cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
986
Views
4
Helpful
8
Replies

7.2.110.0 - caveat emptor

renoufi
Beginner
Beginner

After recently upgrading to 7.2.110.0 and WCS to NCS 1.0 my advice would be.....don't do it.

I am only posting this here so that others who may be experiencing pain from this upgrade or are contemplating the upgrade are aware of some of the pitfalls.

I had to upgrade a customer site due to 3600i APs not being supported by older 7.0.116.0 firmware.

The release notes for the MSE upgrade are vague and, in places, wrong. As a result the clients MSE upgrade failed at the first attempt with no explanation as to why.  TAC could only recommend trying again. The second attempt succeeded but now the MSE won't start its 1Gb interfaces unless they are tied to 100 Mb. That case is still open.

Guest access using 5508 anchor controllers failed completely at my site with 7.2.110.0. I have just back rev'ed to 7.0.116.0 in order to get guest access going again. After several days of head scratching I logged it with Cisco. It took TAC 2 days to figure that one out.

NCS 1.0 seems to have a bug in the lobby ambassador, giving completely different pages depending on whether you open with IE or Firefox. Haven't fully diagnosed that one or logged it with TAC yet.

I also managed to break the entire wirelss network when the new 3600s were brought into NCS. It was proabably a mistake on my part, but it seemed the addition of the new APs removed the VLAN information from my existing APs, specifically Native VLAN and Locally Switched VLAN configuration.

8 Replies 8

Scott Fella
Hall of Fame Guru Hall of Fame Guru
Hall of Fame Guru

        

Thats too bad that it went the way it did.  As a consultant, I have had to do many of these upgrades and you kind of figure out what works and what doesn't.  The upgrade to 7.2, has been an issue when the FUS image is not installed.  There use to be a FUS image that you need to sit on the console and hit 'Y' at each prompt and that takes around 30 minutes to complete.  The new FUS 1.7.0.0 is automated so all you need to do is upload the code and reboot.  This also take around 30 minutes.

As far as NCS, I think you need to use Chrome.  All the other browsers just don't work right and if you upgrade to PI 1.2, then you really need to use Chrome.

MSE is a funny one and the initial script you run, is not so great.  I write the mac address and gateway to the ifcfg-eth0, because depending on what port is discoved first, that is eth0.  So manually adding the mac address to the ifcfg-eth0, this will never change.

 

Enter the following commands after you complete the startup wizard

/etc/init.d/network restart

echo GATEWAY=10.7.6.1 >> /etc/sysconfig/network-scripts/ifcfg-eth0

echo HWADDR=00:1E:67:15:B8:59 >> /etc/sysconfig/network-scripts/ifcfg-eth0

ifconfig eth0

Verify the configuration for eth0

Check system status

start|stop|restart|reload|status

/etc/init.d/msed status

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Thanks for the update Scott. I'll try the MSE trick and see what happens.

Just remember, you can also add additional fields if you want.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

renoufi
Beginner
Beginner

More info on controller revisions.

As per the TAC suggestion, I upgraded the 5508 anchor controllers to 7.3.101.0.  Unfortunately the 7.3.101.0 image has the same symptoms as 7.2.110.0. Guest Access fails.

I tried 7.0.235.3 which works successfully. So at this stage it appears either 7.0.116.0 or 7.0.235.3 can be used on the anchor.

Interesting. I have had no issues with 7.2.110.0 and 7.3.101.0 and anchoring.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

That is interesting. Possibly something perculiar about this particular customer site? I'd be interested to know the following:

i. Is your anchor in a DMZ behind a firewall? (My client has this configuration)

ii. Are you using the default 1.1.1.1 address for the virtual interface? (My client uses a 10.x.x..x address) Cisco were keen to blame this and DNS but the results of testing seemed to indicate a different problem and/or bug

Scott Fella
Hall of Fame Guru Hall of Fame Guru
Hall of Fame Guru

My installs had a dmz wlc and I always use a 172.x.x.x or some private address that is not used on my clients network. I never use 1.1.1.1 for many many years now. I did when the 2006 were out. My anchor wlc would have a different mobility group name but that's about it.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

renoufi
Beginner
Beginner

After only six months of head scrathing by Cisco, it seems a bug has emerged.

Bug CSCuc69522 relates to the anchor controller issue. Cisco are providing an engineering release and apparently it's fixed in v8.0 (not available yet)

Since I first posted about 7.2.110, we have also tried to use 7.3 and 7.4 at another customer site with the corresponding MSE/NCS/ISE and EAP-TLS.

The list of problems encountered in quite mind boggling. We even came across this obscure bug that had only been seen in 5 cases worldwide and we were the only site that manged to get a dump of the issue. CSCud00831/CSCud77446

The MSE solution proposed by Scott was also (evenetually) proposed by TAC. It fixed the MSE NIC boot problem but now the MSE has died again (responds to icmp but nothing else). Another trip to the data centre required to diagnose it further.....

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers