Guest

Cisco 2000 Series Wireless LAN Controllers

Field Notice: FN - 62794 - Upgrading a Controller from 3.2.193.5 to 3.2.195.10 Causes Self Signed Certificate to be Unchecked After Upgrade


April 18, 2007

NOTICE:

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.


Products Affected

Product

AIRINFR - AIR-N-WLC2006-K9

AIRINFR - AIR-N-WLC4136-K9

AIRINFR - AIR-N-WLC440212K9

AIRINFR - AIR-N-WLC440225K9

AIRINFR - AIR-N-WLC440250K9

AIRINFR - AIR-N-WLC4404100K9

AIRINFR - AIR-O-WLC4112-K9

AIRINFR - AIR-O-WLC4124-K9

AIRINFR - AIR-O-WLC4136-K9

AIRINFR - AIR-WLC2006-A-K9

AIRINFR - AIR-WLC2006-E-K9

AIRINFR - AIR-WLC2006-J-K9

AIRINFR - AIR-WLC2006-K9

AIRINFR - AIR-WLC4404-100-K9

AIRINFU - WS-SVC-WISM-1-K9

Problem Description

After upgrading from software release 3.2.193.5 to 3.2.195.10, SSC enable becomes disabled and SSC Access Points are no longer joining the controller.

Background

WLAN Controllers upgrading from Software Release 3.2.193.5 to 3.2.195.10 supporting Self Signed Certificate (SSC) Access Points.

Problem Symptoms

SSC Access Points no longer join controllers.

Workaround/Solution

After upgrade if SSC is disabled, re-enable the SSC configuration through the suggested steps below.

Through the Controller Graphical User Interface:

1a. Go to security, access point policies and enable the Accept Self Signed Certificate check box.

Through Controller CLI:

1b. Type config auth-list access point-policy ssc enable .

If the SSC ACCESS POINT entries are lost, then the entries will need to be restored through the suggested steps below.

Through the Controller Graphical User Interface:

1a. Go to security, access point policies and enable the Accept Self Signed Certificate check box.

2a. Type the MAC address of the SSC access point, choose certificate type as ssc, and then type SHA1 Key Hash and then click add.

This needs to be done for all the SSC access points.

Through the Wireless Control Software (WCS):

Here is the procedure to upload the SSC config via WCS Template.

1a. Configure ACCESS POINT Authorization Template > New Template Choose Configure > Controller Templates > Security> ACCESS POINT Authorization

2b. Then from the Select a command drop-down list choose Add Template, and click GO to access this page.

This page enables you to add a new ACCESS POINT Authorization template.

1a .Import From File: Select this check box if you want to import a file containing MAC addresses and Key Hash.

Note: You can only import a .csv file. Any other file formats are not supported.

File Path: The location from where you import the file. Click On Save. And then choose the controllers to which the template should applied to and Save.

Other

Special Note: The CT3500 is not affected from this problem.

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

DDTS

Description

CSCsh91578 (registered customers only)

Self Signed Certificate unchecked after upgrade

Revision History

Revision

Date

Comment

1.0

18-APR-2007

Initial Public Release

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.