A while back I wrote an article that covered the changes from WLC 7.1 – 7.6.100 . Let’s catch up to 8.0, shall we?
- Bugfix release.
- Fix for issues with WMM with Broadcom clients (no 802.11n for you)
- Fix for an issue with the AP3700 and replay counters which apparently causes major performance problems on 5GHz.
- Adds support for 2700 series and 700W series APs.
- Adds “Cisco WLAN Express Setup” for 2500 series controllers. The notes say: “It includes easy to use GUI Configuration Wizard, an intuitive monitoring dashboard and several Cisco Wireless LAN best practices enabled by default.” Sounds nifty. I need to get a 2504 for my lab… If you are upgrading a 2500 to this release, there’s a decent chunk of steps involved to enable this feature. More info about the feature and the steps here: Cisco WLAN Express Setup for Cisco 2500 Series Wireless Controller.
- Of course, lots of bugfixes.
- Several crashes fixed.
- Obligatory security fixes.
- False DFS positives fixed.
- If you really want to see if your favorite bug is fixed, check here: 7.6.120 Resolved Caveats
- Bugfix release with an even longer list of resolved caveats (7.6.130 Resolved Caveats).
- More crash fixes and obligatory security fixes. The ones that jumped out at me below.
- 99% CPU usage fix.
- Apple auth problems fixed.
- Fix for CAPWAP disassociation due to DTLS errors
- Vocera broadcast failure fix
- RAID volumes get proper status codes
- vWLC Service Port issue with distributed vSwitch fixed
- Annoying MFP anomaly messages fixed (but I’m still seeing them)
Now the really interesting stuff. Major releases are always fun, at least once the first round or two of bug fixes come in. Let’s see what’s shiny, shall we?
[Note: I've since found this Cisco Wireless Release 8.0 document, which has a nice summary of the features.]
- Cisco Aironet AP and Scale Features
- Keep-alives now sent over both control and data CAPWAP tunnels.
- New Flex+Bridge mode enabled FlexConnect functionality across mesh APs. This means if the wired link goes down, your AP can failover to mesh backhaul. (Not supported on 1130 and 1240. No surprise.)
- Mesh fast convergence. Automatically sets faster convergence timers. Convergence time per hop down to 20s.
- AP700W gets VLAN tagging
- FlexConnect APs can be a PPPoE client. Was in 7.3/7.4, but not 7.5/7.6. Now it’s back. And it’s angry…
- Dynamic Channel Assignment (DCA) on RF Profiles. Enables multi-country support using AP groups and simplifies mixed channel environments (40MHz/80MHz mix). Sounds like this could be useful for those of us with a mixed .11n and .11ac environment, which will probably be just about everybody soon… See Configuring RF Profiles for more information. (Not supported for mesh/bridge APs.)
- Rx-SOP: Receiver Start of Packet threshold. #shiny Particularly helpful in high density environments. This helps reduce CCI by controlling what frames the AP will decode. The No Strings Attached Show has a nice whitepaper about it. Config information is here: Configuring Receiver Start of Packet Detection Threshold.
- Optimized Roaming. Ooh, more #shiny! This helps with sticky clients by disassociating them based on RSSI and data rate. This will also help prevent clients from associating as they pass by. Config info: Configuring Optimized Roaming.
- Side note: Good article covering Rx-SOP, Optimized Roaming, and RSSI low at Revolution Wi-Fi: Optimized Roaming, RSSI Low Check, RX-SOP, Oh My!
- AP1700 support added
- CleanAir Express for AP1600 and AP1700
- OEAP gets basic firewall support, split tunneling, VoIP QoS
- Increased scale of vWLC (now up to 6000 clients)
- 2500 WLC now supports wired guests
- Native IPv6 (if you need the exhaustive list see Native IPv6 Support)
- SLAAC for the service port
- Full support for all the services and ways of accessing the WLC that you would expect out of v6 support.
- DHCPv6 option 52 for controller discovery
- CAPWAP preferred mode – you can choose v4 or v6 as preferred. v4 is preferred by default
- List of things not supported, which will take away your initial joy:
- FlexConnect-local switched, mesh/outdoor, teleworker/OEAP, converged acces
- Services: mDNS, AVC, and TrustSec
- Bridge mode APs with 64MB of RAM: 600 OEAP, ISR 800/802, 1130, 1240, 1250, 1310, 1410, 1520
- Internal DHCPv6 server, DHCPv6 proxy, auto-configuration, dynamic interfaces, RA interfaces, OSCP and CA server URL, VLAN pooling
- NTPv4 (typo?), MLDv2, IPSec v3 and IKEv2, RLDP and CIDS, PMIPv6, mDNS IPv6 clients, and New Mobility
- IPv6 is not supported for HA Redundancy Interface configuration
- Auto-RRM, Dynamic Anchoring, DNS RADIUS/TACACS+, core dump
- Security and RADIUS enhancements
- SPs can configure new VSAs and tell the WLC how to handle them.
- WLC can be configured to use the realm value to determine the RADIUS server for a client.
- WebAuth now works for HTTPS.
- 802.1X and EAP WLANs now support sending the WLAN ID to the RADIUS server.
- SHA256 certificate support
- Ease of Management Features
- SSID and WLAN profiles can be renamed (Yay! Now you can cleanup the mess!)
- “ping” can be sourced from a dynamic interface.
- “show ap summary” now shows the AP’s IP address. Also can search for APs based on IP in the GUI.
- Bunch of new show system commands. They provide more info about how WLC is running.
- show run-config startup-commands – Finally, something you can copy and paste into a controller!
- You can globally enable/disable SSH/telnet for all APs on a controller.
- Choice of color themes for the GUI (default and red). Helps distinguish between controllers.
- You can now flash the LEDs on an AP to identify it. About time…
- “show client detail” now shows AP and WLAN
- “show ap join stats” corrects output for renamed APs
- “debug client” now shows the AP connected and RSSI.
- You can now update the OUI list without upgrading the controller. But it requires a reboot…
- 802.11v. My understanding is it’s supposed to leverage 802.11k info to control client associations. Not sure if any clients actually support this.
- 802.11r mixed mode. Yes, bold. No need for a seperate SSID for 802.11r and non-11r clients. This is very shiny. And useful.
- High Availability Enhancements
- 802.11ac is now supported in HA. I hadn’t realized it wasn’t supported before.
- Handful of enhancements to HA, including faster sync and more configurability.
- Internal DHCP now works with client SSO. The database is synced between the active and standby controllers.
- Better policy control for mDNS
- NBAR 2 protocol pack updated to 11. Heh.
- Per app, per client rate limiting. Nice.
- QoS marking can choose the direction instead of only bidirectional. I wonder what the use case for that is.
- Q-in-Q support. Outer tag for AP group. Inner tag assigned by AAA.
- VideoStream now supported for FlexConnect locally switched mode.
- WPA/TKIP now only configurable from the CLI.
WLC 8.0 is supported on PI 2.1.1. A number of the new features aren’t supported, though I expect those will be available in PI 2.2. ISE 1.2 is supported. Obviously, MSE 8.0 is supported with it. It’s not clear is MSE 8.0 upgrade is required, but it is at least implied.
I suspect this will be the last release to support the 1130 and 1240 series.
8.0.100 has a LONG list of resolved caveats (many of which are also resolved in the 7.x code base) and a decent list of open ones. If you are considering 8.0, I recommend going over those carefully: WLC 8.0 Caveats. Personally, I will likely wait for 8.0.110 before going into production with it.