New advanced features

Improvements

Archive less than 1 day

The request platform software trace archive last command has been enhanced to archive all the trace logs relevant to all the processes running on a system.

FIPS 140-3 Compliance

This release enables all COS APs to achieve FIPS 140-3 compliance, ensuring adherence to security standards. The Cisco Catalyst 9800 controllers, however, are FIPS 140-2 compliant.

Improve Crash Data Collection, Kernel Panics, Out of Memory

A new command is introduced to limit the number of kernel core dumps collected on the AP: core-dump kernel limit

Intelligent Capture (iCAP) Hardening

This feature aims at making troubleshooting for wireless clients and APs easier.

MacBook Analytics

This feature is supported on the controller when the MacBook device sends 11k action frames along with the model information.For more information, see the chapter Device Analytics.

Mesh Support in Cisco Catalyst 9130AX Series Access Points

From this release, mesh support is included in the Cisco Catalyst 9130AX Series Access Points.All traditional capabilities of mesh are included in the Cisco Catalyst 9130AX Series APs operating in Cisco IOS XE Dublin 17.12.1.For more information, see the chapter Mesh Access Points.

Rogue Channel Width

From this release, you can specify the channel width and the band for rogue detection. The following command is introduced: condition chan-width

Rogue PMF

From this release, the controller will contain rogue APs with 802.11w Protected Management Frame (PMF) on centrally switched WLANs.The following commands are introduced: rogue detection containment pmf-denial and pmf-deauth

Software Entropy Enhancement for FIPS 140-3

From Cisco IOS XE Dublin 17.12.1 onwards, Federal Information Processing Standard (FIPS) 140-3 is supported as a security standard to validate cryptographic modules.

New and Modified GUI Features

Rogue Channel Width

Configuration > Security > Wireless Protection Policies > Rogue AP Rules