Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 7.4.110.0
Cisco Unified Wireless Network Solution Components
Controller Platforms Not Supported
Software Release Support for Access Points
Upgrading to Controller Software Release 7.4.110.0
Upgrading to Controller Software Release 7.4.110.0 (GUI)
Special Notes for Licensed Data Payload Encryption on Cisco Wireless LAN Controllers
Downloading and Installing a DTLS License for an LDPE Controller
Upgrading from an LDPE to a Non-LDPE Controller
Interoperability With Other Clients in 7.4.110.0
Features Not Supported on Controller Platforms
Features Not Supported on Cisco 2500 Series Controllers
Features Not Supported on WiSM2 and Cisco 5500 Series Controllers
Features Not Supported on Cisco Flex 7500 Controllers
Features Not Supported on Cisco 8500 Controllers
Features Not Supported on Cisco Wireless Controller on Cisco Services-Ready Engine
Features Not Supported on Cisco Virtual Wireless Controllers
Features Not Supported on Mesh Networks
FCC Safety Compliance Statement
Obtaining Documentation and Submitting a Service Request
These release notes describe what is new in this release, instructions to upgrade to this release, and open and resolved caveats for this release.
Note Unless otherwise noted, all of the Cisco Wireless LAN controllers are referred to as controllers, and all of the Cisco lightweight access points are referred to as access points or APs.
These release notes contain the following sections:
The following components are part of the Cisco UWN Solution and are compatible in this release:
Note For more information on the compatibility of wireless software components across releases, see the Cisco Wireless Solutions Software Compatibility Matrix.
Note Client and tag licenses are required to get contextual (such as location) information within the context-aware software. For more information, see the Release Notes for Cisco 3350 Mobility Services Engine for Software Release 7.4.100.0.
The AP801 and AP802 are integrated access points on the Cisco 800 Series Integrated Services Routers (ISRs). For more information about the stock-keeping units (SKUs) for the access points and the ISRs, see the following data sheets:
– http://www.cisco.com/en/US/prod/collateral/routers/ps380/data_sheet_c78_461543.html
– http://www.cisco.com/en/US/prod/collateral/routers/ps380/data_sheet_c78_459542_ps380_Products_Data_Sheet.html
– http://www.cisco.com/en/US/prod/collateral/routers/ps380/data_sheet_c78-613481.html
– http://www.cisco.com/en/US/prod/collateral/routers/ps380/ps10082/data_sheet_c78_498096.html
– http://www.cisco.com/en/US/prod/collateral/routers/ps380/ps10082/data_sheet_c78-682548.html
http://www.cisco.com/en/US/prod/collateral/routers/ps380/data_sheet_c78-519930.html
Note The AP802 is an integrated access point on the Next Generation Cisco 880 Series ISRs.
Note Before you use an AP802 series lightweight access point with controller software release 7.4.110.0, you must upgrade the software in the Next Generation Cisco 880 Series ISRs to Cisco IOS 151-4.M or later releases.
The following controller platforms are not supported:
There are no new features or enhancements in this release. For more information about the updates in this release, see the Caveats section.
Table 1 lists the controller software releases that support specific Cisco access points. The First Support column lists the earliest controller software release that supports the access point. For access points that are not supported in ongoing releases, the Last Support column lists the last release that supports the access point.
Note The Cisco 3600 Access Point was introduced in 7.1.91.0. If your network deployment uses Cisco 3600 Access Points with release 7.1.91.0, we highly recommend that you upgrade to 7.2.103.0 or a later release. |
|||
-A and N: 4.1.190.1 or 5.2 or later1 |
|||
If LAG is enabled on the Cisco 2500 Series Controller and the controller is downgraded to a non-LAG aware release, the port information is lost and it requires manual recovery.
Note Bootloader upgrade is not required if FIPS is disabled.
– Ensure that your TFTP server supports files that are larger than the size of the controller software release 7.4.110.0. Some TFTP servers that support files of this size are tftpd32 and the TFTP server within the Prime Infrastructure. If you attempt to download the 7.4.110.0 controller software and your TFTP server does not support files of this size, the following error message appears: “TFTP failure while storing in flash.”
– If you are upgrading through the distribution system network port, the TFTP or FTP server can be on the same or a different subnet because the distribution system port is routable.
Bootloader Menu for 5500 Series Controllers:
Bootloader Menu for Other Controller Platforms:
Enter 1 to run the current software, enter 2 to run the previous software, enter 4 (on a 5500 series controller), or enter 5 (on another controller platform) to run the current software and set the controller configuration to factory defaults. Do not choose the other options unless directed to do so.
Note See the Installation Guide or the Quick Start Guide for your controller for more details on running the bootup script and power-on self-test.
With the backup image stored before rebooting, be sure to choose Option 2: Run Backup Image from the boot menu to boot from the backup image. Then, upgrade with a known working image and reboot the controller.
config network ap-discovery nat-ip-only { enable | disable }
– enable — Enables use of NAT IP only in a discovery response. This is the default. Use this command if all APs are outside of the NAT gateway.
– disable —Enables use of both NAT IP and non-NAT IP in a discovery response. Use this command if APs are on the inside and outside of the NAT gateway; for example, Local Mode and OfficeExtend APs are on the same controller.
Note To avoid stranding APs, you must disable AP link latency (if enabled) before you use the disable option for the config network ap-discovery nat-ip-only command. To disable AP link latency, use the config ap link-latency disable all command.
– You can predownload the AP image.
– For FlexConnect access points, use the FlexConnect AP upgrade feature to reduce traffic between the controller and the AP (main site and the branch). For more information about the FlexConnect AP upgrade feature, see the Cisco Wireless LAN Controller FlexConnect Configuration Guide.
Note Predownloading a 7.4.110.0 version on a Cisco Aironet 1240 access point is not supported when upgrading from a previous controller release. If predownloading is attempted to a Cisco Aironet 1240 access point, an AP disconnect will occur momentarily.
– Delete all WLANs that are mapped to interface groups and create new ones.
– Ensure that all WLANs are mapped to interfaces rather than interface groups.
– Enable or disable link aggregation (LAG)
– Enable a feature that is dependent on certificates (such as HTTPS and web authentication)
– Add a new license or modify an existing license
– Increase the priority for a license
– Install vendor device certificate
– Install Web Authentication certificate
Step 1 Upload your controller configuration files to a server to back them up.
Note We highly recommend that you back up your controller’s configuration files prior to upgrading the controller software.
Step 2 Follow these steps to obtain the 7.4.110.0 controller software:
a. Click this URL to go to the Software Center:
https://software.cisco.com/download/navigator.html
b. Choose Wireless from the center selection window.
c. Click Wireless LAN Controllers.
The following options are available:
– Integrated Controllers and Controller Modules
d. Depending on your controller platform, click one of the above options.
e. Click the controller model number or name. The Download Software page is displayed.
f. Click a controller software release. The software releases are labeled as follows to help you determine which release to download:
g. Click a software release number.
h. Click the filename ( filename.aes).
j. Read Cisco’s End User Software License Agreement and then click Agree.
k. Save the file to your hard drive.
l. Repeat steps a. through k. to download the remaining file.
Step 3 Copy the controller software file ( filename.aes) to the default directory on your TFTP, FTP, or SFTP server.
Step 4 (Optional) Disable the controller 802.11a/n and 802.11b/g/n networks.
Note For busy networks, controllers on high utilization, or small controller platforms, we recommend that you disable the 802.11a/n and 802.11b/g/n networks as a precautionary measure.
Step 5 Disable any WLANs on the controller.
Step 6 Choose Commands > Download File to open the Download File to Controller page.
Step 7 From the File Type drop-down list, choose Code.
Step 8 From the Transfer Mode drop-down list, choose TFTP, FTP, or SFTP.
Step 9 In the IP Address text box, enter the IP address of the TFTP, FTP, or SFTP server.
Step 10 If you are using a TFTP server, the default values of 10 retries for the Maximum Retries text field, and 6 seconds for the Timeout text field should work correctly without any adjustment. However, you can change these values if desired. To do so, enter the maximum number of times that the TFTP server attempts to download the software in the Maximum Retries text box and the amount of time (in seconds) that the TFTP server attempts to download the software in the Timeout text box.
Step 11 In the File Path text box, enter the directory path of the software.
Step 12 In the File Name text box, enter the name of the software file ( filename.aes).
Step 13 If you are using an FTP server, follow these steps:
a. In the Server Login Username text box, enter the username to log on to the FTP server.
b. In the Server Login Password text box, enter the password to log on to the FTP server.
c. In the Server Port Number text box, enter the port number on the FTP server through which the download occurs. The default value is 21.
Step 14 Click Download to download the software to the controller. A message appears indicating the status of the download.
Step 15 After the download is complete, click Reboot.
Step 16 If prompted to save your changes, click Save and Reboot.
Step 17 Click OK to confirm your decision to reboot the controller.
Step 19 For Cisco WiSM2 on the Catalyst switch, check the port channel and reenable the port channel if necessary.
Step 20 If you have disabled the 802.11a/n and 802.11b/g/n networks in (Optional) Disable the controller 802.11a/n and 802.11b/g/n networks., reenable them.
Step 21 To verify that the 7.4.110.0 controller software is installed on your controller, click Monitor on the controller GUI and look at the Software Version field under Controller Summary.
Datagram Transport Layer Security (DTLS) is required for all Cisco 600 Series OfficeExtend Access Point deployments to encrypt data plane traffic between the APs and the controller. You can purchase Cisco Wireless LAN Controllers with either DTLS that is enabled (non-LDPE) or disabled (LDPE). If DTLS is disabled, you must install a DTLS license to enable DTLS encryption. The DTLS license is available for download on Cisco.com.
Important Note for Customers in Russia
If you plan to install a Cisco Wireless LAN Controller in Russia, you must get a Paper PAK, and not download the license from Cisco.com. The DTLS Paper PAK license is for customers who purchase a controller with DTLS that is disabled due to import restrictions but have authorization from local regulators to add DTLS support after the initial purchase. Consult your local government regulations to ensure that DTLS encryption is permitted.
Note Paper PAKs and electronic licenses available are outlined in the respective controller datasheets.
Step 1 Download the Cisco DTLS license.
a. Go to the Cisco Software Center at this URL:
https://tools.cisco.com/SWIFT/LicensingUI/Home
b. On the Product License Registration page, choose Get New > IPS, Crypto, Other Licenses.
c. Under Wireless, choose Cisco Wireless Controllers (2500/5500/7500/8500/WiSM2) DTLS License.
d. Complete the remaining steps to generate the license file. The license file information will be sent to you in an e-mail.
Step 2 Copy the license file to your TFTP server.
Step 3 Install the DTLS license. You can install the license either by using the controller web GUI interface or the CLI:
Management > Software Activation > Commands > Action : Install License
license install tftp ://ipaddress /path /extracted-file
After the installation of the DTLS license, reboot the system. Ensure that the DTLS license that is installed is active.
Step 1 Download the non-LDPE software release:
a. Go to the Cisco Software Center at this URL:
http://www.cisco.com/cisco/software/navigator.html?mdfid=282585015&i=rm
b. Choose the controller model from the right selection box.
c. Click Wireless LAN Controller Software.
d. From the left navigation pane, click the software release number for which you want to install the non-LDPE software.
e. Choose the non-LDPE software release: AIR-X-K9-X-X.X.aes
g. Read Cisco’s End User Software License Agreement and then click Agree.
h. Save the file to your hard drive.
Step 2 Copy the controller software file ( filename.aes) to the default directory on your TFTP or FTP server.
Step 3 Upgrade the controller with this version by following the instructions from Copy the controller software file ( filename.aes) to the default directory on your TFTP, FTP, or SFTP server. through To verify that the 7.4.110.0 controller software is installed on your controller, click Monitor on the controller GUI and look at the Software Version field under Controller Summary. detailed in the “Upgrading to Controller Software Release 7.4.110.0” section.
This section describes the interoperability of the version of controller software with other client devices.
Table 3 describes the configuration used for testing the clients.
Open, WEP, PSK (WPA and WPA2), 802.1X (WPA-TKIP and WPA2-AES) (LEAP, PEAP, EAP-FAST, EAP-TLS) |
|
Connectivity, traffic, and roaming between two access points |
Table 4 lists the client types on which the tests were conducted. The clients included laptops, handheld devices, phones, and printers.
This section lists the features that are not supported in the following platforms:
Note The features that are not supported on Cisco WiSM2 and Cisco 5500 Series Controllers are also not supported on Cisco 2500 Series Controllers.
Note Directly connected APs are supported only in Local mode.
Note You can replicate this functionality on a 5500 series controller by creating an open WLAN using an ACL.
Note For Cisco 7500 Series controllers, it is not necessary to configure an AP-manager interface. The management interface acts like an AP-manager interface by default, and the access points can join on this interface.
Note IPv6 client bridging and Router Advertisement Guard are supported.
Note An AP associated with the controller in local mode should be converted to FlexConnect mode or Monitor mode, either manually or by enabling the autoconvert feature. On the Flex 7500 controller CLI, enable the autoconvert feature by entering the config ap autoconvert enable command.
Note FlexConnect local switched multicast traffic is bridged transparently for both wired and wireless on the same VLAN. FlexConnect access points do not limit traffic that is based on IGMP or MLD snooping.
Note FlexConnect local switched multicast traffic is bridged transparently for both wired and wireless on the same VLAN. FlexConnect access points do not limit traffic that is based on IGMP or MLD snooping.
Note Outdoor AP in FlexConnect mode is supported.
The following sections lists Open Caveats and Resolved Caveats for Cisco controllers and lightweight access points for version 7.4.110.0. For your convenience in locating caveats in Cisco’s Bug Toolkit, the caveat titles listed in this section are drawn directly from the Bug Toolkit database. These caveat titles are not intended to be read as complete sentences because the title field length is limited. In the caveat titles, some truncation of wording or punctuation might be necessary to provide the most complete and concise description. The only modifications made to these titles are as follows:
Note If you are a registered cisco.com user, view Bug Toolkit on cisco.com at the following website:
https://tools.cisco.com/bugsearch/
To become a registered cisco.com user, go to the following website:
https://tools.cisco.com/IDREG/guestRegistration.do?locale=en_US
Table 5 lists the open caveats in this release.
Symptom : Controller web GUI displays duplicate domain IP names, but the controller CLI displays them correctly. Use CLI Condition : When the service provider domain name is more than 32 characters, the controller web GUI displays duplicate entries. This issue occurs in only the controller web GUI. |
|
Symptom : On the controller, when limiting the “Max Concurrent Logins for a user name” to 1, for example to avoid using the same username more than once for web authentication, there is a possibility to ignore this setting for 802.1x authentication by setting “max-login-ignore-identity-response” to the enabled state. The “max-login-ignore-identity-response” feature does not work as expected and the global “Max Concurrent Logins for a user name” still takes precedence. Workaround : Increase the global “Max Concurrent Logins for a user name” to a desired number. |
|
Symptom : On a channel with high utilization and interference numbers, the RRM DCA algorithm might not change the channel when it should. As a result, the channel assignment for a few access points may be suboptimal, which can negatively impact performance. Condition : If a channel change that is required to avoid the high utilization or interference has an adverse effect on the RF neighborhood, it might prevent the channel change. Release 6.0.182.0. |
|
Symptom : The Cisco 602 OEAP’s Ethernet Counter stops incrementing after they reach the maximum value for a 32-bit signed integer (2147483647). Note This does not affect the operation of the AP or the Ethernet traffic. Workaround : Reset the counters by rebooting the Cisco 602 OEAP. |
|
Symptom : When a RAP loses its wired connection, the RAP fails to restore connectivity as a MAP through the radio backhaul. The mesh adjacency is correctly built to a nearby MAP, and the RAP gets an IP address and can even join its controller, but shortly afterwards a radio reset is observed which causes the RAP to disconnect. The RAP goes into a loop till the wired connectivity is restored. Error messages similar to the following are displayed on the RAP console:
Feb 8 19:37:54.919: %CAPWAP-3-ERRORLOG: Selected MWAR '5500-5'(index 0). *Feb 8 19:37:54.919: %CAPWAP-3-ERRORLOG: Go join a capwap controller ~ *Feb 8 19:37:45.139: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller 5500-5 ~ *Feb 8 19:37:45.183: %MESH-6-ADJ_VIDB_LINK: Mesh neighbor 0021.a1f9.fa0f VIDB Virtual-Dot11Radio0 forwarding ~ *Feb 8 19:37:46.075: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down *Feb 8 19:37:46.083: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset ~ *Feb 8 19:37:47.075: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down *Feb 8 19:37:47.099: %DOT11-6-DFS_SCAN_START: DFS: Scanning frequency 5700 MHz for 60 seconds. ~ *Feb 8 19:38:21.751: %MESH-4-NO_POTENTIAL_PARENT: There are no potential parents *Feb 8 19:38:24.751: %MESH-4-NO_POTENTIAL_PARENT: There are no potential parents *Feb 8 19:38:24.751: %MESH-6-LINK_UPDOWN: Mesh station 0021.a1f9.fa0f link Down *Feb 8 19:38:24.951: %MESH-6-ADJ_VIDB_LINK: Mesh neighbor 0021.a1f9.fa0f VIDB Virtual-Dot11Radio0 going down *Feb 8 19:38:24.955: %LINK-6-UPDOWN: Interface Virtual-Dot11Radio0, changed state to down10 *Feb 8 19:38:25.955: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Dot11Radio0, changed state to down
Condition : Mesh deployment on the following controller software releases: 7.0.230.0, 7.2.x, 7.3.112.0 |
|
Symptom : The controller might stop working if a Syslog server entry is being removed from the GUI when the server is unreachable. Condition : Syslog server configured on the controller with TLS enabled. The Syslog server entry is removed using the controller GUI while it is unreachable, but the controller still considers it to be “connected”, as per “TLS auth status” that can be seen by entering the show logging command on the controller CLI. |
|
Symptom : MAC flap on Layer 2 switch connected to the remote LAN port of Cisco 600 Series OEAP. Condition : Wired computers plugged into the Layer 2 switch connected to the remote LAN port communicate with each other with only pings. Workaround : Configure static ARP entries to prevent the MAC flap. |
|
Symptom : AP intermittently does not send probe response when there are other APs in the neighborhood on the same channel. Condition : There need to be other APs or traffic on the same channel for this issue to occur. Workaround : If the client hears probes from other surrounding APs, the client should be able to join another AP. Some NICs might prefer to hear probes from a specific AP. Even with the AP having the issue, eventually, the probe response might be transmitted after a few attempts. |
|
Symptom : On a local-switching-enabled 802.1X WLAN, if the clients associate with a local AP (not FlexConnect AP), after successful authentication, only url-redirect attributed is accepted by the controller, not url-redirect-acl attribute, which causes failures on redirection thereafter. Condition : 802.1X WLAN with local switching enabled; Release 7.2 and later. Workaround : Disable local switching on the WLAN. You will have to segregate the local AP from FlexConnect APs on different controllers, making it an impossible solution to mix them together on a single controller. |
|
Symptom : Cisco AP3600 and Cisco AP2600 send invalid frames sourced with address 0000.0104.xxxx. This might result in security warnings on the switch, such as the following:
%AUTHMGR-5-SECURITY_VIOLATION: Security violation on the interface GigabitEthernet3/46, new MAC address (0000.0104.d634) is seen.
Condition : This issue occurs when the primary or secondary controller is changed in the AP High Availability tab. This issue is observed with only Cisco Aironet 2600 and 3600 Series access points. |
|
Symptom : The 5-GHz radio on AIR-CAP1552E-N-K9 in the non-Bridge mode fails to enable if the controller is configured for Brazil (-T) Regulatory Domain. |
|
Symptom : Rogue AP does not get detected on the wired network when it is on non-native VLAN trunk to rogue detector AP. Condition : Release 7.4.x; Rogue detector mode AP; Rogue AP not on Rogue Detector native VLAN. |
|
Symptom : Cisco AP1600, Cisco AP2600, and Cisco AP3600 might transmit management and control frames at maximum power, regardless of the configured power settings. |
|
Symptom : Wireless clients are unable to associate with the mesh APs. Condition : When the wired clients are not operational; clients are connected to the mesh AP with Ethernet bridging enabled. Workaround : Reboot the mesh AP for the wired and wireless clients to associate. |
|
Symptom : When the controller detects more than 21 ad hoc rogues, the controller GUI shows only the first 20 entries (first page). Condition : More than 21 ad hoc rogues detected. On the controller GUI, choose Monitor > Rogue > Adhoc Rogues and click on Unclassified Adhoc or Custom Adhoc. The first page shows correctly, but it is not possible to browse to the subsequent pages. Workaround : On the controller CLI, enter the show rogue adhoc summary command. |
|
Symptom : Controller stops communicating with CAM with SNMPv3. 2. Add controller to CAM with SNMPv3 (should have an authorization and authentication passwords) |
|
Symptom : The 802.11u domain is lost after a controller reboot. Condition : Same domain name is used on two different WLANs. This is allowed on CLI, but configuration validation fails on boot. Workaround : Reconfigure the domain, or use different domain names. |
|
Symptom : Cisco Virtual Wireless Controller is given a valid license with an AP count. Installation of the controller is successful, and the show license summary command shows the license in use with the correct count. However, the homepage of the controller GUI shows “0 access points supported” and APs are denied association with the controller. Condition : This issue occurs only when you provide a license file that contains only adder licenses and not the base feature. Workaround : Request for a correct base feature AP count license file. |
|
Symptom : Cisco AP1260 might stop working in the function mvl_transmit_recover. Condition : Cisco AP1260 using IOS version 12.4(23c)JA6 and controller version 7.0.235.3. |
|
Symptom : Controller does not take into account anymore if “airespace wlan-identifier” attribute is sent back in access-accept by the RADIUS server. Condition : This issue occurs in Release 7.4, but was not present in Release 7.0.x. |
|
Symptom : Controller goes into maintenance mode with HA in enabled state. Condition : HA in an enabled state; Cisco Flex 7500 and Cisco 8500 Series controllers in non-LAG scenario with backup port configured; primary port is not operational. |
|
Symptom : The standby controller in an HA pair could reboot in a loop if the HA role negotiation succeeds, but the configuration synchronization fails. |
|
Symptom : RRM group leader is not operational and does not do channel or power update. Condition : This issue might occur if you have APs hearing each other when associated through a large set of controllers where RF group name is identical. Workaround : Options are as follows:
config advanced 802.11a group-mode restart (If RRM is in the 802.11a band) config advanced 802.11b group-mode restart (If RRM is in the 802.11b band) |
|
Symptom : Cisco AP3500 stops working. |
|
Symptom : After a Cisco AP reboot, the radio which was disabled before Cisco AP reboot is somehow reenabled automatically. This occurs when the Cisco AP belongs to an RF profile. Condition : Cisco AP joins nondefault AP group and the AP group has the RF profile. |
|
Symptom : Controller reboot with traceback tpcv2ConstructApProfile. |
|
Symptom : Cisco APs that are configured with submode PPPoE are losing the submode configuration (Submode = Unconfigured) after moving from one controller to another or after rebooting the Cisco AP when associating with the second controller. Condition : Reboot the PPPoE submode Cisco AP associated with the primary controller. |
|
Symptom : Controller might trigger a reaper reset crash at “apfFindRogueApEntry” while adding rogue rules on the controller, due to a deadlock condition. |
|
Symptom : In Export Anchor-Foreign scenario, in both Foreign to Foreign as well as fresh association to a Foreign, if packets are not reaching to Export Anchor due to network issues, then after three retries, there will not be any further exchange. The request will go to Export Anchor and the client will stay in that state until it moves out. Condition : Network issues between mobility peers. Workaround : None. Instead, fix the underlying connectivity issues. |
|
Symptom : Client with static IP loses connectivity on session timeout. Condition : This occurs only if the following set of conditions are met: 1. Interface that the client gets from the interface group does not match the interface corresponding to the static IP. 2. Client gets VLAN overridden with the following message: This overriding is lost when PMK expires, and a new authentication takes place. This occurs even if the client is continuously sending traffic. Workaround : Either disable interface groups or set to DHCP required state. |
|
Symptom : During dynamic rf-group, an HA switchover controller stopped working. Condition : While running dynamic rf-group between an HA Cisco WiSM2 controller and Cisco 5500 Series standalone controller, enter the show advanced 802.11a group command in the standalone controller CLI. On a forced switchover, the standby controller stopped working. |
|
Symptom : Incorrect Data tracebacks and failure in response is observed in Cisco AP3600. 1. An HA Cisco Flex 7500 Series Controller using Build 7.4.100.105 and a Cisco AP3600 in FlexConnect mode associated with it. 2. Schedule a reset in the active controller using 'reset system in 00:03:00 image no-swap reset-aps save-config’ 3. At the scheduled time, the Cisco AP3600 gets a reset push from the controller. While the AP reboots, incorrect data tracebacks are observed in the Cisco AP and the Cisco AP stops working. Later, the Cisco AP associates with the controller. |
|
Symptom : Cisco AP1600 prints tracebacks on the console at reboot after VLAN tagging is configured from the controller (using the config ap ethernet tag id vlan-id cisco-ap-name command). Condition : Cisco AP1600 with data encryption enabled. Traceback seen at the reboot following the VLAN tagging configuration from the controller. |
|
Symptom : SE-Connect mode APs show up as Local mode in GUI after fallback because after the fallback the CleanAir Admin and Oper Status becomes “NA” instead of UP. The Network Spectrum Key is not available and it shows up as Local Mode in GUI. Spectrum Analyzer is unable to connect to the SE-Connect mode APs. Condition : Reboot the controller and then let the SE-Connect APs associate with the controller. 2. After the reboot, the Cisco AP shows correct Mode of “SE-Connect” and also Network Spectrum Key is available. |
|
Symptom : Client displays the following message: Condition : Cisco AP is operational, but the controller shows the Cisco AP as nonoperational. Workaround : Disable the Cisco AP and then reenable it. More Information : This issue is only observed after three or more days of continuously disabling and then enabling the radio state every minute on internal testing. |
|
Symptom : Radio PCI resets are observed on Cisco AP1600. |
|
Symptom : A Cisco AP stopped working and then rebooted. Workaround : Unknown. Check any CDP events on the connected switch. |
|
Symptom : In the controller GUI, access points appear in an unknown state. |
|
Symptom : Controller reports many stale client entries. Condition: Cisco Flex 7500 Series Wireless Controllers with Release 7.3.103.14 having many clients. |
|
Symptom : WebAuth redirect fails when local switching is enabled on a WLAN. Manual redirect and redirect with central switching works. Condition: Local switching is enabled on a WLAN. Workaround : Add a dummy interface on the controller with the IP address of the VLAN that is locally switched for the client. The VLAN IDs need not be the same, however, the IP addresses must be same. The VLAN must be trunked to the controller. |
|
Symptom : CleanAir status appears as N/A even when the access point supports and enables CleanAir. Condition: This issue occurs when the access points join a primary or secondary controller after the power goes down or a network problem arises. Workaround : Disable or reenable the access point radio to recover the CleanAir status on the controller. |
|
Symptom : Controller sends accounting updates with different framed IP address for an endpoint. Condition: Central web authentication used with ISE and URL redirect is pushed. |
|
Symptom : Client disconnects from its WLAN. Condition: When you change the parameters of a WLAN, a client disconnects from another WLAN. |
|
Symptom : RADIUS failover occurs when the controller sends RADIUS request packets with the same ID to the RADIUS server six times and receives no response from the RADIUS server. |
|
Symptom : When a FlexConnect local switching access point roams using WGB, the following message appears on the access point console: Condition: This message appears on Release 7.4.x while using the debug capwap client mgmt command. |
|
Symptom : When you disable the radio of a Cisco AP2600, the radio gets enabled after the access point reloads. |
|
Symptom : Client gets IPv6 address from a different VLAN. A sample message is given below: 1. VLAN is in an interface group. 2. Client sends traffic from either a static IP address or a previously allocated IP address. |
|
Symptom : When you start a calibration task using Prime Infrastructure 1.2 and 1.3, the task proceeds and at the end of the data collection the following message appears: Condition: This message is displayed when there is no data in the controller calibration table. |
|
Symptom : Cisco Services-Ready Engine (SRE) controller configured as a DHCP server shows reversed octet for the default gateway and DNS server values. For example, 4.3.2.1 instead of 1.2.3.4. Condition: Cisco Wireless Controller on Cisco SRE using Release 7.4.x. Workaround : Use an external DHCP server or downgrade the controller to a release that is earlier than Release 7.4.x. |
|
Symptom : Unable to use the filter options for clients and access points when you use IE 10 to access the controller GUI. The filter popup box does not appear in the GUI. |
|
Symptom : Cisco 5508 controller with Release 7.3.101.0 stopped working on |
|
Symptom : In an HA-enabled 5508 controller with 430 access points, when you perform predownload on all the access points, the controller does not reset. Condition: High AP count and failed predownlaod. Workaround : Reboot the controller using the reset system forced command. |
|
Symptom : The show redundancy summary command shows the following output regardless of its real SKU. Condition: When you use the show redundancy summary command on: |
|
Symptom : AP stopped working once and the log was found on the controller and TFTP server. |
|
Symptom : Access point radio resets during the FlexConnect state change. |
|
Symptom : Controller on Release 7.3 or 7.4 fails to authenticate the One Time Password (OTP) users authenticating with TACACS+. The following debug output is displayed when you use the debug aaa tacacs enable command: Condition: This issue occurs in the following Condition: 1. Controller uses Release 7.3 or 7.4. 2. TACACS+ is used for management user authentication. 3. OTP is used for TACACS+. Static passwords are not affected. Extend the TACACS+ management server timeout value by using the following commands: config tacacs auth disable server-index |
|
Symptom : When there is duplex mismatch between a Cisco Aironet 1140 Series Access Point port and an upper layer switch port, the following warning appears on the switch, controller, and access point: However, when the controller is upgraded to Release 7.4.x, the warning message is not logged to controller. |
|
Symptom : Cisco 8510 controller does not update the config line after disabling DHCP proxy using the config dhcp proxy disable bootp-broadcast disable command. Condition: Release 7.4.100.60. Workaround : Manually enter the line in the config file or modify the configuration directly on the controller using the CLI or the GUI. |
|
Symptom : Cisco 5508 controller in an HA configuration with two AAA servers sends TACACS+ authentication and authorization requests to different AAA servers. Users using TACACS+ account are unable to login to controller, as the controller sends authentication request to one AAA server, and authorization and accounting request is sent to another AAA server configured in the controller. Condition: This issue occurs in the following Condition: 1. HA configured on the controller. 2. Users log onto the controller using TACACS+. 3. Two or more AAA servers are defined in the controller TACACS+ authentication and authorization server list. |
|
Symptom : Wired clients behind a third party WGB device fail to get an IP address. |
|
Symptom : Beacon loss in Cisco AP1130. |
|
Symptom : In a mesh topology, RAP-MAP1- MAP2 (all are 1522 access points using 5 GHz backhaul), when MAP1 does not have an Ethernet bridge client then MAP2 connects to MAP1 and joins the controller. However, when MAP1 has an Ethernet bridge client then MAP2 fails to connect to MAP1 to join the controller. The authentication process between MAP2 and MAP1 is never completed in this case. The issue also appears regardless of the radio used for backhaul (both 5 GHz and 2 GHz backhaul). |
|
Symptom : On an HA pair, when the standby unit is active, the evaluation license remaining time warning is displayed. Workaround : None. The HA controller continues to work as the local licenses are not used for access point join validation. |
|
Symptom : Controller sends a message that the APs should be moved to a primary controller, after 90 days of an AP joining the controller. Condition: This occurs when a HA-SKU controller is used as a secondary controller in a N1 configuration and an AP has joined the controller. |
|
Symptom : Flash is not accessible for Cisco AP1520 or Cisco AP1550. The APs will continuously write the following flash error to the console: |
|
Symptom : Controller fails intermittently. Condition: Web pass through clients anchored from foreign controller to anchor controller. |
|
Symptom : New AP801 on C1941, cannot enable the radios. The radios gets reset continuously, and IOS shows 802.11 driver process using 99 percent CPU. Reloading the AP or router does not change. Condition: This occurs when AP801 joins controller using Release 7.4.x. |
|
Symptom : When AP which is in FlexConnect local switching mode, fails over from primary controller to secondary controller, the client protocol displays 802.11b, instead of 802.11g. |
|
Symptom : Clients are unable to join. Condition: This occurs in controller 7.3 5500 with FlexConnect and NAT/PAT AP IP. |
|
Symptom : The FT and LT detection time for an alarm is ahead/later than the AP clock. This is causing a delay in NCS to detect the alarm. In Cisco NCS, you will not see the alarm until the actual AP time matches the time reported in the FT. Condition: This occurs in controller 5508 7.0.235.3, AP3500 wIPS ELM mode, MSE 3350 on Release 7.0.201.204. |
|
Symptom : The "Central Dhcp" and "nat-pat Flag" are enabled on WLAN. With this configuration, when a wireless client tries to associate with an AP, the AP IP address is duplicated to default gateway. |
|
Symptom : WiSM2 secondary controller DP stops responding due to deadlock in HA configuration while it gets booted and synchronizes with the primary controller. Condition: This occurs rarely when there are multiple reboot of controller in HA configuration. The controller recovers after reboot. |
|
Symptom : Clients on 802.11n rates gets disconnected or experiences data transfer issues when certain segment number orders are used. Condition: When client leading segment number is lower than the window (lower order). Workaround : For Apple devices, disable AQM in the Apple wireless driver. Disable A-MPDU. Also refer CSCug65693 for workaround. |
|
Condition: This issue occurs during excessive mesh AP Authentication. |
|
Symptom : Controller sends keep active alive as a wired packet instead of wireless. Condition: When the controller sends the keep alive as a wired packet the ISE drops it because of license. |
|
Symptom : WiSM2 stops responding and reboots (bcastReceiveTask 1332). |
|
Symptom : AP stops responding due to unexpected exception to CPUvector. |
|
Symptom : Ascom phone stops receiving voice packets. Condition: 11n in use Voice traffic QoS markings are lost on downstream direction. |
|
Symptom : Clients are unable to connect to SNMP NAC SSID an displays the following error message: |
|
Symptom : As per the data sheet, the 1600 AP should have 17dbm of tx power on 1 antenna and up to 22 on 3 antennas. http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1600-series/data_sheet_c78-715702.html However, when you see the show controllers output, it shows that the power level 1 is 13dbm on 3 antennas (8dbm per antenna). Comparing show controllers output with 3600e, clearly shows that 1600AP has less tx power. Field tests also show it has a much smaller coverage area. This is on 2.4ghz. 5ghz power is meeting expectations. This was noted in -E reg domain. Also, on modifying the antenna gain has no effect at all on Tx power. Condition: This occurs in controller 7.4.100 code. European regulatory domain in countries where the expected power level is 17. |
|
Symptom : Controller fails to redirect clients to the WebAuth/Passthrough page. Condition: This occurs in controller 7.4.x. When clients begins the WebAuth/Passthrough process by going to a web page that has cached their credentials in a cookie (such as “remember me” at www.yahoo.com). Workaround : Use a website that does not cache credentials in cookies. Clear the client's cookies for that particular website or all websites. Downgrade controller to controller 7.0/7.2/7.3. |
|
Symptom : The foreign controller does not respond to ARP from foreign export client to a local client being on the same VLAN. |
|
Symptom : SRE controller gives an option to configure the “External NAT IP State” and “External NAT IP Address” in the management interface. AP placed in the public domain will not be able to join the SRE. This is because the controller discovery response includes only the controller private IP address. Moreover, the option of enabling or disabling only the ap-discovery nat ip is not available in CLI. “config network ap-discovery nat-ip-only enable/disable”. Workaround : Do not place SRE-controller behind NAT even though the GUI allows you to configure it. |
|
Symptom : Clean Air sensor goes down and requires a reboot. |
|
Symptom : Controller changes the overlapping subnet interfaces IP addresses to all zeros without raising any visible alarm on GUI/CLI or any message on msglog/traplog or “show invalid-config”. Condition: Controller had overlapping subnet interfaces prior to upgrade. Workaround : Ensure that controller does not have overlapping interfaces before an upgrade. |
|
Symptom : When VLAN transparent feature is enabled on controller version 7.2, it does not pass VLAN tags. Span at end device shows all frames being placed on the native VLAN. Condition: VLAN Transparent enabled. Workaround : Disable VLAN Transparent and set the MAP Ethernet port as trunk. |
|
Symptom : Cisco AP3500 gets DFS events because of radar on a DFS channel associated with an Cisco 7925 IP phone. The frequency of DFS events are higher on weekday and business hours. |
|
Symptom : When broadcast SSD is disabled, the client is unable to associate with the controller. Condition: Disable the broadcast SSID in controller. A client is unable to associate. |
|
Symptom : Anchored SSIDs on controller release 7.3.101.0 incorrectly shows recently configured peer controllers in its anchor list after a reboot. Condition: Controller Release 7.3.101.0 with existing anchored SSIDs. Workaround : Manually go to the anchored SSID and remove the recently added peer controllers from its anchor list. |
|
Symptom : On FlexConnect (H-REAP) access points with a WLAN setup for local switching and local authentication, not all of the client detail fields are populated when a client connects to the WLAN. Workaround : Switch the client authentication from local to central. |
|
Symptom : Controller stops working while running controller release 7.3.101.0. |
|
Symptom : Controllers stops working if you clear the AP join statistics. Condition: This problem occurs only when you clear the AP join statistics (Monitor > Statistics > AP join Statistics > Clear) |
|
Symptom : Cisco 4400 Controller stops working in spamreceive in release 7.0.235.3 |
|
Symptom : Client sending TCP SYN to a Multicast MAC for its gateway results in the controller not sending a TCP SYN ACK. TCP Handhsake does not complete and hence the client never generates HTTP traffic and is never redirected. Traffic is seen arriving at foreign and sending to anchor. The anchor ignores/drops the TCP SYN. Condition: Controller Foreign/Anchor doing Central Web Authentication. When a client has a Multicast MAC address for gateway, this issue occurs. This is usually the result of having a load-balance/clustered node for the gateway of a client. |
|
Symptom : Autonomous AP running software version 15.2 loses clock information after reboot. Condition: Autonomous AP running software version 15.2. Clock information is lost even when “clock save interval” is configured. This is important for WGB situations where the AP must use certificate-based authentication (EAP-TLS, PEAP), and the certificate validation fails the time check. Workaround : Perform the following: 1. Manually configure the clock after an AP reboot. 2. Configure SNTP for applications where AP is not operating as WGB with certificate-based authentication by entering this command on the AP console: |
|
Symptom : The LAP1520 outdoor mesh APs gets false DFS triggers when in-band/off-channel (ch 124) weather RADAR signals are present and received above -20 dBm, causing network instability. A similar behavior was observed with off-band maritime radars operating in the 3.05 GHz band, but this can be addressed with Band-pass filters installed at the antenna port. Condition: AIR-LAP152x outdoor mesh AP installed near a weather RADAR installation. Workaround : New hidden CLI dfs-peakdetect added to address this issue. |
|
Symptom : Some clients are not removed from the controller database after user idle timer is expired. Condition: When 100 clients expire simultaneously because of user idle timeout, only 64/65 deauths are sent and 36/37 clients are not removed from the controller database. Workaround : Manually remove the stale clients or reboot the AP that had these clients or reboot controller. |
|
Symptom : Controller intermittently stops working. Condition: Any controller running software versions from 7.0 through 7.4. |
|
Symptom : If you remove the HSRP configuration, it leads the CAPWAP APs to keep sending data traffic to the old HSRP MAC while the control traffic is sent to the new correct gateway MAC. |
|
Symptom : Guest LAN interface loses its guest LAN check box because of which the guest WLAN gets disabled. Condition: Guest LAN interface loses its guest lan check box. Workaround : Reenable the guest LAN check box on the guest LAN interface. Enable the guest WLAN and set the correct ingress interface. |
|
Symptom : A Cisco AP802 may exhibit one of the following symptoms:
Condition: Cisco AP802, lightweight IOS. Workaround : Disable RBCP heartbeat fail to detect default reset that occurs after 15 minutes by entering the “service-module wlan-ap0 heart-beat reset disable” command on the router. |
|
Symptom : The local AAA sever of the controller shows the outer username of wireless user who authenticates using local EAP. Condition: When using local EAP on the controller. Workaround : Disable identity protection on the wireless client to use the same username for the inner and outer EAP username. For local EAP, inner username will be shown in the clients page or in show client detailed mac-addr |
|
Symptom : High number of client exclusions can prevent configuration changes from being applied to Access Points. Condition: High number of client exclusions and access points joined the to controller. |
|
Symptom : Client RADIUS authentication fails. The debug client command shows a message similar to this:
Dot1x_NW_MsgTask_7: Dec 17 11:43:36.983: 00:11:22:33:44:55 Entering Backend Auth Response state for mobile f0:d1:a9:24:d8:a7
Dot1x_NW_MsgTask_7: Dec 17 11:43:36.985: 00:11:22:33:44:55 Processing AAA Error 'Out of Memory' (-2) for mobile f0:d1:a9:24:d8:a7
Dot1x_NW_MsgTask_7: Dec 17 11:43:36.999: 00:11:22:33:44:55 Sent Deauthenticate to mobile on BSSID 20:37:06:00:11:22 slot 0(caller 1x_auth_pae.c:1394)
At the same time, the msglog shows a message similar to this:
Dot1x_NW_MsgTask_7: Dec 17 12:30:23.296: #DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:447 Authentication Aborted for client 00:11:22:33:44:55
The traplog shows a message like this: Condition: Large scale deployments with multiple clients. RADIUS queues fill up and fail under heavy authentication/accounting load. |
|
Symptom : Cisco Flex 7510 Series Wireless LAN Controller stops working when it is part of a HA pair. After this, the controller reloads and becomes active. |
|
Symptom : When a Cisco 1142 lightweight access point joins to a 2504 controller, the access point name that appears in the Wireless page is different from the name that appears in the Monitor > Statistics > AP Join page. Some access point MAC address characters are appended to the access point name, or multiple entries are created with different base radio MAC addresses. |
|
Symptom : After High Availability (HA) failover, the show redundancy peer-route summary command does not show any service port routes. This issue is applicable to Cisco 8500 Series Wireless LAN Controller. Condition: The service port routes doesn't exist after High Availability (HA) failover. |
|
Symptom : mDNS snooping is enabled for FlexConnect local switching enabled WLAN after controller upgrade. Condition: When you use controller release 7.3 with FlexConnect local switching enabled WLAN and upgrade it to 7.4. |
|
Symptom : LDAP Authentication occurs on a globally defined server listed outside the WLAN settings. Condition: When there is a timeout of LDAP authentication on the configured WLAN LDAP server. Workaround : Use 1 LDAP sever/OU for all users or use RADIUS authentication. |
|
Symptom : Clients are able to connect in b/g band even though Radio Policy for a SSID specifically set to “a only”. Condition: Create a WLAN with radio policy set to “a only” Configure the phones/clients in b/g mode and they successfully connect. |
|
Symptom : The Ethernet bridged client of Mesh AP (MAP) does not work. Condition: If the Ethernet bridged client (for example, a PC) has been plugged into the Ethernet port of a MAP before MAP joins the controller, then the client will not work. The issue is seen on a AP1140, AP3500 and AP3600 (all indoor mesh APs). The issue is not seen on AP1552 (outdoor mesh AP). Workaround : Ensure that the bridged client is not plugged into the MAP Ethernet port, and then reload the MAP. Let MAP join the controller before plugging the client into the MAP Ethernet port. The client gets a valid IP address and should respond to pings. |
|
Symptom : AP sending ARP responses for a client in DHCP required state Condition: Flex mode AP on controller release 7.3.101.0. DHCP is enabled on the WLAN. Roaming breaks for clients on Flex mode APs. |
|
Symptom : Controller detects false positive Dynamic Frequency Selection Detections (DFS) owing to signals transmitted by Broadcom radios. Condition: Client hardware triggers DFS detections o wing to signals transmitted by Broadcom radio. |
|
Symptom : While performing a device synchronization operation from Cisco NCS (SNMP query operation), Cisco controller returns a noSuchName value. |
|
Symptom : WPA2 with TKIP and WPA with AES is not supported in standalone mode, local-auth in connected mode, and CCKM fast-roaming in connected mode. Condition: Occurs only when the WLAN is configured as: – Flexconnect Local Switching and Local Authentication. – WPA-PSK with AES encryption. Workaround : Disable local authentication or u se WPA2-PSK with AES or WPA-PKS with TKIP. |
|
Symptom : AIR-CT5508-K9 unexpected reboot happens in Cisco controller 7.4.x software version with "apfMsConnTask_5" task suspended. Condition: Crash happens under normal condition without any changes in hardware or software configuration or network topology. |
|
Symptom : Client disassociated from fast transition roam due to key failure. This issue occurs only when both PMF and FT are supported. Condition: Client has negotiated both PMF and FT capabilities with the access point. |
|
Symptom : When the client is not authenticated by RSA/RADIUS server using webauth, Cisco controller places the client in RUN state. This issue is caused by the usage of two factor authentication. Workaround : Non-usage of two factor authentication. Cisco controller does not support two factor authentication. |
|
Symptom : While enabling a AAA over-ride in the WLAN during foreign controller-interface mapping on a guest access configuration, the anchor controller uses the default interface configuration to assign IP address to the client if the AAA server does not send any interface details. |
|
Symptom : Cisco MAP gateway becomes unreachable using ICMP and displays memory allocation failures. |
|
Symptom : The 3600 AP running in FlexConnect mode stops working with the following decode:
State 0 Totmalloc 6733804 Totfree 2192816 Totgetbuf 119844 Totretbuf 0 Edisms 0x0 Eparm 0x0 Elapsed 0x17598 Ncalls 0x5CD019 Ngiveups 0x0 Priority_q 4 Ticks_5s 3 Cpu_5sec 0 Cpu_1min 6 Cpu_5min 0 Stacksize 0xEA60 Lowstack 0xEA60 Ttyptr 0x54ED758 Mem_holding 0x61E3C Thrash_count 0 Wakeup_reasons 0x0FFFFFFF Default_wakeup_reasons 0x0FFFFFFF Direct_wakeup_major 0x00000000 Direct_wakeup_minor 0x00000000 Regs R14-R31, CR, PC, MSR at last suspend; R3 from proc creation, PC unused: R3 : 00000000 R14: 05350000 R15: 05350000 R16: 05350000 R17: 04230000 R18: 04230000 R19: 04090000 R20: 04DD0000 R21: 04DD0000 R22: 04DD0000 R23: 087BE138 R24: 087BE128 R25: 087BE130 R26: 087BE0B8 R27: 00029200 R28: 00000000 R29: 00000000 R30: 04460000 R31: 00000005 CR: 28004042 PC : 022A04FC MSR: 00029200
|
|
Symptom : Controller marks an interface in a group as dirty even when a response is received from the DHCP server. This issue is observed when some clients insist on requesting an IP unlisted in the connected interface range in a flood. The controller forwards the DHCP NAK responded by the DHCP server when a request is made. However, the interface will still be marked as dirty. |
|
Symptom : When an access point is in FlexConnect Local Switching mode with disabled VLAN support, client communication is lost when access point switches over from one controller to another. |
|
Symptom : When an access point is in FlexConnect mode and has continuous association/re-association of clients with flapping WAN connection, access point may crash at the following decode:
Pid 120: Process "CAPWAP CLIENT " stack 0x8903104 savedsp 0x55F6604 Flags: analyze prefers_new wakeup_posted Status 0x00000000
Orig_ra 0x00000000 Routine 0x02863514 Signal 0 Caller_pc 0x00000000 Callee_pc 0x00000000 Dbg_events 0x00000000 State 0
Condition: Access point is in FlexConnect mode and has continuous association/re-association of clients with flapping WAN connection. |
|
Symptom : Cisco NCS SNMP polling hangs as Cisco controller hangs while performing a SNMPwalk on the bsnMeshNeighsTable table for the Cisco controller 6.0.199.4. |
|
Symptom : When an access point receives authentication request from a client that database is about to be freed/deleted, the access point should not respond with auth response for a disabled BSSID. |
|
Symptom : Image upgrade fails in a high availability environment even when the standby is up and running. The standby HOT does not display any image download activity. Condition: Occurs on AP 5508/Wism2 high availability environment. |
|
Symptom : While trying to change Layer2 and Layer3 policies on any two similar WLAN, an error message "WLAN with duplicate SSID and Layer2 security policy found."is displayed. Condition: Occurs on AP 5508/WiSM2 high availability environment. Workaround : Perform the following workaround: 1. Change WLAN configuration from the CLI. You must disable both the WLANs from the GUI and enable the WLANs again after you complete the configuration again. 2. Delete the existing WLAN and re-create another WLAN using the GUI. |
|
Symptom : WebAuth redirect fails when a FlexConnect access point joins the Cisco controller using the IP address from the DHCP server after a reload. A reload occurs when the FlexConnect AP with static IP address has lost connectivity to Cisco controller and the default gateway. |
|
Symptom : While enabling an mDNS profile on an interface group, an error "Active WLAN using interface group. Disable WLAN first" is displayed when an interface group is already mapped to a WLAN or an access point. Condition: Usage of mDNS gateway on interface group. Workaround : Ensure that you remove, add, and enable mDNS on the interface group before further use. |
|
Symptom : Clients are unable to connect to receive DHCP information post upgrade. |
|
Symptom : Controller displays incompatibility behavior on Cisco controller incompatibility behavior on Change-of-authorization ( CoA) for RFC 3576 implementation and shows the debug output error 'RFC-3576 Disconnect-Request' which indicates that session identification attributes are invalid. Condition: Change-of-authorization (CoA) on the controller. Workaround : When the three AVP pair attributes are sent, the controller accepts the disconnect request Calling-Station-ID MAC address of device (lower case works) Service-Type Login-user Called-Station-ID (upper case MAC of AP SSID separated by colons). |
|
Symptom : Wireless Clients are not denied association when it re-associates. Condition: The maximum number of clients per access point radio is configured on each Cisco AP1142. |
|
Symptom : The “SNMP operation to Device failed. Table too large, possible agent loop.” error message is displayed on monitoring access points on Cisco Prime Infrastructure 1.3. Condition: SSID is set to FlexConnect local switching and access point set to local AP mode. |
|
Symptom : Cisco OEAP fails to connect when a failover occurs from LDPE to Non LDPE controller when in a high availability setup. |
|
Symptom : SIP client sometimes associate access points over CAC voice max-bandwidth. |
|
Symptom : Clients are unable to associate to the access point radio. The access point continues to beacon, but when the client sends an 802.11 authentication frame, the access point fails to respond with an authentication response. This issue occurs when the use of the current transmit queues is equal to the limit - the radio is unable to transmit. Workaround : You must perform the following workaround: 1. Write a script that goes out to each access point and monitors the usage of the radio transmit queues. If a radio is found whose transmit queue utilization is nearing its limit, then issue the following command: |
|
Symptom : Access point information in an access point group does not match when verified in GUI and CLI. |
|
Symptom : Client IP on controller does not get updated after executing the 7.3.101.0 upgrade. Condition: WLAN is used for mobile device, H-REAP local switching, but the DHCP server is central. Workaround : Synchronization will happen after some time.(20-30 minutes). |
|
Symptom : The access point arranges a bandwidth for SIP phone, though not on the phone. |
|
Symptom : While trying to connect Wireless LAN (WLAN) controller through SSH, the connection fails. If retried immediately from the same system to controller, the connection succeeds. The SSH connection is made from a different Layer 3 network. The issue is found in the Cisco 4400 and 2106 Series Controllers. |
|
Symptom : An 802.11n AP does not downshift rates for retries when low latency MAC is enabled. The AP sends three retransmissions but the data rate for retransmissions is the same as the data rate at which the initial packet was sent. Condition: Using an 802.11n AP with low latency MAC enabled. |
|
Symptom : H-REAP reached a maximum limit on the association ID for AP. 1. Client 1 is associated to the controller with AID as 1 on SSID x. 2. Cl ient 1 sends 802.11 auth frame on ssid y, at this point AID as 1 is freed at the AP. Auth frames are not honored at the controller, so controller is not informed. 3. No association frame arrives from client 1 at SSID 2. 4. Client 2 associates to the AP and gets AID as 1. 5. AP updates the controller about client 2 and AID as 1, at this point the controller adds duplicate entries and increments the count (controller already has client 1 AID =1). 6. Counter is getting incremented and reaching 256. It is due to the network conditions in which the 802.11 authentication frames are sent (sometimes on a different WLAN) but is not followed by association frames. |
|
Symptom : When a port in a LAG goes down and then comes up, the controller does not send an UP trap through SNMP. Condition: Distribution ports are configured in a LAG and an SNMP trap receiver is configured. Workaround : Use the show traplog command to view traplog on controller for the UP trap. |
|
Symptom : While booting up the controller, you might view the following message on the attached monitor or on the serial console: When the Space key is pressed, the system could not boot from the disk. Condition: The controller might have passed through an accidental power interruption. Upon reboot, the RAID card could not find its configuration in the flash memory and therefore it could not boot. Workaround : When you encounter the situation, you must enter into the RAID management tool called WebBIOS. There are two versions of the tool available:
|
|
Symptom : After upgrading to the controller (release 7.2), when trying to connect the controller through SSH, the connection fails randomly, the prompt for username is displayed, and then SSH session gets closed from the controller side. |
|
Symptom : AP is not forwarding Multicast data and IGMP querier messages. |
|
Symptom : If you use the clear ap config CLI command or the clear all config option under the Set to Factory Defaults page in the GUI on an indoor AP that has been configured for mesh (bridge) mode, the AP remains in bridge mode. Condition: An indoor AP that has been configured for mesh. Workaround : You can perform one of the following ways:
|
|
Symptom : APs may not be able to join controller (with release 7.2 or 7.4) and the controller indicates the limit for maximum APs supported is reached. Condition: Controller indicates the limit for maximum APs supported is reached when it has not been reached as indicated in the show license capacity command. |
|
Symptom : A wireless webauth client is unable to authenticate to the network. When the client opens a browser window, the window is blank. Using the debug web-auth redirect command, the messages similar to the following appears: Condition: The HTTP GET from the client is arriving at the controller in multiple TCP segments. Workaround : Either reconfigure your network or the client's TCP/IP stack, or the both to ensure that the HTTP GET arrives in a single segment. |
|
Symptom : WiSM2 is unreachable and unable to ping. All APs are dropped from the controller, and unable to ping the Management interface's gateway (through console) at the time of failure. Failure condition will recover on it's own typically within minutes. Condition: Cisco WiSM2 using Release 7.3.101.0. Buffer pool leak messages are printed within the msglog around the time of the failure: |
|
Symptom : If you configure the MAC filtering RADIUS compatibility mode from GUI choosing Security > AAA > MAC Filtering > RADIUS Compatibility Mode or using CLI with the config macfilter radius-compat command as Cisco ACS or Free RADIUS, the WLAN controller sends access-request packet with all bit zero Message Authenticator attribute. Condition: When configured the MAC Filtering RADIUS Compatibility Mode as Cisco ACS or Free RADIUS . |
|
Symptom : WLAN controller calculates an incorrect message authenticator value for RFC3576 CoA requests from some RADIUS servers such as PacketFence NAC. |
|
Symptom : Access points are assigned to channels with lower maximum powers. Condition: Varying power levels in different channels of the new access points. The controller detects more neighbors with high RSSIs on channels with higher power. |
|
Symptom : In a VMWare ESX cluster, when migrating a vWLAN controller from one host to another via vMotion, the vWLAN controller management may become unreachable for 15-30 seconds which may causes APs to transition to standalone mode temporarily and prevent centrally switched WLANs from communicating. Condition: A virtual controller's management interface is configured with a dot1q VLAN tag communicating through a virtual switch network configured with VLAN (4095 ALL) in promiscuous network. VMware network can be configured to "Notify Switches" causing RARP to be sent on VM's tagged interface for updating neighbors with CAM table seamlessly during vMotion transition. This is transparent to the VM. In the vWLAN controller deployment; hosts cannot know the vWLAN controller’s management or other interface dot1q tags so RARP is delivered untagged. This prevents CAM tables from learning of MAC update on proper VLAN ID and therefore a loss of communication to the vWLAN controller. Workaround : Communication is established as soon as the vWLAN controller generates traffic through the new host after a vMotion event. No known workaround. |
|
Symptom : Client entry is seen on multiple controllers even when not anchored to the controller or part of its mobility group. |
|
Symptom : In the Cisco 5508 Series Wireless Controller, when the MAC Filtering authentication is enabled from the GUI using the following procedure, client authentication fails. 1. Choose Security > AAA > RADIUS > Authentication to open the RADIUS Authentication page. Define more than one RADISU servers. 2. Choose Security > AAA > MAC Filtering and set the RADIUS Compatibility Mode as Free RADIUS. 3. In the WLAN setting, select the MAC Filtering check box, select the Authentication server that you have selected. The index number of the server is 1. 4. Choose S ecurity > AAA > RADIUS > Authentication. Delete the Radius server which has index number 1. 5. In the WLAN setting, select Authentication server which has index number other than 1. Workaround : From the WLAN controller GUI, choose Security > AAA > RADIUS > Authentication, and define a dummy radius server which has index 1. |
|
Symptom : A Cisco controller functioning as a DHCP server with large DHCP scopes may stop servicing DHCP client requests. |
|
Symptom : When adding a new 3600 AP to the WLAN controller with multiple countries, the AP may select a country in a different regulatory domain than that of the AP. Condition: With a AIR-CAP3602I-A-K9 joining a controller with countries in regulatory domains for -A and -N. The AP selects the country in the -N regulatory domain. Workaround : Select the correct country and enable the AP admin state. |
|
Symptom: The Cisco 5508 Wireless LAN Controller fails to respond when a client moves from PMIP enabled wireless controller to non PMIP enabled wireless controller if fast SSID is enabled. Condition: Fast SSID is enabled. The controller is deployed with a with mix of PMIP and normal WLANs in use. |
|
Symptom: After multiple 802.1x failures, the client is never excluded when the controller uses the 7.2.115.2 software version. Condition: Client repeatedly fails when 802.1x authentication is used. |
|
Symptom: The controller fails to respond when the AAA server pushes the Cisco AV pair when the url-redirect-acl is longer than 32 characters. Condition: The error occurs when the url-redirect-acl name is longer than 32 characters. Workaround: Use url-redirect-acl names of less than 32 characters. |
|
Symptom: After adding a WLAN to an AP group, the WLAN properties cannot be edited on the AP VLAN mapping page when the AP is in flex mode. Condition: WLAN is disabled before being added to the AP group. Workaround: Perform the following steps: |
|
Symptom: Configuration import of ASCII and HEX commands for PSK do not work as expected. Clients fail to authenticate. Condition: This happens when the configuration contains ASCII and HEX commands in un-encrypted format for PSK. Workaround: Use an encrypted format when you upload the configuration for PSK. |
|
Symptom: Cisco Aironet 1242 Access Point generates tracebacks and coredump after the controller upgrades to 7.4.100.60. Additionally, the radios also reset as shown in the log below:
Jul 10 06:02:54.569: %SYS-2-BADSHARE: Bad refcount in datagram_done, > ptr=125F318, count=0 -Traceback= <HEX Tracebacks>
Condition: The Cisco Aironet 1242 Access Point generates tracebacks and coredumps when upgraded to the Cisco WLC software version 7.4.100.60 |
|
Symptom: Cisco Aironet 2600 Access Points fail to perform location calibration when using either the linear or by data points methods. Location calibration works for other models of access points. Condition: When location calibration is performed when there are Cisco Aironet 2600 Series Access Points as part of the deployment. |
|
Symptom: BCAST queue is filled up displaying the following error: Condition: Wireless clients send the IGMP report as soon as the query is sent by the Cisco WLC causing a Spike in Bcast queue. The spike is for very brief moment to cause queue to go full. Ideally for each query, clients should send report within 10 seconds. So throttling would happen. But in some cases, if the application does not do backoff (it sends as soon as query is received) a Bcast queue full message is displayed. Workaround: Increase IGMP query interval and timeout. If the queue is full and the IGMP query is not processed on first try, the stream will still not be affected until no report is received over the timeout value. |
|
Symptom: Cisco WLC fails to respond when software version 7.4.103.6 is used. Condition: The Cisco WLC fails to respond when mDNS snooping enabled on software version 7.4.103.6. |
|
Symptom: Unable to use debug pm pmk command. |
|
Cisco WLC fails to respond with the task spamPacketDumpHandleIntraRoamCase Symptom: Cisco WLC fails to respond with the task spamPacketDumpHandleIntraRoamCase Condition: The Cisco WLC fails to respond when the ap packet-dump command is used. |
|
Symptom: RAP loses static Channel on 5 GHZ and 2.4GHZ channel get set to static when configured for auto. Condition: When the RAP is configured with the following values: RAP-1 - Set to Channel 100. 2.4 GHZ = Auto RAP-2 - Set to Channel 161. 2.4 GHZ = Auto Both RAPs are initially joined with wired connection to the Cisco WLC. When RAP-1 eth link is lost/goes down, it joins over wireless backhaul through RAP-2. When eth connection is available RAP-1 joins over eth and gets set to channel 161 (remembers previous parents channel info) and 2.4 GHZ gets set to static channel 11. Workaround: RAP eth connection is never lost. If eth connection is lost, RAP should not join another RAP. |
|
Symptom: When a RAP loses its wired connection it fails to restore connectivity as a MAP through the radio backhaul. The mesh adjacency is correctly build to a nearby MAP and the RAP gets an IP address and can even join its WLC, but shortly afterwards a radio reset is observed which causes the RAP to disconnect. The RAP never settles down (it keeps on looping) till the wired connectivity is restored. Sample error messages on RAP console: Virtual-Dot11Radio0 forwarding
*Feb 8 19:37:47.075: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
Virtual-Dot11Radio0 going down
*Feb 8 19:38:25.955: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Dot11Radio0, changed state to down
Condition: Mesh deployment on the following software versions: 7.0.230.0 / 7.2.104.31 / 7.3.112.0 |
|
Symptom: 802.11 statistics do not update in Cisco AP1600 in Monitor mode. Condition: On the AP console, enter the show int dx statistics command. The statistics are not updated. |
|
Symptom:After clearing and reloading the configuration, if HA is configured, the MAC addresses differ on the active and standby mobility controllers when the show mobility summary command is executed. Condition: Configuration clear. Workaround: This does not happen on normal operation, unless a full configuration wiped and reconfiguration process is done, and HA is reestablished. |
|
Symptom: Cisco WLC controller fails to respond and resets the spectrumNMSPTask Condition: Cisco WLC fails to respond under normal conditions. Conditions unknown. |
|
Symptom: Cisco WLC running the software version 7.4 in DHCP Proxy mode misses the option 255 in DHCP request packet, resulting in packets being dropped during inspection. Workaround: Set format to ASCII by running the following command: |
|
Symptom : In an HA scenario, when the default management gateway is broken, the standby or active controller goes into maintenance mode and never comes out of that mode even after the connection is restored. 1. Configure an HA pair and configure a standby and active controller. 2. Shut down the management default gateway and ensure that one controller goes into maintenance mode after a reboot. 3. After some time, restore the management gateway connection and try to make the controller in maintenance mode come back to the corresponding mode after the connection is restored. 4. The controller always remains in the maintenance mode until a manual reboot is performed and the status is shown to be in negotiation. |
|
Symptom: The APs disjoin after the switchover if the Cisco 8500 WLC has 6000 APs and 64000 clients on the full load. Condition: This happens when the Cisco 8500 controller is fully loaded. |
|
Symptom: The following messages are displayed on Cisco WiSM2:
wism2-ms9-mgmt.it.osu wism2-ms9: *spamApTask7: Sep 20 08:38:42.434: #OSAPI-0-INVALID_TIMER_HANDLE: timerlib_mempool.c:241 Task is using invalid timer handle 15069/46996
wism2-ms9-mgmt.it.osu wism2-ms9: -Traceback: 0x113b0060 0x10a26264 0x105c9810 0x105c2760 0x105c2b90 0x105c3094 0x105a19e0 0x10348180 0x103d88ec 0x103e4ac4 0x10e4c86c 0x10a22318 0x11d316a0 0x11d8ffcc
Condition: The error message is displayed when using WiSM2 using 7.3.101.0 wireless controller software version. |
|
Symptom: Cisco WiSM2 stopped working after an upgrade from Release 7.3.101.0 to 7.4.110.0 |
|
Symptom: Cisco WiSM2 stopped working and rebooted. |
|
Symptom: Cisco Virtual Wireless LAN Controllers fail to correctly implement Virtual CPU Access Control Lists that have been configured to restrict access to the private virtual management address. Condition: Cisco Virtual Wireless LAN Controllers running WLC Release 7.4 are affected. Further Problem Description : This issue does not allow an attacker to bypass any forms of authentication. An attacker that did access the private virtual management interface would need to provide valid credentials to gain access to the device. |
|
Symptom: On the WLC or PI GUI, CleanAir operational status for one or more Cisco Aironet series access points shows 'Down' as operational status with reason 'CleanAir internal error [5]'. On the console log for the access point, there are messages such as the following: The event log shows repeated radio resets with reason code 37 (Radio IDB Reset): Condition: Occurs only with CleanAir capable Cisco Aironet Access Points such as the 3500, 2600, and 3600 series APs. |
|
Symptom: Controller stops working and then reboots. Condition: Ad hoc rogue detection is in enabled state. Workaround: Disabling ad hoc rogue detection is a potential workaround. On the controller GUI, choose Security > Wireless Protection Policies > Rogue Policies > General, and set Detect and report Ad-Hoc Networks to disabled state. |
|
Symptom: Messages similar to the following may be seen in the msglog:
#OSAPI-4-MSGQ_SEND_FAILED: osapi_msgq.c:520 Failed to send a message to the message queue object: RRM-DCLNT-2_4-Q. enqueue failed.
*iappSocketTask: Sep 10 14:33:26.160: #RRM-3-MSGTAG021: rrmClient.c:1279 Airewave Director: Unable to queue enchanced coverage data from AP 00:25:84:00:11:22(1) on 802.11a
*iappSocketTask: Sep 10 14:33:26.165: #RRM-3-MSGTAG021: rrmClient.c:1279 Airewave Director: Unable to queue enchanced coverage data from AP 00:25:84:00:11:22(0) on 802.11bg
#RRM-3-RRM_LOGMSG: rrmClient.c:1885 RRM LOG: Airewave Director: Unable to queue load data from AP 00:27:0D:00:11:22(1) on 802.11a
Another symptom is that the WLC might stop working when the RRM profile is changed: |
|
Symptom : When the Cisco WLC detects more than 21 ad hoc rogues, the web GUI shows only the first 20 entries (first page). Conditions : Path on the web GUI: Monitor > Rogue > Adhoc Rogues and click on “Unclassified Adhoc” or “Custom Adhoc”. The first page shows correctly, but it is not possible to browse to the subsequent pages. Workaround : Use the show rogue adhoc summary command on the CLI. |
|
Symptom : System is unresponsive in different tasks after guest LAN is enabled. |
|
Symptom : Unable to delete an mDNS profile. Conditions : When the mDNS profile is mapped to an interface and the interface is deleted. Workaround : Before deleting the interface, detach the profile and then delete the interface. |
|
Symptom : Cisco AP disconnects from primary and moves to secondary WLC because of memory allocation. |
|
Symptom : Cisco 1240 and 1130 Series APs—DHCP does not work with FlexConnect and VLAN Native 2.
Workaround : Change the native VLAN to an unexpectedly higher number, so no WLAN will ever get mapped to a bridge group number that high. Further Problem Description : Telnet to the FlexConnect mode AP. Example: VLAN3 is the native VLAN on the FlexConnect mode AP. The AP is correctly mapped to bridge group 1. The WLAN that does not work is the one that is mapped to VLAN2. VLAN2 is mapped to bridge group 3 (see below). This is the instance where the issues is encountered. It can be any WLAN-VLAN-Native VLAN combination. |
|
Symptom : Wireless clients cannot receive broadcast packets after broadcast key rotation. Conditions : Dynamic WEP; Release 7.0.235.0, 7.2.110.0, and 7.3.101.0. Workaround : Enter the config advanced eap bcast-key-interval 86400 command in the middle of the night and then change security setting to WPA2. |
Table 6 lists the caveats that are resolved in this release.
This section contains important information to keep in mind when installing controllers and access points.
Warning This warning means danger. You are in a situation that could cause bodily injury. Before you work on any equipment, be aware of the hazards involved with electrical circuitry and be familiar with standard practices for preventing accidents. Use the statement number provided at the end of each warning to locate its translation in the translated safety warnings that accompanied this device. Statement 1071
Warning Only trained and qualified personnel should be allowed to install, replace, or service this equipment. Statement 1030
Warning Do not locate the antenna near overhead power lines or other electric light or power circuits, or where it can come into contact with such circuits. When installing the antenna, take extreme care not to come into contact with such circuits, as they may cause serious injury or death. For proper installation and grounding of the antenna, please refer to national and local codes (e.g. U.S.: NFPA 70, National Electrical Code, Article 810, Canada: Canadian Electrical Code, Section 54). Statement 280
Warning This product relies on the building’s installation for short-circuit (overcurrent) protection. Ensure that a fuse or circuit breaker no larger than 120 VAC, 15A U.S. (240 VAC, 10A international) is used on the phase conductors (all current-carrying conductors). Statement 13
Warning This equipment must be grounded. Never defeat the ground conductor or operate the equipment in the absence of a suitably installed ground connector. Contact the appropriate electrical inspection authority or an electrician if you are uncertain that suitable grounding is available. Statement 1024
Warning Read the installation instructions before you connect the system to its power source. Statement 10
Warning Do not work on the system or connect or disconnect any cables (Ethernet, cable, or power) during periods of lightning activity. The possibility of serious physical injury exists if lightning should strike and travel through those cables. In addition, the equipment could be damaged by the higher levels of static electricity present in the atmosphere. Statement 276
Warning Do not operate the unit near unshielded blasting caps or in an explosive environment unless the device has been modified to be especially qualified for such use. Statement 364
Warning In order to comply with radio frequency (RF) exposure limits, the antennas for this product should be positioned no less than 6.56 ft. (2 m) from your body or nearby persons. Statement 339
Warning This unit is intended for installation in restricted access areas. A restricted access area can be accessed only through the use of a special tool, lock and key, or other means of security. Statement 1017
Follow the guidelines in this section to ensure proper operation and safe use of the controllers and access points.
FCC Compliance with its action in ET Docket 96-8, has adopted a safety standard for human exposure to RF electromagnetic energy emitted by FCC-certified equipment. When used with approved Cisco Aironet antennas, Cisco Aironet products meet the uncontrolled environmental limits found in OET-65 and ANSI C95.1, 1991. Proper operation of this radio device according to the instructions in this publication results in user exposure substantially below the FCC recommended limits.
For your safety, and to help you achieve a good installation, read and follow these safety precautions. They might save your life!
1. If you are installing an antenna for the first time, for your own safety as well as others, seek professional assistance. Your Cisco sales representative can explain which mounting method to use for the size and type of antenna you are about to install.
2. Select your installation site with safety as well as performance in mind. Electric power lines and phone lines look alike. For your safety, assume that any overhead line can kill you.
3. Call your electric power company. Tell them your plans and ask them to come look at your proposed installation. This is a small inconvenience considering your life is at stake.
4. Plan your installation carefully and completely before you begin. Successfully raising a mast or tower is largely a matter of coordination. Each person should be assigned to a specific task and should know what to do and when to do it. One person should be in charge of the operation to issue instructions and watch for signs of trouble.
5. When installing an antenna, remember:
b. Do not work on a wet or windy day.
c. Do dress properly—shoes with rubber soles and heels, rubber gloves, long-sleeved shirt or jacket.
6. If the assembly starts to drop, get away from it and let it fall. Remember that the antenna, mast, cable, and metal guy wires are all excellent conductors of electrical current. Even the slightest touch of any of these parts to a power line completes an electrical path through the antenna and the installer: you!
7. If any part of an antenna system should come in contact with a power line, do not touch it or try to remove it yourself. Call your local power company. They will remove it safely.
8. If an accident should occur with the power lines, call for qualified emergency help immediately.
See the appropriate quick start guide or hardware installation guide for instructions on installing controllers and access points.
Note To meet regulatory restrictions, all external antenna configurations must be installed by experts.
Personnel installing the controllers and access points must understand wireless techniques and grounding methods. Access points with internal antennas can be installed by an experienced IT professional.
The controller must be installed by a network administrator or qualified IT professional, and the proper country code must be selected. Following installation, access to the controller should be password protected by the installer to maintain compliance with regulatory requirements and ensure proper unit functionality.
If you need information about a specific caveat that does not appear in these release notes, you can use the Cisco Bug Toolkit to find caveats of any severity. Click this URL to browse to the Bug Toolkit:
https://tools.cisco.com/bugsearch/
(If you request a defect that cannot be displayed, the defect number might not exist, the defect might not yet have a customer-visible description, or the defect might be marked Cisco Confidential.)
For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at this URL:
http://www.cisco.com/c/en/us/support/index.html
Click Product Support > Wireless. Then choose your product and Troubleshooting to find information on the problem you are experiencing.
For additional information about the Cisco controllers and lightweight access points, see these documents:
You can access these documents at this URL: http://www.cisco.com/c/en/us/support/index.html
For information on obtaining documentation, using the Cisco Bug Search Tool (BST), submitting a service request, and gathering additional information, see What’s New in Cisco Product Documentation at: http://www.cisco.com/c/en/us/td/docs/general/whatsnew/whatsnew.html
Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.