Cisco Aironet 350 Series

Revised September 26, 2005

September 13, 2005

NOTICE:

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Products Affected

This includes:

• 340 Series Access Points (AIR-AP341E2C, AIR-AP341E2R, AIR- AP342E2C, AIR-AP342E2R)

• 350 Series Access Points (AIR-AP352E2C, AIR-AP352E2R-*-K9)

• 350 Series Wireless Bridges (AIR-BR350-*-K9)

• 1200 Series Access Points (AIR-AP1200, AIR-APR1220B-*-K9)

This does not include:

• 340 Series Wireless Bridges, Workgroup Bridges or the 350 Series Workgroup Bridges which run Cisco IOS.

• 350, 1200, 1100, 1300 or 1400 Series Access Points and Wireless Bridges running Cisco IOS.

• 1000 Series Lightweight Access Points running VxWorks

Problem Description

When an Aironet access point or wireless bridge running the VxWorks operating system boots, there is a window of time during which if the device should again be reset, such as due to a power cycle, the configuration files will be lost from flash and the unit will be restored to factory defaults.

A defaulted access point will broadcast the SSID tsunami with open authentication and no encryption. Therefore, such an access point will allow unauthenticated wireless clients to access the network.

Background

During device boot, during the interval between when the software image has successfully inflated and when the LAN and radio drivers are loaded, a reset will cause the configuration files to be lost.

Problem Symptoms

• Wireless clients and bridges that are configured to associate via a nondefault SSID and/or authentication method will be unable to associate to a defaulted device.

• The SSID tsunami will unexpectedly be seen.

Workaround/Solution

A defaulted VxWorks access point or bridge can have its configuration restored, assuming that the configuration has been saved on a system somewhere, via the AP GUI. See the Downloading, Uploading, and Resetting the Configuration section of the Cisco Aironet Access Point Software Configuration Guide for VxWorks.

This issue will not be resolved in a future VxWorks release as the current 12.05 release of VxWorks software will be the last. 350 and 1200 Series Access Points can be upgraded to IOS, which is not susceptible to this problem.

If the multiple resets are triggered by power on / off events, this problem can be reduced by installing power conditioning, uninterruptible power supply devices, or other appropriate power solutions.

In order to mitigate the security impact of VxWorks access points unexpectedly becoming reset to factory defaults, if the AP is on a switch port that can support 802.1q trunking, the port can be configured to disallow network access for the native VLAN.

Note: The following should be considered before changing this configuration:

This will prevent the AP from being managed, and the AP can be configured only to allow wireless access to tagged VLANs. Thus, when an AP becomes defaulted, its unauthenticated wireless clients will be put in the native VLAN and therefore can be blocked at the switch port.

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

• Open a service request on Cisco.com
• By email
• By telephone

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.