edge or elsewhere on your network. Therefore, you could say that a hybrid cloud (which uses an on-premises private cloud and an Internet-based cloud) implements a fog architecture on premises as the private cloud, given that the hybrid model integrates private and public cloud technologies. In fact, OpenStack, a well-known open source private cloud solution, has a special committee focused on ensuring it can be implemented effectively for fog solutions.

To further clarify the different between a fog architecture and a fog platform, consider that you can define a fog architecture without ever stipulating the actual devices, operating systems and specific services that will be used to build it. However, if you implement FogLAMP or OpenVolcano (two open source fog solutions), you are implementing a specific platform.

It is my belief that the phrase fog computing should be used literally for computing in the fog so that we can have clarity in our discussions. Fogging or "the fog" can be used to reference the architecture or platform that provides fog computing and possibly fog storage and fog networking. It's no wonder that many simply think fog computing is edge computing, because, in most cases, it is nothing more than that; however, the fog is something different. It is that solution, inclusive of many of the same components as the cloud, that resides most often at the network edge and interacts with both the public cloud and the local devices/systems.

In summary, if the fog has been foggy to you, don't feel bad. I hope this article has helped to clarify and bring some insight to the reality that fog is an architecture and platform implemented on-premises and using many cloud architecture concepts in order to bring processing and decision analytics closer to the devices that need them. Additionally, I have not attempted to be exhaustive in this article to allow you to read it more quickly; however, you should know that additional benefits of fog solutions include those beyond reduced latency, such as regulatory compliance, dependability (if the Internet goes down, the fog doesn't have to), and new management models... to name a few.

With that clarification provided, what is MQTT? First, some debate exists wether the acronym stands for MQ Telemetry Transport or Message Queuing Telemetry Transport. The debate is over whether MQ stands for something or not. Some suggest it is just a remnant of an old IBM protocol and stands for nothing. Others suggest that standard version 3.1.1 stated, in the Status section at the beginning of the document, that, "This document was last revised or approved by the OASIS Message Queueing Telemetry Transport (MQTT) TC on the above date." and, therefore, it stands for Message Queueing. While I tend to agree with the latter (being a stickler for terminology born in a standard document), the good news is that it changes nothing about how the protocol works.

MQTT is a protocol that is heavily used in IoT implementations. It uses a pub/sub model which means that some devices publish to the MQTT server and others subscribe to it. Devices can be both publishers and subscribers at the same time.

The client is the program or device that connects to the server and publishes application messages to the server for other clients to receive or the client subscribes to application messages that other programs or devices have published. The server is the intermediary device or program between the publishers and subscribers and provides a place for application messages to be sent as a single destiation, which can then be forewarded to any number of subscribers. The application message is the data carried through the MQTT protocol and system for delivery and it includes quality of service information, the topic name for the message, and the payload of the message. MQTT uses topic names to identify messages so that subscribers can request messages from that topic.

The version 5.0 technical committee (TC) was created in 2016 to take the existing 3.1.1 version and enhance it with the following goals in mind (source: https://www.oasis-open.org/committees/mqtt/charter.php):

• Enhancements for Scalability and Large Scale Systems including the ability to communicate functional levels, define optional functions, and control resource usage.
• Improved Error Reporting allowing error indications to be returned by both MQTT client and MQTT server with the definition of additional return values.
• Formalize commonly observed patterns including, but not limited to capability discovery, request-response, correlation.
• Extensibility Mechanisms enabling the addition of data fields on packets, including application-extensible data whose interpretation is not specified by MQTT.
• Performance Improvements and additional support for Resource Constrained MQTT clients.

A primary goal was to maintain compatibility with MQTT 3.1.1 programs and devices. Therefore, many enhancements in MQTT version 5 are optional. For example, response codes were added to many messages to "improve Error Reporting" and these response codes are optional.

One new feature aimed at enhancing scalability and improving performance for constrained clients is shared subscriptions. A shared subscription works different from a normal subscription. In a normal subscription, each subscriber receives a copy of the message from the MQTT server. So, if there are three subscribers, three messages will be sent. In a shared subscription, if the same three subscribers subscribe, only one of them will receive each message. Typically, the MQTT server uses a round-robin method so that each subscriber in the shared subscription gets an equal number of messages overall. For example, when three messages are received by the MQTT server from a publisher for a shared subscription, the first message goes to the first subscriber, the second to the second, and the third to the third. The implementation can then use whatever methods required with the received data, such as aggregation of the messages or reading of the messages from all subscribers using some extra layer of communication. Such a model helps to provide fault tolerance and ensure that subscribers are not overloaded with messages in a high volume scenario.

Another addition aimed at improving performance and scalability helps to reduce the number of queued messages for a subscriber that is currently disconnected. This is the Message Expiry interval, which is a four byte integer that represents the number of seconds the message should be queud for subscribers before abandoning delivery. Additionally, when the message is sent to the subscriber, the Message Expiry interval will be set to the receive value minus the time that the message has been waiting on the server. This extra information could be used to analyze latency in delivery and possibly detect some problems with subscriber connectivity or communications. When delivery of all messages is not critical, using Message Expiry intervals can improve scalability of an MQTT system.

Finally, MQTT 3.1.1 supported only three data representations: bits, integer data values (which were 2 bytes), and UTF-8 encoded strings. MQTT 5 extends this, while continuing to support the three data representations in 3.1.1. The added data representations are 4 byte integers, variable byte integers (which use up to 4 bytes with the first 7 bits in each byte representing data and the last bit indicating whether more bytes follow, such that the value 10010111 indicates that another byte follows, but the value 10010110 indicates that another byte does not), binary data, and UTF-8 string pairs. The last one, UTF-8 string pairs, is basically two UTF-8 encoded strings allowing for name-value pairs, like those often seen in JSON. The first UTF-8 encoded string is the name and the second is the value.

More enhancements were made in MQTT 5, after all the new standard is 137 pages and version 3.1.1 was only 81 pages, so you can imagine that other enhancements were introduced. However, those mentioned here are the primary enhancements that continue to move MQTT forward as the most common protocol for IoT data transmission.

In the general shadow devices category are devices like personal phones, laptops, tablets and such. In the shadow IoT space are any number of consumer IoT devices which could include smartwatches, smart TVs brought from home, digital assistants, and such. The point is that, if these devices are on your network and have vulnerabilities, they may be exploited as an ingress to your network.

According to a 2018 report from Infoblox (available here: Infoblox Report), the following devices were reported as discovered on enterprise networks:

• Fitness trackers, such as FitBit or Gear Fit - 49 percent
• Digital assistants, such as Amazon Alexa and Google Home - 47 percent
• Smart TVs - 46 percent
• Smart kitchen devices, such as connected kettles or microwaves - 33 percent
• Games consoles (yep on the enterprise network), such as Xbox or PlayStation - 30 percent

In the 2020 InfoBlox report, reporting on 2019 numbers (available here: Infoblox 2020 Report), "only 20% of IT leaders claimed to have not discovered any shadow IoT devices." As you can see, the shadow world is real.

If you think that your policies related to personal devices will completely solve the problem, know that one fifth of USA and UK employees that know policies exist admit to rarely or never following such policies and one fourth of all employees say they don't even know the policies exist. In the end, about 50 percent of employees either don't know about the policies or don't follow them even though 88 percent of IT leaders think that their policies are either effective or very effective. (Source: Infoblox 2018 report linked previously)

So what are you to do? Consider the following among many possible options (if you desire to constrain the use of personal devices):

• Block sites in your firewall rules, DNS or proxies used by such devices
• Track any and all devices added to your network
• Run IPS solutions to be alerted to known attacks
• Use what you have

The last point is important. Many organizations are simply not using what they have. Look at your network management software. What monitoring features does it provide? You might be surprised to find that it can report newly added devices or at least give you the ability to filter reports to locate them. You may already have IPS features available to you that aren't being used or aren't being used appropriately.

The moral of the story is simple: shadow IoT devices and other shadow devices are lurking on your network. What are you going to do about it?

The novel idea here is that drones can be used to put the antenna where you need it when you need it there. Using motion recognition, visual image processing and other controls, one could see how a drone-based implementation could dynamically position the antenna for transmission and reception at required intervals. Of course, the "fear factor" of seeing a drone rise into the air periodically is something to consider, but from an implementation perspective, I can see many scenarios where such a use case could be beneficial. Several monitoring and control factors would have to be in place, such as:

• Monitoring the battery level in the drones and implementing a dynamic park and charge method
• Ensuring the drones do not "crash" into any new obstacles placed permanently or temporarily in their normal air spaces
• Using drones that provide significant hovering stability to maintain a burst short-term link
• Developing the logic (software) to make it all happen
• Possible use of tethered drone deployments ensuring a maximum height and greater stability of location

So, yes, there are indeed hurdles to overcome, but we have all the technology to do it. The question is this: do real cases exist where this research could be applied? I think the answer is a resounding yes, particularly in agriculture, environmental monitoring, pipeline monitoring, power monitoring, etc.

Imagine the scenario where you need a daily report of data to be sent from a remote sensor to a gateway that is 3-4 (or more) kilometers away in an area with varied terrain, forests, and more. The sensor could transfer the data to the drone (or the sensor could simply be attached to the drone in some cases) and then the drone can fly up to the height required to get a link with the gateway, transfer the information, and return to its resting location. Using solar, or some other, power options, the drone/sensor could be recharged as needed and commands could be sent back to the drone during transmission windows when configuration changes are required. You could even have the drone fly itself back to the central monitoring location at some regular interval for inspection, maintenance, etc.

Yes, this is the world we're moving into and drones can have a significant application in the IoT space. As we continue to evolve in the world of IoT, we will see exciting and interesting implementations. In the end, with wireless IoT, it will be about getting the link you need, when you need it (time), where you need it (location), and how you need it (performance).

ZigBee is one of the most popular IoT protocols in industrial and even corporate office IoT networks. It is used for control and monitoring in many scenarios. ZigBee is used in agriculture for precision agriculture to transmit data from sensors to the network for analysis and adjustment of everything from watering control to fertilizer control. Don't get me wrong, ZigBee is not the only protocol used in such deployments. Some use Z-Wave, others use WirelessHART, still others use LoRA or even cellular connections. But one thing they typically all have in common is that they need to send small amounts of data - sometimes frequently and sometimes infrequently.

If you study the ZigBee protocol, for example, version 3.0 (or ZigBee PRO 2015), you will see that it offers a maximum data rate of 250 Kbps. This data rate limit is due to the narrow channels (2 MHz) and the robust modulation (O-QPSK (Offset Quadrature Phase-Shift Keying)) used. ZigBee rides on top of 802.15.4 and that IEEE standard defines O-QPSK as operating at 250 Kbps in the 2.4 GHz band, which is where ZigBee, for the most part, resides. Support for O-QPSK is mandatory for any 802.15.4-based system, such as ZigBee, when operating in 2.4 GHz.

So what can you do with a meager 250 Kbps? You can control a few thousand lights. You can monitor the temperature at hundreds of locations. You can monitor the moisture level in soil in thousands of acres and activate watering systems when it is too low using ZigBee-based actuators. The point is, you needn't say any more than:

• The moisture level is below the desired level (message A)
• Turn on the watering system (message B)

Now, the first message (message A), is really shorter than that given. It would be a mere number, such as 10% (.1) or 23% (.23). Just a small value. The second value is even smaller. Sending a 1 can mean to turn on the watering system and sending a 0 can mean to turn it off. Now, message A may come in from the sensors once every 1-5 minutes (how fast do moisture levels change in most environments when a watering system is not activated?) when the watering system is set to 0. Message A may come in more frequently when the watering system is set to 1. A simple message can be sent to the mosture level sensors to communicate more frequently when the watering system is on.

Given that each message is literally comprised of a few bytes, even with ZigBee headers, at a data rate of 250 Kbps, thousands of these messages could be sent and received every few seconds. As you can see, speeds like the 90s are phenomenal because they get the data through and you have greater range, resiliency and reliability.

The first lesson to learn in IoT, for those working in the Wi-Fi space is this: forget all you've focused on in trying to make things go faster in wireless. In IoT, it needs to go better, not faster.

Wi-Fi 6 is a cut above its predecessor 802.11ac (now retroactively referred to as Wi-Fi 5) in a variety of ways. Wi-Fi 5 transmits only in the 5 GHz range and allows for up to 6.9 Gbps (in the standard) in data transmission. Certainly, at the time Wi-Fi 5 was rolled out, it was an improvement over its predecessor, but the Wi-Fi 5 technology is no longer able to keep up with the ever-increasing demand required by Wi-Fi users. This is especially the case in public spaces where many users or endpoints are vying for the simultaneous use of the same access points. Even though Wi-Fi 5 began the use of a technology known as "multi-user, multi-input, multi-output" or MU-MIMO, which allows access points to transmit up to four data streams at the same time, the consistently increasing demand requires even more capacity for multiple users to connect. The benefit of MU-MIMO has been insignificant, to say the least, but it has been enhanced in Wi-Fi 6.

Wi-Fi 6 is designed to address these challenges. In the first place, Wi-Fi 6 transmits in both the 2.4 and 5 GHz frequency ranges. This allows for more available channels for multiple users and endpoints to make use of. Wi-Fi 6 also allows for 9.6 Gbps (in the draft standard) in data transmission, which amounts to about 130% more than Wi-Fi 5.

In addition to more channels and an increase in data transmission rates, Wi-Fi 6 also increases the overall throughput of data transmissions by improving its efficiency. There are quite a few of these efficiencies, and the remainder of this article will touch upon two of them, including (1) Improved Target Wake Time Management and (2) Orthogonal Frequency Division Multiple Access.

Improved Target Wake Time

One efficiency is the better management of power management through the use of target wake time or TWT. Essentially, TWT allows for a scheduled data delivery mechanism so that the devices do not have to wake up to check and see if they have data waiting outside of that schedule. This efficiency will affect the added benefit of increasing the battery life of a mobile device. It will also reduce contention on the channel as the AP and client device negotiate schedules, and the AP can influence these schedules. Interestingly, TWT is not an 802.11ax or Wi-Fi 6 introduction; it was introduced to the standard in 802.11ah.

Orthogonal Frequency Division Multiple Access

The second technological efficiency employed by Wi-Fi 6 is called Orthogonal Frequency Division Multiple Access or OFDMA. This technology OFDMA allows Wi-Fi 6 to split each transmission into multiple units targeted to different client devices. These separate units within the channel effectively increase the available overall throughput and providing significantly greater efficiency.

These new efficiencies and others not discussed here were designed to address the access requirements of environments containing a high density of endpoints requiring a Wi-Fi connection at the same time. This is true not only for airports, stadiums, offices, and hotels but is also becoming increasingly true in high use homes where the IoT (Internet of Things) has created an environment where many different devices make use of the internet without human involvement.

The following chart summarizes the capabilities of Wi-Fi 5 and Wi-Fi 6:

Edited by: Tom Carpenter

Assuming smart devices are constantly listening to their users, it is reasonable to ask if these listening smart devices are also recording the sounds that they pick up? Surprisingly, tech companies admit that everything their smart devices hear they record. They claim, however, that smart devices record sound in order to improve the algorithm running the device. Regardless of the reason, the idea that conversations are being recorded seems to exceed most smart device user's conception of their implicit contract with the maker of the smart device.

Many people claim that social media platforms such as Facebook use a smart device's ability to hear the speech of their users to direct relevant advertisements to them. Facebook has explicitly denied this allegation. However, many people are suspicious of this denial based on their personal experience with the social media platform. Interestingly, Amazon employs people to listen to conversations picked up by Amazon Echo (also known as Alexa). This seems to be an even greater violation of the implicit contract. For it is one thing to have a computer monitoring a smart device's user in order to improve an algorithm or even to direct advertising. It is quite another to have an actual human being listening to a presumably private communication over a smart device in their own home.

The issue of smart devices listening and recording the sounds made by their users without their user's consent has started to catch the attention of federal lawmakers. Representative Seth Moulton of Massachusetts has submitted a bill called the "Automatic Listening Exploitation Act" that would fine a tech company $40,000 for every recording made by a smart device without its user's consent. The proposed legislation also permits the user to require the tech company to delete the record. At present, it is unclear whether this bill will become a law, but its existence at least suggests that this issue is growing in importance.

In the meantime, while smart devices seemingly have free reign to listen to and record the sounds their users make without their permission, it might be helpful to know how to disable this function should the user wish to do so. The following is a step by step guide for this purpose with certain devices.

How to Disable the Listening Capability of a Smart Device

iPhone Apps can be disabled by:

• Go to Settings
• Tap Privacy
• Tap Microphone
• You will then be given a list of your apps with a slide button that can be used to disable the microphone function.

iPhone Siri can be disabled by:

• Go to Settings
• Tap Siri & Search
• You will then be given a list of Siri functions with a slide button that can be used to turn off the functions for "Hey Siri," "Press Side Button for Siri," and "Allow Siri When Locked."

ANDROID Apps can be disabled by:

• Go to the Apps & Notifications screen
• Go to App Permissions
• You will then be given a list of apps with the ability to turn off the microphone access associated with it.

ALEXA requests can be heard and possibly deleted by:

• Access the Alexa app
• Go to Settings
• Go to History.

Note: Amazon claims that deleting these recordings may negatively impact the quality of its user's Alexa experience because these recordings are used to improve Alexa's responses.
In the alternative, you can also manually turn off the microphone on the device itself until you're ready to make a request. Of course, this will defeat the spontaneity of making a request, which seems to be integral to the experience of using this type of smart device.

GOOGLE HOME recordings can be deleted by:

• Log on to your Google account
• Click on your profile picture
• Click Manage Accounts
• Click Google Activity Controls
• Click Manage Activity
• From here you will be allowed to mute the microphone

As the reader might gather, it is not immediately apparent as to how to disable the listening capabilities of the smart devices. In the same respect, it is not immediately evident that smart devices are listening to their users and recording the sounds that they make in the first place. Regardless of whether these recordings are made to make the experience of the device more seamless as the tech companies contend, it is, at the very least suspicious that they are not transparent about this aspect of their devices. This provides all the more reason to make explicit the terms of the implicit contract between the smart devices and their users.

• RTL8812AU - abgn+ac (2x2:2)
• RTL8814AU - abgn+ac (4x4:3)

The micro-USB B port on the WLAN Pi supports the USB On-The-Go (OTG) specification. What this means is that when you connect your Mac or PC to the WLAN Pi using a USB to micro-B cable, the WLAN Pi appears in your Mac / PC as an Ethernet device, which is automatically configured via DHCP. The default IP address is 192.168.42.1. Once the unit is powered up, it will display its IP address on the LED.

If connected via Ethernet, enter the IP address displayed on the LED. Otherwise if connected via USB, use the address 192.168.42.1.

Functionality includes:

• Speed testing
• Network Performance Testing (iPerf2, iPerf3, and ePerf)
• Kismet - wireless network device detector
• H.O.R.S.T - Lightweight 802.11 wireless LAN analyzer
• Scapy - packet manipulation program
• TCPDUMP - CLI packet analyzer
• Aircrack-ng - tools to assess Wi-Fi network security
• Wi-Fi Explorer Pro Sensor

My favorite tool is the WLAN Pi profiler feature (by Nigel Bowden). https://github.com/WLAN-Pi/profiler

The profiler is based on a Python script to check wireless (802.11) capabilities based on association request frame contents. It has been developed to be specifically used with the WLAN Pi platform.

The script performs two functions:

• Create a "fake" access point that will broadcast an SSID of your choosing
• As clients attempt to join the SSID broadcast by the fake AP, it will analyze the association frames generated by clients to determine their 802.11 capabilities.

Understanding client capabilities is an important aspect of Wireless LAN design. It helps a network designer understand the features that may be enabled on a WLAN to optimize the design.

The capabilities supported by each client type may vary enormously, depending on factors such as the client wireless chipset, number of antennas, age of the client etc. Each client supplies details of its capabilities as it sends an 802.11 association frame to an access point. By capturing this frame, it is possible to decode and report on the client capabilities. One caveat, however, is that the client will match the capabilities advertised by an access point. For instance, if a 3 stream client detects that the access point supports only 2 streams, it will report that it (the client) only support 2 streams also.

To get around this shortcoming when trying to determine client capabilities, this script uses the Python FakeAP module to create a fake AP that advertises that it has the highest levels of feature sets enabled. This fools the client in to revealing its full capabilities, which are then analyzed from the association frame that it uses as it attempts to join the fake AP. It then uses the Scapy Python module to capture and analyze the association frames from each client to determine its capabilities.

A textual report is dumped in real-time to stdout and a text file copy is also dumped in to a directory of the WLANPi web server to allow browsing of reports. In addition, a copy of the association frame is dumped in PCAP file format in to the directory. Each result is also added to a summary CSV report file that is created for each analysis session when the script is run.

Community Support
One of the Most amazing things about the WLAN Pi is the amount of support from the Wireless LAN community.

Joel Crane created an external case for the WLAN Pi that looks really good.

http://www.potatofi.com/2019/10/the-wlan-pi-handheld-case.html

At the Wireless LAN Professionals conference there was a session on real world mobile testing using the WLAN Pi.

https://www.wlanpros.com/resources/wlan-pi-resources/

François Vergès has a great blog post on how to customize the WLAN Pi

https://www.semfionetworks.com/blog/customize-your-wlan-pi
https://www.semfionetworks.com/blog/wlan-pi-setup-a-wi-fi-hotspot

Adrian Granados wrote a Wireshark external capture interface / Plugin to perform live remote captures on a specific channel/channel width.

https://github.com/adriangranados/wlanpi-extcap.

How to setup the WLAN Pi as a sensor in Wi-Fi explorer Pro

https://www.adriangranados.com/blog/wlanpi-as-a-sensor

WLAN Pi the must have tool a blog by Scott McDermott

https://blogs.arubanetworks.com/solutions/a-new-tool-the-wlan-pi/

WLAN Pi Project | Jerry Olla | WLPC Phoenix 2019

https://www.youtube.com/watch?v=Nxx6varUwh0

The problem is that all the devices were treated as equals when in fact all the devices see the Wi-Fi differently. Another reason is the Ekahau Sidekick has better receive sensitivity than the client devices being used by the workers in daily production. This had the effect of making the maps green and giving the illusion of better coverage. To address this issue, this is what needs to be done: Before starting a wireless survey, compare the receive sensitivity of the wireless client with the Sidekick. Next, document the delta between the devices. This will be used later on in the report creation phase. The Sidekick will record RSSI at higher levels than a client device. In order to compensate for this difference in readings, collect RSSI from other wireless client devices in the same environment and compare them with the readings taken from the Sidekick.

There is a need for WLAN device calibration, but there's no economical way to accomplish it. Primary reasons why Wi-Fi flourishes are its low cost and simplicity. If we understand that RSSI and CCI are relative to the receiving device we can create a plan to compensate, not calibrate, the WLAN client devices. Every device is different, even the same device from the same manufacturer. In addition, all RF environments are different. These differences can't be corrected but they can be compensated for. A WLAN NIC is not calibrated, it's stable, and it's used for making a measurement against other devices in the network. The average of these measurements is used in the WLAN client device compensation process.

While It is not economically viable to calibrate a wireless client device we can compensate for the differences between the devices. Before starting the process, move the client device to a location close to the RSSI threshold selected for the RF design. This is typically somewhere between -67 and -65 dBm, but will vary based on a large number of factors. Position the device and the Sidekick as close to one another as possible for similar readings. Collect readings from the RSSI cutoff throughout the facility before the pre-deployment survey or post-deployment validation, making sure to move around to a few locations with different environmental conditions. The graphic below illustrates some of the factors involved in the behavior of each wifi device. Not all devices will use all choices, this is usually highly proprietary to each manufacturer.

Here is an Ekahau heatmap of a 420k Square feet warehouse showing the 2.4ghz Wi-Fi as viewed by the sidekick at -67dBm:

Here is the same exact building as viewed by a Zebra ET55 Tablet:

And here is the same exact building as viewed by 1x1 802.11n barcode reader:

The next question is will the above devices work given the signal differences? The answer is does it meet the requirements? The barcode scanners signal is vastly different than the Sidekick. Ekahau Pro released an option to provide a "device offset" to help visualize how the RF looks to different devices.

The website www.rssicompared.com was created with the intent of determining the offset ranges for various devices out there using a consistent testing process.

In conclusion, due to the variances of sensitivity on the different client devices the design was engineered to meet the requirements of the least capable yet most important device in this situation, the 1x1 barcode scanner. After each warehouse was completed, workers were asked for feedback. The information received was that everything was working a lot better and faster. This whole exercise saved enormous amounts of time, money and frustration. I look forward to the next warehouse and the next challenge knowing that all wireless devices behave differently and how to compensate for these differences.

Space Network

Communication with the ISS is accomplished through a communication system called "The Space Network" ("SN"). The SN is a network primarily comprised of two Earth ground stations (one located in White Sands, New Mexico, and another located on the island of Guam in the Pacific Ocean) and the previously mentioned satellites in geosynchronous orbit 22,000 miles from the Earth. This system allows for continuous communication between mission control and the ISS. Before the SN was deployed, it would only be possible to communicate with the ISS when it was in the range of the ground transmitter. The SN is used to communicate with the ISS and satellites owned by entities (corporations or other governments) that have a contract with SN to use its communication services.
For the most part, the SN is used to communicate with objects in high earth orbit. A notable exception being the ISS, which orbits in a near-Earth orbit of 250 miles from the Earth. A high Earth orbit is an orbit exceeding 22,236 miles from Earth. Other communication networks employed to communicate with technologies in lower earth orbit as well as deep space. These networks are called the "Near Earth Network" ("NEN") and the "Deep Space Network" ("DSN"), respectively.

Near-Earth Network

The NEN and consists of a ground-based network of transmitters that communicate with low Earth orbiting satellites. A low Earth orbit is an orbit of 1,200 miles or less above the Earth. The NEN provides telecommunication and data services, including telemetry, commanding, ground-based tracking, and data communications for various customers operating the low earth orbit satellites.

Deep Space Network

The DSN allows for communication with interplanetary spacecraft. It works through massive radio antennas positioned around the Earth to maintain communication as the Earth rotates. Latency becomes more of an issue the farther an object is from Earth.

The Future of Space Communication

For the last 50 years, NASA has used radio waves as the means of wireless communication through the SN, NEN, and DSN. Most of these communications between the Earth and satellites, ISS, or spacecraft employ radio waves in the Ku and S-band frequencies. When dealing with latency issues, large data transmissions (especially with the ISS) must be coordinated with the ground station days in advance.

Radio waves lose strength the further they travel from their source. As technology becomes more advanced, the data requirements, both in terms of transmission speed as well as bandwidth, are increasing over time. As such, radio frequency communication is becoming less viable for this purpose. Several initiatives have been and are currently being developed to deal with this issue.

Delay / Disruption Tolerant Network

A Delay / Disruption Tolerant Network ("DTN") employs a method of data transmission known as "store and forward." Traditional internet protocols require the various nodes in the path of transmission to be available for transmission simultaneously. If one of these nodes is not functioning properly or if the signal is disrupted during transmission, then data can be lost. By contrast, a DTN can store data packages in the individual nodes and then reassemble the data at the final destination. This is helpful when the destination of the data transmission is not available during the transmission because another object is blocking the transmission. For example, an interplanetary spacecraft might be blocked by a planet or other object from time to time during its voyage.

Laser Communication

Communication via lasers is also being developed to solve the problem of weakening radio frequency strength over large distances. This is because lasers can travel large distances with significantly less signal loss than radio waves. Radio frequencies extend spherically and dissipate as they travel, whereas lasers remain focused. Using lasers to transmit data employs the same concept as using radio waves. See the previous blog for more detail on how data is transmitted wirelessly. Communication between Earth and ISS is difficult with lasers because of the precision required. But when successful, data transmission is much faster than using the SN. This technology has the potential for faster data rates and volumes. The two main challenges in using lasers for this purpose is that unlike radio waves, lasers require extreme precision when aimed at a receiver. They can also be distorted when passing through the atmosphere.

In short, wireless communication is necessary to communicate with technology in space. Of course, the conditions in space present challenges to successfully communicate, particularly as to latency, disruption of signal, and signal strength loss over large distances. But it seems that technology is advancing apace to deal with all of these challenges.

5G is expected to come online in early 2020 and promises to be a step above 4G on several different levels. First of all, 5G will operate at speeds that are 100 times faster than 4G. The latency will drop to 1 millisecond, which will essentially allow for data communications in real-time. We experience real-time communication when we talk to another person on a cell phone. But 5G will enable devices to communicate with each other in real-time, which will have a significant impact in terms of technology. For example, one millisecond of latency will provide the foundation for self-driving cars within a metropolitan area.

Comparatively, human reaction time is similar to 4G latency, which is between 100 to 200 milliseconds. As such, the reaction times of self-driving cars will be 100 to 200 times faster. Moreover, self-driving cars are not burdened by the reticular activating system. The reticular activating system is not perfect and sometimes filters out information that might be useful. To illustrate this, think of a time you engaged in a new project. Perhaps you bought a new car and then suddenly noticed other people driving the same make and model as your car on the road. Or maybe you took a class on a particular subject and then began to notice that subject being discussed on television programs or in newspaper articles. It may feel like a coincidence. But actually, those cars and that information were probably present all along. Reticular activating system filtered out that information on the subconscious level as irrelevant for you to operate successfully in the world. By contrast, self-driving cars and all other automated systems operating on the 5G network will have the bandwidth and speed to process all the information transmitted to it in real-time without the need to filter out anything.

The 5G network requires all new infrastructure because it operates differently than the 4G network. According to a recent article on Arrow.com:

Early GSM cellular networks operated at 850 MHz and 1900 MHz. 2G and 3G networks change the modulation method but primarily used the same portions of the spectrum with reorganized frequency bands. As 3G evolved, additional frequency bands were included as well as spectrum around 2100 MHz. 4G LTE technologies brought it additional spectrum and frequency bands, namely around 600 MHz, 700 MHz, 1.7/2.1 GHz, 2.3 GHz, and 2.5 GHz. The 5G frequency band plans are much more complex. As the frequency spectrum for sub-6 GHz 5G spans 450 MHz to 6 GHz, and millimeter-wave 5G frequencies span 24.250 GHz to 52.600 GHz, and also include unlicensed spectrum. Additionally, there may be a 5G spectrum in the 5925 to 7150 MHz range and 64 GHz to 86 GHz range. Therefore, 5G will include all previous cellular spectrum and a broad amount spectrum in the sub-6 GHz range, and beyond sub- 6 GHz is many times the current cellular spectrum.

Essentially, the 5G network will employ a mix of frequencies, including short waves and higher frequencies. This will require a new infrastructure of transmitting stations to broadcast these frequencies. It will also require more transmitters within a specific geographic region because the broadcast range of the shorter frequencies is less than the longer frequencies. As we have previously discussed on this blog, technology companies are presently building this infrastructure all over the world. We have also previously discussed the potential health impacts of being exposed to wireless technology. Because the 5G network will employ more transmitters broadcasting at higher frequencies, there is a concern that this may only increase those negative health impacts. The science in this area is inconclusive at this point. As such, it remains to be seen whether these concerns will ultimately manifest themselves.

In the case of Wi-Fi, the waves are produced on the electromagnetic spectrum. The electromagnetic spectrum consists of many different types of waves that make up the spectrum. The smallest type of waves is the gamma-ray, followed by X-rays. Further down the spectrum is the visible spectrum of light. Further, still are micro-waves. Finally, the largest waves found at the other end of the spectrum are radio waves. Radio waves are the waves upon which data are transmitted.

All types of waves can be measured by their amplitude and frequency. The amplitude of a wave measures how tall a wave is from its midpoint to its top or bottom. The frequency of a wave measures how fast a wave is traveling. This also translates into how compressed the wave is or how many crests and troughs can be found per unit of distance. Radio waves can be naturally generated through electric pulses. Both the amplitude and the frequency of a wave can be modulated.

Amplitude Modulation and Frequency Modulation

Amplitude Modulation (which gives the name to AM radio) is a process by which the amplitude (i.e., the height) of a radio wave can be modulated by a sound wave. Essentially, sound waves create vibrations in an electrical current flowing through a microphone or other device. This current can then be transmitted out through an antenna in the form of a modulated radio waves. These sound modulated radio waves emanate spherically from the source and can then be picked up by a device designed to receive these radio waves and convert them back into sound waves.

Frequency Modulation (which gives the name to FM radio) is the modulation of the frequency of a radio wave in order to transmit data. Essentially, the frequency can be modulated (i.e., sped up and slowed down) into patterns. A fast pattern (for example) could be made to represent a "one" and a slower pattern could be made to represent a "zero." These can then be transmitted as a binary code in various combinations which is the foundation of all data processed by computers. This data is then processed by the wireless device receiving the data into the programming for whatever function the device is accessing wirelessly.

QAM Modulation

Of course, the preceding descriptions of amplitude modulation and frequency modulation were purposefully simplistic in order to provide a conceptual understanding of the process by which it is possible to transmit data wirelessly. Certainly, the process by which the ever-increasing amount of data can be transmitted at the ever-increasing speeds of transmission makes the actual process more complicated. To better illustrate this complexity let's take a look at Quadrature Amplitude Modulation.

Quadrature Amplitude Modulation ("QAM") is a process of modulation that facilitates the transmission of digital information from one point to another. QAM efficiently transmits an analog signal which carries digital information. It does this by modulating the amplitude of two radio waves simultaneously out of phase with each other. This allows a wireless network operator to transmit more data at a faster speed, thus augmenting the bandwidth. Discussing this in any further detail is beyond the scope of this blog post. As said, the reason for including a description of QAM Modulation is simply to provide a glimpse as to how complicated this process can get and will continue to get as scientists and engineers develop new methods of transmitting more data at faster speeds as required by the current market of Wi-Fi consumers.

Transmitting Data Wirelessly is Simple and Complex

In short, the transmission of data wirelessly is made possible by the manipulation of radio waves. These waves are generated naturally by generating pulses of electricity. These radio waves can then be modified by their amplitude or frequency in order to transmit sound or data. This process can also be improved in order to increase the amount of data transmitted as well as the speed by which the data can be transmitted. As is illustrated by this blog post, the fundamentals of this process are relatively simple but can quickly become complex as the process is explored in greater detail.

To illustrate the point, Mr. Ahiwe discussed how there is a big difference between the user experience and requirements of industrial wi-fi versus the user experience and requirements of office wi-fi. Most people working in an office use primarily a wired connection at their desks. In this environment, Wi-Fi is a secondary consideration. For example, an office worker will primarily work at their desk which uses a wired connection. Occasionally they may at some point take their laptop to a conference room (for example) which would then use Wi-Fi. By contrast, in an industrial setting (e.g., a hospital, warehouse, department store, etc.) where workers carry around tablets or other wireless devices in order to perform their jobs, a secure wi-fi connection is of primary importance. Obviously, for this reason, a WLAN for an office will be designed and constructed differently than a WLAN for an industrial setting because the requirements are different.

Getting Input from the Stakeholders

There is an art to deploying access points in a WLAN design because there are many factors to consider that are unique to each setting. When designing a WLAN, it is important to first identify the purpose of the project. The design of the WLAN then must be made to accommodate this purpose. To better understand the needs of the people who will be using the WLAN, it is important to receive their input before the WLAN is designed. This requires communication with and understanding of the needs of the various stakeholders including the executives, the project managers, the team of users, the technical team, cross-functional teams and the team who will actually construct the finished product. Each of these groups will have unique needs relative to the WLAN. For example, the executives will likely be concerned with the overall cost of the WLAN construction. The project managers will likely be concerned with the functionality of the WLAN and how this will affect the ability of the users to accomplish their tasks. The users of the WLAN will likely be concerned with ease of use. The technical and construction teams will likely be concerned with issues related to the architecture of the building and how that will affect the functionality and maintenance of the WLAN. Of course, there are many other factors to consider that will be unique to each situation as well.

Site Survey and AP Installation

After gathering this information, the building site itself must be surveyed. To accomplish this, it is important to engage qualified engineers and to ensure that the most up to date version of software and hardware required is available for use. Also, the most up to date floor maps of the physical space where the WLAN is to be constructed should be obtained and consulted. The infrastructure must be meticulously analyzed including power requirements, network cabling, DHCP, fiber connections, management equipment, RADIUS, LDAP and NTP. 

When installing the access points there are many factors to consider. For example, it is important to make sure the access point floor map is current. This should be compared with a heat map of the area to avoid problems. Also, it is important to design a "rip and replace" strategy should that be necessary, and to ensure proper installation kits are in place. Reusing existing kits is not recommended. The access points should be mounted in accordance with all applicable site and safety codes and so on.

Testing and Validating the WLAN and Receiving Feedback

After the WLAN has been constructed it is vitally important to see that it functions the way it was designed to function. One important suggestion Mr. Ahiwe made was to test the WLAN using different brands of devices. Also, testing the WLAN's signal in high density areas is crucially important. The WLAN should operate seamlessly throughout the entire physical space where it is likely to be used and to be able to accommodate the number of users who are likely to use it. After the WLAN has been used by actual users it is then helpful to get their feedback by whatever means will most effectively gather this information. Again, this will depend on the people involved, but various means (e.g., email, questionnaires, phone calls or personal interviews when appropriate) should all be employed if necessary, in order to assess and fix problems as well as to learn from the experience. 

Ultimately, designing a WLAN requires the consideration of many different factors. Moreover, the construction of a WLAN will have to be uniquely tailored to each situation. This is what makes the undertaking an art in addition to being a science.

The Trump administration has adopted a policy designed to prevent Chinese tech companies from developing the 5G network to block them and the Chinese government from installing back door spying capabilities into the network. In the aforementioned previous blog post, I talked about how the Trump administration issued an executive order specifically designed to block U.S. tech firms from delivering technology to Huawei and other companies "controlled by foreign adversaries." As discussed in that blog post, the intent behind the executive order was to make it more difficult for Huawei to build 5G infrastructure in other countries.

In addition to this executive order, the Trump administration is pursuing other policies designed to achieve the same end. Domestically, the administration has moved to ban the use of Chinese software and hardware from U.S. networks. The administration has also sought to pressure U.S. allies from using Chinese tech firms and their equipment to construct the 5G network overseas by threatening to withhold military and intelligence support to those countries who use Chinese technology for the 5G network.

Not all U.S. allies are willing to cooperate with this pressure, however. The most cooperative allies include Australia, New Zealand, Japan, Taiwan, and Vietnam. Notable holdouts include Singapore, South Korea and much of Europe. The primary motivation behind the holdouts is that Huawei and other Chinese tech companies can build the 5G infrastructure significantly cheaper than can its non-Chinese competitors including Nokia in Finland, Ericsson in Sweden, Samsung in South Korea and to a lesser extent Cisco in the U.S. The reason Huawei can undercut its competitors by 20 to 30 percent is because of its economies of scale and state support by the Chinese government. Moreover, much of the existing 5G infrastructure has already been built by Huawei and the cost of replacing that infrastructure would not only be exorbitantly expensive but would also create costly delays in implementing the benefits of the 5G network.

Beyond the cost, there are other reasons why U.S. allies are resisting a ban on Chinese technology. One reason is that the U.S. has not provided sufficient proof that Huawei or the Chinese government has or intends to implement "back door" spying technology within its code and hardware. Another argument is that if Chinese technology is limited to the edge of the 5G network (i.e., the cell towers and devices used to connect to the network) as contrasted with the core of the 5G network (i.e., the servers and software used to execute the most essential aspects of the network) then their ability to spy through the use of backdoor technology will also be limited. At present, the governments of the U.K., Germany, and France all plan to limit Chinese technology to the edge of the 5G network. Another argument is that a back door of this sort is only one of many different ways the 5G network can be used to spy on its foreign adversaries. This argument is made more powerful still by the fact that the 5G network is thought to become more decentralized over time as the computing power will be spread throughout the internet of things, thus eroding the contrast between its edge and core. As such, the cost associated with not using Chinese technology would not be worth the ultimate benefit it would generate. Finally, most U.S. allies believe the Trump administration will not follow through with its threats to stop cooperating militarily or with intelligence. Certainly, such a threat will negatively impact the U.S. as much as it would negatively impact its allies.

There are legitimate threats in letting the Chinese install this back door technology. In the event of hostilities, the Chinese could conceivably use this technology to disrupt the U.S. power grid, commercial and military communications, supply lines in addition to eavesdropping. It seems reasonable to assume that the U.S. is working to harden critical systems so that they are less vulnerable to an attack of this sort as well as developing the means to counter any attack of this type.

As discussed in the previous blog post, the U.S. has already moved unilaterally to disrupt China from dominating the construction of the 5G network worldwide by banning the sale of U.S. technology to "foreign adversaries." This ban has some teeth because the U.S. still dominates the manufacture of semiconductors and silicon chips which are components Huawei requires to build the 5G infrastructure. This action has damaged Huawei's ability to deliver on their contracts as well as their revenue streams. As argued in the Geopolitical Futures article, this unilateral action on the part of the U.S. may end up being more impactful than pressuring its allies will be.

An article published on the Environmental Research section of the Science Direct website in July of 2018 entitled Wi-Fi is an important threat to human health, reported the following health effects associated with repeated Wi-Fi exposure:

Repeated Wi-Fi studies show that Wi-Fi causes oxidative stress, ... neuropsychiatric effects including EEG changes, ... endocrine changes, and calcium overload.

In this blog post, I would like to examine these health effects in greater detail and then discuss possible means of protecting ourselves from them.

Oxidative Stress

Oxidative stress is defined as "a disturbance in the pro-oxidant-antioxidant balance that leads to potential [bodily] damage." Antioxidants are chemical compounds generated within the human body and in certain types of food, that protect cells from damage inflicted upon them by free radicals. When the body is assaulted with too many free radicals it will overwhelm the existing antioxidants' ability to protect the body from them. Essentially, a free radical is a molecule containing an unpaired electron. The presence of an unpaired electron within the structure of a molecule will allow that molecule to bond with other molecules. This bonding will then change the nature of the molecule to which it bonds, which in turn, can then damage the molecule to which it bonds and the molecular structures to which that molecule is a component part. In the human body, the molecules we are concerned about are DNA, proteins, carbohydrates, and lipids. Damage of this kind can lead to chronic diseases including type 2 diabetes, heart disease, as well as sperm and testicular damage, apoptosis or cell death and cellular DNA damage.

Neuropsychiatric Effects

Neuropsychiatric conditions are mental disorders commonly arising from diseases of the nervous system. These types of diseases have significant, negative health impacts and impair the ability to learn, perform in a work environment, and cope with difficult emotions. These disorders include but are not limited to problems with addiction, abnormal growth and development, eating disorders, degenerative diseases, mood disorders, neurotic disorders, psychosis and sleep disorders. According to the original article cited in the first paragraph, these neuropsychiatric changes are measurable with an electroencephalogram ("EEG" – a machine that measures electrical activity in the brain). Prenatal exposure to Wi-Fi can impact post-natal neural development, decreased special learning capability. In addition, research showed that exposure to Wi-Fi can lead to a "greatly lowered ability to distinguish familiar from novel objects."

Endocrine Changes

The endocrine system is a system within the body comprised of internal glands including the pineal gland, pituitary gland, pancreas, thyroid gland, adrenal glands, sexual organs and the hypothalamus. These glands secrete chemicals into the circulatory system which serve to communicate with and control the functions of various organs in the body. Consequently, when the endocrine system is impacted the functions of the organs they control are also impacted. Common diseases caused by a damaged endocrine system include diabetes mellitus, thyroid disease, and obesity.

Calcium Overload

Calcium overload or hypercalcemia is an abnormal elevation of calcium in the blood. This condition can cause bone loss, kidney stones as well as heart and brain damage. Exposure to Wi-Fi can create calcium overload by causing the parathyroid glands to become overactive.

Mitigating the Harmful Impacts of Wi-Fi Exposure

The aforementioned, harmful impacts of Wi-Fi exposure will not impact all people who are exposed to Wi-Fi. And those people who are affected will be impacted differently and to varying degrees. As with all disease, much of it depends upon the genetics, health, and age of the person exposed as well as the level of exposure they receive. Obviously, not much can be done about an individual's genetics, health or age. However, everyone can take steps to reduce their exposure to Wi-Fi. Perhaps the easiest action step one can take in this regard is to reduce their exposure to Wi-Fi signals by minimizing the use of cell phones as much as possible. Aside from limiting cell phone usage, a person can use an earpiece or speakerphone instead of holding the phone directly to their head.

Damage caused by oxidative stress can be mitigated by eating foods abundant in antioxidants including dark chocolate, pecans, blueberries, strawberries, artichokes, goji berries, raspberries, kale, red cabbage, beans, beets, and spinach. Increasing the number of antioxidants in the body will help to prevent the cells in the body from being damaged by increased levels of free radicals.
Furthermore, researchers in the field of neuropsychiatry are making great strides in discovering the biological cause of these diseases. This knowledge will give rise to more effective treatment.
Certainly, exposure to Wi-Fi is a relatively new phenomenon in our civilization and not all of the potential impacts are known. It seems reasonable to say that the more experience the modern world has with living in a world awash with Wi-Fi, the greater our understanding will be in terms of its impact and our ability to manage it.

George Casper addresses some of the harmful impacts of Wi-Fi exposure and some action steps to mitigate these impacts on this weeks vlog.

Algorithms are the driving force behind Artificial Intelligence, Machine Learning, Deep Learning and more. These technologies are used in today's wireless networks (though only partially) and understanding algorithms is the key to understanding them. In this VLOG, Tom Carpenter talks about the starting point for learning about algorithms: formulas. Those wonderful mathematical notation strings that look like a foreign language to many. He provides some brief advice on how to get started in the process as well.

It turns out that there are currently three different methods of experiencing Wi-Fi on an airplane. These are (1) air to ground transmission (or "ATG"), (2) "Ku band" transmission via satellite and (3) "Ka-band" transmission via satellite. All three methods require (1) a server located on the ground with a transmitter, (2) a receiving antenna located on the outer surface of the plane, and (3) a server and router located inside the plane. Let's look at each method in more detail.

ATG Transmission

The "ground-based model" (referred to in the aforementioned Washington Post article) is commonly called "air to ground" or "ATG". This type of Wi-Fi on airplanes uses the same infrastructure that makes it possible for smartphones to access wireless internet. This infrastructure primarily includes cell phone towers that transmit a 4G LTE signal to an antenna mounted on the bottom of the airplane. This is the slowest method for an inflight Wi-Fi connection, transmitting at roughly 3 megabytes per second ("MB/s"). For comparison, a standard smartphone operates at speeds of 30 to 40 MB/s second. Also, this method of transmission can only operate over land where cell phone towers have been built. Consequently, this method of transmission cannot be used by airplanes flying over a significant sized body of water. Satellite-based models for inflight Wi-Fi, however, solve this problem to a large extent.

Satellite Transmissions

There are two types of satellite-based transmissions for inflight Wi-Fi. These are called "Ku band" and "Ka-band" transmissions. Both require a ground-based satellite dish to send a signal from the ground-based server, as well as a satellite orbiting in space and properly positioned to receive and relay the transmission to the airplane. In contrast with the ATG method, the airplane must then have an antenna mounted on the top of its outer surface to receive a satellite transmission.

Ku Band Satellite

The term "Ku band" refers to the 12 to 18 gigahertz ("GHz") portion of the microwave section of the electromagnetic spectrum, which is used for satellite transmissions. One advantage of using the Ku band is that it is technically faster than an ATG transmission for the purpose of inflight Wi-Fi (around 50 MB/s). However, the speed can be slowed down significantly by the number of people using it on a particular airplane as well as the number of airplanes receiving the transmission from the satellite. This problem can be addressed eventually with more satellites. Another advantage is that a satellite transmission is not limited geographically and can be accessed over oceans and other large bodies of water if a satellite is properly positioned to transmit a signal to an airplane.

Ka Band Satellite

The term "Ka band" refers to the 26.5 to 40 GHz portion of the microwave section of the electromagnetic spectrum. This is also used for satellite transmissions but allows for higher bandwidth. Notably, the 5th Generation ("5G") network will rely heavily on this frequency. The Ka-band is faster than the Ku band (around 70 MB/s) but it also can be slowed down by the number of airplanes accessing the satellite's transmission as well as the number of people on the planes accessing the transmission. The Ka-band satellite model combined with the Ku band and ATG models seem to be the next evolution in the challenge to provide faster and more reliable inflight Wi-Fi connections. Of course, this would require differently mounted antennae to receive the different transmissions which create additional challenges.

Challenges

Establishing a fast and reliable inflight Wi-Fi connection is a difficult problem to solve for many reasons. One major problem is created by the fact that an airplane is traveling at a very fast rate of speed over a long distance. This requires the airplane to connect with many different cell towers (in the case of an ATG transmission) and satellites which are also moving at even faster rates of speed around the earth. The airplane must also be able to switch quickly from one transmission to another throughout the trip, and ideally do so in a way that does not interrupt the service. Different carriers employ different technology from multiple antennae mounted on different parts of the plane's exterior to antennae that can redirect themselves to maintain a connection. When you think about it, it is a wonder that this is even possible in the first place.

Another problem has to do with the antennae mounted on the airplane and other equipment necessary to receive the Wi-Fi transmission. No matter how aerodynamic an antenna is, it will always create some drag, which will, in turn, translate to higher fuel costs. This problem has been minimized through newer models that are smaller and more flush with the airplane's exterior. The antennae and the onboard equipment also create added weight which also translates into higher fuel costs. Fortunately, the newer generations of Ka-band antennae are thinner and require less power. So, the trend seems to be that inflight Wi-Fi connections will continue to improve over time despite the obstacles. Onward and upward!

To find out more about the new CWSA certification, click here. And don't forget to register for Wi-Fi Trek 2019, where you can take the first CWSA classes this September!

Foreign adversaries are increasingly creating and exploiting vulnerabilities in information and communications technology and services ... in order to commit malicious cyber-enabled actions, including economic and industrial espionage against the United States ... [T]he unrestricted acquisition or use ... of information and communications technology ... controlled by ... foreign adversaries augments the ability of foreign adversaries to create and exploit vulnerabilities in information and communications technology ... and thereby constitutes an ... extraordinary threat to the national security ... of the United States ... Although maintaining an open investment climate in information and communications technology ... is important for the overall growth and prosperity of the United States, such openness must be balanced by the need to protect our country against critical national security threats. ... In light of these findings, I hereby declare a national emergency with respect to this threat.

Executive Order on Securing the Information and Communications Technology and Services Supply Chain

The language of the order then goes on to authorize the U.S. Secretary of Commerce, Wilbur Ross, and other officials of the executive branch of the federal government to block certain information technology-related transactions that entail an "unacceptable risk" to the United States' national security. The Secretary of Commerce has the power to block these technology transactions because they specifically require the Bureau of Industry and Security (a subdivision of the Department of Commerce) to grant an application for this purpose.

How Does an Executive Order Work?

In most cases, the implementation of federal government policy requires legislation to be passed by both the U.S. House of Representatives and the U.S. Senate and then signed into law by the President. However, government action of the type implemented by this executive order does not require legislation to be passed through the Congress, because the President is essentially the CEO of the executive branch of the federal government. As such, he is empowered to direct his subordinates (e.g., the various Department Secretaries and their subordinates, including the director of the Bureau of Industry Security) by executive order to enact his policies.

By contrast, the President does not have the authority to direct any other branch of the federal government (legislative or judicial) through executive order. Nor does he have the authority to direct any state government through executive order. Moreover, an executive order can be undone by a subsequent executive order, which typically makes them a less permanent means of implementing federal policy than legislation passed by Congress. For example, some of President Obama's policies were enacted through executive order (because he could not get them passed by Congress during his second term in office). President Trump then overturned much of the Obama administration's policies enacted through executive order but could not overturn policies enacted through legislation (e.g. The Affordable Care Act a.k.a. "Obamacare").

The China Connection

Interestingly, although this executive order was clearly aimed at blocking U.S. tech companies from transferring technology to China or Chinese controlled corporations, the executive order only refers to "foreign adversaries." Subsequent to the enactment of this executive order, the U.S. Department of Commerce added the Chinese information technology corporation Huawei Technologies to the Bureau of Industry and Security's "Entity List." According to the BIS website, this is a list of "foreign persons – including businesses, research institutions, government and private organizations, individuals, and other types of legal persons - that are subject to specific license requirements for the export, re-export and/or transfer (in-country) of specified items." Effectively, adding Huawei to the Entity List makes it more difficult for Huawei to obtain component parts needed to construct information technology infrastructure (e.g. cell phone towers) around the world.

Huawei is thought to be controlled by the Chinese government which is, in turn, suspected of using Huawei-built information technology infrastructure for the purpose of spying on other countries and corporations. Both Huawei and the Chinese government deny this allegation.

The Impact of the Executive Order

The President's executive order does seem to be achieving its intended goal to an extent. Specifically, wireless carriers in the United Kingdom who are currently building 5G infrastructure have up until now employed Huawei hardware. However, since the executive order came into effect, effectively cutting off essential equipment Huawei acquired from U.S. corporations, the government of the United Kingdom and the corporations employing Huawei are beginning to rethink using the Chinese corporation for this purpose. It remains to be seen whether this and other U.S. policies will ultimately undermine China's role in the construction of and influence over the 5G network.

To find out more about the new CWSA certification, click here. And don't forget to register for Wi-Fi Trek 2019, where you can take the first CWSA classes this September!

Laura Chappell is the founder of Chappell University, Wireshark University, and the Protocol Analysis Institute, Inc. Through these organizations, Laura has increased the knowledge of thousands of network professionals in the area of protocol and network analysis and troubleshooting.

Additionally, Laura is the author of several, books including:

• Wireshark 101: Essential Skills for Network Analysis, 2nd Edition
• Troubleshooting with Wireshark: Locate the Source of the Performance Problems
• Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide, 2nd Edition
• Wireshark Certified Network Analyst: Official Exam Prep guide, 2nd Edition

As an author, Laura makes networking plain in writing. As a speaker, she is hailed as a top-notch,
entertaining presenter who can detail the most effective methods to locate network issues. She
continues to stay on top of the latest trends in networking, and will be bringing that knowledge to Wi-Fi
Trek 2019.

On a personal note: while I can't remember the year, I remember having much more hair when I was
first introduced to Laura's learning materials. For well over a decade, she's been helping technical
professionals fall in love with the nitty gritty of network analysis, and I am so excited to hear her at our
conference.

To find out more, read Laura's blog. And register for Wi-Fi Trek 2019 today!

With that said, the list of people making appearances on The Computer Chronicles is astounding:

• Gary Kildall
• Bill Gates
• George Morrow
• Paul Schindler
• John Doerr
• Mitch Kapor
• And many more...

I should warn you: if you love computers and technology as I do, you will not be able to leave YouTube for several days as you watch The Computer Chronicles archives there. It's THAT valuable and entertaining. If you're like me, you'll be reliving it. If you're younger, you'll enjoy getting to see the history that older technologists lived through.

As you watch the earliest episodes (1983 and 1984, for example) and you see references to the computers available then, just remember: the Commodore 64 was the best one!

The Computer Chronicles is not Stewart Cheifet's only claim to fame. He has also run a successful technology media creation organization. But what I'm most excited (and honored) about is the fact that he is willing to come to our conference in Nashville in September. This technology giant, an elder in our industry, will share ideas that will help us all become better technologists.

You don't want to miss this opportunity to meet one of the legends in computing history. We look forward to seeing Stewart and you at Wi-Fi Trek in Nashville.

Register for Wi-Fi Trek 2019 today!

• 3GPP defines 5G as any system that uses 5G New Radio software.
• Speeds in the real world now have ranged from 80 to 634 Mbps down, and 10 to 60 Mbps up. That varies from place to place, but the goal is 100 Mbps everywhere in the future.
• 5G NR will operate in two frequency ranges: Frequency Range 1 (400 MHz to 6 GHz) and Frequency Range 2 (24 GHz to 53GHz). FR1 operates in familiar frequencies, and offers lower capacity but greater range. FR2, by contrast, offers higher capacity and speeds.

What are the goals of 5G?

• 10 to 100 times as many devices connected.
• 10 Gbps rates at peak, and 100 Mbps universal.
• Less than one millisecond of latency.
• 10 years of battery life on low-power devices.
• 10,000 times more traffic than 4G had when it was launched.

What is the future of 5G?

Right now, the goal for 5G is simply to work as a faster version of 4G. It will be used to boost data rates in mobile devices.

In the coming years, however, the hope is that 5G's increased capacities and speeds will boost Smart City and Smart Agriculture solutions, as well as Industry 4.0 (automated manufacturing), gaming and health monitoring. These sci-fi-seeming technologies are only possible with faster links connecting more devices.

What are the challenges for 5G?

Any time a new technology comes along, it has to overcome some logistical challenges to replace the old one. The question right now isn't whether 5G will replace 4G; it's whether 5G will replace Wi-Fi entirely. Right now, most of the new technologies mentioned above depend on Wi-Fi rather than cellular. In order to replace Wi-Fi, 5G would have to overcome:

• Massive existing Wi-Fi infrastructure. Will businesses spend the considerable amount of money and time it will take to convert their entire systems to 5G, when their current Wi-Fi solutions are working just fine for them?
• Older solutions are cheaper. The systems for Wi-Fi are all in place now - why spend the money to upgrade everything to 5G compatible? And how long will it take for 5G pricing to be competitive with Wi-Fi?
• Knowledge is still limited. Because 5G is so knew, most companies don't have access to external or internal experts who know the technology well.

These challenges will be addressed over time, but they represent a significant barrier now and in the near future.

What will 5G look like in 5 years?

CWNP's Tom Carpenter predicts the following developments over the next few years in the 5G/Wi-Fi face-off:

• The public will use 5G like they use 4G LTE now (with greater performance and stability).
• Large private 5G networks will be gaining momentum. Companies will need in-house staff that know both Wi-Fi and 5G.
• At the same time, Wi-Fi won't be standing still! It's much easier to train someone who currently works with Wi-Fi to make the transition to the new 802.11ax than it is to train them on 5G - it's a matter of days instead of weeks.
• 5G probably won't have replaced Wi-Fi. Don't expect a client population that's entirely incompatible with 5G now to suddenly switch.

What do you need to learn about 5G?

• Learn everything you can about 5G New Radio. The recent book 5G NR: The Next Generation Wireless Access Technology is an excellent guide for engineers to get up to date.
• Learn private 5G/LTE.
• Learn how 5G and Wi-Fi can coexist.
• Become a CWSA® (Certified Wireless Solutions Administrator). This newer certification from CWNP goes beyond Wi-Fi to cover all the different wireless technologies and how they interact with each other. The first CWSA classes will take place at our Wi-Fi Trek conference in September 2019.

For the training you need in the fast-changing world of wireless technology, visit CWNP now!

To help Wi-Fi professionals make faster and better decisions about which IoT transports to use, Mohammed encourages us to "learn the idea behind transports and apply them to your specific scenario. Each transport has advantages. Given the deployment, the chosen transport can work in or out of your favor."

Types of Transports
Mohammed reviews the advantages and disadvantages of various transports to help us make informed decisions about which one(s) to use for our network environment:

Wired IoT
"It seems strange to use wired as an IoT transport, but we've been doing it for years," says Mohammed. Advantages of using wired technology for transports include:

• Provides ease of use, as it's globally accepted.
• Ultra-fast speed without interference from wireless.
• Instant inter/intranet connectivity on your network.
• Can use Power over Ethernet (PoE) to power your devices.

While it seems like we can do everything we want to do with a wireless IoT transport without having to build something new, wireless does lack some features:

• PoE consumes a lot of power. "PoE has an odd standardization and seems to be increasing the power on the ports," says Mohammed.
• Wires. If we use an umbilical cord of 100M, that causes tripping hazards.
• Requires more power to do Transmit and Receive. The Transmission Control Protocol (TCP) stack can be considered extra bloat when we're trying to send small amounts of packets.
• Requires traditionally large connectors, which are not ideal for small devices or wearables.

"Wired IoT isn't bad. It just has its place and we have much cooler technology now," says Mohammed.

Wireless IoT
"Wireless is such a better option for IoT devices because we already have an ecosystem built for it, and everyone has them somewhere," he says. Other advantages of this type of IoT include:

• Globally accepted. No licenses are required in order to use it.
• Good range and throughput.
• Built-in security.
• Easier way to connect our devices on the network than wired.

While wireless removes some of the disadvantages of wired IoT, there are drawbacks:

• Wireless devices still require a lot of power to transmit and receive.
• Contention not just from other devices, but also from other IoT transports trying to use the spectrum, which can turn into a Wi-Fi dumping ground. "It seems really easy for us to use the unlicensed spectrum selfishly and not play nice. We just want to use the spectrum any way possible," Mohammed says.
• Different ideas on how to implement encryption and authentication. No two devices implement the same way.
• Stock bloat.

Wireless 802.11ax/Wi-Fi 6 offers advancements that help us mitigate the disadvantages of wireless IoT, such as Target Wait Time (TWT) and Bluetooth Low Energy (BLE).

Target Wait Time (TWT)
With TWT, the IoT device can coordinate with the access point (AP) about when to power on, allowing us to provide better battery life for that device. Mohammed says, "Instead of having an IoT device spread energy across 40, 80, or 160 megahertz channel, the IoT device can concentrate its energy to a much narrower band and increase its energy gain. By narrowing the band, we can have better focus of its energy; instead of spreading it too thin, we can provide focus on that signal, and perhaps turn down transmit power and increase the battery life."

BLE 4.x/5
"When BLE first launched, it was horrible," says Mohammed. "BLE 4 made some vast improvements in the transport. Release 5 is coming out and has great promise."

The advantages of BLE include:

• Low power
• Small form factor
• Better pairing
• Frequency Hopping Spread Spectrum.
• Designed to be dodgy with Wi-Fi, meaning that it can blacklist certain channels if the error rate is too high.
• Advertises on channels 37, 38 and 39. Advertisements contain information such as device discovery, connection establishment, broadcast transmissions. On the rest of the spectrum, which contains 37 other channels, it can be used for bidirectional communication of devices, adapt to frequency hops for successive communication events.

Mohammed is quick to remind us that BLE also has drawbacks, such as:

• Requirement to add our own security
• Over The Air (OTA) might be cleartext
• Requirement for a gateway to convert a conversation into something the network can carry.

"BLE seems to be lagging behind in transport game, compared to other transports like ZigBee and Z-wave."

ZigBee
The ZigBee IoT transport is based on 802.15.4, but is now maintained by ZigBee Alliance Group.

Advantages:

• Easy way for manufacturers to interlock devices
• Native mesh
• Strong provisioning
• Security and device management

"This transport is ideally targeted for home automation, but can apply to business networks as well," says Mohammed.

When deploying ZigBee, Mohammed wants us to keep a few things in mind. ZigBee has very similar advantages and disadvantages to BLE; however, it uses Direct Sequence Spread Spectrum instead of Frequency Hopping Spread Spectrum. ZigBee channels overlap with Wifi and are 2mgH wide. When we put Zigbee, APs, and BLE together, even though those channels look like they could fit, they don't actually fit due to side lobes. "Those channels could interfere with our Wifi transmissions and vice versa," he says.

Alternative IoT Transport Options
Mohammed also names several IoT transports that do not use shared spectrum with Wi-Fi, including:

• LTE
• OnGo
• Z- Wave (meant for home automation)
• Lo-Ra (originally designed for low-power, long-distance, wide-area networks)

Final Words of IoT Transport Advice
Mohammed leaves us with the following pieces of advice when choosing an IoT transport:

• Use the tools that you have.
• Use your brain to design a network that's most optimal for your environment.
• Ensure that you're designing channels correctly.
• Use your usual tools for spectrum sweeps. Notice that there's too much interference? What other ideas can you use? Is there a different transport you can offload it to?
• Lean on software manufacturers. They're launching new tools and guides to help you design a highly functioning network.

He also reminds not only us Wi-Fi professionals, but manufacturers as well, to play nice. "We have to make sure that we're taking care of a shared spectrum," he says.

View Mohammed's full presentation here.

Stay on top of the latest Wi-Fi tech developments by exploring our certification programs.

Read more:

IoT Revolution: 5 Ways the Internet of Things Will Change Transportation

Robert J. Bartz, CWNE, CWNT wants Wi-Fi professionals to do that from time to time—to slow down and think more critically about what you do every day, particularly with the wired services associated with 802.11. "Even though we all use wireless, wired is still a part of our lives for the most part. We have to think about the wired side when it comes to a wireless design," he says at CWNP's annual conference Wi-Fi Trek 2018.

Bartz provides an overview of the ways that "wires work with wireless" to create a desired result—to cultivate more recognition among Wi-Fi professionals of the crucial (yet often forgotten) wired side of 802.11.

Power Over Ethernet (PoE). "It was always intriguing to me to take a low voltage cable, put DC voltage on it, and supply power to a device to make it operate without having to plug something into an AC outlet," he says. According to Bartz, there are three things to consider with PoE:

1. Equipment that supplies the DC voltage and receives it
2. Numbers or budget, i.e. how much the devices draw
3. Design concepts, i.e. the recognition that PoE is Ethernet technology, not wireless technology, even though it's used so much with wireless technology.

"With PoE, it's all about numbers and design. I would rather see it called Voltage over Ethernet when we talk about power with WLAN because so much of it is radiofrequency, which is a whole different ballgame," he says.

Bartz refers to two sides of PoE equipment:
1. Power Source Equipment, aka the Giver or Provider of power, which comes right out of the Ethernet switch and WLAN controller
2. Powered Device, aka the Taker or what receives the power. The Taker is more than just access points; it's VoIP phones, clocks, cameras, door locks, and more. Use an adequate solution for what you're trying to provide.

With PoE numbers or budget, he advises considering the following:
1. What do you have to work with? Think about all of the PoE devices you have. You have to ensure that there's enough power to supply to the device.
2. Power budget. Make sure there's enough power based on the devices you're going to use. "There's nothing worse than running out of DC power," he says. This is where some history and arithmetic come into play.

The first PoE amendment, 802.3af, came out in early 2003. Then 802.3at was ratified to supply enough power to technology as it advanced. An 802.3af power source will supply 15.4 watts of power per port, and 802.3at will supply 30 watts of power per port. The power device can draw 12.95 watts of power from 802.3af and 25.5 watts from 802.3at. "We have to think about the line loss," says Bartz. The nominal voltage for PoE is 48 VDC. These numbers are important in calculating how much power you're going to need, as they make up your power budget. "If you don't understand your power budget, there's a good possibility you can run out of DC power, which is not a good thing."

How to calculate your power budget
According to Bartz, using 802.11 WLAN requires you to use (but not memorize, whew) certain formulas, like the one below:

Ohm's Law: P=E x I

12 Watts = 48 VDC x .250 A

Using Ohm's Law will allow you to determine how much power your devices are drawing and perform the appropriate calculations to make sure you have enough power.

With PoE design, Bartz reminds us to think about Ethernet capacity and the following questions:

• Are there enough ports? Make sure that there's enough AC power to supply enough DC power for those devices.
• Are there enough ports and is the power budget there? The last thing you want to do is not have enough ports or power per port.

Along with PoE, Bartz also reminds us that networking services are crucial to 802.11 WLAN, specifically the following:

• Dynamic Host Configuration Protocol (DHCP), including IP address scope, IP address lease time, server availability, and options
• Domain Name System (DNS), including IP address to name resolution (big host file), and serving as an alternate to Locate WLAN controllers
• Quality of Service (QoS), including the wireless side, which gives us user priority and access categories AND the wired side, which is required for end-to-end connectivity.

Finally, Bartz reminds us of the importance of wireless design and the wired side of 802.11 WLAN technology. If you didn't know already, Wireless design (aka RF site survey) also includes a wired survey. "You need to do a wired survey as part of your wireless design," he says. "Wireless/RF site survey refers to the understanding of processes, procedures, software, how to make your design. There's a lot to the whole concept of wireless design that also includes the wired side." For example, wiring closet locations, the maximum distance of Ethernet (328 ft.), the correct installation of cables, and making sure you have enough switch capacity to support your devices—are all wired parts that are crucial to wireless design.

View Bartz's full presentation here.

Stay on top of the latest Wi-Fi tech developments by exploring our certification programs.

Read more:

6 Things to Expect from IEEE 802.11ax

Ethics, Integrity, and the CWNE Process

The CWNP Blog

Don't worry. At CWNP's annual conference Wi-Fi Trek 2018, Higher Education Network Engineer and CWNE Rowell Dionicio explained everything folks in the WiFi industry need to know about pursuing certifications.

Check out his tips, guidance, and recommendations below.

1. The best place to get certified is CWNP. Why? Because we're vendor-neutral. According to Dionicio, CWNP ensures that "you're actually helping the industry and selling the right equipment the right way." He explains that as a Wi-Fi expert, he receives a lot of marketing calls from people who have been taught to sell their equipment in a specific way, as directed by their vendor. Instead, he recommends that you pursue CWNP's CWS or CWT programs to get vendor-neutral, foundational knowledge, then work your way up to a vendor-specific certification.

2. Absorb as much knowledge as you can. If you work in WiFi now, Dionicio recommends that you immerse yourself further by taking on additional projects and exploring online resources. Tell your boss that you'd like to take the lead on any Wi-Fi projects that nobody wants, even if don't have all of the knowledge you need. Refer to blogs and podcasts to further your learning, get your questions answered, develop relationships with groups for WiFi professionals, and help familiarize your supervisors with your work (which will come in handy when you need an endorser for a certification). Dionicio recommends the following: WLAN Pros Blog, WLAN Pros Podcast, and No Strings Attached Show. He says, "I kind of put myself out there professionally by saying 'I want to take this on,' and then just gaining that experience, knowing you're going to make mistakes along the way. You are going to make mistakes. I made plenty of Wi-Fi mistakes."

3. Tools will help you. Dionicio credits part of his success with CWNP's certifications to his use of tools. "Any tool that I can get my hands on, that's what I used to actually apply what I learned in theory in the books and applied to what we see out in the field," he says. He recommends the following: Airtool, Wireshark, and Omnipeek. "Pick a client and whatever BSSID it's joining, and try to figure out what kind of communication is going between those two and maybe why the Wi-Fi is slow for you. Try to figure out why that is," he says.

4. Write for humans. If the essay portion of certifications intimidates you, don't worry. Dionicio assures you that he isn't a good writer either and he was able to get certified. His advice? Write about your real-life experience in the field. "I actually capture and save everything that I have for the purpose of sharing to other people of what I've found and I apply that to each of the essays," he says. Also, keep the essays short. "You don't have to write a novel. Keep it to about two pages max. Demonstrate what you've learned from the certifications that you just acquired." And remember that humans are reading your essays. "They want to know and find out if you understand the material, understand how to even demonstrate what you've learned, and apply it in a way that educates others." You need to demonstrate that you can speak on a human level, as others will look to you to explain and solve their WiFi problems. He also encourages you to include images, a spectrum graph if appropriate, or other visual representations to support your written analysis.

5. Find an endorser who knows your work. You do not need all CWNEs to endorse you. "It doesn't matter if they're a CWNE or not," Dionicio says. When he was pursuing his certifications, he asked a colleague with whom he worked the closest on several projects, his manager, and a CWNE who knew his work well. You should find people who know your work and who can say, "Yes, I trust this person to do expert-level WiFi."

6. Use the certification to continue learning. According to Dionicio, "After the CWNE, I find that that's when you actually start learning. The certifications gave me this foundation of WiFi but then with that foundation I started discovering things I didn't know. There are a lot of things I don't know about Wi-Fi." So, use your certification not as an ending, but as a starting point to go even deeper into WiFi topics and serve as a role model in the community.

Learn more about Rowell Dionicio and his love for WiFi tech by following him on Twitter @rowelldionicio.

View Dionicio's full presentation here.

Stay on top of the latest WiFi tech developments by exploring our certification programs.

Read more:

Ethics, Integrity, and the CWNE Process

CWTS: Almost Gone but Not Forgotten

The Quest to Become the Next CWNE - EKAHAU Wi-Fi Blog

If you're having trouble falling asleep, try reading the draft of the latest standard IEEE 802.11ax.

David Coleman, CWNE #4 and Senior Tech Evangelist at Aerohive Networks, jokes that while the 682-page document isn't the most exciting read in the world, Wi-Fi experts should familiarize themselves with it. Why? So that we can discern and prepare accordingly for "what's in the amendment and what's in the real world," he said at CWNP's annual conference, Wi-Fi Trek in 2018.

Otherwise known as Wi-Fi 6 or High-Efficiency Wireless (HEW), IEEE 802.11ax should be ratified sometime in 2019. While we've heard plenty of buzz about its benefits, Coleman wants to educate us on what we can actually expect from 802.11ax in real-world scenarios.

1. Improvements in Efficiency

Instead of trying to achieve bigger channels and higher data rates with PHY and MAC layer enhancements, as in previous standards like 802.11n/ac, 802.11ax is all about efficiency, with specific attention to better traffic management. Those efficiency improvements include the following:

• MU-MIMO in both downlink and uplink directions for up to 8 devices
• OFDMA: better use of frequency space
• BSS coloring/spatial frequency reuse
• Target Wake Time (TWT)
• 1024-QAM: higher data rates

So, given that list, it sounds like we should be expecting a huge jump in speed, broader signal ranges, better performance in device-dense environments, plus increased power efficiency on top of all that, right? Well, not so fast.

Let's break IEEE 802.11ax down into what we should really anticipate in the coming year.

2. If You Build It, Clients Will Come

As you know, to take full advantage of 802.11ax, clients need to support it. They aren't here yet—but they are coming, according to Coleman. The following companies announced chips with 802.11ax support and devices slated to hit the market soon:

• Broadcom
• Qualcomm
• Intel
• Aerohive Networks (family of 802.11ax access points are available already)

3. Benefits for Legacy Clients

While we're waiting for clients to jump on the 802.11ax train, we can also expect benefits for legacy clients. Although 802.11ax APs won't directly benefit legacy (802.11a/b/g/n/ac) Wi-Fi clients by improving their performance or efficiency, the new APs should enhance an overall system. As Wi-Fi 6 clients are added to the mix, airtime is freed up, and legacy clients will be able to take advantage of that extra airtime.

4. Additional Power Requirements for Customers

What can we expect from 802.11ax about enhanced power efficiency? Well, not much. Instead, expect customers to need even more power. Power budgeting becomes more and more important as the 802.11ax APs come into the mix. The more-powerful processors need added power, as do the additional radio chains. PoE (Power over Ethernet) won't cut it, and PoE Plus should be the accepted future. Think added cable runs, as well.

5. No Rush on the Upgrade

You don't need to upgrade everything in a hurry. No worries about replacing your old AP uplinks with 10Gbps models, as bandwidth bottlenecks are usually at the WAN uplink. And you probably won't need 2.5 Multigigabit (802.3bz) Ethernet ports for quite a long time. But, as your Wi-Fi 6 client population grows, vendors should (and will) have them ready for you.

6. Stay The Course and Maintain Good Design

Coleman's best advice about how to prepare for 802.11ax is to keep designing for 20 MHz channels, for now. (Or 40 MHz, if that's what you do.) Although 80 MHz channels are a possibility, they're not a likely reality anytime soon. As he reminds us, 802.11ax, or any new Wi-Fi tech for that matter, doesn't mitigate bad design. Field testing will be vital with this new standard, and design and validation are still key.

Learn more about David Coleman and his love for Wi-Fi tech by following him on Twitter @mistermultipath.

Watch David's Wi-Fi Trek Talk

Learn more: Slides can be found at cwnp.link/presentations

Other Top Blog Posts

Basics of MAC Architecture (Part 1 of 3)
DHCP for Wireless Clients
Calculating RF Wavelengths

What is CWTS?

The CWTS certification was created by CWNP (Twitter @CWNP) as a gateway to the world of vendor-neutral standards-based IEEE 802.11 wireless network training and certification. This entry level certification is geared toward sales, marketing, project management, help desk, and first line technical support individuals that need to understand the fundamentals of standards-based wireless networking. The CWTS is the "what it is, not how it works" of IEEE 802.11 wireless networking.

Since I am the author of all three CWTS study guides by Sybex over the past nine years, this certification is very near and dear to my heart. Anyone that has written a technical book knows the amount of time, energy, and dedication that goes into such a project. I was given the opportunity to write the 1st edition CWTS study guide published in 2009, the 2nd edition published in 2012, and the 3rd edition published in 2017. The main reason I took on the task in the first place was to be able to share my knowledge of wireless networking with anyone that is able to have time to read the book and learn about this great technology that is continuously evolving.

CWTS - What now?

Recently my wife and I took a trip to Washington D.C. to enjoy a short vacation to our nation's capital. Although I have been there several times in the past, there are always so many activities and so little time. This last trip was extra special because my wife and I attended our son's wedding in this amazing city. It was a wonderful wedding in a park on a beautiful Spring Saturday afternoon. It was such a special day to see our son and his lovely fiancée start their lives together as husband and wife.

Something I have always wanted to do in the past while visiting this city but was never able to fit into the schedule was to visit the Library of Congress. This is one of the many places to see some of the nation's history. I have known for some time that a copy of the first technical book I authored, the "CWTS Certified Wireless Technology Specialist Official Study Guide" by Sybex was located in the library, and this year, I decided to visit it. 

What an amazing place. I remember reading about the library and seeing parts of the library in several movies but to be there in person was such a great experience. After some research, I was able to find the general area where the copy of my book was housed and I asked someone there if I could take a look at my book. One thing I did not realize was that I needed a library card so I could check out the book. How cool is that?! 

After getting library cards we worked our way back to the building where the copy of my book resided. I completed the checkout slip and handed my card to the librarian. He told us that they would have to retrieve the book and it would take about an hour. We returned after grabbing some lunch and were greeted with the 1st edition of the "CWTS Certified Wireless Technology Specialist Official Study Guide" by Sybex. [see image above] Wow, what an awesome feeling to see this in the Library of Congress! It was almost like it was glowing right before my eyes.

I was told by the librarian they bind the paperback books in hardcovers to protect them; A quick flip through the book showed that he was right and it was still in pristine condition.
Overall, it was a great experience to visit this amazing library in person and as a bonus to see my first CWTS book. It would have been great if Bryan Harkins, is the technical editor for all three versions of the Sybex CWTS study guides, was there to share the moment with me. His expertise and attention to detail helped me produce books that have been read by many thousands of people worldwide and helped to educate them on the fundamentals of IEEE 802.11 wireless LAN technology.

Two From One - CWS and CWT

Even though CWTS is on it's way to retirement, there are two new alternatives: the Certified Wireless Specialist (CWS), and the Certified Wireless Technician (CWT). These two certifications target different objectives based on the specific requirements of the individual wanting to gain wireless LAN knowledge.
The CWS certification validates the knowledge of wireless sales, marketing, entry-level support, and decision-making professionals related to 802.11 wireless networks.
The CWT certification is geared toward individuals that will be able to install and configure wireless access points for initial operations and ensure connectivity. Also, troubleshoot basic problems and assist users in-person or through remote communications in problem resolution along with many other tasks.

In-person and virtual live online training classes, as well as other training materials, are available for both of these new certifications to help anyone get their start in the fantastic world of wireless networking. I highly recommend the CWS and/or CWT to anyone interested in acquiring knowledge about the basics of standards-based wireless networking. I would like to wish good luck to any and all that take this first step into the world of vendor-neutral wireless LAN training and certifications which are available from CWNP.

Robert J. Bartz, CWNE, CWNT
Author, CWTS Certified Wireless Technology Specialist Official Study Guide, 1st and 2nd Editions
Author, CWTS, CWS, and CWT Complete Study Guide, 1st edition
Author, Mobile Computing Deployment and Management: Real World Skills for CompTIA Mobility+ Certification and Beyond, 1st Edition
www.eightotwo.com
@eightotwo

For those who don't know, I'm Lee Badman, CWNE #200 and a member of the CWNE Advisory Board. While I don't claim to speak directly on behalf of the Board, I do know that what I'm talking about in this piece is a shared sentiment among my fellow board members. Just as accomplishing our own CWNEs was something we each took great pride in, it's also an honor to be able to weigh in on each new CWNE application that is submitted. It's an honor- and a profound responsibility. Each of us knows what being a Certified Wireless Network Expert is to us, and what it likely means to those submitting their applications. We also know the amount of work that goes into the process, and the impact that this achievement can have on careers and self-esteem.

As meticulous as most applicants are in gathering their endorsements, writing their essays, and providing their blogs as part of the submission package, the members of the board try to be equally thorough in our analysis of each application. The requirements are the requirements as, outlined by CWNP. In addition to those stated requirements, there is one aspect of the process that is implicit without being spelled out on the application: you have to be honest with what you submit. As with pretty much any facet of life, dishonesty will usually catch up with you.

Please- for your own sake- if you are pursuing CWNE, make sure that every aspect of your submitted materials passes the smell test. Are your blogs really YOUR blogs, or did you take liberties with cut-and-paste? Are your essays genuine summations of your own projects, or did you poach content from a vendor's how-to-guides? Thankfully, the CWNE Board of Advisors doesn't see a lot of these unethical behaviors, but on occasion it happens. As easy as it is to lift somebody else's content, it's not much harder to identify that an applicant has decided to take the less than honorable path to putting together the CWNE application. When that happens, it's game-over for that applicant, with no chance of CWNE. To let these behaviors slide is to cheapen every CWNE ever awarded.

Beyond the CWNE candidate doing the right thing, I would also encourage any potential endorser to also do some soul-searching. How well do you know the applicant? Can you vouch for their wireless knowledge? Are you really willing to go to bat for the individual, or are you just being polite and filling a square? The CWNE program is only as strong as we collectively make it, through integrity. If you don't know the applicant's true capabilities, don't be afraid to politely decline to endorse.

To close, I'll take off my CWNE hat and speak as a human being. Whether you are at a conference on your employer's dime, away from your spouse at a job, or quoting a work for a prospective customer- just be a decent person. There's enough sleaze and fraud in the world these days. Each of us can balance that just a little by simply being honest and ethical in all of our dealings.

Lee Badman