Release Notes for Cisco Catalyst 9800 Series Wireless Controller, Cisco IOS XE Bengaluru 17.6.x
Introduction to Cisco Catalyst 9800 Series Wireless Controllers
The Cisco Catalyst 9800 Series Wireless Controllers comprise next-generation wireless controllers (referred to as controller in this document) built for intent-based networking. The controllers use Cisco IOS XE software and integrate the radio frequency (RF) capabilities from Cisco Aironet with the intent-based networking capabilities of Cisco IOS XE to create a best-in-class wireless experience for your organization.
The controllers are enterprise ready to power your business-critical operations and transform end-customer experiences:
-
The controllers come with high availability and seamless software updates that are enabled by hot and cold patching. This keeps your clients and services up and running always, both during planned and unplanned events.
-
The controllers come with built-in security, including secure boot, run-time defenses, image signing, integrity verification, and hardware authenticity.
-
The controllers can be deployed anywhere to enable wireless connectivity, for example, on an on-premise device, on cloud (public or private), or embedded on a Cisco Catalyst switch (for SDA deployments) or a Cisco Catalyst access point (AP).
-
The controllers can be managed using Cisco Catalyst Center, programmability interfaces, for example, NETCONF and YANG,or web-based GUI or CLI.
-
The controllers are built on a modular operating system. Open and programmable APIs enable the automation of your day zero to day n network operations. Model-driven streaming telemetry provides deep insights into your network and client health.
The controllers are available in multiple form factors to cater to your deployment options:
-
Catalyst 9800 Series Wireless Controller Appliance
-
Catalyst 9800 Series Wireless Controller for Cloud
-
Catalyst 9800 Embedded Wireless Controller for a Cisco Switch
 Note |
All the Cisco IOS XE programmability-related topics on the controllers are supported by DevNet, either through community-based support or through DevNet developer support. For more information, go to https://developer.cisco.com. |
What's New in Cisco IOS XE Bengaluru 17.6.8
There are no new features in this release.
Whats New in Cisco IOS XE Bengaluru 17.6.7
There are no new features in this release.
What's New in Cisco IOS XE Bengaluru 17.6.6a
There are no new features in this release.
This release only provides a fix for CSCwh87343: Cisco IOS XE Software Web UI Privilege Escalation Vulnerability.
For more information, see Security Advisory: cisco-sa-iosxe-webui-privesc-j22SaA4z.
Whats New in Cisco IOS XE Bengaluru 17.6.6
There are no new features in this release.
Whats New in Cisco IOS XE Bengaluru 17.6.5
|
Feature Name |
Description and Documentation Link |
|---|---|
|
Interim Accounting |
From this release, the no accounting-interim command is supported under the policy profile to disable interim accounting. For more information, see the chapter Interim Accounting. |
What's New in Cisco IOS XE Bengaluru 17.6.4
|
Feature Name |
Description and Documentation Link |
|---|---|
|
Configuring the AP Console |
This feature allows you to configure the AP console from the controller. The following command is introduced:
For more information, see the chapter Configuring the AP Console. |
|
Feature Name |
GUI Path |
|---|---|
|
Configuring the AP Console |
|
What's New in Cisco IOS XE Bengaluru 17.6.3
There are no new features in this release.
What's New in Cisco IOS XE Bengaluru 17.6.2
|
Feature Name |
Description and Documentation Link |
|---|---|
|
Support of 802.1X with Web Authentication on MAC Authetication Failure |
Cisco IOS XE Bengaluru 17.6.2 supports 802.1X with web authentication on MAC authentication failure. For more information, see the chapter, MultipleAuthentications for a Client. |
| Mesh and Mesh + Flex Support for Cisco Catalyst 9124AXE Outdoor Access Points |
Mesh feature and Mesh + Flex feature is supported in Cisco Catalyst 9124AXE outdoor Access Points. For more information, see the chapter Mesh Access Points. |
| Mesh and Mesh + Flex Support for Cisco Catalyst 9124AXI/D Outdoor Access Points |
Mesh feature and Mesh + Flex feature is supported in Cisco Catalyst 9124AXI/D outdoor Access Points. For more information, see the chapter Mesh Access Points. |
|
Per Client Bi-Directional Rate Limiting |
The Per Client Bi-Directional Rate Limiting feature adds bi-directional rate limiting for each wireless clients on 802.11ac Wave 2 and 11ax APs in a Flex local switching configuration. For more information, see the chapter Quality of Service. |
|
Feature Name |
GUI Path |
|---|---|
|
Per Client Bi-Directional Rate Limiting |
|
What's New in Cisco IOS XE Bengaluru 17.6.1
|
Feature Name |
Description and Documentation Link |
|---|---|
|
Access Point Tag Persistency |
From Cisco IOS XE Bengaluru 17.6.1, AP tag persistency is enabled globally on the controller. When APs join a controller with the tag persistency enabled, the mapped tags are saved on the AP without having to write the tag configurations on each AP, individually. The following command is introduced:
For more information, see the chapter Access Point Tag Persistency . |
|
AP Group NTP Server |
The global NTP server configuration is replaced with per-AP group NTP server configuration. Now, you cannot configure the Cisco Hyperlocation feature without the per-AP group NTP server. The following commands are introduced:
For more information, see the chapter Cisco Hyperlocation. |
|
Apple Bonjour: High Availability Support for mDNS |
High Availability support is now available in the mDNS feature when the controller is configured in service peer-enabled or disabled modes. For more information, see the chapter Multicast Domain Name System. |
|
Auto-Registering Random MAC Address |
If your current device is in UDN-enabled SSID, and you move to another UDN-enabled SSID, because of MAC randomization on Android, the MAC address of the device changes. The current device is then registered to the current UDN-enabled SSID using the auto-register process. The Auto-Registering Random MAC Address feature works only on Android devices versions earlier than Version 11. For more information, see the User Guide for Cisco User Defined Network Mobile Application. |
|
Dataplane Packet Logging |
Dataplane packet logging serviceability captures connectivity information related to wireless clients. Serviceability is divided into the following categories: Global Trace Log: Global trace logging is a mechanism to capture client connectivity , and is enabled by default. Filtered Trace Log: To start packet logging on a filtered trace buffer, you must enable filters using debug commands. Filters capture only the specific packet type or the packets based on the MAC address of the clients. The following commands are introduced:
For more information, see the chapter Dataplane Packet Logging. |
|
Fallback for AAA Overridden VLAN |
From Cisco IOS XE Bengaluru 17.6.1 onwards, fallback for AAA-overridden VLAN or VLAN groups is supported, on the policy profile. In Cisco IOS XE Bengaluru 17.5.1 Release and earlier releases, if there is a network with a single AAA server dictating policies that need to be applied to a client that may roam across different sites (having different policy definitions). If these policies are not defined on the site, the client does not get access to the network. To address this scenario, the Fallback for AAA-overridden VLAN feature is introduced. The following command is introduced:
For more information, see the chapter WLAN Security. |
|
FHRP Support on SDG for a Service Peer |
FHRP can be enabled as SDGs and configured on the service peer. As a result, both active and standby Service Discovery Gateway's (SDGs) are available for service peers. Use the show mdns-sd sp-sdg statistics command to verify the details used in the Local and Wide Area Bonjour domains. For more information, see the chapter Configuring Local and Wide Area Bonjour Domains. |
|
FQDN support for gRPC telemetry reciever |
With the introduction of the FQDN Support for gRPC Subscriptions feature, along with IP addresses, FQDN can also be used for gRPC subscriptions. For more information, see the Programmability Configuration Guide, Cisco IOS XE Bengaluru 17.6.x. |
|
Granular Reasons for Client Delete or Exclusions from SANET |
Detailed or granular client deletion reason codes are available from this release for client exclusions from SANET. |
|
Intel Analytics |
Device Analtics feature is supported on Intel devices with AC9560, AC8561,AX201, AX200, AX1650, AX210, AX211, and AX1675 chipsets. Device information and other information received from the Intel devices are shared with Cisco DNA Center. This information is used to enhance device profiling on the controller. For more information, see the chapter Device Analytics. |
|
IPv6 Ready Certification |
The IPv6 feature is enhanced with the implementation of various IPv6 functionalities that are required to comply with the latest RFC specifications. For more information, see the chapter IPv6 Ready Certification. |
|
LDAP Authentication Using sAMAccountName |
LDAP authentication is enhanced to use attribute map as well, in addition to the Common Name (cn) attribute that was supported in earlier releases. Use the show ldap server all command to verify the attribute used for the LDAP server. |
|
Link-Local Bridging |
From Cisco IOS XE Bengaluru 17.6.1 onwards, the Link-Local Bridging feature allows you to manage link-local traffic in inter and intra controller roaming scenarios. The following command is introduced:
For more information, see the chapter Link Local Bridging. |
|
MAC Address Consistency |
The format of the MAC addresses of some of the fields in the following CLIs are updated from xx:xx:xx:xx:xx to xxxx.xxxx.xxxx.
|
|
Mesh Support for Cisco Catalyst 9124AXI/D Outdoor Access Points |
Mesh feature is supported in Cisco Catalyst 9124AXI/D outdoor Access Points, with EFT quality. For queries or support on this feature, reach out to the mailer: wireless-9124-ithaca-mesh-eft-support The following commands are introduced:
For more information, see the chapter Mesh Access Points. |
|
Regulatory Compliance (Rest of World) for Domain Reduction |
This feature enhancement helps to reduce the number of regulatory domains by modifying the existing preprovision domain workflow to determine regulatory domain at runtime per country code. A new ROW domain is introduced and merged to include nine domains. Every AP can determine its own regulatory domain from one of the 9 domains with regulated power table and allowed radio channels. Until Cisco IOS XE Bengaluru 17.5.x, AP used the global controller country list to configure and validate all the country codes. For more information, see the chapter Regulatory Complaince Rest of the World for Domain Reduction. |
|
Secure Boot Setup for ESXi, KVM, NFVIS, and Microsoft Hyper-V |
The secure boot feature prevents malicious software applications and unauthorized operating systems from loading into the controller during the controller startup process. If the secure boot feature is enabled, only the authorized software applications boot up from the controller. For more information, see the Cisco Catalyst 9800-CL Cloud Wireless Controller Installation Guide. |
|
Share Client Delete Reason Code at AP to the Controller |
From this release, detailed or granular client deletion reason codes are transmitted from the AP to the controller. This helps the system administrators to understand the failure reason on client association while roaming or during fresh association. To find information about the client delete reasons, use the following CLIs:
|
|
Standby Interface Status Using Active Through SNMP |
When an SNMP query is received for the standby interface information, the SNMP handlers corresponding to the CISCO-LWAPP-HA-MIB reads them from the standby interface database on the active and populates the MIB objects in the CISCO-LWAPP-HA-MIB. For more information, see the chapter Redundancy Management Interface. |
|
Streaming Telemetry on a Cisco Catalyst 9800 Series Wireless Controller |
This feature explains how to enable telemetry support for either the Wi-Fi or system health related data. Telemetry support can be enhanced up to a scale of 1000 APs and for 15000 clients. A single collector setup is used to subscribe to the requested XPaths. The telemetry feed can be used to subscribe to the data elements to monitor the APs and the clients effectively. The data is provided through the built-in Cisco wireless models. The following commands are introduced:
For more information, see the chapter Streaming Telemetry on Cisco Catalyst 9800 Series Wireless Controller. |
|
Support to Configure Radio Profile for Beam Selection for APs with C-ANT9104 Antenna and Support for Antenna Count for Cisco Catalyst 9124AXI/D Outdoor Access Points. |
From Cisco IOS XE Bengaluru 17.6.1, you can configure radio profiles for the slots in the APs. You can configure radio profiles for beam-selection APs with C-ANT9104 antenna and configure antenna count for Cisco Catalyst 9124AXI/D Outdoor Access Points. You can configure the antenna beam selection for the 5-GHz slots-slot 1 and slot 2. The following commands are introduced:
For more information, see the chapter New Configuration Model. |
|
Syslog Support for Advanced WIPS |
This feature allows logging of alarms detected by APs in an RF environment as syslog messages in the controller. The following commands are introduced:
For more information, see the chapter Advanced WIPS. |
|
Transport Layer Security Tunnel Support |
The Transport Layer Security Tunnel (TLS) client support includes Binos processes using Linux Tun/Tap Interface. For more information, see the chapter Transport Layer Security Tunnel Support. |
|
Wireless Management Interface |
From Cisco IOS XE Bengaluru 17.6.1, Ethernet Service Port (Management Interface VRF/GigabitEthernet 0) is supported in Cisco Catalyst 9800 Series Wireless Controller. For more information, see the chapter Wireless Management Interface (WMI) |
|
WLAN Radio Policy |
The existing WLAN feature allows the broadcast of the WLAN on the specified radio on all the applicable slots. With the new radio policy feature, you can broadcast the WLAN to a corresponding slot. This option is supported only on 5-GHz band. The following command is introduced:
For more information, see the chapter WLANs. |
|
Workgroup Bridge Support on WiFi 6 Pluggable Module for Cisco Catalyst IR1800 Rugged Series Routers |
Workgroup Bridge mode support is added to the WiFi 6 Pluggable Module for Cisco Catalyst IR1800 Rugged Series Routers. For more information, see the chapter Workgroup Bridges. |
|
Redundacy Port Interface (RIF) Manager CLIs |
The following Redundacy Port Interface (RIF) manager related show commands are introduced:
|
|
Feature Name |
GUI Path |
|---|---|
|
Access Point Tag Persistency |
|
|
Intel Analytics |
|
|
Link-Local Bridging |
|
|
MAC Address Consistency |
|
|
Mesh Support for Cisco Catalyst 9124AX Outdoor Access Points |
|
|
Regulatory Compliance (Rest of World) for Domain Reduction |
|
|
Support to Configure Radio Profile for Beam Selection for APs With C-ANT9104 Antenna and Support for Antenna Count for Cisco Catalyst 9124AX Outdoor Access Points |
|
|
WLAN Radio Policy |
|
|
WLAN Simplification |
Configuration > Wireless Setup > WLAN Wizard |
MIBs
The following MIBs are modified:
-
AIRESPACE-WIRELESS-CAPABILITY.my
-
AIRESPACE-WIRELESS-MIB.my
-
CISCO-LWAPP-AP-CAPABILITY.my
-
CISCO-LWAPP-AP-MIB.my
-
CISCO-LWAPP-CDP-CAPABILITY.my
-
CISCO-LWAPP-DOT11-CAPABILITY.my
-
CISCO-LWAPP-DOT11-CLIENT-CALIB-CAPABILITY.my
-
CISCO-LWAPP-DOT11-CLIENT-CAPABILITY.my
-
CISCO-LWAPP-DOT11-CLIENT-MIB.my
-
CISCO-LWAPP-DOT11-MIB.my
-
CISCO-LWAPP-DOWNLOAD-CAPABILITY.my
-
CISCO-LWAPP-GUEST-LAN-CAPABILITY.my
-
CISCO-LWAPP-IPV6-CAPABILITY.my
-
CISCO-LWAPP-MESH-CAPABILITY.my
-
CISCO-LWAPP-MESH-LINKTEST-CAPABILITY.my
-
CISCO-LWAPP-MESH-MIB.my
-
CISCO-LWAPP-MFP-CAPABILITY.my
-
CISCO-LWAPP-MOBILITY-CAPABILITY.my
-
CISCO-LWAPP-MOBILITY-EXT-CAPABILITY.my
-
CISCO-LWAPP-QOS -CAPABILITY.my
-
CISCO-LWAPP-QOS-MIB.my
-
CISCO-LWAPP-REAP-CAPABILITY.my
-
CISCO-LWAPP-RF-CAPABILITY.my
-
CISCO-LWAPP-RF-MIB.my
-
CISCO-LWAPP-ROGUE-CAPABILITY.my
-
CISCO-LWAPP-ROGUE-MIB.my
-
CISCO-LWAPP-RRM-CAPABILITY.my
-
CISCO-LWAPP-RRM-MIB.my
-
CISCO-LWAPP-SI-CAPABILITY.my
-
CISCO-LWAPP-TC-MIB.my
-
CISCO-LWAPP-TUNNEL-CAPABILITY.my
-
CISCO-LWAPP-WLAN-CAPABILITY.my
-
CISCO-LWAPP-WLAN-MIB.my
-
CISCO-LWAPP-WLAN-POLICY-CAPABILITY.my
-
CISCO-LWAPP-WLAN-SECURITY-CAPABILITY.my
-
CISCO-WIRELESS-HOTSPOT-CAPABILITY.my
Behavior Change
-
Two ciphers named 3des-ede-cbc-sha and ecdhe-rsa-3des-ede-cbc-sha are removed from the following CLIs:
-
ip http client secure-ciphersuite
-
ip http secure-ciphersuite
-
-
Memory utility events are not included in the AP client-trace system events.
-
A new CLI named wireless client ip-address deauthenticate is introduced to deauthenticate wirelesss clients based on their IP address.
-
A new CLI named wireless client username deauthenticate is introduced to deauthenticate wirelesss clients with a given username.
-
The following show command ouputs are updated to include link-local multicast:
-
show wireless multicast
-
show platform software l2m chassis active F0 global
-
-
A new show ap name wlan vlan command is introduced to display operational WLAN-VLAN mappings per AP.
-
Cisco Catalyst Wi-Fi 6 (802.11ax) APs do not support Universal AP or Priming feature.
-
Client MFP is supported only on Cisco Wave 1 APs and not supported on Cisco Wave 2 APs.
-
Deprecated the insecure TLS version (TLSv1 and TLSv1.1) for HTTP server. The web configuration now allows only TLS protocols (TLSv1.2 and later).
Interactive Help
The Cisco Catalyst 9800 Series Wireless Controller GUI features an interactive help that walks you through the GUI and guides you through complex configurations.
You can start the interactive help in the following ways:
-
By hovering your cursor over the blue flap at the right-hand corner of a window in the GUI and clicking Interactive Help.
-
By clicking Walk-me Thru in the left pane of a window in the GUI.
-
By clicking Show me How displayed in the GUI. Clicking Show me How triggers a specific interactive help that is relevant to the context you are in.
For instance, Show me How in Configure > AAA walks you through the various steps for configuring a RADIUS server. Choose Configuration> Wireless Setup > Advanced and click Show me How to trigger the interactive help that walks you through the steps relating to various kinds of authentication.
The following features have an associated interactive help:
-
Configuring AAA
-
Configuring FlexConnect Authentication
-
Configuring 802.1X Authentication
-
Configuring Local Web Authentication
-
Configuring OpenRoaming
-
Configuring Mesh APs
Note |
If the WalkMe launcher is unavailable on Safari, modify the settings as follows:
|
Important Notes
-
To migrate public IP address from 16.12.x to 17.x. ensure that you configure the service internal command. If you do not configure the service internal command, the IP address does not carry forward.
-
The Cisco Aironet 2800 and 3800 APs do not reset an interface (to clear any Ethernet interface physical layer issues) if the Dynamic Host Configuration Protocol (DHCP) does not resolve the IP address within a certain duration.
Supported Hardware
The following table lists the supported virtual and hardware platforms. (See Table 3 for the list of supported modules.)
|
Platform |
Description |
|---|---|
|
Cisco Catalyst 9800-80 Wireless Controller |
A modular wireless controller with up to 100-GE modular uplinks and seamless software updates. The controller occupies 2-rack unit space and supports multiple module uplinks. |
|
Cisco Catalyst 9800-40 Wireless Controller |
A fixed wireless controller with seamless software updates for mid-size to large enterprises. The controller occupies 1-rack unit space and provides four 1-GE or 10-GE uplink ports. |
|
Cisco Catalyst 9800 Wireless Controller for Cloud |
A virtual form factor of the Catalyst 9800 Wireless Controller that can be deployed in a private cloud (supports ESXi, KVM, and NFVIS on ENCS hypervisors), or in the public cloud as Infrastructure as a Service (IaaS) in Amazon Web Services (AWS) and Google Cloud Platform (GCP) marketplace. |
|
Cisco Catalyst 9800 Embedded Wireless Controller for Switch |
The Catalyst 9800 Wireless Controller software for the Cisco Catalyst 9000 switches bring the wired and wireless infrastructure together with consistent policy and management. This deployment model supports only SD Access, which is a highly secure solution for small campuses and distributed branches. |
|
Cisco Catalyst 9800-L Wireless Controller |
The Cisco Catalyst 9800-L Wireless Controller is the first low-end controller that provides a significant boost in performance and features. |
The following table lists the host environments supported for private and public cloud.
|
Host Environment |
Software Version |
|---|---|
|
VMware ESXi |
|
|
KVM |
|
|
AWS |
AWS EC2 platform |
|
NFVIS |
ENCS 3.8.1 and 3.9.1 |
|
GCP |
GCP marketplace |
|
Microsoft Hyper-V |
Windows 2019 Server and Windows Server 2016 (Version 1607) with Hyper-V Manager (Version 10.0.14393) |
The following table lists the supported Cisco Catalyst 9800 Series Wireless Controller hardware models.
The Base PIDs are the model numbers of the controller.
The Bundled PIDs indicate the orderable part numbers for the Base PIDs that are bundled with a particular network module. Running the show version , show module or show inventory command on such a controller (bundled PID) displays its Base PID.
Note that unsupported SFPs will bring down a port. Only Cisco-supported SFPs (GLC-LH-SMD and GLC-SX-MMD) should be used on the RP port of C9800-80-K9 and C9800-40-K9.
|
Controller Model |
Description |
|---|---|
|
C9800-CL-K9 |
Cisco Catalyst Wireless Controller as an infrastructure for Cloud. |
|
C9800-80-K9 |
Eight 1/10-Gigabit Ethernet SFP or SFP+ ports and two power supply slots. The following SFPs are supported:
|
|
The following enhanced SFPs are supported:
|
|
|
The following QSFP+s are supported:
|
|
|
C9800-40-K9 |
Four 1/10-Gigabit Ethernet SFP or SFP+ ports and two power supply slots The following SFPs are supported:
|
|
The following enhanced SFPs are supported:
|
|
|
C9800-L-C-K9 |
The following SFPs are supported:
|
|
C9800-L-F-K9 |
The following SFPs are supported:
|
Optics Modules
Cisco Catalyst 9800 Series Wireless Controller supports a wide range of optics. The list of supported optics is updated on a regular basis. See the tables at the following location for the latest transceiver module compatibility information:
https://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html
Supported Hardware
The following table lists the supported virtual and hardware platforms. (See Supported PIDs and Ports for the list of supported modules.)
|
Platform |
Description |
|---|---|
|
Cisco Catalyst 9800-80 Wireless Controller |
A modular wireless controller with up to 100-GE modular uplinks and seamless software updates. The controller occupies a 2-rack unit space and supports multiple module uplinks. |
|
Cisco Catalyst 9800-40 Wireless Controller |
A fixed wireless controller with seamless software updates for mid-size to large enterprises. The controller occupies a 1-rack unit space and provides four 1-GE or 10-GE uplink ports. |
|
Cisco Catalyst 9800-L Wireless Controller |
The Cisco Catalyst 9800-L Wireless Controller is the first low-end controller that provides a significant boost in performance and features. |
|
Cisco Catalyst 9800 Wireless Controller for Cloud |
A virtual form factor of the Catalyst 9800 Wireless Controller that can be deployed in a private cloud (supports VMware ESXi, Kernel-based Virtual Machine [KVM], Microsoft Hyper-V, and Cisco Enterprise NFV Infrastructure Software [NFVIS] on Enterprise Network Compute System [ENCS] hypervisors), or in the public cloud as Infrastructure as a Service (IaaS) in Amazon Web Services (AWS), Google Cloud Platform (GCP) marketplace, and Microsoft Azure. |
|
Cisco Catalyst 9800 Embedded Wireless Controller for Switch |
The Catalyst 9800 Wireless Controller software for the Cisco Catalyst 9000 switches brings the wired and wireless infrastructure together with consistent policy and management. This deployment model supports only Software Defined-Access (SDA), which is a highly secure solution for small campuses and distributed branches. |
The following table lists the host environments supported for private and public cloud.
|
Host Environment |
Software Version |
|---|---|
|
VMware ESXi |
|
|
KVM |
|
|
AWS |
AWS EC2 platform |
|
NFVIS |
ENCS 3.8.1 and 3.9.1 |
|
GCP |
GCP marketplace |
|
Microsoft Hyper-V |
Windows 2019 Server and Windows Server 2016 (Version 1607) with Hyper-V Manager (Version 10.0.14393) |
|
Microsoft Azure |
Microsoft Azure |
The following table lists the supported Cisco Catalyst 9800 Series Wireless Controller hardware models.
The base PIDs are the model numbers of the controller.
The bundled PIDs indicate the orderable part numbers for the base PIDs that are bundled with a particular network module. Running the show version , show module , or show inventory command on such a controller (bundled PID) displays its base PID.
Note that unsupported SFPs will bring down a port. Only Cisco-supported SFPs (GLC-LH-SMD and GLC-SX-MMD) should be used on the route processor (RP) ports of C9800-80-K9 and C9800-40-K9.
The following table lists the supported SFP models.
Optics Modules
The Cisco Catalyst 9800 Series Wireless Controller supports a wide range of optics. The list of supported optics is updated on a regular basis. See the tables at the following location for the latest transceiver module compatibility information:
https://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html
Supported APs
The following Cisco APs are supported in this release.
Indoor Access Points
-
Cisco Catalyst 9105AX (I) Access Points
-
VID 04 or later - supported from 17.6.4
-
VID 03 or earlier - supported in all 17.6.x releases
-
-
Cisco Catalyst 9105AX (W) Access Points
-
VID 02 or later - supported from 17.6.4
-
VID 01 or earlier - supported in all 17.6.x releases
-
-
Cisco Catalyst 9115AX (I/E) Access Points
-
Cisco Catalyst 9117AX (I) Access Points
-
Cisco Catalyst 9120AX (I/E) Access Points
-
VID 07 or later - supported from 17.6.4
-
VID 06 or earlier - supported in all 17.6.x releases
-
-
Cisco Catalyst 9120AX (P) Access Points
-
Cisco Catalyst 9130AX (I/E) Access Points
-
VID 03 or later - supported from 17.6.4
-
VID 02 or earlier - supported in all 17.6.x releases
(For information about Cisco Catalyst 9105, 9120, or 9130 Access Points version support, see the Field Notice 72424.)
-
-
Cisco Aironet 1815 (I/W), 1830 (I), 1840 (I), and 1852 (I/E) Access Points
-
Cisco Aironet 2800 (I/E) Series Access Points
-
Cisco Aironet 3800 (I/E/P) Series Access Points
-
Cisco Aironet 4800 Series Access Points
Outdoor Access Points
-
Cisco Aironet 1540 Series Access Points
-
Cisco Aironet 1560 Series Access Points
-
Cisco Industrial Wireless 3700 Series Access Points
-
Cisco Catalyst Industrial Wireless 6300 Heavy Duty Series Access Point
-
Cisco 6300 Series Embedded Services Access Point
-
Cisco Catalyst 9124AX (I/D/E) Access Points
Integrated Access Points
-
Integrated Access Point on Cisco 1100 ISR (ISR-AP1100AC-x, ISR-AP1101AC-x, and ISR-AP1101AX-x)
Network Sensor
-
Cisco Aironet 1800s Active Sensor
Supported Access Point Channels and Maximum Power Settings
Supported access point channels and maximum power settings on Cisco APs are compliant with the regulatory specifications of channels, maximum power levels, and antenna gains of every country in which the access points are sold. For more information about the supported access point transmission values in Cisco IOS XE software releases, see the Detailed Channels and Maximum Power Settings document at https://www.cisco.com/c/en/us/support/ios-nx-os-software/ios-xe-17/products-technical-reference-list.html.
For information about Cisco Wireless software releases that support specific Cisco AP modules, see the "Software Release Support for Specific Access Point Modules" section in the Cisco Wireless Solutions Software Compatibility Matrix document.
Compatibility Matrix
The following table provides software compatibility information. For more information, see Cisco Wireless Solutions Software Compatibility Matrix
|
Cisco Catalyst 9800 Series Wireless Controller Software |
Cisco Identity Services Engine |
Cisco Prime Infrastructure |
Cisco AireOS-IRCM Interoperability |
Cisco Catalyst Center |
Cisco CMX |
|---|---|---|---|---|---|
|
Bengaluru 17.6.x |
3.1 3.0 2.7 2.6 2.4 |
3.10 3.9 |
8.10.196.0 8.10.190.0 8.10.185.0 8.10.171.0 8.10.162.0 8.10.151.0 8.10.142.0 8.10.130.0 8.8.130.0 8.5.182.104 8.5.176.0 8.5.176.2 8.5.164.0 8.5.164.216 |
11.0 10.6.3 |
GUI System Requirements
The following subsections list the hardware and software required to access the Cisco Catalyst 9800 Controller GUI.
|
Processor Speed |
DRAM |
Number of Colors |
Resolution |
Font Size |
|---|---|---|---|---|
|
233 MHz minimum3 |
512 MB4 |
256 |
1280 x 800 or higher |
Small |
Software Requirements
Operating Systems:
-
Windows 7 or later
-
Mac OS X 10.11 or later
Browsers:
-
Google Chrome: Version 59 or later (on Windows and Mac)
-
Microsoft Edge: Version 40 or later (on Windows)
-
Safari: Version 10 or later (on Mac)
-
Mozilla Firefox: Version 60 or later (on Windows and Mac)
Note |
Firefox Version 63.x is not supported. |
The controller GUI uses Virtual Terminal (VTY) lines for processing HTTP requests. At times, when multiple connections are open, the default number of VTY lines of 15 set by the device might get exhausted. Therefore, we recommend that you increase the number of VTY lines to 50.
To increase the VTY lines in a device, run the following commands in the following order:
-
device# configure terminal
-
device(config)# line vty 50
A best practice is to configure the service tcp-keepalives to monitor the TCP connection to the device.
-
device(config)# service tcp-keepalives-in
-
device(config)# service tcp-keepalives-out
Before You Upgrade
Ensure that you familiarize yourself with the following points before proceeding with the upgrade:
 Warning |
APs that are upgraded to Release 17.6.x cannot join controllers that are running AireOS versions earlier than 8.10.162.0, 8.5MR8, or 8.5.176.2(IRCM). |
 Caution |
During controller upgrade or reboot, if route processor ports are connected to any Cisco switch, ensure that the route processor ports are not flapped (shut/no shut process). Otherwise, it may lead to a kernel crash. |
Note |
|
Cisco Wave 2 APs may get into a boot loop when upgrading software over a WAN link. For more information, see: https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/220443-how-to-avoid-boot-loop-due-to-corrupted.html.
The following Wave 1 APs are not supported from 17.4 to 17.9.2, 17.10.x, 17.11.x, 17.13.x, 17.14.x, and 17.15.x:
-
Cisco Aironet 1570 Series Access Point
-
Cisco Aironet 1700 Series Access Point
-
Cisco Aironet 2700 Series Access Point
-
Cisco Aironet 3700 Series Access Point
Note |
|
-
From Cisco IOS XE Dublin 17.10.x, Key Exchange and MAC algorithms like diffie-hellman-group14-sha1, hmac-sha1, hmac-sha2-256, and hmac-sha2-512 are not supported by default and it may impact some SSH clients that only support these algorithms. If required, you can add them manually. For information on manually adding these algorithms, see the SSH Algorithms for Common Criteria Certification document available at: https://www.cisco.com/c/en/us/td/docs/routers/ios/config/17-x/sec-vpn/b-security-vpn/m_sec-secure-shell-algorithm-ccc.html
-
If APs fail to detect the backup image after running the archive download-sw command, perform the following steps:
-
Upload the image using the no-reload option of the archive download-sw command:
Device# archive download-sw /no-reload tftp://<tftp_server_ip>/<image_name> -
Restart the CAPWAP process using capwap ap restart command. This allows the AP to use the correct backup image after the restart (reload is not required.)
Device# capwap ap restartCaution
The AP will lose connection to the controller during the join process. When the AP joins the new controller, it will see a new image in the backup partition. So, the AP will not download a new image from the controller.
-
-
You might observe a high Confd CPU when full synchronization occurs between NETCONF datastore and Cisco IOS configuration. This behavior is normal and is triggered by the line vty command.
-
The controller reloads automatically when a cold patch is applied using web UI. This behavior is applicable to 17.3.x and 17.6.x releases.
-
From Cisco IOS XE Amsterdam 17.3.1 onwards, the Cisco Catalyst 9800-CL Wireless Controller requires 16 GB of disk space for new deployments.
If you are upgrading to Cisco IOS XE Amsterdam 17.3.x from a previous release, resizing of disk space is not supported. If the current disk space is lesser than 16 GB, you need to redeploy the VM to meet the new disk space requirements.
-
Fragmentation lower than 1500 is not supported for the RADIUS packets generated by wireless clients in the Gi0 (OOB) interface.
-
When you upgrade from Cisco IOS XE Bengaluru 17.4.1 to Cisco IOS XE Bengaluru 17.6.x, the controller does not send all telemetry information using gather points or Xpaths.
-
Cisco IOS XE allows you to encrypt all the passwords used on the device. This includes user passwords and SSID passwords (PSK). For more information, see the "Password Encryption" section of the Cisco Catalyst 9800 Series Configuration Best Practices document.
-
While upgrading to Cisco IOS XE 17.3.x and later releases, if the ip http active-session-modules none command is enabled, you will not be able to access the controller GUI using HTTPS. To access the GUI using HTTPS, run the following commands in the order specified below:
-
ip http session-module-list pkilist OPENRESTY_PKI
-
ip http active-session-modules pkilist
-
-
Cisco Aironet 1815T OfficeExtend Access Point will be in local mode when connected to the controller. However, when it functions as a standalone AP, it gets converted to FlexConnect mode.
-
The Cisco Catalyst 9800-L Wireless Controller may fail to respond to the BREAK signals received on its console port during boot time, preventing users from getting to the ROMMON. This problem is observed on the controllers manufactured until November 2019, with the default config-register setting of 0x2102. This problem can be avoided if you set config-register to 0x2002. This problem is fixed in the 16.12(3r) ROMMON for Cisco Catalyst 9800-L Wireless Controller. For information about how to upgrade the ROMMON, see the Upgrading ROMMON for Cisco Catalyst 9800-L Wireless Controllers section of the Upgrading Field Programmable Hardware Devices for Cisco Catalyst 9800 Series Wireless Controllers document.
-
By default, the controller uses a TFTP block size value of 512, which is the lowest possible value. This default setting is used to ensure interoperability with legacy TFTP servers. If required, you can change the block size value to 8192 to speed up the transfer process, using the ip tftp blocksize command in global configuration mode.
-
We recommend that you configure the password encryption aes and the key config-key password-encrypt key commands to encrypt your password.
-
If the following error message is displayed after a reboot or system crash, we recommend that you regenerate the trustpoint certificate:
ERR_SSL_VERSION_OR_CIPHER_MISMATCHUse the following commands in the order specified below to generate a new self-signed trustpoint certificate:
-
device# configure terminal
-
device(config)# no crypto pki trustpoint trustpoint_name
-
device(config)# no ip http server
-
device(config)# no ip http secure-server
-
device(config)# ip http server
-
device(config)# ip http secure-server
-
device(config)# ip http authentication local/aaa
-
-
Do not deploy OVA files directly to VMware ESXi 6.5. We recommend that you use an OVF tool to deploy the OVA files.
-
Ensure that you remove the controller from Cisco Prime Infrastructure before disabling or enabling Netconf-YANG. Otherwise, the system may reload unexpectedly.
-
Unidirectional Link Detection (UDLD) protocol is not supported.
-
SIP media session snooping is not supported on FlexConnect local switching deployments.
-
The Cisco Catalyst 9800 Series Wireless Controllers (C9800-CL, C9800-L, C9800-40, and C9800-80) support a maximum of 14,000 leases with internal DHCP scope.
-
Configuring the mobility MAC address using the wireless mobility mac-address command is mandatory for both HA and 802.11r.
-
If you have Cisco Catalyst 9120 (E/I/P) and Cisco Catalyst 9130 (E) APs in your network and you want to downgrade, use only Cisco IOS XE Gibraltar 16.12.1t. Do not downgrade to Cisco IOS XE Gibraltar 16.12.1s.
-
The following SNMP variables are not supported:
-
CISCO-LWAPP-WLAN-MIB: cLWlanMdnsMode
-
CISCO-LWAPP-AP-MIB.my: cLApDot11IfRptncPresent, cLApDot11IfDartPresent
-
-
If you are upgrading from Cisco IOS XE Gibraltar 16.11.x or an earlier release, ensure that you unconfigure the advipservices boot-level licenses on both the active and standby controllers using the no license boot level advipservices command before the upgrade. Note that the license boot level advipservices command is not available in Cisco IOS XE Gibraltar 16.12.1s and 16.12.2s.
-
The Cisco Catalyst 9800 Series Wireless Controller has a service port that is referred to as GigabitEthernet 0 port.
The following protocols and features are supported through this port:
-
Cisco Catalyst Center
-
Cisco Smart Software Manager
-
Cisco Prime Infrastructure
-
Telnet
-
Controller GUI
-
DNS
-
File transfer
-
GNMI
-
HTTP
-
HTTPS
-
LDAP
-
Licensing for Smart Licensing feature to communicate with CSSM
-
Netconf
-
NetFlow
-
NTP
-
RADIUS (including CoA)
-
Restconf
-
SNMP
-
SSH
-
SYSLOG
-
TACACS+
-
-
During device upgrade using GUI, if a switchover occurs, the session expires and the upgrade process gets terminated. As a result, the GUI cannot display the upgrade state or status.
-
From Cisco IOS XE Bengaluru 17.4.1 onwards, the telemetry solution provides a name for the receiver address instead of the IP address for telemetry data. This is an additional option. During the controller downgrade and subsequent upgrade, there is likely to be an issue—the upgrade version uses the newly named receivers, and these are not recognized in the downgrade. The new configuration gets rejected and fails in the subsequent upgrade. Configuration loss can be avoided when the upgrade or downgrade is performed from Cisco Catalyst Center.
-
From Cisco IOS XE Bengaluru 17.4.1 onwards, session timeout under the policy profile is supported.
-
Twinax's Small Form-factor Pluggable (SFP) modules are supported only on built-in (fixed) data ports of the Cisco Catalyst 9800-80 Wireless Controller and the Cisco Catalyst 9800-40 Wireless Controller. The Cisco Catalyst 9800-80 Wireless Controller does not support Twinax SFPs in the Ethernet port adapter (EPA) slot or any other port.
-
Communication between Cisco Catalyst 9800 Series Wireless Controller and Cisco Prime Infrastructure uses different ports:
-
All the configurations and templates available in Cisco Prime Infrastructure are pushed through SNMP and CLI, using UDP port 161.
-
Operational data for controller is obtained over SNMP, using UDP port 162.
-
AP and client operational data leverage streaming telemetry:
-
Cisco Prime Infrastructure to controller: TCP port 830 is used by Cisco Prime Infrastructure to push the telemetry configuration to the controller (using NETCONF).
-
Controller to Cisco Prime Infrastructure: TCP port 20828 is used for Cisco IOS XE 16.10.x and 16.11.x, and TCP port 20830 is used for Cisco IOS XE 16.12.x, 17.1.x and later releases.
-
-
-
To migrate public IP address from 16.12.x to 17.x. ensure that you configure the service internal command. If you do not configure the service internal command, the IP address does not get carried forward.
-
RLAN support with Virtual Routing and Forwarding (VRF) is not available.
-
When you encounter the SNMP error SNMP_ERRORSTATUS_NOACCESS 6, it means that the specified SNMP variable is not accessible.
-
We recommend that you perform a controller reload whenever there is a change in the controller's clock time to reflect an earlier time.
Note |
The DTLS version (DTLSv1.0) is deprecated for Cisco Aironet 1800 based on latest security policies. Therefore, any new out-of-box deployments of Cisco Aironet 1800 APs will fail to join the controller and you will get the following error message: To onboard new Cisco Aironet 1800 APs and to establish a CAPWAP connection, explicitly set the DTLS version to 1.0 in the controller using the following configuration: Note that setting the DTLS version to 1.0 affects all the existing AP CAPWAP connections. We recommend that you apply the configuration only during a maintenance window. After the APs download the new image and join the controller, ensure that you remove the configuration. |
To upgrade the field programmable hardware devices for Cisco Catalyst 9800 Series Wireless Controllers, see Upgrading Field Programmable Hardware Devices for Cisco Catalyst 9800 Series Wireless Controllers.
Important |
Before you begin a downgrade process, you must manually remove the configurations which are applicable in the current version but not in older version. Otherwise, you might encounter an unexpected behavior. |
-
When you downgrade an AP from a higher version to Cisco IOS XE Amsterdam 17.3.x, the AP will not be accessible through SSH or the console due to the denial of the enable password, when the AP has not yet joined a controller. If the AP joins a controller, then the AP becomes accessible without any password denial.
Upgrade Path to Cisco IOS XE Bengaluru 17.6.x
|
Current Software |
Upgrade Path to Cisco IOS XE Bengaluru 17.6.x Release |
|---|---|
|
16.10.x |
Upgrade first to 16.12.5 and then to 17.6.x. |
|
16.11.x |
Upgrade first to 16.12.5 and then to 17.6.x. |
|
16.12.x |
You can upgrade directly to 17.6.x. |
|
17.1.x |
Upgrade first to 17.3 and then to 17.6.x. |
|
17.2.x |
Upgrade first to 17.3 and then to 17.6.x. |
|
17.3.x |
You can upgrade directly to 17.6.x. |
|
17.4.x |
You can upgrade directly to 17.6.x. |
|
17.5.x |
You can upgrade directly to 17.6.x. |
Upgrading the Controller Software
This section describes the various aspects of upgrading the controller software.
For information on the upgrade process and the methods to upgrade the Cisco Catalyst 9800 Series Wireless Controller software, see the "Upgrading the Cisco Catalyst 9800 Wireless Controller Software" chapter of the Cisco Catalyst 9800 Series Wireless Controller Software Configuration Guide.
The Cisco Catalyst 9800 Wireless Controller may crash during wncmrgd process if downgraded from 17.9.2 to 17.6.4. To avoid this, we recommend that you downgrade to Cisco IOS XE Bengaluru 17.6.4 from Cisco IOS XE Cupertino 17.9.x after removing the controller from Cisco DNAC inventory.
Finding the Software Version
The package files for the Cisco IOS XE software are stored in the system board flash device (flash:).
Use the show version privileged EXEC command to see the software version that is running on your controller.
Note |
Although the show version output always shows the software image running on the controller, the model name shown at the end of the output is the factory configuration, and does not change if you upgrade the software license. |
Use the show install summary privileged EXEC command to see the information about the active package.
Use the dir filesystem: privileged EXEC command to see the directory names of other software images that you have stored in flash memory.
Software Images
-
Release: Cisco IOS XE Bengaluru 17.6.x
-
Image Names (9800-80, 9800-40, and 9800-L):
-
C9800-80-universalk9_wlc.17.06.x.SPA.bin
-
C9800-40-universalk9_wlc.17.06.x.SPA.bin
-
C9800-L-universalk9_wlc.17.06.x.SPA.bin
-
-
Image Names (9800-CL):
-
Cloud: C9800-CL-universalk9.17.06.x.SPA.bin
-
Hyper-V/ESXi/KVM: C9800-CL-universalk9.17.06.x.iso, C9800-CL-universalk9.17.06.x.ova
-
KVM: C9800-CL-universalk9.17.06.x.qcow2
-
NFVIS: C9800-CL-universalk9.17.06.x.tar.gz
-
Software Installation Commands
|
Cisco IOS XE, Bengaluru, 17.6.x |
|||
|---|---|---|---|
|
To install and activate a specified file, and to commit changes to be persistent across reloads, run the following command: device# install add file filename [activate |commit] To separately install, activate, commit, end, or remove the installation file, run the following command: device# install ?
|
|||
|
add file tftp: filename |
Copies the install file package from a remote location to a device, and performs a compatibility check for the platform and image versions. |
||
|
activateauto-abort-timer] |
Activates the file and reloads the device. The auto-abort-timer keyword automatically rolls back image activation. |
||
|
commit |
Makes changes that are persistent over reloads. |
||
|
rollback to committed |
Rolls back the update to the last committed version. |
||
|
abort |
Cancels file activation, and rolls back to the version that was running before the current installation procedure started. |
||
|
remove |
Deletes all unused and inactive software installation files. |
||
Licensing
The Smart Licensing Using Policy feature is automatically enabled on the controller. This is also the case when you upgrade to this release. By default, your Smart Account and Virtual Account in Cisco Smart Software Manager (CSSM) are enabled for Smart Licensing Using Policy. For more information, see the "Smart Licensing Using Policy" chapter in the Cisco Catalyst 9800 Series Wireless Controller Software Configuration Guide.
For a more detailed overview on Cisco Licensing, see cisco.com/go/licensingguide.
Interoperability with Clients
This section describes the interoperability of the controller software with client devices.
The following table lists the configurations used for testing client devices.
|
Hardware or Software Parameter |
Hardware or Software Type |
|---|---|
|
Release |
Cisco IOS XE, Bengaluru, 17.6.x |
|
Cisco Wireless Controller |
See Supported Hardware. |
|
Access Points |
See Supported APs. |
|
Radio |
|
|
Security |
Open, PSK (WPA2-AES), 802.1X (WPA2-AES) (EAP-FAST, EAP-TLS) 802.11ax |
|
RADIUS |
See Compatibility Matrix. |
|
Types of tests |
Connectivity, traffic (ICMP), and roaming between two APs |
The following table lists the client types on which the tests were conducted. Client types included laptops, hand-held devices, phones, and printers.
|
Client Type and Name |
Driver or Software Version |
||
|---|---|---|---|
|
Wi-Fi 6 Devices (Mobile Phone and Laptop) |
|||
| Apple iPhone 11 | iOS 14.1 | ||
|
Apple iPhone SE 2020 |
iOS 14.1 | ||
| Dell Intel AX1650w | Windows 10 ( 21.90.2.1) | ||
| Dell Latitude 5491 (Intel AX200) | Windows 10 Pro (21.40.2) | ||
| Samsung S20 | Android 10 | ||
| Samsung S10 (SM-G973U1) | Android 9.0 (One UI 1.1) | ||
| Samsung S10e (SM-G970U1) | Android 9.0 (One UI 1.1) | ||
| Samsung Galaxy S10+ | Android 9.0 | ||
|
Samsung Galaxy Fold 2 |
Android 10 | ||
|
Samsung Galaxy Flip Z |
Android 10 | ||
|
Samsung Note 20 |
Android 10 | ||
|
Laptops |
|||
| Acer Aspire E 15 E5-573-3870 (Qualcomm Atheros QCA9377) | Windows 10 Pro (12.0.0.832) | ||
| Apple Macbook Air 11 inch | OS Sierra 10.12.6 | ||
| Apple Macbook Air 13 inch | OS Catalina 10.15.4 | ||
| Apple Macbook Air 13 inch | OS High Sierra 10.13.4 | ||
| Macbook Pro Retina | OS Mojave 10.14.3 | ||
| Macbook Pro Retina 13 inch early 2015 | OS Mojave 10.14.3 | ||
|
Dell Inspiron 2020 Chromebook |
Chrome OS 75.0.3770.129 |
||
|
Google Pixelbook Go |
Chrome OS 84.0.4147.136 |
||
|
HP chromebook 11a |
Chrome OS 76.0.3809.136 |
||
|
Samsung Chromebook 4+ |
Chrome OS 77.0.3865.105 |
||
| Dell Latitude 3480 (Qualcomm DELL wireless 1820) | Win 10 Pro (12.0.0.242) | ||
| Dell Inspiron 15-7569 (Intel Dual Band Wireless-AC 3165) | Windows 10 Home (18.32.0.5) | ||
| Dell Latitude E5540 (Intel Dual Band Wireless AC7260) | Windows 7 Professional (21.10.1) | ||
| Dell XPS 12 v9250 (Intel Dual Band Wireless AC 8260 ) | Windows 10 (19.50.1.6) | ||
| Dell Latitude 5491 (Intel AX200) | Windows 10 Pro (21.40.2) | ||
| Dell XPS Latitude12 9250 (Intel Dual Band Wireless AC 8260) | Windows 10 Home (21.40.0) | ||
|
Lenovo Yoga C630 Snapdragon 850 (Qualcomm AC 2x2 Svc) |
Windows 10 (1.0.10440.0) |
||
| Lenovo Thinkpad Yoga 460 (Intel Dual Band Wireless-AC 9260) | Windows 10 Pro ( 21.40.0) | ||
|
|||
|
Tablets |
|||
| Apple iPad Pro | iOS 13.5 | ||
| Apple iPad Air2 MGLW2LL/A | iOS 12.4.1 | ||
| Apple iPad Mini 4 9.0.1 MK872LL/A | iOS 11.4.1 | ||
| Apple iPad Mini 2 ME279LL/A | iOS 12.0 | ||
| Microsoft Surface Pro 3 – 11ac | Qualcomm Atheros QCA61x4A | ||
| Microsoft Surface Pro 3 – 11ax | Intel AX201 chipset. Driver v21.40.1.3 | ||
| Microsoft Surface Pro 7 – 11ax | Intel Wi-Fi chip (HarrisonPeak AX201) (11ax, WPA3) | ||
| Microsoft Surface Pro X – 11ac & WPA3 | WCN3998 Wi-Fi Chip (11ac, WPA3) | ||
|
Mobile Phones |
|||
| Apple iPhone 5 | iOS 12.4.1 | ||
| Apple iPhone 6s | iOS 13.5 | ||
| Apple iPhone 8 | iOS 13.5 | ||
| Apple iPhone X MQA52LL/A | iOS 13.5 | ||
| Apple iPhone 11 | iOS 14.1 | ||
| Apple iPhone SE MLY12LL/A | iOS 11.3 | ||
| ASCOM SH1 Myco2 | Build 2.1 | ||
| ASCOM SH1 Myco2 | Build 4.5 | ||
| ASCOM Myco 3 v1.2.3 | Android 8.1 | ||
| Drager Delta | VG9.0.2 | ||
| Drager M300.3 | VG2.4 | ||
| Drager M300.4 | VG2.4 | ||
| Drager M540 | DG6.0.2 (1.2.6) | ||
| Google Pixel 2 | Android 10 | ||
| Google Pixel 3 | Android 11 | ||
|
Google Pixel 3a |
Android 11 |
||
| Google Pixel 4 | Android 11 | ||
| Huawei Mate 20 pro | Android 9.0 | ||
| Huawei P20 Pro | Android 9.0 | ||
|
Huawei P40 |
Android 10 |
||
| LG v40 ThinQ | Android 9.0 | ||
|
One Plus 8 |
Android 10 |
||
|
Oppo Find X2 |
Android 10 |
||
|
Redmi K20 Pro |
Android 10 |
||
| Samsung Galaxy S7 | Andriod 6.0.1 | ||
| Samsung Galaxy S7 SM - G930F | Android 8.0 | ||
| Samsung Galaxy S8 | Android 8.0 | ||
| Samsung Galaxy S9+ - G965U1 | Android 9.0 | ||
| Samsung Galaxy SM - G950U | Android 7.0 | ||
|
Sony Experia 1 ii |
Android 10 |
||
| Sony Experia xz3 | Android 9.0 | ||
|
Xiaomi Mi10 |
Android 10 |
||
| Spectralink 8744 | Android 5.1.1 | ||
| Spectralink Versity Phones 9540 | Android 8.1 | ||
| Vocera Badges B3000n | 4.3.2.5 | ||
| Vocera Smart Badges V5000 | 5.0.4.30 | ||
| Zebra MC40 | Android 5.0 | ||
| Zebra MC40N0 | Android 4.1.1 | ||
| Zebra MC92N0 | Android 4.4.4 | ||
| Zebra TC51 | Android 7.1.2 | ||
| Zebra TC52 | Android 8.1.0 | ||
| Zebra TC55 | Android 8.1.0 | ||
| Zebra TC57 | Android 8.1.0 | ||
| Zebra TC70 | Android 6.1 | ||
| Zebra TC75 | Android 6.1.1 | ||
| Printers | |||
| Zebra QLn320 Printer | LINK OS 6.3 | ||
| Zebra ZT230 Printer | LINK OS 6.3 | ||
| Zebra ZQ310 Printer | LINK OS 6.3 | ||
| Zebra ZD410 Printer | LINK OS 6.3 | ||
| Zebra ZT410 Printer | LINK OS 6.3 | ||
| Zebra ZQ610 Printer | LINK OS 6.3 | ||
| Zebra ZQ620 Printer | LINK OS 6.3 | ||
|
Wireless Module |
|||
|
Intel 11ax 200 |
Driver v22.20.0 | ||
|
Intel AC 9260 |
Driver v21.40.0 | ||
|
Intel Dual Band Wireless AC 8260 |
Driver v19.50.1.6 |
||
Issues
Issues describe unexpected behavior in Cisco IOS releases in a product. Issues that are listed as Open in a prior release are carried forward to the next release as either Open or Resolved.
Note |
All incremental releases contain fixes from the current release. |
Cisco Bug Search Tool
The Cisco Bug Search Tool (BST) allows partners and customers to search for software bugs based on product, release, and keyword, and aggregates key data such as bug details, product, and version. The BST is designed to improve the effectiveness in network risk management and device troubleshooting. The tool has a provision to filter bugs based on credentials to provide external and internal bug views for the search input.
To view the details of an issue, click the corresponding identifier.
Open Caveats for Cisco IOS XE Bengaluru 17.6.8
|
Caveat ID |
Description |
|---|---|
|
Native mode and IOx application both use the IoT UART interface resulting in continuous IoT chip resets |
|
|
Multicast L3 packets are sent in native VLAN when VLAN ID 1 is selected in policy profile with AAA override |
Open Caveats for Cisco IOS XE, Bengaluru, 17.6.7
|
Identifier |
Headline |
|---|---|
|
Cisco Catalyst 9105AX APs do not reset Bluetooth Low Energy (BLE) interface after 100 attempts. |
|
|
Cisco Catalyst 9105, 9115, or 9120 Series APs: Radio is misconfigured after AP reloads when admin state down. |
|
|
Cisco COS AP checks DELETE_VAP_PAYLOAD CAPWAP payload sanity before blindly deleting. |
|
|
Controller does not send IPv4 GARPs or IPv6 NA for wireless client in RUN state after a switchover. |
|
|
Cisco COS APs connected to the controller loses WLAN VLAN mapping intermittently in FlexConnect mode. |
|
|
Controller does not forward the broadcast Address Resolution Protocol (ARP) request to the wireless client. |
|
|
Cisco Catalyst 9120 AP transmit power in dbm does not match between controller or AP. |
|
|
Cisco Catalyst 9800-40 Wireless Controller reloads due to Critical process WNCd fault in rp_0_1 (rc=139). |
|
|
Controller GUI pop-ups are not displayed correctly in Dark mode. |
|
|
Cisco Catalyst 9166D1 AP changes from US to UX country domain when AP moves from LPi mode to Standard Power (SP) mode. |
|
|
Controller accepts the reserved IPv6 multicast address to be configured as Mobility multicast IPv6 address. |
|
|
The per client rate limit does not work when using FlexConnect local switching APs. |
|
|
The local password policy in the controller does not take effect during Controller GUI login. |
|
|
Inconsistent transmission power levels advertised in Country information of beacon frame causes client-side issues. |
|
|
Cisco Catalyst 9130 AP does not honor the U-APSD trigger frame causing real-time protocol (RTP) stream disruption. |
Open Caveats for Cisco IOS XE Bengaluru 17.6.6a
|
Identifier |
Headline |
|---|---|
|
The rogue rule configuration for delete classification does not take effect. |
|
|
Certificate failure issues observed when joining APs to the controller using CMCA III certificate structure. |
|
|
The show wireless client summary detail command does not show all IPv6 addresses. |
|
|
Cisco Aironet 4800 Series AP beacons are missed intermittently on multiple BSSIDs. |
|
|
Cisco Aironet 3800 Series AP experiences radio firmware crash. |
|
|
Cisco Catalyst 9120 Series AP: XOR mode is not updated on the database. |
|
|
Cisco Catalyst 9105 Series AP WGB does not send PMKID during reassociation. |
|
|
Cisco Catalyst 9130 Series AP crash observed due to radio failure. |
|
|
Cisco Catalyst 9130 Series AP does not forward 802.1x identity request with wireless phones. |
|
|
Unable to remove port security configurations under interface through NETCONF. |
|
|
Kernel panic crash observed on Cisco Aironet 1815 Series AP. |
|
|
The controller pushes accounting information for PSK local authentication WLANs. |
|
|
Profile mismatch counter does not increase. |
|
|
Cisco Aironet 1840 Series AP: OfficeExtend Access Point (OEAP) crashes due to radio recovery failure. |
|
|
Cisco Aironet 2800 Series AP do not process EAP-TLS fragmented packets if there is a delay of more than 50 milliseconds. |
Open Caveats for Cisco IOS XE, Bengaluru, 17.6.6
|
Identifier |
Headline |
|---|---|
|
The rogue rule configuration for delete classification does not take effect. |
|
|
Certificate failure issues observed when joining APs to the controller using CMCA III certificate structure. |
|
|
The show wireless client summary detail command does not show all IPv6 addresses. |
|
|
Cisco Aironet 4800 Series AP beacons are missed intermittently on multiple BSSIDs. |
|
|
Cisco Aironet 3800 Series AP experiences radio firmware crash. |
|
|
Cisco Catalyst 9120 Series AP: XOR mode is not updated on the database. |
|
|
Cisco Catalyst 9105 Series AP WGB does not send PMKID during reassociation. |
|
|
Cisco Catalyst 9130 Series AP crash observed due to radio failure. |
|
|
Cisco Catalyst 9130 Series AP does not forward 802.1x identity request with wireless phones. |
|
|
Unable to remove port security configurations under interface through NETCONF. |
|
|
Kernel panic crash observed on Cisco Aironet 1815 Series AP. |
|
|
The controller pushes accounting information for PSK local authentication WLANs. |
|
|
Profile mismatch counter does not increase. |
|
|
Cisco Aironet 1840 Series AP: OfficeExtend Access Point (OEAP) crashes due to radio recovery failure. |
|
|
Cisco Aironet 2800 Series AP do not process EAP-TLS fragmented packets if there is a delay of more than 50 milliseconds. |
Open Caveats for Cisco IOS XE, Bengaluru, 17.6.5
|
Caveat ID |
Description |
|---|---|
|
Cisco Aironet 1852 Access Point experiences radio firmware crash. |
|
|
Cisco Aironet 4800 Access Point experiences radio firmware crash. |
|
|
Cisco Catalyst 9115AXI Access Point deteccts invalid cookie and resets to ux domain. |
|
|
The N+1 High Availability setup for FlexConnect APs are not working. |
|
|
EAP-TLS is failing for the wired clients behind Mesh Access Points (MAP) in 2800/3800/4800/1562/6300 series APs. |
|
|
Cisco Aironet 3802 Access Point experiences kernel crash. |
|
|
Cisco Aironet 3800 Access Point experiences radio crash due to stuck beacon. |
|
|
Controller is tracking stale entries due to which anchored client is getting IPv4 and IPv6 addresses at different VLANs. |
|
|
Cisco Catalyst 9130 Access Point is not sending EAP_ID_RESP next assoc-req after Protected Management Frames (PMF) client tx deauth in middle of Extensible Authentication Protocol (EAP) handshake. |
|
|
ICAP: Anomaly capture events for a client on Cisco Catalyst 9130 Access Point is often missing Packet Capture (PCAP). |
|
|
FlexConnect client is intermittently unable to reconnect to an AP. |
|
|
CleanAir statistics are not visible in Cisco Catalyst 9130 Access Points when joined to EWC. |
|
|
Channel 165 is not allowed on Cisco Aironet 2800, 3800, 4800 Access Points. |
|
|
Cisco Catalyst 9120 Access Point experiences vernel panic crash. |
|
|
Cisco Aironet 3800 and 4800 Access Points stop sending Internet Group Management Protocol (IGMP) membership report. |
|
|
Cisco Aironet 3800 Access Point is consistently reporting high QoS Basic Set Service (QBSS) load. |
|
|
Wireless clients unable to connect to Cisco Aironet 1830 Access Point. |
|
|
Cisco Aironet 1815W Access Point is crashing due to Out of Memory (OOM). |
|
|
Rogue rule delete classification configuration is not working. |
|
|
Allow wireless client IPv6 traffic coming with new src addresses without learning after 8 addresses. |
|
|
Profile mismatch counter is not increasing. |
Open Caveats for Cisco IOS XE, Bengaluru, 17.6.4
|
Caveat ID |
Description |
|---|---|
|
Controller does not send the right Association IDentifier (AID) causing APs to not accept new clients. |
|
|
High channel utilization is observed when 9 or more clients use MS TEAMS in a Cisco Catalyst 9130 AP. |
|
|
Cisco Aironet 4800 Series AP in 8.10.171.0 crash due to FIQ or NMI reset. |
|
|
Cisco Catalyst 9130 AP does not transmit Extensible Authentication Protocol (EAP) identity request. |
|
|
Cisco Aironet 1815m AP experiences high channel utilization in 5GHz radio with 40MHz. |
|
|
Anomaly Capture events for a client in Cisco Catalyst 9130 AP is often missing Packet CAPture (PCAP). |
|
|
Cisco Catalyst 9105AXW AP introduces latency when clients use RLAN ports. |
|
|
CAPWAP MTU flapping occurs in COS APs due to asymmetric MTU between AP to controller and vice-versa. |
|
|
Missing CleanAir data for 2.4GHz in Cisco Catalyst 9120 or 9130 series APs. |
|
|
Cisco Catalyst 9800-80 Wireless Controller in High Availability experiences 100% CPU in all wncds after configuration change. |
|
|
wncmgrd process memory leak is observed in Cisco IOS XE 17.8. |
|
|
Four-way handshake is not completed in controller or Cisco Catalyst 9115 AP. |
|
|
Wireless clients cannot reach each other as the ARP resolution fails when performing dynamic VLAN assignment using AAA. |
|
|
High Availability split brain is observed in the controller due to multiple secondary address in the interface. |
|
|
Users connecting to the dot1x SSID are disconnected with CO_CLIENT_DELETE_REASON_EXCLUDE_IP_THEFT delete code. |
|
|
Client fails to connect when protocol based Quality of Service (QoS) is configured. |
|
|
APs are unable to broadcast SSID after provisioning from Cisco DNAC. |
|
|
Standby controller becomes the new active but does not send GARPs for Wireless Management Interface after joining High Availability pair again after network disconnection. |
|
|
FlexConnect WLAN VLAN mapping disappears when using VLAN name defined in the Flex Profile. |
|
|
Controller does not update RFID location properly. |
|
|
6 GHz channels are displayed as 2.4 GHz when executing show ap wlan summary command. |
|
|
AAA VLAN override is not considered during Identity PSK (iPSK) authentication and anchor WLAN. |
|
|
Few OIDs in CISCO-ENHANCED-MEMPOOL-MIB display No instance after switchover in Cisco IOS XE 17.6.1. |
|
|
Controller does not send Logical Link Control (LLC) or eXchange IDentifier (XID) spoofed frames after a mobility event. |
|
|
Crash happens intermittently in the controller when WNCd critical process failed. |
|
|
Site tags are not load balanced correctly for each WNCd process. |
|
|
Radio Resource Management (RRM) startup mode is triggered in every reboot as the controller does not keep track of the last state. |
|
|
The LISP RELIABLE REGISTRATION related Syslog needs to be enhanced. |
|
|
Cisco Aironet 3800 Series AP crashes due to kernel panic. |
|
|
Cisco Aironet 4800 AP sends upstream DHCP packets in CAPWAP in FlexConnect local switching local DHCP policy. |
|
|
Kernel panic - not syncing: Fatal exception "off_channel resp timeout". |
|
|
Cisco Catalyst 9124 MAP fails to connect to Cisco Aironet 1562 RAP after the first reload of MAP. |
|
|
Cisco Catalyst 9100 AP Plug and Play (PnP) is unable to resolve any public Network Time Protocol (NTP) server. |
|
|
Upstream video traffic drops in Cisco Catalyst 9124 AP. |
|
|
The Local Web Authentication (LWA) client gets deleted immediately when joining the Flex WLAN after a Site or Policy Tag update. |
|
|
Cisco Catalyst 9115 and 9120 APs are stuck in boot loop due to signature verification failure. |
|
|
Channel 165 is not allowed in Cisco Aironet 2800, 3800, or 4800 AP models. |
|
|
Cisco Catalyst 9130 Series AP experiences kernel panic crash in NSS. |
|
|
OEAP Cisco Aironet 1815T and 1810 with 802.1x supplicant configuration does not enter the FlexConnect Standalone state. |
|
|
Cisco Catalyst 9100 AP does not transmit the directed broadcast over-the-air. |
Open Caveats for Cisco IOS XE, Bengaluru, 17.6.3
|
Caveat ID |
Description |
|---|---|
|
Controller does not sort the RFID RSSI received from APs before sending 16 APs to the connector. |
|
|
Cisco Catalyst 9800 Series Wireless Controller deletes client when it receives DHCP RELEASE during 802.1x and Posture Auth. |
|
|
A large number of unwanted clean air or 11k related errors and messages are noticed at debug level adding to wncd CPU utilization. |
|
|
Cisco Catalyst 9800 Series Wireless Controller sends wrong payload information to AP when mesh RRM is enabled or disabled. |
|
|
Controller rejects clients with wrong PMKID when client moves from FT-AKM to dot1x-AKM. |
|
|
The FortyGigabitEthernet 0/1/1 interfaces in Cisco Catalyst 9800-80 Wireless Controller is stuck in DOWN state after repeated HA failovers. |
|
|
Client is unable to reassociate to the controller after failing the Broadcast Key rotation process. |
|
|
Cisco Catalyst 9105, 9115, or 9120 Series APs report false radar detection. |
|
|
Cisco Catalyst 9800 Series Wireless Controller does not send the right AID causing APs to not accept new clients. |
|
|
MU sounding errors lead to TCQ stuck issue. |
|
|
High channel utilization is observed when 9 or more clients use MS Teams in a Cisco Catalyst 9130 AP. |
|
|
Cisco Catalyst 9130 APs drop traffic on air for Phoenix WinNonlin Application. |
|
|
Controller running 8.10.151.0 experiences CleanAir sensor down. |
|
|
Cisco Catalyst 9120 APs display high client count when neighboring APs have very few clients associated to it. |
|
|
Cisco Aironet 1810 AP restarts abnormally on the controller due to Out of Memory. |
|
|
Cisco Catalyst 9115 AP reports incorrect radar DFS channels in GUI. |
|
|
Cisco Catalyst 9120 AP displays Null pointer de-reference when PC is at wlc_wnm_is_wnmsleeping. |
|
|
Cisco Aironet 2802 and 3802 AP experiences kernel panic crash in 8.10.151.0. |
|
|
Central Web Authentication (CWA) clients with Run state cannot go online even though they are in Run state. |
|
|
Cisco Aironet 4800 APs cannot reach the default gateway after CTS manual configuration is added to the AP switchport. |
|
|
Cisco Aironet 3800 series AP crashes due to kernel panic. |
|
|
Cisco Catalyst 9117 AP crashes due to kernel panic in cisco_wlan_crypto_decap. |
|
|
AP is sending ARP packet without VXLAN encapsulation. |
Open Caveats for Cisco IOS XE, Bengaluru, 17.6.2
|
Caveat ID |
Description |
|---|---|
|
Cisco Catalyst 9120 AP and 8821 phone delays in downstream or signalling does not work. |
|
|
Cisco Aironet 1832 AP experiences kernel panic while setting client ACL in Cisco IOS XE 17.3.4. |
|
|
cEdge reloads unexpectedly when issuing OMP shutdown from the CLI. |
|
|
Firmware crash observed in Cisco Catalyst 9117 Series APs. |
|
|
APs do not send NDP packets on slot 1. |
|
|
Sensord crash is observed in Cisco Catalyst 9130 AP after off_channel RX timeout. |
|
|
Software crashes on process wcpd when C9130 AP is connected to the controller (17.6.1.13). |
|
|
IOS AP brings the radio down after encountering DFS event even when non-DFS channels are available. |
|
|
The Cisco Aironet 2800 APs with lower RSSI is populated in the neighbour list. |
|
|
Cisco Catalyst 9120 AP crashes due to kernel panic after an upgrade from 17.3.3.26 to 17.3.4.30. |
|
|
The CleanAir interference devices are not merged in clusters. |
|
|
The controller does not respond to TCP, SSH, or RADIUS packets randomly. |
Open Caveats for Cisco IOS XE, Bengaluru, 17.6.1
|
Caveat ID |
Description |
|---|---|
|
Cisco Aironet 1810W AP reloads unexpectedly due to kernel panic. |
|
|
Cisco Aironet 1815 AP reloads unexpectedly due to out of memory. |
|
|
Cisco Catalyst 9120 AP reloads unexpectedly after upgrading to 8.10.158.38. |
|
|
Cisco Catalyst 9115 AP reports false radar detection on channels 100-112. |
|
|
Cisco Catalyst 9130 AP reloads unexpectedly due to kernel panic. |
|
|
Controller reloads unexpectedly on Pubd process in evlib. |
|
|
Cisco Catalyst 9115 AP reloads unexpectedly after loading the 17.3.3 ES6 image. |
|
|
Cisco Catalyst 9115 AP reloads unexpectedly on 17.3.3 ES7 image. |
|
|
Cisco Aironet 3702 AP is generating AES-CCMP errors for PSK SSIDs. |
|
|
AP data for \"total frame error over air\" & \"multicast/broadcast counter\" are missing. |
|
|
Cisco Catalyst 9800-80 controller is going to ROMMON after multiple failovers due to power cycling. |
|
|
Ping loss increases after two days of reboot. |
|
|
Cisco AP is stuck in discovery process when switch side port VLAN is changed from quarantine to access. |
|
|
Cisco Aironet 4800 APs in Enhanced Local Mode (ELM) and Local Mode on same controller/RF group are detecting each other as honeypot. |
|
|
Cisco AP is not accepting clients in 2.4 GHz. |
|
|
Cisco Aironet 2800 and 3800 APs reload unexpectedly and ends up with erased config and sshd service is unable to start. |
|
|
uWGB client timeout value is not persistent after reload. |
|
|
Cisco Catalyst 9130 AP running 17.5.1 fast-locate records are not sent even when client is connected to the AP. |
|
|
Cisco Catalyst 9800-CL controller in standby mode is getting removed frequently after breaking HA. |
|
|
Cisco Aironet 4800 Series AP reload unexpectedly on radio1 abnormally. |
|
|
Controller reloads unexpectedly when enabling RMI+RP in WebUI before bringing HA connectivity up first. |
|
|
RRM AP transmit power is not moving into the maximum or minimum configured power. |
|
|
Datapath state mismatch strands wireless clients after roaming. |
|
|
Cisco Catalyst 9120 AP stops transmitting frames to Macbook after session reauth. |
|
|
Post-Auth access control lists (ACLs) are not working in the controller. |
|
|
Memory leak is observed due to linux_iosd-imag. |
|
|
Cisco Aironet 2800 and 3800 APs: Kernel panic driver crash is observed due to kernel panic on 2.4GHz radio. |
|
|
Cisco Aironet 2800 and 3800 APs: Firmware crash is observed due to cmd timeout wifi0. |
|
|
Cisco AP with non-EWC image is being factory reset due to DHCP 43 option with type f2 is set. |
|
|
Cisco Catalyst 9120 AP fails to forward packets. |
|
|
Cisco Catalyst 9130 APs display 100% channel utilization. |
|
|
Cisco Aironet 2802 AP stops acknowledging frames till client sends BAR. |
|
|
EAP-Request retry is not sent by the AP. |
|
|
Cisco Aironet 1852 AP radio crash is observed. |
|
|
Cisco Catalyst 9120 AP fimware crash is observed on radio 1. |
|
|
The show ap cdp neighbours command displays switch name instead of domain name. |
|
|
Flash memory cleanup is failing. |
|
|
Intermediate-System to Intermediate-System (IS-IS) adjacency is not forming with point to point bridging. |
|
|
Cisco Aironet 4800 AP is detecting its own BSSID as rogue. |
|
|
CWA: Client prompted to web-auth login when roaming APs. |
Resolved Caveats for Cisco IOS XE Bengaluru 17.6.8
|
Identifier |
Headline |
|---|---|
|
TPC does not work as expected when dual-band operates in 5-GHz or when Cisco Catalyst 9130 AP Slot 2 operates in client-serving role |
|
|
Controller GUI does not allow modifying QoS policies without setting the “QoS SSID policy” in the policy profile |
|
|
AP should perform a DELETE_VAP_PAYLOAD CAPWAP payload sanity check before blinding deleting |
|
|
IP Theft is observed when the zone ID is 0x00000000 |
|
|
Cisco Catalyst 9130 AP in Cisco IOS XE 17.3.6 fails to join back when fast transition data is set in BSSID after a site-tag change in the controller |
|
|
Cisco Catalyst 91xx AP does not process the EAP-TLS Server Hello |
|
|
The multicast DNS (mDNS) service policy update fails in SVI interfaces |
|
|
Controller allows client reconnect after client deletion and Change of Authorization (CoA) termination |
|
|
AP should perform a DELETE_VAP_PAYLOAD CAPWAP payload sanity check before blinding deleting |
|
|
Policy tag description disappears after deleting WLAN location entries |
|
|
Controller GUI displays only a blank page after the User Login page due to malformed user preference JSON |
|
|
Cisco Catalyst 9115 AP ends abnormally with Kernel Panic as the reload reason |
|
|
Audit session ID changes after inter-WNCD roam |
|
|
Client authentication fails in Cisco Catalyst 9120 AP with "Sending Msg:2 in mode:2 to hostapd failed" |
Resolved Caveats for Cisco IOS XE, Bengaluru, 17.6.7
|
Identifier |
Headline |
|---|---|
|
Cisco Catalyst 9120 AP experiences kernel panic due to wlc_key_set_data. |
|
|
Radio firmware and Capwapd ends abnormally during scale longevitiy. |
|
|
New SSID arp0v0 is broadcasted after a Cisco IOS XE Cupertino 17.9.3 wireless upgrade. |
|
|
IP theft is observed when the zone ID is 0x00000000. |
|
|
Cisco Catalyst 9105 and 9115 Series APs report false radar detection. |
|
|
APs randomly fail to onboard new client associations with netlink_socket_receive multicast_group 1 return failure: No buffer space available errors. |
|
|
The channel set fails when Cisco Aironet 1800 or 1500 APs try to come out after Dynamic Frequency Selection (DFS) NOL list. |
|
|
Cisco Aironet 2800 AP in Taiwan domain does not send WiFi signals in channel 52, 120, 124, and 128. |
|
|
Cisco Catalyst 9130AXI APs end abnormally due to radio failure. |
|
|
Cisco Aironet 3800 AP experiences firmware crash reset code 2 with crash signature gdp. |
|
|
Cisco Catalyst 9130 APs experience kernel panic crash after an upgrade to Cisco IOS XE Bengaluru 17.6.6. |
|
|
Cisco Catalyst 9120 AP ends abnormally due to kernel panic. |
|
|
SCB Mismatch - radio ends abnormally during longevity test with Cisco Catalyst 9105 AP. |
|
|
Cisco Catalyst 9115 AP (Local mode) ends abnormally due to kernel panic. |
|
|
Cisco Catalyst 9130 AP ends abnormally due to radio recovery failure. |
|
|
Cisco Catalyst 91xx AP does not process the EAP-TLS Server Hello. |
|
|
Policy tag description disappears after deleting WLAN location entries. |
|
|
Cisco Catalyst 9130 APs in Flex mode stops forwarding router advertisements after 4 to 6 hours of uptime. |
|
|
Audit session ID changes after an inter-WNCD roam. |
|
|
Cisco Aironet 1815 AP with Cisco IOS XE 17.9.2 experiences kernel panic. |
|
|
Transmit Power Control (TPC) does not work as expected when secondary radio operates in 5-GHz band. |
|
|
Transmission stuck issue is observed when Cisco Catalyst 9120 AP detects any radar event. |
|
|
Controller pushes RADIUS accounting information to AP when SSID is configured for Local Auth with PSK as AKM. |
|
|
Controller configured with RADIUS server using FQDN does not update properly during DNS periodic update. |
|
|
Cisco Catalyst 9115AX AP does not forward a part of the CAPWAP data packets to the uplink direction. |
|
|
The multicast DNS (mDNS) service policy updation fails under SVI interfaces. |
|
|
Controller allows client reconnect after client deletion and Change of Authorization (CoA) termination. |
|
|
Cisco Catalyst 9130 or 9136 APs do not respect the Power Save mode. |
|
|
Cisco Catalyst 9120 AP ends abnormally due to kernel panic - not syncing: assert:"0" failed: file "wlc_fifo.c:960". |
|
|
Cisco Aironet 1830 or 1850 APs report false high channel utilization causing performance issues in 5-GHz band. |
|
|
Cisco Catalyst 9130 AP experiences issues when Cisco Universal Power over Ethernet (UPOE+) spare pair turn off CDP TLV message is triggered. |
|
|
Controller GUI does not allow modifying QoS policies without QoS SSID policy being set. |
|
|
AP FlexConnect as mDNS gateway does not respond correctly when LSS filter is enabled in 5-GHz band. |
|
|
Cisco Aironet 2800, 3800, 4800, 1560, or 6300 APs do not send Quality of Service (QoS) data frames downstream. |
|
|
APs do not plumb keys after a session timeout reauthentication. |
|
|
Cisco Catalyst 9130 AP fails to join back until the old site-tag is applied after the site-tag is changed in Cisco IOS XE 17.3.6. |
|
|
Cisco Catalyst 9120 AP experiences radio crash during longevity run with Cisco IOS XE 17.13.0.101 image. |
|
|
Cisco Aironet 1815s AP reports high channel utilization in 5-GHz band. |
|
|
Cisco Industrial Wireless 3702 AP radios are reset and stay down when board temperature is less than -20 degree Celsius. |
|
|
Cisco Catalyst 9130 AP wireless driver does not decrypt the packet when IP packets are sourced from some wireless clients. |
|
|
Cisco Catalyst 9120 AP experiences kernel panic when PC is at wlc_bmac_suspend_mac_and_wait+0x3c/0x488 [wl]. |
|
|
Cisco Catalyst 916(x) AP: Radio firmware ends abnormally with Thread ID: 0x00000069, Thread name: WLAN BE, PC : 0x4ae62d70(SF 06646968). |
|
|
Cisco Catalyst 9120 and 9115 APs experience unexpected disjoins from the controller and does not establish DTLS again. |
Resolved Caveats for Cisco IOS XE Bengaluru 17.6.6a
|
Identifier |
Headline |
|---|---|
|
Cisco IOS XE Software Web UI Privilege Escalation Vulnerability For more information, see Security Advisory: cisco-sa-iosxe-webui-privesc-j22SaA4z. |
Resolved Caveats for Cisco IOS XE, Bengaluru, 17.6.6
|
Identifier |
Headline |
|---|---|
|
Controller crashes and experiences CPU HOG in wncmgrd due to scale netflow. |
|
|
Controller moves SIP packets from CS3 to CS0 in upstream or downstream when voice Call Admission Control (CAC) is configured. |
|
|
Cisco Aironet 1852 AP experiences radio firmware crash. |
|
|
Cisco Aironet 1572EAC AP does not respond to the Canadian EIRP regulation. |
|
|
Samsung device (Galaxy Tab S6 Lite - P610K) association is rejected with status code 40. |
|
|
Cisco Catalyst 9120 AP reloads unexpectedly due to radio firmware crash. |
|
|
Channel 165 is not allowed in Cisco Aironet 2800, 3800, and 4800 Series APs. |
|
|
Cisco Catalyst 9130 AP does not include the management frame count calculation across AP chipsets. |
|
|
Cisco Catalyst 9120 AP does not disable High Efficiency with dual 5-GHz in Slot 0. |
|
|
Cisco Aironet 3800 AP radio reloads unexpectedly when beacon is stuck. |
|
|
Controller Quality of Service (QoS) page does not load when ACL has double quotes as special character in the name. |
|
|
Controller crashes after failing to match the interface ID in the anchor message. |
|
|
Cisco Catalyst 9800-CL Wireless Controller allocates only 256-MB of DRAM or EXMEM leading to instability and CPP crashes. |
|
|
Cisco Catalyst 9115 AP does not transmit the first CAPWAP data keepalive on wire during N+1 failover in FlexConnect mode. |
|
|
Controller does not send the group temporal key (GTK) M5 packet to Cisco IP Phone 8821 after Fast Transition roaming between wncds. |
|
|
Client is unable to roam successfully and pass traffic in SDA environment. |
|
|
Client traffic fails with N+1 when Cisco Catalyst 9120 AP sends CLIENT_DEL_STOP_REASSOC. |
|
|
CAWAP tunnel is not formed between Office Extend Access Points (OEAP) and controller after changing the public IP. |
|
|
Cisco Aironet 3800 AP consistently reports high QoS Basic Set Service (QBSS) load. |
|
|
Cisco Catalyst 9120 AP deauthenticates the WGB continuously after roam. |
|
|
Controller does not plumb IPv4 address in IP Source Guard (IPSG) datapath in CWA SSIDs for clients with single IPv4 address. |
|
|
The show wireless client detail sum command displays Apple iPad (10 generation) as not classified and unknown device. |
|
|
Cisco Catalyst 9120 AP fails the EAP-TLS port authentication as password cannot be decrypted. |
|
|
Cisco Aironet 1830 AP fails with writing to fd 27 failed! error when connecting to the controller. |
|
|
Cisco Aironet 3802 AP experiences kernel crash. |
|
|
Cisco Catalyst 9130 AP displays incorrect Local power constraint value in management frames. |
|
|
Cisco Aironet 3802 AP broadcasts different power values in beacon country IE. |
|
|
Cisco Catalyst 9105AXW AP fails to boot when number of bad blocks are greater than 90. |
|
|
The device-tracking binding reachable-lifetime command does not work on the controller. |
|
|
Client in FlexConnect mode is unable to reconnect to an AP. |
|
|
Aeroscout T15e (Third-party device) tags attached to medical devices do not report temperature data due to extra bytes. Apple |
|
|
CSV file import fails when static AP mapping table already contains few entries. |
|
|
Wired client behind Cisco Catalyst 9105 AP fails to pass traffic. |
|
|
Controller GUI hangs when Application Visibility and Control (AVC) profile is enabled with special characters. |
|
|
Cisco Aironet 1852 AP crashes due to radio failure. |
|
|
Cisco Catalyst 9130 AP experiences random radio firmware reload. |
|
|
WNCd crash is observed when accessing Crimson database. |
|
|
One-shot error is displayed when applying AP Service Pack (APSP) on controller. |
|
|
Cisco Wave 2 APs in FlexConnect standalone mode experiences client disconnections. |
|
|
Spectralink Versity 9553 phones experience sporadic and robotic voice delays during a short period after Fast Transition roaming between Cisco Aironet 3802 APs. |
|
|
Cisco Catalyst 9130 (VID03) AP does not have the "iox.tar.gz" file in Day 0 factory image. |
|
|
Higher packet loss is observed during Cisco IP Phone 8821 voice call. |
|
|
The Monitoring > Wireless > AP Statistics page does not load in the GUI for Cisco Aironet 3800 AP. |
|
|
Wireless device tracking fails while adding static IP and MAC bindings. |
|
|
Clients after a Change of Authorization (CoA) is allowed network access for a short duration using cached PMK. |
|
|
Wireless client cannot communicate after session timeout when AP drops once during the session. |
|
|
Associated APs are not seen in Cisco DNAC. |
|
|
Controller GUI login screen appears blank when ampersand is used in username. |
|
|
Access Points intermittently report high channel usage in 5-GHz radio with 40 MHz. |
|
|
Cisco Wave 2 APs improve PMTU discovery mechanism to honor the ICMP unreachable maximum transmission unit (MTU) value. |
|
|
Active controller reboots when redundancy port (RP) link comes up. |
|
|
Controller does not provide RSSI location data for some of the RFID tags in database. |
|
|
Cisco Catalyst 9105 AP randomly reloads with Kernel panic - not syncing: Fatal exception error message. |
|
|
Cisco Catalyst 9136i AP crashes due to kernel panic. |
|
|
The image download space check in /tmp is 40 MB only, most of the AP image has more than 60 MB. |
|
|
Clients are unable to roam between APs with WPA3 enterprise SSID and SuiteB192. |
|
|
Mobile devices cannot prompt incorrect password in Cisco Catalyst 9130 AP or controller after PSK SSID password is changed. |
|
|
Client data rate displays greater value in Assurance Client dashboard. |
|
|
Controller clears PMK ID when it fails to ressurect client entry upon N+1 AP failover. |
|
|
Controller does not send reassociation response for Fast Transition reassociation request with RIC for TID 0. |
|
|
Cisco IOx application experiences installation failure during application activation phase. |
|
|
Cisco Catalyst 9120 AP reloads unexpectedly with the following error message: "kernel panic - not syncing: fatal exception" |
|
|
Cisco Wave 2 APs radio firmware reloads unexpectedly when queue is stuck. |
|
|
Cisco Catalyst 9120 AP sends RTS with 6 Mbps when the rate is configured as unsupported. |
|
|
AP does not allow a PMF WPA3 client to associate after the client sends deauthentication by itself. |
|
|
Cisco Wave 2 APs leak Network Address Translation (NAT) IP from Cisco IOx application. |
|
|
Cisco Catalyst 9130AX AP experiences kernel panic. |
|
|
Cisco Wave 2 APs are not encrypting EAP_ID_REQ after M1 to M4 and not updating PMKID for dot1x OKC. |
|
|
Cisco Catalyst 9115 AP experiences kernel panic when PC or LR is at drop_pagecache_sb+0x78/0x110. |
|
|
Wireless client is deauthenticated after idle timeout. |
|
|
Single band BCM WGB radio 0 transmission power decrease by nearly 20 dBm while configuring the antenna number. |
|
|
AP crashes when PC and LR are at get_partial_node.isra. |
|
|
Controller and Cisco Catalyst 9124 AP are unable to get wired client information from workgroup bridge. |
|
|
Cisco Wave 2 APs drop upstream Extensible Authentication Protocol (EAP) packets. |
|
|
Cisco Catalyst 9130 AP does not transmit beacons. |
|
|
Crash is observed in the standby controller when saving QOS table to standby. |
|
|
Cisco Catalyst 9124 AP does not forward traffic to workgroup bridge after a session timeout. |
|
|
Wireless traffic encapsulated in VXLAN from AP to FE is dropped when the destination MAC is incorrect. |
|
|
The following syslog message is displayed while changing AP location using controller GUI: % Error: AP is already in the requested state |
|
|
Need an option to prioritize keepalives in the RP port in the HA-SSO deployment. |
|
|
The username is missing randomly for wireless 802.1x clients. |
|
|
AP intermittently stops sending Internet Group Management Protocol (IGMP) membership report. |
|
|
Cisco Catalyst 9105AXW AP experiences large number of bad blocks. |
|
|
AP crashes due to CALLBACK FULL reset radio error. |
|
|
Root certificates of CG522E are lost after each reload. |
|
|
The client traffic stops after the AP fails over to N+1 controller with FlexConnect local switching. |
|
|
Cisco Catalyst 9800 Wireless Controller Inter-Release Controller Mobility (IRCM) client is deleted due to profile name mismatch. |
|
|
Cisco Catalyst 9120 Series AP experiences kernel panic crash. |
|
|
Controller reloads unexpectedly. |
|
|
Cisco Aironet 1815W AP crashes due to out-of-memory issue. |
|
|
Redundancy fails during double bit ECC error. |
|
|
WGB wired clients connected to RAP in local mode, sends upstream broadcast packets and causes out-of-memory on the RAP. |
|
|
Cisco Catalyst 9105AXW Series APs do not recover after upgrade. |
|
|
Cisco Aironet 3800 Series AP reloads unexpectedly due to FIQ/NMI reset. |
|
|
Cisco Aironet 2800/3800/4800/1562 Series APs and Cisco Catalyst IW6300 Heavy Duty Series APs: EAP-TLS fails for wired clients behind MAP. |
|
|
Cisco Catalyst 9164 Series AP randomly crashes and restarts. |
|
|
Cisco Catalyst 9800-L wireless controller shows "Last reload reason: reload" instead of "Critical process wncd fault". |
|
|
Radio core crashes due to TCQ stuck state with frequent channel changes. |
|
|
Controller reloads unexpectedly with the following message: "Critical process wncd fault on rp_0_0 (rc=134)" |
|
|
Clients connected to FlexConnect AP with profile policy is assigned to VLAN ID=1 instead of native VLAN. |
|
|
Controller EVENTLIB-3-CPUHOG Traceback is observed. |
|
|
The snmp-server host command does filter special characters effectively. |
|
|
Cisco Catalyst 9124AXI AP does not forward RLAN traffic to the upstream network. |
|
|
Unexpected reboot due to Wireless Network Control Daemon (WNCD). |
|
|
Cisco Wave 2 APs fail to forward traffic to wireless clients for about 60 seconds in SDA fabric WLANs. |
|
|
DHCP Option 82 is not added in WLAN with EoGRE tunnel when SVI interface is down. |
|
|
Radio firmware crash experienced in Cisco Catalyst 9117 Series AP. |
|
|
Cisco Catalyst 9120 Series AP experiences kernel panic. |
|
|
Cisco Catalyst 9166D1 AP crashes due to kclick. |
|
|
Reliable Multicast (MC2UC) does not work for controller, Cisco Industrial Wireless 3702 Series Access Point, and Cisco Industrial Wireless 3700 Series Access Point WGB for native VLAN. |
|
|
Segmentation fault on the controller due to NULL timer. |
|
|
Cisco Catalyst 9130AXI Series AP Slot 1 does not announce High Throughput (HT)/Very High Throughput (VHT)/High-Efficiency (HE) capabilities when dual radio is enabled. |
|
|
Syslog configuration does not reflect in the Cisco Aironet 3800 AP. |
|
|
Cisco Wave 2 AP logs display CAPWAP MTU discovery issues. |
|
|
Rogue containment details are not shown in the show wireless wps rogue ap detail command. |
|
|
WNCD process crashes unexpectedly in a large scale setup. |
|
|
Dynamic Channel Assignment (DCA) assigns wrong channels after Dynamic Frequency Selection (DFS) events. |
|
|
EAP ID request is not sent from AP to client. |
|
|
Cisco Catalyst 9800-CL Wireless Controller crashes unexpectedly. |
|
|
ISSU upgrade causes AP Manager to crash and controller to go on boot loop. |
|
|
Cisco Catalyst 9800-CL Wireless Controller crashes with the following error message: "Last reload reason: Critical process wncd fault on rp_0_0 (rc=139)". |
|
|
Cisco Aironet 1815W AP crashes due to kernel panic. |
|
|
Cisco Aironet 3800 Series AP reloads unexpectedly due to FIQ/NMI reset. |
|
|
Kernel panic observed on Cisco Catalyst 9120 Series AP. |
|
|
Wireless clients are unable to connect to Cisco Aironet 1830 Series AP after an input or output error message. |
|
|
Load average warning messages are displayed when Cisco Catalyst 9800-80 Wireless Controller is healthy. |
|
|
The 5-GHz radio is operationally down in the -A domain APs in Panama. |
|
|
Controller License: Remove Reporting Interval (which is fixed to 8 hours) and change Sync Report to user action. |
|
|
Controller sends two CAPWAP control payloads for DOT11R_WLC_MAC_IP_PAYLOAD with the same sequence numbers. |
|
|
WCPd crashes unexpectedly due to reuse of freed packets. |
|
|
Unable to login to the controller GUI or command line interface with a user created by Day 0 wizard. |
|
|
AP LED flash automatically turns on after reboot. |
|
|
AP may not detect radar on the required levels after CAC time. |
|
|
Controller OID documentation is incomplete in the MIB file. |
|
|
LED on APs turning white randomly. |
|
|
Cisco Catalyst 9120 Series AP: Probes and beacons are not included in the management frame count across AP chipsets. |
|
|
Controller crashes when running AP packet capture. |
|
|
Cisco Catalyst 9120 Series AP does not respond to client's probe or authentication due to the TX STUCK issue. |
|
|
Unable to downgrade the Cisco Cellular Gateway device through the vManage GUI. |
|
|
Cisco Catalyst 9120 Series AP experiences kernel panic crash. |
|
|
Controller reboots due to memory corruption when processing DHCP Option 82. |
|
|
Controller device tracks stale entry due to the anchored client receiving IPv4 and IPv6 in different VLANs. |
|
|
Login error observed in macOS with guest login. |
|
|
The controller EPC inner filter captures CAPWAP data fragments and CAPWAP control not filtered by MAC. |
|
|
Cisco Industrial Wireless 3702 Series AP's WGB changes TID for EAP packets from TID 7 to TID 0. |
|
|
Cisco Wave 2 AP radio reloads unexpectedly due to the beacon being stuck. |
|
|
Controller MIB files do not include all coded integer values. |
|
|
Cisco Catalyst 9130 Series APs fail to start CAPWAP due to interface reset every 52 seconds, during the DHCP process. |
|
|
Cisco Catalyst 9166 Series AP crashes and leaves the crash file in the controller. |
|
|
The controller reloads unexpectedly with CAPWAP window size set to 0. |
|
|
The controller provides incorrect data for certain APs in response to the SNMP query bsnAPIfDot11BSSID. |
|
|
Cisco Catalyst 9120 Series AP: Firmware crashes when running multicast and longevity with more than 80 clients. |
|
|
Cisco Aironet 1815 Series AP drops RLAN and VLAN traffic with looped port. |
|
|
Cisco Wave 2 APs do not send the delete reason to the controller, resulting in stale entries. |
|
|
Kernal panic crash observed on Cisco Aironet 1830 Series AP. |
|
|
Cisco Catalyst 9105 Series AP and Cisco Aironet 1815 Series AP MAC device cannot get an IP address in the Ethernet port after AAA VLAN override. |
|
|
Cisco Aironet 4800 AP FW crash is observed in Radio 1. |
|
|
Cisco Catalyst 9130 Series AP do not send EAP_ID_RESP after PMF client TX deauthentication, in the middle of EAP handshake. |
|
|
The controller does not respond to keepalives from the AP after AP disconnect. |
|
|
Cisco Wave 2 AP reloads due to Systemd critical process crash. |
|
|
Clients are stuck in an authentication loop after N+1 HA switchover. |
|
|
RRM process crashes on the controller. |
|
|
Cisco Catalyst 9130 Series AP drops EAP-TLS frames. |
|
|
Cisco Catalyst 9166 Series AP: Kernel panic or crash observed. |
Resolved Caveats for Cisco IOS XE, Bengaluru, 17.6.5
|
Caveat ID |
Description |
|---|---|
|
WCPd crash is seen on Cisco Aironet 3800 APs. |
|
|
Cisco Wave1 APs are stuck in bootup loop due to image checksum verification failure. |
|
|
AP drops packets addressed to 10.128.128.127 or 10.128.128.128. |
|
|
A pubd crash is observed in 200-AP mesh configuration with telemetry subscriptions. |
|
|
iOX app fails to install on the Cisco Catalyst 9130, 9120, and Cisco Aironet 4800 APs. |
|
|
Cisco Aironet 2802 and 3802 APs are crashing due to kernel panic. |
|
|
Controller crashes in WNCd process when handling an EAP-NAK. |
|
|
Cisco Catalyst 9166I AP in FlexConnect local-auth mode keeps rebooting when Federal Information Processing Standard (FIPS) is enabled with dot1x security client. |
|
|
Client is not able to pass traffic after roaming using Wi-Fi Protected Access Version 2 (WPA2) Opportunistic Key Caching (OKC). |
|
|
AAA VLAN override is not considered during Identity PSK (iPSK) authentication and anchor WLAN. |
|
|
Controller ucode crashes due to CBAR/endpoint analytics. |
|
|
Cisco Catalyst 9100 Series APs such as 9105, 9115, and 9120 are unable to handle out of order packets. |
|
|
AppHost: App install fails when USB state is disabled in ap-join profile. |
|
|
Cisco Wave 2 APs: CAPWAP maximum transmission unit (MTU) flaps due to asymmetric MTU from AP to controller and vice versa. |
|
|
Wireless AAA Dynamic VLAN Assignment: Wireless clients cannot reach each other. |
|
|
Continuous wncmgrd CPUHOG traceback with scale Flexible NetFlow (FNF) mapping to policy profile 100% WNCd utilization. |
|
|
Cisco Catalyst 9120 and 9130 APs: CleanAir data for 2.4-GHz is missing. |
|
|
Multicast data is not sent to clients; some APs unable to join. |
|
|
PI is not displaying/process AP disassociate snmp-trap from controller. |
|
|
Cisco Aironet 3800 AP crashes due to kernel panic. |
|
|
Controller is not sending Logical Link Control (LLC) or XID spoofed frames after a mobility event. |
|
|
WNCd crash on co_fetch_mbssid_from_rbssid. |
|
|
Cisco Catalyst 9130 AP unexpectedly reloads. |
|
|
cEdge device pushes wrong syntax. |
|
|
Local Web Authentication (LWA) client is immediately deleted when joining FlexConnect WLAN after a change in site tag or policy tag. |
|
|
Client fails to connect when protocol based QoS is configured. |
|
|
Cisco Catalyst 9117 AP reloads unexpectedly due to kernel panic. |
|
|
High Availability: Dual active scenario is observed when standby is reconnecting to HA pair. |
|
|
Packet destined for Layer2 socket application gets delivered to Layer3 socket application. |
|
|
Cisco Catalyst 9124 MAP is failing to connect to Cisco Aironet 1562 RAP after first reload of MAP. |
|
|
Stale entry is observed in the show wireless device tracking database ip command output after client deletion. |
|
|
CG522-E status on gateway and vManage is not synchronized. vManage is not showing the cellular statistics. |
|
|
A WGB with static IP loses its IP address after multiple roams. |
|
|
Controller WNCd crash is observed. |
|
|
Cisco Catalyst 9800-80 controller crashes with the reason: Critical process WNCd fault on rp_0_3 (rc=134). |
|
|
Link goes down due to local fault. |
|
|
CAPWAP flap occurs when Virtual Router Redundancy Protocol (VRRP) version3 is present in the network. |
|
|
Cisco Catalyst 9120 AP: Radio core dump is observed. |
|
|
In FlexConnect groups configuration, backslash(\) at the end of the shared secret (for Radius servers) is not allowed. |
|
|
AP conversion to CAPWAP via DHCP Option 43 is not working. |
|
|
Cisco Catalyst 9130 AP is sending incorrect channel list on out of band Dynamic Frequency Selection (DFS) event causing client connectivity issues. |
|
|
Cisco Catalyst 9130 AP: Kernel panic crash is observed with memory corruption with ICAP. |
|
|
Cisco Catalyst 9120 AP shows high noise levels on 5-GHz radio. |
|
|
Controller crashes on libewlc_client_dpath_svc.so. |
|
|
Cisco Aironet 1832 AP crashes due to radio failure. |
|
|
Cisco Catalyst 9800-L controller is not getting HWDIB down message when RP port goes down in HA. Resultantly, Gratuitous ARP (GARP) is not sent from WMI. |
|
|
A workgroup bridge (WGB) AP is stuck in Extensible Authentication Protocol over LAN (EAPOL) state. |
|
|
Cisco Wave1 APs n FlexConnect local-switching mode is not forwarding IP fragmented packets received with DF. |
|
|
Cisco Aironet 2802 AP crash is observed. |
|
|
Cisco Catalyst 9300 switch is not flushing remote MAC address after roaming to a local AP. |
|
|
Cisco Aironet 1815I AP is rebooting -PC is at edma_poll / LR is at dma_cache_maint_page |
|
|
PI 3.10.1: APs associated with controller is showing interface as \"Half duplex\". |
|
|
Memory leak is observed in wncd process when under load. |
|
|
Linux IOSd crash is observed on standby controller during reload of the Cisco Catalyst 9800-L controller. |
|
|
802.11r re-auth failed due to invalid Pairwise Master Key ID (PMKID) while doing inter-WNCd roaming. |
|
|
AP join issues observed due to stale client entries. |
|
|
Controller is accounting wrong class attribute in accounting packets. |
|
|
Cisco Catalyst 9120, 9115, and 9105 APs: Radio firmware crash is observed. |
|
|
Timer is not running; stale client are not deleted by the controller. |
|
|
Cisco Catalyst 9130 AP sends beacon with incorrect datarates; different rates are sent for same slot on different BSSIDs. |
|
|
IOS-XE crash on Pubd core@green_be_rec_marshal_inline while removing or adding telemetry server hostname. |
|
|
Active chassis might get stuck during the SSO failover. |
|
|
Cisco Catalyst 9120 AP cannot operate in mGig when EEE is enabled on switchport. |
|
|
Cisco Catalyst 9120 AP: CleanAir sensor is crashing. |
|
|
Controller fails to update AP configuration with error \"% Error: no ap_name exists\". |
|
|
IPReassembler element strips last 20 bytes of last fragment. |
|
|
Ignore CAPWAP_PAYLOAD: AP_LAN_CONFIG payload has wrong RLAN port enable value from Cisco Aironet 2700 AP. |
|
|
Clients are getting deauthenticated imediately after getting IP address in a configuration that has local web authentication + local switching + central authetication. |
|
|
Wireless load-balancing affinity incorrectly shows AP site tag as default-site. |
|
|
Multicast Domain Name System (mDNS)-gw Location Specific Services (LSS) is not filtering correctly if AP with services and Radio Resource Management (RRM) neighbor radio start 00XX. |
|
|
Cisco Catalyst 9117 AP reloads unexpectedly due to kernel panic. |
|
|
AP reloads due to kernel panic. |
|
|
Cisco Catalyst 9105AXI AP is requesting 30 watts of power instead of 15.4 watts. |
|
|
IP theft occurs due to client stale entries in ODM database. |
|
|
AP saves only 31 characters instead of 32 for site tag causing the AP to go into misconfiguration state. |
|
|
AP is not initiating Google Remote Procedure Calls (gRPC) connection to Cisco DNA Centre correctly after token expiry. |
|
|
Wave 2 APs are crashing: Systemd critical process crash - dnsmasq-host.service failed. |
|
|
Cisco Catalyst 9120 AP: Kernel panic is observed. |
|
|
Cisco Catalyst 9800-80 controller shows consistent high CPU utilization in WNCd with 200 APs. |
|
|
SIGSEGV crash is observed when incrementing roaming statistics. |
|
|
AP image validation certificate is either failed or expired, causing AP join issues. |
Resolved Caveats for Cisco IOS XE, Bengaluru, 17.6.4
|
Caveat ID |
Description |
|---|---|
|
Controller reloads unexpectedly due to Multicast Domain Name System (mDNS). |
|
|
PMK-Propagation bulk sync failures are observed with scaled setup. |
|
|
Cisco Catalyst 9800-80 Controller in SSO running Cisco IOS XE 17.3.4 with APSP and SMU crashes causing unexpected High Availability failure. |
|
|
Controller goes fore crash within 10 minutes after starting pure intra wnc roam at 600 clients per second. |
|
|
Controller rejects clients with wrong PMKID when changing Authenticated Key Management (AKM) from Fast Transition (FT) to dot1x and vice-versa. |
|
|
Controller reloads unexpectedly when WebAuth AAA routines generate WNCd core. |
|
|
Improve serviceability to figure out the reason as to why the controller blacklists 802.11w client. |
|
|
WNCd crash is observed while handling Protected Management Frame (PMF) action for Intel client. |
|
|
Controller crashes at ewlc_wlanmgr_wlan_ref_count_cleanup_timer_cb. |
|
|
SNMP MIB at times does not return all data or no data at all for SNMP walk with high client count. |
|
|
Controller crashes during mobility routines generating WNCd core. |
|
|
Controller deletes client when DHCP RELEASE is sent by client during posture. |
|
|
Controller experiences repeated crashes in WNCd process when changing mac ip binding configuration. |
|
|
Controller sends QBSS_AAC with zero available bandwidth for several seconds after DEL TS. |
|
|
WNCD platform state displays as DEAD for show aaa servers output. |
|
|
WLANs do not get pushed to APs in a single instance because wlan status is not updated and remains FALSE. |
|
|
Client gets stuck in Authenticating state after failing GTK broadcast rotation. |
|
|
Client gets deleted due to VLAN failure after performing L3 roaming if VLAN persistency is enabled. |
|
|
WNCd crash is observed in scale scenario where IDMGR IDs are exhaustively used. |
|
|
Standby controller goes to standby recovery when Gateway Failover toggle button is enabled. |
|
|
High CPU utilization in WNCd due to continuous log in ra_trace "WebAuth info not found while termin". |
|
|
Controller blacklists 802.11w client due to CO_CLIENT_DELETE_REASON_EXCLUDE_VLAN_FAIL. |
|
|
AAA server does not mark as UP even when it is reachable and client does not get authenticated using this server. |
|
|
WNCd process crashes when CAPWAP multi-window feature is enabled. |
|
|
HTTPS access to the controller is broken after an upgrade to Cisco IOS XE 17.3.5a. |
|
|
Client gets disassociated with CO_CLIENT_DELETE_REASON_IP_DOWN_NO_IP reason when client roams from one AP to another. |
|
|
Controller reloads with the Critical process wncd fault on rp_0_0 (rc=139) reason. |
|
|
Controller initiates Extensible Authentication Protocol over LAN (EAPOL) reties for the client in RUN state. |
|
|
Clients are unable to pass traffic in RUN state after CoA is completed. |
|
|
WNCD process experiences memory leak due to unknown responses from the RADIUS server. |
|
|
COS AP assigns Flex local switching clients to the native VLAN instead of the VLAN selected in the Policy Profile. |
|
|
Secondary controller crashes during redundancy switchover. |
|
|
Zebra RF Gun clients are deleted randomly from the controller due to CO_CLIENT_DELETE_REASON_ZONE_CHANGE. |
|
|
Telemetry data is not being sent from the controller for few tens of seconds at high scale. |
|
|
CCO download works with CISCO account but not with guest account. |
|
|
Controller sends the wrong payload information to AP when mesh RRM is enabled or disabled. |
|
|
Controller sends duplicate NS frame as unicast to wireless client or WGB and blocks the duplicate address detection (DAD) process. |
|
|
Logging message is not seen when load profile threshold is moved to passed or failed for 2.4GHz radio. |
|
|
Static workgroup bridge (WGB) client does not move to RUN state in the controller. |
|
|
MAC authentication bypass (MAB) client does not move to the exclude state during a MAB failure. |
|
|
Memory depletion and high Wide Area Network (WAN) latency is observed in FlexConnect deployment. |
|
|
WNCD process crashes when applying Air Time Fairness (ATF) profiles. |
|
|
Incorrect VLAN is assigned to initiate SIP when SIP and AAA override combination is used. |
|
|
Standby controller crashes when controller is configured in RMI + RP High Availability mode with wired guest feature. |
|
|
Packets drop in Cisco Catalyst 9800-CL or 9800-L Wireless Controller when call snooping and SIP CAC is enabled. |
|
|
Samsung devices with more than 1 character Country code do not get classified properly. |
|
|
wireless wlan clear-refcount command does not accept WLAN or policy names with special characters. |
|
|
Controller discards location updates from radio frequency identification (RFID) tags. |
|
|
The show process cpu platform sorted command is critical to monitor some Cisco Catalyst 9800 Series Wireless Controller platform issues. |
|
|
Controller can end with SN values different than the Cisco standard ones. |
|
|
Stale client entries are not deleted automatically nor by clear commands and stuck on device-tracking database. |
|
|
Invalid TDL pointers cause WNCd crash in controller. |
|
|
Cisco Catalyst 9130 AP radio experiences a radioFW crash causing network down. |
|
|
Cisco Aironet 4800 AP crash core file observed after 4 days uptime with console message: '[cmd timeout] wifi0: 0x9201=GetRadioStatus'. |
|
|
Cisco Aironet 3800 AP does not pass ARP requests on central WLAN when configured in Custom Flex Group. |
|
|
Cisco Catalyst 9130 APs drop traffic on air for Phoenix WinNonlin application. |
|
|
COS APs with RLAN port connecting to the device running LLDP reboots due to Out of Memory. |
|
|
Transmission power for slot2 is set to the lowest power level (-2dbm or -4dbm) due to which clients are unable to join. |
|
|
Cisco Aironet 3800 AP sends a burst of deauthentication frames after each session timeout for each AP in PSK WLAN. |
|
|
Radio recovery fails when Cisco Catalyst 9117 beacon is stuck. |
|
|
Cisco Aironet 1832, 1852, and 1815 experiences Kernel Panic at wlan_handle_napi . |
|
|
Cisco Catalyst 9120AXI AP - capwapd.service failed. |
|
|
Cisco Catalyst 9120 AP running Cisco IOS XE 17.7.1.11 experiences software crash in wcpd process. |
|
|
Central Web Authentication (CWA) clients with Run state cannot go online even though it is in Run state. |
|
|
COS AP disconnects from the controller after CTS switchport configuration. |
|
|
AP does not send multicast data till it snoops IGMPv2. |
|
|
Cisco Catalyst 9130 or 9120 AP in FlexConnect mode does not send Security Association (SA) query. |
|
|
High latency and drops observed when associated with Cisco Catalyst 9130 AP. |
|
|
Cisco Catalyst 9120 or 9130 APs in FlexConnect send Association reject after first successful connection. |
|
|
Cisco Catalyst 9117 AP crashes due to kernel panic in cisco_wlan_crypto_decap. |
|
|
Cisco Catalyst 9117 AP crashes due to Kernel Panic dp_print_host_stats. |
|
|
Cisco Aironet 3800 AP plumbs client to VLAN 1 instead of native VLAN 0 causing ARP drops OUTER_UCAST_VLAN_BLOCK. |
|
|
Cisco Catalyst 9117AXI-E AP experiences kernel panic crashes. |
|
|
Cisco Aironet 1832 AP reloads due to radio failure - Beacon Stuck- reset radio for recovery. |
|
|
Cisco Catalyst 9130 AP is unable to process fragmented EAP frames from client when performing EAP-TLS. |
|
|
Cisco Catalyst 9124 AP: Sometime MAPs are no longer able to join RAP for security failures. |
|
|
Cisco Catalyst 9130 APs generate radio coredumps. |
|
|
AP sends the address resolution protocol (ARP) packet without VXLAN encapsulation. |
|
|
Cisco Catalyst 9130 AP crashes due to kernel panic. |
|
|
Possible radio reset loop when bootup. |
|
|
Cisco Catalyst 9130 AP crashes due to dp_soc_deinit_wifi3+0x354/0x3c0. |
|
|
Mode reset button does not clear CC mode and console blocking configuration in Cisco Catalyst 9115 AP. |
|
|
Cisco Catalyst 9130 AP Kernal crash - PC is at _ZN10CACMetrics25accumulate. |
|
|
SJC24 Alpha Cisco Catalyst 9105 OEAP RLAN1 poe stopped working in Cisco IOS XE 17.9.0.115. |
|
|
Cisco Catalyst 9120 APs delay authentication response frame. |
|
|
Cisco Aironet 1832 AP reloads due to radio failure - Beacons stuck in radio. |
|
|
APP-hosting segmentation does not work in Cisco Catalyst 9100 AP or Cisco Catalyst 9800 Series Wireless Controller and Cisco IOS XE 17.6.3. |
|
|
Cisco Catalyst 9120 AP displays ASLR ENTROPY INSUFFICIENT messages. |
|
|
Cisco Catalyst 9130 AP Probe suppression for Macro-Micro cell client steering does not work. |
|
|
Cisco Catalyst 9117AX AP radio reloads unexpectedly due to partial command issues. |
|
|
Wireless devices receive Invalid Fast Transition (FT) IE when using FT over-the-ds to roam. |
|
|
Cisco Catalyst 9117AX AP reloads unexpectedly at cmnos_thread.c:3493. |
|
|
Cisco Aironet 1562 AP acting as WGB is unable to pass multicast traffic to the passive client behind it. |
|
|
Template attach fails when using authentication type NONE for profile. |
|
|
Cisco Aironet 1830 or 1850 AP does not advertise HT/VHT IE in beacons or probes without the custom channel width change. |
|
|
Cisco Aironet 4800 AP does not negotiate full power using LLDP. |
|
|
The "Channel Center Segment 0" value in " VHT Operation Info" is set to "0" using Cisco Aironet 2802 AP. |
|
|
Cisco Aironet 1832 AP crashes due to kernel panic. |
|
|
Power Type is displayed incorrectly for Cisco Aironet 2800 or 3800 APs when static power is set to 15.4W. |
|
|
PROFINET multicast traffic is dropped in Flex + Bridge and local switching modes. |
|
|
Wired client behind Cisco WGB does not take the DHCP IP address. |
|
|
Cisco Aironet 2802 AP reloads unexpectedly due to FIQ or NMI reset. |
|
|
Cisco Aironet 2800 APs change the Traffic Identifier (TID) for EAPOL packets from 6 to 0 after changing the RF profile in the controller. |
|
|
Low Throughput is observed with Cisco 8540 Wireless Controller and Cisco Aironet 1852 AP. |
|
|
Kernel panic is observed at wlc_fifo_index_peek+0x68/0xa0 [wl]. |
|
|
Kernel panic is observed at ieee80211_bsscolor_update_bsscolor_list. |
|
|
Incorrect kernel assertion in checking invalid timer objects. |
|
|
Cisco Aironet 1852 AP loses configuration after an upgrade. |
|
|
AP crash is observed when PC is at ppr_create_prealloc+0xbc. |
|
|
Cisco Catalyst 9105 AP displays low throughput in 2.4GHz with AX clients and adjacent channel interference. |
|
|
Cisco Catalyst 9130 AP detects its own BSSID as Rogue in 5GHz channel. |
|
|
Cisco Catalyst 9120 AP radio dumps core. |
|
|
AP crash observed in wlan_objmgr_peer_release_ref running Cisco IOS XE 17.3.5. |
|
|
COS AP in WGB mode is unable to assign static IP with subnet mask other than /24. |
|
|
AP crash kernel panic is observed at pci_generic_config_read. |
|
|
Functional SJC Cisco Catalyst 9136i AP experiences gRPC crash in ap-17.8.0.112. |
|
|
Cisco COS APs delay forwarding of upstream Fast Transition (FT)-Auth request frame to the controller. |
|
|
Protected Management Frame (PMF) clients are not able to connect to IOS APs when PMF optional or mandatory configured AP is not replying to assoc-request. |
|
|
Cisco COS APs in Local mode sends Address Resolution Protocol (ARP) requests to wireless clients from 10.128.128.128 IP address. |
|
|
APs own MAC is detected as rogue in slot1 or slot3 intermittently with an empty SSID. |
Resolved Caveats for Cisco IOS XE, Bengaluru, 17.6.3
|
Caveat ID |
Description |
|---|---|
|
Self-signed certificates cannot be created after 00:00 1 Jan 2020 UTC. |
|
|
Cisco Catalyst 9120 or 9130 AP leads to CAPWAP process crash loop when AP management password contains white spaces. |
|
|
Cisco Aironet 1832 AP experiences kernel panic while setting client ACL in Cisco IOS-XE 17.3.4. |
|
|
Cisco Catalyst 9120, 9130, and 9124 APs do not send NDP packets on slot 1. |
|
|
Cisco Aironet 1815 AP FW assert issue is observed in Cisco IOS-XE 17.3.4 ES image. |
|
|
Cisco Catalyst 9130 APs reload unexpectedly after upgrading to 17.3.4 and applying the ESW7 image. |
|
|
Cisco Catalyst 9117 AP reloads unexpectedly due to kernel panic. |
|
|
Cisco Catalyst 9130 AP reloads unexpectedly in Hostapd due to unhandled level 1 translation fault. |
|
|
Change parameter in WLAN resets the Cisco Catalyst 9120 AP radio. |
|
|
Cisco Aironet 3800 series AP crash due to kernel panic. |
|
|
Cisco Catalyst 9124 AP experiences low SNR MAP disconnects with RAP when traffic is executed from MAP to RAP. |
|
|
Cisco Catalyst 9120 AP starts beaconing with client TIM even when the client is replying to QoS Null. |
|
|
Cisco Catalyst 9130 AP experiences kernel panic crash in monitor path. |
|
|
Cisco Catalyst 9130 AP crashes due to frequent radio resets. |
|
|
Cisco Catalyst 9117 AP experiences kernel panic crash at dp_rx_process. |
|
|
Cisco Catalyst 9120 APs are unable to complete authentication and get stuck when 802.11w clients join the APs. |
|
|
Cisco Aironet 3802 AP experiences MU sounding errors leading to TCQ stuck issue. |
|
|
Cisco Aironet 1832 AP Indonesia is not beaconing as expected causing client performance issue. |
|
|
Cisco Aironet 2800 or 3800 APs update only QBSS_AAC after radio reset and CAC configured. |
|
|
Cisco Wave 2 and 802.11AX APs syslog is seen when using "Kern" facility value in AP join profile. |
|
|
Dual Radio Assignment is missing for random Cisco Catalyst 9130AXI APs. |
|
|
Probe filter in Cisco Catalyst 9120 AP does not limit unwanted probes from AP to the controller. |
|
|
Cisco Aironet 2800 AP sends A-MSDU even after the client rejects it. |
|
|
Cisco Aironet 1832 AP reloads unexpectedly due to radio failure (Beacon Stuck). |
|
|
Enabling NAC on the policy profile breaks split tunnels in Cisco Catalyst 9105AX AP. |
|
|
WGB wired clients cannot reach the standard gateway temporarily when MAC flapping occurs between the actual port and WGB switch port. |
|
|
Identitymgmt service in Cisco DNA Center crashes when APs make too many connections to Identitymgmt. |
|
|
Cisco Catalyst 9115 AP reloads unexpectedly due to kernel panic. |
|
|
Client cannot connect to Cisco Catalyst 9130 AP with tri-radio (slot 2) enabled. |
|
|
Cisco Catalyst 9120 AP drops CAPWAP connection when running the debug client. |
|
|
Not able to discover and print using mDNS as SRV, TXT, A/AAAA records are removed based on TTL. |
|
|
Cisco 9136 SW crashed on Process odhcp6c. |
|
|
Cisco Catalyst 9130AX AP experiences kernel panic crash. |
|
|
Cisco Aironet 3802 AP experiences FQI or NMI reset. |
|
|
Cisco Aironet 3802 AP experiences FQI or NMI reset when PC is at loop_delay and LR is at wlRecv. |
|
|
Cisco Aironet 3802 AP experiences kernel panic when PC is at _ZN19ProbeRequestTracker13simple_actionEP6Packet. |
|
|
Cisco Aironet 3802 AP experiences kernel panic when PC is at sys_sigreturn and LR is at recalc_sigpending. |
|
|
Cisco Catalyst 9120AX APs display Flexible Radio Assignment (FRA) not capable although FRA is enabled on Cisco IOS-XE 17.3.4c release. |
|
|
Cisco Catalyst 9117AX AP reloads unexpectedly at whal_recv.c:629. |
|
|
Cisco Catalyst 9117AX AP reloads unexpectedly at whal_xmit.c:3663. |
|
|
Flap occurs between DHCP and static IP address when ethernet VLAN tagging is enabled on AP. |
|
|
The comeback timer is missing when Cisco Catalyst 9130 or 9120 AP is configured in Flexconnect mode. |
|
|
Cisco Catalyst 9130 or 9120 AP in FlexConnect mode does not send SA query. |
|
|
Cisco Catalyst 9120 or 9130 APs in FlexConnect mode sends association reject after the first successful connection. |
|
|
Cisco Catalyst 9117 AP crashes due to kernel panic in cisco_wlan_crypto_decap. |
|
|
Cisco Catalyst 9130 AP driver crashes when PC and LR is at cnss_wlfw_wlan_cfg_send_sync. |
|
|
Cisco Catalyst 9105AX AP introduces latency when clients use RLAN ports. |
|
|
APs crash with kernel panic when PC is at ieee80211_bsscolor_update_bsscolor_list. |
|
|
Cisco Catalyst 9120AX AP experiences MDIO bus failure. |
|
|
Cisco Aironet 3802 AP experiences kernel panic when PC is at __inode_wait_for_writeback. |
|
|
The Transmission Power for channel 36 in Cisco Catalyst 9120 -E domain AP is lower than the other UNII-I channels. |
|
|
Cisco Aironet 2800 or 3800 AP looses config after an upgrade from 8.10.142.0 to 8.10.168.107. |
|
|
Cisco Catalyst 9800-80 Wireless Controller crashes on 17.3.4 ES9 image. |
|
|
Handle WNCD instance and MCC update handling errors while processing export_anchor_req. |
|
|
Controller crashes after using the show telemetry ietf subscription all command. |
|
|
Missing fields are observed when the controller sends the access-request. |
|
|
Cisco Catalyst 9800-80 Wireless Controller experiences crash when running Cisco IOS-XE 17.3.4. |
|
|
The controller gets reloaded when memory corruption occurs in WNCD. |
|
|
The controller drops the CAPWAP connections when the WNCD CPU is high. |
|
|
Cisco Aironet 3700 Series AP brings down the radio after encountering DFS event when non-DFS channels are available. |
|
|
Controller experiences an unexpected reload after an invalid access to the internal hash table. |
|
|
Cisco DNA Center devices are not able to scale in university and stadium scenarios when many events are associated to AP radio with maximum clients. |
|
|
High CPU usage occurs in Syslog Trap when the controller is upgraded to Cisco IOS-XE 17.5.1. |
|
|
Controller displays multiple interference devices with the same device type and different Cluster IDs detected by CleanAir. |
|
|
Controller standby reloads with device-classifier configuration and wr mem command execution parallely. |
|
|
APs stop authenticating clients using Flex Local Authentication. |
|
|
Dual Band Radio 0 allows only -3 Tx power when the radio operates in 5-GHz. |
|
|
Controller stops accepting APs to join when no response is received from AP after a DTLS Client Hello. |
|
|
Wired printers cannot discover using flex mdns gateway as AP does not query for universal._sub._ipp and universal._sub._ipps. |
|
|
Controller experiences unexpected reboot with Network Mobility Services Protocol (NMSP). |
|
|
VTP does not work on the controller when VLAN information is not propogated. |
|
|
High CPU is observed in the controller when rif_mgr process is provoked. |
|
|
Wireless clients get stuck in the IP Learn state after rebooting the controller. |
|
|
Controller experiences crash due to memory leak in SNMP process. |
|
|
Standby reloads with low memory and WNCD crash. |
|
|
Clients with the same UDN domain are unable to view SSDP advertisements from different VLANs. |
|
|
HTTP session, SNMP, and show commands stop working in Cisco Catalyst 9800-80 Wireless Controller when dbm process CPU is high at 100%. |
|
|
WLAN stopped broadcasting after a configuration change in the WLAN profile. |
|
|
The controller crashes and reloads when writing an RP core file with wncd in the name. |
|
|
Controller performs incorrect available bandwidth calculations for QBSS_AAC with voice CAC, and FlexConnect AP. |
|
|
Cisco Catalyst 9800-80 Wireless Controller crashes intermittently. |
|
|
CPU HOG messages and tracebacks are noticed during RRM noise report process. |
|
|
Memory leak is observed in Cisco IOS-XE 17.7 throttle images that points to dc_add_dot11_profiles. |
|
|
The snmp trap link-status command does not persist through a reload when the command is configured on an interface. |
|
|
Roaming issue is observed when there is a PMKID mismatch in the controller. |
|
|
APs appear in the controller downloading state due to MD5 mismatch while running Cisco IOS-XE 17.3.4. |
|
|
The controller has stale AP entries that stop further AP configuration. |
|
|
Cleanup client entry in Authenticating state when a client is in RUN state in any controller in the network. |
|
|
Controller profiling does not display the device name from DHCP Option 12. |
|
|
Controller does not display the full certificate when TrustPoint is configured for Webadmin or WebAuth. |
|
|
CAPWAP plumb in Standby fails, if WTP record is not available. |
|
|
AP flaps when WNCd to which it maps report high CPU utilization. |
|
|
Output from show inventory displays the Standby unit Chassis as Unknown or ASR1000 power supply even though correct PID is used. |
|
|
Cisco Catalyst 9800 Series Wireless Controller reloads unexpectedly and generates a system-report with Cisco IOS-XE 17.7.1 image. |
|
|
Vendor OUI mismatch prints wrong message when receiving an association or a disassociation request. |
|
|
AP does not assign native VLAN when no VLAN IDs are configured in Policy Profile. |
|
|
An SNMP querier cannot pull data for objects in cLMobilityGroupMembersOperEntry table. |
Resolved Caveats for Cisco IOS XE, Bengaluru, 17.6.2
|
Caveat ID |
Description |
|---|---|
|
Wireless client authentications fail as the controller is unable to send RADIUS packets. |
|
|
Cisco Catalyst 9800-80 Wireless Controller crashes due to a CPU HOG in RRM process. |
|
|
Controller does not send server hello packets to AP when enabling DTLS encryption. |
|
|
Cisco Catalyst 9115 AP reloads unexpectedly after loading the 17.3.3 ES6 image. |
|
|
Controller does not send TCP SYN or ACK for web redirect when banner size is greater than 200 char. |
|
|
Controller may experience a crash in the cpp-ucode process due to a misaligned DTL. |
|
|
C9800-80 controller goes to rommon after multiple failovers due to power cycling. |
|
|
Crash is observed in the controller when the AP location name is greater than 32 character. |
|
|
The primary member displays "standby hot" even though the standby is in recovery mode. |
|
|
Controller drops incoming CAPWAP keepalive for random APs. |
|
|
C9130 AP running 17.5.1 fast-locate records are not sent even when client is connected to the AP. |
|
|
A crash is observed when a wireless client attempts to connect and the connection times out. |
|
|
Controller reloads unexpectedly in dbm process when DBAL batch stops executing. |
|
|
Continuous memory leak with multiple table entries is observed in FMAN database. |
|
|
RA debugs display port 1812 instead of the configured RADSEC port. |
|
|
Cisco Catalyst 9130AX AP loses its WLAN configuration after moving between controllers. |
|
|
Memory leak observed in WNCD process running 17.3.3 of around 200MB per day. |
|
|
Memory leak is observed in EWLC_OPERATIONAL_DB causing dbm crash. |
|
|
Rogue telemetry updates need to be throttled as the controller punts lot of Rogue reports to DNAC. |
|
|
SSO switchover does not re-establish LISP sessions to the CPs. |
|
|
Client gets stuck in IP learn due to stale entry. |
|
|
Controller does not provide cLApAdminStatus info through SNMP when forensic AWIPS is configured. |
|
|
Controller does not remove old NMSP entries when new probes are received in a different slot. |
|
|
Controller crashes due to WNCD process when learning an IP address for a client. |
|
|
The show ap cdp neighbours command displays the name of the switch instead of the domain name. |
|
|
Different data rates are observed in CLI and RF profiles. |
|
|
AP authorization related RADIUS request does not include the calling station ID and NAS port type. |
|
|
Switch stack with Cisco IOS XE 17.3.2a displays high memory alerts. |
|
|
Memory leak is observed in emulated database and AP join. |
|
|
Client Location Probe displays error when probe request parsing fails. |
|
|
Memory leak is observed in C9800-CL due to native telemetry. |
|
|
Cisco Catalyst 9120 APs cannot send acknowledgement over the air during EAP negotiation. |
|
|
Cisco Catalyst 9120 AP reloads unexpectedly after an upgrade to 8.10.158.38 failed to add RFIC image. |
|
|
Kernel panic crash is observed in Cisco Catalyst 9130 AP. |
|
|
Kernal slab memory leaks are observed in Cisco Aironet 3800 AP on flex local switching WLAN. |
|
|
AP sends corrupted association response when client tries to join the WPA3 AES-802.1x or SHA256 WLAN. |
|
|
Cisco Aironet 4800 Series AP in ELM mode detects its own BSSID as rogue. |
|
|
Roaming client stops receiving IP multicast in a new Cisco Aironet 3800 AP. |
|
|
ICAP AP Radio statistics in Cisco Catalyst 9130 or 9117 APs are missing "Total Frame Error Over Air". |
|
|
Cisco Wave 2 APs crash due to kernel panic. |
|
|
Increased Ping loss after two days of reboot. |
|
|
C9120 AP does not send downstream traffic after a voice call with Tx or Rx traffic using TID 6. |
|
|
Cisco Aironet 2802 or 3802 AP fails to bring up its radios and continuously logs messages. |
|
|
Cisco Catalyst 9130 AP stale clients in the radio driver table causes associations to fail. |
|
|
Cisco Catalyst 9120AXI AP displays kernel panic in Cisco IOS-XE 17.3.4.30. |
|
|
Cisco Aironet 1815w AP experiences kernel panic when upgraded to the latest 8.5.176.0. |
|
|
Retried 802.11r auth packet forwarded to controller causes duplicate auth responses sent to client. |
|
|
COS AP fragmenting CAPWAP discovery packets are unable to join the controller. |
|
|
Cisco Catalyst 9120 Series AP sends packets with QoS TID when WMM is disabled on WLAN. |
|
|
Cisco Aironet 1815 APs experiences crash in Cisco IOS-XE 17.3.4 ES image. |
|
|
C9120 AP FlexConnect drops ARP request from client to gateway after a WLAN change (local to central). |
|
|
Cisco Catalyst 9115 AP experiences crash due to kernel panic PC. |
|
|
Cisco Aironet 3802 AP drops Zebra client traffic intermittently after fast transition roams. |
|
|
COS AP does not accept WPA2-PSK password on WGB with special character but works fine in IOS AP. |
|
|
Cisco Aironet 1832 AP displays /usr/sbin/capwapd: writing to fd 17 failed!: Input/output error. |
|
|
Numerous core dumps are observed in Cisco Aironet 2800 and 3800 APs slot 1 radios. |
|
|
Macbook clients are stuck in IPLEARN_PENDING status. |
|
|
Cisco Catalyst 9130 AP experiences radio firmware crash on Radio 1 multiple times a day. |
|
|
CSA event after Radar detection is missed in the driver. |
|
|
Cisco Catalyst 9120 AP stops transmitting to Macbook after a session re-authentication. |
|
|
C9130 AP sends packets as TID6 with DSCP 0 in CAPWAP header when configured with link-encryption. |
|
|
FlexConnect mode with 11k enabled does not work as expected. |
|
|
Packet drops are observed at device driver level . |
|
|
Cisco Aironet 2802 AP experiences radio crash. |
|
|
High Channel Utilization issue is seen in AP device 360 but not in ICAP RF Stats Channel Utilization. |
|
|
Cisco Aironet 2800 and 3800 APs experience Kernel Panic Driver crash when PC is at wlRxRingCleanup. |
|
|
Workgroup bridge (WGB) cannot associate when PSK password contains special characters. |
|
|
Connected AP with non-EWC image undergoes factory reset after reload when DHCP option 43 is set. |
|
|
C9130AXI AP cannot connect to the controller after shut or no shut on a C9300-48H switch interface. |
|
|
Cisco Aironet 2800 AP FW crash is observed in Radio 0. |
|
|
Cisco Catalyst 9120 AP FW crash is observed in Radio 1. |
|
|
Opportunistic Key Caching (OKC) is not pushed from the controller to AP when applied in CLI. |
|
|
Cisco Catalyst 9130 AP flashes insufficient power LED when USB is enabled on PoE+ Switch. |
|
|
Cisco Catalyst 9120AXE AP displays incorrect PID and description for Self Identifying Antenna. |
|
|
OEAP GUI username or password is reset to default when "oeap provisioning-ssid" is disabled. |
|
|
Cisco Catalyst 9124 AP does not maintain the assigned site tag even with the applied write tag. |
|
|
Crash is observed in C9120AXI-B APs joined to C9800-CL running Cisco IOS-XE 17.6.1. |
|
|
Cisco Catalyst 9130 AP: Radio operates in channel 128 and published in channel 56. |
|
|
Cisco Catalyst 9120 APs in monitor mode cannot update neighbor-list causing false honeypot alarms. |
Resolved Caveats for Cisco IOS XE, Bengaluru, 17.6.1
|
Caveat ID |
Description |
|---|---|
|
Mobilityd crash is observed in the controller. |
|
|
ARP queries flood the network due to low value of Basic Service Set (BSS) max idle period. |
|
|
Incorrect accounting stop class attribute is observed while roaming with non-FT clients. |
|
|
Client data rate is displayed incorrectly in the GUI and CLI. |
|
|
Traceback messages (unable to push WLAN to APs after SSO) are observed after deleting or adding the WLANs in a scaled setup. |
|
|
EoGRE: Add support for AAA-override in open mode (MAB). |
|
|
Static IP on non-Cisco WGB does not work; stuck in IP learn. |
|
|
Controller GUI does not display all locations configured in the Wireless setup. |
|
|
Cisco Catalyst 9115 Series APs: Dynamic Frequency Selection (DFS) detection optimization to avoid false DFS detection. |
|
|
Controller unexpectedly reboots due to qfp-ucode crash. |
|
|
Multiple vulnerabilities in frame aggregation and fragmentation implementation of 802.11. |
|
|
Multiple vulnerabilities in frame aggregation and fragmentation implementation of 802.11. |
|
|
Multiple vulnerabilities in frame aggregation and fragmentation implementation of 802.11. |
|
|
Cisco Catalyst 9800-CL Wireless Controller displays neighbor APs as Rogue in 2.4 GHz band. |
|
|
Apple clients fail to pass Extensible Authentication Protocol over LAN (EAPoL) M2 when 802.11r is enabled after a switchover. |
|
|
CentralWeb Authentication (CWA) clients are not moved back to Web Auth after CoA reauthentication is sent when client is in RUN state. |
|
|
Controller reloads with the reason "Critical process wncd fault on rp_0_0 (rc=139)". |
|
|
Transmission power discrepancies observed in Cisco Catalyst 9130AX and 9117AX Series APs. |
|
|
WNCD process reloads unexpectedly due to traffic distribution statistics. |
|
|
Controller is not sorting the received RFID RSSI from APs before sending the info to the connector. |
|
|
Cisco Aironet 1832 AP reloads unexpectedly due to kernel panic. |
|
|
Cisco Catalyst 9800-40 WNCD utilises 100 percent of CPU due to local Extensible Authentication Protocol (EAP) authentication loop. |
|
|
Controller in Fabric Mode does not support VNID override on web authentication. |
|
|
APs are unreachable in the inventory even though they are joined to the controller. |
|
|
Cisco Aironet 2802 Series Access Point suddenly drops in transmission power level. |
|
|
Cisco Catalyst 9120AX AP stops allowing new associations on any of the configured SSIDs. |
|
|
FlexConnect central-auth 11r client roaming fails after controller is upgraded to 8.10.142.0. |
|
|
Cisco Catalyst 9800-80 Controller crashes due to switch integrated security features (SISF. |
|
|
Clients are getting incorrect AP VLAN IP. |
|
|
Unexpected reload is generating pttcd and pubd cores. |
|
|
CPU usage of WNCD reaches 100% due to WNCD_DB stuck. |
|
|
Controller reloads unexpectedly at DoubleExceptionVector. |
|
|
Application communication failure. |
|
|
AP reloads unexpectedly with a crash file indicating Hostapd.service failed during boot. |
|
|
Cisco Catalyst 9130AX AP connected client is randomly stuck in IP learning state when Basic Service Set (BSS) coloring is enabled. |
|
|
Cisco Catalyst 9130 AP crash kernel panic "Internal error: Oops - SP/PC alignment exception: 8a000000 [#1] SMP" . |
|
|
Static IP address on the AP is not getting changed when static IP failover is disabled or enabled and comes up via DHCP. |
|
|
Controller reloads unexpectedly due to WNCD (AP name length greater and equal to 32 characters). |
|
|
Device-tracking doesn't change interface as the controller drops ARP request after roam and IP theft. |
|
|
Primary controller in HA frequently ends abnormally. |
|
|
Roaming client delete due to dot1x timer expiry and EAPOL discards message with aa:aa:03:00:00:00. |
|
|
Cisco Catalyst 9105, 9115, or 9120 Series APs display 100% channel utilization. |
|
|
Local mode AP deletes client if there is no response to EAP request within 30 seconds. |
|
|
The sdn-network-infra-iwan key does not update successfully under a network disruption situation. |
|
|
External WebAuth (EWA) ACLs are lost after changing from HTTP or HTTPS server configuration from the GUI. |
|
|
Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementation of 802.11. |
|
|
Flex local-sw COS-APs are not plumbing preauth ACL for first client connection attempt for CWA and EWA. |
Troubleshooting
For the most up-to-date, detailed troubleshooting information, see Troubleshooting TechNotes.
Related Documentation
-
MIB Locator to locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets
Communications, Services, and Additional Information
-
To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
-
To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
-
To submit a service request, visit Cisco Support.
-
To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco DevNet.
-
To obtain general networking, training, and certification titles, visit Cisco Press.
-
To find warranty information for a specific product or product family, access Cisco Warranty Finder.
Feedback