Cisco Cisco Aironet 1200 Access Point Notas de publicación
21
Release Notes for Cisco Aironet 350, 1100, 1130AG, 1200, and 1230AG Series Access Points for Cisco IOS Release 12.3(4)JA1
OL-8215-01
Caveats
•
CSCeg64999—Access points now support EAP-SIM authentication.
•
CSCeg70288—On 1200 series access points, tracebacks no longer occur when you enter the
no dot11 arp-cache command when ARP caching is already disabled.
no dot11 arp-cache command when ARP caching is already disabled.
•
CSCeg81122—You can now use the access point GUI to upload a configuration file larger than
9 KB.
9 KB.
•
CSCeg82564—The encryption mode cipher command now requires you to specify a cipher.
•
CSCeg84849—Access points now correctly add a configured IP address to the env_vars file.
•
CSCeh06200—With TACACS configured, administrators can now log into the access point GUI
when idle time is configured on the TACACS server.
when idle time is configured on the TACACS server.
•
CSCeh08952—Access points now correctly filter traffic through the TCP port when an IP filter is
configured.
configured.
•
CSCeh09384—Access points with 5-GHz radios no longer display this error when a client device
associates using WPA-LEAP:
associates using WPA-LEAP:
*Mar 1 00:55:20.083: %DOT11-4-TKIP_MIC_FAILURE_REPORT: Received TKIP Michael MIC
failure report from the station 000a.b7df.1943 on the packet (TSC=0x7507000000000000)
encrypted and protected by group key.
•
CSCsa40861—Access points configured for a fallback role now assume the fallback role if the LAN
interface is down when they reboot.
interface is down when they reboot.
•
CSCsa48698—Access points now correctly block associations from client devices denied access
through the dot11 association command.
through the dot11 association command.
•
CSCsa50495—Client devices using the Soliton 1xGATE EAP supplicant can now authenticate when
an access point switches from a failed WDS device to a fallback WDS device.
an access point switches from a failed WDS device to a fallback WDS device.
•
CSCsa50951—Access points no longer reach maximum CPU usage when you poll or query them
using an SNMP walk utility.
using an SNMP walk utility.
•
CSCsa51868—When a client device sends an ARP request to an access point configured for ARP
caching, the access point no longer indicates that the client IP address is mapped to the access point
MAC address.
caching, the access point no longer indicates that the client IP address is mapped to the access point
MAC address.
•
CSCsa52462—Access points configured for CKIP or CMIC now indicate CKIP and CMIC support
in beacons.
in beacons.
•
CSCsa54203—An access point configured as a backup WDS device no longer reboots when it
becomes the primary WDS device.
becomes the primary WDS device.
•
CSCsa59600—A document that describes how the Internet Control Message Protocol (ICMP) could
be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control
Protocol (TCP) has been made publicly available. This document has been published through the
Internet Engineering Task Force (IETF) Internet Draft process, and is entitled “ICMP Attacks
Against TCP” (draft-gont-tcpm-icmp-attacks-03.txt).
be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control
Protocol (TCP) has been made publicly available. This document has been published through the
Internet Engineering Task Force (IETF) Internet Draft process, and is entitled “ICMP Attacks
Against TCP” (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of
three types:
three types:
1. Attacks that use ICMP “hard” error messages
2. Attacks that use ICMP “fragmentation needed and Don’t Fragment (DF) bit set” messages, also
known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP “source quench” messages
2. Attacks that use ICMP “fragmentation needed and Don’t Fragment (DF) bit set” messages, also
known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP “source quench” messages
Successful attacks may cause connection resets or reduction of throughput in existing connections,
depending on the attack type.
depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.