Cisco Cisco Aironet 1552S Outdoor Access Point Notas de publicación
15
Release Notes for Cisco Aironet Access Points and Bridges for Cisco IOS Release 15.2(4)JA
OL-29224-01
Important Notes
authentication client username <WORD> password [0 | 7] <LINE>
if the first access-challenge returned by the Radius server after the access-request from the access point
is not for the LEAP method but for EAP-MD5, the access point violates RFC 3748.
is not for the LEAP method but for EAP-MD5, the access point violates RFC 3748.
Instead of sending an EAP NAK requesting LEAP authentication, the access point sends the user's
credentials with EAP-MD5 and drops the derived keys, since it cannot read the EAP-MD5 from the
access-accept.
credentials with EAP-MD5 and drops the derived keys, since it cannot read the EAP-MD5 from the
access-accept.
This violates RFC 3748.
The workaround for this is to use the commands
dot1x credentials
and
dot1x eap profile
for LEAP
authentication.
For configuration procedures, see the Cisco IOS Software Configuration Guide for Cisco Aironet Access
Points.
Points.
Autonomous AP Will Treat The Sub-interface Tied To Bridge-group1 As The
Native Vlan
Native Vlan
When using a configuration on an autonomous AP where there is no native VLAN defined, each
interface is being dot1q tagged, communication will fail after upgrading to 15.2(2)JA or later. It appears
that the configuration is still correct after the upgrade, but the AP sends the untagged frames for
bridge-group 1, even though the encapsulation is not defined as native. The autonomous AP will treat
the sub-interface tied to bridge-group 1 as the native VLAN, even if it is not defined with the native
keyword: "encapsulation dot1 <vlan> native". The VLAN associated with bridge-group 1 must be set to
native on the connecting switchport configuration
interface is being dot1q tagged, communication will fail after upgrading to 15.2(2)JA or later. It appears
that the configuration is still correct after the upgrade, but the AP sends the untagged frames for
bridge-group 1, even though the encapsulation is not defined as native. The autonomous AP will treat
the sub-interface tied to bridge-group 1 as the native VLAN, even if it is not defined with the native
keyword: "encapsulation dot1 <vlan> native". The VLAN associated with bridge-group 1 must be set to
native on the connecting switchport configuration
The workaround for this is to configure VLAN 100 as the native VLAN on the connected switchport
trunk, even though the encapsulation is not specified as native on the AP.
trunk, even though the encapsulation is not specified as native on the AP.
IP Routing Enabled By Default
IP routing is enabled by default in 15.2(2)JB. This default configuration will render ip default-gateway
statements inoperable. The workaround is to disable ip routing globally (config t, no ip routing),
configure a default route instead of a default-gateway (e.g. config t, ip route 0.0.0.0 0.0.0.0
<default-gateway> ), or disable IP routing using the following cli command:
statements inoperable. The workaround is to disable ip routing globally (config t, no ip routing),
configure a default route instead of a default-gateway (e.g. config t, ip route 0.0.0.0 0.0.0.0
<default-gateway> ), or disable IP routing using the following cli command:
no ip routing
DHCP Failure When Access Point Renewal Time Is Greater Than Rebind Time
An access point is unable to obtain IP through the same IOS DHCP server when the access point is
running on 15.2x and the WLC has been upgraded from 7.2 to 7.3 or 7.4. The problem occurs because
the Renewal (T1) time dhcp option 58 is larger than Rebinding (T2) time dhcp option 59.
running on 15.2x and the WLC has been upgraded from 7.2 to 7.3 or 7.4. The problem occurs because
the Renewal (T1) time dhcp option 58 is larger than Rebinding (T2) time dhcp option 59.
Configuring the radius server using the old cli
This cli command was used in the previous releases to configure radius servers: