|
|
CSCud50209 |
Symptom : Controller fails when the management user form post is manipulated. Conditions : Management user fields are modified. Workaround : None. |
CSCsz82878 |
Symptom : Controllers using Release 4.2.130.181M (Mesh) crash with Task Name: reaperWatcher. Conditions : Multiple WiSM controllers use Release 4.2.130.181M and have many Cisco Aironet 1510 Lightweight Outdoor Mesh Access Points associated to them. Workaround : 1. To disable the dynamic CAC tree updates, enter this command: config mesh cac disable 2. To enable the dynamic CAC tree updates, enter this command: config mesh cac enable |
CSCtc16222 |
Symptom : The following messages appear on Cisco WiSM2s: Message from syslogd@wism2-ms9-mgmt.it.osu at Sep 20 08:38:46... wism2-ms9-mgmt.it.osu wism2-ms9: *spamApTask7: Sep 20 08:38:42.434: #OSAPI-0-INVALID_TIMER_HANDLE: timerlib_mempool.c:241 Task is using invalid timer handle 15069/46996 Message from syslogd@wism2-ms9-mgmt.it.osu at Sep 20 08:38:46... wism2-ms9-mgmt.it.osu wism2-ms9: -Traceback: 0x113b0060 0x10a26264 0x105c9810 0x105c2760 0x105c2b90 0x105c3094 0x105a19e0 0x10348180 0x103d88ec 0x103e4ac4 0x10e4c86c 0x10a22318 0x11d316a0 0x11d8ffcc Conditions : Cisco WiSM2 using Release 7.3.101.0. Workaround : None. |
CSCtn52995 |
Symptom : Mismatch between the association counters of controller and access point. Conditions : 802.11 authentication frames are sent sometimes on different WLANs and are not followed by association frames. 1. Client 1 associates to the controller with AID =1 on SSID x. 2. Client 1 sends 802.11 Auth frame on SSID y and AID = 1 is disassociated at the access point. Auth frames are not honored at the controller, so controller is not informed. 3. No association frame arrives from client 1 at ssid 2. 4. Client 2 associates to the access point and gets AID = 1. 5. Access point updates the controller about client 2 and AID =1. 6. Controller adds duplicate entries and increments the count (controller already has client 1 AID =1). 7. Counter gets incremented and reaches 256. Workaround : None. |
CSCtq82437 |
Symptom : Unable to see CDP neighbor details of Cisco 1242, 1142 and 3500 series access points using the controller. Conditions : Controllers using Release 7.0.116.0. Access points are rebooted after a power outage, newly installed, or moved from one campus to another. Workaround : Reboot the access points. |
CSCts20040 |
Symptom : Controller crashes when SXP parameters like default password are updated or SXP is disabled/enabled. Conditions : Reboot with a version 1 SXP connection. Workaround : Delete the version 1 SXP connection before you change any SXP settings. |
CSCty84682 |
Symptom : Access point does not forward multicast data and IGMP query messages. Conditions : Reload of an access point. Workaround : Shutdown the interface to the WLAN and bring it up again. |
CSCub63054 |
Symptom : VLAN transparency enabled on Release 7.2 does not pass VLAN tags. Span at endpoints shows all frames are placed on the native VLAN. Conditions : VLAN transparency is enabled. Workaround : Disable VLAN transparency and set the MAP Ethernet port as trunk. |
CSCub96053 |
Symptom : Cisco Aironet 3500 Series Access Point gets DFS events when the DFS channel associates with a Cisco 7925 IP phone. Frequency of DFS events is higher on weekday and business hours. Conditions : Release 7.2.103.0. Workaround : None. |
CSCuc32335 |
Symptom : Local mode access points associated to controller lose their configuration and get reset to factory defaults. Conditions : Cisco 3602 Access point and Cisco 5500 Series Wireless LAN Controller using Release 7.2.103.0. Local mode access point loses power. Shut or no shut is configured on the PoE port. Workaround : None. |
CSCuc45005 |
Symptom : Controller stops working while using Release 7.3.101.0. Conditions : None. Workaround : None. |
CSCuc68995 |
Symptom : Wireless WebAuth clients are unable to authenticate to the network. A blank window appears when the client opens a browser window. When you use the debug web-auth redirect command, the following messages appear: *webauthRedirect: Oct 15 18:43:19.470: #EMWEB-6-REQUEST_IS_NOT_GET_ERROR: webauth_redirect.c:1055 Invalid request not GET on client socket 72 or *webauthRedirect: Oct 10 16:36:30.715: %EMWEB-3-PARSE_ERROR: parse error after reading. bytes parsed = 0 and bytes read = 189 Conditions : HTTP GET from the client arrives at the controller in multiple TCP segments. Workaround : Reconfigure your network and the client’s TCP/IP stack to ensure that the HTTP GET arrives in a single segment. An example of a client software that introduces TCP segmentation is AnyConnect Web Security 3.0.3054. |
CSCuc69522 |
Symptom : Client sends TCP SYN to a multicast MAC for its gateway and the controller does not send a TCP SYN ACK back. As the TCP handshake is not complete, the client never generates HTTP traffic and is never redirected. Traffic arrives at foreign controller and goes to anchor controller. Anchor controller drops the TCP SYN messages. Conditions : Foreign and anchor controller perform Central Web Authentication (CWA). Client has multicast MAC address for its gateway. Gateway of the client has a load-balanced or clustered node. Workaround : Do not use multicast MAC address for gateway. |
CSCuc70159 |
Symptom : Autonomous access point loses clock information after it reboots. Conditions : Autonomous access point using Release 15.2. Workaround : 1. Manually configure the clock after the access point reboots. 2. Configure SNTP in the access point for applications when the access point does not operate as a WGB with certificate based authentication using the command: sntp server a.b.c.d version {1 | 2 | 3} |
CSCuc78713 |
Symptom : Wireless clients cannot receive broadcast packets after broadcast key rotation. Conditions : Dynamic WEP; Release 7.0.235.0, 7.2.110.0, and 7.3.101.0. Workaround : Enter the config advanced eap bcast-key-interval 86400 command in the middle of the night and then change security setting to WPA2. |
CSCuc81022 |
Symptom : Cisco Aironet 1520 Lightweight Outdoor Mesh Access Points get false DFS triggers when in-band or off-channel (ch 124) weather RADAR signals are present. These signals are received above -20 dBm and cause network instability. Conditions : AIR-LAP152x outdoor mesh AP is installed near a weather RADAR installation. Workaround : Use the config 802.11a dfs-peakdetect disable command. |
CSCuc86805 |
Symptom : CLI debug outputs show the following message: Association request from the P2P Client Process P2P Ie and Update CB Conditions : None. Workaround : None. |
CSCuc91441 |
Symptom : When multiple clients timeout at the same time, some clients are not removed from the controller’s database after the user idle timer expires. Conditions : When around 100 clients expire their user idle timeout simultaneously, only 64 deauthentication messages are sent and 36 clients are not removed from the controller database. Workaround : Perform one of the following tasks:
- Manually remove the stale clients.
- Reboot the access point with these clients.
- Reboot the controller.
- Disable and enable the WLAN.
|
CSCuc93681 |
Symptom : Controller stops working intermittently and the crash log contains the following message: Software Failed on instruction at : pc = 0x10a5fdfc (read_socket 492) ra = 0x10a5ff34 (read_socket 492) Conditions : Controller using any Release from 7.0 to 7.4. Workaround : None. |
CSCuc98178 |
Symptom : When you change the HSRP configuration, CAPWAP access points send data to the old HSRP MAC address and control traffic to the new gateway. Conditions : Controller using Release 7.2 with Cisco Aironet 3500 Series Access Point and HSRP gateway. Workaround : Reboot the controller. |
CSCud07983 |
Symptom : Local AAA sever of the controller shows the outer EAP username of wireless users who are authenticated using local EAP. Conditions : Local EAP is used on controller. Workaround : Disable identity protection on the wireless client to use the same username for inner and outer EAP usernames. For local EAP, inner username appears in the clients page or when you use the show client detailed mac-addr command. |
CSCud12582 |
Symptom : Client RADIUS authentication fails. debug client command shows the following message: *Dot1x_NW_MsgTask_7: Dec 17 11:43:36.983: 00:11:22:33:44:55 Entering Backend Auth Response state for mobile f0:d1:a9:24:d8:a7 *Dot1x_NW_MsgTask_7: Dec 17 11:43:36.985: 00:11:22:33:44:55 Processing AAA Error ‘Out of Memory’ (-2) for mobile f0:d1:a9:24:d8:a7 *Dot1x_NW_MsgTask_7: Dec 17 11:43:36.999: 00:11:22:33:44:55 Sent Deauthenticate to mobile on BSSID 20:37:06:00:11:22 slot 0(caller 1x_auth_pae.c:1394) at the same time the msglog shows a message similar to this: *Dot1x_NW_MsgTask_7: Dec 17 12:30:23.296: #DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:447 Authentication Aborted for client 00:11:22:33:44:55 and the traplog shows a message like this: 297 Mon Dec 17 12:36:29 2012 Client Deauthenticated: MACAddress:00:11:22:33:44:55 Base Radio MAC:20:37:06:00:11:22 Slot: 1 User Name: unknown Ip Address: unknown Reason:Unspecified ReasonCode: 1 Conditions : Large scale deployments with multiple clients. RADIUS queues fill up and fail under heavy authentication and accounting load. Workaround : Disable RADIUS accounting and authentication. |
CSCud14147 |
Symptom : Controller calculates incorrect message authenticator value for RFC3576 CoA requests from some RADIUS servers such as PacketFence NAC. Conditions : Controller using Release 7.2.110.0 or Release 7.3.101.0. Workaround : None. |
CSCud44269 |
Symptom : FlexConnect mode access point sends ARP responses for a client in DHCP-required state. Roaming breaks for clients associated to the access point. Conditions :
- FlexConnect mode access point using Release 7.3.101.0.
- DHCP required is enabled on the WLAN.
Workaround : Disable the DHCP Required check box on the WLAN. |
CSCud69426 |
Symptom : AAA Override ACL is not applied. Conditions : After a session timeout, the controller clears the AAA override cache and puts the wireless client in the default VLAN. Workaround : None. |
CSCud89654 |
Symptom : When clients associate to a local access point after a successful authentication, only the URL redirect attribute is accepted by the controller and not the URL-redirect-ACL attribute. This causes failures on redirection thereafter. Conditions : Local switching-enabled 802.1x WLANs. Controller using Release 7.2. Workaround : Disable local switching on the WLAN. Segregate the local access point from FlexConnect access points on different controllers. |
CSCue02826 |
Symptom : 5-GHz radio on AIR-CAP1552E-N-K9 in non-bridge mode fails to enable if the controller is configured for the Brazil (-T) regulatory domain. Conditions : Controller using Release 7.3.101.0. Workaround : Use access point in the bridge mode. |
CSCue04517 |
Symptom : RRM cannot be disabled on the controller when the RF group DCA and TPC are disabled. Monitor mode command returns a message stating that DCA and TPC must be disabled even though they are already disabled. Conditions : Release 7.4.110.0. Workaround : Enter the following commands:
- config 802.11a txPower global 1
- config 802.11a channel global off
- config advanced 802.11a group-mode leader
- config advanced 802.11a monitor mode disable
- config advanced 802.11a group-mode off
|
CSCue09354 |
Symptom : Rogue access points are not detected when they are on a non-native VLAN trunk to a rogue detector access point. Conditions : Rogue detector mode access point using Release 7.4.100. Rogue access point is not on the rogue detector native VLAN. Workaround : None. |
CSCue33057 |
Symptom : Reversed gateway address appears for CCXv5 diagnostics client. Conditions : Cisco 8500 Series WLC. Workaround : None. |
CSCue38133 |
Symptom : Ninety days after an access point associates with a controller, the controller sends a message that the access point should be moved to the primary controller. Conditions : An HA-SKU controller is the secondary controller in a N+1 configuration and an access point joins the controller. Workaround : None. |
CSCue44986 |
Symptom : Facetime calls are not detected and proper bandwidth is not allocated. Conditions : Apple OS uses a different port to send SIP packets. Workaround : Reconnect the call. |
CSCue46710 |
Symptom : Controller stops responding during scale stress tests. CPU utilization remains at around 26 percent. Conditions : Around 6000 APs and 64000 clients are associated with the controller. Workaround : None. |
CSCue50917 |
Symptom : When an RAP loses its wired connection, it fails to restore connectivity as an MAP through the radio backhaul. Mesh adjacency is built to a nearby MAP and the RAP gets an IP address. RAP joins its controller and disconnects due to a radio reset. RAP keeps on looping till connectivity is restored. The following error messages appear on the RAP: *Feb 8 19:37:54.919: %CAPWAP-3-ERRORLOG: Selected MWAR ‘5500-5’(index 0). *Feb 8 19:37:54.919: %CAPWAP-3-ERRORLOG: Go join a capwap controller ~ *Feb 8 19:37:45.139: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller 5500-5 ~ *Feb 8 19:37:45.183: %MESH-6-ADJ_VIDB_LINK: Mesh neighbor 0021.a1f9.fa0f VIDB Virtual-Dot11Radio0 forwarding ~ *Feb 8 19:37:46.075: %LINK-6-UPDOWN: Interface Dot11Radio1 changed state to down *Feb 8 19:37:46.083: %LINK-5-CHANGED: Interface Dot11Radio1 changed state to reset ~ *Feb 8 19:37:47.075: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1 changed state to down *Feb 8 19:37:47.099: %DOT11-6-DFS_SCAN_START: DFS: Scanning frequency 5700 MHz for 60 seconds. ~ *Feb 8 19:38:21.751: %MESH-4-NO_POTENTIAL_PARENT: There are no potential parents *Feb 8 19:38:24.751: %MESH-4-NO_POTENTIAL_PARENT: There are no potential parents *Feb 8 19:38:24.751: %MESH-6-LINK_UPDOWN: Mesh station 0021.a1f9.fa0f link Down *Feb 8 19:38:24.951: %MESH-6-ADJ_VIDB_LINK: Mesh neighbor 0021.a1f9.fa0f VIDB Virtual-Dot11Radio0 going down *Feb 8 19:38:24.955: %LINK-6-UPDOWN: Interface Virtual-Dot11Radio0 changed state to down10 *Feb 8 19:38:25.955: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Dot11Radio0 changed state to down Conditions : Mesh deployment using Releases 7.0.230.0, 7.2.104.31, and 7.3.112.0. Workaround : None. |
CSCue51812 |
Symptom : Clients do not associate with the access point, clients gain network access and roam frequently. Conditions : Band select is configured with default parameters or with low values. For example, probe cycle is 1 and suppression window is 100 ms. Workaround : Disable Band select when there are multiple clients. |
CSCue88103 |
Symptom : Controller logs the following traceback message: *apfMsConnTask_0: Feb 28 14:25:59.293: #APF-3-VALIDATE_DOT11i_CIPHERS_FAILED: apf_rsn_utils.c:841 Could not validate Dot11i security IE. Received an unsupported Multicast 802.11i OUI code from mobile.Mobile:00:11:22:33:44:55 -Traceback: 0x1019de50 0x1104434c 0x11049b30 0x10c12a28 0x12238810 0x122ab30 Conditions : Wireless client requests an invalid or unsupported encryption cipher during authentication. Workaround : None. |
CSCue99208 |
Symptom : config advance 802.11 {a | b} monitor noise command configurations are lost after reboot. The following messages appear: Node ptr_rrmCfgData.rrm.noiseInterferenceInterval value = xxx is out of range for min = 0 and max = 168 Validation for node ptr_rrmCfgData.rrm.noiseInterferenceInterval failed indices for node are x Conditions : Noise measurement interval is longer than 360 seconds. Workaround : Configure the noise measurement interval between 60 and 360 seconds. |
CSCuf03454 |
Symptom : Controller stops responding. Conditions : Web pass-through clients are anchored from foreign controller to anchor controller. Workaround : Reboot the controller. |
CSCuf52235 |
Symptom : After you upgrade to Release 7.4, global user idle timeout is not used and all WLANs have an individual default user idle timeout of 300 seconds. Conditions : Controllers using Release 7.4 Workaround : Configure the user idle timeout for each WLAN. |
CSCuf54559 |
Symptom : Controller stops responding. Conditions : When you use the show mdns profile detailed default-mdns-profile command. Workaround : Do not use this command. |
CSCui30568 |
Symptom : Cisco WiSM2 in HA pair on Release 7.4.100.60 consistently keeps getting this error message every minute. 415 Wed Jul 24 13:52:28 2013 RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbApfMsDelete 416 Wed Jul 24 13:52:27 2013 RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbApfMsDelete 417 Wed Jul 24 13:52:27 2013 RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbApfMsDelete 418 Wed Jul 24 13:52:27 2013 RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbApfMsDelete 419 Wed Jul 24 13:52:27 2013 RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbApfMsDelete 420 Wed Jul 24 13:52:27 2013 RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbApfMsDelete 421 Wed Jul 24 13:52:27 2013 RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbApfMsDelete 422 Wed Jul 24 13:52:27 2013 RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbApfMsDelete 423 Wed Jul 24 13:52:27 2013 RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbApfMsDelete Conditions : Unknown. Workaround : None. Further Problem Description : At present, this issue does not impact normal services and an HA failover works as expected. There are a total of 820 Cisco APs in this deployment and there are a couple of interference and load profile failures. |
CSCui33284 |
Symptom : Upon attempting to the Open Authentication SSID that has MAC Filtering enabled, substantial packet loss is observed at a mobile endpoint. This packet loss can result in no-redirect for a client and marginal connectivity issues for the mobile endpoint. Conditions : Open Authentication on the SSID with MAC Filtering enabled. Workaround : If a client disconnects and then reconnects to the SSID, this has proven to temporarily mitigate the issue. |
CSCui45546 |
Symptom : DTIM count randomly sets to ‘zero’ for Cisco AP1140 and AP1040. Conditions : Random radio hardware issue mostly seen in dense RF environments. Easily seen for DTIM period configuration 180-255. Workaround : Use another Cisco AP platform. |
CSCui48291 |
Symptom : FlexConnect AP drops from the Cisco WLC and stops receiving traffic on GigabitEthernet0 interface until rebooted. At the time this issue is observed, the switchport connected to the Cisco AP remains operational and transmits and receives packets. The switch sees the Cisco AP as a CDP neighbor. When you access the Cisco AP console, the LAN interface is operational and transmits packets, but does not receive packets. Conditions :
- Cisco AP3502 or AP1260 AP in FlexConnect mode.
- Native VLAN ID does not match native VLAN on trunk to AP.
- Cisco WLC using Release 7.3.112.0.
Workaround : Reboot the affected Cisco AP. |
CSCui55350 |
Symptom : The following messages are displayed continuously: -Traceback: 0x10c31374 0x10c8a6a4 0x10c9ea08 0x10c94748 0x10c402d8 0x12283850 0x122f634c *rmgrMain: Aug 08 09:49:21.902: #OSAPI-5-MUTEX_UNLOCK_FAILED: osapi_sem.c:1036 Failed to release a mutual exclusion object. invalid(NULL) pointer passed. -Traceback: 0x10c30d9c 0x10c8a7f4 0x10c9ecf8 0x10c95d4c 0x10c402d8 0x12283850 0x122f634c *rmgrMain: Aug 08 09:49:21.902: #OSAPI-4-MUTEX_LOCK_FAILED: osapi_sem.c:1179 Failed to acquire a mutual exclusion object. invalid(NULL) pointer passed. Conditions :
- Cisco WLC Release 7.5
- AP SSO is in enabled state
Workaround : Change the log level to filter out those messages—On the Cisco WLC GUI, choose MANAGEMENT > Logs > Config > Msg Log Configuration. |
CSCui65225 |
Symptom : The 802.11k assisted roaming neighbor report is not returned upon a client request when the WLAN is mapped to an AP group. The following is the sample output of 802.11k debugs: (“”debug 11k all enable””): *apfMsConnTask_5: Aug 13 23:52:10.512: Received NEIGH_REQ from ms xx:xx:xx:xx:xx:xx d.token 14 *apfMsConnTask_5: Aug 13 23:52:10.512: Client WLAN 1 is not enabled for 802.11k neighbor list request request d.token 14 ignored Conditions :
- Cisco WLC using Release 7.4.110.0 or 7.5.102.0
- 802.11k neighbor list enabled on the WLAN ( config wlan assisted-roaming neighbor-list enable wlan-id
- AP groups are in use and the global WLAN ID does not match the position of the WLAN in the AP group configuration.
Workaround : Use 802.11k on WLAN with an ID that is less than or equal to 16 either in the default group or where the AP group is configured to keep the WLAN in the same position as the global WLAN ID; for example, WLAN ID 2 is the second WLAN in the AP group. |
CSCui65855 |
Symptom : Cisco WLC sends traffic from the virtual interface IP address onto the wired network outside of the CAPWAP tunnel. Conditions :
- Clients connect to WLAN using an interface group
- Cisco 5508 WLC with LAG in enabled state.
Workaround : None. |
CSCug04683 |
Symptom : Traceback appeared on the message log. Conditions : Unknown. Workaround : None. |
CSCui73517 |
Symptom : Radio interface reset when the FlexConnect AP returns to the connected mode from the standalone mode. Conditions : This issue tends to occur if the Cisco AP moves to the secondary Cisco WLC from the primary Cisco WLC after AP continues to join to the primary one for a long time. Workaround : None. |
CSCui73764 |
Symptom : Cisco 1240 and 1130 Series APs—DHCP does not work with FlexConnect and VLAN Native 2. Conditions :
- FlexConnect local switching
- Cisco 1240 or 1130 Series APs
- Cisco WLC Release 7.4.121.0 or earlier releases
- VLAN Native 2
- User unable to get IP address and to connect to the network
Workaround : Change the native VLAN to an unexpectedly higher number, so no WLAN will ever get mapped to a bridge group number that high. Further Problem Description : Telnet to the FlexConnect mode AP. Example: VLAN3 is the native VLAN on the FlexConnect mode AP. The AP is correctly mapped to bridge group 1. The WLAN that does not work is the one that is mapped to VLAN2. VLAN2 is mapped to bridge group 3 (see below). This is the instance where the issues is encountered. It can be any WLAN-VLAN-Native VLAN combination.
interface FastEthernet0.1
encapsulation dot1Q 3 native
no bridge-group 1 source-learning
bridge-group 1 spanning-disabled
interface FastEthernet0.2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
interface FastEthernet0.3
no bridge-group 3 source-learning
bridge-group 3 spanning-disabled
|
CSCui75794 |
Symptom : The foreign Cisco WLC does not respond to ARP from foreign export client to a local client being on the same VLAN. Conditions :
- Client1 associates to Cisco WLC1 (local)
- Client1 does an L3 roam to Cisco WLC2 (Cisco WLC2 is foreign and Cisco WLC1 is the anchor)
- Client2 associates with Cisco WLC2 (local)
- Initiate traffic, that is ping from Client1 to Client2
Workaround : None. |
CSCui77735 |
Symptom : Cisco 8510 WLC using Release 7.3.112.0 stopped working on taskname SNMPTask. Conditions : claPriorityOrder is set to 0 in SNMP set on Cisco Flex 7510 WLC, Cisco 8510 WLC, and Cisco vWLC. Example: snmpset -v2c -c private 83.83.83.22.1.3.6.1.4.1.9.9.598.1.1.1.1.2.1 u 0 snmpset -v2c -c private 83.83.83.22.1.3.6.1.4.1.9.9.598.1.1.1.1.2.2 u 0 snmpset -v2c -c private 83.83.83.22.1.3.6.1.4.1.9.9.598.1.1.1.1.2.3 u 0 2.1 = Local 2.2 = Radius 2.3 = TACACS 0 1 2 = priority. 0 = None - where crash is happening. 1 2 = Either first or second (8510-2) >show aaa auth Management authentication server order: 1............................................ local 2............................................ radius On 5508 value of 0 will be taken. The box won’t crash. Workaround : Do not set claPriorityOrder to 0 when this MIB is used. |
CSCui87160 |
Symptom : Cisco 5500 Series WLC stopped working due to an issue with the kernel. Conditions : Memory leak. Workaround : None. |
CSCui94634 |
Symptom : Cisco APs in FlexConnect local switching mode with VLAN mapping dissociate from the Cisco WLC when an ACL is applied to one of the VLANs. Once ACL is pushed, CAPWAP UDP processing become sluggish and retransmissions of packets from the Cisco WLC are not as per expectations with duplicate sequence number errors. Eventually, this state causes a DTLS timeout and the rejoin process on the Cisco AP fails over and over with same issue. It appears that the issue is related to incorrect CAPWAP private configuration as the actual content of the ACL does not matter. The issue occurs immediately at the point when the ACL is pushed. Conditions :
- FlexConnect mode APs with VLAN mappings and FlexConnect ACL.
- When AP is on low free flash space
Workaround : Do not apply ACL to the Cisco AP. Use another enforcement point if required. A reimage of the Cisco AP with 15.2 recovery image. |
CSCuj13054 |
Symptom : Cisco WiSM2 stopped working after an upgrade from Release 7.3.101.0 to 7.4.110.0. Conditions : Upgrade. Workaround : None. |
CSCuj15593 |
Symptom : Backed up Cisco WLC configuration with RF profile commands cannot be uploaded to another Cisco WLC. Conditions : Cisco WLC configuration with RF profile commands. Workaround : Open the configuration file in a text editor and find the commands related to RF profile This issue occurs when the commands for RF profile data rates, transmit power, and so on, occur before the command that actually creates the RF profile. For example, you may see something like this: config rf-profile data-rates 802.11a mandatory 6 test config rf-profile data-rates 802.11a supported 9 test config rf-profile create 802.11a test. Move the create command before any of the other commands related to the RF profile. Therefore, the above should be changed to the following: config rf-profile create 802.11a test config rf-profile data-rates 802.11a mandatory 6 test config rf-profile data-rates 802.11a supported 9 test Download the new configuration to the Cisco WLC. Further Problem Description : Cisco WLC Release 7.4.110.0. Create a configuration backup with RF profile configuration and then upload it to another Cisco WLC. The operation fails with the following message displayed:
*TransferTask: Sep 05 18:05:52.951: RESULT_STRING: Error: There cannot be multiple maps for the field 58.1.5.0 Config CLI:config rf-profile data-rates 802.11a disabled 6 test123”
|
CSCuj26067 |
Symptom : Sporadically, RADIUS authentications to certain Cisco APs in FlexConnect mode fail while other authentication methods on the same Cisco AP are unaffected. Conditions : Cisco 8510 WLC using Release 7.4.110.0. Cisco AP3600 in FlexConnect mode configured in a FlexConnect group with a ‘backup RADIUS’ server pointing to a Microsoft NPS RADIUS server. Workaround : Reloading the Cisco AP corrects the issue for some time. |
CSCuj35236 |
Symptom : Changing a parameter on an SSID causes issue in FlexConnect APs if another SSID exists with a different profile. Conditions : FlexConnect multiple WLANs with the same SSID. Workaround : None. |
CSCuj45983 |
Symptom : When the Cisco WLC gets a CoA (Change of Authorization) RADIUS message, for example from ISE, the Cisco WLC sends a deauthentication to the client and move the client to DHCP_REQ state. Unless “DHCP Required” is disabled on the WLAN, this means that the client will then be disconnected unless it performs a new DHCP request. With “debug client” in effect on the Cisco WLC, the following message will be seen:
DHCP_REQD (7) DHCP Policy timeout. Number of DHCP request 0 from client
Conditions : Cisco WLC is using CoA from RADIUS and has DHCP Required on the WLAN. Client is one that does not reliably re-DHCP upon 802.11 deauthentication; some Windows 7 and Mac OS X systems have been seen to have this problem. Workaround : For a single VLAN system (same VLAN before and after CoA), disable DHCP Required. For some client types, you might be able to reconfigure them to make sure that they re-DHCP as needed. For example, on a Windows 7 system, perform the following: 1. In the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces registry path, create a DWORD value named as ?UseNetworkHint? and set it to ?0?. 2. Restart the DHCP client service by executing the following commands from elevated command prompt: net stop dhcp net start dhcp An alternative might be to use two VLANs, one a pre-CoA and the other a post-CoA. The DHCP leases for the pre-CoA scope might be set with very short lease durations such as 30 seconds. This should trigger a more timely DHCP lease renewal from the client so that it can regain access to the network after the CoA event. |
CSCuj58556 |
Symptom : Cisco AP disconnects from the primary WLC and moves to the secondary WLC due to memory allocation. Conditions : Unknown. Workaround : Reboot AP. |
CSCuj58625 |
Symptom : Cisco WLC unresponsive with local EAP-FAST in use. Conditions : Cisco WLC is performing local EAP-FAST. Workaround : Use an external RADIUS server. |
CSCuj70166 |
Symptom : AP dissociates from Cisco WLC when %DOT11-2-NO_CHAN_AVAIL_CTR occurs.
DOT11-2-NO_CHAN_AVAIL_CTRL: Interface Dot11Radio1 no channel available. DTLS_CLIENT_EVENT: local_in_addr_comp: Client and server addresses of 2 nodes are AC190D09 BDAF AC190C01 147E : AC190D09 BDAF AC190C01 147E DTLS_CLIENT_EVENT: dtls_disconnect: Disconnecting DTLS connection 0x4369A0C DTLS_CLIENT_EVENT: dtls_connectionDB_del_connection: Connection deleted AC190D09 BDAF AC190C01 147E -----
Conditions : %DOT11-2-NO_CHAN_AVAIL_CTR occurs after DFS detects. Workaround : None. |
CSCuj74920 |
Symptom : A client roam between two Cisco WLCs can fail intermittently making the client to be part of the VLAN originally mapped to the WLAN; for example two Cisco WLC serving clients, WLAN mapped to VLAN x, RADIUS assigned to VLAN y; intermittently, client can be put on VLAN x during roams between WLC1 to WLC2. Conditions : When a client roams between two Cisco WLCs. Workaround : None. Further Problem Description : Debug example:
pemReceiveTask: Oct 09 15:58:40.382: 60:fe:c5:69:ef:50 Set symmetric mobility tunnel for 60:fe:c5:69:ef:50 as in Foreign role *pemReceiveTask: Oct 09 15:58:40.382: 60:fe:c5:69:ef:50 167.73.161.198 Added NPU entry of type 1 dtlFlags 0x1 *pemReceiveTask: Oct 09 15:58:40.382: 60:fe:c5:69:ef:50 Skip Foreign / Export Foreign Client IP 167.73.161.198 plumbing in FP SCB *bcastReceiveTask: Oct 09 15:58:40.389: Sending MLD query First Time to 0C:85:25:C6:71:90 ap for mgid 15 *bcastReceiveTask: Oct 09 15:58:40.389: Entry for ap 0C:85:25:C6:71:90 MLD query packet not queued for mgid 15... Enquing the Query packet... *DHCP Socket Task: Oct 09 15:58:41.520: 60:fe:c5:69:ef:50 DHCP received op BOOTREQUEST (1) (len 308 vlan 0 port 13 encap 0xec03) *DHCP Socket Task: Oct 09 15:58:41.520: 60:fe:c5:69:ef:50 DHCP processing DHCP DISCOVER (1) *DHCP Socket Task: Oct 09 15:58:41.520: 60:fe:c5:69:ef:50 DHCP op: BOOTREQUEST htype: Ethernet hlen: 6 hops: 0 *DHCP Socket Task: Oct 09 15:58:41.520: 60:fe:c5:69:ef:50 DHCP xid: 0x75555ccb (1968528587) secs: 43 flags: 0 *DHCP Socket Task: Oct 09 15:58:41.520: 60:fe:c5:69:ef:50 DHCP chaddr: 60:fe:c5:69:ef:50 *DHCP Socket Task: Oct 09 15:58:41.520: 60:fe:c5:69:ef:50 DHCP ciaddr: 0.0.0.0 yiaddr: 0.0.0.0 *DHCP Socket Task: Oct 09 15:58:41.520: 60:fe:c5:69:ef:50 DHCP siaddr: 0.0.0.0 giaddr: 0.0.0.0 *DHCP Socket Task: Oct 09 15:58:41.520: 60:fe:c5:69:ef:50 DHCP successfully bridged packet to EoIP tunnel
|
CSCuj84379 |
Symptom : Cisco WLC stops responding and then reboots. Conditions : When ad hoc rogue detection is enabled. Workaround : Disabling ad hoc rogue detection is a potential workaround. |
CSCuj83637 |
Symptom : Following an HA failover, the service port on the active Cisco WLC that is configured to get its IP address through DHCP loses connectivity after the DHCP lease expires (or the DHCP renew is forced through the config interface dhcp service-port { enable | disable } command). In case of Cisco WiSM2, this connectivity issue might cause the Cisco WLC and Catalyst 6000 to fail to exchange WCP keep-alives. Thus, the show wism status command shows the active module to be not operational. Conditions :
- Cisco WLC or Cisco WiSM2 using Release 7.4.110.x or Release 7.5.102.0 in an HA environment
- The service port is configured for DHCP
- The issue is seen after the following events happen in the specified order:
- HA failover
- Service port DHCP lease expiry
Workaround : Configure a static IP address for the service ports on both peers and force an HA switchover. From the active Cisco WLC, enter the following commands: config interface dhcp service-port disable config interface address service-port addr1 netmask config redundancy interface address peer-service-port addr2 netmask redundancy force-switchover Forcing a switchover might disconnect all the clients and any mesh APs in Release 7.4.X. Therefore, we recommend that you perform this workaround during a maintenance window. |
CSCul15555 |
Symptom : A CCKM client associated with a FlexConnect AP using Cisco WLC Release 7.4.110.0 (local switching/central authentication) might lose IP connectivity soon after a successful CCKM roaming while remaining associated with the AP. On Cisco WLAN phone, the symptom is often seen as a two-way voice outage, phone stuck in “requesting DHCP” state. On the AP side, a radio level debugging shows decryption errors. Conditions : Cisco WLC/AP using Release 7.4.110.0; FlexConnect local switching and central authentication; frequent CCKM roaming events including interband roaming. Workaround : The issue recovers soon after the client roams to another AP. Further Problem Description : This is not a persistent issue; normally, the client can then roam back to the AP without any issues. |
CSCuj93777 |
Symptom : In very rare situations, there is a racing condition that data packets are sent before switchport receiving BPDU packets from the wireless side cause MAC address flapping. Conditions : STP to break network loop mesh AP reboot or moving between RAPs intensive packets flooding in network to cause packets are sent before BPDUs are propagated. Workaround : None. |
CSCuj91880 |
Symptom : Captive Portal pops up even when Captive Portal Bypass is enabled for certain clients such as Samsung Galaxy Note 3 (using JellyBean 4.3) or MS Surface Pro (Windows 8). Conditions : This issue occurs only for some client such as Surface Pro and Samsung Galaxy Note 3 when trying to provision the clients on a dual SSID BYOD Provisioning Setting. Workaround : None. |
CSCuj97293 |
Symptom : Cisco WLC stops responding when the show local-auth certificates commands is entered. Conditions : Unknown. Workaround : None. |
CSCul16796 |
Symptom : Client is using PEAP; the EAP handshake fails when the Cisco vWLC needs to send the server certificate. Conditions : Using a Cisco vWLC and an EAP method that requires certificates. The path MTU between the Cisco vWLC and the Cisco AP is 1200 bytes or less. Workaround : Increase the path MTU. Further Problem Description : This is a regression; the issue was not observed in Release 7.4.X. |
CSCul16911 |
Symptom : Cisco APs disconnect from the Cisco WLC due to DTLS errors. Conditions : Cisco AP disconnects. Workaround : None. |
CSCul25617 |
Symptom : When you try to enable AP Management on dynamic interface, the “Failed to Add MDNS profile” message is displayed. Conditions : Not applicable. Workaround : None. |
CSCul42704 |
Symptom : Rogue APs are mistaken as infrastructure devices. Thus, the wIPS alarms such sa deauthentication spoofed MAC address are falsely triggered later. Conditions : Rogue devices that are not associated with Cisco AP send data packet such as data null to Cisco AP. This causes wIPS to falsely recognize rogue devices as part of infrastructure devices. Workaround : None. |
CSCul43813 |
Symptom : Performing a filter using either “WLAN Profile” or “WLAN SSID,” multiple clients and pages are displayed. The first page shows the maximum allowable information for that page. However, when you want to navigate to the subsequent pages, a “No clients found” message is displayed. Conditions : Include either “WLAN Profile” or “WLAN SSID” as the filter option. Workaround : None. |
CSCuj89107 |
Symptom : Cisco WLC stopped working with the Task Name: spamApTask7 on Release 7.4.115.0. ************************************************************ * Start Cisco Crash Handler * ************************************************************ Sys Name: WLC-Campus-9 Model: AIR-CT5508-K9 Version: 7.4.115.0 Timestamp: Wed Oct 16 15:47:22 2013 SystemUpTime: 0 days 1 hrs 20 mins 41 secs signal: 10 pid: 1070 TID: 1030415184 Task Name: spamApTask7 Reason: System Crash si_signo: 10 si_errno: 0 si_code: 128 si_addr: 0x0 timer tcb: 0x845 timer cb: 0x10e76e80 (‘alarmSendMsgToMsgTask 48’) timer arg1: 0x0 timer arg2: 0x0 Long time taken timer call back inforamtion: Time Stamp: Wed Oct 16 14:45:33 2013 timer cb : 100ee078p(‘apfMsSessionExpireCallback 456’) Duration : 745922 usecs cbCount= 5 ------------------------------------------------------------ Analysis of Failure: Software Failed on instruction at : pc = 0x102bd2f0 (usmDbSpamGetUpTime 72) ra = 0x10dd0d70 (usmDbSpamGetUpTime 72) Software Failed while accessing the data located at :0x0 ------------------------------------------------------------ System Stack Frame 0: 0x10012e90 create_crash_dump 7156 Frame 1: 0x10011c88 create_crash_dump 2540 Frame 2: 0x10007cfc sigsegv_handler 6168 Frame 3: 0x3d6acea0 license_xos_thread_create 730498928 Frame 4: 0x102bd2f0 spamGetUpTime 88 Frame 5: 0x10dd0d70 usmDbSpamGetUpTime 72 Frame 6: 0x10be4b9c trapMgrLwappApAssociatedTrapSend 372 Frame 7: 0x10452098 acPostDecodeConfigRequest 1816 Frame 8: 0x10459740 acCapwapSmInit 18536 Frame 9: 0x1045338c acPostDecodeConfigRequest 6668 Frame 10: 0x10460b3c capwapAcStatemachine 532 Frame 11: 0x10f86254 spamApReceiveTask 668 Frame 12: 0x10b07be8 osapiTaskAppKeySelfSet 304 Frame 13: 0x12020500 license_xos_thread_create 2211280 Frame 14: 0x12080eac license_xos_thread_create 2606972 Conditions : Unknown. Workaround : None. |
CSCul72669 |
Symptom : Lightweight Cisco AP might not send out deauthentication messages to an existing client before 802.11 radio interface reset by RLDP although debug dot11 mgmt msg command outputs indicate the messages are sent out. Conditions : RLDP is enabled on a lightweight Cisco AP. Workaround : Disable RLDP. |
CSCul78541 |
Symptom : AAA override client gets assigned to dynamic interface on roam. Conditions : As an extension to CSCui50515 on Release 7.4.X, WLAN using WPA2 AES, MAC Filter PSK, AAA override gets defaulted to dynamic interface on WLAN instead of AAA overridden VLAN value upon a roam. The Cisco APs are in local mode and associated with the same Cisco WLC. A new association to the Cisco AP or removing client entry from the Cisco WLC resolves the issue and the client gets AAA overridden VLAN again when fast-SSID change is disabled. Workaround : Enabling fast-SSID change resolves the issue and assigns the client the correct AAA-override VLAN on roam. |
CSCuf74326 |
Symptom: On successful installation of Cisco WLC licenses access points are unable to join the controller as the web-user interface displays supported access points as none. However, when you execute the show license summary command using the CLI, the exact count of licenses in use is displayed. Conditions: Occurs when you install adder license file on the controller without installing the base licenses. Workaround: Contact Cisco Support for installing the base licenses of the controller. |
CSCuf77488 |
Symptom: The FT and LT detection time for an alarm is ahead or later than the AP clock. This is causing a delay in NCS to detect the alarm.
LCAVIAX014-2AD1#show capwap am alarm 54 capwap_am_show_alarm = 54
<FT>2013/03/12 23:37:44</FT>
<LT>2013/03/12 23:38:07</LT> <DT>2013/03/01 21:59:47
<SM>D0:57:4C:08:FB:B2-g</SM>
pAlarm.bPendingUpload = 0
LCAVIAX014-2AD1#show clock
*21:59:18.983 UTC Tue Mar 12 2013
In Cisco NCS you will not see the alarm until the actual AP time matches the time reported in the FT. Conditions: This occurs in Cisco Wireless LAN Controller 5508 series with release 7.0.235.3, and Cisco Aironet 3500 series wIPS ELM mode, MSE 3350 on release 7.0.201.204. Workaround: None. |
CSCuf77821 |
Symptom: A vulnerability in the web interface of the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated remote attacker to execute a cross-frame scripting (XFS) attack. An attacker could exploit the vulnerability of insufficient HTML iframe protection and can direct users to an attacker-controlled web page with a malicious HTML iframe. The application allows users to perform certain actions via HTTP requests via iframes without performing any validity checks to verify the requests. Conditions: Device configured with default configuration. Workaround: None. |
CSCug14709 |
Symptom: In Cisco WLC Release 7.4, the Cisco WLC does not respond when an “airespace wlan-identifier” attribute is sent back in an access-accept by the RADIUS server. Conditions: This issue exists in the Cisco WLC Release 7.4. Workaround: Use another mechanism to restrict SSID access. |
CSCug14713 |
Symptom: RADIUS accounting update is seen twice from the controller when initial authentication occurs for RADIUS NAC-enabled WLAN. Conditions: This issue occurs when RADIUS NAC is enabled. Workaround: None. |
CSCug19563 |
Symptom: Wism2 secondary controller DP crashed due to a deadlock in high availability configuration while boot and synchronization with the primary controller. Conditions: The secondary controller DP crash occurs only when there are multiple reboots of the controller in a high availability configuration. The controller recovers after the reboot. Workaround: None. |
CSCug21736 |
Symptom: Cisco LAP1131 and LAP 1132 access points may experience a memory leak when a SIP phone roams from one access point to another while in an active call. This issue occurs when the handset sends multiple re-association messages when connecting to the new AP while in roaming. As a result of this bug, an authenticated adjacent attacker can trigger a memory loss and eventual cause the AP to reboot. Conditions: SIP Handsets that send multiple reassociation messages when roaming can trigger this issue. Workaround: None. |
CSCug26521 |
Symptom: When using controller with Release 7.4 and DHCP proxy enabled, the packets were dropped during inspection because the option 255 is missing in the DHCP request packets sent out by the controller. Conditions: This issue occurs in the Cisco Wireless LAN Controller using release 7.4. Workaround: Convert the DHCP opt 82 format from binary to ASCII value using the config dhcp opt-82 format ascii command. |
CSCug38794 |
Symptom: Cisco WiSM2 stops working and then reboots. Conditions:
- Buffer corruption
- Low frequency issue, under investigation
Workaround: None. |
CSCug40463 |
Symptom: A Cisco AP might stop transmitting traffic after several days with a switch port speed/duplex misconfiguration. Conditions: This issue exists on Cisco Aironet 2600 Series access points that are associated with a controller using software release 7.3.112.0 or with an autonomous Cisco IOS software release15.2(2)JA. The default Ethernet interface of the Cisco Aironet 2600 series access points is auto/auto; and switch port: duplex full/ speed 100. Workaround: Correct the speed/duplex misconfiguration in a manner that the configuration match the access point and the switch port. |
CSCug57436 |
Symptom: In Cisco 3502 mesh access point the bridging does not exclude gig0 failing to join over radio. Conditions: Cisco 3502 Mesh when configured as a map with the bridging enabled connected behind a switch and a reboot on the map happens. Workaround: You must shut down the switch port so that the access points will join over the radio interface. |
CSCug64950 |
Symptom: Modification of the access point group to a RAP which is currently connected through the radio backhaul interface—RAP in MAP mode as the wired uplink is down strands the RAP. Conditions: Occurs when a Cisco mesh access point such as 1552 or 1522 operates as an access point (root) without any wired backhaul interface available. This issue exists on the Cisco Wireless LAN Controller using release 7.0.x. Workaround: You must clear the CAPWAP private configuration using the clear capwap private-config command and reboot the access point. |
CSCug73845 |
Symptom: Cisco Wireless LAN Controller NAS-identifier override is taking system name instead the NAS-identifier configured on an access point group, WLAN, or interface. Conditions: Configure an AP group, WLAN, or interface NAS-ID. Workaround: None. |
CSCug88172 |
Symptom: Cisco Aironet 1600 series access points transmits TKIP packets with MIC errors. The errors are reported and traffic disrupted. The following message log is displayed:
*Dot1x_NW_MsgTask_7: Oct 11 06:17:21.387:
#DOT1X-3-WPA_KEY_MIC_ERR: 1x_eapkey.c: 618
TKIP MIC errors reported in EAPOL key msg from client 00:11:22:33:44:55
Conditions: This issue exists on Cisco Aironet 600 series access points that use TKIP encryption method. Workaround: You must ensure sage of AES encryption methods instead of TKIP encryption methods. |
CSCug92421 |
Symptom: Controller reports stale client entries in large numbers. Conditions: This issue exists on Cisco Wireless LAN Controller when numerous clients use FlexConnect access point local authentication while in connected mode. Workaround: Do not use FlexConnect local authentication while in connected mode. |
CSCug73660 |
Symptom: Cisco Aironet 1600 series access points should have 17dbm of transmission power on one antenna and transmission power up to 22dbm with three antennas. However the show controllers command output displays that power level 1 is 13dbm on 3 antennas (8dbm per antenna). The output displayed is correct for the given AP/domain/radio/channel. However, modifying the antenna gain has no effect on the transmission power. Conditions: This issue exists in the Cisco Wireless LAN Controller release 7.4.100. European regulatory domain in countries where the expected power level is 17. Workaround: You must configure the radio to reduce its power as required if the configured antenna gain would cause the EIRP to exceed regulatory limits. The maximum power allowed is dependent upon: 1. The AP model 2. The AP domain 3. The radio 4. The specific channel in use 5. The number of antennas in use 6. The configured antenna gain To find the specific allowed power levels of interest, see the Channels and Maximum Power Settings document for the selected AP. On verification for the document, you will find that the maximum power settings are correct—except that the configured gain does not limit the allowed power. This bug is thus fixed by having the configured antenna gain limit the transmit power.” |
CSCug83271 |
Symptom: Cisco Virtual Wireless LAN Controllers fail to properly implement virtual CPU access control lists that have been configured to restrict access to the private virtual management address. Conditions: This issue exists on Cisco Virtual Wireless LAN Controllers with controller software release 7.4. Workaround: None. Further Problem Description: This issue does not allow an intruder to bypass any forms of authentication. However, if an attacker accesses the private virtual management interface, the controller prompts them to provide valid credentials to gain access. |
CSCug86995 |
Symptom: Configuration of an external NAT IP state and address in management interface using the Cisco WLC GUI is available in SRE controller. However, access points in public domains cannot join the controller as the discovery response of the controller includes only the private address of the controller. To enable or disable NAT IP address for access point discovery, you must use the config network ap-discovery nat-ip-only {enable | disable} command in the command line interface of the controller. Conditions: None. Workaround: Refrain from placing the SRE-WLC behind NAT even though the controller web UI allows you the configuration. This configuration is currently unsupported in the controller. |
CSCuh11409 |
Symptom: A RAP connected through radio backhaul interface while the wired backhaul interface is down can be stranded by manually disabling the 11a backhaul interface. The controller should prevent this configuration to be pushed as in Mesh APs (role MAP). Conditions: This issue exists on Cisco Wireless LAN Controller using release 7.0.240.4 with Mesh AP (tested with 1552 and 1522 models) in role Root AP with no wired backhaul interface available. Workaround: Use the clear capwap private-config reload command to clear the CAPWAP private configuration using the command line interface. |
CSCuh16842 |
Symptom: Client gets IPv6 address from different VLAN. Conditions: This issue occurs due simultaneous occurrence of the following: 1. Interface group 2. Client sends traffic from either the static IP address or a previously allocated IP address. 3. Client traffic does not matching the traffic received by the assigned VLAN initially. The following message will be displayed when this occurs “Overriding interface of client from ‘vlan20’ to ‘vlan30’ within interface group ‘vlan20-30’”. Workaround: Use DHCP required to join a VLAN. |
CSCuh20155 |
Symptom: A Cisco Aironet 3600 or 2600 series access points fail to boot the Cisco IOS software and the access point stays at the boot loader prompt —the ap prompt. Conditions: The Cisco AP moves to standalone mode and is power cycled. Workaround: Perform the following steps: 1. Initialize the Cisco AP, to do this enter the ap: flash_init command at the ap prompt. 2. Reboot the access point to load a new image, to do this enter the ap: boot command at the ap prompt. 3. Upgrade the bootloader of the access point to the Autonomous AP IOS Software release15.2(4)JA1 or later. To upgrade the bootloader: Copy the bootloader image onto AP flash. To do this, execute the copy flash:/BOOTLOADERFILENAME bs: command at the ap prompt. |
CSCuh42665 |
Symptom: Cisco Wireless LAN Controller sends incorrect information while detecting rogue access points using traps. Conditions: This issue exists only in the Cisco Wireless LAN Controller using Release 7.4. Workaround: None. |
CSCuh46355 |
Symptom: Cisco Wireless LAN Controllers that have been configured for high availability may crash when a second node is added to the HA cluster. The error message displayed indicates a crash in SNMPTask. Conditions: This issue exists for Cisco Wireless LAN Controllers that use an affected version of controller software release is configured for high availability. Workaround: None. |
CSCuh46996 |
Symptom: Wired device such as scale behind a third party bridge device fails to get an IP address. Conditions: This issue occurs when third party bridge is associating to an access point in the HREAP/FlexConnect local switching mode and controller uses a software release later than the release 7.0.116.0. Workaround: None. |
CSCuh47502 |
Symptom: Controller displays non-valid scrolling messages.
*DHCP Server: Jun 12 12:59:29.966: adding option 0x35
*DHCP Server: Jun 12 12:59:29.966: adding option 0x36
Conditions: This issue occurs when the debug of DHCP messages that are exchanged to and from the DHCP server is enabled. Workaround: Disable the debug of DHCP messages that are exchanged to and from the DHCP server using the d ebug dhcp message disable command in the controller command line interface. |
CSCuh50505 |
Symptom: WiSM2 controller crashes and reboots. Conditions: This issue occurs when TPCv2 is enabled in the WiSM2 controller. Workaround: You must disable TPCv2. |
CSCuh52238 |
Symptom: Controller detects false positive Dynamic Frequency Selection Detections (DFS) owing to signals transmitted by Broadcom radios. Conditions: Clients trigger DFS detections due to spurious emissions. This commit tracks additional filtering Cisco can do from their side to help with DFS falsifying. The commit as per customer site information helps with DFS falsifying about 30% of the time. Broadcom is also working on a fix from their side as well to fix the root issue. Workaround: You must use non-DFS channels for transmission. |
CSCuh56733 |
Symptom: Cisco Aironet 1550 series access points are unable to configure transmit power greater than 20dbm while in autonomous mode. Conditions: Unknown. Workaround: None. |
CSCuh68059 |
Symptom: Cisco Aironet 1300 and 1400 series Access Points crashes after some period of operation. The crash file reports an error in the REAP process and occurs when a heavily loaded access point performs a cleanup of the time-out sessions. Conditions: Cisco Aironet 1300 and 1400 series APs connected to a Cisco Wireless LAN controller using an affected version of controller software release. Workaround: None. Further Problem Description: This issue is specific to the affected access points and is not triggered by any external means. The crash occurs on APs that are heavily loaded and experience a significant number of connections which are timed-out. |
CSCuh72474 |
Symptom: Controller marks an interface in a group as dirty even when a response is received from the DHCP server. This issue is observed when clients insist on requesting an IP outside of their connected interface range in a flood (more than 100 DHCP request in the same second). The DHCP server start slowing down the responses as a result of this flood. The interface gets marked as Dirty as the dirty marking is based on requests without responses. Conditions: Clients insist on requesting an IP address outside their range using flood way. Workaround: None |
CSCuh76898 |
Symptom: Client communication fails when access point joins a controller and then tries to join another controller while in FlexConnect local switching mode with disabled VLAN support. Conditions: None. Workaround: Turn on/off the radio of the client adapter. |
CSCuh97457 |
Symptom: Controller displays incompatibility behavior on Cisco controller incompatibility behavior on Change-of-authorization (CoA) for RFC 3576 implementation and shows the debug output error 'RFC-3576 Disconnect-Request' which indicates that session identification attributes are invalid. The following error message is displayed:
Error cause 402 generated for ‘RFC-3576 Disconnect-Request’ from 192.168.1.5 (Session Identification attributes not valid)
Conditions: Change-of-authorization (CoA) on the controller. Workaround: The controller accepts the disconnect request when the three AVP pair attributes are sent— Calling-Station-ID MAC address of device (lower case works), Service-Type Login-user, and the Called-Station-ID (upper case MAC of AP SSID separated by colons). |
CSCuh99194 |
Symptom: A client's first attempt to associate is unsuccessful; the second attempt is successful. Conditions: This issue occurs when the maximum number of clients per AP radio is configured on each Cisco Aironet 1142 series Access Point. Workaround: None. |
CSCui09037 |
Symptom: Update for Client IP on controller does not happen after the 7.3.101.0 software release upgrade. Conditions: This issue exists in Cisco Wireless LAN Controller release 7.3.101.0 when WLAN is used for a locally switched H-REAP RADIUS authentication of mobile device when the DHCP server is central. Workaround: You must wait for 20 to 30 minutes for synchronization to complete. |
CSCui15110 |
Symptom: After adding a WLAN to an AP group, the WLAN properties cannot be edited on the AP VLAN mapping page when the AP is in FlexConnect mode. Conditions: This issue occurs when you disable WLAN before adding it to the AP group. Workaround: 1. Enable the WLAN before adding to AP group. 2. Add another enabled WLAN. 3. Reboot the Cisco AP. |
CSCui18377 |
Symptom: Crash errors, traceback conditions, and radio reset errors displayed in Cisco Aironet 1240AG series after the controller upgrades to software release 7.4.100.60.
%SYS-2-BADSHARE: Bad refcount in datagram_done > ptr=125F318 count=0 -Traceback= <HEX Tracebacks>
Conditions: This issue exists on Cisco Wireless LAN Controller while upgrading to the 7.4.100.60 software release. Workaround: None. |
CSCue42242 |
Symptom : When the Cisco WLC detects more than 21 ad hoc rogues, the web GUI shows only the first 20 entries (first page). Conditions : Path on the web GUI: Monitor > Rogue > Adhoc Rogues and click on “Unclassified Adhoc” or “Custom Adhoc”. The first page shows correctly, but it is not possible to browse to the subsequent pages. Workaround : Use the show rogue adhoc summary command on the CLI. |
CSCuf56192 |
Symptom : Unable to delete an mDNS profile. Conditions : When the mDNS profile is mapped to an interface and the interface is deleted. Workaround : Before deleting the interface, detach the profile and then delete the interface. |
CSCuc72713 |
Symptom : Static IP on clients working with interface group VLAN select feature gets assigned to an incorrect interface. Conditions : Though the static IP subnet exists as a valid interface, it does not get overridden to the correct subnet interface and gets marked into mac-hash interface and the client is unable to pass traffic. Workaround : Enter the config ipv6 disable command. |