01-13-2006 08:37 AM - edited 07-04-2021 11:31 AM
I recieved this Cisco Advisory e-mail today. I have 1200 access points that I upgraded yesterday to 12.3(7)JA2, in which this problem was corrected. In the advisory it states to upgrade to this software release and to make a configuration change on each radio interface. I made this change on Dot11Radio0 interface and it took. I have 2 more interfaces ( Dot11Radio0.2 and Dot11Radio0.75) in which I get an error when I try to make this configuration change. I don't quite understand these interfaces, so I would like to know if I really need to make this change on the other 2 interfaces or is making the change on the 1st one enough. Any information is certainly appreciated. Thanks, Laurie Coles
01-19-2006 09:28 AM
The issue may be due to the access list configured in the device. If the memory usage is greater than the memory available, the user can disable the ACL feature so that memory exhaustion does not occur, but the acceleration of the ACLs is not then enabled.
01-19-2006 10:56 AM
Since you have subinterfaces configured, you are apparently using
VLANs on your APs. The ARP table is only relevant for the VLAN
with the management IF, that is the native VLAN.
For all other VLANs it's simply bridging, therefore no ARP table,
and therefore this vulnerability doesn't apply here.
So your only concern should be the native VLAN, and unless you
need wireless access for managing your APs the best way for
securing this would be to not configure a SSID for this VLAN.
Then the only access to the AP would be over the Ethernet-IF.
The security advisory is more important for APs configured
without VLANs where wireless clients and the management IF
of the AP are in the same (W)LAN.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: