Cisco Cisco Aironet 1310 Access Point Bridge 릴리즈 노트
16
Release Notes for Cisco Aironet 1310 Outdoor Access Point/Bridge for Cisco IOS Release 12.3(2)JA
OL-6723-01
Caveats
•
CSCed78149—A document that describes how the Internet Control Message Protocol (ICMP) could
be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control
Protocol (TCP) has been made publicly available. This document has been published through the
Internet Engineering Task Force (IETF) Internet Draft process, and is entitled “ICMP Attacks
Against TCP” (draft-gont-tcpm-icmp-attacks-03.txt).
be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control
Protocol (TCP) has been made publicly available. This document has been published through the
Internet Engineering Task Force (IETF) Internet Draft process, and is entitled “ICMP Attacks
Against TCP” (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of
three types:
three types:
1. Attacks that use ICMP “hard” error messages 2. Attacks that use ICMP “fragmentation needed
and Don’t Fragment (DF) bit set” messages, also known as Path Maximum Transmission Unit
Discovery (PMTUD) attacks 3. Attacks that use ICMP “source quench” messages
and Don’t Fragment (DF) bit set” messages, also known as Path Maximum Transmission Unit
Discovery (PMTUD) attacks 3. Attacks that use ICMP “source quench” messages
Successful attacks may cause connection resets or reduction of throughput in existing connections,
depending on the attack type.
depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are
workarounds available to mitigate the effects of the vulnerability.
workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at
.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security
Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple
vendors whose products are potentially affected. Its postings can be found at the website of Centre
for the Protection of National Infrastructure.
Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple
vendors whose products are potentially affected. Its postings can be found at the website of Centre
for the Protection of National Infrastructure.
•
CSCed84862—MAC authentication server is now configured via WDS when local MAC is
configured.
configured.
•
CSCed86456—TKIP/WPA has replay detection for links with concatenation enabled.
•
CSCed87329—Access points now use only one DHCP client identifier when they boot.
•
CSCed91130—When an 802.11g radio in an access point configured for use in Japan is set to
channel 14, you can no longer select Best Throughput for the data rate setting on the access point
GUI.
channel 14, you can no longer select Best Throughput for the data rate setting on the access point
GUI.
•
CSCed92054—The access point now uses the same MAC address format for both authentication and
accounting when sending MAC addresses to the RADIUS server.
accounting when sending MAC addresses to the RADIUS server.
•
CSCed21433—Entry fields on the access point GUI now accept all characters except the following:
“
]
+
/
Tab
Trailing space
]
+
/
Tab
Trailing space
•
CSCee09515—The Associations page on the access point GUI now includes all associated client
devices in its count of associated clients.
devices in its count of associated clients.
•
CSCee09624—The transmitted fragment counter on the access point now counts all transmitted
fragments.
fragments.
•
CSCee12053—Access points do not support the service compress-config command, and the
command has no effect on access points when you enter it.
command has no effect on access points when you enter it.
•
CSCee14096—If the access point is not configured as a local authenticator, the access point no
longer reboots when you enter the clear radius local-server user user command.
longer reboots when you enter the clear radius local-server user user command.