WS5100 v3.0.1.

0-145R Release Notes

Release Notes for WS5100 v3.0.1.0- 145R

Contents
1.
2.
3.
4.
5.

Introduction
Supported Hardware
Download Information
RF Firmware Versions
Installation Guidelines
5.1. Upgrade Procedure
5.2. Auto Install Procedure
5.3. Downgrade Procedure
6. Important Notes
7. Issues Resolved in this Release
8. Known Issues

1 Introduction
Version 3.0.1.0 -145R is a maintenance update to the major software release v3.0 on the WS5100 wireless switch
platform based on the Wireless Next Generation (Wi-NG) architecture. V3.0.1 includes fixes for certain defects that
have reported by customers and/or found internally.
V3.0.1 is supported only on the WS5100 wireless switch. It is not supported on the older generation
WS5000 wireless switch.
The fixes included in this release relate to the following areas of functionality:

Corrections in Self Healing behavior

Enhancements to syslogs
Robust hotspot improvements
Management enhancements for better operation with MSP 2.8.1/2.9
Improvements in 802.11i handshake
Security enhancements in VPN

When upgrading to this major release at a customer site, it is recommended that it be applied to one WS5100, ensure that
the switch is run through basic functionality tests to ensure that the customer network is operational, and only then
upgrade all the other WS 5100 systems.

2 Supported Hardware Platforms and Changes to Software Functionality

(Since v2.x)
Similar to the v3.0 major update, please note that v3.0.1 software update can be applied only to the WS5100
switch.
The following software functionality found in v2.x will no longer be available in v3.0/3.0.1:
1
Part Number: 72E-98648-01
Released: March 12th 2007
Page 1 of 17

WS5100 v3.0.1.0-145R Release Notes

1) Embedded WTLS VPN gateway functionality

2) AP200 (802.11a/b) Access Ports are no longer supported starting with v3.0.
3) Support for legacy 802.11b AP-4121 and 802.11 (FH) AP-302x Access Points. Only the legacy 802.11b AP-4131
will continue to be supported (with Layer 2 adoption capabilities only).
4) Built in KDC. Please note that Kerberos authentication will still be supported as long as an external KDC is used.
5) Bandwidth allocation per WLAN. This functionality is not available in v3.0.1. A more comprehensive bandwidth
throttling capability will be introduced in the next major software update. In lieu of bandwidth allocation,
administrators can assign prioritization profiles (Voice, Video, Best Effort or Background) on a per WLAN basis or
alternately use WMM.

3 Software Availability
Customers are only entitled to convert to this release of the software if they have a valid Motorola service
agreement or are covered under warranty. Customers who currently have a support contract in place will
be able to download the software from a protected Web site (this requires registering and requesting the
software, as well as verifying the service contract). Customers who do not have a support agreement will
be provided options to purchase a Motorola service contract.
For more details, please visit: http://support.symbol.com/support/WS5100

4 RF Firmware Versions
Model

Version

AP100 (CCRF-2050)
AP300 (WSAP-5110; WISPe)
AP4131
AP300 WIPS Sensor
AP4131 Revert Image

02.05-00
01.00-1860r
07.00-06
00.00-04
00.00-00

5 Installation Guidelines
For accessing the Graphical User Interface (GUI) of the WS5100 switches, the following browsers (and Java versions) are
supported:

Internet Explorer 6.0 on Windows 2000, XP (JRE 1.4.2 )

Mozilla 1.4.3 on RedHat Linux (tested with JRE 1.5)
Firefox 0.8 or higher on Windows 2000, XP (JRE 1.4.2 )
Firefox 1.0 on RedHat Linux (tested with JRE 1.5)

5.1 Upgrade Information

2
Part Number: 72E-98648-01
Released: March 12th 2007
Page 2 of 17

WS5100 v3.0.1.0-145R Release Notes

This build may be installed over the following software versions:

1.4.1.0-014R
1.4.2.0-005R
1.4.3.0-012R
2.0.0.0-034R
2.1.0.0-029R
2.1.1.0-006R
2.1.2.0-010R
3.0.0.0-267R

V3.0.x cannot be installed over v1.1.x or v1.2.x software releases. Please upgrade to v1.4.x or v2.x first before
upgrading to v3.0.x.

5.1.1 Detailed Firmware Upgrade Procedure

This section outlines the upgrade procedure to v3.0.1 (from one of the software releases mentioned above).
Upgrade Process from v1.4.x/v2.x:
The first step in the upgrade process is to save and convert the existing v1.4.x or v2.x configurations. There is a Windows
based configuration utility provided as part of this release to help in converting the older configurations to the newer (v3.0)
format.
Install the configuration upgrade utility (cfgupgrade-1.0-setup.exe) on a Windows System and follow these steps:

Using TFTP or FTP copy the configuration file that you want to convert from the WS5100 wireless switch
to the Windows System where the conversion utility is installed.
On the Windows System click on WS5100 Configuration Upgrade icon, select the config file copied on
to the Windows system and run it.
A folder with the same name as the config file will be created.
The folder will contain the converted startup-config file in v3.0 format along with other log files.
Using TFTP or FTP copy this startup-config file back to the WS5100 that you want to upgrade.

Please note that some of the configuration items from older releases may not be converted into the newer format. These
include:

Network access policies

GRE WLAN mappings
Radius Server certificates

In these cases it is recommended to build the new v3.0 configuration from scratch. Please see the Known Issues list for
further details.
Running the pre-upgrade script (preUpgradeScript) is recommended prior to upgrade to clean up the DOM to ensure
sufficient memory for the upgrade. The pre-upgrade script and the upgrade have to be done independently.
3
Part Number: 72E-98648-01
Released: March 12th 2007
Page 3 of 17

WS5100 v3.0.1.0-145R Release Notes

1. Copy the appropriate pre-upgrade script file to the switch (using FTP or TFTP):
2. Enter Service mode CLI
3. execute the script file.
The steps to upgrade to v3.0 from either v1.4.x or v2.x are as follows. The method described in this section uses the
Command Line Interface (CLI) and the Auto-Install procedures. To log into the CLI, either SSH, Telnet or serial access
can be used (whichever exists).
4. First convert and save your existing configuration files using the Configuration Conversion Instructions (outlined
above)
5. Copy the appropriate upgrade image file to the switch:
For upgrading from v2.x copy (via FTP or TFTP) the v2.x image upgrade file (WS5100-3.0.0.0-267R.v2).
For upgrading from v1.4.x copy (via FTP or TFTP) the v1.4.x image upgrade file (WS5100-3.0.0.0267R.v1)
6. Enter Service mode CLI
7. execute the copied image file.
8. Restart the switch.
From CLI the command is reload.
Upgrading from a previous v3.0.x Beta or engineering build (v3.0.1.0-xxxD/B)
1. After upgrade, the switch will be in the default configuration of this beta firmware version. Please save your
existing configuration files to re-install after the upgrade.
2. Copy the WS5100_v3.0.1.0-144R.img to your ftp server.
3. Use the upgrade ftp://<ip address of server>/<name of file> command from CLI or Switch->Firmware>Update Firmware option from the GUI. You may need to specify the username and password for your ftp
server.
4. Restart the switch. From CLI the command is reload.

5.2 Auto-Install Process

Auto Install in v3.0.1 works via the DHCP server. This requires the definition of a Symbol Vendor Class and four suboptions under option 43 namely:

Option 186 - defines the tftp/ftp server and ftp username, password information
Option 187 - defines the firmware path and file name
Option 188 - defines the config path and file name
Option 190 - defines the cluster config path and file name.

The individual features (config, cluster-config and image) may be enabled separately via the CLI, snmp or Applet. If a
feature is disabled then it will be skipped when Auto install is triggered.
For the static case, where the URLs for the configuration and image files are not supplied by DHCP, the URLs may be
specified via the CLI, snmp or Applet. The CLI may also be used to define the expected firmware image version. If the
image version is not specified we will attempt to derive it from the file name, if it can not be derived from the filename then
the system will simply attempt to load something other than what it is currently running.
4
Part Number: 72E-98648-01
Released: March 12th 2007
Page 4 of 17

WS5100 v3.0.1.0-145R Release Notes

Configuration files are tracked by their MD5 checksum, so if a file is renamed it will still have the same md5 sum. Once a
file has been loaded it will not be reloaded, even if the local configuration information is changed.
The requested image file version, if any, is checked against the current version before any attempt is made to load it. If
the requested version is the same as the running version then no further action is taken. If the image file version,
embedded in the file header, does not match the expected version then no further action will be taken. If the version has
not been specified then the header of the image file will be compared to the local version, if they are the same then no
further action will be taken.
Please note that once the system has been operating for ten minutes, Auto Install is disabled, though it may still be
reconfigured. This is to prevent the system from attempting to re-install each time a DHCP lease is renewed.
Configuring Auto Install via the CLI
There are three compulsory and four optional configuration parameters.
The compulsory parameters are:
configuration upgrade enable
cluster configuration upgrade enable
image upgrade enable
Optional (only for the static case):

configuration file URL

cluster configuration file URL
image file URL
expected image version

The three enables default to no, the URLs and the version default to "" (blank)
WS5100(config)#show autoinstall
feature

enabled

config

no

--not-set--

cluster cfg

no

--not-set--

image

no

--not-set--

expected image version

URL

--not-set--

The three enables and the expected version affect any mode of operation, the URLs are only used for the static (non
DHCP option) mode.
5
Part Number: 72E-98648-01
Released: March 12th 2007
Page 5 of 17

WS5100 v3.0.1.0-145R Release Notes

Enables are set using the autoinstall <feature> command:
WS5100>en
WS5100#conf t
WS5100(config)#autoinstall image
WS5100(config)#autoinstall config
WS5100(config)#autoinstall cluster-config
After this configuration, any switch reboot with DHCP enabled on the RON port will trigger Auto Install, provided the
DHCP Server is configured with appropriate options.
The enables are cleared using the no autoinstall <feature>
URLs and the version string are set as text and can be cleared by using an empty pair of double quotes to denote the
blank string. In the following example we define the three URLs and the expected version of the image file and then
enable all three features for Auto Install
WS5100(config)#autoinstall config url ftp://ftp:ftp@192.9.200.1/ws5100/config
WS5100(config)#autoinstall cluster-config url
ftp://ftp:ftp@192.9.200.1/ws5100/cluster-config
WS5100(config)#autoinstall image url
ftp://ftp:ftp@147.11.1.11/ws5100/images/WS5100.img
WS5100(config)#autoinstall image version 3.0.0.0-19289X
WS5100(config)#autoinstall config
WS5100(config)#autoinstall cluster-config
WS5100(config)#autoinstall image
WS5100(config)#show autoinstall
feature

enabled

config

yes

ftp://ftp:ftp@192.9.200.1/ws5100/config

cluster cfg

yes

ftp://ftp:ftp@192.9.200.1/ws5100/cluster-config

image

yes

ftp://ftp:ftp@147.11.1.11/ws5100/images/WS5100.img

expected image version

URL

3.0.0.0-19289X

Once again, for DHCP option based auto install the URLs will be ignored and those passed in by DHCP will not be
stored.
6
Part Number: 72E-98648-01
Released: March 12th 2007
Page 6 of 17

WS5100 v3.0.1.0-145R Release Notes

Whenever a string is blank it is shown as --not-set--.

5.3 Downgrade Procedure

It is possible to downgrade a switch running v3.0.1 image to one of the following versions (Note: Only a non-RoHS
version of the WS5100 hardware can be downgraded to v1.4.x and v2.0):

1.4.1.0-014R
1.4.2.0-005R
1.4.3.0-012R
2.0.0.0-034R
2.1.0.0-029R
2.1.1.0-006R
2.1.2.0-010R
3.0.0.0-267R*

Please follow these steps to downgrade your WS5100 from v3.0.1.0-144R to v2.x or v1.4.x
1. Make a note of the license key; this will need to be re-installed.
2. After downgrade, the switch will be in out of box configuration of the selected firmware version. Please save
your existing configuration files to re-install after the downgrade.
3. Use the upgrade ftp://<ip address of server>/<name of file> command from CLI or Switch->Firmware>Update Firmware option from the GUI. You may need to specify the username and password for your ftp
server.
a. For downgrading to v2.1 use WS5100-2.1.0.0-029R.img file.
b. For downgrading to v2.0 use WS5100-2.0.0.0-034R.img file.
c. For downgrading to v1.4.3 use WS5100-1.4.3.0-012R.img file.
d. For downgrading to v1.4.2 use WS5100-1.4.2.0-005R.img file.
e. For downgrading to v1.4.1 use WS5100-1.4.1.0-014R.img file.
4. Restart the switch. From CLI the command is reload.
Please follow these steps to downgrade your WS5100 from v3.0.1.0-144R to v3.0.0.0-267R
1. Use regular upgrade command to downgrade to 3.0.0.0 f/w version.

*NOTE: If you have a switch running v3.0.1.0-144R with no previous upgrade history, then please use the
downgrade process described below to downgrade to v3.0.0.0-267R:
1. Copy the executable patch file SigningCerts.patch to appropriate directory on the FTP/TFTP server to be used for
WS5100 f/w upgrade/downgrade.
2. Install the patch file SigningCerts.patch from CLI or Applet using steps similar to that for f/w upgrade [that is executing
upgrade command from CLI or using Switch-> Firmware->Update Firmware option from switch applet]
3. Make sure that the patch is properly installed from the output of the CLI command show version. The Patch file
name should appear with the current f/w version string. The entry for the installed patch should also be displayed
under the Patch section of the Switch-> Firmware screen in the applet.
4. Now the current f/w image is compatible for downgrading to 3.0.0.
7
Part Number: 72E-98648-01
Released: March 12th 2007
Page 7 of 17

WS5100 v3.0.1.0-145R Release Notes

5. Use regular upgrade command to downgrade to 3.0.0.0 f/w version.

6 Important Note: WS5100 Port Configuration

I. With v3.0.1 the model is similar to v3.0, where we behave more like a real wired bridge:

Port assignments are not static or configurable. So both APs as well as wired devices can be connected on either
port (or even both ports: you can divide your APs half-and-half, with some of them connected on eth1 others on
eth2)
The default port configuration is now access instead of trunk. The native VLANs are 2100 on eth1 and 1 on eth2

Since we do not support the spanning tree protocol in this release, one restriction is that the same VLAN cannot be
mapped to both ports on the switch. The CLI has been updated to prevent the user from doing this. Also, connecting both
ports to the same broadcast domain in a L2 forwarding device (i.e., a hub or an unmanaged switch) is not supported.
Since internally the two ports have different native VLANs, if they connected on the same hub, the VLANs get mixed-up
(any AP packet will show up on both VLANs.
MAC Addresses
Like many other networking devices (Eg: Cisco Catalyst switches) Wi-NG 1.0.1 uses the same MAC address for all traffic
coming out of the device, irrespective of what port is used. This is the MAC address of eth2 on the WS5100. Older
WS5100 firmware (version 1.4.x/2.x etc) used to use the MAC address of the port where the frame was being sent out of.
Since each port is mapped to a unique VLAN, any L2 domain is only going to see traffic from one of these ports, so this
works out ok. If the user is mapping a L3 SVI on the eth1 port, and marking it for DHCP, the DHCP request will contain
the source MAC address of eth2.
VLAN Configuration
The default VLAN configuration on the device now has both ports in access mode (meaning untagged, no external
VLANs). Internally all traffic on eth1 is tagged with VLAN 2100 (i.e., the native VLAN on port eth1 is 2100) and all traffic on
eth2 by 1 (i.e. the native VLAN on port eth2 is 1).
To use trunking two things need to be done:
1. The mode of the port needs to be made trunked
2. The VLANs that are allowed on that trunk, need to be added to the interface.
The following CLI commands would add VLANs 1 and 44 to interface eth2:
configure terminal
interface eth2
switchport mode trunk
8
Part Number: 72E-98648-01
Released: March 12th 2007
Page 8 of 17

WS5100 v3.0.1.0-145R Release Notes

switchport trunk allowed VLAN add 1,44
Note that 1 also remains the native VLAN on this port (can be changed using the switchport trunk native command). This
means that:
1. All untagged frames coming in on this port will be assigned to VLAN 1 on ingress and then processed.
2. All frames with a VLAN tag of 1, would have their tag stripped on egress (ie. they will go out untagged)
3. Frames tagged with VLAN 44 will ingress/egress with the tag intact
4. All frames with any other VLAN tag will be dropped (Note: including VLAN 1. i.e.: if we receive traffic with a tag
that matches the native-VLAN, that will be dropped. By definition native-VLAN implies untagged traffic).
To make traffic on VLAN 1 to also be tagged, you can change the tagging mode of the native VLAN using:
configure terminal
interface eth2
switchport trunk native tagged
Note that all of the configuration described above only makes the switch aware of the existence of VLAN 44. I.e. if you
map a WLAN to VLAN 44, all traffic from that WLAN will be switched out on port eth2 with the VLAN tag 44. i.e., the
switch participates in this VLAN at the L2 layer. To make the switch participate at layer 3 (i.e. lets say you want to assign
the switch an IP address on VLAN 44, or to do DHCP, or to route traffic through this VLAN) you need to also create this
VLAN at layer 3. i.e., create an SVI as shown in the following example:
configure terminal
interface VLAN44
ip address 192.168.44.123/24
This now creates an interface on the switch, which is on VLAN 44, and assigns the switch an IP address of
192.168.44.123. Now the switch can be pinged at this IP address on VLAN 44.
Recommended Configuration
The recommended or best-practice configuration remains putting APs on port eth1 and using eth2 for your management
and rest-of-the-network. This provides a clear physical distinction between the trusted and untrusted sides of the network.
In some very simple configurations the customers may choose to use only one port, and in that case eth2 is
recommended, since VLAN 1 defaults to eth2.
II. The MU Power setting nomenclature is based on the following mapping table:
MU Transmit Power
20..16
9
Part Number: 72E-98648-01
Released: March 12th 2007
Page 9 of 17

mu-power in the WS5100

4

WS5100 v3.0.1.0-145R Release Notes

12..15
8..11
4..7
0..3

3
2
1
0

To change this parameter, the following commands need to be executed through the CLI, in the following scenarios:
If there are no radios adopted
WS5100#config t <CR>
WS5100(config)#wireless <CR>
WS5100(config-wireless)#radio default-11a mu-power 0 <CR>
WS5100(config-wireless)#radio default-11b mu-power 0 <CR>
WS5100(config-wireless)#radio default-11bg mu-power 0 <CR>
If radios are already adopted, use the following:
WS5100#config t <CR>
WS5100(config)#wireless <CR>
WS5100(config-wireless)#radio all-11a mu-power 0 <CR>
WS5100(config-wireless)#radio all-11b mu-power 0 <CR>
WS5100(config-wireless)#radio all-11bg mu-power 0 <CR>
Recommendation: For MU to transmit at maximum power, set the mu-power to 0. Currently, the default level in the
switch is 4
III. The Auto Revert tab in the User Interface is for future development, and currently non-operational.

7 Issues Resolved in this Release

The following defects/SPRs have been fixed in this release.
Description

SPR ID
13232
12558
13189
13266
13358

The user cannot authenticate with multiple WLAN's configured for the same SSID security settings.
Version 3.0.0.0.267R
When a backup WS5100 switch takes over from a primary switch, all the AP's are adopted but each AP
adoption event does not generate an SNMP trap.
When converting a configuration from 2.1.x that has access to the GUI only through HTTPS to 3.0 you
can not access the upgraded switch through HTTPS until you first enable HTTP through the CLI.
Virtual interface - management interface checkbox , the switch can be managed from any virtual
interface. Also from the hotspot WLAN.
WS5100 - AP4131 doing VLAN tagging - Cannot adopt AP after converting Access Point to Access Port
Description

CQ ID

Applet Issues
In the Applet, the accounting file does not appear in the accounting logs section of Radius server page
33460
10
Part Number: 72E-98648-01
Released: March 12th 2007
Page 10 of 17

WS5100 v3.0.1.0-145R Release Notes

33730
35915
33668
33389
31540
34003
31416
33775
35775
33820
35792
33779

unless the user logs out and logs back in.

WLAN Accounting configuration does not take effect; setting not being saved, and configuration does not
work.
Hot Spot Guest Admin screen not launching in the GUI
VPN Configuration: Applet always shows RSA key's length as 0.
Applet: ipsec vpn->crypto maps shows incorrect details (cryptomap entries and interfaces are not shown
correctly)
Cannot add a packet marking rule to an ACL via Applet
Applet occasionally fails to display " running-config " from Management-->System Maint-->Config Files
DTIM per BSS added in the Applet and SNMP.
No Provision to configure IP address and radius-key of RADIUS accounting Server through Applet

User is not able to map WLAN to radio via Web Applet

Server Cert Key Length
When trying to open an applet by http, it automatically switches to https
NO provision to configure radius accounting modes through applet as possible in CLI
Current switch time being picked by the Guest User configuration applet is hours ahead of the actual
35765
switch time.
Deletion of peer from cryptomap through applet is not possible.
32657
Simple NTP does not work if configured from GUI
34287
Infrastructure (Auto Install, Upgrade/Downgrade/Clustering) Issues
Same FW Image getting loaded after every switch reboot when DHCP Server is configured for Auto
Install
33693
Auto Install installs new cluster-config along with switch config even when the option is enabled only for
switch config.
GRE tunnels do not get preserved with mapped WLAN on upgrade from v1.4.3 (or v2.x) to 3.x
32544
Sometimes, the switch gets stuck in computing Startup Checksum and is not reachable via MSP
34499
Boot system from alternative image does not work
34495
Converting from 2.1 to 3.0 requires enabling http before using https
36026
Messages are still being printed on console despite of disable logging console.
28943
Switch Discovery: Only 2 switches are discovered at a time.
34286
DHCP address is not releasing properly
37225
DHCP static Allocation does not work when Client Identifier option is used
31836
L2/L3 Configuration and Mobility
Standby DHCP server gives IP address to MU's connected to Primary Switch even when Primary DHCP
33754
server is active.
Layer 3 Mobility: When L3 mobility is enabled and a mobile unit roams from one WLAN to another WLAN,
33800
it will fail to get an IP address.
DHCP static Allocation does not work when Client Identifier option is used.
33789

31836

This does not work ONLY when the Cisco switch is used as DHCP client. The reason is Cisco switch
prepends NULL character to client-identifier before sending. So the workaround to make sure that it works
even with Cisco DHCP client, we need to configure the client-id as follows
ws5100(config-dhcp)#client-identifier \\0sample.name

11
Part Number: 72E-98648-01
Released: March 12th 2007
Page 11 of 17

WS5100 v3.0.1.0-145R Release Notes

instead of:
ws5100(config-dhcp)#client-identifier sample.name
Here \\0 (representing NULL char ) is needed to inform DHCP Server that the incoming request packet
having DHCP client-identifier has NULL character prepended to it.
ACL does not work (no way to apply ACL on tunnel interface) when MU has roamed to another switch (L3
33528
Mobility Scenario)
Security (ACLs, NAT, Hotspot, VPN)
UDP packets in outbound direction are filtered when ACL is applied in inbound direction.
31454
User is not able to ping from one Subnet to another Subnet unless the Security process is killed.
33060
Option to delete accounting files created is missing in Radius Applet and CLI; the command to erase flash
34132
is also not working.
Inconsistency in default Rule precedence values when rules are added in an ACL via CLI (10, 20...) and
34038
Applet (1, 2...)
Changes to NAT config take effect only after reload.
34043
While applying crypto map, if key is not configured for the peer specified, there is no error message
34044
thrown.
ACL log option does not exist.
27966
L3 AP adoption over a IPSec Peer to Peer tunnel fails
33694
Adding crypto map entry after deleting one gives communication error (on the Applet).
34145
There is no limit for security association (SA) life time.
32638
Port Nat does not work if network address is used in the standard access list
33235
Reapplying NAT configurations on the interfaces doesn't take effect immediately
32350
Unable to create a MAC access-list to deny 802.1q packets through CLI.
36128
Hotspot users are not automatically being deleted from the database.
33733
Ftp and telnet doesnt work across VLANs if a router ACL is applied on one of the VLAN interfaces.
36400
From CLI: If a radius user is added with a name same as an existing guest user; the user is overwritten
33720
has radius user.
Even if multiple users are configured as webadmin with superuser access, only guestadmin can be used
32862
to add guest users.
Start date and time missing in Internet guest users
33185
IPSec/L2TP testing with Windows CE/XP not working
31026
after clearing crypto map config from CLI, the crypto map config is still displayed in the GUI
33691
Users added through User Management GUI, should be deleted after expiry time or option to delete that
33704
users should be present
Unable to remove single ip-helper address from interface
32586
ACL to stop a ping from a wired host to a wireless MU is not working when applied on any of the
32985
interfaces.
Mismatch in Date format in CLI and GUI for radius user expiry date
33756
Restricted "Lobby Admin" guest management interface for Hotspot
32872
SNMP
SNMP- MIB variables support for Manual revert, Auto-Revert and Auto-Revert delay do not exist.
33016
Trap for MU-assist Rogue AP detection does not work; AP based detection works fine.
33681
Cannot add IKE PSK using Applet / SNMP.
34036
WMM Admission cntl parameter for WLAN can be set only through SNMP but not available on CLI
35590
An SNMP walk on any of the ACL OIDs (wsSwAclStdIpAclTable and wsSwAclExtIpAclTable) displays
34051
only a maximum of 2 instances
12
Part Number: 72E-98648-01
Released: March 12th 2007
Page 12 of 17

WS5100 v3.0.1.0-145R Release Notes

35675
33348
33900
33980
35857
29319
37333
Wireless
33523
33986
34202
34203
33783
34686
35272
34180
35601
35567
33007
35855
33731
37106

Unable to set radius secret keys beyond a single character

Cluster: Manual Revert feature in redundancy
ClusterPeerStatEntry table mib does not show all the details
IDS anomaly config doesn't take effect.
AutoInstall cannot be enabled from Switch Applet
uptime in the applet is not showing the system uptime
FTP enable not persisted in the applet after a reboot
No Alarm logs are generated when DeAuth SNMP trap is set.
Self Healing: "Detect Neighbors" works only when neighboring radios are on same channel.
The Switch is sending an incorrect DSCP value to the external Radius Server.
Radius Client Re-Authentication quits working after enable/disable WMM on that WLAN.
RADIUS accounting syslog configuration added through CLI does not reflect in show running config
When an AP fails and self healing goes into effect, the neighboring AP doesn't increase its power.
Unadopted Access Ports are not listed from CLI or Applet
Mobile unit will not get a DHCP IP address when changing its WLAN, when wlans are mapped to different
VLANs
WLAN Mobility enable doesn't show at per WLAN basis; it shows only in WLAN at running-config
Radio on-channel-scan config is not shown in sh wireless radio config command
Rogue AP count not consistent across all the switches in a cluster
SNMP allow to configure WMM max-MU for all 4 category while CLI allow only for Video & Voice
No WLAN accounting config information in show wireless WLAN config
The server details entered in primary accounting server gets updated in secondary accounting server
details also.

8 Known Issues
The following is a list of knows issues in this release.
Description

CQ ID
Applet Issues
26480

33860

35778
31863
36471
37577

Workaround / Resolution

GUI: Google Desktop search causes display issues in

IE with JRE 1.5.

May be fixed in later versions of Google

Desktop.

FTP Port number is not configurable from the Applet.

This applies to CLI and SNMP also.

To be fixed in a future release.

User cannot enable a WLAN via Web Applet.

User needs to refresh the Applet to see the

WLAN is enabled.

In Applet there is no WLAN/radius accounting details

that can be configured.
RTS-Threshold cannot be configured as Default-11a
adoption parameter from Applet
Applet doesnt allow to configure a MAC ACL including
both vlanid/dot1p and Ethertype but CLI does.

13
Part Number: 72E-98648-01
Released: March 12th 2007
Page 13 of 17

WS5100 v3.0.1.0-145R Release Notes

In applet; there are two place on wireless LAN page
from where reauthentication period can be configured
For the Access Port Default configuration page, DTIM
37373
needs to be updated for DTIM per BSS configuration
In GUI, delete button is not functioning in MU Intrusion
37631
Detections filtered MUs
Discovery Profiles NOT saved after upgrade
35738
Infrastructure (Auto Install, Upgrade/Downgrade/Clustering) Issues
After changing the admin password to include a dollar
sign, a Login Error message is seen through the GUI.
37997
The same password however will work through the CLI.
Alarm logs messages are not generated in all cases
33126
when Diagnostics limits are reached. This is through
Auto Install: No indication or message is displayed
34116,
when Auto Install process starts and completes.
There is a long delay (more than a minute) in kicking in
Auto Install process when initiated from Applet or
34118
SNMP.
Multiple intermediate CLI user Login prompts are
34119
displayed while Auto-Install Process is in progress.
DHCP based Auto Install re-initializes the Static URL
configurations. After FW upgrade, the switch goes back
34115
to defaults.
snmp v3 upgrade from butterfly 2.1 to Monarch does
35898
not work
36847

37652
37856

Network IP address is accepted as Host IP address (In

Host pool of DHCP server
DHCP discover messages are dropped when i apply an
ACL thats permit packets from the source network to
any destination

To be fixed in next maintenance release.

To be fixed in next maintenance release.
This is to prevent the system from attempting
to re-install each time a DHCP lease is
renewed.
To be fixed in next maintenance release.
To be fixed in next maintenance release.

To be fixed in next maintenance release

User can create an ACE entry in the ACL to

allow dhcp discover messages
Extended IP access list 103
permit ip 192.168.5.0/24 any ruleprecedence 10
permit ip any host 255.255.255.255 ruleprecedence 20
To be fixed in next maintenance release.

30298

Upgrade Issue: The Radius server remains disabled

after upgrade from v 2.1 to v 3.0.
The Radius server certificates do not get retained
on upgrading from v2.x to v3.x
Applet login and SNMP v3 access does not work after
upgrade from v2.x to v 3.x.

34369

Downgrading from 3.x to 2.x or 1.4.x does not preserve

the AP adoption license.

Save and re-enter license after downgrade.

This will be fixed in the next maintenance
release.

33978
30133

To be fixed in next maintenance release.

Need to enable HTTPS on v2.x first before
configuration conversion.

L2/L3 Configuration and Mobility

33790
14

CLI and Applet allow configuration of multiple GRE

Part Number: 72E-98648-01

Released: March 12th 2007
Page 14 of 17

This is not a valid configuration.

WS5100 v3.0.1.0-145R Release Notes

tunnels to the same destination.
WS 5100 does not send any packets out on the native
VLAN for Eth1 if config was imported through running34247
config.
DHCP server Implementation can ensure that lowest
address range can be starting address for DHCP
34433
clients and not the reverse
Security (ACLs, NAT, Hotspot, VPN)
No way to mark TOS and Priority bit for the same
packet in Port ACL(Either of the two could be marked
31661
for a packet presently)
ACLs: CLI and Applet mismatch. Ethertype selected on
34069, 34066,
the Applet (example: IPX, RARP, etc.) show up as
34077, 34068,
protocol number on CLI.
34062
IPSec tunnel / HotSpot functionality / ACL list: (1)The
intercept of the hotspot functionality is occuring, BUT
38296/38026
when having the ACL rule set like 'permit ip
10.251.16.0/23 any' we see that the intercept is
dropped and not handled by the hotspot functionality.
(2) Ping reply is not seen on the client.
Use of ANY as destination in Crypto acl doesn't allow
any communication with the switch
When multiple VLANs are defined in either Eth port
38002
running 3.0 FW, only the Native VLANs can be reached
from the trunk.
32143
28421
33228
38028

32870
32491
33666
33670
36704
36455

36971
15

The esp-aes-256 is not working for manual cryptomap.

Manual mode only supports 128 bit AES
There is no command to reset ACL stats.

Instead of copying directly to running config,

copy to flash and then save to startup config.

To be fixed in next maintenance release.

To be fixed in next maintenance release.

To be fixed in next maintenance release.

Switch fails to accept multiple port nat entries. Port

NAT shall be applied on only one outgoing interfaces.
Use of ANY as destination in Crypto acl doesn't allow
any communication with the switch
For any restricted access-list, it has to include "permit
any any type arp"
Show aclstats command doesn't display any ACL
statistics for MAC ACL.
User not added in the 'Guest Admin screen' unless
'Apply' button pressed first.
Adding users via the Guest Admin screen stops and
starts the Radius Server.
Self Healing: interference avoidance hold time is
always 30 secs
FIN attack is detected only when NAT is enabled on the
box

To be fixed in next maintenance release.

IDS sensors are discovered only on user specified

Before converting to a sensor note the VLAN

Part Number: 72E-98648-01

Released: March 12th 2007
Page 15 of 17

To be fixed in next maintenance release.

WS5100 v3.0.1.0-145R Release Notes

VLANS.

where that AP is adopted, then enable that

VLAN for sensor discovery. If the VLAN was
2100 then use:
config term
wireless
sensor vlan 2100

30605

There is no way to set age out time for NAT

entries(default age out time not known)

37537

PAT takes precedence over static NAT after a Reboot

33624

NAT and IPSec on same box are not supported.

Remote VPN throughput saturates around 40 Mbps

33940
33750
34016
33886
36654
37587
37618
SNMP
33576
33718

On re-applying the crypto map after changing the IPSec

/ ISAKMP parameters, security associations are not
displayed for 30 secs when show command is used.
IPSec VPN: Distinguished Name (DN) option is missing
from Crypto ISAKMP key context.
IKE pre-shared keys fail to delete thru SNMP though it
reports success.
Dynamic VLANs are not getting assigned when the
group of the user is changed.
radius authentication fails when secondary ldap server
is data source and 50 or more groups have been
configured on switch
No syslog messages available for DHCP server events
SNMP trap receiver's retries and time out value are not
configurable either through GUI or CLI.
Interface cannot be set for a cryptomap through SNMP

After this "show wireless sensor" should list

out the sensor. Note that converting to a
sensor and back can take up to a minute (the
AP is first converted to a legacy/WISP AP)
then converted to a sensor.
The default timeout is 30 seconds for ICMP
and 8 hours for TCP connections. The
configuration for NAT timeout will be
addressed in a future release.

Performance enhancements will be

addressed in the next major release
To be fixed in next maintenance release

To be fixed in next maintenance release

To be fixed in next maintenance release

To be fixed in next maintenance release

To be fixed in next maintenance release

Wireless
34283
38001

36474

When a MU roams between APs (on the same switch)

802.11i failure occurs very intermittently.
an IP address with a leading zero, e.g.
192.168.010.112, the IP will not be entered correctly.
WMM Parameters cannot be configured as Default11a radio parameters from Applet

16
Part Number: 72E-98648-01
Released: March 12th 2007
Page 16 of 17

This is seen occasionally and will be

addressed in the next maintenance release.

WS5100 v3.0.1.0-145R Release Notes

38000

37443
37920
38134

When the number of adopted Access Ports reaches the

number of Access Port Licenses available on the 3.0
switch the LED status changes to 2 blinking amber
lights.
License key is not accepted in the snmp
Packet switch drops packets when user send traffic
from a VLAN thats mapped to a WLAN but not bound
any of the eth ports
Passive FTP does not work across Port NAT

17
Part Number: 72E-98648-01
Released: March 12th 2007
Page 17 of 17