Fixed: Controller overwrites static AP location with Location Tag after upgrade

August 7, 2025

New Software Features
This section provides a brief description of the new software features introduced in this release.

Software Reliability
RMI Serviceability Enhancement - Enhanced Gateway Reachability Monitoring

• This feature improves visibility into gateway reachability and provides detailed statistics for ICMP, ARP, and ND probes. This feature also enables simplified troubleshooting, greater transparency, and more reliable diagnostics for High Availability, and RMI functionality.
• The following commands are introduced:
• `show platform software rif-mgr chassis active r0 gateway-statistics`
• `show platform software rif-mgr chassis active r0 resource-status`
  Software-Defined Application Visibility and Control (SD-AVC) Wireless Support with IPv6
• From Cisco IOS XE 17.18.1 onwards, this feature extends the support for adding IPv6 SD-AVC controller or end-point address.
• The following platforms are supported:
• Cisco Catalyst 9800 controllers–9800-40, 9800-80, 9800-L, 9800-CL, 9800-SW, CW9800M, CW9800H1, and CW9800H2.
• Cisco Catalyst 9300/9400 switches in Fabric mode.
• Cisco Wave 2, Wi-Fi 6/6E, and Wi-Fi 7 APs.
• SD-AVC IPv6 is not supported on Cisco Wireless AireOS Controllers, Cisco Embedded Wireless Controller on Catalyst APs, and Cisco Wave 1 APs.
  Wireless AAA Authentication Survivability Cache Enhancement
• The Wireless AAA authentication survivability cache feature enhances the reliability of wireless client authentication by storing successful authentication results locally on the controller.
• This cache includes details such as the client's MAC address, username, hashed password, and Attribute-Value Pairs (AVPs) received from the RADIUS server.
• This feature is supported in both Local and FlexConnect central authentication modes.
  Ultra Reliable Wireless Backhaul (URWB) – Software Integration on the Controller
• From Cisco IOS XE 17.18.1 onwards, the URWB technology is supported by Cisco Catalyst Controllers to provision and configure URWB devices from the controller.
• The URWB on Cisco Wireless is introduced as a beta feature and is intended for use by customers in testing and lab environments only. You should use caution when deploying the beta software.
  ThousandEyes Integration
• In this release, ThousandEyes Integration is only a limited customer beta feature and is not supported by Cisco TAC.

Ease of Use
Wi-Fi 7 Multi-Link Operation Support in Low-Power Mode for Cisco Wireless 9176 Series Access Points and Cisco Wireless 9178 Series Access Points

• This feature ensures seamless multi-link operations (MLO) under constrained power conditions (low-power mode), providing improved flexibility and efficiency for network operations.
• In the 17.18.1 release, this feature is supported on the Cisco Wireless 9178 Series Access Points.
  Access Point Live Data and Packet Capture Support – NextTunnel to APs from Meraki Dashboard
• In this release, the following command is added to help you view the Meraki connect information of a Cisco AP:
• `show ap name ap-name meraki connect`
  Per WLAN Wi-Fi 7 Toggle
• From Cisco IOS XE 17.18.1 onwards, you can enable or disable Wi-Fi 7 (802.11be) on individual WLANs, allowing both Wi-Fi 7 and non-Wi-Fi 7 WLANs to run simultaneously in the same band. A default 802.11be profile is created for all bands, providing greater configuration flexibility.
• The following commands are introduced:
• `wireless profile dot11be`
• `mlo-group {24ghz | 5ghz | 5ghz-sec | 6ghz}`
• `show wireless profile dot11be summary`
• `show wireless profile dot11be detailed`
• `show wireless tag policy detailed`
• `show ap wlan summary`
• `show ap name wlan dot11 6ghz`
  AP MAC Authorization – Delimiter Support
• From Cisco IOS XE 17.18.1 onwards, you can enhance security by configuring AP MAC authorization with different delimiters, ensuring only authorized APs connect to the controller.
• This feature supports AP MAC registration through an external RADIUS server and lets you adjust AAA server group settings for efficient management.
• The functionality of the following commands is enhanced:
• `mac-delimiter`
• `subscriber mac-filtering security-mode`
  Traffic Filtering on AP by Source IP ACL
• This feature enables APs to filter incoming data packets based on their source IP address. This is achieved when the controller pushes Access Control List (ACL) rules to the AP.
  E-Label Display
• From Cisco IOS XE 17.18.1 onwards, an E-Label display feature is introduced that allows you to view regulatory approvals for wireless APs digitally via the controller’s GUI, eliminating the need for physical modifications.
• This feature supports Cisco Catalyst Wi-Fi 6, Wi-Fi 6E, and Cisco Wireless Wi-Fi 7 APs.
  Support for 6-GHz AFC for Canada
• The Cisco Catalyst IW9167EH and IW9167I APs now support Standard Power mode using AFC in the -A (Canada) domain. These devices operate within the UNII-5, UNII-6, and UNII-7 frequency bands, covering a range of 5.925 GHz to 6.875 GHz.

Upgrade
Staggered AP Upgrade

• This feature enables you to gain enhanced control over AP upgrades, minimizing network disruption. We provide new configurations that allow you to set up smaller batch sizes for upgrades. You can either have a staggered update of 1% batch size or upgrade APs one at a time (serial).
• The CLI and YANG models support these options, allowing you to manage upgrades effectively across various scenarios while maintaining optimal network performance.
  Kernel Minidump and Trustzone Upgrade Support
• This feature enhances control over minidump collection on Wi-Fi 7 (802.11be) APs. A new option has been added to limit the number of kernel core dump directories stored on the AP.
• The following command has been modified:
• `core-dump kernel dir-limit`
• Support has been added for the following access points:
• Cisco Wireless 9178 Series Access Points
• Cisco Wireless 9176 Series Access Points

Compliance
6 GHz Country Support for Bahrain, Macau, Oman, Pakistan, and Philippines

• From Cisco IOS XE 17.18.1 onwards, Bahrain (BH), Macau (MO), Oman (OM), Pakistan (PK), and Philippines (PH) are added to the list of countries that support the 6-GHz radio band.
  Tier B/C/D/E Support for Cisco Wireless 9172I and 9172H Access Points
• From Cisco IOS XE 17.18.1 onwards, numerous countries support the Cisco Wireless 9172I and 9172H APs, enhancing functionality and broadening deployment options worldwide.
  Channel 144 Support for all Regulatory Domains
• From Cisco IOS XE 17.18.1 onwards, Australia (AU), Brunei (BN), Fiji (FJ), Macao (MO), New Zealand (NZ), Papua New Guinea (PG), Singapore (SG), South Africa (ZA), and Thailand (TH) are added to the list of countries that support channel 144 for all regulatory domains.

Resolved issues

• CSCwn17412: FlexConnect local switching traffic becomes centralized randomly during WebAuth SSID, causing client gateway reachability loss
• CSCwk26966: Cisco Aironet 3802 AP shows false radar detection on UNI-II only after upgrading to 17.12.3; not seen with Cisco Catalyst 9120 APs at same site
• CSCwm58430: Cisco Catalyst 9115 APs become unresponsive and randomly reboot due to Beacon Stuck Reset Radio after upgrade to 17.12.4
• CSCwn09549: Cisco Catalyst 9124 Mesh AP fails to join and intermittently disconnects from Cisco Catalyst 9124 Root AP due to dropped ADJ_RESPONSE packets
• CSCwn10606: Cisco Catalyst 9120 AP intermittently fails to report RFID packets to controller, causing missing tag reports
• CSCwn18885: Wi-Fi 6E/7 Cisco Catalyst 9136I AP reboots with Access Violation and reload reason 'unknown' without generating crash files
• CSCwn44287: The CAPWAPd cores seen on multiple Cisco Wave 2 and Catalyst APs in AP-17.9.5-47 with core decode attached
• CSCwn52205: IOX-APP starts before USB is detected when AP boots up after switch reload; extra logic needed to detect USB and create logical entry before starting IOX APP
• CSCwn66225: Non-ROW AP transmits invalid TX power IE in beacons, breaking client connectivity for Ukraine country due to missing MAX Power table
• CSCwn81268: IOX-APP starts before USB is detected when AP boots up after switch reload; needs increased system timeout for libvirtd
• CSCwn82037: Cisco Catalyst 9120AP intermittently fails to report RFID packets to controller, resulting in missing tag reports
• CSCwn83415: Cisco Catalyst 9124 MAP powered with 30W and joined to a Cisco Catalyst 9124 EWC RAP can enable Tri-Radio with EWC GUI, though Tri-Radio is not supported with 30W
  -
• CSCwn88092: Unable to view events for wireless clients in Client 360 section of Event Viewer, but events are visible under Issues and Events
• CSCwn92652: Radio ucode crashes observed multiple times daily in 9105 APs operating in monitor mode
• CSCwn96529: Unable to add country code "IN" for Cisco Catalyst C9136I-ROW AP in Site-Survey Mode, while other country codes work fine
• CSCwo08220: Cisco Catalyst CW9162I-E AP disjoins from CONTROLLER when ECDHE-RSA DTLS ciphersuite is activated; not reproducible with DHE-RSA ciphersuite
• CSCwo13129: UART msm kernel driver stopped working during DMA activity, resulting in kernel crash on Cisco Wireless 9176D AP in Local mode
• CSCwo38789: Cisco Wireless 9176 AP faces wcpd crash due to memory leak in RRM module on version 17.15.2
• CSCwo48539: Cisco Catalyst 9124 MAP powered with 30W and joined to a Cisco Catalyst 9124 EWC RAP can enable Tri-Radio with EWC GUI, even though Tri-Radio is not supported with 30W
• CSCwo60793: IOX app channel down due to IOX app and CAF app state mismatch; CAF shows app running while IOX app is deactivated
• CSCwo61838: Cisco Catalyst 9120 APs running 17.12.4 ESW13 crash due to OOM on GRPC process, with crash logs showing memory below threshold
• CSCwo76564: Memory leak observed in ble_transport process on AP models Cisco Catalyst 9130, 9136, and 9166 running 17.18.0.32
• CSCwp07242: Cisco Catalyst 9105 AP stops sending management frames over the air due to rxstuck, related to rx0 overflow error on 17.15.3
• CSCwp27215: Cisco Catalyst Cisco Catalyst 9124 AP in Mesh mode shows poor iperf performance for wired clients in FlexConnect+Bridge setup
• CSCwp34935: Cisco Wireless 9176 AP in site survey mode with non-US country code cannot enable radio, impacting wireless site surveys
• CSCwp68123: 802.11be APs downgrade DSCP 34 or AF41 QoS to Best Effort or Background for downstream traffic when over 20 clients are associated
• CSCwn43094: Locally switched RLAN clients missing from controller client table when client is already associated as AP joins
• CSCwn48978: AP configured for static IP continues to send ARP requests for DHCP IP address even after DHCP release packet
• CSCwn55534: IP Theft observed on wireless controller when client receives a second DHCP offer after DORA, due to multiple DHCP servers
• CSCwn61711: Cisco Catalyst 912X AP experiences PSM microcode watchdog fired and core dumps after about 12 days of continuous traffic
• CSCwn66085: Increased radar detection DFS events on Cisco Catalyst 9166I-ROW APs after upgrading to 17.15.1
• CSCwn73024: PKCS certificate enrollment fails to support special characters on WGB
• CSCwn83397: Wired MAP client flapping between VLAN 0 and numbered native VLAN on RAP
• CSCwn88567: Cisco Aironet 1815i AP: Syslog timestamps are not displayed correctly
• CSCwn92047: Cisco Catalyst 9105 AP EWC does not start after reboot, when internal AP is configured as 802.x supplicant
• CSCwn99070: Cisco Catalyst 9105 AP radio cores are not generated properl
• CSCwo04476: Cisco Catalyst 9130AX AP encounters kernel panic
• CSCwo05017: Unbounded /tmp causes OOM reset in Cisco Catalyst 9162 AP
• CSCwo14129: COS AP crash due to soft lockup in 17.12.4
• CSCwo16038: Cisco Catalyst 9124 AP WGB becomes unreachable connecting to Cisco Aironet 2800 Root AP when WMM is disabled
• CSCwo34769: Cisco Catalyst 91xx AP in FlexConnect mode not advertising RSNxE in probe response, causing 4-way handshake failure for certain devices
  -
• CSCwo37756: Cisco Aironet 1815T AP unable to assign Internal DHCP IP address on LAN3 after upgrade to 17.12.4 and factory reset
• CSCwo43801: Cisco AP duplicates DHCP request packets in FlexConnect mode with Central Switching WLAN, sending both to the server
• CSCwo46493: Cisco Catalyst 9136 AP reboots during Dual Ethernet Failover when reconnecting wired 0 port, instead of seamless traffic transition
• CSCwo53076: Syslog flooded with repeated "cli_h/avc" chatter messages during normal AP operation
• CSCwo53891: Cisco Catalyst 91xx APs reboot with incorrect reason 'Controller Last Sent: Channel0 Detected' due to code mismatch between controller and AP
• CSCwo72236: AP logs "RTNETLINK answers: No such file or directory" every 30 seconds, causing excessive syslog entries
• CSCwo75325: Cisco Aironet 1832/1852 APs crash due to radio failures (Beacon Stuck) on 17.12.6 in SST testbed
• CSCwo75806: AP intermittently delays reassoc response for over 200ms, causing clients to resend reassoc requests
• CSCwo82821: Cisco Catalyst 9120AP encounters kernel panic at txq_hw_fill+0x394, leading to crash
• CSCwo94810: IOT clients with TI Wi-Fi module (PIT truck) cannot associate with Cisco Catalyst 916x AP or Cisco Catalyst 9130 AP, or Cisco Wireless 917x AP
• CSCwp39841: Cisco Catalyst 9120 AP crashes as kernel panic occurs due to NMI watchdog timeout
• CSCwj80614: Clients are unable to connect due to assignment of IP address that is in use by stale client entry in device-tracking database in FlexConnect local switching
• CSCwk58326: Controller sends multicast packets with previous WMI
• CSCwk81946: Controller experiences kernel unresponsiveness due to TDL memory corruption
• CSCwm67254: Accounting start and stop messages are missing CUI attributes
• CSCwn11160: Controller running in High Availability in guest anchor sends traffic to the wrong tunnel after switchover for already connected clients
• CSCwn36778: Cisco Catalyst 9800-80 controller displays low memory leak potentially in the 'ipv4_addr' field
• CSCwn45380: Controller uses registry to initialize the trap queue length in SNMP
• CSCwn46684: Controller unexpectedly reloads and becomes unresponsive during the upgrade process
• CSCwn50926: Acct-Session-ID attribute missing from Access Request after client deletion, causing RADIUS server to drop requests and clients unable to connect
• CSCwn51207: Cisco Catalyst 9800-40 controller becomes unresponsive after upgrade from 17.3.6 to 17.12.3, with crashes on High Availability Pair
• CSCwn61980: Rogue AP is not displayed in UI or REST API when detected by dual band radio AP configured on same band
• CSCwn77030: Controller does not process analytics action frames from MLD for MLO clients, resulting in missing PC Analytics information
• CSCwn90360: Controller unable to start EAP process due to delayed packet transmission from AP, causing STA authentication issues
• CSCwn90874: Guest anchor controllers show error when creating anchor-export-ACK in CWA with OWE scenario
• CSCwn92477: Controller reboots during WNCd process due to assertion failure with invalid BSSID, causing kernel unresponsiveness
• CSCwn92827: Secondary controller fails with rsync error after primary crash and cannot perform bulk sync, leading to outage
• CSCwn98574: VRF name corruption causes client to get stuck at mobility while roaming, resulting in frequent disconnects after upgrade
• CSCwo08428: COS-AP stale client entries cause AP to reach max number of clients per radio, affecting Cisco Catalyst 9120, 9130, and 9166 APs in local mode
• CSCwo35645: NETCONF over SSH fails to return all records for wireless-client-oper, shows 'invalid XML' before completion
• CSCwo37680: Controller initiates client deletion with CO_CLIENT_DELETE_REASON_DOT11_MAX_STA, even when AP client count is within limits
• CSCwo39523: Cisco Wireless 9176I AP receives GPS/GNSS data but fails to provision country code, despite correct location info
• CSCwo54553: Controller displays traceback messages when default-policy-tag APs block config change due to non-zero Ref-count
• CSCwo61286: Audit session ID changes after inter-WNCd roam in CWA with PSK, causing authentication failures due to old session ID usage
• CSCwo62157: Controller with CAPWAP enabled shows memory leak in tdl_mac_addr object under WNCd process
• CSCwo62333: Cisco Catalyst 9800-L controller in FlexConnect/SDA fails to start MAB on association request if EAP_ID_RESP is missing
• CSCwo68664: Cisco Catalyst 9800-L in SDA Wireless does not enforce EAP timeout, causing clients to remain stuck in MAB state
• CSCwo80904: Cisco Catalyst 9164 and 9166 APs crash due to radio failures (Beacon Stuck) after controller upgrade to 17.15.3
• CSCwp13687: Cisco Catalyst 9800-CL controller modifies script generating SSC to prevent RSA key issues impacting AP join
• CSCwp26707: Controller fails to start L2 authentication for 11r clients with VLAN-persistent configured after upgrade to 17.12.5
• CSCwp31397: DFS radar detection results in most APs being allocated the same channel and Tx power after mini-DCA calculation on the controller
• CSCwp32113: Controller reloads due to kernel unresponsiveness with segmentation fault (11) in IGMPSN process on Catalyst 9800-80 controller
• CSCvy53719: Cisco Catalyst 9800-80 displays stale, non-impacting "mce: [Hardware Error]" messages during IOS-XE 17.x boot-up
• CSCwi48178: Cisco Catalyst 9800-40 shows WNCd SafeC Validation error for memcmp_s: dmax, resulting in tracebacks
• CSCwm09484: WNCD crashed in CiscoSSL code on controller
• CSCwn31021: Controller fails to correctly format AP Name and VLAN ID in Option 82; VLAN is truncated, and delimiter is misrepresented
• CSCwn33501: Controller does not give output for #show ap summary sort name command on 9800-40/80 running 17.12.4
• CSCwn45000: No output for "show ap name <ap name=""> wlan dot11 5ghz" command when 802.11be and 5G radio policy enabled
• CSCwn45670: Controller GUI FlexConnect configuration page fails to display after IOS XE 17.15.1 upgrade, showing "Operation GET Failed"
• CSCwn85374: Memory usage in CloudM process increases over time until BinOS memory is exhausted
• CSCwn94159: Controller with 6 GHz APs sees frequent DCA-induced channel bandwidth changes, causing client deletions and connectivity issues
• CSCwn94511: The 'factory-reset all' command behaves as if secure option is enabled, deleting OS and configuration, leading to ROMMON boot
• CSCwn96363: Remove redundant counters from "show wireless stats ap name <ap> dot11 5GHz" output for easier monitoring
• CSCwo07767: Controller's active chassis gets stuck in active recovery state on 17.12.4 after RP/RMI connectivity flaps
• CSCwo09824: Cisco Wireless 9176 AP is unable to join controller after GUAP process; controller repeatedly closes connection
• CSCwo19011: Controller observes unexpected SISF reboot with WNCD core
• CSCwo20395: Controller's rogue classification rules not applying configured classifications to detected devices
• CSCwo29017: The wncmgrd kernel unresponsiveness after issuing 'show ap config slots' on Controller-80-K9 running 17.12.4
• CSCwo30925: Cisco Wi-Fi 6 and above APs do not support disabling WMM on radios with 11n/ac/ax, disabling WMM causes client connectivity failures
• CSCwo33572: Failed to collect RA tracing logs on Cisco IOS XE Release 17.9.5 using standard or alternate methods
• CSCwo52310: Wireless cloud service consumes 100% CPU during geolocation derivation in large scale setups with many APs and CDP neighbors
• CSCwo53638: Client error: High Availability data path setup failed on standby device in RA trace logs
• CSCwo64967: Mobility tunnel with data-link encryption intermittently disconnects when WMI address fourth octet is 255
• CSCwo67294: Controller unexpectedly reloads due to corrupted value in IGMP Layer 2 Snooping process, leading to segmentation fault
• CSCwo67413: Controller pushes aWIPS profiles from FQDN-only setup for intrusion detection
• CSCwo86312: Controller shows mismatch between client counts from "show client" commands and SNMP walk totals for WLANs
• CSCwo89539: Controller unexpectedly reloads when adding "location civic-location-id" to multiple interfaces
• CSCwo98083: Access points are unreachable in inventory on Cisco Connected Cloud 2.3.7.9 due to incorrect TDL value update
• CSCwo98644: RRM does not update default channel or power levels when controller is IPv6-only, adding IPv4 restores normal operation
• CSCwp03988: Controller reloads unexpectedly due to unsuccessful copy of the MAC address while configuring AP channel and power levels
• CSCwo41248: Controller displays misleading error when configuring two radios on same UNII band (100-144). Only one 5-GHz radio is allowed in this band
• CSCwp06711: Controller overwrites static AP location with Location Tag after upgrade, impacting DHCP Option 82 and client IP assignment
• CSCwp12959: Wireless clients may be excluded after one authentication failure or not excluded as expected, contrary to documentation
• CSCwp21187: Controller unexpectedly reboots due to mDNS packet being punted from data-plane to control-plane on version 17.15.03
• CSCwp25552: BSSID-mac dispatched as 00:00:00:00:00:00 for slot 1 WLAN 1 via xpath, not reflected in show ap wlan summary
• CSCwp59171: Users unable to add allowed user on Lobby admin page, receiving "Error in configuring Allowed users" message
• CSCwp93598: Memory leak found in controller process related to specific database string, recurring after upgrading to 17.12.5