cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1883
Views
0
Helpful
9
Replies

Disable SSLv3 on WLC 5508

keithsauer507
Level 5
Level 5

Hello, am I understanding correctly that to disable SSLv3 (and mitigate POODLE) on a Cisco 5508 WLC, the command to issue in SSH under the config prefix would be switchconfig fips-prerequisite enable  ?

If I enter this command does the WLC and associated LAPs reboot?  I just want to know if this is something I can do during the day or not.

1 Accepted Solution

Accepted Solutions

I would go with v7.4.140.0 which is MR4 than enabling FIPS:). Entitlement and licensing is a pain and probably always be:)  if you have SmartNet, you should be able to open a TAC case and maybe they can provide you with the file.  

-Scott

-Scott
*** Please rate helpful posts ***

View solution in original post

9 Replies 9

Scott Fella
Hall of Fame
Hall of Fame

Any command that is ran on the CLI will warn you if the AP's will reboot or of the WLC needs to be rebooted.  Enabling FIPS you need to be careful. You should read documents in regards to enabling FIPS because you would not be able to backup and restore configurations, etc.

-Scott

-Scott
*** Please rate helpful posts ***

I am not sure of any other way to disable SSLv3 on the WLC.

Have you taken a look at the fixed code versions:

CSCur27551

-Scott

-Scott
*** Please rate helpful posts ***

 We are on 7.4.121.0.  I see the newest version of 7.4 is 7.4.140.0.  I don't see that specifically in your screen shot, though it is higher than 7.4.130 listed in there.

I am reading the release notes for 7.4.140.0 and will plan on trying the upgrade during a maintenance window.  Right now the site isn't letting me download it, so I clicked the link and sent all the information to Cisco.  Who knows how long it will take me to get entitlements.  I was the one who downloaded and installed 7.4.120.0, so I'm not sure how I lost the entitlement to download WLC images even though we renew smartnet every year.  

I would go with v7.4.140.0 which is MR4 than enabling FIPS:). Entitlement and licensing is a pain and probably always be:)  if you have SmartNet, you should be able to open a TAC case and maybe they can provide you with the file.  

-Scott

-Scott
*** Please rate helpful posts ***

I can agree with that.  Tomorrow afternoon would be a good oppurtunity for me to install this so I hope I can get the file in time. I  think I will open a TAC case for the file, thank you for suggesting that.  When  you encounter the brick wall message that does not allow you to download a file, they offer an email address to send information to, which I did, but who knows how long that will take.

Thank you for your assistance.

Yeah that can take forever. I remember my customers asking for entitlement and Cisco told them that the vendors whom sold the equipment or SmartNet can add CCO accounts to that device. Again, that might take a long time also. 

-Scott

-Scott
*** Please rate helpful posts ***

Wow they granted access pretty quickly.  I have the file, will schedule an install tomorrow afternoon.

Thanks for your guidance Scott.  

That's good news!  Look at uploading the FUS 1.9.0.0 also. This however takes around 35-45 minutes to complete. You will have two reboots, one for the code and the other for the FUS. 

-Scott

-Scott
*** Please rate helpful posts ***
Review Cisco Networking for a $25 gift card