Cisco Champion 2018

The Cisco Champions for 2018 have been announced and I am honored and proud to be able to announce that I have been selected. A special thanks goes to Pieter-Jan Nefkens (Twitter: @pjnef) for supporting and nominating me for this program.

What actually is a ‘Cisco Champion’? Several vendors have a global advocacy programs. For example the VMware vExpert and the Microsoft MVP programs. Well, for Cisco this is the Champion program.

But what defines a Champion? Well, Cisco Champions make a difference by:

  • Sharing experiences on Cisco products and services
  • Active in social communities such as Twitter, blogs or the Cisco Community sites
  • Contribute and share knowledge with the community others witch their questions

Cisco’s website describes it as follows:

Cisco Champions are passionate experts who share their perspectives with the community.

This designation comes with responsibilities. It is not a title you earn and then rest on your laurels. The exposure gives you the opportunity to help Cisco forward in areas which might need more attention and improvement. You can also help the community with challenges they are experiencing in day to day operations.

So I am proud of my designation as a Cisco Champion and will try to work even harder to deserve this title and help Cisco and the IT community wherever possible.

My expertise is primarily in Security and Wireless. So if you have any questions, don’t hesitate to ask. I will not always know the answer, but with the excellent Cisco Champion community behind me I am sure we will be able to help.

 

More information about the program can be found at https://communities.cisco.com/groups/cisco-champions

 

Protected Management Frames (PMF)

Protected Management Frames (PMF) is described in the IEEE 802.11w-209 amendment. PMF increases security by providing data confidentiality of management frames, mechanisms that enable data integrity, data origin authenticity, and replay protection.

This protection applies only to Robust Security Networks (RSN) and just to a subset of the management frames. The frames which are required before and during the 4-way handshake are not protected. Therefore the protection is limited to the following frames:

  • Channel Switch Announcement
  • De-authentication
  • Disassociation
  • Robust Action
    • Block ACK Request / Response
    • Fast BSS Transition
    • QoS Admission Control
    • Radio Measurement
    • Spectrum Management

Another limitation is the support of this amendment on the wireless clients. The Wi-Fi Alliance (WFA) interoperability certification program requires support for PMF. However, this requirement applies only when certifying for 802.11ac. This means that there are a lot of devices which do not support PMF.

When you decide to enable PMF on your wireless network, beware of the consequences. You could potentially prevent a lot of clients from your connecting to your network. Unless you are in full control of the clients on your network and know if 802.11w is supported, my recommendation would be to disable PMF.

There are other options, such as enabling PMF as optional instead of disabled or mandatory, but I am not sure if all clients support this.

The 802.11w-2009 amendment has been superseded by the 802.11-2012 standard.