Cisco WLC Code Release 126.96.36.199 New Features
Update – Cisco pulled the 188.8.131.52 release notes and has published version 184.108.40.206 as of Feb. 6, 2012. This article has been updated to reflect version 220.127.116.11.
Cisco Systems just announced the release of code version 18.104.22.168 for wireless LAN controllers and lightweight access points. This is the first release since 22.214.171.124 released in Oct. 2011 to include new features, but that version added few enhancements. The last major release to include a significant amount of new capabilities was version 126.96.36.199 back in April 2011.
Version 188.8.131.52 brings a large amount of new features, many of which could be of significant value to customers. Some of the more significant enhancements include the following:
- WiSM2 Controller Scaling
The WiSM2 controller now supports more APs (1k up from 500), more clients (15k up from 10k), and increased throughput (20Gbps up from 10Gbps) than previous. This will allow customers with very large deployments to scale to larger size within the same hardware footprint. Additionally, more APs and clients can be supported within a 6500 switch chassis as well.
- Flex 7500 Controller Scaling
The centralized Flex 7500 controller now supports more APs (3k up from 2k), more clients (30k up from 20k), more Flex Groups (1k up from 500), increases throughput (1Gbps up from 250Mbps), adds support for Office Extend APs (OEAPs) which previously did not exist, and now supports DTLS data tunnel encryption with OEAPs. The scalability in this platform is critical because it is targeted for data center deployment in highly distributed environments to manage hundreds of remote sites. Typically each remote site is configured as a distinct Flex Group (previously called H-REAP Group) which allows coordination among the APs within a single site for local client authentication, client key caching, and fast roaming. Customers deploying the centralized Flex 7500 platform will welcome these scalability improvements to reduce hardware footprint.
- IPv6 Dual-Stack Client Support
Delivering support for IPv6 is becoming increasingly important for customers as Wi-Fi network utilization increases with mobile device adoption and proliferation as the primary access network for users. IPv6 was previously only bridged across the wireless controller infrastructure, and prevented the use of many features available with IPv4 clients, such as H-REAP local switching, client anchoring on another controller, dynamic VLAN assignment, web authentication (captive portal), DHCP proxy and ARP proxy for intelligent broadcast and multicast filtering to improve RF network performance, and also resulted in some sub-optimal a-symmetric traffic routing when clients roamed between controllers (Layer 3 roaming) which could cause issues with firewall state tables.This release incorporates support for symmetric traffic routing between controllers when performing Layer 3 roaming, IPv6 security features such as RA Guard against rogue router advertisements, source guard to prevent IPv6 address spoofing, DHCPv6 server guard against rogue servers, and IPv6 access control lists. It also adds complete visibility into client IPv6 addressing in the NCS management platform for better support and troubleshooting.
- FlexConnect / H-REAP Enhancements
I’ve written previously about some of the limitation of the H-REAP deployment mode. Cisco continues making strides in this area, no doubt because they see the growing need to distribute data forwarding and control-plane intelligence back out to the AP edge with looming Gigabit Wi-Fi standards and high availability requirements becoming more critical in customer Wi-Fi networks. This release brings about the final nail in the coffin of the term “H-REAP”. Good riddance, who could explain that hideous acronym to managers?! All brandingof this feature set is now referenced as “FlexConnect”.One major FlexConnect enhancement is the ability to perform efficient AP upgrades, typically across high-latency and low-bandwidth WAN links. One access point at a remote site will act as a master AP and download a new code image from the central site controller, then distribute it to all the other APs of the same model at the remote site. This should ease traffic utilization and congestion across the WAN and decrease the time required to upgrade remote sites.A few other enhancements include security features that allow dynamic VLAN assignment to clients that have data traffic dropped off locally at the AP rather than tunneled back to the controller, access control list support, and peer-to-peer client blockingwhich is an option to prevent clients on the same WLAN from communicating with one another (especially useful in highly secure environments or guest networks).Lastly, fast roaming has been improved with FlexConnect which removes WAN link latency dependencies between the controller and remote APs. This is because mobility handoffs and key caching previously required communication with the centralized controller across the WAN and could impact the ability to perform fast handoffs between APs. Now the mobility handoff and key caching exchange is handled directly between FlexConnect access points within the same Flex Group without needing to involve the controller.
- Wi-Fi Direct Client Management
The Wi-Fi Alliance certified Wi-Fi Direct in late 2010, which allows direct client to client communication without traversing an AP or network infrastructure. This can pose security risks in enterprise environments and the certification standard allows network infrastructure administrators visibility and control of Wi-Fi Direct clients in their environment. This feature provides Cisco wireless network administrators control to allow or block Wi-Fi Direct clients from joining a WLAN. As Wi-Fi Direct capable clients expand, this feature will be critical for enterprises to monitor and control the use of this new protocol within their networks.
- Hotspot 2.0 Support
The new Wi-Fi Certified Hotspot program promises to provide a cellular-like user experience by streamlining Wi-Fi network discovery, selection, and access by clients. This requires service advertisement and roaming provider integration by Wi-Fi infrastructure vendors and network operators. This code release supports the standardized components specified by the IEEE in the 802.11u amendment, and provides the foundation for interoperability certification under the forthcoming Wi-Fi Certified Passpoint program by the Wi-Fi Alliance.
- Granular RF Controls
Previously, many RF controls within the Cisco Unified Wireless Network were global settings that applied to all virtual WLANs and clients. This release provides more granular capability to configure data rates and power settings groups of APs rather than globally. This feature is beneficial for networks where a single controller (or group of controllers) manages disparate environments that require different settings. This is actually quite common with customer environments that need to support some high density areas as well as lower density common use areas. Design and configuration for high density wireless LANs is quite different from an RF perspective, where capacity and minimizing interference become critical to network performance and user satisfaction. The capability to provide different RF controls for areas within the same network should be of benefit to many customers and eliminates the need to acquire separate hardware.
Overall, these enhancements are all worth merit and should be welcomed by customers. Additional features are also provided in this code release which can be found in the release notes.
In addition, the industry gathered to talk about Gigabit Wi-Fi, mobile device proliferation, and Hotspot 2.0 topics at the recent Wi-Fi Mobility Symposium organized by Gestalt IT and Tech Field Day. To learn more about these topics visit the Tech Field Day website and watch all the archived videos!