Table Of Contents
Release Notes for Cisco 3200 Series Routers with Cisco IOS Release 12.4(3)JL
Determining the Software Version
Upgrading to a New Software Release
New Hardware Features in Cisco IOS Release 12.4(3)JL1
New Software Features in Cisco IOS Release 12.4(3)JL1
New Hardware Features in Cisco IOS Release 12.4(3)JL
New Software Features in Cisco IOS Release 12.4(3)JL
Dynamic MAC Address for Universal Workgroup Bridge
Multiple Basic Service Set Identifier (MBSSID)
New Software Features in Cisco IOS Release 12.4T
Cisco IOS Software Documentation Set
Release Notes for Cisco 3200 Series Routers with Cisco IOS Release 12.4(3)JL
First Released: August 22, 2008Last Revised: September 8, 2009Cisco IOS Release 12.4(3)JL1OL-17713-02 Second ReleaseThese release notes describe new features and significant software components for the Cisco 3200 series routers that support Cisco IOS Release 12.4(3)JL. These release notes are updated as needed. Use these release notes with the Cross-Platform Release Notes for Cisco IOS Release 12.4T and About Cisco IOS Release Notes.
For a list of the software caveats that apply to Cisco IOS Release 12.4(3)JL, see the "Caveats" section and the online Caveats for Cisco IOS Release 12.4T. The caveats document is updated for every 12.4T maintenance release.
Contents
System Requirements
This section describes system requirements for Cisco IOS Release 12.4(3)JL and includes the following sections:
•
Determining the Software Version
•
Memory Requirements
Table 1 lists memory requirements for the Cisco IOS feature sets supported by Cisco IOS Release 12.4(3)JL on Cisco 3200 series routers.
Hardware Supported
Cisco IOS Release 12.4(3)JL supports the 2.4-GHz Wireless Mobile Interface Card (WMIC) for the Cisco 3200 series router.
For descriptions of existing hardware features and supported modules, see the configuration guides and additional documents specific to the Cisco 3200 series router, which are available at:
http://www.cisco.com/en/US/products/hw/routers/ps272/tsd_products_support_series_home.html
Determining the Software Version
To determine the version of Cisco IOS software currently running on your Cisco 3200 series router, see About Cisco IOS Release Notes located at:
http://www.cisco.com/en/US/docs/ios/12_4/12_4x/12_4xy15/ReleaseNote.html
Upgrading to a New Software Release
For general information about upgrading to a new software release, see About Cisco IOS Release Notes located at:
http://www.cisco.com/en/US/docs/ios/12_4/12_4x/12_4xy15/ReleaseNote.html.
Feature Set Tables
For information about Feature Set Tables, see About Cisco IOS Release Notes located at: http://www.cisco.com/en/US/docs/ios/12_4/12_4x/12_4xy15/ReleaseNote.html.
New and Changed Information
The following sections describe new features supported by Cisco 3200 series routers in 12.4(3)JL.
•
•
•
•
•
New Hardware Features in Cisco IOS Release 12.4(3)JL1
There are no new hardware features in this release.
New Software Features in Cisco IOS Release 12.4(3)JL1
There are no new software features in this release.
New Hardware Features in Cisco IOS Release 12.4(3)JL
There are no new hardware features in this release.
New Software Features in Cisco IOS Release 12.4(3)JL
The new software features are:
•
•
Multiple Client Profile
The Multiple Client Profile (MCP) feature allows a Cisco 3201 Wireless Mobile Interface Card (WMIC) in a client station role (workgroup bridge, non-root, universal workgroup bridge) to maintain multiple client profiles—one profile for every configured service set identifier (SSID). Every profile contains authentication types and cipher suites for the corresponding SSID. This use of a profile-based system allows the various SSIDs to maintain prioritization. Profiles allow the configuration of authentication, encryption, and channel width per SSID.
For more information, see:
http://www.cisco.com/en/US/docs/routers/access/3200/software/wireless/MultClientProf.html
Dynamic MAC Address for Universal Workgroup Bridge
When you enable the Dynamic MAC address assignment, the universal workgroup bridge finds the MAC address of the client dynamically. If no MAC address of the client is found, the universal workgroup bridge uses the MAC address of the universal workgroup bridge BVI1 interface.
Note
For more information, see: http://www.cisco.com/en/US/docs/routers/access/3200/software/wireless/RolesAssociations.html#wp1024256
Any SSID
When any of the configured SSID profiles match with the AP, the workgroup bridge and universal workgroup bridge associate to the AP. When none of the configured SSID profiles match with the AP, the workgroup bridge and universal workgroup bridge fail to associate to the AP. This feature enables the workgroup bridge and universal workgroup bridge to associate to a guest-mode SSID configured on the AP. The workgroup bridge and universal workgroup bridge needs compatible authentication and encryption settings under the profile named "any."
For more information, see:
http://www.cisco.com/en/US/docs/routers/access/3200/software/wireless/ServiceSetID.html
Management Frame Protection
Management Frame Protection (MFP) provides security for the management messages passed between access points (AP) and Client stations. MFP consists of two functional components: Infrastructure MFP and Client MFP.
Infrastructure MFP provides infrastructure support. Infrastructure MFP utilizes a message integrity check (MIC) across broadcast and directed management frames assists in detecting of rogue devices and denial of service attacks.
Client MFP provides client support. Client MFP protects authenticated clients from spoofed frames by preventing many of the common attacks against WLANs from becoming effective.
Note
For more information, see:
http://www.cisco.com/en/US/docs/routers/access/3200/software/wireless/ManageFrameProt.html
Dynamic Channel Width
Cisco 3202 WMICs support dynamic channel width assignment for 4.9GHz. For 4.9GHz WMIC, the channel width setting is added into SSID profile to achieve dynamic channel bandwidth selection.
All the 3200 WMIC platforms for the following client modes: non-root, workgroup-bridge, and universal workgroup-bridge support dynamic channel width for 4.9GHz.
For more information, see:
http://www.cisco.com/en/US/docs/routers/access/3200/software/wireless/MultClientProf.html
Multiple Basic Service Set Identifier (MBSSID)
Cisco 3200 series WMICs now support up to 8 basic SSIDs (BSSIDs), which are similar to MAC addresses. This feature is support on all the WMICs. You use multiple BSSIDs to assign a unique Delivery Traffic Indication Message (DTIM) setting for each SSID and to broadcast more than one SSID in beacons.
For more information, see:
http://www.cisco.com/en/US/docs/routers/access/3200/software/wireless/ServiceSetID.html
Mobility Enhancements
This feature adds periodicity for roaming triggered by data rate shift and allows restriction of the number of channels that "client" mode scans.
For more information, see:
http://www.cisco.com/en/US/docs/routers/access/3200/software/wireless/WDSRoaming.html
New Software Features in Cisco IOS Release 12.4T
For information regarding the features supported in Cisco IOS Release 12.4T, see the Cross-Platform Release Notes links at: http://www.cisco.com/en/US/products/ps6441/prod_release_notes_list.html
Caveats
For general information on caveats and the bug toolkit, see About Cisco IOS Release Notes located at: http://www.cisco.com/en/US/docs/ios/12_4/12_4x/12_4xy15/ReleaseNote.html.
This section contains the following caveat information:
•
Open Caveats - 12.4(3)JL1
There are no open caveats in this release.
Resolved Caveats - 12.4(3)JL1
•
A vulnerability in the handling of IP sockets can cause devices to be vulnerable to a denial of service attack when any of several features of Cisco IOS software are enabled. A sequence of specially crafted TCP/IP packets could cause any of the following results:
–
–
–
–
Workarounds that mitigate this vulnerability are available in the "workarounds" section of the advisory. The advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090325-ip.shtml
•
Symptoms: SSLVPN service stops accepting any new SSLVPN connections.
Conditions: A device configured for SSLVPN may stop accepting any new SSLVPN connections, due to a vulnerability in the processing of new TCP connections for SSLVPN services. If "debug ip tcp transactions" is enabled and this vulnerability is triggered, debug messages with connection queue limit reached will be observed. This vulnerability is documented in two separate Cisco bug IDs, both of which are required for a full fix: CSCso04657 and CSCsg00102.
•
Symptoms: SSLVPN service stops accepting any new SSLVPN connections.
Conditions: A device configured for SSLVPN may stop accepting any new SSLVPN connections, due to a vulnerability in the processing of new TCP connections for SSLVPN services. If "debug ip tcp transactions" is enabled and this vulnerability is triggered, debug messages with connection queue limit reached will be observed. This vulnerability is documented in two separate Cisco bug IDs, both of which are required for a full fix: CSCso04657 and CSCsg00102.
•
Multiple Cisco products are affected by denial of service (DoS) vulnerabilities that manipulate the state of Transmission Control Protocol (TCP) connections. By manipulating the state of a TCP connection, an attacker could force the TCP connection to remain in a long-lived state, possibly indefinitely. If enough TCP connections are forced into a long-lived or indefinite state, resources on a system under attack may be consumed, preventing new TCP connections from being accepted. In some cases, a system reboot may be necessary to recover normal system operation. To exploit these vulnerabilities, an attacker must be able to complete a TCP three-way handshake with a vulnerable system.
In addition to these vulnerabilities, Cisco Nexus 5000 devices contain a TCP DoS vulnerability that may result in a system crash. This additional vulnerability was found as a result of testing the TCP state manipulation vulnerabilities.
Cisco has released free software updates for download from the Cisco website that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20090908-tcp24.shtml.
CSCsu75750 Mobile station command nvgen wrong syntax.Symptom When entering " mobile station period 720 threshold 65 " Show run displays the following output:
interface Dot11Radio0
[snip]
mobile station period period 720 threshold 65
The extra "period" in the mobile station config causes wmic to lose this command after reboot.
Conditions
Workaround
CSCsv18333 WGB disassociates with outdoor Mesh AP intermittently.Symptom When WGB associates with Mesh APs, WGB could intermittently disassociate from Mesh AP with video traffic.
Workaround
CSCsv28916 Intermittent reachability delay for WGB client after roam.Symptom The wired client of a WGB may intermittently lose reachability from the Distribution System side, following a WGB roam. The WGB client will resume reachability within 10 seconds after the reassociation.
Conditions
Workaround
CSCsv50474 c3202 and c3205 WGB intermittently reload when associated to LWAPP APs.Symptom WGB reloads intermittently when associated with LWAPP APs using WPA version 2 TKIP PSK.
Workaround
Open Caveats - 12.4(3)JL
There are no open caveats in this release.
Resolved Caveats - 12.4(3)JL
There are no resolved caveats in this release.
Additional References
Use this release note with the documents and websites in this release note and the documents listed in the following sections:
Release-Specific Documents
The following documents are specific to Release 12.4 and apply to Release 12.4(3)JL.
•
•
•
Platform-Specific Documents
Hardware installation guides, configuration and command reference guides, and additional documents specific to the Cisco 3200 series routers are available at:
http://www.cisco.com/en/US/products/hw/routers/ps272/tsd_products_support_series_home.html
Cisco IOS Software Documentation Set
The Cisco IOS software documentation set consists of the Cisco IOS configuration guides, Cisco IOS command references, and several other supporting documents.
Documentation Modules
Each module in the Cisco IOS documentation set consists of one or more configuration guides and one or more corresponding command references. Chapters in a configuration guide describe protocols, configuration tasks, and Cisco IOS software functionality, and contain comprehensive configuration examples. Chapters in a command reference provide complete command syntax information. Use each configuration guide with its corresponding command reference. Cisco IOS Software Documentation is available in html or pdf form.
Select your release and click the command references, configuration guides, or any other Cisco IOS documentation you need.
Notices
See the "Notices" section in About Cisco IOS Release Notes located at:
http://www.cisco.com/en/US/docs/ios/12_4/12_4x/12_4xy15/ReleaseNote.html
Use this document in conjunction with the documents listed in the "Additional References" section.
CCDE, CCENT, CCSI, Cisco Eos, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Lumin, Cisco Nexus, Cisco Nurse Connect, Cisco Pulse, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, and Flip Gift Card are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Fast Step, Follow Me Browsing, FormShare, GainMaker, GigaDrive, HomeLink, iLYNX, Internet Quotient, IOS, iPhone, iQuick Study, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MediaTone, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, Network Registrar, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, ScriptShare, SenderBase, SMARTnet, Spectrum Expert, StackWise, The Fastest Way to Increase Your Internet Quotient, TransPath, WebEx, and the WebEx logo are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0908R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2009 Cisco Systems, Inc. All rights reserved.
Guest
