Cisco Cisco Aironet 350 Access Points
17
Release Notes for Cisco Aironet 350, 1100, and 1200 Series Access Points for Cisco IOS Release 12.2(15)JA
OL-5263-01
Caveats
•
CSCec72841—The ARP cache feature is now supported on repeater access points.
•
CSCec79193—The access point now correctly labels the priority field in 802.1q headers when
VLANs are configured and you use policy maps.
VLANs are configured and you use policy maps.
•
CSCec79626—The access point no longer runs out of memory when used as a local authenticator
on the wireless LAN.
on the wireless LAN.
•
CSCec86837—When a standby access point comes online, it now shuts down the radio ports on the
access point that it replaces.
access point that it replaces.
•
CSCec88829—The access point no longer executes the do command for virtual interfaces.
•
CSCec89492—Access points now return the correct number of associated clients when you poll the
CDot11ActiveWirelessClients MIB object.
CDot11ActiveWirelessClients MIB object.
•
CSCed00171—You can now configure up to 50 users on an access point acting as a local
authenticator.
authenticator.
•
CSCed16401—Access points no longer flap between switch ports.
•
CSCed27956—
A vulnerability in the Transmission Control Protocol (TCP) specification (RFC793) has been
discovered by an external researcher. The successful exploitation enables an adversary to reset any
established TCP connection in a much shorter time than was previously discussed publicly.
Depending on the application, the connection may get automatically re-established. In other cases,
a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending
upon the attacked protocol, a successful attack may have additional consequences beyond
terminated connection which must be considered. This attack vector is only applicable to the
sessions which are terminating on a device (such as a router, switch, or computer) and not to the
sessions that are only passing through the device (for example, transit traffic that is being routed by
a router). In addition, this attack vector does not directly compromise data integrity or
confidentiality.
discovered by an external researcher. The successful exploitation enables an adversary to reset any
established TCP connection in a much shorter time than was previously discussed publicly.
Depending on the application, the connection may get automatically re-established. In other cases,
a user will have to repeat the action (for example, open a new Telnet or SSH session). Depending
upon the attacked protocol, a successful attack may have additional consequences beyond
terminated connection which must be considered. This attack vector is only applicable to the
sessions which are terminating on a device (such as a router, switch, or computer) and not to the
sessions that are only passing through the device (for example, transit traffic that is being routed by
a router). In addition, this attack vector does not directly compromise data integrity or
confidentiality.
All Cisco products which contain TCP stack are susceptible to this vulnerability.
This advisory is available at
and it describes this vulnerability as it applies to Cisco products that run Cisco IOS® software.
A companion advisory that describes this vulnerability for products that do not run Cisco IOS
software is available at
software is available at
•
CSCed28709—The access point ARP-cache feature now works correctly on VLANs for which an
extended ACL is enabled.
extended ACL is enabled.
•
CSCed33428—The CLI help and the output for the show dot11 adjacent-ap command now indicate
that the list of adjacent access points is generated from information provided by Cisco Aironet client
devices that are configured for fast, secure roaming.
that the list of adjacent access points is generated from information provided by Cisco Aironet client
devices that are configured for fast, secure roaming.
•
CSCed35718—NAS shared keys are now stored correctly on access points configured as local
authenticators.
authenticators.
•
CSCed37061—The access point now sends the correct username in accounting records for
EAP-FAST clients.
EAP-FAST clients.