Measuring RF attenuation with a travel router

This year I followed an Ekahau Certified Survey Engineer (ECSE) training presented by Ferney Muñoz. I can only say that this training is a must for people who want to do a site survey with Ekahau Site Survey (ESS). One of the topics discussed there was the measurement of attenuation of obstacles (walls, areas, etc.). Although this is well explained during the training, both Devin Akin ( and Nigel Bowden ( / wi-fi-planning-walls-and-dbs-measuring-obstruction-losses-for-wlan-predictive-modeling /) have written very good blogs which you should read if you want to carry out a predictive site surveys with ESS.

Both in the course and in the aforementioned blogs there is a Buffalo AirStation AC433 Wireless Travel Router mentioned as the WLAN RF source. Of course you can also choose the access point that is actually used or will be used, but I am particularly looking for a compact and therefore easily portable solution. The disadvantage of the Buffalo AirStation AC433 is that it is not sold and is not suitable for Europe. When searching for an alternative, I came across a TP-Link AC750 Wi-Fi Travel Router ( This router is generally available for about 40 euros.

TP-Link AC750
TP-Link AC750 Wi-Fi Travel Router

However, this is only the first part of an easily movable solution; I also need a stand to place the AP on and a battery that can supply the AP with electricity for a day. Luckily I was already in possession of a number of powerbanks which I had received as a promotional gift and they were good for this putpose. I was most impressed by Xtorm Power Bank of 6000mAh but also a brandless power bank of 4000mAh was fine.

Xtorm 6000 mAh Power Bank

For the standard I have opted for a cheap tripod (11 euros), please note that this is at least 100 cm high.


Falcon Eyes Aluminum Tripod

From this I had the head removed and a hollow table leg with a shelf mounted on it. And ready: a compact portable solution for doing RF attenuation measurements.

This is a first version and probably there is still some things to improve such as Velcro fastening to facilitate moving and perhaps a second tripod for doing the measurement also I consider to somehow use the original head of the tripod.

To do the measurements as said, I follow the advice on both course and blogs. It should be noted that the measurements made with an Aircheck G2 and a MacBook Pro with WiFi Explorer Pro gave me better, more reliable, more stable results than the measurements with a mobile phone.

Finally, I would like to see that, since you already have the best measuring equipment with ESS and Sidekick, there is a facility within ESS that makes it possible to do this kind of measurements. For example: draw a line or area with AP on one side of the line / surface and measure on the other side of line or area after you have first done an FSPL measurement or measure on both sides of line / area. You can also immediately indicate on the map where you took the measurements.

IEEE 802.11 PHY Standards Cheat Sheet

Every once in a while there is again a new IEEE 802.11 standard I’ve never heard of. This time there were 3 when reading a Network World article, 802.11ay, 802.11az and 802.11ba:

  • IEEE 802.11ay: Successor of 802.11ad with higher transmisson rates and extended transmission distance.
  • IEEE 802.11az: Called Next Generation Positioning (NGP), looks at ways to improve the location and positioning of users.
  • IEEE 802.11ba: Known as “Wake-Up Radio” (WUR), aimed at extending the battery life of devices and sensors within an Internet of Things network.

Together with the now publicly available IEEE Std 802.11™-2016 this was a reason to take another look at the 802.11 standards and created a short IEEE 802.11 PHY Standards cheat sheet:

802.11 Cheat Sheet
IEEE 802.11 PHY Standards Cheat Sheet

To have it al in one place I listed also the inevitable 802.11 alphabet soup:

IEEE Std 802.11™: The original standard was published in 1997, revised in 1999 with MIB changes, and reaffirmed in 2003.

IEEE Std 802.11™-2007: A revision was published in 2007, which incorporated into the 1999 edition the following amendments:
— IEEE Std 802.11a™-1999: High-speed Physical Layer in the 5 GHz Band
— IEEE Std 802.11b™-1999: Higher-Speed Physical Layer Extension in the 2.4 GHz Band
— IEEE Std 802.11b-1999/Corrigendum 1-2001: Higher-speed Physical Layer (PHY) extension in the 2.4 GHz band
— IEEE Std 802.11d™-2001: Specification for operation in additional regulatory domains
— IEEE Std 802.11g™-2003: Further Higher Data Rate Extension in the 2.4 GHz Band
— IEEE Std 802.11h™-2003: Spectrum and Transmit Power Management Extensions in the 5 GHz band in Europe
— IEEE Std 802.11i™-2004: Medium Access Control (MAC) Security Enhancements
— IEEE Std 802.11j™-2004: 4.9 GHz–5 GHz Operation in Japan
— IEEE Std 802.11e™-2005: Medium Access Control (MAC) Quality of Service Enhancements

IEEE Std 802.11™-2012: This revision was published in 2012, which incorporated into the 2007 revision the following amendments:
— IEEE Std 802.11k™-2008: Radio Resource Measurement of Wireless LANs
— IEEE Std 802.11r™-2008: Fast Basic Service Set (BSS) Transition
— IEEE Std 802.11y™-2008: 3650–3700 MHz Operation in USA
— IEEE Std 802.11w™-2009: Protected Management Frames
— IEEE Std 802.11n™-2009: Enhancements for Higher Throughput
— IEEE Std 802.11p™-2010: Wireless Access in Vehicular Environments
— IEEE Std 802.11z™-2010: Extensions to Direct-Link Setup (DLS)
— IEEE Std 802.11v™-2011: Wireless Network Management
— IEEE Std 802.11u™-2011: Interworking with External Networks
— IEEE Std 802.11s™-2011: Mesh Networking

IEEE Std 802.11™-2016: This revision is based on IEEE Std 802.11-2012, into which the following amendments have been incorporated:
— IEEE Std 802.11ae™-2012: Prioritization of Management Frames
— IEEE Std 802.11aa™-2012: MAC Enhancements for Robust Audio Video Streaming
— IEEE Std 802.11ad™-2012: Enhancements for Very High Throughput in the 60 GHz Band
— IEEE Std 802.11ac™-2013: Enhancements for Very High Throughput for Operation in Bands below 6 GHz
— IEEE Std 802.11af™-2013: Television White Spaces (TVWS) Operation

IEEE Std 802.11™-2016
CWNA® Certified Wireless Network Administrator Official Study Guide Fourth Edition

Ruckus AP CLI commands I commonly use

To start: this contribution is rather a note-to-self than a blog. It’s a quick reminder for myself to have the Ruckus AP cli commands I mostly use at hand.
Be happy to use it for your own good.

remote ap-cli <AP-MAC-Address> “AP CLI command”
-Use remote ap-cli command to execute AP CLI commands remotely from SCG

AP CLI commands:
get scg
-Use get scg to display SCG Settings.

set scg ip “IP Address”
-Use set scg ip to set the IP Address of the control interface.

get director
-Use get director to show ZoneDirector information.

set director ip “IP Address”
-Use set director to set ZoneDirector options. Reboot is required for changes to take effect.

-Use the ping command to attempt to ping another station.

-Use the traceroute command to conduct a traceroute test.

get version
-Use get version to display the software version running on the AP.

get uptime
-Use get uptime to display how long the Ruckus Wireless device has been running.

-Use sysinfo to get CPU and memory utilization information.

get ap-mode
-Use get ap-mode to display AP operation mode (standalone or managed mode).

get boarddata
-Use get boarddata to display hardware version and system board information.

-Use support to generate support log information.

support show
-Use support sho to show support log information.

fw show all
-Use fw show all to display firmware

get tunnelmgr
-Use get tunnelmgr command to display tunnelmgr settings.

get wlanlist
-Use get wlanlist to display a list of all WLAN interfaces. If the AP is a dual radio
AP, the RadioID column indicates which radio (2.4GHz or 5GHz) is serving the WLAN.

get wlaninfo
-Use get wlaninfo to list all configured wlan interfaces and security settings

get channel <wlan name>
-Use get channel to display the transmit channel on the device.

get state <wlan name>
-Use get state to display the state of a WLAN interface.

set state <wlan name> {up|down}
-Use set state to configure the state of a WLAN interface.

get station <wlan name> list
-Use get station to get station list, information and statistics.

get mqstats <wlan name> all
-Use get mqstats to display Media Queue Statistics

get rpki-cert {issuer|subject|validity}
-Use get rpki-cert to display AP certificate information

-Use reboot to restart the AP.

set factory
-Use set factory to return all configuration settings to their factory defaults.

To do a remote packet with for example Wireshark you can use the following commands:
set capture wlan100 stream
– This sets up packet capture on 2.4GHz radio
get capture wlan100 state
– This displays status of 2.4GHz radio capture
set capture wlan100 idle
– To stop the capture on 2.4GHz radio

set capture wlan101 stream
– This sets up packet capture on 5GHz radio
get capture wlan101 state
– This displays status of 5GHz radio capture
set capture wlan101 idle
– To stop the capture on 5GHz radio

At the moment there is no current CLI reference guide but rumours are circulating that because of new AP CLI commands in the latest SmartZone software people are working hard to have a new up-to-date reference guide available in the near future.

– Ruckus Wireless™ ZoneFlex™ Access Point Command Line Interface Reference Guide(Please note that there is no recent version of this guide)
– Interactive Help from AP cli
– Ruckus Support Site

Is there a favourite command you use and is missing in this list: Please let me know!

Use Wi-Fi and 802.1X!

This is not an advise how to secure your wireless network but rather a call to use the correct terminology, although using Wi-Fi with 802.1X in an enterprise is good practice.

The term Wi-Fi, commercially used at least as early as August 1999 was coined by brand-consulting firm Interbrand Corporation. The Wi-Fi Alliance had hired Interbrand to determine a name that was “a little catchier than ‘IEEE 802.11b Direct Sequence'”. Phil Belanger, a founding member of the Wi-Fi Alliance who presided over the selection of the name “Wi-Fi”, stated that Interbrand invented Wi-Fi as a play on words with hi-fi, and also created the Wi-Fi logo. The yin-yang Wi-Fi logo indicates the certification of a product for interoperability. He also stated “Wi-Fi doesn’t stand for anything. It is not an acronym. There is no meaning.”



The only reason that you hear anything about “Wireless Fidelity” is that some of the founders at the Wi-Fi Alliance were afraid and they didn’t understand branding or marketing. They could not imagine using the name “Wi-Fi” without having some sort of literal explanation. So there was a compromise and there was a tag line “The Standard for Wireless Fidelity” included along with the name. This was a mistake and only served to confuse people and dilute the brand. Please note that the Wi-Fi Alliance doesn’t invent standards; the IEEE is responsible for the 802.11 standards. For the first year or so( circa 2000) , this would appear in all Wi-Fi Alliance’s communications. Later, when Wi-Fi was becoming more successful and they got some experienced marketing and business people from larger companies on the board, the alliance dropped the tag-line. But unfortunately the damage was already done and there are still tons of references to the tag-line.

The name is often written as WiFi, Wifi or wifi, but these are not approved by the Wi-Fi Alliance. Wi-Fi is the correct spelling.
Having this said people seem to like to spell it without the dash, as evidenced by the Google Trends search volume which currently indicates about 20x more searches without the dash than with the dash:

This jumps to the conclusion that although Wi-Fi is the correct spelling it’s not generally used and we have to accept this. However, for all people professionally involved with wireless networks it is advisable to use Wi-Fi in all (formal) circumstances.
PS How it is pronounced should also be obvious: Wi-Fi should be pronounced as“Why-Fi” but I hear “Wiffy” a lot ; certainly in The Netherlands.

So what’s up with 802.1X? People(manufacturers, colleagues, customers and even networking professionals) spell it wrong a lot of times. Let me first explain something about the Institute of Electrical and Electronics Engineers (IEEE) and how the standards are numbered and named. The IEEE is best known for its networking standards: the IEEE 802 project. IEEE projects are subdivided into working groups to develop standards. So we have the 802.11 working group who is responsible for creating the WLAN standard. Within a particular working group, a number of task groups may be formed. For example, the “n” task group (as in 802.11n) deals with HT (High Throughput).

In the IEEE nomenclature, lowercase letters(802.11n and 802.11ac) are reserved for add-on specifications or amendments that revise an existing standard(eventually rolled into a base document). Uppercase letters or no letters are used for standalone base documents or protocol specifications.
The IEEE 802.1 Working Group is chartered to concern itself with and develop standards and recommended practices in the following areas: 802 LAN/MAN architecture, internetworking among 802 LANs, MANs and other wide area networks, 802 Security, 802 overall network management, and protocol layers above the MAC & LLC layers.
The 802.1X standard: For the purpose of providing compatible authentication, authorization, and cryptographic key agreement mechanisms to support secure communication between devices connected by 802 LANs, this standard: a) Specifies a general method for provision of port-based network access control. b) Specifies protocols that establish secure associations for IEEE Std 802.1AE MAC Security c) Facilitates the use of industry standard authentication and authorization protocols.

Don’t write 802.1x it is wrong! And please do not use 802.11x it is non-existent within the IEEE standards and sometimes used as a shorthand for the most common flavors of Wi-Fi: 802.11a, 802.11b, 802.11g, 802.11n and 802.11ac.
802.1X is the working group that created the 802.1X standard. If you referring to this standard spell it right: with a capital X.


What’s your MAC address?

If for any reason a client can not connect to a wireless network or has any other problem with that wireless network you need more information from the concerning client to investigate and resolve these problems.

For example, you’ll want to know where the client is located and to what SSID they try to connect. To investigate the issue on the access point (AP), wireless controller and/or management software you almost need always the MAC address of that client. The term MAC address and how to find it, is (still) not for each user self-evident. Here is a brief guide:

A media access control (MAC address), also called hardware address or physical address, is a unique identification number assigned to a network interface card (NIC) and is stored in the hardware. If this number is assigned by the manufacturer, the MAC address is sometimes referred to as burned-in address (BIA).

physical address

By default, the MAC address of 48 bits are in a designated human-readable form of six groups of two hexadecimal digits, for example 01: 23: 45: 67: 89: ab or 01-23-45-67-89-ab. These addresses are formed according to the rules of the Institute of Electrical and Electronics Engineers (IEEE). According to IEEE 802 standard specific numbering (MAC48) there are 281.474.976.710.656 (248)  possible MAC addresses. Basically, each device must have a unique MAC address and no two may be the same in a network. This is achieved by assigning a different range of addresses to each manufacturer of network equipment. Manufacturers may use each address only once. From the first 24 bits (3 bytes) of a MAC address, the Organizational Unique Identifier (OUI), the manufacturer of the equipment can be derived.

It may be helpful to trace back a MAC address to a manufacturer. This can be done, among others, at:

MAC addresses are used as network address for most IEEE 802 network technologies, such as Ethernet and Wi-Fi. In the OSI model the MAC address is part of the data link layer (more specifically: the Media Access Control protocol sub-layer). It ensures that devices on a network can communicate with each other.

With BYOD, there is now a variety of devices that connect to a Wi-Fi network. In order to find out the MAC address for each device, there are usually a number of ways, a few examples below:

Android Phone or Tablet:
On the Home screen, tap the Menu button and go to Settings.
Tap About Phone or Device.
Tap Status(on some phones Hardware information).
Scroll down to see your Wi-Fi MAC address.

Apple iPhone or iPad:
From the home screen, tap Settings.
Tap General.
Tap About.
Scroll down to see the iPhone’s MAC address, referred to as the Wi-Fi Address in iOS settings.

Apple MacBook:
Go to System Preferences .
Select  Network.
Select  Wi-Fi.
Press  Advanced button.
Select  Hardware tab and you will sse the  MAC address.
Alternatively you can find the information also in the System infromation.

BlackBerry Device Software 4.5 to 5.0:
From the home screen, click Options > Status.
The WLAN MAC field displays the MAC address for the smartphone.

BlackBerry 6 to 7.1:
From the home screen, select Setup > Options > Device > Device and Status Information.
The WLAN MAC field displays the MAC address for the smartphone.

BlackBerry 10 OS:
From the home screen select Settings > Network Connections > Wi-Fi > Advanced.
In the Diagnostic Information drop-down, select  Device Information.
The Physical Address field displays the MAC address for the smartphone.

Open a browser window. In the address bar, type chrome://system, and press Enter.
Look for ifconfig, and then click the Expand… button next to it.
Look for the wlan0 section, the MAC address will be listed as the Ethernet HWaddr.

In a terminal session type ifconfig.
This will show you a list of the network adapters installed.
The MAC address is referred to as the HWaddr.

To find out about your wireless adapter type iwconfig.
Note that the ifconfig command for linux is deemed obsolete and should be replaced by the ip command, the “ip addr” command should be used in this case.

Windows Phone:
From the Windows Phone home screen,  scroll down and tap Settings.
Scroll down and tap About.
In the About screen, tap more info.
You will now see the MAC address of your Windows Phone.

On a Windows notebook there are a numerous ways to get the MAC address of your wireless adapter.

One way to find it is through the Control Panel:
Open the Network and Sharing Center section within Control Panel.
In the “View your active networks” section of the screen, click the link corresponding to the Wi-Fi connection. Alternatively, click the “Change adapter settings” menu link and then right-click the icon corresponding to the Wi-Fi connection.
In either case, a pop-up window appears displaying basic Status for that connection.
Click the “Details…” button. The Physical Address is the MAC address we are looking for.

Another way is to open a command prompt(via the Windows Run menu option) and type:
ipconfig /all
The Physical Address of the Wireless LAN adapter represents the MAC address.

Also available from the command prompt are the netsh wlan commands. You’d be surprised of all the possibilities of this command. At least check out:
– netsh wlan show interfaces
– netsh wlan show all

Now whenever someone asks you “What’s your MAC address?” Hope you can answer. In case you are asking the question: Hope you can direct the client to the right place to give the answer.


Floor plans are important for a Wi-Fi Site Survey

The execution of a site survey without a floor plan or map is not possible and it is therefore important that you have a plan of the coverage area in an electronic format. The quality of the drawing is essential since it will be imported into the site survey software. The integrity of the scale and proportions are critical. If a drawing is stretched vertically but not horizontally, you have no representative drawing anymore. Give these drawings therefore special attention before starting the survey and let them judge by the person who will carry out the survey.

Floor plan

It is important that the floor plans are up-to-date, with a white background, sufficiently detailed and it is also desirable that a scale bar is indicated on the floor plan. You can carry out measurements at location, but why if it is only a mouse click away for an architect?

Scale bar

It is possible that floor plans are not available in electronic format or that they are of poor quality. The responsibility for providing a good drawing is that of the customer and the delivery must take place before the site survey. Hand-drawn sketches are in general not accurate. This seems at first sight a fairly simple requirement to carry out a survey but it looks there must be a fight every time with the customer or client to receive such information. I probably won’t be the first one who got only after much insistence a photocopy of the required plans and once on the site there is a installer, who happens to work there , was in the possession of high-quality CAD drawing. Convince the customer of the importance of a good map.

The maps are also used to document in-scope and out-of-scope areas. Even if these areas are defined in advance, you must convince yourself that these areas can be identified and validated during the walkthrough. It regularly happens that in-scope and out-of-scope areas are modified during the walkthrough. Therefore, make sure that a paper copy of the floor plans are available at the time of the walkthrough to note any changes.

Where in the past one could get away with a copy of evacuation plan or taking a picture of the evacuation plan at the spot, nowadays accurate plans in the final installation of the WLAN becoming increasingly important. They are more and more used for monitoring purposes or for the implementation of a Real Time Location System (RTLS).