Cisco Cisco Aironet 350 Access Points Release Notes
13
Release Notes for Cisco Aironet 350, 1100, and 1200 Series Access Points for Cisco IOS Release 12.2(13)JA2
OL-5428-01
Important Notes
Corrupt EAP Packet Sometimes Causes Error Message
During client authentication, the access point sometimes receives a corrupt EAP packet and displays this
error message:
error message:
Oct 1 09:00:51.642 R: %SYS-2-GETBUF: Bad getbuffer, bytes= 28165
-Process= "Dot11 Dot1x process", ipl= 0, pid= 32
-Traceback= A2F98 3C441C 3C7184 3C604C 3C5E14 3C5430 124DDC
You can ignore these messages.
When Cipher is TKIP Only, Key Management Must Be Enabled
When you configure TKIP-only cipher encryption (not TKIP + WEP 128 or TKIP + WEP 40) on any
radio interface or VLAN, every SSID on that radio or VLAN must be set to use WPA or CCKM key
management. If you configure TKIP on a radio or VLAN but you do not configure key management on
the SSIDs, client authentication fails on the SSIDs.
radio interface or VLAN, every SSID on that radio or VLAN must be set to use WPA or CCKM key
management. If you configure TKIP on a radio or VLAN but you do not configure key management on
the SSIDs, client authentication fails on the SSIDs.
Cisco CKM Supports Spectralink Phones
Cisco CKM (CCKM) key management is designed to support voice clients that require minimal roaming
times. To date, CCKM supports only Spectralink Wireless Phones. Other voice clients have not been
tested with CCKM and are not supported.
times. To date, CCKM supports only Spectralink Wireless Phones. Other voice clients have not been
tested with CCKM and are not supported.
WPA Migration Mode Not Supported on Cisco Aironet Client Devices
The WPA feature for Cisco Aironet client adapters as installed with Install Wizard version 1.2 does not
support WPA Migration Mode. However, Cisco IOS Releases 12.2(11)JA and later support WPA
Migration Mode for non-Cisco Aironet client devices.
support WPA Migration Mode. However, Cisco IOS Releases 12.2(11)JA and later support WPA
Migration Mode for non-Cisco Aironet client devices.
Cisco Aironet client adapters do support WPA Authenticated Key Management. To support Cisco
Aironet clients with WPA, the access point SSID must be configured only for the WPA TKIP cipher. The
following cipher suites, which support migration mode, are not supported by Cisco Aironet WPA clients:
Aironet clients with WPA, the access point SSID must be configured only for the WPA TKIP cipher. The
following cipher suites, which support migration mode, are not supported by Cisco Aironet WPA clients:
•
TKIP + WEP128
•
TKIP + WEP40
To support both Cisco Aironet WPA clients and non-WPA clients, you must configure separate VLANs:
a VLAN with encryption mode TKIP to support Cisco Aironet WPA clients, and a VLAN with a WEP
encryption mode that supports non-WPA clients.
a VLAN with encryption mode TKIP to support Cisco Aironet WPA clients, and a VLAN with a WEP
encryption mode that supports non-WPA clients.
Non-Cisco Aironet Clients Sometimes Fail 802.1x Authentication
Some non-Cisco Aironet client adapters do not perform 802.1x authentication to the access point unless
you configure Open authentication with EAP. To allow both Cisco Aironet clients using LEAP and
non-Cisco Aironet clients using LEAP to associate using the same SSID, you might need to configure
the SSID for both Network EAP authentication and Open authentication with EAP.
you configure Open authentication with EAP. To allow both Cisco Aironet clients using LEAP and
non-Cisco Aironet clients using LEAP to associate using the same SSID, you might need to configure
the SSID for both Network EAP authentication and Open authentication with EAP.