{{ :network_stuff:wifi_channels.xlsx |}} {{ :network_stuff:wlc_cli_commands.xlsx |}} * BSSID ( Basic Service Set Identifier ): MAC physical address of the AP or wireless router that is used to connect to the WiFi * STA (Station): Is the end station. The wifi client. ** WIFI TROUBLESHOOTING ** * Optimizations [[https://meraki.cisco.com/blog/2011/07/12-ways-to-optimize-your-event-wi-fi-deployment/]] * Radio settings: [[https://documentation.meraki.com/MR/Radio_Settings]] - Maximum power - wifi > radio settings - Channel width: 20/40MHz - More width means more noise (i'm listening to wider channel) but better throughput - Less width means more stable but 54mb max - 2.4GHz 5GHz - wifi > conf > access ctrl - Enabling Band Steering: Configure > Access control > Wireless options - Exclude DFS channels (see explanation below) [[https://documentation.meraki.com/MR/Radio_Settings/Dynamic_Frequency_Selection_(DFS)|External Link]] - DFS 'events' are radar interference events (from weather radar frequencies) - Check the following tools while the event happens or starting likely sources of interference like microwave ovens: [[https://documentation.meraki.com/MR/Monitoring_and_Reporting/Using_the_Channel_Utilization_Live_Tool|Channel_Utilization_Live_Tool]] - 4g: usually 4,6,11,14 (22MHz width) [[http://example.com|4g-chann]] -- 5G: ch 36-64 - [[https://documentation.meraki.com/MR/Monitoring_and_Reporting/RF_Spectrum_Page_Overview|RF_Spectrum_Page_Overview]] WIFI TYPES:\\ * **2GHz** * non-overlapping channels: 3 * 802.11b 11Mbps obsolete (1999) * 802.11g 54Mbps 30m (2003) * 802.11n 300Mbps 50m (2009) * MCS: Modulation and Coding Scheme. The higher the better but sometimes a lower one is good as allows for fading . See this [[https://www.digitalairwireless.com/articles/blog/demystifying-modulation-and-coding-scheme-mcs-index-values|External Link]] * 2G is MCS * 5G ia VHT-MCS GI: Guard Interval . intended to avoid signal loss from multipath effect. Short GI (~400ns) * **5GHz** * 802.11ac 1.3Gbps (2013) * * non-overlapping channels: 32 * **2.4/5/6GHz** * Wifi-6E (freed spectrum in 6GHz) * * non-overlapping channels: 64 * Wifi-6: 802.11ax - this is **both 2.4 and 5 GHz** . 1024 quadrature amplitude modulation (QAM). eight spatial stream access points (APs) * **spatial reuse** [[https://e.huawei.com/uk/products/enterprise-networking/wlan/wifi-6/details/core-technologies|External Link]] * RSSI is just signal strengh respect 1mW (diff from SNR). See [[https://www.speedguide.net/faq/how-to-read-rssisignal-and-snrnoise-ratings-440|link]] * Multiplexing type: * 802.11g : orthogonal frequency-division multiplexing (OFDM) * 802.11n : orthogonal frequency-division multiplexing (OFDM) * 802.11ac: Space-division multiple access (SDMA) + Channel bonding * Downlink MU-MIMO * 802.11ax: orthogonal frequency-division multiple access (OFDMA) - which is equivalent to cellular technology applied into Wi-Fi * Down+uplink MU-MIMO ^ MCS Type ^ 802.11 Mode ^ Description ^ | **Legacy** | 802.11a/b/g | No MCS index. Uses fixed data rates (e.g., 6, 9, 12, 18, 24, 36, 48, 54 Mbps). | | **HT-MCS** | 802.11n (HT) | High Throughput (HT). Supports MCS 0 to 31 (depending on spatial streams). | | **VHT-MCS** | 802.11ac (VHT) | Very High Throughput (VHT). Supports MCS 0 to 9 (per spatial stream). | | **HE-MCS** | 802.11ax (HE) | High Efficiency (HE). Supports MCS 0 to 11 (per spatial stream). | ^ Parameter ^ Description ^ | **MCS Type** | HT-MCS (802.11n), VHT-MCS (802.11ac), HE-MCS (802.11ax). | | **Channel Width** | 20 MHz, 40 MHz, 80 MHz, 160 MHz. | | **Spatial Streams** | Number of spatial streams (NSS): 1 to 8 (depending on the standard). | | **Guard Interval** | Short GI (400 ns) or Long GI (800 ns). | __dB and dBm__\\ * dB is multiplied by 10. For example, 30 is 3 exponent (ie: over 1000) * dBm is not really magnitud-less. Ie is over 1 mW \\ __PROBE AND BEACON FRAMES__ \\ * Both used for discovery. Probe and Beacon go network > client * Probe: network to possible clients. [[https://blog.spacehuhn.com/probe-requestExternal Link]] * But the clients can also send a ''probe request'' * Beacon is used by the AP so the STAs get power and time synced DFS EVENTS: * The AP's radar interference avoidance mechanism is a requirement in your country and the channel changes are due to the legal requirement for AP to back off of these channels. DFS events are typically triggered by aircrafts or ports emitting satellite or radar signals.\\ * You can see the number of occurrences by searching 'DFS events' in the dashboard event logs under Network-wide Event log. When these events occur all clients connected on a DFS channel will be disassociated from the AP, the AP will then search for a non DFS channel to operate on. The change of channel will cause some disruption to the client experience until the client associates again on the proper channel. * To turn DFS off. To disable DFS from the dashboard go to Wireless > Radio settings and choose 'Exclude DFS channels' from the Auto Channel dropdown menu. * Unordered List Itemsee the following for further information about DFS events: [[https://www.cisco.com/c/en/us/support/docs/wireless-mobility/80211/213882-radar-detection-in-dynamic-frequency-sel.html|External Link]] WMM (WIFI Multimedia, wireless QoS) [[https://kb.netgear.com/221/WMM-WiFi-Multimedia|LINK]] - 802.1P. Works by tweaking the Interframe Space (IFS) and Random Backoff Timer Event-Driven RRM. EDRRM allows an access point in distress to bypass normal RRM intervals and immediately change channels. ---- CLIENT WIFI ANALYSIS iwlist wlp2s0 scan Then to infer the mode we are : [[https://unix.stackexchange.com/questions/62265/linux-find-wifi-networks-protocola-b-g-n-version-of-all-available-access-point|Link1]] \\ * If we see VHT we are in 802.11ac but sometimes we are in 802.11ac but cli doesn't show it * MCS: * By itself : 802.11bng * HT or VHT : 802.11nac Is a transmitter parameter. Evaluates the quality of the RF environment. The **higher the most sophisticated modulation we can use**. [[https://wlanprofessionals.com/mcs-table-and-how-to-use-it/|Link]] * NSS: 802.11ac - [[https://www.digitalairwireless.com/articles/blog/wi-fi-spatial-streaming-explained|Number_Spatial_Streams]] ---- **REST-API:** Use postman.\\ To ADD a static route: curl -L -H 'X-Cisco-Meraki-API-Key: ' -H 'Content-Type: application/json' -X POST --data-binary '{"name":"test-route2","subnet":"99.99.98.0/24","gatewayIp":"10.5.0.99", "enabled": false}' 'https://dashboard.meraki.com/api/v0/networks/L_644577696667403593/staticRoutes' To DELETE a static route: curl -L -H 'X-Cisco-Meraki-API-Key: ' -X DELETE -H 'Content-Type: application/json' 'https://dashboard.meraki.com/api/v0/network/L_644577696667403593/staticRoutes/51a49428-b4f3-46d2-9b8b-3d5e719fbd59' ---- **SNMP**\\ For one network Network-wide > General > SNMP For the whole organization: Organization > Settings > SNMP ---- BLUETOOTH:\\ * Search Results Featured snippet from the web Bluetooth utilizes **frequency-hopping** spread spectrum technology to avoid interference problems. The ISM 2.4 GHz band is **2400 to 2483.5 MHz**, and Bluetooth uses 79 radio frequency channels in this band, starting at 2402 MHz and continuing every 1 MHz **__MAIN CISCO WIFI LINE__** AIREOS * 5520/3504/WLC - OOL * Clean Air technology (RRM driven events) * APs are configured with ''groups''. Difficult granularity * Aironet IOS-XE WLC * C9800 WLC * Much better customization by means of: profiles and tags to configure: a) site; b) RF ; c) policy profiles {{:network_stuff:wlc-ios-xe.png?400|}} ---- **__MERAKI SECTION__** \\ CONFIGURE WIFI (quick and dirty): - Claim AP device in inventory with its SN ('claim' link) - Wireless > Configure > SSIDs . Set new SSID - Wireless > Configure > Access Control . For the SSID. CLIENT VPN TROUBLESHOOTING: * Network-wide -> clients page, you can put in the search box "is:client-vpn" or "is:client_vpn" **TROUBLESHOOTING** - Packet capture: note that we can capture in **all the devices** not just in the security appliance. In the packet capture page there's a transparent dropdown menu right to the** 'Packet capture' heading** - To search for power cycles, check its consequences, for instance, an AP reboot will be seen in the port it is connected to flapping. - To schedule upgrades, check this [[https://documentation.meraki.com/zGeneral_Administration/Firmware_Upgrades/Managing_Firmware_Upgrades|Link]]. - **HA** a MX cluster might look GREEN and right but be careful, if, for whatever reason, vrrp is not working fine both of them will show as ACTIVE in the console and the vpn tunnel will flap no stop. Recommended albeit not documented is not to connect them back to back but via a lan firewall. TOPOLOGY INFO: Switch > Monitor-Switches > (Select a switch) > Topology To see where the LAN interfaces are connection to (besides Topology option): Network > Monitor > packet capture # not really what is connected to, just what is being learnt Connect to the local console: Sec. appl > Addressing & VLANs > MX IP LICENSING ADDING DEVICE - Claim the device with the serial number (or with the order number in the shipping email) - licence email has subject "Your Meraki order has shipped -" sender: ship-notification@meraki.com - Add the license. Note that license doesn't need to be bound to the device **PROCEDURE TO BUILD A RACK OF MS SWITCHES** \\ MX NAT warm-spare deployment VRRP heartbeats are sent across the LAN interfaces=on each VLAN every second. If no VRRP keepalives are heard by the secondary MX=on any VLAN after three seconds, the dead timer will expire triggering a failover event. https://www.willette.works/mx-warm-spare/ PROCEDURE TO BUILD A RACK OF MS SWITCHES - Shut down all the switches - Connect 1 uplink from the MX to a dumb switch and each of the other 5 ports in the dumb switch to each of the MS meraki switches. - Wait for the MS to cope up fully online (connected to meraki cloud white light) - Shut down all the MS - Configure the stack in the dashboard. - Connect the stack cable (typical daisy chain) - Do not remove the dumb switch based uplinks and Power on the all MS switches (keep the dumb switch with the uplink to the MX and the 5 patches to each of the MS) - Once the MS download the configuration from Meraki cloud, all switches except one (master) will block their uplink ports. - At this point, we can remove the dump switch and leave connected as an uplink the port that was not blocked (MS to MX) PROCEDURE TO REPLACE SWITCH MEMBER - Connect dumb switch between internet and stack. Check everything online. - Power off new member - Claim new-member in GUI - Add new-member Network. Not to the stack yet. - Power on and connect new-switch to another port of the dumb swicth, so it has internet access. - Wait until new-switch is detected, updated and upgraded. Final state will be solid white light. - Power off new-switch - Clone configuration from old switch to new switch - Switch > switch stacks > select stack > clone and replace m. - Power off old-switch, new switch still off. - If you have static dhcp assigment, change it now. - Once done, we swap stack switch cables from old to new if one of the switches not coming up in ther stack:\\ - disconnect the stack cables. - power it off - remove it from the stack logically - connect it to internet (separatelly) PROCEDURE TO REPLACE STANDALONE SWITCH - Claim switch - Add it to the network - Select new swicth - Choose clone and select as source the old switch - Select everything. - Replace physically the switch LOG ANALYSIS * To detect MX failover: 'You will need to look for "VRRP transition" messages for the MX failing over to the spare. As you only have 1 WAN uplink you should not see the Primary uplink status change.' MERAKI MX UPLINK OPTIONS: * [[https://www.willette.works/mx-warm-spare/]] LINKS OF INTEREST - [[https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/Access_point_range_and_signal_strength_maximization]] - [[https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/802.11k_and_802.11r_Overview]] - [[https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/Multi-SSID_Deployment_Considerations]] - [[https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/Approximating_Maximum_Clients_per_Access_Point]] - [[https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/Signal-to-Noise_Ratio_(SNR)_and_Wireless_Signal_Strength]] - [[https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/Channel_Planning_Best_Practices]] - [[https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/Common_Sources_of_Wireless_Interference]] - [[https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/Understanding_Wireless_Performance_and_Coverage]] - [[https://documentation.meraki.com/MR/WiFi_Basics_and_Best_Practices/Conducting_Site_Surveys_with_MR_Access_Points]] == Authentication == * WPA2-Personal (PSK): Can be WPA-AES (secure) or others * WPA2-Enterprise (ENT): Can be WPA-AES (secure) or others * WPA-3-Personal: wpa-3 SAE Simultaneous Authentication of Equals * WPA-3-enterprise wpa-3 SAE Simultaneous Authentication of Equals uses a Remote Authentication Dial-In User Service (RADIUS) server to authenticate devices, while WPA Personal uses a single password for all devices.