Table Of Contents
Release Notes for Cisco Aironet Client Adapter Firmware, Version 4.25.23
Network-EAP Authentication Requires Matching 802.1X Protocol Drafts
Upgrading to a New Firmware Release
Determining the Firmware Version
In Windows 95, 98, NT, 2000, Me, or XP
Upgrade Procedure for Windows and Linux
Windows 95, 98, NT, 2000, Me, or XP
Upgrade Procedure for Windows CE
Signal Strength Not Updated Correctly in Ad-Hoc Mode
Signal Quality Not Updated Correctly in Ad-Hoc Mode
ACU Displays MAC Address Rather Than IP Address of the Access Point
Client in World Mode Has 100-mW Power When Associated to a 30- or 50-mW Access Point
Firmware Flashing Stops at 23% with an Error
Wideband Japan Channel Set Displays Incorrect Power Levels
Getting Bug Information on Cisco.com
Obtaining Technical Assistance
Release Notes for Cisco Aironet Client Adapter Firmware, Version 4.25.23
Contents
This document contains the following sections:
•Upgrading to a New Firmware Release
•Obtaining Technical Assistance
Introduction
This document describes system requirements, upgrade procedures, new and changed information, and caveats for Cisco Aironet client adapter firmware release 4.25.23.
Important Notes
Caution The existing Mac OS drivers (version 1.0.2 and earlier for Mac OS 9.x and version 1.0.0 for Mac OS 10.1) are not compatible with firmware version 4.25.23. If you install firmware version 4.25.23 on your client adapter and use it with an existing Mac OS driver, you will be unable to use some of the adapter's capabilities, such as WEP and LEAP.
Note Although firmware version 4.25.23 is compatible with Windows CE and Linux, the latest drivers for these operating systems (version 1.70 for Windows CE and version 1.5.2 for Linux) do not support the message integrity check (MIC) and temporal key integrity protocol (TKIP) security features supported in this firmware release. Currently the only driver that supports MIC and TKIP is Windows driver version 8.01.06.
System Requirements
You must have a Cisco Aironet 340, 350, or 4800 series PC card, LM card, or PCI client adapter to install firmware version 4.25.23.
To take advantage of the security features introduced in client adapter firmware release 4.25.23, you must install Windows ACU version 5.01.001 or greater and Windows driver version 8.01.06 or greater (or Windows mini PCI driver version 2.20 or greater), and you must use access point firmware version 11.10T or greater.
Network-EAP Authentication Requires Matching 802.1X Protocol Drafts
In order to use Network-EAP authentication on your wireless network, your client devices and infrastructure devices (access points and bridges) must use the same 802.1X protocol draft. Client firmware release 4.25.23 supports draft 10 of the 802.1X protocol standard. Therefore, if client devices use this version of firmware, an access point or bridge to which they associate must also be configured to use draft 10. The table below lists firmware versions for Cisco Aironet products and the drafts with which they comply.
Firmware Version Draft 8 Draft 10 1Client adapters (PCM34x/35x, LMC34x/35x, and PCI34x/35x)
4.13
x
—
4.16
x
—
4.23
x
—
4.25 and later
—
x
Workgroup bridges (WGB34x/352)
8.58
x
—
8.61 and later
—
x
Access points (AP34x/35x)
11.05 and earlier
x
—
11.06 and later2
x
x
Bridges (BR352)
x
x
1 The functionality in draft 10 is equivalent to the functionality in draft 11, the ratified draft of the 802.1X standard.
2 The default draft setting in access point and bridge firmware version 11.06 and later is draft 10.
If your clients and infrastructure devices do not have matching 802.1X protocol drafts, upgrade the firmware in these devices to versions with the same draft number. However, if your access points or bridges are using firmware version 11.06 or later, you can use their Authenticator Configuration page to select the draft of the 802.1X protocol that they should use. To set the draft for your access points or bridges, follow the instructions in the Release Notes for Cisco Aironet Access Points for firmware version 11.06. You can access these Release Notes at the following URL:
http://www.cisco.com/univercd/cc/td/doc/product/wireless/airo_350/accsspts/ap350rn/index.htm
Upgrading to a New Firmware Release
This section describes how to upgrade to firmware release 4.25.23.
Determining the Firmware Version
To determine the firmware version that your client adapter is currently using, follow the instructions below for your operating system.
In Windows 95, 98, NT, 2000, Me, or XP
Open ACU; then click the Status icon or select Status from the Commands drop-down menu. The firmware version is displayed in the Status screen.
In Linux
Open ACU; then select Status from the Commands drop-down menu. The firmware version is displayed in the Status screen.
In Windows CE
Select Start > Programs > Cisco > Load New Firmware. The firmware version is displayed in the Select New Firmware screen.
Upgrade Procedure for Windows and Linux
To upgrade your client adapter's firmware on Windows 95, 98, NT, 2000, Me, or XP or Linux, follow the steps below. To upgrade your client adapter's firmware on Windows CE, go to the "Upgrade Procedure for Windows CE" section.
Step 1 Use your computer's web browser to access the following URL:
http://www.cisco.com/public/sw-center/sw-wireless.shtmlStep 2 Under Wireless LAN Software, select Cisco Aironet 340 Series or Cisco Aironet 350 Series.
Step 3 Click the filename of the appropriate radio firmware image for your client adapter (for example, PC350v42523.exe).
Note If your wireless network uses LEAP authentication, remember to select a radio firmware image of the same draft standard as the access points to which your client adapter will be authenticating.
Note If your wireless network uses EAP-TLS or EAP-MD5 authentication, you must select draft 10 of the radio firmware image.
Step 4 Read and accept the terms and conditions of the Software License Agreement.
Step 5 Select the firmware file to download it.
Step 6 Save the file to a floppy disk or to your computer's hard drive.
Step 7 Locate the file on your floppy disk or on your computer's hard drive and use an unzip program to extract the image file to a folder.
Step 8 Make sure the client adapter is installed in your computer and is operational.
Step 9 Follow the instructions in one of the subsections below for your specific operating system.
Windows 95, 98, NT, 2000, Me, or XP
Step 1 Open ACU; then click the Load Firmware icon or select Load New Firmware from the Commands drop-down menu.
Step 2 Find the location of the new firmware in the Open Window's Look in box. The default location is InstallPath\Firmware, where InstallPath is the directory that ACU was installed in.
Step 3 Click the new firmware image (PC3x0vxxxxx.img) so it appears in the File name box at the bottom of the window.
Step 4 Click the Open button. A progress bar displays while the selected image is loaded into the client adapter's Flash memory.
Step 5 Click OK when the "Firmware Upgrade Complete!" message appears. The OK button cannot be selected until the process is complete or an error occurs.
Linux
Step 1 Select Load New Firmware from the Commands drop-down menu.
Step 2 In the File Selection window, find the location of the new firmware in the Files box.
Step 3 Under Files, click the new firmware image (PC3x0vxxxxx.img) so it appears in the Selection box at the bottom of the window.
Step 4 Click OK to load the firmware image into your client adapter's Flash memory.
Upgrade Procedure for Windows CE
Step 1 Use a serial or USB cable to connect your Windows CE device to a laptop or PC running ActiveSync. A message appears on the Windows CE device indicating that it is connecting to the host. After the Windows CE device is connected, the New Partnership window appears on the laptop or PC. This window asks if you want to set up a partnership.
Step 2 Perform one of the following:
•If you want to establish a partnership that allows you to synchronize files between the laptop or PC and the Windows CE device, select Yes, click Next, and follow the instructions on the screen to specify the files to be synchronized and to finish setting up the partnership.
•If you do not want to synchronize files and want to connect as a "guest," select No and click Next. The screen indicates that you are connected as a guest.
Step 3 Use the laptop or PC's web browser to access the following URL:
http://www.cisco.com/public/sw-center/sw-wireless.shtmlStep 4 Under Wireless Software Products, select Cisco Aironet 340 Series or Cisco Aironet 350 Series.
Step 5 Click the filename of the appropriate radio firmware image for your client adapter (for example, PC350v42523.exe).
Note If your wireless network uses LEAP, remember to select a radio firmware image of the same draft standard as the access points to which your client adapters will be authenticating.
Step 6 Read and accept the terms and conditions of the Software License Agreement.
Step 7 Select the firmware file to download it.
Step 8 Save the file to a floppy disk or to your laptop or PC hard drive.
Step 9 Open Windows Explorer, locate the file on your floppy disk or hard drive, double-click it, and extract the image file to a folder.
Step 10 In the ActiveSync window on the laptop or PC, click the Explore button to view the files on the Windows CE device.
Step 11 Drag and drop the firmware image (PC3x0vxxxxx.img) from Windows Explorer to a location in the ActiveSync window.
Note If your Windows CE device is a PPC running Windows CE 3.0, you must copy the firmware image to the My Documents folder or a folder under My Documents.
Step 12 After the file is copied, disconnect the Windows CE device.
Step 13 Make sure the client adapter is installed in your Windows CE device and is operational.
Step 14 On your Windows CE device, select Start > Programs > Cisco > Load New Firmware.
Step 15 Click the Select Firmware button.
Step 16 Find the location of the new firmware image in the Open window.
Step 17 Click the new firmware image file (*.img) so it appears in the Name box at the bottom of the Open window.
Step 18 Click OK. If the selected image is loaded successfully into the client adapter's Flash memory, a "Firmware Upgrade Complete!" message appears on the Load New Firmware screen.
New and Changed Information
This section describes new and changed information for release 4.25.23 of the Cisco Aironet client adapter firmware.
Support for Enhanced Security
Client adapter firmware release 4.25.23 and Windows driver release 8.01.06 support three new security features designed to prevent sophisticated attacks on your wireless network's WEP keys. Access point firmware version 11.10T or greater is required to enable these security features.
•Message Integrity Check (MIC) - MIC prevents bit-flip attacks on encrypted packets. During a bit-flip attack, an intruder intercepts an encrypted message, alters it slightly, and retransmits it, and the receiver accepts the retransmitted message as legitimate. The MIC adds a few bytes to each packet to make the packets tamper-proof.
•Temporal Key Integrity Protocol (TKIP) - This feature, also referred to as WEP key hashing, defends against an attack on WEP in which the intruder uses the initialization vector (IV) in encrypted packets to calculate the WEP key. TKIP removes the predictability that an intruder relies on to determine the WEP key by exploiting IVs.
•Broadcast key rotation - EAP authentication provides dynamic unicast WEP keys for client devices but uses static broadcast, or multicast, keys. When you enable broadcast WEP key rotation, the access point provides a dynamic broadcast WEP key and changes it at the interval you select. When you enable this feature, only wireless client devices using LEAP or EAP-TLS authentication can associate to the access point. Client devices using static WEP (with open, shared key, or EAP-MD5 authentication) cannot associate.
Note If you enable MIC or TKIP on the access point, your client adapter's driver and firmware must support these features; otherwise, the client cannot associate. Refer to the "Important Notes" section for details.
Note Refer to the Cisco Aironet Access Point Software Configuration Guide for instructions on enabling these security features on the access point.
Documentation
The documentation for the 340 and 350 Series Cisco Aironet Wireless LAN Adapters is changing with this release. Prior versions of client adapter software are documented in the Cisco Aironet Wireless LAN Adapters Hardware Installation Guide and the Cisco Aironet Wireless LAN Adapters Software Configuration Guide, both of which contain information for Windows, Windows CE, Linux, and Macintosh. Now one document is available for each operating system. Refer to the "Related Documentation" section for a list of these documents.
Caveats
This section describes resolved and open caveats for client adapter firmware release 4.25.23.
Resolved Caveats
The following caveats are resolved for client adapter firmware release 4.25.23.
Signal Strength Not Updated Correctly in Ad-Hoc Mode
When a client starts in ad-hoc mode, signal strength is 0. When a second client joins the cell, signal strength increases. When the second client leaves the cell, the signal strength stays the same even though it should return to 0 when no other clients are in the cell (CSCdu19772). This caveat is resolved in firmware release 4.25.23.
Signal Quality Not Updated Correctly in Ad-Hoc Mode
When a client starts in ad-hoc mode, signal quality is 0. When a second client joins the cell, signal quality increases. When the second client leaves the cell, the signal quality stays the same even though it should return to 0 when no other clients are in the cell (CSCdu19798). This caveat is resolved in firmware release 4.25.23.
ACU Displays MAC Address Rather Than IP Address of the Access Point
When LEAP is enabled, the status bar at the bottom of the ACU screen usually displays the MAC address, rather than the IP address, of the access point to which the client is associated (CSCdu53528). This caveat is resolved in firmware release 4.25.23.
Client in World Mode Has 100-mW Power When Associated to a 30- or 50-mW Access Point
A client in world mode has 100-mW power when associated to an access point that is set for 30 or 50 mW (CSCdu80530). The client should adopt a transmit power valid in the regulatory domain of the access point. This caveat is resolved in firmware release 4.25.23.
Firmware Flashing Stops at 23% with an Error
When you attempt to upgrade the client adapter firmware, the process stops at 23% and generates an error (CSCdu49124). This caveat is resolved in firmware release 4.25.23.
Open Caveats
The following are known problems for client adapter firmware release 4.25.23.
Wideband Japan Channel Set Displays Incorrect Power Levels
The 4800 series client adapters do not display the correct available power levels when programmed to the wideband Japan channel set (CSCdv57626).
Getting Bug Information on Cisco.com
If you are a Cisco registered user, you can use the Cisco TAC Software Bug Toolkit, which consists of three tools (Bug Navigator, Bug Watcher, and Search by Bug ID Number) that help you to identify existing bugs (or caveats) in Cisco software products.
Access the TAC Software Bug Toolkit today at the following URL:
http://www.cisco.com/cgi-bin/Support/Bugtool/launch_bugtool.pl
Troubleshooting
For the most up-to-date, detailed troubleshooting information, refer to the Cisco TAC website at the following URL: http://www.cisco.com/tac. Select Wireless Technologies under "Top Issues."
Related Documentation
For more information about 340 and 350 series client adapters, refer to the following documents:
•Cisco Aironet Wireless LAN Adapters Installation and Configuration Guide for Windows
•Cisco Aironet Wireless LAN Adapters Installation and Configuration Guide for Windows CE
•Cisco Aironet Wireless LAN Adapters Installation and Configuration Guide for Linux
•Cisco Aironet Wireless LAN Adapters Installation and Configuration Guide for Mac OS
Obtaining Documentation
The following sections explain how to obtain documentation from Cisco Systems.
World Wide Web
You can access the most current Cisco documentation on the World Wide Web at the following URL:
Translated documentation is available at the following URL:
http://www.cisco.com/public/countries_languages.shtml
Documentation CD-ROM
Cisco documentation and additional literature are available in a CD-ROM package shipped separately from the Cisco Aironet Series Wireless LAN Adapters CD that shipped with your product. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or as an annual subscription.
Ordering Documentation
Cisco documentation is available in the following ways:
•Registered Cisco Direct Customers can order Cisco product documentation from the Networking Products MarketPlace:
http://www.cisco.com/cgi-bin/order/order_root.pl
•Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription Store:
http://www.cisco.com/go/subscription
•Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco corporate headquarters (California, USA) at 408 526-7208 or, elsewhere in North America, by calling 800 553-NETS (6387).
Documentation Feedback
If you are reading Cisco product documentation on Cisco.com, you can submit technical comments electronically. Click Leave Feedback at the bottom of the Cisco Documentation home page. After you complete the form, print it out and fax it to Cisco at 408 527-0730.
You can e-mail your comments to bug-doc@cisco.com.
To submit your comments by mail, use the response card behind the front cover of your document, or write to the following address:
Cisco Systems
Attn: Document Resource Connection
170 West Tasman Drive
San Jose, CA 95134-9883We appreciate your comments.
Obtaining Technical Assistance
Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools by using the Cisco Technical Assistance Center (TAC) Web Site. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC Web Site.
Cisco.com
Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information, networking solutions, services, programs, and resources at any time, from anywhere in the world.
Cisco.com is a highly integrated Internet application and a powerful, easy-to-use tool that provides a broad range of features and services to help you to
•Streamline business processes and improve productivity
•Resolve technical issues with online support
•Download and test software packages
•Order Cisco learning materials and merchandise
•Register for online skill assessment, training, and certification programs
You can self-register on Cisco.com to obtain customized information and service. To access Cisco.com, go to the following URL:
Technical Assistance Center
The Cisco TAC is available to all customers who need technical assistance with a Cisco product, technology, or solution. Two types of support are available through the Cisco TAC: the Cisco TAC Web Site and the Cisco TAC Escalation Center.
Inquiries to Cisco TAC are categorized according to the urgency of the issue:
•Priority level 4 (P4)—You need information or assistance concerning Cisco product capabilities, product installation, or basic product configuration.
•Priority level 3 (P3)—Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue.
•Priority level 2 (P2)—Your production network is severely degraded, affecting significant aspects of business operations. No workaround is available.
•Priority level 1 (P1)—Your production network is down, and a critical impact to business operations will occur if service is not restored quickly. No workaround is available.
Which Cisco TAC resource you choose is based on the priority of the problem and the conditions of service contracts, when applicable.
Cisco TAC Web Site
The Cisco TAC Web Site allows you to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC Web Site, go to the following URL:
All customers, partners, and resellers who have a valid Cisco services contract have complete access to the technical support resources on the Cisco TAC Web Site. The Cisco TAC Web Site requires a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to the following URL to register:
http://www.cisco.com/register/
If you cannot resolve your technical issues by using the Cisco TAC Web Site, and you are a Cisco.com registered user, you can open a case online by using the TAC Case Open tool at the following URL:
http://www.cisco.com/tac/caseopen
If you have Internet access, it is recommended that you open P3 and P4 cases through the Cisco TAC Web Site.
Cisco TAC Escalation Center
The Cisco TAC Escalation Center addresses issues that are classified as priority level 1 or priority level 2; these classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer will automatically open a case.
To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to the following URL:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
Before calling, please check with your network operations center to determine the level of Cisco support services to which your company is entitled; for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). In addition, please have available your service agreement number and your product serial number.
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
Copyright © 2002, Cisco Systems, Inc.
All rights reserved.