Filter
Top Products
22
Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 3.2.171.6
OL-11567-02
Caveats
• CSCsc41313—The Cisco Aironet 1500 Series Lightweight Outdoor Access Points are configured
by default to allow old bridges. When this configuration is enabled, the shared secret key set on the
controller is not passed to the access points, so a few access points might be running on the old key.
If these access points reset or new access points are waiting to join the running network, they may
take a very long time to connect to the network or might not join at all. The default value has been
changed to not allow old bridges to authenticate.
Workaround: Configure the controller using this command: config network allow-old-bridge-aps
disable.
• CSCsc68154—The controller’s error log repeatedly displays the “Got an idle-timeout message from
an unknown client” error message for some unknown reason.
Workaround: None at this time.
• CSCsc70484—Most IPSec VPN clients start using the new security association (SA) immediately
upon rekeying. However, the Cisco VPN Client continues to use the old SA for some time before
switching to the new one, which results in packet loss until the client switches over.
Workaround: Use these WLAN settings on the controller to ensure that the client controls when the
rekey process takes effect and the controller responds to the client for the phase 1 SA rekey:
–
Session Timeout: 0 seconds
–
Layer 3 Security: IPsec
–
IPsec Authentication: HMAC SHA1
–
IPsec Encryption: AES (If you choose 3DES, configure the IPsec lifetime to a value greater than
the expected duration of the client session.)
–
IKE Phase 1: Aggressive
–
Lifetime: 43200 to 57600 seconds (12 to 16 hours)
–
IKE Diffie Hellman Group: Group 2 (1024 bits)
• CSCsc75351—The controller CLI command debug mac addr client_mac_address, which is
designed to limit debug output to the specified client, is not filtering client traffic.
Workaround: None at this time.
• CSCsc77157—Multiple 4100 series controllers may simultaneously reset without crash files or
message log entries being generated.
Workaround: None at this time.
• CSCsc92354—The Security > MAC Filtering page on the controller GUI shows MAC address filters
in this format: XX:XX:XX:XX:XX:XX, which differs from the Cisco standard format of
XXXX:XXXX:XXXX.
Workaround: None at this time.
• CSCsc98897—The SecureCRT application cannot open an SSH session on the controller.
Workaround: Use PuTTy, the SSH client on Windows, or SSH in Linux.
• CSCsd04684—The 4100 series controller ports do not work when the Gateway Load Balancing
Protocol (GLBP) is configured on the management interface VLAN.
Workaround: Do not configure GLBP on the management interface VLAN. For redundancy, Hot
Standby Router Protocol (HSRP) can be used on the management interface VLAN.