Shawn Jackman (Jack) CWNE#54 is a personal friend and has been a mentor to me for many years. I've had the pleasure and opportunity to work with Jack for 4 years. Jack is a great teacher who takes complex 802.11 standards and breaks them down so almost anyone can understand the concept at hand. I'm excited for you brother. Great job and job well done! Put another notch in the belt!
Cisco ISE Application <GUI> default login change.
Previous ISE versions the application <GUI> login/password was <admin> <cisco>. However, with version ISE 1.1.1, the application login is setup during the initial installation under APPLICATION.
ISE DEPLOYMENT GUIDE 1.1.1
You must configure the Cisco ISE Admin password at the time you install the Cisco ISE. The previous Cisco ISE Admin default login credentials (admin/cisco) are no longer valid.
Need to reset the Application <GUI> Login / Password
Should you forget or need to reset this login and password you can via the CLI with the following command:
ise111/admin# application reset-psswd ise admin
This is from Cisco CSC
Microsoft will launch Windows 8 in late October. Along with a slew of other features, it will be among the first to support the 802.11w standard to protect Management Frames for client devices on Wi-Fi networks.
Customers running old Cisco unified releases (between 4.2 to 7.2) in local, Flex or mesh mode will run into an interoperability bug (CSCua29504, to be exact) that prevents 802.11w enabled clients from connecting to a Cisco WLAN with Management Frame Protection (MFP) enabled. This bug does not affect customers running autonomous access point deployments or customers running Cisco unified releases older than 4.2.
What are the possible solutions for you?
1. Please upgrade your production environment to one of the following releases, which will interoperate with Windows 8.
2. Roll back to pre-windows 8 drivers as identified in the Microsoft Knowledge Base article.
3. Fall back to TKIP
4. Sign up for a beta release for Cisco’s upcoming feature release 7.4 (beta available now!) that supports the 802.11w feature in local mode.
What is 802.11w ?
802.11w is an IEEE standard based on Cisco’s Management Frame Protection(MFP), a feature that was first supported on autonomous access points in release 12.3(8)JA in 2006 and in the unified release 220.127.116.11 in 2008. 802.11w isn’t a new standard. IEEE ratified the 802.11w standard in 2009, however the adoption has been slow to date, but that is expected to change with Windows 8.
The WFA has announced that it will position the Protected Management Frame interoperability certification program as a feature update to its Wi-Fi Protected Access(WPA2) program.
Why do I care about 802.11w ?
I joined Cisco Wireless Networking Business Unit (WNBU) early 2006 as a Product Manager for Autonomous Access Points and the first software release that I managed was the 12.3(8)JA. One of the coolest features in that release was a Cisco innovation around protecting management frames. As many of you may know, 802.11 frames such as Authenticate, De-authenticate, Associate, Dis-associate are sent in the clear (a.k.a. in an unsecured manner). This could allow a potential attacker to spoof management frames from a valid device and run Denial of Service (DOS) attack by sending de-authenticate/disassociate frames.
When MFP is enabled, the sending device adds a cryptographic hash to create a message integrity check (MIC) and embeds that within the Information Element (IE) of every management frame. Thus when another device in the network receives the frame, it is able to verify that the authenticity of the source. In case a single invalid frame is received on the network, it will be dropped, as well as, an Intrusion Detection System alert will be received -this means zero day protection!
What about clients that don’t support 802.11w ?
There are two components to Management Frame Protection:
- Infrastructure MFP: When the wireless Controller and Access point infrastructure support the 802.11w capability, any frames from a hacker masquerading as an infrastructure AP and attempting to communicate with other APs will be dropped.
- Client MFP: When a client ALSO supports this feature; it is able to secure communications with the infrastructure. This means any frames from a hacker masquerading as an infrastructure AP and sending disconnect messages to the clients will be dropped.
So what’s the bottom-line?
To enable that your network is ready for 802.11w and Windows 8 ensure that you are running the latest Cisco Unified releases in your wireless controller network.
For more information, visit https://supportforums.cisco.com/docs/DOC-27213
This is a bug I discovered and I understand another customer is reporting the same issue. Still providing TAC config info and testing.
CSCuc32335 Bug Details
Title: End-of-Sale and End-of-Life Announcement for the Cisco 3310 Mobility Services Engine
Description: Cisco announces the end-of-sale and end-of-life dates for the Cisco 3310 Mobility Services Engine. The last day to order the affected product(s) is March 19, 2013. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available until the termination date of the contract, even if this date exceeds the Last Date of Support shown in Table 1.
Date: 2012-09-18 16:45:00.0
Heads up if you're having wireless voice issues with 7925 handsets with WPA2/PSK. Problems with roaming, gap in voice bug.
When attending a field day event it’s a challenge to listen, take good notes, tweet and do a blog post all in a matter of 2 hours. Sorry, I’m good, just not that good!
My interest was peaked when I heard Wildpackets was a sponsor for #WFD3. Wildpackets was one of the first commercially supported wireless sniffier products available. Lets face it, most engineers didn’t understand the 802.11 frame structure back in 2002. A lot of the captures were greek to many engineers, including myself. I was an early adopter and used what was then called, Airopeek.
Wildpackets offers a suite of application software (and appliances) that focus around layer 2 packet analysis, both on wired (802.3) and wireless (802.11). Our WFD event focused on and what I believe is their most important product, OMNIPEEK.
Omnipeek can be very intimidating at first, but once you get comfortable with the interface the other bells and whistles await you. And let me just tell you, there is a wealth of bells and whistles.
The Wildpackets team shared with the WFD delegates their humble beginnings and later a video about a fiery blaze that destroy their office in 2002. We then moved on to the tech stuff!
Jay Botelho did an overview of Omnipeek. Jay shared with the delegates how to use Omnipeek, put it into sniffer mode and how to conduct a multi channel capture. We then walked through a wireless capture briefly and discussed other rich features (watch the below video to get your Omnipeek fix). Jay also shared some of the other robust features like reporting, graphs and analysis tools, which are built into Omnipeek. We also looked at our first 802.11ac capture. It was my first peek at 802.11ac.
I understand, Omnipeek support for 802.11ac will be in released in its next release in coming weeks.
You can read an article about the Wildpackets fire here: http://www.internetnews.com/wireless/article.php/1433881/WildPackets+Survives+Fire.htm
The Wildpacket advantage is simple.
Coming from my personal experience, Willpackets’ Omnipeek is the best commercially offered wireless sniffer on the market today. It is well developed, packed with features and well supported. It drives information to the wireless engineer and displays it in a manner that is intuitive and accurate. A wireless engineer can capture 2,3,4 or more channels simultaneously aiding in quicker fact gathering. To the untrained eye, Omnipeek has built reports and graphs that will bring blaring issues to the surface.
All of these features do come at a cost. And if you are a consultant or work for a large enterprise it can easily be justified.
If you ever need customer feedback and or justification for Omnipeek in a large enterprise, email me I will be happy to share my experience.
My take away
Next time you’re troubleshooting a wireless issue at the frame layer and you’re using something other than Omnipeek you’re missing out on all the other rich features that only Omnipeek offers.
Also, take notice next time you are reading a 802.11 technical book or looking at published material that displays a 802.11 capture. Pay very close attention, its very likely you are looking at a capture done in Omnipeek.
In closing, one other important take away I learned at Wildpackets is just how much they value their employees. Thats a company I want to do business with.
Wildpackets provided us 802.11ac and 802.11u captures. Links to these captures are below:
If you missed the event you can watch it here:
I am very humbled to be asked back to participate as a delegate in WFD3, presented and hosted by GESTALT IT. WFD3 <Wireless Field Day 3> brings some new vendors and new delegates together for yet another event filled wireless geek gathering. “ GESTALT IT Independent Experts United “
WFD is an event where industry users <experts in some cases> come together with wireless vendors to discuss wireless, technology road map and issues and features with the respected vendors. This allows vendors first hand experience with users who may be using their product already, whereby providing valuable feedback or in some cases introducing their product to users for the first time.
WFD is also a large social media event. WFD has hundreds and sometimes thousands of like minded folks who will follow along and sometime paticpate in twitter feeds from each event.
This particular WFD3 brings together both hardware and software vendors.
I would like to personally thank Aerohive, Aruba, Cisco, Meraki , Metageek and Ruckus for their repeated support and sponsorship of WFD. I would also like to thank and welcome Tabaza, Wildpackets and Juniper who are new sponsors.
WFD brings together like minded individuals who share common interest in technology, in the case of WFD, lets just say, it’s wireless geek week at its best! Each delegate brings a unique real world experience and perspective. Some delegates work for VARS, others are independent consultants or end users.
WFD3 delegate notables:
Blake Krone - CCIE Wireless
Keith Parsons - CWNE, Wifi Industry Expert and mentor to many of us
Gregor Vucanjnk - CWNE, Recently minted <like last week recent -CONGRATS>
Tom Carpenter - CWNP
Jennifer Huber - CWNE
Below are all attending delegates:
Vendor Questions and Perspective
As a wireless architect for a large and world renown healthcare system I will be focusing my questions and comments around healthcare specific WiFi. WiFi in healthcare presents very unique challenges. Real time applications requiring wire like connectivity and reliability. Large HC systems can have thousands of WiFi devices from COWs, mobile desktops, tablets, handhelds, scanners, RFID tags and the list goes on.
I am interested in how each hardware vendor is handling 802.11u, 802.11w, BYOD, MESH, 802.11ac, 802.11r and especially the APPLE explosion in Healthcare. These are hot buttons on my plate as well as many other Healthcare WiFi professionals.
- Healthcare is facing tighter budgets due to recent reform. Health Systems need to be cost aware when making purchases and get more bang for the buck. How are vendors positioning their product to compete in the current Healthcare market.
- BYOD and on boarding challenges and cost associated. Healthcare is leading the charge with BYOD. The sheer volume of WiFi devices contained within most hospital systems is larger than the population of some towns!
- How does Cisco’s new HA license and vWLC change the game ?
- Built in Rogue and wIPS systems - most are clunky and dont work well and have a cloud of mystery behind them.
- How are vendors supporting the APPLE explosion. Any new features or roadmap to better support troubleshooting and making up for APPLE deficiencies.
- Are vendors partnering with Apple to provider a better WiFi user experience. Looking for vendor perspective on the Apple road map, what are they doing with Apple to make our life easier
- PCI and HIPAA any new or existing features that allow admins to pull relevant data. Does this cost extra ?
- Vendors take on controller vs. controllerless platforms<We know where Aerohive stands :) >
- How secure is WiFi “cloud” computing - Vendor perspective?
- Remote Office Solutions - Vendor perspective ?
- 802.11ac roadmap
I am a BIG fan of Wildpackets. There is no better wireless sniffer in the world. Excited to meet the wildpackets team.
Never used Tanaza, very interested to hear about their offerings.
My friends, we are in a middle of a compelling wifi convergence. Never before has WiFi seen the attention or the publicity like it has in recent years. WiFi is a moving force like no other, you cant stop it nor can you contain it. Most of the population on planet earth knows what WiFi is. Just grab on and enjoy the ride!
|Wed, Sep 12||15:00-17:00||WildPackets Presents at Wireless Field Day 3|
|Wed, Sep 12||16:30-17:00||Dinner with Aerohive at Wireless Field Day 3|
|Thu, Sep 13||08:00-10:00||MetaGeek Presents at Wireless Field Day 3|
|Thu, Sep 13||10:30-12:30||Ruckus Presents at Wireless Field Day 3|
|Thu, Sep 13||13:30-14:30||Tanaza Presents at Wireless Field Day 3|
|Thu, Sep 13||16:00-18:00||Meraki Presents at Wireless Field Day 3|
|Fri, Sep 14||08:00-12:00||Aruba Presents at Wireless Field Day 3|
|Fri, Sep 14||13:30-15:30||Cisco Presents at Wireless Field Day 3|
|Fri, Sep 14||16:00-18:00|
WFD3 will be broadcasted LIVE at the following link at the above scheduled times:
A big thank you to Stephen Foskett for putting up with "us" wireless geeks and hosting another great event!
|Scott D. Lowe||@OtherScottLowe|
There has been lots of questions about the new 7.3 HA mode. This document will answer most of your questions. Just released by Cisco
Cisco Office Extends bug -- What you should know if you're having wired side (LAN) connectivty issues.
If you configure your OfficeExtends for the LAN and you arent getting an IP address and no connectivity on the wired I might suggest you check your WIRELESS PHY RATES. You should have atleast one 802.11b mandatory rate 1,2,5.5 or 11.
CSCtq76431 Bug Details
Evora:Remote LAN client fails association w/ 802.11b rates not mandatory.
*Jun 03 17:01:39.066: (Re)Assoc-Req from 48:5b:39:13:99:bd forwarded to WLC,
From WLC debug client:
*apfMsConnTask_3: Jun 03 13:01:31.832: 48:5b:39:13:99:bd Sending Assoc Response
CISCO BUG TOOL KIT UPDATE
The long awaited code that will allow engineers everywhere to survey with 3500, 3600 and 1550 access points!
Site-Survey Only Mode for 3600, 3500, and 1550 Access Points
You can install Cisco IOS Release 15.2(2)JA on Cisco Aironet 3600 and 3500 Series access points and
on 1550 series outdoor access points to perform site surveys. This release runs on these access points
with limited functionality. You can manually adjust these settings on the site-survey access points:
• Channel on each radio
• Transmit power on each radio
• Enable and disable the radios
• Manually set basic and supported transmit rates
• Enable advertised cell power in beacons to client to enable DTPC for doing active surveys
• Enable and disable SSID broadcast in beacons
• Enable open authentication
Enhanced Support for Workgroup Bridges
This release provides additional support for access points in workgroup bridge mode:
• PEAP support for WGB: An access point configured as a workgroup bridge can now associate to a
root access point using PEAP
• Roaming improvements (for client workgroup bridges):
– This release improves the reliability of fast roaming on workgroup bridges by allowing the unit
an additional retry when it needs to reassociate to the root access point.
– This release also improves the method that workgroup bridges use to select the “best parent”
access point. Workgroup bridges can share association histories with rot access points, which
can build and share a list of best root access points among workgroup bridges. This method
improves helps workgroup bridges select the best root access point when roaming.
• VideoStream support on workgroup bridges (when used as a client): VideoStream improves the
reliability of an IP multicast stream by converting the multicast frame, over the air, to a unicast
frame. VideoStream was not supported for workgroup bridge clients in previous releases because a
workgroup bridge’s wired clients cannot be added to the controller (WLC) multicast table. In this
release, the workgroup bridge is added to the WLC multicast table, and the workgroup bridge
converts the VideoStream unicast frame into an Ethernet multicast frame and sends it out to its wired
Enter this command on the controller to enable VideoStream for workgroup bridges:
config media-stream wired-client enable
RELEASE NOTES ATTACHED: http://www.my80211.com/storage/release-notes/15_2_2_JA2.pdf
From Cisco's Kangupta
Many times we see instances where the RMA controller is shipped with an LDPE image.
(Cisco Controller) >show sysinfo
Manufacturer's Name.............................. Cisco Systems Inc.Product Name..................................... Cisco Controller
Product Version.................................. 18.104.22.168
Bootloader Version............................... 1.0.1
Field Recovery Image Version..................... 22.214.171.124
Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27
Build Type....................................... DATA + WPS + LDPE
An upgrade to an non LDPE code fails with this error-
"ERROR: Incompatible SW image.ERROR: Please install the Data Payload Encryption licensed image"
The LDPE image is used for Customers who are not legally allowed to use DTLS Data encryption within their regulatory domain (Russia-specific).
Conversion from LDPE to a non LDPE image
1) Upgrade WLC to 126.96.36.199 LDPE image- e.g. AIR-CT5500-LDPE-K9-7-0-230-0.aes for a 5508
2) Download and install a free DTLS license from Cisco.com (if one is not already installed):
To Obtain a Data DTLS License:
Step 1 Browse to http://cisco.com/go/license
Step 2 Under Get New, choose IPS, Crypto, Other Licenses
Step 3 Choose the controller platform, enter the product ID and serial number.
Step 4 Complete the remaining steps to generate the license file. The license will be provided online or via email.
Step 5 Copy the license file to your TFTP server.
Step 6 Install the license by browsing to the WLC Web Administration Page:
Management --> Software Activation --> Commands -->Action: Install License
3) Once the DTLS license is installed, you will be able to upgrade/downgrade to any WLC code (including Non-LDPE).
(Cisco Controller) >show license summary
License Store: Primary License Storage
StoreIndex: 0 Feature: base Version: 1.0
License Type: Permanent
License State: Active, Not in Use
License Count: Non-Counted
License Priority: Medium
License Store: Primary License Storage
StoreIndex: 1 Feature: base-ap-count Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: 500 /1 (Active/In-use)
License Priority: Medium
License Store: Primary License Storage
StoreIndex: 2 Feature: data_encryption Version: 1.0
License Type: Permanent
License State: Active, In Use
License Count: Non-Counted
License Priority: Medium
If the controller is on 188.8.131.52 LDPE code; you installed the DTLS license and then try to migrate to non LDPE code version of 184.108.40.206, it would fail with the following error-
*Transfer: Mar 28 11:32:56.609: RESULT_STRING: Transfer failure :
Upgrade from LDPE to non LDPE software is not allowed.
So, you will need to get on to 220.127.116.11 LDPE image (e.g. AIR-CT5500-LDPE-K9-7-0-116-0.aes for a 5508) first before you can move to a non LDPE code.
This capability was introduced via CSCtw78061; meaning after installing the DTLS license you can download normal image from LDPE code just fine.
Symptom: No upgrade/downgrade is allowed from LDPE image to NON_LDPE image.
Conditions: transfer download of non-ldpe image from ldpe image
Workaround: if there is a dtls license installed and active, then upgrade/downgrade of non-ldpe image from a ldpe image is allowed.
This is addressed in 18.104.22.168 and 22.214.171.124
UPDATED Cisco Wireless Handset Deployment Guide
7921G Deployment Guide – 1.4(2) Update
7925G, 7925G-EX, and 7926G Deployment Guide – 1.4(2) Update
Issues with your Cisco Wireless Guest Network not doing a web redirect ?
This is very good to know, incase you get calls that your wireless guest network is broken. The WLC will not redirect HTTPS urls.
Assume for a moment your guest has a browser home page that is https:// (443) or he / she attempts to open a https:// page, prior to the AUP. The user is expecting to get redirected, but nothing happens.
The Guest will sit and spin giving the impression the guest network is not working properly, but in fact the WLC is not redirecting HTTPS traffic, only HTTP traffic to the AUP.
CSCar04580 Bug Details
Ive been meaning to blog about this bug on the ACS 5.x platform, but forgot until this week when the alert surfaced again.
This bug is cosmetic only and doesn't impact performance. ACS sends a nice orange alert when 250,000 cached sessions are cumulated and should delete 20,000 sessions. I was worried at first, when I think “sessions” I think EAP.
I opened up a TAC case and got a rockstar ACS TAC engineer. Sorry, but I cant share his name, somethings need to be kept confidential, especially a great resource ! In short, a “probe” counts as a session.
Say for example a device wants to authenticate it will send a probe and sometimes it will send multiple probes. Not to be confused with 802.11 probe request / response frames. Rather, its a radius probe.
A wireless example would be a client that doesn't support PMK cache / OKC. Every time this client would roam, he would probe the radius server again to re-authenticate. So you can see, you could rack up the session pretty quickly in a large environment.
What happens is that every time a user tries to authenticate using radius the device will send a probe in order to see if the ACS is up and running we can also have this configured to happen even if there is no authentication going by doing radius-server retransmit command. So if for example 20 user try to authenticate using radius than 20 radius probes are send to the ACS. It is not dependent on the amount of devices it more with the amount of user and the amount of authentication request they generate.
Remember that the reason you are receiving the alarm is because the ACS doesn’t delete the 20000 sessions which he should do automatically therefore the bug was opened.
CSCtj69797 Bug Details
ACS 5 gives alert after 20000 radius probes
ACS View giving alert when 20 000 sessions are reached.
The problem is that it seems to be triggered also with "radius probes", i.e. authentication packets with no accounting done.
So for example with several ACE appliances doing radius probes, this alert is reached very quickly
Radius authentication packets with no accounting happening in a frequent way
Only an alert.
**** There is another work around whereby you make a filter so that you no longer get the alerts. Consult TAC *** - George
3 - moderate
In Last month
Cisco Secure Access Control Server Solution Engine
Received this in the mail box today!
In a previous email, the Vocera B2000 Discontinuation Notice below contained a typo which incorrectly stated the last date of purchase for the B2000 1-year warranty extension. The date is June 30th, 2013 and the information has been corrected below. We apologize for any inconvenience.
VOCERA B2000 MANUFACTURER DISCONTINUATION ANNOUNCEMENT
With the introduction of the B3000 Communication Badge in October 2011, we feel it is appropriate to ensure our customers understand the plan for the discontinuation of the B2000 Communication Badge and support. Our goal is to provide you with the information necessary to ensure you continue to enjoy the value of the Vocera solution and allow you ample opportunity to plan for the transition to our latest technology.
Note: This discontinuation notice does not apply to the FIPS 140-2 certified Vocera badge designed specifically for Federal or DoD customers.
The following are the key milestone dates:
- June 30, 2013; Final date to order a B2000
- September 30, 2013; Customers must take shipment no later than September 30, 2013.
- December 31, 2012; Final date to purchase a 2 year extended warranty with a B2000
- June 30, 2013; Final date to purchase a 1 year extended warranty with a B2000 purchase
Batteries, chargers, lanyards & universal clips
December 31, 2015; last date to order B2000 accessories, batteries, chargers, lanyards and universal clips
June 30, 2016; last date for firmware support, this will only include bug fixes related to overall Badge stability or network interoperability. Beyond June 30, 2016, Vocera will make a best effort to address firmware issues but may be limited by the engineering support we receive from component manufacturers.
Hopefully you have had a chance to discuss the B3000 with your local sales or support representatives. The B3000 introduces significant enhancements to the B2000 based on direct feedback from customers such as you. These include a highly ruggedized design, acoustic noise reduction technology, smart battery to just name a few. Additionally, we have introduced a number of programs to help you more easily transition to the B3000 Communication Badge. We would encourage you to contact your local Vocera sales representatives or call 1-877-790-4190 to discuss which options would best support your goals to continue to provide the best possible experience for your patients and staff.
Director, Hardware Product Management
Last week I sat the CWSP exam and passed on my first attempt. My overall score was 91%. I want to share my insight into the exam and what I used to prepare.
The CWSP study material sets the foundation of 802.11 security. Its the building blocks to understanding how 802.11 security works from encryption, EAP, dynamic key generation, security policy, roaming and the 802.11 standard. For anyone who troubleshoots, designs, deploys or debugs 802.11, the CWSP compliments your abilities.
There is a tremendous amount of value contained in the CWSP study guide, should you choose not to actually go for the certification itself. I can not tell you how many times, over and over again where I referenced martial in the CWSP for colleagues and customers. There is instant creditability when you can speak confidently in great detail about the inner workings of 802.11.
If I can offer one valuable piece of advice. Never skimp on foundation learning. Understanding, in detail, how the different 802.11 security components and mechanics work are critical. Cause, as you will learn, may of the new and future standards are almost always applied to the existing mechanics. A solid foundation lends to better comprehension of future advancements in 802.11.
CWSP EXAM OBJECTIVES
Taking any exam, its importance to read the exam objectives. Objectives are the clear definition of what you will be tested on. There should be no surprises, if your study efforts are inline with the objectives. Also, don’t start carving up the objectives and think that this section is only worth 5% and not give it your all, when it comes to studying. All objectives should be studied.
It is also important to take these objectives, break them out and reference other authored material for a different perspective on the subject. I used the following:
Cisco Wireless LAN Security ISBN: 1-58705-154-0
CWNP White Papers
- 802.11i Authentication and Key Management (AKM) White Paper
Robust Security Network (RSN) Fast BSS Transition (FT) White Paper
CWNP Website - CWSP
CWNP Forums - CWSP
CWNP Self Study Material - CWSP
If you’re studying a topic and something just doesn't make sense, tap a knowledgeable source. I always enjoy talking geek details with my friends to get a different spin on things.
Its simple, to pass the CWSP, it requires a great deal of attention to detail. Take notes often and frequently on all subjects. I used mental case and flashcardexchange.com to store and reference my notes.
You can find a few of my notes here for reference:
READ READ READ
You probably will not believe me when I tell you I read the CWSP study guide over 20 times, cover to cover, but I did. Read a book over and over is much like watching a move a number of times. You catch little things you missed the first, second or third time around. I got into a habit of reading a chapter a night.
CWNP.COM has a number of CWSP practice exams. The CWSP study guide includes a CD with exam questions as well. Do them often and pay very close attention to the questions being asked. Don't study the questions, rather study the content of the question being asked.
The CWSP exam is multiple choice. In almost all cases, if you are confident in your studies, you can quickly exclude one or more possible answers from your choices.
REAL WOLD EXPERIENCE
If you have experience with radius server configuration, 802.11 captures, and exposure to wireless equipment you will certainly improve your odds of passing. It would be a stretch to say, you NEED this hands on in order to pass, but it certainly helps!
Exam Score Card - Break Down
Note passing is 70% Overall
- Wireless Network Attacks and Threat Assessment 85%
- Monitoring & Management 85%
- Security Design and Architecture 93%
- Security Policy 100%
- Fast Secure Roaming 100%
Thank you CWNP
I want to thank all the good folks at CWNP for putting together a great exam and study guide. Also the fine authors - Coleman, Westcott, Harkins and Jackman for a job well done on great material.
CWSP is by far my personal best 802.11 security book ever read. Ive read it over 20+ times. Great read ...
I also want to mention --- thanks to Marcus for answering my, "HUH" questions and letting me bounce random and sometimes confusing thoughts off of him. I really appreciate it.
I also want to thank Kevin for keeping CWNP relevant and restructuring the certification path and keeping the exam material relevant and up to date. I appreciate your dedication to the WiFi community.
This notice is from May 11, 2010.
A little aged, yes. But if you're upgrading your wireless network and you have older Carefusion (Alaris) pumps take note of this notification, as it could impact you. Ask your Biomed group what code rev your pumps are on. Code revs prior to 9.5 may not be supported. You should contact your Carefusion rep for a firmware upgrade.