Cisco Cisco Aironet 350 Access Points Notas de publicación
13
Release Notes for Cisco Aironet 350, 1100, and 1200 Series Access Points for Cisco IOS Release 12.2(13)JA1
OL-5170-01
Caveats
When Cipher is TKIP Only, Key Management Must Be Enabled
When you configure TKIP-only cipher encryption (not TKIP + WEP 128 or TKIP + WEP 40) on any
radio interface or VLAN, every SSID on that radio or VLAN must be set to use WPA or CCKM key
management. If you configure TKIP on a radio or VLAN but you do not configure key management on
the SSIDs, client authentication fails on the SSIDs.
radio interface or VLAN, every SSID on that radio or VLAN must be set to use WPA or CCKM key
management. If you configure TKIP on a radio or VLAN but you do not configure key management on
the SSIDs, client authentication fails on the SSIDs.
Cisco CKM Supports Spectralink Phones
Cisco CKM (CCKM) key management is designed to support voice clients that require minimal roaming
times. To date, CCKM supports only Spectralink Wireless Phones. Other voice clients have not been
tested with CCKM and are not supported.
times. To date, CCKM supports only Spectralink Wireless Phones. Other voice clients have not been
tested with CCKM and are not supported.
WPA Migration Mode Not Supported on Cisco Aironet Client Devices
The WPA feature for Cisco Aironet client adapters as installed with Install Wizard version 1.2 does not
support WPA Migration Mode. However, Cisco IOS Releases 12.2(11)JA and later support WPA
Migration Mode for non-Cisco Aironet client devices.
support WPA Migration Mode. However, Cisco IOS Releases 12.2(11)JA and later support WPA
Migration Mode for non-Cisco Aironet client devices.
Cisco Aironet client adapters do support WPA Authenticated Key Management. To support Cisco
Aironet clients with WPA, the access point SSID must be configured only for the WPA TKIP cipher. The
following cipher suites, which support migration mode, are not supported by Cisco Aironet WPA clients:
Aironet clients with WPA, the access point SSID must be configured only for the WPA TKIP cipher. The
following cipher suites, which support migration mode, are not supported by Cisco Aironet WPA clients:
•
TKIP + WEP128
•
TKIP + WEP40
To support both Cisco Aironet WPA clients and non-WPA clients, you must configure separate VLANs:
a VLAN with encryption mode TKIP to support Cisco Aironet WPA clients, and a VLAN with a WEP
encryption mode that supports non-WPA clients.
a VLAN with encryption mode TKIP to support Cisco Aironet WPA clients, and a VLAN with a WEP
encryption mode that supports non-WPA clients.
Non-Cisco Aironet Clients Sometimes Fail 802.1x Authentication
Some non-Cisco Aironet client adapters do not perform 802.1x authentication to the access point unless
you configure Open authentication with EAP. To allow both Cisco Aironet clients using LEAP and
non-Cisco Aironet clients using LEAP to associate using the same SSID, you might need to configure
the SSID for both Network EAP authentication and Open authentication with EAP.
you configure Open authentication with EAP. To allow both Cisco Aironet clients using LEAP and
non-Cisco Aironet clients using LEAP to associate using the same SSID, you might need to configure
the SSID for both Network EAP authentication and Open authentication with EAP.
Caveats
This section lists open and resolved caveats in Cisco IOS Release 12.2(13)JA1.
Open Caveats
These caveats are open in Cisco IOS Release 12.2(13)JA1:
•
CSCeb02792—The 802.11a radio in 1200 series access points sometimes erroneously reports 100%
busy for all frequencies when you run the Carrier Busy test.
busy for all frequencies when you run the Carrier Busy test.