Примечания к выпуску для Cisco Cisco 2106 Wireless LAN Controller
57
Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 5.2.193.0
OL-31336-01
Caveats
Then you can enter any IOS CLI command using the following syntax:
> debug ap command COMMAND APname
•
CSCta05979—LDAP authentication fails when the base DN is set to the DC itself (to the root of the
tree). This issue occurs when the controller does LDAP directly, without an ACS, and when the
server is the Active Directory.
tree). This issue occurs when the controller does LDAP directly, without an ACS, and when the
server is the Active Directory.
Workaround: Set a more precise DN.
•
CSCta17745—When IGMP snooping is disabled on the controller, wireless clients connected to any
controller port stop receiving multicast traffic when you change the dynamic AP-manager interface
port configuration. Both multicast-unicast mode and multicast-multicast mode are affected, but
unicast traffic to the client is not impacted by this problem. Lag configurations are also not impacted
by this problem.
controller port stop receiving multicast traffic when you change the dynamic AP-manager interface
port configuration. Both multicast-unicast mode and multicast-multicast mode are affected, but
unicast traffic to the client is not impacted by this problem. Lag configurations are also not impacted
by this problem.
Workaround: Reboot the controller or enable IGMP snooping.
•
CSCta28320—When you enter the show ap summary command on the controller CLI while a large
number of access points are joining the controller, the controller sometimes reboots.
number of access points are joining the controller, the controller sometimes reboots.
Workaround: None.
•
CSCta29875—2106 controllers sometimes reboot when TACACS accounting is enabled and you
enter the config mesh backhaul rate-adapt command.
enter the config mesh backhaul rate-adapt command.
Workaround: Disable TACACS accounting before you enter config backhaul rate-adapt on the
controller CLI.
controller CLI.
•
CSCta30925—Extremely high levels of traffic on the network can trigger the software watchdog on
2106 controllers and cause the controller to reboot.
2106 controllers and cause the controller to reboot.
Workaround: None.
•
CSCta33327—In a point-to-multipoint Mesh deployment with specific BGNs assigned between
RAP and MAP access points, traffic fails to resume after this sequence of events:
RAP and MAP access points, traffic fails to resume after this sequence of events:
–
The MAP access point loses contact with the initial RAP.
–
The MAP joins another RAP that does have the same BGN.
–
The initial RAP comes back online.
–
The MAP rejoins the initial RAP, but traffic does not resume properly.
Workaround: Reset the access points.
Resolved Caveats
These caveats are resolved in controller software release 5.2.193.0:
•
CSCek49781—When you use the lightweight access point 802.1X wired supplicant with
EAP-FAST and in-band PAC provisioning, the access point fails to refresh the tunnel PAC when it
expires and loses connectivity to the network.
EAP-FAST and in-band PAC provisioning, the access point fails to refresh the tunnel PAC when it
expires and loses connectivity to the network.
•
CSCsk64158—Several features within Cisco IOS software are affected by a crafted UDP packet
vulnerability. If any of the affected features are enabled, a successful attack results in a blocked input
queue on the inbound interface. Only crafted UDP packets destined for the device could result in the
interface being blocked; transit traffic does not block the interface. Cisco has released free software
updates that address this vulnerability. Workarounds that mitigate this vulnerability are available in
the workarounds section of the advisory. This advisory is posted at the following link:
vulnerability. If any of the affected features are enabled, a successful attack results in a blocked input
queue on the inbound interface. Only crafted UDP packets destined for the device could result in the
interface being blocked; transit traffic does not block the interface. Cisco has released free software
updates that address this vulnerability. Workarounds that mitigate this vulnerability are available in
the workarounds section of the advisory. This advisory is posted at the following link: