MY80211.com

From Tac:

Cisco TAC does not support running autonomous IOS (aIOS) on the 3500 or 3600 Series Access Points.  These access points are  supported only when running in lightweight mode (Cisco Unified Wireless Network.)

The 12.4(25d)JA1 aIOS image for the 1260 series access point (ap3g1-k9w7) will load on a 3500 series AP, and may be used on an "as-is" basis.  Cisco will provide no support for this use case, and will not warrant that future 1260 aIOS images will continue to load on 3500 series APs.

The 1260 series AP aIOS images will not load on a 3600 series AP, which requires an ap3g2 image.  There are no aIOS images available for the 3600 series.

This is a handy trick to test your cable from a Cisco switch. My buddy Leo wrote this up.

What is Time-Domain Reflectometer (TDR)?

“A time-domain reflectometer (TDR) is an electronic instrument used to characterize and locate faults in metallic cables (for example, twisted wire pairs, coaxial cables)¹.”

For the sake of this document, “TDR testing” and “TDR” are used interchangeably in this document to sow confusion to the un-initiated. They both mean the same.

How can TDR help me?

TDR, in its simplest form, can help you determine IF you have a cable problem, WHICH pair(s) is/are faulty and HOW FAR away the fault is.

Typically, when you have a Layer 1 issue there are a lot of factors to consider:

1. Local-end Side (LeS) patch cable;
2. Local-end Side (LeS) patch panel (including punch block);
3. Horizontal cable;
4. Remote-end (Red) patch panel (including punch block);
5. Remote-end (Red) patch cable; and
6. Remote-end (Red) device NIC

 So you see, dear readers, TDR minimize the guess-work.

Picture this …

Before we begin, let me give you the “lay of the land”. Presume the following scenario:

What model of Cisco switch does TDR work on?

Firstly, not all switch model support TDR. TDR feature first came out with the Catalyst 2960. So here is the list of which ones will work and will not:

Note:  

1.        The 2960 will support TDR in both the FastEthernet and dual-personality GigiabitEthernet port, however, when used on a FastEthernet port, TDR will only test the first two pairs, namely Pairs A & B.  For obvious reasons, Pairs C and D will not be tested when used on non-GigabitEthernet ports.

2.       Except the WS-C2960-48PDL, when using the copper GigabitEthernet port of the Catalyst 2960, one must manually set the interface to copper using the command “media rj” before the test can be conducted.

3.       Confirmed by Cisco TAC, Ankur Garg.

The list does not include modules/blades for the Catalyst 4000/4500, 5000/5500, 6000/6500 although it is mentioned here that TDR was introduced with IOS Release 12.2 ZY for the Catalyst 6000/6500. It’s not included in the list above because I don’t have the resources to test and verify.

Legacy Cisco Catalyst models 1900, 2900XL/3500XL, 2940/2950/2955, 2948G and 2970 are not supported. Routers are also not supported. I do not have any resources to test router Ethernet Switch Modules (NME, HWIC, EHWIC). Wireless Access Points do not support TDR.

Why doesn’t the FastEthernet-flavoured 3560 and 3750 support TDR and but the cheaper FastEthernet 2960 support TDR?

Base on the time-line, the “plain” (or non-GigabitEthernet copper port) 3560 and 3750 came out BEFORE the 2960. The “chip” for the TDR was included in the design of the 2960. When Cisco released the 3560G and 3750G later, someone made the ultimate decision to include the TDR feature as a standard. Therefore, the plain 3560 and 3750 are the only two series that WON’T HAVE the TDR feature. (Take note reader: Emphasis on the words “WON’T HAVE”)

Any Gotchas I need to be aware of?

• Switches need to run IOS version 12.2 or later. TDR is supported in IOS version 15.0. IOS version 12.0 and 12.1 do NOT support TDR.

• If you are running IOS version 12.2(46)SE or earlier, TDR test is DISRUPTIVE. During the test, the interface will go down and up. For obvious reasons, anything connected will lose network connectivity.

• If the remote-end device is a power-over-ethernet (PoE) device, the test will cause the device to lose power. If you have, for example, a Voice over IP (VoIP) phone and a PC client is connected to the phone, both the phone and client will lose network connectivity because the phone does not have a bypass functionality. This will affect ALL IOS versions.

• Particularly when you are running old IOS versions, the test can take between five (5) to seven (7) seconds.

• TDR works on 10/100/1000BaseTx. Fibre optic ports (any flavours) is not covered/discussed here. TenGigabitEthernet copper port DOES NOT (YET) support TDR.

• Cisco GLC-T/GLC-TX SFP module does NOT support TDR.

The next two Gotcha items are for those who plan to use the TDR feature on Cisco Catalyst 2960 and 2960G (2960S not included):

• 1. The 2960 will support TDR in both the FastEthernet and dual-personality GigiabitEthernet port, however, when used on a FastEthernet port, TDR will only test the first two pairs, namely Pairs A & B. For obvious reasons, Pairs C and D will not be tested when used on non-GigabitEthernet ports. Pairs C and D will report a result of “Not Supported”.

• 2. Except the WS-C2960-48PDL, when using the copper GigabitEthernet (Gig 0/1 and Gig 0/2) ports of the Catalyst 2960, one must manually set the interface to copper using the command “media rj” before the test can be conducted.

How to use TDR?

The commands are very simple: One to start the test and the second command to display the result. Here is simple procedure:

1. Command to start the TDR: “test cable tdr interface <interface of your choice>”;
2. Wait for about 5 to 7 seconds for the test to run; and
3. Command to show the result of the TDR test: “show cable tdr interface <interface of your choice>”

See? Easy! Now let’s see what the I results would look like.

So what does this result above tell us?

1. Port tested is on GigabitEthernet 0/1;
2. Port has negotiated to 1 Gbps;
3. Cable use is a straight-through cable (look and compare the values of “Local pair” and “remote pair”);
4. Cable length is approximately 3 metres long and an error (length-wise) of 1 metre; and
5. All four pairs are working fine (Pair status)

Under “Pair status” you can get the following results:

An ideal result is “Normal”. In practice, whether the remote-end device is FastEthernet or GigabitEthernet, I will never accept a TDR result other than “Normal” in all four pairs.

Cable Pairs explained?

This is how I see what each Pairs control:

More examples

Normally, this result would freak me out. Look at the items in RED. Pairs C and D are reporting a cable value of “0”. Next I move to the “Pair status” and it’s reported as an Open circuit. No pin contact. Whao! But look at the speed. It’s 100 Mbps. So it’s normal … I guess.

But wait. What if the remote-end side (Red) client is a GigabitEthernet. So where is the faulty cabling? Which one of the patch cables? Or is it a horizontal cabling? Does the client support GigabitEthernet or not?

Here’s another clue: Look at the length of the cable for Pair A and B. It’s reporting around 12 to 13 metres. Experience has taught me that my Local-end Side (LeS) cable doesn’t exceed two metres. So that rules out my cable, however the horizontal cabling is more than 10 metres. So what’s between the horizontal cabling and the remote-end client? You have three suspects: 1) The remote-end punch block; 2) the remote-end patch cable; and 3) remote-end client.

Culprit was the remote-end punch block and the horizontal cabling: Cable contractors only terminated two pairs.

Never ask a boy to do a man’s job!

Its results like the ones above that makes me want to cry.

Ok, I look under “Pair status” and I see “Short/Impedance Mism” for Pair C and D. No question about it. It’s bad cabling. This is not what makes me want to cry. Look at under “Pair length” of Pair A and B. NOW cry.

Should I be worried?

Looking at the result, I can confidently say that the appliance was a 48-port Cisco Catalyst 2960. How? Look under “Interface”. Look at “Pair status” for Pair C and D. Only the plain 2960 FastEthernet ports can support TDR.

But look at “Pair status” for Pairs A and B. What does that mean?

It means that the remote-end (Red) patch cable is missing.

Wireless Solutions Software Compatibility Matrix

This document lists the software compatibility matrix information for the Cisco wireless devices used in a Cisco centralized and distributed wireless LAN solution.

Contents

This document contains the following sections:

•Conventions

•Software Release Compatibility Matrix

•Mesh and Mainstream Controller Software Releases

•Cisco Prime Network Control System Compatibility Matrix

•Wireless Control System Compatibility Matrix

•Inter-Release Controller Mobility (IRCM)

•Cisco Support Community

•Obtaining Documentation and Submitting a Service Request

Conventions

See Cisco Technical Tips Conventions for information about document conventions.

Software Release Compatibility Matrix

Table 1 lists the Wireless Software compatibility matrix.

Mesh and Mainstream Controller Software Releases

Table 2 lists the mesh and controller software releases and the compatible access points.

Note See the relevant release notes before you perform any software upgrade. The release notes are available at http://www.cisco.com/en/US/products/ps10315/prod_release_notes_list.html.

Software Release Support for Access Points

Table 3 lists the controller software releases that support specific Cisco access points. The First Support column lists the earliest controller software release that supports the access point. For access points that are not supported in ongoing releases, the Last Support column lists the last release that supports the access point.

Cisco Prime Network Control System Compatibility Matrix

Table 4 lists the compatibility matrix of Cisco Prime NCS, controller, access point images, Identity Services Engines (ISE), and mobility services engines (MSE).

Wireless Control System Compatibility Matrix

Table 5 lists the Wireless Control System (WCS) compatibility matrix.

WCS and Navigator Compatibility

Cisco WCS and Cisco WCS Navigator must be from the same release in order to be compatible (see Table 6). Although the release numbers will not be the same, you must verify whether they were part of the same release.

For example, Cisco WCS Navigator 1.0 is compatible with Cisco WCS 4.1, and Cisco WCS Navigator 1.1.x is compatible with any Cisco WCS 4.2.x.

Note When Cisco WCS Navigator is upgraded to a new version, the corresponding Cisco WCS must also be upgraded to the corresponding new version. For example, if Cisco WCS Navigator is upgraded to version 1.6, Cisco WCS must also be upgraded to the corresponding version 7.0.

Inter-Release Controller Mobility (IRCM)

Table 7 lists the inter-release Controller Mobility (IRCM) compatibility matrix.

Medtronic ignore original attempts to fix this problem back in August. As a wireless engineer focusing in the Healthcare vertical its always important to test all your medical devices prior to deployment. A simple port scan could yield valuable information and potential means to access these devices. Often times, vendors will leave default logon credentials allowing access.

The attack on wireless insulin pumps made by medical devices giant Medtronic was demonstrated Tuesday at the Hacker Halted conference in Miami. It was delivered by McAfee's Barnaby Jack, the same researcher who last year showed how to take control of two widely used models of automatic teller machines so he could to cause them to spit out a steady stream of dollar bills.

Read more:

http://www.theregister.co.uk/2011/10/27/fatal_insulin_pump_attack/

I wanted to show some love to my buddy Blake Krone. Blake completed his CCIE wireless journey a few weeks ago. He is a true inspiration to us all …

Blake worked hard and diligently in search of the elusive CCIEW number. After his 4th attempt we chatted briefly and he shared his thoughts about giving up. He was so close the last few attempts he decided to give it one more try before v2. And we’re all glad that he did! I understand he is perhaps #48 to have passed ... Truly a great achievement !

I want to wish Blake and his family a very relaxing and enjoyable holiday season.

Blake Krone - CCIE#31229

You can read about Blake’s journey at his blog: http://blakekrone.com/2011/10/26/im-now-known-as-a-number

Cisco VoWLAN checklist is a great way to plan your config and to reference when you are having voice issues.

http://www.cisco.com/en/US/docs/wireless/technology/vowlan/troubleshooting/VoWLAN_Troubleshooting_Checklist.html

Cisco releases a 'special' for the AP3600

 I understand this code is only for new gen WLCs. You will only find this code under these controllers.

The purpose of this document is to strip the domain from users that authenticate with the format: username@domain in ACS 5.x.

Wireless supplicants sometimes present the user creditials in different formats. One such device is the Motorola handhelds. They present the user ID as 'user@domain' to the radius server who then sends this to the AD server. The AD server rejects this request becuase of its format. When using ACS 4.x its a few clicks to remove the domain at the raidus server, so that only the ID of the user is presented to the AD server. 

But ACS 5.x doesnt do this easily. You actually have to create a PROXY ACS inside your ACS server. There is no easy check box to strip the prefix or the suffix in ACS 5.x.

If you use LDAP, different sorry. You have the option to strip both with a simple check box under external / ldap section of ACS 5.x.. Below is a document I received from Cisco TAC showing how to strip the prefix and or suffix in ACS 5.x within a ACS proxy.

RADIUS PROXY SERVER

Configure the ACS server as a network device and choose as the authentication option Radius.

Define the ACS server as an External Radius server under Network Resources. The external radius server on this case is the ACS itself.

Create a new access service and point the new policy to use the Radius Proxy service type.

Once the access service is enable configure the advance options of the new service selection rule to strip the domain after the @.

Go to service selection rule and create a new rule pointing to the Proxy Radius Server created previously and include a compound condition as follows:

With the previous configuration when we use the username@domain the user is able to authenticate because check the first rule pointing to the proxy radius server which is set up to strip the domian.

When the ACS first receives the request and strips the domain part from the username, the server will Proxy the request to itself in which case the ACS will act as a AAA client striping the domain and showing the passed authentication as follows:

On the previous screenshot you can see that once the ACS strips the domain is going to hit the second access service rule which just accept the radius request that does not contain any UPN format.

End-of-Sale and End-of-Life Announcement for the Cisco 2100 Series Wireless LAN Controllers
Url: http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps7206/ps7221/end_of_life_notice_c51-691053.html
Description: Cisco announces the end-of-sale and end-of-life dates for the Cisco 2100 Series Wireless LAN Controllers. The last day to order the affected product(s) is May 2, 2012. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available until the termination date of the contract, even if this date exceeds the Last Date of Support shown in Table 1.
Date: 2011-11-04 16:30:00.0

Noticed a tweet on twitter about release notes for 7.0.220.0 being available for download. As of this blog entry, 7.0.220.0 code is not available for download.

Link to release notes: http://www.cisco.com/en/US/docs/wireless/controller/release/notes/crn7_0_220_0.html#wp784169

Arron Leonard from Cisco TAC released a great post about ORA on CSC.

OmniPeek Remote Assistant

VERSION 4 

Did you go HUH?, like I did when I seen the LDPE code rev for the Cisco WLC? I opened a TAC case to find out what this was and this is what I was told.

Client data encryption is normally not done. LDPE  feature is Licensed Data Payload Encryption (LDPE). Data Payload Encryption allows for the data that travels between the Access Point and the WLC to be Datagram Transport Layer Security   (DTLS) encrypted.

Note: Non Russian customers using Cisco 5508 Series Controller do not need data DTLS license. If your controller does not have a data DTLS license and if the access point associated with the controller has DTLS enabled, the data path will be unencrypted

   AIR-CT5500-K9-7-0-116-0.aes (Regular image)

·         AIR-CT5500-LDPE-K9-7-0-116-0.aes (LDPE image)

It would appear that Russia has some requirements to encrypt their AP to WLC traffic internally.

NOTE: I came across a post by blogger/friend Sam C. @ sc-wifi.com that covers this subject in more detail. Thanks SAM! I should have called and opened a ticket with you instead! LOL

http://sc-wifi.com/2011/04/30/cisco-wlc-ldpe-images/

I received this in the email box the other day and thought it might be of interest to others, if you haven’t seen this from Cisco. Looks like Cisco is locking down what software you can access.

You are receiving this message because you have downloaded software through Cisco.com. Please read this email in its entirety.

Working in cooperation with our customers and partners around the globe, Cisco continues taking proactive steps toward our vision of transforming the service experience. To protect the value of our services while enhancing your experience, Cisco will continue building on the successful roll-out of software download controls.

Why do you care?

On October 10, 2011, Cisco began the roll-out of software download controls in the US and Canada. All products will be validated against products registered on a Cisco service contract.

 Why are we making this change?

System controls and processes are being implemented to ensure users are entitled to Cisco’s intellectual property. By aligning service access and delivery within the terms and conditions of user contracts, Cisco will now provide a consistent, compliant, single source service experience through the Service Access Management Tool (SAMT).

Call to Action!

To ensure continued Services Assurance, contact your Cisco Partner today! Need to locate a Partner near you? Cisco’s Partner Locator can help. Have a question regarding this transition? Contact technical support. To expedite your request, please include the following information:

• ·         User ID ( ID used to download software)
• ·         Contact Name
• ·         Company Name
• ·         Contract Number
• ·         Product ID
• ·         Desired Software Release or File Name

Just a reminder the written beta exam expires 10/14/2011!

The beta version of the CCIE Wireless Written Exam v2.0 (351-050) is available for scheduling and testing at all worldwide Cisco-authorized Pearson VUE testing centers beginning September 16, 2011 and continuing through October 14, 2011.  Candidates may schedule and take the exam on the same day.  The beta exam will be offered at a discounted price of $50 USD, with full recertification or lab qualification credit granted to all passing candidates.  Candidates preparing for this exam should refer to CCIE Wireless Written Exam Topics v2.0 on the Cisco Learning Network for a detailed outline of the topics covered. 

Reminder: Candidates will receive their beta exam results six to eight weeks after the close of the beta period.  Therefore, CCIEs in suspended status with an expiration date before December 31, 2011 should recertify using another exam.  Candidates may only attempt a beta exam once during the beta period.

To register for the beta CCIE Wireless Written Exam v2.0, visit Pearson VUE.

Its no secret the 2.4 GHz space is overwhelmed with WiFi and Non WiFi devices. The new B3000 still only supports 2.4 GHz, which is a bit disappointing. Although, it is mentioned the badge is more robust, which I think anyone in Healthcare can appreciate. Vocera badges in most healthcare environments last 12-24 months TOPs.

From: Vocera

Vocera Communications, Inc., today announced the commercial introduction of the new Vocera B3000 Communication Badge featuring enhanced durability, audio quality, and speech recognition. The B3000 is the fourth generation of the Vocera Communication Badge, which currently is used in more than 750 hospitals and other healthcare facilities worldwide to improve patient safety and satisfaction, and increase hospital efficiency and productivity.

With a highly durable design, including a magnesium alloy spine, the B3000 Badge is designed to withstand the rigors of the workplace without sacrificing size, weight and wearability. The B3000 features four microphones and integrated acoustic noise reduction to deliver instant high-quality communication with optimal audio. This technology reduces background noise found in many emergency rooms and trauma centers, resulting in clearer conversations and improved speech recognition in high noise environments.

You can get specs and additional reading below:

http://www.vocera.com/microsites/b3000/

Title: End-of-Sale and End-of-Life Announcement for the Cisco Aironet 1520 Series
Url: http://www.cisco.com/en/US/prod/collateral/wireless/ps5679/ps8368/end_of_life_notice_c51-688859.html
Description: Cisco announces the end-of-sale and end-of-life dates for the Cisco Aironet 1520 Series. The last day to order the affected product(s) is March 30, 2012. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available until the termination date of the contract, even if this date exceeds the Last Date of Support shown in Table 1.
Date: 2011-09-30 15:05:00.0

Title: End-of-Sale and End-of-Life Announcement for the Cisco Aironet 1400 Series
Url: http://www.cisco.com/en/US/prod/collateral/wireless/ps5679/ps5279/end_of_life_notice_c51-689032.html
Description: Cisco announces the end-of-sale and end-of-life dates for the Cisco Aironet 1400 Series. The last day to order the affected product(s) is December 30, 2011. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available until the termination date of the contract, even if this date exceeds the Last Date of Support shown in Table 1.
Date: 2011-09-30 15:13:00.0

For those of you who have Vocera.

Vocera has identified two critical issues in release 4.2 that may require your immediate attention:

• If you use Vocera for group calling to more than one site (cross site calling) we have identified unintended differences between prior versions and 4.2 releases that may impact your current use model.
  
• If you use internal paging in release 4.2 (GA or SP1), pages may not reach the recipient (Issue 14892). See KB 1283 for more information.

If either issue applies to your environment, please contact Vocera Technical Support as soon as possible to discuss how to reduce the impact to your users.

Ralph passed his Wireless IE! Way to go buddy! I've had the pleasure meeting Ralph on a few occasions. The desire this guy had to pass the IE Wireless was in his eyes. You can see it. You can sense it. This guy was passing one way or another! I asked Ralph if he would take a few minutes and write a little blog on his CCIE Wireless journey. I hope this will inspire others in their journey! 

I started getting interested in the Wireless track around January 2010
I had to recert my R&S and took the Written. After I had been
implementing and troubleshooting Unified wireless for a couple of
years I started to look a the Wireless blueprint. It looked really easy.
How hard could it be. I had done most of it time and time before at
customers. So when going to the Cisco Live in Las Vegas in 2010 I took
the 4 hour CCIE Wireless Techtorial. I expected 4 hours of tips and
tricks for the lab exam but got a sample lab exam. I was NOT prepared
at all. I was pure murder. When coming home from Las Vegas I talked
with my boss and my wife about going for the Wireless and got a go.

I got Fastlane WB1 for technology focused labs and started working
that. In August 2010 I ordered WB1 and WB2 and a bootcamp. My plan was
to complete Fastlanes workbook 1 by October 2010, IPExpert workbook 1
by december 2010 and then IPExpert workbook 2 by March 2011.

But the plan didn't go at all. When labbing I needed to lookup everything I
didn't know or understand, and that turned out to be alot. So the
Fastlane workbook took me to untill christmas. But as IPExpert's
workbooks was delayed it didn't matter that I finished late.

IPExperts workbook started to arrive chapter by chapter late december. I got the
complete workbook 1 just weeks before leaving to the bootcamp in March
2011. My idea was to hit the bootcamp prepared learn the last 5-10%
and take the exam just after the bootcamp. Well I was not near the
level I needed to be when I took the bootcamp. I was at 50% and the
bootcamp to me 20-30%.

Did the first exam late March 2011 and failed. I guess I got around 50
points. I booked a new date at once and took my second attempt in late
May 2011.

In the 2 months between the exams I read the Mobility 4.1
Guide, the WLC, WCS and autonomous configration guides (some of them
for the second time). This time I was prepared. Took the exam and
believed it was perfect when I left building C. Got the score report
and I'm guessing I got around 70-72 points.

Before going for the 3rd attempt I wanted to do a reseat with the
bootcamp to ensure everything was repeated. Unfortunately I didn't
feel the bootcamp did that much for me, but I did get to do questions
and answers on topics I still wanted to verify. Took the exam the week
after the bootcamp and the rest is history!

An important item to note is that you will receive your beta exam results six to eight weeks after the close of the beta period. I know when I sat the v1 beta I had my results after the exam. Something tells me this written exam is a rush job. The beta was suppose to be out weeks ago and was delayed and your results will be 6 - 8 weeks after the beta close ?

From:Cisco

The beta version of the CCIE Wireless Written Exam v2.0 (350-050) is available for scheduling and testing at all worldwide Cisco-authorized Pearson VUE testing centers beginning September 16, 2011 and continuing through October 14, 2011.  Candidates may schedule and take the exam on the same day.  The beta exam will be offered at a discounted price of $50 USD, with full recertification or lab qualification credit granted to all passing candidates.  Candidates preparing for this exam should refer to CCIE Wireless Written Exam Topics v2.0 on the Cisco Learning Network for a detailed outline of the topics covered. 

Reminder: Candidates will receive their beta exam results six to eight weeks after the close of the beta period.  Therefore, CCIEs in suspended status with an expiration date before December 31, 2011 should recertify using another exam.  Candidates may only attempt a beta exam once during the beta period.

To register for the beta CCIE Wireless Written Exam v2.0, visit Pearson VUE.