Cisco Cisco Aironet 350 Access Points
7
Release Notes for Cisco Aironet 340 and 350 Series Access Points and 350 Series Bridges Running VxWorks Firmware Version 12.04
OL-5157-01
Important Notes
Select WEP Key 1 as Transmit Key for EAP Authentication
If you use Network-EAP as the authentication type on your wireless network, you must select key 1 as
the transmit key on the access point or bridge AP Radio Data Encryption page. The access point or bridge
uses the WEP key you enter in key slot 1 to encrypt multicast and broadcast data signals that it sends to
EAP-enabled client devices. Because the access point or bridge transmits the WEP key used for multicast
messages to the EAP-enabled client device during the EAP authentication process, that key does not
have to appear in the EAP-enabled device’s WEP key list. The access point or bridge uses a dynamic
WEP key to encrypt unicast messages to EAP-enabled clients. When you set up a non-root bridge or
repeater access point to authenticate as a LEAP client, the bridge or repeater derives a dynamic WEP
key and uses it to communicate with the root bridge or access point. Bridges and repeaters not set up for
LEAP authentication use static WEP keys when communicating with other bridges and access points.
the transmit key on the access point or bridge AP Radio Data Encryption page. The access point or bridge
uses the WEP key you enter in key slot 1 to encrypt multicast and broadcast data signals that it sends to
EAP-enabled client devices. Because the access point or bridge transmits the WEP key used for multicast
messages to the EAP-enabled client device during the EAP authentication process, that key does not
have to appear in the EAP-enabled device’s WEP key list. The access point or bridge uses a dynamic
WEP key to encrypt unicast messages to EAP-enabled clients. When you set up a non-root bridge or
repeater access point to authenticate as a LEAP client, the bridge or repeater derives a dynamic WEP
key and uses it to communicate with the root bridge or access point. Bridges and repeaters not set up for
LEAP authentication use static WEP keys when communicating with other bridges and access points.
Note
If you do not use EAP authentication on your wireless network, you can select any WEP key as the
transmit key. If you use EAP authentication and you enable broadcast key rotation, you can enable WEP
without entering WEP keys.
transmit key. If you use EAP authentication and you enable broadcast key rotation, you can enable WEP
without entering WEP keys.
Important Notes
This section lists important information about access points and bridges running VxWorks firmware
version 12.04.
version 12.04.
MAC Address Filtering
Version 12.04 has added a new method of MAC address filtering. The filter is based on whether or not
the address is a client. A new “Client Disallowed” button on the Address Filters page allows users to
determine whether or not a client having a specific MAC address is allowed to associate to the access
point. Using the “Client Disallowed” feature prevents clients from assuming sensitive MAC addresses
on the user’s network.
the address is a client. A new “Client Disallowed” button on the Address Filters page allows users to
determine whether or not a client having a specific MAC address is allowed to associate to the access
point. Using the “Client Disallowed” feature prevents clients from assuming sensitive MAC addresses
on the user’s network.
Setting ACS Session Timeout
Version 12.04 has added a MAC authentication timeout featurette which is used in conjunction with
MAC authentication caching. It enables administrators to control MAC authentication session time in
seconds by configuring the ACS with RADIUS attribute Session-Timeout (27). When the session time
expires, the access point deauthenticates the client and removes the cached MAC authenticated entry.
When the client re-associates, the access point performs a MAC authentication operation with the ACS.
MAC authentication caching. It enables administrators to control MAC authentication session time in
seconds by configuring the ACS with RADIUS attribute Session-Timeout (27). When the session time
expires, the access point deauthenticates the client and removes the cached MAC authenticated entry.
When the client re-associates, the access point performs a MAC authentication operation with the ACS.
Note
This featurette addresses resolved caveats CSCec08844, CSCec35327, and CSCeb61728.