Cisco Cisco Aironet 350 Access Points 發佈版本通知
15
Release Notes for Cisco Aironet 350, 1100, and 1200 Series Access Points for Cisco IOS Release 12.2(13)JA
OL-4529-01
Caveats
•
CSCec60868—Changing the TKIP MIC failure holdoff time to a non-default value triggers the
holdoff timeout in these situations:
holdoff timeout in these situations:
–
Immediately after you set the timeout to a non-default value, the holdoff timeout is in effect and
clients cannot associate for the specified holdoff period. However, if you set the holdoff timeout
to the default value (60 seconds), the timeout is not triggered immediately after you set it.
clients cannot associate for the specified holdoff period. However, if you set the holdoff timeout
to the default value (60 seconds), the timeout is not triggered immediately after you set it.
–
When the AP reboots, the holdoff timeout is triggered and clients cannot associate until the
timeout expires. However, the timeout is not triggered after a reboot if the timeout is set to the
default value (60 seconds).
timeout expires. However, the timeout is not triggered after a reboot if the timeout is set to the
default value (60 seconds).
•
CSCin60014—An invalid configuration--WPA optional with the TKIP cipher--causes radio errors.
Workaround: If you configure the access point for WPA optional, use the TKIP + WEP 40 or
TKIP + WEP 128 ciphers.
TKIP + WEP 128 ciphers.
•
CSCec72841—The ARP cache feature is not supported on repeater access points.
•
CSCec73044—When WPA is configured on the access point, associated client devices occasionally
report MIC failures on packets from the access point.
report MIC failures on packets from the access point.
•
CSCec73037—Packet replay detection messages occasionally appear when a WPA client
reauthenticates to the access point. The client sometimes loses its connection to the access point, but
the client attempts to reconnect.
reauthenticates to the access point. The client sometimes loses its connection to the access point, but
the client attempts to reconnect.
Resolved Caveats
These caveats are resolved in Cisco IOS Release 12.2(13)JA:
•
CSCdu53656—A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is
vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol
is not enabled by default, and must be configured in order to accept traffic from an explicitly defined
peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be
difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol
is not enabled by default, and must be configured in order to accept traffic from an explicitly defined
peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be
difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, please refer to this
advisory, available at
advisory, available at
.
•
CSCea28131—A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is
vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol
is not enabled by default, and must be configured in order to accept traffic from an explicitly defined
peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be
difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol
is not enabled by default, and must be configured in order to accept traffic from an explicitly defined
peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be
difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, please refer to this
advisory, available at
advisory, available at
.
•
CSCdx45005, CSCeb84981, CSCeb87018—SSH now operates correctly with RADIUS
authentication and authorization.
authentication and authorization.
•
CSCea79363, CSCec03974, CSCec09390—The Compaq Wireless LAN Multiport W200 client
device now associates successfully to 1100 or 1200 series access points.
device now associates successfully to 1100 or 1200 series access points.
•
CSCea82021—When DNS is configured on the access point, the show running-config command
sometimes displays a server’s IP address instead of its name. This expected behavior is now
accurately described in the Cisco IOS Software Configuration Guide for Cisco Aironet Access
Points.
sometimes displays a server’s IP address instead of its name. This expected behavior is now
accurately described in the Cisco IOS Software Configuration Guide for Cisco Aironet Access
Points.