Примечания к выпуску для Cisco Cisco 2106 Wireless LAN Controller
14
Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 5.2.178.0
OL-31336-01
Important Notes for Controllers and Non-Mesh Access Points
Important Notes for Controllers and Non-Mesh Access Points
This section describes important information about controllers and non-mesh lightweight access points.
FIPS 140-2
The Cisco 4400 series controllers, the Cisco WiSM, and the Catalyst 3750G Wireless LAN Controller
Switch have received NIST FIPS 140-2 Level 2 certification. Click this link to view the NIST Security
Policies and compliant software versions:
Switch have received NIST FIPS 140-2 Level 2 certification. Click this link to view the NIST Security
Policies and compliant software versions:
Internal DHCP Server
When clients use the controller’s internal DHCP server, IP addresses are not preserved across reboots.
As a result, multiple clients can be assigned the same IP address. To resolve any IP address conflicts,
clients must release their existing IP address and request a new one.
As a result, multiple clients can be assigned the same IP address. To resolve any IP address conflicts,
clients must release their existing IP address and request a new one.
CAPWAP Problems with Firewalls and ACLs
If you have a firewall or access control list (ACL) between the controller and its access points that allows
LWAPP traffic, before upgrading to software release 5.2 and CAPWAP, you should allow CAPWAP
traffic from the access points to the controller by opening the following destination ports:
LWAPP traffic, before upgrading to software release 5.2 and CAPWAP, you should allow CAPWAP
traffic from the access points to the controller by opening the following destination ports:
•
UDP 5246
•
UDP 5247
The access points use a random UDP source port to reach these destination ports on the controller. In
controller software release 5.2, LWAPP was removed and replaced by CAPWAP, but if you have a new
out-of-the-box access point, it could try to use LWAPP to contact the controller before downloading the
CAPWAP image from the controller. Once the access point downloads the CAPWAP image from the
controller, it uses only CAPWAP to communicate with the controller.
controller software release 5.2, LWAPP was removed and replaced by CAPWAP, but if you have a new
out-of-the-box access point, it could try to use LWAPP to contact the controller before downloading the
CAPWAP image from the controller. Once the access point downloads the CAPWAP image from the
controller, it uses only CAPWAP to communicate with the controller.
Note
After 60 seconds of trying to join a controller with CAPWAP, the access point falls back to using LWAPP.
If it cannot find a controller using LWAPP within 60 seconds, it tries again to join a controller using
CAPWAP. The access point repeats this cycle of switching from CAPWAP to LWAPP and back again
every 60 seconds until it joins a controller.
If it cannot find a controller using LWAPP within 60 seconds, it tries again to join a controller using
CAPWAP. The access point repeats this cycle of switching from CAPWAP to LWAPP and back again
every 60 seconds until it joins a controller.
Note
An access point with the LWAPP recovery image (an access point converted from autonomous mode or
an out-of-the-box access point) uses only LWAPP to try to join a controller before downloading the
CAPWAP image from the controller.
an out-of-the-box access point) uses only LWAPP to try to join a controller before downloading the
CAPWAP image from the controller.