Cisco Industrial Wireless 3700 Series Access Points
Cisco Catalyst Industrial Wireless 6300 Heavy Duty Series Access Point
Cisco 6300 Series Embedded Services Access Point
Software Compatibility Matrix
Cisco Catalyst 9800 Wireless Controller Software
Cisco Identity Services Engine
Cisco Prime Infrastructure
Cisco AireOS IRCM Interoperability
Cisco DNA Center
Cisco DNA Spaces Connector
Cisco DNA Spaces – On-Premise (CMX)
ISE 2.4 + latest patch
2.6 + latest patch
2.7+ latest patch
3.0 + latest patch
DNA Space Connector
The section below provides information about the key new features and enhancements in the 17.6.1 release.
ROW Regulatory Domain
This innovation helps to reduce the number of regulatory domains by modifying the existing pre-provision domain workflow to determine regulatory domains at runtime. Traditionally we supported 18 regulatory domains which have now been reduced to 8 with a bunch of them being included in ROW or the rest of the world. So, there are 7 non-row domains, and the rest are part of ROW. It is being released with the 9124 AP. Once it is on-site it will come up in 2.4 GHz only and will be allowed to join the controller. Once it joins the controller it will either have the country code configured in an AP profile or will be manually set by the user.
WLAN Wizard and Walk Me Through
With Cisco IOS XE 17.6 Release, a WLAN Wizard is available under the Wireless Setup icon. This wizard eases the process of creating WLANs for Local Mode, FlexConnect Mode, and guest access by guiding the user in a step-by-step workflow. The following WLAN types are supported through this wizard.
Central Web Auth
Central Web Auth
The second UI enhancement driving adoption is the Walk me Through Workflow and this is essential to aid the configuration of complex, multi-step, multi-object workflows such as AAA, FlexConnect site, 802.1x authentication, local web auth, QoS, and open Roaming that is more involved than a single-entity creation.
AP Tag Persistency
Currently, for the policy, site, and RF tags to be preserved on APs when moving from one WLC to another, the AP to tag mappings would need to be configured identically on each WLC. Otherwise, the tag configuration would need to be written to each AP individually, using a CLI exec command. Using this method, the AP would keep the configured tags when joining any WLC given that target WLC has the necessary tags configured. However, for deployments with many APs, individually writing the tag configurations to each AP is not practical and adds unnecessary management overhead.
With 17.6, AP tag persistency can be enabled via UI or CLI. Whenever APs join a WLC with tag persistency enabled, the tags mapped to it will be saved to the AP without having to write the tag configurations to each AP individually.
Control Plane Traffic on Service Port
In the 17.6 release the dedicated Service Port Gi0 on the C9800 appliance can be utilized to segregate the control traffic on WLC C9800 platforms so the control traffic flows on the service port and the data traffic on the dedicated data ports. This will be supported on all standalone appliances such as the 9800-40, 9800-80, and 9800-L. The protocols supported are LDAP, SNMP, RADIUS (CoA), Restconf, Netconf, TACACS, gNMI, NTP, SYSLOG, NetFlow, File transfer, SSH/HTTP, and FQDN.
Twinax/AO SFP Support
The following Twinax/AO SFPs are now supported in addition to the existing ones already supported on the 9800-40 and 9800-80
Interface Status of Standby controller through Active using SNMP
In Release 17.3 we introduced monitoring the health of the standby controller in an HA pair using programmatic interfaces (NETCONF/YANG, RESTCONF) and CLIs without going through the active controller. This included monitoring parameters such as CPU, memory, interface status, power supply failure, fan failure, and temperature. With 17.5 we brought in a lot more support to monitor the standby via the active controller and made some enhancements to the capabilities available via the standby directly.
Specifically, new MIBs and traps that were previously not supported such as the Hot standby notification trap and Bulk sync trap, show environment CLI to display sensor information, getting sensor information using programmatic interfaces, and getting the power, fan, and RP sensor information using SNMP SENSOR MIB
With 17.6 we take it a step further and allow monitoring of the interface entries on the standby via the active controller using SNMP, adding to the standby monitoring capabilities as more and more customers are looking for a way to get the health of the standby at all times. The Wireless Management interface, Redundancy Management Interface as well as the Service Port (Device management Interface) can be used with SNMP on the Active Controller.
SSID per radio on Dual 5GHz
As you know - Dual 5 GHz is possible with the XOR Radio on some of the Wave 2 APs and the 9120 11ax access point. You can use manual configuration or FRA auto to move slot 0 from 2.4 GHz to 5GHz making it a dual 5GHz AP. In addition, on the 9130 and 9124, with the tri-radio capability, it is possible to turn the 8x8 5GHz radio into two 4x4 5Hz radios.
This capability has enabled some use-cases that were previously not possible such as, the ability to assign a separate WLAN to each of these 5gHz radios. This is usually done to separate a development network from corporate resources or providing a separate guest network without impacting the enterprise network's capacity.
aWIPS Signature Enhancement and Syslog Support
In the Cisco IOS XE Amsterdam 17.3.1 Release and earlier releases, 10 signatures were supported. In the 17.5.x release, 15 additional signatures were introduced. With 17.6, we now have support for 2 new alarms which are for the detection of CTS and RTS Virtual Carrier Sense attacks.
A wireless denial of service attacker can take advantage of the privilege granted to the RTS (Request to send) and CTS (Clear to send) frames to reserve the RF medium for transmission. By transmitting back-to-back CTS and RTS frames and basically flooding them, an attacker reserves the wireless medium and forces other wireless devices sharing the RF medium to hold back their transmissions. With 17.6 we detect when an attacker configures a large duration value of >=20ms in RTS/CTS frames and generates an attack of at least 25 frames/second - these are classified as the RTS and CTS Virtual Carrier Sense Attack (with Alarm ID: 10026 and 10027). The duration field in RTS/CTS indicates the duration for which the medium is to be cleared for data frame transmission and RTS/CTS attacks with large duration values can hog the Wi-Fi medium and make the APs and Clients not able to transmit Wi-Fi frames.
With this release, we also support aWIPS alarms to be logged as Syslog events, when such an alarm is detected.This helps customers who may not have access to Cisco DNA Center and need an alternate way to consume the alarm data. The alarms can be seen in the logging history of the Catalyst 9800 WLC or can be exported as Syslog messages when an external Syslog server is configured.
Randomized & Changing MAC
Traditionally wireless clients used to associate to the wireless network using the burnt-in address (BIA) or also called real MAC or UAA universally administered address. The use of this burn-in address everywhere raises the question of end-user privacy as the end-users could be tracked with WIFI’s MAC address. To improve the privacy design of the end-user products, Apple, Android, and Windows are now enabling locally administered MAC address (LAA) or local mac as we refer to for WIFI operation. The problem for the network admin becomes tracking these clients and several features that rely on MAC addressees such as mac filtering, web-auth using mac filtering, iPSK, static DHCP binding, WIFI location, user-defined network (UDN) just to name a few.
With phase 1 in release 17.5, we introduced the ability to Identify the random mac usage and provide the visibility for easy detection of issues and troubleshooting on WLC and DNAC and the ability to control the client join and access to Wi-Fi Network using RCM which can be achieved through WLC and ISE integration using the URL portal redirect. We have the ability to deny the clients that are using LAA or Random MAC.
With phase 2 in release 17.6, we are introducing something called DUID - device unique identifier. This involves introducing a DUID/GUID in the certificate, which gets presented to ISE during auth and ISE extracts this ID and maintains a mapping of ID to MAC address. This way a client is always identified by its DUID no matter what private MAC it uses to connect.
The C-ANT9104 antenna is designed specifically to solve challenges encountered in stadiums/large public venues/high client density environments.The antenna comes complete with a pre-installed Cisco Catalyst C9130AXE series AP and is ready to install a mount and hang out of the box.There are no field serviceable upgrade options or need to access the internal AP.
Proper testing of this antenna requires long-distance coverage (50-200 feet distance to users).The antenna is designed to be mounted on the ceiling as well as from the walls or angles from the overhead to achieve the desired coverage. Coverage should be insured using appropriate measurement tools (Ekahau, iBwave) or other tools supporting reliable active measurement.Validating cell isolation and performance characteristics requires similar numbers of users and devices as expected during normal operation.Please test with as much load and distance as is possible.
The C-ANT9104 is a dual-band antenna supporting one 2.4 GHz 4x4 radio and dual 5 GHz 4x4 radios in the following configurations:
Fixed coverage at 75 x 80 degree beamwidth @ 7 dBi gain
Narrow – 25 x 25 degree @ 10 dBi Gain
Beam Steering - angles of 0, 10 or 20 degree @ 10 dBi gain
I am not sure what I have misconfigured but this only happens over the data center hosted FlexConnect controllers, any AP model. When I migrate an AP to the 9800 controller which is on code 17.3.3, the image always takes an hour to download to the AP even...
I need to buy a new switch to support APs in a new area. This particular switch will just support APs. Initially, they will be local mode CAPWAP APs, but in the future they will be part of an SDA fabric. Any limitations if I use a ...
I have a test network that I am using for my wireless certification. I have a Cisco 5508 WLC and a Cisco LAP 1262N access point. The certificate on the access point has expired. The software version of the WLC is 22.214.171.124. When I run this com...
Hi Guys! After a country code change on a Cisco Aironet 2800 Mobility Express AP witch i´m also using as a controller, the option for radio 2 in order to use dual band disappeared from the AP option. &n...
Hi Team, We are using below Cisco firmware for WLC 9800L and cannot getting output for Cisco MIB OIDs. Can you help us for solving this issue ? Cisco IOS Software [Bengaluru], C9800 Software (C9800_IOSXE-K9), Version 17.4.1, RELEASE SOFTWA...