Wireless Access

Reply
Regular Contributor II

Re: WPA2 Vulnerability Discussion

Thanks.

Frequent Contributor II

Re: WPA2 Vulnerability Discussion


Viss wrote:

Hum.

I have a 3200 controller.

It's not clear to me which one of these images I should be trying to install on my controller.


3200 or 3200XM?

3200 cannot be upgraded past 6.1.x which was end of support May 2015.

For 3200XM, depending on your current version, I pesonally would try either 6.3.1.25 or 6.4.4.16.


Bruce Osborne - Wireless Engineer
ACCP, ACMP
New Contributor

Re: WPA2 Vulnerability Discussion

Check "Conservative Releases" listing instead of Standard Releases.

Contributor I

Re: WPA2 Vulnerability Discussion

I'm currently running 6.4.4.9, and I'm trying to upgrade to 6.4.4.16, however what appear to be the 'model numbers' in the firmware filenames say 6xx, 70xx, and 72xx. I'm not sure which to select, or if it will brick my controller if I use the wrong one.

Occasional Contributor I

Re: WPA2 Vulnerability Discussion

In the meantime between installing an appropriate firmware, are there other things that can/should be done to aleviate the risk?

 

For example, how do we tell if an IAP cluster is running 802.11r or OKC? Also, how do we know if we're using “Wi-Fi uplink" and is that an issue?

 

Are there actions that we can perform to reduce the risk before all access points are updated e.g. disable 802.11r and Wi-Fi Uplink ?

 

Finally on the client side, what actions are needed as I saw a previous post said BOTH sides need to be addressed (Windows 7/10 clients).

 

 

Any onfo will be appreciated.

Cheers.

 

Re: WPA2 Vulnerability Discussion


Viss wrote:

I'm currently running 6.4.4.9, and I'm trying to upgrade to 6.4.4.16, however what appear to be the 'model numbers' in the firmware filenames say 6xx, 70xx, and 72xx. I'm not sure which to select, or if it will brick my controller if I use the wrong one.


For the 3000 controller, or the 6000/M3, take the MMC architecture.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Contributor I

Re: WPA2 Vulnerability Discussion

oh I got it.

the descriptions are missing in the 6.4.4.16 release section.

If you go to to the 6.3.1.25 section, the notes are there and it says the 'MMC' version of the firmware is for the 3200 series controllers.

 

Looks like in the rush to get the fixed versions out they skipped all the remarks sections for all the 6.4.4.16 releases.

 

sigh.

Frequent Contributor II

Re: WPA2 Vulnerability Discussion


Viss wrote:

oh I got it.

the descriptions are missing in the 6.4.4.16 release section.

If you go to to the 6.3.1.25 section, the notes are there and it says the 'MMC' version of the firmware is for the 3200 series controllers.

 

Looks like in the rush to get the fixed versions out they skipped all the remarks sections for all the 6.4.4.16 releases.

 

sigh.


 

MMC is for 3200XM, 3400, 3600 controller.

They all use the same CPU architecture.


Bruce Osborne - Wireless Engineer
ACCP, ACMP

Re: WPA2 Vulnerability Discussion

OKC is enabled by default in a WPA2-PSK network but if you have an WPA2-Enterprise network in your IAP config, you will see a checkbox that will show you either checked or not.
The same applies for 802.11r.

For Wi-Fi Uplink, well are you using another wireless network to connect your IAP to for a WAN link? Under System -> Advanced -> Uplink -> Wi-Fi

On the client side, you need to speak with the wireless chipset vendors.

Aruba has taken care of the infrastructure side of things.
Pasquale Monardo | Senior Network Solutions Consultant
ACDX #420 | ACMP
[If you found my post helpful, please give kudos!]
Moderator

Re: WPA2 Vulnerability Discussion


bosborne wrote:


Has the code for MST-200 MeshOS been released? The announcement indicates it has not yet been released.


MST code has not been released yet - I don't have any updates on that yet.

---
Jon Green, ACMX, CISSP
Security Guy
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: