Wireless Access

Reply
Moderator

Re: WPA2 Vulnerability Discussion


bosborne wrote:

Can't they run the versions listed in the security advisory?

 All listed vulnerabilities have been fixed in the following InstantOS patch
 releases, which are available for download immediately:
  -- 4.2.4.9
  -- 4.3.1.6
  -- 6.5.3.3
  -- 6.5.4.2

Possibly not.  The end-of-support site says that the latest version for the IAP-92/93 is 4.1.1.  I'm trying to get clarification on what should be done for 4.1.  It's possible that 4.1 didn't have support for any vulnerable features.

---
Jon Green, ACMX, CISSP
Security Guy
New Contributor

Re: WPA2 Vulnerability Discussion

We are running 6.4.2.6-4.1.3.4_57646

Bob,


[Boon Edam]
R.W. 'Bob' Brady | IT Manager | Boon Edam Inc.
T (910) 814 8115 | M (919) 623-9000 | F (910) 814-3899
402 McKinney Parkway | Lillington, NC 27546
Working Hours 0600-1500 EST
www.boonedam.us| Robert.Brady@boonedam.com [Your entry experts]
Frequent Contributor II

Re: WPA2 Vulnerability Discussion


rby@boonedam.us wrote:
We are running 6.4.2.6-4.1.3.4_57646

Bob,


[Boon Edam]
R.W. 'Bob' Brady | IT Manager | Boon Edam Inc.
T (910) 814 8115 | M (919) 623-9000 | F (910) 814-3899
402 McKinney Parkway | Lillington, NC 27546
Working Hours 0600-1500 EST
www.boonedam.us| Robert.Brady@boonedam.com [Your entry experts]

Those are the only versions listed for InstantOS. Are the running as IAPs, RAPs, or Campus APs?


Bruce Osborne - Wireless Engineer
ACCP, ACMP
New Contributor

Re: WPA2 Vulnerability Discussion

Where is the configuration to make sure 802.11r Fast BSS Transition is not enabled?

Frequent Contributor II

Re: WPA2 Vulnerability Discussion


Chez379 wrote:

Where is the configuration to make sure 802.11r Fast BSS Transition is not enabled?


We did this to check for 802.11r.

 

(ARUBA-MASTER-GH) #show wlan dot11r-profile

802.11r Profile List
--------------------
Name References Profile Status
---- ---------- --------------
default 0

Total:1

(ARUBA-MASTER-GH) #

 


Bruce Osborne - Wireless Engineer
ACCP, ACMP
New Contributor

Re: WPA2 Vulnerability Discussion

Is there a place in the GUI to check this, can't seem to putty into the controller.  This is in the AirWave interface, NOT the controller interface, correct?


bosborne wrote:

Chez379 wrote:

Where is the configuration to make sure 802.11r Fast BSS Transition is not enabled?


We did this to check for 802.11r.

 

(ARUBA-MASTER-GH) #show wlan dot11r-profile

802.11r Profile List
--------------------
Name References Profile Status
---- ---------- --------------
default 0

Total:1

(ARUBA-MASTER-GH) #

 


 

Frequent Contributor II

Re: WPA2 Vulnerability Discussion

This was CLI (puTTY is OK) on the controller.

From WebUI you can go to:

Configuration -> ADVANCED SERVICES -> All Profiles -> Wireless LAN -> 802.11r.

In Profile Details click on Show Reference.

image.pngimage.png


Bruce Osborne - Wireless Engineer
ACCP, ACMP
New Contributor

Re: WPA2 Vulnerability Discussion


Thank You!!!

bosborne wrote:

This was CLI (puTTY is OK) on the controller.

From WebUI you can go to:

Configuration -> ADVANCED SERVICES -> All Profiles -> Wireless LAN -> 802.11r.

In Profile Details click on Show Reference.

image.pngimage.png


 

Regular Contributor I

Re: WPA2 Vulnerability Discussion

Had to check 90 controllers today.  I just created a script and ran "show wlan dot11r-profile".  Took about 10 minutes.

 

Frequent Contributor II

Re: WPA2 Vulnerability Discussion


ascott wrote:

Had to check 90 controllers today.  I just created a script and ran "show wlan dot11r-pperferably an HA pair).rofile".  Took about 10 minutes.

 


90 standalone masters?

Most sites that size push the configuration from a master controller (preferably an HA pair).


Bruce Osborne - Wireless Engineer
ACCP, ACMP
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: