Wi-Fi: Access Layer of the Future?

Is Wi-Fi the access layer of the future? Of course it is! As network professionals we all know that outside of the traditional enterprise, it’s the access layer of the now. But when will the traditional enterprise take advantage of it?

Read the rest of this post over at the Aruba Airheads Community: Wi-Fi: Access Layer of the Future?

In Need of Focus


Image courtesy Ryan Ritchie via flickr

I like spending time with my family and being involved at church. I like certification exams. I like studying and learning new things. I like HAM radio, blogging, and photography. I like keeping up with the Marvel movies and TV shows. That’s just a few of the things I like. Specific technologies I like include Wi-Fi, Routing & Switching (R&S), Data Center, Virtualization and other topics directly and tangentially connected to networking topics. You know what? I like too many things.

Reality Check

I’ve recently come to realize that I’m trying to do too much and I have finite time. I’m trying to keep up with way too many technologies. It’s just not possible to keep current on everything. I have decided that I need to cut a few things out, or at least minimize them. Obviously church and family can’t be cut, so I have to start cutting out other things. Like watching TV. Deciding that Data Center stuff really isn’t that important to me and that it’s okay that I only know what I need to do my job. Realizing that R&S really isn’t my focus, even though I like it. That I don’t need to be a VMware expert. I like all these topics and will continue to learn about them through the course of my work, but I’m never going to be the expert that I want to be if I can’t narrow my focus.

Let It Go

To narrow my focus, it’s time to let some of my interests go. Time to allow them to be things I am aware of, but not actively pursuing. Virtualization, Data Center, and SDN can no longer be topics of study. I’ll learn what I need to know as projects demand it, but I will not seek out knowledge in these spaces. I work more with R&S and will keep a bit more current with that, but it still won’t be my focus. Practically, this means actively reducing inputs. I need to unsubscribe from some blogs and podcasts. I need to use my VCP5 exam voucher and regardless of pass or fail, just walk away. If I unfollow you on twitter, I apologize; you’ve been moved out of my main timeline and into a list.

Wi-Fi or Bust

I’m putting the bulk of my time that can be devoted to studying, learning, and generally keeping current, into the realm of Wi-Fi. There is also sort of a vague tie in to HAM radio, which is a bonus. Wi-Fi is taking up more and more of my time at the office. The problems are interesting and RF is a topic I’m passionate about (see also, HAM radio). Wi-Fi, as an industry, has a lot going on and it is the future of the access layer. I like Wi-Fi and have more interest in it than with anything else, so it’s Wi-Fi or bust.

Niggling things to get in my way include my CCNP R&S, which is due for recertification. I need to pass a CCNP level exam, but I haven’t decided for sure what I’m going to do. I’m torn between an exam towards CCNP Wireless, the ARCH exam (which would grant the CCDP), or just taking TSHOOT to get the recert out of the way. What I really want to be studying right now is the CWNA, so I’m leaning towards TSHOOT just to remove that pressure…

Thick or Thin

I say all this publicly for two reasons. First, it is easier to follow through with a commitment when you state it for everyone to see. It makes the commitment real and peer pressure (even if it’s just imagined) is a powerful force. Secondly, I say this in the hopes that you might start thinking about how you spend your own study time. Are you spreading it thinly over a wide swath of topics or thickly on something you are really passionate about? I can tell you that spreading it thin is unsatisfying. Focusing has more reward, even though you have to leave some things behind. Find what you are passionate about and chase it. I promise it’ll be worth it.


The Unofficial #WLPC Twitter Attendee List

Jennifer Lucille (@JenniferLucille) wondered if there was a list of Twitter peeps who were attending the Wireless LAN Professionals Conference in Dallas next week. There wasn’t, so I made one. Send me a tweet (@scottm32768) if you want to be added. I’ve also added links to blogs.


Name Twitter Handle Blog
Ryan Adzima @radzima techvangelist.net
Devin Akin @DevinAkin divdyn.net/blog
Mike Albano @mike_albano mikealbano.com
Lee Badman @wirednot wirednot.wordpress.com
Taylor Bell @taylorbell
Shaun Bender @welles
Alan Blake @papageordy
Nigel Bowden @WifiNigel wifinigel.blogspot.com
Geert Braakhekke @Easi123
Carter J. Burke @cjburke90
Andrew Campbell @WiFiAndrew www.ekahau.com/wifidesign/blog
Germán Capdehourat @GerCapde
Justin Cetko @Justinskyline
Hemant Chaskar @CHemantC
Sam Clements @samuel_clements sc-wifi.com
Charlie Clemmer @CharlieClemmer www.charlieclemmer.com
Trent Cutler @firemywires
Darrel DeRosia @Darrell_DeRosia
Joeri De Winter @joeri_skyline
Brian J. Dixon @brianjdixon
Peter Paul Engelen @PPJM_Engelen
Robert Eubanks @EubanksRob
Kristijan Fabina @kfabina
Eddie Forero @HeyEddie www.wifirepublic.org/blog and bad-fi.com
Ville Franck @VilleFranck
Kevin Franzen @WiFivomFranMan
Ben Freedman (PrimeImage Media) @primeimagevideo Recorded the session videos and did the pictures. primeimagemedia.com
James Garringer @jamesgarringer
Adrian Granados @adriangranados www.adriangranados.com/blog
Jared Griffith @Cinergywifi
Chad Hendrix @chadhendrix22
Joe Hillis (ITDRC) @ITDRC
Sean Hogston @shogston
Paul Holmgren @Paul_Holmgren
Rich Horsley @realrichhorsley
Keith Howe @krhowe
Jennifer Huber @JenniferLucille jenniferlucille.com
Will Jones @wjcomms www.wjcomms.co.uk
Zaib Kaleem @WLANBook wlanbook.com
Veli-Pekka Ketonen @VPonwireless
Jussi Kiviniemi @jussikiviniemi www.ekahau.com/wifidesign/blog
Alan Klein @YFiAlan
Blake Krone @blakekrone blakekrone.com/blog
Mike Leibovitz @MikeLeibovitz ontheflywifi.net
Chris Lyttle @wifikiwi www.wifikiwi.com
Brian Long @blong1
Robert Maltaric @rmaltaric
Scott McDermott @scottm32768 www.mostlynetworks.com
Richard McIntosh @ciscotophat ciscotophat.wordpress.com
Dan Miller @danmiller
Bhupinder Misra @b_misra
Stephen Montgomery @StevieWireless
Shaun Neal @sv_neal blog.svneal.com
Kyle Nielsen @nielsenk12
Herr Nilsson @HerrNilsson2
Jerry Olla @jolla
Keith R. Parsons @KeithRParsons WirelessLANProfessionals.com
Chris Petroff @chris_petroff
Travis Phipps @tlphipps
Anthony Poli @polia1911
Craig Rash @CraigRash
Tim Ritterbush @TRitterbush
Tim Rousset @TimRousset
Dan Ryan @danryan06
Aaron Scott @wifidownunder
Jake Snyder @jsnyder81 transmitfailure.blogspot.com
Colleen Szymanik @wifi_unicorn
Chad Teal @chadteal
Kris Thurston @KrisThurston
Andrew von Nagy @revolutionwifi revolutionwifi.net
Gregor Vučajnk @GregorVucajnk www.linkedin.com/today/author/14568148
Nathan Wilder @wildernets
Dave Wright @wifidave


Fixing the Prolific Driver on OS X

Prolific USB to Serial Adapter

Prolific USB to Serial Adapter

There are a couple different USB to serial adapters that you might use as a network engineer. The one pictured in the article is manufactured by Prolific, but sold by multiple different vendors. There’s also another manufactured by FTDI, which I’ve heard good things about, and of course the one built into recent Cisco hardware. The driver for the chip used by Cisco is conveniently included in OS X, but the FTDI and Prolific chips require their own drivers. Myself, I have used the Prolific cables for years and have been generally happy with them.

The best drivers for the Prolific come directly from the manufacturer, not the vendors that resell them. This is because the vendor provided drivers always seem to be out of date. However, the drivers from Prolific don’t work with all cables out of the box. I’m going to show you how to fix that.

1. Get the Driver

If you haven’t already, hop over to the Prolific site to download the driver and install it. Here’s the URL at the time of this writing:


If you are running OS X Yosemite, you may need to read this article to get the driver working: OS X Yosemite and Prolific USB Drivers.

2. Discover Magic Numbers

OK, the numbers aren’t really magic, but the driver will need them so that it can be associated with your USB device. Head to Apple -> About This Mac and and choose System Report. Select USB and scroll until you find your Prolific USB device. It should look something like this:

Watch for the Manufacturer (circled in blue). Then note the Product ID and Vendor ID (circled in red). We will be adding these to the driver.

3. Hex to Decimal Conversion

Calculator in hex mode

Calculator in hex mode

We need to convert the hex numbers to decimal. An easy way to do that is to run Calculator and hit Command-3. Click the “16” above the clear button to switch to hex and enter the number you want to convert (like 0x2008 from the example). Now click the 10 and you have the hex to decimal conversion. If you used 0x2008, you should get 8200. You need to convert both the product and vendor IDs.

4. Edit the Driver

Fire up your favorite terminal emulator and head here:

cd /System/Library/Extensions/ProlificUsbSerial.kext/Contents

At this point, you will need to either fire off a root shell or sudo everything.[1]

Safety First! Backup your Info.plist so you can fix the driver if you break it.

Edit Info.plist with your editor of choice. Scroll down and you will find a section that looks like this:


What you want to do is copy and paste that section. I don’t think the <key> actually matters, but you can change it to match the hex version of the vendor and product ID. So if your vendor ID was 0x2478 for Tripplite with a product ID of 0x2008, you can change the key for your new section to:


Then you will want to put the decimal version of that you converted before into the idProduct and idVendor sections. So for the Tripplite example you only need to change the idVendor and it would look like this:


So the final product for my Tripplite version of the Prolific adapter works when I have this section added:


5. Kick the Driver

Now you need to unload and reload the driver to load the new settings:

$ kextload /System/Library/Extensions/ProlificUsbSerial.kext
$ kextunload /System/Library/Extensions/ProlificUsbSerial.kext

You should now have a working USB device! This is a bit of a hassle. I recently found another way to solve this problem, but it’s not free and it’s another blog post.


OS X Yosemite and Prolific USB Drivers

Prolific USB to Serial Adapter

Prolific USB to Serial Adapter

If you are an OS X user, you know that a new OS has come out. New OS upgrades are always shiny, but also come with some level of risk. I have an old MacBook that had been running the Yosemite beta, so I wasn’t too worried about upgrading my primary laptop when the Yosemite final was released. All was fine and dandy until I was onsite and couldn’t console into a router because my ATEN USB to serial adapter wasn’t working…

I’ve been using this particular model of adapter for a long time. They have had the occasional driver issue, but they’ve been good and reliable overall, so I was surprised when I tried to open the device it wasn’t present. This was odd, but I immediately realized it probably had to do with the OS upgrade. No problem, I’ll just reinstall the driver, problem solved!

Not so much. The device still wasn’t loading. At this point, I’m becoming concerned. I ran Console and saw this error when I plugged in my USB adapter:

10/30/14 14:32:09.553 com.apple.kextd[19]: ERROR: invalid signature for
com.prolific.driver.PL2303, will not load

Well, that’s not good. After a bit of searching, I discover that it’s Windows Vista all over again. Well, it’s not actually that bad, but it did remind me of a behavior change in Vista that required all drivers to be signed with a trusted signature. Apparently, Mavericks has been helpfully logging warnings about this, but since nothing had stopped working, I guess no one did anything to fix it. Now with Yosemite, all kernel extensions must be signed or they won’t load. No problem, I’ll just install the updated driver!

Not so much. The device driver is the same as the one I already have. Fortunately, I’d already found the workaround. With Windows Vista, you could hit F8 at boot and boot in a dev mode that allowed any driver to load. You had to do that every time you booted. Fortunately, with Mac you only need to run this command once and reboot, after which it’s set:

sudo nvram boot-args="kext-dev-mode=1"

After rebooting, I found that I had to manually load the kext the first time, but it seems to have been auto-loading ever since. To manually load the kext:

sudo kextload /System/Library/Extensions/ProlificUsbSerial.kext

If you check your logs, you’ll see its back to a warning when the kext is loaded:

11/12/14 19:12:41.747 com.apple.kextd[19]: kext-dev-mode allowing invalid signature
-67062 0xFFFFFFFFFFFEFA0A for kext "/System/Library/Extensions/ProlificUsbSerial.kext"

More importantly, you’ll have your device working and can finally fix that router you’re supposed to be fixing…


What’s new in WLC 7.6.110 – 8.0.100

A while back I wrote an article that covered the changes from WLC 7.1 – 7.6.100 . Let’s catch up to 8.0, shall we?


  • Bugfix release.
  • Fix for issues with WMM with Broadcom clients (no 802.11n for you)
  • Fix for an issue with the AP3700 and replay counters which apparently causes major performance problems on 5GHz.


  • Adds support for 2700 series and 700W series APs.
  • Adds “Cisco WLAN Express Setup” for 2500 series controllers. The notes say: “It includes easy to use GUI Configuration Wizard, an intuitive monitoring dashboard and several Cisco Wireless LAN best practices enabled by default.” Sounds nifty. I need to get a 2504 for my lab… If you are upgrading a 2500 to this release, there’s a decent chunk of steps involved to enable this feature. More info about the feature and the steps here: Cisco WLAN Express Setup for Cisco 2500 Series Wireless Controller.
  • Of course, lots of bugfixes.
  • Several crashes fixed.
  • Obligatory security fixes.
  • False DFS positives fixed.
  • If you really want to see if your favorite bug is fixed, check here: 7.6.120 Resolved Caveats


  • Bugfix release with an even longer list of resolved caveats (7.6.130 Resolved Caveats).
  • More crash fixes and obligatory security fixes. The ones that jumped out at me below.
  • 99% CPU usage fix.
  • Apple auth problems fixed.
  • Fix for CAPWAP disassociation due to DTLS errors
  • Vocera broadcast failure fix
  • RAID volumes get proper status codes
  • vWLC Service Port issue with distributed vSwitch fixed
  • Annoying MFP anomaly messages fixed (but I’m still seeing them)

Now the really interesting stuff. Major releases are always fun, at least once the first round or two of bug fixes come in. Let’s see what’s shiny, shall we?

[Note: I’ve since found this Cisco Wireless Release 8.0 document, which has a nice summary of the features.]


  • Cisco Aironet AP and Scale Features
    • Keep-alives now sent over both control and data CAPWAP tunnels.
    • New Flex+Bridge mode enabled FlexConnect functionality across mesh APs. This means if the wired link goes down, your AP can failover to mesh backhaul. (Not supported on 1130 and 1240. No surprise.)
    • Mesh fast convergence. Automatically sets faster convergence timers. Convergence time per hop down to 20s.
    • AP700W gets VLAN tagging
    • FlexConnect APs can be a PPPoE client. Was in 7.3/7.4, but not 7.5/7.6. Now it’s back. And it’s angry…
    • Dynamic Channel Assignment (DCA) on RF Profiles. Enables multi-country support using AP groups and simplifies mixed channel environments (40MHz/80MHz mix). Sounds like this could be useful for those of us with a mixed .11n and .11ac environment, which will probably be just about everybody soon… See Configuring RF Profiles for more information. (Not supported for mesh/bridge APs.)
    • Rx-SOP: Receiver Start of Packet threshold. #shiny Particularly helpful in high density environments. This helps reduce CCI by controlling what frames the AP will decode. The No Strings Attached Show has a nice whitepaper about it. Config information is here: Configuring Receiver Start of Packet Detection Threshold.
    • Optimized Roaming. Ooh, more #shiny! This helps with sticky clients by disassociating them based on RSSI and data rate. This will also help prevent clients from associating as they pass by. Config info: Configuring Optimized Roaming.
    • Side note: Good article covering Rx-SOP, Optimized Roaming, and RSSI low at Revolution Wi-Fi: Optimized Roaming, RSSI Low Check, RX-SOP, Oh My!
    • AP1700 support added
    • CleanAir Express for AP1600 and AP1700
    • OEAP gets basic firewall support, split tunneling, VoIP QoS
    • Increased scale of vWLC (now up to 6000 clients)
    • 2500 WLC now supports wired guests
  • Native IPv6 (if you need the exhaustive list see Native IPv6 Support)
    • Finally!
    • SLAAC for the service port
    • Full support for all the services and ways of accessing the WLC that you would expect out of v6 support.
    • DHCPv6 option 52 for controller discovery
    • CAPWAP preferred mode – you can choose v4 or v6 as preferred. v4 is preferred by default
    • List of things not supported, which will take away your initial joy:
      • FlexConnect-local switched, mesh/outdoor, teleworker/OEAP, converged acces
      • Services: mDNS, AVC, and TrustSec
      • Bridge mode APs with 64MB of RAM: 600 OEAP, ISR 800/802, 1130, 1240, 1250, 1310, 1410, 1520
      • Internal DHCPv6 server, DHCPv6 proxy, auto-configuration, dynamic interfaces, RA interfaces, OSCP and CA server URL, VLAN pooling
      • NTPv4 (typo?), MLDv2, IPSec v3 and IKEv2, RLDP and CIDS, PMIPv6, mDNS IPv6 clients, and New Mobility
      • IPv6 is not supported for HA Redundancy Interface configuration
      • Auto-RRM, Dynamic Anchoring, DNS RADIUS/TACACS+, core dump
  • Security and RADIUS enhancements
    • SPs can configure new VSAs and tell the WLC how to handle them.
    • WLC can be configured to use the realm value to determine the RADIUS server for a client.
    • WebAuth now works for HTTPS.
    • 802.1X and EAP WLANs now support sending the WLAN ID to the RADIUS server.
    • SHA256 certificate support
  • Ease of Management Features
    • SSID and WLAN profiles can be renamed (Yay! Now you can cleanup the mess!)
    • “ping” can be sourced from a dynamic interface.
    • “show ap summary” now shows the AP’s IP address. Also can search for APs based on IP in the GUI.
    • Bunch of new show system commands. They provide more info about how WLC is running.
    • show run-config startup-commands – Finally, something you can copy and paste into a controller!
    • You can globally enable/disable SSH/telnet for all APs on a controller.
    • Choice of color themes for the GUI (default and red). Helps distinguish between controllers.
    • You can now flash the LEDs on an AP to identify it. About time…
    • “show client detail” now shows AP and WLAN
    • “show ap join stats” corrects output for renamed APs
    • “debug client” now shows the AP connected and RSSI.
    • You can now update the OUI list without upgrading the controller. But it requires a reboot…
    • 802.11v. My understanding is it’s supposed to leverage 802.11k info to control client associations. Not sure if any clients actually support this.
    • 802.11r mixed mode. Yes, bold. No need for a seperate SSID for 802.11r and non-11r clients. This is very shiny. And useful.
  • High Availability Enhancements
    • 802.11ac is now supported in HA. I hadn’t realized it wasn’t supported before.
    • Handful of enhancements to HA, including faster sync and more configurability.
    • Internal DHCP now works with client SSO. The database is synced between the active and standby controllers.
  • Better policy control for mDNS
  • AVC
    • NBAR 2 protocol pack updated to 11. Heh.
    • Per app, per client rate limiting. Nice.
    • QoS marking can choose the direction instead of only bidirectional. I wonder what the use case for that is.
  • Q-in-Q support. Outer tag for AP group. Inner tag assigned by AAA.
  • VideoStream now supported for FlexConnect locally switched mode.
  • WPA/TKIP now only configurable from the CLI.

Closing Notes

WLC 8.0 is supported on PI 2.1.1. A number of the new features aren’t supported, though I expect those will be available in PI 2.2. ISE 1.2 is supported. Obviously, MSE 8.0 is supported with it. It’s not clear is MSE 8.0 upgrade is required, but it is at least implied.

I suspect this will be the last release to support the 1130 and 1240 series.

8.0.100 has a LONG list of resolved caveats (many of which are also resolved in the 7.x code base) and a decent list of open ones. If you are considering 8.0, I recommend going over those carefully: WLC 8.0 Caveats. Personally, I will likely wait for 8.0.110 before going into production with it.


Pseudo-Random Bits of IT Humor

I have a collection of IT humor that I’ve accumulated over the years. I thought I’d share some of the shorter ones with you. I hope you enjoy them!

From the choice-of-metaphors dept:

“Installing [Exchange 2000] is just about as hard as firing a rocket
launcher into your data center. Just point and click.”
— Chuck Yerkes

From the tip-of-the-iceberg dept:

The purpose of IT is to seamlessly and transparently provide the other
9/10’s of the iceberg for people who need to work with chunks of floating
ice. This would explain why sysadmins are so often equipped with only poles
and kayaks and told to go out and keep the shipping lanes clear.

“Twin turbo diesel pushers of several hundred horsepower each? Why do
you need that? That’s just a little chunk of ice! Now stop web surfing
and go out there and push it out of the way in your kayak. By the
way, since the ice is getting smaller, we’ve cut the pole budget for
this month. Yours is shorter now, but you should be able to get by.”
— Strata Rose Chalup

From the overheard-on-IRC dept:

Is it just me, or does it seem appropriate for Novell to
give out pens with puzzles in them at a trade show?
Only if the pen doesn’t actually work until you solve the

From the things-never-change dept:

“On two occasions, I have been asked [by members of Parliament], ‘Pray,
Mr. Babbage, if you put into the machine wrong figures, will the right
answers come out?’ I am not able to rightly apprehend the kind of confusion
of ideas that could provoke such a question.”
— Charles Babbage

From the funnier-with-context dept:

I went all Charles Babbage on him.

From the packet-pushers dept:

“VTP is an incarnation of the Devil. He came down on the Earth and put
VTP so that engineers could make mistakes and kill their networks.”
— Greg Ferro

From the #yourrouterjokes dept:

From the business-is-good dept:

Honestly, security experts don’t pick on Microsoft because we have some
fundamental dislike for the company. Indeed, Microsoft’s poor products are
one of the reasons we’re in business.
— Bruce Schneier

From the must-be-this-old-to-get dept:

Yup. Dog was crawling around under the desk and pulled on some of the
cableK@J ^T ^$9a NO TERRIER

From the afterburner-style-anti-spam dept:

*** AB is now known as |
< |> Greetings.
< |>
< |> You will doubtless be pleased to know that the account of the
spammer you’re reporting has been been ground into fine metal
shavings, distributed amongst some 27 or so small glass vials, and
launched independently into the heart of the sun.
< |> We apologize for the inconvenience of this spam, and hope that the
rest of your day remains spam-free.
*** | is now known as AB

From the RFC-FTW dept:

“Contrary to Microsoft, Cisco engineers actually read the RFCs and implement them.”
— Ivan Pepelnjak on Microsoft NLB