Cisco Cisco Aironet 1200 Access Point 릴리즈 노트
9
Release Notes for Cisco Aironet 1200 Series Access Points Running Firmware Version 12.02T1
OL-3867-01
Important Notes
Cisco Discovery Protocol Re-Enabled for Individual Interfaces on Reboot
The Cisco Discovery Protocol (CDP) feature is enabled by default, and CDP is enabled for each of the
access point’s CDP-relevant interfaces by default. However, if you disable CDP for one of the individual
interfaces, the access point re-enables CDP for that interface when it reboots. If you disable CDP
completely, the access point does not re-enable CDP on reboot.
access point’s CDP-relevant interfaces by default. However, if you disable CDP for one of the individual
interfaces, the access point re-enables CDP for that interface when it reboots. If you disable CDP
completely, the access point does not re-enable CDP on reboot.
Centralized Authentication Administration System Flow Notes
The following information briefly explains the flow between the access point and its authentication
server. This information was inadvertently omitted from the Cisco Aironet 340 and 350 Series Access
Point Software Configuration Guide.
server. This information was inadvertently omitted from the Cisco Aironet 340 and 350 Series Access
Point Software Configuration Guide.
•
The authentication server is initialized to listen for socket requests on the predetermined UDP or
TCP ports specified on the Authenticator Configuration page (UDP 1812 for RADIUS servers or
TCP 49 for TACAS+ servers).
TCP ports specified on the Authenticator Configuration page (UDP 1812 for RADIUS servers or
TCP 49 for TACAS+ servers).
•
The authentication server must be preconfigured with valid usernames and passwords and the shared
secret key the server uses for secure authentication between it and the access point.
secret key the server uses for secure authentication between it and the access point.
•
No remote server authentication is possible with a new access point unless it has been configured
by the user.
by the user.
•
The access point requires the following parameters to access the remote authentication servers,
which were described in the procedure above:
which were described in the procedure above:
–
Remote server authentication—accomplished by configuring or not configuring the
authentication server to send requests
authentication server to send requests
–
IP address of the authentication server(s)
–
Secret key to be shared with the authentication server(s)
–
Selection of RADIUS or TACACS+ server indication
–
Default UDP or TCP port ID used for authentication
–
Timeout value while waiting for a server response
The administrator attempts to log in to the access point using any HTML capable browser on a wireless
or wired network. The access point receives the authentication request and checks the local database of
users to verify that the request is accompanied by a valid username and password.
or wired network. The access point receives the authentication request and checks the local database of
users to verify that the request is accompanied by a valid username and password.
If the user is not found on the local list, or if local authentication fails (user found, but incorrect
password), the access point determines whether a remote authentication server is configured to handle
authentication requests. If it is, the access point sends an authentication request to the first remote
authentication server and waits for the server to reply or timeout. This asynchronous request is sent to
either a TACACS + or RADIUS server using a client interface and protocol appropriate for the target
server. The password for the administrator requesting authentication is encrypted using an MD5 hash
function and sent to the server. The password is never sent to the server in clear text.
password), the access point determines whether a remote authentication server is configured to handle
authentication requests. If it is, the access point sends an authentication request to the first remote
authentication server and waits for the server to reply or timeout. This asynchronous request is sent to
either a TACACS + or RADIUS server using a client interface and protocol appropriate for the target
server. The password for the administrator requesting authentication is encrypted using an MD5 hash
function and sent to the server. The password is never sent to the server in clear text.
If the server does not respond, a timeout occurs prompting the access point to check for an additional
configured authentication server. If it finds a server, the access point sends an authentication request to
that server. Additional servers are contacted until one of the following events occurs:
configured authentication server. If it finds a server, the access point sends an authentication request to
that server. Additional servers are contacted until one of the following events occurs:
•
A configured server responds accepting or rejecting the request.
•
A final timeout occurs on the last configured server.