I tested the last firmware 220.127.116.11 on 10 AP. It was catastrophic because all access points stopped working (no SSID WIFI visible but Ethernet Interface OK) . I downgraded all AP to 18.104.22.168 to solve this problem.
Finally, i can't use the last firmware so i can't secure the system....
What about a new "GOOD" firmware ?
The WAP4410N should work well with 22.214.171.124. I recommend that you upgrade one AP, set it to factory defaults and reconfigure it manually. If it works well, that indicates some problem with the prior configuration or the new firmware is causing the old config to corrupt. In that case I would reconfigure fully and then copy that config to the other APs (change the address and other settings as needed).
If you cannot get one AP working correctly with the latest firmware after resetting to factory defaults, please call support and open a case:
Thanks Marty for your quick answer.
I am disapointed because you said that i need to reset all AP, it's not a good news. So you can admit that something is abnormal in upgrade procedure with the last firmware version...
So i will try your procedure in a few weeks because i can't do that at the moment.
I am not aware of any issues with upgrading the APs to the latest firmware. As far as I know it normally works well. Clearly there is something wrong in your case, which is why I made the suggestions. I recommend testing with only one AP at first to see if it makes a difference. If not, call support and open a case.
I upgraded one of my three WAP4410Ns the other day to v126.96.36.199. Dead easy! It was a V02 model though. Could it be that your models Michael are V01? My reading of Release Notes suggests recent FW revsions are not compatible. As my other two are V01, I would also like Marty to provide an answer to this.
Firmware versions higher than 188.8.131.52 are compatible with version 1 and 2 hardware. If I recall correctly there was one firmware release that was only compatible with v.2 hardware but it is no longer published.
OK Marty. This explains why despite what the Release Notes seem to say, at the recommendation of Cisco Network Engineer Diego Rodriguez back in late 2012, I was able to update my V01s from v184.108.40.206 to v220.127.116.11. Since that time they have been 100% good! No problems.
Based on your input, I should just go ahead to v18.104.22.168 to fix the security hole identified in December. I am prepared to brick one WAP to prove a point, as the WAP321 looks to be an interesting alternative. In my place, would you go for the FW update??
FWIW, I have an identical dilemma with my Router, an RVS4000 V01 model. Any thoughts on whether to go from v22.214.171.124 to the latest v126.96.36.199? Bearing in mind that if I brick this one, I will be cut off from the world! Looking at an RV320 as a possible modern replacement.
Thanks for your help.
I would certainly upgrade the WAP4410N to the latest firmware to close the security breach.
You cannot upgrade the RVS4000 to any version 2 or higher firmware. It either will not accept it or it will brick it. I'm not willing to test this to find out.
My understanding is that a firmware will be released by the end of February to patch the version 1 RVS4000 and also the version 1 WRVS4400N. Check the downloads page for updates.
Excellent news, Marty. I will have a go tomorrow with my two V01s, now confident of success. I already updated my V02 yesterday, and all is fine with it.
As for my router, I was already 99% sure it could not use any V02 FW. But good to know there is a V01 fix scheduled. Will watch for it. Might still opt for a shiny new router anyway, the RV320 being my current choice. Need to read its manual, specifically to check it can cope with 50 entries in its Static IP Mapping table. Assuming it can handle DHCP reserved IPs of course!
Appreciated your very prompt response on this.
Message was edited by: Norman Macdonald (Typo)
Re. Packet loss on WAP4410N, you may find this post of mine of interest. Cisco will not replace the faulty V01 WAPS.
All the best .... Rob.
I've got 10 AP with V02 hardware. The firmware upgrade seems to be good but after a few minutes all wifi ssid are disappeared...
I don't know what causes the crash in my config...
I've got 3 SSID with wpa2-personal (AES) .
This model of AP is not very stable, it's my opinion (like "stuck beacon problem" from the past...). I have some regrets...
I cannot comment about why your SSIDs are heading south, obviously something in your configuration could be amiss. Hopefully one of the helpful people on this forum can provide some inspiration!.
I have a single V02 model, and since I updated it to v188.8.131.52, AFAIK it has been OK. It serves the rear of the property and in fairness I have not used wifi there since the security fix.
[Edit: Had a brainwave... ran inSSIDer, and all three of my WAPs, plus a couple of other nearby signals popped up. So all definitely OK for now.]
Going to try v184.108.40.206 on my two V01s later today if I can find time.
I am really sorry to hear you regret buying your WAP4410Ns, but I have to say I rather like mine, and certainly did not want to have to abandon them over the recent security bug. I find its browser-based device manager easy to use. As a domestic customer I certainly did not want the expense of 3xWAP121 or 321 replacements. Don't give up on yours too easily, although I do realise that with ten, you definitely cannot afford to be having reliablity problems.
Both v220.127.116.11 updates are good. All my three WAP4410Ns are fixed. One odd thing is that while all three can have their settings viewed using IE on PC, only one V01 and the V02 can be accessed using Safari on my iPad. Otherwise they seem to be running all right, with v18.104.22.168 displaying on the Status page.
Now waiting for the RVS4000 FW fix to appear.
I see Cindy Toy has now released the security bug fix for early WRVS4400N models, so the RVS4000 V01 FW fix will probably follow soon, as you predicted.
One question relating to my three WAP4410Ns, still running fine with the bug fixed v22.214.171.124...
Looking at System Performance (Wired):-
AP-1 (V01) up for 2 days 19 hours approx shows 56 Dropped Receive Packets.
AP-2 (also V01) up for 2 days 19 hours approx shows 214 Dropped Receive Packets.
AP-3 (my V02 model) up for 5 days 3 hours shows zero (0) Dropped Receive Packets.
Now AP-3 is a lot further away from my Computer Room than the two older APs. I also realise that these performance figures in themselves do not mean I have a poor wireless network. I am aware that there is an extra crystal to improve clock jitter, and this hardware tweak is what makes the difference between the V01 and V02 versions. Is this why I am seeing such a marked difference in Dropped Receive Packet errors?
FWIW V02s are still available for sale here, and for the small outlay I am very tempted just to go to 100% latest models. And eBay the older ones!
I am aware that there is an extra crystal to improve clock jitter, and this hardware tweak is what makes the difference between the V01 and V02 versions. Is this why I am seeing such a marked difference in Dropped Receive Packet errors?
It is certainly possible that the crystal is helping the V02 AP. Why not swap a version 1 for the version 2 and see if you get dropped packets on either of them in the new locations?
It is not uncommon to see some dropped packets on a wireless network. Did you notice any problems with connected devices? In other words, did all of the packets drop within a short time or was it a packet here and there? Usually intermittent loss is never noticed. An exception would be a VoIP network where a call could drop with too much loss.
Good suggestion, Marty. No idea when/how packets get dropped. I suspect your phrase "here and there" sums it up.I have no VoIP here at present, and realise all this is a bit academic. But I might have a go with VoIP sometime down the line.
So, yes, I will go ahead and swap over a V01 and V02 WAP4410N to see what happens. FWIW AP1 (V01) is direct to my main switch. AP-2 (V01) data passes from this main switch through an SD2008T en route, while AP-3 (V02) also passes via this SD2008T. The one with the best performance has a tortuous path and longer cable run than the other two.
Have a great weekend.
I tested the solution provided by Marty but I have the same problem. I started the setup from the beginning on a new AP with firmware version 126.96.36.199.
All WIFI SSID disappear after 10-30 minutes. The web interface and SSH access remains active.
I am totally helpless. I will open a support ticket CISCO.
Have a nice weekend !
My three WAP4410Ns are all running fine with v188.8.131.52 FW. However one odd thing puzzles me, and I do not like things I do not understand. Until now I have used my PC's IE browser to access these three WAPs, and access is 100% irrespective of whether a WAP has V01 or V02 hardware.
After swapping WAP-2 and WAP-3 over just to see the efffect on Dropped Received Packets as per Marty's suggestion earlier in this thread, I decided to try casually monitoring results via my iPad while TV watching. No problem getting into WAP-1 & WAP-2, the V01 models. But Safari says "Safari cannot open the page because the network connection was lost" for WAP-3, the V02 model. Can anyone explain this?
FWIW, WAP-1 has dropped 94 Receive Packets in just over 4 days of uptime. After the swap 1 day 3 hours ago, WAP-2 (V01) has dropped 8, WAP-3 (V02) has not dropped a single packet. Because the cost is trivial, I am seriously thinking of going 100% V02, so would prefer to know why I cannot get into a V02 using Safari, and if there is a tweak that will fix this?
If I recall correctly, wireless management is disabled by default. You may either have to reach the AP through a wired connection or connect your iPad to one of the other APs to simulate a wired connection to the V02 AP.
Interesting that you are seeing the packet loss on the V01 hardware. Is the LAN port connected to the RVS4000 directly? I have seen packet loss and other strange issues with the WAP4410Ns when they were connected to a 10/100 switch. That is why the option to lower the LAN port speed to 10/100 was introduced in a firmware release a few years ago.
Marty, with three WAPs I had got confused about which one could not be accessed using Safari on my iPad. Of course you are correct, in that enabling wireless management on the relevant WAP4410N-AP1 (V01), means all three can now be interrogated or their settings tweaked either by PC or iPad. Result!
As for my Drop Receive Packets point, results today are:-
WAP4410N-AP1 (V01) after 5 days/15 hours 0 Error Packets Received 358 Drop Received Packets
WAP4410N-AP2 (V01) after 2 days/2 hours 0 Error Packets Received 16 Drop Received Packets
WAP4410N-AP3 (V02) after 2 days/ 2 hours 0 Error Packets Received 0 Drop Received Packets
Now, bearing in mind that I followed your suggestion to physically swap over a V02 and a V01, then it is clear from the V02's error-free performance when moved to the opposite end of the house, that it is not location dependent. BTW, both these two WAPs are connected direct to the same SD2008T-UK Switch downstairs.
To answer your latest query, none of the WAP LAN ports connect to my RVS4000 directly. My switch wiring is:-
Cable Modem --> RVS4000 --> GS116 --> WAP4410N-AP1 (V01)
.........................................................--> Other stuff
..............................................................--> WAP4410N-AP2 (V01)
..............................................................--> WAP4410N-AP3 (V02)
..............................................................--> Other stuff
...................................................................--> Other stuff
All my switches are Gigabit capable, so your comment about lowering LAN port speed to 10/100 really should not be necessary.
I have two thoughts:-
1) Switch off AP-1 and AP-2 (both the V01s) to force all traffic through AP-3, the V02, and see if its zero error performance is sustained.
2) Given its low cost in the grand scheme of things, my inclination right now is to rush off and purchase another WAP4410N , double-checking of course to ensure it is the later version! Replace one of the V01s, see what happens.
Won't do anything till you feel we have exhausted all other setting choices that may be causing this difference between V01 and V02 models.
Unless you have made some obvious change to the configuration, there shouldn't be much difference between the devices.
I like your idea of forcing all traffic through the V02 as a test. That will eliminate some wireless client(s) as the culprit.
If you are inclined to purchase new Cisco hardware I am not going to dissuade you too much. Personally, unless the packet drops were affecting me in some way I would leave them alone and monitor occasionally to see if the issue gets worse, or starts to affect connectivity. With the new standard "AC" quickly replacing "N", I would wait for a little while and see what new devices come out.
Marty, thanks again. All three of my WAPs have more or less identical settings, so no explanation there then.
Running now with all traffic forced through my V02 model. Still error free, although I had a problem getting into it again via Safari. Wireless Web Access had reverted to Disabled again! Enabled | Saved | Rebooted this time, but to be fair this "access" issue from my iPad is really just a distraction from the main show!
My usual vendor has stock, but the boxes do not appear to indicate which variant is inside the box. Obviously he can't break the seals to check, but it's all new stock, so I am 99% sure they will be V02s. I take your point about waiting for 802.11ac, but frankly as I have no wireless clients that can make use of this anyway, my present inclination is just to buy another WAP4410N immediately to see what happens.
If it's a V02, upgrade it to v184.108.40.206, and monitor its performance. If it turns out to be yet another V01, then RMA it!
But if everything works out as I anticipate, go for 100% V02s, live with it, and draw a line in the sand under what has proved to be an interesting distraction. Remember I only ever set out to fix the WAP4410N & RVS4000 security bug.
It is very likely that the vendor has V02. The V01 hardware has been out of the distribution pipeline for years. If they do have V01 for some reason, they should return them to the distributor for replacement.
I am sure you are correct, and that my new WAP4410N will prove to be a V02. Very busy today, so had no time to place an order but will do so ASAP, tomorrow if I can manage it.
FYI, my single active V02 continues to exhibit zero errors after more than a day serving as my sole connection point for wireless client traffic. I will report back with my findings once the new Cisco WAP is installed and functional.
Thank you for your continued interest.
SUMMARY TO DATE
Well. Marty, I said I would follow up, so here goes.
1) The documented security bug has been fixed across all of my (3) WAP4410Ns simply by upgrading to v220.127.116.11 firmware. Now just awaiting the equivalent fix for my V01 RVS4000 Router. I do intend to move on soon to an RV320 Router probably, but that's for another day.
2) Purchased, received and installed a new WAP4410N V02 to see what happened to my Drop Receive Packet errors, which occur on my 2xV01s but not on my single V02. The new model arrived with v18.104.22.168, so I immediately installed v22.214.171.124. Did a reset to Factory Defaults, and then entered all settings manually.
First the good news... No Drop(ped) Receive Packets.
As I type this, results for my three WAP4410Ns are:-
WAP-1 (V01) up for 18 hours, 24 Drop Receive Packets
WAP-2 (my new V02) up for 3 hours, 0 errors
WAP-3 (my first V02) up for 15 hours, 0 errors.
Early signs are that a V01-to-V02 swap does cure this rather trivial but annoying problem. I will, of course, now go ahead at some point soon and replace the remaining V01, but am I there yet? Well, NO!
Let me explain...
Access to all three WAPs using Internet Explorer on PC is exactly as it should be. All settings are faithfully displayed, are as they were set to be, and can also be modified and saved. No problem.
Since heeding your advice Marty and enabling Wireless Web Access on all three WAPs, I can also now gain access and browse settings using Safari on my iPad. But...
1) When I go to Setup | Time, it fleetingly shows 'Automatically' to be checked, then flips to show 'Manually' is checked. Attempts to then return it to 'Automatically' and Save, just cause the device to go busy and hang.
2) When I open Administration | Management, SNMP 'Enabled' is checked. But I had chosen 'Disabled' when configuring the thing. If I now re-select 'Disabled' and Save, it quickly flips to 'Enabled' again. Closing Safari and revisiting the same page using IE on the PC, reveals that the settings are in fact OK. Odd behaviour, don't you think.
Now TBH, I seem to recall seeing this weird result previously, when messing around with firmware updates. To be absolutely clear about this...
Q1) Can this be fixed, Marty?
Q2) Step-by-step, what sequence should I follow during a firmware upgrade that will minimise the risk of issues like this, that could be down to spurious code not clearing properly when the RAM is flashed with a new version?
BTW, I wonder whatever happened with Michael's 10xWAP4410N issue? Michael, did you ever get a resolution?
Thanks for the detailed update, I think that others will find this helpful in the future.
Regarding Safari on the iPad, I am not surprised that some pages have errors. The devices are designed to be managed using IE, and depending on the version of IE you might see similar issues. The bottom line is: Use what works when managing devices. I have found that Chrome works well with most of my devices although some have issues and I have to use IE. This goes for several third party devices that I own as well.
I am certain that there is nothing that can be done as far as firmware upgrades, configuration, etc. I would be very surprised if device manufacturers made a concerted effort to make all devices compatible with all browsers. Customers usually do not spend that much time in the GUI to put forth the effort.
I am also curious about Michael, I would have liked to get to the bottom of his issue.
Yes, Marty, hopefully others may benefit from my experience.
I did not realise that IE is the browser of choice for the Cisco GUIs. Won't waste any more time on Safari then, but my curiosity is aroused. Never occurred to me to give Chrome a whirl. Did so a moment ago, entering http://192.168.20.203, the IP for WAP4410N-1, but it gave me no access, just a long list of search results. Have not used Chrome much, so probably not doing it correctly. Will have a go tomorrow, if I can find some time.
You are correct, of course, about GUI use being minimal once a new network device has been commissioned and configured. I'll wait for a time before I lash out to buy my 3rd V02 WAP4410N, just to be 100% sure that the latest one continues to be error-free. No rush really.
Omens are good... Drop(ped) Receive Packets...
As I type this, results for my three WAP4410Ns are:-
WAP-1 (V01) up for 1 day 3 hours, 43 Drop Receive Packets
WAP-2 (my new V02) up for 11 hours, 0 errors
WAP-3 (my first V02) up for 1 day 0 hours, 0 errors
It has been fun posting to this thread, which I seem to have hijacked from Michael. Sorry Michael. However I do appreciate the time you have devoted to my questions, Marty, and I hope it does help others.
PS: Not sure about the RV320. My RVS4000 does exactly what I need, especially regarding Static IP Mapping. Maybe once it has been flashed with the security bug fix, due soon one hopes, I will reconsider my decision to ditch it!
Hi friends !
Cisco support sent me an email with this procedure :
the following settings will improve the stability :
Setup -> Advanced. Made LAN force to 100 Mbps Full
Wireless-> Basic Setup. Channel to less interference one (after checking site survey in AP mode->Wireless WDS repeater without saving)
Wireless-> Basic Setup. Mode to BGN mixed
Wireless-> Security. Security mode to WPA2-Personal
Wireless-> Advance. Worldwide mode to disabled
Wireless-> Advance. Beacon interval to 400ms
Upgrade firmware to latest from our website ( )
NOTHING CHANGE. About 15-30 minutes all 4 ssid disappear... (and "stuck beacon error" in log...)
I stay on STABLE firmware 126.96.36.199 (with beacon interval to 500ms) and i will change all AP when i can (and i will stop with Cisco wireless products)