msgbartop
msgbarbottom

10 Dec 12 Sprint 4G LTE Coverage Nashville, TN

Sprint 4G LTE Coverage in Nashville, TN

I bought a Sprint 4G LTE phone back in June because I was interested in Sprints Unlimited 4G LTE Plan. I was told that Sprint 4G LTE should be available by Auguest 2012 in Nashville, TN area. Well I knew for certain that there is no way Sprint will be able to complete that mark as the providers and ISP’s never do. I figured September, October might be the months. November came, and then December and no coverage. They said that they did some capacity upgrades in the area for 3G Coverage well that made even the 3G Coverage worst. Any ways so today I was sitting at work in Brentwood, TN and happen to look at my phone because the message light was flashing and all of a sudden I realize it said towards the top it said 4G. I was kinda surprised and thought it must be a mistake, something is probably wrong with the phone.

I proceeded to Sprints Website to check out the Sprint 4G LTE coverage and the I got the results below:

From the screen shot you can see that it does not show that there is 4G LTE coverage yet available in Nashville, TN area. However when I tested my speed I got pretty nice 4G LTE speeds. So I believe Sprint finally have SOME 4G LTE coverage in Nashville, TN area. Perhaps Sprints’ horrible 3G Speeds was related with the Sprints’ 4G LTE turn on or perhaps not important thing is that we (Sprint users) finally have some Sprint 4G LTE in Nashville area. I know even though it is still not like Verizon’s 4G LTE coverage but I am still excited. Finally us Sprint users can taste Sprints 4G LTE Coverage and hopefully Sprint will complete our great City Nashville and surrounding areas for 4G LTE Coverage.

If you are a Sprint user please feel free to share the areas you get Sprint 4G LTE Signal :). Image from my speed tests:

Tags: , , , , , , , ,

25 Apr 12 Renew 3rd party Certificate on Cisco WLC 5508

How to renew and upload the third party Certificate on Cisco WLC 5508 for Web Authentication

If you need to generate a CSR Certificate Signing Request for Third Party Certificate and then load it up on your Cisco Wireless LAN Controller 5508. This is a pretty good guide and I used it myself to load the very first one. . Now this is all good however what happens once this certificate expires and you get it renewed and now you have to reload it. I wasn’t able to get specific information about it right away so hopefully this post will not only help me in future but also others :).

First and most important thing is, “hopefully you saved your private key” from when you initially setup your certificate. Because if you do have it then you do not have to start the whole process again. I save everything so I simply located my private key for the Cisco WLC 5508 and did the following: Note: This applies to Verisign which is what we use

  • So first I got the renewed Verisign Certificate and got hold of my old vs.pem file that I used initially
  • Next I replaced the old Verisign Certificate lines with the new ones and saved it This is the key step I guess
  • Now I took vs.pem and myprivatekey.pem files put them in the c:\openssl\bin folder
  • From the command prompt I changed to that folder and typed openssl
  • Next I used the following two commands:
  • pkcs12 -export -in vs.pem -inkey myprivatekey.pem -out vscert.p12 -clcerts -passin pass:12345 -passout pass:12345

    pkcs12 -in vscert.p12 -out vscert.pem -passin pass:12345 -passout pass:12345

  • So now I had the vscert.pem file just like before that I can load on the Cisco WLC 5508
  • Now get the Cisco WLC 5508 ready and load the new cert
  • I ran the following commands on the Cisco 5508 WLC:

    ** transfer download mode tftp
    ** transfer download datatype webauthcert
    ** transfer download serverip x.x.x.x
    ** transfer download path ./(I just typed that as my TFTP folder resides on the C:\TFTP)
    ** transfer download filename vscert.pem
    ** transfer download certpassword 12345
    ** Setting password to 12345
    ** transfer download certpassword 12345
    ** Setting password to 12345

  • Now Cisco WLC 5508 is ready to get the renewed Verisign Cert for the web authentication
  • Type the following command to start the process: transfer download start
  • You will see the screen like below, once it is done, just SAVE the config and reset the 5508 Wireless LAN Controller. New Verisign Certificate will take over

Note: These are the steps that I took to renew and then upload the renewed certificate from Verisign on Cisco 5508 WLC. Use this as a reference, always backup your configurations, do some research if you are not certain, don’t do something that you can’t undo 🙂

Tags: , ,

21 Apr 12 Cisco LWAP to Autonomous Conversion

Convert Cisco LWAP to Autnomous (Stand Alone)

It is a pretty straight forward process just like converting Autonomous to LWAP. Main difference is the IOS Image for Autonomous vs LWAP. Usually you’ll see k9w7 in the Cisco autonomous AP images and in case of Cisco LWAP you will see rcvk9w8. Note: Always confirm and make sure that you download the correct IOS image from the Cisco’s website regardless what you find on the web, just in case they decide to change their naming convention/scheme etc.

Ok now to accomplish this task enable command line access on the LWAP. Log into it and run the following command:

“archive download-sw /override /reload tftp://x.x.x.x/filename”

x.x.x.x is the IP of your TFTP server. This command will load the new software on the LWAP and then reload the AP with the Autonomous image

Tags: , ,

17 Oct 11 Upgrade Autonomous to LWAP – Cisco Access Points via CLI

Previously I described how to upgrade the Cisco 1142 Autonomous Access Points to Light Weight via the Web GUI. Now this next method is achieving the same via Command Line. It is pretty simple to do it via web however I noticed that it is much easier and faster to upgrade from Autonomous to Light Weight via command line. Below are the steps:

  • First I put the Cisco Access Points (Autonomous) on the wireless VLAN
  • Once they grabbed an IP address, I telnet into the Cisco Autonomous Access Point with the default credentials, usually they are UserName: Cisco, Password: Cisco, [Enable: Cisco]
  • Next I confirmed that I have a TFTP server running on my laptop and the following file c1140-rcvk9w8-tar.124-21a.JA2.tar is present in my TFTP Folder
  • Next I ran the following command, “archive download-sw /overwrite /reload tftp://190.25.5.71/c1140-rcvk9w8-tar.124-21a.JA2.tar”
  • I am adding a screen shot of what happened after I ran the command. Once the command is run rest of the process is automatic. After the upload AP will reboot itself and will use the new LWAP image

Tags: , ,

17 Jun 11 Cisco WLC 5508 keeping web auth persistent

How would you keep client’s web authentication persistent even after client gets disconnected or de authenticated?

Device: Cisco WLC 5508

Code: 7.0.116.0

Recently after setting up the Wireless Network and Web Authentication Redirect option on a Cisco Wireless LAN controller – 5508 I had an issue where after approximately an hour mobile clients specially mobile phones would disconnect and they would have to go through the Web Authentication Redirect page again and again. This was very annoying. Basically on Cisco WLC 5508 webauth devices timeout and they would have to re authenticate.

After doing lots of research and trying to change the time out settings under User Idle Timeout, ARP timeout, Session timeout nothing worked. Finally after working with Cisco TAC and doing a debug on the client “debug client mac-id. I noticed that after an hour WLC sends the new EAP key to the client.

Updated broadcast key sent to mobile 00:23:76:D5:68:61

Cisco WLC 5508 tries this 3 times and after the 3rd time it gives up and considers the client not active any more and sends a de authentication packet, next Cisco WLC 5508 removes the client completely. Hence why when the client comes back they have to go through the Web Authentication Redirect Page again because key they have is old and is not valid any more.

Retransmit failure for EAPOL-Key M5 to mobile mac-id, retransmit count 3, mscb deauth count 0
Sent Deauthenticate to mobile on BSSID ap-mac-id slot 0(caller 1x_ptsm.c:534)
*apfReceiveTask: Jun 16 10:47:30.960: client-mac client-ip RUN (20) Deleted mobile LWAPP rule on AP [ap-mac]

Solution

Solution is to increase the broadcast key time interval. I used the following command to accomplish this. PS: This option was not available in the GUI with the code I am using so the only way for me to do it was via the Cisco WLC 5508 Command Line Interface, this applies globally to all the WLAN’s as of this code:
config advanced eap bcast-key-interval seconds (120 to 86400)

Tags: , ,

13 May 11 OpenSSL on Windows 7

Windows 7 Open SSL

Update:So I got some questions from people about the files to download and use in order to install Open SSL on Windows 7. There are three sources I found when I was looking for it:

How to get OpenSSL to work on Windows 7 64bit? Recently working on my wireless project I had to load a third party valid SSL Certificate for the guest web authentication to work. Now in order to do that first step is to generate a CSR – Certificate Signing Request. Cisco WLC does not generate it, so you have to do it and then submit it to a third party such as Verisign or Entrust etc. I downloaded Open SSL for Windows 7 from the source I mentioned above. It is available for Windows as well as Linux, you can use which ever source you prefer. Since I am running Windows 7 64bit on my laptop I downloaded the appropriate version (Make sure you download the zip file for Windows 7 64bit), once you unzip it there is nothing to install simply move the “OpenSSL” folder to your C: Drive.

Next open up your command prompt and follow these steps:

  • Change directory to the OpenSSL foler and then switch to the bin folder
  • Now type openssl.exe and it will put you at openssl prompt
  • Next you will use the following command to start the process, “req -new -newkey rsa:1024 -nodes -keyout mykey.pem -out myreq.pem”
  • Now if you get the following error message which I got, “can’t find openssl.cnf” file”, that means you just need to specify the path to the openssl.cnf file.
  • So here is what you will type with the path to openssl.cnf, “req -new -newkey rsa:1024 -nodes -config c:\openssl\openssl.cnf -keyout mykey.pem -out myreq.pem”
  • Now just follow the prompts to finish generating your CSR – Certificate Signing Request

Tags: , , , , , ,

29 Apr 11 Upgrading Cisco 1142 AP’s to LWAP the easy way

Recently I have been working on the wireless project at work and after deploying the Cisco 5508 Wireless LAN Controller I started to deploy the Cisco 1142 Access Points. These access points were autonomous and needed an upgrade to LWAP image, c1140-rcvk9w8-tar.124-21a.JA2.tar.

Once the AP’s came online and grabbed an IP address from the DHCP server I followed some simple steps:

  • Logged into the 1142 AP’s via web (IE)
  • Make sure your pop up blockers are turned off
  • Navigated to “Software Upgrade” menu options
  • Click on “Browse” navigate to the c1140-rcvk9w8-tar.124-21a.JA2.tar image and then click on the “Upgrade” button
  • You will see 3 pop ups come up one with the timer while the new LWAP IOS gets loaded
  • Give it approximately 3 to 4 min and you are good to go, next in a min or so you will see this Access Point joining the Cisco Wireless LAN Controller

Note: I’m simply explaining my experience converting Cisco 1142 Access Points from autonomous to Light Weight Access Points. You might choose your own path or do things different way, if you follow my instructions please do so at your own risk, always make sure to use the lab before doing anything in production

Tags: , ,

22 Apr 11 UPDATE-3-UNTAR_CMD_FAIL: updcode.c:2832 Error during untar of webauth bundle. Tar returned 256

Recently I had an issue where I was trying to upload a customized web authentication page on Cisco 5508 WLC and it kept giving me the following error ” %UPDATE-3-UNTAR_CMD_FAIL: updcode.c:2832 Error during untar of webauth bundle. Tar returned 256″. I am running software version 7.0.98.0 on the Cisco 5508 wireless LAN controller. After some digging I found out that apparently there is a bug in this software version and if you tar the files on any windows based system and try to upload Cisco 5508 Wireless LAN Controller can not extract them and will give you the error, “%UPDATE-3-UNTAR_CMD_FAIL: updcode.c:2832 Error during untar of webauth bundle. Tar returned 256”.

To resolve this issue is to actually tar those files on a Unix or Linux system and then upload them to the Cisco 5508 Wireless LAN Controller and then it was able to easily extract the tar file. Now I don’t know if this will work for every one but for me this solution worked.

Update: I also found out that I can use a windows based free utility to accomplish it and it works. I used a utility called IZArc to tar the files and then upload them and it was successful

Tags: , ,

05 Jun 10 Improving WiFi Performance

I have recently started to study for my CWNA and I will be posting some articles, tips, tricks, some explanations on my blog from my personal experience, research and study. Please feel free to comment, I always welcome positive criticism. If any of my work helps you in any way, I’ll be happy about that. If you have something to add here please do let me know. Lets help each other out. cheers

Fragmentation

Weather it is “a/b/g/n” fragmentation and RTS/CTS settings are important to maximize and improve the Wireless connectivity. If there are collisions on the network and there are performance issues fragmentation can actually improve the performance. As we all know that WiFi is a shared medium. So if the packet size is smaller that will lead to less collisions because AP’s can process smaller packets faster as compared to larger packets and time slots to process packets from multiple clients will be smaller hence leading to less collisions. Key thing to remember here is since the packet size is smaller it is more likely that the whole packet is processed before the next transmission came through, which means there is was no collision and no re transmission of frames is needed. However keep in mind that as long as the collisions are not happening that rapidly and they are very low on a scale of 1 to 10, lets just say they are 0.5 (approximately) there is no need to change the settings.

RTS/CTS (Hidden Node)

In general a wireless client is considered a hidden node if it can see the AP but none of the other clients can see it and realize when it is transmitting. Please take a quick look at the attached PDF. As you can see that Client 3 is able to barely communicate with the AP however it is unable to see Client 1 and 2 and vice versa. Therefore if “Client 1 and 2” transmit or “Client 3” transmit they will not know about that transmission hence each one of them will try to transmit at the same time leading to collisions.

Hidden Node Issue

This is where RTS/CTS (Request to send/Clear to Send) comes in handy. With RTS/CTS Client 3 will send RTS frame to the AP and if there is another transmission going on, AP will notify Client 3 not to send data yet sending a CTS frame which will include the time value telling Client 3 to hold off from transmitting. End result, collision will be avoided. RTS/CTS does increase the overhead as there are more RTS/CTS frames so it is critical to only implement it and change settings (lower settings) when its really needed.

RTS/CTS (Hidden AP)

Secondly we have another scenario to deal with “hidden AP” problem. No matter what you do you will have this problem as you can not control the Wireless Signal perfectly. Please take a look at the attached PDF for a quick overview:

Hidden AP issue

As you can see from the picture that the two AP’s aren’t able to see each other even though their signal overlaps because they are to far away. Now imagine if “AP1” transmits to “Station 2” and at the same time “AP2” transmits to “Station 4”. Since neither of the AP’s can see each other and know that there is already a transmission in place data coming from “AP1” to “station 2” will collide with the data from “AP2” to “station 4” (remember when the signal gets transmitted from the AP it gets transmitted in all directions) and there will be a collision.

With proper “RTS/CTS” and fragmentation settings in place this can be avoided. How? Lets see:

  • AP1 sends an RTS packet to st2
  • st2 sends an RTS packet to st4
  • st4 replies with a CTS to st2 (tells st2 that I am transmitting to AP2)
  • st2 sends a CTS packet to AP1 (tells AP1 that wireless medium is not clear)

I really believe that doing at least a hybrid site survey is a good idea and choosing the right equipment is very important for a reliable wireless deployment. Check out the video below, it is an excellent video explaining everything clearly. Thanks to this video I was able to grasp the concept of RTS/CTS, hidden node and AP clearly.

Tags: , , , , ,

WordPress SEO