Wired Stuff
WiFi Tablet Corner
My80211 White Papers (Coming Soon!)

Cisco Wireless Compatibility Matrix (Nov. 2011)

WiFi Training


 

Podcasts / Videos

My80211 Videos

Cisco: 802 11 frames with Cisco VIP George Stefanick

Fluke Networks: Minimize Wi Fi Network Downtime

Aruba: Packets never lie: An in-depth overview of 802.11 frames

ATM15 Ten Talk “Wifi drivers and devices”

Houston Methodist Innovates with Wireless Technology

Bruce Frederick Antennas (1/2)

 

Bruce Frederick dB,dBi,dBd (2/2)

Cisco AP Group Nugget

Social Links
Revolution WiFi Capacity Planner

Anchor / Office Extends Ports

 

Peek Inside Cisco's Gear

See inside Cisco's latest wireless gear!

2.4 GHz Channel Overlap

EXAMPLE 1  

EXAMPLE 2

EXAMPLE 3  

Interference Types

BLUETOOTH
 

Microwave Oven
 

Cordless Phone

JAMMER!
 

LWAPP QoS Packet Tagging

 

 

IEEE 802.11a/g/n Reference Sheet

 

CWSP RELEASE DATE 2/08/2010
  • CWSP Certified Wireless Security Professional Official Study Guide: Exam PW0-204
    CWSP Certified Wireless Security Professional Official Study Guide: Exam PW0-204
    by David D. Coleman, David A. Westcott, Bryan E. Harkins, Shawn M. Jackman

    Shawn Jackman (Jack) CWNE#54 is a personal friend and has been a mentor to me for many years.  I've had the pleasure and opportunity to work with Jack for 4 years. Jack is a great teacher who takes complex 802.11 standards and breaks them down so almost anyone can understand the concept at hand. I'm excited for you brother. Great job and job well done! Put another notch in the belt!

  

Monday
Jul232012

Web auth (redirect) doesn't work when client uses a https url: CSCar04580 Bug

Issues with your Cisco Wireless Guest Network not doing a web redirect ?

This is very good to know, incase you get calls that your wireless guest network is broken. The WLC will not redirect HTTPS urls.

Assume for a moment your guest has a browser home page that is https:// (443) or he / she attempts to open a https:// page, prior to the AUP. The user is expecting to get redirected, but nothing happens.

The Guest will sit and spin giving the impression the guest network is not working properly, but in fact the WLC is not redirecting HTTPS traffic, only HTTP traffic to the AUP.

 

CSCar04580 Bug Details

web auth (redirect) doesn't work when client users a https url
Symptom:

A client whose home page is an HTTPS (HTTP over SSL, port 443) one will never
be redirected by Web Auth to the web authentication dialog. Therefore, such
a client will not know to authenticate, and will fail to connect to the
network.

Workaround:

The client should attempt to open any HTTP (port 80) web page.




Status Status
Terminated

Severity Severity
2 - severe

Last Modified Last Modified
In Last Year

Product Product
Cisco 5500 Series Wireless Controllers

Technology Technology


1st Found-In 1st Found-in
3.2(78.0)
6.0(182.0)
7.0(98.0)
Related Bug Information
Webauth redirection doesn't happen with HTTPS URL
Symptom: Redirect of https traffic on webauth does not work in any version of code. The 'network web-auth-port #' does nothing. Workaround: The business unit considers this an enhancement.
Tuesday
Jul172012

ACS 5 gives alert after 20,000 radius probes: Bug CSCtj69797

Ive been meaning to blog about this bug on the ACS 5.x platform, but forgot until this week when the alert surfaced again.

This bug is cosmetic only and doesn't impact performance. ACS sends a nice orange alert when 250,000 cached sessions are cumulated and should delete 20,000 sessions. I was worried at first, when I think “sessions” I think EAP.


I opened up a TAC case and got a rockstar ACS TAC engineer.  Sorry, but I cant share his name, somethings need to be kept confidential, especially a great resource !  In short, a “probe” counts as a session.

Say for example a device wants to authenticate it will send a probe and sometimes it will send multiple probes. Not to be confused with 802.11 probe request / response frames.  Rather, its a radius probe.


A wireless example would be a client that doesn't support PMK cache / OKC. Every time this client would roam, he would probe the radius server again to re-authenticate. So you can see, you could rack up the session pretty quickly in a large environment.


What happens is that every time a user tries to authenticate using radius the device will send a probe in order to see if the ACS is up and running we can also have this configured to happen even if there is no authentication going by doing radius-server retransmit command. So if for example 20 user try to authenticate using radius than 20 radius probes are send to the ACS. It is not dependent on the amount of devices it more with the amount of user and the amount of authentication request they generate.
 
Remember that the reason you are receiving the alarm is because the ACS doesn’t delete the 20000 sessions which he should do automatically therefore the bug was opened.

                                                                                                                          -TAC



CSCtj69797 Bug Details

ACS 5 gives alert after 20000 radius probes

Symptom:

ACS View giving alert when 20 000 sessions are reached.
The problem is that it seems to be triggered also with "radius probes", i.e. authentication packets with no accounting done.
So for example with several ACE appliances doing radius probes, this alert is reached very quickly

Conditions:

Radius authentication packets with no accounting happening in a frequent way

Workaround:

Only an alert.

**** There is another work around whereby you make a filter so that you no longer get the alerts. Consult TAC *** - George

Status  
Terminated

Severity  
3 - moderate

Last Modified  
In Last month

Product  
Cisco Secure Access Control Server Solution Engine

Technology  

1st Found-In  
5.1(0.44)


Tuesday
Jul102012

VOCERA B2000 MANUFACTURER DISCONTINUATION ANNOUNCEMENT

Received this in the mail box today!

Correction Notice:

In a previous email, the Vocera B2000 Discontinuation Notice below contained a typo which incorrectly stated the last date of purchase for the B2000 1-year warranty extension. The date is June 30th, 2013 and the information has been corrected below. We apologize for any inconvenience.

VOCERA B2000 MANUFACTURER DISCONTINUATION ANNOUNCEMENT


With the introduction of the B3000 Communication Badge in October 2011, we feel it is appropriate to ensure our customers understand the plan for the discontinuation of the B2000 Communication Badge and support. Our goal is to provide you with the information necessary to ensure you continue to enjoy the value of the Vocera solution and allow you ample opportunity to plan for the transition to our latest technology.

Note: This discontinuation notice does not apply to the FIPS 140-2 certified Vocera badge designed specifically for Federal or DoD customers.

The following are the key milestone dates:

 

B2000 orders/shipments

  • June 30, 2013; Final date to order a B2000
  • September 30, 2013; Customers must take shipment no later than September 30, 2013.

Extended warranty

  • December 31, 2012; Final date to purchase a 2 year extended warranty with a B2000
    purchase
  • June 30, 2013; Final date to purchase a 1 year extended warranty with a B2000 purchase

Batteries, chargers, lanyards & universal clips

December 31, 2015; last date to order B2000 accessories, batteries, chargers, lanyards and universal clips

Firmware support

June 30, 2016; last date for firmware support, this will only include bug fixes related to overall Badge stability or network interoperability. Beyond June 30, 2016, Vocera will make a best effort to address firmware issues but may be limited by the engineering support we receive from component manufacturers.

Hopefully you have had a chance to discuss the B3000 with your local sales or support representatives. The B3000 introduces significant enhancements to the B2000 based on direct feedback from customers such as you. These include a highly ruggedized design, acoustic noise reduction technology, smart battery to just name a few. Additionally, we have introduced a number of programs to help you more easily transition to the B3000 Communication Badge. We would encourage you to contact your local Vocera sales representatives or call 1-877-790-4190 to discuss which options would best support your goals to continue to provide the best possible experience for your patients and staff.

Sincerely,

Debashis Pramanik
Director, Hardware Product Management

Friday
Jun292012

Cisco Guest Anchoring and Office Extends (PORTS) 

Quick visual ~ Cisco Guest Anchoring and Office Extends Ports

 

Let me know if I missed any!

ENJOY!

DOWNLOAD

 

 

 

 

 

Sunday
Jun172012

Passing the CWSP (Certified Wireless Security Professional) - My 2 cents

Last week I sat the CWSP exam and passed on my first attempt. My overall score was 91%. I want to share my insight into the exam and what I used to prepare.

 

CWSP VALUE

The CWSP study material sets the foundation of 802.11 security. Its the building blocks to understanding how 802.11 security works from encryption, EAP, dynamic key generation, security policy, roaming and the 802.11 standard. For anyone who  troubleshoots, designs, deploys or debugs 802.11, the CWSP compliments your abilities.

There is a tremendous amount of value contained in the CWSP study guide, should you choose not to actually go for the certification itself. I can not tell you how many times, over and over again where I referenced martial in the CWSP for colleagues and customers. There is instant creditability when you can speak confidently in great detail about the inner workings of 802.11.  

FOUNDATION LEARNING

If I can offer one valuable piece of advice. Never skimp on foundation learning. Understanding, in detail, how the different 802.11 security components and mechanics work are critical. Cause, as you will learn, may of the new and future standards are almost always applied to the existing mechanics. A solid foundation lends to better comprehension of future advancements in 802.11.

CWSP EXAM OBJECTIVES

Taking any exam, its importance to read the exam objectives. Objectives are the clear definition of what you will be tested on. There should be no surprises, if your study efforts are inline with the objectives. Also, don’t start carving up the objectives and think that this section is only worth 5% and not give it your all, when it comes to studying. All objectives should be studied.

It is also important to take these objectives, break them out and reference other authored material for a different perspective on the subject. I used the following:

802.11-2007 Standard

Cisco Wireless LAN Security ISBN: 1-58705-154-0

CWNP White Papers

- 802.11i Authentication and Key Management (AKM) White Paper
http://www.my80211.com/storage/online-pdf-downloads/Chicken_Egg.pdf

Robust Security Network (RSN) Fast BSS Transition (FT) White Paper
http://www.my80211.com/storage/online-pdf-downloads/802.11_RSN_FT.pdf

CWNP Website - CWSP
http://www.cwnp.com/certifications/cwsp

CWNP Forums - CWSP
http://www.cwnp.com/bbpress/forum.php?id=10

CWNP Self Study Material - CWSP
http://www.cwnp.com/training/selfstudy

TAP RESOURCES

If you’re studying a topic and something just doesn't make sense, tap a knowledgeable source. I always enjoy talking geek details with my friends to get a different spin on things.

TAKE NOTES

Its simple, to pass the CWSP, it requires a great deal of attention to detail. Take notes often and frequently on all subjects. I used mental case and flashcardexchange.com to store and reference my notes.

You can find a few of my notes here for reference:
http://www.my80211.com/8021x/
http://www.my80211.com/security-labs/
http://www.my80211.com/cwsp-george-stefanick/


READ READ READ

You probably will not believe me when I tell you I read the CWSP study guide over 20 times, cover to cover, but I did. Read a book over and over is much like watching a move a number of times. You catch little things you missed the first, second or third time around. I got into a habit of reading a chapter a night.

PRACTICE EXAMS

CWNP.COM has a number of CWSP practice exams. The CWSP study guide includes a CD with exam questions as well. Do them often and pay very close attention to the questions being asked. Don't study the questions, rather study the content of the question being asked.

MULTIPLE CHOICE

The CWSP exam is multiple choice. In almost all cases, if you are confident in your studies, you can quickly exclude one or more possible answers from your choices.

 

REAL WOLD EXPERIENCE

If you have experience with radius server configuration, 802.11 captures, and exposure to wireless equipment you will certainly improve your odds of passing. It would be a stretch to say, you NEED this hands on in order to pass, but it certainly helps!

 

Exam Score Card - Break Down

Note passing is 70% Overall

  • Wireless Network Attacks and Threat Assessment 85%
  • Monitoring & Management 85%
  • Security Design and Architecture 93%
  • Security Policy 100%
  • Fast Secure Roaming 100%

 

Thank you CWNP

I want to thank all the good folks at CWNP for putting together a great exam and study guide. Also the fine authors - Coleman, Westcott, Harkins and Jackman for a job well done on great material.

CWSP is by far my personal best 802.11 security book ever read. Ive read it over 20+ times. Great read ...

I also want to mention --- thanks to Marcus for answering my, "HUH" questions and letting me bounce  random and sometimes confusing thoughts off of him. I really appreciate it.

I also want to thank Kevin for keeping CWNP relevant and restructuring the certification path and keeping the exam material relevant and up to date. I appreciate your dedication to the WiFi community.



Wednesday
Apr252012

Wireless Notification to Alaris Server and Cisco Systems Customers

This notice is from May 11, 2010. 

A little aged, yes. But if you're upgrading your wireless network and you have older Carefusion (Alaris) pumps take note of this notification, as it could impact you. Ask your Biomed group what code rev your pumps are on. Code revs prior to 9.5 may not be supported. You should contact your Carefusion rep for a firmware upgrade.

Saturday
Apr212012

Features Not Supported on Cisco Flex 7500 Controller

These features are not supported on Cisco Flex 7500 Series Controllers code 7.0.116.0, it could change in future versions:

•Local mode AP (However AP joins 7500 initially as local mode and should be converted to Flex Connect mode)

•Mesh

•LAG

•Client and RFID tag location

•CCX CAC

•STP

•7500 as guest anchor

•L3 Roaming (Centrally switched wlan -> same and inter-controller)

•Multicast (Multicast - Multicast and Multicast - Unicast). (ignore - 7500 gui interface may still show multicast-multicast config.)

•VideoStream

•TrustSec SXP

•IPv6/Dual Stack client Support

•WGB

•OEAP

•HotSpot2.0 (802.11u)

•Client rate limiting for centrally switched clients

Cisco Flex 7500 Series Controller does not support the 802.1x security variants on a centrally switched WLAN. For example, the following configurations are not allowed(and TAC does not support) on a centrally switched WLAN

•WPA1/WPA2 with 802.1x AKM

•WPA1/WPA2 with CCKM

•Dynamic-WEP

•Conditional webauth

•Splash WEB page redirect

If you want to configure your WLAN in any of the above combinations, the WLAN must be configured to use local switching.

Note:

•Flex7500 supports 1Gbps central switched data throughput for guest access

•Only Flex connect mode AP is supported for data traffic

•Static AP-manager interface

(Note: For Cisco 7500 Series controllers, it is not necessary to  configure an AP-manager interface. The management interface acts like an  AP-manager interface by default, and the access points can join on this  interface.)

•AP joined on local mode should be converted to Flex/Monitor, TAC does not support local mode AP services.

7.2.103.0 supports 802.1X on Centrally switched wlan unlike 7.0.116.0.

 

From: Saravanan Lakshmanan - Cisco CSC

https://supportforums.cisco.com/docs/DOC-23474

Saturday
Apr212012

End-of-Sale and End-of-Life Announcement for the Cisco Unified Wireless IP Phone 7921G Power Supplies

End-of-Sale and End-of-Life Announcement for the Cisco Unified Wireless IP Phone 7921G Power Supplies

Description: Cisco announces the end-of-sale and end-of-life dates for the Cisco Unified Wireless IP Phone 7921G Power Supplies. The last day to order the affected product(s) is October 19, 2012. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available until the termination date of the contract, even if this date exceeds the Last Date of Support shown in Table 1.

Date: 2012-04-20 15:41:00.0


Url: http://www.cisco.com/en/US/prod/collateral/voicesw/ps6788/phones/ps379/ps7071/end_of_life_notice_c51-706105.html

Wednesday
Apr112012

Cisco WISM 2 Part Numbers: Quick Reference

I wanted to reference these part numbers as a quick reference for anyone that is looking for this information.

WISM 2 HARDWARE w/ SMARTNET

The WISM 2 hardware can be purchased in the available license sizes. They start at 100 and can be maxed out at 1000.  You receive the physical blade and license with the purchase of the below part numbers.

WS-SVC-WISM2-1-K9          100 access point       - CON-SNT-WSM2100 8x5xNBD
WS-SVC-WISM2-3-K9          300 access point       - CON-SNT-WSM2300 8x5xNBD
WS-SVC-WISM2-5-K9          500 access point       - CON-SNT-WSM2500 8x5xNBD
WS-SVC-WISM2-K-K9          1000 access point     - CON-SNT-WSM21K   8x5xNBD
 

WISM 2 ADDER LICENSES w/ SMARTNET

You can purchase additional licenses as you grow in 100 and 200 increments.

L-LIC-WISM2-100A              100 access point       - CON-SNT-LWSM21A 8x5xNBD
L-LIC-WISM2-200A              200 access point       - CON-SNT-LWSM22A 8x5xNBD

CICSO WISM 1 BUY BACK

Cisco has a great incentive program to purchase back your old WISMs. I would ask your Cisco sales representative for details.

Tuesday
Apr102012

Cisco 1130/1131 AP Crashes: Bug CSCtw56233 (7.0.220.0)

We recently upgraded from 7.0.116.0 to 7.0.220.0 to resolve a bug we were experiencing with connectivity. After upgrading, we hit a new bug in 7.0.220.0. This new bug only became apparent, because we have WCS Email alerts configured.

After we upgraded to 7.0.220.0 we almost immediately started to receive the following WCS Email alerts. We had random access points going offline. After closer inspection, the access points showed the "AP Crashed Due To Software Failure"

Message: Access Point 'AA-1131' associated to controller 'xx.xx.xx.xx' on port number '0'. Reason for association 'AP Crashed Due To Software Failure '.
Message: Access Point 'AB-1131' associated to controller 'XX.XX.XX.XX' on port number '0'. Reason for association 'AP Crashed Due To Software Failure '.
Message: Access Point 'AC-1131' associated to controller 'XX.XX.XX.XX' on port number '0'. Reason for association 'AP Crashed Due To Software Failure '.
Message: Access Point 'AD-1131' associated to controller 'XX.XX.XX.XX' on port number '0'. Reason for association 'AP Crashed Due To Software Failure '.

We opened a ticket only to learn 7.0.220.0 has a bug specific to Cisco 1130/1131 access points. TAC mentioned this bug is resolved in 7.0.230.0.

 

 

Thursday
Mar152012

Fast Lane CUWN Release 7.2 Delta Webinar

Webinar Dates & Times - Click the date and time you prefer to register:

 

Description:
Please join us for this 1/2 day virtual webinar covering the latest Cisco Unified Wireless LAN Release 7.2 code. This webinar will provide participants an overview of the key new features and enhancements, implementation considerations, and high-level configuration information.

You will learn:
An overview of the key new features and enhancements, implementation considerations, and high-level configuration information, including RRM enhancements, Alloy QoS, FlexConnect enhancements, Wi-Fi Direct, WebAuth scalability enhancements, MSE Virtual Appliance and High Availability, and 802.11u Hotspot and MSAP.

The primary intended audience is customers considering upgrading their network to WLC 7.2/NCS 1.1, and the technical staff responsible for implementing this latest WLAN code.

 

 

Thursday
Mar152012

End-of-Sale and End-of-Life Announcement for the Cisco 2100 Series Wireless LAN Controllers

Title: End-of-Sale and End-of-Life Announcement for the Cisco 2100 Series Wireless LAN Controllers
Url: http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps7206/ps7221/end_of_life_notice_c51-691053.html
Description: Cisco announces the end-of-sale and end-of-life dates for the Cisco 2100 Series Wireless LAN Controllers. The last day to order the affected product(s) is May 2, 2012. Customers with active service contracts will continue to receive support from the Cisco Technical Assistance Center (TAC) as shown in Table 1 of the EoL bulletin. Table 1 describes the end-of-life milestones, definitions, and dates for the affected product(s). Table 2 lists the product part numbers affected by this announcement. For customers with active and paid service and support contracts, support will be available until the termination date of the contract, even if this date exceeds the Last Date of Support shown in Table 1.
Date: 2012-03-14 11:40:00.0

Saturday
Mar032012

Cisco AP VCI 60 – “ServiceProvider”

I was helping another engineer troubleshoot a Cisco access point join problem. To my surprise I discovered the VCI was “Cisco AP c3500-ServiceProvider”

I can appreciate when I end a day with a quick reflection. Did I learn anything new today?

Yesterday was one of those days! I was assisting an engineer with an access point join problem. Of course, I took this opportunity to explain the access point join process and what to look for and how to troubleshoot.

We use DHCP option 43 as our means of joining Cisco access points to our network. After peeking at the DHCP configuration, more specifically the option 43 and VCI string, everything looked good. Other 3500s were joining fine, just these handful of access points were not joining.

I do the typical console into the AP. I see nothing of interest. The access point is not getting the controller IP from DHCP. So we span the switch port of the access point to sniff the access point traffic. I am curious as to what the access point is sending in the DHCP request packet.

To my surprise, the VCI 60 is showing “Cisco AP c3500-ServiceProvider”. Oh, there is my problem! Mistakenly a number of “ServiceProvider” access points were mixed in our access point shipment.

If you have access points not joining, just something to add to your troubleshooting check list!

Thursday
Mar012012

Multiple Vulnerabilities in Cisco Wireless LAN Controllers - 2/29/2012

Cisco announced multiple WLC vulnerabilities this week.

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-wlc

Cisco Wireless LAN Controllers HTTP Denial of Service Vulnerability

The Cisco Wireless LAN Controller (WLC) product family is affected by a denial of service (DoS) vulnerability that could allow an unauthenticated, remote attacker to cause the device to crash by submitting a malformed URL to the administrative management interface.

This vulnerability is documented in Cisco bug ID CSCts81997 (registered customers only) and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2012-0368.

Cisco Wireless LAN Controllers IPv6 Denial of Service Vulnerability

The Cisco Wireless LAN Controller (WLC) product family is affected by a denial of service (DoS) vulnerability where an unauthenticated attacker could cause a device reload by sending a series of IPv6 packets.

This vulnerability is documented in Cisco bug ID CSCtt07949 (registered customers only) and has been assigned CVE ID CVE-2012-0369.

Cisco Wireless LAN Controllers WebAuth Denial of Service Vulnerability

The Cisco Wireless LAN Controller (WLC) product family is affected by a denial of service (DoS) vulnerability where an unauthenticated attacker could cause a device reload by sending a series of HTTP or HTTPS packets to an affected controller configured for WebAuth.

This vulnerability can be exploited from both wired and wireless segments. A TCP three-way handshake is needed in order to exploit this vulnerability.

This vulnerability is documented in Cisco bug ID CSCtt47435 (registered customers only)and has been assigned CVE ID CVE-2012-0370.

Cisco Wireless LAN Controllers Unauthorized Access Vulnerability

The Cisco Wireless LAN Controller (WLC) product family is affected by an unauthorized access vulnerability where an unauthenticated attacker could view and modify the configuration of an affected Cisco WLC.

This vulnerability exists if CPU based access control lists (ACLs) are configured in the wireless controller. An attacker can exploit this vulnerability by connecting to the controller over TCP port 1023. Only the Cisco 4400 Series WLCs, WiSM version 1, and Cisco Catalyst 3750G Integrated WLCs are affected by this vulnerability.

This vulnerability is documented in Cisco bug ID CSCtu56709 (registered customers only) and has been assigned CVE ID CVE-2012-0371.

Tuesday
Feb212012

Webauth stops redirecting after some time: CSCtx00942

We hit this bug a few weeks ago. I love the work around -- Reboot your controller for another week or so. I understand Cisco is working on this bug.

As a side note. Software will have bugs and I appreciate the fact Cisco will publish these in a timley fashion and not hide their issues like some "other" vendors I know.

 

Webauth stops redirecting after some time

Symptom:
It is seen on 7.0.220 4404 WLC that users in the webauth SSID are not redirected to the login page anymore after 1 week or so.

This message appears :
sshglue.c:7009 WebAuth HTTP Redirect rule creation failed for peer 192.168.1.8

Conditions:
webauth, 4404 running 7.0.116/220
Workaround:

A reboot solves the problem for another week or so
Status Status
Open

Severity Severity
2 - severe

Last Modified Last Modified
In Last 3 Days

Product Product
Cisco 5500 Series Wireless Controllers

Technology Technology


1st Found-In 1st Found-in
7.0(116.0)
7.0(220.0)
Interpreting This Bug
Bug Toolkit provides access to the latest raw bug data so you have the earliest possible knowledge of bugs that may affect your network, avoiding un-necessary downtime or inconvenience. Because you are viewing a live database, sometimes the information provided is not yet complete or adequately documented. To help you interpret this bug data, we suggest the following:
  • This bug has a Severe severity level 2 designation. Important functions are unusable but the router's other functions and the rest of the network is operating normally.
  • Severity levels are designated by the engineering teams working on the bug. Severity is not an indication of customer priority which is another value used by engineering teams to determine overall customer impact.
  • Bug documentation often assumes intermediate to advanced troubleshooting and diagnosis knowledge. Novice users are encouraged to seek fully documented support documents and/or utilize other support options available.
  • Sunday
    Feb052012

    CCNP Wireless Exams & Recommended Training v2

    Cisco CCNP Wireless Exam Path. Last day to test on v1 is May 11, 2012.

    Monday
    Jan232012

    WLC: AP Managers Are Pingable - 7.x onwards

    Since the very beginning the AP manager on a Cisco WLC would never respond to pings. Well that has all changed if you use LAG and a AP manager with 7.x code!

    I like how Cisco hides little nuggets in their documentation. It states, in LAG mode, the management and AP manager uses the same base LAG MAC address.


    Note With the 7.0 release onwards, the MAC address of the management interface and the AP-manager interface is the same as the base LAG MAC address.

    LAB

    A show ARP on the distribution switch you can see the MAC is identical for both the manager and AP manager.

    NOTE --

    This was tested on 4402,4404 and 5508 model controllers.

    AP manager(s) aren't needed with a 5508.

    This only applies to a WLC in LAG mode w/ AP Manager

    Additional Reading Material:

    http://www.cisco.com/en/US/docs/wireless/controller/7.0/configuration/guide/c70mint.html#wp1117168

    Friday
    Jan132012

    Cisco Field Notice: Wi-Fi Protected Setup PIN Brute Force Vulnerability

    Note the WPS vulnerability is with home and soho devices and not with Cisco enterprise gear. Note the models below:

    Cisco Response

    On December 27th, 2011 US-CERT released VU#723755 available here: http://www.kb.cert.org/vuls/id/723755

    The US-CERT Vulnerability Note describes a vulnerability that exists in the Wi-Fi Alliance Wi-Fi Protected Setup (WPS) protocol, also known as Wi-Fi Simple Config, when devices are operating in PIN External Registrar (PIN-ER) mode.  Devices operating in PIN-ER mode allow a WPS capable client to supply only the correct WPS PIN to configure their client on a properly secured network.  A weakness in the protocol affects all devices that operate in the PIN-ER mode, and may allow an unauthenticated, remote attacker to brute force the WPS configuration PIN in a short amount of time.

    The vulnerability is due to a flaw that allows an attacker to determine when the first 4-digits of the eight-digit PIN are known.  This effectively reduces the PIN space from 107 or 10,000,000 possible values to 104 + 103 which is 11,000 possible values. The eighth digit of the PIN is utilized as a checksum of the first 7 digits and does not contribute to the available PIN space. Because the PIN space has been significantly reduced, an attacker could brute force the WPS pin in as little as a few hours.

    While the affected devices listed below implement the WPS 1.0 standard which requires that a 60-second lockout be implemented after three unsuccessful attempts to authenticate to the device, this does not substantially mitigate this issue as it only increases the time to exploit the protocol weakness from a few hours to at most several days.  It is our recommendation to disable the WPS feature to prevent exploitation of this vulnerability.

    Vulnerable Products:

    Product Name
    Is the WPS feature enabled by default?
    Can the WPS feature be permanently disabled?
    Access Points
    Cisco WAP4410N
    Yes Yes
    Unified Communications
    Cisco UC320W
    Yes
    No
    Wireless Routers/VPN/Firewall Devices
    Cisco RV110W
    Yes Yes
    Cisco RV120W
    No Yes
    Cisco SRP521W
    Yes Yes
    Cisco SRP526W
    Yes Yes
    Cisco SRP527W
    Yes Yes
    Cisco SRP541W
    Yes Yes
    Cisco SRP546W
    Yes Yes
    Cisco SRP547W
    Yes Yes
    Cisco WRP400
    Yes Yes


    Note: The Cisco Valet product line is maintained by the Cisco Linksys Business Unit. Information concerning the Cisco Valet line as well as information on Linksys by Cisco products will be forthcoming.

    Products Confirmed Not Vulnerable:

    Product Name
    Not Affected Reason
    Access Points/Wireless Bridges
    Cisco AP541N
    Does not support WPS
    Cisco WAP200
    Does not support WPS
    Cisco WAP200E
    Does not support WPS
    Cisco WAP2000
    Does not support WPS
    Cisco WET200
    Does not support WPS
    Unified Communications
    Cisco UC500 Series
    Does not support WPS
    Wireless Cameras
    Cisco WVC210
    Does not support WPS
    Cisco WVC2300
    Does not support WPS
    Wireless Routers/VPN/Firewall Devices
    Cisco SA520W
    WPS not enabled by default
    Does not support PIN-ER configuration Mode
    Cisco RV220W
    Does not support WPS
    Cisco WRV210
    Does not support WPS
    Cisco WRVS4400N
    Does not support WPS

    Additional Information

    Workarounds:

     

    Disable the Wi-Fi Protected Setup feature on devices that allow the feature to be disabled, as listed in the Vulnerable Products table.  Cisco Systems has verified that the products that support disabling the WPS feature do indeed disable it and are not vulnerable once the feature has been disabled from the management interface.

    Fixed Software:

    Product Name
    Fixed Software
    Cisco WAP4410
    To Be Released
    Cisco RV110W
    To Be Released
    Cisco RV120W
    To Be Released
    Cisco UC320W
    To Be Released
    Cisco SRP521W
    To Be Released
    Cisco SRP526W
    To Be Released
    Cisco SRP527W
    To Be Released
    Cisco SRP541W
    To Be Released
    Cisco SRP546W
    To Be Released
    Cisco SRP547W
    To Be Released
    Cisco WRP400
    To Be Released


    Note: The Cisco Valet product line is maintained by the Cisco Linksys Business Unit. Information concerning the Cisco Valet line as well as information on Linksys by Cisco products will be forthcoming.

    Exploitation and Public Announcements:

    Exploit code and functional attack tools that exploit the weakness within the WPS protocol have been released.

    This vulnerability was discovered by Stefan Viehböck and Craig Heffner.

    Status of this Notice: Final

    THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

    A stand-alone copy or Paraphrase of the text of this document that omits the distribution URL in the following section is an uncontrolled copy, and may lack important information or contain factual errors.

     

    Revision History

     Revision  Date  Notes
    1.0 01-11-2012 Initial Public Release
    Friday
    Dec302011

    Cisco WLC 5508 License Gotcha ! (12 AP WLC can only support 487 APs)

    Did you know ? If you purchased a Cisco 5508 WLC with a 12 access point license you just limited yourself to 487 access points?

    The Cisco 5508 is licensed based which means you can add access point licenses as your wireless grows. The Cisco 5508 allows a maximum of 500 access points. This is a new model for Cisco Wireless Lan Controllers. The now legacy 2000,2100,4400 and WISM1 were licensed by the hardware itself.

    You can purchase Cisco 5508 WLC with a 12,25,50,100,250 or 500 access point capacity. Or you can purchase what Cisco calls adder licenses in the quantities of 25,50,100, and 250 access points after the fact.

    The license limitation becomes an issue with your initial purchase of a 5508 with a 12 access point license.

    Since Cisco only resells 25,50,100 and 250 access point licenses the MAX you will ever get on your WLC is 487 access points.

    Note: A 5500 Series WLC with a base license of 12 can only support up to 487 total APs because only 25, 50, 100, and 250 adder licenses are supported.

     

     Read:

    Understanding Cisco 5508 Wireless LAN Controller Licensing

    http://www.cisco.com/en/US/products/ps10315/products_tech_note09186a0080b78104.shtml

     

    p.s. Thanks Patton for the link!

     

     

    Tuesday
    Dec202011

    How to upload the running AP IOS image to a TFTP Server

    Special Guest Post By: Steven Rodriguez
    Since Cisco is locking down software downloads, you may have a need to pull code off your existing access points. Here is a quick recap showing how to process the code with the archive command!


    Ever lost the code you were running on an AP?  Then need to load that code to another?  What if that codes not available for download from CCO anymore?  Well, there's a pretty easy process to get through to get the image from an AP, and onto your TFTP server.

    In this example, I am using a 1131, running 12.4(21a)JY

    The first thing you need, is a TFTP server.  There are plenty of free ones out there.  I tested this with TFTPd32 on a PC, and with TFTPServer on a Mac(10.6).

    So on the PC, it's pretty easy.  Configure your TFTP Server




    Once you've stopped then started the server, you simply need to issue the command

    archive upload-sw tftp://192.168.15.11/c1130-k9w7-mx.124-21a.JY.tar

    As this command is running, it extracts the current running IOS, including the HTML files, and tar them as it's sending to the TFTP server.  <Term mon if you want to watch the process run.>


    On the Mac, I found it to be a little bit different.  With my Mac, even though I did a chmod 777 on my tftp directory, I had to do the following before I attempted to upload the software.



    Once the file is 'created' in my target directory it becomes the same as the PC version.

    archive upload-sw tftp://192.168.15.6/c1130-k9w7-mx.124-21a.JY.tar


    Now, if you have multiple versions of code that have been extracted to your AP, there is a switch that can be used, /version

    archive upload-sw /version c1130-k9w7-mx.124-21a.JY tftp://192.168.15.6/c1130-k9w7-mx.124-21a.JY.tar
                                                     ^this would be the version you wanted to upload.

    Page 1 ... 3 4 5 6 7 ... 16 Next 20 Entries »