Enterprise Wi-Fi System Software Release - 6.4.2

Software release 6.4.2 is available for Enterprise Wi-Fi. 6.4.2 software release contains features, enhancements and bug fixes. Following are the downloads available for software release 6.4.2:

New Features


With the Auto-RF feature, AP collects a number of RF-statistics and uses that information to give a better Radio Frequency (RF) environment to wireless clients, by selecting the right channel and Tx power for each radio. This results in a better end-user experience in terms of application performance and call quality.

Auto-RF consists of two functionalities:

  • Dynamic channel: Helps radios to always select a better channel at boot time and post boot if channel conditions change later.
  • Auto power: Helps radios to come up with the right Tx power to handle coverage holes and minimize RF interference.

Device class filter

This feature applies wireless policies to the client-based device class (notebook, phone, tablet, and laptop) and its type (Windows, Mac, and Android).

Flooding attacks in Wireless Intrusion Detection Systems (WIDS)

The WIDS feature is used to detect different types of flood attacks. A flood attack occurs when a rogue client sends a huge number of packets of a specific type to the AP to disrupt the normal working of the AP. This feature can detect the following types of flood attacks:

  • Association
  • Authentication
  • Disassociation
  • De-authentication
  • Extensible Authentication Protocol over LAN (EAPoL)

Opportunistic Wireless Encryption (OWE)

OWE is a Wi-Fi standard, which ensures that the communication between each pair of endpoints is protected from other endpoints. The OWE transition mode allows OWE-capable STAs to access the network in OWE authentication mode.


Scale Limit: 2K ePSK

From System Release 6.4.2 onwards, Enterprise Wi-Fi 6 XV series Access Points support 2K ePSK entries per WLAN. Other Access Points (e410, e430, e510, e600, and e700) continue to support 1024 ePSK entries per WLAN.

Fixed Issues

Tracking ID Product Description
FLCN-12500 All Sanitize ping host argument was found in device-agent.
FLCN-12424 e410, e510, e430, e600, and e700 Clients disconnection triggered due to related process restarts.
FLCN-12364 XE3-4 Fixed memory leak.
FLCN-12362 All cnMaestro Captive Portal: cnMaestro dynamic IP address was not learned when the TTL value is 0.
FLCN-12327 XV2-2, XV2-2T0, and XV2-2T1 DFS channels are missing from the KR country code.
FLCN-12254 All Issue with the captive portal white list entries which caused the client not to get a login page from the external captive portal server.
FLCN-12252 All Number of VLANs supported on device was increased.
FLCN-12184 All Unable to save SSH key in APs UI- Error: specified parameter greater than the maximum length.
FLCN-12130 All Real clients in the field are failing to connect to WPA3-Enterprise security because of SuiteB AKM.
FLCN-12129 All AP generated PPPoE Tunnel Critical alarm with a 6.4.1-r15 image even if the PPPoE feature was not configured.
FLCN-12120 XV3-8, and XE5-8 Removed 160 MHz configuration from unsupported radio channel- width list.
FLCN-12119 All WPA2-Enterprise clients get reauthenticated every 1 hour.
FLCN-12113 All AP running with 6.4.1 image reported frequent WMD restarts which caused clients to disconnect.
FLCN-12080 XV2-2 AP crashed due to a watchdog reset.
FLCN-12038 e410, e510, e430, e600, and e700 Link Aggregation Control Protocol (LACP) was not working.
FLCN-11997 All GRE tunnel down event was generated without checking the reachability to peer after the Rx counter did not increment for two consecutive intervals.
FLCN-11986 All Secondary-remote-host tunnel IP was not getting applied if pushed from user-defined overrides.
FLCN-11975 All False event EOGRE tunnel up was triggered even if the tunnel was down.
FLCN-11820 e410, e510, e430, e600, and e700 Multicast-to-unicast conversion was not working.
FLCN-11761 All Fixed issues related to band-steering.
FLCN-11653 All Pixel 6 was not able to connect to a WPA3-SAE WLAN on the 6 GHz radio.
FLCN-11578 e410,e510, e430,e600, and e700 Off-Channel Scan (both active and passive scan) was finding Clients and Neighbor APs only in home channel APs.
FLCN-11299 All Azure prompted for re-authentication when roaming from an AOS to CaOS AP.
FLCN-11173 All AP dropped DNS AAAA inquiry.
FLCN-8612 All ePSK VLAN was not honored after 11r roaming.
1 Like

Hi. I’m running on a XE3-4 and have one iot device that couldn’t stay connected. It was connecting and disconnecting every second. So after some testing I found out that “ Proxy ARP” setting under Configure → WLAN was the problem. I disabled this and now it’s stable and working. So if anyone else is experiencing a similar issue maybe this solves it.

Edit: I’m using Device Login management (Local).