@CSup wrote: And one other question if an AP is still on 15.1.5 on des does that mean if an installer puts 15.2 on an SM it won’t be able to connect since it no longer supports DES
If that’s the case I imagine I should consider upgrading all APs across network before starting to upgrade SMs to avoid issues with installers using newer version or a 15.2 roaming to an alternate color code that isn’t upgraded yet while the upgrade process is ongoing.
This ones not a big issue either way as I imagine it will be a while till 15.2 starts coming from factory.
Also I noticed something that I thought I was told was getting fixed in 15.2, the ifHighSpeed snmp variable is still undefined 1.3.6.1.2.1.31.1.1.1.15 returns empty still
Hi CSup,
Yes, If AP is on 15.1.5 and running DES, a SM running 15.2 will not be able to connect to the AP.
Please refer to the following FAQ for more info about upgrade options.
Thanks your right ifHighSpeed is working, i must have typed the wrong ip to one that wasn't upgraded yet.
Any idea on the lldp/layer2 neighbor issue?
I was reading the document you linked, so AP with 15.2
New AP Setting NONE will allow DES subscribers to connect with PT
Will subs with AES setting also be allowed to connect with the AP set to none? Is this the same for SM's in 15.1.x and 15.2?
I notice that the doc also says to upgrade from outside inward, but wouldn't that break the SM's as they wouldn't support DES while the AP is still on DES possibly?
Lastly, if an AP is set to AES, and a SM is set to None/DES, will it be able to authenticate to get the radius downloaduri to get the new config? I ask because we have a lot of radios offline due to disconnection (non-payment, signal issues etc), if they can't then when we switch network to AES those radios will require truck roll to get back online
Will subs with AES setting also be allowed to connect with the AP set to none? Is this the same for SM's in 15.1.x and 15.2?
Yes, SMs running 15.1.x and 15.2 will register to AP running 15.2, with encryption set to "None".
Lastly, if an AP is set to AES, and a SM is set to None/DES, will it be able to authenticate to get the radius downloaduri to get the new config? I ask because we have a lot of radios offline due to disconnection (non-payment, signal issues etc), if they can't then when we switch network to AES those radios will require truck roll to get back online
When AP is set to AES, only SMs with AES can register to it.
Encryption on all the SMs in the sector should be configured to AES, before AP is flipped from "NONE" to AES.
This is only an issue if you have a device trying to send frames larger than 1700 bytes into a 450i or 450b device's Ethernet Port. Those packets wouldn't be being passed anyways, so if you have a device doing this, the best thing to do would be to fix that device and stop it from doing this.
We updated some logging and handling of these packets and when we see some regular arrival of those, it appears to be that logging and analysis is causing an issue in processing other packets for a tiny bit. If they are regularly arriving, multiple times per second, it can have a larger impact. Our analysis of the logs we have seen with this issue were showing some regular arrival of 1800+ byte length packets.
We will address this in 16.0, but the important thing to note regarding Jumbo Frames, is that we only support up to 1700 byte packets, so anything larger than that would be dropped anyways. It is safe to use frames up to 1700 byte length even with this issue in place for larger packets.
after upgrading a 450m AP and all the SMs attached to that AP via cnMaestro the SMs now display the following red warning at the top of the SM page:
"The encryption setting configured prior to upgrade is no longer supported, radio links are not encrypted. Apply a supported encryption configuration under Configuration->Security->Airlink Security->Encryption Setting and reboot to remove the above warning."
is ther a way to change this without touching and rebooting every SM?!?!
yeah i read the notes that said encryption went away but the notes didn't explain that you'd then need to touch and reboot every dang AP and SM after upgrading. :-/
my question is "do i have to touch and reboot every device?"
why doesn't the updater just apply this change?!?!
Your not wrong, as I personally think the SM should just always be set to AES after upgraded to 15.2 and rebooted, as the SM will connect regardless of it's setting if the AP is set to PT and the SM is set to AES it connects... So why does it make sense to leave the SM on the defunct-DES setting which is operating as PT.
The drop-down can literally go away just make the radio AutoSelect AES/PT based on the AP it connects to as it already does, instead of booting up in defunct-des which technically is PT.
With DES gone the whole reason for having the setting is now useless, it's either AES128 or the ap has AES256 and it uses that instead to my knowledge, and theirs 0 performance impact so shouldn't the basic setting just be AES
I'd like to say that I'm also disappointed in how Cambium handled the whole DES to AES conversion... it just makes sense that if you upgrade to 15.2 it should automatically set the SM's and then the AP's to AES. It's going to be so much work and additional downtime for us to convert. I'm really dreading moving to 15.2 and beyond because of this.
thanks Matt, I really don't want to reboot everything twice just to do an upgrade. plus there's no way to easily ensure that everything was updated AND set to the right settings.
What does this mean for a 430 series SM that is connected to a 450series AP? Will the 430 series SM no longer connect as it doesn't have the option of AES? will 15.2 give it this option? or am I forced to stay on older firmware from this point till I can afford to swap out 500+ SMs to 450 series?
Trust me, we are working to update all legacy equipment, but this is far from happening overnight and likely not within the year.