Professional Documents
Culture Documents
AOS 8.4.3 ReleaseNotesRevBv2
AOS 8.4.3 ReleaseNotesRevBv2
AOS 8.4.3 ReleaseNotesRevBv2
CONTENTS
1) New Features
2) Fixed Problems
3) Known Issues
4) Limitations and Conditions
5) Hardware and Software Requirements
6) Contacting Support
1) NEW FEATURES
• Fix for KRACK vulnerability.
On October 16, 2017, a research paper was made public by Dr. Mathy Vanhoef from the
IMEC-DistriNet Research Group of KU Leuven in Belgium that uncovered security
vulnerabilities in key negotiations in both the Wi-Fi Protected Access (WPA) and Wi-Fi
Protected Access II (WPA2) protocols. The vulnerabilities, most commonly known as
KRACK, are associated with the process used for negotiating encryption keys used by the
client and access point and may allow reinstallation of these keys.
For more details, please refer to STATEMENT ON WPA2 KEY RE-USE “KRACK ATTACK”.
2
• 32941 - WDS doesn’t work on 802.11ac wave1 APs.
• 32946 - WDS client side XD2-240 AP would sometimes crash.
• 32951 - All APs are missing channel 165 when set to Russia country code.
• 32952 - All outdoor APs are missing lower UNII-1 band channels for Russia country code.
• 32992 - Cannot pass wireless station to station traffic when ARP filtering set to Proxy
and SSIDs set to have a VLAN ID.
• 33239 - DHCP and DNS application statistics reporting is inaccurate.
3) KNOWN ISSUES
• 19319 - When Roaming between APs with Radius Accounting enabled, de-
authentication occurs before the authentication has completed.
• 20276 - Internal-Radius and Active-Directory did not start after a reboot. If the Internal
Radius SSID is disabled and you then reboot, Active-Directory will start.
• 20296 - Rogue AP – 11ac Wave 1 Radios are seeing rogue APs at higher RSSI levels.
• 25558 - Standby Mode – Enabling standby mode on an SSID could cause a General Error.
It is not recommended to use this feature with this release.
• 25764 - In noisy environments, clients may be slow connecting to 80MHz bonded
channels. A workaround is to avoid using 80 MHz channels in noisy environments.
• 26045 - Admin RADIUS is not working with IPv6 when logging on to the Web
Management Interface or the Command Line Interface
• 26222 - No RADIUS packets are sent to server from PEAP client when primary server is
using IPv6.
• 26300 - Attempting to login to AP using IPv6 address via Admin RADIUS with WMI does
not work and causes WPA Authentication Engine restart. Workaround would be to
avoid Admin RADIUS logons w/ IPv6.
• 27041 - Radio assurance feature is not functional on 802.11ac Wave 2 products. Please
refrain from using this feature.
• 27265 - XRP did not send user session timeout details to the neighboring AP on roaming.
• 27310 - Loss of IP connectivity on 11ac Wave 2 radios after a station associates to TKIP
encryption only. Changing the encryption to AES works.
• 27376 - WPR SSL Redirect - Chrome does not allow the user to accept the SSL
Certificate. Use alternative browsers such as Safari or Internet Explorer.
• 27800 - Upstream traffic on the same clients is, in general, slower on 802.11ac Wave 1
AP’s than it is on 802.11ac Wave 2 AP’s – this has been observed infrequently on Intel
7625-based client chipsets.
• 28104 - On 11ac Wave 2 APs, the QoS UP bit in QoS Control Field is always set to
whatever QoS setting is set on the SSID.
3
• 28489 - Occasionally during boot-up AP sends out a couple of XRP packets with the
default IP address of 192.168.1.3. Administrators can safely ignore this debugging
message.
• 29728 - XR600 CRC error reporting numbers may not be accurate.
• 29831 - Wave 2-capable APs sometimes show negative RSSI, SNR and Silence values
when a station is first detected. This problem goes away and can be safely ignored.
• 32871 - The 2.5G Ethernet port on the XD4-240 links at 2.5G but sometimes will not
pass more than 1G of traffic and requires reboot to fix.
• 33188 - APs running AOS version 8.3.3-7084 are categorizing Epson's EasyMP projector
application traffic as proxy, which is denied, and causing the application on the MS
Surface to crash.
• 33396 - Layer3 roaming does not work on 802.11ac wave2 AP models.
4
• Wave 2 Radio Module Operating Modes
Tx Rx
Model Streams Tx power per radio
Chains Chains
• Wave 2 Radio Module Upgrade Configurations. The table below summarize power requirements
and configurations for installing XI-AC3470 radios in an XR modular AP.
# Radios
Upgraded Which Slots to Use (RF
Model Series after Watts / Injector Models
Model No Slot #s)
Upgrade
30W, PoE+
XR-2000 XR-2247 2 0, 2 XP1-MSI-30, XP1-MSI-75M, XP8-MSI-
70M, XT-5024/5048
40W
XR-2000 XR-2447 4 All slots XP8-MSI-70M,
XP1-MSI-75/75M
75W
XR-4000 XR-4447 4 1, 3, 5, 7 XP8-MSI-70M,
XP1-MSI-75/75M
5
# Radios
Upgraded Which Slots to Use (RF
Model Series after Watts / Injector Models
Model No Slot #s)
Upgrade
75W
XR-4000 XR-4847 8 All slots
XP1-MSI-75/75M
95W
XR-6000 XR-6847 8 0, 2, 4, 6, 8, 10, 12,14
XP2-MSI-95M (one port)
0, 1, 2, 4, 5, 6, 8, 9,10, 95W
XR-7000 XR-7247 12
12,13,14 XP2-MSI-95M (two ports)
95W
XR-7000 XR-7647 16 All Slots
XP2-MSI-95M (two ports)
6) CONTACTING SUPPORT
THE XIRRUS CUSTOMER SUPPORT WEBSITE PROVIDES ONLINE DOCUMENTS AND TOOLS FOR
TROUBLESHOOTING AND RESOLVING TECHNICAL ISSUES WITH XIRRUS PRODUCTS AND TECHNOLOGIES.
ACCESS TO ALL TOOLS ON THE XIRRUS CUSTOMER SUPPORT WEBSITE REQUIRES A LOGIN USER ID AND
PASSWORD. IF YOU HAVE A VALID SERVICE CONTRACT BUT DO NOT HAVE A USER ID OR PASSWORD, YOU CAN
REGISTER AT HTTP://SUPPORT.XIRRUS.COM.
• Email at support@xirrus.com
• Live chat with one of the Xirrus Customer Support Representatives at Login
• Call Xirrus at one of the following numbers
©2017 Riverbed Technology. All rights reserved. Riverbed and any Riverbed product or service name or logo
6
used herein are trademarks of Riverbed Technology. All other trademarks used herein belong to their
respective owners. The trademarks and logos displayed herein may not be used without the prior written
consent of Riverbed Technology or their respective owners.