First Published: August 1, 2022

Last Updated: September 19, 2024

Release Notes for Cisco Catalyst 9800 Series Wireless Controller, Cisco IOS XE Cupertino 17.9.x

Introduction to Cisco Catalyst 9800 Series Wireless Controllers

The Cisco Catalyst 9800 Series Wireless Controllers comprise next-generation wireless controllers (referred to as controller in this document) built for intent-based networking. The controllers use Cisco IOS XE software and integrate the radio frequency (RF) capabilities from Cisco Aironet with the intent-based networking capabilities of Cisco IOS XE to create a best-in-class wireless experience for your organization.

The controllers are enterprise ready to power your business-critical operations and transform end-customer experiences:

The controllers come with high availability and seamless software updates that are enabled by hot and cold patching. This keeps your clients and services up and running always, both during planned and unplanned events.
The controllers come with built-in security, including secure boot, run-time defenses, image signing, integrity verification, and hardware authenticity.
The controllers can be deployed anywhere to enable wireless connectivity, for example, on an on-premise device, on cloud (public or private), or embedded on a Cisco Catalyst switch (for SDA deployments) or a Cisco Catalyst access point (AP).
The controllers can be managed using Cisco Catalyst Center, programmability interfaces, for example, NETCONF and YANG,or web-based GUI or CLI.
The controllers are built on a modular operating system. Open and programmable APIs enable the automation of your day zero to day n network operations. Model-driven streaming telemetry provides deep insights into your network and client health.

The controllers are available in multiple form factors to cater to your deployment options:

Catalyst 9800 Series Wireless Controller Appliance
Catalyst 9800 Series Wireless Controller for Cloud
Catalyst 9800 Embedded Wireless Controller for a Cisco Switch

Note

All the Cisco IOS XE programmability-related topics on the controllers are supported by DevNet, either through community-based support or through DevNet developer support. For more information, go to https://developer.cisco.com.

What's New in Cisco IOS XE Cupertino 17.9.6

There are no new features in this release.

What's New in Cisco IOS XE Cupertino 17.9.5

Table 1. New and Modified Software Features
Feature Name	Description and Documentation Link
Cloud Monitoring for Catalyst Controllers	The Cloud Monitoring for Catalyst Controllers feature helps to monitor Wireless Controllers using the Meraki dashboard. Currently, this feature is in a limited customer beta and is not supported by Cisco TAC. For more information on this feature, see Cloud Monitoring for Catalyst. For further help, contact the following mailerlist: c9800-dashboard-monitoring@external.cisco.com
Modified Trustpoints for Secure Unique Device Identity (SUDI) Certificates	From Cisco IOS XE 17.9.5 onwards, the following changes have been introduced for trustpoints: Trustpoint names for existing SUDI certificates If your device supports Cisco Manufacturing CA III certificate and is not disabled, the trustpoint names are as follows: For `Cisco Manufacturing CA III` certificate, the trustpoint name has changed from CISCO_IDEVID_SUDI to CISCO_IDEVID_CMCA3_SUDI For `Cisco Manufacturing CA SHA2` certificate, the trustpoint name has changed from CISCO_IDEVID_SUDI_LEGACY to CISCO_IDEVID_CMCA2_SUDI If your device does not support Cisco Manufacturing CA III certificate or if the certificate is disabled using no platform sudi cmca3 command, the trustpoint names are as follows: For `Cisco Manufacturing CA SHA2` certificate, the trustpoint name has changed from CISCO_IDEVID_SUDI to CISCO_IDEVID_CMCA2_SUDI For `Cisco Manufacturing CA` certificate, the trustpoint name has changed from CISCO_IDEVID_SUDI_LEGACY to CISCO_IDEVID_CMCA_SUDI Hardware SUDI certificates If your device supports `High Assurance SUDI CA` certificate, this certificate is loaded under CISCO_IDEVID_SUDI trustpoint. If your device does not support `High Assurance SUDI CA` certificate, `ACT2 SUDI CA` certificate is loaded under CISCO_IDEVID_SUDI trustpoint. show wireless management trustpoint command output If Cisco Catalyst 9300 Series Switch is used with a Cisco Catalyst 9800 Series Wireless Controller for wireless deployments, the trustpoint name in the output of show wireless management trustpoint command is updated to the modified trustpoint name as mentioned previously. The following example shows a sample output of show wireless management trustpoint command. Note that if your device does not support Cisco Manufacturing CA III certificate or if the certificate is disabled, the Trustpoint Name in the following output displays CISCO_IDEVID_CMCA2_SUDI. `Device# show wireless management trustpoint Trustpoint Name : CISCO_IDEVID_CMCA3_SUDI Certificate Info : Available Certificate Type : MIC Certificate Hash : <SHA1 - hash> Private key Info : Available FIPS suitability : Not Applicable` show ip http server status command output If you configure the trustpoint for the HTTP server as CISCO_IDEVID_SUDI, the output of show ip http server status command displays the operating trustpoint along with the configured trustpoint. The following example shows a sample output of show ip http server status command with both the configured and the operating trustpoint names. Note that if your device does not support Cisco Manufacturing CA III certificate or if the certificate is disabled, the operating trustpoint in the following output displays CISCO_IDEVID_CMCA2_SUDI. `Device# show ip http server status … HTTP secure server trustpoint: CISCO_IDEVID_SUDI HTTP secure server operating trustpoint: CISCO_IDEVID_CMCA3_SUDI`

What's New in Cisco IOS XE Cupertino 17.9.4a

There are no new features in this release. This release provides a fix for CSCwh87343: Cisco IOS XE Software Web UI Privilege Escalation Vulnerability. For more information, see Security Advisory: cisco-sa-iosxe-webui-privesc-j22SaA4z.

What's New in Cisco IOS XE Cupertino 17.9.4

Table 2. New and Modified Software Features

Feature Name

Description and Documentation Link

ROW Support for UAE Country

From this release, ROW domain country code United Arab Emirates (AE) is supported on Cisco Catalyst IW9167E Heavy Duty Access Points.

Product Analytics

This feature allows for the collection of non-personal usage device systems information for Cisco products, which helps in continuous product improvements. This feature is supported on the Cisco Catalyst 9800 Series Wireless Controllers (9800-80, 9800-40, 9800-L, and 9800-CL). You can use the the pae command to enable or disable this feature.

The following commands are introduced as part of this feature:

pae
show product-analytics kpi
show product-analytics report
show product-analytics stats

Note

Turning off Smart Licensing Device Systems Information does not impact other Systems Information collection including from Cisco Catalyst Center or vManage.

Important: Cisco is constantly striving to advance our products and services. Knowing how you use our products is key to accomplishing this goal. To that end, Cisco will collect device and licensing Systems Information through Cisco Smart Software Manager (CSSM) for product and customer experience improvement, analytics, and adoption. Cisco processes your data in accordance with the General Terms and Conditions, the Cisco Privacy Statement and any other applicable agreement with Cisco. To modify your organization’s preferences for device and licensing systems information, use the paecommand. See Cisco Catalyst 9800 Series Wireless Controller Command Reference → pae.

Additional information on this feature can be found here .

What's New in Cisco IOS XE Cupertino 17.9.3

Table 3. New and Modified Software Features

Feature Name

Description and Documentation Link

Cisco Catalyst IW9167E Heavy Duty Access Point

Cisco Catalyst IW9167E Heavy Duty Access Point is supported from this release and can operate as a Wi-Fi 6 AP or Cisco Ultra-Reliable Wireless Backhaul.

Site Load Balancing

This feature allows you to specify a site load for better load balancing.

For more information, see the Chapter Enhanced Site Tag-Based Load Balancing.

Support for KVM/SUSE version 15 SP3 with Cisco Catalyst 9800-CL in Private Cloud

Limited support to SDA Wireless deployments for Cisco Catalyst 9800-CL running on KVM/SUSE version 15 SP3.

Wave 1 Access Points

Support for the following Wave 1 APs are reintroduced from this release.

Cisco Aironet 1570 Series Access Point
Cisco Aironet 1700 Series Access Point
Cisco Aironet 2700 Series Access Point
Cisco Aironet 3700 Series Access Point

Note

Support for these APs does not extend beyond the normal product lifecycle support. Refer to the individual End of Support bulletins.
Feature support is on parity with 17.3.x release. Features introduced in 17.4.1 or later are not supported on these APs in 17.9.3 release.
You can migrate directly to 17.9.3 from 17.3.x, where x=4c or above.

For more information on support for Wave 1 APs, see the FAQ.

What's New in Cisco IOS XE Cupertino 17.9.2

Table 4. New and Modified Software Features

Feature Name

Description and Documentation Link

AP Fallback to Controllers Using AP Priming Profile

This feature helps to configure primary, secondary, and tertiary controllers for a group of APs matching regular expression (regex) or for an individual AP using priming profiles.

The following commands are introduced:

primary (ap prime)
secondary (ap prime)
tertiary (ap prime)
priming-override
profile (prime-filter)
wireless profile ap priming
show ap filters active type priming
show ap filters all type priming
show wireless profile ap priming all
show wireless profile ap priming summary

For more information, see the Chapter AP Fallback to Controllers Using AP Priming Profile.

Country Compliance Support for Cisco Catalyst 9136 Series Access Points and Cisco Catalyst 916x Series Access Points

An additional 75 countries are supported in Cisco Catalyst 916x Series Access Points and Cisco Catalyst 9136 Series Access Points.

For more information about the list of countries that are supported, see the Chapter Regulatory Compliance Domain.

IPv6 Address Tracking for Wireless Clients

Until Cisco IOS XE 17.9.1, the controller supported a maximum of eight IPv6 addresses per wireless client. After eight IPv6 addresses were learnt for a wireless client, the controller dropped that wireless client's data traffic coming with new IPv6 source addresses.

However, in Cisco IOS XE 17.9.2, the controller allows data traffic of the wireless clients coming with new IPv6 source addresses even after eight addresses have been learnt for respective wireless clients. The controller continues to learn new IPv6 addresses of the wireless clients from the wireless clients' control traffic (IPv6 NS/NA and DHCPv6), but keeps track of only a maximum of eight addresses (the latest) per wireless client.

Note

In Cisco IOS XE 17.9.2, because the controller allows IPv6 traffic without address tracking beyond the eight IPv6 address limit, some of the features such as, User Defined Network, iPSK Peer-to-Peer Blocking, Management over Wireless, Neighbor Discovery Suppression, IP Theft Detection, and so on, may not work for the wireless clients using more than eight addresses. You can disable the new behavior by enabling the IP Source Guard feature when loading the Cisco IOS XE 17.9.2 images.

The following command is supported:

wireless ipv6 nd ns-forward

For more information, see the Chapter IPv6 Client IP Address Learning.

Support for Cisco Catalyst 9162I Series Wi-Fi 6E Access Points

From Cisco IOS XE Cupertino 17.9.2, Cisco Catalyst 9162I Series Wi-Fi 6E Access Points are supported.

Support for Terminal Doppler Weather Radar Channels 120, 124, 128 for -E Regulatory Domain

Terminal Doppler Weather Radar (TDWR) channels 120, 124, and 128 for the -E regulatory domain are supported in the following APs:

Cisco Catalyst 9124 Series Access Points
Cisco Catalyst 9130 Series Access Points

UNII-3 Band on ROW Regulatory Domain for UK Cisco Catalyst 9136I and Cisco Wireless 916xI Access Points

From Cisco IOS XE Cupertino 17.9.2, UNII-3 channels are enabled for the country code GB under the -ROW domain on the Cisco Catalyst 9136I and Cisco Wireless 916xI access points. The maximum Tx power on these non-Dynamic Frequency Selection (DFS) channels is 23dBm.

This feature is enabled automatically after you upgrade to Cisco IOS XE Cupertino 17.9.2. Use the show controllers dot11Radio command to verify the channel list information after the upgrade.

Wi-Fi Protected Access 3 Simultaneous Authentication of Equals Hash-to-Element Support with Identity PSK

From Cisco IOS XE Cupertino 17.9.2, the iPSK passphrase is supported for SAE H2E authentication in local mode. During client SAE authentication, the Identity Preshared Key (iPSK) passphrase configured in the client authorization policy in the RADIUS server replaces the one in WLAN profile. Hence, the use of unique preshared keys for individuals is considered as a more secure and granular authentication scheme than using a common key for all the users in WLAN. If iPSK passphrase is not configured in the authorization policy, SAE H2E falls back to the passphrase in the WLAN profile.

For more information, see the Chapter Wi-Fi Protected Access 3.

VMware vSphere vMotion Support

VMware vSphere vMotion is supported on the Cisco Catalyst 9800 Wireless Controller for Cloud. For more information, see https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-wireless-controllers-cloud/218438-verify-support-vmware-vsphere-vmotion-wi.html#anc6 and https://www.cisco.com/c/en/us/products/collateral/wireless/catalyst-9800-cl-wireless-controller-cloud/nb-06-cat9800-cl-wirel-cloud-dep-guide-cte-en.html.

MIBs

The following MIB is newly added or modified:

CISCO-ENVMON-MIB

What's New in Cisco IOS XE Cupertino 17.9.1

Table 5. New and Modified Software Features

Feature Name

Description and Documentation Link

802.11r Fast Transition for SAE (FT-SAE) Authenticated Clients

From this release, the Fast Transition supports SAE-based Fast Roaming along with PMK caching.

The following command is introduced:

security wpa akm ft sae

For more information, see the chapter 802.11r BSS Fast Transition.

Access Points Survey Mode Support in Cisco Catalyst 9136 Series Access Points, Cisco Catalyst 9164 Series Wi-Fi 6E Access Points, and Cisco Catalyst 9166 Series Wi-Fi 6E Access Points

In this release, you can use the ap-type survey command to switch the AP to the survey mode. The AP GUI is also enhanced to support the survey mode.

This feature is supported on Cisco Catalyst 9136 Series APs, Cisco Catalyst 9164 Series Wi-Fi 6E APs, and Cisco Catalyst 9166 Series Wi-Fi 6E APs.

For more information, see the chapter Access Points Survey Mode.

Authentication and Accounting Support for Both Radius and TACACS+ Servers for Standby Unit in an SSO Pair

From this release, Authentication and Accounting is supported on RADIUS and TACACS+ servers for standby HA unit using RMI interface:

RADIUS Accounting
TACACS+ Authentication
TACACS+ Accounting

For more information, see the chapter Redundancy Management Interface.

BLE Concurrent Scanning and Beaconing

From this release, BLE concurrent scanning and beaconing is supported on Cisco Catalyst Wi-Fi 6 APs in basic mode or Cisco IOx mode. The BLE radio on an AP can stop a scan for beacon transmission, and return to the scan after completing the beacon transmission.

For more information, see the chapter Cisco Hyperlocation.

Chargeable User Identity in RADIUS Accounting

Chargeable User Identity (CUI) is a unique identifier for a client visiting a network. This attribute can be used as an alternative for the client’s username as part of the authentication process.

The following command is introduced:

access-session wireless cui-enable

For more information, see the chapter RADIUS Accounting.

Cisco AI-Enhanced RRM Supports Wi-Fi 6E

From this release, the Cisco's AI-Enhanced RRM feature in Cisco DNA Center supports Wi-Fi 6E.

For more information, see the chapter Radio Resource Management.

CleanAir Pro Scanning Support in 2.4-GHz and 5-GHz Bands

The CleanAir Pro Scanning feature monitors and reports the different categories of non-Wi-Fi interference in the 2.4-GHz and 5-GHz bands.

The following commands are introduced:

ap dot11 6ghz cleanair
ap dot11 cleanair alarm air-quality
ap dot11 cleanair alarm device cont-tx
ap dot11 cleanair alarm unclassified

For more information, see the chapter CleanAir.

Concurrent Radio Support for Workgroup Bridge Wireless Clients on Cisco Catalyst Access Points

From this release onwards, Workgroup Bridge supports one radio for uplink (backhaul) connectivity and another radio for serving wireless clients. This feature is supported on Cisco Catalyst 9105 APs, Cisco Catalyst 9115 APs, and Cisco Catalyst 9120 APs.

The following commands are introduced on the AP console:

configure ssid-profile ssid dtim-period
configure dot11Radio wlan add
configure dot11Radio wlan delete
configure dot11Radio channel
configure dot11Radio beacon-interval
configure radius address port
configure qos profile
configure ssid-profile ssid qos profile

For more information, see the chapter Workgroup Bridges.

Configuring mDNS Location-Based Filtering Using Location Group

From this release, the AP grouping for mDNS is extended to include AP locations.

The following commands are introduced:

wireless rule application mdns
group-method

For more information, see the chapter Multicast Domain Name System.

Configuring the AP Console

This feature allows you to configure the AP console from the controller.

The following command is introduced:

console

For more information, see the chapter Configuring the AP Console.

Flexible Radio Assignment Support in Cisco Catalyst 9166I Series Wi-Fi 6E Access Points

From this release onwards, the dual-band radio in Cisco Catalyst 9166I Series Wi-Fi 6E Access Points offers the ability to serve either in 5-GHz or 6-GHz band, as monitor or sniffer on the same AP.

The following commands are introduced:

ap fra 5-6ghz
ap fra 5-6ghz freeze
ap fra 5-6ghz interval
ap dot11 6ghz rf-profile
client-aware-fra
show ap fra 5-6ghz

For more information, see the chapter Cisco Flexible Radio Assignment.

High Availability Deployment for Application Centric Infrastructure (ACI) Network

This feature avoids interleaving traffic between the old and new active controller using the following functionalities:

Bringing down the Wireless Management Interface (WMI) faster.
Disabling fast switchover notifications.

The following commands are introduced:

no redun-management fast-switchover
redun-management garp-retransmit burst
no redun-management garp-retransmit initial

For more information, see the chapter High Availability.

Interim Accounting

From this release, the no accounting-interim command is introduced under the policy profile to disable interim accounting.

For more information, see the chapter Interim Accounting.

Link Layer Discovery Protocol Support in Standby Controller

From this release, the Link Layer Discovery Protocol (LLDP) process is supported in both active and standby controllers.

The following commands are introduced:

lldp run
lldp holdtime
lldp reinit
lldp timer
lldp tlv-select
show lldp
show lldp neighbors
show lldp neighbors detail
show lldp errors
show lldp traffic

For more information, see the chapter Link Layer Discovery Protocol.

Logging Web UI-Based Configuration Changes in TACACS+ Server

This feature logs all the configuration changes made in the controller's UI.

For more information, see the chapter Web UI Configuration Command Accounting in TACACS+ Server.

Management Mode Migration in Cisco Catalyst 916x Series Wi-Fi 6E Access Points (CW9164 and CW9166)

From this release onwards, in Cisco Catalyst 916x APs (CW9164 and CW9166) you can migrate management modes between DNA Management Mode (controller based) and Meraki Management Mode, depending on the requirement.

The following commands are introduced:

ap name management-mode meraki
clear ap meraki stats
show ap management-mode meraki capability summary
show ap management-mode meraki failure summary
show ap management-mode meraki change summary

For more information, see the chapter Management Mode Migration in Cisco Catalyst 916x Series Wi-Fi 6E Access Points.

Mesh Backhaul RRM Support

From this release onwards, RRM DCA runs on mesh backhaul in auto mode, when you configure the wireless mesh backhaul rrm auto-dca command. For APs that do not have dedicated (RHL) radios, DCA is triggered by running commands in privileged EXEC mode. Mesh RRM DCA runs in the background for RHL radio enabled APs.

The following commands are introduced:

ap dot11 rrm channel-update mesh
ap dot11 rrm channel-update mesh bridge-group
ap name dot11 rrm channel update mesh
show wireless mesh rrm dca status
wireless mesh backhaul rrm auto-dca

For more information, see the chapter Mesh Access Points.

Mutual Authentication for gRPC Telemetry

A new gRPC TLS profile that contains a pair of trustpoints was added to the telemetry configuration so that a client ID certificate can be specified for mutual authentication. This new profile can be used instead of the trustpoint containing the server CA certificate when configuring the receiver profile. The trustpoint containing the server CA certificate is now configured as part of the gRPC TLS profile.

For more information, see the Programmability Configuration Guide.

Quality of Service Gaps and Fixes in Cisco Catalyst 9800 Series Wireless Controllers

This feature addresses the gaps in the existing metal policy implementation with reference to RFC 8325.

With this enhancement, the existing hard-coded policy-maps and class-maps associated with each metal policy is modified as per RFC 8325, so that upstream and downstream ceiling is achieved.

For more information, see the chapter Quality of Service.

Regulatory Domain Reduction

From Cisco IOS XE Cupertino 17.9.1, more countries are added to the Rest of the World (RoW) domain.

For more information, see the chapter Regulatory Compliance Domain.

Rogue Detection Enhancements on Cisco Catalyst 9164 and 9166 Series Wi-Fi 6E Access Points

In this release, the rogue detection and containment functionality is enhanced to handle dual 5-GHz configuration on Cisco Catalyst 9164 Series Wi-Fi 6E APs and Cisco Catalyst 9166 Series Wi-Fi 6E APs.

Rogue Full Scale Quotas and Priorities

The Rogue Full Scale Quotas and Priorities feature helps you to improve the scalability, performance, manageability, and serviceability of rogue APs.

The following commands are introduced:

wireless wps rogue scale quota
wireless wps rogue scale priority
wireless wps rogue scale mode hybrid

For more information, see the chapter Managing Rogue Devices.

RUM Report Throttling

For all topologies where the product instance initiates communication, the minimum reporting frequency is throttled to one day. This means the product instance does not send more than one RUM report a day.

The affected topologies are: Connected Directly to CSSM, Connected to CSSM Through CSLU (product instance-initiated communication), CSLU Disconnected from CSSM (product instance-initiated communication), and SSM On-Prem Deployment (product instance-initiated communication).

This resolves the problem of too many RUM reports being generated and sent for certain licenses. It also resolves the memory-related issues and system slow-down that was caused by an excessive generation of RUM reports.

You can override the reporting frequency throttling, by entering the license smart sync command in privileged EXEC mode. This triggers an on-demand synchronization with CSSM or CSLU, or SSM On-Prem, to send and receive any pending data.

RUM report throttling also applies to the Cisco IOS XE Amsterdam 17.3.6 and later releases of the 17.3.x train, and Cisco IOS XE Bengaluru 17.6.4 and later releases of the 17.6.x train. From Cisco IOS XE Cupertino 17.9.1, RUM report throttling is applicable to all subsequent releases.

Site-Based Rolling AP Upgrade in N+1 Networks

The Site-Based Rolling AP Upgrade in an N+1 Network feature allows you to perform a staggered upgrade of APs in each site in an N+1 deployment.

The following commands are introduced:

ap upgrade staggered iteration completion
ap upgrade staggered iteration error
ap upgrade staggered iteration timeout
show ap upgrade site

For more information, see the chapter Site-Based Rolling AP Upgrade in an N+1 Network.

Site-Based Rolling AP Upgrade using Netconf/YANG Models

From Cisco IOS XE Cupertino 17.9.1, you can use NETCONF/YANG models to configure site-based APSP and N+1 hitless software upgrade.

For more information, see the Programmability Configuration Guide at: https://www.cisco.com/c/en/us/support/ios-nx-os-software/ios-xe-17/products-installation-and-configuration-guides-list.html

For more information on the YANG models, see the Cisco IOS XE Programmability Configuration Guide and YANG Data Models on Github at: https://github.com/YangModels/yang/tree/master/vendor/cisco/xe.

You can contact the Developer Support Community for NETCONF/YANG features at:

https://developer.cisco.com/

Support 6-GHz radio for Canada

In this release, Canada (CA) is added to the list of countries supporting 802.11 6-GHz radio band.

Support for Cisco Catalyst 9164I Series Wi-Fi 6E Access Points and Cisco Catalyst 9166I Series Wi-Fi 6E Access Points

From this release onwards, Cisco Catalyst 9164I Series Wi-Fi 6E Access Points and Cisco Catalyst 9166I Series Wi-Fi 6E Access Points are supported.

Support for RFC 5580 Location Attributes in the Controller

This feature uses the RFC 5580 location attributes to convey location-related information for authentication and accounting exchanges.

The following commands are introduced:

radius-server attribute wireless location delivery out-of-band
location civic-location identifier
location geo-location identifier
location operator identifier
location civic-location-id
location geo-location-id
location operator-id
radius-server attribute wireless location civic-location-id
radius-server attribute wireless location geo-location-id
radius-server attribute wireless location operator-id

For more information, see the chapter Configuring RFC 5580 Location Attributes.

VLAN Group to Support DHCP and Static IP Clients

The VLAN Group to Support DHCP and Static IP Clients feature aims to handle the network access of clients whose static IP address is not a part of the VLAN's IP list.

For more information, see the chapter VLAN Groups.

Walkme for Usage and Troubleshooting

The following new workflows have been implemented:

AP Join troubleshooting: A collection of workflows that takes you through various troubleshooting commands to find out why AP join has failed.
FlexConnect workflow: A collection of workflows that show how to configure FlexConnect.

Wireless Rogue Channel Width Support

In this release, the Wireless Rogue Channel Width feature is supported.

Rogue channel width changes are implemented at the TDL level. Because the telemetry child table cannot be accessed by Cisco DNA Center because of the TDL limitation, all radio band information is now available in the top-level table. Telemetry data can be validated through the SSH Netconf console to check the correct radio band with channel width values.

TrustSec Support in Cisco Catalyst Wi-Fi 6 Access Points

From this release onwards, Cisco Catalyst Wi-Fi 6 Access Points support TrustSec feature with the controller.

Note

The Wi-Fi 6 Access Points support the Software-Defined Access solution with Security Group Tag (SGT) feature in earlier releases.

Zero Wait Dynamic Frequency Selection

When an access point (AP) moves to Dynamic Frequency Selection (DFS) channel, a service outage can occur. This feature helps to avoid service outages in regulatory domains. As of now, the US and Europe are the only supported domains. For more information, see the chapter Dynamic Frequency Selection.

Table 6. New and Modified GUI Features
Feature Name	GUI Path
802.11r Fast Transition for SAE Authenticated Clients	Configuration > Tags & Profiles > WLANs
Additional Client Information on Client 360 View	Monitoring > Wireless > Clients > 360
Configuring the AP Console	Configuration > Tags & Profiles > AP Join
Flexible Radio Assignment Support in Cisco Catalyst 9166I Series Wi-Fi 6E Access Points	Configuration > Radio Configurations > RRM > FRA
Management Mode Migration in Cisco Catalyst 916x Series Wi-Fi 6E Access Points (CW9164 and CW9166)	Configuration > Wireless > Migrate to Meraki Management Mode
Site-based Rolling AP Upgrade in N+1 Networks	Administration > Software Management

MIBs

The following MIBs are newly added or modified:

AIRESPACE-WIRELESS-MIB
CISCO-LWAPP-AP-MIB
CISCO-LWAPP-MOBILITY-MIB
CISCO-LWAPP-RF-MIB
CISCO-LWAPP-RRM-MIB
CISCO-LWAPP-SI-MIB
CISCO-LWAPP-TAGS-MIB
CISCO-LWAPP-WLAN-MIB
CISCO-LWAPP-WLAN-SECURITY-MIB

Behavior Changes

The Cisco Centralized Key Management (CCKM) feature is being deprecated from Cisco IOS XE Dublin 17.10.x.
The J2 country code is not supported for Japan. Use J4 as country code for Japan, instead of J2.
The following commands are effective only in service-peer mode:

For information on service-peer, see the Understanding Local Area Bonjour for Wireless FlexConnect Mode section in the chapter Configuring Local Area Bonjour for Wireless FlexConnect Mode.
- query-response
- sdg-agent
- service-announcement-count
- service-announcement-timer
- service-mdns-query
- service-query-count
- service-query-timer
- service-receiver-purge
- active-response
If wireless multicast is disabled in service-peer mode, the mDNS packets are sent to each CAPWAP interface. If wireless multicast and multicast tunnel are enabled, the mDNS packets are sent over multicast tunnel.
The install commands cannot be executed if there is any unsaved configuration with or without the prompt-level option.
If location is not specified in the service policy, the location is considered from the global mDNS gateway. By default, the global mDNS gateway location is defined as lss .
When country is configured in the AP profile, you cannot override it using the per-AP country configuration.
You cannot see 802.1x passwords in cleartext from this release because they are encrypted. If you downgrade to an earlier image that doesn't support an encrypted password, the APs will get stuck and repeatedly fail the dot1x authentication due to wrong credentials. You will need to disable 802.1x on the AP switch port to allow the AP to join the controller before setting the cleartext password.
The output of the following show commands are updated:
- show ap dot11 cleanair device type
- show ap name dot11 cleanair device
- show ap dot11 5ghz SI device type
- show ap name dot11 SI device
The following commands are introduced:
- ap name dot11 24ghz cleanair
- ap name dot11 5ghz cleanair
- ap name dot11 6ghz cleanair
The following commands are deprecated:
- ap name dot11 24ghz slot cleanair
- ap name dot11 5ghz slot cleanair
- ap name dot11 dual-band cleanair band
- ap name dot11 ap name dot11 dual-band slot cleanair band
- ap name dot11 dual-band cleanair band
- ap name dot11 ap name dot11 dual-band slot cleanair band
- ap name dot11 ap name dot11 dual-band slot cleanair
- ap name dot11 rx-dual-band slot cleanair band
- ap name dot11 rx-dual-band slot cleanair
Information on FIPS is added to the output of the AP show security system state command.
Device analytics reports are cached for five minutes before they are made available through the show wireless client mac stats pc-analytics command.
TLS 1.3 is supported for HTTPS communication on web administration from this release onwards.

The following table describes the deprecated and replaced show commands:

Table 7. Deprecated and Replaced Show Commands
Deprecated Commands	Replaced Commands
show ap persona meraki capability summary	show ap management-mode meraki capability summary
show ap persona meraki change summary	show ap management-mode meraki change summary
show ap persona meraki failure summary	show ap management-mode meraki failure summary

The ap name <ap-name> persona meraki [force] [noprompt] command is deprecated and replaced with ap name <ap-name> management-mode meraki [force] [noprompt] command.
The USB port in the AP profile is disabled by default.

If you are using Cisco IOx application with USB dongles, re-configure the USB port in the AP profile on reload, to ensure that the USB port is enabled before the APs join.

For more information about the workaround, see the details in CSCvz07021.

Controller communicates with the dnaservices.com for Product Analytics and Automatic Frequency Coordination (AFC). Even when DNS is not configured in the controller, the controller uses the hardcoded DNS server. Even when Product Analytics is disabled for AFC, the controller still tries to reach the dnaservices.com.

Note

This applies from Cisco IOS XE Cupertino 17.9.4 release onwards.

From Cisco IOS XE Cupertino 17.9.5 release onwards, the Product Analytics is enabled by default.

For more information about Product Analytics, see Wireless Product Analytics FAQ.
From Cisco IOS XE Cupertino 17.9.5 release onwards, both internal and external APs in NAT deployments must use different AP join profiles when CAPWAP Discovery Private and Public are enabled separately. This is applicable to APs upgraded to Cisco IOS XE Dublin 17.12.x and later.

If you have configured CISCO_IDEVID_SUDI trustpoint in your configuration, you will need to replace it with CISCO_IDEVID_CMCA3_SUDI to avoid client connection and AP join issues. The reason for this change being the CISCO_IDEVID_SUDI changed from SW-SUDI certificate in previous releases to HW-SUDI certificate. The processing of HW-SUDI certificate is much slower than the SW-SUDI. Here, CISCO_IDEVID_CMCA3_SUDI is the new SW-SUDI certificate.

Note

This applies from Cisco IOS XE Cupertino 17.9.3 release onwards.

- If Slot 0 is dual-band, execute the following command:
  
  ap name <ap-name> dot11 dual-band shutdown
- If Slot 0 is not dual-band, execute the following command:
  
  ap name <ap-name> dot11 24ghz shutdown

Interactive Help

The Cisco Catalyst 9800 Series Wireless Controller GUI features an interactive help that walks you through the GUI and guides you through complex configurations.

You can start the interactive help in the following ways:

By hovering your cursor over the blue flap at the right-hand corner of a window in the GUI and clicking Interactive Help.
By clicking Walk-me Thru in the left pane of a window in the GUI.
By clicking Show me How displayed in the GUI. Clicking Show me How triggers a specific interactive help that is relevant to the context you are in.

For instance, Show me How in Configure > AAA walks you through the various steps for configuring a RADIUS server. Choose Configuration> Wireless Setup > Advanced and click Show me How to trigger the interactive help that walks you through the steps relating to various kinds of authentication.

The following features have an associated interactive help:

Configuring AAA
Configuring FlexConnect Authentication
Configuring 802.1X Authentication
Configuring Local Web Authentication
Configuring OpenRoaming
Configuring Mesh APs

Note

If the WalkMe launcher is unavailable on Safari, modify the settings as follows:

Choose Preferences > Privacy.
In the Website tracking section, uncheck the Prevent cross-site tracking check box to disable this action.
In the Cookies and website data section, uncheck the Block all cookies check box to disable this action.

Important Notes

To migrate public IP address from 16.12.x to 17.x. ensure that you configure the service internal command. If you do not configure the service internal command, the IP address does not carry forward.
The Cisco Aironet 2800 and 3800 APs do not reset an interface (to clear any Ethernet interface physical layer issues) if the Dynamic Host Configuration Protocol (DHCP) does not resolve the IP address within a certain duration.

Supported Hardware

The following table lists the supported virtual and hardware platforms. (See Supported PIDs and Ports for the list of supported modules.)

Table 8. Supported Virtual and Hardware Platforms
Platform	Description
Cisco Catalyst 9800-80 Wireless Controller	A modular wireless controller with up to 100-GE modular uplinks and seamless software updates. The controller occupies a 2-rack unit space and supports multiple module uplinks.
Cisco Catalyst 9800-40 Wireless Controller	A fixed wireless controller with seamless software updates for mid-size to large enterprises. The controller occupies a 1-rack unit space and provides four 1-GE or 10-GE uplink ports.
Cisco Catalyst 9800-L Wireless Controller	The Cisco Catalyst 9800-L Wireless Controller is the first low-end controller that provides a significant boost in performance and features.
Cisco Catalyst 9800 Wireless Controller for Cloud	A virtual form factor of the Catalyst 9800 Wireless Controller that can be deployed in a private cloud (supports VMware ESXi, Kernel-based Virtual Machine [KVM], Microsoft Hyper-V, and Cisco Enterprise NFV Infrastructure Software [NFVIS] on Enterprise Network Compute System [ENCS] hypervisors), or in the public cloud as Infrastructure as a Service (IaaS) in Amazon Web Services (AWS), Google Cloud Platform (GCP) marketplace, and Microsoft Azure.
Cisco Catalyst 9800 Embedded Wireless Controller for Switch	The Catalyst 9800 Wireless Controller software for the Cisco Catalyst 9000 switches brings the wired and wireless infrastructure together with consistent policy and management. This deployment model supports only Software Defined-Access (SDA), which is a highly secure solution for small campuses and distributed branches.

The following table lists the host environments supported for private and public cloud.

Table 9. Supported Host Environments for Public and Private Cloud
Host Environment	Software Version
VMware ESXi	VMware ESXi vSphere 6.0, 6.5, 6.7, and 7.0 VMware ESXi vCenter 6.0, 6.5, 6.7, and 7.0
KVM	Linux KVM-based on Red Hat Enterprise Linux 7.6, 7.8, and 8.2 Ubuntu 16.04.5 LTS, Ubuntu 18.04.5 LTS, Ubuntu 20.04.5 LTS KVM/SUSE version 15 SP3 (restricted to SDA Wireless deployments)
AWS	AWS EC2 platform
NFVIS	ENCS 3.8.1 and 3.9.1
GCP	GCP marketplace
Microsoft Hyper-V	Windows 2019 Server and Windows Server 2016 (Version 1607) with Hyper-V Manager (Version 10.0.14393)
Microsoft Azure	Microsoft Azure

The following table lists the supported Cisco Catalyst 9800 Series Wireless Controller hardware models.

The base PIDs are the model numbers of the controller.

The bundled PIDs indicate the orderable part numbers for the base PIDs that are bundled with a particular network module. Running the show version , show module , or show inventory command on such a controller (bundled PID) displays its base PID.

Note that unsupported SFPs will bring down a port. Only Cisco-supported SFPs (GLC-LH-SMD and GLC-SX-MMD) should be used on the route processor (RP) ports of C9800-80-K9 and C9800-40-K9.

Table 10. Supported PIDs and Ports
Controller Model	Description
C9800-CL-K9	Cisco Catalyst Wireless Controller as an infrastructure for cloud.
C9800-80-K9	Eight 1/10-Gigabit Ethernet SFP or SFP+ ports and two power supply slots.
C9800-40-K9	Four 1/10-Gigabit Ethernet SFP or SFP+ ports and two power supply slots.
C9800-L-C-K9	4x2.5/1-Gigabit ports 2x10/5/2.5/1-Gigabit ports
C9800-L-F-K9	4x2.5/1-Gigabit ports 2x10/1-Gigabit ports

The following table lists the supported SFP models.

Table 11. Supported SFPs
SFP Name	C9800-80-K9	C9800-40-K9	C9800-L-C-K9	C9800-L-F-K9
DWDM-SFP10G-30.33	Supported	Supported	—	—
DWDM-SFP10G-61.41	Supported	Supported	—	—
FINISAR-LR – FTLX1471D3BCL ¹	Supported	Supported	—	Supported
FINISAR-SR – FTLX8574D3BCL	Supported	Supported	—	Supported
GLC-BX-D	Supported	Supported	Supported	Supported
GLC-BX-U	Supported	Supported	Supported	Supported
GLC-EX-SMD	Supported	Supported	—	—
GLC-LH-SMD	Supported	Supported	Supported	—
GLC-SX-MMD	Supported	Supported	Supported	Supported
GLC-T	Supported	—	Supported	—
GLC-TE	Supported	Supported	Supported	Supported
GLC-ZX-SMD	Supported	Supported	Supported	Supported
QSFP-100G-LR4-S	Supported	—	—	—
QSFP-100G-SR4-S	Supported	—	—	—
QSFP-40G-BD-RX	Supported	—	—	—
QSFP-40G-ER4	Supported	—	—	—
QSFP-40G-LR4	Supported	—	—	—
QSFP-40G-LR4-S	Supported	—	—	—
QSFP-40G-SR4	Supported	—	—	—
QSFP-40G-SR4-S	Supported	—	—	—
QSFP-40GE-LR4	Supported	—	—	—
SFP-10G-AOC10M	Supported	Supported	—	—
SFP-10G-AOC1M	Supported	Supported	—	—
SFP-10G-AOC2M	Supported	Supported	—	—
SFP-10G-AOC3M	Supported	Supported	—	—
SFP-10G-AOC5M	Supported	Supported	—	—
SFP-10G-AOC7M	Supported	Supported	—	—
SFP-10G-ER	Supported	Supported	—	—
SFP-10G-LR	Supported	Supported	—	Supported
SFP-10G-LR-S	Supported	Supported	—	Supported
SFP-10G-LR-X	Supported	Supported	—	Supported
SFP-10G-LRM	Supported	Supported	—	Supported
SFP-10G-SR	Supported	Supported	—	Supported
SFP-10G-SR-S	Supported	Supported	—	Supported
SFP-10G-SR-X	Supported	Supported	—	Supported
SFP-10G-ZR	Supported	Supported	—	—
SFP-H10GB- ACU10M	Supported	Supported	—	Supported
SFP-H10GB- ACU7M	Supported	Supported	—	Supported
SFP-H10GB- CU1.5M	Supported	Supported	—	Supported
SFP-H10GB-CU1M	Supported	Supported	—	Supported
SFP-H10GB-CU2.5M	Supported	Supported	—	Supported
SFP-H10GB-CU2M	Supported	Supported	—	Supported
SFP-H10GB-CU3M	Supported	Supported	—	Supported
SFP-H10GB-CU5M	Supported	Supported	—	Supported

¹ The FINISAR SFPs are not Cisco specific and some of the features, such as DOM, may not work properly.

Optics Modules

The Cisco Catalyst 9800 Series Wireless Controller supports a wide range of optics. The list of supported optics is updated on a regular basis. See the tables at the following location for the latest transceiver module compatibility information:

https://www.cisco.com/en/US/products/hw/modules/ps5455/products_device_support_tables_list.html

Network Protocols and Port Matrix

Table 12. Cisco Catalyst 9800 Series Wireless Controller - Network Protocols and Port Matrix
Source	Destination	Protocol	Destination Port	Source Port	Description
Any	Cisco Catalyst 9800 Series Wireless Controller	TCP	22	Any	SSH
Any	Cisco Catalyst 9800 Series Wireless Controller	TCP	23	Any	Telnet
Any	Cisco Catalyst 9800 Series Wireless Controller	TCP	80	Any	HTTP
Any	Cisco Catalyst 9800 Series Wireless Controller	TCP	443	Any	HTTPS
Any	Cisco Catalyst 9800 Series Wireless Controller	UDP	161	Any	SNMP Agent
Any	Any	UDP	5353	5353	mDNS
Any	Cisco Catalyst 9800 Series Wireless Controller	UDP	69	69	TFTP
Any	DNS Server	UDP	53	Any	DNS
Any	Cisco Catalyst 9800 Series Wireless Controller	TCP	830	Any	NetConf
Any	Cisco Catalyst 9800 Series Wireless Controller	TCP	443	Any	REST API
Any	WLC Protocol	UDP	1700	Any	Receive CoA packets.
AP	Cisco Catalyst 9800 Series Wireless Controller	UDP	5246	Any	CAPWAP Control
AP	Cisco Catalyst 9800 Series Wireless Controller	UDP	5247	Any	CAPWAP Data
AP	Cisco Catalyst 9800 Series Wireless Controller	UDP	5248	Any	CAPWAP MCAST
AP	Cisco Catalyst Center	TCP	32626	Any	Intelligent capture and RF telemetry
AP	AP	UDP	16670	Any	Client Policies (AP-AP)
Cisco Catalyst 9800 Series Wireless Controller	Cisco Catalyst 9800 Series Wireless Controller	UDP	16666	16666	Mobility Control
Cisco Catalyst 9800 Series Wireless Controller	SNMP	UDP	162	Any	SNMP Trap
Cisco Catalyst 9800 Series Wireless Controller	RADIUS	UDP	1812/1645	Any	RADIUS Auth
Cisco Catalyst 9800 Series Wireless Controller	RADIUS	UDP	1813/1646	Any	RADIUS ACCT
Cisco Catalyst 9800 Series Wireless Controller	TACACS+	TCP	49	Any	TACACS+
Cisco Catalyst 9800 Series Wireless Controller	Cisco Catalyst 9800 Series Wireless Controller	UDP	16667	16667	Mobility
Cisco Catalyst 9800 Series Wireless Controller	NTP Server	UDP	123	Any	NTP
Cisco Catalyst 9800 Series Wireless Controller	Syslog Server	UDP	514	Any	SYSLOG
Cisco Catalyst 9800 Series Wireless Controller	NetFlow Server	UDP	9996	Any	NetFlow
Cisco Catalyst 9800 Series Wireless Controller	Cisco Connected Mobile Experiences (CMX)	UDP	16113	Any	NMSP
Cisco Catalyst Center	Cisco Catalyst 9800 Series Wireless Controller	TCP	32222	Any	Device Discovery

Supported APs

The following Cisco APs are supported in this release.

Indoor Access Points

Cisco Catalyst 9105AXI Access Points
- VID 04 or later - supported from 17.9.2
- VID 03 or earlier - supported in all 17.9.x releases
Cisco Catalyst 9105AXW Access Points
- VID 02 or later - supported from 17.9.2
- VID 01 or earlier - supported in all 17.9.x releases
Cisco Catalyst 9115AX (I/E) Access Points
Cisco Catalyst 9117AXI Access Points
Cisco Catalyst 9120AX (I/E) Access Points
- VID 07 or later - supported from 17.9.2
- VID 06 or earlier - supported in all 17.9.x releases
Cisco Catalyst 9120AXP Access Points
Cisco Catalyst 9130AX (I/E) Access Points
- VID 03 or later - supported from 17.9.2
- VID 02 or earlier - supported in all 17.9.x releases
(For information about Cisco Catalyst 9105, 9120, or 9130 Access Points version support, see the Field Notice 72424.)
Cisco Catalyst 9136I Access Points
Cisco Catalyst 9162I Series Access Points - supported from 17.9.2
Cisco Catalyst 9164I Series Access Points
Cisco Catalyst 9166I Series Access Points
Cisco Aironet 1800I, 1815 (I/W), 1830 (I), 1840 (I), and 1850 (I/E) Access Points
Cisco Aironet 2800 (I/E) Series Access Points
Cisco Aironet 3800 (I/E/P) Series Access Points
Cisco Aironet 4800 Series Access Points

Support is reintroduced for the following APs from 17.9.3:

Cisco Aironet 1570 Series Access Points
Cisco Aironet 1700 Series Access Points
Cisco Aironet 2700 Series Access Points
Cisco Aironet 3700 Series Access Points

Outdoor Access Points

Cisco Aironet 1540 Series Access Points
Cisco Aironet 1560 Series Access Points
Cisco Industrial Wireless 3700 Series Access Points
Cisco Catalyst Industrial Wireless 6300 Heavy Duty Series Access Point
Cisco 6300 Series Embedded Services Access Point
Cisco Catalyst 9124AX (I/D) Access Points
Cisco Catalyst IW9167 (E) Heavy Duty Access Point - supported from 17.9.3

Integrated Access Points

Integrated Access Point on Cisco 1100 ISR (ISR-AP1100AC-x, ISR-AP1101AC-x, and ISR-AP1101AX-x)

Network Sensor

Cisco Aironet 1800s Active Sensor

Pluggable Modules

Wi-Fi 6 Pluggable Module for Industrial Routers

Supported Access Point Channels and Maximum Power Settings

Supported access point channels and maximum power settings on Cisco APs are compliant with the regulatory specifications of channels, maximum power levels, and antenna gains of every country in which the access points are sold. For more information about the supported access point transmission values in Cisco IOS XE software releases, see the Detailed Channels and Maximum Power Settings document at https://www.cisco.com/c/en/us/support/ios-nx-os-software/ios-xe-17/products-technical-reference-list.html.

For information about Cisco Wireless software releases that support specific Cisco AP modules, see the "Software Release Support for Specific Access Point Modules" section in the Cisco Wireless Solutions Software Compatibility Matrix document.

Compatibility Matrix

The following table provides software compatibility information. For more information, see Cisco Wireless Solutions Software Compatibility Matrix

Table 13. Compatibility Information
Cisco Catalyst 9800 Series Wireless Controller Software	Cisco Identity Services Engine	Cisco Prime Infrastructure	Cisco AireOS-IRCM Interoperability	Cisco Catalyst Center	Cisco CMX
Cupertino 17.9.6	3.3 3.2 3.1 3.0 2.7 2.6 2.4	3.10.2	8.10.196.0 8.10.190.0 8.10.183.0 8.10.182.0 8.10.181.0 8.10.171.0 8.10.162.0 8.10.151.0 8.10.142.0 8.10.130.0 8.8.130.0 8.5.176.2 8.5.182.104	See Cisco Catalyst Center Compatibility Information	11.0 10.6.3
Cupertino 17.9.5	3.3 3.2 3.1 3.0 2.7 2.6 2.4	3.10.2	8.10.196.0 8.10.190.0 8.10.183.0 8.10.182.0 8.10.181.0 8.10.171.0 8.10.162.0 8.10.151.0 8.10.142.0 8.10.130.0 8.8.130.0 8.5.176.2 8.5.182.104	See Cisco Catalyst Center Compatibility Information	11.0 10.6.3
Cupertino 17.9.4a	3.3 3.2 3.1 3.0 2.7 2.6 2.4	3.10.2	8.10.196.0 8.10.190.0 8.10.185.0 8.10.183.0 8.10.182.0 8.10.181.0 8.10.171.0 8.10.162.0 8.10.151.0 8.10.142.0 8.10.130.0 8.8.130.0 8.5.176.2 8.5.182.104	See Cisco Catalyst Center Compatibility Information	11.0 10.6.3
Cupertino 17.9.4	3.3 3.2 3.1 3.0 2.7 2.6 2.4	3.10.2	8.10.183.0 8.10.182.0 8.10.181.0 8.10.171.0 8.10.162.0 8.10.151.0 8.10.142.0 8.10.130.0 8.8.130.0 8.5.176.2 8.5.182.104	See Cisco Catalyst Center Compatibility Information	11.0 10.6.3
Cupertino 17.9.3	3.3 3.0 2.7 2.6 2.4	3.10.2	8.10.183.0 8.10.182.0 8.10.181.0 8.10.171.0 8.10.162.0 8.10.151.0 8.10.142.0 8.10.130.0 8.8.130.0 8.5.176.2 8.5.182.104	See Cisco Catalyst Center Compatibility Information	11.0 10.6.3
Cupertino 17.9.2	3.3 3.0 2.7 2.6 2.4	3.10.2	8.10.183.0 8.10.182.0 8.10.181.0 8.10.171.0 8.10.162.0 8.10.151.0 8.10.142.0 8.10.130.0 8.8.130.0 8.5.176.2 8.5.182.104	See Cisco Catalyst Center Compatibility Information	11.0 10.6.3
Cupertino 17.9.1	3.3 3.0 2.7 2.6 2.4	3.10 MR1	8.10.181.0 8.10.171.0 8.10.162.0 8.10.151.0 8.10.142.0 8.10.130.0 8.8.130.0 8.5.176.2 8.5.182.104	See Cisco Catalyst Center Compatibility Information	11.0 10.6.3

GUI System Requirements

The following subsections list the hardware and software required to access the Cisco Catalyst 9800 Controller GUI.

Table 14. Hardware Requirements
Processor Speed	DRAM	Number of Colors	Resolution	Font Size
233 MHz minimum²	512 MB³	256	1280 x 800 or higher	Small

² We recommend 1 GHz.

³ We recommend 1-GB DRAM.

Software Requirements

Operating Systems:

Windows 7 or later
Mac OS X 10.11 or later

Browsers:

Google Chrome: Version 59 or later (on Windows and Mac)
Microsoft Edge: Version 40 or later (on Windows)
Safari: Version 10 or later (on Mac)
Mozilla Firefox: Version 60 or later (on Windows and Mac)

Note

Firefox Version 63.x is not supported.

The controller GUI uses Virtual Terminal (VTY) lines for processing HTTP requests. At times, when multiple connections are open, the default number of VTY lines of 15 set by the device might get exhausted. Therefore, we recommend that you increase the number of VTY lines to 50.

To increase the VTY lines in a device, run the following commands in the following order:

device# configure terminal
device(config)# line vty 50

A best practice is to configure the service tcp-keepalives to monitor the TCP connection to the device.
device(config)# service tcp-keepalives-in
device(config)# service tcp-keepalives-out

Before You Upgrade

Ensure that you familiarize yourself with the following points before proceeding with the upgrade:

APs running Cisco IOS XE 17.9.3 might encounter issues when attempting to upgrade their software due to insufficient space in the /tmp directory. When the /tmp space on the AP becomes full, it prevents the download of the new AP image. In such instances, we recommend that you reboot the AP.

Caution

During controller upgrade or reboot, if route processor ports are connected to any Cisco switch, ensure that the route processor ports are not flapped (shut/no shut process). Otherwise, it may lead to a kernel crash.

Note

ISSU feature is supported only within and between major releases, for example, 17.3.x (within a release) and 17.3.x to 17.6.x (among major releases).
Controller upgrade from Cisco IOS XE Bengaluru 17.3.x to Cisco IOS XE Bengaluru 17.6.x or Cisco IOS XE Cupertino 17.9.x or later using ISSU may fail if the domain command is configured. Ensure that you run the no domain command before starting an ISSU upgrade because the domain command has been removed from Cisco IOS XE Bengaluru 17.6.x.
Controller upgrade from Cisco IOS XE Bengaluru 17.3.x to any release using ISSU may fail if the snmp-server enable traps hsrp command is configured. Ensure that you remove the snmp-server enable traps hsrp command from the configuration before starting an ISSU upgrade because the snmp-server enable traps hsrp command has been removed from Cisco IOS XE Bengaluru 17.4.x.
Controller upgrade to Cisco IOS XE Dublin 17.12.x from any prior release using ISSU may fail if the snmp-server enable traps license command is configured. Ensure that you remove the snmp-server enable traps license command from the configuration before starting an ISSU upgrade because the snmp-server enable traps license command has been removed from Cisco IOS XE Dublin 17.12.x.
Rolling AP upgrade, which is a part of the ISSU feature, is not supported for mesh APs.
Ensure that you add Authentication and Key Management (AKM) setting when you configure WPA3. In older releases, this scenario was not mandatory which resulted in an invalid configuration. However, from 17.9 and higher releases, this invalid scenario is detected and prevented.

Cisco Wave 2 APs may get into a boot loop when upgrading software over a WAN link. For more information, see: https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/220443-how-to-avoid-boot-loop-due-to-corrupted.html.

The following Wave 1 APs are not supported from 17.4 to 17.9.2, 17.10.x, 17.11.x, 17.13.x, 17.14.x, and 17.15.x:

Cisco Aironet 1570 Series Access Point
Cisco Aironet 1700 Series Access Point
Cisco Aironet 2700 Series Access Point
Cisco Aironet 3700 Series Access Point

Note

Support for the above APs was reintroduced from Cisco IOS XE Cupertino 17.9.3.
Support for these APs does not extend beyond the normal product lifecycle support. Refer to the individual End-of-Support bulletins on Cisco.com.
Feature support is on parity with the 17.3.x release. Features introduced in 17.4.1 or later are not supported on these APs in the 17.9.3 release.
You can migrate directly to 17.9.3 from 17.3.x, where x=4c or later.

From Cisco IOS XE Dublin 17.10.x, Key Exchange and MAC algorithms like diffie-hellman-group14-sha1, hmac-sha1, hmac-sha2-256, and hmac-sha2-512 are not supported by default and it may impact some SSH clients that only support these algorithms. If required, you can add them manually. For information on manually adding these algorithms, see the SSH Algorithms for Common Criteria Certification document available at: https://www.cisco.com/c/en/us/td/docs/routers/ios/config/17-x/sec-vpn/b-security-vpn/m_sec-secure-shell-algorithm-ccc.html

If APs fail to detect the backup image after running the archive download-sw command, perform the following steps:

Upload the image using the no-reload option of the archive download-sw command:

Device# archive download-sw /no-reload tftp://<tftp_server_ip>/<image_name>

Restart the CAPWAP process using capwap ap restart command. This allows the AP to use the correct backup image after the restart (reload is not required.)

Device# capwap ap restart

Caution

The AP will lose connection to the controller during the join process. When the AP joins the new controller, it will see a new image in the backup partition. So, the AP will not download a new image from the controller.

You might observe a high Confd CPU when full synchronization occurs between NETCONF datastore and Cisco IOS configuration. This behavior is normal and is triggered by the line vty command.
From Cisco IOS XE Cupertino 17.7.1 onwards, for Cisco Catalyst 9800-CL Wireless Controller, ensure that you complete Resource Utilization Measurement (RUM) reporting and ensure that the ACK is made available on the product instance at least once. This is to ensure that correct and up-to-date usage information is reflected in the Cisco Smart Software Manager (CSSM).
From Cisco IOS XE Amsterdam 17.3.1 onwards, the Cisco Catalyst 9800-CL Wireless Controller requires 16 GB of disk space for new deployments.

If you are upgrading to Cisco IOS XE Amsterdam 17.3.x from a previous release, resizing of disk space is not supported. If the current disk space is lesser than 16 GB, you need to redeploy the VM to meet the new disk space requirements.
Fragmentation lower than 1500 is not supported for the RADIUS packets generated by wireless clients in the Gi0 (OOB) interface.
Cisco IOS XE allows you to encrypt all the passwords used on the device. This includes user passwords and SSID passwords (PSK). For more information, see the "Password Encryption" section of the Cisco Catalyst 9800 Series Configuration Best Practices document.
While upgrading to Cisco IOS XE 17.3.x and later releases, if the ip http active-session-modules none command is enabled, you will not be able to access the controller GUI using HTTPS. To access the GUI using HTTPS, run the following commands in the order specified below:
1. ip http session-module-list pkilist OPENRESTY_PKI
2. ip http active-session-modules pkilist
Cisco Aironet 1815T OfficeExtend Access Point will be in local mode when connected to the controller. However, when it functions as a standalone AP, it gets converted to FlexConnect mode.
The Cisco Catalyst 9800-L Wireless Controller may fail to respond to the BREAK signals received on its console port during boot time, preventing users from getting to the ROMMON. This problem is observed on the controllers manufactured until November 2019, with the default config-register setting of 0x2102. This problem can be avoided if you set config-register to 0x2002. This problem is fixed in the 16.12(3r) ROMMON for Cisco Catalyst 9800-L Wireless Controller. For information about how to upgrade the ROMMON, see the Upgrading ROMMON for Cisco Catalyst 9800-L Wireless Controllers section of the Upgrading Field Programmable Hardware Devices for Cisco Catalyst 9800 Series Wireless Controllers document.
By default, the controller uses a TFTP block size value of 512, which is the lowest possible value. This default setting is used to ensure interoperability with legacy TFTP servers. If required, you can change the block size value to 8192 to speed up the transfer process, using the ip tftp blocksize command in global configuration mode.
We recommend that you configure the password encryption aes and the key config-key password-encrypt key commands to encrypt your password.
If the following error message is displayed after a reboot or system crash, we recommend that you regenerate the trustpoint certificate:
```
 ERR_SSL_VERSION_OR_CIPHER_MISMATCH
```
Use the following commands in the order specified below to generate a new self-signed trustpoint certificate:
1. device# configure terminal
2. device(config)# no crypto pki trustpoint trustpoint_name
3. device(config)# no ip http server
4. device(config)# no ip http secure-server
5. device(config)# ip http server
6. device(config)# ip http secure-server
7. device(config)# ip http authentication local/aaa

Do not deploy OVA files directly to VMware ESXi 6.5. We recommend that you use an OVF tool to deploy the OVA files.
Ensure that you remove the controller from Cisco Prime Infrastructure before disabling or enabling Netconf-YANG. Otherwise, the system may reload unexpectedly.
Unidirectional Link Detection (UDLD) protocol is not supported.
SIP media session snooping is not supported on FlexConnect local switching deployments.
The Cisco Catalyst 9800 Series Wireless Controllers (C9800-CL, C9800-L, C9800-40, and C9800-80) support a maximum of 14,000 leases with internal DHCP scope.
Configuring the mobility MAC address using the wireless mobility mac-address command is mandatory for both HA and 802.11r.
If you have Cisco Catalyst 9120 (E/I/P) and Cisco Catalyst 9130 (E) APs in your network and you want to downgrade, use only Cisco IOS XE Gibraltar 16.12.1t. Do not downgrade to Cisco IOS XE Gibraltar 16.12.1s.
The following SNMP variables are not supported:
- CISCO-LWAPP-WLAN-MIB: cLWlanMdnsMode
- CISCO-LWAPP-AP-MIB.my: cLApDot11IfRptncPresent, cLApDot11IfDartPresent
If you are upgrading from Cisco IOS XE Gibraltar 16.11.x or an earlier release, ensure that you unconfigure the advipservices boot-level licenses on both the active and standby controllers using the no license boot level advipservices command before the upgrade. Note that the license boot level advipservices command is not available in Cisco IOS XE Gibraltar 16.12.1s and 16.12.2s.
The Cisco Catalyst 9800 Series Wireless Controller has a service port that is referred to as GigabitEthernet 0 port.

The following protocols and features are supported through this port:
- Cisco Catalyst Center
- Cisco Smart Software Manager
- Cisco Prime Infrastructure
- Telnet
- Controller GUI
- DNS
- File transfer
- GNMI
- HTTP
- HTTPS
- LDAP
- Licensing for Smart Licensing feature to communicate with CSSM
- Netconf
- NetFlow
- NTP
- RADIUS (including CoA)
- Restconf
- SNMP
- SSH
- SYSLOG
- TACACS+
During device upgrade using GUI, if a switchover occurs, the session expires and the upgrade process gets terminated. As a result, the GUI cannot display the upgrade state or status.
From Cisco IOS XE Bengaluru 17.4.1 onwards, the telemetry solution provides a name for the receiver address instead of the IP address for telemetry data. This is an additional option. During the controller downgrade and subsequent upgrade, there is likely to be an issue—the upgrade version uses the newly named receivers, and these are not recognized in the downgrade. The new configuration gets rejected and fails in the subsequent upgrade. Configuration loss can be avoided when the upgrade or downgrade is performed from Cisco Catalyst Center.
From Cisco IOS XE Bengaluru 17.4.1 onwards, session timeout under the policy profile is supported.
Communication between Cisco Catalyst 9800 Series Wireless Controller and Cisco Prime Infrastructure uses different ports:
- All the configurations and templates available in Cisco Prime Infrastructure are pushed through SNMP and CLI, using UDP port 161.
- Operational data for controller is obtained over SNMP, using UDP port 162.
- AP and client operational data leverage streaming telemetry:
  - Cisco Prime Infrastructure to controller: TCP port 830 is used by Cisco Prime Infrastructure to push the telemetry configuration to the controller (using NETCONF).
  - Controller to Cisco Prime Infrastructure: TCP port 20828 is used for Cisco IOS XE 16.10.x and 16.11.x, and TCP port 20830 is used for Cisco IOS XE 16.12.x, 17.1.x and later releases.
To migrate public IP address from 16.12.x to 17.x. ensure that you configure the service internal command. If you do not configure the service internal command, the IP address does not get carried forward.
RLAN support with Virtual Routing and Forwarding (VRF) is not available.
When you encounter the SNMP error SNMP_ERRORSTATUS_NOACCESS 6, it means that the specified SNMP variable is not accessible.
We recommend that you perform a controller reload whenever there is a change in the controller's clock time to reflect an earlier time.

Note

Before upgrading the Cisco Catalyst 9800-40 Series Wireless Controller image to Cisco IOS XE Cupertino 17.9.x using bundle mode, you must ensure that the ROMMON version is 17.7(3r) or later.

For other platforms, such as Cisco Catalyst 9800-80 Series Wireless Controllers, you should upgrade to 17.3(3r) and for Cisco Catalyst 9800-L Series Wireless Controllers, we recommend that you upgrade the ROMMON version to 16.12(3r) or later.

After the upgrade, you cannot downgrade to older ROMMON versions.

Note

The DTLS version (DTLSv1.0) is deprecated for Cisco Aironet 1800 based on latest security policies. Therefore, any new out-of-box deployments of Cisco Aironet 1800 APs will fail to join the controller and you will get the following error message:

%APMGR_TRACE_MESSAGE-3-WLC_GEN_ERR: Chassis 1 R0/2: wncd: Error in AP Join, AP <AP-name>, 
mac:<MAC-address>Model AIR-AP1815W-D-K9, AP negotiated unexpected DTLS version v1.0

To onboard new Cisco Aironet 1800 APs and to establish a CAPWAP connection, explicitly set the DTLS version to 1.0 in the controller using the following configuration:


config terminal
ap dtls-version dtls_1_0
end

Note that setting the DTLS version to 1.0 affects all the existing AP CAPWAP connections. We recommend that you apply the configuration only during a maintenance window. After the APs download the new image and join the controller, ensure that you remove the configuration.

To upgrade the field programmable hardware devices for Cisco Catalyst 9800 Series Wireless Controllers, see Upgrading Field Programmable Hardware Devices for Cisco Catalyst 9800 Series Wireless Controllers.

Important

Before you begin a downgrade process, you must manually remove the configurations which are applicable in the current version but not in older version. Otherwise, you might encounter an unexpected behavior.

When you downgrade an AP from a higher version to Cisco IOS XE Amsterdam 17.3.x, the AP will not be accessible through SSH or the console due to the denial of the enable password, when the AP has not yet joined a controller. If the AP joins a controller, then the AP becomes accessible without any password denial.

Upgrade Path to Cisco IOS XE Cupertino 17.9.x

Table 15. Upgrade Path to Cisco IOS XE Cupertino 17.9.x
Current Software	Upgrade Path for Deployments with 9130 or 9124	Upgrade Path for Deployments Without 9130 or 9124
16.10.x	—⁴	Upgrade first to 16.12.5 or 17.3.x and then to 17.9.x.
16.11.x	—	Upgrade first to 16.12.5 or 17.3.x and then to 17.9.x.
16.12.x	Upgrade first to 17.3.5 or later or 17.6.x or later, and then to 17.9.x.	Upgrade first to 17.3.5 or later or 17.6.x or later, and then to 17.9.x.
17.1.x	Upgrade first to 17.3.5 or later and then to 17.9.x.	Upgrade first to 17.3.5 or later and then to 17.9.x.
17.2.x	Upgrade first to 17.3.5 or later and then to 17.9.x.	Upgrade first to 17.3.5 or later and then to 17.9.x.
17.3.1 to 17.3.4	Upgrade first to 17.3.5 or later or 17.6.x or later, and then to 17.9.x.	Upgrade directly to 17.9.x.
17.3.4c or later	Upgrade directly to 17.9.x.	Upgrade directly to 17.9.x.
17.4.x	Upgrade first to 17.6.x and then to 17.9.x.	Upgrade directly to 17.9.x.
17.5.x	Upgrade first to 17.6.x and then to 17.9.x.	Upgrade directly to 17.9.x.
17.6.x	Upgrade directly to 17.9.x.	Upgrade directly to 17.9.x.
17.7.x	Upgrade directly to 17.9.x.	Upgrade directly to 17.9.x.
17.8.x	Upgrade directly to 17.9.x.	Upgrade directly to 17.9.x.
8.9.x or any 8.10.x version prior to 8.10.171.0	Upgrade first to 8.10.171.0 or later, 17.3.5 or later, or 17.6.x or later, and then to 17.9.x.	Upgrade directly to 17.9.x.
8.10.171.0 and above	Upgrade directly to 17.9.x.	Upgrade directly to 17.9.x.

⁴ The Cisco Catalyst 9130 and 9124 APs are not supported in 16.10.x and 16.11.x releases.

Upgrading the Controller Software

This section describes the various aspects of upgrading the controller software.

For information on the upgrade process and the methods to upgrade the Cisco Catalyst 9800 Series Wireless Controller software, see the "Upgrading the Cisco Catalyst 9800 Wireless Controller Software" chapter of the Cisco Catalyst 9800 Series Wireless Controller Software Configuration Guide.

Finding the Software Version

The package files for the Cisco IOS XE software are stored in the system board flash device (flash:).

Use the show version privileged EXEC command to see the software version that is running on your controller.

Note

Although the show version output always shows the software image running on the controller, the model name shown at the end of the output is the factory configuration, and does not change if you upgrade the software license.

Use the show install summary privileged EXEC command to see the information about the active package.

Use the dir filesystem: privileged EXEC command to see the directory names of other software images that you have stored in flash memory.

Software Images

Release: Cisco IOS XE Cupertino 17.9.x
Image Names (9800-80, 9800-40, and 9800-L):
- C9800-80-universalk9_wlc.17.09.x.SPA.bin
- C9800-40-universalk9_wlc.17.09.x.SPA.bin
- C9800-L-universalk9_wlc.17.09.x.SPA.bin
Image Names (9800-CL):
- Cloud: C9800-CL-universalk9.17.09.x.SPA.bin
- Hyper-V/ESXi/KVM: C9800-CL-universalk9.17.09.x.iso, C9800-CL-universalk9.17.09.x.ova
- KVM: C9800-CL-universalk9.17.09.x.qcow2
- NFVIS: C9800-CL-universalk9.17.09.x.tar.gz

Software Installation Commands

Cisco IOS XE, Cupertino, 17.9.x

To install and activate a specified file, and to commit changes to be persistent across reloads, run the following command:

device# install add file filename [activate |commit]

To separately install, activate, commit, end, or remove the installation file, run the following command:

device# install ?

Note

We recommend that you use the GUI for installation.

add file tftp: filename

Copies the install file package from a remote location to a device, and performs a compatibility check for the platform and image versions.

activateauto-abort-timer]

Activates the file and reloads the device. The auto-abort-timer keyword automatically rolls back image activation.

commit

Makes changes that are persistent over reloads.

rollback to committed

Rolls back the update to the last committed version.

abort

Cancels file activation, and rolls back to the version that was running before the current installation procedure started.

remove

Deletes all unused and inactive software installation files.

Licensing

The Smart Licensing Using Policy feature is automatically enabled on the controller. This is also the case when you upgrade to this release. By default, your Smart Account and Virtual Account in Cisco Smart Software Manager (CSSM) are enabled for Smart Licensing Using Policy. For more information, see the "Smart Licensing Using Policy" chapter in the Cisco Catalyst 9800 Series Wireless Controller Software Configuration Guide.

For a more detailed overview on Cisco Licensing, see cisco.com/go/licensingguide.

Interoperability with Clients

This section describes the interoperability of the controller software with client devices.

The following table lists the configurations used for testing client devices.

Table 16. Test Configuration for Interoperability
Hardware or Software Parameter	Hardware or Software Type
Release	Cisco IOS XE, Cupertino, 17.9.x
Cisco Wireless Controller	See Supported Hardware.
Access Points	See Supported APs.
Radio	802.11ax 802.11ac 802.11a 802.11g 802.11n 802.11ax in 6GHz (Wi-Fi 6E)
Security	Open, PSK (WPA2-AES), 802.1X (WPA2-AES) (EAP-FAST, EAP-TLS) WPA3 AKM 802.11ax
RADIUS	See Compatibility Matrix.
Types of tests	Connectivity, traffic (ICMP), and roaming between two APs

The following table lists the client types on which the tests were conducted. Client types included laptops, hand-held devices, phones, and printers.

Table 17. Client Types

Client Type and Name

Driver or Software Version

Laptops

Acer Aspire E 15 E5-573-3870 (Qualcomm Atheros QCA9377)

Windows 10 Pro (12.0.0.832)

Apple Macbook Air 11 inch

OS Sierra 10.12.6

Apple Macbook Air 13 inch

OS High Sierra 10.13.4

Macbook Pro Retina

OS Catalina

Macbook Pro Retina 13 inch early 2015

OS Mojave 10.14.3

Macbook Pro OS X

OS X 10.8.5

Macbook Air

OS Sierra v10.12.2

Macbook Air 11 inch

OS X Yosemite 10.10.5

MacBook M1 Chip

OS Catalina

Dell Inspiron 2020 Chromebook

Chrome OS 75.0.3770.129

Google Pixelbook Go

Chrome OS 97.0.4692.27

HP chromebook 11a

Chrome OS 76.0.3809.136

Samsung Chromebook 4+

Chrome OS 77.0.3865.105

Dell Latitude (Intel AX210)

Windows 11 (22.110.x.x)

Dell Latitude 3480 (Qualcomm DELL wireless 1820)

Win 10 Pro (12.0.0.242)

Dell Inspiron 15-7569 (Intel Dual Band Wireless-AC 3165)

Windows 10 Home (21.40.0)

Dell Latitude E5540 (Intel Dual Band Wireless AC7260)

Windows 7 Professional (21.10.1)

Dell Latitude E5430 (Intel Centrino Advanced-N 6205)

Windows 7 Professional (15.18.0.1)

Dell Latitude E6840 (Broadcom Dell Wireless 1540 802.11 a/g/n)

Windows 7 Professional (6.30.223.215)

Dell XPS 12 v9250 (Intel Dual Band Wireless AC 8260 )

Windows 10 Home (21.40.0)

Dell Latitude 5491 (Intel AX200)

Windows 10 Pro (21.20.1.1)

Dell XPS Latitude12 9250 (Intel Dual Band Wireless AC 8260)

Windows 10 Home

Dell Inspiron 13-5368 Signature Edition

Windows 10 Home (18.40.0.12)

FUJITSU Lifebook E556 Intel 8260 (Intel Dual Band Wireless-AC 8260 (802.11n))

Windows 8 (19.50.1.6)

Lenovo Yoga C630 Snapdragon 850 (Qualcomm AC 2x2 Svc)

Windows 10 Home

Lenovo Thinkpad Yoga 460 (Intel Dual Band Wireless-AC 9260)

Windows 10 Pro (21.40.0)

Note

For clients using Intel wireless cards, we recommend that you to update to the latest Intel wireless drivers if the advertised SSIDs are not visible.

Tablets

Apple iPad 2021

iOS 15.0

Apple iPad 7the Gen 2019

iOS 14.0

Apple iPad MD328LL/A

iOS 9.3.5

Apple iPad 2 MC979LL/A

iOS 11.4.1

Apple iPad Air MD785LL/A

iOS 11.4.1

Apple iPad Air2 MGLW2LL/A

iOS 10.2.1

Apple iPad Mini 4 9.0.1 MK872LL/A

iOS 11.4.1

Apple iPad Mini 2 ME279LL/A

iOS 11.4.1

Apple iPad Mini 4 9.0.1 MK872LL/A

iOS 11.4.1

Microsoft Surface Pro 3 13 inch (Intel AX201)

Windows 10 (21.40.1.3)

Microsoft Surface Pro 3 15 inch (Qualcomm Atheros QCA61x4A)

Windows 10

Microsoft Surface Pro 7 (Intel AX201)

Windows 10

Microsoft Surface Pro 6 (Marvell Wi-Fi chipset 11ac)

Windows 10

Microsoft Surface Pro X (WCN3998 Wi-Fi Chip)

Windows

Mobile Phones

Apple iPhone 5

iOS 12.4.1

Apple iPhone 6s

iOS 13.5

Apple iPhone 7 MN8J2LL/A

iOS 11.2.5

Apple iPhone 8

iOS 13.5

Apple iPhone 8 Plus

iOS 14.1

Apple iPhone 8 Plus MQ8D2LL/A

iOS 12.4.1

Apple iPhone X MQA52LL/A

iOS 13.1

Apple iPhone 11

iOS 15.1

Apple iPhone 12

iOS 15.1

Apple iPhone 12 Pro

iOS 15.1

Apple iPhone 13

iOS 15.1

Apple iPhone 13 Mini

iOS 15.1

Apple iPhone 13 Pro

iOS 15.1

Apple iPhone 14

iOS 16

Apple iPhone 15

iOS17

Apple iPhone SE MLY12LL/A

iOS 11.3

Apple iPhone SE

iOS 15.1

ASCOM i63

Build v 3.0.0

ASCOM Myco 3

Android 9

Cisco IP Phone 8821

11.0.6 SR1

Drager Delta

VG9.0.2

Drager M300.3

VG2.4

Drager M300.4

VG2.4

Drager M540

DG6.0.2 (1.2.6)

Google Pixel 3a

Android 11

Google Pixel 4

Android 11

Google Pixel 5

Android 11

Google Pixel 6

Android 11

Huawei Mate 20 pro

Android 9.0

Huawei P20 Pro

Android 10

Huawei P40

Android 10

LG v40 ThinQ

Android 9.0

One Plus 8

Android 11

Oppo Find X2

Android 10

Redmi K20 Pro

Android 10

Samsung Galaxy S9+ - G965U1

Android 10.0

Samsung Galaxy S10 Plus

Android 11.0

Samsung S10 (SM-G973U1)

Android 11.0

Samsung S10e (SM-G970U1)

Android 11.0

Samsung S20 Ultra

Android 10.0

Samsung S21 Ultra 5G

Android 11.0

Samsung Fold 2

Android 10.0

Samsung Note20

Android 10.0

Samsung G Note 10 Plus

Android 11.0

Samsung Galaxy A01

Android 11.0

Samsung Galaxy A21

Android 10.0

Sony Experia 1 ii

Android 11

Sony Experia

Android 11

Xiaomi Mi 9T

Android 9

Xiaomi Mi 10

Android 11

Spectralink 84 Series

7.5.0.x257

Spectralink 87 Series

Android 5.1.1

Spectralink Versity Phones 92/95/96 Series

Android 10.0

Vocera Badges B3000n

4.3.3.18

Vocera Smart Badges V5000

5.0.6.35

Zebra MC40

Android 4.4.4

Zebra MC40N0

Android 4.1.1

Zebra MC92N0

Android 4.4.4

Zebra MC9090

Windows Mobile 6.1

Zebra MC55A

Windows 6.5

Zebra MC75A

OEM ver 02.37.0001

Zebra TC51

Android 6.0.1

Zebra TC52

Android 10.0

Zebra TC55

Android 8.1.0

Zebra TC57

Android 10.0

Zebra TC70

Android 6.1

Zebra TC75

Android 10.0

Zebra TC8000

Android 4.4.3

Printers

Zebra QLn320 Mobile Printer

LINK OS 5.2

Zebra ZT230 IndustrialPrinter

LINK OS 6.4

Zebra ZQ310 Mobile Printer

LINK OS 6.4

Zebra ZD410 Industrial Printer

LINK OS 6.4

Zebra ZT410 Desktop Printer

LINK OS 6.4

Zebra ZQ610 Industrial Printer

LINK OS 6.4

Zebra ZQ620 Mobile Printer

LINK OS 6.4

Wireless Module

Intel 11ax 200

Driver v22.20.0

Intel AC 9260

Driver v21.40.0

Intel Dual Band Wireless AC 8260

Driver v19.50.1.6

Intel AX 210

Driver v22.110.x.x (or above)

Samsung S21 Ultra

Driver v20.80.80

QCA WCN6855

Driver v1.0.0.901

PhoenixContact FL WLAN 2010

Firmware version: 2.71

Issues

Issues describe unexpected behavior in Cisco IOS releases in a product. Issues that are listed as Open in a prior release are carried forward to the next release as either Open or Resolved.

Note

All incremental releases contain fixes from the current release.

Cisco Bug Search Tool

The Cisco Bug Search Tool (BST) allows partners and customers to search for software bugs based on product, release, and keyword, and aggregates key data such as bug details, product, and version. The BST is designed to improve the effectiveness in network risk management and device troubleshooting. The tool has a provision to filter bugs based on credentials to provide external and internal bug views for the search input.

To view the details of an issue, click the corresponding identifier.

Open Caveats for Cisco IOS XE Cupertino 17.9.6


Caveat ID	Description
CSCwk83648	Cisco Catalyst 9120 AP experiences radio crash in wlc_bmac_suspend_mac
CSCwk90493	Interface VRRP Mac flaps between Active and Standby EWC
CSCwm09148	EWC rogue syslogs are missing
CSCwm03450	Split tunneling does not work in Cisco IOS XE 17.9.5
CSCwk58326	Controller sends multicast packets with previous WMI
CSCwk05809	%EVENTLIB-3-CPUHOG is observed in Cisco IOS XE 17.12.2
CSCwk97948	Controller ends abnormally during an ISSU upgrade from Cisco IOS XE 17.3 to 17.12
CSCwj80614	Stale clients are observed in device-tracking database IP and MAC for webauth clients in FlexConnect central switching
CSCwj89538	Cisco Aironet 2802 AP fails to send reassociation response or association request
CSCwk76746	Device stops responding constantly when running specific UDN related commands
CSCwj08558	Cisco Catalyst 9124 APs do not assign correct channels in 2.4-GHz
CSCwk70277	FRA sets slot 2 to 6-GHz in Cisco Catalyst 9166 AP even when 6-GHz network is disabled
CSCwm02914	Clients fail authentication due to 4-way handshake failure and IGTK error in M3
CSCwk84121	Local switching clients is assigned to Zone ID 0 when ip overlap is configured and FlexConnect VLAN central switching
CSCwk37983	Client VLAN is retained after changing SSIDs if vlan-persistent is enabled
CSCwk16780	The downstream multicast traffic is blocked for WGB wired client when WGB is associated with the controller
CSCwk82371	Cisco Catalyst 9120AXI-S AP does not detect the RFIDs in Monitor mode
CSCwk98117	Cisco Catalyst 9166D APs are unable to transmit NDP packets over the air
CSCwk46105	Controller experiences unexpected reload with high wncd_x memory
CSCwh63050	Controller running Cisco IOS XE 17.9.3 sends IGMP queries without controller IP address and MAC address
CSCwm09738	Cisco Catalyst 9120 experiences memory leak in Cisco IOS XE 17.9.5
CSCwk79057	AP does not failover to the RADIUS server in Flexconnect Local Switching Local Authentication
CSCwj44848	Standby controller is reloaded with reason EHSA standby down
CSCwm31340	Controller sustained high CPU usage in wncd process
CSCwk24352	Wireless clients are unable to receive the splash page and gets stuck due to webuth requirement
CSCwk39866	Monitor - Client page is stuck in loading with a blue progress bar
CSCwm03016	Controller as Foreign and 8540 as Anchor: Controller ends abnormally pointing to client_orch
CSCwk17102	Controller experiences 4-way handshake failure with missing M1 packet
CSCwm07499	Cisco Catalyst 91xx AP does not rotate awipsd.log causing an upgrade issue "tar: write error: No space left on device"
CSCwk82907	Controller AP join issues are observed due to CPP stale entries caused by qos-template-bind childless objects

Open Caveats for Cisco IOS XE Cupertino 17.9.5


Identifier	Headline
CSCwi51168	FlexConnect setup fails to renew 4-way handshake when Pairwise Master Key (PMK) ID does not match.
CSCwi55714	Controller reboots when handling Cisco Network Mobility Services Protocol (NMSP) Transport Layer Security (TLS) connection.
CSCwi53481	Controller loses SUDI MIC trustpoint when upgrading from Cisco IOS-XE 17.6.4 to 17.9.4a via SDA.
CSCwh63050	Controller with Cisco IOS-XE 17.9.3 sends Internet Group Management Protocol (IGMP) queries with a non-WLC IP address and MAC address.
CSCwi16509	The load balancer server holds an incorrect AP IP address, and stale AP entries are observed.
CSCwi60173	Security Group Tag (SGT) is not applied to wireless client in Software Defined-Access (SDA) fabric.
CSCwi28382	Controller reloads unexpectedly due to Keymgmt: Failed to eapol key m1 retransmit failure. Max retries for M1 over .
CSCwi57179	A client with a static IP is assigned to the wrong VLAN (vlan group) during roaming.
CSCwh18613	Encrypted mesh pre-shared key changes each time the password encryption aes is applied.
CSCwi62934	Cisco Catalyst 9120 AP drops the large frame downstream towards the wireless client.
CSCwi16104	Controller experiences an unexpected reboot in DBM during the Flex VLAN list retrieval.
CSCwi66133	Cisco Catalyst 9130 AP reloads unexpectedly due to kernel panic.
CSCwi42112	Wired clients learn MAC address from the Cisco Catalyst 9124 MAP port.
CSCwi56780	The MAC Authentication Bypass (MAB) is not initiated unless the controller deauthenticates the device.
CSCwi04855	Cisco Catalyst 9115 APs join and disjoin repeatedly with traceback.
CSCwi51025	Cisco Catalyst 9130 AP reloads unexpectedly resulting in kernel panic crash.
CSCwi27380	Media stream feature does not work.
CSCwi29636	Cisco Catalyst 9800-40 Wireless Controller reloads unexpectedly when Cisco IOS-XE 17.9.3 WNCD is down.
CSCwi54064	APs connected to the same controller classify each other as rogue and generate an "AP Impersonation" threat warning.

Open Caveats for Cisco IOS XE Cupertino 17.9.4a

From this release, the list of caveats is displayed using BST tool. When you click the BST link, it opens a separate window and lists the bugs sorted by severity. You can filter it further using the options in the tool.


Identifier	Headline
CSCwh37783	Lobby admin page does not load in the controller.

Click on the following link to view the other Open Caveats: BST Link

Open Caveats for Cisco IOS XE Cupertino 17.9.4

Click on the following link to view the Open Caveats: BST Link

Open Caveats for Cisco IOS XE Cupertino 17.9.3


Identifier	Headline
CSCwa67566	Cisco Catalyst 9800 Series Controller/AireOS parity: Rejects clients with wrong PMKID when changing AKM from FT to dot1x to FT again.
CSCwc06025	Mesh APs cannot associate to Root AP after disabling 'Backhaul Client Access' on IW9167EH Root AP.
CSCwc76174	Client download to DP failed and floods the sytandby console with Traceback @cpp_wlclient_create.
CSCwd31523	Flex WLAN provisioning is failing on C9800-CL hosted on Azure.
CSCwd46815	EAP-TLS is failing for the wired clients behind MAP for Cisco 2800, 3800, 4800, 1562, 6300 series APs.
CSCwd56391	Controller is not providing RSSI location data for some of the RFID tags in database.
CSCwd79502	Controller is tracking stale entry due to anchored client getting IPv4 and IPv6 in different VLANs.
CSCwd86288	Load average warning is displayed even when Cisco Catalyst 9800-80 Series Controller is healthy.
CSCwd90742	Cisco Catalyst 9120AX AP kernel crash - PC is at rhb_del_interface+0xc.
CSCwd91054	COS-APs are not encrypting EAP_ID_REQ after M1-M4 and not updating PMKID for dot1x OKC.
CSCwd96484	Controller reloads unexpectedly after generating "wncd" core files.
CSCwd98332	Controller reloads after failing to match the interface ID in the anchor message.
CSCwe04602	Cisco Catalyst 9120 AP fails to forward traffic to wireless client for about 60 seconds.
CSCwe07802	Cisco APs such as 2800, 3800, 4800, and 1562 are dropping upstream EAP packets.
CSCwe11315	Cisco Catalyst 9164 and 9166 APs running Cisco IOS-XE 17.9.2 is facing DFS detections in all channels.
CSCwe11747	Cisco Catalyst AX Series APs are decoding EAP request ID incorrectly.
CSCwe14729	Controller reloads due to memory corruption when processing DHCP Reply Option82.
CSCwe16892	Traceback and reload occurs after detecting a bad magic number in chunk header.
CSCwe18012	Standby controller crashes while saving tbl QoS table.
CSCwe22861	AID leak is observed in Flex COS APs.
CSCwe25446	Unexpected reboot due WNCD.
CSCwe25610	Client delete initiated. Reason: CO_CLIENT_DELETE_REASON_REMOTE_MOBILITY_DELETE - Mobility Local.
CSCwe30473	Radio firmware crash is observed due to a frozen rc queue.
CSCwe31030	Cisco Catalyst 9105AXW AP is crashing.
CSCwe31270	Clients stop passing traffic when there is a missing bandwidth limit AAA attribute on the controller.
CSCwe32005	Cisco Catalyst 9130 AP: Packet loss is observed on Digital Signage device.
CSCwe38431	Controller is re-marking SIP packets from CS3 to CS0 in upstream/downstream when voice cac is configured.
CSCwe39039	Traceback is observed after provisioning controller from Cisco DNA Center.
CSCwe42211	EWC time offset is not updated on GUI.
CSCwe42302	IRCM Mobility client is deleted silently after a profile name mismatch.
CSCwe43294	Cisco Catalyst 9105AXW AP and Cisco Aironet 1815W Flex RLAN AP does not apply VLAN in the ethernet port after AAA vlan override.
CSCwe44216	AP crash is observed due to kernel panic (PC is at vfp_reload_hw+0x30/0x44).
CSCwe44991	Cisco Catalyst 9105AX AP: Kernel panic crash is observed.
CSCwe45300	Cisco Catalyst 9120 AP: Sending Msg:2 in mode:2 to hostapd failed.
CSCwe45894	AP are not forwarding IGMPv3 query to wireless clients.
CSCwe45970	APs are stuck in UBOOT.
CSCwe49267	Controller is not sending GTK M5 packet to 8821 after FT roaming between wncds.
CSCwe49356	Cisco Catalyst 9136 AP Kernel Panic: Unexpected reload csd_lock_wait+0x10/0x18.
CSCwe50033	Cisco Catalyst 9120AX AP: Clients are continuously disconnecting if more than 10 clients are using MS TEAMS.
CSCwe61084	Pubd crash is seen while performing ISSU upgrade from 17.3.7 to 17.9.3.

Open Caveats for Cisco IOS XE Cupertino 17.9.2


Caveat ID	Description
CSCwc24994	Cisco Aironet 3800 Access Point ends abnormally due to kernel panic.
CSCwc32182	Cisco Aironet 1852 Access Point experiences radio firmware crash.
CSCwc49992	Timeout during Direct Memory Access (DMA) transaction causes kernel panic in Access Point.
CSCwc75732	Cisco Aironet 4800 Access Point experiences firmware radio crash in Cisco IOS-XE 17.3.5b release.
CSCwd05213	Kernel panic crash observed when gRPC server process is executed.
CSCwd05689	Cisco Catalyst 9124 Access Point AXI RSSI is 7 dBm to 8 dBm weaker at a distance compared to other Access Point models.
CSCwd08068	Cisco Aironet 1815W Access Point crashes due to OOM when wcpd process hogs the memory.
CSCwd10570	Cisco Catalyst 9130 Access Point displays different beacon data-rates for different Basic Service Set Identifiers (BSSIDs).
CSCwd22017	Apple iOS devices are deleted due to IP Learn timeout.
CSCwd26693	The N+1 High Availability setup for FlexConnect access points is not working.
CSCwd30828	Cisco Catalyst 9120 Access Point crashes and reloads due to kernel panic.
CSCwd33981	Kernel panic crash is observed when PC is at "cpuidle_not_available".
CSCwd35577	Double bit ECC error causes the standby controller to reload.
CSCwc64201	Cisco Catalyst 9105 Access Point experiences communication gaps when working as a workgroup bridge (WGB).
CSCwc87688	Cisco Catalyst 9120 Access Point randomly displays high noise level in 5-GHz radio.
CSCwd03803	Cisco Aironet 1815I Access Point reboots when PC is at edma_poll or LR is at dma_cache_maint_page.
CSCwd20476	Wireless peers are unable to reach each other when passive client is enabled.
CSCwd21996	Cisco Catalyst 9120 Access Point experiences CleanAir sensor crash.
CSCwd22430	Access Points fail to view the backup image after using the "archive download-sw" command.
CSCwd25931	Wireless client does not receive IPv6 RA from wired FlexConnect local Dynamic Host Configuration Protocol (DHCP).
CSCwd28109	Cisco Catalyst 9130 Access Point experiences high latency or packet drops during TFTP.
CSCwd32900	Cisco Catalyst 9120 Access Point drops M4 during four-way handshake.
CSCwd34908	Dynamic Channel Allocation (DCA) debug in the controller does not display Slot 2 when nearby Access Point uses channel 36.
CSCwd36187	Controller does not regularly send license sync report to Cisco Smart Software Manager (CSSM).
CSCwc97199	Re-association request processing is delayed between the driver and wcp.

Open Caveats for Cisco IOS XE Cupertino 17.9.1


Caveat ID	Description
CSCwb70620	WPA TKIP client is unable to join due to mic error from client.
CSCwc00005	Cisco Catalyst 9136 AP: Auto-RF on the controller is reporting lower interference when rogue is using 40/80 MHz bandwidth.
CSCwc05366	Wireless AAA dynamic VLAN assignment: Clients cannot reach each other.
CSCwc15944	Cisco Catalyst 9800-L: Multicast traffic is not forwarded from wireless system to wireless clients.
CSCwc24994	Cisco AireOS 3800 series AP is crashing due to kernel panic.
CSCwc25974	Cisco Catalyst 9136 AP: Traffic running on AP itself is seen as interference on adjacent channels.
CSCwc28757	Cisco AireOS 3800 series AP: Radio crashes on Slot 0.
CSCwc30314	Cisco AireOS 4800 series AP is sending upstream DHCP packets in CAPWAP when in FlexConnect local switching local DHCP.
CSCwc31406	Stale entries in device-tracking database is causing false IP theft for IPv6 addresses.
CSCwc32182	Cisco AireOS 1852 AP: Radio firmware crash is observed.
CSCwc32360	Controller is deleting clients due to IP theft detection.
CSCwc39384	Cisco Wireless 9164 AP crashes @ PC is at cnss_wait_for_fw_ready+0xd4/0x118.
CSCwc41616	Cisco Catalyst 9105 AP: Crash is observed due to kernel panic.
CSCwc46702	Cisco Catalyst 9800-L: Crash is observed with reason critical process wncd fault on rp_0_0 (rc=134).
CSCwc60273	The AAA dashboard of Cisco DNA Centre does not display any AAA transaction data after the software upgrade.

Resolved Caveats for Cisco IOS XE Cupertino 17.9.6


Caveat ID	Description
CSCwh95938	SCB Mismatch - radio core is generated during longevity test with Cisco Catalyst 9105 AP
CSCwk61854	CAPWAP session manager ends abnormally - config update fails when AP is in delete pending state
CSCwj08367	Controller ends abnormally and signature displays a segmentation fault with IGMP snooping process
CSCwb71444	Controller UI needs support for Webauth banner title or text delimiter input
CSCwj39057	Cisco Catalyst 9130 AP experiences traffic loss and delays due to perceived channel utilization and interference
CSCwi43325	Cisco Aironet 1852 or Cisco Catalyst 9115 AP ends abnormally due to Systemd critical process
CSCwk69128	The 6-GHz radios from Cisco Catalyst 9136 AP report RF neighbors at very low levels
CSCwj01916	Cisco Catalyst 9162 AP in FlexConnect mode constantly disjoins the controller in Cisco IOS XE Dublin 17.12.2
CSCwi96176	Cisco Catalyst 9130 and 9166 APs display high channel utilization with one single client connected
CSCwj86938	Controller experiences memory leak in scale network when telemetry sends client events to Cisco DNA Center
CSCwi99566	Cisco Catalyst 9124AXI AP ends abnormally when channel 36 is not supported in Jordan regulatory domain
CSCwj72370	Controller uses incorrect username for show platform command when logging in to the GUI
CSCwj55168	Kernel ends abnormally on multiple Cisco Catalyst 9130 AP in Cisco IOS XE 17.9.5 CCO image
CSCwe11889	Authenticated APs support only EAP-TLS certificate renewal after the certificate validity has fully lapsed
CSCwi88990	Enabling SRG OBSS PD on controller crashes only Cisco Catalyst 9166 series AP
CSCwi91970	Transmission stuck issue is observed when radar is detected in Cisco Catalyst 9120 AP
CSCwk58876	Multiple Cisco Catalyst 9166 APs reload with reload reason as Kernel Panic
CSCwj82898	Not able to onboard Cisco Catalyst 9800-CL on Cisco DNA Spaces
CSCwi61968	Cisco Aironet 1815 AP ends abnormally due to capwapd process
CSCwj26848	AP to check DELETE_VAP_PAYLOAD CAPWAP payload sanity before blindly deleting
CSCwi27380	Video traffic issue is observed in best-effort only for WGB wired clients
CSCwj15376	Controller experiences multiple NMSP security protocol problems
CSCwi96508	AP with SKC roam causes client deletion with reason INVALID_PMKID
CSCwi64652	AX APs running IoT Application do not reset BLE interface after 100 attempts
CSCwi94248	AP ends abnormally on dump mutx command
CSCwj97748	Cisco Catalyst 9130 AP expereinces Kernel Panic with PC at _raw_spin_locK/LR wlan_objmgr_peer_try_get_ref
CSCwi21444	AP traps are not updated to Cisco DNA Center when AP joins the controller with a misconfigured state
CSCwk22550	Cisco Catalyst 91xx APs experience slow speeds after modifying WLAN configuration
CSCwi48980	Controller local password policy does not take effect as expected for GUI login
CSCwj09698	Controller experiences unexpected reset in wncmgrd with a scaled setup and managed by the Meraki Dashboard
CSCwj93906	Cisco Catalyst 9120 AP\|\| Sending Msg:2 in mode:2 to hostapd failed
CSCwi35946	Cisco Catalyst 9120 AP experiences Kernel Panic when PC is at wlc_bmac_suspend_mac_and_wait+0x3c/0x488
CSCwj79545	Controller experiences unexpected wncd process reboot due to assertion failure with invalid BSSID
CSCwh74415	FlexConnect local switching APs do not work with Per client rate limit
CSCwk52996	Cisco Catalyst 9120 CAPWAP restarts with radio crash on wlc_bmac_suspend_mac
CSCwi88967	Cisco Catalyst 9120 APs crash and reload due to PSM microcode watchdog
CSCwj49502	Cisco Catalyst 9115 AP ends abnormally on process capwapd
CSCwj60910	RRM message mismatch is observed between controller and PI report.
CSCwj67158	Controller does not send ADD mobile to AP after CoA is received and client is in ip learn state for dot1x SSID
CSCwj00465	Active controller becomes ActiveRecovery when RP link is down in Cisco IOS XE 17.9
CSCwi99296	Cisco Catalyst 9120 AP experiences Kernel panic when PC is at wlc_bmac_suspend_mac_and_wait+0x3c/0x488
CSCwi95945	GTK is not plumbed to driver with a GTK rekey
CSCwi64010	Controller accepts reserved IPv6 multicast address to be configured as Mobility Multicast IPv6 address
CSCwi07401	Unexpected reboot occurs in the controller while collecting wireless client statistics
CSCwj42408	Posturing flow does not work in the controller while PMF is optional
CSCwj30416	AP does not delete the stale client entry and never responds back to the client dot11 authentication
CSCwi69251	Cisco Catalyst 9800-40 Series Wireless Controller running Cisco IOS-XE 17.12.2 starts failing frequently
CSCwj34460	AP ends abnormally due to kernel panic when PC is at wlc_txhinfo2bandunit
CSCwi67013	Cisco Aironet 2800 AP is unable to set channels (52, 120, 124, 128) in AP2800-T domain
CSCwi69093	Controller GUI displays incorrect number of clients attached in AP
CSCwj75409	Cisco Catalyst 9124 or 9130 AP experiences Kernel crash due to mlme_vdev_subst_start_restart_progress_event
CSCwi52692	New out-of-box Cisco Catalyst 9130, 9136, or 916x APs reboots continuously with 9300H upoe+ switch
CSCwj94201	Controller ends abnormally due to CPU hog and watchdog timeout by IGMPSN process
CSCwj26196	Controller ends abnormally due to Keymgmt: Failed to eapol key M1 retransmit failure. Maxium retries for M1 is over
CSCwi96089	AP does not plumb keys after session timeout reauthentication
CSCwk17667	Controller reboots due to high ODM memory consumption
CSCwi28174	L3 Multicast packets are sent in native VLAN if VLAN ID is 1 in policy profile with AAA override Flex local switching
CSCwj53332	Cisco Catalyst 9136 and 9164 APs OOM stops responding multiple times
CSCwk44459	AP experiences load balancer server holding wrong IP address and stale AP entries
CSCwk20436	APs not applying MGID for broadcast or multicast traffic AAA override for clients behind WGB
CSCwk07124	RLAN configuration using Controller GUI sets 802.1x Timeout to invalid values
CSCwi47294	Comtroller changes - Per client rate limit with flex connect local switching APs does not work
CSCwk02633	An RSA keypair is configured in the trustpoint configuration when a EC keypair is selected while creating a trustpoint in the controller
CSCwh81071	Cisco Catalyst 91xx APs Country for Radio Slot 0 or 2 displays Blank or NA
CSCwi92913	False radar detection is observed in Cisco Catalyst 9105 and 9115 APs
CSCwj10697	EWC image upgrade fails in Cisco Catalyst 9124 AP
CSCwj38728	Syslogs timestamps does not match the internal clock of AP
CSCwj48018	Cisco Catalyst 9105 AP experiences Kernel panic crash when PC is at wlc_ampdu_dotxstatus+0x5c/0x5cc
CSCwj42847	Cisco Catalyst 9120 AP experiences Kernel Panic crash in PSM watchdog CS00012342194
CSCwi56780	The MAB cannot be initiated unless the device is deauthenticated
CSCwk54291	Controller voice CAC bandwidth is not cleared
CSCwj13190	Inventory displays 'Internal Error' for Controller in Catalyst Center
CSCwi72191	Updating of IPv6 routes in AP when AP moves from one VLAN to another
CSCwj72298	Cisco Catalyst 9120 AP experiences kernel panic when PC is at pci_generic_config_read + 0x34/0x20
CSCwj20953	Cisco Catalyst 9130AX APs in FlexConnect mode stops responding due to kernel panic.
CSCwk00429	Cisco IOx application starts after reboot but never reaches RUNNING state
CSCwi04855	APs disjoin the controller repeatedly with traceback
CSCwi42112	The MAC address of wired clients are learnt from the Cisco Catalyst 9124 MAP port
CSCwj98859	APs continue to use IP addresses after sending the DHCP release
CSCwk28680	Controller reloads unexpectedly due to Cisco QuantumFlow Processor (QFP) ucode while updating the drop statistics
CSCwj40202	Controller does not send RADIUS account message when client sends subsequent association request before client is moved to RUN
CSCwj33376	Incorrect selection of APs in load balancing
CSCwi83124	Pop-ups are not displayed correctly in dark mode in the controller
CSCwj77128	URL filter allows only letters as the first character
CSCwj36962	Controller reboots unexpectedly due to invalid QoS parameters
CSCwj26808	AP stops responding due to wlc_bmac_tx_fifo_sync
CSCwk36229	Controller does not send M1 packet when client reconnects after an EAP_TIMEOUT
CSCwk74269	SNMP query with bsnAPIfTable OID fails for Cisco Catalyst 9166D APs
CSCwj85005	LSC provisioning fails depending on the Subject Name Parameter values
CSCwj83935	Controller displays tech X empty if previous sh tech X term length stop did not complete before SSH closed
CSCwj51379	Kernel panic crash is observed in Cisco Catalyst 916x or 9130 APs
CSCwk70785	AP does not update the MTU value for PMTU probe causing disconnection
CSCwj98534	Cisco Catalyst 9115 APs intermittently stops transmitting the multicast traffic downstream
CSCwj31198	Enables slow recovery by default instead of fast recovery for beacon stuck issue.
CSCwk66729	FlexConnect AP with Client QoS policy changes WLAN-VLAN mapping without manual configuration change
CSCwi57873	TI AP - BLE resets, connect or disconnect times out sometimes
CSCwj92716	Native mode and Cisco IOx app both use IoT uart interface leading to continuous IoT chip resets
CSCwj33979	The show ap summary output takes more than 6+ minutes to complete
CSCwj01962	Cisco IOS XE 17.12.3 Fast transition-over-DS Re-association response fails with reason Unspecified Failure
CSCwk15362	NBAR prints error logs in AP console or syslog server
CSCwj25110	OIDs bsnAPIfStationCountOnRSSI and bsnAPIfStationCountOnSNR reports incorrect values in the controller
CSCwj68763	Enhanced URL missing after Flex AP CAPWAP flap
CSCwk11417	After assigning new WebAdmin cert, ewlc_cert_mgr, SafeC Validation: strncpy_s: does not have enough space
CSCwk27433	Cisco Aironet 2800 AP experiences kernel panic crash when PC is at dumpFwLogs+0x438/0x540
CSCwj34753	MAP reflects back client unicast traffic in the wired port
CSCwi69042	Cisco Aironet 1562 MAP does not join through the RAP using EAP and flex-bridge site tag
CSCwi01382	Controller supports -E domain access points in Gabon
CSCwe93421	Cisco Catalyst 9115 APs intermittently stops transmitting multicast traffic downstream
CSCwj96666	Syntax errors in CISCO-LWAPP-DOT11-MIB
CSCwj06987	AP capwapd.service fails due to watchdog timeout
CSCwj25187	Redundancy details are not populated in GUI for EWC.
CSCwj19805	Cisco Catalyst 9130AX AP experiences BLE 2.7.22 Advertising 0dBm TxPower and chip sync issue during firmware upgrade
CSCwj93153	Controller might reload unexpectedly due to wncmgrd process fault
CSCwh56566	Controller manual flow record parameters cause flow monitor to fail and unable to remove it
CSCwi92439	Cisco Aironet 1815s AP reports high channel utilization in 5-GHz
CSCwi55714	Controller reboots when handling NMSP TLS connection
CSCwh88246	URL filter is not applied after an invalid configuration
CSCwj97107	Standby does not take the active role after reloading the active controller with reload slot X
CSCwk05030	Controller stops responding due to critical software exception
CSCwi54064	APs in the same controller classify each other as Rogue and alert as a threat AP Impersonation
CSCwj88071	Controller sends an invalid XML character (Unicode: 0x4) found in RPC response for ap-model
CSCwj34916	Cisco Catalyst 91xx AP in FlexConnect does not advertise SAE H2E in beacons or probe response causing REASON_KEY_XCHNG_TIMEOUT
CSCwi81972	AP needs to check the DELETE_VAP_PAYLOAD Capwap payload sanity before blindly deleting
CSCwj04904	Cisco Catalyst 9300LM switch is not compatible with Cisco Aironet 1815 WAP + 7945G IP phone connected together in a port
CSCwi16509	Loadbalancer server holds wrong AP IP address resulting in stale AP entries
CSCwi22270	Cisco IOS XE 17.13: Cisco Catalyst 9120 AP experiences radio crash during Longevity run 17.13.0.101
CSCwj93876	Cisco Catalyst 9800-80 Wireless Controller is reloaded with reason "Critical process wncmgrd fault on rp_0_0 (rc=134)"
CSCwj31356	Controller reboots due to RRM process fault
CSCwi93213	Controller marked AAA Server Down after a switchover when using key 6 password encryption

Resolved Caveats for Cisco IOS XE Cupertino 17.9.5


Identifier	Headline
CSCwf92148	The Cisco Catalyst 9120 AP dual 5-GHz radio does not disable High Efficiency (HE) in slot 0, when 11AX and slot 1 HE are disabled in all the configured WLANs.
CSCwc05366	Wireless AAA dynamic VLAN assignment - The wireless clients are unable to reach each other.
CSCwh60483	Cisco Catalyst 9136I APs manufactured between April 2023 and September 2023 display incorrect temperature readings.
CSCwf79175	Wireless clients fail to roam in FlexConnect central authentication with Pairwise Master Key ID (PMKID) mismatch.
CSCwf99932	Cisco Catalyst 9120 AP radio 1 reloads unexpectedly.
CSCwh09642	IP Theft is observed when zone ID is 0x00000000.
CSCwd63620	WNCD reloads unexpectedly in the controller when modifying the RF tag mapping for a RLAN slot.
CSCwh63270	Cisco Catalyst 9130AXI APs reload unexpectedly due to radio failure.
CSCwh71608	Cisco Aironet 1562 MAP is unable to join the RAP using Extensible Authentication Protocol (EAP) and flex-bridge site tag.
CSCwf22246	Cisco Catalyst 9130 APs calculate the management frame count differently across AP chipsets.
CSCwh27366	Cisco Aironet 3800 AP experiences radio firmware crash.
CSCwf13879	Cisco Catalyst 9800-CL Wireless Controller reloads unexpectedly.
CSCwf13107	Cisco Catalyst 9105 AP experiences radio crash during longevity test.
CSCwf96138	Apple iPhone SE third edition experiences roaming failure.
CSCwh81332	Cisco Catalyst 9130 APs experience kernel panic after an upgrade to Cisco IOS-XE 17.6.6.
CSCwh12481	Cisco Catalyst 9130 AXI-E AP does not join the controller with TZ country code.
CSCwh57076	Controller does not forward the broadcast Address Resolution Protocol (ARP) request to the wireless client.
CSCwf53520	Cisco Catalyst 1815 AP ends abnormally due to kernel panic in Cisco IOS-XE Cupertino 17.9.2.
CSCwh14232	Controller does not send the LLC or XID spoofed frames after a mobility event.
CSCwh92425	Cisco Catalyst 9130 or 9136 APs transmit data frames to a client in power save mode.
CSCwh54762	AP experiences kernic panic when SCB is in delete pending state.
CSCwf83292	Cisco Catalyst 9130 APs do not send DHCP offer and acknowledgement over radio interface to the client.
CSCwi22895	Controller ends abnormally when the reload reason is Critical process radio resource management (RRM).
CSCwi08147	Controller GUI does not allow modifying quality of service (QoS) policies when QoS SSID policy is not set in the policy profile.
CSCwf07384	Wired clients behind Cisco Catalyst 9105 AP does not pass traffic.
CSCwf65794	Cisco Aironet 1852 AP reloads unexpectedly due to radio failure.
CSCwh74663	Cisco Aironet 2800, or 3800, or 4800, or 1560, or Cisco Catalyst 6300 APs do not send QoS data frames downstream.
CSCwh29924	Antenna-a does not function properly when ab-Antenna is included in the configuration for Cisco Catalyst 9105, 9115, or 9120 APs.
CSCwf52815	Cisco Wave 1 APs improve PMTU Discovery mechanism to honor the ICMP unreachable MTU value.
CSCwf75646	Controller MIB file to include all coded integer values for cRFStatusLastSwactReasonCode object.
CSCwf44441	Radio firmware ends abnormally in Cisco Catalyst 9162 and 9164 APs.
CSCwh82872	Dataplane issue between the controller and AP causes the association request drop.
CSCwf76119	Clients join using Pairwise Master Key (PMK) cache after Change of Authorization (CoA) and Access-Reject.
CSCwe71996	Cisco Catalyst Center does not display the associated APs.
CSCwh59543	Cisco Catalyst 9120 AP radio firmware and CAPWAP ends abnormally during scale longevitiy.
CSCwf78066	Cisco Catalyst Center users view "No radios in the selected band" message in the floor map.
CSCwf13804	Cisco Catalyst 9120 APs fail to onboard new client associations.
CSCwh56147	Controller does not display the SNMP OID for AP location tag.
CSCwh92459	Controller ends abnormally with wncd fault on rp_0_0.
CSCwf40430	Mobile devices cannot prompt incorrect password in Cisco Catalyst 9130 AP after a change in Private Shared Key (PSK) SSID password.
CSCwh20944	Cisco Catalyst 9120 AP ends abnormally due to kernel panic.
CSCwh70511	Redundancy Management Interface (RMI) flaps with Closed transport communication channel message.
CSCwf32342	Clients are unable to roam successfully and pass traffic in SDA environment.
CSCwi07401	Controller ends abnormally while collecting wireless client statistics.
CSCwh49810	Client loses network access after inter-WNCD roam.
CSCwf88890	Cisco Catalyst 9800-L Wireless Controller GUI is stuck while loading the Monitoring > Wireless > AP Statistics > General page for a specific Cisco Aironet 3800 AP.
CSCwf54827	Wireless client is deauthenticated after an idle timeout.
CSCwh87903	Cisco Catalyst 9120 AP sends authentication response failures for a specific client MAC address.
CSCwh89539	CAPWAP messages are queued for more than x seconds when client throttling is turned ON.
CSCwa16835	Fabric AP and VXLAN tunnel are not updated after the switch virtual interface (SVI) MAC change.
CSCwh63050	Controller running Cisco IOS-XE 17.9.3 sends IGMP queries without controller IP and MAC addresses.
CSCwh62342	AP in FlexConnect mode as mDNS gateway does not respond correctly when Location Specific Services (LSS) filter is enabled in 5-GHz band.
CSCwh31966	Controller ends abnormally during a database abort in WNCD process.
CSCwf93992	Cisco Aironet 2800 AP in FlexConnect mode does not process the EAP-TLS fragmented packets beyond a delay of 50milliseconds.
CSCwf81866	Radio 0 workgroup bridge (WGB) configuration is not backed up correctly during a TFTP backup configuration.
CSCwf63818	Cisco Aironet 1832 AP with Cisco IOS-XE Cupertino 17.9.2 version ends abnormally due to kernel panic.
CSCwh58099	Controller allows client reconnection after client deletion and Change of Authorization (CoA) termination.
CSCvx90714	The show interface status command displays maximum link speed in the auto-negotiation port.
CSCwf83132	Controller does not send 802.11r mobility payload when changing the wireless mobility group name.
CSCwh20306	FastLocate feature is disabled automatically when Cisco Advanced Wireless Intrusion Prevention System (aWIPS) is enabled.
CSCwh87343	Controller GUI experiences privilege escalation vulnerability.
CSCwi08442	APs do not join the controller when CBAR is enabled.
CSCwf32806	Controller experiences unexpected reload with "Critical process wncd fault on rp_0_0 (rc=134)".
CSCwf84639	Cisco Catalyst 9120 AP in XOR mode is not updated in radio_oper_data database.
CSCwi07094	Apple client does not connect to Flex WPA2+WPA3 SSID when Simultaneous Authentication of Equals (SAE) is enabled and Opportunistic Key Caching (OKC) is disabled.
CSCwi06785	Controller does not send Gratuitous ARP (GARP) in IPv4 or Neighbor Advertisement (NA) in IPv6 for wireless client in RUN state after switchover.
CSCwf59348	Cisco Catalyst 9105, 9115, and 9120 APs set the maximum transmit power level to -128dBm in Country IE.
CSCwh09879	Wave1 APs in FlexConnect mode do not allow clients to connect and sends association-response failure after changing country code.
CSCwh75431	Cisco Aironet 1830 or 1850 APs report false high channel utilization causing performance issues across 5-GHz band.
CSCwh17592	Cisco Catalyst 9130AXI AP slot 1 does not announce HT(802.11an), VHT(802.11ax) and HE(802.11ax) capabilities when dual-radio is enabled.
CSCwh30078	Cisco Aironet 1852 AP ends abnormally during throughput testing.
CSCwh88100	Cisco Aironet 3800 AP experiences kernel panic with PC at skb_unlink+0x40/0x54.
CSCwf92519	AP power profile status displays unexpected "Insufficient De-rating".
CSCwf04815	Coverage Hole Detection reduces the transmission power in Slot 0 and 1 of AP.
CSCwh02698	Controller sends incomplete Scalable Group Tag (SGT) information to Cisco ISE.
CSCwf87281	Controller ends abnormally due to unexpected reload in the Wireless Network Controller Daemon (WNCd) process.
CSCwd68141	The show wireless wps rogue ap detail command does not show the rogue client containment details.
CSCwh27425	Cisco Catalyst 9115AX AP does not forward a part of the CAPWAP data packets to the uplink direction.
CSCwh93655	2.4-GHz or 5-GHz radios stream both 2x2 when Cisco Catalyst 9120 AP is in critical condition.
CSCwh08892	Controller GUI displays blank page after the User Login page.
CSCwh59048	Controller supports -A domain access points in Guatemala (GT) country.
CSCwh93462	The show wireless stats ap loadbalance summary command displays a negative value for joined or discovered APs.
CSCwe24263	Cisco Catalyst 9130 AP experiences inconsistent transmission power levels advertised in Country information of beacon frames.
CSCwf62051	AP reloads unexpectedly due to kernel panic when multicast DNS (mDNS) is enabled.
CSCwh35072	Cisco Aironet 3800 AP reloads unexpectedly due to FIQ or NMI reset.
CSCwh99036	Controller reloads unexpectedly when WNCd ends abnormally while processing the supported AP channels.
CSCwh61011	Cisco Catalyst 9120 and 9115 APs unexpectedly disjoins from the controller and does not establish DTLS again.
CSCwh68360	Cisco Catalyst 9120 AP ends abnormally due to kernel panic.
CSCwh59420	Cisco Catalyst 9136 AP ends abnormally in Cisco IOS-XE Cupertino 17.9.4.
CSCwh50681	New SSID arp0v0 is broadcasted only after a Cisco IOS-XE Cupertino 17.9.3 wireless upgrade.
CSCwe81775	Apple devices are not deleted after sending Extensible Authentication Protocol (EAP) logoff messages.
CSCwh59109	Controller reloads due to critical process WNCd fault.
CSCwf69377	Controller IOSd ends abnormally in span_db_port_bl_to_port_list with an ERSPAN source update.
CSCwh68768	Controller fails to create a Flex WLAN using the Basic Wireless Setup in public cloud.
CSCwi03442	Cisco Catalyst 9130 AP does not honor the Unscheduled automatic power save delivery (U-APSD) trigger frame causing real-time protocol (RTP) stream disruption.
CSCwh08625	Cisco Catalyst 9120 APs end abnormally due to kernel panic when PC is at _raw_spin_unlock.
CSCwh20334	The change-of-authorization (CoA) server key appears blank in the controller GUI.
CSCwh49406	Cisco Catalyst 9130 AP displays excessive CleanAir syslogs.
CSCwh33190	Cisco Catalyst 9115 AP ends abnormally due to kernel panic.
CSCwi10656	New clients fail to join when IO IDs are exhausted due to high volume of clients in webauth pending state.
CSCwf50558	Disabling dynamic channel allocation (DCA) aggressive in 5-GHz does not take effect.
CSCwh61007	Controller ends abnormally when it provisions multiple APs.
CSCwh33056	Policy tag description are automatically deleted when deleting a WLAN from a location.
CSCwf83515	Inconsistent transmission power levels advertised in Country information of beacon frame causes client-side issue.
CSCwh68219	Clients fail to authenticate via 802.1x using EAP-TLS.
CSCwe58841	Cisco Catalyst 9136 AP does not support Power over Ethernet (PoE) negotiations on both the ports.
CSCwe42200	RADIUS server with fully qualified domain name (FQDN) does not update properly during Domain Name Service (DNS) periodic update.
CSCwf64009	Cisco Aironet 1815 AP leaks RLAN VLAN traffic with looped port.
CSCwh88246	URL filter is not applied after an invalid configuration.
CSCwh45418	Cisco Catalyst 9124 AP sends incorrect duplex information through CDP.
CSCwf60519	Clients performing inter-WNCD roaming using 802.11r fails due to invalid Pairwise Master Key (PMK) ID.
CSCwh76420	Controller ends abnormally when performing an In-Service Software Upgrade (ISSU) upgrade.
CSCwh44793	Cisco Catalyst 9130 AP fails to join the controller and sets Fast Transition data in BSSID after modifying the site tag.
CSCwh20934	Cisco Wave 2 APs reboot repeatedly with Systemd critical process crash.
CSCwe70039	Client gets stuck in authentication loop after an N+1 High Availability switchover.
CSCwf86242	Controller reloads unexpectedly when CAPWAP window size is set to 0.
CSCwi22847	Cisco Catalyst 9800-80 Wireless Controller ends abnormally after receiving analytics from AP.
CSCwh37783	Controller GUI does not load the Lobby Admin page.
CSCwh22981	WNCD process ends abnormally.
CSCwh21092	Controller ends abnormally generating a system report with two core files (cpp_cp_svr and cpp-mcplo-ucode).
CSCwf68612	Controller reloads unexpectedly due to segmentation fault in WNCd process.
CSCwf30701	Cisco Aironet 2800 and Cisco Catalyst 9120 APs as supplicant cannot initiate the Extensible Authentication Protocol (EAP) process without a static IP address.
CSCwh29442	Cisco Catalyst 9800-40 Wireless Controller ends abnormally after In-Service Software Upgrade (ISSU) upgrade to Cisco IOS-XE 17.9.x.
CSCwf83278	Client traffic fails with N+1 when AP sends CLIENT_DEL_STOP_REASSOC.

Resolved Caveats for Cisco IOS XE Cupertino 17.9.4a


Identifier	Headline
CSCwh87343	Cisco IOS XE Software Web UI Privilege Escalation Vulnerability For more information, see Security Advisory: cisco-sa-iosxe-webui-privesc-j22SaA4z.

Resolved Caveats for Cisco IOS XE Cupertino 17.9.4


Identifier	Headline
CSCwf42824	Cisco Catalyst 9105AXW APs do not recover after an upgrade.
CSCwe38431	Controller remarks SIP packets from CS3 to CS0 in upstream or downstream when voice Channel Availability Check (CAC) is configured.
CSCwe87973	Cisco Aironet 3800 AP reloads unexpectedly due to FIQ or NMI reset.
CSCwd46815	Cisco Wave 2 APs: EAP-TLS fails for wired clients behind MAP.
CSCwf34100	When Samsung device (Galaxy Tab S6 Lite - P610K) tries to associate with a Cisco AP, AP sends association rejected with status code 40.
CSCwd79502	Device tracking stale entries are observed when FlexConnect and foreign anchor SSIDs use two different VLANs.
CSCwe92340	Cisco Catalyst 9136I-ROW AP ends abnormally due to kernel panic.
CSCwe82892	Client connected to flexconnect APs with profile policy is assigned to VLAN 1 instead of native VLAN.
CSCwe17593	Cisco Catalyst 9115 AP stops sending traffic to the root AP after 60 seconds from its initial connection.
CSCwf44483	The Cisco Catalyst 9120AXI 5-GHz radio AP remains operationally down when -A domain AP joins the controller for country Panama (PA).
CSCwf04748	AP reloads unexpectedly due to CALLBACK FULL reset radio.
CSCwd60034	Cisco Aironet 3800 AP radio reloads unexpectedly when the beacon is stuck.
CSCwe25446	Controller reboots unexpectedly due to wncd process.
CSCwe85742	Controller clears PMK ID when it fails to ressurect client entry upon N+1 AP failover.
CSCwe14729	Controller might reboot due to memory corruption when processing DHCP Reply option 82.
CSCwe04602	Cisco Wave 2 AP fails to forward traffic to wireless client for about 60 seconds in SDA fabric WLANs.
CSCwe11213	Cisco Catalyst 9130 AP crashes due to radio recovery failure.
CSCwe30473	Cisco Wave 2 AP Radio firmware reloads unexpectedly when RC queue is stuck.
CSCwe49267	Controller does not send GTK M5 packet to Cisco IP Phone 8821 after fast transition roaming between wncds.
CSCwe66216	Cisco Catalyst 9136 AP experiences mac-flap notification when interface speed is set to 1000.
CSCwe73758	Cisco Catalyst 9115AX AP is unable to send beacons in 5-GHz radio.
CSCwe73403	DHCP Option 82 is not added in WLAN with EoGRE tunnel when SVI interface is down.
CSCwe11315	Cisco Catalyst 9164 and 9166 APs running Cisco IOS-XE 17.9.2 experiences DFS detections in all channels.
CSCwe67580	CAWAP DATA tunnel is not formed between OEAP and controller after changing the public IP.
CSCwd91054	Cisco Wave 2 AP do not encrypt EAP_ID_REQ after M1-M4 and update PMKID for dot1x Opportunistic Key Caching (OKC).
CSCwe81552	Transmit Power Control (TPC) does not work as expected in the secondary radio operating in 5-GHz band.
CSCwe56266	RRM crash is observed during bootup in the controller.
CSCwe76818	Cisco Catalyst 9800-80 Wireless Controller - Syslog configuration does not reflect in the AP.
CSCwf29742	Cisco Catalyst 9120 AP: Firmware crashed is observed when multicast and longevity is run with 80+ clients after 12 hours.
CSCwe66515	Cisco Catalyst 9136 AP does not register with M2 response from client.
CSCwe74874	Cisco Catalyst 9120 AP randomly crashes due to kernel panic.
CSCwf33623	Cisco Catalyst 9162I AP radios experiences operational status down when AP is operating in 802.3af (default mode).
CSCwe07802	Cisco Wave 2 APs drop upstream Extensible Authentication Protocol (EAP) packets.
CSCwe01579	wncd reloads when creating an RRM client coverage in a large scale setup.
CSCwe74653	Cisco Wave 2 APs do not send the DELETE reason to the controller resulting in stale entries.
CSCwe18012	Crash is observed in standby controller while saving the QOS table to standby.
CSCwf07605	Cisco Catalyst 9105AXW AP and Cisco Aironet 1815W Flex RLAN AP does not apply VLAN in the ethernet port after AAA VLAN override.
CSCwe66730	Dynamic Channel Assignment (DCA) assigns wrong channels after Dynamic Frequency Selection (DFS) events.
CSCwf15582	AP radio reloads unexpectedly when the beacon is stuck.
CSCwe62694	wncd goes into infinite loop in customer network with 382 APs.
CSCwe91394	Aeroscout T15e tags do not report the temp data due to extra bytes.
CSCwe70970	Need an option to prioritize KeepAlives in the redundancy port for High Availability SSO deployment.
CSCwf44027	The username is randomly missing for wireless 802.1x clients in the controller GUI or console.
CSCwf50177	Cisco Catalyst 9105AXW AP detects large number of bad blocks.
CSCwe39888	RRM process crashes while running Dynamic Channel Assignment (DCA) algorithm.
CSCwf07264	WNCd reloads unexpectedly when accessing the Crimson database.
CSCwe27839	Kernel panic is observed in Cisco Catalyst 9120 AP during Longevity test.
CSCwe67810	Cisco Wave 2 APs in Flexconnect standalone mode disconnects clients on DHCP renewal every 18 minutes.
CSCwe55390	Cisco Aironet 3802 AP experiences buffering when UP6 or voice traffic is less than 500ms after Spectralink phone roam causes audio issues.
CSCwe99957	Controller does not respond to keepalive from AP after an AP disconnect.
CSCwe80617	Wireless clients are unable to connect to Cisco Aironet 1830 AP after input or output error message.
CSCwb51757	High channel utilization on 5-GHz radio when channel bonding is set to 40 MHz.
CSCwf54714	Controller reloads unexpectedly.
CSCwe30429	Cisco Catalyst 9800-L Series Wireless Controller displays last reload reason as 'reload' instead of "Critical process wncd fault".
CSCwe35285	Controller deletes client. This could be triggered by CSCwd91054 fix.
CSCwf71255	Client traffic fails after AP N+1 failover and policy update.
CSCwd72847	Cisco Catalyst 9115 AP stops transmitting multicast traffic downstream.
CSCwf55303	Active controller reboots when RP link comes up.
CSCwe53639	Controller is sending high volume of messages matching 'brain: +(awk\|sed)'.
CSCwd56391	Controller is not providing Received Signal Strength (RSSI) location data for some of the RFID tags in database.
CSCwf22225	Cisco Catalyst 9120 AP: Standardize calculation of management frame count across AP chipsets.
CSCwf42629	VLAN group supports static IP clients when dot1x SSID have Security Group Tag (SGT) via AAA override.
CSCwe00848	Cisco Catalyst 9105 AP reloads unexpectedly.
CSCwe15338	Cisco Catalyst 9120 AP: Tx is stuck and AP does not respond to client's probe or authentication.
CSCwe07297	Cisco Catalyst 9120 AP reloads unexpectedly due to radio firmware crash.
CSCwc49970	Channel 165 is not allowed on Cisco Aironet 2800, 3800, 4800 APs.
CSCwe92462	Client Data Rate chart is skewed by management rate rather than data rate.
CSCwf09008	Cisco Catalyst 9800-L Series Wireless Controller crashes with last reload reason: Critical process wNCD fault on rp_0_0 (rc=139).
CSCwe32853	Cisco Catalyst 9124AXI AP is not forwarding Remote LAN (RLAN) traffic to the upstream network.
CSCwd98332	The controller undergoes a reload when the interface ID in the anchor message does not match.
CSCwe71081	macOS Setup Assistant: Guest issue is observed.
CSCwe84267	Cisco Wave 2 AP in flex N+1 failover mode doesn't transmit first CAPWAP data keepalive.
CSCwf67316	The Cisco 2800, 3800, 4800, 1560, IW6300 series APs may not detect radar in the required levels after the CAC time.
CSCwe82287	AP prevents a Protected Management Frame (PMF) Wi-Fi Protected Access Version 3 (WPA3) client from associating after the client initiates self-deauthentication.
CSCwe30572	Cisco Wave 2 AP is leaking Network Address Translation (NAT) IP from iOX app.
CSCwf45495	Cisco Catalyst 9130 AP fails to start CAPWAP as interface is reset every 52s during DHCP process.
CSCwf11117	Cisco Catalyst 9120 AP: Root AP deauthenticates workgroup bridge (WGB) continuously after a roam.
CSCwe95127	Controller is providing incorrect data for certain APs in response to the SNMP query bsnAPIfDot11BSSID.
CSCwe76817	CAPWAP Maximum Transmission Unit (MTU) discovery issue is reported on APs.
CSCwe91264	AP reloads unexpectedly when PC is at get_partial_node.isra.
CSCwd68141	Rogue containment LRAD is not shown in the output of the show wireless wps rogue ap detail command.
CSCwe19858	Cisco Catalyst 9130 AP advertises incorrect local power constraint value in management frames.
CSCwe17920	Cisco Catalyst 9124 AP is not forwarding traffic to workgroup bridge (WGB) after a session timeout.
CSCwf14803	Controller web UI menu displays cryptic feature names after upgrade.
CSCwe74895	Controller crashes when running AP packet capture.
CSCwf22788	The show wireless client summary detail command output is not showing all IPv6 addresses.
CSCwf88588	The AP manager experiences a crash while performing an ISSU upgrade to version 17.9.3, leading to the controller entering a boot loop.
CSCwd41463	Access points intermittently stop sending Internet Group Management Protocol (IGMP) membership report.
CSCwf09259	AP LED flash is automatically turning on after a reboot.
CSCwf57471	Enabling Application Visibility and Control (AVC) on wireless policy profiles containing special characters results in the web UI entering a hung state.
CSCwe42302	The Inter-Release Controller Mobility (IRCM) client is deleted silently after a profile name mismatch.
CSCwe45553	Revise the error message displayed during one-shot AP Service Pack (APSP) installation to enhance clarity.
CSCwd86288	Load average warning is displayed even when Cisco Catalyst 9800-80 Series Wireless Controller is healthy.
CSCwe18185	Day 0 factory image for new out of the box Cisco Catalyst 9130 AP (VID03) does not contain iox.tar.gz.
CSCwf71906	Controller is not plumbing IPv4 address in IP Source Guard (IPSG) datapath on Central Web Authentication (CWA) SSIDs for clients having single IPv4 address.
CSCwd08068	Cisco Aironet 1815W AP crashes due to Out of Memory (OOM); WCPD is causing Out of Memory in 8.10.171.0 (MR7).
CSCwe63089	The LEDs on the APs are sporadically changing to a white color.

Resolved Caveats for Cisco IOS XE Cupertino 17.9.3


Identifier	Headline
CSCvx32806	COS-APs are stuck in bootloop due to image checksum verification failure.
CSCwb72924	FlexConnect client is intermittently unable to reconnect to an AP.
CSCwc10696	Regular ASR support field is disabled for supporting clients.
CSCwc24994	Cisco Aironet 3800 series AP crashes due to kernel panic (PC is at vfp_reload_hw+0x30/0x44).
CSCwc32182	Cisco Catalyst AP 1852: Radio firmware crash is observed.
CSCwc54410	Controller HA dual active scenario is observed when standby controller is reconnecting to HA pair.
CSCwc55632	Cisco Catalyst 9124 MAP fails to connect to Cisco Aironet 1562 RAP after first reload of MAP.
CSCwc75732	Cisco Aironet 4800 AP: Firmware radio crash is observed.
CSCwc79718	Cisco Catalyst 9166I AP: Multiple cores are reported after image upgrade.
CSCwc81656	Flash file system corruption is observed on AIR-CAP2702E-K-K9.
CSCwc87688	Cisco Catalyst 9120 AP shows very high noise level on 5-GHz radio.
CSCwc89183	Controller crash is observed on libewlc_client_dpath_svc.so.
CSCwc97298	Cisco Catalyst 9166 AP: Radio-2 firmware crash is observed - Thread ID: 0x00000014 Thread name: WLAN_SCHED0;PC: 0x015dc73c.
CSCwd02898	Cisco Catalyst 9300 Series Switch is not flushing remote MAC address after roaming to a local AP.
CSCwd02960	Cisco Catalyst 9166 AP: XoR radio (slot-2); switching between 5-Ghz and 6-Ghz causes kernel panic.
CSCwd03803	Cisco Aironet 1815I AP reboot: PC is at edma_poll / LR is at dma_cache_maint_page.
CSCwd04025	PI 3.10.1: Associated APs with controller is showing interface "Half duplex".
CSCwd04571	Memory leak is observed in wncd process when under load.
CSCwd06001	Linux iosd crash on standby controller during reload of the Cisco Catalyst 9800-L Wireless Controller.
CSCwd06018	802.11r re-auth failed due to invalid Pairwise Master Key ID (PMKID) while doing inter-WNCD roaming.
CSCwd06122	AP Join issues reported due to stale client entries.
CSCwd08678	Timer is not running state client not deleted by controller.
CSCwd10570	Cisco Catalyst 9130 AP: Beacon with incorrect datarates - different rates for same slot on different BSSIDs.
CSCwd12120	Inject path crash is observed on controller switch on IPv6_qos.
CSCwd12754	CAPWAP wireless traffic is getting the same Security Group Tag (SGT) as the corresponding incoming wired traffic.
CSCwd19631	Cisco Catalyst 9120 AP cannot operate in mGig when EEE is enabled on switchport.
CSCwd21996	Cisco Catalyst 9120 AP: CleanAir sensor is crashing.
CSCwd23681	Controller fails to update AP config with error "% Error: no ap_name exists".
CSCwd26693	N+1 HA for FlexConnect is not working.
CSCwd28226	Cisco Catalyst 9136 AP in sniffer mode suffers capwapd crash followed by join/disjoin loop.
CSCwd30828	Cisco Catalyst 9120 AP: Kernel panic crash is observed.
CSCwd32107	Cisco Aironet 2700 AP: Ignore CAPWAP_PAYLOAD: AP_LAN_CONFIG payload having invalid RLAN port enable value.
CSCwd34890	Clients are getting deauth immediately after getting IP address in LWA+LocalSW+CentralAuth.
CSCwd34908	Controller is not following the Dynamic Channel Assignment (DCA) sensitivity threshold.
CSCwd35393	Wireless load balancing affinity incorrectly shows AP site tag as default-site.
CSCwd35577	Redundancy fails during double bit ECC error
CSCwd39605	Cisco Catalyst 9117 AP reloads unexpectedly due to kernel panic at console_unlock+0x320/0x3ac.
CSCwd40731	AP reloads due to kernel panic - not syncing: softlockup: hung tasks.
CSCwd41108	Cisco Catalyst 9130AXE AP with Dart connectors are stuck at channel 36.
CSCwd46091	Cisco Catalyst 9105AXI AP is requesting 30 watts instead of 15.4 watts.
CSCwd46721	IP Theft occurs due to stale client entries in the ODM database.
CSCwd46770	License: Remove reporting interval (fixed 8 hours) and change Sync report to a user action.
CSCwd47741	Controller is failing to update dynamic channel assignment (DCA) channels in radio resource management (RRM) are stuck.
CSCwd49166	Cisco Aironet 3800 AP is consistently reporting high QoS Basic Set Service (QBSS) load.
CSCwd49861	AIRESPACE-WIRELESS-MIB: bsnAPIfType OID documentation incomplete.
CSCwd52385	AP is not initiating gRPC connection to Cisco DNA Center correctly after token expiry.
CSCwd52745	Cisco Aironet 3802 AP: Kernel crash is observed.
CSCwd52938	Wired clients behind workgroup bridge (WGB) are not getting IP address in anchor WLAN.
CSCwd55757	Wave 2 APs: Systemd critical process crash - dnsmasq-host.service failed.
CSCwd56621	Controller GUI logging buffer size display is incorrect.
CSCwd59921	Cisco Catalyst 9130 AP is dropping EAP-TLS frames.
CSCwd60376	Cisco Catalyst 9120 AP: Kernel panic is observed with PC is at pci_generic_config_read+0x34/0xa8.
CSCwd61428	Cisco Catalyst 9136I AP: GRPC crash is observed.
CSCwd63516	Cisco Catalyst 9120 AP fails EAP-TLS port authentication after Plug and Play (PnP) configuration is pushed.
CSCwd63665	Cisco Catalyst 9800-80 Series Wireless Controller shows high CPU utilization in wncd with 200 APS due to WSA.
CSCwd63861	SIGSEGV crash is observed when incrementing roaming statistics.
CSCwd69780	Controller crashes due to netflow watchdog and observed CPU HOG in wncmgrd due to scale netflow.
CSCwd72295	Cisco Catalyst 9136 AP: AP radios are going down if country code is set to RO.
CSCwd74123	Cisco Catalyst 9105 OEAP: Personal SSID is not advertising HE IE in beacon.
CSCwd74571	Wcpd crashes after reusing freed packets.
CSCwd76693	Profile mismatch counter is not increasing.
CSCwd77188	Cisco Aironet 3802 AP: Broadcasts different power values in beacon country IE.
CSCwd77823	Cisco Catalyst 9130 AP: Radio firmware crash is observed.
CSCwd79178	Cisco Aironet 1840 OEAP: Crash is observed due to radio failure.
CSCwd79645	Wireless client are unable to communicate after session timeout when AP dropped once during the session.
CSCwd80290	IOS AP image validation certificate failed/expired, causing AP join issues.
CSCwd81523	Cisco Catalyst 9130 AP is not sending EAP_ID_RESP next assoc-req after PMF client tx deauth in middle of EAP handshake.
CSCwd83840	Cisco Aironet 1830 AP: Wireless clients are unable to connect - "writing to fd 27 failed!".
CSCwd83841	EWC: AP is not sending packets from wired interface to subnet 192.168.129.0/24.
CSCwd90472	Adding static IP MAC binding to device tracking fails.
CSCwd90907	Cisco Catalyst 9164 AP: Crash is observed on Radio 1.
CSCwd90909	Cisco Catalyst 9115 AP: Crash is observed on Radio 1.
CSCwd93773	Controller should not enable 2nd 5Ghz radio for 9124E with PoE+ (30W).
CSCwd96376	Unable to login to controller GUI or CLI with the user created by Day 0 Wizard.
CSCwd99656	The snmp-server host command is not filtering characters properly (Fails when name is e.g.TEST\).
CSCwe00248	Poor reassociation behavior is observed between Spectralink 84xx series phones and Cisco Catalyst 9136 APs.
CSCwe06752	Controller GUI cannot configure HA/SSO if wireless mgmt interface is not configured.
CSCwe08688	EWC: Mesh ap factory reset mode cannot be set to EWC after converting it to CAPWAP and factory-reset.
CSCwe11547	Crash is seen on "Critical process rrm fault on rp_0_0 (rc=139)".
CSCwe12057	QoS Page is not loading when access control list (ACL) has double quote special character in the name.
CSCwe18524	AP filter error in the controller GUI when add operation follows edit/view.
CSCwe26846	Console Flood- check_dot1x_feature_status: config change or tams_init_not_done.
CSCwe28717	Certificate failures observed when joining APs to Cisco Catalyst 9800 controller using CMCA III.
CSCwe32728	Cisco Catalyst 9162 AP crashes due to radio failure.
CSCwe38326	Cisco Catalyst 9166 APs are stuck in CAPWAP state.

Resolved Caveats for Cisco IOS XE Cupertino 17.9.2


Caveat ID	Description
CSCwa42620	Cisco Catalyst 9130 Access Point drops packets on-air for Phoenix WinNonlin application.
CSCwa86610	Cisco Aironet 2802 and 3802 Access Points experience kernel panic crash when 8.10.151.0 image is executed.
CSCwc09461	Cisco Catalyst 9120 Access Points send Authentication response frames to clients after long delays.
CSCwc62021	Default credential does not work after factory reset in Cisco Aironet 1815 and 1832 Access Points.
CSCwc75102	Conversion of Mobility Express Access Points from ME to CAPWAP mode using DHCP option 43 does not work.
CSCwc78435	Cisco Catalyst 9130 Access Point sends incorrect channel list in out-of-band DFS event causing client connectivity issues.
CSCwd00751	Cisco Aironet 2802 Access Point reloads unexpectedly on 8.10.171 release version.
CSCwd08259	Cisco Catalyst 9120, 9115, and 9105 Access Points experience radio firmware crash with Cisco IOS-XE 17.3 or later releases.
CSCvv96364	Cisco Aironet 3800 Access Points experience WCPd crash when running 17.3.1 image.
CSCvx80422	An access point fails to forward packets when using 10.128.128.127 or 10.128.128.128 addresses.
CSCvz66623	EAP-TLS clients behind the Mesh Access Point (MAP) experience authentication failure.
CSCwb08291	Cisco Catalyst 9105AXW Access Point introduces latency when clients use RLAN ports.
CSCwc05350	Cisco Wave 2 Access Points: CAPWAP MTU flapping occurs due to asymmetric MTU between Access Point to controller and vice-versa.
CSCwc10621	CleanAir statistics are not visible in Cisco Catalyst 9130 Access Points when joined to EWC.
CSCwc35321	Cisco Wave 2 Access Points in Local mode sends Address Resolution Protocol (ARP) requests to wireless clients from 10.128.128.128 IP address.
CSCwc38912	Changing an Access Point site or policy tag to a Flex local switching set intermittently causes client connectivity failure to local web auth WLANs.
CSCwc51894	Cisco Catalyst 9117 Access Point reloads unexpectedly due to kernel panic with "dp_print_host_stats" logs.
CSCwc56774	Workgroup Bridge (WGB) with static IP loses IP address after multiple roams.
CSCwc71198	CAPWAP flapping is observed when VRRPv3 is present in the network.
CSCwc73462	Backslash "\" in the end of the RADIUS servers' shared secret is not allowed for FlexConnect groups configuration.
CSCwc81341	Cisco Catalyst 9130 Access Point experiences kernel panic crash in Local mode when full data packet capture is enabled.
CSCwc89719	Cisco Aironet 1832 Access Point crashes due to radio failure.
CSCwc96683	Controller running Cisco IOS-XE 17.3.5a with Cisco Aironet 3800 Access Point in Flex local switching does not forward IP fragmented packets received with DF.
CSCwd07572	Access Point stops transmitting UBPR in 6-GHz when it is active in 2.4-GHz or 5-GHz band.
CSCwc05366	Wireless clients cannot reach each other as ARP resolution fails when performing dynamic VLAN assignment using AAA with SSID.
CSCwc15533	Continuous wncmgrd CPUHOG traceback with scale Flexible NetFlow (FNF) mapping to policy profile results in 100% wncd utilization.
CSCwc15944	Multicast data is not sent to clients and few Access Points are unable to join the controller.
CSCwc22468	Client traffic fails when client roams between access points with a transition between dot11r and dot11i.
CSCwc26105	High Availability split brain is observed due to multiple secondary addresses in the interface.
CSCwc42784	Client fails to connect when protocol based Quality of Service (QoS) is configured.
CSCwc57227	Controller experiences an unexpected reset resulting in a system report containing a wncd core file.
CSCwc59518	Cisco Catalyst 9800-80 Wireless Controller crashes when using WLAN profile with 32 characters and disabled voice Channel Availability Check (CAC).
CSCwc68682	Cisco Catalyst 9800 Wireless Controller - Link down due to local fault.
CSCwb47040	Controller does not update Radio Frequency Identification (RFID) location properly.
CSCwb78191	The AAA VLAN override is not considered with iPSK authentication and anchor WLAN.
CSCwc17774	Few OIDs in CISCO-ENHANCED-MEMPOOL-MIB display "No instance after switchover" in Cisco IOS-XE 17.6.1.
CSCwc26819	Controller does not send LLC or XID spoofed frames after a mobility event.
CSCwc28408	Controller crashes intermittently due to wncd critical process failure.
CSCwc36125	Radio Resource Management (RRM) startup mode gets triggered on every reboot as the controller does not keep track of the last state.
CSCwc41358	Controller MAC filtering: WLAN profile column displays the WLAN name and description.
CSCwc41903	Syslog "LISP RELIABLE REGISTRATION" needs to be enhanced.
CSCwc57836	Restore configuration by HTTP mode does not work in EWC.
CSCwc62824	Controller does not send LLC or XID spoofed frames after a mobility event.
CSCwc69815	Cisco Catalyst 9300 switch interface generates RUM reports every 8 hours when AIR controller licenses are handled incorrectly.
CSCwc72047	Access Points operate in disabled RF profile channels in Cisco IOS-XE 17.6.2 release version.
CSCwc74020	Need to increase the 8 IP address limit in the controller datapath.
CSCwc76905	Switch Integrated Security Features (SISF) crash is observed when handling the DHCP messages.
CSCwd17349	Active chassis gets stuck during SSO failover in Cisco IOS-XE 17.9 release version.

Resolved Caveats for Cisco IOS XE Cupertino 17.9.1


Caveat ID	Description
CSCwb52755	Fast Transition capable Apple and Android clients are unable to authenticate with IPSK profile.
CSCwb09248	High latency and packet drops are observed when associated to Cisco Catalyst 9130 AP.
CSCwb76935	Cisco Aironet 1815T AP: OEAP kernel panic crash is observed.
CSCwb97557	Cisco Aironet 3800 AP: Slot0 BSSID beacon frames are received on slot1 radio.
CSCwc04197	Secondary controller crash is observed during redundancy switchover.
CSCwc04328	6 GHz RRM: Channel-aware TPC is always on for 6 GHz TPC.
CSCwc04673	Cisco Wireless 9166 AP crashed at ieee80211_mbssid_del_profile upon flapping WLAN.
CSCwc07014	AP sends empty FlexConnect client cache payload to controller after successful client FT-SAE roam.
CSCwc08770	Cisco Wave 2 AP: Able to do SSH to AP when AP SSH global config is disabled.
CSCwc15229	Cisco Aironet 1832 AP reloads due to radio failure - Beacons are stuck on radio.
CSCwc17898	Observed a crash while joining AP with name that already exists on controller.
CSCwc20929	APP hosting segmentation doesnt work on Cisco Catalyst 9100 AP connected to a controller running 17.6.3.
CSCwc21428	6 GHz radio: Frequent channel changes are observed due to high utilization.
CSCwc27716	Memory leak is observed while deleting and adding mDNS rules.
CSCwc29238	WGB ping gateway failed after wgb associate to ap in 2.4 GHz and trigger wgbwiredclient get ipv4.
CSCwc29760	Cisco Aironet 3800 AP: Crash is observed due to led_core on ap.
CSCwc31277	6 GHz: Beacon stuck + QBSS 100%; no recovery ap.
CSCwc40483	Transmission power is not getting applied to Slot 1 on AP.
CSCwc43716	Not able to login AP CLI with credentials in site survey mode.
CSCwc46228	Unable to add AP location name on web UI with a space.
CSCwc62021	Cisco Aironet 1815 and 1832 APs: Default credentials are not working after the factory reset.
CSCwa65584	Controller does not accept Cisco Catalyst C91xx Series Access Points as TrustSec capable platform.

Troubleshooting

For the most up-to-date, detailed troubleshooting information, see Troubleshooting TechNotes.

Communications, Services, and Additional Information

To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
To submit a service request, visit Cisco Support.
To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco DevNet.
To obtain general networking, training, and certification titles, visit Cisco Press.
To find warranty information for a specific product or product family, access Cisco Warranty Finder.

Release Notes for Cisco Catalyst 9800 Series Wireless Controller, Cisco IOS XE Cupertino 17.9.x

Available Languages

Download Options

Bias-Free Language

Release Notes for Cisco Catalyst 9800 Series Wireless Controller, Cisco IOS XE Cupertino 17.9.x

Introduction to Cisco Catalyst 9800 Series Wireless Controllers

What's New in Cisco IOS XE Cupertino 17.9.6

What's New in Cisco IOS XE Cupertino 17.9.5

What's New in Cisco IOS XE Cupertino 17.9.4a

What's New in Cisco IOS XE Cupertino 17.9.4

What's New in Cisco IOS XE Cupertino 17.9.3

What's New in Cisco IOS XE Cupertino 17.9.2

MIBs

What's New in Cisco IOS XE Cupertino 17.9.1

MIBs

Behavior Changes

Interactive Help

Important Notes

Supported Hardware

Optics Modules

Network Protocols and Port Matrix

Supported APs

Indoor Access Points

Outdoor Access Points

Integrated Access Points

Network Sensor

Pluggable Modules

Supported Access Point Channels and Maximum Power Settings

Compatibility Matrix

GUI System Requirements

Software Requirements

Before You Upgrade

Upgrade Path to Cisco IOS XE Cupertino 17.9.x

Upgrading the Controller Software

Finding the Software Version

Software Images

Software Installation Commands

Licensing

Interoperability with Clients

Issues

Cisco Bug Search Tool

Open Caveats for Cisco IOS XE Cupertino 17.9.6

Open Caveats for Cisco IOS XE Cupertino 17.9.5

Open Caveats for Cisco IOS XE Cupertino 17.9.4a

Open Caveats for Cisco IOS XE Cupertino 17.9.4

Open Caveats for Cisco IOS XE Cupertino 17.9.3

Open Caveats for Cisco IOS XE Cupertino 17.9.2

Open Caveats for Cisco IOS XE Cupertino 17.9.1

Resolved Caveats for Cisco IOS XE Cupertino 17.9.6

Resolved Caveats for Cisco IOS XE Cupertino 17.9.5

Resolved Caveats for Cisco IOS XE Cupertino 17.9.4a

Resolved Caveats for Cisco IOS XE Cupertino 17.9.4

Resolved Caveats for Cisco IOS XE Cupertino 17.9.3

Resolved Caveats for Cisco IOS XE Cupertino 17.9.2

Resolved Caveats for Cisco IOS XE Cupertino 17.9.1

Troubleshooting

Related Documentation

Cisco Wireless Controller

Cisco Catalyst 9800 Series Wireless Controller Data Sheets

Cisco Embedded Wireless Controller on Catalyst Access Points

Wireless Product Comparison

Cisco Access Points–Statement of Volatility

Cisco Prime Infrastructure

Cisco Connected Mobile Experiences

Cisco Catalyst Center

Communications, Services, and Additional Information

Was this Document Helpful?

Contact Cisco

This Document Applies to These Products