Cisco Cisco 2106 Wireless LAN Controller
26
Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 6.0.182.0
OL-31336-01
Important Notes for Controllers and Non-Mesh Access Points
Important Notes for Controllers and Non-Mesh Access Points
This section describes important information about controllers and non-mesh lightweight access points.
One-Time Password (OTP) Support
One Time Passwords (OTP) are supported on controllers using TACACS and RADIUS. For OTP support,
you must install a controller release that resolves defects CSCsh29597 and CSCsk21007. Without fixes
for those defects, the WLC continuously requires users to authenticate. When the user clicks an option
on the controller GUI, the controller sends the request to TACACS for authentication.
you must install a controller release that resolves defects CSCsh29597 and CSCsk21007. Without fixes
for those defects, the WLC continuously requires users to authenticate. When the user clicks an option
on the controller GUI, the controller sends the request to TACACS for authentication.
In this configuration, the controller acts as a transparent pass-thru device. The controller forwards all
client requests to the TACACS/RADIUS server without inspecting the client behavior. When using OTP
the client must only establish a single connection to the controller to function properly. The controller
currently does not have any intelligence or checks to correct a client that is trying to establish multiple
connections.
client requests to the TACACS/RADIUS server without inspecting the client behavior. When using OTP
the client must only establish a single connection to the controller to function properly. The controller
currently does not have any intelligence or checks to correct a client that is trying to establish multiple
connections.
RADIUS Called-station-id and Calling-station-id Attributes
In software releases prior to 6.0, the controller sends uppercase alpha characters in the MAC address. In
software release 6.0 or later, the controller sends lowercase alpha characters in the MAC address for the
RADIUS called-station-id and calling-station-id attributes. If you enabled these attributes for 802.1X
authentication in previous releases and upgrade to software release 6.0, client authentication fails.
Therefore, you must change the MAC addresses to lowercase characters on the RADIUS server before
upgrading to software release 6.0.
software release 6.0 or later, the controller sends lowercase alpha characters in the MAC address for the
RADIUS called-station-id and calling-station-id attributes. If you enabled these attributes for 802.1X
authentication in previous releases and upgrade to software release 6.0, client authentication fails.
Therefore, you must change the MAC addresses to lowercase characters on the RADIUS server before
upgrading to software release 6.0.
Access Point Groups
You can create up to 50 access point groups for 2100 series controllers and controller network modules
and up to 192 access point groups for 4400 series controllers, 5500 series controllers, the Cisco WiSM,
and the 3750G wireless LAN controller switch.
and up to 192 access point groups for 4400 series controllers, 5500 series controllers, the Cisco WiSM,
and the 3750G wireless LAN controller switch.
Using Access Points in Sniffer Mode
You must disable IP-MAC address binding in order to use an access point in sniffer mode if the access
point is joined to a 5500 series controller, a 2100 series controller, or a controller network module
running software release 6.0. To disable IP-MAC address binding, enter this command using the
controller CLI: config network ip-mac-binding disable.
point is joined to a 5500 series controller, a 2100 series controller, or a controller network module
running software release 6.0. To disable IP-MAC address binding, enter this command using the
controller CLI: config network ip-mac-binding disable.
WLAN 1 must be enabled in order to use an access point in sniffer mode if the access point is joined to
a 5500 series controller, a 2100 series controller, or a controller network module running software
release 6.0. If WLAN 1 is disabled, the access point cannot send packets.
a 5500 series controller, a 2100 series controller, or a controller network module running software
release 6.0. If WLAN 1 is disabled, the access point cannot send packets.