release notes for mobility system software version 8.0.5 · pdf file28/01/2013 ·...

Copyright © 2015, Juniper Networks, Inc. 1

Release Notes for Mobility System Software Version 8.0.5.5

Juniper Networks recommends that you familiarize yourself with the Known Behaviors and Issues section in this document before installing Mobility System Software (MSS) Version 8.0. For additional product information, refer to the following manuals in addition to these release notes:

MSS Quick Start Guide Version 8.0

MSS Configuration Guide Version 8.0

MSS Command Reference Version 8.0

Feedback and Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2What’s New in MSS Version 8.0.5.5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Version Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Upgrading to MSS Version 8.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3Installing Upgrade Activation Keys on a WLC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5System Parameter Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8Known Behaviors and Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Changes to Default Behaviors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Issues Resolved Since MSS 8.0.5.5 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13Issues Resolved Since MSS 8.0.4.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Issues Resolved Since MSS 8.0.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Issues Resolved Since MSS 8.0.2.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Issues Resolved Since MSS 8.0.1.2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Errata in Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

Informational Note: The tracking numbers for issues open and resolved have changed to reflect the Juniper Networks Problem Report (PR) tracking system.


2 Product Name Changes Copyright © 2015, Juniper Networks, Inc.

Product Name Changes

Please note that the former Trapeze products now reflect the Juniper Networks product names. .

Feedback and Support

Juniper Networks encourages you to provide feedback about your experiences installing and using the product to the Juniper Networks Customer Assistance Center (TAC).

What’s New in MSS Version 8.0.5.5

CE Compliance

Declaration of Conformity with Regard to the ETSI EN 300 328 v1.8.1 Standard

This declaration is valid only for configurations supported or provided by Juniper Networks Systems for use within the EU. All Juniper WLA532-WW and WLA532E-WW equipment are now compliant with the ETSI EN 300 328 v1.8.1standard. The WLA devices are categorized as non-Frequency Hopping Spread Spectrum (FHSS) and Adaptive devices.

Specifically, this MSS release ensures that the WLAs are compliant with requirements such as Adaptivity and others detailed in Sections from 4.3.2.1 through 4.3.2.10 for non-FHSS devices in the mentioned ETSI EN 300 328 v1.8.1 standard.

Version Compatibility

RingMasterThis version of Mobility System Software (MSS) is intended for use with RingMaster Version 8.0 or higher only.

Minimum MSS Requirements for UpgradeTable 1 lists the minimum MSS version a WLC must be running when you upgrade to MSS Version 8.0. If your WLC is running an older MSS version, you can use the upgrade path to upgrade the WLC to 8.0.

Former Trapeze Name Current Juniper Product Name

MXR-2 WLC2

MX-8 WLC8

MX-200 WLC200

MX-800 WLC800R

MX-2800 WLC2800

MP-522 WLA522

MP-632 WLA632

Informational Note: It is strongly recommended that you follow the upgrade path to install new versions of MSS. In most cases, you cannot upgrade directly to this release from an MSS version earlier than 7.X as recommended in the table.

Table 1: Software Requirements for Upgrade to MSS Version 8.0

Product Minimum MSS Version Required Upgrade Path

WLC200 7.x 7.0.x.x->7.1.x.x -> 7.3.x.x > 7.5.x.x > 7.6.x.x>7.7.x>8.0




3 Version Compatibility Copyright © 2015, Juniper Networks, Inc.

Upgrading to MSS Version 8.0Before you upgrade, see “Version Compatibility” on page 2. After you verify that the WLC is running the last MSS version required before upgrading to MSS Version 8.0, return to this section.

Preparing the WLC for the Upgrade

WLC800R 7.3.x 7.3.xx> 7.5.xx>7.6.xx>7.7.x>8.0

WLC880R 7.5.xx 7.5.xx>7.6.xx>7.7.x>8.0

WLC2800R 7.0.3.6 7.0.x.x->7.1.x.x -> 7.3.x.x > 7.5.x.x > 7.6.x.x>7.7.x >8.0

Software Versions on the Juniper Support Site

When you go to the Software downloads page at http://www.juniper.net/support/products/mss/#sw to download new software versions, you should note that there are two different files for each WLC/MX platform. The software files labeled with the MX0XXXX.platform.zip are intended for the legacy platforms sold by Trapeze Networks. These controllers have the Trapeze logo and platform name on the front. The WLC0XXXXX.platform.zip software files are intended for the Juniper-branded platforms. These controllers display the Juniper logo and platform name on the front.

WARNING! The two file types are not interchangeable between Trapeze-branded and Juniper-branded platforms. You must install the WLC file version on Trapeze products, and the WLC file version on Juniper products.

Informational Note: This release of MSS software no longer supports older MXR-2, MX-8, and MX-8R WLAN controller platforms that were initially built with 32MB of flash. Newer models support 128MB or 256MB. The best method for determining if your controller can support MSS 8.0 is by checking the revision label on the unit:Models MX-8 and MX-8R controller - Revision "P" and above:Model MXR-2 controller - Revision "N" and aboveAll Juniper-branded equivalents will support MSS 8.0.The following MPs are no longer supported in this version of MSS:MP-71MP-371 (all related models)MP-372 (all related models)

Caution: To avoid conflicts with the Juniper internal VLAN numbering scheme, it is strongly advised to use VLAN IDs less then 3520 on WLCs that are upgrading to MSS Version 8.0. Failure to do so may result in lost configuration data.

Informational Note: MSS 8.0 includes changes to the storage location of system debug files. Debug information is now stored in persistent user-accessible storage for retrieval after a system restart.

Table 1: Software Requirements for Upgrade to MSS Version 8.0 (continued)

Product Minimum MSS Version Required Upgrade Path



You can use the following command to back up the configuration files:

backup system [tftp:/ip-addr/]filename [all | critical]To restore a WLC that is backed up, use the following command:

restore system [tftp:/ip-addr/]filename [all | critical]

“Upgrade Scenario” on page 5 shows an example of the backup command. For more information about these commands, see the “Backing Up and Restoring the System” section in the “Managing System Files” chapter of the Juniper Networks Mobility System Software User’s Guide.

Upgrading an Individual WLC by Using the CLI

1. Back up the WLC, using the backup system command.

2. Copy the new system image onto a TFTP server.

For example, log into http://www.juniper.net/support/downloads/ using a Web browser on your TFTP server and download the image onto the server.

3. Copy the new system image file from the TFTP server into a boot partition in the nonvolatile storage of the WLC. For example,

WLC800# copy tftp://10.1.1.107/MX080021.800 boot1:MX080021.800You can copy the image file only into the boot partition that was not used for the most recent restart. For example, if the currently running image was booted from partition 0, you can copy the new image only into partition 1.

4. Set the boot partition to the one with the upgrade image for the next restart.

Informational Note: Mobility Domains and Mixed Versions of MSSWhen deploying a mixed version Mobility Domain, VLAN tunnels between WLCs with MSS 7.1 and WLC800/WLC880s with MSS 8.0 are not supported.

Caution: Create a backup of your WLC files before you upgrade the WLC.Juniper Networks recommends that you save a backup configuration of the WLC, before you install the upgrade. If an error occurs during the upgrade, you can restore your WLC to a previous configuration.

Informational Note: When saving the backup file, MSS copies the file to a temporary location to compare it against an existing file for any errors that may have been introduced during the copying process. After verifying that the file is error-free, MSS deletes the file from the temporary location.

Informational Note: Virtual Controller Cluster Configuration Recommendation: It is recommended that you install the same version of MSS on all cluster members to have feature parity between the seeds and members. Additionally, it is recommended to use the same WLC models in a cluster configuration.

Caution: If you have made configuration changes but have not saved the changes, use the save config command to save the changes, before you backup the WLC.

https://www.juniper.net/lcrs/license.do



5. To verify that the new image file is installed, type show boot.

6. Reboot the software.

To restart a WLC and reboot the software, type the following command:

reset system When you restart the WLC, the WLC boots using the new MSS image. The WLC also sends the WLA version of the new boot image to WLAs and restarts the WLAs. After a WLA restarts, the version of the new WLA boot image is checked to make sure the version is newer than the version currently installed on the WLA. If the version is newer, the WLA completes installation of the new boot image by copying the boot image into the WLA flash memory, which takes about 30 seconds, then restarts again. The upgrade of the WLA is complete after the second restart.

Upgrade ScenarioTo upgrade a WLC800, use the following upgrade example.

WLC800# save configsuccess: configuration saved.WLC800# backup system tftp:/10.1.1.107/sysa_baksuccess: sent 28263 bytes in 0.324 seconds [ 87231 bytes/sec]WLC800# copy tftp://10.1.1.107/MX080021.800 boot1:MX080021.800........................................................................................................................................................................................................success: received 10266629 bytes in 92.427seconds [ 111078 bytes/sec]WLC800# set boot partition boot1success: Boot partition set to boot1:MX080021.800 (8.0.0.2).WLC800# show bootConfigured boot version: 8.0.0.2Configured boot image: boot1:MX077021.800Configured boot configuration: file:configurationBackup boot configuration: file:backup.cfgBooted version: 8.0.0.2Booted image: boot1:MX080021.800Booted configuration: file:configurationProduct model: WLCWLC800# reset system ...... rebooting ......

When saving the backup file, MSS copies the file to a temporary location to compare it against an existing file for any errors that may have been introduced during the copying process. After verifying that the file is error-free, MSS deletes the file from the temporary location.

Installing Upgrade Activation Keys on a WLCWLA licensing is supported on WLC platforms as shown in Table 2:

Informational Note: This example copies the image file into boot partition 1. On your WLC, copy the image file into the boot partition that was not used the last time the WLC was restarted. For example, if the WLC booted from boot partition 1, copy the new image into boot partition 0. To see boot partition information, type the show boot command.

Table 2: Licensing and Upgrade Increments for the WLC Models

WLC Model Base WLA Support Maximum WLA Support Upgrade Increment

WLC800R/880R 16 128/256 16 or 32

WLC200 32 192 32

WLC2800 64 512 64 or 128



Feature licensing is supported on WLC platforms as show in Table 3.

To upgrade a WLC license:1. Obtain a license coupon for the upgrade from Juniper Networks or your reseller.

2. Establish a management session with the WLC to display the serial number. To display the serial number, type the following command:

show versionIn the following example, the WLC serial number is 1234567890:

WLC800> show version

Mobility System Software, Version: 8.0.0.2 REL Copyright (c) 2002 - 2012 Juniper Networks, Inc. All rights reserved.

Build Information: (build#0) REL_8_0_0_branch 2012-03-02 14:21:00Model: WLC800R

Informational Note: If you downgrade to a previous version of MSS that does not support the higher capacity licenses, the number of allowed WLAs is reduced to comply with the older software limitations.

Table 3: WLC Feature Licensing Matrix

WLC Model Advance Voice ModuleHigh Availability Module Mesh/Bridging Module

Spectrum Analysis

(WLA522, WLA532, WLA321 and WLA322)

WLC2 Supported Supported Up to 4 WLAs (16 WLAs in Cluster mode)

Supported

WLC8 Supported Supported Up to 12 WLAs (48 in Cluster mode)

Supported

WLC200 Supported Supported Up to 192WLAs (768 in Cluster mode)

Supported

WLC800R Supported Supported Up to 128 WLAs (512 WLAs in Cluster mode)

Supported

WLC880R Supported Supported Up to 256 WLAs

(2048 in Cluster Mode)

Supported

WLC2800 Supported Supported Up to 512 WLAs(4096 in Cluster mode)

Supported

Informational Note: Spectrum analysis is supported on WLCs as follows:WLC2 and WLC8 - support one radio on simultaneous WLAs in spectral graphing mode.WLC200 - supports four radios on simultaneous WLAs in spectral graphing mode.WLC800R, WLC880R, and WLC2800 - support six radios on simultaneous WLAs in spectral graphing mode.

Informational Note: Spectrum Analysis licensing for cluster configuration is applied to the Primary Seed and propagated to the Secondary Seed. However in a Mobility Domain without a cluster configuration, Spectrum Analysis licensing is applied to any WLC with a WLA capable of running Spectrum Analysis.



Hardware Mainboard: version 24 ; revision 3 ; FPGA version 24 PoE board: version 1 ; FPGA version 6Serial number 1234567890Flash: 7.7.0.2.0.0.49 - md0aKernel: 3.0.0#112: Wed Aug 2 10:26:32 PDT 2009BootLoader: 8.0 / 7.7.1

3. Use a Web browser to access the Juniper Networks license server at the following URL:

https://www.juniper.net/lcrs/license.do

4. On the WLC, use the following command at the enable (configuration) level of the CLI to install the activation key:

set license activation-key

In the following example, an activation key for an additional 96 WLAs is installed on a WLC200:

WLC800# set license 3B02-D821-6C19-CE8B-F20Esuccess: license accepted

5. Verify installation of the new license by typing the following command:

WLC800# show licenses

Feature : 96 additional MPsSupport for the additional WLAs begins immediately. You do not need to restart the WLC to place the upgrade into effect.

http://www.trapezenetworks.com/support/generate_MX_license_key/

http://www.trapezenetworks.com/support/generate_MX_license_key/


8 System Parameter Support Copyright © 2015, Juniper Networks, Inc.

System Parameter Support

Table 4, Table 5, and Table 6 list the recommended or maximum supported values for major system parameters.

Table 4: Mobility System Parameters

Parameter Supported Value

WLC switches in a single Network Domain 500

WLC switches in a single Mobility Domain 64

Roaming VLANs per WLC WLC2800: 256 total (256 configured)

WLC800R/WLC880R: 256 total (128 configured)

WLC200: 256 total (128 configured)



VLANs per Mobility Domain 2048

WLAs per WLC WLC2800: 4096 configured, 512 active

WLC880R: 2048 configured, 256 activeWLC800R: 512 configured, 128 activeWLC200: 768 configured, 192 active

WLC8: 48 configured, 12 active

WLC2: 16 configured, 4 active

Includes directly attached WLAs and Distributed WLAs. Inactive configurations are backups.

Minimum link speed between WLCs in a Mobility Domain

128 Kbps

Minimum link speed between a WLC and WLA in a Mobility Domain

128 Kbps and 95ms round trip latency - this value is different if the WLAs are configured as remote WLAs.

Number of Service Profiles per WLC WLC2: 32

WLC8: 32

WLC200: 192

WLC800/WLC880: 128

WLC2800: 512

Number of Radio Profiles per WLC WLC2: 4

WLC8: 12

WLC200: 192

WLC800R/WLC880R: 128

WLC2800: 512



Table 5: Network Parameters


Forwarding database entries WLC2800: 32768

WLC800R/WLC880R: 32768

WLC200: 8192

WLC8: 8192

WLC2: 8192

Statically configured VLANs WLC2800: 512 configured

WLC800R/WLC880R: 256 configured

WLC200: 128 configured



Spanning trees (STP/PVST+ instances) 64

ACLs ACLs per WLC

170

ACEs per ACL:

WLC2800: 256

WLC800R/WLC880R: 256

WLC200: 256

WLC8: 25

WLC2: 25

Location Policies Location Policies per WLC:

All models: 1

The Location Policy can have up to 150 rules.

IGMP streams 500

Note: Replication of a stream on multiple VLANs counts as a separate stream on each VLAN.

Mesh Services and Bridging Mesh Depth — 3 Mesh Links (Portal<->Mesh WLA<->Mesh WLA)

Mesh Fan Out— 6 WLAs

Maximum Supported Mesh Nodes per Mesh Portal — 6

Bridge Links — 1:1:1



Table 6: Management Parameters


Maximum instances of RingMaster simultaneously managing a network

32

Telnet management sessions WLC2800: 8

WLC800R/WLC880R: 8

WLC200: 8

WLC8: 4

WLC2: 4

The maximum combined number of management sessions for Telnet and SSH together is 8 for the WLC200, or 4 for the WLC8 and WLC2, in any combination.

SSHv2 management sessions WLC2800: 8

WLC800R/WLC880R: 8

WLC200R: 8

WLC8: 4

WLC2: 4

Telnet client sessions (client for remote login) WLC2800: 8

WLC800R/WLC880R: 8

WLC200R: 8

WLC8: 4

WLC2: 4

NTP servers 3

SNMP trap receivers 8

Syslog servers 4

RADIUS and LDAP servers 40 configured on the WLC

10 in a server group

4 server groups in a AAA rule

A maximum of 40 servers in any combination of RADIUS and LDAP - for example, 30 RADIUS servers and 10 LDAP servers.

Table 7: Client and Session Parameters


Authenticated and associated clients per radio 100

Clients who are authenticated but not yet associated are included in the total.

Active clients per radio 50

Total number of active clients simultaneously sending or receiving data.

Copyright © 2015, Juniper Networks, Inc. Known Behaviors and Issues 11


Known Behaviors and Issues

The following issues are known behaviors and issues in this version of Mobility System Software.

ICMPv6 Router Advertisement ACL does not work on a WLC880 when mapped with the uplink port direction out. [PR800132]

Description — Configuring an IPv6 ICMP ACL on a WLC880 does not work as expected. The ACL should block router advertisements to the WLC880, but the advertisements are not blocked.

Workaround — N/A

Using the L2-Restrict feature with local switching and M2U enabled blocks multicast packets on the wireless network. [PR794378]

Description — Three clients are configured for local switching, L2-restrict, and multicast conversion. Clients 2 and 3 are multicast receivers, yet Client 3 does not received converted unicast traffic as expected.

Workaround — N/A

ACLs configured to block downstream multicast router advertisements do not work when applied to WLAs, Service Profiles, or Users. [PR787988]

Description — Multicast RA packets are not blocked when mapped in the "Out" direction, on Service Profile, User or WLAs.

Workaround — N/A

Configuring a client for WPA and TKIP-AES creates an unstable configuration on the WLC. [PR731872]

Description — Unicast re-keying does not work for WPA Clients when using an Intel 6300 wireless card and Windows 7. Unicast re-keying is disabled by default on WLCs.

Workaround — Use only WPA2 authentication for wireless clients or disable unicast rekeying on the WLC.

When you attempt to display the status of WLAs in a cluster configuration, the show ap status cluster command incorrectly displays the number of WLAs in the configuration. [PR729054]

Description — When you use the show ap status cluster command with more than 4000 WLAs on the network, the show command output does not show all of the WLAs.

Workaround — Using the show cluster ap command displays the correct number of WLAs in the cluster configuration.

When connected to the WLA532, the Intel 5100 Client may appear to send traffic over the network, but no data is actually sent. [PR702722]

Active AAA sessions ( or clients trying to establish active connections) per WLC

WLC2800: 12800

WLC800R: 3200

WLC880R: 6400

WLC200R: 4800

WLC8: 300

WLC2: 100

AAA users configured in local database WLC2800: 1000

WLC800R/WLC880R: 1000

WLC200R: 1000

WLC8: 250

WLC2: 250

Table 7: Client and Session Parameters (continued)



12 Known Behaviors and Issues Copyright © 2015, Juniper Networks, Inc.

Description — The Intel 5100 Client is a two stream capable client, but some older versions of the driver causes the client to display three stream connectivity information. This causes the WLA to send unicast traffic downstream to the client, but the client does not support this type of traffic.

Workaround — Upgrade the Intel 5100 client driver to version 14.2.0.10 which resolves this issue.

2.4 GHz video cameras are not detected by WLA522s. [PR670359]

Description — The Spectrum Analysis feature cannot detect 2.4 GHz video cameras as interference on the network.

Workaround — None at this time.

The status of a WLA does not display the correct status after running in spectrogram mode. [PR68335]

Description — After running a spectrogram and then stopping it, the status shown in the show ap status output does not update to reflect the return to sentry status. The AP is in sentry mode, but the status is displayed incorrectly.

Workaround — Access the CLI and change the radio to enabled mode, and then change to sentry mode.

If a WLA has vlan-tagging enabled, it does not boot in bridging mode. [PR61935]

Description — The static VLAN tag is not supported in mesh and bridging modes. It is not a valid configuration to enable both at the same time.

Workaround— None at this time.

The date and time format is not defined for the time-of-day attribute for a device profile. [PR900349]Description — When users are executing the command set device-profile nabil attr time-of-day the time format is not defined in the CLI. Therefore, users are unable to define a valid time format.

Workaround— None at this time.

Web portal authentication fail over from LDAP to local authentication method shows an incorrect authentication error page.[PR1068099]

Description: When you configure the authentication for Web such that if LDAP servers are not reachable, it should fail over to local authentication method and when a user is unable to authenticate using the LDAP, instead of failing over to local authentication, an error page is displayed showing the message There was an error processing your authentication request.

Workaround: None at this time.

Authentication for a Web portal do not fail over from local to LDAP authentication method leading to failed authorization.[PR1068107]

Description: Local Authentication for Web Portal do not failover to LDAP. Because of this, although successfully authenticated by LDAP, the authorization fails. The Web portal page displays the error Authorization failed for this account please contact Network administrator.


Rogue-list counters are not cleared and clients are connected to the BSSIDs that are categorized as rogue. [PR1068357]

Description: Rogue-list counters are not cleared even after you remove the MAC entries from rogue list and clients connect even after adding the BSSIDs to the rogue list by using the set rfdefect classification default-classification rogue command.


A radio profile name becomes case-sensitive only when you clear the service profile from the radio profile. [PR1068360]

Description: When clearing a service profile by using the command clear radio-profile <profile-name> service-profile, users are forced to enter a case-sensitive radio profile name.


Copyright © 2015, Juniper Networks, Inc. Changes to Default Behaviors 13


RADIUS server does not fail over. [PR1037834]

Description: Users are unable to authenticate because the RADIUS server is unable to failover to the secondary server.


WLAs take a longer time than normal to reboot. [PR1070474]

Description: When you upgrade or downgrade from MSS 8.0.5.4, the WLAs take a longer time than usual to reboot and become operational.


Clients do not fail over from Radio 1 to Radio 2. [PR1070508]

Description: When you disable a radio, the new radio does not advertize the clients and, therefore, the clients are unable to connect to the new radio.


CLients that use WLA432 with WPA2-dot1x authentication through RADIUS server are unable to establish active sessions. [PR1070826]

Description: In MSS 8.0.5.4 version, clients are unable to establish an active session on WLA432 when WPA2-dot1x authentication is enabled with RADIUS server as the authentication and accounting server. At times, sessions go to the authentication state and then terminate.


Changes to Default Behaviors

When WLAs use DHCP Discovery to locate WLCs on the network, the ability to use Option 12 and Option 77, in addition to Option 43, as part of the discovery process is now available.

In previous releases of MSS, the WebAAA Web Portal allowed a user to submit a valid username and an empty password. This has now changed to require that the user enter a non-zero length password to log onto the network. [PR802552]

Issues Resolved Since MSS 8.0.5.5

Unless WLAs receive timeout requests, they do not send out SIP packets; and only buffer these packets. As a result, SIP calls are not initiated. [PR 929968: This issue has been resolved.]

The WLAs crash after you upgrade MSS to version 8.0.3.17. [PR 960527: This issue has been resolved.]

Wireless clients are unable to connect to the SSIDs when some of the WLAs are rebooting and requesting timeout. [PR 966655: This issue has been resolved.]

Incorrect WLA status is displayed across the cluster. [PR 985498: This issue has been resolved.]

Controllers crash in netsys, but fail to create core files. [PR 990783: This issue has been resolved.]

The WLC sends a missing class-attribute to SBR, as a result authentication between account start packets and account stop packets does not occur and billing issues are observed. [PR978533: This issue has been resolved.]

WLAs that have the primary access manager connection to the primary seed reboot randomly after the scheduled restart of the primary seed. [PR 1005445: This issue has been resolved.]

In MSS 8.0.4.3, the error message ERROR CLI_CONFIG_ERR: cli_get_aaa_avpair_liststat_get_aaa_avpair_list result=2018 ((null)) spams the trace logs. [PR 1018023: This issue has been resolved.]

Between the Web portal timeout and the idle timeout period, clients that are connected to WLAs are disconnected and then reconnected. [PR 1026208: This issue has been resolved.]


14 Issues Resolved Since MSS 8.0.5.5 Copyright © 2015, Juniper Networks, Inc.

MX-800R/WLC800R controllers running MSS Release 8.0.4.3 reboot, creating a configuration core file. [PR 1029716: This issue has been resolved.]

WLAs reboot because of cluster instability. [PR 1035589: This issue has been resolved.]

Incorrect SNMP traps are sent by the controllers when a WLA moves from one controller to another in a cluster. [PR 1049163: This issue has been resolved.]

During Web authentication, if LDAP authentication fails, the LDAP server does not fail over, because of which the authentication does not occur locally. [PR 996933: This issue has been resolved.]

SNMP client data rate is incorrectly polled for 802.11n band clients. [PR 1032271: This issue has been resolved.]

Users are unable to disable Radio 1 of WLA322, because of which the WLA continues to be in Sentry mode forever. [PR 884424: This issue has been resolved.]

WLAs transmit packets from incorrect BSSIDs. [PR 979875: This issue has been resolved.]

When the WLA-WLA tunnel exceeds its threshold limit because of the increase in the number of clients, the existing tunnels end the session with the clients. [PR 981445: This issue has been resolved.]

If you configure the MAC addresses of WLAs as a neighbor list in primary seed, the WLC classifies these MAC addresses as rogue and the clients disassociate from the WLAs. [PR 982047: This issue has been resolved.]

The number of L2 MAC, or forwarding database (FDB) entries on the WLC2800 exceed the maximum limit of 32,000 entries because of delayed aging of the L2 MAC table. [PR 984122: This issue has been resolved.]

The TCP connection that is in outage mode must be cleared before WLCs can establish a TCP connection to a preferred network domain. [PR 988064: This issue has been resolved.]

The command sh accounting statistics does not display logs in sequence according to the timestamp they are received. [PR 989172: This issue has been resolved.]

WLAs are using channels outside the permitted scope that is the access control list defined for those WLAs. [PR1001720: This issue has been resolved.]

When you add new WLAs in a mobility domain, secondary seed becomes active even though the primary seed is active during mobility domain synchronization. Therefore, there are two active seed controllers in the network at the same time causing the WLAs to reboot. [PR 1035248: This issue has been resolved.]

When the local authentication for a Web portal fails, it does not failover to other authentication methods.[PR 1037839: This issue has been resolved.]

Spanning tree configurations are incorrectly applied to port groups. [PR 875122: This issue has been resolved.]

The output of the command show cluster ap in the primary seed shows the error message Operation timeout (-3). [PR 961791: This issue has been resolved.]

Security ACLs can be mapped to user names as filter IDs. When certain security ACLs are removed, the mappings still exist referring to the non-existent ACLs. Because of this, the clients disconnect and do not connect back unless the security ACLs that are mapped to the user names as filter IDs are cleared. [PR1012483: This issue has been resolved.]

Clients connected to SSIDs configured for bonded authentication are unable to authenticate with the SSIDs. [PR 1027326: This issue has been resolved.]

Help description for ssid-name is missing in the CLI; only the character string is shown. [PR 1030423: This issue has been resolved.]

The AAA profile name supports special characters such as #, $, &, ?, ", \, ', <, and >. [PR 1030690: This issue has been resolved.]

Channel auto-tuning accepts channels that are not part of channel settings displaying a channel abort warning.[PR 1038268: This issue has been resolved.]

Copyright © 2015, Juniper Networks, Inc. Issues Resolved Since MSS 8.0.4.3 15


Configuration changes in secondary seed are observed after it reboots. [PR 1030931: This issue has been resolved.]

The speed of the WLC880 fans is inconsistent and cannot be controlled. [PR 1052528: This issue has been resolved.]

Invalid characters are shown for the power type in the output of the command show lldp neighbors verbose. [PR875661: This issue has been resolved.]

After upgrading to MSS 8.0.4.3, the local switching WLAs do not broadcast multicast traffic. [PR1007398: This issue has been resolved.]


Client load-balancing and band-steering cause incompatibility issues. [PR 899976: This issue has been resolved.]

WLAs reboot when 802.1X is enabled at the switch port of EX Series switches. [PR 937263: This issue has been resolved.]

The WLA522 access point crashes on controllers running MSS Version 8.0.3.6. [PR 922956: This issue has been resolved.]

Access points crashes because the watchdog timeout. [PR923222: This issue has been resolved.]

Multiple MP-82 access point crash and reboot in a cluster because of an assert failure. [PR923707: This issue has been resolved.]

Lag in voice noticed in VoIP roaming clients.[PR954389: This issue has been resolved.]

The Web-portal login page does not display correctly after upgrading to MSS 8.0.3.17. [PR960940: This issue has been resolved.]

When Philips MX40 wireless monitors are associated to a WLA532, high number of packet retransmissions might occur causing a heavy load on the wireless network.[PR962795: This issue has been resolved.]

WLC tunnel establishment fails after upgrading to MSS 9.0.2 leading to interruption in the data flow. [PR964563: This issue has been resolved.]

Authorization failures occur unless VLANs share the same network domain. [PR968749: This issue has been resolved.]

Access points reboot when wireless nodes stop communicating with each other. [PR973557: This issue has been resolved.]

Issues Resolved Since MSS 8.0.3

Traffic becomes unstable after enabling per user bandwidth limit in the QoS profile on the wireless LAN controllers.

[PR852638: This issue has been resolved.]


Using the auto-tune power lockdown option did not lock the current channel transmit power settings. An error message was displayed indicating that the transmit power was invalid on channel 36. [PR883843: This issue has been resolved.]

A primary seed became unresponsive when configured in a Mobility Domain consisting of three WLC2800s. [PR883378: This issue has been resolved.]

A WLC880 stopped responding on the network. [PR882922: This issue has been resolved.]

Using the URL attribute for Web Portal configuration did not work properly. [PR873790: This issue has been resolved.]


16 Issues Resolved Since MSS 8.0.2.2 Copyright © 2015, Juniper Networks, Inc.

A primary access manager (PAM) became unresponsive after a client disconnected and used multiple IPv6 addresses. [PR876277: This issue has been resolved.]

When requesting sessions for a specific VLAN pool, sessions for all VLANs are displayed. [PR869550: This issue has been resolved.]

MP-372 was not receiving the correct packet length which cause the MP to become unresponsive. [PR857801: This issue has been resolved.]

When blacklist configuration changes were made, the primary seed in a cluster was unreachable for a period of time. [PR854887: This issue has been resolved.]

If the mesh feature was configured on an UNII2 and UNII2-extended band, the mesh WLA did not connect to the portal WLA. [PR850189: This issue has been resolved.]

HTTPS was causing error messages on input socket 14. [PR849588: This issue has been resolved.]

A WLC880R ceased responding on the network after upgrading to MSS 7.7.2.3. [PR847973: This issue has been resolved.]

Countermeasures was not activating properly and displayed no output when using the show rfdetect data command. [PR845430: This issue has been resolved.]

Clients could not consistently connect to the wireless network after upgrading to MSS 8.0.2.2. [PR840246: This issue has been resolved.]

Wired authentication did not work on the network. [PR839020: This issue has been resolved.]

High traffic load on the MP-82 caused the MP to stop sending network traffic. [PR834832: This issue has been resolved.]

The redirect page was not working correctly for the Web Portal feature. [PR828281: This issue has been resolved.]

Poor performance on the WLA322 was caused by configuring overlay mode with frame aggregation enabled.[PR827678: This issue has been resolved.]

Excessive retransmits were causing the four-way handshake authentication to fail on the wireless network. [PR824160: This issue has been resolved.]

If spectral analysis is configured on both radios of a WLA322, the performance of the WLA is severely impacted. [PR823075: This issue has been resolved.]

Station queued packets were not scheduled for transmission and caused connectivity issues on the network. [PR820422: This issue has been resolved.]

Using the show port transceiver command did not display information about the XFPs plugged into a port. [PR819956: This issue has been resolved.]

iPad devices were unable to connect on the wireless network. [PR816489: This issue has been resolved.]

Member WLCs in a cluster sync had to be rebooted to successfully rejoin and sync to the cluster. [PR813478: This issue has been resolved.]

The WLA MAC address was incorrectly displayed in the output of the show auto-tune neighbors command. [PR805324: This issue has been resolved.]

When auto-tune failed on the network, the SNMP trap trapAutoTuneFailureTraps was not sent. [PR792028: This issue has been resolved.]

When configuring a WLA-WW for a remote site and using a different country code, the configuration was rejected. [PR790516: This issue has been resolved.]

The device type and device profile were not identified when using uppercase letters for a MAC rule. [PR787993: This issue has been resolved.]

Copyright © 2015, Juniper Networks, Inc. Issues Resolved Since MSS 8.0.1.2 17


Auto-tune error messages were displayed after the cluster configuration is disabled or a Mobility Domain is deleted. [PR774557: This issue has been resolved.]

Multiple issues with the VLAN Pool commands were resolved. [PR737081: This issue has been resolved.]

The client VLAN name was not case-sensitive when a client connected locally, but the VLAN name was case-sensitive when using WLC-WLC tunnels. [PR736494: This issue has been resolved.]

Using an incorrect VLAN tag when removing VLAN port mapping cleared the mapping.[PR734104: This issue has been resolved.]

A wireless client could not access the network if AP-AP tunnel was enabled and WAN outage mode configured for one of the WLAs. [PR730928: This issue has been resolved.]

You could not add more than one VLAN to a VLAN pool in a single command. [PR729004: This issue has been resolved.]

Using the show config area service-profile all command displayed hidden commands. [PR719862: This issue has been resolved.]

A security ACL did not work properly if local switching was enabled. [PR718670: This issue has been resolved.]

No warning was issued if you set the mode to 11n required and attempted to use unsupported crypto types. [PR691808: This issue has been resolved.]

RADIUS VLAN CoA for locally switched Web portal session timed out when the VLAN was on the WLA but the WLC did not time out. [PR657157: This issue has been resolved.]


Daylight Savings Time settings were displayed incorrectly. [PR825593: This issue has been resolved.]

MSS 8.0 did not support MP-82 memory capability. [PR817598: This issue has been resolved.]

Wireless client could not redirect and log into the network due to tunnel limitations on the WLC. [PR813987: This issue has been resolved.]

A cluster configuration caused the WLCs to become unresponsive on the network. [PR812281: This issue has been resolved.]

An incorrect value for the RADIUS attribute Tunnel-Private-Group-ID caused bad processing on the WLC. [PR812272: This issue has been resolved.]

An erroneous calculation during the SNMP process caused the WLC to become unresponsive. [PR809268: This issue has been resolved.]

Enabling auto-tune on WLAs configured using the auto ap feature did not work. [PR807642: This issue has been resolved.]

Enabling RADIUS trace on the WLC caused it to become unresponsive.[PR804331: This issue has been resolved.]

A Web AAA client could log onto the network using LDAP and simple authentication.[PR801923: This issue has been resolved.]

If you had a large number of WLAs with location strings configured and you upgraded to MSS 8.0.1.2 (FRS), the configuration would not load. After upgrading to MSS Version 8.0.2.2 (MR1) and you need to downgrade to the previous version, a Service Release of MSS 8.0.1.2 (FRS) is available from JTAC that corrects this problem. [PR810036: This issue has been resolved.]

The CLI displayed configuration error messages when there no issues with the configuration. [PR799797: This issue has been resolved.]

CoA request was dropped if the last-resort user did not match. [PR795173: This issue has been resolved.]


18 Errata in Documentation Copyright © 2015, Juniper Networks, Inc.

WLAS would not boot if there were two entries in the DNS record resolving the domain name. [PR794134: This issue has been resolved.]

After rebooting and synchronizing the cluster configuration, the WLC became unresponsive on the network. [PR794815: This issue has been resolved.]

ARP error messages were incorrectly displayed on a WLC.[PR786894: This issue has been resolved.]

Bad error messages were generated in the forwarding port database. [PR778462: This issue has been resolved.]

Poor download performance was reported on WLA522 and WLA5332 running MSS 7.6 code. [PR752905: This issue has been resolved.]

Clients could not roam from mesh to mesh WLAs. [PR750687: This issue has been resolved.]

A RADIUS server was incorrectly reported as inactive on the network. [PR724279: This issue has been resolved.]

Cluster configuration was unstable due to IGMP scaling limitations. [PR705667: This issue has been resolved.]

No warning messages was displayed when the incorrect crypto types were configured for a 802.11n profile. [PR691808: This issue has been resolved.]

Identical WLA models using the same radio channel, and radio profile, displayed different tx-power limits when autotune was enabled. [PR691013: This issue has been resolved.]

If you have an ACL mapped on the user direction IN, clearing the ACL has no effect on the configuration. [PR683781: This issue has been resolved.]

The attribute VLAN is now required when configuring MAC and User groups. [PR670577: This issue has been resolved.]

The Web attribute was missing from the login type when configuring CoA for a AAA Profile. [PR656785: This issue has been resolved.]

Errata in Documentation

This section lists outstanding issues with the published documentation for MSS 8.0:

The following example applies to the rfping sessiod-id <apnum> verbose command.

MX-200-username# rfping session-id 2 verbose

RF-Link Test to 8d:65:5a:09:1f:89:

Session-Id: 2

Packets Sent Packets Rcvd RSSI SNR RTT (micro-secs)

------------ ------------ ------- ----- ----------------

20 20 -43 52 553

Index RSSI SNR RTT (micro-secs) Retries Rate (Mb/s)

----- ------------ ------- ---------------- ------- --------

1 -43 52 676 0 54.0

2 -44 51 57 0 54.0

3 -43 52 467 0 54.0

4 -43 52 457 0 54.0

5 -43 52 303 0 54.0

6 -44 51 419 0 54.0

7 -43 52 478 0 54.0

Copyright © 2015, Juniper Networks, Inc. Errata in Documentation 19


8 -42 53 416 0 54.0

9 -44 51 452 0 54.0

10 -44 51 338 0 54.0

11 -44 51 382 0 54.0

12 -43 52 267 0 54.0

13 -43 52 473 0 54.0

14 -44 51 418 0 54.0

15 -43 52 443 0 54.0

16 -43 52 453 0 54.0

17 -44 51 373 0 54.0

18 -44 51 348 0 54.0

19 -40 55 419 0 54.0

20 -39 56 3411 0 54.0

The command show auto-tune channel shows incorrect output in MSS 8.0 Command Reference Guide. The correct output is as shown below:

show auto-tune channel

Band: 11A

Channel Assignment Mode: Auto

Schedule Time: Everyday 22:10

Interference Threshold: -80dBm

Convergence Delay: 8 min

Current Time: Mon Jan 28 2013, 12:43

Last deployment: Completed on Sun Jan 27 2013,22:10(14 hours 32 min ago)

Channel Plan: ach_2013_01_27_0043_A.xml ( 1 days 11 hours 59 min ago)

Latest channel plan: ach_2013_01_27_0043_A.xml ( 1 days 11 hours 59 min

ago)

Convergence Stage: Completed on Sun Jan 27 2013, 00:42 (duration 8 min)

Calculation Stage: Completed on Sun Jan 27 2013, 00:43 (duration 48 sec)

Next channel plan: ...pending...

Next deployment: Scheduled on Mon Jan 28 2013, 22:10 (in 9 hrs 27 min)

The Configuration Guide for MSS 9.0 does not mention the following equations, which are used to calculate the aging timeout period:

The aging timeout is calculated based on the following equations:

Aging time (t) = T + dt -------------------------------->(1)

Aging timeout period (T1) = MT + t---------------->(2)

Where,

T is the aging timer value configured

t, the aging time, is the time needed by the new MAC entry to age out


20 Errata in Documentation Copyright © 2015, Juniper Networks, Inc.

dt is the difference between the aging timer value configured (T) and the time after which a new MAC entry is learned

T1, the aging timeout period, is the total time taken by the new MAC entry to age out

MT is the time after which a new MAC entry is learned

For example, if you configure the aging timer as 5 minutes and add a new MAC entry after fourth minute, according to equations (1) and (2),

The aging time (t) = 5 + (5 - 4) = 6 minutes

The aging timeout period (T1) = 4 + 6 = 10 minutes

The MSS 8.0 Configuration Guide incorrectly includes the show mobility-domain config command to display the mobility status. This command is deprecated from MSS 7.0 release onwards.

release notes for mobility system software version 8.0.5 · pdf file28/01/2013 ·...

Documents