Increased protection to avoid an assert

Added increased protection to the B3000 badge to avoid an assert if an unrecognized signal is received from the Voice Server.

Periodic date and time stamp in badge logs

To assist in the reading of badge logs the B3000 writes the date and time to the badge logs every 5 minutes. If there is a need to provide a more frequent writing of the date and time stamps the badge property B3.PeriodicDateAndTimeLogMS can be used to change the default time, with the duration set in milliseconds.

Enhanced Battery Statistics

B3000 badges are enhanced with the 3.1.3.13 firmware to record the serial number of a battery that is inserted into the badge. The B3000 badges will also record the number of charge cycles that an inserted battery has completed, this information will be reported to the Vocera Server in a future release.

IGMP Optimization

B3000 badges send IGMP leave or join requests more frequently when roaming. 

Last known date and time stamp

The last known date and time in the B3000 is now updated every 900 seconds. This value is read when the badge first boots, the increased frequency of the time stamp assists with security certificate integrity during initial authentication.

Interoperability enhancements

During interoperability testing with Cisco ACS, sometimes a CHAP challenge packet is received at the incorrect stage during the authentication transaction (Phase 2 instead of Phase 4). Vocera B3000 badges would originally discard the challenge packet when received during the incorrect phase, but in this release of firmware the B3000 will no longer discard the challenge packet. )

Multicast Session IP on the Vocera Badge

View the current Multicast Session IP address that your badge is using in real time from the Vocera Badge Menu.

Encryption support

Cisco ISE 2.0 does not support lower encryption method such as RC4 when PEAP or EAP TLS authentication methods. The AES cipher is now included in the client hello packet instead of RC4 in Non-FIPS mode. The B3000 badge can use AES advertise in client hello packet by enabling the badge property B3.UseAESCipher as true.

Easier access to handset mode (privacy mode). Press and hold the Select button (the middle button in the set of three buttons along the badge) for three seconds to turn handset mode on or off.

Enhanced badge and battery error detection. The badge now checks for additional error conditions, including situations in which you should take either the badge or battery out of service, and plays a message instructing you if you need to take an action.

Enhanced roaming performance. Roaming no longer results in a de-authentication event if the badge fails to associate with the new access point for any reason. If the badge fails to associate with the new AP, it remains connected to the current AP and starts scanning.

When users boot the badge, they are asked if they want to log in.

Logging enhancements help enable Vocera to troubleshoot badge events that occur at customer sites.

• ARP request/response logging is now recorded in log.txt.
• The badge now logs additional information about the reason for disconnections, such as disassociation, de-authentication, and link loss.
• The badge now logs additional debug information for events that cause a reboot.

Enabling WMM no longer requires you to enable U-APSD. Prior to this release, the B3000 firmware required you to enable U-APSD if you wanted to use WMM. This limitation no longer exists.

The average VOS score (one metric of audio quality) is now captured more frequently. Prior to this release, the average VOS score was calculated for every call. It is now calculated every 5 seconds.

Easier access to the badge configuration menu. The configuration menu is still hidden to prevent badge users from inadvertently accessing it, yet easier for administrators to display (consistently with B3000n behavior).

The following steps allow you to access the badge configuration menu:

1. Remove the battery from the badge, then insert it again.

   The screen displays the word vocera.

2. Press and hold both the Hold/DND button (the button on top of the badge) and also the Call button (the large button on front of the badge).

   When the badge boots, the screen displays the following top-level configuration menu.

Increment in the server version signal. Vocera Voice Server 5.2.3 introduces an increment in the server version signal. Badges with earlier firmware versions do not support the new signal and may perform a foreground firmware update when you upgrade the server. To avoid the foreground update, you can stage the new firmware on your existing server before you upgrade. Badges will perform a background firmware update and will then be ready for your server upgrade. For more information on this workaround, contact Vocera Technical Support. (US30402)

B3000 badge asserts during voice commands. The badge no longer asserts while deleting text messages using voice commands. (DE7670)

Deployment date for smart battery in the badge log is fixed from dd-mm-yy formant to mm-dd-yy format. (DE7804)

An error occurs when using a short EAP-FAST PAC expiration value in conjunction with a Cisco ACS 5.8, in the order of minutes or hours, rather than days or weeks. The ACS 5.8 server does not explicitly expire the PAC. As a result the B3000 may not delete the PAC correctly. Set the badge property B3.DelPACOnExpiry to true in order to enable this support. This issue is resolved in this release. (B3SF-1400)

When dynamically switching a B3000 badge from a Cisco ACS server to another Cisco ACS server with the same AuthenticatorID, the Vocera B3000 device attempts to use the same PAC. With this release, the B3000 badge examines the SessionID and deletes the PAC if a different SessionID is presented. (DE15906)

The Four Way Handshake can sometimes fail when using TKIP due to the Group Key arriving in a separate packet. This issue is fixed in this release. (DE15836)

When a B3000 badge is forced to use the AES cipher instead of the RC4 cipher with EAP-FAST in order to interoperate with ISE 2.0 (and later) and ACS 5.4 (and later), the AES key is calculated incorrectly. To force the use of AES, set the badge property B3.UseAESCipher to true. This release resolves the key calculation error. (DE14746)

Cisco ACS 5.8 sends error code 40 instead of error code 42 during EAP-FAST authentication if the PAC has expired. This release adds support for both error code 40 and 42. (DE15778)

Mitigation for KRACKS WPA2 Re-Key installation vulnerability. The vulnerability is no longer an issue . (DE15776, DE15836)

There is a flaw in WPA2 protocol through which an attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). The attack is against the 4-way handshake of the WPA2 protocol. In a key reinstallation attack, the adversary tricks a victim into reinstalling an already-in-use key by sending the client message 3 multiple times.

CVE identifiers are as below:

CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake.
CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake.
CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake.
CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake.
CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake.
CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.

This issue is fixed in this release.

When the badge moves out of range, it now correctly alerts the user. This feature was not working in earlier versions of firmware. (US11528)

The B3000 no longer asserts if it receives 20 text messages with maximum allowed subject and message body length. (DE4425)

The B3000 no longer plays the login prompt when the user is already logged in. This situation occurred sometimes when the user had 20 unread text messages. (DE3441)

Log file lines in the B3000 no longer become out of order when the B3000 is upgrading. (DE7226)

When APSD is disabled, the B3000 no longer indicates that APSD is enabled when it associates. (DE3070)

The badge no longer generates a low SNR event when the SNR is good. (DE196)

The badge no longer incorrectly deletes text messages upon receipt of a long text message (a message with 256 or more characters). (DE4899)

Badge can occasionally stop communicating for a few seconds. This loss of communication was frequently noticeable by the badge asserting, searching for the server, or searching for an access point. This communication issue has been resolved. (18280)

In a Ruckus wireless environment, the badge occasionally disassociates with an AP every 6-7 seconds and then reassociates. This looping association behavior no longer occurs. (24217)

While roaming in some situations, the TX power control is not set appropriately for the intended operating channel. This situation occurred because the channel information for the targeted AP was not stored while roaming. It has now been resolved. (20364)

Badge sends management packets at AP's basic rate before association.

When the badge roams off network (for example, by stepping into an elevator or a low coverage area), the badge waits too long to scan again for an AP. The badge was waiting 12 seconds to initiate scanning for a new AP. The badge now scans at a more appropriate interval. (24809)

The badge occasionally shows a high VOS score (one metric of audio quality) even at times when packet loss is high. The VOS average was inappropriately calculated only once per call, and is now calculated more frequently. The resulting VOS score is more representative. (20328)

When debug statistics are enabled and a background update is in process, the badge could lose its connection to the server. This situation no longer occurs. (24853)

Badges do not alternate between the servers in a cluster setup when the active server is stopped and the Call button is pressed. This situation no longer occurs. (24854)

Advanced logging file name length increased to accommodate four-digit firmware version numbers. The erbin log filename is automatically generated, based in part on the number of the firmware version. The possible filename length has been increased to accommodate four-digit firmware version numbers. (24803)

When the badge is in handset mode, audio for a conference call sometimes is played at the volume setting for speaker mode. This situation no longer occurs. (23769)