11-27-2015 10:10 AM - edited 07-05-2021 04:19 AM
Hello, am I understanding correctly that to disable SSLv3 (and mitigate POODLE) on a Cisco 5508 WLC, the command to issue in SSH under the config prefix would be switchconfig fips-prerequisite enable ?
If I enter this command does the WLC and associated LAPs reboot? I just want to know if this is something I can do during the day or not.
Solved! Go to Solution.
11-27-2015 12:42 PM
I would go with v7.4.140.0 which is MR4 than enabling FIPS:). Entitlement and licensing is a pain and probably always be:) if you have SmartNet, you should be able to open a TAC case and maybe they can provide you with the file.
-Scott
11-27-2015 10:22 AM
Any command that is ran on the CLI will warn you if the AP's will reboot or of the WLC needs to be rebooted. Enabling FIPS you need to be careful. You should read documents in regards to enabling FIPS because you would not be able to backup and restore configurations, etc.
-Scott
11-27-2015 11:40 AM
I am not sure of any other way to disable SSLv3 on the WLC.
11-27-2015 11:54 AM
11-27-2015 12:38 PM
We are on 7.4.121.0. I see the newest version of 7.4 is 7.4.140.0. I don't see that specifically in your screen shot, though it is higher than 7.4.130 listed in there.
I am reading the release notes for 7.4.140.0 and will plan on trying the upgrade during a maintenance window. Right now the site isn't letting me download it, so I clicked the link and sent all the information to Cisco. Who knows how long it will take me to get entitlements. I was the one who downloaded and installed 7.4.120.0, so I'm not sure how I lost the entitlement to download WLC images even though we renew smartnet every year.
11-27-2015 12:42 PM
I would go with v7.4.140.0 which is MR4 than enabling FIPS:). Entitlement and licensing is a pain and probably always be:) if you have SmartNet, you should be able to open a TAC case and maybe they can provide you with the file.
-Scott
11-27-2015 12:45 PM
I can agree with that. Tomorrow afternoon would be a good oppurtunity for me to install this so I hope I can get the file in time. I think I will open a TAC case for the file, thank you for suggesting that. When you encounter the brick wall message that does not allow you to download a file, they offer an email address to send information to, which I did, but who knows how long that will take.
Thank you for your assistance.
11-27-2015 12:48 PM
Yeah that can take forever. I remember my customers asking for entitlement and Cisco told them that the vendors whom sold the equipment or SmartNet can add CCO accounts to that device. Again, that might take a long time also.
-Scott
11-27-2015 12:59 PM
Wow they granted access pretty quickly. I have the file, will schedule an install tomorrow afternoon.
Thanks for your guidance Scott.
11-27-2015 01:02 PM
That's good news! Look at uploading the FUS 1.9.0.0 also. This however takes around 35-45 minutes to complete. You will have two reboots, one for the code and the other for the FUS.
-Scott
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: