Cisco Systems OL-11567-02 User Manual

Note Unless otherwise noted, all of the Cisco wireless LAN controllers are hereafter referred to as controllers,

Contents

Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 3.2.171.6
October 13, 2006
These release notes describe open and resolved caveatsforoperatingsystemrelease3.2.171.6for Cisco 2000, 4100, and 4400 Series Wireless LAN Controllers; Cisco Wireless Services Modules (WiSM); Cisco WirelessLAN Controller Network Modules; and Cisco Aironet 1000, 1130, 1200, 1240, and 1500 Series Lightweight Access Points, which comprise part of the Cisco Unified Wireless Network (Cisco UWN) Solution.
and all of the Cisco lightweight access points are hereafter referred to as access points.
These release notes contain the following sections:
Cisco Unified Wireless Network Solution Components, page 2
Controller Requirements, page 2
Software Release Information, page 2
Installation Notes, page 3
Important Notes, page 6
Caveats, page 16
Troubleshooting, page 26
Related Documentation, page 26
Obtaining Documentation, page 27
Documentation Feedback, page 27
Corporate Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
© 2006 Cisco Systems, Inc. All rights reserved.

Cisco Unified Wireless Network Solution Components

Cisco Product Security Overview, page 28
Product Alerts and Field Notices, page 29
Obtaining Technical Assistance, page 29
Obtaining Additional Publications and Information, page 31
Cisco Unified Wireless Network Solution Components
The following components are part of the Cisco UWN Solution and are compatible in this release:
Operating system software release 3.2.171.6 for all Cisco controllers and lightweight access points
Cisco Wireless Control System (WCS) software release 4.0.81.0 or 4.0.66.0
Location appliance software release 2.1.39.0 or 2.1.34.0
Cisco 2700 Series Location Appliances
Cisco 2000, 4100, and 4400 Series Wireless LAN Controllers
Cisco Wireless Service Module (WiSM) for Cisco Catalyst 6500 Series Switches
Cisco Wireless LAN Controller Network Module for Cisco Integrated Services Routers
Cisco Aironet 1000, 1130, 1200, 1240, and 1500 Lightweight Access Points

Controller Requirements

The controller graphical user interface (GUI) requires the following operating system and web browser:
Windows XP SP1 or higher or Windows 2000 SP4 or higher
Internet Explorer 6.0 SP1 or higher
Note Internet Explorer 6.0 SP1 or higher is the only browser supported for accessing the
controller GUI and for using web authentication.

Software Release Information

Operating system software is factory installed on your controller and automatically downloaded to the access points after a release upgrade and whenever an access point associates to a controller. As new releases become available for the controllers and their associated access points, consider upgrading.
Note The Cisco WiSM requires software release SWISMK9-32 or later.

Finding the Software Release

To find the software release running on your controller, look on the Monitor > Summary page of the controller GUI or enter show sysinfo on the controller command line interface (CLI).
Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 3.2.171.6
2
OL-11567-02

Upgrading to a New Software Release

When a controller is upgraded, the code on its associated access points is also automatically upgraded. When an access point is loading code, each of its lights blinks in succession.
Caution Do not power down the controller or any access point during this process; otherwise, you might corrupt
the software image! Upgrading a controller with a large number of access points can take as long as 30 minutes. The access points must remain powered, and the controller must not be reset during this time.
Cisco recommends the following sequence when performing an upgrade:
1. Upload your controller configuration files to a server to back them up.
2. Turn off the controller 802.11a and 802.11b networks.
3. Upgradeyour controller to the latest software release, following the instructions in the latest version
of the Cisco Wireless LAN Controller Configuration Guide. Click this link to browse to that document:
http://www.cisco.com/en/US/products/ps6366/products_installation_and_configuration_guides_lis t.html
4. Re-enable your 802.11a and 802.11b networks.

Installation Notes

Note Controllers can be upgraded from one release to another. However,should you require a downgrade from
one release to another, you may be unable to use the higher release configuration. The workaround is to reload the previous controller configuration files saved on the backup server or to reconfigure the controller.
Installation Notes
This section contains important information to keep in mind when installing your controllers and access points.

Warnings

Warning
Warning
This warning means danger.Youare in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents.
Only trained and qualified personnel should be allowed to install, replace, or service this equipment.
OL-11567-02
Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 3.2.171.6
3
Installation Notes
Warning
Warning
Warning
Warning
Warning
Do not locate any antenna near overhead power lines or other electric light or power circuits, or where it can come into contact with such circuits. When installing antennas, take extreme care not to come in contact with such circuits, as they may cause serious injury or death. For proper installation and grounding of the antenna, refer to national and local codes (e.g. U.S.: NFPA70, National Electrical Code, Article 810, in Canada: Canadian Electrical Code, Section 54).
Thisproduct relieson the building’sinstallationfor short-circuit (overcurrent) protection. Ensure that the protective device is rated not greater than 120 VAC, 15A U.S. (240vac, 10A International).
This equipment must be grounded. Never defeat the ground conductor or operate the equipment in the absence of a suitably installed ground connector. Contact the appropriate electrical inspection authority or an electrician if you are uncertain that suitable grounding is available.
Read the installation instructions before you connect the system to its power source.
Do not work on the system or disconnect cables during periods of lightning activity.
Warning
Warning
Warning
Do not operate your wireless network near unshielded blasting caps or in an explosive environment unless the device has been modified to be especially qualified for such use.
In order to comply with radio frequency (RF) exposure limits, the antennas for this product should be positioned no less than 6.56 ft (2 m) from your body or nearby persons.
This unit is intended for installation in restricted access areas. A restricted access area can be accessed only through the use of a special tool, lock and key, or other means of security.

Safety Information

Followthe guidelines in this section to ensure proper operation and safe use of the controllers and access points.

FCC Safety Compliance Statement

FCC Compliance with its action in ET Docket 96-8, has adopted a safety standard for human exposure to RF electromagnetic energy emitted by FCC certified equipment. When used with approved Cisco Aironet antennas, Cisco Aironet products meet the uncontrolled environmental limits found in OET-65 and ANSI C95.1, 1991. Proper operation of this radio device according to the instructions in this publication results in user exposure substantially below the FCC recommended limits.
Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 3.2.171.6
4
OL-11567-02

Safety Precautions

Installation Notes
Each year hundreds of people are killed or injured when attempting to install an antenna. In many of these cases, the victim was aware of the danger of electrocution but did not take adequate steps to avoid the hazard.
For your safety, and to help you achieve a good installation, read and follow these safety precautions.
They may save your life!
1. If you are installing an antenna for the first time, for your own safety as well as others, seek
professional assistance. Your Cisco sales representative can explain which mounting method to use for the size and type of antenna you are about to install.
2. Select your installation site with safety as well as performance in mind. Electric power lines and
phone lines look alike. For your safety, assume that any overhead line can kill you.
3. Callyour electric power company. Tell them your plans and ask them to come look at your proposed
installation. This is a small inconvenience considering your life is at stake.
4. Plan your installation carefully and completely before you begin. Successfully raising a mast or
tower is largely a matter of coordination. Each person should be assigned to a specific task and should know what to do and when to do it. One person should be in charge of the operation to issue instructions and watch for signs of trouble.
5. When installing an antenna, remember:
a. Do not use a metal ladder. b. Do not work on a wet or windy day. c. Do dress properly—shoes with rubber soles and heels, rubber gloves, and a long-sleeved shirt
or jacket.
6. If the assembly starts to drop, get away from it and let it fall. Remember that the antenna, mast,
cable, and metal guy wires are all excellent conductors of electrical current. Even the slightest touch of any of these parts to a power line completes an electrical path through the antenna and the installer: you!
7. If any part of an antenna system should come in contact with a power line, do not touch it or try
to remove it yourself. Call your local power company. They will remove it safely.
8. If an accident should occur with the power lines, call for qualified emergency help immediately.

Installation Instructions

Refer to the appropriate Quick Start Guide or Hardware Installation Guide for instructions on installing your controllers and access points.
Note To meet regulatory restrictions, all external antenna configurations must be professionally installed.
Personnel installing the controllers and access points must understand wireless techniques and grounding methods. Access points with internal antennas can be installed by an experienced IT professional.
The controller must be installed by a network administrator or qualified IT professional, and the proper country code must be selected. Following installation, access to the controller should be password protected by the installer to maintain compliance with regulatory requirements and ensure proper unit functionality.
Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 3.2.171.6
OL-11567-02
5

Important Notes

Important Notes
This section describes important information about the controllers and access points.

Service Modules Supported in the Catalyst 6500 Series Switch

The Catalyst 6500 Series Switch chassis can support up to five Cisco WiSMs without any other service module installed. If one or more service modules are installed, the chassis can support up to a maximum of four service modules (WiSMs included).

Access Points Fail to Join Controllers If MTU Setting Is Less Than 1500

When the network path between access points and the controller is configured for an MTU size less than 1500, the controller does not receive join requests from access points in local mode. (MTU settings less than 1500 are common when you use tunneling protocols such as IPsec VPN, GRE, and MPLS.) The access point join request is larger than 1500 bytes, so the request is fragmented. The size of the first fragment is 1500 bytes (including IP and UDP header) and the second fragment is 54 bytes (including IP and UDP header).
Access points in REAP mode are not affected by this limitation, and the problem is resolved in the 4.0 release train because the LWAPPtunnel can reassemble up to 4 fragments. The problem occurs when all four of these conditions exist on your network:
Your controller runs release 3.2 or earlier
Your controller is configured for Layer 3 LWAPP
The network path MTU between the access point and the controller is less than 1500 bytes
The access point is in local access point (LAP) mode (not REAP mode)

Workarounds

Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 3.2.171.6
6
Use one of these workarounds to resolve the problem on your network:
Upgrade to controller software release 4.0 if the controller platform supports it.
Use 1030 series access points in REAP mode for locations reachable through low-MTU paths.
Increase the network path MTU to 1500 bytes.
OL-11567-02

Changing the Default Values of SNMP Community Strings

The controller has commonly known default values of “public” and “private” for the read-only and read-write SNMP community strings. Using these standard values presents a security risk. Therefore, Cisco strongly advises that you change these values.

Using the GUI to Change the SNMP Community String Default Values

Follow these steps to change the SNMP community string default values through the controller GUI.
Step 1 Click Management and then Communities under SNMP. The SNMP v1 / v2c Community page appears. Step 2 If “public” or “private” appears in the Community Name column, click Remove to delete this
community.
Step 3 Click New to create a new community. Step 4 When the SNMP v1 / v2c Community > New page appears, enter a unique name containing up to 16
alphanumeric characters in the Community Name field. Do not enter “public” or “private.”
Step 5 In the remaining fields, enter the IP address from which this device accepts SNMP packets with the
associated community and the IP mask, choose Read Only or Read/Write to specify the access level for this community, and choose Enable or Disable to specify the status of this community.
Step 6 Click Apply to commit your changes. Step 7 Click Save Configuration to save your settings. Step 8 Repeat this procedure if a “public” or “private” community still appears on the SNMP v1 / v2c
Community page.
Important Notes

Using the CLI to Change the SNMP Community String Default Values

Follow these steps to change the SNMP community string default values through the controller CLI.
Step 1 To see the current list of SNMP communities for this controller, enter this command:
show snmp community
Step 2 If “public” or “private” appears in the SNMP Community Name column, enter this command to delete
this community:
config snmp community delete name
The name parameter is the community name (in this case, “public” or “private”).
Step 3 To create a new community, enter this command:
config snmp community create name
Enter up to 16 alphanumeric characters for the name parameter. Do not enter “public” or “private.”
Step 4 To enter the IP address from which this device accepts SNMP packets with the associated community,
enter this command:
config snmp community ipaddr ip_address ip_mask name
OL-11567-02
Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 3.2.171.6
7
Important Notes
Step 5 To specify the access level for this community,enter this command, where ro is read-only mode and rw
is read/write mode: config snmp community accessmode {ro | rw} name
Step 6 To enable or disable this SNMP community, enter this command:
config snmp community mode {enable | disable} name
Step 7 To save your changes, enter save config. Step 8 Repeat this procedure if you still need to change the default values for a “public” or “private”community
string.

Changing the Default Values for SNMP v3 Users

The controller uses a default value of “default” for the username, authentication password, and privacy password for SNMP v3 users. Using these standard values presents a security risk. Therefore, Cisco strongly advises that you change these values.

Using the GUI to Change the SNMP v3 User Default Values

Follow these steps to change the SNMP v3 user default values through the controller GUI.
Step 1 Click Management and then SNMP V3 Users under SNMP. Step 2 If “default” appears in the User Name column, click Remove to delete this SNMP v3 user. Step 3 Click New to add a new SNMP v3 user. Step 4 When the SNMP V3 Users > New page appears, enter a unique name in the User Profile Name field. Do
not enter “default.”
Step 5 In the remaining fields, choose ReadOnly or Read Write to specify the access level for this user,choose
the authentication and privacy protocols to be used, and enter a password for each.
Step 6 Click Apply to commit your changes. Step 7 Click Save Configuration to save your settings.

Using the CLI to Change the SNMP v3 User Default Values

Follow these steps to change the SNMP v3 user default values through the controller CLI.
Step 1 To see the current list of SNMP v3 users for this controller, enter this command:
show snmpv3user
Step 2 If “default” appears in the SNMP v3 User Name column, enter this command to delete this user:
config snmp v3user delete username
The username parameter is the SNMP v3 username (in this case, “default”).
Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 3.2.171.6
8
OL-11567-02
Step 3 To create a new SNMP v3 user, enter this command:
Step 4 To save your changes, enter save config.

FIPS 140-2

Important Notes
config snmp v3user create username {ro | rw} {none | hmacmd5 | hmacsha} {none | des} auth_password privacy_password
where
username is the SNMP v3 username,
ro is read-only mode and rw is read/write mode,
none, hmacmd5, and hmacsha are the authentication protocol options,
none and des are the privacy protocol options,
auth_password is the authentication password, and
privacy_password is the privacy password.
Do not enter “default” for the username and password parameters.
The Cisco 4400 Series Controllers are on the NIST FIPS 140-2 Pre-Validation List.

Controllers Must Run Release 3.2.116.21 or Later to Support -P Regulatory Domain

To support access points configuredfor use in Japan, you must upgrade the controller software to release
3.2.116.21 or later. Earlier releases do not support access points configured for use in Japan (regulatory domain -P).

Voice WLAN Configuration

Cisco recommends that load balancing always be turned off in any wireless LAN that is supporting voice, regardless of vendor.When load balancing is turned on, voice clients can hear an audible artifact when roaming, and the handset is refused at its first reassociation attempt.

Inter-Subnet Roaming

Currently, multicast traffic cannot be passed during inter-subnet roaming.

Operating Mesh Networks Through Switches and Routers

In mesh networks that operate through low-speed switches and routers, access points can disconnect from the controller, causing the controller to generate alerts.
Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 3.2.171.6
OL-11567-02
9
Important Notes

Heavily Loaded Controller CPU

When the controller CPU is heavily loaded (for example, when doing file copies or other tasks), it does not have time to process all of the ACKs that the NPU sends in response to configuration messages. When this happens, the CPU generates error messages. However, the error messages do not impact service or functionality.

RADIUS Servers and the Management VLAN

The RADIUS server can be on any subnet as long as it can be reached by the management VLAN subnet. The controllers can be managed via the management VLAN subnet from any other subnet that can reach
the management VLAN subnet.

Cisco 7920 Wireless IP Phone Support

When using Cisco 7920 Wireless IP Phones with controllers, make sure that the phones and controllers are configured as follows:
Aggressive load balancing must be disabled on a per-controller basis. Otherwise, the initial roam
attempt by the phone may fail, causing a disruption in the audio path.
The QoS Basis Service Set (QBSS) information element (IE) must be enabled. The QBSS IE enables
the access points to communicate their channel usage to wireless devices. Because access points with high channel usage might not be able to handle real-time trafficeffectively, the 7920 phone uses the QBSS value to determine if it should associate with another access point. Use the following commands to enable the QBSS IE:
sh wlan summary
10
Note Use this command to determine the WLAN ID number of the WLAN to which you want
to add QBSS support.
config wlan disable wlan_id_number
config wlan 7920-support ap-cac-limit enable wlan_id_number
config wlan enable wlan_id_number
sh wlan wlan_id_number
Note Use this command to verify that the WLAN is enabled and the Dot11-Phone Mode
(7920) field is configured for compat mode.
save config
The Dynamic Transmit Power Control (DTPC) information element (IE) must be enabled using the
config 802.11a dtpc enable command. The DTPC IE is a beacon and probe information element that allows the access point to broadcast information on its transmit power. The Cisco 7920 Wireless IP Phone uses this information to automatically adjust its transmit power to the same level as the access point to which it is associated. In this manner, both devices are transmitting at the same level.
Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 3.2.171.6
OL-11567-02
Loading...
+ 22 hidden pages