New H-REAP ‘feature’ in WLC 7.0 code

This just in from:

When a Hybrid REAP access point enters into a standalone mode, the following occurs:

The access point checks whether it is able to reach the default gateway via ARP. If so, it will continue to try and reach the controller.

If the access point fails to establish the ARP, the following will occur.

The access point attempts to discover for five times and if it still cannot find the controller, it tries to renew the DHCP on the ethernet interface to get a new DHCP IP.

The access point will retry for five times, and if that fails, the access point will renew the IP address of the interface again, this will happen for three attempts.

If the three attemps fail, the access point will fall back to the static IP and will reboot (only if the access point is configured with a static IP).

Reboot is done to remove the possibility of any unknown error the access point configuration.

Once the access point reestablishes a connection with the controller, it disassociates all clients, applies new configuration information from the controller, and reallows client connectivity.

This means no more site surveys with lightweight Access Points running in H-REAP mode since there is no pingable default gateway. AC UPS to power a POE switch? Too bulky and hard to travel with in my book! Looks like we’ll be reverting to a ‘best guess’ survey till some Autonomous code surfaces…

Cisco WLC Config Analyzer version 2.2.3

Is available at:
If you use more than one WLC, you need this. Great way to sync configurations, check for common errors, etc. Now displays Persistent Devices from CleanAir Access Points!

Cisco launches a low cost 802.11n Access Point

Details on the 1040 can be found at:
Note the following caveats:
Slower CPU so less overall PPS compared to the 1140
2×2 MIMO
No client link
No media stream
Runs on standard POE and available in controller based or standalone. Should be a great alternative for those of you suffering from Aruba-itis. 🙂

Cisco announces 4 WLC Vulnerabilities

IKE DoS Vulnerability
HTTP DoS Vulnerability
Privilege Escalation Vulnerabilities
ACL Bypass Vulnerabilities

Details can be found at:
Of interesting note is the recommendation that all non-FIPS 5.x customers migrate to 6.0. Something we all knew anyways, but this is certainly compelling enough reason to get moved sooner rather than later. For most of us, and (.4) are the target code versions.

Cisco Rogue Management in a Unified Wireless Network

Great explanation of Rogue Management – especially interesting with the differences in controller models and and Local Mode vs Monitor Mode.

WLC is back on CCO

Get it before it gets pulled again! 🙂
Release notes are at:

And it does indeed include as a resolved caveat:

CSCti21621      Switch CAM table is not updated after L2 roam.

Cisco’s playing games has been pulled from CCO but the release notes from are back up as ‘new’.

WLC Code is on CCO!

Release notes can be found at:

This of course is the rev that we expect fixes that nasty L2 roam issue. Standard code qualification caveats strongly recommended. 🙂

Why do you configure a controller that way?

So, I was digging on the WLC Config Analyzer (a great tool by itself!) at:

And I stumbled across the list of checks that it does and (more importantly) how it determines that it’s values are ‘preferred’. If you goto:
And scroll down you’ll see the list of the Config Analyzer errors and why it thinks those errors are pertinent (including links to supporting documentation!). If you ever wanted a good solid list of supporting documentation for configuration options, this is the best I’ve seen!

Cisco WLC captured web auth character limitations

Nice to know:

Step 5 If you want the user to be directed to a particular URL (such as the URL for your company) after login,
enter the desired URL (such as in the Redirect URL After Login field. You
can enter up to 254 characters.
Note The controller supports web authentication redirects only to HTTP (HTTP over TCP) servers. It
does not support web authentication redirects to HTTPS (HTTP over SSL) servers.
Step 6 If you want to create your own headline on the login page, enter the desired text in the Headline field.
You can enter up to 127 characters. The default headline is “Welcome to the Cisco wireless network.”
Step 7 If you want to create your own message on the login page, enter the desired text in the Message field.
You can enter up to 2047 characters. The default message is “Cisco is pleased to provide the Wireless
LAN infrastructure for your network. Please login and put your air space to work.”

Of course you can use a web-auth bundle to overcome this limitation but you should keep it in mind if you’re using the built in captured web portal.