Special Notes for Licensed Data Payload Encryption on Cisco Wireless Controllers

Available Languages

Download Options

  • PDF     (252.8 KB)
    View with Adobe Reader on a variety of devices
Updated:September 6, 2016

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Table of Contents

Special Notes for Licensed Data Payload Encryption on Cisco Wireless Controllers

Important Note for Customers in Russia

Downloading and Installing a DTLS License for an LDPE Cisco WLC

Upgrading from an LDPE to a Non-LDPE Cisco WLC

Obtaining Documentation and Submitting a Service Request

Special Notes for Licensed Data Payload Encryption on Cisco Wireless Controllers

First Published: September 6, 2016

 

Datagram Transport Layer Security (DTLS) is required for all Cisco 600 Series OfficeExtend Access Point deployments to encrypt data plane traffic between the APs and the Cisco WLC. You can purchase Cisco Wireless Controllers with either DTLS that is enabled (non-LDPE) or disabled (LDPE). If DTLS is disabled, you must install a DTLS license to enable DTLS encryption. The DTLS license is available for download on Cisco.com.

Important Note for Customers in Russia

If you plan to install a Cisco Wireless Controller in Russia, you must get a Paper PAK, and not download the license from Cisco.com. The DTLS Paper PAK license is for customers who purchase a Cisco WLC with DTLS that is disabled due to import restrictions, but have authorization from local regulators to add DTLS support after the initial purchase. Refer to your local government regulations to ensure that DTLS encryption is permitted.

Note Paper PAKs and electronic licenses that are available are outlined in the respective Cisco WLC platform data sheets.

Downloading and Installing a DTLS License for an LDPE Cisco WLC

Step 1 To download the Cisco DTLS license:

a. Browse to https://tools.cisco.com/SWIFT/LicensingUI/Home.

b. From the Product License Registration page from the Get Other Licenses drop-down list, click IPS, Crypto, Other....

c. In the Wireless section, click Cisco Wireless Controllers (2500/5500/7500/WiSM2) DTLS License and click Next.

d. Follow the on-screen instructions to generate the license file. The license file information will be sent to you in an e-mail.

Step 2 Copy the license file to your TFTP server.

Step 3 Install the DTLS license either by using the Cisco WLC web GUI interface or the CLI:

    • To install the license using the WLC web GUI, choose:

Management > Software Activation > Commands > Action : Install License

    • To install the license using the CLI, enter this command:

license install tftp ://ipaddress /path /extracted-file

After the installation of the DTLS license, reboot the system. Ensure that the DTLS license that is installed is active.

 

Upgrading from an LDPE to a Non-LDPE Cisco WLC

Step 1 Download the non-LDPE software release:

a. Browse to http://www.cisco.com/cisco/software/navigator.html?mdfid=282585015&i=rm.

b. Choose the Cisco WLC model.

c. Click Wireless LAN Controller Software.

d. In the left navigation pane, click the software release number for which you want to install the non-LDPE software.

e. Choose the non-LDPE software release: AIR-X-K9-X-X.X.aes

f. Click Download.

g. Read the Cisco End User Software License Agreement and then click Agree.

h. Save the file to your hard drive.

Step 2 Copy the Cisco WLC software file ( filename.aes) to the default directory on your TFTP, FTP, or SFTP server.

Step 3 (Optional) Disable the Cisco WLC 802.11a/n and 802.11b/g/n networks.

Note For busy networks, Cisco WLCs on high utilization, and small Cisco WLC platforms, we recommend that you disable the 802.11a/n and 802.11b/g/n networks as a precautionary measure.

Step 4 Disable the WLANs on the Cisco WLC.

Step 5 Choose Commands > Download File to open the Download File to Controller page.

Step 6 From the File Type drop-down list, choose Code.

Step 7 From the Transfer Mode drop-down list, choose TFTP, FTP, or SFTP.

Step 8 In the IP Address text box, enter the IP address of the TFTP, FTP, or SFTP server.

Step 9 If you are using a TFTP server, the default value of 10 retries for the Maximum Retries text field, and 6 seconds for the Timeout text field should work correctly without any adjustment. However, you can change these values, if desired. To do so, enter the maximum number of times that the TFTP server attempts to download the software in the Maximum Retries text box and the amount of time (in seconds) for which the TFTP server attempts to download the software, in the Timeout text box.

Step 10 In the File Path text box, enter the directory path of the software.

Step 11 In the File Name text box, enter the name of the software file ( filename.aes).

Step 12 If you are using an FTP server, perform these steps:

a. In the Server Login Username text box, enter the username with which to log on to the FTP server.

b. In the Server Login Password text box, enter the password with which to log on to the FTP server.

c. In the Server Port Number text box, enter the port number on the FTP server through which the download occurs. The default value is 21.

Step 13 Click Download to download the software to the Cisco WLC.

A message is displayed indicating the status of the download.

Note In Release 8.3.102.0, for Cisco 2504 WLC, Cisco 5508 WLC, and Cisco WiSM2, the Cisco WLC software image is split into two images: the Base Install image and the Supplementary AP Bundle image. Therefore, to upgrade to Release 8.3.102.0, repeat Step 2 through Step 14 to complete the installation of both the Base Install image and the Supplementary AP Bundle image.

Download the Supplementary AP Bundle image only if you are using any of these APs: AP802, Cisco Aironet 1550 Series AP (with 64-MB memory), Cisco Aironet 1550 Series AP (with 128-MB memory), and/or Cisco Aironet 1570 Series APs.

For more information, see the Release Notes for Cisco Wireless Controllers and Lightweight Access Points for Cisco Wireless Release 8.3.102.0 at http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn83.html.

Note Ensure that you choose the File Type as Code for both the images.

Step 14 After the download is complete, click Reboot.

Step 15 If you are prompted to save your changes, click Save and Reboot.

Step 16 Click OK to confirm your decision to reboot the Cisco WLC.

Step 17 Re-enable the WLANs.

Step 18 For Cisco WiSM2 on the Catalyst switch, check the port channel and re-enable the port channel if necessary.

Step 19 If you have disabled the 802.11a/n and 802.11b/g/n networks in Step 3, re-enable them.

Step 20 To verify that the Cisco WLC software is installed on your Cisco WLC, click Monitor on the Cisco WLC GUI and view the Software Version field under Controller Summary.

 

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation at: http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html.

Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.

 

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2016 Cisco Systems, Inc. All rights reserved.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products