The following Cisco Wireless Controller Platforms are supported in this release:

• Cisco 2500 Series Wireless Controllers (Cisco 2504 Wireless Controller)

• Cisco 5500 Series Wireless Controllers (Cisco 5508 and 5520 Wireless Controllers)

• Cisco Flex 7500 Series Wireless Controllers (Cisco Flex 7510 Wireless Controller)

• Cisco 8500 Series Wireless Controllers (Cisco 8510 and 8540 Wireless Controllers)

• Cisco Virtual Wireless Controllers on VMware ESXi and Kernel-based virtual machine (KVM) systems.

  Note	Kernel-based virtual machine (KVM) is supported in Cisco Wireless Release 8.1 and later releases. After KVM is deployed, we recommend that you do not downgrade to a Cisco Wireless release that is earlier than Release 8.1.

• Cisco Wireless Controllers for High Availability for Cisco 2504 WLC, Cisco 5508 WLC, Cisco 5520 WLC, Cisco Wireless Services Module 2 (Cisco WiSM2), Cisco Flex 7510 WLC, Cisco 8510 WLC, and Cisco 8540 WLC.

  Note	AP Stateful switchover (SSO) is not supported on Cisco 2504 WLCs.

• Cisco WiSM2 for Catalyst 6500 Series Switches

• Cisco Mobility Express Solution

The following access point platforms are supported in this release:

• Cisco Aironet 1040 Series Access Points

• Cisco Aironet 1140 Series Access Points

• Cisco Aironet 1260 Series Access Points

• Cisco Aironet 1600 Series Access Points

• Cisco Aironet 1700 Series Access Points

• Cisco Aironet 1810 Series OfficeExtend Access Points

• Cisco Aironet 1810W Series Access Points

• Cisco Aironet 1815 Series Access Points

• Cisco Aironet 1830 Series Access Points

• Cisco Aironet 1850 Series Access Points

• Cisco Aironet 2600 Series Access Points

• Cisco Aironet 2700 Series Access Points

• Cisco Aironet 2800 Series Access Points

• Cisco Aironet 3500 Series Access Points

• Cisco Aironet 3600 Series Access Points

• Cisco Aironet 3700 Series Access Points

• Cisco Aironet 3800 Series Access Points

• Cisco Aironet 600 Series OfficeExtend Access Points

• Cisco Aironet 700 Series Access Points

• Cisco Aironet 700W Series Access Points

• Cisco AP802 Integrated Access Point

• Cisco AP803 Integrated Access Point

• Cisco ASA 5506W-AP702

• Cisco Aironet 1530 Series Access Points

• Cisco Aironet 1550 Series Access Points

• Cisco Aironet 1560 Series Access Points

• Cisco Aironet 1570 Series Access Points

• Cisco Industrial Wireless 3700 Series Access Points

  Note	The Cisco 1040 Series, 1140 Series, and 1260 Series access points have feature parity with Cisco Wireless Release 8.0. Features introduced in Cisco Wireless Release 8.1 and later are not supported on these access points.

Note	Before you associate Cisco Aironet 1830 Series and 1850 Series APs with Cisco vWLC running Cisco 8.3.112.0 release software, you must upgrade the APs to Cisco 8.3.112.0 release.

Note

Cisco AP802 and AP803 are integrated access points on the Cisco 800 Series Integrated Services Routers (ISRs). For more information about the stock-keeping units (SKUs) for the AP802s and AP803s Cisco ISRs, see http://www.cisco.com/c/en/us/products/routers/800-series-routers/brochure-listing.html. Before you use a Cisco AP802 series lightweight access point with Cisco Wireless Release 8.4, you must upgrade the software in the Cisco 800 Series ISRs to Cisco IOS 15.1(4)M or later releases.

Note	For information about Cisco Wireless software releases that support specific Cisco access point modules, see the Software Release Support for Specific Access Point Modules section in https://www.cisco.com/c/en/us/td/docs/wireless/compatibility/matrix/compatibility-matrix.html.

The TKIP security protocol coverage which extended its support in 8.3.111.0 release for the Cisco Wave 2 APs, remains supported in Release 8.3.112.0.

The TKIP security protocol combination table is applicable to the Cisco Wave2 APs only. The legacy APs continue to support the protocols without any change in this release.

802.11r is the IEEE standard for fast roaming also known as Fast Transition (FT). The Adaptive feature allows you to set up a network without explicitly enabling Fast Transition. Cisco APs and Apple devices (iOS 10 clients) mutually signal that adaptive 802.11r is supported on the network and perform an FT association on the WLAN, doing fast roaming when required. Legacy wireless clients that do not support 802.11r can still join the same network, however they do not benefit from faster FT roaming, joining as normal 802.11i/WPA2 devices. This mode hides FT support to the legacy clients preventing possible interoperability issues.

802.11r (FT) clients that do not support Adaptive feature, would join as regular clients, and would not be able to do fast roaming on WLANs that have Adaptive enabled.

See the following table for a summary of the support matrix:

This feature is supported on the following Wave2 APs:

• Cisco Aironet 1560 Series APs

• Cisco Aironet 1800 Series APs

• Cisco Aironet 2800 Series APs

• Cisco Aironet 3800 Series APs

QoS Fastlane simplifies the application traffic prioritization process so that network congestion is minimized and time sensitive traffic (like voice or video) is delivered on time.

To choose which iOS apps have their traffic prioritized by QoS Fastlane, configure the network with a configuration profile.

This feature support now extends to the following Cisco APs:

• Cisco Aironet 1560 Series APs

• Cisco Aironet 1800 Series APs

• Cisco Aironet 2800 Series APs

• Cisco Aironet 3800 Series APs

The Cisco Aironet 1560 Series Access Points are ideal for applications requiring rugged outdoor Wi-Fi coverage. These APs offer the latest IEEE 802.11ac Wave 2 radio standard in a compact, aesthetically pleasing, easy-to-deploy package. The flexibility of using internal and external antennas helps service providers, enterprise networks, and public safety networks to deploy the fastest links possible for mobile, outdoor clients (smartphones, tablets, and laptops) and wireless backhaul.

The 5-GHz radios have 802.11ac Wave 2 capability. The clients can access the network using 2.4-GHz or 5-GHz radio. Depending on the model, the access point can support up to 1.3-Gbps data rates.

The Cisco Aironet 1560 Series include Cisco wireless innovations such as:

• Cisco CleanAir Technology to view, characterize, and avoid wireless interference

• Cisco ClientLink technology for beamforming

• Radio Resource Management (RRM) for dynamic transmitter channel and power control

Note	In this release, Cisco 1560 Series APs support local, flex, and Mobility Express modes, however, mesh functionality is not supported in this release.

For more information, see https://www.cisco.com/c/en/us/products/wireless/aironet-1560-series/index.html.

The Cisco Aironet 1815i access point is an 802.11 a/b/g/n/ac (Wave 2) access point, with internal antennas only. The access point can be mounted on a wall or a ceiling, and supports 2x2:2 SS MU-MIMO applications.

802.11 (Wi-Fi) active RFID tags are designed to operate in the unlicensed ISM bands of 2.4 to 2.4835 GHz or 5.8 to 5.825 GHz. These tags exhibit the characteristics of active RFID tags, but also comply with applicable IEEE 802.11 standards and protocols. Wi-Fi RFID tags can readily communicate directly with standard Wi-Fi infrastructure without any special hardware or firmware modifications. They can co-exist alongside Wi-Fi clients such as laptops, VoWLAN phones, and so on. When powered on, assets equipped with 802.11 Wi-Fi client radios can be tracked natively without the need to have an asset tag attached.

For more information on this feature, see the RFID Tag Technology section in the Wi-Fi Location-Based Services 4.1 Design Guide.

This feature support now extends to the following Cisco APs:

• Cisco Aironet 1560 Series APs

• Cisco Aironet 1800 Series APs

• Cisco Aironet 2800 Series APs

• Cisco Aironet 3800 Series APs

The main feature is “NSA Suite B Cryptography”, support to serve as a cryptographic base for both unclassified information and most classified information.

The new security protocols supported in this release are:

• Support DTLS 1.2 for AP-WLC CAPWAP connection

  Note	Only AP1852 and AP3802 supports DTLSv1.2

• Support new GCM CIPHER Suites for DTLS

  Note	ECC cipher suites are supported when LSC is used and CA server is capable of signing certificates with ECDS. If LSC is not used RSA_AES128_GCM_SHA256 or RSA_AES256_GCM_SHA384 ciphers can be used.

  • ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

  • ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

• The new 802.11 Encryption Modes supported in this release are:

  • CCMP-256

  • GCMP-128

  • GCMP-256

• SCEP over HTTPS is supported for getting LSC, download the CA certificate manually to authenticate the CA server during the TLS handshake.

  • WLC requires the device certificate when LSC is enabled, admin has to initiate the request

• IPsec configuration is profile-based

  • Create the IPsec profile and apply it to the desired interface

  • IPsec profiles applied to an interface cannot be modified

  • IPsec profile configuration via SNMP is not supported

• Syslog over IPsec is supported

• Driven by configuration, either IKEv1/IKEv2 is supported

  Note	SHA-256 hash function is not supported with IKEv1.

• CSR can be generated on WLC for WebAuth, WebAdmin, and IPsec certificates, CSR could be RSA/ECC based, driven by configuration

• WebAdmin and WebAuth now support TLSv1.2 with ECC ciphers suites, both are independently configurable

• Download option is provided to have different CMX server CA certificate, and you can use TLSv1.2 for connectivity with CMX server

Note	After you enable or disable FIPS, we recommend that you manually change the DTLS support to "DTLS all" from "DTLS v1.2." This allows the Cisco APs to associate with the Cisco WLC. Configure the DTLS version by entering the following command: config ap dtls-version dtls_all

TKIP security protocol option is supported on the following Cisco APs:

Note	In this release, the WPA+TKIP and WPA+AES protocols are supported, however WPA2+TKIP protocol is not supported.

• Cisco Aironet 1560 Series APs

• Cisco Aironet 1810 Series APs

• Cisco Aironet 1815 Series APs

• Cisco Aironet 1830 Series APs

• Cisco Aironet 1850 Series APs

• Cisco Aironet 2800 Series APs

• Cisco Aironet 3800 Series APs

For more information about this feature, see WPA1 and WPA2 section in the Cisco Wireless Controller Configuration Guide.

The AAA Database is used for authenticating local user accounts which includes guest users, MAC-based authentication for APs for association with the controller, and allowing guests to associate with a particular WLAN, among other functions.

In this release, the AAA database supports up to 12000 entries, an increase from the earlier 2048 entry limit for the following Cisco WLCs:

• Cisco 5520 WLCs

• Cisco Flex 7510 WLCs

• Cisco 8510 WLCs

• Cisco 8540 WLCs

You can now create up to 512 local policies, an increase from the earlier 64 policy limit on the following Cisco WLCs:

• Cisco 5520 WLCs

• Cisco Flex 7510 WLCs

• Cisco 8510 WLCs

• Cisco 8540 WLCs

For more information on this enhancement, see Local Policies section in the Cisco Wireless Controller Configuration Guide.

Support is introduced for multiple clients on wired ports of Cisco Aironet AP 1810W and OEAP 1810 Series APs. Each port on the AP supports up to four MAC addresses.

• Release 8.3 supports additional configuration options for 802.11r FT enable and disable. The additional configuration option is not valid for older releases. If you downgrade from Release 8.3.112.0 to Release 8.2 or an earlier release, the additional configuration option is invalidated and defaulted to FT disable. When you reboot Cisco WLC with the downgraded image, invalid configurations are printed on the console. We recommend that you ignore this because there is no functional impact, and the configuration defaults to FT disable.

• If you downgrade from Release 8.3.112.0 to a 7.x release, the trap configuration is lost and must be reconfigured.

• If you downgrade from Release 8.3.112.0 to Release 8.1, the Cisco Aironet 1850 Series AP, whose mode prior to the downgrade was Sensor is shown to be in unknown mode after the downgrade. This is because the Sensor mode is not supported in Release 8.1.

• If you have an IPv6-only network and are upgrading to Release 8.3.112.0 or a later release, ensure that the following is done:

  • Enable IPv4 and DHCPv4 on the network—Load a new Cisco WLC software image on all Cisco WLCs plus Supplementary AP Bundle images on the Cisco 2504 WLC, 5508 WLC, and WiSM2 or perform a predownload of AP images on the required Cisco WLCs.

  • Reboot Cisco WLC immediately or at the preset time.

  • Ensure that all Cisco APs are associated with Cisco WLC.

  • Disable IPv4 and DHCPv4 on the network.

• After downloading new software to the Cisco APs, it is possible that a Cisco AP may get stuck in an “upgrading image” state. In such a case of a stranded Cisco AP, it may be necessary to forcefully reboot the Cisco WLC to download a new image or to reboot the Cisco WLC after the download of the new image. You can forcefully reboot the Cisco WLC by entering the reset system forced command.

• It is not possible to download some of the older configurations from the Cisco WLC because of the Multicast and IP address validations. See the Restrictions on Configuring Multicast Mode section in the configuration guide for detailed information about platform support for Global Multicast and Multicast Mode.

• If you upgrade from Release 8.0.110.0 to a later release, the config redundancy mobilitymac mac-addr command's setting is removed. You must manually reconfigure the mobility MAC address after the upgrade.

• If you are upgrading from Release 8.0.140.0 or 8.0.15x.0 to a later release and also have the multiple country code feature configured, the feature configuration is corrupted after the upgrade. For more information, see CSCve41740.

• If you have ACL configurations in a Cisco WLC, and downgrade from a 7.4 or later release to a 7.3 or earlier release, you might experience XML errors on rebooting the Cisco WLC. However, these errors do not have any impact on any of the functionalities or configurations.

• If you are upgrading from a 7.4.x or an earlier release to a release later than 7.4, the Called Station ID type information is mapped to the RADIUS Accounting Called Station ID type; which, by default, is set to apradio-mac-ssid. You can configure the RADIUS Authentication Called Station ID type information by using the config radius auth callStationIdType command.

• When FlexConnect APs (known as H-REAP APs in the 7.0.x releases) that are associated with a Cisco WLC that has all the 7.0.x software releases prior to Release 7.0.240.0, upgrade to Release 8.3.112.0, the APs lose the enabled VLAN support configuration. The VLAN mappings revert to the default values of the VLAN of the associated interface. The workaround is to upgrade from Release 7.0.240.0 and later 7.0.x releases to Release 8.3.112.0.

  Note	In case of FlexConnect VLAN mapping deployment, we recommend that the deployment be done using FlexConnect groups. This allows you to recover VLAN mapping after an AP rejoins the Cisco WLC without having to manually reassign the VLAN mappings.

• When a client sends an HTTP request, the Cisco WLC intercepts it for redirection to the login page. If the HTTP GET request that is intercepted by the Cisco WLC is longer than 2000 bytes, the Cisco WLC drops the packet. Track CSCuy81133 for a possible enhancement to address this restriction.

• We recommend that you install Release 1.9.0.0 of Cisco Wireless LAN Controller Field Upgrade Software (FUS), which is a special AES package that contains several system-related component upgrades. These include the bootloader, field recovery image, and FPGA/MCU firmware. Installing the FUS image requires special attention because it installs some critical firmware. The FUS image is independent of the runtime image. For more information, see https://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/fus_rn_OL-31390-01.html.

  Note	The FUS image installation process reboots the Cisco WLC several times and reboots the runtime image. The entire process takes approximately 30 minutes. We recommend that you install the FUS image in a planned outage window.

  Note	If you are using a Cisco 2500 Series controller and you intend to use the Application Visibility and Control (AVC) and NetFlow protocol features, you must install Release 1.9.0.0 of Cisco Wireless LAN Controller FUS. This is not required if you are using other controller hardware models.

• After you upgrade to Release 7.4, networks that were not affected by the existing preauthentication access control lists might not work because the rules are now enforced. That is, networks with clients configured with static DNS servers might not work unless the static server is defined in the preauthentication ACL.

• On the Cisco Flex 7500 Series WLCs, if FIPS is enabled, the reduced boot options are displayed only after a bootloader upgrade.

  Note	Bootloader upgrade is not required if FIPS is disabled.

• If you have to downgrade from one release to another, you might lose the configuration from your current release. The workaround is to reload the previous Cisco WLC configuration files saved on the backup server, or to reconfigure the Cisco WLC.

• It is not possible to directly upgrade to Release 8.3.112.0 release from a release that is earlier than Release 7.0.98.0.

• You can upgrade or downgrade the Cisco WLC software only between certain releases. In some instances, you must first install an intermediate release prior to upgrading to Release 8.3.112.0. The following table shows the upgrade path that you must follow before downloading Release 8.3.112.0.

  Note

  If you upgrade directly to 7.6.x or a later release from a release that is earlier than 7.5, the predownload functionality on Cisco Aironet 2600 and 3600 APs fails. The predownload functionality failure is only a one-time failure. After the upgrade to 7.6.x or a later release, the new image is loaded on the said Cisco APs, and the predownload functionality works as expected.

For detailed release recommendations, see the Guidelines for Cisco Wireless Software Release Migration Bulletin at: https://www.cisco.com/c/en/us/products/collateral/wireless/8500-series-wireless-controllers/bulletin-c25-738147.html

• When you upgrade the Cisco WLC to an intermediate software release, you must wait until all of the access points that are associated with the Cisco WLC are upgraded to the intermediate release before you install the latest Cisco WLC software. In large networks, it can take some time to download the software on each access point.

• You can upgrade to a new release of the Cisco WLC software or downgrade to an earlier release even if Federal Information Processing Standard (FIPS) is enabled.

• When you upgrade to the latest software release, the software on the access points associated with the Cisco WLC is also automatically upgraded. When an access point is loading software, each of its LEDs blinks in succession.

• We recommend that you access the Cisco WLC GUI using Microsoft Internet Explorer 10 or a later version or Mozilla Firefox 32 or a later version.

  Note	Microsoft Internet Explorer 8 might fail to connect over HTTPS because of compatibility issues. In such cases, you can explicitly enable SSLv3 by entering the config network secureweb sslv3 enable command.

• Cisco WLCs support standard SNMP MIB files. MIBs can be downloaded from the Software Center on Cisco.com.

• The Cisco WLC software is factory installed on your Cisco WLC and is automatically downloaded to the access points after a release upgrade and whenever an access point joins a Cisco WLC. We recommend that you install the latest software version available for maximum operational benefit.

• Ensure that you have a TFTP, FTP, or SFTP server available for the software upgrade. Follow these guidelines when setting up a server:

  • Ensure that your TFTP server supports files that are larger than the size of Cisco WLC software Release 8.3.112.0. Some TFTP servers that support files of this size are tftpd32 and the TFTP server within the Prime Infrastructure. If you attempt to download the 8.3.112.0 Cisco WLC software and your TFTP server does not support files of this size, the following error message appears: TFTP failure while storing in flash.

  • If you are upgrading through the distribution system network port, the TFTP or FTP server can be on the same subnet or a different subnet because the distribution system port is routable.

• When you plug a Cisco WLC into an AC power source, the bootup script and power-on self test is run to initialize the system. During this time, press Esc to display the bootloader Boot Options menu. The menu options for the Cisco 5500 Series WLC differ from the menu options for the other Cisco WLC platforms.

  Bootloader menu for Cisco 5500 Series WLC:

  Boot Options
  Please choose an option from below:
  1. Run primary image
  2. Run backup image
  3. Change active boot image
  4. Clear Configuration
  5. Format FLASH Drive
  6. Manually update images
  Please enter your choice:

  Bootloader menu for other Cisco WLC platforms:

  Boot Options
  Please choose an option from below:
  1. Run primary image
  2. Run backup image
  3. Manually update images
  4. Change active boot image
  5. Clear Configuration
  Please enter your choice:

  Enter 1 to run the current software, enter 2 to run the previous software, enter 4 (on Cisco 5508 WLC), or enter 5 (on Cisco WLC platforms other than 5508 WLC) to run the current software and set the Cisco WLC configuration to factory defaults. Do not choose the other options unless directed to do so.

  Note	See the Installation Guide or the Quick Start Guide pertaining to your Cisco WLC platform for more details on running the bootup script and power-on self test.

• The Cisco WLC bootloader stores a copy of the active primary image and the backup image. If the primary image becomes corrupted, you can use the bootloader to boot with the backup image.

  With the backup image stored before rebooting, choose Option 2: Run Backup Image from the boot menu to boot from the backup image. Then, upgrade with a known working image and reboot the Cisco WLC.

• You can control the addresses that are sent in the Control and Provisioning of Wireless Access Points (CAPWAP) discovery responses when NAT is enabled on the Management Interface using the following command:

  config network ap-discovery nat-ip-only {enable | disable}

  Here:

  enable —Enables use of NAT IP only in a discovery response. This is the default. Use this command if all the APs are outside the NAT gateway.

  disable —Enables use of both NAT IP and non-NAT IP in a discovery response. Use this command if APs are on the inside and outside the NAT gateway, for example, Local Mode and OfficeExtend APs are on the same Cisco WLC.

  Note	To avoid stranding of APs, you must disable AP link latency (if enabled) before you use the disable option for the config network ap-discovery nat-ip-only command. To disable AP link latency, use the config ap link-latency disable all command.

• You can configure 802.1p tagging by using the config qos dot1p-tag {bronze | silver | gold | platinum} command. For Release 7.2.103.0 and later releases, if you tag 802.1p packets, the tagging has an impact on only wired packets. Wireless packets are impacted only by the maximum priority level set for QoS.

• You can reduce the network downtime using the following options:

  • You can predownload the AP image.

  • For FlexConnect access points, use the FlexConnect AP upgrade feature to reduce traffic between the Cisco WLC and the AP (main site and the branch). For more information about the FlexConnect AP upgrade feature, see the Cisco Wireless Controller Configuration Guide.

• Do not power down the Cisco WLC or any access point during the upgrade process; otherwise, you might corrupt the software image. Upgrading a Cisco WLC with a large number of access points can take as long as 30 minutes, depending on the size of your network. However, with the increased number of concurrent access point upgrades supported, the upgrade time should be significantly reduced. The access points must remain powered, and the Cisco WLC must not be reset during this time.

• To downgrade from Release 8.3.112.0 to Release 6.0 or an earlier release, perform either of these tasks:

  • Delete all the WLANs that are mapped to interface groups, and create new ones.

  • Ensure that all the WLANs are mapped to interfaces rather than interface groups.

• After you perform the following functions on the Cisco WLC, reboot the Cisco WLC for the changes to take effect:

  • Enable or disable link aggregation (LAG)

  • Enable a feature that is dependent on certificates (such as HTTPS and web authentication)

  • Add a new license or modify an existing license

  • Increase the priority of a license

  • Enable HA

  • Install the SSL certificate

  • Configure the database size

  • Install the vendor-device certificate

  • Download the CA certificate

  • Upload the configuration file

  • Install the Web Authentication certificate

  • Make changes to the management interface or the virtual interface

  • Make changes to TCP MSS settings

• From Release 8.3 or a later release, ensure that the configuration file that you back up does not contain the < or > special characters. If either of the special characters is present, the download of the backed up configuration file fails.

Due to an increase in the size of the Release 8.3.112.0 Cisco WLC software image, the Cisco 2504 WLC, Cisco 5508 WLC, and Cisco WiSM2 software images are split into the following two images:

• Base Install image, which includes the Cisco WLC image and a subset of AP images (excluding some mesh AP images and AP80x images) that are packaged in the Supplementary AP Bundle image

• Supplementary AP Bundle image, which includes AP images that are excluded from the Base Install image. The APs that feature in the Supplementary AP Bundle image are:

  • AP802

  • Cisco Aironet 1530 Series AP

  • Cisco Aironet 1550 Series AP (with 64-MB memory)

  • Cisco Aironet 1550 Series AP (with 128-MB memory)

  • Cisco Aironet 1570 Series APs

Note	There is no change with respect to the rest of the Cisco WLC platforms.

• Autoinstall

• Cisco WLC integration with Lync SDN API

• Application Visibility and Control (AVC) for FlexConnect local switched access points

• Application Visibility and Control (AVC) for FlexConnect centrally switched access points

  Note

  However, AVC for local mode APs is supported. If you are using a Cisco 2500 Series controller and you intend to use the Application Visibility and Control (AVC) and NetFlow protocol features, you must install Release 1.9.0.0 of Cisco Wireless LAN Controller FUS. This is not required if you are using other controller hardware models.

• URL ACL

• Bandwidth Contract

• Service Port

• AppleTalk Bridging

• Right-to-Use Licensing

• PMIPv6

• EoGRE

• AP Stateful Switchover (SSO) and client SSO

• Multicast-to-Unicast

• Cisco Smart Software Licensing

Note	The features that are not supported on Cisco WiSM2 and Cisco 5508 WLC are not supported on Cisco 2504 WLCs too.

Note	Directly connected APs are supported only in the local mode.

• Spanning Tree Protocol (STP)

• Port Mirroring

• VPN Termination (such as IPsec and L2TP)

• VPN Passthrough Option

  Note	You can replicate this functionality on a Cisco 5500 Series WLC by creating an open WLAN using an ACL.

• Configuration of 802.3 bridging, AppleTalk, and Point-to-Point Protocol over Ethernet (PPPoE)

• Fragmented pings on any interface

• Right-to-Use Licensing

• Cisco 5508 WLC cannot function as mobility controller (MC). However, Cisco 5508 WLC can function as guest anchor in a New Mobility environment.

• Cisco Smart Software Licensing

• Static AP-manager interface

  Note	For Cisco Flex 7500 Series WLCs, it is not necessary to configure an AP-manager interface. The management interface acts as an AP-manager interface by default, and the access points can join on this interface.

• IPv6 and Dual Stack client visibility

  Note	IPv6 client bridging and Router Advertisement Guard are supported.

• Internal DHCP server

• Access points in local mode

  Note	An AP associated with the Cisco WLC in the local mode should be converted to the FlexConnect mode or monitor mode, either manually or by enabling the autoconvert feature. On the Cisco Flex 7500 WLC CLI, enable the autoconvert feature by entering the config ap autoconvert enable command.

• Mesh (use Flex + Bridge mode for mesh-enabled FlexConnect deployments)

• Spanning Tree Protocol (STP)

• Cisco Flex 7500 Series WLC cannot be configured as a guest anchor Cisco WLC. However, it can be configured as a foreign Cisco WLC to tunnel guest traffic to a guest anchor Cisco WLC in a DMZ.

• Multicast

  Note	FlexConnect local-switched multicast traffic is bridged transparently for both wired and wireless on the same VLAN. FlexConnect access points do not limit traffic based on Internet Group Management Protocol (IGMP) or MLD snooping.

• PMIPv6

• Cisco Smart Software Licensing

• EoGRE

• Internal DHCP Server

• Mobility controller functionality in converged access mode

  Note	Cisco Smart Software Licensing is not supported on Cisco 8510 WLC.

• Spanning Tree Protocol (STP)

• Port Mirroring

• VPN Termination (such as IPsec and L2TP)

• VPN Passthrough Option

  Note	You can replicate this functionality by creating an open WLAN using an ACL.

• Configuration of 802.3 bridging, AppleTalk, and Point-to-Point Protocol over Ethernet (PPPoE)

• Fragmented pings on any interface

• Cisco 5520, 8510, and 8540 WLCs cannot function as mobility controller (MC). However, they can function as guest anchor in a New Mobility environment.

• Internal DHCP server

• TrustSec SXP

• Access points in local mode

• Mobility/Guest Anchor

• Wired Guest

• Multicast

  Note	FlexConnect local-switched multicast traffic is bridged transparently for both wired and wireless on the same VLAN. FlexConnect access points do not limit traffic based on IGMP or MLD snooping.

• FlexConnect central switching in large-scale deployments

  Note	FlexConnect central switching is supported in only small-scale deployments, wherein the total traffic on Cisco WLC ports is not more than 500 Mbps. FlexConnect local switching is supported.

• AP and Client SSO in High Availability

• PMIPv6

• Datagram Transport Layer Security (DTLS)

• EoGRE (Supported in only local switching mode)

• Workgroup Bridges

• Client downstream rate limiting for central switching

• SHA2 certificates

• Cisco WLC integration with Lync SDN API

• Cisco OfficeExtend Access Points

• PPPoE

• PMIPv6

See the amount of memory in a Cisco Aironet 1550 AP by entering this command in Cisco WLC CLI:

show mesh ap summary

• Load-based call admission control (CAC). Mesh networks support only bandwidth-based CAC or static CAC

• High availability (fast heartbeat and primary discovery join timer)

• AP acting as supplicant with EAP-FASTv1 and 802.1X authentication

• Access point join priority (mesh access points have a fixed priority)

• Location-based services

Note	The Cisco Mobility Express wireless network solution is available starting from Cisco Wireless Release 8.1.122.0.

The Cisco Mobility Express wireless network solution provides a wireless controller functionality bundled into the Cisco Aironet 1560, 1815, 1830, 1850, 2800, and 3800 Series access points.

In the Cisco Mobility Express wireless network solution, one AP, which runs the Cisco Mobility Express wireless controller, is designated as the primary AP. Other access points, referred to as Subordinate APs, associate to this primary AP.

The primary AP operates as a wireless controller, to manage and control the subordinate APs. It also operates as an AP to serve clients. The subordinate APs behave as normal lightweight APs to serve clients.

For more information about the solution, including the setup and configuration, see the Cisco Mobility Express User Guide for Release 8.3, at http://www.cisco.com/c/en/us/td/docs/wireless/access_point/mob_exp/83/user_guide/b_ME_User_Guide_83.html

Cisco Mobility Express Features

The following new features and functionalities have been introduced in this release:

• Support for the following access points:

  • Cisco Aironet 1560 Series

  • Cisco Aironet 2800 Series

  • Cisco Aironet 3800 Series

• Simple Network Management Protocol (SNMP) Version 3 polling; configurable through the GUI.

• Support for the Flexible Radio Assignment (FRA) functionality for the radio in slot 0 on Cisco Aironet 3800 Series access points. FRA automatically detects when a high number of devices are connected to a network, and changes the dual radios in an access point from 2.4GHz/5GHz to 5GHz/5GHz to serve more clients.

• Improvements in software update and access point image management with direct download from Cisco.com.

• Integration with Cisco CMX Cloud for both guest services and presence analytics. This is enabled by the integrated cloud connector on the Cisco Mobility Express controller for seamless integration and easier provisioning.

• Localization to Japanese and Korean for the Cisco Mobility Express controller GUI.

• Setting up and managing an internal DHCP server through the GUI.

• Importing a customized guest login page.

• Forced failover to a specified AP as primary.

The following are existing features, with continued support in the current release:

Note	Even if the Cisco AP is 802.3ad (LACP)-compliant, link aggregation groups (LAG) are not supported on the AP while it has a Cisco Mobility Express software image.

• Scalability:

  • Up to 25 APs

  • Up to 16 WLANs

  • Up to 100 rogue APs

  • Up to 1000 rogue clients

• License—Does not require any licenses (Cisco Right-To-Use License or Swift) for APs.

• Operation— The primary AP can concurrently function as controller (to manage APs) and as an AP (to serve clients).

• GUI and CLI-based initial configuration wizards.

• Up to three Network Time Protocol (NTP) servers, with support for FQDN names.

• Simple Network Management Protocol (SNMP) Version 3 polling, configurable through the CLI.

• IEEE 802.11r with support for Over-the-Air Fast BSS transition method, Over-the-DS Fast BSS transition method, and Fast Transition PSK authentication. Fast BSS transition methods are supported via CLI only.

• CCKM, supported via CLI only.

• Client ping test

• Changing the country code on the controller and APs on the network, via the controller GUI.

• Syslog messaging towards external server.

• Software image download using TFTP and HTTP.

• Priming at distribution site.

• Default Service Set Identifier (SSID), set from factory. Available for initial provisioning only.

• Management through the web interface Monitoring Dashboard.

• Cisco Wireless Controller Best Practices.

• Quality of Service (QoS).

• Multicast with default settings.

• Application Visibility and Control (AVC)—Limited HTTP, with only Application Visibility and not Control. Deep Packet inspection with 1,500+ signatures.

• WLAN access control lists (ACLs).

• Roaming—Layer 2 roaming without mobility groups.

• IPv6—For client bridging only.

• High Density Experience (HDX)—Supported when managing APs that support HDX.

• Radio Resource Management (RRM)—Supported within AP group only.

• WPA2 Security.

• WLAN-VLAN mapping.

• Guest WLAN login with Web Authorization.

• Local EAP Authentication (local RADIUS server).

• Local profile.

• Network Time Protocol (NTP) Server.

• Cisco Discovery Protocol (CDP) and Link Layer Discovery Protocol (LLDP).

• Clean Air.

• Simple Network Management Protocol—SNMPv1, by default, and SNMPv2c.

• Management—SSH, Telnet, Admin users.

• Reset to factory defaults.

• Serviceability—Core file and core options, Logging and syslog.

• Cisco Prime Infrastructure.

• BYOD—Onboarding only.

• UX regulatory domain.

• Authentication, Authorization, Accounting (AAA) Override.

• IEEE 802.11k

• IEEE 802.11r

• Supported—Over-the-Air Fast BSS transition method

• Not Supported—Over-the-DS Fast BSS transition and Fast Transition PSK authentication

• Passive Client

• Voice with Call Admission Control (CAC), with Traffic Specification (TSpec)

• Fast SSID Changing

• Terminal Access Controller Access Control System (TACACS)

• Management over wireless

• High Availability and Redundancy—Built-in redundancy mechanism to self-select a primary AP and to select a new AP as primary in case of a failure. Supported using VRRP.

• Software upgrade with preimage download

• Migration to controller-based deployment.