Release Notes for Cisco Catalyst 9800 Series Wireless Controller, Cisco IOS XE Cupertino 17.9.x

Introduction to Cisco Catalyst 9800 Series Wireless Controllers

The Cisco Catalyst 9800 Series Wireless Controllers comprise next-generation wireless controllers (referred to as controller in this document) built for intent-based networking. The Catalyst 9800 Series Wireless Controllers are Cisco IOS XE-based and integrate the radio frequency (RF) capabilities from Cisco Aironet with the intent-based networking capabilities of Cisco IOS XE to create a best-in-class wireless experience for your organization.

The Catalyst 9800 controllers are enterprise-ready to power your business-critical operations and transform end-customer experiences:

  • The controllers come with high availability (HA) and seamless software updates that are enabled by hot and cold patching. This keeps your clients and services up and running always, both during planned and unplanned events.

  • The controllers come with built-in security, including secure boot, run-time defenses, image signing, integrity verification, and hardware authenticity.

  • The controllers can be deployed anywhere to enable wireless connectivity, for example, on an on-premise device, on cloud (public or private), or embedded on a Cisco Catalyst switch or Cisco Catalyst access point (AP).

  • The controllers can be managed using Cisco Digital Network Architecture (DNA) Center, Programmability interfaces, for example, NETCONF and YANG, web-based GUI or CLI.

  • The controllers are built on a modular operating system. Open and programmable APIs enable the automation of your day zero to day n network operations. Model-driven streaming telemetry provides deep insights into your network and client health.

The Catalyst 9800 Series controllers are available in multiple form factors to cater to your deployment options:

  • Catalyst 9800 Series Wireless Controller Appliance

  • Catalyst 9800 Series Wireless Controller for Cloud

  • Catalyst 9800 Embedded Wireless Controller for a Cisco Switch or Cisco Catalyst Wi-Fi 6 access point.


Note

All of the Cisco IOS-XE programmability-related topics on the Cisco Catalyst 9800 controllers are supported by DevNet, either through community-based support or through DevNet developer support. For more information, go to https://developer.cisco.com.


What's New in Cisco IOS XE Cupertino 17.9.1

Table 1. New and Modified Software Features

Feature Name

Description and Documentation Link

802.11r Fast Transition for SAE (FT-SAE) Authenticated Clients

From this release, the Fast Transition supports SAE-based Fast Roaming along with PMK caching.

The following command is introduced:

  • security wpa akm ft sae

For more information, see the chapter 802.11r BSS Fast Transition.

Access Points Survey Mode Support in Cisco Catalyst 9136 Series Access Points, Cisco Catalyst 9164 Series Wi-Fi 6E Access Points, and Cisco Catalyst 9166 Series Wi-Fi 6E Access Points

In this release, you can use the ap-type survey command to switch the AP to the survey mode. The AP GUI is also enhanced to support the survey mode.

This feature is supported on Cisco Catalyst 9136 Series APs, Cisco Catalyst 9164 Series Wi-Fi 6E APs, and Cisco Catalyst 9166 Series Wi-Fi 6E APs.

For more information, see the chapter Access Points Survey Mode.

Authentication and Accounting Support for Both Radius and TACACS+ Servers for Standby Unit in an SSO Pair

From this release, Authentication and Accounting is supported on RADIUS and TACACS+ servers for standby HA unit using RMI interface:

  • RADIUS Accounting

  • TACACS+ Authentication

  • TACACS+ Accounting

For more information, see the chapter Redundancy Management Interface.

BLE Concurrent Scanning and Beaconing

From this release, BLE concurrent scanning and beaconing is supported on Cisco Catalyst Wi-Fi 6 APs in basic mode or Cisco IOx mode. The BLE radio on an AP can stop a scan for beacon transmission, and return to the scan after completing the beacon transmission.

For more information, see the chapter Cisco Hyperlocation.

Chargeable User Identity in RADIUS Accounting

Chargeable User Identity (CUI) is a unique identifier for a client visiting a network. This attribute can be used as an alternative for the client’s username as part of the authentication process.

The following command is introduced:

  • access-session wireless cui-enable

For more information, see the chapter RADIUS Accounting.

Cisco AI-Enhanced RRM Supports Wi-Fi 6E

From this release, the Cisco's AI-Enhanced RRM feature in Cisco DNA Center supports Wi-Fi 6E.

For more information, see the chapter Radio Resource Management.

CleanAir Pro Scanning Support in 2.4-GHz and 5-GHz Bands

The CleanAir Pro Scanning feature monitors and reports the different categories of non-Wi-Fi interference in the 2.4-GHz and 5-GHz bands.

The following commands are introduced:

  • ap dot11 6ghz cleanair

  • ap dot11 cleanair alarm air-quality

  • ap dot11 cleanair alarm device cont-tx

  • ap dot11 cleanair alarm unclassified

For more information, see the chapter CleanAir.

Concurrent Radio Support for Workgroup Bridge Wireless Clients on Cisco Catalyst Access Points

From this release onwards, Workgroup Bridge supports one radio for uplink (backhaul) connectivity and another radio for serving wireless clients. This feature is supported on Cisco Catalyst 9105 APs, Cisco Catalyst 9115 APs, and Cisco Catalyst 9120 APs.

The following commands are introduced on the AP console:

  • configure ssid-profile ssid dtim-period

  • configure dot11Radio wlan add

  • configure dot11Radio wlan delete

  • configure dot11Radio channel

  • configure dot11Radio beacon-interval

  • configure radius address port

  • configure qos profile

  • configure ssid-profile ssid qos profile

For more information, see the chapter Workgroup Bridges.

Configuring mDNS Location-Based Filtering Using Location Group

From this release, the AP grouping for mDNS is extended to include AP locations.

The following commands are introduced:

  • wireless rule application mdns

  • group-method

For more information, see the chapter Multicast Domain Name System.

Configuring the AP Console

This feature allows you to configure the AP console from the controller.

The following command is introduced:

  • console

For more information, see the chapter Configuring the AP Console.

Flexible Radio Assignment Support in Cisco Catalyst 9166I Series Wi-Fi 6E Access Points

From this release onwards, the dual-band radio in Cisco Catalyst 9166I Series Wi-Fi 6E Access Points offers the ability to serve either in 5-GHz or 6-GHz band, as monitor or sniffer on the same AP.

The following commands are introduced:

  • ap fra 5-6ghz

  • ap fra 5-6ghz freeze

  • ap fra 5-6ghz interval

  • ap dot11 6ghz rf-profile

  • client-aware-fra

  • show ap fra 5-6ghz

For more information, see the chapter Cisco Flexible Radio Assignment.

High Availability Deployment for Application Centric Infrastructure (ACI) Network

This feature avoids interleaving traffic between the old and new active controller using the following functionalities:

  • Bringing down the Wireless Management Interface (WMI) faster.

  • Disabling fast switchover notifications.

The following commands are introduced:

  • no redun-management fast-switchover

  • redun-management garp-retransmit burst

  • no redun-management garp-retransmit initial

For more information, see the chapter High Availability.

Interim Accounting

From this release, the no accounting-interim command is introduced under the policy profile to disable interim accounting.

For more information, see the chapter Interim Accounting.

Link Layer Discovery Protocol Support in Standby Controller

From this release, the Link Layer Discovery Protocol (LLDP) process is supported in both active and standby controllers.

The following commands are introduced:

  • lldp run

  • lldp holdtime

  • lldp reinit

  • lldp timer

  • lldp tlv-select

  • show lldp

  • show lldp neighbors

  • show lldp neighbors detail

  • show lldp errors

  • show lldp traffic

For more information, see the chapter Link Layer Discovery Protocol.

Logging Web UI-Based Configuration Changes in TACACS+ Server

This feature logs all the configuration changes made in the controller's UI.

For more information, see the chapter Web UI Configuration Command Accounting in TACACS+ Server.

Management Mode Migration in Cisco Catalyst 916x Series Wi-Fi 6E Access Points (CW9164 and CW9166)

From this release onwards, in Cisco Catalyst 916x APs (CW9164 and CW9166) you can migrate management modes between DNA Management Mode (controller based) and Meraki Management Mode, depending on the requirement.

The following commands are introduced:

  • ap name persona meraki

  • clear ap meraki stats

  • show ap persona meraki capability summary

  • show ap persona meraki failure summary

  • show ap persona meraki change summary

For more information, see the chapter Management Mode Migration in Cisco Catalyst 916x Series Wi-Fi 6E Access Points.

Mesh Backhaul RRM Support

From this release onwards, RRM DCA runs on mesh backhaul in auto mode, when you configure the wireless mesh backhaul rrm auto-dca command. For APs that do not have dedicated (RHL) radios, DCA is triggered by running commands in privileged EXEC mode. Mesh RRM DCA runs in the background for RHL radio enabled APs.

The following commands are introduced:

  • ap dot11 rrm channel-update mesh

  • ap dot11 rrm channel-update mesh bridge-group

  • ap name dot11 rrm channel update mesh

  • show wireless mesh rrm dca status

  • wireless mesh backhaul rrm auto-dca

For more information, see the chapter Mesh Access Points.

Mutual Authentication for gRPC Telemetry

A new gRPC TLS profile that contains a pair of trustpoints was added to the telemetry configuration so that a client ID certificate can be specified for mutual authentication. This new profile can be used instead of the trustpoint containing the server CA certificate when configuring the receiver profile. The trustpoint containing the server CA certificate is now configured as part of the gRPC TLS profile.

For more information, see the Programmability Configuration Guide.

Quality of Service Gaps and Fixes in Cisco Catalyst 9800 Series Wireless Controllers

This feature addresses the gaps in the existing metal policy implementation with reference to RFC 8325.

With this enhancement, the existing hard-coded policy-maps and class-maps associated with each metal policy is modified as per RFC 8325, so that upstream and downstream ceiling is achieved.

For more information, see the chapter Quality of Service.

Regulatory Domain Reduction

From Cisco IOS XE Cupertino 17.9.1, more countries are added to the Rest of the World (RoW) domain.

For more information, see the chapter Regulatory Compliance Domain.

Rogue Detection Enhancements on Cisco Catalyst 9164 and 9166 Series Wi-Fi 6E Access Points

In this release, the rogue detection and containment functionality is enhanced to handle dual 5-GHz configuration on Cisco Catalyst 9164 Series Wi-Fi 6E APs and Cisco Catalyst 9166 Series Wi-Fi 6E APs.

Rogue Full Scale Quotas and Priorities

The Rogue Full Scale Quotas and Priorities feature helps you to improve the scalability, performance, manageability, and serviceability of rogue APs.

The following commands are introduced:

  • wireless wps rogue scale quota

  • wireless wps rogue scale priority

  • wireless wps rogue scale mode hybrid

For more information, see the chapter Managing Rogue Devices.

Site-Based Rolling AP Upgrade in N+1 Networks

The Site-Based Rolling AP Upgrade in an N+1 Network feature allows you to perform a staggered upgrade of APs in each site in an N+1 deployment.

The following commands are introduced:

  • ap upgrade staggered iteration completion

  • ap upgrade staggered iteration error

  • ap upgrade staggered iteration timeout

  • show ap upgrade site

For more information, see the chapter Site-Based Rolling AP Upgrade in an N+1 Network.

Site-Based Rolling AP Upgrade using Netconf/YANG Models

From Cisco IOS XE Cupertino 17.9.1, you can use NETCONF/YANG models to configure site-based APSP and N+1 hitless software upgrade.

For more information, see the Programmability Configuration Guide at: https://www.cisco.com/c/en/us/support/ios-nx-os-software/ios-xe-17/products-installation-and-configuration-guides-list.html

For more information on the YANG models, see the Cisco IOS XE Programmability Configuration Guide and YANG Data Models on Github at: https://github.com/YangModels/yang/tree/master/vendor/cisco/xe.

You can contact the Developer Support Community for NETCONF/YANG features at:

https://developer.cisco.com/

Support 6-GHz radio for Canada

In this release, Canada (CA) is added to the list of countries supporting 802.11 6-GHz radio band.

Support for Cisco Catalyst 9164I Series Wi-Fi 6E Access Points and Cisco Catalyst 9166I Series Wi-Fi 6E Access Points

From this release onwards, Cisco Catalyst 9164I Series Wi-Fi 6E Access Points and Cisco Catalyst 9166I Series Wi-Fi 6E Access Points are supported.

Support for RFC 5580 Location Attributes in the Controller

This feature uses the RFC 5580 location attributes to convey location-related information for authentication and accounting exchanges.

The following commands are introduced:

  • radius-server attribute wireless location delivery out-of-band

  • location civic-location identifier

  • location geo-location identifier

  • location operator identifier

  • location civic-location-id

  • location geo-location-id

  • location operator-id

  • radius-server attribute wireless location civic-location-id

  • radius-server attribute wireless location geo-location-id

  • radius-server attribute wireless location operator-id

For more information, see the chapter Configuring RFC 5580 Location Attributes.

VLAN Group to Support DHCP and Static IP Clients

The VLAN Group to Support DHCP and Static IP Clients feature aims to handle the network access of clients whose static IP address is not a part of the VLAN's IP list.

For more information, see the chapter VLAN Groups.

Walkme for Usage and Troubleshooting

The following new workflows have been implemented:

  • AP Join troubleshooting: A collection of workflows that takes you through various troubleshooting commands to find out why AP join has failed.

  • FlexConnect workflow: A collection of workflows that show how to configure FlexConnect.

Wireless Rogue Channel Width Support

In this release, the Wireless Rogue Channel Width feature is supported.

Rogue channel width changes are implemented at the TDL level. Because the telemetry child table cannot be accessed by Cisco DNA Center because of the TDL limitation, all radio band information is now available in the top-level table. Telemetry data can be validated through the SSH Netconf console to check the correct radio band with channel width values.

Table 2. New and Modified GUI Features

Feature Name

GUI Path

802.11r Fast Transition for SAE Authenticated Clients

  • Configuration > Tags & Profiles > WLANs

Additional Client Information on Client 360 View

  • Monitoring > Wireless > Clients > 360

Configuring the AP Console

  • Configuration > Tags & Profiles > AP Join

Flexible Radio Assignment Support in Cisco Catalyst 9166I Series Wi-Fi 6E Access Points

  • Configuration > Radio Configurations > RRM > FRA

Management Mode Migration in Cisco Catalyst 916x Series Wi-Fi 6E Access Points (CW9164 and CW9166)

  • Configuration > Wireless > Change to Meraki Persona

Site-based Rolling AP Upgrade in N+1 Networks

  • Administration > Software Management

MIBs

The following MIBs are newly added or modified:

  • AIRESPACE-WIRELESS-MIB

  • CISCO-LWAPP-AP-MIB

  • CISCO-LWAPP-MOBILITY-MIB

  • CISCO-LWAPP-RF-MIB

  • CISCO-LWAPP-RRM-MIB

  • CISCO-LWAPP-SI-MIB

  • CISCO-LWAPP-TAGS-MIB

  • CISCO-LWAPP-WLAN-MIB

  • CISCO-LWAPP-WLAN-SECURITY-MIB

Behavior Changes

  • The Cisco Centralized Key Management (CCKM) feature is being deprecated from Cisco IOS XE Dublin 17.10.x.

  • The J2 country code is not supported for Japan. Use J4 as country code for Japan, instead of J2.

  • The following commands are effective only in service-peer mode:

    For information on service-peer, see the Understanding Local Area Bonjour for Wireless FlexConnect Mode section in the chapter Configuring Local Area Bonjour for Wireless FlexConnect Mode.

    • query-response

    • sdg-agent

    • service-announcement-count

    • service-announcement-timer

    • service-mdns-query

    • service-query-count

    • service-query-timer

    • service-receiver-purge

    • active-response

  • If wireless multicast is disabled in service-peer mode, the mDNS packets are sent to each CAPWAP interface. If wireless multicast and multicast tunnel are enabled, the mDNS packets are sent over multicast tunnel.

  • The install commands cannot be executed if there is any unsaved configuration with or without the prompt-level option.

  • If location is not specified in the service policy, the location is considered from the global mDNS gateway. By default, the global mDNS gateway location is defined as lss .

  • When country is configured in the AP profile, you cannot override it using the per-AP country configuration.

  • You cannot see 802.1x passwords in cleartext from this release because they are encrypted. If you downgrade to an earlier image that doesn't support an encrypted password, disable 802.1x on the AP switch port to allow the AP to join the controller before setting the cleartext password.

  • The output of the following show commands are updated:

    • show ap dot11 cleanair device type

    • show ap name dot11 cleanair device

    • show ap dot11 5ghz SI device type

    • show ap name dot11 SI device

  • The following commands are introduced:

    • ap name dot11 24ghz cleanair

    • ap name dot11 5ghz cleanair

    • ap name dot11 6ghz cleanair

    The following commands are deprecated:

    • ap name dot11 24ghz slot cleanair

    • ap name dot11 5ghz slot cleanair

    • ap name dot11 dual-band cleanair band

    • ap name dot11 ap name dot11 dual-band slot cleanair band

    • ap name dot11 dual-band cleanair band

    • ap name dot11 ap name dot11 dual-band slot cleanair band

    • ap name dot11 ap name dot11 dual-band slot cleanair

    • ap name dot11 rx-dual-band slot cleanair band

    • ap name dot11 rx-dual-band slot cleanair

  • Information on FIPS is added to the output of the AP show security system state command.

  • Device analytics reports are cached for five minutes before they are made available through the show wireless client mac stats pc-analytics command.

  • TLS 1.3 is supported for HTTPS communication on web administration from this release onwards.

Interactive Help

The Cisco Catalyst 9800 Series Wireless Controller GUI features an interactive help that walks you through the GUI and guides you through complex configurations.

You can start the interactive help in the following ways:

  • By hovering your cursor over the blue flap at the right-hand corner of a window in the GUI and clicking Interactive Help.

  • By clicking Walk-me Thru in the left pane of a window in the GUI.

  • By clicking Show me How that is displayed in various parts of the GUI. Clicking Show me How triggers a specific interactive help that is relevant to the context you are in.

    For instance, Show me How in Configure > AAA walks you through the various steps for configuring a RADIUS server. Choose Configuration> Wireless Setup > Advanced and click Show me How to trigger the interactive help that walks you through the steps relating to various kinds of authentication.

The following features have an associated interactive help:

  • Configuring AAA

  • Configuring FlexConnect Authentication

  • Configuring 802.1x Authentication

  • Configuring Local Web Authentication

  • Configuring OpenRoaming

  • Configuring Mesh APs


Note

If the WalkMe launcher is unavailable on Safari, modify the settings as follows:

  1. Navigate to Preferences > Privacy.

  2. In the Website tracking section, uncheck the check box to disable Prevent cross-site tracking.

  3. On the Cookies and website data section, uncheck the check box to disable Block all cookies.


Supported Hardware

The following table lists the supported virtual and hardware platforms. (See Supported PIDs and Ports for the list of supported modules.)

Table 3. Supported Virtual and Hardware Platforms

Platform

Description

Cisco Catalyst 9800-80 Wireless Controller

A modular wireless controller with up to 100-GE modular uplinks and seamless software updates.

The controller occupies a 2-rack unit space and supports multiple module uplinks.

Cisco Catalyst 9800-40 Wireless Controller

A fixed wireless controller with seamless software updates for mid-size to large enterprises.

The controller occupies a 1-rack unit space and provides four 1-GE or 10-GE uplink ports.

Cisco Catalyst 9800-L Wireless Controller

The Cisco Catalyst 9800-L Wireless Controller is the first low-end controller that provides a significant boost in performance and features.

Cisco Catalyst 9800 Wireless Controller for Cloud

A virtual form factor of the Catalyst 9800 Wireless Controller that can be deployed in a private cloud (supports ESXi, KVM, Microsoft Hyper-V, and NFVIS on ENCS hypervisors), or in the public cloud as Infrastructure as a Service (IaaS) in Amazon Web Services (AWS), Google Cloud Platform (GCP) marketplace, and Microsoft Azure.

Cisco Catalyst 9800 Embedded Wireless Controller for Switch

The Catalyst 9800 Wireless Controller software for the Cisco Catalyst 9000 switches bring the wired and wireless infrastructure together with consistent policy and management.

This deployment model supports only SD Access, which is a highly secure solution for small campuses and distributed branches.

The following table lists the host environments supported for private and public cloud.

Table 4. Supported Host Environments for Public and Private Cloud

Host Environment

Software Version

VMware ESXi

  • VMware ESXi vSphere 6.0, 6.5, 6.7, and 7.0

  • VMware ESXi vCenter 6.0, 6.5, 6.7, and 7.0

KVM

  • Linux KVM-based on Red Hat Enterprise Linux 7.6, 7.8, and 8.2

  • Ubuntu 16.04.5 LTS, Ubuntu 18.04.5 LTS, Ubuntu 20.04.5 LTS

AWS

AWS EC2 platform

NFVIS

ENCS 3.8.1 and 3.9.1

GCP

GCP marketplace

Microsoft Hyper-V

Windows 2019 Server and Windows Server 2016 (Version 1607) with Hyper-V Manager (Version 10.0.14393)

Microsoft Azure

Microsoft Azure

The following table lists the supported Cisco Catalyst 9800 Series Wireless Controller hardware models.

The base PIDs are the model numbers of the controller.

The bundled PIDs indicate the orderable part numbers for the base PIDs that are bundled with a particular network module. Running the show version , show module , or show inventory command on such a controller (bundled PID) displays its base PID.

Note that unsupported SFPs will bring down a port. Only Cisco-supported SFPs (GLC-LH-SMD and GLC-SX-MMD) should be used on the route processor (RP) ports of C9800-80-K9 and C9800-40-K9.

Table 5. Supported PIDs and Ports

Controller Model

Description

C9800-CL-K9

Cisco Catalyst Wireless Controller as an infrastructure for cloud.

C9800-80-K9

Eight 1/10-Gigabit Ethernet SFP or SFP+ ports and two power supply slots.

C9800-40-K9

Four 1/10-Gigabit Ethernet SFP or SFP+ ports and two power supply slots.

C9800-L-C-K9

  • 4x2.5/1-Gigabit ports

  • 2x10/5/2.5/1-Gigabit ports

C9800-L-F-K9

  • 4x2.5/1-Gigabit ports

  • 2x10/1-Gigabit ports

The following table lists the supported SFP models.

Table 6. Supported SFPs

SFP Name

C9800-80-K9

C9800-40-K9

C9800-L-C-K9

C9800-L-F-K9

DWDM-SFP10G-30.33

Supported

Supported

DWDM-SFP10G-61.41

Supported

Supported

FINISAR-LR – FTLX1471D3BCL

1

Supported

Supported

Supported

FINISAR-SR – FTLX8574D3BCL

Supported

Supported

Supported

GLC-BX-D

Supported

Supported

Supported

Supported

GLC-BX-U

Supported

Supported

Supported

Supported

GLC-EX-SMD

Supported

Supported

GLC-LH-SMD

Supported

Supported

Supported

GLC-SX-MMD

Supported

Supported

Supported

Supported

GLC-T

Supported

Supported

GLC-TE

Supported

Supported

Supported

Supported

GLC-ZX-SMD

Supported

Supported

Supported

Supported

QSFP-100G-LR4-S

Supported

QSFP-100G-SR4-S

Supported

QSFP-40G-BD-RX

Supported

QSFP-40G-ER4

Supported

QSFP-40G-LR4

Supported

QSFP-40G-LR4-S

Supported

QSFP-40G-SR4

Supported

QSFP-40G-SR4-S

Supported

QSFP-40GE-LR4

Supported

SFP-10G-AOC10M

Supported

Supported

SFP-10G-AOC1M

Supported

Supported

SFP-10G-AOC2M

Supported

Supported

SFP-10G-AOC3M

Supported

Supported

SFP-10G-AOC5M

Supported

Supported

SFP-10G-AOC7M

Supported

Supported

SFP-10G-ER

Supported

Supported

SFP-10G-LR

Supported

Supported

Supported

SFP-10G-LR-S

Supported

Supported

SFP-10G-LR-X

Supported

Supported

Supported

SFP-10G-LRM

Supported

Supported

Supported

SFP-10G-SR

Supported

Supported

Supported

SFP-10G-SR-S

Supported

Supported

Supported

SFP-10G-SR-X

Supported

Supported

Supported

SFP-10G-ZR

Supported

Supported

SFP-H10GB-ACU10M

Supported

Supported

SFP-H10GB-ACU7M

Supported

Supported

SFP-H10GB-CU1.5M

Supported

Supported

Supported

SFP-H10GB-CU1M

Supported

Supported

Supported

SFP-H10GB-CU2.5M

Supported

Supported

Supported

SFP-H10GB-CU2M

Supported

Supported

Supported

SFP-H10GB-CU3M

Supported

Supported

Supported

SFP-H10GB-CU5M

Supported

Supported

Supported

1 The FINISAR SFPs are not Cisco specific and some of the features, such as DOM, may not work properly.

Optics Modules

The Cisco Catalyst 9800 Series Wireless Controller supports a wide range of optics. The list of supported optics is updated on a regular basis. See the tables at the following location for the latest transceiver module compatibility information:

https://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html

Network Protocols and Port Matrix

Table 7. Cisco Catalyst 9800 Series Wireless Controller - Network Protocols and Port Matrix

Source

Destination

Protocol

Destination Port

Source Port

Description

AP

Cisco Catalyst 9800 Series Wireless Controller

UDP

5246

Any

CAPWAP Control

AP

Cisco Catalyst 9800 Series Wireless Controller

UDP

5247

Any

CAPWAP Data

AP

Cisco Catalyst 9800 Series Wireless Controller

UDP

5248

Any

CAPWAP MCAST

Cisco Catalyst 9800 Series Wireless Controller

Cisco Catalyst 9800 Series Wireless Controller

UDP

16666

16666

Mobility Control

Cisco Catalyst 9800 Series Wireless Controller

Cisco Catalyst 9800 Series Wireless Controller

UDP

16667

16667

Mobility Data

Any

Cisco Catalyst 9800 Series Wireless Controller

TCP

22

Any

SSH

Any

Cisco Catalyst 9800 Series Wireless Controller

TCP

23

Any

Telnet

Any

Cisco Catalyst 9800 Series Wireless Controller

TCP

80

Any

HTTP

Any

Cisco Catalyst 9800 Series Wireless Controller

TCP

443

Any

HTTPS

Cisco Catalyst 9800 Series Wireless Controller

SNMP

UDP

162

Any

SNMP Trap

Any

Cisco Catalyst 9800 Series Wireless Controller

UDP

161

Any

SNMP Agent

Cisco Catalyst 9800 Series Wireless Controller

RADIUS

UDP

1812/1645

Any

RADIUS Auth

Cisco Catalyst 9800 Series Wireless Controller

RADIUS

UDP

1813/1646

Any

RADIUS ACCT

Cisco Catalyst 9800 Series Wireless Controller

TACACS+

TCP

49

Any

TACACS+

Any

Any

UDP

5353

5353

mDNS

Any

Cisco Catalyst 9800 Series Wireless Controller

UDP

69

69

TFTP

Cisco Catalyst 9800 Series Wireless Controller

Cisco Catalyst 9800 Series Wireless Controller

UDP

16667

16667

Mobility

Cisco Catalyst 9800 Series Wireless Controller

NTP Server

UDP

123

Any

NTP

Cisco Catalyst 9800 Series Wireless Controller

Syslog Server

UDP

514

Any

SYSLOG

Any

DNS Server

UDP

53

Any

DNS

Cisco Catalyst 9800 Series Wireless Controller

NetFlow Server

UDP

9996

Any

NetFlow

Any

Cisco Catalyst 9800 Series Wireless Controller

TCP

830

Any

NetConf

Cisco DNA Center

Cisco Catalyst 9800 Series Wireless Controller

TCP

32222

Any

Device Discovery

Any

Cisco Catalyst 9800 Series Wireless Controller

TCP

443

Any

REST API

Cisco Catalyst 9800 Series Wireless Controller

Cisco Connected Mobile Experiences (CMX)

UDP

16113

Any

NMSP

AP

AP

UDP

16670

Any

Client Policies (AP-AP)

Supported APs

The following Cisco APs are supported in this release.

Indoor Access Points

  • Cisco Catalyst 9105AX Access Points

  • Cisco Catalyst 9115AX Access Points

  • Cisco Catalyst 9117AX Access Points

  • Cisco Catalyst 9120AX-i Access Points (VID 06 or earlier)

  • Cisco Catalyst 9120AX-e Access Points (VID 06 or earlier) - supported from 16.12.2s

  • Cisco Catalyst 9120AX-p Access Points - supported from 16.12.2s

  • Cisco Catalyst 9130AX-i Access Points (VID 02 or earlier) - supported from 16.12.2s

    For information about Cisco Catalyst 9120 or 9130 Access Points support, see the Field Notice 72424.

  • Cisco Catalyst 9136 Access Points

  • Cisco Catalyst 9164 Series Access Points

  • Cisco Catalyst 9166 Series Access Points

  • Cisco Aironet 1800I, 1815, 1830, 1840, and 1850 Access Points

  • Cisco Aironet 2800 Series Access Points

  • Cisco Aironet 3800 Series Access Points

  • Cisco Aironet 4800 Series Access Points

Outdoor Access Points

  • Cisco Aironet 1540 Series Access Points

  • Cisco Aironet 1560 Series Access Points

  • Cisco Industrial Wireless 3700 Series Access Points

  • Cisco Catalyst Industrial Wireless 6300 Heavy Duty Series Access Point

  • Cisco 6300 Series Embedded Services Access Point

  • Cisco Catalyst 9124AX (I/D/E) Access Points

Integrated Access Points

  • Integrated Access Point on Cisco 1100 ISR (ISR-AP1100AC-x, ISR-AP1101AC-x, and ISR-AP1101AX-x)

Network Sensor

  • Cisco Aironet 1800s Active Sensor

Pluggable Modules

  • Wi-Fi 6 Pluggable Module for Industrial Routers

For information about Cisco Wireless software releases that support specific Cisco AP modules, see the "Software Release Support for Specific Access Point Modules" section in the Cisco Wireless Solutions Software Compatibility Matrix document.

Compatibility Matrix

The following table provides software compatibility information.

Table 8. Compatibility Information

Cisco Catalyst 9800 Series Wireless Controller Software

Cisco Identity Services Engine

Cisco Prime Infrastructure

Cisco AireOS-IRCM Interoperability

Cisco DNA Center

Cisco DNA Spaces - Connector

Cisco DNA Spaces - On Premise

Cupertino 17.9.x

3.0

2.7

2.6

2.4

3.10 MR1

8.10.171.0

8.10.162.0

8.10.151.0

8.10.142.0

8.10.130.0

8.8.130.0

8.5.176.2

8.5.182.104

See Cisco DNA Center Compatibility Information

2.3.1

2.3

2.2

10.6.3

GUI System Requirements

The following subsections list the hardware and software required to access the Cisco Catalyst 9800 Controller GUI:

Table 9. Hardware Requirements

Processor Speed

DRAM

Number of Colors

Resolution

Font Size

233 MHz minimum2

512 MB3

256

1280 x 800 or higher

Small

2 We recommend 1 GHz.
3 We recommend 1-GB DRAM.

Software Requirements

Operating Systems:

  • Windows 7 or later

  • Mac OS X 10.11 or later

Browsers:

  • Google Chrome: Version 59 or later (on Windows and Mac)

  • Microsoft Edge: Version 40 or later (on Windows)

  • Safari: Version 10 or later (on Mac)

  • Mozilla Firefox: Version 60 or later (on Windows and Mac)


Note

Firefox Version 63.x is not supported.


To configure VLAN through the GUI, you must change the Virtual Terminal (VTY) lines to 50. At times, when multiple connections are open, the default VTY lines of 15, which is set by the device, gets exhausted.

To increase the VTY lines in a device, run the following commands:

  • device# configure terminal

  • device(config)# service tcp-keepalives-in

  • device(config)# service tcp-keepalives-out

  • device(config)# line vty 50

Before You Upgrade

Ensure that you familiarize yourself with the following points before proceeding with the upgrade:

  • You may observe a high Confd CPU when full synchronization occurs between NETCONF datastore and Cisco IOS configuration. This behavior is normal and is triggered by the line vty command.

  • From Cisco IOS XE Cupertino 17.7.1 onwards, for Cisco Catalyst 9800-CL Wireless Controller, ensure that you complete RUM reporting and ensure that the ACK is made available on the product instance at least once. This is to ensure that correct and up-to-date usage information is reflected in the CSSM.

    The show license air entities command is modified.

  • From Cisco IOS XE Amsterdam 17.3.1 onwards, Cisco Catalyst 9800-CL Wireless Controller requires 16 GB of disk space for new deployments.

    If you are upgrading to Cisco IOS XE Amsterdam 17.3.x from a previous release, resizing of disk space is not supported. If the current disk space is lesser than 16 GB, you need to redeploy the VM to meet the new disk space requirements.

  • Fragmentation lower than 1500 is not supported for RADIUS packets generated by wireless clients in Gi0 (OOB) interface.

  • Cisco IOS XE allows you to encrypt all the passwords used on the device. This includes user passwords and SSID passwords (PSK). For more information, see the Password Encryption section of the Cisco Catalyst 9800 Series Configuration Best Practices document.

  • Controller upgrade from Cisco IOS XE Bengaluru 17.3.x to any release using ISSU may fail if the snmp-server enable traps hsrp command is configured. Ensure that you remove the snmp-server enable traps hsrp command from the configuration before starting an ISSU upgrade because the snmp-server enable traps hsrp command is removed from Cisco IOS XE Bengaluru 17.4.x.

  • During controller upgrade or reboot, if route processor ports are connected to any Cisco switch, ensure that the route processor ports are not flapped (shut/no shut process). Otherwise, it may lead to a kernel crash.

  • While upgrading to Cisco IOS XE 17.3.x and later releases, if the ip http active-session-modules none command is enabled, you will not be able to access the controller GUI using HTTPS. To access the GUI using HTTPS, run the following commands:

    • ip http session-module-list pkilist OPENRESTY_PKI

    • ip http active-session-modules pkilist

  • Cisco Aironet 1815T OfficeExtend Access Point will be in local mode when connected to the controller. However, when it functions as a standalone AP, it gets converted to FlexConnect mode.

  • The Cisco Catalyst 9800-L Wireless Controller may fail to respond to the BREAK signals received on its console port during boot time, preventing users from getting to the ROMMON. This problem is observed on the controllers manufactured until November 2019, with the default config-register setting of 0x2102. This problem can be avoided if you set config-register to 0x2002. This problem is fixed in the 16.12(3r) ROMMON for Cisco Catalyst 9800-L Wireless Controller. For information about how to upgrade the ROMMON, see the "Upgrading ROMMON for Cisco Catalyst 9800-L Wireless Controllers" section of the Upgrading Field Programmable Hardware Devices for Cisco Catalyst 9800 Series Wireless Controllers document.

  • By default, the controller uses a TFTP block size value of 512, which is the lowest possible value. This default setting is used to ensure interoperability with legacy TFTP servers. However, you can manually change the block size value to 8192 using the ip tftp blocksize command in global configuration mode to speed up the transfer process.

  • We recommend that you configure the password encryption aes and the key config-key password-encrypt key commands to encrypt your password.

  • If the following error message is displayed after a reboot or system crash, we recommend that you regenerate the trustpoint certificate:
     ERR_SSL_VERSION_OR_CIPHER_MISMATCH

    Use the following commands to generate a new self-signed trustpoint certificate:

  • configure terminal

  • no crypto pki trustpoint trustpoint_name

  • no ip http server

  • no ip http secure-server

  • ip http server

  • ip http secure-server

  • p http authentication local/aaa

  • Do not deploy OVA files directly to VMware ESXi 6.5. We recommend that you use an OVF tool to deploy the OVA files.

  • Ensure that you remove the controller from Cisco Prime Infrastructure before disabling or enabling Netconf-YANG. Otherwise, the system may reload unexpectedly.

  • Unidirectional Link Detection (UDLD) protocol is not supported.

  • SIP media session snooping is not supported on FlexConnect local switching deployments.

  • Rolling AP upgrade, which is a part of the ISSU feature, is not supported for mesh APs.

  • The Cisco Catalyst 9800 Series Wireless Controllers (C9800-CL, C9800-L, C9800-40, and C9800-80) support a maximum of 14,000 leases with internal DHCP scope.

  • Configuring the mobility MAC address using the wireless mobility mac-address command is mandatory for both HA and 802.11r.

  • From Cisco IOS XE Gibraltar 16.12.2s, automatic WLAN mapping to the default policy profile under the default policy tag is removed. If you are upgrading from a release earlier than Cisco IOS XE Gibraltar 16.12.2s, and if your wireless network uses the default policy tag, the network will go down because of the default mapping change. To restore the network operation, add the required WLAN to the policy mappings under the default policy tag.

  • If you have Cisco Catalyst 9120E/I/P and Cisco Catalyst 9130E APs in your network and you want to downgrade to an earlier version, we recommend that you use only Cisco IOS XE Gibraltar 16.12.1t. Do not downgrade to Cisco IOS XE Gibraltar 16.12.1s.

  • The following SNMP variables are not supported:

    • CISCO-LWAPP-WLAN-MIB: cLWlanMdnsMode

    • CISCO-LWAPP-AP-MIB.my: cLApDot11IfRptncPresent, cLApDot11IfDartPresent

  • If you are upgrading from Cisco IOS XE Gibraltar 16.11.x or an earlier release, ensure that you unconfigure the advipservices boot-level licenses on both the active and standby controllers using the no license boot level advipservices command before the upgrade. Note that the license boot level advipservices command is not available in Cisco IOS XE Gibraltar 16.12.1s and 16.12.2s.

  • The following protocols and features are supported through the management port of the controller:

    • Cisco DNA Center

    • Cisco Smart Software Manager

    • NETCONF

    • NetFlow

    • Cisco Prime Infrastructure

    • Secure Shell

    • Telnet

    • Controller GUI

  • The Cisco Catalyst 9800 Series Wireless Controller has a service port that is referred to as GigabitEthernet 0 port.

    The service port supports only the following IP protocols:

    • DNS

    • File transfer

    • GNMI

    • HTTP

    • HTTPS

    • LDAP

    • Licensing for Smart Licensing feature to communicate with CSSM

    • Netconf

    • NetFlow

    • NTP

    • RADIUS (including CoA)

    • Restconf

    • SNMP

    • SSH

    • SYSLOG

    • TACACS

  • During device upgrade using GUI, if a switchover occurs, the session expires and the upgrade process gets terminated. As a result, the GUI cannot display the upgrade state or status.

  • From Cisco IOS XE Bengaluru Release 17.4.1 onwards, the telemetry solution provides a name for the receiver address instead of the IP address for telemetry data. This is an additional option. During the controller downgrade and subsequent upgrade, there is likely to be an issue—the upgrade version uses the newly named receivers, and these are not recognized in the downgrade. The new configuration gets rejected and fails in the subsequent upgrade. Configuration loss can be avoided when the upgrade or downgrade is performed from Cisco DNA Centre.

  • The Cisco Catalyst 9800 Wireless Controller might reload if downgraded from 17.x to 16.12.4a. To avoid this, we recommend that you downgrade to Cisco IOS XE Gibraltar 16.12.5 instead of 16.12.4a.

  • Do not use more than 31 characters for AP names. If the AP name is 32 characters or more, a controller crash might occur.

  • Communication between Cisco Catalyst 9800 and Cisco Prime Infrastructure uses different ports:

    • All the configurations and templates available in Cisco Prime Infrastructure are pushed through SNMP and CLI, using UDP port 161.

    • Operational data for controller is obtained over SNMP, using UDP port 162.

    • AP and client operational data leverage streaming telemetry.

      • Cisco Prime Infrastructure to controller: TCP port 830 is used by Cisco Prime Infrastructure to push the telemetry configuration to the controller (using NETCONF).

      • Controller to Cisco Prime Infrastructure: TCP port 20828 is used for Cisco IOS-XE 16.10.x and 16.11.x, and TCP port 20830 is used for Cisco IOS-XE 16.12x, 17.1.x and later releases.

Upgrade Path to Cisco IOS XE Cupertino 17.9.x

Table 10. Upgrade Path to Cisco IOS XE Cupertino 17.9.x

Current Software

Upgrade Path for Deployments with 9130 or 9124

Upgrade Path for Deployments Without 9130 or 9124

16.10.x

Upgrade first to 16.12.5 or 17.3.x and then to 17.9.x.

16.11.x

Upgrade first to 16.12.5 or 17.3.x and then to 17.9.x.

16.12.x

Upgrade first to 17.3.5 or 17.6.x or later and then to 17.9.x.

Upgrade first to 17.3.5 or 17.6.x or later and then to 17.9.x.

17.1.x

Upgrade first to 17.3.5 or 17.6.x or later and then to 17.9.x.

Upgrade first to 17.3.5 or 17.6.x or later and then to 17.9.x.

17.2.x

Upgrade first to 17.3.5 or 17.6.x or later and then to 17.9.x.

Upgrade first to 17.3.5 or 17.6.x or later and then to 17.9.x.

17.3.1 to 17.3.4

Upgrade first to 17.3.5 or 17.6.x or later and then to 17.9.x.

Upgrade first to 17.3.5 or 17.6.x or later and then to 17.9.x.

17.3.4c or later

Upgrade directly to 17.9.x.

Upgrade directly to 17.9.x.

17.4.x

Upgrade first to 17.6.x and then to 17.9.x.

Upgrade first to 17.6.x and then to 17.9.x.

17.5.x

Upgrade first to 17.6.x and then to 17.9.x.

Upgrade first to 17.6.x and then to 17.9.x.

17.6.x

Upgrade directly to 17.9.x.

Upgrade directly to 17.9.x.

17.7.x

Upgrade first to 17.3.5 and then to 17.9.x.

Upgrade directly to 17.9.x.

17.8.x

Upgrade first to 17.3.5 and then to 17.9.x.

Upgrade directly to 17.9.x.

Upgrading the Controller Software

This section describes the various aspects of upgrading the controller software.

Finding the Software Version

The package files for the Cisco IOS XE software are stored in the system board flash device (flash:).

Use the show version privileged EXEC command to see the software version that is running on your controller.


Note

Although the show version output always shows the software image running on the controller, the model name shown at the end of the output is the factory configuration, and does not change if you upgrade the software license.

Use the show install summary privileged EXEC command to see the information about the active package.

Use the dir filesystem: privileged EXEC command to see the directory names of other software images that you have stored in flash memory.

Software Images

  • Release: Cisco IOS XE Cupertino 17.9.x

  • Image Names (9800-80, 9800-40, and 9800-L):

    • C9800-80-universalk9_wlc.17.09.x.SPA.bin

    • C9800-40-universalk9_wlc.17.09.x.SPA.bin

    • C9800-L-universalk9_wlc.17.09.x.SPA.bin

  • Image Names (9800-CL):

    • Cloud: C9800-CL-universalk9.17.09.x.SPA.bin

    • Hyper-V/ESXi/KVM: C9800-CL-universalk9.17.09.x.iso, C9800-CL-universalk9.17.09.x.ova

    • KVM: C9800-CL-universalk9.17.09.x.qcow2

    • NFVIS: C9800-CL-universalk9.17.09.x.tar.gz

Software Installation Commands

Cisco IOS XE, Cupertino, 17.9.x

To install and activate a specified file, and to commit changes to be persistent across reloads, run the following command:

device# install add file filename [ activate| commit]

To separately install, activate, commit, end, or remove the installation file, run the following command:

device# install ?

Note 

We recommend that you use the GUI for installation.

add file tftp: filename

Copies the install file package from a remote location to a device, and performs a compatibility check for the platform and image versions.

activate[ auto-abort-timer]

Activates the file and reloads the device. The auto-abort-timer keyword automatically rolls back image activation.

commit

Makes changes that are persistent over reloads.

rollback to committed

Rolls back the update to the last committed version.

abort

Cancels file activation, and rolls back to the version that was running before the current installation procedure started.

remove

Deletes all unused and inactive software installation files.

Interoperability with Clients

This section describes the interoperability of the controller software with client devices.

The following table lists the configurations used for testing client devices.

Table 11. Test Configuration for Interoperability

Hardware or Software Parameter

Hardware or Software Type

Release

Cisco IOS XE, Cupertino, 17.9.x

Cisco Wireless Controller

See Supported Hardware.

Access Points

See Supported APs.

Radio

  • 802.11ax

  • 802.11ac

  • 802.11a

  • 802.11g

  • 802.11n

  • 802.11ax in 6GHz (Wi-Fi 6E)

Security

Open, PSK (WPA2-AES), 802.1X (WPA2-AES) (EAP-FAST, EAP-TLS)

802.11ax

RADIUS

See Compatibility Matrix

Types of tests

Connectivity, traffic (ICMP), and roaming between two APs

The following table lists the client types on which the tests were conducted. Client types included laptops, hand-held devices, phones, and printers.

Table 12. Client Types

Client Type and Name

Driver or Software Version

Laptops

Acer Aspire E 15 E5-573-3870 (Qualcomm Atheros QCA9377) Windows 10 Pro (12.0.0.832)
Apple Macbook Air 11 inch OS Sierra 10.12.6
Apple Macbook Air 13 inch OS High Sierra 10.13.4
Macbook Pro Retina OS Catalina
Macbook Pro Retina 13 inch early 2015 OS Mojave 10.14.3
Macbook Pro OS X OS X 10.8.5
Macbook Air OS Sierra v10.12.2
Macbook Air 11 inch OS X Yosemite 10.10.5
MacBook M1 Chip OS Catalina

Dell Inspiron 2020 Chromebook

Chrome OS 75.0.3770.129

Google Pixelbook Go

Chrome OS 97.0.4692.27

HP chromebook 11a

Chrome OS 76.0.3809.136

Samsung Chromebook 4+

Chrome OS 77.0.3865.105

Dell Latitude (Intel AX210) Windows 11 (22.110.x.x)
Dell Latitude 3480  (Qualcomm DELL wireless 1820) Win 10 Pro (12.0.0.242)
Dell Inspiron 15-7569 (Intel Dual Band Wireless-AC 3165) Windows 10 Home (21.40.0)
Dell Latitude E5540 (Intel Dual Band Wireless AC7260) Windows 7 Professional (21.10.1)
Dell Latitude E5430 (Intel Centrino Advanced-N 6205) Windows 7 Professional (15.18.0.1)
Dell Latitude E6840 (Broadcom Dell Wireless 1540 802.11 a/g/n) Windows 7 Professional (6.30.223.215)
Dell XPS 12 v9250 (Intel Dual Band Wireless AC 8260 ) Windows 10 Home (21.40.0)
Dell Latitude 5491 (Intel AX200) Windows 10 Pro (21.20.1.1)
Dell XPS Latitude12 9250 (Intel Dual Band Wireless AC 8260) Windows 10 Home
Dell Inspiron 13-5368 Signature Edition Windows 10 Home (18.40.0.12)
FUJITSU Lifebook E556 Intel 8260 (Intel Dual Band Wireless-AC 8260 (802.11n)) Windows 8 (19.50.1.6)

Lenovo Yoga C630 Snapdragon 850 (Qualcomm AC 2x2 Svc)

Windows 10 Home
Lenovo Thinkpad Yoga 460 (Intel Dual Band Wireless-AC 9260) Windows 10 Pro (21.40.0)
Note 
For clients using Intel wireless cards, we recommend that you to update to the latest Intel wireless drivers if the advertised SSIDs are not visible.

Tablets

Apple iPad 2021 iOS 15.0
Apple iPad 7the Gen 2019 iOS 14.0
Apple iPad MD328LL/A iOS 9.3.5
Apple iPad 2 MC979LL/A iOS 11.4.1
Apple iPad Air MD785LL/A iOS 11.4.1
Apple iPad Air2 MGLW2LL/A iOS 10.2.1
Apple iPad Mini 4 9.0.1 MK872LL/A iOS 11.4.1
Apple iPad Mini 2 ME279LL/A iOS 11.4.1
Apple iPad Mini 4 9.0.1 MK872LL/A iOS 11.4.1
Microsoft Surface Pro 3 13 inch (Intel AX201) Windows 10 (21.40.1.3)
Microsoft Surface Pro 3 15 inch (Qualcomm Atheros QCA61x4A) Windows 10
Microsoft Surface Pro 7 (Intel AX201) Windows 10
Microsoft Surface Pro 6 (Marvell Wi-Fi chipset 11ac) Windows 10
Microsoft Surface Pro X (WCN3998 Wi-Fi Chip) Windows

Mobile Phones

Apple iPhone 5 iOS 12.4.1
Apple iPhone 6s iOS 13.5
Apple iPhone 7 MN8J2LL/A iOS 11.2.5
Apple iPhone 8 iOS 13.5
Apple iPhone 8 Plus iOS 14.1
Apple iPhone 8 Plus MQ8D2LL/A iOS 12.4.1
Apple iPhone X MQA52LL/A iOS 13.1
Apple iPhone 11 iOS 15.1
Apple iPhone 12 iOS 15.1
Apple iPhone 12 Pro iOS 15.1
Apple iPhone 13 iOS 15.1
Apple iPhone 13 Mini iOS 15.1
Apple iPhone 13 Pro iOS 15.1
Apple iPhone SE MLY12LL/A iOS 11.3
Apple iPhone SE iOS 15.1
ASCOM i63 Build v 3.0.0
ASCOM Myco 3 Android 9

Cisco IP Phone 8821

11.0.6 SR1

Drager Delta VG9.0.2
Drager M300.3 VG2.4
Drager M300.4 VG2.4
Drager M540 DG6.0.2 (1.2.6)

Google Pixel 3a

Android 11

Google Pixel 4

Android 11

Google Pixel 5

Android 11

Google Pixel 6

Android 11

Huawei Mate 20 pro Android 9.0
Huawei P20 Pro

Android 10

Huawei P40

Android 10

LG v40 ThinQ Android 9.0

One Plus 8

Android 11

Oppo Find X2

Android 10

Redmi K20 Pro

Android 10

Samsung Galaxy S9+ - G965U1

Android 10.0

Samsung Galaxy S10 Plus

Android 11.0

Samsung S10 (SM-G973U1)

Android 11.0

Samsung S10e (SM-G970U1)

Android 11.0

Samsung S20 Ultra

Android 10.0

Samsung S21 Ultra 5G

Android 11.0

Samsung Fold 2

Android 10.0

Samsung Note20

Android 10.0

Samsung G Note 10 Plus

Android 11.0

Samsung Galaxy A01

Android 11.0

Samsung Galaxy A21

Android 10.0

Sony Experia 1 ii

Android 11

Sony Experia

Android 11

Xiaomi Mi 9T

Android 9

Xiaomi Mi 10

Android 11

Spectralink 84 Series 7.5.0.x257
Spectralink 87 Series Android 5.1.1
Spectralink Versity Phones 92/95/96 Series Android 10.0
Vocera Badges B3000n 4.3.3.18
Vocera Smart Badges V5000 5.0.6.35
Zebra MC40 Android  4.4.4
Zebra MC40N0 Android 4.1.1
Zebra MC92N0 Android  4.4.4
Zebra MC9090 Windows Mobile 6.1
Zebra MC55A Windows 6.5
Zebra MC75A OEM ver 02.37.0001
Zebra TC51 Android 6.0.1
Zebra TC52 Android 10.0
Zebra TC55 Android 8.1.0
Zebra TC57 Android 10.0
Zebra TC70 Android 6.1
Zebra TC75 Android 10.0
Zebra TC8000 Android  4.4.3
Printers
Zebra QLn320 Mobile Printer LINK OS 6.4
Zebra ZT230 IndustrialPrinter LINK OS 6.4
Zebra ZQ310 Mobile Printer LINK OS 6.4
Zebra ZD410 Industrial Printer LINK OS 6.4
Zebra ZT410 Desktop Printer LINK OS 6.4
Zebra ZQ610 Industrial Printer LINK OS 6.4
Zebra ZQ620 Mobile Printer LINK OS 6.4

Wireless Module

Intel 11ax 200

Driver v22.20.0

Intel AC 9260

Driver v21.40.0

Intel Dual Band Wireless AC 8260

Driver v19.50.1.6

Intel AX 210

Driver v22.110.x.x (or above)

Samsung S21 Ultra

Driver v20.80.80

QCA WCN6855

Driver v1.0.0.901

Caveats

Caveats describe unexpected behavior in Cisco IOS releases in a product. Caveats that are listed as Open in a prior release are carried forward to the next release as either Open or Resolved.


Note

All incremental releases contain fixes from the current release.


Cisco Bug Search Tool

The Cisco Bug Search Tool (BST) allows partners and customers to search for software bugs based on product, release, and keyword, and aggregates key data such as bug details, product, and version. The BST is designed to improve the effectiveness in network risk management and device troubleshooting. The tool has a provision to filter bugs based on credentials to provide external and internal bug views for the search input.

To view the details of a caveat, click the corresponding identifier.

Open Caveats for Cisco IOS XE, Cupertino, 17.9.1

Caveat ID

Description

CSCwb70620

WPA TKIP client is unable to join due to mic error from client.

CSCwc00005

Cisco Catalyst 9136 AP: Auto-RF on the controller is reporting lower interference when rogue is using 40/80 MHz bandwidth.

CSCwc05366

Wireless AAA dynamic VLAN assignment: Clients cannot reach each other.

CSCwc15944

Cisco Catalyst 9800-L: Multicast traffic is not forwarded from wireless system to wireless clients.

CSCwc24994

Cisco AireOS 3800 series AP is crashing due to kernel panic.

CSCwc25974

Cisco Catalyst 9136 AP: Traffic running on AP itself is seen as interference on adjacent channels.

CSCwc28757

Cisco AireOS 3800 series AP: Radio crashes on Slot 0.

CSCwc30314

Cisco AireOS 4800 series AP is sending upstream DHCP packets in CAPWAP when in FlexConnect local switching local DHCP.

CSCwc31406

Stale entries in device-tracking database is causing false IP theft for IPv6 addresses.

CSCwc32182

Cisco AireOS 1852 AP: Radio firmware crash is observed.

CSCwc32360

Controller is deleting clients due to IP theft detection.

CSCwc39384

Cisco Wireless 9164 AP crashes @ PC is at cnss_wait_for_fw_ready+0xd4/0x118.

CSCwc41616

Cisco Catalyst 9105 AP: Crash is observed due to kernel panic.

CSCwc46702

Cisco Catalyst 9800-L: Crash is observed with reason critical process wncd fault on rp_0_0 (rc=134).

CSCwc60273

The AAA dashboard of Cisco DNA Centre does not display any AAA transaction data after the software upgrade.

Resolved Caveats for Cisco IOS XE, Cupertino, 17.9.1

Caveat ID

Description

CSCwb09248

High latency and packet drops are observed when associated to Cisco Catalyst 9130 AP.

CSCwb76935

Cisco Aironet 1815T AP: OEAP kernel panic crash is observed.

CSCwb97557

Cisco Aironet 3800 AP: Slot0 BSSID beacon frames are received on slot1 radio.

CSCwc04197

Secondary controller crash is observed during redundancy switchover.

CSCwc04328

6 GHz RRM: Channel-aware TPC is always on for 6 GHz TPC.

CSCwc04673

Cisco Wireless 9166 AP crashed at ieee80211_mbssid_del_profile upon flapping WLAN.

CSCwc07014

AP sends empty FlexConnect client cache payload to controller after successful client FT-SAE roam.

CSCwc08770

Cisco Wave 2 AP: Able to do SSH to AP when AP SSH global config is disabled.

CSCwc15229

Cisco Aironet 1832 AP reloads due to radio failure - Beacons are stuck on radio.

CSCwc17898

Observed a crash while joining AP with name that already exists on controller.

CSCwc20929

APP hosting segmentation doesnt work on Cisco Catalyst 9100 AP connected to a controller running 17.6.3.

CSCwc21428

6 GHz radio: Frequent channel changes are observed due to high utilization.

CSCwc27716

Memory leak is observed while deleting and adding mDNS rules.

CSCwc29238

WGB ping gateway failed after wgb associate to ap in 2.4 GHz and trigger wgbwiredclient get ipv4.

CSCwc29760

Cisco Aironet 3800 AP: Crash is observed due to led_core on ap.

CSCwc31277

6 GHz: Beacon stuck + QBSS 100%; no recovery ap.

CSCwc40483

Transmission power is not getting applied to Slot 1 on AP.

CSCwc43716

Not able to login AP CLI with credentials in site survey mode.

CSCwc46228

Unable to add AP location name on web UI with a space.

CSCwc62021

Cisco Aironet 1815 and 1832 APs: Default credentials are not working after the factory reset.

Related Documentation

Information about Cisco IOS XE is available at:

https://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-xe/index.html

Cisco Validated Designs documents are available at:

https://www.cisco.com/go/designzone

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use the Cisco MIB Locator found at:

http://www.cisco.com/go/mibs

Cisco Wireless Controller

For more information about the Cisco wireless controller, lightweight APs, and mesh APs, see these documents:

The installation guide for your controller is available at:

For all Cisco Wireless Controller software-related documentation, see:

https://www.cisco.com/c/en/us/support/wireless/catalyst-9800-series-wireless-controllers/tsd-products-support-series-home.html

Cisco Catalyst 9800 Wireless Controller Data Sheets

Cisco Embedded Wireless Controller on Catalyst Access Points

For more information about the Cisco Embedded Wireless Controller on Catalyst Access Points, see:

https://www.cisco.com/c/en/us/support/wireless/embedded-wireless-controller-catalyst-access-points/tsd-products-support-series-home.html

Wireless Products Comparison

Cisco Prime Infrastructure

Cisco Prime Infrastructure Documentation

Cisco Connected Mobile Experiences

Cisco Connected Mobile Experiences Documentation

Cisco DNA Center

Cisco DNA Center Documentation

Communications, Services, and Additional Information

  • To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.

  • To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.

  • To submit a service request, visit Cisco Support.

  • To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco Marketplace.

  • To obtain general networking, training, and certification titles, visit Cisco Press.

  • To find warranty information for a specific product or product family, access Cisco Warranty Finder.