Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 7.2.110.0
Cisco Unified Wireless Network Solution Components
Controller Platforms Not Supported
Software Release Support for Access Points
Upgrading to Controller Software Release 7.2.110.0
Upgrading to Controller Software Release 7.2.110.0 (GUI)
Special Notes for Licensed Data Payload Encryption on Cisco 5500 Series Wireless LAN Controllers
Downloading and Installing a DTLS License for an LDPE Controller
Upgrading from an LDPE to a Non-LDPE Controller
Interoperability With Other Clients in 7.2.110.0
Features Not Supported on Controller Platforms
Features Not Supported on Cisco 2500 Series Controllers
Features Not Supported on WiSM2 and Cisco 5500 Series Controllers
Features Not Supported on Cisco Flex 7500 Controllers
Features Not Supported on Cisco Wireless Controller on Cisco Services-Ready Engine (SRE)
Features Not Supported on Mesh Networks
FCC Safety Compliance Statement
Obtaining Documentation and Submitting a Service Request
These release notes describe what is new in this release, instructions to upgrade to this release, and open and resolved caveats for this release.
Note Unless otherwise noted, all of the Cisco Wireless LAN controllers are referred to as controllers, and all of the Cisco lightweight access points are referred to as access points.
– Cisco 2500 Series WLC simultaneous AP image download support. |
These release notes contain the following sections:
The following components are part of the Cisco UWN Solution and are compatible in this release:
Note For more information on the compatibility of wireless software components across releases, see the Cisco Wireless Solutions Software Compatibility Matrix.
Note Client and tag licenses are required to get contextual (such as location) information within the context-aware software. For more information, see the Release Notes for Cisco 3350 Mobility Services Engine for Software Release 7.2.110.0.
The AP801 and AP802 are integrated access points on the Cisco 800 Series Integrated Services Routers (ISRs). For more information about the SKUs for the access points and the ISRs, see the following data sheets:
– http://www.cisco.com/c/en/us/products/collateral/routers/800-series-routers/data_sheet_c78_461543.html
– http://www.cisco.com/c/en/us/products/collateral/routers/887-integrated-services-router-isr/data_sheet_c78_459542.html
– http://www.cisco.com/c/en/us/products/collateral/routers/800-series-routers/data_sheet_c78-613481.html
– http://www.cisco.com/c/en/us/products/collateral/routers/880-3g-integrated-services-router-isr/data_sheet_c78_498096.html
– http://www.cisco.com/c/en/us/products/collateral/routers/880g-integrated-services-router-isr/data_sheet_c78-682548.html
http://www.cisco.com/c/en/us/products/collateral/routers/800-series-routers/data_sheet_c78-519930.html
Note The AP802 is an integrated access point on the Next Generation Cisco 880 Series Integrated Services Routers (ISRs).
Note Before you use an AP802 series lightweight access point with controller software release 7.2.110.0, you must upgrade the software in the Next Generation Cisco 880 Series Integrated Services Routers (ISRs) to Cisco IOS 151-4.M or later releases.
This section provides a brief description of what is new in this release. For more information about these features, see the Cisco Wireless LAN Controller Configuration Guide.
Note Enhanced local mode (ELM) is not supported when the device is in Local mode.
802.11r provides two methods of roaming:
– Over-the-DS (Distributed System)
The FT key hierarchy is designed to allow clients to make fast BSS transitions between APs without the need to reauthenticate at every AP. WLAN configuration contains a new Authenticated Key Management (AKM) type called FT (Fast Transition).
Note Legacy clients cannot associate with a WLAN that has 802.11r enabled if the driver of the supplicant that is responsible for parsing the Robust Security Network Information Exchange (RSN IE) is old and not aware of the additional AKM suites in the IE. Due to this limitation, clients cannot send association requests to WLANs. These clients, however, can still associate with non-802.11r WLANs. Clients that are 802.11r capable can associate as 802.11i clients on WLANs that have both 802.11i and 802.11r Authentication Key Management Suites enabled.
The workaround is to enable or upgrade the driver of the legacy clients to work with the new 802.11r AKMs, after which the legacy clients can successfully associate with 802.11r enabled WLANs.
Another workaround is to have two SSIDs with the same name but with different security settings (FT and non-FT).
– Device registration and supplicant provisioning
– Onboarding personal devices (provisioning for iOS or Android devices)
You can configure the following in the Advanced tab of the WLAN configuration page:
– DHCP Profiling under Client Profiling
Note RADIUS NAC with Layer3 web authentication security (local web authentication) is not supported.
Note Flex local switching with Radius NAC support is added in Release 7.2.110.0. It is not supported in 7.0 Releases and 7.2.103 Release. Downgrading 7.2.110.0 and later releases to either 7.2 or 7.0 releases will require you to reconfigure the WLAN for Radius NAC feature to work.
The controller can be configured to act as a collector for client profiling and interact with the DHCP thread along with the RADIUS accounting task that is running on the controller. The controller receives a copy of the DHCP request packet sent from the DHCP thread and parses the DHCP packet for two options:
– Option 12—HostName of the client
– Option 60—The Vendor Class Identifier
After this information is gathered from the DHCP_REQUEST packet, a message is formed by the controller with these option fields and is sent to the RADIUS accounting thread, which is in turn transmitted to the ISE in the form of an interim accounting message.
Table 1-2 lists the controller software releases that support specific Cisco access points. The First Support column lists the earliest controller software release that supports the access point. For access points that are not supported in ongoing releases, the Last Support column lists the last release that supports the access point.
Note The Cisco 3600 Access Point was introduced in 7.1.91.0. If your network deployment uses Cisco 3600 Access Points with release 7.1.91.0, we highly recommend that you upgrade to 7.2.103.0 or a later release. |
|||
-A and N: 4.1.190.1 or 5.2 or later1 |
|||
– Ensure that your TFTP server supports files that are larger than the size of the controller software release 7.2.110.0. Some TFTP servers that support files of this size are tftpd32 and the TFTP server within the NCS. If you attempt to download the 7.2.110.0 controller software and your TFTP server does not support files of this size, the following error message appears: “TFTP failure while storing in flash.”
– If you are upgrading through the distribution system network port, the TFTP or FTP server can be on the same or a different subnet because the distribution system port is routable.
– A third-party TFTP or FTP server cannot run on the same computer as NCS because the NCS built-in TFTP or FTP server and the third-party TFTP or FTP server require the same communication port.
Bootloader Menu for 5500 Series Controllers:
Bootloader Menu for Other Controller Platforms:
Enter 1 to run the current software, enter 2 to run the previous software, enter 4 (on a 5500 series controller), or enter 5 (on another controller platform) to run the current software and set the controller configuration to factory defaults. Do not choose the other options unless directed to do so.
Note See the Installation Guide or the Quick Start Guide for your controller for more details on running the bootup script and power-on self-test.
With the backup image stored before rebooting, be sure to choose Option 2: Run Backup Image from the boot menu to boot from the backup image. Then, upgrade with a known working image and reboot the controller.
config network ap-discovery nat-ip-only { enable | disable }
– enable — Enables use of NAT IP only in Discovery response. This is the default. Use this command if all APs are outside of the NAT gateway.
– disable —Enables use of both NAT IP and non-NAT IP in discovery response. Use this command if APs are on the inside and outside of the NAT gateway; for example, Local Mode and OfficeExtend APs on the same controller.
Note To avoid stranding APs, you must disable AP link-latency (if enabled) before you use the disable option for the config network ap-discovery nat-ip-only command. To disable AP link-latency, use the config ap link-latency disable all command.
– You can predownload the AP image.
– For FlexConnect access points, use the FlexConnect AP upgrade feature to reduce traffic between the controller and the AP (main site and the branch). For more information about the FlexConnect AP upgrade feature, see the Cisco Wireless LAN Controller Configuration Guide.
Note Predownloading a 7.2.110.0 version on a Cisco Aironet 1240 access point is not supported when upgrading from a previous controller release. If predownloading is attempted to a Cisco Aironet 1240 access point, an AP disconnect will occur momentarily.
– Delete all WLANs that are mapped to interface groups and create new ones.
– Ensure that all WLANs are mapped to interfaces rather than interface groups.
– Enable or disable link aggregation (LAG)
– Enable a feature that is dependent on certificates (such as HTTPS and web authentication)
Step 1 Upload your controller configuration files to a server to back them up.
Note We highly recommend that you back up your controller’s configuration files prior to upgrading the controller software.
Step 2 Follow these steps to obtain the 7.2.110.0 controller software:
a. Click this URL to go to the Software Center:
http://www.cisco.com/cisco/software/navigator.html
b. Choose Wireless from the center selection window.
c. Click Wireless LAN Controllers.
The following options are available:
– Integrated Controllers and Controller Modules
d. Depending on your controller platform, click one of the above options.
e. Click the controller model number or name. The Download Software page is displayed.
f. Click a controller software release. The software releases are labeled as follows to help you determine which release to download:
g. Click a software release number.
h. Click the filename ( filename.aes).
j. Read Cisco’s End User Software License Agreement and then click Agree.
k. Save the file to your hard drive.
l. Repeat steps a through k to download the remaining file.
Step 3 Copy the controller software file ( filename.aes) to the default directory on your TFTP or FTP server.
Step 4 (Optional) Disable the controller 802.11a/n and 802.11b/g/n networks.
Note For busy networks, controllers on high utilization, or small controller platforms, we recommend that you disable the 802.11a/n and 802.11b/g/n networks as a precautionary measure.
Step 5 Disable any WLANs on the controller.
Step 6 Choose Commands > Download File to open the Download File to Controller page.
Step 7 From the File Type drop-down list, choose Code.
Step 8 From the Transfer Mode drop-down list, choose TFTP or FTP.
Step 9 In the IP Address text box, enter the IP address of the TFTP or FTP server.
Step 10 If you are using a TFTP server, the default values of 10 retries for the Maximum Retries text field, and 6 seconds for the Timeout text field should work correctly without any adjustment. However, you can change these values if desired. To do so, enter the maximum number of times that the TFTP server attempts to download the software in the Maximum Retries text box and the amount of time (in seconds) that the TFTP server attempts to download the software in the Timeout text box.
Step 11 In the File Path text box, enter the directory path of the software.
Step 12 In the File Name text box, enter the name of the software file ( filename.aes).
Step 13 If you are using an FTP server, follow these steps:
a. In the Server Login Username text box, enter the username to log on to the FTP server.
b. In the Server Login Password text box, enter the password to log on to the FTP server.
c. In the Server Port Number text box, enter the port number on the FTP server through which the download occurs. The default value is 21.
Step 14 Click Download to download the software to the controller. A message appears indicating the status of the download.
Step 15 After the download is complete, click Reboot.
Step 16 If prompted to save your changes, click Save and Reboot.
Step 17 Click OK to confirm your decision to reboot the controller.
Step 18 After the controller reboots, repeat Step 6 to Step 17 to install the remaining file.
Step 20 For Cisco WiSM2 on the Catalyst switch, check the port channel and reenable the port channel if necessary.
Step 21 If you have disabled the 802.11a/n and 802.11b/g/n networks in Step 4, reenable them.
Step 22 To verify that the 7.2.110.0 controller software is installed on your controller, click Monitor on the controller GUI and look at the Software Version field under Controller Summary.
Datagram Transport Layer Security (DTLS) is required for all Cisco 600 Series OfficeExtend Access Point deployments to encrypt data plane traffic between the APs and the controller. You can purchase the Cisco 5500 Series Wireless LAN Controller with either DTLS that is enabled (non-LDPE) or disabled (LDPE). If DTLS is disabled, you must install a DTLS license to enable DTLS encryption. The DTLS license is available for download on Cisco.com.
Important Note for Customers in Russia
If you plan to install a Cisco 5500 Series Wireless LAN Controller in Russia, you must get a Paper PAK, and not download the license from Cisco.com. The DTLS Paper PAK license is for customers who purchase a controller with DTLS that is disabled due to import restrictions but have authorization from local regulators to add DTLS support after the initial purchase. Consult your local government regulations to ensure that DTLS encryption is permitted.
The following table lists the Paper PAK licenses and their descriptions including their part numbers.
Step 1 Download the Cisco DTLS license.
a. Go to the Cisco Software Center at this URL:
https://tools.cisco.com/SWIFT/LicensingUI/Home
b. On the Product License Registration page, choose Get New > IPS, Crypto, Other Licenses.
c. Under Wireless, choose Cisco Wireless Controllers (2500/5500/7500/8500/WiSM2) DTLS License.
d. Complete the remaining steps to generate the license file. The license file information will be sent to you in an e-mail.
Step 2 Copy the license file to your TFTP server.
Step 3 Install the DTLS license. You can install the license either by using the controller web GUI interface or the CLI:
Management > Software Activation > Commands > Action : Install License
license install tftp ://ipaddress /path /extracted-file
After the installation of the DTLS license, reboot the system. Ensure that the DTLS license that is installed is active.
In 7.0.230.0 and 7.2.110.0 controller releases, you can upgrade from an LDPE controller software to a non-LDPE controller software. For all other releases, you must first upgrade to a release that supports LDPE before you upgrade to a non-LDPE controller software.
Note If you have a 7.2.103.0 release of the controller software, it is not possible to upgrade from an LDPE to a non-LDPE controller software.
Step 1 Download the non-LDPE software release:
a. Go to the Cisco Software Center at this URL:
http://www.cisco.com/cisco/software/navigator.html?mdfid=282585015&i=rm
b. Choose Cisco 5500 Series Controller from the right selection box.
c. Click Wireless LAN Controller Software.
d. From the left navigation pane, click the software release number for which you want to install the non-LDPE software.
e. Choose the non-LDPE software release: AIR-CT5500-K9-X-XXX.X.aes
g. Read Cisco’s End User Software License Agreement and then click Agree.
h. Save the file to your hard drive.
Step 2 Copy the controller software file ( filename.aes) to the default directory on your TFTP or FTP server.
Step 3 Upgrade the controller with this version by following the instructions from Step 3 through Step 22 detailed in the “Upgrading to Controller Software Release 7.2.110.0” section.
This section describes the interoperability of the version of controller software with other client devices.
Table 1-5 describes the configuration used for testing the clients.
Open, WEP, PSK (WPA and WPA2), 802.1X (WPA-TKIP and WPA2-AES) (LEAP, PEAP, EAP-FAST, EAP-TLS) |
|
Connectivity, traffic, and roaming between two access points |
Table 1-6 lists the client types on which the tests were conducted. The clients included laptops, handheld devices, phones, and printers.
This section lists the features that are not supported in the following platforms:
Note Directly connected APs are supported only in Local mode.
Note For Cisco 5500 Series controllers, it is not necessary to configure an AP-manager interface. The management interface acts like an AP-manager interface by default, and the access points can join on this interface.
Note You can replicate this functionality on a 5500 series controller by creating an open WLAN using an ACL.
Note For Cisco 7500 Series controllers, it is not necessary to configure an AP-manager interface. The management interface acts like an AP-manager interface by default, and the access points can join on this interface.
Note An AP associated with the controller in local mode should be converted to FlexConnect mode or Monitor mode, either manually or by enabling the autoconvert feature. On the Flex 7500 controller CLI, enable the autoconvert feature by entering the config ap autoconvert enable command.
The following sections lists Open Caveats and Resolved Caveats for Cisco controllers and lightweight access points for version 7.2.110.0. For your convenience in locating caveats in Cisco’s Bug Toolkit, the caveat titles listed in this section are drawn directly from the Bug Toolkit database. These caveat titles are not intended to be read as complete sentences because the title field length is limited. In the caveat titles, some truncation of wording or punctuation might be necessary to provide the most complete and concise description. The only modifications made to these titles are as follows:
Note If you are a registered cisco.com user, view Bug Toolkit on cisco.com at the following website:
https://tools.cisco.com/bugsearch/
To become a registered cisco.com user, go to the following website:
http://tools.cisco.com/RPF/register/register.do
Table 1-7 lists open caveats in controller software release 7.2.110.0.
Table 1-8 lists caveats resolved in controller software release 7.2.110.0.
This section contains important information to keep in mind when installing controllers and access points.
Warning This warning means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents. Use the statement number provided at the end of each warning to locate its translation in the translated safety warnings that accompanied this device. Statement 1071
Warning Only trained and qualified personnel should be allowed to install, replace, or service this equipment. Statement 1030
Warning Do not locate the antenna near overhead power lines or other electric light or power circuits, or where it can come into contact with such circuits. When installing the antenna, take extreme care not to come into contact with such circuits, as they may cause serious injury or death. For proper installation and grounding of the antenna, please refer to national and local codes (e.g. U.S.: NFPA 70, National Electrical Code, Article 810, Canada: Canadian Electrical Code, Section 54). Statement 280
Warning This product relies on the building’s installation for short-circuit (overcurrent) protection. Ensure that a fuse or circuit breaker no larger than 120 VAC, 15A U.S. (240 VAC, 10A international) is used on the phase conductors (all current-carrying conductors). Statement 13
Warning This equipment must be grounded. Never defeat the ground conductor or operate the equipment in the absence of a suitably installed ground connector. Contact the appropriate electrical inspection authority or an electrician if you are uncertain that suitable grounding is available. Statement 1024
Warning Read the installation instructions before you connect the system to its power source. Statement 10
Warning Do not work on the system or connect or disconnect any cables (Ethernet, cable, or power) during periods of lightning activity. The possibility of serious physical injury exists if lightning should strike and travel through those cables. In addition, the equipment could be damaged by the higher levels of static electricity present in the atmosphere. Statement 276
Warning Do not operate the unit near unshielded blasting caps or in an explosive environment unless the device has been modified to be especially qualified for such use. Statement 364
Warning In order to comply with radio frequency (RF) exposure limits, the antennas for this product should be positioned no less than 6.56 ft. (2 m) from your body or nearby persons. Statement 339
Warning This unit is intended for installation in restricted access areas. A restricted access area can be accessed only through the use of a special tool, lock and key, or other means of security. Statement 1017
Follow the guidelines in this section to ensure proper operation and safe use of the controllers and access points.
FCC Compliance with its action in ET Docket 96-8, has adopted a safety standard for human exposure to RF electromagnetic energy emitted by FCC-certified equipment. When used with approved Cisco Aironet antennas, Cisco Aironet products meet the uncontrolled environmental limits found in OET-65 and ANSI C95.1, 1991. Proper operation of this radio device according to the instructions in this publication results in user exposure substantially below the FCC recommended limits.
For your safety, and to help you achieve a good installation, read and follow these safety precautions. They might save your life!
1. If you are installing an antenna for the first time, for your own safety as well as others, seek professional assistance. Your Cisco sales representative can explain which mounting method to use for the size and type of antenna you are about to install.
2. Select your installation site with safety as well as performance in mind. Electric power lines and phone lines look alike. For your safety, assume that any overhead line can kill you.
3. Call your electric power company. Tell them your plans and ask them to come look at your proposed installation. This is a small inconvenience considering your life is at stake.
4. Plan your installation carefully and completely before you begin. Successfully raising a mast or tower is largely a matter of coordination. Each person should be assigned to a specific task and should know what to do and when to do it. One person should be in charge of the operation to issue instructions and watch for signs of trouble.
5. When installing an antenna, remember:
b. Do not work on a wet or windy day.
c. Do dress properly—shoes with rubber soles and heels, rubber gloves, long-sleeved shirt or jacket.
6. If the assembly starts to drop, get away from it and let it fall. Remember that the antenna, mast, cable, and metal guy wires are all excellent conductors of electrical current. Even the slightest touch of any of these parts to a power line completes an electrical path through the antenna and the installer: you!
7. If any part of an antenna system should come in contact with a power line, do not touch it or try to remove it yourself. Call your local power company. They will remove it safely.
8. If an accident should occur with the power lines, call for qualified emergency help immediately.
See the appropriate quick start guide or hardware installation guide for instructions on installing controllers and access points.
Note To meet regulatory restrictions, all external antenna configurations must be installed by experts.
Personnel installing the controllers and access points must understand wireless techniques and grounding methods. Access points with internal antennas can be installed by an experienced IT professional.
The controller must be installed by a network administrator or qualified IT professional, and the proper country code must be selected. Following installation, access to the controller should be password protected by the installer to maintain compliance with regulatory requirements and ensure proper unit functionality.
For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at this URL:
http://www.cisco.com/c/en/us/support/index.html
Click Product Support > Wireless. Then choose your product and Troubleshooting to find information on the problem you are experiencing.
For more information about the Cisco WLCs, lightweight access points, and mesh access points, see these documents:
You can access these documents at this URL: http://www.cisco.com/c/en/us/support/index.html.
For information on obtaining documentation, submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation at: http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html
Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.