Table Of Contents
Release Notes for Cisco Aironet 1410 Bridges
for Cisco IOS Release 12.3(2)JA6Upgrading to a New Software Release
Default SSID and Distance Settings Change When You Change Role in Radio Network
Default Encryption Key 2 Is Set by Bridge
Limitation to PAgP Redundancy on Switches Connected by Bridge Links
CLI Command power client n Is Not Supported
ARP Table Is Corrupted When Multiple BVIs Are Configured
Bridge Cannot Detect Invalid Software When Using copy Command
New Express Security Page Simplifies Security Setup
Telnet Session Sometimes Hangs or Will Not Start During Heavy Traffic
Resolved Caveats in Cisco IOS Release 12.3(2)JA6
Resolved Caveats in Cisco IOS Release 12.3(2)JA5
Resolved Caveats in Cisco IOS Release 12.3(2)JA
Optional Antenna Clarification
Stacking Bridges Section Changes
Cisco Product Security Overview
Reporting Security Problems in Cisco Products
Obtaining Technical Assistance
Cisco Technical Support & Documentation Website
Definitions of Service Request Severity
Obtaining Additional Publications and Information
Release Notes for Cisco Aironet 1410 Bridges
for Cisco IOS Release 12.3(2)JA6
April 3, 2006
These release notes describe open and resolved caveats for Cisco IOS Release 12.3(2)JA6. They also provide important information about the Cisco Aironet 1410 Bridge (hereafter called bridge).
Contents
These release notes contain the following sections:
•
Cisco Product Security Overview
•
•
Introduction
The Cisco Aironet 1400 Series Bridge is a wireless device designed for building-to-building wireless connectivity. Operating in the 5.8-GHz UNII 3 band (5725 to 5825 MHz), derived from the 802.11a standard, the bridge delivers 6 to 54 Mbps data rates without the need for a license. The bridge is a self-contained unit designed for outdoor installations, providing differing antenna gains as well as coverage patterns and supports both point-to-point and point-to-multipoint configurations.
The bridge uses a browser-based management system, but you can also configure the bridge using the command-line interface (CLI) through a Telnet session, Cisco IOS commands, or Simple Network Management Protocol (SNMP).
Cisco IOS Release 12.3(2)JA6 supports the features and bug fixes included in Cisco IOS Releases 12.3(2)JA, 12.3(2)JA1, 12.3(2)JA2, and 12.3(2)JA5.
System Requirements
You can install Cisco IOS Release 12.3(2)JA6 on all 1400 series bridges.
Finding the Software Version
To find the version of Cisco IOS software running on your bridge, use a Telnet session to log into the bridge and enter the show version EXEC command. This example shows command output from a bridge running Cisco IOS Release 12.2(13)JA2:
bridge> show versionCisco Internetwork Operating System SoftwareIOS (tm) C1410 Software (C1410-K9W7-M), Version 12.2(13)JA2Copyright (c) 1986-2003 by Cisco Systems, Inc.You can also find the software version on the System Software Version page in the bridge's web-browser interface.
Upgrading to a New Software Release
For instructions on installing bridge software:
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Click this link to to browse to the Cisco IOS Software Center on Cisco.com:
http://www.cisco.com/public/sw-center/sw-ios.shtml
A Cisco IOS Upgrade Planner is available at cisco.com for registered customers. Click this link to
access it:http://www.cisco.com/pcgi-bin/Software/Iosplanner/Planner-tool/iosplanner.cgi
New Features
Cisco IOS Release 12.3(2)JA6 does not include new features. It supports the features included in release 12.3(2)JA. This section lists the new features in Cisco IOS Release 12.3(2)JA.
HTTPS - HTTP with SSL 3.0
This feature supports a Secure Sockets Layer (SSL)/Secure Hypertext Transfer Protocol (HTTPS) method of managing Cisco Aironet access points via a Web browser using HTTP.
HTTP Web Server v1.1
This feature provides a consistent interface for users and applications by implementing the HTTP 1.1 standard (see RFC 2616). In previous releases, Cisco software supported only a partial implementation of HTTP 1.0. The integrated HTTP Server API supports server application interfaces. When combined with the HTTPS and HTTP 1.1 Client features, provides a complete, secure solution for HTTP services to and from Cisco devices.
Installation Notes
This section contains important information to keep in mind when installing your bridge.
Bridge Installation
The bridge is available in two configurations:
•
•
Note
Note
Personnel installing the bridge must understand wireless bridging techniques, antenna alignment and adjustment, and grounding methods. The integrated antenna configuration can be installed by an experienced IT professional.
Stacking Bridges
You can double the throughput or create a standby link by stacking two bridges. A stacked installation consists of two bridge systems installed at the same physical location. For detailed mounting instructions refer to the Cisco Aironet 1400 Series Wireless Bridge Mounting Instructions that shipped with your bridge.
Note
Important Notes
This section describes important information about the bridge.
Default SSID and Distance Settings Change When You Change Role in Radio Network
If the bridge's SSID has not been changed from the default setting and you select Install Automatic Mode as the bridge's role in radio network setting, the SSID automatically changes from tsunami to autoinstall. When you change the role in radio network from Install Automatic Mode to Root or Non-Root, the SSID changes automatically from autoinstall back to tsunami. However, if you change the SSID from its default setting, changing the role in radio network setting does not change the SSID.
In Install Automatic Mode, the default distance setting is 99 km. When you change the role in radio network from Install Automatic Mode to Root or Non-Root, the distance setting changes automatically from 99 km to 0 km.
Default Encryption Key 2 Is Set by Bridge
The encryption key in slot 2 is the transmit key by default. If you enable WEP with MIC, use the same WEP key as the transmit key in the same key slot on both root and non-root bridges.
Limitation to PAgP Redundancy on Switches Connected by Bridge Links
When two switches configured for Port Aggregation Protocol (PAgP) are connected by redundant wireless bridge links, the PAgP switchover takes at least 30 seconds, which is too slow to maintain TCP sessions from one port to another.
CLI Command power client n Is Not Supported
The bridge does not support the power client n configuration interface command in the web-browser or CLI interfaces. The bridge does not perform any action when you enter this command.
Default Infrastructure SSID
When VLAN is enabled, the WEP encryption mode and the WEP key are applicable only to a native VLAN. Any SSID configured should have the Infrastructure-SSID parameter enabled for that SSID. With the Infrastructure-SSID parameter enabled, the bridge ensures that a non-native VLAN cannot be assigned to that SSID.
ARP Table Is Corrupted When Multiple BVIs Are Configured
The bridge supports only one bridge virtual interface (BVI). Multiple BVIs should not be configured because the ARP table may become corrupted.
Bridge Power Up LED Colors
During power up the bridge LEDs display the following color sequences:
1.
2.
3.
4.
5.
6.
7.
8.
a.
b.
c.
9.
10.
11.
12.
Bridge Cannot Detect Invalid Software When Using copy Command
The bridge sometimes cannot detect invalid software images when you load software using the copy command. For best results, use the archive download command in the CLI to load new software.
New Express Security Page Simplifies Security Setup
The new Express Security page in the access point web-browser interface makes it easier to create SSIDs and assign security settings to them. Figure 1 shows the Express Security page.
Limitations of the Express Security page include:
•
•
•
•
•
For complete instructions on using the Express Security page, see the "Configuring Basic Security Settings" section on page 2-9 in the Cisco Aironet 1400 Series Wireless Bridge Software Configuration Guide.
Figure 1 Express Security Page
Telnet Session Sometimes Hangs or Will Not Start During Heavy Traffic
When the bridge is transmitting and receiving heavy traffic, you sometimes cannot start a Telnet session and some existing Telnet sessions freeze or hang. However, this behavior is expected because the bridge gives top priority to data traffic and a lower priority to Telnet traffic.
Caveats
This section lists open and resolved caveats in Cisco IOS Release 12.3(2)JA for the bridge and resolved caveats in Cisco IOS Release 12.3(2)JA, 12.3(2)JA5, and 12.3(2)JA6.
Open Caveats
These caveats are open in Cisco IOS Release 12.3(2)JA for the bridge:
•
Resolved Caveats in Cisco IOS Release 12.3(2)JA6
•
A vulnerability exists in the IOS HTTP server in which HTML code inserted into dynamically generated output, such as the output from a show buffers command, is passed to the browser requesting the page. This HTML code could be interpreted by the client browser and potentially execute malicious commands against the device or other possible cross-site scripting attacks. Successful exploitation of this vulnerability requires that a user browse a page containing dynamic content in which HTML commands have been injected.
Cisco will be making free software available to address this vulnerability for affected customers. There are workarounds available to mitigate the effects of the vulnerability.This advisory is posted a the following URL:
http://www.cisco.com/warp/public/707/cisco-sa-20051201-http.shtml
•
RADIUS authentication on a device that is running certain versions of Cisco IOS and configured with a fallback method to none can be bypassed.
Systems that are configured for other authentication methods or that are not configured with a fallback method to none are not affected.
Only the systems that are running certain versions of Cisco IOS are affected. Not all configurations using RADIUS and none are vulnerable to this issue. Some configurations using RADIUS, none and an additional method are not affected.
Cisco has made free software available to address this vulnerability. There are workarounds available to mitigate the effects of the vulnerability.
More details can be found in the security advisory which posted at the following URL:
http://www.cisco.com/warp/public/707/cisco-sa-20050629-aaa.shtml
Resolved Caveats in Cisco IOS Release 12.3(2)JA5
The following caveat is resolved in Cisco IOS Release 12.3(2)JA5:
•
Cisco IOS may permit arbitrary code execution after exploitation of a heap-based buffer overflow vulnerability. Cisco has included additional integrity checks in its software, as further described below, that are intended to reduce the likelihood of arbitrary code execution.
Cisco has made free software available that includes the additional integrity checks for affected customers.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20051102-timers.shtml.
•
Resolved Caveats in Cisco IOS Release 12.3(2)JA
These caveats are resolved in Cisco IOS Release 12.3(2)JA:
•
These attacks, which only affect sessions terminating or originating on a device itself, can be of three types:
1. Attacks that use ICMP "hard" error messages
2. Attacks that use ICMP "fragmentation needed and Don't Fragment (DF) bit set" messages, also known as Path Maximum Transmission Unit Discovery (PMTUD) attacks
3. Attacks that use ICMP "source quench" messagesSuccessful attacks may cause connection resets or reduction of throughput in existing connections, depending on the attack type.
Multiple Cisco products are affected by the attacks described in this Internet draft.
Cisco has made free software available to address these vulnerabilities. In some cases there are workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml.
The disclosure of these vulnerabilities is being coordinated by the National Infrastructure Security Coordination Centre (NISCC), based in the United Kingdom. NISCC is working with multiple vendors whose products are potentially affected. Its posting can be found at: http://www.niscc.gov.uk/niscc/docs/re-20050412-00303.pdf?lang=en.
•
•
Troubleshooting
For the most up-to-date, detailed troubleshooting information, refer to the Cisco TAC website at http://www.cisco.com/en/US/support/index.html. Click Tools and Resources, and choose the resource that best suits your troubleshooting needs.
Documentation Updates
The Cisco Aironet 1400 Series Wireless Bridge Mounting Instructions provides detailed instructions for installing and mounting the bridge.
Optional Antenna Clarification
The Quick Start Guide: Cisco Aironet 1400 Series Wireless Bridge states on page 6 that the external antenna version of the bridge connects to an optional antenna. The statement is incorrect. The external antenna of the bridge has no installed antenna. The customer must purchase the antenna for the this version. There are three antenna options available for the external antenna version and the customer must purchase at least one to make the bridge operational.
A revision to this guide will be released at a future date.
Stacking Bridges Section Changes
The separation distance between the two stacked bridge antennas is a minimum of 6.56 ft (2 m).
Related Documentation
These documents describe the installation and configuration of the bridge:
•
•
•
•
•
•
•
•
•
Obtaining Documentation
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation at this URL:
http://www.cisco.com/techsupport
You can access the Cisco website at this URL:
You can access international Cisco websites at this URL:
http://www.cisco.com/public/countries_languages.shtml
Product Documentation DVD
The Product Documentation DVD is a comprehensive library of technical product documentation on a portable medium. The DVD enables you to access multiple versions of installation, configuration, and command guides for Cisco hardware and software products. With the DVD, you have access to the same HTML documentation that is found on the Cisco website without being connected to the Internet. Certain products also have .PDF versions of the documentation available.
The Product Documentation DVD is available as a single unit or as a subscription. Registered Cisco.com users (Cisco direct customers) can order a Product Documentation DVD (product number DOC-DOCDVD= or DOC-DOCDVD=SUB) from Cisco Marketplace at this URL:
http://www.cisco.com/go/marketplace/
Ordering Documentation
Registered Cisco.com users may order Cisco documentation at the Product Documentation Store in the Cisco Marketplace at this URL:
http://www.cisco.com/go/marketplace/
Nonregistered Cisco.com users can order technical documentation from 8:00 a.m. to 5:00 p.m. (0800 to 1700) PDT by calling 1 866 463-3487 in the United States and Canada, or elsewhere by calling 011 408 519-5055. You can also order documentation by e-mail at tech-doc-store-mkpl@external.cisco.com or by fax at 1 408 519-5001 in the United States and Canada, or elsewhere at 011 408 519-5001.
Documentation Feedback
You can rate and provide feedback about Cisco technical documents by completing the online feedback form that appears with the technical documents on Cisco.com.
You can submit comments about Cisco documentation by using the response card (if present) behind the front cover of your document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883We appreciate your comments.
Cisco Product Security Overview
Cisco provides a free online Security Vulnerability Policy portal at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
From this site, you will find information about how to:
•
•
•
A current list of security advisories, security notices, and security responses for Cisco products is available at this URL:
To see security advisories, security notices, and security responses as they are updated in real time, you can subscribe to the Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed. Information about how to subscribe to the PSIRT RSS feed is found at this URL:
http://www.cisco.com/en/US/products/products_psirt_rss_feed.html
Reporting Security Problems in Cisco Products
Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you have identified a vulnerability in a Cisco product, contact PSIRT:
•
An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies.
•
In an emergency, you can also reach PSIRT by telephone:
•
•
Tip
Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
The link on this page has the current PGP key ID in use.
If you do not have or use PGP, contact PSIRT at the aforementioned e-mail addresses or phone numbers before sending any sensitive material to find other means of encrypting the data.
Obtaining Technical Assistance
Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Technical Support & Documentation website on Cisco.com features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller.
Cisco Technical Support & Documentation Website
The Cisco Technical Support & Documentation website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, at this URL:
http://www.cisco.com/techsupport
Access to all tools on the Cisco Technical Support & Documentation website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:
http://tools.cisco.com/RPF/register/register.do
Note
Submitting a Service Request
Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:
http://www.cisco.com/techsupport/servicerequest
For S1 or S2 service requests, or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.
To open a service request by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447For a complete list of Cisco TAC contacts, go to this URL:
http://www.cisco.com/techsupport/contacts
Definitions of Service Request Severity
To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.
Severity 1 (S1)—An existing network is down, or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operations are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.
Severity 3 (S3)—Operational performance of the network is impaired, while most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
•
•
http://www.cisco.com/go/marketplace/
•
•
•
http://www.cisco.com/go/iqmagazine
or view the digital edition at this URL:
http://ciscoiq.texterity.com/ciscoiq/sample/
•
•
http://www.cisco.com/en/US/products/index.html
•
http://www.cisco.com/discuss/networking
•
http://www.cisco.com/en/US/learning/index.html
CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0601R)
Guest
