Cisco Cisco Aironet 1040 Series Access Point
16
Release Notes for Cisco Aironet Access Points and Bridges for Cisco IOS Release 15.2(2)JB6
Important Notes
Hardware Limitation in Cisco Aironet 1250 and 1140 Series Access Points
The beacons on the Cisco Aironet 1250 and 1140 access points can only have output at intervals that are
multiples of 17 milliseconds. When these access points are configured for a 100-millisecond beacon
interval, they transmit beacons every 102 milliseconds. Similarly, when the beacon interval is configured
for 20 milliseconds, these access points transmit beacons every 17 milliseconds.
multiples of 17 milliseconds. When these access points are configured for a 100-millisecond beacon
interval, they transmit beacons every 102 milliseconds. Similarly, when the beacon interval is configured
for 20 milliseconds, these access points transmit beacons every 17 milliseconds.
Potential RFC 3748 Violation
When the following command is configured under the SSID settings (for LEAP authentication):
authentication client username <WORD> password [0 | 7] <LINE>
if the first access-challenge returned by the Radius server after the access-request from the access point
is not for the LEAP method but for EAP-MD5, the access point violates RFC 3748.
is not for the LEAP method but for EAP-MD5, the access point violates RFC 3748.
Instead of sending an EAP NAK requesting LEAP authentication, the access point sends the user's
credentials with EAP-MD5 and drops the derived keys, since it cannot read the EAP-MD5 from the
access-accept.
credentials with EAP-MD5 and drops the derived keys, since it cannot read the EAP-MD5 from the
access-accept.
This violates RFC 3748.
The workaround for this is to use the commands
dot1x credentials
and
dot1x eap profile
for LEAP
authentication.
For configuration procedures, see the Cisco IOS Software Configuration Guide for Cisco Aironet Access
Points.
Points.
Autonomous Ap Will Treat The Sub-interface Tied To Bridge-group 1 As The
Native Vlan
Native Vlan
When using a configuration on an autonomous AP where there is no native VLAN defined, each
interface is being dot1q tagged, communication will fail after upgrading to 15.2(2)JA or later. It appears
that the configuration is still correct after the upgrade, but the AP sends the untagged frames for
bridge-group 1, even though the encapsulation is not defined as native. The autonomous AP will treat
the sub-interface tied to bridge-group 1 as the native VLAN, even if it is not defined with the native
keyword: "encapsulation dot1 <vlan> native". The VLAN associated with bridge-group 1 must be set to
native on the connecting switchport configuration
interface is being dot1q tagged, communication will fail after upgrading to 15.2(2)JA or later. It appears
that the configuration is still correct after the upgrade, but the AP sends the untagged frames for
bridge-group 1, even though the encapsulation is not defined as native. The autonomous AP will treat
the sub-interface tied to bridge-group 1 as the native VLAN, even if it is not defined with the native
keyword: "encapsulation dot1 <vlan> native". The VLAN associated with bridge-group 1 must be set to
native on the connecting switchport configuration
The workaround for this is to configure VLAN 100 as the native VLAN on the connected switchport
trunk, even though the encapsulation is not specified as native on the AP.
trunk, even though the encapsulation is not specified as native on the AP.
DHCP Failure When Access Point Renewal Time Is Greater Than Rebind Time
An access point is unable to obtain IP via same IOS DHCP server when the access point is running on
15.2x and the WLC has been upgraded from 7.2 to 7.3 or 7.4. The problem occurs because the Renewal
(T1) time dhcp option 58 is larger than Rebinding (T2) time dhcp option 59.
15.2x and the WLC has been upgraded from 7.2 to 7.3 or 7.4. The problem occurs because the Renewal
(T1) time dhcp option 58 is larger than Rebinding (T2) time dhcp option 59.