Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
Fwd: Advance notice: Microsoft Windows 8 and Cisco centralised wireless incompatibility.
********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
I’m forwarding this from a colleague in the UK which looks rather serious.
I’ve not yet read it through but found it so urgent that I’ll forward it right away.
From: "Paul Hill (phill)" <phill@CISCO.COM>
Subject: Advance notice: Microsoft Windows 8 and Cisco centralised wireless incompatibility.
Date: August 29, 2012 21:22:20 GMT+02:00
Reply-To: Wireless Issues in the JANET community <WIRELESS-ADMIN@JISCMAIL.AC.UK>
I wanted to pre-advise colleagues in advance of a formal Field Notice coming
out shortly that a serious software bug exists in all Cisco centralised
wireless controller versions which support pre-standard Management Frame
Protection (MFP) that will render Windows 8 devices completely unable to
connect to Cisco APs under centralised control, with no easy workaround.
This will affect every institution on the list using Cisco centralised
wireless so I hope the non-Cisco colleagues won't mind this broadcast as
it's quite important to avoid clients starting to pop up that can't connect
for no apparent reason. Cisco has asked every employee, every partner and
every other contractor we have a relationship with to proactively reach
out to our/their customers to advise of this problem - so you might hear
this twice or more from various contacts / lists / sources over the coming
Problem: Microsoft Windows 8, to be released on October 26th, is among the
first clients to support IEEE 802.11w natively in the OS. Clients running
802.11w fail to connect to Cisco's MFP capable APs because of interoperability
issues in the service capability negotiation. It is /not/ possible to address
this by simply disabling MFP on the Cisco Infrastructure, and Microsoft confirm
that Windows 8 does not provide any way (e.g., RegKey, Group Policy) to turn
off 802.11w as it is considered a positive feature to always have turned on
for security purposes. The Cisco bug ID tracking this is CSCua29504.
Solution: The only two solutions are:
1. Update the Controller code to a fixed version.
2. Downgrade to a pre-Windows 8 wireless NIC driver on the client device -
where that option is available - as 802.11w is NIC driver and/or supplicant
dependant. The only allowance Windows 8 makes is to not enforce 802.11w
on pre-Windows 8 driver sets which will not work with most vendors' NICs
otherwise. Clearly, the support implications of advising end users to do
this will not scale, will not work indefinitely, and Cisco is not relying
on this option as any kind of sustainable or permanent workaround.
The plan is to patch the bug so that Windows 8 and other 802.11w capable
clients can connect to Cisco infrastructure on the 7.0 code train (Early
September), 7.2 code train (Late September) and 7.3 first release code train
(Available by the end of August).
This fix does not implement 802.11w but instead ensures that the communication
from 802.11w enabled clients is interpreted correctly by the Access Point.
There are no plans to patch this on the 5.0, 5.1, 5.2, 6.0 and 7.1 code-trains
which have passed their End of Software Maintenance (EoSM) or End of Life
(EoL) dates, and so 7.0 is the minimum release to move to if still running
<=7.0 and needing the fix; and 7.2 if running 7.1. This issue does not affect
version 4.2 and previous.
Finally, the IEEE standard version of MFP - 802.11w (called Protected
Management Frames - PMF) - will be supported in 7.4 (early Q1 2013).
For now, I would advise scheduling a software upgrade window on your Cisco
controllers ready for when the fixed code versions are released (if not wishing,
or not able due to controller model, to adopt 7.3 soon). This will avoid
a flurry of user support cases coming in the day they start arriving on campus
with Windows 8 devices on or soon after launch. The route to obtain the fixed
software versions is via your normal support channel.
It goes without saying that this is a deeply unfortunate situation to have
arisen, but I hope you won't shoot the messenger! :-) As bugs go this is
right up there as quite a stunner. I expect to be quite busy over the next
few months across Public Sector as this ripples out to customers who have
not been reachable in advance for whatever reason.
Please feel free to share this as widely as possible with any colleagues
or other institutions you believe would be interested that are not on this
Paul A. Hill CCDP, CCNP Wireless, CWNP Inc. CWDP & CWSP
Head of Wireless Technologies, Public Sector UK
Cisco Systems Ltd. E-mail: firstname.lastname@example.org
10 New Square Direct Tel: +44 (0)20 8824 8534
Bedfont Lakes Direct Fax: +44 (0)20 7900 2337
Feltham Mobile *: As Direct Telephone
Middlesex Main Tel: +44 (0)20 8824 1000
TW14 8HA Main Fax: +44 (0)20 8824 1001
United Kingdom Voicemail: 844 48534
* Single Number Reach rings all of my contact devices simultaneously.
Cisco Systems Limited (Company Number: 02558939), is registered in England and Wales with its registered office at 1 Callaghan Square, Cardiff, South Glamorgan CF10 5BT.
This e-mail may contain confidential and privileged material for the sole use of the intended recipient. Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorised to receive for the recipient), please contact the sender by reply e-mail and delete all copies of this message.