Recommended Cisco IOS XE Releases for Catalyst 9800 Wireless LAN Controllers

Available Languages

Download Options

  • PDF     (160.0 KB)
    View with Adobe Reader on a variety of devices
  • ePub     (151.8 KB)
    View in various apps on iPhone, iPad, Android, Sony Reader, or Windows Phone
  • Mobi (Kindle)     (199.6 KB)
    View on Kindle device or Kindle app on multiple devices
Updated:December 20, 2024
Document ID:214749

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

    Introduction

    This document describes guidance for you to find the most reliable Cisco IOS® XE software for Catalyst 9800 Wireless LAN Controllers (C9800 WLCs). 

    Background

    The information in this document is applicable to different form factors of C9800 WLC which includes :

    • Appliances (9800-40,9800-80,9800-L, CW9800M, CW9800H1, CW9800H2)
    • Virtual Controllers (9800-CL in private and public cloud environments)
    • Embedded Wireless Controllers on Catalyst 9000 Series switches
    • Embedded Wireless Controllers on Catalyst Access Points (EWC-AP)

    Access Point models supported by the C9800 include

    • IOS based 11ac Wave 1 Access Points  (1700/2700/3700/1572) (not in all releases)
    • COS based 11ac Wave 2 Access points (1800/2800/3800/4800/1540/1560)
    • COS based Catalyst 11ax 91xx Series Access Points (9105/9115/9117/9120/9130/9136/9164/9166)
    • Cisco Wireless 917x Series Access Points (CW9176/CW9178)

    Co-existence of AireOS WLCs with C9800 WLC is taken into account for these recommendations. The recommendations cover all the releases Cisco IOS XE software applicable to Catalyst 9800 WLCs. Typically, a newly released version (either maintenance release or new code train) is given a minimum of 6-8 weeks soak time in the field, and only if no catastrophic issues are reported, it becomes a candidate for Cisco general recommendation. These recommendations are updated as we receive feedback through internal testing, TAC cases, and so on. 

    TAC Recommended Builds

    Note:
    1) SMUs and APSPs require a Network Advantage License. For deployments with Network Essentials license,  Escalation Image that can be requested from Cisco TAC. Upgrading to an Escalation Image requires downtime.
    2) APSPs are incremental, that is each APSP version includes fixes from all previous versions of APSPs.
    3) Latest APSP is always recommended Evaluate the bugs under APSP and apply those APSPs that includes fixes for AP models in your deployment.

    IOS XE 17.16.1

    IOS XE 17.16 is a short-lived release with no MRs planned. It is important to note that IOS 17.16 does not support Wi-Fi 7 APs and does not allow IOS-based APs to join anymore. The new features supported in this release are listed in 17.16.1 Release Notes.

    IOS XE 17.15

    IOS XE 17.15 is a long-live train with several maintenance releases (MR) planned. The new features supported in this release are listed in 17.15.1 Release Notes.

    17.15.2

    IOS-XE 17.15.2 is the first maintenance release in the 17.15 release train and is the first release to support

    • WiFi7
      • Access Points (CW9176I, CW9176D1, CW9178I)
      • Multi-Link Operation (MLO) for WiFi7 APs
      • WPA3 Security Considerations
    • Global Use AP (Decoupling of AP PID/SKU from boot mode and regulatory domain)
    • Cisco Network Subscription
    • AP AnyLocate / UltraWide Band Ranging Technology

    Caution: For Flexconnect deployments with Local Switching, client roam on a webauth SSID could randomly cause client to lose reachability to its gateway. 

    17.15.1

    IOS XE 17.15.1 is the first version of the 17.15 train. For all features and hardware supported starting 17.13.1, 17.14.1, and 17.15.1, Cisco recommends you to migrate your deployment to 17.15.2

    17.15.1 contains the fix for the "regreSSHion" vulnerability on access points depicted in Cisco bug ID CVE-2024-6387 / CSCwk62269

    IOS XE 17.14.1

    Cisco IOS XE 17.14.1 is a short-lived release with no MRs planned. The new features supported in this release are listed in 17.14.1 Release Notes. This is the first release to support newer Catalyst 9800 Series WLCs

    • Cisco Catalyst CW9800M Wireless Controller
    • Cisco Catalyst CW9800H1 and CW9800H2 Wireless Controller

    For all new hardware and features supported starting 17.13.1 or 17.14.1, Cisco recommends you to upgrade to 17.15.2.

    IOS XE 17.13.1

    Cisco IOS XE 17.13.1 is a short-lived release with no MRs planned. The new features supported in this release are listed in 17.13.1 Release Notes. For all new hardware and features supported starting 17.13.1, Cisco recommends you to upgrade to 17.15.2.

    Dublin 17.12

    The new features supported in this release are listed in 17.12.1 Release Notes.Cisco recommends 17.9.6 and 17.12.4 + SMUs + APSP(latest) for DNA Advantage customers and 17.12.4 ESW13 at hidden link for DNA Essentials deployments.

    Some of the major advantages of 17.12 over 17.9 include :

    • More countries support for 6GHz
    • Possibilty to use a single WPA2+WPA3 SSID for 5 and 6GHz.
    • An RRM-based algorithm to load-balance APs across WNCd processes

    17.12.4

    Cisco IOS XE 17.12.4 is the third bug-fix release in the 17.12 train. 

    17.12.4 SMUs

    SMU_CSCwj93876 (hitless) provides fix for C9800 crash in wncmgrd due to a slow memory leak when one or more NMSP connections exist to Catalyst Center or Cisco Spaces.

    SMU_CSCwm33207  (requires WLC reload) provides fix for two known defects on SDA Wireless deployments that impact 17.12.4 and 17.9.5

    • CSCwj04031 SDA Wireless: WLC forces SGT to 0 when the client releases IPv6 link-local address.
    • CSCwk81268 Crash due to ipv6 buffer overrun when client ipv6 address removal happens in a larger number.

    SMU_CSCwi78109 (requires WLC reload) proides fix for C9800 WebUI becomes unusable and syslog reflect these error message %CLI_AGENT-1-NVGEN_ERR: Error while processing NVGEN command.

    17.12.4 APSP4

    17.12.4 APSP4 includes fix for

    CSCwj84554  IOx application failure Failed to create controller cpu for group

    CSCwm65107 9130 AP crash due to OOM

    CSCwk12169 9120 AP fails to ACK clients connected in 5G slot CS00012351537

    CSCwj60401 IE3300: Catalyst AP negotiate only 30W

    CSCwi84945 Werfen GEM Hemochron 100 Clinical Device is unable to associate to C9130

    CSCwm08044 APs unable to upgrade without a power cycle : Error: unlzma: write: No space left on device

    CSCwk98117 9166DAPs unable to transmit NDP packets over the air (SF 07357811)

    CSCwm07499 91xx AP doesnt rotate awipsd.log, causing upgrade issue "tar: write error: No space left on device"

    CSCwm73271 AP COS is not sending syslog messages if the receiver is using an IPv6 address

    Previous Fixes :

    CSCwj39057 9130: Traffic loss and delays due to perceived channel utilization and interference

    CSCwj72985 Mmultiple wcpd crash during longevity test with ap in flex-LA/LS mode

    CSCwj77042 Kernel Panic at "pc : splitmac_api_add_client+0x68/0x498[umac]"SF#07186679

    CSCwj66264 Half Duplex Mismatch messages seen on mGig port of 9300, 9400 switches

    CSCwk33521 Multiple 913x/916x AP Kernel Crashes (SF 07238396)

    CSCwk58876 Multiple 9166 AP Kernel Crashes (SF 07238396)

    CSCwm13005 Router Advertisement packets from clients result in ipv6 gateway change on the Access Point

    17.12.3

    Cisco IOS XE 17.12.3 is the second bug-fix release in the 17.12 train. This is the current recommended version recommended for all deployments.

    Caution:
    1) In case you have an SD-Access deployment, be aware of CSCwj04031 : WLC forces SGT to 0 when the client releases IPv6 link-local address. Contact TAC to get a SMU patch if you are affected.
    2) For HA deployments, Ha failover could lead to config loss on C9800 WLC leasding to wireless outage. This is tracked under CSCwj73634  where config can be lost upon HA failover.

    17.12.2

    Cisco IOS XE 17.12.2 is the first bug-fix release in the 17.12 train and includes the fix for CVE-2023-20198 CVE-2023-20273 / CSCwh87343. 

    Dublin 17.11.1

    Cisco IOS XE 17.10.1 is a short-lived release with no MRs planned. See 17.11 EoL Bulletin. The new features supported in this release are listed in 17.11.1 Release Notes. For all features and hardware supported starting 17.10.1 or 17.11.1, Cisco recommends 17.9.6 and 17.12.4 + SMUs + APSP(latest) for DNA Advantage customers and 17.12.4 ESW13 at hidden link for DNA Essentials deployments.

    Dublin 17.10.1

    Cisco IOS XE 17.10.1 is a short-lived release with no MRs planned. See 17.10 EoL Bulletin .The new features supported in this release are listed in 17.10.1 Release Notes. For all features and hardware supported starting 17.10.1, Cisco recommends 17.9.6 and 17.12.4 + SMUs + APSP(latest) for DNA Advantage customers and 17.12.4 ESW13 at hidden link for DNA Essentials deployments.

    Cupertino 17.9

    Cisco IOS XE 17.9.x is a long-lived train with several MRs planned.  Cisco recommends 17.9.6 and 17.12.4+SMUs + APSP(latest) for DNA Advantage customers and 17.12.4 ESW13 at hidden link for DNA Essentials deployments.

    17.9.6

    Cisco IOS XE 17.9.6 is a bug fix release and the ecommended for use on 17.9 train. 

    Caution: For Flexconnect deployments with Local Switching, client roam on a webauth SSID could randomly cause client to lose reachability to its gateway. 

    17.9.5

    Cisco IOS XE 17.9.5 is a bug fix release, fixing all the issues covered by 17.9.4a as well as the APSPs. If you have 9162 APs, be aware of CSCwj45141 which is an issue that started in 17.9.4APSP8 

    In case you have an SD-Access deployment, be aware of Cisco bug ID CSCwj04031 : WLC forces SGT to 0 when the client releases IPv6 link-local address. Contact TAC to get a SMU patch if you are affected.

    17.9.4a

    Cisco IOS XE 17.9.4a is published to address multiple vulnerabilities in the Cisco IOS XE Software Web UI Feature described in CVE-2023-20198 CVE-2023-20273 / CSCwh87343.

    In case you have an SD-Access deployment, be aware of Cisco bug ID CSCwj04031 : WLC forces SGT to 0 when the client releases IPv6 link-local address. Contact TAC to get a SMU patch if you are affected.

    17.9.4a APSP6 (AP version: 17.9.4.201) 

    17.9.4a APSP6 includes same fixes as 17.9.4 APSP6 even though the AP version label is different than 17.9.4 APSP6. These fixes include:

    CSCwh61011 Cisco 9120 and 9115 APs unexpected disjoins from WLC and not able to establish DTLS again

    CSCwh74663 3800 not sending QoS data frames downstream due to RadarDetected flag as TRUE

    CSCwh81332 9130APs had kernel panic crashes after upgrade to 17.6.6 (regression fix for CSCwf87904

    CSCwh60483 9136I-ROW AP - Wrong temperature readings, off by 100s degrees

    CSCwf53520Cisco 1815 AP running version 17.9.2: Kernel panic crash observed

    CSCwf93992 2800 flex APs are not processing EAP-TLS fragmented packets if delay is more than 50ms

    CSCwf85025 C9166-ROW AP with country code GB,  reduces txpower after channel change causing clients to fail to connect.

    CSCwh02913AP kernel crash due to assert:"TXPKTPENDTOT(wlc)== 0" failed: file "wlc_mutx.c:4247"

    CSCwh08625 Kernel Panic on C9105, C9115, C9120 APs with PC is at _raw_spin_unlock

    CSCwf68131 C9105AXW - bad block monitoring

    CSCwf50177 C9105AXW - large number of bad blocks

    17.9.4

    Cisco IOS XE 17.9.4 is primarily a bug fix release that also adds

    • Product Analytics Support
    • ROW support for UAE

    .

    17.9.3

    Cisco IOS XE 17.9.3 is a bug fix release that also adds

    • Support for IW9167E
    • Ability to specify site load for better loadbalancing APs across Wireless Network Control daemon (WNCd) instances on the C9800
    • Reintroduces support for Wave 1 Access Points (1700/2700/3700/1572) but this support does not extend beyond the normal product lifecycle support. Features for these APs are in parity with features on 17.3 and upgrade from 17.3.x to 17.9.3 is supported for x >=4c. For more details, see the FAQ
    • Command to disable AAA Interim Accounting on the C9800

    Cupertino 17.8.1

    Cisco IOS XE 17.8.1 is a short-lived release with no MRs planned. See 17.8.1 EoL Bulletin. The new features supported in this release are listed in 17.8.1 Release Notes . For all features and hardware supported starting 17.8.1, you are recommended to migrate your deployment to 17.12.4 + SMUs + APSP (latest) for DNA Advantage customer and 17.12.4ESW13 athidden link for DNA Essentials customers.

    Note: Deployments with C9130s and C9124s, if running 17.3.3 need to upgrade to 17.3.4c before upgrading to 17.8.1

    Cupertino 17.7.1

    Cisco IOS XE 17.7.1 is a short-lived release with no MRs planned. See 17.7.1 EoL Bulletin. The new features supported in this release are listed in 17.7.1 Release Notes. For all features and hardware supported starting 17.7.1, you are recommended to migrate your deployment to 17.12.4 + SMUs + APSP (latest) for DNA Advantage customer and 17.12.4ESW13 athidden link for DNA Essentials customers.

    Caution: 17.7.1 is impacted by CSCwb13784  which prevents wave 2 and 11ax APs from joining if the path MTU drops under 1000 bytes

    Bengaluru 17.6

    Cisco IOS XE 17.6.x is a long-lived train with multiple MRs. There is only 1 more MR targeted for 17.6 train for security fixes only. Refer17.6 End of Life bulletinCisco recommends you to migrate to 17.12.4 + SMUs + APSP (latest) for DNA Advantage customer and 17.12.4ESW13 at hidden linkfor DNA Essentials customers. This is a direct upgrade. Refer Upgrade Path to 17.12.x for more details. 

    17.6.7

    Cisco IOS XE 17.6.7 is a bug fix only release. For customers unable to migrate to recommended release and need to stay on 17.6 train, Cisco recommends 17.6.7.

    Bengaluru 17.5.1

    Cisco IOS XE 17.5.1 is a short-lived release with no MRs planned. Refer 17.5 End of Life Bulletin  The list of features supported in this release are listed in 17.5 Release Notes. For all new hardware and features supported starting 17.5, Cisco recommends you migrate to 17.12.4 + SMUs + APSP (latest) for DNA Advantage customer and 17.12.4ESW13 athidden link for DNA Essentials customers.

    Bengaluru 17.4.1

    Cisco IOS XE 17.4.1 is a short-lived release with no MRs planned. Refer 17.4 End of Life Bulletin. The list of features supported in 17.4 are listed in 17.4 Release Notes. For all new hardware and features supported starting 17.4, Cisco recommends you migrate to 17.12.4 + SMUs + APSP (latest) for DNA Advantage customer and 17.12.4ESW13 athidden link for DNA Essentials customers.

    Amsterdam 17.3

    Cisco IOS XE 17.3.x is a long-lived train with several maintenance releases (MRs). 17.3 has reached End of Software Maintenance as documented in 17.3 End of Life Bulletin. The last MR for 17.3 is a psirt-only release targeted for September 2023. Cisco recommends you to migrate to 17.12.4 + SMUs + APSP (latest) for DNA Advantage customers and 17.12.4ESW13 at hidden linkfor DNA Essentials customers. This migration could require staggered upgrade, depending on 17.3.x release you are currently running. Refer Upgrade Path to 17.12.x  for more details. 

    17.3.8a

    Cisco IOS XE 17.3.8a is the last bug-fix MR in the 17.3 release train. For customers who cannot migrate to recommended release and need to stay on 17.3 train, Cisco recommends 17.3.8a.

    Amsterdam 17.2.1

    Cisco IOS XE 17.2.1 is a short lived train with no maintenance releases planned. See 17.2 End of Life Bulletin  All 17.2.x releases for C9800 are deferred.due to Field Notice FN70577  and CSCvu24770 . Cisco recommends you to migrate your deployment to 17.12.4 + SMUs + APSP (latest) for DNA Advantage customers and 17.12.4ESW13 at hidden link for DNA Essentials customers.

    Amsterdam 17.1.1

    Cisco IOS XE 17.1.1 is a short-lived release with no maintenance planned. See 17.1 End of Life - Bulletin. All 17.1.x releases for C9800 are deferred.due to Field Notice FN70577  and CSCvu24770 . Cisco recommends o migrate your deployment to 17.12.4 + SMUs + APSP (latest) for DNA Advantage customers and 17.12.4ESW13 at hidden link for DNA Essentials customers.

    Gibraltar 16.x

    Cisco IOS XE 16.10.1 is the first release of Cisco IOS XE software that officially supports Catalyst 9800 SKUs (Appliances: 9800-40, 9800-80; 9800 on private/public cloud; 9800-CL, as well as 9800 software on Catalyst 9300 Switches) and is currently end-of-life ( EoL ). Since two releases were published for 16.x release train - 16.11.1 (EoL) and 16.12.1 (EoL). Cisco IOS-XE 16.12.1 was the first long-lived traing for C9800 WLCs which added support for 9800-L, 9800-CL on Google Cloud and Embedded Wireless Controller on Catalyst Access Point (EWC-AP), among other features.

    16.12.8

    This is the last maintenance release (MR) in the 16.x train. Cisco recommends you to migrate your deployment to 17.12.4 + SMUs + APSP (latest) for DNA Advantage customers and 17.12.4ESW13 at hidden linkfor DNA Essentials customers, via 17.3.7 and 17.9.x. This migration requires staggered upgrade. Refer Upgrade Path to 17.12.x  for more details. 

    Field Programmable (FPGA) Firmware on Hardware 9800 WLC

    On physical Catalyst 9800 WLCs (9800L, 9800-40, 9800-80), besides IOS-XE, there are two other pieces of code that can be upgraded. 

    • ROM Monitor (ROMMON) -  It is the bootstrap program that initializes hardware and boots the IOS-XE software on the C9800 appliance.  You can check the ROMMON version running on your appliance by executing this command. 
    #show rom-monitor chassis {active | standby} R0
    • PHY - It refers to physical layer, specifically, the Shared Port Adapter (SPA) module that supports the front end distribution and uplink ports on C9800 appliances. You can view the PHY version running on your appliance by executing this command.
    #show platform hardware chassis active qfp datapath pmd ifdev | include FW

    New firmware is typically released to protect the health of the system (temperature sensors, fan, power supply and so on) and to address problems with data forwarding ina nd out of the physical ports. Cisco recommends upgrading to latest FPGA firmware available.  Upgrade Procedure along with the specific defects that for which new firmware was released if documented at Upgrade C9800 FPGA. Table 1 lists the version for each platform.

    ROMMON Ethernet PHY Fiber PHY

    9800-L-F

    16.12(3r)

    N/A

    17.11.1

    9800-L-C

    16.12(3r)

    17.11.1

    N/A

    9800-40

    17.7(3r)

    N/A

    16.0.0

    9800-80

    17.3(3r)

    N/A

    16.0.0

    High Availability Software Maintenance on 9800 WLC

    C9800 provides multiple features that ensure availability during software maintenance phase of the deployment lifecycle. These include In-Service Software Upgrade (ISSU), Rolling AP upgrade, Hot and Cold Patch to address WLC defects or psirts, AP patches to address AP specific fixes as well as to support newer AP models on existing controller code. 

    ISSU

    ISSU support was introduced in 17.3.1 and is limited to long-lived releases (17.3.x, 17.6.x, and 17.9.x). That is, ISSU works

    1. Within long-lived major releases , for example, 17.3.x to 17.3.y, 17.6.x to 17.6.y, 17.9.x to 17.9.y
    2. Between long-lived major releases , for example, 17.3.x to 17.6.x, 17.3.x to 17.9.x

    Note: This is limited to two long-lived releases after the current supported long-lived release.

    ISSU is NOT supported

    1. Within minor releases of short-lived release trains, for example 17.4.x to 17.4.y or 17.5.x to 17.5.y 
    2. Between minor and major releases of short-lived release trains, for example 17.4.x to 17.5.x 
    3. Between long-lived and short-lived releases 17.3.x to 17.4.x or 17.5.x to 17.6.x.

    Software Maintenance Upgrade (SMU) Patch

    C9800 supports both Cold and Hot Patching which enables bug fixes to be provided as a Software Maintenance Upgrade (SMU) file.  

    • Hot Patch -  System reload is not required meaning WLC and APs continue to operate. In case of 9800 Stateful Switchover (SSO) pair, SMU install process applies the patch to both chassis.
    • Cold Patch -  System reload is needed for Cold Patch. In case of 9800 SSO pair, cold patch can be applied without downtime. 

    Access Point Service Pack

    Fixes for software defects on Access Points (APs) can be delivered via Access Point Service Packs. This requires reload of the APs but not of the 9800 WLC. 

    Access Point Device Pack

    Support for newer AP models is made available on existing WLC code, without needing WLC code upgrade. This AP only supports  the features available in existing WLC code.

    Guidelines and Requirements 

    1. SMU patches are only generated for long-lived releases like 16.12, 17.3, 17.6, 17.9 and so on after their MD release.
    2. SMUs can only be applied on 9800 WLC running Network Advantage License at the minimum. Refer Wireless Features Matrix for different Licenses 
    3. SMUs that are applicable to most deployments, are posted to cisco.com for customers to download on their own. 
    4. SMU or a patch is not possible for all bug fixes. Code changes involved in the bug fix typically determine the patchability.
    5. Applicability of SMU is evaluated on a per-defect basis. If your C9800 qualifies for an SMU patch, based on its licensing and you need an SMU for a specific defect, please engage Cisco Technical Assistance Center (TAC) to get the bug evaluated. 

    Refer C9800 WLC Patching Guide for more details on these capabilities.

    Cisco.com Location of SMUs, APSP and APDP images for different 9800s

    Step 1. Navigate to Downloads Home, and search for 9800 in the search bar for Select a Product, choose 9800 form factor applicable to you.

    SDS-search for 9800

    Step 2. From Software Type menu, choose SMU or APSP or APDP as needed.

    9800-SMU-APSP-APDP

    Note for Software Defined Access (SDA)

    Always refer to the SDA Compatibility Matrix for code combination recommendations that work best for SDA. It lists specific combinations of code on Cisco DNA Center, the Identity Service Engine (ISE), switches, routers and Wireless LAN Controller codes that have been tested by the SDA Solution Test team at Cisco.

    Inter Release Controller Mobility (IRCM)

    • IRCM is not supported with 2504/7510/vWLC Controllers and only supported with 5508/8510/5520/8540/3504 platforms.
    • For Inter-Release Controller Mobility (IRCM) compatibility with AireOS WLCs,
      • TAC recommends AireOS 8.10.196.0 for all deployments.
      • For deployments with older WLCs or Access Points in their environment, which cannot be upgraded past AireOS 8.5, TAC recommends 8.5.182.109 (8.5.182.111 for 3504s)   IRCM code.

    Note:Not all 8.5 code versions support IRCM. 8.5 IRCM versions available on cisco.com include 8.5.164.0, 8.5.164.216, 8.5.176.0, 8.5.176.1. 8.5.176.2, 8.5.182.104.

    For AireOS recommended code, please refer to:

    https://www.cisco.com/c/en/us/support/docs/wireless/wireless-lan-controller-software/200046-tac-recommended-aireos.html

    Features supported On Catalyst 9800 Series Wireless LAN Controllers

    Release Notes

    Cisco IOS XE Wireless Feature List per Release

    AireOS to Cisco IOS XE feature Comparison Matrix

    Flexconnect Feature Matrix for wave2 and 11ax Access Points

    Revision History

    Revision Publish Date Comments
    29.0
    20-Dec-2024
    Added a mention of 17.16.1
    28.0
    12-Dec-2024
    Updated recommendation to 17.9.6 and 17.12.4 + SMUs + APSP or 17.12.4 ES
    27.0
    11-Dec-2024
    Updated recommended releases
    26.0
    06-Aug-2024
    Updated for 17.15
    25.0
    09-Jul-2024
    Added 17.6.7 in the mentions.
    24.0
    22-Jun-2024
    Added 17.12.3 recommendation
    23.0
    08-Apr-2024
    Added 17.9.5 recommendation
    22.0
    27-Feb-2024
    Added 17.13
    21.0
    20-Feb-2024
    Added 17.9.5 and 17.6.6
    20.0
    28-Nov-2023
    Updated recommendation to 17.9.4 + SMU_CSCwh87343 + APSP (as needed) OR 17.9.4a + APSP(as needed)
    19.0
    31-Oct-2023
    Updated recommendation to 17.9.4 + APSP2 + SMU_CSCwh87343
    18.0
    24-Oct-2023
    Updated 17.9.4a and 17.9.4 SMU for Cisco IOS XE Software Web UI Feature described in CVE-2023-20198 CVE-2023-20273
    17.0
    05-Oct-2023
    Updated recommendation to 17.9.4 + APSP2 (17.9.4 SMU applicable only for subset of deployments)
    16.0
    29-Sep-2023
    Updated recommendation to 17.9.4 + SMU + APSP2
    15.0
    01-Sep-2023
    Added 17.12
    14.0
    12-May-2023
    Recommendation updated to 17.9.3
    13.0
    20-Mar-2023
    Recommendation updated to 17.6.5
    12.0
    23-Jan-2023
    Added 17.10/17.9.2
    11.0
    23-Sep-2022
    Recommendation updated to 17.6.4 and added details on 17.9.1 and FN72424
    10.0
    31-Mar-2022
    Updated recommendation to 17.3.5a+SMU with caution for all releases impacted by CSCwb13784
    9.0
    14-Feb-2022
    Fixed typo.
    8.0
    05-Dec-2021
    updated recommendation to 17.3.4c and 17.6.2 Added EoL notices Added note on ISSU and firmware upgrade
    7.0
    04-Nov-2021
    updated bug fix ES
    6.0
    14-Oct-2021
    added note son APSP/SMU + detailed the recommendation some more
    5.0
    27-Sep-2021
    Add apsp link for 9105/9115/9120
    4.0
    19-Sep-2021
    added CSCvz56650 note
    3.0
    18-Sep-2021
    added links to APSP/SMU
    2.0
    01-Sep-2021
    Added 17.6.1 release Updated recommendation to 17.3.3ES10 Listed bugs impacting 17.3.4
    1.0
    16-Aug-2019
    Initial Release
    TAC Authored

    Contributed by Cisco Engineers

    • Cisco Wireless TAC
    • Cisco Wireless BU

    Was this Document Helpful?

    FeedbackFeedback

    Contact Cisco

    This Document Applies to These Products