Cisco 3504 Wireless Controller Data Sheet

Data Sheet

Available Languages

Download Options

  • PDF
    (465.0 KB)
    View with Adobe Reader on a variety of devices
Updated:January 26, 2021

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Save up to 25% with a Cisco DNA Starter Kit. Bundle a Cisco DNA Center appliance with eligible access devices.

Available Languages

Download Options

  • PDF
    (465.0 KB)
    View with Adobe Reader on a variety of devices
Updated:January 26, 2021


Optimized for 802.11ac Wave 2 performance, the intent-driven Cisco DNA ready Cisco® 3504 Wireless Controller with Cisco Multigigabit Ethernet technology is a compact, highly scalable, service-rich, resilient, and flexible platform that enables next-generation wireless networks for small to medium-sized enterprises and branch office deployments.

As of January 2021, the Cisco 3504 Wireless Controller has been transitioned to End-of-Sale status and will no longer be available for purchase. Migrating to the next Cisco product is easy, as there are many Cisco wireless controller options that can fit your needs. These products can be found on the Cisco Catalyst 9800 web page.

Product overview

The Cisco 3504 Wireless Controller provides centralized control, management, and troubleshooting for small to medium-sized enterprises and branch offices. It offers flexibility to support multiple deployment modes in the same controller—a centralized mode for campus environments, Cisco FlexConnect® mode for lean branches managed over the WAN, and a mesh (bridge) mode for deployments in which full Ethernet cabling is unavailable. As a component of the Cisco Unified Wireless Network, the 3504 controller provides real-time communications between Cisco Aironet® access points and Cisco Catalyst® access points, Cisco Prime® Infrastructure, and the Cisco Mobility Services Engine, and is interoperable with the Cisco 5520 and 8540 Wireless Controllers.

The Cisco Digital Network Architecture (Cisco DNA) is an open and extensible, software-driven architecture that accelerates and simplifies your enterprise network operations. The programmable architecture frees your IT staff from time-consuming, repetitive network configuration tasks so they can focus instead on innovation that positively transforms your business. SD-Access, as part of Cisco DNA, enables policy-based automation from edge to cloud with foundational capabilities. Cisco DNA Assurance, also part of Cisco DNA, provides a single source to monitor, modify, and manage your network and application data.

Cisco 3504 Wireless Controller,

Figure 1.            

Cisco 3504 Wireless Controller

Features and benefits

The Cisco 3504 Wireless Controller with Cisco Multigigabit Ethernet technology is optimized for 802.11ac Wave 2 performance, high scale, and enhanced system uptime. It offers:

      Intent-driven programmability and streaming telemetry.

      Quiet operation, with a small form factor and compact design ideal for space-constrained deployments, providing flexibility without compromising on features.

      Cisco Multigigabit Ethernet technology to support next-generation 802.11ac Wave 2 deployments using existing cabling infrastructure.

      Subsecond access point and client failover for uninterrupted application availability.

      Extraordinary visibility into application traffic, using Cisco Application Visibility and Control (AVC), the technology that includes the Network-Based Application Recognition 2 (NBAR2) engine, with Cisco's Deep Packet Inspection (DPI) capability. This allows the 3504 to mark, prioritize, and block to conserve network bandwidth and enhance security. Customers can optionally export the flows to Cisco Prime Infrastructure or a third-party NetFlow collector.

      An embedded wireless Bring-Your-Own-Device (BYOD) policy classification engine that allows classification of client devices and application of user group-based policies.

      Guest access and Bonjour and Chromecast services in centralized deployments.

      Software-defined segmentation with Cisco TrustSec® technology, reducing Access Control List (ACL) maintenance, complexity, and overhead.

      Integrated Cisco CleanAir® technology, providing the industry’s only self-healing and self-optimizing wireless network.

      A simplified GUI wizard for quick setup and intuitive dashboards for monitoring and troubleshooting.

      Cisco DNA and SD-Access Wireless, as well as Cisco DNA Assurance.

Table 1 lists the features and benefits of the 3504 wireless controller.

Table 1.        Features and benefits



Cisco DNA SD-Access Wireless

SD-Access Wireless is Cisco’s next-generation architecture for enterprise networks. It is the industry’s first policy-based automation from the edge to the cloud. It enables network access in minutes for any user or device to any application without compromising on security.

SD-Access Wireless enables policy-based automation for wired and wireless, automated provisioning of wired and wireless networks, group-based policy for users and connected devices, and a distributed wireless data plane for campus deployments. In addition, all client roams are treated as Layer 2 roams across the network for distributed traffic.

Learn more at

Cisco DNA Analytics and Assurance

Cisco DNA Analytics and Assurance offer comprehensive network visibility. It collects data from users, devices, and applications to proactively identify problems. Network analytics and automation help IT quickly resolve issues, so you can increase availability and deliver a better user experience.

Learn more at

Scalability and performance

Optimized to enable 802.11ac Wave 2 next-generation networks, supporting:

  4-Gbps throughput
  150 access points
  3000 clients
  1x Multigigabit Ethernet interface (up to 5 Gigabit Ethernet), + 4x 1 Gigabit Ethernet
  4096 VLANs

Flexibility and ease of deployment

  Only 10-in. (25-cm) depth to fit nicely in reduced-depth cabinet or desktop deployments
  Quiet and fanless operation for cabinet or desktop (up to 86°F [30°C] ambient) deployment. The fans are used by the controller only under certain conditions
  For quick and easy deployment, access points can be connected directly to the controller via two Power over Ethernet (PoE) ports

RF management

  Proactively identifies and mitigates signal interference for better performance
  Provides both real-time and historical information about RF interference affecting network performance across controllers, through systemwide integration with Cisco CleanAir technology

Multimode with indoor/ outdoor mesh access points

  Versatile controller with support for centralized, distributed, and mesh deployments to be used at different places in the network, offering maximum flexibility for medium-sized campus, enterprise, and branch networks
  Centralized control, management, and client troubleshooting
  Seamless client access in the event of a WAN link failure (local data switching)
  Highly secure guest access
  Efficient access point upgrade that optimizes WAN link utilization for downloading access point images
  Cisco OfficeExtend technology that supports corporate wireless service for mobile and remote workers with secure wired tunnels to indoor Cisco Aironet access points supporting OfficeExtend mode

Comprehensive end-to-end security

  Offers Control and Provisioning of Wireless Access Points (CAPWAP)-compliant Datagram Transport Layer Security (DTLS) encryption on the control plane between access points and controllers across remote WAN links
  Management frame protection detects malicious users and alerts network administrators
  Rogue detection for Payment Card Industry (PCI) compliance
  Rogue access point detection and detection of denial-of-service attacks

End-to-end voice

  Supports Cisco Unified Communications for improved collaboration through messaging, presence, and conferencing
  Supports all Cisco Unified IP Phones for cost-effective, real-time voice services

Fault tolerance and high availability

  Subsecond access point and client failover for uninterrupted application availability
  Redundant 1 Gigabit Ethernet or Cisco Multigigabit Ethernet (up to 5 Gigabit Ethernet) connectivity
  Solid-state device-based storage—no moving parts
  Enhanced system uptime with fast system restarts

Cisco Enterprise Wireless Mesh

  Allows access points to dynamically establish wireless connections without the need for a physical connection to the wired network
  Available on select Cisco Aironet access points, Enterprise Wireless Mesh is ideal for warehouses, manufacturing floors, shopping centers, and any other location where extending a wired connection may prove difficult or aesthetically unappealing

WLAN express setup

  Simplified GUI wizard for quick setup, and intuitive dashboards for monitoring and troubleshooting

High-performance video

  Cisco VideoStream technology optimizes the delivery of video applications across the WLAN

Mobility, security, and management for IPv6 and dual-stack clients

  Highly secure, reliable wireless connectivity and consistent end-user experience
  Increased network availability through proactive blocking of known threats
  Equips administrators for IPv6 planning, troubleshooting, and client traceability from Cisco Prime Infrastructure

Energy efficiency

  Organizations may choose to turn off access point radios to reduce power consumption during off-peak hours

Perpetual licensing

The Cisco 3504 Wireless Controller provides right-to-use (with End User License Agreement [EULA] acceptance) license enablement for faster time to deployment, with flexibility to add additional access points (up to 150 access points) as business needs grow.

      Additional access point capacity licenses can be added over time.

      Right-to-use licensing (with EULA acceptance) for faster and easier license enablement.

      Starting with the 8.5 release, the Cisco 3504 Wireless Controller also provides an option to enable licensing using Cisco Smart Software Licensing, designed for easy monitoring and consumption of licenses.

      Manage license deployments with real-time visibility to ownership and consumption.

      Pool license entitlements in a single account. Licenses can be moved freely through the network, wherever they are needed.

Cisco does not allow porting of non-Cisco ONE perpetual AP licenses (like former Base capacity or capacity upgrade “Adder” licenses) from any older Cisco Wireless Controllers (eg. Cisco 2504, 4400, 5508, 7510, 8510 Wireless controllers) to Cisco 3504, 5520, and 8540 Wireless controllers.

Cisco does allow porting of perpetual AP licenses between Cisco 3504, 5520 and 8540 Wireless Controllers.

Term-based licensing

With the Cisco DNA architecture, we are also introducing term-based software packages: Cisco DNA Essentials and Cisco DNA Advantage and Cisco DNA Premier. In addition to on-box capabilities, the Cisco DNA packages unlock additional functionality in Cisco DNA Center, enabling controller-based software-defined automation in your network.

License consumption is further simplified with the following three package combinations. Cisco Embedded Support is included in all the three packages.

Essentials: Term-based (3, 5, or 7 years per access point) Cisco DNA Essentials package, term-based access point license, and term-based Cisco Prime Lifecycle and Assurance infrastructure licenses.

Advantage: Term-based (3, 5, or 7 years per access point) Cisco DNA Advantage package. It also includes everything in the Cisco DNA Essentials package.

Cisco DNA Premier: Term-based (3, 5, or 7 years per access point) Cisco DNA Advantage package (includes Cisco DNA Essentials package), ISE Base, ISE Plus and CMX Base.

You can continue to deploy your network using perpetual licensing or the new term-based packages. The term- based licensing provides you with the additional benefit of using the same Cisco DNA license on any Cisco WLAN controllers and with any Aironet access point.

Product specifications

Table 2.        Product specifications




IEEE 802.11a, 802.11b, 802.11g, 802.11d, WMM/802.11e, 802.11h, 802.11n, 802.11k, 802.11r, 802.11u, 802.11w, 802.11ac Wave 1 and Wave 2, Wi-Fi 6 (802.11ax) Note: The wireless controller does not contain any radio function itself. The wireless controller manages wireless access points/devices that implements these radio specification and functionality

Wired, switching, and routing

IEEE 802.3 10BASE-T, IEEE 802.3u 100BASE-TX specification, 1000BASE-T. 1000BASE-SX, 1000-BASE-LH, IEEE 802.1Q VLAN tagging, IEEE 802.1AX Link Aggregation

Data Request For Comments (RFC)

  RFC 768 UDP
  RFC 791 IP
  RFC 2460 IPv6
  RFC 792 Internet Control Message Protocol (ICMP)
  RFC 793 TCP
  RFC 826 Address Resolution Protocol (ARP)
  RFC 1122 Requirements for Internet Hosts
  RFC 1519 Classless Interdomain Routing (CIDR)
  RFC 1542 BOOTP
  RFC 2131 Dynamic Host Configuration Protocol (DHCP)
  RFC 5415 CAPWAP Protocol
  RFC 5416 CAPWAP Binding for 802.11

Security standards

  Wi-Fi Protected Access (WPA)
  IEEE 802.11i (WPA2, RSN)
  RFC 1321 MD5 Message-Digest Algorithm
  RFC 1851 Encapsulating Security Payload (ESP) Triple Data Encryption Standard (3DES) Transform
  RFC 2104 HMAC: Keyed Hashing for Message Authentication
  RFC 2246 Transport Layer Security (TLS) Protocol Version 1.0
  RFC 2401 Security Architecture for the Internet Protocol
  RFC 2403 HMAC-MD5-96 within ESP and Authentication Header (AH)
  RFC 2404 HMAC-SHA-1-96 within ESP and AH
  RFC 2405 ESP DES-CBC Cipher Algorithm with Explicit IV
  RFC 2407 Interpretation for Internet Security Association and Key Management Protocol (ISAKMP)
  RFC 2409 Internet Key Exchange (IKE)
  RFC 2451 ESP Cipher Block Chaining (CBC)-Mode Cipher Algorithms
  RFC 3280 Internet X.509 Public Key Infrastructure (PKI) Certificate and Certificate Revocation List (CRL) Profile
  RFC 4347 Datagram Transport Layer Security
  RFC 5426 TLS Protocol Version 1.2


Wired Equivalent Privacy (WEP) and Temporal Key Integrity Protocol-Message Integrity Check (TKIP-MIC):

  RC4 40, 104 and 128 bits (both static and shared keys)
  Advanced Encryption Standard (AES): CBC, Counter with CBC-MAC (CCM), Counter with CBC Message Authentication Code Protocol (CCMP)
  Data Encryption Standard (DES): DES-CBC, 3DES
  Secure Sockets Layer (SSL) and TLS: RC4 128-bit and RSA 1024- and 2048-bit
  802.1AE MACsec encryption

Authentication, Authorization, and Accounting (AAA)

  IEEE 802.1X
  RFC 2548 Microsoft Vendor-Specific RADIUS Attributes
  RFC 2716 Point-to-Point Protocol (PPP) Extensible Authentication Protocol (EAP)-TLS
  RFC 2865 RADIUS Authentication
  RFC 2866 RADIUS Accounting
  RFC 2867 RADIUS Tunnel Accounting
  RFC 2869 RADIUS Extensions
  RFC 3576 Dynamic Authorization Extensions to RADIUS
  RFC 5176 Dynamic Authorization Extensions to RADIUS
  RFC 3579 RADIUS Support for EAP
  RFC 3580 IEEE 802.1X RADIUS Guidelines
  RFC 3748 EAP
  Web-based authentication
  TACACS support for management users


  Simple Network Management Protocol (SNMP) v1, v2c, v3
  RFC 854 Telnet
  RFC 1155 Management Information for TCP/IP-Based Internets
  RFC 1156 MIB
  RFC 1157 SNMP
  RFC 1350 Trivial File Transfer Protocol (TFTP)
  RFC 1643 Ethernet MIB
  RFC 2030 Simple Network Time Protocol (SNTP)
  RFC 2616 HTTP
  RFC 2665 Ethernet-Like Interface Types MIB
  RFC 2674 Definitions of Managed Objects for Bridges with Traffic Classes, Multicast Filtering, and Virtual Extensions
  RFC 2819 Remote Monitoring RMON MIB
  RFC 2863 Interfaces Group MIB
  RFC 3164 Syslog
  RFC 3414 User-Based Security Model (USM) for SNMPv3
  RFC 3418 MIB for SNMP
  RFC 3636 Definitions of Managed Objects for IEEE 802.3 MAUs
  Cisco private MIBs

Management interfaces

  Web-based: HTTP/HTTPS
  Command-line interface: Telnet, Secure Shell (SSH) Protocol, serial port
  Cisco Prime Infrastructure

Interfaces and indicators

  1x Multigigabit Ethernet interface (up to 5 Gigabit Ethernet) + 4x 1 Gigabit Ethernet interfaces (RJ-45)
  1x service port: 1 Gigabit Ethernet port (RJ-45)
  1x redundancy port: 1 Gigabit Ethernet port (RJ-45)
  1x console port: Serial port (RJ-45)
  1x console port: Serial port (mini-B USB)
  1x USB 3.0 port
  LED indicators: Network link, diagnostics

Physical and environmental

Dimensions: 1.73 x 9.5 x 8.5 in. (43.94 x 214.3 x 215.9 mm)

Weight: 4.4lbs


Operating: 32 to 104 °F (0 to 40°C)

Storage: -4 to 158 °F (-20 to 70°C)


Operating Humidity: 5% to 95% RH non-condensing

Storage Humidity: 0% to 95% RH non-condensing

Power adapter: Input power: 100 to 240 VAC; 50/60 Hz

Heat dissipation (without PoE): 47W, 160BTU/hr

Heat dissipation (with PoE): 98W, 335BTU/hr

Regulatory compliance

CE Markings per directives 2004/108/EC and 2006/95/EC Safety:

  UL 60950-1 Second Edition
  CAN/CSA-C22.2 No. 60950-1 Second Edition
  EN 60950-1 Second Edition
  IEC 60950-1 Second Edition
  AS/NZS 60950-1
  GB4943 2011 EMC - Emissions:
  47CFR Part 15 (CFR 47) Class B
  AS/NZS CISPR22 Class B
  EN 55032 Class B
  ICES003 Class A VCCI Class B
  EN 61000-3-2 EN 61000-3-3 KN22 Class B
  CNS13438 Class B EMC - Immunity:
  EN 55024
  EN 300386

Warranty information

Find warranty information on at the Product Warranties page.

The Cisco 3504 Wireless Controller is backed by a warranty that includes:

      3 years parts coverage

      10-day Advance Replacement (AR): Cisco or its service center will use commercially reasonable efforts to ship a replacement within ten (10) working days after receipt of the RMA request. Actual delivery times might vary depending on customer location

This warranty also includes a 90-day software warranty on media and ongoing downloads of BIOS, firmware, and drivers.

Ordering information

For ordering details, please consult the part numbers in Table 3. To place an order, visit the Cisco How to Buy homepage. To download software, visit the Cisco Software Center.

Table 3.        Ordering information

Product name

Part number

Services 8x5xNBD

Cisco 3504 Wireless Controller



Perpetual licenses

Cisco 3504 Wireless Controller upgrade SKU



Cisco 3504 Wireless Controller 1 access point adder license



Cisco 3504 Wireless Controller DTLS license


Term-based licenses

Cisco DNA Essentials 3-, 5-, or 7-year term license per year per access point for wireless


Embedded Support included

Cisco DNA Advantage 3-, 5-, or 7-year term license per year per access point for wireless


Embedded Support included

Cisco DNA Premier 3-, 5-, or 7-year term license per year per access point for wireless


Embedded Support included


Cisco 3504 Wireless Controller Spare Power Supply


Cisco 3504 Wireless Controller Rack Mount Bracket


Cisco ONE Software

Cisco ONE Software offers a valuable and flexible way to buy software for the access, WAN, and data center domains. At each stage in the product lifecycle, Cisco ONE Software helps make buying, managing, and upgrading your network and infrastructure software easier. Cisco ONE Software provides:

      Flexible licensing models to smoothly distribute customers’ software spending over time

      Investment protection for software purchases through software services–enabled license portability

      Access to updates, upgrades, and new technology from Cisco through Cisco® Software Support Services (SWSS)

Cisco ONE for Access lets you manage your entire switching structure as a single, converged component. With one management system and one policy for wired and wireless networks, it offers an efficient way to provide more secure access.

Cisco ONE Software for Wireless is available for Cisco 3504 Wireless Controller.

Cisco ONE for Access Wireless is a complete software solution that helps you deliver and manage business-class wireless connectivity for all your employees and customers. It helps unlock the business potential in your wireless network while providing all the capabilities required to deploy, manage, and track wireless performance and activity. Cisco ONE for Access Wireless is available in subscription and perpetual offers for broad deployment flexibility in branch and campus environments: Cisco ONE for Advantage, Foundation for Wireless, Advanced Mobility Services, and Cloud Mobility Services are the four offers currently available in Cisco ONE for Access Wireless.


      Connect, secure, and manage business-class Wi-Fi for mobility and Bring-Your-Own-Device (BYOD) environments

      Quickly create and deploy context-aware experiences that engage people on their mobile devices

For ordering information for Cisco ONE Software for Wireless go to

Cisco Wireless LAN services

Realize the full business value of your technology investments faster with intelligent, customized services from Cisco. Backed by deep networking expertise, Cisco Wireless LAN Services enable you to deploy a sound, scalable mobility network that enables rich media collaboration while improving the operational efficiency gained from a converged wired and wireless network infrastructure based on the Cisco Unified Wireless Network. We offer expert advisory, implementation and optimization services to accelerate your transition to advanced mobility services while continuously optimizing the performance, reliability, and security of that architecture after it is deployed. In addition, Cisco Smart Net Total Care Service helps you protect your investment and derive maximum value from your Cisco products. Delivered by Cisco and backed by your trusted partner, this comprehensive service includes access to the Cisco Technical Assistance Center (TAC) 24 hours a day, 365 days a year, Cisco IOS® Software updates, online resources, and expedited hardware replacement when needed. The Smart Net Total Care service helps you solve problems faster, improve operational efficiency, and reduce the risk of downtime. For more details, visit

Cisco embedded support for Cisco DNA Term components

Cisco Embedded Support delivers the right support for Cisco software products and suites. It will keep your business applications performing as expected and protect your investment. Cisco Embedded Support for the Essentials and Advantage term components is included. Cisco Embedded Support provides access to Cisco TAC support, major software updates, maintenance and minor software releases, and the Cisco Embedded Support site, for increased productivity with anytime access.

Learn more about Cisco Services for Enterprise Networks

Cisco environmental sustainability

Information about Cisco’s environmental sustainability policies and initiatives for our products, solutions, operations, and extended operations or supply chain is provided in the “Environment Sustainability” section of Cisco’s Corporate Social Responsibility (CSR) Report.

Reference links to information about key environmental sustainability topics (mentioned in the “Environment Sustainability” section of the CSR Report) are provided in the following table:

Sustainability topic


Information on product material content laws and regulations


Information on electronic waste laws and regulations, including products, batteries, and packaging

WEEE compliance

Cisco makes the packaging data available for informational purposes only. It may not reflect the most current legal developments, and Cisco does not represent, warrant, or guarantee that it is complete, accurate, or up to date. This information is subject to change without notice.

Cisco Capital

Flexible payment solutions to help you achieve your objectives

Cisco Capital makes it easier to get the right technology to achieve your objectives, enable business transformation and help you stay competitive. We can help you reduce the total cost of ownership, conserve capital, and accelerate growth. In more than 100 countries, our flexible payment solutions can help you acquire hardware, software, services and complementary third-party equipment in easy, predictable payments. Learn more.

For more information

For more information about the Cisco 3504 Wireless Controller, visit




Your organization, your operational needs

Choose the management platform that works best for you. Your journey, your way.

Learn more