Podcast

CTS 177: Wi-Fi 6 with Fred Niehaus

This episode was recorded at the Podcast Domain for Cisco Live 2019 in San Diego. In attendance is Rowell Dionicio, François Vergès, Gurpreet Singh, and Fred Niehaus.

Fred has been with Cisco since 2000. Since 1993 Fred has been doing wireless. Gurpreet works for a VAR in Canada with all aspects of warehouses.

Cisco Live Photos by Rowell Dionicio. https://rowelldionicio.com/clusphotos

Wi-Fi 5 was all about very high throughput but had nothing to do with latency. Cellular buys frequencies for millions and millions of dollars and uses the spectrum efficiently.

Two main features of Wi-Fi 6 are:

  • OFDMA, borrowed from cellular, cuts latency down
  • BSS Coloring which allows for channel reuse

Fred says we’re ahead of 5G. What’s in 5G is available in Wi-Fi today

At the top of Fred’s Wi-Fi 6 list are OFDMA and BSS coloring. TWT for scheduling will be very beneficial to IoT devices.

OFDM vs OFDMA

  • Channel that’s 20 MHz size
  • If data is one little chunk it wastes the subcarriers
  • OFDMA takes multiple transmitters/receivers on each subcarrier for efficiency

The new Wi-Fi 6 access points from Cisco are:

  • C9117
  • C9115
  • C9120  

One thing to note, with the C9117 as an example, is that chipsets that were early to market did not support OFDMA in the uplink. Cisco went to Marvell and Cisco has asked for a custom chipset.

But to meet meet customers’ needs you can build your own chipset or look to another manufacturer.

Why would Cisco change the name to Catalyst? That’s because it is the best product line. Access points are redesigned to be smaller. 

Comparing Wi-Fi 6 to previous generation

  • 9115 and 9117 those are like 1850 and 1830 series. Early to market and standards-based.
  • 9120 is more like the 2800 series. Has the RF ASIC, a custom ASIC that is software defined. 

The RF ASIC can specifically create a signature for DFS signals. Potentially eliminated false positives with DFS hits. The benefit of the RF ASIC allows the other radios to service clients while using this 3rd radio. Unlike previous ASICs, the 9120 has the capability to transmit but it’s not configured to at the moment.

When do you think we will see the actual benefits of Wi-Fi 6? Let us know in the comments below.

CTS 176: Cisco Wireless Certifications, Revamped

Things are evolving again at Cisco. This time with the certifications. Cisco is further driving the Intent-based networking model into certifications. There’s the need to drive multi-domain policy, introduce APIs and programmability. It could change the way we do things every day. Infrastructure engineers are becoming software developers? Maybe not completely but there are those who may want to do both.

New Cisco & DevNet Certs with Mandy Whaley

Organizations want more speed, more agility, and more simplicity but what happens underneath that simplification is not that simple. Chuck Robbins, during his keynote, mentioned the certifications have not evolved in 26 years. And that’s when he introduces the Cisco Certified DevNet certifications. Bringing software skills to networking and networking skills to software.

Cisco wants you to build applications and capabilities. Which will bring value on top of the platforms Cisco is building.

The DevNet Associate certification covers 80% software skills and 20% networking skills. The CCNA covers 80% networking skills and 20% software skills. The two are complimentary if you were to pursue NetDevOps.

Cisco then took those CCNA specializations and turned them into technology concentrations.

CCNP certifications are now available in enterprise, service provider, data center, security, and collaboration, which you need to pass the core exam and a concentration exam.

DevNet Professional is earned by passing core exam and DevNet Specialist

What does that mean for wireless?

  • The CCNA Wireless won’t be available anymore
  • There will be a Cisco Concentration certification in Wireless
  • Concentration exams exist under the Enterprise Track
    • 300-425 ENWLSD Enterprise Wireless Design
      • Focuses on site surveys
      • Collecting requirements and constraints
      • Predictive and post-deployment surveys
      • Determining infrastructure requirements such as 
        • PoE
        • RRM
        • RF Profiles
        • RxSOP
      • Designing per requirements
      • High density
      • Mesh
      • Mobility
      • High availability
    • 300-430 ENWLSI Enterprise Wireless Implementation 
      • Focuses on actual configuration
      • FlexConnect
      • QoS
      • Multicast
      • Location Services
        • MSE
        • CMX
      • Security
        • ISE
        • Portals (not security really)
        • 802.1X
        • AAA
      • Monitoring
        • DNAC
        • PI
      • Device Hardening
  • CCNP Enterprise contains two wireless concentration exams
    • 300-425 ENWLSD Designing Cisco Enterprise Wireless Networks
    • 300-430 ENWLSI Implementing Cisco Enterprise Wireless Networks
  • At the CCNP level, the R&S and Wireless track have merged. So it will be the same core exam covering both tracks and it will be called CCNP Enterprise. It will test you on:
    • Dual Stack (IPv4 IPv6) architecture
    • Virtualization
    • Infrastructure
    • Network assurance
    • Security
    • Automation
  • CCIE Wireless becomes CCIE Enterprise Wireless
    • There is no more CCIE written, the CCNP ENCOR exam qualifies you to sit the CCIE Enterprise Wireless Lab
    • The policy to sit the lab 18 months after the written exam is gone. Now you have 3 years after you passed your ENCOR to sit in the lab.
    • The CCIE Enterprise Wireless Exam will cover (link):
      • Radio Frequency and Standards
      • Enterprise Wired Campus
      • Enterprise Wireless Network
      • Wireless Security and Identity Management
      • Wireless business applications and services
      • Automation, Analytics and Assurance

New exams go live on February 24, 2020. Training for these new certifications will start this year (probably more towards the end of the year.)

All certifications will now be valid for 3 years. And the Continuous learning program can now be used at all levels, including CCNA and CCNP.

  • 30 credits are required to recertify a CCNA
  • 80 credits are required to recertify a CCNP
  • 120 credits are required to recertify a CCIE

Credits can be earned by:

  • Attending Cisco training
  • Taking Cisco exams
  • Attending Cisco Live
  • Authoring content

What are the migration steps?

  • New CCNA replaces current CCNA certs 
    • Cloud
    • Collaboration
    • Cyber Ops
    • Data Center
    • CCDA
    • Industrial
    • R&S
    • Security
    • SP
    • Wireless
  • If you complete any current CCNA/CCDA before Feb 24, 2020 you will receive new CCNA and a training badge in the corresponding technology area
  • CCNP Wireless
    • If you pass any of the CCNP Wireless exams prior to Feb 24, 2020 then you will become a Cisco Certified Specialist
    • CCNP WIDESIGN and/or WIDEPLOY give you Cisco Certified Specialist – Enterprise Wireless Design
    • CCNP WITSHOOT and/or WISECURE give you Cisco Certified Specialist – Enterprise Wireless Implementation
    • If you have all four, you will get the new CCNP Enterprise certification and the specialist certifications, Cisco Certified Specialist – Enterprise Wireless Design and Cisco Certified Specialist – Enterprise Wireless Implementation
    • If you have partial CCNP Wireless (2 or 3 out of the 4) you will need to take 300-401 ENCOR (enterprise core) to get the new CCNP certification
    • You don’t need to be CCNA certified to become a CCNP. You can jump in directly at the CCNP level
    • Passing the core exam will qualify you to sit the CCIE Wireless lab.
  • What if you have a CCNA and a specialization? 
    • New CCNA is consolidated. 
    • You keep your CCNA
    • If you have a specialization you will receive a training badge for that technology area, for example, CCNA Wireless.

Cisco Networking Academy will expand to train students for DevNet Associate and Professional level certifications.

Links and Resources

CTS 175: Wi-Fi Security Updates with Hendrik Lüth

In this episode, we are interviewing Hendrik Lüth on the state of Wi-Fi security today. Hendrik works as a System Engineer for CANCOM in Germany. You can follow him on Twitter @DO9XE and on Linkedin. You can also visit and read his blog at https://linux-nerds.de/.

Agenda

  • Start conversation with the “2018” status of WiFi security
    • WPA2 is widely supported
    • WPA2-Enterprise too complicated for home/guest solutions
    • Headless IoT devices only support PSK, because of hardware limitations
  • MPSK/PPSK/DynPSK
    • Short Recap on 4-way handshake
      • We just need to mention that there is Nonce and a MIC, that’s all 🙂
    • Explanation of how it works and why it’s different with every vendor
    • PPSK from aerohive
      • Use Nonce, MIC and MAC and a list of known keys to find a matching key
      • More information needed, hard to find technical details
    • DynPSK from rukkus
      • One key per MAC, auto detection possible
      • Autodetection probably like aerohive
      • Internal database of the Zone-director
    • MPSK (Multiple PSK) from Aruba
      • Based on a mac-authentication
      • Requires ClearPass Policy Manager
    • Identity PSK from Cisco
  • WPA3
    • WPA3-SAE
      • Dragonfly handshake
    • WPA3-Enterprise 192-bit Mode
      • CNSA Suite B
      • Stronger crypto
  • Enhance Open
    • RFC8110
    • Transition mode
  • Plan from Aruba to bring MPSK with WPA3-SAE into the IEEE Standard
  • Dragonblood Attack by Mathy Vanhoef

Resources

CTS 174: Takeaways From Cisco Live

Welcome to this episode where we do a quick recap of how Cisco Live went this year in San Diego. This is one of the few rare moments when both hosts are in the same city.

Cisco Live Recap with Rasika and Stephen

Check out this short video we recorded with Rasika and Stephen getting their thoughts at the end of the conference.

Wi-Fi 6

The Cisco Live conference was not using the new Catalyst 9100 series access points. Stability is a big thing for a huge conference. But they were seen over at the Whisper Suites. It’s just too soon to be using the C9100’s for a large conference.

Cisco Live Wi-Fi

We do have some interesting stats near the end of the conference. There were over 28,000 attendees. The Cisco Champions were able to join a NOC Talk with the folks running the network. Just to note, during the NOC talk there were only five Wi-Fi 6 clients on the network.

Cisco Live Photos by Rowell Dionicio. https://rowelldionicio.com/clusphotos

Some Cisco Live Wi-Fi details

  • 6 WiFi guys
  • 91% of clients were 802.11ac
  • Running Aironet in convention
  • Hyatt running Meraki
  • Took over Hilton’s Meraki network
  • OpenRoaming debuts – 3000+ devices on Monday before keynote
  • DNA Assurance deployed. Sensors deployed all over.
  • Cisco 8540s servicing convention center
  • Running 8.5.140.0 code

DevNet Certifications

Announced during the opening keynote were the certification changes across the board along with new DevNet certifications announced. We’ll address the new certifications in a future episode but you can check out the details on Cisco’s developer site.

Cisco + Intel + Samsung + Boingo

Cisco Champions were fortunate to take part in conversations between Cisco, Intel, Samsung, and Boingo. We received insight into the partnership between each company and how they are all working together to bring a better user experience to devices and infrastructure as it pertains to Wi-Fi. It was a short conversation but a good one nonetheless.

Cisco Live Photos

Check out Rowell’s photos from Cisco Live.

CTS 173: WiFi Medley 001

This week’s episode is the eve of Cisco Live. Rowell & François will be headed to San Diego for a week of learning, recording, and networking with other likeminded individuals.

In this episode, we talk about various topics of Wi-Fi.

You can take a look at an example of sessions we’re looking forward to at Cisco Live.

François’ #CLUS Schedule

Captive Portals are a necessary evil. Most are still done in a way that prevents users from getting connected. Whether that’s requesting every single kind of personal information or maybe it’s a simple splash page with terms and conditions. Either way, there’s now a page which describes how different devices behave with captive portals. It was created by the Wireless Broadband Alliance and it’s a good read if you’d like to understand how a device’s behavior is to be expected with Captive Portals.

Captive Portals

Wi-Fi 6 testing continues over at CTS headquarters. Rowell now has a Samsung S10 and an Intel AX200NGW in a Lenovo laptop. You can upgrade your laptop for a reasonable price. Rowell purchased his for $30 and it shipped from China. We’re learning whether what we’ve read from the draft is being implemented by the Wi-Fi vendors.

When it comes to capturing these frames, you have to remember to capture with another Wi-Fi 6 capable device. You’ll need to demodulate Wi-Fi 6 frames. Rowell used a Cisco C9115AX access point in sniffer mode to see what can be gathered. There’s a little caveat with these access points which we will look into further before putting something out public.

We will have more information after #CLUS.

The Wi-Fi Alliance expands with the Wi-Fi Certified Home Design which is aimed toward home builders. In a highly connected world, why not have Wi-Fi built with a new home? Builders can get educated in Wi-Fi design and have homes certified for Wi-Fi. What are your thoughts on that? Let us know in the comments.