Release Notes for Cisco Catalyst 9800 Series Wireless Controller, Cisco IOS XE Dublin 17.11.x
Introduction to Cisco Catalyst 9800 Series Wireless Controllers
The Cisco Catalyst 9800 Series Wireless Controllers comprise next-generation wireless controllers (referred to as controller in this document) built for intent-based networking. The Catalyst 9800 Series Wireless Controllers are Cisco IOS XE based and integrate the radio frequency (RF) capabilities from Cisco Aironet with the intent-based networking capabilities of Cisco IOS XE to create a best-in-class wireless experience for your organization.
The Catalyst 9800 controllers are enterprise ready to power your business-critical operations and transform end-customer experiences:
-
The controllers come with high availability and seamless software updates that are enabled by hot and cold patching. This keeps your clients and services up and running always, both during planned and unplanned events.
-
The controllers come with built-in security, including secure boot, run-time defenses, image signing, integrity verification, and hardware authenticity.
-
The controllers can be deployed anywhere to enable wireless connectivity, for example, on an on-premise device, on cloud (public or private), or embedded on a Cisco Catalyst switch (for SDA deployments) or a Cisco Catalyst access point (AP).
-
The controllers can be managed using Cisco Cisco Catalyst Center, programmability interfaces, for example, NETCONF and YANG, or web-based GUI or CLI.
-
The controllers are built on a modular operating system. Open and programmable APIs enable the automation of your day zero to day n network operations. Model-driven streaming telemetry provides deep insights into your network and client health.
The Catalyst 9800 Series controllers are available in multiple form factors to cater to your deployment options:
-
Catalyst 9800 Series Wireless Controller Appliance
-
Catalyst 9800 Series Wireless Controller for Cloud
-
Catalyst 9800 Embedded Wireless Controller for a Cisco switch
Note |
All the Cisco IOS-XE programmability-related topics on the Cisco Catalyst 9800 controllers are supported by DevNet, either through community-based support or through DevNet developer support. For more information, go to https://developer.cisco.com. |
What's New in Cisco IOS XE Dublin 17.11.1
Feature Name |
Description and Documentation Link |
---|---|
6-GHz Radio Support for Albania, Norway, Switzerland, Lichtenstein, and Iceland |
From this release, Albania, Iceland, Lichtenstein, Norway, and Switzerland are added to the list of countries that support 6-GHz radio band. For more information, see the chapter Countries and Regulations. |
Background Scanning and MAP Fast Ancestor Find Mode |
The Background Scanning and MAP Fast Ancestor Find Mode feature updates the child MAPs about their neighbors across all the channels. This feature also helps child MAPs to switch to a neighbor of any channel, and use that neighbor as the next parent for uplink. Background scanning allows MAPs to save time during the scan-and-seek phase while looking for a new parent. The following command is introduced:
For more information, see the chapter Mesh Access Points. |
Built-in Captive Portal Improvements |
This release introduces support for special characters in the login portal banner title and banner text. The number of characters supported on the banner text has been doubled to 400. The following command is introduced:
For more information, see the chapter Web-Based Authentication. |
Calendar Profile Enhancement |
This release allows you to create a single calendar profile in the controller GUI, spanning across midnight (for example, from 5 p.m. to 7 a.m.), instead of two separate calendar profiles. |
Client Debug Bundle |
This feature helps to collate the radioactive trace debug logs, packet captures in a control plane, AP logs, and the output of show commands related to clients, which are useful in troubleshooting wireless client issues. The log is collected in a tar file through a single debug command. The following commands are introduced:
For more information, see the chapter Conditional Debug, Radioactive Tracing, and Packet Tracing. |
Convert Redundant 2.4-GHz Radios to Monitor Mode |
From this release, you can select the redundant dual-band radios in a network to operate in monitor only mode. For more information, see the chapter Cisco Flexible Radio Assignment. |
Enhancement in Client Steering During Rolling AP Upgrade |
This release introduces the option to not deauthenticate clients connected to the APs that are selected for the upgrade. Use the no ap upgrade staggered client-deauth command to stop deauthenticating clients before the AP performs an upgrade. By default, the AP deauthenticates all clients before performing an upgrade. For more information, see the chapter N+1 Hitless Rolling AP Upgrade. |
Flex OTT and Roaming Latency Validation over BGP EVPN |
This release supports Over The Top (OTT) Ethernet Virtual Private Network (EVPN) solution. For more information on the EVPN solution, see the BGP EVPN VXLAN Configuration Guide. |
GNSS Support |
AP tracks GPS information for devices deployed in the outdoor environment and sends the GNSS information to the wireless controller. The following command is introduced on the AP: show gnss info. The following commands display the GPS location of the AP:
For more information, see Cisco Catalyst IW9167E Heavy Duty Access Point Configuration Guide. |
iCAP Spectrum Analysis Enable and Update |
The spectral capture update rate (using iCAP on Cisco DNA Centre) for the WiFi6E APs, such as 9136, 9166, 9164, and 9162, are improved by about 70 percent. Rogue client detection is impacted slightly while performing spectral capture. However, rogue AP detection is not affected and impacts only the APs performing spectral capture. When Fastlocate, Cisco Hyperlocation, or Rogue Containment features are enabled, spectral capture updates won't cause an impact. When you perform a full packet data capture for a Wifi6E client using Cisco DNA Center, the broadcast frames, such as FILS and UPBR, do not appear in the packet data capture. The only broadcast frames included are management frames beacon. |
Jumbo Frame Support for RADIUS Packets |
This release supports higher RADIUS packet fragmentation. The fragmentation size is increased to 9000 bytes. For more information, see the chapter Multiple Authentications for a Client. |
Location-Capable Attribute in the Access-Request Messages |
This release supports Location-Capable attribute from RFC 5580, which provides details of the available location profiles' configuration on the device. The following command is introduced:
For more information, see the chapter Configuring RFC 5580 Location Attributes. |
Multiauthentication Combination of 802.1X and Local Web Authentication |
This feature supports the merging of applied policies during the multiauthentication of 802.1X or MAC Authentication Bypass and Local Web Authentication. The following command is introduced:
For more information, see the chapter Security. |
New AAA Command |
A new command is introduced to display brief information about AAA servers:
For more information, see the Cisco Catalyst 9800 Series Wireless Controller Command Reference. |
Out-of-Band AP Image Download |
The AP image upgrade method is enhanced to make the upgrades faster and more flexible. The following commands are introduced:
For more information, see the chapter Efficient Image Upgrade. |
RAP Ethernet Daisy Chain with WSTP |
RAP Ethernet Daisy Chain feature is enhanced in this release. WSTP hello message is used for root port detection to support flexible topology. A dedicated command is introduced to enable this feature: rap-eth-daisychain. The following command is introduced to configure primary ETH port: ap name mesh backhaul ethernet. For more information, see Cisco Catalyst IW9167E Heavy Duty Access Point Configuration Guide. |
Reload Reason History |
The Reload Reason History feature tracks the controller reload reason. Using the show version command and Network Configuration Protocol (NETCONF), you can view the reload reason history, which is useful for troubleshooting and serviceability. For more information, see the chapter Reload Reason History. |
RFID Hardening |
The show wireless rfid detail command has been enhanced to display information about the neighbouring APs. |
Secure Data Wipe |
This feature allows you to securely erase files from the file system of Cisco Access Points. For more information, see the chapter Secure Data Wipe. |
Site Survey mode |
From this release, the site survey mode is supported on the Cisco Catalyst IW9167E Heavy Duty Access Points. |
Subscription Dampening-Period for On-Change Telemetry |
This feature introduces a dampening period for on-change subscriptions. All record updates are sent at the end of the dampening period, even when there are multiple updates of the same record during that period. Without a dampening period, the receiver may be flooded with repeated updates that could exhaust the resources in the publisher and receiver. For more information, see the Programmability Configuration Guide. |
User-Configurable Ethernet Port LEDs |
In this release, the Ethernet port LEDs in APs are enabled or disabled (switched ON or OFF) as per the system LED. For example, if the system LED is ON, the Ethernet LED will also be ON. For more information, see the chapter AP Management. |
WGB mode and uWGB mode |
From this release, the Workgroup Bridge (WGB) mode and Universal Workgroup Bridge (uWGB) mode are supported on the Cisco Catalyst IW9167E Heavy Duty Access Points. For more information, see Cisco Catalyst IW9167E Heavy Duty Access Point Workgroup Bridge Configuration Guide. |
Wireless Client Latency Statistics |
From this release onwards, the wireless client latency statistics allow you to view a client's statistics using the client's MAC address. The following command is introduced:
|
Zero Wait DFS Support on Cisco Catalyst 9136 AP |
From this release, Zero Wait Dynamic Frequency Selection feature is supported on the Cisco Catalyst 9136 Series Access Points. For more information, see the chapter Dynamic Frequency Selection. |
Feature Name |
GUI Path |
---|---|
Out-of-Band AP Image Download |
|
Convert Redundant 2.4-GHz Radios to Monitor Mode |
|
Background Scanning and MAP Fast Ancestor Find Mode |
|
Calendar Profile Enhancement |
|
User-Configurable Ethernet Port LEDs |
|
MIBs
The following MIBs are newly added or modified:
-
AIRESPACE-WIRELESS-CAPABILITY
-
AIRESPACE-WIRELESS-MIB
-
CISCO-LWAPP-AP-MIB
-
CISCO-LWAPP-TC-MIB
Strong Crypto Algorithms
We strongly recommend stronger cryptographic algorithms instead of weak cryptographic algorithms, such as RSA keys of less than 2048 bits, MD5 for authentication, DES, and 3DES for encryption. Soon, such weak algorithms will no longer be allowed by default. An explicit configuration is required to continue using such weak algorithms.
For SNMP v3 users with weak cryptographic properties, the SNMP operations to the device will fail, resulting in loss of management access to device through SNMP. Similarly, if the RSA key pair is not updated to be at least 2048 bits for SSH, the SSH server will be disabled, resulting in loss of remote access to the device through SSH.
For more information on how to migrate to stronger cryptographic algorithms for SNMP, see the Field Notice Number: FN72509.
For more information on how to migrate to stronger cryptographic algorithms for SSH, see Field Notice Number: FN72511.
Product Analytics
This feature allows for the collection of non-personal usage device systems information for Cisco products, which helps in continuous product improvements. This feature is supported on the Cisco Catalyst 9800 Series Wireless Controllers (9800-80, 9800-40, 9800-L, and 9800-CL). You can use the the pae command to enable or disable this feature.
The following commands are introduced as part of this feature:
-
pae
-
show product-analytics kpi
-
show product-analytics report
-
show product-analytics stats
Note |
Turning off Smart Licensing Device Systems Information does not impact other Systems Information collection including from Cisco Catalyst Center or vManage. |
Important: Cisco is constantly striving to advance our products and services. Knowing how you use our products is key to accomplishing this goal. To that end, Cisco will collect device and licensing Systems Information through Cisco Smart Software Manager (CSSM) for product and customer experience improvement, analytics, and adoption. Cisco processes your data in accordance with the General Terms and Conditions, the Cisco Privacy Statement and any other applicable agreement with Cisco. To modify your organization’s preferences for device and licensing systems information, use the pae command. For more information, see Cisco Catalyst 9800 Series Wireless Controller Command Reference.
For additional information on this feature, see Wireless Product Analytics FAQ.
Behavior Changes
-
When nonrealm clients join realm-enabled SSIDs, accounting requests are sent to the AAA server that is mapped to the accounting method list configured under the policy profile after clients move to the RUN state.
-
CAPWAP packets that are sent towards APs are tagged with a device tag.
-
From this release, Online subscription with Encryption (OSEN) can be enabled with WPA2.
-
From Cisco IOS XE Dublin 17.11.1, for 6-GHz bandwidth, the DBS Minimum Channel Width and DBS Maximum Channel Width fields are moved from Configuration > Radio Configurations > RRM > 6 Ghz Band > General to Configuration > Tags & Profiles > RF Profile > RRM > DCA > Channel width > DBS channel width.
-
If you have configured CISCO_IDEVID_SUDI trustpoint in your configuration, you will need to replace it with CISCO_IDEVID_CMCA3_SUDI to avoid client connection and AP join issues. The reason for this change being the CISCO_IDEVID_SUDI changed from SW-SUDI certificate in previous releases to HW-SUDI certificate. The processing of HW-SUDI certificate is much slower than the SW-SUDI. Here, CISCO_IDEVID_CMCA3_SUDI is the new SW-SUDI certificate.
Interactive Help
The Cisco Catalyst 9800 Series Wireless Controller GUI features an interactive help that walks you through the GUI and guides you through complex configurations.
You can start the interactive help in the following ways:
-
By hovering your cursor over the blue flap at the right-hand corner of a window in the GUI and clicking Interactive Help.
-
By clicking Walk-me Thru in the left pane of a window in the GUI.
-
By clicking Show me How displayed in the GUI. Clicking Show me How triggers a specific interactive help that is relevant to the context you are in.
For instance, Show me How in Configure > AAA walks you through the various steps for configuring a RADIUS server. Choose Configuration> Wireless Setup > Advanced and click Show me How to trigger the interactive help that walks you through the steps relating to various kinds of authentication.
The following features have an associated interactive help:
-
Configuring AAA
-
Configuring FlexConnect Authentication
-
Configuring 802.1x Authentication
-
Configuring Local Web Authentication
-
Configuring OpenRoaming
-
Configuring Mesh APs
Note |
If the WalkMe launcher is unavailable on Safari, modify the settings as follows:
|
Supported Hardware
The following table lists the supported virtual and hardware platforms. (See Supported PIDs and Ports for the list of supported modules.)
Platform |
Description |
---|---|
Cisco Catalyst 9800-80 Wireless Controller |
A modular wireless controller with up to 100-GE modular uplinks and seamless software updates. The controller occupies a 2-rack unit space and supports multiple module uplinks. |
Cisco Catalyst 9800-40 Wireless Controller |
A fixed wireless controller with seamless software updates for mid-size to large enterprises. The controller occupies a 1-rack unit space and provides four 1-GE or 10-GE uplink ports. |
Cisco Catalyst 9800-L Wireless Controller |
The Cisco Catalyst 9800-L Wireless Controller is the first low-end controller that provides a significant boost in performance and features. |
Cisco Catalyst 9800 Wireless Controller for Cloud |
A virtual form factor of the Catalyst 9800 Wireless Controller that can be deployed in a private cloud (supports VMware ESXi, Kernel-based Virtual Machine [KVM], Microsoft Hyper-V, and Cisco Enterprise NFV Infrastructure Software [NFVIS] on Enterprise Network Compute System [ENCS] hypervisors), or in the public cloud as Infrastructure as a Service (IaaS) in Amazon Web Services (AWS), Google Cloud Platform (GCP) marketplace, and Microsoft Azure. |
Cisco Catalyst 9800 Embedded Wireless Controller for Switch |
The Catalyst 9800 Wireless Controller software for the Cisco Catalyst 9000 switches brings the wired and wireless infrastructure together with consistent policy and management. This deployment model supports only Software Defined-Access (SDA), which is a highly secure solution for small campuses and distributed branches. |
The following table lists the host environments supported for private and public cloud.
Host Environment |
Software Version |
---|---|
VMware ESXi |
|
KVM |
|
AWS |
AWS EC2 platform |
NFVIS |
ENCS 3.8.1 and 3.9.1 |
GCP |
GCP marketplace |
Microsoft Hyper-V |
Windows 2019 Server and Windows Server 2016 (Version 1607) with Hyper-V Manager (Version 10.0.14393) |
Microsoft Azure |
Microsoft Azure |
The following table lists the supported Cisco Catalyst 9800 Series Wireless Controller hardware models.
The base PIDs are the model numbers of the controller.
The bundled PIDs indicate the orderable part numbers for the base PIDs that are bundled with a particular network module. Running the show version , show module , or show inventory command on such a controller (bundled PID) displays its base PID.
Note that unsupported SFPs will bring down a port. Only Cisco-supported SFPs (GLC-LH-SMD and GLC-SX-MMD) should be used on the route processor (RP) ports of C9800-80-K9 and C9800-40-K9.
Controller Model |
Description |
---|---|
C9800-CL-K9 |
Cisco Catalyst Wireless Controller as an infrastructure for cloud. |
C9800-80-K9 |
Eight 1/10-Gigabit Ethernet SFP or SFP+ ports and two power supply slots. |
C9800-40-K9 |
Four 1/10-Gigabit Ethernet SFP or SFP+ ports and two power supply slots. |
C9800-L-C-K9 |
|
C9800-L-F-K9 |
|
The following table lists the supported SFP models.
SFP Name |
C9800-80-K9 |
C9800-40-K9 |
C9800-L-C-K9 |
C9800-L-F-K9 |
---|---|---|---|---|
COLORCHIP-C040- Q020-CWDM4-03B |
Supported |
— |
— |
— |
DWDM-SFP10G-30.33 |
Supported |
Supported |
— |
— |
DWDM-SFP10G-61.41 |
Supported |
Supported |
— |
— |
FINISAR-LR – FTLX1471D3BCL 1 |
Supported |
Supported |
— |
Supported |
FINISAR-SR – FTLX8574D3BCL |
Supported |
Supported |
— |
Supported |
FINISAR- FTL4C1QL2L |
Supported |
— |
— |
— |
FINISAR- FTL4C1QE1C |
Supported |
— |
— |
— |
GLC-BX-D |
Supported |
Supported |
Supported |
Supported |
GLC-BX-U |
Supported |
Supported |
Supported |
Supported |
GLC-EX-SMD |
Supported |
Supported |
— |
— |
GLC-LH-SMD |
Supported |
Supported |
Supported |
— |
GLC-SX-MMD |
Supported |
Supported |
Supported |
Supported |
GLC-T |
Supported |
— |
Supported |
— |
GLC-TE |
Supported |
Supported |
Supported |
Supported |
GLC-ZX-SMD |
Supported |
Supported |
Supported |
Supported |
QSFP-100G-LR4-S |
Supported |
— |
— |
— |
QSFP-100G-SR4-S |
Supported |
— |
— |
— |
QSFP-40G-BD-RX |
Supported |
— |
— |
— |
QSFP-40G-CSR-S |
Supported |
— |
— |
— |
QSFP-40G-ER4 |
Supported |
— |
— |
— |
QSFP-40G-LR4 |
Supported |
— |
— |
— |
QSFP-40G-LR4-S |
Supported |
— |
— |
— |
QSFP-40G-SR-BD |
Supported |
— |
— |
— |
QSFP-40G-SR4 |
Supported |
— |
— |
— |
QSFP-40G-SR4-S |
Supported |
— |
— |
— |
QSFP-40GE-LR4 |
Supported |
— |
— |
— |
QSFP-H40G-ACU7M |
Supported |
— |
— |
— |
SFP-10G-AOC10M |
Supported |
Supported |
— |
— |
SFP-10G-AOC1M |
Supported |
Supported |
— |
— |
SFP-10G-AOC2M |
Supported |
Supported |
— |
— |
SFP-10G-AOC3M |
Supported |
Supported |
— |
— |
SFP-10G-AOC5M |
Supported |
Supported |
— |
— |
SFP-10G-AOC7M |
Supported |
Supported |
— |
— |
SFP-10G-ER |
Supported |
Supported |
— |
— |
SFP-10G-LR |
Supported |
Supported |
— |
Supported |
SFP-10G-LR-S |
Supported |
Supported |
— |
Supported |
SFP-10G-LR-X |
Supported |
Supported |
— |
Supported |
SFP-10G-LRM |
Supported |
Supported |
— |
Supported |
SFP-10G-SR |
Supported |
Supported |
— |
Supported |
SFP-10G-SR-S |
Supported |
Supported |
— |
Supported |
SFP-10G-SR-X |
Supported |
Supported |
— |
Supported |
SFP-10G-ZR |
Supported |
Supported |
— |
— |
SFP-H10GB- ACU10M |
Supported |
Supported |
— |
Supported |
SFP-H10GB- ACU7M |
Supported |
Supported |
— |
Supported |
SFP-H10GB- CU1.5M |
Supported |
Supported |
— |
Supported |
SFP-H10GB-CU1M |
Supported |
Supported |
— |
Supported |
SFP-H10GB-CU2.5M |
Supported |
Supported |
— |
Supported |
SFP-H10GB-CU2M |
Supported |
Supported |
— |
Supported |
SFP-H10GB-CU3M |
Supported |
Supported |
— |
Supported |
SFP-H10GB-CU5M |
Supported |
Supported |
— |
Supported |
Optics Modules
The Cisco Catalyst 9800 Series Wireless Controller supports a wide range of optics. The list of supported optics is updated on a regular basis. See the tables at the following location for the latest transceiver module compatibility information:
https://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html
Network Protocols and Port Matrix
Source |
Destination |
Protocol |
Destination Port |
Source Port |
Description |
---|---|---|---|---|---|
Any |
Cisco Catalyst 9800 Series Wireless Controller |
TCP |
22 |
Any |
SSH |
Any |
Cisco Catalyst 9800 Series Wireless Controller |
TCP |
23 |
Any |
Telnet |
Any |
Cisco Catalyst 9800 Series Wireless Controller |
TCP |
80 |
Any |
HTTP |
Any |
Cisco Catalyst 9800 Series Wireless Controller |
TCP |
443 |
Any |
HTTPS |
Any |
Cisco Catalyst 9800 Series Wireless Controller |
UDP |
161 |
Any |
SNMP Agent |
Any |
Any |
UDP |
5353 |
5353 |
mDNS |
Any |
Cisco Catalyst 9800 Series Wireless Controller |
UDP |
69 |
69 |
TFTP |
Any |
DNS Server |
UDP |
53 |
Any |
DNS |
Any |
Cisco Catalyst 9800 Series Wireless Controller |
TCP |
830 |
Any |
NetConf |
Any |
Cisco Catalyst 9800 Series Wireless Controller |
TCP |
443 |
Any |
REST API |
Any |
WLC Protocol |
UDP |
1700 |
Any |
Receive CoA packets. |
AP |
Cisco Catalyst 9800 Series Wireless Controller |
UDP |
5246 |
Any |
CAPWAP Control |
AP |
Cisco Catalyst 9800 Series Wireless Controller |
UDP |
5247 |
Any |
CAPWAP Data |
AP |
Cisco Catalyst 9800 Series Wireless Controller |
UDP |
5248 |
Any |
CAPWAP MCAST |
AP |
Cisco Catalyst Center |
UDP |
57778 |
Any |
Intelligent capture and RF telemetry |
AP |
AP |
UDP |
16670 |
Any |
Client Policies (AP-AP) |
Cisco Catalyst 9800 Series Wireless Controller |
Cisco Catalyst 9800 Series Wireless Controller |
UDP |
16666 |
16666 |
Mobility Control |
Cisco Catalyst 9800 Series Wireless Controller |
SNMP |
UDP |
162 |
Any |
SNMP Trap |
Cisco Catalyst 9800 Series Wireless Controller |
RADIUS |
UDP |
1812/1645 |
Any |
RADIUS Auth |
Cisco Catalyst 9800 Series Wireless Controller |
RADIUS |
UDP |
1813/1646 |
Any |
RADIUS ACCT |
Cisco Catalyst 9800 Series Wireless Controller |
TACACS+ |
TCP |
49 |
Any |
TACACS+ |
Cisco Catalyst 9800 Series Wireless Controller |
Cisco Catalyst 9800 Series Wireless Controller |
UDP |
16667 |
16667 |
Mobility |
Cisco Catalyst 9800 Series Wireless Controller |
NTP Server |
UDP |
123 |
Any |
NTP |
Cisco Catalyst 9800 Series Wireless Controller |
Syslog Server |
UDP |
514 |
Any |
SYSLOG |
Cisco Catalyst 9800 Series Wireless Controller |
NetFlow Server |
UDP |
9996 |
Any |
NetFlow |
Cisco Catalyst 9800 Series Wireless Controller |
Cisco Connected Mobile Experiences (CMX) |
UDP |
16113 |
Any |
NMSP |
Cisco Catalyst Center |
Cisco Catalyst 9800 Series Wireless Controller |
TCP |
32222 |
Any |
Device Discovery |
Supported APs
The following Cisco APs are supported in this release.
Indoor Access Points
-
Cisco Catalyst 9105AX (I/W) Access Points
-
Cisco Catalyst 9115AX (I/E) Access Points
-
Cisco Catalyst 9117AX (I) Access Points
-
Cisco Catalyst 9120AX (I/E/P) Access Points
-
Cisco Catalyst 9130AX (I/E) Access Points
-
Cisco Catalyst 9136 (I) Access Points
-
Cisco Catalyst 9162 (I) Series Access Points
-
Cisco Catalyst 9164 (I) Series Access Points
-
Cisco Catalyst 9166 (I) Series Access Points
-
Cisco Aironet 1815 (I/W), 1830 (I), 1840 (I), and 1850 (I/E) Access Points
-
Cisco Aironet 2800 (I/E) Series Access Points
-
Cisco Aironet 3800 (I/E/P) Series Access Points
-
Cisco Aironet 4800 Series Access Points
Outdoor Access Points
-
Cisco Aironet 1540 Series Access Points
-
Cisco Aironet 1560 Series Access Points
-
Cisco Catalyst Industrial Wireless 6300 Heavy Duty Series Access Point
-
Cisco 6300 Series Embedded Services Access Point
-
Cisco Catalyst 9124AX (I/D/E) Access Points
-
Cisco Catalyst Industrial Wireless 9167 (E) Heavy Duty Access Point
Integrated Access Points
-
Integrated Access Point on Cisco 1100 ISR (ISR-AP1100AC-x, ISR-AP1101AC-x, and ISR-AP1101AX-x)
Network Sensor
-
Cisco Aironet 1800s Active Sensor
Pluggable Modules
-
Wi-Fi 6 Pluggable Module for Industrial Routers
Supported Access Point Channels and Maximum Power Settings
Supported access point channels and maximum power settings on Cisco APs are compliant with the regulatory specifications of channels, maximum power levels, and antenna gains of every country in which the access points are sold. For more information about the supported access point transmission values in Cisco IOS XE software releases, see the Detailed Channels and Maximum Power Settings document at https://www.cisco.com/c/en/us/support/ios-nx-os-software/ios-xe-17/products-technical-reference-list.html.
For information about Cisco Wireless software releases that support specific Cisco AP modules, see the "Software Release Support for Specific Access Point Modules" section in the Cisco Wireless Solutions Software Compatibility Matrix document.
Compatibility Matrix
The following table provides software compatibility information.
Cisco Catalyst 9800 Series Wireless Controller Software | Cisco Identity Services Engine | Cisco Prime Infrastructure | Cisco AireOS-IRCM Interoperability | Cisco Catalyst Center | Cisco Spaces: Connector | Cisco CMX |
---|---|---|---|---|---|---|
Dublin 17.11.1 |
3.2 3.1 3.0 2.7 2.6 2.4 * all with latest patches |
3.10.3 |
8.10.183.0 8.10.182.0 8.10.181.0 8.10.171.0 8.10.162.0 8.10.151.0 8.10.142.0 8.10.130.0 8.8.130.0 8.5.176.2 8.5.182.104 |
3, May 2023 2.3.4 2.3.3 2.3.2 2.3.1 |
11.0 10.6.3 |
GUI System Requirements
The following subsections list the hardware and software required to access the Cisco Catalyst 9800 Controller GUI.
Processor Speed |
DRAM |
Number of Colors |
Resolution |
Font Size |
---|---|---|---|---|
233 MHz minimum2 |
512 MB3 |
256 |
1280 x 800 or higher |
Small |
Software Requirements
Operating Systems:
-
Windows 7 or later
-
Mac OS X 10.11 or later
Browsers:
-
Google Chrome: Version 59 or later (on Windows and Mac)
-
Microsoft Edge: Version 40 or later (on Windows)
-
Safari: Version 10 or later (on Mac)
-
Mozilla Firefox: Version 60 or later (on Windows and Mac)
Note |
Firefox Version 63.x is not supported. |
The controller GUI uses Virtual Terminal (VTY) lines for processing HTTP requests. At times, when multiple connections are open, the default number of VTY lines of 15 set by the device might get exhausted. Therefore, we recommend that you increase the number of VTY lines to 50.
To increase the VTY lines in a device, run the following commands in the following order:
-
device# configure terminal
-
device(config)# line vty 50
A best practice is to configure the service tcp-keepalives to monitor the TCP connection to the device.
-
device(config)# service tcp-keepalives-in
-
device(config)# service tcp-keepalives-out
Before You Upgrade
Ensure that you familiarize yourself with the following points before proceeding with the upgrade:
Caution |
During controller upgrade or reboot, if route processor ports are connected to any Cisco switch, ensure that the route processor ports are not flapped (shut/no shut process). Otherwise, it may lead to a kernel crash. |
Note |
|
Cisco Wave 2 APs may get into a boot loop when upgrading software over a WAN link. For more information, see: https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/220443-how-to-avoid-boot-loop-due-to-corrupted.html.
The following Wave 1 APs are not supported from 17.4 to 17.9.2, 17.10.x, 17.11.x, 17.13.x, and 17.14.x:
-
Cisco Aironet 1570 Series Access Point
-
Cisco Aironet 1700 Series Access Point
-
Cisco Aironet 2700 Series Access Point
-
Cisco Aironet 3700 Series Access Point
Note |
|
-
From Cisco IOS XE Dublin 17.10.x, Key Exchange and MAC algorithms like diffie-hellman-group14-sha1, hmac-sha1, hmac-sha2-256, and hmac-sha2-512 are not supported by default and it may impact some SSH clients that only support these algorithms. If required, you can add them manually. For information on manually adding these algorithms, see the SSH Algorithms for Common Criteria Certification document available at: https://www.cisco.com/c/en/us/td/docs/routers/ios/config/17-x/sec-vpn/b-security-vpn/m_sec-secure-shell-algorithm-ccc.html
-
If APs fail to detect the backup image after running the archive download-sw command, perform the following steps:
-
Upload the image using the no-reload option of the archive download-sw command:
Device# archive download-sw /no-reload tftp://<tftp_server_ip>/<image_name>
-
Restart the CAPWAP process using capwap ap restart command. This allows the AP to use the correct backup image after the restart (reload is not required.)
Device# capwap ap restart
Caution
The AP will lose connection to the controller during the join process. When the AP joins the new controller, it will see a new image in the backup partition. So, the AP will not download a new image from the controller.
-
-
If the Cisco-IOS-XE-wireless-access-point-oper shows country operator as ZZ, the information is specific for countries supporting multiple regulatory domains. These records should only be accessed and referred to by such countries. For country-specific information, refer to the respective record using the country code.
-
You might observe a high Confd CPU when full synchronization occurs between NETCONF datastore and Cisco IOS configuration. This behavior is normal and is triggered by the line vty command.
-
From Cisco IOS XE Cupertino 17.7.1 onwards, for Cisco Catalyst 9800-CL Wireless Controller, ensure that you complete Resource Utilization Measurement (RUM) reporting and ensure that the ACK is made available on the product instance at least once. This is to ensure that correct and up-to-date usage information is reflected in the Cisco Smart Software Manager (CSSM).
-
Fragmentation lower than 1500 is not supported for the RADIUS packets generated by wireless clients in the Gi0 (OOB) interface.
-
Cisco IOS XE allows you to encrypt all the passwords used on the device. This includes user passwords and SSID passwords (PSK). For more information, see the "Password Encryption" section of the Cisco Catalyst 9800 Series Configuration Best Practices document.
-
While upgrading to Cisco IOS XE 17.3.x and later releases, if the ip http active-session-modules none command is enabled, you will not be able to access the controller GUI using HTTPS. To access the GUI using HTTPS, run the following commands in the order specified below:
-
ip http session-module-list pkilist OPENRESTY_PKI
-
ip http active-session-modules pkilist
-
-
Cisco Aironet 1815T OfficeExtend Access Point will be in local mode when connected to the controller. However, when it functions as a standalone AP, it gets converted to FlexConnect mode.
-
The Cisco Catalyst 9800-L Wireless Controller may fail to respond to the BREAK signals received on its console port during boot time, preventing users from getting to the ROMMON. This problem is observed on the controllers manufactured until November 2019, with the default config-register setting of 0x2102. This problem can be avoided if you set config-register to 0x2002. This problem is fixed in the 16.12(3r) ROMMON for Cisco Catalyst 9800-L Wireless Controller. For information about how to upgrade the ROMMON, see the Upgrading ROMMON for Cisco Catalyst 9800-L Wireless Controllers section of the Upgrading Field Programmable Hardware Devices for Cisco Catalyst 9800 Series Wireless Controllers document.
-
By default, the controller uses a TFTP block size value of 512, which is the lowest possible value. This default setting is used to ensure interoperability with legacy TFTP servers. If required, you can change the block size value to 8192 to speed up the transfer process, using the ip tftp blocksize command in global configuration mode.
-
We recommend that you configure the password encryption aes and the key config-key password-encrypt key commands to encrypt your password.
-
If the following error message is displayed after a reboot or system crash, we recommend that you regenerate the trustpoint certificate:
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Use the following commands in the order specified below to generate a new self-signed trustpoint certificate:
-
device# configure terminal
-
device(config)# no crypto pki trustpoint trustpoint_name
-
device(config)# no ip http server
-
device(config)# no ip http secure-server
-
device(config)# ip http server
-
device(config)# ip http secure-server
-
device(config)# ip http authentication local/aaa
-
-
Do not deploy OVA files directly to VMware ESXi 6.5. We recommend that you use an OVF tool to deploy the OVA files.
-
Ensure that you remove the controller from Cisco Prime Infrastructure before disabling or enabling Netconf-YANG. Otherwise, the system may reload unexpectedly.
-
Unidirectional Link Detection (UDLD) protocol is not supported.
-
SIP media session snooping is not supported on FlexConnect local switching deployments.
-
The Cisco Catalyst 9800 Series Wireless Controllers (C9800-CL, C9800-L, C9800-40, and C9800-80) support a maximum of 14,000 leases with internal DHCP scope.
-
Configuring the mobility MAC address using the wireless mobility mac-address command is mandatory for both HA and 802.11r.
-
If you have Cisco Catalyst 9120 (E/I/P) and Cisco Catalyst 9130 (E) APs in your network and you want to downgrade, use only Cisco IOS XE Gibraltar 16.12.1t. Do not downgrade to Cisco IOS XE Gibraltar 16.12.1s.
-
The following SNMP variables are not supported:
-
CISCO-LWAPP-WLAN-MIB: cLWlanMdnsMode
-
CISCO-LWAPP-AP-MIB.my: cLApDot11IfRptncPresent, cLApDot11IfDartPresent
-
-
If you are upgrading from Cisco IOS XE Gibraltar 16.11.x or an earlier release, ensure that you unconfigure the advipservices boot-level licenses on both the active and standby controllers using the no license boot level advipservices command before the upgrade. Note that the license boot level advipservices command is not available in Cisco IOS XE Gibraltar 16.12.1s and 16.12.2s.
-
The Cisco Catalyst 9800 Series Wireless Controller has a service port that is referred to as GigabitEthernet 0 port.
The following protocols and features are supported through this port:
-
Cisco Catalyst Center
-
Cisco Smart Software Manager
-
Cisco Prime Infrastructure
-
Telnet
-
Controller GUI
-
DNS
-
File transfer
-
GNMI
-
HTTP
-
HTTPS
-
LDAP
-
Licensing for Smart Licensing feature to communicate with CSSM
-
Netconf
-
NetFlow
-
NTP
-
RADIUS (including CoA)
-
Restconf
-
SNMP
-
SSH
-
SYSLOG
-
TACACS+
-
-
During device upgrade using GUI, if a switchover occurs, the session expires and the upgrade process gets terminated. As a result, the GUI cannot display the upgrade state or status.
-
From Cisco IOS XE Bengaluru 17.4.1 onwards, the telemetry solution provides a name for the receiver address instead of the IP address for telemetry data. This is an additional option. During the controller downgrade and subsequent upgrade, there is likely to be an issue—the upgrade version uses the newly named receivers, and these are not recognized in the downgrade. The new configuration gets rejected and fails in the subsequent upgrade. Configuration loss can be avoided when the upgrade or downgrade is performed from Cisco Catalyst Center.
-
From Cisco IOS XE Bengaluru 17.4.1 onwards, session timeout under the policy profile is supported.
-
Communication between Cisco Catalyst 9800 Series Wireless Controller and Cisco Prime Infrastructure uses different ports:
-
All the configurations and templates available in Cisco Prime Infrastructure are pushed through SNMP and CLI, using UDP port 161.
-
Operational data for controller is obtained over SNMP, using UDP port 162.
-
AP and client operational data leverage streaming telemetry:
-
Cisco Prime Infrastructure to controller: TCP port 830 is used by Cisco Prime Infrastructure to push the telemetry configuration to the controller (using NETCONF).
-
Controller to Cisco Prime Infrastructure: TCP port 20828 is used for Cisco IOS-XE 16.10.x and 16.11.x, and TCP port 20830 is used for Cisco IOS-XE 16.12.x, 17.1.x and later releases.
-
-
-
The Cisco Centralized Key Management (CCKM) feature is deprecated from Cisco IOS XE Dublin 17.10.x.
-
To migrate public IP address from 16.12.x to 17.x. ensure that you configure the service internal command. If you do not configure the service internal command, the IP address does not get carried forward.
-
RLAN support with Virtual Routing and Forwarding (VRF) is not available.
-
When you encounter the SNMP error SNMP_ERRORSTATUS_NOACCESS 6, it means that the specified SNMP variable is not accessible.
-
We recommend that you perform a controller reload whenever there is a change in the controller's clock time to reflect an earlier time.
Note |
The DTLS version (DTLSv1.0) is deprecated for Cisco Aironet 1800 based on latest security policies. Therefore, any new out-of-box deployments of Cisco Aironet 1800 APs will fail to join the controller and you will get the following error message:
To onboard new Cisco Aironet 1800 APs and to establish a CAPWAP connection, explicitly set the DTLS version to 1.0 in the controller using the following configuration:
Note that setting the DTLS version to 1.0 affects all the existing AP CAPWAP connections. We recommend that you apply the configuration only during a maintenance window. After the APs download the new image and join the controller, ensure that you remove the configuration. |
To upgrade the field programmable hardware devices for Cisco Catalyst 9800 Series Wireless Controllers, see Upgrading Field Programmable Hardware Devices for Cisco Catalyst 9800 Series Wireless Controllers.
Important |
Before you begin a downgrade process, you must manually remove the configurations which are applicable in the current version but not in older version. Otherwise, you might encounter an unexpected behavior. |
Upgrade Path to Cisco IOS XE Dublin 17.11.x
Current Software |
Upgrade Path for Deployments with 9130 or 9124 |
Upgrade Path for Deployments Without 9130 or 9124 |
---|---|---|
16.10.x |
— |
Upgrade first to 16.12.5 or 17.3.x and then to 17.11.x. |
16.11.x |
— |
Upgrade first to 16.12.5 or 17.3.x and then to 17.11.x. |
16.12.x |
Upgrade first to 17.3.5 or later or 17.6.x or later, and then to 17.11.x. | Upgrade first to 17.3.5 or later or 17.6.x or later, and then to 17.11.x. |
17.1.x |
Upgrade first to 17.3.5 or later and then to 17.11.x. | Upgrade first to 17.3.5 or later and then to 17.11.x. |
17.2.x |
Upgrade first to 17.3.5 or later and then to 17.11.x. | Upgrade first to 17.3.5 or later and then to 17.11.x. |
17.3.1 to 17.3.4 |
Upgrade first to 17.3.5 or later or 17.6.x or later, and then to 17.11.x. |
Upgrade directly to 17.11.x. |
17.3.4c or later |
Upgrade directly to 17.11.x. |
Upgrade directly to 17.11.x. |
17.4.x |
Upgrade first to 17.6.x and then to 17.11.x. |
Upgrade directly to 17.11.x. |
17.5.x |
Upgrade first to 17.6.x and then to 17.11.x. |
Upgrade directly to 17.11.x. |
17.6.x |
Upgrade directly to 17.11.x. |
Upgrade directly to 17.11.x. |
17.7.x |
Upgrade directly to 17.11.x. |
Upgrade directly to 17.11.x. |
17.8.x |
Upgrade directly to 17.11.x. |
Upgrade directly to 17.11.x. |
17.9.x |
Upgrade directly to 17.11.x |
Upgrade directly to 17.11.x |
17.10.x |
Upgrade directly to 17.11.x |
Upgrade directly to 17.11.x |
8.9.x or any version prior to 8.10.171.0 |
Upgrade first to 17.3.5 or later or 17.6.x or later, and then to 17.11.x. |
Upgrade directly to 17.11.x. |
Upgrading the Controller Software
This section describes the various aspects of upgrading the controller software.
For information on the upgrade process and the methods to upgrade the Cisco Catalyst 9800 Series Wireless Controller software, see the "Upgrading the Cisco Catalyst 9800 Wireless Controller Software" chapter of the Cisco Catalyst 9800 Series Wireless Controller Software Configuration Guide.
Finding the Software Version
The package files for the Cisco IOS XE software are stored in the system board flash device (flash:).
Use the show version privileged EXEC command to see the software version that is running on your controller.
Note |
Although the show version output always shows the software image running on the controller, the model name shown at the end of the output is the factory configuration, and does not change if you upgrade the software license. |
Use the show install summary privileged EXEC command to see the information about the active package.
Use the dir filesystem: privileged EXEC command to see the directory names of other software images that you have stored in flash memory.
Software Images
-
Release: Cisco IOS XE Dublin 17.11.x
-
Image Names (9800-80, 9800-40, and 9800-L):
-
C9800-80-universalk9_wlc.17.11.x.SPA.bin
-
C9800-40-universalk9_wlc.17.11.x.SPA.bin
-
C9800-L-universalk9_wlc.17.11.x.SPA.bin
-
-
Image Names (9800-CL):
-
Cloud: C9800-CL-universalk9.17.11.x.SPA.bin
-
Hyper-V/ESXi/KVM: C9800-CL-universalk9.17.11.x.iso, C9800-CL-universalk9.17.11.x.ova
-
KVM: C9800-CL-universalk9.17.11.x.qcow2
-
NFVIS: C9800-CL-universalk9.17.11.x.tar.gz
-
Software Installation Commands
Cisco IOS XE Dublin 17.11.x |
|||
---|---|---|---|
To install and activate a specified file, and to commit changes to be persistent across reloads, run the following command: device# install add file filename [activate |commit] To separately install, activate, commit, end, or remove the installation file, run the following command: device# install ?
|
|||
add file tftp: filename |
Copies the install file package from a remote location to a device, and performs a compatibility check for the platform and image versions. |
||
activateauto-abort-timer] |
Activates the file and reloads the device. The auto-abort-timer keyword automatically rolls back image activation. |
||
commit |
Makes changes that are persistent over reloads. |
||
rollback to committed |
Rolls back the update to the last committed version. |
||
abort |
Cancels file activation, and rolls back to the version that was running before the current installation procedure started. |
||
remove |
Deletes all unused and inactive software installation files. |
Licensing
The Smart Licensing Using Policy feature is automatically enabled on the controller. This is also the case when you upgrade to this release. By default, your Smart Account and Virtual Account in Cisco Smart Software Manager (CSSM) are enabled for Smart Licensing Using Policy. For more information, see the "Smart Licensing Using Policy" chapter in the Cisco Catalyst 9800 Series Wireless Controller Software Configuration Guide.
For a more detailed overview on Cisco Licensing, see cisco.com/go/licensingguide.
Interoperability with Clients
This section describes the interoperability of the controller software with client devices.
The following table lists the configurations used for testing client devices.
Hardware or Software Parameter |
Hardware or Software Type |
---|---|
Release |
Cisco IOS XE Dublin 17.11.x |
Cisco Wireless Controller |
See Supported Hardware. |
Access Points |
See Supported APs |
Radio |
|
Security |
Open, PSK (WPA2-AES), 802.1X (WPA2-AES) (EAP-FAST, EAP-TLS) WPA3 AKM 802.11ax |
RADIUS |
See Compatibility Matrix. |
Types of tests |
Connectivity, traffic (ICMP), and roaming between two APs |
The following table lists the client types on which the tests were conducted. Client types included laptops, hand-held devices, phones, and printers.
Client Type and Name |
Driver or Software Version |
||
---|---|---|---|
Laptops |
|||
Acer Aspire E 15 E5-573-3870 (Qualcomm Atheros QCA9377) | Windows 10 Pro (12.0.0.832) | ||
Apple Macbook Air 11 inch | macOS Sierra 10.12.6 | ||
Apple Macbook Air 13 inch | macOS High Sierra 10.13.4 | ||
Macbook Pro Retina | macOS Catalina | ||
Macbook Pro Retina 13 inch early 2015 | macOS Mojave 10.14.3 | ||
Macbook Pro OS X | macOS X 10.8.5 | ||
Macbook Air | macOS Sierra v10.12.2 | ||
Macbook Air 11 inch | macOS Yosemite 10.10.5 | ||
MacBook M1 Chip |
macOS Catalina |
||
MacBook M1 Chip |
macOS Ventura 13.2.1 |
||
MacBook Pro M2 Chip |
macOS Ventura 13.3 beta |
||
MacBook Pro M2 Chip |
macOS Ventura 13.1 |
||
Dell Inspiron 2020 Chromebook |
Chrome OS 75.0.3770.129 |
||
Google Pixelbook Go |
Chrome OS 97.0.4692.27 |
||
HP chromebook 11a |
Chrome OS 76.0.3809.136 |
||
Samsung Chromebook 4+ |
Chrome OS 77.0.3865.105 |
||
Dell Latitude (Intel AX210) | Windows 11 (22.110.x.x) | ||
Dell Latitude 3480 (Qualcomm DELL wireless 1820) | Win 10 Pro (12.0.0.242) | ||
Dell Inspiron 15-7569 (Intel Dual Band Wireless-AC 3165) | Windows 10 Home (21.40.0) | ||
Dell Latitude E5540 (Intel Dual Band Wireless AC7260) | Windows 7 Professional (21.10.1) | ||
Dell Latitude E5430 (Intel Centrino Advanced-N 6205) | Windows 7 Professional (15.18.0.1) | ||
Dell Latitude E6840 (Broadcom Dell Wireless 1540 802.11 a/g/n) | Windows 7 Professional (6.30.223.215) | ||
Dell XPS 12 v9250 (Intel Dual Band Wireless AC 8260 ) | Windows 10 Home (21.40.0) | ||
Dell Latitude 5491 (Intel AX200) | Windows 10 Pro (21.20.1.1) | ||
Dell XPS Latitude12 9250 (Intel Dual Band Wireless AC 8260) | Windows 10 Home | ||
Dell Inspiron 13-5368 Signature Edition | Windows 10 Home (18.40.0.12) | ||
FUJITSU Lifebook E556 Intel 8260 (Intel Dual Band Wireless-AC 8260 (802.11n)) | Windows 8 (19.50.1.6) | ||
Lenovo Yoga C630 Snapdragon 850 (Qualcomm AC 2x2 Svc) |
Windows 10 Home | ||
Lenovo Thinkpad Yoga 460 (Intel Dual Band Wireless-AC 9260) | Windows 10 Pro (21.40.0) | ||
|
|||
Tablets |
|||
Apple iPad Pro (12.9 inch) 6th Gen |
iOS 16.4 | ||
Apple iPad Pro (11 inch) 4th Gen |
iOS 16.4 | ||
Apple iPad 2021 |
iOS 15.0 |
||
Apple iPad 7the Gen 2019 | iOS 14.0 | ||
Apple iPad MD328LL/A | iOS 9.3.5 | ||
Apple iPad 2 MC979LL/A | iOS 11.4.1 | ||
Apple iPad Air MD785LL/A | iOS 11.4.1 | ||
Apple iPad Air2 MGLW2LL/A | iOS 10.2.1 | ||
Apple iPad Mini 4 9.0.1 MK872LL/A | iOS 11.4.1 | ||
Apple iPad Mini 2 ME279LL/A | iOS 11.4.1 | ||
Apple iPad Mini 4 9.0.1 MK872LL/A | iOS 11.4.1 | ||
Microsoft Surface Pro 3 13 inch (Intel AX201) | Windows 10 (21.40.1.3) | ||
Microsoft Surface Pro 3 15 inch (Qualcomm Atheros QCA61x4A) | Windows 10 | ||
Microsoft Surface Pro 7 (Intel AX201) | Windows 10 | ||
Microsoft Surface Pro 6 (Marvell Wi-Fi chipset 11ac) | Windows 10 | ||
Microsoft Surface Pro X (WCN3998 Wi-Fi Chip) | Windows | ||
Mobile Phones |
|||
Apple iPhone 5 | iOS 12.4.1 | ||
Apple iPhone 6s | iOS 13.5 | ||
Apple iPhone 7 MN8J2LL/A | iOS 11.2.5 | ||
Apple iPhone 8 | iOS 13.5 | ||
Apple iPhone 8 Plus | iOS 14.1 | ||
Apple iPhone 8 Plus MQ8D2LL/A | iOS 12.4.1 | ||
Apple iPhone X MQA52LL/A | iOS 13.1 | ||
Apple iPhone 11 | iOS 15.1 | ||
Apple iPhone 12 | iOS 16.0 | ||
Apple iPhone 12 Pro | iOS 15.1 | ||
Apple iPhone 13 | iOS 15.1 | ||
Apple iPhone 13 Mini | iOS 15.1 | ||
Apple iPhone 13 Pro | iOS 15.1 | ||
Apple iPhone SE MLY12LL/A | iOS 11.3 | ||
Apple iPhone SE | iOS 15.1 | ||
ASCOM i63 | Build v 3.0.0 | ||
ASCOM Myco 3 | Android 9 | ||
Cisco IP Phone 8821 |
11.0.6 SR4 |
||
Drager Delta | VG9.0.2 | ||
Drager M300.3 | VG2.4 | ||
Drager M300.4 | VG2.4 | ||
Drager M540 | DG6.0.2 (1.2.6) | ||
Google Pixel 3a |
Android 11 |
||
Google Pixel 4 |
Android 11 |
||
Google Pixel 5 |
Android 11 |
||
Google Pixel 6 |
Android 12 |
||
Google Pixel 7 |
Android 13 |
||
Huawei Mate 20 pro | Android 9.0 | ||
Huawei P20 Pro |
Android 10 |
||
Huawei P40 |
Android 10 |
||
LG v40 ThinQ | Android 9.0 | ||
One Plus 8 |
Android 11 |
||
Oppo Find X2 |
Android 10 |
||
Redmi K20 Pro |
Android 10 |
||
Samsung Galaxy S9+ - G965U1 |
Android 10.0 |
||
Samsung Galaxy S10 Plus |
Android 11.0 |
||
Samsung S10 (SM-G973U1) |
Android 11.0 |
||
Samsung S10e (SM-G970U1) |
Android 11.0 |
||
Samsung Galaxy S20 Ultra |
Android 10.0 |
||
Samsung Galaxy S21 Ultra 5G |
Android 13.0 |
||
Samsung Galaxy S22 Ultra |
Android 13.0 |
||
Samsung Fold 2 |
Android 10.0 | ||
Samsung Galaxy Z Fold 3 |
Android 13.0 |
||
Samsung Note20 |
Android 12.0 |
||
Samsung G Note 10 Plus |
Android 11.0 |
||
Samsung Galaxy A01 |
Android 11.0 |
||
Samsung Galaxy A21 |
Android 10.0 |
||
Sony Experia 1 ii |
Android 11 |
||
Sony Experia |
Android 11 |
||
Xiaomi Mi 9T |
Android 9 |
||
Xiaomi Mi 10 |
Android 11 |
||
Spectralink 84 Series | 7.5.0.x257 | ||
Spectralink 87 Series | Android 5.1.1 | ||
Spectralink Versity Phones 92/95/96 Series | Android 10.0 | ||
Spectralink Versity Phones 9540 Series | Android 8.1.0 | ||
Vocera Badges B3000n | 4.3.3.18 | ||
Vocera Smart Badges V5000 | 5.0.6.35 | ||
Zebra MC40 | Android 4.4.4 | ||
Zebra MC40N0 | Android 4.1.1 | ||
Zebra MC92N0 | Android 4.4.4 | ||
Zebra MC9090 | Windows Mobile 6.1 | ||
Zebra MC55A | Windows 6.5 | ||
Zebra MC75A | OEM ver 02.37.0001 | ||
Zebra TC51 | Android 6.0.1 | ||
Zebra TC52 | Android 10.0 | ||
Zebra TC55 | Android 8.1.0 | ||
Zebra TC57 | Android 10.0 | ||
Zebra TC58 | Android 11.0 | ||
Zebra TC70 | Android 6.1 | ||
Zebra TC75 | Android 10.0 | ||
Zebra TC520K |
Android 10.0 | ||
Zebra TC8000 | Android 4.4.3 | ||
Printers | |||
Zebra QLn320 Mobile Printer | LINK OS 5.2 | ||
Zebra ZT230 IndustrialPrinter | LINK OS 6.4 | ||
Zebra ZQ310 Mobile Printer | LINK OS 6.4 | ||
Zebra ZD410 Industrial Printer | LINK OS 6.4 | ||
Zebra ZT410 Desktop Printer | LINK OS 6.2 | ||
Zebra ZQ610 Industrial Printer | LINK OS 6.4 | ||
Zebra ZQ620 Mobile Printer | LINK OS 6.4 | ||
Wireless Module |
|||
Intel AX 411 |
Driver v22.230.0.8 | ||
Intel AX 211 |
Driver v22.230.0.8, v22.190.0.4 | ||
Intel AX 210 |
Driver v22.230.0.8, v22.190.0.4, v22.170.2.1 | ||
Intel AX 200 |
Driver v22.130.0.5 | ||
Intel 11AC |
Driver v22.30.0.11 | ||
Intel AC 9260 |
Driver v21.40.0 | ||
Intel Dual Band Wireless AC 8260 |
Driver v19.50.1.6 |
||
Samsung S21 Ultra |
Driver v20.80.80 |
||
QCA WCN6855 |
Driver v1.0.0.901 |
Issues
Issues describe unexpected behavior in Cisco IOS releases in a product. Issues that are listed as Open in a prior release are carried forward to the next release as either Open or Resolved.
Note |
All incremental releases contain fixes from the current release. |
Cisco Bug Search Tool
The Cisco Bug Search Tool (BST) allows partners and customers to search for software bugs based on product, release, and keyword, and aggregates key data such as bug details, product, and version. The BST is designed to improve the effectiveness in network risk management and device troubleshooting. The tool has a provision to filter bugs based on credentials to provide external and internal bug views for the search input.
To view the details of an issue, click the corresponding identifier.
Open Caveats for Cisco IOS XE Dublin 17.11.1
Identifier |
Headline |
---|---|
Controller is remarking SIP packets from CS3 to CS0 in upstream/downstream when voice cac is configured. |
|
Controller is relaoding unexpectedly and regularly generates "wncd" core files. |
|
AID leak is observed in Flex Cisco Wave 2 APs. |
|
Cisco Catalyst 9105AXW AP: Kernel panic crash is observed. |
|
EVENTLIB-3-CPUHOG Traceback is observed. |
|
Cisco Catalyst AP9115 Tx power high and abnormal DCA channel assignment due to no neighbors. |
|
Cisco Catalyst AX APs are decoding EAP request ID incorrectly. |
|
Radio firmware reloads unexpectedly due to a frozen RC queue. |
|
Controller is not sending GTK M5 packet to 8821 after FT roaming between wncds. |
|
Cisco Catalyst 9105AX AP: Kernel crash is observed. |
|
Dell Latitude 5531 Laptops (Wi-Fi 6) are not able to connect. |
|
Cisco Catalyst 9120AX AP: Kernel crash is observed. |
|
AP is not forwarding IGMPv3 query to wireless clients. |
|
Cisco Catalyst 9120 AP is dropping DHCP offer in click. Not forwarding to wireless interface. |
|
Cisco Catalyst 9130 AP: Packet loss is observed on Digital Signage device. |
|
Crash is observed on standby controller while saving tbl QoS table to standby. |
|
Cisco Catalyst 9105 AP is stuck in UBOOT. |
|
Cisco Catalyst 9105AXW and Cisco Aironet 1815W: Flex RLAN AP does not apply VLAN in the Ethernet port after AAA VLAN override. |
|
Cisco Catalyst 9120 AP: Sending Msg:2 in mode:2 to hostapd failed. |
|
Cisco Catalyst 9120AX AP: Clients continuously disconnecting with more than 10 clients using MS TEAMS. |
|
One of the WNCD is stuck in 100% high CPU. |
|
Cisco Aironet 3802AP buffering UP6/voice traffic~500ms after Spectralinkphone roam causing audioissues. |
|
Cisco AP reloads unexpectedly due to kernel panic. |
Resolved Caveats for Cisco IOS XE Dublin 17.11.1
Identifier |
Headline |
---|---|
SNMP MIB is not returning all data or no data at all for SNMP walk with high client count. |
|
Interim update is not sent to AAA during client reassociation/roam in GA. |
|
Standby controller crashes when controller is configured in RMI+RP HA mode with wired guest feature. |
|
Disable ip proxy-arp command by default. |
|
Controller is not updating RFID location properly. |
|
Fast Transition capable Apple and Android clients are unable to authenticate with IPSK profile. |
|
Controller is unable to map SSID with spaces in it on an attribute list. |
|
Controller is discarding location updates from RFID tags. |
|
CAPWAPAC_SMGR_TRACE_MESSAGE_AP_JOIN_DISJOIN does not have detail information about AP-NAME. |
|
The show process cpu platform sorted command is needed in show tech wireless command output. |
|
6-GHz channels being listed as 2.4 when executing show ap wlan summary command. |
|
Controller initiates EAPOL reties for the client in RUN state. |
|
AAA VLAN override is not taken when iPSK authentication and anchor WLAN. |
|
The PSK keys are getting changed while doing edit on pure WPA3 SAE WLAN leading to client connectivty faliure. |
|
Cisco DNA Centre-Assurance-Duplicate Events: AP is connected to controller and the CAPWAP channel is up |
|
Cisco Catalyst 9800-CL Wireless Controller: Wcnd crash is observed during SISF routines. |
|
Stale client entries are not deleted and is stuck on device-tracking database. |
|
COS APs are using native VLAN instead of the VLAN specified in the policy profile. |
|
Secondary controller crash is observed during redundancy switchover. |
|
6-GHz RRM : Channel-aware TPC is always on for 6-GHz TPC. |
|
Wireless AAA Dyn VLAN Assignment - wir clients cannot reach each other |
|
Creating SNMPv3 user from the user group created through GUI doesn't accept the configured user group. |
|
Controller GUI is taking long time to show initial page due to http request wirelessDeviceSummary. |
|
Continuous wncmgrd CPUHOG traceback with scale Flexible NetFlow (FNF) mapping to policy profile results in 100% wncd utilization. |
|
Multicast data is not sent to clients; some APs are unable to join. |
|
Few OIDs under CISCO-ENHANCED-MEMPOOL-MIB shows no instance after switchover. |
|
Client traffic fails when client roams between access points with a transition between dot11r and dot11i. |
|
High Availability split brain is observed due to multiple secondary addresses in the interface. |
|
Controller does not send LLC or XID spoofed frames after a mobility event. |
|
Controller crashes intermittently due to wncd critical process failure. |
|
Adding policy tag is not allowed in WLAN page even though it meets 32 character. |
|
Zebra RF guns gets deleted from controller randomly due to reason: CO_CLIENT_DELETE_REASON_ZONE_CHANGE. |
|
Radio Resource Management (RRM) startup mode gets triggered on every reboot as the controller does not keep track of the last state. |
|
cEdge device pushes wrong (typo) syntax as "config wlan broadcase-ssid disable 2". |
|
Invalid TDL pointers cause wncd crash. |
|
MAC filtering: WLAN profile column displays the WLAN name + description. |
|
Syslog "LISP RELIABLE REGISTRATION" needs to be enhanced. |
|
Client fails to connect when protocol based QoS is configured. |
|
Unable to add RADIUS server group if server name includes special character '&'. |
|
Controller GUI is displaying 802.1x with a lowercase 'x' instead of 802.1X with a capital 'X'. |
|
Observed stale entry in the output of the show wireless device tracking database ip command after client deletion. |
|
Controller experiences an unexpected reset resulting in a system report containing a wncd core file. |
|
Restore configuration by HTTP mode does not work in EWC. |
|
Cisco Catalyst 9800-80 Series Controller crashes with reason critical process wncd fault. |
|
Controller is not sending LLC or XID spoofed frames after a mobility event. |
|
Cisco Catalyst 9300 switch interface generates RUM reports every 8 hours when AIR controller licenses are handled incorrectly. |
|
Access Points operate in disabled RF profile channels. |
|
Switch Integrated Security Features (SISF) crash is observed when handling the DHCP messages. |
|
Dual DFS stats on AP do not match controller information. |
|
WPA3, OWE transition enabled: Non-WPA3 clients are getting network access in webauth-pending state. |
|
The output of the show wlan all command has incorrect WLAN radio policy information. |
|
802.11r re-auth failed due to invalid Pairwise Master Key ID (PMKID) while doing inter-WNCD roaming. |
|
The "Re-Authentication Timeout" is seen stuck as "Timer not running" and the client remains in RUN state after session timeout. |
|
User-agent details needs to be truncated to string length 234 in WSA to prevent vstring corruption. |
|
Active chassis might get stuck during the SSO failover. |
Troubleshooting
For the most up-to-date, detailed troubleshooting information, see Troubleshooting TechNotes.
Related Documentation
-
MIB Locator to locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets
Communications, Services, and Additional Information
-
To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
-
To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
-
To submit a service request, visit Cisco Support.
-
To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco Marketplace.
-
To obtain general networking, training, and certification titles, visit Cisco Press.
-
To find warranty information for a specific product or product family, access Cisco Warranty Finder.