Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

WLC Upgrades to 7.5.102.0 from 7.4.100.0 Question

We went through an upgrade from 7.4.100.0 for all of our WLC's this morning.  One of the interesting features, that we wanted to take advantage of, was the BYOD profiling that the release notes talk about.  I'm going through the controllers and see that there is now a tab under the SSID called "policy mapping".  However, when I look for where I can create the local policy, I cannot find anything on the WLC for completing that task.  I've been looking for instructions and notes on how to do this, but cannot seem to find any.  Would anyone be able to point me in the right direction?  Thanks!   

Everyone's tags (3)
8 REPLIES
New Member

WLC Upgrades to 7.5.102.0 from 7.4.100.0 Question

Please disregard.....found it!

Cisco Employee

WLC Upgrades to 7.5.102.0 from 7.4.100.0 Question

Hope this is what you're looking for: the Configuring Local Policies section in the 7.5 configuration guide:

http://www.cisco.com/en/US/docs/wireless/controller/7.5/config_guide/b_cg75_chapter_0111100.html

New Member

WLC Upgrades to 7.5.102.0 from 7.4.100.0 Question

Stavros,

Since you've been on 7.5 code for almost 2 months now, what has been your experience with it? Have you found it reliable and have you ran into any issues? We are rolling out ISE and an upgrade to 7.4 is required for some of the features we're trying to implement but if 7.5 is stable, I might just make the leap to it.

New Member

Re: WLC Upgrades to 7.5.102.0 from 7.4.100.0 Question

@campbech1,

Ironically enough, we're also implementing ISE within the next few months!  Let me know how your ISE rollout goes! 

As far as code 7.5.102.0 goes, we only ran into one issue.  It's a known issue(CSCud68413), which causes any controller, that is acting as a DHCP server, to stop handing out IP addresses.  The only fix is to reboot the controller.  Our guest anchor controller is responsible for handing out DHCP addresses.  We noticed this issue early on.  Our work-around was to move the DHCP scope onto an L3 switch.  Other than that, 7.5.102.0 has been pretty stable.  I haven't experienced any other issues with it.  I do like the profiling capabilities, and the ability to create certain rulesets off of the profiles.  It's kind of a like a mini-ise, when it comes to profiles. 

Let me know how everything goes!  Good luck!

New Member

Re: WLC Upgrades to 7.5.102.0 from 7.4.100.0 Question

Thanks for the info on 7.5.102.  I do have a question how many AP's and Clients do you have on your 7.5 environment and have you seen Bug ID CSCtd34834.  We see this bug where we get critical errors MFP Anomaly Detected - 1 'CCMP Not Encrypted'.  from most of our clients.  It does not cause an operational issue with a small number of clients.  We are just looking for more information on larger installs as we have a plan to move quickly to 7.5.

Thanks

Mark Dycus

New Member

Re: WLC Upgrades to 7.5.102.0 from 7.4.100.0 Question

Mark,

We were seeing the same thing!  Our resolution (not really a resolution, but more of a work-around) was to turn down the alarms.  I do see that there is an enhancement request for this (CSCtd34834). 

New Member

Re: WLC Upgrades to 7.5.102.0 from 7.4.100.0 Question

I don't see how to turn down the alarms? help.  I did disable MFP on all our SSID but I still see the critical alarm.  About how many clients are you running?

Thanks again

Mark.dycus@vanderbilt.edu

Cisco Employee

Re: WLC Upgrades to 7.5.102.0 from 7.4.100.0 Question

Please follow the below steps to create Local Policies.

Step 1  

Choose Security > Local   Policies.

Step 2  

Click New to create a new policy.

Step 3  

Enter the policy name and click Apply.

Step 4  

On the Policy List page, click the   policy name to be configured.

Step 5  

On the Policy > Edit page,   follow these steps:

  1. In the Match Criteria area,        enter a value for Match Role String. This is the user type or user group        of the user, for example, student, teacher, and so on.
  2. From the Match EAP Type drop-down        list, choose the EAP authentication method used by the client.
  3. From the Device Type        drop-down list, choose the device type.
  4. Click Add to add the device        type to the policy device list.

The   device type you choose is listed in the Device List.

  1. In the Action area, specify        the policies that are to be enforced. From the IPv4 ACL drop-down list,        choose an IPv4 ACL for the policy.
  2. Enter the VLAN ID that should        be associated with the policy.
  3. From the QoS Policy drop-down        list, choose a QoS policy to be applied.
  4. Enter a value for Session        Timeout. This is the maximum amount of time, in seconds, after which a        client is forced to reauthenticate.
  5. Enter a value for Sleeping        Client Timeout, which is the timeout for sleeping clients.

Sleeping   clients are clients with guest access that have had successful web   authentication that are allowed to sleep and wake up without having to go   through another authentication process through the login page.

This   sleeping client timeout configuration overrides the WLAN-specific sleeping   client timeout configuration.

  1. In the Active Hours area,        from the Day drop-down list, choose the days on which the policy has to        be active.
  2. Enter the Start Time and End        Time of the policy.
  3. Click Add.

The   day and start time and end time that you specify is listed.

  1. Click Apply.
1839
Views
0
Helpful
8
Replies