Rowell Dionicio

Get Techie With It

Wireless

How Multiple BSSID Helps in Wi-Fi 6

By Leave a Comment

Network operators will find an improvement with Wi-Fi 6/6E in how access points broadcast SSIDs. We won’t be getting away from environments that have several broadcasted SSIDs (ahem.. WeWork).

An environment surrounded by many Wi-Fi networks will be affected by beacon overhead. It will eat away at airtime due to the amount of SSIDs broadcasted. Multiple BSSID is mandatory in Wi-Fi 6. This will minimize the beacon overhead.

Table Of Contents
  1. What is Multiple BSSID
  2. Where can you find Multiple BSSID
  3. How to capture Multiple BSSID
  4. Resources

What is Multiple BSSID

Multiple BSSID is the advertisement of colocated SSIDs in a single beacon or probe response frame. The multiple SSIDs will correspond to a single SSID.

Prior to Wi-Fi 6/6E, multiple SSIDs from an access point would be broadcasted by its own individual BSSID. We’ve been told to keep broadcasted SSIDs to a maximum of three due to beacon overhead.

Airtime from multiple BSSIDs will contribute to airtime utilization resulting in wasted capacity and low efficiency.

I love how we bring existing methods into newer protocols many years later. Multiple BSSID was first defined in 802.11v-2011. 10 years later we’re now making it mandatory to use.

Where can you find Multiple BSSID

You’ll find the Multiple BSSID information from within the beacon and probe response frame. I’ve included a Wireshark capture from my test AP where I’ve configured 4 different SSIDs – Test-Net, Frame Thrower, Slurp Fish, and Banter.

Multiple BSSID Element

There are two types of Multiple BSSIDs:

  • Transmitted
  • Non-Transmitted

In my capture, you’ll see one SSID in the beacon frame: Test-Net. That SSID is the Transmitted BSSID. The remaining SSIDs configured on the AP are Non-Transmitted BSSID.

Capturing Wi-Fi 6/6E

I use the EtherScope nXG to capture my Wi-Fi 6/6E frames. You can also do this with the AirCheck G3.

Within the frame capture, you’ll find another element – Multiple BSSID. This element contains the info we need to identify all the SSIDs being broadcasted. Inside of the subelement are the non-transmitted BSSIDs and their information.

Nontransmitted BSSID Profiles
Inside a nontransmitted BSSID Profile

The Multiple BSSID element contains useful information:

Max BSSID Indicator – Carries number of active BSSIDs in the multiple BSSID set

Nontransmitted BSSID Profile – One for each of the non-transmitted BSSIDs containing their information

Within the Nontransmitted BSSID Profile you’ll find all the capabilities for the additional SSIDs. Devices need to know what’s required to join these SSIDs.

How to capture Multiple BSSID

You can find these details in a few ways. You can do a frame capture and open the pcap inside of Wireshark just as I’ve shown above. You’ll need a Wi-Fi 6 capable device.

Using WiFi Explorer you can find these exact same details without needing to do a frame capture. You’ll need a Wi-Fi 6 capable device or capture file to import. Import my frame capture (linked below) into WiFi Explorer.

WiFi Explorer View

I’ve also used the EtherScope nXG to visualize Multiple BSSID. They indicate Transmitted and Non-Transmitted BSSID with specific icons and provide the capability to drill in further as shown in the screenshots below.

Transmitted Multiple BSSID from EtherScope nXG
List of Multiple BSSIDs from EtherScope nXG
Non-transmitted BSSID from EtherScope nXG

Resources

6 GHz Frame Captures with EtherScope nXG

By Leave a Comment

How do we scan all the available channels in Wi-Fi 6E? With an additional 1200 MHz of spectrum ahead of us, we need to have the tools and resources for planning and analysis.

Wi-Fi 6E brings high efficiency. With that comes increased complexity in how we will analyze and validate Wi-Fi operations.

Sure, we might see a big boost in speeds but its worthless if Wi-Fi isn’t operating efficiently. For network engineers, what can we use to help verify our Wi-Fi networks?

I’ve been playing around with the NetAlly EtherScope nXG with newly added Wi-Fi 6E capabilities. In addition to scanning 6 GHz spectrum, we can use the handheld tool to capture frames for further analysis.

So I booted up a brand new Cisco C9136 and joined the only 6 GHz client I had available to see what we can capture.

We need to identify what channel to capture on. The EtherScope nXG provides a channel map along with identifying the number of APs and clients on those 6 GHz channels.

EtherScope nXG channel map

Using the navigation menu, we can view a list of the channels and select my access point’s operating channel, ch37.

List of 6 GHz channels

The channel view presents details about that individual channel, which is 20 MHz wide. We can capture frames on this channel but if my SSID was configured for a wider channel width I’d be missing some frames.

I recommend selecting SSIDs, selecting your network of interest to properly select the channel width to capture on.

Select the wrench icon on the bottom right, and tap on Capture (Wi-Fi).

Capture 6 GHz frames

Now in the Capture utility, we can see what channel we will capture frames on and at what channel width.

The gear icon allows you to customize the capture settings.

Wi-Fi capture

Captures can get really large. You can set a file size limit and specify whether you want to capture a full packet or maybe you just want the headers.

The Capture Settings is where you can modify the channel width and make additional capture settings with filters.

Capture settings

Once you’re done making changes, tap on the back icon and tap Start to begin your 6 GHz frame capture.

As the capture is running, you’ll be able to see how many frames are being captured and what type, such as Management, Control, or Data frames.

Live 6 GHz Wi-Fi capture

Once you’re satisfied, tap on Stop and upload your pcap file to Link-Live. It’s conveniently stored for you online and it can be shared with other network engineers.

Upload to Link Live

View your capture on your computer and learn more about Wi-Fi 6E.

Wireshark 6 GHz Capture

Want an EtherScope nXG?

If you’d like to get a quote on the NetAlly EtherScope nXG, reach out to Packet6 today!

Frame Capture Files

Here are a few pcap files I captured from the EtherScope nXG. Both captures are from an EnGenius ECW336.

Wi-Fi 6E Beacon

Wi-Fi 6E Association (WPA3)

First Look at Ekahau AI Pro – Network Simulator

By Leave a Comment

Ekahau AI Pro is the latest release to Ekahau’s Wi-Fi design, validation, and troubleshooting software. This is considered version 11 and it comes with many new features.

In this blog post I’m going to highlight the Network Simulator feature. But before using Network Simulator it’s important to note the requirements:

  • Existing Sidekick survey(s)
  • Have a network selected under My Networks with access points
  • Scaled floor plan (although this should have already been done for the validation survey)

Network Simulator is great for upgrade scenarios. Let’s say I have an Ekahau project file where a validation survey was performed. But I’d like to upgrade the current access points to a newer model. But I’m not sure if doing a one-for-one swap of access point models will meet all my requirements.

With Network Simulator, we can simulate this change and compare the new predictive model to your existing deployment.

It’s important to note that as of version 11.0.1, Network simulator is a beta feature that needs to be enabled.

Enable beta features inside of Ekahau AI Pro
Enable Beta Features

Network Simulator can be found under ActionsNetwork Simulator.

Ekahau AI Pro - Network Simulator
Select Network Simulator

Network Simulator is perfect for planning 6 GHz deployments or maybe you want to see if it is possible to swap out your current access points where they are mounted today for another model.

Network simulator parameters
Network Simulator parameters

In my project file, it has detected Cisco Meraki access points. To start off the simulation, I need to select the exact model being used. The results will show how much better or worse the new access points are.

Click the drop down under the Current Access Point and select your model. As of version 11.0.1, you’ll need to scroll down to locate your access point. Maybe they can include a search functionality in the future.

Next, select your 6 GHz access point on the right under Target Access Point. We’re going to use the Meraki MR57 for demonstration purposes.

Network Simulator will also run auto-planner for you with your selected Channel Width configuration and AP height.

Once you’re set, click on Simulate.

Filled out Network Simulator Parameters
Network simulator parameters

Let AI Pro do its thing. When the simulation is complete, at the top you’ll notice the Network Health details between your current access points and your target access point.

At the bottom, there is a new Network Simulator generated view which is separate from your data collection. It doesn’t overwrite the data.

Results from Network Simulator
Results of Network Simulator

Click on Details at the top to see how the MR57 details look like.

Details from Network Simulator
Network Simulator details

Maybe we don’t like the results of this AP. We can run Network Simulator again with a different access point.

We can also run channel planner on the new generated network and make any necessary design changes.

Need Ekahau AI Pro?

Need a quote for Ekahau AI Pro and a Sidekick? Reach out to Packet6 today.

WPA3 Configuration on Mist

By Leave a Comment

Wi-Fi Protected Access version 3 (more widely known as WPA3) is the successor of WPA2. It improves Wi-Fi security including covering some bugs from its predecessor.

One of the biggest updates includes the mandatory use of Protected Management Frame (PMF) which has been around for a long time but was always optional. Additionally, there are a few WPA3 modes available to use depending on your transition phase to WPA3.

The WPA3 modes:

  • WPA3-Personal
  • WPA3-Personal Transition
  • WPA3-Enterprise
  • WPA3-Enterprise Transition

In order to use WPA3, Mist access points must be running firmware version 0.8.x or newer. You may be able to configure WPA3 in the dashboard but the settings will not take effect until the required firmware is installed.

You may want to use WPA3 to improve the security posture of your Wi-Fi network.

Please note, your devices must support WPA3 to connect to the SSID, unless you are using a WPA3 transition mode.

How to configure WPA3-Personal

Navigate to Site > WLANs > Your SSID > Security

Click on More Options and select WPA-3/PSK with passphrase.

To configure transition mode you would select WPA-3/PSK (+WPA-2).

WPA3 WLAN configuration

How to configure WPA3 Enterprise

Navigate to Site > WLANs > Your SSID > Security

Click on More Options and select WPA-3/EAP (802.1X). You must then add at least one RADIUS server.

WPA3 Enterprise WLAN configuration

Validation

Using WiFi Explorer Pro 3, I perform a network scan of my test SSID, Test-Net. The security type detected is WPA3 (SAE).

WiFi Explorer Pro network scan

If we look at the RSN Information Element we can see additional details where Management Frame Protection (MFP) which is also known as PMF is required.

RSN Information Element details

Aruba IAP-514 for APoS

By Leave a Comment

My trusty Aruba IAP-514 has been sitting collecting dust for a while since I’ve let my Aruba Central license expire. But I’ve renewed interest in my Aruba IAP because apparently I can run it in standalone mode.

There’s an upcoming project where I need to use my IAP for an AP-on-a-Stick survey so I thought I should give it a shot and convert my IAP-514 to standalone to get more familiar with ArubaOS.

Course For You

At Clear To Send, we have a course, A Practical Guide to Site Surveys, which we go in-depth on doing an APoS survey along with the tools you need to perform them.

Aruba IAP + Ventev Venvolt

Reset Aruba AP

Since this was previously set up to Aruba Central, I needed to reset it and start fresh. The easiest way to do that is to hold the Reset button for 15 seconds while booting up the IAP.

When doing this step, your IAP will need network access. It won’t properly boot up without DHCP. You can check out this Aruba document for more information.

Wait for the IAP to fully boot up. The system LED will stay green while the radio LED will blink occasionally to show that the radio is up and running.

Join SetMeUp-XX:XX:XX SSID which is used for setting up the IAP. Or browse to the IP address of the AP if you know the IP.

A log in screen will be presented to you.

On firmware version 8.6+ the credentials the username will be “admin”. The password will be the serial number of the AP.

After logging in, select the correct Country Code and click OK.

You will be placed on the dashboard and you’re ready to configure your IAP!

Configure Standalone Mode

On the left navigation, click on Maintenance and about to see which version you’re running. On my IAP-514 I’m running 8.6.0.4.

Go to Maintenance > Convert and from the Convert one or more Access Points to select “Standalone AP”.

For the Access Point to convert dropdown, select the AP you’re logged into. Hopefully, no other APs have joined this virtual controller. If there are, ensure you’re converting the correct AP.

Then click on Convert.

Aruba will ask you to confirm you’re converting the correct AP. Click OK.

The AP will then reboot. When ready, log back in.

Creating a Network

Create a Network under Configuration > Networks.

Click on the + sign.

Give the network a Name, Type, and Primary usage. For Primary usage I am selecting Employee. Click Next.

Under the VLAN section, select Virtual Controller managed for Client IP assignment. For Client VLAN assignment, select Custom.

Next to Select Scope, click on the Add button.

Scroll down under Local DHCP Scopes. Click Add button.

This DHCP scope will be used for when devices associate to the SSID you’re creating on this AP. Fill out the details and use a desired network and scope.

Click OK.

Select scope newly created from the dropdown. Click Next.

Under Security, select your security type. Maybe you just need an open SSID for APoS purposes. Then click Next.

Under the Access section, set the Access Rules to Unrestricted unless you need to do something differently here. But for APoS we need to keep it simple. Now you’re done with the configuration of an SSID. You’ll see your SSID listed under Networks.

Access Point Configuration

Click on Access Points and select your AP. Click on the pencil icon to edit.

Expand Radio and configure the radios such as the channel and transmit power.

Expand External Antenna and configure the proper antenna gain, depending on the antenna you choose to use.

Click Save.

Navigate to Configuration > System and expand General. Change the system name. Click Save.

Go back to Configuration > Access Points > Edit your AP > Expand General and modify the AP name and give it a static IP so you can connect to it during your APoS, if needed.

Reboot AP to take effect.

Wait for AP to boot and start your APoS and join to it for your survey.