Cisco Cisco Aironet 1200 Access Point 發佈版本通知
20
Release Notes for Cisco Aironet 350, 1100, 1130AG, 1200, and 1230AG Series Access Points for Cisco IOS Release 12.3(4)JA1
OL-8215-01
Caveats
•
CSCec12884—The AAA user command authorization no longer fails through HTTP access.
•
CSCee42617—Users are now correctly authenticated through the RADIUS server, and accounting
information is sent to the RADIUS server.
information is sent to the RADIUS server.
•
CSCee87287—Access points no longer fail to generate accounting records when a wireless client is
re-authenticated on an automatic interval (for example, when the access point is configured using
the dot1x reauthentication seconds command).
re-authenticated on an automatic interval (for example, when the access point is configured using
the dot1x reauthentication seconds command).
•
CSCee93036—Access points now support the archive upload rcp:/hostname/file-path command.
•
CSCef43007—Logging system messages to the console is now disabled by default on 1100 series
access points.
access points.
•
CSCef50742—Clients no longer fail 802.1X authentication through Cisco Catalyst 2950 and 3750
switches due to changing State (24) Field values.
switches due to changing State (24) Field values.
•
CSCef60659—A document that describes how the Internet Control Message Protocol (ICMP) could
be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control
Protocol (TCP) has been made publicly available. This document has been published through the
Internet Engineering Task Force (IETF) Internet Draft process, and is entitled “ICMP Attacks
Against TCP” (draft-gont-tcpm-icmp-attacks-03.txt).
be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control
Protocol (TCP) has been made publicly available. This document has been published through the
Internet Engineering Task Force (IETF) Internet Draft process, and is entitled “ICMP Attacks
Against TCP” (draft-gont-tcpm-icmp-attacks-03.txt).
These attacks, which only affect sessions terminating or originating on a device itself, can be of
three types:
three types:
1. Attacks that use ICMP “hard” error messages
2. Attacks that use ICMP “fragmentation needed and Don’t Fragment (DF) bit set” messages, also
known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP “source quench” messages
2. Attacks that use ICMP “fragmentation needed and Don’t Fragment (DF) bit set” messages, also
known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP “source quench” messages
Successful attacks may cause connection resets or reduction of throughput in existing connections,
depending on the attack type.
depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are
workarounds available to mitigate the effects of the vulnerability.
workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at
.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security
Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple
vendors whose products are potentially affected. Its posting can be found at:
http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple
vendors whose products are potentially affected. Its posting can be found at:
http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
CSCef65076—The access point GUI no longer reports a Bad Request error when you enter a
RADIUS server hostname on the access point.
RADIUS server hostname on the access point.
•
CSCef75364—350 series access points now support the exception crashinfo command.
•
CSCef78627—The access point no longer reports an incorrect transmit power value for the 802.11a
radio when you change the external antenna position from high-gain to low-gain or from low-gain
to high-gain while the access point is on.
radio when you change the external antenna position from high-gain to low-gain or from low-gain
to high-gain while the access point is on.
•
CSCef89795—Access points no longer send IAPP traffic on the wrong VLAN when layer 3 mobility
is enabled.
is enabled.
•
CSCeg01125—The show crypto engine qos command no longer reboots the access point when
SSH is enabled.
SSH is enabled.
•
CSCeg42686—Client devices using 5-GHz radios now successfully communicate with the access
point at up to 54 Mbps.
point at up to 54 Mbps.