Critical reflection on the topic of Energy Harvest for wireless Communication systems

 In following paragraphs, I will provide my critical reflection on the topic of ‘Energy Harvest’ after reading the following white papers.

Shaikh, Faisal Karim, and Sherali Zeadally. “Energy harvesting in wireless sensor networks: A comprehensive review.” Renewable and Sustainable Energy Reviews 55 (2016): 1041-1054.

Ulukus, Sennur, et al. “Energy harvesting wireless communications: A review of recent advances.” IEEE Journal on Selected Areas in Communications 33.3 (2015): 360-381

Both authors have addressed the different techniques of energy harvesting, hardware design requirements as well the efficiency and advances in technology required to be able to make this a viable option for wireless sensor networks (WSN).

While the concept of energy harvesting is an excellent idea and a possible solution to many of the issue that plague remote wireless sensors networks, both authors admit it is still in its infancy, due to technology constraints and manufacturing cost.

The issue I see still being a problem in the future is the dependency on a battery backup in the event that its main energy source is not available as well as the requirement to perform on-going maintenance work on the energy harvesting equipment.

I have experience when it comes to the deployment, installation and maintenance of wireless sensor networks, coming from the mining section, we use WSN to relay information form Programmable Logic Controllers (PLC) that are connected to remote monitoring equipment or machines. While the idea of being able to deploy these in a small form factor devices in a set and forget mind-set dependant on the life span of the equipment is great, what I have found given my experience is that the main issue is actually the energy harvesting device whether it be solar panels or wind turbine that supplies the power as well as tickle charges the battery in the event that the sun or wind is not available, requires more on-going maintenance then the actually battery or WSN.

The ongoing maintenance involves cleaning due to excess dust build and animal excrement on the solar panels, the wind turbines require lubrication and at times both energy harvesting devices required replacement due to the extremes of weather or damage cause by animals or birds.

In some case the actually WSN and external battery out lives the energy harvesting equipment, the main reason for this is because it is shelter from the extremes of weather and animals.

While I hold a common interest in being able to power WSN by means as described in the research papers as well as reduce maintenance requirements where possible, I believe we are some time off before this is a reliable and cost-effective solution for most consumers to purchase and even then, given the certain environments that WSN are could be reduced in, it will still require on-going servicing of the energy harvesting equipment to ensure a long-life span.

Security challenges for Bluetooth and ZigBee WPAN technologies

One would think given the short range, low power and low data rates offered by WPAN technologies such’s as Bluetooth and ZigBee devices that it would not present much of a security concern, yet they are still prone to attacks as they can allow hackers a backdoor into certain networks.

ZigBee has the ability to use symmetric encryption algorithm meaning they use the same key to encrypt and decrypt. Bluetooth devices also have encryption options available however due power saving features, slow on-board CPU’s as well as the extra overhead generated by the encryption process. Encryptions ends up being rarely used, so when devices are joining and establishing connectivity all data is sent in clear text and is readable on the air waves for anyone in close proximity with the right tools to capture and decode.

ZigBee uses two types of symmetric keys for encryption: the network and link key.

When a device requests a link key to setup a secure connection between device in the piconet. A link key which is based on the network key is generated and encrypted with the network key, this must occur before the trust centre (PNC) distributes it to other devices on the piconet. This method allows vulnerability to the lower layers as it only applies to layer 7 (Application layer).

Bluetooth devices use a mechanism called pairing, which is a two-step process that enables the discover and connection of nearby devices. The Pairing process allows hackers with opportunity to discover and transmit unsolicited message to devices in close proximity this type of attack is known as bluejacking.

Another attack known as Bluesnarfing also leverages of the pairing process, enabling hackers access to information contained within personal smart devices, this type off attack can occur without the knowledge of the owner, if the user has enable certain settings on the device.

Bluetooth devices are prone to a very common security threat across all communication technology platforms called Denial-of-service (DoS) this attack renders the device useless as it not able to process all the malicious information that is being sent to it.

Bluetooth devices present many security concerns, not only from their own security vulnerabilities but it also allows hackers to user Bluetooth device for their own gain. Given their small form factor, low cost of manufacture, a hacker could easily plug a USB Bluetooth device into the back of a desktop without a user being aware, and given small form factor, low power and use of FHSS it makes them hard to discover or located, even with a spectrum analyser one would still have to in closer proximity of the device and be able to identity the signal pattern.

Another security concern is jamming of the RF spectrum, given both technology operate in the 2.4GHz band a hacker may not want to steal information but render the devices un-reusable but deploying a wireless jammer, commonly known as an ‘Air horn’.

A hobbyist company called Hak5 makes devices that have the potential to be used for malicious reason if in the wrong hands, in particular it has Bluetooth packet sniffer this could be used to capture and decode frames for malicious reason.

L. Olenewa (2014). Guide to Wireless Communication (Third Edition). Boston: CENGAGE Learning

Cisco Load Balance configuration



Cisco Load Balance configuration

More detail explanations can be found a


Sometime referred to as advanced Load Balancing (Load balancing +). Is an enhancement to Aggressive load balancing, it allows you to configure load balancing per WLAN. Feature is disabled by default


Feature load balances wireless clients across Access point. Clients are only able to be load balanced across access points on the same WLC. Load balancing does not occur between access points on different controllers.


Load balancing only works at the association phase.


when a client tries to associate to a Cisco Lightweight Access point, association response packet is sent to the client with an 802.11 response packet including status code 17. The code 17 indicates that the AP is busy, so the client has to look for another AP to associate with.


The AP responds with association response bearing “success” if the AP threshold is not et, and with code 17(AP busy) I the AP utilization threshold is reached or exceed and another less busy AP heard the client request.


Problem can arise, if AP discarded or sends a status code 17 to client then client have to decide to ignore it or still use the same AP. Some client driver uses the same AP for connection once again but most of the other type of clients tries to find other AP for connection. So it depends on vendor drivers, as you cannot force them to accept the status code 17.


It is recommend not to enable this feature for the voice WLAN as it can cause roaming issues. For other WLANs, it should be enabled only after testing.


      • Client Window size: the client size window and client n least loaded AP determine the load balance threshold value.

Before configuring the load balance intelligence, remember the formula. An AP is considered busy once it has a number of associated clients equal to the client windows size plus the number of clients on the least loaded AP in the area

Load-balancing threshold= client window size + number of clients on the least loaded AP


Example: 3 AP

AP1: 9 clients

AP2: 7 clients

AP3: 4 clients


As per last default settings on last screen shoot client window size is 5

As per formula, load balance threshold is =5+4=9

Means if any new client wants to join AP1 then client will get the status 17(busy) message or in other words this AP(AP1) is considered to be busy.

      • Maximum Denial count: the maximum denial count parameter allows the user to configure the number of times the client associations will be rejected for a particular AP. The maximum denial count can have a value between 0 and 10


Network configuration

Form GUI:

Screen Shot 2017-09-02 at 7.37.41 pm.png

Figure 1. Client Load balancing global configuration windows

Screen Shot 2017-09-02 at 7.37.50 pm.png

Figure 2. Client Load balancing configuration per WLAN

Form cli:

Screen Shot 2017-09-02 at 7.37.58 pm.png

Figure 3 Client Load balancing configuration options

Screen Shot 2017-09-02 at 7.38.06 pm.png

Figure 4. Client Load balancing window


Screen Shot 2017-09-02 at 7.38.12 pm.png

Figure 5. Client Load balancing denial count

Screen Shot 2017-09-02 at 7.38.18 pm.png

Figure 6. enabling Client Load balancing configuration

Screen Shot 2017-09-02 at 7.38.24 pm.png

Figure 7. Disabling WLAN inference

then enable Client Load balancing by # Config plan load-balance allow 1

Screen Shot 2017-09-02 at 7.38.30 pm.png

Figure 8. enable WLAN inference
Screen Shot 2017-09-02 at 7.38.36 pm.png

Figure 9. Displaying Load balancing information


Screen Shot 2017-09-02 at 7.38.43 pm.pngScreen Shot 2017-09-02 at 7.44.54 pm.png

 Figure 10. Displaying WLAN configuration information

Kali Linux, putting WiFi Card into monitor mode

This is guide is about how to put your wireless adapter into monitor mode, using Kali Linux and then use Wireshark to inspect the frames (Wireshark comes standard with Kali)

*Not all wireless cards(chipsets)support monitor mode if unsure do a google search.    For this I will be using a Alfa Networks card:AWUS036NH.

Step1: check that the NIC is attached type

Screen Shot 2017-09-01 at 4.52.57 pm.png


Screen Shot 2017-09-01 at 4.53.05 pm.png

Step2: Place wireless interface in monitor mode Airmon-ng start <interface name>  Screen Shot 2017-09-01 at 4.53.09 pm.png

Step 3: kill an process that are currently running.  Screen Shot 2017-09-01 at 4.53.17 pm.png

then check that processes have been stopped

Screen Shot 2017-09-01 at 4.53.23 pm.png

Step 4: Put interface  in sniffing mode this command will scan over all channels  depending on  wireless device chipset

Screen Shot 2017-09-01 at 4.53.28 pm.png

Can just sniff on a specific channel with the following command

Screen Shot 2017-09-01 at 4.53.39 pm.png

Screen Shot 2017-09-01 at 4.53.33 pm.png

Once sniffing channels load Wireshark, in in root access you will be presented with the below error message press ok and the select the wlan0mon interface to load the 802.11 frames.

Screen Shot 2017-09-01 at 4.53.51 pm.png


Kali Linux VMware tools install

Installation VMware tools allows better performance of the Virtual Machine in this case Kali Linux.

Depending on VMware you are running i.e Workstation,Vsphere client or Fusion  location the VMware tools install location will be different. The below location is for VMware Fusion.

CLICK install VMware tools (has Reistall VMware Tools as it is already installed).

Screen Shot 2017-08-30 at 7.26.53 pm.png


Once Vmtools appears on dektop open folderScreen Shot 2017-08-30 at 7.22.41 pm.png

Drag Vmware tools.tar.gz file to desktop.

Screen Shot 2017-08-30 at 7.23.12 pm.png

Than  disconnect Vmware tools by hit eject bottom left corner of  folder.

Screen Shot 2017-08-30 at 7.23.27 pm.png


  • cd Desktop/
  • ls (to locate VMware specific file)
  • tar -cf vmwareTools-10.1.6-521329.tar.gz
  • ls (to locate VMware specific file)
  • cd vmware-tools-distrib/
  • ls
  • perl -d

Screen Shot 2017-08-30 at 7.23.33 pm.pngScreen Shot 2017-08-30 at 7.23.44 pm.png

once installation is complete reload Kali Linux


  • reboot


Screen Shot 2017-08-30 at 7.23.56 pm.png






Cisco Channel bonding


The following channel width options are recommendations for use in  Enterprise wireless networks.

Frequency Channel width
2.4GHz 20MHz
5GHz 20MHz & 40MHz*


* If 40MHz wide channels are required, the following tests listed below should be performed before moving to or deploying 40MHz wide channels*.

  •  RF spectrum analyse will be required to ensure available spectrum and issue such as co-channel and adjacent channel interference are correctly managed.
  •  If changing channel widths, a passive and active wireless site survey will be required to be perform to ensure coverage or capacity is not affected.
  •  Aggregate data throughput testing will be required for justification of utilising 40MHz wide channels.

Channel width cans be adjusted in the following methods list below.

To configure channel width globally, perform the following steps:

  1. Wireless> 802.11an/n/ac> RRM>DCA
  2. Channel width> selected suitable width 20MHz or 40MHz
  • If selecting 40MHz wide channels ensure that at least two adjacent channels(primary and secondary) are selected form the DCA channel list
  1. Apply settings and save configuration

Screen Shot 2017-08-26 at 8.27.11 am.png

Figure 1 Global channel width configuration

RF profiles can also be applied to groups of APs that share a common coverage zone i.e. floor Depending on you wireless requirement you can customers or use default profile settings.

To change the Channel width

  1. Wireless>RF Profiles
  2. Create or used default profile
  3. RRM> click on channel and click Apply

Screen Shot 2017-08-26 at 8.27.24 am.png

Figure 2 RF profile

RF profile can be applied to an AP group with the required channel width and custom or default profile.

Antenna Types overview

Antenna types fall into 3 main categories

  • Omnidirectional
  • Semi-directional
  • Highly directional


Which will be discussed below.

Omnidirectional Antennas

Omnidirectional antennas radiate RF signal in all directions, a typical omnidirectional antenna is dipole antenna, that has a radiation pattern similar to figure 1.

Screen Shot 2017-08-13 at 12.50.22 pm.png

Figure 1: Omnidirectional Antenna propagation pattern


Omnidirectional antenna  are designed to provide coverage in all directions, the horizontal beamwidth of  360 degrees and the vertical beamwidth can range from 7 to 80 degrees, depending on antenna used.

Omnidirectional antennas are often used in following deployments

  • Point to multipoint: A omnidirectional antenna is connected to a transceiver device that propagates it RF signal similar to  figure 1. to multiple transceivers
  • Wireless mesh deployment: provides a wireless network that allows network ingress locations where wired infrastructure is not available or possible. Wireless meshed networks provide multiple backhaul links, providing redundancy in the even one of the wireless nodes fails
  • Indoor 802.11 wireless networks: wireless 802.11 access points can have internal or external omnidirectional antennas depending on the environment that they are to be used in. for example a corporate office  would use access points with internal antennas for cosmetic reasons where a warehouse would have access points with external high gain antennas mounted at height to provide more coverage


Semi directional Antennas

Semi directional antennas are often used to direct signals in certain direction. i.e. down walk ways or warehouse aisles.  where the signal requires a specific coverage as well they can be used  in short-to-medium distance links i.e. between two buildings.

Semi directional antennas are unlike omnidirectional that propagates in all directions.

Screen Shot 2017-08-13 at 12.50.34 pm.png

Figure 2: Semi directional  Antenna propagation pattern

Common types of semi directional antennas are

  • Yagi
  • Patch
  • Panel
  • Sector

Highly directional antennas

Are to used for point-to-point communications which required a much narrower beamwidth to cover larger distances.

Screen Shot 2017-08-13 at 12.50.43 pm.png

Figure 3. Highly directional Antenna propagation pattern

Two types of highly directional antennas

  • Parabolic dish antenna
  • Grid antenna


J.L. Olenewa (2014). Guide to Wireless Communication (Third Edition). Boston:CENGAGE Learning

D.A Westcoot, D.D Coleman (2014). Certified Wireless Network Administrator (Fourth Edition).Indianapolis: John Wiley & Sons, Inc.

CWNA certification, is it worth it?

If you are reading this you have idea of what the CWNA (certified wireless network administrator) is and what CWNP offer but if not this is straight from the website.

“At CWNP, we offer Enterprise Wi-Fi certifications for entry-level professionals all the way up to seasoned network experts. Each certification level is designed to benchmark your deepening understanding of RF technologies and applications of 802.11 networks. The CWNA certification will teach you the fundamentals  to be a competent Wireless engineer. The topics covered in the certification including RF fundamentals and components, wireless LAN topologies and access, intrusion monitoring, attacks, troubleshooting, and many other essential topics and concept”.

Having been in the communication field for over 11 years having done my trade as a telecommunication technician in the Army, I had not heard of the CWNA certification or for that matter the CWNP  company, until one day I was in conversation with a tech from another company, and we got on to the topic of wireless certifications.

I told him I was studying for the CCNA wireless certification, as I was doing a lot of Cisco wireless in my current role.  He mentioned that I should look into CWNA certification as its vendor neutral and provides a deeper understanding of all things 802.11.

This caught my interest as I wanted to have a good foundation of 802.11 with out all the extra vendor specific information. At lunch time I googled the CWNA and discovery what the CWNP had to offer, I instantly new this was the certification track that I wanted to embark on. So once pay day came around I bought myself a copy of the  CWNA eBook. (funds where short that week) and started reading.

The material in the book was excellent and well written. After a few months of on and off reading ,I start looking into the certification exam and the value it would add to my CV, as a I was trying change job roles within the company I work for.

To get a understanding of the worth of the qualification I starting searching forums and employment sites and came to the conclusion it was not in demand or well known in my country (Australia).

So I decided to focus my studies on completing  the CCNA Wireless exam, as I felt it would add to my CV, as I currently held a CCNP Route & Switch.

After many months of study  I successfully completed the exam, and  eventually move to an new position.  During the first few months in this new role and to this day, I still  continually reference back to the CWNA book for wireless information.  So I decided to knuckle down and study for the exam, not to add wait to my CV  but for myself as the information learnt from studying for this certification will make you a better wireless engineer.

After 6months + of hard study,  I sat the exam  and walked out with a  98% pass mark. I was blown away by my pass mark,  I put it down to the fact that I loved reading the material which made grasping the topic so much more easier.

I  strongly believe that if you are interested in learning wireless (802.11),  the CWNP training and certification track is the path you must go down.











Cisco WLC HA Pair

Cisco High Availability pair configuration

I did this how to blog post to show the steps I took to configure 2x 5508 Wireless LAN Controllers as part of a High availability (HA) pair.

A more detail explanation can be found at

Some techie information about HA .The High availability feature will allow for stateful switchover of the Cisco Lightweight Access Points and client sessions from the active Wireless LAN Controller (WLC) to the standby WLC.

Client SSO enables client information to be synced to the standby controller when client association or settings change. Making no noticeable network outage in the event of the primary controller failing

 Prerequisites for HA configuration:

      • Same software version
      • min of 50 AP license  on both controller or a HA SKU WLC

 Screen Shot 2017-08-04 at 5.34.05 pm.png

 Step 1:click on “CONTROLLER” TAB

Screen Shot 2017-08-04 at 5.34.12 pm.pngStep 2: Click on “Redundancy”  and then click “Global Configuration”

Screen Shot 2017-08-04 at 5.34.17 pm.png

Figure 3:Redundancy  global configuration

Step 3: Enter the IP address for “Redundancy Mgmt” and  “Peer Redundancy Mgmt”

Step 4: Select “Primary” or “Secondary”  for Redundant unit

Step 5: Click “Apply”

Step 6: Click “Enabled”  for SSO (ensure  UTP cable is plugged in to the Redundant port between  both WLC )

Connection between the two WLC’s is made by the redundancy port on both of the WLC, (picture below is off  5520 model, 5508 Redundancy ports are on the front of the controller)

Screen Shot 2017-08-04 at 5.34.24 pm.png


The Redundancy Management Interface is configured in the same subnet as the management interface. Once the Active WLC does not respond to Keepalive messages on the redundant port. The interface will check the health of the Active WLC via the Network infrastructure. This provides an additional health check of the network and Active WLC and confirms if switchover should or should not be executed.

The interface is used for Bulk configuration during boot up and incremental configuration are synced from Active WLC to the Standby WLC using the redundant port. The port will perform HA role negotiation and is also used in order to check peer reachability, sending UDP keep-alive messages every 100msec (default timer) from the Standby WLC to the Active WLC.

Layer 2 Connection can be used between the Redundancy port of the Primary and Standby WLC, as it does not require a direct connection.

Step 7: Click “apply” the WLC’s will reboot and start the negotiation

Screen Shot 2017-08-04 at 5.34.28 pm.png

**If the Standby WLC does not detect the Primary WLC after 120seconds it will boot into “maintenance mode” Reboot Standby controller again.

Once the WLC ‘s are synced the WLC 1  (Primary) will be in an active state.

WLC2 has success become part of HA indicated by ”STANDBY HOT” state


All Management of the WLC’s will be done on the Primary WLC (WLC1) as WLC2 (Standby Hot) management interface will not work, only way to access is via console connection or via SSH on the service port and on the redundant management interface.

Screen Shot 2017-08-04 at 5.34.35 pm.png

Step 8:  To Check the High Availability (SSO)  configuration was successfully, form the Monitor page click “Redundancy” and the click “Summary” if configuration was successful the output will look similar to below.

Screen Shot 2017-08-04 at 5.34.42 pm.png

Step 9: if there is issues with High availability (SSO) configuration it will display the following

Screen Shot 2017-08-04 at 5.34.46 pm.png

Step 10: Plug console into the Standby controller

      • To Display HA information in the CLI enter “ show redundancy summary”.

Screen Shot 2017-08-04 at 5.34.53 pm.png

If the Peer state indicates- Communication Down refer to the below steps.

      • Check Redandant port cable is connected correctly. “As per step 6”
      • If connected correctly test cable or replace with new cable.
      • Check both WLC’s are the same version and have the minimum AP licence required of 50+
      • Check IP address settings

Once fault has been found and if the standby controller does not reboot self after a few minutes  do a manual power cycle and watch the console output  for the  the following.

Screen Shot 2017-08-04 at 5.34.59 pm.png

Once reloaded, repeat the steps to check the HA configuration.

Upon successful completion of the above steps. Perform required network connectivity test i.e ping test by clicking on the Ping tab in the top right hand of the WLC webpage.


 Screen Shot 2017-08-04 at 5.35.05 pm.png


Cisco Wireless LAN Controllers configured as a High availability pair.

Components of a Radio system

A basic construction of a typical radio system consist of filters, mixers amplifiers and antennas.

Filter: removes all unwanted signals from a Radio frequency signal. It either allows the signal to pass through or blocks the signal based on it frequency configuration.

There are 3 types of RF filters

  • Low-pass: a max frequency is set and all signals below that are allowed to pass through
  • Bandpass: has a minimum and a maximum threshold range signals that fall within the threshold are allowed through
  • And high pass: sets a minimum frequency threshold, all signals above the minimum threshold are allowed to pass through.

Filters are also found in transmitters, where they are used to eliminate unwanted frequencies called harmonic oscillations, which result from the process of modulating the signal before transmission.

Mixers: combine two inputs and create one output. The single output of a mixer is in the range of the highest sum and the lowest difference of the two frequencies. The sum and the difference are know as sidebands of the frequency carrier because the fall above and below the centre frequency of the carrier signal.

Mixers are used to convert an input frequency to a specific desired output frequency.

Amplifier: An amplifier is used to increase amplitude of an RF signal. A Amplifier is the last stage in a radio circuit and its function is to boost the power of the signal received from the last filter stage before it is transmitted.

Antennas: for a RF signals to be transmitted and received, the transmitter or receiver must be connected to an antenna.(refer to blog on Antenna types)

J. L. Olenewa (2014). Guide to Wireless Communications, ( Third Edition). Boston:CENGAGE Learning