Cisco Cisco 2000 Series Wireless LAN Controller

If a client is not able to connect to an access point and the security policy for the WLAN and/or client is 
correct, the client has probably been disabled. In the controller GUI, you can view the client’s status on 
the Monitor > Summary page under Client Summary. If the client is disabled, click Remove to clear the 
disabled state for that client. The client automatically comes back and, if necessary, reattempts 
authentication. 

Automatic disabling happens as a result of too many failed authentications. Clients disabled due to failed 
authorization do not appear on the permanent disable display. This display is only for those MACs that 
are set as permanently disabled by the administrator.

This operating system release has been tested with the following IPSec clients:

NetScreen v10.1.1 (build 10)

Cisco VPN Client v4.6.04

SSH Sentinel v1.4.1

Openswan v2.4.0

The Netscreen client does not handle fragmented ICMP packets, does not respond to large ping packets, 
and does not work with certificates. Other IP fragmented traffic should work correctly.

The controller database can contain up to 2048 MAC filter entries for local netusers. 

Cisco access points are known to go off channel for up to 30 seconds while identifying rogue access 
point threats. This activity can cause occasional dropped client connections.

Cisco Aironet 1030 Remote Edge Lightweight Access Points do not support WPA2-PSK in REAP 
standalone mode.

To initiate an XAuth session, configure XAuth on the controller and enable extended authentication on 
the NetScreen client.