This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

WPA2 KRACK Questions & Answers - Resource page

michael_brado
Esteemed Contributor II

‎10-18-2017 04:48 PM

Greetings,

    Much concern about possible impact of announced WPA2 KRACK vulnerabilities, and Ruckus would
like to provide information and answer your related questions.  Please view the WPA2 KRACK support
resource center page:

https://support.ruckuswireless.com/krack-ruckus-wireless-support-resource-center

   There are knowledge base articles that describe Rogue Detection, and details on checking 802.11r
enable/ disable state, link to a TME blog on the problem, and industry links related to WPA2 KRACK flaws.
Information regarding specific platform firmware patch release availability will be provided shortly.
20 REPLIES 20

steven_veron
New Contributor III
In response to steven_veron

‎10-20-2017 10:52 AM

That's good to know, I appreciate it. You mention locking the channel, I was unable to find a setting within the GUI and the guide doesn't mention it that I have found. Is this a CLI only command? If so can you point me to some documentation on it?
0 Kudos

michael_brado
Esteemed Contributor II
In response to steven_veron

‎10-20-2017 02:18 PM

I just created a public visible KBA-6480 with this content:

If you have been instructed to "lock down" the 7731 point to point bridge frequency channel,
you can view the current channel in use, and configure the bridge to stay on this channel.

Figure 1:  Status::Wireless

Current channel in use is Channel 100, and the 7731 is currently set for SmartSelect channel algorithm.




Figure 2:  Configuration :: Wireless :: Root Bridge

Use the Channel drop-down list to find the Channel 100 currently in use and click on it.
This will keep the Root Bridge AP setting on Channel 100.  (SmartSelect is default).

0 Kudos

michael_brado
Esteemed Contributor II

‎10-19-2017 08:00 AM

While mgt determines how to provide a 9.2 version patch, you aren't at much risk since clients who can be compromised aren't likely connecting to your PtP bridges... 
0 Kudos

steven_veron
New Contributor III

‎10-19-2017 08:02 AM

This bridge provides internet to a building that contains our HR department. Anything greater than 0 is considered a risk. 
0 Kudos

michael_brado
Esteemed Contributor II
In response to steven_veron

‎10-19-2017 09:31 AM

If the bridge or mesh AP channel is static, the AP is not vulnerable to MITM attack, which is a necessary part of the replay attack.  Find your best PtP link channels, and lock them down for 0 risk.
0 Kudos
Copyright © 2024 Khoros, LLC