Conditions: HTTPS Management, webauth are vulnerable by default
Workaround: Use FIPS mode (config switchconfig fips-prerequisite enable ), as it restricts the supported cipher suits Note: this config change has implications on other features, for example, restricting to SNMPv3, crypto protocols are set for only HMAC-SHA1, no RC4, etc. so validate if it is applicable on your usage scenario, and compatibility for management applications connecting to the WLC it is recommended to move to a fixed version
Further Problem Description: Fix now available in 220.127.116.11, 18.104.22.168, 22.214.171.124 in CCO
Type of behavior change: TLSv1 will be used for webadmin/web-auth access on WLC by default. SSLv3 which was earlier used is disabled.
Impact: Clients now have to use TLSv1 for webadmin/web-auth. If they want to use SSLv3 only then SSLv3 needs to be enabled using CLI: config network secureweb sslv3 enable
It’s been about two and half years, since the launch of next generation Cisco Catalyst 9800 Wireless LAN Controllers that has the most deployment flexibility and runs the modular, scalable, highly reliable, open and programmable operating system, I...
Hi All, I have made this video for Cisco Pitch the Future Contest in Malaysia which talks about Wi-Fi 6 and EWC Demo. Please feel free to view the video below and please support me for this contest by giving the video a like as the Contest will end o...
On the Cisco Catalyst 9800 Series WLC, enabling/disabling the remote LAN (RLAN) ports on APs requires going into the configuration for each AP and manually enabling/disabling the ports. However, as the number of APs that need to have their RLAN...
It’s been a long road for our AireOS wireless controllers. In fact these products have been around Cisco in some form since 2005. As you may have heard, Cisco made the decision to End-of-Sale (EOS) these products last month.
That means that these AireOS ...