About the Release Notes
This release notes document describes what is new or changed in this release, instructions to upgrade to this release, and open and resolved caveats for this release. Unless otherwise noted, in this document, Cisco Wireless Controllers are referred to as controllers, and Cisco lightweight access points are referred to as access points or APs.
Content Hub
Explore the Content Hub, the all-new product documentation portal in which you can use faceted search to locate content that is most relevant to you, create customized PDFs for ready reference, benefit from context-based recommendations, and much more.
Get started with the Content Hub at https://content.cisco.com/ to craft a personalized documentation experience.
Do provide feedback about your experience with the Content Hub.
Revison History
|
Modification Date |
Modification Details |
|---|---|
| January 30, 2019 | Added a note about issues related to Cisco Wave 1 AP flash and the solution to address them in the Upgrading Cisco Wireless Release section. |
Supported Cisco Wireless Controller Platforms
The following Cisco Wireless Controller platforms are supported in this release:
-
Cisco 3504 Wireless Controller
-
Cisco 5520 Wireless Controller
-
Cisco 8540 Wireless Controller
-
Cisco Virtual Wireless Controller (vWLC) on the following platforms:
-
VMware vSphere Hypervisor (ESXi) Version 5.x and 6.x
-
Hyper-V on Microsoft Servers 2012 and later versions (Support introduced in Release 8.4)
-
Kernel-based virtual machine (KVM) (Support introduced in Release 8.1. After KVM is deployed, we recommend that you do not downgrade to a Cisco Wireless release that is earlier than Release 8.1.)
-
-
Cisco Wireless Controllers for High Availability for Cisco 3504 WLC, Cisco 5520 WLC, and Cisco 8540 WLC.
-
Cisco Mobility Express Solution
Supported Cisco Access Point Platforms
The following Cisco AP platforms are supported in this release:
-
Cisco Aironet 700 Series Access Points
-
Cisco Aironet 700W Series Access Points
-
Cisco AP803 Integrated Access Point
-
Integrated Access Point on Cisco 1100, 1101, and 1109 Integrated Services Routers
-
Cisco Aironet 1700 Series Access Points
-
Cisco Aironet 1800 Series Access Points
-
Cisco Aironet 1810 Series OfficeExtend Access Points
-
Cisco Aironet 1810W Series Access Points
-
Cisco Aironet 1815 Series Access Points
-
Cisco Aironet 1830 Series Access Points
-
Cisco Aironet 1850 Series Access Points
-
Cisco Aironet 2700 Series Access Points
-
Cisco Aironet 2800 Series Access Points
-
Cisco Aironet 3700 Series Access Points
-
Cisco Aironet 3800 Series Access Points
-
Cisco Aironet 4800 Series Access Points
-
Cisco ASA 5506W-AP702
-
Cisco Aironet 1530 Series Access Points
-
Cisco Aironet 1540 Series Access Points
-
Cisco Aironet 1560 Series Access Points
-
Cisco Aironet 1570 Series Access Points
-
Cisco Industrial Wireless 3700 Series Access Points
 Note |
|
For information about Cisco Wireless software releases that support specific Cisco access point modules, see the "Software Release Support for Specific Access Point Modules" section in the Cisco Wireless Solutions Software Compatibility Matrix document.
What's New in Release 8.8.111.0
This section provides a brief introduction to the new features and enhancements that are introduced in this release.
Note |
For complete listing of all the documentation published for Cisco Wireless Release 8.8, see the Documentation Roadmap: https://www.cisco.com/c/en/us/td/docs/wireless/doc-roadmap/doc-roadmap-release-88.html |
Cisco Intelligent Capture
The Intelligent Capture feature provides support to have a direct communication link between Cisco DNA Center and access points (APs), so each of the APs can communicate with Cisco DNA Center directly. Using this channel, the Cisco DNA Center can receive packet capture data, AP and client statistics, and spectrum data.
For more information about configuring Intelligent Capture feature, see the applicable Cisco DNA Center Assurance User Guide at
https://www.cisco.com/c/en/us/td/docs/cloud-systems-management/network-automation-and-management/dna-center-assurance/1-2-5/b_dnac_assurance_1_2_5/b_dnac_assurance_1_2_4_chapter_01010.htmlCisco 1800s Sensor
For more information about configuring the Cisco 1800s Sensor, see the applicable Cisco Digital Network Architecture Center User Guide, Release 1.2.5 at:
IPSK Flex Mode Local Switching based P2P Blocking
In this release, this feature is enhanced to support FlexConnect mode Local Switching-based IPSK P2P blocking.
Sleeping Client Management in L2+L3 Authentication Mode
In this release, this feature is enhanced to function with L2+L3 enabled WLANs. This enhancement can be enabled only with dot1x+Webauth security setup.
Inter-Release Controller Mobility (IRCM) with Cisco Catalyst 9800 Series Wireless Controllers
In this release, Inter-Release Controller Mobility (IRCM) with Cisco Catalyst 9800 Series Wireless Controllers is supported.
For more information about IRCM, see the Cisco Catalyst 9800 Wireless Controller-Aireos IRCM Deployment Guide at:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-8/b_c9800_wireless_controller-aireos_ircm_dg.htmlEarly Field Trial Features
The Cisco Wave 2 APs as Workgroup Bridges feature is in Early Field Trial state.
Note |
This feature is not yet officially supported and there will be no assistance from Cisco's Technical Assistance Center. |
Software Release Types and Recommendations
|
Release Type |
Description |
Benefit |
|---|---|---|
|
Maintenance Deployment (MD) |
Software releases that provide bug-fix support and ongoing software maintenance. These releases are categorized as Maintenance Deployment (MD). These releases are long-living releases with ongoing software maintenance. |
Provides you with a software release that offers stability and long support duration with periodic maintenance releases (MRs). |
|
Early Deployment (ED) |
Software releases that provide new features and new hardware platform support in addition to bug fixes. These releases are categorized as Early Deployment (ED). These releases are short-lived releases. |
Allows you to deploy the latest features and new hardware platforms or modules. |
For detailed release recommendations, see the Guidelines for Cisco Wireless Software Release Migration Bulletin at:
http://www.cisco.com/c/en/us/products/collateral/wireless/8500-series-wireless-controllers/bulletin-c25-730741.html.|
Current Software Release |
Upgrade Path to Release 8.8.x |
|---|---|
|
8.2.x |
You must upgrade to an 8.5.x release and then upgrade to Release 8.8.x. |
|
8.3.x |
You must upgrade to an 8.5.x release and then upgrade to Release 8.8.x. |
|
8.4.x |
You must upgrade to an 8.5.x release and then upgrade to Release 8.8.x. |
|
8.5.x |
You can upgrade directly to Release 8.8.x. |
|
8.6.x |
You can upgrade directly to Release 8.8.x. |
|
8.7.x |
You can upgrade directly to Release 8.8.x. |
Upgrading Cisco Wireless Release
This section describes the guidelines and limitations that you must be aware of when you are upgrading the Cisco Wireless release and the procedure to upgrade.
 Caution |
Before you upgrade to this release, we recommend that you go through the following documents to understand various issues related to Cisco Wave 1 AP flash and the solution to address them:
|
Guidelines and Limitations
-
Legacy clients that require RC4 or 3DES encryption types are not supported in Local EAP authentication.
-
If you downgrade from Release 8.8.x to Release 8.7, FlexConnect IPv6 ACLs are shown to be in their FlexConnect group.
-
If you have an AVC profile with default-class setting and you downgrade from Release 8.8.x to an earlier release, the default-class setting is still present in the controller, although the earlier releases do not support this setting.
-
If you want to downgrade from Release 8.8.x to Release 8.6.101.0 and if you have Wave 2 APs in Flex+Bridge mode, ensure that these APs are changed to Bridge mode before you perform the downgrade; else, the APs will have incorrect configuration after the downgrade process.
-
If you are upgrading from Release 8.0.140.0 or 8.0.15x.0 to a later release and also have the multiple country code feature configured, the feature configuration is corrupted after the upgrade. For more information, see CSCve41740.
-
After downloading the new software to the Cisco APs, it is possible that a Cisco AP may get stuck in an upgrading image state. In such a scenario, it might be necessary to forcefully reboot the controller to download a new controller software image or to reboot the controller after the download of the new controller software image. You can forcefully reboot the controller by entering the reset system forced command.
-
It is not possible to download some of the older configurations from the controller because of the Multicast and IP address validations. See the "Restrictions on Configuring Multicast Mode" section in the Cisco Wireless Controller Configuration Guide for detailed information about platform support for global multicast and multicast mode.
-
When a client sends an HTTP request, the controller intercepts it for redirection to the login page. If the HTTP GET request that is intercepted by the controller is longer than 2000 bytes, the controller drops the packet. Track the Caveat ID CSCuy81133 for a possible enhancement to address this restriction.
-
When downgrading from one release to an earlier release, you might lose the configuration from your current release. The workaround is to reload the previous controller configuration files that are saved in the backup server, or to reconfigure the controller.
-
When you upgrade controller to an intermediate release, wait until all the APs that are associated with the controller are upgraded to the intermediate release before you install the latest controller software. In large networks, it can take some time to download the software on each AP.
-
You can upgrade to a new release of the controller software or downgrade to an earlier release even if FIPS is enabled.
-
When you upgrade to the latest software release, the software on the APs associated with the controller is also automatically upgraded. When an AP is loading software, each of its LEDs blinks in succession.
-
Controllers support standard SNMP MIB files. MIBs can be downloaded from the software download page on Cisco.com.
-
The controller software that is factory-installed on your controller and is automatically downloaded to the APs after a release upgrade and whenever an AP joins a controller. We recommend that you install the latest software version available for maximum operational benefit.
-
Ensure that you have a TFTP, HTTP, FTP, or SFTP server available for the software upgrade. Follow these guidelines when setting up a server:
-
Ensure that your TFTP server supports files that are larger than the size of controller software image. Some TFTP servers that support files of this size are tftpd32 and the TFTP server within Cisco Prime Infrastructure. If you attempt to download the controller software image and your TFTP server does not support files of this size, the following error message appears:
TFTP failure while storing in flash -
If you are upgrading through the distribution system network port, the TFTP or FTP server can be on the same subnet or a different subnet because the distribution system port is routable.
-
-
The controller Bootloader stores a copy of the active primary image and the backup image. If the primary image becomes corrupted, you can use the Bootloader to boot with the backup image.
With the backup image stored before rebooting, from the Boot Options menu, choose Option 2: Run Backup Image to boot from the backup image. Then, upgrade with a known working image and reboot controller.
-
You can control the addresses that are sent in the Control and Provisioning of Wireless Access Points (CAPWAP) discovery responses when NAT is enabled on the Management Interface, using the following command:
config network ap-discovery nat-ip-only {enable | disable}
The following are the details of the command:
enable —Enables use of NAT IP only in a discovery response. This is the default. Use this command if all the APs are outside the NAT gateway.
disable —Enables use of both NAT IP and non-NAT IP in a discovery response. Use this command if APs are on the inside and outside the NAT gateway, for example, Local Mode and OfficeExtend APs are on the same controller.
Note
To avoid stranding of APs, you must disable AP link latency (if enabled) before you use the disable option in the config network ap-discovery nat-ip-only command. To disable AP link latency, use the config ap link-latency disable all command.
-
Do not power down controller or any AP during the upgrade process. If you do this, the software image might get corrupted. Upgrading controller with a large number of APs can take as long as 30 minutes, depending on the size of your network. However, with the increased number of concurrent AP upgrades supported, the upgrade time should be significantly reduced. The APs must remain powered, and controller must not be reset during this time.
-
After you perform the following functions on controller, reboot it for the changes to take effect:
-
Enable or disable LAG.
-
Enable a feature that is dependent on certificates (such as HTTPS and web authentication).
-
Add a new license or modify an existing license .
Note
Reboot is not required if you are using Right-to-Use licenses.
-
Increase the priority of a license.
-
Enable HA.
-
Install the SSL certificate.
-
Configure the database size.
-
Install the vendor-device certificate.
-
Download the CA certificate.
-
Upload the configuration file.
-
Install the Web Authentication certificate.
-
Make changes to the management interface or the virtual interface.
-
-
From Release 8.3 or a later release, ensure that the configuration file that you back up does not contain the < or > special characters. If either of the special characters is present, the download of the backed up configuration file fails.
Upgrading Cisco Wireless Software (GUI)
Procedure
| Step 1 |
Upload your controller configuration files to a server to back up the configuration files.
|
||
| Step 2 |
Follow these steps to obtain controller software: |
||
| Step 3 |
Copy the controller software file <filename.aes> to the default directory on your TFTP, FTP, or SFTP server. |
||
| Step 4 |
(Optional) Disable the controller 802.11 networks.
|
||
| Step 5 |
Choose to open the Download File to Controller page. |
||
| Step 6 |
From the File Type drop-down list, choose Code. |
||
| Step 7 |
From the Transfer Mode drop-down list, choose TFTP, FTP, or SFTP. |
||
| Step 8 |
In the IP Address field, enter the IP address of the TFTP, FTP, or SFTP server. |
||
| Step 9 |
If you are using a TFTP server, the default value of 10 retries for the Maximum Retries field, and 6 seconds for the Timeout field should work correctly without any adjustment. However, you can change these values, if required. To do so, enter the maximum number of times the TFTP server attempts to download the software in the Maximum Retries field and the amount of time (in seconds) for which the TFTP server attempts to download the software, in the Timeout field. |
||
| Step 10 |
In the File Path field, enter the directory path of the software. |
||
| Step 11 |
In the File Name field, enter the name of the software file <filename.aes>. |
||
| Step 12 |
If you are using an FTP server, perform these steps:
|
||
| Step 13 |
Click Download to download the software to the controller. A message indicating the status of the download is displayed.
|
||
| Step 14 |
After the download is complete, click Reboot. |
||
| Step 15 |
If you are prompted to save your changes, click Save and Reboot. |
||
| Step 16 |
Click OK to confirm your decision to reboot the controller. |
||
| Step 17 |
If you have disabled the 802.11 networks, reenable them. |
||
| Step 18 |
(Optional) To verify that the controller software is installed on your controller, on the controller GUI, click Monitor and view the Software Version field under Controller Summary. |
CIMC Utility Upgrade for 5520 and 8540 Controllers
The AIR-CT5520-K9 and AIR-CT8540-K9 controller models are based on Cisco UCS server C series, C220 and C240 M4 respectively. These controller models have CIMC utility that can edit or monitor low-level physical parts such as power, memory, disks, fan, temperature, and provide remote console access to the controllers.
We recommend that you upgrade the CIMC utility to Version 3.0(4d) that has been certified to be used with these controllers. Controllers that have older versions of CIMC installed are susceptible to rebooting without being able to access FlexFlash, with the result that the manufacturing certificates are unavailable, and thus SSH and HTTPS connections will fail, and access points will be unable to join. See: CSCvo33873.
The CIMC 3.0(4d) images are available at the following locations
|
Controller |
Link to Download the CIMC Utility Software Image |
|---|---|
|
Cisco 5520 Wireless Controller |
https://software.cisco.com/download/home/286281345/type/283850974/release/3.0%25284d%2529 |
|
Cisco 8540 Wireless Controller |
https://software.cisco.com/download/home/286281356/type/283850974/release/3.0%25284d%2529 |
For information about upgrading the CIMC utility, see the "Updating the Firmware on Cisco UCS C-Series Servers" chapter in the Cisco Host Upgrade Utility 3.0 User Guide:
Updating Firmware Using the Update All Option
This section mentions specific details when using CIMC utility with Cisco 5520 or 8540 controllers. For general information about the software and UCS chassis, see Release Notes for Cisco UCS C-Series Software, Release 3.0(4) at:
|
Caveat ID |
Description |
|---|---|
|
After upgrading CIMC to 3.04d, only after power reset, UCS-based controller is coming up. |
|
|
Not able to logon to the CIMC GUI with the username and password that are configured from the controller. |
|
Caveat ID |
Description |
|---|---|
|
Symptom: The system will stop working or reboot during OS operation with PROCHOT, MEMHOT, and DMI Timeout-related events reported in the System Event Log (SEL). Conditions: C220-M4 or C240-M4 Workaround: No workaround is available. This bug fix changes the default BIOS option for ASPM (Active State Power Management) from 'L1 only' to 'Disabled', and the ASPM setting can no longer be modified. This change was made to help increase system stability and eliminate some system crash scenarios. |
|
|
Symptom: The system will stop working or reboot during OS operation with PROCHOT, MEMHOT, and DMI Timeout-related events reported in the System Event Log (SEL). Conditions: C220-M4 or C240-M4 Workaround: No workaround is available. This bug fix changes the BIOS option "Package C-State limit" default value from C6 Retention to C0/C1 to help increase system stability and eliminate some crash scenarios. Once upgraded, reset the BIOS settings to default or manually change Package C-State limit to C0/C1. |
Interoperability with Other Clients
This section describes the interoperability of controller software with other client devices.
The following table describes the configuration used for testing the client devices.
|
Hardware or Software Parameter |
Hardware or Software Configuration Type |
|---|---|
|
Release |
8.8.x. |
|
Cisco Wireless Controller |
Cisco 5520 Wireless Controller |
|
Access Points |
AIR-CAP3802E-B-K9, AIR-AP1852E-B-K9 |
|
Radio |
802.11ac, 802.11a, 802.11g, 802.11n (2.4 GHz or 5 GHz) |
|
Security |
Open, PSK (WPA-TKIP-WPA2-AES), 802.1X (WPA-TKIP-WPA2-AES) (EAP-FAST, EAP-TLS) |
|
RADIUS |
Cisco ACS 5.3, Cisco ISE 2.2, Cisco ISE 2.3 |
|
Types of tests |
Connectivity, traffic (ICMP), and roaming between two APs |
The following table lists the client types on which the tests were conducted. Client types included laptops, handheld devices, phones, and printers.
|
Client Type and Name |
Driver / Software Version |
|---|---|
|
Laptops |
|
| Acer Aspire 15 Windows 8 Home | Qc Atheros Qca9377 11.0.0.492 |
| Acer Aspire E15 Windows 8 | Qc Atheros Qca9377 15.1.1.1 |
| Acer Aspire E 15 Windows 8.1 | QC Atheros Qca9377 11.0.0.492 |
| Acer Aspire E15 Windows 8.1 Pro | Qc Atheros Qca9377 11.0.0.492 |
| Dell Inspiron 15 7569 Windows 10 Home | Ntel Ac 3165 18.32.0.5 |
| Dell Latitude 6430 Windows 8.1 Pro | Intel 6205w8 15.16.0.2 |
| Dell Latitude E5430 Windows 7 | Intel Centrino N 6205 15.17.0.1 |
| Dell Latitude E5450 Windows 7 Professional | Intel 7260 18.33.6.2 |
| Dell Latitude E5540 Windows 7 | Intel Dualband Ac7260 1.566.0.0 |
| Dell Latitude E6430 Windows 7 Professional | Intel Centrino Ultn6300 15.9.2.1 |
| Dell Latitude E6430 Windows 7 Professional | Intel 6250 15.11.0.7 |
| Dell Latitude E6430 Windows 7 Professional | Intel 3160 6.30.223.215 |
| Dell Latitude E7450 Windows 7 Professional | Broadcom 1560 15.1.1.1 |
| Dell Latitude Windows 8.1 Pro | Intel Ac7260 18.33.3.2 |
| Fujitsu Lifebook E556 Windows 10 Pro | Intel 8260 11.0.0.492 |
| Lenovo Yoga 460 Windows 10 Pro | Intel Ac8260 19.1.0.4 |
| Macbook Air Mac OS Sierra 10.12.3 | Broadcom Bcm43xx 1.0 6.30.225.29.1 |
| Macbook Air Macos Sierra 10.12.6 | Broadcom Bcm43xx 1.0 7.21.171.68.1a4 |
| Macbook Air OS X Yosemite (10.10.5) | Broadcom Bcm43xx 1.0 7.15.166.24.3 |
| Macbook Mac OS Sierra 10.12 Beta | Broadcom Bcm43xx 1.0 7.21.149.34.1a7 |
| Macbook Pro Mac OS Sierra 10.12.4 | Broadcom Bcm43xx 1.0 7.21.171.68.1a4 |
| Macbook Pro OS X 10.8.5 | Broadcom Bcm43xx 1.0 5.106.98.100.17 |
| Macbook Pro Retina Mac OS Sierra 10.12.3 | Broadcom Bcm43xx 1.0 7.15.166.24.3 |
|
Tablets |
|
| Apple iPad | iOS 9.3.1 |
| Apple iPad mini | iOS 12.0 |
| Apple iPad mini 2 | iOS 10.3.1 |
| Apple iPad Air | iOS 10.1.1 |
| Apple iPad Air 2 | iOS 10.2.1 |
|
Mobile Phones |
|
| Apple iPhone 4S | iOS 8.0 |
| Apple iPhone 5 | iOS 10.3.1 |
| Apple iPhone 5C | iOS 9.3.2 |
| Apple iPhone 6 Plus | iOS 12.0 |
| Apple iPhone SE | iOS 10.3.1 |
| AT100 | Toshiba Android 4.0.4 |
| Cisco 7925G-EX | CP7925G-1.4.8.4.LOADS |
| Cisco 7926G | CP7925G-1.4.8.4.LOADS |
| Cisco 8821 | sip8821.11-0-4-14 |
| ET1 | Android VERSION 2.3.4 |
| ET5 | Android 5.1.1 |
| LG-D855 | LG Android 5.0 |
| Mediapad X1 7.0 | Huawei Android 4.4.2 |
| Moto X 2nd Gen | Motorola Android 5.0 |
| One Plus One | One Plus Android 4.3 |
| One Plus Three | One Plus Android 6.0.1 |
| Samsung Galaxy S4 | Samsung Android 4.2.2 |
| Samsung Galaxy S4 | Samsung Android 5.0.1 |
| Samsung Galaxy S6 | Samsung Android 7.0 |
| Samsung Galaxy S6 | Samsung Android 6.0.1 |
| Samsung Galaxy S8 | Samsung Android 7.0 |
| Samsung Tab Pro | Samsung Android 4.4.2 |
| SM-P600 | Samsung Android 4.4.2 |
| SM-T520 | Samsung Android 4.4.2 |
| TC510K | Zebra Android 6.0.1 |
| TC8000 | Zebra Android 4.4.3 |
| 8742 | Spectralink Android 5.1.1 |
| 8744 | Spectralink Android 5.1.1 2.5.0 |
Key Features Not Supported in Cisco WLC Platforms
This section lists the features that are not supported on various Cisco WLC platforms:
Note |
In a converged access environment that has Cisco WLCs running AireOS code, High Availability Client SSO and native IPv6 are not supported. |
Key Features Not Supported in Cisco 3504 WLC
-
Cisco WLAN Express Setup Over-the-Air Provisioning
-
Mobility controller functionality in converged access mode
-
VPN Termination (such as IPsec and L2TP)
Key Features Not Supported in Cisco 5520 and 8540 WLCs
-
Internal DHCP Server
-
Mobility controller functionality in converged access mode
-
VPN termination (such as IPsec and L2TP)
-
Fragmented pings on any interface
Key Features Not Supported in Cisco Virtual WLC
-
Cisco Umbrella
-
Software-defined access
-
Domain-based ACLs
-
Internal DHCP server
-
Cisco TrustSec
-
Access points in local mode
-
Mobility or Guest Anchor role
-
Wired Guest
-
Multicast
Note
FlexConnect locally switched multicast traffic is bridged transparently for both wired and wireless on the same VLAN. FlexConnect APs do not limit traffic based on IGMP or MLD snooping.
-
FlexConnect central switching in large-scale deployments
Note
-
FlexConnect central switching is supported in only small-scale deployments, wherein the total traffic on Cisco WLC ports is not more than 500 Mbps.
-
FlexConnect local switching is supported.
-
-
Central switching on Microsoft Hyper-V deployments
-
AP and Client SSO in High Availability
-
PMIPv6
-
Datagram Transport Layer Security (DTLS)
-
EoGRE (Supported only in local switching mode)
-
Workgroup bridges
-
Client downstream rate limiting for central switching
-
SHA2 certificates
-
Cisco WLC integration with Lync SDN API
-
Cisco OfficeExtend Access Points
Key Features Not Supported in Access Point Platforms
This section lists the features that are not supported on various Cisco Aironet AP platforms:
Key Features Not Supported in Cisco Aironet 1800i, 1810 OEAP, 1810W, 1815, 1830, 1850, 2800, 3800, and 4800 Series APs
For detailed information about feature support on Cisco Aironet Wave 2 APs, see:
https://www.cisco.com/c/en/us/td/docs/wireless/controller/technotes/8-7/b_feature_matrix_for_802_11ac_wave2_access_points.html.|
Operational Modes |
|
||
|
Protocols |
|
||
|
Security |
|
||
|
Quality of Service |
Cisco Air Time Fairness (ATF) |
||
|
FlexConnect Features |
|
Note |
For Cisco Aironet 1850 Series AP technical specifications with details on currently supported features, see the Cisco Aironet 1850 Series Access Points Data Sheet. |
Key Features Not Supported in Cisco Aironet 1800i, 1810 OEAP, and 1810W Series APs
|
Operational Modes |
Mobility Express |
|
FlexConnect Features |
Local AP authentication |
|
Location Services |
Data RSSI (Fast Locate) |
Key Features Not Supported in Cisco Aironet 1830, 1850, and 1815 Series APs
|
Operational Modes |
Mobility Express is not supported in Cisco 1815t APs. |
|
FlexConnect Features |
Local AP Authentication |
|
Location Services |
Data RSSI (Fast Locate) |
Key Features Not Supported in Mesh Networks
-
Load-based call admission control (CAC). Mesh networks support only bandwidth-based CAC or static CAC
-
High availability (Fast heartbeat and primary discovery join timer)
-
AP acting as supplicant with EAP-FASTv1 and 802.1X authentication
-
AP join priority (Mesh APs have a fixed priority)
-
Location-based services
Key Features Not Supported in Cisco Aironet 1540 Mesh APs
-
Dynamic Mesh backhaul data rate.
Note
We recommend that you keep the Bridge data rate of the AP as auto.
-
Background scanning
-
Noise-tolerant fast convergence
Key Features Not Supported on Cisco Aironet 1560 APs
-
MAC Authentication FlexConnect Local Authentication
-
Noise-tolerant fast convergence
-
Static WEP
Caveats
Open Caveats
|
Caveat ID Number |
Description |
|---|---|
|
Cisco 2700, 3700 series APs reload - %DOT11-2-RADIO_RX_BUF: Corrupt buf |
|
|
Only single IMM / CIMC IP addr configured for both controller active and standby |
|
|
HA_send_usmDbSpamSetRadSlotBand, ErrType:Apply Config failed on Standby |
|
|
Cisco Wave 2 AP uses invalid CAPWAP-Data keep-alive source port |
|
|
AP name is "AP0000.0000.0000" on new/factory reset APs |
|
|
Max client reached on AP. Sending association response failure with reason code 17 |
|
|
Reaper Reset due to too much cpu while SW Watchdog is disabled - various processes |
|
|
Cisco Wave 2 AP-COS FIQ/NMI reloads unexpectedly on the radio driver |
|
|
Apple iPad devices are getting profiled as Apple device |
|
|
Cisco 2802E AP with dart connector - custom RF profile not always applied properly to XOR |
|
|
Cisco controller reloads unexpectedly with task emweb after 'debug flexconnect' command is typed |
|
|
Cisco 2700 AP radio resets with FC71 code |
|
|
Cisco controller is sending duplicate interim accounting packets to ISE |
|
|
Cisco controller applying wrong interface policy to re-associated client after SSO |
|
|
Multiple Vulnerabilities in OpenSSL |
|
|
Cisco 1542 AP reloads unexpectedly due to kernel panic-cascade+0x60/0x88 |
|
|
Cisco 2800,3800 AP does not map the DSCP to the correct WMM UP Value for FlexConnect Local Switching |
|
|
IOS Flex LSLA AP Client VLAN issue, clients getting IP from incorrect VLAN |
|
|
Cisco 5508 WLC reloads unexpectedly with high cpu util on emWeb process |
|
|
702AP: WGB is disconnectig from root AP 'parent lost: Too many retries' RTS when root AP is offchanl |
|
|
Cisoc 1702 AP did not recognize association request, ACK from wireless client |
|
|
Cisco 702w AP enables POE in LAN 4 before joining Cisoc WLC after reboot |
|
|
Cisco 3702 AP reloads unexpectedly due to Encryption Engine Stuck |
|
|
Cisco Wave 1 AP sends multiple control subtype frames on very low RSSI |
|
|
Cisco IOS FlexConnect AP changes VLAN ID for SSID |
|
|
Cisco 819: AP group name on AP module is missing after router reload |
|
|
WLC FTIE not saved sending Association Response FT 802.11r |
|
|
8.5 MAP - IOS_PKI_SHIM: PKI_SignMessage PostHashEncrypt ret 1 Error |
|
|
SC2/SC3 not recognising the ACK from the client at Cell Edges |
|
|
Standby WLC keeps unjoined AP Stats entry even if Stats is cleared on Active WLC |
|
|
[Cisco 1832i AP/8.8.100] TKIP first M5 not encrypted immediately after M1-M4 |
|
|
AAA override pmk-cache can result in unwanted L3 inter-controller roaming |
|
|
Unable to do PAC provisioning if Auth server shared secret is changed |
|
|
CLI not taking all the commands sent via "paste" |
|
|
Cisco 3700 AP Slot 2 module reloads unexpectedly |
|
|
CAP1552H 15.3(3)JD6 Autonomous Status LED not lighting. It is unlit (Off). |
|
|
Cisco 2800 ME controller reloads unexpectedly with FIQ/NMI reset on 8.5.135.73. |
|
|
Cisco 702W AP has tracebacks and beacons stuck with load 8.5.140.0 |
|
|
Invalid web-auth https-redirect command in startup-config |
|
|
C3702AP on 8.5.140.0: %DOT11-2-RADIO_RX_BUF: 1E72C72C leads to unexpected reloads with reason 44 |
|
|
AP Syslog Facility does not work on IOS AP |
|
|
Client usage counters not reset with Accounting stop |
|
|
DCA assigning channel not allowed via RF profile to Cisco Wave 2 APs. |
|
|
WLC modified FlexACLs rules are not populated on the Flex AP |
|
|
Cisco 702W AP radio resets, tracebacks and other radio buffer errors |
|
|
WLC/AP do not send M1 message to clients |
|
|
Cisco 8510 controller on on 8.3.141.10 DP crash at broffu_fp_dapi_cmd.c:4588 |
|
|
WLC logs "NMSP cloud service update. Received CMX service Link Check" even when CMX is not used |
|
|
Cisco 702w AP on 8.5.135.5: Client not getting DHCP IP |
|
|
Wireless clients getting IP from wrong VLAN using VLAN Based Central Switching. |
|
|
Dynamic AP Manager does not work when LAG enabled on WLC |
|
|
Cisco 5520 controller reloads unexpectedly on taskname : NFV9_Task |
|
|
Multicast Packet drop on Cisco 2800, 3800 AP series |
|
|
Cisco 3802 series APs unable to associate clients when using UNII-1 Channels |
|
|
Cisco 702w AP fails to broadcast beacons on BI |
Resolved Caveats
|
Caveat ID Number |
Description |
|---|---|
|
APF_HA-3-SYNC_RETRANSMIT_FAIL Messages in show msglog |
|
|
Cisco 3700 AP Tx stop Radio reset due to false radio Tx inprog count |
|
|
Only single IMM / CIMC IP addr configured for both controller active and standby |
|
|
MAP Gigabit port being learnt in Mesh management VLAN instead of client VLAN |
|
|
Channel utilization changes to 0% on Marvell chipset based Cisco Wave 1 APs |
|
|
ME: 1800 AP disconnects the client during EAP negotiation by reason: MN_REASSOC_TIMEOUT |
|
|
Cisco 1832 AP Rx not working with AP not responding to probe requests |
|
|
Cisco Controller becomes inaccessible with client rate limiting |
|
|
SSO failover causes mobilty tunnels go down |
|
|
Radio Reset Tx Jammed seen on both 8.3 and 8.5 |
|
|
Cisco Wave 1 APs radio reset due FST14 FW: cmd=0x31 seq=6 due to mcast stuck in radio |
|
|
Cisco 2800 AP: FlexConnect AP WLAN-VLAN Mapped incorrectly |
|
|
Locally generated webadmin certificate shows as 3rd party after upgrade on 8.3 code |
|
|
Standby 8540 WLC-reloads unexpectedly with rmgrMain due to IPC timeout |
|
|
Cisco IOS APs unexpectedly reloads due to bad CPQ on 8.5 release code |
|
|
RSN IE validation fails in M2 (802.11r session timeout) after reassociation causing deauth code 17 |
|
|
Access Point is not sending TCP fragments over the air |
|
|
Cisco 1832 AP unexpectedly reloads with 'PC is at __napi_complete+0x28/0x60' |
|
|
Creation time of Local Net User set to Jan 1 00:00:00 1970 |
|
|
WLC remote access failing after upgrade |
|
|
802.11 arp-cache does not work if BVI VLAN and client VLAN are different |
|
|
TrustSec: AP picks wrong SXP Node ID |
|
|
Cisco Wave 1 AP deauthenticating client due to idle timeout |
|
|
Cisco 1810W AP not giving IPs to cell phones using WPA/TKIP protocol |
|
|
AIR-CT3504 mGig showing FCS errors incrementing |
|
|
Add a warning when FRA is disabled to warn a user that XOR radio will not revert back to 2.4Band |
|
|
Failed to set Country Codes when WLC has redundant country codes CA2, KR, PH2, US2, USL, USX |
|
|
New Mobility CAPWAP control keepalive should not plumb keys when receiving unencrypted responses |
|
|
Cisco WLC reloads unexpectedly on emWeb due to too many HTTP buffers received |
|
|
Cisco AP with regulatory domain Morocco cannot join the Cisco WLC |
|
|
The FlexConnect groups are missing in backup configuration file |
|
|
Cisco 1800 series APs falsely shows 100% channel utilization on 5GHz |
|
|
Cisco 2800 AP CleanAir goes down (sensord died) |
|
|
Cisco 2800 AP detects Intel Dual Band Wireless-AC 8260 as rogue client/AP |
|
|
Cisco ME (Mobility Express) unexpectedly reloads on DHCP spamSendConfigSync |
|
|
Assigning a NetFlow monitor to the WLAN will internally enable AVC on WLC |
|
|
Cisco AP1815I : reloads unexpectedly due to 'watchdog reset(sync_log)' |
|
|
Cisco WiSM2 unexpectedly reloads on task name sshpmLscTask after initial config |
|
|
Cisco Wave 1 APs not reporting known interference with disabled WSSI module |
|
|
Client remains stuck in DHCP-REQD state on Anchor side unless ISE NAC is disabled on the anchor side |
|
|
Cisco Wave 1 MAP: Mesh security failures after roaming between 2 parents |
|
|
Cisco 2800 AP not joining WLC if 'Enable NAT Address' feature is enabled |
|
|
Cisco 3802, 2802 AP with DART connectors has a Tx power value of 0 |
|
|
WLC reloads unexpectedly while working on spamApTask6 |
|
|
Cisco 2802 AP not sending re-association response to Cisco 8821 phone |
|
|
Watchdog reset out of memory on Cisco 3800 AP running 8.3.133.0 code |
|
|
Cisco 3504 Controller - OpenDNS registration failure - Return 77 |
|
|
WLC system reloads unexpectedly due to task name RRM-MGR-2_4-GRP |
|
|
Upgrading Mobility Express to 8.7.102.0 causes it to reloads unexpectedly in a continuous loop |
|
|
Creating a webauth CSR certificate on the WLC GUI does not allow spaces |
|
|
8.5MR3 Interim AP cannot join with NAT address on management interface of controller |
|
|
Cisco Rx SOP global configuration not applied to new Access Points |
|
|
Clean up debug lisp map-server output for AP onboarding |
|
|
Cisco 1810wAP kernel panic leads to unexpected reload on PC at ieee80211_node_authorize+0x90/0xb8 |
|
|
SSH/Management Access of Primary WLC not possible when HA failover occurs in 8.5.120.0 |
|
|
702 AP as WGB keeps being disconnected from the WLAN due to parent lost: Missed beacons |
|
|
WGB is only allowing 8 MAC addresses pass traffic using 3802 AP [as CAPWAP AP and 3702 AP as WGB] |
|
|
Add 'show advanced hyperlocation summary' to 'show run-config' and 'show tech' |
|
|
AP name corruption after upgrade |
|
|
Cisco AP name mismatch with controller on join |
|
|
Cisco Wav 2 APs not sending probe response when SSID is not broadcasted |
|
|
WLC is losing its EoGRE configuration after reboot |
|
|
[SDA] Wireless Clients losing L2VNID override when performing Switchover on Cisco 5520 WLC |
|
|
Incorrect Tx power on AP3802P-Q on some channels |
|
|
SSH CBC ciphers are present from 8.6 and onwards releases |
|
|
CONFIGSYNC-3-CONFIG_SYNC_SEM_REL_FAIL & CLEAN_TASK: Reaper cleaning up exited task 'ConfigSync' |
|
|
Cisco WLC sending CAPWAP discovery response when it has no available licenses |
|
|
Cisco WiSM2 reloads unexpectedly on SNMP task |
|
|
Cisco Controller is generating client traps without a session-id |
|
|
Client coming back within 10 seconds of cleanup time is stopping the DHCP timer on the WLC |
|
|
Cisco WLC unexpectedly reloads on task Dot1x_NW_MsgTask_2 |
|
|
Cisco vWLC web authentication not working |
|
|
WLC sending wrong NAS ID when AAA override is enabled |
|
|
AIR-AP1562D-E-K9 with regulatory domain Kazakhstan does not join the WLC |
|
|
Cisco 2800, 3800,4800 APs: Incorrect Tx power on power on till we configure Tx power using Cisco WLC |
|
|
Cisco Mesh APs Best-Effort Tx queue stuck |
|
|
Ping command does not use management interface as source interface |
|
|
Cisco 2800, 3800 APs loose its ability to reach the default gateway |
|
|
UX AP:Primed UX AP reset to UX when SNTP server is configured |
|
|
Cisco 5520 WLC reloads unexpectedly when RADIUS server returns invalid value in Airespace-ACL-Name |
|
|
Cisco 1810W APs may have power denied from older PoE 802.3af switches |
|
|
Local policy is not applied when foreign WLC is running 8.3.141.0 |
|
|
WLC unexpectedly reboots on Dot1x_NW_MsgTask_1 |
|
|
Cisco controller stops working as emWeb spikes to 100% CPU usage after executing 'show run-config' |
|
|
WLC Client RSSI and SNR values to be updated as part of Assoc & reassoc request processing |
|
|
The WLC is replying with the wrong value for the following OID: bsnAPIfProfileParamAssignment |
|
|
Cisco 1850 APs experiencing frequent and unexpected reloads due to memory corruption |
|
|
Wave 1 AP WLAN Client Stats cldcClientDataRetries counter is zero |
|
|
OpenDNS profile keeps being mapped for client when the username changes |
|
|
Cisco 5520 Controller reloads unexpectedly for emweb in 8.6.101.0 release |
|
|
AP is not downloading the WLC 85Mr3 image rather it says image is already in the backup |
|
|
Wave 1 APs - AP radio FW image install failure in the bootup loop |
|
|
IOS APs, recovery logic for failure on primary image |
|
|
Cisco Controller reloads unexpectedly after modifying SNMP trap controls via GUI |
|
|
Cisco 1815AP: Incorrect VCI string of DHCP option 60 |
|
|
IPC timeout and tracebacks reported on HA pair running 8.5.131.0 (8.5MR3) |
|
|
Hotspot 2.0 OSU SSID is picking profile name |
|
|
No legacy rates; default to lowest CCK/OFDM rate |
|
|
Client is unable to connect due to the 'Failed to create a timer' error |
|
|
WLC power supply status is incorrect when there is no power supply |
|
|
Cisco 1542, 1815I APs - Ethernet interface flapping when connected to 100Mbit switchports |
|
|
WLC HA standby reboots reaching maintenance mode due to missing NaServCaCert_p12.pem on Active |
|
|
Cisco 1562 MAP stops sending Block ACK once the Cisco 1572 RAP moves to another controller |
|
|
Cisco 1810W AP running 8.2.170.4 code: 5G radio FW resets @0x009A4F9F |
|
|
NAS-ID in WLAN cannot be changed in the startup-command after you saved once |
|
|
Cisco WLC stops working when LAG mode is enabled on the AP |
|
|
Support Bundle output only genertaes WSA core bundle when WSA is enabled |
|
|
AP does not initiate the CAPWAP discovery process, it gets stuck during the PNP discovery process |
|
|
WLC is not returning the expected prompt when logging in via SSH |
|
|
Advance IPMI is not set and causing fan noise |
|
|
WLC 8.7 does not present full certificate chain on web authentication guest portal |
|
|
APX800 sniffer mode not sending frames with AMSDU 1500 Bytes to destination |
|
|
Local Split and Central path traffic stops after some time with Cisco 2800 APs |
|
|
Cisco controller reloads unexpectedly on Taskname 'emWeb' |
|
|
AIR-AP2802I not sending beacons with both radios in 5GHz |
|
|
Pre-auth ACLs are not configuring for RLAN in ME UI |
|
|
Wave 2 Flex Efficient Upgrade fails as primary AP sends empty image_str to WLC |
|
|
ME GUI: preauth ACL rules disappear when VLAN tagging is enabled on WLAN |
|
|
Cisco 1852 AP failure of association due to set CAPWAP tunnel failed |
|
|
BSSID/Client Rate Limit prevent clients to pass traffic on Mobility Express |
|
|
Cisco 3702 AP: High CPU utilization under NCI Rx. Unable to join the controller |
|
|
VLAN priority tag inside the EoGRE packet set to non-zero when 802.1p set to none in LOCAL mode |
|
|
Cisco Wave 2 APs Preimage download fails after 64 retries with poor WAN link |
|
|
CAP2800 on ME image 8.6.101.0, 8.7.106.0 reloads unexpectedly in ewsContexSendRedirect200->ewaDate |
|
|
Cisco WiSM2 not releasing licenses after reboot |
|
|
Cisco 1852 series APs Kernel Panic due to NSS memory corruption |
|
|
Cisco 3802, 4800 AP drops packets larger than 1426 (inner IP) with VxLAN |
|
|
WLC Smart License : Smart license registration failing for ProductInstance not valid in switchover |
|
|
WLC is sending incorrect counter value for the broadcast and multicast throgh SNMP |
|
|
Cisco controller to support OUI based Client Profiling |
|
|
Unable to Associate clients with PSK/dot1x security in Flexconnect Standalone Mode. |
|
|
Cisco WiSM2 memory leak due to hotspot_anqp |
|
|
Cisco 1810W AP reports low power after requesting and receiving 14.2W after upgrading to 8.5.131.0 |
|
|
Cheetah WGB - Fast Roaming PSK with/without over the DS. FT Auth-Response is not received |
|
|
AAA override for native VLAN with flexlocal switching not applied to client on Cisco 1562 AP |
|
|
Intergrated Management Module (IMM) summary shows a username which is multiple usernames merged |
|
|
WLC: After soft-roam of client, client is not able to see new Apple TV from associated AP-Grp VLAN |
|
|
DCA channel assignment on XOR radio is broken while static 5G assignment |
|
|
Cisco 702W AP: Runs out of memory and reloads |
|
|
Cisco 4800 series AP takes pre-download of unsupported code |
|
|
Cisco Wave 2 APs sometimes do not send IAPP update after client address change |
|
|
EoGRE clients ARP Response inside CAPWAP gets corrupted |
|
|
Cisco 1815w AP: RLAN multicast does not work with local mode local switch |
|
|
Cisco controller reloads unexpectedly on webauth_redirect_main task |
|
|
Configuration file should not be modified due to low flash memory |
|
|
Cisco controller is sending packets out to Gateway with DF =1 when inside header is set DF =0 -EoGRE |
|
|
Controller crashing due to SNMP memory corruption |
|
|
8.8MR1:Number of DX messages in sync Queue ... 440001[805520.362884] Controller crashed ....Queue |
|
|
Cisco controller reloads unexpectedly in Dot1x_NW_MsgTask_7 due to validateWpaKeyStateSTART |
|
|
DNAC Wireless Assurance does not respond to POST causing WLC to timeout & eventually drop data |
|
|
Cisco controller reloads unexpectedly due to data plane crash |
|
|
Cisco 3800 AP stops passing traffic under client load in MU-MIMO deployment |
|
|
Cisco 1852 AP Kernel Panic at ClientCapabilitiesTracker |
|
|
WLC allows to configure OEAP ACLs in software version that do not support them |
|
|
Cisco controller redirects to internal webauth login page after successful external webauth login |
|
|
WLC applying wrong interface policy to re-associated client after SSO |
|
|
Cisco 2800, 3800 APs: dropping the Neighbor Advertisement for Global IPv6 address |
|
|
Leak in I/O memory - middle buffers - due to LWAPP IPv6 |
|
|
Cisco 2800 AP reloads unexpectedly with ERROR TAMD device 'ap-tam' heartbeat failure |
|
|
FT 802.1x Clients are not able to authenticate to COS AP after HA Failover |
|
|
Cisco 18xx APs unexpectedly reload due to 'radio failure(radio recovery failed)' |
|
|
Phone 8821 has roaming issues with 2802/3802 access points MIC mismatch |
|
|
Cisco Wave 2 APs: AP not able to join the controller when NAT is enabled |
|
|
WLC includes NULL Bytes within the JSON it posts |
|
|
Decrypt errors seen on Cisco 702 AP |
|
|
Cisco 1815w:RLAN port'traffic will get stuck at TX direction after end device restarts several times |
|
|
Cisco 3800 AP reloads unexpectedly on 8.2.170.2 |
|
|
'%SAFEC-3-SAFEC_ERROR' observed while decoding iPSK key from radius |
Related Documentation
Communications, Services, and Additional Information
-
To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
-
To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
-
To submit a service request, visit Cisco Support.
-
To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco Marketplace.
-
To obtain general networking, training, and certification titles, visit Cisco Press.
-
To find warranty information for a specific product or product family, access Cisco Warranty Finder.
Cisco Bug Search Tool
Cisco Bug Search Tool (BST) is a web-based tool that acts as a gateway to the Cisco bug tracking system that maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. BST provides you with detailed defect information about your products and software.
Feedback