Cisco Cisco 4402 Wireless LAN Controller
7/27/05
Technical Notes for Cisco Wireless LAN Controllers
OL-7431-02
Technical Notes for Cisco Wireless LAN Controllers
Technical Notes for Cisco Wireless LAN Controllers
•
Voice WLAN Configuration - Cisco WLAN Solution recommends that Load Balancing ALWAYS be
turned off in any WLAN that is supporting voice, regardless of vendor. When Load Balancing is
turned on, voice clients can hear an audible artifact when roaming and the handset is refused at
its first reassociation attempt.
turned off in any WLAN that is supporting voice, regardless of vendor. When Load Balancing is
turned on, voice clients can hear an audible artifact when roaming and the handset is refused at
its first reassociation attempt.
•
The Upgrade Process – When a Cisco Wireless LAN Controller is upgraded, the code on the
associated Cisco 1000 Series lightweight access points is also upgraded. When a Cisco 1000
Series lightweight access point is loading code, each of its lights blink in succession. Do not
power down a Cisco Wireless LAN Controller or a Cisco 1000 Series lightweight access point
during this process! Upgrading a Cisco Wireless LAN Controller with a large number of Cisco
1000 Series lightweight access points can take as long as 30 minutes. The Cisco 1000 Series
lightweight access points must remain powered and the Cisco Wireless LAN Controller must not
be reset during this time.
Cisco recommends the following sequence when performing an upgrade:
associated Cisco 1000 Series lightweight access points is also upgraded. When a Cisco 1000
Series lightweight access point is loading code, each of its lights blink in succession. Do not
power down a Cisco Wireless LAN Controller or a Cisco 1000 Series lightweight access point
during this process! Upgrading a Cisco Wireless LAN Controller with a large number of Cisco
1000 Series lightweight access points can take as long as 30 minutes. The Cisco 1000 Series
lightweight access points must remain powered and the Cisco Wireless LAN Controller must not
be reset during this time.
Cisco recommends the following sequence when performing an upgrade:
A.
Upload your Cisco Wireless LAN Controller configuration files to a server to back them
up.
up.
B.
Turn off the Cisco Wireless LAN Controller 802.11a and 802.11b networks.
C.
Upgrade your Cisco Wireless LAN Controller.
D.
Re-enable your 802.11a and 802.11b networks.
•
Exclusion List (Blacklist) Client Feature – If a client is not able to connect, and the security
policy for the WLAN and/or client is correct, the client has probably been disabled. From the
Web User Interface, Monitor page under client summary, you can see the client’s status. If they
are disabled you can just do a “Remove” operation and the disable is cleared for that client. The
client automatically comes back and, if necessary, reattempts authentication. Automatic
disabling happens as a result of too many failed authentications. Note that clients disabled due
to failed authorization do not show up on the permanent disable display. This display is only for
those MACs that are set as permanently disabled by the administrator.
policy for the WLAN and/or client is correct, the client has probably been disabled. From the
Web User Interface, Monitor page under client summary, you can see the client’s status. If they
are disabled you can just do a “Remove” operation and the disable is cleared for that client. The
client automatically comes back and, if necessary, reattempts authentication. Automatic
disabling happens as a result of too many failed authentications. Note that clients disabled due
to failed authorization do not show up on the permanent disable display. This display is only for
those MACs that are set as permanently disabled by the administrator.
•
IPSec Clients Supported in this Release – This release has been tested with the following IPSec
clients:
clients:
-
NetScreen v8.0.0
-
Cisco Unity v3.6.2
-
SSH Sentinel v1.3.2(1)
-
Movian v3.0
Please note that the Netscreen client does not handle fragmented ICMP packets, doesn't
respond to large ping packets, and does not work with certificates. Other IP fragmented traffic
should work correctly.
respond to large ping packets, and does not work with certificates. Other IP fragmented traffic
should work correctly.
•
XAuth Configuration with NetScreen – Do not enable XAuth on the NetScreen client. Configure
XAuth on the Cisco 4100 Series Wireless LAN Controller. The Cisco 4100 Series Wireless LAN
Controller initiates the XAuth session and the NetScreen client responds and begins interoper-
ating. Configure the NetScreen client with pre-shared keys only. You also need to set up a
separate connection in the clear to your DHCP server.
XAuth on the Cisco 4100 Series Wireless LAN Controller. The Cisco 4100 Series Wireless LAN
Controller initiates the XAuth session and the NetScreen client responds and begins interoper-
ating. Configure the NetScreen client with pre-shared keys only. You also need to set up a
separate connection in the clear to your DHCP server.
•
Rekeys are not supported with Cisco VPN client – If a rekey occurs clients must re-authenticate.
To mitigate this problem, log into the Web User Interface, navigate to the WLANs page, select
Edit to display the WLANs > Edit page, choose Advanced Configuration, and change Lifetime
(seconds) to a large value, such as 28800 seconds (this is the default), depending upon your
security requirements.
To mitigate this problem, log into the Web User Interface, navigate to the WLANs page, select
Edit to display the WLANs > Edit page, choose Advanced Configuration, and change Lifetime
(seconds) to a large value, such as 28800 seconds (this is the default), depending upon your
security requirements.