AireOS 8.10MR8 Escalation Special - Page 2

Aaron · ‎11-03-2022

Update

As of 2-Dec-2022, the 8.10.181.3 Escalation Special has been superseded by the 8.10.182.0 public release. 8.10.181.3 will continue to be TAC supported, but customers should upgrade to 8.10.182.0 or above when convenient.

8.10.181.3, 8.10.182.0 and above contain the following bugfixes:

CSCwd37092 Slow TCP downloads, failing EAP-TLS in 8.10.181.0/17.3.6 - 2800/3800/4800/1562/6300 series
CSCwc78435 9130 sending incorrect channel list on out of band DFS event causing client connectivity issues

Rich R · ‎11-29-2022

But in the meantime @Aaron the field notice should include a warning about the faulty software releases it's currently recommending.

Ciscouserz · ‎11-30-2022

Where is the image for 5520 ?

Cisco Wireless Controller Software

AS_3500_8_10_181_3.aes

Cisco Wireless Controller Software

AS_7500_8_10_181_3.aes

?

The release note on the DL page is corrupt and can't be viewed, but I found it in this thread too.

7500 for 5520 is the answer.

Aaron · ‎11-30-2022

@Ciscouserz :you are right that the "7500" image is for 5520 (also 8540). You are also right that the release notes file in the download page for 8.10.181.3 is corrupt, and that the correct release notes are attached to this here article.

The good news is that the official 8.10.18x.0 respin will be posted to Cisco.com within a week, with real release notes. Shortly after that @Rich R , we will update the field notice.

patoberli · ‎12-01-2022

Just to confirm, the EAP-TLS bug is fixed in this image?

Ciscouserz · ‎12-01-2022

Yes, EAP-TLS works in 181.3 here, with a mix of old api 2700 2800 9120

Rich R · ‎12-03-2022

Hi @Aaron I see 8.10.182.0 is now released (1st December) but, as seems to be a common occurrence for releases recently, there are no release notes at all! Release ops seems to be dropping the ball on this over and over lately - only providing release notes when we complain about them missing. What has happened to QA in release ops? Please could we have those "real release notes"?

RoadRunner4k · ‎12-05-2022

Anyone tried the new 8.10.182.0 release yet ? And yes we miss the release notes for this version

Aaron · ‎12-05-2022

@Rich R @RoadRunner4k : the release notes doc itself is updated and published:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn810mr8.html

(The index page for the release notes, and the links to the release notes from Software.cisco.com, still need to be updated.)

There are quite a few tasks associated with a new software release, and unfortunately we can't perform them all simultaneously. Some take as much as a week to get done.

Rich R · ‎12-05-2022

Thanks @Aaron

Rich R · ‎12-05-2022

@RoadRunner4k I have it running in lab.

No obvious problems but then we weren't affected by the 8.10.181.0 main issues either so may not be the best example.

RoadRunner4k · ‎12-06-2022

We did an upgrade on a pair of WLCs from 8.10.171.0 to 8.10.182.0 this went well with no issues ( mix of 2800 / 9120/9130)

Did a new upgrade this evening on another set of WLCs from 8.10.171.0 to 8.10.182.0 (mix of 2700/2800(9115/9120/9130)

After the upgrade all C2700s where stuck in download, so we had to fallback again. So could be that there are some issues with C2700 in this version, will open a tac case tomorrow.

Rich R · ‎12-06-2022

@RoadRunner4k no need to open a TAC case unless you really want to - the problem has already been identified: https://bst.cisco.com/bugsearch/bug/CSCwd80290
Judging by the number of cases attached to the bug it's been affecting lots of people with their upgrades.
I didn't see this on my lab because all the APs on the lab WLC are COS APs, no IOS.

In order to download *any* new image to an IOS AP from *any* version on WLC (AireOS and IOS-XE) since 4th December - you'll need to disable NTP, change the date to before 04-12-2022, complete the upgrade then re-enable NTP. The IOS APs are unable to verify any downloaded image since a built-in cert expired on 4th December!

If you already have "config ap cert-expiry-ignore mic enable" configured on the WLC before you start the upgrade then you might not encounter the problem but this only works for older APs with SHA-1 certs. Many newer APs with SHA-2 certs will still be affected so changing date is the only workaround that is 100% reliable.

RoadRunner4k · ‎12-06-2022

@Rich R

Thank you so much Rich, could have used this knowledge last night : )

Gehrig_W · ‎12-07-2022

It is incredible, how bad Cisco WLAN AP products are maintained meanwhile.

Why has nobody noticed on beforehand, that certificates expired before end of support for these products ?

In many cases customers are lost in the dark with nonworking WLAN after a recently

recommended upgrade to Version "8.10.181.3 Escalation Special" which also contains problem:

and leaving them in the dark with WLAN APs with outdated certificates on them.

Meanwhile Cisco-WLC-Updates are a high-risc-operation in this big hospital !!

Our mobile X-ray equipment for example is using 2702i-APs to copy human data from emergency room to the operating rooms. People can die here from missing x-ray-pictures meanwhile because You are obviously no longer thoroughly testing Your software before spreading it out globally.

Are You really certified to handle all Your certificates ?

Greetings

Wini

P.S.

Workaround:

If using AireOS-WLCs, use the command:

config ap cert-expiry-ignore mic enable

before attempting upgrade.

This is not applicable for 9800 !!!

RoadRunner4k · ‎12-07-2022

@Aaron Maybe you could add the CVE note for 2700 APs in release notes ? CSCwd80290