MY80211.com

http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps10980/end_of_life_notice_c51-727739.html

Cisco announces the end-of-sale and end-of-life dates for the Cisco Aironet 1260 Series. The last day to order the affected product(s) is October 7, 2013. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available under the terms and conditions of customers' service contract.

Table 1. End-of-Life Milestones and Dates for the Cisco Aironet 1260 Series

The 1140 series served me well. 

http://www.cisco.com/en/US/prod/collateral/wireless/ps5678/ps10092/end_of_life_notice_c51-727649.html

Cisco announces the end-of-sale and end-of-life dates for the Cisco Aironet 1140 Series. The last day to order the affected product(s) is October 1, 2013. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available under the terms and conditions of customers' service contract.

Table 1. End-of-Life Milestones and Dates for the Cisco Aironet 1140 Series

Table 2. Product Part Numbers Affected by This Announcement

Cisco announces the end-of-sale and end-of life dates for the Cisco Secure Access Control System 5.2 (CSACS-5.2) Software. The last day to order the affected product(s) is July 12, 2013. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available under the terms and conditions of customers' service contract.

http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps5698/ps6767/ps9911/eol_C51-726115.html 

Table 1. End-of-Life Milestones and Dates for the Cisco Secure Access Control System 5.2 (CSACS-5.2) Software

I received 2 emails from colleagues who were hit by this bug while using the Ascom i62. 

Apparently there is a BA ack issue, as noted in the bug. Its not clear if this is only impacting Ascom as the bug id references 802.11n handsets. I asked for frame captures and will post the result when I have them. 

CSCud65237 Bug Details

Encryption key corruption on BA ack with wrong ID
Symptom: Voice disruption after roaming Conditions: Third party 11n phone This is triggered by wrong TID sent on Block ACK by client. AP is incorrectly handling the invalid frame Workaround: roam to another AP	Status   Open  (More)  Severity   2 - severe  Last Modified   In Last 3 Days  Product   Cisco IOS software  Technology   Wireless, LAN (WLAN)  1st Found-In   7.0(230.0) 7.4(1.54)  Component(s)   ap-ampdu

NOTE: March 30, 2013: The last date that Cisco Engineering may release any final software maintenance releases or bug fixes. After this date, Cisco Engineering will no longer develop, repair, maintain, or test the product software.

Title: End-of-Sale and End-of-Life Announcement for the Cisco Unified Wireless Network Software Release 6.0

Url: http://www.cisco.com/en/US/prod/collateral/wireless/ps5755/ps6301/ps7305/end_of_life_notice_c51-722058.html

Description: Cisco announces the end-of-sale and end-of-life dates for the Cisco Unified Wireless Network Software Release 6.0. The last day to order the affected product(s) is May 31, 2013. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available until the termination date of the contract, even if this date exceeds the Last Date of Support shown in Table 1.
Date: 2012-11-30 15:28:30.0

Title: End-of-Sale and End-of-Life Announcement for the Cisco Wireless Controller Software for ISM 300 and SRE 700, 710, 900, and 910

Url: http://www.cisco.com/en/US/prod/collateral/modules/ps2706/end_of_life_notice_c51-722050.html

 Description: Cisco announces the end-of-sale and end-of-life dates for the Cisco Wireless Controller Software for ISM 300 and SRE 700, 710, 900, and 910. The last day to order the affected product(s) is May 31, 2013. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available until the termination date of the contract, even if this date exceeds the Last Date of Support shown in Table 1.

Date: 2012-11-30 15:25:15.0

This is from Cisco CSC 

Microsoft will launch Windows 8 in late October. Along with a slew of other features, it will be among the first to support the 802.11w standard to protect Management Frames for client devices on Wi-Fi networks.

Customers running old Cisco unified releases (between 4.2 to 7.2) in local, Flex or mesh mode will run into an interoperability bug (CSCua29504, to be exact) that prevents 802.11w enabled clients from connecting to a Cisco WLAN with Management Frame Protection (MFP) enabled. This bug does not affect customers running autonomous access point deployments or customers running Cisco unified releases older than 4.2.

What are the possible solutions for you?

1. Please upgrade your production environment to one of the following releases, which will interoperate with Windows 8.

• 7.3.101.0
• 7.2.111.3
• 7.0.235.3

2. Roll back to pre-windows 8 drivers as identified in the Microsoft Knowledge Base article.
3. Fall back to TKIP
4. Sign up for a beta release for Cisco’s upcoming feature release 7.4 (beta available now!) that supports the 802.11w feature in local mode.

What is 802.11w ?

 802.11w is an IEEE standard based on Cisco’s Management Frame Protection(MFP), a feature that was first supported on autonomous access points in release 12.3(8)JA in 2006 and in the unified release 4.0.155.5 in 2008. 802.11w isn’t a new standard. IEEE ratified the 802.11w standard in 2009, however the adoption has been slow to date, but that is expected to change with Windows 8.

The WFA has announced that it will position the Protected Management Frame interoperability certification program as a feature update to its Wi-Fi Protected Access(WPA2) program.

Why do I care about 802.11w ?

I joined Cisco Wireless Networking Business Unit (WNBU) early 2006 as a Product Manager for Autonomous Access Points and the first software release that I managed was the 12.3(8)JA. One of the coolest features in that release was a Cisco innovation around protecting management frames. As many of you may know, 802.11 frames such as Authenticate, De-authenticate, Associate, Dis-associate are sent in the clear (a.k.a. in an unsecured manner). This could allow a potential attacker to spoof management frames from a valid device and run Denial of Service (DOS) attack by sending de-authenticate/disassociate frames.

When MFP is enabled, the sending device adds a cryptographic hash to create a message integrity check (MIC) and embeds that within the Information Element (IE) of every management frame. Thus when another device in the network receives the frame, it is able to verify that the authenticity of the source. In case a single invalid frame is received on the network, it will be dropped, as well as, an Intrusion Detection System alert will be received -this means zero day protection!

What about clients that don’t support 802.11w ?

There are two components to Management Frame Protection:

-         Infrastructure MFP: When the wireless Controller and Access point infrastructure support the 802.11w capability, any frames from a hacker masquerading as an infrastructure AP and attempting to communicate with other APs will be dropped.

-         Client MFP: When a client ALSO supports this feature; it is able to secure communications with the infrastructure. This means any frames from a hacker masquerading as an infrastructure AP and sending disconnect messages to the clients will be dropped.

So what’s the bottom-line?

To enable that your network is ready for 802.11w and Windows 8 ensure that you are running the latest Cisco Unified releases in your wireless controller network.

For more information, visit https://supportforums.cisco.com/docs/DOC-27213

Title: End-of-Sale and End-of-Life Announcement for the Cisco 3310 Mobility Services Engine

Url: http://www.cisco.com/en/US/prod/collateral/wireless/ps9733/ps9742/ps10093/end_of_life_notice_c51-716505.html

Description: Cisco announces the end-of-sale and end-of-life dates for the Cisco 3310 Mobility Services Engine. The last day to order the affected product(s) is March 19, 2013. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available until the termination date of the contract, even if this date exceeds the Last Date of Support shown in Table 1.
Date: 2012-09-18 16:45:00.0

Heads up if you're having wireless voice issues with 7925 handsets with WPA2/PSK. Problems with roaming, gap in voice bug.

7925 sometimes takes 1+ second to respond to WPA M1 key message

Symptom: A wireless phone call may experience a voice gap of 1.5 - 2 seconds when it roams if using WPA2-PSK. Conditions: 7925G is configured to use WPA2/AES PSK. Workaround: Configure some key management method to avoid performing a full WPA2 key exchange at each roam time. For example, EAP with CCKM, or static WEP. If using PSK, then reducing the WPA key retransmission timeout (e.g., on a WLC, via "config advanced eap eapol-key-timeout 250", may ameliorate the problem somewhat (e.g. bring the outage duration down from 2.5 to 1.7 seconds.) 1.4.3ES.1 containing the fix for CSCtz48689 may be helpful as well. Further Problem Description: A wireless packet capture, or a "debug client" on the WLC, will show that the WLC/AP transmit the M1 key message to the phone (and the capture shows that the phone ACKs it), but the phone does not send its M2 key. So the WLC/AP have to retransmit the M1 key, till finally the phone responds.

Status   Terminated  Severity   3 - moderate  Last Modified   In Last 2 weeks  Product   Cisco Unified IP Phone 7900 Series  Technology   Wireless, Mobile  1st Found-In   1.4(2) 1.4(1.1.1.7)

Cisco Office Extends bug -- What you should know if you're having wired side (LAN) connectivty issues.

If you configure your OfficeExtends for the LAN and you arent getting an IP address and no connectivity on the wired I might suggest you check your WIRELESS PHY RATES. You should have atleast one 802.11b mandatory rate 1,2,5.5 or 11. 

CSCtq76431            Bug Details

Issues with your Cisco Wireless Guest Network not doing a web redirect ?

This is very good to know, incase you get calls that your wireless guest network is broken. The WLC will not redirect HTTPS urls.

Assume for a moment your guest has a browser home page that is https:// (443) or he / she attempts to open a https:// page, prior to the AUP. The user is expecting to get redirected, but nothing happens.

The Guest will sit and spin giving the impression the guest network is not working properly, but in fact the WLC is not redirecting HTTPS traffic, only HTTP traffic to the AUP.

CSCar04580 Bug Details

web auth (redirect) doesn't work when client users a https url
Symptom: A client whose home page is an HTTPS (HTTP over SSL, port 443) one will never be redirected by Web Auth to the web authentication dialog. Therefore, such a client will not know to authenticate, and will fail to connect to the network. Workaround: The client should attempt to open any HTTP (port 80) web page.	Status Terminated Severity 2 - severe Last Modified In Last Year Product Cisco 5500 Series Wireless Controllers Technology 1st Found-In 3.2(78.0) 6.0(182.0) 7.0(98.0)
Related Bug Information Webauth redirection doesn't happen with HTTPS URL Symptom: Redirect of https traffic on webauth does not work in any version of code. The 'network web-auth-port #' does nothing. Workaround: The business unit considers this an enhancement.

Ive been meaning to blog about this bug on the ACS 5.x platform, but forgot until this week when the alert surfaced again.

This bug is cosmetic only and doesn't impact performance. ACS sends a nice orange alert when 250,000 cached sessions are cumulated and should delete 20,000 sessions. I was worried at first, when I think “sessions” I think EAP.

I opened up a TAC case and got a rockstar ACS TAC engineer.  Sorry, but I cant share his name, somethings need to be kept confidential, especially a great resource !  In short, a “probe” counts as a session.

Say for example a device wants to authenticate it will send a probe and sometimes it will send multiple probes. Not to be confused with 802.11 probe request / response frames.  Rather, its a radius probe.

A wireless example would be a client that doesn't support PMK cache / OKC. Every time this client would roam, he would probe the radius server again to re-authenticate. So you can see, you could rack up the session pretty quickly in a large environment.

What happens is that every time a user tries to authenticate using radius the device will send a probe in order to see if the ACS is up and running we can also have this configured to happen even if there is no authentication going by doing radius-server retransmit command. So if for example 20 user try to authenticate using radius than 20 radius probes are send to the ACS. It is not dependent on the amount of devices it more with the amount of user and the amount of authentication request they generate.
 
Remember that the reason you are receiving the alarm is because the ACS doesn’t delete the 20000 sessions which he should do automatically therefore the bug was opened.

                                                                                                                          -TAC

CSCtj69797 Bug Details

ACS 5 gives alert after 20000 radius probes

Symptom:

ACS View giving alert when 20 000 sessions are reached.
The problem is that it seems to be triggered also with "radius probes", i.e. authentication packets with no accounting done.
So for example with several ACE appliances doing radius probes, this alert is reached very quickly

Conditions:

Radius authentication packets with no accounting happening in a frequent way

Workaround:

Only an alert.

**** There is another work around whereby you make a filter so that you no longer get the alerts. Consult TAC *** - George

Status  
Terminated

Severity  
3 - moderate

Last Modified  
In Last month

Product  
Cisco Secure Access Control Server Solution Engine

Technology  

1st Found-In  
5.1(0.44)

End-of-Sale and End-of-Life Announcement for the Cisco Unified Wireless IP Phone 7921G Power Supplies

Description: Cisco announces the end-of-sale and end-of-life dates for the Cisco Unified Wireless IP Phone 7921G Power Supplies. The last day to order the affected product(s) is October 19, 2012. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available until the termination date of the contract, even if this date exceeds the Last Date of Support shown in Table 1.

Date: 2012-04-20 15:41:00.0

Url: http://www.cisco.com/en/US/prod/collateral/voicesw/ps6788/phones/ps379/ps7071/end_of_life_notice_c51-706105.html

We recently upgraded from 7.0.116.0 to 7.0.220.0 to resolve a bug we were experiencing with connectivity. After upgrading, we hit a new bug in 7.0.220.0. This new bug only became apparent, because we have WCS Email alerts configured.

After we upgraded to 7.0.220.0 we almost immediately started to receive the following WCS Email alerts. We had random access points going offline. After closer inspection, the access points showed the "AP Crashed Due To Software Failure"

Message: Access Point 'AA-1131' associated to controller 'xx.xx.xx.xx' on port number '0'. Reason for association 'AP Crashed Due To Software Failure '.
Message: Access Point 'AB-1131' associated to controller 'XX.XX.XX.XX' on port number '0'. Reason for association 'AP Crashed Due To Software Failure '.
Message: Access Point 'AC-1131' associated to controller 'XX.XX.XX.XX' on port number '0'. Reason for association 'AP Crashed Due To Software Failure '.
Message: Access Point 'AD-1131' associated to controller 'XX.XX.XX.XX' on port number '0'. Reason for association 'AP Crashed Due To Software Failure '.

We opened a ticket only to learn 7.0.220.0 has a bug specific to Cisco 1130/1131 access points. TAC mentioned this bug is resolved in 7.0.230.0.

Title: End-of-Sale and End-of-Life Announcement for the Cisco 2100 Series Wireless LAN Controllers
Url: http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps7206/ps7221/end_of_life_notice_c51-691053.html
Description: Cisco announces the end-of-sale and end-of-life dates for the Cisco 2100 Series Wireless LAN Controllers. The last day to order the affected product(s) is May 2, 2012. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available until the termination date of the contract, even if this date exceeds the Last Date of Support shown in Table 1.
Date: 2012-03-14 11:40:00.0

Cisco announced multiple WLC vulnerabilities this week.

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-wlc

Cisco Wireless LAN Controllers HTTP Denial of Service Vulnerability

The Cisco Wireless LAN Controller (WLC) product family is affected by a denial of service (DoS) vulnerability that could allow an unauthenticated, remote attacker to cause the device to crash by submitting a malformed URL to the administrative management interface.

This vulnerability is documented in Cisco bug ID CSCts81997 (registered customers only) and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2012-0368.

Cisco Wireless LAN Controllers IPv6 Denial of Service Vulnerability

The Cisco Wireless LAN Controller (WLC) product family is affected by a denial of service (DoS) vulnerability where an unauthenticated attacker could cause a device reload by sending a series of IPv6 packets.

This vulnerability is documented in Cisco bug ID CSCtt07949 (registered customers only) and has been assigned CVE ID CVE-2012-0369.

Cisco Wireless LAN Controllers WebAuth Denial of Service Vulnerability

The Cisco Wireless LAN Controller (WLC) product family is affected by a denial of service (DoS) vulnerability where an unauthenticated attacker could cause a device reload by sending a series of HTTP or HTTPS packets to an affected controller configured for WebAuth.

This vulnerability can be exploited from both wired and wireless segments. A TCP three-way handshake is needed in order to exploit this vulnerability.

This vulnerability is documented in Cisco bug ID CSCtt47435 (registered customers only)and has been assigned CVE ID CVE-2012-0370.

Cisco Wireless LAN Controllers Unauthorized Access Vulnerability

The Cisco Wireless LAN Controller (WLC) product family is affected by an unauthorized access vulnerability where an unauthenticated attacker could view and modify the configuration of an affected Cisco WLC.

This vulnerability exists if CPU based access control lists (ACLs) are configured in the wireless controller. An attacker can exploit this vulnerability by connecting to the controller over TCP port 1023. Only the Cisco 4400 Series WLCs, WiSM version 1, and Cisco Catalyst 3750G Integrated WLCs are affected by this vulnerability.

This vulnerability is documented in Cisco bug ID CSCtu56709 (registered customers only) and has been assigned CVE ID CVE-2012-0371.

Note the WPS vulnerability is with home and soho devices and not with Cisco enterprise gear. Note the models below:

Cisco Response

On December 27th, 2011 US-CERT released VU#723755 available here: http://www.kb.cert.org/vuls/id/723755

The US-CERT Vulnerability Note describes a vulnerability that exists in the Wi-Fi Alliance Wi-Fi Protected Setup (WPS) protocol, also known as Wi-Fi Simple Config, when devices are operating in PIN External Registrar (PIN-ER) mode.  Devices operating in PIN-ER mode allow a WPS capable client to supply only the correct WPS PIN to configure their client on a properly secured network.  A weakness in the protocol affects all devices that operate in the PIN-ER mode, and may allow an unauthenticated, remote attacker to brute force the WPS configuration PIN in a short amount of time.

The vulnerability is due to a flaw that allows an attacker to determine when the first 4-digits of the eight-digit PIN are known.  This effectively reduces the PIN space from 10⁷ or 10,000,000 possible values to 10⁴ + 10³ which is 11,000 possible values. The eighth digit of the PIN is utilized as a checksum of the first 7 digits and does not contribute to the available PIN space. Because the PIN space has been significantly reduced, an attacker could brute force the WPS pin in as little as a few hours.

While the affected devices listed below implement the WPS 1.0 standard which requires that a 60-second lockout be implemented after three unsuccessful attempts to authenticate to the device, this does not substantially mitigate this issue as it only increases the time to exploit the protocol weakness from a few hours to at most several days.  It is our recommendation to disable the WPS feature to prevent exploitation of this vulnerability.

Vulnerable Products:

Note: The Cisco Valet product line is maintained by the Cisco Linksys Business Unit. Information concerning the Cisco Valet line as well as information on Linksys by Cisco products will be forthcoming.

Products Confirmed Not Vulnerable:

Additional Information

Workarounds:

Disable the Wi-Fi Protected Setup feature on devices that allow the feature to be disabled, as listed in the Vulnerable Products table.  Cisco Systems has verified that the products that support disabling the WPS feature do indeed disable it and are not vulnerable once the feature has been disabled from the management interface.

Fixed Software:

Note: The Cisco Valet product line is maintained by the Cisco Linksys Business Unit. Information concerning the Cisco Valet line as well as information on Linksys by Cisco products will be forthcoming.

Exploitation and Public Announcements:

Exploit code and functional attack tools that exploit the weakness within the WPS protocol have been released.

This vulnerability was discovered by Stefan Viehböck and Craig Heffner.

Status of this Notice: Final

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.

Revision History

A more recent bug found on 1.4(1) 792x handset code. Something to take note if you're on this code and using voice on 802.11a

CSCtk58591 Bug Details

792x phone may not reconnect when invalid 5 GHz beacon received
Symptom: 792x phone may not reconnect when invalid 5 GHz beacon received. Conditions: 792x phone going out of range then comes back in range when set to scan 5 GHz. Workaround: Power cycle the phone. Use 802.11b/g only mode.	Status Open Severity 3 - moderate Last Modified In Last 3 Days Product Cisco Unified IP Phone 7900 Series Technology Wireless, Mobile 1st Found-In 1.4(1)
Interpreting This Bug Bug Toolkit provides access to the latest raw bug data so you have the earliest possible knowledge of bugs that may affect your network, avoiding un-necessary downtime or inconvenience. Because you are viewing a live database, sometimes the information provided is not yet complete or adequately documented. To help you interpret this bug data, we suggest the following: This bug has a Moderate severity 3 designation. Things fail under unusual circumstances, or minor features do not work at all, or things fail but there is a low-impact workaround. This is the highest level for documentation bugs. (Bug Toolkit may not provide access to all documentation bugs.) Severity levels are designated by the engineering teams working on the bug. Severity is not an indication of customer priority which is another value used by engineering teams to determine overall customer impact. Bug documentation often assumes intermediate to advanced troubleshooting and diagnosis knowledge. Novice users are encouraged to seek fully documented support documents and/or utilize other support options available.