Release Notes for Cisco Wireless LAN Controller and Cisco Lightweight Access Point for Release 184.108.40.206
November 13, 2005
These release notes describe open caveats for Release 220.127.116.11 Cisco 2000 Series Wireless LAN Controllers, Cisco 4100 Series Wireless LAN Controllers, Cisco 4400 Series Wireless LAN Controllers, Cisco Aironet 1000 series lightweight access points, Cisco Aironet 1130 series lightweight access points, Cisco Aironet 1200 series lightweight access points, Cisco Aironet 1240 series lightweight access points, and Cisco Aironet 1500 series lightweight outdoor access points which comprise part of the Cisco Unified Wireless Network Solution (Cisco UWN).
The Cisco 2000 Series Wireless LAN Controllers, Cisco 4100 Series Wireless LAN Controllers, and Cisco 4400 Series Wireless LAN Controllers are hereafter collectively referred to as Wireless LAN Controllers, and the access points are hereafter collectively referred to as Cisco lightweight access points.
These release notes contain the following sections.
The following components are part of the Cisco Unified Wireless Network Solution (Cisco UWN):
Operating System (Wireless LAN Controller and Cisco Lightweight Access Point) software 18.104.22.168
Cisco Wireless Control System (Cisco WCS)
Cisco 2700 Series location appliances
Cisco 2000 Series Wireless LAN Controllers
Cisco 4100 Series Wireless LAN Controllers
Cisco 4400 Series Wireless LAN Controllers
Cisco Aironet 1000 series lightweight access points
Cisco Aironet 1130 series lightweight access points
Cisco Aironet 1200 series lightweight access points
Cisco Aironet 1240 series lightweight access points
Cisco Aironet 1500 series lightweight outdoor access points
Requirements for Cisco UWN Components
Requirements for Web User Interface - Windows XP SP1 or Windows 2000 SP4 running Internet Explorer 6.0.2800.1106.xpsp2.130422-1633 or higher. You also need to load patch KB831167 found at the following location:
There are known issues with Opera, Mozilla and Netscape; these are unsupported.
Requirements for Web Browser when using Web Authentication - Internet Explorer 6.0 with SP1 or Netscape 7.2. There are known issues with Opera.
Software Release Information
Release 22.214.171.124 is factory installed on your Wireless LAN Controller and automatically downloaded to the Cisco lightweight access points after a release upgrade and whenever a Cisco lightweight access point associates with a Wireless LAN Controller. As new releases become available for the Wireless LAN Controllers and their associated Cisco lightweight access points, consider upgrading.
Finding the Software Release
To find the software release running on your Wireless LAN Controller, refer to the instructions in the Cisco Wireless LAN Solution Product Guide.
Upgrading to a New Software Release
For instructions on installing a new software release, refer to the instructions in the Cisco Wireless LAN Solution Product Guide.
The following new features are available in the Wireless LAN Controller 126.96.36.199 release:
Enhanced support for the Cisco Wireless IP Phone 7920
Enhanced integration with Cisco Secure ACS
Location services enhancements
Regulatory domain updates
New hardware platform support: Cisco Aironet 1130 series lightweight access points, Cisco Aironet 1200 series lightweight access points, Cisco Aironet 1240 series lightweight access points, and Cisco Aironet 1500 series lightweight outdoor access points
For more information, refer to the following location:
This section contains important information to keep in mind when installing your Wireless LAN Controllers and Cisco lightweight access points.
Warning This warning means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents.
Warning Only trained and qualified personnel should be allowed to install, replace, or service this equipment.
Warning Do not locate any antenna near overhead power lines or other electric light or power circuits, or where it can come into contact with such circuits. When installing antennas, take extreme care not to come in contact with such circuits, as they may cause serious injury or death. For proper installation and grounding of the antenna, refer to national and local codes (e.g. U.S.: NFPA70, National Electrical Code, Article 810, in Canada: Canadian Electrical Code, Section 54).
Warning This product relies on the building’s installation for short-circuit (overcurrent) protection. Ensure that the protective device is rated not greater than: 120 VAC, 15A U.S. (240vac, 10A International)
Warning This equipment must be grounded. Never defeat the ground conductor or operate the equipment in the absence of a suitably installed ground connector. Contact the appropriate electrical inspection authority or an electrician if you are uncertain that suitable grounding is available.
Warning Read the installation instructions before you connect the system to its power source.
Warning Do not work on the system or disconnect cables during periods of lightning activity.
Warning Do not operate your wireless network near unshielded blasting caps or in an explosive environment unless the device has been modified to be especially qualified for such use.
Warning In order to comply with radio frequency (RF) exposure limits, the antennas for this product should be positioned no less than 6.56 ft. (2 m) from your body or nearby persons.
Warning This unit is intended for installation in restricted access areas. A restricted access area can be accessed only through the use of a special tool, lock and key, or other means of security.
Follow the guidelines in this section to ensure proper operation and safe use of the Wireless LAN Controllers and Cisco lightweight access points.
FCC Safety Compliance Statement
FCC Compliance with its action in ET Docket 96-8, has adopted a safety standard for human exposure to RF electromagnetic energy emitted by FCC-certified eqipment. When used with approved Cisco Aironet antennas, Cisco Aironet products meet the uncontrolled environmental limits found in OET-65 and ANSI C95.1, 1991. Proper operation of this radio device according to the instructions in this publication results in user exposure substantially below the FCC recommended limits.
Warning Do not locate any antenna near overhead power lines or other electric light or power circuits, or where it can come into contact with such circuits. When installing an antenna, take extreme care not to come into contact with such circuits, as they may cause serious injury or death. For proper installation and grounding of the antenna, refer to national and local codes (e.g. U.S.:NFPA 70, National Electrical Code, Article 810, in Canada: Canadian Electrical Code, Section 54).
Each year hundreds of people are killed or injured when attempting to install an antenna. In many of these cases, the victim was aware of the danger of electrocution, but did not take adequate steps to avoid the hazard.
For your safety, and to help you achieve a good installation, read and follow these safety precautions. They may save your life!
1. If you are installing an antenna for the first time, for your own safety as well as others, seek professional assistance. Your Cisco sales representative can explain which mounting method to use for the size and type antenna you are about to install.
2. Select your installation site with safety, as well as performance in mind. Remember: electric power lines and phone lines look alike. For your safety, assume that any overhead line can kill you.
3. Call your electric power company. Tell them your plans and ask them to come look at your proposed installation. This is a small inconvenience considering your life is at stake.
4. Plan your installation carefully and completely before you begin. Successfully raising a mast or tower is largely a matter of coordination. Each person should be assigned to a specific task, and should know what to do and when to do it. One person should be in charge of the operation to issue instructions and watch for signs of trouble.
5. When installing an antenna, remember:
a. Do not use a metal ladder.
b. Do not work on a wet or windy day.
c. Do dress properly—shoes with rubber soles and heels, rubber gloves, long sleeved shirt or jacket.
6. If the assembly starts to drop, get away from it and let it fall. Remember, the antenna, mast, cable, and metal guy wires are all excellent conductors of electrical current. Even the slightest touch of any of these parts to a power line complete an electrical path through the antenna and the installer: you!
7. If any part of an antenna system should come in contact with a power line, do not touch it or try to remove it yourself. Call your local power company. They will remove it safely.
8. If an accident should occur with the power lines call for qualified emergency help immediately.
Cisco Lightweight Access Point Installation
Refer to the appropriate quick start guide or installation and configuration guide for instructions on how to install your Wireless LAN Controllers and Cisco lightweight access points.
Note To meet regulatory restrictions, all external antenna configurations must be professionally installed.
Personnel installing the Wireless LAN Controllers and Cisco lightweight access points must understand wireless techniques and grounding methods. The internal-antenna Cisco lightweight access points can be installed by an experienced IT professional.
This section describes important information about the Wireless LAN Controllers and Cisco lightweight access points.
Important Regulatory Notice
The Wireless LAN Controller must be installed by a network administrator or qualified IT professional and the proper country code selected. Following installation, access to the Wireless LAN Controller should be password protected by the installer to maintain compliance with regulatory requirements and ensure proper unit functionality.
Voice WLAN Configuration
Cisco recommends that Load Balancing ALWAYS be turned off in any WLAN that is supporting voice, regardless of vendor. When Load Balancing is turned on, voice clients can hear an audible artifact when roaming and the handset is refused at its first reassociation attempt.
Cisco 7920 Wireless IP Phone Support
When using Cisco 7920 Wireless IP phones with Wireless LAN Controllers, make sure that the phones and Wireless LAN Controllers are configured as follows:
Aggressive Load Balancing on the Wireless LAN Controllers must be disabled on a per-Wireless LAN Controller basis. Otherwise, the initial roam attempt by the phone may fail, causing a disruption in the audio path.
The QoS Basis Service Set (QBSS) information element (IE) must be enabled. The QBSS IE enables the Cisco lightweight access point to communicate its channel usage to wireless devices. Because Cisco lightweight access points with high channel usage might not be able to handle real-time traffic effectively, the 7920 phone uses the QBSS value to determine if they should associate with anotherCisco lightweight access point. Use the following instructions to enable the QBSS IE:
– >sh wlan summary (use this to determine the WLAN ID No. of the WLAN to which you want to add QBSS support)
– >config wlan disable [WLAN ID No.]
– >config wlan dot11-phone compat [WLAN ID No.]
– >config wlan enable [WLAN ID No.]
– >sh wlan [WLAN ID No.] (use this command to verify that the WLAN is enabled and the field marked “Dot11-Phone Mode (7920)” is in the ‘compat’ mode)
– >save config
The Dynamic Transmit Power Control (DTPC) information element (IE) must be enabled. The DTPC information element is a beacon and probe information element that allows the Cisco lightweight access point to broadcast information on its transmit power. The Cisco Wireless IP Phone 7920 uses this information to automatically adjust its transmit power to the same level as the Cisco lightweight access point to which it is associated. In this manner, both devices are transmitting at the same level.
The 7920 phones and the Wireless LAN Controllers do not currently use compatible fast roaming mechanisms. The phone uses CCKM while the Wireless LAN Controllers use Proactive Key Caching (PKC). To minimize roaming latency, static WEP is the recommended security mechanism.
When configuring WEP, there is a difference in nomenclature the Wireless LAN Controller and the 7920 phone. Configure the Wireless LAN Controller for 104 bits when using 128-bit WEP for the 7920.
The Upgrade Process
When a Wireless LAN Controller is upgraded, the code on the associated Cisco lightweight access points is also automatically upgraded. When a Cisco lightweight access point is loading code, each of its lights blinks in succession.
Do not power down the Wireless LAN Controller or any Cisco lightweight access point during this process, or you can corrupt the software release!
Upgrading a Wireless LAN Controller with a large number of Cisco lightweight access points can take as long as 30 minutes. The Cisco lightweight access points must remain powered and the Wireless LAN Controller must not be reset during this time.
Cisco recommends the following sequence when performing an upgrade:
1. Upload your Wireless LAN Controller configuration files to a server to back them up.
2. Turn off the Wireless LAN Controller 802.11a and 802.11b networks.
3. Upgrade your Wireless LAN Controller.
4. Re-enable your 802.11a and 802.11b networks.
Note Wireless LAN Controllers can be upgraded from one operating system release to another. However, should you require a downgrade from one release to another, you may be unable to use the higher release configuration (CSCsb79383). The workaround is to reload the previous Wireless LAN Controller configuration files saved on the backup server or to reconfigure the Wireless LAN Controller.
Exclusion List (Blacklist) Client Feature
If a client is not able to connect, and the security policy for the WLAN and/or client is correct, the client has probably been disabled. From the Web user interface, Monitor page under client summary, you can see the client’s status. If they are disabled you can just do a “Remove” operation and the disable is cleared for that client. The client automatically comes back and, if necessary, reattempts authentication. Automatic disabling happens as a result of too many failed authentications. Clients disabled due to failed authorization do not show up on the permanent disable display. This display is only for those MACs that are set as permanently disabled by the administrator.
IPSec Clients Supported in this Release
This operating system release has been tested with the following IPSec clients:
Cisco Unity v3.6.2
SSH Sentinel v1.3.2(1)
The Netscreen client does not handle fragmented ICMP packets, does not respond to large ping packets, and does not work with certificates. Other IP fragmented traffic should work correctly.
Maximum MAC Filter Entries
The Wireless LAN Controller database can contain up to 2048 MAC filter entries for local netusers (CSCar12371).
Client Channel Changes
Cisco lightweight access points are know to go off channel for up to 30 seconds while identifying rogue AP threats. This can cause occasional dropped client connections (CSCar10047).
Cisco Aironet 1030 Remote Edge Lightweight Access Point WPA2-PSK in Standalone Mode
Cisco Aironet 1030 remote edge lightweight access points do not support WPA2-PSK in REAP standalone mode.
XAuth Configuration with NetScreen
Do not enable XAuth on the NetScreen client. Configure XAuth on the Wireless LAN Controller. The Wireless LAN Controller initiates the XAuth session and the NetScreen client responds and begins interoperating. Configure the NetScreen client with pre-shared keys only. You also need to set up a separate connection in the clear to your DHCP server.
Rekeys Not Supported with Cisco VPN Client
If a rekey occurs clients must reauthenticate. To mitigate this problem, log into the Web user interface, navigate to the WLANs page, select Edit to display the WLANs > Edit page, choose Advanced Configuration, and change Lifetime (seconds) to a large value, such as 28800 seconds (this is the default), depending upon your security requirements.
This product has been tested with the following RADIUS servers:
Odyssey Server and Odyssey Client v1.1 and 2.0 from Funk Software.
Steel-Belted RADIUS from Funk Software release 4.40.337 Enterprise Edition.
Microsoft Internet Authentication Service (IAS) release 5 on Windows 2000 Server/SP4; Microsoft Internet Authentication Service (IAS) release 5.2.3790.0 on Windows 2003 server.
CiscoSecure ACS, v3.2.
FreeRADIUS release 0.9.3, with OpenSSL 0.9.7B.
Management Usernames and Local Netuser Names
Management usernames and local netuser names must be unique, because they are stored in the same database. That is, you cannot assign the same name to a Management User and a Local Netuser.
802.1x and Microsoft Windows Zero-Config Supplicant
Clients using Windows Zero-Config and 802.1x MUST use WLANs configured for 40- or 104-bit Key Length. Configuring for 128-bit Key Length results in clients that can associate, but not authenticate.
Cisco Aironet 1030 Remote Edge Lightweight Access Point Default Operation
When a Wireless LAN Controller reboots, dropped Cisco Aironet 1030 remote edge lightweight access points attempt to associate with any available Wireless LAN Controller. If the Cisco Aironet 1030 remote edge lightweight access points cannot contact a Wireless LAN Controller, they continue to offer 802.11a/b/g service on WLAN 1 only.
This operating system release supports four separate WEP index keys. These keys cannot be duplicated between WLANs. At most four WEP WLANs can be configured on a Wireless LAN Controller. Each of these WLANs must use a different key index.
Transmit Power Algorithms
Transmit power algorithms are designed to work with four or more Cisco lightweight access points. If there is a need to enable these algorithms for a smaller number of Cisco lightweight access points, please contact Cisco Technical Assistance Center (TAC).
Using the Backup Release
The Wireless LAN Controller Bootloader (ppcboot) stores a copy of the active primary and the backup release. If the primary release should become corrupted, you can use the Bootloader to boot with the backup release.
After you have booted with the backup release, be sure to use Option 4: Change Active Boot Image on reboot to set the backup release as the active boot release. If you do not, then when the Wireless LAN Controller resets it again boots off the corrupted primary release.
Home Page Retains Web Auth Login with IE 5.x
This is a caching issue in the Internet Explorer 5.x browser. Clearing history corrects it, or upgrade your operator workstation to Internet Explorer 6.x.
RLDP Enable/Disable refers to the RLDP protocol which detects rogues on your wired network. Autocontainment enable/disable indicates whether you want the Wireless LAN Controller to automatically contain new Rogues that it finds on the wire. Disabling RLDP or autocontainment does not disable containment for Rogues that are being contained. When Rogues are being contained, you must manually disable containment for each Rogue individually.
Ad-Hoc Rogue Containment
Client card implementations may mitigate the effectiveness of ad hoc containment.
Some Apple Operating Systems require shared key authentication for WEP. Other releases of the Operating System actually do not work with shared key WEP set unless the client saves the key in their key ring. How you should configure your Wireless LAN Controller is based on the client mix you expect to use. Cisco recommends testing these configurations before deployment.
Features Not Supported on Cisco 2000 Series Wireless LAN Controllers
Power over Ethernet.
Service port (separate out-of-band management 10/100 Mbps Ethernet interface).
VPN Termination (such as IPSec and L2TP).
Guest controller WLAN function.
External Web Authentication web server list.
Layer 2 LWAPP.
QoS per user bandwidth contracts.
Some Clients Can See Only 64 Access Point MAC Addresses (BSSIDs) at a Time
In a crowded RF environment, clients may not be able to detect the desired SSID because of internal table limitations. Sometimes disabling and then enabling the client interface forces a rescan. Your RF environment needs to be controlled. Cisco UWN rogue access point detection and containment can help you enforce RF policies in your buildings and campuses.
Pinging from Any Network Device to a Dynamic Interface IP Address Not Supported
Clients on the WLAN associated with the interface pass traffic normally.
Cisco 4400 Series Wireless LAN Controller Limitations
Data traffic that goes in Cisco 4400 Series Wireless LAN Controller port 1 or 2 and exits port 3 or 4 may experience a loss rate of less than 1%.
Heavy multicast traffic may cause the Cisco 4400 Series Wireless LAN Controller to lose connection with Cisco lightweight access points.
Cisco Lightweight Access Point Fails to Join Wireless LAN Controller
Cisco lightweight access point boots up IOS image and reboots due to join failure or timeout. This sequence repeats forever until Cisco lightweight access point goes into boot prompt and stays there. This condition occurs when the Cisco lightweight access point console is connected to a terminal server port, when there is no telnet session to the Cisco lightweight access point console port, and when the Wireless LAN Controller is not responding to the Cisco lightweight access point join response. Workaround: Disconnect the Cisco lightweight access point console port from the terminal server. Reprogram the Wireless LAN Controller to have it response to the Cisco lightweight access point join request. Power cycle the Cisco lightweight access point to force restart.
Upgrading External Webauth
When upgrading Wireless LAN Controllers from operating system release 2.0 or 188.8.131.52 to release 3.0, update the external webauth configuration as follows:
– Instead of using a preauth ACL, the network manager must configure the external web server IP address using the CLI command:
config custom-web ext-webserver add <IP address>
(where <IP address> is the address of any web server that performs external web authentication.)
Then the network manager must use the new login_template which is included below:
This section lists open and closed caveats in operating system release 184.108.40.206 for Wireless LAN Controllers and associated Cisco lightweight access points.
These caveats are open in operating system release 220.127.116.11:
CSCar13192—In Cisco 2000 Series Wireless LAN Controllers, the trap message for SNMP authentication failure contains reversed IP address. If an SNMP query is made to a Cisco 2000 Series Wireless LAN Controller, and if the query results in an authentication failure, the IP address of the querying machine appears reversed on the trap log message.
CSCar13259—Clients are not excluded on Cisco Aironet 1030 remote edge lightweight access points in REAP mode.
CSCar13330—When using the web configuration wizard to complete the initial configuration on a Cisco 2000 Series Wireless LAN Controller, on the RADIUS configuration page, after enabling the server, an error message is returned saying “Error in enabling the server.” Workaround: The RADIUS server may be enabled after the configuration wizard is complete and the Wireless LAN Controller UI is in regular mode. To go to the RADIUS server details, click the Security tab and then select RADIUS Authentication under the AAA menu. Then, click the edit link for the RADIUS server entry. On the RADIUS edit page, enable the server state and click Apply.
CSCei65293—The 5-GHz, RM-21A radio module on Cisco Aironet 1200 series lightweight access points has an articulating antenna with a dual function: diversity omni or patch antenna. When the antenna is folded flat to the access point housing it is in 9-dBi patch mode, and when it is in any other position it is in 5-dBi omni mode. When you change the antenna position to switch antenna modes you must reset the Cisco Aironet 1200 series lightweight access point to apply the change.
CSCsa95763—The Wireless LAN Controller Web UI cannot display more than 80 local net users on the page Security->AAA->Local Net Users. Workaround: Use the Wireless LAN Controller CLI to view all the Local Net User entries.
CSCsb01980—When using the web configuration wizard on a Wireless LAN Controller, when the operator enters incorrect data for the management interface, error messages are shown only at the end of the wizard and thus the user must return to the management interface page for correction. The data entered in the management interface page, such as the port number, is not validated immediately but at the end of the wizard. As a result any error messages are shown only at the end. Workaround: This issue can cause the user some inconvenience and the user may prefer to use the CLI configuration wizard instead to avoid it.
CSCsb01983—The Wireless LAN Controller Web Configuration wizard is not reachable after making repeated invalid entries for the management interface port. When an operator connects to the Wireless LAN Controller Web Configuration wizard on address 192.168.1.1, and when the operator enters an invalid port number on the Management Interface configuration page, at the end of the wizard, the operator is redirected to the management interface page to correct the port. If the operator enters an incorrect port and submits, the configuration wizard becomes inaccessible. Workaround: Reboot the Wireless LAN Controller through the CLI to access the web wizard again.
CSCsb09699—ACL rules with specified source or destination IP addresses are not working. For instance, create a permit ACL with source as 18.104.22.168/255.255.255.255 and all other parameters as any. The wireless client from this IP address is not able to ping the server.
CSCsb30211—Cisco lightweight access points continue rebooting when WMM mode is enabled. Cisco lightweight access points may not be able to join the Wireless LAN Controller if WMM is enabled on any of the WLANs. Workaround: Make sure that the port to which the Cisco lightweight access point is connected is configured as trunk port and not an access port if any WLAN has WMM enabled.
CSCsb34149—Disabling or deleting a WLAN on which a large number of clients exist may not result in deletion of all of the clients. This occurs when a large number (several thousand) clients are using a WLAN when the WLAN is disabled or deleted. Workaround: Make sure that WLANs are not deleted or disabled with a large number of clients associated.
CSCsb37605—When the admin status of Cisco Aironet 1000 series lightweight access point radio A is disabled, toggling the 802.11a network status flag re-enables radio A, although the admin status of radio A is still in disabled state. Workaround: Disabling radio A and reapply.
CSCsb42133—When editing a WLAN, on entering an invalid value for session timeout, an incorrect range is shown to the operator in the error message. This bug appears when the operator selects the edit option for a WLAN on the Wireless LAN Controller UI and the WLAN is set for 802.1x security, and when the operator enters an invalid value for session timeout, the error message shown on clicking Apply incorrectly states that the correct range is 0 to 86400. Workaround: The correct range for the WLAN session timeout is: 300-86400 for 802.1x and 0-65535 for all other security types.
CSCsa47748—RLDP protocol is not supported in Cisco Aironet 1130 series lightweight access points, Cisco Aironet 1200 series lightweight access points, and Cisco Aironet 1240 series lightweight access points. Workaround: Use “Rogue Detector AP” to detect rogue access points.
CSCsb52557—Cisco lightweight access points do not connect to the Cisco 4400 Series Wireless LAN Controller if the time is not set first. Workaround: Set the time on the Cisco 4400 Series Wireless LAN Controller before the Cisco lightweight access points connect.
CSCsb53746—A 350 or CB20A client running ACU 6.4 or ACU 6.5 and configured for LEAP authentication with WPAv1 encryption, can authenticate to a Cisco lightweight access point but does not receive an IP address. This problem does not affect clients running ACU 6.3, which does not use WME data frames. To check for this problem enable the following debug on the Wireless LAN Controllers:
debug dot1x events enable
In the body of the trace which follows authentication by an affected client see the following:
Fri Jun 3 07:29:59 2005: Received EAPOL-Key from mobile xx:xx:xx:xx:xx:xx
Fri Jun 3 07:29:59 2005: Received EAPOL-key message with invalid version number from mobile xx:xx:xx:xx:xx:xx
Workaround: Configure WME policy to be allowed for the WLAN on the Wireless LAN Controller. To do this via the GUI, browse to the WLANs->Edit page for the WPAv1 WLAN in question and in the drop-down box next to WME policy, select Allowed or Required. The allowed option means that both WME and non-WME clients can authenticate and receive an IP address, for example both Aironet ACU 6.4/6.5 and 6.3 clients. The required option means that only WME clients can authenticate; that is, only ACU 6.4/6.5 clients.
CSCsb54444—RLDP does not work for regulatory domain -E. This condition only applies to countries which require DFS (radar detection) support. Workaround: Do not enable RLDP in these countries.
CSCsb55937—VLAN-tagged large icmp packets that need to be fragmented are not making it out of Cisco Aironet 1000 series lightweight access points in direct-connection mode. It is observed that ping replies never come back when sending requests to a gateway from a wireless client using large 1500-byte packets, and with RADIUS override configured with any 1p tag. This condition exists for Cisco 4400 Series Wireless LAN Controllers using direct-connect mode, with RADIUS override enabled, the override parameter set to 1p with any VLAN number, and Cisco Aironet 1000 series lightweight access points.
CSCsb57305—Some Cisco lightweight access points transmit beacons after the associated WLAN is deleted from the Wireless LAN Controller. This happens only for WLANs with radio policy set to 802.11g only and 802.11g support is globally disabled. Workaround: If you have a WLAN with radio policy 802.11g only, do not disable 802.11g support.
CSCsb62289—The displayed dBm for Cisco Aironet 1500 series lightweight outdoor access points appears lower than it actually is.
Workaround: In the CLI, the correct values can be up to 6 dBm higher for 2.4-GHz channels and up to 13 dBm higher for 802.11a channels 149 to 165.
CSCsb63479—Clicking the Refresh link on the Cisco APs page sometimes results in a Page Not Found error. This generally occurs when there are more than 80 Cisco lightweight access points connected to the Wireless LAN Controller.
Workaround: Click the Wireless tab at the top of the page and click the Cisco APs link on the left. This causes Cisco WCS to list all the Cisco lightweight access points on the page.
CSCsb68069—When all eight Wireless LANs are defined on 1130AG, 1200AG, and 1240AG access points converted to lightweight mode, and the radio environment is very busy, transmission attempts can be delayed. The 802.11g radios sometimes report this error:
%DOT11-2-RADIO_FAILED: Interface Dot11Radio0, failed - Radio command failed, cmd 121 (FF80,0,0) status 7F21 (5,0,0)
When the failure occurs, the radio restarts, all clients are disassociated, the failure is logged, and normal operation resumes.
Workaround: Reduce the number of Wireless LANs in use.
CSCsb77161—Cisco Aironet 1500 series lightweight outdoor access points are out of compliance with the IEEE 802.11a requirement for maximum receive input level, that is receiver saturation, at data rates of 24, 36, 48, and 54 Mbps. Cisco lightweight access points can experience increased packet error rates when they are located too close to one another.
Workaround: Mount the Cisco Aironet 1500 series lightweight outdoor access points at least 50 feet (15 m) apart from one another. The software roadmap has a release planned that will enable a gain bypass feature which will correct this performance limitation.
CSCsb98213—When Cisco Aironet 1030 remote edge lightweight access points and Cisco Aironet 1500 series lightweight outdoor access points in bridging mode are to be used as pole-top access points, they be should be configured as pole-top access points before they are deployed in the network. Not configuring the Cisco lightweight access points as pole-top access points may result in a longer than normal loss of data connectivity if the roof-top access point loses connection to the Wireless LAN Controller.
Workaround: Use the CLI commands from a Wireless LAN Controller to configure the Cisco lightweight access points as pole-top access points before deploying them.
CSCsc07129—Cisco Aironet 1500 series lightweight outdoor access points do not forward DHCP broadcast replies, such as those from Microsoft Windows DHCP servers. Pole-top access points do not obtain an IP address if the DHCP server sends the DHCP response to a broadcast address.
Workaround: Either configure the Cisco Aironet 1500 series lightweight outdoor access points with a static IP address or use a DHCP server that sends its response to a unicast address.
CSCsc17827—For Cisco Aironet 1500 series lightweight outdoor access points and Cisco Aironet 1030 remote edge lightweight access points, channel 165 for the 802.11a radio is only available for the -A SKU when the country code is set to USX. Channel 165 is not available for the -N SKU for any of the countries that use this SKU.
Workaround: In order to set the 802.11a radio to channel 165 when using the -A SKU, set the country code of the Wireless LAN Controller to USX. For the -N SKU, please select one of the available channels.
CSCsc35784—The transmit power control adjustment levels 3, 4 and 5 are not supported on Cisco Aironet 1500 series lightweight outdoor access points; these levels correspond to -6, -9, and -12 dB from the maximum power, respectively. Power levels 1 and 2 are supported, which correspond to maximum power for the particular data rate and channel, and -3 dB relative to this maximum. Both the 2.4- and 5.8-GHz bands are affected, at which these adjustment levels provide little or no further reduction in transmit power output.
Workaround: Set the transmit power level to either 1 or 2.
(NEW CAVEAT)—Over the temperature extremes of the product specification, primarily at the cold temperature extreme of -40 degrees Celsius, the Cisco Aironet 1500 series lightweight outdoor access point does not meet the IEEE 802.11a/b/g transmitter linearity parameter of error vector magnitude (EVM) of the product specification. The software roadmap has a release planned that will enable temperature compensation of the transmit gain, which will address the EVM corner cases over the temperature range.
These caveats are resolved in software release 22.214.171.124:
CSCsb65096—After changing the zero touch config security key, the Cisco lightweight access points now connect to the Wireless LAN Controller using LWAPP, and do not time out their connections.
CSCsb68069—When all eight Wireless LANs are defined on 1130AG, 1200AG, and 1240AG access points converted to lightweight mode, and when the radio environment is very busy, transmission attempts are no longer delayed.
CSCsb65731—Cisco Aironet 1500 series lightweight outdoor access points are no longer slow to fail over to a new Wireless LAN Controller when the primary Wireless LAN Controller fails.
CSCsb93202—Disabling RRM grouping eliminates Cisco lightweight access point resets.
CSCsb98097—The -T regulatory domain/country code max transmit power is now correct for the Cisco Aironet 1000 series lightweight access point 5 GHz radios.
CSCsc05207—Logging in via telnet, HTTP, HTTPS, and Console port with the wrong password now causes the Wireless LAN Controller to write traps to the trap logs.
For the most up-to-date, detailed troubleshooting information, refer to the Cisco TAC website at the following location:
Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation as an RSS feed and delivers content directly to your desktop using a reader application. The RSS feeds are a free service.
For information on the Cisco Unified Wireless Network Solution and for instructions on how to configure and use the Cisco UWN, refer to the Cisco Wireless LAN Solution Product Guide.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)