Cisco Cisco Aironet 350 Access Points Release Notes
18
Release Notes for Cisco Aironet 350, 1100, and 1200 Series Access Points for Cisco IOS Release 12.2(15)JA
OL-5263-01
Caveats
•
CSCed38527—
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been
discovered by an external researcher. The successful exploitation enables an adversary to reset any
established TCP connection in a much shorter time than was previously discussed publicly.
Depending on the application, the connection may get automatically re-established. In other cases,
a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending
upon the attacked protocol, a successful attack may have additional consequences beyond
terminated connection which must be considered. This attack vector is only applicable to the
sessions which are terminating on a device (such as a router, switch, or computer) and not to the
sessions that are only passing through the device (for example, transit traffic that is being routed by
a router). In addition, this attack vector does not directly compromise data integrity or
confidentiality.
discovered by an external researcher. The successful exploitation enables an adversary to reset any
established TCP connection in a much shorter time than was previously discussed publicly.
Depending on the application, the connection may get automatically re-established. In other cases,
a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending
upon the attacked protocol, a successful attack may have additional consequences beyond
terminated connection which must be considered. This attack vector is only applicable to the
sessions which are terminating on a device (such as a router, switch, or computer) and not to the
sessions that are only passing through the device (for example, transit traffic that is being routed by
a router). In addition, this attack vector does not directly compromise data integrity or
confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at
and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS
software is available at
software is available at
•
CSCed39237—The access point GUI no longer identifies a root access point as a repeater when you
configure VLANs and set the fallback role to Shutdown.
configure VLANs and set the fallback role to Shutdown.
•
CSCed40563—Problems with the CDP protocol have been resolved.
•
CSCed41790—The access point now includes the SSID VSA in RADIUS authentication messages
as well as in RADIUS accounting messages.
as well as in RADIUS accounting messages.
•
CSCed51325—The access point now forwards reverse-ARP requests from client devices to the
wired LAN.
wired LAN.
•
CSCed56428—The 802.11g radio in the access point now sends 10 short training symbols instead
of 12.
of 12.
•
CSCed56493—The WDS access point no longer reboots when there is a mismatch between the
Cisco IOS Release running on the WDS access point and other access points on the network, or
when you enable LEAP + MAC authentication or EAP + MAC authentication.
Cisco IOS Release running on the WDS access point and other access points on the network, or
when you enable LEAP + MAC authentication or EAP + MAC authentication.
•
CSCed63936—You can now enter QoS fixed-slot times higher than 15.
•
CSCed65634—The access point 2.4-GHz radio no longer reaches the maximum quota for its
transmit queue when wireless phones are associated.
transmit queue when wireless phones are associated.
•
CSCed69756—By default, the access point sends reauthentication requests to the authentication
server with the service-type attribute set to authenticate-only. However, some Microsoft IAS servers
do not support the authenticate-only service-type attribute. Changing the service-type attribute to
login-only ensures that Microsoft IAS servers recognize reauthentication requests from the access
point. Use the dot11 aaa authentication attributes service-type login-only global configuration
command to set the service-type attribute in reauthentication requests to login-only.
server with the service-type attribute set to authenticate-only. However, some Microsoft IAS servers
do not support the authenticate-only service-type attribute. Changing the service-type attribute to
login-only ensures that Microsoft IAS servers recognize reauthentication requests from the access
point. Use the dot11 aaa authentication attributes service-type login-only global configuration
command to set the service-type attribute in reauthentication requests to login-only.
•
CSCed72780—You can now use the GUI to configure WPA and Network-EAP for an SSID without
also configuring open authentication.
also configuring open authentication.
•
CSCed75714—A combination of settings (WPA or WPA-PSK key management, IP Phone QoS
element, and transmit power less than 100 mW) on the access point’s 802.11g radio no longer causes
association delays for Cisco Aironet 802.11b client devices. The problem is resolved by Cisco
Aironet Client Installation Wizard Package 1.3.10 and client firmware version 5.41.
element, and transmit power less than 100 mW) on the access point’s 802.11g radio no longer causes
association delays for Cisco Aironet 802.11b client devices. The problem is resolved by Cisco
Aironet Client Installation Wizard Package 1.3.10 and client firmware version 5.41.