Wireless Access

Kind of a basic question, but just want to be safe. 

We have a controller dedicated to RAP users on wired ports. We only have AP licenses applied since there was no reason for PEF until recently. We need to modify the Validuser-ACL to protect us from some issues we had. I have the PEF license, but wanted to be sure that when I add it, it will not cause any disruption for users. We're running 6.5 code and I'm fairly certain we don't need to reboot for it to work.

We are doing 802.1X on the wired ports and assigning the "default-iap-role" which is set to allowall. As long as it doesn't affect that role, we should be ok.

Thanks.

PEF license should ONLY be applied during a maintenence window, because it requires a reboot.  The only exception is if you already have the PEF license applied and you are just adding PEF licenses.

To do it properly you need to:

- backup flash (just in case things don't go well)

- add PEF license

- DO NOT "write mem" or save configuration

- Reboot controller so that default roles and ACLs are properly applied

- ***If you write mem after PEF license is added, but before controller is rebooted, the default ACLS and roles will not be added to the configuration and unpredictable things will happen.****

After reboot, you need to inspect your configuration and do test authentications to make sure things work properly.

Good info, I was planning on doing it during an outage window, but wanted to try and identify the expected impact. Sounds like all RAPs will be going down temporarily.

Thanks for the info.