cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
40756
Views
0
Helpful
83
Replies

WAP4400N Firmware Status

m.ruggles
Level 1
Level 1

Hello,

I have 2 WAP4400N access points, each has a different version of the firmware installed and one has options that the other one does not.

I have one access point running

1.2.17-ETSI

and one running

1.2.8

If I visit the Cisco site for firmware updates, I see that only one version of firmware is available for this access point... 1.2.14

This is quite poor for Cisco, I realize that Linksys is not Cisco's main area of business, but if you are going to provide

downloads for access points you could at least make sure that you have the latest version available.

Can you please state when the latest firmware for this device will be realeased.

83 Replies 83

Go to youtube and look up cracking WPA with backtrack3. This will show you just how insecure TKIP is.

Bill

P.S. I have done this test/intrusion many times on customer's networks to expose security holes.

Hi Bill

I couldn't agree more.  That Cisco is suggesting going to TKIP as a workaround is unconscionable, IMHO.  At this point, it seems pretty clear that an actual firmware fix is not forthcoming.

my stability problems show more with multicast traffick than regural traffick. Sometimes I am pumping quite a lot of data.

Also one thing I noticed that I also reported on Win (all flavors 32 bit) it is stable but it is not the case with all 64bit windows.

Can this be added to a internal test? and verified. More and more people now will run win64

This IS actually an acceptable solution. The workaround is fine as long as you are using a SUPER secure password (one that is guaranteed not to be in a dictionary file). If I were Daniele, I would make a password that is alphanumeric/special character that is a minimum of 15 characters in length. Also do NOT make it resemble any word AT ALL.

If it does look something like a word, then it can most likely be generated in a password generator. Never use a password like this P@ssw0rd. This uses special characters/numbers and letters but, it looks like the word Password. This can be generated/guessed by a user/program.

Daniele, I think using TKIP will be fine so long as you use a VERY secure password and change it somewhat often. This should be a practice of any administrator anyway, so it should not ruffle any feathers.

Bill

Hi,

thanks for your precious feedbacks guys.

Unfortunately I`m not a Linux expert, cracking the passwords by my self would take ages, but I think those youtube videos are reliable enough. But actually in the company I work for we use RADIUS authentication which, but maybe I`m wrong, should make things a little bit more complicated, as domain, windows username and windows password need to be sent and checked, instead of just one password....isn`t it?

By the way, I`ve understood from Cisco support that a work-around is not the direction they want to take: once I`ll provide them with enough evidences about the instability caused by using AES, they`ll work on it. I just need to make time for some tests.

Regards,

D.

Daniele,

You are correct. Radius authorization is considerably more secure than just wireless authentication (hence the AAA part not just A). Rogue users may be able to crack the password to the wireless network, but will not gain access to the network simply because they fail the Authorization part of the triple A formula.

You are also correct saying that Cisco, once documented properly, is eager to fix any bug we find within our devices. I think the problem that gloomrider, and other, have is that it is not as fast as they would like. Finding, documenting, and fixing such issues takes time. Time is precious to everyone, so I can understand the impatience. We do however, want to make sure the fix we design actually fixes the issue and does not cause more issues.

I can only ask for patience from the users, as we are aware of the flaws described and are actively working on a fix. Thank you for the patience you have displayed so far.

Bill

Falling back to TKIP is acceptable as a resolution to the problem?  I think we'll just have to agree to disagree on that.  Swapping the AP with a non-Linksys product will also solve the problem.

Swaping for different unit is what I did for now. I got this cheep TEW-637AP and it works great no drops and works with Win x64 well. I just noticed this usning compatible to 4400N - TEW-636APB

I just installed 5 WAP4400N's and having problems users being disconnected and very low performance. This happens after 2-3 days and I only have 5-10 clients per AP. Turned AES off but still the same problem, I heard reports that turning .n off as well might help or is the only solution now to use different AP until there is a fix. I have combination of MAC's, Windows 7, Vista and XP clients.

Is there any news on new firmware yet?

Hi,

last week I've been doing some tests with both AES and TKIP encryption. I've also collected a lot of logs which I sent to Cisco.

TKIP seems to be more stable but still, the connection is not as stable as it's supposed to be. Cisco support told me they "will be escalating the case to see if they can attach a bug to it and get it fixed with the new firmware". Now we need to be patient and provide any useful info, if any.

Regards,

Daniele

Any movement on this unit? or is it dead? and should go on eBay or trash can? :)

Thank you

Hi,

I've been told some engineers are working on a solution, I assume a new firmware will be released, but I don't know when. Cisco support is not asking my help anymore since they believe we've done all the possible tests, and actually I agree with them, I can't think about any other test that can be done indeed.

I'm afraid we just need to wait and see.

Regards,

Daniele

remkolodder
Level 1
Level 1

Just another me2 message actually. With the chip vendor we tried looking into these problems a bit better, and we might have found something which is disconnecting my Macbook Pro/Macbook/iPhone devices periodically. Especially noticable when doing Time Machine backups. I am using WPA2-TKIP with a preshared secret (from my head).

It took a long time to get this far, and possibly we might be able to report further progress soon-ish. I understand that most people will hook-off after such a long time (I think 6 months+), but I am still willing to persist with this and resolve it. The device was expensive for home-use and getting a new one, is not fun for the wallet :-)

BR,

Remko Lodder

//FreeBSD Committer

stevelerner
Level 1
Level 1

I too am eagerly awaiting progress on this issue. 

stevelerner
Level 1
Level 1

Any news?  It would be great to hear that there's been some progress!