Notable Notes from Cisco WLC Release Notes

I finally have the chance to work on upgrading from our WLC4404 controllers to some WiSM2s. The 4400 series controllers are only supported through the 7.0 releases of the WLC software. With 7.6 being released recently, I’m really behind in knowing what the current software can do. I read through all the release notes to see what had changed and took notes while doing so. This blog post is mostly just the notes I took in case they were useful to anyone else. I will also comment that there are a lot of RADIUS updates, mostly regarding allowing a lot more servers. That’s not applicable in my environment, so I didn’t take notes about that, but thought I’d mention it in passing.

What’s new between 7.0 and 7.6

Note: AP1121, AP1220, AP123x, and 1300 no longer supported after 7.0.

Version 7.1 releases
  • Appears to be hardware specific release for AP 3600 and WLC 5500 support.

Version 7.2 releases

  • Better IPv6 dual stack support for clients.
  • HREAP is now FlexConnect
  • FlexConnect Features
  • Efficient AP Upgrade – One FlexConnect AP in a remote office becomes the “master”. It will download new software images and the other APs in the office will download the image from the master.
    • ACLs: You can filter locally switch traffic. – Use case?
    • AAA Override: You can dynamically assign the client’s VLAN.
    • Fast Roaming for voice clients in a FlexConnect group.
    • Peer to peer blocking
  • Minimum RSSI now configurable for rogue detection (yeah!)
  • RF profiles can now be assigned to AP groups to adjust TPC settings based on the group. Good for things like having different settings for high-density or other challenging environments.
    • Only works for APs managed with RRM
  • QoS on a per-vlan basis within the AP.
  • Multicast and video streaming improvements.
  • indoor mesh supported with 3600 now.
  • DHCP option 82 is now ASCII instead of binary.
  • AP behind NAT support. Up to 3 OfficeExtend APs (OEAPs) and be deployed behind nat and up to 50 FlexConnect APs.
  • 802.11u/HotSpot 2.0 support added

Version 7.3 releases

  • Virtual WLC, WLC 8500, and Flex 7500 support
  • AP 2600 support
  • New HA for SSO (stateful switch over)
    • Looks like no internal DHCP support when in HA mode
  • New FlexConnect features
    • Split-tunneling – Very shiny. IP-based decision between locally switched and centrally switch traffic.
      • Supported on 1040, 1140, 1260, 2600, 3500 and 3600.
    • NAT/PAT support on FlexConnect locally-switched VLANs.
    • PPP and PPPoE added for FlexConnect APs.
      • Supported on 1040, 1140, 1260, 2600, 3500 and 3600.
      • Sounds like you can now setup connectivity without needing a router or VPN. Very nice!
    • 802.11u support
    • VLAN-based local and central switching supported. If VLAN is present on local 802.1Q link it will locally switch, if not it will centrally switch.
  • IPv6 added to SRE
  • Packet capture on the remote AP and dump them on an FTP server. Super shiny!
  • More RF profiles
  • VLAN tagging support with untagged fallback. Sounds like support for trunks that tag the native VLAN.
  • bi-directional bandwidth contracts now supported
  • “New Mobility” (aka, Hierarchical Mobility). Adds support for 5760 and 3850 converged switches.

Version 7.4

  • AP1600 support added
  • 802.11w added (standardized MFP). Windows 8 supports this natively, but has a bug in the implementation. Use a newer release.
  • Up to 75 AP with a 2500 series controller, now.
  • 2500, 8500, and 8500 get “extended support” for LAG.
  • AP location string increased from 32 characters to 254.
  • 802.11n mode now supported. Will only advertise 11n speeds. Applied to an RF profile.
  • New SNMP traps for memory and CPU utilization on AP and controller.
  • SFTP support added. Excellent.
  • Support for mDNS is added. Mostly Apple service discovery (AirPlay, AirPrint, etc)
  • AVC support. Uses NBAR and allows you to drop or mark application traffic.
  • NetFlow added, too.
  • WSSI module for AP3600 support.
  • You get a warning if too many RFID tags or clients (max supported numbers vary by controller) are on the controller.
  • Partial 802.11k implementation. (List of neighboring APs that can reduce the need to active and passive scanning)
  • Interesting – 1552 APs can be ordered with GPS and will auto-populate their location in PI. Nice time saver.
  • LLDP and MCI TLV added for 3600, 3500, 2600, 1600, 1140, 1250, 1552 and 1520 APs.

Version 7.5

  • 802.11ac wave 1 support
  • 802.11ac module for 3600 support
  • AP700 support
  • SRE support dropped. That didn’t last long. (Virtual controller is replacement, but ISM300 won’t run it.)
  • Wireless Policy Classification engine – it’s a device profiler to help with BYOD.
  • grep added to controller cli. Too bad the syntax is weird: grep include ‘Up Time’ “show sysinfo”
  • Controller GUI now supports wildcards in filters. (But wouldn’t you rather be using PI?)
  • RAP and MAP APs can now respond to ping prior to association with controller. Good troubleshooting improvement.
  • You can now force deauthentication based on IP, or more importantly, username.
  • More device profiling support. You can enforce per-user and per-device policies.
  • Sounds like protocol packs are now supported. (allows adding additional apps to AVC)
  • mDNS
    • improved to support location specific services (LSS)
    • Some filtering for source (wired vs wireless) added
    • Limit of 100 services removed – 6400 supported in 2500/5500. 16000 supported on 7500/8500
    • You can add an AP to a VLAN the controller is not connected to so it can forward mDNS requests
  • Guests successfully authenticated via web auth can be allowed to sleep for 1h – 720h (with 12h as default) without having to re-auth.
  • Built in rogue policies added. Don’t have to build it by hand anymore.
    • Lots of other updates, primarily centered on active containment.
  • vWLC can now rate limit clients (AP does the work)
  • FlexConnect updates
    • You can now apply WLAN to VLAN mappings to AP Groups.
      • Individual AP settings can override
    • 802.11w added for FlexConnect
    • PPPoE goes away.
  • 802.11w added for mesh APs
  • Default 802.1p tags changed
    • Platinum – 5 (was 6)
    • Gold – 4 (was 5)
    • Silver – 2 (was 3)
  • AP3700 support
  • AP1530 support
  • Universal Small Cell 5310 module for 3600 and 3700 – small licensed cells for mobile operators (3G)
  • DFS added for AP700
  • 802.11ac added for HA
  • DNS based ACLs for onboarding clients – lets clients connect to IT specified sites
  • Apple iOS 7 captive portal support (iOS 7 and earlier both supported)
  • NBAR 6.3.0 protocol pack is available
  • Number of supported sleeping clients increased on most platforms.
  • Auto-recovery from maintenance mode for HA deployments
  • FlexConnect AP can turn off it’s radio if Ethernet is down.
    • Of course, the AP has to have power that’s not PoE…
  • Can now change min/max power assignment while network is operational.
  • HA SKUs can have AP licenses added and become active instead of standby only.
    • Presumably, this allows active/active HA?

Anything 7.0.x or greater can upgrade directly to, with a handfull of caveats. Please read the release notes for the version you are installing. That way you won’t be surprised by caveats I did not note, as there are a number of them. This is just a summary of the things that jumped out to me as interesting and is obviously not a complete set of release notes. Those are here:

After going through this, one of my first thoughts was that the Cisco Wireless certifications need an update again… It seems like voice and wireless just move too fast for the certs to have any hope of keeping up.


One thought on “Notable Notes from Cisco WLC Release Notes

  1. Pingback: What's new in WLC 7.6.110 - 8.0.100 - Mostly Networks

Leave a Reply