Release Notes for Cisco Embedded Wireless Controller on Catalyst Access Points, Cisco IOS XE Gibraltar 16.12.x
Introduction to Cisco Embedded Wireless Controller on Catalyst Access Points
The Cisco Embedded Wireless Controller on Catalyst Access Points is a version of the Cisco IOS XE-based controller software on Catalyst access points. In this solution, a Catalyst access point (AP) that is running the Cisco Embedded Wireless Controller on Catalyst Access Points software, is designated as the primary AP. Other APs, referred to as subordinate APs, associate to this primary AP.
The Cisco Embedded Wireless Controller on Catalyst Access Points provides enterprise-level WLAN features while maintaining operational simplicity and affordability. This solution is targeted at small and medium-sized business (SMB) customers or distributed enterprises, and can be run at single site deployments.
-
The controllers come with high availability (HA) and seamless software updates. This keeps your services on always, both during planned and unplanned events.
-
The deployment can be managed using a mobile application, Cisco Digital Network Architecture (DNA) Center, Netconf/Restconf, web-based GUI, or CLI.
What's New in Cisco IOS XE Gibraltar 16.12.8
There are no new features in this release.
What's New in Cisco IOS XE Gibraltar 16.12.7
There are no new features in this release.
What's New in Cisco IOS XE Gibraltar 16.12.6a
There are no new features in this release.
What's New in Cisco IOS XE Gibraltar 16.12.5
There are no new features in this release.
What's New in Cisco IOS XE Gibraltar 16.12.4a
There are no new features in this release.
What's New in Cisco IOS XE Gibraltar 16.12.3
There are no new features in Cisco IOS XE Gibraltar 16.12.3 release.
Supported Cisco Access Point Platforms
The following Cisco access points are supported in the Cisco Embedded Wireless Controller on Catalyst Access Points network. Note that the APs listed as primary APs can also function as subordinate APs.
|
Primary AP |
Subordinate AP |
|---|---|
|
Cisco Catalyst 9115 Series Cisco Catalyst 9117 Series Cisco Catalyst 9120 Series Cisco Catalyst 9130 Series1 |
Cisco Aironet 1540 Series Cisco Aironet 1560 Series Cisco Aironet 1815i Cisco Aironet 1815w Cisco Aironet 1830 Series Cisco Aironet 1840 Series Cisco Aironet 1850 Series Cisco Aironet 2800 Series Cisco Aironet 3800 Series Cisco Aironet 4800 Series Cisco Catalyst 9115 Series Cisco Catalyst 9117 Series Cisco Catalyst 9120 Series Cisco Catalyst 9130 Series |
|
Image Type |
Supported APs |
|---|---|
|
ap1g4 |
Cisco Aironet 1810 Series Cisco Aironet 1830 Series Cisco Aironet 1850 Series |
|
ap1g5 |
Cisco Aironet 1815i Cisco Aironet 1815w Cisco Aironet 1540 Series Cisco Aironet 1840 Series |
|
ap1g6 |
Cisco Catalyst 9117 Series |
|
ap1g6a |
Cisco Catalyst 9130 Series |
|
ap1g7 |
Cisco Catalyst 9115 Series Cisco Catalyst 9120 Series |
|
ap3g3 |
Cisco Aironet 2800 Series Cisco Aironet 3800 Series Cisco Aironet 4800 Series Cisco Aironet 1560 Series |
Maximum APs and Clients Supported
|
Primary AP Model |
Maximum APs Supported |
Maximum Clients Supported |
|---|---|---|
|
Cisco Catalyst 9105 AWI |
50 |
1000 |
|
Cisco Catalyst 9115 Series |
50 |
1000 |
|
Cisco Catalyst 9117 Series |
50 |
1000 |
|
Cisco Catalyst 9120 Series |
100 |
2000 |
|
Cisco Catalyst 9130 |
100 |
2000 |
 Note |
If 25 to 100 APs have joined the EWC network, the maximum clients on the EWC internal AP is limited to 20. |
Compatibility Matrix
The following table provides software compatibility information:
|
Cisco Embedded Wireless Controller on Catalyst Access Points |
Cisco ISE |
Cisco CMX |
Cisco DNA Center |
|---|---|---|---|
|
Gibraltar 16.12.x |
2.6 2.4 2.3 |
10.6.2 10.6 10.5.1 |
1.3.3.0 |
Supported Browsers and Operating Systems for Web UI
Note |
The following list of Supported Browsers and Operating Systems is not comprehensive at the time of writing this document and the behavior of various browser for accessing the GUI of the EWC is as listed below. |
|
Browser |
Version |
Operating System |
Status |
Workaround |
|---|---|---|---|---|
|
Google Chrome |
77.0.3865.120 |
macOS Mojave Version 10.14.6 |
Works |
Proceed through the browser warning. |
|
Safari |
13.0.2 (14608.2.40.1.3) |
macOS Mojave Version 10.14.6 |
Works |
Proceed through the browser warning. |
|
Mozilla Firefox |
69.0.1 |
macOS Mojave Version 10.14.6 |
Works only if exception is added. |
Set the exception. |
|
Mozilla Firefox |
69.0.3 |
macOS Mojave Version 10.14.6 |
Works only if exception is added. |
Set the exception. |
|
Google Chrome |
77.0.3865.90 |
Windows 10 Version 1903 (OS Build 18362.267) |
Works |
Proceed through the browser warning. |
|
Microsoft Edge |
44.18362.267.0 |
Windows 10 Version 1903 (OS Build 18362.267) |
Works |
Proceed through the browser warning. |
|
Mozilla Firefox |
68.0.2 |
Windows 10 Version 1903 (OS Build 18362.267) |
Works |
Proceed through the browser warning. |
|
Mozilla Firefox |
69.0.3 |
Windows 10 Version 1903 (OS Build 18362.267) |
Works only if exception is added. |
Set the exception. |
|
Google Chrome |
78.0.3904.108 |
macOS Catalina 10.15.1 |
Does not work |
NA |
Upgrading the Controller Software
This section covers the various aspects of upgrading the controller software.
For information on upgrading the controller software, see the "Software Management" section in the Cisco Embedded Wireless Controller on Catalyst Access Points Online Help. For information on performing an image upgrade using CLI steps, see the Initiating Pre-Download (CLI) section.
Note |
Before converting from CAPWAP to embedded wireless controller (EWC), ensure that you upgrade the corresponding AP with the CAPWAP image in Cisco AireOS Release 8.10.105.0. If this upgrade is not performed, the conversion will fail. |
Finding the Software Version
The following table lists the Cisco IOS XE 16.12.x software for Cisco Embedded Wireless Controller on Catalyst Access Points.
Note |
An AP that joins the Embedded Wireless Controller (EWC) network, should already be running the software Version 8.10.x or later, or Version 16.12.x or later. If this is not the case, upgrade the AP with either of these options before the AP joins the EWC network. |
Choose the appropriate AP software based on the following:
-
Cisco Embedded Wireless Controller on Catalyst Access Points software to be used for converting the AP from an unified wireless network CAPWAP lightweight AP to a Cisco Embedded Wireless Controller on Catalyst Access Points-capable AP (primary AP)
-
AP software image bundle to be used either for upgrading the Cisco Embedded Wireless Controller on Catalyst Access Points software on the primary AP or for updating the software on the subordinate APs or both
Prior to ordering Cisco APs, see the corresponding ordering guide for your Catalyst or Aironet access point.
|
Primary AP |
AP Software for Conversion from CAPWAP to Cisco EWC |
AP Software Image Bundle for Upgrade |
AP Software in the Bundle |
|---|---|---|---|
|
Cisco Catalyst 9115 Series |
C9800-AP-universalk9.16.12.8.zip C9800-AP-universalk9.16.12.7.zip C9800-AP-universalk9.16.12.6a.zip C9800-AP-universalk9.16.12.5.zip C9800-AP-universalk9.16.12.4a.zip C9800-AP-universalk9.16.12.3.zip C9800-AP-universalk9.16.12.2s.zip |
C9800-AP-universalk9.16.12.8.zip C9800-AP-universalk9.16.12.7.zip C9800-AP-universalk9.16.12.6a.zip C9800-AP-universalk9.16.12.5.zip C9800-AP-universalk9.16.12.4a.zip C9800-AP-universalk9.16.12.3.zip C9800-AP-universalk9.16.12.2s.zip |
ap1g7 |
|
Cisco Catalyst 9117 Series |
C9800-AP-universalk9.16.12.8.zip C9800-AP-universalk9.16.12.7.zip C9800-AP-universalk9.16.12.6a.zip C9800-AP-universalk9.16.12.5.zip C9800-AP-universalk9.16.12.4a.zip C9800-AP-universalk9.16.12.3.zip C9800-AP-universalk9.16.12.2s.zip |
C9800-AP-universalk9.16.12.8.zip C9800-AP-universalk9.16.12.7.zip C9800-AP-universalk9.16.12.6a.zip C9800-AP-universalk9.16.12.5.zip C9800-AP-universalk9.16.12.4a.zip C9800-AP-universalk9.16.12.3.zip C9800-AP-universalk9.16.12.2s.zip |
ap1g6 |
|
Cisco Catalyst 9120 Series |
C9800-AP-universalk9.16.12.8.zip C9800-AP-universalk9.16.12.7.zip C9800-AP-universalk9.16.12.6a.zip C9800-AP-universalk9.16.12.5.zip C9800-AP-universalk9.16.12.4a.zip C9800-AP-universalk9.16.12.3.zip C9800-AP-universalk9.16.12.2s.zip |
C9800-AP-universalk9.16.12.8.zip C9800-AP-universalk9.16.12.7.zip C9800-AP-universalk9.16.12.6a.zip C9800-AP-universalk9.16.12.5.zip C9800-AP-universalk9.16.12.4a.zip C9800-AP-universalk9.16.12.3.zip C9800-AP-universalk9.16.12.2s.zip |
ap1g7 |
|
Cisco Catalyst 9130 Series |
C9800-AP-universalk9.16.12.8.zip C9800-AP-universalk9.16.12.7.zip C9800-AP-universalk9.16.12.6a.zip C9800-AP-universalk9.16.12.5.zip C9800-AP-universalk9.16.12.4a.zip C9800-AP-universalk9.16.12.3.zip C9800-AP-universalk9.16.12.2s.zip |
C9800-AP-universalk9.16.12.8.zip C9800-AP-universalk9.16.12.7.zip C9800-AP-universalk9.16.12.6a.zip C9800-AP-universalk9.16.12.5.zip C9800-AP-universalk9.16.12.4a.zip C9800-AP-universalk9.16.12.3.zip C9800-AP-universalk9.16.12.2s.zip |
ap1g6a |
Guidelines and Restrictions
Internet Group Management Protocol (IGMP)v3 is not supported on Cisco Aironet Wave 2 APs.
Embedded Wireless Controller SNMP configuration is supported in DNAC.
High memory usage on AP running Embedded Wireless Controller. Enabling crash kernel on the AP consumes additional memory on the AP. Hence, if crash kernel is enabled, the overall memory usage of the device will increase and will impact the scale numbers. On Cisco Catalyst 9130 Access Points, the memory consumption is a high of 128 MB.
During the EWC HA pair selection, after a power outage, the standby AP fails to come up in the new EWC HA pair. Another EWC capable AP becomes the standby AP and fails to come up as well. To avoid this situation, ensure that the same IP address is enforced on the active or standby APs during HA pair selection.
Interoperability with Clients
This section describes the interoperability of the controller software with client devices.
The following table describes the configurations used for testing client devices.
|
Hardware or Software Parameter |
Hardware or Software Type |
|---|---|
|
Release |
Cisco IOS XE Gibraltar 16.12.x |
|
Access Points |
|
|
Radio |
|
|
Security |
Open, PSK (WPA2-AES), 802.1X (WPA2-AES) (EAP-FAST, EAP-TLS), WPA3. |
|
Cisco ISE |
See Compatibility Matrix. |
|
Types of tests |
Connectivity, traffic (ICMP), and roaming between two APs |
The following table lists the client types on which the tests were conducted. Client types included laptops, hand-held devices, phones, and printers.
Caveats
Caveats describe unexpected behavior in Cisco IOS releases. Caveats that are listed as Open in a prior release are carried forward to the next release as either Open or Resolved.
Note |
All incremental releases will cover fixes from the current release. |
There are no new Open and Resolved Caveats in Cisco IOS XE Gibraltar 16.12.3 release.
Cisco Bug Search Tool
The Cisco Bug Search Tool (BST) allows partners and customers to search for software bugs based on product, release, and keyword, and aggregates key data such as bug details, product, and version. The BST is designed to improve the effectiveness in network risk management and device troubleshooting. The tool has a provision to filter bugs based on credentials to provide external and internal bug views for the search input.
To view the details of a caveat, click the corresponding identifier.
Open Caveats for Cisco IOS XE Gibraltar 16.12.8
There are no open caveats.
Open Caveats for Cisco IOS XE Gibraltar 16.12.7
There are no open caveats.
Open Caveats for Cisco IOS XE Gibraltar 16.12.6a
|
Caveat ID |
Description |
|---|---|
|
The Cisco Catalyst 9120AX Series APs disconnect from the controller after receiving CAPWAP payload. |
|
|
The RFID entries are not updated in the Cisco Catalyst 9800-40 Wireless Controller. |
|
|
The Dynamic Channel Assignment (DCA) fails when the outdoor AP is on channel 100. |
|
|
The controller does not sort the received RFID RSSI from APs, before sending 16 APs to the connector. |
|
|
Devices are stuck when the controller consumes Internet Control Message Protocol (ICMP) randomly from 8821 phones. |
|
|
The "Call Home EEM cb" process causes high CPU two days after increasing the logging buffer size. |
|
|
Cisco Catalyst 9115 Series APs participate in the Air Quality report unexpectedly. |
|
|
The controller console logs display error messages and tracebacks. |
|
|
The new AP filter name does not reflect the filter name changes for the same tags. |
|
|
The AP primary, secondary, or tertiary name configuration fails in the command line and SNMP. |
|
|
The USB port on AP in the AP default-group needs to be disabled by default. |
Open Caveats for Cisco IOS XE Gibraltar 16.12.5
|
Caveat ID |
Description |
|---|---|
|
OBSS-PD configuration from the RF profile does not get pushed to the AP. |
Open Caveats for Cisco IOS XE Gibraltar 16.12.4a
|
Caveat ID |
Description |
|---|---|
|
APs are randomly taking longer time for off-channel scanning. |
|
|
Cisco Aironet 3802 AP is not able to acknowledge EAP frames (EAP-TLS). |
|
|
Cisco Catalyst 9120 AP reloads unexpectedly after few days of uptime. |
|
|
Cisco Catalyst 9130 AP: OEAP GUI is not accessible. |
|
|
Clients associated to Wave 2 AP having local switching WLAN with native VLAN is not able to resolve ARP. |
|
|
Controller crashes while changing the password for an existing user. |
|
|
Cisco Catalyst 9117 AP: Dot1x authentication is not working for clients. |
|
|
Memory leak is observed under wncd_x due to CAPWAP messaging. |
|
|
Cisco Catalyst 9120 AP reloads unexpectedly with watchdog_last.status reason:14. |
|
|
Controller is not showing correct antenna mode. |
|
|
Client goes into exclusionlist even when client exclusion is disabled. |
|
|
Cisco Aironet 3802 AP: No Rx packets are seen for 5-GHz radio. |
|
|
RFID OIDs are failing when AIRESPACE-WIRELESS-MIB RFID MIBs are used. |
|
|
Cisco Catalyst 9120 AP: Kernel panic crash is observed due to sockets_in_use. |
|
|
Cisco Catalyst 9130 AP is not discovering controller using the IP address returned in DHCP option 43 or DNS. |
|
|
Cisco DNA Center 1.3.3.4: Default RF profile channel is configured as Best in Fabric-In-A-Box installation. |
|
|
AP uses non-allowed channel on dual radio when setting is changed to 5Ghz. |
|
|
Deletion and creation of second Control Plane IP is failing due to RPC ordering. |
|
|
Cisco Catalyst 9130 AP is not sending DHCP messages over the air. |
|
|
Cisco Catalyst 9100 Series AP: AXI-H AP models have 5Ghz radio operationally down with regulatory domain not supported for -H. |
|
|
Cisco Catalyst 9800-80 controller crashes with SIGSEGV while removing timer RB tree color. |
|
|
Cisco Catalyst 9800-80 controller is sending client traffic out of AP manager interface. |
|
|
Cisco Catalyst 9115 AP: Syslog is only seen when using \"Kern\" facility value in AP join profile. |
|
|
wncd crash is observed on Cisco IOS XE 16.12.3ES3. |
|
|
RADIUS attribute [80] Message-Authenticator is not included for AP authorization. |
|
|
Controller reloads unexpectedly due to double-linked list corruption. |
|
|
AP disjoins after a client connects to SSID using LDAP with mode secure. |
Open Caveats for Cisco IOS XE Gibraltar 16.12.2
Note |
For AP-specific bugs on Cisco IOS XE Gibraltar 16.12.x, see the Release Notes for Cisco Catalyst 9800 Series Wireless Controller, Cisco IOS XE Gibraltar 16.12.x. |
|
Caveat ID |
Description |
|---|---|
|
System displays memory warning during the controller image download. |
|
|
Traceback is observed after a switchover on the Cisco Catalyst 9120AXI AP. |
|
|
After an image upgrade or a network reboot the preferred controller might not become the active EWC controller. |
|
|
The write erase command is not activating startup-config sync to all the EWC-capable devices. |
|
|
Controller displays error message after an HA switchover. |
Resolved Caveats for Cisco IOS XE Gibraltar 16.12.8
There are no resolved caveats.
Resolved Caveats for Cisco IOS XE Gibraltar 16.12.7
|
Caveat ID |
Description |
|---|---|
|
Backout of the following bugs: CSCvy96790 and CSCvy72750. |
Resolved Caveats for Cisco IOS XE Gibraltar 16.12.6a
|
Caveat ID |
Description |
|---|---|
|
The OBSS-PD configuration from WebUI does not get pushed to APs mapped to the RF profile. |
|
|
Chromebook or Linux with Intel 11ax adapter does not connect to 11ax APs in local mode. |
|
|
The controller crashes due to critical process RRM fault on rp_0_0 (rc=139). |
|
|
The controller reloads due to qcp-ucode crash when the NBAR engine receives invalid packet length. |
|
|
CMX in Non-FIPS mode cannot connect to the controller in FIPS mode. Certificate Validation Error. |
|
|
The radarScan flag is not set for AP with channel 36 and channel width 160 MHz. |
|
|
Apple iPhone iOS 14.4 PSK to SAE switch fails occasionally and the AP does not respond to client commit 1. |
|
|
RRM ends abnormally while executing the Grouping Flush pending list. |
|
|
WNCD ends abnormally at rrm_client_coverage_hole_algorithm. |
|
|
Fragmented ping pushes to 100% CPU forever. |
|
|
SAE iPSK uses the WLAN passphrase when there is no client specific passphrase received from the AAA server. |
|
|
Client gets stuck in the Authenticating state while connecting to SAE IPSK + LWA. |
|
|
Wireless controller is unable to use the wireless broadcast vlan X command. |
|
|
Controller issue with IsBroadcastEnable as the GUI shows Enabled instead of Disabled and vice-versa. |
|
|
Client gets stuck at IPLEARN_PENDING state in the controller or AP after flex 11r local auth roam. |
|
|
Frame ID mismatch followed by FW radio 0 crash results in packet drops. |
|
|
The WNM-notification bit in the Beacon frame is wrong in the Cisco Catalyst 9120 Series APs. |
|
|
The WNM-notification bit in the Beacon frame is wrong in the Cisco Catalyst 9120 Series APs, in Flex Connect mode |
|
|
Cisco Catalyst 9115 Series APs or 9120 Series AP crash continuously. |
|
|
Probe suppression on macro cell does not work in Cisco Catalyst 9120 Series AP. |
|
|
Dual5G radio/RHL NDP is transmitted on serving DFS channel without waiting for CAC timer to complete. |
|
|
Kernel panic with PC occurs at rb_erase+0x220/0x33c while running overnight longevity. |
|
|
Cisco Catalyst 9117AX Series APs skip concurrent FW coredump to avoid corruption. |
|
|
Vulnerabilities are observed in Frame Aggregation and Fragmentation of 802.11ax APs [SPF 8.0]. |
|
|
Vulnerabilities are observed in Frame Aggregation and Fragmentation of 802.11ax APs [SPF 10.0]. |
|
|
Transmission power discrepancies observed in Cisco Catalyst 9130AX Series APs and Cisco Catalyst 9117AX Series APs. |
|
|
NTP vulnerability is observed due to DHCP assigned NTP. |
|
|
Clients get incorrect AP VLAN IP with Cisco Aironet 2800 AP in flex mode. |
|
|
Cisco Catalyst 9105, 9115, or 9120 Series APs display 100% channel utilization. |
|
|
Local mode AP deletes client if there is no response to EAP request within 30 seconds. |
|
|
Cisco Catalyst 9120 and 9105 APs reload unexpectedly during regular operation due to kernel panic. |
|
|
802.11ax APs: Kernel crash due to QCA Fragment and Forge patch for CVE-2020-24587. |
Resolved Caveats for Cisco IOS XE Gibraltar 16.12.5
|
Caveat ID |
Description |
|---|---|
| Cisco 9117 AP: Client authentication to Dot1x SSID (EAP type PEAP) fails on Cisco 9117 AP. | |
| Cisco 9130 AP does not forward EAP-TLS packets intermittently. Increase in the drop_memfail counter. | |
|
Cisco 9130 AP: MTU mismatch between NSS and CAPWAP. |
|
|
Cisco 9130 AP multicast traffic fails after GTK key index rotation for Vocera clients. |
|
|
WPA3 SAE does not work EWC, in Cisco IOS XE 17.3 Release. |
|
|
New AP joins an anchor controller with a different mobility group name. |
|
|
Cisco 9105/9115/9120 APs experience unexpected "assert" kernel panics with Target Wait Time enabled |
|
|
Cisco 9120 AP crashes after upgrade from Cisco IOS XE 17.3.1 to Cisco IOS XE 17.3.2a |
Resolved Caveats for Cisco IOS XE Gibraltar 16.12.4a
|
Caveat ID |
Description |
|---|---|
| Self-signed certificates cannot be created after the time expires. | |
| Cisco 9120AX AP: AP does not use the correct data rates. | |
| CSCvt51865 |
Unable to restrict the Guest User account to a specific SSID. |
|
Cisco Catalyst 9800-80 Controller crashes frequently with corrupted stack ending in Sanet function. |
|
|
Lobby admin with external RADIUS authentication is not working. |
|
|
New AP joins an anchor controller with a different mobility group name. |
|
|
Slow memory leak due to WNCD kernel process. |
|
|
Cisco Aironet 3700 AP with HALO experiences unexpected reloads. |
|
|
Client gets excluded after VLAN changes post machine and user authentication. |
|
|
Client is unable to associate due to DOT11_STATUS_DENIED_RATES when extended rates are used. |
|
|
Current Tx rate for 802.11AX clients are displayed incorrectly. |
|
|
Authentication fails in Zebra clients, when local authentication is configured in the policy profile. |
|
|
Client is getting deleted due to DOT11_STATUS_DENIED_RATES. |
|
|
Roaming is not successful when NAC is enabled in the policy profile. |
|
|
Cisco Catalyst 9800-CL Controller running IOS XE Gibraltar 16.12.2s wncd crashes due to CPU HOG. |
|
|
Controller does not send the discovery response with its public IP after reboot. |
|
|
Controller does not populate AP load information in the discovery response. |
|
|
AP Link Latency feature is not working. |
|
|
Frequent AP channel changes are observed on 5GHz band radio. |
|
|
XOR channel changes frequently when band configuration is static. |
|
|
Values of client retries and Rx packets on Cisco DNA-C are different from the values seen on the AP. |
|
|
Controller shows incorrect number of interferers. |
|
|
WNCd process down due to assert for BSSID magic check. |
|
|
Cisco Catalyst 9800-80 Controller HA running 'wncd' crashes frequently. |
|
|
Do not present "host mode" configuration options when the RLAN profile is set to open. |
|
|
The WebUI is not showing 2.4GHz channels 12, 13, or 14 for radios in country's that support these channels. |
|
|
Optimize SVI/VLAN page loading. |
|
|
Controller GUI: AP page is stuck in buffering mode (refresh to recover the page) when filters are applied. |
|
|
AP mode count is incorrect in the show wireless summary output. |
|
|
Observed wncd crash@ewlc_dgram_msg_and_msgbuf_free with ISSU flow in scale. |
|
|
Traceback: When AP's interface operational status goes down, SNMP trap triggers, and device reloads. |
|
|
FlexConnect local-sw client is not assigned to VLAN1 when VLAN assignment is done through AAA. |
|
|
Controller does not honour timezone when configuring DCA anchortime. |
|
|
Frequent channel changes on the Cisco AP Aironet 4800 AP slot 0 radio using 5GHz. |
|
|
Control packets not honoring Mobility PMTU. |
|
|
Controller GUI: SNMPv3 privilege and authentication credentials are swapped when adding a user. |
|
|
SNMP v3: Users page on the GUI does not allow configuration of passwords with special characters. |
|
|
Guest anchor fails to load balance clients across anchors. |
|
|
AP CAC GUI parameter displays incorrect unit. Displays bytes instead of "medium time". |
|
|
AAA page does not load after upgrading to IOS XE Gibraltar 16.12.2s. |
|
|
FT gets enabled during static WEP WLAN creation - WLAN modification throws error. |
|
|
Unable to configure SNMP settings through the GUI in Japanase mode. |
|
|
Unable to delete or deauthenticate excluded clients through the GUI. |
|
|
Deleting a policy profile that is mapped under a policy tag should display a warning. |
|
|
Tri Radio: Controller GUI does not display slot-2 details in the 360 degree view. |
|
|
Client count shows zero in the show ap dot11 5ghz/2.4ghz load-info command output while CHD is disabled. |
|
|
Controller displays that 802.11ac is not supported on XOR radios of APs. |
|
|
Cisco Catalyst 9800-40 Controller: Stale FMAP-FP/CPP tunnel issue. |
|
|
Controller may reload as WNCD process is held down with scaled clients. |
|
|
Data rates need to be updated when the client is moving from one AP to another. |
|
|
CAPWAP DTLS session is closed for AP, because of the DTLS server session shutdown. |
|
|
AP sends lower bytes of packets while performing PMTU negotiations. |
|
|
DTLS teardown is observed on 9120, 9115, and 9105 series of APs. |
|
|
Controller-AP: Primary controller name and IP address mismatch. |
|
|
AP Policy/RF/Site tags set to UNKNOWN unless tag-config is explicitly written from the controller. |
|
|
IPv6 dual stack does not work. |
|
|
HA failed to initialize NVRAM after multiple power cycles. |
|
|
Client stuck in IP learn state with FlexConnect local switching + central DHCP + DHCP required. |
|
|
When the power box is reset, DNS resolution for Radius and TACACS is delayed for scale. |
|
|
Controller loses smart licensing registration if integrated with DNA spaces after a reboot. |
|
|
Cisco Aironet 1570 series AP crashes if WLAN with ID >= 17 is configured in the policy tag. |
|
|
Multicast replicates over CAPWAP with global multicast disabled |
|
|
Controller goes down and reloads when AVC is enabled. |
|
|
Cisco 9800 running IOS XE Gibraltar 16.12.3 does not send RSSI messages over NMSP. |
|
|
CWA GA scenario client removed after export anchor response received from WLC due profile plumb. |
|
|
Controller is assigned to native VLAN instead of client VLAN. |
|
|
Controller crashes on WMM action, while roaming. |
|
|
APs do not apply client QoS policy in FlexConnect local-sw and local-auth. |
|
|
Global AP pre-image download is not working. |
|
|
CDP entries are not showing up on the controller. |
|
|
Cannot remove AdvIPServices license. |
|
|
Critical Syslog notification support required when unsupported SFPs are connected. |
|
|
9800-40/80 UDP Port 5246 based ACL filter fails to select DTLS encrypted CAPWAP control packets. |
|
|
Controller crashed with the following reason "Critical process cpp_cp_svr fault on fp_0_0 (rc=134)". |
|
|
Controller reloads when processing AVC or FNF. |
|
|
Controller is unable to downgrade license: Device is not authorized to use the given license level. |
|
|
Cisco Aironet 3700 APs are unable to join controller as the VLAN interface name exceeds character limit in flex profile. |
|
|
Require MAB username delimiter with single hypen. |
|
|
Client is deleted due to the CO_CLIENT_DELETE_REASON_NOOP reason code. |
|
|
ARP request comes from a formerly active controller on HA with split brain scenario. |
|
|
Controller may crash when an AP joins and does not report the correct radios. |
|
|
Cisco Aironet 2800 AP - XOR in 5g: Clients unable to join, AP deauth reason "Invalid group cipher (0x0012)?". |
|
|
Invalid values for AP performance profile. |
|
|
Pubd crash observed just after SSO. |
|
|
RRM AP transmit power is not moving into the maximum or minimum configured power. |
|
|
CWA ACL is removed from the existing flex AP, when a new flex profile is created with same ACL. |
|
|
Cisco Wave1 AP: Client traffic is stuck after client is in RUN state for CWA/LWA. |
|
|
Radius server password field shows no value (blank) in the GUI. |
|
|
Controller GUI has no option to configure AP LED state for IOS APs. |
|
|
Unable to map the attribute map to a user through the GUI. |
|
|
CleanAir Admin Status is displayed as DISABLED on controller Japanese GUI. |
|
|
Basic Wireless setup error, "Use of default ACL preauth v4 is not permitted". |
|
|
Cisco Catalyst 9800-CL Controller is unable to display medium power when AP sends 25W POE message. |
|
|
Cisco Aironet AP 2800/3800/4800/1560 and Cisco IW 6300 AP gets into a loop after attempting to join controller with FIPS enabled. |
|
|
Cisco Wave 1 AP console displays 'DTX DUMP' logs. |
|
|
Cisco Aironet 2800/3800/4800/1560 APs unexpectedly reloads. |
|
|
Cisco Aironet 2800 and 3800 APs exhibit choppiness during the multicast voice call. |
|
|
FlexConnect AP in standalone mode gets stranded and does not send CAPWAP discovery. |
|
|
Cisco Wave 1 APs reload unexpectedly with 'Unexpected exception to CPU' in logs. |
|
|
Kernel panic is observed. |
|
|
Cisco Wave 1 AP: Radio is reset with code 44. |
|
|
Cisco Aironet 1572 AP: Radio is reset due to pak count mismatch, false detection. |
|
|
Cisco Aironet 2800 AP reloads unexpectedly on Sxpd process. |
|
|
Cisco Wave 1 AP: Radio is reset with code 44. |
|
|
Cisco Wave 2 APs: Workgroup bridge (WGB) does not send Internet Access Point Protocol (IAPP) message in static IP config. |
|
|
Cisco FlexConnect AP drops UDP packet (port 2598). |
|
|
Cisco Aironet 3800 AP: Kernel panic crash is observed. |
|
|
Cisco Wave 1 AP: Clients are losing connectivity while roaming. |
|
|
Decipher radio reset code 44 to more specific reason codes. |
|
|
Cisco Aironet 2800/3800/4800/1560 series AP stops sending broadcast address resolution protocol (ARP) to wireless. |
|
|
VLAN bridging problem on Cisco Aironet 1810W AP with Remote LAN (RLAN). |
|
|
Root Access Point (RAP) drops radio connection, causing the Mesh Access Point (MAP) to drop. After restoring the connection, switches are not able to pass traffic. |
|
|
Cisco Aironet 3800 AP is failing to send Neighbor Discovery Protocol (NDP) Tx on 5GHz. |
|
|
Beacon is stuck followed by firmware assert. The AP radio is on channel 36 while controller thinks it's on different channel. |
|
|
Cisco Aironet 3802 AP crash on watchdog reset (wcpd). |
|
|
Authentication failure Extensible Authentication Protocol (EAP) timeout on a Cisco Aironet 1852 AP with data Datagram Transport Layer Security (DTLS) encryption isenabled. |
|
|
Cisco AP with SHA2 message integrity check (MIC) certificate fails to join controller. |
|
|
Low Received Signal Strength Indicator (RSSI) on 2.4GHz for Cisco Catalyst 9120AX-E AP as compared Cisco Aironet 2800 AP. |
|
|
Cisco Aironet 3702 AP reloads unexpectedly. |
|
|
Cisco Catalyst 9800-CL Controller is displaying wrong Application Visibility and Control (AVC) data on the GUI page. |
|
|
Cisco Wave 1 AP reloads unexpectedly which relates to fast roaming state machine. |
|
|
Cisco Catalyst 9130E AP: NSS reloads unexpectedly causing AP to be stuck in continuous loop. |
|
|
AP crash is observed due to kernel panic triggered by Dynamic Frequency Selection (DFS) channel use. |
|
|
Flex standalone with 11r Fallback FT Auth response code change to 53. |
|
|
Client ARP and DHCP failures are observed after roaming among Cisco Wave 1 APs. |
|
|
Cisco Aironet 3602 AP image corruption issue. |
|
|
Frequent radio resets are observed during continuous roam (11r-OTA). |
|
|
Cisco Catalyst 9120 AP: All clients are loosing connectivity on flex standalone. |
|
|
AVC status is getting disabled while configuring service-policy input from DNA. |
|
|
Intel clients are experiencing latency or drops when connected to Cisco Catalyst 9120 APs. |
|
|
Cisco Catalyst 9120 AP: Flex connected to standalone; clients are loosing data. |
|
|
Cisco Aironet 3700 AP: FlexConnect deauth status code is changed from 28 to 53 if 11r Pairwise Master Key (PMK) is not present. |
|
|
Flex connected mode: Incorrect PMK ID causes delay in client association (Local Switch, Central Auth). |
|
|
Flex connected mode: After continuous roam, client takes a longer time to reconnect. |
|
|
Cisco Aironet 2700 AP: In flex standalone mode, the AP send identity request only once; need to send more. |
|
|
Cisco Aironet 2800/3800/4800/1560 APs are not transmitting data frames over the air. |
|
|
Clients cannot connect to Cisco Wave 1 APs with dot1x-sha256 received assoc-resp 20. |
|
|
Rate limiting is not working for downstream traffic when ACL is pushed from ISE. |
|
|
EAP-PEAP flex authentication fails occasionally because of low eap-timeout. |
|
|
Clients connected to 2 different autonomous APs with ISE VLAN override cannot ping in 5GHz radio. |
|
|
Cisco Aironet 2800 AP: Dual-Band (XOR) radio does not beacon after few iterations of moving from AUTO to 5G. |
|
|
CPU exceeds 90 % with high volume traffic. |
|
|
Cisco Wave 1 AP reports itself as a threat and logs \"AP Impersonation\" alerts. |
|
|
Cisco Aironet 1800 AP unexpectedly reloads. |
|
|
Cisco Wave 1 APs are not sending deauth rc 7 after rx frame from non assoc client. |
|
|
Cisco Aironet 1832 AP kernel panic crash. |
|
|
Cisco Aironet 2700 and 3800 APs are dropping ARP_REPLY packets. |
|
|
Cisco Aironet 1532 AP: Ethernet interface is loosing packets. |
|
|
Memory leak is observed under process SACRcvWQWrk2 when Smart Licensing is enabled. |
|
|
Cisco Catalyst 9115AXI AP reloads unexpectedly with a kernel panic. |
|
|
Cisco Aironet 2800 AP is dropping from the controller. |
|
|
Cisco Aironet 2700 AP PCI0 reloads unexpectedly when Cisco CleanAir is enabled. |
|
|
Traceroute fails: /bin/sh: /usr/bin/traceroute: not found. |
|
|
Cisco Aironet 1815T AP is leaking client MAC from LAN3 to WAN port. |
|
|
Wave 2 APs in FlexConnect mode are sending Auth Request to AAA without Local Auth Enabled. |
|
|
Cisco Aironet 2800 APs are using 802.11n rates with WPA+TKIP only WLAN. |
|
|
WLC 8540 OID returns small number than actual traffic size. |
|
|
MAPs failing mesh_sec_auth and excluding Parent upon RAP failure. |
|
|
Cisco Aironet 1562 AP in UWGB mode is unable to associate when powered up outside wireless coverage area. |
|
|
WGB wired client is not getting IP when associating to Cisco Catalyst 9130 AP. |
|
|
Clients connected to same SSID using different autonomous Cisco 2702 APs can not ping each other. |
|
|
Cisco AP is not handling EXPIRE_MIC_PAYLOAD message. |
|
|
Trustpoint configuration fails on Wave 2 APs in WGB. |
|
|
802.11v Directed Multicast Service (DMS) is not shown as supported within beacon of Cisco Aironet 1852 AP. |
|
|
Cisco Aironet 4800/3800/2800/1562 APs are stuck in "BootROM: Image checksum verification FAILED". |
|
|
Cisco Catalyst 9130I and Cisco Aironet 1852 APs \"{watchdogd} Process syslogd gone for 60s\" & \" can't open '3410/maps'\". |
|
|
Cisco APs acting as MAPs are not able to see RAPs. |
|
|
Cisco AP fails to attach the VLAN tag when client user ID changes from central to local switching. |
|
|
Cisco IW3702 AP: Samsung S10 client fails to associate on flex:local auth+local switch in 11r security. |
|
|
Cisco Wave 2 AP beacons disabled SSID. |
|
|
Dual-band static channel configuration switches to DCA after AP rejoin. |
|
|
Cisco Catalyst 9130 AP: Kernel panic at cisco_wlan_crypto_decap. |
|
|
Clients cannot connect to Cisco Aironet 1800 AP with 2.4 GHz with hidden SSID. |
|
|
Cisco Aironet 4800 APs stopped supporting European weather band 5600-5650MHz- channels 120,124, and 128. |
|
|
Cisco Aironet 1850AP: Clients are unable to connect to the AP. |
|
|
Flexconnect reap count for current users not getting decremented causing new Wi-Fi client disconnect. |
|
|
EWC conversion fails for Cisco Catalyst 9115AX AP with -T domain. |
|
|
Cisco Catalyst 9120 power is lower than Cisco Aironet 2800/3800 APs with CCK rates disabled(2.4GHz). |
|
|
Cisco OfficeExtend access point (OEAP) configuration doesn't get saved to AP flash. |
|
|
Cisco Catalyst 9120 AP is not applying trust-dscp-upstream and CAPWAP traffic marked with UP to DSCP. |
|
|
2.4GHz throughput does not change based on the number of streams. |
|
|
Mesh AP: With ACL blocks ping to gateway, AP can't join controller if it doesn't complete within 45sec. |
|
|
Cisco Wave 2 APs silver UP 00 to DSCP upstream mapping not capped by bronze profile. |
|
|
Various models of Android 10 devices fail to associate. |
|
|
AIR-AP2802I-H-K9 WCPd crash: AP is failing to decode discovery response and reboot with flash core. |
Troubleshooting
For the most up-to-date, detailed troubleshooting information, visit the Cisco TAC website at:
https://www.cisco.com/en/US/support/index.html
Go to Product Support and select your product from the list, or enter the name of your product. Look under Troubleshoot and Alerts to find information about the problem that you are experiencing.
Related Documentation
Information about Cisco IOS XE 16 is available at:
https://www.cisco.com/c/en/us/products/ios-nx-os-software/ios-xe/index.html
All the support documentation for Cisco Catalyst 9100 Access Points are available at: https://www.cisco.com/c/en/us/support/wireless/catalyst-9100ax-access-points/tsd-products-support-series-home.html
Cisco Validated Designs documents are available at:
https://www.cisco.com/go/designzone
Cisco Embedded Wireless Controller on Catalyst Access Points
For support information, see the following documents:
-
Cisco Embedded Wireless Controller on Catalyst Access Points Online Help
-
Cisco Embedded Wireless Controller on Catalyst Access Points Software Configuration Guide
-
Cisco Embedded Wireless Controller on Catalyst Access Points Command Reference Guide
Installation guides for Catalyst Access Points are available at:
For all Cisco Wireless Controller software-related documentation, see:
Wireless Products Comparison
-
Use this tool to compare the specifications of Cisco wireless APs and controllers:
https://www.cisco.com/c/en/us/products/wireless/wireless-lan-controller/product-comparison.html
-
Product Approval Status:
-
Wireless LAN Compliance Lookup:
https://www.cisco.com/c/dam/assets/prod/wireless/wireless-compliance-tool/index.html
Cisco Mobility Services Engine
Cisco Connected Mobile Experiences
Cisco DNA Center
Communications, Services, and Additional Information
-
To receive timely, relevant information from Cisco, sign up at Cisco Profile Manager.
-
To get the business impact you’re looking for with the technologies that matter, visit Cisco Services.
-
To submit a service request, visit Cisco Support.
-
To discover and browse secure, validated enterprise-class apps, products, solutions and services, visit Cisco Marketplace.
-
To obtain general networking, training, and certification titles, visit Cisco Press.
-
To find warranty information for a specific product or product family, access Cisco Warranty Finder.
Feedback