Cisco 5700 Series Wireless LAN Controllers

Release Notes for Cisco 5700 Series Wireless LAN Controller, Cisco IOS XE Release 3.6E

  • Viewing Options

  • PDF (233.8 KB)
  • Feedback

Table of Contents

Release Notes for Cisco 5700 Series Wireless LAN Controller, Cisco IOS XE Release 3.6E



What’s New in Cisco IOS XE Release 3.6.0E

Supported Hardware

Controller Models

Access Points and Mobility Services Engine

Compatibility Matrix

Wireless Web UI Software Requirements

Software Version

Upgrading the Controller Software

Important Upgrade Note


Interoperability with Other Client Devices

Important Notes


Cisco Bug Search Tool

Open Caveats

Resolved Caveats


Related Documentation

Obtaining Documentation and Submitting a Service Request

Release Notes for Cisco 5700 Series Wireless LAN Controller, Cisco IOS XE Release 3.6E

First Published: June 27, 2014


This release note gives an overview of the features for the Cisco IOS XE 3.6E software on the Cisco 5700 Series WLC.


The Cisco 5700 Series Wireless LAN Controller (Cisco 5700 Series WLC) is designed for 802.11ac performance with maximum services, scalability, and high resiliency for mission-critical wireless networks. With an enhanced software programmable ASIC, the controller delivers wire-speed performance with services such as Advanced QoS, Flexible NetFlow Version 9, and downloadable ACLs enabled in a wireless network. The controller works with other controllers and access points to provide network managers with a robust wireless LAN solution. The Cisco WLC 5700 provides:

  • Network traffic visibility through Flexible NetFlow Version 9
  • Radio frequency (RF) visibility and protection
  • Support for features such as CleanAir, ClientLink 2.0, and VideoStream

The Cisco IOS XE software represents the continuing evolution of the preeminent Cisco IOS operating system. The Cisco IOS XE architecture and well-defined set of APIs extend the Cisco IOS software to improve portability across platforms and extensibility outside the Cisco IOS environment. The Cisco IOS XE software retains the same look and feel of the Cisco IOS software, while providing enhanced future-proofing and improved functionality.

For more information about the Cisco IOS XE software, see

What’s New in Cisco IOS XE Release 3.6.0E


What’s New

Use this URL for the Cisco IOS XE Release 3E Documentation Roadmap:

Provides quick and easy access to all relevant documentation for specific platforms. Look for Quick Links to Platform Documentation on the respective platform documentation pages.

Integrated Documentation Guides

Provides platform and software documentation for the following technology:

  • IP Multicast Routing Configuration Guide

Open Plug-N-Play Agent

(LAN-Lite, LAN-Base, IP-Lite, IP-Base, IP Services / IP Enterprise Services)

Switch-based agent support for zero touch automated device installation solution called NG-PNP.

Cisco TrustSec Critical Authentication

(LAN-Base, IP-Lite, IP-Base, IP Services / IP Enterprise Services)

Ensures that the Network Device Admission Control (NDAC)-authenticated 802.1X links between Cisco TrustSec devices are in open state even when the Authentication, Authorization, and Accounting (AAA) server is not reachable.

Enabling Bidirectional SXP Support

(LAN-Base, IP-Lite, IP-Base, IP Services / IP Enterprise Services)

Enhances the functionality of Cisco TrustSec with SXP version 4 by adding support for Security Group Tag (SGT) Exchange Protocol (SXP) bindings that can be propagated in both directions between a speaker and a listener over a single connection.

Enablement of Security Group ACL at Interface Level

(LAN-Base, IP-Lite, IP-Base, IP Services /Ent. Serv.)

Controls and manages the Cisco TrustSec access control on a network device based on an attribute-based access control list. When a security group access control list (SGACL) is enabled globally, the SGACL is enabled on all interfaces in the network by default; use the Enablement of Security Group ACL at Interface Level feature to disable the SGACL on a Layer 3 interface.

Role-Based CLI Inclusive Views

(LAN-Base, IP-Lite, IP-Base, IP Services / IP Enterprise Services)

Enables a standard CLI view including all commands by default.

Custom Web Authentication Result Display Enhancement

Displays the authentication results on the main HTML page. There is no pop-up window to display the authentication results.

Custom Web Authentication Download Bundle

Ensures that one or more custom HTML pages can be downloaded and configured from a single tar file bundle.

The images and the custom pages containing the images are also part of the same downloadable tar file bundle.

Virtual IP Support for Images in Custom Web Authentication

Supports image file names without prefixes and removes the requirement of users having to specify the wireless management interface IP to indicate the source of image in the HTML code.

Service Discovery Gateway: mDNS enhancements

Enables multicast Domain Name System (mDNS) to operate across layer 3 boundaries.

HTTP Gleaning

(IP-Base, IP Services/Ent. Serv.)

Allows the device-sensor to extract the HTTP packet Type-Length-Value (TLV) to derive useful information about the end device type.

Banner Page and Inactivity timeout for HTTP/S connections

Allows you to create a banner page and set an inactivity timeout for HTTP or HTTP Secure (HTTPS) connections. The banner page allows you to log on to the server when the session is invalid or expired.

Secure CDP

(LAN-Lite, LAN-Base, IP-Lite, IP-Base, IP Services/ IP Enterprise Services)

Allows you to select the type, length, value (TLV) fields that are sent on a particular interface to filter information sent through Cisco Discovery Protocol packets.

Web Authentication Redirection to Original URL

(LAN-Base, IP-Lite, IP-Base, IP Services/Ent. Serv.)

Enables networks to redirect guest users to the URL they had originally requested. This feature is enabled by default and requires no configuration.

Auto configuration

(LAN-Lite, LAN-Base, IP-Lite, IP-Base,  IP Services/ IP Enterprise Services)

Determines the level of network access provided to an endpoint based  on the type of the endpoint device. This feature also permits hardbinding between the end device and the interface. Autoconfig falls under the umbrella of Smart Operations solution.

Interface templates

(LAN-Lite, LAN-Base, IP-Lite, IP-Base,  IP Services/ IP Enterprise Services)

Provides a mechanism to configure multiple commands at the same time and  associate it with a target such as an interface. An interface template is a container of  configurations or policies that can be applied to specific ports.


Enables strong ciphers (SHA2) for NMSP connections.

Embedded Event Manager (EEM) 4.0

Provides unique customization capabilities and event driven automation within Cisco products.

CleanAir Express for 1600 APs

Supports CleanAir Express on the Cisco 1600 Series Access Points. For more information about CleanAir Express, see

New AP Platform Support

Support is added to the following APs in this release:

  • AP2700I, AP2700E
  • AP1532I, AP1532E

Note The Cisco Aironet 1530 Series APs are supported operating only in Local mode; these APs in mesh mode are not supported.

  • AP702W, AP702I


Access control lists (ACLs) when configured using fully qualified domain name (FQDN) enables ACLs to be applied based on the destination domain name. The destination domain name is then resolved to an IP address, which is provided to the client as a part of DNS response. Guest users can log in using web authentication with parameter map that consists of FQDN ACL name. You can apply access list to a specific domain. RADIUS server has to send AAA attribute fqdn-acl-name to the controller. The operating system checks for the pass through domain list, its mapping, and permits the FQDN. FQDN ACL allows clients to access only configured domains without authentication. The FQDN ACL is supported only for IPv4 wireless session.

Local Policies

Local policies can profile devices based on HTTP and DHCP to identify the end devices on the network. Users can configure device-based policies and enforce the policies per user or per device policy on the network. Local policies allow profiling of mobile devices and basic onboarding of the profiled devices to a specific VLAN. They also assign ACL and QoS or configure session timeouts

Auto MAC Learning of Valid Client via MSE

You can validate the rogue clients by utilizing the resources available in the Cisco Mobility Services Engine (MSE). Using MSE, you can dynamically list the clients joining to the controller. The list of clients joined to the controller is stored in the MSE as a centralized location, where the controller communicates with MSE and validates the client before reporting if the rogue client is a valid one or not. MSE maintains the MAC addresses of clients joined to the controller. The communication between the controller and MSE is an on-demand service as the controller requests this service from MSE.

QoS Upstream

Marking and policing actions for ingress SSID and client policies are applied at the access point. The SSID and client ingress policies that you configure in the controller are pushed to the AP. The AP performs policing and marking actions for each packet. However, the controller selects the QoS policies. Marking and policing of egress SSID and client policies are applied at the controller. QoS statistics are collated for client and SSID targets in ingress direction. Statistics are supported only for ingress policies with a maximum of five classes on wireless targets. For very large policies, statistics for ingress policies are not visible at the controller. The frequency of the statistics depends on the number of clients associated with the access point.

Implement Control part of AVC (Tie-in to QOS)

Application Visibility and Control (AVC) classifies applications using deep packet inspection techniques with the Network-Based Application Recognition (NBAR2) engine, and provides application-level visibility and control (QoS) in wireless networks. After the applications are recognized, the AVC feature enables you to either drop, mark, or police the data traffic. AVC is configured by defining a class map in a QoS client policy to match a protocol. AVC QoS actions are applied with AVC filters in both upstream and downstream directions. The QoS actions supported for upstream flow are drop, mark, and police, and for downstream flow are mark and police. AVC QoS is applicable only when the application is classified correctly and matched with the class map filter in the policy map.

Note This feature is applicable only to wireless clients.

Optical Feature Interface support

Supports new hardware for DWDM SFP+ and 10G ZR SFP+ modules. For a list of all supported SFP+ modules, see

Flexible Netflow Enhancement

Support for NetFlow Data Export Format Version 10 (IPFIX). For more information, see the Cisco Flexible NetFlow Configuration Guide .

802.11r Mixed Mode Support

You do not have to create a separate WLAN for 802.11r support. You can specify the non-802.11r clients to associate with an SSID that is enabled with 802.11r.

Supported Hardware

Controller Models


Table 1 Cisco WLC 5700 Models

Part Number


Cisco 5760 Wireless Controller for up to 25 Cisco access points


Cisco 5760 Wireless Controller for up to 50 Cisco access points


Cisco 5760 Wireless Controller for up to 100 Cisco access points


Cisco 5760 Wireless Controller for up to 250 Cisco access points


Cisco 5760 Wireless Controller for up to 500 Cisco access points


Cisco 5760 Wireless Controller for up to 1000 Cisco access points


Cisco 5760 Series Wireless Controller for High Availability

Access Points and Mobility Services Engine

Table 2 lists the supported products of the Cisco 5700 Series WLC.


Table 2 Cisco 5700 Series WLC Supported Products

Platform Supported

Access Point

Cisco Aironet 700, 1040, 1140, 1260, 1530, 1600, 2600, 2700, 3500, 3600, 3700

Mobility Services Engine

3355, Virtual Appliance

Table 3 lists the specific supported Cisco access points.


Table 3 Supported Access Points

Access Points

Cisco Aironet 700 Series




Cisco Aironet 1040 Series





Cisco Aironet 1140 Series





Cisco Aironet 1260 Series





Cisco Aironet 1530 Series



Cisco Aironet 1600 Series



Cisco Aironet 2600 Series



Cisco Aironet 2700 Series



Cisco Aironet 3500 Series







Cisco Aironet 3600 Series



Cisco Aironet 3700 Series




Compatibility Matrix

Table 4 lists the software compatibility matrix.


Table 4 Software Compatibility Matrix

Cisco 5700 WLC
Catalyst 3850
Catalyst 3650
Cisco 5508 WLC or WiSM2
Cisco PI








5.2, 5.3

2.1.1 if MSE is also deployed3

2.1.0 if MSE is not deployed

















5.2, 5.3


1.Cisco Wireless Release 8.0 is targeted to be available by August 2014.

2.Because of SHA-2 certificate implementation, MSE 7.6 is not compatible with Cisco IOS XE Release 3.6E. Therefore, we recommend that you upgrade to MSE 8.0.

3.If MSE is deployed on your network, we recommend that you upgrade to Cisco Prime Infrastructure 2.1.1.

4.Cisco WLC Release 7.6 is not compatible with Cisco Prime Infrastructure 2.0.

5.Prime Infrastructure 2.0 enables you to manage Cisco WLC with the features of Cisco WLC and earlier releases. Prime Infrastructure 2.0 does not support any features of Cisco WLC including the new AP platforms.

For more information on the compatibility of wireless software components across releases, see the Cisco Wireless Solutions Software Compatibility Matrix .

Wireless Web UI Software Requirements

  • Operating Systems

Windows 7

Windows 8

Mac OS X 10.8

  • Browsers

Google Chrome—Version 35

Microsoft Internet Explorer—Versions 10 or 11

Mozilla Firefox—Version 30

Safari—Version 6.1

Software Version

Table 5 shows the mapping of the Cisco IOS XE version number and the Cisco IOS version number.

Table 5 Cisco IOS XE to Cisco IOS Version Number Mapping

Cisco IOS XE Version
Cisco IOSd Version
Cisco Wireless Control Module Version
Access Point Version
















Upgrading the Controller Software

To upgrade the Cisco IOS XE software, use the software install privileged EXEC command to install the packages from a new software bundle file. You can install the software bundle from the local storage media or it can be installed over the network using TFTP or FTP.

The software instal l command expands the package files from the specified source bundle file and copies them to the local flash: storage device. When the source bundle is specified as a tftp: or ftp: URL, the bundle file is first downloaded into the switch's memory (RAM); the bundle file is not copied to local storage media.

After the package files are expanded and copied to flash: the running provisioning file (flash:packages.conf) is updated to reflect the newly installed packages, and the controller displays a reload prompt.

MC#software install file tftp://
Preparing install operation ...
[1]: Downloading file tftp:// to active switch 1
[1]: Finished downloading file tftp:// to active switch 1
[1]: Starting install operation
[1]: Expanding bundle ct5760-ipservicesk9.SPA.03.03.00.SE.150-1.EZ.bin
[1]: Copying package files
[1]: Package files copied
[1]: Finished expanding bundle ct5760-ipservicesk9.SPA.03.03.00.SE.150-1.EZ.bin
[1]: Verifying and copying expanded package files to flash:
[1]: Verified and copied expanded package files to flash:
[1]: Starting compatibility checks
[1]: Finished compatibility checks
[1]: Starting application pre-installation processing
[1]: Finished application pre-installation processing
[1]: Old files list:
Removed ct5760-base.SPA.03.02.03.SE.pkg
Removed ct5760-drivers.SPA.03.02.03.SE.pkg
Removed ct5760-infra.SPA.03.02.03.SE.pkg
Removed ct5760-iosd-ipservicesk9.SPA.150-1.EX3.pkg
Removed ct5760-platform.SPA.03.02.03.SE.pkg
Removed ct5760-wcm.SPA.
[1]: New files list:
Added ct5760-base.SPA.03.03.00SE.pkg
Added ct5760-drivers.SPA.03.03.00SE.pkg
Added ct5760-infra.SPA.03.03.00SE.pkg
Added ct5760-iosd-ipservicesk9.SPA.150-1.EZ.pkg
Added ct5760-platform.SPA.03.03.00SE.pkg
Added ct5760-wcm.SPA.
[1]: Creating pending provisioning file
[1]: Finished installing software. New software will load on reboot.
[1]: Committing provisioning file
[1]: Do you want to proceed with reload? [yes/no]:

Table 6 Software Images

File Name

Cisco 5760 WIRELESS CONTROLLER SW Release 3.3


Cisco 5760 WIRELESS CONTROLLER SW Release 3.3 without DTLS


Important Upgrade Note

After you upgrade to Cisco IOS XE Release 3.6E, the WebAuth success page behavior is different from the behavior seen in Cisco IOS XE Release 3.3.X SE. After a successful authentication on the WebAuth login page, the original requested URL opens in a pop-up window and not on the parent page. Therefore, we recommend that you upgrade the Web Authentication bundle so that the bundle is in the format that is used by the AireOS Wireless LAN Controllers.

To download a sample Web Authentication bundle, follow these steps:

Step 1 Browse to .

Step 2 Navigate to Products > Wireless > Wireless LAN Controller > Standalone Controller > Cisco 5700 Series Wireless LAN Controllers > Cisco 5760 Wireless LAN Controller.

Step 3 Click Wireless Lan Controller Web Authentication Bundle .

Step 4 Choose Release 3.6.0 and click Download .

Step 5 After the download, follow the instructions provided in the Read Me file that is attached in the bundle.


NoteIn a High Availability scenario, if you download the Web Authentication bundle to the active controller, the bundle cannot be synchronized with the standby controller. Therefore, we recommend that you also manually download the Web Authentication bundle to the standby controller.


The Cisco 5700 Series WLC is the first Cisco IOS-based controller built with smart ASIC for next generation unified wireless architectures. The Cisco 5700 Series WLC can be deployed both as a Mobility Controller (MC) in Converged Access solutions and as a Centralized Controller.

For more information about the features, see the product data sheet at this URL:

Interoperability with Other Client Devices

This section describes the interoperability of this version of the controller software release with other client devices.

Table 7 lists the client types on which the tests were conducted. The clients included laptops, handheld devices, phones, and printers.


Table 7 Client Types

Client Type and Name

Intel 4965 or, v13.4

Intel 5100/6300


Intel 6205


Intel 6235


Intel 6300


Intel 7260(11AC), Windows 8.1

Dell 1395/1397

XP/Vista: Win7:

Dell 1505/1510/Broadcom 4321MCAG/4322HM

Dell 1515 (Atheros)

Dell 1520/Broadcom 43224HMS

Dell 1530 (Broadcom BCM4359)


Cisco CB21


Atheros HB95

MacBook Pro (Broadcom)

Broadcom 4360(11AC)

Macbook Air (11AC)


Macbook Air

Handheld Devices

Apple iPad

iOS 5.0.1

Apple iPad2

iOS 6.0.1

Apple iPad3


Apple iPad Air


Apple iPad Mini


Samsung Galaxy Tab

Android 3.2

Intermec CK70

Windows Mobile 6.5 /

Intermec CN50

Windows Mobile 6.1 /

Symbol MC5590

Windows Mobile 6.5 /

Symbol MC75

Windows Mobile 6.5 /

Phones and Printers

Cisco 7921G


Cisco 7925G


Ascom i75


Spectralink 8030


Vocera B1000A

Vocera B2000

Apple iPhone 4

iOS 6.0.1

Apple iPhone 4S


Apple iPhone 5s


Apple iPhone 5c


Ascom i62


HTC Sensation

Android 2.3.3

Samsung Galaxy S II

Android 2.3.3

SpectraLink 8450

Samsung Galaxy Nexus

Android 4.0.2

Samsung Galaxy S4 (GT-I9500)


Samsung Galaxy Note (SM-900)


Important Notes

  • Although visible in the CLI, the following commands are not supported:

collect flow username

authorize-lsc-ap (CSCui93659)

  • The following features are not supported in Cisco IOS XE Release 3.6E:

Outdoor Access Points

Mesh, FlexConnect, and OfficeExtend access point deployment


Cisco Bug Search Tool

The Bug Search Tool (BST), which is the online successor to Bug Toolkit, is designed to improve the effectiveness in network risk management and device troubleshooting. The BST allows partners and customers to search for software bugs based on product, release, and keyword, and aggregates key data such as bug details, product, and version. The tool has a provision to filter bugs based on credentials to provide external and internal bug views for the search input.

To view the details of a caveat listed in this document:

1. Access the BST (use your Cisco user ID and password) at .

2. Enter the bug ID in the Search For: field.

Open Caveats

Use the BST to view the details of a caveat listed in this section. For more information about the BST, see the “Cisco Bug Search Tool” section.


Bug ID



Roam from Cisco 5500 Series WLC to Cisco 5700 Series WLC/ Catalyst 3850 Switches or vice-versa: Correct QoS policy is not applied when AAA override is configured



Guest Access: AAA overridden QoS policies are not getting precedence



IOSd crash "iosv_watchdog_timeout_occured" when left for roughly a week



Clients do not get IP from the right VLAN after adding VLANs to the group



Access Points drop off when active Cisco 5700 Series WLCs fail over to standby Cisco 5700 Series WLCs in an AP SSO configuration.



Wireless clients may be stuck in idle state when FQDN feature is enabled



Client QoS policy is not applied for Inter-controller roamed client



CLI output for "show memory" command shows ”0” for config on device.

Resolved Caveats

Use the BST to view the details of a caveat listed in this section. For more information about the BST, see the “Cisco Bug Search Tool” section.


Bug ID



IPDT: rejected channel conf and standby failed to boot up



Router ACL (RACL) on SVI in output direction applied to bridged traffic



Incorrect temperature thresholds reported via SNMP



Unable to disable IPDT


For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at this URL:

Choose Product Support > Wireless. Then choose your product and click Troubleshoot and Alerts to find information for the problem that you are experiencing.

Related Documentation

  • Cisco IOS XE 3E Release documentation at this URL:

  • Cisco 5700 controller documentation at this URL:

  • Cisco Validated Designs documents at this URL:

  • Error Message Decoder at this URL:

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation , which also lists all new and revised Cisco technical documentation, at:

Subscribe to the What’s New in Cisco Product Documentation , which lists all new and revised Cisco Technical documentation, as an RSS feed and deliver content directly to your desktop using a read application. The RSS feeds are a free service.


© 2014 Cisco Systems, Inc. All rights reserved.