Cisco 8500 Series Wireless Controllers

Cisco Wireless Release 8.0

  • Viewing Options

  • PDF (501.2 KB)
  • Feedback



The mobile workspace trend is helping employees and partners embrace mobile technologies, create new possibilities for untethered work styles, enable better customer engagement, and connect with people, information, and services. The IEEE 802.11ac standard will provide wireless networks better performance and coverage and address the demand for client access, including 802.11ac-enabled clients. Customers across fields such as higher education, K-12, healthcare, manufacturing, retail, or other verticals face the same challenges: more users coming onto the network, more users bringing more devices (known as bring your own device, or BYOD), more devices that have only wireless connectivity (no wired port), more security requirements, and operating system behavior changes with updates on each of those devices.

At the same time, we are experiencing the Internet of Things (IoT), where millions of new devices are regularly being connected to the Internet. As these “things” add capabilities such as context awareness, increased processing power, and energy independence and as more people and new types of information are connected, we will quickly enter the Internet of Everything (IoE). This proliferation of wirelessly connected Internet devices in the IoE will create a new environment of information. Limited by the address space of IPv4, objects in the IoE are expected to utilize IPv6 addresses, driving the rapid transition to end-to-end IPv6 communications.

The Cisco® Wireless Release 8.0 delivers a holistic end-to-end IPv6 solution to mitigate the challenges associated with the diminishing number of unique IPv4 addresses available and allows consistent IPv6 addresses for communications throughout the network. This software release also enhances the Cisco High-Density Experience (HDX), which alleviates the complexity of more clients, bandwidth-hungry applications, and high-density network strain to provide an unparalleled user experience.

Primary Features in Release 8.0

Cisco HD Experience with Optimized Roaming

- Optimized Roaming monitors the connection quality of all devices and proactively prompts poorly performing client devices to seek a better connection much sooner.

IPv6 infrastructure support allows IT administrators the ability to configure the entire WLAN infrastructure with IPv6 addresses and enable communication between the wireless controller and access point, Cisco Prime Infrastructure, RADIUS Server, and Mobility Services Engine using IPv6 throughout the network.

Granular per user and per device policies for Application Visibility and Control (AVC) to provide the right access to users and maintain operational costs by properly managing applications and their bandwidth use.

Policies for Multicast discovery protocols such as Bonjour and Chromecast. Location-specific and per user group Bonjour policies enable customers to deploy Bonjour at scale by simplifying control of services access by user types without needing to segment users unto different SSIDs or VLANs. In addition, this feature allows customer to view Bonjour location-specific services available on wired and wireless networks. Chromecast policies allow deployments over large networks with multiple VLANs while restricting access to a specific group of users.

Service provider features PMIPv6 MAG on access point and Q-in-Q tagging that provide deployment flexibility for interoperability of Wi-Fi and mobile packet core networks.

A better location (blue dot) experience with more frequent location updates for Wi-Fi clients using CMX FastLocate and CMX Presence Analytics that enables customers to gain insight about visitor patterns in their venues and use it to improve business decisions.

CMX for Facebook Wi-Fi integrated with Mobility Services Engine to enable customers to incent guests with a premium guest experience.

Platform Support

Cisco Wireless Release 8.0 is supported on the following platforms:

Cisco Aironet® access points running the Control and Provisioning of Wireless Access Points (CAPWAP) Protocol

Cisco 2500 and 5500 Series Wireless LAN Controllers

Cisco Catalyst® 6500 Series Wireless Services Module 2 (WiSM2)

Cisco Flex 7500 Series Wireless Controllers

Cisco 8500 Series Wireless Controllers

Cisco Wireless LAN Controller Module for Integrated Services Routers G2 (UCS-E)

Cisco Virtual Wireless Controller (vWLC)

Cisco Mobility Services Engine (MSE)

Cisco Virtual Mobility Services Engine (vMSE): VMware ESXi and Microsoft Hyper-V

Management support for Release 8.0 will be delivered as part of the Cisco Prime Infrastructure Release 2.1.1.

Recommended Release for Production Deployments

Maintenance Deployment (MD) releases: These long-lived software releases provide bug fixes and ongoing software maintenance:

Release 8.0 is the next MD release train (a release in this train will be qualified as MD).

Release 7.4 is the current MD release train, and the minimum recommended MD release.

Early Deployment (ED) releases: These software releases provide new features and new hardware platform support as well as bug fixes:

Release is the minimum recommended ED release.

Customers with earlier ED release versions of 7.2, 7.3 should upgrade to 7.4 (MD).
Customers with earlier ED release versions of 7.5 should upgrade to

Refer to Guidelines for Cisco Wireless Software Release Migration for additional details.

Cisco New Access Point and Wireless Controller Features

Table 1 describes the features in Cisco Wireless Release 8.0.

Table 1. New Access Point and WLC Features




HD Experience: Optimized Roaming

Sets a threshold RSSI value and/or minimum data rate that a client will be sent a deauthentication.

Optimal user experience for Wi-Fi users by monitoring the connection quality of all devices and proactively prompting poorly performing client devices to seek a better connection much sooner.

HD Experience: Rx-SOP

Rx-SOP determines the Wi-Fi signal level in dBm at which an access point radio will demodulate and decode a packet.

The higher the level, the less sensitive the radio is and the smaller the receiver cell size.

By reducing the cell size, we can affect everything from the distribution of clients to perception of channel utilization.

Helps optimize network performance at high-density deployments such as stadiums and auditoriums where access points need to optimize for the nearest and strongest clients.

HD Experience: 802.11ac module 80Mhz CleanAir®

Radio monitoring occurs on all 3 widths (20, 40, 80)

80MHz 11ac channel will be detected and reported. This makes sure of optimal performance for 11ac.

CleanAir Express for AP1600

CleanAir Express supports several of the same features as higher end access points (location, severity list, air quality index, zone of impact) with limited detection and alert correlation capabilities compared to CleanAir.

Differentiate entry-level access with AP1600 from competitors’ offerings.

Policies for multicast discovery protocols such as Bonjour and Chromecast

Enhancements in Bonjour GW services that enable:

Device service mapping to access policy
Bonjour group and single access policy management
Bonjour/mDNS profile control with local policy and AAA override

Scale Chromecast deployments over large networks with multiple VLANs using policies restricting access to specific user groups.

Simplifies IT operations for controlling services access for emerging applications to specific user types without requiring complex network reconfiguration.

AVC enhancements for user role, device, and application specific policy

Updates and enhancements in AVC:

Protocol Pack 9.0
NBAR Engine version 16
AAA AVC Profile override for clients
AVC per application, per client-based rate limiting on WLAN
Integration of AVC profiles to the local policy classification on WLC
AVC directional QoS DSCP marking for upstream and downstream traffic

Enables organizations to provide the right access to the user and maintain operational costs by properly managing applications and their bandwidth use instead of incurring costly upgrades.

Policy Classification Engine: dynamic device profile updates

Update device profile dynamically independently of WLC image updates.

Upload MAC OUI from external sources, including IEEE MAC OUI registry.

Increased number of built-in default profiles.

New devices or special custom devices can be profiled by updating the device profiles library independently of built-in profiles embedded in WLC image.

This enables new device profiles to be added without waiting for WLC image updates.

Native IPv6 infrastructure

Cisco supports the ability to configure all WLAN infrastructure with IPv6 addresses as well as the communication between access point and controller, controller to Cisco Prime infrastructure, and controller to RADIUS Server using IPv6 throughout the network.

Provides consistent IP addresses throughout the entire network. This is important when troubleshooting issues.

IPv6 addressing alleviates the challenges associated with the number of unique IPv4 addresses available. This is important for large enterprise networks to increase address space and multinational companies with IPv6 at remote sites.

Federal certifications (FIPS, Common Criteria, UcAPL, USGv6)

Federal Information Processing Standard (FIPS) for all nonmilitary government agencies and government contractors

Common Criteria: Federal government and organizations with critical infrastructure across the globe

UcAPL: Single consolidated list of products that have completed interoperability (IO) and information assurance (IA) certification

USGv6: The National Institute of Standards and Technology to develop infrastructure standards and testing to support wide-scale adoption of IPv6 in the U.S. government.

Enables customers to meet regulatory compliance, including government, defense and international organizations, when purchasing Cisco wireless infrastructure, including access points, WLCs, MSE, and Cisco Prime Infrastructure.

Dynamic channel assignment (DCA) in RF profiles

Enables multicountry support with one access point group per country, each with a defined channel list in RF profiles.

Simplifies managing mixed channel (802.11n/ac 40/80 MHz) environments.

Allows assigning just the channels that are supported per country to a specific group of access points sharing the same regulatory domain.

Channel assignment can be done by physical area.

For conference centers, this allows the assignment of channel ranges to individual vendors and creation of buffer zones on main network for isolation.

802.11v: battery control for client device battery conservation

802.11v provides several methods to allow a phone to continue in sleep mode, thereby increasing the battery life of the mobile device:

With directed multicast service, the device need not wake up to process any multicast packets, as it will get a unicast copy upon waking up from the 802.11v-enabled access point.
The BSS Max Idle period is a time period during which the access point does not disassociate a device due to nonreceipt of frames. This allows a client to know the maximum time it can remain idle without transmitting any frame to the access point.

802.11v provides a better end-user experience as improved battery life is becoming more important to end users.

802.11r mixed mode support

Removes the restriction of creating a separate SSID for 802.11r support. Non-802.11r clients with updated drivers can join 802.11r-enabled SSID.

Simplifies operations with single SSID for 802.11r clients.

VideoStream for Cisco FlexConnect local switched deployments

VideoStream enables conversion of multicast to unicast streams at the access point with appropriate quality of service (QoS) for high-priority video traffic.

VideoStream on Cisco FlexConnect provides smooth, reliable multicast video delivery over the WAN to multiple clients at remote sites.

New Cisco FlexConnect plus bridge mode

Enables Cisco FlexConnect behavior across mesh-enabled access point.

Provides outdoor and indoor mesh access point redundancy links over the wireless network in Cisco FlexConnect deployments, if Ethernet goes down.

Wired Guest Access on WLC2500

Support for wired guest functionality on WLC2500 for small deployments.

Provides the wired guest access feature available on WLC5508/WiSM2 to WLC2500 for small-sized deployments.

HTTPS support for web authentication

When a client starts browsing with an https://webpage, it will be redirected to the web authentication login page.

Customers using a Layer 3 security method such as web authentication or web passthrough can use this feature to enable BYOD.

High-availability Stateful Switchover enhancements

Stateful Switchover (SSO) support for sleeping clients and OEAP clients.

Sleeping clients avoid web reauthentication if they wake up within the sleeping client timeout interval after WLC switchover.

Extends transparent failover for OEAP clients.

VLAN tagging on AP700W

Allows IT to define individual VLAN tags for each individual Ethernet port available on AP700W Series. It will allow for traffic to be separated not only between wireless and wired, but also among the four Ethernet ports.

In a typical hospitality or university residential hall deployment, AP700W may have IP phone, a multimedia device, and other devices on remaining two ports such as a guest laptop, HVAC unit, secondary IP phone, etc. IT administrators can now separate traffic for these devices by assigning different VLAN tags for respective ports on AP700W.

OEAP600 enhancements

OEAP basic firewall
OEAP split tunneling
OEAP voice QoS
OEAP link tests
A basic firewall provides port/application protection that can be controlled by the OEAP end user using user-accessible GUI.
Split tunneling enables OEAP clients to reach Internet directly through the WAN instead of going through the corporate network.
Enhanced OEAP offers high priority for voice packets for customers using VOIP in remote offices.
Link tests allow the end user to test the OEAP link metrics (latency, jitter) on demand or periodically.

Mesh fast convergence

Allows mesh convergence parameters such as parent loss detection and keepalive timers to be automatically configured to standard, fast, and very fast convergence methods.

Enables faster convergence by reducing mesh convergence time per hop to less than 20 seconds.

vWLC increased client scale

Increased vWLC scale allows up to 6000 clients to connect over up to 200 access points.

Increase in scale addresses larger client count requirements of customer deployments.

Service Provider Features

PMIPv6 MAG on access point

Access point (MAG) in Cisco FlexConnect local switched mode can dynamically establish a data tunnel to local mobility anchor (LMA) directly.

Deployment flexibility to allow data traffic from access point to directly tunnel to LMA such as ASR5K in mobile packet core without traversing the WLC.

Q-in-Q tagging

Q-in-Q allows multiple VLAN tags in an Ethernet frame. The additional tag can be used to represent a unique parameter such as a different source access point group.

Enables different traffic treatment based on the VLAN tags in the tag stack.

PPPoE on Cisco FlexConnect access points

The Cisco FlexConnect access point can act as PPPoE client.

Reduced number of devices as the Cisco FlexConnect access point can eliminate the need for an external PPPoE router.

RADIUS selection by realm

A realm value (such as username@realm) is unique for a service provider.

WLC can use the realm value as a tag to make a choice on which RADIUS to select for authentication and/or accounting for a wireless client.

Allows deployment flexibility to select, redirect, or load balance wireless clients for RADIUS authentication based on realm.

DHCP relay suboptions

DHCP option 82 suboptions support:

Suboption 5 (RFC 3527) defines the subnet, hence allowing the GIADDR to be the relay source.
Suboption 151 (RFC6607) tells the DHCP the VPN ID or the VRF name of that subnet.

The DHCP relay agent information suboptions enable easy to operate, shared usage of a centralized DHCP server that can provide cost savings.

Connected Mobility Experience and Mobility Services

Table 2 describes new Connected Mobile Experience (CMX) and MSE features in Cisco Wireless Release 8.0.

Table 2. New CMX and MSE Features in Release 8.0




CMX FastLocate

MSE delivers faster location updates for Wi-Fi clients using signal strength (RSSI) from probe and data packets.

This requires the Wireless Security Module (WSM) for AP3600/3700.

Wi-Fi client location is refreshed more frequently, leading to a better blue dot experience.

CMX FastLocate can be turned on simultaneously with advanced security on existing modular access points.

CMX Analytics: Presence

CMX Presence Analytics classifies Wi-Fi devices as inside or outside a venue. Intuitive and customizable dashboards help compare Wi-Fi device patterns (counts and dwell time) over a day or a month across different venues.

Customers can gain insight about visitor patterns in their venues and use it to improve business decisions. CMX Presence Analytics can be enabled for all existing Cisco WLC or CleanAir access point deployments (with single or multiple access points) without the need to site survey or add new access points.

CMX Connect and CMX for Facebook Wi-Fi

CMX Connect offers premium level of guest access for social users.

CMX for Facebook Wi-Fi is now integrated with MSE for ease of use and better scalability.

Customers can incentivize guests to log in with premium guest access experience.

Customers can enable CMX for Facebook Wi-Fi at multiple locations easily.

CMX Mobile App Server and SDK: iOS and Android

CMX Mobile App Server and CMX SDK allow mobile apps to consume location, maps, routes, and zone information. Apps can receive zone-based greeting as a push notification.

CMX partners and app developers can accelerate location-aware app development by using CMX SDK to consume Wi-Fi client location.

MSE Platform Certifications: FIPS 140-2, IPv6

MSE platform has been updated to comply with the requirements of federal security standards FIPS 140-2 and IPv6.

Customers in federal vertical and those needing IPv6 compliance can now adopt MSE in their IT stack to make use of advanced location technology.

Note: WLC and MSE 8.0 make use of SHA-2 cryptographic hash functions. This improved security posture might lead to incompatibility with mismatched WLC and MSE versions. PI release 2.1.x and later have built-in checks to resolve this incompatibility.

Cisco Prime Network Infrastructure 2.1.1

Cisco Prime Infrastructure is a network management platform that supports lifecycle management of your entire network infrastructure from one GUI (Figure 1). Cisco Prime Infrastructure provides network administrators with a “single pane of glass” solution for provisioning, monitoring, optimizing, and troubleshooting both wired and wireless devices. Robust GUIs make device deployments and operations simple and cost-effective.

Figure 1. Cisco Prime Infrastructure 2.1.1

Cisco Prime Infrastructure 2.1.1 allows basic monitoring and management of Cisco Wireless Release 8.0 with technology packs to enable new feature support.

Service and Support

Services from Cisco and our partners can help you assess, design, tune, and operate your wireless LAN to transparently integrate mobility services and take advantage of the systemwide capabilities of the Cisco Unified Wireless Network.

Our professional services help you align your interference management, performance, and security needs with your technical requirements to better use the self-healing, self-optimizing features built into the silicon-level intelligence of Cisco CleanAir technology and the increased performance of the 802.11ac standard. These services can enhance deployment and operational efficiencies to reduce the cost and complexity of transitioning to new technologies.

Our Technical Support Services help you maintain network availability and reduce risk. Optimization services provide ongoing assistance with performance, secure access, and maintaining a strong foundation for business evolution and innovation.

For More Information

For more information about planning, building, and running services for Cisco CleanAir technology, Cisco 802.11ac, and the Cisco Unified Wireless Network, visit Cisco Technical Support Services or Cisco Professional Services at

For more information about Cisco wireless products, visit