After recently upgrading to 18.104.22.168 and WCS to NCS 1.0 my advice would be.....don't do it.
I am only posting this here so that others who may be experiencing pain from this upgrade or are contemplating the upgrade are aware of some of the pitfalls.
I had to upgrade a customer site due to 3600i APs not being supported by older 22.214.171.124 firmware.
The release notes for the MSE upgrade are vague and, in places, wrong. As a result the clients MSE upgrade failed at the first attempt with no explanation as to why. TAC could only recommend trying again. The second attempt succeeded but now the MSE won't start its 1Gb interfaces unless they are tied to 100 Mb. That case is still open.
Guest access using 5508 anchor controllers failed completely at my site with 126.96.36.199. I have just back rev'ed to 188.8.131.52 in order to get guest access going again. After several days of head scratching I logged it with Cisco. It took TAC 2 days to figure that one out.
NCS 1.0 seems to have a bug in the lobby ambassador, giving completely different pages depending on whether you open with IE or Firefox. Haven't fully diagnosed that one or logged it with TAC yet.
I also managed to break the entire wirelss network when the new 3600s were brought into NCS. It was proabably a mistake on my part, but it seemed the addition of the new APs removed the VLAN information from my existing APs, specifically Native VLAN and Locally Switched VLAN configuration.
Thats too bad that it went the way it did. As a consultant, I have had to do many of these upgrades and you kind of figure out what works and what doesn't. The upgrade to 7.2, has been an issue when the FUS image is not installed. There use to be a FUS image that you need to sit on the console and hit 'Y' at each prompt and that takes around 30 minutes to complete. The new FUS 184.108.40.206 is automated so all you need to do is upload the code and reboot. This also take around 30 minutes.
As far as NCS, I think you need to use Chrome. All the other browsers just don't work right and if you upgrade to PI 1.2, then you really need to use Chrome.
MSE is a funny one and the initial script you run, is not so great. I write the mac address and gateway to the ifcfg-eth0, because depending on what port is discoved first, that is eth0. So manually adding the mac address to the ifcfg-eth0, this will never change.
Enter the following commands after you complete the startup wizard
echo GATEWAY=10.7.6.1 >> /etc/sysconfig/network-scripts/ifcfg-eth0
echo HWADDR=00:1E:67:15:B8:59 >> /etc/sysconfig/network-scripts/ifcfg-eth0
Verify the configuration for eth0
Check system status
Help out other by using the rating system and marking answered questions as "Answered"
More info on controller revisions.
As per the TAC suggestion, I upgraded the 5508 anchor controllers to 220.127.116.11. Unfortunately the 18.104.22.168 image has the same symptoms as 22.214.171.124. Guest Access fails.
I tried 126.96.36.199 which works successfully. So at this stage it appears either 188.8.131.52 or 184.108.40.206 can be used on the anchor.
That is interesting. Possibly something perculiar about this particular customer site? I'd be interested to know the following:
i. Is your anchor in a DMZ behind a firewall? (My client has this configuration)
ii. Are you using the default 220.127.116.11 address for the virtual interface? (My client uses a 10.x.x..x address) Cisco were keen to blame this and DNS but the results of testing seemed to indicate a different problem and/or bug
My installs had a dmz wlc and I always use a 172.x.x.x or some private address that is not used on my clients network. I never use 18.104.22.168 for many many years now. I did when the 2006 were out. My anchor wlc would have a different mobility group name but that's about it.
Sent from Cisco Technical Support iPhone App
After only six months of head scrathing by Cisco, it seems a bug has emerged.
Bug CSCuc69522 relates to the anchor controller issue. Cisco are providing an engineering release and apparently it's fixed in v8.0 (not available yet)
Since I first posted about 7.2.110, we have also tried to use 7.3 and 7.4 at another customer site with the corresponding MSE/NCS/ISE and EAP-TLS.
The list of problems encountered in quite mind boggling. We even came across this obscure bug that had only been seen in 5 cases worldwide and we were the only site that manged to get a dump of the issue. CSCud00831/CSCud77446
The MSE solution proposed by Scott was also (evenetually) proposed by TAC. It fixed the MSE NIC boot problem but now the MSE has died again (responds to icmp but nothing else). Another trip to the data centre required to diagnose it further.....