Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 7.4.130.0
Cisco Wireless LAN Controller and Access Point Platforms
Supported Cisco Wireless LAN Controller Platforms
Supported Access Point Platforms
Unsupported Cisco Wireless LAN Controller Platforms
Software Release Support for Access Points
Upgrading to Controller Software Release 7.4.130.0
Upgrading to Controller Software Release 7.4.130.0 (GUI)
Special Notes for Licensed Data Payload Encryption on Cisco Wireless LAN Controllers
Downloading and Installing a DTLS License for an LDPE Controller
Upgrading from an LDPE to a Non-LDPE Controller
Interoperability With Other Clients in 7.4.130.0
Features Not Supported on Controller Platforms
Features Not Supported on Cisco 2500 Series Controllers
Features Not Supported on WiSM2 and Cisco 5500 Series Controllers
Features Not Supported on Cisco Flex 7500 Controllers
Features Not Supported on Cisco 8500 Controllers
Features Not Supported on Cisco Wireless Controller on Cisco Services-Ready Engine
Features Not Supported on Cisco Virtual Wireless Controllers
Features Not Supported on Mesh Networks
FCC Safety Compliance Statement
Obtaining Documentation and Submitting a Service Request
First Published: December 15, 2014
These release notes describe what is new in this release, instructions to upgrade to this release, and open and resolved caveats for this release.
Note Unless otherwise noted, all of the Cisco Wireless LAN controllers are referred to as controllers, and all of the Cisco lightweight access points are referred to as access points or APs.
These release notes contain the following sections:
This section contains the following subsections:
The following Cisco WLC platforms are supported in this release:
The following access point platforms are supported in this release:
http://www.cisco.com/en/US/prod/collateral/routers/ps380/data_sheet_c78_461543.html
http://www.cisco.com/en/US/prod/collateral/routers/ps380/data_sheet_c78_459542_ps380_Products_Data_Sheet.html
http://www.cisco.com/en/US/prod/collateral/routers/ps380/data_sheet_c78-613481.html
http://www.cisco.com/en/US/prod/collateral/routers/ps380/ps10082/data_sheet_c78_498096.html
http://www.cisco.com/en/US/prod/collateral/routers/ps380/ps10082/data_sheet_c78-682548.html
http://www.cisco.com/en/US/prod/collateral/routers/ps380/data_sheet_c78-519930.html
Note The AP802 is an integrated access point on the Next Generation Cisco 880 Series ISRs.
Note Before you use an AP802 series lightweight access point with controller software release 7.4.130.0, you must upgrade the software in the Next Generation Cisco 880 Series ISRs to Cisco IOS 151-4.M or later releases.
Table 1 lists the controller software releases that support specific Cisco access points. The First Support column lists the earliest controller software release that supports the access point. For access points that are not supported in ongoing releases, the Last Support column lists the last release that supports the access point.
Note The Cisco 3600 Access Point was introduced in 7.1.91.0. If your network deployment uses Cisco 3600 Access Points with release 7.1.91.0, we highly recommend that you upgrade to 7.2.103.0 or a later release. |
|||
-A and N: 4.1.190.1 or 5.2 or later1 |
|||
– Functionality prior to Release 7.4.130.0—If a WLAN was added to an AP group prior to Release 7.4.130.0, the RF radio policy is set to All after an XML upload/download. This is because the default value of RF policy was not added. This issue was addressed through CSCud37443. However, this corrects only the newly created WLAN-AP group associations and not the previous ones. Therefore, if you have configured a WLAN-AP group association prior to Release 7.4.130.0, you must remove the WLAN from the AP group and add it again in Release 7.4.130.0 or a later release.
Also, the XML configuration for radio policy was not present in releases prior to 8.0. This issue is addressed through CSCul59089.
– Change in functionality with Release 7.4.130.0—The RF radio policy is by default set to None for all WLAN-AP group associations created in Release 7.4.130.0. Any previous WLAN-AP group associations that are carried over will continue to be set to All unless a WLAN is removed from the AP group and added again.
The XML upload/download for AP group RF radio policy is available only from Release 8.0.
If LAG is enabled on the Cisco 2500 Series Controller and the controller is downgraded to a non-LAG aware release, the port information is lost and it requires manual recovery.
Note Bootloader upgrade is not required if FIPS is disabled.
– Ensure that your TFTP server supports files that are larger than the size of the controller software release 7.4.130.0. Some TFTP servers that support files of this size are tftpd32 and the TFTP server within the Prime Infrastructure. If you attempt to download the 7.4.130.0 controller software and your TFTP server does not support files of this size, the following error message appears: “TFTP failure while storing in flash.”
– If you are upgrading through the distribution system network port, the TFTP or FTP server can be on the same or a different subnet because the distribution system port is routable.
Bootloader Menu for 5500 Series Controllers:
Bootloader Menu for Other Controller Platforms:
Enter 1 to run the current software, enter 2 to run the previous software, enter 4 (on a 5500 series controller), or enter 5 (on another controller platform) to run the current software and set the controller configuration to factory defaults. Do not choose the other options unless directed to do so.
Note See the Installation Guide or the Quick Start Guide for your controller for more details on running the bootup script and power-on self-test.
With the backup image stored before rebooting, be sure to choose Option 2: Run Backup Image from the boot menu to boot from the backup image. Then, upgrade with a known working image and reboot the controller.
config network ap-discovery nat-ip-only { enable | disable }
– enable — Enables use of NAT IP only in a discovery response. This is the default. Use this command if all APs are outside of the NAT gateway.
– disable —Enables use of both NAT IP and non-NAT IP in a discovery response. Use this command if APs are on the inside and outside of the NAT gateway; for example, Local Mode and OfficeExtend APs are on the same controller.
Note To avoid stranding APs, you must disable AP link latency (if enabled) before you use the disable option for the config network ap-discovery nat-ip-only command. To disable AP link latency, use the config ap link-latency disable all command.
– You can predownload the AP image.
– For FlexConnect access points, use the FlexConnect AP upgrade feature to reduce traffic between the controller and the AP (main site and the branch). For more information about the FlexConnect AP upgrade feature, see the Cisco Wireless LAN Controller FlexConnect Configuration Guide.
Note Predownloading a 7.4.130.0 version on a Cisco Aironet 1240 access point is not supported when upgrading from a previous controller release. If predownloading is attempted to a Cisco Aironet 1240 access point, an AP disconnect will occur momentarily.
– Delete all WLANs that are mapped to interface groups and create new ones.
– Ensure that all WLANs are mapped to interfaces rather than interface groups.
– Enable or disable link aggregation (LAG)
– Enable a feature that is dependent on certificates (such as HTTPS and web authentication)
– Add a new license or modify an existing license
– Increase the priority for a license
– Install vendor device certificate
– Install Web Authentication certificate
Step 1 Upload your controller configuration files to a server to back them up.
Note We highly recommend that you back up your controller’s configuration files prior to upgrading the controller software.
Step 2 Follow these steps to obtain the 7.4.130.0 controller software:
a. Click this URL to go to the Software Center:
https://software.cisco.com/download/navigator.html
b. Choose Wireless from the center selection window.
c. Click Wireless LAN Controllers.
The following options are available:
– Integrated Controllers and Controller Modules
d. Depending on your controller platform, click one of the above options.
e. Click the controller model number or name. The Download Software page is displayed.
f. Click a controller software release. The software releases are labeled as follows to help you determine which release to download:
g. Click a software release number.
h. Click the filename ( filename.aes).
j. Read Cisco’s End User Software License Agreement and then click Agree.
k. Save the file to your hard drive.
l. Repeat steps a. through k. to download the remaining file.
Step 3 Copy the controller software file ( filename.aes) to the default directory on your TFTP, FTP, or SFTP server.
Step 4 (Optional) Disable the controller 802.11a/n and 802.11b/g/n networks.
Note For busy networks, controllers on high utilization, or small controller platforms, we recommend that you disable the 802.11a/n and 802.11b/g/n networks as a precautionary measure.
Step 5 Choose Commands > Download File to open the Download File to Controller page.
Step 6 From the File Type drop-down list, choose Code.
Step 7 From the Transfer Mode drop-down list, choose TFTP, FTP, or SFTP.
Step 8 In the IP Address text box, enter the IP address of the TFTP, FTP, or SFTP server.
Step 9 If you are using a TFTP server, the default values of 10 retries for the Maximum Retries text field, and 6 seconds for the Timeout text field should work correctly without any adjustment. However, you can change these values if desired. To do so, enter the maximum number of times that the TFTP server attempts to download the software in the Maximum Retries text box and the amount of time (in seconds) that the TFTP server attempts to download the software in the Timeout text box.
Step 10 In the File Path text box, enter the directory path of the software.
Step 11 In the File Name text box, enter the name of the software file ( filename.aes).
Step 12 If you are using an FTP server, follow these steps:
a. In the Server Login Username text box, enter the username to log on to the FTP server.
b. In the Server Login Password text box, enter the password to log on to the FTP server.
c. In the Server Port Number text box, enter the port number on the FTP server through which the download occurs. The default value is 21.
Step 13 Click Download to download the software to the controller. A message appears indicating the status of the download.
Step 14 After the download is complete, click Reboot.
Step 15 If prompted to save your changes, click Save and Reboot.
Step 16 Click OK to confirm your decision to reboot the controller.
Step 17 For Cisco WiSM2 on the Catalyst switch, check the port channel and reenable the port channel if necessary.
Step 18 If you have disabled the 802.11a/n and 802.11b/g/n networks in (Optional) Disable the controller 802.11a/n and 802.11b/g/n networks., reenable them.
Step 19 To verify that the 7.4.130.0 controller software is installed on your controller, click Monitor on the controller GUI and look at the Software Version field under Controller Summary.
Datagram Transport Layer Security (DTLS) is required for all Cisco 600 Series OfficeExtend Access Point deployments to encrypt data plane traffic between the APs and the controller. You can purchase Cisco Wireless LAN Controllers with either DTLS that is enabled (non-LDPE) or disabled (LDPE). If DTLS is disabled, you must install a DTLS license to enable DTLS encryption. The DTLS license is available for download on Cisco.com.
Important Note for Customers in Russia
If you plan to install a Cisco Wireless LAN Controller in Russia, you must get a Paper PAK, and not download the license from Cisco.com. The DTLS Paper PAK license is for customers who purchase a controller with DTLS that is disabled due to import restrictions but have authorization from local regulators to add DTLS support after the initial purchase. Consult your local government regulations to ensure that DTLS encryption is permitted.
Note Paper PAKs and electronic licenses available are outlined in the respective controller datasheets.
Step 1 Download the Cisco DTLS license.
a. Go to the Cisco Software Center at this URL:
https://tools.cisco.com/SWIFT/LicensingUI/Home
b. On the Product License Registration page, choose Get New > IPS, Crypto, Other Licenses.
c. Under Wireless, choose Cisco Wireless Controllers (2500/5500/7500/8500/WiSM2) DTLS License.
d. Complete the remaining steps to generate the license file. The license file information will be sent to you in an e-mail.
Step 2 Copy the license file to your TFTP server.
Step 3 Install the DTLS license. You can install the license either by using the controller web GUI interface or the CLI:
Management > Software Activation > Commands > Action : Install License
license install tftp ://ipaddress /path /extracted-file
After the installation of the DTLS license, reboot the system. Ensure that the DTLS license that is installed is active.
Step 1 Download the non-LDPE software release:
a. Go to the Cisco Software Center at this URL:
http://www.cisco.com/cisco/software/navigator.html?mdfid=282585015&i=rm
b. Choose the controller model from the right selection box.
c. Click Wireless LAN Controller Software.
d. From the left navigation pane, click the software release number for which you want to install the non-LDPE software.
e. Choose the non-LDPE software release: AIR-X-K9-X-X.X.aes
g. Read Cisco’s End User Software License Agreement and then click Agree.
h. Save the file to your hard drive.
Step 2 Copy the controller software file ( filename.aes) to the default directory on your TFTP or FTP server.
Step 3 Upgrade the controller with this version by following the instructions from Copy the controller software file ( filename.aes) to the default directory on your TFTP, FTP, or SFTP server. through To verify that the 7.4.130.0 controller software is installed on your controller, click Monitor on the controller GUI and look at the Software Version field under Controller Summary. detailed in the “Upgrading to Controller Software Release 7.4.130.0” section.
This section describes the interoperability of the version of controller software with other client devices.
Table 3 describes the configuration used for testing the clients.
Open, WEP, PSK (WPA and WPA2), 802.1X (WPA-TKIP and WPA2-AES) (LEAP, PEAP, EAP-FAST, EAP-TLS) |
|
Connectivity, traffic, and roaming between two access points |
Table 4 lists the client types on which the tests were conducted. The clients included laptops, handheld devices, phones, and printers.
This section lists the features that are not supported in the following platforms:
Note The features that are not supported on Cisco WiSM2 and Cisco 5500 Series Controllers are also not supported on Cisco 2500 Series Controllers.
Note Directly connected APs are supported only in Local mode.
Note You can replicate this functionality on a 5500 series controller by creating an open WLAN using an ACL.
Note For Cisco 7500 Series controllers, it is not necessary to configure an AP-manager interface. The management interface acts like an AP-manager interface by default, and the access points can join on this interface.
Note IPv6 client bridging and Router Advertisement Guard are supported.
Note An AP associated with the controller in local mode should be converted to FlexConnect mode or Monitor mode, either manually or by enabling the autoconvert feature. On the Flex 7500 controller CLI, enable the autoconvert feature by entering the config ap autoconvert enable command.
Note FlexConnect local switched multicast traffic is bridged transparently for both wired and wireless on the same VLAN. FlexConnect access points do not limit traffic that is based on IGMP or MLD snooping.
Note FlexConnect local switched multicast traffic is bridged transparently for both wired and wireless on the same VLAN. FlexConnect access points do not limit traffic that is based on IGMP or MLD snooping.
Note Outdoor AP in FlexConnect mode is supported.
The following sections lists Open Caveats and Resolved Caveats for Cisco controllers and lightweight access points for version 7.4.130.0. For your convenience in locating caveats in Cisco’s Bug Toolkit, the caveat titles listed in this section are drawn directly from the Bug Toolkit database. These caveat titles are not intended to be read as complete sentences because the title field length is limited. In the caveat titles, some truncation of wording or punctuation might be necessary to provide the most complete and concise description. The only modifications made to these titles are as follows:
If you need information about a specific caveat that does not appear in these release notes, you can use the Cisco Bug Toolkit to find caveats of any severity. Click this URL to browse to the Bug Toolkit:
https://tools.cisco.com/bugsearch/
Note If you request a defect that cannot be displayed, the defect number might not exist, the defect might not yet have a customer-visible description, or the defect might be marked Cisco Confidential.
Table 5 lists the open caveats in this release.
Table 6 lists the caveats that are resolved in this release.
This section contains important information to keep in mind when installing controllers and access points.
Warning This warning means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents. Use the statement number provided at the end of each warning to locate its translation in the translated safety warnings that accompanied this device. Statement 1071
Warning Only trained and qualified personnel should be allowed to install, replace, or service this equipment. Statement 1030
Warning Do not locate the antenna near overhead power lines or other electric light or power circuits, or where it can come into contact with such circuits. When installing the antenna, take extreme care not to come into contact with such circuits, as they may cause serious injury or death. For proper installation and grounding of the antenna, please refer to national and local codes (e.g. U.S.: NFPA 70, National Electrical Code, Article 810, Canada: Canadian Electrical Code, Section 54). Statement 280
Warning This product relies on the building’s installation for short-circuit (overcurrent) protection. Ensure that a fuse or circuit breaker no larger than 120 VAC, 15A U.S. (240 VAC, 10A international) is used on the phase conductors (all current-carrying conductors). Statement 13
Warning This equipment must be grounded. Never defeat the ground conductor or operate the equipment in the absence of a suitably installed ground connector. Contact the appropriate electrical inspection authority or an electrician if you are uncertain that suitable grounding is available. Statement 1024
Warning Read the installation instructions before you connect the system to its power source. Statement 10
Warning Do not work on the system or connect or disconnect any cables (Ethernet, cable, or power) during periods of lightning activity. The possibility of serious physical injury exists if lightning should strike and travel through those cables. In addition, the equipment could be damaged by the higher levels of static electricity present in the atmosphere. Statement 276
Warning Do not operate the unit near unshielded blasting caps or in an explosive environment unless the device has been modified to be especially qualified for such use. Statement 364
Warning In order to comply with radio frequency (RF) exposure limits, the antennas for this product should be positioned no less than 6.56 ft. (2 m) from your body or nearby persons. Statement 339
Warning This unit is intended for installation in restricted access areas. A restricted access area can be accessed only through the use of a special tool, lock and key, or other means of security. Statement 1017
Follow the guidelines in this section to ensure proper operation and safe use of the controllers and access points.
FCC Compliance with its action in ET Docket 96-8, has adopted a safety standard for human exposure to RF electromagnetic energy emitted by FCC-certified equipment. When used with approved Cisco Aironet antennas, Cisco Aironet products meet the uncontrolled environmental limits found in OET-65 and ANSI C95.1, 1991. Proper operation of this radio device according to the instructions in this publication results in user exposure substantially below the FCC recommended limits.
For your safety, and to help you achieve a good installation, read and follow these safety precautions. They might save your life!
1. If you are installing an antenna for the first time, for your own safety as well as others, seek professional assistance. Your Cisco sales representative can explain which mounting method to use for the size and type of antenna you are about to install.
2. Select your installation site with safety as well as performance in mind. Electric power lines and phone lines look alike. For your safety, assume that any overhead line can kill you.
3. Call your electric power company. Tell them your plans and ask them to come look at your proposed installation. This is a small inconvenience considering your life is at stake.
4. Plan your installation carefully and completely before you begin. Successfully raising a mast or tower is largely a matter of coordination. Each person should be assigned to a specific task and should know what to do and when to do it. One person should be in charge of the operation to issue instructions and watch for signs of trouble.
5. When installing an antenna, remember:
b. Do not work on a wet or windy day.
c. Do dress properly—shoes with rubber soles and heels, rubber gloves, long-sleeved shirt or jacket.
6. If the assembly starts to drop, get away from it and let it fall. Remember that the antenna, mast, cable, and metal guy wires are all excellent conductors of electrical current. Even the slightest touch of any of these parts to a power line completes an electrical path through the antenna and the installer: you!
7. If any part of an antenna system should come in contact with a power line, do not touch it or try to remove it yourself. Call your local power company. They will remove it safely.
8. If an accident should occur with the power lines, call for qualified emergency help immediately.
See the appropriate quick start guide or hardware installation guide for instructions on installing controllers and access points.
Note To meet regulatory restrictions, all external antenna configurations must be installed by experts.
Personnel installing the controllers and access points must understand wireless techniques and grounding methods. Access points with internal antennas can be installed by an experienced IT professional.
The controller must be installed by a network administrator or qualified IT professional, and the proper country code must be selected. Following installation, access to the controller should be password protected by the installer to maintain compliance with regulatory requirements and ensure proper unit functionality.
For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at this URL:
http://www.cisco.com/c/en/us/support/index.html
Click Product Support > Wireless. Then choose your product and Troubleshooting to find information on the problem you are experiencing.
For additional information about the Cisco controllers and lightweight access points, see these documents:
You can access these documents at this URL: http://www.cisco.com/c/en/us/support/index.html
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation at: http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html
Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.