Cisco Cisco 2106 Wireless LAN Controller
12
Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 5.1.151.0
OL-31336-01
New Features
Note
Cisco recommends that you do not configure 40-MHz channels in the 2.4-GHz radio band
because severe co-channel interference can occur.
because severe co-channel interference can occur.
•
Access point failover priority—Each controller has a defined number of communication ports for
access points. When multiple controllers with unused access point ports are deployed on the same
network and one controller fails, the dropped access points automatically poll for unused controller
ports and associate with them. In controller software release 5.1.151.0, you can configure your
wireless network so that the backup controller recognizes a join request from a higher-priority
access point and if necessary disassociates a lower-priority access point as a means to provide an
available port.
access points. When multiple controllers with unused access point ports are deployed on the same
network and one controller fails, the dropped access points automatically poll for unused controller
ports and associate with them. In controller software release 5.1.151.0, you can configure your
wireless network so that the backup controller recognizes a join request from a higher-priority
access point and if necessary disassociates a lower-priority access point as a means to provide an
available port.
To configure this feature, you must enable failover priority on your network and assign priorities to
the individual access points. By default, all access points are set to priority level 1, which is the
lowest priority level.
the individual access points. By default, all access points are set to priority level 1, which is the
lowest priority level.
Note
Failover priority takes effect only if there are more association requests after a controller
failure than there are available backup controller ports.
failure than there are available backup controller ports.
•
Antenna selection—Using the controller GUI or CLI, you can configure 1250 series access point
radios to operate with only one or two antennas.
radios to operate with only one or two antennas.
•
EAP-FAST/802.1X supplicant—You can configure 802.1X authentication between a Cisco
Aironet 1130, 1240, or 1250 series access point and a Cisco switch. The access point acts as an
802.1X supplicant and is authenticated by the switch using EAP-FAST with anonymous PAC
provisioning.
Aironet 1130, 1240, or 1250 series access point and a Cisco switch. The access point acts as an
802.1X supplicant and is authenticated by the switch using EAP-FAST with anonymous PAC
provisioning.
These switches and minimum software releases are currently supported for use with this feature:
–
Cisco Catalyst 3560 Series Switches with Cisco IOS Release 12.2(35)SE5
–
Cisco Catalyst 3750 Series Switches with Cisco IOS Release 12.2(40)SE
–
Cisco Catalyst 4500 Series Switches with Cisco IOS Release 12.2(40)SG
–
Cisco Catalyst 6500 Series Switches with Supervisor Engine 32 running Cisco IOS Release
12.2(33)SXH
12.2(33)SXH
•
NAC out-of-band integration—The Cisco NAC Appliance, also known as Cisco Clean Access
(CCA), is a network admission control (NAC) product that identifies whether machines are
compliant with security policies and repairs vulnerabilities before permitting access to the network.
In controller software releases prior to 5.1.151.0, the controller integrates with the NAC appliance
only in in-band mode, where the NAC appliance must remain in the data path. For in-band mode, a
NAC appliance is required at each authentication location (such as at each branch or for each
controller), and all traffic must traverse the NAC enforcement point. In controller software release
5.1.151.0, the controller can integrate with the NAC appliance in out-of-band mode, where the NAC
appliance remains in the data path only until clients have been analyzed and cleaned. Out-of-band
mode reduces the traffic load on the NAC appliance and enables centralized NAC processing.
(CCA), is a network admission control (NAC) product that identifies whether machines are
compliant with security policies and repairs vulnerabilities before permitting access to the network.
In controller software releases prior to 5.1.151.0, the controller integrates with the NAC appliance
only in in-band mode, where the NAC appliance must remain in the data path. For in-band mode, a
NAC appliance is required at each authentication location (such as at each branch or for each
controller), and all traffic must traverse the NAC enforcement point. In controller software release
5.1.151.0, the controller can integrate with the NAC appliance in out-of-band mode, where the NAC
appliance remains in the data path only until clients have been analyzed and cleaned. Out-of-band
mode reduces the traffic load on the NAC appliance and enables centralized NAC processing.
Note
CCA software release 4.5 or later is required for NAC out-of-band integration.
Note
In controller software release 5.1.151.0, the Controller Network Module does not support
NAC out-of-band integration.
NAC out-of-band integration.