List AireOS Feature Per Release

Available Languages

Download Options

PDF (71.7 KB)
View with Adobe Reader on a variety of devices
ePub (94.5 KB)
View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
Mobi (Kindle) (99.5 KB)
View on Kindle device or Kindle app on multiple devices

Updated:March 30, 2021

Document ID:201007

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Introduction

This document describes the features available in the Wireless LAN Controllers (WLC) and in which version of code they started to be supported.

Prerequisites

Note: For further details about an specific release consult its release notes: AireOS - Release Notes

Requirements

Cisco recommends that you have knowledge of AireOS Wireless LAN Controller.

Components Used

This document is not restricted to specific software and hardware versions.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.

Feature Introduction Per Version

Note: The Cisco 1040 Series, 1140 Series, and 1260 Series Access Points (APs) have feature parity with Cisco Wireless Release 8.0. Features introduced in Cisco Wireless Release 8.1 and later are not supported on these access points.

8.10.181.0

Support of new hardware revision of 9105/9120/9130 as per Field Notice https://www.cisco.com/c/en/us/support/docs/field-notices/724/fn72424.html

8.10.171.0

By enabling the HTTP Strict Transport Security (HSTS) policy on the controller, you may access the controller GUI only with a client browser that uses HTTPS protocol.

8.10.151.0

Support enabling/disabling 802.11ax support per WLAN
Random MAC filtering. It is now possible to configure the rejection of clients with random MAC addresses
USB support for IW6300
Larger memory and NAND flash upgrade for IW6300

8.10.142.0

Advanced Scheduling Request : support for clients specifying their bandwidth requirements for OFDMA
Support for ECDHE_RSA_AES_128_GCM_SHA256 cipher
From this release, new SSID and WLAN profile names can have up to four leading spaces. If there are more than four leading spaces in an SSID or WLAN profile name, an error message is displayed.
Support for Type-5 Encryption Protocol for Management Password

8.10.130.0

Support for 9105 access point
Support for 9130 tri-radio dynamic mode
Uplink MU-MIMO for 9130
Support for stronger ciphers in Cisco access points
AP 4800 prioritizes wips mode
Stronger username and passwords requirements for controller and AP users.
new AP image bundle for 9117
reliable WGB downstream broadcast for multiple VLANs
DNA Center Assurance Wifi6 dashboard (EFT)
LAG support extended to 1850
SNMP support for NTP server configuration on AP group
Controller now sends the full certificate chain via HTTPS for management
9115 and 9120 support for hardware DTLS decryption
Spectrum Intelligence support on 9115
UL and DL OFDMA support for 9130
Regulatory domain changes in Bahrain, Egypt, India, Indonesia, Japan, Russia, and Taiwan.

8.10.120.0

Support for Power-On-Self test of crypto components on AP bootup for FIPS certification
FT over-the-DS is now disabled by default on new WLANs
Reliable multicast and broadcast for WGBs
IW6300 features : RAP daisy chaining, multiple ethernet ports handling,
Anchoring support per profile name instead of per WLAN name
IP Source Guard enforcement on Flex Local switching when DHCP required is enabled
RLAN local switching in flex standalone mode
9130 static tri-radio mode

8.10.112.0

Support for Catalyst 9130-AXE
Static BSS coloring
FastLocate on Wifi6 APs
Antenna monitoring and detection system
Auto enrollment of certificates for Wave 2 APs in WGB mode
Secure UDI certificate for AP authentication
TLS 1.2 for EAP-FAST in local EAP authentication
Console access to the AP using the default username and password is not supported. You must explicitly configure the controller AP global credentials with non-default username and password to get access to the AP console.
APs in sensor mode are not supported anymore

8.10.105.0

Support for 9130-AXI
support for 9120AXE, 9120AXP
Mesh mode on wave 2 APs
Airtime fairness support on wave 2 APs
Intelligent capture support added to more APs - 1800s, 9115, 9117, 9120, IW3700, Cisco 6300 Embedded AP
WPA3 support
Enhanced Open support
Wi-Fi Alliance Agile Multiband (MBO) support
SNMP traps via SNMPv3
Support for -P domain
Sending access points events through radius accounting
Password encryption
per AP group NTP server

8.9.111.0

Support for Catalyst 9120-AXI access point

8.9.100.0

Support for Catalyst 9115 and 9117 access points
Support for HE PHY layer (and new MCS rates)

8.8.130.0

No new features

8.8.125.0

No new features

8.8.120.0

Support for -P domain
Support for Bluetooth Low energy (BLE) USB dongles
Wave 2 APS (1560/2800/3800) - Workgroup Bridge image software
4000 WLANs support on WLCs (through "config wlan 4k-ssid enable")
Mobility Express : Mesh (Flex+Bridge) support
Mobility Express : Mdns policy

8.8.111.0

Wave 2 APs - Local switching of rlan traffic supported even when AP is in Local Mode

8.8.100.0

Wave 2 APs - Flex+Bridge support
Wave 2 APs - VxLAN AP Infra for eCA on 4800
Wave 2 APs - USB port of APs 2800/3800/4800/1852 can be enabled to power an external USB device
Wave 2 APs - Support for syslog facility
Wave 2 APs - Support for '| include <string>' for all show commands
Wave 2 APs - Command to show client exclusion list on Flex APs (#show flexconnect client exclusion-list)
Wave 2 APs - Ability to disable AP fallback to DHCP when configured for static IP address
Wave 2 APs - AP able to get time from network
Wave 2 APs - Improved sniffer mode for Layer 1 information
Wave 2 APs - Abitlity to filter debug traffic based on source/destination IP (#debug traffic wired filter...)
Wave 2 APs - Ability to export capture as .pcap (#copy tmp APname_capture.pcap0 tftp...)
Wave 2 APs - Ability to clear ap trace logs (#config ap client-trace clear)
Wave 2 APs - Debug to check UP value for client downstream (#debug capwap client qos)
Wave 2 APs - Log number of deauths sent by AP (#show dot11 clients deauth)
Wave 2 APs - Log number of consecutive TX fails (#show controllers dot11radio 0/1 client aa:bb:cc:dd:ee:ff)
Wave 2 APs - Ability to see rate per client on client tracing (#debug dot11 client rate address aa:bb:cc:dd:ee:ff)
Wave 2 APs - Client count statistics (#show client summary)
Wave 2 APs - Changes in legacy/High Throughput (HT)/Very High Throughput (VHT) capabilities advertisements
Wave 2 APs - Improved show dot11 interface dot11radio 0/1 statistics output
Wave 2 APs - Ability to conver AP 2800/3800 into sensers
Wave 2 APs - Support for RLAN local switcing on AP 1815W
Wave 2 APs - NTP support
Wave 2 Fabric - IPv6 Domain Name System (DNS) Access Control Lists (ACLs)
Wave 2 Fabric - Post-auth IPv6 ACL support
Dynamic Host Configuration Protocol (DHCP) internal server on Root AP (RAP) (Flex+Bridge AP mode)
Network Address Translation / Port Address Translation (NAT/PAT) on RAP (Flex+Bridge AP mode)
Splash page configuration per AP group (So same SSID can have multiple splash pages)
Dynamic Policy Enforcement / Usage Monitoring
Ethernet over Generic Routing Encapsulation (EoGRE) Virtual Local Area Network (VLAN) overriden withing the WLAN
Internet Protocol security (IPSec) encryption for High Availability (HA)
Address Space Layout Rendomisation (ASLR) Support
Network Based Application Recognition (NBAR) update to engine 31 and protocol pack 33.0
Webhook
Default Differentiated Services Code Point (DSCP) marking per Application Visibility and Control (AVC) profile
Debug arp added to debug client
Debug commands for bonjour/mDNS added (debug mdns client, shows mdns query stats, test mdsn)
Ability to see conifguration history (show logging config-history)
Ability to Small Form-Factor Pluggable (SF) transceiver information (show port sfp-info)
Identity PSK peer2peer blocking
Platform information added at the begining of every debug session
Command to see dhcp/http profiling history (show profiling { client | history }
Ability to enable/disable Network Mobility Services Protocol (NMSP) port (config nmsp service enable/disable)
Support to transfer upload of yang bundle through graphic interface
Client count per radio per wlan (show client ap { 802.11a | 802.11b } <ap-name>)
Netflow can no longer be enabled if AVC is disabled on the WLAN.

8.7.102.0

Wave 2 APs - Support for FlexConnect Passive Client support
Wave 2 APs - Support for FlexConnect Proxy Address Resolution Protocol (ARP)
Wave 2 APs - Support for FlexConnect limit clients per radio / WLAN
Wave 2 APs - Support for FlexConnect VLAN name Authentication, Authorization, and Accounting (AAA) override
Wave 2 APs - Support for FlexConnect IPv6 ACL for or web authentication
Wave 2 APs - Support for Management Frame Protection (MFP) (Not supported on 1800 series APs)
Wave 2 APs - Support for Wired 802.1x Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) and Protected EAP (PEAP)
Wave 2 APs - Support for Bluetooth Low Energy (BLE) management
Wave 2 APs - Support for Remote LAN (RLAN) on Aux port
Wave 2 APs - Support for DHCP Opt 60
Wave 2 APs - Support to use wildcard to delete or copy multiple files from AP
Wave 2 APs - Command available to clear counters on show controller (#clear counters [ dot11radio | client ])
FlexConnect IPv4 pre-auth DNS ACLs
Hyperlocation module support for multiple Connected Mobile Experience (CMX) connections
WLC only forward probing client Received Signal Strength Indication (RSSI) data if CMX is opted
Client statistics forwad based on CMX AP group subscription
Daisy Chain support for AP 1560 and 1542I/D
CleanAir with BLE Beacon disabled by default
Custom Support configuration of Receiver Start of Packet (RX-SOP) values configurable through RF profiles
AP 1562 backhaul speeds on 2.4GHz increased
Support for local mac address authentication and Central Web Authentication (CWA)
Selective client packet capture support for AP 2800/3800
Web authentication scaling improvements for Hypertext Transfer Protocol Secure (HTTPS) redirection
Improved radar detection
HA monitor includes serial number and fan status of standby WLC
TCP Adjust MSS is now also supported for Flexconnect APs and fabric mode APs

8.6.101.0

Beacon Point Module Support
Custom Network access server identifier (NAS-ID) for Remote Authentication Dial-In User Service (RADIUS) accounting
Minimum interval time for volume metering
Maximum number of characters of password increased from 24 to 127
Network Time Protocol (NTP) version 4 support
Support for Secure Shell (SSH) standard login interface
EoGRE deployment with multiple Tunnel Gateways (TGWs) enhancements
DHCP Option 82 for EoGRE Tunnel in Cisco Wave 2 APs
Upgrade of Access Points (APs) and Wireless LAN Controller (WLC) software with rolling AP upgrade with Prime Infrastructure 3.3
Wave 2 APs - Support for wired 802.1x
Wave 2 APs - Spectrum Intelligence
Wave 2 APs - CMX FastLocate
Mesh Leaf Node Support on IR829 AP803 and IW3700

8.5.103.0

Support for WLC 3504
Support for APs 1540, 1815m and 1815t
Monitor support for APs 1540, 1560, 1810OEAP, 1810W, 1815, 1850 and 1830.
Support for APeX
EoGRE tunnel failover
Identity Pre-Shared Key (PSK)
CNAME - IPv6 Support (PreAuth ACLs with IPv6)
2800/3800 - Support for Client-Awre Flexible Radio Assignment (FRA)
Wave 2 APs - Spectrum Expert Support
Wave 2 APs - Support for Mobile Concierge
Wave 2 APs - Addition of command show controllers dot11radio 0/1 antenna
Wave 2 APs - Addition of command show controllers dot11radio 0/1 client <mac>
Wave 2 APs - Collection of support bundle (copy support-bundle { scp: | tftp: })
Wave 2 APs - Log history for radio reset (show history interface dot11radio { 0 | 1 } { reset | radar })
Wave 2 APs - Support for IPv6 PnP (Plug-n-Play)
Dynamic Link Exchange Protocol Client Support (DLEP) on WGB
Transmission Control Protocol - Maximum Segment Size (TCP MSS) enabled by default with value of 1250
GUI option to retrieve support bundle
Apple Device and Identity Service Engine (ISE) RADIUS best practices added to monitor page
IPv6 ping test from monitor page
IW3702 - Support for Air Time Fairness in local and FlexConnect modes
IW3702 - RX-SOP via CLI
Fabric Enabled Wireless
Support for HA N+1 on Virtual Wireless LAN Controller (vWLC)
ISE - Support for Guest Originating URL

8.4.100.0

Support for AP 1815
Support for AP 1815M
Support for AP 1542I/D
Guest User Management - Client Allow-listing
Domain Based Filter ACL
ISE Simplification - Day0 RADIUS ISE default configuration
ISE Simplication - Default RADIUS configuration for ISE server
ISE Simplification - Default Wireless Local Area Network (WLAN) configuration for ISE server
Captive portal bypass per Service Set Identifier (SSID)
Client exclusion due to 802.1x timeout
IPv6 support on 802.11ac Wave 2 APs
AP EoGRE support on 802.11ac Wave 2 APs
FlexConnect NAT/PAT support for central DHCP on 802.11ac Wave 2 APs
Flexconnect AAA Quality of Service (QoS) override per client support on 802.11ac Wave 2 APs
TrustSec enhancements
Cisco Umbrella WLAN - OpenDNS support
WeChat authentication
FlexConnect - AP Easy Admin
vWLC on Hyper-v support
Flexconnect IPv6 EoGRE Tunnel support
Support for HA N+1 on Virtual WLC (vWLC)
Mesh mode and Mesh ethernet bridging support on AP 1560
Remote LAN support on wired ports of AP 702W
Support for Cisco Hyperlocation in HA Environment
Link Aggregation (LAG) in Transition support
Parallel Redundancy Protocol Enhancement on AP and WGB
Support for NBAR2 Protocol Pack 19.1.0 (Optionally can upgrade to 24.0.0)
No more support for APs 600, 1550, 1040, 1140 and 1260
Ability to disable syslog server per AP and/or global
Option to disable webauth sucess page
Show command for the redundant port (RP port)
Ability to add AVC profile with fastlane enabled
TPCv1 Channel Aware Mode

8.3.111.0

Support for AP 1560 (Local mode only)
Support for AP 1815i
Support for up to 4 clients (mac address) on wired ports for APs 1810 and 1810W
Temporal Key Integrity Protocol (TKIP) support for APs 2800/3800
Adaptive 802.11r
QoS FastLane
Radio Frequency IDentification (RFID) and Wi-Fi tag support
Support for up to 512 local policies (64 before)
Local AAA database increased to 12000 (2048 before)
Federal Information Processing Standard (FIPS) - Support for Data Datagram Transport Layer Security (DTLS) 1.2 for AP-WLC Control and Provisioning of Wireless Access Points (CAPWAP)
FIPS - Support new GCM cipher suites for DTLS
FIPS - New 802.11 encryption modes
FIPS - Simple Certificate Enrollment Protocol (SCEP) over HyperText Transfer Protocol over HTTPS support for Locally Significant Certificate (LSC)
FIPS - IPsec configuration is profile-based
FIPS - Syslog over IPsec support
FIPS - IKEv1/IKEv2 supported
FIPS - Certificate Signing Request (CSR) generation by WLC
FIPS - Support for TLSv1.2 webadmin and webauth independent configuration
FIPS - Different CMX server Certificate authority (CA) certificate
FIPS - Support for CMX connectivity with TLSv1.2

8.3.102.0

Upgrade with extra image and installation procedure (for APs 802, 1550 and 1570)
CMX cloud connector
URL domain filtering
Support for -M regulatory domain in AP Industrial Wireless Local Area Network (IWLAN) 3700
Support to enable Network Admission Control-RADIUS (NAC-RADIUS) on Pre-Shared Key (PSK) wireless network with CWA
Foreign send called-stationID & Calling-stationID to anchor on web authentication
Simple Network Management Protocol (SNMP) over IPSec supported over IPv6 interfaces
SNMP traps over IPSec supported over IPv6 interfaces
Support for ap-mac-ssid-ap-group called-stationID
EoGRE - IPv6 support
EoGRE - Support on WLANs for internal web authentication and WPA2-PSK
WGB Downstream Broadcast on Multiple VLAN
FlexConnect - Support TrustSec
FlexConnect - Default FlexConnect group
FlexConnect - AP only joins CAPWAP multicast group if it has a centrally switched WLAN
PnP and Complex Programmable Logic Device (PLD) programmability
Mesh Off Channel background Scanning
OfficeExtended AP (OEAP) mode on Wave 2 802.11ac APs
Log of a Radio reset event
Link Layer Discovery Protocol (LLDP) on recovery image
Air Time Fairness (ATF) on mesh
NBAR Engine Upgrade on AP (NBAR2 Protocol Pack 19.1.0)
Application Policy Infrastructure Controller Enterprise Module (APIC-EM) PnP for 802.11ac Wave 2 APs
APIC-EM PnP for FlexConnect AP PnP
802.11k and 802.11v enabled by default
DSCP/User Priority (UP) settings based on application traffic
Fastlane support
Proxy ARP support on FlexConnect Local Switching 802.11ac Wave 2 APs.

8.2.151.0

TKIP Support for APs 1810/1830/1850/2800/3800

8.2.141.0

Command to Configure Smart Dynamic Frequency Selection (DFS) (config 802.11h smart-dfs {enable | disable})

8.2.110.0

Support for AP 2800
Support for AP 3800
Support for AP 1810(W)
Support for AP -B domain
FRA
Fine QoS configuration
Wired client Single Sign On (SSO)
Graphical User Interface (GUI) Service Port SSO
WLC Service Port support with SSO enabled
Support of regulatory domain -K for Malaysia
FlexConnect mode support on APs 1800/2800/3800
Default RADIUS fallback set as passive

8.2.100.0

Test AAA RADIUS command
Dynamic Management User Login via AAA Server
Custom (HyperText Transfer Protocol) HTTP Port for Profiling
Rogue Client Information Detection for Auto Switch Port Trace (SPT)
Large Scale Virtual WLC (vWLC)
Smart Licensing
Regulatory Domain -S change
NBAR and Netflow Updates (Pack 14.0)
WLC Netflow Enhancement
Chromecast service on Multicast Domain Name System (mDNS) default database
Mesh - 2.4 GHz mesh backhaul for Israel
Mesh - Removal of Support for RX-SOP from Mesh Backhaul
Mesh - PSK provision support for Mesh Networks
Layer 3 (L3) Interfaces for tunneling protocols (GRE tunnels)
ATF Phase 2
Wireless Intrusion Prevention System (wIPS) support for 40/80 (MegaHertz) MHz and transmit capability
AP Provisioning PnP
Passpoint 2.0 R2 Certification
Enhanced wIPS Support for Hyperlocation Module with Advanced Security
WLC 5520/8510/8540 - Support to use service port on a daily basis
WLC 5520/8510/8540 - Support Local EAP
WLC 5520/8510/8540 - Support Wired Guest access
WLC 2505 - Bonjour gateway support for up to 200 instance services
Increased Channel and Transmit (Tx) Power Support for some countries
Up to 110 country codes per WLC (prior 8.2 WLC supported 20)
Support for TLSv1.2 for web authentication and WebAdmin
QoS Mapping (DSCP)
AP 3700 - Flexible Antenna port support
AP 3700 - Daisy chain is supported
Support for up to 32 RADIUS server (17 before)
Support for up to 20 URLs per ACL (10 before)
Support for learning up to 40 IP address per DNS ACL (20 before)
Configurable EAPOL-key timeout for FlexConnect Groups - local authentication

8.1.131.0

Support for hyperlocation module

8.1.122.0

ATF
Support for AP 1830

8.1.111.0

Support for AP 1850
Support for Universal Small Cell (USC) 8x18
11v - Basic Service Set (BSS) Transition Management
Dynamic Bandwidth Selection (DBS) with Flex DFS
Security Group Tag (SGT) Exchange Protocol (SXP) Support on WLC 8540 and WLC 5520
QoS Map (DSCP based)
High Speed roaming for WGB
Mesh Convergence
CLI addition - config ap cert-expiry-ignore {mic | ssc} enable

8.1.102.0

Support for WLC 5520
Support for WLC 8540
AVC for FlexConnect
FlexConnect Client debugs on AP
FlexConnect Group VLAN support
FlexConnect AAA Override of VLAN name
HA SSO (HA-SSO) - Traps for events (when WLC turns hot standby, bulk synk complete)
HA SSO - Management Information Base (MIB) to monitor standby status
HA - show redundancy peer-system { statistics | cpu | memory }
Microsoft (MS) Lync Software Defined Networking (SDN) Integration
Support for management user session accounting records
Guest-Anchor redundancy
Log source IP address on failed logins
Rogue AP validation against AAA server
Allow WLC configurable framed Maximum Transmission Unit (MTU) size for RADIUS
DNS radius feature changes
Configurable dot1x exclusion attempts (1 to 10)
Multiple User Datagram Protocol (UDP) source port support for RADIUS protocol
EoGRE on WLC
EoGRE on AP
Manage of Bluetooth Low Energy (BLE) Beacons
Faster reboot of WLC with restart instead of reset system
Dynamic Bandwidth Selection (DBS)
Flexible DFS (Dynamic frequency selection)
Event Driven-Radio Resource Management (ED-RRM) triggered by Wi-Fi interference too
Optimized roaming + 802.11v
Seamless roaming with Inter-release controller mobility (IRCM)
No more support for new mobility - Mobility Controller
Kernel-based Virtual Machine (KVM) support for vWLC
Mesh - Multi-country WLC support for mesh APs
Mesh - RRM on 5GHz RAP
TrustSec support on WLC 5520, 7510 and 8500
vWLC - by default, the WLAN is locally switched
SNMP monitor for 2ry HA-SSO controller
802.11k configuration available through GUI
Multi Regulatory Domain (Country code) WLC support for Mesh APs
FlexConnect group VLAN support override AP-specific
Support for FlexConnect AVC on vWLC

8.0.140.0

Multiple User Datagram Protocol (UDP) source port support for RADIUS protocol
Support for WLC webadmin SHA256 self-signed certificate
Logs saved in flash prior WLC reboot (show logging last-reset)
mDNS bonjour message update with PTR RR
SNMP MIBS support for rf-profile out-of-box

8.0.132.0

Support for -B domain APs
Ability to disable optimized roaming per WLAN (Disable CHD)
Default NAS-ID per AP group as none

Note: AP 1572 on -B domain is properly supported until version 8.0.135.0

8.0.120.0

Support for AP IW3702
CLI addition - config ap cert-expiry-ignore {mic | ssc} enable

8.0.110.0

Support for Universal Stock Keeping Unit SKU
Support for AP 1570
Fast SSID change enabled by default
WLC 2500 - Express setup available through AP or client connection to any port
Because of CSCur27551 SSLv3 is disabled by default
Ability to enable/disable AUX ethernet port on AP 2700
CLI command show mesh running-config <ap-name> to verify VLAN mapping for flex+bridge AP
1st client is kicked off after IP address duplication is detected

8.0.100.0

Support for AP 1700
11ac module
Support for -F domain (Indonesia)
CleanAir Express for 1600 and 1700 AP
OEAP AP602 GUI Enhancements
OEAP Link Test
OEAP - Higher priority for voice packets support (Voice QoS)
OEAP Firewall
OEAP AP602 Split Tunneling
702W (Power over Ethernet) PoE management (ability to disable PoE port)
702W VLAN tag per Ethernet port
FlexConnect VideoStream in local switching
FlexConnect - Convert AP mode from Local to FlexConnect without reboot
FlexConnect AP joins WLC's multicast group
FlexConnect proxy ARP
FlexConnect + Mesh (bridge)
Mesh - Fast Convergence
Mesh - No MAC address Authentication
vWLC support for 6,000 clients
CAPWAP data keep-alive support
Point-to-Point Protocol over Ethernet (PPPoE) client on FlexConnect AP
WLC 2500 - Wired guest access support
Vendor Specific attribute (VSA) value pairs (AVPs)
RADIUS selection by realm
HTTPS redirect
Rejection on wrong WLAN id on 802.1x SSID
Ability to change the SSID/Profile Name
Ping from dynamic interface (extended ping)
IP address included in the output of show ap summary
AP search per IP address on GUI
Add CLI show system… to monitor WLC's performance
Add CLI show run-config startup-commands
AP CLI to choose AP mode #capwap ap mode local/bridge
Add CLI show client detail displays profile/ssid name
Add CLI show ap join stats shows current real name
CLI show rogue ap summary - extended options
Ability to enable Telnet/SSH for all APs
GUI Web Color Theme
Flash AP light-emitting diodes (LEDs) via SNMP and GUI
debug client shows AP name
Ability to update Organizational Unique Identifier (OUI)/Device Profile list
11v support (Directed Multicast Service [DMS] and BSS Max Idle Period)
11r mixed mode support
DHCP opt 82, sub-option 5 and sub-option 151/152
FIPS 140-2
Specific neighbor SSID and interference AP & client detection
QinQ tag enhancement (802.1Q-in-Q VLAN tag)
Dynamic Channel Assignment (DCA) in RF profiles
RX SOP
Optimized roaming
Proxy Mobile IPv6 (PMIPv6) - FlexConnect as Mobile Access Gateway (MAG)
HA-SSO bulk sync status
HA-SSO new debugs/shows
HA-SSO Configurable keep-alive timers/retries
HA-SSO replace peer Redundancy Management Interface (RMI) Internet Control Message Protocol (ICMP) ping with UDP message
HA-SSO default gateway reachability check enhancement
HA-SSO Support for internal DHCP server
HA-SSO Support for sleeping client feature
HA-SSO support for OEAP 600 APs
HA-SSO support for 802.11ac
IPv6 support (Phase III)
IPv6 - Terminal Access Controller Access Control System (TACACS+) IPv6 support
mDNS phase 3 (ISE policies, profile enhancements, PI instant services)
AVC AAA override
AVC directional QoS
AVC integration with local profile
AVC per application, per client rate limit on WLAN
Radio monitor for 80MHz
Added regulatory domain -S for Hong Kong
Country code KR is changed to KE (for Korea)
Country code JP (for Japan) is removed
Maximum RSSI for friendly rogue Aps
Wi-Fi Protected Access/TKIP only configurable through CLI
Netflow support on 3rd party NMS
Ability to clear pmipv6 mag stats (clear pmipv6 mag stats)
AP name duing asso/reasso on debug client output
Out of the box config persistent option
CLI command to verify all certificates installed in the WLC (show certificate all)
VLAN transparent feature bridges all non-defined VLANs on flexconnect-mesh
PoE column on WLC's GUI to check AP's PoE status (WIRELESS > Access Points)
GUI support for AP Primed Joined timeout
Configurable webauth required timeout
Sleeping client support on web passthrough wLAN
Ability to clear queue-info-max stats (clear queue-info [detail <queue-id>/all/capwap/dot11/ipv6/mobility/redundancy])
iTunes home sharing removed from default mDNS list
Ability to make changes in SNMP community through GUI
Ability to disable MFP traps
Ability to disable AVC stats per GUI button
20/40/80MHz off-channel scan on serving channel
Windows 8 profile support

7.6.120.0

Support for AP 2700
Support for AP 700W
WLC 2500 - WLAN Express Setup
Band Select mid-RSSI support

7.6.100.0

Support for AP 3700
Support for AP 1530
Support for Universal Small Cell 5310 on AP 3600
DFS channels on Aps 700 -A domain
Access Control List (ACLs)
Secure Lightweight Directory Access Protocol (LDAP)
Called Station ID for Accounting
EAP timers per WLAN
Ethernet Fallback shutdown
Layer 2 (L2) ACL GUI
11h channel switch (easier CLI configuration)
Apple Captive Bypass for IOS 7
11ac configuration on HA environment
Last support for NBAR 3.7 (AVC v13)
Transmit Power Control (TPC) min/max values with bands enabled
Mesh preferred parent per GUI
Mesh LSC authentication (MAC bypass)
China -H domain migration (allow indoor use of 5150 MHz to 5350 MHz)
Mesh Daisy Chain
Can add Licenses to WLC HA SKU
WLC 2500 - Support for 1000 sleeping clients (500 previously)
WLC 5508 - Support for 1000 sleeping clients (same as before)
WiSM 2 - Support for 1000 sleeping clients (same as before)
WLC 7500 - Support for 25000 sleeping clients (9000 previously)
WLC 8500 - Support for 25000 sleeping clients (9000 previously)
WLC 8500 - Does not support new mobility
vWLC - Support for 500 sleeping clients (same as before)
HA SSO - Automatic recover from maintenance mode after network converges

7.5.102.0

Support of 802.11ac module (Wave 1) on AP 3600
Support for AP 700
Support for WLC 8500 as anchor controller
Support of SFP-10G-LR on WLC 7500
L2 ACLS
Introduced -Z domain (Australia and New Zealand)
RADIUS and TACACS+ DNS
Ping with source interface
AP's IP address in show ap summary
IP address in show client summary
Add CLI - Grep support
Wildcard support in Change Filter in GUI
Mesh APs can be pinged before they join a controller
VLAN tag on 1552 APs
Client deauthtetication through username or IPv4/IPv6
Ability to choose if local management users are Telnet capable or not
Maximum number of APs allowed per WLC
New Mobility and Mobility Controller (MC) support
HA Client SSO and Redundancy Port (RP) trough L2 switch
Internal Policy Classification Engine
Protocol Pack update capability for AVC/NBAR2
mDNS Phase II (Location Specific Services [LSS], mDNS-AP, priority mac, origin of service)
Sleeping client support
Rogue Policy per security level
Data rate selection for rogue containment
Validate rogue clients against Mobility Service Engine (MSE)
FlexConnect on stand-alone can keep performing rogue containment
Automatically assign number of APs to contain a rogue
Wildcard SSID per rogue policy
Set rogue policy to delete a rogue from WLC database
DTLS support on vWLC
AP Rate limit on vWLC
Protected Extensible Authentication Protocol (PEAP) and Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) for FlexConnect (Local Auth)
WLAN to VLAN maps for FlexConnect Groups and APs
Per client ACL on FlexConnect APs
L2ACL FlexConnect
QoS AAA Override for FlexConnect Local Switching
FlexConnect - Client load balancing support
No more support of PPPoE on FlexConnect Aps
11w on Flex and Mesh APs
PMIPv6 (Proxy Mobile IPv6) - support for CWA/external web authentication
Aeroscout removal from MSE
Rest Application Programming Interface (API) support on MSE
MSE exposes the RSSI for RFID tags
BBX (Billboard Exchange)
OEAP - split tunneling
Cisco License Manager (CLM) is no longer supported
Default 802.1p tags changed (Platinum to 5 from 6, Gold to 4 from 5, Silver 2 from 3)
Support for certificates generated using OpenSSL v1.0
CLI command show queue-info addition
Data DTLS on vWLC support
CAPWAPv6 AP multicast mode support
AAA Override QoS support
OEAP support for APs 1130,1240,1040,1140,1600,2600,3500,3600

7.4.150.0

Support for -B domain APs

7.4.140.0

Introduction of config ap cert-expiry-ignore {mic | ssc} enable

7.4.130.0

Because of CSCur27551 , SSLv3 is disabled by default

7.4.100.0

Support for AP 1600
WLC 2504 - Support for 75 Aps and 1000 clients
WLC 2504 - Support to be anchor WLC
WLC 2504 - Support for Link Aggregation (LAG)
WLC 7500 - Support for LAG
WLC 8510 - Support for LAG
AVC with NBAR2
Bonjour gateway (mDNS support - Phase I)
Support for Wireless Security and Spectrum Intelligence (WSSI) monitor module
802.1x + web authentication support
Support for pre-auth ACL to block DNS for web authenticated clients
NAS-ID per interface, WLAN or AP group
New attributes for Called station ID
Support for RADIUS creation within FlexConnect groups (CLI changed)
New TACACS+ command sets
Location name of 254 characters (AP's Location)
Support for more DHCP opt 82 attributes
SSH File Transfer Protocol (SFTP)
N+1 support with HA SKU controller
User idle timeout per WLAN
User idle threshold per WLAN
Limit connections to 11n clients only
Load balancing per ethernet port utilization
Client & tags threshold warning
wIPS Enhancements
wIPS Attack containment
Enhanced rogue containment
Support for all signatures on Enhanced Local Mode (ELM)
wIPS new signatures
Extra DHCP opt 82 attributes
Support for NetFlow protocol
Attributes for Called Station ID
802.11w - MFP
802.11k
Link Layer Discovery Protocol (LLDP) support
Global Positioning System (GPS) support for outdoor
WLAN for voice auto-config
Ability to backup 3rd party certificates from WLC
SNMP trap support for client association/disassociation

7.3.112.0

New Mobility

Note: New mobility is not supported on version 7.4. From version 7.5 and beyond it is supported.

7.3.101.0

Support for vWLC
Support for WLC 8500
Support for AP 2600
Support for AP 1552CU/EU
Support for AP802H
WLC 8510 - Support for 6000 APs
WLC 8510 - Support for 2000 FlexConnect groups
WLC 8510 - Support for 64000 clients
WLC 8510 - Support for 6000 AP groups
WLC 8510 - Support for 100 APs per FlexConnect group
WLC 8510 - Support for 4096 VLANs
WLC 8510 - Support for 24000 rogue APs and 32,000 rogue clients
WLC 7500 - Support for 6000 APs, 6400 clients, 2000 flex groups
WLC 7500 - Support for 64000 clients
WLC 7500 - Support for 2000 FlexConnect groups
WLC 7500 - Support for 6000 AP groups
WLC 7500 - Support for 100 APs per FlexConnect group
WLC 7500 - Support for 4096 VLANs
WLC 2500 - Support for 2500 rogue clients and 2000 rogue APs
WLC 5508 - Support for 2500 rogue clients and 2000 rogue APs
WLC WiSM2 - Support for 5000 rogue clients and 4000 rogue APs
WLC 7500 - Support for 32000 rogue clients and 24000 rogue APs
vWLC - support for 1500 rogue clients and 800 rogue APs
WiSM 2 - Support for 10,000 RFIDs
WLC 7500 - Support for 50,000 RFIDs
WLC 8500 - Support for 50,000 RFIDs
vWLC - Support for 3000 RFIDs
Honor based license (Right to Use [RTU] licenses)
FIPS 140-2
HA AP SSO
FlexConnect - Split tunneling
FlexConnect - 802.11r (Fast Transition) support in Central/Local switching
FlexConnect - Network Address Translation (NAT) and Port Address Translation (PAT) on locally switched WLAN
FlexConnect - PPP and PPPoE support
FlexConnect - WGB/Universal WGB support in FlexConnect Locally Switched mode
FlexConnect - Support for 802.11u (HotSpot 2.0)
FlexConnect - VLAN-based local and central switching
AP packet-dump
HTTP profiling for local and flex mode (RADIUS profiling)
Bi-directional rate limit per WLAN/User (bandwidth contract)
PMIPv6 (Proxy Mobile IPv6)
CLI to enable/disable IPv6 globally
Ability to upload the output of the show run-config to a FTP server by CLI
Can use Ethernet VLAN tag on AP
Default RF Profiles for High Density
AP group out of the box
Multicast improvement
802.11n voice Call Admission Control (CAC)
802.11n video CAC (Traffic Specification [TSPEC]-based video calls, Cius and facetime calls)
WIPS - auto SPT
11u new features (hotspot)
Local/flex/sniffer/rogue detector/monitor support for 1520 and 1550
DHCP opt 82 - Can specify the name and SSID of the AP
Ability to specify name and SSID of AP on RADIUS CallStationID
WLAN with 802.1X if MAC authentication with static Wired Equivalent Privacy (WEP) fails
Usernames are displayed in client summaries
RADIUS servers per WLAN from 3 to 6
RADIUS source interface per AP group
VLAN tagging support for CAPWAP packets
Ability to enable/disable for webauth or webauthadmin independently

7.2.110.0

Support for AP 2600
Bring your own device (BYOD) (ISE auto-provisioning)
Native Sensor DHCP Support in Local and FlexConnect mode (Device Profiling)
ISE NAC Device profiler for WLC
External Web-Auth for Local Switching FlexConnect
802.11r for AP in local mode (Fast Roaming)
AP 1520/1550 support for local and flexconnect mode
Support for tag multicast address
Support for RADIUS Client Profiling
Can upgrade from a Licensed Data Payload Encryption (LDPE) controller to a non-LDPE

7.2.103.0

FIPS
WLC 7500 support for 3000 APs (2000 before)
WLC 7500 support for 30,000 clients (20,000 before)
WLC 7500 support for 1000 FlexConnect groups (500 before)
WLC 7500 support for bandwidth central switch to 1 Gb (250 Mb before)
WLC 7500 support for 3000 OEAP (OEAP 600s)
WiSM2 support for 1000 APs (500 before)
WiSM2 support for 15000 clients (7500 before)
WiSM2 data plane of 20G (10G before)
CleanAir - Persistent Device Avoidance
CleanAir - Event-Driven Radio Resource Management (EDRRM)
CleanAir - Unclassified Interference Threshold/Trap
Rogue enhancement
Rogue - Minimum RSSI for rogue detection/classification
Rogue - Rogue detection report interval
Rogue - Transient Rogue Interval
Rogue - Rogue AP Ignore List
Wi-Fi Direct & Peer-to-Peer (P2P) Blocking
TPCv2
RF Profiles
Flexconnect - Hybrid Remote Edge Access Point (H-REAP) is called FlexConnect from this release and so on
Flexconnect - P2P Blocking
Flexconnect - FlexConnect efficient AP Upgrade
Flexconnect - FlexConnect ACLs
Flexconnect - AAA Override to Assign Dynamic VLANs
Flexconnect - Fast Roam for Voice Clients
Support for SKC (sticky key caching)
DHCP opt 82 as American Standard Code for Information Interchange (ASCII) instead of binary
Central switching mode support on WLC 7500
Adder license without reboot
Alloy QoS
Trust DSCP between AP and controller
TrustSec SXP for WLCs
IPv6 - Block of Router Advertisement (RA) from controller and AP
IPv6 address visibility per client
IPv6 - Neighbor Discovery Protocol (NDP) proxy and rate limit of IPv6 packets
IPv6 - Unknown Address Multicast Neighbor Solicitation (NS) Forwarding
Cisco Compatible Extensions version 6 (CCXv6)
Unlicensed National Information Infrastructure 2 (UNII-2) and UNII-2 extended for 1552 APs
802.11u (Hotspot 2.0)
Key Telephone System-based CAC (KTS-based CAC)
StadiumVision Multicast
Local Web Authentication / Central Web Authentication Support (LWA/CWA)
Online Certificate Status Protocol (OCSP)
Open security WLAN with EAP passthrough
Configuration of ClientLink only through CLI
Support for APs behind NAT
RFC 2869 Conformity
iWLAN AAA override - client interface/VLAN override
Mesh - Native VLAN not sent to Mesh Access Point (MAP) Ethernet port when VLAN transparent mode enabled
Mesh - Indoor mesh support for AP 3600
MSE - Virtual appliance
MSE - High availability
600 OEAP - can disable local SSID and local ports trough CLI
600 OEAP - can configure power, channel and channel width
600 OEAP - dual RLAN support
CLI command to display number of voice calls in WLC (show cac voice stats [ 802.11a | 802.11b ] <ap-name>)
Ability to disable AP HA Fallback
Ability to debug multiple mac address
Support for Captive portal bypass

7.1.91.0

Support for AP 3600

7.0.252.0

Introduction of config ap lifetime-check {mic | ssc} enable

7.0.251.2

Because of CSCur27551 , SSLv3 disable by default

7.0.220.0

Online Certificate Status Protocol (OCSP)
Introduction of show ap bundle
Introduction of config network ap-discovery nat-ip-only
Band select support on AP 1040
Clients doing passive scan can join a WLAN wit load balancing enable at first try

7.0.116.0

Support for WLC 7510
Support for WLC 2504
Support for WiSM 2
Support for interface groups
VLAN select per DHCP dirty
WLAN AAA override - client interface override
RADIUS server overwrite interface
VLAN select per foreign WLC maps (foreign maps)
VLAN select & L2/L3 multicast optimization
DHCP opt 60 + vendor name
DHCP opt 82 (AP_Eth_MAC)
Encryption of Neighbor Discovery Packet (NDP) packets
Cisco Discovery Protocol (CDP) over the air disable by default (non-mesh)
RF static group leader
Support for 100 H-REAP groups
Opportunistic Key Caching (OKC) for H-REAP groups
H-REAP Local Authentication
H-REAP groups and local radius server
H-REAP fault tolerance
Limit number of clients per WLAN
Rogue auto-containment level
wIPS with ELM
Support with ISE v1.0
Password policies (Product Security Baseline [PSB])
Roam between WLC for static-IP clients (static-ip tunneling)
Fast AP failover
WebProxy
Web Auth on MAC filter failure
Regulatory approval for Chile and Russia
Voice Diagnostic tools
Dropped channels 120, 124, 116 and 132
Mesh - preferred parent selection
Mesh - 2.4 GHz as mesh backhaul
Mesh - Universal client access
CDP over the air
Non-Cisco WGB support
Support for NTP Authentication
Ability to disable old crash files from WLC (clear crash-files...)
DHCP proxy status added to show run-config output
Ability to create more than one SSID with same security settings and differentiate them with PSK
Name of AP included in show client detail output
IGMP snooping support
WMM non-compliant U-APSD client support

7.0.98.218

Flexibility for Cisco Centralized Key Management (CCKM) max timestamp validation
WGB VLAN client feature

7.0.98.0

Support for AP 3502
WGB with multiple VLANs
Support for 500 APs in 5508
Support for 500 AP join/image download simultaneously
Video/media stream
CleanAir
Initiation Protocol - CAC (SIP CAC)
Passive clients
Spectrum Expert 4.0
Ability to set up upper and lower limits on TX power for RRM
Ability to clear internal DHCP lease
Ability to enable/disable CDP per radio interface

6.0.202.0

CLI to disable Aggregated Mac Service Data Unit (A-MSDU) per priority
Added -R regulatory domain

6.0.188.0

Band Select
Load Balancing
TPC max/min limit
AP image pre-download
Off-Channel scan defer
AP gives preference to WLC that has its same code version found on Discovery Response message
Configurable timer when AP tries to join primary/secondary/tertiary WLC (Primed Join timeout)

6.0.182.0

Support for WLC 5508
Support for 1522, 1524, 1130 and 1240 in mesh mode
Auto-Immune
Beamforming (also called ClientLink)
Login Banner File
Packet capture files when controller's data plane crashes
DCA algorithm redesigned to prevent pinning and cascading
Transmission Control Protocol - Maximum Segment Size (TCP MSS) Adjustment
Voice over IP (VoIP) Snooping (SIP voice calls)
Telnet disabled by default
GUI addition - Tx Power Control threshold
GUI addition - Radios page (Wireless > Access Point > Radios)
GUI addition - AP join stats page
GUI addition - DHCP opt82
GUI addition - Telnet-SSH configuration
GUI addition - LSC configuration
OEAP support for APs 1130 and 1140
Mesh - bridge data rate auto
Mesh - Can disable intrusion detection system (IDS) on outdoor Mesh
128-bit WEP no longer available
Before delete an ap-group all the APs need to be moved to a new group
Can specify a DNS server and AP domain on APs with static ip address
Need to enable multicast to allow IPv6 bridging
Can specify delimiter for MAC address in auth/acct access-request
Rogue detection per AP
Pico Cell configuration no longer available
MAC addresses in called-station-id and calling-station-id now as lower case
Support for 192 AP groups in 5500 WLC
AP in sniffer mode
No support for fragmented pings
40-MHz channels in 2.4GHz band
Channels 120,124 and 128 disable on -E regulatory domain APs 1131, 1243 and 1252
IPSec not supported
Rate shifting

Features Supported Prior Version 6.0

LAG
Multicast - multicast
QoS DSCP
Call Admission Control (CAC) and U-APSD
Support for IOS WGB association to LWAPP AP
AP groups
Mesh Ethernet bridging
CPU ACLs
Multiple WLANs with the same SSID
Conditional Web Redirect with 802.1x Authentication
Ability to Disable Accounting Servers per WLAN
DFS
L3 multicast roaming
EDCA for spectralink phones
RFID tags support
Broadcast enabling/disabling independent of multicast
ARP padding
MFP
Local Authentication
Load-based CAC
LDAP support
Expedited BAndwith Request support
DHCP Proxy
Mobiity - Foreign/Anchor
Mobility - Symetric tunneling
Client MFP
TACACS+ support
ACL counters
Mesh ethernet VLAN tagging
Mesh multicast mode for ethernet bridged clients (in/in-out)
Mesh multicast support for roaming L2/L3
Mesh limited voice support (indoor)
Coverage Hole Detection per WLAN
CAPWAP
Context aware
wIPS
LSC
AP Authorization

Revision History

Revision	Publish Date	Comments
1.0	03-Mar-2017	Initial Release

Contributed by Cisco Engineers

Karla Cisneros Galvan
Cisco TAC
Nicolas Darchis
Cisco TAC
Sudha Katgeri
Cisco TAC

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)