WiFi Explorer Pro, Troubleshooting, and You


There is a growing number of tools for macOS that allow you to see what wireless networks are around.  I have used several of them and even paid for some of them, but why use something with such limited functionality?  In this post I will be showing off why WiFi Explorer Pro is one of my favorite tools for wireless engineers on macOS and how it supersedes those scanners of yesteryear.

In WiFi Explorer Pro of course you can view a list of networks, RSSI values, and supported data rates.  Then, there are some features you would not typically find in other products at this price including a simple user interface, a breakdown of the information elements, and spectrum analysis.

Continue reading


Cumulus Linux and NetQ


I recently had the pleasure of being introduced to Cumulus Networks at Networking Field Day 17.  Pete Lumbis gave an engaging whiteboarding session followed up with a demonstration of Cumulus Linux and NetQ.  Now, this is my first time seeing a whitebox vendor in action, so to say it piqued my interest is a bit of an understatement.

What I found so interesting about Cumulus Linux is that it is just Linux.  Sure it is coded to run on specific hardware to make lights light-up and buttons work, but at its core it is a Linux distribution moving your packets through the network.  This enables you to utilize any of your favorite tools automation tools you are already comfortable with such as Ansible, Chef, or Puppet.  Freeing you from having to learn yet another tool that only works with a specific vendor, with a limited scope, and costs even more in resources and capital.

Now, say you have a network that is running production traffic and need to see what the status of BGP is.  I traditionally go router by router to find how things look in different parts of the network – an incredible pain and a nightmare to keep track of.  Cumulus decided to make things easier for the admin by introducing NetQ.  NetQ is a telemetry based fabric validation platform that runs on a management server, all of your switches, and your Linux servers.  NetQ is telemetry based and all your information is pushed to the management server, where you are able to query anything about your network you want.

Want to know if Docker is running on a node?

cumulus@server01:~$ netq show docker service
Matching service records are:
Service Name    Manager    Cluster    Mode          Replicas  Running
--------------  ---------  ---------  ----------  ----------  ---------
apache_web      server01   default    Replicated           2  2

Want to know if BGP is running?

cumulus@oob-mgmt-server:~/cldemo-netq/evpn$ netq leaf01 show bgp
Matching bgp records are:
Hostname  Neighbor                VRF      ASN        Peer ASN   PfxRx        Last Changed
--------- -------------------------------- ---------- ---------- ------------ ----------------
leaf01    swp51(spine01)          default  65101      65000      6/5/-        22m:33.568s
leaf01    swp52(spine02)          default  65101      65000      6/5/-        22m:22.568s
leaf01    swp2(server02)          default  65101      65202      2/1/-        21m:53.568s
leaf01    swp1(server01)          default  65101      65201      2/2/-        22m:4.568s
leaf01    swp44(oob-mgmt-server)  default  65101      65301      2/2/-        22m:43.568s

Want to go back in time and see what changed and why something magically broke? Neat bonus feature – you are only limited to what NetQ retains by the hardware you throw at your management server.

cumulus@server01:~$ netq show docker container service apache_web changes between 1s and 10m
Matching container records are:
Container Name       Hostname Container IP  IP Masq  Network Name   Service Name   DBState  Last changed
-------------------- --------- ------------ -------- -------------- -------------- -------- ---------------
apache_web.4.lqxi3jo server03    False    ingress        apache_web     Add      4m:1.125s
apache_web.3.s470yqg server01   False    ingress        apache_web     Add      4m:25.792s
apache_web.3.y241cpk server01    False    ingress        apache_web     Del      8m:50.497s

In conclusion, I hope this has left you curious.  I implore you to follow along with Pete in the video below and at the Cumulus GitHub and by downloading Cumulus VX or using a free cloud demo.  Both, VX and Cloud, options are great for getting your hands dirty and familiarizing yourself with Cumulus Linux and NetQ.  If you are already running Cumulus in your environment or are planning a new deployment, then I recommend you download VX.  With VX you can build your entire network, test, and when you’re ready put those configurations directly into production.

Disclaimer: Gelstalt IT, the organizers of Networking Field Day, provides travel and expenses for me to attend Networking Field Day. I do not receive cash compensation as a delegate. Also, I do not receive compensation for writing about or promoting Networking Field Day.

RF Math

Since I am not a maths expert, and had a difficult time keeping track of the differences between mW and dBm when first started learning about wireless I thought I would toss together a reference blog for those who need it.


Milliwatt (mW) is the amount of power being transmitted by the intentional radiator (most likely an access point).

Decibel-milliwatts (dBm) is the reference value to 1mW.


The full equation for conversions dBm to milliWatt is P(mW) = 1mW ⋅ 10(P(dBm)/ 10), but you don’t need to memorize that to be able to do close-enough conversions.  All you need to remember is the rule of 3 and 10.

  • When you add three dBm multiply the mW by two.  If you subtract three dBm divide the mW by two.
  • When you add ten dBm multiply mW by ten.  If you subtract ten dBm you divide mW by ten.

This chart should help illustrate the rule of 3 and 10.

dBm mW
0 1
3 2
6 4
9 8
10 10
13 20
20 100

It should also be noted that these values are not exact, but do work for your calculations.  If you need a more specific value I recommend you use a calculator like the one available at RapidTables.


When it comes time to install access points, especially those with external antennas, you will need to keep your local laws and regulations surrounding maximum Equivalent Isotropically Radiated Power (EIRP) in mind.  If you’re in the United States check out this excellent chart from the fine folks over at Air802.com that maps out the FCCs rules per band, frequency, and function.

EIRP = Transmit Power (mW) – Loss (db) + Antenna Gain (dBi)

Example 1

You are installing an access point with a transmit power of 20mW connected to an antenna with +7dbi of gain over a cable with -1db of loss.  What is your total EIRP?

To solve this questions and find our EIRP lets list out the information we know.

  • Transmit Power = 20mW
  • Cable Loss = -1db
  • Antenna Gain = 7dbi

Now let’s put that together into the formula above:

EIRP = 20mW – 1db + 7dbi

In order to find the total EIRP we need to convert all the values to the same format, either dB or mW.  I personally find it simpler to convert your transmit power to dBm.  So let’s try and convert 20mW into dBm.

To find the value of 20mW in dBm we can use values we know.  Since we know that 10dBm is equal to 10mW.  Then, we can use the rule of 3, because if we add 3dBm we would multiple 10mW by 2 and end up with 20mW.  Using the chart above we can confirm that 20mW is equal to 13dBm.  Now let’s put our answer back into the formula and get our answer.

EIRP = 13dBm – 1db + 7dBi

EIRP = 19dB

Example 2

What is the dBm equivalent of 80mW?

For this example we can start with what is known again – 10dBm is equal to 10mw. Then ,since we know we need to work our way up to 80mW.

  • 10dBm = 10mW
  • 13dBm = 20mW
  • 16dBm = 40mW
  • 19dBm = 80mW


I know these values are not exact, but they will help you when you need to perform a quick conversion or work through your CWNA or CCNA Wireless exam.  Remember to practice the rule of 3 and 10 until it becomes a skill.  If you have any questions or examples you would like to work through, leave a comment and we can work through it together.

Troubleshooting Meraki Wireless


This document is designed to help get you started troubleshooting when users are having trouble connecting to meraki wireless networks.

Client Logs

The best place to start looking for errors is the client logs. Client logs offer everything from client adapter, mac address, SSID, encryption type, username, RSSI, and more.

In this case I am running Windows 10 using an Intel 7260.  To get to the logs open Windows Event Viewer and navigate to:

  • Event Viewer
    • Applications and Services Logs
      • Microsoft
        • Windows
          • WLAN-AutoConfig
            • Operational

Event Viewer - Guest Failed PSK

  • As you can see in the event summary of this information error you can determine the PSK entered for our Guest network was incorrect.
  • A successful connection will contain 6 log messages for PSK and 7 for 802.1X.
    1. AcmConnection (1) – Connection initiated.
    2. MsmAssociation (1) – Network Associated Started.
    3. MsmAssociation (2) – Network Association Succeeded.
    4. MsmSecurity (1) – Wireless Security Started.
    5. OneXAuthentication (1) – 802.1X Authenticated Started. (WPA2-ENT only)
    6. OneXAuthentication (2) – 802.1X Authentication Succeeded. (WPA2-ENT only)
    7. MsmSecurity (2) – Wireless Security Succeeded.

If you’re working on a client and not seeing what you are expecting, remember the gold rule:  sometimes clients just need to be rebooted.

Meraki Dashboard – Event Log

Once logged into the Meraki dashboard you can view the event log from the AP side of the communication. This may offer additional clues in your troubleshooting process. Note: The Meraki event logs may not offer much information for why a client is having an issue, but is a starting point.

    1. Event logs are accessed from the navigation menu Network-wideMonitor > Event Log.
    2. To filter for a particular client you can enter either the computer name or MAC address into the Client search field.
      • Example: searching for helpdesks-Macbook-Air is the same as searching for 84:38:35:52:0d:0a.
    3. From here you are able to have a broader view of all the events that occur between the AP and the client. In this example our client is connecting to Staff SSID using WPA2-ENT.

Meraki - Event Log
For help deciphering some of the messaging listed I recommend you check out meraki’s Common Wireless Event Log Messages article.

Meraki Dashboard – Packet Capture

To view packet captures navigate to Network-widePacket Capture in the dashboard. From here you will be able to capture up to 1200 seconds or 100,000 packets.

  1. Select the Access Point(s) your client is connecting to.
  2. Select your output type. I prefer to download a PCAP file and open in Wireshark.
  3. (Optional) Enter a filter expression to specific a specific host or IP address.
  4. Start the capture.

Dashboard - Packet Capture

Once the packet capture has been download, open it in Wireshark to view the results.

Wireshark - Packet Capture
Be sure to use these great Coloring Rules from Joel Crane, available here.

Useful display filters include:

Note: Wireshark may display Meraki OUI as MS-NLB-PhysServer-X

RADIUS Connectivity

To Verify the Access Points can authenticate against RADIUS navigate to Wireless >  Access Control and select the appropriate SSID.
About halfway down the page you will find the RADIUS servers section. Ensure the IP address and port configuration is correct. To test authentication, click the Test button.

Dashboard - RADIUS Pre-Test

Enter your Active Directory credentials to begin the test.
Note: These MUST be valid credentials in order for the test to be successful.
Select Begin test.

Dashboard - RADIUS Post-Test

Here you can see we have 62 APs that are all able to reach the RADIUS server and authenticate the entered credentials.


In conclusion, a meraki network is simplified, but there are still some troubleshooting skills you need to know.  Hopefully these few tips will give you enough guidance to get those clients back where they belong – ON THE WIFI!

If you have any other tips or tricks please comment them below to help others in the community.

Cisco Mobility Express

Cisco recently announced a solution capable of bringing controller functionality to access points, bringing new options to your small to medium deployments.  The solution, Cisco Mobility Express, allows you to convert an 1830/1850 access point into a Mobility Express AP.  In this mode you are able to control up to 25 FlexConnect APs and 500 clients in as little as ten minutes.  But, why would Cisco put a controller in an AP?

Let’s face it, wireless is a dynamic space.  We see use cases and requirements ranging from straight-forward to something resembling that of a Willy Wonka contraption.  Cisco now has a fleet of options from Controllers for traditional CAPWAP networks, to IOS-XE for networks with Unified Access in mind, Meraki for customers who prefer cloud management, and now Mobility Express for customers with small to medium deployments who can benefit from nerd-knobs expected in an enterprise deployment.  I personally hope the diversity offered does not lead to more diversity in features leading to confusion or aggravation amongst users; only time will tell.

You may have asked yourself, “How can I set up a Wireless LAN Controller in less than ten minutes?”  Well, that is a good question and has a bit of a complicated answer.  Yes it is possible to configure the 1830/1850 to be a Mobility Express AP and have a network up and running in that short of time, but you will still need to make tweaks – as with any wireless deployment.

When you power up the 1830/1850 it will look for a controller, if none is found it will boot into Mobility Express where a GUI is accessible for configuration.  To configure the controller, connect to the CiscoAirProvision SSID using the key of ‘password‘.  Once connected open a web browser and point to where you will be greeted with a series of prompts.  In the below example I setup a WPA2-Enterprise secure corporate network and an open Guest network with a captive portal.

Screen Shot 2015-12-23 at 9.11.44 PM.png


Once you apply settings the controller reboots and you have an operational wifi network.  When you reconnect to the web-console you will be presented with a dashboard displaying network and client statistics.  From here you can make more tweaks to your network, see performance, and troubleshoot issues that may arise.  While the testing I have done with Mobility Express has been fairly satisfactory, I have run across a few problems that could cause issue for customers. Screen Shot 2016-01-10 at 8.16.45 PM.png

During my testing I did come across two ‘gripes’ if you will.  If the premise of the web-console is to make a deployment simpler, then all features need to be accessible through the web-console.  Many times I found myself having to change settings from the CLI, especially those recommended as a best practice.  Another trifle I came across is the requirement of TFTP when adding a new AP to the network.  The 1830 has a USB slot on back, and it would great if USB storage could be used instead of having to rely on bringing up a TFTP server each time a new AP is added.

All in all Mobility Express is a great solution that could ease the minds of those wifi engineers that have small remote offices, but still require the nerd knobs of a controller solution.  It may require more CLI to fully configure Mobility Express to your exact standards, but once you have one site standardized you can easily copy the configuration to other sites.  I am confident that the dashboard will only continue to evolve, adding more features and enhancements.  According to Tech Wise TV Cisco plans to introduce ME functionality into all of the APs going forward.  I am personally excited to see how this platform looks down the road after a bit more development from feedback in the field.

Disclosure:  I received demo equipment from Cisco after attending Wireless Field Day 8.  Cisco and other vendors are sponsors, making the event possible.  However, I am in no form required to publish appreciable content on the behalf of any sponsor.  My opinions are my own and are in no way influenced by any sponsor from the event.


When you are in a room of people trying to figure out who the idiot is, it’s probably you. This definitely rang true for me during my first visit to the holy grail of techie events, Wireless Field Day 6. Being surrounded by some of the greatest minds in WiFi, I felt as if i was a small fish in a big pond and I was excited for the opportunity to soak up every bit of information I could steal away from them!

I have been watching the field day events online since everything was a Tech Field Day, so needless to say, I was elated when I received an invitation from Mr. Foskett. I got to meet people in the wireless industry whom I look up to, have conversations with vendors, interact with the people of twitter under the WFD6 hashtag, and hear from two amazing organizations that are doing a lot of good around the world, Plan Ciebal and Disaster Tech Labs.

Now that WFD6 is over and everyone has headed home I figured now would be an appropriate time for a recap from my perspective. This will be a short blurb of what I thought about the vendors, with more detailed posts to come in the near future.

AirTight – It was awesome to see a presentation full of passion and energy, but I guess that just follows Devin Akin wherever he goes! AirTight is beginning to focus and deploy tools to the Managed Services Providers, announced an 802.11ac access-point, and revealed that even us WiFi savvy folks are still vulnerable to a good old fashion karma attack.

Aruba – Showed off their new Meridian technology, think indoor GPS, and Analytics Location Engine, a way to connect with customers. The old adage ‘there is no such thing as a free lunch’ is ringing true, and as WiFi is becoming more of an expectation, businesses are looking for ways to connect with customers and gain analytics in return.

Disaster Tech Labs – One of those amazing do-good organizations I mentioned earlier. Their organization focuses on going to disaster ridden areas and providing wireless connectivity to assist with organizing recovery, helping families access the necessary forms, and give a feeling of normalcy to families so they can contact loved ones to let them know they are alright. A great reminder on how easy it is to take all the technology we have for granted.

Plan Ceibal – The other amazing do-good organization I mentioned earlier. This is a program that puts technology in the classroom and in the hands of children in Uruguay. Honestly, an example program that I would love to see pushed throughout the United States and other developed countries to better educate the next generation. Unfortunately, due to politics a project of this sort would be highly contested, and that my friends is a travesty.

CloudPath – Nerdy CEO makes the whole room happy. CloudPath was the only non-directly-wireless company to present at WFD6, but I think they deserved every second they got! An agentless way of configuring end user equipment for secure 802.1X wired and wireless networking has a need and CloudPath, in my opinion, is delivering the best solution compared to current on-boarding solutions being integrated by other vendors.

Xirrus – The most anticipated presentation of the event for me. At Wireless Field Day 5 Xirrus presented, but was bombarded with questions regarding their design of arrays and antenna design. This year Xirrus brought out the most interesting man in RF, Avi Hartenstein, to explain the antennas the HE designed. Xirrus finished off their presentation with a few marketing slides of their real world customers from large events, but around the room and twitter were mumbles of lack of good wifi at some of these events. Whether this is an integrator problem or a device problem is still the question of the day.

Extreme NetworksThe bathroom was extreme. They showed off a lot of slides and information about the stadiums they have designed for and how to design for stadiums, but lacked on the information side of how this all gets done. I agree with Sam that there is a lot of information to cover during a first WFD event as a sponsor, though I would like to see how the guts of everything works. Hopefully at WFD7 they will deliver an inside look at how they perform these functions.

Overall, I had an absolute blast at my first Wireless Field Day and hope to be invited back for more! If you have a chance, check out the recorded sessions on Youtube and comment any topics you would like to see in a future post.
In the meantime check out the other delegates fantastic websites and blogs:
Blake Krone – You’ll notice I stole the title for this post from Blake!
Evert Bopp
George Stefanick
Germán Capdehourat
Jake Snyder
Jennifer Huber
Keith R. Parsons
Lee Badman
Sam Clements
Scott Stapleton

Configuring a 3602 for Wireless Surveying

Cisco has recently released their new flagship access point, the 3602. This access point is nothing short of a beast. It has been completely redesigned with 4 transmit and 4 receive antennas and can sustain three spatial streams. This AP also features the first-to-market expansion slot that will be used for the Security and Spectrum Intelligence (SSI) module scheduled for release in Q1 of 2013. Cisco will then be releasing an 802.11ac capable module in the first half of 2013.

Now that you’ve invested (or are planning on investing) in this new generation of access points, you’re going to be out surveying new deployments with them. The only problem with this AP is it comes with a Lightweight IOS image preloaded. Cisco does offer a feature limited autonomous IOS that can be used for surveying – which is what we will be setting up and configuring today.

This process will require a few things:

  • Cisco 3600 Autonomous IOS (Available from Cisco.com)
  • TFTP Server (Available free from http://tftpd32.jounin.net)
  • Console Cable
  • Switch – Workstation and AP MUST be on the same VLAN

Below I have listed two options for you to choose from for converting your access point to the autonomous IOS required for active surveying. Option A is your easiest and most preferred method, Option B will work if you run into a problem using Option A.

Option A
Step 1: Change your IP Addressing on your TFTP Server to the following:

  • IP Address:

We have to do this because when we set the AP into default mode it will automatically use the address of and will send a broadcast looking for a recovery image.

Step 2: Change the name of your Autonomous IOS to:

  • ap3g2-k9w7-tar.default

Step 3: Boot your AP while holding the MODE button. Do NOT release until you see “image_recovery: Download default IOS tar image tftp://”

At this point you will see the IOS downloading to your AP.

Step 4: Once the download is complete your AP should reboot automatically. If not, then enter the following command to boot into the autonomous IOS.
ap: boot flash:/ap3g2-k9w7-mx.152-2.JA/ap3g2-k9w7-xx.152-2.JA

Now that we have the IOS booted we need to configure the boot statements to make sure we boot into the autonomous IOS at startup.

Password: Cisco (default password)
ap.#config t
ap.(config)#boot system flash:/ap3g2-k9w7-mx.152-2.JA/ap3g2-k9w7-xx.152-2.JA

Now scroll down to the Configuration section and get ready to survey!

Option B
First things first, load up your TFTP server and set it to use the folder where your IOS is stored.

Now that your TFTP server is ready, we can get your access point ready to go.

My network is addressed as a network and this is the addressing we will be using for the remaining commands in this guide.

Step 1: Boot your AP while holding the MODE button. Do NOT release until you see “image_recovery: Download default IOS tar image tftp://”

Step 2: At the ‘ap:’ prompt, configure the following commands:
ap: set IP_ADDR
ap: set NETMASK

Step 3: Prepare the AP for the TFTP transmission.
ap: ether_init
ap: tftp_init

Step 4: Using the tar command begin the TFTP transmission.
ap: tar -xtract tftp://(ServerIP)/Filename Flash:
eg: ap: tar -xtract tftp:// flash:

This portion may take some time, but keep an eye on it to make sure there are no prompts that may time the process out.

Step 5: Boot into the new autonomous IOS.
ap: boot flash:/ap3g2-k9w7-mx.152-2.JA/ap3g2-k9w7-xx.152-2.JA

Now that we have the IOS booted we need to configure the boot statements to make sure we boot into the autonomous IOS at startup.

Password: Cisco
(default password)
ap.#config t
ap.(config)#boot system flash:/ap3g2-k9w7-mx.152-2.JA/ap3g2-k9w7-xx.152-2.JA

SSID Configuration
Finally, we can now begin configuring the AP for surveying.
What I prefer to do is to create an SSID on the 2.4GHz frequency and a separate SSID for the 5GHz frequency. It makes it easier for me while in the field to select the correct band I want to survey. We will step through the process for creating both and some of the options we can use.

Step 1: Let’s create the 5GHz SSID:
ap.#Dot11 SSID Survey-5
ap.(config-ssid)#Authentication Open
– This tells the AP to broadcast this SSID.

Step 2: Now let’s configure the 5GHz Radio, Dot11Radio1.
ap.(config)#interface dot11radio1
ap.(config-if)#ssid Survey-5
ap.(config-if)#channel width 40-above
– Set your channel width to what you will be using in production, either 20MHz or 40MHz.
ap.(config-if)#channel 5180 – Locks the AP into using channel 36. This will come in handy when setting up your channel scanning in your surveying program.
ap.(config-if)#power local 17 – this will configure the radio to use 50mW – Refer to Cisco Radio Transmit Power for a handy conversion chart.
ap.(config-if)#no shutdown

At this point you now have the ability to connect to the access point and can survey on 5GHz. Now let’s continue by configuring the 2.4GHz Radio.

Many of the steps will be the same, with minor differences.

Step 1: Let’s create the 2.4GHz SSID:
ap.#Dot11 SSID Survey-2
ap.(config-ssid)#Authentication Open
– This tells the AP to broadcast this SSID

Step 2: Now let’s configure the 2.4GHz Radio, Dot11Radio0.
ap.(config)#interface dot11radio0
ap.(config-if)#ssid Survey-2
ap.(config-if)#channel width 20
– This is the default and does not need to be entered, I just wanted you to know that 20MHz is the only option for 2.4GHz.
ap.(config-if)#channel 1 – Locks the AP into using channel 1. This will come in handy when setting up your channel scanning in your surveying program.
ap.(config-if)#power local 14 – This will configure the radio to use 25mW – Refer to Cisco Radio Transmit Power for a handy conversion chart.
ap.(config-if)#no shutdown

DHCP Configuration
You can enable your AP to be a DHCP server – allowing for quicker configuration changes in the field.
ap.(config)#interface BVI 1
ap.(config-if)#ip address
ap.(config)#ip dhcp excluded-address
ap.(config)#ip dhcp pool NAME
ap.(dhcp-config)#network /24

You can now telnet into your AP using the default username Cisco and password Cisco.

Well, that’s it! You’re done and ready to go out into the wild blue yonder and survey to your hearts content!
In the next blog we will be using the SSIDs that we just created to perform surveys using Airmagnet Pro.
Please leave any feedback in the comments and feel free to ask questions.

Credit for the steps to TFTP the IOS goto Vinay Sharma