Over the weekend of October 21st 2017, Cisco released wireless LAN controller (WLC) and lightweight access points version 18.104.22.168. We take a look at what is new with Cisco WLC and why we should consider upgrading.
One thing to note is that this release is a repost of 22.214.171.124. Most notably it resolves the AP / Infrastructure vulnerability to the KRACK attack. Cisco had some challenges getting this release out after the vulnerability was published. Over the weekend they had posted an update and then pulled it back.
I have upgraded a few controllers to 126.96.36.199 without any issue.
Here are a few features that stuck out to me in the release notes:
New AP support for Aironet 1540 series, 1815m and 1815t
Of course with newer access points you must be running the latest version of code. I’ve been able to see the Aironet 1540 in person and it’s a small outdoor AP that fits even our aesthetic requirements. The other two I haven’t had experience with it.
Place Aironet 1540, 1560, and 18xx APs into monitor mode
This is a welcomed feature. Monitor mode is used to collect RF channel info that is used with rogue detection, wIPS, and CleanAir. The following Aironet APs that will be capable of going into monitor mode:
- 1540 series
- 1560 series
- 1810 OfficeExtend
Cisco Spectrum Expert-Remote Sensor on Wave 2 APs
Another great feature. Check out our previous blog post on using Chanalyzer CleanAir accessory. While placing APs into Spectrum Expert mode doesn’t allow it to service clients, it does become a tremendous troubleshooting tool when needed.
New AP Commands
- show controllers dot11radio 1 antenna – displays last seen power (per antenna RSSI) with the radio port as input.
- show controllers dot11radio 1 client mac-address – Displays info on what the client is doing (rate selection and streams). Also displays non-zero RX, TX, or TX-Retries (cumulative) for each rate, stream, or width combination
Support for Client-Aware Flexible Radio Assignment
Client-Aware FRA will be supported on Aironet 2800 and 3800 APs. What this allows you to do is set a utilization threshold to turn a monitor mode radio to a client serving 5 GHz radio and vice versa.
The two features are called Client select and Client reset. The default percentage value is 50% and 5% respectively.
- View FRA assignment settings using the show advanced fra command
Software-Defined Access Wireless
This is for those wanting to enable SD-Access for wireless. We have yet to try SD-Access.
- Enterprise Fabric
Identity PSK allows you to configure a unique pre-shared key for devices to join a PSK network. Think about devices that are unable to join 802.1X networks but you don’t want to share one key across all devices. This is useful for IoT devices.
- Provide devices with unique pre-shared keys to join a WPA-PSK network.
Look out for future updates on the features we’ve listed above. We will be testing the features out and sharing our experiences. Version 188.8.131.52 is the TAC recommended AireOS build for those needing 8.5 features.