These caveats are open in controller software release 18.104.22.168.
- CSCsb77595—When logging out from Telnet/SSH sessions, the session always prompts the user to save changes, even when no changes have been made.
Workaround: Ignore the prompt and exit as usual.
- CSCsd54928—The CPU ACL is unable to block LWAPP packets that are destined for the IP address of the dynamic interface.
- CSCsd84706—Containment information for ad-hoc rogue access points is not shown on the controller GUI.
Workaround: Use the controller CLI.
- CSCsd95723—Some users might be confused when presented with the None and DHCP options for configuring the service port interface in the initial controller setup wizard. These options are available for a controller that has no configuration and the setup wizard is being used to configure it.
Workaround: Users can interpret the None option as Static and a logical alternative to DHCP.
- CSCse06202—When a controller’s IKE lifetime expires, a rekey is not offered.
- CSCse06206—The controller sends a DEL notification when the IKE lifetime expires, but it does not send the notice to the client.
- CSCse87087—A controller with link aggregation (LAG) enabled fails Ethernet link redundancy. This problem occurs when the controller uses an Ethernet copper gigabit interface converter (GBIC) instead of a fiber GBIC and one of two Ethernet cables is pulled out of the GBIC.
Workaround: Clear the configuration on the controller. Then reconfigure the controller and perform the redundancy test.
- CSCsf29783—The Cisco WiSM reboots after experiencing a failure with the reaperWatcher mmMfpTask.
- CSCsg04831—There are not enough debugs to determine the packet flow in the controller for guest access.
Workaround: Use a wireless sniffer trace.
- CSCsg48089—If you lose your controller password and have not backed up the configuration, the recovery mechanism is to revert to the factory default settings.
- CSCsg59235—The controller CLI lacks commands for debugging activity at the IP, ICMP, TCP, UDP, TELNET, SSH, and HTTP layers.
Workaround: Use an external packet capture device to collect packets to and from the controller. Send these packets to the Technical Assistance Center (TAC) for analysis.
- CSCsg66040—After a software upgrade, controllers might experience intermittent access to the management interface through HTTPS.
Workaround: Follow these steps to workaround the issue:
a. Make sure HTTPS is enabled on the controller’s management interface, reboot the controller from the CLI, and monitor the last service if error messages appear after the controller prompts you to enter a username and password to login.
b. Login with the relevant credentials and reconfigure the virtual interface with this CLI command:
config interface address virtual 22.214.171.124
c. Reboot the controller and make sure the Secure Web service shows up as OK.
d. Generate a certificate using this CLI command:
config certificate generate webauth
e. Click Yes when prompted and wait a few minutes for the certificate to generate.
f. Reboot the controller.
- CSCsg68046—The complete reason for a TFTP download failure needs to appear on the controller GUI. If the controller cannot find the software file on the TFTP server during a software upgrade, it reports that the transfer failed rather than that the file is not present.
Workaround: Make sure that the file and filename are entirely correct before upgrading, or upgrade using the CLI to receive a more accurate reason for the failure. Further details are available if you use the debug transfer all enable command prior to upgrade.
- CSCsg74578—If you change a controller’s management IP address, it is not sent to the access point unless the access point is reset. As a result, multicasting does not work until the change is made on the access point.
Workaround: Reset the access point so that it rejoins the controller and the controller updates the access point with the new configuration.
- CSCsg84209—The export foreign controller is not deleting the client device when it receives a HandoffEnd message.
- CSCsg87111—While editing a WLAN configured for WPA1+WPA2 with a conditional web redirect to 802.1X, the MIB browser shows a commit failure error.
Workaround: Do not directly change from WPA1+WPA2+conditional web redirect to 802.1X+conditional web redirect. Instead, follow these steps:
a. Remove conditional web redirect and save your change.
b. Change Layer2 to 802.1X and save your change.
c. Change Layer3 to conditional web redirect and save your change.
- CSCsg88704—When you use the default controller setting of 512 for the controller database size, the following problems may occur:
– If you attempt to add a MAC address to a very long MAC filter list, the following error message appears: “Error in creating MAC filter.”
– If you add a large number of users to the local database, some user entries might be silently ignored.
– If you add SSCs for the access points, at some point no more entries can be added, and the following error message appears: “Authorization entry does not exist in Controller’s AP Authorization List.”
Workaround: Configure a larger value for the controller database, such as 2048.
- CSCsg95474—Lightweight access points do not queue disassociation messages, causing the Cisco 7921 phone to remain in a registering loop. This problem occurs when you change the data rate on the access point.
Workaround: Power cycle the 7921 phone.
- CSCsh11086—If you press Ctrl-S and Ctrl-Q to pause and restart the output of a command such as debug dot1x event enable, the controller reboots.
Workaround: Do not stop the console using Ctrl-S.
- CSCsh15411—When an access point drops the IAPP packet from a CCX client just after association, the CCX Layer 2 roam history may not be available for CCX clients on the controller.
- CSCsh31104—The word channel is misspelled in the message log.
- CSCsh96186—Large IP packets that have been split into multiple fragments might fail to be reassembled by a 4400 series controller.
Workaround: Redesign the network and reconfigure the communication endpoints to eliminate any points where such a small fragment could be generated.
- CSCsi06191—After you reboot the controller, the master controller mode is disabled.
- CSCsi13399—The Expiration Timeout for Rogue AP Entries parameter on the Rogue Policies page applies to both rogue access point entries and rogue client entries. The parameter name should be changed to reflect both types of entries.
Workaround: None. This is a cosmetic issue.
- CSCsi17242—If a controller starts a timer (such as reauthentication or keylife time) after running for approximately 52 days, the timer might take a long time to fire (up to another 52 days).
Workaround: Clean up the timers. If the problem is related to the client, deauthenticate the client to clean the timer. If the problem is related to the WLAN, such as a broadcast key update, disable and then re-enable the WLAN.
- CSCsi26248—You might lose connectivity when adding or recovering a second link aggregation (LAG) link.
Workaround: Recover the LAG link when service is not in use. You might also want to consider not using this type of configuration.
- CSCsi29262—When an access point radio is configured to override a WLAN of 32 characters, the access point radio stops beaconing the WLAN.
- CSCsi30541—Loss of connectivity to the management interface occurs when you add a new dynamic interface and the configured DHCP server on all other interfaces is in the new dynamic interface subnet and the new interface has a shorter mask than the other interfaces.
Workaround: Configure a 10/24 interface or a different 10/16 subnet such that the new dynamic interface does not contain the DHCP server IP address currently defined on all interfaces.
- CSCsi40354—Traffic stream metrics (TSM) information is not sorted chronologically on the controller GUI.
- CSCsi72324—A service port with IP address 0.0.0.0 responds to an ARP for the AP-manager interface.
Workaround: Unplug the service port and reconfigure it on the correct subnet.
- CSCsi72578—After you set up the mobility anchor feature between two controllers, the client does not successfully connect to the specified anchor controller when the WLAN QoS profile is set to bronze.
Workaround: Change the WLAN QoS profile on both the internal controller and the anchor controller to silver.
- CSCsi72767—A script runs each time you generate a dependency file, which makes the build very slow.
- CSCsi86794—When auto channel selection is enabled on a controller running 126.96.36.199 or later and access points are set to channels 100, 104, 108, 112, 116, 132, 136, or 140, clients cannot associate.
Workaround: Follow these steps to disable channels 100 to 140. Make sure to disable the radio network and then enable it after the channel change.
a. On the controller GUI, click Wireless > 802.11a/n.
b. Click DCA under RRM.
c. Uncheck all of the channels between 100 to 140.
d. Click Apply to commit your changes.
- CSCsj03124—RLDP behavior is inconsistent when initiated from a Cisco 1250 series access point.
Workaround: Use access points other than the 1250 when RLDP needs to be used.
- CSCsj06245—Portions of the output of the show tech-support CLI command might be formatted incorrectly, making the information difficult to read.
- CSCsj10755—When multicast mode multicast and IGMP snooping are enabled, the controller periodically sends out IGMP query messages to the clients. This IGMP query is sent as individual queries to each access point.
- CSCsj10945—The controller does not factor in the antenna gain when reducing the output power.
Workaround: Manually adjust the antenna gain, but this action can interfere with auto RF.
- CSCsj14255—Sometimes the multicast stream to wireless clients stops, and the upstream router does not receive IGMP reports. This problem occurs when there are multiple IGMP requests on the same VLAN and the controller responds only to the last query or when simultaneous IGMP queries are sent from more than five VLANs and the controller responds to only the first five.
- CSCsj14304—With IGMP snooping enabled, MGIDs are assigned to reserved multicast addresses.
Workaround: Use an upstream ACL if packets with reserved multicast addresses need to be blocked.
- CSCsj17054—A misleading message appears on the controller GUI when you upload software or certificates.
Workaround: Ignore the message and choose the correct options to upload files on the controller.
- CSCsj29501—When the session slot or telnet command times out on the supervisor on the Cisco WiSM and you try to log in again, any character that you enter is duplicated.
Workaround: Use a direct console connection to the Cisco WiSM.
- CSCsj44861—An access point might transmit neighbor messages when it is not connected to a controller.
- CSCsj54064—The downstream throughput is low when using a long packet size with ACLs on the 4400 series controller and the Catalyst 3750G Wireless LAN Controller Switch.
- CSCsj59237—The traffic stream metric (TSM) packet count is not reported correctly.
- CSCsj59441—Channel information for a rogue access point does not appear on the rogue access point report.
Workaround: Enable the rogue access point trap for the registered controllers or view the channel information on the controller.
- CSCsj61649—Whenever a log analysis report is generated on a CCXv5 client using WCS, the DHCP and AAA logs are swapped.
Workaround: Use the controller CLI to view this information.
- CSCsj67447—When you use the controller GUI to modify an existing (or newly created) guest LAN and you choose an ingress interface that is already in use, no error appears. The error that appears on the CLI should also appear on the GUI: “ Ingress interface is in use by some other guest lan.”
- CSCsj85329—The controller GUI should explain how the password changes with RADIUS compatibility mode. The RADIUS server names help users match to their type of RADIUS server, but the server types should be explained:
– Cisco ACS—In the RADIUS access-request packet, the username is the client MAC address, and the password is the client MAC address.
– Free RADIUS—In the RADIUS access-request packet, the username is the client MAC address, and the password is the controller’s shared secret with the RADIUS server.
– Other—In the RADIUS access-request packet, the username is the client MAC address, and the password is not sent in the RADIUS access-request packet.
- CSCsj87925—The controller GUI netmask for an ACL accepts arbitrary values.
Workaround: Enter a valid netmask.
- CSCsj88889—WGB and wired WGB clients are shown using different radios.
- CSCsj88990—Rogue access point client information shown for the access point does not match the client information from the Rogue Client Details link.
Workaround: View the current rogue client information from the controller.
- CSCsj92716—A WGB device periodically loses connectivity with the controller.
- CSCsj96589—Using the MAC address from the label on an 1131 or 1242 access point in the debug mac addr command produces limited debug output.
- CSCsj97900—The call admission control (CAC) TSPEC is not traffic shaping and allows a new call setup when the physical data rate is higher than one single data rate configured on the controller.
Workaround: Follow the instructions in the VoWLAN deployment guide to enable a realistic higher data rate for the Cisco 7921 phone and turn on the supported rate as recommended.
- CSCsk01633—The EAPOL key message is truncated with an invalid replay counter.
- CSCsk08360—Further clarification is needed on the following message log entry: APF-1-DISCONECT_MOBILE_DUE_TO_WLAN_SWITCH: Disconnecting mobile 00:16:6f:79:82:75 due to switch of WLANs from 2 to 1.
- CSCsk08401—The formatting for the config paging ? CLI command needs to be corrected.
- CSCsk08707—The 1250 series access points receive console error messages indicating that the primary discover decode failed.
- CSCsk15603—On the controller GUI, a conditional web-redirect configured with 802.1X security generates an error.
Workaround: None. Although an error message appears, the user configuration is saved.
- CSCsk17001—When a guest LAN with a blank ingress interface name is added to the controller, the application fails with an SNMP exception message.
Workaround: Use the controller CLI to configure a guest LAN. You might need to delete a previous guest LAN if it has a blank ingress interface configured on it and then recreate it. By default, the ingress interface is blank.
- CSCsk21007—The controller requires TACACS+ authentication when a configuration setting is changed on the controller GUI or a GUI page is opened.
- CSCsk22861—An MGID entry is not cleared from the access point when IGMP snooping is disabled.
- CSCsk49157—When you change the session timeout of a WLAN that is using a backend RADIUS authentication server, any existing client that is using that WLAN shows its reauthentication timeout as infinite, even though there is a finite time after which reauthentication occurs.
- CSCsk49200—The hybrid-REAP local switching option should be removed for wired guest LANs.
- CSCsk49282—The guest LAN and WLAN are not clearly differentiated.
- CSCsk50477—The BCAST_Q_ADD_FAILED message contains typographical errors.
- CSCsk60655—The default frequency value in the intrusion detection system (IDS) file should be equal to or greater than the maximum deauthentication packets sent by an access point.
- CSCsk63047—Dynamic transmit power control (DTPC) does not work on Cisco1240 series access points in WGB mode.
- CSCsk68117—U-APSD state changes on a client device are not updated on the controller.
Workaround: Reboot the access point, or disassociate the client from the controller and then reassociate it.
- CSCsk68619—When using an Intel 4965 802.11n client device with a 1250 series access point, the upstream throughput is higher than the downstream throughput.
- CSCsk70727—A 7921 IP phone in world mode is not connecting to a 4400 series controller with country code KE.
Workaround: Use country code KR instead of KE. Note that this reduces the number of available channels on the 802.11a radio to 149, 153, 157, and 161.
- CSCsk74050— If you configure an ACL name with 32 characters, the ACL override fails during roaming.
Workaround: Use ACL names with up to 31 characters.
- CSCsk76973—When you upgrade a controller from software release 188.8.131.52 or earlier, access points immediately begin downloading the new software image from the controller instead of waiting until the controller is rebooted and the downloaded image is running on the controller.
Workaround: Disconnect the access point-to-controller path before upgrading the controller from software release 184.108.40.206 or earlier.
- CSCsk78264—A change in the RF domain name takes effect only after a reboot.
Workaround: Reboot the controller after changing the RF domain name.
- CSCsk79382—CCXv4 and CCXv5 clients receive an Adjacent Access Point Report from the controller even though this report should be sent only to CCXv2 and CCXv3 clients.
- CSCsk80312—If port 2, 3, or 4 is used for the management interface on a 2006 controller running software release 220.127.116.11, no management access is available after the controller reboots.
Workaround: Use port 1 for the management interface, or assign a different port for the management interface and then change back to the original port using these CLI commands:
– config wlan disable wlan_id
– config interface port management any_other_port#
– config interface port management original_port#
– config wlan enable wlan_id
- CSCsk83426—A hybrid-REAP access point does not reauthenticate after entering standalone mode.
- CSCsk85091—If Rogue Location Detection Protocol (RLDP) is enabled on the controller, you may see radio reset messages on the access point console. There may also be a brief interruption in client traffic flow.
Workaround: Disable RLDP.
- CSCsk86536—The wrong error message appears when you change country channels with the 802.11a radio enabled.
- CSCsk86992—Many instances of the following message appear in the controller or WCS trap logs:
MFP Anomaly Detected - 1417 Missing MFP IE event(s) found as violated by the radio xx:xx:xx:xx:xx:xx and detected by the dot11 interface at slot 0 of AP xx:xx:xx:xx:xx:xx in 300 seconds when observing Probe responses, Beacon Frames. Client's last source mac xx:xx:xx:xx:xx:xx
Workaround: After you confirm that the cause is not a spoofing attack from a rogue access point, disable and then re-enable the access points identified in the messages. If the problem persists, disable MFP validation on some of the access points, or disable infrastructure MFP globally.
- CSCsk99318—Controllers sometimes drop packets for client devices attached to a workgroup bridge when the workgroup bridge roams from one access point to another.
- CSCsl01005—Sometimes bandwidth contracts do not take effect. If a user who has bandwidth restrictions logs in and logs out and then another user who does not have bandwidth restrictions logs in, the bandwidth restrictions are not removed immediately.
Workaround: Reassociate the user between logout of the old user and login of the new user.
- CSCsl03097—When a hybrid-REAP access point in standalone mode is on the DFS channel, the access point’s radio goes down if a radar event occurs on its operating channel.
Workaround: Wait until the access point’s connectivity to the controller recovers, or reboot the access point.
- CSCsl04281—The show run-config command might truncate access point neighbor information in a large environment.
Workaround: To reduce the occurrence of this issue, disable paging using the config paging disable command.
- CSCsl06484—While a 1250 series hybrid-REAP access point comes online, you may see the following traceback, which is harmless:
Oct 25 22:21:10.747: WARNING: invalid slot ID (255) passed to REAP -Traceback= 0x51F760 0x51F910 0x4CA740 0x4CDC60 0x4DAB20 0x4BCCBC 0x4BD5E8 0x1CC6DC 0x1CE454
- CSCsl09066—The WCS access point group VLAN profile configuration does not match the actual WLC configuration when you use multiple interface mapping profiles under the same access point group VLAN where all of the SSIDs start with the same letters or numbers.
- CSCsl09218—You cannot upload a binary backup from the CLI on controllers running software release 4.2.
Workaround: Upload the XML file from the controller.
- CSCsl11352—The console output in software release 4.2 does not indicate which controller an access point joins when you add it to your network.
Workaround: On the access point console, right after you see the “ Press Return to get started” message, enter enable mode (the default password is Cisco), and enter this debug command:
debug ip udp
The output shows all UDP packets sent and received by the access point.
- CSCsl16445—When an access point radio status is down due to lack of CDP response from a neighboring switch, the controller reports Cause=Unknown. However, it should report Cause=Waiting for CDP response.
Workaround: None; this issue is cosmetic.
- CSCsl19025—Controllers do not respond to a device with an IP address that ends in zero, as in x.x.x.0.
Workaround: Change the device’s IP address.
- CSCsl40018—The hybrid-REAP design and deployment guide incorrectly implies that you can configure NAT on both the hybrid-REAP and controller sides of the network link. In reality, NAT is supported only on the access point side of the network link. The hybrid-REAP design and deployment guide is available at this URL:
- CSCsl42328—The controller should not allow you to use the IP address of the gateway as the interface address.
Workaround: Make sure that the interface IP address and gateway IP address are different.
- CSCsl47720—The link test report for a CCX client generated using the controller GUI does not provide enough information.
Workaround: Use the controller CLI. It always provides the correct link test report, except in cases of a CCX client connected to a hybrid-HREAP access point broadcasting a centrally switched WLAN.
- CSCsl48639—An IP address can be configured on a dynamic interface on a controller when that IP address has already been assigned to another device on the network.
Workaround: Check the ARP table on the switch to see if the IP address is bound to a MAC address on the network that is not the controller MAC address.
- CSCsl48776—Controllers sometimes incorrectly forward SSC authentication requests to a RADIUS server.
- CSCsl52203—When you use the controller CLI to create a guest user account, the controller fails to generate a trap log.
Workaround: Use the controller GUI to create guest user accounts.
- CSCsl52445—The internal web authentication page on the controller accepts up to 2,047 characters, but the internal web authentication page in WCS accepts only 130 characters.
Workaround: If you need to enter more than 130 characters on the internal web authentication page, use the controller interface instead of WCS.
- CSCsl57356—When an 802.11n client is associated to a 1250 series access point, sometimes the client does not show up as 802.11n on the controller GUI and CLI. Instead, the controller shows the associated client using the 802.11a or 802.11b protocol if using the 2.4-GHz or 5-GHz band, respectively. However, the client software shows that the client is connected using the 802.11n protocol and at 802.11n data rates.
- CSCsl67177—The Catalyst Express 500 (CE500) might lose connectivity to a 4400 series controller when one port of the portchannel is shut down.
Workaround: Unplug and then plug in both Etherchannel links on the CE500 or the controller. Plug in or unplug any device on the CE500.
- CSCsl70043—When a client device connects to a secure EAP WLAN and immediately switches to an open WLAN, the access point sends a status 12 association response (which is normal) but sends it from the wrong MAC address and BSSID.
Workaround: On the controller CLI, enter config network fast-ssid-change to allow the client devices to connect without incident.
- CSCsl71343—A Buffalo 802.11n client experiences very low TCP throughput on a 1250 series access point with a 5-GHz radio when tested with other clients (the Intel 4965AGN and the Intel 2915ABG).
- CSCsl72849—On networks with multiple WiSM controllers, a WiSM sometimes reboots when more access points are connected to it than to the others. The WiSM reboots at the mmListen task.
- CSCsl77058—The word “rogue” is misspelled in one of the WLAN message log statements. The correct statement should be “APF-1-UNABLE_TO_KEEP_ROGUE_CONTAIN.”
- CSCsl79765—When connected to a controller, 1230 series access points containing AIR-MP31G radios sometimes disable the radios and report that no channel is available.
Workaround: Contact Cisco TAC for more information. A Cisco internal-only procedure can be used to update missing environment variables and burn them into a cookie.
- CSCsl95615—When a master controller exists on the network, an access point that is joined to a secondary or tertiary controller keeps going back to discovery.
Workaround: Disable the master controller mode.
- CSCsm03461—A command is needed to show the ER image or bootloader version that is currently running as well as the one that will be installed on the next bootup. Currently, the bootloader is used to verify if an ER image or bootloader upgrade is successful. However, not all controllers include the bootloader in the ER image.
Workaround: Install the Cisco Unified Wireless Network Controller Boot Software 18.104.22.168 ER.aes file, which contains a new bootloader. A successful transfer and upgrade of the ER file indicates that the ER file has been updated properly.
- CSCsm05607— Large user packets may fail to be successfully forwarded in an EoIP mobility/guest tunnel between controllers.
Workaround: Perform one of the following:
– Reconfigure the IP endpoints to use smaller MTUs.
– If there is an IOS router in the IP path used by the IP endpoints, use ip tcp adjust-mss 1300 or a similar command to get the endpoints to reduce the size of the TCP/IP packets that they transmit.
– Redesign the network path between the EoIP tunnel endpoints to eliminate ICMP filters, tunnels, NAT translations, firewalls, and so on so that it can forward 1500-byte IP packets without fragmentation.
- CSCsm08623—If the config paging disabled CLI command is entered on the controller, the output of the show msglog command is periodically interrupted with the “Would you like to display the next 15 entries?” prompt.
- CSCsm12623—The AAA override dynamic VLAN assignment fails with guest tunneling. Clients successfully authenticate, but the IP address is that of the interface the WLAN is associated to on the anchor controller.
- CSCsm19182—When an 802.11n radio is operating on channel 52 through 140, the channel width is configured for 40 MHz, and a radar event is detected, it is possible for the radio interface to become disabled instead of moving to another channel. This problem occurs when the access point is operating in the vicinity of radar operations or under extreme traffic conditions (when a false radar detection may occur).
Workaround: Disable and re-enable the radio interface.
- CSCsm20234—Discovery requests are not replied to when the AP-manager is in a different VLAN than the management interface.
Workaround: Move the AP-manager to the same VLAN as the management interface.
- CSCsm25127—When you use the controller CLI in controller software release 22.214.171.124 to add a custom logo to the internal web authentication page, a light green border appears above and to the right of the logo.
- CSCsm25943—The meaning of the following error message on the controller is not clear. This message does not necessarily imply that any actual “ARP poisoning” is occurring. Rather, this message appears when a WLAN is configured for DHCP Required and a client (after associating to this WLAN) transmits an ARP message without first using DHCP. The client is unable to send or receive any data traffic until it performs DHCP through the controller.
DTL-1-ARP_POISON_DETECTED: STA [00:01:02:0e:54:c4, 0.0.0.0] ARP (op 1) received with invalid SPA 192.168.1.152/TPA 192.168.0.206
Workaround: Perform the following steps:
a. Determine whether you want to force your wireless clients to perform DHCP first, after associating, before they can send IP packets.
- If you do, then disable DHCP Required, and you will not encounter this problem.
- If you do not, then configure all clients to use DHCP.
b. If the client is configured for DHCP but sometimes still sends IP packets after associating without performing DHCP, then perform the following:
- Verify that the client eventually does perform DHCP without undergoing an unacceptable outage. If the outage before performing DHCP is acceptable, then you can ignore this message.
- If the client never does perform DHCP after associating, then it can never pass Layer 3 traffic. In this case, either determine how to change the client’s behavior so that it always performs DHCP after associating, or simply accept that this client does not work in this application or reconsider your decision to use DHCP Required.
- CSCsm32845—The Guest LAN parameter on the Interfaces > Edit page of the controller GUI might cause confusion for users because the guest LAN is used for interfaces involved in wired guest LANs, not for wireless guest WLANs.
- CSCsm34676—Voice quality might be poor with multicast paging.
- CSCsm36085—Poor IPTV multicast quality might occur on a controller running software release 126.96.36.199 with IGMP enabled.
- CSCsm36798—An ACL that is created (but not applied) is not reflected in the controller’s running configuration after you download the saved configuration from a TFTP server.
- CSCsm40870—The following error message should be reworded:
Jan 24 15:20:55.374 apf_80211.c:2552 APF-4-ASSOCREQ_PROC_FAILED: Failed to process an association request from00:13:ce:37:8b:ff. WLAN:2, SSID:TMDInternal-WPA. mobile in exclusion list or marked for deletion
The message should read as follows:
ASSOCREQ_PROC_FAILED: Failed to process an association request from 00:13:ce:37:8b:ff. WLAN:2, SSID:TMDInternal-WPA. Mobile excluded or marked for deletion.
- CSCsm40889—An 1131 access point must be rebooted in order to join a controller running software release 4.2.
- CSCsm40903—Additional information is needed for the following message: “claspam_lrad.c:1626 LWAPP-6-PORTMAP_ERR: Failed to obtain multicast port map for interface 4, using default index (50).”
- CSCsm40906—The following message appears on the 2106 controller when multicast is disabled: “claspam_lrad.c:1626 LWAPP-6-PORTMAP_ERR: Failed to obtain multicast port map for interface 4, using default index (50).” No multicast messages should appear when multicast is disabled.
- CSCsm41794—Every two weeks or so the anchor controller stops serving web authentication pages to the wireless guest clients. The guest clients get an IP address, but they do not get an IP address for their default gateway.
Workaround: Reboot the controller, and guest users should be able to work fine.
- CSCsm42355—The controller returns a signed 32-bit integer in the MIB object bsnAPIfSlotId although the published MIB module indicates that the controller should return an unsigned integer. This behavior may cause WCS to misinterpret incoming trap data that is eventually used in reports and graphs.
- CSCsm45021—When low data rates (less than 2 Mbps) are used, the access point ACK is missing, which can result in sluggish voice calls.
- CSCsm50601—A Cisco WiSM controller might reboot due to a software failure at mmc_system.c:2089. After the primary WiSM controller reboots, one hundred to several hundred access points fail over to the backup WiSM controller.
- CSCsm56708—For some rogue clients, the “First Heard” time is after the “Last Heard” time, and the rogue access point MAC address is set to all zeros.
- CSCsm65043—1240 series access points might stop accepting new clients. In this case, the show controller d1 command shows the following:
Beacon Flags: 0; Beacons are disabled; Probes are disabled
Workaround: Reboot the access point.
- CSCsm71573—When the following message appears, it fills up the entire message log:
mm_listen.c:5078 MM-3-INVALID_PKT_RECVD: Received an invalid packet from 10.0.x.x. Source member:0.0.0.0. source member unknown.
- CSCsm79901—Wired clients attached to a workgroup bridge (WGB) are retaining the previous IP address after the WGB obtains a new IP address. As a result, the wired client stops sending traffic to the infrastructure network.
Workaround: Release and renew the DHCP IP address manually on the WGB wired client.
- CSCsm80423—The controller cannot block Layer2 multicast traffic.
- CSCsm81195—The controller might stop forwarding client traffic.
Workaround: Reboot the controller.
- CSCsm82725—Clients are able to connect to the Internet without authenticating when using web authentication and port 53 on a proxy server.
- CSCsm82984—When a controller and an access point are brought up with factory default settings, you can Telnet to the access point (even though the show ap config general Cisco_AP CLI command shows the Telnet feature as disabled). Also, once Telnet and SSH are enabled, they are not disabled after you clear the controller’s configuration (even though the output of the show command indicates that they have been disabled).
- CSCsm84952—When you configure wired and wireless guest WLANs on two controllers, a wired guest user obtains an IP address but does not always receive the web authentication page or cannot login properly. Additionally, a reattempt by the wired client might result in obtaining an IP address from the other controller, causing the client to appear to have been handed an IP address from each controller.
Workaround: Disable the wired guest WLAN on one of the controllers and enable it as needed. Using an external DHCP server might resolve this issue as well.
- CSCsm85717—The following error message needs to identify the root cause of the problem:
sntp_main.c:441 SNTP-4-PKT_REJECTED: Spurious.NTP packet rejected on socket.
- CSCsm89253—The controller should log a message if it sends “Telnet is not allowed on this port” to Telnet clients.
- CSCsm94067—1100 and 1200 series access points that have been converted to lightweight mode do not retain the power injector state after a reboot. This setting is enabled on the access point; however, when the access point reboots, it shows as not being enabled on the controller.
Workaround: Manually enable the power injector state after the access point is rebooted.
- CSCsm94702—When the controller is configured through the service port, the VLAN ID and port information do not appear in the output of the show int summary CLI command.
- CSCsm95478—HT protection bits might incorrectly report the operating mode.
- CSCsm95928—A 4400 series controller might reboot due to an NPU lockup.
- CSCsm96105—The controller does not pass traffic to a client device with a MAC address beginning with 00:00:00:00. This issue occurs with both WGB and wireless clients.
- CSCsm97249—Using the controller GUI, users cannot override the global configuration for web authentication in a guest WLAN.
Workaround: Use the config guest-lan custom-web global disable guest_lan_id CLI command to disable the global configuration.
- CSCsm97258—An 1130 series access point might reboot with “%SYS-2-BADSHARE: Bad refcount in pool_getbuffer, ptr=CFFB.”
- CSCsm98659—The clcCdpGlobalEnable SNMP variable cannot be set on the controller unless there is at least one access point present on the controller. This creates problems when trying to add a new controller to WCS. When you create a new controller template on WCS and set the Global CDP on APs value to false, the template cannot be pushed out to any controller that does not have an access point associated to it.
Workaround: Add an access point to the controller. Then you can add the controller to WCS or change the CDP parameter.
- CSCso02340—The controller might report a different power level than is actually used by the access point if you change the channel from one supporting one transmit power to another supporting a different transmit power.
Workaround: Reapply the power configuration.
- CSCso02467—When logging into a lobby ambassador account, you are able to create permanent guest user accounts by setting all parameters to “0.” After logging back into the account, you can verify that these permanent accounts were created under Security > Local Net Users.
- CSCso04989—The controller does not acknowledge video and voice streams from the client for about 60 ms. This problem occurs when WMM is used with Intel 4965 clients on Windows Vista.
- CSCso07457—When the controller downloads a file using FTP, WCS shows the previous transfer state as the intermediate state, which is different from the final transfer state.
- CSCso31640—When you downgrade a 2100 series controller from software release 5.1 to software release 188.8.131.52, any hybrid-REAP groups configured on the controller are lost after the downgrade.
Workaround: None. You must reconfigure the hybrid-REAP groups.
- CSCso51413—When a 1240 series access point is associated to a home access point, the access point console might show the following error message: “Message decoding failed.”
- CSCso88530—When a large number of clients are connecting and disconnecting over a long period of time, the controller might reboot due to a missed software watchdog at the “TempStatus” task.
- CSCso92179—The CIDS sensor allows an invalid server IP address to be configured.
- CSCso97776—If you enable MFP when a guest LAN is configured, the controller might show unwanted logs.
- CSCso99735—The mobility code might not properly handle retransmissions during 4.2/4.1 mobility interoperability.
- CSCsq01766—When you change an access point’s radio configuration, it sends a deauthentication request using the wrong BSSID.
- CSCsq01789—When a client sends data packets to an access point without acknowledging a previously sent deauthentication request from the access point, the access point continues to acknowledge unassociated clients without sending a deauthentication request.
- CSCsq02799—The access point sends beacons while DFS scanning is in process.
- CSCsq06690—The following log might appear unexpectedly on the controller: “Memory 0x3022c8e0 has been freed!”
- CSCsq11933—The controller GUI should show additional client counters, such as device type, rates, current, supported rates, power save, connection-related statistics, and APSD-related information.
- CSCsq14326—A 4400 series controller using a Cisco ACS as a TACACS+ server does not log these CLI commands into the ACS:
– config hreap group name add
– config hreap group name ap add 00:1c:58:34:40:cc
– config hreap group name ap add 00:1a:a1:3f:07:08
– config hreap group name delete
- CSCsq14961—SNMP returns only one record for client roam reports whereas the controller CLI shows multiple records.
- CSCsq15061—A guest client’s fragmented packets that are sent over the EoIP tunnel from the foreign controller to the anchor controller are not getting reassembled properly.
- CSCsq19430—The GUI of a 2106 controller shows a guest LAN interface, even though it is not supported.
- CSCsq20148—The apfRogueTask is leaking 316 bytes of memory periodically with only one access point connected.
- CSCsq22827—The access point name sometimes disappears from the controller GUI and CLI.
- CSCsq23766—A Hifn module installed on a controller running software release 184.108.40.206 might not be initialized.
- CSCsq23968—When you configure the management user authentication priority order through SNMP using the MIB browser, the controller allows you to configure an invalid priority order and to remove all of the authentication methods from the list.
- CSCsq25129—A controller software upgrade might fail with a Nessus scan running.
- CSCsq26051—When a Cisco terminal server connects to the controller but the user is not logged in through the console, the controller might hang after a reboot.