ExtremeWireless (WiNG)

Expand all | Collapse all

Recommended Patch Course for 7181

  • 1.  Recommended Patch Course for 7181

    Posted 10-30-2017 18:00
    What would the recommended course of action be with EOL devices and the recent Krack attack? I know the 7181 is EOL, but has a patch been released for the last firmware? I believe the latest firmware that was supported was 5.8.4.0-034.


  • 2.  RE: Recommended Patch Course for 7181

    Posted 10-30-2017 18:11
    Hello Kendal,
    WiNG v5.8.5.x was the last release for the EOL AP7181 and Extreme Networks is only patching v5.8.6, v5.9.0, and v5.9.1 builds in regards to the WPA2/KRACK vulnerability. I would ensure that 802.11r and broadcast key rotation for WPA2/CCMP WLANs are disabled (disabled by default on WiNG 5). Both settings are within the WLAN configuration (broadcast key rotation is under WLAN/Security and 802.11r/Fast BSS Transition is under WLAN/Advanced).


  • 3.  RE: Recommended Patch Course for 7181

    Posted 10-30-2017 18:21
    Bummer! I will look at the recommendations you have given.


  • 4.  RE: Recommended Patch Course for 7181

    Posted 11-04-2017 12:38
    Go have a look at this thread: https://community.extremenetworks.com/extreme/topics/krack-attack-on-wpa2

    If your APs are controlled by a current controller (pretty much anything except RFS7000), it contains AP code for the most recent version of firmware, so for instance AP71xx 5.8.6.7 is present on the Controller, and it can upgrade the devices. A note a caution however, it would not be supported by GTAC if you needed assistance.





  • 5.  RE: Recommended Patch Course for 7181

    Posted 11-04-2017 18:14
    The RFS series controllers have limited amount of flash available and the following are the pre-oaded AP images when upgrading an RFS wireless controller (example from RFS4000 v5.8.6.7):

    RFS4K-WAN#sh device-upgrade ver
    --------------------------------------------------------------------------------
    CONTROLLER DEVICE-TYPE VERSION
    --------------------------------------------------------------------------------
    RFS4K-WAN ap621 5.8.6.7-002R
    RFS4K-WAN ap622 5.8.6.7-002R
    RFS4K-WAN ap650 5.8.6.7-002R
    RFS4K-WAN ap6511 none
    RFS4K-WAN ap6521 5.8.6.7-002R
    RFS4K-WAN ap6522 5.8.6.7-002R
    RFS4K-WAN ap6532 5.8.6.7-002R
    RFS4K-WAN ap6562 5.8.6.7-002R
    RFS4K-WAN ap71xx none
    RFS4K-WAN ap7502 none
    RFS4K-WAN ap7522 none
    RFS4K-WAN ap7532 none
    RFS4K-WAN ap7562 none
    RFS4K-WAN ap81xx none
    RFS4K-WAN ap82xx none
    RFS4K-WAN ap8432 none
    RFS4K-WAN ap8533 none

    All other AP images would need to be uploaded to the RFS controller and typically no more than 2 to 3 additional images can be uploaded to the controller.

    As for the RFS7000 comments, the RFS7000 has been EOS for a couple of years now, with plenty of time for customers to refresh. The code is the same across each platform, but the hardware is not.

    For the time being, with 802.11r disabled and broadcast key rotation is disabled (both disabled by default on all WiNG 5 platforms), you should be fine, but would start looking to refresh your RFS controllers with newer models.


  • 6.  RE: Recommended Patch Course for 7181

    Posted 10-30-2017 18:11
    Christopher, can we see this as official information, that version old as 5.8.6. get no patch? At the begin the KRACK site says "5.7.x / 5.8.x / 5.9.x". Not it's 5.8.6 / 5.9.0 / 5.9.1


  • 7.  RE: Recommended Patch Course for 7181

    Posted 10-30-2017 18:11
    Hello Timo,
    You can view the info at the following URL:

    https://extremeportal.force.com/ExtrArticleDetail?n=000018005