Cisco Security Advisory: Access Point Memory Exhaustion from ARP Attacks

lcoles · ‎01-13-2006

I recieved this Cisco Advisory e-mail today. I have 1200 access points that I upgraded yesterday to 12.3(7)JA2, in which this problem was corrected. In the advisory it states to upgrade to this software release and to make a configuration change on each radio interface. I made this change on Dot11Radio0 interface and it took. I have 2 more interfaces ( Dot11Radio0.2 and Dot11Radio0.75) in which I get an error when I try to make this configuration change. I don't quite understand these interfaces, so I would like to know if I really need to make this change on the other 2 interfaces or is making the change on the 1st one enough. Any information is certainly appreciated. Thanks, Laurie Coles

mchin345 · ‎01-19-2006

The issue may be due to the access list configured in the device. If the memory usage is greater than the memory available, the user can disable the ACL feature so that memory exhaustion does not occur, but the acceleration of the ACLs is not then enabled.

kka · ‎01-19-2006

Since you have subinterfaces configured, you are apparently using

VLANs on your APs. The ARP table is only relevant for the VLAN

with the management IF, that is the native VLAN.

For all other VLANs it's simply bridging, therefore no ARP table,

and therefore this vulnerability doesn't apply here.

So your only concern should be the native VLAN, and unless you

need wireless access for managing your APs the best way for

securing this would be to not configure a SSID for this VLAN.

Then the only access to the AP would be over the Ethernet-IF.

The security advisory is more important for APs configured

without VLANs where wireless clients and the management IF

of the AP are in the same (W)LAN.