Guest

Cisco Aironet 1200 Series

Field Notice: LEAP and Broadcast Key Rotation Requires VLAN Config on AP1200


Updated January 16, 2003

January 9, 2003



Products Affected

  • AP 1200

Problem Description

Wireless clients using LEAP and Broadcast Key Rotation, who are associated to an access point with VLANs disabled, will lose connectivity with the access point after the second key rotation. The workaround is to enable VLANs, but this consequently prevents the use of Proxy Mobile IP on that device.

Background

Versions 12.0T and 12.1T of AP 1200 software are affected by this problem. Clients will associate to an access point, pass LEAP authentication, and send and receive traffic without incident. At some point, depending on the frequency of broadcast key rotation, connectivity to the AP will be lost, specifically after the second key rotation.

Access points that implement VLANs are not effected by this issue. A workaround to this problem is to enable VLANs and define a single VLAN for all traffic. This configuration results in the AP operating in the same fashion as having no VLANs enabled except that it will no longer lose connectivity with clients after the second key rotation.

One downside to the workaround is that Proxy Mobile IP can longer be configured on the AP since VLANs and PMIP are not currently supported on the same platform at the same time.

Problem Symptoms

Clients configured for LEAP and Broadcast Key Rotation remain associated to an Access Point but are no longer able to pass traffic.

Workaround/Solution

Either solution below will resolve this issue:

  1. Disable Broadcast Key Rotation.

  2. Create one VLAN and one SSID with the appropriate settings (those already in use on the AP), and enable VLANs. Designate it as the "native VLAN" and this will not require VLAN support on the attached switch.

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

DDTS

Description

CSCdz57782

Repeaters claim switching to repeater when parent down

CSCdz48575

Default Lost Ethernet action not appropriate

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods: