Upgrade Cisco WLC and Access Points to fix KRACK Attacks

671

On Oct 16th 2017, 7 vulnerabilities affecting both WPA and WPA2 were made publicly available. Additional research also led to discovery of 3 additional vulnerabilities.  Among these 10 vulnerabilities, only one CVE-2017-13082 may affect wireless infrastructure, the other nine vulnerabilities affect client devices.

There is also some good news, remote attacks won’t be possible in this case. The attacker have to be directly connected to Wi-Fi access point, that means within physical proximity to device.

It is not a bug in single vendor product, but rather a fundamental flaw in the protocol. Here we discuss very specific about patching Cisco wireless infrastructure – Cisco 2504 Wireless Controller.

 

Extract From Read Release Notes:

Before you proceed to upgrade, you must know about upgrade path and additional information about images:

  1. Upgrade Path to 8.3.133
7.0.x releasesYou can upgrade directly to 8.3.133.0.

If you have VLAN support and VLAN mappings defined on H-REAP access points and are currently using a 7.0.x Cisco WLC software release that is earlier than 7.0.240.0, we recommend that you upgrade to the 7.0.240.0 release and then upgrade to 8.3.133.0 to avoid losing those VLAN settings.

In case of FlexConnect VLAN mapping deployment, we recommend that the deployment be done using FlexConnect groups. This allows you to recover VLAN mapping after an AP rejoins the Cisco WLC without having to manually reassign the VLAN mappings.
7.1.91.0You can upgrade directly to 8.3.133.0.
7.2.x releasesYou can upgrade directly to 8.3.133.0.

If you have an 802.11u HotSpot configuration on the WLANs, we recommend that you first upgrade to the 7.3.101.0 Cisco WLC software release and then to the 8.3.133.0 Cisco WLC software release.

You must downgrade from the 8.3.133.0 Cisco WLC software release to a 7.2.x Cisco WLC software release if you have an 802.11u HotSpot configuration on the WLANs that are not supported.
7.3.x, 7.4.x, 7.5.x, 7.6.x, 8.0.x, 8.1.x, 8.2.x, 8.3.x releasesYou can upgrade directly to 8.3.133.0.

Specifically for 8.2.x, see Changes in Images and Installation Procedure for Cisco 2504 WLC, Cisco 5508 WLC, and Cisco WiSM2 about special upgrade instructions for Cisco 2504 WLC, 5508 WLC, and WiSM2.

2.Due to an increase in the size of the Release 8.3.133.0 Cisco WLC software image, the Cisco 2504 WLC software images are split into the following two images:

  • Base Install image, which includes the Cisco WLC image and a subset of some AP images
  • Supplementary AP Bundle image, which includes AP images that are excluded from the Base Install image – AP802, Aironet 1530, 1550, 1570.

3.AP_BUNDLE installation files should not be renamed because the filenames are used as indicators to not delete the backup image before starting the download.

If renamed and if they do not contain “AP_BUNDLE” or “FUS” strings in their filenames, the backup image will be cleaned up before starting the file download, anticipating a bigger sized regular base image.

Click here to read more in official Cisco 8.3.133 release note.

 

Upgrading Cisco WLC to 8.3.133

Step 1: Backup WLC Configuration

  • You need a tftp server in your network that is reachable from WLC
  • Navigate to COMMANDS tab in WLC GUI and choose UPLOAD FILE menu
  • Specify File Type (Configuration), Transfer Mode (TFTP), IP Address (TFTP Server IP), File Path (./ incase its at root folder) and File Name.
  • Click Upload button to backup WLC configuration

 

Step 2: Upgrade WLC

  • Download the relevant WLC software version from cisco.com (you need a smartnet contract) and copy it to root folder of TFTP server
  • Navigate to COMMANDS tab, choose DOWNLOAD FILE menu
  • Specify File Type (Code), Transfer Mode (TFTP), IP Address (TFTP Server IP), File Path (./) and File Name (name of your downloaded file)
  • Click Download button to upload the file to controller.

You  can track firmware download process in Commands > Config Boot. If you still see the older version in Primary Image, wait for download to complete and you should see the latest 8.3.133 version .

Step 3 : Save Configuration and Reboot Controller

After reboot, WLC should be upgraded to latest version 8.3.133 and all APs should start upgrading.

· ·


Related Articles & Comments

Thank you for visiting us. To continue receiving updates, please Subscribe to our Social Media Channels.

Google+
FACEBOOK
RSS
YOUTUBE
Menu Title
%d bloggers like this: