Cisco Cisco 2106 Wireless LAN Controller
9
Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 4.1.171.0
OL-12979-01
New and Changed Information
New Controller Module
•
Cisco Wireless LAN Controller Network Module-Enhanced (WLCM-E)—The enhanced
controller network module within the Cisco 28/37/38xx Series Integrated Services Router can
support up to 8 or 12 access points (and up to 256 or 350 clients, respectively). It supports these
access points through a gigabit Ethernet distribution system port that connects the router and the
integrated controller.
controller network module within the Cisco 28/37/38xx Series Integrated Services Router can
support up to 8 or 12 access points (and up to 256 or 350 clients, respectively). It supports these
access points through a gigabit Ethernet distribution system port that connects the router and the
integrated controller.
New Controller Features
•
TACACS+ support—Terminal Access Controller Access Control System Plus (TACACS+) is a
client/server protocol that provides centralized security for users attempting to gain management
access to a controller. It provides authentication, authorization, and accounting (AAA) services.
client/server protocol that provides centralized security for users attempting to gain management
access to a controller. It provides authentication, authorization, and accounting (AAA) services.
•
Local EAP—Local EAP is an authentication method that allows users and wireless clients to be
authenticated locally. It is designed for use in remote offices that want to maintain connectivity to
wireless clients when the backend system becomes disrupted or the external authentication server
goes down. Local EAP retrieves user credentials from the local user database or the LDAP backend
database to authenticate users. Local EAP supports LEAP, EAP-FAST with PACs, EAP-FAST with
certificates, and EAP-TLS authentication between the controller and wireless clients.
authenticated locally. It is designed for use in remote offices that want to maintain connectivity to
wireless clients when the backend system becomes disrupted or the external authentication server
goes down. Local EAP retrieves user credentials from the local user database or the LDAP backend
database to authenticate users. Local EAP supports LEAP, EAP-FAST with PACs, EAP-FAST with
certificates, and EAP-TLS authentication between the controller and wireless clients.
Note
Local EAP is designed as a backup authentication system. If any RADIUS servers are
configured on the controller, the controller tries to authenticate the wireless clients using the
RADIUS servers first. Local EAP is attempted only if no RADIUS servers are found, either
because the RADIUS servers timed out or no RADIUS servers were configured.
configured on the controller, the controller tries to authenticate the wireless clients using the
RADIUS servers first. Local EAP is attempted only if no RADIUS servers are found, either
because the RADIUS servers timed out or no RADIUS servers were configured.
•
LDAP database support—You can configure a Lightweight Directory Access Protocol (LDAP)
server as a backend database for use with local EAP. The controller queries the LDAP server for the
credentials (username and password) of a particular user and uses them to authenticate the user.
server as a backend database for use with local EAP. The controller queries the LDAP server for the
credentials (username and password) of a particular user and uses them to authenticate the user.
Note
The LDAP backend database supports only these local EAP methods: EAP-TLS and
EAP-FAST with certificates. LEAP and EAP-FAST with protected access credentials
(PACs) are not supported for use with the LDAP backend database.
EAP-FAST with certificates. LEAP and EAP-FAST with protected access credentials
(PACs) are not supported for use with the LDAP backend database.
•
Access control list (ACL) enhancements—You can now apply an ACL to the controller central
processing unit (CPU) or to a WLAN. An ACL is a set of rules used to limit access to a particular
interface (for example, if you want to restrict a wireless client from pinging the management
interface of the controller). After ACLs are configured on the controller, they can be applied to the
management interface, the AP-manager interface, any of the dynamic interfaces, and now to a
WLAN to control data traffic to and from wireless clients or to the controller CPU to control all
traffic destined for the CPU.
processing unit (CPU) or to a WLAN. An ACL is a set of rules used to limit access to a particular
interface (for example, if you want to restrict a wireless client from pinging the management
interface of the controller). After ACLs are configured on the controller, they can be applied to the
management interface, the AP-manager interface, any of the dynamic interfaces, and now to a
WLAN to control data traffic to and from wireless clients or to the controller CPU to control all
traffic destined for the CPU.
•
Load-based call admission control (CAC) for VoWLAN—This feature allows lightweight access
points and controllers to consider three additional variables when deciding how many voice calls to
allow on the network: the bandwidth used by all traffic types, co-channel access point loads, and
co-located channel interference. The access point accounts for these three new variables when
determining if there is sufficient bandwidth to support a new VoWLAN call. Previously, only
bandwidth-based CAC was supported.
points and controllers to consider three additional variables when deciding how many voice calls to
allow on the network: the bandwidth used by all traffic types, co-channel access point loads, and
co-located channel interference. The access point accounts for these three new variables when
determining if there is sufficient bandwidth to support a new VoWLAN call. Previously, only
bandwidth-based CAC was supported.