Cisco Cisco Aironet 1040 Series Access Point
15
Release Notes for Cisco Aironet Access Points and Bridges for Cisco IOS Releases 12.4(25d)JA and 12.3(8)JEE
OL-23880-01
Caveats
WLSM Required for Layer 3 Mobility
You must use a Wireless LAN Services Module (WLSM) as your WDS device in order to properly
configure Layer 3 mobility. If you enable Layer 3 mobility for an SSID and your WDS device does not
support Layer 3 mobility, client devices cannot associate using that SSID.
configure Layer 3 mobility. If you enable Layer 3 mobility for an SSID and your WDS device does not
support Layer 3 mobility, client devices cannot associate using that SSID.
The Cisco Aironet 1250 and 1140 Series Access Points Have a Hardware
Limitation
Limitation
The beacons on the Cisco Aironet 1250 and 1140 Access Points can only have output at intervals that
are multiples of 17 milliseconds. When these access points are configured for a 100 millisecond beacon
interval, they transmit beacons every 102 milliseconds. Similarly, when the beacon interval is configured
for 20 milliseconds, these access points transmit beacons every 17 milliseconds.
are multiples of 17 milliseconds. When these access points are configured for a 100 millisecond beacon
interval, they transmit beacons every 102 milliseconds. Similarly, when the beacon interval is configured
for 20 milliseconds, these access points transmit beacons every 17 milliseconds.
Potential RFC 3748 Violation
When the following command is configured under the SSID settings (for LEAP authentication):
authentication client username <WORD> password [0 | 7] <LINE>
If the first access-challenge returned by the Radius server after the access-request from the access point
is not for the LEAP method but for EAP-MD5, the acces point violates RFC 3748.
is not for the LEAP method but for EAP-MD5, the acces point violates RFC 3748.
Instead of sending an EAP NAK requesting LEAP authentication, the access point sends the user's
credentials with EAP-MD5 and drops the derived keys, since it cannot read the EAP-MD5 from the
access-accept.
credentials with EAP-MD5 and drops the derived keys, since it cannot read the EAP-MD5 from the
access-accept.
This violates RFC 3748.
The workaround for this is to use the commands
dot1x credentials
and
dot1x eap profile
for LEAP
authentication.
For configuration procedures, see Cisco IOS Software Configuration Guide for Cisco Aironet Access
Points, x.x.
Points, x.x.
Caveats
This section lists
for access points and bridges in Cisco IOS Release
12.4(25d)JA. For your convenience in locating caveats in Cisco’s Bug Toolkit, the caveat titles listed in
this section are drawn directly from the Bug Toolkit database. These caveat titles are not intended to be
read as complete sentences because the title field length is limited. In the caveat titles, some truncation
of wording or punctuation might be necessary to provide the most complete and concise description. The
only modifications made to these titles are as follows:
this section are drawn directly from the Bug Toolkit database. These caveat titles are not intended to be
read as complete sentences because the title field length is limited. In the caveat titles, some truncation
of wording or punctuation might be necessary to provide the most complete and concise description. The
only modifications made to these titles are as follows:
•
Commands are in boldface type.
•
Product names and acronyms may be standardized.
•
Spelling errors and typos may be corrected.