Candela Technologies Logo
Network Testing and Emulation Solutions

Using CT712 RF Noise Generator and RADAR Simulator to test DFS channels

Goal: Generate RF pulses that simulate RADAR and cause an AP using DFS to exercise its detection and response abilities.

DFS (Dynamic Frequency Selection) allows an AP to use channels in the same spectrum that some RADAR systems use and provide a method of changing channels when RADAR signals are detected. In this example, we will use a LANforge CT712 which is our customized script and integrated GUI control for the HackRF-One Software-Defined Radio (SDR) to generate the RF pulses that simulate RADAR signals and cause a third-party AP under test to detect and change channels. It is recommended that this type of testing be done in a RF isolation chamber to limit interference to production WLAN and RADAR systems in use.

 
  1. Verify a client is connected to a third-party AP using a DFS channel.
  2. For more information see
    Wikipedia: 5GHz Channels
    WLAN Pros WiFi Channel Reference

  3. On the RF Generator tab, modify the device that corresponds to the CT712 USB device to set the desired channel and pulse characteristics.
    NOTE: The different RADAR types are defined as described in the document FCC DFS Compliance Procedures. RF pulses defined outside of these parameters can be used for other RF noise and interference tests.
    screenshot
  4. Select a FCC RADAR type preset button or enter specific values to set the desired pulse characteristics, then set the transmit frequency, then select OK. screenshot
  5. Highlight the RF Generator entry and select the Start+ button to start transmitting.
    In some versions, you may have to select Start+ twice in order to start transmitting screenshot
  6. When the CT712 is activated, the Status will show Started and the HackRF-One device's TX LED should show a red light. The AP under test should detect RADAR within 10 seconds, change to an available channel and not be able to use the previous channel again for 30 minutes.
  7. For more information see
    WiFi Alliance: DFS Best Practices

  8. An alternate method of controlling the CT712 HackRF-One device is to use the lf_hackrf_dfs.py script in the /home/lanforge directory:
    1. Open a terminal window on the LANforge system.
    2. cd to /home/lanforge
    3. To show the script usage, type: ./lf_hackrf_dfs.py --help

      usage: lf_hackrf_dfs.py [-h] [--lf_hackrf LF_HACKRF] [--pulse_width PULSE_WIDTH]
      [--pulse_interval PULSE_INTERVAL] [--pulse_count PULSE_COUNT]
      [--one_burst] [--bursts BURSTS] [--rf_type RF_TYPE]
      [--uut_channel UUT_CHANNEL] [--sweep_time SWEEP_TIME] [--freq FREQ]
      [--daemon DAEMON] [--pid_file PID_FILE] [--gain GAIN] [--if_gain IF_GAIN]
      [--bb_gain BB_GAIN] [--log_level LOG_LEVEL] [--mgt_pipe MGT_PIPE]
      [--no_repeat] [--sample_mod SAMPLE_MOD]
      [--host_perf_adjust HOST_PERF_ADJUST] [--tx_sample_rate TX_SAMPLE_RATE]
      dfs testing , FCC0-6, ETSI0-6
      Note: some systems will need to preface command with sudo nice -19


      options:
      -h, --help show this help message and exit
      --lf_hackrf LF_HACKRF
      --lf_hackrf { last 4 bytes of serial num from hackrf_info }
      --pulse_width PULSE_WIDTH
      --pulse_width { usecs } default: 1
      --pulse_interval PULSE_INTERVAL
      --pulse_interval { usecs } default: 1
      --pulse_count PULSE_COUNT
      --pulse_count { number } default: 1
      --one_burst --one_burst store_true default: False
      --bursts BURSTS --bursts provide a number of bursts
      --rf_type RF_TYPE, --radar_type RF_TYPE
      Note: .lower used so upper case or lower case may be entered.

      to see addition information telnet <lanforge ip> 4003 show_rfgen

      --rf_type OFDM,<duration>,<header mod>,<payload mod>

      --rf_type OFDM,<duration>,<header mod>,<payload mod>,<on T1><off T1>,<on T2>,<off T2>,<on T3>,<off T3>
      duration in micro seconds, less the 500 us is invalid , 0 setting is converted to 1e6 us
      Header Mod : BPSK , QPSK
      Payload Mod : BASK , QPSK , 8PSK
      on T1 : on period microseconds
      off T1 : off period microseconds
      on T2 : on period microseconds
      off T2 : off period microseconds
      on T3 : on period microseconds
      off T3 : off period microseconds
      duration seconds , 0 is continuous till stopped

      --rf_type OFDM,3,BPSK,QPSK,50000,1000,0,0,0,0
      ./lf_hackrf_dfs.py --freq 5180000 --gain 14 --if_gain 34 --tx_sample_rate 20 --rf_type OFDM,0,BPSK,QPSK,1000,1000,2000,2000,4000,4000 --log_level info --lf_hackrf 22276763

      For testing the modulated noise:
      you expect STA to stop transmitting (or AP to stop transmitting beacons) as modulated constant-tx power goes
      stronger than -72 (I think, something like that at least.) So to know pass/fail, you need very exact measurement
      of the const-tx modulated power level as received by the DUT wifi device.
      Use splitter to split one cable to DUT, other to RF scope, use RF scope to determine the -72 level.

      --rf_type GENERIC,<pulse width>,<pulse interval>,<number of pulses>,<tx_sample_rate>
      --rf_type GENERIC_PRF,<pulse width>,<pulse interval>,<number of pulses>,<tx_sample_rate>

      W53PULSE

      --rf_type W53PULSE,<pulse width>,<prf>,<number of pulses>,<tx_sample_rate>

      W53
      --rf_type W53CHIRP,<pulse_width>,<blank_time>,<long_pulse>,<chrip_width>,<PRF>,<Number of continous_pairs>,<center freq>,<tx sample rate>
      NOTE: the center frequency gets multiplies by 1000000
      best performance at tx sample rate of 10


      PRF = Pulse Repetition Frequency
      Supports W53 Chirp3,4,5,6,7,8

      --rf_type FCC0,<pulse width>,<pri (pulse interval)>,<number of pulses>,<tx_sample_rate>
      (entering --rf_type FCC0 , will use defaults pulse_width: 1 , pri: 1428, number of pulses: 18 tx sample rate: 1

      Pulse Width use: 1
      Pulse Repetition Interval usec: 1428
      Number of Pulses 18

      W56PULSE

      --rf_type W56PULSE,<pulse width>,<prf>,<number of pulses>,<tx_sample_rate>

      KOREA

      --rf_type KOREA1,<pulse width>,<prf>,<number of pulses>,<tx_sample_rate> : pulse width 1 us, PRF 700, pulses: 18
      --rf_type KOREA2,<pulse width>,<prf>,<number of pulses>,<tx_sample_rate> : pulse width 1 us, PRF 1800, pulses: 10
      --rf_type KOREA3,<pulse width>,<prf>,<number of pulses>,<tx_sample_rate> : pulse width 2 us, PRF 330, pulses: 70

      example:
      ./lf_hackrf_dfs.py --rf_type KOREA1,1,700,18,20 --freq 5320000 --lf_hackrf 22276763 --gain 14 --if_gain 34 --log_level debug

      --rf_type KOREA4,<number_bursts>
      --rf_type KOREA4,20 (normally would be 100)

      Pulse Width (usec): 1
      PRI usec: 333
      PRF 3000 pulses per second
      Pulses per Hop: 3
      Number of bursts: 20
      Minumum number of Trials 30


      CHINA
      --rf_type CHINA0,<pulse_width>,<prf_1>,<tx_sample_rate> : pulse width 1 us, PRF 1000, pulses: 20
      --rf_type CHINA1,<pulse_width>,<prf_1>,<tx_sample_rate> : pulse width 0.5-5 us, PRF 200-1000, pulses: 12
      --rf_type CHINA2,<pulse_width>,<prf_1>,<tx_sample_rate> : pulse width 0.5-15 us, PRF 200-1600, pulses: 16
      --rf_type CHINA3,<pulse_width>,<prf_1>,<tx_sample_rate> : pulse width 0.5-30 us, PRF 2300-4000, pulses: 24

      CHINA4 - The radar test signal 4 is modulated radar test signal. The modulation to be used is a chirp modulated with +/- 2.5 Mhz
      --rf_type CHINA4,<pulse_width>,<prf_1>,<tx_sample_rate>

      --rf_type CHINA5,<pulse_width>,<prf_1>,<prf_2><prf_3>,<tx_sample_rate>,
      where T1 = 1/<prf_1> and T2 = 1/<prf_2> and T3 = 1/<prf_3>
      Pulse width .5 - 2 us
      number of prf is 2/3 pulses per burst 10 for each PRF
      prf_1 rand between (300,400)
      prf_2 rand between (300,400)
      prf_3 rand between (300,400)
      The maximum differnence between two PRFs is 50 Hz and the minimum difference is 20 Hz
      The total number of pulses in a burst is equal to the number of pulses for a single PRF multiplied
      by the number of different PRFs used.

      --rf_type CHINA6,<pulse_width>,<prf_1>,<prf_2>,<prf_3><tx_sample_rate>,
      where T1 = 1/<prf_1> and T2 = 1/<prf_2> and T3 = 1/<prf_3>
      Pulse width .5 - 2 us
      number of prf is 2/3 pulses per burst 10 for each PRF
      prf_1 rand between (400,1200)
      prf_2 rand between (400,1200)
      prf_3 rand between (400,1200)
      The maximum differnence between two PRFs is 400 Hz and the minimum difference is 80 Hz
      The total number of pulses in a burst is equal to the number of pulses for a single PRF multiplied
      by the number of different PRFs used.


      FCC

      --rf_type FCC0,<pulse width>,<pri (pulse interval)>,<number of pulses>,<tx_sample_rate>

      --rf_type FCC1,<pulse width>,<pri (pulse interval)>,<number of pulses>,<tx_sample_rate>
      (entering --rf_type FCC1 , will use defaults pulse_width: 1 , pri: 518, number of pulses: 1930 tx sample rate: 1
      Detection: 60 percent
      Trials 30

      Test A
      Table 5a:
      Pulse Repetition Frequency, Pulse Repetition Interval micro second
      1930.5 518
      1858.7 538
      1792.1 558
      1730.1 578
      1672.2 598
      1618.1 618
      1567.4 638
      1519.8 658
      1474.9 678
      1432.7 698
      1392.8 718
      1355 738
      1319.3 758
      1285.3 778
      1253.1 798
      1222.5 818
      1193.3 838
      1165.6 858
      1139 878
      1113.6 898
      1089.3 918
      1066.1 938
      326.2 3066

      Test B
      15 unique PRI values randomly selected within the range of 518-3066 μsec, with a minimum
      increment of 1 μsec, excluding PRI values selected in Test A

      pulses roundup ( (1/360)((1910^6)/PRI usec)
      roundup ((1/360)((1910^6)/3066) = round up {17.2} = 18


      --rf_type FCC2,<pulse width>,<pri (pulse interval)>,<number of pulses>,<tx_sample_rate>
      (entering --rf_type FCC2 , will use defaults pulse_width: 1 , pri: 150, number of pulses: 23 tx sample rate: 1
      Detection: 60 percent
      Trials: 30

      Pulse Width usec: 1-5,
      PRI usec: 150-230
      Number Pulses 23-29

      --rf_type FCC3,<pulse width>,<pri (pulse interval)>,<number of pulses>,<tx_sample_rate>
      (entering --rf_type FCC3 , will use defaults pulse_width: 6 , pri: 200, number of pulses: 16 tx sample rate: 1
      Detection: 60 percent
      Trials: 30

      Pulse Width usec : 6-10
      PRI usec: 200-500
      Number Pulses 16-18


      --rf_type FCC4,<pulse width>,<pri (pulse interval)>,<number of pulses>,<tx_sample_rate>
      (entering --rf_type FCC4 , will use defaults pulse_width: 11 , pri: 200, number of pulses: 12 tx sample rate: 1
      Detection: 60 percent
      Trials: 30

      Pulse Width usec: 11-20
      PRI usec: 200-500
      Number PUlses 12-16


      --rf_type FCC5 FCC6 with additional data after the type

      --rf_type FCC5,<num_bursts>,<trials_center>,<trials_low>,<trials_high>,<uut_channel>,<freq modulation>,<tx_sample_rate>
      --rf_type FCC5,10,10,0,0,20,15,20
      10 bursts per trial,
      10 trials center,
      0 trials low,
      0 trials high,
      uut channel bw 20
      chirp frequency modulation 15
      tx_sample_rate 20 (will be 20 Mhz which is prefered)

      --rf_type FCC5,0,10,0,0,20,12,20
      0 will randomize bursts per trial (8,20),
      10 trials center,
      0 trials low,
      0 trials high,
      uut channel bw 20
      chirp frequency modulation 12
      tx sample rate 20 (will be 20 Mhz which is prefered)


      Pulse Width usec: 50-100
      Chirp Width (Mhz): 5-20
      PRI usec : 1000-2000
      Number of pulses per Burst 1-3
      Number of bursts 8 -20
      Detection: 80 percent
      Minimum Number of Trials: 30

      --rf_type FCC5B,<burst offset><pulse width>,<chirp frequency modulation>,<pulse rate frequency>,<pulse rate frequency 2>,<pulse rate frequency 3>,<num pulses in burst>,<uut_channel>,<carrier frequency><tx sample rate>
      To do a single burst within a trial (TODO determing timing till start)
      burst offset : micro seconds
      pulse width : 50 - 100 us
      chirp frequency modulation : 5-20 (number gets multiplied by 1e6)
      PRF 1: 500 - 1000 Hz (is PRI 1000-2000 us)
      PRF 2: 500 - 1000 Hz ( is PRI 2: 1000-2000 us , enter 0 if no pulse 2)
      PRF 3: 500 - 1000 Hz ( is PRI 3: 1000-2000 us , enter 0 if no pulse 3 (needs to be zero if pulse 2 is zero) )
      Number pulses per burst : 1-3
      uut_channel : 20 40 80 160
      carrier frequency : <number entered> is mulitplied by 1000000 (overrides --freq entry)
      tx sample rate : samples per second 1 - 20 (should be 20 to meet spec.) number entered is mulplied by 1e6

      example:
      --rf_type FCC5B,400000,70,20,1100,1200,1300,3,20,5320,20


      --rf_type FCC6,<fcc6_bursts>
      --rf_type FCC6,20
      for FCC6 if the list is of lenght 1 the number of fcc6s default to 20

      Pulse Width (usec): 1
      PRI usec: 333
      PUlses per Hop: 9
      Hopping rate (kHz): 0.333
      Hopping Sequency Length (msec) : 300
      Minumum Percentage Successful Detection 70 percent
      Minumum number of Trials 30

      ETSI

      --rf_type ETSI0,<pulse_width>,<prf_1>,<tx_sample_rate>,
      --rf_type ETSI1,<pulse_width>,<prf_1>,<tx_sample_rate>,
      --rf_type ETSI2,<pulse_width>,<prf_1>,<tx_sample_rate>,
      --rf_type ETSI3,<pulse_width>,<prf_1>,<tx_sample_rate>,
      where T1 = 1/<prf_1>

      ETSI0 pulse width: 1 us, PRF (pulse repetition frequency) 1428, pulse count 18 (fixed)
      ETSI1 pulse width: .5 - 5us, PRF (pulse repetition frequency) 200 - 1000, pulse count 10 (fixed)
      ETSI2 pulse width: .5 - 5us, PRF (pulse repetition frequency) 200 - 1600, pulse count 15 (fixed)
      ETSI3 pulse width: .5 - 5us, PRF (pulse repetition frequency) 2300 - 4000, pulse count 25 (fixed)
      tx_sample_rate : 20


      --rf_type ETSI4,<pulse_width>,<prf>,<tx_sample_rate>,
      where T1 = 1/<prf_1>

      ETSI4 pulse width 20-30us, PRF (pulse repetition frequency)2000-4000, pulse count 20 (fixed)

      for ETSI4 if list length is greater than one
      pulse width rand between(20,30)
      prf rand between (2000,4000)

      --rf_type ETSI5,<pulse_width>,<prf_1>,<prf_2><prf_3>,<tx_sample_rate>,
      where T1 = 1/<prf_1> and T2 = 1/<prf_2> and T3 = 1/<prf_3>
      Pulse width .5 - 2 us
      number of prf is 2/3 pulses per burst 10 for each PRF
      prf_1 rand between (300,400)
      prf_2 rand between (300,400)
      prf_3 rand between (300,400)
      The maximum differnence between two PRFs is 50 Hz and the minimum difference is 20 Hz
      The total number of pulses in a burst is equal to the number of pulses for a single PRF multiplied
      by the number of different PRFs used.


      --rf_type ETSI6,<pulse_width>,<prf_1>,<prf_2>,<prf_3><tx_sample_rate>,
      where T1 = 1/<prf_1> and T2 = 1/<prf_2> and T3 = 1/<prf_3>
      Pulse width .5 - 2 us
      number of prf is 2/3 pulses per burst 10 for each PRF
      prf_1 rand between (400,1200)
      prf_2 rand between (400,1200)
      prf_3 rand between (400,1200)
      The maximum differnence between two PRFs is 400 Hz and the minimum difference is 80 Hz
      The total number of pulses in a burst is equal to the number of pulses for a single PRF multiplied
      by the number of different PRFs used.



      --uut_channel UUT_CHANNEL
      --uut_channel 20 (uut_channel) default: 20
      --sweep_time SWEEP_TIME
      --sweep_time { msec } default: 10
      --freq FREQ --freq { khz } center frequency (multiplied by 1000) default: 5300000
      --daemon DAEMON --daemon { 0 | 1 } default: 0
      --pid_file PID_FILE --pid_file { pid-file-name } default: lf_hackrf_py.pid
      --gain GAIN --gain default: 14
      --if_gain IF_GAIN --if_gain default: 27
      --bb_gain BB_GAIN --bb_gain default: 24
      --log_level LOG_LEVEL
      --level {critial|error|warning|info|debug}
      --mgt_pipe MGT_PIPE --mgt_pipe default: ""
      --no_repeat --noq_repeat store true
      --sample_mod SAMPLE_MOD
      --sample_mod 2 default: 2
      --host_perf_adjust HOST_PERF_ADJUST

      --host_perf_adjust <float>
      The default is 0 which is to adjust automatically based on number of bursts,

      the rf generation peformance is affected by the host system, this switch is used for verification
      This switch is to tune the bursts to occur within the 12 sec
      For FCC5 the time between bursts needs to be adjusted based on the host system performance
      the smaller the float the less time between bursts

      --tx_sample_rate TX_SAMPLE_RATE
      --tx_sample_rate is the transmit sample rate

      lf_hackrf_dfs.py

      example tp store into file
      ./lf_hackrf_dfs.py --freq 5320000 --gain 14 --if_gain 20 --tx_sample_rate 20 --rf_type fcc5 --log_level debug --lf_hackrf 22276763 2>&1 | tee fcc5_trial_03_axe11000.txt

      ./lf_hackrf_dfs.py --freq 5320000 --gain 14 --if_gain 20 --tx_sample_rate 5 --rf_type FCC5,8,1,0,0,20 --log_level debug --lf_hackrf 22276763 2>&1 | tee fcc5_trial_03_axe11000.txt

Candela  Technologies, 2417 Main Street, Suite 201, Ferndale, WA 98248, USA
www.candelatech.com | sales@candelatech.com | +1.360.380.1618
Facebook | LinkedIn | Blog