Rogue Containment and RLDP Enhancements
Hybrid REAP: Local Authentication
Hybrid REAP Fault Tolerance
Hybrid REAP OKC Feature
CDP Over Air
Preferred Call Support
DHCP Option 60
PCI Compliance for Neighbor Packets
Chile Regulatory Enhancements
Russia Regulatory Enhancements
Licensing Changes for 5500 Series Controllers
Non-Cisco WGB Support
Cisco Identity Services Engine Support
DHCP Option 82 Support for Ethernet MAC ID
VLAN Select and Related Features
Dynamic Anchoring Support for Static IP Clients
Fast Controller Failover
Client Limits Per WLAN
Unable to ping APs directly connected to a 2106 controller.
AP should default AAA ports to 1812/1813 not 1645/1646.
5508 WLC - solid amber alarm light.
NEC SIP CAC: Load-based CAC is not working with non-WMM clients.
DCA channel lists changes when WLC is upgraded to 6.0/7.0 from 4.2.
WLC will not respond to SNMP if its source address is part of a dynamic interface.
MSFT: Multiple SSH sessions can cause arrow key failure and password to appear.
SNMP traps for 1231 AP also sent for Interface:1(unknown type).
Huck Jr "b" radio status moves from disabled to enabled after reboot.
WGB: multiple parents created during roaming traffic disrupted.
The command show client tsm does not display full output.
RLDP does not work on CT5500 or WLC2100 + HREAP AP.
SIP calls on roaming with CAC failure connects back without B/W reserved.
Counters not cleared during intra-controller roaming of SIP calls.
Addition of VOICE_CALL_FAILURE_5 Enum to QOS MIB.
WEBAUTH_REQD (8) Reached ERROR: occurred from the line 4055 in client debug.
Default-group for AP-groups does not contain all SSIDs.
AP is deauthenticated with a reason: power capability is unacceptable.
Management interface does not use HSRP MAC address when replying.
Cannot clear webauth bundle from controller.
WLC stops responding to network.
Controller URL sanitation issue.
With TACACS/RADIUS authentication, lobby admin was unable to edit the guest user role.
Duplex mismatch occurs when the 1140 the access point is directly connected to a Cisco 2100 Series Controller.
WGB intracontroller roaming must update its clients without an IAPP frame.
The access points 1142/1252 recognize 802.11n HT enabled clients as legacy ones.
The controller does not process flooded unicast traffic properly.
WiSM goes unreachable outside of the Catalyst 6500 Series Switch.
Controller webauth client never has to reauthenticate after session timeout.
Degraded voice performance occurs on HREAP local switching with TKIP + CCKM.
WGB fails to send IAPP updates after roaming.
The access point which is not correctly primed, keeps reconnecting with the master.
WiSM not able to FTP core dump when running low on memory.
HREAP: AssocFailPayload causes payload error in the controller.
Controller needs password recovery mechanism without losing configuration.
Controller lacks support for controlling the group key rotation interval.
Access points get disconnected during code upgrade.
AP 1250 fails to configure 40-MHz wide channel for sniffer mode.
DHCP proxy option does not validate if DHCP is required on WLAN.
Additional client statistics required for autonomous access points.
Controller fails to respond on task emWeb in 184.108.40.206.
LAG: Management interface change between port BIA and LAG port address.
LWAP DOS Attack trap message does not record the source MAC address.
Need to improve MFP scalability.
Next hop address stored in CAPWAP does not get updated on receiving GRAT ARP.
QoS Profiles Per-User Bandwidth Contracts not restricting traffic.
1242 AP ignores primary controller to join a wrong controller.
Internal WLC-DHCP not sending out NAK.
Unable to enable the WLAN while the APs are joining.
Controller fails to respond at "SSHpmMainTask".
Need to reboot wireless controller for upgrade to work.
Inter frame delay causing reassembly issues, breaking EAP-TLS auth.
Primary Discovery Request not processed for AP priority scenario.
Cisco 5500 Series Controller: Add new usmdb APIs for SNMP optimization.
Management interface unreachable via different subnet.
Controller unresponsive because of a deadlock on spamReceive task.
Cisco 4404 Series Controller fails to respond in version 220.127.116.11.
WLAN configuration not same when downloading backup config via TFTP.
Sometimes LAP cannot join the controller through alternative port in port redundancy.
Configuration on mesh link test RSSI output is incorrect.
Controller dropping primary discovery request from an AP that has already joined the controller.
Request to reduce the severity of the error msg: %APF-1-CHANGE_ORPHAN_PKT_IP
Access point logging related command does not getting uploaded.
Request to change min/max rogue RSSI rule values.
WCS 18.104.22.168 does not show mesh AP Root in map view.
Hybrid REAP gets locked up due to wedge input queue on radio interface.
AP 1252 with AP Groups and hybrid REAP do not broadcast SSID.
Static IP LAP cannot join a controller.
CCMP errors on key rotation.
When logged into Cisco 5500 Series Controller using Telnet, characters are shown multiple times.
HREAP: WebAuth user cannot log out after roaming.
Controller WiSM loading 3rd party certificate for web-auth disables HTTPS port 443.
Lightweight AP responds on port 22 when SSH is disabled.
Enabling broadcast forwarding versus multicast forwarding via CLI.
Insufficient memory/traceback on AP1130 and AP1232.
Controller running 22.214.171.124 is unresponsive at spam_CCM_decrypt+124
Remove Over The Air Provisioning (OTAP) in access points.
WLC CPU spike with emweb - controller not responding.
SNMP trap controls setting is not succeeded on 5.2.
File read errors in msglog file.
Wired Guest accessUser is not redirected to Webauth page after some time
Intermittent webadmin and webauth access on WiSM running 5.2.193.
WISM unresponsive on task sshpmMainTask System.
Controllers ARP table not updating after receiving gratuitous ARP update.
WiSM: System unresponsive - Task "cids-cl Task" taking too much CPU.
Authentication trap flag does not get saved on reboot.
AP Fallback causes client drop with HREAP.
Initial CAWAP Packets are sent to burned-in MAC by controller in HSRP.
Controller fails to redirect web authentication to an external server.
The packet: deb pm ssh-engine enable does not work.
1140 APs trying to join LWAPP controller.
Self IP Address displays error message: "No mobility record found for peer".
AP 1140 not joining WLC and logging tracebacks.
AP1252 fails to retransmit missing AMPDU packet in response to block acknowledgement.
Noise/Channel measurements not done on all DCA channels
Controller sends wrong MAC in ARP response, can cause mobility flapping
Clients can't be deleted from exclusion list if not present in association list.
The setting for WLAN security static-wep-key encryption does not get restored.
Delay in music on hold on 7925 with HREAP AP.
Controller locks up on SNMP task when pushing AP Group template from WCS.
Clients are mapped to the native VLAN of the H-REAP AP switchport trunk.
Fix 1800 second session timeout when H-REAP is in standalone mode.
Important TLS/SSL security update required.
Emergency image version shows up N/A.
WLC TACACS+ accounting sends large amount of white space.
1242 AP HREAP Mode unresponsive after %CAPWAP-5-CHANGED state to join.
Wrong message on GUI when controller image is upgraded while AP IDs downloading the image.
Incorrect source MAC in ARP request when WLC is in LAG mode.
WGBs are not shown as clients under Summary page.
5508 Web auth breaks with multicast MAC as gateway.
CPU ACL and service config priority change required for telnet.
AP in static address, uses wrong syslog and LEDs turn off for some seconds.
Rogue APs that are classified do not send trap when found missing
Show ap summary does not show the access point name.
AW:J:FFT: controller unresponsive when upgrading the access point.
Guest mobility anchoring fails when the guest roams between controllers.
4.2 Mesh MAC auth to external RADIUS has authenticator all zeros.
WLC Shared memory allocation failed after web passthrough enabled.
Massive DHCP flood/loop with NAC OOB - DHCP Proxy disabled.
AP fails to respond when clearing CAPWAP MGIDs for new client.
WLC fails to respond when performing findContextInfo+268.
Fiber port (gig3) does not create VLAN subinterfaces when bridging.
WiSM generates traceback in the msglog occasionally.
%MM-3-MEMORY_READ_ERROR: mm_mobile.c:464 Error reading mobility memory.
Reaper reset in DHCP task.
Wired Guest: DHCP required breaks web auth following session timeout.
SNMP Agent inserts nulls during mesh link test.
AW: TFTP upload broken for packet capture to windows TFTP server.
Inconsistent use of MAC addresses on controller.
2106 LAN hangs after high load with duplex mismatch.
WLC 6.0 - Inconsistency in AAA override feature.
RADIUS Attribute NAS-Port(5) not included in Access-Request for Web-Auth.
Web GUI: External Web Servers field needs to always be displayed.
The WGB connection breaks under EAPoL logoff attack.
The Cisco 5508 Series Controller DP unresponsive: buffer leak due to ARP storm.
AP drops packets with SIP Based CAC- WPA2/AES or tcp-adjust-mss/WPA/TKIP.
Controller unresponsive during ping of virtual interface.
Web authentication: Web page takes a long time to display under heavy load.
Cisco 5500 Series Controller encounters an internal membuffer system error.
APs unable to join WiSM.
Radio may stop transmitting beacons periodically.
The fix for auto immune attacks does not cover for incorrectly formatted association request. Does not cover missing IE.
4.2 Mesh controller memory leak in EAP framework.
Syslog not sent to server that is on same subnet as dynamic interface.
CPU ACL check for Outbound ICMP traffic should be removed on Cisco 5500 Series Controller.
Controller unresponsive at task sshpmMainTask under high web-auth load conditions.
WiSM hung unable to HTTP, HTTPs, Telnet or SSH. Only ping responded.
Cisco 5508 Series Controller- AP cannot join with Multicast MAC as gateway (checkpoint).
The command show tech from CAPWAP AP does not include CAPWAP information.
AP Unexpectedly joins the controller in bridge mode instead of local or H-REAP mode.
Client cannot transmit traffic if it reassociates to an AP within 20 seconds.
Any CPU ACL blocks service port DHCP offer.
Need source MAC in mentioned msglogs.
Cisco 5500 Series controller accepts a 4400 4.2.x.x image.
Traceback messages are seen on console logs for instruction *osapiReaper.
The command show exclusionlist does not display excluded clients it only displays disabled clients.
Controller unresponsive when 12 or more handsets associate to it.
LWAP DOS attack trap message does not record the source MAC address.
AP may crash during rate shift operation.
Controller only allows 47 access points to join on single port.
Memory leak in access point on CCKM failure.
APF-1-ROGUE_CLIENT_UPDATE_FAILED filling up syslog.
LDAP server does not respond for 15 minutes when an incorrect UN is used.
Access point MAC address discrepancy in aggressive load balancing packets.
OEAP does not respond to probes on 2.4 radio.
RRM TPC - Minimum power level assignment not working for levels below 4.
Controller PMKID debug output indicates "No valid PMKID" but PMKID works.
MFP - Cisco 4400 Series Controller running 6.0 version detects an MFP error of 5500 running 7.0.
The command show dhcp stats does not display when DHCP proxy is enabled.
XML error - while netusers configured.
CLI Allows "+" (Plus Sign) In AP Group Name Breaking WLC Config via GUI.
SANITY:5500 DP unresponsive: Hardware deadlock - all Packet Buffers in use
CT5508 - CAPWAP Control traffic has incorrect DSCP marking.
CPU Hog due to tight loop in case socket() or bind() fails.
AP power level reset to 0 when upgrading from 5.0 to 126.96.36.199.
Wrong BSSID in reassociation response during intracontroller roaming if CAC/CCKM fails.
Association response is sent with AID 0.
WLC unresponsive in dtlARPTask task.
The command show cdp neighbors detail does not display correct duplex type.
LAG fail-over does not work on CT5508.
Country is not lexicographically ordered.
The instruction cLApEntPhysicalIndex returns 2 always.
Cisco Flex 7500 Series Controller-AP "TCP Adjust MSS" value changed to 21253 in WEB GUI.
Mobility anchor configuration is not displayed on GUI after config upload.
Controller unresponsive when accessing 0xfefefefc while logging.
Running the CLI command renders the controller unresponsive.
Bootloader output on console port is incorrect.
Clarify support for third party chained certificates.
Need to prevent from enabling VLAN support for OEAP.
CT5508 188.8.131.52 - show ap crash-file does not include a timestamp.
Image predownload breaks HREAP standalone.
WLC as DHCP server for AP: CoS value incorrectly processed as a VLAN.
Release note for WLC 184.108.40.206 references wrong WCS version.
SNMP OID is not increasing in clcrRoamReasonReport table.
OfficeExtend Docs Need to Remove the WPLUS License Requirement for 7.0.
AMAC: MFP - Invalid MIC error due to held beacons on the radio.
Multicast traffic stops after fast roaming - incorrect AP client count.
5508 running 7.0 shows Field recovery images version as N/a
Extracting custom web authentication tar package may fail on 5500 WLC
Update WLC dot1x message logs to provide more useful information
Clients with a static IP address may get stuck in DHCP_REQD state.
The AP1140 fails for radio status check task.
Mesh: A MAP fails to join the WLC again if the MAP switches a RAP.
Docs need to specify that after successful web auth CPU ACL's apply.
AP fallback IP is not displaying in GUI
Key size support for third party certificates
Clients are unable to get a DHCP offer from WLC internal DHCP scope
*spamApTask4: %OSAPI-5-OSAPI_INVALID_TIMER: timerlib.c:543 Failed to return.
Need to document that WGB does not support DirectStream feature.
WLC does not bridge DHCP NAK to station and puts it into the RUN state.
Document QoS 802.1p tagging blocks traffic on untagged interfaces.
WLC may hang due to kernel Oops exception.
Add additional Country vs. Regulatory Domain mappings.
5508WLC generate duplicate ip add message & cause connectivity issue.
Release notes for upgrade path on 220.127.116.11.
QoS bandwidth limiting not supported on HREAP locally switch WLANs
Web GUI Help: Session & DHCP Corrections to WLANs > Edit > Advanced Page.
WLC kernel hang followed by flash issue; WLC not rebooting.
Native VLAN configuration is not consistent in HREAP
Wrong WLC version to support for 1260/3500 series APs.
Mounting bracket information references 3500 instead of 1260 AP
DHCP option 60 information is incorrect for 1260 series APs.
Instruction clMeshNodeBatteryChargingState OID always returns '1'.
Association fails on hybrid REAP access point when client changes SSID.
ARP entry cannot be deleted permanently in controller.
Radius CallStationIdType show undefined for ap-macaddr-ssid.
Intermittent webauth page with HREAP local switching.
Controller GUI does note have channel bandwidth selection for sniffer mode.
Multicast packets stuck on radio after WLAN changes.
Controller displays IP address 0.0.0.0 when it receives packets from console.
Switch CAM table not updated after L2 roam.
Downstream traffic degraded with OPEN environment.
Mesh AP sends all primary discovery simultaneously; causes drops.
Internal DHCP in a specific case returns "wrong IP address".
Cisco 5508 controller drops TCP UDP packets.
Management interface does not use HSRP MAC address when replying.
7925 CCKM WPA2 failure: CCKM: Failed to validate REASSOC REQ IE.
The value of ifSpeed in SNMP is incorrect in Cisco 5508 Controller.
CSCtg96879 is not applicable to 7.0, remove from open caveats in RN.
Controller 5500 does not use LAG_MAC when LAG is enabled.
Low throughput when using block ACK with low MCS rates.
Cisco 5508 Controller crashes when trying to shut the data ports one by one.
PMK cache must be cleared upon reception of EAP-Failure.
Controller running release 5.2 and higher releases config guides need to note about CISCO CAPWAP controller.
When configuring Hybrid REAP with WLAN local switching, the static IP address bypasses 'DHCP required.'
Controller unresponsive while executing the debug hreap aaa event command.
Client stuck in DHCP required state if roaming with AAA override enabled.
3500 series AP unresponsive - process CAPWAP client due to a memory error.
Cisco 2500 Series Controller unable to add 72 mobility group member.
Controller displays XML error if ACL is changed to "none" on WLAN.
TKIP MIC errors on clients connected to AP3500 due to Raw 802.3 packets.
LAG failover not working on Cisco 5508 Controller for FTP traffic.
Request to fix a pop up error message when handling web authentication.
Security baseline violation: backup restore on unit replacement.
Controller time displays one hour offset from NTP server time.
Passive clients are unable to pass traffic on Cisco 5500 Controller. This works fine on Cisco 4400 Series Controllers.
AP3500 in local mode stops servicing allowed WLANs on 2.4 GHz.
Containment of rogue access point and Rogue clients is ineffective.
EAP state not cleared on RADIUS failover.
Unified access points remove clients on maximum retries.
Cisco Flex 7500 Series Controller unresponsive on task emWeb when a running stress test.
WLC is not releasing the BIND for the first LDAP, the next user fails authentication.
Controller with of web authentication users may go unreachable or fail to redirect client.
Clients on service port VLAN cannot reach management interface.
Controller unresponsive when using a Bluetooth console serial adapter.
AP error due to process_execute; unexpected exception to CPUvector.
WLC data plane core fails to respond due to memory corruption.
C1130 core dump: Radio command cmd 21 (FF50,0,0) status 7F17.
Controller displays the error emWeb when running 6.0.199 in disabled client page.
Controller does not allow some rogue commands via TACACS+.
Controller RADIUS accounting stop packets are sent to the wrong AAA server.
AP unresponsive and core dumps due to low memory.
Cisco 5508 Controller forwards traffic on incorrect VLAN in AP group setup.
Wrong DTIM counter value.
AP names that contain spaces are lost in upgrade from 5.2 to 7.0.
When event driven RRM works, it changes global to custom channel set.
Persistent device avoidance does not work.
Subinterface not getting an IP address leads to high CPU and incorrect configuration.
CAPWAP encap ICMP reply packet from management interface uses burned-in MAC in HSRP.
11r IE should be removed from open auth reassociation response.
Controller unresponsive while running the command show ap eventlog.
Controller may fail to allow incoming traffic on ingress guest LAN interface.
Controller configuration for "avoid persistent non-wifi interference" missing.
Controller SNMP entPhysicalTable not returning all devices.
U-APSD state machine is stuck in "active mode" - trigger frames ignored.
WMM non-compliant U-APSD client does not "trigger" without TIM.
AP 1500 Global channel setting is changed to custom after reboot.
MC2UC (Directstream) stream stops due to IGMP query timeout.
RRM Start-Up mode is invoked under unknown conditions.
Cisco 5508 Series Controller does not allow RIPv2 updates.
Various access points unresponsive from block overrun or red zone corruption.
WLC does not use a consistent MAC address for forwarding traffic.
EAPoL key timer expires incorrectly.
ARP poisoning attack from wireless client on dynamic interface.
TACACS Authorization not allowing specific user roles full privileges.
AP unresponsive on CheckAdjustTransmitRate due to packet retries of WGB.
Anchor gateway failover breaks guest client traffic.
Some incomplete commands may cause the controller to be unresponsive.
IF-MIB::ifDescr changed in release 5.2 and later.
DP crash file contains incomplete backtrace.
Cisco 4402 Series Controller running version 18.104.22.168 is unresponsive with "Out of Memory" and "mwar_exit.crash".
Default CleanAir state is wrong if 11g is disabled.
Controller msglog shows Invalid ACL ID while debugging.
Controller unresponsive when executing task dtlArpTask.
ARP poisoning on 4400 platform using static IP address.
Cisco 5500 Series controller unresponsive- Software Failed while accessing the data located at :0x59.
DHCP flooded with redundant anchors and proxy disabled.
Web auth redirect fails with Hybrid REAP local switching.
Enabling password cleartext does not display some passwords in configuration file.
WLAN anchor information does not get saved correctly in configuration file.
Hybrid REAP access point rejects reassociation request without 802.11 authentication (Status 13).
Standalone hybrid REAP does not provide 11n access.
Client LEAR IP Address and L3 policies do not work together.
Controller is unresponsive at spectrumDataTask Reason: Reaper Reset.
WiSM unresponsive reaper reset: Task "dtlDataLowTask" missed software watchdog.
Memory leak sshpm, on sshencode line 252.
Controller forwards traffic to the wrong VLAN for the wired WGB clients.
Controller learns an incorrect MAC for Default Gateway of management VLAN.
The command clear arp does not clear all ARP entries in kernel.
Radio stops transmitting for several seconds under a high load.
ARP client protection breaks DHCP address reuse.
Mesh unresponsive on BVI restart by DHCP.
VLAN jumping is possible with WGB VLAN client support feature.
Cisco 5500 Series Controller unresponsive due to memory corruption.
H-REAP access point sends incorrect RADIUS service-type to backup server.
The command show net user summary Does Not Show Users Past 256 Entries.
HREAP - Reached max limit on the association ID for AP.
RLDP not restoring the serving channel causes the AP to reboot.
Memory corruption with SIP inspection enabled. Crash in PMALLOC_TRAILER.
Correct configuration guides concerning service-port IP addressing.
AP1130 unresponsive - IO memory corruption caused by bad 802.11 RX frames.
Controller leaking unencrypted frames for WGB clients.
AP1140 reboot by Reason: Radio Not Beaconing for too long
WLC 22.214.171.124 Release Notes
Addendum Release Notes for Cisco Wireless LAN
Controllers and Lightweight Access Points for
Special Build 6_0_196_158
Base Code: 126.96.36.199
Special Build: 6_0_196_158
ENGINEERING SPECIAL BUILD
6_0_196_158 is a build from 188.8.131.52, and it is an engineering special that resolves the following
CSCta13941 - AP rejecting association request with status code 13
CSCtb02136 - AP with AP Groups and HREAP will not broadcast SSID
CSCtb20125 - CCMP errors on key rotation
CSCtb92872 - WiSM: System crash - Task "cids-cl Task" taking too much cpu:
CSCtc23789 - AP radio down - interface stuck in reset
CSCtc57611 - Delay in Music on Hold on 7925 with HREAP AP
CSCtc73503 - Radios are showing Tx power level 0
CSCtd28542 - WLC crash on emWeb due to AP config change
CSCtd97011 - Radio core dump: Neighbor Discovery frames stuck
CSCte19262 - Client Deauthenticated – “Unable to locate AP 00:00:00:00:00:00”
CSCte55219 - radio core dump due to large # of uplink frames in inprog queue
CSCte55458 - Web-Auth: Web page takes a long time to display under heavy load
CSCte62815 - 5508 not passing OSPF Multicast traffic
CSCte78472 - Invalid PHY rate returned on ADDTS response
CSCte81420 - Crash in process: "Dot11 driver "
CSCte89891 - AP doesn't transmit beacons
CSCte92365 - Auto Immune - AP side
CSCte93549 - The dot11a radio not able to pass traffic, tx queue getting filled.
CSCte96140 - Ethernet bridging breaks when the Ethernet interface of AP 1242 flapped
CSCtf23682 - 5508 - AP cannot join with Multicast MAC as gateway (checkpoint)
CSCtf27580 - Ethernet interface input queue wedge from broadcast/uniGRE traffic
CSCtf34858 - Clients unable to pass broadcast traffic
CSCtf63030 - Radio may get stuck in RESET or DOWN state
CSCtf69598 - Memory leak in AP on CCKM Failure
CSCtf94589 - AP mac address discrepency in aggressive load balancing packets.
*ENGINEERING SPECIAL USE DISCLAIMER*
The Engineering Special fix supplied herewith is a Temporary Software Module which has undergone
limited testing. This temporary software module is provided “AS-IS” without warranty under the terms
of the END USER LICENCSE FOR THIS PRODUCT. Please use this software at your own risk. The
intention for this code fix is for you to use in your production environment until a released version is
Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
© 2010 Cisco Systems, Inc. All rights reserved. 95134-1706 USA