Podcast

CTS 176: Cisco Wireless Certifications, Revamped

Things are evolving again at Cisco. This time with the certifications. Cisco is further driving the Intent-based networking model into certifications. There’s the need to drive multi-domain policy, introduce APIs and programmability. It could change the way we do things every day. Infrastructure engineers are becoming software developers? Maybe not completely but there are those who may want to do both.

New Cisco & DevNet Certs with Mandy Whaley

Organizations want more speed, more agility, and more simplicity but what happens underneath that simplification is not that simple. Chuck Robbins, during his keynote, mentioned the certifications have not evolved in 26 years. And that’s when he introduces the Cisco Certified DevNet certifications. Bringing software skills to networking and networking skills to software.

Cisco wants you to build applications and capabilities. Which will bring value on top of the platforms Cisco is building.

The DevNet Associate certification covers 80% software skills and 20% networking skills. The CCNA covers 80% networking skills and 20% software skills. The two are complimentary if you were to pursue NetDevOps.

Cisco then took those CCNA specializations and turned them into technology concentrations.

CCNP certifications are now available in enterprise, service provider, data center, security, and collaboration, which you need to pass the core exam and a concentration exam.

DevNet Professional is earned by passing core exam and DevNet Specialist

What does that mean for wireless?

  • The CCNA Wireless won’t be available anymore
  • There will be a Cisco Concentration certification in Wireless
  • Concentration exams exist under the Enterprise Track
    • 300-425 ENWLSD Enterprise Wireless Design
      • Focuses on site surveys
      • Collecting requirements and constraints
      • Predictive and post-deployment surveys
      • Determining infrastructure requirements such as 
        • PoE
        • RRM
        • RF Profiles
        • RxSOP
      • Designing per requirements
      • High density
      • Mesh
      • Mobility
      • High availability
    • 300-430 ENWLSI Enterprise Wireless Implementation 
      • Focuses on actual configuration
      • FlexConnect
      • QoS
      • Multicast
      • Location Services
        • MSE
        • CMX
      • Security
        • ISE
        • Portals (not security really)
        • 802.1X
        • AAA
      • Monitoring
        • DNAC
        • PI
      • Device Hardening
  • CCNP Enterprise contains two wireless concentration exams
    • 300-425 ENWLSD Designing Cisco Enterprise Wireless Networks
    • 300-430 ENWLSI Implementing Cisco Enterprise Wireless Networks
  • At the CCNP level, the R&S and Wireless track have merged. So it will be the same core exam covering both tracks and it will be called CCNP Enterprise. It will test you on:
    • Dual Stack (IPv4 IPv6) architecture
    • Virtualization
    • Infrastructure
    • Network assurance
    • Security
    • Automation
  • CCIE Wireless becomes CCIE Enterprise Wireless
    • There is no more CCIE written, the CCNP ENCOR exam qualifies you to sit the CCIE Enterprise Wireless Lab
    • The policy to sit the lab 18 months after the written exam is gone. Now you have 3 years after you passed your ENCOR to sit in the lab.
    • The CCIE Enterprise Wireless Exam will cover (link):
      • Radio Frequency and Standards
      • Enterprise Wired Campus
      • Enterprise Wireless Network
      • Wireless Security and Identity Management
      • Wireless business applications and services
      • Automation, Analytics and Assurance

New exams go live on February 24, 2020. Training for these new certifications will start this year (probably more towards the end of the year.)

All certifications will now be valid for 3 years. And the Continuous learning program can now be used at all levels, including CCNA and CCNP.

  • 30 credits are required to recertify a CCNA
  • 80 credits are required to recertify a CCNP
  • 120 credits are required to recertify a CCIE

Credits can be earned by:

  • Attending Cisco training
  • Taking Cisco exams
  • Attending Cisco Live
  • Authoring content

What are the migration steps?

  • New CCNA replaces current CCNA certs 
    • Cloud
    • Collaboration
    • Cyber Ops
    • Data Center
    • CCDA
    • Industrial
    • R&S
    • Security
    • SP
    • Wireless
  • If you complete any current CCNA/CCDA before Feb 24, 2020 you will receive new CCNA and a training badge in the corresponding technology area
  • CCNP Wireless
    • If you pass any of the CCNP Wireless exams prior to Feb 24, 2020 then you will become a Cisco Certified Specialist
    • CCNP WIDESIGN and/or WIDEPLOY give you Cisco Certified Specialist – Enterprise Wireless Design
    • CCNP WITSHOOT and/or WISECURE give you Cisco Certified Specialist – Enterprise Wireless Implementation
    • If you have all four, you will get the new CCNP Enterprise certification and the specialist certifications, Cisco Certified Specialist – Enterprise Wireless Design and Cisco Certified Specialist – Enterprise Wireless Implementation
    • If you have partial CCNP Wireless (2 or 3 out of the 4) you will need to take 300-401 ENCOR (enterprise core) to get the new CCNP certification
    • You don’t need to be CCNA certified to become a CCNP. You can jump in directly at the CCNP level
    • Passing the core exam will qualify you to sit the CCIE Wireless lab.
  • What if you have a CCNA and a specialization? 
    • New CCNA is consolidated. 
    • You keep your CCNA
    • If you have a specialization you will receive a training badge for that technology area, for example, CCNA Wireless.

Cisco Networking Academy will expand to train students for DevNet Associate and Professional level certifications.

Links and Resources

CTS 175: Wi-Fi Security Updates with Hendrik Lüth

In this episode, we are interviewing Hendrik Lüth on the state of Wi-Fi security today. Hendrik works as a System Engineer for CANCOM in Germany. You can follow him on Twitter @DO9XE and on Linkedin. You can also visit and read his blog at https://linux-nerds.de/.

Agenda

  • Start conversation with the “2018” status of WiFi security
    • WPA2 is widely supported
    • WPA2-Enterprise too complicated for home/guest solutions
    • Headless IoT devices only support PSK, because of hardware limitations
  • MPSK/PPSK/DynPSK
    • Short Recap on 4-way handshake
      • We just need to mention that there is Nonce and a MIC, that’s all 🙂
    • Explanation of how it works and why it’s different with every vendor
    • PPSK from aerohive
      • Use Nonce, MIC and MAC and a list of known keys to find a matching key
      • More information needed, hard to find technical details
    • DynPSK from rukkus
      • One key per MAC, auto detection possible
      • Autodetection probably like aerohive
      • Internal database of the Zone-director
    • MPSK (Multiple PSK) from Aruba
      • Based on a mac-authentication
      • Requires ClearPass Policy Manager
    • Identity PSK from Cisco
  • WPA3
    • WPA3-SAE
      • Dragonfly handshake
    • WPA3-Enterprise 192-bit Mode
      • CNSA Suite B
      • Stronger crypto
  • Enhance Open
    • RFC8110
    • Transition mode
  • Plan from Aruba to bring MPSK with WPA3-SAE into the IEEE Standard
  • Dragonblood Attack by Mathy Vanhoef

Resources

CTS 174: Takeaways From Cisco Live

Welcome to this episode where we do a quick recap of how Cisco Live went this year in San Diego. This is one of the few rare moments when both hosts are in the same city.

Cisco Live Recap with Rasika and Stephen

Check out this short video we recorded with Rasika and Stephen getting their thoughts at the end of the conference.

Wi-Fi 6

The Cisco Live conference was not using the new Catalyst 9100 series access points. Stability is a big thing for a huge conference. But they were seen over at the Whisper Suites. It’s just too soon to be using the C9100’s for a large conference.

Cisco Live Wi-Fi

We do have some interesting stats near the end of the conference. There were over 28,000 attendees. The Cisco Champions were able to join a NOC Talk with the folks running the network. Just to note, during the NOC talk there were only five Wi-Fi 6 clients on the network.

Cisco Live Photos by Rowell Dionicio. https://rowelldionicio.com/clusphotos

Some Cisco Live Wi-Fi details

  • 6 WiFi guys
  • 91% of clients were 802.11ac
  • Running Aironet in convention
  • Hyatt running Meraki
  • Took over Hilton’s Meraki network
  • OpenRoaming debuts – 3000+ devices on Monday before keynote
  • DNA Assurance deployed. Sensors deployed all over.
  • Cisco 8540s servicing convention center
  • Running 8.5.140.0 code

DevNet Certifications

Announced during the opening keynote were the certification changes across the board along with new DevNet certifications announced. We’ll address the new certifications in a future episode but you can check out the details on Cisco’s developer site.

Cisco + Intel + Samsung + Boingo

Cisco Champions were fortunate to take part in conversations between Cisco, Intel, Samsung, and Boingo. We received insight into the partnership between each company and how they are all working together to bring a better user experience to devices and infrastructure as it pertains to Wi-Fi. It was a short conversation but a good one nonetheless.

Cisco Live Photos

Check out Rowell’s photos from Cisco Live.

CTS 173: WiFi Medley 001

This week’s episode is the eve of Cisco Live. Rowell & François will be headed to San Diego for a week of learning, recording, and networking with other likeminded individuals.

In this episode, we talk about various topics of Wi-Fi.

You can take a look at an example of sessions we’re looking forward to at Cisco Live.

François’ #CLUS Schedule

Captive Portals are a necessary evil. Most are still done in a way that prevents users from getting connected. Whether that’s requesting every single kind of personal information or maybe it’s a simple splash page with terms and conditions. Either way, there’s now a page which describes how different devices behave with captive portals. It was created by the Wireless Broadband Alliance and it’s a good read if you’d like to understand how a device’s behavior is to be expected with Captive Portals.

Captive Portals

Wi-Fi 6 testing continues over at CTS headquarters. Rowell now has a Samsung S10 and an Intel AX200NGW in a Lenovo laptop. You can upgrade your laptop for a reasonable price. Rowell purchased his for $30 and it shipped from China. We’re learning whether what we’ve read from the draft is being implemented by the Wi-Fi vendors.

When it comes to capturing these frames, you have to remember to capture with another Wi-Fi 6 capable device. You’ll need to demodulate Wi-Fi 6 frames. Rowell used a Cisco C9115AX access point in sniffer mode to see what can be gathered. There’s a little caveat with these access points which we will look into further before putting something out public.

We will have more information after #CLUS.

The Wi-Fi Alliance expands with the Wi-Fi Certified Home Design which is aimed toward home builders. In a highly connected world, why not have Wi-Fi built with a new home? Builders can get educated in Wi-Fi design and have homes certified for Wi-Fi. What are your thoughts on that? Let us know in the comments.

CTS 172: Conference Wi-Fi

This Week In Wireless

  • Rowell recorded a video on Wi-Fi 6 on David Bombal’s YouTube channel
  • Huawei
    • Huawei is temporarily pushed out of the Wi-Fi Alliance
    • Wi-Fi Alliance is fully complying with the recent U.S. Department of Commerce order without revoking Huawei Technologies membership. Wi-Fi Alliance has temporarily restricted Huawei Technologies participation in Wi-Fi Alliance activities covered by the order.
    • https://www.androidauthority.com/huawei-wi-fi-bluetooth-990610/
  • SpaceX Launches 60 Starlink Internet Satellites Into Orbit
    • https://www.nytimes.com/2019/05/23/science/spacex-launch.html
    • “The Starlink satellites will orbit much lower — between 210 and 710 miles above the surface. That reduces the lagginess, or latency. SpaceX has said performance should be comparable to ground-based cable and optical fiber networks that carry most internet traffic today. Starlink would provide high-speed internet to parts of the world that currently are largely cut off from the modern digital world.”
  • CWNP new certification: Solution Administration
    • https://www.cwnp.com/certifications/cwsa
    • Certification on non-802.11 technologies (BLE, Cellular, Zigbee, wired-side technologies, location services, APIs, Project Management)
    • First class will be in September 2019
    • In the future, additional certifications will address key areas in greater depth, such as automation/integration, IoT, private 5G, etc.
  • Wi-Fi Images
    • Instagram @cleartosend
    • https://www.instagram.com/cleartosend/
  • iBwave webinar
    • How to Design Wi-Fi for Higher Education
    • https://www.cleartosend.net/designing-wifi-networks-higher-education/

Conference Wi-Fi

Challenges

  • Very Dynamic environment!
  • Very High Density of devices
  • There are a lot of ad hoc requests throughout the event
  • ROGUES
  • Very intense, long hours, little sleep

Prep Work – A lot of it!

  • Understand the type of event
    • Understand what type of people will be attending
    • Understand which application will be used over the Wi-Fi. Any critical ones?
  • Understand the layout of the conference
    • Where will the stages be
    • Where will the VIP zone be
    • Where will the media zone be
    • Where will the TV broadcaster zone be
    • Where will the registration zone be
  • Understand the flow of people
  • Prepare the LAN
    • Size it properly so it can handle the number of devices expected (2.5 devices per person)
    • Make sure the basics are covered
      • DHCP
      • DNS
      • Firewall
      • Core network
      • PoE budget
    • Prepare alternative plans just in case something goes wrong with the basics
      • What do I do if the internet goes down? Maybe plan for a backup internet link
      • What do I do if my DHCP server goes down?
      • What do I do if my DNS server goes down?
      • What do I do if run out of PoE power?
    • Make sure that you have enough internet bandwidth
  • Prepare the Wi-Fi
    • Understand the limitation of AP placement
    • Leverage the APs installed under the ceiling
    • Understand where to place temporary access points if required
      • Do you have access to cables from the floor
    • Plan to have APs ready to go and being deployed fast
    • Size your controller properly
    • Forget 2.4GHz, plan for 5GHz. Expect to see a lot of 802.11ac devices (and a few 802.11n devices)
    • Stage as much equipment ahead of time as possible
    • Organize the APs, name them properly and keep track of them in a document
    • Tweak the RF on the under ceiling APs as much as you can.
  • Configuration of the Wi-Fi
    • Public Wi-Fi
      • Keep it as simple as possible
      • If possible, no Captive Portal
    • Private Wi-Fi
      • Understand if you need to configure QoS
    • Create AP groups and RF Profile to be as flexible as possible
    • Use all the channels you can (even DFS, 165)
    • Place the temporary APs as close to the clients as possible
      • Use the people and floor element to content the signal and limit the CCI and optimize your channel re-use
    • Do you use DCA or static?
    • Study the use of more specific features (Probe Suppression, AirTime fairness…)

During the Event

  • Monitoring
  • Adjust the RF settings based on where the people are
    • Registration
    • Stages
    • Busy Areas
    • Lunch Areas
  • Handle Requests
    • Setup new SSIDs
    • Add coverage in specific areas
  • Battle the ROGUES
    • Make sure people turn their ROGUE APs off
    • Find solutions to answer their needs (using the existing infra or alternative solutions)

Tools

  • Ekahau with a sidekick
  • Airchecks
  • Wi-Fi scanners (Explorer Pro)
  • Screens 🙂
  • Your favourite terminal application. My new favourite: iTerm2
  • Your favourite network diagnosis tools. My new favourite: Mtr

Ideas to help us supporting such events

  • Can some of the configuration and monitoring be automated?
  • Create your own monitoring dashboards
  • Create your own scripts to automate some tasks
  • Create a simple application to process the AP tracking

Links

Photos