Wireless Access

Reply
Moderator

Re: WPA2 Vulnerability Discussion


bosborne wrote:

Can't they run the versions listed in the security advisory?

 All listed vulnerabilities have been fixed in the following InstantOS patch
 releases, which are available for download immediately:
  -- 4.2.4.9
  -- 4.3.1.6
  -- 6.5.3.3
  -- 6.5.4.2

Possibly not.  The end-of-support site says that the latest version for the IAP-92/93 is 4.1.1.  I'm trying to get clarification on what should be done for 4.1.  It's possible that 4.1 didn't have support for any vulnerable features.

---
Jon Green, ACMX, CISSP
Security Guy
New Contributor

Re: WPA2 Vulnerability Discussion

We are running 6.4.2.6-4.1.3.4_57646

Bob,


[Boon Edam]
R.W. 'Bob' Brady | IT Manager | Boon Edam Inc.
T (910) 814 8115 | M (919) 623-9000 | F (910) 814-3899
402 McKinney Parkway | Lillington, NC 27546
Working Hours 0600-1500 EST
www.boonedam.us| Robert.Brady@boonedam.com [Your entry experts]

Re: WPA2 Vulnerability Discussion


rby@boonedam.us wrote:
We are running 6.4.2.6-4.1.3.4_57646

Bob,


[Boon Edam]
R.W. 'Bob' Brady | IT Manager | Boon Edam Inc.
T (910) 814 8115 | M (919) 623-9000 | F (910) 814-3899
402 McKinney Parkway | Lillington, NC 27546
Working Hours 0600-1500 EST
www.boonedam.us| Robert.Brady@boonedam.com [Your entry experts]

Those are the only versions listed for InstantOS. Are the running as IAPs, RAPs, or Campus APs?


Bruce Osborne - Wireless Engineer
ACCP, ACMP

All opinions written here are my own and do not necessarily reflect the views and opinions of my employer or Aruba Networks

New Contributor

Re: WPA2 Vulnerability Discussion

Where is the configuration to make sure 802.11r Fast BSS Transition is not enabled?

Re: WPA2 Vulnerability Discussion


Chez379 wrote:

Where is the configuration to make sure 802.11r Fast BSS Transition is not enabled?


We did this to check for 802.11r.

 

(ARUBA-MASTER-GH) #show wlan dot11r-profile

802.11r Profile List
--------------------
Name References Profile Status
---- ---------- --------------
default 0

Total:1

(ARUBA-MASTER-GH) #

 


Bruce Osborne - Wireless Engineer
ACCP, ACMP

All opinions written here are my own and do not necessarily reflect the views and opinions of my employer or Aruba Networks

New Contributor

Re: WPA2 Vulnerability Discussion

Is there a place in the GUI to check this, can't seem to putty into the controller.  This is in the AirWave interface, NOT the controller interface, correct?


bosborne wrote:

Chez379 wrote:

Where is the configuration to make sure 802.11r Fast BSS Transition is not enabled?


We did this to check for 802.11r.

 

(ARUBA-MASTER-GH) #show wlan dot11r-profile

802.11r Profile List
--------------------
Name References Profile Status
---- ---------- --------------
default 0

Total:1

(ARUBA-MASTER-GH) #

 


 

Re: WPA2 Vulnerability Discussion

This was CLI (puTTY is OK) on the controller.

From WebUI you can go to:

Configuration -> ADVANCED SERVICES -> All Profiles -> Wireless LAN -> 802.11r.

In Profile Details click on Show Reference.

image.pngimage.png


Bruce Osborne - Wireless Engineer
ACCP, ACMP

All opinions written here are my own and do not necessarily reflect the views and opinions of my employer or Aruba Networks

New Contributor

Re: WPA2 Vulnerability Discussion


Thank You!!!

bosborne wrote:

This was CLI (puTTY is OK) on the controller.

From WebUI you can go to:

Configuration -> ADVANCED SERVICES -> All Profiles -> Wireless LAN -> 802.11r.

In Profile Details click on Show Reference.

image.pngimage.png


 

Regular Contributor I

Re: WPA2 Vulnerability Discussion

Had to check 90 controllers today.  I just created a script and ran "show wlan dot11r-profile".  Took about 10 minutes.

 

Re: WPA2 Vulnerability Discussion


ascott wrote:

Had to check 90 controllers today.  I just created a script and ran "show wlan dot11r-pperferably an HA pair).rofile".  Took about 10 minutes.

 


90 standalone masters?

Most sites that size push the configuration from a master controller (preferably an HA pair).


Bruce Osborne - Wireless Engineer
ACCP, ACMP

All opinions written here are my own and do not necessarily reflect the views and opinions of my employer or Aruba Networks

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: