Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 7.4.121.0
Cisco Wireless LAN Controller and Access Point Platforms
Supported Cisco Wireless LAN Controller Platforms
Supported Access Point Platforms
Unsupported Cisco Wireless LAN Controller Platforms
Software Release Support for Access Points
Upgrading to Controller Software Release 7.4.121.0
Upgrading to Controller Software Release 7.4.121.0 (GUI)
Special Notes for Licensed Data Payload Encryption on Cisco Wireless LAN Controllers
Downloading and Installing a DTLS License for an LDPE Controller
Upgrading from an LDPE to a Non-LDPE Controller
Interoperability With Other Clients in 7.4.121.0
Features Not Supported on Controller Platforms
Features Not Supported on Cisco 2500 Series Controllers
Features Not Supported on WiSM2 and Cisco 5500 Series Controllers
Features Not Supported on Cisco Flex 7500 Controllers
Features Not Supported on Cisco 8500 Controllers
Features Not Supported on Cisco Wireless Controller on Cisco Services-Ready Engine
Features Not Supported on Cisco Virtual Wireless Controllers
Features Not Supported on Mesh Networks
FCC Safety Compliance Statement
Obtaining Documentation and Submitting a Service Request
First Published: December 2013
These release notes describe what is new in this release, instructions to upgrade to this release, and open and resolved caveats for this release.
Note Unless otherwise noted, all of the Cisco Wireless LAN controllers are referred to as controllers, and all of the Cisco lightweight access points are referred to as access points or APs.
These release notes contain the following sections:
This section contains the following subsections:
The following Cisco WLC platforms are supported in this release:
The following access point platforms are supported in this release:
http://www.cisco.com/en/US/prod/collateral/routers/ps380/data_sheet_c78_461543.html
http://www.cisco.com/en/US/prod/collateral/routers/ps380/data_sheet_c78_459542_ps380_Products_Data_Sheet.html
http://www.cisco.com/en/US/prod/collateral/routers/ps380/data_sheet_c78-613481.html
http://www.cisco.com/en/US/prod/collateral/routers/ps380/ps10082/data_sheet_c78_498096.html
http://www.cisco.com/en/US/prod/collateral/routers/ps380/ps10082/data_sheet_c78-682548.html
http://www.cisco.com/en/US/prod/collateral/routers/ps380/data_sheet_c78-519930.html
Note The AP802 is an integrated access point on the Next Generation Cisco 880 Series ISRs.
Note Before you use an AP802 series lightweight access point with controller software release 7.4.121.0, you must upgrade the software in the Next Generation Cisco 880 Series ISRs to Cisco IOS 151-4.M or later releases.
There are no new features or enhancements in this release. For more information about the updates in this release, see the Caveats section.
Table 1 lists the controller software releases that support specific Cisco access points. The First Support column lists the earliest controller software release that supports the access point. For access points that are not supported in ongoing releases, the Last Support column lists the last release that supports the access point.
Note The Cisco 3600 Access Point was introduced in 7.1.91.0. If your network deployment uses Cisco 3600 Access Points with release 7.1.91.0, we highly recommend that you upgrade to 7.2.103.0 or a later release. |
|||
-A and N: 4.1.190.1 or 5.2 or later1 |
|||
If LAG is enabled on the Cisco 2500 Series Controller and the controller is downgraded to a non-LAG aware release, the port information is lost and it requires manual recovery.
Note Bootloader upgrade is not required if FIPS is disabled.
– Ensure that your TFTP server supports files that are larger than the size of the controller software release 7.4.121.0. Some TFTP servers that support files of this size are tftpd32 and the TFTP server within the Prime Infrastructure. If you attempt to download the 7.4.121.0 controller software and your TFTP server does not support files of this size, the following error message appears: “TFTP failure while storing in flash.”
– If you are upgrading through the distribution system network port, the TFTP or FTP server can be on the same or a different subnet because the distribution system port is routable.
Bootloader Menu for 5500 Series Controllers:
Bootloader Menu for Other Controller Platforms:
Enter 1 to run the current software, enter 2 to run the previous software, enter 4 (on a 5500 series controller), or enter 5 (on another controller platform) to run the current software and set the controller configuration to factory defaults. Do not choose the other options unless directed to do so.
Note See the Installation Guide or the Quick Start Guide for your controller for more details on running the bootup script and power-on self-test.
With the backup image stored before rebooting, be sure to choose Option 2: Run Backup Image from the boot menu to boot from the backup image. Then, upgrade with a known working image and reboot the controller.
config network ap-discovery nat-ip-only { enable | disable }
– enable — Enables use of NAT IP only in a discovery response. This is the default. Use this command if all APs are outside of the NAT gateway.
– disable —Enables use of both NAT IP and non-NAT IP in a discovery response. Use this command if APs are on the inside and outside of the NAT gateway; for example, Local Mode and OfficeExtend APs are on the same controller.
Note To avoid stranding APs, you must disable AP link latency (if enabled) before you use the disable option for the config network ap-discovery nat-ip-only command. To disable AP link latency, use the config ap link-latency disable all command.
– You can predownload the AP image.
– For FlexConnect access points, use the FlexConnect AP upgrade feature to reduce traffic between the controller and the AP (main site and the branch). For more information about the FlexConnect AP upgrade feature, see the Cisco Wireless LAN Controller FlexConnect Configuration Guide.
Note Predownloading a 7.4.121.0 version on a Cisco Aironet 1240 access point is not supported when upgrading from a previous controller release. If predownloading is attempted to a Cisco Aironet 1240 access point, an AP disconnect will occur momentarily.
– Delete all WLANs that are mapped to interface groups and create new ones.
– Ensure that all WLANs are mapped to interfaces rather than interface groups.
– Enable or disable link aggregation (LAG)
– Enable a feature that is dependent on certificates (such as HTTPS and web authentication)
– Add a new license or modify an existing license
– Increase the priority for a license
– Install vendor device certificate
– Install Web Authentication certificate
Step 1 Upload your controller configuration files to a server to back them up.
Note We highly recommend that you back up your controller’s configuration files prior to upgrading the controller software.
Step 2 Follow these steps to obtain the 7.4.121.0 controller software:
a. Click this URL to go to the Software Center:
https://software.cisco.com/download/navigator.html
b. Choose Wireless from the center selection window.
c. Click Wireless LAN Controllers.
The following options are available:
– Integrated Controllers and Controller Modules
d. Depending on your controller platform, click one of the above options.
e. Click the controller model number or name. The Download Software page is displayed.
f. Click a controller software release. The software releases are labeled as follows to help you determine which release to download:
g. Click a software release number.
h. Click the filename ( filename.aes).
j. Read Cisco’s End User Software License Agreement and then click Agree.
k. Save the file to your hard drive.
l. Repeat steps a. through k. to download the remaining file.
Step 3 Copy the controller software file ( filename.aes) to the default directory on your TFTP, FTP, or SFTP server.
Step 4 (Optional) Disable the controller 802.11a/n and 802.11b/g/n networks.
Note For busy networks, controllers on high utilization, or small controller platforms, we recommend that you disable the 802.11a/n and 802.11b/g/n networks as a precautionary measure.
Step 5 Choose Commands > Download File to open the Download File to Controller page.
Step 6 From the File Type drop-down list, choose Code.
Step 7 From the Transfer Mode drop-down list, choose TFTP, FTP, or SFTP.
Step 8 In the IP Address text box, enter the IP address of the TFTP, FTP, or SFTP server.
Step 9 If you are using a TFTP server, the default values of 10 retries for the Maximum Retries text field, and 6 seconds for the Timeout text field should work correctly without any adjustment. However, you can change these values if desired. To do so, enter the maximum number of times that the TFTP server attempts to download the software in the Maximum Retries text box and the amount of time (in seconds) that the TFTP server attempts to download the software in the Timeout text box.
Step 10 In the File Path text box, enter the directory path of the software.
Step 11 In the File Name text box, enter the name of the software file ( filename.aes).
Step 12 If you are using an FTP server, follow these steps:
a. In the Server Login Username text box, enter the username to log on to the FTP server.
b. In the Server Login Password text box, enter the password to log on to the FTP server.
c. In the Server Port Number text box, enter the port number on the FTP server through which the download occurs. The default value is 21.
Step 13 Click Download to download the software to the controller. A message appears indicating the status of the download.
Step 14 After the download is complete, click Reboot.
Step 15 If prompted to save your changes, click Save and Reboot.
Step 16 Click OK to confirm your decision to reboot the controller.
Step 17 For Cisco WiSM2 on the Catalyst switch, check the port channel and reenable the port channel if necessary.
Step 18 If you have disabled the 802.11a/n and 802.11b/g/n networks in (Optional) Disable the controller 802.11a/n and 802.11b/g/n networks., reenable them.
Step 19 To verify that the 7.4.121.0 controller software is installed on your controller, click Monitor on the controller GUI and look at the Software Version field under Controller Summary.
Datagram Transport Layer Security (DTLS) is required for all Cisco 600 Series OfficeExtend Access Point deployments to encrypt data plane traffic between the APs and the controller. You can purchase Cisco Wireless LAN Controllers with either DTLS that is enabled (non-LDPE) or disabled (LDPE). If DTLS is disabled, you must install a DTLS license to enable DTLS encryption. The DTLS license is available for download on Cisco.com.
Important Note for Customers in Russia
If you plan to install a Cisco Wireless LAN Controller in Russia, you must get a Paper PAK, and not download the license from Cisco.com. The DTLS Paper PAK license is for customers who purchase a controller with DTLS that is disabled due to import restrictions but have authorization from local regulators to add DTLS support after the initial purchase. Consult your local government regulations to ensure that DTLS encryption is permitted.
Note Paper PAKs and electronic licenses available are outlined in the respective controller datasheets.
Step 1 Download the Cisco DTLS license.
a. Go to the Cisco Software Center at this URL:
https://tools.cisco.com/SWIFT/LicensingUI/Home
b. On the Product License Registration page, choose Get New > IPS, Crypto, Other Licenses.
c. Under Wireless, choose Cisco Wireless Controllers (2500/5500/7500/8500/WiSM2) DTLS License.
d. Complete the remaining steps to generate the license file. The license file information will be sent to you in an e-mail.
Step 2 Copy the license file to your TFTP server.
Step 3 Install the DTLS license. You can install the license either by using the controller web GUI interface or the CLI:
Management > Software Activation > Commands > Action : Install License
license install tftp ://ipaddress /path /extracted-file
After the installation of the DTLS license, reboot the system. Ensure that the DTLS license that is installed is active.
Step 1 Download the non-LDPE software release:
a. Go to the Cisco Software Center at this URL:
http://www.cisco.com/cisco/software/navigator.html?mdfid=282585015&i=rm
b. Choose the controller model from the right selection box.
c. Click Wireless LAN Controller Software.
d. From the left navigation pane, click the software release number for which you want to install the non-LDPE software.
e. Choose the non-LDPE software release: AIR-X-K9-X-X.X.aes
g. Read Cisco’s End User Software License Agreement and then click Agree.
h. Save the file to your hard drive.
Step 2 Copy the controller software file ( filename.aes) to the default directory on your TFTP or FTP server.
Step 3 Upgrade the controller with this version by following the instructions from Copy the controller software file ( filename.aes) to the default directory on your TFTP, FTP, or SFTP server. through To verify that the 7.4.121.0 controller software is installed on your controller, click Monitor on the controller GUI and look at the Software Version field under Controller Summary. detailed in the “Upgrading to Controller Software Release 7.4.121.0” section.
This section describes the interoperability of the version of controller software with other client devices.
Table 3 describes the configuration used for testing the clients.
Open, WEP, PSK (WPA and WPA2), 802.1X (WPA-TKIP and WPA2-AES) (LEAP, PEAP, EAP-FAST, EAP-TLS) |
|
Connectivity, traffic, and roaming between two access points |
Table 4 lists the client types on which the tests were conducted. The clients included laptops, handheld devices, phones, and printers.
This section lists the features that are not supported in the following platforms:
Note The features that are not supported on Cisco WiSM2 and Cisco 5500 Series Controllers are also not supported on Cisco 2500 Series Controllers.
Note Directly connected APs are supported only in Local mode.
Note You can replicate this functionality on a 5500 series controller by creating an open WLAN using an ACL.
Note For Cisco 7500 Series controllers, it is not necessary to configure an AP-manager interface. The management interface acts like an AP-manager interface by default, and the access points can join on this interface.
Note IPv6 client bridging and Router Advertisement Guard are supported.
Note An AP associated with the controller in local mode should be converted to FlexConnect mode or Monitor mode, either manually or by enabling the autoconvert feature. On the Flex 7500 controller CLI, enable the autoconvert feature by entering the config ap autoconvert enable command.
Note FlexConnect local switched multicast traffic is bridged transparently for both wired and wireless on the same VLAN. FlexConnect access points do not limit traffic that is based on IGMP or MLD snooping.
Note FlexConnect local switched multicast traffic is bridged transparently for both wired and wireless on the same VLAN. FlexConnect access points do not limit traffic that is based on IGMP or MLD snooping.
Note Outdoor AP in FlexConnect mode is supported.
The following sections lists Open Caveats and Resolved Caveats for Cisco controllers and lightweight access points for version 7.4.121.0. For your convenience in locating caveats in Cisco’s Bug Toolkit, the caveat titles listed in this section are drawn directly from the Bug Toolkit database. These caveat titles are not intended to be read as complete sentences because the title field length is limited. In the caveat titles, some truncation of wording or punctuation might be necessary to provide the most complete and concise description. The only modifications made to these titles are as follows:
If you need information about a specific caveat that does not appear in these release notes, you can use the Cisco Bug Toolkit to find caveats of any severity. Click this URL to browse to the Bug Toolkit:
https://tools.cisco.com/bugsearch/search
Table 5 lists the open caveats in this release.
Symptom : Controller fails when the management user form post is manipulated. |
|
Symptom : Controllers using Release 4.2.130.181M (Mesh) crash with Task Name: reaperWatcher. Conditions : Multiple WiSM controllers use Release 4.2.130.181M and have many Cisco Aironet 1510 Lightweight Outdoor Mesh Access Points associated to them. 1. To disable the dynamic CAC tree updates, enter this command: 2. To enable the dynamic CAC tree updates, enter this command: |
|
Symptom : The following messages appear on Cisco WiSM2s: |
|
Symptom : Mismatch between the association counters of controller and access point. Conditions : 802.11 authentication frames are sent sometimes on different WLANs and are not followed by association frames. 1. Client 1 associates to the controller with AID =1 on SSID x. 2. Client 1 sends 802.11 Auth frame on SSID y and AID = 1 is disassociated at the access point. Auth frames are not honored at the controller, so controller is not informed. 3. No association frame arrives from client 1 at ssid 2. 4. Client 2 associates to the access point and gets AID = 1. 5. Access point updates the controller about client 2 and AID =1. 6. Controller adds duplicate entries and increments the count (controller already has client 1 AID =1). |
|
Symptom : Unable to see CDP neighbor details of Cisco 1242, 1142 and 3500 series access points using the controller. Conditions : Controllers using Release 7.0.116.0. Access points are rebooted after a power outage, newly installed, or moved from one campus to another. |
|
Symptom : Controller crashes when SXP parameters like default password are updated or SXP is disabled/enabled. Conditions : Reboot with a version 1 SXP connection. Workaround : Delete the version 1 SXP connection before you change any SXP settings. |
|
Symptom : Access point does not forward multicast data and IGMP query messages. Conditions : Reload of an access point. Workaround : Shutdown the interface to the WLAN and bring it up again. |
|
Symptom : VLAN transparency enabled on Release 7.2 does not pass VLAN tags. Span at endpoints shows all frames are placed on the native VLAN. Conditions : VLAN transparency is enabled. Workaround : Disable VLAN transparency and set the MAP Ethernet port as trunk. |
|
Symptom : Cisco Aironet 3500 Series Access Point gets DFS events when the DFS channel associates with a Cisco 7925 IP phone. Frequency of DFS events is higher on weekday and business hours. |
|
Symptom : Local mode access points associated to controller lose their configuration and get reset to factory defaults. Conditions : Cisco 3602 Access point and Cisco 5500 Series Wireless LAN Controller using Release 7.2.103.0. Local mode access point loses power. |
|
Symptom : Controller stops working while using Release 7.3.101.0. |
|
Symptom : Wireless WebAuth clients are unable to authenticate to the network. A blank window appears when the client opens a browser window. When you use the debug web-auth redirect command, the following messages appear: Conditions : HTTP GET from the client arrives at the controller in multiple TCP segments. Workaround : Reconfigure your network and the client’s TCP/IP stack to ensure that the HTTP GET arrives in a single segment. An example of a client software that introduces TCP segmentation is AnyConnect Web Security 3.0.3054. |
|
Symptom : Client sends TCP SYN to a multicast MAC for its gateway and the controller does not send a TCP SYN ACK back. As the TCP handshake is not complete, the client never generates HTTP traffic and is never redirected. Traffic arrives at foreign controller and goes to anchor controller. Anchor controller drops the TCP SYN messages. Conditions : Foreign and anchor controller perform Central Web Authentication (CWA). Client has multicast MAC address for its gateway. Gateway of the client has a load-balanced or clustered node. |
|
Symptom : Autonomous access point loses clock information after it reboots. Conditions : Autonomous access point using Release 15.2. 1. Manually configure the clock after the access point reboots. 2. Configure SNTP in the access point for applications when the access point does not operate as a WGB with certificate based authentication using the command: |
|
Symptom : Wireless clients cannot receive broadcast packets after broadcast key rotation. Conditions : Dynamic WEP; Release 7.0.235.0, 7.2.110.0, and 7.3.101.0. Workaround : Enter the config advanced eap bcast-key-interval 86400 command in the middle of the night and then change security setting to WPA2. |
|
Symptom : Cisco Aironet 1520 Lightweight Outdoor Mesh Access Points get false DFS triggers when in-band or off-channel (ch 124) weather RADAR signals are present. These signals are received above -20 dBm and cause network instability. Conditions : AIR-LAP152x outdoor mesh AP is installed near a weather RADAR installation. Workaround : Use the config 802.11a dfs-peakdetect disable command. |
|
Symptom : CLI debug outputs show the following message: |
|
Symptom : When multiple clients timeout at the same time, some clients are not removed from the controller’s database after the user idle timer expires. Conditions : When around 100 clients expire their user idle timeout simultaneously, only 64 deauthentication messages are sent and 36 clients are not removed from the controller database. |
|
Symptom : Controller stops working intermittently and the crash log contains the following message: |
|
Symptom : When you change the HSRP configuration, CAPWAP access points send data to the old HSRP MAC address and control traffic to the new gateway. Conditions : Controller using Release 7.2 with Cisco Aironet 3500 Series Access Point and HSRP gateway. |
|
Symptom : Local AAA sever of the controller shows the outer EAP username of wireless users who are authenticated using local EAP. Conditions : Local EAP is used on controller. Workaround : Disable identity protection on the wireless client to use the same username for inner and outer EAP usernames. For local EAP, inner username appears in the clients page or when you use the show client detailed mac-addr command. |
|
Symptom : Client RADIUS authentication fails. debug client command shows the following message: Conditions : Large scale deployments with multiple clients. RADIUS queues fill up and fail under heavy authentication and accounting load. |
|
Symptom : Controller calculates incorrect message authenticator value for RFC3576 CoA requests from some RADIUS servers such as PacketFence NAC. Conditions : Controller using Release 7.2.110.0 or Release 7.3.101.0. |
|
Symptom : FlexConnect mode access point sends ARP responses for a client in DHCP-required state. Roaming breaks for clients associated to the access point. Workaround : Disable the DHCP Required check box on the WLAN. |
|
Symptom : AAA Override ACL is not applied. Conditions : After a session timeout, the controller clears the AAA override cache and puts the wireless client in the default VLAN. |
|
Symptom : When clients associate to a local access point after a successful authentication, only the URL redirect attribute is accepted by the controller and not the URL-redirect-ACL attribute. This causes failures on redirection thereafter. Conditions : Local switching-enabled 802.1x WLANs. Controller using Release 7.2. Workaround : Disable local switching on the WLAN. Segregate the local access point from FlexConnect access points on different controllers. |
|
Symptom : 5-GHz radio on AIR-CAP1552E-N-K9 in non-bridge mode fails to enable if the controller is configured for the Brazil (-T) regulatory domain. |
|
Symptom : RRM cannot be disabled on the controller when the RF group DCA and TPC are disabled. Monitor mode command returns a message stating that DCA and TPC must be disabled even though they are already disabled. |
|
Symptom : Rogue access points are not detected when they are on a non-native VLAN trunk to a rogue detector access point. Conditions : Rogue detector mode access point using Release 7.4.100. Rogue access point is not on the rogue detector native VLAN. |
|
Symptom : Reversed gateway address appears for CCXv5 diagnostics client. |
|
Symptom : Ninety days after an access point associates with a controller, the controller sends a message that the access point should be moved to the primary controller. Conditions : An HA-SKU controller is the secondary controller in a N+1 configuration and an access point joins the controller. |
|
Symptom : Facetime calls are not detected and proper bandwidth is not allocated. Conditions : Apple OS uses a different port to send SIP packets. |
|
Symptom : Controller stops responding during scale stress tests. CPU utilization remains at around 26 percent. Conditions : Around 6000 APs and 64000 clients are associated with the controller. |
|
Symptom : When an RAP loses its wired connection, it fails to restore connectivity as an MAP through the radio backhaul. Mesh adjacency is built to a nearby MAP and the RAP gets an IP address. RAP joins its controller and disconnects due to a radio reset. RAP keeps on looping till connectivity is restored. The following error messages appear on the RAP: Conditions : Mesh deployment using Releases 7.0.230.0, 7.2.104.31, and 7.3.112.0. |
|
Symptom : Clients do not associate with the access point, clients gain network access and roam frequently. Conditions : Band select is configured with default parameters or with low values. For example, probe cycle is 1 and suppression window is 100 ms. Workaround : Disable Band select when there are multiple clients. |
|
Symptom : Controller logs the following traceback message: Conditions : Wireless client requests an invalid or unsupported encryption cipher during authentication. |
|
Symptom : config advance 802.11 {a | b} monitor noise command configurations are lost after reboot. The following messages appear: Conditions : Noise measurement interval is longer than 360 seconds. Workaround : Configure the noise measurement interval between 60 and 360 seconds. |
|
Symptom : Controller stops responding. Conditions : Web pass-through clients are anchored from foreign controller to anchor controller. |
|
Symptom : After you upgrade to Release 7.4, global user idle timeout is not used and all WLANs have an individual default user idle timeout of 300 seconds. |
|
Symptom : Controller stops responding. Conditions : When you use the show mdns profile detailed default-mdns-profile command. |
|
Symptom : Cisco WiSM2 in HA pair on Release 7.4.100.60 consistently keeps getting this error message every minute. Further Problem Description : At present, this issue does not impact normal services and an HA failover works as expected. There are a total of 820 Cisco APs in this deployment and there are a couple of interference and load profile failures. |
|
Symptom : Upon attempting to the Open Authentication SSID that has MAC Filtering enabled, substantial packet loss is observed at a mobile endpoint. This packet loss can result in no-redirect for a client and marginal connectivity issues for the mobile endpoint. Conditions : Open Authentication on the SSID with MAC Filtering enabled. Workaround : If a client disconnects and then reconnects to the SSID, this has proven to temporarily mitigate the issue. |
|
Symptom : DTIM count randomly sets to ‘zero’ for Cisco AP1140 and AP1040. Conditions : Random radio hardware issue mostly seen in dense RF environments. Easily seen for DTIM period configuration 180-255. |
|
Symptom : FlexConnect AP drops from the Cisco WLC and stops receiving traffic on GigabitEthernet0 interface until rebooted. At the time this issue is observed, the switchport connected to the Cisco AP remains operational and transmits and receives packets. The switch sees the Cisco AP as a CDP neighbor. When you access the Cisco AP console, the LAN interface is operational and transmits packets, but does not receive packets. |
|
Symptom : The following messages are displayed continuously: Workaround : Change the log level to filter out those messages—On the Cisco WLC GUI, choose MANAGEMENT > Logs > Config > Msg Log Configuration. |
|
Symptom : The 802.11k assisted roaming neighbor report is not returned upon a client request when the WLAN is mapped to an AP group. The following is the sample output of 802.11k debugs:
Workaround : Use 802.11k on WLAN with an ID that is less than or equal to 16 either in the default group or where the AP group is configured to keep the WLAN in the same position as the global WLAN ID; for example, WLAN ID 2 is the second WLAN in the AP group. |
|
Symptom : Cisco WLC sends traffic from the virtual interface IP address onto the wired network outside of the CAPWAP tunnel. |
|
Symptom : Radio interface reset when the FlexConnect AP returns to the connected mode from the standalone mode. Conditions : This issue tends to occur if the Cisco AP moves to the secondary Cisco WLC from the primary Cisco WLC after AP continues to join to the primary one for a long time. |
|
Symptom : Cisco 1240 and 1130 Series APs—DHCP does not work with FlexConnect and VLAN Native 2.
Workaround : Change the native VLAN to an unexpectedly higher number, so no WLAN will ever get mapped to a bridge group number that high. Further Problem Description : Telnet to the FlexConnect mode AP. Example: VLAN3 is the native VLAN on the FlexConnect mode AP. The AP is correctly mapped to bridge group 1. The WLAN that does not work is the one that is mapped to VLAN2. VLAN2 is mapped to bridge group 3 (see below). This is the instance where the issues is encountered. It can be any WLAN-VLAN-Native VLAN combination. |
|
Symptom : The foreign Cisco WLC does not respond to ARP from foreign export client to a local client being on the same VLAN. |
|
Symptom : Cisco 8510 WLC using Release 7.3.112.0 stopped working on taskname SNMPTask. Conditions : claPriorityOrder is set to 0 in SNMP set on Cisco Flex 7510 WLC, Cisco 8510 WLC, and Cisco vWLC. Workaround : Do not set claPriorityOrder to 0 when this MIB is used. |
|
Symptom : Cisco 5500 Series WLC stopped working due to an issue with the kernel. |
|
Symptom : Cisco APs in FlexConnect local switching mode with VLAN mapping dissociate from the Cisco WLC when an ACL is applied to one of the VLANs. Once ACL is pushed, CAPWAP UDP processing become sluggish and retransmissions of packets from the Cisco WLC are not as per expectations with duplicate sequence number errors. Eventually, this state causes a DTLS timeout and the rejoin process on the Cisco AP fails over and over with same issue. It appears that the issue is related to incorrect CAPWAP private configuration as the actual content of the ACL does not matter. The issue occurs immediately at the point when the ACL is pushed. Workaround : Do not apply ACL to the Cisco AP. Use another enforcement point if required. A reimage of the Cisco AP with 15.2 recovery image. |
|
Symptom : Cisco WiSM2 stopped working after an upgrade from Release 7.3.101.0 to 7.4.110.0. |
|
Symptom : Backed up Cisco WLC configuration with RF profile commands cannot be uploaded to another Cisco WLC. Conditions : Cisco WLC configuration with RF profile commands. Workaround : Open the configuration file in a text editor and find the commands related to RF profile This issue occurs when the commands for RF profile data rates, transmit power, and so on, occur before the command that actually creates the RF profile. For example, you may see something like this: config rf-profile data-rates 802.11a mandatory 6 test config rf-profile data-rates 802.11a supported 9 test config rf-profile create 802.11a test. Move the create command before any of the other commands related to the RF profile. Therefore, the above should be changed to the following: config rf-profile create 802.11a test config rf-profile data-rates 802.11a mandatory 6 test config rf-profile data-rates 802.11a supported 9 test Download the new configuration to the Cisco WLC. Further Problem Description : Cisco WLC Release 7.4.110.0. Create a configuration backup with RF profile configuration and then upload it to another Cisco WLC. The operation fails with the following message displayed: |
|
Symptom : Sporadically, RADIUS authentications to certain Cisco APs in FlexConnect mode fail while other authentication methods on the same Cisco AP are unaffected. Conditions : Cisco 8510 WLC using Release 7.4.110.0. Cisco AP3600 in FlexConnect mode configured in a FlexConnect group with a ‘backup RADIUS’ server pointing to a Microsoft NPS RADIUS server. Workaround : Reloading the Cisco AP corrects the issue for some time. |
|
Symptom : Changing a parameter on an SSID causes issue in FlexConnect APs if another SSID exists with a different profile. |
|
Symptom : When the Cisco WLC gets a CoA (Change of Authorization) RADIUS message, for example from ISE, the Cisco WLC sends a deauthentication to the client and move the client to DHCP_REQ state. Unless “DHCP Required” is disabled on the WLAN, this means that the client will then be disconnected unless it performs a new DHCP request. With “debug client” in effect on the Cisco WLC, the following message will be seen: Conditions : Cisco WLC is using CoA from RADIUS and has DHCP Required on the WLAN. Client is one that does not reliably re-DHCP upon 802.11 deauthentication; some Windows 7 and Mac OS X systems have been seen to have this problem. Workaround : For a single VLAN system (same VLAN before and after CoA), disable DHCP Required. For some client types, you might be able to reconfigure them to make sure that they re-DHCP as needed. For example, on a Windows 7 system, perform the following: 1. In the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces registry path, create a DWORD value named as ?UseNetworkHint? and set it to ?0?. 2. Restart the DHCP client service by executing the following commands from elevated command prompt: An alternative might be to use two VLANs, one a pre-CoA and the other a post-CoA. The DHCP leases for the pre-CoA scope might be set with very short lease durations such as 30 seconds. This should trigger a more timely DHCP lease renewal from the client so that it can regain access to the network after the CoA event. |
|
Symptom : Cisco AP disconnects from the primary WLC and moves to the secondary WLC due to memory allocation. |
|
Symptom : Cisco WLC unresponsive with local EAP-FAST in use. |
|
Symptom : AP dissociates from Cisco WLC when %DOT11-2-NO_CHAN_AVAIL_CTR occurs.
DOT11-2-NO_CHAN_AVAIL_CTRL: Interface Dot11Radio1 no channel available. DTLS_CLIENT_EVENT: local_in_addr_comp: Client and server addresses of 2 nodes are AC190D09 BDAF AC190C01 147E : AC190D09 BDAF AC190C01 147E DTLS_CLIENT_EVENT: dtls_disconnect: Disconnecting DTLS connection 0x4369A0C DTLS_CLIENT_EVENT: dtls_connectionDB_del_connection: Connection deleted AC190D09 BDAF AC190C01 147E -----
Conditions : %DOT11-2-NO_CHAN_AVAIL_CTR occurs after DFS detects. |
|
Symptom : A client roam between two Cisco WLCs can fail intermittently making the client to be part of the VLAN originally mapped to the WLAN; for example two Cisco WLC serving clients, WLAN mapped to VLAN x, RADIUS assigned to VLAN y; intermittently, client can be put on VLAN x during roams between WLC1 to WLC2. Conditions : When a client roams between two Cisco WLCs. Further Problem Description : Debug example:
pemReceiveTask: Oct 09 15:58:40.382: 60:fe:c5:69:ef:50 Set symmetric mobility tunnel for 60:fe:c5:69:ef:50 as in Foreign role *pemReceiveTask: Oct 09 15:58:40.382: 60:fe:c5:69:ef:50 167.73.161.198 Added NPU entry of type 1 dtlFlags 0x1 *pemReceiveTask: Oct 09 15:58:40.382: 60:fe:c5:69:ef:50 Skip Foreign / Export Foreign Client IP 167.73.161.198 plumbing in FP SCB *bcastReceiveTask: Oct 09 15:58:40.389: Sending MLD query First Time to 0C:85:25:C6:71:90 ap for mgid 15 *bcastReceiveTask: Oct 09 15:58:40.389: Entry for ap 0C:85:25:C6:71:90 MLD query packet not queued for mgid 15... Enquing the Query packet... *DHCP Socket Task: Oct 09 15:58:41.520: 60:fe:c5:69:ef:50 DHCP received op BOOTREQUEST (1) (len 308 vlan 0 port 13 encap 0xec03) *DHCP Socket Task: Oct 09 15:58:41.520: 60:fe:c5:69:ef:50 DHCP processing DHCP DISCOVER (1) *DHCP Socket Task: Oct 09 15:58:41.520: 60:fe:c5:69:ef:50 DHCP op: BOOTREQUEST htype: Ethernet hlen: 6 hops: 0 *DHCP Socket Task: Oct 09 15:58:41.520: 60:fe:c5:69:ef:50 DHCP xid: 0x75555ccb (1968528587) secs: 43 flags: 0 *DHCP Socket Task: Oct 09 15:58:41.520: 60:fe:c5:69:ef:50 DHCP chaddr: 60:fe:c5:69:ef:50 *DHCP Socket Task: Oct 09 15:58:41.520: 60:fe:c5:69:ef:50 DHCP ciaddr: 0.0.0.0 yiaddr: 0.0.0.0 *DHCP Socket Task: Oct 09 15:58:41.520: 60:fe:c5:69:ef:50 DHCP siaddr: 0.0.0.0 giaddr: 0.0.0.0 *DHCP Socket Task: Oct 09 15:58:41.520: 60:fe:c5:69:ef:50 DHCP successfully bridged packet to EoIP tunnel
|
|
Symptom : Cisco WLC stops responding and then reboots. Conditions : When ad hoc rogue detection is enabled. Workaround : Disabling ad hoc rogue detection is a potential workaround. |
|
Symptom : Following an HA failover, the service port on the active Cisco WLC that is configured to get its IP address through DHCP loses connectivity after the DHCP lease expires (or the DHCP renew is forced through the config interface dhcp service-port { enable | disable } command). In case of Cisco WiSM2, this connectivity issue might cause the Cisco WLC and Catalyst 6000 to fail to exchange WCP keep-alives. Thus, the show wism status command shows the active module to be not operational.
Workaround : Configure a static IP address for the service ports on both peers and force an HA switchover. From the active Cisco WLC, enter the following commands: config interface dhcp service-port disable config interface address service-port addr1 netmask config redundancy interface address peer-service-port addr2 netmask Forcing a switchover might disconnect all the clients and any mesh APs in Release 7.4.X. Therefore, we recommend that you perform this workaround during a maintenance window. |
|
Symptom : A CCKM client associated with a FlexConnect AP using Cisco WLC Release 7.4.110.0 (local switching/central authentication) might lose IP connectivity soon after a successful CCKM roaming while remaining associated with the AP. On Cisco WLAN phone, the symptom is often seen as a two-way voice outage, phone stuck in “requesting DHCP” state. On the AP side, a radio level debugging shows decryption errors. Conditions : Cisco WLC/AP using Release 7.4.110.0; FlexConnect local switching and central authentication; frequent CCKM roaming events including interband roaming. Workaround : The issue recovers soon after the client roams to another AP. Further Problem Description : This is not a persistent issue; normally, the client can then roam back to the AP without any issues. |
|
Symptom : In very rare situations, there is a racing condition that data packets are sent before switchport receiving BPDU packets from the wireless side cause MAC address flapping. Conditions : STP to break network loop mesh AP reboot or moving between RAPs intensive packets flooding in network to cause packets are sent before BPDUs are propagated. |
|
Symptom : Captive Portal pops up even when Captive Portal Bypass is enabled for certain clients such as Samsung Galaxy Note 3 (using JellyBean 4.3) or MS Surface Pro (Windows 8). Conditions : This issue occurs only for some client such as Surface Pro and Samsung Galaxy Note 3 when trying to provision the clients on a dual SSID BYOD Provisioning Setting. |
|
Symptom : Cisco WLC stops responding when the show local-auth certificates commands is entered. |
|
Symptom : Client is using PEAP; the EAP handshake fails when the Cisco vWLC needs to send the server certificate. Conditions : Using a Cisco vWLC and an EAP method that requires certificates. The path MTU between the Cisco vWLC and the Cisco AP is 1200 bytes or less. Workaround : Increase the path MTU. Further Problem Description : This is a regression; the issue was not observed in Release 7.4.X. |
|
Symptom : Cisco APs disconnect from the Cisco WLC due to DTLS errors. |
|
Symptom : When you try to enable AP Management on dynamic interface, the “Failed to Add MDNS profile” message is displayed. |
|
Symptom : Rogue APs are mistaken as infrastructure devices. Thus, the wIPS alarms such sa deauthentication spoofed MAC address are falsely triggered later. Conditions : Rogue devices that are not associated with Cisco AP send data packet such as data null to Cisco AP. This causes wIPS to falsely recognize rogue devices as part of infrastructure devices. |
|
Symptom : Performing a filter using either “WLAN Profile” or “WLAN SSID,” multiple clients and pages are displayed. The first page shows the maximum allowable information for that page. However, when you want to navigate to the subsequent pages, a “No clients found” message is displayed. Conditions : Include either “WLAN Profile” or “WLAN SSID” as the filter option. |
|
Symptom : Cisco WLC stopped working with the Task Name: spamApTask7 on Release 7.4.115.0. |
|
Symptom : Lightweight Cisco AP might not send out deauthentication messages to an existing client before 802.11 radio interface reset by RLDP although debug dot11 mgmt msg command outputs indicate the messages are sent out. |
|
Symptom : AAA override client gets assigned to dynamic interface on roam. Conditions : As an extension to CSCui50515 on Release 7.4.X, WLAN using WPA2 AES, MAC Filter PSK, AAA override gets defaulted to dynamic interface on WLAN instead of AAA overridden VLAN value upon a roam. The Cisco APs are in local mode and associated with the same Cisco WLC. A new association to the Cisco AP or removing client entry from the Cisco WLC resolves the issue and the client gets AAA overridden VLAN again when fast-SSID change is disabled. Workaround : Enabling fast-SSID change resolves the issue and assigns the client the correct AAA-override VLAN on roam. |
|
Symptom: On successful installation of Cisco WLC licenses access points are unable to join the controller as the web-user interface displays supported access points as none. However, when you execute the show license summary command using the CLI, the exact count of licenses in use is displayed. Conditions: Occurs when you install adder license file on the controller without installing the base licenses. Workaround: Contact Cisco Support for installing the base licenses of the controller. |
|
Symptom: The FT and LT detection time for an alarm is ahead or later than the AP clock. This is causing a delay in NCS to detect the alarm. In Cisco NCS you will not see the alarm until the actual AP time matches the time reported in the FT. Conditions: This occurs in Cisco Wireless LAN Controller 5508 series with release 7.0.235.3, and Cisco Aironet 3500 series wIPS ELM mode, MSE 3350 on release 7.0.201.204. |
|
Symptom: A vulnerability in the web interface of the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated remote attacker to execute a cross-frame scripting (XFS) attack. An attacker could exploit the vulnerability of insufficient HTML iframe protection and can direct users to an attacker-controlled web page with a malicious HTML iframe. The application allows users to perform certain actions via HTTP requests via iframes without performing any validity checks to verify the requests. |
|
Symptom: In Cisco WLC Release 7.4, the Cisco WLC does not respond when an “airespace wlan-identifier” attribute is sent back in an access-accept by the RADIUS server. |
|
Symptom: RADIUS accounting update is seen twice from the controller when initial authentication occurs for RADIUS NAC-enabled WLAN. |
|
Symptom: Wism2 secondary controller DP crashed due to a deadlock in high availability configuration while boot and synchronization with the primary controller. Conditions: The secondary controller DP crash occurs only when there are multiple reboots of the controller in a high availability configuration. The controller recovers after the reboot. |
|
Symptom: Cisco LAP1131 and LAP 1132 access points may experience a memory leak when a SIP phone roams from one access point to another while in an active call. This issue occurs when the handset sends multiple re-association messages when connecting to the new AP while in roaming. As a result of this bug, an authenticated adjacent attacker can trigger a memory loss and eventual cause the AP to reboot. Conditions: SIP Handsets that send multiple reassociation messages when roaming can trigger this issue. |
|
Symptom: When using controller with Release 7.4 and DHCP proxy enabled, the packets were dropped during inspection because the option 255 is missing in the DHCP request packets sent out by the controller. Conditions: This issue occurs in the Cisco Wireless LAN Controller using release 7.4. Workaround: Convert the DHCP opt 82 format from binary to ASCII value using the config dhcp opt-82 format ascii command. |
|
Symptom: A Cisco AP might stop transmitting traffic after several days with a switch port speed/duplex misconfiguration. Conditions: This issue exists on Cisco Aironet 2600 Series access points that are associated with a controller using software release 7.3.112.0 or with an autonomous Cisco IOS software release15.2(2)JA. The default Ethernet interface of the Cisco Aironet 2600 series access points is auto/auto; and switch port: duplex full/ speed 100. Workaround: Correct the speed/duplex misconfiguration in a manner that the configuration match the access point and the switch port. |
|
Symptom: In Cisco 3502 mesh access point the bridging does not exclude gig0 failing to join over radio. Conditions: Cisco 3502 Mesh when configured as a map with the bridging enabled connected behind a switch and a reboot on the map happens. Workaround: You must shut down the switch port so that the access points will join over the radio interface. |
|
Symptom: Modification of the access point group to a RAP which is currently connected through the radio backhaul interface—RAP in MAP mode as the wired uplink is down strands the RAP. Conditions: Occurs when a Cisco mesh access point such as 1552 or 1522 operates as an access point (root) without any wired backhaul interface available. This issue exists on the Cisco Wireless LAN Controller using release 7.0.x. Workaround: You must clear the CAPWAP private configuration using the clear capwap private-config command and reboot the access point. |
|
Symptom: Cisco Wireless LAN Controller NAS-identifier override is taking system name instead the NAS-identifier configured on an access point group, WLAN, or interface. Conditions: Configure an AP group, WLAN, or interface NAS-ID. |
|
Symptom: Cisco Aironet 1600 series access points transmits TKIP packets with MIC errors. The errors are reported and traffic disrupted. The following message log is displayed: Conditions: This issue exists on Cisco Aironet 600 series access points that use TKIP encryption method. Workaround: You must ensure sage of AES encryption methods instead of TKIP encryption methods. |
|
Symptom: Controller reports stale client entries in large numbers. Conditions: This issue exists on Cisco Wireless LAN Controller when numerous clients use FlexConnect access point local authentication while in connected mode. Workaround: Do not use FlexConnect local authentication while in connected mode. |
|
Symptom: Cisco Aironet 1600 series access points should have 17dbm of transmission power on one antenna and transmission power up to 22dbm with three antennas. However the show controllers command output displays that power level 1 is 13dbm on 3 antennas (8dbm per antenna). The output displayed is correct for the given AP/domain/radio/channel. However, modifying the antenna gain has no effect on the transmission power. Conditions: This issue exists in the Cisco Wireless LAN Controller release 7.4.100. European regulatory domain in countries where the expected power level is 17. Workaround: You must configure the radio to reduce its power as required if the configured antenna gain would cause the EIRP to exceed regulatory limits. The maximum power allowed is dependent upon: 4. The specific channel in use 5. The number of antennas in use 6. The configured antenna gain To find the specific allowed power levels of interest, see the Channels and Maximum Power Settings document for the selected AP. On verification for the document, you will find that the maximum power settings are correct—except that the configured gain does not limit the allowed power. This bug is thus fixed by having the configured antenna gain limit the transmit power.” |
|
Symptom: Cisco Virtual Wireless LAN Controllers fail to properly implement virtual CPU access control lists that have been configured to restrict access to the private virtual management address. Conditions: This issue exists on Cisco Virtual Wireless LAN Controllers with controller software release 7.4. Further Problem Description: This issue does not allow an intruder to bypass any forms of authentication. However, if an attacker accesses the private virtual management interface, the controller prompts them to provide valid credentials to gain access. |
|
Symptom: Configuration of an external NAT IP state and address in management interface using the Cisco WLC GUI is available in SRE controller. However, access points in public domains cannot join the controller as the discovery response of the controller includes only the private address of the controller. To enable or disable NAT IP address for access point discovery, you must use the config network ap-discovery nat-ip-only {enable | disable} command in the command line interface of the controller. Workaround: Refrain from placing the SRE-WLC behind NAT even though the controller web UI allows you the configuration. This configuration is currently unsupported in the controller. |
|
Symptom: A RAP connected through radio backhaul interface while the wired backhaul interface is down can be stranded by manually disabling the 11a backhaul interface. The controller should prevent this configuration to be pushed as in Mesh APs (role MAP). Conditions: This issue exists on Cisco Wireless LAN Controller using release 7.0.240.4 with Mesh AP (tested with 1552 and 1522 models) in role Root AP with no wired backhaul interface available. Workaround: Use the clear capwap private-config reload command to clear the CAPWAP private configuration using the command line interface. |
|
Symptom: Client gets IPv6 address from different VLAN. Conditions: This issue occurs due simultaneous occurrence of the following: 2. Client sends traffic from either the static IP address or a previously allocated IP address. 3. Client traffic does not matching the traffic received by the assigned VLAN initially. The following message will be displayed when this occurs “Overriding interface of client from ‘vlan20’ to ‘vlan30’ within interface group ‘vlan20-30’”. |
|
Symptom: A Cisco Aironet 3600 or 2600 series access points fail to boot the Cisco IOS software and the access point stays at the boot loader prompt —the ap prompt. Conditions: The Cisco AP moves to standalone mode and is power cycled. Workaround: Perform the following steps: 1. Initialize the Cisco AP, to do this enter the ap: flash_init command at the ap prompt. 2. Reboot the access point to load a new image, to do this enter the ap: boot command at the ap prompt. 3. Upgrade the bootloader of the access point to the Autonomous AP IOS Software release15.2(4)JA1 or later. Copy the bootloader image onto AP flash. To do this, execute the copy flash:/BOOTLOADERFILENAME bs: command at the ap prompt. |
|
Symptom: Cisco Wireless LAN Controller sends incorrect information while detecting rogue access points using traps. Conditions: This issue exists only in the Cisco Wireless LAN Controller using Release 7.4. |
|
Symptom: Cisco Wireless LAN Controllers that have been configured for high availability may crash when a second node is added to the HA cluster. The error message displayed indicates a crash in SNMPTask. Conditions: This issue exists for Cisco Wireless LAN Controllers that use an affected version of controller software release is configured for high availability. |
|
Symptom: Wired device such as scale behind a third party bridge device fails to get an IP address. Conditions: This issue occurs when third party bridge is associating to an access point in the HREAP/FlexConnect local switching mode and controller uses a software release later than the release 7.0.116.0. |
|
Symptom: Controller displays non-valid scrolling messages. Conditions: This issue occurs when the debug of DHCP messages that are exchanged to and from the DHCP server is enabled. Workaround: Disable the debug of DHCP messages that are exchanged to and from the DHCP server using the d ebug dhcp message disable command in the controller command line interface. |
|
Symptom: WiSM2 controller crashes and reboots. Conditions: This issue occurs when TPCv2 is enabled in the WiSM2 controller. |
|
Symptom: Controller detects false positive Dynamic Frequency Selection Detections (DFS) owing to signals transmitted by Broadcom radios. Conditions: Clients trigger DFS detections due to spurious emissions. This commit tracks additional filtering Cisco can do from their side to help with DFS falsifying. The commit as per customer site information helps with DFS falsifying about 30% of the time. Broadcom is also working on a fix from their side as well to fix the root issue. |
|
Symptom: Cisco Aironet 1550 series access points are unable to configure transmit power greater than 20dbm while in autonomous mode. |
|
Symptom: Cisco Aironet 1300 and 1400 series Access Points crashes after some period of operation. The crash file reports an error in the REAP process and occurs when a heavily loaded access point performs a cleanup of the time-out sessions. Conditions: Cisco Aironet 1300 and 1400 series APs connected to a Cisco Wireless LAN controller using an affected version of controller software release. Further Problem Description: This issue is specific to the affected access points and is not triggered by any external means. The crash occurs on APs that are heavily loaded and experience a significant number of connections which are timed-out. |
|
Symptom: Controller marks an interface in a group as dirty even when a response is received from the DHCP server. This issue is observed when clients insist on requesting an IP outside of their connected interface range in a flood (more than 100 DHCP request in the same second). The DHCP server start slowing down the responses as a result of this flood. The interface gets marked as Dirty as the dirty marking is based on requests without responses. Conditions: Clients insist on requesting an IP address outside their range using flood way. |
|
Symptom: Client communication fails when access point joins a controller and then tries to join another controller while in FlexConnect local switching mode with disabled VLAN support. |
|
Symptom: Controller displays incompatibility behavior on Cisco controller incompatibility behavior on Change-of-authorization (CoA) for RFC 3576 implementation and shows the debug output error 'RFC-3576 Disconnect-Request' which indicates that session identification attributes are invalid. The following error message is displayed:
Error cause 402 generated for ‘RFC-3576 Disconnect-Request’ from 192.168.1.5 (Session Identification attributes not valid)
Conditions: Change-of-authorization (CoA) on the controller. Workaround: The controller accepts the disconnect request when the three AVP pair attributes are sent— Calling-Station-ID MAC address of device (lower case works), Service-Type Login-user, and the Called-Station-ID (upper case MAC of AP SSID separated by colons). |
|
Symptom: A client's first attempt to associate is unsuccessful; the second attempt is successful. Conditions: This issue occurs when the maximum number of clients per AP radio is configured on each Cisco Aironet 1142 series Access Point. |
|
Symptom: Update for Client IP on controller does not happen after the 7.3.101.0 software release upgrade. Conditions: This issue exists in Cisco Wireless LAN Controller release 7.3.101.0 when WLAN is used for a locally switched H-REAP RADIUS authentication of mobile device when the DHCP server is central. Workaround: You must wait for 20 to 30 minutes for synchronization to complete. |
|
Symptom: After adding a WLAN to an AP group, the WLAN properties cannot be edited on the AP VLAN mapping page when the AP is in FlexConnect mode. Conditions: This issue occurs when you disable WLAN before adding it to the AP group. |
|
Symptom: Crash errors, traceback conditions, and radio reset errors displayed in Cisco Aironet 1240AG series after the controller upgrades to software release 7.4.100.60. Conditions: This issue exists on Cisco Wireless LAN Controller while upgrading to the 7.4.100.60 software release. |
|
Symptom : When the Cisco WLC detects more than 21 ad hoc rogues, the web GUI shows only the first 20 entries (first page). Conditions : Path on the web GUI: Monitor > Rogue > Adhoc Rogues and click on “Unclassified Adhoc” or “Custom Adhoc”. The first page shows correctly, but it is not possible to browse to the subsequent pages. Workaround : Use the show rogue adhoc summary command on the CLI. |
|
Symptom : Unable to delete an mDNS profile. Conditions : When the mDNS profile is mapped to an interface and the interface is deleted. Workaround : Before deleting the interface, detach the profile and then delete the interface. |
|
Symptom : Static IP on clients working with interface group VLAN select feature gets assigned to an incorrect interface. Conditions : Though the static IP subnet exists as a valid interface, it does not get overridden to the correct subnet interface and gets marked into mac-hash interface and the client is unable to pass traffic. |
Table 6 lists the caveats that are resolved in this release.
This section contains important information to keep in mind when installing controllers and access points.
Warning This warning means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents. Use the statement number provided at the end of each warning to locate its translation in the translated safety warnings that accompanied this device. Statement 1071
Warning Only trained and qualified personnel should be allowed to install, replace, or service this equipment. Statement 1030
Warning Do not locate the antenna near overhead power lines or other electric light or power circuits, or where it can come into contact with such circuits. When installing the antenna, take extreme care not to come into contact with such circuits, as they may cause serious injury or death. For proper installation and grounding of the antenna, please refer to national and local codes (e.g. U.S.: NFPA 70, National Electrical Code, Article 810, Canada: Canadian Electrical Code, Section 54). Statement 280
Warning This product relies on the building’s installation for short-circuit (overcurrent) protection. Ensure that a fuse or circuit breaker no larger than 120 VAC, 15A U.S. (240 VAC, 10A international) is used on the phase conductors (all current-carrying conductors). Statement 13
Warning This equipment must be grounded. Never defeat the ground conductor or operate the equipment in the absence of a suitably installed ground connector. Contact the appropriate electrical inspection authority or an electrician if you are uncertain that suitable grounding is available. Statement 1024
Warning Read the installation instructions before you connect the system to its power source. Statement 10
Warning Do not work on the system or connect or disconnect any cables (Ethernet, cable, or power) during periods of lightning activity. The possibility of serious physical injury exists if lightning should strike and travel through those cables. In addition, the equipment could be damaged by the higher levels of static electricity present in the atmosphere. Statement 276
Warning Do not operate the unit near unshielded blasting caps or in an explosive environment unless the device has been modified to be especially qualified for such use. Statement 364
Warning In order to comply with radio frequency (RF) exposure limits, the antennas for this product should be positioned no less than 6.56 ft. (2 m) from your body or nearby persons. Statement 339
Warning This unit is intended for installation in restricted access areas. A restricted access area can be accessed only through the use of a special tool, lock and key, or other means of security. Statement 1017
Follow the guidelines in this section to ensure proper operation and safe use of the controllers and access points.
FCC Compliance with its action in ET Docket 96-8, has adopted a safety standard for human exposure to RF electromagnetic energy emitted by FCC-certified equipment. When used with approved Cisco Aironet antennas, Cisco Aironet products meet the uncontrolled environmental limits found in OET-65 and ANSI C95.1, 1991. Proper operation of this radio device according to the instructions in this publication results in user exposure substantially below the FCC recommended limits.
For your safety, and to help you achieve a good installation, read and follow these safety precautions. They might save your life!
1. If you are installing an antenna for the first time, for your own safety as well as others, seek professional assistance. Your Cisco sales representative can explain which mounting method to use for the size and type of antenna you are about to install.
2. Select your installation site with safety as well as performance in mind. Electric power lines and phone lines look alike. For your safety, assume that any overhead line can kill you.
3. Call your electric power company. Tell them your plans and ask them to come look at your proposed installation. This is a small inconvenience considering your life is at stake.
4. Plan your installation carefully and completely before you begin. Successfully raising a mast or tower is largely a matter of coordination. Each person should be assigned to a specific task and should know what to do and when to do it. One person should be in charge of the operation to issue instructions and watch for signs of trouble.
5. When installing an antenna, remember:
b. Do not work on a wet or windy day.
c. Do dress properly—shoes with rubber soles and heels, rubber gloves, long-sleeved shirt or jacket.
6. If the assembly starts to drop, get away from it and let it fall. Remember that the antenna, mast, cable, and metal guy wires are all excellent conductors of electrical current. Even the slightest touch of any of these parts to a power line completes an electrical path through the antenna and the installer: you!
7. If any part of an antenna system should come in contact with a power line, do not touch it or try to remove it yourself. Call your local power company. They will remove it safely.
8. If an accident should occur with the power lines, call for qualified emergency help immediately.
See the appropriate quick start guide or hardware installation guide for instructions on installing controllers and access points.
Note To meet regulatory restrictions, all external antenna configurations must be installed by experts.
Personnel installing the controllers and access points must understand wireless techniques and grounding methods. Access points with internal antennas can be installed by an experienced IT professional.
The controller must be installed by a network administrator or qualified IT professional, and the proper country code must be selected. Following installation, access to the controller should be password protected by the installer to maintain compliance with regulatory requirements and ensure proper unit functionality.
For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at this URL:
http://www.cisco.com/c/en/us/support/index.html
Click Product Support > Wireless. Then choose your product and Troubleshooting to find information on the problem you are experiencing.
For additional information about the Cisco controllers and lightweight access points, see these documents:
You can access these documents at this URL: http://www.cisco.com/c/en/us/support/index.html
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation at: http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html
Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.