WM 5.4.2 Release Notes

Release Notes for Summit WM3000 Series WLAN Controllers and
AltitudeTM 4000 Series Access Points

Software Version 5.4.2
Extreme Networks, Inc.

3585 Monroe Street
Santa Clara, California 95051
(888) 257-3000
(408) 579-2800
http://www.extremenetworks.com
Published: April 2013

Part Number: 120806-00 Rev 4
AccessAdapt, Alpine, Altitude, BlackDiamond, Direct Attach, EPICenter, ExtremeWorks Essentials, Ethernet
Everywhere, Extreme Enabled, Extreme Ethernet Everywhere, Extreme Networks, Extreme Standby Router
Protocol, Extreme Turbodrive, Extreme Velocity, ExtremeWare, ExtremeWorks, ExtremeXOS, Go Purple Extreme
Solution, ExtremeXOS ScreenPlay, ReachNXT, Ridgeline, Sentriant, ServiceWatch, Summit, SummitStack, Triumph,
Unified Access Architecture, Unified Access RF Manager, UniStack, XNV, the Extreme Networks logo, the Alpine
logo, the BlackDiamond logo, the Extreme Turbodrive logo, the Summit logos, and the Powered by ExtremeXOS
logo are trademarks or registered trademarks of Extreme Networks, Inc. or its subsidiaries in the United States
and/or other countries.
sFlow is the property of InMon Corporation.
Specifications are subject to change without notice.
All other registered trademarks, trademarks, and service marks are property of their respective owners.
2012 Extreme Networks, Inc. All Rights Reserved.
Release Notes for Summit WM3000 Series WLAN Controllers and AltitudeTM 4000 Series Access Points
Contents
Chapter 1: Release Notes for Summit WM3000 Series WLAN Controllers and AltitudeTM 4000 Series
Access Points ............................................................................................................................................. 5
Overview ..................................................................................................................................................................5
New Features in Version 5.4.2 .................................................................................................................................6
ETSI EN 301 893 v1.6.1 Compliance ...............................................................................................................6
Feature Matrix ...................................................................................................................................................7
Demo Features in v5.4 ......................................................................................................................................9
Supported Wireless WAN Cards ............................................................................................................................11
Supported Web Browsers ...............................................................................................................................11
Controller Licensing................................................................................................................................................12
Virtual Controller Capability ....................................................................................................................................12
Installation Guidelines ............................................................................................................................................13
Upgrade/Downgrade Matrix ............................................................................................................................14
Upgrade/Downgrade for WM3000 Series Controllers .....................................................................................15
Controller Upgrade/Downgrade between v5.x Images ............................................................................15
Controller Upgrade from v4.3.x (or higher) to v5.4.2................................................................................16
Controller Downgrade from 5.4 to 4.x ......................................................................................................17
Configuration Restoration ........................................................................................................................17
Upgrade/Downgrade of 4600 Access Points ..................................................................................................17
Upgrade/Downgrade for Dependent Access Points........................................................................................17
AP4600 Downgrade from 5.x to 4.x .........................................................................................................18
AP4600 Adoption after Upgrade ..............................................................................................................18
Upgrade/Downgrade for Adaptive Access Points ...........................................................................................19
Upgrade/Downgrade between v5.x Versions...........................................................................................19
AP4700 Upgrade from v4.x......................................................................................................................19
AutoInstall...............................................................................................................................................................21
Important Notes ......................................................................................................................................................22
WM3700 Notes ...............................................................................................................................................29
WM3600 Notes ...............................................................................................................................................29
AP4600 Notes .................................................................................................................................................29
AP4700 Notes .................................................................................................................................................29
AP4511 Notes .................................................................................................................................................30
Issues Fixed ...........................................................................................................................................................31
Known Issues .........................................................................................................................................................33
Customer Support ..................................................................................................................................................35
Registration .....................................................................................................................................................35
Documentation ................................................................................................................................................35
Service Notifications........................................................................................................................................35
CHAPTER
Release Notes for Summit WM3000

Series WLAN Controllers and
AltitudeTM 4000 Series Access Points
Overview
These release notes document the Extreme Networks Wireless Mobility software version 5.4.2 that is
applicable to the Summit WM3000 series wireless controllers and the Altitude 4000 series access
points (AP).
Wireless Mobility v5.4.2 continues to build on the innovative architecture of the Extreme Networks
802.11n Enterprise WLAN portfolio and delivers key enhancements with focus on security, routing, and
high availability.
This software is fully described in the WirelessMobility 5.4 System Reference Guide and Altitude 4000 Series
Access Point System Reference Guide, Software Version 5.4, which can be found on the Extreme Networks
documentation website at: http://www.extremenetworks.com/go/documentation.
NOTE
The Wireless Mobility 5.4 Controller System Reference Guide and Wireless Mobility 5.4 CLI Reference
Guide may contain references to products not yet released. These release notes contain the most reliable list of
products currently supported.
New Features in Version 5.4.2

Wireless Mobility v5.4.2 is a maintenance release that introduces the following new functionality:
802.11r support (fast BSS transition)
Time-based WLANs
Aeroscout support
Several L2TPv3 enhancements
Support for LDAP attributes in role-based firewall
ETSI EN 301 893 v1.6.1 Compliance

Wireless Mobility v5.4.2 has ETSI EN 301 893 v1.6.1 compliance for all platforms. On some APs,
compliance with the requirement is accomplished by disabling appropriate channels. This applies to EU
countries and those that follow ETSI DFS rules.
For existing customers who upgrade to v5.4.x, please see expected behavior below:
Some APs may see different supported channels in 5 GHz bands as compared with those in previous
software releases. In Indonesia, only 2.4 GHz is allowed on all AP platforms.
WARNING!
1) Before upgrading to v5.4, ensure that the AP is configured for the correct country code. If the country code is
configured to an EU country but you intend to deploy the AP outside of the EU, you will not be able to do so after
upgrading.
2) After upgrading to v5.4, never configure the country code to an EU country if you do not intend to deploy it in an
EU country. Doing so will permanently lock the AP to the EU regulatory domain.
For ROW SKUs deployed in (configured to) countries outside of EU, the EU countries will still be
included in the drop-down list. If an EU country is re-selected and committed, the radios will come
up and the AP will become permanently configured for EU regulatory domain and can no longer be
used for non-EU countries. The AP mode conversion occurs immediately and is permanent even
without an AP reboot.
For ROW SKUs deployed in (configured to) an EU country, the non-EU countries will still be
included in the drop-down list. The radios will not come up if an non-EU country is re-selected.
To check if an ROW AP is converted to supporting EU regulatory domain only, access to the AP CLI:
-
If the ROW AP is in the original ROW mode, it shows:
ap4021-715414>show version
.....
Model number is AP4021i-ROW
.....
If the ROW AP is converted to supporting EU regulatory domain only, it shows:
ap4021-715414>show version
.....
Model number is AP4021i-ROW (EU)
.....
Feature Matrix
This section describes the new features introduced in Wireless Mobility v5.4.2 over v5.4.0 applicable to
the platforms listed in Table 12, Table 13, and Table 14.
Table 1: Wireless Features
Functionality
Benefit
802.11r support
IEEE 802.11r-2008 or fast BSS transition (FT) is a standard to permit

continuous connectivity aboard wireless devices in motion, with fast
and secure handoffs from one base station to another managed in a
seamless manner. 802.11r support is tested with Apple IOS 6 devices.
Time Based WLANs
WLANs can be turned on/ off at specific times of day. e.g. Guest
Access can be provided during working hours only. Provides
compatibility with WM 4.x. Available on all platforms.
Locationing with Aeroscout
Locationing support has been introduced with Aeroscout systems.

Available on AP4710, AP4600, and AP4532.
LDAP Attributes in role matching

criteria
Users are granted access to the network based on active directory

attributes using the Role Based Firewall. This allows the network
administrator to define and use consistent roles across wired and
wireless, thereby providing a unified management approach across the
entire network.
NOTE
Support is limited to Active Directory only. This feature is not
supported with other LDAP servers (e.g., OpenLDAP).
Table 2: Security
Functionality
Benefit
Auto IPSec secure
This feature will secure the L2TPv3 control and data traffic between
L2TPv3 tunnel initiator (AP / controller) and the controller / IPSec
gateway. This will be a per L2TPv3 tunnel peer configuration and if
enabled, then first the IPSec tunnel will be established between the
L2TPv3 tunnel initiator and the controller / IPSec gateway and after
this, the L2TPv3 tunnel will establishment over the IPSec tunnel.
Per VLAN firewall turn off
This feature will enable the user to disable firewall for a given VLAN
and hence flow table size need not be increased.
L2TPv3 client
Wireless Mobility 5.4.2 will add support for L2TPv3 client on following
platforms: AP4532, AP4522, AP4521.
This section summarizes the feature support matrix across product families for features introduced in
v5.4.2.
Table 3: Mesh Feature Matrix (Controllers and Dependent APs)
Feature
WM3000
AP4600
AP4022
AP4021
MeshConnex on Premium APs
N/A
MeshConnex Backhaul Detection
N/A
Table 4: Retail Guest Access and Analytics Feature Matrix (Controllers and Dependent APs)
Feature
WM3000
AP4600
AP4022
AP4021
Device Fingerprinting
Guest Access Analytics
N (Syslog
only)
N (Syslog
only)
N (Syslog
only)
N (Syslog
only)
Table 5: Security and Tunneling Feature Matrix (Controllers and Dependent APs)
Feature
WM3000
AP4600
AP4022
AP4021
L2TPv3 Termination for Guest Access

Deployments & Centralized Traffic Tunneling
L2TPv3 Client
N/A
Y (from 5.3)
Table 6: Wireless Feature Matrix (Controllers and Dependent APs)

Feature
WM3000
AP4600
AP4022
AP4021
Increased RF Domain Manager capacity to 64

APs
GUI Config Import/ Export from local hard disk
N/A
N/A
N/A
IPsec VPN
WLAN Auto Shutdown
Y
(WM3411)
This section describes the features available to the independent access points listed in Table 12, Table 13,
and Table 14.Y
Table 7: Mesh Feature Matrix (Independent APs)
Feature
AP4700
AP4532
AP4522
AP4521
AP4511
Mesh Connex on Premium APs
MeshConnex Backhaul Detection
Table 8: Retail Guest Access and Analytics Feature Matrix (Independent APs)
Feature
AP4700
AP4532
AP4522
AP4521
AP4511
Device Fingerprinting
Guest Access Analytics
N (Syslog
only)
N (Syslog
only)
N (Syslog
only)
N (Syslog
only)
N (Syslog
only)
Table 9: Security and Tunneling Feature Matrix (Independent APs)

Feature
AP4700
AP4532
AP4522
AP4521
AP4511
L2TPv3 termination for guest access deployments

and centralized traffic tunneling
NA
N/A
N/A
N/A
N/A
L2TPv3 Client
Y (from
5.3)
Y (from
5.3)
Table 10: Wireless Feature Matrix (Independent APs)

Feature
AP4700
AP4532
AP4522
AP4521
AP4511
Increased RF Domain Manager capacity to 64

APs
GUI config Import/Export from local hard disk
IPsec VPN
WLAN Auto Shutdown
Demo Features in v5.4

Release 5.4 includes additional features that are provided for purposes of demo or trials only and in
controlled lab environment. These are not officially supported features. No telephone or web support
will be provided for these features. These features will be officially supported in a follow-on release.
Table 11: Demo Features in v5.4
Functionality
Benefit
Wireless
Time Based WLANs
WLANs can be turned on/ off at specific times of day. e.g. Guest Access
can be provided during working hours only. Provides compatibility with
Wireless Mobility 4.x. Available on all platforms.
Time and Bandwidth Base

voucher
This feature will add ability to configure time (where system tracks actual
time spent) or bandwidth (where system track actual bandwidth/throughput
used) based vouchers for captive portal.
Locationing with Aeroscout and

Ekahau
Locationing support has been introduced with Aeroscout and Ekahau

systems. Available on AP4700, AP4532, and AP4600.
LDAP Attributes in role matching

criteria
Users are granted access to the network based on active directory attributes
using the Role Based Firewall. This allows the network administrator to
define and use consistent roles across wired and wireless, thereby providing
a unified management approach across the entire network.
E-mail/SMS credentials for

captive portal
This feature will add ability to display Self Registration information and send
captive portal credentials over e-mail or SMS.
iPass Certification
Support for iPass supplicant client used for Wi-Fi access for some hotspot
vendors.
Wired Networking
802.1x wired authentication
802.1x Wired Port Authentication is provided for AP4511 and WM3400/

WM3411 controllers. MAC authentication is NOT included at this time.
Compatibility Matrix
Each wireless controller or independent/adaptive AP requires its own unique software image. Images
from a different product will be rejected during any installation attempt. Wireless Mobility v5.4.2.2
supports the following platforms with the corresponding firmware images:
Table 12: Controller Platform Firmware Images
Controller Platform
Firmware Image
WM3400
WM3400-5.4.2.0-031R.img
WM3411
WM3400-5.4.2.0-031R.img
WM3600
WM3600--5.4.2.0-031R.img
WM3700
WM3700--5.4.2.0-031R.img
Table 13: Dependent AP Platform Firmware Images

AP Platform
Firmware Image
AP4600
Included in the controller image
AP4021
AP4022
Table 14: Independent/Adaptive AP Platform Firmware Images

AP Platform
Firmware Image
AP4511
AP4511-5.4.2.0-031R.img
AP4521
AP4521-5.4.2.0-031R.img (included in controller image)
AP4522
AP4532
AP4700
AP4700-5.4.2.0-031R.img
Adaptive APs may be configured by a controller but can retain their configuration and survive the loss
of connectivity to their parent controller. Independent APs are Adaptive APs that can operate without a
wireless controller.
Dependent APs are configured by a controller but must maintain connection to their parent controller
(or be adopted by a standby controller) to remain operational.
NOTE
The Altitude 3500 Series access points are not supported by the Wireless Mobility version 5 software.
NOTE
The software image for the Altitude 4600 Series, AP4021,and AP4022 dependent access points is
embedded within the controller images and does not require any specific installation step.
10
Supported Wireless WAN Cards

The 3G wireless WAN feature on the WM3400/WM3411/WM3600 controller and dual-radio AP4700 is
supported using one of the WLAN cards shown in Table 15 (via the ExpressCard slot). Selection of an
ExpressCard 3G wireless WAN card is dependent on the offerings of the local service providers in the
area of operation of the controller. The following 3G wireless cards are supported for coverage in
various regions around the world:
Table 15: Supported Wireless WAN Cards for Regions
Region
Service
Provider
Americas
Card
Technology
Support
AT&T
Option GT Ultra Express or

Option GE 0302
Tri-band HSDPA and quadband EDGE
WM3600
WM3400/3411
AP4700
Americas
Verizon
Verizon Wireless V740 or V770

Express cards
CDMA 1xEVDO (Rev.A/0),

1xRTT (800/1900 MHz)
WM3600
WM3400/3411
AP4700 (V770
only)
Americas
Sprint
Sprint Novatel Merlin C777

Express card
CDMA Rev A, and EV-DO

and 1xRTT
WM3600
WM3400/3411
Novatel Merlin XU870
Tri-band HSDPA/UMTS and

quad-band EDGE/GPRS
WM3600
WM3400/3411
AP4700
Vodafone Option E3730 3G

Broadband Express Card
Tri-band HSDPA/ HSUPA

and quad-band EDGE
WM3600
WM3400/3411
Sierra Aircard 880E (or Telstra

Turbo 7 Series Express Card in
Australia)
Tri-band HSPA/UMTS and

quad-band EDGE/GPRS
WM3600
WM3400/3411
AP4700
All
Europe Africa
Vodafone
All
Supported Web Browsers

The Graphical User Interfaces of the devices require the browser to be capable of running Adobe Flash
Player v10. The following browsers have been validated:
Internet Explorer 6.0, 7.0, 8.0
Internet Explorer 9.0 in Compatibility Mode only (not recommended)
Firefox 3.5, 3.6, 4.0
Chrome 10.0
Safari 5.0
11
Controller Licensing
The supported licenses on the controllers in Mobility Wireless v5.4.2 are shown in Table 16.
Table 16: Maximum License Capacity per Controller Platform
Adaptive AP licenses
applicable to:
AP47XX
AP4532
AP45XX
AP402X
AP licenses applicable
to:
AP47XX
AP45XX
WM3400/WM3411
WM3600
WM3700
Up to 36
Up to 256
Up to 1024
Up to 6
Up to 48
Up to 256
AP License
AP4532
AP402X
Virtual Controller Capability

Independent Access Points can be deployed in controller-less environments with one Access Point being
the Virtual Controller (VC) for the others APs. Maximum capacity of a Virtual Controller Access Point
is to be able to manage 24 other APs of the same model.
Virtual controller provides controller-like features such as:
Firmware Updates for the other like APs on that location
Configuration Management for the other APs
Statistics collection and aggregation
Troubleshooting for all the other APs on that location.
In addition to the above, an AP acting as a virtual controller supports all the features of an Independent
AP as well, as outlined above in these release notes. Enabling VC mode on an AP does not require a
license. An AP when in VC mode can have one RF Domain and one profile. Any AP specific
configurations that do not conform to that common profile will need to be configured as device
overrides for that particular AP.
12
Installation Guidelines
This section provides installation, upgrade, and downgrade information for WM3000 Series Controllers
and Altitude 4000 Series Access Points.
NOTE
Upgrading a device running v4.x to v5.4 will not retain the device v4.x configuration.
The following installation guidelines apply to controllers:
When downgrading from v5.4 to a lower version via RF domain please see the first note in
Important Notes on page 22.
AP4522 v5.2.3.0-008R must be first upgraded to v5.2.3.0-040R before it can be upgraded to v.5.4.
Adaptive APs deployed in v4.x will retain their static IPs upon upgrade.
Controllers will retain their v4.x IPs upon upgrade to v5.4 (unlike v5.1). Basic network and port
settings that are needed to establish connectivity with the switch will be retained as well when a v4.x
controller is upgraded to v5.4.
Firmware upgrades can take several minutes; aborting an update by removing power may damage
the AP or controller. Please allow time for devices to complete the upgrade. APs connected directly
to WM3400 and WM3600 controllers need the controller to stay active until the upgrade completes.
Both the controller and the AP should be upgraded to the same versions; a firmware mismatch can
cause network disruptions and should be avoided. When upgrading, the controllers should be
upgraded first, and then upgrade the APs. When downgrading, the APs should be downgraded
first, and then downgrade the controller.
There are several changes/fixes done to Smart-RF in v5.2 release. If upgrading to v5.4.x from a
version prior to 5.2, execute the following commands to ensure proper Smart-RF function:
service
service
service
service
smart-rf
smart-rf
smart-rf
smart-rf
clear-config
clear-config on rf-domain
clear-history
clear-history on rf-domain.
The VPN feature has been re-implemented in v5.3.x to provide a common, more optimized
implementation on controllers and APs. Use the config migration utility to migrate the VPN
configuration when upgrading from a v4.x release to a v5.3.x configuration. Be sure to save the old
VPN configuration filesthey will need to be re-entered on a downgrade from v5.3.x (or higher) to
earlier v5.x releases, which do not support the new VPN functionality.
CAUTION
Users are strongly cautioned against upgrading any Wireless Mobility device from the Boot OS prompt at
the serial console. Upgrading from the Boot OS prompt is not a recommended and supported upgrade
methodology.
13
Upgrade/Downgrade Matrix
Table 17 lists the supported Upgrade/Downgrade possibilities for the various platforms:
Table 17: Upgrade/Downgrade Matrix for Dependent/Adaptive APs
Dependent/Adaptive with
WM3000 Controller
Upgrade from
Downgrade to
Notes
WM3000 controller + AP4600
v4.3.1 onward on the

controller
v4.3.3 on the controller
AP4600 image is
contained within the
controller image

AP
controller
v4.1.3 on the AP
AP4700 image is not

within the controller
image
v5.1 onward on the

AP
v4.3.x onward on the
controller
v5.1 on the AP and

controller
AP4511 image is not

controller image
v5.3.1 onwards
v5.3.1 onwards
AP4532 image is
controller image
v5.3.1 onwards
v5.3.1 onwards
AP4521 image is
controller image.
v5.3.1 onwards
v5.3.1 onwards
AP4021 image is
controller image.
v4.3.3 on the controller
Controllers need to be on 5.3.1 to

be able to adopt AP4521.
Controllers need to be on 5.3.1 to
be able to adopt AP4021.
NOTE
The Summit WM3400, WM3600, and WM3700 series controllers must be upgraded to v4.2 prior to
upgrading to v.5.3.0. If the controller is running v4.3 or 5.1.x, it can be directly upgraded to v5.4.0.
NOTE
The Summit WM3411 controller is supported by software version 5.2.0.0-69R and later. Do not downgrade
it to a previous version
Table 18: Upgrade/Downgrade Matrix for Access Points

Independent / Adaptive AP
Upgrade From
Downgrade to
Notes
AP4511
v5.1 onwards
v5.1 onwards
Downgrade to v 5.0.1 is
not recommended.
AP4521
v5.2.x onwards
v5.4 onwards
AP4522
v5.4 onwards
v5.4 onwards
AP4532
v5.1 onwards
v5.1 onwards
AP4700
v4.1.1 onwards
v4.1.5
14
When operating with controllers, ensure that the controller and APs are running the same Wireless
Mobility version after the upgrades are complete.
Upgrade/Downgrade for WM3000 Series Controllers

The method described in this section uses the Command Line Interface (CLI), the Graphical User
Interface (GUI), or the AutoInstall procedure. To log into the CLI, either SSH, Telnet, or serial access can
be used. The WM3400 controller will be used in the examples below.
Controller Upgrade/Downgrade between v5.x Images

This section describes the upgrade/downgrade procedure for controllers running v5.x software. To
determine a compatible downgrade controller image, see Upgrade/Downgrade Matrix for Dependent/
Adaptive APs on page 14.
Upgrade/Downgrade from the CLI:
1 Copy the WM3400-5.4.2.0-031R.img to your tftp/ftp server.
2 Log into the CLI using either SSH or Telnet, and initiate the upgrade/downgrade process.
The following examples show the syntax for ftp and tftp protocols:
upgrade ftp://<username>:<password>@<ip address of server>/<name of file>
upgrade tftp://<ip address of server>/<name of file>
3 Restart the controller using the reload command.

Upgrade/Downgrade from the GUI:
1 Copy the target image to your TFTP/FTP server.
2 Log into the GUI from a browser.
3 Select Operations > Devices, and choose the device to upgrade from list of devices in the left pane.
4 Click Load Firmware. The Firmware Upgrade dialog is displayed.
5 On the Firmware Upgrade dialog, click Advanced. The advanced options are displayed.
6 Specify the following advanced options:
Protocol
The desired file transfer protocol. Select from the dropdown list.
Port
The TCP port to use.
Host
The IP address or hostname of the server.
Path/File
The path and filename of the upgrade file on the server.
7 Click Apply, and then wait for the file download to complete and the Firmware Update dialog to
close.
8 Click Restart.
15
Controller Upgrade from v4.3.x (or higher) to v5.4.2

This section describes the upgrade procedure for upgrading to v5.4 software from the CLI or GUI.
CAUTION
When upgrading from v4.x to v5 system, most configuration items are not retained or converted.
The configuration must otherwise be recreated.
From the CLI:

1 Copy the WM3400-5.4.2.0-031R.img to your tftp/ftp server.
2 Log into the CLI using either SSH or Telnet, and initiate the upgrade/downgrade process. Enter the
following syntax:
upgrade ftp://<username>:<password>@<ip address of server>/<name of file>
upgrade tftp://<ip address of server>/<name of file>
3 Restart the controller using the reload command.

4 Specify the following file transfer options:
From
Source of the upgrade file. Select from drop-down list.
File
Name of the upgrade file.
Using
Desired file transfer protocol. Select from drop-down list.
Port
TCP port to use.
IP
IP address of the server.
User ID
User ID on the server.
Password
Password.
Path
Path of upgrade file on the server, if necessary.
5 Click Do Update and then wait for the file transfer to complete and the Update dialog to close.
6 Click Restart.
From the GUI:
1 Copy the WM3400-5.4.2.0-031R.img controller image to your TFTP/FTP server.
2 Log into the GUI from a browser.
3 Select Controller > Firmware > Update Firmware.
4 Restart the controller.
NOTE
Use FTP to upgrade to v5.4 on an WM3600, and not TFTP, if using the ge1 port.
NOTE
Due to hardware refresh component changes on controllers WM3400/3411, WM3600, and WM3700,
downgrade/upgrade to any software version that does not support the new hardware components will be prevented.
The following currently released versions do not support the new hardware: all v4 versions prior to v4.4.1 and all v5
versions prior to v5.3.x.
16
Controller Downgrade from 5.4 to 4.x

1 Copy the WM3400-4.3.X.X-XXXR.img controller image to your TFTP/FTP server.
2 Use the upgrade ftp://<username>:<password>@<ip address of server>/<name of file> or
upgrade tftp://<ip address of server>/<name of file> command from CLI or Switch >
Firmware > Update Firmware option from the GUI.
3 Restart the controller. From CLI the command is reload.
On downgrade from v5.x to v4.x, the controller will save copies of the v5.x configuration files in the
eventuality of a later upgrade back to v5.x. Conversely, any previously saved v4.x configuration file if
available from an earlier upgrade is restored back.
Configuration Restoration
On upgrade from 4.x to 5.x the 5.x, the controller will save the configuration file in another file on flash
and the 'startup-config' will then point to the 5.x default startup-config. The configuration file from 4.x
is renamed to startup-config-wing4. The password encryption file is also moved to /etc2/encryptpasswd-wing4.
On downgrade from 5.x to 4.x, the controller will save the 5.x configuration and it is moved to hidden
files of the same name (/etc2/.encrypt-passwd-wing5 and /etc2/nvram/.startup-config-wing5). On
downgrade from v5.x to v4.x, any previously saved v4.x config if present is restored.
Upgrade/Downgrade of 4600 Access Points

Upgrade/Downgrade for AP4600 to/from v4.x to v5.x is seamless and done automatically by the
controller.
Upgrade from v5.1 to a v 5.4 will also happen seamlessly, as the controller adopting the AP4600 is
upgraded to v5.4. The same applies to a downgrade to v5.4.
Upgrade/Downgrade for Dependent Access Points

Upgrade/Downgrade for AP4600 from/to v4.x-compatible firmware to/from 5.x-compatible firmware
is seamless, and done automatically by the controller.
Upgrade from any v5.x to a v5.4 will also happen seamlessly, as the controller adopting the AP4600 and
AP4021 is upgraded to v5.4. The same applies to a downgrade from v5.4.AP4600 Upgrade from 4.x to
5.4.2
Upgrade for AP4600 to/from v4.x to v5.x prior to v5.4 release is seamless and done automatically by
the controller.
A v5.x controller can upgrade an AP4600 running 4.x code to 5.x using the WISPe upgrade. This
capability is enabled using legacy-auto-update command for the controller, which is found under the
device or profile. The controller will first adopt the access point using the standard WISPe protocol
messages (just as a 4.x controller would adopt it) and then download the new image to it, which will
convert the AP to the version 5.x code.
The legacy-auto-update command is enabled by default. If the command is disabled, use the
following CLI instructions to enable it:
17
wm3400-22A136#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.

wm3400-22A136(config)#profile wm3400 default-wm3400
wm3400-22A136(config-profile-default-wm3400)#legacy-auto-update
wm3400-22A136(config-profile-default-wm3400)#commit
wm3400-22A136(config-profile-default-wm3400)#
In v5.4.x, enable the FTP server on the controller for legacy-auto-update to work.The AP4532 can be
automatically downgraded to a 4.x version of the AP by connecting it to a controller running the
version 4.x. The AP tries to discover both 4.x as well as 5.x controllers by default, and if it does not find
a 5.x controller, but does find a 4.x controller, then it will adopt to it. As part of the adoption, the 4.x
controller will download a 4.x image to the AP.
For AP4532, upgrade from v4.x to v5.4.x is not seamless and requires additional steps. AP4532 should
first be updated to any v5.2.x or 5.3.x image.
Please set in the controller profile service wireless ap4532 legacy-auto-update-image <PATH:/
ap.img> to point to v5.2.x or v5.3.x AP4532 image.
Example:
1 Copy the AP4532 v5.2 image on the RFS flash:
wm3400-22A1B8#copy tftp://<Server IP>/ AP4532-5.2.0.0-069R.img
5.2.0.0-069R.img
flash:/AP4532-
2 Use the command below to first upgrade the APs to a v5.2 image
wm3400-22A1B8#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.

wm3400-22A1B8(config)#self
wm3400-22A1B8(config-device-XXX)#service wireless ap4532 legacy-auto-update-image
flash:/AP4532-5.2.0.0-069R.img
3 If auto upgrade is enabled, AP4532 will get upgraded to v5.4.1 once it adopts to the controller.
Otherwise, use use the command below to upgrade the AP4532 to v5.4.1:
wm3400-22A1B8#ap-upgrade ap4532 <DEVICE>
AP4600 Downgrade from 5.x to 4.x

The AP4600 can be automatically downgraded to a 4.x version of the AP by connecting it to a controller
running the version 4.x. The AP tries to discover both 4.x as well as 5.x controllers by default, and if it
does not find a 5.x controller, but it does find a 4.x controller, then it will adopt to it, and as part of the
adoption the 4.x controller will download a 4.x image to it.
AP4600 Adoption after Upgrade

If the access point was adopted at layer 2 or was using DHCP options to get adopted by the controller,
there is no change in adoption method from the upgrade. The AP connects back to the controller the
same way.
18
If the access point had a static IP address or the controller was specified on the AP using a static IP
address, these static IP addresses are currently not maintained across the upgrade from 4.x to 5.x. The
access point is set to factory defaults by the upgrade process (vlan1-dhcp).
In this case, administrators have three options to gain connectivity to the upgraded AP:
1 Layer 2 connectivity between AP and controller: the AP gets adopted to the controller and a static IP
address can be configured again.
2 DHCP address retrieval: The default configuration of the AP is DHCP client on vlan1. Retrieving the
IP address assigned to the AP from DHCP server logs will allow connection to the AP to set a static
IP address.
3 Use of the AP shadow IP address: The default configuration of the AP also sets up a secondary IP
address (shadow IP) which is 169.254.x.y where x.y are the decimal values of the last 2 bytes of the
MAC address of the AP. Administrators can access the AP over this IP address and reconfigure the
static IP address.
Upgrade/Downgrade for Adaptive Access Points

Upgrade/Downgrade between v5.x Versions
This section describes the upgrade/downgrade procedure for Adaptive Access Points (AP4700 and
AP4500 series). To determine a compatible downgrade controller image, see Upgrade/Downgrade
Matrix on page 14.
To upgrade or downgrade, see:
Upgrade/Downgrade from the CLI: on page 15
Upgrade/Downgrade from the GUI: on page 15

NOTE
If AP4532 and AP4521 are adopted by a controller the, upgrade/downgrade is automatic (like dependent
APs) because the AP image is contained in the controller image.
AP4700 Upgrade from v4.x

For AP4700s running 4.x firmware the released 5.x firmware (AP47XX-5.4.x.0-.img) should not be used
to upgrade the AP to 5.x. Instead, for every 5.x release, there is a corresponding migration image to 5.x
(AP4710-5.4.X.0-0XXR.bin). For more information, please refer to AP4700 Notes on page 29.
AP Upgrade Options
Wireless Mobility v5.x supports AP firmware upgrade from the controller. For firmware upgrade
through thecontroller, the firmware image needs to be loaded on a controller and the same can be used
for the upgrade of all the corresponding APs.
Available firmware on the controller can be checked using the following command:
wm3400-22A1B8#show ap-upgrade versions7
19
If AP firmware is not part of controller image, a new image can be uploaded using the following
commands:
wm3400-22A1B8#ap-upgrade load-image ?
ap4021 Upgrade an AP4021 device
ap47xx Upgrade an AP47XX device
Once the AP firmware is loaded on the controller, the options listed below are available for AP
firmware upgrade:
Option 1: Manual Upgrade. Firmware upgrade can be initiated on a single or a list of APs using the
following command:
wm3400-22A1B8#ap-upgrade ap47xx-16C7B4 ?
no-reboot
No reboot (manually reboot after the upgrade)
reboot-time
Schedule a reboot time
upgrade-time Schedule an upgrade time
wm3400-22A1B8#ap-upgrade ap47xx all ?
no-reboot
reboot-time
Option 2: Scheduled Firmware Upgrade. A firmware upgrade can be scheduled on a controller,

where upgrade and reboot times can be configured. Firmware upgrade on the APs follows the
configured upgrade time.
wm3400-22A1B8#ap-upgrade all ?
no-reboot
reboot-time
Option 3: Upgrade through RF Domain Manager. Manual firmware upgrade can be initiated
through a domain manager:
wm3400-22A1B8#ap-upgrade rf-domain default ?
all Upgrade all access points in rf domain
ap47xx Upgrade an AP47XX device
20
Option 4: Auto Upgrade. Auto firmware upgrade can be enabled on the controller using the
command below. Once this is enabled on the controller, any AP being adopted to the controllerif it
has a firmware version different than what is present on the controllergets upgraded to the version on
the controller.
wm3400-22A1B8(config-device-XXX)#ap-upgrade auto
The number of concurrent firmware upgrades can be configured based on the bandwidth available
between the controller and the APs. To do so, use the following command:
wm3400-22A1B8(config-device-XXX)#ap-upgrade count ?
<1-20> Number of concurrent AP upgrades
NOTE
Auto upgrade on the APs always happens through the controller.
AutoInstall
AutoInstall works via the DHCP server. This requires the definition on the DHCP server of a Vendor
Class and three sub-options (that can be either sent separately or under option 43):
Option 186defines the TFTP/FTP server and FTP username, password information (IP address and
protocol need to be entered as a string: ftp://admin:admin123@192.168.1.10)
Option 187defines the firmware path and file name
Option 188defines the configuration path and file name
The DHCP vendor class parameters for the various platforms are noted below:
ExtremeAP.ap4710
ExtremeAP.ap4562
ExtremeAP.ap4532
ExtremeAP.ap4522
ExtremeAP.ap4521
ExtremeAP.ap4511
ExtremeAP.ap4022
ExtremeWM.wm3700
ExtremeWM.wm3600
ExtremeWM.wm3400
Autoinstall of firmware and autoinstall of configuration can be enabled or disabled. Ensure to enable
ip dhcp client request options all on the VLAN interface which is being used to perform the
above autoinstall.
21
Important Notes
The following is a list of Important Notes for the new features introduced Wireless Mobility v5.4.2:
1 When upgrading from prior versions, new profiles for newly supported platforms will not be
present in the startup-config. You can create a default profile or enter erase startup-config.
2 Mismatch in controller and AP version (5.4.2 and below) will cause extended VLANs to not work
properly.
3 ADSP SA cannot be run through a mesh with AP4710 tri radio; non root AP has 3rd radio as sensor.
4 Interoperability with Samsung S2 devices: A Samsung Galaxy S2 device sometimes fails to connect
using EAP-MAC authentication and WEP64 encryption. It is recommended to reduce the number of
attempts (authentication eap wireless-client attempts) from default 3 to 2.
5 With 802.11r enabled, some clients might have problems associating to the WLAN. Please create a
different WLAN for non-802.11r enabled clients.
6 ADSP Spectrum Analysis does not work over a mesh connection.
7 The MCX max range feature has a maximum range of 25 kilometers, except for 5 GHz / 40 MHz
channels where the range is 24 km.
8 The following table lists the DFS support in v5.4 for the supported radio platforms:
Radio Platform
Master DFS- Master DFS

FCC
ETSI
Master DFS- Client DFSJapan

FCC
Client DFSETSI
Client DFSJapan
AP4600/AP4532 Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
AP4700
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
AP4511
Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
AP4021/AP4521 Enabled
Enabled
Enabled
Enabled
Enabled
Enabled
WM3411
Disabled
Enabled
Disabled
Disabled
Enabled
Disabled
The following is a list of Important Notes for the features introduced in Wireless Mobility v5.4.0 and
5.4.1:
1 Version 5.4 and above enforces the limit of policies on standalone APs. The current limit for DHCP,
L2TPv3, and other policies is one policy per AP. When upgrading from v5.3 where the limit was not
enforced, only one policy will be maintained going forward.
2 Please use following recommendations when configuring VMM feature:
Disable L2 Stateful Packet Inspection in Firewall Policy.
Disable Dynamic Chain Selection on the radio.
Use Opportunistic Rate Selection on the radio.
Disable A-MPDU Aggregation if vehicular speed is greater than 30 mph.
Set RTS-Threshold to one (1) on all mesh devices.

NOTE
For more detail use case scenarios, see AP4763 VMM How-To guide.
3 We recommended disabling IP DoS attacks in firewall policy when configuring IGMP snooping.
22
4 When downgrading APs from v5.4 to a lower v5.x through RF domain, downgrade without
reloading APs and then do a manual reload on the RF domain. The following are the CLI commands
for this procedure:
ap-upgrade rf-domain <RF domain name> all no-reboot
This downgrades all APs (including the RF domain manager) without rebooting them.
reload on <RF domain name>
This reboots the entire RF domain.
5 The Firewall has been enhanced in v5.4 to a per-VLAN firewall which can be enabled or disabled on
a per-VLAN basis. Per-VLAN Firewall is enabled by default. It can be enabled using firewall CLI
command and disabled using the no firewall command.
6 Version 5.4 adds support for the new USB chip for WM3600. Support was added for the new power
supervisor chip previously.
7 Number of CRM policies are limited to onefor AP4511, AP4521, and AP4021. Number of CRM
policies are limited to four for AP4532, AP4600, AP4700, and WM3411.
8 Telnet is disabled on AP4021, AP4521, and AP4511 because these have limited memory.
9 On AP4511, AP4521, or AP4021, when adopted by a controller, the GUI is disabled to make the
memory available for other core functions such as additional mint routes. It is assumed that when an
AP is adopted to a controller, the controllers GUI will be used for its configuration. To re-enable the
GUI on these APs, use the memory profile parameter. Note that when an adopted AP (4521, 4511)
is separated from a controller to operate in standalone mode, the GUI will remain disabled due to
this feature, unless the above command is used.
If APs are already separated from the controller;
a Connect to AP CLI.
a Set memory profile to 'standalone' under device override or profile context.
If APs are currently adopted to controller then memory profile configuration change can be applied
from controller CLI.
a Connect to Controller CLI.
a Set memory profile to 'standalone' under AP profile context.
Changing the memory profile reboots the AP, which then comes up with GUI. For example:
CONTROLLER(config-profile-default-ap4511)#memory-profile (adopted | standalone)
10 When using Juniper ex2200-24p-4g or related models when connecting access points, disable IGMP
snooping on the Juniper switches to ensure AP adoption.
11 Radius authentication of management users uses a different configuration model from v5.1. If
upgrading from v5.1 to v5.2 or higher and you are using RADIUS authentication for management
access, either change it to local authentication before upgrading, or make the mode 'fallback' and
then reconfigure after upgrade using the new configuration model (configuring under aaa-policy).
12 Client load balancing makes decisions based on the average load in a band, in a channel within a
band, and average AP load. Client load balancing ignores differences in what WLAN APs are
beaconing. Running client-load-balancing among APs with different WLAN configurations will
lead to decisions that may cause clients to not associate on a certain WLAN.
13 In v5.4, the antenna power table for AP4600s has been updated. Confirm power settings for the AP
after upgrade.
14 VPN feature has been re-implemented in v5.3 to provide a common, more optimized implementation
on controllers and APs. Use the CFGCV config migration utility when upgrading from a v4.x release
to v5.3.x. It is recommended that you save your old VPN config to assist in possible downgrades.
Refer to note 28 on page 25 for the VPN configurations that are not supported in v5.3.x (i.e., cannot
23
be converted by the migration utility). In particular, configurations containing AH and DES as IKE
encryption algorithm cannot be migrated. For upgrades from v5.1.x or v5.2.x to v5.3.1, the VPN
configuration migration is performed automatically; the offline configuration migration tool is not
required.
15 IPsec VPNThe primary VPN implementation differences in comparison to WM controllers on v4.x
or v5.x are:
Authentication Header (AH) is not supported in v5.x, but was supported in v4.x. Use ESP instead
of AH.
L2TP over IPsec is not supported in v5.x, but was supported in v4.x. Version 5.x supports
XAUTH and can be used with IPsec VPN clients. XAUTH has been tested with Cisco and Safenet
VPN clients.
IKEv2 was not supported in v4.x, but is now supported in v5.x.
DES encryption is not supported in the IKE proposal.
Transport mode is only supported for host-to-host rule; in other cases it will fall back to Tunnel
mode.
Transport mode NAT-Traversal is not supported for IKEv1 and IKEv2 in v5.x. This is supported
in tunnel mode.
In the case of IKEv1, if PFS option for IPSec SA (under crypto map entry) is configured on both
peers, then the value requested by the initiator is used for the tunnel. If the configured PFS value
on the initiator end is lower than that configured on the responder, the lower value is used. If PFS
is required, configure the same PFS value in both the peers.
The value of Kilobyte expiry of an IPSec SA (security-association lifetime kilobytes) can be

configured to be as low as 500KB. This has to be used with caution. If there is a lot of traffic on
the tunnel and the value is set to a very low value, the tunnel will end up in an indefinite
rekeying IPSec SA state. This value has to be determined based on the maximum traffic that is
expected on the tunnel and set such that there is an interval of at least a few minutes between
rekeys. It is recommended that this value be set to a minimum of 512000 (500MB).
Impact from lack of the above v4.x features is expected to be minimal.

16 IPsec VPN statistics: The following SNMP tables are not available for VPN statistics via SNMPthey
will be implemented in a future releasewingStatsDevVpnIpsecSaTable,
wingStatsDevVpnIpsecSaTrafficSelectorTable, wingStatsDevVpnIkesaTable
17 Built-in RADIUS server is not available on AP4521.
18 Auto-tunnel for VPN:
A single group id/PSK is supported on controllers. All APs use same group id/PSK.
When APs are behind NAT (e.g., two remote sites), it is required that the AP IP addresses are
different.
Auto IPsec tunnel termination has been verified on Cisco Gateways with PSK/RSA
authentication.
24
19 VRRP:
VRRP version 3.0 (RFC 5798) and 2.0 (RFC 3768) are supported. Default is version 2 to support
interoperability. Note that only version 3 supports sub-second failover.
Services like DHCP, RADIUS, NAT, and VPN running on the virtual IP are supported.
For DHCP relay, you can point to the DHCP server as virtual IP.
For VPN, on the initiator side, remote peer can be configured as virtual IP.
20 If using TFTP to upgrade an AP4511, AP4521, or AP4021, configure the following settings on the
TFTP server:
Per packet timeout in seconds: 15
Maximum retries: 20
21 When using iPods as clients, you may see WPA2 group key rotation handshake failures while MUs
are idle (2.4GHz band). Change the handshake timeout to 2 sec to correct this problem. From the
WLAN config, the cli command is: wpa-wpa2 handshake timeout X (where X is the timeout in
milliseconds [ms], within a range of 10-5000).
22 Auto assign sensor is not available for AP4511, AP4521, and AP4021 because this feature requires a
reboot on low memory devices, which cannot be done with Smart-RF enabled.
23 For IGMP Snooping version v2, v3, source specific multicast is not supported, this will be addressed
in a future release.
24 To safeguard against unknown attacks, it is recommended that management access be restricted to
authorized hosts/subnets. This can be done using the restrict-mgmt-access host/subnet CLI
command under management-policy.
25 Wireless controller and access point access protocols are:
HTTPS/SSHv2/SNMPenabled by default
26 HTTP/Telnetdisabled by default.
27 Important Default Configuration Changes from v4.x to v5.x
Description
v4.x
Controller default IP address
10.1.1.100 or 192.168.0.1, 192.168.0.1 for all devices

depending on the device
v5.x
HTTP enabled
On
Off
802.1X AP authentication
On
Off
28 Only two (2) controllers in a cluster are supported in v5.2., the same as in v5.1.x. Cluster creation has
changed in v5.2 as compared to v5.1.x To create a cluster in v5.2, do the following:
a Controller 1 needs to be fully configured and functional
b For Controller 2 to be added:
-
Login to Controller 1. Configure cluster name if not already configured.
Log in to Controller 2, setup an SVI with a static IP address and make sure you can ping
Controller 1 IP address. DHCP is not recommended for clustering since the IP address may
change later on and the cluster may not form.
From Controller 2, execute join-cluster <Controller 1 IP> username "admin" and the
administrators password
wm3400-22A3DE#join-cluster 10.10.1.1 username "admin" password "<admin_password>"
Joining cluster at 10.10.1.1... Done
Please execute "write memory" to save cluster configuration.
25
The requirement that the user has to know the admin username and password of Controller 1 makes
sure that only the admin can add new controllers to the cluster. To make sure cluster config persists
across reboots, user should do write mem explicitly after cluster is formed. The command join-cluster
changes only running-config, not startup-config.
29 The maximum number of clients per AP platform is as follows:
AP Platforms
Client Association Capacities
Dependent APs
AP4600
256
AP4021
128
Independent APs
AP4511
128
AP4700
256
AP4532
256
AP4521
128
30 The maximum number of WLANs supported per platform is as follows:

Controller Platform WLAN capacity
RF Domains
WM3700
256
1024
WM3600
32
256
WM3400
24
36
31 The default mode for a WLAN is tunnel. For local bridging, change the configuration to local
bridging.
32 TACACS+ for admin authentication/authorization and accounting is available only on the following
platforms:
AP4700
AP4532
WM3700
33 If using an 802.3af 10/100 power injector to power up the 802.11n APs, when plugged into a Gigabit
Ethernet wired switch, set link speed to 100 full, or use a Gigabit Ethernet Power Injector.
34 AP adoption: APs are adopted based on valid SKU identification strings, once discovered under the
Autoprovisioning policy. The SKU identification string is a manufacturing-programmed string that
most typically is a combination of the model number and authorized regulatory domain. An AP
with a mismatched identification string still gets adopted by the controller, but its radio(s) are not
enabled.
35 If the system flash is full (from either packet traces, crashfiles or ap-images), there may not be
enough space left on the device to create hotspot pages. In this case, users must clear enough space
from flash to allow hotspot pages to be created. Use the service clear crash-info or delete
<filename> CLI commands.
36 Firewall has to be enabled for captive portal operation.
37 Client load balancing makes decisions based on the average load in a band, in a channel within a
band and average AP load. Client load balancing ignores differences in what WLANs APs are
beaconing. Running client-load-balancing amongst APs with different WLAN config, may lead to
decisions that could cause clients to not associate on a certain WLAN.
38 The controller install wizard is available only on the WM3400 controllers.
26
39 APs have a shadow IP address that allows gaining access to the AP if the normal IP address of the
AP is not known. To derive the shadow IP address of an AP, use the last two hex bytes of the APs
MAC address to determine the last two octets of the IP address.
AP MAC address00:04:96:00:F0:0A
AP IP address equivalent169.254.240.10
To convert hexadecimal to decimal, you may use the Windows calculator as follows:
a With the Windows calculator displayed, select View > Scientific. Select the Hex radio button.
b Enter a hex byte of the APs MAC address. For example, F0.
c
Select the Dec radio button. The calculator converts the F0 to 240. Repeat this process for the last
AP MAC address octet.
40 Multi-cipher support: Some clients keep on sending de-authentication requests when associated to
WEP security WLAN in multi-cipher configuration. Use different BSSIDs for different ciphers with
the same WLAN.
41 Commit is not allowed with radio config having two WLANs mapped with different data rates, as
this is not a supported configuration.
42 When using centralized services over the WAN: For using centralized services from distributed
locations with extended VLANs, level 1 mint links need to be configured from the RF Domain
Manager at the remote sites to the controller at the central site (NOC).
43 Mesh and Smart-RF: exclude the Mesh APs from the Smart-RF domain, as there may be channel
changes due to RF interference that could disrupt the mesh link.
44 Air Defense sensor capabilities are supported on all the 802.11n APs in this release, and are available
for enabling the WIPS functionality as well as the Network Assurance Capabilities. There are some
caveats on managing the AP directly via the Air Defense ADSP appliance, for certain AP platforms:
Network Assurance Toolset when AP4021 / AP4511 /
Radio is dedicated as a sensor
AP4521
AP4022 /
AP4522
AP4532
AP4600
AP4700
Spectrum Analysis
No
No
Yes
Yes
Yes
Advanced Spectrum Analysis
Yes
Yes
No
No
No
Live RF
Yes
Yes
Yes
Yes
Yes
Live View
Yes
Yes
Yes
Yes
Yes
Connectivity Testing
Yes
Yes
Yes
Yes
Yes
NOTE
The GUI is disabled and the number of SSH sessions is limited to one for the APs listed in the table
below.
45 Radio Share functionality (allows for enabling the Network Assurance toolkit in ADSP, without
dedicating a radio as a sensor) is available on all the 802.11n APs with some caveatssee details
below:
Network Assurance Toolset
with Radio Share
AP4021 / AP4511 / AP4022 /

AP4521
AP4522
Spectrum Analysis
No
(see Note above)
Advanced Spectrum Analysis
Yes
AP4532
AP4600
AP4700
No (see
No
Note above)
No
No
No
No
No
No
27
Network Assurance Toolset

with Radio Share
AP4021 / AP4511 / AP4022 /

AP4521
AP4522
AP4532
AP4600
AP4700
Live RF
Yes
Yes
Yes
Yes
Yes
Live View
Yes
Yes
Yes
Yes
Yes
AP Testing
Yes
Yes
Yes
Yes
Yes
Connectivity Testing
Yes
Yes
Yes
Yes
Yes
NOTE
The GUI is disabled when Radio Share is enabled for the APs listed in the table below.
46 To disconnect a wireless client from the Wireless Clients display in the GUI, right-click on the
targeted client in the list and select the disconnect option.
Standalone/adaptive access points have the following general notes:

1 The radios in the AP will not beacon unless a country code setting is provided. Use the wizard or
the GUI to enable country code and change password.
2 When using the 3G WWAN functionality on the AP4710 (via an Express Card adapter):
Hot-swapping of the 3G cards, once plugged in and operational is not recommended, as it may
cause a system panic.
Before unplugging the card, make sure you shutdown.
If you encounter a panic doing hotplug, power off the device for one minute.
To troubleshoot 3G issues from the AP CLI:
Enter debug nsm all to see more detailed debugging messages about 3G.
If the card does not connect within a couple of minutes after "no shutdown", check syslog for
"detected ttyUSB0 No such file". If that's the case, reseating the card should clear the issue.
If the card has difficulty connecting to the ISP (i.e., syslog shows that it retries LCP ConfReq
for a long time), check if the SIM card is still valid and is plugged in correctly.
To configure:
Verizon PC770 & Sprint C777:
at$nwautoinstall=0
Option Ultra Express & Vodafone 3730:
at_oifc=3,1,1,0
To query/verify:
Verizon PC770 & Sprint C777:
at$nwautoinstall?
Option Ultra Express & Vodafone 3730:
at_oifc?
3 Enable the DHCP profile before configuring DHCP. DHCP client is enabled by default on the APs.
4 Basic IDS/IPS is available on the 802.11n Standalone and Virtual Controller AP modes. Advanced
WIPS with Rogue AP Containment is only available on the Wireless Controller based networks.
5 Role Based Firewall configuration is not available on the Standalone APs or on the Virtual Controller
APs.
28
6 For configuring Mesh, when APs are in standalone mode, MINT links need to be enabled between
the APs that mesh links need to be formed. When configuring Mesh:
a In the AP GUI, go to Configuration > Devices > Device overrides, select the AP.
b Go to Profile overrides > Interface > Radios. Open a radio that you'd like to use for mesh
connection.
c
Assign a WLAN to the radio. Under Mesh tab, set the radio to mesh portal.
d Go to Overrides > Network > Bridging VLAN.

e Add a bridging VLAN policy. Choose a VLAN X that you will use the mesh on. Set the bridging
mode to tunnel.
f
Go to Overrides > Advanced > MINT protocol, then click on VLAN tab on the right. Add VLAN
X.
g Save changes on the AP. You have completed configuring the mesh portal AP.
h Repeat the above on the AP that you'd like to use as mesh client. Make sure to choose 'mesh
client'. Mesh connection will then establish between the APs and provide IP connectivity. Mesh
connection statistics can be seen under Stats > System > RF Domain > Mesh.
WM3700 Notes
The CF card slot of the WM3700 controller is enabled for controllers with a hardware revision that is
REV 04 or later and disabled for earlier hardware revisions. The two USB ports on the controller can
be used for directly attached external storage devices with all revision of the controller hardware.
WM3600 Notes
A license key is no longer required to enable the Express Card 3G WWAN radio support on the
controller.
AP4600 Notes
After upgrade to v5.3.1, both the amber and green LEDs of the AP4600 will be ON solid while the AP is
adopted and not yet configured. Refer to the updated Altitude AP4600 Series Installation Guide available
from Extreme Networks.
AP4700 Notes
1 The AP4700 family features upgraded Gigabit Ethernet (GE) ports. These ports are labeled as
follows:
GE1/ PoE: GE1 is the LAN Port and supports 802.3af, 802.3at (draft) PoE.
GE2: GE2 is the WAN port.
2 On an independent AP4700, by default, the ge1 and ge2 ports are mapped to vlan1, and vlan1 has
primary IP as DHCP and secondary IP as zeroconf. In addition, different from v4.x, an AP4700 on
v5.x can bridge traffic between ge1 and ge2. Important default configuration changes from v4.x to
v5.x for AP4700:
29
Description
4.x
5.x
GE2(WAN) default IP address
10.1.1.1
Zeroconfig with DHCP client
GE1 (LAN)
DHCP client
Zeroconfig with DHCP client
Auto upgrade (Upgrade f/w, apply

config)
Enabled
Enabled
.1x authentication
Enabled
Disabled. Enabled once username/

password are configured.
Firewall
Enabled
Disabled for L2 and L3
Link Aggregation
N/A
Disabled
3 Dual radio models and tri-radio models can power up two radios and GE1 interface with 802.3af
power sources. At higher power levels, 2 radios and both Ethernet interfaces are fully functional in
the dual and tri-radio models. Single, dual and tri- radio models can also operate using an A/C
power supply. The third radio (dedicated WIPS sensor radio or a future modular off-the-shelf 3G
WAN Express Card) on the tri-radio model requires 802.3at, A/C power supply or a Gigabit
Ethernet PoE+ injector.
The following table shows the radio and LAN resources available under various power
configuration modes for the dual radio AP4710 models.
Available Power Radio
Radio Resources
Ethernet Port Configuration
Power Status: 3af (12.95W)
2 Radios
GE1 10/100/1000
Power Status: Mid Power (18W)
2 Radios
GE1 10/100/1000
GE2 10/100
Power Status: Full Power (24W)
2 Radios
GE1 10/100/1000
GE2 10/100/1000
The following table shows the radio and LAN resources available under various power configuration
modes for the tri-radio AP4750 models:
Available Power
Radio Resources
Ethernet Port Configuration
Power Status: 3af (12.95W)
2 Radios
GE1 10/100/1000
Power Status: 3at (24W)
3 Radios (Express Card

option supported with radios
at lower power)
GE1 10/100/1000
3 Radios (with Express Card)
GE1 10/100/1000
Power Status: Full Power (30W)
GE2 10/100/1000
GE2 10/100/1000
AP4511 Notes
When adopted by a controller, the AP4511 GUI is disabled to make the memory available for other
core functions, such as additional MINT routes. It is assumed that when an AP is adopted to a
controller, the controller GUI will be used for its configuration. To re-enable the GUI on these APs use the memory profile CLI command. Note that when an adopted AP4511 is separated from a
controller to operate in standalone mode, the GUI will remain disabled due to the earlier controller
configuration, unless the above command is used.
If APs are already separated from the controller:

-
Connect to AP CLI.
Set memory profile to standalone under device override or profile context.

30
If APs are currently adopted to controller then memory profile configuration change can be applied
from controller CLI.
-
Connect to Controller CLI.
Set memory profile to standalone under AP profile context.
Changing the memory profile reboots the AP which then comes up with GUI.
Example: CONTROLLER(config-profile-default-ap4511)#memory-profile (adopted |
standalone)
Issues Fixed
The following issues have been resolved in software version v5.4.2 since v5.3.
Table 19: Issues Fixed in v5.4.2
SPR/CQ ID
Description
22937
GUI: Delay when revoking license withaccessing "Association ACL" page when large number of
ACLs is defined.
23017
Mobile units incorrectly being denied Access to WLAN by MAC ACL when roaming between
WLANs.
23057
Tooltip shows incorrect information about virtual interface status.
23098
Issue with printing multiple vouchers.
23114
In v5.4, the list of users cannot be sorted properly by date.
23126
Error when setup banner motd with multiple lines in v5.x GUI.
23208
Disabling LEDs on profile / device level works fine but after reboot RFS AP will readopt and it
will start blinking.
23225
Captive portal accounting session ID got changed on mu roaming.
23237
Controller crash on periodic ADSP polling with virtual-defragmentation is disabled in firewall.
23254
Wired clients receive IP address from the wrong VLAN when AP4511 is reset.
23259
Mesh security gets stuck in Init state.
23292
LED SYS 1 & 2 lights blinking green and amber (boot up error by definition), though controller
is up and operational.
23294
L2TPv3: Stale entries with "waiting for scccn" state is created on the concentrator.
23301
Onboard RADUIS server failing to add username with space, CLI accepts the username with
space.
23308
AP4021 sensor only sometimes fails to upgrade due to low memory.
23325
Broadcast packets filtered when radio is in promiscuous mode.
23373
No Radius Accounting stop received after switching from SSID Captive portal 1 to SSID captive
portal 2 and return.
23394
Smart RF minimum power value configured is lost on controller reboot.
23395
Multicast WLAN traffic converted to unicast via accelerated multicast feature bypasses the
WLAN outbound ACL.
23400
E-mail notification doesn't work when password encryption is configured.
23402
Remote debug at RF-domain level with a 100+ AP site does not terminate cleanly and CFGD
restart is required.
23404
Issue with time-stamp on "remote-debug livepktcap" when streaming it to a file.
31
Table 19: Issues Fixed in v5.4.2 (continued)

SPR/CQ ID
Description
23405
Packets are bridged incorrectly when CFGD is restarted and controller is configured to use port
channel.
23429
Management access with external radius not allowing SSH enable access and Telnet/Serial
access is denied for user with space.
23434
Moving devices under the Dashboard Network View results in error.
23445
Adding radius guest user has access duration and data limit path displaying; no value can be
set.
23460
SNMPv2 walk fails if SNMPv1 is disabled.
23509
L2TPv3 customized profile configuration on AP4532 v5.3.x becomes default after upgrade to
v5.4.x.
23512
NSM crash when copying tech support file when configuration has NTP config along with time
zone settings.
23570
Analytic service logs files are not rotated and leaving large number of log files under /var/log/
nuxi folder.
CQ 85336
Kernel Panic at boot when only 2 Sangoma cards are inserted.
CQ 91932
Controller CFGD process crashes due to failure decompress configuration packet from adopted
AP.
CQ 97640
Truncated CFGD crash files observed on AP4511/AP4521, no backtrace information for CFGD
exit.
CQ 92658
GUI: Allow configuring auto provisioning policy whereby only rf-domain or policy is enough to
create policy (not both).
CQ 92835
Smart-rf: SSM removes adds radios to smart-rf when a 5.2.12.x AP exists in the same rfdomain as 5.4.1.x APs
CQ 93828
Multiple panic dumps in radio scheduler (infinite loop) observed on v5.4.1.
CQ 92756
SSM: crash while running smart-rf proximity stats commands.
CQ 91764
L2TPv3: Stale entries with "idle" state is created on the concentrator.
CQ 94004
Getting INTERNAL_SOCKET_ERROR when L2TPv3 tunnel goes down and comes back up
after the wan backbone link failure.
CQ 92203
SNMP trap for L2TPv3 tunnel up / down event is not sent.
CQ 94126
L2TPv3 tunnel continuously alternates between primary and secondary peers.
CQ 91965
Not able to set the maximum allowed power for 2.4GHz radio on AP4522 with internal antenna
for country code 'hk'.
CQ 97626
ADSP receiving invalid stats from sensor.
CQ 90993
GUI: cluster-join fails to form a cluster when triggered join from GUI. CLI works.
CQ 90105
The choose column options on SMART RF Details page for the AP MAC address and
Attenuation do not match the column names on the page.
32
Known Issues
The following issues are known issues in software version v5.4.2.
Table 20: Known Issues in v5.4.2
Defect ID/SPR
Description
CQ 97410
If the ipsec-secure L2TPv3 tunnel is terminated on the vrrp address then the reply packet is
un-encrypted from the concentrator.
Workaround: configure the "local-ip-address" in the L2TPv3 concentrator.
CQ 97420
When using more than one role policy on low memory APs, the AP might crash due to low
memory. We recommend not using more than one role policy on low memory APs.
CQ 97473
Progress bar does not show load status when AP image file is loaded.
SPR 23358
IPsec tunnel is not automatically re-established after reboot when using 3G WWAN card.
SPR 23543
Add to device option in GUI does not work correctly.
SPR 23571
Analytic data lost on firmware upgrade if analytics database is not in sync between cluster
devices. Ensure that the port needed for Analytics is open in the firewall.
SPR 23627
Shared cluster licenses do not fail over if cluster name contains spaces.
SPR 23518
WM3400 with Advanced WIPS license supports only one dedicated sensor.
CQ 97548
Analytics: Client failed to learn the analytic server IP address and breaks communication
between the nodes.
CQ 98318
GUI: not able to tear down L2TPv3 tunnel. Use CLI as a workaround.
CQ 97481
Sometimes on startup check_critical core observed. This will not impact any operation and
will be resolved in the v5.5 release.
CQ 98423
Time based WLAN: fails for midnight check 23:59. Workaround: use 23:58 instead. This will
be fixed in next release.
CQ 97767
Sensor has issues detecting all Bluetooth devices.
The following issues remain from earlier releases:

Table 21: Issues Remaining from Earlier Releases
Defect ID
Description
83731
L2TPv3: "show L2TPv3 tunnel <tab>" CLI does not show configured tunnels. Workaround:
show L2TPv3 tunnel-summary.
84491
Anlaytics: KPI and Radio (Traffic) Screens are for demo purposes only in v5.4.
84947
Configuration Migration Utility: Does not correctly convert standard ACL rules. For example,
a v4.x ACL rule like "permit 10.10.10.0/23 rule-precedence 10" does not convert to "permit
ip host 10.10.10.0/23 any rule-precedence 10," but stays in its original form in the config.
This has to be manually converted. This will be addressed in a future release.
84949
Configuration Migration Utility: NAT Configuration present in v4.x configs will not be
correctly migrated over to v5.3.x NAT config. This part of the config needs to be manually
translated. This will be addressed in a future release.
85745
Smart-RF for MCX: WiFi Interference recovery does not work. Work around: Manually
trigger a scan on a root device as required.
86334
AP wizard does not auto launch in some cases. Workaround: Clear browser cookies.
86584
Radio share is not supported on domain manager AP.
33
Table 21: Issues Remaining from Earlier Releases (continued)

Defect ID
Description
86814
When using critical resource monitoring over a specific port, some devices will not respond
to the ARP requests with a 0.0.0.0 source address. In this case, 'service critical-resource
port-mode-source-ip' should be used. To prevent ARP cache poisoning, a different IP from
the device IP address must be used.
86933
There is a limit of one CRM policy for a mesh point.
87177
Shutdown on mesh point loss does not work for tunneled wlans when critical resource goes
down. Workaround is to "Shutdown on unadoption"
88049
Smart-RF for MCX: Interference recovery triggers when we configure mismatching channel
widths, Workaround: Channel width on non-roots should match with the root or should be
set to auto
88334
A mesh adopted AP with a WLAN using 'shutdown on-unadoption' mapped to the same
radio may get un-adopted. Controller timeouts on the AP should be increased to maintain
adoption. The following are recommended minimum values for an AP in this use-case:
'controller hello-interval 30' and 'controller adjacency-hold-time 40'.
88674
GUI throws warning saying switch will reload with factory defaults if we delete the copy of
running-config. Ignore the incorrect warning because a copy of the running config will not be
deleted.
89625
GUI: mesh visualization view goes outside the screen. Drag the image to see the complete
view.
90038
Heatmap issue with ap placement when zoom feature is used on floorplan before excuting
view heatmap. Workaround: Do not zoom in or out before any other operation on the
heatmap page.
90125
Cannot connect to AP4521/ AP4511 via MINT from the controller. Workaround: disable
telnet in the management policy.
90573
Cisco ISE: redirection will not work if endpoint uses proxy on port other than 80
90089
RADAR detected log is not generating if the AP reboots and comes back with smartchannel list and radar detected immediately.
91319
Spectralink: after enabling accelerated multicast, PTT doesn't go to all the handsets.
Therefore when using PTT - disable accelerated multicast.
34
Customer Support
NOTE
Services can be purchased from Extreme Networks or through one of its channel partners. If you are an
end-user who has purchased service through an Extreme Networks channel partner, contact your partner first for
support.
Extreme Networks Technical Assistance Centers (TAC) provide 24x7x365 worldwide coverage. These
centers are the focal point of contact for post-sales technical and network-related questions or issues.
TAC will create a Service Request (SR) number and manage all aspects of the SR until it is resolved. For
a complete guide to customer support, see the Technical Assistance Center User Guide at:
http://www.extremenetworks.com/go/TACUserGuide
The Extreme Networks eSupport website provides the latest information on Extreme Networks
products, including the latest Release Notes, troubleshooting, downloadable updates or patches as
appropriate, and other useful information and resources. Directions for contacting the Extreme
Networks Technical Assistance Centers are also available from the eSupport website at:
https://esupport.extremenetworks.com
Registration
If you have not already registered a product with Extreme Networks, you can register that product on
the Extreme Networks website at: http://www.extremenetworks.com/go/productregistration
Documentation
Check for the latest versions of documentation on the Extreme Networks documentation website at:
http://www.extremenetworks.com/go/documentation
Service Notifications
If you would like to receive proactive service notification pertaining to newly released software or
technical service communications (e.g., Field Notices), please register at the following website:
http://www.extremenetworks.com/services/service_notification_form.aspx
35
36

WM 5.4.2 Release Notes

Încărcat de

Informații document

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

WM 5.4.2 Release Notes

Încărcat de

Drepturi de autor:

Formate disponibile

Release Notes for Summit WM3000 Series WLAN Controllers and

AltitudeTM 4000 Series Access Points

Extreme Networks, Inc.

Published: April 2013

Release Notes for Summit WM3000

New Features in Version 5.4.2

802.11r support (fast BSS transition)

Several L2TPv3 enhancements

Support for LDAP attributes in role-based firewall

ETSI EN 301 893 v1.6.1 Compliance

If the ROW AP is in the original ROW mode, it shows:

If the ROW AP is converted to supporting EU regulatory domain only, it shows:

IEEE 802.11r-2008 or fast BSS transition (FT) is a standard to permit

Time Based WLANs

Locationing with Aeroscout

Locationing support has been introduced with Aeroscout systems.

LDAP Attributes in role matching

Users are granted access to the network based on active directory

Auto IPSec secure

Per VLAN firewall turn off

MeshConnex on Premium APs

MeshConnex Backhaul Detection

Guest Access Analytics

L2TPv3 Termination for Guest Access

Table 6: Wireless Feature Matrix (Controllers and Dependent APs)

Increased RF Domain Manager capacity to 64

GUI Config Import/ Export from local hard disk

WLAN Auto Shutdown

Mesh Connex on Premium APs

MeshConnex Backhaul Detection

Guest Access Analytics

Table 9: Security and Tunneling Feature Matrix (Independent APs)

L2TPv3 termination for guest access deployments

Table 10: Wireless Feature Matrix (Independent APs)

Increased RF Domain Manager capacity to 64

GUI config Import/Export from local hard disk

WLAN Auto Shutdown

Demo Features in v5.4

Time and Bandwidth Base

Locationing with Aeroscout and

Locationing support has been introduced with Aeroscout and Ekahau

LDAP Attributes in role matching

E-mail/SMS credentials for

802.1x Wired Port Authentication is provided for AP4511 and WM3400/

Table 13: Dependent AP Platform Firmware Images

Included in the controller image

Included in the controller image

Included in the controller image

Table 14: Independent/Adaptive AP Platform Firmware Images

AP4521-5.4.2.0-031R.img (included in controller image)

AP4522-5.4.2.0-031R.img (included in controller image)

AP4532-5.4.2.0-031R.img (included in controller image)

Supported Wireless WAN Cards

Option GT Ultra Express or

Tri-band HSDPA and quadband EDGE

Verizon Wireless V740 or V770

CDMA 1xEVDO (Rev.A/0),

Sprint Novatel Merlin C777

CDMA Rev A, and EV-DO

Novatel Merlin XU870

Tri-band HSDPA/UMTS and

Vodafone Option E3730 3G

Tri-band HSDPA/ HSUPA

Sierra Aircard 880E (or Telstra