Releases: CiscoDevNet/wcae
Releases · CiscoDevNet/wcae
V. 0.7.5. Webauth case generators, and other new checks
Changes July 27
Features
- 9800: New best practice: if there are registered client delete events due to roaming between policy profiles, recommend to use 'wireless client vlan-persistent' command
- 9800: Validate if all APs per Site Tag are operating on same mode (Flex/Local)
- AireOS/9800: Warn if WPA3 is in use with FT Adaptive
- XLS: Added Site Tag table
- 9800: Recommends to add IPv6 address to global webauth parameter map
- 9800: Warns if SIP Call snooping is enabled for flex local switching policy
- 9800: Informational message if webauth HTTPS redirection is enabled, as precaution for possible certificate errors
- 9800: Checks if aaa network authorization command has been configured, when webauth is in use
Fixes
- 11ax radio type not counted properly
- Adjusted severity of message 230034 (Redundancy mac address) to Warning/Best Practice
- Corrected false positive for 30050 (RXSOP) on default state
- AireOS: Minor issue checking interface ports for vWLC
Version 0.7.2 - Focus on main case generators and common config issues
Changes on v.0.7.2:
July 6th:
Focus on common "case generators" around vlan, interfaces, mapping between profiles, SVI, etc
Features
- Added DTIM, QoS info to WLAN view
Features - Added vlan list parsing
- XLS: AP RF Health report now shows slot 2 when present
- XLS: Added vlan information to WLAN table
- XLS: WLAN table will flag in red if either wlan or policy profile are disabled
- XLS: Interface table, now shows vlan mapping, flags in red missing entries, and which policy profiles reference each interface
- XLS: Added Flex group to tag summary report
- New check: generates best practices error, if DHCP relay is configured, but no DHCP relay source interface has been defined in SVI
- New check: error reporting if SVI interface is configured, but no corresponding vlan has been found
- New check: warns if SVI is in use by active policy profile, but lacks IP address
- New check: validates if mDNS gateway is in use by WLAN, and policy profile is not mapped to vlan(s) with SVI interface
- New check: checks if DHCP relay is configured in policy profile, and confirm there is corresponding SVI for the mapped vlan,
- New check: warns if flex profile vlan name matches controller vlan group name, and site is local switching
- New check: validate that for all vlan IDs present on Flex profile, with matching vlan ID in controller, that the vlan name is same, if the site is local switching, CSCvn48234
- New check: notify if AP name has more than 32 characters. CSCvy11981
- These apply only SVI/VLAN is referenced by policy profile:
- New check: warns if SVI is in use by active policy profile, but is on shutdown state
- New check: warns if SVI is in use by active policy profile, but is on line protocol down state
Fixes
- XLS: if more than 1 WLANs was not in use, it would not get added properly to the report
- Enabled AP certificate expiration checks for 9800 controllers
- XLS: WLAN table is generated across all combinations of WLAN and policy profiles present in tags, regardless if they are assigned to APs, plus all unused WLAN profiles
- Error if message 230012 happened for both IPv4 and IPv6
- Corrected text for message 230041
2021 - June 22
Changes on v.0.7.0:
June 22nd:
Features
- Added DTIM, QoS info to WLAN view
- Critical warning if no wireless management interface is detected
- Check if wireless management is SVI vs physical
- XLS: cosmetic changes for easier to understand Checks report
- Added feature information to each check
- Better error report on mini GUI
Fixes
- VTY count check is now valid for all releases (before it was limited to 16.x)
- Missing fields on AP config XLS export
- AP config report: TX power config column changed to "TX power assigned" field
- Check 250012, for CSCvr57817, added to ignore if running version is 17.2 or higher
- Corrected GUI errors on Mac Port
- Updated python and libraries
2021 - May 20
Features
- Added location to AP config table
- New table for AP Slot configuration with added details (antenna,MIMO, )
- AP Slot Current band info is now displayed regardless if slot is on FRA
- AP Reports now include Slot 2 information
- 9800: Tag combination report now has easier to understand format
- Added support for debug data export on XLS report
- Support for 17.5
- New WLAN view combining applied Policies. See all security details in one go
- RF profile view
Fixes
- Typo on slot header for AP config table
- Fixed empty slot column in RF summary XLS
- Fixed corner case error on clock timestamp parsing
- Missing RF stats on newer IOS-XE releases
2021 - May 6
Features
- Added recommendation to use ED-RRM
- Warning if Optimized roaming is enabled
- Checks if FRA interval is equal or larger than DCA intervals
- Warning if policy profile with more than 4 SSID active
- Error reported if more than 100 APs are configured under same Flex tag
- Warning if Client exclusion is not enabled
- Recommends to use sleeping client for webauth wlans
- Recommends to use password encryption feature
- Checks if AP join profile has management user defined
- Warns if AP join profile has telnet access enabled
Fixes
- Error while parsing some NTP status format
- Exception on AireOS multicast address check, if IP address was invalid
2021 - Apr 29
Features
- Added warning if policy profile is mapped to vlan 1 (default)
- Added mac filtering to WLAN security policy report
- Recommend to use Broadcast SSID as best practice
- Warn if management over wireless has been enabled
- Warns if CCKM tolerance timer is lower than 5000 mSec
- Recommends to have global device classification enabled
- Checks if HTTP/DHCP TLV caching are enabled on Policy profiles, when device classification is in use
- Recommends to use dual band messages, if 11k is enabled
XLS data:
- Checks messages table now include comment with the possible applicable actions
- Shows radio role information in AP configuration table
Fix
- Error validating mac filtering list in WLAN profile
2021 - Apr 22
Features
- Added average power in dBm for channel stats
- Added TX power in dBm on in AP RF summary
- New check if FT is adaptive/enabled and WLAN has WPA2 disabled
- New check if WPA3 is in use, and IOS APs are present
- Check if ARP proxy has been enabled on Policy profiles
- Check for Bundle vs Install mode
Fixes
- Filter worksheet creation if no controller messages are present
- IP source guard in WLAN parsing
- Error parsing time with CEST timezone
- Done check sleeping client if parameter map parameter is not set