Cisco Cisco IOS XE 3.5E

Cisco APs and Cisco WLCs that are in the –A domain category can continue to operate and even 
coexist with –B domain devices without any issues.

We recommend that you upgrade Cisco APs and Cisco WLCs to the appropriate software release that 
supports –B domain.

–B Domain Compliant Cisco APs starting with Cisco IOS XE Release 3.6.5E are: Cisco Aironet 700, 
700W, 1040, 1140, 1260, 1530, 1570, 1600, 1700, 2600, 2700, 3500, 3600, 3700.

Beginning with Cisco Wireless Release 8.1 and later, Mobility Agent related CLI/WebUI from 
AireOS-based controllers as Mobility Controller is no longer supported. 

Pairing of 3850, 3650 switches, or 4500E Sup-8E, as Mobility Agent is not supported with Cisco 
Wireless Release 8.1 and later releases.

The TACACS+ login procedure using custom method list is simplified wherein configuring a default 
method list is no longer required when the same server group is used.

Support for Catalyst Switch models WS-C3850-48U-L, WS-C3850-48U-S and WS-C3850-48U-E

CDP Bypass—The sessions are established in single and multi-host modes for IP Phones. However, 
if voice VLAN and 802.1x on an interface port is enabled, then the CDP Bypass is enabled when the 
host mode is set to single or multi host mode.

By default the host mode is set to single mode in <legacy> mode and multi-authentication in the 
edge mode.

Use the following commands to configure CDP bypass:

Switch> enable

Switch# configure terminal

Switch(config)# interface <interface-id>

Switch(config-if)# switchport mode access

Switch(config-if)# switchport voice vlan <vlan-id>

Switch(config-if)# authentication port-control auto

Switch(config-if)# authentication host-mode single | multi-host

Switch(config-if)# dot1x pae authenticator

WebAuth sleeping client—Allows successfully authenticated devices to stay logged in for a 
configured period without reauthentication.

The following CLI is added under the webauth parameter map:

sleeping-client timeout timeout-in-minutes

Restrictions: