|
|
June 29, 2001
These release notes describe features and caveats for Cisco Aironet 340 and 350 Series Access Points running firmware version 11.06. These release notes also contain important information about the device.
Cisco Aironet Access Points are wireless LAN transceivers that can act as the center point of a stand-alone wireless network or as the connection point between wireless and wired networks. In large installations, the roaming functionality provided by multiple access points allows wireless users to move freely throughout the facility while maintaining uninterrupted access to the network.
The access point uses a browser-based management system. The system settings are contained on web pages in the access point's firmware. You use your internet browser to view and adjust the access point's system settings.
Access point model AP352E2R-A-K9 has a metal case and industrial parts that increase its operating temperature range to -4 to 131\xb0 F (-20 to 55\xb0 C). The metal-case access point complies with UL 2043 for products installed in air handling spaces, such as above suspended ceilings.
Cisco Aironet 350 Series Access Points receive power through the Ethernet cable, so you don't need to attach a separate power cord to the access point. Plug the Ethernet cable into the Ethernet port on the back of the access point and plug the other end into one of three possible power sources:
 |
Caution Cisco Aironet power injectors are designed for use with Cisco Aironet 350 Series Access Points and Bridges only. Do not use the power injector with any other Ethernet-ready device. Using the power injector with other Ethernet-ready devices can damage the equipment. |
 |
Note If you install the access point in an air handling space, such as above a suspended ceiling, check national and local safety codes to make sure that the Ethernet cable you connect to the unit meets applicable standards. |
Cisco Aironet 350 Series Access Points use 100-mW radios.
You can configure the access point to use up to four servers for authentication services, so you can set up backup authenticators. See the "Setting Up Backup Authentication Servers" section in the Cisco Aironet Access Point Software Configuration Guide for more information on setting up backup authentication servers.
You can configure a RADIUS server on your network to authenticate wireless client devices based on MAC addresses. You use MAC-based authentication to specify MAC addresses that are allowed to associate and pass data through the access point. Other devices are not allowed to associate. See the "Setting Up MAC-Based Authentication" section in the Cisco Aironet Access Point Software Configuration Guide for more information on setting up MAC-based authentication.
Since December 2000, Cisco Aironet Access Points have supported 802.1X for 802.11, the draft standard for extended security on wireless LANs. Until recently, the only 802.1X authentication type was LEAP, which is supported by Cisco Aironet client adapters and the Cisco Secure ACS RADIUS server. Now, however, Microsoft is introducing the EAP-TLS authentication type, which is supported by Windows XP clients and Microsoft's RADIUS server. Version 11.06 of access point firmware supports the latest version of 802.1X (draft 10) and the EAP-TLS authentication type.
You can find the latest release of access point firmware at the following URL:
http://www.cisco.com/pcgi-bin/tablebuild.pl/aironet-350
|
Caution The operational voltage range for Cisco Aironet 350 Series Access Points is 24 to 60 VDC, and the nominal voltage is 48 VDC. Higher voltage can damage the equipment. |
|
Caution Cisco Aironet power injectors are designed for use with Cisco Aironet 350 Series Access Points and Bridges only. Do not use the power injector with any other Ethernet-ready device. Using the power injector with other Ethernet-ready devices can damage the equipment. |
When you update the firmware on an access point, allow the unit to finish its start-up sequence before removing power. If you update the firmware and remove power before the access point finishes the start-up sequence, the radio firmware might be corrupted, making the unit inoperable. If the radio firmware is corrupted, the radio indicator (the bottom of the three indicators on top of the access point) lights solid red and the following error message appears when the access point starts up:
If the access point's radio firmware is corrupted, you must return the unit to Cisco for service.
You can safely remove power after a firmware update when the configuration management pages reappear in the command-line or web-browser interfaces, or when the three status indicators on top of the access point complete the following pattern:
1. All three indicators light solid green, indicating that the access point is beginning to update the firmware.
2. The middle indicator lights solid green and the top and bottom indicators are not lit, indicating that the access point is updating the radio firmware.
When the middle indicator blinks or the top and bottom indicators blink, you can remove power.
|
Note This section applies to wireless networks set up to use LEAP. If you do not use LEAP on your wireless network, you can skip this section. |
Wireless client devices use Extensible Authentication Protocol (EAP) to log onto a network and generate a dynamic, client-specific WEP key for the current logon session. If your wireless network uses WEP without EAP, client devices use the static WEP keys entered in the Aironet Client Utilities.
If you use Network-EAP authentication on your wireless network, your client devices and access points must use the same 802.1x protocol draft. For example, if the radio firmware on the client devices that will associate with an access point is 4.16, then the access point should be configured to use Draft 8 of the 802.1x protocol. Table 1 lists firmware versions for Cisco Aironet products and the draft with which they comply.
| Firmware Version | Draft 7 | Draft 8 | Draft 10 |
|---|---|---|---|
PC/PCI cards 4.13 | — | x | — |
PC/PCI cards 4.16 | — | x | — |
PC/PCI cards 4.23 | — | x | — |
PC/PCI cards 4.25 and later | — | — | x |
WGB34x/352 8.58 | — | x | — |
WGB34x/352 8.61 or later | — | — | x |
AP34x/35x 11.05 and earlier | — | x | — |
AP34x/35x 11.06 and later1 | — | x | x |
| 1The default draft setting in access point and bridge firmware version 11.06 and later is Draft 10. |
|
Note Draft standard 8 is the default setting in firmware version 11.05 and earlier, and it might remain in effect when you upgrade the firmware to version 11.06 or later. Check the setting on the Authenticator Configuration page in the management system to make sure the best draft standard for your network is selected. |
|
Note When you upgrade your access point firmware to version 11.06, the access point's radio firmware version will be 4.23, and this is correct. You do not need to upgrade the access point's radio firmware to version 4.25.5. |
Use the Authenticator Configuration page in access point firmware version 11.06 to select the draft of the 802.1x protocol the access point's radio should use. Follow these steps to set the draft for your access point:
a. On the Summary Status page, click Setup.
b. On the Setup page, click Security.
c. On the Security Setup page, click Authentication Server.
Step 2 Use the 802.1x Protocol Version (for EAP authentication) pull-down menu to select the draft of the 802.1x protocol the access point's radio should use. Menu options include:
Step 3 Click Apply or OK to apply the setting. The access point or bridge reboots.
If you use Network-EAP as the authentication type on your wireless network, you must select key 1 as the transmit key on the acess point's AP Radio Data Encryption page. The access point uses the WEP key you enter in key slot 1 to encrypt multicast data signals it sends to EAP-enabled client devices. Because the access point transmits the WEP key used for multicast messages to the EAP-enabled client device during the EAP authentication process, that key does not have to appear in the EAP-enabled device's WEP key list. The access point uses a dynamic WEP key to encrypt unicast messages to EAP-enabled clients.
If you do not use EAP authentication on your wireless network, you can select any WEP key as the transmit key.
The access point MIB file (AWCVX-MIB) is supported by access point firmware version 11.00 only. Earlier versions of firmware do not support this MIB.
If you are a Cisco registered user, you can use the Cisco TAC Software Bug Toolkit, which consists of three tools (Bug Navigator, Bug Watcher, and Search by Bug ID Number) that help you identify existing bugs (or caveats) in Cisco software products.
Access the TAC Software Bug Toolkit at http://www.cisco.com/support/bugtools/ .
The following caveats have not been resolved for firmware version 11.06:
The following caveats have been resolved in firmware version 11.06:
For the most up-to-date, detailed troubleshooting information, refer to the Cisco TAC website at http://www.cisco.com/tac . Select Wireless LAN under Top Issues.
This section describes errors, omissions, and changes in user documentation for Cisco Aironet Access Points.
The procedure for setting up Hot Standby in firmware version 11.06 includes additional steps. Use the following updated steps instead of the steps described in the Cisco Aironet Access Point Software Configuration Guide:
|
Note Clients associated to the standby access point lose their connections during the hot standby setup process. |
Follow these steps to enable Hot Standby mode:
Critical settings include:
Step 2 On the standby access point, browse to the AP Radio Identification page:
a. On the Summary Status page, click Setup.
b. On the Setup page, click Identification in the AP Radio row under Network Ports.
Step 3 Select no for the Adopt Primary Port Identity option and click Apply. The access point reboots.
Step 4 After the access point reboots, browse to the Hot Standby page.
Step 5 Enter the monitored access point's SSID in the Service Set ID entry field.
Step 6 Enter the monitored access point's MAC address in the MAC Address For the Monitored AP entry field.
Step 7 Enter the number of seconds between each query the standby access point sends to the monitored access point.
Step 8 Enter the number of seconds the standby access point should wait for a response from the monitored access point before it assumes that the monitored access point has malfunctioned.
Step 9 Click Start Hot Standby Mode. The standby access point becomes a client device associated to the monitored access point.
Step 10 Click the browser's refresh button to verify that the Current State line on the Hot Standby Setup page states that hot standby is initialized.
|
Note If the monitored access point malfunctions and the standby access point takes its place, repeat the hot standby setup on the standby access point when you repair or replace the monitored access point. The standby access point does not revert to standby mode automatically. |
The description of Admin capability in the access point's User Manager security feature that appears in the Cisco Aironet Access Point Software Configuration Guide now accurately describes the permission granted to a user with Admin capability:
Consult the "Setting Up Administrator Authorization" section of the Cisco Aironet Access Point Software Configuration Guide for more information on the User Manager feature.
The description of the Mexico channel set in the Cisco Aironet Access Point Software Configuration Guide now accurately lists the regulatory domain and available channels for Cisco Aironet products used in Mexico:
|
Note Mexico is included in the North America regulatory domain; however, only channels 9 through 11 are allowed to be used in Mexico. End users are responsible for ensuring that the channel set configuration is in compliance with the regulatory standards of Mexico. |
Consult "Channels, Power Levels, and Antenna Gains" of the Cisco Aironet Access Point Software Configuration Guide for more information on channel sets and regulatory domains.
Use the following documents in conjunction with this document.
The following sections provide sources for obtaining documentation from Cisco Systems.
You can access the most current Cisco documentation on the World Wide Web at the following sites:
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or as an annual subscription.
Cisco documentation is available in the following ways:
If you are reading Cisco product documentation on the World Wide Web, you can submit technical comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco.
You can e-mail your comments to bug-doc@cisco.com.
To submit your comments by mail, use the response card behind the front cover of your document, or write to the following address:
Attn Document Resource Connection
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-9883
Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools. For Cisco.com registered users, additional troubleshooting tools are available from the TAC website.
Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information and resources at anytime, from anywhere in the world. This highly integrated Internet application is a powerful, easy-to-use tool for doing business with Cisco.
Cisco.com provides a broad range of features and services to help customers and partners streamline business processes and improve productivity. Through Cisco.com, you can find information about Cisco and our networking solutions, services, and programs. In addition, you can resolve technical issues with online technical support, download and test software packages, and order Cisco learning materials and merchandise. Valuable online skill assessment, training, and certification programs are also available.
Customers and partners can self-register on Cisco.com to obtain additional personalized information and services. Registered users can order products, check on the status of an order, access technical support, and view benefits specific to their relationships with Cisco.
To access Cisco.com, go to the following website:
The Cisco TAC website is available to all customers who need technical assistance with a Cisco product or technology that is under warranty or covered by a maintenance contract.
If you have a priority level 3 (P3) or priority level 4 (P4) problem, contact TAC by going to the TAC website:
P3 and P4 level problems are defined as follows:
In each of the above cases, use the Cisco TAC website to quickly find answers to your questions.
To register for Cisco.com, go to the following website:
http://www.cisco.com/register/
If you cannot resolve your technical issue by using the TAC online resources, Cisco.com registered users can open a case online by using the TAC Case Open tool at the following website:
http://www.cisco.com/tac/caseopen
If you have a priority level 1 (P1) or priority level 2 (P2) problem, contact TAC by telephone and immediately open a case. To obtain a directory of toll-free numbers for your country, go to the following website:
http://www.cisco.com/warp/public/687/Directory/DirTAC.shtm l
P1 and P2 level problems are defined as follows:
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
AccessPath, AtmDirector, Browse with Me, CCIP, CCSI, CD-PAC, CiscoLink, the Cisco Powered Network logo, Cisco Systems Networking Academy, the Cisco Systems Networking Academy logo, Fast Step, Follow Me Browsing, FormShare, FrameShare, GigaStack, IGX, Internet Quotient, IP/VC, iQ Breakthrough, iQ Expertise, iQ FastTrack, the iQ Logo, iQ Net Readiness Scorecard, MGX, the Networkers logo, Packet, RateMUX, ScriptBuilder, ScriptShare, SlideCast, SMARTnet, TransPath, Unity, Voice LAN, Wavelength Router, and WebViewer are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, Discover All That's Possible, and Empowering the Internet Generation, are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Enterprise/Solver, EtherChannel, EtherSwitch, FastHub, FastSwitch, IOS, IP/TV, LightStream, MICA, Network Registrar, PIX, Post-Routing, Pre-Routing, Registrar, StrataView Plus, Stratm, SwitchProbe, TeleRouter, and VCO are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and certain other countries.
All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0106R)
Copyright © 2001, Cisco Systems, Inc.
All rights reserved.
Posted: Tue Dec 18 07:43:15 PST 2001
All contents are Copyright © 1992--2001 Cisco Systems, Inc. All rights reserved.
Important Notices and Privacy Statement.