Possible issue of WiFi instability 5 Ghz


ven if your company has kilometers of cables under the floor, colleagues are still looking for a fast and reliable wireless connection. And sometimes they’re not angry. We found a phone that made for WiFi face like Meteoradar. What causes? And how to use the broadcast Meteoradaru to push the evil WiFi AP?

The story of the search Wrecker
February: WiFi is starting to guess
Our network guru Dan began noticing the strange behavior of our WiFi access points (AP) at 5GHz. All AP’s in the building started to Přelaďovat to channels not defined for DFS. AP’s usually do this when they record the Meteoradar in the channel they are operating on (the weather radar, which operates in the same frequencies).
June: Unexpected findings
The problem is still unresolved, but the manufacturer of our AP’s (not very successful) fixes. We follow forums, performing similar problems of other users. Dan has already eliminated the activity of the right meteoradaru and from observing anomalies found that it must be a device of someone in the company.
June: Unintentionally I me into the story
By Záškodníkem is my cell phone! After MAC addresses are verified, everything starts to fit nicely. The problem began to manifest itself, as already written, in February. In February I joined Etnetery. In addition, the correlation with the logs shows that the AP’s that Meteoradar detect are the ones around which I regularly move (i.e. the route: chair – Coffee maker – toilet).

It looks like a regular cell phone, but it can break all the AP’s on the same DFS channel to one attempt. Do you know which is?
June: the phase of distrust
Dan doesn 't believe it’s an intention. Dokazuji that the phone is not rootnutý, it has no extra power and is generally unmodified. We test further and really AP runs from the channel both before Meteoradarem. My enthusiasm is rising and I am beginning to be slightly overactive from the newly discovered power. Less frightened is finding another colleague with the same model of phone, but it behaves correctly. Can it be even better?
It could be better. We test mobile with other Enterprise AP solutions where the phone even causes DoS for 4 – 10 minutes.
As it seems, coincidentally, I got to the phone that feels like being Meteoradarem, as (perhaps) one in a million.
And now technically
DFS, a dynamic frequency selection, is in principle a technology that allows an individual AP to select a more empty broadcast channel at startup, or switch to a looser when the channel is full.
Within the implementation of DFS, the WiFi AP operating at 5GHz (according to ETSI EN 301 893 for EU countries) must change its broadcast channel in case of detection of Meteoradaru operating on the same channel. This measure is here because of the meteoradarů.
The implementation varies according to the manufacturer, but the AP would normally have to stop transmitting and retune when detecting collisions with Meteoradarem. The newly selected channel is then detected Meteoradaru, which can take up to 10 minutes (again depending on implementation). A longer time is needed as the meteoradary spins relatively slowly and monitors different azimuths.
DFS channels vary by state. This in combination with TPC, i.e. the maximum transmitting force, (also due to interference meteoradarů) is why you need to set up a country with WiFi AP. In the case of setting up another country on the AP, or directly attempting to retire DFS, this is a violation of the general provisions for the use of radio frequencies in that state.
In our case, the AP react as valid when detecting Meteoradaru. The problem is that it is not a meteoradar, but only a mobile phone.
We performed a few tests as PoC (Proof of Concept) with the following assumptions:
Setting up a country within the EU
Meteoradaru detection is enabled on the AP (which is, I mean, obvious),
The phone doesn 't need to connect to WiFi, just try.
We conducted the tests on the following models:
Aruba IAP-115-RW,
Mikrotik HAP AC,
Ubiquiti UAP AC PRO.

Our limited tests show that the implementation of dodging before the Meteoradar broadcast is significantly different:
Aruba AP: Away from the channel, but depending on the newly selected channel, it takes 1-10 minutes to detect before transmitting.
Mikrotik AP: Away and the console shows “running AP”. However, clients do not see this AP and cannot connect to the administrator’s intervention.
Ubiquiti AP: Retunes to another channel, the DFS detection takes only about 1 minute. However, the AP restart does not tune to another, which means increasing the channel collision.

