Wireless Access

anyone see this before? after upgrading from 6.3.1.3 to 6.3.1.4 several roles seem to have lost their policies, for certain: guest, guest-logon and logon.

6.3.1.4 seems to introduce new roles with the name based on the captive portal profiles, it also adds one big firewall policy with the earlier logon-control and captive-portal firewall policies combined. cant find anything about this in the release notes which is big NO NO in my opinion.

my own customer created name-guest-logon role didnt function after the upgrade, when i deleted and recreated it things worked again, might be related.

I just did an upgrade this morning from 6.3.1.3 to 6.3.1.4 and did not see this behavior (was a 3200XM install; single controller).   The guest-logon and guest roles had custom policies applied to them; and remained so after the upgrade.  I also did not see any additional policies added as you suggest or any policies with logon-control and captive-portal policies combined.

If it is still an issue/concern for your or the customer I'd open a TAC case to see if they have any comments or explanation for your experience.

Just upgraded to 6.3.1.4 no issues either .

Do you have a recent flashbackup ?

Like clembo said you should probably open a TAC case.

quite weird, dont have a flash backup, but had a log-download.tar from before the upgrade which clearly shows the guest / guest-logon roles like they should be. it is a 72xx platform btw.

doubting if it is worth the TAC case, was able to get everything working, just wondering where this comes from.

has your PEF licence expired?

good question, it shouldnt be expired for sure, but using central licensing so perhaps something odd happened during the upgrade making the system think there was no pefng license.

Boneyard,

If I read your initial post correctly, I think you are comparing the last back up, which might not have been the last thing changed by the customer, to the upgrade version.  Unless we can validate that no changes were made by the customer before the upgrade, we may not be able to get anywhere.  If it cannot be replicated, it cannot be fixed.  If you have the last backup, restore it and upgrade it.  If nothing happens, there is nothing we can do....  Name-based roles and captive portals seem to be the result of running the WLAN wizard.  Unless you can be sure that this did not happen, we probably have to move on...

i understand cjoseph, im not expecting THE exact reason to be provided here without further action on my side, my last reply was just to indicate that i liked the suggestion of the pef ng license. i started this to check if anyone had seen something and the reply before you pointed me in a possible direction.

btw: this was a fresh installation without a customer doing anything yet. the config file i had before the upgrade was the config right before the upgrade, not anything else. so something must have happened during the upgrade proces, but as you mention the only way to check that is to do it again and that isnt possible now.

This exact same thing is happening to us! This has basically taking out our entire wireless on campus!

Fred

We're experiencing intermittent loss of ACLs and roles on our local controllers. It definitely seems related to centralized licensing and PEF. When this occurs all authenticated ( .1X WPA2) users are being assigned the "guest" role and all nonauthenticated (open) users are being assigned the "logon" role.

From the user perspective they can authenticate to wireless but have no network connectivity.

Our TAC case for this is 1528307.

thanks for replying fhollowa, did you recieve any feedback on your TAC case?