Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Wireless - Mobility Blogs


Aironet 1850 as a standalone (Mobility express master)

Aironet 1850 as a standalone (Mobility express master)
I have just purchased a brand new AIR-AP-1852I-E-K9 for our waiting room.

I have never had a Cisco product before. We always had some cheap consumer APs before.

I connected the AP to the POE and it gets an ip. But the CiscoAirProvision SSID won't show up.

After a lot of research I am a little bit confused. Maybe someone can help me.

- For all i know, i have the wrong firmware on my AP. I need to install the Mobility Express version so the AP can act as standalone.

- I don't have any contract with cisco so I can't download this firmware. Why do I need a contract to download software from Cisco?

Any help would be very appreciated and sorry for my English.


Recently, I wanted to upgrade AP 1832i Mobility Express from version 8.2, which came with purchased AP, to 8.5, which is preferred and recommended by TAC.

TAC Recommended software


However, official procedure did not went smoothly. Just for the note I'm an old-fashioned guy and I was using CLI procedure, which I anyhow trust for such things as manipulating images and configuration.

Mobility Express Deployment Guide


After opening case, a nice lady from Cisco TAC in Jordan pointed out that upgrade path from 8.2 to 8.5 is going over 8.3.

8.5MR2 Release Notes


Lo and behold, upgrade from 8.2 to 8.3 is not workin either, reporting "Access Violation" as alleged problem cause when displaying AP images.


In the end, after numerous tries and TAC lady endless patience, she managed to perform upgrade with following command, issued on AP CLI (which you enter by typing "ap" command at controller prompt):


#archive download-sw /reload tftp://<tftp server ip address>/<filename.tar>


Catch is in skipping "/overwrite" switch which is somehow triggering "Access Violation" condition.


I hope this will save you some time...



Hello guys!

I´m trying to update an Ap 1830i with ME, it´s version is 8.2.11, and I want to upgrade the firmware to 8.7.10.


The issue that Cli show me is this...

Image downloaded, writing to flash...
do PREDOWNLOAD, part1 is active part
tar: short read
part.bin signature verification failure, exit the script
Error: TRUNCATED_TAR_FILE, not updating ubi vol
Error: '/etc/ PREDOWNLOAD' failure



I have 5 ap´s with the same issue.



Before I update 10 like the same model 1830.


Hello ,


Configured 2 Mesh APs, Mesh#1 has 4 bars and Mesh#2 has 2 bars.

It is my understanding that the location of this AP cannot be relocated and it is near a room with  electronic devices..

I changed the following 

Transmit power on  802.11a,802.11b to 5 , changed channels, enabled DCA and TPC for 802.11a,802.11b luck 


What is the best way to configure so we can see more bars and reduce interference  


Primary Software Version
Backup Software Version
Predownload Status None
Predownloaded Version None
Predownload Next Retry Time NA
Predownload Retry Count NA
Boot Version
IOS Version 15.3(3)JC14$
Mini IOS Version

1 Comment

Hello Team,

I received 3  APs  AIR-CAP1552H-M-K9, I configured one as Root AP and the rest as Mesh.


Several times a day, I noticed that MESHs APs keep dropping out of the network ... Meshs APs are not joining the WLC (wireless/All AP) and under Wireless/radio  802.11a.    tThe root AP  "operation status " is  down..  ......................I had to remove Bridge on Root AP reset in order for the MEsh AP  to joined. Then I set Root AP back as bridge.......

** the switch interfaces to Mesh AP are shut down in order to sync with the radio.


Any reason for  this operation status to change status to down?


Thank you all  


WLC2504 vers8.2.166.0

Primary Software Version
Backup Software Version
Predownload Status None
Predownloaded Version None
Predownload Next Retry Time NA
Predownload Retry Count NA
Boot Version
IOS Version 15.3(3)JC14$
Mini IOS Version



Primary Software Version
Backup Software Version
Predownload Status None
Predownloaded Version None
Predownload Next Retry Time NA
Predownload Retry Count NA
Boot Version
IOS Version 15.3(3)JC14$
Mini IOS Version


Happy to Introduce “Wireless Config Analyzer Express” the next gen cloud based evolution of the WLC Config Analyzer (WLCCA) with powerful checks for Wireless LAN Controllers , Access Points (AP), Radio Frequency (RF), Mobility, Security, Mesh and Flex Configurations. “WCAE” provides state of art RF summary including stats summarization at WLC, AP group, Flex group level and RF health analysis at WLC, AP group, Flex group level.


Please access the tool in the tools section of @


WCAE Main Features (Feb 2018)


Config Checks

184+ checks for configuration issues, covering Security, WLANs, Mobility, Mesh, Flex, etc

Get the experience of hundreds of cases applied to your network in seconds

AP  Data Summarization

Get list of AP HW types and operational modes in use

RF Stats

Quick data summarization for main RF stats,  see what is happening at WLC, or AP group/Flex group levels

RF Health

Simplified RF analysis tool, translate those RF statistics into simple Health report

Log File Summarization

List all messages in a short list, get counts and initial/end time

Supported Controllers

WLC running AireOS

Any version

Any Hardware

File Types Supported

Sh run-config -> recommended option, gives you more bang for the buck

Sh tech

Sh msglog


WCAE is a public facing tool and anyone with a valid CEC ID can enjoy its benefits. Please feel free to share this tool with your customers and partners.  Note: Ensure that pop-up block is disabled for the page on your browser to run the script. Here are some cool screenshots from WCAE:


Controller Messages View

 message view.pngController Messages



RF Health view

 rf health.pngRF Health view

More information


The same backend engine is used on the Diagnostic Bridge as part of the Connected TAC initiative, you can join your network and  enjoy additional digitized expertize:



 feedback.jpgFeedback button

Questions? Features requests? Problems?  Please let us know!~


We're pleased to announce that Interim software 8.5MR1 Interim version is now posted on the Forum.

 Obtaining Pre-Release Software

  1. Please fill software request access form for 8.5MR1 Interim:
  2. Once above step is completed, access to all supporting materials and pre-released software will be made available to Cisco Beta Customers within 24 Hours at


1. Please make sure to use Aspera Client to download files, if downloading for the first time from you will be prompted to install Aspera Client on top of Website

2. Also please make sure to check your popup blocker if you are not able to download the code.]


In order for us to track found issues or simply comments or questions you must submit each initial feedback or bug via Feedback form through provided link:


Resolved Caveats 


CSCve64066       AP is not joining the controller when IP is changed from DHCP to static, for first time

CSCvf33154       Wireless to Wireless multicast failure on Cisco 2800, 3800 APs with WPA-PSK-TKIP

CSCvf81919       3800 AP crash: selipc causing double free

CSCvg07305       No error messages displayed when enabling FRA and RF group Leaders are on different physical WLC's

CSCvg26310       AP 2800 Radio Cores Caused by tx_recovery_failed after FW Beacon Stuck

CSCvg35226       Unable to change Antenna Band Mode to 1562E AP

CSCuz85056       Modifying IP mode from DHCP to Static does not chnage for a scenario

CSCvf05707       MAPs with no children on DFS channels unable to perform fast roaming

CSCvf08426       observed watchdog reset (mrvlfwd) crash on AP2802 with the load

CSCvf22689       8.5 Need WLC show command for sensor reachability verification for non-xor aps

CSCvf27305 - AP1815M MAP3 loses connection to controller when wireless client roams to it ...

CSCvf60045       Cisco Controller reloads unexpectedly on "config bleBeaconwhiteList add HomeDepot"

CSCvg22857       FEW - AP access-tunnels drop when WLC switches over

CSCvg31538       IPV6 traffic gets dropped in Encr mobility

CSCvg37134       AP 1800S sensor in most of the cases fails to join the neighbor AP

CSCvg37369       No data is displayed on assurance with 227 WLC image

CSCvg39156       DHCP should not be sent to WAP with AP ->WLC header within EoGRE

CSCvg39437       WGB should forward downstream broadcast traffic within specific vlan

CSCvg43083       Cisco 3800 AP DFS intermittent compliance failures

CSCvg46683       FEW - map server AP entries dropped when WLC switches over again

CSCvg51267       Tunnel not plumbed on the UCS HA standby when peer is in same VLAN

CSCve30380       AP3700 Flex mode AP not advertising Ext. Cap. IE in Assoc Resp

CSCve50340       broadcast-replicate feature does not replicate broadcast to non-native vlans

CSCve60014       Sleeping client entry not getting created after idle timeout

CSCvf05391       wlc not sending delete payload to AP on exclusion client manual deauth

CSCvf12011       Webauth logout fails after standalone - connected

CSCvf21673       Cisco 2800/3800 APs send block ACK packets using disabled data rates

CSCvf23943       FRA is impacted when AP 3800 modules (like AIR-RMVBLE2) are in use


CSCuw48090      Cisco 1602 AP 5-GHz radio stop transmitting / receiving frames

CSCux97132       AP starts the Channel Availability Check (CAC) timer after rolling back to a lower bandwidth

CSCuy61155       802.11b inconsistent probe response - band select enabled - 2.4GHz

CSCuz72195       AP Bridge does not forward BPDUs or VTP frames

CSCva59172       RF - Profile paramaters are not pushed for optimised roam

CSCvb57793       AP does not fragment EAP cert correctly

CSCvc50775       Webauth redirection stop working when AP manager is configured on a dynamic interface

CSCvd15449       FRA Probe suppression doesn't work for pre-association client

CSCvd42321       Cisco 1832 AP drops the CAC SIP 486 packet

CSCvd83486       Cisco IW3702UX AP will not join Cisco vWLC after 3+days

CSCvd91770       Trust-DSCP-Upstream broken on Cisco release

CSCve13779       AP2802 Rogue Detection config changed back to "Enabled" after AP reboot

CSCve18213       Foreign WLC leaks IPv6 and IPv4 multicast client traffic out of EoIP tunnel

CSCve33506       Client EAP-TLS handshake does not succeed with AP-COS APs

CSCve39780       1832 ME is dropping some 11a static IP client associations due to DHCP Policy timeout

CSCve47928       Cisco 8.5 release: AP is not joining the Cisco WLC after image upgrade

CSCve51301       Cisco 1850, 1830 AP: Stops beaconing

CSCve56341       Msglog flooding with MUTEX_UNLOCK_FAILED: trace backs

CSCve57121       3800 AP not passing traffic

CSCve57918       WLC IGMP queries not sent consistently

CSCve59671       WLC/ME: RADIUS fail-over does not work when retransmit timeout is not set to default value

CSCve63755       Cisco WLC running Cisco APs fail to join the WLC if it has LSC enabled on it

CSCve64652       AP crash CPU vector after: NZ prev pointer but not running, timer Process="LWAPP CLIENT"

CSCve65242       Cisco 702w AP radio resets with reason code 71

CSCve68039       Some APs cannot join the WLC because the WLC misrecognizes the number of APs

CSCve68787       Cisco AP is not transmitting out the de-auth frame over the air that was received from the WLC

CSCve72187       Micro-Macro transition configuration should be limited to within the defined range

CSCve75022       Cisco WLC does not apply QoS tag upstream from foreign to anchor

CSCve75339       Macro to micro transition threshold is not configurable on Mobility Express

CSCve75515       Configuration backup shows the time instead of the NAT IP

CSCve78449       Cisco 3700 AP: radio d1 reset: Tx jammed

CSCuz59858       Cisco 3500AP (SC1), client association failure - R2H Buffer full

CSCve81269       Clients failed to get connected to the Cisco AP in Flex mode with message as AID already in use

CSCve81314       Clients fails to connect to AID with message as All AID are in use when the AP is in Local mode

CSCve83024       WLC power supply issues not showing up on 360 page

CSCve84906       Traceback observed in Cisco WLC while something is fetched for Flex ACL with AVC

CSCve85321       WGB traffic disruption on missed beacons and no scan or roam

CSCve86627       bridging interface mode get reset to 'access' when configure MeshAP from GUI

CSCve90032       WLC Fabric Enabled Wireless: flooding logs with "Updating MS IPv6[1] Addr" logs

CSCve92127       WLC Data plane reloads unexpectedly on DP core 0 due to WDT

CSCve95309       'WL_IOCTL_SET_MGMT_SEND failed for apr1v0 error Bad address' msg on AP by Radio reset

CSCve96310       Cisco WLC installs certificate without a password. However, WebAuthentication fails.

CSCve96870       wcpd out of memory; AP-COS reloads, or fails to send auth or DHCP response to client

CSCve98689       Repeated CDP-4-DUPLEX_MISMATCH seen 1852 and 3802 APs are connected to 3850 switch.

CSCve98892       DNS lookup for RADIUS/TACACS+ fails because it is queried before the physical port is up

CSCve99696       CPU ACLs are missing after the WLC reload.

CSCvf01433       Cisco 1852 AP fails to send multicast packets to wireless

CSCvf02705       The IP-SGT binding is removed from SXP peer after a WLC redundancy switchover

CSCvf03024       The power constraint value is advertised as 3, though it is configured as 0

CSCvf05046       Cisco 1800,2800,3800 APs: correction in unit of antenna gain in show controller output

CSCvf05427       Cisco 2800/3800 AP cannot use the RX-SOP

CSCvf07062       channel assignment leader shows incorrect value on standby wlc

CSCvf07776       Cisco 2800, 3800 AP - FIQ stopped working due to firmware core dump loop

CSCvf12571       AP2800/3800- CAPWAP tunnel does not restart automatically after primary-base WLCName

CSCvf12728       Cisco 7510 WLC stopped working in SNMP task with no traceback

CSCvf15991       Client data traffic drops AAA override and link-local-bridging are enabled due to timing issue

CSCvf16629       The OUI string updates properly in Cisco 5508 WLC but disappears after a reboot

CSCvf17488       Cisco WLC reloads unexpectedly with task name: mmMaListen on

CSCvf22697       Flooding "Invalid checkpoint client ID (0)" message on Standby WLC

CSCvf23182       Radio parameters become blank after setting channel width to 40-above

CSCvf23432       Crash - DOT11-3-OFF_CHN_QUEUE_STUCK:  Flushing off channel Queue recovery acted

CSCvf25015       AP on reloads ENTROPY-0-ENTROPY_ERROR:unable to collect sufficient entropy

CSCvf26207       WLC running faces crash while running airewave director debug

CSCvf27533       3800 Ap in a constant crash reboot loop

CSCvf28800       AP 2800:  FIQ crashed due to  aptrace

CSCvf30881       After changing the AP CAPWAP v4 to v6, AP name is changing to default MAC name

CSCvf32021       WLC not marking TID in CAPWAP for TSPEC/TCLASS client after roam it is marked

CSCvf32864       wired client behind MAP(iw3700) is not able to send traffic to destination

CSCvf33081       WLC running is not accepting IPs for NetFlow exporter ending between .224 - .255

CSCvf34744       Correct fix for CSCvc78546 (Zero 801.11e QoS for downstream voice when CAC disabled)

CSCvf37785       On 1810W AP, multicast fails to pass on the LAN port when switchport for 1000M speed

CSCvf38154       Cisco 2800, 3800 APs- Dual DFS Fix that avoids False DFS triggers in HD environment

CSCvf38379       8540, 5520 WLCs won't boot - "System could not find 68xx Nic Card"

CSCvf38544       WLC: Jamaica Country does not add -E Regulatory Domain support for Outdoor APs

CSCvf39106       WLC IPv4 CPU ACL mapping is removed after redundancy switchover

CSCvf41342       HA SSO - Apply Config failed on Standby, Reason:5

CSCvf41485       WLC reloads unexpectedly when entering 'show run-config' command

CSCvf44285       8.3 does not allow use of spaces in Flex group names, no APs showed on GUI for existing names

CSCvf44497       Cisco 2800, 3800 Flex- If there is no RSN IE, yet the AP is advertising both HT and VHT IEs

CSCvf44583       Cisco 2800, 3800 APs transmitting at MCS/802.11n rates to clients with WMM disabled

CSCvf45017       Remote LAN with 1810w in flex not showing client IP

CSCvf45989       WLC DP core 0 hung due to RML interrupt handler

CSCvf47017       AP 2800/3800 AP - not able to boot and get stuck "BootROM: Image checksum FAILED"

CSCvf50387       new AP 1562 crash due to: FIQ/NMI reset

CSCvf50747       When traffic is not initiated by the WLC, the WLC does not check ARP table

CSCvf52008       WLC's GUI hanged and unexpectedly rebooted

CSCvf52723       IOS AP FlexConnect local switching - client cannot pass traffic when using 802.1X + NAC

CSCvf52875       SNMP:Junk characters in place of server ip when image download is initiated from Prime

CSCvf55570       Clients unable to connect when CCKM and FT802.1X are enabled together

CSCvf55741       Cisco 1532 AP cannot use static IP address when configured as mesh AP (MAP)

CSCvf56076       Calibration data stored for channels 40, 149 and 153 are incorrect

CSCvf56556       Guest User role cannot be called properly on the Cisco 2504 WLC platform

CSCvf57305       Issues with 1562s MAP taking a long time to join RAP

CSCvf57360       Wave2 AP clients constantly deleted with active voice traffic and optimized roaming enabled

CSCvf58977       RTU license count taking over Smart Account count

CSCvf59621       Cisco 3800, 2800 AP running release: TxFSM Stuck

CSCvf59685       Cisco 3602i/e AP reloads unexpectedly while failover occurs

CSCvf61110       Implement a knob to enable disable TPC optimization based on Neighbors within an AP group

CSCvf61646       11v BSS Transition Preferred Candidate List Not Included with Radio Policy Set to 802.11a Only

CSCvf61962       WLC crash due high CPU caused by SNMP task

CSCvf61975       WLC reaper not creating proper crash file

CSCvf62670       AP1850/1830 : Stop Rx without beacon drop in noisy environment

CSCvf62929       WLC randomly marks wireless management frames with DSCP CS0 instead of CS6

CSCvf63464       AP show clis seen having previously joined controller capwap tunneled WLAN entries

CSCvf65587       2504 controller not accepting 50 AP evaluation license

CSCvf67467       System crashing as Reaper Reset:Task wipsTask taking too much cpu

CSCvf68648       Dataplane crash when using EoGRE tunnel

CSCvf69070       Aironet2802 marking upstream client traffic with incorrect DSCP values when WMM is disabled

CSCvf71074       AP 1562 Failed to decode discovery response

CSCvf71136       Infra IPv6 AP drops off from the WLC every 4 to 12 hours

CSCvf72352       Rogue APs getting contained or containment pending automatically on the WLC

CSCvf72497       3600 AP dropping over dtls tunnel with 8540 wlc

CSCvf76245       debug client sometimes reports wrong BSSID in (Re)association message

CSCvf76739       2800/3800 AAA override VLAN doesn't work for native VLAN.

CSCvf77787       AP LAG fails using LACP with non-Cisco switches

CSCvf82065       1562 unable to pass multicast joins from RAP to MAPs

CSCvf82117       WLC fails to send complete IPv6 client information to Prime Infrastructure

CSCvf83404       VLAN override on RLAN with FlexConnect Local Switching does not work

CSCvf83733       WLC detects IDS Signature attack even if Signature Processing is disabled

CSCvf84211       WLC dataplane crash due to core 0 hung and RML interrupt handling

CSCvf84816       AP1810W Kernel Panic crash PC is at 0x4 LR is at _ieee80211_free_node+0x264/0x4b4

CSCvf86035       1815w Kernel Panic wlan_channel_frequency+0x10/0x18 LR  acfg_get_client_info+0x84/0x264

CSCvf86148       3800 ap crash

CSCvf87731       WLC Crash during AP join failure

CSCvf88091       Clients behind 3rd Party WGB fail DHCP post upgrade to

CSCvf89334       OpenDNS information is lost when Master AP fails over to the new one

CSCvf95036       1850 radio firmware crash at 0x009A4859, QCA 03132454

CSCvf97662       AP801/AP802 not support DTLS data encryption but it's configrable

CSCvg01740       Deauth reason pulled from association response code wrongly

CSCvg01874       Unable to add LSC CA Certificate on wlc GUI

CSCvg08894       3802 AP crash Watchdog reset reason: capwapd

CSCvg20439       1562 is dropping downlink unicast messages, making connectivity difficult across mesh link

CSCvg21845       WLC crash - Task Name: SXP SOCK

CSCvg29019       AP18xx : Bypassed scan in returning to DFS channel after blacklist timeout

CSCvg10793        Key Reinstallation attacks against WPA protocol

CSCvf47808         Key Reinstallation attacks against WPA protocol

CSCva18887       ME : IOS AP flash corruption issue

CSCvb64056       nat-pat & central DHCP is disabled on AP after reloading AP

CSCvc71012       Error in retrieving number of mDNS policies with command "show mdns policy service-group"

CSCvd09394       AP3700: Tx util values are not changed

CSCvd21375 - 1562 RAP doesn't show (DFS scan in process) like Crete does ...

CSCvd64928       System stopped working on PMIPV6_Thread_0 during creation of LMA entry

CSCvd80240       FlexConnect AP sends associate response with wrong HT capabilities

CSCvd90160       AP2800 sending announce as 0 in Reassociation response in FlexMode in FT and adaptive FT

CSCvd95557       For Non-DPAA AP Model, client stuck in Authentication Mode while associating

CSCve18089       vWlc:Data switching role changes from local to central upon roaming b/w click-AP's

CSCve28491       APs in Flex mode with interface configured trunk with multiple VLANs missing links to switch

CSCve31474       WGB HSR 802.11v neighbor report error message when Infrastructure MFP is enabled

CSCve44977       WLC Dual Band radios showing incorrect suggested mode

CSCve56210       Uva: Observed command-timeout while XOR radio was in Sensor mode

CSCve56404       Cisco 8.5: Cisco XOR radio configured to Sensor mode using GUI has operational state down

CSCve61201       When tput improves above earlyliftthreshold, UE authentication int successful

CSCve66810       eca-ios-ap: data acl and cwa redirect acl not pushed to ios-ap's

CSCve67164       eca-ios-ap: Wrong webauth status at ios-ap

CSCve67229       Sanity:  ap1800i rebooted error msg : apsw_watchdog about to reboot with reason: wcpd

CSCve69442       Mobility with DTLS: no PMTU discovery packets sent

CSCve81183       Cisco 2800, 3800 - Rx hang in release

CSCve83915       32 chars match role string is not accepting in CLI unlike in GUI

CSCve86203       eca-ios-ap: downstream bssid/client qos policing and marking not effective (CD21)

CSCve88087       AP18xx WMM parameters not pushed to radio FW, QCA 02998094

CSCve88574       vEWLC AP-SSO: Data-keepalive sent to Old Active MAC and dropped at controller after SSO

CSCve89376       Cisco Wave1 APs sends RA periodically when EoGRE tunnel profile is added to the AP

CSCve91836       AP crashed when running Multicast Flex Mode script

CSCve93715       ewlc: click-os 3802 AP crash -capwapd

CSCve96480       IOS AP stopped working when it is changed from sensor mode.

CSCve99067       Assurance:  JWS Token creation failed error on WLC

CSCve99744       Crash on form submit Global config- ewaFormSubmit_glbl_conf+5764

CSCve99763 - Crete MAP2s experience roaming issues ...

CSCvf00877       8.5: cmdtimeout when xor in sensor mode, band mismatch errors

CSCvf04412       2800/3800 AP acting as ME stopped working due to watchdog reset (OOM) after 23 days up time

CSCvf05003       eWLC:Mobilitty Tunnels are flapping post SSC integration if aireos is server

CSCvf05776       Target assert  XXXXXXXX WAITING FOR STOP EVENT on Cisco 1810 AP

CSCvf07189       8.5 Incorrect prompt after executing any CLI with (y/n) option

CSCvf07775       Cisco 2800,3800 AP - Kernel panic FIQ or NMI - Panic in click

CSCvf09441       PMIPv6 MAG is not initialized in the backend

CSCvf10157       Wism WLC stopped working with emWeb in build

CSCvf10810       Partial collection failure for Mobility express

CSCvf11433       Sanity:core-mrvlfwd and core-wcpd found in ap3800 with

CSCvf12246       Mesh: Assoc ID is always passed as 1 to all clients

CSCvf12355       FEW : Unknown Clients IPV4 address on WLC when Clients joins on IOS 3700 AP

CSCvf16842       Tunnel Gateway (TGW) in Cisco 3802 AP comes up only after the Heartbeat interval expires

CSCvf17085       The radio of Cisco 3800 series AP stopped working after an image reload

CSCvf17133       8.3MR3:"config dhcp address-pool test" hits "Invalid scope specified."

CSCvf17294 : Radio Reset, wlChkAdapter(2686): regval ffffffff for wifi0

CSCvf18505       When WLC adaptive/fastlane is disabled, the CCX IE is missing in probe response Wave 2 APs

CSCvf18545       Farallon AP image with swim support

CSCvf19717       Modification of Single host-multihost-mab enable/disable results in rlan removal

CSCvf19891       Cisco 3800 and 2800 series APs stopped working when an SKB from Linux host was freed twice.

CSCvf20997       Hotspot getting enabled with open security in WLC

CSCvf22342       Cisco 3800, 2800 AP running release: TxFSM Stuck

CSCvf22977       Not able to delete Radius Auth server with RFC3576 enabled  form CLI.

CSCvf23193       eCA : Assurance token and URL details are not pushed to APs in Sensor mode

CSCvf23812       AP2800/38008.5: FIQ reset on ME WLC

CSCvf25062       AP3800 on[cmd mismatch] wifi0: Host Cmd:0x9201 F/W Cmd:0x8001 Last:0x801d

CSCvf28913       WLC FRA configuration menu VERY confusing

CSCvf31767       AP group entry duplicated, cannot delete AP group, access existing AP groups

CSCvf33168       FEW:  all access-tunnels taken down when fabric interface deleted

CSCvf33658       Observed L2 and L3 roam failure more than 5% in polaris-longevity with 1800 series AP

CSCvf33937       system crash from do_pingInet task

CSCvf38293 AP3800 Radio 0 stopped

CSCvf39202       3600 AP continuously reloading after data dtls config mapped to AP

CSCvf41057       Clients QoS level changes automatically to silver from gold during local authentication

CSCvf41909       XOR radio is not set to lowest Tx power after moving to 5-GHz band by FRA

CSCvf44061       SNMP get or walk on device for bsnAPBridgingSupport returns ENABLE for AP2800/3800

CSCvf46047       AP: C3700 image upgrade support from 8.3 to 8.6

CSCvf46715       Cisco 3800 AP running Kernel panic seen on alpha

CSCvf47198       1815M-Mesh: Fixed backhaul rate configuration does not work

CSCvf48180       Beacon stuck on 2.4GHz band radio

CSCvf51254       8.3MR3: MU-MIMO: Radio 1 crash from muTxDone()

CSCvf51690       DHCP option 60 string is not showing in wired capture in DHCP request for 2800 series AP

CSCvf51780       AP3504 WLC crashed during external webauth redirection with MAX length URL

CSCvf55262       Corrupted packets during awpp link formation

CSCvf56465       wlc does reflect 400 error codes

CSCvf57477       AP 3800 Radius Server config is getting changed when upgrading from to

CSCvf57859       Ceiling not working if DSCP sent is higher than metal policy of WLAN

CSCvf59630       XOR radio does not move to 5GHz/Monitor bands after being marked redundant

CSCvf60313       Sanity:Core file found on ap1560 with

CSCvf64268       ME: Once opening and closing the DHCP lease the crash was occured to the device

CSCvf65100       AP3800E/2800E- Apple Broken Antenna Detection ant_mon_detection_time_secs initialization

CSCvf65574       IOS AP flap upon switchover and client summary table not showing client with IOS AP

CSCvf68673       AP is doing reassembly of uplink packets, which is causing ping fail for jumbo pkts

CSCvf68674       8.5MR1: ptr_meshFileCfg.cfg.convMethod value = 3 is out of range min = 0 and max = 2 upgrade

CSCvf69071       WLC 3504 factory default license issue

CSCvf71897       3800E All antennas are reporting weak signal. A is enabled and BCD disabled for weak-RSSI

CSCvf72997       8.6: 1832 kernel panic

CSCvf75532       AP-Group:AP group name configuration is not persistent after AP reload when it is configured from AP

CSCvf75869       2800/3800 radio0 crashing in longevity due to 3rd party FW issue(s)

CSCvf76161       ME: Master AP running with 100% CPU Utilization

CSCvf76528       wlc(5520) crashed with Task Name:\tapfMsConnTask_4

CSCvf77017       [vEWLC]:2700 AP always send DSCP 32 in Upstream for IPv6 Traffic

CSCvf80317       FEW - map server AP entries dropped when WLC switches over

CSCvf81993       Sensor heartbeat stopped working when AP in sensor mode for 1832I after some time

CSCvf82214 WLC image does not log msglog

CSCvf82379 - Standby WLC (AIR-CT5508-K9) crashing with haSSOServiceTask0

CSCvf83594       Client moving to RUN state from webauth reqd after reassoc request

CSCvf84540       Cisco 3700 AP: radio d1 reset: Tx jammed, probably beacon was not really sent by Hw

CSCvf85093       Downstream policy-map removed from bssid target after controller switchover

CSCvf85489       AP is not able to join the WLC with LSC enabled

CSCvf85758       Data path flaps on HA switchover

CSCvf87646       AP 2800/3800 Sniffer mode: Sees frequent kernel panic crashes

CSCvf89222 standby wlc-8510 - crashed with rmgrMain due to IPC timeout has occurred multiple times

CSCvf89413       FEW Sanity: Client stuck in DHCP-REQD state after enabling fabric

CSCvf92627 AP - AP3802E-B - AP crashed due to watchdog reset(with reason: out to reboot with r)

CSCvf94486       For 802.11ac, client estimated throughput drops drastically after connecting

CSCvf94574       Not able to create ipsec profile

CSCvf94707       After CoA, when client connects within backoff timer, WLC sends Access Request

CSCvf95048       AP group: When RLAN AP moves from old AP group to new AP group,old RLANs are still maintained

CSCvf96146       IRCM 16.7.1:Mobility tunnels are flapping between vEWLC and 5508

CSCvf97201       8.3MR3: MU-MIMO: Radio 1 crash from muTxDone() - more trigger in addition to fixes in CSCvf51254

CSCvg01352       IPv4 traffic drops with "Packet needs to be fragmented but DF bit is set" and MTU mismatch

CSCvg01771       AP1815 / TSN Wifi / Star Wifi: Fail to boot after power-off during u-boot upgrade

CSCvg01883       ClickOs:client association failed with A radio

CSCvg02335       https communication is not enabled in Farallon image download

CSCvg04022       Encrypt mobility enable/disable fails with HA from GUI

CSCvg04081       AP2800 sending announce as 0 in Reassociation response in FlexConnect Mode in FT and adaptive FT

CSCvg04758       Control Path flaps post switchover

CSCvg07438       AP3800: Low throughput due to packet drops in AP in both fragmented and non-fragmented packets

CSCvg07783       Vulcano New P3 modules are not getting dhcp address with AP2800/3800 VE AP. The module is up.

CSCvg08820       Client failed to join Click-AP with A radio alone in local mode

CSCvg12223       Flex mode- WLC does not send all neighbors for a client

CSCvg13374       CCO download DNS breaks after poll and and manually configuring to invalid DNS server

CSCvg14346       WLC- is flagging Misc_Reason 0x9 as an Invalid Apple Reason Code but displays proprietary failure

CSCvg18366       AP hostapd deleting client entry when client goes to FWD state in WCPD

CSCvg18978       Sensor: AP2802I when in radio as sensor radio 0 crash

CSCvg23317       [ECA-SIT]Join Request- PMTU -NOP Payload Parsing issue with Click APs

CSCvg27595       Sensor: 5G radio results in AP2800/3800 XOR have default connectivity values

CSCvg29907       AP 3800/2800 AP sending wrong BSSID in the Request,Identity packet

CSCvg30754       Hyperlocation: AP join issues

CSCvg31499       AP 3800/2800 and .61 when AP is in flex mode, AP crashed due hostapd process.

CSCvg33285       Sensor : AP2802i : Synthetic tests stops during longivity run

CSCvg33908       AP3800/2800: Apple Broken antenna detection feature won't work without NDP frames

CSCvg35961       8.5MR1: AP2702 radio reset and rcore - rec fail

CSCve12846       Flex mode AP18xx not prioritizing packets based on QoS Map

CSCve13886       WPS signature is getting disabled upon upload or download

CSCve69973       2800/3800 - Throttle Assoc requests to WLC

CSCve79184       1832,1810 AP doesn't send the proper DSCP values to the wlc(data dtls) (upstream QoS marking rework)

CSCvf01576       Cisco 3504 WLC is not generating a crash file.

CSCvf07640       [5520] Setting an IPv6 address for primary-base on an AP from WLC cuts off last characters      after ::

CSCvf12011       Webauth logout fails after standalone - connected

CSCvf16340       8.3MR3:After WLC upgraded to  8.3MR3, Hydra shows "host/RAM_fw Build Ver Mismatch: H:0x47, F:0x5 !"

CSCvf16466       3802 AP sending incorrect DFS channel list to WLC

CSCvf19926       8.3MR3:OSAPI-3-MSGQ_RUNNING_HIGH: [PA]osapi_msgq.c:926 Message queue BCAST-DATA-Q  is nearing full.

CSCvf30035       wlc crashed due to SXP CORE not releasing lock

CSCvf29208       AP2800/3800/18xx-Mesh: Fixed backhaul rate issues.

CSCvf30828       ME: 1815M AP crashes when clients connecting to AVC enabled WLAN

CSCvf31054       continuous FIQ/NMI reset crash for 3802 ap when xor in sensor mode

CSCvf34480       Uva FEW Cheeta-AP loosing flex-avc-profile config if one out of 2 WLAN disabled

CSCvf38393       NDP on 2800/3800 not transmitting at Correct Power on 802.11b/g/n Channels

CSCvf40071       WIPS engine gets disabled on 2800 after AP reboot

CSCvf41587       3800I : {watchdogd} apsw_watchdog about to reboot with reason: wcpd

CSCvf43759       issue 'no bvi-vlanid' on WGB does not cast IAPP message to refresh BVI vlan id on AP

CSCvf47744       ping fail between routers after route setup with radio link

CSCvf49632       Capwapd crashed after enabling capwap payload debug

CSCvf60009       Ethernet daisy chain IW3702 GE1 1Gbps reload same time when configured speed 100 & duplex full

CSCvf69869       In new mobility with NAT, Client connected to foreign is unable to communicate

CSCvf69955 - Kernel Panic seen on 1542 Mesh APs

CSCvf95503       11r roam flexconnect local switch OTA FT-8021x fails intermittently on Corsica

CSCvg10680       DTLS handshake takes more time to get established successfully


Why we need "IP Options". If we disable "IP options "under global inspection in ASA. What could be the issue? 

Is it recommended to disable inspection for "IP Options" in ASA?




1 Comment

We're pleased to announce that Interim software 8.3MR3 Interim version is now posted on the Forum.

 Obtaining Pre-Release Software

  1. Please fill software request access form for 8.3MR3 Interim:
  2. Once above step is completed, access to all supporting materials and pre-released software will be made available to Cisco Beta Customers within 24 Hours at

[NOTE: Please make sure to use Aspera Client to download files, if downloading for the first time from you will be prompted to install Aspera Client on top of Website]


In order for us to track found issues or simply comments or questions you must submit each initial feedback or bug via Feedback form through provided link:

Resolved Caveats

CSCvf17085The radio of Cisco 3800 series AP stopped working after an image reload.
CSCve68039Some APs cannot join the WLC because the WLC misrecognizes the number of APs
CSCvf39106WLC IPv4 CPU ACL mapping is removed after redundancy switchover
CSCvf41405WLC: Need to correct changing MDIE behavior in case of adaptive WLAN
CSCvc50775webauth redirection stop working when AP manager is configured on a dynamic interface
CSCvc71012Error in retrieving number of mDNS policies when given command "show mdns policy service-group"
CSCvf09581Samsung S8 device cannot stay associated with 11v enabled on Wave 2 APs
CSCvf12728Cisco 7510 WLC stopped working in SNMP task with no traceback
CSCvf417268.3MR3 "show advanced fra" showing COF/Suggested Mode as None
CSCva37010Invalid staid XXX received
CSCuh45072WLC HA tacacs+ authentication authorization sent to different AAA server
CSCvd20944Msglog flooding *sntpReceiveTask:%LOG-3-Q_IND: [PA]env_monitor.c:100 Check sensor fail: fan status
CSCvd93004NMSP status is inactive with hash key mismatch
CSCvf403068.3MR3: COF calculation not getting propagated after FRA run
CSCvf07775Cisco 2800,3800 AP - Kernel panic FIQ or NMI - Panic in click
CSCvf09758Providing correct fix for CSCve73774 (AP1850 didn't work Fault-Tolerance as expected).
CSCvf125712800/3800 CAPWAP tunnel doesn't restart automatically after configuring primary-base WLCName
CSCve25629HA WLC must send authentication and authorization request to same server
CSCve43125IW3702 -F domain support
CSCvf30451FRA Last run is showing incorrect time on standby wlc
CSCvd163803800 detecting DFS False triggers
CSCvd940042800/3800 detecting DFS False triggers
CSCve42311Cisco 3800 AP experiences kernel panic due to double free in wireless driver during radio coredump
CSCve87941hydra oeap local client can't get ip
CSCve89496AP stops servicing clients
CSCve92259Cisco 3800, 2800: APs start beaconing during CAC period if AP boots up in DFS channel
CSCvf444972800/3800 FLEX - If there is no RSN IE, yet the AP is advertising both HT and VHT IEs
CSCve99696CPU ACLs are missing after the WLC reload.
CSCvf23182Radio parameters become blank after setting channel width to 40-above
CSCve26965AP2800/3800 Last Reload Reason incorrectly showing as Reload Cmd for AP BootScript
CSCvf470172800/3800 - not able to boot and get stuck "BootROM: Image checksum verification FAILED"
CSCva69083Controller drops NMSP packet from MSE
CSCvf32021WLC not marking TID in capwap for TSPEC/TCLASS client after roam it is marked
CSCve26935Cisco 2800, 3800 AP displays low throughput for IPv4 TCP with Windows 10 Creator
CSCvc30828AP does not allow world mode to be set via GUI on 15.3(3)JD
CSCvf30881after changing AP capwap v4 to v6 AP name is changing to default MAC name
CSCvd78495Failed to get ARP entry due to Aquantia PHY driver not loaded

Resolved Caveats

CSCva50180AIR-CAP1602I-E-K9 stopped working
CSCuy29182Peer Upload:No progress status, no error, normal Upload error misleading
CSCuz97296AP3500: Client Pak stuck during Payload Encryption
CSCva27419Channel changed trap with Unknown Radio Type on dual band radio
CSCva59172RF - Profile paramaters are not pushed for optimised roam
CSCva87833AIR-CT8510-K9 crashed
CSCvb14702client couldn't join if it sends two assoc at the same time
CSCvb57793AP does not fragment EAP cert correctly
CSCvb71347WLC multicast config not coherent for code upload/download
CSCvb86237Cisco 8510 WLC stopped working Task Name: TempStatus
CSCvb89967Rogue reports don't have source mac address populated
CSCvb90235Cisco3700 WGB inconsistently facing joining issues because of no probe response by 3600-11ac root AP
CSCvc07674WLC sends ciscoLwappApAssociated trap twice when AP2800 join
CSCvc1767883MR1: wrong "enable global mDNS snooping" message when clinking apply on barbados edit
CSCvc18786WLC stops working during multiple login sessions either with local user or with TACACS+
CSCvc19987Fresh WLANs not getting broadcast in AP3802
CSCvc24104Rx-SOP threshold failed to set with AP model 1852/1700/1815/1830
CSCvc24917Defect of msglog corresponding to 'AP Message Timeout: Max retransmissions reached on AP ...'
CSCvc28035clDLApBootTable shows blank when WLC has 2800I AP
CSCvc35183CISCO-LWAPP-CLOUD-SERVICES-MIB: Parse errors like bad month and undefined objects
CSCvc37641AP 700 doesn't provide SSH access in wips submode for flexconnect
CSCvc51637802.1x CCKM roams fail on WGB at GTK key rotation
CSCvc51666Cisco Wave 1 AP transmits on disabled rate 24Mb
CSCvc55430WLC HA redundancy management interface not reachable for a short time after failover
CSCvc56757WGB HSR 11v neighbor report validation fails when Infrastructure MFP is enabled
CSCvc61795IP call setup fail after L3 handover happens during call among 1832
CSCvc677051815 : Flex efficient predownload failed
CSCvc71537WLC profiles 7925 incorrectly
CSCvc727248510 AP SSO stopped working on portalProcessLogout
CSCvc846371810W sending invalid AC_NAME when WLC hostname is 31 bytes long
CSCvc85158AP Group configs not retaining during upload and dowlnoad config.
CSCvc90036Unable to convert CAPWAP AP to Mobility Express
CSCvc93377Tracebacks and MFP queue logs filling up the msglog on WLC.
CSCvc94704WLC crash due to task dtlArpTask
CSCvc96076Cisco WiSM2 HA - standby stopped working with task name spamApTask2 in ideal state
CSCvd09507Rogue rule substring-ssid turns invalid on WLC when user configured SSID is included in PI template
CSCuc78713dWEP client cannot receive broadcast after broadcast key rotation
CSCuy75333Cisco 2504 WLC config restoration fails due to multicast mode command
CSCuz59858AP 3500(SC1), client association failure - R2H Buffer full
CSCvd16346WLC memory corruption occurs when TACACS+ responds with unknown attributes
CSCvd23185WGB wired clients not seen by WLC
CSCvd23301WLC GUI trapflags for client association with statistics does not display correct configuration
CSCvd23902Cisco 1532AP: root bridge drops packets from non-root bridge in non-native VLAN
CSCvd26885Unit of probe suppression hysteresis should be 'dB'
CSCvd28374Cisco 802AP incorrect base radio MAC assigned not ending with zero results in only one BSSID support
CSCvd304862800/3800 - Radio incorrectly shown as disabled due to PoE
CSCvd31705AP: Offchannel cleanup in IRQ context can trigger an indefinite loop if sensorD owns the radio
CSCvd35885ME2800 Crashes with Task Name : capwapSocketTask
CSCvd36190Cisco 5520 WLC stopped working with taskname haSSOServiceTask6
CSCvd37522show run-config commands: incorrect index numbers for RADIUS Accounting Servers
CSCvd42669Cisco 2500 WLC stopped working
CSCvd44909Client traffic dropped in Anchor foreign AirOS setup with new-mobility if foreign client behind NAT
CSCvd45744Customer reports that AP reboots after 4 hours while doing site survey
CSCvd56588In 2800 and 3800 series APs, incorrect RSSI values are displayed when client associates to XOR radio
CSCvd61468Custom mDNS profile is not saved on the WLAN config after the reboot
CSCvd62184AP3600: Radio reset /w reason reqsema on 8.3MR2
CSCvd62568XML validation is failing for the AVC profile
CSCvd67730Client fails PSK SSID authentication after master AP reboot (EAPOL M3 not sent on 4-way handshake)
CSCvd68141WLC stopped working at task nmspRxServerTask
CSCvd72131Cisco 7500 WLC in flex-mode stopped working after the SNMPTask Reaper reset
CSCvd74297AP3800/2800: Extended core dump CLI is not persistent
CSCvd79511Radius Admin mode goes for Disable state in LTB setup
CSCvd80240FlexConnect AP sends associate response with wrong HT capabilities
CSCvd80508LAN ports of the 1810W AP are stuck on Admin-Down after modifying RLAN settings
CSCvd86566Client with incorrect NAI realm gets Access-Accept from Radius Server
CSCvd90377WLC is applying wrong ACL to clients when doing CWA
CSCve02210SNMP OID that is used to monitor WLAN status for FT is returning wrong results
CSCve02585Webauth login page is not showing up after enabling TLS1.2 on WLC
CSCve02612HA-Config sync fails on standby when flex AP configs are modified
CSCve02689Silent reboot is observed after the memory usage goes up to 85%
CSCve05507Retransmit configuration is not reflected when new 1800, 2800, and 3800 series APs join the WLC
CSCve13779AP2802 Rogue Detection config changed back to "Enabled" after AP reboot
CSCve20123Corrupt voice packets are observed when a client with an active call does an inter-AP roam
CSCve208258.5 rf-group  member ip address  updated as reverse in config
CSCve22001ME Default value of Wlan param is cahnged after config restored
CSCve24687Channelization issue occurs when Cisco 3802 AP reverts to channel 36 for 75% of APs at a site
CSCve27826WLC-8510  -  Transfer failed on both active/standby
CSCve33506Client EAP-TLS handshake does not succeed with the Cisco 1830 AP
CSCve35431Downstream QoS 802.11 UP marking does not work for Flex AVC profile
CSCve37579Cisco 3800 AP stops working due to WIPS kernel panic
CSCve37770Cisco 5508 WLC stops working when AP's radio CLI command is executed
CSCve45744Cisco 1850 AP stops working due to memory leak in slab SUnreclaim
CSCve49741Cisco WLC fails to send SFTP and FTP when using untagged interfaces on different ports
CSCve52807crash standby WISM with task name 'rsyncmgrIpcqTask' on
CSCve61049Radio resets in Cisco 2700 AP
CSCve63497Cisco WLC stops working with Task Name emWeb when timer changes
CSCve63755Cisco WLC running Cisco APs fail to join the WLC if it has LSC enabled on it
CSCve63800Prime Infrastructure does not show all WLANs when querying MIB bsnAPGroupsVlanMappingSsid
CSCve66007Cisco 8540 WLC stops working with Task Name emWeb
CSCve66630Clients cannot connect to Cisco 3800 AP when configuring TKIP only WLAN and PSK with central auth
CSCve68787Cisco AP is not transmitting out the de-auth frame over the air that was received from the WLC
CSCve75022Cisco WLC does not apply QoS tag upstream from foreign to anchor
CSCve76202WLC IPv4 CPU ACL is applied as IPv6 CPU ACL during backup recovery or SSO failover
CSCve80178AP 3800/2800: TPC implement not advertising same WLANs (different AP Group)
CSCve8391532 chars match role string is not  accepting in cli unlike gui
CSCve86609Dynamic interface default gateway must not be configured to "" in CLI
CSCve89758vWLC code download fails with HTTP mode
CSCve90085Active WLC in HA pair crashes with task apfRogueTask_0
CSCve96310Cisco WLC installs certificate without a password. However, WebAuthentication fails.
CSCve96480IOS AP stopped working when it is changed from sensor mode.
CSCve98892DNS lookup for RADIUS/TACACS fails because it is queried before the physical port is up
CSCvf03782WLC stopped working on emWeb with "ewaFormSubmit_file_upload" in stack
CSCvf050461800/2800/3800 AP Correction in unit of antenna gain in show controller output
CSCvf09441pmipv6 MAG is not initialized in the backend
CSCvf09458Cisco 2800/3800 series XOR radios are not moving to 5GHz or Monitor mode
CSCvf15991Client data traffic drops when AAA override and link-local-bridging are enabled due to timing issue
CSCvf16629The OUI string updates properly in Cisco 5508 WLC but disappears after a reboot
CSCvf17488WLC crash with task name: mmMaListen on
CSCvf31894Backout changes - CSCvc78546 that leads to CSCve20123
CSCvf33081WLC running is not accepting IPs for NetFlow exporter when ending between .223 - .255


Release Interim (8.0MR5)

We are pleased to announce Interim Release for 8.0MR5.

Please Register at below link to participate.

Once Requested for the Access on above link, Permission will be provided to download the Code from below link within 24 hours.

Please select filter as 80MR5Interim

Please feel free to provide any feedback at below link:

Resolved Caveats

Identifier Headline
CSCuc78713 dWEP client cannot receive broadcast after broadcast key rotation
CSCuq28038 Hop2- multiple attempts to rejoin WLC in very-fast convergence
CSCuq86263 False DFS detection on 1600
CSCur37829 AP Mgmt through non native vlan - WGB clients doesnt join the AP
CSCur63031 AP error: %ENTROPY-0-ENTROPY_ERROR: Unable to collect sufficient entropy
CSCur68316 802AP-891 in flexconnect mode are losing vlan mapping after power cycle
CSCus83638 5-GHz radio on Cisco AP beaconing but not accepting client associations
CSCuu08012 AP2700 CleanAir sensord died (src/dspm_main.c:389) - slot 0
CSCuu98142 AP1242, AP1131 cannot function as mesh Root AP
CSCuv33255 AP CDP neighbor information is missing/outdated
CSCuw29539 AP running lightweight IOS will not discover WLC using DNS
CSCux90031 intermittent multiple packet/ping drop between RAP and MAP 1572
CSCuy13829 AIR-CAP2602I crash on dot11_pmkid_timeout
CSCuy32349 NDP timer change for 7.6 parity
CSCuy53596 CleanAir fatal error and radio reset on Flex+Bridge AP
CSCuy63094 1572CM AP Not sending Option60
CSCuy93000 SC2 Radio Randomly sending Corrupted timestamp BCN on Hidden SSID
CSCuy94534 3700/2700 on DFS dont see 3700/2700 as neighbor when Rxsop High/Med/Low
CSCuz20714 WLC crashes on emWeb with Reaper Reset
CSCuz22367 3502 AP crash in "LWAPP RM Receive process"
CSCuz47559 error saving config file happens on multiple 2702
CSCuz49804 Fix AID leak problems
CSCuz72994 FT clients reassociation denied leading to full association
CSCuz79051 WiSM2 crash in ewaFormServe_multicast_detail
CSCva03376 UX-AP3702i After primed carrier set 5GHz only allowing four UNII3 ch
CSCva27711 FlexConnect: AP radio reset during FT when Central DHCP is enabled WLAN
CSCva28211 AireOS UX AP : 'JP' should be used as world mode in Beacon/Probe Res
CSCva36161 1600AP crash while 11w client connect/disconnect
CSCva41482 Autonomous AP does not forward ARP requests to client on tag VLAN
CSCva50180 AIR-CAP1602I-E-K9 stopped working
CSCva50196 Memory corruption EAP for Mesh
CSCva54211 IPsec tunnel of WLC with Linux Peer fails for AES128
CSCva56521 8.0MR4, 1600 AP False DFS detection
CSCva65826 Wireless LAN Controller reboots unexpectedly
CSCva72044 BZ1388: 1572 mesh AP with no distance command implementation.
CSCva77451 AirOS WLC Local Auth EAP handler leak
CSCva83884 WLC System crash on aaaQueueReader
CSCva87295 Flex AP radio reset during FT with Central dhcp and Nat-pat enabled
CSCva92615 Access Point antenna gain changes to 0dBi randomly
CSCva98597 Emweb task stuck at 100% CPU usage
CSCvb18339 DTLS connection failed because max control dtls connections reached
CSCvb18427 DNS ACL allowing more URLS than the ones defined on
CSCvb19729 WLC crash - Task name EAP_Framework_0
CSCvb20553 Coa for session timeout not working using free radius server
CSCvb21254 80MR4:AAA override vlan lost on intercontroller roaming
CSCvb33101 702w Ethernet stop passing traffic.
CSCvb35018 Wism 2 crashes with task mdnsHATask
CSCvb44979 WLC Local EAP with 7925 Handshake Failure
CSCvb48354 RRM Not updating as per configured on WLC
CSCvb48603 Evaluation of wlc for Openssl September 2016
CSCvb57803 Crash on apfMsConnTask for 802.11v BSS Transition Support
CSCvb67724 5508 is going out of memory
CSCvb69962 Client traps not showing session ID's
CSCvb73104 AP 1600: Radio d1 reset: FW: irq/mac stat=40000/10000000 command timeout
CSCvb76654 Clients not getting excluded on max EAPid timeouts; reassoc rejected with reason 12
CSCvb77649 PI 3.1.3 DP4 Identifies IW3700 as 1850E
CSCvb80511 CWA is not working for flex-bridge APs pointing ACL rx from Radius doesn't exist
CSCvb92562 Evaluation of all for Openssl 1.0.1 September 2016
CSCvb93189 AP drops Retransmitted M3 from WLC
CSCvb94716 WLC crashing at task:spamReceiveTask running
CSCvb95842 WLC system crash on spamApTask
CSCvb97456 80MR4: SSH on FIPS 140-1 is not compatible with older clients, SSH high disable does not work
CSCvb99468 AirOS WLC crashed in emWeb when serving an EmWebForm exclusion-list
CSCvc04089 2700 series AP radio resets reason code 71 RADIO_RC_NO_REPORT
CSCvc08052 DFS false detection on AP2700
CSCvc23658 Clients not removed from flexconnect and capwap in APs flexconnect central-sw
CSCvc33258 WLC: Unable to config RX-SOP threshold for IW3702 AP
CSCvc33793 WLC tears down connected AP due to unequal loadbalance between SPAM queues high load
CSCvc40267 WLC sends wrong VLAN for AAA overriden client re-associating to AP belonging to FlexConnect Group
CSCvc45620 WLC crash in SNMPTask due to missed software watchdog
CSCvc52093 WLC send deauth 17 to phone in 4-way handshake
CSCvc52619 Local EAP do not support any of ciphers, used by 8821 phone
CSCvc62481 WLC 7500 HA crash on upgrade to with Task Name: spamApTask
CSCvc65675 WLC: Constantly increasing memory consumption by SNMPTask
CSCvc74507 Fix incorrect commit of CSCuu59589 in 8.0-mr
CSCvc82053 The nmsp info/probe notification queue is saturating
CSCvc82559 WLC 5508 reaper rest crash on several tasks.
CSCvc94648 Evaluation of wlc for OpenSSL Jan 2017
CSCvc99928 AP changing UP marking from 6 to 0 for downlink traffic after 802.11r roam with 8821 phones
CSCvd15742 AP crash with %ENTROPY-0-ENTROPY_ERROR: Unable to collect sufficient entropy
CSCvd18025 Anchor1 WLC does not free client sessions after client roaming to Anchor2 WLC-client entries stale
CSCvd21155 WLC stopped working when multicasting traffic and accessing WLC GUI
CSCvd28374 AP802 incorrect base radio MAC assigned not ending with zero causing to only support one BSSID
CSCvd44446 Retried EAP Response Dropped as a duplicate while First EAP Response was not even received on the AP
CSCvd50044 System stopped working multiple times on ping rx task
CSCvd67178 Anchor not deleting webauth req client beyond webauth timeout
CSCve36706 AP Exclusionlist Can't Clear after Exclusion timeout
CSCve57139 for 8.0 code, add capability to disable CBC crpto options for SSH
CSCve76202 WLC IPv4 CPU acl is applied as IPv6 CPU acl during backup recovery or SSO failover



New version WLCCA 4.4.3:


  • Support for 802.11FT adapative state
  • WLAN name for message "mDNS profile is configured in WLAN.."
  • Improved logic for message "General: The IPv6 Multicast/Broadcast mode is on Unicast.", to only report if IPV6 is enabled, and mcast/base fw is in use
  • Flex group name in message "Flex: Efficient AP upgrade is not enabled for Flex group:"
  • Improved logic for message "General: Aggregation scheduler disabled", now checks if 11n/ac is enabled, and the message includes band affected
  • Added interface name for message "General: DHCP enabled on the interface, but DHCP IP is not configured.", also improved logic to skip if the interface is a wired guest type
  • Added wlan name to message "General: 11v is enabled, it is recommended to have the MFP infrastructure disabled."


  • Incorrect parsing of DHCP proxy state
  • Incorrect handling of NTP sync status
  • Radius server parsing
  • Incomplete parsing of DCA/TPC/ED-RRM status
  • Proper detection of lag mode for UCS platforms
  • Typo for message 30063
  • Fixed parsing of 802.11b aggregation scheduler
  • Modified message "Platinum QoS settings are not set to 802.1p 5 or 6, check in Controller QoS Profiles" to use 5 or 6, instead of 6 or 7


For a bigger project I had to setup a smaller PMIPv6 test lab (see attached picture). There are only two APs, 3 ISR 2911/K9 acting as MAG and LMA and some Ubuntu 16.04 LTS hosts.

So far PMIPv6 without WLC works except Radius authentication from MAG to AAA.

  1. MN associates with AP2 using pre shared key WPA2-PSK. AP2 is configured to act as wireless bridge.
  2. After MN successfully associates with AP2 its wlan0 interface comes up and Linux IPv6 stack sends a Router Solicitation (RS) which is recognized by MAG2 as a PMIPv6 attachment trigger.
  3. MAG2 is configured to send a Radius access-request to the AAA server to provision MN properties like home prefix etc.

Now problem is that MAG2 sends a Radius Access-Request without User-Name attribute which is required by AAA server. The Access-Request looks like this:

User-Password       [2]   18  *
Calling-Station-Id  [31]  19  "2c-4d-54-61-e4-48"
Service-Type        [6]   6   Outbound                  [5]
NAS-IPv6-Address    [95]  18  2001:DB8:1009::1
Nas-Identifier      [32]  9   "router3"

How can MAG2 be configured to include MNID in Access-Request as User-Name attribute?

These are the relevant parts of MAG2 config:

interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
 ipv6 address 2001:DB8:1009::1/64
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
 ipv6 address FE80::200:5EFF:FE00:5213 link-local
 ipv6 address 2001:DB8:1019::F/64
 ipv6 nd ra interval 5
interface GigabitEthernet0/2
 no ip address
 duplex auto
 speed auto

! RADIUS configuration 
aaa new-model 
aaa group server radius AAA-GROUP-PMIP 
 server name AAA-SERVER-PMIP 
aaa authorization commands visible-keys 
aaa authorization ipmobile default group AAA-GROUP-PMIP 
aaa session-id common 
radius-server attribute 6 on-for-login-auth 
radius-server attribute 8 include-in-access-req 
radius-server attribute 32 include-in-access-req 
radius-server attribute 31 mac format ietf 
radius-server attribute 31 send nas-port-detail 
radius-server attribute 31 remote-id 
radius-server attribute wireless authentication callStationIdCase lower 
radius-server attribute wireless authentication mac-delimiter colon 
radius-server attribute wireless authentication call-station-id macaddress 
radius server AAA-SERVER-PMIP 
 address ipv6 2001:DB8:101::2 auth-port 1812 acct-port 1813 
 key xxxxxxxx
! PMIPv6 domain 
ipv6 mobile pmipv6-domain dom1 

! First ask AAA (Radius) server when a MN connects for its 
! properties. If this fails (either if AAA server not reachable or 
! AAA server rejects access-request) try fallback with local NAI's 
! (see below) 
! NAI for a given MN as MAC@realm 
! @realm is only used if append profile in pmipv6-mag interface section is 
! used AND a default profile is used AND the default profile NAI includes a @realm 

! If this NAI is left COMPLETELY blank then all attributes from 
! the default NAI are copied over at first connection from this MN.  
! After this the running config is altered to contain default NAI's attributes. 
! See enable pmipv6 default ... entry in ipv6 mobile pmipv6-mag ... section 
! Default NAI including @realm 
  lma lma1 
  service ipv6 
ipv6 mobile pmipv6-mag mag2 domain dom1
 discover-mn-detach poll interval 60 timeout 5 retries 3 
 address ipv6 2001:DB8:1009::1 
 binding maximum 200 
 binding lifetime 8640 
 binding refresh-time 360 
 no generate grekey 
 interface GigabitEthernet0/1 
  enable pmipv6 default 
  append profile 
 lma lma1 dom1
  ipv6-address 2001:DB8:1009::F 

For more infos and console logs please see also:


Eap- TLS is a sort of EAP method to authenticate client with the certificate without use of usern-ame an password.

Below example is to use EAP-TLS with controller

EAP-TLS requires digitally signed certificate to authenticate clients. Certificate required on controller. 1. Device Certificate issue to WLC. To generate the device certificate. And download it to the controller it is vendor device certificate using command line or GUI.In GUI select the download vendor device certificate option (TACLAB)transfer download mode tftp (TACLAB) >transfer download datatype eapdevcert (TACLAB) >transfer download path . (TACLAB) >transfer download filename final.pem (TACLAB) >transfer download certpassword check123 (TACLAB) >transfer download serverip (TACLAB) >transfer download start 2. Root Certificate of a CA. If you have root ca certificate on device ,you can export it using the Firefox. Path- browser>>Advance>>Encryption>>view certificate>>Export.>>>save it as x.509 file type certificate. E.g-test.crt And download it the controller.It is ca certificate.In GUI select the (TACLAB)transfer download mode tftp (TACLAB) >transfer download datatype eapdevcert (TACLAB) >transfer download path . (TACLAB) >transfer download filename final.pem (TACLAB) >transfer download certpassword check123 (TACLAB) >transfer download serverip (TACLAB) >transfer download start . Root-CA certificate should be installed on controller as well as clients. Now configure a profile with EAP-TLS on controller and inherit it to the SSID under advanced section To configure local eap profile below is the document.

1 Comment

The old version of open ssl 0.9.8h referenced on the cert generation doc doesn't work (if you enter a password in the CSR process).

Will work on updating link.

Working exact steps with v1.1.0c:

Confirmed working CSR with openssl, Windows 7 64 bit machine.


Win64 OpenSSL v1.1.0c

Windows Dos prompt:

cd C:\OpenSSL-Win64\bin


req -new -newkey rsa:1024 -nodes -keyout mykey.pem -out myreq.pem -config C:\OpenSSL-Win64\bin\cnf\openssl.cnf

C:\>cd C:\OpenSSL-Win64\bin

OpenSSL> req -new -newkey rsa:1024 -nodes -keyout mykey.pem -out myreq.pem -config C:\OpenSSL-Win64\bin\cnf\openssl.cnf
Generating a 1024 bit RSA private key
writing new private key to 'mykey.pem'
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:NC
Locality Name (eg, city) []:RTP
Organization Name (eg, company) [Internet Widgits Pty Ltd]:TAC
Organizational Unit Name (eg, section) []:HTTS
Common Name (e.g. server FQDN or YOUR name) []:WLC-1
Email Address []

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:password123
An optional company name []:cisco
OpenSSL> quit

C:\OpenSSL-Win64\bin>dir *.pem
 Volume in drive C has no label.
 Volume Serial Number is 1496-D193

 Directory of C:\OpenSSL-Win64\bin

01/06/2017  10:55 AM               932 mykey.pem
01/06/2017  10:59 AM               750 myreq.pem
               2 File(s)          1,682 bytes
               0 Dir(s)  304,623,710,208 bytes free

1 Comment

CA generated SHA2 certificates have been supported since WLC code 7.0.250.

The ability for a WLC to generate a SHA2 Self Signed Certificate was introduced in, and 8.3.102 via the following enhancement bug:
CSCuz47863 SHA256 self-signed cert for WLC web admin