Guest

Cisco 5700 Series Wireless LAN Controllers

Release Notes for Cisco 5700 Series Wireless LAN Controller, Cisco IOS XE Release 3.3.xSE

  • Viewing Options

  • PDF (356.3 KB)
  • Feedback

Table of Contents

Release Notes for Cisco 5700 Series Wireless LAN Controller, Cisco IOS XE Release 3.3.xSE

Contents

Introduction

What’s New in Cisco IOS XE Release 3.3.3SE

New Hardware Support

CPP-Related Commands

cpp [all | disable | system-default | traffic-type]

show platform qos queue stats internal cpu policer

What’s New in Cisco IOS XE Release 3.3.2SE

What’s New in Cisco IOS XE Release 3.3.1SE

What’s New in Cisco IOS XE Release 3.3.0SE

Supported Hardware

Controller Models

Access Points and Mobility Services Engine

Compatibility Matrix

Wireless Web UI Software Requirements

Software Version

Upgrading the Controller Software

Features

Interoperability with Other Client Devices

Important Notes

Caveats

Open Caveats

Resolved Caveats in Cisco IOS XE Release 3.3.3SE

Resolved Caveats in Cisco IOS XE Release 3.3.2SE

Resolved Caveats in Cisco IOS XE Release 3.3.1SE

Resolved Caveats in Cisco IOS XE Release 3.3.0SE

Troubleshooting

Related Documentation

Obtaining Documentation and Submitting a Service Request

Release Notes for Cisco 5700 Series Wireless LAN Controller, Cisco IOS XE Release 3.3.xSE

First Published: October 7, 2013

Last Updated: April 25, 2014

 

OL-30703-03

This release note describes the features and caveats for the Cisco IOS XE 3.3.xSE software on the Cisco WLC 5700 Series.

Introduction

The Cisco 5700 Series Wireless LAN Controller (Cisco WLC 5700 Series) is designed for 802.11ac performance with maximum services, scalability, and high resiliency for mission-critical wireless networks. With an enhanced software programmable ASIC, the controller delivers wire-speed performance with services such as Advanced QoS, Flexible NetFlow Version 9, and downloadable ACLs enabled in a wireless network. The controller works with other controllers and access points to provide network managers with a robust wireless LAN solution. The Cisco WLC 5700 provides:

  • Network traffic visibility through Flexible NetFlow Version 9
  • Radio frequency (RF) visibility and protection
  • Support for features such as CleanAir, ClientLink 2.0, and VideoStream

The Cisco IOS XE software represents the continuing evolution of the preeminent Cisco IOS operating system. The Cisco IOS XE architecture and well-defined set of APIs extend the Cisco IOS software to improve portability across platforms and extensibility outside the Cisco IOS environment. The Cisco IOS XE software retains the same look and feel of the Cisco IOS software, while providing enhanced future-proofing and improved functionality.

For more information about the Cisco IOS XE software, see http://www.cisco.com/en/US/prod/collateral/iosswrel/ps9442/ps11192/ps11194/QA_C67-622903.html

What’s New in Cisco IOS XE Release 3.3.3SE

New Hardware Support

cpp [all | disable | system-default | traffic-type]

The cpp [ all | disable | system-default | traffic-type ] global configuration command for configuring Control Plane Policing (CPP) has been updated to include keywords for modifying CPP policer settings on CPU queues and for controlling the policer rate based on traffic types.

cpp [ all | disable | system-default | traffic-type [ traffic-type { disable }]]

 

all

(Optional) Enable policing on all CPU bound traffic.

disable

(Optional) Disable all CPU policing.

system-default

(Optional) Reset all CPU queues to system default policer rate values.

Use the show platform qos queue stats internal cpu policer privileged EXEC command to display the system default values.

traffic-type [ traffic-type { disable }]

(Optional) Set the CPU traffic type to police.

  • disable Disable policing on the specified traffic type.

Traffic types:

  • broadcast Police broadcast traffic.
  • dot1x Police IEEE 802.1x traffic.
  • forus-packet Police forus packet traffic. Forus (or for-us) packets are packets destined to the router.
  • icmp-redirect Police Internet Control Message Protocol (ICMP) redirect traffic.
  • layer2-control Police Layer-2 control traffic.
  • multicast-control Police multicast control traffic.
  • multicast-data Police multicast data traffic.
  • routing-control Police routing control traffic.
  • snooping Police snooping traffic.
  • software-forward Police software forward traffic.
  • system-data Police system data traffic such as learning cache, RPF failure, GOLD, NFL sample.
  • topology-control Police STP and STP topology control traffic.
  • webauth { pps } Police web authentication traffic.

pps : The range is 100 pps to 13000 pps.

  • wireless-iapp Police Cisco Inter Access Point Protocol (IAPP) traffic.
  • wireless-mgmt Police wireless RFID, radio resource management (RRM), and probe management.
  • wireless-mobility Police Control And Provisioning of Wireless Access Points (CAPWAP) mobility data and control traffic.

This example shows how to enable CPU queue policing on web authentication traffic at 1400 pps:

Controller(config)# cpp traffic-type webauth 1400
 

You can verify your setting by entering the show platform qos queue stats internal cpu policer privileged EXEC command. For information about this show command, see the “show platform qos queue stats internal cpu policer” section.

show platform qos queue stats internal cpu policer

The show platform qos queue stats internal cpu policer privileged EXEC command is a new command to display the configured Control Plane Policing (CPP) CPU queue and corresponding traffic TYPES.

 

Table 1 CPP CPU Queue Mapping in FED with Corresponding Traffic Types

CPU Queue
Traffic Type

WK_CPU_Q_L2_CONTROL

layer2-control

WK_CPU_Q_ROUTING_CONTROL

routing-control

WK_CPU_Q_MCAST_DATA

multicast-data

WK_CPU_Q_PROTO_SNOOPING

snooping

WK_CPU_Q_PUNT_WEBAUTH

webauth

WK_CPU_Q_SW_FORWARDING_Q

sw-fwd

WK_CPU_Q_WIRELESS_PRIO_1

capwap-control

WK_CPU_Q_WIRELESS_PRIO_3

wireless-iapp

WK_CPU_Q_WIRELESS_PRIO_4, WK_CPU_Q_WIRELESS_PRIO_5

wireless-misc

WK_CPU_Q_TOPOLOGY_CONTROL

topology-control

WK_CPU_Q_MCAST_END_STATION_SERVICE

multicast-snooping

WK_CPU_Q_LEARNING_CACHE_OVFL, WK_CPU_Q_EXCEPTION, WK_CPU_Q_CRYPTO_CONTROL, WK_CPU_Q_EGR_EXCEPTION, WK_CPU_Q_NFL_SAMPLED_DATA, WK_CPU_Q_SGT_CACHE_FULL, WK_CPU_Q_GOLD_PKT,
WK_CPU_Q_RPF_FAILED

system-data

WK_CPU_Q_ICMP_REDIRECT

icmp-redirect

WK_CPU_Q_DOT1X_AUTH

dot1x

WK_CPU_Q_BROADCAST

broadcast

WK_CPU_Q_FORUS_TRAFFIC

forus

The show platform qos queue stats internal cpu policer command output shows the CPP policer settings (such as traffic types and CPP rates) on the CPU queues.

Controller# sh platform qos queue stats internal cpu policer
 
For Asic 0
Queue Enabled Rate(default) Rate(set) Drop
-----------------------------------------------------------------------
DOT1X Auth No 1000 1000 0
L2 Control No 500 500 0
Forus traffic No 1000 1000 0
ICMP GEN Yes 200 200 0
Routing Control No 500 500 0
Forus Address resolution No 1000 1000 0
ICMP Redirect No 500 500 0
WLESS PRI-5 No 1000 1000 0
WLESS PRI-1 No 1000 1000 0
WLESS PRI-2 No 1000 1000 0
WLESS PRI-3 No 1000 1000 0
WLESS PRI-4 No 1000 1000 0
BROADCAST Yes 200 200 0
Learning cache ovfl Yes 100 100 0
Sw forwarding Yes 1000 1000 0
Topology Control No 13000 13000 0
Proto Snooping No 500 500 0
BFD Low Latency No 500 500 0
Transit Traffic Yes 500 500 0
RPF Failed Yes 100 100 0
MCAST END STATION Yes 2000 2000 0
LOGGING Yes 1000 1000 0
Punt Webauth No 1000 1000 0
Crypto Control Yes 100 100 0
Exception Yes 100 100 0
General Punt No 500 500 0
NFL SAMPLED DATA Yes 100 100 0
SGT Cache Full Yes 100 100 0
EGR Exception Yes 100 100 0
Show frwd No 1000 1000 0
MCAST Data Yes 500 500 0

Gold Pkt Yes 100 100 0

What’s New in Cisco IOS XE Release 3.3.2SE

No features were added or enhanced for this release. For updates in this release, see “Resolved Caveats in Cisco IOS XE Release 3.3.2SE” section.

What’s New in Cisco IOS XE Release 3.3.1SE

  • Support added for Cisco Aironet 3700 Series Access Points—The Cisco Aironet 3700 Series Access Points with the 802.11ac module is supported in this release. For more information about the AP, see http://www.cisco.com/en/US/products/ps13367/index.html .
  • Wired Guest Access—Uses Ethernet in IP (RFC3378) within the centralized architecture to create a tunnel across a Layer 3 topology between two WLC endpoints. No additional protocols or segmentation techniques are needed to isolate guest traffic from the enterprise.

Note Detailed documentation for this feature will be made available at a later date. In the meantime, see information about configuring Wired Guest Access on Catalyst 3850 Series Switches at http://www.cisco.com/en/US/docs/ios-xml/ios/ibns/configuration/xe-3se/3850/ibns-wired-guest-access.html.


What’s New in Cisco IOS XE Release 3.3.0SE

  • Wireshark—A packet analyzer program that supports multiple protocols and presents information in a text-based user interface. Wireshark analyzes wired traffic and wireless traffic.
  • Wired Guest Access—Uses Ethernet in IP (RFC3378) within the centralized architecture to create a tunnel across a Layer 3 topology between two WLC endpoints. No additional protocols or segmentation techniques are needed to isolate guest traffic from the enterprise.
  • Service Discovery Gateway feature—Enables multicast Domain Name System (mDNS) to operate across Layer 3 boundaries by filtering, caching, and redistributing services from one Layer 3 domain to another. This feature enhances Bring Your Own Device (BYOD).
  • Captive Portal Bypassing for Local Web Authentication—Support for Apple devices that need to resolve Wireless Internet Service Provider roaming (WISPr) and have support for captive portal bypass.
  • Multicast Fast Convergence with Flex Links Failover feature—Reduces the convergence time of multicast traffic after a Flex Links failure.
  • High Availability (HA)

Controller Stack—This release supports a stack of two controllers connected using the stack cable, working together using the Cisco StackWise-480 technology. The HA feature is enabled by default when the controllers are connected using the stack cable and the Cisco StackWise-480 technology is enabled.

Access Point Stateful Switchover—Controller supports 1000 access points and 12000 clients. When a switchover from the active controller to standby controller occurs, the access points continue to remain connected during the active-to-standby switchover. However, all the clients are deauthenticated and need to be reassociated with the new active controller.

  • Client Count per WLAN—You can configure client limits per WLAN, per AP per WLAN, and per AP per Radio. The number of clients that you can configure for each WLAN depends on the platform that you are using.
  • 802.11w support—Support for the 802.11w standard as defined by the Management Frame Protection (MFP) service. Disassociation, Deauthentication, and Robust Action frames increase Wi-Fi network security by protecting the management frames from being spoofed.
  • 802.11r support in local mode—Support for IEEE Standard for fast roaming allows the handshake with the new access point before the client roams to the target access point. Allows clients to move between access points without breaking a session.
  • Wi-Fi Direct Client Policy—Devices that are Wi-Fi Direct capable can connect directly to each other quickly and conveniently to do tasks such as printing, synchronization, and sharing of data. Wi-Fi Direct devices may associate with multiple peer-to-peer (P2P) devices and with infrastructure wireless LANs (WLANs) concurrently. You can use the controller to configure the Wi-Fi Direct Client Policy, on a per WLAN basis, where you can allow or disallow association of Wi-Fi devices with infrastructure WLANs, or disable Wi-Fi Direct Client Policy altogether for WLANs.
  • Assisted Roaming—The 802.11k standard allows clients to request neighbor reports containing information about known neighbor access points that are candidates for a service set transition. The use of the 802.11k neighbor list can limit the need for active and passive scanning. The assisted roaming feature is based on an intelligent and client-optimized neighbor list.
  • Support for IPv6 wireless clients—Client policies can have IPv4 and IPv6 filters.
  • Support for 802.11ac module—The 802.11ac radio module, which is based on the IEEE 802.11ac Wave 1 standard, is available on the Cisco lightweight access points.

The 802.11ac module provides enterprise-class reliability and wired-network-like performance. The 802.11ac module supports three spatial streams and 80 MHz-wide channels for a maximum data rate of 1.3 Gbps. The 802.11ac standard is a 5-GHz-only technology, which is faster and a more scalable version of the 802.11n standard.

  • Application Visibility and Control—Classifies applications using deep packet inspection techniques with the Network-Based Application Recognition (NBAR2) engine and provides application-level visibility into Wi-Fi networks.

Note The capability of dropping or marking the data traffic (control part) is not supported in the Cisco IOS XE 3.3.0SE.


  • Security Enhancements

Manage Rogue devices—The controller continuously monitors all the nearby access points and automatically discovers and collects information on rogue access points and clients. When the controller discovers a rogue access point, it uses the Rogue Location Discovery Protocol (RLDP) to determine if the rogue is attached to your network. For more information about managing rogue devices, see the “Managing Rogue Devices” section in the System Management Configuration Guide.

Classify rogue access points—The controller software enables you to create rules that can organize and display rogue access points as Friendly, Malicious, or Unclassified. For more information about classifying rogue access points, see the “Classifying Rogue Access Points” section in the System Management Configuration Guide.

wIPS—The Cisco Adaptive wireless intrusion prevention system (wIPS) continually monitors wireless traffic on both the wired and wireless networks and uses network intelligence to analyze attacks and more accurately pinpoint and proactively prevent attacks in the future. You can configure an access point to work in wIPS mode if the access point is in the Monitor or Local mode.

Radio Frequency Grouping—A radio frequency (RF) group is a logical collection of controllers that coordinate to perform radio resource management (RRM) in a globally optimized manner to perform network calculations on a per-radio basis. An RF group exists for each 802.11 network type. Clustering controllers into a single RF group enables the RRM algorithms to scale beyond the capabilities of a single controller.

  • Lightweight Directory Access Protocol Server mode—Operates as the backend database for web authentication to retrieve user credentials and authenticate the user.
  • Wireless Flexible NetFlow—Enables flow monitoring and control of wireless traffic.
  • Enhanced QoS support for wireless IPv6 clients—Support for IPv6 ACLs and DSCP-matching of IPv6 packets.

Supported Hardware

Controller Models

 

Table 2 Cisco WLC 5700 Models

Part Number
Description

AIR-CT5760-25-K9

Cisco 5760 Wireless Controller for up to 25 Cisco access points

AIR-CT5760-50-K9

Cisco 5760 Wireless Controller for up to 50 Cisco access points

AIR-CT5760-100-K9

Cisco 5760 Wireless Controller for up to 100 Cisco access points

AIR-CT5760-250-K9

Cisco 5760 Wireless Controller for up to 250 Cisco access points

AIR-CT5760-500-K9

Cisco 5760 Wireless Controller for up to 500 Cisco access points

AIR-CT5760-1K-K9

Cisco 5760 Wireless Controller for up to 1000 Cisco access points

AIR-CT5760-HA-K9

Cisco 5760 Series Wireless Controller for High Availability

Access Points and Mobility Services Engine

Table 3 lists the supported products of the Cisco 5700 Series WLC.

 

Table 3 Cisco 5700 Series WLC Supported Products

Product
Platform Supported

Access Point

Cisco Aironet 1040, 1140, 1260, 1600, 2600, 3500, 3600, 3700

Mobility Services Engine

3355, Virtual Appliance

Table 4 lists the specific supported Cisco access points.

 

Table 4 Supported Access Points

Access Points

Cisco Aironet 1040 Series

AIR-AP1041N

AIR-AP1042N

AIR-LAP1041N

AIR-LAP1042N

Cisco Aironet 1140 Series

AIR-AP1141N

AIR-AP1142N

AIR-LAP1141N

AIR-LAP1142N

Cisco Aironet 1260 Series

AIR-LAP1261N

AIR-LAP1262N

AIR-AP1261N

AIR-AP1262N

Cisco Aironet 1600 Series

AIR-CAP1602E

AIR-CAP1602I

Cisco Aironet 2600 Series

AIR-CAP2602E

AIR-CAP2602I

Cisco Aironet 3500 Series

AIR-CAP3501E

AIR-CAP3501I

AIR-CAP3501P

AIR-CAP3502E

AIR-CAP3502I

AIR-CAP3502P

Cisco Aironet 3600 Series

AIR-CAP3602E

AIR-CAP3602I

Cisco Aironet 3700 Series

AIR-CAP3702I

AIR-CAP3702E

AIR-CAP3702P

Compatibility Matrix

Table 5 lists the software compatibility matrix.

 

Table 5 Software Compatibility Matrix

Cisco 5700 WLC
Catalyst 3850
Catalyst 3650
Cisco 5508 WLC or WiSM2
MSE
ISE
ACS
Cisco PI

03.03.03SE
03.03.02SE
03.03.01SE
03.03.00SE

03.03.03SE
03.03.02SE
03.03.01SE
03.03.00SE

03.03.03SE
03.03.02SE
03.03.01SE
03.03.00SE

7.61
7.52

7.5

1.2

5.2, 5.3

2.0

1.Cisco WLC Release 7.6 is not compatible with Cisco Prime Infrastructure 2.0.

2.Prime Infrastructure 2.0 enables you to manage Cisco WLC 7.5.102.0 with the features of Cisco WLC 7.4.110.0 and earlier releases. Prime Infrastructure 2.0 does not support any features of Cisco WLC 7.5.102.0 including the new AP platforms.

For more information on the compatibility of wireless software components across releases, see the Cisco Wireless Solutions Software Compatibility Matrix .

Wireless Web UI Software Requirements

  • Operating Systems

Windows XP

Windows 7

Mac OS X 10.7.5

  • Browsers

Google Chrome—Version 23.x

Microsoft Internet Explorer—Versions 10.x

Mozilla Firefox—Version 22.x

Software Version

Table 6 shows the mapping of the Cisco IOS XE version number and the Cisco IOS version number.

Table 6 Cisco IOS XE to Cisco IOS Version Number Mapping

Cisco IOS XE Version
Cisco IOSd Version
Cisco Wireless Control Module Version
Access Point Version

03.03.03SE

15.0(1)EZ3

10.1.130.0

15.2(4)JB5h

03.03.02SE

15.0(1)EZ2

10.1.121.0

15.2(4)JB3h

03.03.01SE

15.0(1)EZ1

10.1.110.0

15.2(4)JB2

03.03.00SE

15.0(1)EZ

10.1.100.0

15.2(4)JN

Upgrading the Controller Software

To upgrade the Cisco IOS XE software, use the software install privileged EXEC command to install the packages from a new software bundle file. You can install the software bundle from the local storage media or it can be installed over the network using TFTP or FTP.

The software instal l command expands the package files from the specified source bundle file and copies them to the local flash: storage device. When the source bundle is specified as a tftp: or ftp: URL, the bundle file is first downloaded into the switch's memory (RAM); the bundle file is not copied to local storage media.

After the package files are expanded and copied to flash: the running provisioning file (flash:packages.conf) is updated to reflect the newly installed packages, and the controller displays a reload prompt.

MC#software install file tftp://10.10.10.2/system1/ct5760-ipservicesk9.SPA.03.03.00.SE.150-1.EZ.bin
Preparing install operation ...
[1]: Downloading file tftp://10.10.10.2/system1/ct5760-ipservicesk9.SPA.03.03.00.SE.150-1.EZ.bin to active switch 1
[1]: Finished downloading file tftp://172.19.26.230/kart/ct5760-ipservicesk9.SPA.03.03.00.SE.150-1.EZ.bin to active switch 1
[1]: Starting install operation
[1]: Expanding bundle ct5760-ipservicesk9.SPA.03.03.00.SE.150-1.EZ.bin
[1]: Copying package files
[1]: Package files copied
[1]: Finished expanding bundle ct5760-ipservicesk9.SPA.03.03.00.SE.150-1.EZ.bin
[1]: Verifying and copying expanded package files to flash:
[1]: Verified and copied expanded package files to flash:
[1]: Starting compatibility checks
[1]: Finished compatibility checks
[1]: Starting application pre-installation processing
[1]: Finished application pre-installation processing
[1]: Old files list:
Removed ct5760-base.SPA.03.02.03.SE.pkg
Removed ct5760-drivers.SPA.03.02.03.SE.pkg
Removed ct5760-infra.SPA.03.02.03.SE.pkg
Removed ct5760-iosd-ipservicesk9.SPA.150-1.EX3.pkg
Removed ct5760-platform.SPA.03.02.03.SE.pkg
Removed ct5760-wcm.SPA.10.0.120.0.pkg
[1]: New files list:
Added ct5760-base.SPA.03.03.00SE.pkg
Added ct5760-drivers.SPA.03.03.00SE.pkg
Added ct5760-infra.SPA.03.03.00SE.pkg
Added ct5760-iosd-ipservicesk9.SPA.150-1.EZ.pkg
Added ct5760-platform.SPA.03.03.00SE.pkg
Added ct5760-wcm.SPA.10.1.100.0.pkg
[1]: Creating pending provisioning file
[1]: Finished installing software. New software will load on reboot.
[1]: Committing provisioning file
 
[1]: Do you want to proceed with reload? [yes/no]:

Features

The Cisco 5700 Series WLC is the first Cisco IOS-based controller built with smart ASIC for next generation unified wireless architectures. The Cisco 5700 Series WLC can be deployed both as a Mobility Controller (MC) in Converged Access solutions and as a Centralized Controller.

For more information about the features, see the product data sheet at this URL:

http://www.cisco.com/en/US/products/ps12598/products_data_sheets_list.html

Interoperability with Other Client Devices

This section describes the interoperability of this version of the controller software release with other client devices.

Table 7 lists the client types on which the tests were conducted. The clients included laptops, handheld devices, phones, and printers.

 

Table 7 Client Types

Client Type and Name
Version
Laptop

Intel 4965

11.5.1.15 or 12.4.4.5, v13.4

Intel 5100/6300

v14.3.0.6

Intel 6205

v14.3.0.6

Dell 1395/1397

XP/Vista: 5.60.18.8 Win7: 5.30.21.0

Dell 1505/1510/Broadcom 4321MCAG/4322HM

5.60.18.8

Dell 1515 (Atheros)

8.0.0.239

Dell 1520/Broadcom 43224HMS

5.60.48.18

Dell 1530 (Broadcom BCM4359)

v5.100.235.12

Cisco CB21

v1.3.0.532

Atheros HB95

7.7.0.358

MacBook Pro (Broadcom)

5.10.91.26
Handheld Devices

Apple iPad

iOS 5.0.1

Apple iPad2

iOS 6.0.1

Apple iPad3

iOS 6.0.1

Samsung Galaxy Tab

Android 3.2

Intermec CK70

Windows Mobile 6.5 / 2.01.06.0355

Intermec CN50

Windows Mobile 6.1 / 2.01.06.0333

Symbol MC5590

Windows Mobile 6.5 / 3.00.0.0.051R

Symbol MC75

Windows Mobile 6.5 / 3.00.2.0.006R

Phones and Printers

Cisco 7921G

1.4.2.LOADS

Cisco 7925G

1.4.2.LOADS

Ascom i75

1.8.0

Spectralink 8030

119.081/131.030/132.030

Vocera B1000A

4.1.0.2817

Vocera B2000

4.0.0.345

Apple iPhone 4

iOS 6.0.1

Apple iPhone 4S

iOS 6.0.1

Apple iPhone 5

iOS 6.0.1

Ascom i62

2.5.7

HTC Sensation

Android 2.3.3

Samsung Galaxy S II

Android 2.3.3

SpectraLink 8450

3.0.2.6098/5.0.0.8774

Samsung Galaxy Nexus

Android 4.0.2

Important Notes

  • A switch stack containing a mix of Catalyst 3850 and Catalyst 3650 switches is not supported.
  • Although visible in the CLI, the following commands are not supported:

switchport mode dot1qtunnel

collect flow username

authorize-lsc-ap (CSCui93659)

show platform qos xxx (CSCug09112)

  • The following features are not supported in Cisco IOS XE Release 3.3.0SE:

Outdoor Access Points

Wired Guest Access


Note Wired Guest Access is supported is the Cisco IOS XE Release 3.3.1SE.


  • Mesh, FlexConnect, and Office Extend Access Point deployment

Caveats

If you need information about a specific caveat that does not appear in these release notes, you can use the Cisco Bug Toolkit to find caveats of any severity. Click this URL to browse to the Bug Toolkit:

https://tools.cisco.com/bugsearch/search

(If you request a defect that cannot be displayed, the defect number might not exist, the defect might not yet have a customer-visible description, or the defect might be marked Cisco Confidential.)

Open Caveats

  • CSCui69119

Either of these problems occur:

On a standalone controller, you cannot configure an EtherChannel group on the EtherChannel member port, because a maximum limit for the bindings is configured on this port ( ip device tracking maximum interface command).

The controller stack does not boot up after stateful switchover (SSO) is configured, because “0” is set as the maximum limit for the bindings configured on an EtherChannel member port on a member controller.

The workaround is to use the no ip device tracking maximum interface command to disable this feature from the EtherChannel member port.

  • CSCuj92028

Configuring a WCCP service group with a redirect ACL, which has range option in the access control entries (ACEs) can cause the controller to reload.

The workaround is to use the eq (equal) option for each port number.

  • CSCum66129

A non-designated PIM router does not forward multicast packets in the same VLAN from where they are received. This occurs in the following situation: When controllers are configured with both HSRP and multicast routing, one of the controllers will be the active designated router and the others become non-designated routers. The HSRP router that becomes a non-designated router will not be flooding the multicast packets in the same VLAN it is received. This affects the rectangle topologies where the distribution controllers are connected to access controllers.

Configure the non-designated routers with a static mroute pointing to the designated routers interface address in the same VLAN.

  • CSCun68485

Bridged layer-2 traffic is dropped because of ACL rules configured on a corresponding outside SVI.

The workaround is to explicitly permit layer-2 traffic or to remove the ACL from the SVI.

  • CSCun78227

The entSensorThresholdValueCISCO-ENTITY-SENSOR-MIB displays impossible temperature threshold values on the controller.

To display the temperature thresholds in terms of GREEN, YELLOW or RED, use either:

show environment temperature status command

ciscoEnvMonTemperatureStatusDescr CISCO-ENVMON-MIB

Resolved Caveats in Cisco IOS XE Release 3.3.3SE

  • CSCtk68692

The startup-config and running-config on the controller become unavailable after running a kron job.

The workaround is to reload the controller. To avoid this condition, use Embedded Event Manager (EEM) with the timer event to schedule the required task.

  • CSCug75425

The controller and the Network Time Protocol (NTP) server are not synchronized even though the NTP status shows they are.

There is no workaround.

  • CSCug92629

The show tech-support privileged EXEC command includes irrelevant extra characters.

There is no workaround.

  • CSCuh56465

If you configure a SPAN session with more than one source port on the same standalone controller or on multiple source ports on the same stack member, traffic is only captured from one of the ports with no traffic captured on the other ports.

The workaround is to spread the source ports across the different stack members. If you need to use source ports on a standalone controller or on one stack member, use the source ports in different SPAN sessions.

  • CSCuh59075

The controller crashes when you do the following:

1. Configure a flow record with collect interface input and either collect interface output or collect tcp flags.

2. Configure a flow monitor that uses the above flow record.

3. Attach the flow monitor to one or more interface(s). It will be rejected due to unsupported fields in the flow record.

4. Unconfigure collect interface input and either collect interface output from the flow record.

5. Attach the same flow record to the flow monitor.

6. Reattach the same flow monitor to one or more interface(s).

The workaround is to restart the system and then configure flow monitor with the correct fields to avoid the misconfiguration.

  • CSCui94876

AVL Tree full error messages are displayed on the console of the controller running Cisco IOS XE 3.2SE

The workaround is to reload the controller.

  • CSCuj31712

During Online Insertion and Removal (OIR), the SFP ports on third-party SFP modules can error disable.

The workaround is to disable and then reenable the port.

  • CSCuj51019

The controller reboots because FFM processing stops, possibly due to updates to wireless client operations.

There is no workaround.

  • CSCuj52086

If Fast SSID Changing is enabled and if wireless clients are moving between SSIDs, the RADIUS requests contain attributes from the previous SSID.

The workaround is to disable Fast SSID Changing by using the no wireless client fast-ssid-change command.

  • CSCuj97492

If you swap the order of an existing primary and secondary controller, an error message that both devices have the same name and IP address is displayed. Once configured, you cannot change primary, secondary, or tertiary controller information.

You can delete controller information by using the ap name < ap_name > no controller [ primary | secondary | tertiary ] command. For example:

Controller# ap name AP442b.039a.ad4a no controller primary
 
  • CSCul44461

A crash occurs on the controller if the ip http secure-server global configuration command is used in the startup or running config file.

The workaround is to remove the ip http secure-server global configuration command from the startup or running config file.

  • CSCul47224

Traceback errors occur when IEEE 802.1x authentication is configured.

There is no workaround.

  • CSCul48578

The default queue size is different for odd and even interfaces on a controller running an earlier release of Cisco IOS XE 3SE.

There is no workaround.

  • CSCul66509

An error message is displayed when this link (https:// <wlc-ip-address> ) is used to launch the Wireless Web UI for the first time in Internet Explorer.

The workaround is to either:

Use this link (https:// <wlc-ip-address> ) again to display the GUI in IE.

Use this link (https:// <wlc-ip-address/wireless> ) to display the GUI for the first time in IE.

  • CSCum07541

When a wireless client switches between a controller (which has mobility configured and is acting as an anchor) and a foreign controller, the SSID of the client shows differently on the anchor and foreign controllers. The anchor controller shows that the client has the previous SSID but the foreign controller shows the client has a new SSID.

The workaround is to deauthenticate the wireless client MAC address.

  • CSCum09063

On a scaled setup, IOSd processing stops on the controller due to memory leaks.

There is no workaround.

  • CSCum47451

The downloadable ACL is ineffective when applied to stack member 5 and higher.

There is no workaround.

  • CSCum70737

A controller stack (running Cisco IOS XE 3.3.1SE) with an ACL configured on the management interface causes all controllers in the stack to display incorrect output for show platform qos policy and show platform acl .

The workaround is to remove the ACL from the management interface, save the configuration; and restart the stack.

  • CSCum81233

A traceback occurs when you configure a VLAN with a name longer than 30 characters, and then you enter VLAN configuration mode by using the vlan global configuration command.

There is no workaround.

  • CSCun10948

IOSd processing stops on a controller that is running the LAN Base image and has either “log” or “log-input” in an ACL entry.

The workaround is to remove “log” or “log-input” from the ACL entry. You can also upgrade the controller to the IP Base license or IP Services license.

  • CSCun14712

The WLAN session timeout field on the Wireless Web UI shows that 0 means an infinite session timeout. However, when you attempt to save the setting as 0 , an error is displayed stating that the value needs to be between 300 and 86400.

For WLANs with a session timeout range from 1 to 65535—By default, the session timer is disabled. To enable the session timer, enter a range from 1 to 65535. To disable the session timer, either:

Enter the no session-timeout WLAN configuration command.

Set the session timeout field on the Web UI to 0 .

For WLANs with a session timeout range of 300-86400—The session timer cannot be disabled. The default session timeout is 1800 seconds.

Use the no session-timeout WLAN configuration command to reset the timer to its default setting, 1800 seconds.

Use the session-timeout timeout WLAN configuration command to set the timer from 300 to 86400 seconds.

Use the session timeout field on the Web UI to set the timer from 300 to 86400 seconds. The default is 1800 seconds.

  • CSCun15859

A memory leak occurs when updating the SSID on the controller.

There is no workaround.

  • CSCun22639

The DHCP table on the controller does not get populated when IPv4 Source Guard (IPSG) is enabled on ports connected to hosts.

  • CSCun26520

The High Availability (HA) feature on the controller does not work if all 1 Mbps, 2 Mbps, 5.5 Mbps, 11 Mbps for the client radio transmission are disabled.

The workaround is to set the highest mandatory rate to 11 Mbps.

  • CSCun29753

A crash might occur on the controller in this scenario:

1. Only 2 clients (Client-1 and Client-2) associated with ACL (ACL-1)

2. Client-1 is in an “unloaded” state for ACL-1 due to label exhaustion

3. Client-2 is working fine and has ACL-1 and ACL-2

4. Client-2 leaves and no other clients are using ACL-1 then Client-1 leaves

5. ACL-1 database entry has been freed and the stale pointer is left behind

6. The controller memory manager has re-assigned the ACL-1 freed memory

7. This memory has been over-written by the new process before the entire database clean-up has completed for ACL-1.

There is no workaround.

  • CSCun31450

While running UDP IP SLA applications, the controller crashes due to high CPU utilization.

There is no workaround.

  • CSCun32266

When a high number of wireless clients join and leave the network, a label leakage on the controller can occur, resulting in new clients not being able to join the network.

There is no workaround.

  • CSCun36781

A controller running Cisco IOS XE release 3.3.2SE continuously reboots when autoloading of configuration files from a network server is configured ( service config global configuration command).

The workaround is the following:

1. Access the bootloader through a controller console connection.

2. Power up the controller.

3. Press and hold the Mode button until the LED glows amber.

4. At the bootloader Controller: prompt, create a new boot variable (for example, set SWITCH_IGNORE_STARTUP_CFG=1 ).

5. Verify that the disable password recovery variable is not set to 1 (for example, SWITCH_DISABLE_PASSWORD_RECOVERY=0).

6. Enter boot flash : packages.conf.

7. Copy startup-config to running-config.

8. Change any configurations you need (such as, username, password, etc.).

9. Copy running-config to startup-config.

10. Restart the controller.

11. Access the boot loader again.

12. Unset the variable ( unset SWITCH_IGNORE_STARTUP_CFG ).

13. Boot the flash: packages.conf

  • CSCun40246

Re-authentication fails for clients enabled for 802.1x and dynamic WEP after session-timeout. The client is deleted and it goes through a complete client join process to connect to the network.

There is no workaround.

  • CSCun44526

Latency in getting an IP address and dropped SNMP responses occur due to high CPU utilization during web authentication.

There is no workaround.

  • CSCun46486

A crash on the controller occurs when adding guest users through the snmpset command.

There is no workaround.

  • CSCun48219

The controller stack crashes when DHCP snooping is configured.

The workaround is to disable DHCP snooping on the stack.

  • CSCun48721

IP devices are not able to connect to the network, because the controller responds to ARP probes which are not destined to it.

The workaround is to assign a static IP address to the new device. If IP address conflicts continue to persist, disable routing on the controller.

  • CSCun55391

Using the show avc wlan command on a controller running Cisco IOS XE 3.3.1SE can cause the controller to crash.

The workaround is to not use this command on the controller.

  • CSCun62776

A crash on a stack member occurs when Flexible NetFlow is enabled and when there are two active flow monitors configured on the 10 Gbps interfaces in each direction.

There is no workaround.

  • CSCun84970

When sending traffic from two IXIA ports, the controller packet counter incorrectly displays the frame values for InUcastPkts/OutUcastPkts, InMcastPkts/OutMcastPkts, and InBcastPkts/OutBcastPkts.

There is no workaround.

  • CSCun87876

Platform table manager entries for multicast resources are not available on the standby switch after a switchover occurs on a switch stack with densely populated interfaces and heavy multicast usage (either many groups in use or regular leave and join processing).

The workaround is to reboot the switch stack to recover the table entries.

  • CSCun92474

Legacy client devices (which do not support version 2 of Extensible Authentication Protocol (EAPoL)) do not respond to EAPOL messages from the controller and thus are not able to join.

There is no workaround.

  • CSCun94333

A web authentication failure occurs on an ISE because the session ID is no longer valid. This occurs on a controller—running 3.3.1 with Central Web Authentication (CWA) configured—when the following happens:

a. The client associates and MAC Authentication Bypass (MAB) is configured.

b. The client is associated again before web authentication completes.

c. After MAB is configured again on the client, the controller sends an accounting stop and sends nothing more to the client.

The workaround is to reassociate the client.

  • CSCun96020

When a large number of Application Visibility and Control (AVC) flows are being learned from a scaled number of access points and wireless clients, the AVC cache fills up and the controller runs out of memory. This causes clients to lose connectivity to the controller after a day or so.

The workaround is to disable AVC.

  • CSCun97822

A VLAN name containing all numerics and exceeds 4095 characters, cannot be configured through the Wireless Web UI.

The workaround is to include at least one alphabetic character in the VLAN name.

  • CSCun98131

The controller displays random values for entityMIB instances.

There is no workaround.

  • CSCuo01232

Latency in getting an IP address and dropped SNMP responses occur due to high CPU utilization during web authentication.

The workaround is to separate the web authentication traffic to a different queue.

  • CSCuo01236

High CPU utilization occurs when HTTP secure server (HTTPS) is enabled and many web authentication clients are in INIT state.

The workaround is to disable HTTPS but you will not be able to access the controller through the Wireless Web UI.

  • CSCuo14829

Traffic disruption is caused by IPv6 Multicast Listener Discovery (MLD) group-specific query packets.

The workaround is to restart the controller.

  • CSCul31038

The CISCO-STACK-MIB is not supported. For portDuplex and portIfIndex, use the ifMauDefaultType in MAU-MIB.

Resolved Caveats in Cisco IOS XE Release 3.3.2SE

  • CSCtq21722

SNMP freeing of invalid memory block causes the controller to reload.

There is no workaround.

  • CSCud17778

A memory leak due to SNMP traps causes the device to respond sluggishly to commands and can cause the device to crash. This condition happens when:

More than one snmp-server hosts are configured.

The snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart command is configured.

A host is sending broadcast SNMP traps

The workaround is to use the no snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart command, and then reload the device.

  • CSCui40588

After enabling aaa authentication login , the wireless webUI is not available on the controller.

The workaround is to configure local authentication on the controller. If AAA authentication is necessary, use ONLY the CLI to manage the controller.

  • CSCui75983

After rebooting the switch stack, ingress traffic matching a policy with multiple class maps of different ACLs might match the wrong class map.

The workaround is to remove the policy and reapply the policy on the affected interface.

  • CSCuj58616

Memory leaks can occur if you create a policy map on a WCM that already has policy maps configured.

There is no workaround.

  • CSCuj61051

The Wireless Control Module (WCM) on the controller crashes if the IOSd processing a AAA request and the AAA server is not available.

There is no workaround.

  • CSCuj81941

A sync error occurs on the active controller when a Prime Infrastructure (PI) template with a changed beacon is pushed.

There is no workaround.

  • CSCuj98181

The standby WLC 5760 crashes when an incorrect mobility tunnel is created.

There is no workaround.

  • CSCul19814

After collecting “raw netflow” data, the active switch crashes. The show flow monitor v4 cache privileged EXEC command causes the switch to reboot with the following message: %SCHED-3-TRASHING: Process thrashing on watched message event.

There is no workaround.

  • CSCul21515

Client TCP traffic is restricted to below 300kbps when client policy is set to police at 1Mbps on output direction.

Make sure that client TCP traffic is <1Mbps and closer to it.

  • CSCul26646

Using the slow flow monitor command during a SSH session causes the switch to crash or reboot with the following message: %SCHED-3-TRASHING: Process thrashing on watched message event.

There is no workaround.

  • CSCul30304

Multicast traffic is not routed between vlans. The “rep ri” column will show “0” for the affected multicast groups. Also, the output of the show platform table-manager database resource_type 21 | count F0 command will show more than 3000.

Reloading the switch will temporarily fix the problem but it might come back.

  • CSCul30792

Heavy continuous polling can cause an SNMP leak of 1 MB in 24 hours.

There is no workaround.

  • CSCul31225

The SVI set cos command does not work.

There is no workaround.

  • CSCul32843

Due to the Cisco AVC feature, FED crashes can occur every other day on a WLC 5760 running Cisco IOS XE3.3.0SE or 3.3.1SE.

The workaround is to disable Cisco AVC on the WLC.

  • CSCul39085

Over long periods of wireless AP joining and leaving on short intervals, memory-related crashes might occur. AP join and leave timing may cause memory related crashes. Crashes are in the form of memory corruptions like magic pattern, red zone corruptions or segmentation faults.

These crashes can happen due to these conditions:

Large amount of wireless AP joining and leaving quickly.

Network connectivity between AP and wireless controller is flapping quickly.

Unstable supporting features such as Dot1X, WebAuth or other external server access.

Misconfiguration in wireless-related features causing AP to join and leave quickly.

The workarounds are:

Monitor AP join/leave frequency, isolate APs that might be flapping quickly.

Monitor network connectivity between wireless controller and the core switch, to prevent all APs to join/leave at the same time.

  • CSCul54414

When a password on the switch is changed, sometimes later configurations from the CLI do not work.

There is no workaround. To access the CLI, start a new vty session.

  • CSCul54484

A slow memory leak on the switch in the eicored process occurs when another stack member is reloaded.

There is no workaround.

  • CSCul66968

A crash occurs after configuring a channel-group and bringing a port-channel.

There is no workaround.

  • CSCul79858

A memory leak might occur when the switch, running Cisco IOS XE 3.3.0 or 3.3.1, is being periodically SNMP polled. The switch might then crash after running out of memory.

Avoid periodic SNMP polling of the switch.

  • CSCul84467

Connectivity and traffic loss occurs if the active switch is powered off, and if the active switch is port channeled to a Nexus 7K.

Connectivity and traffic resume only when the switch is powered on.

  • CSCul87219

If a client authentication fails several times and exclusion is configured, the client gets excluded and the exclusion remains even after reloading the WLC. There is no way to remove the client from exclusion and the client is not able to connect to any other WLAN/SSID.

The workaround is to disable exclusion on the WLC to avoid this from happening for other clients. However, clients already excluded are not able to connect to the network.

  • CSCum04129

A crash occurs when removing a VLAN from the VLAN pool.

There is no workaround.

  • CSCum21662

Polling of some QoS SNMP objects can result in a memory leak. The following QoS MIB OIDs contribute to the memory leak:

Object: cportQosEgressQueueStatsEntry

OID: 1.3.6.1.4.1.9.9.189.1.3.5.1

Object: cportQosStatsEntry

OID: 1.3.6.1.4.1.9.9.189.1.3.2.1

Type: CportQosStatsEntry

Avoid polling these objects, or disable QoS.

  • CSCum59496

The switch stops working if a flood of CDP packets causes a memory leak.

There is no workaround.

  • CSCum66933

A crash occurs during IOSd processing due to an igmpsnoop_mrd.c file.

There is no workaround.

  • CSCum78391

The Wireless Control Module (WCM) crashes every 10 to 15 minutes because the WCM fails to assign wireless clients to a VLAN.

There is no workaround.

Resolved Caveats in Cisco IOS XE Release 3.3.1SE

  • CSCsl45701

The TACACS+ per VRF feature is not working and authentication fails.

The workaround is to use the TACACS+ source interface from the global routing table, not VRF.

  • CSCuc63146

Port-channel interface flap when changing vlan allowed list.

  • CSCud08538

WCM unresponsive on 2M at pthread_mutex_lock.

  • CSCue49527

Controller should use a new session ID for every fresh authentication.

There is no workaround.

  • CSCug18767

Apple devices are unable to login to WEB authentication.

The workaround is to connect to the WEB authentication SSID, open a WEB browser, close the browser, change the device's SSID settings to disable Auto-login, and then re-open the browser. The client should then WEB authenticate successfully.

  • CSCui69999

Switches with different images in the same stack are not supported.

The workaround is to ensure that all switches in the same stack are running the same image.

  • CSCuj21417

AID leak causing stale client entries on WLC

The workaround is to disconnect and reconnect AP to clear stale clients.

  • CSCuj34025

AUP PDF page does not display in PDF format.

  • CSCuj48089

The switch is stuck in a broadcast queue that prevents packets to enter the queue.

The workaround for ARP is to re-enable NMSP (no nmsp attachment suppress). This action will allow ARP traffic to be processed. A reload will also clear this state.

  • CSCuj48889

Crash due to eicore_ipc used up CPU.

  • CSCuj51372

In rare cases, Mac Learning does not occur for either ports 1-24 or ports 25-48 on one stack member in a switch stack. The other stack members are not affected.

The workaround is to reload the affected stack member.

  • CSCuj57007

DHCPACK with no DHCPOPT_LEASE_TIME option field should trigger IPDT.

The workaround is to release and then renew the IP address on the Lenovo W520.

  • CSCuj78610

High cpu issue at TUD on 03.12.19.EZP for process Auth-proxy HTTP dae.

There is no workaround.

  • CSCuj81949

WCM stopped responding on AAA authentication code. This issue occurs in a scale environment.

There is no workaround.

  • CSCuj91918

Number of MA RF members is restricted to eight (8) on MC, but allowed limit is 20 members.

There is no workaround.

  • CSCul03186

Hotspot error occurs intermittently on iPad.

  • CSCul06456

There is no SNMP MIB object available to add a local netuser or guest user.

The workaround is to use the CLI to add the user.

  • CSCul06619

Stale IPDT entries causing client to be stuck in DHCP reqd state.

  • CSCul13504

Web authentication logout pop-up window is not disabled.

There is no workaround.

  • CSCul27659

The controller always uses Layer 2 MGID when it sends multicast data to the access point. Every interface created is assigned one Layer 2 MGID.

L2 MGID is not sent to AP for Guest WLANs. So if DHCP NAK (which is broadcast as per current code) is received by AP it gets dropped and never reaches end client.

  • CSCul27717

Cisco APs are disassociated in a large scale setup (500 or more APs) when the debug capwap or debug dtls command is enabled (even with a MAC filter in place).

The workaround is to disable these debug commands.

  • CSCul30051

Clients fail authentication (psk/dot1x) due to uncreated dot1x interface for the AP.

The workaround is to reboot the AP on the client that cannot authenticate.

Resolved Caveats in Cisco IOS XE Release 3.3.0SE

  • CSCua75283

The following tracebacks are noticed on normal setup:

DATACORRUPTION-1-DATAINCONSISTENCY: strstr_s: dmax exceeds max, -PC= 0x240BE60Cz
-Traceback= 190BA74z 182D4C8z 5E68CD5z 5E68B63z 55817EBz 55815D7z 558154Dz 5580E60z 5580444z 55802CAz
 

There is no workaround. There is no functional impact.

  • CSCuc12774

When the Ethernet management port receives a frame whose destination MAC address is not FA1, it does not drop the traffic. Instead, the port uses the vrf mgmtVrf routing table to route the traffic back.

There is no workaround.

  • CSCuc95293

In very rare cases, all traffic to and from the controller ceases; all access points and LAG links disconnect as the controller fails to transmit the LACP PDUs; however, the management interfaces function.

  • CSCud11467

When the same PV HQOS policies are applied to both directions of an interface, the output policy stops working when the input policy is removed.

The workaround is to detach the output policy and reapply it to the interface.

  • CSCud11552

After a HQOS policy is attached to interface and the interface speed or bandwidth is changed while the policy is attached, the HQOS policy gets detached from the interface.

The workaround is to detach the policy, change the bandwidth or speed of the interface, and reattach the policy.

  • CSCud54501

The class video counters for the AP port policy appear as zero when you use the show policy-map interface wireless ap command.

There is no workaround.

  • CSCud54725

When a class is removed from a queuing policy map that is attached to a wired port, the queue programming in the hardware is removed.

The workaround is to remove the policy from the port before making modifications.

  • CSCud55333

When the incoming rate is far beyond the rate configured in a policy map through policing, the traffic is not properly shaped.

The workaround is to configure the policy map with priority level 1 percent and priority level 2 percent instead of configuring the policy with priority level x and policing.

  • CSCud56426

When you modify the webauth virtual IP while there are active webauth sessions, the session stays in the pending-delete state and you cannot create a new session.

The workaround is to not make CLI changes when authorized webauth sessions are in use.

  • CSCud60008

When a policy with priority and a policer is attached to a range of interfaces on an uplink, in some scenarios, any change made to the policer rate causes the policy to be unprogrammed on one or more ports.

The workaround is to remove the policy from the affected ports and reattach it.

  • CSCud60070

When configuring policy maps using absolute values, the maximum rate is limited to 2G/second.

The workaround is to configure policy maps using the priority level 1 percent x command instead of configuring absolute values with the priority level 1 x command.

  • CSCud62982

When policers are attached to uplink interfaces using the range command, the policers do not always work.

The workaround is to attach the policy to each port, one by one.

  • CSCud63110

In a hierarchical queueing policy, a table map under the child policy continues to mark traffic after the policy is detached from an interface.

The workaround is to attach a default policy, for example:

policy-map trust-cos
class class-default
set cos cos table default
 

You then detach it.

  • CSCud63823

After a queuing policy is deleted from one uplink port (10 G), the queueing policy on the other 1-G uplink stops working.

The workaround is to detach the policy and reattach it.

  • CSCud65034

When using hierarchical policies, the child classification does not work properly when its matching value is a subset of the parent class's matching values for COS, DSCP, UP, and PREC classes.

The workaround is to configure hierarchical policies to achieve one of these results:

The parent class has only class-default and the child class has user-defined classes.

The parent class has user-defined classes and the child has only class-default.

  • CSCud71747

The snmp get command on cLMobilityExtMoMcLinkStatus for a given mobility controller (MC) and on cLMobilityExtMcAssocTime for a given mobility controller's client returns incorrect values.

The workaround is to use the following commands:

show wireless mobility oracle summary to display the link status between the mobility oracle and the mobility controller

show wireless mobility controller client summary to display the client association time.

  • CSCud72626

After a per-VLAN policy is removed from a port, the policer stays active. The VLAN has an SVI with a policy attached that is performing a set.

The workaround is to remove the policy from the SVI before removing it from the port.

  • CSCuf86171

The DHCP snooping database agent fails to start while changing the DNS entry that the URL pointed to or when restarting the DHCP server. To avoid this issue, use another file transport mechanism like SCP or TFTP.

The workaround is to reload the controller.

  • CSCuf93185

When a 1-G port on a Catalyst 3850 switch is connected to a 10-G port on a 5760 controller with a 1-G SFP module, the 10-G controller port stays up even when the switch port is shut down.

There is no workaround.

  • CSCug38523

In WebUI, it takes up to 10 to 15 seconds for the home page to load.

There is no workaround.

  • CSCug41165

If you copy and paste several wireless configuration lines into the configuration, the system drops the first few characters from every other line. The number of characters dropped appears to be related to how long the command takes to execute. The issue does not occur on non-wireless configuration lines.

The workaround is to copy and paste line by line.

  • CSCug58178

Multicast traffic travels on the WLAN-mapped VLAN rather than on the AP-group mapped VLAN when an AP is placed in an AP group where VLAN is overridden for the SSID and a client associates with the AP that is broadcasting this SSID.

There is no workaround.

  • CSCuh20848

The console displays %IPC-5-WATERMARK log messages repeatedly.

There is no workaround. There is no functional impact.

  • CSCui59004

When the Network Time Protocol (NTP) configuration is removed from the controller, the Cisco IOS software unexpectedly halts.

There is no workaround.

Troubleshooting

For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at this URL:

http://www.cisco.com/en/US/support/index.html

Choose Product Support > Wireless. Then choose your product and click Troubleshoot and Alerts to find information for the problem that you are experiencing.

Related Documentation

  • Cisco 5700 controller documentation at this URL:

http://www.cisco.com/en/US/products/ps12598/tsd_products_support_series_home.html

  • Cisco Validated Designs documents at this URL:

http://www.cisco.com/go/designzone

  • Error Message Decoder at this URL:

https://www.cisco.com/cgi-bin/Support/Errordecoder/index.cgi

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation , which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html

Subscribe to the What’s New in Cisco Product Documentation , which lists all new and revised Cisco Technical documentation, as an RSS feed and deliver content directly to your desktop using a read application. The RSS feeds are a free service.