INTEL WIRELESS
Wired Stuff
WiFi Tablet Corner
My80211 White Papers (Coming Soon!)

Cisco Wireless Compatibility Matrix (Nov. 2011)

Podcasts / Videos

My80211 Videos

Cisco: 802 11 frames with Cisco VIP George Stefanick

Fluke Networks: Minimize Wi Fi Network Downtime

Aruba: Packets never lie: An in-depth overview of 802.11 frames

ATM15 Ten Talk “Wifi drivers and devices”

Houston Methodist Innovates with Wireless Technology

Bruce Frederick Antennas (1/2)

 

Bruce Frederick dB,dBi,dBd (2/2)

Cisco AP Group Nugget

Social Links
Revolution WiFi Capacity Planner

Anchor / Office Extends Ports

 

Peek Inside Cisco's Gear

See inside Cisco's latest wireless gear!

2.4 GHz Channel Overlap

EXAMPLE 1  

EXAMPLE 2

EXAMPLE 3  

CWSP RELEASE DATE 2/08/2010
  • CWSP Certified Wireless Security Professional Official Study Guide: Exam PW0-204
    CWSP Certified Wireless Security Professional Official Study Guide: Exam PW0-204
    by David D. Coleman, David A. Westcott, Bryan E. Harkins, Shawn M. Jackman

    Shawn Jackman (Jack) CWNE#54 is a personal friend and has been a mentor to me for many years.  I've had the pleasure and opportunity to work with Jack for 4 years. Jack is a great teacher who takes complex 802.11 standards and breaks them down so almost anyone can understand the concept at hand. I'm excited for you brother. Great job and job well done! Put another notch in the belt!

IEEE 802.11a/g/n Reference Sheet

 

LWAPP QoS Packet Tagging

 

 

Interference Types

BLUETOOTH
 

Microwave Oven
 

Cordless Phone

JAMMER!
 

  

Entries by George (324)

Sunday
Jun202010

Autonomous: Carrier Busy Test

  

Back in the day when I couldn’t afford a spectrum or packet analyzer I would often use the next best free thing available. Its called the "carrier busy" test and it’s built into the Cisco Autonomous Access Point.

The carrier busy test will allow you to see what is going on in an environment from 50,000 feet, but that’s about where it ends. It doesn’t have details like a professional analyzer will provide. You could incorporate other commands like frame retries etc to help better interpret “carrier busy”.

Needless to say, it’s a fun command and if you don’t have the proper tools could help you in a pinch. If you do outdoor bridges, you may already use this command to assist on channel assignment.

What is "Carrier Busy"

On a Cisco autonomous access point you can run a command called 'carrier busy'. The AP will shutdown the respected radio interface and will scan all respected channels and report back with a percentage of channel activity. The channel activity collected includes activity from both 802.11 traffic and interference also sometimes called RFI (Radio Frequency Interference).

What this means, if there is 802.11 traffic and suppose there is interference it will compute a  (percentage) to this value. Things to note when you run the carrier busy test the radio will do a shut and all associated clients will lose connectivity between 5 - 8 seconds during the test. After the test the radio will no shut itself and return to production allowing clients to associate again.

I have not found any detailed documentation stating exactly how the access point computes these values. If you have any info please do share!

Command for "Carrier Busy"

If your access point has both 802.11g <dot11Radio 0> and 802.11a <dot11Radio 1> radios you can run busy test on either the 2.4 GHz or the 5 GHz spectrums.

ap#dot11 <Radio Interface> carrier busy

ap#show dot11 carrier busy

802.11g = dot11Radio 0
802.11a = dot11Radio 1

ap#dot11 dot11Radio 0 carrier busy

 

Example # 1 - Carrier Busy (Normal)

This example is a neighboring access point on channel 11 only sending management frames

ap#dot11 dot11Radio 0 carrier busy

*Mar  2 09:07:33.173: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar  2 09:07:34.173: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down

Frequency  Carrier Busy %
---------  --------------
2412          0
2417          3
2422          0
2427          0
2432          0
2437          0
2442          0
2447          4
2452          5
2457          2
2462          5

*Mar  2 09:07:38.695: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar  2 09:07:39.695: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up

 

Example # 2 - Carrier Busy (Microwave)

 I introduced a microwave oven into the mix. You can see there is a significant increase in channel activity from 2447 - 2462. 

ap#dot11 dot11Radio 0 carrier busy

*Mar  2 09:05:52.664: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar  2 09:05:53.664: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down

Frequency  Carrier Busy %
---------  --------------
2412          1
2417          7
2422          5
2427          1
2432          11
2437          13
2442          10
2447          31
2452          36
2457          42
2462          45

*Mar  2 09:05:58.186: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar  2 09:05:59.186: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up

ap#

 

Example # 3 - Carrier Busy (ISO Download)

In this example I introduced 2 laptops and conducted an ISO download for the purpose of creating 802.11 traffic.

ap#dot11 dot11Radio 0 carrier busy

*Mar  2 09:07:33.173: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Mar  2 09:07:34.173: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down

Frequency  Carrier Busy %
---------  --------------
2412          0
2417          3
2422          0
2427          0
2432          0
2437          0
2442          3
2447          9
2452          19
2457          21
2462          23

*Mar  2 09:07:38.695: %LINK-3-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar  2 09:07:39.695: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up

Conclusion

If you don’t have tools and you are in a pinch the carrier busy test may be a tool you might find helpful. Keep in mind, you will need to incorporate other commands to interpret the carrier busy results.

 

Wednesday
Jun162010

Cisco WCS root-user password reset (Windows)

  

If you are reading this then you probably forgot your root-user password like I just did. Its simple to change here is how:

First you need to have access to the server in which WCS is installed. Drop into the DOS prompt of the server (run->cmd).

Navigate to where WCS is installed and dive down into the "\bin" directory. The next order of business is to stop wcs. This is important and don’t cowboy this, because you may cause yourself some issues with the database if you don’t.

Here is how to stop the WCS server on the DOS prompt with \StopWCS command:

D:\Program Files\WCS6.0.132.0\bin\StopWCS


Next you need to run the root-user command. The <PASSWORD> is where you will enter your new root-user password.

D:\Program Files\WCS6.0.132.0\bin\passwd root-user <PASSWORD>

 

Once you run this it may take a few minutes but you will receive feedback like this:

Output:
----------
Initializing...
Updating root password.
This may take a few minutes...
Successfully updated root user

 

Next simply restart WCS and your root-user password should be reset!

D:\Program Files\WCS6.0.132.0\bin\StartWCS

 

Sunday
Jun062010

IEEE 802.11n Standard Available for download

  

The IEEE has released the 802.11n Standard for download. Enjoy!



Thursday
Jun032010

Cisco 4.2.209.0 Controller Code Release

  

Cisco released a new rev for the controllers, 4.2.209.0. I'm not really surprised Cisco is still supporting 4.2. There are a number of large healthcare systems still on the 4.2 rev. 

Table 3 Resolved Caveats 

ID Number
Caveat Title

CSCtb31111

Memory Leak in EAP framework task

CSCsl22707

AP1250 Resets During Boot Using POE from 3550 Switch

CSCsm84048

AP1250 does not get 20 W power if switch is configure for trunk port

CSCso50723

WLC2106 EAP-FAST PAC provision failed due to slow DiffieHellman

CSCsq09933

Converted AP w/ static IP ignores DNS after downloading full image

CSCsv77658

AP reset from watchdog timer expired

CSCsw31160

Lobby Admin username can be used for webauthentication

CSCsx07150

Voice gap when phone roams, if CAC is not configured on APs

CSCsx50408

LWAP DOS Attack trap message does not record the source MAC address

CSCsx69535

AP on different subnet lost connetion with WLC

CSCsx70889

Crash due to stack corruption caused by recursive tunnels

CSCsx71175

WLC broadcast dhcp does not comply with RFC 1542

CSCsy06464

H-REAP AP obtains IP via DHCP on wrong interface

CSCsy06689

Memory leak on 3.2.210.0

CSCsy30722

Next hop address stored in capwap doesn't get updated on rcving GRAT ARP

CSCsy97077

WLC Controller 'show run-config' is truncated, not complete, incomplete

CSCsz03148

Talwar crashes @ EAP Framework

CSCsz14243

Unable to enable the WLAN while the APs are joining

CSCsz26858

WLC crash Task Name: dot11b (usmDbSnmpRrmProfileFailureTrapSend)

CSCsz32424

Rogue not detected on wire using the arp

CSCsz38828

AMAC radio core dumps: transmitter seems to have stopped

CSCsz48244

4.2 Mobility Control path flapping up/down

CSCsz48460

AP crashing on dot11_tx

CSCsz49863

WLC Local EAP auth periodically fails with 792x phone using EAP-FAST

CSCsz58995

Reaper reset crash on WLC with 1 monitor AP

CSCsz64049

WLC crash - nf_iterate causes kernel panic/exception

CSCsz72416

Unexpected vlan is assigned due to failed to aaa override

CSCsz76796

PMK cache isn't updated

CSCsz82548

Clients can communicate even though clients auth status is "No"

CSCsz88241

Per user bandwidth contracts stop functioning

CSCsz89606

AP unable to perform DNS based on given DHCP DNS options

CSCta09996

Sometimes LAP can't join to WLC via alternative port in port redundancy

CSCta13941

AP rejecting association request with status code 13

CSCta19001

AP1000 reboots continously when applying fix for CSCsl90630

CSCta29484

Radio stops beaconing for 10-second period

CSCta40160

Dropping primary discovery request from an AP already joined to the WLC

CSCta45156

Upgrade to 6.0.182.0 Webauth login page text views as one long sentence

CSCta93380

WLC on 4.2.205.0 drops bootp packet

CSCtb12031

1142 / 1252 inconsistently ACKs Vocera (gen1) badge

CSCtb29243

ARP storm on inter-controller NAC scenario for quarantined client

CSCtb34971

WLC WISM loading 3rd party cert for web-auth disables HTTPS port 443

CSCtb36010

Lightweight AP responds on port 22 when SSH is disabled

CSCtb52563

WLC 4.2.205.0 crashes at spam_CCM_decrypt+124

CSCtb58091

WLC CPU Spike with emWeb - Controller Not Responding - No crash

CSCtb64994

Intermittent Webadmin and Webauth access on WiSM running 5.2.193

CSCtb74239

WISM crashed on task sshpmMainTask System Crash

CSCtc03575

Controller fails to redirect web authentication to external server

CSCtc15346

AP1252 fails to retransmit missing AMPDU packet in response to block ack

CSCtc45090

Controller sends wrong mac in ARP response, can cause mobility flapping

CSCtc91431

ReadOnly local management user can change H-REAP VLAN mapping

CSCtc97595

Only one of many Gratitous ARP packets are forwarded to client

CSCtd01611

Important TLS/SSL security update

CSCtd16938

WLC crash after passing invalid arguments to emweb

CSCtd26408

WCS 4.2.110.0 cannot modify external web auth redirection URL for WLANs

CSCte40517

WLC2106 reboots at pemReceiveTask

CSCte55458

Web-Auth: Web page takes a long time to display under heavy load

CSCte89891

Radio may stop transmitting beacons periodically

CSCtf63030

Radio may get stuck in RESET or DOWN state

Tuesday
May252010

"Official Study Guide" trap! - Just my 2 cents!

 

 

All to often folks fall into the "Official Study Guide" trap! By this I mean folks assume that all of their exam questions and answers will be in the "HOLLY” Official Study Guide.

Sorry to burst your bubble, but that just isn’t the case. If you sit any exam today don’t be surprised to get questions not in the official study guide! Don’t feel bad; I was in that same boat, "man I read the entire book 3 times. I did the cd 5 times, but that question just wasn't in the book!!". Silly me ... 

Regardless of your focus (wireless, security or wired). You need to focus on the exam objectives, PERIOD. If your exam objectives are the "Fundamentals of Wireless" for example, it is best to read this topic from different authors. This will give you a different perspective from each author. A lot of folks don’t realize that the authors of the books we read called the “Official Study Guide” have no advance knowledge of the questions being asked! You read that right ... They are contracted to write about specific exam topics. Its then up to the author to share his knowledge and articulate it well so that we can all understand.  If you get a crappy author, guess what ... you get crap! Having personally spoken to a number of authors and having a close friend who was a co-author on the CWSP book, they will tell you. They have ZERO KNOWLEDGE of specific questions pertaining to the exam.

To drive my point home....

The name Dave Hucaby may ring a bell. He is the author of countless Cisco Press books, great author by the way. He is blessed with an extraordinary writing ability. I own a number of his books. He commented just yesterday on Cisco Learning Network about how he "neither writes, screens, nor approves the questions that are on the exam. I only write a book about what I think will appear on it, to the best of my knowledge"

 

"Dave Hucaby:

While we're discussing surprise topics on the exam, has anybody gotten a question that was specific to the Catalyst 6500? I've gotten a report from two test takers that saw some of those crop up. The 6500 is not supposed to be on the exam blueprint (really? how can you tell?), and apparently it received coverage in the beta SWITCH exam, but has since been removed.

Be advised that I neither write, screen, nor approve the questions that are on the exam. I only write a book about what I think will appear on it, to the best of my knowledge”

https://learningnetwork.cisco.com/docs/DOC-6566

IN SHORT … STUDY THE EXAM OBJECTIVES!

Saturday
May152010

Take a peek inside Cisco's wireless gear ~ Literally !

 

 

Have you ever seen inside a Cisco (cb21) ABG/PCMCIA wireless card, Cisco 1142, Cisco 1131, 2006 controller, etc ? The answer is probably no, but no worries we have! (continue to check back as more devices will be added)

Click on each pic to enlarge 
 

Peek inside a Cisco cb21 a/b/g Wireless Card -  

 

 

 

Peek inside a Cisco 1131 a/b/g Access Point -

 

 

Peek inside a Cisco 1142 a/b/g/n Access Point - 

 

 

Peek inside a Cisco's "Clean Air" 3502I a/b/g/n with Spectrum Chip Access Point -



 

Cisco latest 802.11ac offering, 3702i (AIR-CAP3702i-A-K9) model access point 

(Click on image to enlarge)  

 

 

 

 

 

 

 

 

 

 

 

 

Saturday
May152010

Free 2nd shot voucher on all CWNP Exams from May 1 – August 31, 2010

  

GREAT DEAL from CWNP! If you are slaving away to become CWNP certified you dont want to pass up this DEAL!

Here’s how it works.

  • Take the CWTS (PW0-070), CWNA (PW0-104), or CWSP (PW0-204) exam between May 1 and August 31, 2010.
  • If you do not pass the exam, send us your Pearson VUE score sheet via fax (866-422-8354) or email (customercare@cwnp.com).  Make sure we get your full name and email address.
  • Within 15 business days, we will email you your free second shot exam voucher.

It really is that simple.  We want you to go into any exam with confidence that you can pass the exam.  Below are some caveats that we want you to be aware of.

  • You must TAKE the exam between May 1 and August 31, not just buy your exam voucher or register for the exam.
  • We will validate all 2nd Shot submissions with the Pearson VUE Testing Center
  • Only one 2nd Shot voucher per failed exam.
  • No substitutions: if you fail CWSP, you can’t get a free shot at CWNA, for example.
  • All 2nd Shot Exam Vouchers will expire on Dec 31,2010.
  • No returns, substitutions, or exchanges on 2nd Shot Exam Vouchers

http://www.cwnp.com/index/store/promos#free2ndshot

Saturday
May152010

TKIP Countermeasure caught in the wild!

  

I want to share an event you may not see very often in the wild, TKIP countermeasure. 

What is a TKIP countermeasure and why is it important?
 
By deafult, Cisco WLCs and autonomous access points will suspend all TKIP traffic on a radio / ssid if a client sends 2 bad MICs in a 60 second period for a duration of  60 second. This is a measure that prevents the spoofing of frames by hackers.
 
Fully authorized wireless clients can occasionally send a bad MIC(s). In fact, a colleague of mine once had a bad wireless NIC that was notorious for throwing bad MICs. His machine was a walking "DoS" attack of sorts. LOL
 

The TKIP countermeasure is a configurable variable by SSID and can be disabled. I blogged about this in December of last year. The commands for both the WLC and Autonomous are below:


So what happen?

I was simply reviewing logs in WCS when an alert popped up. Once I seen 'MIC' in the header I thought right away, is this a TKIP countermeasure event and sure enough. I've since monitored the device to insure it wasnt a problem child.
NOTE: Cisco recommends to disabled TKIP Countermeasure on all Voice SSIDs.
 
Wednesday
May122010

Review: CCIE Cisco Certified Internetwork Expert Wireless Certification Exam Preparation Course in a Book for Passing the CCIE Exam

  

I completed my read of the "CCIE Cisco Certified Internetwork Expert Wireless Certification Exam Preparation Course in a Book for Passing the CCIE Exam" by William Manning

I'm surfing Amazon looking for a good read for my iPad. I stumble across this book. So, I shot a few emails to some colleagues of mine if anyone read this or knew about it before I purchased it. There weren't any reviews on Amazon for this title either. So what the heck for $16.00 let me give it a spin!

At first impression you aren't sure if this is a study guide for the lab or written or both. It turns the book is geared towards the Cisco CCIE Wireless written exam. The content itself is a mile high and a inch thick. By this I mean it covers broad topics and doesn't go into great great  detail. That's not a bad thing. Just know what to expect. 

If you are preparing for your Cisco CCIE Wireless written you may find this of interest as refresher material. Keep in mind this is NOT your 'offical' everything you need to pass guide. But rather a quick review of objectives you will find on the exam. 

Is it worth the $16.00... yea, but I wouldn't spend a penny more!

 

Wednesday
May122010

ASK THE EXPERTS - CCIE WIRELESS

  

CISCO is hosting "ASK THE EXPERTS - CCIE Wireless". THIS ENDS MAY 21ST. If you are studying for the CCIE Wireless, you dont want to miss this event!

https://supportforums.cisco.com/message/3068777#3068777

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity to get an update on the CCIE Wireless Certification with Cisco expert Javier Contreras. Javier Contreras is a senior escalation engineer for the Wireless Business Unit focused on the EMEA region. He is involved in high-priority support cases for wireless infrastructures, CCIE Wireless development, wireless security testing, and leading the Cisco Wireless LAN Controller (WLC) Configuration Analyzer application. Previously at Cisco, he has worked in security consulting and training. He has 13 years of experience in IT and networking industry. Contreras also contributed to the Cisco Press book "Deploying and Troubleshooting Wireless Networks." 

Remember to use the rating system to let Javier know if you have received an adequate response. 

Javier might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through May 21, 2010. Visit this forum often to view responses to your questions and the questions of other community members.

 

Wednesday
May122010

Special 7925/7921 (1.3.4.0.2) Build Available From TAC

  

Another special TAC release (1.3.4.0.2) this time for the Cisco 7921G and 7925G IP Phones. I'm told this release is a 'quick fix' for the battery issue discovered in release 1.3.4. 

Sources at TAC mentioned 1.3.5 could be out as early as end of May. Comments were also made that

 1.3.4.0.2, "has been through only basic testing to verify the power consumption issues"

 

Battery Life After Returning From Out of Range State

The Cisco Unified Wireless IP Phone may have a short battery life after returning from the out-of-range
state. The battery life can be two to four hours long if the IP phone travels out of range for up to three
to five seconds, and then returns in range of the configured network without rebooting the IP phone.
This may occur with IP phones using firmware release 1.3(4), but not with any earlier release. If your IP
phone experiences a short battery life after it has operated out-of-range for a few seconds, you can reboot the IP phone. The out-of-range alert may be enabled in Unified CM to provide a notification anytime the IP phone leaves the service area. For more information of the status of this operation, refer to CSCtf82507, using the Software Bug Toolkit.

 

Tuesday
May112010

Cisco - Cisco CleanAir 3500 vs Aruba’s ARM Video

  

Cisco demonstrates their latest access point offering the Cisco CleanAir 3500 access point / spectrum analyzer vs Aruba's ARM.

It was no secret when Cisco purchased Cognio their intentions were to integrate the spectrum chip technology on the board of a Cisco access point. In fact shortly after the purchase of Cognio we met with Cisco Engineering for a large deployment we were working on outside of San Jose. A Cisco Wireless engineer in the "know" commented, "With our recent purchase of Cognio we will bring spectrum analysis never seen before in the enterprise -- On each AP -- just give it a little time and you wait and see". Fast forward to today --- behold the CleanAir 3500. 

Cisco brings to the table a technology offering other vendors can't come close to and at a price point that makes it affordable for full scale deployments (if you have a little bigger wallet of course)! Cisco's RRM like Aruba’s ARM leverages WiFi chip technology whereby analyzing a noise floor via channel scanning. I’m not sold on RRM and ARM technology; however I'm "drinking" Cisco CleanAir. Call me old school I suppose! I've done my own testing introducing interference on channel and observed mixed results of dynamic channel allocation with both Cisco RRM and ARM. 

Marcus Burton from CWNP did a great evaluation of the 3500. Read more about it here:

http://www.cisco.com/en/US/solutions/collateral/ns340/ns394/ns348/ns1070/Cisco_Premium_final.pdf 

"While other vendors have previously claimed spectrum-level visibility in their APs, they suffer from the unfortunate effect of ill-advised marketing. What is billed by some as “spectrum analysis” is nothing more than 802.11 Wi-Fi utilization analysis, or very, very minimal spectrum data. A good feature, but it’s not true, useful spectrum analysis." - Marcus Burton / CWNP

NOTE: (From Jim Jim Florwick @ Cisco)

Launch details are located here:

 

http://www.cisco.com/en/US/partner/netsol/ns1070/networking_solutions_package.html

 

Licensing is based on system compomnents and levels.  At the base level - a Cisco 3500 AP and a controller running version 7.0 code wil provide full view of current CleanAir information and supports the full mitigation features as well as Spectrum expert connect feature.

 

Adding WCS will allow historical reporting of AirQuality metrics and monitoring of security related IDR's (Interference Device Reports).  As well as inclusion of a CleanAir Dashboard and trending information with regards to AirQuality.  This is available with the WCS base license.

 

Adding the MSE to the system provides a great deal of functionality including historic Interference specific reports, and location (current and historical) of interference devices.  The MSE requires that WCS have a plus license - and will also require CAS (Context Aware Sevice) license seats for the individual interference targets.

 

At present there will be free CAS licenses offered with bundles of 3500 series AP's, up to 100 seats for 20 AP's.  Release date of the 7.0 software is targeted for the end of May as well. 

 

NOTE: Cisco CleanAir Technology At A Glance

 

http://www.cisco.com/en/US/solutions/collateral/ns340/ns394/ns348/ns1070/aag_c22-594304.pdf

Sunday
May092010

WLC: Configuring Fast SSID Changing 

 

 

So when you jump between different SSIDs on your WLC are you noticing a delay connecting right away to the new SSID? If you answered, YES.... Do you have fast ssid enabled?

When fast SSID changing is enabled, the controller allows clients to move between SSIDs quicker. When the client sends a new association for a different SSID, the client entry in the controller connection table is cleared before the client is added to the new SSID.

When fast SSID changing is disabled, the controller enforces a delay before clients are allowed to move to a new SSID.

 

Keep in mind this is a global setting.

 

CLI COMMAND:

config network fast-ssid-change {enable | disable}

 

GUI COMMAND:

Step 1 Choose Controller to open the General page.
Step 2 From the Fast SSID Change drop-down box, choose Enabled to enable this feature or Disabled to disable it. The default value is disabled.
Step 3 Click Apply to commit your changes.
Step 4 Click Save Configuration to save your changes.

 

Friday
May072010

ASK THE EXPERTS - CISCO CLEAR AIR TECHNOLOGY

 

 

Cisco hosts "Ask The Experts" events where you can ask the people in the know questions. This ends may 21st. 

https://supportforums.cisco.com/message/3068840#3068840

Welcome to the Cisco Networking Professionals Ask the Expert conversation. This is an opportunity Learn how to avoid wireless interference problems and speed WLAN troubleshooting with Cisco expert Jim Florwick. Jim Florwick has over 20 years experience in the design, integration, and maintenance of wired and wireless communications networks. Florwick joined Cisco as part of the Cognio acquisition in 2007. He is a member of the Technical Marketing Engineering team for Cisco’s Wireless Business Unit.  Florwick has been focused on Radio Resource management (RRM) and CleanAir product development.  Prior to Cognio, he designed and deployed mission critical networks for many Fortune 500 enterprises and leading organizations through his senior consulting positions at NCR, AT&T and Ventus Networks.

Remember to use the rating system to let Jim know if you have received an adequate response.

Jim might not be able to answer each question due to the volume expected during this event. Our moderators will post many of the unanswered questions in other discussion forums shortly after the event. This event lasts through May 21, 2010. Visit this forum often to view responses to your questions and the questions of other community members.

Friday
May072010

Guy gets 4 years for selling knockoff Cisco GBICs

 

 

Greed is a nasty thing. It will send this guy up the river for 4 years and likely will get him deported. Note to self: If the contract states genuine Cisco products. Knockoffs don't count!

By DALE LEZON Copyright 2010 Houston Chronicle

May 6, 2010, 2:09PM

Saudi man who lives in Sugar Land was sentenced to federal prison for supplying counterfeit Cisco Systems Inc. computer parts to the Marine Corps in Iraq.

Ehab Ali Ashoor, 49, was sentenced to four years and three months in prison after he was convicted at trial in January, federal authorities announced today.

Ashoor also was ordered to pay $119,400 restitution to Cisco.

He also is subject to deportation after he serves his sentence.

Federal officials said Ashoor bought counterfeit Cisco Gigabit Interface Converters (GBICs) from an on-line vendor in China to satisfy a contract he had with the Marine Corps to deliver genuine Cisco parts.

According to the evidence introduced at his trial, Ashoor, through his company CDS Federal Inc., was awarded a contract to supply 200 Cisco GBICs to the Marine Corps to be used in their computer network at a base in Al Taqaddum, Iraq, federal officials said.

Federal authorities said the contract specifically stated the GBICs had to be genuine Cisco products.

But Ashoor bought 200 GBICs from a Hong Kong vendor off eBay for approximately $25 each and told the vendor he wanted them to be in Cisco packaging, federal officials said.

Federal authorities said his contract called for Ashoor to be paid $595 per GBIC for a total contract price of $119,000.

In attempting to satisfy the contract with counterfeit products, Ashoor paid only $5,500 for the 200 counterfeit Cisco GBICs from China, federal officials said.

Tuesday
May042010

Special 6.0.196.158 WLC build available from TAC

 

 

Not often you see 'special' releases on the Cisco WLC. I think Cisco tagged 6.0.196.0 as assurewave to soon! If you are having issues, TAC may recommend this TAC only release

Date entered: 4-May-2010 

Summary: fixes for several important WLC bugs are in the 6.0.196.158 build, available through TAC. This build will not be posted to CCO; the fixes will be incorporated into the next 6.0 release targeted for summer 2010. For more information, see the 6.0.196.158 release notes.

Addendum Release Notes for Cisco Wireless LAN

Controllers and Lightweight Access Points for
Special Build 6_0_196_158
___________________________________________
Base Code: 6.0.196.0
Special Build: 6_0_196_158


ENGINEERING SPECIAL BUILD


6_0_196_158 is a build from 6.0.196.0, and it is an engineering special that resolves the following
additional caveats:


CSCta13941 - AP rejecting association request with status code 13
CSCtb02136 - AP with AP Groups and HREAP will not broadcast SSID
CSCtb20125 - CCMP errors on key rotation
CSCtb92872 - WiSM: System crash - Task "cids-cl Task" taking too much cpu:
CSCtc23789 - AP radio down - interface stuck in reset
CSCtc57611 - Delay in Music on Hold on 7925 with HREAP AP
CSCtc73503 - Radios are showing Tx power level 0
CSCtd28542 - WLC crash on emWeb due to AP config change
CSCtd97011 - Radio core dump: Neighbor Discovery frames stuck
CSCte19262 - Client Deauthenticated – “Unable to locate AP 00:00:00:00:00:00”
CSCte55219 - radio core dump due to large # of uplink frames in inprog queue
CSCte55458 - Web-Auth: Web page takes a long time to display under heavy load
CSCte62815 - 5508 not passing OSPF Multicast traffic
CSCte78472 - Invalid PHY rate returned on ADDTS response
CSCte81420 - Crash in process: "Dot11 driver "
CSCte89891 - AP doesn't transmit beacons
CSCte92365 - Auto Immune - AP side
CSCte93549 - The dot11a radio not able to pass traffic, tx queue getting filled.
CSCte96140 - Ethernet bridging breaks when the Ethernet interface of AP 1242 flapped
CSCtf23682 - 5508 - AP cannot join with Multicast MAC as gateway (checkpoint)
CSCtf27580 - Ethernet interface input queue wedge from broadcast/uniGRE traffic
CSCtf34858 - Clients unable to pass broadcast traffic
CSCtf63030 - Radio may get stuck in RESET or DOWN state
CSCtf69598 - Memory leak in AP on CCKM Failure
CSCtf94589 - AP mac address discrepency in aggressive load balancing packets.


*ENGINEERING SPECIAL USE DISCLAIMER*

The Engineering Special fix supplied herewith is a Temporary Software Module which has undergone
limited testing. This temporary software module is provided “AS-IS” without warranty under the terms
of the END USER LICENCSE FOR THIS PRODUCT. Please use this software at your own risk. The
intention for this code fix is for you to use in your production environment until a released version is

available. 

Americas Headquarters
Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
© 2010 Cisco Systems, Inc. All rights reserved. 95134-1706 USA

Sunday
Apr252010

Aircrack-ng 1.1 Released (4/25/2010)

 

 

I'm a big fan of Aircrack-ng. Looking forward to test release 1.1.  

Are you new to wireless security and never heard of Aircrack-ng ??

WiKi: http://en.wikipedia.org/wiki/Aircrack-ng

Aircrack-ng is a network software suite consisting of a detector, packet snifferWEP and WPA/WPA2-PSK cracker and analysis tool for 802.11 wireless LANs. It works with any wireless card whose driver supports raw monitoring mode (for a list, visit the website of the project or [1]) and can sniff 802.11a802.11b and 802.11gtraffic. The program runs under Linux and Windows; the Linux version has been ported to the Zaurus and Maemo platforms, and a proof-of-concept port has been made to the iPhone.

 

Offical Aircrack-ng Blog: http://aircrack-ng.blogspot.com/2010/04/aircrack-ng-11.html 

A lot of bug fixes (including the buffer overflow in different tools) and improvements have been done. The most noticeable changes are the addition of airdrop-ng by TheX1le and the interaction in airodump-ng.
Here is the changelog:
- airdrop-ng: New tool by TheX1le.
- airodump-ng, aircrack-ng, airdecap-ng, airbase-ng: Fixed buffer overflow in airodump-ng due to forged eapol frame.
- aircrack-ng: Fixed multicast detection (WPA handshake detection).
- airodump-ng: Added interaction (see wiki for the commands).
- airodump-ng: Fixed client time in netxml file.
- airtun-ng: Add WDS and bridge support.
- airbase-ng: automatically set privacy bit to 1 if WPA or WPA2 is used (-Z or -z option).
- airmon-ng: Updated iw URL for v0.9.19.
- airdriver-ng: Fixed link for madwifi-ng.
- aireplay-ng: Chopchop enhancement to not stop but wait on deauth packets.
- tkiptun-ng: Fixed segfault.
- wesside-ng: Fixed compilation bug with recent version of gcc.
- cygwin: Compiling sqlite isn't necessary anymore, libsqlite3-devel package can be used.
- osdep: Strict aliasing and x86_64 fix.
- osdep: Add tap support for Darwin/OS X. Still require tuntaposx from sourceforge to work.
- All: Fixed compilation on cygwin 1.7.
- All: Fixed compilation on recent version of OSX.
- manpages: Fixed aireplay-ng manpage for attack 0: not disassociation packets, deauth packets.
- manpages: Added the keys for interaction in airodump-ng.
- patches: Added regulatory domains override patches for atheros drivers (ath5k, ath9k and ar9170).
- patches: Added 2.6.32 patch for r8187 driver (ieee80211).
- Makefiles: Fixed make uninstall.

Aircrack-ng 1.1Aircrack-ng 1.1 is released ;)
A lot of bug fixes (including the buffer overflow in different tools) and improvements have been done. The most noticeable changes are the addition of airdrop-ng by TheX1le and the interaction in airodump-ng.

Friday
Apr232010

802.1x or 802.1X – That is the question!

 

 

There is no other group in IT that focuses on details like ‘us’ wireless geekz. We read through books, PDFs, press releases and study every little detail! Last week the question came up. Is it, 802.1x (lower case) or 802.1X (upper case). BTW ~~ Headers aren't showing properly, but you get the idea. 

So what is the difference between a small x and a capital X ? Let’s first look how the IEEE assigns the numbers we reference everyday…. Let’s pick on 802.11 and 802.3, shall we.

802 = PROJECT

First , you have the 802 (PROJECT). This is the ROOT level of the tree. We reference 802 as part of 802.3 and 802.11 standards all day long. Think of 802 as the root / base of the tree.

802.11 or 802.3 = WORKGROUPS

Under the 802 project the IEEE assigns something called “workgroups”.  A workgroup is formed to solve certain issues. These are the folks that create the STANDARDS, key word here STANDARDS. Standards created by the workgroup always references capital letters, should there be a letter in the standard *cough* 802.1X 

Let’s look at two standards. 

802.3 = Ethernet Standard

802.11 = Wireless Standard

802.11n or 802.3af = TASK GROUP

Under the STANDARD you have something called TASK GROUPS. So the standard was defined and as needs arise and modifications are needed to the standard (also referenced as amendments), tasks groups are formed. Task groups start with a single lower case letter and sequentially progress a,b,c,d,etc.

For example, the 802.11 STANDARD was created and a TASK GROUP called ‘a’ was formed, also called the 802.11a amendment. 

(Note: once all the single letters are used, an additional letter will be applied. For example 802.3af)

So break it down ….. 802.11n = WHAT? 

(802 = PROJECT + 11 = WORKGROUP + n = TASK GROUP)

 

BACK to 802.1X

802 is the project, of course. We just covered that … 

1X is the WORKGROUP that created the 802.1X standard. The standard is ALWAYS referenced with a capital letter, in this case X. 802.1X IS THE STANDARD, as there isn't any amendments. So if you answered: Capital X, you are correct!

 

Wednesday
Apr212010

My80211.com “CWNA or BUST! -- Envelope please... and the winners are!

 

 

Envelope please... and the winners are!

I would like to thank everyone who applied for the My80211 CWNA / CWSP or BUST contest. It was a very very difficult decision to choose from so many great responses. Although you may not have been selected this go around, I encourage you to follow the blogging efforts of your peers. We will have similar giveaways in the future and I encourage you to apply!

Candidate Selection

When looking at candidates we took many factors in our decision making process. We wanted to insure each person had a desire and more importantly the drive to make it to the finish line of the CWNA or CWSP certification. While it is an extremely difficult to 'sniff' out folks with the desire and drive we think we did a good job. These lucky winners will be blogging to the WORLD with feeds through CWNP, MY80211 and other affiliated links. No pressure, right !? We also wanted to experiment with folks who have different levels of certifications. 

The lucky candidates have committed to a weekly blog. If they obtain their respected certification in 6 months expiring on 10/31/10 -- each will receive $100.00 of my hard earn cash towards their exam fee! 

In addition, tools are important. So, I will include an additional bonus. That’s right, there is more! Candidates will receive 2 Cisco 1200 series access points, console cable, power bricks, and a Cisco CB21 abg wireless PCMCIA – These are yours to keep courtesy of my80211.com   

I chatted with Kevin and the CWNP kits will ship this week. Expect to see your APs in 2 weeks! 

CWNP Sponsorship 

This could not be possible without the help of Kevin and Marcus @ CWNP. I would like to thank you for your contribution and I'm sure the lucky winners will as well. 

Envelope Please

and the winners are ........

John Bogard, Rick Todd, and Darby Weaver

John Bogard - John currently holds a CCNA certification. Some of you may know John from his participation on the Cisco Learning Network. John is seeking to expand his knowledge by achieving the CWNA certification. John is also studying for the CCNA Wireless Certification. 

Rick Todd - How can you not pick a guy with two first names (poor guy). ~~LOL~~ Rick has a wealth of hands on experience and holds a number of certifications. Rick currently holds both the wireless# and CWTS (CWNP) certifications. Rick has worked for a wireless ISP, has amateur radio experience and is seeking to further his experience and education by achieving the CWNA certification. 

Darby Weaver - Most of you may know Darby from his blog, "CHRONICLES OF DARBY WEAVER, NETWORK ENGINEER" @ http://darbyslogs.blogspot.com/ or maybe you follow him on Twitter. Darby currently holds a wealth of certifications (CCNP,CCSP,CCVP,CCDP,etc) and is interested in obtaining his CWNA certification. Darby currently works in the Healthcare industry and I know he will bring an interesting perspective and study style that you will enjoy and follow. Darby brings experience, hands on and a wealth of knowledge from wired to wireless.

I wish each of you success in your journey for your CWNA certification. Don’t underestimate this certification. It is a challenge to achieve and a mountain to climb! You will have thousands of peers following your blogs... I’m sure you'll do well. We're all on the same team and if there is ANYTHING that I can help with, I am a phone call / email away as well as the experts @ cwnp.com . 

As for me, I will putting my hat in the ring as well. I have put my CWSP studies on hold waiting for the new material which was recently released. I will be blogging my efforts for the CWSP!

Congrats ! The spot light is on us now and its time to put the rubber to the road!

 

Monday
Apr192010

Invitation to attend Cisco's Wireless Control System (WCS) webcast on April 20th, 2010