This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Wireless
- ExtremeWireless (WiNG)
- Recommended Patch Course for 7181
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Recommended Patch Course for 7181
Recommended Patch Course for 7181
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-30-2017 06:00 PM
What would the recommended course of action be with EOL devices and the recent Krack attack? I know the 7181 is EOL, but has a patch been released for the last firmware? I believe the latest firmware that was supported was 5.8.4.0-034.
6 REPLIES 6
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
11-04-2017 06:14 PM
The RFS series controllers have limited amount of flash available and the following are the pre-oaded AP images when upgrading an RFS wireless controller (example from RFS4000 v5.8.6.7):
RFS4K-WAN#sh device-upgrade ver
--------------------------------------------------------------------------------
CONTROLLER DEVICE-TYPE VERSION
--------------------------------------------------------------------------------
RFS4K-WAN ap621 5.8.6.7-002R
RFS4K-WAN ap622 5.8.6.7-002R
RFS4K-WAN ap650 5.8.6.7-002R
RFS4K-WAN ap6511 none
RFS4K-WAN ap6521 5.8.6.7-002R
RFS4K-WAN ap6522 5.8.6.7-002R
RFS4K-WAN ap6532 5.8.6.7-002R
RFS4K-WAN ap6562 5.8.6.7-002R
RFS4K-WAN ap71xx none
RFS4K-WAN ap7502 none
RFS4K-WAN ap7522 none
RFS4K-WAN ap7532 none
RFS4K-WAN ap7562 none
RFS4K-WAN ap81xx none
RFS4K-WAN ap82xx none
RFS4K-WAN ap8432 none
RFS4K-WAN ap8533 none
All other AP images would need to be uploaded to the RFS controller and typically no more than 2 to 3 additional images can be uploaded to the controller.
As for the RFS7000 comments, the RFS7000 has been EOS for a couple of years now, with plenty of time for customers to refresh. The code is the same across each platform, but the hardware is not.
For the time being, with 802.11r disabled and broadcast key rotation is disabled (both disabled by default on all WiNG 5 platforms), you should be fine, but would start looking to refresh your RFS controllers with newer models.
RFS4K-WAN#sh device-upgrade ver
--------------------------------------------------------------------------------
CONTROLLER DEVICE-TYPE VERSION
--------------------------------------------------------------------------------
RFS4K-WAN ap621 5.8.6.7-002R
RFS4K-WAN ap622 5.8.6.7-002R
RFS4K-WAN ap650 5.8.6.7-002R
RFS4K-WAN ap6511 none
RFS4K-WAN ap6521 5.8.6.7-002R
RFS4K-WAN ap6522 5.8.6.7-002R
RFS4K-WAN ap6532 5.8.6.7-002R
RFS4K-WAN ap6562 5.8.6.7-002R
RFS4K-WAN ap71xx none
RFS4K-WAN ap7502 none
RFS4K-WAN ap7522 none
RFS4K-WAN ap7532 none
RFS4K-WAN ap7562 none
RFS4K-WAN ap81xx none
RFS4K-WAN ap82xx none
RFS4K-WAN ap8432 none
RFS4K-WAN ap8533 none
All other AP images would need to be uploaded to the RFS controller and typically no more than 2 to 3 additional images can be uploaded to the controller.
As for the RFS7000 comments, the RFS7000 has been EOS for a couple of years now, with plenty of time for customers to refresh. The code is the same across each platform, but the hardware is not.
For the time being, with 802.11r disabled and broadcast key rotation is disabled (both disabled by default on all WiNG 5 platforms), you should be fine, but would start looking to refresh your RFS controllers with newer models.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
11-04-2017 12:38 PM
Go have a look at this thread: https://community.extremenetworks.com/extreme/topics/krack-attack-on-wpa2
If your APs are controlled by a current controller (pretty much anything except RFS7000), it contains AP code for the most recent version of firmware, so for instance AP71xx 5.8.6.7 is present on the Controller, and it can upgrade the devices. A note a caution however, it would not be supported by GTAC if you needed assistance.
As a general observation, there appears to be an underlying sentiment in this forum that Extreme Networks (to be clear, I'm talking about the decision makers and not the excellent technical and support staff) is attempting to profit from the WPA2 Krack vulnerability by pushing customers off the legacy gear by simply not supporting it.
The code change in the RFS7000 for instance would be identical to that in the RFS6000, since for years the sales argument is that all the platforms run the same code. Similarly even going back to 5.7.x it would be the same code changes to fix the problem. So technically speaking there's nothing stopping Extreme Networks from issuing patches for older code revisions, which would go a long way to making it feel like Extreme Networks takes their customers' networks to heart.
If your APs are controlled by a current controller (pretty much anything except RFS7000), it contains AP code for the most recent version of firmware, so for instance AP71xx 5.8.6.7 is present on the Controller, and it can upgrade the devices. A note a caution however, it would not be supported by GTAC if you needed assistance.
As a general observation, there appears to be an underlying sentiment in this forum that Extreme Networks (to be clear, I'm talking about the decision makers and not the excellent technical and support staff) is attempting to profit from the WPA2 Krack vulnerability by pushing customers off the legacy gear by simply not supporting it.
The code change in the RFS7000 for instance would be identical to that in the RFS6000, since for years the sales argument is that all the platforms run the same code. Similarly even going back to 5.7.x it would be the same code changes to fix the problem. So technically speaking there's nothing stopping Extreme Networks from issuing patches for older code revisions, which would go a long way to making it feel like Extreme Networks takes their customers' networks to heart.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-30-2017 06:21 PM
Bummer! I will look at the recommendations you have given.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
10-30-2017 06:11 PM
Hello Kendal,
WiNG v5.8.5.x was the last release for the EOL AP7181 and Extreme Networks is only patching v5.8.6, v5.9.0, and v5.9.1 builds in regards to the WPA2/KRACK vulnerability. I would ensure that 802.11r and broadcast key rotation for WPA2/CCMP WLANs are disabled (disabled by default on WiNG 5). Both settings are within the WLAN configuration (broadcast key rotation is under WLAN/Security and 802.11r/Fast BSS Transition is under WLAN/Advanced).
WiNG v5.8.5.x was the last release for the EOL AP7181 and Extreme Networks is only patching v5.8.6, v5.9.0, and v5.9.1 builds in regards to the WPA2/KRACK vulnerability. I would ensure that 802.11r and broadcast key rotation for WPA2/CCMP WLANs are disabled (disabled by default on WiNG 5). Both settings are within the WLAN configuration (broadcast key rotation is under WLAN/Security and 802.11r/Fast BSS Transition is under WLAN/Advanced).
