Solved: 2504 WLC DTLS License

Peter Cresswell · ‎02-16-2012

Hi,

Does anyone know how to view if a WLC has a DTLS licence installed?

"show license all" doesn't appear to show anything related to DTLS, perhaps that's because it's not on there...

Thanks,

Peter

Scott Fella · ‎02-16-2012

WPlus License Features Included in Base License

All features included in a Wireless LAN Controller WPlus license are now included in the base license; this change is introduced in release 7.0.230.0. There are no changes to WCS BASE and PLUS licensing.

These WPlus license features are included in the base license:

•Office Extend AP

•Enterprise Mesh

•CAPWAP Data Encryption

The licensing change can affect features on your wireless LAN when you upgrade or downgrade software releases, so you should be aware of these guidelines:

•If you have a WPlus license and you upgrade from 6.0.18x to 7.0.230.0, your license file contains both Basic and WPlus license features. You will not see any disruption in feature availability and operation.

•If you have a WPlus license and you downgrade from 7.0.230.0 to 6.0.196.0, 6.0.188 or 6.0.182, the license file in 7.0.220.0 contains both Basic and WPlus license features, so you will not see any disruption in feature availability and operation.

•If you have a base license and you downgrade from 7.0.230.0. 7.0.220.0, 6.0.196.0, 6.0.188.0 or 6.0.182.0, you lose all WPlus features.

Note Some references to the Wireless LAN Controller WPlus licenses remain in WCS and in the controller CLI and GUI in release 7.0.230.0. However, WLC WPlus license features have been included in the Base license, so you can ignore those references.

-Scott
*** Please rate helpful posts ***

View solution in original post

Justin Kurynny · ‎02-27-2012

All,

I was having the same issue tonight. No matter what code version I put the 2504 on, my OEAP (602i in my case) would not join (and stay joined to) the controller, and it was complaining about no DTLS data encryption.

I am running 7.0.230.0. I found that a DTLS license must be installed, regardless of build type (mine is DATA + WPS). If the controller did not ship with a DTLS license installed, one must be uploaded to the controller. You do not need to special order a PAK for this, nor do you need a valid PAK to make this work. This is a downloadable, zero-cost, permanent license. Just plug in your product ID, wlc serial number (Controller --> Inventory), click submit and your license will be available as a download and emailed to you.

Here is what I did to fix my issue (quoted from data sheet, linked below):

To obtain/download a Data DTLS License:

Step 1. Browse to http://cisco.com/go/license

Step 2. On the Product License Registration page, choose Licenses Not Requiring a PAK.

Step 3. Choose Cisco Wireless Controllers DTLS License under Wireless.

Step 4. Complete the remaining steps to generate the license file. The license will be provided online or via email.

Step 5. Copy the license file to your TFTP server.

Step 6. Install the license by browsing to the WLC Web Administration Page:

Management --> Software Activation --> Commands --> Action: Install License

Reference: http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps11630/data_sheet_c78-645111.html

Sorry if this is a repeat of info, but I didn't find it anywhere else until I clicked through a half dozen other top google hits and finally managed to find these instructions, of all places, in the 2504 data sheet.

Justin

View solution in original post

Scott Fella · ‎02-16-2012

Well if you have the 7.0.220.0 and higher, the DTLS license will be installed. If you do a show sysinfo and you see LDPE, then you need to have a DTLS license to enable data encryption.

Build Type....................................... DATA + WPS + LDPE

-Scott
*** Please rate helpful posts ***

Peter Cresswell · ‎02-16-2012

Hi Scott,

I have:

Build Type....................................... DATA + WPS

This is a 2504 not a 5508. Does this mean that the DTLS license is not installed?

Thanks,

Peter

Scott Fella · ‎02-16-2012

No... that means you have the correct image on the WLC. If you can enable data encryption on the AP, then you have the DTLS license installed. Again... if you are running 7.0.220.0 or higher, you have the license installed since it is built into the image.

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎02-16-2012

Here is a WLC that had the LDPE image installed and I had to install a DTLS license:

Manufacturer's Name.............................. Cisco Systems Inc.

Product Name..................................... Cisco Controller

Product Version.................................. 7.0.230.0

Bootloader Version............................... 1.0.1

Field Recovery Image Version..................... 6.0.182.0

Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27

Build Type....................................... DATA + WPS + LDPE

show license all

License Store: Primary License Storage

StoreIndex: 0 Feature: base Version: 1.0

License Type: Permanent

License State: Active, In Use

License Count: Non-Counted

License Priority: Medium

StoreIndex: 1 Feature: base-ap-count Version: 1.0

License Type: Permanent

License State: Active, In Use

License Count: 100/100/0

License Priority: Medium

StoreIndex: 2 Feature: data_encryption Version: 1.0

License Type: Permanent

License State: Active, In Use

License Count: Non-Counted

License Priority: Medium

License Store: Evaluation License Storage

StoreIndex: 0 Feature: base Version: 1.0

License Type: Evaluation

License State: Inactive

Evaluation total period: 8 weeks 4 days

Evaluation period left: 8 weeks 4 days

License Count: Non-Counted

License Priority: None

StoreIndex: 1 Feature: base-ap-count Version: 1.0

License Type: Evaluation

License State: Inactive

Evaluation total period: 8 weeks 4 days

Evaluation period left: 8 weeks 4 days

License Count: 500/0/0

License Priority: None

Here is a WLC that didn't have the LDPE image whcih you want:)

show sysinfo

Manufacturer's Name.............................. Cisco Systems Inc.

Product Name..................................... Cisco Controller

Product Version.................................. 7.0.230.0

Bootloader Version............................... 1.0.1

Field Recovery Image Version..................... 6.0.182.0

Firmware Version................................. FPGA 1.3, Env 1.6, USB console 1.27

Build Type....................................... DATA + WPS

show license all

License Store: Primary License Storage

StoreIndex: 0 Feature: base Version: 1.0

License Type: Permanent

License State: Active, In Use

License Count: Non-Counted

License Priority: Medium

StoreIndex: 1 Feature: base-ap-count Version: 1.0

License Type: Permanent

License State: Active, In Use

License Count: 500/500/0

License Priority: Medium

License Store: Evaluation License Storage

StoreIndex: 0 Feature: base Version: 1.0

License Type: Evaluation

License State: Inactive

Evaluation total period: 8 weeks 4 days

Evaluation period left: 8 weeks 4 days

License Count: Non-Counted

License Priority: None

StoreIndex: 1 Feature: base-ap-count Version: 1.0

License Type: Evaluation

License State: Inactive

Evaluation total period: 8 weeks 4 days

Evaluation period left: 8 weeks 4 days

License Count: 500/0/0

License Priority: None

-Scott
*** Please rate helpful posts ***

Peter Cresswell · ‎02-16-2012

Thank Scott, but I'm still unclear on how I can confirm that the license is definately installed becuase; they can be ordered without the license, and the configuration guide says that you need to have the license.

I'm running 7.0.230.0.

From the configuration guide:

The Availability of data DTLS for the 7.0.116.0 release is as follows:

2500, WiSM2, WLC2—These platforms by default will not contain DTLS. To turn on data DTLS, you must install a license. These platforms will have a single image with data DTLS turned off. To use data DTLS you will need to have a license.

When ordering the 2504 you can choose to include the DTLS license or not. What I'm trying to find out is if the DTLS license is installed or not. It shoudl be on there, but I'm struggling to find a way to confirm this.

OEAP600 registrations are currently failing with the error CAPWAP State: DTLS Teardown, so I'm wondering if the license may be the cause of this problem...

Peter

Scott Fella · ‎02-16-2012

Since you are running 7.0.230.0, you don't have to worry about having to install a DTLS license.... your WLC doesn't need it anymore and you will not see a license unless you install a license file. I have a 2504 and have used OfficeExtend for testing. As ling as you can enable data encryption, you don't need a licence. If you can't enable data encryption you will need a license.

-Scott
*** Please rate helpful posts ***

Scott Fella · ‎02-16-2012

WPlus License Features Included in Base License

All features included in a Wireless LAN Controller WPlus license are now included in the base license; this change is introduced in release 7.0.230.0. There are no changes to WCS BASE and PLUS licensing.

These WPlus license features are included in the base license:

•Office Extend AP

•Enterprise Mesh

•CAPWAP Data Encryption

The licensing change can affect features on your wireless LAN when you upgrade or downgrade software releases, so you should be aware of these guidelines:

•If you have a WPlus license and you upgrade from 6.0.18x to 7.0.230.0, your license file contains both Basic and WPlus license features. You will not see any disruption in feature availability and operation.

•If you have a WPlus license and you downgrade from 7.0.230.0 to 6.0.196.0, 6.0.188 or 6.0.182, the license file in 7.0.220.0 contains both Basic and WPlus license features, so you will not see any disruption in feature availability and operation.

•If you have a base license and you downgrade from 7.0.230.0. 7.0.220.0, 6.0.196.0, 6.0.188.0 or 6.0.182.0, you lose all WPlus features.

Note Some references to the Wireless LAN Controller WPlus licenses remain in WCS and in the controller CLI and GUI in release 7.0.230.0. However, WLC WPlus license features have been included in the Base license, so you can ignore those references.

-Scott
*** Please rate helpful posts ***

Peter Cresswell · ‎02-16-2012

Great - thanks very much Scott, the cause of my problem must lie elsewhere.Regards,Peter

Scott Fella · ‎02-16-2012

You could take one of those OfficeExtend ap's and connect that locally to your network and then on the wlc do a show dtls summary and it will show you the ap's that are configured for dtls.

-Scott
*** Please rate helpful posts ***

Justin Kurynny · ‎02-27-2012

All,

I was having the same issue tonight. No matter what code version I put the 2504 on, my OEAP (602i in my case) would not join (and stay joined to) the controller, and it was complaining about no DTLS data encryption.

I am running 7.0.230.0. I found that a DTLS license must be installed, regardless of build type (mine is DATA + WPS). If the controller did not ship with a DTLS license installed, one must be uploaded to the controller. You do not need to special order a PAK for this, nor do you need a valid PAK to make this work. This is a downloadable, zero-cost, permanent license. Just plug in your product ID, wlc serial number (Controller --> Inventory), click submit and your license will be available as a download and emailed to you.

Here is what I did to fix my issue (quoted from data sheet, linked below):

To obtain/download a Data DTLS License:

Step 1. Browse to http://cisco.com/go/license

Step 2. On the Product License Registration page, choose Licenses Not Requiring a PAK.

Step 3. Choose Cisco Wireless Controllers DTLS License under Wireless.

Step 4. Complete the remaining steps to generate the license file. The license will be provided online or via email.

Step 5. Copy the license file to your TFTP server.

Step 6. Install the license by browsing to the WLC Web Administration Page:

Management --> Software Activation --> Commands --> Action: Install License

Reference: http://www.cisco.com/en/US/prod/collateral/wireless/ps6302/ps8322/ps11630/data_sheet_c78-645111.html

Sorry if this is a repeat of info, but I didn't find it anywhere else until I clicked through a half dozen other top google hits and finally managed to find these instructions, of all places, in the 2504 data sheet.

Justin

Vinay Sharma · ‎03-31-2012

Hello,

For More information on OEAP-600, please watch the "Community Tech-Talk Series" Cisco Office Extend Access Point OEAP-600

https://supportforums.cisco.com/community/netpro/wireless-mobility/begin-wireless/blog/2012/02/24/cisco-office-extend-access-point-oeap-600

Thanks,

Vinay Sharma

Community Manager - Wireless

Thanks & Regards

m.junghage · ‎08-20-2012

I too had the same problem. We were a bit confused about the statement that since sw release 7.0.230 this should be included. Your post shortened our troubleshooting quite a bit

Best regards

Markus

thefranmanatt · ‎09-14-2013

It is dated now. it is under get new license --->"Request Crypto, IPS and Other Licenses "

CCNP - Wireless
CWNA and CWAP

CCNP - Wireless
CWNE #136

George Stefanick · ‎09-14-2013

Good follow up Kevin .. Thanks for going out of your way and posting this .. +5

__________________________________________________________________________________________
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
__________________________________________________________________________________________
‎"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."

"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
___________________________________________________________