Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 7.4.100.0

7.0.98.0 or later 7.0 releases

You can upgrade directly to 7.4.100.0

Note If you have VLAN support and VLAN mappings defined on H-REAP access points and are currently using a 7.0.x controller software release that is prior to 7.0.240.0, we recommend that you upgrade to the 7.0.240.0 release and then upgrade to 7.4.100.0 to avoid losing those VLAN settings.

7.1.91.0

You can upgrade directly to 7.4.100.0

7.2. or later 7.2 releases

You can upgrade directly to 7.4.100.0

Note If you have an 802.11u HotSpot configuration on the WLANs, we recommend that you first upgrade to the 7.3.101.0 controller software release and then upgrade to the 7.4.100.0 controller software release.

You must downgrade from the 7.4.100.0 controller software release to a 7.2.x controller software release if you have an 802.11u HotSpot configuration on the WLANs that is not supported.

7.3 or later 7.3 releases

You can upgrade directly to 7.4.100.0

CSCud75553

Symptom : When enabling RRM on an AP/radio operating in monitor mode, the AP might display an error message such as "No CleanAir msmts" and dump a radio core or might reset.

Conditions : This occurs when RRM is disabled and then enabled on APs/radios operating in monitor mode.

Workaround : The AP radio should recover on its own by resetting. If it does not recover on its own by resetting the radio, the AP can be rebooted to recover radio operation.

CSCub43059

Symptom : An AP801AGN successfully joins a Cisco 2500 Series Wireless LAN Controller using the 7.4.100.0 controller software release, but both the radio interfaces do not work as expected, regardless of the administration status.

Conditions : Controller software is upgraded from Release 7.3 to Release 7.4.

Workaround :

• Reboot the AP801 from its host router.
• After the AP801 has been recovered using the following workaround, the issue does not recur in subsequent controller software upgrades:

Enter the following command from the host router:

Router# service-module wlan-ap 0 reload

CSCud47804

Symptom : Controller drops the mDNS response packet, which is the response for the TTL expiry SP specific query.

Conditions : On TTL expiry of service provider, controller sends Service Provider specific query. But the controller drops the response packet due to "service name not present in response."

The SP refresh mechanism does not work.

Workaround : Enable Periodic query.

CSCud54520

Symptom : Local mode APs do not work with ACL on the WLAN if local switching is enabled.

Conditions : If ACL on a WLAN along with FlexConnect ACL is used and if local switching enabled local APs ACL fail, the FlexConnect AP works; if local switching is diabled, the local APs ACL work as expected.

Workaround : Create two separate WLANs: one for local mode specific APs and another for FlexConnect AP.

CSCud31428

Symptom : PMK cache is removed from the controller.

Conditions : With WLAN 802.1X + WebAuth and on moving from one controller to another in WebAuth Required state.

Workaround : None.

Further Problem Description : PMK cache is removed from the controller on moving from one controller to another in WebAuth Reqd State with 802.1X + WebAuth Security combination.

CSCsv54436

Symptom : While doing SSH to controller, it is sometimes denied with "Sorry, telnet is not allowed on this port."

If the same controller retries immediately, the SSH connection is accepted. No changes are seen in between.

Conditions : SSH connection is done from a different Layer 3 network, issue found both in 4400 and 2106.

This is breaking monitoring tools through SSH.

Workaround : Retry SSH connection.

CSCsy66246

Symptom : An 802.11n AP does not downshift rates for retries when Low Latency MAC is enabled. It sends three retransmissions, but the data rate for the retransmissions is the same data rate at which the initial packet was sent.

Conditions : Using an 802.11n AP with Low Latency MAC enabled.

Workaround : Do not enable Low Latency MAC.

More information : The Low Latency MAC feature has been removed for 802.11n APs (see CSCtc73527).

CSCtc16222

Symptom : The following messages are displayed on Cisco WiSM2:

Conditions : Cisco WiSM2 using 7.3.101.0 controller software release.

Workaround : None.

CSCtf30526

Symptom : The "advanced 802.11a/b channel" setting are not in backup configuration.

You can reproduce this issue by following these steps:

1. Enter the clear config command.

2. Restart the controller.

3. Initialize setup, then restart the controller.

4. Upload backup-01.cfg file to TFTP server.

5. Download the backup file and restart the controller.

6. Upload backup-02.cfg file to TFTP server.

7. Compared backup-01.cfg with backup-02.cfg. The following lines are not in backup-01.

These configurations are default, so does not cause any issue, but it decreases maintainability.

Condition : 6.0.196.0, 7.0.230.0, and 7.2.103.0 controller software releases.

Workaround : Use the backup-02.cfg file as backup.

CSCtj06944

Symptom : A Cisco 5508 Controller or Cisco WiSM2 might stop working with messages similar to the following displayed on the console log:

Conditions : The service port on the controller is plugged into a VLAN that is also present on one of the controller’s uplink interfaces. This occurs when the controller receives a high-broadcast traffic rate over the service port.

Workaround : Unplug the service port, or connect it to a VLAN, which is not switched to the controller’s uplink interfaces.

Further Problem Description : The service port, if connected to the switched network, must be put into a VLAN, which is not connected to the controller’s distribution ports. It is not a valid configuration to have the service port in a VLAN, which is in use by the controller’s management, AP Manager or dynamic interfaces.

CSCtn58181

Symptom : When multicast is disabled on the controller, traplogs for multicast/broadcast queue are seen to be full.

Conditions : Might occur when multicast is globally disabled.

Workaround : Enable multicast globally.

CSCts86091

Symptom : Radio resets every few minutes followed by Radio Down/AP Reboot, possibly during EAPoL negotiation.

Conditions : Unknown.

Workaround : Unknown.

CSCty78495

Symptom : Multicast message delivery may be affected.

Conditions : During 802.11r testing with intercontroller roaming at a rate of 350 roams per second, BCastQ on foreign controller gets full.

Workaround : None.

CSCtz80256

Symptom : When a controller is configured for local EAP with LDAP and the server is permanently returning a referral/user failure for all authentications, the controller might leak file descriptors leading to a crash on the controller console and the following message is displayed:

After 30 minutes, msglogs show the following message:

Conditions : LDAP server returning always a referral answer.

CSCtz91549

Symptom : AP3500 stops working with traceback 0x6055B8 0x6078B0.

Conditions : Aggregation scheduler stops working.

Workaround : Disable aggregation scheduler by entering this command:

config 802.11 { a | b } 11nSupport a-mpdu tx scheduler disable

CSCua04683

Symptom : Protocol is showing as "unknown" for wired clients on the client detail page.

Conditions : Unknown.

Workaround : None.

CSCua14756

Symptom : CAPWAP VLAN tagging is not supported on outdoor APs, however, the system does not currently prevent this configuration. If an outdoor AP in local mode is accidentally configured with CAPWAP VLAN tagging, the AP reboots and tries to get an IP, but will keep printing the following message:

Conditions : When configuring CAPWAP VLAN tagging on the 1550 outdoor Local mode AP, which should not be allowed.

Workaround : None.

CSCua53765

Symptom : When an AP operates in FlexConnect mode, link test and pings to the client fail. When the AP is changed to Local mode, pings and link test pass as expected.

Conditions :

Workaround : None.

CSCub24389

Symptom : Using LSC on a 5508 controller crashes Multiple APs (AP3500 and AP1131 models).

Conditions :

Workaround : Disable LSC on the controller.

CSCub26654

Symptom : AP3600 DFS false detect.

Conditions : AP3600 sees false radar events from the 7925 phone.

Workaround : None.

CSCub28914

Symptom : Static client can ping BVI 18:

Conditions : It should be a central DHCP or a local split tunnel client.

Workaround : None.

CSCub36414

Symptom : The change (enable/disable) in admin mode of ports on 7500 and 8500 controllers is not updated on upstream switch.

Conditions : Disable/enable admin mode of port on 7500 and 8500 controllers.

Workaround : Instead of enabling/disabling port admin from the controller, make it shut/no shut from upstream switch.

CSCub65739

Symptom : When an AP with DTLS is enabled and the AP is administratively enabled or disabled within a few seconds, this can cause it to drop from the controller for a few seconds.

Conditions : This occurs when DTLS is enabled and the AP is administratively enabled/disabled within a few seconds. The AP will re-join the controller within a short period of time such as a few seconds.

Workaround : This issue can be avoided by disabling DTLS or avoiding administratively cycling the AP quickly.

CSCub88183

Symptom : WiSM2 controller crash at Task Name emWeb under instruction ewaFormSubmit_login_callback.

Analysis of Failure : Software failed on instruction at: pc = 0x108e3090 (ewaFormSubmit_login_callback 96), ra = 0x108e3080 (ewaFormSubmit_login_callback 96)

Conditions : Not applicable at this time, however, this is a large campus deployment and it is possible that it may be related to a large influx of clients(2000-3000) connecting to the wireless controller(s).

Workaround : None.

CSCub89883

Symptom : Crash in different tasks after enabling guest LAN.

Conditions : Guest LAN on a 5500 series controller using 7.2 or later software releases with IPv6 traffic from clients.

Workaround : Disable guest LAN or disable IPv6.

CSCub96053

Symptom : AP3500 gets DFS events due to radar on a DFS channel associated with an 7925 phone. The frequency of DFS events are higher on weekdays and business hours.

Conditions : 7.2.103.0 controller software release.

Workaround : None.

CSCub98230

Symptom : Client associated to WLAN ID 1 is unable to pass traffic to local site, with VLAN tagging enabled for AP, and local-split enabled for the WLAN at the AP.

Conditions : If there is no local-switching WLAN, and local-split is enabled for WLAN ID 1, for AP with VLAN tagging enabled, client associated is unable to pass traffic to local site.

Workaround : Do not enable local-split for WLAN ID 1, with VLAN tagging enabled AP, or create another local-switching WLAN. Issue is not seen when another local-switching WLAN is created.

Further Problem Description : VLAN tagging enabled for AP. Local-split applied for WLAN ID 1. Client associated to this WLAN is unable to pass traffic to local site, traffic that is permitted in local-split ACL. If another local-switching WLAN is created, issue is not seen.

CSCuc02149

Symptom : AP3600 in either autonomous IOS or FlexConnect local switching mode drops IP6to4 TCP SYN ACK packets that are received from its LAN port. A wired sniff at the AP port shows, when the wireless client attempts to establish a TCP connection over IPv6 in IPv4, that the AP transmits the TCP SYN (in IPv6 in IPv4) to the switch, and receives the SYN ACK from the switch, but fails to forward the SYN ACK packet to the wireless client. The first time that the AP, after a reload, drops the SYN ACK packet, the following message will be seen on the AP console, or in its log file:

At the same time, the wireless client can successfully ping the IPv6 address of its 6to4 gateway.

Conditions : AP3600 or AP2600 in autonomous or FlexConnect local switching mode. Wireless client is attempting to establish TCP connections over IPv6 in IPv4, that is IPv4 protocol type 41.

Workaround :

1. Use AP1040, AP1140, AP1260, or AP3500

2. Disable IPv6 support on the application server.

3. Instead of using lightweight mode use a centrally switched WLAN rather than a locally switched one.

CSCuc19950

Symptom : Anchored SSIDs on the 7.3.101.0 controller software release incorrectly show recently configured peer controllers in its anchor list after reboot.

Conditions : 7.3.101.0 software release with existing anchored SSIDs.

Workaround : Go to the anchored SSID and manually remove the recently added peer controllers from its anchor list.

CSCuc22875

Symptom : Post SSO, controller fails to make a connection with IDS.

Conditions : In an HA pair, controller establishes a successful connection with IDS and clients are shunned accordingly. Only after SSO is activated, controller deletes the entry for IDS and fail to establish a connection with IDS resulting in the illegitimate clients being not shunned and having access to the network.

Workaround : None.

CSCuc28983

Symptom : Ascom i62 phones do not respond to packets and do not send packets when associated with AP3502 on a 5508 controller using the 7.2.110.0 software release after going to power-save mode with WMM enabled on the WLAN, using the 2.4-GHz radios.

Conditions : Ascom i62 phones with newest firmware, AP3502i, 5508 controller, 7.2.110.0 software release, voice WLAN with WMM enabled.

Workaround : Disable WMM.

CSCuc31715

Symptom : The clear ap config ap-name command is to return the AP to factory default completely. The AP should boot up in Local mode. However, an AP which was running in Bridge mode boot up in Bridge mode even after the clear ap config ap-name command was entered.

Conditions : Bridge mode.

Workaround : Return to local mode manually after associating with a controller.

CSCuc32120

Symptom : AP stops working and reboots.

Conditions : Unknown.

Workaround : None.

CSCuc49667

Symptom : SNMP configuration looks for a negative value for the RSSI level while the CLI is defined to be a positive number and used in a negative sense.

Conditions : Under all conditions.

Workaround : Enter positive number for the SNMP.

CSCuc50906

Symptom : Client gets excluded.

Conditions : WLAN local-switching (interface or VLAN-X) and ip-src-guard, DAI disabled. Also had AP-group (VLAN-Y). AP is in VLAN-X. VLAN mapping on the AP is VLAN-Y. Client gets IP address in VLAN-Y. Change the IP of the client to the gateway of the AP. AP updates the ARP for the gateway and loses the connectivity from controller (the AP joined the other controller. The AP port was shut on the switch and then was opened to avoid image downgrade). When the AP comes back, the client is unable to reassociate. The WLAN was deleted and re-created with a different name. changed the AP to AP3500 (previously it was AP1040). This did not have any impact. The Controller and AP do not show AP's entry.

Workaround : Corner case and normally in real time client IP address and the controller do not share the same VLAN in local switching.

CSCuc52952

Symptom : Error messages indicating duplicate IP addresses of the service port for WiSM2 in an HA setup.

Conditions : WiSM-SW1-5-DUP_SRVC_IP Service IP 10.6.1.4 of Controller 35/1 is same as Controller 19/1 WiSM-SW1-5-DUP_SRVC_IP Service IP 10.6.1.4 of Controller 35/1 is same as Controller 19/1.

Workaround : None.

CSCuc56857

Symptom : Access points disconnect when code is upgraded and flash write takes time.

Conditions : Unknown.

Workaround : None.

CSCuc60927

Symptom : 5508 controller fails to boot. SYS LED - Blinking Amber and ALM LED = OFF.

Conditions : Console logging is set to debugging and high rate of console logs are generated while you reboot the controller.

Workaround : Do not set console logging to debugging and reboot the controller at the same time, or send the debug output to an SSH/Telnet session (which also has a lower impact on CPU).

CSCuc68995

Symptom : A wireless WebAuth client might be unable to authenticate to the network. When the client opens a browser window, the window is blank. With "debug web-auth redirect" in effect, messages similar to the following might appear:

Conditions : The HTTP GET from the client arrives at the controller in multiple TCP segments.

Workaround : Reconfigure your network and/or the client's TCP/IP stack to ensure that the HTTP GET arrives in a single segment.

CSCuc69522

Symptom : Client sends TCP SYN to a Multicast MAC for its gateway results in the controller not sending a TCP SYN ACK. TCP Handshake does not complete, so client never generates HTTP traffic and is never redirected. Traffic can be seen arriving at foreign and sending to anchor. Anchor appears to ignore/drop the TCP SYN.

Conditions : Controller Foreign/Anchor doing CWA. Client which has Multicast MAC address for gateway has this issue. This is usually the result of having a load-balance/clustered node for gateway of client.

Workaround : Do not use Multicast MAC.

CSCuc70875

Symptom : Standby controller is not snooping some MDNS services such as AppleTV on the wired side. Standby controller is snooping the services on the wireless side with type as “Wired” and MAC address as the “mac address of Active controller”.

Conditions : 7500 controller with HA setup using the 7.4 software release. Configured MDNS profiles and MDNS services on the active controller. All the MDNS configuration synchronized with the standby controller. Have service provider on wired and wireless side. Active controller snooped the services from wired and wireless side. Standby controller did not snoop any service as expected. AP SSO to standby controller by resetting active controller.

Workaround : After a failover, the standby controller should snoop the services from wireless client itself instead of snooping the services from the active controller. The learned MDNS services from the active controller should be blocked to synchronize with the backup controller after the active controller failover occurred. Backup controller should learn the services independently from the wireless side after it assumes the active role.

CSCuc73832

Symptom : The AP will crash on the process ““CAPWAP CLIENT”” with a stack trace of ““disc_tx_11n_aggr_timer_send””.

Conditions : This is a rare occurrence and happens during heavy traffic loading from various types of client traffic and client power save modes.

Workaround : None. The AP will crash and reboot so no action is needed from the user to recover the AP.

CSCuc73900

Symptom : Inspection of the logs shows that the radios reset because the radio firmware image (8001.img) was not found in AP flash write a radio core dump.

Conditions : During image download from the controller.

Workaround : None.

CSCuc78713

Symptom : Wireless clients cannot receive broadcast packets after broadcast key rotation.

Conditions : Dynamic WEP; Release 7.0.235.0, 7.2.110.0, and 7.3.101.0.

Workaround : Enter the config advanced eap bcast-key-interval 86400 command in the middle of the night and then change security setting to WPA2.

CSCuc81022

Symptom : The 1520 outdoor mesh APs may get false DFS triggers when an in-band/off-channel (ch 124) weather RADAR signals are present and received above –20 dBm causing network instability. A similar behavior is observed with off-band maritime radars operating in the 3.05-GHz band, but this can be addressed with band-pass filters installed at the antenna port.

Conditions : AIR-LAP152x outdoor mesh AP installed nearby a weather RADAR installation.

Workaround : None.

CSCuc81911

Symptom : CAPWAP 3600 APs are stuck in the boot mode when there is a power outage requiring manual boot.

Conditions : When there is a power outage, there is a possibility of AP being stuck in boot mode.

Workaround : Enter the following commands on the AP console to get the AP working again:

CSCuc84281

Symptom : Several AES-CCMP TSC replay messages are displayed on the AP console similar to the one shown below:

The number associated with AES-CCMP TSC replays (for example 60 in ‘60 AES-CCMP TSC replays’) is the number of dropped packets due to not being acknowledged.

Conditions : These AES-CCMP TSC replay messages appear most often when the traffic is heavy but could appear under normal traffic condition. They are seen more often on the 3502 and 1522 mesh APs.

Workaround : None.

CSCuc85092

Symptom : Tried predownloading 7.4 controller software release for 11 Mesh APs collectively. Only 5 APs were predownloaded successfully, while the other 6 APs failed to predownload.

Conditions : Cisco SRE.

Workaround : None.

CSCuc86938

Symptom : On a Flex 7500 series controller with two WLANs, say WLAN 1 and WLAN 2, it is not possible to switch from WLAN 1 to WLAN 2 if FlexConnect local authentication is not enabled on WLAN 2. This is with fast SSID change enabled and the security simply being WPA2/AES with a pre-shared key on both WLANs. Issue is not prevalent if FlexConnect local authentication is enabled on both WLANs.

Conditions : FlexConnect APs on a Flex 7500 series controller using the 7.3.101.0 controller software release.

Workaround : Enable FlexConnect local authentication on both WLANs.

CSCuc88522

Symptom : When LAPs lose connectivity with the controller, the controller generates the “Reason for association ‘Dot11g Mode Change’” trap.

Conditions : This can be triggered by network congestion problems. There is no issue with any of the radio interfaces for the controller to log this message.

Workaround : None.

CSCuc90457

Symptom : When Cisco 600 series OEAP channel width is configured to 40 manually, after an AP reboot, the width changes to 20.

Conditions : This is seen only when the controller DCA is kept at a channel bandwidth of 20 and configured manually to a channel bandwidth of 40.

Workaround : Configure controller to assigned channel bandwidth of 40 automatically.

CSCuc91441

Symptom : Some clients were not removed from the database of the controller after user idle timer expired.

When 100 clients expire their user idle timeout simultaneously, only 64 or 65 deauthentications are sent and 36 or 37 clients were not removed from the controller database.

Workaround : Manually remove the stale clients or reboot the AP that had these clients or reboot the controller.

CSCuc93152

Symptom : The license capacity changes on the secondary unit (High Availability) if the adder license is added.

Conditions : This behavior is seen if the AP base count license is modified on the secondary unit (when Active). This is seen when the license is modified only on the controller GUI.

Workaround : None.

CSCuc93635

Symptom : Gateway is reversed

Conditions : Associate a client to diagchannel.

Workaround : None.

CSCuc94504

Symptom : Related to PMF configuration on WLAN.

Conditions : This relates to the configuration when PMF is set as required on WLAN. Tried to enable PSK or 802.1X. This was allowed. Only PFM-PSK or PFM-802.1X should be allowed with PFM in required state.

Workaround : None.

CSCuc94860

Symptom : If you configure Security > AAA > MAC Filtering > RADIUS Compatibility Mode or config macfilter radius-compat as Cisco ACS or Free RADIUS, the controller sends Access-Request packet with all bit zero Message Authenticator attribute.

Conditions : Configuring MAC Filtering RADIUS compatibility mode as Cisco ACS or Free RADIUS.

Workaround : Choose Other (default value) if possible.

CSCuc96679

Symptom : When running chariot based QoS test, VoIP throughput drops by about 3Mb and is very unstable.

Conditions : VoIP throughput drops when BE traffic is introduced to the test; 30 seconds of traffic, 10 Mb VoIP QoS stream, unlimited BE Stream with 10-second start delay.

Workaround : None.

CSCuc97834

Symptom : The “wrong index passed” error message appears when configuring 802.11u Auth detail parameters using SRE GUI.

Conditions : This issue is seen only on Cisco SRE. Not seen on the SRE CLI.

Workaround : None.

CSCuc98518

Symptom : Guest LAN interface loses its guest LAN check box due to which the guest LAN WLAN is disabled.

Conditions : Guest LAN interface loses its guest LAN check box.

Workaround : Re-enable the guest LAN check box on the guest LAN interface. Enable the guest WLAN and set the correct ingress interface.

CSCuc99037

Symptom : RRM queues on the 7.3 controller software release are running full for both bands. The controller message logs are filled up with continuous flow of errors related to RRM queuing errors.

Conditions : Following errors are seen in the message log:

Workaround : None.

CSCuc99637

Symptom : MFP anomalies detected on the 7.3 controller software release.

Conditions : Unknown.

Workaround : None.

CSCuc99675

Symptom : AP802 might fail to change to FlexConnect mode.

This is random issue, under investigation.

Conditions : AP802 in Local mode.

Workaround : None.

CSCud00104

Symptom : CPU ACL confiugraion is not stored while donwloading configuration from the TFTP server.

Conditions : Unknown.

Workaround : None.

CSCud00277

Symptom : Locally-switched 802.11 frames incorrectly passed to AP BVI1.

A frame received on a locally-switched 802.11 subinterface should only be bridged to the BVI1 interface if the subinterface belongs to the AP native bridge group.

Workaround : None.

CSCud04901

Symptom : The LAP1550 series outdoor mesh APs may get false DFS triggers when an in-band/off-channel (ch 124) weather RADAR signals are present and received above –20 dBm causing network instability.

Conditions : AIR-LAP155x outdoor mesh AP installed nearby a weather RADAR installation.

Workaround : None.

CSCud06844

Symptom : Unable to change WLAN from MAC-filtering to 802.1X with RADIUS NAC enabled.

Conditions : Unable to change WLAN from MAC-filtering with RADIUS NAC to 802.1X (WPA2/WPA/802.1x) RADIUS NAC combination. When attempted to change it, an error message is displayed in both CLI and GUI and WLAN cannot be edited.

Workaround : Delete WLAN and create a new one with a valid combination.

CSCud07983

Symptom : The local AAA sever of the controller shows the outer username of wireless users who authenticate using local EAP.

Conditions : When using local EAP on the controller.

Workaround : Disable identity protection on the wireless client to use the same username for the inner and outer EAP username.

CSCud09056

Symptom : AP3500 stops responding during rate shift operation.

Conditions : Unknown.

Workaround : None.

CSCud09998

Symptom : WiSM2 stops responding triggered by DP keepalive lost.

Conditions : WiSM2 on the 7.2.111.3 controller software release.

Workaround : None.

CSCud10200

Symptom : CAP1552 outdoor AP used in local mode exhibits incorrect behavior upon a DFS event.

Conditions : CAP1552 in local mode; 7.2 and 7.4 controller software releases.

Workaround : None.

CSCud10479

Symptom : APs not displayed as “Monitor/wIPS” on the Wireless tab of the controller GUI.

Conditions : Some APs configured to be in Monitor mode with wIPS submode.

Workaround : None.

CSCud10563

Symptom : When you use the config ap logging syslog facility command with the all keyword, the controller configures only the access points that are currently associated with the it and not the new access points that will associate later.

Conditions : Configure access point syslog commands using controllers.

Workaround : Reapply the command when new access pointsjoin the controller.

CSCud10632

Symptom : MIC error reports from clients on a Clients on Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) only SSID are sent to the controller and all clients are deauthenticated.

Conditions : MIC error reports from clients in a CCMP-only SSID.

Workaround : None.

CSCud10747

Symptom : Drop action for Skype traffic is not consistent.

Conditions : Configure an AVC profile to drop Skype traffic and map the profile to a WLAN.

Workaround : None.

CSCud11249

Symptom : Incorrect client username appears during Layer 2 roaming.

Conditions : Clients in a WLAN configured with 802.1X and WebAuth authentication.

Workaround : None.

CSCud12109

Symptom : When you restore the controller configuration from a backup file, some rogue rule conditions such as No Encryption, Client Count, and Managed SSID do not get updated.

Conditions : Restore controller configuration from a backup file.

Workaround : Reconfigure the rogue rule conditions again.

CSCud12373

Symptom : Many access points display the following message on the console:

Received packet with invalid sequence number.

Conditions : WGB is associated to the access point.

Workaround : None.

CSCud12437

Symptom : Clients receive DHCPv6 traffic from clients on access points associated to the same controller.

Conditions : IPv6 is enabled and multicast is disabled.

Workaround : None.

CSCud12518

Symptom : Multicast traffic does not flow when you set the multicast mode in Cisco WiSM2.

Conditions : Multicast mode is set to multicast.

Workaround : Set the multicast mode to unicast.

CSCud12582

Symptom : Processing AAA Error Out of Memory error appears and client authentication fails.

Conditions : Large scale deployments with multiple clients. RADIUS queues are full when the authentication or accounting server fails.

Workaround : Lower request timeouts.

CSCud14147

Symptom : Controller calculates an incorrect message authenticator value for RFC3576 CoA requests from some RADIUS servers such as PacketFence NAC.

Conditions : Controller with 7.3 and 7.4 releases.

Workaround : None.

CSCud16495

Symptom : Cisco 7510 controller crashes when it is part of an HA pair. After the crash, the controller reloads and becomes online.

Conditions : Controller is part of an HA pair.

Workaround : None.

CSCud16984

Symptom : Access points are assigned to channels with lower maximum powers.

Conditions : Varying power levels in different channels of the new access points. The controller detects more neighbors with high RSSIs on channels with higher power.

Workaround : None.

CSCud17506

Symptom : Prime Infrastructure detects a false switchover trap when you reboot a redundancy enabled controller.

Conditions : Redundancy is enabled on the primary controller, but it is not paired with the secondary controller.

Workaround : None.

CSCud17856

Symptom : Deleted native VLAN appears in the trunk VLAN. When you add trunk VLANs on the controller and change the native VLAN, the previously configured native VLAN is added to the trunk VLAN.

Conditions : Add trunk VLANs on the controller and change the native VLAN.

Workaround : None.

CSCud19187

Symptom : Cisco 3500 series access points with crash during the process execute function.

Conditions : Cisco IOS image is 15.2(2)JA.

Workaround : None.

CSCud22456

Symptom : When you filter clients in the controller GUI using the WLAN ID, clients of all WLANs with similar names appear in the Monitor > Client page.

Conditions : Starting characters of the WLAN ID are same. For example, Test and Test1.

Workaround : Use names with different starting characters for WLAN IDs.

CSCud23567

Symptom : When you apply the Lightweight AP template in NCS for VLAN support and WLAN-VLAN mapping, the administrative state changes from enabled to disabled and the VLAN ID is not applied.

Conditions : Controller with 7.0.235.0 image.

Workaround : Reconfigure the controller.

CSCud23648

Symptom : Controller crashes and encounters a fatal condition at broffu_fp_dapi_cmd.c:3679.

Conditions : Task Name is osapiReaper.

Workaround : None.

CSCud26632

Symptom : The following SNMP trap appears on the controller when you change the channel width number to 40-MHz:

RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbSpamSetRadSlotAntennaType.

Conditions : Controller is in an HA pair. Join the 802.11n access point to the controller and change the channel width to 40-MHz and channel number to 157.

Workaround : None.

CSCud26706

Symptom : After a High Availability (HA) failover of the Cisco 8500 controller, the show redundancy peer-route summary command does not show any service port routes.

Conditions : None.

Workaround : None.

CSCud33095

Symptom : Cisco 5508 controllers with LAG mode disabled send ARP requests with incorrect source MAC address.

Conditions : No LAG and several ports are connected with multiple dynamic interfaces.

Workaround : None.

CSCud33394

Symptom : After a switchover, audit mismatch of 802.11u access point venue parameters occurs in a redundancy paired controller.

Conditions : On a redundancy paired controller, set the AP venue parameters such as Venue group, Venue Type, Venue Name, and Language. Switchover to standby and switchover back to primary.

Workaround : Restore the configuration from Prime Infrastructure.

CSCud33577

Symptom : FlexConnect access point are stuck in a loop.

Conditions : FlexConnect access point cannot renew the DHCP lease when the bvi1 interface goes down.

Workaround : Reboot the access point or increase the lease time to a high value. Use static IP addresses on the access point. This problem does not occur if the native VLAN of the FlexConnect access point is 1.

CSCud33759

Symptom : Communication from the Backbone Router (BBR) gateway to the wired network fails on AP 1552S.

Conditions : 7.3 and later builds.

Workaround : None.

CSCud34693

Symptom : LDAP authentication occurs on a globally defined LDAP server not configured for the WLAN.

Conditions : Timeout of the LDAP authentication on the configured WLAN LDAP server.

Workaround : Use one LDAP sever or an Organizational Unit (OU) for all users or use RADIUS authentication.

CSCud34744

Symptom : Controller crashes randomly and recovers on its own after reboot.

Conditions : show ap join info summary causes the crash.

Workaround : None.

CSCud35479

Symptom : Debug logs for power changes are not synchronized with the RF group member controller.

Conditions : When the controller forms an RF group and the Transmit Power Control (TPC) is TPCv2.

Workaround : Use TPCv1.

CSCud37012

Symptom : Controller does not have a command to configure the HTTP or HTTPS timeout.

Conditions : None.

Workaround : Use the controller GUI to configure the HTTP or HTTPS timeout.

CSCud37324

Symptom : Clients experience poor performance, and erratic roaming due to the beacon loss of the WLAN.

Conditions : Beacon loss occurs for the WLAN.

Workaround : None.

CSCud37443

Symptom : Clients are able to connect to the 802.11b/g band even when the WLAN radio policy is 802.11a only.

Conditions : Create a WLAN with the radio policy as 802.11a only and configure the clients in 802.11b/g mode.

Workaround : None.

CSCud38734

Symptom : WebAuth clients are not deleted by the anchor controller after an L3 roaming. The clients are serviced continuously.

Conditions : WLAN session timeout is used instead of AAA override.

Workaround : None.

CSCud40143

Symptom : Drop action for Picasa web application does not work.

Conditions : Enable AVC, configure an AVC profile to drop Picasa traffic and map the profile to the WLAN.

Workaround : None.

CSCud40334

Symptom : You cannot configure some Mesh features using Prime Infrastructure.

Conditions : The following Mesh features cannot be configured from using Prime Infrastructure as there is no SNMP support:

• VLAN Transparent
• Force External Authentication
• External MAC Filter Authorization

Workaround : Configure these features directly on the controller.

CSCud41036

Symptom : AVC parameters configured on Prime Infrastructure and the controller differ for guest LANs and remote LANs.

Conditions : SNMP GET returns incorrect AVC values for guest and remote LANs.

Workaround : None.

CSCud41334

Symptom : Ethernet bridged clients of Mesh APs (MAPs) do not work.

Conditions : When an Ethernet bridged client is plugged to the Ethernet port of a MAP before the MAP joins the controller, then the client will not work. This caveat occurs for Cisco 1140, 3500, and 3600 (all indoor mesh APs), and not on Cisco 1552 (outdoor mesh AP).

Workaround : Ensure that the bridged client is not plugged into the Ethernet port of the MAP and reload the MAP. The MAP must join the controller before the client plugs into the MAP Ethernet port.

CSCud43226

Symptom : Drop action for Gmail application does not work.

Conditions : Enable AVC, configure an AVC profile to drop Gmail traffic and map the profile to the WLAN.

Workaround : None.

CSCud43410

Symptom : If the available channels for an access point are exhausted, the access point drops off from the controller and does not join the controller until the channels are available.

Conditions : Channel list is limited to less number of channels.

Workaround : If the channels are not available, you must add additional channels to the DCA list.

CSCud43646

Symptom : Cisco WiSM crashes with a deadlock during the RRM group calculation.

Conditions : None.

Workaround : None.

CSCud44269

Symptom : Access point sends ARP responses to clients in DHCP required state.

Conditions : This problem occurs for FlexConnect access points connected to a 7.3.101.0 controller.

Workaround : None.

CSCud46376

Symptom : MAC filter interface mapping does not work.

Conditions : Interface mapped to VLAN A is changed to VLAN B.

Workaround : None.

CSCud47264

Symptom : Controller GUI displays duplicate domain IP names for mDNS (Controller > mDNS > Domain Names).

Conditions : Service provider domain name is more than 32 characters.

Workaround : Use the controller CLI.

CSCud48620

Symptom : In the steady state mode, the DCA is unable to change channels in spite of high channel utilization and high interference.

Conditions : In steady state, DCA influences AP towards its RF neighborhood.

Workaround : Put DCA back to aggressive mode.

CSCud47804

Symptom : Controller drops mDNS response packets that are responses for the TTL expiry service provider specific query.

Conditions : After the TTL expiry of the service provider, the controller sends a service provider (SP) specific query. Controller drops the response packet when the service name is not present in the response. The SP refresh mechanism does not work.

Workaround : Enable periodic query.

CSCud48146

Symptom : When you limit the maximum concurrent logins for a user name, the max-login-ignore-identity-response gets enabled.

Conditions : max-login-ignore-identity-response does not work and the global maximum concurrent logins for a user name takes precedence.

Workaround : Increase the global maximum concurrent logins for a user name to the desired number.

CSCud50980

Symptom : Coredump file is not uploaded properly and cannot be unzipped.

Conditions : Size of the file is more than 32 MB.

Workaround : Use FTP to transfer and upload the coredump file.

CSCud47733

Symptom : When the 5-GHz channel is configured as static and not DCA, the 5-GHz channel sometimes reverts back as a static channel at unexpected intervals after a Dynamic Frequency Selection (DFS) event.

Conditions : Controller with 7.2.103.0 image.

Workaround : None.

CSCud57163

Symptom : AP1142 crashes during upgrade.

Conditions : Upgrade controller from 7.3.101.0 to 7.4.1.55 image.

Workaround : None.

CSCud56936

Symptom : Radio is reset when the transmitter shuts down.

Conditions : The following log appears on the access point: %DOT11-2-RESET_RADIO: Restarting Radio interface Dot11Radio

Workaround : Reboot the access point.

CSCud57083

Symptom : Access point crashes with an invalid stack trace for the SOAP LED process.

Conditions : None.

Workaround : None.

CSCud05385

Symptom : In a controller with 7.2 image, the radio statistics are not updated.

Conditions : When you use the show ap stats <ap_name> command.

Workaround : None.

CSCtf30535

Symptom : config wlan apgroup add default-group setting does not appear in the backup configuration.

Conditions :

4. Clear the configuration.

5. Restart the controller with the 6.0.196.0 image.

6. After the initial setup, restart the controller.

7. Upload the backup-01.cfg file to a TFTP server.

8. Download the backup file.

9. Restart controller.

10. Upload backup-02.cfg file to TFTP server.

11. Compare the backup-01.cfg and backup-02.cfg files. The following line is not in backup-01.cfg file:

config wlan apgroup add default-group

Workaround : Use the backup-02.cfg file for backup.

CSCtf30550

Symptom : config wlan security wpa wpa2 enable setting does not appear in the backup configuration.

Conditions :

1. Clear the configuration.

2. Restart the controller with the 6.0.196.0 image.

3. After the initial setup, restart the controller.

4. Upload the backup-01.cfg file to a TFTP server.

5. Download the backup file.

6. Restart controller.

7. Upload backup-02.cfg file to TFTP server.

8. Compare the backup-01.cfg and backup-02.cfg files. The following line is not in backup-01.cfg file:

config wlan security wpa wpa2 enable

Workaround : Use the backup-02.cfg file for backup.

CSCts70063

Symptom : When a Cisco 5500 Series controller boots, the following error appears:

Error (2048) found in fsck check - attempt to repair.

The error number varies.

Conditions : When you boot a controller 5508 controller manufactured between June and October 2011 (range of the serial number is FCW1511xxxx through FCW1540xxxx) with a 6.0 image.

Workaround : You can ignore the message as it is a minor error and has no effect on the operation of the controller. If you upgrade to a 7.0 release of software, the message will no longer appear.

CSCtx87530

Symptom : Ping operation to the controller's management interface fails due to the ICMP checksum.

Conditions : Packet size is 17 bytes or less, or, non-zero padding is used.

Workaround : None.

CSCud56753

Symptom : In a VMWare ESX cluster, when you migrate a virtual controller from one host to another using vMotion, the controller management becomes unreachable for 15 to 30 seconds. This scenario causes the access points to temporarily transition to the standalone mode and prevents communicating within the centrally-switched WLANs.

Conditions : Management interface of the virtual controller is configured with a dot1q VLAN tag and communicates through a virtual switch network configured with VLAN (4095 ALL) in a promiscuous network.

Workaround : WLAN communication is established as soon as the virtual controller generates or egresses traffic through the new host after a vMotion event.

CSCud52785

Symptom : Unable to create SNMP community strings for Virtual controllers from Prime Infrastructure.

Conditions : Virtual controller with 7.4 image.

Workaround : Create the SNMP community strings for the Virtual controller from the controller GUI.

CSCuc95993

Symptom : Access points send ARP requests to IP addresses in different subnets.

Conditions : controller with 7.3.101.0 image.

Workaround : None.

CSCuc87875

Symptom : AP1250 crashes when a client associates with it, and the controller has the 7.4 image.

Conditions : When clients associate alone.

Workaround : None.

CSCud78560

Symptom :

1. Controller updates mDNS TTL with incorrect values when snooping is enabled/disabled or when the controller sends periodic query.

2. When a client asks for unicast query response, the controller responds with IP address in the reverse order. For a multicast query request, the controller response is as expected.

Due to these two issues, the client cannot access the service provider which is snooped by the controller. The controller either sends an incorrect IP address in response or sends a malformed packet with invalid TTL vlaue.

Conditions : This issue is observed in the 7500 series, 8500 series, and virtual controller platforms. This issue is not observed on the 5500 and 2500 series controllers.

Workaround : None.

CSCua23018

WCP status never comes to oper-up even after reconfiguring the service IP.

Symptom : Static/DHCP service-vlan IP is lost after HA configuration.

Conditions : Even after reconfiguration of service port IP, WCP status shows keep alive and never comes to oper-up state.

Workaround : Enter no wism service-vlan vlan command in catalyst 6K device and add the configuration again.

CSCud97983

Symptom : Cisco AP 1040 and 1140 are unresponsive and dissociating from Cisco WLC once a day.

Conditions : Unknown.

Workaround : Reboot the Cisco APs.

CSCue42242

Symptom : When the Cisco WLC detects more than 21 ad hoc rogues, the web GUI shows only the first 20 entries (first page).

Conditions : Path on the web GUI: Monitor > Rogue > Adhoc Rogues and click on “Unclassified Adhoc” or “Custom Adhoc”.

The first page shows correctly, but it is not possible to browse to the subsequent pages.

Workaround : Use the show rogue adhoc summary command on the CLI.

CSCub89883

Symptom : System is unresponsive in different tasks after guest LAN is enabled.

Conditions :

• Guest LAN
• Cisco 5500 Series WLC using 7.2 or later releases
• IPv6 traffic from clients

Workaround : Disable guest LAN or disable IPv6.

CSCuf56192

Symptom : Unable to delete an mDNS profile.

Conditions : When the mDNS profile is mapped to an interface and the interface is deleted.

Workaround : Before deleting the interface, detach the profile and then delete the interface.

CSCui73764

Symptom : Cisco 1240 and 1130 Series APs—DHCP does not work with FlexConnect and VLAN Native 2.

Conditions :

• FlexConnect local switching
• Cisco 1240 or 1130 Series APs
• Cisco WLC Release 7.4.121.0 or earlier releases
• VLAN Native 2
• User unable to get IP address and to connect to the network

Workaround : Change the native VLAN to an unexpectedly higher number, so no WLAN will ever get mapped to a bridge group number that high.

Further Problem Description : Telnet to the FlexConnect mode AP. Example: VLAN3 is the native VLAN on the FlexConnect mode AP. The AP is correctly mapped to bridge group 1. The WLAN that does not work is the one that is mapped to VLAN2. VLAN2 is mapped to bridge group 3 (see below). This is the instance where the issues is encountered. It can be any WLAN-VLAN-Native VLAN combination.

CSCtk68542

Changing Mobility Domain on GUI did not disable/enable WLANs.

CSCtr33129

Mesh APs did not process ICMP unless associated with the controller.

CSCts52226

The controller refused the EAP-ID response from the client.

CSCtu07587

WLAN configuration was lost during XML validation upon controller reboot.

CSCtu74944

DNS Host name in the virtual interface was broken.

CSCty12524

BRA from MAG was missing Service Selection having APN & HOA options.

CSCty32474

Large packet traffic was not working if WIFI Client MTU is greater than 1500 bytes.

CSCtz07676

Controller failed to bring up SXP connection with Cisco Nexus 7000 Series switch.

CSCtz50719

WiSM had stopped working because of an out-of-memory error on the 7.0.220.0 controller software release.

CSCtz94937

On-Channel Rogue detection did not work during voice calls.

CSCua08891

Crash seen on Cisco SRE.

CSCua42848

Some config commands on the controller did not work for AP3600 with the NOS module.

CSCua44936

Wireless ISRs: FIPS power-on self-tests on AP (unified mode) and IOS.

CSCua58554

AAA override dynamic RADIUS VLAN HREAP FlexConnect broken on the 7.2.110.0 controller software release.

CSCua58695

Wireless controller responded to SNMPv1 query when SNMPv1 was disabled

CSCua69301

Unable to remove dynamically excluded client on the controller CLI.

CSCua74558

Improved client association debugs.

CSCua80476

RSSI and SNR abnormal for AIR-AP1131AG

CSCub18829

FlexConnect AP lost connectivity upon removing the VLAN from a FlexConnect group.

CSCub23677

Aggregate probe request interval became 0 second.

CSCub38930

Controller lost timezone information after reboot.

CSCub40170

AAA VLAN override failed when client moved from 802.1X to MAC authentication WLAN.

CSCub42170

AP1142 VLAN setting error for Mozilla Firefox: “ERROR:VLAN doesn’t exist”

CSCub44259

SRE stopped working with Transfer Task post build 76 reboot.

CSCub45878

7.2.110.0 controller software release: client got IPv6 address in multiple VLANs after roaming.

CSCub50559

HA: Active controller stopped working at the peerTransferTask task.

CSCub52566

HA: Active controller stopped working at the rsyncmgrXferMain task.

CSCub54507

No commands available to delete all rogues on the controller CLI.

CSCub54977

OEAP600: Channel mismatch in controller GUI/CLI and local GUI.

CSCub60662

00ETSGJ-CH: Link test fails for Windows 7 Client with 6300 AGN

CSCub68660

FlexConnect ACL with a space in the name did not apply to the AP.

CSCub71689

Management for wireless users did not work on 7500 controller platform.

CSCub74109

Access Point EAP-FAST authentication password was maximum 15 characters.

CSCub75472

Rogue AP detection on wire failed if radio MAC is +/– 1 of Ethernet MAC.

CSCub77680

Cisco Wireless LAN Flex 7500 Series Controllers on the 7.2.110.0 software release sent IP address in reverse to ACS.

CSCub80091

On Cisco Wireless LAN Flex 7500 Series Controllers, the install-certs script option 3 failed occasionally.

CSCub82468

Controller should not allow disable of MCS rates on 800ns guard interval.

CSCub82534

AP radio resets with corrupt TX/RX buffer tracebacks on the 7.2.110.0 controller software release.

CSCub85479

Both 8500 series controllers in HA mode stop working and reset while trying to adopt APs.

CSCub89808

The general page on the controller GUI led to wrong multicast configuration.

CSCub90589

Required a check to prevent users from misconfiguring QoS profiles on the controller.

CSCub90815

003Radius RFC (COA) failed to configure on the controller CLI.

CSCub91823

The show run-config command should display full details of QoS profiles.

CSCub97196

FlexConnect local switch AP would get stuck in DHCP Required.

CSCub97882

H-REAP Local Switching WLAN-VLAN mapping is changed.

CSCuc02078

Unicast Default Priority behaved like Maximum Priority for QoS Profiles.

CSCuc06525

Controller stopped working on a 802.11b task.

CSCuc12395

Continuous trap message is sent from a controller client with MAC address "wireless mac address of client" has joined profile "profile name".

CSCuc15239

Web/SNMP: Needed checks in rate limiting configurations.

CSCuc16850

Radio stopped transmitting because the transmit queues were full.

CSCuc19795

The 7.3 controller software release added a random value ““?d”” for Hash Key for mobility group members.

CSCuc21803

Free RADIUS on MAC filtering did not work if there are multiple RADIUS Servers.

CSCuc33063

Controller stopped working because of the emWeb task.

CSCuc35714

Controller experienced a system crash in apfApplyOverride function.

CSCuc37505

WLAN configuration was not saved after reboot with RADIUS NAC enabled.

CSCuc41718

Set on MLD snooping related attributes was resulting in an error.

CSCuc44651

One of the c3502 APs had stopped working.

CSCuc45044

CLI/GUI discrepancy: Authorize MIC APs against auth-list or AAA.

CSCuc52514

Controller did not reflect timezone location configuration after reboot.

CSCuc52528

Custom logo not displayed when WebAuth secure web was disabled.

CSCuc59054

A wireless LAN controller may unexpectedly reload with messages.

CSCuc62460

AP HTTP profiler stopped working on multiple codenomicon tests.

CSCuc68648

A 5500 series controller on the 7.0.230.0 software release stopped working due to memory leak in SNMP trap.

CSCuc71104

IPv6 client triggered incorrect IPv4 acct start information on change of WLAN.

CSCuc72610

Controller Reaper reset at osapiBsnTimer.

CSCuc74677

High Availability controller rebooting and losing its AP count license.

CSCuc74769

WiSM1 controllers stopped working randomly on the 7.0.235.0 software release.

CSCuc76519

AP3502 stopped working.

CSCuc77980

AP801 does not crash the entire system when FIPs test fail at AP.

CSCuc89476

The memory utilization was increasing constantly on the controller in a scale test.

CSCud07497

The 7500 and 8500 series controller send wrong PMK cache timer for 802.1111r client to mobility peers.