New Features
New Features
Packet Capture: TCP Dump on WGB
This feature captures packets from a WGB terminal using a default or customized filter through a WGB wired port and uploads them to an external server for further analysis.
The feature is supported on the following APs:
- Cisco Catalyst IW9167E Heavy Duty Series Access Points
- Cisco Catalyst IW9165E Rugged Access Point
Cisco IW9167IH AP Mesh Support
This feature enables Bridge and Flex+Bridge mode on the Cisco IW9167IH AP allowing you to extend the wireless network coverage through mesh backhaul using the 2.4 GHz and 5 GHz frequencies.
The following command is introduced:
- ap name ap-name mode bridge
AAA User Authentication Support for WGB
The AAA User Authentication Support for WGB feature provides information about how to use AAA to control network resource usage and define permissible actions.
The feature is supported on the following APs:
- Cisco Catalyst IW9167E Heavy Duty Series Access Points
- Cisco Catalyst IW9165E Rugged Access Points
Radio 4 in Scanning Only Mode
This feature enhances the WGB auxiliary scanning and roaming capabilities, allowing you to configure radio 4 to operate in scanning mode only. Radio 4 supports both 2.4 GHz and 5 GHz frequencies.
The feature is supported on Cisco Catalyst IW9167E Heavy Duty Series Access Points.
Optimized Roaming with Dual-Radio WGB
This feature reduces service downtime and ensures a smoother and reliable network experience. When roaming is triggered by a beacon miss-count or maximum packet retries, the second radio enables the WGB to bypass the scanning phase and check the scanning table for potential APs.
The feature is supported on the following APs:
- Cisco Catalyst IW9167E Heavy Duty Series Access Points
- Cisco Catalyst IW9165E Rugged Access Points
Cisco Catalyst 9800-CL Cloud Wireless Controller Oracle Cloud Infrastructure (OCI) Support
The Cisco Catalyst Wireless Controller for Cloud (C9800-CL) sets the standard for Infrastructure as a Service (IaaS) secure wireless network services with Oracle Cloud Infrastructure (OCI). C9800-CL combines the advantages and flexibility of an OCI public cloud with the customization and feature-richness that customers usually experience on-prem deployments.
Cloud Monitoring for Cisco Catalyst 9800 Hardware Wireless Controllers
The Cloud Monitoring for Cisco Catalyst 9800 Hardware Wireless Controllers feature helps to monitor controllers using the Meraki dashboard.
The following command is introduced:
- service meraki connect
Cisco Spaces Connect for IoT Services: Support for On-Premise in Cisco Catalyst Wireless Infrastructure
Cisco Spaces Connect for IoT Services solution enables delivery of advanced BLE capabilities over Cisco Catalyst Wireless infrastructure. The key component of this solution is the IoT Orchestrator which is a Cisco IOx application that can be deployed on existing Cisco Catalyst 9800 Wireless Controller platforms. With the Spaces Connect for IoT Services solution, you have capabilities to securely onboard and control BLE devices, and consume data telemetry using the Message Queuing Telemetry Transport (MQTT).
Note
The Spaces Connect for IoT Services is now in Public Beta.
For more information about this feature, see the following documentation:
- Cisco Spaces Connect for IoT Services Configuration Guide
- Cisco Spaces Connect for IoT Services Quick Start Guide
- Cisco Spaces Connect for IoT Services Programmability Guide
- Cisco Spaces Connect for IoT Services Online Help
- Cisco Spaces Connect for IoT Services Release Notes
New Channel Support for United Arab Emirates and Qatar
In this release, the following channels are supported for indoor APs in the United Arab Emirates and Qatar: 149, 153, 157, 161, and 165.
The following channels are supported for outdoor APs in the United Arab Emirates: 36, 40, 44, 52, 56, 60, 64.
Also, the outdoor power table value for the 5-GHz band is updated for the United Arab Emirates in this release.
New Countries for 6-GHz Support
From this release, Taiwan (TW) and Guatemala (GT) are added to the list of countries that support the 6-GHz radio band.
Software-Defined Access (SDA) Updates
The following are the SDA updates for Cisco IOS XE 17.15.1:
- IPv6 Underlay Support for FIAB (Fabric in a Box)
- Flex OTT (Meraki Access Points) support in SDA
- Dual Ethernet support for Cisco Catalyst 9136 Series APs in SDA (Non-authenticated ports and single switch stack homed deployment)
SuiteB-1X and SuiteB-192-1X Support in FlexConnect Mode for WPA2 and WPA3
From Cisco IOS XE 17.15.1 onwards, Cisco WLAN FlexConnect mode supports enterprise authentication key management (AKM) — SuiteB-192-1X (AKM 12) and SuiteB-1X (AKM 11).
This feature supports the configuration of SuiteB-192-1X and SuiteB-1X in FlexConnect mode, and also supports Galois Counter Mode Protocol 128 (GCMP-128), GCMP-256, and Counter Cipher Mode with Block Chaining Message Authentication Code Protocol 256 (CCMP-256) ciphers for pairwise transport keys (PTK) and group temporal key (GTK) derivation in FlexConnect Local Authentication mode and FlexConnect Central Authentication mode.
Support for Security-Enhanced Linux
In this release, the controller is supported with Security-Enhanced Linux (SELinux) MAC operating in enforcing mode, to improve the overall security profile.
SELinux is a solution composed of Linux kernel security module and system utilities to incorporate a strong, flexible Mandatory Access Control (MAC) architecture into the controller.
The following commands are introduced:
- set platform software selinux
- platform security selinux
Wi-Fi Protected Access (WPA3) Security Enhancements for Access Points
The following are the security enhancements developed in Cisco IOS XE 17.15.1, for APs:
- GCMP-256 Cipher and SuiteB-192-1X AKM
- SAE-EXT-KEY Support
- AP Beacon Protection
- Multiple Cipher Support per WLAN
- Opportunistic Wireless Encryption (OWE) Support with GCMP-256 Cipher
The following commands are introduced: - security wpa akm sae ext-key
- security wpa akm ft sae ext-key
- security wpa akm suiteb-192
- security wpa akm suiteb
- security wpa wpa2 ciphers
- security wpa wpa3 beacon-protection
Tier B/C/D Country Support for Cisco Catalyst 9124 Outdoor Access Points
From this release, Cisco Catalyst 9124 Outdoor APs are supported in the following countries: Bosnia, Hong Kong, India, Indonesia, Israel, Jordan, Kuwait, Puerto Rico, Qatar, Saudi Arabia, Singapore, South Africa, Taiwan, Turkey, and United Arab Emirates.