Skip to content

Releases: CiscoDevNet/wcae

V. 0.7.5. Webauth case generators, and other new checks

29 Jul 13:47
@jacontre-c jacontre-c
0.7.5
721c975
Compare
Choose a tag to compare
V. 0.7.5. Webauth case generators, and other new checks

Changes July 27

Features

  • 9800: New best practice: if there are registered client delete events due to roaming between policy profiles, recommend to use 'wireless client vlan-persistent' command
  • 9800: Validate if all APs per Site Tag are operating on same mode (Flex/Local)
  • AireOS/9800: Warn if WPA3 is in use with FT Adaptive
  • XLS: Added Site Tag table
  • 9800: Recommends to add IPv6 address to global webauth parameter map
  • 9800: Warns if SIP Call snooping is enabled for flex local switching policy
  • 9800: Informational message if webauth HTTPS redirection is enabled, as precaution for possible certificate errors
  • 9800: Checks if aaa network authorization command has been configured, when webauth is in use

Fixes

  • 11ax radio type not counted properly
  • Adjusted severity of message 230034 (Redundancy mac address) to Warning/Best Practice
  • Corrected false positive for 30050 (RXSOP) on default state
  • AireOS: Minor issue checking interface ports for vWLC
Assets 4
Loading

Version 0.7.2 - Focus on main case generators and common config issues

06 Jul 07:58
@jacontre-c jacontre-c
0.7.2
9b9eee1
Compare
Choose a tag to compare
Version 0.7.2 - Focus on main case generators and common config issues

Changes on v.0.7.2:

July 6th:

Focus on common "case generators" around vlan, interfaces, mapping between profiles, SVI, etc

Features

  • Added DTIM, QoS info to WLAN view
    Features
  • Added vlan list parsing
  • XLS: AP RF Health report now shows slot 2 when present
  • XLS: Added vlan information to WLAN table
  • XLS: WLAN table will flag in red if either wlan or policy profile are disabled
  • XLS: Interface table, now shows vlan mapping, flags in red missing entries, and which policy profiles reference each interface
  • XLS: Added Flex group to tag summary report
  • New check: generates best practices error, if DHCP relay is configured, but no DHCP relay source interface has been defined in SVI
  • New check: error reporting if SVI interface is configured, but no corresponding vlan has been found
  • New check: warns if SVI is in use by active policy profile, but lacks IP address
  • New check: validates if mDNS gateway is in use by WLAN, and policy profile is not mapped to vlan(s) with SVI interface
  • New check: checks if DHCP relay is configured in policy profile, and confirm there is corresponding SVI for the mapped vlan,
  • New check: warns if flex profile vlan name matches controller vlan group name, and site is local switching
  • New check: validate that for all vlan IDs present on Flex profile, with matching vlan ID in controller, that the vlan name is same, if the site is local switching, CSCvn48234
  • New check: notify if AP name has more than 32 characters. CSCvy11981
  • These apply only SVI/VLAN is referenced by policy profile:
    • New check: warns if SVI is in use by active policy profile, but is on shutdown state
    • New check: warns if SVI is in use by active policy profile, but is on line protocol down state

Fixes

  • XLS: if more than 1 WLANs was not in use, it would not get added properly to the report
  • Enabled AP certificate expiration checks for 9800 controllers
  • XLS: WLAN table is generated across all combinations of WLAN and policy profiles present in tags, regardless if they are assigned to APs, plus all unused WLAN profiles
  • Error if message 230012 happened for both IPv4 and IPv6
  • Corrected text for message 230041
Assets 4
Loading

2021 - June 22

22 Jun 09:23
@jacontre-c jacontre-c
0.7.0
2355904
Compare
Choose a tag to compare
2021 - June 22

Changes on v.0.7.0:

June 22nd:

Features

  • Added DTIM, QoS info to WLAN view
  • Critical warning if no wireless management interface is detected
  • Check if wireless management is SVI vs physical
  • XLS: cosmetic changes for easier to understand Checks report
  • Added feature information to each check
  • Better error report on mini GUI

Fixes

  • VTY count check is now valid for all releases (before it was limited to 16.x)
  • Missing fields on AP config XLS export
  • AP config report: TX power config column changed to "TX power assigned" field
  • Check 250012, for CSCvr57817, added to ignore if running version is 17.2 or higher
  • Corrected GUI errors on Mac Port
  • Updated python and libraries
Assets 4
Loading

2021 - May 20

20 May 13:47
@jacontre-c jacontre-c
0.6.4
c2294b7
Compare
Choose a tag to compare
2021 - May 20

Features

  • Added location to AP config table
  • New table for AP Slot configuration with added details (antenna,MIMO, )
  • AP Slot Current band info is now displayed regardless if slot is on FRA
  • AP Reports now include Slot 2 information
  • 9800: Tag combination report now has easier to understand format
  • Added support for debug data export on XLS report
  • Support for 17.5
  • New WLAN view combining applied Policies. See all security details in one go
  • RF profile view

Fixes

  • Typo on slot header for AP config table
  • Fixed empty slot column in RF summary XLS
  • Fixed corner case error on clock timestamp parsing
  • Missing RF stats on newer IOS-XE releases
Assets 2
Loading

2021 - May 6

06 May 14:18
@jacontre-c jacontre-c
0.6.2
75c5397
Compare
Choose a tag to compare
2021 - May 6

Features

  • Added recommendation to use ED-RRM
  • Warning if Optimized roaming is enabled
  • Checks if FRA interval is equal or larger than DCA intervals
  • Warning if policy profile with more than 4 SSID active
  • Error reported if more than 100 APs are configured under same Flex tag
  • Warning if Client exclusion is not enabled
  • Recommends to use sleeping client for webauth wlans
  • Recommends to use password encryption feature
  • Checks if AP join profile has management user defined
  • Warns if AP join profile has telnet access enabled

Fixes

  • Error while parsing some NTP status format
  • Exception on AireOS multicast address check, if IP address was invalid
Assets 4
Loading

2021 - Apr 29

29 Apr 14:31
@jacontre-c jacontre-c
0.6.1
040dd01
Compare
Choose a tag to compare
2021 - Apr 29

Features

  • Added warning if policy profile is mapped to vlan 1 (default)
  • Added mac filtering to WLAN security policy report
  • Recommend to use Broadcast SSID as best practice
  • Warn if management over wireless has been enabled
  • Warns if CCKM tolerance timer is lower than 5000 mSec
  • Recommends to have global device classification enabled
  • Checks if HTTP/DHCP TLV caching are enabled on Policy profiles, when device classification is in use
  • Recommends to use dual band messages, if 11k is enabled

XLS data:

  • Checks messages table now include comment with the possible applicable actions
  • Shows radio role information in AP configuration table

Fix

  • Error validating mac filtering list in WLAN profile
Assets 4
Loading

2021 - Apr 22

22 Apr 15:27
@jacontre-c jacontre-c
0.6.0
77ff3a1
Compare
Choose a tag to compare
2021 - Apr 22

Features

  • Added average power in dBm for channel stats
  • Added TX power in dBm on in AP RF summary
  • New check if FT is adaptive/enabled and WLAN has WPA2 disabled
  • New check if WPA3 is in use, and IOS APs are present
  • Check if ARP proxy has been enabled on Policy profiles
  • Check for Bundle vs Install mode

Fixes

  • Filter worksheet creation if no controller messages are present
  • IP source guard in WLAN parsing
  • Error parsing time with CEST timezone
  • Done check sleeping client if parameter map parameter is not set
Assets 4
Loading