Avaya does Wireless? (MiniBlog)

Yes folks you heard it right.  Avaya enters the Wireless Field head on.

Avaya in my mind has always been a heavy hitter in the VoIP, and Video space for years.  I’m really interested to see what Avaya will bring to the WiFi playground and how they will play with devices  at Wireless Field Day 7

My fellow #WFD7 delegate  Jennifer Huber also commented on this at Excited to hear Avaya present at Wireless Field Day 7!

 

-WirelessStew

 

Cisco releases new WLC UI, Changes default values (finally)

My buddy Sam never rests, even blogs while having some downtime…

SC-WiFi

Cisco released WLC code version 7.6.120.0 which brings with it (among other things) a new User Interface for the 2504 WLC. When you use the new simplified setup, it also changes many of the default values that haven’t yet been enabled by default in the base code. The new default values are:

Aironet IE: Disabled
DHCP Address Assignment (Guest SSID): Enabled
Client Band Select: Enabled
Local HTTP and DHCP Profiling: Enabled
Guest ACL: Applied
CleanAir: Enabled
Event Driven RRM: Enabled
Event Driven RRM Sensitivity, 2.4GHz: Low
Event Driven RRM Sensitivity, 5GHz: Medium
Channel Bonding, 5GHz: Enabled
DCA Channel Width: 40MHz
mDNS Global Snooping: Enabled
Default mDNS profile: Add better printer support, Add HTTP
AVC (no Control, only Visibility): Enabled*
Management via Wireless Clients: Enabled
HTTP/HTTPS Access: Enabled
WebAuth Secure Web: Enabled
Virtual IP Address: 192.0.2.1
Multicast Address: Not configured
Mobility Domain Name: Name of employee SSID
RF Group Name: Default

View original post 123 more words

Cisco Security Advisory OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products

UPDATED

Cisco Security Advisory OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products

heartbleed

OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products

To my fellow mobility folks out there, Cisco has released the list of affected products of the Heatbeat Bug.   My suggestion is to keep an eye on this link for changes in software / appliance vulnerability status.   As a highlight Cisco Prime Infrastructure, Cisco Identity Services Engine (ISE) NOW SAFE . However IOS XE software is on the hotlist.

Note: even though Cisco WLC’s, MSE’s are listed ok please make sure your code is up to date for other known PSIRT advisories.

As reminder, always follow best practices and keep an eye on your PSIRT notices for all your devices.

Vulnerable Products
The following Cisco products are affected by this vulnerability:

  • The following Cisco products are affected by this vulnerability:
    • Cisco Mobility Service Engine (MSE) [CSCuo20622]
    • Cisco AnyConnect Secure Mobility Client for iOS [CSCuo17488]
    • Cisco ASA CX Context-Aware Security [CSCuo24523]
    • Cisco Desktop Collaboration Experience DX650 [CSCuo16892]
    • Cisco IOS XE [CSCuo19730]
    • Cisco IP Video Phone E20 [CSCuo26699]
    • Cisco MS200X Ethernet Access Switch [CSCuo18736]
    • Cisco Nexus 1000V InterCloud [CSCuo18287]
    • Cisco Security Manager [CSCuo19265]
    • Cisco TelePresence Conductor [CSCuo20306]
    • Cisco TelePresence EX Series [CSCuo26378]
    • Cisco Telepresence Integrator C Series [CSCuo26378]
    • Cisco TelePresence IP Gateway Series [CSCuo21597]
    • Cisco TelePresence ISDN GW 3241 [CSCuo21486]
    • Cisco TelePresence ISDN GW MSE 8321 [CSCuo21486]
    • Cisco TelePresence ISDN Link [CSCuo26686]
    • Cisco TelePresence MX Series [CSCuo26378]
    • Cisco TelePresence Profile Series [CSCuo26378]
    • Cisco TelePresence Serial Gateway Series [CSCuo21535]
    • Cisco TelePresence Server 8710, 7010 [CSCuo21468]
    • Cisco TelePresence Server on Multiparty Media 310, 320 [CSCuo21468]
    • Cisco TelePresence Server on Virtual Machine [CSCuo21468]
    • Cisco TelePresence Supervisor MSE 8050 [CSCuo21584]
    • Cisco TelePresence SX Series [CSCuo26378]
    • Cisco TelePresence Video Communication Server (VCS) [CSCuo16472]
    • Cisco Unified 7800 series IP Phones [CSCuo16987]
    • Cisco Unified 8961 IP Phone [CSCuo16938]
    • Cisco Unified 9951 IP Phone [CSCuo16938]
    • Cisco Unified 9971 IP Phone [CSCuo16938]
    • Cisco Unified Communications Manager (UCM) 10.0 [CSCuo17440]
    • Cisco Unified Presence Server (CUPS)[CSCuo21298], [CSCuo21289]
    • Cisco Universal Small Cell 5000 Series running V3.4.2.x software [CSCuo22301]
    • Cisco Universal Small Cell 7000 Series running V3.4.2.x software [CSCuo22301]
    • Cisco WebEx Meetings Server versions 2.x [CSCuo17528]
    • FireAMP Private Cloud virtual appliance
    • Small Cell factory recovery root filesystem V2.99.4 or later [CSCuo22358]

    Other Cisco products may be affected by this vulnerability. The list of affected products will be updated as the investigation continues.

Other Cisco products may be affected by this vulnerability. The list of affected products will be updated as the investigation continues.

Products Confirmed Not Vulnerable

The following Cisco products have been analyzed and are not affected by this vulnerability:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

Cisco Security Advisory OpenSSL Heartbeat Extension Vulnerability in Multiple Cisco Products

Disclaimer:  Please use the link above for an updated list.

 

 

Cisco Live #CLUS14 Wishing I could attend..

Cisco Live #CLUS14 Wishing I could attend…

Image

First off we have to take a trip back in time to the year 2009 June 27th San Francisco.

After years of following E_C (Everything Cisco) I had the opportunity for the first time to attend a Cisco Live event.  To top it off it was the 20th! with over 13,000 attendees.  I was so excited and overwhelmed by all of the great gathering of tech geeks like myself at one big event.  From the cool bag (which I still use today) Cisco Live t-shirt, cool training, meet the engineer, the Devo plastic hat, and the customer event at Treasure Island it was the event of the year.

ImageI got to meet some really cool people at the event like non other than my two favourite @TechwiseTV Cisco idols @JimmyRay_Purser and @Robbboyd.  Meeting the guys in person from TechwiseTV was a real turning point in my career.. no seriously it really was.   The show originally aired 2006 and I was hooked.   For someone that was just getting into real enterprise networks, this show is for you.   Jimmy and Robb could make complicated configurations easier to understand,  understanding FUD with the Fundamentals and Networking 101.

What I didn’t know at the time, is that Robb and Jimmy were very clever in the show delivery.   Each episode helped me become a guy that understood geek better and at the same time gave me an additional gift of technical sales!  Yes, thats right they created a new Stew.  One that could assimilate understand new technology and be able to disseminate that to a client.

Image

The turning point @CLUS:  TechwiseTV changed my career path at Cisco Live 2009. Yes you guested it, to a Wireless Path.  The theme of the event “Knowledge is Power” I assimilated as much wireless as possible.  To this day I keep in contact with both Robb and Jimmy Ray and if I’m ever in San Jose I drop in to say hello in the studio.

I did however get to meet the big man at the show John Chambers,  After his opening keynote speech I had a rare chance to meet him in person but left the camera back at the hotel ( did get his business card though ).  What I do remember the most is he personally invited me to make sure I return.  And each year I tried to save to return on my own.  This year I was really hoping to make it for the 25th CLUS but sadly I cannot. Sorry John, I will try again next year.

Since 2009 I have not been able to return to a Cisco Live event, mostly in part by work commitments and not my turn to attend.   I was very fortunate to have have my first and only ticket provided by the Cisco Partner I was working for at the time.  Being a independent contractor, its sometimes hard to come up with the funds for certain events.

Yes, Cisco live is worth its weight in gold for any tech geek.  If your employer is nice enough to fund this event for you,  be very appreciative and don’t turn it down.   I my opinion employers, Cisco Partners should send their people to a CiscoLive event each year,  the returns are huge..

To register for Cisco Live 2014 in San Francisco.  http://www.ciscolive.com/us/

@WirelessStew

Aruba forces customers into Cloud: Offers no way out

Awesome work by my friend Sam. Its detail work like this that makes us Wifi folks make a difference in the community

SC-WiFi

Authors note: Aruba has addressed this satisfactorily by removing the offending release of code. Further details are available in the comments section of the post below. This header was added as a post-script to the original blog which remains below for posterity. Well done Aruba.

Software updates are a matter of life. Developers and coders aren’t perfect, bugs need to be fixed, new features need to be rolled out, new hardware needs to be supported. As networking professionals, we’ve come to terms with the sometimes continual churn that patch vehicles have enabled – the Internet as a distribution mechanism has made it commonplace for manufactures to ship incomplete features or functionality under the guise of ‘by the time you complain about it, we’ll have a download ready to fix it”. They all do it. We all consume it.

Sometimes a manufacturer does something so egregious and underhandedly reprehensible that it…

View original post 648 more words

MSE Licensing Gotchas

Make sure you order the right Licensing PAK’s quantities for your Mobility Services Engine based on software and platform release.

MSE3-550x345

Since the recent release of the free Mobility Services Engine (MSE) Base AP Licenses in late 2013.  Mobility folks including myself,  jumped at the promotion to max out the base licenses per MSE.  What a great opportunity to get your customer introduced to the Cisco Mobility Engine and all of its cool features including WiPS and CMX (Connected Mobile Experience).

Special Thanks
Before we continue, I would like to give a great big “Hats” off to the folks at the ENG (aka WNBU for us legacy crowd) for making this happen.  This promotion only last until April 2014.  My wish is that they keep this running permanently.

Now for the meat and potatoes:
As you read further on, keep in mind that the NEW MSE Licensing scheme is now based on AP’s (Access Points){which can be used with Cisco Prime Infrastructure 1.4 and 2.0} instead of the traditional CAS (Contextual Aware Service). This only becomes enforceable until the release of MSE version 8.x.  So don’t worry about your existing CAS licensing on earlier Prime/MSE platforms,  they will be auto converted to AP licences once you move to Prime 1.4+.  Confused yet?  Don’t worry I will try to explain.

There are a few things you need to be aware of when it comes to licensing an MSE per release version.  The first thing you need to do is check out the Mobility page on Cisco.com  Take a close look at the MSE Product Specifications limitations based on platform.

MSE-Lic

Wow those numbers are excellent. Especially for the MSE 3355 physical appliance where you can license up to 2500 Base Location Licences.

Here are the gotcha’s
Be aware that the data sheet does not mention what code you should be running, so we have to assume its the latest release.  But as you and I know we can not always upgrade our code beyond what Prime Infrastructure Supports for obvious SLA reasons. (which is being worked on by the PI folks).

Cisco Prime Infrastructure 2.0 Compatibility matrix reference.

Cisco-PI-matrix

I have highlighted the supported AP licence count based on version of MSE platform.  What this means is when you go to apply the actual L-MSE-PAK’s in Prime you will have to engage Cisco TAC Licensing to either break up the PAKs into 500’s to be able to import into 7.4 x to 7.4.121.0.

Another alternative is when ordering your MSE License PAK’s, work with your Cisco Partner to make sure that the PRO-L-LS-1000AP is broken up into separate line items or PAK’s as this will at least help you make your adding of licensing less painful.

Example
L-MSE-PAK’s
PRO-L-LS-1000AP  QTY 3 = 3000 AP LIC cannot be added to MSE when it supports 500 AP’s based on certain versions of code.

Below is a breakdown of MSE release notes based on version

7.4.100.0
http://www.cisco.com/en/US/docs/wireless/mse/3350/release/notes/mse7_4_100_0.html#wp1247250

Cisco MSE 3355 supports up to 500 access points for Cisco MSE Location Services or Advanced Location Services. The Cisco MSE virtual appliance supports up to 1,000 access points, depending on the server resources.  There is no change to endpoint support and MSE 3355 supports 25,000 and high-end virtual alliance supports 50000.

7.4.121.0
http://www.cisco.com/en/US/docs/wireless/mse/3350/release/notes/mse_7_4_121_0.html#wp1259797

Cisco MSE 3355 supports up to 500 access points for Cisco MSE Location Services or Advanced Location Services.  Cisco MSE virtual appliance supports up to 1,000 access points, depending on the server resources.  There is no change to endpoint support and MSE 3355 supports 25,000 and high-end virtual alliance supports 50000.

7.5.102.101
http://www.cisco.com/en/US/docs/wireless/mse/3350/release/notes/mse7_5_102_101.html#wp1247250

Cisco MSE 3355 supports up to 2,500 access points for Base Location/CMX or 5000 access points for wIPS.  Cisco MSE virtual appliance supports up to 5,000 access points, depending on the server resources for Base Location/CMX or 10,000 access points for wIPS. All licenses are additive. The new scaling numbers for Base Location and CMX licenses are as follows:

–For Low End VA—200APS
–For 3355 MSE and Standard VA—2500APS
–For High End VA—5000APS
There is no change to endpoint support and MSE 3355 supports 25,000 endpoints and high end virtual appliance supports 50000.

7.6.100.0
http://www.cisco.com/en/US/docs/wireless/mse/3350/release/notes/mse7_6_100_0.html#wp1329798

Cisco MSE 3355 supports up to 2,500 access points for Base Location/CMX or 6000 access points for wIPS.  Cisco MSE virtual appliance supports up to 5,000 access points, depending on the server resources for Base Location/CMX or 10,000 access points for wIPS. All licenses are additive. The new scaling numbers for Base Location and CMX licenses are as follows:

–For Low End VA—200APs. Low end VA does not support CMX licenses.
–For 3355 MSE and Standard VA—2500APs
–For High End VA—5000APs
There is no change to endpoint support and MSE 3355 supports 25,000 endpoints and high-end virtual appliance supports 50000.

Shameless Plugs

techwisetv

If you need a refresher on what the Cisco MSE does, look no further than the Geeks You Can Trust @TechwiseTV @Robbboyd on the Fundamentals of the Mobility Services Engine on http://youtu.be/OJ21P6VQxB4 and @JimmyRay_Purser  In the Lab: Deploying the Mobility Services Engine http://youtu.be/XFUiTD3SLpM

NSA_Logo_Graphic

And last but not least, don’t forget to check out a two other Wireless Guru’s, Blake Krone and Sam Clements on the @NSAShow   E17 – Enhancing Your Wireless With A MSE

Disclaimer:  I was not approached or offered any endorsement for this post.  This is just something I wanted to share because I like things without wires.  Also I couldn’t find it on google.

@WirelessStew

New FUS (Field Upgrade Software Release 1.9.0.0) For Cisco Wireless LAN…

Link to the release notes:
Release Notes for Cisco Wireless LAN Controller Field Upgrade Software for Release 1.9.0.0

Folks remember don’t rush out to apply the new FUS right away if you are already running FUS1.7.0.0 for WLC5508, WISM2’s and FUS1.8.0 for WLC2504 controllers that are running code that’s below 7.4x. If you plan to upgrade to the new FUS it should be done prior to upgrading to 7.6x+ software release. But if have already moved to 7.6, don’t worry you can still apply it.

Also be advised that upgrading the FUS will require an outage that could take some time.  So plan ahead!

HISTORY of : FUS 1.7.0.0 and 1.8.0.0 was highly recommended for 7.3.x software releases and above. (From my own experience, you should have already has those applied)

As you will see in the release notes they miss the mention of the 1.8.0.0 FUS. I have filled in the blanks. Since you absolutely needed the FUS1.8.0.0 for WLC 2500 controller when running software release 7.4+

When running FUS1.7.0.0 on WLC5508,WiSM2 and moving to 1.9.0.0
Field Recovery Image is upgraded from 7.0.112.21 to 7.6.101.1

When running FUS1.8.0.0 on WLC2504 and moving to 1.9.0.0
Field Recovery Image is upgraded from 7.4.1.30 to 7.6.101.1

@WirelessStew

Follow UP Blog   Thinks to keep in mind when upgrading Cisco FUS (Field Upgrade Software) for a Wireless LAN Controller