Following the FragAttacks announcement I have upgraded my R550 AP to 184.108.40.206.243 only to find subtle connection stability issues between the AP and a Linux ThinkPad T480s with a Intel 8265 wireless chipset. The symptom is that any tcp/udp/icmp package transmission just stops after 1-2 hours of usage. After reverting to 220.127.116.11.233 everything is rock solid once again with connection not breaking at all for days at a time. I have tried WPA2-only and WPA3-only modes both with both firmwares and the results are the same (233 is stable, 243 causes dropouts).
Any ideas where to look next or what might be causing this?
Solved! Go to Solution.
Problem may or may not be due to FragAttacks fix.
Also, you can upgrade to 18.104.22.168.229, same has been released on support portal.
Again, not all the vulnerabilities under FragAttacks can be fixed by just upgrading APs, you also have to upgrade the UE card drivers.
Since the issue is seen only after upgrade to a specific code and a downgrade resolves it we would need to collect debug log on the AP and packet capture to identify the root cause. Can you please log on a case with us to track the issue and for initial debug attach the AP support and from Master diagnostic log along with it. Please be noted in case TAC doesn't have the specified device we would need your help in reproducing the problem again.
You can open up a case using below :
1) You can call our support helpline and a rep would help creating a case :
2) You can directly open a case via our support portal :
It is possible, that the problem is directly related to FragAttacks fixes. FragAttacks fixes limit WiFi working mode to more secure modes, and any additional security is expected to add requirements to connection quality.
As example from different area -- you may have quit good experience looking on WEB pages over connection with packet loss rate about 1%, and you will never even suspect it. But if you try to do IPSEC connection for same traffic over same connection, you'll feel this packet loss as connection drops and disconnects. Reason is that IPSEC doesn't like packet loss at all -- packets are all numbered, and when some packet is missing, you can be disconnected.
It unfortunately means, that your problem may be not even a bug, but just a result of higher requirements of more secure connection to media (RF) -- so it can be not fixable.
I can't say if it is so in your case, but it is definitely possible (unfortunately).
Another reason of problem may be that client driver is expected to use less secure modes, and is not so good tuned or even is baggy, when working in secure mode.
Unfortunately, such issues are very difficult to diagnose, and fix, as they require both client and AP vendors involvement.
By the way, do you have fix for client device installed (Linux ThinkPad T480s with a Intel 8265 wireless)? With fix you have better chance that client driver will work reliably in secure modes.
If you don't have fixes on all client devices, I don't see much good from upgrading just AP.