New and Modified Software Features/GUI Features

Improvements

New Software Features

Access Point Auto Location Support

This feature enables support for Access Point Auto Location, which helps to effectively self-locate APs on a map by combining various ranging technologies and algorithms. This feature requires the use of Cisco Spaces to interpret the AP location information and place the APs on maps.The following commands are introduced:

• ap geolocation derivation ranging
• geolocation ftm initiator burst-size
• geolocation ftm initiator burst-duration
• ap name ap-name floor
• ap geolocation ranging all accurate
• ap geolocation ranging site ap-site-tag accurate
• show ap geolocation ranging

Modified Trustpoints for Secure Unique Device Identity (SUDI) Certificates

From Cisco IOS XE Dublin 17.12.1 onwards, the following changes have been introduced for trustpoints:

• Trustpoint names for existing SUDI certificates. If your device supports Cisco Manufacturing CA III certificate and is not disabled.
• If your device does not support Cisco Manufacturing CA III certificate or if the certificate is disabled using no platform sudi cmca3 command.
• Hardware SUDI certificates
• Show wireless management trustpoint command output
• Show ip http server status command output

Archive less than 1 day

The request platform software trace archive last command has been enhanced to archive all the trace logs relevant to all the processes running on a system.

Cisco Catalyst 9166D Series Wi-Fi 6E Access Point

The Cisco Catalyst 9166D Series Wi-Fi 6E Access Point is an enterprise-class tri-band (2.4 GHz, 5 GHz, 6 GHz) indoor access point with integrated directional antennas. The AP supports full interoperability with leading 802.11ax and 802.11ac clients and a hybrid deployment with other APs and controllers.

Cisco Catalyst 9800 Wireless Controller for Cloud - Ultra-Low Profile (Beta, No TAC Support)

The ultra-low profile memory variant of the Catalyst 9800 Wireless Controller for Cloud comes with 4GB RAM and 2vCPUs and is deployed in a private cloud (supports ESXi, KVM, and NFVIS on ENCS hypervisors) as Infrastructure as a Service (IaaS). This controller can support up to 50 APs and 1000 clients.

Cisco Catalyst IW9167I Heavy Duty Access Point

The Cisco Catalyst IW9167I Wi-Fi 6 Access Point is a heavy-duty tri-band (2.4 GHz, 5 GHz, 6 GHz ready) outdoor access point with integrated antennas.For a full listing of the AP's features and specifications, see the Cisco Catalyst IW9167 Heavy Duty Series Data Sheet.

Ease of Debugging

The following commands are introduced on the AP console to enable or disable the client debug bundle and to verify the client debug status:

• debug client-bundle start
• show client-bundle status
• debug client-bundle stop

Embedded Packet Capture Enhancement

In this release, the Embedded Packet Capture (EPC) feature is enhanced to support increased buffer size, continuous capture, and filtering of multiple MAC addresses in one EPC session.The following commands are introduced:

• monitor capture epc-session-name buffer circular file
• monitor capture epc-session-name continuous-capture
• monitor capture epc-session-name inner mac

FIPS 140-3 compliance

This release enables all Wave 2 APs to achieve FIPS 140-3 compliance, ensuring adherence to security standards. The Cisco Catalyst 9800 controllers, however, are FIPS 140-2 compliant.

Improve crash datacollection, kernel panics, out of memory

A new command is introduced to limit the number of kernel core dumps collected on the AP:

• core-dump kernel limit

Indoor deployment support for UK -ROW domain on IW9167I and IW9167E

Indoor deployment for UK -ROW domain is supported on Cisco Catalyst IW9167I and IW9167E Heavy Duty Access Point from this release.

Intelligent Capture (iCAP) Hardening

This feature aims at making troubleshooting for wireless clients and APs easier. In this release, the following enhancements are made to the iCAP feature:

• Anomaly Detection
• ARF Statistics
• The following commands are introduced:
• icap subscription client anomaly-detection report-individual enable
• icap subscription client anomaly-detection report-individual per-client throttle
• icap subscription client anomaly-detection report-individual per-type throttle
• ap name icap subscription client anomaly-detection report-individual enable
• ap name icap subscription client anomaly-detection report-individual per-client throttle
• ap name icap subscription client anomaly-detection report-individual per-type throttle

MacBook Analytics

This feature is supported on the controller when the MacBook device sends 11k action frames along with the model information.

Mesh Support in Cisco Catalyst 9130AX Series Access Points

From this release, mesh support is included in the Cisco Catalyst 9130AX Series Access Points. All traditional capabilities of mesh are included in the Cisco Catalyst 9130AX Series APs operating in Cisco IOS XE Dublin 17.12.1.

New Countries Supporting 6-GHz Radio Band

From this release, Australia, Brazil, Costa Rica, Honduras, Hong Kong, Japan, Jordan, Kenya, Malaysia, Morocco, New Zealand, Peru, Qatar, Saudi Arabia, and United Arab Emirates are added to the list of countries that supports 6-GHz radio band.

RF based Automatic Load Balancing

The RF based Automatic AP Load Balancing feature uses Radio Resource Management (RRM) neighbor report-based AP grouping and load-balancing across WNCd instances.The following commands are introduced:

• ap neighborhood load-balance
• ap neighborhood calendar-profile
• wireless load-balance ap method rf
• show ap neighborhood summary
• show ap neighborhood details
• show ap neighborhood
• show ap neighborhood mac details
• show ap neighborhood wncd

Rogue Channel Width

From this release, you can specify the channel width and the band for rogue detection.The following command is introduced:

• condition chan-width

Rogue PMF

From this release, the controller will contain rogue APs with 802.11w Protected Management Frame (PMF) on centrally switched WLANs.The following commands are introduced:

• rogue detection containment pmf-denial
• pmf-deauth

Software entropy enhancement for FIPS 140-3

From Cisco IOS XE Dublin 17.12.1 onwards, Federal Information Processing Standard (FIPS) 140-3 is supported as a security standard to validate cryptographic modules.

Support for Cisco Wave 1 Access Points

Support for the following Cisco Wave 1 APs are introduced in this release:

• Cisco Aironet 1570 Series Access Point
• Cisco Aironet 1700 Series Access Point
• Cisco Aironet 2700 Series Access Point
• Cisco Aironet 3700 Series Access Point

VRF Support

From this release, Virtual Routing and Forwarding (VRF) is supported.

Wakeup Threshold for AP Power Save Mode

This feature enables you to define the client threshold in the AP power profile configuration to determine when an AP wakes up from the power save mode or enters into the power save mode.The following command is introduced:

• power-save-client-threshold

Wireless Mesh Support for Cisco Software-Defined Access

From this release, wireless mesh is supported on Cisco Software-Defined Access.The following commands are introduced:

• show ap name mesh roam history
• show wireless mesh ap fabric summary

New and Modified GUI Features

AP Location

Configuration -> Wireless -> Wireless GlobalConfiguration -> Tags -> Profiles -> AP Join

Configuring Transition Mode and Pure WPA3 (6-GHz) on the Same WLAN Profil

Configuration -> Tags -> Profiles -> WLANs

Rogue Channel Width

Configuration -> Security -> Wireless Protection Policies -> Rogue AP Rules

MIBs

The following MIBs are newly added or modified:AIRESPACE-WIRELESS-CAPABILITY.myAIRESPACE-WIRELESS-MIB.myCISCO-LWAPP-AP-CAPABILITY.myCISCO-LWAPP-CDP-CAPABILITY.myCISCO-LWAPP-DOT11-CAPABILITY.myCISCO-LWAPP-DOT11-CLIENT-CALIB-CAPABILITY.myCISCO-LWAPP-DOT11-CLIENT-CAPABILITY.myCISCO-LWAPP-DOWNLOAD-CAPABILITY.myCISCO-LWAPP-GUEST-LAN-CAPABILITY.myCISCO-LWAP P-IPV6-CAPABILITY.myCISCO-LWAPP-MESH-CAPABILITY.myCISCO-LWAPP-MESH-LINKTEST-CAPABILITY.myCISCO-LWAPP-MFP-CAPABILITY.myCISCO-LWAPP-MOBILITY-CAPABILITY.myCISCO-LWAPP-MOBILITY-EXT-CAPABILITY.myCISCO-LWAPP-QOS-CAPABILITY.myCISCO-LWAPP-QOS-MIB.myCISCO-LWAPP-REAP-CAPABILITY.myCISCO-LWAPP-RF-CAPABILITY.myCISCO- LWAPP-ROGUE-CAPABILITY.myCISCO-LWAPP-ROGUE-MIB.myCISCO-LWAPP-RRM-CAPABILITY.myCISCO-LWAPP-SI-CAPABILITY.myCISCO-LWAPP-TUNNEL-CAPABILITY.myCISCO-LWAPP-WLAN-CAPABILITY.myCISCO-LWAPP-WLAN-POLICY-CAPABILITY.myCISCO-LWAPP-WLAN-POLICY-MIB.myCISCO-LWAPP-WLAN-SECURITY-CAPABILITY.myCISCO-WIRELESS-HOTSPOT-CAPABILITY.my

Product Analytics

This feature allows for the collection of non-personal usage device systems information for Cisco products, which helps in continuous product improvements. This feature is supported on the Cisco Catalyst 9800 Series Wireless Controllers (9800-80, 9800-40, 9800-L, and 9800-CL). You can use the the pae command to enable or disable this feature.The following commands are introduced as part of this feature:

• pae
• show product-analytics kpi
• show product-analytics report
• show product-analytics stats

Behavior Changes

• From Cisco IOS XE Dublin 17.12.2, the show running-config wlan command is modified. The wlan_name variable is removed.
• The following command output is modified for the KPIs for AP Health Via the Controller​ and AP feature: show ap name config general
• WPA2 should be disabled while WPA3, PMF and dot11ax are enabled to broadcast WLAN exclusively on 6-GHz band. WPA2 can be enabled when broadcasting on other bands, such as 2.4 and 5-GHz.
• The inner MAC filtering feature of Embedded Packet Capture (EPC), captures CAPWAP data fragments and CAPWAP control not filtered by MAC.
• When wireless interface is not available, the RMI +RP configuration on the Web UI is disabled.
• From this release, the bssid-neighbor-stats interval value has been changed from 1 to180 seconds to 30 to 600 seconds. The default value is 180 seconds.
• From this release, the default console baud rate of the 802.11AX APs is changed from 9600 bps to 115200 bps.