AOS-W 5.0.2.1 Release Notes PDF

Release Notes
AOS-W 5.0.2.1
Copyright
2010 Alcatel-Lucent. All rights reserved.
Specifications in this manual are subject to change without notice.
Originated in the USA.
AOS-W, Alcatel 4308, Alcatel 4324, Alcatel 6000, Alcatel 41, Alcatel 60/61/65, Alcatel 70, and Alcatel 80 are trademarks of AlcatelLucent in the United States and certain other countries.
Any other trademarks appearing in this manual are the property of their respective companies.
Legal Notice
The use of Alcatel-Lucent switching platforms and software, by all individuals or corporations, to terminate Cisco or Nortel VPN client
devices constitutes complete acceptance of liability by that individual or corporation for this action and indemnifies, in full, AlcatelLucent from any and all legal actions that might be taken against it with respect to infringement of copyright on behalf of Cisco Systems
or Nortel Networks."
www.alcatel-lucent.com
26801 West Agoura Road
Calabasas, CA 91301
AOS-W 5.0.2.1 | Release Notes
0510696-02 | September 2010
Contents
Chapter 1
Whats New in this Release .................................................................... 5

NAT-T Behavior Change for MacOS Clients...................................................5
OAW-AP175....................................................................................................5
In Previous AOS-W 5.0.2 Releases .......................................................................5
Bridge Mode Mobility......................................................................................5
Manually Provisioning USB Cellular Modems for Remote APs ......................5
Chapter 2
Fixed Issues ........................................................................................... 11
Chapter 3
Known Issues......................................................................................... 15
Chapter 4
Upgrade Procedures ............................................................................. 21

Important Points to Remember ...........................................................................21
Technical Upgrading Best Practices.............................................................22
Basic Upgrade Sequence .............................................................................22
Managing Flash Memory...............................................................................23
Before you upgrade ......................................................................................23
Backing up Critical Data ...............................................................................23
License Mapping .................................................................................................24
Licensing Change History .............................................................................24
Upgrading from 3.4.x to 5.0 ................................................................................25
Caveats .........................................................................................................25
Load New Licenses.......................................................................................26
Save your Configuration................................................................................26
Install AOS-W 5.0.2.1....................................................................................26
Upgrading from 3.3.x to 5.0 ................................................................................28
Upgrading on the WebUI ..............................................................................28
Upgrading on the CLI....................................................................................28
Upgrading from 2.5.x to 3.3.x to 5.0. ..................................................................29
Upgrading in a Multi-Switch Network .................................................................29
Pre-shared Key for Inter-Switch Communication .........................................29
Downgrading after an Upgrade ...........................................................................30
Switch Migration..................................................................................................32
Single Switch Environment ...........................................................................33
Multiple Master Switch Environment ............................................................33
Master/Local Switch Environment ................................................................33
Before You Start............................................................................................33
Basic Migration Steps ...................................................................................33
Before You Call Technical Support .....................................................................34
Contacting Support ............................................................................................34
| 3
4 |
Chapter 1
Whats New in this Release
AOS-W 5.0.2.1 is a patch release that addresses and provides solutions for a number of known issues. For
more information about AOS-W, refer to the AOS-W 5.0 User Guide or Command Line Reference. See the
Upgrade Procedures on page21 for instructions on how to upgrade your switch to this release.
NAT-T Behavior Change for MacOS Clients

Beginning in AOS-W 5.0.2, the switch will negotiate NAT-T for MacOS clients. If you plan to dst-nat ISAKMP
packets, you must dst-nat UDP 500 and UDP 4500 ports. If you do not, MacOS clients will not be able to
successfully establish an IPSec tunnel with the switch.
OAW-AP175
This patch introduces support for the Alcatel-Lucent OAW-AP175. The Alcatel-Lucent OAW-AP175 is a
resilient, environmentally hardened, outdoor rated, dual-radio, dual-band IEEE 802.11 a/b/g/n wireless
access point. This outdoor access point is part of Alcatel-Lucents comprehensive wireless network
solution. The OAW-AP175 works only in conjunction with an Alcatel-Lucent switch and each AP can be
centrally managed, configured, and upgraded through the switch.
In Previous AOS-W 5.0.2 Releases

Previous releases of AOS-W 5.0.2 have introduced additional software enhancements for all Alcatel-Lucent
switches. This section describes those enhancements.
Bridge Mode Mobility

APs in bridge forwarding mode support firewall session synchronization, which allows clients to retain
their current session and IP address as they roam between different bridge mode APs on the same layer-2
network. This feature supports client mobility on up to 32 layer-2 connected APs.
Manually Provisioning USB Cellular Modems for Remote APs

In some cases, dual type devices that feature storage and modem capabilities are not automatically detected
as modems by remote AP. These devices can now be manually configured as USB modems using the
usb_modeswitch command available as part of the provision-ap command.
Using this command you can manually enter the vendor ID, product ID, target vendor ID, target product
ID, and the modem initialization string to provision the modem. The provisioning parameters must be
entered as a string value (within dual quotes).
Command Syntax
usb_modeswitch "-v <vendor_ID> -p <product_ID> -V <target_vendor_ID> -P
<target_product_ID> -M <message_content_in_Hex>"
Whats New in this Release | 5
Parameter Description
Table 1 USB Modeswitch Parameter Description
Parameter
Description
-v
Specify the vendor ID.
-p
Specify the product ID
-V
Specify the target vendor ID. Optional parameter.
-P
specify the target product ID. Optional parameter.
-M
Specify the modem initialization string in hexadecimal format.
You can manually configure modems only using the CLI.

NOTE
Using the CLI

(host) (config) #provision-ap
(host) (AP provisioning) #usb_modeswitch "-v <default_vendor> -p <default_product> -V
<target_vendor> -P <target_product> -M <message_content>"
(host) (AP provisioning) #reprovision ap-name <ap-name>
Example
(host) (AP Provisioning) #usb_modeswitch "-v 0x106c -p 0x3b06 -V 0x106c -P 0x3717 -M
5534243b82e238c24000000800008ff020000000000000000000000000000"
Device Details of Some USB Cellular Modems

The following table lists identifiers for some USB modems. If your modem is listed in the table you can use
the parameters to provision that modem.
NOTE
It is, however, recommend that you can confirm these values with your service provider or contact the hardware
manufacturer.
Table 2 List of modems with device and product ID

ISP
Model Name
ATT
USBConnect 881
(Sierra 881U)
ATT
Mercury (Sierra
Compass 885/
N7NC885)
6 | Whats New in this Release
Vendor
ID
Product
ID
USB Provisioning Strings
0x1199
6856
usb_type=sierra-gsm
0x1199
6880
z
z
usb_type=sierra-gsm
usb_tty=ttyUSB4

ISP
Model Name
ATT
Quicksilver
(Globetrotter ICON
322)
Vendor
ID
0x0af0
Product
ID
d033
z
z
z
z
z
ATT
"Huawei E272,E170,
E220"
0x12d1
1003
usb_type=hso
usb_init=AT+CGDCONT=1,'IP','wap.cingu
lar'
usb_dial=ATDT*99***1#
usb_user=internet
usb_passwd=internet
usb_type=option
usb_init=AT+CGDCONT=1,'IP','wap.cingu
lar'
ATT
USBConnect 881
(Sierra 881U)
0x1199
6856
usb_type=sierra-gsm
ATT
USBConnect
Lightning
0x1199
68a3
usb_type=sierra-gsm
usb_dev=0x119968a3
UM100C (UTstarcom)
0x0d08
Cricket
0300
z
z
z
Cincinnati
Bell
Icon 452
0x0af0
Sprint
Compass 597 (Sierra)
0x1199
Sprint
USB 598 (Sierra)
Sprint
7901
usb_type=acm
usb_user=internet
usb_passwd=internet
usb_type=hso
usb_init=at+cgdcont=1,?ap??ocbw?usb_d
ial=*99#
0023
usb_type=sierra-evdo
0x1199
0025
Ovation U727
(Novatel)
0x1410
4100
usb_type=option
Sprint
U300 (Franklin
wireless)
0x16d8
6002
usb_type=option
Sprint
U301
(Franklin wireless)
0x16d8
6008
z
z
usb_type=option
usb_dev=0x16d86008
usb_tty=ttyUSB1
usb_type=option
Sprint
USB U760(Novatel)
0x1410
6000
Verizon
USB1000 (Novatel)
0x1410
a008
Verizon
USB U727 (Novatel)
0x1410
4100
usb_type=option
Verizon
USB U720 (Novatel/

Qualcomm)
0x1410
2110
usb_type=option
Verizon
USB U760 (Novatel)
0x1410
6000
usb_type=option
Verizon
UM175 (Pantech)
0x106c
3714
usb_type=acm
Verizon
UM150 (Pantech)
0x106c
3711
usb_type=acm

Product
ID
0x106c
3716
usb_type=acm
U597 (Sierra)
0x1199
0023
Telecom
(New
Zealand)
Tstick C597
(Sierra)
0x1199
0023
usb_user=mobile@jamamobile
usb_passwd=telecom
TataIndico
m (india)
SXC-1080
(Qualcomm)
ISP
Model Name
Verizon
UMW190(Pantech)
Verizon
Vendor
ID
z
z
0x1b7d
070a
z
z
z
z
Telenor
(sweden)
Globetrotter ICON 225 0x0af0
6971
z
z
z
z
z
Vodafone/
SmarTone
(HK)
Vodafone
(UK)
Huawei
E169
z E180
z E220
z E272
0x12d1
Huawei K4505
0x12d1
1003
z
z
z
1464
z
z
z
z
z
O2 in the
UK
Huawei E160
0x12d1
1003
z
z
z
z
z
z
SFR in
France
Huawei E160
0x12d1
1003
z
z
z
z
NZ and JP
Huawei E220
0x12d1
1003
z
z
z
T-Mobile
UMG181
0x12d1
1414
z
z
z
z
usb_type=acm
usb_init=ATQ0V1E1S0=0&C1&D2
usb_user=internet
usb_passwd=internet
usb_type=hso
usb_init=AT+CGDCONT=1,'IP','telenor'
usb_user=internet
usb_passwd=internet
usb_type=option
usb_init=AT+CGDCONT=1,'IP','internet'
usb_dial=ATDT*99#
usb_type=option
usb_dev=0x12d11464
usb_user=web
usb_passwd=web
usb_user=O2web
usb_passwd=password
usb_type=option
usb_dev=0x12d11003
usb_init=AT+CGDCONT=1,'IP','mobile.o2
.co.uk'
usb_type=option
usb_dev=0x12d11003
usb_init=AT+CGDCONT=1,'IP','websfr'
usb_type=option
usb_init=AT+CGDCONT=1,'IP','internet'
usb_type=option
usb_dev=0x12d11414
usb_init=AT+CGDCONT=1,'IP','epc.tmobi
le.com'

ISP
Model Name
HK CSL/
1010
ZTE MF636
Vendor
ID
0x19d2
Product
ID
0031
z
z
z
z
Orange in
Israel
ZTE MF 637
0x19d2
0031
z
z
z
z
Sierra USB-306
0x1199
68a3
z
z
z
z
NTT
NTT DoCoMo L-05A

(LG FOMA L05A)
Premodeswit
ch:
0x1004
Post
modeswit
ch:
0x1004
NTT
NTT DoCoMo L-02A
0x1004
Premodeswit
ch:613a
Post
modeswit
ch:6124
6109
z
z
z
z
z
z
Telstra
(Aus)
Sierra 885
(Turbo 7+)
0x1199
6880
z
z
z
z
Telstra
(Aus)
Sierra 306
0x1199
68a3
z
z
z
z
z
Telstra
(Aus)
Huawei E176G
0x12d1
1003
z
z
z
z
usb_tty=ttyUSB2
usb_init=AT+COPS=0,0,0
usb_dial=ATDT*99#
usb_type=2 (option)"
usb_tty=ttyUSB3
usb_init=AT+COPS=0,0,0
usb_dial=ATDT*99#
usb_type=2 (option)"
usb_type=4
usb_tty=ttyUSB6
usb_dev=0x119968a3
usb_init=AT+CFUN=1;+CGDCONT=1,'IP','A
PN_Name'
usb_init=AT+CGDCONT=1,'IP','mopera.fl
at.foma.ne.jp'
usb_type=3
usb_dev=0x10046124"
usb_init=AT+CGDCONT=4,'IP','mopera.fl
at.foma.ne.jp'
usb_dev=0x10046109
usb_type=3
usb_init=AT+CGDCONT=1,'IP','telstra.w
ap'
usb_tty=ttyUSB4
usb_type=4 (sierra-gsm)
usb_dev=0x119968a3
ap'
usb_tty=ttyUSB6
usb_type=4 (sierra-gsm)
usb_type=2(option)
usb_dial=ATDT*99#
usb_tty=ttyUSB0
ap'

ISP
Model Name
3/HUTCH
(Aus)
Huawei
z E1553
z E176
Vendor
ID
0x12d1
Product
ID
1003
z
z
z
z
Optus
(Aus)
Huawei E180
0x12d1
140c
z
z
z
z
z
usb_type=2(option)
usb_dial=ATDT*99#
usb_tty=ttyUSB0
usb_init=AT+CGDCONT=1,'IP','3netacces
s'
usb_dev=0x12d1140c
usb_type=2(option)
usb_dial=ATDT*99#
usb_tty=ttyUSB0
usb_init=AT+CGDCONT=1,'IP','connect'
Chapter 2
Fixed Issues
This release contains all fixes up to and including those in AOS-W 5.0.1.0. The following issues and
limitations have been fixed in the AOS-W 5.0.2.1 release:
Table 3 Fixed in AOS-W 5.0.2.1
Bug ID
Description
30797,
41895
An issue in which user entries stuck in the datapath (meaning there is no corresponding auth entry)
are being forcibly deleted, requiring the user to reauthenticate, has been fixed.
36767
The issue with the user derivation rule encryption-type equals static-tkip not matching
wpa2-psk-tkip has been fixed.
37445,
38506,
35705,
44018
LAN ports on Remote APs (RAP) some up and pass traffic even if the RAP is unable to get an IP
address from the DHCP server.
38151
AOS-W now supports a maximum of 54 TKIP clients on 11n-capable APs and 27 TKIP clients on
legacy (non-11n) APs.
40605
The syslog process can now restart itself after a crash.
41919,
41922,
39594
Buffer Alloc Failure caused by a buffer leak, which causes a switch to become unresponsive, has
been fixed.
42414
An issue in which an OAW-AP105 on 2.4 GHz receive rate falls to 6 Mbps when interference is
present has been fixed.
42660,
43075
DSCP is now set correctly for RTP frames, even when traffic is hitting tos ACL.
43055
The issue with the 4306 WLAN Series switch not relaying DHCP when VLAN1 was configured has
been fixed.
43064
An issue with the VIA connection not establishing when the switch had a direct route to the client
has been fixed.
43163
OSPF can now push more the 117 routes to its neighbors.
43577
AOS-W now correctly adds the QoS control field to EAP frames in bridge mode.
43588
A fix has been added to prevent the OAW-AP105 from crashing when it reads some bad calibration
values from the radio chip after IQ calibration.
43625
Broadcast packets were being flooded into bridge/split tunnels and consuming bandwidth. A fix
has been added to drop non-EAPOL packets on bridge/split dot1x tunnel for wired and wireless
traffic.
43659
There is no longer a small memory leak when the command show global-user-table list is
issued.
Fixed Issues | 11
Table 3 Fixed in AOS-W 5.0.2.1

Bug ID
Description
43825
The CSQ option has been removed from the PPP connection script because it does not interact
well with certain types of modems. This option is no longer needed since signal is now received
from a different script.
43829
User VLANs are only advertised when its operstate is up; similarly, the VLAN route is withdrawn
when the operstate goes down.
43971,
45184,
44452
Traffic is no longer dropped by the switch in the direction in which a bandwidth contract has been
applied. A fix has been added to correct queing the user/role based bandwidth contracts to the
right SOS CPU on the switch.
44049
Switches now respond correctly when polled by an SNMP polling station.
44478
An issue with the switch not responding to the DHCP discovery when the relay agent sends DHCP
packet to an IP address other than the incoming VLAN interface has been fixed.
44794
An issue which many bridge mode users were listed with a 0.0.0.0 IP address and many users
could be seen in the datapath user table but not in the user-table has been fixed.
Table 4 Fixed in AOS-W 5.0.2
12 | Fixed Issues
Bug ID
Description
35300
When a mgmt-user is logged with network-operator permissions, mesh node information is now
correctly displayed Monitoring > All Mesh Nodes.
35308
Additional files for analyzing an HTTPD core dump will be collected and will be included in the file
generated by the tar crash command.
36679
Changes to datapath timers increases switch stability.
38410
The output of the show inventory command displays the correct line card values.
39604
File names cannot be created, exported, or imported with any of the following special characters:
~@#$%^&*()+={}[]<>/\|
This restriction applies to the following CLI commands:
wms export-db
wms export-class
local-userdb export
local-userdb import
40174
Changes to datapath timers increases switch stability.
40240
Station table entries are now correctly aged out.
40554
Users can now poll the wlsxSwitchUserTable MIB to view the list of users connected to a switch.
40555
APs will successfully transmit unicast frames to a user on a static WEP VAP when assigned to a
derivated VLAN.
40942,
41813,
41819
The DBSYNC code was updated to prevent a number of issues including the switch running out of
memory when queuing files for send, re-entrant PAPI ACKs corrupting the largePapi buffer, and
simplifying the state of the switch in general.

Bug ID
Description
41094
The command show references user-role <user-role-name> now correctly displays the
profiles in which the queried user-role has been configured.
41189
An issue in which a MobileIP proxy state machine is unable to get L3 connectivity when inter-process
(such as auth to mobility) messages are dropped has been fixed.
41248
Wired Xsec now works correctly when termination is enabled.
41714
In the WebUI, under Security > Access Control > Firewall Policies > Policies, the list of roles will now
wrap when it reaches the edge of the browser window instead of deforming the UI.
41716
A switch crash cause by an issue with Mobile IP has been fixed.
41769
Idle timeout for IPv6 users is now supported on OmniAccess 6000 Series, OmniAccess 4504/4604/
4704, and 4306 WLAN Series switches.
41848
Mobility no longer deletes the user state when standalone AP is enabled and the client is doing DHCP.
41915
The AP70 can now approved operate in Brazil.
42012,
34041
The issue with APs rebooting continuously after upgrade to 3.4.2.3 has been fixed.
42126,
41913,
36281
The issue with multicast traffic flooding all APs (with IGMP snooping enabled) has been fixed.
42132
When ip local-proxy-arp on interface vlan is enabled, ARP for wireless clients are no longer
broadcast to all APs that share the same user VLAN.
Instead switch does proxy-arp for the wireless client.
42221
The command show poe no longer impacts VRRP heartbeat processing on VRRP back up and master
switches.
42254
When a client is brought up over an RSTP-alternate port-channel, the client no longer begins flooding
out traffic.
42278
Clients on multiple VLANs no longer experience degraded video quality when receiving a multicast
video.
42290
After a reboot, wired clients are now able to successfully receive an IP address from the DHCP server.
42325
An AP-105 provisioned as a RAP with PPPoe enabled now works correctly.
42329
VLANs used for Local IP pools can now successfully be deleted without returning the error messages
L2/L3 module busy.
42510
The log level for SNMP timed out messages sent to other applications has been changed to Notification.
Additionally, the SNMO client source IP address has been added to the log message.
43558,
38833
A .1x WPA retry timer in bridge mode issue has been fixed.
43034
RAPs in tunnel mode will not incorrectly respond to http get requests to their outer IP.
43093
Legacy switches no longer incorrectly require RAP license. The license is included in the base AOS-W
for these switches.
Fixed Issues | 13
14 | Fixed Issues
Bug ID
Description
43096
LDAP-S from a switch to an IBM Tivoli Directory server now works correctly.
43201
The AP-120 Series is now supported in Egypt (country code EG).
43236
Unexpected AP reboots caused by a problem in the SAPD process has been fixed.
43373
AOS-W now tells sos to create a station entry during station start if the forward-mode is bridge or split
tunnel, that way it does not depend on station to send a eapol-start message
43548
Guest authentication for Captive Portal now works correctly.
43558,
42940
Fixed a timer issue which prevented some wireless device from successfully connecting to bridge mode
PSK SSIDs.
43654
IPSec VPN tunnels terminating on an Alcatel-Lucent switch are properly reestablished after the switch
reboots.
43861
An intermittent disconnection problem of the Symbol 9090 has been fixed.
44017
With external Captive Portal enabled, after authentication, the switch will correctly http redirect to the
original FQDN.
44089
An issue in which some APs were being duplicated and their MAC addresses were being changed after
an upgrade has been fixed.
Chapter 3
Known Issues
The following are known issues and limitations for this release of AOS-W. Applicable bug IDs or
workarounds are included:
Table 5 Known Issues and Limitations
Bug ID
Description
44208,
40777
AP is refusing call admission although the configured Call Admission Control (CAC) limit has not been
reached. For example, if the call count based CAC is set to n, only n-1 calls will be allowed on that AP.
Workaround:
For call count based CAC: Set the call-capacity to (n + 1) to ensure that n calls are allowed.
For bandwidth based CAC: Set the bandwidth capacity to that required by (n+1) calls to ensure that n
calls are allowed.
45382
In-call roaming for multiple switch CAC deployments does not work.
Workaround:
None.
43798
When a DHCP helper IP is configured, it is internally maintained as 2 separate entries for the vlan. Now if
you try to delete the helper IP or change it to another helper IP, one incarnation of the same old helper IP
is retained. So DHCP requests from a client on the vlan, the request will still get relayed to the old helper
IP.
Workaround:
If you want to change/delete the DHCP helper IP, first delete the helper IP, do a write mem and reboot
the box. This will remove the helper IP completely from the vlan after the box boots up again. Now you
can assign a new helper IP if required.
44240
In the Alcatel-Lucent version, under Startup Wizard > VLAN and IP Interface > VLAN, when the user
attempts to select a VLAN from the drop-down menu, the user will receive a Java script error and be
unable to configure a VLAN pool.
Workaround:
Use the WebUI instead of the startup wizard.
40800
On some occasions, Remote AP stops responding to association messages for clients connecting to
split-tunnel SSIDs when the AP is also advertising a backup/always mode bridge SSID.
Workaround:
Reboot the RAP. However, this may only be a temporary solution since the issue may return. Another
option is to disable always/backup VAPs if the problem is severe.
40835
After a VIA session is timed out, VIA is unable to make a new connection and shows the VIA Peer not
responding message. This could happen if you have configured more than 10 tunnel IP addresses in VIA
connection profile. VIA supports only 10 user configurable tunnel addresses and one for internally
assigned IP address.
Workaround: On the controller update the VIA connection profile to have only 10 tunnel address.
On the client do the following:
1. Navigate to the Setting > Connection Profile and click the Clear Profile button.
2. In the Status tab, click the Download Profile button. Enter your domain credentials and the VIA
controller IP address and download new profiles.
Known Issues | 15

Bug ID
Description
40995
If the DNS IP address is not configured on the controller for VPN remote clients then the client fails to set
the IP address on the Windows Vista and Windows 7 systems. To verify if it is related to DNS entry or
not, start wireshark on Virtual adapter and check the DHCP (bootp) protocol packets.
Workaround:
Using CLI :(host)(config)# vpdn group l2tp client configuration dns <dns-ip1> <dns-ip2>
(host)(config)# Write mem
Using the WebUI:
1. Navigate to Configuration > Advanced Services > VPN Services IPSEC and set the Primary DNS
Server under L2TP and XAUTH Parameters.
2. save configuration.
18286
The current QBSS-alternative implementation in AOS-W has the following limitations:

Probe-response may not actually reflect the real status if local probe is enabled.
z After CAC-capacity is reached, if you disconnect and re-connect a phone again, the call may not go
through for 10 seconds.
z Even if you disable local probe, sometime phone roaming can fail in the following scenario:
1. Spectralink phone roams when the phone sees an AP with better RSSI( ~10dB difference)
2. let us say the CAC is configured to 10. There are 16 phones and 2 APs
3. 6 phones associated to AP2 and 10 phones associated to AP1.
4. 6 phones associated to AP1 moved to nearer to AP2 where RSSI of AP2 is 10dB better than RSSI of
AP1.
5. Even if there is retry or packet loss issue for the phones associated with APs, the 6 phones will try to
move to AP2.
6. They send QBSS probes and AP will send out QBSS + responses to all 6 Phones.
7. Then the 6 Phones will try to associate to AP2 since all 6 got QBSS response. But only 4 phones will
succeed and two will rejected eventually.
8. This will cause some temporary call drops for the two rejected phones.
z
16 | Known Issues
20441
After the STM module is respawned (i.e. after a crash), the show voice commands will not display any
information because the memory that stores the data is cleared after STM restarts.
Workaround:
None.
26699
Due to the use of different methods to setup an IPSec policy filter between the Alcatel-Lucent dialer and
the Microsoft native dialer, the Alcatel-Lucent dialer will break the Microsoft native dialer for IPSec
L2TP.
Workaround:
None.
28608,
28939
The show datapath command does not return any output for RAPs connected to high latency 3G/
EVDO links.
Workaround:
None.
30592
Bulk RAP provisioning for multiple AP groups does not support triangulation, since bulk provisioned APs
are not assigned unique locations.
Workaround:
If you require your RAPs to have unique locations, do not use Bulk Provision. Instead, provision them
individually.
31388
User role and VLAN derivation based on DHCP-option-77 is support on RAPs.

Workaround:
Use other derivation attributes to derive User-Role other than the dhcp-option-77 parameter.

Bug ID
Description
31601
When a user changes VLANs, the SSID user entry for both VLANs will be updated.
Workaround:
None. However, this is a very minor issue since the old entry will eventually age out.
32076
Unicast and multicast key rotation does not work for split-tunnel 802.1x authentication.
Workaround:
None.
32320
Hitachi wireless IP 5000 phone with firmware version 2.5.2 LA1 cannot associate with an AP in WPA2PSK-AES mode when the SSID has both WPA-PSK-TKIP and WPA2-PSK-AES enabled on it. This is
because the STA is sending AES CCMP as the multicast cipher, instead of TKIP.
Workaround:
To avoid this issue, do not use mixed authentication modes with this phone.
32503
NTP must be run on the switch before VRRP. If this is not done, the system clocks between switches in a
master-backup setup will not be synced correctly.
Workaround:
Run NTP first before enabling VRRP.
32619
OSPF does not advertise all the VLANs to the neighbor if there are more than 102 user VLANs.
Workaround:
None.
32650
Campus APs reboot if their associated whitelist entries in the local-userdb-ap is removed.
Workaround:
Ensure that the local-userdb-ap entry is not configured for Campus AP as local-userdb-ap only
applies to the Remote AP.
32896
An Air Monitor will not process Ethernet frames on the 'eth1' interface, except in cases where eth0 and
eth1 are deployed in a standby configuration for an AP-70. In this scenario, if eth1 is active, the Air
Monitor will receive the ethernet frames on this interface. This issue will affect rogue AP classification for
devices on the eth1 interface.
Workaround:
None.
33541
The traceroute command does not work when the internal IPs are used for RAP pool.
Workaround:
None.
33829
In the WebUI, under Monitoring > Access Points > USB, the serial number of the USB device is
displayed.
Workaround:
None.
34148
Double encryption does not work for tunnel SSIDs on AP-120 series and RAP-5s connected to an M3
switch. Clients will not be able to authenticate with this configuration and hardware combination.
Workaround:
Do not use double encryption with this hardware combination.
34202
All client associations will be cleared for an AP terminated to local switch when the master switch is
rebooted.
Workaround:
None
Known Issues | 17
18 | Known Issues
Bug ID
Description
34238
Load balancing over equally costed routes does not work because AOS-W does not support equal-cost
multiple path (ECMP) routes. Only single path route is supported.
Workaround:
None.
34635
Deny Time Range in virtual AP with forwarding mode set to split-tunnel or bridge mode does not work.
The clients are able to connect during the deny time range.
Workaround:
To use Deny Time Range, the forwarding mode must be set to tunnel-mode.
35088
The provisioning profile is not supported in the ap-name.

Workaround:
The provisioning profile is supported only in the ap-group.
35231,
30257
Max-retries cannot be configured in an SSID profile. For example, if you configure the max retries to 5,
the client will continue to try to connect after 5 times.
Workaround:
None.
35463
A RAP with more than one ethernet port does not come up if the uplink is connected to any other port
other than enet0.
Workaround:
None.
35605
After provisioning the RAP at home the local debugging (LD) page is not accessible if the user is in the
tunnel mode.
Workaround:
None.
35674
Dynamic pullout or plug-in of the Huawei E272 EVDO modem on a RAP does not work.
Workaround:
None.
36117
RFProtect shielding fails if the AP has reached is maximum (32) pending shielding jobs and is, therefore,
taking no new jobs.
Workaround:
None. However, in a typical Alcatel-Lucent deployment, this maximum number of shielding jobs will not
be reached.
36291
Provisioning RAP- 5WN as a Mesh point is not supported.

Workaround:
None.
36601
The rf (Radio Frequency) band defined in the mesh cluster takes precedence over the rf band defined in
the AP system profile while configuring the RMP.
Workaround:
Use all as the Allowed band in the dummy-split-vap parameter.
36891
RAPs cannot be provisioned when using D-Link DIR-100 NAT device due to decryption failures.
Workaround:
None.
36923
Upgrading the RAP from AOS-W 2.5 to RN 3.X is not supported.

Workaround:
Upgrade the RAP to AOS-W 3.X and then to RN 3.X.

Bug ID
Description
37443
Uplink Manager functionalities appear on non-600 series platforms but cannot be used.
Workaround:
None. The uplink options that appear on non-600 series switch platforms should not be enabled.
37700
When a clients ethernet port is connected, the client fails wireless 802.1x authentication if the case
sensitive username does not match the user in the Active Directory.
Workaround:
The clients username must be an exact, case-sensitive match of the username stored in the Active
Directory.
37774
CPSec CAP cannot TFTP core files to the configured dumpserver.

Workaround:
Add a route on the upstream router to point to the controller for AP subnets.
37858
The switch fails to process OSPF link state update (LSU) packet if the packet is fragmented.
Workaround:
Ensure that the neighbor does not advertise more than 116 subnets.
37905
MTU size is not displayed in an ap bss-table for RAP bridge port because there is no data-pkt tunnel
between RAP and controller for bridge mode. Therefore, no MTU discovery happens.
Workaround:
None.
38398
Enabling band steering on multiple VAPs per AP gives unexpected results.

Workaround:
Enable band steering on one VAP per AP.
38403,
38404,
40238
The master-ip parameter is not used in the AP system profile.

Workaround:
None.
38571
The spectrum load balancing requires scanning to be enabled in the ARM profile.
Workaround:
None.
38602
The dummy-split-vap should not be configured with a dot1x based AAA profile in RMP.
Workaround:
Ensure not to configure the dummy-split-vap with dot1x based AAA profile.
38782
A mgmt-user with a username of l, s, or w cannot be created since they are the starting character of
keywords under the mgmt-user command.
Workaround:
Do not create management usernames that begin with l, s, or w.
38850
A mgmt-user username cannot exceed more than 16 characters, however local-userdb username can
exceed 16 characters.
Workaround:
None.
39149
Voice ALGs are not supported in the bridge mode.

Workaround:
Add any any udp 0-65535 permit ACL rule in the voice or user role.
Known Issues | 19
20 | Known Issues
Bug ID
Description
39356
IPSec encryption is not available for d-tunnel wireless traffic on RAPs.

Workaround:
None, this is the expected functionality.
39364
Cluster-root does not point to the VRRP IP address of cluster-member-ip.

Workaround:
None, this is the expected functionality.
39417
The limit for static routes is 128, not 256. In versions of AOS-W prior to 3.4.x, this limit was not strictly
enforced and, therefore, more than 128 static routes could be configured.
Workaround:
None. This is the defined behavior.
39614
The radio mode a is not supported for RAP-2WG.

Workaround:
Use only the radio modes b or g in RAP-2WG.
39664
The tunnel mode users are not displayed on the RAP console.
Workaround:
None.
39666
When a split-tunneled wired client is disconnected from a RAP, the client is immediately removed from
the user table. This cause the wired port statistics for the client to display incorrect information under
Monitoring > Controller > Clients > Client Activity in the WebUI.
Workaround:
None.
39668
Saving the 3G/EVDO values for the provisioning at home feature can take up to 30 seconds. When the
save is complete, the page will refresh automatically.
Workaround:
None.
39849
After downgrading the image from AOS-W 5.0 to AOS-W 3.3.2.8 the local-userdb import cannot
retrieve the entries from the user database.
Workaround:
None.
39906
In AOS-W 5.0 and later, the aaa authentication vpn default profile cannot be modified without
the PEFV license. Pre-5.0, you could modify the profile but could not use the profile without a valid VPN
license.
Workaround:
None. This change does not substantially effect the functionality of the switch.
40076
Captive Portal is not supported in bridge mode.

Workaround:
None. This is expected functionality.
40611
Only four CNAME entries are supported in a returned DNS response from the DNS server.
Workaround:
None.
45190
The switch floods the broadcast and multicast packets to bridge virtual AP and wired ports if a splittunnel VAP belongs to the same VLAN. The packets ultimately gets dropped on the AP.
Workaround:
Use different VLANs for split-tunnel and bridge virtual AP or wired port.
Chapter 4
Upgrade Procedures
This chapter details software and hardware upgrade procedures. Alcatel-Lucent best practices recommend
that you schedule a maintenance window when upgrading your switchs.
Read all the information in this chapter before upgrading your switches.
CAUTION
Topics in this chapter include:
NOTE
Important Points to Remember on page21
License Mapping on page24
Upgrading from 3.4.x to 5.0 on page25
Upgrading from 3.3.x to 5.0 on page28
Upgrading from 2.5.x to 3.3.x to 5.0. on page29
Upgrading from RN-3.x.x to 5.0 on page27
Upgrading in a Multi-Switch Network on page29
Downgrading after an Upgrade on page30
Switch Migration on page32
Before You Call Technical Support on page34
Contacting Support on page34
All versions assume that you have upgraded to the most recent version as posted on the Alcatel-Lucent
download site. For instance, 3.3.x assumes you have upgraded to the most recent version of 3.3.
Important Points to Remember

Upgrading your Alcatel-Lucent infrastructure can be confusing. To optimize your upgrade procedure, take
the actions listed below to ensure your upgrade is successful. You should create a permanent list of this
information for future use.
z
Best practices recommends upgrading during a maintenance window. This will limit the troubleshooting
variables.
Verify your current AOS-W version (execute the show version or the show image version command).
Verify which services you are using for each switch (for example, Employee Wireless, Guest Access,
Remote AP, Wireless Voice).
Verify the exact number of access points (APs) you have assigned to each switch.
List which method each AP uses to discover each switch (DNS, DHCP Option, broadcast), and verify
that those methods are operating as expected.
Resolve any existing issues (consistent or intermittent) before you upgrade.
List the devices in your infrastructure that are used to provide your wireless users with connectivity
(Core switches, radius servers, DHCP servers, firewall, for example).
Upgrade Procedures | 21
Technical Upgrading Best Practices

z
Know your topology. The most important path is the connectivity between your APs and their switches.
Connectivity issues will interfere with a successful upgrade. You must have the ability to test and make
connectivity changes (routing, switching, DHCP, authentication) to ensure your traffic path is
functioning.
Avoid combining a software upgrade with other upgrades; this will limit your troubleshooting variables.
Avoid making configuration changes during your upgrade.
Notify your community, well in advance, of your intention to upgrade.
Verify that all of your switches are running the same software version in a master-local relationship. The
same software version assures consistent behavior in a multi-switch environment.
Use FTP to upload software images to the switch. FTP is much faster then TFTP and also offers more
resilience over slower links.
If you must use TFTP, ensure that your TFTP servers can send more then 30 MB of data.
NOTE
Always upgrade the non-boot partition first. If something happens during upgrade, you can restore the
flash, and switch back to the boot partition. Upgrading the non-boot partition gives you a smoother
downgrade path should it be required.
Basic Upgrade Sequence

Testing your clients and ensuring performance and connectivity is probably the most time-consuming part
of the upgrade. Best practices recommends that you enlist users in different locations to assist with the
validation before you begin the upgrade. The list below is an overview of the upgrade and validation
procedures.
NOTE
If you manage your switches via the AirWave Wireless Management Suite, the AirWave upgrade process
automates most of these steps.
1. Upload the same version of the new software image onto all switches.
2. Reboot all switches simultaneously.
3. Execute the ping -t command to verify all your switches are up after the reboot.
4. Open a Secure Shell session (SSH) on your Master Switch.
5. Execute the show ap database command to determine if your APs are up and ready to accept clients.
6. Execute the show ap active to view the up and running APs.
7. Cycle between step5 and step6 until a sufficient amount of APs are confirmed up and running.
The show ap database command displays all of the APs, up or down. If some access points are down,
execute the show datapath session table <access point ip address> command and verify traffic is
passing. If not, attempt to ping them. If they still do not respond, execute a show ap database long
command to view the wired mac address of the AP; locate it in your infrastructure.
8. Verify that the number of access points and clients are what you would expect.
9. Test a different type of client for each access method (802.1x, VPN, Remote AP, Captive Portal, Voice)
and in different locations when possible.
22 | Upgrade Procedures
Managing Flash Memory

All Alcatel-Lucent switchs store critical configuration data on an onboard compact flash memory module.
To maintain the reliability of your WLAN network, Alcatel-Lucent recommends the following compact flash
memory best practices:
z
Do not exceed the size of the flash file system. For example, loading multiple large building JPEGs for
RF Plan can consume flash space quickly.
Warning messages alert you that the file system is running out of space if there is a write attempt to flash
and 5 Mbytes or less of space remains.
Other tasks which are sensitive to insufficient flash file system space include:
DHCP lease and renew information is stored in flash. If the file system is full, DHCP addresses can not
be distributed or renewed.
If a switch encounters a problem and it needs to write a log file, it will not be able to do so if the file
system is full and critical troubleshooting information will be lost
In certain situations, a reboot or a shutdown could cause the switch to lose the information stored in its compact
flash card. To avoid such issues, it is recommended that you issue the halt command before rebooting.
CAUTION
Before you upgrade

You should ensure the following before installing a new image on the switch:
z
Make sure you have at least 10 MB of free compact flash space (show storage command).
Run the tar crash command to ensure there are no process died files clogging up memory and FTP/
TFTP the files to another storage device.
Remove all unnecessary saved files from flash (delete filename command).
Backing up Critical Data

It is important to frequently back up all critical configuration data and files on the compact flash file system
to an external server or mass storage facility. At the very least, you should include the following files in
these frequent backups:
z
Configuration data
WMS database
Local user database
Licensing database
Floor plan JPEGs
Customer captive portal pages
Customer x.509 certificates
Backup and Restore Compact Flash on the WebUI

The WebUI provides the easiest way to back up and restore the entire compact flash file system. The
following steps describe how to back up and restore the compact flash file system using the WebUI on the
switch:
1. Navigate to the Maintenance > File > Backup Flash page.
2. Click Create Backup to back up the contents of the Compact Flash file system to the file
flashbackup.tar.gz.
3. Click Copy Backup to copy the file to an external server.
You can later copy the backup file from the external server to the Compact Flash file system by
navigating to the Maintenance > File > Copy Files page.
4. To restore the backup file to the Compact Flash file system, navigate to the Maintenance > File >
Restore Flash page. Click Restore.
Backup and Restore Compact Flash on the CLI

The following steps describe the back up and restore procedure for the entire Compact Flash file system
using the switchs command line:
1. Enter enable mode in the CLI on the switch. Use the backup command to back up the contents of the
Compact Flash file system to the file flashbackup.tar.gz:
(host) # backup flash
Please wait while we tar relevant files from flash...
Please wait while we compress the tar file...
Checking for free space on flash...
Copying file to flash...
File flashbackup.tar.gz created successfully on flash.
2. Use the copy command to transfer the backup flash file to an external server:
(host) copy flash: flashbackup.tar.gz ftp: <ftphost> <ftpusername> <ftpuserpassword>
<remote directory>
You can later transfer the backup flash file from the external server to the Compact Flash file system
with the copy command:
(host) # copy tftp: <tftphost> <filename> flash: flashbackup.tar.gz
3. Use the restore command to untar and extract the flashbackup.tar.gz file to the Compact Flash file
system:
(host) # restore flash
License Mapping
License consolidation and even renaming of licenses occur over time. Figure 1 is an up-to-date illustration
of the consolidated licenses effective with this release.
Licensing Change History

The following changes and/or consolidations were made to the AOS-W licensing.
AOS-W 5.0
z
MAP was merged into base AOS-W
VPN was merged into base AOS-W
RAP was merged into AP license
PEF (user basis) was converted to PEFNG (AP basis) with AOS-W 5.0
AOS-W 3.4.1
z
VOC was merged into PEF. This merge happened with AOS-W 3.4.1
IMP was merged into base AOS-W
AOS-W 3.4.0
z
ESI was merged into PEF
AOS-W Legacy and End-of-Life

z
AAA was merged into ESI with the release of AOS-W 2.5.3.
CIM is End-of-life
Releases older than AOS-W 2.5.4 have been End-of-Lifed.

NOTE
Figure 1 License Consolidation
AOS
VPN
IMP
MAP
(indoor)
(outdoor)
AP Capacity
Licensed by
# APs
CAP
RAP
PEFNG - Wired,
WLAN Licensed
by # APs
PEFV VPN/VIA
Controller Box
License
WIP (no change)

Licensed by
# APs
PEF
VSM
WIP
ESI
AAA
(2.5 legacy)
License_Conversion
Base AOS
Upgrading from 3.4.x to 5.0

Read all the following information before you upgrade to AOS-W 5.0.2.1. If you are upgrading from a version
earlier than 3.4.x, see Upgrading from 3.3.x to 5.0 on page 28 or Upgrading from 2.5.x to 3.3.x to 5.0. on
page 29.
z
Caveats on page25
Load New Licenses on page26.
Save your Configuration on page26.
Install AOS-W 5.0.2.1 on page26
Caveats
Before upgrading to AOS-W 5.0 take note of these known upgrade caveats.
z
If you have occasion to downgrade to a prior version, and your current AOS-W 5.0 configuration has
CPSec enabled, you must disable CPSec before you downgrade.
For more information on configuring control plane security and auto-certificate provisioning, refer to
the AOS-W 5.0 User Guide.
Load New Licenses

Before you upgrade to AOS-W 5.0, assess your software license requirements and load any new or expanded
licenses you require prior to upgrading to AOS-W 5.0.
Software licenses in AOS-W 5.0 are consolidated and in some instances license names and modules are
renamed to more accurately represent the modules supported by the licenses (see Figure 1).
For a detailed description of these new license modules, refer to the Software Licenses chapter in the user
guide.
NOTE
If you need to downgrade to AOS-W 3.4.x, the previous licenses will be restored. However, once you upgrade
again to AOS-W 5.0 the licenses will no longer revert should you need to downgrade again.
Save your Configuration

Before upgrading, save your configuration and back up your switches data files (see Managing Flash
Memory on page23). Saving your configuration saves the admin and enable passwords in the proper
format.
Saving the Configuration on the WebUI

1. Click on the Configuration tab.
2. Click the Save Configuration button at the top of the screen.
Saving the Configuration on the CLI

Enter the following command in enable or config mode:
(host) #write memory
Install AOS-W 5.0.2.1

Download the latest software image from the Alcatel-Lucent Customer Support website.
!
CAUTION
When upgrading the software in a multi-switch network (one that uses two or more Alcatel-Lucent switchs),
special care must be taken to upgrade all the switchs in the network and to upgrade them in the proper
sequence. (See Upgrading in a Multi-Switch Network on page29.)
Install AOS-W 5.0.2.1 on the WebUI

The following steps describe how to install the AOS-W software image from a PC or workstation using the
Web User Interface (WebUI) on the switch. You can also install the software image from a TFTP or FTP
server using the same WebUI page.
1. Upload the new software image to a PC or workstation on your network.
2. Log in to the WebUI from the PC or workstation.
3. Navigate to the Maintenance > Switch > Image Management page. Select the Upload Local File
option, then click the Browse button to navigate to the image file on your PC or workstation.
4. Determine which memory partition will be used to hold the new software image. Best practices is to
load the new image onto the backup partition. To see the current boot partition, navigate to the
Maintenance > Switch > Boot Parameters page.
5. Select Yes for Reboot Switch After Upgrade.
6. Click Upgrade.
7. When the software image is uploaded to the switch, a popup appears. Click OK in the popup window.
The boot process starts automatically within a few seconds (unless you cancel it).
8. When the boot process is complete, log in to the WebUI and navigate to the Monitoring > Switch >
Switch Summary page to verify the upgrade, including country code. The Country field displays the
country code configured on the switch.
Install AOS-W 5.0.2.1 on the CLI

The following steps describe how to install the AOS-W software image using the CLI on the switch. You
need a FTP/TFTP server on the same network switch you are upgrading.
1. Upload the new software image to your FTP/TFTP server on your network.
2. Execute the ping command to verify the network connection from the target switch to the FTP/TFTP
server:
(host) # ping <ftphost>
or
(host) # ping <tftphost>
NOTE
A valid IP route must exist between the FTP/TFTP server and the switch. A placeholder file with the destination
filename and proper write permissions must exist on the FTP/TFTP server prior to executing the copy command.
3. Determine which partition d to load the new software image. Use the following command to check the
partitions:
#show image version
---------------------------------Partition
: 0:0 (/dev/hda1) **Default boot**
Software Version
: AOS-W 3.3.1.23 (Digitally Signed - Production Build)
Build number
: 20219
Label
: 20219
Built on
: 2009-05-11 20:51:46 PST
---------------------------------Partition
: 0:1 (/dev/hda2)
/dev/hda2: Image not present
Best practices is to load the new image onto the backup partition (the non-boot partition). In the above
example, partition 0 is the boot partition. Partition 1 is empty (image not present) and can be used to
load the new software.
4. Use the copy command to load the new image onto the switch:
(host) # copy ftp: <ftphost> <ftpusername> <image filename> system: partition 1
or
host) # copy tftp: <tftphost> <image filename> system: partition 1
NOTE
When using the copy command to load a software image, the specified partition automatically becomes active
(default boot partition) the next time the switch is rebooted. There is no need to manually select the partition.
5. Execute the show image version command to verify the new image is loaded:
(host) #show image version
---------------------------------Partition
Software Version
Build number
: 23623
Label
: 23623
Built on
: Wed Mar 10 09:11:59 PST 2009
---------------------------------Partition
: 0:1 (/dev/hda2)
Software Version
Build number
: 23711
Label
: 23711
Built on
: Wed Mar 24 09:11:59 PST 2010
6. Reboot the switch:

(host) # reload
7. Execute the show version command to verify the reload and upgrade is complete.
Upgrading from 3.3.x to 5.0

The following steps describe how to install the AOS-W software image from a PC or workstation using the
Web User Interface (WebUI) on the switch. You can also install the software image from a FTP/TFTP server
using the same WebUI page.
Upgrading on the WebUI

1. Upload the new software image to a PC or workstation on your network.
2. Log in to the WebUI from the PC or workstation.
3. Navigate to the Maintenance > Switch > Image Management page. Select the Upload Local File
option, then click the Browse button to navigate to the image file on your PC or workstation.
4. Determine which memory partition will be used to hold the new software image. Best practices is to
load the new image into the backup partition. To view the current boot partition, navigate to the
Maintenance > Switch > Boot Parameters page.
5. Select Yes for Reboot Switch After Upgrade.
6. Click Upgrade.
7. When the software image is uploaded to the switch, a popup appears. Click OK in the popup window.
The boot process starts automatically within a few seconds (unless you cancel it).
8. When the boot process is complete, log in to the WebUI and navigate to the Monitoring > Switch >
Switch Summary page to verify the upgrade, including country code. The Country field displays the
country code configured on the switch.
Upgrading on the CLI

The following steps describe how to install the AOS-W software image using the CLI on the switch. You
need a FTP/TFTP server on the same network switch you are upgrading.
1. Upload the new software image to your FTP/TFTP server on your network.
2. Execute the ping command to verify the network connection from the target switch to the FTP/TFTP
server:
(host) # ping <ftphost>
or
(host) # ping <tftphost>
NOTE
A valid IP route must exist between the FTP/TFTP server and the switch. A placeholder file with the destination
filename and proper write permissions must exist on the FTP/TFTP server prior to executing the copy command.
3. Determine which partition to load the new software image. Best practices are to load the new image
onto the backup partition (the non-boot partition). In the above example, partition 0 is the boot
partition. Partition 1 is empty (image not present) and can be used to load the new software.
4. Use the copy command to load the new image onto the switch:
or
host) # copy tftp: <tftphost> <image filename> system: partition 1
NOTE
When using the copy command to load a software image, the specified partition automatically becomes active
(default boot partition) the next time the switch is rebooted. There is no need to manually select the partition.
5. Verify that the new image is loaded:

(host) # show image version

(host) # reload
7. When the boot process is complete, use the show version command to verify the upgrade.
Upgrading from 2.5.x to 3.3.x to 5.0.

Upgrading from AOS-W 2.5.x to AOS-W 5.0 requires an upgrade hop. That is, you must upgrade from AOSW 2.5.x to AOS-W 3.3.x first and then from AOS-W 3.3.x to AOS-W 5.0.
NOTE
Once you have completed the upgrade to the latest version of 3.3.x, then follow the steps in Upgrading from
3.3.x to 5.0 on page 28 to complete your last upgrade hop.
Upgrading in a Multi-Switch Network

In a multi-switch network (a network with two or more Alcatel-Lucent switches), special care must be
taken to upgrade all switches based on the switch type (master or local). Be sure to back up all switches
being upgraded, as described in Backing up Critical Data on page23.
NOTE
For proper operation, all switchs in the network must be upgraded with the same version of AOS-W software.
For redundant (VRRP) environments, the switchs should be the same model.
To upgrade an existing multi-switch system to AOS-W 5.0:

1. Load the software image onto all switchs (including redundant master switchs).
2. If all the switchs cannot be upgraded with the same software image and reloaded simultaneously, use
the following guidelines:
a. Remove the link between the master and local mobility switchs.
b. Upgrade the software image, then reload the master and local switchs one by one.
c. Verify that the master and all local switchs are upgraded properly.
d. Connect the link between the master and local switchs.
Pre-shared Key for Inter-Switch Communication

A pre-shared key (PSK) is used to create IPSec tunnels between a master and backup master switches and
between master and local switches. These inter-switch IPSec tunnels carry management traffic such as
mobility, configuration, and master-local information.
NOTE
An inter-switch IPSec tunnel can be used to route data between networks attached to the switches. To route
traffic, configure a static route on each switch specifying the destination network and the name of the IPSec
tunnel.
There is a default PSK to allow inter-switch communications, however, for security you need to configure a
a unique PSK for each switch pair. You can use either the WebUI or CLI to configure a 6-64 character PSK
on master and local switches.
!
CAUTION
Do not use the default global PSK on a master or standalone switch. If you have a multi-switch network then
configure the local switches to match the new IPSec PSK key on the master switch. Leaving the PSK set to the
default value exposes the IPSec channel to serious risk, therefore you should always configure a unique PSK for
each switch pair.
Downgrading after an Upgrade

If necessary, you can return to your previous version of AOS-W.
WARNING
If you upgraded from 3.3.x to 5.0, the upgrade script encrypts the internal database. Any new entries that were
created in AOS-W 5.0.2.1 will be lost after downgrade (this warning does not apply to upgrades from 3.4.x to
5.0),
Before you reboot the switch with the pre-upgrade software version, you must perform the following steps:
1. Verify that Disable Control Plane Security (CPSec) is disabled.
2. Set the switch to boot with the previously-saved pre-upgrade configuration file.
3. Set the switch to boot from the system partition that contains the pre-upgrade image file.
NOTE
When you specify a boot partition (or copy an image file to a system partition), the software checks to ensure
that the image is compatible with the configuration file that will be used on the next switch reload. An error
message displays if a system boot parameters are set for incompatible image and configuration files.
After downgrading the software on the switch:

z
Restore your configuration from your pre-upgrade configuration back up stored on your flash file. Do
not restore the flash file system from a AOS-W 5.0.2.1 backup file.
You do not need to re-import the WMS database or RF Plan data. However, if you have added changes to
RF Plan in AOS-W 5.0.2.1, the changes will not appear in RF Plan in the downgraded AOS-W version.
If you installed any certificates while running AOS-W 5.0.2.1, you need to reinstall the certificates in the
downgraded AOS-W version.
The following sections describe how to use the WebUI or CLI to downgrade the software on the switch.
Be sure to back up your switch before reverting the OS.
!
CAUTION
When reverting the switch software, whenever possible use the previous version of software known to be used
on the system. Loading a release not previously confirmed to operate in your environment could result in an
improper configuration.
Downgrading on the WebUI

1. If the saved pre-upgrade configuration file is on an external FTP/TFTP server, copy the file to the switch
by navigating to the Maintenance > File > Copy Files page.
a. For Source Selection, select FTP/TFTP server, and enter the IP address of the FTP/TFTP server and
the name of the pre-upgrade configuration file.
b. For Destination Selection, enter a filename (other than default.cfg) for Flash File System.
2. Set the switch to boot with your pre-upgrade configuration file by navigating to the Maintenance >
Switch > Boot Parameters page.
a. Select the saved pre-upgrade configuration file from the Configuration File menu.
b. Click Apply.
3. Determine the partition on which your previous software image is stored by navigating to the
Maintenance > Switch > Image Management page. If there is no previous software image stored on
your system partition, load it into the backup system partition (you cannot load a new image into the
active system partition):
a. Enter the FTP/TFTP server address and image file name.
b. Select the backup system partition.
c. Click Upgrade.
4. Navigate to the Maintenance > Switch > Boot Parameters page.
a. Select the system partition that contains the pre-upgrade image file as the boot partition.
b. Click Apply.
5. Navigate to the Maintenance > Switch > Reboot Switch page. Click Continue. The switch reboots
after the countdown period.
6. When the boot process is complete, verify that the switch is using the correct software by navigating to
the Maintenance > Switch > Image Management page.
Downgrading on the CLI

1. If the saved pre-upgrade configuration file is on an external FTP/TFTP server, use the following
command to copy it to the switch:
or
(host) # copy tftp: <tftphost> <image filename> system: partition 1
2. Set the switch to boot with your pre-upgrade configuration file.

# boot config-file <backup configuration filename>
3. Execute the show image version command to view the partition on which your previous software
image is stored.
In the following example, partition 0, the backup system partition, contains the backup release 3.4.1.23.
Partition 1, the default boot partition, contains the AOS-W 5.0.2.1 image:
#show image version
---------------------------------Partition
: 0:0 (/dev/hda1)
Software Version
Build number
: 20219
Label
: 20219
Built on
: 2009-12-11 20:51:46 PST
---------------------------------Partition
Software Version
Build number
: 23711
Label
: 23711
Built on
: 2010-03-25 01:59:13 PDT
You cannot load a new image into the active system partition (the default boot).
NOTE
4. Set the backup system partition as the new boot partition:

# boot system partition 0

# reload
6. When the boot process is complete, verify that the switch is using the correct software:
# show image version
Switch Migration
This section outlines the steps involved in migrating from an Alcatel-Lucent PPC switch environment to
MIPS switch environment. These steps takes into consideration the common Alcatel-Lucent WLAN switch
environment. You must have an operational PPC switch in the environment when migrating to a new
switch. The switches are classified as:
NOTE
MIPS SwitchesOAW-S3, OmniAccess 4504/4604/4704, 4306 WLAN Series
PPC SwitchesOmniAccess 4302, OmniAccess 4308T, OmniAccess 4324, and OAS-S-1/OAS-S-2
Use this procedure to upgrade from one Alcatel-Lucent switch model to another. Take care to ensure that the
new switch has equal or greater capacity than the switch you are replacing.
Migration instructions include:

z
Single Switch Environment on page 33
Multiple Master Switch Environment on page 33
Master/Local Switch Environment on page 33
Single Switch Environment

A single switch environment is one active switch, or one master switch that may have standby master
switch that backs up the master switch.
z
Replacing the standby switchDoes not require downtime
Replacing the master switchRequires downtime
Multiple Master Switch Environment

An all master environment is considered an extension of the single master switch. You can back up the
master switches with a standby switch. In an all master switch deployment, each master switch is migrated
as if it were in a standalone single switch environment.
For every master-standby switch pair
z
Replacing the standby switchDoes not require downtime
Replacing the master switchRequires downtime
Master/Local Switch Environment

In a master/local environment, replace the master switch first and then replace the local switches.
z
Replacing the local standbys (when present)
Replacing local switchesone switch at a time
Before You Start

You must have:
z
Administrative access to the switch via the network
Administrative access to the switch via the switchs serial port
Pre-configured FTP/TFTP server that can be reached from the switch
Alcatel-Lucent serial cable
The AOS-W version (same as the rest of the network)
Basic Migration Steps

1. Upgrade your network to the newer image to ensure that the image on the newer switches match the
image on the rest of the switches in your network.
2. Backup the switch data from the PPC switch.
3. Physically swap the hardware (for example, mounting, cabling, power).
4. Initialize the new switch.
5. Install the backed up data onto the new switch.
6. Test the new setup.
Before You Call Technical Support

Before you place a call to Technical Support, please follow these steps:
1. Provide a detailed network topology (including all the devices in the network between the user and the
Alcatel-Lucent switch with IP addresses and Interface numbers if possible).
2. Provide the switch logs and output of the show tech-support command via the WebUI Maintenance tab
or via the CLI (tar logs tech-support).
3. Provide the syslog file of the switch at the time of the problem.
Alcatel-Lucent strongly recommends that you consider adding a syslog server if you do not already have
one to capture from the switch.
4. Let the support person know if this is a new or existing installation. This helps the support team to
determine the troubleshooting approach, depending on whether you have:
an outage in a network that worked in the past.
a network configuration that has never worked.
a brand new installation.
5. Let the support person know if there are any recent changes in your network (external to the AlcatelLucent switch) or any recent changes to your switch and/or AP configuration.
6. If there was a configuration change, list the exact configuration steps and commands used.
7. Provide the date and time (if possible) when the problem first occurred.
8. If the problem is reproducible, list the exact steps taken to recreate the problem.
9. Provide any wired or wireless sniffer traces taken during the time of the problem.
10. Provide the wireless device's make and model number, OS version (including any service packs or
patches), wireless NIC make and model number, wireless NIC's driver date and version, and the wireless
NIC's configuration.
11. Provide the switch site access information, if possible.
Contacting Support
Table 6 Alcatel-Lucent Contacts
Contact Center Online
z
Main Site
http://www.alcatel-lucent.com/enterprise
Support Site
https://service.esd.alcatel-lucent.com
Email
support@ind.alcatel.com
Service & Support Contact Center Telephone

z
North America
1-800-995-2696
Latin America
1-877-919-9526
Europe
+33 (0) 38 855 6929
Asia Pacific
+65 6240 8484
Worldwide
1-818-878-4507

AOS-W 5.0.2.1 Release Notes PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

AOS-W 5.0.2.1 Release Notes PDF

Uploaded by

Copyright:

Available Formats

Release Notes

AOS-W 5.0.2.1 | Release Notes

0510696-02 | September 2010

Whats New in this Release .................................................................... 5

Fixed Issues ........................................................................................... 11

Upgrade Procedures ............................................................................. 21

AOS-W 5.0.2.1 | Release Notes

AOS-W 5.0.2.1 | Release Notes

NAT-T Behavior Change for MacOS Clients

In Previous AOS-W 5.0.2 Releases

Bridge Mode Mobility

Manually Provisioning USB Cellular Modems for Remote APs

AOS-W 5.0.2.1 | Release Notes

Whats New in this Release | 5

Specify the vendor ID.

Specify the product ID

Specify the target vendor ID. Optional parameter.

specify the target product ID. Optional parameter.

Specify the modem initialization string in hexadecimal format.

You can manually configure modems only using the CLI.

Using the CLI

Device Details of Some USB Cellular Modems

Table 2 List of modems with device and product ID

6 | Whats New in this Release

USB Provisioning Strings

AOS-W 5.0.2.1 | Release Notes

Table 2 List of modems with device and product ID

USB Provisioning Strings

Compass 597 (Sierra)

USB 598 (Sierra)

USB U727 (Novatel)

USB U720 (Novatel/

USB U760 (Novatel)

AOS-W 5.0.2.1 | Release Notes

Whats New in this Release | 7

Table 2 List of modems with device and product ID

USB Provisioning Strings

Globetrotter ICON 225 0x0af0

8 | Whats New in this Release

AOS-W 5.0.2.1 | Release Notes

Table 2 List of modems with device and product ID

USB Provisioning Strings

NTT DoCoMo L-05A

NTT DoCoMo L-02A

AOS-W 5.0.2.1 | Release Notes

Whats New in this Release | 9

Table 2 List of modems with device and product ID

USB Provisioning Strings

10 | Whats New in this Release

AOS-W 5.0.2.1 | Release Notes

The syslog process can now restart itself after a crash.

AOS-W 5.0.2.1 | Release Notes

Table 3 Fixed in AOS-W 5.0.2.1

Switches now respond correctly when polled by an SNMP polling station.

Table 4 Fixed in AOS-W 5.0.2

Changes to datapath timers increases switch stability.

Changes to datapath timers increases switch stability.

Station table entries are now correctly aged out.

AOS-W 5.0.2.1 | Release Notes

Table 4 Fixed in AOS-W 5.0.2

Wired Xsec now works correctly when termination is enabled.

A switch crash cause by an issue with Mobile IP has been fixed.

The AP70 can now approved operate in Brazil.