It Depends!

This is the landing page for all the wireless related posts on my blog. Majority of the content is towards my study for wireless related certifications like CWNP. The name ‘It Depends!’ is given as  it is the majority of the answers or responses to the wireless queries

CWDP Exam!, A pinch of common sense and a lot of experience!


CWDP is one of the professional level exams along with CWAP and CWSP to qualify towards CWNP qualification. It focusses on Wi-Fi Planning, Defining Requirements, Designing, WLAN validation (also known as Site Survey) and some troubleshooting.

Personal Experience

I'd like to share my experience with the recently certified CWDP-303 exam. The exam by itself is not difficult when compared to CWAP. If you have been doing wireless design/audit and troubleshooting for a while CWDP should test you on the experience. A lot of questions in the CWDP exam test your knowledge on the wireless design and deployment as a project on the whole. I've been exposed to wireless design and WLAN audit and validation for around 3 years. This has certainly boosted my knowledge and confidence required to clear this exam. The exam is very enjoyable and some questions tend to cheer you as they test common sense that is required in carrying out WLAN audit and design.

Tips for Preparation.

The key is to focus on and prioritise the Exam Objectives as detailed on the CWNP website. If you have been performing site surveys it will make a lot of sense in this exam. Many of the objectives will come easier to you during your preparation. Metrics such as SNR, signal strength, CCI, data rates, etc. "Design the WLAN" covers 45% of the exam syllabus that roughly covers 27 questions out of 60 so you should focus the chunk of preparation in this area along with "Define Specifications for the WLAN" which covers 25%~15 questions. Covering both of these topics should make one in a good position to certify this exam. Some helpful resources for the exam.

Read more link text

CWAP, not for the faint-hearted! #CWAP #CWNP


CWAP is one of the professional exams required to qualify for the title to be CWNP (Certified Wireless Network Professional). This blogpost will particularly focus on the CWAP-403 exam released in late 2018. From my personal experience and many in the wi-fi community have regarded it as the hardest of the professional level certification exams. It is also recommended to take the exam after CWNA one wanting to purse towards CWNP track. CWAP focusses on wireless analysis end to end troubleshooting and one needs to learn the about Wireshark, Pcaps, and the wi-fi spectrum.

How I studied for the CWAP exam?

If you can get to attend Peter Mckenzie's training course for CWAP you should be in a very comfortable position to nail this exam however I was not fortunate enough to be in the right time/place for the training. You can find more resources from his blog post here.

I've purchased the CWAP workbook from wifitraining which is quite useful in understanding the pcaps and the topics covered by the exam.

If you are transitioning to wifi after being a network engineer for a while content of CWAP might seem overwhelming. Some of its contents are quite theoretical and require a lot of concentration and reading. This exam should not be taken easy, I've failed very closely getting to scores like 67 and 68 but ultimately getting 82 when I passed.

  • The best place to start the preparation is to know the objectives for the CWAP-403 exam from the official CWNP website.
  • CWAP exam guide is a great book, although if you are like me learning the concepts from the scratch the older version of the Sybex book is recommended.
  • For Pcaps and analysis, I would suggest using any Macbook (as it has built-in wifi sniffing capabilities) and Wireshark, Airtool are free to use tools for sniffing.
  • For spectrum analyzers and signatures best to use Chanalyzer by Metageek and helpful links are available on their website to follow.
  • Some recommended resources/blog for CWAP
    • CWNP Practice tests for CWAP - Highly recommended.
  • Lastly, I've condensed the topics in my blog posts as well. The CWAP links can be found here.
  • It is recommended to run Wireshark captures from different locations to analyze the packets e.g. from a coffee shop, office locations including roaming, and perhaps from your home wireless too. You can use https://packets.arista to help you analyze the packet captures.

What Next?

I have been preparing for CWDP exam while failing at CWAP and thanks to the COVID19 lockdowns which have given some time to dedicate to the studies. So, will be focussing on completing that exam soon.

Good luck with your studies and feel free to reach out to me.

Twitter: keepcalmandping

Read more link text

Configuring an Aerohive AP on ExtremeCloud IQ

It has been a while I did a blog post, work has been relatively busier post Covid19 lockdown. Some time ago I did a site survey for my home and found insufficient 5GHz coverage. As we are all aiming to have 5 GHz wherever possible why not start with the home.

I had a couple of Cisco 2802 AP but they don't allow to run in standalone AP mode unless you guys know a method please let me know.

I tried to source a Cisco Meraki AP with a license but could not get one. My workplace is undergoing through wireless upgrade project so we now had a lot of spare Aerohive Extreme AP in stock. Those old AP 230 have a permanent license installed so I wanted to give it a try to set up AP at home. The AP setup for Extreme is pretty straightforward. Even though it is first time venturing in the world of Aerohive/Extreme, I found it pretty easy to navigate and follow the options. The Aerohive CLI commands closely match with Cisco.

IMPORTANT NOTE: Before beginning the procedure, you may need to remove the AP230 from its existing hive manager / extreme inventory. Get the license details from the hive manager so that you can transfer it to the new one.

Setup of Aerohive AP 230

Aerohive AP 230

  • Logon to
  • Register your details for the CloudIQ setup -
  • Complete your account setup with password etc..
  • Login with your account details -
  • If you have an AP230 or equivalent, reset it first by pressing on the reset button.
  • Use a console cable and connect it to a POE switch or Injector 802.3at POE to power up the AP.
  • Let the AP complete the bootup process and then wait for the username prompt.
  • The default username/password for Aerohive/Extreme AP is - admin/Aerohive
  • Find the details of CAPWAP client/server from hovering over the top right corner and clicking on the name and then "About Extreme IQ"

  • Go to "Global Settings" > VIQ Management to acquire the vhm-name (virtual hive manager) as this is needed for AP to point to the correct hive manager.

Logon to AP and configure below settings with the commands.

capwap client server name "<enter from abov>"
capwap client server backup name "<enter from above">
capwap client vhm-name e.g VNF-SJDJAA (Enter from above)I

Issue the below command on the AP to find the details "show capwap client"

  • Issue "show int mgt0" to confirm you have received IP via DHCP.

If there is no DHCP server on the network then configure a static IP with below commands. (example only)

no int mgt0 dhcp client
int mgt0 ip
ip route net gateway
dns server-ip
dns server-ip second
ntp server

Transfer the entitlement key from the old hive manager/extreme to the ExtremeCloudIQ . This can be done from the global settings.

  • After this step, check if you can ping from AP to the default gateway and then to Google (
  • If you cannot ping OK, check if the firewall is blocking UDP port 12222
  • You may also try: capwap client transport HTTP
  • If everything is OK, you can see the AP come online on the ExtremeCloudIQ as below

  • You are now expected to create network policies and deploy SSID, radios configuration etc.
  • Each time you make a change you are expected to update the configuration by doing a "configuration delta upgrade".

The AP password will now change syncing to the one from ExtremeCloudIQ. The new password can be found from the Global Settings. Administration > Device Management Settings > Show Password.

Useful Resources:

Extreme Support Portal
Aerohive CLI Support Guides

Read more link text

Analyzing Frame Exchanges - #CWAP #Wireshark

This blog post will focus on certain aspects of Wireshark frames which can be brought to use for analyzing and troubleshooting Wi-Fi issues. I recommend downloading metageek color filters and apply it to your Wireshark for filtering specific frame types with applied colorization.

You can read more about applying the color filters here.

SSID/BSSID information.

  • In Pcaps they can be found from Management - Beacon frames
  • Beacon frames have purple color applied by default. The SSID column can determine the name of the SSID.

  • However, for hidden SSID you will notice the SSID length is zero and set as Wildcard SSID

  • Certain vendors can provide the information regarding device name from "Vendor Specific" tags under Tagged parameters.
  • BSSID is radio MAC address associated with each SSID. It is derived from 'base radio MAC address'

  • Each advertised SSID will have different BSSID even if they are transmitted from the same AP.

Spatial Streams

  • When a device reports 3x3:3 MIMO, it has 3 transmit chains, three receive chains and 3 spatial steams in that order.
  • Supported spatial streams by Client/STA can be found in all the Management Request frames such as Probe Request, Association Request or Reassociation Request.
  • Supported spatial streams by AP can be found in Beacon & Response frames such as Probe Response, Association Response and Reassociation Response.
  • Depending on the PHY, the frames will be shown under MCS set under HT or VHT capabilities information.

Power Save & Traffic Buffer

  • The SM Power Save (Spatial Multiplexing) allows AP to save power. This can be seen in HT/VHT Capabilities Ass/Reass Request frames.
  • Power save modes in HT
    • 0 - Static, 1 - Dynamic, 2 - Reserved & 3 - Disabled
  • In HT frames this information can be found under HT Capabilities Info as outlined below

  • In VHT frames, this information is shown under TxOP PS. The AP needs to support the 802.11 stations to go into TXOP power save mode.
  • Power save modes in VHT. Indicates whether a VHT AP allows non-ap VHT STAs in TXOP power save mode to enter sleep state during TxOP.
    • 0 indicate if the AP does not support TxOP PS mode
    • 1 indicate if AP support TxOP PS mode.

  • Client STA use "Listen Interval" field to inform AP to go into power save mode. An AP uses the listen interval in determining the lifespan of frames that will be buffered for the STA.
  • In the below Association Request frame, the listen interval is 0x0014 ~ 20 beacon intervals as the wake up time for the client.

Supported Data Rates

  • A standard WLAN best practice to improve performance is to disable lower data rates on the AP. This helps in increase overall capacity by eliminating overhead caused from management frames sent out at lowest configured basic data rate.
  • In order to determine the data rates supported by client, the best place to look at is Probe Request frames. (subtype 0x4)
  • Probe Response frames can show the supported data rates by the AP.

Read more link text

HT/VHT - #CWAP - Exam specific revision

CWAP-403 covers this topic under the 802.11 Frame Exchanges section. I've found this topic a bit hard to grasp. I have attempted to read the CWAP-403 study guide but honestly I could not get closer to fully grasp the topic. Much of the explanation in that book is direct copy/paste from standards documents. There is not much of attempt made to break it down and help us understand the topic better. I've attempted to find certain whitepapers to get deeper understanding. Hope you find it useful.

1.0 Analyse HT/VHT-specific transmission methods
1.0.1 MIMO
1.0.2 Transmit Beamforming (TxBF)
1.0.3 MU-MIMO
1.0.4 Frame aggregation (A-MSDU and A-MPDU)


  • Introduced in 802.11n & also used in 802.11ac wave 1.
  • Allows AP to multiply throughput with the use of multiple antenna.
  • AP send traffic to one client at a time and the airtime is shared between the clients.
  • When a device reports 3x3:3 MIMO, it has 3 transmit chains, three receive chains and 3 spatial steams in that order.
  • TxBF - Allows MIMO Tx (transmitter) using multiple antenna to focus the transmission on best Rx (receiver)
  • STBC - Space-Time Block Code - Technique to improve the reliability of the data transfer by transmitting redundant copies of the data stream from different antennas.
  • Spatial Multiplexing - Sending multiple independent streams of unique data using spatial diversity

Transmit Beam Forming (TxBF)

  • Use of multiple antenna to transmit a signal strategically with varying phases thereby increasing the overall throughput towards the receiver
  • The increased power improves SNR and data rates to those receiver devices.

  • TxBF is most effective for medium range transmissions. At short range, there is enough power to support max data rates. Beamforming helps overcome the problem by extending the range and so improving the data rates.
  • Beamforming uses multiple antenna arrays to change the transmission pattern of the AP on the fly, per frame basis.
  • Device transmitting the frames is called beamformer, the one receiving it is called beamformee. Both AP/Client STA can be the beamformer/beamformee depending on the points of conversation.

TxBF Explained

  • AP communicating with a client laptop.
  • AP begins exchanging frames to measure the channel.
  • Channel measurement is used to derive the "steering matrix" which determines how to direct the transmission to the receiver.
  • Once this process is completed, AP is now the beamformer and begins transmission.
  • After the transmission is completed, laptop acknowledges the frames which makes it beamformer and AP the beamformee.

Null Data Packet (NDP Sounding) Beamforming

  • Before 802.11n, all beamforming techniques were proprietary resulting in lower usage.
  • In 802.11ac, IEEE mandated NDP Sounding as the beamforming to be used for explicit feedback.
  • Lot of factors come into play for steering the beams, hence channel calibration procedures (sounding) must be determined
  • 802.11ac use multi-carrier OFDM, the analysis allow weak paths to be avoided and strong paths to be taken advantage of.

  • STEP 1: Transmitter (Typically AP), sends NDP announcement frame with the AP and the target recipients.
  • STEP 2: The transmitter sends NDP to the target recipients.
  • STEP 3: Each target receiver uses the preamble in NDP to measure the RF channel properties and returns the measurements as a compressed beamforming steering matrix to the transmitter.
  • STEP 4: The transmitter uses the data from all the recipients
  • STEP 5: The beamformee analyses the training fields in the NDP and calculates the feedback matrix.
  • STEP 6: The beamformer receives the feedback matrix and calculate steering matrix to direct transmissions toward the beamformee in a CBF (compressed beamforming frame)

  • The NDP generally does not show up in pcap because it only has PLCP preamble and does not have a mac header. Packets of this nature are not decodable by sniffer tools.


  • Access Points which are capable of simultaneously transmitting data to multiple groups of devices.
  • 802.11ac standard specifies that up to 4 different groups can be formed by the AP during a single transmission.
  • An elaborate version SU-MIMO channel sounding process is used to achieve the beamforming for MU-MIMO transmissions.
  • The key distinction, The MU-MIMO beamformer requires a response from all beamformees in order to conclude channel sounding.
  • Each client sends response packets along with channel state information in form of feedback matrix as discussed before.
  • The beamformer uses the feedback matrix to form a steering matrix for the beamformees.

Machine generated alternative text:
Single-User MIMO 
one client at a time 
Access Point 
Multi-User MIMO 
Service multiple clients at the 
Access pent 
same time 
Stream 2

CBF (Compressed Beamforming Feedback)

  • 802.11 action frame which contains channel matrix that specifies the channel state information for each client. The CBF is the largest contributor to the overhead caused by MU-MIMO transmission and its size is determined by 3 factors.
  • Channel Width, Number of radio chain pairs & Bit count of each CSI unit.

Spatial Multiplexing

  • Spatial Division Multiplexing (SDM) was first introduced with 802.11n, became Spatial Division Multiple Access (SDMA) with 802.11ac (MU-MIMO).
  • In Spatial Multiplexing same information is placed across two or more available antenna in an AP/client STA.
  • There is no channel sounding procedure that takes place in order to determine optimal phase of spatial streams.

Frame Aggregation (A-MSDU and A-MPDU)

  • Was introduced for improvements in QoS transmissions in 802.11e. Used in HT/VHT transmissions as well. First seen in 802.11n transmissions.
  • Increases/improves throughput by sending multiple MSDU in a single transmission.
  • The reduction of fixed mac layer overhead improves throughput along with
  • odds of collision and overhead caused by the random backoff timer during medium contention is also minimized.


  • The upper layer information for the MAC layer in 802.11 is called MSDU.
  • A-MSDU is a method by which AP receives multiple 802.3 frames for transmission to a wireless client STA as efficiently as possible.
  • This is done by removing 802.3 headers and trailers and then encapsulates the multiple MSDU payload into a single 802.11 frame for transmissions to the client STA.
  • If encryption is enabled all MSDU are encrypted together in single payload.
  • The A-MSDU serves as one packet as its passed down from higher layers to the MAC sub layer. The CRC is calculated for each A-MSDU as if it were a regular data frame. So, if an A-MSDU transmission fails, the entire A-MSDU must be retransmitted reducing its effort.
  • An A-MSDU contain only MSDUs where DA/SA parameter values map to the same RA/TA values. Also, it can contain MSDUs which are potentially from different source as long as they are of same traffic identifier (TID).


  • A-MPDU has similar goal to that of A-MSDU.
  • The data payload of each MPDU is encrypted separately.
  • MPDU aggregation has more overhead than A-MSDU. As each MPDU has individual MAC header and trailer.
  • If retransmission is required only individual MPDU is retransmitted.
  • The inclusion of A-MSDUs as a part of A-MPDU is more efficient over just using A-MPDU. The inclusion results in lower CRC errors.

Read more link text

Leave a Reply

Your email address will not be published. Required fields are marked *