Special Notes for Licensed Data Payload Encryption on Cisco Wireless Controllers
Important Note for Customers in Russia
Downloading and Installing a DTLS License for an LDPE Cisco WLC
Upgrading from an LDPE to a Non-LDPE Cisco WLC
Obtaining Documentation and Submitting a Service Request
First Published: September 6, 2016
Datagram Transport Layer Security (DTLS) is required for all Cisco 600 Series OfficeExtend Access Point deployments to encrypt data plane traffic between the APs and the Cisco WLC. You can purchase Cisco Wireless Controllers with either DTLS that is enabled (non-LDPE) or disabled (LDPE). If DTLS is disabled, you must install a DTLS license to enable DTLS encryption. The DTLS license is available for download on Cisco.com.
If you plan to install a Cisco Wireless Controller in Russia, you must get a Paper PAK, and not download the license from Cisco.com. The DTLS Paper PAK license is for customers who purchase a Cisco WLC with DTLS that is disabled due to import restrictions, but have authorization from local regulators to add DTLS support after the initial purchase. Refer to your local government regulations to ensure that DTLS encryption is permitted.
Note Paper PAKs and electronic licenses that are available are outlined in the respective Cisco WLC platform data sheets.
Step 1 To download the Cisco DTLS license:
a. Browse to https://tools.cisco.com/SWIFT/LicensingUI/Home.
b. From the Product License Registration page from the Get Other Licenses drop-down list, click IPS, Crypto, Other....
c. In the Wireless section, click Cisco Wireless Controllers (2500/5500/7500/WiSM2) DTLS License and click Next.
d. Follow the on-screen instructions to generate the license file. The license file information will be sent to you in an e-mail.
Step 2 Copy the license file to your TFTP server.
Step 3 Install the DTLS license either by using the Cisco WLC web GUI interface or the CLI:
Management > Software Activation > Commands > Action : Install License
license install tftp ://ipaddress /path /extracted-file
After the installation of the DTLS license, reboot the system. Ensure that the DTLS license that is installed is active.
Step 1 Download the non-LDPE software release:
a. Browse to http://www.cisco.com/cisco/software/navigator.html?mdfid=282585015&i=rm.
b. Choose the Cisco WLC model.
c. Click Wireless LAN Controller Software.
d. In the left navigation pane, click the software release number for which you want to install the non-LDPE software.
e. Choose the non-LDPE software release: AIR-X-K9-X-X.X.aes
g. Read the Cisco End User Software License Agreement and then click Agree.
h. Save the file to your hard drive.
Step 2 Copy the Cisco WLC software file ( filename.aes) to the default directory on your TFTP, FTP, or SFTP server.
Step 3 (Optional) Disable the Cisco WLC 802.11a/n and 802.11b/g/n networks.
Note For busy networks, Cisco WLCs on high utilization, and small Cisco WLC platforms, we recommend that you disable the 802.11a/n and 802.11b/g/n networks as a precautionary measure.
Step 4 Disable the WLANs on the Cisco WLC.
Step 5 Choose Commands > Download File to open the Download File to Controller page.
Step 6 From the File Type drop-down list, choose Code.
Step 7 From the Transfer Mode drop-down list, choose TFTP, FTP, or SFTP.
Step 8 In the IP Address text box, enter the IP address of the TFTP, FTP, or SFTP server.
Step 9 If you are using a TFTP server, the default value of 10 retries for the Maximum Retries text field, and 6 seconds for the Timeout text field should work correctly without any adjustment. However, you can change these values, if desired. To do so, enter the maximum number of times that the TFTP server attempts to download the software in the Maximum Retries text box and the amount of time (in seconds) for which the TFTP server attempts to download the software, in the Timeout text box.
Step 10 In the File Path text box, enter the directory path of the software.
Step 11 In the File Name text box, enter the name of the software file ( filename.aes).
Step 12 If you are using an FTP server, perform these steps:
a. In the Server Login Username text box, enter the username with which to log on to the FTP server.
b. In the Server Login Password text box, enter the password with which to log on to the FTP server.
c. In the Server Port Number text box, enter the port number on the FTP server through which the download occurs. The default value is 21.
Step 13 Click Download to download the software to the Cisco WLC.
A message is displayed indicating the status of the download.
Note In Release 8.3.102.0, for Cisco 2504 WLC, Cisco 5508 WLC, and Cisco WiSM2, the Cisco WLC software image is split into two images: the Base Install image and the Supplementary AP Bundle image. Therefore, to upgrade to Release 8.3.102.0, repeat Step 2 through Step 14 to complete the installation of both the Base Install image and the Supplementary AP Bundle image.
Download the Supplementary AP Bundle image only if you are using any of these APs: AP802, Cisco Aironet 1550 Series AP (with 64-MB memory), Cisco Aironet 1550 Series AP (with 128-MB memory), and/or Cisco Aironet 1570 Series APs.
For more information, see the Release Notes for Cisco Wireless Controllers and Lightweight Access Points for Cisco Wireless Release 8.3.102.0 at http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn83.html.
Note Ensure that you choose the File Type as Code for both the images.
Step 14 After the download is complete, click Reboot.
Step 15 If you are prompted to save your changes, click Save and Reboot.
Step 16 Click OK to confirm your decision to reboot the Cisco WLC.
Step 18 For Cisco WiSM2 on the Catalyst switch, check the port channel and re-enable the port channel if necessary.
Step 19 If you have disabled the 802.11a/n and 802.11b/g/n networks in Step 3, re-enable them.
Step 20 To verify that the Cisco WLC software is installed on your Cisco WLC, click Monitor on the Cisco WLC GUI and view the Software Version field under Controller Summary.
For information on obtaining documentation, submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation at: http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html.
Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.