Cisco Cisco Aironet 350 Access Points
5
Release Notes for Cisco Aironet 340 and 350 Series Access Points and 350 Series Bridges Running Firmware Version 12.00T
OL-3346-01
New Features
Better Handling of Lost Ethernet
This feature allows a number of user-configurable actions to execute when an access point loses
backbone connectivity:
backbone connectivity:
•
No action—the access point continues to maintain associations with clients and manages traffic
between them, but traffic to the backbone is not passed. When the backbone is restored, the access
point begins passing traffic to and from the wired network.
between them, but traffic to the backbone is not passed. When the backbone is restored, the access
point begins passing traffic to and from the wired network.
•
Switch to repeater mode—the access point tries to connect to a root access point using any of the
configured SSIDs. If it cannot connect, all clients are disassociated and the access point removes
itself from the wireless network until connectivity is restored.
configured SSIDs. If it cannot connect, all clients are disassociated and the access point removes
itself from the wireless network until connectivity is restored.
•
Shut the radio off—all clients are disassociated and the access point removes itself from the wireless
network until backbone connectivity is restored.
network until backbone connectivity is restored.
•
Restrict client access to a specific SSID—the access point allows association using a restricted SSID
(for administrator troubleshooting and diagnosis purposes).
(for administrator troubleshooting and diagnosis purposes).
Improved Authentication Server Management
Authentication server management functions are improved with the addition of two new features:
•
Display of active authentication servers—For each authentication type: 802.1x/EAP, MAC, or
Admin Authentication (if enabled), the active server is identified by a green color.
Admin Authentication (if enabled), the active server is identified by a green color.
•
Automatic return to primary authentication server—If the selected RADIUS server (primary) is not
reachable after a predetermined period of time-out and retries, the access point uses the next server
listed. With this parameter set, when the primary server becomes reachable, the access point
automatically returns to it.
reachable after a predetermined period of time-out and retries, the access point uses the next server
listed. With this parameter set, when the primary server becomes reachable, the access point
automatically returns to it.
Secure Shell Support
Secure Shell (SSH) is an alternative to or a replacement for Telnet that is considered the standard
protocol for remote logins. SSH runs in the Application Layer of the TCP/IP stack. SSH clients make
SSH relatively easy to use and are available on most computers including those that run Windows or a
type of UNIX. SSH clients are also available on some handheld devices.
protocol for remote logins. SSH runs in the Application Layer of the TCP/IP stack. SSH clients make
SSH relatively easy to use and are available on most computers including those that run Windows or a
type of UNIX. SSH clients are also available on some handheld devices.
SSH provides a secure connection over the Internet providing strong user authentication. SSH protects
the privacy of transmitted data (such as passwords, binary data, and administrative commands) by
encrypting it. The following details are pertinent:
the privacy of transmitted data (such as passwords, binary data, and administrative commands) by
encrypting it. The following details are pertinent:
•
A maximum of one Telnet connection to the access point is allowed at one time.
•
A Telnet SSH request can preempt an active serial SSH connection.
Implementing an SSH connection involves the following:
•
SSH server on the access point listens to TCP port 22 for requests.
•
When a request from a client is received, the access point sends a password-only public key to the
client.
client.
•
The client generates a double-encrypted session key and requests authentication
When authentication is successful, all management traffic between the access point and client is
encrypted using the session key
encrypted using the session key