Important Notes

The 7920 phones and the controllers do not currently use compatible fast roaming mechanisms. The phone uses CCKM while the controllers use proactive key caching (PKC). To minimize roaming latency, static WEP is the recommended security mechanism.

When configuring WEP, there is a difference in nomenclature for the controller and the 7920 phone. Configure the controller for 104 bits when using 128-bit WEP for the 7920.

Client Channel Changes

Cisco access points are known to go off channel for up to 30 seconds while identifying rogue access point threats. This activity can cause occasional dropped client connections.

Exclusion List (Blacklist) Client Feature

If a client is not able to connect to an access point and the security policy for the WLAN and/or client is correct, the client has probably been disabled. In the controller GUI, you can view the client’s status on the Monitor > Summary page under Client Summary. If the client is disabled, click Remove to clear the disabled state for that client. The client automatically comes back and, if necessary, reattempts authentication.

Automatic disabling happens as a result of too many failed authentications. Clients disabled due to failed authorization do not appear on the permanent disable display. This display is only for those MACs that are set as permanently disabled by the administrator.

Maximum MAC Filter Entries

The controller database can contain up to 2048 MAC filter entries for local netusers. The default value is 512. To support up to 2048 entries, you must enter this command in the controller CLI:

config database size MAC_filter_entry

where MAC_filter_entry is a value from 512 to 2048.

Cisco Aironet 1030 Remote Edge Lightweight Access Points and WPA2-PSK

Cisco Aironet 1030 Remote Edge Lightweight Access Points do not support WPA2-PSK in REAP standalone mode.

RADIUS Servers

This product has been tested with the following RADIUS servers:

CiscoSecure ACS v3.2

Funk Odyssey Client v1.1 and 2.0

Funk Steel-Belted RADIUS release 4.71.739 and 5.03 Enterprise Edition

Microsoft Internet Authentication Service (IAS) release 5.2.3790.1830 on Windows 2003 server

Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 3.2.171.6

 

OL-11567-02

11

 

 

 

Page 11
Image 11
Cisco Systems OL-11567-02 Client Channel Changes, Exclusion List Blacklist Client Feature, Maximum MAC Filter Entries