The Cisco 3500 Series Wireless Controller is supported in this release. For more information, see:

The following new APs are supported:

• Cisco Aironet 1540 Series APs

  For more information about these APs, see:

  http://www.cisco.com/c/en/us/products/wireless/aironet-1540-series/index.html.

• Cisco Aironet 1815m and 1815t APs

  For more information about these APs, see:

  http://www.cisco.com/c/en/us/products/wireless/aironet-1815-series-access-points/index.html.

• Integrated Access Point on Cisco 1100 Integrated Services Router

  For more information about this AP, see:

  https://www.cisco.com/c/en/us/products/collateral/routers/1000-series-integrated-services-routers-isr/datasheet-c78-739512.html.

Access Point eXtensions (APeX) is a development framework to enable an ecosystem of expansion modules for Cisco Aironet 3800 Series APs.

The APeX Extender Module hardware development kit (HDK) enables developers to quickly prototype applications based on standard off-the-shelf development platforms. APeX HDK connectivity is currently supported in Cisco Aironet 3800 Series APs.

For more information, see: https://developer.cisco.com/site/apex/index.gsp.

Cisco APs collect RF channel information for various feature functions such as rogue detection, wIPS, and Cisco CleanAir. The APs in monitor mode do not transmit BSS serving Wi-Fi traffic. These APs are also excluded from the neighbor access list and RRM planning. In this release, support for monitor mode is added to the following Cisco Wave 2 APs:

• Cisco Aironet 1540 Series Access Points

• Cisco Aironet 1560 Series Access Points

• Cisco Aironet 1810 OfficeExtend Access Point

• Cisco Aironet 1810W Access Points

• Cisco Aironet 1815 Series Access Points

• Cisco Aironet 1850 Series Access Points

• Cisco Aironet 1830 Series Access Points

Note	For information about other Cisco Aironet Wave 2 APs that support monitor mode, see http://cs.co/Wave2-AP-Feature-Matrix.

Mobile Concierge is supported in all Cisco Aironet Wave 2 APs.

Mobile Concierge is a solution that enables 802.1X capable clients to interwork with external networks. The Mobile Concierge feature provides service availability information to clients and can help them to connect available networks.

The services offered by the network can classified into two protocols:

• 802.11u MSAP

• 802.11u Hotspot 2.0

In Release 8.5, the Cisco Spectrum Expert remote sensor mode is supported in Cisco Aironet Wave 2 APs, using the Cisco CleanAir chipset.

Cisco Spectrum Expert monitors the RF spectrum used by a variety of wireless network and communications technologies, such as Wi-Fi (802.11) WLANs. Cisco Spectrum Expert consists of a hardware-based Spectrum Sensor card and GUI-based Cisco Spectrum Expert Software, both of which provide complete visibility of the RF environment in which wireless network technologies operate. For more information about Cisco Spectrum Expert, see: http://www.cisco.com/c/en/us/support/wireless/spectrum-expert/tsd-products-support-series-home.html.

The Dual Radio Parallel Redundancy Protocol (PRP) enhancement is the second phase of the PRP feature, which enables dual radio (2.4 GHz and 5 GHz) workgroup bridge mode on a WGB simultaneously. The WGB is wirelessly connected to the APs, with redundant packet transmissions over the dual 2.4-GHz and 5-GHz subsystem.

Support is also added for configuration of PRP functions on Cisco WLC via GUI.

For more information about this feature, see the Dual Radio Parallel Redundancy Protocol Enhancement on WGB section in the Cisco Wireless Controller Configuration Guide.

The Dynamic Link Exchange Protocol (DLEP) client support feature allows the WGB to report radio link metrics to a router. The WGB acts as the DLEP client, and the router acts as the DLEP server. Routing path selection is based on radio link quality metrics.

For more information about this feature, see the DLEP Client Support on WGB section in the Cisco Wireless Controller Configuration Guide.

• Support is added for Air Time Fairness on Cisco IW3702 AP in local and FlexConnect modes.

• Support is added for Cisco IW3702 AP as subordinate AP in Mobility Express solution.

• Support is added for configuration of Rx-SOP in Cisco IW3702 AP on Cisco WLC via CLI.

In Cisco Aironet 18xx, 2800, 3800, 1540, and 1560 Series Wave 2 APs, the following new commands are introduced:

• show controllers dot11Radio 1 antenna —Displays last seen power (per antenna RSSI) with the radio port as input.

• show controllers dot11Radio 1 client mac-address —Displays information on what the client is doing in terms of rate selection and streams. Also, displays non-zero RX, TX, or TX-Retries (cumulative) packet count for each rate, stream, or width combination.

Support is added for client-aware Flexible Radio Assignment (FRA) in Cisco Aironet 2800 and 3800 Series APs.

The Cisco Aironet 2800 and 3800 Series APs have the following radios:

• Flexible radio (2.4-GHz and 5-GHz band)

• Dedicated radio (5-GHz band)

Client-aware FRA serves these purposes:

• Client select—Sets the utilization threshold for redundant dual-band radios to switch from monitor mode to 5-GHz client-serving role.

• Client reset—Sets the utilization threshold for redundant dual-band radios to switch back from 5-GHz client-serving role to monitor mode.

The default percentage value for client select and reset is 50% and 5% respectively.

You can view the client-aware FRA details for an RF profile. To view the flexible radio assignment settings, use the show advanced fra command.

Support is added for IPv6 in the AP Plug-n-Play (AP PnP) feature in the following APs:

• Cisco Aironet 2800 Series APs

• Cisco Aironet 3800 Series APs

• Cisco Aironet 1850 Series APs

• Cisco Aironet 1830 Series APs

• Cisco Aironet 1815 Series APs

For more information, see the Wireless Plug and Play Deployment Guide at: http://www.cisco.com/c/en/us/support/wireless/wireless-lan-controller-software/products-technical-reference-list.html.

VLAN-based central switching is supported in Cisco Wave 2 APs operating in FlexConnect mode. When the Wave 2 APs are operating in FlexConnect mode, VLAN-based central switching allows VLANs to switch between local and central termination based on authentication, authorization, and accounting (AAA) attributes.

For more information about this feature, see the FlexConnect section of the Cisco Wireless Controller Configuration Guide.

The Enterprise Fabric provides end-to-end enterprise-wide segmentation, flexible subnet addressing, and controller-based networking with uniform enterprise-wide policy and mobility. It moves the enterprise network from current VLAN-centric architecture to a user group-based enterprise architecture, with flexible Layer 2 extensions within and across sites.

For more information about this feature, see the Software-Defined Access Wireless chapter in the Cisco Wireless Controller Configuration Guide.

Prior to Release 8.5, EoGRE tunnel gateway (TGW) failover was not classified as primary or secondary. From Release 8.5, it is possible for you to classify TGW-1 and TGW-2 as Primary or Secondary for failover purposes.

In a domain, the primary gateway is active by default. When the primary gateway is not operational, the secondary gateway becomes the active gateway. Clients will have to associate again with the secondary gateway. During and after failover, Cisco WLC continues to ping the primary gateway. When the primary gateway is operational again, the primary gateway becomes the active gateway. Clients then fall back on to the primary gateway. The same option is available for TGWs from FlexConnect in local switched mode. EoGRE tunnels can be DTLS-encrypted CAPWAP IPv4 or IPv6. This feature is supported on all Wave 1 and Wave 2 APs that are supported from Release 8.5.

Options are available to view detailed TGW statistics:

• Tunnel from Cisco WLC:

  • On the Cisco WLC GUI, choose Controller > Tunneling and under TGW list, click Get Statistics.

  • On the Cisco WLC CLI, use the show tunnel eogre gateway statistics command.

• Tunnel from FlexConnect APs:

  • On the Cisco WLC GUI, choose Wireless > All APs > AP name > FlexConnect > Tunnel Gateway List and click Get Statistics.

  • On the Cisco WLC CLI, use the show ap eogre gateway statistics ap-name command.

For more information about the EoGRE feature, see the Ethernet over GRE Tunnels section in the Cisco Wireless Controller Configuration Guide.

The following categories of Cisco WLC best practices have been added in the Main Dashboard of the Cisco WLC GUI:

• Apple Devices

• ISE RADIUS

Using this feature, you can enable Cisco 5520 WLCs to work with non-Cisco WGBs in multicast-to-unicast mode to route ARP traffic from the wired clients behind the non-Cisco WGBs to all the APs.

For more information about this feature, see the Information About Multicast-to-Unicast Support for Passive Client ARPs section in the Cisco Wireless Controller Configuration Guide.

Using this feature, you can reanchor client devices when they roam from one Cisco WLC to another. Reanchoring of client devices prevents depletion of IP addresses available for new clients in Cisco WLC.

Note	Some client devices fail to reassociate with a Cisco WLC (with a new IP address), that they have roamed to from another Cisco WLC. These client devices do not release the old IP address and therefore do not reassociate with the Cisco WLC that they have roamed to.

For more information about this feature, see the Information About AVC-Based Reanchoring section in the Cisco Wireless Controller Configuration Guide.

The Identity PSK (IPSK) feature supports the growing number of devices that are getting connected to the Internet and do not support the 802.1x security protocol. These devices can connect to the network using the WPA-PSK protocol.

Using the IPSK feature, you can easily and securely connect individual device or group of devices on the network with unique pre-shared keys.

This feature enables the use of IPv6 addresses in the network for authentication of client traffic using Cisco WLC and external AAA server. You can add the FQDN of the IPv6 server in the pre-authentication access control list (ACL) in Cisco WLC so that the AAA server can allow or deny the requested traffic to a client.

For more information about this feature, see the CNAME IPv6 Filtering section in the Cisco Wireless Controller Configuration Guide.

In phase 2 of simplifying Cisco ISE configuration on Cisco WLC, you have the option to apply the default Cisco ISE configuration for Cisco WLC so that you do not have to explicitly configure some of the settings required to use Cisco ISE. In Release 8.5, the default Cisco ISE configuration is applied in this additional scenario:

While mapping Cisco ISE-marked authentication server to a WLAN, the following security settings are applied:

• The Layer 2 security of the WLAN is set to WPA+WPA2

• 802.1X is the default AKM

• MAC filtering is enabled if the Layer 2 security is set to None

Note	The Layer 2 security settings are either WPA+WPA2 with 802.1X or None with MAC filtering. It is possible to change these default settings if required.

For more information about phase 1 of simplifying Cisco ISE configuration, see Release Notes for Cisco Wireless Controllers and Lightweight Access Points for Cisco Wireless Release 8.4.100.0 at http://www.cisco.com/c/en/us/td/docs/wireless/controller/release/notes/crn84.html.

• The filenames of Cisco Aironet 1700, 2700, 3700, and IW3702 AP software images have been changed from ap3g2-x to c3700-x format. Therefore, if you are upgrading to Release 8.5 or a later release from Release 8.3 or an earlier release, these APs will download the image twice and reboot twice.

• Support for Dynamic WEP is reintroduced in Cisco Wave1 APs in this release.

• The AAA database size is increased from 2048 entries to 12000 entries for these Cisco WLCs: Cisco Flex 7510, 8510, 5520, and 8540. Therefore, if you downgrade from Release 8.5 to an earlier release that does not include this enhancement, you might lose most of the AAA database configuration, including management user information. To retain at least 2048 entries, including management user information, we recommend that you follow these downgrade instructions and back up the configuration file before proceeding with the downgrade:

  1. From Release 8.5, downgrade to one of the following releases, which support 2048 database size and include the enhancement.

     • Release 8.4.100.0 or a later 8.4 release

     • Release 8.3.102.0 or a later 8.3 release

     • Release 8.2.130.0 or a later 8.2 release

     • Release 8.0.140.0 or a later 8.0 release

  2. Downgrade to a release of your choice.

• In Release 8.5, the search functionality in the Cisco WLC Online Help for all WLCs is disabled due to memory issues encountered in these WLCs: Cisco 2504, 5508, and WiSM2.

• Release 8.4 and later releases support additional configuration options for 802.11r FT enable and disable. The additional configuration option is not valid for releases earlier than Release 8.4. If you downgrade from Release 8.5 to Release 8.2 or an earlier release, the additional configuration option is invalidated and defaulted to FT disable. When you reboot Cisco WLC with the downgraded image, invalid configurations are printed on the console. We recommend that you ignore this because there is no functional impact, and the configuration defaults to FT disable.

• If you downgrade from Release 8.5 to a 7.x release, the trap configuration is lost and must be reconfigured.

• If you downgrade from Release 8.5 to Release 8.1, the Cisco Aironet 1850 Series AP whose mode was Sensor prior to the downgrade is shown to be in unknown mode after the downgrade. This is because the Sensor mode is not supported in Release 8.1.

• If you have an IPv6-only network and are upgrading to Release 8.4 or a later release, ensure that you perform the following activities:

  • Enable IPv4 and DHCPv4 on the network—Load a new Cisco WLC software image on all the Cisco WLCs along with the supplementary AP bundle images on Cisco 2504 WLC, Cisco 5508 WLC, and Cisco WiSM2, or perform a predownload of AP images on the corresponding Cisco WLCs.

  • Reboot Cisco WLC immediately or at a preset time.

  • Ensure that all Cisco APs are associated with Cisco WLC.

  • Disable IPv4 and DHCPv4 on the network.

• After downloading the new software to the Cisco APs, it is possible that a Cisco AP may get stuck in an upgrading image state. In such a scenario, it might be necessary to forcefully reboot Cisco WLC to download a new image or to reboot Cisco WLC after the download of the new image. You can forcefully reboot Cisco WLC by entering the reset system forced command.

• It is not possible to download some of the older configurations from Cisco WLC because of the Multicast and IP address validations. See the "Restrictions on Configuring Multicast Mode" section in the Cisco Wireless Controller Configuration Guide for detailed information about platform support for global multicast and multicast mode.

• If you upgrade from Release 8.0.110.0 to a later release, the config redundancy mobilitymac mac-addr command's setting is removed. You must manually reconfigure the mobility MAC address after the upgrade.

• If you downgrade to Release 8.0.140.0 or 8.0.15x.0, and later upgrade to a later release and and also have the multiple country code feature configured, then the configuration file could get corrupted. When you try to upgrade to a later release, special characters are added in the country list causing issues when loading the configuation. For more information, see CSCve41740.

  Note	Upgrade and downgrade between other releases does not result in this issue.

• If you are upgrading from a 7.4.x or an earlier release to a release later than 7.4, the Called Station ID type information is mapped to the RADIUS Accounting Called Station ID type, which, by default, is set to apradio-mac-ssid. You can configure the RADIUS Authentication Called Station ID type information by using the config radius auth callStationIdType command.

• When a client sends an HTTP request, the Cisco WLC intercepts it for redirection to the login page. If the HTTP GET request that is intercepted by the Cisco WLC is longer than 2000 bytes, the Cisco WLC drops the packet. Track CSCuy81133 for a possible enhancement to address this restriction.

• We recommend that you install Cisco Wireless Controller Field Upgrade Software (FUS), which is a special AES package that contains several system-related component upgrades. These include the bootloader, field recovery image, and FPGA or MCU firmware. Installing the FUS image requires special attention because it installs some critical firmware. The FUS image is independent of the runtime image. For more information about FUS and the applicable Cisco WLC platforms, see the Field Upgrade Software release notes listing.

  Note	For Cisco 2504 WLC, we recommend that you upgrade to FUS 1.9.0 release or a later release.

• If FIPS is enabled in Cisco Flex 7510 WLC, the reduced boot options are displayed only after a bootloader upgrade.

  Note	Bootloader upgrade is not required if FIPS is disabled.

• When downgrading from one release to another, you might lose the configuration from your current release. The workaround is to reload the previous Cisco WLC configuration files that are saved in the backup server, or to reconfigure Cisco WLC.

• It is not possible to directly upgrade to this release from a release that is earlier than Release 7.0.98.0.

• When you upgrade Cisco WLC to an intermediate release, wait until all the APs that are associated with Cisco WLC are upgraded to the intermediate release before you install the latest Cisco WLC software. In large networks, it can take some time to download the software on each AP.

• You can upgrade to a new release of the Cisco WLC software or downgrade to an earlier release even if FIPS is enabled.

• When you upgrade to the latest software release, the software on the APs associated with the Cisco WLC is also automatically upgraded. When an AP is loading software, each of its LEDs blinks in succession.

• We recommend that you access the Cisco WLC GUI using Microsoft Internet Explorer 11 or a later version, or Mozilla Firefox 32 or a later version.

• Cisco WLCs support standard SNMP MIB files. MIBs can be downloaded from the software download page on Cisco.com.

• The Cisco WLC software is factory installed on your Cisco WLC and is automatically downloaded to the APs after a release upgrade and whenever an AP joins a Cisco WLC. We recommend that you install the latest software version available for maximum operational benefit.

• Ensure that you have a TFTP, HTTP, FTP, or SFTP server available for the software upgrade. Follow these guidelines when setting up a server:

  • Ensure that your TFTP server supports files that are larger than the size of Cisco WLC software image. Some TFTP servers that support files of this size are tftpd32 and the TFTP server within Cisco Prime Infrastructure. If you attempt to download the Cisco WLC software image and your TFTP server does not support files of this size, the following error message appears:

    TFTP failure while storing in flash

  • If you are upgrading through the distribution system network port, the TFTP or FTP server can be on the same subnet or a different subnet because the distribution system port is routable.

• When you plug a Cisco WLC into an AC power source, the bootup script and power-on self test is run to initialize the system. During this time, press Esc to display the bootloader Boot Options menu. The menu options for the Cisco 5508 WLC differ from the menu options for the other Cisco WLC platforms.

  The following is the Bootloader menu for Cisco 5508 WLC:

  Boot Options
  Please choose an option from below:
  1. Run primary image
  2. Run backup image
  3. Change active boot image
  4. Clear Configuration
  5. Format FLASH Drive
  6. Manually update images
  Please enter your choice:

  The following is the Bootloader menu for other Cisco WLC platforms:

  Boot Options
  Please choose an option from below:
  1. Run primary image
  2. Run backup image
  3. Manually update images
  4. Change active boot image
  5. Clear Configuration
  Please enter your choice:
  
  Enter 1 to run the current software, enter 2 to run the previous software, enter 4 (on Cisco 5508 WLC), 
  or enter 5 (on Cisco WLC platforms other than 5508 WLC) to run the current software and set 
  the Cisco WLC configuration to factory defaults. Do not choose the other options unless directed to do so.

  Note	See the Installation Guide or the Quick Start Guide of the respective Cisco WLC platform for more details on running the bootup script and the power-on self test.

• The Cisco WLC Bootloader stores a copy of the active primary image and the backup image. If the primary image becomes corrupted, you can use the Bootloader to boot with the backup image.

  With the backup image stored before rebooting, choose Option 2: Run Backup Image from the Boot Options menu to boot from the backup image. Then, upgrade with a known working image and reboot Cisco WLC.

• You can control the addresses that are sent in the Control and Provisioning of Wireless Access Points (CAPWAP) discovery responses when NAT is enabled on the Management Interface, using the following command:

  config network ap-discovery nat-ip-only {enable | disable}

  The following are the details of the command:

  enable —Enables use of NAT IP only in a discovery response. This is the default. Use this command if all the APs are outside the NAT gateway.

  disable —Enables use of both NAT IP and non-NAT IP in a discovery response. Use this command if APs are on the inside and outside the NAT gateway, for example, Local Mode and OfficeExtend APs are on the same Cisco WLC.

  Note	To avoid stranding of APs, you must disable AP link latency (if enabled) before you use the disable option in the config network ap-discovery nat-ip-only command. To disable AP link latency, use the config ap link-latency disable all command.

• Do not power down Cisco WLC or any AP during the upgrade process. If you do this, the software image might get corrupted. Upgrading Cisco WLC with a large number of APs can take as long as 30 minutes, depending on the size of your network. However, with the increased number of concurrent AP upgrades supported, the upgrade time should be significantly reduced. The APs must remain powered, and Cisco WLC must not be reset during this time.

• To downgrade from this release to Release 6.0 or an earlier release, perform either of these tasks:

  • Delete all the WLANs that are mapped to interface groups, and create new ones.

  • Ensure that all the WLANs are mapped to interfaces rather than interface groups.

• After you perform the following functions on Cisco WLC, reboot it for the changes to take effect:

  • Enable or disable LAG

  • Enable a feature that is dependent on certificates (such as HTTPS and web authentication)

  • Add a new license or modify an existing license

    Note	Reboot is not required if you are using Right-to-Use licenses.

  • Increase the priority of a license

  • Enable HA

  • Install the SSL certificate

  • Configure the database size

  • Install the vendor-device certificate

  • Download the CA certificate

  • Upload the configuration file

  • Install the Web Authentication certificate

  • Make changes to the management interface or the virtual interface

• From Release 8.3 or a later release, ensure that the configuration file that you back up does not contain the < or > special characters. If either of the special characters is present, the download of the backed up configuration file fails.

Due to an increase in the size of the Cisco WLC software image, the Cisco 2504 WLC, Cisco 5508 WLC, and Cisco WiSM2 software images are split into the following two images:

• Base Install image, which includes the Cisco WLC image and a subset of AP images (excluding some mesh AP images and AP80x images) that are packaged in the Supplementary AP Bundle image

• Supplementary AP Bundle image, which includes AP images that are excluded from the Base Install image. The APs that feature in the Supplementary AP Bundle image are:

  • Cisco AP802

  • Cisco AP803

  • Cisco Aironet 1530 Series AP

  • Cisco Aironet 1550 Series AP (with 128-MB memory)

  • Cisco Aironet 1570 Series APs

  • Cisco Aironet 1600 Series APs

Note	There is no change with respect to the rest of the Cisco WLC platforms.

• Domain-based ACLs

• Autoinstall

• Controller integration with Lync SDN API

• Application Visibility and Control (AVC) for FlexConnect locally switched APs

• Application Visibility and Control (AVC) for FlexConnect centrally switched APs

  Note	AVC for local mode APs is supported.

• URL ACL

• Bandwidth Contract

• Service Port

• AppleTalk Bridging

• Right-to-Use Licensing

• PMIPv6

• EoGRE

• AP Stateful Switchover (SSO) and client SSO

• Multicast-to-Unicast

• Cisco Smart Software Licensing

Note	The features that are not supported on Cisco WiSM2 and Cisco 5508 WLC are not supported on Cisco 2504 WLCs too. Directly connected APs are supported only in local mode.

• Cisco WLAN Express Setup Over-the-Air Provisioning

• Mobility controller functionality in converged access mode

• VPN Termination (such as IPsec and L2TP)

• Domain-based ACLs

• VPN Termination (such as IPSec and L2TP) —IPSec for RADIUS/SNMP is supported; general termination is not supported.

• Fragmented pings on any interface

• Right-to-Use Licensing

• Cisco 5508 WLC cannot function as mobility controller (MC). However, it can function as guest anchor in a New Mobility environment.

• Cisco Smart Software Licensing

• Domain-based ACL

• Cisco Umbrella—Not supported in FlexConnect locally switched WLANs; however, it is supported in centrally switched WLANs.

• Static AP-manager interface

  Note	For Cisco Flex 7510 WLCs, it is not necessary to configure an AP-manager interface. The management interface acts as an AP-manager interface by default, and the APs can associate with the controller on this interface.

• IPv6 and dual-stack client visibility

  Note	IPv6 client bridging and Router Advertisement Guard are supported.

• Internal DHCP server

• APs in local mode

  Note	A Cisco AP associated with a controller in local mode should be converted to FlexConnect mode or monitor mode, either manually or by enabling the autoconvert feature. From the Cisco Flex 7510 WLC CLI, enable the autoconvert feature by entering the config ap autoconvert enable command.

• Mesh (Use Flex + Bridge mode for mesh-enabled FlexConnect deployments)

• Cisco Flex 7510 WLC cannot be configured as a guest anchor controller. However, it can be configured as a foreign controller to tunnel the guest traffic to a guest anchor controller in a DMZ.

• Multicast

  Note	FlexConnect locally switched multicast traffic is bridged transparently for both wired and wireless on the same VLAN. FlexConnect APs do not limit traffic based on Internet Group Management Protocol (IGMP) or MLD snooping.

• PMIPv6

• Cisco Smart Software Licensing

• Internal DHCP Server

• Mobility controller functionality in converged access mode

• VPN termination (such as IPsec and L2TP)

• Fragmented pings on any interface

Note	Cisco Smart Software Licensing is not supported on Cisco 8510 WLC.

• Cisco Umbrella

• Domain-based ACLs

• Internal DHCP server

• Cisco TrustSec

• Access points in local mode

• Mobility/Guest Anchor

• Wired Guest

• Multicast

  Note	FlexConnect locally switched multicast traffic is bridged transparently for both wired and wireless on the same VLAN. FlexConnect APs do not limit traffic based on IGMP or MLD snooping.

• FlexConnect central switching in large-scale deployments

  Note	FlexConnect central switching is supported in only small-scale deployments, wherein the total traffic on controller ports is not more than 500 Mbps. FlexConnect local switching is supported.

• Central switching on Microsoft Hyper-V deployments

• AP and Client SSO in High Availability

• PMIPv6

• Datagram Transport Layer Security (DTLS)

• EoGRE (Supported in only local switching mode)

• Workgroup bridges

• Client downstream rate limiting for central switching

• SHA2 certificates

• Controller integration with Lync SDN API

• Cisco OfficeExtend Access Points

• Load-based call admission control (CAC). Mesh networks support only bandwidth-based CAC or static CAC.

• High availability (Fast heartbeat and primary discovery join timer).

• AP acting as supplicant with EAP-FASTv1 and 802.1X authentication.

• AP join priority (Mesh APs have a fixed priority)

• Location-based services

• Dynamic Mesh backhaul data rate.

  Note	We recommend that you keep the Bridge data rate of the AP as auto.

• Background scanning

• Noise Tolerant Fast Convergence

• Flex+Mesh

• Noise Tolerant Fast Convergence

• Flex+Mesh