Guidelines and Limitations
WLAN-AP group association functionality:
– Functionality prior to Release 220.127.116.11—If a WLAN was added to an AP group prior to Release 18.104.22.168, the RF radio policy is set to All after an XML upload/download. This is because the default value of RF policy was not added. This issue was addressed through
. However, this corrects only the newly created WLAN-AP group associations and not the previous ones. Therefore, if you have configured a WLAN-AP group association prior to Release 22.214.171.124, you must remove the WLAN from the AP group and add it again in Release 126.96.36.199 or a later release.
Also, the XML configuration for radio policy was not present in releases prior to 8.0. This issue is addressed through
– Change in functionality with Release 188.8.131.52—The RF radio policy is by default set to None for all WLAN-AP group associations created in Release 184.108.40.206. Any previous WLAN-AP group associations that are carried over will continue to be set to All unless a WLAN is removed from the AP group and added again.
The XML upload/download for AP group RF radio policy is available only from Release 8.0.
Cisco WLCs validate client IP address at the time of learning, using the dynamic interface IP address as per the VLAN assigned to the client. Ensure that the clients and the dynamic interface VLAN of the clients are on the same subnet, even if DHCP proxy is disabled at the Cisco WLC.
When H-REAP access points that are associated with a controller that has all the 7.0.x software releases that are prior to 220.127.116.11 upgrade to the 18.104.22.168 release, the access points lose their VLAN support configuration if it was enabled. The VLAN mappings revert to the default values of the VLAN of the associated interface. This issue does not occur if you upgrade from 22.214.171.124 or later 7.0.x release to the 126.96.36.199 release.
We recommend that you install Wireless Controller Field Upgrade Software for Release 188.8.131.52-FUS, which is a special AES package that contains several system-related component upgrades. These include the bootloader, field recovery image, and FPGA/MCU firmware. Installing the FUS image requires special attention because it installs some critical firmware. The FUS image is independent of the runtime image. For more information, see
If you are using a Cisco 2500 Series controller and you intend to use the Application Visibility and Control (AVC) and NetFlow protocol features, you must install Wireless Controller Field Upgrade Software for Release 184.108.40.206-FUS. This is not required if you are using other controller hardware models. For more information, see
When you enable LAG on a Cisco 2500 Series Controller with which a direct-connect access point is associated, the direct-connect access point dissociates with the controller. When LAG is in enabled state, the direct-connect access points are not supported. For direct-connect access points to be supported, you must disable LAG and reboot the controller.
If LAG is enabled on the Cisco 2500 Series Controller and the controller is downgraded to a non-LAG aware release, the port information is lost and it requires manual recovery.
After you upgrade to the 7.4 release, networks that were not affected by the existing preauthentication ACLs might not work because the rules are now enforced. That is, networks with clients configured with static DNS servers might not work unless the static server is defined in the preauthentication ACL.
On 7500 controllers if FIPS is enabled, the reduced boot options are displayed only after a bootloader upgrade.
Note Bootloader upgrade is not required if FIPS is disabled.
If you require a downgrade from one release to another, you might lose the configuration from your current release. The workaround is to reload the previous controller configuration files saved on the backup server or to reconfigure the controller.
It is not possible to directly upgrade to the 220.127.116.11 release from a release that is older than 18.104.22.168.
You can upgrade or downgrade the controller software only between certain releases. In some instances, you must first install an intermediate release prior to upgrading to software release 22.214.171.124.
shows the upgrade path that you must follow before downloading software release 126.96.36.199.
Table 2 Upgrade Path to Controller Software Release 188.8.131.52
Upgrade Path to 184.108.40.206 Software
220.127.116.11 or later 7.0 releases
You can upgrade directly to 18.104.22.168
Note If you have VLAN support and VLAN mappings defined on H-REAP access points and are currently using a 7.0.x controller software release that is prior to 22.214.171.124, we recommend that you upgrade to the 126.96.36.199 release and then upgrade to 188.8.131.52 to avoid losing those VLAN settings.
You can upgrade directly to 184.108.40.206
7.2. or later 7.2 releases
You can upgrade directly to 220.127.116.11
Note If you have an 802.11u HotSpot configuration on the WLANs, we recommend that you first upgrade to the 18.104.22.168 controller software release and then upgrade to the 22.214.171.124 controller software release.
You must downgrade from the 126.96.36.199 controller software release to a 7.2.x controller software release if you have an 802.11u HotSpot configuration on the WLANs that is not supported.
7.3 or later 7.3 releases
You can upgrade directly to 188.8.131.52
7.4 releases that are prior to this release
You can upgrade directly to 184.108.40.206
When you upgrade the controller to an intermediate software release, you must wait until all of the access points that are associated with the controller are upgraded to the intermediate release before you install the latest controller software. In large networks, it can take some time to download the software on each access point.
If you upgrade to the controller software release 220.127.116.11 from an earlier release, you must also upgrade to Cisco Prime Infrastructure 1.3 and MSE 7.4.
You can upgrade to a new release of the controller software or downgrade to an older release even if Federal Information Processing Standard (FIPS) is enabled.
When you upgrade to the latest software release, the software on the access points associated with the controller is also automatically upgraded. When an access point is loading software, each of its LEDs blinks in succession.
We recommend that you access the controller GUI using Microsoft Internet Explorer 6.0 SP1 (or a later release) or Mozilla Firefox 18.104.22.168 (or a later release).
Cisco controllers support standard SNMP Management Information Base (MIB) files. MIBs can be downloaded from the Software Center on Cisco.com.
The controller software is factory installed on your controller and automatically downloaded to the access points after a release upgrade and whenever an access point joins a controller. We recommend that you install the latest software version available for maximum operational benefit.
Ensure that you have a TFTP, FTP, or SFTP server available for the software upgrade. Follow these guidelines when setting up a server:
– Ensure that your TFTP server supports files that are larger than the size of the controller software release 22.214.171.124. Some TFTP servers that support files of this size are tftpd32 and the TFTP server within the Prime Infrastructure. If you attempt to download the 126.96.36.199 controller software and your TFTP server does not support files of this size, the following error message appears: “TFTP failure while storing in flash.”
– If you are upgrading through the distribution system network port, the TFTP or FTP server can be on the same or a different subnet because the distribution system port is routable.
When you plug a controller into an AC power source, the bootup script and power-on self-test run to initialize the system. During this time, you can press
to display the bootloader Boot Options Menu. The menu options for the 5500 differ from the menu options for the other controller platforms.
Bootloader Menu for 5500 Series Controllers:
Please choose an option from below: 3. Change active boot image 6. Manually update images Please enter your choice:
Bootloader Menu for Other Controller Platforms:
Please choose an option from below: 3. Manually update images 4. Change active boot image Please enter your choice:
Enter 1 to run the current software, enter 2 to run the previous software, enter 4 (on a 5500 series controller), or enter 5 (on another controller platform) to run the current software and set the controller configuration to factory defaults. Do not choose the other options unless directed to do so.
Note See the Installation Guide or the Quick Start Guide for your controller for more details on running the bootup script and power-on self-test.
The controller bootloader stores a copy of the active primary image and the backup image. If the primary image becomes corrupted, you can use the bootloader to boot with the backup image.
With the backup image stored before rebooting, be sure to choose Option 2: Run Backup Image from the boot menu to boot from the backup image. Then, upgrade with a known working image and reboot the controller.
Control which address(es) are sent in CAPWAP discovery responses when NAT is enabled on the Management Interface using the following command:
config network ap-discovery nat-ip-only
— Enables use of NAT IP only in a discovery response. This is the default. Use this command if all APs are outside of the NAT gateway.
—Enables use of both NAT IP and non-NAT IP in a discovery response. Use this command if APs are on the inside and outside of the NAT gateway; for example, Local Mode and OfficeExtend APs are on the same controller.
Note To avoid stranding APs, you must disable AP link latency (if enabled) before you use the disable option for the config network ap-discovery nat-ip-only command. To disable AP link latency, use the config ap link-latency disable all command.
You can configure 802.1p tagging by using the
config qos dot1p-tag
} tag. For the 188.8.131.52 and later releases, if you tag 802.1p packets, the tagging has impact only on wired packets. Wireless packets are impacted only by the maximum priority level set for QoS.
You can reduce the network downtime using the following options:
– You can predownload the AP image.
– For FlexConnect access points, use the FlexConnect AP upgrade feature to reduce traffic between the controller and the AP (main site and the branch).
Note Predownloading a 184.108.40.206 version on a Cisco Aironet 1240 access point is not supported when upgrading from a previous controller release. If predownloading is attempted to a Cisco Aironet 1240 access point, an AP disconnect will occur momentarily.
Do not power down the controller or any access point during the upgrade process; otherwise, you might corrupt the software image. Upgrading a controller with a large number of access points can take as long as 30 minutes, depending on the size of your network. However, with the increased number of concurrent access point upgrades supported, the upgrade time should be significantly reduced. The access points must remain powered, and the controller must not be reset during this time.
If you want to downgrade from the 220.127.116.11 release to a 6.0 or an older release, do either of the following:
– Delete all WLANs that are mapped to interface groups and create new ones.
– Ensure that all WLANs are mapped to interfaces rather than interface groups.
After you perform these functions on the controller, you must reboot the controller for the changes to take effect:
– Enable or disable link aggregation (LAG)
– Enable a feature that is dependent on certificates (such as HTTPS and web authentication)
– Add a new license or modify an existing license
– Increase the priority for a license
– Enable the HA
– Install SSL certificate
– Configure the database size
– Install vendor device certificate
– Download CA certificate
– Upload configuration file
– Install Web Authentication certificate
– Changes to management or virtual interface
– TCP MSS
Upgrading to Controller Software Release 18.104.22.168 (GUI)
Step 1 Upload your controller configuration files to a server to back them up.
Note We highly recommend that you back up your controller’s configuration files prior to upgrading the controller software.
Step 2 Follow these steps to obtain the 22.214.171.124 controller software:
Click this URL to go to the Software Center:
from the center selection window.
Wireless LAN Controllers
The following options are available:
– Integrated Controllers and Controller Modules
– Standalone Controllers
d. Depending on your controller platform, click one of the above options.
e. Click the controller model number or name. The
page is displayed.
f. Click a controller software release. The software releases are labeled as follows to help you determine which release to download:
Early Deployment (ED)
—These software releases provide new features and new hardware platform support as well as bug fixes.
Maintenance Deployment (MD)
—These software releases provide bug fixes and ongoing software maintenance.
—These software releases have been deferred. We recommend that you migrate to an upgraded release.
g. Click a software release number.
h. Click the filename (
j. Read Cisco’s End User Software License Agreement and then click
k. Save the file to your hard drive.
l. Repeat steps a. through k. to download the remaining file.
Step 3 Copy the controller software file (
.aes) to the default directory on your TFTP, FTP, or SFTP server.
Step 4 (Optional) Disable the controller 802.11a/n and 802.11b/g/n networks.
Note For busy networks, controllers on high utilization, or small controller platforms, we recommend that you disable the 802.11a/n and 802.11b/g/n networks as a precautionary measure.
Step 5 Choose
to open the Download File to Controller page.
Step 6 From the File Type drop-down list, choose
Step 7 From the Transfer Mode drop-down list, choose
Step 8 In the IP Address text box, enter the IP address of the TFTP, FTP, or SFTP server.
Step 9 If you are using a TFTP server, the default values of 10 retries for the Maximum Retries text field, and 6 seconds for the Timeout text field should work correctly without any adjustment. However, you can change these values if desired. To do so, enter the maximum number of times that the TFTP server attempts to download the software in the Maximum Retries text box and the amount of time (in seconds) that the TFTP server attempts to download the software in the Timeout text box.
Step 10 In the File Path text box, enter the directory path of the software.
Step 11 In the File Name text box, enter the name of the software file (
Step 12 If you are using an FTP server, follow these steps:
a. In the Server Login Username text box, enter the username to log on to the FTP server.
b. In the Server Login Password text box, enter the password to log on to the FTP server.
c. In the Server Port Number text box, enter the port number on the FTP server through which the download occurs. The default value is 21.
Step 13 Click
to download the software to the controller. A message appears indicating the status of the download.
Step 14 After the download is complete, click
Step 15 If prompted to save your changes, click
Save and Reboot
Step 16 Click
to confirm your decision to reboot the controller.
Step 17 For Cisco WiSM2 on the Catalyst switch, check the port channel and reenable the port channel if necessary.
Step 18 If you have disabled the 802.11a/n and 802.11b/g/n networks in (Optional) Disable the controller 802.11a/n and 802.11b/g/n networks., reenable them.
Step 19 To verify that the 126.96.36.199 controller software is installed on your controller, click
on the controller GUI and look at the Software Version field under Controller Summary.