release notes for mss version 9.6.3.2 (mr4)2013/12/24 · what is new in mss version 9.0.5.2 ce...

Copyright © 2016, Juniper Networks, Inc. 1

Release Notes for MSS Version 9.6.3.2 (MR4)

We recommend that you familiarize yourself with the Known Behaviors and Issues section of this release notes before installing Mobility System Software (MSS) Version 9.0. For additional product information, refer to the following documents:

Feedback and Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Web Authentication on WLC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2New and Enhanced Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Version Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Minimum MSS Requirements for Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Upgrading to MSS Version 9.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Upgrading an Individual WLC by Using the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Hitless Upgrade of Controllers in a Cluster Enabled Mobility Domain . . . . . . . . . . . . . . . . 8To Downgrade an MSS Version in a Cluster Enabled Mobility Domain . . . . . . . . . . . . . . . 9Installing Upgrade Activation Keys on a WLC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9System Parameter Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Known Behaviors and Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Issues Resolved in MSS 9.6.3.2 (9.6MR4) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Issues Resolved in MSS 9.6.2.2 (9.6MR3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Issues Resolved in MSS 9.6.1.3 (9.6MR2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Issues Resolved in MSS 9.6.0.2 (9.6MR1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Issues Resolved in MSS 9.0.9.2 (9.0MR8) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Issues Resolved in MSS 9.0.8.3 (9.0MR7) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Issues Resolved in MSS 9.0.7.2 (9.0MR6) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Issues Resolved in MSS 9.0.6.4 (9.0MR5) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Issues Resolved in MSS 9.0.5.2 (9.0MR4) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Issues Resolved in MSS 9.0.4.6 (9.0MR3) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21Issues Resolved in MSS 9.0.3.5 (9.0MR2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Issues Resolved Prior to MSS 9.0.2.5 (9.0MR1) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Known Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Changes to Default Behaviors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26Errata in Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28


2 Feedback and Support Copyright © 2016, Juniper Networks, Inc.

MSS Quick Start Guide Version 9.0

MSS Configuration Guide Version 9.0

MSS Command Reference Version 9.0

Product Name ChangesPlease note that the former Trapeze products now reflect the Juniper Networks product names.

Feedback and Support

We encourage you to provide feedback about your experiences installing and using the product to the Juniper Networks Customer Assistance Center (JTAC).

Web Authentication on WLC

When you set the following web portal modes, if the client requests any URL, the WLC presents its own certificate that was issued for the virtual interface IP address. This IP address will not match the URL/IP address that was requested by the client and the certificate will not be trusted unless the client forces an exception in the browser. A certificate warning is displayed.

WLC# set web-portal ssl-mode full

WLC# set web-portal ssl-mode partial

New and Enhanced Features

This section describes the new features and enhancements to existing features in the following MSS releases:

What’s New in MSS Version 9.0

What is New in MSS Version 9.0.5.2



What’s New in MSS Version 9.0The MSS Release 9.0 provides two versions—MSS Version 9.0.1.2 and MSS Version 9.0.1.3 and provides support for the following new features:

Informational Note:

Please note that the tracking numbers for issues open and resolved have changed to reflect the Juniper Networks Problem Report (PR) tracking system.

Former Trapeze Name Current Juniper Product Name

MXR-2 WLC2

MX-8 WLC8

MX-200 WLC880

MX-800 WLC800R

MX-2800 WLC2800

MP-522 WLA522

MP-632 WLA632


3 New and Enhanced Features Copyright © 2016, Juniper Networks, Inc.

.JunosV Wireless LAN Controller (JunosV WLC)—The next-generation wireless LAN controller is a virtual controller using a cloud-based architecture with physical access points. The current functionality of a physical controller is available on the virtual controller, and the virtual controller can support up to 256 access points. The virtual controller runs on a virtual machine (VM) environment that support operating systems and execute applications. For system, parameters, see Table 7.

Support for Wireless LAN Controller WLC100—The MSS Version 9.0.1.3 supports Juniper's next-generation WLAN controller, the WLC100, that cost-effectively enables WLAN services in small to medium-sized branches and schools, small offices, and retail stores. WLC100 will replace WLC2 and WLC8. Download MSS Version 9.0.1.3 (WLC Version 9.0 (FRS) for WLC100) from the Software Download page for the WLC100 platform. All other platforms support MSS Version 9.0.1.2.

Wi-Fi Alliance Hot Spot 2.0 Support—The Juniper wireless LAN (WLAN) solution supports Hot Spot requirements and can seamlessly onboard Wi-Fi client devices at Hot Spot deployments that enables both mobile operators and Multiple System Operators (MSOs) to offload mobile data traffic onto Wi-Fi Hot Spots. The access points— WLA321, WLA322, WLA522, WLA532, and WLA632 have passed the Hot Spot 2.0 certification.

Persistent Configuration for WLAs—Persistent configuration feature is an enhancement to the existing remote access point feature, which provides the ability to have the access points remember its configuration once it is configured on the controller. With this feature, the access point continues to work indefinitely without being connected to the controller. This feature is supported on WLA321, WLA322, WLA532, and WLA532E.

Extended Authorization Support for WLAs—To extend support for remote access points, the access points can now act as RADIUS authenticators for sessions managed by the access points and accept mac, dot1x pass-through, and last-resort connections during outage. In addition, extra functionality is added to improve the access point sessions, including time attributes and sharing access point managed client session information with controllers. The attributes that are not supported include: End Date, Start Date, and Time of Day.

Access Point Power Policy (Replaces Auto-tune Power)—This feature replaces the auto-tune power feature in earlier versions of MSS, and addresses customer issues with the previous implementation. A mechanism is required, particularly in dense deployments, for setting the transmit power levels of access point radios, to facilitate good roaming decisions by setting very similar power levels between WLAN radios.

Enhancements to VLAN Pooling—The primary goal of configuring VLAN pooling is to load balance sessions evenly across the VLANs in the pool. MSS 9.0 supports two options: MAC Address Hashing and Load-balancing. For both the options, a VLAN is selected only if it has not reached the configured cap of sessions per VLAN.


CE Compliance

Declaration of Conformity with Regard to the ETSI EN 300 328 v1.8.1 Standard

This declaration is valid only for configurations supported or provided by Juniper Networks Systems for use within the EU. All Juniper WLA532-WW, WLA532E-WW, and WLA322-WW equipment are now compliant with the ETSI EN 300 328 v1.8.1standard. The WLA devices are categorized as non-Frequency Hopping Spread Spectrum (FHSS) and Adaptive devices.

Specifically, this MSS release ensures that the WLAs are compliant with requirements such as Adaptivity and others detailed in Sections from 4.3.2.1 through 4.3.2.10 for non-FHSS devices in the mentioned ETSI EN 300 328 v1.8.1 standard.


4 New and Enhanced Features Copyright © 2016, Juniper Networks, Inc.


CE Compliance

Declaration of Conformity with Regard to the ETSI EN 300 328 v1.8.1 Standard

This declaration is valid only for configurations supported or provided by Juniper Networks Systems for use within the EU. All Juniper WLA321-WW equipment are now compliant with the ETSI EN 300 328 v1.8.1standard. The WLA devices are categorized as non-Frequency Hopping Spread Spectrum (FHSS) and Adaptive devices.

Specifically, this MSS release ensures that the WLAs are compliant with requirements such as Adaptivity and others detailed in Sections from 4.3.2.1 through 4.3.2.10 for non-FHSS devices in the mentioned ETSI EN 300 328 v1.8.1 standard.


WLA Radio Spectral Scan Mode

Spectral analysis starts with the RF detect function. The primary function of RF detect is to detect and classify 802.11 devices. However, for spectral analysis, that function is extended to recognize non-802.11 sources of interference.

WLAN radios continuously scan for potential clients. In addition to finding clients, these scans detect other electronic devices, such as other WLAs and various non-802.11 equipment.

After the scan is complete, a spectrogram report is generated as a graph. This graph can be viewed in RingMaster by selecting the WLA’s radio to scan in the Spectral mode. When a WLA’s radio is enabled for this spectral scan mode, there is a time lag of up to 5 seconds between voice and video, and at times, data packets are delayed during heavy data traffic because the radio holds back these packets for processing during those few seconds.

WLC100 Interoperability Issue with Other Vendor Switches

The interoperability issue can be classified as a limitation that occurs only when WLC100 controllers are used with third-party switches. We recommend that you use WLC100 with the Juniper Networks switches.

CLI Commands Introduced from This MSS Release

In this MSS release, a new CLI command has been introduced, using which you can enable or disable the country IE mode.

To enable or disable the country IE mode in WLCs, use the following command:

WLC# set country-ie mode disable

success: change accepted

Also, this command can be used to enable or disable the country IE mode in WLAs. When country IE mode is enabled, country IE and power constraint IE parameters can be configured in WLA radio beacons and probe responses.

When a WLC is configured as part of a cluster, the command can be issued only in the current active seed, and it is synchronized across cluster members including the secondary seed.

This command is executed on the secondary seed when the connection to the primary seed is lost and the secondary seed becomes the active seed.

Note that this command is not radio-specific and is, therefore, applied to all the radios in all the WLAs under a controller. By default, country IE mode is enabled.

To display the configured country IE mode, use the following command:

WLC# show country-ie mode

Beacon IE mode: disable


5 Version Compatibility Copyright © 2016, Juniper Networks, Inc.

Version Compatibility

RingMasterThis version of Mobility System Software (MSS) is intended for use with RingMaster Version 9.0 or higher only.

Minimum MSS Requirements for UpgradeYou cannot upgrade MSS versions 9.1.x to MSS versions 9.6.x. If you attempt these upgrades, the controller booting the upgraded MSS (versions 9.6.x) reboots from the previous partition that holds the previous MSS version (versions 9.1.x).

However, you can upgrade from MSS versions 9.6.x to MSS versions 9.1.x.

Table 1 lists the minimum MSS version an WLC must be running when you upgrade to MSS Version 9.0. If your WLC is running an older MSS version, you can use the upgrade path to upgrade the WLC to 9.0.

Upgrading to MSS Version 9.0

Before you upgrade, see “Version Compatibility” on page 5. After you verify that the WLC is running the minimum MSS version required to upgrade to MSS Version 9.0, return to this section.

Table 1: Software Requirements for Upgrade to MSS Version 9.0 or MSS Version 9.6

ProductMinimum MSS Version Required Upgrade Path

WLC880 7.x 7.0.x.x->7.1.x.x -> 7.3.x.x > 7.5.x.x > 7.6.x.x>7.7.x>8.0.x>9.0.x> 9.6.x



WLC800R 7.3.x 7.3.xx> 7.5.xx>7.6.xx>7.7.x>8.0.x>9.0.x> 9.6.x

WLC880R 7.5.xx 7.5.xx>7.6.xx>7.7.x>8.0.x>9.0.x> 9.6.x

WLC2800R 7.0.3.6 7.0.x.x->7.1.x.x -> 7.3.x.x > 7.5.x.x > 7.6.x.x>7.7.x >8.0.x>9.0.x> 9.6.x

WLC100 9.0 9.0.x> 9.6.x

JunosV WLC 9.0 9.0.x> 9.6.x

Informational Note: If you have MSS Version 7.7.4.4 or later versions installed on your system, you can upgrade your system directly to MSS Version 9.6.x. However, if you have a version earlier than MSS Version 7.7.4.4, then you must first upgrade to MSS Version 7.7.4.4 before upgrading to any later versions of MSS.

Informational Note: Software Versions on the Juniper Support Site When you go to the Software downloads page at http://www.juniper.net/support/products/mss/#sw to download new software versions, you should note that there are two different files for each WLC/MX platform. The software files labeled with the MX0XXXX.platform.zip are intended for the legacy platforms sold by Trapeze Networks. These controllers have the Trapeze logo and platform name on the front side of the controller. The WC0XXXXX.platform.zip software files are intended for the Juniper-branded platforms. These controllers display the Juniper logo and platform name on the front side of the controller. WARNING! The two file types are not interchangeable between Trapeze-branded and Juniper-branded platforms. You must install the MX file version on Trapeze products, and the WLC file version on Juniper products.


6 Upgrading to MSS Version 9.0 Copyright © 2016, Juniper Networks, Inc.

Preparing MX for the Upgrade

You can use the following command to back up the configuration files:

Informational Note: This release of MSS software no longer supports older MXR-2, MX-8, and MX-8R WLAN controller platforms that were initially built with 32MB of flash. Newer models support 128MB or 256MB. The best method for determining if your controller can support MSS 9.0 is by checking the revision label on the unit:

Models MX-8 and MX-8R controller - Revision "P" and above.

Model MXR-2 controller - Revision "N" and above.

All Juniper-branded equivalents will support MSS 9.0.

The following MPs are no longer supported in this version of MSS:

MP-71MP-371 (all related models)MP-372 (all related models)

Informational Note: VLAN IDs higher than 3520

To avoid conflicts with the Juniper internal VLAN numbering scheme, it is strongly advised to use VLAN IDs less then 3520 on WLCs that are upgrading to MSS Version 9.0. Failure to do so may result in lost configuration data

Informational Note: MSS 9.0 includes changes to the storage location of system debug files. Debug information is now stored in persistent user-accessible storage for retrieval after a system restart.

Informational Note: Mobility Domains and Mixed Versions of MSSWhen deploying a mixed version Mobility Domain, VLAN tunnels between WLCs with MSS 7.1 and WLC800/WLC880s with MSS 9.0 are not supported.

Informational Note: Create a backup of your WLC files before you upgrade the WLC.We recommend that you save a backup configuration of the WLC, before you install the upgrade. If an error occurs during the upgrade, you can restore your WLC to a previous configuration.

Informational Note: When saving the backup file, MSS copies the file to a temporary location to compare it against an existing file for any errors that may have been introduced during the copying process. After verifying that the file is error-free, MSS deletes the file from the temporary location.

Informational Note: Virtual Controller Cluster Configuration Recommendation We recommend that you install the same version of MSS on all cluster members to have feature parity between the seeds and members. Additionally, use the same WLC models in a cluster configuration.



backup system [tftp:/ip-addr/]filename [all | critical]To restore a WLC that is backed up, use the following command:

restore system [tftp:/ip-addr/]filename [all | critical]

“Upgrade Scenario” on page 8 shows an example of the backup command. For more information about these commands, see the “Backing Up and Restoring the System” section in the “Managing System Files” chapter of the Juniper Networks Mobility System Software Configuration Guide.

Upgrading an Individual WLC by Using the CLI

1. Back up the WLC, using the backup system command.

2. Copy the new system image onto a TFTP server.

For example, log into http://www.juniper.net/support/downloads/ using a Web browser on your TFTP server and download the image onto the server.

3. Copy the new system image file from the TFTP server onto an inactive boot partition in the nonvolatile storage of the WLC. For example,

WLC800# copy tftp://10.1.1.107/WC090205.800 boot1:WC090205.800To get the list of images for the WLCs, go to the Software Downloads page on http://www.juniper.net/

4. Set the partition to the boot to which the new system image is copied using the command

set boot partition boot1

5. To verify that the new image file is installed, type show boot.

6. Reboot the software.

To restart a WLC and reboot the software, type the following command:

reset system

When you restart the WLC, the WLC boots using the new MSS image. The WLC also sends the WLA version of the new boot image to WLAs and restarts the WLAs. After a WLA restarts, the version of the new WLA boot image is checked to make sure the version is newer than the version currently installed on the WLA. If the version is newer, the WLA completes installation of the new boot image by copying the boot image into the WLA flash memory, which takes about 30 seconds, then restarts again. The upgrade of the WLA is complete after the second restart.

Informational Note: If you have made configuration changes but have not saved the changes, use the save config command to save the changes, before you backup the WLC.

Informational Note: If boot1 is the active boot partition, an error is displayed. You must copy the new image to the other boot, which is boot0.If boot1 is the configured boot partition and not the active boot, an error is displayed. Change boot0 to the configured boot using the command set boot partition boot0 and then copy the image to boot1.

https://www.juniper.net/lcrs/license.do

http://www.juniper.net/



Upgrade Scenario

To upgrade a WLC2800, use the following upgrade example.

WLC2800# save configsuccess: configuration saved.WLC2800# backup system tftp:/10.1.1.107/sysa_baksuccess: sent 28263 bytes in 0.324 seconds [ 87231 bytes/sec]WLC2800# copy tftp://10.10.0.11/images/9.0.2.5/WC090202.280 boot1:WC090202.280 ........................................................................................................................................................................................................success: received 28360516 bytes in 52.428

seconds [ 540942 bytes/sec]success: copy complete. WLC2800# set boot partition boot1 success: Boot partition set to boot1:WC090202.280 (9.0.2.5.0).WLC2800# show bootConfigured boot version: 9.0.2.5.0Configured boot image: boot1:WC090202.280Configured boot configuration: file:configurationBackup boot configuration: file:RMbackupBooted version: 9.0.0.0.092Booted image: boot0:WC090202.280Booted configuration: file:configurationProduct model: WLC2800WLC2800# reset system This will reset the entire system. Are you sure (y/n)yClosing network connections...Preserving command audit logs.Size of preserved command audit log is now 7394 blocksShutting down daemons...Shutting down filesystems............System will reboot......

When saving the backup file, MSS copies the file to a temporary location to compare it against an existing file for any errors that may have been introduced during the copying process. After verifying that the file is error-free, MSS deletes the file from the temporary location.

Hitless Upgrade of Controllers in a Cluster Enabled Mobility DomainTo upgrade all the controllers in a cluster enabled mobility domain:

1. Back up the WLC, using the backup system command.

2. Copy the new system image from a TFTP server onto the inactive boot partitions of all the controllers in a mobility domain. The boot partition should not be the configured partition or the active boot partition.

For example, to copy the new system image from a TFTP server to the inactive boot partition, type the following command:

copy tftp://<tftp-server-IP-address>/<image-name>/ boot1:<image-name>

To get the list of images for the WLCs, go to the Software Downloads page on http://www.juniper.net/

Informational Note: This example copies the image file into boot partition 1. On your WLC, copy the image file into the boot partition that was not used the last time the WLC was restarted. For example, if the WLC booted from boot partition 1, copy the new image into boot partition 0. To see boot partition information, type the show boot command.




3. Set the partition to the boot to which the new system image is copied in every controller using the command


4. Save the configuration in every controller. Enter the following command in the primary seed, secondary seed, and all member controllers:

save configuration (primary and secondary seeds) and save configuration local for all member controllers

5. Enter the following command in the primary seed of the mobility domain.

upgrade cluster

To Downgrade an MSS Version in a Cluster Enabled Mobility Domain1. Copy the image from a TFTP server onto the inactive boot partitions of all the controllers in a mobility domain. The boot

partition should not be the configured partition or the active boot partition.

For example, to copy the new system image from a TFTP server to the inactive boot partition, type the following command:

copy tftp://<tftp-server-IP-address>/<image-name>/ boot1:<image-name>

To get the list of images for the WLCs, go to the Software Downloads page on http://www.juniper.net/

2. Set the partition to the boot to which the new system image is copied in every controller using the command


3. Save the configuration in every controller. Enter the following command in the primary seed, secondary seed, and all member controllers,

save configuration (primary and secondary seeds) and save configuration local for all member controllers

4. Enter the following command in every controller in the mobility domain:

reset system

Installing Upgrade Activation Keys on a WLCWLA licensing is supported on WLC platforms as shown in the following Table :

Informational Note: If boot1 is the active boot partition, an error is displayed. You must copy the new image to the other boot, which is boot0.If boot1 is the configured boot partition and not the active boot, an error is displayed. Change boot0 to the configured boot using the command set boot partition boot0 and then copy the image to boot1.

Licensing and Upgrade Increments for the WLC Models

WLC Model Base WLA Support Maximum WLA Support Upgrade Increment

WLC800R/880R 16 128/256 16 or 32

WLC880 32 192 32

WLC2800 64 512 64 or 128

WLC100 4 32 4

JunosV WLC 4 256 1, 8, or 32




Feature licensing is supported on WLC platforms as show in Table 2.

To upgrade a WLC license:

1. Obtain a license coupon for the upgrade from Juniper Networks or your reseller.

2. Establish a management session with the WLC to display the serial number. To display the serial number, type the following command:

show versionIn the following example, the WLC serial number is JJ0211401157:

If you downgrade to a previous version of MSS that does not support the higher capacity licenses, the number of allowed WLAs is reduced to comply with the older software limitations.

Table 2: WLC Feature Licensing Matrix

WLC Model Advance Voice ModuleHigh Availability Module Mesh/Bridging Module

Spectrum Analysis

(WLA522, WLA532, WLA321, and WLA322)

WLC2 Supported Supported Up to 4 WLAs (16 WLAs in Cluster mode)

Supported

WLC8 Supported Supported Up to 12 WLAs (48 in Cluster mode)

Supported

WLC100 Supported Supported Up to 32 WLAs (128 in Cluster mode)

Supported

WLC880 Supported Supported Up to 192WLAs (768 in Cluster mode)

Supported

WLC800R Supported Supported Up to 128 WLAs (512 WLAs in Cluster mode)

Supported

WLC880R Supported Supported Up to 256 WLAs(2048 in Cluster Mode)

Supported

WLC2800 Supported Supported Up to 512 WLAs(2048 in Cluster mode)

Supported

JunosV WLC Supported Supported Up to 256 WLAs (2048 in Cluster mode)

Supported

Informational Note: Spectrum analysis is supported on WLCs as follows: WLC2 and WLC8 - support one radio on simultaneous WLAs in spectral graphing mode.WLC880 - supports four radios on simultaneous WLAs in spectral graphing mode.WLC800R, WLC880R, and WLC2800 - support six radios on simultaneous WLAs in spectral graphing mode.WLC100 - support one radio on simultaneous WLAs in spectral graphing mode.JunosV WLC - support six radios on simultaneous WLAs in spectral graphing mode.

Informational Note:

Spectrum Analysis licensing for cluster configuration is applied to the Primary Seed and propagated to the Secondary Seed. However in a Mobility Domain without a cluster configuration, Spectrum Analysis licensing is applied to any WLC with a WLA capable of running Spectrum Analysis.

Copyright © 2016, Juniper Networks, Inc. System Parameter Support 11


WLC880-M20# show version

Mobility System Software, Version: 9.0.2.5 REL Copyright (c) 2002 - 2013 Juniper Networks, Inc. All rights reserved. Build Information: (build#0) REL_9_0_2_branch 2013-12-24 05:37:00Model: WLC880RHardware Mainboard: version 20 ; revision A00 ; FPGA version 10Serial number JJ0211414068Flash: 1.0.0 - 0Kernel: 6.4.1BootLoader: 7.8 / 7.0.35

3. Use a Web browser to access the Juniper Networks license server at the following URL:

https://www.juniper.net/lcrs/license.do

or

https://www.juniper.net/lcrs/wlcGenLicense.do

4. On the WLC, use the following command at the enable (configuration) level of the CLI to install the activation key:

set license activation-keyIn the following example, an activation key for an additional 96 WLAs is installed on an WLC800:

WLC800# set license 3B02-D821-6C19-CE8B-F20Esuccess: license accepted

5. Verify installation of the new license by typing the following command:

WLC800# show licensesFeature : 96 additional MPsSupport for the additional WLAs begins immediately. You do not need to restart the WLC to place the upgrade into effect.

System Parameter Support

Table 3, Table 4, and Table 5 list the recommended or maximum supported values for major system parameters.

Table 3: Mobility System Parameters

Parameter Supported Value

WLC switches in a single Network Domain 500

WLC switches in a single Mobility Domain 64

Roaming VLANs per WLC WLC2800: 256 total (256 configured)

WLC800R/WLC880R: 256 total (128 configured)

WLC880: 256 total (128 configured)



WLC100: 128

JunosV WLC: 256

VLANs per Mobility Domain 2048

http://www.trapezenetworks.com/support/generate_MX_license_key/

https://www.juniper.net/lcrs/wlcGenLicense.do


12 System Parameter Support Copyright © 2016, Juniper Networks, Inc.

WLAs per WLC WLC2800: 4096 configured, 512 active

WLC880R: 2048 configured, 256 activeWLC800R: 512 configured, 128 activeWLC880: 768 configured, 192 active

WLC8: 48 configured, 12 active



Includes directly attached WLAs and Distributed WLAs. Inactive configurations are backups.

JunosV WLC: 256 active, 2048 configured in cluster

Minimum link speed between WLCs in a Mobility Domain

128 Kbps

Minimum link speed between an WLC and WLA in a Mobility Domain

128 Kbps and 95ms round trip latency - this value is different if the WLAs are configured as remote WLAs.

Number of Service Profiles per WLC WLC2: 32

WLC8: 32

WLC100: 64

WLC880: 192

WLC800: 128

WLC2800: 512

JunosV WLC: 256

Number of Radio Profiles per WLC WLC2: 4

WLC8: 12

WLC100: 32

WLC880: 192

WLC800R/WLC880R: 128

WLC2800: 512

JunosV WLC: 256

Table 3: Mobility System Parameters (continued)




Table 4: Network Parameters


Forwarding database entries (maximum supported) WLC2800: 32768

WLC800R/WLC880R: 32768

WLC880: 8192

WLC100: 8192

WLC8: 8192

WLC2: 8192

JunosV WLC: 32768

Statically configured VLANs WLC2800: 512 configured

WLC800R/WLC880R: 256 configured

WLC880: 128 configured




JunosV WLC: 256 configured

Tunneled or Dynamic VLANs per controller WLC2800: 510


WLC8: 128

WLC2: 128

WLC100: 128

JunosV WLC: 256

Spanning trees (STP/PVST+ instances) 64

ACLs ACLs per WLC

170

ACEs per ACL:

WLC2800: 256


WLC880: 256

WLC8: 25

WLC2: 25

WLC100: 50

JunosV WLC: 256

Location Policies Location Policies per WLC:

All models: 1

The Location Policy can have up to 150 rules.

IGMP streams 500

Note: Replication of a stream on multiple VLANs counts as a separate stream on each VLAN.

Mesh Services and Bridging Mesh Depth — 3 Mesh Links (Portal<->Mesh WLA<->Mesh WLA)

Mesh Fan Out— 6 WLAs

Maximum Supported Mesh Nodes per Mesh Portal — 6

Bridge Links — 1:1:1


14 System Parameter Support Copyright © 2016, Juniper Networks, Inc.

Table 5: Management Parameters


Maximum instances of RingMaster simultaneously managing a network

32

Telnet management sessions WLC2800: 8

WLC800R/WLC880R: 8

WLC880: 8

WLC8: 4

WLC2: 4

WLC100: 4

JunosV WLC: 4

The maximum combined number of management sessions for Telnet and SSH together is 8 for the WLC880, or 4 for the WLC8 and WLC2, in any combination.

SSHv2 management sessions WLC2800: 8

WLC800R/WLC880R: 8

WLC880: 8

WLC8: 4

WLC2: 4

WLC100: 4

JunosV WLC: 4

Telnet client sessions (client for remote login) WLC2800: 8

WLC800R/WLC880R: 8

WLC880R: 8

WLC8: 4

WLC2: 4

WLC100: 4

JunosV WLC: 4

NTP servers 3

SNMP trap receivers 8

Syslog servers 4

RADIUS and LDAP servers 40 configured on the WLC

100 RADIUS groups per WLC

4 server groups in a AAA rule

A maximum of 40 servers in any combination of RADIUS and LDAP - for example, 30 RADIUS servers and 10 LDAP servers.

Table 6: Client and Session Parameters


Maximum number of authenticated and associated clients per access point

500

Active clients per radio Total number of active clients simultaneously sending or receiving data. This is a subjective number based on the performance requirement.



Active AAA sessions (or clients trying to establish active connections) per WLC

WLC2800: 12800

WLC800R: 3200

WLC880R: 6400

WLC8: 300

WLC2: 100

WLC100: 800

JunosV WLC: 6400

AAA users configured in local database WLC2800: 1000

WLC800R/WLC880R: 1000

WLC8: 250

WLC2: 250

WLC100: 1000

JunosV WLC: 999

Maximum instantaneous web authentication connections

WLC2800: 192

WLC800R: 96

WLC880: 96

WLC100: 32

JunosV WLC: 256

This is the maximum instantaneous Web authentication connection requests that each controller can handle at a time. When the number of requests exceeds this limit, Web authentication connection fails and the controller displays the message: Not enough resources for client.

Table 7: JunosV Wireless LAN Controller Parameters

Parameter Description or Supported Value

Form factor Virtual Machine Software

Deployment modes

Local switching mode Yes

Overlay mode Yes

Mesh Yes

Scale

Minimum access points 4

Maximum access points 256 Active

Maximum client support 6400

Maximum number of remote WLA groups 256 Active, 2048 in cluster

Maximum access points per remote WLA group

100

Maximum SSIDs 128

Maximum VLANs 256

Minimum Hardware Specification

Interfaces or network I/O 1 GE

CPU 2 GHz

Memory 2 GB recommended

Disk Space 16 GB

Table 6: Client and Session Parameters (continued)



16 Known Behaviors and Issues Copyright © 2016, Juniper Networks, Inc.

Known Behaviors and Issues

The following are the known behavior and issues in this version of Mobility System Software.

MAC ACLs that use a redirect port are sent to cluster members on which that port does not exist. [PR 899443]

Description—A MAC permit ACL that uses a redirect port configured on primary seed is sent to all cluster members even if the port configured in the ACL does not exist on one or some of the cluster members. Because of this, the traffic matched by the ACL might not be redirected as the physical port is missing.

Workaround—No known workaround.

Enabling multicast key rotation disconnect clients then reconnects after about 30 minutes. [PR 1018569]

Description—After you connect 802.1X clients to a wireless network, if you enable multicast key rotation and set the rotation time to a valid interval, until about 30 mins, clients do not receive EAPoL messages from the WLC. Because of this delay clients might disconnect and then reconnect to the network.


If you enable a radio profile for a WLA, the explicitly disabled radios of that WLA are also enabled. [PR 1028835]

Description—Assign a radio profile to a few WLAs and then disable the radios on some of the WLAs. If you now disable and then enable the radio profile, all the explicitly disabled radios are also enabled. The explicitly disabled radios should remain disabled even if you disable and then enable the radio profile assigned to the WLAs.


Clients might face connectivity issues when they roam between network domains. [PR 1030032]

Description—After you configure a network domain by using RingMaster and push the configuration to a WLC, the VLAN tunnel between the WLC and the remote WLC is not created. Hence, the roaming clients are unable to establish a successful network connection.


In MSS 9.0.2.9 and MSS 9.0.4.0, WLA632 boots up with ? when no channels are available for it in the current regulatory domain. [PR 1045956]

Description—When you add a WLA632 to a WLC with country code US and then change the country code to Germany (DE), the following behavior is observed in MSS 9.0.2.9 and MSS 9.0.4.0 respectively:

The country code is not accepted as no channels are available for it to be allocated. Therefore, you need to first delete the existing WLA country code settings and then add the WLA to the WLC. The WLA boots up with ? in channel.

The WLA boots with ? in channel if you change the country code or if you delete the existing WLA country code settings.

Features Supported

Auto-tune Yes

Bandwidth Control (Identity based) Yes

Admission Control (CAC)/Wi-Fi Multimedia (WMM)

Yes

Guest services (wireless) Yes

Wired Authentication Yes

Access Control Lists (ACLs) Yes

JunosV WLC High Availability WLC Controller Clustering

Table 7: JunosV Wireless LAN Controller Parameters

Parameter Description or Supported Value

Copyright © 2016, Juniper Networks, Inc. Known Behaviors and Issues 17



A VLAN name that has a numeral is accepted. [PR 1052311]

Description—When you execute the set service-profile sms attr vlan-name ? command, you must specify the VLAN name. The VLAN name must not start with a numeral. However, if you specify a numeral as the first character of the VLAN name, no error message is shown.


The show remote-site command shows incorrect output. [PR 1053362]

Description—After you configure the WAN-outage mode with local switching enabled, the information is not updated in the show remote-site command.


When WLANs are in outage mode, the last packet rate is not shown. [PR 1053368]

Description—The output of the show session command shows <unknown> Mbps as the value for the parameter Last packet rate. This issue is observed only when the WLAs are in outage mode.


Wireless networks does not identify devices when authenticating the devices by using DHCP authentication.[PR 1054502]

Description—If you create device fingerprint rules to identify devices based on the MAC address and host name of the client devices and combine these rules by using the AND operation, the devices are not identified in the wireless networks. However, if you use only one of the rules, that is, combine the rules by using the OR operation, the devices are detected.


The output of the show session network command shows incorrect client count. [PR 1055691]

Description—If you change the VLAN pool selection method to load-balancing from client mac hash or the reverse, the client count changes. This change is not shown in the output of the show session network command.


The output of the show vlan-pool command shows more number of clients than its configured capacity for some of the VLANs. [PR 1056478]

Description—If you configure a certain number of clients for some of the VLANs and issue show vlan-pool, the number of clients is more than the configured value.


Repetitive field and description table headers are is seen in the output of the show ap counter <ap num> wfq command. [PR 1056484]

Description—The output of the show ap counter <ap num> wfq command output shows two field and descriptions table headers in between the output, which are not necessary.


Reverse display of clients IP address in show sessions network command. [PR 1056489]

Description—Reverse octets for the IP addresses are displayed in the output of the show session network. For example the client IP address 97.21.16.172 is displayed as 172.16.21.97.


If an ACL is applied on a WLA, after connecting the clients, the ACL does not work for 15 through 20 or until the clients are disconnected and reconnected. [PR 1057956]


18 Issues Resolved in MSS 9.6.3.2 (9.6MR4) Copyright © 2016, Juniper Networks, Inc.

Description—If you connect two wireless clients to an SSID, the clients gets connected. Even after configuring the ACL for the ICMP traffic, the ICMP traffic is still transits from one client to another.


Incorrect filtering of MCS index occurs. [PR 1059482]

Description—MCS index list present in the service profile and show ap counters are different.


The output of the show ap counters (ap_num) qos command displays increments in the voice counters when no client is connected. [PR 1059519]

Description—If you enable WLAs for both the radios and issue the show ap counter (ap_num) qos command, but do not connect any clients, the voice counter is incremented on the BestEffort counter. Workaround—No known workaround

Issues Resolved in MSS 9.6.3.2 (9.6MR4)

Vulnerability issues is observed in WLC. [PR 1206179: This issue has been resolved.]

WLC2800, running MSS 9.1.4.2, crashes and displays two httpd core files. [PR 1221672: This issue has been resolved.]

WLA reboots multiple times and crashes resulting in exception code 4. [PR 1214990: This issue has been resolved.]

Client IP address is displayed in reverse order through vWLC. [PR 1217868: This issue has been resolved.]

WLA crashes while downloading software image. [PR 1221255: This issue has been resolved.]

CLI to disable pam conn-timeout. [PR 1221257: This issue has been resolved.]


On a WLC2800 running MSS 9.0.9.2, the netsys core file crashes. [PR 1160404: This issue has been resolved.]

Cluster instability issues might be observed in MSS 9.6.0.3. [PR 1197401: This issue has been resolved.]

Clients are unable to access the Web portal page when the CPU has been utilized completely for HTTP thread on a WLC. [PR 1184952: This issue has been resolved.]

On a WLC800R running MSS 9.1.5.3, snmpwalk traps are not generated for trpzApStatRadioStatusTable. [PR 1191384: This issue has been resolved.]

The output of the show process command displays negative values. [PR 1188292: This issue has been resolved.]

Clients are unable to connect until WLAs reboot. [PR1199171: This issue has been resolved.]

The pam conn-timeout command sets the maximum time that a WLA can take to establish primary access manager (PAM) and be operational on the WLA. [PR 1203360: This issue has been resolved.]

The following OpenSSL vulnerabilities are addressed: [PR 1182203: This issue has been resolved.]

− ASN1_Type_cmp (CVE-2015-0286)

− ASN.1 reuse (CVE-2015-0287)

− PKCS7 NULL pointer (CVE-2015-0289)

− Base64 decode (CVE-2015-0292)


− Assert DoS in SSLv2 (CVE-2015-0293)

− d2i_ECPrivatekey (CVE-2015-0209)

Copyright © 2016, Juniper Networks, Inc. Issues Resolved in MSS 9.6.1.3 (9.6MR2) 19


X509_to_X509_REQ (CVE-2015-0288)


WLA532 does not support the country code for Ukraine. [PR 1166329: This issue has been resolved.]

WLAs reboot and crash after an upgrade to MSS 9.6.0.2. [PR 1174439: This issue has been resolved.]

WLAs generate core files after an upgrade to MSS 9.6.0.2. [PR 1178042: This issue has been resolved.]

WLC880Rs crash, reboot, and generate core files. [PR 1176316: This issue has been resolved.]

SNMP data cannot be accessed in WLC880R. [PR 1155279: This issue has been resolved.]

WLAs do not accept requests for new sessions. [PR 1162635: This issue has been resolved.]


− Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)

− Divide-and-conquer session key recovery in SSLv2 (CVE-2016-0703)

− Bleichenbacher version of Oracle in SSLv2 (CVE-2016-0703)


In RingMaster 9.1, when you select a WLA522-WW running on a WLC800R, the RF spectrogram is not displayed. [PR 1124096: This issue has been resolved.]

On a WLC2800 running MSS 8.0.9.3, WLAs crash on receiving packets with aggregate packet sizes greater than the aggregate size limit. [PR 1139529: This issue has been resolved.]

On a WLC2800 running MSS 8.0.9.3, WLAs crash on receiving aggregate packets with sizes greater than the buffer size. [PR 1142972: This issue has been resolved.]

WLA322-WW Radio 2 (5 GHz) does not work after you upgrade the controllers to MSS 9.0.9.2. [PR 1153391: This issue has been resolved.]

SNMPD crashes on WLC002. [PR 1161743: This issue has been resolved.]

WLC MX2800 crashes and generates a netsys core file. [PR 1122721: This issue has been resolved.]

On a WLC2800, when you upgrade from MSS 8.0.4.3 to MSS 9.0.4.6, the WLA and the netsys core file crashes. [PR 1141578: This issue has been resolved.]

When WLAs reboot, they are stuck in the zombie state. [PR 1141238: This issue has been resolved.]

WLA321 is not able to broadcast SSIDs (PR1148536). To resolve this, two new CLI commands set country-ie mode <enable/disable> and show country-ie mode are introduced. [PR 1158003: This issue has been resolved.]

When you configure the WLC800, a netsys core file is generated. [PR 1159169: This issue has been resolved.]

Upgrading a cluster from MSS 9.1.x.x to 9.6.x.x is not supported. [PR 1167672: This issue has been resolved.]


Juniper WLCs do not send RADIUS server’s interim-update date to the firewall filters until 3 minutes after the network comes up. [PR 1118480: This issue has been resolved.]

RingMaster displays FakeBSSID alarms on all channels. [PR 1093502: This issue has been resolved.]

There is incompatibility between Juniper WLAN devices and Ekahau WLC devices. [PR 1115199: This issue has been resolved.]



SNMP traps are not generated for AutoTuneRadioPowerChange and AutoTuneRadioChannelChange traps. [PR 1088763: This issue has been resolved.]

WLA322-WW Radio 2 (5 GHz) does not work after you upgrade the controllers from MSS 8.0.4.3 to MSS 9.1.1.11. [PR 1138364: This issue has been resolved.]


In a cluster comprising WLCs in a virtual machine networking configuration, there is loss of connectivity between the cluster members if a port on one of the cluster members is disabled. [PR 1059918: This issue has been resolved.]

WLA532-US crashes intermittently with signal 6 (SIGABRT) error on a WLC2800 running MSS 9.0.5.2. [PR 1080910: This issue has been resolved.]

Netsys core files are generated on a WLC2800 running MSS 9.0.2. [PR 1093960: This issue has been resolved.]

Configuration core files crash when the command show_session_x_x is issued. [PR 1101483: This issue has been resolved.]

When Backup system command is issued, MSS 9.1.1.11 gives an error message Failed to create VIF TOC. [PR 1112588: This issue has been resolved.]

Netsys core files are generated on a WLC2800 running MSS 9.1.1.11. [PR 1113703: This issue has been resolved.]

SmartPass is unable to disconnect sessions with 1-hour duration on MSS 9.1.0.6. [PR 1120720: This issue has been resolved.]

WLCs on WLA532 running MSS 9.0.4.6 crash, displaying the error message Process 185 crashed - signal 6 (SIGABRT)! [PR 1075496: This issue has been resolved.]

The system uptime value retrieved using the XML interface are negative values. [PR 1100622: This issue has been resolved.]

After you upgrade WLA322-WW and WLA532-WW console to MSS 9.0.8.2 version, the error message atheros_transmit_complete: Returning as TX Descriptor status is 15 is displayed. [PR 1123680: This issue has been resolved.]


After an upgrade to MSS 8.0.5.5 version, new clients are unable to associate with the WLAs until the WLAs are rebooted. This issue does not occur with already existing clients. [PR 1078937: This issue has been resolved.]

Some of the WLAs reboot and do not enter outage mode even though they are configured to enter outage mode. [PR 1049915: This issue has been resolved.]

WLA 522 reboots because of a corrupted entry in the station database. [PR 1058826: This issue has been resolved.]

WLC800R controllers running MSS 8.0.4.3 version do not prioritize QoS traffic for voice over the video. [PR 1064528: This issue has been resolved.]

WLAs crash when changes are made to the Radio Profile. [PR 1077301: This issue has been resolved.]

WLC2800 crashes unexpectedly generating a core file. [PR 1079684: This issue has been resolved.]

Clients are unable to switch from clear SSIDs to encrypted SSIDs even on entering the correct password. [PR 1092817: This issue has been resolved.]

Clients are not redirected to the web-portal authentication page. [PR 1051558: This issue has been resolved.]

A Radio profile name becomes case-sensitive only when you clear the service profile from the Radio profile. [PR1068360: This issue has been resolved.]



The homologation table for the WLA321-WW series WLAs does not show the values as per the new EU regulation for EU countries. [PR 1096872: This issue has been resolved.]


After upgrading to MSS version 8.0.3.17, the HTTPD process in the controller fails. [PR 960940]

WLCs are vulnerable to the POODLE exploit (CVE-2014-3566) for SSL version 1.0, 2.0, or 3.0. [PR 1069900]

Clients are unable to connect to WLA432 after upgrade to MSS version 8.0.5 and 8.0.6. The SSID also disappears periodically. The issue was observed when the beacons are not sent regularly. There is a delay in the beacon interval even though the beacon interval is not changed. Apart from this, the LED blinks amber and green continuously even though no clients are connected. [PR 1088239]

After upgrading to MSS version 9.0.4.6, WLA532 crashes, generating the message Process 185 crashed - signal 6 (SIGABRT)!. [PR1064874]


The number of L2 MAC, or forwarding database (FDB) entries on the WLC2800 exceed the maximum limit of 32,000 entries because of delayed aging of the L2 MAC table. [PR 984122]

Non-bonded clients are unable to connect to the SSIDs with bonded authentication. [PR 1027326]

When you add new WLAs in a mobility domain, secondary seed becomes active even though the primary seed is active during mobility domain synchronization. Therefore, there are two active seed controllers in the network at the same time causing the WLAs to reboot. [PR 1035248]

The WLC sends a missing class-attribute to SBR, as a result authentication between account start packets and account stop packets does not occur and billing issues are observed. [PR 978533]

Configuration changes in secondary seed are observed after it reboots. [PR 1030931]


Unless WLAs receive timeout requests, they do not send out SIP packets; and only buffer these packets. As a result, SIP calls are not initiated. [PR 929968]

The MX-800R controller restarts generating netsys core files. [PR 998809]

WLAs that have the primary access manager connection to the primary seed reboot randomly after the scheduled restart of the primary seed. [PR 1005445]

WLAs that belong to a Radio profile in which the countermeasure feature is enabled, prevent the SSID from appearing as an available network for the client, even though the SSID belong to the same mobility domain. [PR 1006220]

After upgrading to MSS 8.0.4.3, the local switching WLAs do not broadcast multicast traffic. [PR 1007398]

The signal values are always incorrect when performing a packet capture with a snoop filter attached to any given WLA. [PR 1007674]

After upgrading to MSS 8.0.4.3, the mesh WLAs do not reboot after a scheduled reboot. [PR 1008287]

WLAs rebooted because the mobility domain members gradually lost connectivity to each other. [PR 1012899]

In MSS 8.0.4.3, WLAs reboot because of a corrupted entry in the station database. [PR 1017437]

In MSS 8.0.4.3 error message ERROR CLI_CONFIG_ERR: cli_get_aaa_avpair_list stat_get_aaa_avpair_list result=2018 ((null)) spams the trace logs. [PR 1018023]

In MSS 9.0.2.5, WLC880R crashes, creating a configuration core file. [PR 1019944]



The high CPU load in large wireless networks causes multiple WLAs to crash. [PR 1020003]

After an upgrade to MSS 9.0.2.11, multiple NETSYS crashes occur in WLCs in the secondary seed and also in one of the member WLCs. [PR 1031428]

WLAs reboot and WLCs generate netsys core file due to FDs exhaustion. [PR 1038963]

WLA322-WW crashes in MSS release 9.0.3.5. [PR 1038176]

Mesh does not form for WLA532-US/WW Radio 1 and Radio 2. [PR 1028463]

Users are unable to disable Radio 1 of WLA322, because of which the WLA continues to be in Sentry mode forever. [PR 884424]

WLCs do not establish a TCP connection to preferred network domain seed unless the existing TCP connection in the network domain seed that is in outage mode. [PR 988064]

The command sh accounting statistics does not display logs in sequence as per the time stamp they are received. [PR 989172]

Security ACLs can be mapped to user names as filter IDs. When certain security ACLs are removed, the mappings still exist referring to the non-existent ACLs. Because of this, the clients disconnect and do not connect back unless the security ACLs that are mapped to the user names as filter IDs are cleared. [PR 1012483]

When the auto-tune channel set and the channel sets supported by WLAs do not have a common channel, Radio 2 of WLAs do not turn up to operational state. [PR 1034145]

Spanning tree configurations are incorrectly applied to port groups. [PR 875122]

Help description for ssid-name is missing in the CLI; it shows only the character string. [PR 1030423]

The AAA profile name supports special characters such as #,$,&,?,",\,',<, and >. [PR 1030690]

The number of characters supported for pre-shared key is not mentioned in the CLI help. [PR 1034249]

When the run auto-tune calculate-deploy command is executed, the auto-tune algorithm calculates the channel-set and writes it as an .xml file multiple times with the same time stamp. [PR 1038260]

A channel abort warning message is displayed when the channel auto-tuning accepts channels that are not part of channel settings. [PR 1038268]

The show session command output displays incorrect VLAN names. [PR 1030413]

The WLCs classify the neighboring WLAs as rogue WLAs even though they are part of the SSID list. [PR 1010564]

MX-800R controllers running MSS release 8.0.4.3 reboot, creating a configuration core file. [PR 1029716]

During Web Authentication, if LDAP authentication fails, the LDAP server does not failover, because of which the authentication does not occur locally. [PR 996933]

SNMP client data-rate is incorrectly polled for 802.11n band clients. [PR 1032271]

When the local authentication for a Web portal fails, it does not failover to other authentication methods. [PR 1037839]

The clients that are configured to connect in local-switching mode connect in overlay mode instead of local-switching mode. [PR 1049186]

The WLAs time out during auto-tune operation. The auto-rf process fails and starts again because of the interference from the neighboring WLAs. [PR 1030961]

Maximum power calculations output do not match the values mentioned in the product specification. [PR 966627]

Maximum transmit power for WLA522E-WW does not match the values mentioned in the product specifications. [PR 972714]



Unable to configure the antenna type in MSS 9.1 for WLA532-WW. [PR 1020711]

Between the Web portal timeout and the idle timeout period, clients that are connected to WLAs are disconnected and reconnected. [PR 1026208]

Clients with the wireless card Qualcomm Atheros with AR9285 disconnect from the wireless network when connected to WLA532-WW through vWLC. [PR 1043970]

Incorrect SNMP traps are sent by the controllers when a WLA moves from one controller to another, in a cluster. [PR 1049163]

On a WLC880R controller, after you upgrade to MSS 9.03.5, WLA532-US series WLAs connected to the controller crash. [PR 1053064]

The speed of the WLC880 fans is inconsistent and cannot be controlled. [PR 972427]

All the WLAs with WLA532 series are crashing with the message "ERROR AP 8999 uucp: <67>Dec 13 20:27:15 syslog: Process 264 crashed - signal 11 (SIGSEGV). [PR 1051153]


When an access point is booted over an HL link, the wireless client does not authenticate with a latency of 800 ms or more if WPA-PSK with TKIP is used for authentication. [PR 857330]

If the maximum transmission unit (MTU) for a path is set to 896, the WLC does not update the status of a WLA322 access point from outage mode to active mode even after the access point has recovered from the outage. [PR 869445]

The interworking-profile configuration of a service-profile cannot be changed. [PR 896127]

If WLC-polling is enabled at a remote site, a WLA532-US access point that is in outage mode does not recover from the outage, but continues to serve clients while still in outage mode. [PR 897066]

Issues Resolved Prior to MSS 9.0.2.5 (9.0MR1)

The access point managed global session ID changes when there is a failover of the access point. [PR 824118]

WLC100 shows high load on CPU when device is idle. With MSS 9.0 running on WLC100, even when there is no load on the controller, the CPU usage displays high load. [PR 840157].

When Hot Spot 2.0 is enabled, RSN-IE and Dot1x should be enable on SP. [PR 855370]

The access points on radio 2 are using channels that are not defined in the auto-tune channel list. [PR 868603]

WLC2800 with MSS Version 7.7.3.3- Several access points were lost during hitless upgrade. [PR 870387]

A strange accounting packet is sent out from the controller during a VoIP call. [PR 873598]

When a WLC rejoins a cluster a message “SM-EVENT: APM reports WLA is down” is logged by other controllers. [PR 876566]

Some access points got rebooted and displayed an error message “ERROR soc_mem_read: invalid index 65535 for memory SOURCE_TRUNK_MAP_TABLE” on the controller. [PR 884299]

Clients/access point output issue while using WebGUI on the secondary seed controller. [PR 886872]

After downgrade from MSS_9.0 to MSS_8.0 the access points that enter outage mode will not become operational until extended-timeout expires. [PR 887245]

Several WLA532s crashing at customer environment. [PR 889427]

Cluster interruptions followed by access point reboots. [PR 890893]

Synchronization issues with cluster members. [PR 891926]


24 Issues Resolved Prior to MSS 9.0.2.5 (9.0MR1) Copyright © 2016, Juniper Networks, Inc.

SNMP agent and system log message displays the old system IP address when the system IP address is modified without rebooting the controller. [PR 891987]

Remote WLA reboots when WLC recovers from reboot. [PR 893549]

The error "atheros->key_cache.entry[indx].sta_desc_ctrl[q_type].queued_packet_count > 0" is still seen in MSS Version 7.7.4.4 at customer environment. [PR 893696]

Channel overlap occurs when auto-tune channel is enabled with 40 Mhz channel width. [PR 893720]

Cluster failover issue. After the primary seed comes up from a failover and after the access point and client sessions move back to the primary seed, the client does not receive a ping reply from the gateway. [PR 894415]

Members of the Cluster are dropping out and going into synchronization state. [PR 895537]

Add Macau (MO) country code and update Hong Kong (HK) output power in the MSS Versions 8.0 and 9.0 Homologation Tables. [PR 896312]

Spectralink 8440 phones slows down the ICMP performance and the voice quality reduces. [PR 896726]

All access points rebooted at the same time during hitless upgrade. [PR 897191]

Output from show mobility-domain stat command is inconsistent and also multiple WLCs reported with latency -1. [PR 897387]

Cluster member not accepting new sessions and causes authorization failures. [PR 898537]

After upgrade from MSS 8.0.2.2 to MSS 8.0.3.6 the WLC stopped responding through the uplink of SFP port 5/6. [PR 899670]

The access points are not accepting new sessions and having excessive retransmits. [PR 899940]

Client load-balancing and band-steering is causing incompatibility issues. [PR 899976]

Controller issues after the upgrade to MSS Version 8.0.3 (fp and netsys core issues). [PR 900462]

The access point crashes when you issue RFlink test from web interface. [PR 900466]

The access point crashes in a cluster with controller running MSS Version 8.0.3.6. [PR 902403]

High number of retransmits from Philips MX40 wireless monitors, when associated to a WLA532. [PR 904874]

Controller issues after the upgrade to MSS Version 8.0.3 (netsys cores). [PR 904897]

Device fingerprint feature can be configured only on the primary seed and not on the secondary seed. [PR 905243]

Remote access points rebooting after upgrade to MSS Version 8.0.3. [PR 905291]

The primary seed in the cluster has lost the configurations for over 1000 WLAs. [PR 905523]

Clients not receiving the IP Address when connecting using WEP keys 2-4. [PR 905605]

SNMP core file dropped on one of the cluster WLCs running MSS 7.7.4.4. [PR 906718]

Some WLAs show WLA reboots after WLCs sync back into cluster, Buffered Log (0): 381352.394 agent: WLA Reset: TAPA reboot by WLC. [PR 906772]

NetSys core dump found in Secondary Seed [PR 908495]

Cluster instability issue with WLC880R cluster. [PR 909738]

Bandwidth limitation feature not working when applied to web-portal service-profiles. [PR 910577]

Controller crashed in "store" process: ERROR SUPERVISOR: process_sigchld: process store.991260 core dumped. [PR 910907]

Netsys crash after upgrade to MSS Version 8.0.3.6. [PR 911166]

After upgrading to MSS version 8.0.3.6, the controllers are rebooting randomly with configuration cores issue. [PR 912614]

Copyright © 2016, Juniper Networks, Inc. Issues Resolved Prior to MSS 9.0.2.5 (9.0MR1) 25


Triple Core Issue—Secondary Seed network failure, core dumps, and reboot. The system dumps three core files and comes back without rebooting. [PR 913502]

RF detect alarms in MSS 8.0.3.6. [PR 914599]

WLA532-WW crashes on MSS 9.0.1.2. [PR 914666]

An error message: "ERROR IGMP_PROCESS: igmp_session_create: Cannot support more sessions" is seen on WLCs. [PR 914674]

Netsys.core file generated on secondary seed. [PR 915378]

After a Netsys crash, WLCs no longer send data to System log server and using the stop/start logger commands do not recover; a reboot is required to get the controllers functional. [PR 916763]

WLA532-US cannot boot into the cluster. [PR 917080]

FP cores due to Kernel panic, Illegal instruction execution and process level thread containing kernel address [PR 917262]

The access point crash dump after upgrading to MSS version 7.7.4.8 on the controller. [PR 918630]

WLC crashes after upgrade, the config.core and httpd.core files on WLC2800 are not opening. [PR 918650]

Member Controller in a cluster having MSS 7.7.4.8 experienced triple core issue. [PR 919575]

The access points rebooted even with wan outage configuration. [PR 919915]

Synchronization failure for cluster members after upgrading to MSS version 8.0.3.9. [PR 921060]

Portal not working, fixed by restart of the controller. [PR 921806]

Access Point reboots with TAPA reset by WLC following Mobility Domain flaps. [PR 921932]

The access points did not perform load balance according to affinity-groups after planned power outage. [PR 922048]

WLC2800 Netsys, config and chassis cores on 7.7.4.8. [PR 922354, PR 920198]

RADIUS: WLC needs to support multiple Class attributes to echoed responses. [PR 923397]

Cluster configuration: SSID name with double spaces get updated with single space in secondary and member controllers and cluster becomes out of synchronization. [PR 924451]

WLA321-WW crashes on controller having MSS version 9.0.1.2. [PR 924607]

Large delays are experienced at the CLI while running commands. ICMP Ping drops are also noted and the only way to get the controller up is to reboot the system. This happens only on the member controller. All other controllers running MSS 8.0.3.6 works fine. [PR 925892]

WLA632-WW does not support 5G radio with country code MO. [PR 929509]

The access point crash dump on controllers in a cluster having MSS Version 8.0.3.6.0. [PR 929535]

Netsys.core.1036317.tar; code 1 ip 0x4833841c sp 0x4803fbf0 on controller having MSS version 8.0.3.6. [PR 930341, PR 930346, PR 930349]

The IP address in show session command appears with the octets in reverse. [PR 931916]

Multiple config.core.1011740.tar and httpd cores issues. [PR 932611]

The maximum transmit power is incorrectly displayed in MSS version 9.0.1.2 and RingMaster version 9.0.1.2. [PR 934051]

WLA522 crashes after upgrade to MSS 7.7.4.8. [PR 934534]

The customer had netsys crash - ip 0x483504e8 sp 0x4803fa00 after upgrading to MSS version 9.0.1.2. [PR 934646, PR 935548]

WLA522 crashes on controllers running MSS version 9.0.1.2. [PR 935550]

Configuration core crash on controllers running MSS version 9.0.1.2. [PR 935570]


26 Known Limitations Copyright © 2016, Juniper Networks, Inc.

The transmit power is different for MP-522/E and WLA522/E with country code HK. [PR 935913]

WLAs are rebooting when 802.1x is enabled at the switch port of the EX Series switches. [PR 937263]

MP-522 crashing in thread 'spectral_data_report' in MSS 7.7.4.8. [PR 937694, PR 937697]

Several WLAs crashing in MSS version 9.0.1.2 (WLA532-WW and WLA322-WW Process 209 crashed - signal 6 (SIGABRT)). [PR 941038]

Displays cluster error: ERROR CLUSTER_BAD_DATATYPE: cc_lookup_rec_params:autorf_cohort_prob_wgt_table_insert: Attempts to insert duplicate record in class autorf/pwtable19 with key 503cb06c len 8 from source. [PR 943738]

WLC crashes with netsys core after upgrade to MSS 8.0.3.12. [PR 948336]

Known Limitations

In a network deployment that uses 250 access points (that is, 50% load), scaling the maximum number of access points in a cluster to more than 2000 might lead to network instability. We recommend that you restrict the maximum number of access points in a cluster to 2000.

Although some of the CLI commands show the maximum number of access points that can be configured as 4096, only up to 2048 access points are supported in a cluster mode.

In an event where a WLC goes down, all the WLAs associated with that WLC, which were earlier connected to primary access manager (PAM) failover to their respective secondary access manager (SAM). The SAM reassignment time is increased to 20 seconds from 3 seconds leading to the increase in the failover time.

The mesh configuration works only when the DFS channels are disabled. Similarly, you will be able to enable DFS channels through radio-profile commands only if a WLAN mesh is not configured. Ensure that you disable DFS channels in radio-profile commands if you want to configure a WLAN mesh.

Although 50 active clients are supported per radio, not all of the 50 clients might be able to establish a successful connection. This issue occurs when the TKIP encryption is enabled and when the multicast traffic streams cause high user load.

After a WLA enters an outage mode, it is unable to reboot by using the persistent configuration stored on the WLA. When a WLA uses a statically assigned IP, and there is no reply from the configured switch, the WLA attempts to initiate a DHCP exchange. Because the unavailability of the DHCP server on the VLAN, the WLA does not receive any response from the DHCP server either. Because of this, the WLAs does not boot and clients are unable to connect to the SSIDs. Workaround: Ensure a DHCP server is always available in the VLAN or that the WLA has the connectivity to a statistically configured switch.

Changes to Default Behaviors

When WLAs use DHCP Discovery to locate WLCs on the network, the ability to use Option 12 and Option 77, in addition to Option 43, as part of the discovery process is now available.

In previous releases of MSS, the WebAAA Web Portal allowed a user to submit a valid username and an empty password. This has now changed to require that the user enter a non-zero length password to log onto the network.

An Interworking (IW) Profile that has Hot Spot 2.0 enabled can only be mapped to a Service Profile that has RSN-IE and 802.1X (Dot1x) configured. If PSK is also configured, the Interworking Profile cannot be mapped to the service profile. However, if you disable Hot Spot (by default) on an IW profile, then you can map it to a Service Profile with RSN-IE and 802.1X. That is, whenever Hot Spot is already enabled on an IW profile and you need to map it to a service profile, the service profile should mandatorily have only RSN-IE and 802.1X configured. Alternatively, you can enable Hot Spot on IW profile after mapping to a service profile that has RSN-IE and 802.1X enabled. [PR 855370]

Copyright © 2016, Juniper Networks, Inc. Changes to Default Behaviors 27


Workaround — By default, Hot Spot 2.0 is disabled when IW profile is created. To add IW profile with Hot Spot disabled to a Service Profile that has RSN-IE and Dot1x, enable Hot Spot on the IW, then map it to Service Profile with RSN-IE and Dot1x. Also after loading the configuration, recheck the IW profile to Service Profile mapping and verify that it is still there by checking the ?show service-profile <SP name>? command and check that the interworking profile name is there for that profile. If not, then remap the IW back to the Service Profile.

WLC100-1D2190# show service-profile hotspot

General attributes SSID name: Hotspot 2.0 SSID type: crypto Interworking Profile: hs2.0

Special characters such as $, \, and, .. are not allowed in the profile name in AAA profile creation wizard. Hence, you are not able to enter these special characters for a profile name.

The transmit power level for WLA322-WW is changed from 13dBm to 8dBm to comply with EU ETSI requirement.


28 Errata in Documentation Copyright © 2016, Juniper Networks, Inc.

Errata in Documentation

This section lists outstanding issues in the published documentation for MSS 9.0:

The command reference documentation for the WLA commands does not mention the command set radio-profile power-policy cell-parity. This command is used to configure a cell parity power policy. The following are the syntax and other details pertaining to this command:

Syntax set radio-profile rp-name power-policy cell-parity 11bg-power 15 11a-power

Defaults By default, the power level is the highest value that all radios under the profile can use.

Access Enabled

History Command introduced in MSS Version 9.0.

Usage The power values for 2.4 GHz and 5.0 GHz are different; and all radios of the same channel band are set to equal power levels that are compatible with the hardware, the channel, and the country code.

The following example applies to the rfping sessiod-id <apnum> verbose command:

MX-200-username# rfping session-id 2 verbose

RF-Link Test to 8d:65:5a:09:1f:89:

Session-Id: 2

Packets Sent Packets Rcvd RSSI SNR RTT (micro-secs)

------------ ------------ ------- ----- ----------------

20 20 -43 52 553

Index RSSI SNR RTT (micro-secs) Retries Rate (Mb/s)

----- ------------ ------- ---------------- ------- --------

1 -43 52 676 0 54.0

2 -44 51 57 0 54.0

3 -43 52 467 0 54.0

4 -43 52 457 0 54.0

5 -43 52 303 0 54.0

6 -44 51 419 0 54.0

7 -43 52 478 0 54.0

8 -42 53 416 0 54.0

9 -44 51 452 0 54.0

10 -44 51 338 0 54.0

11 -44 51 382 0 54.0

12 -43 52 267 0 54.0

13 -43 52 473 0 54.0

14 -44 51 418 0 54.0

name Radio Profile name

11bg-power Power level for all 2.4-GHz radios in the Radio profile. The range is from 1 through 24.

11a-power Power level for all 5.0-GHz radios in the Radio profile. The range is from 1 through 24.

Copyright © 2016, Juniper Networks, Inc. Errata in Documentation 29


15 -43 52 443 0 54.0

16 -43 52 453 0 54.0

17 -44 51 373 0 54.0

18 -44 51 348 0 54.0

19 -40 55 419 0 54.0

20 -39 56 3411 0 54.0

The set trace command fails to mention the following usage details about the parameters such as the IP address, MAC address, port number, and username configured by using this command. If you configure these parameters by using this command, the trace output displays detailed and complete information specific to the configured parameters only. The trace output also displays some basic information (not detailed and complete) pertaining to parameters that are not configured in this command. If you not do not configure any parameter in this command, the trace output displays detailed and complete information for all parameters.For example, if you configure a MAC address in the trace command, then detailed and complete information is displayed only for the MAC address that you configured while basic information is displayed for other MAC addresses.

The Command Reference Guide for MSS 9.0 release incorrectly includes the following WLAs in the set ap command. The following WLAs are not supported in MSS 9.0:

− 2332-E1

− 2332A-E1

− AP-EASYA

− AP2750

− AP3850

− AP3950

− AP9551

The command show auto-tune channel shows incorrect output in MSS 9.0 Command Reference Guide. The correct output is as shown below:

show auto-tune channel

Band: 11A

Channel Assignment Mode: Auto

Schedule Time: Everyday 22:10

Interference Threshold: -80dBm

Convergence Delay: 8 min

Current Time: Mon Jan 28 2013, 12:43

Last deployment: Completed on Sun Jan 27 2013,22:10(14 hours 32 min ago)

Channel Plan: ach_2013_01_27_0043_A.xml ( 1 days 11 hours 59 min ago)

Latest channel plan: ach_2013_01_27_0043_A.xml ( 1 days 11 hours 59 min

ago)

Convergence Stage: Completed on Sun Jan 27 2013, 00:42 (duration 8 min)

Calculation Stage: Completed on Sun Jan 27 2013, 00:43 (duration 48 sec)

Next channel plan: ...pending...

Next deployment: Scheduled on Mon Jan 28 2013, 22:10 (in 9 hrs 27 min)


30 Errata in Documentation Copyright © 2016, Juniper Networks, Inc.

The Configuration Guide for MSS 9.0 does not mention the following equations, which are used to calculate the aging timeout period:

The aging timeout is calculated based on the following equations:

Aging time (t) = T + dt -------------------------------->(1)

Aging timeout period (T1) = MT + t---------------->(2)

Where,

T is the aging timer value configured.

t, the aging time, is the time needed by the new MAC entry to age out.

dt is the difference between the aging timer value configured (T) and the time after which a new MAC entry is learned.

T1, the aging timeout period, is the total time taken by the new MAC entry to age out.

MT is the time after which a new MAC entry is learned.

For example, if you configure the aging timer as 5 minutes and add a new MAC entry after the fourth minute, according to equations (1) and (2),

The aging time (t) = 5 + (5 - 4) = 6 minutes

The aging timeout period (T1) = 4 + 6 = 10 minutes

The MSS 9.0 Configuration Guide incorrectly includes the show mobility-domain config command for displaying the mobility status. This command is deprecated from MSS 7.0 release onwards.

release notes for mss version 9.6.3.2 (mr4)2013/12/24 · what is new in mss version 9.0.5.2 ce...

Documents