Loading...
Loading...
1. Downstream TCP throughput to wireless clients is severely degraded, when compared with 8.10.171.0 or before. 2. If using large server certificates for EAP authentication (EAP-TLS or PEAP), 802.1X authentication fails. On the access points, the output of the command "show controllers nss stats" shows the value of the INNER_CAPWAP_REASM_FAILED counter increasing.
AireOS WLC running 8.10.181.0. IOS-XE running 17.3.6 Access points: 2800/3800/4800/1562/6300 series (no other models affected). A network path MTU > 1500 bytes is in use, in the CAPWAP path between the WLC and the APs.
There is no workaround for the TLS certificate problem. For the slow downstream TCP problem: Set TCP Adjust MSS which is lower than path MTU size (suggested default value: 1250 bytes. but need to adjust the value based on each environment.) In AireOS CLI: config ap tcp-mss-adjust enable all 1250 AireOS GUI: Wireless > Access Points > Global Configuration > Global TCP Adjust MSS In 9800 CLI: in the AP join profile: tcp-adjust-mss size 1250 (This is the default value, so does not display in "show running-config")
This is a regression that affects ONLY the 17.3.6 and 8.10.181.0 releases. Fixes are now publicly available: For AireOS, the 8.10.182.0 release. For IOS-XE 17.3.6: https://software.cisco.com/download/home - select controller model, go to IOS XE Software AP Service Pack, select CSCwd40096 17.3.6 APSP2. Memory leak can be seen due to capwap fragment failure in a case. (About 500Mbyte leak in a month on AP2802)
Click on a version to see all relevant bugs
Cisco Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.