PMP450x Release 15.2 is now available


@CSup wrote:
And one other question if an AP is still on 15.1.5 on des does that mean if an installer puts 15.2 on an SM it won’t be able to connect since it no longer supports DES

If that’s the case I imagine I should consider upgrading all APs across network before starting to upgrade SMs to avoid issues with installers using newer version or a 15.2 roaming to an alternate color code that isn’t upgraded yet while the upgrade process is ongoing.

This ones not a big issue either way as I imagine it will be a while till 15.2 starts coming from factory.



Also I noticed something that I thought I was told was getting fixed in 15.2, the ifHighSpeed snmp variable is still undefined 1.3.6.1.2.1.31.1.1.1.15 returns empty still

Hi CSup,

Yes, If AP is on 15.1.5 and running DES, a SM running 15.2 will not be able to connect to the AP.

Please refer to the following FAQ for more info about upgrade options.

http://community.cambiumnetworks.com/t5/PMP-FAQ/15-2-AES-256-Encryption-FAQ/m-p/85930#M306

ifHighSpeed OID is supported in 15.2. Could you please try again.

 

Best Regards,

Balaji

Thanks your right ifHighSpeed is working, i must have typed the wrong ip to one that wasn't upgraded yet. 

Any idea on the lldp/layer2 neighbor issue?

I was reading the document you linked, so AP with 15.2

New AP Setting NONE will allow DES subscribers to connect with PT

Will subs with AES setting also be allowed to connect with the AP set to none? Is this the same for SM's in 15.1.x and 15.2? 

I notice that the doc also says to upgrade from outside inward, but wouldn't that break the SM's as they wouldn't support DES while the AP is still on DES possibly?


Lastly, if an AP is set to AES, and a SM is set to None/DES, will it be able to authenticate to get the radius downloaduri to get the new config? I ask because we have a lot of radios offline due to disconnection (non-payment, signal issues etc), if they can't then when we switch network to AES those radios will require truck roll to get back online


@CSup wrote:

Thanks your right ifHighSpeed is working, i must have typed the wrong ip to one that wasn't upgraded yet. 

Any idea on the lldp/layer2 neighbor issue? 


I'm sorry. I don't have the answer right now. I'll get back to you on that.

I was reading the document you linked, so AP with 15.2

New AP Setting NONE will allow DES subscribers to connect with PT


When encryption is set to "None", the AP does not care whether SM is running DES or AES.
It will allow both DES and AES SMs to register to it.


@CSup

Will subs with AES setting also be allowed to connect with the AP set to none? Is this the same for SM's in 15.1.x and 15.2? 


Yes, SMs running 15.1.x and 15.2 will register to AP running 15.2, with encryption set to "None".

 Lastly, if an AP is set to AES, and a SM is set to None/DES, will it be able to authenticate to get the radius downloaduri to get the new config? I ask because we have a lot of radios offline due to disconnection (non-payment, signal issues etc), if they can't then when we switch network to AES those radios will require truck roll to get back online


When AP is set to AES, only SMs with AES can register to it. 

Encryption on all the SMs in the sector should be configured to AES, before AP is flipped from "NONE" to AES.

2 Likes

AP PMP 450 i
Firmware 15.2 BETA 4

Upgraded to 15.2 final

AP almost unreachable. Noticed difficulty in navigating the menus. CPU used very low (10%)

Reply from 10.52.0.53: bytes=32 time=1ms TTL=63
Request timed out.
Request timed out.
Reply from 10.52.0.53: bytes=32 time=1278ms TTL=63
Reply from 10.52.0.53: bytes=32 time=2ms TTL=63
Reply from 10.52.0.53: bytes=32 time=2ms TTL=63
Request timed out.
Request timed out.
Request timed out.
Reply from 10.52.0.53: bytes=32 time=1451ms TTL=63
Reply from 10.52.0.53: bytes=32 time=1ms TTL=63

Rebooted. Nothing.

Downgrade to 15.2 BETA 4, ok.

Reply from 10.52.0.53: bytes=32 time=2ms TTL=63
Reply from 10.52.0.53: bytes=32 time=1ms TTL=63
Reply from 10.52.0.53: bytes=32 time=1ms TTL=63
Reply from 10.52.0.53: bytes=32 time=1ms TTL=63
Reply from 10.52.0.53: bytes=32 time=2ms TTL=63
Reply from 10.52.0.53: bytes=32 time=1ms TTL=63


@Tuvix_IT wrote:

AP PMP 450 i
Firmware 15.2 BETA 4

Upgraded to 15.2 final

AP almost unreachable. Noticed difficulty in navigating the menus. CPU used very low (10%)

Reply from 10.52.0.53: bytes=32 time=1ms TTL=63
Request timed out.
Request timed out.
Reply from 10.52.0.53: bytes=32 time=1278ms TTL=63
Reply from 10.52.0.53: bytes=32 time=2ms TTL=63
Reply from 10.52.0.53: bytes=32 time=2ms TTL=63
Request timed out.
Request timed out.
Request timed out.
Reply from 10.52.0.53: bytes=32 time=1451ms TTL=63
Reply from 10.52.0.53: bytes=32 time=1ms TTL=63

Rebooted. Nothing.

Downgrade to 15.2 BETA 4, ok.

Reply from 10.52.0.53: bytes=32 time=2ms TTL=63
Reply from 10.52.0.53: bytes=32 time=1ms TTL=63
Reply from 10.52.0.53: bytes=32 time=1ms TTL=63
Reply from 10.52.0.53: bytes=32 time=1ms TTL=63
Reply from 10.52.0.53: bytes=32 time=2ms TTL=63
Reply from 10.52.0.53: bytes=32 time=1ms TTL=63


This looks like a ethernet problem.
What do you see in Statistics -> ethernet ?

No errors. No event log. Very strange.

EDIT: the reported problem occurs for now only on the  APs "i".


@Tuvix_IT wrote:

AP PMP 450 i
Firmware 15.2 BETA 4

Upgraded to 15.2 final

AP almost unreachable. Noticed difficulty in navigating the menus. CPU used very low (10%)

Reply from 10.52.0.53: bytes=32 time=1ms TTL=63
Request timed out.
Request timed out.
Reply from 10.52.0.53: bytes=32 time=1278ms TTL=63
Reply from 10.52.0.53: bytes=32 time=2ms TTL=63
Reply from 10.52.0.53: bytes=32 time=2ms TTL=63
Request timed out.
Request timed out.
Request timed out.
Reply from 10.52.0.53: bytes=32 time=1451ms TTL=63
Reply from 10.52.0.53: bytes=32 time=1ms TTL=63

Rebooted. Nothing.

Downgrade to 15.2 BETA 4, ok.

Reply from 10.52.0.53: bytes=32 time=2ms TTL=63
Reply from 10.52.0.53: bytes=32 time=1ms TTL=63
Reply from 10.52.0.53: bytes=32 time=1ms TTL=63
Reply from 10.52.0.53: bytes=32 time=1ms TTL=63
Reply from 10.52.0.53: bytes=32 time=2ms TTL=63
Reply from 10.52.0.53: bytes=32 time=1ms TTL=63


Can you please send me the "engineering.cgi" from the AP, to balaji.grandhi@cambiumnetworks.com.

1 Like

Anyone else see this happen on a 450i I haven’t gotten to any i’s yet

Hi, it looks like a problem with the Jumbo Frames. is being analyzed by Cambium.

So if we use jumbo frames should we hold off for a 15.2.1?

This is only an issue if you have a device trying to send frames larger than 1700 bytes into a 450i or 450b device's Ethernet Port.   Those packets wouldn't be being passed anyways, so if you have a device doing this, the best thing to do would be to fix that device and stop it from doing this.  

We updated some logging and handling of these packets and when we see some regular arrival of those, it appears to be that logging and analysis is causing an issue in processing other packets for a tiny bit.   If they are regularly arriving, multiple times per second, it can have a larger impact.  Our analysis of the logs we have seen with this issue were showing some regular arrival of 1800+ byte length packets.

We will address this in 16.0, but the important thing to note regarding Jumbo Frames, is that we only support up to 1700 byte packets, so anything larger than that would be dropped anyways.  It is safe to use frames up to 1700 byte length even with this issue in place for larger packets.

3 Likes

Enable or Disable Max Tx Power not work.

I change Disable Max Tx Power but power 22.

In version 15.1.3 after change it is parameters power changed.

after upgrading a 450m AP and all the SMs attached to that AP via cnMaestro the SMs now display the following red warning at the top of the SM page:

"The encryption setting configured prior to upgrade is no longer supported, radio links are not encrypted.
Apply a supported encryption configuration under Configuration->Security->Airlink Security->Encryption Setting and reboot to remove the above warning."

is ther a way to change this without touching and rebooting every SM?!?!

It’s in the release notes they discontinued DES you have to swap sms to AES once their all changed then enable aes on AP


Or just disable encryption either way your gonna have to reboot sm… that said it’s in the patch notes pretty extensively

yeah i read the notes that said encryption went away but the notes didn't explain that you'd then need to touch and reboot every dang AP and SM after upgrading. :-/

my question is "do i have to touch and reboot every device?"

why doesn't the updater just apply this change?!?!

1 Like

Your not wrong, as I personally think the SM should just always be set to AES after upgraded to 15.2 and rebooted, as the SM will connect regardless of it's setting if the AP is set to PT and the SM is set to AES it connects... So why does it make sense to leave the SM on the defunct-DES setting which is operating as PT.

The drop-down can literally go away just make the radio AutoSelect AES/PT based on the AP it connects to as it already does, instead of booting up in defunct-des which technically is PT. 

With DES gone the whole reason for having the setting is now useless, it's either AES128 or the ap has AES256 and it uses that instead to my knowledge, and theirs 0 performance impact so shouldn't the basic setting just be AES

1 Like

I'd like to say that I'm also disappointed in how Cambium handled the whole DES to AES conversion... it just makes sense that if you upgrade to 15.2 it should automatically set the SM's and then the AP's to AES. It's going to be so much work and additional downtime for us to convert. I'm really dreading moving to 15.2 and beyond because of this.

We are looking into this now... as well as potential solutions for having to touch everything.  Keep an eye on this thread for updates.

1 Like

thanks Matt, I really don't want to reboot everything twice just to do an upgrade. plus there's no way to easily ensure that everything was updated AND set to the right settings.

-sean

What does this mean for a 430 series SM that is connected to a 450series AP?  Will the 430 series SM no longer connect as it doesn't have the option of AES? will 15.2 give it this option? or am I forced to stay on older firmware from this point till I can afford to swap out 500+ SMs to 450 series?

Trust me, we are working to update all legacy equipment, but this is far from happening overnight and likely not within the year.

1 Like