Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

2504 WLC DTLS License

Hi,

Does anyone know how to view if a WLC has a DTLS licence installed?

"show license all" doesn't appear to show anything related to DTLS, perhaps that's because it's not on there...

Thanks,

Peter

Everyone's tags (3)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

2504 WLC DTLS License

WPlus License Features Included in Base License

All features included in a Wireless LAN Controller WPlus license are now  included in the base license; this change is introduced in release  7.0.230.0. There are no changes to WCS BASE and PLUS licensing.

These WPlus license features are included in the base license:

Office Extend AP

Enterprise Mesh

CAPWAP Data Encryption

The licensing change can affect features on your wireless LAN when you  upgrade or downgrade software releases, so you should be aware of these  guidelines:

If  you have a WPlus license and you upgrade from 6.0.18x to 7.0.230.0,  your license file contains both Basic and WPlus license features. You  will not see any disruption in feature availability and operation.

If  you have a WPlus license and you downgrade from 7.0.230.0 to 6.0.196.0,  6.0.188 or 6.0.182, the license file in 7.0.220.0 contains both Basic  and WPlus license features, so you will not see any disruption in  feature availability and operation.

If  you have a base license and you downgrade from 7.0.230.0. 7.0.220.0,  6.0.196.0, 6.0.188.0 or 6.0.182.0, you lose all WPlus features.


Note Some  references to the Wireless LAN Controller WPlus licenses remain in WCS  and in the controller CLI and GUI in release 7.0.230.0. However, WLC  WPlus license features have been included in the Base license, so you  can ignore those references.


-Scott
*** Please rate helpful posts ***

Re: 2504 WLC DTLS License

All,

I was having the same issue tonight. No matter what code version I put the 2504 on, my OEAP (602i in my case) would not join (and stay joined to) the controller, and it was complaining about no DTLS data encryption.

I am running 7.0.230.0. I found that a DTLS license must be installed, regardless of build type (mine is DATA + WPS). If the controller did not ship with a DTLS license installed, one must be uploaded to the controller. You do not need to special order a PAK for this, nor do you need a valid PAK to make this work. This is a downloadable, zero-cost, permanent license. Just plug in your product ID, wlc serial number (Controller --> Inventory), click submit and your license will be available as a download and emailed to you.

Here is what I did to fix my issue (quoted from data sheet, linked below):

To obtain/download a Data DTLS License:

Step 1. Browse to http://cisco.com/go/license

Step 2. On the Product License Registration page, choose Licenses Not Requiring a PAK.

Step 3. Choose Cisco Wireless Controllers DTLS License under Wireless.

Step 4. Complete the remaining steps to generate the license file. The license will be provided online or via email.

Step 5. Copy the license file to your TFTP server.

Step 6. Install the license by browsing to the WLC Web Administration Page:

Management --> Software Activation --> Commands --> Action: Install License

Reference: http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps11630/data_sheet_c78-645111.html

Sorry if this is a repeat of info, but I didn't find it anywhere else until I clicked through a half dozen other top google hits and finally managed to find these instructions, of all places, in the 2504 data sheet.

Justin

21 REPLIES
Hall of Fame Super Silver

Re: 2504 WLC DTLS License

Well if you have the 7.0.220.0 and higher, the DTLS license will be installed.  If you do a show sysinfo and you see LDPE, then you need to have a DTLS license to enable data encryption.

Build Type....................................... DATA + WPS + LDPE

-Scott
*** Please rate helpful posts ***
New Member

2504 WLC DTLS License

Hi Scott,

I have:

Build Type....................................... DATA + WPS

This is a 2504 not a 5508. Does this mean that the DTLS license is not installed?


Thanks,

Peter

Hall of Fame Super Silver

2504 WLC DTLS License

No... that means you have the correct image on the WLC.  If you can enable data encryption on the AP, then you have the DTLS license installed.  Again... if you are running 7.0.220.0 or higher, you have the license installed since it is built into the image.

-Scott
*** Please rate helpful posts ***
Hall of Fame Super Silver

2504 WLC DTLS License

Here is a WLC that had the LDPE image installed and I had to install a DTLS license:

Manufacturer's Name.............................. Cisco Systems Inc.

Product Name..................................... Cisco Controller

Product Version.................................. 7.0.230.0

Bootloader Version............................... 1.0.1

Field Recovery Image Version..................... 6.0.182.0

Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27

Build Type....................................... DATA + WPS + LDPE

show license all

License Store: Primary License Storage

StoreIndex:  0  Feature: base   Version: 1.0

        License Type: Permanent

        License State: Active, In Use

        License Count: Non-Counted

        License Priority: Medium

StoreIndex:  1  Feature: base-ap-count   Version: 1.0

        License Type: Permanent

        License State: Active, In Use

        License Count: 100/100/0

        License Priority: Medium

StoreIndex:  2  Feature: data_encryption   Version: 1.0

        License Type: Permanent

        License State: Active, In Use

        License Count: Non-Counted

        License Priority: Medium

License Store: Evaluation License Storage

StoreIndex:  0  Feature: base   Version: 1.0

        License Type: Evaluation

        License State: Inactive

            Evaluation total period:  8 weeks  4 days

            Evaluation period left:  8 weeks  4 days

        License Count: Non-Counted

        License Priority: None

StoreIndex:  1  Feature: base-ap-count   Version: 1.0

        License Type: Evaluation

        License State: Inactive

            Evaluation total period:  8 weeks  4 days

            Evaluation period left:  8 weeks  4 days

        License Count: 500/0/0

        License Priority: None

Here is a WLC that didn't have the LDPE image whcih you want:)

show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.

Product Name..................................... Cisco Controller

Product Version.................................. 7.0.230.0

Bootloader Version............................... 1.0.1

Field Recovery Image Version..................... 6.0.182.0

Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27

Build Type....................................... DATA + WPS

show license all

License Store: Primary License Storage

StoreIndex:  0  Feature: base   Version: 1.0

        License Type: Permanent

        License State: Active, In Use

        License Count: Non-Counted

        License Priority: Medium

StoreIndex:  1  Feature: base-ap-count   Version: 1.0

        License Type: Permanent

        License State: Active, In Use

        License Count: 500/500/0

        License Priority: Medium

License Store: Evaluation License Storage

StoreIndex:  0  Feature: base   Version: 1.0

        License Type: Evaluation

        License State: Inactive

            Evaluation total period:  8 weeks  4 days

            Evaluation period left:  8 weeks  4 days

        License Count: Non-Counted

        License Priority: None

StoreIndex:  1  Feature: base-ap-count   Version: 1.0

        License Type: Evaluation

        License State: Inactive

            Evaluation total period:  8 weeks  4 days

            Evaluation period left:  8 weeks  4 days

        License Count: 500/0/0

        License Priority: None

-Scott
*** Please rate helpful posts ***
New Member

2504 WLC DTLS License

Thank Scott, but I'm still unclear on how I can confirm that the license is definately installed becuase; they can be ordered without the license, and the configuration guide says that you need to have the license.


I'm running 7.0.230.0.

From the configuration guide:

The Availability of data DTLS for the 7.0.116.0 release is as follows:

 

2500, WiSM2, WLC2—These platforms by default will not contain DTLS. To turn on data DTLS, you must install a license. These platforms will have a single image with data DTLS turned off. To use data DTLS you will need to have a license.

When ordering the 2504 you can choose to include the DTLS license or not. What I'm trying to find out is if the DTLS license is installed or not. It shoudl be on there, but I'm struggling to find a way to confirm this.

OEAP600 registrations are currently failing with the error CAPWAP State: DTLS Teardown, so I'm wondering if the license may be the cause of this problem...

Peter

Hall of Fame Super Silver

2504 WLC DTLS License

Since you are running 7.0.230.0, you don't have to worry about having to install a DTLS license.... your WLC doesn't need it anymore and you will not see a license unless you install a license file.  I have a 2504 and have used OfficeExtend for testing.  As ling as you can enable data encryption, you don't need a licence.  If you can't enable data encryption you will need a license.

-Scott
*** Please rate helpful posts ***
Hall of Fame Super Silver

2504 WLC DTLS License

WPlus License Features Included in Base License

All features included in a Wireless LAN Controller WPlus license are now  included in the base license; this change is introduced in release  7.0.230.0. There are no changes to WCS BASE and PLUS licensing.

These WPlus license features are included in the base license:

Office Extend AP

Enterprise Mesh

CAPWAP Data Encryption

The licensing change can affect features on your wireless LAN when you  upgrade or downgrade software releases, so you should be aware of these  guidelines:

If  you have a WPlus license and you upgrade from 6.0.18x to 7.0.230.0,  your license file contains both Basic and WPlus license features. You  will not see any disruption in feature availability and operation.

If  you have a WPlus license and you downgrade from 7.0.230.0 to 6.0.196.0,  6.0.188 or 6.0.182, the license file in 7.0.220.0 contains both Basic  and WPlus license features, so you will not see any disruption in  feature availability and operation.

If  you have a base license and you downgrade from 7.0.230.0. 7.0.220.0,  6.0.196.0, 6.0.188.0 or 6.0.182.0, you lose all WPlus features.


Note Some  references to the Wireless LAN Controller WPlus licenses remain in WCS  and in the controller CLI and GUI in release 7.0.230.0. However, WLC  WPlus license features have been included in the Base license, so you  can ignore those references.


-Scott
*** Please rate helpful posts ***
New Member

2504 WLC DTLS License

Great - thanks very much Scott, the cause of my problem must lie elsewhere.Regards,Peter

Hall of Fame Super Silver

2504 WLC DTLS License

You could take one of those OfficeExtend ap's and connect that locally to your network and then on the wlc do a show dtls summary and it will show you the ap's that are configured for dtls.

-Scott
*** Please rate helpful posts ***

Re: 2504 WLC DTLS License

All,

I was having the same issue tonight. No matter what code version I put the 2504 on, my OEAP (602i in my case) would not join (and stay joined to) the controller, and it was complaining about no DTLS data encryption.

I am running 7.0.230.0. I found that a DTLS license must be installed, regardless of build type (mine is DATA + WPS). If the controller did not ship with a DTLS license installed, one must be uploaded to the controller. You do not need to special order a PAK for this, nor do you need a valid PAK to make this work. This is a downloadable, zero-cost, permanent license. Just plug in your product ID, wlc serial number (Controller --> Inventory), click submit and your license will be available as a download and emailed to you.

Here is what I did to fix my issue (quoted from data sheet, linked below):

To obtain/download a Data DTLS License:

Step 1. Browse to http://cisco.com/go/license

Step 2. On the Product License Registration page, choose Licenses Not Requiring a PAK.

Step 3. Choose Cisco Wireless Controllers DTLS License under Wireless.

Step 4. Complete the remaining steps to generate the license file. The license will be provided online or via email.

Step 5. Copy the license file to your TFTP server.

Step 6. Install the license by browsing to the WLC Web Administration Page:

Management --> Software Activation --> Commands --> Action: Install License

Reference: http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps11630/data_sheet_c78-645111.html

Sorry if this is a repeat of info, but I didn't find it anywhere else until I clicked through a half dozen other top google hits and finally managed to find these instructions, of all places, in the 2504 data sheet.

Justin

2504 WLC DTLS License

Hello,

For More information on OEAP-600, please watch the "Community Tech-Talk Series" Cisco Office Extend Access Point OEAP-600

https://supportforums.cisco.com/community/netpro/wireless-mobility/begin-wireless/blog/2012/02/24/cisco-office-extend-access-point-oeap-600

Thanks,

Vinay Sharma

Community Manager - Wireless

Thanks & Regards
New Member

2504 WLC DTLS License

I too had the same problem. We were a bit confused about the statement that since sw release 7.0.230 this should be included. Your post shortened our troubleshooting quite a bit

Best regards

Markus

New Member

2504 WLC DTLS License

It is dated now.  it is under get new license --->"Request Crypto, IPS and Other Licenses "

CCNP - Wireless
CWNA and CWAP

CCNP - Wireless CWNA and CWAP

2504 WLC DTLS License

Good follow up Kevin .. Thanks for going out of your way and posting this .. +5

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

__________________________________________________________________________________________ "Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin ___________________________________________________________
Hall of Fame Super Silver

Re: 2504 WLC DTLS License

Justin,

That is also the process if you have a 5508 with an LDPE image. You basically have to upgrade using an LDPE image and then install that free license to enable data encryption. I didn't have to install a DTLS license on my 2504, the upgrade was fine, but I did on my 5508. The other option is to call TAC and they can walk you through manually installing the image without LDPE but that is more intrusive. TAC issues that free license to make it easier to enable DTLS if you have the LDPE image.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

Re: 2504 WLC DTLS License

Scott,

Did your 2504 ship to you with 7.0.220.0 or newer code? I wonder if this is only a problem for pre-220 code on that platform.

Justin

Hall of Fame Super Silver

Re: 2504 WLC DTLS License

Mine shipped with the 7.0.116.0 code.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

2504 WLC DTLS License

Cisco Employee

2504 WLC DTLS License

Per pollicy, WLCs that are received as RMA will not shipped with DTLS image on it, it'll be always LDPE image, user has to install the free DTLS license on the supported hardware.

Summary of what Scott explained before:

LDPE and non LDPE images are not interchangable however DTLS license file fix the gap.

DATA + WPS + LDPE == LDPE = no capwap Data encryption, need DTLS license to get the encyrption.

DATA + WPS == non LDPE = capwap Data encryption already available, no need to install DTLS license.

Though the feature is available, The feature is active only if it is enabled on the AP otherwise it is dormant.

newer APs does DTLS on hardware while the older does on software(beware enabling this on older AP would kill the AP performance).

data DTLS not applicable on hreap locally switched and Mesh traffic.

Cisco Employee

2504 WLC DTLS License

Goto any joined AP's advanced tab, if 'Data Encryption' is showed with 'check box' that is 'not checked' and 'Current Data Encryption Status' is 'plain text' OR 'Data Encryption' is checked and 'Current Data Encryption Status' shows 'Encrypted', means WLC is Data DTLS capable. some old APs don't support data DTLS.

New Member

2504 WLC DTLS License

Saravanan,

I'm posting this for the benefit of anyone else who may stumble across this thread when they first try to configure an OEAP-600.

I have a WLC2504 that is running the 7.4.110.0 DATA + WPS  image. It also shows 'Data Encryption' as 'not checked' and the 'Current Data Encryption Status' is 'plain text'.

When trying to join an OEAP-600 to the AP to the WLC I was seeing the 'WLC does not support DTLS' error message.

After installing the DTLS license as per Justin's instructions above, the AP began working properly.

Steve

19385
Views
54
Helpful
21
Replies
CreatePlease to create content