Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 7.4.121.0

7.0.98.0 or later 7.0 releases

You can upgrade directly to 7.4.121.0

Note If you have VLAN support and VLAN mappings defined on H-REAP access points and are currently using a 7.0.x controller software release that is prior to 7.0.240.0, we recommend that you upgrade to the 7.0.240.0 release and then upgrade to 7.4.121.0 to avoid losing those VLAN settings.

7.1.91.0

You can upgrade directly to 7.4.121.0

7.2. or later 7.2 releases

You can upgrade directly to 7.4.121.0

Note If you have an 802.11u HotSpot configuration on the WLANs, we recommend that you first upgrade to the 7.3.101.0 controller software release and then upgrade to the 7.4.121.0 controller software release.

You must downgrade from the 7.4.121.0 controller software release to a 7.2.x controller software release if you have an 802.11u HotSpot configuration on the WLANs that is not supported.

7.3 or later 7.3 releases

You can upgrade directly to 7.4.121.0

7.4 releases that are prior to this release

You can upgrade directly to 7.4.121.0

CSCud50209

Symptom : Controller fails when the management user form post is manipulated.

Conditions : Management user fields are modified.

Workaround : None.

CSCsz82878

Symptom : Controllers using Release 4.2.130.181M (Mesh) crash with Task Name: reaperWatcher.

Conditions : Multiple WiSM controllers use Release 4.2.130.181M and have many Cisco Aironet 1510 Lightweight Outdoor Mesh Access Points associated to them.

Workaround :

1. To disable the dynamic CAC tree updates, enter this command:

config mesh cac disable

2. To enable the dynamic CAC tree updates, enter this command:

config mesh cac enable

CSCtc16222

Symptom : The following messages appear on Cisco WiSM2s:

Message from syslogd@wism2-ms9-mgmt.it.osu at Sep 20 08:38:46... wism2-ms9-mgmt.it.osu wism2-ms9: *spamApTask7: Sep 20 08:38:42.434: #OSAPI-0-INVALID_TIMER_HANDLE: timerlib_mempool.c:241 Task is using invalid timer handle 15069/46996

Message from syslogd@wism2-ms9-mgmt.it.osu at Sep 20 08:38:46... wism2-ms9-mgmt.it.osu wism2-ms9: -Traceback: 0x113b0060 0x10a26264 0x105c9810 0x105c2760 0x105c2b90 0x105c3094 0x105a19e0 0x10348180 0x103d88ec 0x103e4ac4 0x10e4c86c 0x10a22318 0x11d316a0 0x11d8ffcc

Conditions : Cisco WiSM2 using Release 7.3.101.0.

Workaround : None.

CSCtn52995

Symptom : Mismatch between the association counters of controller and access point.

Conditions : 802.11 authentication frames are sent sometimes on different WLANs and are not followed by association frames.

1. Client 1 associates to the controller with AID =1 on SSID x.

2. Client 1 sends 802.11 Auth frame on SSID y and AID = 1 is disassociated at the access point. Auth frames are not honored at the controller, so controller is not informed.

3. No association frame arrives from client 1 at ssid 2.

4. Client 2 associates to the access point and gets AID = 1.

5. Access point updates the controller about client 2 and AID =1.

6. Controller adds duplicate entries and increments the count (controller already has client 1 AID =1).

7. Counter gets incremented and reaches 256.

Workaround : None.

CSCtq82437

Symptom : Unable to see CDP neighbor details of Cisco 1242, 1142 and 3500 series access points using the controller.

Conditions : Controllers using Release 7.0.116.0. Access points are rebooted after a power outage, newly installed, or moved from one campus to another.

Workaround : Reboot the access points.

CSCts20040

Symptom : Controller crashes when SXP parameters like default password are updated or SXP is disabled/enabled.

Conditions : Reboot with a version 1 SXP connection.

Workaround : Delete the version 1 SXP connection before you change any SXP settings.

CSCty84682

Symptom : Access point does not forward multicast data and IGMP query messages.

Conditions : Reload of an access point.

Workaround : Shutdown the interface to the WLAN and bring it up again.

CSCub63054

Symptom : VLAN transparency enabled on Release 7.2 does not pass VLAN tags. Span at endpoints shows all frames are placed on the native VLAN.

Conditions : VLAN transparency is enabled.

Workaround : Disable VLAN transparency and set the MAP Ethernet port as trunk.

CSCub96053

Symptom : Cisco Aironet 3500 Series Access Point gets DFS events when the DFS channel associates with a Cisco 7925 IP phone. Frequency of DFS events is higher on weekday and business hours.

Conditions : Release 7.2.103.0.

Workaround : None.

CSCuc32335

Symptom : Local mode access points associated to controller lose their configuration and get reset to factory defaults.

Conditions : Cisco 3602 Access point and Cisco 5500 Series Wireless LAN Controller using Release 7.2.103.0.

Local mode access point loses power.

Shut or no shut is configured on the PoE port.

Workaround : None.

CSCuc45005

Symptom : Controller stops working while using Release 7.3.101.0.

Conditions : None.

Workaround : None.

CSCuc68995

Symptom : Wireless WebAuth clients are unable to authenticate to the network. A blank window appears when the client opens a browser window. When you use the debug web-auth redirect command, the following messages appear: *webauthRedirect: Oct 15 18:43:19.470: #EMWEB-6-REQUEST_IS_NOT_GET_ERROR: webauth_redirect.c:1055 Invalid request not GET on client socket 72 or *webauthRedirect: Oct 10 16:36:30.715: %EMWEB-3-PARSE_ERROR: parse error after reading. bytes parsed = 0 and bytes read = 189

Conditions : HTTP GET from the client arrives at the controller in multiple TCP segments.

Workaround : Reconfigure your network and the client’s TCP/IP stack to ensure that the HTTP GET arrives in a single segment. An example of a client software that introduces TCP segmentation is AnyConnect Web Security 3.0.3054.

CSCuc69522

Symptom : Client sends TCP SYN to a multicast MAC for its gateway and the controller does not send a TCP SYN ACK back. As the TCP handshake is not complete, the client never generates HTTP traffic and is never redirected. Traffic arrives at foreign controller and goes to anchor controller. Anchor controller drops the TCP SYN messages.

Conditions : Foreign and anchor controller perform Central Web Authentication (CWA). Client has multicast MAC address for its gateway. Gateway of the client has a load-balanced or clustered node.

Workaround : Do not use multicast MAC address for gateway.

CSCuc70159

Symptom : Autonomous access point loses clock information after it reboots.

Conditions : Autonomous access point using Release 15.2.

Workaround :

1. Manually configure the clock after the access point reboots.

2. Configure SNTP in the access point for applications when the access point does not operate as a WGB with certificate based authentication using the command:

sntp server a.b.c.d version {1 | 2 | 3}

CSCuc78713

Symptom : Wireless clients cannot receive broadcast packets after broadcast key rotation.

Conditions : Dynamic WEP; Release 7.0.235.0, 7.2.110.0, and 7.3.101.0.

Workaround : Enter the config advanced eap bcast-key-interval 86400 command in the middle of the night and then change security setting to WPA2.

CSCuc81022

Symptom : Cisco Aironet 1520 Lightweight Outdoor Mesh Access Points get false DFS triggers when in-band or off-channel (ch 124) weather RADAR signals are present. These signals are received above -20 dBm and cause network instability.

Conditions : AIR-LAP152x outdoor mesh AP is installed near a weather RADAR installation.

Workaround : Use the config 802.11a dfs-peakdetect disable command.

CSCuc86805

Symptom : CLI debug outputs show the following message:

Association request from the P2P Client Process P2P Ie and Update CB

Conditions : None.

Workaround : None.

CSCuc91441

Symptom : When multiple clients timeout at the same time, some clients are not removed from the controller’s database after the user idle timer expires.

Conditions : When around 100 clients expire their user idle timeout simultaneously, only 64 deauthentication messages are sent and 36 clients are not removed from the controller database.

Workaround : Perform one of the following tasks:

• Manually remove the stale clients.
• Reboot the access point with these clients.
• Reboot the controller.
• Disable and enable the WLAN.

CSCuc93681

Symptom : Controller stops working intermittently and the crash log contains the following message:

Software Failed on instruction at : pc = 0x10a5fdfc (read_socket 492) ra = 0x10a5ff34 (read_socket 492)

Conditions : Controller using any Release from 7.0 to 7.4.

Workaround : None.

CSCuc98178

Symptom : When you change the HSRP configuration, CAPWAP access points send data to the old HSRP MAC address and control traffic to the new gateway.

Conditions : Controller using Release 7.2 with Cisco Aironet 3500 Series Access Point and HSRP gateway.

Workaround : Reboot the controller.

CSCud07983

Symptom : Local AAA sever of the controller shows the outer EAP username of wireless users who are authenticated using local EAP.

Conditions : Local EAP is used on controller.

Workaround : Disable identity protection on the wireless client to use the same username for inner and outer EAP usernames. For local EAP, inner username appears in the clients page or when you use the show client detailed mac-addr command.

CSCud12582

Symptom : Client RADIUS authentication fails. debug client command shows the following message:

*Dot1x_NW_MsgTask_7: Dec 17 11:43:36.983: 00:11:22:33:44:55 Entering Backend Auth Response state for mobile f0:d1:a9:24:d8:a7 *Dot1x_NW_MsgTask_7: Dec 17 11:43:36.985: 00:11:22:33:44:55 Processing AAA Error ‘Out of Memory’ (-2) for mobile f0:d1:a9:24:d8:a7 *Dot1x_NW_MsgTask_7: Dec 17 11:43:36.999: 00:11:22:33:44:55 Sent Deauthenticate to mobile on BSSID 20:37:06:00:11:22 slot 0(caller 1x_auth_pae.c:1394) at the same time the msglog shows a message similar to this: *Dot1x_NW_MsgTask_7: Dec 17 12:30:23.296: #DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:447 Authentication Aborted for client 00:11:22:33:44:55 and the traplog shows a message like this: 297 Mon Dec 17 12:36:29 2012 Client Deauthenticated: MACAddress:00:11:22:33:44:55

Base Radio MAC:20:37:06:00:11:22 Slot: 1

User Name: unknown Ip Address: unknown Reason:Unspecified ReasonCode: 1

Conditions : Large scale deployments with multiple clients. RADIUS queues fill up and fail under heavy authentication and accounting load.

Workaround : Disable RADIUS accounting and authentication.

CSCud14147

Symptom : Controller calculates incorrect message authenticator value for RFC3576 CoA requests from some RADIUS servers such as PacketFence NAC.

Conditions : Controller using Release 7.2.110.0 or Release 7.3.101.0.

Workaround : None.

CSCud44269

Symptom : FlexConnect mode access point sends ARP responses for a client in DHCP-required state. Roaming breaks for clients associated to the access point.

Conditions :

• FlexConnect mode access point using Release 7.3.101.0.
• DHCP required is enabled on the WLAN.

Workaround : Disable the DHCP Required check box on the WLAN.

CSCud69426

Symptom : AAA Override ACL is not applied.

Conditions : After a session timeout, the controller clears the AAA override cache and puts the wireless client in the default VLAN.

Workaround : None.

CSCud89654

Symptom : When clients associate to a local access point after a successful authentication, only the URL redirect attribute is accepted by the controller and not the URL-redirect-ACL attribute. This causes failures on redirection thereafter.

Conditions : Local switching-enabled 802.1x WLANs. Controller using Release 7.2.

Workaround : Disable local switching on the WLAN. Segregate the local access point from FlexConnect access points on different controllers.

CSCue02826

Symptom : 5-GHz radio on AIR-CAP1552E-N-K9 in non-bridge mode fails to enable if the controller is configured for the Brazil (-T) regulatory domain.

Conditions : Controller using Release 7.3.101.0.

Workaround : Use access point in the bridge mode.

CSCue04517

Symptom : RRM cannot be disabled on the controller when the RF group DCA and TPC are disabled. Monitor mode command returns a message stating that DCA and TPC must be disabled even though they are already disabled.

Conditions : Release 7.4.110.0.

Workaround : Enter the following commands:

• config 802.11a txPower global 1
• config 802.11a channel global off
• config advanced 802.11a group-mode leader
• config advanced 802.11a monitor mode disable
• config advanced 802.11a group-mode off

CSCue09354

Symptom : Rogue access points are not detected when they are on a non-native VLAN trunk to a rogue detector access point.

Conditions : Rogue detector mode access point using Release 7.4.100. Rogue access point is not on the rogue detector native VLAN.

Workaround : None.

CSCue33057

Symptom : Reversed gateway address appears for CCXv5 diagnostics client.

Conditions : Cisco 8500 Series WLC.

Workaround : None.

CSCue38133

Symptom : Ninety days after an access point associates with a controller, the controller sends a message that the access point should be moved to the primary controller.

Conditions : An HA-SKU controller is the secondary controller in a N+1 configuration and an access point joins the controller.

Workaround : None.

CSCue44986

Symptom : Facetime calls are not detected and proper bandwidth is not allocated.

Conditions : Apple OS uses a different port to send SIP packets.

Workaround : Reconnect the call.

CSCue46710

Symptom : Controller stops responding during scale stress tests. CPU utilization remains at around 26 percent.

Conditions : Around 6000 APs and 64000 clients are associated with the controller.

Workaround : None.

CSCue50917

Symptom : When an RAP loses its wired connection, it fails to restore connectivity as an MAP through the radio backhaul. Mesh adjacency is built to a nearby MAP and the RAP gets an IP address. RAP joins its controller and disconnects due to a radio reset. RAP keeps on looping till connectivity is restored. The following error messages appear on the RAP:

*Feb 8 19:37:54.919: %CAPWAP-3-ERRORLOG: Selected MWAR ‘5500-5’(index 0). *Feb 8 19:37:54.919: %CAPWAP-3-ERRORLOG: Go join a capwap controller ~ *Feb 8 19:37:45.139: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller 5500-5 ~ *Feb 8 19:37:45.183: %MESH-6-ADJ_VIDB_LINK: Mesh neighbor 0021.a1f9.fa0f VIDB Virtual-Dot11Radio0 forwarding ~ *Feb 8 19:37:46.075: %LINK-6-UPDOWN: Interface Dot11Radio1 changed state to down *Feb 8 19:37:46.083: %LINK-5-CHANGED: Interface Dot11Radio1 changed state to reset ~ *Feb 8 19:37:47.075: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1 changed state to down *Feb 8 19:37:47.099: %DOT11-6-DFS_SCAN_START: DFS: Scanning frequency 5700 MHz for 60 seconds. ~ *Feb 8 19:38:21.751: %MESH-4-NO_POTENTIAL_PARENT: There are no potential parents *Feb 8 19:38:24.751: %MESH-4-NO_POTENTIAL_PARENT: There are no potential parents *Feb 8 19:38:24.751: %MESH-6-LINK_UPDOWN: Mesh station 0021.a1f9.fa0f link Down *Feb 8 19:38:24.951: %MESH-6-ADJ_VIDB_LINK: Mesh neighbor 0021.a1f9.fa0f VIDB Virtual-Dot11Radio0 going down *Feb 8 19:38:24.955: %LINK-6-UPDOWN: Interface Virtual-Dot11Radio0 changed state to down10 *Feb 8 19:38:25.955: %LINEPROTO-5-UPDOWN: Line protocol on Interface Virtual-Dot11Radio0 changed state to down

Conditions : Mesh deployment using Releases 7.0.230.0, 7.2.104.31, and 7.3.112.0.

Workaround : None.

CSCue51812

Symptom : Clients do not associate with the access point, clients gain network access and roam frequently.

Conditions : Band select is configured with default parameters or with low values. For example, probe cycle is 1 and suppression window is 100 ms.

Workaround : Disable Band select when there are multiple clients.

CSCue88103

Symptom : Controller logs the following traceback message:

*apfMsConnTask_0: Feb 28 14:25:59.293: #APF-3-VALIDATE_DOT11i_CIPHERS_FAILED: apf_rsn_utils.c:841 Could not validate Dot11i security IE. Received an unsupported Multicast 802.11i OUI code from mobile.Mobile:00:11:22:33:44:55 -Traceback: 0x1019de50 0x1104434c 0x11049b30 0x10c12a28 0x12238810 0x122ab30

Conditions : Wireless client requests an invalid or unsupported encryption cipher during authentication.

Workaround : None.

CSCue99208

Symptom : config advance 802.11 {a | b} monitor noise command configurations are lost after reboot. The following messages appear:

Node ptr_rrmCfgData.rrm.noiseInterferenceInterval value = xxx is out of range for min = 0 and max = 168 Validation for node ptr_rrmCfgData.rrm.noiseInterferenceInterval failed indices for node are x

Conditions : Noise measurement interval is longer than 360 seconds.

Workaround : Configure the noise measurement interval between 60 and 360 seconds.

CSCuf03454

Symptom : Controller stops responding.

Conditions : Web pass-through clients are anchored from foreign controller to anchor controller.

Workaround : Reboot the controller.

CSCuf52235

Symptom : After you upgrade to Release 7.4, global user idle timeout is not used and all WLANs have an individual default user idle timeout of 300 seconds.

Conditions : Controllers using Release 7.4

Workaround : Configure the user idle timeout for each WLAN.

CSCuf54559

Symptom : Controller stops responding.

Conditions : When you use the show mdns profile detailed default-mdns-profile command.

Workaround : Do not use this command.

CSCui30568

Symptom : Cisco WiSM2 in HA pair on Release 7.4.100.60 consistently keeps getting this error message every minute.

415 Wed Jul 24 13:52:28 2013 RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbApfMsDelete 416 Wed Jul 24 13:52:27 2013 RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbApfMsDelete 417 Wed Jul 24 13:52:27 2013 RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbApfMsDelete 418 Wed Jul 24 13:52:27 2013 RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbApfMsDelete 419 Wed Jul 24 13:52:27 2013 RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbApfMsDelete 420 Wed Jul 24 13:52:27 2013 RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbApfMsDelete 421 Wed Jul 24 13:52:27 2013 RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbApfMsDelete 422 Wed Jul 24 13:52:27 2013 RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbApfMsDelete 423 Wed Jul 24 13:52:27 2013 RF failure notification ErrorType: 32 Reason :Error: Config Sync failed on Standby for the usmdb:HA_send_usmDbApfMsDelete

Conditions : Unknown.

Workaround : None.

Further Problem Description : At present, this issue does not impact normal services and an HA failover works as expected. There are a total of 820 Cisco APs in this deployment and there are a couple of interference and load profile failures.

CSCui33284

Symptom : Upon attempting to the Open Authentication SSID that has MAC Filtering enabled, substantial packet loss is observed at a mobile endpoint. This packet loss can result in no-redirect for a client and marginal connectivity issues for the mobile endpoint.

Conditions : Open Authentication on the SSID with MAC Filtering enabled.

Workaround : If a client disconnects and then reconnects to the SSID, this has proven to temporarily mitigate the issue.

CSCui45546

Symptom : DTIM count randomly sets to ‘zero’ for Cisco AP1140 and AP1040.

Conditions : Random radio hardware issue mostly seen in dense RF environments. Easily seen for DTIM period configuration 180-255.

Workaround : Use another Cisco AP platform.

CSCui48291

Symptom : FlexConnect AP drops from the Cisco WLC and stops receiving traffic on GigabitEthernet0 interface until rebooted. At the time this issue is observed, the switchport connected to the Cisco AP remains operational and transmits and receives packets. The switch sees the Cisco AP as a CDP neighbor. When you access the Cisco AP console, the LAN interface is operational and transmits packets, but does not receive packets.

Conditions :

• Cisco AP3502 or AP1260 AP in FlexConnect mode.
• Native VLAN ID does not match native VLAN on trunk to AP.
• Cisco WLC using Release 7.3.112.0.

Workaround : Reboot the affected Cisco AP.

CSCui55350

Symptom : The following messages are displayed continuously:

-Traceback: 0x10c31374 0x10c8a6a4 0x10c9ea08 0x10c94748 0x10c402d8 0x12283850 0x122f634c *rmgrMain: Aug 08 09:49:21.902: #OSAPI-5-MUTEX_UNLOCK_FAILED: osapi_sem.c:1036 Failed to release a mutual exclusion object. invalid(NULL) pointer passed. -Traceback: 0x10c30d9c 0x10c8a7f4 0x10c9ecf8 0x10c95d4c 0x10c402d8 0x12283850 0x122f634c *rmgrMain: Aug 08 09:49:21.902: #OSAPI-4-MUTEX_LOCK_FAILED: osapi_sem.c:1179 Failed to acquire a mutual exclusion object. invalid(NULL) pointer passed.

Conditions :

• Cisco WLC Release 7.5
• AP SSO is in enabled state

Workaround : Change the log level to filter out those messages—On the Cisco WLC GUI, choose MANAGEMENT > Logs > Config > Msg Log Configuration.

CSCui65225

Symptom : The 802.11k assisted roaming neighbor report is not returned upon a client request when the WLAN is mapped to an AP group. The following is the sample output of 802.11k debugs:

(“”debug 11k all enable””): *apfMsConnTask_5: Aug 13 23:52:10.512: Received NEIGH_REQ from ms xx:xx:xx:xx:xx:xx d.token 14 *apfMsConnTask_5: Aug 13 23:52:10.512: Client WLAN 1 is not enabled for 802.11k neighbor list request request d.token 14 ignored

Conditions :

• Cisco WLC using Release 7.4.110.0 or 7.5.102.0
• 802.11k neighbor list enabled on the WLAN ( config wlan assisted-roaming neighbor-list enable wlan-id
• AP groups are in use and the global WLAN ID does not match the position of the WLAN in the AP group configuration.

Workaround : Use 802.11k on WLAN with an ID that is less than or equal to 16 either in the default group or where the AP group is configured to keep the WLAN in the same position as the global WLAN ID; for example, WLAN ID 2 is the second WLAN in the AP group.

CSCui65855

Symptom : Cisco WLC sends traffic from the virtual interface IP address onto the wired network outside of the CAPWAP tunnel.

Conditions :

• Clients connect to WLAN using an interface group
• Cisco 5508 WLC with LAG in enabled state.

Workaround : None.

CSCug04683

Symptom : Traceback appeared on the message log.

Conditions : Unknown.

Workaround : None.

CSCui73517

Symptom : Radio interface reset when the FlexConnect AP returns to the connected mode from the standalone mode.

Conditions : This issue tends to occur if the Cisco AP moves to the secondary Cisco WLC from the primary Cisco WLC after AP continues to join to the primary one for a long time.

Workaround : None.

CSCui73764

Symptom : Cisco 1240 and 1130 Series APs—DHCP does not work with FlexConnect and VLAN Native 2.

Conditions :

• FlexConnect local switching
• Cisco 1240 or 1130 Series APs
• Cisco WLC Release 7.4.121.0 or earlier releases
• VLAN Native 2
• User unable to get IP address and to connect to the network

Workaround : Change the native VLAN to an unexpectedly higher number, so no WLAN will ever get mapped to a bridge group number that high.

Further Problem Description : Telnet to the FlexConnect mode AP. Example: VLAN3 is the native VLAN on the FlexConnect mode AP. The AP is correctly mapped to bridge group 1. The WLAN that does not work is the one that is mapped to VLAN2. VLAN2 is mapped to bridge group 3 (see below). This is the instance where the issues is encountered. It can be any WLAN-VLAN-Native VLAN combination.

CSCui75794

Symptom : The foreign Cisco WLC does not respond to ARP from foreign export client to a local client being on the same VLAN.

Conditions :

• Client1 associates to Cisco WLC1 (local)
• Client1 does an L3 roam to Cisco WLC2 (Cisco WLC2 is foreign and Cisco WLC1 is the anchor)
• Client2 associates with Cisco WLC2 (local)
• Initiate traffic, that is ping from Client1 to Client2

Workaround : None.

CSCui77735

Symptom : Cisco 8510 WLC using Release 7.3.112.0 stopped working on taskname SNMPTask.

Conditions : claPriorityOrder is set to 0 in SNMP set on Cisco Flex 7510 WLC, Cisco 8510 WLC, and Cisco vWLC.

Example:

snmpset -v2c -c private 83.83.83.22.1.3.6.1.4.1.9.9.598.1.1.1.1.2.1 u 0 snmpset -v2c -c private 83.83.83.22.1.3.6.1.4.1.9.9.598.1.1.1.1.2.2 u 0 snmpset -v2c -c private 83.83.83.22.1.3.6.1.4.1.9.9.598.1.1.1.1.2.3 u 0 2.1 = Local 2.2 = Radius 2.3 = TACACS 0 1 2 = priority. 0 = None - where crash is happening. 1 2 = Either first or second (8510-2) >show aaa auth Management authentication server order: 1............................................ local 2............................................ radius On 5508 value of 0 will be taken. The box won’t crash.

Workaround : Do not set claPriorityOrder to 0 when this MIB is used.

CSCui87160

Symptom : Cisco 5500 Series WLC stopped working due to an issue with the kernel.

Conditions : Memory leak.

Workaround : None.

CSCui94634

Symptom : Cisco APs in FlexConnect local switching mode with VLAN mapping dissociate from the Cisco WLC when an ACL is applied to one of the VLANs. Once ACL is pushed, CAPWAP UDP processing become sluggish and retransmissions of packets from the Cisco WLC are not as per expectations with duplicate sequence number errors. Eventually, this state causes a DTLS timeout and the rejoin process on the Cisco AP fails over and over with same issue. It appears that the issue is related to incorrect CAPWAP private configuration as the actual content of the ACL does not matter. The issue occurs immediately at the point when the ACL is pushed.

Conditions :

• FlexConnect mode APs with VLAN mappings and FlexConnect ACL.
• When AP is on low free flash space

Workaround : Do not apply ACL to the Cisco AP. Use another enforcement point if required. A reimage of the Cisco AP with 15.2 recovery image.

CSCuj13054

Symptom : Cisco WiSM2 stopped working after an upgrade from Release 7.3.101.0 to 7.4.110.0.

Conditions : Upgrade.

Workaround : None.

CSCuj15593

Symptom : Backed up Cisco WLC configuration with RF profile commands cannot be uploaded to another Cisco WLC.

Conditions : Cisco WLC configuration with RF profile commands.

Workaround : Open the configuration file in a text editor and find the commands related to RF profile

This issue occurs when the commands for RF profile data rates, transmit power, and so on, occur before the command that actually creates the RF profile. For example, you may see something like this:

config rf-profile data-rates 802.11a mandatory 6 test

config rf-profile data-rates 802.11a supported 9 test

config rf-profile create 802.11a test.

Move the create command before any of the other commands related to the RF profile. Therefore, the above should be changed to the following:

config rf-profile create 802.11a test

config rf-profile data-rates 802.11a mandatory 6 test

config rf-profile data-rates 802.11a supported 9 test

Download the new configuration to the Cisco WLC.

Further Problem Description : Cisco WLC Release 7.4.110.0. Create a configuration backup with RF profile configuration and then upload it to another Cisco WLC. The operation fails with the following message displayed:

CSCuj26067

Symptom : Sporadically, RADIUS authentications to certain Cisco APs in FlexConnect mode fail while other authentication methods on the same Cisco AP are unaffected.

Conditions : Cisco 8510 WLC using Release 7.4.110.0. Cisco AP3600 in FlexConnect mode configured in a FlexConnect group with a ‘backup RADIUS’ server pointing to a Microsoft NPS RADIUS server.

Workaround : Reloading the Cisco AP corrects the issue for some time.

CSCuj35236

Symptom : Changing a parameter on an SSID causes issue in FlexConnect APs if another SSID exists with a different profile.

Conditions : FlexConnect multiple WLANs with the same SSID.

Workaround : None.

CSCuj45983

Symptom : When the Cisco WLC gets a CoA (Change of Authorization) RADIUS message, for example from ISE, the Cisco WLC sends a deauthentication to the client and move the client to DHCP_REQ state. Unless “DHCP Required” is disabled on the WLAN, this means that the client will then be disconnected unless it performs a new DHCP request. With “debug client” in effect on the Cisco WLC, the following message will be seen:

Conditions : Cisco WLC is using CoA from RADIUS and has DHCP Required on the WLAN. Client is one that does not reliably re-DHCP upon 802.11 deauthentication; some Windows 7 and Mac OS X systems have been seen to have this problem.

Workaround : For a single VLAN system (same VLAN before and after CoA), disable DHCP Required. For some client types, you might be able to reconfigure them to make sure that they re-DHCP as needed. For example, on a Windows 7 system, perform the following:

1. In the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces registry path, create a DWORD value named as ?UseNetworkHint? and set it to ?0?.

2. Restart the DHCP client service by executing the following commands from elevated command prompt:

net stop dhcp

net start dhcp

An alternative might be to use two VLANs, one a pre-CoA and the other a post-CoA. The DHCP leases for the pre-CoA scope might be set with very short lease durations such as 30 seconds. This should trigger a more timely DHCP lease renewal from the client so that it can regain access to the network after the CoA event.

CSCuj58556

Symptom : Cisco AP disconnects from the primary WLC and moves to the secondary WLC due to memory allocation.

Conditions : Unknown.

Workaround : Reboot AP.

CSCuj58625

Symptom : Cisco WLC unresponsive with local EAP-FAST in use.

Conditions : Cisco WLC is performing local EAP-FAST.

Workaround : Use an external RADIUS server.

CSCuj70166

Symptom : AP dissociates from Cisco WLC when %DOT11-2-NO_CHAN_AVAIL_CTR occurs.

Conditions : %DOT11-2-NO_CHAN_AVAIL_CTR occurs after DFS detects.

Workaround : None.

CSCuj74920

Symptom : A client roam between two Cisco WLCs can fail intermittently making the client to be part of the VLAN originally mapped to the WLAN; for example two Cisco WLC serving clients, WLAN mapped to VLAN x, RADIUS assigned to VLAN y; intermittently, client can be put on VLAN x during roams between WLC1 to WLC2.

Conditions : When a client roams between two Cisco WLCs.

Workaround : None.

Further Problem Description : Debug example:

CSCuj84379

Symptom : Cisco WLC stops responding and then reboots.

Conditions : When ad hoc rogue detection is enabled.

Workaround : Disabling ad hoc rogue detection is a potential workaround.

CSCuj83637

Symptom : Following an HA failover, the service port on the active Cisco WLC that is configured to get its IP address through DHCP loses connectivity after the DHCP lease expires (or the DHCP renew is forced through the config interface dhcp service-port { enable | disable } command).

In case of Cisco WiSM2, this connectivity issue might cause the Cisco WLC and Catalyst 6000 to fail to exchange WCP keep-alives. Thus, the show wism status command shows the active module to be not operational.

Conditions :

• Cisco WLC or Cisco WiSM2 using Release 7.4.110.x or Release 7.5.102.0 in an HA environment
• The service port is configured for DHCP
• The issue is seen after the following events happen in the specified order:
• HA failover
• Service port DHCP lease expiry

Workaround : Configure a static IP address for the service ports on both peers and force an HA switchover.

From the active Cisco WLC, enter the following commands:

config interface dhcp service-port disable

config interface address service-port addr1 netmask

config redundancy interface address peer-service-port addr2 netmask

redundancy force-switchover

Forcing a switchover might disconnect all the clients and any mesh APs in Release 7.4.X. Therefore, we recommend that you perform this workaround during a maintenance window.

CSCul15555

Symptom : A CCKM client associated with a FlexConnect AP using Cisco WLC Release 7.4.110.0 (local switching/central authentication) might lose IP connectivity soon after a successful CCKM roaming while remaining associated with the AP. On Cisco WLAN phone, the symptom is often seen as a two-way voice outage, phone stuck in “requesting DHCP” state. On the AP side, a radio level debugging shows decryption errors.

Conditions : Cisco WLC/AP using Release 7.4.110.0; FlexConnect local switching and central authentication; frequent CCKM roaming events including interband roaming.

Workaround : The issue recovers soon after the client roams to another AP.

Further Problem Description : This is not a persistent issue; normally, the client can then roam back to the AP without any issues.

CSCuj93777

Symptom : In very rare situations, there is a racing condition that data packets are sent before switchport receiving BPDU packets from the wireless side cause MAC address flapping.

Conditions : STP to break network loop mesh AP reboot or moving between RAPs intensive packets flooding in network to cause packets are sent before BPDUs are propagated.

Workaround : None.

CSCuj91880

Symptom : Captive Portal pops up even when Captive Portal Bypass is enabled for certain clients such as Samsung Galaxy Note 3 (using JellyBean 4.3) or MS Surface Pro (Windows 8).

Conditions : This issue occurs only for some client such as Surface Pro and Samsung Galaxy Note 3 when trying to provision the clients on a dual SSID BYOD Provisioning Setting.

Workaround : None.

CSCuj97293

Symptom : Cisco WLC stops responding when the show local-auth certificates commands is entered.

Conditions : Unknown.

Workaround : None.

CSCul16796

Symptom : Client is using PEAP; the EAP handshake fails when the Cisco vWLC needs to send the server certificate.

Conditions : Using a Cisco vWLC and an EAP method that requires certificates. The path MTU between the Cisco vWLC and the Cisco AP is 1200 bytes or less.

Workaround : Increase the path MTU.

Further Problem Description : This is a regression; the issue was not observed in Release 7.4.X.

CSCul16911

Symptom : Cisco APs disconnect from the Cisco WLC due to DTLS errors.

Conditions : Cisco AP disconnects.

Workaround : None.

CSCul25617

Symptom : When you try to enable AP Management on dynamic interface, the “Failed to Add MDNS profile” message is displayed.

Conditions : Not applicable.

Workaround : None.

CSCul42704

Symptom : Rogue APs are mistaken as infrastructure devices. Thus, the wIPS alarms such sa deauthentication spoofed MAC address are falsely triggered later.

Conditions : Rogue devices that are not associated with Cisco AP send data packet such as data null to Cisco AP. This causes wIPS to falsely recognize rogue devices as part of infrastructure devices.

Workaround : None.

CSCul43813

Symptom : Performing a filter using either “WLAN Profile” or “WLAN SSID,” multiple clients and pages are displayed. The first page shows the maximum allowable information for that page. However, when you want to navigate to the subsequent pages, a “No clients found” message is displayed.

Conditions : Include either “WLAN Profile” or “WLAN SSID” as the filter option.

Workaround : None.

CSCuj89107

Symptom : Cisco WLC stopped working with the Task Name: spamApTask7 on Release 7.4.115.0.

************************************************************ * Start Cisco Crash Handler * ************************************************************ Sys Name: WLC-Campus-9 Model: AIR-CT5508-K9 Version: 7.4.115.0 Timestamp: Wed Oct 16 15:47:22 2013 SystemUpTime: 0 days 1 hrs 20 mins 41 secs signal: 10 pid: 1070 TID: 1030415184 Task Name: spamApTask7 Reason: System Crash si_signo: 10 si_errno: 0 si_code: 128 si_addr: 0x0 timer tcb: 0x845 timer cb: 0x10e76e80 (‘alarmSendMsgToMsgTask 48’) timer arg1: 0x0 timer arg2: 0x0 Long time taken timer call back inforamtion: Time Stamp: Wed Oct 16 14:45:33 2013 timer cb : 100ee078p(‘apfMsSessionExpireCallback 456’) Duration : 745922 usecs cbCount= 5 ------------------------------------------------------------ Analysis of Failure: Software Failed on instruction at : pc = 0x102bd2f0 (usmDbSpamGetUpTime 72) ra = 0x10dd0d70 (usmDbSpamGetUpTime 72) Software Failed while accessing the data located at :0x0 ------------------------------------------------------------ System Stack Frame 0: 0x10012e90 create_crash_dump 7156 Frame 1: 0x10011c88 create_crash_dump 2540 Frame 2: 0x10007cfc sigsegv_handler 6168 Frame 3: 0x3d6acea0 license_xos_thread_create 730498928 Frame 4: 0x102bd2f0 spamGetUpTime 88 Frame 5: 0x10dd0d70 usmDbSpamGetUpTime 72 Frame 6: 0x10be4b9c trapMgrLwappApAssociatedTrapSend 372 Frame 7: 0x10452098 acPostDecodeConfigRequest 1816 Frame 8: 0x10459740 acCapwapSmInit 18536 Frame 9: 0x1045338c acPostDecodeConfigRequest 6668 Frame 10: 0x10460b3c capwapAcStatemachine 532 Frame 11: 0x10f86254 spamApReceiveTask 668 Frame 12: 0x10b07be8 osapiTaskAppKeySelfSet 304 Frame 13: 0x12020500 license_xos_thread_create 2211280 Frame 14: 0x12080eac license_xos_thread_create 2606972

Conditions : Unknown.

Workaround : None.

CSCul72669

Symptom : Lightweight Cisco AP might not send out deauthentication messages to an existing client before 802.11 radio interface reset by RLDP although debug dot11 mgmt msg command outputs indicate the messages are sent out.

Conditions : RLDP is enabled on a lightweight Cisco AP.

Workaround : Disable RLDP.

CSCul78541

Symptom : AAA override client gets assigned to dynamic interface on roam.

Conditions : As an extension to CSCui50515 on Release 7.4.X, WLAN using WPA2 AES, MAC Filter PSK, AAA override gets defaulted to dynamic interface on WLAN instead of AAA overridden VLAN value upon a roam. The Cisco APs are in local mode and associated with the same Cisco WLC. A new association to the Cisco AP or removing client entry from the Cisco WLC resolves the issue and the client gets AAA overridden VLAN again when fast-SSID change is disabled.

Workaround : Enabling fast-SSID change resolves the issue and assigns the client the correct AAA-override VLAN on roam.

CSCuf74326

Symptom: On successful installation of Cisco WLC licenses access points are unable to join the controller as the web-user interface displays supported access points as none. However, when you execute the show license summary command using the CLI, the exact count of licenses in use is displayed.

Conditions: Occurs when you install adder license file on the controller without installing the base licenses.

Workaround: Contact Cisco Support for installing the base licenses of the controller.

CSCuf77488

Symptom: The FT and LT detection time for an alarm is ahead or later than the AP clock. This is causing a delay in NCS to detect the alarm.

In Cisco NCS you will not see the alarm until the actual AP time matches the time reported in the FT.

Conditions: This occurs in Cisco Wireless LAN Controller 5508 series with release 7.0.235.3, and Cisco Aironet 3500 series wIPS ELM mode, MSE 3350 on release 7.0.201.204.

Workaround: None.

CSCuf77821

Symptom: A vulnerability in the web interface of the Cisco Wireless LAN Controller (WLC) could allow an unauthenticated remote attacker to execute a cross-frame scripting (XFS) attack. An attacker could exploit the vulnerability of insufficient HTML iframe protection and can direct users to an attacker-controlled web page with a malicious HTML iframe. The application allows users to perform certain actions via HTTP requests via iframes without performing any validity checks to verify the requests.

Conditions: Device configured with default configuration.

Workaround: None.

CSCug14709

Symptom: In Cisco WLC Release 7.4, the Cisco WLC does not respond when an “airespace wlan-identifier” attribute is sent back in an access-accept by the RADIUS server.

Conditions: This issue exists in the Cisco WLC Release 7.4.

Workaround: Use another mechanism to restrict SSID access.

CSCug14713

Symptom: RADIUS accounting update is seen twice from the controller when initial authentication occurs for RADIUS NAC-enabled WLAN.

Conditions: This issue occurs when RADIUS NAC is enabled.

Workaround: None.

CSCug19563

Symptom: Wism2 secondary controller DP crashed due to a deadlock in high availability configuration while boot and synchronization with the primary controller.

Conditions: The secondary controller DP crash occurs only when there are multiple reboots of the controller in a high availability configuration. The controller recovers after the reboot.

Workaround: None.

CSCug21736

Symptom: Cisco LAP1131 and LAP 1132 access points may experience a memory leak when a SIP phone roams from one access point to another while in an active call. This issue occurs when the handset sends multiple re-association messages when connecting to the new AP while in roaming. As a result of this bug, an authenticated adjacent attacker can trigger a memory loss and eventual cause the AP to reboot.

Conditions: SIP Handsets that send multiple reassociation messages when roaming can trigger this issue.

Workaround: None.

CSCug26521

Symptom: When using controller with Release 7.4 and DHCP proxy enabled, the packets were dropped during inspection because the option 255 is missing in the DHCP request packets sent out by the controller.

Conditions: This issue occurs in the Cisco Wireless LAN Controller using release 7.4.

Workaround: Convert the DHCP opt 82 format from binary to ASCII value using the config dhcp opt-82 format ascii command.

CSCug38794

Symptom: Cisco WiSM2 stops working and then reboots.

Conditions:

• Buffer corruption
• Low frequency issue, under investigation

Workaround: None.

CSCug40463

Symptom: A Cisco AP might stop transmitting traffic after several days with a switch port speed/duplex misconfiguration.

Conditions: This issue exists on Cisco Aironet 2600 Series access points that are associated with a controller using software release 7.3.112.0 or with an autonomous Cisco IOS software release15.2(2)JA. The default Ethernet interface of the Cisco Aironet 2600 series access points is auto/auto; and switch port: duplex full/ speed 100.

Workaround: Correct the speed/duplex misconfiguration in a manner that the configuration match the access point and the switch port.

CSCug57436

Symptom: In Cisco 3502 mesh access point the bridging does not exclude gig0 failing to join over radio.

Conditions: Cisco 3502 Mesh when configured as a map with the bridging enabled connected behind a switch and a reboot on the map happens.

Workaround: You must shut down the switch port so that the access points will join over the radio interface.

CSCug64950

Symptom: Modification of the access point group to a RAP which is currently connected through the radio backhaul interface—RAP in MAP mode as the wired uplink is down strands the RAP.

Conditions: Occurs when a Cisco mesh access point such as 1552 or 1522 operates as an access point (root) without any wired backhaul interface available. This issue exists on the Cisco Wireless LAN Controller using release 7.0.x.

Workaround: You must clear the CAPWAP private configuration using the clear capwap private-config command and reboot the access point.

CSCug73845

Symptom: Cisco Wireless LAN Controller NAS-identifier override is taking system name instead the NAS-identifier configured on an access point group, WLAN, or interface.

Conditions: Configure an AP group, WLAN, or interface NAS-ID.

Workaround: None.

CSCug88172

Symptom: Cisco Aironet 1600 series access points transmits TKIP packets with MIC errors. The errors are reported and traffic disrupted. The following message log is displayed:

Conditions: This issue exists on Cisco Aironet 600 series access points that use TKIP encryption method.

Workaround: You must ensure sage of AES encryption methods instead of TKIP encryption methods.

CSCug92421

Symptom: Controller reports stale client entries in large numbers.

Conditions: This issue exists on Cisco Wireless LAN Controller when numerous clients use FlexConnect access point local authentication while in connected mode.

Workaround: Do not use FlexConnect local authentication while in connected mode.

CSCug73660

Symptom: Cisco Aironet 1600 series access points should have 17dbm of transmission power on one antenna and transmission power up to 22dbm with three antennas. However the show controllers command output displays that power level 1 is 13dbm on 3 antennas (8dbm per antenna). The output displayed is correct for the given AP/domain/radio/channel. However, modifying the antenna gain has no effect on the transmission power.

Conditions: This issue exists in the Cisco Wireless LAN Controller release 7.4.100. European regulatory domain in countries where the expected power level is 17.

Workaround: You must configure the radio to reduce its power as required if the configured antenna gain would cause the EIRP to exceed regulatory limits.

The maximum power allowed is dependent upon:

1. The AP model

2. The AP domain

3. The radio

4. The specific channel in use

5. The number of antennas in use

6. The configured antenna gain

To find the specific allowed power levels of interest, see the Channels and Maximum Power Settings document for the selected AP. On verification for the document, you will find that the maximum power settings are correct—except that the configured gain does not limit the allowed power. This bug is thus fixed by having the configured antenna gain limit the transmit power.”

CSCug83271

Symptom: Cisco Virtual Wireless LAN Controllers fail to properly implement virtual CPU access control lists that have been configured to restrict access to the private virtual management address.

Conditions: This issue exists on Cisco Virtual Wireless LAN Controllers with controller software release 7.4.

Workaround: None.

Further Problem Description: This issue does not allow an intruder to bypass any forms of authentication. However, if an attacker accesses the private virtual management interface, the controller prompts them to provide valid credentials to gain access.

CSCug86995

Symptom: Configuration of an external NAT IP state and address in management interface using the Cisco WLC GUI is available in SRE controller. However, access points in public domains cannot join the controller as the discovery response of the controller includes only the private address of the controller. To enable or disable NAT IP address for access point discovery, you must use the config network ap-discovery nat-ip-only {enable | disable} command in the command line interface of the controller.

Conditions: None.

Workaround: Refrain from placing the SRE-WLC behind NAT even though the controller web UI allows you the configuration. This configuration is currently unsupported in the controller.

CSCuh11409

Symptom: A RAP connected through radio backhaul interface while the wired backhaul interface is down can be stranded by manually disabling the 11a backhaul interface. The controller should prevent this configuration to be pushed as in Mesh APs (role MAP).

Conditions: This issue exists on Cisco Wireless LAN Controller using release 7.0.240.4 with Mesh AP (tested with 1552 and 1522 models) in role Root AP with no wired backhaul interface available.

Workaround: Use the clear capwap private-config reload command to clear the CAPWAP private configuration using the command line interface.

CSCuh16842

Symptom: Client gets IPv6 address from different VLAN.

Conditions: This issue occurs due simultaneous occurrence of the following:

1. Interface group

2. Client sends traffic from either the static IP address or a previously allocated IP address.

3. Client traffic does not matching the traffic received by the assigned VLAN initially. The following message will be displayed when this occurs “Overriding interface of client from ‘vlan20’ to ‘vlan30’ within interface group ‘vlan20-30’”.

Workaround: Use DHCP required to join a VLAN.

CSCuh20155

Symptom: A Cisco Aironet 3600 or 2600 series access points fail to boot the Cisco IOS software and the access point stays at the boot loader prompt —the ap prompt.

Conditions: The Cisco AP moves to standalone mode and is power cycled.

Workaround: Perform the following steps:

1. Initialize the Cisco AP, to do this enter the ap: flash_init command at the ap prompt.

2. Reboot the access point to load a new image, to do this enter the ap: boot command at the ap prompt.

3. Upgrade the bootloader of the access point to the Autonomous AP IOS Software release15.2(4)JA1 or later.

To upgrade the bootloader:

Copy the bootloader image onto AP flash. To do this, execute the copy flash:/BOOTLOADERFILENAME bs: command at the ap prompt.

CSCuh42665

Symptom: Cisco Wireless LAN Controller sends incorrect information while detecting rogue access points using traps.

Conditions: This issue exists only in the Cisco Wireless LAN Controller using Release 7.4.

Workaround: None.

CSCuh46355

Symptom: Cisco Wireless LAN Controllers that have been configured for high availability may crash when a second node is added to the HA cluster. The error message displayed indicates a crash in SNMPTask.

Conditions: This issue exists for Cisco Wireless LAN Controllers that use an affected version of controller software release is configured for high availability.

Workaround: None.

CSCuh46996

Symptom: Wired device such as scale behind a third party bridge device fails to get an IP address.

Conditions: This issue occurs when third party bridge is associating to an access point in the HREAP/FlexConnect local switching mode and controller uses a software release later than the release 7.0.116.0.

Workaround: None.

CSCuh47502

Symptom: Controller displays non-valid scrolling messages.

Conditions: This issue occurs when the debug of DHCP messages that are exchanged to and from the DHCP server is enabled.

Workaround: Disable the debug of DHCP messages that are exchanged to and from the DHCP server using the d ebug dhcp message disable command in the controller command line interface.

CSCuh50505

Symptom: WiSM2 controller crashes and reboots.

Conditions: This issue occurs when TPCv2 is enabled in the WiSM2 controller.

Workaround: You must disable TPCv2.

CSCuh52238

Symptom: Controller detects false positive Dynamic Frequency Selection Detections (DFS) owing to signals transmitted by Broadcom radios.

Conditions: Clients trigger DFS detections due to spurious emissions. This commit tracks additional filtering Cisco can do from their side to help with DFS falsifying. The commit as per customer site information helps with DFS falsifying about 30% of the time. Broadcom is also working on a fix from their side as well to fix the root issue.

Workaround: You must use non-DFS channels for transmission.

CSCuh56733

Symptom: Cisco Aironet 1550 series access points are unable to configure transmit power greater than 20dbm while in autonomous mode.

Conditions: Unknown.

Workaround: None.

CSCuh68059

Symptom: Cisco Aironet 1300 and 1400 series Access Points crashes after some period of operation. The crash file reports an error in the REAP process and occurs when a heavily loaded access point performs a cleanup of the time-out sessions.

Conditions: Cisco Aironet 1300 and 1400 series APs connected to a Cisco Wireless LAN controller using an affected version of controller software release.

Workaround: None.

Further Problem Description: This issue is specific to the affected access points and is not triggered by any external means. The crash occurs on APs that are heavily loaded and experience a significant number of connections which are timed-out.

CSCuh72474

Symptom: Controller marks an interface in a group as dirty even when a response is received from the DHCP server. This issue is observed when clients insist on requesting an IP outside of their connected interface range in a flood (more than 100 DHCP request in the same second). The DHCP server start slowing down the responses as a result of this flood. The interface gets marked as Dirty as the dirty marking is based on requests without responses.

Conditions: Clients insist on requesting an IP address outside their range using flood way.

Workaround: None

CSCuh76898

Symptom: Client communication fails when access point joins a controller and then tries to join another controller while in FlexConnect local switching mode with disabled VLAN support.

Conditions: None.

Workaround: Turn on/off the radio of the client adapter.

CSCuh97457

Symptom: Controller displays incompatibility behavior on Cisco controller incompatibility behavior on Change-of-authorization (CoA) for RFC 3576 implementation and shows the debug output error 'RFC-3576 Disconnect-Request' which indicates that session identification attributes are invalid. The following error message is displayed:

Conditions: Change-of-authorization (CoA) on the controller.

Workaround: The controller accepts the disconnect request when the three AVP pair attributes are sent— Calling-Station-ID MAC address of device (lower case works), Service-Type Login-user, and the Called-Station-ID (upper case MAC of AP SSID separated by colons).

CSCuh99194

Symptom: A client's first attempt to associate is unsuccessful; the second attempt is successful.

Conditions: This issue occurs when the maximum number of clients per AP radio is configured on each Cisco Aironet 1142 series Access Point.

Workaround: None.

CSCui09037

Symptom: Update for Client IP on controller does not happen after the 7.3.101.0 software release upgrade.

Conditions: This issue exists in Cisco Wireless LAN Controller release 7.3.101.0 when WLAN is used for a locally switched H-REAP RADIUS authentication of mobile device when the DHCP server is central.

Workaround: You must wait for 20 to 30 minutes for synchronization to complete.

CSCui15110

Symptom: After adding a WLAN to an AP group, the WLAN properties cannot be edited on the AP VLAN mapping page when the AP is in FlexConnect mode.

Conditions: This issue occurs when you disable WLAN before adding it to the AP group.

Workaround:

1. Enable the WLAN before adding to AP group.

2. Add another enabled WLAN.

3. Reboot the Cisco AP.

CSCui18377

Symptom: Crash errors, traceback conditions, and radio reset errors displayed in Cisco Aironet 1240AG series after the controller upgrades to software release 7.4.100.60.

Conditions: This issue exists on Cisco Wireless LAN Controller while upgrading to the 7.4.100.60 software release.

Workaround: None.

CSCue42242

Symptom : When the Cisco WLC detects more than 21 ad hoc rogues, the web GUI shows only the first 20 entries (first page).

Conditions : Path on the web GUI: Monitor > Rogue > Adhoc Rogues and click on “Unclassified Adhoc” or “Custom Adhoc”.

The first page shows correctly, but it is not possible to browse to the subsequent pages.

Workaround : Use the show rogue adhoc summary command on the CLI.

CSCuf56192

Symptom : Unable to delete an mDNS profile.

Conditions : When the mDNS profile is mapped to an interface and the interface is deleted.

Workaround : Before deleting the interface, detach the profile and then delete the interface.

CSCuc72713

Symptom : Static IP on clients working with interface group VLAN select feature gets assigned to an incorrect interface.

Conditions : Though the static IP subnet exists as a valid interface, it does not get overridden to the correct subnet interface and gets marked into mac-hash interface and the client is unable to pass traffic.

Workaround : Enter the config ipv6 disable command.

CSCuj12935

Cisco WiSM2 stopped working on Release 7.4.110.0 with memory allocation issues at load

CSCuh81880

A vulnerability in the CAPWAP protocol of the Cisco Wireless LAN Controller Series of products could have allowed an unauthenticated remote attacker to cause a denial of service condition (DoS).

CSCul65002

Cisco WLC frequently stopped working silently @ewaFormSubmit_exp_list with Release 7.4.110.0

CSCul68057

CF driver change for Cisco 5500 Series WLC and Cisco WiSM2

CSCuh71233

FlexConnect Stress Test: SYS-2-INTSCHED - all interrupts disabled

CSCul50441

Cisco AP stopped working

CSCui11302

Write the image directly into flash

CSCuj88982

Multicast failed sometimes

CSCuj99846

Cisco WLC HA: Incorrect mesh AP count after an HA failover

CSCul20597

Local EAP stopped working after FTP configuration upload

CSCul55930

Cisco 8500 Series WLC stopped working

CSCud10611

Client exclusion notifications should have been sent only to Cisco APs in the group

CSCul25937

Trap Scale improvements required for client association

CSCul63384

Cisco WLC stopped working on Bonjour_Process_Task

CSCuj64462

Cisco AP radio flapping with CleanAir not in operational state

CSCue20209

CleanAir was unable to report interference

CSCue88466

SC2 radio firmware download failed CRC check cmd for certain image sizes

CSCui84582

Bcast queue was full when IGMP was in disabled state. “RX Multicast Queue Full”

CSCul30051

Clients failed authentication (PSK/802.1X) due to uncreated 802.1X interface for Cisco AP

CSCud69687

Cisco 5500 Series WLC: AP count was not reflected correctly in the output of the show ap summary command.

CSCul22530

Reaper unresponsive on Bonjour_Msg_Task

CSCui36121

Cisco AP stopped working in dot11_driver_timer_expiry() after AES-CCMP TSC replays

CSCui82573

Double AID allocation in OKC Fast Roaming in FlexConnect

CSCud09069

Unable to add IP mask with 0.0.0.0

CSCue49527

Cisco WLC should have deleted the session ID from PMK cache when a client was removed

CSCui50515

DHCP proxy selected an incorrect IP address after using cached AAA override values

CSCul16913

Massive AP radio’s transmission power changed when the system was overheated

CSCul26859

Cannot disable RADIUS authentication and accounting for WLAN using Cisco WLC GUI

CSCul27717

Cisco APs dissociated in a large scale setup when debug commands were used

CSCui66891

Marvell-based radio stopped working due to issues with multicast packets in driver

CSCuj36260

Could not disable mDNS snooping on WLAN with local switching after upgrade

CSCuj87123

Cisco WLC stopped working when license was being installed

CSCuf16416

802.11h client was deauthenticated in a non-DFS channel after a DFS simulation

CSCue59791

VPN performance on Cisco AP3600s was not as per expectations

CSCuj12898

Cisco WiSM2 stopped working on Bonjour_Msg_Task

CSCuh25556

Incorrect Fix Aggr Sched AVL tree stops working with design change to doubly-LL

CSCui26351

Default route to BVI1 might have stayed on routing table

CSCui43621

Cisco 1552E AP: FlexConnect gig fiber port did not pass DHCP to wireless client

CSCue25685

Wi-Fi Direct did not authenticate with Cisco 8500 Series WLC

CSCui25170

Cisco APs were unable to associate with the new Cisco WLC. The Management interface was not reachable (BUFFER_POOL_LOW_DETECTED).

CSCui55610

Incorrect status code returned for invalid FT IE MIC

CSCui58670

Cisco WLC sends M5 key with protected flag = 0 for an 802.11r SSID after a roam

CSCuj21417

AID leak caused stale client entries on Cisco WLC

CSCuj25911

Cisco WLC Release 7.4.110.0: RRM queue was full

CSCuj28718

Cisco WiSM2 using Release 7.4.110.0 stopped working with “osapiReaper” task suspended.

CSCud41334

MAP Ethernet bridged client did not work

CSCuj46010

DTLS connections were dropped regularly that caused APs to dissociate from Cisco WLC

CSCuj17884

Memory leak was observed on HA AP SSO

CSCuj18674

Captive Portal/WISPr support for Apple iOS7

CSCuc65606

Cisco WLC stopped working in spamreceive on Release 7.0.235.3

CSCud26706

HA: Peer service port routes were not shown after a switchover on Cisco 8510 WLC

CSCue34115

Cisco 1552C cable modem AP’s Gig Ethernet Link became nonoperational

CSCug53945

Disabled radio was enabled after AP reload when AP group used RF profile

CSCug97769

Device behind MAP was unreachable after a high AP uptime. Rebooting the AP fixed the issue.

CSCuh08009

WPA2-PSK MAC Filter assign interface was incorrect after a client roaming

CSCui05324

Cisco AP1242 AP radio stopped transmitting (Transmit Queues Are Full)

CSCui20773

Bcast queue was full (“RX Multicast Queue Full”)

CSCui25877

Cisco AP1600: Radio reset due to ‘AMPDU attempt without BA setup from host’

CSCui41685

Required show command support in Cisco WLC CLI for Reap Payload

CSCui59553

Required command to disable or customize dead GW detection for HA

CSCui60915

Mesh APs caused MAC flapping and loop on the switch

CSCul94742

Cisco WLC stopped working because of incorrect memory

CSCul58609

With AVC enabled, a dataplane exception issue was observed.