WLANPROFESSIONALS.COM PODCAST
;)
See inside Cisco's latest wireless gear!
EXAMPLE 1 
EXAMPLE 2
EXAMPLE 3 
Shawn Jackman (Jack) CWNE#54 is a personal friend and has been a mentor to me for many years. I've had the pleasure and opportunity to work with Jack for 4 years. Jack is a great teacher who takes complex 802.11 standards and breaks them down so almost anyone can understand the concept at hand. I'm excited for you brother. Great job and job well done! Put another notch in the belt!
BLUETOOTH
Microwave Oven
Cordless Phone
JAMMER!
Thursday, October 25, 2012 at 9:14AM http://images.apple.com/iphone/business/docs/iOS_6_Wifi_Sept12.pdf
*iPhone 4S, iPhone 5, new iPad, and 5th-generation iPod touch support 802.11k and 802.11r.
Wednesday, October 24, 2012 at 12:20PM Previous ISE versions the application <GUI> login/password was <admin> <cisco>.
However, with version ISE 1.1.1, the application login is setup during the initial installation under APPLICATION.
You must configure the Cisco ISE Admin password at the time you install the Cisco ISE. The previous Cisco ISE Admin default login credentials (admin/cisco) are no longer valid.
http://www.cisco.com/en/US/docs/security/ise/1.1.1/user_guide/ise_dis_deploy.html
Should you forget or need to reset this login and password you can via the CLI with the following command:
ise111/admin# application reset-psswd ise admin
Friday, October 19, 2012 at 3:48PM Microsoft will launch Windows 8 in late October. Along with a slew of other features, it will be among the first to support the 802.11w standard to protect Management Frames for client devices on Wi-Fi networks.
Customers running old Cisco unified releases (between 4.2 to 7.2) in local, Flex or mesh mode will run into an interoperability bug (CSCua29504, to be exact) that prevents 802.11w enabled clients from connecting to a Cisco WLAN with Management Frame Protection (MFP) enabled. This bug does not affect customers running autonomous access point deployments or customers running Cisco unified releases older than 4.2.
What are the possible solutions for you?
1. Please upgrade your production environment to one of the following releases, which will interoperate with Windows 8.
2. Roll back to pre-windows 8 drivers as identified in the Microsoft Knowledge Base article.
3. Fall back to TKIP
4. Sign up for a beta release for Cisco’s upcoming feature release 7.4 (beta available now!) that supports the 802.11w feature in local mode.
What is 802.11w ?
802.11w is an IEEE standard based on Cisco’s Management Frame Protection(MFP), a feature that was first supported on autonomous access points in release 12.3(8)JA in 2006 and in the unified release 4.0.155.5 in 2008. 802.11w isn’t a new standard. IEEE ratified the 802.11w standard in 2009, however the adoption has been slow to date, but that is expected to change with Windows 8.
The WFA has announced that it will position the Protected Management Frame interoperability certification program as a feature update to its Wi-Fi Protected Access(WPA2) program.
Why do I care about 802.11w ?
I joined Cisco Wireless Networking Business Unit (WNBU) early 2006 as a Product Manager for Autonomous Access Points and the first software release that I managed was the 12.3(8)JA. One of the coolest features in that release was a Cisco innovation around protecting management frames. As many of you may know, 802.11 frames such as Authenticate, De-authenticate, Associate, Dis-associate are sent in the clear (a.k.a. in an unsecured manner). This could allow a potential attacker to spoof management frames from a valid device and run Denial of Service (DOS) attack by sending de-authenticate/disassociate frames.
When MFP is enabled, the sending device adds a cryptographic hash to create a message integrity check (MIC) and embeds that within the Information Element (IE) of every management frame. Thus when another device in the network receives the frame, it is able to verify that the authenticity of the source. In case a single invalid frame is received on the network, it will be dropped, as well as, an Intrusion Detection System alert will be received -this means zero day protection!
What about clients that don’t support 802.11w ?
There are two components to Management Frame Protection:
- Infrastructure MFP: When the wireless Controller and Access point infrastructure support the 802.11w capability, any frames from a hacker masquerading as an infrastructure AP and attempting to communicate with other APs will be dropped.
- Client MFP: When a client ALSO supports this feature; it is able to secure communications with the infrastructure. This means any frames from a hacker masquerading as an infrastructure AP and sending disconnect messages to the clients will be dropped.
So what’s the bottom-line?
To enable that your network is ready for 802.11w and Windows 8 ensure that you are running the latest Cisco Unified releases in your wireless controller network.
For more information, visit https://supportforums.cisco.com/docs/DOC-27213
Monday, October 15, 2012 at 11:21AM AP, BUG, Controller, TAC, WLC, access point, cisco Monday, September 24, 2012 at 12:35PM Title: End-of-Sale and End-of-Life Announcement for the Cisco 3310 Mobility Services Engine
Description: Cisco announces the end-of-sale and end-of-life dates for the Cisco 3310 Mobility Services Engine. The last day to order the affected product(s) is March 19, 2013. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available until the termination date of the contract, even if this date exceeds the Last Date of Support shown in Table 1.
Date: 2012-09-18 16:45:00.0
Friday, September 21, 2012 at 10:54AM | 7925 sometimes takes 1+ second to respond to WPA M1 key message |
|
| Symptom: A wireless phone call may experience a voice gap of 1.5 - 2 seconds when it roams if using WPA2-PSK. Conditions: 7925G is configured to use WPA2/AES PSK. Workaround: Configure some key management method to avoid performing a full WPA2 key exchange at each roam time. For example, EAP with CCKM, or static WEP. If using PSK, then reducing the WPA key retransmission timeout (e.g., on a WLC, via "config advanced eap eapol-key-timeout 250", may ameliorate the problem somewhat (e.g. bring the outage duration down from 2.5 to 1.7 seconds.) 1.4.3ES.1 containing the fix for CSCtz48689 may be helpful as well. Further Problem Description: A wireless packet capture, or a "debug client" on the WLC, will show that the WLC/AP transmit the M1 key message to the phone (and the capture shows that the phone ACKs it), but the phone does not send its M2 key. So the WLC/AP have to retransmit the M1 key, till finally the phone responds. |
Status  Terminated Severity 3 - moderate Last Modified In Last 2 weeks Product Cisco Unified IP Phone 7900 Series Technology Wireless, Mobile 1st Found-In 1.4(2) 1.4(1.1.1.7) |
|
|
Thursday, September 20, 2012 at 4:24PM
My interest was peaked when I heard Wildpackets was a sponsor for #WFD3. Wildpackets was one of the first commercially supported wireless sniffier products available. Lets face it, most engineers didn’t understand the 802.11 frame structure back in 2002. A lot of the captures were greek to many engineers, including myself. I was an early adopter and used what was then called, Airopeek.
Wildpackets offers a suite of application software (and appliances) that focus around layer 2 packet analysis, both on wired (802.3) and wireless (802.11). Our WFD event focused on and what I believe is their most important product, OMNIPEEK.
Omnipeek can be very intimidating at first, but once you get comfortable with the interface the other bells and whistles await you. And let me just tell you, there is a wealth of bells and whistles.
The Wildpackets team shared with the WFD delegates their humble beginnings and later a video about a fiery blaze that destroy their office in 2002. We then moved on to the tech stuff!
Jay Botelho did an overview of Omnipeek. Jay shared with the delegates how to use Omnipeek, put it into sniffer mode and how to conduct a multi channel capture. We then walked through a wireless capture briefly and discussed other rich features (watch the below video to get your Omnipeek fix). Jay also shared some of the other robust features like reporting, graphs and analysis tools, which are built into Omnipeek. We also looked at our first 802.11ac capture. It was my first peek at 802.11ac.
I understand, Omnipeek support for 802.11ac will be in released in its next release in coming weeks.
You can read an article about the Wildpackets fire here: http://www.internetnews.com/wireless/article.php/1433881/WildPackets+Survives+Fire.htm
The Wildpacket advantage is simple.
Coming from my personal experience, Willpackets’ Omnipeek is the best commercially offered wireless sniffer on the market today. It is well developed, packed with features and well supported. It drives information to the wireless engineer and displays it in a manner that is intuitive and accurate. A wireless engineer can capture 2,3,4 or more channels simultaneously aiding in quicker fact gathering. To the untrained eye, Omnipeek has built reports and graphs that will bring blaring issues to the surface.
All of these features do come at a cost. And if you are a consultant or work for a large enterprise it can easily be justified.
If you ever need customer feedback and or justification for Omnipeek in a large enterprise, email me I will be happy to share my experience.
Next time you’re troubleshooting a wireless issue at the frame layer and you’re using something other than Omnipeek you’re missing out on all the other rich features that only Omnipeek offers.
Also, take notice next time you are reading a 802.11 technical book or looking at published material that displays a 802.11 capture. Pay very close attention, its very likely you are looking at a capture done in Omnipeek.
In closing, one other important take away I learned at Wildpackets is just how much they value their employees. Thats a company I want to do business with.
Wildpackets provided us 802.11ac and 802.11u captures. Links to these captures are below:
http://www.my80211.com/storage/wfd3/WFD3.WILDPACKETS.CAPTURE.zip
If you missed the event you can watch it here:
An introduction to WildPackets from Stephen Foskett on Vimeo.
Website: http://www.wildpackets.com
Twitter: @wildpackets
airopeek, omnipeek, sniffer, wireless sniffer Tuesday, September 11, 2012 at 3:18PM WFD is an event where industry users <experts in some cases> come together with wireless vendors to discuss
wireless, technology road map and issues and features with the respected vendors. This allows vendors first hand experience with users who may be using their product already, whereby providing valuable feedback or in some cases introducing their product to users for the first time.
WFD is also a large social media event. WFD has hundreds and sometimes thousands of like minded folks who will follow along and sometime paticpate in twitter feeds from each event.
This particular WFD3 brings together both hardware and software vendors.
I would like to personally thank Aerohive, Aruba, Cisco, Meraki , Metageek and Ruckus for their repeated support and sponsorship of WFD. I would also like to thank and welcome Tabaza, Wildpackets and Juniper who are new sponsors.
WFD brings together like minded individuals who share common interest in technology, in the case of WFD, lets just say, it’s wireless geek week at its best! Each delegate brings a unique real world experience and perspective. Some delegates work for VARS, others are independent consultants or end users.
WFD3 delegate notables:
Blake Krone - CCIE Wireless
Keith Parsons - CWNE, Wifi Industry Expert and mentor to many of us
Gregor Vucanjnk - CWNE, Recently minted <like last week recent -CONGRATS>
Tom Carpenter - CWNP
Jennifer Huber - CWNE
Below are all attending delegates:
As a wireless architect for a large and world renown healthcare system I will be focusing my questions and comments around healthcare specific WiFi. WiFi in healthcare presents very unique challenges. Real time applications requiring wire like connectivity and reliability. Large HC systems can have thousands of WiFi devices from COWs, mobile desktops, tablets, handhelds, scanners, RFID tags and the list goes on.
I am interested in how each hardware vendor is handling 802.11u, 802.11w, BYOD, MESH, 802.11ac, 802.11r and especially the APPLE explosion in Healthcare. These are hot buttons on my plate as well as many other Healthcare WiFi professionals.
I am a BIG fan of Wildpackets. There is no better wireless sniffer in the world. Excited to meet the wildpackets team.
Never used Tanaza, very interested to hear about their offerings.
My friends, we are in a middle of a compelling wifi convergence. Never before has WiFi seen the attention or the publicity like it has in recent years. WiFi is a moving force like no other, you cant stop it nor can you contain it. Most of the population on planet earth knows what WiFi is. Just grab on and enjoy the ride!
| Wed, Sep 12 | 15:00-17:00 | WildPackets Presents at Wireless Field Day 3 |
| Wed, Sep 12 | 16:30-17:00 | Dinner with Aerohive at Wireless Field Day 3 |
| Thu, Sep 13 | 08:00-10:00 | MetaGeek Presents at Wireless Field Day 3 |
| Thu, Sep 13 | 10:30-12:30 | Ruckus Presents at Wireless Field Day 3 |
| Thu, Sep 13 | 13:30-14:30 | Tanaza Presents at Wireless Field Day 3 |
| Thu, Sep 13 | 16:00-18:00 | Meraki Presents at Wireless Field Day 3 |
| Fri, Sep 14 | 08:00-12:00 | Aruba Presents at Wireless Field Day 3 |
| Fri, Sep 14 | 13:30-15:30 | Cisco Presents at Wireless Field Day 3 |
| Fri, Sep 14 | 16:00-18:00 |
http://techfieldday.com/event/wfd3/
A big thank you to Stephen Foskett for putting up with "us" wireless geeks and hosting another great event!
|
|
Benjamin Freedman | @PrimeImageBen |
|
|
Scott D. Lowe | @OtherScottLowe |
|
|
Scott Sexauer | |
|
|
Stephen Foskett | @SFoskett |
Wednesday, September 5, 2012 at 2:05PM LINK BELOW:
http://www.my80211.com/storage/online-pdf-downloads/high-availability-dg-00.pdf
Tuesday, September 4, 2012 at 3:10PM If you configure your OfficeExtends for the LAN and you arent getting an IP address and no connectivity on the wired I might suggest you check your WIRELESS PHY RATES. You should have atleast one 802.11b mandatory rate 1,2,5.5 or 11. 
|
Evora:Remote LAN client fails association w/ 802.11b rates not mandatory. |
|
|
Symptom: *Jun 03 17:01:39.066: (Re)Assoc-Req from 48:5b:39:13:99:bd forwarded to WLC, From WLC debug client: *apfMsConnTask_3: Jun 03 13:01:31.832: 48:5b:39:13:99:bd Sending Assoc Response Conditions: Workaround:
CISCO BUG TOOL KIT UPDATE
Status |
|
Thursday, August 30, 2012 at 11:26AM You can install Cisco IOS Release 15.2(2)JA on Cisco Aironet 3600 and 3500 Series access points and
on 1550 series outdoor access points to perform site surveys. This release runs on these access points
with limited functionality. You can manually adjust these settings on the site-survey access points:
• Channel on each radio
• Transmit power on each radio
• Enable and disable the radios
• Manually set basic and supported transmit rates
• Enable advertised cell power in beacons to client to enable DTPC for doing active surveys
• Enable and disable SSID broadcast in beacons
• Enable open authentication
• PEAP support for WGB: An access point configured as a workgroup bridge can now associate to a
root access point using PEAP
• Roaming improvements (for client workgroup bridges):
– This release improves the reliability of fast roaming on workgroup bridges by allowing the unit
an additional retry when it needs to reassociate to the root access point.
– This release also improves the method that workgroup bridges use to select the “best parent”
access point. Workgroup bridges can share association histories with rot access points, which
can build and share a list of best root access points among workgroup bridges. This method
improves helps workgroup bridges select the best root access point when roaming.
• VideoStream support on workgroup bridges (when used as a client): VideoStream improves the
reliability of an IP multicast stream by converting the multicast frame, over the air, to a unicast
frame. VideoStream was not supported for workgroup bridge clients in previous releases because a
workgroup bridge’s wired clients cannot be added to the controller (WLC) multicast table. In this
release, the workgroup bridge is added to the WLC multicast table, and the workgroup bridge
converts the VideoStream unicast frame into an Ethernet multicast frame and sends it out to its wired
clients.
Enter this command on the controller to enable VideoStream for workgroup bridges:
config media-stream wired-client enable
RELEASE NOTES ATTACHED: http://www.my80211.com/storage/release-notes/15_2_2_JA2.pdf
Thursday, August 23, 2012 at 12:00PM Many times we see instances where the RMA controller is shipped with an LDPE image.
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.Product
Name..................................... Cisco Controller
Product Version.................................. 7.0.116.0
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 6.0.182.0
Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
Build Type....................................... DATA + WPS + LDPE
An upgrade to an non LDPE code fails with this error-
"ERROR: Incompatible SW image.ERROR: Please install the Data Payload Encryption licensed image"
The LDPE image is used for Customers who are not legally allowed to use DTLS Data encryption within their regulatory domain (Russia-specific).
1) Upgrade WLC to 7.0.230.0 LDPE image- e.g. AIR-CT5500-LDPE-K9-7-0-230-0.aes for a 5508
2) Download and install a free DTLS license from Cisco.com (if one is not already installed):
Step 1 Browse to http://cisco.com/go/license
Step 2 Under Get New, choose IPS, Crypto, Other Licenses
Step 3 Choose the controller platform, enter the product ID and serial number.
Step 4 Complete the remaining steps to generate the license file. The license will be provided online or via email.
Step 5 Copy the license file to your TFTP server.
Step 6 Install the license by browsing to the WLC Web Administration Page:
Management --> Software Activation --> Commands -->Action: Install License
3) Once the DTLS license is installed, you will be able to upgrade/downgrade to any WLC code (including Non-LDPE).
(Cisco Controller) >show license summary
License Store: Primary License Storage
StoreIndex: 0 Feature: base Version: 1.0
License Type: Permanent
License State: Active, Not in Use
License Count: Non-Counted
License Priority: MediumLicense Store: Primary License Storage
StoreIndex: 1 Feature: base-ap-count Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: 500 /1 (Active/In-use)
License Priority: Medium
License Store: Primary License Storage
StoreIndex: 2 Feature: data_encryption Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
If the controller is on 7.0.116.0 LDPE code; you installed the DTLS license and then try to migrate to non LDPE code version of 7.0.116.0, it would fail with the following error-
*Transfer: Mar 28 11:32:56.609: RESULT_STRING: Transfer failure :
Upgrade from LDPE to non LDPE software is not allowed.
So, you will need to get on to 7.0.230.0 LDPE image (e.g. AIR-CT5500-LDPE-K9-7-0-116-0.aes for a 5508) first before you can move to a non LDPE code.
This capability was introduced via CSCtw78061; meaning after installing the DTLS license you can download normal image from LDPE code just fine.
Symptom: No upgrade/downgrade is allowed from LDPE image to NON_LDPE image.
Conditions: transfer download of non-ldpe image from ldpe image
Workaround: if there is a dtls license installed and active, then upgrade/downgrade of non-ldpe image from a ldpe image is allowed.
This is addressed in 7.0.230.0 and 7.2.104.24
Thursday, August 16, 2012 at 10:20AM
7921G Deployment Guide – 1.4(2) Update
http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7921g/6_0/english/deployment/guide/7921dply.pdf
7925G, 7925G-EX, and 7926G Deployment Guide – 1.4(2) Update
http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7925g/7_0/english/deployment/guide/7925dply.pdf
Monday, July 23, 2012 at 12:22PM This is very good to know, incase you get calls that your wireless guest network is broken. The WLC will not redirect 
HTTPS urls.
Assume for a moment your guest has a browser home page that is https:// (443) or he / she attempts to open a https:// page, prior to the AUP. The user is expecting to get redirected, but nothing happens.
The Guest will sit and spin giving the impression the guest network is not working properly, but in fact the WLC is not redirecting HTTPS traffic, only HTTP traffic to the AUP.
| web auth (redirect) doesn't work when client users a https url | ||
| Symptom: A client whose home page is an HTTPS (HTTP over SSL, port 443) one will never be redirected by Web Auth to the web authentication dialog. Therefore, such a client will not know to authenticate, and will fail to connect to the network. Workaround: The client should attempt to open any HTTP (port 80) web page. |
Status Terminated Severity 2 - severe Last Modified In Last Year Product Cisco 5500 Series Wireless Controllers Technology 1st Found-In 3.2(78.0) 6.0(182.0) 7.0(98.0) |
|
Related Bug Information
|
||
Tuesday, July 17, 2012 at 11:08AM This bug is cosmetic only and doesn't impact performance. ACS sends a nice orange alert when 250,000 cached sessions are cumulated and should delete 20,000 sessions. I was worried at first, when I think “sessions” I think EAP.
I opened up a TAC case and got a rockstar ACS TAC engineer. Sorry, but I cant share his name, somethings need to be kept confidential, especially a great resource ! In short, a “probe” counts as a session.
Say for example a device wants to authenticate it will send a probe and sometimes it will send multiple probes. Not to be confused with 802.11 probe request / response frames. Rather, its a radius probe.
A wireless example would be a client that doesn't support PMK cache / OKC. Every time this client would roam, he would probe the radius server again to re-authenticate. So you can see, you could rack up the session pretty quickly in a large environment.
What happens is that every time a user tries to authenticate using radius the device will send a probe in order to see if the ACS is up and running we can also have this configured to happen even if there is no authentication going by doing radius-server retransmit command. So if for example 20 user try to authenticate using radius than 20 radius probes are send to the ACS. It is not dependent on the amount of devices it more with the amount of user and the amount of authentication request they generate.
Remember that the reason you are receiving the alarm is because the ACS doesn’t delete the 20000 sessions which he should do automatically therefore the bug was opened.-TAC
ACS 5 gives alert after 20000 radius probes
ACS View giving alert when 20 000 sessions are reached.
The problem is that it seems to be triggered also with "radius probes", i.e. authentication packets with no accounting done.
So for example with several ACE appliances doing radius probes, this alert is reached very quickly
Radius authentication packets with no accounting happening in a frequent way
Only an alert.
**** There is another work around whereby you make a filter so that you no longer get the alerts. Consult TAC *** - George
Status
Terminated
Severity
3 - moderate
Last Modified
In Last month
Product
Cisco Secure Access Control Server Solution Engine
Technology
1st Found-In
5.1(0.44)
Tuesday, July 10, 2012 at 10:20AM In a previous email, the Vocera B2000 Discontinuation Notice below contained a typo which incorrectly stated the last date of purchase for the B2000 1-year warranty extension. The date is June 30th, 2013 and the information has been corrected below. We apologize for any inconvenience.
With the introduction of the B3000 Communication Badge in October 2011, we feel it is appropriate to ensure our customers understand the plan for the discontinuation of the B2000 Communication Badge and support. Our goal is to provide you with the information necessary to ensure you continue to enjoy the value of the Vocera solution and allow you ample opportunity to plan for the transition to our latest technology.
Note: This discontinuation notice does not apply to the FIPS 140-2 certified Vocera badge designed specifically for Federal or DoD customers.
December 31, 2015; last date to order B2000 accessories, batteries, chargers, lanyards and universal clips
June 30, 2016; last date for firmware support, this will only include bug fixes related to overall Badge stability or network interoperability. Beyond June 30, 2016, Vocera will make a best effort to address firmware issues but may be limited by the engineering support we receive from component manufacturers.
Hopefully you have had a chance to discuss the B3000 with your local sales or support representatives. The B3000 introduces significant enhancements to the B2000 based on direct feedback from customers such as you. These include a highly ruggedized design, acoustic noise reduction technology, smart battery to just name a few. Additionally, we have introduced a number of programs to help you more easily transition to the B3000 Communication Badge. We would encourage you to contact your local Vocera sales representatives or call 1-877-790-4190 to discuss which options would best support your goals to continue to provide the best possible experience for your patients and staff.
Sincerely,
Debashis Pramanik
Director, Hardware Product Management
Friday, June 29, 2012 at 1:36PM
Let me know if I missed any!
ENJOY!
Sunday, June 17, 2012 at 6:07PM
The CWSP study material sets the foundation of 802.11 security. Its the building blocks to understanding 
how 802.11 security works from encryption, EAP, dynamic key generation, security policy, roaming and the 802.11 standard. For anyone who troubleshoots, designs, deploys or debugs 802.11, the CWSP compliments your abilities.
There is a tremendous amount of value contained in the CWSP study guide, should you choose not to actually go for the certification itself. I can not tell you how many times, over and over again where I referenced martial in the CWSP for colleagues and customers. There is instant creditability when you can speak confidently in great detail about the inner workings of 802.11.
If I can offer one valuable piece of advice. Never skimp on foundation learning. Understanding, in detail, how the different 802.11 security components and mechanics work are critical. Cause, as you will learn, may of the new and future standards are almost always applied to the existing mechanics. A solid foundation lends to better comprehension of future advancements in 802.11.
Taking any exam, its importance to read the exam objectives. Objectives are the clear definition of what you will be tested on. There should be no surprises, if your study efforts are inline with the objectives. Also, don’t start carving up the objectives and think that this section is only worth 5% and not give it your all, when it comes to studying. All objectives should be studied.
It is also important to take these objectives, break them out and reference other authored material for a different perspective on the subject. I used the following:
802.11-2007 Standard
Cisco Wireless LAN Security ISBN: 1-58705-154-0
CWNP White Papers
- 802.11i Authentication and Key Management (AKM) White Paper
http://www.my80211.com/storage/online-pdf-downloads/Chicken_Egg.pdf
Robust Security Network (RSN) Fast BSS Transition (FT) White Paper
http://www.my80211.com/storage/online-pdf-downloads/802.11_RSN_FT.pdf
CWNP Website - CWSP
http://www.cwnp.com/certifications/cwsp
CWNP Forums - CWSP
http://www.cwnp.com/bbpress/forum.php?id=10
CWNP Self Study Material - CWSP
http://www.cwnp.com/training/selfstudy
If you’re studying a topic and something just doesn't make sense, tap a knowledgeable source. I always enjoy talking geek details with my friends to get a different spin on things.
Its simple, to pass the CWSP, it requires a great deal of attention to detail. Take notes often and frequently on all subjects. I used mental case and flashcardexchange.com to store and reference my notes.
You can find a few of my notes here for reference:
http://www.my80211.com/8021x/
http://www.my80211.com/security-labs/
http://www.my80211.com/cwsp-george-stefanick/
You probably will not believe me when I tell you I read the CWSP study guide over 20 times, cover to cover, but I did. Read a book over and over is much like watching a move a number of times. You catch little things you missed the first, second or third time around. I got into a habit of reading a chapter a night.
CWNP.COM has a number of CWSP practice exams. The CWSP study guide includes a CD with exam questions as well. Do them often and pay very close attention to the questions being asked. Don't study the questions, rather study the content of the question being asked.
The CWSP exam is multiple choice. In almost all cases, if you are confident in your studies, you can quickly exclude one or more possible answers from your choices.
If you have experience with radius server configuration, 802.11 captures, and exposure to wireless equipment you will certainly improve your odds of passing. It would be a stretch to say, you NEED this hands on in order to pass, but it certainly helps!
Note passing is 70% Overall
I want to thank all the good folks at CWNP for putting together a great exam and study guide. Also the fine authors - Coleman, Westcott, Harkins and Jackman for a job well done on great material.
CWSP is by far my personal best 802.11 security book ever read. Ive read it over 20+ times. Great read ...
I also want to mention --- thanks to Marcus for answering my, "HUH" questions and letting me bounce random and sometimes confusing thoughts off of him. I really appreciate it.
I also want to thank Kevin for keeping CWNP relevant and restructuring the certification path and keeping the exam material relevant and up to date. I appreciate your dedication to the WiFi community.
Wednesday, April 25, 2012 at 4:47PM A little aged, yes. But if you're upgrading your wireless network and you have older Carefusion (Alaris) pumps take note of this notification, as it could impact you. Ask your Biomed group what code rev your pumps are on. Code revs prior to 9.5 may not be supported. You should contact your Carefusion rep for a firmware upgrade.
