;)
See inside Cisco's latest wireless gear!
EXAMPLE 1 
EXAMPLE 2
EXAMPLE 3 
Shawn Jackman (Jack) CWNE#54 is a personal friend and has been a mentor to me for many years. I've had the pleasure and opportunity to work with Jack for 4 years. Jack is a great teacher who takes complex 802.11 standards and breaks them down so almost anyone can understand the concept at hand. I'm excited for you brother. Great job and job well done! Put another notch in the belt!
BLUETOOTH
Microwave Oven
Cordless Phone
JAMMER!
Tuesday, June 5, 2018 at 4:11PM
https://www.cisco.com/c/en/us/support/docs/field-notices/702/fn70208.html?emailclick=CNSemail
Saturday, March 4, 2017 at 2:53PM THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.
| Revision | Date | Comment |
|---|---|---|
|
1.0
|
03-MAR-2017
|
Initial Public Release
|
| Products Affected |
|---|
|
8821 - CP-8821-K9-BUN
|
|
8821 - CP-8821-K9[=]
|
CP-8821 wireless phones deployed in Wireless LAN (WLAN) infrastructures do not work properly. The issues are caused by both 8821 phone and WLAN software bugs.
CP-8821 new wireless phone adoption guidelines are not followed.
Customers that deploy the 8821 in new and established WLAN infrastructures see these issues:
Software updates and configuration modifications are required for Unified Communications Manager, the Cisco WLAN Controller, and the 8821 Wireless Phone. While these modifications will not resolve all known issues, they do address the most critical problems. It is HIGHLY recommended that the customer becomes familiar with instructions and content of the 8821 Wireless Deployment Guide found on Cisco.com.
Unified Communications Manager
- Recommend Version 10.5(2), 11.0(1), 11.5(1), and later
Unified Survivable Remote Site Telephony (SRST)
- Recommend Version 11.0, 11.5, and later
Unified Communications Manager Express: 10.x, 11.x, and later
- Recommend Version 11.0, 11.5, and later
Hosted Collaboration Solution (HCS): 9.x, 10.x, 11.x, and later
- Recommend Version 11.0, 11.5, and later
Wireless LAN Controller (WLC) and Access Points (APs)
- Refer to the 8821 Wireless Deployment Guide for supported AP listings. Any AP model that is not listed in the deployment guide is not supported.
Cisco WLC and Cisco Lightweight APs
- Recommend at least Version 8.0.140.0, 8.2.141.0, or later
- For the latest code recommendations for the AireOS based Cisco WLC, also refer to TAC Recommended AireOS Builds.
Cisco Meraki Access Points
MR18, MR24, MR26, MR32, MR34, MR42, MR52, and MR53 indoor AP platforms and the Cisco Meraki MR72 outdoor AP platform only.
Cisco Autonomous APs
- Recommend Version 12.4(25d)JA2, 15.2(4)JB6, and 15.3(3)JD
8821 Wireless Phone
- Recommend latest Software Release 11.0(3) SR1 or later
Refer to the 8821 Wireless Deployment Guide for all settings, configurations, and troubleshooting recommendations.
These commands must be issued on all Cisco WLCs as a workaround for Cisco bug ID CSCvd06463 - IOS AP doing AMSDU aggregation for voice traffic in queue 0 despite BA req declined by 8821:
These are the commands for 5 GHz, if Cisco 8821 on 5 GHz is used:
These are the commands for 2.4 GHz, if Cisco 8821 on 2.4 GHz is used:
To follow the bug ID link below and see detailed bug information, you must be a registered customer and you must be logged in.
| CDETS | Description |
|---|---|
| CSCvd06463 (registered customers only) | IOS AP doing AMSDU aggregation for voice traffic in queue 0 despite BA req declined by 8821 See the Workaround/Solution section for the commands. |
| CSCvc52093 (registered customers only) | WLC send deauth 17 to phone in 4-way handshake |
| CSCvc65568 (registered customers only) | 8821 fails 11r FT roam with "Invalid FTIE MIC" |
| CSCva66489 (registered customers only) | 11r sess timeout after reassoc causing Deauth 17 mismatch FTIE |
| CSCvc80755 (registered customers only) | WLC Missed eap-reponse packet from phone |
| CSCvd12366 (registered customers only) | UI crash and drops call |
| CSCvd12387 (registered customers only) | Roam request not sent OTA |
| CSCvd12651 (registered customers only) | 8821 shows higher RSSI than it should for afar AP |
| CSCvd07716 (registered customers only) | Network Busy due to no response from firmware for ADDTS request |
In order to ensure successful deployment of the 8821, these actions must be taken before Sales Orders are released:
Saturday, January 7, 2017 at 1:30PM | Title: | End-of-Sale and End-of-Life Announcement for the Cisco Aironet Access Point Module for 802.11ac |
| Description: |
Cisco announces the end-of-sale and end-of-life dates for the Cisco Aironet Access Point Module for 802.11ac. The last day to order the affected product(s) is July 3, 2017. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available under the terms and conditions of customers' service contract. |
| Date: | 04-JAN-2017 |
Sunday, October 16, 2016 at 10:48AM Cisco announces the end-of-sale and end-of-life dates for the Cisco Wireless Services Module 2 (WiSM2). The last day to order the affected product(s) is April 10, 2017. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available under the terms and conditions of customers' service contract.
Sunday, October 16, 2016 at 10:40AM
Sunday, July 17, 2016 at 1:45PM
Cisco Wireless IP Phone 8821 Data Sheet
Cisco Wireless IP Phone 8821-EX Data Sheet 
Spectralink PIVOT:SC 8744 
Read the official EOS and EOL:
Monday, November 23, 2015 at 8:28PM http://www.cisco.com/c/en/us/support/docs/field-notices/640/fn64003.html?emailclick=CNSemail
Friday, January 16, 2015 at 2:34PM | Revision | Date | Comment |
|---|---|---|
|
1.0
|
12-JAN-2015
|
Initial Public Release
|
| Products Affected |
|---|
|
Cisco Aironet 1530 Series
|
|
Cisco Aironet 1550 Series
|
|
Cisco Aironet 1600 Series
|
|
Cisco Aironet 1700 Series
|
|
Cisco Aironet 2600 Series
|
|
Cisco Aironet 2700 Series
|
|
Cisco Aironet 3500 Series
|
|
Cisco Aironet 3600 Series
|
|
Cisco Aironet 3700 Series
|
Some Wireless Access Points (APs) manufactured between August 2014 and October 2014 might have an incorrectly programmed SHA-2 certificate.
The affected product families are:
After you upgrade a Wireless LAN Controller (WLC) to software version 8.0.100.0 or 3.6.0E
AND
after the Wireless APs download the new software version, any Wireless AP with an incorrectly programmed SHA-2 certificate disconnects from the WLC and is not able to rejoin the WLC if the WLC has a SHA-2 certificate.
Any new Wireless AP with software version 8.0.100.0 and with an incorrectly programmed SHA-2 certificate fails to validate the image downloaded from the WLC. The result is that the AP is unable to establish a connection to a WLC with version 8.0.100.0 software.
If the AP has an incorrectly programmed SHA-2 certificate and the WLC has version 8.0.100.0 or 3.6.0E, the likelihood of this issue being observed is 100%.
Between August and October 2014, a manufacturing change was added to support SHA-2 certificates. In the certificate chain transition, some APs were manufactured with incorrect certificate information. Prior to this change, the APs only had a SHA-1 device ID certificate. After the change the APs had both SHA-1 and SHA-2, but the SHA-2 was incorrectly programmed on the affected units.
The available fixed code ensures that the APs continue to function as APs that were manufactured prior to August 2014.
The affected APs are fully functional and equivalent to APs manufactured prior to August 2014.
In the future, Cisco will provide support for SHA-2 authentication between APs and more recently manufactured WLCs.
New Aironet APs with factory installed recovery Cisco IOS® are able to join the controller that runs software version 8.0.100.0 or 3.6.0E and download version 15.3(3)JA or 15.3(3)JN IOS. However after the AP reload, the APs are unable to join the controller. On the AP, logs similar to these are seen:
*Oct 16 12:39:06.231: AP has SHA2 MIC certificate - Using SHA2 MIC certificate for DTLS.
*Oct 16 13:14:56.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: ***.***.***.*** peer_port: 5246Peer certificate verification failed FFFFFFFF
*Oct 16 13:14:56.127: DTLS_CLIENT_ERROR: ../capwap/base_capwap/capwap/base_capwap_wtp_dtls.c:496 Certificate verified failed!
*Oct 16 13:14:56.127: %DTLS-5-SEND_ALERT: Send FATAL : Bad certificate Alert to ***.***.***.***:5246
*Oct 16 13:14:56.127: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to ***.***.***.***:5246
Another symptom of this issue is that the AP might be able to join the software version 8.0.100.0 controller, download a new Cisco IOS code, and boot up and join the controller correctly; however when it goes to upgrade to the newer 8.x code it gets stuck in a loop and fails the download.
*Nov 11 10:13:53.003: Currently running a Release Image
*Nov 11 10:13:53.027: Using SHA-2 signed certificate for image signing validation.
*Nov 11 10:13:53.091: Image signing certificate validation failed (FFFFFFFF).
*Nov 11 10:13:53.091: Failed to validate signature
*Nov 11 10:13:53.091: Digital Signature Failed Validation (flash:/update/ap3g2-k9w8-mx.v153_80mr.201410311616/final_hash)
*Nov 11 10:13:53.091: AP image integrity check FAILED Aborting Image Download
Download image failed, notify controller!!! From:8.0.100.0 to 8.0.102.34, FailureCode:3 archive download: takes 339 seconds
*Nov 11 10:14:02.399: capwap_image_proc: problem extracting tar file
In order to avoid this issue, if the WLC runs software version 7.6 or earlier and you have APs affected by this issue, do not upgrade to version 8.0.100.x train. Wait for the next Cisco Connection Online (CCO) release.
If the WLC has been upgraded to version 8.0.100.x and the APs are supported in AireOS 7.6, downgrade to this version.
If the WLC has software version 7.6 or earlier, upgrade the WLC to version 8.0.110.0.
If the WLC has software version 8.0.100.x, follow these steps:
In order to avoid this issue, if the WLC has software version 3.3.x or earlier and you have APs affected by this issue, do not upgrade to version 3.6.0E.
If the WLC has been upgraded to version 3.6.0E and APs are supported in Cisco IOS-XE Version 3.3.x, downgrade to this version.
If the WLC has software version 3.6.0E, follow these steps:
To follow the bug ID link below and see detailed bug information, you must be a registered customer and you must be logged in.
| CDETS | Description |
|---|---|
|
CSCur43050 (registered customers only)
|
APs mfg in Aug./Sept./Oct. 2014 unable to join an AireOS controller
|
|
CSCur50946 (registered customers only)
|
APs mfg in Aug./Sept./Oct. 2014 unable to join an IOS-XE controller
|
From the AP CLI, enter the show version command and look for the "Top Assembly Serial Number". An example of a Top Assembly Serial Number is FTX1613GJGA.
If the AP is joined to an AireOS controller:
If the AP is joined to a Cisco IOS-XE controller:
Alternately, the serial number can be found on the back/bottom of the AP:
Confirm that your serial number is affected with the Serial Number Validation Tool.
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:
Monday, December 29, 2014 at 4:43PM Take special care and attention to the information below. A number of legacy access point models will no longer be supported past 8.0 code.
This is reminiscent of 1000 series access points. I can recall the horror stories, people upgrading to 5.0 only to realize that the 1000 series would not join the WLC. #DontBeThatGuy!
Ask your Cisco rep about buy back programs and bundle purchases; buy X and get 5-10 free access points!
Thursday, January 2, 2014 at 11:26AM CSCui69732: Platinum 802.1p tagging defaulted to 5 after upgrade to 7.5.102.0
Symptom:
Platinum 802.1p tagging changed to 5
Conditions:
Platinum 802.1p tagged at 6 and upgrading to 7.5.102.0
Workaround:
Disable networks and change tagging back to 6
Wednesday, June 26, 2013 at 8:00AM http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5712/ps11640/eol_C51-728424.html
Cisco announces the end-of-sale and end-of life dates for the Cisco Identity Services Engine. The last day to order the affected product(s) is December 24, 2013. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available under the terms and conditions of customers' service contract.
Table 1. End-of-Life Milestones and Dates for the Cisco Identity Services Engine
Table 2. Product Part Numbers Affected by This Announcement
Tuesday, April 9, 2013 at 6:40AM
Cisco announces the end-of-sale and end-of-life dates for the Cisco Aironet 1260 Series. The last day to order the affected product(s) is October 7, 2013. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available under the terms and conditions of customers' service contract.
Table 1. End-of-Life Milestones and Dates for the Cisco Aironet 1260 Series
Wednesday, April 3, 2013 at 10:48AM Cisco announces the end-of-sale and end-of-life dates for the Cisco Aironet 1140 Series. The last day to order the affected product(s) is October 1, 2013. Customers with active service contracts will continue to receive support
from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available under the terms and conditions of customers' service contract.
Table 1. End-of-Life Milestones and Dates for the Cisco Aironet 1140 Series
Table 2. Product Part Numbers Affected by This Announcement
Sunday, January 13, 2013 at 11:24AM Cisco announces the end-of-sale and end-of life dates for the Cisco Secure Access Control System 5.2 (CSACS-5.2) Software. The last day to order the affected product(s) is July 12, 2013. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available under the terms and conditions of customers' service contract.
http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps5698/ps6767/ps9911/eol_C51-726115.html
Table 1. End-of-Life Milestones and Dates for the Cisco Secure Access Control System 5.2 (CSACS-5.2) Software
Friday, December 21, 2012 at 11:57AM Apparently there is a BA ack issue, as noted in the bug. Its not clear if this is only impacting Ascom as the bug id references 802.11n handsets. I asked for frame captures and will post the result when I have them.
Wednesday, December 19, 2012 at 8:59AM | Title | End-of-Sale and End-of-Life Announcement for the Cisco Aironet 1520 Series |
| Description | Cisco announces the end-of-sale and end-of-life dates for the Cisco Aironet 1520 Series. The last day to order the affected product(s) is March 30, 2013. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available under the terms and conditions of customers' service contract. |
| Date |
18-DEC-2012 |
NOTE: March 30, 2013: The last date that Cisco Engineering may release any final software maintenance releases or bug fixes. After this date, Cisco Engineering will no longer develop, repair, maintain, or test the product software.
Tuesday, December 18, 2012 at 10:13PM Title: End-of-Sale and End-of-Life Announcement for the Cisco Unified Wireless Network Software Release 6.0
Description: Cisco announces the end-of-sale and end-of-life dates for the Cisco Unified Wireless Network Software Release 6.0. The last day to order the affected product(s) is May 31, 2013. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available until the termination date of the contract, even if this date exceeds the Last Date of Support shown in Table 1.
Date: 2012-11-30 15:28:30.0
Thursday, December 13, 2012 at 12:21AM Url: http://www.cisco.com/en/US/prod/collateral/modules/ps2706/end_of_life_notice_c51-722050.html
Description: Cisco announces the end-of-sale and end-of-life dates for the Cisco Wireless Controller Software for ISM 300 and SRE 700, 710, 900, and 910. The last day to order the affected product(s) is May 31, 2013. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available until the termination date of the contract, even if this date exceeds the Last Date of Support shown in Table 1.
Date: 2012-11-30 15:25:15.0
Friday, October 19, 2012 at 3:51PM Microsoft will launch Windows 8 in late October. Along with a slew of other features, it will be among the first to support the 802.11w standard to protect Management Frames for client devices on Wi-Fi networks.
Customers running old Cisco unified releases (between 4.2 to 7.2) in local, Flex or mesh mode will run into an interoperability bug (CSCua29504, to be exact) that prevents 802.11w enabled clients from connecting to a Cisco WLAN with Management Frame Protection (MFP) enabled. This bug does not affect customers running autonomous access point deployments or customers running Cisco unified releases older than 4.2.
What are the possible solutions for you?
1. Please upgrade your production environment to one of the following releases, which will interoperate with Windows 8.
2. Roll back to pre-windows 8 drivers as identified in the Microsoft Knowledge Base article.
3. Fall back to TKIP
4. Sign up for a beta release for Cisco’s upcoming feature release 7.4 (beta available now!) that supports the 802.11w feature in local mode.
What is 802.11w ?
802.11w is an IEEE standard based on Cisco’s Management Frame Protection(MFP), a feature that was first supported on autonomous access points in release 12.3(8)JA in 2006 and in the unified release 4.0.155.5 in 2008. 802.11w isn’t a new standard. IEEE ratified the 802.11w standard in 2009, however the adoption has been slow to date, but that is expected to change with Windows 8.
The WFA has announced that it will position the Protected Management Frame interoperability certification program as a feature update to its Wi-Fi Protected Access(WPA2) program.
Why do I care about 802.11w ?
I joined Cisco Wireless Networking Business Unit (WNBU) early 2006 as a Product Manager for Autonomous Access Points and the first software release that I managed was the 12.3(8)JA. One of the coolest features in that release was a Cisco innovation around protecting management frames. As many of you may know, 802.11 frames such as Authenticate, De-authenticate, Associate, Dis-associate are sent in the clear (a.k.a. in an unsecured manner). This could allow a potential attacker to spoof management frames from a valid device and run Denial of Service (DOS) attack by sending de-authenticate/disassociate frames.
When MFP is enabled, the sending device adds a cryptographic hash to create a message integrity check (MIC) and embeds that within the Information Element (IE) of every management frame. Thus when another device in the network receives the frame, it is able to verify that the authenticity of the source. In case a single invalid frame is received on the network, it will be dropped, as well as, an Intrusion Detection System alert will be received -this means zero day protection!
What about clients that don’t support 802.11w ?
There are two components to Management Frame Protection:
- Infrastructure MFP: When the wireless Controller and Access point infrastructure support the 802.11w capability, any frames from a hacker masquerading as an infrastructure AP and attempting to communicate with other APs will be dropped.
- Client MFP: When a client ALSO supports this feature; it is able to secure communications with the infrastructure. This means any frames from a hacker masquerading as an infrastructure AP and sending disconnect messages to the clients will be dropped.
So what’s the bottom-line?
To enable that your network is ready for 802.11w and Windows 8 ensure that you are running the latest Cisco Unified releases in your wireless controller network.
For more information, visit https://supportforums.cisco.com/docs/DOC-27213
Monday, September 24, 2012 at 12:36PM Title: End-of-Sale and End-of-Life Announcement for the Cisco 3310 Mobility Services Engine
Description: Cisco announces the end-of-sale and end-of-life dates for the Cisco 3310 Mobility Services Engine. The last day to order the affected product(s) is March 19, 2013. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available until the termination date of the contract, even if this date exceeds the Last Date of Support shown in Table 1.
Date: 2012-09-18 16:45:00.0