Cisco Systems OL-11567-02 manual Caveats

Page 22

Caveats

CSCsc41313—The Cisco Aironet 1500 Series Lightweight Outdoor Access Points are configured by default to allow old bridges. When this configuration is enabled, the shared secret key set on the controller is not passed to the access points, so a few access points might be running on the old key. If these access points reset or new access points are waiting to join the running network, they may take a very long time to connect to the network or might not join at all. The default value has been changed to not allow old bridges to authenticate.

Workaround: Configure the controller using this command: config network allow-old-bridge-aps disable.

CSCsc68154—The controller’s error log repeatedly displays the “Got an idle-timeout message from an unknown client” error message for some unknown reason.

Workaround: None at this time.

CSCsc70484—Most IPSec VPN clients start using the new security association (SA) immediately upon rekeying. However, the Cisco VPN Client continues to use the old SA for some time before switching to the new one, which results in packet loss until the client switches over.

Workaround: Use these WLAN settings on the controller to ensure that the client controls when the rekey process takes effect and the controller responds to the client for the phase 1 SA rekey:

Session Timeout: 0 seconds

Layer 3 Security: IPsec

IPsec Authentication: HMAC SHA1

IPsec Encryption: AES (If you choose 3DES, configure the IPsec lifetime to a value greater than the expected duration of the client session.)

IKE Phase 1: Aggressive

Lifetime: 43200 to 57600 seconds (12 to 16 hours)

IKE Diffie Hellman Group: Group 2 (1024 bits)

CSCsc75351—The controller CLI command debug mac addr client_mac_address, which is designed to limit debug output to the specified client, is not filtering client traffic.

Workaround: None at this time.

CSCsc77157—Multiple 4100 series controllers may simultaneously reset without crash files or message log entries being generated.

Workaround: None at this time.

CSCsc92354—The Security > MAC Filtering page on the controller GUI shows MAC address filters in this format: XX:XX:XX:XX:XX:XX, which differs from the Cisco standard format of XXXX:XXXX:XXXX.

Workaround: None at this time.

CSCsc98897—The SecureCRT application cannot open an SSH session on the controller. Workaround: Use PuTTy, the SSH client on Windows, or SSH in Linux.

CSCsd04684—The 4100 series controller ports do not work when the Gateway Load Balancing Protocol (GLBP) is configured on the management interface VLAN.

Workaround: Do not configure GLBP on the management interface VLAN. For redundancy, Hot Standby Router Protocol (HSRP) can be used on the management interface VLAN.

Release Notes for Cisco Wireless LAN Controllers and Lightweight Access Points for Release 3.2.171.6

22

OL-11567-02

 

 

Image 22
Contents Contents Software Release Information Cisco Unified Wireless Network Solution ComponentsController Requirements Finding the Software ReleaseInstallation Notes Upgrading to a New Software ReleaseSafety Information FCC Safety Compliance StatementInstallation Instructions They may save your lifeService Modules Supported in the Catalyst 6500 Series Switch Important NotesConfig snmp community create name Changing the Default Values of Snmp Community StringsConfig snmp community delete name Config snmp community ipaddr ipaddress ipmask nameConfig snmp community mode enable disable name Changing the Default Values for Snmp v3 UsersConfig snmp community accessmode ro rw name Config snmp v3user delete usernameFips Voice Wlan ConfigurationOperating Mesh Networks Through Switches and Routers Inter-Subnet RoamingHeavily Loaded Controller CPU Cisco 7920 Wireless IP Phone SupportSave config Radius Servers and the Management VlanClient Channel Changes Exclusion List Blacklist Client FeatureConfig database size MACfilterentry Maximum MAC Filter EntriesHome Page Retains Web Auth Login with IE 802.1x and Microsoft Wireless Configuration ManagerUsing the Backup Image Rldp Enable/DisableFeatures Not Supported on 2000 Series Controllers Apple iBookImage Not Supported for 3504 Controllers Upgrading External Web AuthenticationConfig custom-web ext-webserver add index IP-address Running a 3504 Image on a 2000 Series ControllerForvar i=0ipairs.lengthi++ Caveats Resolved Caveats in Software ReleaseCaveats Caveats Open Caveats Caveats Caveats Caveats Caveats Caveats Caveats Related Documentation TroubleshootingDocumentation Updates If You Need More InformationCisco.com Obtaining DocumentationDocumentation Feedback Product Documentation DVD Ordering DocumentationReporting Security Problems in Cisco Products Cisco Product Security OverviewObtaining Technical Assistance Product Alerts and Field NoticesCisco Technical Support & Documentation Website Submitting a Service Request Definitions of Service Request SeverityObtaining Additional Publications and Information Obtaining Additional Publications and Information