Sunday, December 19, 2010

Busy weeks!

  So, it's been a few weeks since I've had a chance to post anything and there's been quite a bit going on! Firstly, I spent a few days in Atlanta coming up to speed on the Mobile Access VE Solution for low-cost indoor cell repeating utilizing your existing CAT5,6,7 cabling. I can't wait to get dug into an install - quite a different mindset from wifi to cellular.

  After that, spent a few days in San Jose for the Cisco Partner VT meetings and learned about all sorts of up coming new stuff from Cisco that can't be talked about yet - infact, that's probably the biggest reason that I've been somewhat quiet recently - being wrapped up in NDA style information makes it hard to be social. :)
Contribution to the page netted me a Cisco Cius when they're available. Thanks to Vic Nunes for making that happen!

  Upcoming in March (17th and 18th) is the Wireless Tech Field day in San Jose that I'm quite excited to be a part of! The fine folks over at Gestalt IT that put on the 'regular' Tech Field day have teamed up to host one specifically focused on wireless technologies. I was selected as a delegate and look very forward to my first Field Day. I think the list of presenters is being firmed up but I'm glad to hear about the ones that are lined up! Details on the event are at:

Looking forward to meeting Stephen Foskett and hanging with wireless powerhouses like @jenniferlucille and @MarcusBurton among all of the other delegates that have confirmed.

3502 surveying

So, rumor has it, if you put your 3502 in H-REAP mode, and statically assign your IP address and your default-gateway as your static host IP address, you can survey. Need to try this when I get back to civilization in January. I expect this will require some sort of loopback slug and a POE pass-through. Gonna have to bust out the crimpers! :)

Monday, October 25, 2010

New H-REAP 'feature' in WLC 7.0 code

This just in from:

When a Hybrid REAP access point enters into a standalone mode, the following occurs:

The access point checks whether it is able to reach the default gateway via ARP. If so, it will continue to try and reach the controller.

If the access point fails to establish the ARP, the following will occur.

The access point attempts to discover for five times and if it still cannot find the controller, it tries to renew the DHCP on the ethernet interface to get a new DHCP IP.

The access point will retry for five times, and if that fails, the access point will renew the IP address of the interface again, this will happen for three attempts.

If the three attemps fail, the access point will fall back to the static IP and will reboot (only if the access point is configured with a static IP).

Reboot is done to remove the possibility of any unknown error the access point configuration.

Once the access point reestablishes a connection with the controller, it disassociates all clients, applies new configuration information from the controller, and reallows client connectivity.

This means no more site surveys with lightweight Access Points running in H-REAP mode since there is no pingable default gateway. AC UPS to power a POE switch? Too bulky and hard to travel with in my book! Looks like we'll be reverting to a 'best guess' survey till some Autonomous code surfaces…

Tuesday, September 21, 2010

Cisco WLC Config Analyzer version 2.2.3

Is available at:

If you use more than one WLC, you need this. Great way to sync configurations, check for common errors, etc. Now displays Persistent Devices from CleanAir Access Points!

Tuesday, September 14, 2010

Cisco launches a low cost 802.11n Access Point

Details on the 1040 can be found at:

Note the following caveats:
Slower CPU so less overall PPS compared to the 1140
2x2 MIMO
No client link
No media stream

Runs on standard POE and available in controller based or standalone. Should be a great alternative for those of you suffering from Aruba-itis. :)

Thursday, September 9, 2010

Cisco announces 4 WLC Vulnerabilities

IKE DoS Vulnerability
HTTP DoS Vulnerability
Privilege Escalation Vulnerabilities
ACL Bypass Vulnerabilities

Details can be found at:

Of interesting note is the recommendation that all non-FIPS 5.x customers migrate to 6.0. Something we all knew anyways, but this is certainly compelling enough reason to get moved sooner rather than later. For most of us, and (.4) are the target code versions.

Tuesday, September 7, 2010

Cisco Rogue Management in a Unified Wireless Network

Great explanation of Rogue Management – especially interesting with the differences in controller models and and Local Mode vs Monitor Mode.

Tuesday, August 31, 2010

WLC is back on CCO

Get it before it gets pulled again! :)
Release notes are at:

And it does indeed include as a resolved caveat:

CSCti21621      Switch CAM table is not updated after L2 roam.

Thursday, August 26, 2010

Cisco's playing games has been pulled from CCO but the release notes from are back up as 'new'.

Wednesday, August 25, 2010

WLC Code is on CCO!

Release notes can be found at:

This of course is the rev that we expect fixes that nasty L2 roam issue. Standard code qualification caveats strongly recommended. :)

Tuesday, August 24, 2010

Why do you configure a controller that way?

So, I was digging on the WLC Config Analyzer (a great tool by itself!) at:

And I stumbled across the list of checks that it does and (more importantly) how it determines that it’s values are ‘preferred’. If you goto:
And scroll down you’ll see the list of the Config Analyzer errors and why it thinks those errors are pertinent (including links to supporting documentation!). If you ever wanted a good solid list of supporting documentation for configuration options, this is the best I’ve seen!

Monday, August 23, 2010

Cisco WLC captured web auth character limitations

Nice to know:

Step 5 If you want the user to be directed to a particular URL (such as the URL for your company) after login,
enter the desired URL (such as in the Redirect URL After Login field. You
can enter up to 254 characters.
Note The controller supports web authentication redirects only to HTTP (HTTP over TCP) servers. It
does not support web authentication redirects to HTTPS (HTTP over SSL) servers.
Step 6 If you want to create your own headline on the login page, enter the desired text in the Headline field.
You can enter up to 127 characters. The default headline is “Welcome to the Cisco wireless network.”
Step 7 If you want to create your own message on the login page, enter the desired text in the Message field.
You can enter up to 2047 characters. The default message is “Cisco is pleased to provide the Wireless
LAN infrastructure for your network. Please login and put your air space to work.”

Of course you can use a web-auth bundle to overcome this limitation but you should keep it in mind if you’re using the built in captured web portal.

AeroScout Exciter firmware notice

This just in from Aeroscout:

EX2000 Exciter Bulletin - Firmware Upgrade Required     

An EX2000 Exciter firmware upgrade is currently required to prevent compatibility issues of certain tags not responding to Exciter

All customers who have EX2000 Excite
rs are required to upgrade the Exciter firmware to DSP223. In addition, if you have Cisco Context Aware Engine for Tags (CLE), you are required to upgrade the CLE to version or above.

Please refer to article #2178 on for complete details. You can also reply to this email or call us at U.S. +1-877-AERO-555 (or +1-650-292-4953), EMEA & APAC +49-302-5555-

Determining the Exciter model can be done by one of the following met
a. The label on the back of the Exciter would say “EX2000” (not “EX2000B”)
b. Open AeroScout System Manager, right-click on the Exciter icon and select “Get Status” from the menu. For the EX2000, the HW version would be

If you have any further questions, please do not hesitate to contact AeroScout Technical Support at:, U.S. +1-877-AERO-555 (or +1-650-292-4953), EMEA & APAC +49-302-5555-094.

Monday, August 16, 2010

Cisco has pulled the release notes for WLC version

Coincidence? Could this be due to the Vocera bug or just an oversight by a webmaster? The code is still available for download and it’s still listed on the AssureWave site (hah!) - just no release notes...

Thursday, August 12, 2010

SQL Injection Vulnerability in Cisco WCS

Cisco Wireless Control System (WCS) contains a SQL injection vulnerability that could allow an authenticated attacker full access to the vulnerable device, including modification of system configuration; create, modify and delete users; or modify the configuration of wireless devices managed by WCS.

This has been fixed in version
More details at:

Sunday, August 8, 2010

Making the Cisco IOS DHCP server useful

Yay for learning! Two of the features that I was under the impression were missing from an IOS based DHCP server are infact present:

1) The ability to ping clients prior to handing out an address:
Router(config)# ip dhcp ping packets 5
Specifies the number of ping packets the DHCP server sends to a pool address before assigning the address to a requesting client.

Router(config)# ip dhcp ping timeout 850
Specifies the amount of time the DHCP server waits for a ping reply from an address pool.

2) The ability to retain a DHCP leases table across reboots:
Router(config)#ip dhcp database flash:router-dhcp write-delay 60 timeout 10
Configure DHCP database location on a physical storage medium, this prevents the router from loosing all of it’s lease data after a reboot. By default, the router maintains the dhcp bindings in NVRAM.

WARNING: Vocera + Cisco Assurewave

Those of you that were getting ready to roll up into WLC release soon may want to reconsider if you’re on a Vocera deployment. I don’t know anything more significant than the below warning from Vocera and am trying to get additional details. If you know of anything specific, please speak up! :)

Vocera Advisory
Vocera is aware of an issue that customers are experiencing after moving to Cisco WLC version 6.0.199 that manifests itself in a substantial increase in difficulty with badge communications to the Vocera Application Server over the network. Badges will display "Searching For Server" or "Searching For AP."
Vocera is working closely with Cisco and its mutual customers on the problem

What this is all about

So, a well-respected colleague of mine suggested that I create a place to put my various tidbits regarding wireless networking since I have a tendency to share them with my co-workers and various other small selected groups. This is that place. I plan to start sending thoughts and comments about the wireless world here as a place I can go to reference past suggestions and links. Primarily this will be regarding Cisco wireless products but occasionally I have something useful to say about RF in general and other related topics. If you find anything I say useful, let me know!