Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 7.5.102.0

7.0.x releases

You can upgrade directly to 7.5.102.0

Note If you have VLAN support and VLAN mappings defined on H-REAP access points and are currently using a 7.0.x controller software release that is prior to 7.0.240.0, we recommend that you upgrade to the 7.0.240.0 release and then upgrade to 7.5.102.0 to avoid losing those VLAN settings.

7.1.91.0

You can upgrade directly to 7.5.102.0

7.2.x releases

You can upgrade directly to 7.5.102.0

Note If you have an 802.11u HotSpot configuration on the WLANs, we recommend that you first upgrade to the 7.3.101.0 controller software release and then upgrade to the 7.5.102.0 controller software release.

You must downgrade from the 7.5.102.0 controller software release to a 7.2.x controller software release if you have an 802.11u HotSpot configuration on the WLANs that is not supported.

7.3.x releases

You can upgrade directly to 7.5.102.0

7.4.x releases

You can upgrade directly to 7.5.102.0

CSCui69732

Symptom : Platinum 802.1p tagging changed to 5.

Condition : Platinum 802.1p is tagged at 6 and an upgrade was performed to Release 7.5.102.0.

Workaround : Disable the networks and change the Platinum 802.1p tagging back to 6.

CSCui40233

Symptom : When upgrading from Release 7.3.x to Release 7.5.102.0, the primary controller gets upgraded while the secondary controller does not get upgraded because of an error of application timeout while transferring the image from the primary controller to the secondary controller. This causes the controllers to go to maintenance mode when rebooting after upgrade because of image mismatch.

Conditions : This issue occurs when HA is enabled and when you try to upgrade from Release 7.3.x to Release 7.5.102.0.

Workaround :

1. Unpair the HA controllers.

2. Upgrade the individual controllers to Release 7.5.102.0.

3. Pair up the controllers after they are upgraded.

Further Problem Description : This issue will not occur in future releases as the new images have the bug fixes and design changes, which will avoid this issue.

CSCuf35841

Symptom : Controller using Release 7.3.112.0, configured for new mobility, reverted to old mobility after upgrading to Release 7.5, even though Release 7.5 supports new mobility.

Condition :

• New mobility in use (compatibility with Cisco 5760 Wireless LAN Controller and Cisco Catalyst 3850 Series Switch)
• Old mobility mode is not affected

Workaround :

1. Enter the following commands:

2. After the reboot, press Esc on the console, and use the boot menu to select Release 7.5.

3. After booting on Release 7.5, revert to the primary boot, and save the configuration by entering the following command:

CSCui27029

Symptom : With maximum that is 64 IPv4 or IPv6 rules configured on the controller, and no Layer 2 ACL rules configured, web authentication clients are passing traffic in Web-auth required state.

The issue is not seen with 63 rules configured.

This issue occurs only when there is no ACL rule match.

Condition :

1. Only with maximum (64) IPv4 or IPv6 rules

2. No Layer 2 ACL rules configured on the client or WLAN

3. Web authentication clients in Web-auth required state

4. None of the configured rules match the incoming packet

5. Release 7.5

Workaround : Configure only up to 63 rules.

CSCsv54436

Symptom : While doing SSH to controller, it is sometimes denied with “Sorry, telnet is not allowed on this port.” If a retry is attempted immediately, the SSH connection is accepted. No changes are seen in between.

Condition : SSH connection is done from a different Layer 3 network.

This is breaking monitoring tools through SSH.

Workaround : Retry SSH connection.

CSCsy66246

Symptom : An 802.11n AP does not downshift rates for retries when Low Latency MAC is enabled. The AP sends 3 retransmissions, but the data rate for the retransmissions is the same data rate at which the initial packet was sent.

Condition : Using an 802.11n AP with Low Latency MAC enabled.

Workaround : Do not enable Low Latency MAC.

Update : The Low Latency MAC feature has been removed, for 802.11n APs, through CSCtc73527.

CSCtn52995

Symptom : FlexConnect: Reached the limit on the association ID for AP.

Condition :

1. Client 1 is associated to the controller with AID =1 on SSID x.

2. Client 1 sends 802.11 Auth frame on SSID y; at this point AID = 1 is freed at the AP. Auth frames are not honored at the controller; and the controller is not informed.

3. No association frame arrives from client 1 at SSID 2.

4. Client 2 associates with the AP and gets AID = 1.

5. AP updates the controller about client 2 and AID = 1; now, the controller adds duplicate entries and increments the count (controller already has client 1 AID = 1).

Counter gets incremented and reaching 256. It is due to the network conditions at the customer site in which the 802.11 authentication frames are sent (sometimes on different WLAN), but is not followed by association frames.

Workaround : None.

CSCtq32444

Symptom : When a port in a LAG goes down and then comes back up, the controller does not send a UP trap via SNMP.

Condition : Distribution ports are configured in a LAG, and an SNMP trap receiver is configured.

Workaround : Look in the traplog on the controller (using the show traplog command on the controller CLI) for the UP trap.

Further Problem Description : An attempt was made to fix this bug through CSCto58101, by delaying the transmission of the UP trap by 40 seconds. This attempted fix was implemented in Release 7.0.220.0; however, it caused the side effect that a dead port is not removed from the LAG (CSCtw56190, CSCtu13807), and therefore the CSCto58101 fix was rolled back in Release 7.0.230.0.

CSCtw67184

Symptom : Specific to Cisco Flex 7500 and 8500 Series Wireless LAN Controllers: While booting up, the following error message is displayed on the attached monitor or on serial console:

When the Space Bar is pressed, the system could not boot from the disk.

Condition : Cisco Flex 7500 and 8500 Series Wireless LAN Controllers. This system went through an accidental power interruption; that is, the power plug was pulled while the system was operational. After a reboot, the RAID card could not find its configuration in the Flash memory and therefore it could not boot.

Workaround : When this situation is encountered, you must enter the RAID management tool: WebBIOS. There are two versions of this tool: one that uses extensive menus and requires an attached monitor, and another that is based on the command lines (CLI).

The CLI version of the tool can be accessed from the serial console. A prompt for this is visible on a serial console right after the error message is displayed.

1. Enter the CLI version of the WebBIOS utility by pressing CTRL+Y and then enter the following command:

2. Reboot the server.

Further Problem Description : When the Space Bar is pressed, the system could not boot from the disk. During the boot process, the LSI WebBIOS loads as expected and shows two physical disks, but no virtual disks. It appears that it lost the RAID configuration that was present in the system.

The system went through an accidental power interruption, that is the power plug was pulled while the system was operational). After reboot, the RAID card could not find its configuration in the Flash memory and therefore it could not boot. The Flash configuration was affected due to the power interruption. The RAID card keeps a backup of the configuration on the hard drives. However, when the card loses the configuration information that is present in the Flash, it does not automatically pick up the backup configuration information from the hard drives. The information on the hard drives is considered a “foreign configuration” that requires user intervention.

At this time, the system waits for you to take action. Note that all the data on the hard drives are still intact.

CSCtx68850

Symptom : After upgrading to Release 7.2, SSH connection to a controller sometimes fails randomly; a prompt for username is displayed, and then SSH is closed from the controller side. After several attempts in a row, the SSH connection is successful.

Condition : Unknown.

Workaround : Try several attempts in a row.

CSCtz41068

Symptom : Web Authentication on MAC Filter Failure authentication might sporadically fail.

Condition : Controller using Release 7.0.116.0 or Release 7.0.230.0. Free RADIUS Server authentication for MAC authentication configured with default 1-second access-rejec. Clients might fail to get redirected to the web authentication splash page for authentication attempt, and remain in the ‘DHCP Required’ state.

Workaround : Configure Free RADIUS access-reject response timer to zero.

CSCub14556

Symptom : If you use the clear ap config or the clear all config command on the controller CLI, under Set to Factory Defaults in the controller GUI, on an indoor AP that has been configured for the mesh (Bridge) mode, the AP remains in the Bridge mode.

Condition : An indoor AP (such as an AIR-LAP1042) that has been configured for mesh.

Workaround :

1. Remove the IOS_STATIC_AP_MODE environmental variable from the AP. This can be done on the console by reloading the AP, escaping into the boot loader, and entering the bootloader command

OR

Copy flash:env_vars from the AP to a TFTP server and edit the file to remove the IOS_STATIC_AP_MODE line, and copy the file back.

2. Clear the AP configuration. When the AP reboots, it should be back to factory defaults.

CSCub36414

Symptom : The change (enable/disable) in admin mode of the ports on Cisco Flex 7500 Series and Cisco 8500 Series Wireless LAN Controllers is not updated on upstream switch.

Condition : Disable/enable admin mode of the ports on Cisco Flex 7500 Series and Cisco 8500 Series Wireless LAN Controllers.

Workaround : Instead of enabling or disabling port admin from the controller, make it shut/no shut from upstream switch.

CSCuc49702

Symptom : Inter-SPG roam failures when MC (Cisco 2500 Series Wireless LAN Controller) goes down and comes back.

Condition : Negative test case. MC is down and then comes back.

Workaround : Idle timeout.

CSCuc60927

Symptom : Cisco 5508 Wireless LAN Controller fails to boot. SYS LED - Blinking Amber and ALM LED = OFF.

Condition : Console logging set to debugging and high rate of console logs are generated while you reboot the controller.

Workaround : Do not set console logging to debugging and reboot the controller at the same time, or send the debug output to an SSH/Telnet session, which is also a lower impact to the CPU.

CSCuc68995

Symptom : A wireless web authentication client might be unable to authenticate to the network. When the client opens a browser, the window is blank.

With the debug web-auth redirect command in effect, messages similar to the following might be displayed:

or

Condition : The HTTP GET from the client comes at the controller in multiple TCP segments.

Workaround : Reconfigure your network and the TCP/IP stack of the client to ensure that the HTTP GET comes in a single segment.

One example of client software that is known to introduce TCP segmentation behavior that triggers this bug is AnyConnect Web Security 3.0.3054.

CSCuc80103

Symptom : Cisco WiSM2 is unreachable, unable to ping. All APs drop from the controller, and unable to ping the Management interface's gateway (via console) at the time of failure. Failure condition recovers on its own typically within minutes.

Condition : Cisco WiSM2 using Release 7.3.101.0. Buffer pool leak messages are printed in the message log around the time of the failure as follows:

Workaround : None.

CSCuc81911

Symptom : Cisco AP3600 remains in the ‘ap:’ mode when there is a power outage, requiring manual boot.

Condition : When there was a power outage, there is a possibility of AP remaining in the boot mode.

Workaround : On the AP console, enter the flash_init and boot commands to get the AP working again.

CSCud16984

Symptom : Access points are assigned to channels with lower maximum powers.

Condition : Varying power levels in different channels of the new access points. The controller detects more neighbors with high RSSIs on channels with higher power.

Workaround : None.

CSCud50209

Symptom : The system stopped working on management user form post manipulation.

Condition : Field content/count is modified

Workaround : None.

Further Information : Form needs administrative access rights to be accessed. Management from wireless is disabled by default and has to be explicitly enabled. This can minimize exposure on the wireless side.

CSCud56753

Symptom : In a VMWare ESX cluster, when migrating a virtual controller from one host to another via vMotion, the virtual controller management might become unreachable for 15 to 30 seconds, which may cause APs to transition to the standalone mode temporarily and prevent centrally switched WLANs from communicating.

Condition : The management interface of a virtual controller is configured with a 802.1q VLAN tag communicating through a virtual switch network configured with VLAN (4095 ALL) in promiscuous network; per virtual controller deployment guide. VMware network can be configured to “Notify Switches” causing RARP to be sent on VMs tagged interface for updating neighbors with CAM table seamlessly during vMotion transition. This is transparent to the VM. In the virtual controller deployment, hosts cannot know the virtual controller’s management or other interface 802.1q tags; therefore, RARP is delivered untagged. This prevents CAM tables from learning MAC update on proper VLAN ID and therefore a loss of communication to the virtual controller.

Workaround : Communication is established as soon as the virtual controller “generates or egresses” traffic through the new host after a vMotion event. No known workaround.

CSCud57046

Symptom : Client entry is seen on multiple controllers even when not anchored to the controller or part of its mobility group.

Condition : Foreign to Foreign Roaming might cause it in the scenario when the 2 (Export) Foreigns are mobility peers of each other, but (Export) Anchor is mobility peer of only the first (Export) Foreign.

Workaround : None.

CSCud57784

Symptom :

1. In Cisco 5508 Wireless LAN Controller, use MAC Filtering authentication.

2. On the controller GUI, choose Security > AAA > RADIUS > Authentication, and define more than 1 RADIUS server.

3. Choose Security > AAA > MAC Filtering and set RADIUS Compatibility Mode as Free RADIUS.

4. In the WLAN settings, check MAC Filtering, select the authentication server, which is defined in Step 1 and also has index number 1.

5. Choose Security > AAA > RADIUS > Authentication and delete the RADIUS server, which has index number 1. In the WLAN settings, select the authentication server, which has an index number other than 1. In this scenario, client authentication fails.

Workaround : Choose Security > AAA > RADIUS > Authentication and define a dummy RADIUS server, which has the index as 1.

CSCud68413

Symptom : A controller functioning as a DHCP server with large DHCP scopes might stop servicing DHCP client requests.

Condition : Release 7.2.110.0.

Workaround : Reboot the controller.

CSCue38133

Symptom : Controller sends a message after 90 days of an AP associating with the controller, that the APs should be moved to a primary controller.

Condition : A HA-SKU controller is used as a secondary controller in an N1 configuration and an AP has associated with the controller.

Workaround : None.

CSCue55153

Symptom : Controller stops communicating with CAM with SNMPv3.

Condition :

1. Enable High Availability.

2. Add controller to CAM with SNMPv3 (should have authorization and authentication passwords).

3. Failover from primary to backup controller.

Workaround : Delete and add the controller in CAM again.

CSCue86878

Symptom : The controller software was downgraded from Release 7.5 to Release 7.0.240.0 using SFTP, configuration was saved, and controller was rebooted. Immediately after rebooting the controller, the transfer download start command was entered. The controller stopped working.

Condition : This is a defect in Release 7.0.x. This is specific to SFTP downgrade procedure, and it does not apply to other mechanisms.

Workaround : If the mode is changed to TFTP or FTP upon reboot, then the controller works as expected.

CSCuf03454

Symptom : Controller stops working intermittently.

Condition : Web pass through clients anchored from foreign controller to anchor controller. Controller became unresponsive randomly.

Workaround : Reboot the controller.

CSCuf52358

Symptom : First client that connects to an incorrect interface without an available subnet to assign will not work as expected.

Condition : Multiple interfaces as part of an interface group with a client attempting to use an interface that has run out of available IP addresses in the relevant subnet to assign to this client.

Workaround : Manually deauthenticate the client so that it can associate on a different interface to be assigned an IP address.

CSCuf60628

Symptom : When AP fails over from the primary controller to the secondary controller, the client protocol displays 802.11b, which was originally 802.11g.

Condition : AP is in FlexConnect local switching mode. Controller using Release 7.3.112.0.

Workaround : None.

CSCuf61599

Symptom : Clients are not able to associate.

Condition : Release 7.3, Cisco 5500 Series Wireless LAN Controller with FlexConnect and NAT/PAT AP IP.

Workaround : Enable data encryption.

CSCuf77488

Symptom : The FT and LT detection time for an alarm is ahead or later than the AP clock. This is causing a delay in Cisco NCS to detect the alarm.

Condition : Cisco 5500 Series Wireless LAN Controller using Release 7.0.235.3; Cisco AP3500 wIPS ELM mode; Cisco MSE 3350 using Release 7.0.201.204.

Workaround : None.

CSCug01143

Symptom : At times, Cisco AP3500 causes issues such as wireless client being unable to associate with the AP, unable to use telnet to connect to the AP, show command output being very slow. It seems to be a memory leak issue.

Condition : Release 7.4.100.0.

Workaround : Reboot the AP.

CSCug07559

Symptom :

1. Load the virtual controller with Release 7.4 or Release 7.5.

2. Reset the system and press Esc key

3. In the boot options, select Change Active Boot Image.

Issue: Virtual controller is loading with the older active image, but it should load with the new or changed active image.

Condition : Bootloader image change.

Workaround : Use config boot commands to change the image order.

CSCug09947

Symptom :

1. Create a normal ACL with the name ‘pre-webauth’.

2. Add some rules.

3. Create a webauth WLAN and map the ‘pre-webauth’ ACL name to the WLAN webauth preauth ACL

4. Create a FlexConnect ACL with the name ‘pre-webauth’.

5. Attempt to remove the ACL.

6. Controller does not allow the operation and displays an error message as follows: “Error! ACL is in use.”

Condition : ACL and FlexConnect ACL with the same name.

Workaround : Delete the ACL and create again with the different name.

CSCug21645

Symptom : Cisco WiSM2 stops working at Reaper Reset: Task “BootP” missed software watchdog.

Condition : Release 7.3.112.0.

Workaround : None.

CSCug25043

Symptom : The config flexconnect group flex-group multicast overridden-interface enable command is needed to enable multicast on AAA overridden interfaces. The command works if there are no spaces in the FlexConnect group name and then you do not have to use quotes in the command. When you have a FlexConnect group name that has spaces in it, then the command needs to use quotes to enclose the group name. The command does not work when quotes are used, thereby rendering this command unusable for FlexConnect group names with spaces in them.

Workaround : Use FlexConnect group name without spaces.

CSCug27515

Symptom : Clients on 802.11n rates might experience disconnection or data transfer issues when certain segment number orders are used.

Condition : 802.11n, when client leading segment number is lower than the window (lower order).

Workaround : For Apple devices, disable AQM in the Apple wireless driver. Disable A-MPDU.

Further Information : A workaround is being implemented through CSCug65693.

CSCug29742

Symptom : Wireless clients are not reachable when set with static IP and with the VLAN pooling feature.

Condition : Initially, the wireless client is allowed to get IP through DHCP and it got IP from one of the subnets (any one VLAN from the interface group) for instance subnet A. If the static IP is set from the same subnet (subnet A) that is used previously to get IP through DHCP, the client reaches the controller very well with static IP. But, when static IP is set with other subnets (other than A), it does not reach the controller.

Workaround : In Release 7.2, we can disable and enable the WLAN once and the client entry is deleted. Now, set the static IP from any other subnet among the interfaces in the group and the controller will be reachable. This workaround will not work in Release 7.3 and later releases.

CSCug32118

Symptom : Apple devices such as iPads running Apple iOS 6.1.2 and 6.1.3 stop working for 5 seconds every 30 seconds. Client does not get disconnected from the wireless network or roam to another AP.

Condition : Cisco 5508 Wireless LAN Controller using Release 7.3.112.0; guest anchoring set up with ISE WPA2/AES/802.1x.

Workaround : Use non-Apple devices.

CSCug32967

Symptom : When an AP stops working, the log file is not sent to the controller due to CAWAP queue being full. It seems like the incoming data rate is more than what the CAPWAP queue can handle.

Condition : AP in Bridge mode (Mesh Role).

Workaround : None.

CSCug32970

Symptom : Memory leak in EAP. Radio request process.

Condition : Excessive mesh AP authentication.

Workaround : None.

CSCug34700

Symptom : Controller sends keep active alive message as a wired packet instead of wireless.

Condition : When the controller sends the keep alive as a wired packet, the ISE drops it because of license issues.

Workaround : Use passive keep alive instead of active.

CSCug38794

Symptom : Cisco WiSM2 stops working and then reboots (bcastReceiveTask 1332).

Condition : Unknown.

Workaround : None.

CSCug38888

Symptom : Disabled SSID is being broadcast by a 2.4-GHz radio.

Condition : SSID was created and disabled previously; this is a very rare occurrence, and only seen once; never reproduced in lab.

Workaround : Reconfigure AP.

CSCug40463

Symptom : A Cisco AP might stop transmitting traffic after several days with a switchport speed/duplex micsonfiguration.

Condition : Cisco AP2610 associated with a controller using Release 7.3.112.0. The default Ethernet interface of Cisco AP2600 is set to auto/auto; switchport: duplex full/speed 100.

Workaround : Correct the speed/duplex misconfiguration (should match on the AP and switchport).

CSCug49148

Symptom : Status LED on Cisco AP1552 in the local mode is blinking green when working in normal operation.

Condition : Cisco AP1552 in the local mode.

Workaround : Convert the Cisco AP to the mesh mode.

CSCug50913

Symptom : After reenabling HA, post HA disable, the secondary unit rebooted with Reason: Standby timeout. Three attempts were made to reproduce the same issue, but without success.

Condition : HA is disabled through GUI and no additional configuration change were attempted. The secondary unit rebooted and came up as active. After resetting both the primary and the secondary controller, the controllers pair up.

Workaround : Low frequency/impact issue. Controllers will pair up and work after a reboot.

CSCug53680

Symptom : AP rebooted, log information was provided.

Condition : There is no outstanding trigger.

Workaround : None.

CSCug54426

Symptom : Release 7.3 introduced subinterface on the local mode APs.

Condition : Customer requests a method to disable this on all APs because it is generating errors in the scripts.

Workaround : None.

CSCug57216

Symptom: Ascom phone stops receiving voice packets.

Condition: 802.11n in use; Voice traffic QoS markings are lost on downstream direction.

Workaround: Either fix QoS markings or disable 802.11n.

CSCug57504

Symptom: Cisco AP702 is seen as an Impersonator.

Condition: Cisco AP702 is seen as an Impersonator in controller trap logs.

Workaround: None.

CSCug57545

Symptom: Clients are unable to connect to SNMP NAC SSID with an error message as follows:

Condition: Seen after upgrading from Release 7.4.

Workaround: Enable the NAC Alert Client Trap.

CSCug69682

Symptom: Push a profile for autocontaining a device. If this fails for any reason, the mitigation status on Cisco Prime Infrastructure displays the following message:

This message should instead indicate the failure reason for auto containment.

Condition: Failed containment.

Workaround: None. It is a case of missing information.

CSCug73660

Symptom: As per the data sheet, the Cisco AP1600 should have 17 dBm of Tx power on 1 antenna and up to 22 with 3 antennas, as seen at http://www.cisco.com/c/en/us/products/collateral/wireless/aironet-1600-series/data_sheet_c78-715702.html

It is lesser in reality. The show controller’s output shows that power level 1 is 13 dBm on 3 antennas (8 dBm per antenna). Comparing the show controller’s output with a Cisco AP3600e clearly shows that Cisco AP1600 has less Tx Power. Field tests also show that it has a much smaller coverage area. This is on 2.4 GHz. On 5 GHz, the power meets expectations. This was noted in the -E reg domain. Also, modifying the antenna gain has no effect at all on the Tx power.

Condition: Controller using Release 7.4.100.0 with European regulatory domain in countries where the expected power level is 17.

Workaround: None.

CSCug76392

Symptom: It is specific to 'read-only' and 'lobby admin' users. If these users are prevented from accessing the controller due to successive failed attempts, the same users are able to logon to the controller through HTTP and, but cannot do any changes. However, it works as expected through SSH or Telnet; such users are not allowed to logon.

Condition: Disabled user remote access.

Workaround: None.

CSCug89084

Symptom: CleanAir sensor stops working and requires a reboot.

Condition: First found on the monitor mode Cisco APs.

Workaround: Reboot the Cisco AP.

CSCug90218

Symptom: Controller GUI has APs in unknown states.

Condition: Unknown.

Workaround: Reboot the controller.

CSCug91684

Symptom : Client does not get IP address even if it permits all Layer 2 ACLs that are mapped to the WLAN. This occurs only with CS WLAN; LS works as expected.

Condition : Cisco Virtual Wireless LAN Controller with central switching and Layer 2 ACL applied.

Workaround : Remove Layer 2 ACL.

CSCug92421

Symptom: Controller reports a large number of stale client entries.

Condition: Cisco Flex 7510 Wireless LAN Controller using Release 7.3.103.x with numerous clients.

Workaround: None.

CSCug98625

Symptom: Web authentication redirect fails when local switching is enabled on the WLAN. Manual redirect works. Redirect works when central switching is performed.

Condition: Local switching enabled on the WLAN.

Workaround: Add a dummy interface on the controller with IP assigned from the same VLAN, which is locally switched data VLAN for the client. VLAN identifier does not need to be the same, but IP address has to be. Also, it does not need be trunked to the controller.

CSCuh02340

Symptom: On the controller, CleanAir status is “N/A” even if AP supports and enables CleanAir.

Condition: There are two controllers and many APs (more than 30), non-HA configuration. Each AP is configured as Primary or Secondary WLC. The symptom may happen when changing the joining WLC due to power down or network problem, for example, when Primary goes down and all APs are joined to Secondary WLC or vice versa.

Workaround: Disable and re-enable radio on that AP to recover CleanAir status on the controller.

CSCuh03129

Symptom: FlexConnect AP does not delete Layer 2 ACL.

Condition: When the AP moves from one controller to another controller, with the same WLAN on both the controllers but different Layer 2 ACL.

Workaround: Reboot the AP.

CSCuh03648

Symptom: Controller might send accounting update with different framed IP address information.

Condition: CWA in use with ISE, URL redirect pushed.

Workaround: None.

CSCuh10735

Symptom: In the controller default configuration, the RADIUS failover occurs when the controller sends RADIUS request packets with the same ID to the RADIUS server for 6 times with no response from the server. However, sometimes RADIUS failover occurs even if the number of requests is less than 6.

Condition: Release 7.3.112.0.

Workaround: None.

CSCuh11730

Symptom: During WGB roaming test on FlexConnect local switching AP on Release 7.4.100.0, the following message is often observed on the AP CLI ( debug capwap client mgmt):

Condition: Roaming test on FlexConnect local switching Cisco AP on Release 7.4.100.0. Debugging using the debug capwap client mgmt command.

Workaround: None.

CSCuh12796

Symptom: Consecutive SNMP set commands for same MIB variable on the controller fails.

Condition: When a MIB object is set on the controller using SNMP set command, it works at the first attempt. However, if the command is entered repeatedly, the following message is displayed:

Workaround: Perform SNMP get before doing set.

CSCuh14797

Symptom: In Export Anchor-Foreign scenario, in both Foreign to Foreign as well as fresh association to a Foreign, if packets are not reaching to Export Anchor due to network issues, then after three retries, there will not be any further exchange. The request will go to Export Anchor and the client will stay in that state until it moves out.

Condition: Network issues between mobility peers.

Workaround: None. Instead, fix the underlying connectivity issues.

CSCuh16539

Symptom: After disabling the radio of a Cisco AP2600, it might become enabled after a reboot of the device.

Condition: Cisco AP2600; controller using Release 7.4.100.0.

Workaround: None.

CSCuh16842

Symptom: Client gets IPv6 address from a different VLAN.

Condition: This is a combination of the following factors:

1. Interface group

2. Client sending traffic from either static IP or previously allocated IP.

3. Client traffic is not matching the assigned VLAN received initially. This message shows when this occurs: Overriding interface of client from 'vlan20' to 'vlan30' within interface group 'vlan20-30'.

Workaround: Use DHCP required.

CSCuh16870

Symptom: Client with static IP loses connectivity on session timeout.

Condition: This occurs only if the following set of conditions are met:

1. Interface that the client gets from the interface group does not match the interface corresponding to the static IP.

2. Client gets VLAN overridden with the following message:

This overriding is lost when PMK expires, and a new authentication takes place. This occurs even if the client is continuously sending traffic.

Workaround: Either disable interface groups or set to DHCP required state.

CSCuh17680

Symptom: Cisco AP loses FlexConnect interface configuration when the AP is rebooted from the standalone mode.

Condition: Cisco AP moves to standalone mode and is power cycled.

Workaround: Wait for the Cisco AP to associate with the controller. After the Cisco AP has reassociated with the controller, the Cisco AP pulls the configuration from the controller.

CSCuh18983

Symptom: Using New Mobility, if the anchor controller for a client is lost, the traffic for the client might be locally terminated.

Condition: Only on New Mobility (Cisco 5760 Wireless LAN Controller and Cisco Catalyst 3850 compatibility mode). This is not applicable to legacy mobility.

Workaround: None for New Mobility; not present on legacy mobility scenarios.

CSCuh19195

Symptom: WLAN FlexConnect local switching is disabled on the active secondary controller after an HA failover. It causes WLAN-VLAN mapping to be changed on AP.

Condition: After an HA failover; Release 7.3.x.

Workaround: Reconfigure the WLAN-VLAN mapping.

CSCuh20385

Symptom: When using Internet Explorer 10 as the browser to access the GUI of the controller, it is not possible to use any filter options for clients and APs. The filter pop-up box is not displayed.

Condition: None.

Workaround: Switch the browser to compatibility view.

CSCuh20715

Symptom: Cisco 5508 Wireless LAN Controller stopped working on Reaper Reset: Task “LDAP DB Task 2” missed software watchdog.

Condition: Reaper Reset: Task “LDAP DB Task 2” missed software watchdog.

Workaround: None.

CSCuh25790

Symptom: With HA enabled Cisco 5508 Wireless LAN Controller set up with 430 real APs, the predownload was started on the 430 APs. Predownload was completed, but could not reset the system even after that. A message is displayed that says that the AP software upgrade is in progress, but remains unresponsive.

Condition: High AP count, failed predownload.

Workaround: Reboot the controller with the reset system forced command.

CSCuh26716

Symptom: The output of the show redundancy summary command shows the following line regardless of its real SKU.

Condition: Used the show redundancy summary command on:

1. Secondary system which is converted from the Primary system.

2. HA-SKU system.

Workaround: None.

CSCuh28190

Symptom: AP stopped working once and the log was found on the controller and TFTP server.

Condition: None.

Workaround: None. The AP will reset on its own. This was a one-time event and is still under investigation.

CSCuh29093

Symptom: LEAP authentication fails for FlexConnect mode local authentication and local switching.

Condition: Primary and secondary server added in a FlexConnect group and they are not reachable.

Workaround: Delete primary and secondary servers. The client right away authenticates with the local AP database. This caveat has been tested in controller software version 7.4.100.60 and customer version 7.4.100.0.

CSCuh31410

Symptom: AP radio may reset during FlexConnect state change.

Condition: AP connectivity to the controller restored.

Workaround: None.

CSCuh37173

Symptom: AP stops working on low memory condition. This is a request to implement WDT crash trigger mechanism in a low memory scenario, before reaching a breaking point.

Condition: Unknown.

Workaround: None.

CSCuh37960

Symptom: AP rebooted with log information provided.

Condition: There is no outstanding trigger.

Workaround: None.

CSCuh39893

Symptom: Controller using Release 7.3 or Release 7.4 fails to authenticate One Time Password (OTP) users when there is an attempt to authenticate to the controller using TACACS+. The following debug output is displayed when the debug aaa tacacs enable command was entered on the controller CLI.

Condition: Controller using Release 7.3 or Release 7.4; TACACS+ used for Management User Authentication; OTP used for TACACS+; static passwords are not impacted.

Workaround: Extend the TACACS+ Management Server Timeout value by entering these commands:

1. config tacacs auth disable server-index

2. config tacacs auth mgmt-server-timeout server-index 10

3. config tacacs auth enable server-index

CSCuh40464

Symptom: Topology: 5500 (MC/GC) MA1 MA2.

To reproduce the issue, perform the following tasks:

1. Get the mobility between all is up and make Cisco 5500 Series Wireless LAN Controller as GA.

2. Try to connect a client to MA1. Client gets IP, anchor-foreign relationship is formed.

3. Roam the client to MA2. It is observed that it goes to IP learn state.

Condition: Roaming between two mobility agents with Cisco 5508 Wireless LAN Controller as MC/GC.

Workaround: None.

CSCuh41053

Symptom: When there is a duplex mismatch between the Cisco AP1142 port and upper layer switch port, both the switch and the Cisco AP display a warning message that is similar to the following:

The warning message is logged to the controller. However, when the controller is upgraded to Release 7.4.100.0, the warning message is not logged to the controller.

Condition: This issue occurs only with Release 7.4.100.0, and not with Release 6.0.202.0.

Workaround: None.

CSCuh42665

Symptom: Controller sends incorrect information for Rogue AP detection through traps.

Condition: This issue occurs only with Release 7.4.

Workaround: None.

CSCuh44119

Symptom: Cisco 8510 Wireless LAN Controller does not show the config line after disabling DHCP proxy. The config dhcp proxy disable bootp-broadcast disable command using Release 7.4.100.60.

Condition: This issue occurs only with the Cisco 8510 Wireless LAN Controller using Release 7.4.100.60.

Workaround: Enter the line in the configuration file or modify the configuration directly on the controller through the CLI or GUI.

CSCuh45072

Symptom: Cisco 5508 Wireless LAN Controller in HA configuration with two AAA servers in configuration sends TACACS+ authentication and authorization requests to different AAA servers. After some time, a user logging on through TACACS+ account to the controller is unable to logon because the controller sends authentication request to one AAA server, while at the same time and for the same user, the Authorization/Accounting request is sent to the second AAA server in the Authentication/Authorization servers list configuration on the controller.

Condition: Controller with HA configuration. User logging on through TACACS+ account to the controller. Two or more AAA servers defined under controller TACACS+ authentication/authorization server list.

Workaround: None.

CSCuh46442

Symptom: Cisco AP displays the %CAPWAP-3-ERRORLOG messages when the AP associates with the controller as follows:

Condition: AP associating with a controller.

Workaround: None.

CSCuh46996

Symptom: A wired device that scales behind a third-party bridge device fails to get an IP address.

Condition: Third-party bridge is associating with an AP in H-REAP (FlexConnect) local switching mode and the controller is using a release that is later than the 7.0.116.0 release.

Workaround: None.

CSCuh49135

Symptom: Beacon loss in Cisco AP1130.

Condition: Random beacon drops are observed with Cisco AP1130 in FlexConnect mode.

Workaround: None.

CSCuh50219

Symptom: The mesh topology is: RAP - MAP1 - MAP2 (all AP are 1522s, using 5-GHz backhaul). When MAP1 does not have Ethernet bridge client, then MAP2 connects to MAP1 and associates with the controller. However, when MAP1 has an Ethernet bridge client, then MAP2 fails to connect to MAP1 in order to associate with the controller. The authentication process between MAP2 and MAP1 is never completed in this case. The problem also appears regardless of the radio used for backhaul; that is both 5-GHz backhaul and 2-GHz backhaul.

Condition: Applies to Cisco AP1520. Not applicable to Cisco AP1550.

Workaround: None.

CSCuh50505

Symptom: Cisco WiSM2 stops working and then reboots.

Condition: Cisco WiSM2 stops working when TPCv2 is in an enabled state.

Workaround: Disable TPCv2.

CSCuh51208

Symptom: On an HA pair, when the standby unit is active, it might display the evaluation license window showing the remaining time.

Condition: HA in use.

Workaround: None needed. The HA unit will continue to work because the local licenses are not used for AP join validation.

CSCuh52238

Symptom: False DFS detections related to client activity.

Condition: Clients triggering DFS detections due to spurious emissions.

Workaround: Use non-DFS channels. This bug is to track additional filtering for pulses generated by client activity.

CSCuh53168

Symptom: SNMP query to Cisco Wireless LAN Controllers return noSuchName during device sync operation done from Cisco NCS.

Condition: Random event while Telnet is enabled. Only seen at two sites.

Workaround: None.

CSCuh54815

Symptom: WPAv1 with AES and WPAv2 with TKIP are not supported in the FlexConnect standalone mode, local authentication in the connected mode and CCKM fast-roaming in the connected mode. This limitation is documented only in Wireless LAN Controller 7.0 configuration guide. See http://www.cisco.com/en/US/partner/docs/wireless/controller/7.0/configuration/guide/c70hreap.html

For Wi-Fi Protected Access version 2 (WPA2) in H-REAP standalone mode or local authentication in the connected mode or CCKM fast-roaming in the connected mode, only Advanced Encryption Standard (AES) is supported. For Wi-Fi Protected Access (WPA) in H-REAP standalone mode or local authentication in the connected mode or CCKM fast-roaming in the connected mode, only Temporal Key Integrity Protocol (TKIP) is supported. WPA2 with TKIP and WPA with AES is not supported in the standalone mode, local authentication in the connected mode, and CCKM fast-roaming in the connected mode. This is true for Release 7.2 and later releases.

Condition: None.

Workaround: None.

CSCuh55653

Symptom : AIR-CT5508-K9 reboots unexpectedly using Release 7.4.100.0 and as a result the “apfMsConnTask_5” task gets suspended.

Condition: This issue occurs under normal conditions without any hardware or software configuration changes or network topology changes.

Workaround : None.

CSCuh60546

Symptom : There are no debugs or logs to troubleshoot 10-GB interface issues on Cisco 8500 or 7500 Series Wireless LAN Controllers. Unable to determine the issues between switches and the controller.

Condition: Cisco 8500 or 7500 Series Wireless LAN Controllers with 10-GB uplinks SFP.

Workaround : None.

CSCuh61659

Symptom : When the client tries to connect to snooped domain (such as google.com), the debug message on access point is incorrectly referencing the use of the Virtual IP.

Condition: Using DNS snooping ACLs with Release 7.3.x; enable DNS snooping on one of the ACLs for any domain (such as google.com). Enter the debug dot11 profiler events command on the AP and connect to a client that is assigned with that ACL.

Workaround : None.

CSCuh63491

Symptom : With RF profile created, certain clients (for example, Blackberry devices) are not able to associate with the AP, and the controller rejects the association indicating invalid client data rates.

Condition: Create an RF profile for the AP group, disable standard rates in the profile, and map the profile to an AP group.

Workaround : Disable standard rates in the global profile.

CSCuh65005

Symptom : Controller puts the client on Run state while the client is not actually authenticated by the RSA/RADIUS server using web authentication – PAP.

Condition: This issue occurs when you use a two-factor authentication.

Workaround : Do not use the two-factor authentication for web authentication because it is not supported on controllers.

CSCuh67653

Symptom : Stale client entries are seen when the show dot11 associations command is entered on the Cisco Autonomous Access Points.

- show dot11 associations all-client ------------------ Address : XXXX.XXXX.XXXX Name : NONE IP Address : 0.0.0.0 Interface : Dot11Radio 0 Device : unknown Software Version : NONE CCX Version : NONE Client MFP : Off State : Assoc Parent : self SSID : XXXXXX VLAN : 12 Hops to Infra : 1 Clients Associated: 0 Repeaters associated: 0

Condition: This issue occurs when a client connects and passes by or when the client gets disconnected and the entry still remains on the AP.

Workaround :

1. Clear a particular client using the clear dot11 client client-MAC-addr command.

2. Reload the image. This clears all the ghost clients.

3. Enter the shut and no shut commands on the interface.

CSCuh69558

Symptom : Default interface takes precedence over foreign VLAN mapping with AAA override.

Condition: Configure a guest anchor solution. Enable foreign controller-interface mapping in the anchor. Enable AAA override in the WLAN. If the AAA server does not send any interface details, the anchor controller uses the default interface configuration for the WLAN to assign an IP address to the client. The precedence should fall to the foreign controller-interface mapping and then to the default interface in the WLAN.

Workaround : None.

CSCuh70825

Symptom : MAP becomes unreachable through ICMP and displays memory allocation failures.

Condition: This issue occurs in Cisco AP1552UE MAP with an IP camera connected.

Workaround : Reboot the AP.

CSCuh72474

Symptom : Controller assigns an interface within a group to an invalid list even though a response was received by the DHCP server.

Condition: This occurs when some clients insist on requesting an IP outside their connected interface range in a DHCP flood. For each request, the DHCP server responds with DHCP NAK, and the DHCP NAK is received by the controller and forwarded to the clients.

Workaround : None.

CSCuh76898

Symptom : The client communication fails after a controller failover.

Condition: A system consists of two controllers and a Cisco AP, where the Cisco AP is in FlexConnect Local Switching mode with VLAN support disabled. This issue occurs when the Cisco AP fails over from controller1 to controller2 and then fails over back from controller2 to controller1.

Workaround : Enable/disable the radio of the client.

CSCuh77093

Symptom : A Cisco 3500 Series access point stops responding under severe radio load.

Condition: This issue occurs when several thousand clients attempt to use the access point at the same time, and when the affected Cisco APs are running an affected version of the software. This occurs due to an interrupt timing issue that is inherent to the CPU utilized in the Cisco APs.

Workaround : None.

CSCuh78753

Symptom : Cisco AP3600 stops responding.

Condition: This issue occurs when the Cisco AP is in FlexConnect mode and has continuous association and reassociation with clients having flapping WAN connection.

Workaround : None.

CSCuh82907

Symptom : Cisco AP3500 experiences false radar detection.

Condition: This issue occurs in Release 7.0.235.3.

Workaround : Use the W52 band.

CSCuh86976

Symptom : Cisco NCS displays the “Table too large, possible agent loop” SNMP error message for bsnMeshNeighsTable. The controller sends too many rows to Cisco NCS due to which Cisco NCS SNMP polling stops responding.

Condition: This issue occurs during an SNMP walk on bsnMeshNeighsTable for a controller using Release 6.0.199.4.

Workaround : None.

CSCuh86993

Symptom : Cisco AP responds to an authentication request for a disabled BSSID.

Condition: This issue occurs when the Cisco AP receives an authentication request from a client whose database is about to be deleted.

Workaround : None.

CSCuh87571

Symptom : Image upgrade fails occasionally in an HA system. Even though the standby system is operational and in Standby Hot state, it does not show any activity when the image is downloaded, thereby causing failure in image transfer.

Condition: This issue occurs in a Cisco 5508 Wireless LAN Controller and Cisco WiSM2 HA system.

Workaround : Reset system and try to download again.

CSCuh92835

Symptom : The “WLAN with duplicate SSID and L2 security policy found.” error message is displayed during a change of WLAN configuration.

Condition: This issue occurs when an attempt is made to change configuration of two similar WLANs that use the same Layer 2 and Layer 3 security, that is QoS, Bandselect.

Workaround :

1. Disable both WLANs from the controller GUI.

2. Make all WLAN configuration changes using the controller CLI and then enable the WLANs.

3. Delete and re-create the other WLAN from the controller GUI.

CSCuh94259

Symptom : When enabling the mDNS profile on an interface group, the “Active WLAN using interface group. Disable WLAN first.” error message is displayed, if the interface group has already been mapped to a WLAN or an AP group.

Condition: Using mDNS gateway on the interface group.

Workaround :

1. Remove the interface group and then add the group again.

2. Enable the mDNS profile on the interface group before using it.

CSCuh94366

Symptom : FlexConnect Local Switching clients are unable to connect to some VLANs and get DHCP.

Condition: After upgrading a Cisco Flex7510 Wireless LAN Controller to Release 7.4.100.60, clients associated to Cisco AP1242 are unable to connect to a FlexConnect Local Switching WLAN that is mapped to certain VLANs (301 is noted) in the AP's FlexConnect configuration.

Workaround : Use other VLANs.

CSCuh97457

Symptom : Controller incompatibility behavior is observed on Change Of Authentication for RFC 3576 implementation.

Condition: The attributes sent by the RADIUS server for the user session disconnect request are not acknowledged, when the RADIUS server sends a Change Of Authentication disconnect request.

Workaround : The disconnect request is accepted when the following three AVP pair attributes are sent:

1. Calling-Station-ID MAC address of the device (lower case works)

2. Service-Type Login-user

3. Called-Station-ID (upper case MAC of AP SSID separated by colons).

CSCuh99194

Symptom : A client’s first attempt to associate is unsuccessful; the second attempt is successful.

Condition: Maximum number of clients per AP radio is configured on each Cisco AP1142.

Workaround : None.

CSCui01948

Symptom : Cisco Prime Infrastructure, Release 1.3, displays the “SNMP operation to Device failed Table too large, possible agent loop” error message when monitoring a Cisco AP or a client associated with the Cisco AP.

Condition: This occurs when the SSID is set to FlexConnect Local Switching and the Cisco AP is set to Local AP Mode.

Workaround : None.

CSCui02779

Symptom : LDPE and non-LDPE controllers are allowed to form an HA pair. Cisco 600 Series OEAP fails to connect if the failover occurs from the LDPE to the non-LDPE controller.

Condition: This issue occurs in an HA setup that has LDPE and non-LDPE controllers.

Workaround : None.

CSCui05324

Symptom : Intermittently, after a period of operation, clients are unable to associate with the radio of a Cisco AP. The Cisco AP continues to beacon, but when the client sends an 802.11 authentication frame, the Cisco AP fails to respond with an authentication response because the transmit queues of the radio are filled up.

Condition: When the current use of the transmit queues is equal to the limit, the radio is unable to transmit.

For example, in Cisco AP1242, enter the following command:

ap#show controller dot11radio0 | include Transmit

Transmit queues: Limit 650 Current 650 In-Progress 0

Workaround :

1. Write a script that monitors the usage of the radio transmit queues in each access points. If a radio is found whose transmit queue usage is nearing its limit, enter the following command:

clear interface <interfacename>

2. Manually reset the radio of the impacted Cisco AP.

CSCui10841

Symptom : The Cisco AP arranges its own bandwidth for SIP Phone, though it is not on the phone.

Condition: This issue occurs in Release 7.0.240.0.

Workaround : None.

CSCui12365

Symptom : Cisco 5508 Wireless LAN Controller stops responding when a client is moved from a PMIPv6-enabled controller to a non-PMIPv6 enabled controller.

Condition: This issue occurs if Fast SSID is enabled.

Workaround : Disable Fast SSID.

CSCui13401

Symptom : Client exclusion feature does not become effective.

Condition: This issue occurs due to repeated 802.1x authentication failures.

Workaround : None.

CSCui15077

Symptom : Controller stops responding when AAA server pushes Cisco AV pair of url-redirect-acl longer than 32 characters.

Condition: This issue occurs when the url-redirect-acl name is very long or when you put the URL in this Cisco-av-pair instead of the ACL name.

Workaround : Use url-redirect-acl names which have less than 32 characters.

CSCui15110

Symptom : After adding WLAN to the AP group, it cannot be edited on the AP VLAN mapping page (FlexConnect mode).

Condition: This issue occurs when you disable WLAN before adding it to the AP group.

Workaround :

1. Enable the WLAN before adding to AP group.

2. Add another enabled WLAN.

3. Reboot the Cisco AP.

CSCui15562

Symptom : Controller stops working due to watchdog issues.

Workaround : Controller recovers after reboot.

CSCui15800

Symptom : DCA assigns radar frequencies or channels that are not supported by AP's radio, but present in the DCA list.

Condition: This occurs when DCA is enabled in the 40-MHz mode or running on an AP set on 40 MHz.

Workaround : Use 20 MHz and remove unsupported channels from the list.

CSCui19316

Symptom : Voice client fluctuates while passing voice traffic.

Condition: Create an open SSID in a Cisco AP702 and add it to the d0 radio interface. Try to associate two voice clients and then initiate a call from one to another.

Workaround : None.

CSCui19817

Symptom : Location calibration fails indicating no data points were collected. Same setup works if you use other Cisco AP models (1140).

Condition: This occurs if you do a location calibration, linear or by data points, in an area covered by Cisco AP2600 models.

Workaround : Use an existing calibration model.

CSCui20773

Symptom : Broadcast queue becomes full.

Condition: This issue occurs when the wireless clients sends an IGMP report as soon as the query is sent by the controller.

Workaround : Increase the IGMP query interval and timeout value. If the queue is full and the IGMP query is not processed on the first try, the stream will not be affected until no report is received over the timeout value.

CSCui22463

Symptom : Controller using Release 7.4.x stops responding.

Condition: This occurs when you enable mDNS snooping.

Workaround : Disable mDNS snooping.

CSCui23123

Symptom : HA upgrade fails with the following error message displayed:

Condition: This issue occurs in an HA setup where the primary controller has a non-LDPE image and the secondary WLC has an LDPE image. Both the controllers have 7.4.100.0 software.

Workaround : Disable HA on controller.

CSCui23134

Symptom : Controller stops responding.

Condition: This issue occurs after you use the ap packet-dump feature.

Workaround : Do not use the ap packet-dump feature.

CSCui23580

Symptom : RAP loses static channel on 5 GHz, and the 2.4-GHz channel gets set to static when configured for Auto.

Condition: This issue occurs when you have the following settings:

RAP-1: Set to Channel 100; 2.4 GHz = Auto

RAP-2: Set to Channel 161. 2.4 GHz = Auto

Both are initially joined with wired connection to the controller. When the RAP-1 Ethernet link is lost or goes down, it joins over wireless backhaul through RAP-2. When Ethernet connection is available, RAP-1 joins over Ethernet and gets set to channel 161 (remembers previous parents channel information) and 2.4 GHz gets set to static channel 11.

Workaround : RAP Ethernet connection is never lost. If Ethernet connection is lost, RAP should not join another RAP.

CSCui24995

Symptom : During client authentication for a FlexConnect AP in the standalone mode, you will see that the Called-Station-ID attributes do not have the SSID information.

Condition: This issue occurs in an AP that is configured for local RADIUS support.

Workaround : Use controller for authentication.

CSCui25551

Symptom : FlexConnect Local Switching Local web authentication fails.

Condition: This issue occurs when the controller using Release 7.4.100.0 performs local switching in a FlexConnect group.

Workaround : Use central switching.

CSCui26077

Symptom : Fast Transition roam fails between FlexConnect APs.

Condition: This issue occurs when a client tries to roam using 802.11r Fast Transition between two FlexConnect APs.

Workaround : Normal roam occurs.

CSCui26223

Symptom : When performing an SNMP walk to the controller, there is no response from the device.

Condition: This issue occurs in FlexConnect controllers with a particular configuration.

Workaround : Contact Cisco Technical Assistance Center.

CSCul33755

Symptom : This issue occurs only when MN devices send unicast ARP and the Cisco WLC does not respond to unicast ARP.

Condition: This is applicable only to MN devices, which are sending unicast ARP.

Workaround : As Apple Client unicast ARP, enter the following command to disable unicast ARP:

CSCuc78713

Symptom : Wireless clients cannot receive broadcast packets after broadcast key rotation.

Conditions : Dynamic WEP; Release 7.0.235.0, 7.2.110.0, and 7.3.101.0.

Workaround : Enter the config advanced eap bcast-key-interval 86400 command in the middle of the night and then change security setting to WPA2.

CSCub89883

Controller unresponsive on multiple tasks, high CPU, after enabling guest LAN.

CSCue42242

Unable to navigate second page in GUI for “Unclassified Adhoc rogue”

CSCue91034

Multicast: Handling link-local group addresses in CP/DP without L3 MGID

CSCtk58442

Controller needs forced reset option to recover if it stopped working in software download state

CSCtn54555

Cisco 600 Series OfficeExtend Access Points: Barker Preamble bit in IE42 is set when 802.11n clients associate

CSCtq82437

No CDP neighbor details for LAP

CSCtt47397

Cisco AP3500 watchdog stops working at random with CPU Hog while under light load

CSCtx61744

Cisco 600 Series OEAP low TCP throughput less than 50 Mbps for personal SSID

CSCty84682

AP not forwarding Multicast data and querier messages

CSCtz55837

Cisco Mesh AP cannot associate using mesh security EAP

CSCua97184

Aggr Sched Cat 1: AP stops working due to function pointer issue

CSCub24389

AP stopped working in spamProcessCertPayload

CSCub26654

Cisco AP3600/AP3500 DFS false detect

CSCuc02149

Local switching: Cisco AP3600 drops IP6to4 TCP SYN ACK packets received from LAN

CSCuc06605

Radio reset: SF3 radio ‘tx jammed’[BZ 809]

CSCuc32120

AP: %SYS-2-INTSCHED: ‘idle’ at level 0 interrupts -Process: CAPWAP CL

CSCuc52952

75Dup service IP address error messages on Cisco Catalyst 6500 for Cisco WiSM2 in HA setup

CSCuc72073

Cisco 5508 Wireless LAN Controller stopped working from mobilityCapwapSocketTask

CSCuc81022

Cisco AP1520 experienced excessive DFS detection for in-band/off-channel weather radar

CSCud04882

Cisco AP1142’s display of Active Power levels was incorrect

CSCud04901

Cisco AP1550 excessive DFS detection for in-band/off-channel weather radar

CSCud12437

DHCPv6 solicits were sent over the air while it should not have been the case.

CSCud12582

Processing AAA error ‘Out of Memory’

CSCud41398

Cisco AP sometimes failed to hear BA from clients that caused BA timeouts [BZ 786]

CSCud44269

Cisco AP should not have bridged ARP traffic for clients with DHCP required in WLAN

CSCud52785

Unable to create SNMP community on Cisco virtual controller

CSCud84135

Cisco AP without default route lacks IP connectivity with other subnets

CSCud97325

Cisco AP3600 sends invalid frames (0000.0104.xxxx) when changing primary controller.

CSCud97830

Telnet access to the controller was lost

CSCue01191

MAC flaps for wired guest MAC on switch connected to foreign controller

CSCue02718

HA redundancy did not fail over to the standby controller when removing Ethernet cable

CSCue02826

5-GHz radio fails on 1552-N in the non-bridge mode associated with the controller with Brazil (-T)

CSCue14501

WSSI interference triggered DCA to change channels on serving radios

CSCue32755

Wireless client was not able to associate with mesh access point with an Ethernet-bridged client

CSCue32955

Wired guest did not get IP address on the controller

CSCue33222

Controller stopped working using Release 7.4.100.0 with mDNS service enabled

CSCue34072

Controller leaking memory for the task: mmlisten

CSCue44986

Client could not detect SIP port while doing FaceTime call

CSCue50917

Root AP failed association as MAP when wired backhaul was lost

CSCue53220

Controller dropped wireless-to-wireless client traffic with source UDP/16666

CSCue54977

RF profile configuration not shown in show run-config commands

CSCue55191

Memory leak in mm_listen.c line 8826

CSCue56195

System MAC address is changed to all zeros

CSCue58727

Reaper reset controller due to mutex issue in spectrumRadSlotAQEnableGet

CSCue62388

“AP reloads with DOT11-3-NO_BEACONING ““Not Beaconing for too long”””

CSCue66506

Controller did not accept DHCP server address

CSCue66944

Remote LAN added MAC filtering after upgrade. Cisco 600 Series OEAP radios were disabled

CSCue69665

WebAuth FlexConnect ACL does not always bridge traffic outside of a CAPWAP tunnel

CSCue71856

AP did not send traffic indication to client in power saving mode in time

CSCue73385

Controller: 802.1x interface create failure — “Unable to find 802.1x interface”

CSCue76126

Cisco 5508 Wireless LAN Controller, Cisco 2504 Wireless LAN Controller, and Cisco WiSM2 using Release 7.0.240.0 stopped working due to memory buffer leak

CSCue80611

CLI Syscontact had more restrictive character list than GUI

CSCue83558

Cisco WiSM2 stopped working due to Task Name: apfMsConnTask_6

CSCue84694

Cisco AP did not clear L2 MGID information after Dynamic Interface Change

CSCue87238

Cisco 5508 Wireless LAN Controller using Release 7.4 stopped working without producing any log files.

CSCue89904

QoS per user rate limiting on the WLAN breaks client traffic on roaming

CSCue92521

Cisco 5508 Wireless LAN Controller stopped working due to memory corruption in task name spamApTask6

CSCue93244

Cisco 5500 Series Wireless LAN Controller using HA stopped working due to memory issues during AAA initialization

CSCue99040

Cisco Flex 7500 Series Wireless LAN Controller and Cisco WiSM2 have High Availability issues.

CSCue99208

Advanced 802.11 monitor noise command was lost after reboot

CSCuf03309

Small packet drop on Cisco WiSM2 with DTLS scenario

CSCuf30537

CalledStationId should have used MAC Address per CalledStationID change

CSCuf43147

All AP clears the L2 MGID when WLAN interface mapping deleted from 1 APG.

CSCuf49649

N domain type showed 36-48 as requiring DFS

CSCuf52235

Per WLAN user idle timeout broke global timeout after upgrade

CSCuf56192

Unable to delete an mDNS profile in a particular case

CSCuf61780

Cisco AP1600, Cisco AP2600, and Cisco AP3600 aIOS permitted only 7-dBm power setting

CSCuf65468

RRM was not working as expected on a controller with Cisco 600 Series OEAP

CSCuf74326

Valid Cisco Virtual Controller license misinterpreted by the virtual controller: no AP count

CSCuf76916

After a few failovers, only clear and config commands were available on the active controller

CSCuf86303

DP heartbeat lost; stopped working at longevity testbed

CSCuf93738

The save config command is not updating startup configuration with new AP group interface mapping

CSCug04801

After a few failovers, none of the clients get authenticated

CSCug08277

Cisco AP1260 stopped working in mvl_transmit_recover

CSCug08318

The new Cisco Flex 7500 Series Wireless LAN Controller M3 hardware version was unable to scale to 6000 Cisco APs.

CSCug14709

Controller does not recognize Airespace WLAN ID attribute in access-accept

CSCug16473

Standby controller using Release 7.4.100.0: DP failure in loop with Bluetooth adapter

CSCug19228

The config mesh linktest command does not work as expected

CSCug20166

’Network interrupt loop detected’; did not show AP traceback

CSCug22648

WSSI not supported in –S, –N regulatory Domains (possibly more)

CSCug25517

Layer 2 roam entry not initialized in HA standby controller

CSCug26521

Controller using Release 7.4 in DHCP Proxy mode: Option 255 missing in DHCP request packet

CSCug26650

CDP neighbor information was not shown correctly in Monitor >APs page

CSCug42677

Controller stopped working when applying CPU ACL in HA

CSCug45057

Radio disabled due to inline power using Release 7.4

CSCug46616

RRM grouping state did not work in computation state

CSCug46718

2.4-GHz client failures on Cisco AP3600, Cisco AP2600, and Cisco AP3500

CSCug49904

DTLS tunnel stopped working after configuration was restored

CSCug50611

Central DHCP Processing WLAN did not get added to the FlexConnect AP

CSCug51714

Clean up error messages about IPV6-3-INVALID_ADDR_ORPHAN

CSCug54108

AP memory leak - %SYS-2-MALLOCFAIL: Memory allocation failed

CSCug57376

Cisco WiSM2 with HA: AP disconnected the active controller and reassociated post switchover

CSCug57436

3502-Mesh Ethernet bridging does not exclude gig() failing to join over radio

CSCug59937

Controller stopped working in tpcv2ConstructApProfile

CSCug64750

ARP request unicast is dropped on anchor scenario

CSCug64950

AP group change to RAP in MAP mode results in stranded RAP

CSCug67289

Cisco Flex 7510 Wireless LAN Controller inverted Caller Station ID in TACACS+.

CSCug74606

Cable AP failed to switch between its cable modem and backhaul radio

CSCug78858

GSSO-CH:Layer 2 ACL worked differently in central switching and local switching.

CSCug79741

Cisco 5500 Series Wireless LAN Controller stopped working on Task: nmspRxServerTask

CSCug80060

PMIPv6 roam issue from Cisco 8500 Series to Cisco 5500 Series Wireless LAN Controllers with AAA override enabled

CSCug82362

All controllers using Release 7.4.100.0 schedule reboots at incorrect times

CSCug86782

AAA override disabled on WLAN was overridden with AAA attributes

CSCug86804

Controller using Release 7.4 stopped working on tplusTransportThread

CSCug86876

WSSI module showed as not working in dual-band section, but as working in the details

CSCug90440

Double ‘client authenticated’ Trap logs observed in a controller

CSCug91572

FlexConnect AID leak issue

CSCug99623

APs disconnect on software download in an HA pair

CSCuh01250

Cisco Flex 7500 Series Wireless LAN Controller stopped working on task emweb

CSCuh01892

Cisco 600 Series OEAP experienced client disassociation

CSCuh01980

HTTPS to an HA controller failed after reboot because the Web Admin key is missing

CSCuh11276

Client-specific AVC application graph not shown if the client is idle

CSCuh12457

Cisco Flex 7500 Wireless LAN Controller as HA primary controller reboots with gateway reachability issue

CSCuh29695

System stopped working on New Act on software over at acDtlsPlumbDataPlaneKeys

CSCuh41819

Controller: #LWAPP-3-VALIDATE_ERR: spam_lrad.c:10708 Validation of STAT_PAYLOAD

CSCuh48729

Cisco AP3600 stopped working on network interrupt loop (a finding from CSCtt47397)

CSCuh55612

Cisco 600 Series OEAP: WLAN client could not connect because the client database was full

CSCue87961

Controller GUI could not be accessed using management credentials through wireless on Release 7.4

CSCug65693

Apple Macbook client bug caused connectivity issues with the recent OS X update

CSCug23395

Cisco 5500 Series Wireless LAN Controller as HA Secondary controller did not work as expected

CSCug29258

FlexConnect ACL did not retain after AP reboot in standalone

CSCuf52235

Per WLAN user idle timeout broke global timeout after upgrade

CSCuh15491

Aggr_Sched_Stack Corruption (Intermediate Radio Reset Workaround Code)

CSCuh47735

Aggr_Scheduler_Crash - FWD_TRACE_L function (freed dtx in cpq)

CSCug99623

APs disconnect on software download in an HA Pair

CSCuc72713

Cisco WLC should not move the client to RUN state with LL IPv6 address