User's Manual

ManualsBrandsCisco Systems ManualsNetwork CardCisco Systems Release 3.2.171.6 OL-11567-02

Corporate Headquarters:

Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA

Release Notes for Cisco Wireless LAN

Controllers and Lightweight Access Points for

Release 3.2.171.6

October 13, 2006

These release notes describe open and resolved caveats for operating system release 3.2.171.6 for Cisco

2000, 4100, and 4400 Series Wireless LAN Controllers; Cisco Wireless Services Modules (WiSM);

Cisco Wireless LAN Controller Network Modules; and Cisco Aironet 1000, 1130, 1200, 1240, and 1500

Series Lightweight Access Points, which comprise part of the Cisco Unified Wireless Network (Cisco

UWN) Solution.

Note Unless otherwise noted, all of the Cisco wireless LAN controllers are hereafter referred to as controllers,

and all of the Cisco lightweight access points are hereafter referred to as access points.

Contents

These release notes contain the following sections:

• Cisco Unified Wireless Network Solution Components, page 2

• Controller Requirements, page 2

• Software Release Information, page 2

• Installation Notes, page 3

• Important Notes, page 6

• Caveats, page 16

• Troubleshooting, page 26

• Related Documentation, page 26

• Obtaining Documentation, page 27

• Documentation Feedback, page 27

Summary of content (32 pages)

PAGE 1
Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 3.2.171.6 October 13, 2006 These release notes describe open and resolved caveats for operating system release 3.2.171.
PAGE 2
Cisco Unified Wireless Network Solution Components • Cisco Product Security Overview, page 28 • Product Alerts and Field Notices, page 29 • Obtaining Technical Assistance, page 29 • Obtaining Additional Publications and Information, page 31 Cisco Unified Wireless Network Solution Components The following components are part of the Cisco UWN Solution and are compatible in this release: • Operating system software release 3.2.171.
PAGE 3
Installation Notes Upgrading to a New Software Release When a controller is upgraded, the code on its associated access points is also automatically upgraded. When an access point is loading code, each of its lights blinks in succession. Caution Do not power down the controller or any access point during this process; otherwise, you might corrupt the software image! Upgrading a controller with a large number of access points can take as long as 30 minutes.
PAGE 4
Installation Notes Warning Do not locate any antenna near overhead power lines or other electric light or power circuits, or where it can come into contact with such circuits. When installing antennas, take extreme care not to come in contact with such circuits, as they may cause serious injury or death. For proper installation and grounding of the antenna, refer to national and local codes (e.g. U.S.: NFPA70, National Electrical Code, Article 810, in Canada: Canadian Electrical Code, Section 54).
PAGE 5
Installation Notes Safety Precautions Each year hundreds of people are killed or injured when attempting to install an antenna. In many of these cases, the victim was aware of the danger of electrocution but did not take adequate steps to avoid the hazard. For your safety, and to help you achieve a good installation, read and follow these safety precautions. They may save your life! 1. If you are installing an antenna for the first time, for your own safety as well as others, seek professional assistance.
PAGE 6
Important Notes Important Notes This section describes important information about the controllers and access points. Service Modules Supported in the Catalyst 6500 Series Switch The Catalyst 6500 Series Switch chassis can support up to five Cisco WiSMs without any other service module installed. If one or more service modules are installed, the chassis can support up to a maximum of four service modules (WiSMs included).
PAGE 7
Important Notes Changing the Default Values of SNMP Community Strings The controller has commonly known default values of “public” and “private” for the read-only and read-write SNMP community strings. Using these standard values presents a security risk. Therefore, Cisco strongly advises that you change these values. Using the GUI to Change the SNMP Community String Default Values Follow these steps to change the SNMP community string default values through the controller GUI.
PAGE 8
Important Notes Step 5 To specify the access level for this community, enter this command, where ro is read-only mode and rw is read/write mode: config snmp community accessmode {ro | rw} name Step 6 To enable or disable this SNMP community, enter this command: config snmp community mode {enable | disable} name Step 7 To save your changes, enter save config. Step 8 Repeat this procedure if you still need to change the default values for a “public” or “private” community string.
PAGE 9
Important Notes Step 3 To create a new SNMP v3 user, enter this command: config snmp v3user create username {ro | rw} {none | hmacmd5 | hmacsha} {none | des} auth_password privacy_password where • username is the SNMP v3 username, • ro is read-only mode and rw is read/write mode, • none, hmacmd5, and hmacsha are the authentication protocol options, • none and des are the privacy protocol options, • auth_password is the authentication password, and • privacy_password is the privacy password.
PAGE 10
Important Notes Heavily Loaded Controller CPU When the controller CPU is heavily loaded (for example, when doing file copies or other tasks), it does not have time to process all of the ACKs that the NPU sends in response to configuration messages. When this happens, the CPU generates error messages. However, the error messages do not impact service or functionality. RADIUS Servers and the Management VLAN The RADIUS server can be on any subnet as long as it can be reached by the management VLAN subnet.
PAGE 11
Important Notes • The 7920 phones and the controllers do not currently use compatible fast roaming mechanisms. The phone uses CCKM while the controllers use proactive key caching (PKC). To minimize roaming latency, static WEP is the recommended security mechanism. • When configuring WEP, there is a difference in nomenclature for the controller and the 7920 phone. Configure the controller for 104 bits when using 128-bit WEP for the 7920.
PAGE 12
Important Notes Management Usernames and Local Netuser Names Management usernames and local netuser names must be unique because they are stored in the same database. That is, you cannot assign the same name to a management user and a local netuser. 802.1x and Microsoft Wireless Configuration Manager Clients using the Microsoft Wireless Configuration Manager and 802.1x must use WLANs configured for 40- or 104-bit key length.
PAGE 13
Important Notes Apple iBook Some Apple operating systems require shared key authentication for WEP. Other releases of the operating system do not work with shared key WEP unless the client saves the key in its key ring. How you should configure your controller is based on the client mix you expect to use. Cisco recommends testing these configurations before deployment.
PAGE 14
Important Notes 2006 Image Not Supported for 3504 Controllers The 2006 controller image is supported for use with only 2000 series controllers. Do not install the 2006 image on a 3504 controller. Otherwise, errors may occur. Install only the 3504 image on a 3504 controller. Running a 3504 Image on a 2000 Series Controller It is possible to run a 3504 controller image on a 2000 series controller, but Cisco Aironet 1130, 1200, and 1240 series access points will not be able to connect to the controller.
PAGE 15
Important Notes redirectUrl = redirectUrl.substring(0,255); document.forms[0].redirect_url.value = redirectUrl; } } document.forms[0].buttonClicked.value = 4; document.forms[0].submit(); } function loadAction(){ var url = window.location.href; var args = new Object(); var query = location.search.substring(1); var pairs = query.split("&"); for(var i=0;i
PAGE 16
Caveats User Name Password

Caveats This section

PAGE 17

Caveats • CSCsc44326—A 4400 series controller running software release 3.1.105.0 may fail to respond to ARP requests for the ap-manager2 interface’s IP address when the ARP request is addressed at the MAC layer to the unicast MAC address of the interface rather than to the broadcast MAC address. As a result, there may be sporadic interruptions in connectivity at ARP refresh time, resulting in the periodic loss of associations for access points associated through the ap-manager2 interface.

PAGE 18

Caveats • CSCse26437—After a communication breakdown occurs between a controller and an access point, the access point does not send a subsequent request to join the controller. • CSCse27890—Access points in REAP mode send deauthentication frames to wireless clients without waiting for a PS poll. • CSCse29193—The controller marks a RADIUS server as dead if a single request is not responded to after five retries and switches to a backup server. • CSCse29686—After you upgrade from software release 3.

PAGE 19

Caveats • CSCse70081—An SNMP trap is required to alert users that either the RADIUS server is not responding to a specific client or that it is not responding at all and a failover is required. • CSCse72853—Access points in REAP mode sometimes fail to act independently from the controller when the controller fails. • CSCse78542—When the AutoRF feature causes the controller to select wrong channels for the country configured, the show ap config 802.

PAGE 20

Caveats • CSCsb07168—The AP1000 802.11a radio experiences a very low receive packet count when the receive RSSI is –75 dBm. Workaround: None at this time. • CSCsb20269—On the WiSM, when the service VLAN is configured as one of the VLANs on a data port, it does not operate correctly. Workaround: Do not configure the service VLAN as one of the VLANs on a data port. • CSCsb34149—Disabling or deleting a wireless LAN on which a large number of clients exists may not result in all clients being deleted.

PAGE 21

Caveats • CSCsc01221—When downstream test data is sent from the wired endpoint to four wireless clients at different priority levels (voice, video, background, and best effort), the Cisco Aironet 1000 series access points crash. Workaround: None for this release. • CSCsc02741—In the bootloader mode, users are unable to exit or return to the main prompt. If users make mistakes while entering values, they cannot quit the step and are unable to go back and change existing values.

PAGE 22

Caveats • CSCsc41313—The Cisco Aironet 1500 Series Lightweight Outdoor Access Points are configured by default to allow old bridges. When this configuration is enabled, the shared secret key set on the controller is not passed to the access points, so a few access points might be running on the old key. If these access points reset or new access points are waiting to join the running network, they may take a very long time to connect to the network or might not join at all.

PAGE 23

Caveats • CSCsd25491—The management IP address of a controller incorrectly sends an ARP request for a client IP address on a WLAN subnet over the wired interface. The ARP request is not answered because the management IP address and the client WLAN are on different subnets. Workaround: None at this time. • CSCsd34555—The PC350 client adapter is unable to pass traffic when the access point is not in protection mode. Workaround: None at this time.

PAGE 24

Caveats • CSCsd83743—Authentication fails if you enter a RADIUS-server key with more than 31 characters on the ACS server and a 4400 series controller. Workaround: Do not enter more than 31 characters for the RADIUS-server key. • CSCsd93784—Setting the Channel/Power Update (RRM) parameter on the WCS does not change the channel or power settings on the controller. Workaround: None at this time. • CSCse02235—Access points occasionally delay the transmission of beacons by 0.1 or 0.2 seconds.

PAGE 25

Caveats • CSCse30514—When an LWAPP-enabled AP1100 or AP1200 first connects to a controller, the secondary controller name on the All APs > Details page in the controller GUI is not blank. The output of the show ap config general command also shows that the secondary controller name is not blank. Workaround: None at this time. • CSCse30696—The controller does not refresh the access point’s IP address correctly when the admin status for that access point is disabled. Workaround: None at this time.

PAGE 26

Troubleshooting If You Need More Information If you need information about a specific caveat that does not appear in these release notes, you can use the Cisco Bug Toolkit to find caveats of any severity. Click this URL to browse to the Bug Toolkit: http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl (If you request a defect that cannot be displayed, the defect number might not exist, the defect might not yet have a customer-visible description, or the defect might be marked Cisco Confidential.

PAGE 27

Obtaining Documentation Obtaining Documentation Cisco documentation and additional literature are available on Cisco.com. This section explains the product documentation resources that Cisco offers. Cisco.com You can access the most current Cisco documentation at this URL: http://www.cisco.com/techsupport You can access the Cisco website at this URL: http://www.cisco.com You can access international Cisco websites at this URL: http://www.cisco.com/public/countries_languages.

PAGE 28

Cisco Product Security Overview Cisco Product Security Overview Cisco provides a free online Security Vulnerability Policy portal at this URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.

PAGE 29

Product Alerts and Field Notices Product Alerts and Field Notices Modifications to or updates about Cisco products are announced in Cisco Product Alerts and Cisco Field Notices. You can receive Cisco Product Alerts and Cisco Field Notices by using the Product Alert Tool on Cisco.com. This tool enables you to create a profile and choose those products for which you want to receive information. To access the Product Alert Tool, you must be a registered Cisco.com user. (To register as a Cisco.

PAGE 30

Obtaining Technical Assistance Tip Displaying and Searching on Cisco.com If you suspect that the browser is not refreshing a web page, force the browser to update the web page by holding down the Ctrl key while pressing F5. To find technical information, narrow your search to look in technical documentation, not the entire Cisco.com website. On the Cisco.com home page, click the Advanced Search link under the Search box and then click the Technical Support & Documentation.radio button.

PAGE 31

Obtaining Additional Publications and Information Severity 3 (S3)—Operational performance of the network is impaired while most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels. Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.

PAGE 32

Obtaining Additional Publications and Information • “What’s New in Cisco Documentation” is an online publication that provides information about the latest documentation releases for Cisco products. Updated monthly, this online publication is organized by product category to direct you quickly to the documentation for your products. You can view the latest release of “What’s New in Cisco Documentation” at this URL: http://www.cisco.com/univercd/cc/td/doc/abtunicd/136957.