INTEL WIRELESS
Wired Stuff
WiFi Tablet Corner
My80211 White Papers (Coming Soon!)

Cisco Wireless Compatibility Matrix (Nov. 2011)

Podcasts / Videos

My80211 Videos

Cisco: 802 11 frames with Cisco VIP George Stefanick

Fluke Networks: Minimize Wi Fi Network Downtime

Aruba: Packets never lie: An in-depth overview of 802.11 frames

ATM15 Ten Talk “Wifi drivers and devices”

Houston Methodist Innovates with Wireless Technology

Bruce Frederick Antennas (1/2)

 

Bruce Frederick dB,dBi,dBd (2/2)

Cisco AP Group Nugget

Social Links
Revolution WiFi Capacity Planner

Anchor / Office Extends Ports

 

Peek Inside Cisco's Gear

See inside Cisco's latest wireless gear!

2.4 GHz Channel Overlap

EXAMPLE 1  

EXAMPLE 2

EXAMPLE 3  

LWAPP QoS Packet Tagging

 

 

IEEE 802.11a/g/n Reference Sheet

 

CWSP RELEASE DATE 2/08/2010
  • CWSP Certified Wireless Security Professional Official Study Guide: Exam PW0-204
    CWSP Certified Wireless Security Professional Official Study Guide: Exam PW0-204
    by David D. Coleman, David A. Westcott, Bryan E. Harkins, Shawn M. Jackman

    Shawn Jackman (Jack) CWNE#54 is a personal friend and has been a mentor to me for many years.  I've had the pleasure and opportunity to work with Jack for 4 years. Jack is a great teacher who takes complex 802.11 standards and breaks them down so almost anyone can understand the concept at hand. I'm excited for you brother. Great job and job well done! Put another notch in the belt!

Interference Types

BLUETOOTH
 

Microwave Oven
 

Cordless Phone

JAMMER!
 

  

Tuesday
Nov072017

My Personal CWSP Flash Card Deck

I made my personal CWSP Flash Card Deck available. If you master these 230+ cards you are well on your way to pass the CWSP exam. Very detailed flash cards, 20 a day keeps you sharp!

Enjoy!

I plan to release my CWNA, CWDP and CWAP soon after I clean them up for public view.

 

http://www.cram.com/flashcards/cwsp-1348185 

 

Wednesday
Aug162017

Intel Wireless NIC Product Line Detail and Comparison  

 

When dealing in a multi WiFi NIC environment, especially when dealing with a single vendor, WiFi NIC information should be handy. Here is a link that you should bookmark. 

http://ark.intel.com/products/family/59484/Intel-Wi-Fi-Product

 

 

It also provides a quick and handy comparison between Intel WiFI NICs. 


Thursday
Jul272017

Intel Wireless - WLAN Driver Release Notes 

Did the title get your attention ? 

In the last month or so Intel has quietly added driver release notes to their latest two driver releases, 19.60 and 19.70. What you might find interesting, Intel doesn't disclose any open issues, but they mention “Key Issues Fixed and Changes”. In other words here is what we fixed, but we wont disclose any existing problems.

I applaud Intel for giving the community and customers who support them this added information. I hope they disclose open issues in the future. 

Enjoy 

https://www.intel.com/content/www/us/en/support/network-and-i-o/wireless-networking/000017246.html

 

 



Friday
Mar172017

Cisco Meshed Wireless LAN Controller Impersonation Vulnerability

Summary

  • A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) software could allow an unauthenticated, remote attacker to impersonate a WLC in a meshed topology.

    The vulnerability is due to insufficient authentication of the parent access point in a mesh configuration. An attacker could exploit this vulnerability by forcing the target system to disconnect from the correct parent access point and reconnect to a rogue access point owned by the attacker. An exploit could allow the attacker to control the traffic flowing through the impacted access point or take full control of the target system.

    Cisco has released software updates that address this vulnerability. Note that additional configuration is needed in addition to upgrading to a fixed release. There are no workarounds that address this vulnerability.

    This advisory is available at the following link:
    https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-wlc-mesh

Affected Products

  • Vulnerable Products

    This vulnerability affects the following products running a vulnerable version of Wireless LAN Controller software and configured for meshed mode:
    • Cisco 8500 Series Wireless Controller
    • Cisco 5500 Series Wireless Controller
    • Cisco 2500 Series Wireless Controller 
    • Cisco Flex 7500 Series Wireless Controller 
    • Cisco Virtual Wireless Controller
    • Wireless Services Module 2 (WiSM2)

    Refer to the "Fixed Software" section of this security advisory for more information about the affected releases.

    To determine whether a WLC is configured for meshed mode, use the show ap config general command and verify that the AP mode is set to Bridge. The following example shows a WLC configured for meshed mode:

    Cisco AP Identifier.............................. 23
    Cisco AP Name.................................... ap1
    
    [...]
    AP Mode ......................................... Bridge  
    AP Role ......................................... RootAP
    [...]
    Note: Meshed mode is not enabled by default.

    Products Confirmed Not Vulnerable

    No other Cisco products are currently known to be affected by this vulnerability.

    The following products are not affected by this vulnerability:
    • Integrated controller in Cisco Catalyst 3850 Series Switch
    • Integrated controller in Cisco Catalyst 3650 Series Switch
    • Cisco Mobility Express 
    • Cisco 5760 Wireless LAN Controllers 

Workarounds

  • There are no workarounds that address this vulnerability.

Fixed Software

  • Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: 
    http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html

    Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.

    When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.

    In all cases, customers should ensure that the devices to upgrade contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

    Customers Without Service Contracts

    Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC:
    http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html

    Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.

     

    Fixed Releases

    Customers should upgrade to an appropriate release as indicated in the following table:

     

     

     

Saturday
Mar042017

Field Notice: FN - 64274 - CP-8821 Fails in Wireless LAN Infrastructures-Software Upgrade Required

We recently deployed 8821 phones in our environment. The past few weeks have been a challenge for us because of these issues. Most of our issues have subsided with the code update and configuration and code changes. 

NOTICE: 

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Revision History

RevisionDateComment
1.0
03-MAR-2017
Initial Public Release

Products Affected

Products Affected
8821 - CP-8821-K9-BUN
8821 - CP-8821-K9[=]

Problem Description

CP-8821 wireless phones deployed in Wireless LAN (WLAN) infrastructures do not work properly. The issues are caused by both 8821 phone and WLAN software bugs.

Background

CP-8821 new wireless phone adoption guidelines are not followed.

Problem Symptoms

Customers that deploy the 8821 in new and established WLAN infrastructures see these issues:

  • Poor voice quality
  • Audio gaps
  • Lost registration
  • Problems with roaming
  • User interface hangs/restarts 

     

Workaround/Solution

Software updates and configuration modifications are required for Unified Communications Manager, the Cisco WLAN Controller, and the 8821 Wireless Phone. While these modifications will not resolve all known issues, they do address the most critical problems. It is HIGHLY recommended that the customer becomes familiar with instructions and content of the 8821 Wireless Deployment Guide found on Cisco.com.

Unified Communications Manager
- Recommend Version 10.5(2), 11.0(1), 11.5(1), and later

Unified Survivable Remote Site Telephony (SRST)
- Recommend Version 11.0, 11.5, and later

Unified Communications Manager Express: 10.x, 11.x, and later
- Recommend Version 11.0, 11.5, and later

Hosted Collaboration Solution (HCS): 9.x, 10.x, 11.x, and later 
- Recommend Version 11.0, 11.5, and later

Wireless LAN Controller (WLC) and Access Points (APs) 
- Refer to the 8821 Wireless Deployment Guide for supported AP listings. Any AP model that is not listed in the deployment guide is not supported.

Cisco WLC and Cisco Lightweight APs
- Recommend at least Version 8.0.140.0, 8.2.141.0, or later 
- For the latest code recommendations for the AireOS based Cisco WLC, also refer to TAC Recommended AireOS Builds.

Cisco Meraki Access Points
MR18, MR24, MR26, MR32, MR34, MR42, MR52, and MR53 indoor AP platforms and the Cisco Meraki MR72 outdoor AP platform only. 

Cisco Autonomous APs
- Recommend Version 12.4(25d)JA2, 15.2(4)JB6, and 15.3(3)JD

8821 Wireless Phone
- Recommend latest Software Release 11.0(3) SR1 or later

Refer to the 8821 Wireless Deployment Guide for all settings, configurations, and troubleshooting recommendations.

These commands must be issued on all Cisco WLCs as a workaround for Cisco bug ID  CSCvd06463 - IOS AP doing AMSDU aggregation for voice traffic in queue 0 despite BA req declined by 8821:

These are the commands for 5 GHz, if Cisco 8821 on 5 GHz is used:

  • config 802.11a disable network
  • config 802.11a 11nSupport a-msdu tx priority all disable 
  • config 802.11a enable network 

These are the commands for 2.4 GHz, if Cisco 8821 on 2.4 GHz is used:

  • config 802.11b disable network
  • config 802.11b 11nSupport a-msdu tx priority all disable
  • config 802.11b enable network 

     

CDETS

To follow the bug ID link below and see detailed bug information, you must be a registered customer and you must be logged in.

CDETSDescription
CSCvd06463 (registered customers only) IOS AP doing AMSDU aggregation for voice traffic in queue 0 despite BA req declined by 8821
See the Workaround/Solution section for the commands.
CSCvc52093 (registered customers only) WLC send deauth 17 to phone in 4-way handshake
CSCvc65568 (registered customers only) 8821 fails 11r FT roam with "Invalid FTIE MIC"
CSCva66489 (registered customers only) 11r sess timeout after reassoc causing Deauth 17 mismatch FTIE
CSCvc80755 (registered customers only) WLC Missed eap-reponse packet from phone
CSCvd12366 (registered customers only) UI crash and drops call
CSCvd12387 (registered customers only) Roam request not sent OTA
CSCvd12651 (registered customers only) 8821 shows higher RSSI than it should for afar AP
CSCvd07716 (registered customers only) Network Busy due to no response from firmware for ADDTS request

Compliance Hold

In order to ensure successful deployment of the 8821, these actions must be taken before Sales Orders are released:

  1. Perform a Wireless Network Site Survey.
  2. If a partner is responsible for the installation, verify that the partner has certification for Voice over WLAN.
  3. Confirm that the wireless infrastructure (WLC, APs, and so on) runs on the latest released version of the firmware.

 

Friday
Feb242017

Wireless Network Design that Scales to Business Demands #INTEROP

I'm presenting Wireless Network Design that Scales to Business Demands.

Save 20% off any pass with our exclusive promo code: STEFANICK

https://l.feathr.co/interop-itx-george-stefanick-n

Tuesday
Feb212017

Onion Approach to wifi troubleshooting basics - Same, Better or Worse

I learned long ago working with end users is sometimes a blessing and a curse. Users have valuable information that will enable us as WiFi engineers to get a glimpse to the issues they are having. At times and from personal experience users may not always be truthful. I'm not saying their lying rather I'm point out the obvious.  Users I interview as part of my fact gathering phase sometimes don't have the time or don't clearly remember specific facts. In some cases I get that user who is the negative Nancy. You know her the gal who says nothing never works. It's always broken. It's always slow. 

When I make changes in an effort to resolve an issue I like to take the easy approach to get the users perspective if the issue has improved. Clearly some issues are black and white in terms that the issue is fixed and resolved or not.

Other times problems require small changes in an effort to improve a solution. Because maybe you aren't sure of the fix and you need to layer (Onion approach) back on complexity to see if we get improvement. 

Read the complete blog post here:

https://community.arubanetworks.com/t5/Technology-Blog/Onion-Approach-to-wifi-troubleshooting-basics-Same-Better-or/ba-p/274757

Friday
Feb172017

TAC Recommended AireOS Builds 1/25/2017 

You want to upgrade your AireOS. You might want to start here first! 

So you want to upgrade your controllers? What better place to start then a TAC recommend list. If you're like me you will want to do your research, read the release notes, search the forums, and test the code release on a test controller before pushing to your production environment. 

Enjoy! 

https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-TAC-Recommended-AireOS.html 

 

 

 

 

Saturday
Jan072017

End-of-Sale and End-of-Life Announcement for the Cisco Aironet Access Point Module for 802.11ac

Title: End-of-Sale and End-of-Life Announcement for the Cisco Aironet Access Point Module for 802.11ac
Description:

Cisco announces the end-of-sale and end-of-life dates for the Cisco Aironet Access Point Module for 802.11ac. The last day to order the affected product(s) is July 3, 2017. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available under the terms and conditions of customers' service contract.

Date: 04-JAN-2017
Sunday
Oct162016

End-of-Sale and End-of-Life Announcement for the Cisco Wireless Services Module 2 (WiSM2)

Cisco announces the end-of-sale and end-of-life dates for the Cisco Wireless Services Module 2 (WiSM2). The last day to order the affected product(s) is April 10, 2017. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available under the terms and conditions of customers' service contract.

http://www.cisco.com/c/en/us/products/collateral/interfaces-modules/wireless-services-module-2-wism2/eos-eol-notice-c51-738008.html?emailclick=CNSemail 


Sunday
Oct162016

End-of-Sale and End-of-Life Announcement for the Cisco Flex 7510 Wireless Controller

Cisco announces the end-of-sale and end-of-life dates for the Cisco Flex 7510 Wireless Controller. The last day to order the affected product(s) is April 10, 2017. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available under the terms and conditions of customers' service contract.

 

http://www.cisco.com/c/en/us/products/collateral/wireless/flex-7500-series-wireless-controllers/eos-eol-notice-c51-738009.html?emailclick=CNSemail


Wednesday
Aug172016

NETSCOUT AirCheck G2 v1.1 Introduces #13 New Features 

NETSCOUT’s AirCheck G2 is far and beyond the best tool I have in my wireless tool bag and it just got a whole lot better with this latest release.  As an early beta tester I was excited to get my hands on this device. A fan of the original AirCheck the AirCheck G2 raised the bar with added features and touch screen. 

Since getting my hands on the AirCheck G2 I’ve had it in some of the most challenging environments you will find on earth to do WiFi. 

 

As I mentioned the G2 just got a whole lot better this week with release v1.1. NETSCOUT introduced 13 new features. Sit back because there is a lot more goodness to come! 

My top 3 favorite new features:

#1 Emulate user device received signal levels with custom signal level adjustments.
#3 Focus your testing by selecting which channels to scan.

#9
A Show vs. Exclude option is added for SSID Filtering, so you can view all SSIDs except the ones you specify, or view only the ones you specify. 

New Features   

#1 Emulate user device received signal levels with custom signal level adjustments.

  • Settings >> 802.11 Settings >> Custom Signal Adjustments
  • Adjustments will apply to signal levels but not to noise and SNR levels.
  • Adjustments are applied everywhere except the Locate Access Point / Locate Client screens.
  • Adjusted signal levels are shown with an * indicator: 

  

#2 Aruba access point names advertised in the beacons are now shown.

#3
Focus your testing by selecting which channels to scan.

  •  Settings >> 802.11 Settings >> Channels and Bands
  • AutoTest will still scan all channels in 2.4GHz so that the Adjacent Channel Interference 
  • Test will be accurate. However, only channels selected for scanning will be listed in CCI 
  • and ACI results.
  • If you view channel details for a channel that is not selected for scan, AirCheck G2 will still dwell on that channel while on the channel details screen. 

 

#4 Access Point basic and extended supported rates are shown to identify mis-configurations that result in slow performance (Max 11n/ac rates are still shown under 802.11n/ac Capabilities as in v1.0). 

#5 AutoTest Co-Channel Interference and Adjacent Channel Interference tests: view the actual APs that were counted on each channel by touching that result. 

 

#6 Retry rate, a critical key performance indicator, is added to the Network and Access Point connection tests.

#7 Support for a USB headset for use in the Locate Access Point or Client audio function. These models have been tested:

  •  Logitech ClearChat Comfort/USB Headset H390
  •  Koss Communications USB Headset CS95-USB
  •  iMicro IM320 USB Headset
    Microsoft LifeChat LX-4000 for Business 
  • Plantronics Blackwire C320-M 

 

#8 Session and screen capture files can now be saved directly to a USB drive.

  • Settings >> Manage Files. “Save to USB” button is at the bottom.
  • FAT32 file format is supported. exFAT or NTFS file formats are not supported. 

 

 #9 A Show vs. Exclude option is added for SSID Filtering, so you can view all SSIDs except the ones you specify, or view only the ones you specify. 

 

  • Settings >> 802.11 Settings >> SSID Filter

#10 Touch the Profile name in the display’s status bar to go right to the Profile settings. 

#11 A web proxy to facilitate Link-Live uploads of test results is added.

  •  Settings >> Device Settings >> Link-Live 

#12 AirCheck G2 Manager Reports are now localized in 9 different languages.

#13 When in AirCheck G2 Manager with an AirCheck G2 connected, if you drag one or more profiles from Local Profiles to AirCheck G2 Profiles, the profile that will come up in the AirCheck G2 when it reboots is indicated with a green star. 

Sunday
Jul172016

End-of-Sale and End-of-Life Announcement for the Cisco Unified Wireless IP Phones 7925G, 7925G-EX, and 7926G

Cisco announces the EOS and EOL for Cisco Wireless handset 7925G, 7925G-EX, and 7926G. The replacement handset is the Cisco 8821. Customers looking for a 7926G scanner replacement Cisco recommends the Spectralink PIVOT:SC 8744.

 

Cisco Wireless IP Phone 8821 Data Sheet

http://www.cisco.com/c/en/us/products/collateral/collaboration-endpoints/wireless-ip-phone-8821/datasheet-c78-737346.html

 

 

 

Cisco Wireless IP Phone 8821-EX Data Sheet

http://www.cisco.com/c/en/us/products/collateral/collaboration-endpoints/wireless-ip-phone-8821-ex/datasheet-c78-737347.html 

 

 

 

Spectralink PIVOT:SC 8744

http://spectralinkplus.com/wp-content/uploads/2016/06/Cisco-Spectralink_PIVOT_HowToBuyGuide_A4_062016_SH-v3.pdf

 

Cisco announces the end-of-sale and end-of-life dates for the Cisco Unified Wireless IP Phones 7925G, 7925G-EX, and 7926G. The last day to order the affected product(s) is October 15, 2016. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available under the terms and conditions of customers' service contract.

 

Read the official EOS and EOL:

http://www.cisco.com/c/en/us/products/collateral/collaboration-endpoints/unified-ip-phone-7900-series/eos-eol-notice-c51-737580.html?emailclick=CNSemail

 

 

Thursday
Jul142016

Apple iOS 10 Beta Sysdiagnose Logging

If you blinked you might have missed Apple’s mention of the new Sysdiagnose logging. While little is known to the general public, there is hope it might include Wi-Fi logs for network troubleshooting and diagnostics. 

 WDC session Unified Logging and Activity Tracking session, Friday 7:00-7:40 pm - 41:00 minute mark.

 

Read this blog post in its entirety: 

http://community.arubanetworks.com/t5/Technology-Blog/Apple-iOS-10-Beta-Sysdiagnose-Logging/ba-p/270978 

Sunday
Jul032016

Microsoft changes go in to effect which affect the ability to run older versions of AnyConnect on Windows platforms

Important reminder – Deadline January 1 2017
Microsoft changes go in to effect which affect the ability to run older versions of AnyConnect on Windows platforms (pre 3.1MR13 or 4.2MR1) 

As an important reminder, due to Microsoft code signing changes, old versions of AnyConnect (pre 3.1MR13 or 4.2MR1) will no longer run on Windows platforms as of 1/1/2017. While Cisco always recommends running current versions of AnyConnect for the most recent bug fixes, it is critical that customers upgrade any Windows users prior to this date in order for AnyConnect to still be able to run on those systems.

We always recommend the latest version of AnyConnect (4.x) at the time of updating, which today would be 4.3 or the latest 4.2 MR.

3.1MR14 is currently available for customers and is unaffected by this deadline, but the 3.x release train is no longer eligible for bug fixes.

Customers must have a Plus, Apex or VPN Only license with an active support contract in order to access 4.x software releases.

http://www.cisco.com/c/dam/en/us/products/security/anyconnect-og.pdf 

Release Notes:http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect43/release/notes/b_Release_Notes_AnyConnect_4_3.html#reference_AA75AD8674C4409DBA57F2EBD9CAE3BB

Code Signing Certificates: Windows will no longer trust files with the Mark of the Web attribute that are signed with a SHA-1 code signing certificate and are timestamped after 1/1/2016." Refer to the Microsoft documentation for more details: here

Saturday
Jul022016

Cisco WLC Release 8.2.111.x Beta

8.2MR2 (Future 8.2.120.0) is now available for beta testing. 

The planned CCO release is July

If you are interested in participate on the beta program, please send email to wnbu-mrbeta@external.cisco.com with your CCO username, and expected tests/network size, thanks!

 

Resolved Caveats - 8.2.111.23

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

CSCug98522

PMIPv6: MAG delivering multiple DNS servers to clients

 

 

 

 

 

CSCuq05475

Controller GUI shows AP's NAT IP instead of private

 

 

 

 

 

CSCut42406

Ct5508 crashed while disabling Mobility oracle.

 

 

 

 

 

CSCuu91943

8510 WLC crash while accessing the controller crash file info thro GUI

 

 

 

 

 

CSCuw28141

Reaper Reset: Task "SNMPTask" missed software watchdog

 

 

 

 

 

CSCuw30129

Debugging logging quickly falls behind real-time

 

 

 

 

 

CSCuw36069

Threshold MIBs incorrectly set for WSSI modules.

 

 

 

 

 

CSCuw65706

AP1530 WGB Drops Tx used w/ other 1530 WGB in same MAC address range

 

 

 

 

 

CSCuw89229

Mesh instability with fast-convergence when  RF link is unstable

 

 

 

 

 

CSCux22620

8510 WLC crash in radiusTransportThread system task

 

 

 

 

 

CSCux28775

WLC per-WLAN client traffic stats accuracy enhancements

 

 

 

 

 

CSCux29207

Issue with SNMP GetBulk request -  cLAPGroupsHyperlocationEnable

 

 

 

 

 

CSCux32328

Token Bucket leak with QoS Roles and with WebAuth on 8.0.120.2

 

 

 

 

 

CSCux37498

CoA with wlc 8.1.131.0 shows error message on ISE server

 

 

 

 

 

CSCux41577

WLC and AP out of SYNC for Client Exclusion List

 

 

 

 

 

CSCux45077

AP3500 crashed due to "LWAPP CLIENT" process.

 

 

 

 

 

CSCux47470

8.0.110.14 controller crash at  openssl_cert_hash_algo_check_callback

 

 

 

 

 

CSCux51484

Memory leak observerd in EOGRE SNMP task

 

 

 

 

 

CSCux60012

With New Mobility - Mobility Members Don't survive reload

 

 

 

 

 

CSCux60873

Radius interface overwrite does not work when chosing "ap group" intf

 

 

 

 

 

CSCux65158

ATF : Globally configured mode not applied to newly joined APs

 

 

 

 

 

CSCux66190

No.of Interim Update Sent field is not flushing

 

 

 

 

 

CSCux69928

Wism2 Silent crash PMALLOC_DOUBLE_FREE on 8.0.122.18 MR3

 

 

 

 

 

CSCux74970

MAG w/PMIPv6 does not assign secondary DNS to clients via DHCP

 

 

 

 

 

CSCux75330

Mismatch AP count and unable to add more APs to WLC

 

 

 

 

 

CSCux78464

WLC crashes in Process Bonjour_Process_Task

 

 

 

 

 

CSCux81598

Memory Allocation problem with SAP1602

 

 

 

 

 

CSCux83260

BGL-Alpha: "lbs-ssc" &" sha256-lbs-ssc" missing in WLC web UI

 

 

 

 

 

CSCux83635

FATAL: Couldnt Send message out prints on 5500/7500 standby console

 

 

 

 

 

CSCux91996

Rogue containment not starting if no client info on best RSSI AP

 

 

 

 

 

CSCux92251

AIR-CAP2702 with WLC 8.2 doesnt allow HTTPS client access

 

 

 

 

 

CSCux93468

Anomalous Fan Speed/Temp reading for 8540

 

 

 

 

 

CSCux95607

ATF : User allowed to configure ATF on 1600 unsupported platform

 

 

 

 

 

CSCuy13829

AIR-CAP2602I crash on dot11_pmkid_timeout

 

 

 

 

 

CSCuy14547

HA Config Sync failed

 

 

 

 

 

CSCuy18768

Halo module doesn't work with RxSOP after image upgrade/dowgrade

 

 

 

 

 

CSCuy19485

Client detail table view miss alignment for a single client in bar graph

 

 

 

 

 

CSCuy21224

upport of 3G/4G module on 3600E/3700E APs

 

 

 

 

 

CSCuy23295

intf nasid given priority over wlan nasid in default Ap group

 

 

 

 

 

CSCuy33247

AP send disassociation frames twice and Optimized roaming go wrong

 

 

 

 

 

CSCuy37694

WLC crash running 8.0.120.0 at task apfRogueTask_1

 

 

 

 

 

CSCuy43365

5520 / 8540 8.2.100.0 Crash in Reaper Reset: Task "apfReceiveTask"

 

 

 

 

 

CSCuy45485

Containment to choose AP based on rogue client detected as well as RSSI

 

 

 

 

 

CSCuy45955

DFS scan causes beacon transmission to be stuck on AP

 

 

 

 

 

CSCuy47407

Client leak at anchor controller

 

 

 

 

 

CSCuy51343

Telnet/ssh config for AP is not retaining after upload/download config

 

 

 

 

 

CSCuy52607

Data Plane crash - cvmcs_StaToDS

 

 

 

 

 

CSCuy63742

Acct commands send inconsistently to TACACS server for rapid commands

 

 

 

 

 

CSCuy73622

Time sync failure for mmMsg_HandoffComplete on MC not printed on debugs

 

 

 

 

 

CSCuy92423

CWA broken in beta image 8.0.122.50

 

 

 

 

 

CSCuy94534

3700/2700 on DFS dont see 3700/2700 as neighbor when Rxsop High/Med/Low

 

 

 

 

 

CSCuy95327

802.1x frames are not marked with DSCP CS4

 

 

 

 

 

CSCuz01093

Traceback apf_site_override.c:2888 Invalid value 0 for WLAN

 

 

 

 

 

CSCuz02871

Webauth acl is not pushed from flexgroup when a new wlan is added to AP

 

 

 

 

 

CSCuz15763

Flex Data DTLS enabled AP gets stranded with WAN link flap

 

 

 

 

 

CSCuz22237

mobility express CORSICA: client not authenticated from 802.1x,wep)

 

 

 

 

 

CSCuz22985

BCAST Queue full causing Clients to stay Multicast-direct Pending status

 

 

 

 

 

CSCuz23758

Local Profiling Not Sorting Correctly, not corrected on 8.0.132

 

 

 

 

 

CSCuz24467

Mem corruption on GUI crash related to hreap avc group page

 

 

 

 

 

CSCuz38059

Anchor WLC does not free Client Sessions - client entries stale

 

 

 

 

 

CSCuz39100

ATF config not applied when no AP joined on controller

 

 

 

 

 

CSCuz46264

Flood of %SOCKET_TASK-7-DATA_PROCESSING_FAILED error messages

 

 

 

 

 

CSCuz47863

SHA256 self-signed cert for WLC web admin

 

 

 

 

 

CSCuz49616

WLAN-VLAN Mapping incorrect when AP moves across AP-Groups of diff WLANs

 

 

 

 

 

CSCuz52435

Evaluation of wlc for OpenSSL May 2016

 

 

 

 

 

CSCuz56009

Client reassoc not happening when central dhcp enabled

 

 

 

 

 

CSCuz56598

Enabling radio after disable/enable admin status,ifno channels available

 

 

 

 

 

CSCuz57198

SNMP AP3800:Clean air on xor radio is not functioning properly

 

 

 

 

 

CSCuz57392

AP3800 SNMP: Need errors for Channel Settings

 

 

 

 

 

CSCuz58908

AP3800 FRA configurations not retained in HA setup

 

 

 

 

 

CSCuz60033

WLC is dropping data packets in Hybrid VoWiFi setup

 

 

 

 

 

CSCuz63274

mDNS snooping drops IPv6 mDNS traffic

 

 

 

 

 

CSCuz67766

WLC crash due to software watchdog for apfMsConnTask_0

 

 

 

 

 

CSCuz68446

NOS: bsnAPIfTable has NULL entries

 

 

 

 

 

CSCuz69239

Flex local auth: 11n clients showing as 11ac

 

 

 

 

 

CSCuz70444

AP3800: XOR Microcell stuck on max power

 

 

 

 

 

CSCuz70999

AP3800: WLC crash while executing XOR radio commands

 

 

 

 

 

CSCuz71197

8500 wlc crash when starting 11v dms on sim clients

 

 

 

 

 

CSCuz72522

AP3800: FRA COF Metrics shows stale value for disabled Radios

 

 

 

 

 

CSCuz73422

1852 AP EAP-TLS client authentication fails

 

 

 

 

 

CSCuz73502

Spartan:2.4G data not shown for AP-Ch.Util,AP-Dist by SS,AP-Model Distr

 

 

 

 

 

CSCuz74209

AP3800: client network preference default is not default

 

 

 

 

 

CSCuz74637

WLC login banner does not show up on GUI. When using CLI it works fine.

 

 

 

 

 

CSCuz74989

AP3800: Issue setting channel for XOR radio in sniffer mode

 

 

 

 

 

CSCuz77060

SNMP:Radio Mode Trap generated when admin status changed for xor

 

 

 

 

 

CSCuz79051

WiSM2 8.1.131.0 crash in ewaFormServe_multicast_detail

 

 

 

 

 

CSCuz79869

8510 silent crash

 

 

 

 

 

CSCuz81176 

AP3800: Beacons stuck seen in radio 0 & 1

 

 

 

 

 

CSCuz81415

1msec delay in processing IGMP packets causing Bcast queue to remain ful

 

 

 

 

 

CSCuz84096

RRM doesn't change channel for mesh APs in 8.1 and 8.2

 

 

 

 

 

CSCuz86679

5508 HA SSO crash on SNMPTask

 

 

 

 

 

CSCuz87680

WLC crashes with task:emweb on changing wlan config

 

 

 

 

 

CSCuz89491

BVI interface is down with latest recovery image

 

 

 

 

 

CSCuz89662

1852 Reject clients association due to "suppRates statusCode is 18"

 

 

 

 

 

CSCuz96571

Ap-list new mobility packets flooding between AirOS WLC

 

 

 

 

 

CSCuz97117

AP3800 CCO image "show inventory" displays incorrect SN & VID format

 

 

 

 

 

CSCva03344

Client capabilities shown as 160 MHZ even client is not 160MHZ

 

 

 

 

 

CSCva03888

3802 : DSCP marked as 0 in capwap header with CAC config

 

 

 

 

 

CSCva08910

Unable to view the client details by clicking on connection rate

 

 

 

 

 

CSCva09603

AP3800: 160 Mhz throws SNMP error

 

 

 

 

 

CSCva11172

No netflow records exported for anchored client in Auto Anchor Scenario

 

 

 

 

 

CSCva12198

SNMP get on device for table cld11nMcsTable returns only 24 indices

 

 

 

 

 

CSCva12984

DHCP_OPTION_43 functionality broken in AP3800 AP

 

 

 

 

 

CSCuz88260

Unable to handle kernel NULL ptr dereference at virtual addr 00000004

 

 

 

 

 

CSCva21709

1800 AP crashed - apsw_watchdog about to reboot with reason: capwapd

 

 

 

 

 

CSCva25338

2800/3800/1800 'show ap summary' displays wrong ip for static ip config

 

 

 

 

 

CSCuy67885

5520 or 8540 may have no Manufacturing Installed Certificates

 

 

 

 

 

CSCuz81177

2800/3800 Cmd timeout, RX Hang seen

 

 

 

 

 

CSCva07520

2800/3800 DP ERR>22>mv_dp_msg_check_rx:1747>FW Failure Status for opcode:7...

 

 

 

 

 

CSCux82102

AP 3600+11ac module crash on memory corruption for 8.2

 

 

 

 

 

CSCva14511

2800/3800/1800 DHCP_OPTION_43 messages not seen on AP console

 

 

 

 

 

CSCva13591

3802 AP fails to join the WLC after capwap restart

 

 

 

 

 

CSCva19392

2800/3800/1800 ERROR:receiveWlanMsg(): mgmt subtype:0xf len:1423 - dropped event

 

 

 

 

 

CSCva20303

5520 Mem Leak %APF-3-LIST_ERR: avc_api.c No entry available in table

 

 

 

 

 

CSCuy33972

WLC ssh host-key generate command not having an effect

 

 

 

 

 

CSCuz52725

2800/3800- Macbook is sometimes using 2SS rate on uplink

 

 

 

 

 

CSCva05657

3802 AP - cmd_to off channel stuck Tx FSM is not Idle & TCQ Verify zero

 

 

 

 

 

CSCva12610

2800/3800 -Clients are deauthenticating with EAPOL bcast interval expiry

 

 

 

 

 

CSCuz62398

1800 capwap local bcast discovery stops working on upgrade to 8.2.102.125

 

 

 

 

 

CSCva16181

2800/3800 Sniffer Mode set on XOR Band fails

 

 

 

 

 

CSCva21076

2800/3800/1800 Rx hang detection resulting in multiple radio resets & reboot

 

 

 

 

Tuesday
Apr192016

Prime AP Migration Tool - Part 3

In the third part of our series of articles on how to seamlessly upgrade your Cisco WLC infrastructure, we'll examine the important thing to think about - the caveats, hints and tips for a smooth upgrade.

If you've not see the other two articles in this series, you can catch up with the two links below:

 

Caveats, Hints and Tips 

A code upgrade is a MAJOR change in any wireless network. The following notes have been collated on the back of real world experience upgrading large sites with thousands of APs. You must work VERY cautiously on a large or critical site upgrade.

 

1. Firstly, and most importantly – save and BACK UP the config on your WLC prior to starting any major work.

   
2. Take care if you have a Primary and Secondary WLC already allocated for your APs – the IPTel script will overwrite this. Run some tests prior to undertaking any changes to confirm if the script works as you expect. The tool is offered without warranty - TEST IT IN THE LAB FIRST!

   
3. As well as the possibility of a failure during the upgrade requiring a rollback, you might hit new bugs. Make sure you have a well thought out change control process and ideally test a subset area on the new code before rolling out across the site.

   
4. Lab test your upgrade and new code. If you have any sort of unusual end devcices, they may not operate or roam correctly on the new code. Do some lab testing.

   
5. Read the release notes. Yes, it is boring, but you'll at least know if any of the bugs might be an issue for you.

   
6. Make sure your smartness support contract is up to date. Just done an upgrade and its failed? No smartnet and you're on your own - make sure its up to date first!

   
7. We have come across many new Cisco bugs on the larger sites we work on – treat a code upgrade with great care and be sure to thoroughly test all services on the new code once the upgrade is complete.

   
8. Only do a batch of APs at a time – or you will take all APs offline at once, which defeats the purpose.

   
9. Run the script only on one AP first as a test – confirm it moves the AP between the desired WLCs correctly

   
10. Test all your services on the AP once its on your spare WLC – the spare WLC probably doesn’t get used much, so confirm its working as expected before moving a lot of APs across!

   
11. There’s a major caveat to note with the use of the spare controller – the last digit of the MAC address of each SSID (i.e. the BSSID) is determined based on the order it was added to the AP group on the WLC (the order the SSIDs were created in the case of the default AP group). If you don’t correctly configure all the WLCs AP groups with the SSIDs in the same order as each other, you will find the last digit on the SSIDs will change when you move APs to the spare WLC. This is not a problem with most applications – but will affect RTLS applications such as Ekahau that rely on the MAC address of the AP.

   

Liability Disclaimer 

We supply the tools on this website free of charge for the wireless community use. Note with all our tools the liability disclaimer – we do our best to make these tools as useful as we can, but accept no liability for their use or misuse:

https://www.iptel.com.au/terms-and-conditions-for-usage-of-provided-tools.html

Tuesday
Apr192016

Prime AP Migration Tool - Part 2

In this second article on how to seamlessly upgrade your Cisco WLC, we explore the migration process and how to use the free tool IPTel have built for the purpose.

If you've not see the other two articles in this series, you can catch up with the two links below - check the caveats, hints and tips before you start any upgrades:

 

AP Migration Process

There are caveats later in this blog – familiarise yourself with these – if you are unsure of what you are doing do not run this script on a live network. Practice in your lab environment until you are happy with the process.

Access the tool from the IPTel website – here’s the link: https://www.iptel.com.au/ap-migration-tool.html

You will need to make a choice when moving APs – do you upgrade the spare WLC to the new code and upgrade APs on their way over, or just do a straight move then upgrade the primary WLC and upgrade them on the way back. There’s pros and cons to each method.

At some point you need to upload the new WLC code to your controller – this can be done at any stage prior to, or after offloading all the APs.

A screen shot of the tool is shown below:

Prime AP Migration Tool – Entry Screen

The process is as follows:

  • Select the ‘Move AP Script’ radio button
  • Enter the ‘From’ details in the Controllers section (hostname and IP address of your current Primary WLC)
  • Enter the ‘To’ details for the spare / holding platform WLC to move the APs to
  • In the Access Points box, paste in a list of all your APs
  • Click the generate button

 

This will generate a list of commands to be pasted to the WLC GUI. When pasted into the GUI, APs will have the order of their Primary controller changed – the commands will then reload the AP and it will move to the secondary platform.

Once all APs are moved, you can upgrade the primary WLC (or HA if its in HA mode) without affecting any of the APs.

When you’re ready to move the APs back to the original WLC, select the ‘Reset AP Script’ button and click the Generate button – this will generate the reverse script to return the APs back to the Primary WLC.

 

Pre-download

To reduce the impact of the upgrade (speed up the process), pre-download the new AP image to the APs before moving them to a WLC that uses a different code version. Note that without a pre-download, APs will have to download the correct image then reload to boot that image when you move them between WLCs with different code versions! To do a pre-download, you need to download the new code onto the WLC but don't reboot onto it. You will then be able to pre-download that code to all APs (or a single AP at a time if you want to test) either via the GUI or the CLI.

 

Liability Disclaimer 

We supply the tools on this website free of charge for the wireless community use. Note with all our tools the liability disclaimer – we do our best to make these tools as useful as we can, but accept no liability for their use or misuse:

https://www.iptel.com.au/terms-and-conditions-for-usage-of-provided-tools.html

Tuesday
Apr192016

Prime AP Migration Tool - Part 1

Mark at IPTel is sharing some of his scripts to help with controller upgrades! Check it out and let us know what you think!  

This article is the first in a series dedicated to how to upgrade your Cisco WLCs within the minimum of client impact. This article provides the background and pre-requisites, with further articles detailing the process. In addition, IPTel have provided the AP migration tool to make life easy to transfer APs from one WLC to the next.

If you've not see the other two articles in this series, you can catch up with the two links below - check the caveats, hints and tips before you start any upgrades:

The tool can be found on this link: https://www.iptel.com.au/ap-migration-tool.html

 

If you don't like having all your eggs in one basket, you'll have deployed your Cisco WLAN controllers in SSO mode and now discovered when you do an upgrade that they both reload, one after another. In this article we explore what you need to do to perform a seamless upgrade, with virtually no client impact on a Cisco WLAN Controller.

Firstly, you need to take into account a couple of pre-requisite factors:
  • Ensure you have a spare controller
  • Use the Prime AP Migration Tool to move APs around

The bad news is that you need some spare hardware - if you have only a single controller or only a HA pair (in SSO mode) then you can’t do a seamless upgrade. 

When you upgrade the HA pair it copies the new code between the WLCs and reloads each in turn – you’re in for a 15 – 20 minute outage.

The process is even worse if you've not done a pre-upload of code to your APs prior to the WLC code upgrade – once the WLCs are operational on the new code, the APs will join, download, reload onto the new code and join again. The network is going to be unstable while this process occurs.

High Availability (HA)

Firstly, let's have a quick segway onto the issue of High Availability. If you've got one WLC and it goes offline, you're, well offline. If you happen to have a spare WLC handy AND a copy of your config, all good. You can restore the failed controller and maybe have 3 - 4 hours of downtime.

Don't have a spare onsite, and oops, don't have the recent config? You're in real trouble - it could be days or weeks until you return to service.

The HA part codes from Cisco are much cheaper than the fully licenced controllers and inherit the licence once connected - you now have completely seamless fail over (depending on the code version you're running).

That's the good news. The bad news is that you essentially have one single unit, just operating across two pieces of hardware. Make a config error on one and you've just made it on both. There's an outside chance of a bug taking both out at once, but in any case, when you do a code upgrade they will both reload.

The answer to this is a spare controller.

Spare Controller

To overcome this for sites which cannot have any interruption in service, we have developed designs and techniques. The first stage is ensuring you have a spare controller in the network. Fortunately due to Cisco licencing, you can buy the minimum priced HA unit and use this as an HA secondary; once in HA secondary mode (with SSO disabled) it will licence itself for the full number of APs – but only for 90 days (after which there’s a ‘nag’ message).

In addition to providing a holding platform during code upgrades, adding a Spare controller also adds to the overall resilience of the network. We normally configure this as the secondary controller on each AP; it can act as a secondary to multiple primary HA pairs of controllers (you need to configure this for each AP though).

Holding Platform

Once the Spare WLC is in place as the holding platform, you’re all set to be able to do seamless upgrades. The basic premise is to gradually move all APs from the current WLC (or HA pair) to the spare platform. Gradually moving the APs mean any clients will just roam when the AP disappears during the move. To reduce the impact even further, randomise the order in which APs are moved, so you only move one AP at a time in a particular area.

The Prime AP Migration tool is designed to perform just this task – work out a randomised list of APs to change their primary controller to be the spare – they are then rebooted and the AP reconnects on the spare WLC.

 

Liability Disclaimer 

We supply the tools on this website free of charge for the wireless community use. Note with all our tools the liability disclaimer – we do our best to make these tools as useful as we can, but accept no liability for their use or misuse:

https://www.iptel.com.au/terms-and-conditions-for-usage-of-provided-tools.html

Tuesday
Feb162016

802.11 Packet Capture Skillz To Pay The Bills

Digging deep into the Stefanick archives of real world 802.11 issues. I challenge YOU with 4 real world examples. Keep in mind sometimes the obvious is not so obvious. While frames don’t lie understanding 802.11 is important to see the truth. 

These are real customer issues on real networks with real problems.

PROBLEM #1: 

Customer complained of slow WiFi performance in a specific part of the warehouse. It's always been slow said one worker. It's never really preformed right since it was installed. 

During my packet capture I observed a lot of frames with a similar “bit" being marked. What “bit" could be a clue that might contribute to a slow network ?

 

ANSWER #1

If you answered retry bit you would be right. The retry counter was above 30% for channel 6. While the noise reference on channel was within reason the packet capture was a "bit" misleading displaying a -92. No pun intended. I turned on WiSpy, low and behold layer 1 interference. There were old security cameras operating on 2.4 no longer in use but still powered. The cameras were causing interference across channels 1 - 6, causing high retry rates. 

WiSpy 

 

 

PROBLEM #2: 

After a recent firmware update a number of Cisco 7925 phones exhibited an odd behavior. They would connect to the wifi network and then disconnect and display Locating Network Services. This happen repeatable.

I open my sniffer and see frames much like this one. 

ANSWER #2

If you answered duration timer you would be correct. The duration value caught my attention during troubleshooting. In the end it was a firmware bug on the handset due to an interoperability with a specific configuration and 802.11n access points. Note when a client sends a duration value, clients who can demodulate this frame will use this value and reset their clocks to busy. This was impacting the entire cell and not just the phones. 

 

Read this blog post in its entirety: