ExtremeCloud IQ (XIQ) Announcements

Expand all | Collapse all

ExtremeCloud IQVA 21.1.21.11 is Now Available!

  • 1.  ExtremeCloud IQVA 21.1.21.11 is Now Available!

    Posted 07-20-2021 15:10

    IQVA 21.1.21.11 has been released!

     

    You can view the release notes here

     

    The downloadable files can be found on the Extreme Portal, under Products: 



  • 2.  RE: ExtremeCloud IQVA 21.1.21.11 is Now Available!

    Posted 07-21-2021 07:02

    It seems you guys didn’t consider all parts of deactivating TLS 1.0 and TLS 1.1 (https://docs.aerohive.com/330000/docs/help/english/ng/Content/reference/virtual-appliance-release-notes.htm).

    Transport Layer Security (TLS) 1.0 and 1.1 Deprecation

    SSL TLS 1.0 and TLS 1.1 have been disabled in IQ Virtual Appliance and are no longer available in the user interface. TLS 1.2 is now the default supported cipher.

     

    Now my APs with IQ Engine 10.0r10b cannot connect anymore to IQVA as a PPSK radsec proxy:

    2021-07-21 08:53:45 err     radsecproxy[30081]: tlsconnectnonblock failed
    2021-07-21 08:53:45 err radsecproxy[30081]: tlsconnectnonblock: TLS: error:14090086:lib(20):func(144):reason(134)
    2021-07-21 08:53:45 warn radsecproxy[30081]: verify error: num=19:self signed certificate in certificate chain:depth=2:/CN=Aerohive/ST=CA/C=US/O=Aerohive Networks, Inc./OU=Engineering
    2021-07-21 08:53:45 warn radsecproxy[30081]: connecttcphostlist: TCP connection to <censored> port 2083 up
    2021-07-21 08:53:45 warn radsecproxy[30081]: connecttcphostlist: trying to open TCP connection to <censored> port 2083

    With means: PPSK is broken after the upgrade!!!



  • 3.  RE: ExtremeCloud IQVA 21.1.21.11 is Now Available!

    Posted 07-21-2021 10:28

    For others running in this issue, this is the fix:

     

    With regards to the certificate change, you will need to refresh the certificate on the AP. Go to device>select all>actions>reset idm client certificate.

     

    Our recommendation is to perform a complete update on the APs whenever the IQVA is updated in order to avoid issues such as this certificate issue.