Guest

Cisco Aironet 1400 Series

Release Notes for Cisco Aironet 1410 Bridges for Cisco IOS Release 12.3(2)JA6

  • Viewing Options

  • PDF (242.3 KB)
  • Feedback
Release Notes for Cisco Aironet 1410 Bridges for Cisco IOS Release 12.3(2)JA6

Table Of Contents

Release Notes for Cisco Aironet 1410 Bridges
for Cisco IOS Release 12.3(2)JA6

Contents

Introduction

System Requirements

Finding the Software Version

Upgrading to a New Software Release

New Features

HTTPS - HTTP with SSL 3.0

HTTP Web Server v1.1

Installation Notes

Bridge Installation

Stacking Bridges

Important Notes

Default SSID and Distance Settings Change When You Change Role in Radio Network

Default Encryption Key 2 Is Set by Bridge

Limitation to PAgP Redundancy on Switches Connected by Bridge Links

CLI Command power client n Is Not Supported

Default Infrastructure SSID

ARP Table Is Corrupted When Multiple BVIs Are Configured

Bridge Power Up LED Colors

Bridge Cannot Detect Invalid Software When Using copy Command

New Express Security Page Simplifies Security Setup

Telnet Session Sometimes Hangs or Will Not Start During Heavy Traffic

Caveats

Open Caveats

Resolved Caveats in Cisco IOS Release 12.3(2)JA6

Resolved Caveats in Cisco IOS Release 12.3(2)JA5

Resolved Caveats in Cisco IOS Release 12.3(2)JA

Troubleshooting

Documentation Updates

Optional Antenna Clarification

Stacking Bridges Section Changes

Related Documentation

Obtaining Documentation and Submitting a Service Request


Release Notes for Cisco Aironet 1410 Bridges
for Cisco IOS Release 12.3(2)JA6


April 3, 2006

These release notes describe open and resolved caveats for Cisco IOS Release 12.3(2)JA6. They also provide important information about the Cisco Aironet 1410 Bridge (hereafter called bridge).

Contents

These release notes contain the following sections:

Introduction

System Requirements

New Features

Installation Notes

Important Notes

Caveats

Troubleshooting

Documentation Updates

Related Documentation

Obtaining Documentation and Submitting a Service Request

Introduction

The Cisco Aironet 1400 Series Bridge is a wireless device designed for building-to-building wireless connectivity. Operating in the 5.8-GHz UNII 3 band (5725 to 5825 MHz), derived from the 802.11a standard, the bridge delivers 6 to 54 Mbps data rates without the need for a license. The bridge is a self-contained unit designed for outdoor installations, providing differing antenna gains as well as coverage patterns and supports both point-to-point and point-to-multipoint configurations.

The bridge uses a browser-based management system, but you can also configure the bridge using the command-line interface (CLI) through a Telnet session, Cisco IOS commands, or Simple Network Management Protocol (SNMP).

Cisco IOS Release 12.3(2)JA6 supports the features and bug fixes included in Cisco IOS Releases 12.3(2)JA, 12.3(2)JA1, 12.3(2)JA2, and 12.3(2)JA5.

System Requirements

You can install Cisco IOS Release 12.3(2)JA6 on all 1400 series bridges.

Finding the Software Version

To find the version of Cisco IOS software running on your bridge, use a Telnet session to log into the bridge and enter the show version EXEC command. This example shows command output from a bridge running Cisco IOS Release 12.2(13)JA2:

bridge> show version
Cisco Internetwork Operating System Software
IOS (tm) C1410 Software (C1410-K9W7-M), Version 12.2(13)JA2
Copyright (c) 1986-2003 by Cisco Systems, Inc.
 
   

You can also find the software version on the System Software Version page in the bridge's web-browser interface.

Upgrading to a New Software Release

For instructions on installing bridge software:

1. Click this link to go to the Product/Technology Support page:

http://www.cisco.com/cisco/web/psa/default.html

Choose Wireless > Outdoor Wireless > Cisco Aironet 1400 Series, scroll down and click Configure Guides.

2. Click this link to browse to the Cisco IOS Software Center on Cisco.com:

http://www.cisco.com/cisco/software/navigator.html

On the Web page, log in to access the Feature Navigator or the Cisco IOS Upgrade Planner, or click Wireless Software to go to the Wireless LAN Software page.

New Features

Cisco IOS Release 12.3(2)JA6 does not include new features. It supports the features included in release 12.3(2)JA. This section lists the new features in Cisco IOS Release 12.3(2)JA.

HTTPS - HTTP with SSL 3.0

This feature supports a Secure Sockets Layer (SSL)/Secure Hypertext Transfer Protocol (HTTPS) method of managing Cisco Aironet access points via a Web browser using HTTP.

HTTP Web Server v1.1

This feature provides a consistent interface for users and applications by implementing the HTTP 1.1 standard (see RFC 2616). In previous releases, Cisco software supported only a partial implementation of HTTP 1.0. The integrated HTTP Server API supports server application interfaces. When combined with the HTTPS and HTTP 1.1 Client features, provides a complete, secure solution for HTTP services to and from Cisco devices.

Installation Notes

This section contains important information to keep in mind when installing your bridge.

Bridge Installation

The bridge is available in two configurations:

Integrated antenna bridge (with 22.5-dBi directional antenna)

External antenna bridge (with antenna connector for use with an external antenna)


Note To meet regulatory restrictions, the external antenna bridge configuration and the external antenna must be professionally installed.



Note When installing the dual-coax cable, it is acceptable to unzip or pull the two cables apart at the ends if more separation is needed between the male F connectors.


Personnel installing the bridge must understand wireless bridging techniques, antenna alignment and adjustment, and grounding methods. The integrated antenna configuration can be installed by an experienced IT professional.

Stacking Bridges

You can double the throughput or create a standby link by stacking two bridges. A stacked installation consists of two bridge systems installed at the same physical location. For detailed mounting instructions refer to the Cisco Aironet 1400 Series Wireless Bridge Mounting Instructions that shipped with your bridge.


Note The bridge antennas must be separated by a minimum of 6.56 ft (2 m) from each other and from other co-located antennas.


Important Notes

This section describes important information about the bridge.

Default SSID and Distance Settings Change When You Change Role in Radio Network

If the bridge's SSID has not been changed from the default setting and you select Install Automatic Mode as the bridge's role in radio network setting, the SSID automatically changes from tsunami to autoinstall. When you change the role in radio network from Install Automatic Mode to Root or Non-Root, the SSID changes automatically from autoinstall back to tsunami. However, if you change the SSID from its default setting, changing the role in radio network setting does not change the SSID.

In Install Automatic Mode, the default distance setting is 99 km. When you change the role in radio network from Install Automatic Mode to Root or Non-Root, the distance setting changes automatically from 99 km to 0 km.

Default Encryption Key 2 Is Set by Bridge

The encryption key in slot 2 is the transmit key by default. If you enable WEP with MIC, use the same WEP key as the transmit key in the same key slot on both root and non-root bridges.

Limitation to PAgP Redundancy on Switches Connected by Bridge Links

When two switches configured for Port Aggregation Protocol (PAgP) are connected by redundant wireless bridge links, the PAgP switchover takes at least 30 seconds, which is too slow to maintain TCP sessions from one port to another.

CLI Command power client n Is Not Supported

The bridge does not support the power client n configuration interface command in the web-browser or CLI interfaces. The bridge does not perform any action when you enter this command.

Default Infrastructure SSID

When VLAN is enabled, the WEP encryption mode and the WEP key are applicable only to a native VLAN. Any SSID configured should have the Infrastructure-SSID parameter enabled for that SSID. With the Infrastructure-SSID parameter enabled, the bridge ensures that a non-native VLAN cannot be assigned to that SSID.

ARP Table Is Corrupted When Multiple BVIs Are Configured

The bridge supports only one bridge virtual interface (BVI). Multiple BVIs should not be configured because the ARP table may become corrupted.

Bridge Power Up LED Colors

During power up the bridge LEDs display the following color sequences:

1. The Install LED is initially turned off.

2. The Install LED turns amber.

3. The Status LED turns amber during the boot loader process.

4. The Ethernet, Status, and Radio LEDs turn green during the loading of the operating system.

5. The Ethernet, Status, and Radio LEDs turn amber during the loop-back test.

6. The Status LED starts to blink green then the Ethernet LED starts to blink green.

7. The Ethernet, Status, and Radio LEDs blink amber twice to indicate that the auto install process has started.

8. During the auto install process, the Ethernet, Status, and Radio LEDs turn off for a short time period then go through a blinking sequence twice. Each LED sequentially blinks at the following rates before becoming continuously amber:

a. Slow blinking rate of 1 blink per second.

b. Medium blinking rate of 2 blinks per second.

c. Fast blinking rate of 4 blinks per second.

9. The Install LED starts to blink amber to indicate that the bridge is searching for a root bridge.

10. When the bridge associates to a root bridge, the Install LED turns amber.

11. When the bridge becomes a root bridge and is waiting for a non-root bridge to associate, the Install LED blinks green.

12. When the root bridge has a non-root bridge associated, the Install LED turns green.

Bridge Cannot Detect Invalid Software When Using copy Command

The bridge sometimes cannot detect invalid software images when you load software using the copy command. For best results, use the archive download command in the CLI to load new software.

New Express Security Page Simplifies Security Setup

The new Express Security page in the access point web-browser interface makes it easier to create SSIDs and assign security settings to them. Figure 1 shows the Express Security page.

Limitations of the Express Security page include:

You cannot edit the SSID. However, you can delete the SSID and re-create it.

You cannot configure multiple authentication servers. To configure multiple authentication servers, use the Security Server Manager page.

You cannot configure multiple WEP keys. To configure multiple WEP keys, use the Security Encryption Manager page.

You cannot assign the SSID to a VLAN that is already configured on the bridge. To assign the SSID to an existing VLAN, use the Security SSID Manager page.

You cannot configure combinations of authentication types on the same SSID. To configure combinations of authentication types, use the Security SSID Manager page.

For complete instructions on using the Express Security page, see the "Configuring Basic Security Settings" section on page 2-9 in the Cisco Aironet 1400 Series Wireless Bridge Software Configuration Guide.

Figure 1 Express Security Page

Telnet Session Sometimes Hangs or Will Not Start During Heavy Traffic

When the bridge is transmitting and receiving heavy traffic, you sometimes cannot start a Telnet session and some existing Telnet sessions freeze or hang. However, this behavior is expected because the bridge gives top priority to data traffic and a lower priority to Telnet traffic.

Caveats

This section lists open and resolved caveats in Cisco IOS Release 12.3(2)JA for the bridge and resolved caveats in Cisco IOS Release 12.3(2)JA, 12.3(2)JA5, and 12.3(2)JA6.

Open Caveats

These caveats are open in Cisco IOS Release 12.3(2)JA for the bridge:

CSCec78900—High CPU use sometimes slows throughput on bridges.

Resolved Caveats in Cisco IOS Release 12.3(2)JA6

CSCsc64976

A vulnerability exists in the IOS HTTP server in which HTML code inserted into dynamically generated output, such as the output from a show buffers command, is passed to the browser requesting the page. This HTML code could be interpreted by the client browser and potentially execute malicious commands against the device or other possible cross-site scripting attacks. Successful exploitation of this vulnerability requires that a user browse a page containing dynamic content in which HTML commands have been injected.

Cisco will be making free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.This advisory is posted a the following URL:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20051201-http

CSCee45312

RADIUS authentication on a device that is running certain versions of Cisco IOS and configured with a fallback method to none can be bypassed.

Systems that are configured for other authentication methods or that are not configured with a fallback method to none are not affected.

Only the systems that are running certain versions of Cisco IOS are affected. Not all configurations using RADIUS and none are vulnerable to this issue. Some configurations using RADIUS, none and an additional method are not affected.

Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.

More details can be found in the security advisory which posted at the following URL:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20050629-aaa

Resolved Caveats in Cisco IOS Release 12.3(2)JA5

The following caveat is resolved in Cisco IOS Release 12.3(2)JA5:

CSCei61732

Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.

Cisco has made free software available that includes the additional integrity checks for affected customers.

This advisory is posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20051102-timers.

CSCei76358—Through normal software maintenance processes, Cisco is removing depreciated functionality. These changes have no impact on system operation or feature availability.

Resolved Caveats in Cisco IOS Release 12.3(2)JA

These caveats are resolved in Cisco IOS Release 12.3(2)JA:

CSCef60659, CSCsa59600—A document that describes how the Internet Control Message Protocol (ICMP) could be used to perform a number of Denial of Service (DoS) attacks against the Transmission Control Protocol (TCP) has been made publicly available. This document has been published through the Internet Engineering Task Force (IETF) Internet Draft process, and is entitled "ICMP Attacks Against TCP" (draft-gont-tcpm-icmp-attacks-03.txt).

These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:

1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messages

Successful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.

Multiple Cisco products are affected by the attacks described in this Internet draft.

Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.

This advisory is posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20050412-icmp.

The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.

CSCef96804—The RSSI DC output port now gives correct signal strength readings.

CSCeg12593—Bridges now pass VTP information when the native VLAN on the bridge is not VLAN 1.

Troubleshooting

For the most up-to-date, detailed troubleshooting information, refer to the Cisco TAC website at http://www.cisco.com/en/US/support/index.html. Click Tools and Resources, and choose the resource that best suits your troubleshooting needs.

Documentation Updates

The Cisco Aironet 1400 Series Wireless Bridge Mounting Instructions provides detailed instructions for installing and mounting the bridge.

Optional Antenna Clarification

The Quick Start Guide: Cisco Aironet 1400 Series Wireless Bridge states on page 6 that the external antenna version of the bridge connects to an optional antenna. The statement is incorrect. The external antenna of the bridge has no installed antenna. The customer must purchase the antenna for the this version. There are three antenna options available for the external antenna version and the customer must purchase at least one to make the bridge operational.

A revision to this guide will be released at a future date.

Stacking Bridges Section Changes

The separation distance between the two stacked bridge antennas is a minimum of 6.56 ft (2 m).

Related Documentation

These documents describe the installation and configuration of the bridge:

Quick Start Guide: Cisco Aironet 1400 Series Wireless Bridge

Cisco Aironet 1400 Series Wireless Bridge Software Configuration Guide

Cisco Aironet 1400 Series Wireless Bridge Hardware Installation Guide

Cisco IOS Command Reference for Access Points and Bridges

Cisco Aironet 1400 Series Wireless Bridge Mounting Instructions

Cisco Aironet 1400 Series Wireless Bridge 9-dBi Omnidirectional Antenna

Cisco Aironet 1400 Series Wireless Bridge 10-dBi Sector Antenna

Cisco Aironet 1400 Series Wireless Bridge 28-dBi Dish Antenna

Cisco Aironet 1400 Series Wireless Bridge Roof Mount Assembly Instructions

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as an RSS feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service. Cisco currently supports RSS Version 2.0.