Header Only - DO NOT REMOVE - Extreme Networks

WiNG 5.8.6.7 vs 5.8.6.8 ?


Userlevel 3
I noticed that WiNG 5.8.6.8 was just posted and, according the the release notes, it also contains patches for CVE-2017-13078 and CVE-2017-13080 (WPA2 KRACK). I was under the impression that 5.8.6.7 was "the" fix.

To clarify, is 5.8.6.8 the definitive patch for the KRACK vulnerabilities?

10 replies

Userlevel 5
The 5.8.6.8 is to address some of WPA2 KRACK vulnerabilities – it carries supplicant patches for Client Bridge mode as well as support for sensor Krack signature for ADSP. (ADSP release with that functionality should be released shortly).
Userlevel 5
See release notes:
WiNG 5.8.6.8 Release Notes
WiNG 5.8.6.7 Release Notes
Userlevel 3
The issue is that according to this document: https://extremeportal.force.com/ExtrArticleDetail?n=000018005
It indicates 5.8.6.7 would have been "the fix", thus gearing up to upgrade customer's network (which is using client bridge functionality) to 5.8.6.7 only to find out 5.8.6.8 was released to address KRACK in client bridge instances was somewhat frustrating.

Please update the documentation to reflect this.
Userlevel 4
If you don't have APs in CB mode - you don't need 5.8.6.8. 5.8.6.7 addressed the common place for KRACK vuulnerability.
Userlevel 1
Hi,

Also in 5.8.6.8 release notes I read the quoted lines bellow. Does it mean that if I upgrade the RFS4010 to 5.8.6.8 will stop communication with AP621?

2. Platforms Supported
This release applies to all platforms released with WiNG 5.8.6.0-011R.
Reminder:
Dependent AP platforms: AP 621, 622, 650 are EOL and engineering support has ended.
Independent AP platforms: AP 6511, AP 6511E, AP 7131, AP 7181, AP 8222, ES 6510 are
EOL and engineering support has ended.
Controller platforms: RFS 4011, RFS 7000, NX 9000, NX 45XX and NX 65XX platforms are
EOL and engineering has ended.

Userlevel 5
gluo wrote:

Hi,

Also in 5.8.6.8 release notes I read the quoted lines bellow. Does it mean that if I upgrade the RFS4010 to 5.8.6.8 will stop communication with AP621?

2. Platforms Supported
This release applies to all platforms released with WiNG 5.8.6.0-011R.
Reminder:
Dependent AP platforms: AP 621, 622, 650 are EOL and engineering support has ended.
Independent AP platforms: AP 6511, AP 6511E, AP 7131, AP 7181, AP 8222, ES 6510 are
EOL and engineering support has ended.
Controller platforms: RFS 4011, RFS 7000, NX 9000, NX 45XX and NX 65XX platforms are
EOL and engineering has ended.



All it means that if you find any issues on any of the EndOfLife (EOL) equipment, Engineering will not debug/support it.
Userlevel 1
gluo wrote:

Hi,

Also in 5.8.6.8 release notes I read the quoted lines bellow. Does it mean that if I upgrade the RFS4010 to 5.8.6.8 will stop communication with AP621?

2. Platforms Supported
This release applies to all platforms released with WiNG 5.8.6.0-011R.
Reminder:
Dependent AP platforms: AP 621, 622, 650 are EOL and engineering support has ended.
Independent AP platforms: AP 6511, AP 6511E, AP 7131, AP 7181, AP 8222, ES 6510 are
EOL and engineering support has ended.
Controller platforms: RFS 4011, RFS 7000, NX 9000, NX 45XX and NX 65XX platforms are
EOL and engineering has ended.



So, if I install it the access ports AP621 will still be able to communicate with the controller?
Userlevel 1
gluo wrote:

Hi,

Also in 5.8.6.8 release notes I read the quoted lines bellow. Does it mean that if I upgrade the RFS4010 to 5.8.6.8 will stop communication with AP621?

2. Platforms Supported
This release applies to all platforms released with WiNG 5.8.6.0-011R.
Reminder:
Dependent AP platforms: AP 621, 622, 650 are EOL and engineering support has ended.
Independent AP platforms: AP 6511, AP 6511E, AP 7131, AP 7181, AP 8222, ES 6510 are
EOL and engineering support has ended.
Controller platforms: RFS 4011, RFS 7000, NX 9000, NX 45XX and NX 65XX platforms are
EOL and engineering has ended.



If I remember correctly the last img for AP621 was 5.8.4.
Userlevel 3
gluo wrote:

Hi,

Also in 5.8.6.8 release notes I read the quoted lines bellow. Does it mean that if I upgrade the RFS4010 to 5.8.6.8 will stop communication with AP621?

2. Platforms Supported
This release applies to all platforms released with WiNG 5.8.6.0-011R.
Reminder:
Dependent AP platforms: AP 621, 622, 650 are EOL and engineering support has ended.
Independent AP platforms: AP 6511, AP 6511E, AP 7131, AP 7181, AP 8222, ES 6510 are
EOL and engineering support has ended.
Controller platforms: RFS 4011, RFS 7000, NX 9000, NX 45XX and NX 65XX platforms are
EOL and engineering has ended.



The AP621 firmware is still part of the RFS4000 image, so if you install it, it will still adopt and operate the AP621, but you can't call support for any issues that might arise.

From the CLI, you can enter: show device-upgrade versions to see which APs are supported out of the box.
On the RFS4000 the included firmware is for the AP621, AP622, AP650, AP6521, AP6522, AP6532, AP6562. Any other APs require additional firmware to be loaded into the RFS.
Userlevel 1
gluo wrote:

Hi,

Also in 5.8.6.8 release notes I read the quoted lines bellow. Does it mean that if I upgrade the RFS4010 to 5.8.6.8 will stop communication with AP621?

2. Platforms Supported
This release applies to all platforms released with WiNG 5.8.6.0-011R.
Reminder:
Dependent AP platforms: AP 621, 622, 650 are EOL and engineering support has ended.
Independent AP platforms: AP 6511, AP 6511E, AP 7131, AP 7181, AP 8222, ES 6510 are
EOL and engineering support has ended.
Controller platforms: RFS 4011, RFS 7000, NX 9000, NX 45XX and NX 65XX platforms are
EOL and engineering has ended.



Best answer ever.
Thank you.

Reply