Cisco Cisco 2106 Wireless LAN Controller
29
Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 6.0.182.0
OL-31336-01
Important Notes for Controllers and Non-Mesh Access Points
Fragmented Pings
Cisco 5500 series controllers do not support fragmented pings on any interface. Similarly, Cisco 4400
series controllers, the Cisco WiSM, and the Catalyst 3750G Integrated Wireless LAN Controller Switch
do not support fragmented pings on the AP-manager interface.
series controllers, the Cisco WiSM, and the Catalyst 3750G Integrated Wireless LAN Controller Switch
do not support fragmented pings on the AP-manager interface.
802.11g Controller and 802.11b Clients
When a controller is configured to allow only 802.11g traffic, 802.11b client devices are able to
successfully associate to an access point but cannot pass traffic. When you configure the controller for
802.11g traffic only, disable any channels (such as channel 14 in Japan) that allow associations from
802.11b client devices.
successfully associate to an access point but cannot pass traffic. When you configure the controller for
802.11g traffic only, disable any channels (such as channel 14 in Japan) that allow associations from
802.11b client devices.
FIPS 140-2
The Cisco 4400 series controllers, the Cisco WiSM, and the Catalyst 3750G Wireless LAN Controller
Switch have received NIST FIPS 140-2 Level 2 certification. Click this link to view the NIST Security
Policies and compliant software versions:
Switch have received NIST FIPS 140-2 Level 2 certification. Click this link to view the NIST Security
Policies and compliant software versions:
CAPWAP Problems with Firewalls and ACLs
If you have a firewall or access control list (ACL) between the controller and its access points that allows
LWAPP traffic, before upgrading to software release 5.2 or later and CAPWAP, you should allow
CAPWAP traffic from the access points to the controller by opening the following destination ports:
LWAPP traffic, before upgrading to software release 5.2 or later and CAPWAP, you should allow
CAPWAP traffic from the access points to the controller by opening the following destination ports:
•
UDP 5246
•
UDP 5247
The access points use a random UDP source port to reach these destination ports on the controller. In
controller software release 5.2, LWAPP was removed and replaced by CAPWAP, but if you have a new
out-of-the-box access point, it could try to use LWAPP to contact the controller before downloading the
CAPWAP image from the controller. Once the access point downloads the CAPWAP image from the
controller, it uses only CAPWAP to communicate with the controller.
controller software release 5.2, LWAPP was removed and replaced by CAPWAP, but if you have a new
out-of-the-box access point, it could try to use LWAPP to contact the controller before downloading the
CAPWAP image from the controller. Once the access point downloads the CAPWAP image from the
controller, it uses only CAPWAP to communicate with the controller.
Note
After 60 seconds of trying to join a controller with CAPWAP, the access point falls back to using LWAPP.
If it cannot find a controller using LWAPP within 60 seconds, it tries again to join a controller using
CAPWAP. The access point repeats this cycle of switching from CAPWAP to LWAPP and back again
every 60 seconds until it joins a controller.
If it cannot find a controller using LWAPP within 60 seconds, it tries again to join a controller using
CAPWAP. The access point repeats this cycle of switching from CAPWAP to LWAPP and back again
every 60 seconds until it joins a controller.
Note
An access point with the LWAPP recovery image (an access point converted from autonomous mode or
an out-of-the-box access point) uses only LWAPP to try to join a controller before downloading the
CAPWAP image from the controller.
an out-of-the-box access point) uses only LWAPP to try to join a controller before downloading the
CAPWAP image from the controller.