D-Link Wireless Access Points For Business > DAP-2695

KRACK firmware 1.20RC93 patch from today

(1/2) > >>

drshock:
I successfully applied the 1.20 patch for KRACK mentioned here http://forums.dlink.com/index.php?topic=72763.msg292201 at the top of the forums today.
 
I just upgraded without a factory reset since this is a same version patch.  No problems applying the patch. 

I applied this on a DAP2695 in a production environment, though its after hours currently and only 11 clients connected.   Will see how it manages the rest of this week and post back if there are any issues uncovered.

FurryNutz:
Thanks for letting us know. Hope it works for other users as well.

Enjoy.  ;)

drshock:
I haven't seen any new problems with this beta patch for KRACK on the DAP-2695.   I've been using the unit in production running both IPv4 and IPv6 traffic as usual.   It's been stable and no obvious regressions.
 
I did however find one new firmware bug that I missed previously with 1.20RC75.   This was noticed this time because we have additional IPv6 firewall rules logging at our Vyatta edgerouter since the new year.   
 
The DAP is repeatedly sending out DHCPv6 router solicit messages, even after the router has acknowledged them.  This is within a SLAAC + stateless DHCPv6 configuration only.   The problem with this bug is that it not only will rapidly fill a syslog with noise, but it puts a CPU load on the DAP as well as the responding DHCPv6 server.   I ended up disabling IPv6 on the DAP-2695 to shut this down, and immediately got a 1% CPU gain back on the DHCPv6 server in such an endless loop.
 
My warranty is expired for this DAP-2695, so I cannot contact D-Link support to report it officially.  Hopefully someone from D-Link engineering will notice this, as it's likely an obvious fix (stop sending out the broadcast solicit messages once the router responds with the DHCPv6 additional information reply message).   In this type of enterprise IPv6 configuration, the only response is going to be internal corporate DNS name server locations as the DAPs IP is assigned via SLAAC (which the DAP-2695 correctly handles and shows in the UI along with the router gateway v6 address).  DHCPv6 is not used to assign addresses, only to assign other configuration settings (i.e., internal DNS servers). The DNS info is irrelvant to the DAP so it shouldn't be asking for this additional information in the first place when stateless DHVPv6 is employed in addition to SLAAC.

FurryNutz:
Something you could email or contact D-Link support on Chat about and let them know what your experiencing...


--- Quote from: drshock on January 06, 2018, 10:28:25 AM ---I haven't seen any new problems with this beta patch for KRACK on the DAP-2695.   I've been using the unit in production running both IPv4 and IPv6 traffic as usual.   It's been stable and no obvious regressions.
 
I did however find one new firmware bug that I missed previously with 1.20RC75.   This was noticed this time because we have additional IPv6 firewall rules logging at our Vyatta edgerouter since the new year.   
 
The DAP is repeatedly sending out DHCPv6 router solicit messages, even after the router has acknowledged them.  This is within a SLAAC + stateless DHCPv6 configuration only.   The problem with this bug is that it not only will rapidly fill a syslog with noise, but it puts a CPU load on the DAP as well as the responding DHCPv6 server.   I ended up disabling IPv6 on the DAP-2695 to shut this down, and immediately got a 1% CPU gain back on the DHCPv6 server in such an endless loop.
 
My warranty is expired for this DAP-2695, so I cannot contact D-Link support to report it officially.  Hopefully someone from D-Link engineering will notice this, as it's likely an obvious fix (stop sending out the broadcast solicit messages once the router responds with the DHCPv6 additional information reply message).   In this type of enterprise IPv6 configuration, the only response is going to be internal corporate DNS name server locations as the DAPs IP is assigned via SLAAC (which the DAP-2695 correctly handles and shows in the UI along with the router gateway v6 address).  The DNS is irrelvant to the DAP so it shouldn't be asking for this additional information in the first place when stateless DHVPv6 is employed in addition to SLAAC.

--- End quote ---

Gattsu:
drshock, so issue is replicated on firmware ver. 1.20RC93? And you've verified the AP has received an IPv6 address? If you have packet captures, please provide a copy.

Thanks!

Navigation

[0] Message Index

[#] Next page

Go to full version