Cisco WLC Code Release New Features

Update – Cisco pulled the release notes and has published version as of Feb. 6, 2012. This article has been updated to reflect version

Cisco Systems just announced the release of code version for wireless LAN controllers and lightweight access points. This is the first release since released in Oct. 2011 to include new features, but that version added few enhancements. The last major release to include a significant amount of new capabilities was version back in April 2011.

Version brings a large amount of new features, many of which could be of significant value to customers.  Some of the more significant enhancements include the following:


  • WiSM2 Controller Scaling
    The WiSM2 controller now supports more APs (1k up from 500), more clients (15k up from 10k), and increased throughput (20Gbps up from 10Gbps) than previous. This will allow customers with very large deployments to scale to larger size within the same hardware footprint. Additionally, more APs and clients can be supported within a 6500 switch chassis as well.
  • Flex 7500 Controller Scaling
    The centralized Flex 7500 controller now supports more APs (3k up from 2k), more clients (30k up from 20k), more Flex Groups (1k up from 500), increases throughput (1Gbps up from 250Mbps), adds support for Office Extend APs (OEAPs) which previously did not exist, and now supports DTLS data tunnel encryption with OEAPs. The scalability in this platform is critical because it is targeted for data center deployment in highly distributed environments to manage hundreds of remote sites. Typically each remote site is configured as a distinct Flex Group (previously called H-REAP Group) which allows coordination among the APs within a single site for local client authentication, client key caching, and fast roaming. Customers deploying the centralized Flex 7500 platform will welcome these scalability improvements to reduce hardware footprint.
  • IPv6 Dual-Stack Client Support
    Delivering support for IPv6 is becoming increasingly important for customers as Wi-Fi network utilization increases with mobile device adoption and proliferation as the primary access network for users. IPv6 was previously only bridged across the wireless controller infrastructure, and prevented the use of many features available with IPv4 clients, such as H-REAP local switching, client anchoring on another controller, dynamic VLAN assignment, web authentication (captive portal), DHCP proxy and ARP proxy for intelligent broadcast and multicast filtering to improve RF network performance, and also resulted in some sub-optimal a-symmetric traffic routing when clients roamed between controllers (Layer 3 roaming) which could cause issues with firewall state tables.This release incorporates support for symmetric traffic routing between controllers when performing Layer 3 roaming, IPv6 security features such as RA Guard against rogue router advertisements, source guard to prevent IPv6 address spoofing, DHCPv6 server guard against rogue servers,  and IPv6 access control lists. It also adds complete visibility into client IPv6 addressing in the NCS management platform for better support and troubleshooting.
  • FlexConnect / H-REAP Enhancements
    I’ve written previously about some of the limitation of the H-REAP deployment mode. Cisco continues making strides in this area, no doubt because they see the growing need to distribute data forwarding and control-plane intelligence back out to the AP edge with looming Gigabit Wi-Fi standards and high availability requirements becoming more critical in customer Wi-Fi networks. This release brings about the final nail in the coffin of the term “H-REAP”. Good riddance, who could explain that hideous acronym to managers?! All brandingof this feature set is now referenced as “FlexConnect”.One major FlexConnect enhancement is the ability to perform efficient AP upgrades, typically across high-latency and low-bandwidth WAN links. One access point at a remote site will act as a master AP and download a new code image from the central site controller, then distribute it to all the other APs of the same model at the remote site. This should ease traffic utilization and congestion across the WAN and decrease the time required to upgrade remote sites.A few other enhancements include security features that allow dynamic VLAN assignment to clients that have data traffic dropped off locally at the AP rather than tunneled back to the controller, access control list support, and peer-to-peer client blockingwhich is an option to prevent clients on the same WLAN from communicating with one another (especially useful in highly secure environments or guest networks).Lastly, fast roaming has been improved with FlexConnect which removes WAN link latency dependencies between the controller and remote APs. This is because mobility handoffs and key caching previously required communication with the centralized controller across the WAN and could impact the ability to perform fast handoffs between APs. Now the mobility handoff and key caching exchange is handled directly between FlexConnect access points within the same Flex Group without needing to involve the controller.
  • Wi-Fi Direct Client Management
    The Wi-Fi Alliance certified Wi-Fi Direct in late 2010, which allows direct client to client communication without traversing an AP or network infrastructure. This can pose security risks in enterprise environments and the certification standard allows network infrastructure administrators visibility and control of Wi-Fi Direct clients in their environment. This feature provides Cisco wireless network administrators control to allow or block Wi-Fi Direct clients from joining a WLAN. As Wi-Fi Direct capable clients expand, this feature will be critical for enterprises to monitor and control the use of this new protocol within their networks.
  • Hotspot 2.0 Support
    The new Wi-Fi Certified Hotspot program promises to provide a cellular-like user experience by streamlining Wi-Fi network discovery, selection, and access by clients. This requires service advertisement and roaming provider integration by Wi-Fi infrastructure vendors and network operators. This code release supports  the standardized components specified by the IEEE in the 802.11u amendment, and provides the foundation for interoperability certification under the forthcoming Wi-Fi Certified Passpoint program by the Wi-Fi Alliance.
  • Granular RF Controls 
    Previously, many RF controls within the Cisco Unified Wireless Network were global settings that applied to all virtual WLANs and clients. This release provides more granular capability to configure data rates and power settings groups of APs rather than globally. This feature is beneficial for networks where a single controller (or group of controllers) manages disparate environments that require different settings. This is actually quite common with customer environments that need to support some high density areas as well as lower density common use areas. Design and configuration for high density wireless LANs is quite different from an RF perspective, where capacity and minimizing interference become critical to network performance and user satisfaction. The capability to provide different RF controls for areas within the same network should be of benefit to many customers and eliminates the need to acquire separate hardware.

Overall, these enhancements are all worth merit and should be welcomed by customers. Additional features are also provided in this code release which can be found in the release notes.

In addition, the industry gathered to talk about Gigabit Wi-Fi, mobile device proliferation, and Hotspot 2.0 topics at the recent Wi-Fi Mobility Symposium organized by Gestalt IT and Tech Field Day. To learn more about these topics visit the Tech Field Day website and watch all the archived videos!

Andrew vonNagy

Previous post

Cisco Spectrum Expert, AirMagnet Spectrum XT & WiSpy Chanalyzer 4

Next post

E04 - Cisco 3600 AP Launch

Andrew vonNagy

Andrew vonNagy

Technical Architect at a Fortune 50 Company CCIE #28298 CWNE #81


  1. Stephen Cooper
    January 31, 2012 at 5:01 pm — Reply

    Excellent overview, thanks!

    It seems the release notes and software have disappeared off however, I can only see

    Do you know if you need to upgrade from to before going to

    I do like a Flex Connect a lot more than H-REAP!


    • January 31, 2012 at 5:47 pm — Reply

      From what we have heard the release notes was posted and pulled due to the code not being posted yet to CCO. We should see it back soon.

      You will not need to go to first, that was a temporary release for the 3600 during the soft launch that happened last fall.

    • Javier
      February 3, 2012 at 3:26 am — Reply

      No, you can upgrade from 7.x to 7.2, without intermediate version
      7.1.91 is only a temporary release for 3600 support

  2. Duro
    February 2, 2012 at 5:45 pm — Reply

    I think it is important emphasize that 7.2 and higher version code version will need support NCS only for management. The Cisco`s WCS not going be supported for 7.2 (wcs could be migrated to NCS) as management platform.. this I got from cisco some time ago, so they might changed mind


  3. Brian Stamper
    February 14, 2012 at 5:34 pm — Reply

    Relative to the 5508 and FlexConnect groups:
    How many AP’s per Group Max? (I thought I read this is up to 50 from 25 in the config guide but it doesn’t specify platform 5508 vs. 7500)
    How many total groups per controller?

    Can anyone Clarify Duro’s comments above relative to WCS/NCS? Will WCS support a controller on 7.2 code or is a NCS upgrade required.

    • February 14, 2012 at 6:40 pm — Reply

      WCS support has ceased with 7.2 release, all versions going forward will require NCS.

      I’m not sure on the max APs per group change, will have to dig around.

    • February 15, 2012 at 8:54 am — Reply

      Hi Brian,
      You can find the information on H-REAP Group scalability for both the 7510 and 5508 controllers here:
      Flex 7500 Wireless Branch Controller Deployment Guide

      This table highlights the scalability differences between the Flex 7500 and WLC 5500 controller:

      Scalability Flex 7500 WLC 5500
      Total Access Points 2,000 500
      Total Clients 20,000 7,000
      Max HREAP Groups 500 100
      Max APs per HREAP Group 50 25
      Max AP Groups 500 500


  4. Brian Stamper
    February 15, 2012 at 9:01 am — Reply

    Thanks Andrew!

  5. Martin Pritchard
    August 15, 2012 at 12:52 pm — Reply

    If making the transition from 7.0.x to 7.2.x, please be aware that not all APs are supported in 7.2.x.

    If you use any of the following devices you’ll have to replace them if you upgrade:-
    1100 series (112x)
    1200 series (122x, 123x)
    1300 series bridge (1310)
    Coincidentally these are all the AP models that can’t do HREAP, they tunnel to the controller regardless.

    7.2 compatibility n a nutshell: if it’s black or white it’s alright, if it’s silver it’s scrap.

Leave a Reply