Guest

Cisco 2000 Series Wireless LAN Controllers

Field Notice: FN - 62561 - Wireless Lan Controller (WLC) Fails to Decrypt Lightweight Access Point Protocol (LWAPP) Control Traffic - Requires Upgrade


Revised November 10, 2006

October 31, 2006

NOTICE:

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.


Products Affected

Products Affected

WISM - WS-SVC-WLAN-K9

AIRINFR - AIR-WLC4402-25-K9

AIRINFR - AIR-WLC4402-50-K9

AIRINFR - AIR-WLC4404-100-K9

AIRINFR - WS-C3750G-24WS-S25

AIRINFR - WS-C3750G-24WS-S50

WLC-2006 - AIR-WLC2006-K9

AIRINFR - AIR-WLC4404-100-K9

AIRINFR4402 - AIR-WLC4402-12-K9

AIRINFR4402 - AIR-WLC4402-25-K9

AIRINFR4402 - AIR-WLC4402-50-K9

Problem Description

Cisco Aironet 1000 series access points may disconnect from the controller because the controller fails to decrypt LWAPP control traffic. All access points may disconnect from the controller every 120 hours if the default access point heartbeat value of 30 seconds is configured.

This problem pertains to some controllers whose management interface uses Cisco Organizational Unique Identifier (OUI).

You can use the show interface detailed management Command Line Interface (CLI) command to determine the MAC address of the management interface. If the first three bytes of the MAC address are not 00-0b-85, the controller uses the Cisco OUI. See the Background section below for the sample command output.

The AP disconnect issue applies to all Wireless LAN Controller (WLC) software up to 4.0(179.8) and 3.2(171.5).

Background

The problem applies to AP1000s and all WLCs whose Management interface uses Cisco OUI. Issue the show interface detailed management command to obtain the MAC address of the Management interface.

Example:

#show interface
BVI1 is up, line protocol is up
Hardware is BVI, address is 000e.3817.2d10 (bia 0040.96a0.bea2)
Internet address is 10.95.42.151/27

If the first three bytes of the MAC address are not 00-0b-85, the WLC uses Cisco OUI.

The AP 1000 using the affected software will only recognize the old key size used by the Airspace controllers.

Problem Symptoms

LWAPP APs disconnect from a WLC.

Workaround/Solution

Workaround:

None

Solution:

Upgrade to WLC software version 4.0.179.11 or higher.

Then select the appropriate 4.0.179.11 for your platform using the Cisco 4400 Series Wireless LAN Controller software download link (registered customers only) .

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

DDTS

Description

CSCsg22555 (registered customers only)

LWAPP APs disconnect after 120 hours because of decryption fail

Revision History

Revision

Date

Comment

1.1

10-NOV-2006

Modified title and clarified content in several sections.

1.0

31-OCT-2006

Initial Public Release

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.