7.4.131.x Available - 7.4MR4 Beta
April 29
Final build available (7.4.131.15), this is candidate content before release.
New open beta for future 7.4.140.0 (7.4MR4) release
To request access, please write to wnbu-mrbeta@external.cisco.com, include your CCO username on the email.
Download at 74MR4Beta forum in upload server
Support
For any new issue during this test, please write to wnbu-mrbeta@external.cisco.com, pre-existing problems would be directed through normal TAC support channels, the image is TAC supported until CCO release of final code
Image types
AS_5500* can be used for Wism2/2500/5500 controller types
AS_7500* can be used for 7500/8500
AS_CTVM can be used for vWLC
Issues fixed on this release
CSCuq86269 | DFS detection due to broadcom spurious emissions |
CSCun95178 | DOM CSS report on help page |
CSCus21276 | Kernel Panic on WiSM2/5508/2504 in 8.0 when using Webauth |
CSCus55004 | Kernel Panic with pre-auth ACL and external web-redirect |
CSCut31679 | Kernel panic -Unhandled kernel unaligned access |
CSCup84060 | Radio interface down with rcore on 1130 and 1240 Aps |
CSCuq42751 | WLC not sending all the Client attributes to PI |
CSCut45950 | MARCH 2015 OpenSSL Vulnerabilities |
CSCuq81885 | DHCP fails Flexconnect Local Switching MAC Filtering RADIUS VLAN assign |
CSCun82797 | RTP downstream marked w/ UP0 after 7925/8861 roaming |
CSCut65001 | 7500 HA crashed with task name emWeb |
CSCui82573 | Double AID allocation in OKC Fast Roaming in FlexConnect |
CSCus38268 | Memory Leak on WiSM2 due to SNMPTask on 7.4.121.0 |
CSCus42727 | JANUARY 2015 OpenSSL Vulnerabilities |
CSCus46861 | LIZRD attack : Denial of Service |
CSCur00288 | 8.0.100.0 client is shown with "ip address unknown" and "dhcp required" |
CSCur38682 | AP flexconnect - local switch/local auth sends deauth 802.1x on PSK wlan |
CSCup96353 | HA enabled Controller crash, Task: NFV9_Task |
CSCuq09859 | APs sending GARP and ARP requests aprox every 2 seconds. |
CSCuq19142 | LAP/WLC MIC lifetime expiration causes DTLS failure |
CSCuo44475 | AP info file has wrong ws_management_version value |
CSCuo70899 | traceback #APF-3-WLAN_OUT_OF_RANGE in HA 5500 standby controller |
CSCuj65131 | Jian Webauth failing POST reply after 9990-10k clients |
CSCul99510 | WGB client getting ip from different vlan |
CSCui65222 | Flex-connect: VLAN-ACL at AP level does NOT work after HA - 7500 HA pair |
CSCui65893 | Unable to apply wIPS Profile from PI 1.4.1 as profile size limit is 12K |
CSCud89130 | AP crashes while making SIP call after IPv6 collapse |
CSCui94634 | Flex AP disjoins after ACL push, CAPWAP processing hangs DTLS timeout |
CSCuo00381 | flexconnect group showing duplicate AP entry. |
CSCus69513 | wlc: Evaluation of glibc GHOST vulnerability - CVE-2015-0235 |
CSCud70102 | AP radio stays offchannel for >70 ms during RRM scan (fix broke ap1140) |
CSCum21112 | AP701E displays incorrect PoE status in WLC |
What’s New in This Release?
For old hardware, Cisco Lightweight Access Points and Cisco Wireless Controllers may fail to create CAPWAP/LWAPP connection due to certificate expiration. From this release, you may configure to allow AP with Manufactured Installed Certificates beyond their expiration date to associate with the WLC.
Solution
The AP lifetime-check parameter is enabled by default. After upgrading to the fixed software, we recommend that you disable the AP lifetime-check by entering this command:
(Controller) >config ap cert-expiry-ignore {mic | ssc} enable
With the config ap cert-expiry-ignore { mic | ssc } enable command in effect, the WLC ignores the expiration date on the APs' MICs and SSCs, allowing APs with certificates that are more than 10 years old to associate with the WLC. The AP lifetime-check must remain enabled as long as APs with expired MIC or SSC certificates are being managed by this WLC.
You can see the configuration state by entering this command:
(Controller)>show certificate summary
Web Administration Certificate................... 3rd Party
Web Authentication Certificate................... Locally Generated
Certificate compatibility mode:.................. off
Lifetime Check Ignore for MIC ................... Disable
Lifetime Check Ignore for SSC ................... Disable