The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Cisco Catalyst 9800 Series Wireless Controller, Cisco IOS XE 17.18.x
Communications, services, and additional information:
Cisco Catalyst 9800 Series Wireless Controller, Cisco IOS XE 17.18.x
Cisco Catalyst 9800 Series Wireless Controllers comprise next-generation wireless controllers (referred to as controller in this document) built for intent-based networking. The controllers use Cisco IOS XE software and integrate the radio frequency (RF) capabilities from Cisco Aironet with the intent-based networking capabilities of Cisco IOS XE to create a best-in-class wireless experience for your organization.
The controllers are available in multiple forms to cater to your deployment options:
● Catalyst 9800 Series Wireless Controller Appliance
◦ Cisco Catalyst 9800-80, Catalyst 9800-40, and Catalyst 9800-L Wireless Controllers
◦ Cisco Catalyst CW9800H1 and CW9800H2 Wireless Controllers
◦ Cisco Catalyst CW9800M Wireless Controller
● Catalyst 9800 Series Wireless Controller for Cloud
● Catalyst 9800 Embedded Wireless Controller for a Cisco Switch
This document describes the new software features that were introduced or enhanced, change in behavior, issues, supported hardware, and so on, for Cisco IOS XE 17.18.x.
This section provides a brief description of the new software features introduced in this release.
Table 1. New software features for Cisco Catalyst 9800 Series Wireless Controllers, Release 17.18.1
Product impact |
Feature |
Description |
Software Reliability |
RMI Serviceability Enhancement - Enhanced Gateway Reachability Monitoring |
This feature improves visibility into gateway reachability and provides detailed statistics for ICMP, ARP, and ND probes. This feature also enables simplified troubleshooting, greater transparency, and more reliable diagnostics for High Availability, and RMI functionality. The following commands are introduced:
●
show platform software rif-mgr chassis active r0 gateway-statistics
●
show platform software rif-mgr chassis active r0 resource-status
For more information, see High Availability. |
Software-Defined Application Visibility and Control (SD-AVC) Wireless Support with IPv6 |
From Cisco IOS XE 17.18.1 onwards, this feature extends the support for adding IPv6 SD-AVC controller or end-point address. The following platforms are supported:
●
Cisco Catalyst 9800 controllers–9800-40, 9800-80, 9800-L, 9800-CL, 9800-SW, CW9800M, CW9800H1, and CW9800H2.
●
Cisco Catalyst 9300/9400 switches in Fabric mode.
●
Cisco Wave 2, Wi-Fi 6/6E, and Wi-Fi 7 APs.
SD-AVC IPv6 is not supported on Cisco Wireless AireOS Controllers, Cisco Embedded Wireless Controller on Catalyst APs, and Cisco Wave 1 APs. For more information, see Software-Defined Application Visibility and Control. |
|
Wireless AAA Authentication Survivability Cache Enhancement |
The Wireless AAA authentication survivability cache feature enhances the reliability of wireless client authentication by storing successful authentication results locally on the controller. This cache includes details such as the client's MAC address, username, hashed password, and Attribute-Value Pairs (AVPs) received from the RADIUS server. This feature is supported in both Local and FlexConnect central authentication modes. For more information, see Wireless AAA Authentication Survivability Cache. |
|
Ultra Reliable Wireless Backhaul (URWB) – Software Integration on the Controller |
From Cisco IOS XE 17.18.1 onwards, the URWB technology is supported by Cisco Catalyst Controllers to provision and configure URWB devices from the controller. The URWB on Cisco Wireless is introduced as a beta feature and is intended for use by customers in testing and lab environments only. You should use caution when deploying the beta software. For more information about URWB AP support and country specific compliance, see the URWB on Cisco Wireless Use Case and Country Support document. For more information regarding URWB, see Ultra Reliable Wireless Backhaul. |
|
ThousandEyes Integration |
In this release, ThousandEyes Integration is only a limited customer beta feature and is not supported by Cisco TAC. For beta testing help, contact the following mailer list: wireless-te-beta-feedback@external.cisco.com. |
|
Ease of Use |
Wi-Fi 7 Multi-Link Operation Support in Low-Power Mode for Cisco Wireless 9176 Series Access Points and Cisco Wireless 9178 Series Access Points |
This feature ensures seamless multi-link operations (MLO) under constrained power conditions (low-power mode), providing improved flexibility and efficiency for network operations. In the 17.18.1 release, this feature is supported on the Cisco Wireless 9178 Series Access Points. For more information, see AP Management. |
Access Point Live Data and Packet Capture Support – NextTunnel to APs from Meraki Dashboard |
In this release, the following command is added to help you view the Meraki connect information of a Cisco AP: show ap name ap-name meraki connect |
|
Per WLAN Wi-Fi 7 Toggle |
From Cisco IOS XE 17.18.1 onwards, you can enable or disable Wi-Fi 7 (802.11be) on individual WLANs, allowing both Wi-Fi 7 and non-Wi-Fi 7 WLANs to run simultaneously in the same band. A default 802.11be profile is created for all bands, providing greater configuration flexibility. The following commands are introduced:
●
wireless profile dot11be
●
mlo-group {24ghz | 5ghz | 5ghz-sec | 6ghz}
●
show wireless profile dot11be summary
●
show wireless profile dot11be detailed
●
show wireless tag policy detailed
●
show ap wlan summary
●
show ap name wlan dot11 6ghz
For more information, see Wi-Fi 7 Operations. |
|
AP MAC Authorization – Delimiter Support |
From Cisco IOS XE 17.18.1 onwards, you can enhance security by configuring AP MAC authorization with different delimiters, ensuring only authorized APs connect to the controller. This feature supports AP MAC registration through an external RADIUS server and lets you adjust AAA server group settings for efficient management. The functionality of the following commands is enhanced to support the AP MAC authorization use-case:
●
mac-delimiter
●
subscriber mac-filtering security-mode
For more information, see Security. |
|
Traffic Filtering on AP by Source IP ACL |
This feature enables APs to filter incoming data packets based on their source IP address. This is achieved when the controller pushes Access Control List (ACL) rules to the AP. For more information, see Traffic Filtering on AP by Source IP ACL. |
|
E-Label Display |
From Cisco IOS XE 17.18.1 onwards, an E-Label display feature is introduced that allows you to view regulatory approvals for wireless APs digitally via the controller’s GUI, eliminating the need for physical modifications. This feature supports Cisco Catalyst Wi-Fi 6, Wi-Fi 6E, and Cisco Wireless Wi-Fi 7 APs. For more information, see E-Label Display. |
|
Support for 6-GHz AFC for Canada |
The Cisco Catalyst IW9167EH and IW9167I APs now support Standard Power mode using AFC in the -A (Canada) domain. These devices operate within the UNII-5, UNII-6, and UNII-7 frequency bands, covering a range of 5.925 GHz to 6.875 GHz. For more information, see AFC Support for 6 GHz Standard Power Mode. |
|
Upgrade |
Staggered AP Upgrade
|
This feature enables you to gain enhanced control over AP upgrades, minimizing network disruption. We provide new configurations that allow you to set up smaller batch sizes for upgrades. You can either have a staggered update of 1% batch size or upgrade APs one at a time (serial). The CLI and YANG models support these options, allowing you to manage upgrades effectively across various scenarios while maintaining optimal network performance. For more information, see Staggered AP Upgrade. |
Kernel Minidump and Trustzone Upgrade Support |
This feature enhances control over minidump collection on Wi-Fi 7 (802.11be) APs. A new option has been added to limit the number of kernel core dump directories stored on the AP. The following command has been modified: core-dump kernel dir-limit Support has been added for the following access points:
● Cisco Wireless 9178 Series Access Points
● Cisco Wireless 9176 Series Access Points
|
|
Compliance
|
6 GHz Country Support for Bahrain, Macau, Oman, Pakistan, and Philippines |
From Cisco IOS XE 17.18.1 onwards, Bahrain (BH), Macau (MO), Oman (OM), Pakistan (PK), and Philippines (PH) are added to the list of countries that support the 6-GHz radio band. |
Tier B/C/D/E Support for Cisco Wireless 9172I and 9172H Access Points |
From Cisco IOS XE 17.18.1 onwards, numerous countries support the Cisco Wireless 9172I and 9172H APs, enhancing functionality and broadening deployment options worldwide. |
|
Channel 144 Support for all Regulatory Domains |
From Cisco IOS XE 17.18.1 onwards, Australia (AU), Brunei (BN), Fiji (FJ), Macao (MO), New Zealand (NZ), Papua New Guinea (PG), Singapore (SG), South Africa (ZA), and Thailand (TH) are added to the list of countries that support channel 144 for all regulatory domains. |
Product analytics
Cisco IOS XE Product Analytics collects device Systems Information for the purposes of understanding product usage, enabling product improvements and product development, and assisting in product adoption and sales support. Only summarized data of feature usage and statistical counters of configuration are collected. No personal identifiable information, such as MAC/IP addresses, usernames, custom configuration names, or user provided strings, are collected as part of Cisco IOS XE Product Analytics. Cisco processes this data following the General Terms, the Cisco Privacy Statement, and any other applicable agreement with Cisco.
See Cisco Enterprise Networking Product Analytics Frequently Asked Questions.
With Cisco IOS XE 17.18.1, the Cisco Wireless 9179F Series Wi-Fi 7 Access Points (CW9179F) are supported.
The Cisco Wireless 9179F Wi-Fi 7 APs are enterprise-class tri-band (2.4 GHz, 5 GHz, 6 GHz) access points. CW9179F APs are the industry’s first enterprise-grade, Wi-Fi 7 certified high-density APs, made specifically for connecting large public venues and stadiums.
The APs support the CW-ANT-T-D3-N antennas. The CW-ANT-T-D3-N antennas are a single port, triple-band, directional antennas that support various deployment scenarios for both indoor and outdoor environments.
Note: For more information about all the countries supported for the APs, see Wireless LAN Compliance Lookup.
Table 2. Change in behavior for Cisco Catalyst 9800 Series Wireless Controllers, Release 17.18.1
Feature |
Description |
Removal of the ip proxy-arp configuration command after reloading |
The ip proxy-arp configuration is disabled by default under VLAN interfaces for the controller. |
Removal of redundant counters from show wireless stats ap name ap-name dot11 5GHz command output |
The output of the show wireless stats ap name ap-name dot11 5GHz command, displays two counters: FailedCount and AckFailureCount. Confirm if both counters are identical and remove one of them (preferably AckFailureCount, since it is not incremental. |
MAC addresses with hyphen, dot, and colon are converted while adding AAA device authentication |
The APs support MAC address authorization using different delimiter formats to enhance the controller’s support, which previously did not accept any delimiter. |
Slot1 6-GHz radio profile support |
Slot1 was only supported in 5-GHz radio profile. With the change in behavior, Slot1 is supported in 6-GHz radio profile. |
AES ciphers removed from FIPS to establish mobility tunnel |
By default, AES ciphers were allowed to establish mobility tunnels - From Cisco IOS XE 17.18.1 onwards, when FIPS is enabled, only compliant cipher is supported for mobility tunnels - TLS_ECDHE_RSA_AES128_GCM_SHA256. |
Deprecated ciphersuites in Cisco IOS XE 17.18.1: DHE-RSA-AES256-SHA256 and DHE-RSA-AES128-SHA |
The following ciphersuites for DTLS connections are deprecated from Cisco IOS XE 17.18.1 onwards:
● DHE-RSA-AES256-SHA256
● DHE-RSA-AES128-SHA
|
Changes in Inter-Release Controller Mobility (IRCM) Support between Cisco IOS XE and AireOS Wireless LAN Controller |
Cisco IOS XE 17.18.1 is the last supported release for IRCM support between Cisco IOS XE and AireOS Wireless LAN Controller, with FIPS enabled. The non-FIPS mode will continue to be supported in Cisco IOS XE 17.18.1.
|
Configuration behavior discrepancy between CLI and YANG protocol regarding the creation of radio profile under the RF TAG |
In the early development phase, radio profiles were not mapped by default. Later, the behavior changed to automatically link the default radio profile under an RF tag whenever a new RF tag was created. However, due to code limitations, a default radio profile cannot be created under the RF tag when the RF tag is created using NETCONF or WebUI. The radio profile must be linked manually while creating an RF tag using NETCONF or WebUI interfaces. |
To see additional information about the issues, click the bug ID to access the Bug Search Tool (BST).
Table 3. Resolved issues in Cisco Catalyst 9800 Series Wireless Controllers, Release 17.18.1
Description |
|
FlexConnect local switching traffic becomes centralized randomly during WebAuth SSID, causing client gateway reachability loss |
|
Cisco Aironet 3802 AP shows false radar detection on UNI-II only after upgrading to 17.12.3; not seen with Cisco Catalyst 9120 APs at same site |
|
Cisco Catalyst 9115 APs become unresponsive and randomly reboot due to Beacon Stuck Reset Radio after upgrade to 17.12.4 |
|
Cisco Catalyst 9124 Mesh AP fails to join and intermittently disconnects from Cisco Catalyst 9124 Root AP due to dropped ADJ_RESPONSE packets |
|
Cisco Catalyst 9120 AP intermittently fails to report RFID packets to controller, causing missing tag reports |
|
Wi-Fi 6E/7 Cisco Catalyst 9136I AP reboots with Access Violation and reload reason 'unknown' without generating crash files |
|
The CAPWAPd cores seen on multiple Cisco Wave 2 and Catalyst APs in AP-17.9.5-47 with core decode attached |
|
IOX-APP starts before USB is detected when AP boots up after switch reload; extra logic needed to detect USB and create logical entry before starting IOX APP |
|
Non-ROW AP transmits invalid TX power IE in beacons, breaking client connectivity for Ukraine country due to missing MAX Power table |
|
IOX-APP starts before USB is detected when AP boots up after switch reload; needs increased system timeout for libvirtd |
|
Cisco Catalyst 9120AP intermittently fails to report RFID packets to controller, resulting in missing tag reports |
|
Cisco Catalyst 9124 MAP powered with 30W and joined to a Cisco Catalyst 9124 EWC RAP can enable Tri-Radio with EWC GUI, though Tri-Radio is not supported with 30W |
|
Unable to view events for wireless clients in Client 360 section of Event Viewer, but events are visible under Issues and Events |
|
Radio ucode crashes observed multiple times daily in 9105 APs operating in monitor mode |
|
Unable to add country code "IN" for Cisco Catalyst C9136I-ROW AP in Site-Survey Mode, while other country codes work fine |
|
Cisco Catalyst CW9162I-E AP disjoins from CONTROLLER when ECDHE-RSA DTLS ciphersuite is activated; not reproducible with DHE-RSA ciphersuite |
|
UART msm kernel driver stopped working during DMA activity, resulting in kernel crash on Cisco Wireless 9176D AP in Local mode |
|
Cisco Wireless 9176 AP faces wcpd crash due to memory leak in RRM module on version 17.15.2 |
|
Cisco Catalyst 9124 MAP powered with 30W and joined to a Cisco Catalyst 9124 EWC RAP can enable Tri-Radio with EWC GUI, even though Tri-Radio is not supported with 30W |
|
IOX app channel down due to IOX app and CAF app state mismatch; CAF shows app running while IOX app is deactivated |
|
Cisco Catalyst 9120 APs running 17.12.4 ESW13 crash due to OOM on GRPC process, with crash logs showing memory below threshold |
|
Memory leak observed in ble_transport process on AP models Cisco Catalyst 9130, 9136, and 9166 running 17.18.0.32 |
|
Cisco Catalyst 9105 AP stops sending management frames over the air due to rxstuck, related to rx0 overflow error on 17.15.3 |
|
Cisco Catalyst Cisco Catalyst 9124 AP in Mesh mode shows poor iperf performance for wired clients in FlexConnect+Bridge setup |
|
Cisco Wireless 9176 AP in site survey mode with non-US country code cannot enable radio, impacting wireless site surveys |
|
802.11be APs downgrade DSCP 34 or AF41 QoS to Best Effort or Background for downstream traffic when over 20 clients are associated |
|
Locally switched RLAN clients missing from controller client table when client is already associated as AP joins |
|
AP configured for static IP continues to send ARP requests for DHCP IP address even after DHCP release packet |
|
IP Theft observed on wireless controller when client receives a second DHCP offer after DORA, due to multiple DHCP servers |
|
Cisco Catalyst 912X AP experiences PSM microcode watchdog fired and core dumps after about 12 days of continuous traffic |
|
Increased radar detection DFS events on Cisco Catalyst 9166I-ROW APs after upgrading to 17.15.1 |
|
PKCS certificate enrollment fails to support special characters on WGB |
|
Wired MAP client flapping between VLAN 0 and numbered native VLAN on RAP |
|
Cisco Aironet 1815i AP: Syslog timestamps are not displayed correctly |
|
Cisco Catalyst 9105 AP EWC does not start after reboot, when internal AP is configured as 802.x supplicant |
|
Cisco Catalyst 9105 AP radio cores are not generated properly |
|
Cisco Catalyst 9130AX AP encounters kernel panic |
|
Unbounded /tmp causes OOM reset in Cisco Catalyst 9162 AP |
|
COS AP crash due to soft lockup in 17.12.4 |
|
Cisco Catalyst 9124 AP WGB becomes unreachable connecting to Cisco Aironet 2800 Root AP when WMM is disabled |
|
Cisco Catalyst 91xx AP in FlexConnect mode not advertising RSNxE in probe response, causing 4-way handshake failure for certain devices |
|
Cisco Aironet 1815T AP unable to assign Internal DHCP IP address on LAN3 after upgrade to 17.12.4 and factory reset |
|
Cisco AP duplicates DHCP request packets in FlexConnect mode with Central Switching WLAN, sending both to the server |
|
Cisco Catalyst 9136 AP reboots during Dual Ethernet Failover when reconnecting wired 0 port, instead of seamless traffic transition |
|
Syslog flooded with repeated "cli_h/avc" chatter messages during normal AP operation |
|
Cisco Catalyst 91xx APs reboot with incorrect reason 'Controller Last Sent: Channel0 Detected' due to code mismatch between controller and AP |
|
AP logs "RTNETLINK answers: No such file or directory" every 30 seconds, causing excessive syslog entries |
|
Cisco Aironet 1832/1852 APs crash due to radio failures (Beacon Stuck) on 17.12.6 in SST testbed |
|
AP intermittently delays reassoc response for over 200ms, causing clients to resend reassoc requests |
|
Cisco Catalyst 9120AP encounters kernel panic at txq_hw_fill+0x394, leading to crash |
|
IOT clients with TI Wi-Fi module (PIT truck) cannot associate with Cisco Catalyst 916x AP or Cisco Catalyst 9130 AP, or Cisco Wireless 917x AP |
|
Cisco Catalyst 9120 AP crashes as kernel panic occurs due to NMI watchdog timeout |
|
Clients are unable to connect due to assignment of IP address that is in use by stale client entry in device-tracking database in FlexConnect local switching |
|
Controller sends multicast packets with previous WMI |
|
Controller experiences kernel unresponsiveness due to TDL memory corruption |
|
Accounting start and stop messages are missing CUI attributes |
|
Controller running in High Availability in guest anchor sends traffic to the wrong tunnel after switchover for already connected clients |
|
Cisco Catalyst 9800-80 controller displays low memory leak potentially in the 'ipv4_addr' field |
|
Controller uses registry to initialize the trap queue length in SNMP |
|
Controller unexpectedly reloads and becomes unresponsive during the upgrade process |
|
Acct-Session-ID attribute missing from Access Request after client deletion, causing RADIUS server to drop requests and clients unable to connect |
|
Cisco Catalyst 9800-40 controller becomes unresponsive after upgrade from 17.3.6 to 17.12.3, with crashes on High Availability Pair |
|
Rogue AP is not displayed in UI or REST API when detected by dual band radio AP configured on same band |
|
Controller does not process analytics action frames from MLD for MLO clients, resulting in missing PC Analytics information |
|
Controller unable to start EAP process due to delayed packet transmission from AP, causing STA authentication issues |
|
Guest anchor controllers show error when creating anchor-export-ACK in CWA with OWE scenario |
|
Controller reboots during WNCd process due to assertion failure with invalid BSSID, causing kernel unresponsiveness |
|
Secondary controller fails with rsync error after primary crash and cannot perform bulk sync, leading to outage |
|
VRF name corruption causes client to get stuck at mobility while roaming, resulting in frequent disconnects after upgrade |
|
COS-AP stale client entries cause AP to reach max number of clients per radio, affecting Cisco Catalyst 9120, 9130, and 9166 APs in local mode |
|
NETCONF over SSH fails to return all records for wireless-client-oper, shows 'invalid XML' before completion |
|
Controller initiates client deletion with CO_CLIENT_DELETE_REASON_DOT11_MAX_STA, even when AP client count is within limits |
|
Cisco Wireless 9176I AP receives GPS/GNSS data but fails to provision country code, despite correct location info |
|
Controller displays traceback messages when default-policy-tag APs block config change due to non-zero Ref-count |
|
Audit session ID changes after inter-WNCd roam in CWA with PSK, causing authentication failures due to old session ID usage |
|
Controller with CAPWAP enabled shows memory leak in tdl_mac_addr object under WNCd process |
|
Cisco Catalyst 9800-L controller in FlexConnect/SDA fails to start MAB on association request if EAP_ID_RESP is missing |
|
Cisco Catalyst 9800-L in SDA Wireless does not enforce EAP timeout, causing clients to remain stuck in MAB state |
|
Cisco Catalyst 9164 and 9166 APs crash due to radio failures (Beacon Stuck) after controller upgrade to 17.15.3 |
|
Cisco Catalyst 9800-CL controller modifies script generating SSC to prevent RSA key issues impacting AP join |
|
Controller fails to start L2 authentication for 11r clients with VLAN-persistent configured after upgrade to 17.12.5 |
|
DFS radar detection results in most APs being allocated the same channel and Tx power after mini-DCA calculation on the controller |
|
Controller reloads due to kernel unresponsiveness with segmentation fault (11) in IGMPSN process on Catalyst 9800-80 controller |
|
Cisco Catalyst 9800-80 displays stale, non-impacting "mce: [Hardware Error]" messages during IOS-XE 17.x boot-up |
|
Cisco Catalyst 9800-40 shows WNCd SafeC Validation error for memcmp_s: dmax, resulting in tracebacks |
|
WNCD crashed in CiscoSSL code on controller |
|
Controller fails to correctly format AP Name and VLAN ID in Option 82; VLAN is truncated, and delimiter is misrepresented |
|
Controller does not give output for #show ap summary sort name command on 9800-40/80 running 17.12.4 |
|
No output for "show ap name <AP Name> wlan dot11 5ghz" command when 802.11be and 5G radio policy enabled |
|
Controller GUI FlexConnect configuration page fails to display after IOS XE 17.15.1 upgrade, showing "Operation GET Failed" |
|
Memory usage in CloudM process increases over time until BinOS memory is exhausted |
|
Controller with 6 GHz APs sees frequent DCA-induced channel bandwidth changes, causing client deletions and connectivity issues |
|
The 'factory-reset all' command behaves as if secure option is enabled, deleting OS and configuration, leading to ROMMON boot |
|
Remove redundant counters from "show wireless stats ap name <ap-name> dot11 5GHz" output for easier monitoring |
|
Controller's active chassis gets stuck in active recovery state on 17.12.4 after RP/RMI connectivity flaps |
|
Cisco Wireless 9176 AP is unable to join controller after GUAP process; controller repeatedly closes connection |
|
Controller observes unexpected SISF reboot with WNCD core |
|
Controller's rogue classification rules not applying configured classifications to detected devices |
|
The wncmgrd kernel unresponsiveness after issuing 'show ap config slots' on Controller-80-K9 running 17.12.4 |
|
Cisco Wi-Fi 6 and above APs do not support disabling WMM on radios with 11n/ac/ax, disabling WMM causes client connectivity failures |
|
Failed to collect RA tracing logs on Cisco IOS XE Release 17.9.5 using standard or alternate methods |
|
Wireless cloud service consumes 100% CPU during geolocation derivation in large scale setups with many APs and CDP neighbors |
|
Client error: High Availability data path setup failed on standby device in RA trace logs |
|
Mobility tunnel with data-link encryption intermittently disconnects when WMI address fourth octet is 255 |
|
Controller unexpectedly reloads due to corrupted value in IGMP Layer 2 Snooping process, leading to segmentation fault |
|
Controller pushes aWIPS profiles from FQDN-only setup for intrusion detection |
|
Controller shows mismatch between client counts from "show client" commands and SNMP walk totals for WLANs |
|
Controller unexpectedly reloads when adding "location civic-location-id" to multiple interfaces |
|
Access points are unreachable in inventory on Cisco Connected Cloud 2.3.7.9 due to incorrect TDL value update |
|
RRM does not update default channel or power levels when controller is IPv6-only, adding IPv4 restores normal operation |
|
Controller reloads unexpectedly due to unsuccessful copy of the MAC address while configuring AP channel and power levels |
|
Controller displays misleading error when configuring two radios on same UNII band (100-144). Only one 5-GHz radio is allowed in this band |
|
Controller overwrites static AP location with Location Tag after upgrade, impacting DHCP Option 82 and client IP assignment |
|
Wireless clients may be excluded after one authentication failure or not excluded as expected, contrary to documentation |
|
Controller unexpectedly reboots due to mDNS packet being punted from data-plane to control-plane on version 17.15.03 |
|
BSSID-mac dispatched as 00:00:00:00:00:00 for slot 1 WLAN 1 via xpath, not reflected in show ap wlan summary |
|
Users unable to add allowed user on Lobby admin page, receiving "Error in configuring Allowed users" message |
|
Memory leak found in controller process related to specific database string, recurring after upgrading to 17.12.5 |
To see additional information about the issues, click the bug ID to access the Bug Search Tool (BST). This section lists the open issues that apply to the current release and might apply to releases earlier than Cisco Catalyst 9800 Series Wireless Controllers, Release 17.18.1. An issue that is open for an earlier release and is still unresolved applies to all future releases until it is resolved.
Table 4. Open issues in Cisco Catalyst 9800 Series Wireless Controllers, Release 17.18.1
Bug ID |
Description |
L2 traffic does not pass and local ethernet traffic not forwarded in P2P fixed, due to STP loop detection |
|
IW9167EH, IW9165, CW9178I wired interface MTU in show command mismatch from actual value |
|
High packet loss observed when 5 or more mobility clients are present with mixed QoS traffic |
|
The number of APs connected does not get updated when an AP goes down |
|
Incorrect AP role displayed in URWB statistics for second coordinator in P2MP topology |
|
Multiple coordinator topology is not displayed properly in monitoring |
|
Selection of incompatible AP mode (sniffer, monitor, bridge) is allowed when URWB is active |
|
AP slot 1 radio in URWB mode, not allowing to change dual-radio mode, needed for tri-radio configuration |
|
Number of URWB Ethertype and channel list entries in a radio profile are not validated |
|
IW9167E slot2 as client serving on 5G band hit beacon stuck |
|
Coordinator cannot join the controller when the AP switches from FlexConnect mode to local mode |
|
Multicast from an upstream network is not received by Wi-Fi client in central switching on access point over URWB link |
|
AP fails to validate and reject empty Cluster ID, leading to continuous crashes after reload |
|
Maximum controller network-key length should be 64 for brownfield compatibility instead of 63 |
|
Mobility clients with multiple mobiles occasionally do not join controller using MPO CoS 6 |
|
Flex Wi-Fi client associated to the secondary mobile of vehicle fail to ping infra side client |
|
Show AP command not working for 5ghz with slot 0 |
|
Cisco Catalyst 9800-L encounters kernel unresponsiveness due to Intel Reset Request |
|
Cisco Catalyst 9130AXI Access Points crash randomly during Access Point renaming |
|
Cisco Aironet 3800 Access Points display client authentication issue after Access Point migration to controller running version 17.15.3 |
|
Cisco Catalyst 9136 Access Point wired 0 interface gets stranded and RX packets are not processed |
|
Controller does not forward downstream packets to wireless client after switchover |
|
Cisco Catalyst 9164I and Cisco Catalyst IW9167IH Access Points experience Radio Firmware crash |
|
Wave 2 Access Points using fast transition with 802.1X authentication send incorrect M2 message during re-key on session timeout |
|
Cisco Catalyst 9130AXI Kernel Panic |
|
Cisco Catalyst 9120AX Access Point unexpected reload due to radio firmware beacon TX stuck |
|
COS Access Point Workgroup Bridge does not forward multicast traffic for groups that did not send IGMP join, like OSPF |
|
Version 17.9.3 – Neighbor Access Points not seen on Cisco Catalyst 9800-40 even though Access Point populates neighbor details |
|
Fabric Mode Access Point drops downstream fragmented traffic |
|
Cisco Catalyst 9800-40 controller displays random CPU spikes on EZMAN |
|
Access Points do not maintain RF Load Balancing after High Availability or SSO switchover on version 17.12.4 with Cisco Catalyst 9800 Wireless LAN Controller |
|
Controller has inconsistent default MTU settings for mobility tunnels |
|
Controller reboots unexpectedly due to assertion failure in WNCd process |
|
Version 17.9.3 – Slot values show "ok" for status description in REST API response body |
|
SNMP OID sends a different trap each time it is queried |
|
Cisco IOx app channel down due to state mismatch between IOx and CAF apps on Cisco Catalyst 9136 Access Point |
|
Cisco Catalyst 9800 controller unable to handle new client connections due to memory failure |
|
Clients stuck in IP-LEARN state for extended period and not active on Access Point |
|
Configuration syntax for FlexConnect site tags is out of order; "no local site" not specified before flex site configurations |
|
Controller does not advertise 5A03BA0000 in 802.11 beacon frames when configuring "open-roaming-oi allow-all beacon" |
|
Cisco Wireless 9178 AP do not take clients on 2.4-GHz probe requests from wireless clients |
|
Controller does not form HA after ISSU and APSP installation due to version mismatch |
|
Only one AP’s client appears when querying client-list-details-per-ap without filters, despite multiple clients on other APs |
The following are the known issues for Cisco IOS XE 17.18.1:
SNMP authentication failure on Cisco Catalyst CW9800M, CW9800H2, or CW9800H1 hardware platforms
Upgrading the controller software on Cisco Catalyst CW9800M, CW9800H2, or CW9800H1 hardware platforms from 17.14.1, 17.15.1, or 17.15.2 release to any later release:
● Causes SNMP user authentication failure.
● After the upgrade, the mobility tunnels go down and do not re-establish.
Conditions:
Regarding the SNMP issue:
● The controller is hosted on Cisco Catalyst CW9800M, CW9800H2, or CW9800H1, with the 17.14.1, 17.15.1. or 17.15.2 image loaded on the controller.
● SNMP users are configured on the controller and static SNMP engine ID is not configured.
● An upgrade is made to a later release, such as 17.15.3.
Regarding the mobility issue:
● The controller is hosted on Cisco Catalyst CW9800M, CW9800H2, or CW9800H1, with 17.14.1, 17.15.1. or 17.15.2 image loaded on the controller.
● Mobility tunnels are already established, and mobility MAC is not configured. If High Availability is configured, the mobility MAC is already configured for it to work.
● An upgrade is made to a later release, such as 17.15.3.
Workaround:
For the SNMP issue, before you upgrade, follow these steps:
1. Remove all the configured SNMP users.
For example,
Device(config)# no snmp-server user user-name grp v3
2. Configure static engine ID.
For example,
Device(config)# snmp-server engineID local 800000090300F8E94F0077FF
3. Configure the SNMP users that were removed earlier.
For example,
Device(config)# snmp-server user user-name grp v3 auth sha cisco1234 priv aes 128 cisco1234
4. Verify that the engine ID has been updated for all users.
For example,
Device# show snmp user
User name: user-name
Engine ID: 800000090300F8E94F0077FF <<<<<<<<<
storage-type: nonvolatile active
Authentication Protocol: SHA
Privacy Protocol: AES128
Group-name: grp
5. Perform the upgrade.
For mobility tunnel issue, follow these steps:
1. Configure mobility MAC address on the controller being upgraded.
Device# config terminal
Device(config)# wireless mobility mac-address mac-address
2. Update the peer mobility MAC addresses accordingly on each peer controller.
Device# config terminal
Device(config)# wireless mobility group member mac-address mac-address
Momentarily, the mobility tunnel will go down.
3. Perform the upgrade.
GNSS-based APs do not use geolocation derivation from neighboring APs after upgrade
GNSS-based APs automatically attempt to obtain a GPS lock after the controller and APs reboot, as long as a GPS module is connected.
Compatibility matrix
The following table provides software compatibility information. For more information, see Cisco Wireless Solutions Software Compatibility Matrix.
Table 5. Compatibility Matrix for Cisco Catalyst 9800 Series Wireless Controllers, Release 17.18.1
Cisco Catalyst 9800 Series Wireless Controller Software |
Cisco Identity Services Engine |
Cisco Prime Infrastructure |
Cisco AireOS-IRCM Interoperability |
Cisco Catalyst Center |
Cisco CMX |
IOS XE 17.18.1 |
3.4 3.3 3.2 3.1 3.0
* all with latest patches |
3.10 MR |
8.10 latest MR 8.5 latest MR
|
11.0.0
|
GUI system requirements
The following subsections list the hardware and software required to access the Cisco Catalyst 9800 Controller GUI.
Table 6. Hardware requirements
Processor speed |
DRAM |
Number of colors |
Resolution |
Font size |
233 MHz minimum Note: We recommend 1 GHz. |
512 MB Note: We recommend 1-GB DRAM. |
256 |
1280 x 800 or higher |
Small |
Software requirements
Operating Systems:
● Windows 7 or later
● macOS X 10.11 or later
Browsers:
● Google Chrome: Version 59 or later (on Windows and Mac)
● Microsoft Edge: Version 40 or later (on Windows)
● Safari: Version 10 or later (on Mac)
● Mozilla Firefox: Version 60 or later (on Windows and Mac)
Note that Firefox version 63.x is not supported.
The controller GUI uses Virtual Terminal (VTY) lines for processing HTTP requests. At times, when multiple connections are open, the default number of VTY lines of 15 set by the device might get exhausted. Therefore, we recommend that you increase the number of VTY lines to 50.
To increase the VTY lines in a device, run the following commands in the following order:
Device# configure terminal
Device(config)# line vty 50
The best practice is to configure the service tcp-keepalives to monitor the TCP connection to the device.
Device(config)# service tcp-keepalives-in
Device(config)# service tcp-keepalives-out
Before you upgrade
Ensure that you familiarize yourself with the following points before proceeding with the upgrade:
● If you have APs in remote sites, behind a WAN link, read the following document to accelerate the image download and make it more reliable: https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/223125-understand-access-point-image-upgrades.html.
● When you upgrade from Cisco IOS XE 17.9.5 or lower, or 17.12.2 or lower, to Cisco IOS XE 17.18.x, the controller WebUI does not support images greater than 1.5 GB.
Workaround:
◦ Upgrade using the CLI commands, or,
◦ Upgrade to 17.9.6, 17.12.3, or higher, then upgrade to 17.18.x.
● For images: If upgrading from 17.9.6 or lower, 17.12.4 or lower, or 17.15.1 or lower, to 17.18.x, Cisco Catalyst Wi-Fi 6 APs may fail to upgrade their image due to lack of space on the temporary partition.
Workaround:
◦ Reboot the impacted APs using a power cycle, then procced to upgrade normally.
For more information, see CSCwm08044 and CSCwm07499.
● APs running older release code (before 8.10.190.0, 17.3.8, 17.6.5, 17.9.3 or older), may get into a boot loop when upgrading software over a WAN link. For more information, see: https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/220443-how-to-avoid-boot-loop-due-to-corrupted.html.
● The following Wave 1 APs are not supported in 17.18.x and higher, and they will not join the controller. We recommend that you validate the current models before upgrading:
◦ Cisco Aironet 1570 Series Access Point
◦ Cisco Aironet 1700 Series Access Point
◦ Cisco Aironet 2700 Series Access Point
◦ Cisco Aironet 3700 Series Access Point
● From Cisco IOS XE Dublin 17.10.x, Key Exchange and MAC algorithms like diffie-hellman-group14-sha1, hmac-sha1, hmac-sha2-256, and hmac-sha2-512 are not supported by default and it may impact some SSH clients that only support these algorithms. If required, you can add them manually. For information on manually adding these algorithms, see the SSH Algorithms for Common Criteria Certification document available at: https://www.cisco.com/c/en/us/td/docs/routers/ios/config/17-x/sec-vpn/b-security-vpn/m_sec-secure-shell-algorithm-ccc.html.
● If APs fail to detect the backup image after running the archive download-sw command, perform the following steps:
◦ Upload the image using the no-reload option of the archive download-sw command:
Device# archive download-sw /no-reload tftp://<tftp_server_ip>/<image_name>
◦ Restart the CAPWAP process using capwap ap restart command. This allows the AP to use the correct backup image after the restart (reload is not required.)
Device# capwap ap restart
The AP will lose connection to the controller during the join process. When the AP joins the new controller, it will see a new image in the backup partition. So, the AP will not download a new image from the controller.
● Fragmentation lower than 1500 is not supported by the RADIUS packets generated by wireless clients in the Gi0 (OOB) interface.
● While upgrading to Cisco IOS XE 17.3.x and later releases, if the ip http active-session-modules none command is enabled, you will not be able to access the controller GUI using HTTPS. To access the GUI using HTTPS, run the following commands in the order specified below:
ip http session-module-list pkilist OPENRESTY_PKI
ip http active-session-modules pkilist
● Cisco Aironet 1815T OfficeExtend Access Point will be in local mode when connected to the controller. However, when it functions as a standalone AP, it gets converted to FlexConnect mode.
● The Cisco Catalyst 9800-L Wireless Controller may fail to respond to the BREAK signals received on its console port during boot time, preventing users from getting to the ROMMON. This problem is observed on the controllers manufactured until November 2019, with the default config-register setting of 0x2102. This problem can be avoided if you set config-register to 0x2002.
This problem is fixed in the 16.12(3r) ROMMON for Cisco Catalyst 9800-L Wireless Controller.
For information about how to upgrade the ROMMON, see the Upgrading ROMMON for Cisco Catalyst 9800-L Wireless Controllers section of the Upgrading Field Programmable Hardware Devices for Cisco Catalyst 9800 Series Wireless Controllers document.
● By default, the controller uses a TFTP block size value of 512, which is the lowest possible value. This default setting is used to ensure interoperability with legacy TFTP servers. If required, you can change the block size value to 8192 to speed up the transfer process, using the ip tftp blocksize command in global configuration mode.
● If the following error message is displayed after a reboot or system crash, we recommend that you regenerate the trustpoint certificate: ERR_SSL_VERSION_OR_CIPHER_MISMATCH.
Use the following commands in the order specified below to generate a new self-signed trustpoint certificate:
device# configure terminal
device(config)# no crypto pki trustpoint trustpoint_name
device(config)# no ip http server
device(config)# no ip http secure-server
device(config)# ip http server
device(config)# ip http secure-server
device(config)# ip http authentication local/aaa
● Do not deploy OVA files directly to VMware ESXi 6.5. We recommend that you use an OVF tool to deploy the OVA files.
● Ensure that you remove the controller from Cisco Prime Infrastructure before disabling or enabling Netconf-YANG. Otherwise, the system may reload unexpectedly.
● From Cisco IOS XE Bengaluru 17.4.1 onwards, the telemetry solution provides a name for the receiver address instead of the IP address for telemetry data. This is an additional option. During the controller downgrade and subsequent upgrade, there is likely to be an issue—the upgrade version uses the newly named receivers, and these are not recognized in the downgrade. The new configuration gets rejected and fails in the subsequent upgrade. Configuration loss can be avoided when the upgrade or downgrade is performed from Cisco Catalyst Center.
● Communication between Cisco Catalyst 9800 Series Wireless Controller and Cisco Prime Infrastructure uses different ports:
◦ All the configurations and templates available in Cisco Prime Infrastructure are pushed through SNMP and CLI, using UDP port 161.
◦ Operational data for controller is obtained over SNMP, using UDP port 162.
◦ AP and client operational data leverage streaming telemetry:
Cisco Prime Infrastructure to controller: TCP port 830 is used by Cisco Prime Infrastructure to push the telemetry configuration to the controller (using NETCONF).
Controller to Cisco Prime Infrastructure: TCP port 20828 is used for Cisco IOS XE 16.10.x and 16.11.x, and TCP port 20830 is used for Cisco IOS XE 16.12.x, 17.1.x and later releases.
● The Cisco Centralized Key Management (CCKM) feature was deprecated in Cisco IOS XE 17.10.x but currently remains supported. However, support for CCKM will be removed in a future release. Therefore, we recommend that you migrate to Fast Transition (FT) with 802.1X authentication and validate the configuration with supported key caching mechanisms.
● To migrate public IP address from 16.12.x to 17.x. ensure that you configure the service internal command. If you do not configure the service internal command, the IP address does not get carried forward.
● RLAN support with Virtual Routing and Forwarding (VRF) is not available.
● When you encounter the SNMP error SNMP_ERRORSTATUS_NOACCESS 6, it means that the specified SNMP variable is not accessible.
● We recommend that you perform a controller reload whenever there is a change in the controller's clock to reflect an earlier time.
● The DTLS version (DTLSv1.0) is deprecated for Cisco Aironet 1800 based on latest security policies. Therefore, any new out-of-box deployments of Cisco Aironet 1800 APs will fail to join the controller, and you will get the following error message:
%APMGR_TRACE_MESSAGE-3-WLC_GEN_ERR: Chassis 1 R0/2: wncd: Error in AP Join,
AP <AP-name>,
mac:<MAC-address>Model AIR-AP1815W-D-K9, AP negotiated unexpected DTLS version v1.0
To onboard new Cisco Aironet 1800 APs and to establish a CAPWAP connection, explicitly set the DTLS version to 1.0 in the controller using the following configuration:
config terminal
ap dtls-version dtls_1_0
end
Note: Setting the DTLS version to 1.0 affects all the existing AP CAPWAP connections. We recommend that you apply the configuration only during a maintenance window. After the APs download the new image and join the controller, ensure that you remove the configuration.
● Before you begin a downgrade process, you must manually remove the configurations which are applicable in the current version but not in the older version. Otherwise, you might encounter unexpected behavior.
● To upgrade the field programmable hardware devices for Cisco Catalyst 9800 Series Wireless Controllers, see Upgrading Field Programmable Hardware Devices for Cisco Catalyst 9800 Series Wireless Controllers.
Upgrade path to Cisco IOS XE 17.18.x
Table 7. Upgrade Path to Cisco IOS XE Dublin 17.18.x
Current software |
Upgrade path for deployments with 9130 or 9124 |
Upgrade path for deployments without 9130 and 9124 |
16.10.x |
— Note: The Cisco Catalyst 9130 and 9124 APs are not supported in 16.10.x and 16.11.x releases. |
Upgrade first to 16.12.5 or 17.3.x and then to 17.18.x. |
16.11.x |
— |
Upgrade first to 16.12.5 or 17.3.x and then to 17.18.x. |
16.12.x |
Upgrade first to 17.3.5 or later or 17.6.x or later, then to 17.9.6 or later or 17.12.x or later, and then to 17.18.x. |
Upgrade first to 17.3.5 or later or 17.6.x or later, and then to 17.18.x. |
17.1.x |
Upgrade first to 17.3.5 or later or 17.6.x or later, then to 17.9.6 or later or 17.12.x or later, and then to 17.18.x. |
Upgrade first to 17.3.5 or later and then to 17.18.x. |
17.2.x |
Upgrade first to 17.3.5 or later or 17.6.x or later, then to 17.9.6 or later or 17.12.x or later, and then to 17.18.x. |
Upgrade first to 17.3.5 or later and then to 17.18.x. |
17.3.1 to 17.3.4 |
Upgrade first to 17.3.5 or later or 17.6.x or later, then to 17.9.6 or later or 17.12.x or later, and then to 17.18.x. |
Upgrade directly to 17.18.x. |
17.3.4c or later |
Upgrade to 17.9.6 or later or 17.12.x or later, and then to 17.18.x. |
Upgrade directly to 17.18.x. |
17.4.x |
Upgrade first to 17.6.x and then to 17.18.x. |
Upgrade directly to 17.18.x. |
17.5.x |
Upgrade first to 17.6.x and then to 17.18.x. |
Upgrade directly to 17.18.x. |
17.6.x |
Upgrade to 17.9.6 or later or 17.12.x or later, and then to 17.18.x. |
Upgrade directly to 17.18.x. |
17.7.x |
Upgrade to 17.9.6 or later or 17.12.x or later, and then to 17.18.x. |
Upgrade directly to 17.18.x. |
17.8.x |
Upgrade to 17.9.6 or later or 17.12.x or later, and then to 17.18.x. |
Upgrade directly to 17.18.x. |
17.9.1 to 17.9.5 |
Upgrade to 17.9.6 or later or 17.12.x or later, and then to 17.18.x. |
Upgrade directly to 17.18.x. |
17.9.6 or later |
Upgrade directly to 17.18.x |
Upgrade directly to 17.18.x. |
17.10.x |
Upgrade to 17.12.x or later, and then to 17.18.x |
Upgrade directly to 17.18.x. |
17.11.x |
Upgrade to 17.12.x or later, and then to 17.18.x |
Upgrade directly to 17.18.x. |
17.12.x |
Upgrade directly to 17.18.x. |
Upgrade directly to 17.18.x. |
17.13.x |
Upgrade directly to 17.18.x. |
Upgrade directly to 17.18.x. |
17.14.x |
Upgrade directly to 17.18.x. |
Upgrade directly to 17.18.x. |
17.15.x |
Upgrade directly to 17.18.x. |
Upgrade directly to 17.18.x. |
17.16.x |
Upgrade directly to 17.18.x. |
Upgrade directly to 17.18.x. |
17.17.x |
Upgrade directly to 17.18.x. |
Upgrade directly to 17.18.x. |
8.9.x or any 8.10.x version prior to 8.10.171.0 |
Upgrade first to 8.10.171.0 or later, 17.3.5 or later, or 17.6.x or later, then to 17.9.6 or later or 17.12.x or later, and then to 17.18.x |
Upgrade directly to 17.18.x.
|
Upgrading the controller software
This section describes the various aspects of upgrading the controller software.
Finding the software version
The package files for the Cisco IOS XE software are stored in the system board flash device (flash:).
Use the show version privileged EXEC command to see the software version that is running on your controller.
Note: Although the show version output always shows the software image running on the controller, the model name shown at the end of the output is the factory configuration, and does not change if you upgrade the software license.
Use the show install summary privileged EXEC command to see the information about the active package.
Use the dir filesystem: privileged EXEC command to see the directory names of other software images that you have stored in flash memory.
Software images
● Release: Cisco IOS XE 17.18.x
Image names (9800-80, 9800-40, and 9800-L):
● C9800-80-universalk9_wlc.17.18.x.SPA.bin
● C9800-40-universalk9_wlc.17.18.x.SPA.bin
● C9800-L-universalk9_wlc.17.18.x.SPA.bin
Image names (CW9800M, CW9800H1/CW9800H2)
● CW9800H-wlc-universalk9.17.18.x.SPA.bin
● CW9800M-wlc-universalk9.17.18.1.SPA.bin
Image names (9800-CL):
● Cloud: C9800-CL-universalk9.17.18.x.SPA.bin
● Hyper-V/ESXi/KVM: C9800-CL-universalk9.17.18.x.iso, C9800-CL-universalk9.17.18.x.ova
● KVM: C9800-CL-universalk9.17.18.x.qcow2
● NFVIS: C9800-CL-universalk9.17.18.x.tar.gz
Software installation commands
To install and activate a specified file, and to commit changes to be persistent across reloads, run the following command:
device# install add file filename [activate |commit]
To separately install, activate, commit, end, or remove the installation file, run the following command:
device# install ?
Note: We recommend that you use the GUI for installation.
Commands |
Description |
add file tftp: filename |
Copies the install file package from a remote location to a device and performs a compatibility check for the platform and image versions |
activateauto-abort-timer |
Activates the file and reloads the device; the auto-abort-timer keyword automatically rolls back image activation |
Commit |
Makes changes that are persistent over reloads |
rollback to committed |
Rolls back the update to the last committed version |
Abort |
Cancels file activation and rolls back to the version that was running before the current installation procedure started |
Remove |
Deletes all unused and inactive software installation files |
Licensing
Cisco wireless licenses
Cisco wireless licenses, a part of the Cisco Networking Subscription licensing model, is a software license that helps you to deploy your Wi-Fi 7 Access Points in an on-premise, hybrid, or a cloud managed network. From Cisco IOS XE 17.15.2, Cisco Wireless licenses are supported on Wi-Fi 7 Access Points (APs) and later models.
The Cisco wireless licenses consist of the following tiers:
● Cisco wireless essentials: The tier that provides fundamental features and functionalities that are essential to manage a network.
● Cisco wireless advantage: The tier that supports additional features and capabilities and includes all the essential capabilities in addition to the advanced capabilities to manage a network.
For more information, see Cisco Wireless Licensing.
Interoperability with clients
This section describes the interoperability of the controller software with client devices.
The following table lists the configurations used for testing client devices.
Table 8. Test configuration for interoperability
Hardware or software parameter |
Hardware or software type |
Release |
Cisco IOS XE 17.18.1 |
Cisco Wireless Controller |
|
Access Points |
See Supported APs |
Radio |
· 802.11ac · 802.11a · 802.11g · 802.11n · 802.11be (Wi-Fi 7) |
Security |
Open, PSK (WPA2-AES), 802.1X (WPA2-AES) (EAP-FAST, EAP-TLS) |
RADIUS |
|
Types of tests |
Connectivity, traffic (ICMP), and roaming between two APs |
The following table lists the client types on which the tests were conducted. Client types included laptops, hand-held devices, phones, and printers.
Table 9. Client types
Client type and name |
Driver or software version |
Laptops |
|
Acer Aspire E 15 E5-573-3870 (Qualcomm Atheros QCA9377) |
Windows 10 Pro (12.0.0.832) |
Apple MacBook Air 11 inch |
macOS Sierra 10.12.6 |
Apple MacBook Air 13 inch |
macOS High Sierra 10.13.4 |
MacBook Pro Retina |
macOS Catalina |
MacBook Pro Retina 13 inch early 2015 |
macOS Mojave 10.14.3 |
MacBook Pro OS X |
macOS X 10.8.5 |
MacBook Air |
macOS Sierra v10.12.2 |
MacBook Air 11 inch |
macOS Yosemite 10.10.5 |
MacBook M1 Chip |
macOS Catalina |
MacBook M1 Chip |
macOS Ventura 13.2.1 |
MacBook Pro M2 Chip |
macOS Ventura 13.3 beta |
MacBook Pro M2 Chip |
macOS Ventura 13.1 |
Dell Inspiron 2020 Chromebook |
Chrome OS 75.0.3770.129 |
Google Pixelbook Go |
Chrome OS 97.0.4692.27 |
HP Chromebook 11a |
Chrome OS 76.0.3809.136 |
Samsung Chromebook 4+ |
Chrome OS 77.0.3865.105 |
Dell Latitude (Intel AX210) |
Windows 11 (22.110.x.x) |
Dell Latitude 3480 (Qualcomm DELL wireless 1820) |
Win 10 Pro (12.0.0.242) |
Dell Inspiron 15-7569 (Intel Dual Band Wireless-AC 3165) |
Windows 10 Home (21.40.0) |
Dell Latitude E5540 (Intel Dual Band Wireless AC7260) |
Windows 7 Professional (21.10.1) |
Dell Latitude E5430 (Intel Centrino Advanced-N 6205) |
Windows 7 Professional (15.18.0.1) |
Dell Latitude E6840 (Broadcom Dell Wireless 1540 802.11 a/g/n) |
Windows 7 Professional (6.30.223.215) |
Dell XPS 12 v9250 (Intel Dual Band Wireless AC 8260) |
Windows 10 Home (21.40.0) |
Dell Latitude 5491 (Intel AX200) |
Windows 10 Pro (21.20.1.1) |
Dell XPS Latitude12 9250 (Intel Dual Band Wireless AC 8260) |
Windows 10 Home |
Dell Inspiron 13-5368 Signature Edition |
Windows 10 Home (18.40.0.12) |
FUJITSU Lifebook E556 Intel 8260 (Intel Dual Band Wireless-AC 8260 (802.11n)) |
Windows 8 (19.50.1.6) |
Lenovo Yoga C630 Snapdragon 850 (Qualcomm AC 2x2 Svc) |
Windows 10 Home |
Lenovo ThinkPad Yoga 460 (Intel Dual Band Wireless-AC 9260) |
Windows 10 Pro (21.40.0) |
Note: For clients using Intel wireless cards, we recommend that you update to the latest Intel wireless drivers if the advertised SSIDs are not visible. |
|
Tablets |
|
Apple iPad Pro (12.9 inch) 6th Gen |
iOS 16.4 |
Apple iPad Pro (11 inch) 4th Gen |
iOS 16.4 |
Apple iPad 2021 |
iOS 15.0 |
Apple iPad 7the Gen 2019 |
iOS 14.0 |
Apple iPad MD328LL/A |
iOS 9.3.5 |
Apple iPad 2 MC979LL/A |
iOS 11.4.1 |
Apple iPad Air MD785LL/A |
iOS 11.4.1 |
Apple iPad Air2 MGLW2LL/A |
iOS 10.2.1 |
Apple iPad Mini 4 9.0.1 MK872LL/A |
iOS 11.4.1 |
Apple iPad Mini 2 ME279LL/A |
iOS 11.4.1 |
Apple iPad Mini 4 9.0.1 MK872LL/A |
iOS 11.4.1 |
Microsoft Surface Pro 3 13 inch (Intel AX201) |
Windows 10 (21.40.1.3) |
Microsoft Surface Pro 3 15 inch (Qualcomm Atheros QCA61x4A) |
Windows 10 |
Microsoft Surface Pro 7 (Intel AX201) |
Windows 10 |
Microsoft Surface Pro 6 (Marvell Wi-Fi chipset 11ac) |
Windows 10 |
Microsoft Surface Pro X (WCN3998 Wi-Fi Chip) |
Windows |
Mobile phones |
|
Apple iPhone 5 |
iOS 12.4.1 |
Apple iPhone 6s |
iOS 13.5 |
Apple iPhone 7 MN8J2LL/A |
iOS 11.2.5 |
Apple iPhone 8 |
iOS 13.5 |
Apple iPhone 8 Plus |
iOS 14.1 |
Apple iPhone 8 Plus MQ8D2LL/A |
iOS 12.4.1 |
Apple iPhone X MQA52LL/A |
iOS 13.1 |
Apple iPhone 11 |
iOS 15.1 |
Apple iPhone 12 |
iOS 16.0 |
Apple iPhone 12 Pro |
iOS 15.1 |
Apple iPhone 13 |
iOS 15.1 |
Apple iPhone 13 Mini |
iOS 15.1 |
Apple iPhone 13 Mini Pro |
iOS 15.1 |
Apple iPhone SE MLY12LL/A |
iOS 11.3 |
Apple iPhone SE |
iOS 15.1 |
ASCOM i63 |
Build v 3.0.0 |
ASCOM Myco 3 |
Android 9 |
Cisco IP Phone 8821 |
11.0.6 SR4 |
Drager Delta |
VG9.0.2 |
Drager M300.3 |
VG3.0 |
Drager M300.4 |
VG3.0 |
Drager M540 |
VG4.2 |
Google Pixel 3a |
Android 11 |
Google Pixel 4 |
Android 11 |
Google Pixel 5 |
Android 11 |
Google Pixel 6 |
Android 12 |
Google Pixel 7 |
Android 13 |
Huawei Mate 20 pro |
Android 9.0 |
Huawei P20 Pro |
Android 10 |
Huawei P40 |
Android 10 |
LG v40 ThinQ |
Android 9.0 |
One Plus 8 |
Android 11 |
Oppo Find X2 |
Android 10 |
Redmi K20 Pro |
Android 10 |
Samsung Galaxy S9+ - G965U1 |
Android 10.0 |
Samsung Galaxy S10 Plus |
Android 11.0 |
Samsung S10 (SM-G973U1) |
Android 11.0 |
Samsung S10e (SM-G970U1) |
Android 11.0 |
Samsung Galaxy S20 Ultra |
Android 10.0 |
Samsung Galaxy S21 Ultra 5G |
Android 13.0 |
Samsung Galaxy S22 Ultra |
Android 13.0 |
Samsung Fold 2 |
Android 10.0 |
Samsung Galaxy Z Fold 3 |
Android 13.0 |
Samsung Note20 |
Android 12.0 |
Samsung G Note 10 Plus |
Android 11.0 |
Samsung Galaxy A01 |
Android 11.0 |
Samsung Galaxy A21 |
Android 10.0 |
Sony Experia 1 ii |
Android 11 |
Sony Experia |
Android 11 |
Xiaomi Mi 9T |
Android 9 |
Xiaomi Mi 10 |
Android 11 |
Spectralink 84 Series |
7.5.0.x257 |
Spectralink 87 Series |
Android 5.1.1 |
Spectralink Versity Phones 92/95/96 Series |
Android 10.0 |
Spectralink Versity Phones 9540 Series |
Android 8.1.0 |
Vocera Badges B3000n |
4.3.3.18 |
Vocera Smart Badges V5000 |
5.0.6.35 |
Zebra MC40 |
Android 4.4.4 |
Zebra MC40N0 |
Android 4.1.1 |
Zebra MC92N0 |
Android 4.4.4 |
Zebra MC9090 |
Windows Mobile 6.1 |
Zebra MC55A |
Windows 6.5 |
Zebra MC75A |
OEM ver 02.37.0001 |
Zebra TC51 |
Android 6.0.1 |
Zebra TC52 |
Android 10.0 |
Zebra TC55 |
Android 8.1.0 |
Zebra TC57 |
Android 10.0 |
Zebra TC58 |
Android 11.0 |
Zebra TC70 |
Android 6.1 |
Zebra TC75 |
Android 10.0 |
Zebra TC520K |
Android 10.0 |
Zebra TC8000 |
Android 4.4.3 |
Printers |
|
Zebra QLn320 Mobile Printer |
LINK OS 5.2 |
Zebra ZT230 IndustrialPrinter |
LINK OS 6.4 |
Zebra ZQ310 Mobile Printer |
LINK OS 6.4 |
Zebra ZD410 Industrial Printer |
LINK OS 6.4 |
Zebra ZT410 Desktop Printer |
LINK OS 6.2 |
Zebra ZQ610 Industrial Printer |
LINK OS 6.4 |
Zebra ZQ620 Mobile Printer |
LINK OS 6.4 |
Wireless module |
|
Intel AX 411 |
Driver v22.230.0.8 |
Intel AX 211 |
Driver v22.230.0.8, v22.190.0.4 |
Intel AX 210 |
Driver v22.230.0.8, v22.190.0.4, v22.170.2.1 |
Intel AX 200 |
Driver v22.130.0.5 |
Intel 11AC |
Driver v22.30.0.11 |
Intel AC 9260 |
Driver v21.40.0 |
Intel Dual Band Wireless AC 8260 |
Driver v19.50.1.6 |
Samsung S21 Ultra |
Driver v20.80.80 |
QCA WCN6855 |
Driver v1.0.0.901 |
PhoenixContact FL WLAN 2010 |
Firmware version: 2.71 |
Supported virtual and hardware platforms
The following table lists the supported virtual and hardware platforms. (See Supported PIDs and ports for the list of supported modules.)
Table 10. Supported virtual and hardware platforms
Platform |
Description |
Cisco Catalyst 9800-80 Wireless Controller |
A modular wireless controller with up to 100-GE modular uplinks and seamless software updates. The controller occupies a 2-rack unit space and supports multiple module uplinks. |
Cisco Catalyst 9800-40 Wireless Controller |
A fixed wireless controller with seamless software updates for mid-size to large enterprises. The controller occupies a 1-rack unit space and provides four 1-GE or 10-GE uplink ports. |
Cisco Catalyst 9800-L Wireless Controller |
The Cisco Catalyst 9800-L Wireless Controller is the first low-end controller that provides a significant boost in performance and features. |
Cisco Catalyst 9800 Wireless Controller for Cloud |
A virtual form factor of the Catalyst 9800 Wireless Controller that can be deployed in a private cloud (supports VMware ESXi, Kernel-based Virtual Machine [KVM], Microsoft Hyper-V, and Cisco Enterprise NFV Infrastructure Software [NFVIS] on Enterprise Network Compute System [ENCS] hypervisors), or in the public cloud as Infrastructure as a Service (IaaS) in Amazon Web Services (AWS), Google Cloud Platform (GCP) marketplace, and Microsoft Azure. |
Cisco Catalyst 9800 Embedded Wireless Controller for Switch |
The Catalyst 9800 Wireless Controller software for the Cisco Catalyst 9000 switches brings the wired and wireless infrastructure together with consistent policy and management. This deployment model supports only Software Defined-Access (SDA), which is a highly secure solution for small campuses and distributed branches. |
Cisco Catalyst CW9800M Wireless Controller |
The Cisco Catalyst CW9800M Wireless Controller is the next generation Cisco Catalyst CW9800 Series Wireless LAN Controller built to deliver a 53% performance improvement while consuming 18% less power when compared to the previous generation models. Additionally, the Cisco Catalyst CW9800M Wireless Controller supports 3000 APs and 32000 clients to ensure better performance and scale for business-critical networks and provides up to 40 Gbps of forwarding throughput for both normal packet and encrypted packets while remaining a single RU designed to save you space and provide greater flexibility in your datacenters. |
Cisco Catalyst CW9800H1 and CW9800H2 Wireless Controllers |
The Cisco Catalyst CW9800H1 and CW9800H2 Wireless Controllers are the next-generation Cisco Catalyst CW9800 Series Wireless LAN Controllers that boast up to a 36% increase in performance and consume up to 40% less power compared to their predecessors. Additionally, the CW9800H1 and CW9800H2 models are built with a space-saving single RU design and support up to 6000 APs and 64,000 clients with 100 Gbps of maximum throughput. They also offer a choice of uplinks with either 4 x 25 Gbps (CW9800H1) or 2 x 40 Gbps (CW9800H2) configurations to meet high throughput demands of next-generation wireless requirements. |
Supported host environments - public and private cloud
The following table lists the host environments supported for private and public cloud.
Table 11. Supported host environments for public and private cloud
Host environment |
Software version |
VMware ESXi |
●
VMware ESXi vSphere 6.5, 6.7, 7.0, and 8.0
●
VMware ESXi vCenter 6.5, 6.7, 7.0, and 8.0
|
KVM |
●
Linux KVM-based on Red Hat Enterprise Linux 9.2, or latest version
●
Ubuntu 16.04.5 LTS, Ubuntu 18.04.5 LTS, Ubuntu 20.04.5 LTS
|
AWS |
AWS EC2 platform |
NFVIS |
ENCS 3.8.1 and 3.9.1 |
GCP |
GCP marketplace |
Microsoft Hyper-V |
Windows Server 2019, with Hyper-V Manager (Version 10.0.x) |
Microsoft Azure |
Microsoft Azure |
The following table lists the supported Cisco Catalyst 9800 Series Wireless Controller hardware models.
The base PIDs are the model numbers of the controller.
The bundled PIDs indicate the orderable part numbers for the base PIDs that are bundled with a particular network module. Running the show version, show module, or show inventory command on such a controller (bundled PID) displays its base PID.
Note: Unsupported SFPs will bring down a port. Only Cisco-supported SFPs (GLC-LH-SMD and GLC-SX-MMD) should be used on the route processor (RP) ports of C9800-80-K9 and C9800-40-K9.
Table 12. Supported PIDS and ports
Controller model |
Description |
C9800-CL-K9 |
Cisco Catalyst Wireless Controller as an infrastructure for cloud. |
C9800-80-K9 |
Eight 1/10-Gigabit Ethernet SFP or SFP+ ports and two power supply slots. |
C9800-40-K9 |
Four 1/10-Gigabit Ethernet SFP or SFP+ ports and two power supply slots. |
C9800-L-C-K9 |
● 4x2.5/1-Gigabit ports
● 2x10/5/2.5/1-Gigabit ports
|
C9800-L-F-K9 |
● 4x2.5/1-Gigabit ports
● 2x10/1-Gigabit ports
|
CW9800H1 |
● 8x1 GE/10 GE SFP ports
● 4x25 GE SFP interfaces
|
CW9800H2 |
● 8x1 GE/10 GE SFP Ports
● 2X 40 GE QSFP interfaces
|
CW9800M |
● Four built-in 1 GE /10 GE SFP ports
● Two built-in 25 GE SFP ports
|
Supported SFPs
The following table lists the supported SFP models.
Table 13. Supported SFP models
SFP name |
C9800-80-K9 |
C9800-40-K9 |
C9800-L-F-K9 |
CW9800H1 |
CW9800H2 |
CW9800M |
COLORCHIP-C040- Q020-CWDM4-03B |
Supported |
— |
— |
— |
— |
— |
DWDM-SFP10G-30.33 |
Supported |
Supported |
— |
— |
— |
— |
DWDM-SFP10G-61.41 |
Supported |
Supported |
— |
— |
— |
— |
FINISAR-LR – FTLX1471D3BCL (The FINISAR SFPs are not Cisco specific and some of the features, such as DOM, may not work properly.) |
Supported |
Supported |
Supported |
— |
— |
— |
FINISAR-SR – FTLX8574D3BCL |
Supported |
Supported |
Supported |
— |
— |
— |
GLC-BX-D |
Supported |
Supported |
Supported |
Supported |
Supported |
Supported |
GLC-BX-U |
Supported |
Supported |
Supported |
Supported |
Supported |
Supported |
GLC-EX-SMD |
Supported |
Supported |
— |
Supported |
Supported |
Supported |
GLC-LH-SMD |
Supported |
Supported |
— |
Supported |
Supported |
Supported |
GLC-SX-MMD |
Supported |
Supported |
Supported |
Supported |
Supported |
Supported |
GLC-T |
Supported |
— |
— |
— |
— |
— |
GLC-TE |
Supported |
Supported |
Supported |
Supported |
Supported |
Supported |
GLC-ZX-SMD |
Supported |
Supported |
Supported |
Supported |
Supported |
Supported |
QSFP-100G-LR4-S |
Supported |
— |
— |
— |
— |
— |
QSFP-100G-SR4-S |
Supported |
— |
— |
— |
— |
— |
QSFP-40G-BD-RX |
Supported |
— |
— |
— |
— |
— |
QSFP-40G-ER4 |
Supported |
— |
— |
— |
Supported |
— |
QSFP-40G-LR4 |
Supported |
— |
— |
— |
Supported |
— |
QSFP-40G-LR4-S |
Supported |
— |
— |
— |
Supported |
— |
QSFP-40G-CSR4 |
— |
— |
— |
— |
Supported |
— |
QSFP-40G-SR4 |
Supported |
— |
— |
— |
Supported |
— |
QSFP-40G-SR4-S |
Supported |
— |
— |
— |
Supported |
— |
QSFP-40GE-LR4 |
Supported |
— |
— |
— |
— |
— |
QSFP-H40G-ACU10M |
— |
— |
— |
— |
Supported |
— |
QSFP-H40G-CU1M |
— |
— |
— |
— |
Supported |
— |
QSFP-H40G-CU2M |
— |
— |
— |
— |
Supported |
— |
QSFP-H40G-CU3M |
— |
— |
— |
— |
Supported |
— |
QSFP-H40G-CU4M |
— |
— |
— |
— |
Supported |
— |
QSFP-H40G-CU5M |
— |
— |
— |
— |
Supported |
— |
QSFP-H40G-CUO-5M |
— |
— |
— |
— |
Supported |
— |
QSFP-H40G-AOC1M |
— |
— |
— |
— |
Supported |
— |
QSFP-H40G-AOC2M |
— |
— |
— |
— |
Supported |
— |
QSFP-H40G-AOC3M |
— |
— |
— |
— |
Supported |
— |
QSFP-H40G-AOC5M |
— |
— |
— |
— |
Supported |
— |
QSFP-H40G-AOC7M |
— |
— |
— |
— |
Supported |
— |
QSFP-H40G-AOC10M |
— |
— |
— |
— |
Supported |
— |
QSFP-H40G-AOC15M |
— |
— |
— |
— |
Supported |
— |
QSFP-H40G-AOC20M |
— |
— |
— |
— |
Supported |
— |
QSFP-H40G-AOC25M |
— |
— |
— |
— |
Supported |
— |
QSFP-H40G-AOC30M |
— |
— |
— |
— |
Supported |
— |
SFP-10G-AOC10M |
Supported |
Supported |
— |
— |
— |
— |
SFP-10G-AOC1M |
Supported |
Supported |
— |
Supported |
Supported |
Supported |
SFP-10G-AOC2M |
Supported |
Supported |
— |
Supported |
Supported |
Supported |
SFP-10G-AOC3M |
Supported |
Supported |
— |
Supported |
Supported |
Supported |
SFP-10G-AOC5M |
Supported |
Supported |
— |
Supported |
Supported |
Supported |
SFP-10G-AOC7M |
Supported |
Supported |
— |
Supported |
Supported |
Supported |
SFP-10G-ER |
Supported |
Supported |
— |
Supported |
Supported |
Supported |
SFP-10G-LR |
Supported |
Supported |
Supported |
Supported |
Supported |
Supported |
SFP-10G-LR-S |
Supported |
Supported |
Supported |
— |
— |
— |
SFP-10G-LR-X |
Supported |
Supported |
Supported |
Supported |
Supported |
Supported |
SFP-10G-LRM |
Supported |
Supported |
Supported |
— |
— |
— |
SFP-10G-SR |
Supported |
Supported |
Supported |
Supported |
Supported |
Supported |
SFP-10G-SR-S |
Supported |
Supported |
Supported |
Supported |
Supported |
Supported |
SFP-10G-SR-I |
— |
— |
— |
Supported |
Supported |
Supported |
SFP-10G-SR-X |
Supported |
Supported |
Supported |
— |
— |
— |
SFP-10G-ZR |
|
|
— |
— |
— |
— |
SFP-10G-ZR-I |
— |
— |
— |
Supported |
Supported |
Supported |
SFP-10G-T-X |
— |
— |
— |
Supported |
Supported |
Supported |
SFP-25G-SR-S |
— |
— |
— |
Supported |
— |
Supported |
SFP-25G-ER-I |
— |
— |
— |
Supported |
— |
Supported |
SFP-10/25G-LR-I |
— |
— |
— |
Supported |
— |
Supported |
SFP-10/25G-LR-S |
— |
— |
— |
Supported |
— |
Supported |
SFP-10/25G-CSR-S |
— |
— |
— |
Supported |
— |
Supported |
SFP-10/25G-BXD-I |
— |
— |
— |
Supported |
— |
Supported |
SFP-10/25G-BXU-I |
— |
— |
— |
Supported |
— |
Supported |
SFP-H25G-CU1M |
— |
— |
— |
Supported |
— |
Supported |
SFP-H25G-CU5M |
— |
— |
— |
Supported |
— |
Supported |
SFP-25G-AOC1M |
— |
— |
— |
Supported |
— |
Supported |
SFP-25G-AOC2M |
— |
— |
— |
Supported |
— |
Supported |
SFP-25G-AOC3M |
— |
— |
— |
Supported |
— |
Supported |
SFP-25G-AOC5M |
— |
— |
— |
Supported |
— |
Supported |
SFP-25G-AOC7M |
— |
— |
— |
Supported |
— |
Supported |
SFP-25G-AOC10M |
— |
— |
— |
Supported |
— |
Supported |
SFP-H10GB-ACU10M |
Supported |
Supported |
Supported |
Supported |
Supported |
Supported |
SFP-H10GB-ACU7M |
Supported |
Supported |
Supported |
Supported |
Supported |
Supported |
SFP-H10GB- CU1.5M |
Supported |
Supported |
Supported |
— |
— |
— |
SFP-H10GB-CU1M |
Supported |
Supported |
Supported |
Supported |
Supported |
Supported |
SFP-H10GB-CU2.5M |
Supported |
Supported |
Supported |
— |
— |
— |
SFP-H10GB-CU2M |
Supported |
Supported |
Supported |
Supported |
Supported |
Supported |
SFP-H10GB-CU3M |
Supported |
Supported |
Supported |
Supported |
Supported |
Supported |
SFP-H10GB-CU5M |
Supported |
Supported |
Supported |
Supported |
Supported |
Supported |
SFP-H10GB-CU1-5M |
Supported |
Supported |
— |
Supported |
Supported |
Supported |
Finisar-LR (FTLX1471D3BCL) |
— |
— |
Supported |
Supported |
Supported |
Supported |
Finisar-SR (FTLX8574D3BC) |
— |
— |
— |
Supported |
Supported |
Supported |
The Cisco Catalyst 9800 Series Wireless Controller supports a wide range of optics. The list of supported optics is updated on a regular basis. See the tables at the following location for the latest transceiver module compatibility information:
Network protocols and port matrix
Table 14. Cisco Catalyst 9800 series wireless controller - network protocols and port matrix
Source |
Destination |
Protocol |
Destination port |
Source port |
Description |
Any |
Cisco Catalyst 9800 Series Wireless Controller |
TCP |
22 |
Any |
SSH |
Any |
Cisco Catalyst 9800 Series Wireless Controller |
TCP |
23 |
Any |
Telnet |
Any |
Cisco Catalyst 9800 Series Wireless Controller |
TCP |
80 |
Any |
HTTP |
Any |
Cisco Catalyst 9800 Series Wireless Controller |
TCP |
443 |
Any |
HTTPS |
Any |
Cisco Catalyst 9800 Series Wireless Controller |
UDP |
161 |
Any |
SNMP agent |
Any |
Any |
UDP |
5353 |
5353 |
mDNS |
Any |
Cisco Catalyst 9800 Series Wireless Controller |
UDP |
69 |
69 |
TFTP |
Any |
DNS Server |
UDP |
53 |
Any |
DNS |
Any |
Cisco Catalyst 9800 Series Wireless Controller |
TCP |
830 |
Any |
NetConf |
Any |
Cisco Catalyst 9800 Series Wireless Controller |
TCP |
443 |
Any |
REST API |
Any |
WLC Protocol |
UDP |
1700 |
Any |
Receive CoA packets |
AP |
Cisco Catalyst 9800 Series Wireless Controller |
UDP |
5246 |
Any |
CAPWAP Control |
AP |
Cisco Catalyst 9800 Series Wireless Controller |
UDP |
5247 |
Any |
CAPWAP Data |
AP |
Cisco Catalyst 9800 Series Wireless Controller |
UDP |
5248 |
Any |
CAPWAP MCAST |
AP |
Cisco Catalyst Center |
TCP |
32626 |
Any |
Intelligent capture and RF telemetry |
AP |
AP |
UDP |
16670 |
Any |
Client Policies (AP-AP) |
Cisco Catalyst 9800 Series Wireless Controller |
Cisco Catalyst 9800 Series Wireless Controller |
UDP |
16666 |
16666 |
Mobility Control |
Cisco Catalyst 9800 Series Wireless Controller |
SNMP |
UDP |
162 |
Any |
SNAMP Trap |
Cisco Catalyst 9800 Series Wireless Controller |
RADIUS |
UDP |
1812/1645 |
Any |
RADIUS Auth |
Cisco Catalyst 9800 Series Wireless Controller |
RADIUS |
UDP |
1813/1646 |
Any |
RADIUS ACCT |
Cisco Catalyst 9800 Series Wireless Controller |
TACACS+ |
TCP |
49 |
Any |
TACACS+ |
Cisco Catalyst 9800 Series Wireless Controller |
Cisco Catalyst 9800 Series Wireless Controller |
UDP |
16667 |
16667 |
Mobility |
Cisco Catalyst 9800 Series Wireless Controller |
NTP Server |
UDP |
123 |
Any |
NTP |
Cisco Catalyst 9800 Series Wireless Controller |
Syslog Server |
UDP |
514 |
Any |
SYSLOG |
AP |
Cisco Catalyst 9800 Series Wireless Controller |
HTTPS |
8443 |
Any |
Out of Band AP Image Download Cisco CleanAir Spectral Capture
|
Cisco Catalyst 9800 Series Wireless Controller |
NetFlow Server |
UDP |
9996 |
Any |
NetFlow |
Cisco Catalyst 9800 Series Wireless Controller |
Cisco Connected Mobile Experiences (CMX) |
UDP |
16113 |
Any |
NMSP |
Cisco Catalyst Center |
Cisco Catalyst 9800 Series Wireless Controller |
TCP |
32222 |
Any |
Device Discovery |
Cisco Catalyst Center |
Cisco Catalyst 9800 Series Wireless Controller |
TCP |
25103 |
Any |
Telemetry Subscriptions |
The following Cisco APs are supported in this release:
Table 15. Supported APs
AP type |
AP names |
Indoor Access Points
|
●
Cisco Catalyst 9105AX (I/W) Access Points
●
Cisco Catalyst 9115AX (I/E) Access Points
●
Cisco Catalyst 9117AX (I) Access Points
●
Cisco Catalyst 9120AX (I/E/P) Access Points
●
Cisco Catalyst 9130AX (I/E) Access Points
●
Cisco Catalyst 9136AX Access Points
●
Cisco Catalyst 9162 (I) Series Access Points
●
Cisco Catalyst 9164 (I) Series Access Points
●
Cisco Catalyst 9166 (I/D1) Series Access Points
●
Cisco Wireless 9172 (I) Series Wi-Fi 7 Access Points
●
Cisco Wireless 9172 (H) Series Wi-Fi 7 Access Points
●
Cisco Wireless 9176 (I/D1) Series Wi-Fi 7 Access Points
●
Cisco Wireless 9178 (I) Series Wi-Fi 7 Access Points
●
Cisco Wireless 9179
(F) Series Wi-Fi 7 Access Points
●
Cisco Aironet 1815 (I/W/M/T), 1830 (I), 1840 (I), and 1852 (I/E) Access Points
●
Cisco Aironet 1800i Access Point
●
Cisco Aironet 2800 (I/E) Series Access Points
●
Cisco Aironet 3800 (I/E/P) Series Access Points
●
Cisco Aironet 4800 (I) Series Access Points
|
Outdoor Access Points
|
●
Cisco Aironet 1540 (I/D) Series Access Points
●
Cisco Aironet 1560 (I/D/E) Series Access Points
●
Cisco Catalyst Industrial Wireless 6300 Heavy Duty Series Access Point
●
Cisco 6300 Series Embedded Services Access Point
●
Cisco Catalyst 9124AX (I/D/E) Access Points
●
Cisco Catalyst 9163 (E) Series Access Points
●
Cisco Catalyst Industrial Wireless 9167 (I/E) Heavy Duty Access Points
●
Cisco Catalyst Industrial Wireless 9165E Rugged Access Point
●
Cisco Catalyst Industrial Wireless 9165D Heavy Duty Access Point
|
Integrated Access Points |
Integrated Access Point on Cisco 1100 ISR (ISR-AP1100AC-x, ISR-AP1101AC-x, and ISR-AP1101AX-x) |
Network Sensor |
Cisco Aironet 1800s Active Sensor |
Pluggable Modules |
Cisco Wi-Fi Interface Module (WIM)
|
Supported AP channels and maximum power settings
Supported access point channels and maximum power settings on Cisco APs are compliant with the regulatory specifications of channels, maximum power levels, and antenna gains of every country in which the access points are sold. For more information about the supported access point transmission values in Cisco IOS XE software releases, see the Detailed Channels and Maximum Power Settings document at https://www.cisco.com/c/en/us/support/wireless/catalyst-9100ax-access-points/products-technical-reference-list.html.
For information about Cisco Wireless software releases that support specific Cisco AP modules, see Cisco Access Points Supported in Cisco Wireless Controller Platform Software Releases.
Cisco Wireless Controller:
For more information about the Cisco wireless controller, lightweight APs, and mesh APs, see these documents:
Cisco Wireless Solutions Software Compatibility Matrix
Cisco Catalyst 9800 Series Wireless Controller Software Configuration Guide
Cisco Catalyst 9800 Series Wireless Controller Command Reference
Cisco Catalyst 9800 Series Configuration Best Practices
In-Service Software Upgrade Matrix
Upgrading Field Programmable Hardware Devices for Cisco Catalyst 9800 Series Wireless Controllers
The installation guide for your controller is available at:
All Cisco Wireless Controller software-related documentation
Cisco Catalyst 9800 Series Wireless Controller Data Sheets:
Wireless Product Comparison:
Compare specifications of Cisco wireless APs and controllers
Wireless LAN Compliance Lookup
Cisco AireOS to Cisco Catalyst 9800 Wireless Controller Feature Comparison Matrix
Cisco Access Points–Statement of Volatility:
The STATEMENT OF VOLATILITY is an engineering document that provides information about the device, the location of its memory components, and the methods for clearing device memory. Refer to the data security policies and practices of your organization and take the necessary steps required to protect your devices or network environment.
The Cisco Aironet and Catalyst AP Statement of Volatility (SoV) documents are available on the Cisco Trust Portal.
You can search by the AP model to view the SoV document.
Cisco Prime Infrastructure:
Cisco Prime Infrastructure Documentation
Cisco Spaces:
Cisco Catalyst Center:
Cisco Catalyst Center Documentation
Product Analytics
Cisco Enterprise Networking Product Analytics Frequently Asked Questions
Communications, services, and additional information:
● To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
● To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
● To submit a service request, visit Cisco Support.
● To discover and browse secure, validated enterprise-class apps, products, solutions, and services, visit Cisco DevNet.
● To obtain general networking, training, and certification titles, visit Cisco Press.
● To find warranty information for a specific product or product family, access Cisco Warranty Finder.
Cisco Bug Search Tool (BST) is a gateway to the Cisco bug-tracking system, which maintains a comprehensive list of defects and vulnerabilities in Cisco products and software. The BST provides you with detailed defect information about your products and software.
To provide feedback about Cisco technical documentation, use the feedback form available on the right pane of every online document.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2025 Cisco Systems, Inc. All rights reserved.