Примечания к выпуску для Cisco Cisco 4404 Wireless LAN Controller
7/27/05
Technical Notes for Cisco Wireless LAN Controllers
OL-7431-02
•
RADIUS Servers – This product has been tested with the following RADIUS servers:
-
Odyssey Server and Odyssey Client v1.1 and 2.0 from Funk Software.
-
Steel-Belted RADIUS from Funk Software release 4.40.337 Enterprise Edition.
-
Microsoft Internet Authentication Service (IAS) Release 5 on Windows 2000 Server/
SP4; Microsoft Internet Authentication Service (IAS) Release 5.2.3790.0 on Windows
2003 server.
SP4; Microsoft Internet Authentication Service (IAS) Release 5.2.3790.0 on Windows
2003 server.
-
CiscoSecure ACS, v3.2.
-
FreeRADIUS release 0.9.3, with OpenSSL 0.9.7B.
•
Management usernames and Local netuser usernames must be unique, because they are
stored in the same database. That is, you cannot assign the same name to a Management User
and a Local Netuser.
stored in the same database. That is, you cannot assign the same name to a Management User
and a Local Netuser.
•
802.1x and MicroSoft Windows Zero-Config supplicant – Clients using Windows Zero-Config and
802.1x MUST use WLANs configured for 40 or 104-bit Key Length. Configuring for 128-bit Key
Length results in clients that can associate, but not authenticate.
802.1x MUST use WLANs configured for 40 or 104-bit Key Length. Configuring for 128-bit Key
Length results in clients that can associate, but not authenticate.
•
When a Cisco Wireless LAN Controller reboots, dropped Cisco 1030 remote edge lightweight
access points attempt to associate with any available Cisco 4100 Series Wireless LAN
Controller. If the Cisco 1030 remote edge lightweight access points cannot contact a Cisco 4100
Series Wireless LAN Controller, they continue to offer 802.11a/b/g service on WLAN 1 only.
access points attempt to associate with any available Cisco 4100 Series Wireless LAN
Controller. If the Cisco 1030 remote edge lightweight access points cannot contact a Cisco 4100
Series Wireless LAN Controller, they continue to offer 802.11a/b/g service on WLAN 1 only.
•
WEP Keys – This release supports four separate WEP index keys. These keys cannot be dupli-
cated between WLANs. At most four WEP WLANs can be configured on a Cisco Wireless LAN
Controller. Each of these WLANs must use a different key index.
cated between WLANs. At most four WEP WLANs can be configured on a Cisco Wireless LAN
Controller. Each of these WLANs must use a different key index.
•
DCA and Transmit Power Algorithms are designed to work with four or more Cisco 1000 Series
lightweight access points – If there is a need to enable these algorithms for a smaller number of
Cisco 1000 Series lightweight access points, please contact Cisco Technical Assistance Center
(TAC).
lightweight access points – If there is a need to enable these algorithms for a smaller number of
Cisco 1000 Series lightweight access points, please contact Cisco Technical Assistance Center
(TAC).
•
Using the Backup Image – The Cisco Wireless LAN Controller Bootloader (ppcboot) stores a
copy of the active primary and the backup image. If the primary image should become
corrupted, you can use the Bootloader to boot with the backup image.
After you have booted with the backup image, be sure to use Option 4: Change Active Boot
Image on reboot to set the backup image as the active boot image. If you do not, then when
the Cisco Wireless LAN Controller resets it again boots off the corrupted primary image.
copy of the active primary and the backup image. If the primary image should become
corrupted, you can use the Bootloader to boot with the backup image.
After you have booted with the backup image, be sure to use Option 4: Change Active Boot
Image on reboot to set the backup image as the active boot image. If you do not, then when
the Cisco Wireless LAN Controller resets it again boots off the corrupted primary image.
•
Home page retains Web Auth login with IE 5.x – This is a caching issue in the operator’s
Internet Explorer release 5.x browser. Clearing history corrects it, or upgrade your operator
workstation to Internet Explorer release 6.x.
Internet Explorer release 5.x browser. Clearing history corrects it, or upgrade your operator
workstation to Internet Explorer release 6.x.
•
RLDP Enable/Disable – RLDP Enable/Disable refers to the RLDP protocol which detects rogues
on your wired network. Autocontainment enable/disable indicates whether you want the Cisco
Wireless LAN Controller to automatically contain new Rogues that it finds on the wire. Disabling
RLDP or autocontainment does not disable containment for Rogues that are being contained.
When Rogues are being contained, you must manually disable containment for each Rogue
individually.
on your wired network. Autocontainment enable/disable indicates whether you want the Cisco
Wireless LAN Controller to automatically contain new Rogues that it finds on the wire. Disabling
RLDP or autocontainment does not disable containment for Rogues that are being contained.
When Rogues are being contained, you must manually disable containment for each Rogue
individually.
•
Ad-hoc Rogue Containment – Client card implementations may mitigate the effectiveness of ad
hoc containment.
hoc containment.
•
Apple iBook – Note that some Apple OSs require shared key authentication for WEP. Other
releases of the OS actually do not work with shared key WEP set unless the client saves the key
in their key ring. How you should configure your Cisco Wireless LAN Controller is based on the
client mix you expect to use. Cisco WLAN Solution recommends testing these configurations
before deployment.
releases of the OS actually do not work with shared key WEP set unless the client saves the key
in their key ring. How you should configure your Cisco Wireless LAN Controller is based on the
client mix you expect to use. Cisco WLAN Solution recommends testing these configurations
before deployment.