This product bulletin describes the content and delivery information for Cisco® IOS® Software Release 12.4(3G)JA supporting Cisco Aironet® 1400 Series Outdoor Wireless Bridges, Cisco Aironet 1300 Series Outdoor Access Points and Bridges, and Cisco Aironet 1240AG and 1130AG Series Access Points. This release contains new features as well as enhancements to previous features.
This Cisco IOS Software Release 12.4(3G)JA is available as a free software upgrade. Figure 1 displays the release train and recommended migration path for Cisco IOS Software Release 12.4(3G)JA. Only bug fixes are provided for Cisco Aironet 1100, 1200 and 1230 Series Access Points.
Figure 1. Release Train and Recommended Migration Path for Cisco IOS Software Release 12.4(3G)JA
New Features in Cisco Ios Software Releases 12.4(3G)JA
Table 1 lists new features in Cisco IOS Software Release 12.4(3G)JA. These features are supported in the platforms noted.
Table 1. New Cisco IOS Software Features in Cisco IOS Software Release 12.4(3G)JA
New Features
Cisco Aironet 1100 Series Access Points
Cisco Aironet 1130AG and 1130G Series Access Points
Cisco Aironet 1200 Series Access Points
Cisco Aironet 1230 Series Access Points
Cisco Aironet 1240AG and 1130G Series Access Points
Cisco Aironet 1300 Series Access Points/ Bridges
Cisco Aironet 1400 Series Wireless Bridges
Cisco Aironet 1240G Series and 1130G Series Access Points
-
X
-
-
X
-
-
Regulatory Domain Update for Japan
-
X
-
-
X
-
-
Management Frame Protection for Workgroup Bridge and Clients
-
X
-
-
X
X
-
Channel Scan Limitation for Workgroup Bridge
-
X
-
-
X
X
-
Multiple VLAN and Rate Limiting Support for Wireless Bridges
-
X
-
-
X
X
-
Universal Workgroup Bridge Support for One Ethernet Client
-
X
-
-
X
X
-
Feature Description for Cisco IOS Software Release 12.4(3G)JA
Cisco Aironet Access Points
The Cisco Aironet flagship access points-the Cisco Aironet 1240AG Series and the Cisco Aironet 1130AG Series-are now available in single-band 802.11g versions for use in regulatory domains that do not allow 802.11a (5-GHz) operation.
The Cisco Aironet 1240G Series Access Points provide single-band 802.11g wireless connectivity for challenging RF environments such as factories, warehouses, and large retail establishments (Table 2).
The Cisco Aironet 1130G Series is a single-band, low-profile, business-class access point with integrated antennas for easy deployment in offices and similar RF environments (Table 3).
Table 3. Cisco Aironet 1130G Series Access Points
Part Number
Description
Regulatory Domain
AIR-AP1131G-x-K9 Cisco IOS Software
802.11g Non-modular IOS AP; Integrated Antennas
x=
• A=FCC
• E=ETSI
• P=Japan2
AIR-LAP1131G-x-K9 LWAPP
802.11g Non-modular LWAPP AP: Integrated Antennas
x=
• A=FCC
• E=ETSI
• P=Japan2
Regulatory Domain Update for Japan
This release supports the U regulatory domain for the W52 frequency set (channels 36, 40, 44, and 48) in Japan. Cisco access points specified for this new domain ship with a U domain radio. Installed J domain access points are automatically upgraded to U domain status with this release. For the latest Cisco WLAN compliance status, please visit: http://www.cisco.com/application/pdf/en/us/guest/products/ps5861/c1650/cdccont_0900aecd80537b6a.pdf.
Management Frame Protection
Wireless Intrusion Detection System (IDS)-Management Frame Protection (MFP), which provides for the authentication of 802.11 management frames by the wireless network infrastructure, was introduced with Cisco IOS Software Release 12.3(8)JA. This release enhances MFP support and is now available for Cisco Aironet 802.11a/b/g CardBus Wireless LAN Client Adapters, Wireless PCI Adapters, and Autonomous Access Points running in root, repeater, workgroup bridge, and non-root bridge mode. MFP adds security to the MAC management layer of 802.11 connectivity by cryptographically hashing the management frames and generating a Message Integrity Check (MIC) during network connection. This release allows a Cisco Aironet 802.11a/b/g CardBus Wireless LAN Client Adapter or Wireless PCI Adapter to detect a spoofed management frame at the first instance of an attack and generate an intrusion detection system (IDS) alert to the device interface. Autonomous access points that detect a spoofed management frame from a client or another access point will also generate an IDS alert that is sent to the Cisco Wireless LAN Solution Engine (WLSE), as shown in Figure 2. In order to take advantage of the MFP, the clients must support Cisco Compatible Extensions Version 5 devices. For more details, see the Cisco Compatible Extensions program Webpage at: http://www.cisco.com/go/ciscocompatible/wireless
Figure 2. Management Frame Protection for Cisco Aironet 802.11a/b/g CardBus Wireless LAN Client Adapter and Wireless PCI Adapter
Multiple VLAN and Rate-Limiting Support for Wireless Bridges
This feature provides the Cisco Aironet wireless LAN bridges the ability to provision each non-root under one VLAN. This could be supported by simply adding the 802.1Q tag with the configured VLAN ID to all the uplink packets coming from the Ethernet side of the non-root bridge. Cisco Aironet wireless bridges provide control in limiting the data traffic pumped through the air. This feature makes it possible to control the maximum rate of traffic transmitted or received on an interface. The actual action of limiting the data rate is done at Layer 3 before the traffic data is provided to the radio.
In order to implement rate limiting, the Cisco IOS Class-based Policing feature is used. You can find more details about this feature at the following link:
This feature reduces the total scanning time and hand-off delay as a workgroup bridge roams from one access point to another. With this feature, the workgroup bridge can be configured to scan only one or a limited subset of channels instead of scanning all possible channels.
Universal Workgroup Bridge Support for One Ethernet Client
This feature allows one Ethernet client to connect through a Cisco autonomous access point configured as a workgroup bridge to non-Cisco access points. When configured for universal workgroups bridge support, the access point uses the MAC address of the Ethernet client to associate with the non-Cisco access points. All probe and association requests will be sent and received using the MAC address of the Ethernet client instead of the dot11 MAC. As a result, the root (non-Cisco) access point will not be able to use telnet to manage the workgroup bridge, because it can only read the single MAC address of the connected Ethernet client, and it uses this MAC address to forward any traffic to the workgroup bridge.
Cisco IOS Software Release 12.4(3G)JA feature sets, images, and memory recommendations are listed in Table 4. The products supported by this release are listed in Table 5.
