Cisco Support Community

Wireless - Mobility Blogs


Happy to Introduce “Wireless Config Analyzer Express” the next gen cloud based evolution of the WLC Config Analyzer (WLCCA) with powerful checks for Wireless LAN Controllers , Access Points (AP), Radio Frequency (RF), Mobility, Security, Mesh and Flex Configurations. “WCAE” provides state of art RF summary including stats summarization at WLC, AP group, Flex group level and RF health analysis at WLC, AP group, Flex group level.


Please access the tool in the tools section of @


WCAE Main Features (Feb 2018)


Config Checks

184+ checks for configuration issues, covering Security, WLANs, Mobility, Mesh, Flex, etc

Get the experience of hundreds of cases applied to your network in seconds

AP  Data Summarization

Get list of AP HW types and operational modes in use

RF Stats

Quick data summarization for main RF stats,  see what is happening at WLC, or AP group/Flex group levels

RF Health

Simplified RF analysis tool, translate those RF statistics into simple Health report

Log File Summarization

List all messages in a short list, get counts and initial/end time

Supported Controllers

WLC running AireOS

Any version

Any Hardware

File Types Supported

Sh run-config -> recommended option, gives you more bang for the buck

Sh tech

Sh msglog


WCAE is a public facing tool and anyone with a valid CEC ID can enjoy its benefits. Please feel free to share this tool with your customers and partners.  Note: Ensure that pop-up block is disabled for the page on your browser to run the script. Here are some cool screenshots from WCAE:


Controller Messages View

 Controller MessagesController Messages



RF Health view

 RF Health viewRF Health view

More information


The same backend engine is used on the Diagnostic Bridge as part of the Connected TAC initiative, you can join your network and  enjoy additional digitized expertize:



 Feedback buttonFeedback button

Questions? Features requests? Problems?  Please let us know!~


We're pleased to announce that Interim software 8.5MR1 Interim version is now posted on the Forum.

 Obtaining Pre-Release Software

  1. Please fill software request access form for 8.5MR1 Interim:
  2. Once above step is completed, access to all supporting materials and pre-released software will be made available to Cisco Beta Customers within 24 Hours at


1. Please make sure to use Aspera Client to download files, if downloading for the first time from you will be prompted to install Aspera Client on top of Website

2. Also please make sure to check your popup blocker if you are not able to download the code.]


In order for us to track found issues or simply comments or questions you must submit each initial feedback or bug via Feedback form through provided link:


Resolved Caveats 


CSCve64066       AP is not joining the controller when IP is changed from DHCP to static, for first time

CSCvf33154       Wireless to Wireless multicast failure on Cisco 2800, 3800 APs with WPA-PSK-TKIP

CSCvf81919       3800 AP crash: selipc causing double free

CSCvg07305       No error messages displayed when enabling FRA and RF group Leaders are on different physical WLC's

CSCvg26310       AP 2800 Radio Cores Caused by tx_recovery_failed after FW Beacon Stuck

CSCvg35226       Unable to change Antenna Band Mode to 1562E AP

CSCuz85056       Modifying IP mode from DHCP to Static does not chnage for a scenario

CSCvf05707       MAPs with no children on DFS channels unable to perform fast roaming

CSCvf08426       observed watchdog reset (mrvlfwd) crash on AP2802 with the load

CSCvf22689       8.5 Need WLC show command for sensor reachability verification for non-xor aps

CSCvf27305 - AP1815M MAP3 loses connection to controller when wireless client roams to it ...

CSCvf60045       Cisco Controller reloads unexpectedly on "config bleBeaconwhiteList add HomeDepot"

CSCvg22857       FEW - AP access-tunnels drop when WLC switches over

CSCvg31538       IPV6 traffic gets dropped in Encr mobility

CSCvg37134       AP 1800S sensor in most of the cases fails to join the neighbor AP

CSCvg37369       No data is displayed on assurance with 227 WLC image

CSCvg39156       DHCP should not be sent to WAP with AP ->WLC header within EoGRE

CSCvg39437       WGB should forward downstream broadcast traffic within specific vlan

CSCvg43083       Cisco 3800 AP DFS intermittent compliance failures

CSCvg46683       FEW - map server AP entries dropped when WLC switches over again

CSCvg51267       Tunnel not plumbed on the UCS HA standby when peer is in same VLAN

CSCve30380       AP3700 Flex mode AP not advertising Ext. Cap. IE in Assoc Resp

CSCve50340       broadcast-replicate feature does not replicate broadcast to non-native vlans

CSCve60014       Sleeping client entry not getting created after idle timeout

CSCvf05391       wlc not sending delete payload to AP on exclusion client manual deauth

CSCvf12011       Webauth logout fails after standalone - connected

CSCvf21673       Cisco 2800/3800 APs send block ACK packets using disabled data rates

CSCvf23943       FRA is impacted when AP 3800 modules (like AIR-RMVBLE2) are in use


CSCuw48090      Cisco 1602 AP 5-GHz radio stop transmitting / receiving frames

CSCux97132       AP starts the Channel Availability Check (CAC) timer after rolling back to a lower bandwidth

CSCuy61155       802.11b inconsistent probe response - band select enabled - 2.4GHz

CSCuz72195       AP Bridge does not forward BPDUs or VTP frames

CSCva59172       RF - Profile paramaters are not pushed for optimised roam

CSCvb57793       AP does not fragment EAP cert correctly

CSCvc50775       Webauth redirection stop working when AP manager is configured on a dynamic interface

CSCvd15449       FRA Probe suppression doesn't work for pre-association client

CSCvd42321       Cisco 1832 AP drops the CAC SIP 486 packet

CSCvd83486       Cisco IW3702UX AP will not join Cisco vWLC after 3+days

CSCvd91770       Trust-DSCP-Upstream broken on Cisco release

CSCve13779       AP2802 Rogue Detection config changed back to "Enabled" after AP reboot

CSCve18213       Foreign WLC leaks IPv6 and IPv4 multicast client traffic out of EoIP tunnel

CSCve33506       Client EAP-TLS handshake does not succeed with AP-COS APs

CSCve39780       1832 ME is dropping some 11a static IP client associations due to DHCP Policy timeout

CSCve47928       Cisco 8.5 release: AP is not joining the Cisco WLC after image upgrade

CSCve51301       Cisco 1850, 1830 AP: Stops beaconing

CSCve56341       Msglog flooding with MUTEX_UNLOCK_FAILED: trace backs

CSCve57121       3800 AP not passing traffic

CSCve57918       WLC IGMP queries not sent consistently

CSCve59671       WLC/ME: RADIUS fail-over does not work when retransmit timeout is not set to default value

CSCve63755       Cisco WLC running Cisco APs fail to join the WLC if it has LSC enabled on it

CSCve64652       AP crash CPU vector after: NZ prev pointer but not running, timer Process="LWAPP CLIENT"

CSCve65242       Cisco 702w AP radio resets with reason code 71

CSCve68039       Some APs cannot join the WLC because the WLC misrecognizes the number of APs

CSCve68787       Cisco AP is not transmitting out the de-auth frame over the air that was received from the WLC

CSCve72187       Micro-Macro transition configuration should be limited to within the defined range

CSCve75022       Cisco WLC does not apply QoS tag upstream from foreign to anchor

CSCve75339       Macro to micro transition threshold is not configurable on Mobility Express

CSCve75515       Configuration backup shows the time instead of the NAT IP

CSCve78449       Cisco 3700 AP: radio d1 reset: Tx jammed

CSCuz59858       Cisco 3500AP (SC1), client association failure - R2H Buffer full

CSCve81269       Clients failed to get connected to the Cisco AP in Flex mode with message as AID already in use

CSCve81314       Clients fails to connect to AID with message as All AID are in use when the AP is in Local mode

CSCve83024       WLC power supply issues not showing up on 360 page

CSCve84906       Traceback observed in Cisco WLC while something is fetched for Flex ACL with AVC

CSCve85321       WGB traffic disruption on missed beacons and no scan or roam

CSCve86627       bridging interface mode get reset to 'access' when configure MeshAP from GUI

CSCve90032       WLC Fabric Enabled Wireless: flooding logs with "Updating MS IPv6[1] Addr" logs

CSCve92127       WLC Data plane reloads unexpectedly on DP core 0 due to WDT

CSCve95309       'WL_IOCTL_SET_MGMT_SEND failed for apr1v0 error Bad address' msg on AP by Radio reset

CSCve96310       Cisco WLC installs certificate without a password. However, WebAuthentication fails.

CSCve96870       wcpd out of memory; AP-COS reloads, or fails to send auth or DHCP response to client

CSCve98689       Repeated CDP-4-DUPLEX_MISMATCH seen 1852 and 3802 APs are connected to 3850 switch.

CSCve98892       DNS lookup for RADIUS/TACACS+ fails because it is queried before the physical port is up

CSCve99696       CPU ACLs are missing after the WLC reload.

CSCvf01433       Cisco 1852 AP fails to send multicast packets to wireless

CSCvf02705       The IP-SGT binding is removed from SXP peer after a WLC redundancy switchover

CSCvf03024       The power constraint value is advertised as 3, though it is configured as 0

CSCvf05046       Cisco 1800,2800,3800 APs: correction in unit of antenna gain in show controller output

CSCvf05427       Cisco 2800/3800 AP cannot use the RX-SOP

CSCvf07062       channel assignment leader shows incorrect value on standby wlc

CSCvf07776       Cisco 2800, 3800 AP - FIQ stopped working due to firmware core dump loop

CSCvf12571       AP2800/3800- CAPWAP tunnel does not restart automatically after primary-base WLCName

CSCvf12728       Cisco 7510 WLC stopped working in SNMP task with no traceback

CSCvf15991       Client data traffic drops AAA override and link-local-bridging are enabled due to timing issue

CSCvf16629       The OUI string updates properly in Cisco 5508 WLC but disappears after a reboot

CSCvf17488       Cisco WLC reloads unexpectedly with task name: mmMaListen on

CSCvf22697       Flooding "Invalid checkpoint client ID (0)" message on Standby WLC

CSCvf23182       Radio parameters become blank after setting channel width to 40-above

CSCvf23432       Crash - DOT11-3-OFF_CHN_QUEUE_STUCK:  Flushing off channel Queue recovery acted

CSCvf25015       AP on reloads ENTROPY-0-ENTROPY_ERROR:unable to collect sufficient entropy

CSCvf26207       WLC running faces crash while running airewave director debug

CSCvf27533       3800 Ap in a constant crash reboot loop

CSCvf28800       AP 2800:  FIQ crashed due to  aptrace

CSCvf30881       After changing the AP CAPWAP v4 to v6, AP name is changing to default MAC name

CSCvf32021       WLC not marking TID in CAPWAP for TSPEC/TCLASS client after roam it is marked

CSCvf32864       wired client behind MAP(iw3700) is not able to send traffic to destination

CSCvf33081       WLC running is not accepting IPs for NetFlow exporter ending between .224 - .255

CSCvf34744       Correct fix for CSCvc78546 (Zero 801.11e QoS for downstream voice when CAC disabled)

CSCvf37785       On 1810W AP, multicast fails to pass on the LAN port when switchport for 1000M speed

CSCvf38154       Cisco 2800, 3800 APs- Dual DFS Fix that avoids False DFS triggers in HD environment

CSCvf38379       8540, 5520 WLCs won't boot - "System could not find 68xx Nic Card"

CSCvf38544       WLC: Jamaica Country does not add -E Regulatory Domain support for Outdoor APs

CSCvf39106       WLC IPv4 CPU ACL mapping is removed after redundancy switchover

CSCvf41342       HA SSO - Apply Config failed on Standby, Reason:5

CSCvf41485       WLC reloads unexpectedly when entering 'show run-config' command

CSCvf44285       8.3 does not allow use of spaces in Flex group names, no APs showed on GUI for existing names

CSCvf44497       Cisco 2800, 3800 Flex- If there is no RSN IE, yet the AP is advertising both HT and VHT IEs

CSCvf44583       Cisco 2800, 3800 APs transmitting at MCS/802.11n rates to clients with WMM disabled

CSCvf45017       Remote LAN with 1810w in flex not showing client IP

CSCvf45989       WLC DP core 0 hung due to RML interrupt handler

CSCvf47017       AP 2800/3800 AP - not able to boot and get stuck "BootROM: Image checksum FAILED"

CSCvf50387       new AP 1562 crash due to: FIQ/NMI reset

CSCvf50747       When traffic is not initiated by the WLC, the WLC does not check ARP table

CSCvf52008       WLC's GUI hanged and unexpectedly rebooted

CSCvf52723       IOS AP FlexConnect local switching - client cannot pass traffic when using 802.1X + NAC

CSCvf52875       SNMP:Junk characters in place of server ip when image download is initiated from Prime

CSCvf55570       Clients unable to connect when CCKM and FT802.1X are enabled together

CSCvf55741       Cisco 1532 AP cannot use static IP address when configured as mesh AP (MAP)

CSCvf56076       Calibration data stored for channels 40, 149 and 153 are incorrect

CSCvf56556       Guest User role cannot be called properly on the Cisco 2504 WLC platform

CSCvf57305       Issues with 1562s MAP taking a long time to join RAP

CSCvf57360       Wave2 AP clients constantly deleted with active voice traffic and optimized roaming enabled

CSCvf58977       RTU license count taking over Smart Account count

CSCvf59621       Cisco 3800, 2800 AP running release: TxFSM Stuck

CSCvf59685       Cisco 3602i/e AP reloads unexpectedly while failover occurs

CSCvf61110       Implement a knob to enable disable TPC optimization based on Neighbors within an AP group

CSCvf61646       11v BSS Transition Preferred Candidate List Not Included with Radio Policy Set to 802.11a Only

CSCvf61962       WLC crash due high CPU caused by SNMP task

CSCvf61975       WLC reaper not creating proper crash file

CSCvf62670       AP1850/1830 : Stop Rx without beacon drop in noisy environment

CSCvf62929       WLC randomly marks wireless management frames with DSCP CS0 instead of CS6

CSCvf63464       AP show clis seen having previously joined controller capwap tunneled WLAN entries

CSCvf65587       2504 controller not accepting 50 AP evaluation license

CSCvf67467       System crashing as Reaper Reset:Task wipsTask taking too much cpu

CSCvf68648       Dataplane crash when using EoGRE tunnel

CSCvf69070       Aironet2802 marking upstream client traffic with incorrect DSCP values when WMM is disabled

CSCvf71074       AP 1562 Failed to decode discovery response

CSCvf71136       Infra IPv6 AP drops off from the WLC every 4 to 12 hours

CSCvf72352       Rogue APs getting contained or containment pending automatically on the WLC

CSCvf72497       3600 AP dropping over dtls tunnel with 8540 wlc

CSCvf76245       debug client sometimes reports wrong BSSID in (Re)association message

CSCvf76739       2800/3800 AAA override VLAN doesn't work for native VLAN.

CSCvf77787       AP LAG fails using LACP with non-Cisco switches

CSCvf82065       1562 unable to pass multicast joins from RAP to MAPs

CSCvf82117       WLC fails to send complete IPv6 client information to Prime Infrastructure

CSCvf83404       VLAN override on RLAN with FlexConnect Local Switching does not work

CSCvf83733       WLC detects IDS Signature attack even if Signature Processing is disabled

CSCvf84211       WLC dataplane crash due to core 0 hung and RML interrupt handling

CSCvf84816       AP1810W Kernel Panic crash PC is at 0x4 LR is at _ieee80211_free_node+0x264/0x4b4

CSCvf86035       1815w Kernel Panic wlan_channel_frequency+0x10/0x18 LR  acfg_get_client_info+0x84/0x264

CSCvf86148       3800 ap crash

CSCvf87731       WLC Crash during AP join failure

CSCvf88091       Clients behind 3rd Party WGB fail DHCP post upgrade to

CSCvf89334       OpenDNS information is lost when Master AP fails over to the new one

CSCvf95036       1850 radio firmware crash at 0x009A4859, QCA 03132454

CSCvf97662       AP801/AP802 not support DTLS data encryption but it's configrable

CSCvg01740       Deauth reason pulled from association response code wrongly

CSCvg01874       Unable to add LSC CA Certificate on wlc GUI

CSCvg08894       3802 AP crash Watchdog reset reason: capwapd

CSCvg20439       1562 is dropping downlink unicast messages, making connectivity difficult across mesh link

CSCvg21845       WLC crash - Task Name: SXP SOCK

CSCvg29019       AP18xx : Bypassed scan in returning to DFS channel after blacklist timeout

CSCvg10793        Key Reinstallation attacks against WPA protocol

CSCvf47808         Key Reinstallation attacks against WPA protocol

CSCva18887       ME : IOS AP flash corruption issue

CSCvb64056       nat-pat & central DHCP is disabled on AP after reloading AP

CSCvc71012       Error in retrieving number of mDNS policies with command "show mdns policy service-group"

CSCvd09394       AP3700: Tx util values are not changed

CSCvd21375 - 1562 RAP doesn't show (DFS scan in process) like Crete does ...

CSCvd64928       System stopped working on PMIPV6_Thread_0 during creation of LMA entry

CSCvd80240       FlexConnect AP sends associate response with wrong HT capabilities

CSCvd90160       AP2800 sending announce as 0 in Reassociation response in FlexMode in FT and adaptive FT

CSCvd95557       For Non-DPAA AP Model, client stuck in Authentication Mode while associating

CSCve18089       vWlc:Data switching role changes from local to central upon roaming b/w click-AP's

CSCve28491       APs in Flex mode with interface configured trunk with multiple VLANs missing links to switch

CSCve31474       WGB HSR 802.11v neighbor report error message when Infrastructure MFP is enabled

CSCve44977       WLC Dual Band radios showing incorrect suggested mode

CSCve56210       Uva: Observed command-timeout while XOR radio was in Sensor mode

CSCve56404       Cisco 8.5: Cisco XOR radio configured to Sensor mode using GUI has operational state down

CSCve61201       When tput improves above earlyliftthreshold, UE authentication int successful

CSCve66810       eca-ios-ap: data acl and cwa redirect acl not pushed to ios-ap's

CSCve67164       eca-ios-ap: Wrong webauth status at ios-ap

CSCve67229       Sanity:  ap1800i rebooted error msg : apsw_watchdog about to reboot with reason: wcpd

CSCve69442       Mobility with DTLS: no PMTU discovery packets sent

CSCve81183       Cisco 2800, 3800 - Rx hang in release

CSCve83915       32 chars match role string is not accepting in CLI unlike in GUI

CSCve86203       eca-ios-ap: downstream bssid/client qos policing and marking not effective (CD21)

CSCve88087       AP18xx WMM parameters not pushed to radio FW, QCA 02998094

CSCve88574       vEWLC AP-SSO: Data-keepalive sent to Old Active MAC and dropped at controller after SSO

CSCve89376       Cisco Wave1 APs sends RA periodically when EoGRE tunnel profile is added to the AP

CSCve91836       AP crashed when running Multicast Flex Mode script

CSCve93715       ewlc: click-os 3802 AP crash -capwapd

CSCve96480       IOS AP stopped working when it is changed from sensor mode.

CSCve99067       Assurance:  JWS Token creation failed error on WLC

CSCve99744       Crash on form submit Global config- ewaFormSubmit_glbl_conf+5764

CSCve99763 - Crete MAP2s experience roaming issues ...

CSCvf00877       8.5: cmdtimeout when xor in sensor mode, band mismatch errors

CSCvf04412       2800/3800 AP acting as ME stopped working due to watchdog reset (OOM) after 23 days up time

CSCvf05003       eWLC:Mobilitty Tunnels are flapping post SSC integration if aireos is server

CSCvf05776       Target assert  XXXXXXXX WAITING FOR STOP EVENT on Cisco 1810 AP

CSCvf07189       8.5 Incorrect prompt after executing any CLI with (y/n) option

CSCvf07775       Cisco 2800,3800 AP - Kernel panic FIQ or NMI - Panic in click

CSCvf09441       PMIPv6 MAG is not initialized in the backend

CSCvf10157       Wism WLC stopped working with emWeb in build

CSCvf10810       Partial collection failure for Mobility express

CSCvf11433       Sanity:core-mrvlfwd and core-wcpd found in ap3800 with

CSCvf12246       Mesh: Assoc ID is always passed as 1 to all clients

CSCvf12355       FEW : Unknown Clients IPV4 address on WLC when Clients joins on IOS 3700 AP

CSCvf16842       Tunnel Gateway (TGW) in Cisco 3802 AP comes up only after the Heartbeat interval expires

CSCvf17085       The radio of Cisco 3800 series AP stopped working after an image reload

CSCvf17133       8.3MR3:"config dhcp address-pool test" hits "Invalid scope specified."

CSCvf17294 : Radio Reset, wlChkAdapter(2686): regval ffffffff for wifi0

CSCvf18505       When WLC adaptive/fastlane is disabled, the CCX IE is missing in probe response Wave 2 APs

CSCvf18545       Farallon AP image with swim support

CSCvf19717       Modification of Single host-multihost-mab enable/disable results in rlan removal

CSCvf19891       Cisco 3800 and 2800 series APs stopped working when an SKB from Linux host was freed twice.

CSCvf20997       Hotspot getting enabled with open security in WLC

CSCvf22342       Cisco 3800, 2800 AP running release: TxFSM Stuck

CSCvf22977       Not able to delete Radius Auth server with RFC3576 enabled  form CLI.

CSCvf23193       eCA : Assurance token and URL details are not pushed to APs in Sensor mode

CSCvf23812       AP2800/38008.5: FIQ reset on ME WLC

CSCvf25062       AP3800 on[cmd mismatch] wifi0: Host Cmd:0x9201 F/W Cmd:0x8001 Last:0x801d

CSCvf28913       WLC FRA configuration menu VERY confusing

CSCvf31767       AP group entry duplicated, cannot delete AP group, access existing AP groups

CSCvf33168       FEW:  all access-tunnels taken down when fabric interface deleted

CSCvf33658       Observed L2 and L3 roam failure more than 5% in polaris-longevity with 1800 series AP

CSCvf33937       system crash from do_pingInet task

CSCvf38293 AP3800 Radio 0 stopped

CSCvf39202       3600 AP continuously reloading after data dtls config mapped to AP

CSCvf41057       Clients QoS level changes automatically to silver from gold during local authentication

CSCvf41909       XOR radio is not set to lowest Tx power after moving to 5-GHz band by FRA

CSCvf44061       SNMP get or walk on device for bsnAPBridgingSupport returns ENABLE for AP2800/3800

CSCvf46047       AP: C3700 image upgrade support from 8.3 to 8.6

CSCvf46715       Cisco 3800 AP running Kernel panic seen on alpha

CSCvf47198       1815M-Mesh: Fixed backhaul rate configuration does not work

CSCvf48180       Beacon stuck on 2.4GHz band radio

CSCvf51254       8.3MR3: MU-MIMO: Radio 1 crash from muTxDone()

CSCvf51690       DHCP option 60 string is not showing in wired capture in DHCP request for 2800 series AP

CSCvf51780       AP3504 WLC crashed during external webauth redirection with MAX length URL

CSCvf55262       Corrupted packets during awpp link formation

CSCvf56465       wlc does reflect 400 error codes

CSCvf57477       AP 3800 Radius Server config is getting changed when upgrading from to

CSCvf57859       Ceiling not working if DSCP sent is higher than metal policy of WLAN

CSCvf59630       XOR radio does not move to 5GHz/Monitor bands after being marked redundant

CSCvf60313       Sanity:Core file found on ap1560 with

CSCvf64268       ME: Once opening and closing the DHCP lease the crash was occured to the device

CSCvf65100       AP3800E/2800E- Apple Broken Antenna Detection ant_mon_detection_time_secs initialization

CSCvf65574       IOS AP flap upon switchover and client summary table not showing client with IOS AP

CSCvf68673       AP is doing reassembly of uplink packets, which is causing ping fail for jumbo pkts

CSCvf68674       8.5MR1: ptr_meshFileCfg.cfg.convMethod value = 3 is out of range min = 0 and max = 2 upgrade

CSCvf69071       WLC 3504 factory default license issue

CSCvf71897       3800E All antennas are reporting weak signal. A is enabled and BCD disabled for weak-RSSI

CSCvf72997       8.6: 1832 kernel panic

CSCvf75532       AP-Group:AP group name configuration is not persistent after AP reload when it is configured from AP

CSCvf75869       2800/3800 radio0 crashing in longevity due to 3rd party FW issue(s)

CSCvf76161       ME: Master AP running with 100% CPU Utilization

CSCvf76528       wlc(5520) crashed with Task Name:\tapfMsConnTask_4

CSCvf77017       [vEWLC]:2700 AP always send DSCP 32 in Upstream for IPv6 Traffic

CSCvf80317       FEW - map server AP entries dropped when WLC switches over

CSCvf81993       Sensor heartbeat stopped working when AP in sensor mode for 1832I after some time

CSCvf82214 WLC image does not log msglog

CSCvf82379 - Standby WLC (AIR-CT5508-K9) crashing with haSSOServiceTask0

CSCvf83594       Client moving to RUN state from webauth reqd after reassoc request

CSCvf84540       Cisco 3700 AP: radio d1 reset: Tx jammed, probably beacon was not really sent by Hw

CSCvf85093       Downstream policy-map removed from bssid target after controller switchover

CSCvf85489       AP is not able to join the WLC with LSC enabled

CSCvf85758       Data path flaps on HA switchover

CSCvf87646       AP 2800/3800 Sniffer mode: Sees frequent kernel panic crashes

CSCvf89222 standby wlc-8510 - crashed with rmgrMain due to IPC timeout has occurred multiple times

CSCvf89413       FEW Sanity: Client stuck in DHCP-REQD state after enabling fabric

CSCvf92627 AP - AP3802E-B - AP crashed due to watchdog reset(with reason: out to reboot with r)

CSCvf94486       For 802.11ac, client estimated throughput drops drastically after connecting

CSCvf94574       Not able to create ipsec profile

CSCvf94707       After CoA, when client connects within backoff timer, WLC sends Access Request

CSCvf95048       AP group: When RLAN AP moves from old AP group to new AP group,old RLANs are still maintained

CSCvf96146       IRCM 16.7.1:Mobility tunnels are flapping between vEWLC and 5508

CSCvf97201       8.3MR3: MU-MIMO: Radio 1 crash from muTxDone() - more trigger in addition to fixes in CSCvf51254

CSCvg01352       IPv4 traffic drops with "Packet needs to be fragmented but DF bit is set" and MTU mismatch

CSCvg01771       AP1815 / TSN Wifi / Star Wifi: Fail to boot after power-off during u-boot upgrade

CSCvg01883       ClickOs:client association failed with A radio

CSCvg02335       https communication is not enabled in Farallon image download

CSCvg04022       Encrypt mobility enable/disable fails with HA from GUI

CSCvg04081       AP2800 sending announce as 0 in Reassociation response in FlexConnect Mode in FT and adaptive FT

CSCvg04758       Control Path flaps post switchover

CSCvg07438       AP3800: Low throughput due to packet drops in AP in both fragmented and non-fragmented packets

CSCvg07783       Vulcano New P3 modules are not getting dhcp address with AP2800/3800 VE AP. The module is up.

CSCvg08820       Client failed to join Click-AP with A radio alone in local mode

CSCvg12223       Flex mode- WLC does not send all neighbors for a client

CSCvg13374       CCO download DNS breaks after poll and and manually configuring to invalid DNS server

CSCvg14346       WLC- is flagging Misc_Reason 0x9 as an Invalid Apple Reason Code but displays proprietary failure

CSCvg18366       AP hostapd deleting client entry when client goes to FWD state in WCPD

CSCvg18978       Sensor: AP2802I when in radio as sensor radio 0 crash

CSCvg23317       [ECA-SIT]Join Request- PMTU -NOP Payload Parsing issue with Click APs

CSCvg27595       Sensor: 5G radio results in AP2800/3800 XOR have default connectivity values

CSCvg29907       AP 3800/2800 AP sending wrong BSSID in the Request,Identity packet

CSCvg30754       Hyperlocation: AP join issues

CSCvg31499       AP 3800/2800 and .61 when AP is in flex mode, AP crashed due hostapd process.

CSCvg33285       Sensor : AP2802i : Synthetic tests stops during longivity run

CSCvg33908       AP3800/2800: Apple Broken antenna detection feature won't work without NDP frames

CSCvg35961       8.5MR1: AP2702 radio reset and rcore - rec fail

CSCve12846       Flex mode AP18xx not prioritizing packets based on QoS Map

CSCve13886       WPS signature is getting disabled upon upload or download

CSCve69973       2800/3800 - Throttle Assoc requests to WLC

CSCve79184       1832,1810 AP doesn't send the proper DSCP values to the wlc(data dtls) (upstream QoS marking rework)

CSCvf01576       Cisco 3504 WLC is not generating a crash file.

CSCvf07640       [5520] Setting an IPv6 address for primary-base on an AP from WLC cuts off last characters      after ::

CSCvf12011       Webauth logout fails after standalone - connected

CSCvf16340       8.3MR3:After WLC upgraded to  8.3MR3, Hydra shows "host/RAM_fw Build Ver Mismatch: H:0x47, F:0x5 !"

CSCvf16466       3802 AP sending incorrect DFS channel list to WLC

CSCvf19926       8.3MR3:OSAPI-3-MSGQ_RUNNING_HIGH: [PA]osapi_msgq.c:926 Message queue BCAST-DATA-Q  is nearing full.

CSCvf30035       wlc crashed due to SXP CORE not releasing lock

CSCvf29208       AP2800/3800/18xx-Mesh: Fixed backhaul rate issues.

CSCvf30828       ME: 1815M AP crashes when clients connecting to AVC enabled WLAN

CSCvf31054       continuous FIQ/NMI reset crash for 3802 ap when xor in sensor mode

CSCvf34480       Uva FEW Cheeta-AP loosing flex-avc-profile config if one out of 2 WLAN disabled

CSCvf38393       NDP on 2800/3800 not transmitting at Correct Power on 802.11b/g/n Channels

CSCvf40071       WIPS engine gets disabled on 2800 after AP reboot

CSCvf41587       3800I : {watchdogd} apsw_watchdog about to reboot with reason: wcpd

CSCvf43759       issue 'no bvi-vlanid' on WGB does not cast IAPP message to refresh BVI vlan id on AP

CSCvf47744       ping fail between routers after route setup with radio link

CSCvf49632       Capwapd crashed after enabling capwap payload debug

CSCvf60009       Ethernet daisy chain IW3702 GE1 1Gbps reload same time when configured speed 100 & duplex full

CSCvf69869       In new mobility with NAT, Client connected to foreign is unable to communicate

CSCvf69955 - Kernel Panic seen on 1542 Mesh APs

CSCvf95503       11r roam flexconnect local switch OTA FT-8021x fails intermittently on Corsica

CSCvg10680       DTLS handshake takes more time to get established successfully


Why we need "IP Options". If we disable "IP options "under global inspection in ASA. What could be the issue? 

Is it recommended to disable inspection for "IP Options" in ASA?




1 Comment

We're pleased to announce that Interim software 8.3MR3 Interim version is now posted on the Forum.

 Obtaining Pre-Release Software

  1. Please fill software request access form for 8.3MR3 Interim:
  2. Once above step is completed, access to all supporting materials and pre-released software will be made available to Cisco Beta Customers within 24 Hours at

[NOTE: Please make sure to use Aspera Client to download files, if downloading for the first time from you will be prompted to install Aspera Client on top of Website]


In order for us to track found issues or simply comments or questions you must submit each initial feedback or bug via Feedback form through provided link:

Resolved Caveats

CSCvf17085The radio of Cisco 3800 series AP stopped working after an image reload.
CSCve68039Some APs cannot join the WLC because the WLC misrecognizes the number of APs
CSCvf39106WLC IPv4 CPU ACL mapping is removed after redundancy switchover
CSCvf41405WLC: Need to correct changing MDIE behavior in case of adaptive WLAN
CSCvc50775webauth redirection stop working when AP manager is configured on a dynamic interface
CSCvc71012Error in retrieving number of mDNS policies when given command "show mdns policy service-group"
CSCvf09581Samsung S8 device cannot stay associated with 11v enabled on Wave 2 APs
CSCvf12728Cisco 7510 WLC stopped working in SNMP task with no traceback
CSCvf417268.3MR3 "show advanced fra" showing COF/Suggested Mode as None
CSCva37010Invalid staid XXX received
CSCuh45072WLC HA tacacs+ authentication authorization sent to different AAA server
CSCvd20944Msglog flooding *sntpReceiveTask:%LOG-3-Q_IND: [PA]env_monitor.c:100 Check sensor fail: fan status
CSCvd93004NMSP status is inactive with hash key mismatch
CSCvf403068.3MR3: COF calculation not getting propagated after FRA run
CSCvf07775Cisco 2800,3800 AP - Kernel panic FIQ or NMI - Panic in click
CSCvf09758Providing correct fix for CSCve73774 (AP1850 didn't work Fault-Tolerance as expected).
CSCvf125712800/3800 CAPWAP tunnel doesn't restart automatically after configuring primary-base WLCName
CSCve25629HA WLC must send authentication and authorization request to same server
CSCve43125IW3702 -F domain support
CSCvf30451FRA Last run is showing incorrect time on standby wlc
CSCvd163803800 detecting DFS False triggers
CSCvd940042800/3800 detecting DFS False triggers
CSCve42311Cisco 3800 AP experiences kernel panic due to double free in wireless driver during radio coredump
CSCve87941hydra oeap local client can't get ip
CSCve89496AP stops servicing clients
CSCve92259Cisco 3800, 2800: APs start beaconing during CAC period if AP boots up in DFS channel
CSCvf444972800/3800 FLEX - If there is no RSN IE, yet the AP is advertising both HT and VHT IEs
CSCve99696CPU ACLs are missing after the WLC reload.
CSCvf23182Radio parameters become blank after setting channel width to 40-above
CSCve26965AP2800/3800 Last Reload Reason incorrectly showing as Reload Cmd for AP BootScript
CSCvf470172800/3800 - not able to boot and get stuck "BootROM: Image checksum verification FAILED"
CSCva69083Controller drops NMSP packet from MSE
CSCvf32021WLC not marking TID in capwap for TSPEC/TCLASS client after roam it is marked
CSCve26935Cisco 2800, 3800 AP displays low throughput for IPv4 TCP with Windows 10 Creator
CSCvc30828AP does not allow world mode to be set via GUI on 15.3(3)JD
CSCvf30881after changing AP capwap v4 to v6 AP name is changing to default MAC name
CSCvd78495Failed to get ARP entry due to Aquantia PHY driver not loaded

Resolved Caveats

CSCva50180AIR-CAP1602I-E-K9 stopped working
CSCuy29182Peer Upload:No progress status, no error, normal Upload error misleading
CSCuz97296AP3500: Client Pak stuck during Payload Encryption
CSCva27419Channel changed trap with Unknown Radio Type on dual band radio
CSCva59172RF - Profile paramaters are not pushed for optimised roam
CSCva87833AIR-CT8510-K9 crashed
CSCvb14702client couldn't join if it sends two assoc at the same time
CSCvb57793AP does not fragment EAP cert correctly
CSCvb71347WLC multicast config not coherent for code upload/download
CSCvb86237Cisco 8510 WLC stopped working Task Name: TempStatus
CSCvb89967Rogue reports don't have source mac address populated
CSCvb90235Cisco3700 WGB inconsistently facing joining issues because of no probe response by 3600-11ac root AP
CSCvc07674WLC sends ciscoLwappApAssociated trap twice when AP2800 join
CSCvc1767883MR1: wrong "enable global mDNS snooping" message when clinking apply on barbados edit
CSCvc18786WLC stops working during multiple login sessions either with local user or with TACACS+
CSCvc19987Fresh WLANs not getting broadcast in AP3802
CSCvc24104Rx-SOP threshold failed to set with AP model 1852/1700/1815/1830
CSCvc24917Defect of msglog corresponding to 'AP Message Timeout: Max retransmissions reached on AP ...'
CSCvc28035clDLApBootTable shows blank when WLC has 2800I AP
CSCvc35183CISCO-LWAPP-CLOUD-SERVICES-MIB: Parse errors like bad month and undefined objects
CSCvc37641AP 700 doesn't provide SSH access in wips submode for flexconnect
CSCvc51637802.1x CCKM roams fail on WGB at GTK key rotation
CSCvc51666Cisco Wave 1 AP transmits on disabled rate 24Mb
CSCvc55430WLC HA redundancy management interface not reachable for a short time after failover
CSCvc56757WGB HSR 11v neighbor report validation fails when Infrastructure MFP is enabled
CSCvc61795IP call setup fail after L3 handover happens during call among 1832
CSCvc677051815 : Flex efficient predownload failed
CSCvc71537WLC profiles 7925 incorrectly
CSCvc727248510 AP SSO stopped working on portalProcessLogout
CSCvc846371810W sending invalid AC_NAME when WLC hostname is 31 bytes long
CSCvc85158AP Group configs not retaining during upload and dowlnoad config.
CSCvc90036Unable to convert CAPWAP AP to Mobility Express
CSCvc93377Tracebacks and MFP queue logs filling up the msglog on WLC.
CSCvc94704WLC crash due to task dtlArpTask
CSCvc96076Cisco WiSM2 HA - standby stopped working with task name spamApTask2 in ideal state
CSCvd09507Rogue rule substring-ssid turns invalid on WLC when user configured SSID is included in PI template
CSCuc78713dWEP client cannot receive broadcast after broadcast key rotation
CSCuy75333Cisco 2504 WLC config restoration fails due to multicast mode command
CSCuz59858AP 3500(SC1), client association failure - R2H Buffer full
CSCvd16346WLC memory corruption occurs when TACACS+ responds with unknown attributes
CSCvd23185WGB wired clients not seen by WLC
CSCvd23301WLC GUI trapflags for client association with statistics does not display correct configuration
CSCvd23902Cisco 1532AP: root bridge drops packets from non-root bridge in non-native VLAN
CSCvd26885Unit of probe suppression hysteresis should be 'dB'
CSCvd28374Cisco 802AP incorrect base radio MAC assigned not ending with zero results in only one BSSID support
CSCvd304862800/3800 - Radio incorrectly shown as disabled due to PoE
CSCvd31705AP: Offchannel cleanup in IRQ context can trigger an indefinite loop if sensorD owns the radio
CSCvd35885ME2800 Crashes with Task Name : capwapSocketTask
CSCvd36190Cisco 5520 WLC stopped working with taskname haSSOServiceTask6
CSCvd37522show run-config commands: incorrect index numbers for RADIUS Accounting Servers
CSCvd42669Cisco 2500 WLC stopped working
CSCvd44909Client traffic dropped in Anchor foreign AirOS setup with new-mobility if foreign client behind NAT
CSCvd45744Customer reports that AP reboots after 4 hours while doing site survey
CSCvd56588In 2800 and 3800 series APs, incorrect RSSI values are displayed when client associates to XOR radio
CSCvd61468Custom mDNS profile is not saved on the WLAN config after the reboot
CSCvd62184AP3600: Radio reset /w reason reqsema on 8.3MR2
CSCvd62568XML validation is failing for the AVC profile
CSCvd67730Client fails PSK SSID authentication after master AP reboot (EAPOL M3 not sent on 4-way handshake)
CSCvd68141WLC stopped working at task nmspRxServerTask
CSCvd72131Cisco 7500 WLC in flex-mode stopped working after the SNMPTask Reaper reset
CSCvd74297AP3800/2800: Extended core dump CLI is not persistent
CSCvd79511Radius Admin mode goes for Disable state in LTB setup
CSCvd80240FlexConnect AP sends associate response with wrong HT capabilities
CSCvd80508LAN ports of the 1810W AP are stuck on Admin-Down after modifying RLAN settings
CSCvd86566Client with incorrect NAI realm gets Access-Accept from Radius Server
CSCvd90377WLC is applying wrong ACL to clients when doing CWA
CSCve02210SNMP OID that is used to monitor WLAN status for FT is returning wrong results
CSCve02585Webauth login page is not showing up after enabling TLS1.2 on WLC
CSCve02612HA-Config sync fails on standby when flex AP configs are modified
CSCve02689Silent reboot is observed after the memory usage goes up to 85%
CSCve05507Retransmit configuration is not reflected when new 1800, 2800, and 3800 series APs join the WLC
CSCve13779AP2802 Rogue Detection config changed back to "Enabled" after AP reboot
CSCve20123Corrupt voice packets are observed when a client with an active call does an inter-AP roam
CSCve208258.5 rf-group  member ip address  updated as reverse in config
CSCve22001ME Default value of Wlan param is cahnged after config restored
CSCve24687Channelization issue occurs when Cisco 3802 AP reverts to channel 36 for 75% of APs at a site
CSCve27826WLC-8510  -  Transfer failed on both active/standby
CSCve33506Client EAP-TLS handshake does not succeed with the Cisco 1830 AP
CSCve35431Downstream QoS 802.11 UP marking does not work for Flex AVC profile
CSCve37579Cisco 3800 AP stops working due to WIPS kernel panic
CSCve37770Cisco 5508 WLC stops working when AP's radio CLI command is executed
CSCve45744Cisco 1850 AP stops working due to memory leak in slab SUnreclaim
CSCve49741Cisco WLC fails to send SFTP and FTP when using untagged interfaces on different ports
CSCve52807crash standby WISM with task name 'rsyncmgrIpcqTask' on
CSCve61049Radio resets in Cisco 2700 AP
CSCve63497Cisco WLC stops working with Task Name emWeb when timer changes
CSCve63755Cisco WLC running Cisco APs fail to join the WLC if it has LSC enabled on it
CSCve63800Prime Infrastructure does not show all WLANs when querying MIB bsnAPGroupsVlanMappingSsid
CSCve66007Cisco 8540 WLC stops working with Task Name emWeb
CSCve66630Clients cannot connect to Cisco 3800 AP when configuring TKIP only WLAN and PSK with central auth
CSCve68787Cisco AP is not transmitting out the de-auth frame over the air that was received from the WLC
CSCve75022Cisco WLC does not apply QoS tag upstream from foreign to anchor
CSCve76202WLC IPv4 CPU ACL is applied as IPv6 CPU ACL during backup recovery or SSO failover
CSCve80178AP 3800/2800: TPC implement not advertising same WLANs (different AP Group)
CSCve8391532 chars match role string is not  accepting in cli unlike gui
CSCve86609Dynamic interface default gateway must not be configured to "" in CLI
CSCve89758vWLC code download fails with HTTP mode
CSCve90085Active WLC in HA pair crashes with task apfRogueTask_0
CSCve96310Cisco WLC installs certificate without a password. However, WebAuthentication fails.
CSCve96480IOS AP stopped working when it is changed from sensor mode.
CSCve98892DNS lookup for RADIUS/TACACS fails because it is queried before the physical port is up
CSCvf03782WLC stopped working on emWeb with "ewaFormSubmit_file_upload" in stack
CSCvf050461800/2800/3800 AP Correction in unit of antenna gain in show controller output
CSCvf09441pmipv6 MAG is not initialized in the backend
CSCvf09458Cisco 2800/3800 series XOR radios are not moving to 5GHz or Monitor mode
CSCvf15991Client data traffic drops when AAA override and link-local-bridging are enabled due to timing issue
CSCvf16629The OUI string updates properly in Cisco 5508 WLC but disappears after a reboot
CSCvf17488WLC crash with task name: mmMaListen on
CSCvf31894Backout changes - CSCvc78546 that leads to CSCve20123
CSCvf33081WLC running is not accepting IPs for NetFlow exporter when ending between .223 - .255


Release Interim (8.0MR5)

We are pleased to announce Interim Release for 8.0MR5.

Please Register at below link to participate.

Once Requested for the Access on above link, Permission will be provided to download the Code from below link within 24 hours.

Please select filter as 80MR5Interim

Please feel free to provide any feedback at below link:

Resolved Caveats

Identifier Headline
CSCuc78713 dWEP client cannot receive broadcast after broadcast key rotation
CSCuq28038 Hop2- multiple attempts to rejoin WLC in very-fast convergence
CSCuq86263 False DFS detection on 1600
CSCur37829 AP Mgmt through non native vlan - WGB clients doesnt join the AP
CSCur63031 AP error: %ENTROPY-0-ENTROPY_ERROR: Unable to collect sufficient entropy
CSCur68316 802AP-891 in flexconnect mode are losing vlan mapping after power cycle
CSCus83638 5-GHz radio on Cisco AP beaconing but not accepting client associations
CSCuu08012 AP2700 CleanAir sensord died (src/dspm_main.c:389) - slot 0
CSCuu98142 AP1242, AP1131 cannot function as mesh Root AP
CSCuv33255 AP CDP neighbor information is missing/outdated
CSCuw29539 AP running lightweight IOS will not discover WLC using DNS
CSCux90031 intermittent multiple packet/ping drop between RAP and MAP 1572
CSCuy13829 AIR-CAP2602I crash on dot11_pmkid_timeout
CSCuy32349 NDP timer change for 7.6 parity
CSCuy53596 CleanAir fatal error and radio reset on Flex+Bridge AP
CSCuy63094 1572CM AP Not sending Option60
CSCuy93000 SC2 Radio Randomly sending Corrupted timestamp BCN on Hidden SSID
CSCuy94534 3700/2700 on DFS dont see 3700/2700 as neighbor when Rxsop High/Med/Low
CSCuz20714 WLC crashes on emWeb with Reaper Reset
CSCuz22367 3502 AP crash in "LWAPP RM Receive process"
CSCuz47559 error saving config file happens on multiple 2702
CSCuz49804 Fix AID leak problems
CSCuz72994 FT clients reassociation denied leading to full association
CSCuz79051 WiSM2 crash in ewaFormServe_multicast_detail
CSCva03376 UX-AP3702i After primed carrier set 5GHz only allowing four UNII3 ch
CSCva27711 FlexConnect: AP radio reset during FT when Central DHCP is enabled WLAN
CSCva28211 AireOS UX AP : 'JP' should be used as world mode in Beacon/Probe Res
CSCva36161 1600AP crash while 11w client connect/disconnect
CSCva41482 Autonomous AP does not forward ARP requests to client on tag VLAN
CSCva50180 AIR-CAP1602I-E-K9 stopped working
CSCva50196 Memory corruption EAP for Mesh
CSCva54211 IPsec tunnel of WLC with Linux Peer fails for AES128
CSCva56521 8.0MR4, 1600 AP False DFS detection
CSCva65826 Wireless LAN Controller reboots unexpectedly
CSCva72044 BZ1388: 1572 mesh AP with no distance command implementation.
CSCva77451 AirOS WLC Local Auth EAP handler leak
CSCva83884 WLC System crash on aaaQueueReader
CSCva87295 Flex AP radio reset during FT with Central dhcp and Nat-pat enabled
CSCva92615 Access Point antenna gain changes to 0dBi randomly
CSCva98597 Emweb task stuck at 100% CPU usage
CSCvb18339 DTLS connection failed because max control dtls connections reached
CSCvb18427 DNS ACL allowing more URLS than the ones defined on
CSCvb19729 WLC crash - Task name EAP_Framework_0
CSCvb20553 Coa for session timeout not working using free radius server
CSCvb21254 80MR4:AAA override vlan lost on intercontroller roaming
CSCvb33101 702w Ethernet stop passing traffic.
CSCvb35018 Wism 2 crashes with task mdnsHATask
CSCvb44979 WLC Local EAP with 7925 Handshake Failure
CSCvb48354 RRM Not updating as per configured on WLC
CSCvb48603 Evaluation of wlc for Openssl September 2016
CSCvb57803 Crash on apfMsConnTask for 802.11v BSS Transition Support
CSCvb67724 5508 is going out of memory
CSCvb69962 Client traps not showing session ID's
CSCvb73104 AP 1600: Radio d1 reset: FW: irq/mac stat=40000/10000000 command timeout
CSCvb76654 Clients not getting excluded on max EAPid timeouts; reassoc rejected with reason 12
CSCvb77649 PI 3.1.3 DP4 Identifies IW3700 as 1850E
CSCvb80511 CWA is not working for flex-bridge APs pointing ACL rx from Radius doesn't exist
CSCvb92562 Evaluation of all for Openssl 1.0.1 September 2016
CSCvb93189 AP drops Retransmitted M3 from WLC
CSCvb94716 WLC crashing at task:spamReceiveTask running
CSCvb95842 WLC system crash on spamApTask
CSCvb97456 80MR4: SSH on FIPS 140-1 is not compatible with older clients, SSH high disable does not work
CSCvb99468 AirOS WLC crashed in emWeb when serving an EmWebForm exclusion-list
CSCvc04089 2700 series AP radio resets reason code 71 RADIO_RC_NO_REPORT
CSCvc08052 DFS false detection on AP2700
CSCvc23658 Clients not removed from flexconnect and capwap in APs flexconnect central-sw
CSCvc33258 WLC: Unable to config RX-SOP threshold for IW3702 AP
CSCvc33793 WLC tears down connected AP due to unequal loadbalance between SPAM queues high load
CSCvc40267 WLC sends wrong VLAN for AAA overriden client re-associating to AP belonging to FlexConnect Group
CSCvc45620 WLC crash in SNMPTask due to missed software watchdog
CSCvc52093 WLC send deauth 17 to phone in 4-way handshake
CSCvc52619 Local EAP do not support any of ciphers, used by 8821 phone
CSCvc62481 WLC 7500 HA crash on upgrade to with Task Name: spamApTask
CSCvc65675 WLC: Constantly increasing memory consumption by SNMPTask
CSCvc74507 Fix incorrect commit of CSCuu59589 in 8.0-mr
CSCvc82053 The nmsp info/probe notification queue is saturating
CSCvc82559 WLC 5508 reaper rest crash on several tasks.
CSCvc94648 Evaluation of wlc for OpenSSL Jan 2017
CSCvc99928 AP changing UP marking from 6 to 0 for downlink traffic after 802.11r roam with 8821 phones
CSCvd15742 AP crash with %ENTROPY-0-ENTROPY_ERROR: Unable to collect sufficient entropy
CSCvd18025 Anchor1 WLC does not free client sessions after client roaming to Anchor2 WLC-client entries stale
CSCvd21155 WLC stopped working when multicasting traffic and accessing WLC GUI
CSCvd28374 AP802 incorrect base radio MAC assigned not ending with zero causing to only support one BSSID
CSCvd44446 Retried EAP Response Dropped as a duplicate while First EAP Response was not even received on the AP
CSCvd50044 System stopped working multiple times on ping rx task
CSCvd67178 Anchor not deleting webauth req client beyond webauth timeout
CSCve36706 AP Exclusionlist Can't Clear after Exclusion timeout
CSCve57139 for 8.0 code, add capability to disable CBC crpto options for SSH
CSCve76202 WLC IPv4 CPU acl is applied as IPv6 CPU acl during backup recovery or SSO failover



New version WLCCA 4.4.3:


  • Support for 802.11FT adapative state
  • WLAN name for message "mDNS profile is configured in WLAN.."
  • Improved logic for message "General: The IPv6 Multicast/Broadcast mode is on Unicast.", to only report if IPV6 is enabled, and mcast/base fw is in use
  • Flex group name in message "Flex: Efficient AP upgrade is not enabled for Flex group:"
  • Improved logic for message "General: Aggregation scheduler disabled", now checks if 11n/ac is enabled, and the message includes band affected
  • Added interface name for message "General: DHCP enabled on the interface, but DHCP IP is not configured.", also improved logic to skip if the interface is a wired guest type
  • Added wlan name to message "General: 11v is enabled, it is recommended to have the MFP infrastructure disabled."


  • Incorrect parsing of DHCP proxy state
  • Incorrect handling of NTP sync status
  • Radius server parsing
  • Incomplete parsing of DCA/TPC/ED-RRM status
  • Proper detection of lag mode for UCS platforms
  • Typo for message 30063
  • Fixed parsing of 802.11b aggregation scheduler
  • Modified message "Platinum QoS settings are not set to 802.1p 5 or 6, check in Controller QoS Profiles" to use 5 or 6, instead of 6 or 7


For a bigger project I had to setup a smaller PMIPv6 test lab (see attached picture). There are only two APs, 3 ISR 2911/K9 acting as MAG and LMA and some Ubuntu 16.04 LTS hosts.

So far PMIPv6 without WLC works except Radius authentication from MAG to AAA.

  1. MN associates with AP2 using pre shared key WPA2-PSK. AP2 is configured to act as wireless bridge.
  2. After MN successfully associates with AP2 its wlan0 interface comes up and Linux IPv6 stack sends a Router Solicitation (RS) which is recognized by MAG2 as a PMIPv6 attachment trigger.
  3. MAG2 is configured to send a Radius access-request to the AAA server to provision MN properties like home prefix etc.

Now problem is that MAG2 sends a Radius Access-Request without User-Name attribute which is required by AAA server. The Access-Request looks like this:

User-Password       [2]   18  *
Calling-Station-Id  [31]  19  "2c-4d-54-61-e4-48"
Service-Type        [6]   6   Outbound                  [5]
NAS-IPv6-Address    [95]  18  2001:DB8:1009::1
Nas-Identifier      [32]  9   "router3"

How can MAG2 be configured to include MNID in Access-Request as User-Name attribute?

These are the relevant parts of MAG2 config:

interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
 ipv6 address 2001:DB8:1009::1/64
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
 ipv6 address FE80::200:5EFF:FE00:5213 link-local
 ipv6 address 2001:DB8:1019::F/64
 ipv6 nd ra interval 5
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto

! RADIUS configuration 
aaa new-model 
aaa group server radius AAA-GROUP-PMIP 
 server name AAA-SERVER-PMIP 
aaa authorization commands visible-keys 
aaa authorization ipmobile default group AAA-GROUP-PMIP 
aaa session-id common 
radius-server attribute 6 on-for-login-auth 
radius-server attribute 8 include-in-access-req 
radius-server attribute 32 include-in-access-req 
radius-server attribute 31 mac format ietf 
radius-server attribute 31 send nas-port-detail 
radius-server attribute 31 remote-id 
radius-server attribute wireless authentication callStationIdCase lower 
radius-server attribute wireless authentication mac-delimiter colon 
radius-server attribute wireless authentication call-station-id macaddress 
radius server AAA-SERVER-PMIP 
 address ipv6 2001:DB8:101::2 auth-port 1812 acct-port 1813 
 key xxxxxxxx
! PMIPv6 domain 
ipv6 mobile pmipv6-domain dom1 

! First ask AAA (Radius) server when a MN connects for its 
! properties. If this fails (either if AAA server not reachable or 
! AAA server rejects access-request) try fallback with local NAI's 
! (see below) 
! NAI for a given MN as MAC@realm 
! @realm is only used if append profile in pmipv6-mag interface section is 
! used AND a default profile is used AND the default profile NAI includes a @realm 

! If this NAI is left COMPLETELY blank then all attributes from 
! the default NAI are copied over at first connection from this MN.  
! After this the running config is altered to contain default NAI's attributes. 
! See enable pmipv6 default ... entry in ipv6 mobile pmipv6-mag ... section 
! Default NAI including @realm 
  lma lma1 
  service ipv6 
ipv6 mobile pmipv6-mag mag2 domain dom1
 discover-mn-detach poll interval 60 timeout 5 retries 3 
 address ipv6 2001:DB8:1009::1 
 binding maximum 200 
 binding lifetime 8640 
 binding refresh-time 360 
 no generate grekey 
 interface GigabitEthernet0/1 
  enable pmipv6 default 
  append profile 
 lma lma1 dom1
  ipv6-address 2001:DB8:1009::F 

For more infos and console logs please see also:


Eap- TLS is a sort of EAP method to authenticate client with the certificate without use of usern-ame an password.

Below example is to use EAP-TLS with controller

EAP-TLS requires digitally signed certificate to authenticate clients. Certificate required on controller. 1. Device Certificate issue to WLC. To generate the device certificate. And download it to the controller it is vendor device certificate using command line or GUI.In GUI select the download vendor device certificate option (TACLAB)transfer download mode tftp (TACLAB) >transfer download datatype eapdevcert (TACLAB) >transfer download path . (TACLAB) >transfer download filename final.pem (TACLAB) >transfer download certpassword check123 (TACLAB) >transfer download serverip (TACLAB) >transfer download start 2. Root Certificate of a CA. If you have root ca certificate on device ,you can export it using the Firefox. Path- browser>>Advance>>Encryption>>view certificate>>Export.>>>save it as x.509 file type certificate. E.g-test.crt And download it the controller.It is ca certificate.In GUI select the (TACLAB)transfer download mode tftp (TACLAB) >transfer download datatype eapdevcert (TACLAB) >transfer download path . (TACLAB) >transfer download filename final.pem (TACLAB) >transfer download certpassword check123 (TACLAB) >transfer download serverip (TACLAB) >transfer download start . Root-CA certificate should be installed on controller as well as clients. Now configure a profile with EAP-TLS on controller and inherit it to the SSID under advanced section To configure local eap profile below is the document.

1 Comment

The old version of open ssl 0.9.8h referenced on the cert generation doc doesn't work (if you enter a password in the CSR process).

Will work on updating link.

Working exact steps with v1.1.0c:

Confirmed working CSR with openssl, Windows 7 64 bit machine.


Win64 OpenSSL v1.1.0c

Windows Dos prompt:

cd C:\OpenSSL-Win64\bin


req -new -newkey rsa:1024 -nodes -keyout mykey.pem -out myreq.pem -config C:\OpenSSL-Win64\bin\cnf\openssl.cnf

C:\>cd C:\OpenSSL-Win64\bin

OpenSSL> req -new -newkey rsa:1024 -nodes -keyout mykey.pem -out myreq.pem -config C:\OpenSSL-Win64\bin\cnf\openssl.cnf
Generating a 1024 bit RSA private key
writing new private key to 'mykey.pem'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:NC
Locality Name (eg, city) []:RTP
Organization Name (eg, company) [Internet Widgits Pty Ltd]:TAC
Organizational Unit Name (eg, section) []:HTTS
Common Name (e.g. server FQDN or YOUR name) []:WLC-1
Email Address []

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:password123
An optional company name []:cisco
OpenSSL> quit

C:\OpenSSL-Win64\bin>dir *.pem
 Volume in drive C has no label.
 Volume Serial Number is 1496-D193

 Directory of C:\OpenSSL-Win64\bin

01/06/2017  10:55 AM               932 mykey.pem
01/06/2017  10:59 AM               750 myreq.pem
               2 File(s)          1,682 bytes
               0 Dir(s)  304,623,710,208 bytes free

1 Comment

CA generated SHA2 certificates have been supported since WLC code 7.0.250.

The ability for a WLC to generate a SHA2 Self Signed Certificate was introduced in, and 8.3.102 via the following enhancement bug:
CSCuz47863 SHA256 self-signed cert for WLC web admin


Some 5520 and 8540 controllers shipped from the factory without manufacturing installed certificates activated.

The first symptom typically observed is the inability to access the controller via https. (Temporary workaround: enable http access.  CLI: config network webmode enable)

Code upgrades will also fail due to an unactivated certificate:

FTP Code transfer starting.

FTP receive complete... extracting components.

Failure while validating the signature!

This issue is documented in the following bug:

 CSCuv97685    5520 or 8540 may have no Manufacturing Installed Certificates

This condition can be recovered without replacing the unit.

Refer to the following document for the recovery procedure, or contact the Cisco Tac for  assistance:


When we learn about how to calculate RF power to DB, we all learned 3 is the new 2, meaning if RF power is changed by 2 times, DB value will be changed by 3.  And of course 1 is 1, and 10 is 10.  But there is still a big gap from 2 times multiplexing to 10 times multiplexing, so some time the calculation is still not very easy by just using 1, 3, and 10 in DB value.

Therefore, I believe it's worth remembering another quick reference point, 7 is the new 5, meaning if RF power is changed by 5 times, the DB value should be changed by 7.


10Log5=6.9897, close enough to 7

5mw = 10mw / 2 = 10dBm-3 dB = 7dBm

50mw = 100mw / 2 = 20dBm - 3 dB = 17 dBm

or 50mw = (10 x 5) mw = (10 + 7) dBm = 17dBm

this is much better than calculating 50mw as 10 x 2 x 2 x little bit = (10 + 3 + 3 + little bit guees) dBm.


Como sabemos os access-points Cisco podem operar em modo autônomo (sem controladora) ou controlado (com controladora). Por todas as vantagens que a controladora adiciona à solução e até pela redução do preço que ocorreu nos últimos anos, é mais comum vermos access-points com o software para trabalhar com a controladora (de fato não me lembro a última vez que implantei access-points em modo autônomo em um ambiente corporativo…).

“CAP”: Access-point com software para trabalhar em modo controlado. O “C” vem de CAPWAP, protocolo usado para falar com a controladora, mas podemos associar o “C” ao modo “Controlado”.

“SAP”: Access-point com software para trabalhar em modo “standalone”. Ou seja, sem controladora.

Ainda assim, eventualmente, precisamos trocar o software do access-point CAP para que ele seja usado como autônomo (SAP). E como o software CAP é limitado (a maioria das configurações ficam na WLC), é preciso acessar um modo “debug” para fazer o procedimento.

AP Cisco

Importante notar que não há nenhuma diferença de hardware entre um AP CAP e SAP, e por isso podemos fazer a troca do software sem problemas.

Convertendo um AP de CAP para SAP #1

Existem algumas opções para fazer esta conversão, mas a minha preferida é esta.

1) Configure o IP no notebook e conecte a rede no access-point.

2) Acesse a console do access-point.

3) Entre no modo enable.


4) Habilite o modo debug.

AP#debug capwap console cli

5) Configure o AP para ele não reinicar (no modo CAP o AP fica reiniciando até achar a controladora).

AP#debug capwap client no-reload

6) Configure o IP do AP.

AP#config t

AP(confg)int gi 0

AP(confg-if)ip addr


7) Faça o download do software Autônomo.

AP#archive download-sw /force-reload /overwrite tftp://

8) Reinicie o access-point.


O AP vai reiniciar e subir com o software autônomo, onde você poderá fazer todas as configurações desejadas. E se for preciso, você pode voltar o AP para o modo controlado (neste caso não precisa usar os comandos debug capwap…).

Convertendo um AP de CAP para SAP #2

Se por algum motivo o procedimento acima não funcionar (nos softwares CAP mais antigos não tínhamos esta opção), você pode tentar o procedimento abaixo.

1) Configure o IP no notebook e conecte a rede no access-point.

2) Acesse a console do access-point.

3) Reinicie o access-point e pressione ESC quando o AP estiver iniciando.

4) No “modo AP” configure o IP no access-point.

ap: set IP_ADDR

ap: set NETMASK

5) Inicie o processo de tftp, ethernet e flash.

ap: tftp_init

ap: ether_init

ap: flash_init

6) Faça o download do software autônomo.

ap: tar -xtract tftp:// flash:

7) Configure o boot.

ap: set BOOT flash:/ap3g1-k9w7-tar.153-3.JC.tar

8) Inicie o access-point.

ap: boot

O AP vai reiniciar e subir com o software autônomo, onde você poderá fazer todas as configurações desejadas.

Até a próxima.

OBS: Postado originalmente em


In the wireless world we often think more power is good. The louder the signal surely higher the performance gain. I’m sorry to say that’s not  true in most cases. RF power is like a delicate flower and should be treated with respect. Simply choosing a higher power output and not properly tuning your radios could cause you more pain than you really know. In this quick blog post, I share a pair of static bridges being bench tested 70 feet apart. The only difference in configuration is simply changing the RF power. While I only share the capacity values, the throughput values have been excluded to keep the focus on power.


Example #1 - (HOTTEST)


In this example we pump up the power @ 30 dBm.


(1) Link @ -17 dBm 

(2) Modulation at 16 / 65 QAM

(3) TX Power 30 dBm

(4) Capacity Link TX 205, RX 200



Example #2 - (HOT)


In this example we power down to @ 24 dBm.


(1) Link @ -22 dBm 

(2) Modulation at 256 / 256 QAM

(3) TX Power 24 dBm

(4) Capacity Link TX 396, RX 391



Example #3 - (PEACHY)


In this example we power down to @ 18 dBm.


(1) Link @ -27 dBm 

(2) Modulation at 1024 / 1024 QAM

(3) TX Power 18 dBm

(4) Capacity Link TX 482, RX 469






Modulate Gain: 16 vs 1024 and 65 vs 1024

Capacity Link Gain: TX 205 vs 481, RX 200 vs 469


Why excessive power gain is bad is because it increases noise and distortion at the receivers radio. In Example #1, both radios can hear each other at -17 dBm! Think of it this way, imagine having someone in your ear with a megaphone yelling today’s lunch specials at you. You can’t hear so well, can you ? Take away the megaphone and step back a few feet and all is peachy.

My quick less-techy blog post for today! 




A question was asked on Cisco Support Community (CSC) enquiring about what antenna is deactivated when a Cisco 3700 access point doesn't receive a full 16.1 Watts. 


We have purchased 3702e and some of these access points can only get PoE (802.3af). Which antenna will be activated in this case?


802.3at                 4x4:3 on 2.4/5 GHz                         16,1W

802.3af                 3x3:3 on 2.4/5 GHz                         15,4W



Thats a good question and it had me thinking. So I tapped my Cisco CSE, Carlos. BTW Carlos is one of the best CSE’s you’ll find. I’m very fortunate to have him as our CSE. The guy has memory recall with such precision it’s scary. Not to mention he is a CCIE R/S and W. 


When an access point isn't provided full power it can deactivate some combination of radio chains and spatial streams. Manufactures can dial back the access points performance while still providing reliable WiFi communications. This allows flexibility with power at the switch power level (PoE).


We’ll focus on the Cisco 3700. The data sheet shows 802.3at and 802.3af power combinations. Less power, less chains and streams. More power, more chains and streams.




From a Cisco 3700 access point do:  show controllers dot11Radio X.



In this example you will see the access point is fully powered. We can tell this because of the the number of antennas used for RX and TX. A,B,C and D.

Antenna:                        Rx[a b c d ]

      Tx[a b c d  ofdm all]




In this example you will see the access point is not fully powered. The access point was provided .af power. We can tell this because of the the number of antennas used for RX and TX. A,B, and C and the mention “Radio on Low Power Mode due to PoE, restricted to 3 antennas”


Antenna:                        Rx[a b c ]

                                Tx[a b c  ofdm all]



A,B,C, and D


You might be wondering which antenna port is D. On a Cisco 3700E look closely at the antenna bulk head. Each one is identified with A,B,C, and D. In this case the D antenna, it is located in the lower left of the 3700 access point. 





Block Acknowledgement
    • It is initialized by ADDBA request / response from between originator and recipient.
    • after initiation blocks of QoS data are transmitted from originator to recipient.
    • the originator can start transmitting the blocks of data after a polled TXOP or by winning the EDCA contention.
    • the MPDUs within the block of transmitted frames are acknowledged by a BlockAck frame which is request by the originator in the BlockAckReq (BAR) frame.
    • there are two flavors - Immediate Block Ack and Delayed Block Ack
      • Immediate Block Ack and Delayed Block Ack differ in the way BAR and BA are handled. With Immediate Block Ack, the BA is required after the receipt of BAR whereas with Delayed Block Ack, the BAR itself is acknowledged (by recipient) with a simple Ack frame and the BA is sent later on separately which also gets acknowledged (by originator) separately.
    • the originator or the recipient may tear down the Block Ack agreement by sending the DELBA (delete BA) Request which, if received successfully, is acknowledged with an Ack.
Chart showing BlockAck mechanism
a) Setup
    • Originator first checks if the recipient STA is capable of Block Ack mechanism by checking Delayed Block Ack and Immediate Block Ack capability bits (as seen in Beacons, Association / Reassociation request, and Response frames).
    • If the recipient is capable of Block Ack mechanism the originator sends a ADDBA Request frame indicating the TID (traffic ID) for which Block Ack is being set up.
    • for Block Ack mechanism between HT-STAs the buffer size field in the ADDBA Request can be changed by the recipient of ADDBA Req frame.
    • the recipient responds with the ADDBA Response frame and can chose to accept or reject the request.
    • if the recipient rejects, the originator may not use the Block Ack mechanism.
    • when recipient accepts, it indicates the number of buffers it allocates for this Block Ack agreement. Buffer size may be different for different Block Ack agreements.
    • the originator changes the size of the transmission window based on the ADDBA response from the recipient. The originator may increase or decrease the size in accordance to the recipient response but is not greater than value of 64.
    • the originator sets the A-MSDU supported field to 1 indicating it might transmit A-MSDU with the TID and recipient can set the same field to 1 to indicate it is capable of receiving an A-MSDU with this TID. The recipient can technically respond with any value of the A-MSDU supported field and if the originator does not like it, it can tear down the Block Ack agreement and send frames using normal ack.
    • Block Ack Timeout Value: duration after which the Block Ack session is terminated when there are no frame exchanges.
    • Start Sequence Number (SSN): the sequence number of the first data frame from the originator for this Block Ack session.
b) Data and Block Ack
    • Once the Immediate Block Ack or Delayed Block Ack is setup, the originator may transmit a block of QoS data frames separated by a SIFS (Short Inter-frame Space) duration with total number of data frames not exceeding buffer size as defined by ADDBA Response.
    • the originator may do the following
      • separate the Block and Basic BlockAckReq frames into separate TXOPs
      • split a Block frame across multiple TXOPs
      • split transmission of data MPDUs sent under Block Ack policy across multiple TXOPs
      • Interleave MPDUs with different TIDs within same TXOP
      • sequence or interleave MPDUs for different RAs within a TXOP
    • Originator uses SSN to indicate to the recipient of the sequence number of first frame in the block for which acknowledgment is expected.
    • Recipient maintains a Block Ack record which consists of originator address, TID and acknowledgment state of the data frames received from the originator.
    • In case of Immediate Block Ack policy - recipient responds to basic BlockAckReq frame from originator with a basic BlockAck frame which indicates any missing frames. The originator retries any frames that are not acknowledged in the basic BlockAck frame in another block or individually.
    • The difference with Delayed Block Ack policy is that the recipient responds to the BlockAckReq frame with a normal Ack and then transmits the BlockAck frame in a TXOP obtained later. The originator responds to the basic BlockAck with an Ack and then retries the unacknowledged frames from the BlockAck frame in another block or individually.
    • In BlockAck frame the recipient only acknowledges the frames starting from the starting sequence number (SSN) until the highest sequence number that has been received correctly and sets the bit in the BlockAck bitmap of other frames (frames not received correctly from originator) to 0. The recipient reports the status of old and prior frames (frames before the first frame that the originator sends - SSN) as successfully recieved (bit is the bitmap set to 1).
    • The recipient maintains a field called NextExpectedSequenceNumber which is set to 0 when the Block Ack mechanism is negotiated. if the recipient receives a frame with a sequence number older than the NextExpectedSequenceNumber for that Block Ack agreement than the recipient drops the frame thinking its either old or a duplicate.
c) Teardown
    • When originator has not more data to send and the final frame in the Block has been sent the originator signals the end of the Block Ack mechanism by sending the DELBA (Delete BlockAck) frame to the recipient.
    • There is no response needed from the recipient. It just releases all resources allocated for that Block Ack agreement.
    • The Block Ack agreement may be torn down if there are no BlockAck, BlockAckReq or QoS data frames (sent under the Block Ack policy) for the Block Ack's TID received from the peer within duration of the Block Ack timeout value.
AP Debugs:
debug dot11 d1 monitor address 7cd1.c392.3232
debug dot11 d1 tr pr clients xmt rcv ba
*Apr 10 00:15:05.471: 8893F78B r 12 28/17/28/34 77- B000 030 EBBF4F 923232 EBBF4F 1600 auth l 6
*Apr 10 00:15:05.471: 8893F7A2-1 923232 - newauth
*Apr 10 00:15:05.471: 8893F7AD-1 923232 - restart B0 300
*Apr 10 00:15:05.471: 8893F7CC-1 923232 - stop: re-assoc aid 1
*Apr 10 00:15:05.471: 8893F990 t 12 0 - B000 001 923232 EBBF4F EBBF4F 0000 auth l 37
*Apr 10 00:15:05.471: 8893FA55 r 12 29/18/29/35 76- 0000 030 EBBF4F 923232 EBBF4F 1610 assreq l 109
*Apr 10 00:15:05.471: 8893FA6E-1 923232 - restart 0 300
*Apr 10 00:15:05.475: 8893FEFF-1 923232 - clrfp
*Apr 10 00:15:05.475: 8894003D t 12 0 - 1000 000 923232 EBBF4F EBBF4F 0000 assrsp l 123
*Apr 10 00:15:05.475: 889402A0-1 923232 - add request
*Apr 10 00:15:05.475: 88940368-1 923232 - client restart pend - clear and set new key
*Apr 10 00:15:05.475: 889405D6-1 923232 - add AID:(status ST_CAN_BF [10]) (mode SHORT_GI_20MHZ WME AMSDU_LONG AMSDU [3280]) (vrates [0014000030]) (age [300]) (blk [400]) (rate [00FCFFFFFF]) (AID [1]) (VLAN [1]) (0 []) (istatus ST_REQ_BF ST_AMSDU_REQUEUE ST_VLAN_ADDED ST_WAS_PSP [40144]) (encr [0])
*Apr 10 00:15:05.475: 889405EB-1 923232 - uapsd_compliant_client 0
*Apr 10 00:15:05.479: 88941929 r m0-2 28/20/30/32 75- 8809 03C EBBF4F 923232 B92348 0000 q0 l36
ARP1 hdw 1 prot 800 7cd1.c392.3232 > 0000.0000.0000
0001 0800 0604 0001 7CD1 C392 3232 0A00 006B 0000 0000 0000 0A00 0001
*Apr 10 00:15:05.479: 8894199C r 12 34/24/35/40 70- 4801 030 EBBF4F 923232 EBBF4F 1620 null l0
*Apr 10 00:15:05.479: 88941A88-1 923232 - Request addba 0
*Apr 10 00:15:05.479: 88941DC3-1 923232 - xmt ADDBA req pri 0, seq E0F0, window 64 timeout 0 1 ----> transmit ADDBA req for priority 0, SSN 3599
*Apr 10 00:15:05.479: 88941DD3-1 923232 - fc DOT11_ACTION [D0] mode SHORT_GI_20MHZ WME AMSDU_LONG AMSDU [3280] istatus ST_REQ_BF ST_AMSDU_REQUEUE ST_VLAN_ADDED ST_WAS_PSP [40144] status ST_CAN_BF 10
*Apr 10 00:15:05.479: 88941DDA-1 923232 - fc DOT11_ACTION [D0] mode SHORT_GI_20MHZ WME AMSDU_LONG AMSDU [3280] istatus ST_REQ_BF ST_AMSDU_REQUEUE ST_VLAN_ADDED ST_WAS_PSP [40144] status ST_CAN_BF 10
*Apr 10 00:15:05.479: 88941EE5 t 12 0 - D000 C8EC 923232 EBBF4F EBBF4F 0000 action l 40 ----> same as above. actual frame transmission
*Apr 10 00:15:05.479: 88942164 r m0-2 29/25/33/31 70- 8809 03C EBBF4F 923232 mFFFFFF 0010 q0 l336
C392 3232 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
*Apr 10 00:15:05.479: 889421E3 r m23-2 35/25/36/38 69- 8801 030 EBBF4F 923232 m333300 0020 q0 l56
SNAP 86DD 6002 839F 0008 3AFF FE80 0000 0000 0000 7ED1 C3FF FE92 3232
*Apr 10 00:15:05.479: 88942293 r 12 36/25/36/41 70- D000 030 EBBF4F 923232 EBBF4F 1630 action l 9 ---> received ADDBA response for priority 0 from client
*Apr 10 00:15:05.483: 8894229C-1 923232 - fc DOT11_ACTION [D0] mode SHORT_GI_20MHZ WME AMSDU_LONG AMSDU [3280] istatus ST_REQ_BF ST_AMSDU_REQUEUE ST_VLAN_ADDED ST_WAS_PSP [40144] status ST_CAN_BF 10
*Apr 10 00:15:05.483: 889422AB-1 923232 - rcv ADDBA rsp pri 0, window 64 timeout 0 ----> same as above. above is actual frame
*Apr 10 00:15:05.483: 889427A4 t m2-2 4 - 880A 000 923232 EBBF4F B92348 E0F0 q0 l58 ---> TID 0 data frame transmit to client (last 3 octect 92:32:32)
ARP2 hdw 1 prot 800 ecc8.82b9.2348 > 7cd1.c392.3232
0001 0800 0604 0002 ECC8 82B9 2348 0A00 0001 7CD1 C392 3232 0A00 006B
*Apr 10 00:15:05.483: 889428B2-1 923232 - send BAR 0 E100
*Apr 10 00:15:05.483: 889429EA t 12 0 - 8400 1750 923232 EBBF4F 0004 E100 bar ----> sent BAR (BlockAckReq) for priority 0 and SSN 3600 (E10)
Note: the response to BAR which is BA is not seen in the debug outputs
As you see above the clients indicates the missing frames which the originator may resend using another Block Ack mechanism or send them individually.
Note: The aim of this article is to try and summarize the key points involved in the Block Ack mechanism. This article is by no means a comprehensive guide for the Block Ack process. For detailed info please refer to the IEEE 802.11-2012 standard.


This is a quick way to replay 802.11 frames using Commview for Wifi (am using the demo version).
When you first launch the tool, there will be a pop up shown as follows which will show the list of compatible wireless nic cards and prompt you to install the drivers needed to put the wireless card into promiscuous mode.
below you can see two adapters listed. I have tried and tested the EnGenius EUB1200AC usb adapter.
Below shows the steps to capture and or replay the frames
I am just covering the steps to capture and replay packets.
  1. first you choose the channel which you want to sniff from the right pane
  2. You just need to hit play to start capturing the frames on the designated channel. If using the demo version, a pop up with show up indicating the same and you will have to wait 15 seconds before you can hit start.
  3. the packets tab shows you the captured packets
  4. the icon (atom like shape) is the tab for the packet generator. you can right click on one of the captured packet and hit send selected or once you open the send packet window you can just drop a frame or multiple frames which can be replayed.


In the Send Packet window you can use the hex editor to edit the various fields.
You can also select the 802.11 rate at which you want to send the frame, if you want to send select number of frames or continuous.


The following shows the association, authentication and data traffic of a 11ac 3SS client using a 802.11ac and 802.11n sniffer. The main idea of this exercise is to show that the 802.11n sniffer will not be able to interpret and capture any 802.11ac encoded frames (mainly unicast QoS data frames).
The capture on the left is the 802.11n capture and the one on the right is the 802.11ac capture. As you see all management and controller frames can be seen on both captures as they are sent using legacy rates to maintain backward compatibility in a mixed mode environment.
Now in the above capture you see that the EAPOL keys 3 and 4 are still visible on both captures but the QoS data frames (priority 6 - TID 6) are only seen on the capture on the right (802.11ac capture). You can see some of the VHT information in the VHT information field of the QoS data like — 80 MHz channel is used, the STA is a 3 spatial stream (3 SS) STA, and MCS 8 (256 QAM 3/4).
The 802.11n sniffing device cannot interpret these 11ac data frames.

1 Comment

In recent times I have come across the question ‘Why do we need m-gig AP backhaul’. I have seen a lot of Wi-Fi experts quickly respond to that question saying ‘You’ll be fine as is and your AP backhaul will not exceed 1Gbps’. I have even heard statements like ‘it is impossible’ to exceed 1Gbps AP backhaul capacity and they back that up with numerous points around 160 MHz channels, 256 QAM etc (some facts, some approximations). I am not challenging anyone’s views but I won’t be so quick to jump to the conclusion that ‘You’ll be ok without m-gig AP backhaul for 802.11ac wave 2’. Here is my personal opinion about the big buzz around Multi-Gigabit for AP backhaul.
I am going to try and use less mathematics or any fancy simulator tools that throw out real/theoretical numbers at you. Frankly speaking its not a 'one size fit all’ model. These numbers (explained later) some people talk about may or may not apply to your deployment. Ok enough of my blabbering, lets dive right into it.
We already see 4SS SOHO APs out in the market with Enterprise grade 4SS 11ac Wave 2 APs ready to roll out very soon. They will indeed support the mystical 160 MHz channels with a theoretical (as most people like to refer :) ) link speed (data rate) of 3.466 Gbps. This piece of information in itself warrants for m-gig AP backhaul.
Lets talk more sense; lets not talk about 160 MHz channel at all from this point on. Now coming to the second impractical data around 802.11ac which is 256 QAM. All those who know what 256 QAM means will know that its rather difficult to sustain. You require very clean RF (will avoid going into SNR and receiver sensitivity etc) to achieve and maintain 256-QAM. Lets say the 11ac client does land up achieving (in a RF isolation room, low density area ;) - just kidding as this is the normal assumption) 256-QAM which corresponds to MCS 8 and MCS 9.
Lets look at a more real world scenario i.e. 80 MHz channels. MCS 9 for a 4SS 11ac AP / Client using 80 MHz channel approximates to 1.7 Gbps link speed, at about 65-70% throughput efficiency it is 1.1 Gbps (.65 x 1.7 Gbps). Does this warrant m-gig backhaul? Maybe not just yet right? As most of you will point out mixed-client environment and less than optimal RF conditions which make it difficult to reach MCS 9.
Lets rate shift down to MCS 7 at 80 MHz which is 1.3 Gbps. Doing the math again for 65-70% throughput efficiency we arrive at approximately 850 Mbps (hurray!!). We finally arrived to an over the air data rate value which will not over subscribe or stress the 1 Gbps AP backhaul. This is about 85% of your existing AP backhaul capacity.
802.11ac MCS rates table
When most people explain these 'over the air' data rate / link speed numbers they are only talking about ‘upstream’ traffic from the wireless client to the AP. What we don’t consider are things like unwanted downstream traffic hitting the AP port and potential inside the AP packet processing drops. Speaking out of experience (4 plus years in Wi-Fi support) I’ve seen scenarios where downlink traffic other than traffic destined to the wireless clients hits the AP port. Link local broadcasts are very common these days with so many mobile devices invading the Wi-Fi space. These protocols are very chatty and can quickly add up to few tens or hundreds of Mbps. I have personally been involved in troubleshooting issues where the AP port is stressed in terms of traffic ( > 1Gbps) causing packet drops. I do agree that preventive measures can be taken and networks can be designed properly to avoid such cases but more often than not networks are not designed so accurately.
Moving on to MU-MIMO; this is the capability of the 11ac AP to make use of unutilized spatial streams for other clients. What this means is that a 4SS AP can ideally serve
  • Two or three 1SS client (usually mobile devices); with 4th radio used for beamforming
  • Two 2SS clients
  • And more!
This will likely make the AP utilize its top end link speed of 1.3 Gbps more often
Although MCS 8 and 9 may not be achieved 100% of the time, they will come into play some % of time the client remains associated with the 11ac Wave 2 AP.
There are no 4SS 11ac clients in the market at present but it is likely that will change in the near future. We already have 3 SS 11ac clients which can achieve 975 Mbps at MCS 7. This is where MU-MIMO would come in handy to best utilize the AP’s top end link speed.
Above data is only the contribution by 5 GHz radio, what about the 2.4 GHz 802.11n radio? That will add an average wireless traffic of about 100-150 Mbps.
This m-gig dilemma is somewhat similar to the time when 11n hit prime time and was shipped with GigE ports instead of FastEthernet backhaul. How many deployments do you see out in the field where 11n APs are plugged into FastEthernet ports? Probably only a handful. This is why it maybe a good idea to have m-gig switches for 11ac wave 2 APs which will ship with some sort of m-gig capability.
Now lets consider the mixed-client environment. Although older generation (11a/g, 11n etc) Wi-Fi clients are almost always present in the environment but there are a lot of scenarios where you have a mini greenfield deployment if you consider BSSID level coverage. I see deployments like classroom environment which just have latest generation macbook pros or iPads, or office spaces where you only have the latest generation windows / mac laptops which are all 11ac capable.
If you are pondering over the question, ‘will applications exceed the 1 Gbps mark?' There are several use cases where large amounts of data needs to be exchanged over Wi-Fi (in excess of 1 Gbps), and the data demands continue to grow at a rapid pace.
For most of us cost tends to play an important role in decision making. Highlighted are a few areas of investment to be considered for 11ac wave 2 and m-gig technology:
  • Cabling cost
  • 11ac wave 2 APs
  • M-gig capable access switches
A typical refresh cycle for AP is around 4-7 years. When it comes to access switches the refresh cycle is even longer 7-9 years. The point I am trying to make here is if its time for an upgrade or refresh, its a no brainer to be ready for 11 ac wave2 full theoretical capacity (6.9 Gbps) and m-gig capable switches.
For folks who are still on 11n and are thinking of making the transition to 11ac, again the choice is simple, skip 11ac wave 1 and directly adopt 11ac wave 2 as thats a more logical thing to do. This would apply to the SMB markets as well.
Below is a chart showing the proposed channels to the existing 5GHz spectrum which will make the use of 160MHz channels more feasible.
source: FCC
Both these technologies are here to stay and things are just starting to get exciting!
I’d love to see your comments on my views.


Table of Content
Base Layer 2/3 Configuration
Deploying Converged Access
Guest Solution
Advanced IOS Wireless Services
Wireless Best Practices
The small-size remote branch office or retail store may consist of a single or a stack of Ethernet switches to provide network connectivity to the wired and wireless users. Such small networks can converge the Ethernet switching with next-generation wireless capability on the same Catalyst switch.
For such network designs, the switch can integrate WLC Mobility Controller (MC) and Mobility Agent (MA) functions without requiring any additional Converged Access elements, such as Switch-Peer-Group (SPG) in the network. These networks may need Guest wireless services, as well as common security and network access policy enforcement across all branch offices.
Below is a typical topology of a single switch branch network and sample configuration which has been tried and tested at various customer deployment.

Below figure shows a reference topology for a typical branch network


These docs are listed on the configuration guide listing pages of all the 3 platforms: Cisco Catalyst 3850 Series Switches -Configuration Guides - 3850Cisco Catalyst 3650 Series Switches - Configuration Guides 3650, and Cisco Catalyst 4500 Series Switches - Configuration Guides - 4500
The list of synced commands is published "MC Managing MA - List of Commands Synchronized Between MC and MA"http:/​/​​c/​en/​us/​td/​docs/​wireless/​controller/​mc-ma/​mc-ma-sync.html

1 Comment

This Blog is written by "Viten Patel", is working as Technical Marketing Engineer (Converged Access) at Cisco. He was working as Wireless Escalation Engineer - Cisco TAC and holds many wireless certification like CCIE Wireless, CCNP Wireless, CCNA Wireless, CWNA, CWSP, CWAP, CWNE#146.





Interop Las Vegas 2015 was a blast! Few conferences bring together a rich mix of vendors, products, solutions and attendees all in one place. I was particularly interested in Cisco's Hyperlocation, which just so happen to
 win Best of Interop Award - 2015 Mobility. Interop was a gathering of old friends and meeting new ones. I thought the mobility track was exceptional this year. 

Cisco Hyperlocation: 

I was also a panel guest at Cisco's Mobility lunch where WiFi Mobility, 802.11ac and our AWO (All Wireless Office) was topic of discussion. It was 60 minutes of great discussion and guest interaction. I would like to thank Cisco's Bill Rubino for the invite. 

I spoke at my own session "Designing Todays WiFi Network for Tomorrow's Applications". I always enjoy sharing my real world hands on experience with others. WiFi is still black magic to many IT folks in the industry. The goal in my session, take 2 things away that you didn't know before. I think the attendees agreed. My session made Interop's Top 10 Sessions and ranked #6 in the standings as voted by attendees. I would like to thank Andrew Murray for the invite and having me back at Interop. 

Interop Top 10 

In closing two articles were published from my Interop session. 

Remember The Restroom When Deploying Wireless 

What happens if you remove an acceptable use policy from guest Wi-Fi? 


1 Comment

 Viten Patel is working as Technical Marketing Engineer (Converged Access) at Cisco.  He was working as Wireless Escalation Engineer - Cisco TAC and holds many wireless  certification like CCIE Wireless, CCNP Wireless, CCNA Wireless, CWNA, CWSP,  CWAP, CWNE#146. 

 This is a video techtorial walking through the Prime Infrastructure WorkFlow for  Converged Access. There are 3 WorkFlows (Small network, Large network and  Centralized network deployment). This video shows the single switch Small Branch flow.

Below is a reference topology and deployment scenario


The WorkFlow helps deploy the above mentioned features. With just a few clicks you can deploy multiple branch networks with all the wired / wireless best practices for Converged Access.

What is achieved?



Some of the benefits of using the WorkFlow includes --

  • Simple to use
  • Masks the configuration complexity
  • Highly scalable
  • covers most of the deployment scenarios
  • configure ones, use many times model
  • intelligence and best practices inbuilt in the tool
  • deploy the network with simple user data inputs

More Information




Viten Patel is working as Technical Marketing Engineer (Converged Access) at Cisco. He was working as Wireless Escalation Engineer - Cisco TAC and holds many wireless certification like CCIE Wireless, CCNP Wireless, CCNA Wireless, CWNA, CWSP, CWAP, CWNE#146. In this blog he has mentioned about "802.11ac Transmit Beamforming and VHT NDP sounding procedure".

Transmit beamforming requires the knowledge of the channel state to compute a steering matrix that is applied to the transmitted signal to optimize reception at one or more receivers. The STA transmitting using the steering matrix is called the VHT beamformer and the STA for which the reception is optimized is called the VHT beamformee.

Beamforming is directly enabled by the support of ‘sounding’. Sounding is the term used to denote the process performed by the transmitter to acquire CSI from each of the different users by sending training symbols and waiting for the receivers to provide explicit feedback containing a measure of the channel. This feedback is then used to create a weight or steering matrix that will be used to pre-code the data transmission by creating a set of steered beams to optimize the reception at one or multiple receivers.

Any device that shapes its transmitted frames is called a beamformer, and a receiver of such frames is called a beamformee. A single device may act both as a beamformer and a beamformee. The process of beamforming involves measurement of the MIMO channel, and as a result of the channel measurement, a derivation of the steering matrix is done. The steering matrix is a precise mathematical description of how the antenna array should use each individual element to select spatial path for the transmission.

Types of feedback mechanism -
For an HT beamformer to calculate the appropriate steering matrix for transmit spatial processing when transmitting to a specific HT beamformee, the HT beamformer needs to have an accurate estimate of the channel over which it is transmitting. There are two methods which can be used :-

  • Implicit feedback: in this method the HT beamformer receives long training symbols transmitted by the HT beamformee. This allows the MIMO channel between the HT beamformer and HT beamformee to be estimated. If the channel is reciprocal, the HT beamformer can use the training symbols it receives from the HT beamformee to make a channel estimate suitable for computing the transmit steering matrix.
  • Explicit feedback: When using explicit feedback, the HT beamformee makes a direct estimate of the MIMO channel from the training symbols sent to the HT beamformee by the HT beamformer. The HT beamformee may prepare CSI or steering feedback based on an observation of these training symbols. The HT beamformee quantizes the feedback and sends it to the HT beamformer. The HT beamformer can use the feedback as the basis for determining transmit steering vectors.

In 802.11ac, only explicit beamforming is used, hence both the transmitter and receiver must support it.

VHT NDP sounding procedure -
A VHT beamformer shall initiate a sounding feedback sequence by transmitting a VHT NDP (Null Data Packet) Announcement frame followed by a VHT NDP after a SIFS. The VHT beamformer shall include in the VHT NDP Announcement frame one STA info field for each VHT beamformee that is expected to prepare VHT compressed beamforming feedback and shall identify the VHT beamformee by including the VHT beamformee’s AID in the AID subfield of the STA Info field. The VHT NDP Announcement frame shall include at least one STA info field.

Sounding protocol with a single VHT beamformee


Sounding protocol with more than one VHT beamformee


VHT NDP Announcement frame format (single user)

Upon transmission of the VHT NDP Announcement frame, the beamformer next transmits a Null Data Packet frame shown below. Figure shows a PLCP frame with no data field, so there is no 802.11 MAC frame. Channel sounding can be carried out by analyzing the received training symbols in the PLCP header, so no MAC data is needed in a NDP. Within a NDP there is one VHT Long Training Field (VHT-LTF) for each spatial stream used in transmission, and hence in the beamformed data transmission.

More specifically, upon reception of the VHT NDP frame each beamformee removes the space-time stream CSD (cyclic shift diversity) applied to the signals transmitted. The CSD consists of a signal shaping technique where different phase shifts are applied to the same signal across different transmit chains. After removing the CSD, the targeted beamformees are required to reply with a VHT compressed beamforming frame. The first intended stations replies immediately whereas the others have to wait to be polled by the beamformer (by using the Beamforming Report Poll). The most relevant information carried by the VHT Compressed Beamforming Frame is as follows -

  • The VHT MIMO Control Field which contains the dimension of the matrix, an indicator of the width of the channel in which the measurements used to create the feedback matrix were taken, and information indicating the size of the codebook entries.
  • The VHT Compressed Beamforming Report containing the compressed beamforming feedback matrix in the form of two angels, as well as SNR of each space-time stream averaged over all subcarriers used.
  • MU Exclusive Beamforming Report carrying explicit information used by a multi-user beamformer in order to create the steering matrices.

VHT NDP frame format


Calculating the feedback matrix -

  • calculating the feedback matrix can begin only after receiving the NDP from the beamformer. Once the NDP is received, each OFDM subcarrier is processed independently in its own matrix that describes the performance of the subcarrier between each transmitter antenna element and each receiver antenna element. The contents of the matrix are based on received power and phase shifts between each pair of antennas.
  • feedback matrix is transformed by matrix multiplication called Givens rotation, which depends on parameters called ‘angels’. Rather than transmitting the full feedback matrix , the beamformee calculates the angels based on the matrix rotation. 802.11ac protocol specifies the order in which these angels are transmitted so that the beamformer can receive a long string of bits and appropriately delimit each angels.
  • Having calculated the angels, the beamformee assembles them into compressed feedback form and returns them to the beamformer. Only one set of angels is required to summarize the radio link performance for all of the OFDM subcarriers. The set of angels can be quite large with a wider channels.
  • The beamformer receives the feedback matrix and uses it to calculate the steering matrix for transmissions to the beamformee.

One feedback matrix is sent by each beamformee. In SU beamforming, there is one feedback matrix from the beamformee and one steering matrix used. In MU beamforming, each beamformee send a feedback matrix and the beamformer needs to maintain a steering matrix for each client.
When transmitting the feedback matrix, there are three main factors that determine its size. First, wider channels have more OFDM subcarriers, so the feedback matrix must be larger to accommodate them. Second, higher the number of pairwise combinations of transmitter and receiver antennas is, the larger the matrix will be. Finally, 802.11ac allows two different representations of the angels value to enable devices to use higher resolution when necessary. MU MIMO requires higher resolution because of the need to avoid inter-user interference.

802.11ac compressed V-Matrix feedback report sizing -


802.11ac IEEE standard, 802.11ac: A Survival Guide, Aruba Networks whitepaper (WP_80211acInDepth.pdf)



Viten Patel is working as Technical Marketing Engineer (Converged Access) at Cisco. He was working as Wireless Escalation Engineer - Cisco TAC and holds many wireless certification like 
CCIE Wireless, CCNP Wireless, CCNA Wireless, CWNA, CWSP, CWAP, CWNE#146

Transmitting information -
There are 3 main steps involved in transmitting a signal over the air:

  • A carrier signal which is generated at the transmitter
  • The carrier is modulated with the information to be transmitted. Any reliable detectable change in signal characteristics can carry information.
  • At the receiver the signal modifications or changes are detected and demodulated.

Signal Characteristics that can be modified -

amplitude, phase and frequency

In AM, the amplitude of a high-frequency carrier signal is varied in proportion to the instantaneous amplitude of the modulating message signal.

Frequency Modulation (FM), in FM the amplitude of the carrier is kept constant while its frequency is varied by the modulating message signal.

Amplitude and phase can be modulated simultaneously and separately, but this is difficult to generate, and especially difficult to detect. Instead, in practical systems the signal is separated into another set of independent components: I (In-phase) and Q (quadrature). These components are orthogonal and do not interfere with each other.



A simple way to view both amplitude and phase is with the polar diagram. The carrier becomes the frequency and phase reference and the signal is interpreted relative to the carrier. The signal can be expressed in polar form as a magnitude and a phase. The phase is relative to a reference signal, the carrier in most communication systems. The magnitude is either an absolute or relative value.


I/Q formats
This is the rectangular representation of the polar diagram. On a polar diagram, the I axis lies on the zero degree phase reference, and the Q axis is rotated 90 degrees. The signal vector’s projection onto the I axis is it ‘I’ component and the projection of the Q axis is its ‘Q’ component.



Digital modulation is easy to accomplish with I/Q modulators. Most digital modulation maps the data to a number of discrete on the I/Q plane. These are known as constellation points. As the signal moves from one point to another, simultaneous phase and amplitude modulation usually results. To accomplish this with an amplitude modulator and a phase modulator is difficult and complex. Alternatively, simultaneous AM and phase modulation is easy with an I/Q modulator. The I and Q control signals are bounded, but infinite phase wrap is possible by properly phasing the I and Q signals.
In 16 QAM, there are four I values and four Q values. This results in a total of 16 possible states for the signal. It can transition from any state to any other state at every symbol time. Since 16 = 2^4, four bits per symbol can be sent. This consists of 2 bits for I and 2 bits for Q.



Here the transmitted symbol ‘0000’ is represented by a modulated signal phase of 225 degrees and a normalized amplitude of 0.33 (the four outer corners of the constellation have a normalized amplitude of 1). The modulated RF signal is the vector sum of an I channel signal whose amplitude is a normalized value of 0.23 with a relative phase of 180 degrees, and a Q channel signal whose amplitude is normalized value of 0.23 with a relative phase of 270 degrees.



Here the transmitted symbol ‘0001’ is represented by a modulated signal phase of 255 degrees and a normalized amplitude of 0.75. The modulated RF signal is a vector sum of an I channel signal whose amplitude is a normalized value of 0.23 with a relative phase of 180 degrees, and a Q channel signal whose amplitude is a normalized value of 0.707 with a relative phase of 270 degrees.
Similarly, other values are calculated.
QAM modulation with ‘M’ symbols is known as M-QAM, for example 16-QAM, 256-QAM etc. Higher value of ‘M’ are used on channels with low levels of noise and distortion. Constellation sizes that are even powers of 2 (M =2, 4, 16, 64, ..) are typically used to make the constellation the same in both axes and simplify implementation.
However, non-square constellations are also used for low values of ‘M’ or where maximum power efficiency is desired. For example, here is an example of a non square constellation for M = 8 (3 bits / symbol)
64-QAM constellation
256-QAM constellation


Required receive sensitivity for different modulation and coding rates



802.11ac MCS


This Blog is written by "Viten Patel", is working as Technical Marketing Engineer (Converged Access) at Cisco. He was working as Wireless Escalation Engineer - Cisco TAC and holds many wireless certification like CCIE Wireless, CCNP Wireless, CCNA Wireless, CWNA, CWSP, CWAP, CWNE#146.

This article is aimed to aid in the process of data collection for client related troubleshooting on Cisco AireOS.
Note: I have used a 5508 Wireless LAN controller running software version, 3702I AP, Mid 2014 Macbook Pro running 10.10.1 and Windows laptop running Windows 7:

1. WLC side debugs

debug client
debug aaa detail enable —> use this if there are authentication related issues with AAA server
debug aaa events enable —> use this if there are authentication related issues with AAA server
debug aaa all enable —> use this for auth issues; this is verbose so use it only when needed (e.g.: for AAA override cases etc)
debug dhcp message enable —> use when issue with ip addressing
debug dhcp packet enable —> use when issue with ip addressing
debug mobility handoff —> use when roaming issues between WLCs.

2. AP side debugs

debug dot11 dot11Radio 0/1 monitor address —> client filtered debugs
debug dot11 dot11Radio 0/1 trace print mgmt —> trace management packets
debug dot11 dot11Radio 0/1 trace print ba —> trace block ack info
debug dot11 dot11Radio 0/1 trace print rcv —> trace received packets
debug dot11 dot11Radio 0/1 trace print keys —> trace set keys
debug dot11 dot11Radio 0/1 trace print rxev —> trace received events
debug dot11 dot11Radio 0/1 trace print txev —> trace transmit events
debug dot11 dot11Radio 0/1 trace print txrad —> trace transmit to radio
debug dot11 dot11Radio 0/1 trace print xmt —> trace transmit packets
debug dot11 dot11Radio 0/1 trace print txfail —> trace transmit failures
debug dot11 dot11Radio 0/1 trace print rates —> trace rate changes 

Usually if you are not sure what debugs to use, just combine all
debug dot11 dot11Radio 0/1 trace print mgmt keys rxev rcv xmt txev txrad txfail
You can use ‘ba’ and ‘rates’ appropriately when there is suspect issue of data rates or block ack negotiation
3. Over the Air Captures:

  • For 11ac 3SS capture you can use 2014 Macbook Pro or later running 10.10.x or higher (don’t use Macbook Air for 11ac capture as Air is 2SS only currently)
  • For 11ac captures you can also use 3702 AP in sniffer mode
  • For 11n capture you can use windows 7 running netmon, Omnipeek with appropriate adapters, Macbook Pro/Air or 11n/ac AP in sniffer mode

4. WLC and AP port captures

  • For cases like AAA issues or DHCP issues sometimes its important to have captures at the WLC port channel and or AP port where the client is connecting (specially in case of multicast traffic not reaching the client, ARPs dropping on the wire etc)


  • All devices should be NTP time synced
  • Mandatory info to be collect: WLC show run-config, AP show controller d0/1
  • Client having authentication issues, deauths, EAPOL key exchange issues
    • WLC client and aaa related debugs, AP side debugs and over the air capture
  • Throughput issues
    • WLC client debug, AP debugs with ‘rates’ debug, Over the air capture and WLC port channel captures
  • Client roaming issue (drops, reauths, inconsistent roams etc)
    • WLC client debugs + mobility debugs concurrent on WLC where the client is roaming from and to, Over the air captures of AP the client is roaming to and from (you will need multi-channel capture). If needed then you can get AP debugs
  • Block Ack negotiation issues
    • WLC client debugs, AP side debugs with ‘ba’ flag, Over the air captures and client side wireless nic card neutron captures along with 802.11 headers.

Note: this document gives you a general idea about what information to collect for client interop issues


Ask your Questions on Cisco’s 802.11ac Solutions - Deployment, Design, and Interop with Cisco Experts: Richard Hamby and Shankar Ramanathan.

Monday, March 30th, 2015 to Friday, April 10th, 2015

Richard Hamby

 Richard Hamby is a senior technical support engineer and Team Lead of the Cisco Technical Assistance Center in Richardson, Texas.  He is an expert in Indoor and Outdoor wireless for the full line of Cisco Unified and Converged Access Wireless products, as well as TAC Engineering Engagement Engineer liaison to project engineering teams for new Cisco wireless products.  Prior to his current role, Richard was a customer support engineer with the AAA Security TAC team supporting Cisco identity management solutions and been with Cisco since 2009.

Shankar Ramanathan is a Customer Support Engineer at the Cisco Technical Center. He is a Technical Content Engineer and Subject Matter Expert for Cisco Enterprise Unified and Converged Access wireless mobility solution including Wireless LAN Controller  2500/5500/WISM2/7500/8500, Converged access 5760/3650/3850 switches,  Access Points Lightweight and Autonomous, VoWLAN (792x/9971) , Cisco Prime Infrastructure SNMP management, Cisco Mobility Services Engine(MSE/ CMX). Prior to joining Cisco in  November 2011, he worked as a wireless network engineer at Elan Technologies, responsible for RF wireless network planning, simulation, propagation path analysis, and optimization of Wi-Fi 802.11 mesh and WiMax (802.16 d/e) networks for various system  integration and automation projects. Shankar holds a master of science degree in electrical engineering specializing in communications and signal process from the State University of New York, Buffalo. Shankar has a CCIE in Wireless(#40548) and CCNA  certified (number 410004168640IMZF) and has over six years of industry experience.

Find other

**Ratings Encourage Participation! **
Please be sure to rate the Answers to Questions

 Cisco Ask the Expert


If you're like me you may have hundreds or even thousands of Cisco 1131, 1242 and 1250 access points deployed in your wireless network today. 

 A number of legacy access point models will no longer be supported past 8.0 code. 

This is reminiscent of 1000 series access points. I can recall the horror stories, people upgrading to 5.0 only to realize that the 1000 series would not join the WLC. #DontBeThatGuy!

Ask your Cisco rep about buy back programs and bundle purchases; buy X and get 5-10 free access points!