Cisco Cisco Aironet 1310 Access Point Bridge
14
Release Notes for Cisco Aironet 1300 Series Outdoor Access Point/Bridge for Cisco IOS Release 12.3(4)JA2
OL-8216-01
Caveats
Resolved Caveats in Cisco IOS Release 12.3(4)JA
These caveats are resolved in Cisco IOS Release 12.3(4)JA for the access point/bridge:
•
CSCee90230—Traceback no longer occurs at reboot when access point is configured for TACACS+
administrator authentication.
administrator authentication.
•
CSCeb82510—You can now configure authentication, authorization, and accounting (AAA)
methods for telnet and HTTP independent of the console.
methods for telnet and HTTP independent of the console.
•
CSCec12884—The AAA user command authorization no longer fails through HTTP access.
•
CSCee42617—Users are now correctly authenticated through the RADIUS server, and accounting
information is sent to the RADIUS server.
information is sent to the RADIUS server.
•
CSCee87287—Access points no longer fail to generate accounting records when a wireless client is
re-authenticated on an automatic interval (for example, when the access point is configured using
the dot1x reauthentication seconds command).
re-authenticated on an automatic interval (for example, when the access point is configured using
the dot1x reauthentication seconds command).
•
CSCef11167—Response value of 4294967292 when polling Dot11ActiveWireless Clients via
SNMP no longer occurs.
SNMP no longer occurs.
•
CSCef45010—The GUI now performs normally when half duplex and a specified speed are part of
its configuration.
its configuration.
•
CSCef60659—A document that describes how the Internet Control Message Protocol (ICMP) could
be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control
Protocol (TCP) has been made publicly available. This document has been published through the
Internet Engineering Task Force (IETF) Internet Draft process, and is entitled “ICMP Attacks
Against TCP” (draft-gont-tcpm-icmp-attacks-03.txt).
be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control
Protocol (TCP) has been made publicly available. This document has been published through the
Internet Engineering Task Force (IETF) Internet Draft process, and is entitled “ICMP Attacks
Against TCP” (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of
three types:
three types:
1. Attacks that use ICMP “hard” error messages. 2. Attacks that use ICMP “fragmentation needed
and Don’t Fragment (DF) bit set” messages, also known as Path Maximum Transmission Unit
Discovery (PMTUD) attacks. 3. Attacks that use ICMP “source quench” messages.
and Don’t Fragment (DF) bit set” messages, also known as Path Maximum Transmission Unit
Discovery (PMTUD) attacks. 3. Attacks that use ICMP “source quench” messages.
Successful attacks may cause connection resets or reduction of throughput in existing connections,
depending on the attack type.
depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are
workarounds available to mitigate the effects of the vulnerability.
workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at
.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security
Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple
vendors whose products are potentially affected. Its posting can be found at
Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple
vendors whose products are potentially affected. Its posting can be found at
.
•
CSCef65076—The access point GUI no longer reports a Bad Request error when you enter a
RADIUS server hostname on the access point.
RADIUS server hostname on the access point.
•
CSCef89795—Access points no longer send IAPP traffic on the wrong VLAN when layer 3 mobility
is enabled.
is enabled.
•
CSCeg64999—Access points now support EAP-SIM authentication.
•
CSCeg87391—Bridges now display temperature correctly when you enter the show env command.