Wednesday, August 10, 2011

Cisco Sunsets 1250 Series Wireless APs and the CSSC Supplicant

The Nasty Smell of a Cisco 1250 Series AP
Ah, the smell of dying product. It's quite distinct, as "once promising" products that were shiny and new not that long ago are quietly sent off to into the sunset, never to ship again. It's a fond time to look back and remember all the marketing material and product hype that pre-sales teams attempted to sell to customers. While some products hold true to their hype and live a long healthy lifespan, others, well... just don't quite ever live up to the expectations and the benefits never quite materialize.

The end of sale / end of life announcements for the Cisco 1250 series APs (Aug. 1, 2011) and Cisco Secure Services Client (CSSC) (July 30, 2011) are examples of the latter; products that never quite fulfilled the vision they were sent out to market with.

The 1250 series APs were released in early 2008 prior to the official ratification of the IEEE 802.11n amendment. At that time, the Wi-Fi Alliance was already certifying 802.11n Draft 2.0 equipment but fear remained (to a certain extent) in the industry around compatibility with the final ratified standard. To that end, Cisco released the 1250 series as a modular dual-radio 11n AP that offered field-upgradability by customers should the final standard prove to be incompatible. Those fears were largely unfounded, as the final amendment was released in Sep. 2009 and proved to be fully backwards compatible.

While the 1250 series excelled as a rugged business-class 802.11n access point providing MIMO, high throughput data rates, better signal quality, and flexible antenna options, it failed spectacularly in product vision. The need for modular hardware never materialized, and Cisco never released upgraded radios as there was never a need to do so. Additionally, product design choices required additional investment by customers to realize the full capabilities of the device. First, higher power draw of 18.5W is required in order to support both radios operating with two spatial streams. Customers without a Cisco proprietary POE+ switch were forced to make a trade-off: power the APs using power injectors or a local power supply, or operate without full 11n MIMO capabilities. Second, the product weighed in at a very hefty 5.1 pounds which created a safety risk if not installed and mounted with proper strain relief. This further increased solution expense for customers requiring additional parts, time, and labor to properly install this husky AP.

The final nail in the coffin came with the removal of the 1250 series from the CCIE Wireless version 2.0 blueprints this past May.

The Cisco Secure Services Client (CSSC) was born out of the 2006 acquisition of security vendor Meetinghouse and their AAA software product line, which included the Aegis SecureConnect wireless supplicant. This was in direct response to Juniper's acquisition of Funk and their Odyssey client package, which was at the time the Cisco recommended solution for clients.

The CSSC client was late to market and wasn't formally unveiled until 2007, but by then the market had matured and customers had found adequate alternatives elsewhere. This was Cisco's first attempt at a unifed software package to provide an 802.1X authentication framework for both wired and wireless networks, as well as VPN connectivity.

However, CSSC never took hold with customers and made minimal market impact. The software was burdened with poor end-user usability and difficult administration and maintenance, requiring administrators to use a separate management utility to pre-define configurations, create packages, and bundle license keys for enterprise deployments. In addition, 802.1X timer settings within the software often caused usability and support issues post deployment if administrators were not careful to modify default values. Common problems included the pre-mature failover to secondary or subsequent network profiles if authentication and DHCP did not complete within default strict timer settings.

The CSSC Was Not Particularly "User-Friendly"

So, it's long past due that Cisco sunset these products, retire them to pasture, and move forward with alternative solutions. The emergence of the ruggedized Cisco 1260 series APs and the Cisco AnyConnect client have superseded the need for these products. The quality of native operating system supplicants within Windows 7 and Mac OS X also obviate the need for 3rd party supplicants to a large extent.

I bid adieu, willingly and gratefully!



  1. Isnt 1260 indoor-only? At least that's how Cisco positions them..

  2. Yes, the 1260 series is an indoor rugged access point, meaning that it is plenum-rated, had a broader operating temperature, and has external antenna connectors so it can be mounted in difficult areas.

    See the Cisco Aironet 1260 Series product page.