Release Notes for Cisco Catalyst 9800 Series Wireless Controller, Cisco IOS XE Gibraltar 16.12.x

Introduction to Cisco Catalyst 9800 Series Wireless Controllers

Cisco Catalyst 9800 Series Wireless Controllers are next-generation wireless controllers built for intent-based networking. The Catalyst 9800 Series Controllers are Cisco IOS XE-based and integrate the radio frequency (RF) capabilities from Cisco Aironet with the intent-based networking capabilities of Cisco IOS XE to create a best-in-class wireless experience for your organization.

The Catalyst 9800 Wireless Controllers are enterprise-ready to power your business-critical operations and transform end-customer experiences:

  • The controllers come with high availability (HA) and seamless software updates that are enabled by hot and cold patching. This keeps your clients and services on always, both during planned and unplanned events.

  • The controllers come with built-in security, including secure boot, run-time defenses, image signing, integrity verification, and hardware authenticity.

  • The controllers can be deployed anywhere to enable wireless connectivity, for example, on an on-premise device, on cloud (public or private), or embedded on a switch.

  • The controllers can be managed using Cisco DNA Center, Programmability interfaces (for example, NETCONF/YANG), web-based GUI, or CLI.

  • The controllers are built on a modular operating system. Open and programmable APIs enable the automation of your Day 0-n network operations. Model-driven streaming telemetry provides deep insights into your network and client health.

The Catalyst 9800 Series Wireless Controllers are available in multiple form factors to cater to your deployment options:

  • Catalyst 9800 Series Wireless Controller Appliance

  • Catalyst 9800 Series Wireless Controller for Cloud

  • Catalyst 9800 Embedded Wireless Controller for Switch


Note

Explore the Content Hub, the all new portal that offers an enhanced product documentation experience.

  • Use faceted search to locate content that is most relevant to you.

  • Create customized PDFs for ready reference.

  • Benefit from context-based recommendations.

Get started with the Content Hub at content.cisco.com to craft a personalized documentation experience.

Do provide feedback about your experience with the Content Hub.


What's New in Cisco IOS XE Gibraltar 16.12.1s

There are no new features in this release.

This release is bundled with the latest 802.11ax software version.

We recommend that you use Cisco DNA Center version 1.3.1 for this release.

What's New in Cisco IOS XE Gibraltar 16.12.1

This section provides a brief introduction to the new features and enhancements that are introduced in this release.

Software Features

Air Time Fairness on Mesh: The Air Time Fairness (ATF) on Mesh feature is conceptually similar to the ATF feature for local APs. ATF is a form of wireless QoS that regulates downlink airtime (as opposed to egress bandwidth). For more information, see the Air Time Fairness on Mesh chapter.

Best Practices for Cisco Catalyst 9800 Series Wireless Controller: The Best Practices monitoring window reports the status of the best practices and provides a one-click Fix It or Manual Configuration option to enable (or roll back) the practices. For more information, see Best Practices chapter or click Online Help on the web UI.

Custom IPv6 Pre-auth ACL support for EWA and LWA: Support for Fabric mode is added for FlexConnnect Client IPv6 Support with WebAuth Pre and Post ACL.

Deny Wireless Client Session Establishment Using Calendar Profiles: This feature allows the controller to stop the client session establishment of a client at a particular time. This helps control the network in an efficient and controlled manner without any manual intervention.

In a Cisco Catalyst 9800 Series Wireless Controller, you can deny the establishment of a wireless client session based on the following recurrences:

  • Daily

  • Weekly

  • Monthly

For more information, see the Deny Wireless Client Session Establishment Using Calendar Profiles chapter.

Enhanced Support for Public Cloud: A public cloud supports 6000 Cisco APs and 64000 clients for flex local switching. For more information, see the Deployment guide for Cisco Catalyst 9800 Wireless Controller for Cloud (C9800-CL) on Amazon Web Services (AWS).

IPv6 Multicast-to-Unicast: Support for IPv6 Multicast-to-Unicast was added from Cisco IOS XE Gibraltar 16.12.1. You can use IPv6 multicast addresses in place of IPv4 multicast addresses to enable media stream on the IPv6 networks. For more information, see the IPv6 Multicast-to-Unicast chapter.

IPv6 PI support for Cisco Catalyst 9800 Wireless Controllers: Support for Cisco Prime Infrastructure is added for IPv6-enabled Cisco Catalyst 9800 Series Wireless Controllers. You should configure static IPv6 on the Cisco Prime Infrastructure device, if IPv6- enabled Wireless Controllers are added to Cisco Prime Infrastructure.

Management Frame Protection: Management Frame Protection (MFP) provides security for the management messages passed between access points and clients. MFP provides both infrastructure and client support. For more information, see the Management Frame Protection chapter.

OFDMA Support for 11ax APs: The 802.11ax APs support transmission to or reception of more than one client simultaneously using Orthogonal Frequency Division Multiplexing (OFDMA). The IEEE 802.11ax protocol offers two options to create wide channels - 160-MHz channels. For more information, see the OFDMA Support for 11ax APs chapter.

Security-Enhanced (SE) Linux Permissive Mode: This mode makes the practical implementation of the “principle of least privilege” possible by enforcing Mandatory Access Control (MAC) on the Cisco IOS-XE platform. SE Linux provides the capability to define policies to control the access from an application process to a resource object, thereby allowing clear definition and confinement of process behavior.

An operation in permissive mode is available with the intent of confining specific components (process or application) of the Cisco IOS-XE platform. In the permissive mode, access violation events are detected and system logs are generated, but the event or operation itself is not blocked. The solution operates mainly in an access violation detection mode.

In the enforcement mode, the loaded policy is enforced, and if a policy violation is detected, the event or operation is blocked in Cisco IOSd.

Note that no user configuration is required to enable this feature.

To display the SE Linux audit logs, use the show platform software audit command in privileged EXEC mode. For more information about this command, see the Cisco Catalyst 9800 Series Wireless Controller Command Reference.

Sensor support for TLS1.2 EAP PEAP and EAP TLS: The Cisco Aironet 1800 Series Access Points sensor supports TLS1.2 EAP PEAP and EAP TLS from this release onwards.

Support for –P Domain: The Cisco Catalyst 9800 Series Wireless Controller supports –P domain for Japan.

The following are the –P domain-compliant Cisco APs in this release:

  • AP3802P

  • AP1562E

For current approvals and regulatory domain information, see: https://www.cisco.com/c/dam/assets/prod/wireless/wireless-compliance-tool/index.html.

Support for IPv6-enabled Cisco Catalyst 9800 Series Wireless Controller added to Cisco Prime Infrastructure: When an IPv6 enabled controller is added to Cisco Prime Infrastructure, you should configure a static IPv6 on Cisco Prime Infrastructure.

Support for Installing Cisco Catalyst 9800 Wireless Controller for Cloud on Google Cloud Platform (GCP): Support for installing Cisco Catalyst 9800 Wireless Controller for Cloud on GCP was introduced from this release. For more information, see the Cisco Catalyst 9800-CL Cloud Wireless Controller Installation Guide.

Wi-Fi Protected Access 3: WPA3 is the latest version of Wi-Fi Protected Access (WPA), which is a suite of protocols and technologies that provide authentication and encryption for Wi-Fi networks. For more information, see Wi-Fi Protected Access 3 chapter.

Wi-Fi Alliance Agile Multiband: The Wi-Fi Alliance Agile Multiband (MBO) feature enables better use of Wi-Fi network resources. This feature is built on the fundamental premise that both WiFi network and client devices have information that can aid in making roaming decisions and improve the overall performance of the WiFi network and user experience. For more information, see WiFi Alliance Agile Multiband (MBO) chapter.

Wired Guest: The Wired Guest Access feature enables guest users of an enterprise network that supports both wired and wireless access to connect to the guest access network from a wired Ethernet connection. For more information, see Wired Guest chapter.

Hardware Features

Cisco Catalyst 9800-L Wireless Controller: The Cisco Catalyst 9800-L Wireless Controller is the first low-end controller that provides a significant boost in performance and features from the Cisco 3504 Wireless Controller.

The following are the two variations of the controller:

  • Cisco Catalyst 9800-L Copper Series Wireless Controller (9800-L-C RJ45)

  • Cisco Catalyst 9800-L Fiber Series Wireless Controller (9800-L-F SFP)

For more information, see the Cisco Catalyst 9800-L Wireless Controller Hardware Installation Guide.

Complete List of Supported Features

For the complete list of features supported on a platform, see the Cisco Feature Navigator at: https://www.cisco.com/go/cfn

When you search for the list of features by platform, select:

  • 9800-40: To view all the features supported on the Cisco Catalyst 9800-40 Wireless Controller models.

  • 9800-80: To view all the features supported on the Cisco Catalyst 9800-80 Wireless Controller models.

  • 9800-CL: To view all the features supported on the Cisco Catalyst 9800 Wireless Controller for Cloud models.

  • 9800-L: To view all the features supported on the Cisco Catalyst 9800-L Wireless Controller models.

YANG Data Models

For the complete list of Cisco IOS XE YANG models available with this release, navigate to https://github.com/YangModels/yang/tree/master/vendor/cisco/xe/16121. Revision statements that are embedded in the YANG files indicate if there has been a model revision. The README.md file in the same GitHub location highlights the changes that have been made in this release.

Important Notes

By default, the controller uses a TFTP block size value of 512, which is the lowest possible value. This default setting is used to ensure interoperability with legacy TFTP servers. However, you can manually change the block size value to 8192 K using the ip tftp blocksize command in global configuration mode to speed up the transfer process.

We recommend that you configure the password encryption aes and the key config-key password-encrypt key commands to encrypt your password.

The features and functions that work on IPv4 networks with IPv4 addresses also works on IPv6 networks with IPv6 addresses. For a list of unsupported features, see the Unsupported Features section of the Native IPv6 feature.

Supported Hardware

The following table lists the supported virtual and hardware platforms:

See Table 3 for the list of supported modules.

Table 1. Supported Virtual and Hardware Platforms

Platform

Description

Cisco Catalyst 9800-80 Wireless Controller

A modular wireless controller with up to 100-GE uplinks and seamless software updates.

Controller occupies 2-rack unit space and supports multiple module uplinks.

Cisco Catalyst 9800-40 Wireless Controller

A fixed wireless controller with seamless software updates for mid-size to large enterprises.

Controller occupies 1-rack unit space and provides four 1-GE or 10-GE uplink ports.

Cisco Catalyst 9800 Wireless Controller for Cloud

A virtual form factor of the Catalyst 9800 Wireless Controller that can be deployed in a private cloud (supports ESXi, KVM, and NFVIS on ENCS hypervisors), or in the public cloud as Infrastructure as a Service (IaaS).

Cisco Catalyst 9800 Embedded Wireless Controller for Switch

The Catalyst 9800 Wireless Controller software for the Cisco Catalyst 9000 switches brings the wired and wireless infrastructure together with consistent policy and management.

This deployment model supports only SD Access, which is a highly secure solution for small campuses and distributed branches. The embedded controller supports APs only in Fabric mode.

Cisco Catalyst 9800-L Wireless Controller

The Cisco Catalyst 9800-L Wireless Controller is the first low-end controller that provides a significant boost in performance and features.

The following table lists the host environments supported for private and public cloud.

Table 2. Supported Host Environments for Public and Private Cloud

Host Environment

Software Version

VMware ESXi

  • VMware ESXi vSphere 6.0 and 6.7

  • VMware ESXi vCenter 6.0, 6.5, and 6.7

KVM

  • Linux KVM-based on Red Hat Enterprise Linux 7.1 and 7.2

  • Ubuntu 14.04.5 LTS, Ubuntu 16.04.5 LTS

AWS

AWS EC2 platform

NFVIS

ENCS 3.8.1 and 3.9.1

The following table lists the supported Cisco Catalyst 9800 Series Wireless Controller hardware models and the default license levels they are delivered with. For information about the available license levels, see the License Levels section.

The Base PIDs are the model numbers of the controller.

The Bundled PIDs indicate the orderable part numbers for the Base PIDs that are bundled with a particular network module. Entering the show version , show module , or show inventory command on such a controller (bundled PID), displays its Base PID.

Table 3. Supported PIDs and Ports

Controller Model

Description

C9800-40-K9

Four 1/10-Gigabit Ethernet SFP or SFP+ ports and two power supply slots

C9800-80-K9

Eight 1/10-Gigabit Ethernet SFP or SFP+ ports and two power supply slots

The following QSFP+ ports are also supported:

  • EPA-18X1GE

  • EPA-10X10GE

  • EPA-1X40GE

  • EPA-2X40GE

  • EPA-1X100GE

C9800-CL-K9

Cisco Catalyst Wireless Controller as an infrastructure for Cloud.

C9800-L-C-K9

  • 4x2.5/2-Gigabit ports

  • 2x10/5/2.5/1-Gigabit ports

C9800-L-F-K9

  • 4x2.5/2-Gigabit ports

  • 2x10/1-Gigabit ports

Optics Modules

Cisco Catalyst 9800 Series Wireless Controller supports a wide range of optics. The list of supported optics is updated on a regular basis. See the tables at the following location for the latest transceiver module compatibility information:

https://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html

Compatibility Matrix

The following table provides software compatibility information.

Table 4. Compatibility Information

Cisco Catalyst 9800 Series Wireless Controller

Cisco Identity Services Engine

Cisco Access Control Server

Cisco CMX

Cisco Prime Infrastructure

Cisco AireOS-IRCM Interoperability

Cisco DNA Center

Gibraltar 16.12.1

2.6

2.4

2.3

5.5

5.4

10.6.2

10.6

10.5.1

3.7

8.9.111.0

8.9.100.0

8.8.125.0

8.8.120.0

8.8.111.0

1.3.01

Gibraltar 16.12.1s

2.6

2.4

2.3

5.5

5.4

10.6.2

10.6

10.5.1

3.7

8.9.111.0

8.9.100.0

8.8.125.0

8.8.120.0

8.8.111.0

1.3.1

1 Support is limited only to n-1 features.

Web UI System Requirements

The following subsections list the hardware and software required to access the Web UI:

Table 5. Hardware Requirements

Processor Speed

DRAM

Number of Colors

Resolution

Font Size

233 MHz minimum2

512 MB3

256

1280 x 800 or higher

Small

2 We recommend 1 GHz.
3 We recommend 1-GB DRAM.

Software Requirements

Operating Systems:

  • Windows 7 or later

  • Mac OS X 10.11 or later

Browsers:

  • Google Chrome: Version 59 or later (on Windows and Mac)

  • Microsoft Edge (on Windows)

  • Mozilla Firefox: Version 54 or later (on Windows and Mac)

  • Safari: Version 10 or later (on Mac)

Supported Cisco Access Point Platforms

The following Cisco AP platforms are supported in this release:

Indoor Access Points

  • Cisco Aironet 1700 Series Access Points

  • Cisco Aironet 1800 Series Access Points

  • Cisco Aironet 2700 Series Access Points

  • Cisco Aironet 2800 Series Access Points

  • Cisco Aironet 3700 Series Access Points

  • Cisco Aironet 3800 Series Access Points

  • Cisco Aironet 4800 Series Access Points

  • Cisco Catalyst 9115AX Access Points

  • Cisco Catalyst 9117AX Access Points

  • Cisco Catalyst 9120AX Access Points

Outdoor Access Points

  • Cisco Aironet 1542 Access Points

  • Cisco Aironet 1560 Series Access Points

  • Cisco Aironet 1570 Series Access Points

Integrated Access Points

  • Integrated Access Point on Cisco 1100 ISR

Network Sensor

  • Cisco Aironet 1800s Active Sensor

For information about Cisco Wireless software releases that support specific Cisco AP modules, see the "Software Release Support for Specific Access Point Modules" section in the Cisco Wireless Solutions Software Compatibility Matrix document.

Upgrading the Controller Software

This section describes the various aspects of upgrading the controller software.

Finding the Software Version

The package files for the Cisco IOS XE software are stored on the system board flash device (flash:).

Use the show version privileged EXEC command to see the software version that is running on your controller.


Note

Although the show version output always shows the software image running on the controller, the model name shown at the end of this output is the factory configuration, and does not change if you upgrade the software license.

Use the show install summary privileged EXEC command to see the information about the active package.

You can also use the dir filesystem: privileged EXEC command to see the directory names of other software images that you might have stored in flash memory.

Software Images

  • Release: Cisco IOS XE Gibraltar 16.12.x

  • Image: Universal

  • File Name: C9800-universalk9_wlc.16.12.x.SPA.bin

Software Installation Commands

Cisco IOS XE Gibraltar 16.12.x

To install and activate a specified file, and to commit changes to be persistent across reloads, run the following command:

device# install add file filename [ activate| commit]

To separately install, activate, commit, abort, or remove the installation file, run the following command:

device# install ?

add file tftp: filename

Copies the install file package from a remote location to a device, and performs a compatibility check for the platform and image versions.

activate[ auto-abort-timer]

Activates the file and reloads the device. The auto-abort-timer keyword automatically rolls back image activation.

commit

Makes changes that are persistent over reloads.

rollback to committed

Rolls back the update to the last committed version.

abort

Aborts file activation, and rolls back to the version that was running before the current installation procedure started.

remove

Deletes all unused and inactive software installation files.

Licensing

This section provides information about the licensing packages for the features that are available in the Cisco Catalyst 9800 Series Wireless Controller.

The software features that are available on the controller fall under these license categories:

  • AIR DNA Essentials (AIR-DNA-E)

  • AIR DNA Advantage (AIR-DNA-A) (Includes the features that are available with the Cisco DNA Essentials license and more.)


    Note

    The controller starts with AIR-DNA-A as the default. Any change in the license level requires a reboot.


Base Licenses

Base licenses are perpetual licenses and can be used even after the expiry of Air-DNA-A and AIR-DNA-E. Base licenses include:

  • AIR Network Essentials (AIR-NE)

  • AIR Network Advantage (AIR-NA) (Includes the features that are available in the Network Essentials license.)

License Term

The licenses are available for a three, five, or seven-year periods.

Guidelines and Restrictions

Software

  • Do not deploy OVA files directly to VMware ESXi 6.5. We recommend that you use an OVF tool to deploy the OVA files.

  • AP connection over network address translation (NAT) and port address translation (PAT) is not supported.

  • Mobility NAT is not supported when the following conditions are met:

    • Data DTLS is turned on.

    • Packets sent from the controller are bigger than minimum Path MTU packets (576B in case of IPv4) with network PMTU >= 1485.

    • PAT is configured on the router or firewall.

  • Firefox Version 63.x is not supported.

  • Ensure that you remove the controller from Cisco Prime before disabling or enabling Netconf-YANG. Otherwise, the system may reload unexpectedly.

  • Unidirectional Link Detection (UDLD) protocol is not supported.

  • SIP media session snooping is not supported on Flexconnect local switching deployments.

Interoperability with Clients

This section describes the interoperability of the controller software with client devices.

The following table describes the configurations used for testing client devices.

Table 6. Test Configuration for Interoperability

Hardware or Software Parameter

Hardware or Software Type

Release

Cisco IOS XE Gibraltar 16.12.x

Cisco Wireless Controller

  • Cisco Catalyst 9800-40 Wireless Controller

  • Cisco Catalyst 9800-80 Wireless Controller

  • Cisco Catalyst 9800 Wireless Controller for Cloud

  • Cisco Catalyst 9800 Embedded Wireless Controller for Switch

  • Cisco Catalyst 9800-L Wireless Controller

Access Points

  • Cisco Aironet Series Indoor Access Points

    • 1700

    • 1800

    • 2700

    • 2800

    • 3700

    • 3800

    • 4800

  • Cisco Aironet Series Indoor Access Points

    • 1540

    • 1560

    • 1570

  • Cisco Industrial Wireless 3700 Series Access Points

  • Cisco Catalyst 9115AX Access Points

  • Cisco Catalyst 9117AX Access Points

  • Cisco Catalyst 9120AX Access Points

Radio

  • 802.11ax

  • 802.11ac

  • 802.11a

  • 802.11g

  • 802.11n (2.4 GHz or 5 GHz)

Security

Open, PSK (WPA2-AES), 802.1X (WPA2-AES) (EAP-FAST, EAP-TLS)

RADIUS

  • Cisco ACS 5.3

  • Cisco ISE 2.2

  • Cisco ISE 2.3

  • Cisco ISE 2.4

  • Cisco ISE 2.6

Types of tests

Connectivity, traffic (ICMP), and roaming between two APs

The following table lists the client types on which the tests were conducted. Client types included laptops, hand-held devices, phones, and printers.

Table 7. Client Types

Client Type and Name

Driver/Software Version

Laptop Model

Acer Aspire 15 Windows 8 Home Qc Atheros Qca9377 11.0.0.492 and later
Acer Aspire E15 Windows 8 Qc Atheros Qca9377 15.1.1.1 and later
Acer Aspire E 15 Windows 8.1 QC Atheros Qca9377 11.0.0.492 and later
Acer Aspire E15 Windows 8.1 Pro Qc Atheros Qca9377 11.0.0.492 and later
Apple MAC mini Windows 7 Professional Broadcom 802.11ac 6.30.224.217 and later
Dell 80TJ Broadcom 802.11n Network Adapter
Dell Inspiron 15 7569 Windows 10 Home Ntel Ac 3165 18.32.0.5 and later
Dell Latitude 6430 Windows 8.1 Pro Intel 6205w8 15.16.0.2 and later
Dell Latitude E5400 Windows 7 Professional Intel Wifi Link 5300 AGN 12.4.1.4 and later
Dell Latitude E5430 Windows 7 Intel Centrino N 6205 15.17.0.1 and later
Dell Latitude E5450 Windows 7 Professional Intel 7260 18.33.6.2 and later
Dell Latitude E5530 TU2-ET100 (Version v5.0R) and later
Dell Latitude E5540 Windows 7 Intel Dualband Ac7260 1.566.0.0 and later
Dell Latitude E6430 Windows 10 Enterprise Intel Wifi Link 5300 AGN 14.2.1.4 and later
Dell Latitude E6430 Windows 10 Enterprise Linksys AE2500 N 5.100.68.46 and later
Dell Latitude E6430 Windows 7 Professional Intel 6250 15.11.0.7 and later
Dell Latitude E6430 Windows 7 Professional Intel 3160 6.30.223.215 and later
Dell Latitude E7450 Windows 7 Professional Broadcom 1560 15.1.1.1 and later
Dell Latitude Windows 8.1 Pro Intel Ac7260 18.33.3.2 and later
Fujitsu Lifebook E556 Windows 10 Pro Intel 8260 11.0.0.492 and later
Lenovo Ideapad T420 TU3-ETG (Version v1.0R) and later
Lenovo T420 Windows 10 Pro Intel Ac8260 19.1.0.4 and later
Lenovo T420 Windows 7 Enterprise Intel Centrino Ultimate-N6300 AGN 13.5.0.6 and later
Lenovo T420 Windows 7 Enterprise Linksys AE6000 5.0.7.0 and later
Lenovo Yoga 460 Windows 10 Pro Intel Ac8260 19.1.0.4 and later
Macbook Air Mac OS Sierra 10.12.3 Broadcom Bcm43xx 1.0 6.30.225.29.1 and later
Macbook Air Macos Sierra 10.12.6 Broadcom Bcm43xx 1.0 7.21.171.68.1a4 and later
Macbook Air OS X Yosemite (10.10.5) Broadcom Bcm43xx 1.0 7.15.166.24.3 and later
Macbook Mac OS Mojave 10.8.5 Broadcom Bcm43xx 1.0 5.106.98.100.17 and later
Macbook Mac OS Sierra 10.12 Beta Broadcom Bcm43xx 1.0 7.21.149.34.1a7 and later
Macbook Pro Mac OS Sierra 10.12.4 Broadcom Bcm43xx 1.0 7.21.171.68.1a4 and later
Macbook Pro OS X 10.8.5 Broadcom Bcm43xx 1.0 5.106.98.100.17 and later
Macbook Pro Retina Mac OS Sierra 10.12.3 Broadcom Bcm43xx 1.0 7.15.166.24.3 and later

Tablet Model

Apple iPad iOS 12.0.1 and later
Apple iPad mini iOS 12.0 and later
Apple iPad mini 2 iOS 10.3.1 and later
Apple iPad Air iOS 10.1.1 and later
Apple iPad Air 2 iOS 10.2.1 and later

Mobile Phone Model

Apple iPhone 5 iOS 10.3.1 and later
Apple iPhone 5S iOS 11.4.1 and later
Apple iPhone 6 iOS 12.0.1 and later
Apple iPhone 6 Plus iOS 12.0.1 and later
Apple iPhone 7 iOS 12.0.1 and later
Apple iPhone 7 Plus iOS 12.0.1 and later
Apple iPhone 8 iOS 12.0.1 and later
Apple iPhone SE iOS 10.3.1 and later
Apple iPhone X iOS 12.2 and later
Apple iPhone XR iOS 12.2 and later
Cisco 7925G-EX CP7925G-1.4.8.4.LOADS and later
Cisco 7926G CP7925G-1.4.8.4.LOADS and later
Cisco 8821 SIP8821.11-0-3SR4-3 6.50.0.3 (r ) and later
Google Nexus 5 Android 6.0.1 and later
MI A1 Android 8.1.0 and later
Microsoft Lumia Windows 8 and later
Moto G 3rd Gen Andriod 6.0.1 and later
Moto G 4 Andriod 7.0.1 and later
Moto G4 Plus Andriod 7.0.1 and later
Moto X 2nd Gen Android 5.0 and later
Nokia 6.1 Plus Android 9.0.1 and later
Nokia Lumia 730 Windows 8 and later
One Plus 3 Android 6.0.1 and later
One Plus 5 Android 8.1.0 and later
One Plus 5T Android 8.1.0 and later
One Plus 6 Android 8.1.0 and later
One Plus One Android 4.3 and later
Redmi Note 3 Android 6.0.1 and later
Samsung Galaxy S4 Android 4.2.2 and later
Samsung Galaxy S6 Android 7.0 and later
Samsung Galaxy S7 Android 8.0.0 and later
Samsung Galaxy S8 Android 7.0 and later
Samsung Galaxy S Duos 2 Android 6.0.1 and later
Samsung Tab Pro Android 4.4.2 and later
Samsung Galaxy S10 Android 9.0 and later

Caveats

Caveats describe unexpected behavior in Cisco IOS releases. Caveats that are listed as Open in a prior release are carried forward to the next release as either Open or Resolved.

Cisco Bug Search Tool

The Cisco Bug Search Tool (BST) allows partners and customers to search for software bugs based on product, release, and keyword, and aggregates key data such as bug details, product, and version. The BST is designed to improve the effectiveness in network risk management and device troubleshooting. The tool has a provision to filter bugs based on credentials to provide external and internal bug views for the search input.

To view the details of a caveat, click the corresponding identifier.

Open Caveats

Caveat ID

Description

CSCvg73161

The kernel USB driver shows error logs after disabling unused USB 2.0.

CSCvm75074

The severity level of the logs generated by smart-agent is not correct.

CSCvn97793

The iPSK/MAC filtering configuration should not be pushed to the flex mode.

CSCvn78968

The active controller reloads unexpectedly while modifying aaa parameters using CLI.

CSCvo64942

Move Away Table allocation to software (instead of TCAM).

CSCvo70439

Client is not able to associate or authenticate while validating DHCP option-82 feature on the Cisco Catalyst 9800-40 and 9800-80 Series Controllers.

CSCvp70226

Esxi 6.5 ova: Failing to deploy an ova "deploy type" above "small".

CSCvp90090

After unmapping the policy tag ap, IOS APs are not joining the controller.

CSCvp93355

Web UI pages are not responding when huge files are being downloaded.

CSCvq18783

Client VLAN missing is from client properties on the web UI.

CSCvq19751

KERNEL crash is observed during a system reboot on Cisco 9115 AP.

CSCvq20611

Data DTLS is tearing down when port randomization is enabled on the firewall and client.

CSCvq21383

qfp crash @ epoll_wait after running show idb command on the console.

CSCvq23530

The show wireless interface summary command is not showing NAT public IP.

CSCvq27229

Multiple client entries are observed in a single client RA.

CSCvq31854

The Method field shows blank for some of the client entries in the show wireless client summary output.

CSCvq33391

Controller is not sending public IP in the discovery response.

CSCvq39356

RLAN AP disjoins when the RLAN client joins and further client join is not happening.

CSCvq39713

Controller console logs are flooding with "%CPPOSLIB-3-ERROR_NOTIFY" tracebacks.

CSCvq42695

Android clients (having OS version below 8) are not able to join WPA2 802.1x WLAN when PMF is set as optional.

CSCvq45614

AP is broadcasting the wrong SSID after configuring new WLAN.

CSCvq46034

New active pubd reloads unexpectedly on Cisco 9800-40 series controller (after user induced switchover).

CSCvq46525

Memory leak is observed on the Cisco 9800-L series controller.

CSCvq46582

Clients are not able to join the Cisco 802.11AX AP.

CSCvq48656

Channel and Interference radio statistics graphs are not populated.

CSCvq52693

It is possible to configure more than 5 flow-exporters.

CSCvq53396

During roaming, the APs are sending deauthentication message after sending reassociation request, when FT is set to enable or adaptive.

CSCvq54269

Cisco 2800 and 3800 series APs: Radio reloads unexpectedly.

CSCvq57282

WNCD crash is observed @ ewlc_ha_odm_reg_ack_handler.

CSCvq58273

Stack merge is observed during force-switchover.

CSCvq63168

Cisco Trustpoint is not configured using Day0 in an instance launched in Google Cloud Platform (GCP).

CSCvq71004

Cisco Catalyst 9800-40 Series Wireless Controller is not accepting wireless management on TenGigabitEthernet ports.

Resolved Caveats for Gibraltar 16.12.1s

Caveat ID

Description

CSCvp99818

Cisco DNA Center is showing four-way key timeout text descriptions for mic error and RC mismatch.

CSCvq31842

Radio utilization is not reported accurately for the wireless clients.

CSCvq38420

STA Denied Rate Events are not incrementing on the AP for anomaly rate-mismatch.

CSCvq41631

Pubd process reloads unexpectedly after connecting to Cisco Prime Infrastructure.

CSCvq45977

AP drops data packets due to stale AP entries.

CSCvq63168

Cisco Trustpoint is not configured via Day0 configuration in an instance that is launched in GCP.

CSCvq65131

Regulatory domain channels mismatch for the Japan domain (J4).

CSCvq65530

Cisco DNA Center: AP reachability status is not getting updated.

CSCvq77641

Controller is not sending the correct reason code to Cisco DNA Center when triggering an invalid RSNIE during the association request.

CSCvq80728

APs are continuously flapping after the second switch over.

CSCvq84971

Inter-wncd fast-roam re-association response is not going out.

CSCvq95642

Multicast IPv6 packets that are received from the clients are causing a loop, which results in a major uplink bandwidth utilization issue.

CSCvr08701

APs are unable to form a tunnel due to Interprocessor Communication (IPC) channel back pressure.

Troubleshooting

For the most up-to-date, detailed troubleshooting information, visit the Cisco TAC website at:

https://www.cisco.com/en/US/support/index.html

Go to Product Support and select your product from the list or enter the name of your product. Look under Troubleshoot and Alerts to find information about the problem that you are experiencing.

Related Documentation

Information about Cisco IOS XE 16 is available at:

https://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-xe/index.html

Cisco Validated Designs documents at:

https://www.cisco.com/go/designzone

Cisco Wireless Controller

For more information about the Cisco Wireless Controllers, lightweight APs, and mesh APs, see these documents:

The installation guide for your particular controller:

For all Cisco Wireless Controller software-related documentation, see:

https://www.cisco.com/c/en/us/support/wireless/catalyst-9800-series-wireless-controllers/tsd-products-support-series-home.html

Wireless Products Comparison

Cisco Prime Infrastructure

Cisco Prime Infrastructure Documentation

Cisco Mobility Services Engine

Cisco Mobility Services Engine Documentation

Cisco Connected Mobile Experiences

Cisco Connected Mobile Experiences Documentation

Cisco DNA Center

Cisco DNA Center Documentation

Communications, Services, and Additional Information

  • To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.

  • To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.

  • To submit a service request, visit Cisco Support.

  • To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco Marketplace.

  • To obtain general networking, training, and certification titles, visit Cisco Press.

  • To find warranty information for a specific product or product family, access Cisco Warranty Finder.