Updated WLC Snippet

Just a quick note to share my updated TextExpander snippet for downloading files to a Cisco WLC. I’ve added a dropdown for my most commonly used datatypes and transfer modes and made the username and password optional. Enjoy!

transfer download datatype %fillpopup:name=datatype:default=code:config:webadmincert:webauthbundle:webauthcert%
transfer download filename %fill%
transfer download path %fill:/%
transfer download serverip %fill%
transfer download mode %fillpopup:name=popup 7:tftp:default=sftp:ftp%
%fillpart%transfer download username %fill%
transfer download password %fill%%fillpartend%
%fillpart%transfer download certpassword %fill%%fillpartend%
transfer download start

WLC upgrade snippet

I was tired of trying to remember the syntax and all the commands to upgrade a Cisco WLC from the CLI, so I made a quick little TextExpander snippet to save time typing. It’s very simple, but it’ll save time. When you type the shortcut for this snippet, it will bring up a window that you fill in the blanks, then click OK to have the commands typed for you. Below is a screenshot of the dialog and the script. It’s hard coded for sftp and for a code update, but it’s easy to modify to your own ends.

wlccode

transfer download filename %fill%
transfer download datatype code
transfer download path %fill%
transfer download serverip %fill%
transfer download mode sftp
transfer download username %fill%
transfer download password %fill%
transfer download start

FIN

What’s New In Cisco Wireless Software 8.0.110 – 8.1.102

Cisco Wireless Software 8.1.102 has been released and it’s time to bring my notes up to date.

These are abridged notes covering high points. Read the release notes for yourself and test your chosen build before deploying it in production.

8.0.110 (Release Notes)

Note: If you need to run 8.0.110 (or 7.6), please read this post: TAC Recommended AireOS 7.6 and 8.0 – 2Q CY15

  • If you have 3700P APs, don’t install this release. Contact TAC. This warning doesn’t apply to 3700i or 3700e.
  • Support added for the 1570 AP
    • Handful of features added to support 1570 specific features.
  • Support for priming universal APs (APs not locked to a regulatory domain) and auto setting the regulatory domain based on location. See Cisco Aironet Universal AP Priming and Cisco AirProvision User Guide for more info.
  • Enhancements to Express Setup for the 2500 WLC.
  • SSLv3 is now disabled by default.
  • Lots of resolved caveats. Lots of open ones, too…

8.0.115 (Release Notes)

  • Nothing new. Very short list of bug fixes, mainly for the 3700P.
  • The 8.0.110 special build (mentioned in the TAC Recommended link above) may be a better bet right now.

8.1.102 (Release Notes)

  • Virtual WLC now supported on KVM.
  • These APs retain feature parity with 8.0 and do not gain new features: 1050, 1140, 1260. Nice to see support not completely vanish, yet.
  • Support for WLC 5520 and 8540 added.
  • Dynamic Bandwidth Selection (DBS)
    • Chooses 20/40/80MHz channel width automatically. Tries to balance client needs with RF needs. I’ll be interested to hear what others think. I’m sticking with 40MHz.
  • Flexible DFS
    • Automatically adjust channel and width to avoid radar for more efficient channel usage. I presume this leverages DBS.
  • Enhanced Interference Mitigation
    • ED-RRM now also takes Wi-Fi interferers into account.
  • Optimized Roaming Extensions (802.11v BSS Transition Management)
    • Infrastructure helps clients make better roaming choices. Not sure what clients actually support this.
  • Defaults now implement best practices.
  • AVC added to FlexConnect APs
    • I’ve been told this isn’t supported on the 2504, but the release notes don’t say. YMMV.
  • SNMP MIB enhanced to allow monitoring of an HA WLC.
  • Support for Lync SDN API.
    • In short, Lync tells the WLC when a call is happening so the WLC can take QoS actions.
  • AVC updates
    • Per app, per client rate limiting
    • AVC based QoS markings
  • Inter controller roaming across IOS-XE and AireOS based controllers (8500 series, 5520, 5760)
  • AAA can override FlexConnect VLAN.
  • Stateful client switchover for mesh APs (RAPs and MAPs)
  • There is a decent list of caveats. Please go read them for yourself if you find this release of interest.

Notes at the end remind that 7.6 is still the recommended release for 802.11ac deployments, with 7.4 for 802.11n deployments.

Also, Field Upgradeable Software (FUS) 1.9 is recommended. You can do a “show sysinfo” to see what you have installed. Look for the Firmware Version line and the Field Recovery Image Version. If you have FUS 1.9, it will look like this:

Bootloader Version............................... 1.0.20
Field Recovery Image Version..................... 7.6.101.1

FIN

What’s new in WLC 7.6.110 – 8.0.100

A while back I wrote an article that covered the changes from WLC 7.1 – 7.6.100 . Let’s catch up to 8.0, shall we?

7.6.110

  • Bugfix release.
  • Fix for issues with WMM with Broadcom clients (no 802.11n for you)
  • Fix for an issue with the AP3700 and replay counters which apparently causes major performance problems on 5GHz.

7.6.120

  • Adds support for 2700 series and 700W series APs.
  • Adds “Cisco WLAN Express Setup” for 2500 series controllers. The notes say: “It includes easy to use GUI Configuration Wizard, an intuitive monitoring dashboard and several Cisco Wireless LAN best practices enabled by default.” Sounds nifty. I need to get a 2504 for my lab… If you are upgrading a 2500 to this release, there’s a decent chunk of steps involved to enable this feature. More info about the feature and the steps here: Cisco WLAN Express Setup for Cisco 2500 Series Wireless Controller.
  • Of course, lots of bugfixes.
  • Several crashes fixed.
  • Obligatory security fixes.
  • False DFS positives fixed.
  • If you really want to see if your favorite bug is fixed, check here: 7.6.120 Resolved Caveats

7.6.130

  • Bugfix release with an even longer list of resolved caveats (7.6.130 Resolved Caveats).
  • More crash fixes and obligatory security fixes. The ones that jumped out at me below.
  • 99% CPU usage fix.
  • Apple auth problems fixed.
  • Fix for CAPWAP disassociation due to DTLS errors
  • Vocera broadcast failure fix
  • RAID volumes get proper status codes
  • vWLC Service Port issue with distributed vSwitch fixed
  • Annoying MFP anomaly messages fixed (but I’m still seeing them)

Now the really interesting stuff. Major releases are always fun, at least once the first round or two of bug fixes come in. Let’s see what’s shiny, shall we?

[Note: I’ve since found this Cisco Wireless Release 8.0 document, which has a nice summary of the features.]

8.0.100

  • Cisco Aironet AP and Scale Features
    • Keep-alives now sent over both control and data CAPWAP tunnels.
    • New Flex+Bridge mode enabled FlexConnect functionality across mesh APs. This means if the wired link goes down, your AP can failover to mesh backhaul. (Not supported on 1130 and 1240. No surprise.)
    • Mesh fast convergence. Automatically sets faster convergence timers. Convergence time per hop down to 20s.
    • AP700W gets VLAN tagging
    • FlexConnect APs can be a PPPoE client. Was in 7.3/7.4, but not 7.5/7.6. Now it’s back. And it’s angry…
    • Dynamic Channel Assignment (DCA) on RF Profiles. Enables multi-country support using AP groups and simplifies mixed channel environments (40MHz/80MHz mix). Sounds like this could be useful for those of us with a mixed .11n and .11ac environment, which will probably be just about everybody soon… See Configuring RF Profiles for more information. (Not supported for mesh/bridge APs.)
    • Rx-SOP: Receiver Start of Packet threshold. #shiny Particularly helpful in high density environments. This helps reduce CCI by controlling what frames the AP will decode. The No Strings Attached Show has a nice whitepaper about it. Config information is here: Configuring Receiver Start of Packet Detection Threshold.
    • Optimized Roaming. Ooh, more #shiny! This helps with sticky clients by disassociating them based on RSSI and data rate. This will also help prevent clients from associating as they pass by. Config info: Configuring Optimized Roaming.
    • Side note: Good article covering Rx-SOP, Optimized Roaming, and RSSI low at Revolution Wi-Fi: Optimized Roaming, RSSI Low Check, RX-SOP, Oh My!
    • AP1700 support added
    • CleanAir Express for AP1600 and AP1700
    • OEAP gets basic firewall support, split tunneling, VoIP QoS
    • Increased scale of vWLC (now up to 6000 clients)
    • 2500 WLC now supports wired guests
  • Native IPv6 (if you need the exhaustive list see Native IPv6 Support)
    • Finally!
    • SLAAC for the service port
    • Full support for all the services and ways of accessing the WLC that you would expect out of v6 support.
    • DHCPv6 option 52 for controller discovery
    • CAPWAP preferred mode – you can choose v4 or v6 as preferred. v4 is preferred by default
    • List of things not supported, which will take away your initial joy:
      • FlexConnect-local switched, mesh/outdoor, teleworker/OEAP, converged acces
      • Services: mDNS, AVC, and TrustSec
      • Bridge mode APs with 64MB of RAM: 600 OEAP, ISR 800/802, 1130, 1240, 1250, 1310, 1410, 1520
      • Internal DHCPv6 server, DHCPv6 proxy, auto-configuration, dynamic interfaces, RA interfaces, OSCP and CA server URL, VLAN pooling
      • NTPv4 (typo?), MLDv2, IPSec v3 and IKEv2, RLDP and CIDS, PMIPv6, mDNS IPv6 clients, and New Mobility
      • IPv6 is not supported for HA Redundancy Interface configuration
      • Auto-RRM, Dynamic Anchoring, DNS RADIUS/TACACS+, core dump
  • Security and RADIUS enhancements
    • SPs can configure new VSAs and tell the WLC how to handle them.
    • WLC can be configured to use the realm value to determine the RADIUS server for a client.
    • WebAuth now works for HTTPS.
    • 802.1X and EAP WLANs now support sending the WLAN ID to the RADIUS server.
    • SHA256 certificate support
  • Ease of Management Features
    • SSID and WLAN profiles can be renamed (Yay! Now you can cleanup the mess!)
    • “ping” can be sourced from a dynamic interface.
    • “show ap summary” now shows the AP’s IP address. Also can search for APs based on IP in the GUI.
    • Bunch of new show system commands. They provide more info about how WLC is running.
    • show run-config startup-commands – Finally, something you can copy and paste into a controller!
    • You can globally enable/disable SSH/telnet for all APs on a controller.
    • Choice of color themes for the GUI (default and red). Helps distinguish between controllers.
    • You can now flash the LEDs on an AP to identify it. About time…
    • “show client detail” now shows AP and WLAN
    • “show ap join stats” corrects output for renamed APs
    • “debug client” now shows the AP connected and RSSI.
    • You can now update the OUI list without upgrading the controller. But it requires a reboot…
    • 802.11v. My understanding is it’s supposed to leverage 802.11k info to control client associations. Not sure if any clients actually support this.
    • 802.11r mixed mode. Yes, bold. No need for a seperate SSID for 802.11r and non-11r clients. This is very shiny. And useful.
  • High Availability Enhancements
    • 802.11ac is now supported in HA. I hadn’t realized it wasn’t supported before.
    • Handful of enhancements to HA, including faster sync and more configurability.
    • Internal DHCP now works with client SSO. The database is synced between the active and standby controllers.
  • Better policy control for mDNS
  • AVC
    • NBAR 2 protocol pack updated to 11. Heh.
    • Per app, per client rate limiting. Nice.
    • QoS marking can choose the direction instead of only bidirectional. I wonder what the use case for that is.
  • Q-in-Q support. Outer tag for AP group. Inner tag assigned by AAA.
  • VideoStream now supported for FlexConnect locally switched mode.
  • WPA/TKIP now only configurable from the CLI.

Closing Notes

WLC 8.0 is supported on PI 2.1.1. A number of the new features aren’t supported, though I expect those will be available in PI 2.2. ISE 1.2 is supported. Obviously, MSE 8.0 is supported with it. It’s not clear is MSE 8.0 upgrade is required, but it is at least implied.

I suspect this will be the last release to support the 1130 and 1240 series.

8.0.100 has a LONG list of resolved caveats (many of which are also resolved in the 7.x code base) and a decent list of open ones. If you are considering 8.0, I recommend going over those carefully: WLC 8.0 Caveats. Personally, I will likely wait for 8.0.110 before going into production with it.

FIN