Cisco Cisco 4402 Wireless LAN Controller
10
Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 4.0.217.0
OL-31336-01
Important Notes
•
Both the 7920 phones and the controllers support Cisco Centralized Key Management (CCKM) fast
roaming.
roaming.
•
When configuring WEP, there is a difference in nomenclature for the controller and the 7920 phone.
Configure the controller for 104 bits when using 128-bit WEP for the 7920.
Configure the controller for 104 bits when using 128-bit WEP for the 7920.
Changing the IOS LWAPP Access Point Password
Cisco IOS Lightweight Access Point Protocol (LWAPP) access points have a default password of Cisco,
and the pre-stage configuration for LWAPP access points is disabled by default. To enable it, you must
configure the access point with a new username and password when it joins the controller. Enter this
command using the controller CLI to push a new username and password to the access point:
and the pre-stage configuration for LWAPP access points is disabled by default. To enable it, you must
configure the access point with a new username and password when it joins the controller. Enter this
command using the controller CLI to push a new username and password to the access point:
config ap username user_id password password {AP_name | all}
•
The AP_name parameter configures the username and password on the specified access point.
•
The all parameter configures the username and password on all the access points registered to the
controller.
controller.
The password pushed from the controller is configured as “enable password” on the access point.
There are some cases where the pre-stage configuration for LWAPP access points is disabled and the access
point displays the following error message when the CLI commands are applied:
point displays the following error message when the CLI commands are applied:
ERROR!!! Command is disabled.
For more information, refer to
Upgrading Autonomous Cisco Aironet Access Points to Lightweight Mode.
Exclusion List (Blacklist) Client Feature
If a client is not able to connect to an access point, and the security policy for the WLAN and client are
correct, the client has probably been disabled. In the controller GUI, you can view the client’s status on
the Monitor > Summary page under Client Summary. If the client is disabled, click Remove to clear the
disabled state for that client. The client automatically comes back and, if necessary, reattempts
authentication.
correct, the client has probably been disabled. In the controller GUI, you can view the client’s status on
the Monitor > Summary page under Client Summary. If the client is disabled, click Remove to clear the
disabled state for that client. The client automatically comes back and, if necessary, reattempts
authentication.
Automatic disabling happens as a result of too many failed authentications. Clients disabled due to failed
authorization do not appear on the permanent disable display. This display is only for those MACs that
are set as permanently disabled by the administrator.
authorization do not appear on the permanent disable display. This display is only for those MACs that
are set as permanently disabled by the administrator.
RADIUS Servers and the Management VLAN
If a RADIUS server is on a directly connected subnet (with respect to the controller), then that subnet
must be the management VLAN subnet.
must be the management VLAN subnet.
IPSec Not Supported
Software release 4.0.206.0 does not allow you to choose IPSec as a Layer 3 Security option. None and VPN
Passthrough are the only available options. If you upgrade to this release from a previous release that
supported IPSec as a Layer 3 Security option, any WLANs that are configured for this feature become
disabled. If you want to configure IPSec, you must use a version of controller software prior to 3.2 or wait for
a future release.
Passthrough are the only available options. If you upgrade to this release from a previous release that
supported IPSec as a Layer 3 Security option, any WLANs that are configured for this feature become
disabled. If you want to configure IPSec, you must use a version of controller software prior to 3.2 or wait for
a future release.