I just want to make sure you are also configuring the /ip dhcp-server network as well?
Yes - here is the redacted network config:
/ip dhcp-server network
add address=10.xx.ya.0/24 dhcp-option=ePMP,cambium43,domain dns-server=fff.ggg.h.3,fff.ggg.h.2 gateway=\
10.xx.ya.1 ntp-server=10.x.v.w wins-server=""
add address=10.xx.yc.0/24 dhcp-option=ePMP,cambium43,domain dns-server=fff.ggg.h.3,fff.ggg.h.2 gateway=\
10.xx.yc.1 ntp-server=10.x.v.w wins-server=""
add address=10.xx.ye.0/24 dhcp-option=ePMP,cambium43,domain dns-server=fff.ggg.h.3,fff.ggg.h.2 gateway=\
10.xx.ye.1 ntp-server=10.x.v.w wins-server=""
add address=10.xx.yg.0/24 dhcp-option=ePMP,cambium43,domain dns-server=fff.ggg.h.3,fff.ggg.h.2 gateway=\
10.xx.yg.1 ntp-server=10.x.v.w wins-server=""
I too am not able to get the SM's to pickup the cnmaestro URL from the dhcp options.
/ip dhcp-server option add code=15 name=BPS value="'xxxx.com'" add code=60 name=EPMP value="'Cambium'" add code=43 name=CNMaestro value="'https://xxx.yyy.com'" /ip dhcp-server option sets add name=EPMP options=BPS,EPMP,CNMaestro /ip dhcp-server network add address=10.99.3.0/24 dhcp-option-set=EPMP dns-server=x.x.x.x,y.y.y.y domain=yyy.com gateway=10.99.3.1 ntp-server=x.x.x.x
Log from an SM running 3.0
Sep 1 23:06:28 xx DEVICE-AGENT[2396]: Timeout in select() - Cancelling! Sep 1 23:06:28 xx DEVICE-AGENT[2396]: OpenConnection to cloud.cambiumnetworks.com:443 failed Sep 1 23:06:28 xx DEVICE-AGENT[2396]: Unable to discover cnMaestro URL (re-discover in 356 seconds) Sep 1 23:06:28 xx DEVICE-AGENT[2396]: Attempting (re)connection in 5 minutes Sep 1 23:12:41 xx DEVICE-AGENT[2396]: Timeout in select() - Cancelling!
Mikrotik version is 6.36
Can you please follow this KB article and see if this helps?
I am guessing the name ePMP defined in our article follows different pattern
add code=60 name="ePMP" value="'Cambium'"
Whereas i see your config file has EPMP mentioned in upper case
I am not sure on this though, if its a case sensitive (I can cross check with the team)
Regards,
Rupam
Thanks,
The 'name=' portion in the mikrotik config should be irrelevant as it's used to identify the option within the mikrotik's config and not passed to the client.
I've changed it just to see but even in the article you linked you'll see they use name=cambium60 in the first example and name="ePMP" below that.
I should also meantion I've tried a few different combinations.
Sending just option 43
Sending option 43 as IP instead of fqdn
Sending options 43 & 60
Sending optins 15, 43 & 60
--
Only thing that works is hard coding the URL in the SM.
I am turning up 8 tower sites into cnmeastro and I am unable to get the SM's to pick up cnmaestro URL via DHCP options at any of the sites.
Here is the dhcp debug log from the router (forgot to post it)
Aug 12 16:50:36 10.100.254.44 dhcp,debug,packet DHCP: dhcp1 received request with id 1195890228 from 10.99.44.30 Aug 12 16:50:36 10.100.254.44 dhcp,debug,packet DHCP: ciaddr = 10.99.44.30 Aug 12 16:50:36 10.100.254.44 dhcp,debug,packet DHCP: chaddr = 00:04:56:C3:51:08 Aug 12 16:50:36 10.100.254.44 dhcp,debug,packet DHCP: Msg-Type = request Aug 12 16:50:36 10.100.254.44 dhcp,debug,packet DHCP: Client-Id = 01-00-04-56-C3-51-08 Aug 12 16:50:36 10.100.254.44 dhcp,debug,packet DHCP: Host-Name = "ePMP1000_c9a0a7" Aug 12 16:50:36 10.100.254.44 dhcp,debug,packet DHCP: Class-Id = "Cambium" Aug 12 16:50:36 10.100.254.44 dhcp,debug,packet DHCP: Parameter-List = Subnet-Mask,Router,Domain-Server,Host-Name,Domain-Name,Unknown(17),Broadcast-Address,NTP-Server,Vendor-Specific,Client-FQDN Aug 12 16:50:36 10.100.254.44 dhcp,debug,packet DHCP: dhcp1 sending ack with id 1195890228 to 10.99.44.30 Aug 12 16:50:36 10.100.254.44 dhcp,debug,packet DHCP: ciaddr = 10.99.44.30 Aug 12 16:50:36 10.100.254.44 dhcp,debug,packet DHCP: yiaddr = 10.99.44.30 Aug 12 16:50:36 10.100.254.44 dhcp,debug,packet DHCP: siaddr = 10.99.44.1 Aug 12 16:50:36 10.100.254.44 dhcp,debug,packet DHCP: chaddr = 00:04:56:C3:51:08 Aug 12 16:50:36 10.100.254.44 dhcp,debug,packet DHCP: Msg-Type = ack Aug 12 16:50:36 10.100.254.44 dhcp,debug,packet DHCP: Server-Id = 10.99.44.1 Aug 12 16:50:36 10.100.254.44 dhcp,debug,packet DHCP: Address-Time = 1800 Aug 12 16:50:36 10.100.254.44 dhcp,debug,packet DHCP: Subnet-Mask = 255.255.255.0 Aug 12 16:50:36 10.100.254.44 dhcp,debug,packet DHCP: Router = 10.99.44.1 Aug 12 16:50:36 10.100.254.44 dhcp,debug,packet DHCP: Domain-Server = x.x.x.x,y.y.y.y Aug 12 16:50:36 10.100.254.44 dhcp,debug,packet DHCP: Domain-Name = "mydomain.com" Aug 12 16:50:36 10.100.254.44 dhcp,debug,packet DHCP: NTP-Server = x.x.x.x Aug 12 16:50:36 10.100.254.44 dhcp,debug,packet DHCP: Vendor-Specific = 68-74-74-70-73-3A-2F-2F-63-6E-6D-61-65-73-74-72-6F-2E-62-70-73-6E-65-74-77-6F-72-6B-73-2E-63-6F-6D
Has anyone gotten this to work? I'm revisiting our configs and trying to get this to work but the SM's are still not picking up the cnmaestro URL from the dhcp server - now using MT v6.38.7 and EPMP v3.5
--
/ip dhcp-server
add address-pool=dhcp_pool2 disabled=no interface=EPMP_MGMT lease-time=30m name=dhcp1
/ip dhcp-server option
add code=60 name=ePMP value="'Cambium'"
add code=43 name=cambium43 value="'https://10.100.15.13'"
/ip dhcp-server network
add address=10.99.94.0/24 dhcp-option=ePMP,cambium43 domain=bpsnetworks.com gateway=10.99.94.1 netmask=24 ntp-server=x.x.x.x
--
And the log from the router showing the options being sent:
--
16:01:09 dhcp,debug,packet dhcp1 received request with id 283692310 from 0.0.0.0
16:01:09 dhcp,debug,packet ciaddr = 0.0.0.0
16:01:09 dhcp,debug,packet chaddr = 00:04:56:EF:A6:8F
16:01:09 dhcp,debug,packet Msg-Type = request
16:01:09 dhcp,debug,packet Client-Id = 01-00-04-56-EF-A6-8F
16:01:09 dhcp,debug,packet Host-Name = "Customer"
16:01:09 dhcp,debug,packet Class-Id = "Cambium"
16:01:09 dhcp,debug,packet Address-Request = 10.99.94.247
16:01:09 dhcp,debug,packet Server-Id = 10.100.94.65
16:01:09 dhcp,debug,packet Parameter-List = Subnet-Mask,Router,Domain-Server,Host-Name,Domain-Name,Unknown(17),Broadcast-Address,NTP-Server,Vendor-Specific,Class-Id,Client-FQDN
16:01:09 dhcp,info SYSTEM: dhcp1 assigned 10.99.94.247 to 00:04:56:EF:A6:8F
16:01:09 dhcp,debug,packet dhcp1 sending ack with id 283692310 to 10.99.94.247
16:01:09 dhcp,debug,packet ciaddr = 0.0.0.0
16:01:09 dhcp,debug,packet yiaddr = 10.99.94.247
16:01:09 dhcp,debug,packet siaddr = 10.100.94.65
16:01:09 dhcp,debug,packet chaddr = 00:04:56:EF:A6:8F
16:01:09 dhcp,debug,packet Msg-Type = ack
16:01:09 dhcp,debug,packet Server-Id = 10.100.94.65
16:01:09 dhcp,debug,packet Address-Time = 1800
16:01:09 dhcp,debug,packet Subnet-Mask = 255.255.255.0
16:01:09 dhcp,debug,packet Router = 10.99.94.1
16:01:09 dhcp,debug,packet Domain-Server = x.x.x.x,y.y.y.y
16:01:09 dhcp,debug,packet Domain-Name = "bpsnetworks.com"
16:01:09 dhcp,debug,packet NTP-Server = x.x.x.x
16:01:09 dhcp,debug,packet Vendor-Specific = 68-74-74-70-73-3A-2F-2F-31-30-2E-31-30-30-2E-31-35-2E-31-33
16:01:09 dhcp,debug,packet Class-Id = "Cambium"
--
Good morning everyone,
So giving this a shot, if it works then I can get away from CNS...
I've added everything I think I need, the 43 and the 60 under 'DHCP options' and DHCP options/domain under 'DHCP networks' on my Mikrotiks.
I can ping the url cnmaestro.domain.com from the device itself and I think everything is resolving as it should.
Getting the following error from the CPE, looks like it's talking. Is that a certificate error from my CnMaestro onprem?
Sep 1 00:00:30 109 santar loop snmpd[3008]: DFS status: N/A
Sep 1 00:00:38 109 santar loop DEVICE-AGENT[3879]: Attempting (re)connection in 5 seconds
Sep 1 00:00:45 109 santar loop DEVICE-AGENT[3879]: Server certificated validation failed errno = 9, err = certificate is not yet valid
Sep 1 00:00:45 109 santar loop DEVICE-AGENT[3879]: Certificate is not yet valid, check the certificate host name
Sep 1 00:00:49 109 santar loop DEVICE-AGENT[3879]: Error response: [{"error":{"level":"error","message":"Device Not Claimed","code":1011}}]
Sep 1 00:00:49 109 santar loop DEVICE-AGENT[3879]: Unable to discover cnMaestro URL (re-discover in 74 seconds)
Sep 1 00:00:49 109 santar loop DEVICE-AGENT[3879]: Attempting (re)connection in 74 seconds
On the device you're using to test this, is Validate Server Certificate enabled in the cnMaestro section of the UI?
Sorry to bring up this old post. We've had no luck getting this to work either.
Is there a special procedure that needs to be followed, in the event the ePMP station has previously been managed by cloud.cambiumnetworks.com?
When transitioning to On-prem, and all the DHCP options are set up as in the guide, we are still not able to get the ePMP to pick up the URL correctly automatically.
Some of the posts mention factory defaulting--I hope that is not the case. We are assuming the unit would pick up the DHCP option with its next DHCP lease, and replace the URL, and begin contacting our On-Prem immediately.
We've also verified using packet captures that the options are being passed to the AP at least. Next thing we could do is a tcpdump on the ePMP device itself.
Well we've attempted hijacking the dns for cloud.cambiumbetworks.com, but we're getting certificate errors in the ePMP system log:
DEVICE-AGENT[27555]: Server certificated validation failed errno = 20, err = unable to get local issuer certificate DEVICE-AGENT[27555]: server's cert didn't look good 20
The cnPilot line seems to disable the certificate check when they connect to Maestro, but it appears the ePMP's don't do this, so this probably won't work.
I've also tried running tcpdump on the ePMP station, using, but not seeing any traffic. Can anyone help formulate this so it works on the station?
tcpdump "-i ath0 -n port 67 and port 68"
https://mypacketsgotframed.postach.io/post/configuring-dhcp-option-43-on-mikrotik-routerboard
What's happen if using hex for Option43
Hi Kelmore,
In order for the DHCP option 43 or 15 to work, the cnmaestro url field in the ePMP Configuration->System page should be left blank.Then the microtik DHCP config should be done as outlined in the Microtik DHCP onboarding KB article. We tried this locally and it worked fine for us without any certificate errors.
The certificate validation will happen when the hostname of the cnmaestro server contains cloud.cambiumnetworks.com . So in your NOC server Hostname make sure that the hostname has no such entries.
Please let me know if you still need further information on this.
Thanks,
KR.
1 Like
@nbctcp Thanks for the idea, but I don't know what the Option 43 static prefic for Cambium is, so I'm not sure which Wireless Controller Type to select in the link you sent. https://shimi.net/services/opt43/
KR,
Thanks for the information about leaving the field blank. When the options work correctly, should the "cnMaestro URL" field get populated automatically?
As for the certificate validation, what we attempted to do was redirect all DNS queries to "cnmaestro.cambiumnetworks.com" to our on-prem server's IP address. This way the units "think" they are talking to the cloud, when in fact they are talking to our OnPrem server, which I suppose is why the error is generated. The units are still trying to check the certificate in this scenario.
Lastly,
I have done numerous tcpdump dump "-i ath0" on the stations, but I am not seeing any DHCP information in the pcap file. Do I need to do something different to see the DHCP BootP packets? I'd really like to verify that the packets are reaching the radio properly.
@KR
I got the tcpdump working on ePMP, to show DHCP option information. We had to use one of the bridges to see the traffic, so the ePMP CLI command that works is "tcpdump dump "-i br-lan.[VLAN ID]"
Here are my options in the Mikrotik DHCP server, and below is what the radio is seeing. Does everything look correct? The ePMP radio's cnMaestro URL field is blank, but the radio does not want to pick up the Option 43 information at all. I have Disabled Remote Management, then Enabled, then reboot to pick up the option information, but still nothing gets set in the cnMaestro URL field.
Mikrotik DHCP Options
Wireshark DHCP Option Information
Should the radio be seeing text for Option 43? I am noticing Option 60 comes across as text in wireshark, but Option 43 does not.
My best guess is it has to do with the fact that these devices had been reporting to the Cloud Maestro, and that was interfering with the DHCP options being set properly. We ended up using a script to write the URL into the field using SNMP.
Hi Kelmore,
All your options 15,43 and 60 looks normal . But you are resolving cnmaestro.cambiumnetworks.com to your NOC IP which is wrong. Ideally you should map cnmaestro.allpointsbroadband.net which is your option 15 in order for the things to work properly. Once the options are received by device they will be stored in the background files and the same will be read while discovering the device by server. They will not be displayed or autofilled in the cnmaestro url field. Alternatively we have a tool to set the cnmaestro url for bulk number of ePMP devices using SNMP. Please let us know if we can share the same with you. If you want to try the same please raise a support ticket with the customer support team and they should be able to share the tool with you.
Thanks,
KR.