Cisco Cisco Aironet 1310 Access Point Bridge Notas de publicación
15
Release Notes for Cisco Aironet 1300 Series Outdoor Access Point/Bridge for Cisco IOS Release 12.3(4)JA2
OL-8216-01
Caveats
•
CSCeh06200—With TACACS configured, administrators can now log into the access point GUI
when idle time is configured on the TACACS server.
when idle time is configured on the TACACS server.
•
CSCeh08952—Access points now correctly filter traffic through the TCP port when an IP filter is
configured.
configured.
•
CSCsa40042, CSCsa40045—The user interfaces on the access point/bridge no longer allow you to
configure the bridge to fall back to repeater mode.
configure the bridge to fall back to repeater mode.
•
CSCsa40861—Access points configured for a fallback role now assume the fallback role if the LAN
interface is down when they reboot.
interface is down when they reboot.
•
CSCsa52462—Access points configured for CKIP or CMIC now indicate CKIP and CMIC support
in beacons.
in beacons.
•
CSCsa59600—A document that describes how the Internet Control Message Protocol (ICMP) could
be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control
Protocol (TCP) has been made publicly available. This document has been published through the
Internet Engineering Task Force (IETF) Internet Draft process, and is entitled “ICMP Attacks
Against TCP” (draft-gont-tcpm-icmp-attacks-03.txt).
be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control
Protocol (TCP) has been made publicly available. This document has been published through the
Internet Engineering Task Force (IETF) Internet Draft process, and is entitled “ICMP Attacks
Against TCP” (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of
three types:
three types:
1. Attacks that use ICMP “hard” error messages. 2. Attacks that use ICMP “fragmentation needed
and Don’t Fragment (DF) bit set” messages, also known as Path Maximum Transmission Unit
Discovery (PMTUD) attacks. 3. Attacks that use ICMP “source quench” messages.
and Don’t Fragment (DF) bit set” messages, also known as Path Maximum Transmission Unit
Discovery (PMTUD) attacks. 3. Attacks that use ICMP “source quench” messages.
Successful attacks may cause connection resets or reduction of throughput in existing connections,
depending on the attack type.
depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are
workarounds available to mitigate the effects of the vulnerability.
workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at
.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security
Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple
vendors whose products are potentially affected. Its posting can be found at
Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple
vendors whose products are potentially affected. Its posting can be found at
•
CSCsa61263—Client devices assigned to a non-native VLAN and connected to a workgroup bridge
no longer lose their network connection when the workgroup bridge roams from one root device to
another.
no longer lose their network connection when the workgroup bridge roams from one root device to
another.
•
CSCsa64627—STP now functions properly when the native VLAN is not VLAN 1.
If You Need More Information
If you need information about a specific caveat that does not appear in these release notes, you can use
the Cisco Bug Toolkit to find caveats of any severity. Click this URL to browse to the Bug Toolkit:
the Cisco Bug Toolkit to find caveats of any severity. Click this URL to browse to the Bug Toolkit:
(If you request a defect that cannot be displayed, the defect number might not exist, the defect might not
yet have a customer-visible description, or the defect might be marked Cisco Confidential.)
yet have a customer-visible description, or the defect might be marked Cisco Confidential.)