Before installing this firmware update, make sure one of the following Vocera products is installed:
This section includes installation instructions for the Vocera version 4.3 Firmware release. This release applies to B3000n badges only and does not apply to B1000, B2000, and B3000.
Prerequisites: Perform the following before installing Vocera Firmware 4.3:
If you do not have the standalone version of BPE, contact Vocera Customer support or open a case in the Support Portal. Once the request is processed, you will receive an email with a KB article that contains a link to download the executable file.
For specific instructions on how to configure your badge using BPE and the new 4.3 features (for example, 802.11r.k.w), refer to Vocera Badge Configuration Guide
How to install Firmware on Vocera Badges from a standalone Vocera Server
Result: The firmware is automatically downloaded to the B3000n badges after they reconnect to the Vocera Server.
How to install Firmware on Vocera Badges in a Vocera cluster
In a cluster environment, you must install the firmware on the standby server first, followed by the active server. This work flow is designed to create the smallest amount of downtime in your environment and update your badges quickly.
Result: When the Standby becomes active, and the badges connect to it and the firmware is automatically updated on the Vocera Badges.
This will initiate a fail over and cause the Standby server to become active.
How to uninstall 4.3 Firmware
This section summarizes the new features in the 4.3 release and contains all the features previously delivered in Firmware.
The 4.3.0.43 firmware update is a maintenance release that does not introduce any new features.
Enhanced Battery Statistics
B3000n badges are enhanced with the 4.3 firmware to record the serial number of a battery that is inserted into the badge. The B3000n badges will also record the number of charge cycles that an inserted battery has completed, this information will be reported to the Vocera Server in a future release.
Dynamic WLAN Profiles
This feature is intended for use in campus environments where B3000n badges may frequently be transported between locations that have different WLAN connectivity requirements. The B3000n badges store up to 4 profiles for WLAN connectivity and dynamically switch between them. Each profile may contain different WLAN connectivity parameters and permit the B3000n to operate in different WLAN environments without manual intervention. This feature also eases the transition of B3000n badges when undertaking WLAN migration.
IGMP Optimization
B3000n badges send IGMP leave / join requests more frequently when roaming. This feature will assist the convergence of Protocol Independent Multicast (PIM) tables when B3000n badges are moving during broadcast calls.
Proactive Scanning
B3000n badges scan continually during an active call to proactively determine the best candidate access point (AP). This feature will speed up the roaming decisions when a user is on an active call while moving.
Multicast Session IP on the Vocera Badge
View the current Multicast Session IP address that your badge is using in real time from the Vocera Badge Menu.
Support for 802.11r/k/w standards:
FIPS 140-2 support
FIPS 140-2 support establishes a hardware security module within the badge for the purposes of the U.S. government or other vendors that require it.
Bluetooth support
The badge firmware now provides support for Bluetooth headsets. After you pair your headset with any badge, the pairing information is saved in the Vocera User Profile on the Vocera Server, and you do not have to pair your headset again when you change badges. The Bluetooth feature is supported on Vocera Voice Server version 4.3, 4.4, and 5.x !
Speech Zone Fallback
The Speech Zone Fallback feature allows the badge orientation sensor to automatically enable a wider speech zone when the badge is not in an optimal position to pick up speech.
Easier Access to Handset mode (privacy mode)
Press and hold the Select button (the middle button in the set of three buttons along the badge) for three seconds to turn handset mode on or off. Handset mode will only be active for the duration of the call and will return to hands-free mode at the end of the call.
Updated power and transmit tables for ETSI WiFi regulations
New policies for WPA and WPA2 mixed mode operation
The Wi-Fi Alliance has mandated new policies for WPA and WPA2 mixed mode operation with regard to the use of TKIP and CCMP. This release of firmware conforms to those Wi-Fi alliance regulations on WPA/WPA2 mixed mode operation. (US8895)
Easier access to badge configuration menus
With this release there are now several methods to access the detailed badge menus in the B3000n: (US10219)
Login reminder
With this release, the B3000n will prompt an end user to log into the badge when the badge is connected to the Vocera Voice Server. The B3000n halo will periodically flash white to remind the end user that the B3000n badge is not currently logged in. (US7519)
Radio with 802.11a/b/g/n support
802.11a/n support allows the B3000n to operate in the higher 5GHz frequency range, avoiding the congestion and interference in the 2.4GHz range of 802.11b/g. The radio allows use of either or both frequencies, as desired.
Call button halo
The B3000n uses an LED-lighted Call button to indicate the status of the badge, allowing other people to see if you are in a call.
Color |
Meaning |
---|---|
Green |
On an active call |
Amber |
In DND mode or on hold |
Cycle through colors |
Off network (unable to connect to access points) |
Pink |
User is not logged into Vocera |
Orientation sensor
The B3000n badge display contains an orientation sensor that automatically inverts the text on its display when you tilt up the bottom of the badge, making it easy to read the screen. To conserve power, the display is activated only when you press buttons, use menus, or are on a call; otherwise, the display is powered off.
The following list contains fixes and improvements made this firmware release and the B3000n product.
When using a very short EAP-FAST PAC expiration value in conjunction with a Cisco ACS 5.8, in the order of minutes or hours, rather than days or weeks. The ACS 5.8 server does not explicitly expire the PAC. As a result, the B3000n may not delete the PAC correctly. Set the badge property B3N.DelPACOnExpiry to true to enable this support. This issue is resolved in this release. (B3SF-1400)
When dynamically switching a B3000n badge from a Cisco ACS server to another Cisco ACS server with the same AuthenticatorID, the Vocera B3000n device attempts to use the same PAC. With this release, the B3000 badge examines the SessionID and deletes the PAC if a different SessionID is presented. (DE15906)
The B3000n sometimes handles a check for SNR incorrectly and enters an SFS state. This release resolves that behavior. (DE13047)
The 4-way handshake can sometimes fail when using TKIP due to the Group Key arriving in a separate packet. This issue is fixed in this release. (DE15836)
When a B3000n badge is forced to use the AES cipher instead of the RC4 cipher with EAP-FAST to interoperate with ISE 2.0 (and later) and ACS 5.4 (and later), the AES key is calculated incorrectly. To force the use of AES, use the badge property B3N.UseAESCipher true. This release resolves the key calculation error. (DE14746)
Cisco ACS 5.8 sends error code 40 instead of error code 42 during EAP-FAST authentication if the PAC has expired. This release adds support for both error code 40 and 42. (DE15778)
Mitigation for KRACKS WPA2 Re-Key installation vulnerability. (DE15776)
There is a flaw in WPA2 protocol through which an attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). The attack is against the 4-way handshake of the WPA2 protocol. In a key reinstallation attack, the adversary tricks a victim into reinstalling an already-in-use key by sending the client message 3-multiple times.
CVE identifiers are as below:
CVE-2017-13077: Reinstallation of the pairwise encryption key (PTK-TK) in the 4-way handshake. CVE-2017-13078: Reinstallation of the group key (GTK) in the 4-way handshake. CVE-2017-13079: Reinstallation of the integrity group key (IGTK) in the 4-way handshake. CVE-2017-13080: Reinstallation of the group key (GTK) in the group key handshake. CVE-2017-13081: Reinstallation of the integrity group key (IGTK) in the group key handshake. CVE-2017-13082: Accepting a retransmitted Fast BSS Transition (FT) Reassociation Request and reinstalling the pairwise encryption key (PTK-TK) while processing it.
This issue is fixed in this release.
When roaming between different vendor's access points with 802.11r enabled, the B3000n badge becomes deauthorized. This issue has been addressed. (DE6797).
The B3000n may fail PEAP authentication with Cisco ACS when an unexpected MSCHAPv2 challenge packet type is received. With this fix, B3000n authenticates successfully. (DE10950)
The B3000n no longer reports “Address already in use” when roaming during a broadcast call while in transmit mode. This issue has been addressed. (US18730)
Audio artifacts may be heard when releasing the volume buttons if connected to a Bluetooth headset. Audio artifacts are no longer heard. (DE8148)
When the B3000n is connected to a Bluetooth headset, occasionally button press events are missed. Button presses are no longer missed. (DE8883)
Setting the badge property B3N.HandsetMode to false, is ignored where the B3000n badge indefinitely attempts to connect to a Bluetooth headset and displays the message “Connecting ...”. This issue has been addressed. (DE11340)
The following list contains known issues in this firmware release and the B3000n product.
The following list provides information about known product issues:
In environments where 802.11n packet aggregation is deployed, keep alive messages between a badge and server may be lost triggering a badge to enter a Searching For Server (SFS) state. Workaround: Increase the receive window size on the badge. (B3SF-1398)
In environments where 802.11ac Wave2 access points are deployed, badges may intermittently enter a Searching For Server (SFS) state when negotiating BSS data rates. The badge will recover when it roams to a new access point. (B3SF-1409)
On rare occasions when 802.11k and 802.11r are enabled together, a timing error in the scan and roam operation causes the B3000n badge to fail the fast transitioning (FT) roam. Workaround: Disable 802.11k. This issue will be resolved in a future release. (DE13047)
When proactive scanning is enabled, the improved scanning performance may have a small impact on battery lifetime. Workaround: If this is found to impact the end user experience, proactive scanning can be disabled through a badge property. Contact Vocera Customer Support for instructions. (DE13534)
On rare occasions the Cisco Wireless LAN Controller sends a deauthorization command to the badge with message type 3, reason code 7. Workaround: This problem is believed to be an error with the Cisco FT implementation which is under investigation by Cisco through defect CSCvd96678. Contact Vocera Customer Support for more information. (DE13062)
Additional WLAN profiles created through the BPE, beyond the default Wireless profile, cannot not encrypt the credentials for PSK or WEP authentication types. Workaround: This is a limitation of the initial release of this BPE and will be resolved in a future release. (DE13475)
If Bluetooth is enabled in a WLAN profile and a different WLAN profile without Bluetooth is invoked, the B3000n may assert. Workaround: Ensure that the WLAN profile being invoked is Bluetooth enabled. (DE10790)
During proactive scanning if a B3000n badge determines the current AP is the best candidate then receives a beacon from that AP, the B3000n may assert. Workaround: There is no workaround at this time. (DE11019)
If a user is in an active call with a wired headset and removes the wired headset, the call may not switch to the Bluetooth headset. Workaround: Manually reconnect the Bluetooth headset. (DE11169)
On rare occasions with a very low battery, the B3000n badge may shutdown ungracefully and will not write log files. Workaround: There is no workaround at this time. (DE11472)
When using a Bluetooth headset, on calls over 10 minutes in length, on rare occasions the B3000n may assert. Workaround: There is no workaround at this time. (DE11541)
The following list provides information about known product issues:
Under certain circumstances in a wirlesss environment with 802.11w enabled, a B3000n badge does not complete the DHCP transaction and loops in a request for the IP address. (DE5112)
B3000n badges assert if Bluetooth has been previously enabled and the user logs into a smartphone running Vocera Collaborations Suite. (DE6268)
The following list provides information about known product issues:
If an incoming call is received while the badge is scanning for a Bluetooth headset, the call may not connect. (DE7945)
If a wired headset is removed while a badge is first booting up, the badge may not detect that the headset has been removed. (DE9062)
Pressing the select button for 4 seconds while in Bluetooth menus does not return the badge to the home screen. (DE8563)
While the badge is scanning in a low SNR area, connecting and disconnecting a Bluetooth headset may interrupt the scanning. (DE8425)
In rare circumstances, the badge cannot connect to a Bluetooth headset when the command is issued. Resolve this issue by disabling then re-enabling Bluetooth on the badge (DE8648)
The following list provides information about known product issues in the 4.0.2 code branch:
If the BCU computer is set to a date prior to 1 April 2011, the badge will not download a configuration from it. Workaround: Set the BCU computer to the current date/time. (23661)
Pressing the Call button may result in a mild "popping" sound from the badge speaker.
The sound occurs just before the beginning of the chime, after the Call button is pressed. (22902)
Using the badge in handset mode results in excessive background noise.
The background noise may be as much as 3-4dB higher than the B3000. (21988)
The badge wakes up too slowly from its low power "sleeping" state.
The initial audio may be lost while the badge transitions from sleep. Workaround: pause 1-2 seconds before initiating conversation. (21944)
When using Opportunistic Key Caching (OKC), the B3000n may not roam optimally, possibly resulting in audio gaps during a call.
Roaming will be optimized in a future firmware release. (23086, 23261)
The badge does not fully support 802.11n HT protection mechanisms. Support will be provided in a future firmware release. (21441)
If you are using UAPSD, the badge may restart while scanning wireless channels, resulting in a dropped call.
Enabling Active Power Save can result in the badge using less power during calls, but it also increases the likelihood that the badge will encounter an error and restart. To enable Active Power Save, set the following property in the badge.properties file: B3N.EnableActiveRadioPowerSave true (22395)