Rowell Dionicio

Get Techie With It

6 GHz Frame Captures with EtherScope nXG

By Leave a Comment

How do we scan all the available channels in Wi-Fi 6E? With an additional 1200 MHz of spectrum ahead of us, we need to have the tools and resources for planning and analysis.

Wi-Fi 6E brings high efficiency. With that comes increased complexity in how we will analyze and validate Wi-Fi operations.

Sure, we might see a big boost in speeds but its worthless if Wi-Fi isn’t operating efficiently. For network engineers, what can we use to help verify our Wi-Fi networks?

I’ve been playing around with the NetAlly EtherScope nXG with newly added Wi-Fi 6E capabilities. In addition to scanning 6 GHz spectrum, we can use the handheld tool to capture frames for further analysis.

So I booted up a brand new Cisco C9136 and joined the only 6 GHz client I had available to see what we can capture.

We need to identify what channel to capture on. The EtherScope nXG provides a channel map along with identifying the number of APs and clients on those 6 GHz channels.

EtherScope nXG channel map

Using the navigation menu, we can view a list of the channels and select my access point’s operating channel, ch37.

List of 6 GHz channels

The channel view presents details about that individual channel, which is 20 MHz wide. We can capture frames on this channel but if my SSID was configured for a wider channel width I’d be missing some frames.

I recommend selecting SSIDs, selecting your network of interest to properly select the channel width to capture on.

Select the wrench icon on the bottom right, and tap on Capture (Wi-Fi).

Capture 6 GHz frames

Now in the Capture utility, we can see what channel we will capture frames on and at what channel width.

The gear icon allows you to customize the capture settings.

Wi-Fi capture

Captures can get really large. You can set a file size limit and specify whether you want to capture a full packet or maybe you just want the headers.

The Capture Settings is where you can modify the channel width and make additional capture settings with filters.

Capture settings

Once you’re done making changes, tap on the back icon and tap Start to begin your 6 GHz frame capture.

As the capture is running, you’ll be able to see how many frames are being captured and what type, such as Management, Control, or Data frames.

Live 6 GHz Wi-Fi capture

Once you’re satisfied, tap on Stop and upload your pcap file to Link-Live. It’s conveniently stored for you online and it can be shared with other network engineers.

Upload to Link Live

View your capture on your computer and learn more about Wi-Fi 6E.

Wireshark 6 GHz Capture

Want an EtherScope nXG?

If you’d like to get a quote on the NetAlly EtherScope nXG, reach out to Packet6 today!

Frame Capture Files

Here are a few pcap files I captured from the EtherScope nXG. Both captures are from an EnGenius ECW336.

Wi-Fi 6E Beacon

Wi-Fi 6E Association (WPA3)

Manage Cisco Catalyst in the (Meraki) Cloud

By 2 Comments

Table Of Contents
  1. Supported Platforms & Licensing
  2. Catalyst Wireless Support
  3. Features
  4. How do you get started?
  5. My Thoughts

Cisco Catalyst is coming to the Meraki cloud. Get ready to manage your Catalyst switches and access points using the Meraki dashboard.

With 47% of employees wanting to work with a hybrid option, cloud management infrastructure is a must.

Infrastructure we can manage and automate from anywhere creates a highly productive workforce.

Cisco has decided to bring flexibility for network operators by combining Meraki’s cloud management with Cisco Catalyst hardware. What you get is a centralized view of your network with real-time switch status and health.

It’s easier to monitor your network remotely and get traffic visibility where you weren’t able to previously.

Migrate to Meraki cloud monitoring for a unified view of your network infrastructure and troubleshoot from anywhere. Leverage the cloud and spend less time in the CLI using overlay management for your Catalyst hardware.

Catalyst 9500 switches

Supported Platforms & Licensing

Today, the Catalyst 9200, 9300 and 9500 switching platforms will be supported in the Meraki dashboard with two options:

  • Cloud Monitoring (monitor only)
  • Cloud Management (monitor and configuration)

The minimum firmware version to run on these switches is IOS-XE 17.3 or higher.

What about licensing?

Fully managed Catalyst switches will need to have DNA Advantage (DNA-A) or DNA Essentials (DNA-E).

Monitored Catalyst switches will use a Meraki license.

The difference between the two switching licenses is that DNA-E will not include application visibility or client usage data.

Will Meraki displace DNA Center? No. Cisco is providing flexibility and options. But you will need to decide where you want to manage your Catalyst infrastructure – Meraki, DNA Center, or standalone?

Once a Catalyst switch is fully managed by Meraki it will no longer be an IOS device. It will run Meraki software. But if it is a monitored switch, it can still be accessible via CLI.

Catalyst Wireless Support

Cisco is introducing three new Catalyst wireless access points that can be managed by the Meraki dashboard or a C9800 controller. Those are the:

  • CW9166
  • CW9164
  • CW9162

The SKUs with CW prepended will support either Meraki dashboard or the C9800 controller.

There isn’t much information on this yet but maybe more details will come out during Cisco Live 2022.

Features

This is the first iteration of Catalyst crossing over to the Meraki dashboard. We won’t see 100% feature parity of Catalyst switching features into the Meraki dashboard but it appears you can do basic monitoring and configuration. Additional details should be arriving soon.

Catalyst switches will in one of two modes: monitor-only or fully-managed.

Some of the features already supported include the Topology view to see where your network infrastructure is connecting.

Viewing Catalyst switches in the Meraki Topology view

A centralized view of your network switches and which are in monitor only mode.

Viewing a list of Catalyst switches in the Meraki dashboard

Drill into an individual switch, such as the Catalyst 9500, within the Meraki dashboard.

Catalyst 9500 monitoring in the Meraki Dashboard

Don’t forget the Catalyst Wi-Fi management capability in the Meraki dashboard.

Catalyst access point (CW9166) in the Meraki dashboard

How do you get started?

It’s a three step process to get started with monitoring Catalyst in the Meraki Dashboard:

  1. Collect your Catalyst device credentials
  2. Enable API access in your Meraki dashboard
  3. Use the Catalyst Onboarding app from the Meraki dashboard (Organization > Inventory)

My Thoughts

Is Cisco going all-in with Meraki? While Cisco has been building on-prem software solutions, such as DNA Center, we’ve seen competitors place their bets in the cloud. Cisco has always provided multiple options and this could just be another option. An option where DNA Center couldn’t fit in an organization’s environment but Meraki can.

But what drives one towards DNA or Meraki? Will the options confuse people? I’m hoping the licensing model will become more simplified as it has been with Meraki.

This is a good move for those in their upgrade cycles. It’s easier to migrate to cloud management with Meraki but still have the feature-rich capabilities of the Catalyst product line.

I hope to see more feature extensibility with Meraki, API, and NETCONF. I can see so many benefits leveraging the Meraki dashboard.

I’m going to be keeping my eye out for more during Cisco Live 2022.

Q1 2022 Income Report

By Leave a Comment

At the start of the year, I develop new objectives to aim for. Some of those objectives are revenue targets.

I’m considering this year to be a development phase of Packet6. And what I mean by that is identifying ways to keep the business relevant and continue to provide value to clients in this changing climate.

See my other Income Reports.

Table Of Contents
  1. Highlights of Q1
  2. Lessons Learned
  3. Income Analysis
  4. Expense Analysis
  5. What’s Next
Validating Meraki Wi-Fi

Highlights of Q1

In the last couple of months ending 2021, I was studying for the Palo Alto Networks Certified Network Security Administrator (PCNSA) exam. In January 2022, I was able to take the exam at home and pass! I’m glad I passed because I had been working on Palo Alto Networks firewalls for most of 2021.

A week after, I passed the JNCIA-MistAI exam.

Both certifications reflect the work I’ve been doing in the past year with Palo Alto Networks and Juniper. I wanted to put some certifications behind it.

One of the big things that will really pay off is hiring a podcast producer to work on Clear To Send episodes. It will allow more focus on recording and freeing time for things that need my attention. A big game changer for the podcast.

And as we focus on improving the business, we are learning and implementing tax strategies. We’re registered as an S-Corp which allows us to take on certain deductions. This lowers the business’ taxable income.

It’s a lot more strategic than that. Not as simple. There’s some additional management overhead but we’ll see how it works for Packet6 this year.

Lessons Learned

The first quarter was very busy. I took on too much weekend work filled with network cutovers, traveling, and performing validation surveys. I don’t want to overdo it again which means I need to bring in some help.

Sometimes weekend work is required since Packet6 is a side hustle. It can’t affect my full-time employment.

After having done that much work, I realized we didn’t leave space to do more regular reviews of how the business was performing. Tasks and projects were kept in Todoist but I didn’t have a method of properly reviewing what was completed.

We’ll be changing how we keep track of active projects, have end of week and quarterly reviews to make sure we’re not letting things slip.

And speaking of letting things slip, the Packet6 blog has been collecting dust. I’ve implemented a content calendar to keep track of publishing blog posts. We’ve been fortunate to have many new clients come in through the website that it would be a shame to let it wither on the vine.

Income Analysis

Now we get to talk about numbers. I’ve always been nervous about sharing these but I’d like to be transparent to allow others to learn from my successes and mistakes.

Eventually, these income reports will expand in more detail. There is much more to organize when it comes to tracking finances.

Q1FY22Q4FY21% Change
Revenue$246,817$163,23351%
Expenses$89,936$114,420(21%)
Net Income($17,641)($33,056)47%

We were fortunate to have great projects completed in Q1. We’ve embraced the help of subcontractors and it’s removed some weight off my shoulders. But Professional Services revenue dropped 11% compared to the previous quarter. It was offset by an increased in revenue from Managed Services.

I believe all of the Pro Services work came in as referrals or existing business.

The biggest challenge we’re facing is the shortage of equipment. Some clients waited 6 months, others 3 months, but they arrived in Q1 which allowed us to invoice for network hardware, increasing hardware revenue by 110%. All of Q1 hardware sales were Meraki products.

Q1FY22Q4FY21% Change
Pro Services$43,345$51,127(11%)
Managed Services$25,384$19,03833%
Hardware$112,659$53,714110%

Our Q1 profit margin was 29.2% which is a -41.3% decrease compared to Q4FY21.

Expense Analysis

The biggest objective that has been carried from last year into 2022 was lowering expenses.

Maybe the most important expense goes to salary of two employees. I want to be sure we can always pay ourselves. You hear about business owners who forgo their income in order to keep the business afloat. That’s no way to live.

Another expense that is new this year will be reimbursements back to us for using a portion of our home as an office and for other business expenses incurred that we’ve personally paid for. Gas mileage is an example of this or reimbursement for your home office usage and Internet.

Q1FY22Q4FY21% Change
Travel$12,300$6,17399%
Web Services – Subscriptions$2,260$5,214(57%)
Legal & Professional Services$897$2,025(56%)

I saw travel expenses increase by 99% but most of it is charged back to clients. This is for airfare, lodging, and rental cars to locations such as Arizona, Los Angeles, Seattle, Denver, etc. I’ve stayed with Delta Airlines and Hertz for rewards. Sometimes the cost being higher compared to an airline such as Southwest.

We took a good look at all the SaaS services we use. Some are experimental and others become less utilized. So it was important to cut these subscriptions out and we were able to reduce this expense by 57%. Big win in my book so I’ll take it.

And in the previous quarter we spent a little more on Legal & Professional Services in the previous quarter but in Q1FY22 we reduced this expense by 56%.

We have other expense categories but need to clean it up for improved tracking.

Overall, expenses were down 21% compared to the previous quarter. I’ll take it!

What’s Next

We’re improving our business processes to keep things consistent and to ensure we’re operating with intent. I’m documenting technical processes for future training purposes.

Some examples of processes:

  • Weekly reviews
  • Quarterly reviews
  • Project & task management
  • Sales calls
  • Podcast production

Our reason for working on processes is to have an overall system that allows us to work on the business instead of in the business.

Now that we have many of our processes documented, we’ll begin to offer Managed Services to more clients. This would bring in recurring revenue in addition to Professional Services & equipment reselling.

I’m also going to go back to creating useful content for technical audiences from my personal website. Packet6 content will have a content targeted for IT decision makers.

I hope this Income Report was valuable for you. Send your questions in the comment section below.

First Look at Ekahau AI Pro – Network Simulator

By Leave a Comment

Ekahau AI Pro is the latest release to Ekahau’s Wi-Fi design, validation, and troubleshooting software. This is considered version 11 and it comes with many new features.

In this blog post I’m going to highlight the Network Simulator feature. But before using Network Simulator it’s important to note the requirements:

  • Existing Sidekick survey(s)
  • Have a network selected under My Networks with access points
  • Scaled floor plan (although this should have already been done for the validation survey)

Network Simulator is great for upgrade scenarios. Let’s say I have an Ekahau project file where a validation survey was performed. But I’d like to upgrade the current access points to a newer model. But I’m not sure if doing a one-for-one swap of access point models will meet all my requirements.

With Network Simulator, we can simulate this change and compare the new predictive model to your existing deployment.

It’s important to note that as of version 11.0.1, Network simulator is a beta feature that needs to be enabled.

Enable beta features inside of Ekahau AI Pro
Enable Beta Features

Network Simulator can be found under ActionsNetwork Simulator.

Ekahau AI Pro - Network Simulator
Select Network Simulator

Network Simulator is perfect for planning 6 GHz deployments or maybe you want to see if it is possible to swap out your current access points where they are mounted today for another model.

Network simulator parameters
Network Simulator parameters

In my project file, it has detected Cisco Meraki access points. To start off the simulation, I need to select the exact model being used. The results will show how much better or worse the new access points are.

Click the drop down under the Current Access Point and select your model. As of version 11.0.1, you’ll need to scroll down to locate your access point. Maybe they can include a search functionality in the future.

Next, select your 6 GHz access point on the right under Target Access Point. We’re going to use the Meraki MR57 for demonstration purposes.

Network Simulator will also run auto-planner for you with your selected Channel Width configuration and AP height.

Once you’re set, click on Simulate.

Filled out Network Simulator Parameters
Network simulator parameters

Let AI Pro do its thing. When the simulation is complete, at the top you’ll notice the Network Health details between your current access points and your target access point.

At the bottom, there is a new Network Simulator generated view which is separate from your data collection. It doesn’t overwrite the data.

Results from Network Simulator
Results of Network Simulator

Click on Details at the top to see how the MR57 details look like.

Details from Network Simulator
Network Simulator details

Maybe we don’t like the results of this AP. We can run Network Simulator again with a different access point.

We can also run channel planner on the new generated network and make any necessary design changes.

Need Ekahau AI Pro?

Need a quote for Ekahau AI Pro and a Sidekick? Reach out to Packet6 today.

PAN-OS Configuration Management – PCNSA

By Leave a Comment

Configuration of a Palo Alto Networks firewall is kept in one of two configuration stores. The PCNSA requires you know how the firewall maintains configuration such as saving, reverting, and loading.

There are two configuration stores you should be aware of:

  • Candidate configuration
  • Running configuration

You can make changes to the firewall configuration using either the web GUI or CLI.

Navigate to Device > Setup > Operations > Configuration Management to view these operations.

Location of Configuration Management on PAN-OS

Candidate Configuration

Any changes to the configuration are done on the candidate configuration. It is not directly applied to the firewall until you commit the changes.

The Candidate Configuration will live in the control-plane memory. A commit will activate those changes and place them in the Running Configuration.

There is a distinction between saving and committing your configuration. Saving a configuration, in the Palo Alto Networks world, will save your changes to the Candidate Configuration. They are not active. They are not installed or implemented.

A saved Candidate Configuration is kept in persistent storage. It is a snapshot. If you were to make changes and reboot the firewall, those changes will no longer be there because it lived in memory.

Committing a change is the act of installing the changes stored in the Candidate Configuration into Running Configuration.

Running Configuration

The Running Configuration is kept on a file named running-config.xml. This file is the active configuration used by the firewall during operation. It is persistent with a reboot.

The data-plane memory is where the Running Configuration lives.

Configuration changes are activated from the Candidate Configuration during the Commit process.

It is possible to save snapshots of the Running Configuration. A different Running Configuration can be loaded to overwrite the current running-config.xml file.

Configuration Operations

There are various operations that can be performed on the Candidate Configuration and Running Configuration. They are:

  • Save
  • Load
  • Import
  • Export
  • Revert

Know the differences between each one and when it should be used.

Save

A Save operation will create a snapshot of the Candidate Configuration. There is a default snapshot file named snapshot.xml. It is possible to created a named configuration snapshot that does not overwrite this file.

One possible scenario that comes to mind is creating a backup of the configuration with a date and time or special name such as “backup-before-firewall-rule-purge-5-26-2022.xml”. Or it could be used to save the Candidate Configuration to export and import into another firewall.

Saving a Named Configuration in PAN-OS

If you’d like to save the Candidate Configuration, to the snapshot.xml file then click on Save candidate configuration.

Load

If you’re smart, you’ll backup your configurations to a file and store them safely. There might come a time where you need to load that configuration file to the firewall. Or you’re loading a template configuration to the firewall.

The Load operation comes in handy for loading a named configuration snapshot file or a configuration version.

When loading a configuration snapshot, you will select the file from the dropdown list.

Loading a Named Configuration in PAN-OS

Loading a configuration version allows you to go back into a previous configuration version.

It is useful for loading a previous configuration that worked to revert any changes you might have just committed. The dropdown will specify the date and time of the configuration snapshot.

Loading a Versioned Configuration

Export

The Export function allows you to save a configuration to a file kept off of the firewall. You can export a named configuration to an xml file and use it on another similar firewall model.

Export a Named Configuration in PAN-OS

Export Versioned Configuration is similar to the above except you’re selecting a specific version of configuration to save off of the firewall.

Import

The exact opposite of Export 🙂 In this operation you will be taking a saved configuration file and importing it into the firewall. You will be prompted to select the file from your computer. The file will be stored on the firewall but the configuration is not activated. You must load the configuration afterwards.

Revert

Hopefully, you won’t need to use this operation. You can quickly go back to the last saved configuration or running configuration.

Revert to last saved config will load the snapshot.xml file

Revert to running config restores the configuration from the running-config.xml file

Be cautious with this operation because once you click Yes it will perform the operation. One click to revert.

Revert configuration

It’s my preference to avoid using Revert and opt to use one of the other operations above.