reset ePMP radio without intervention

Hello, my name is Vagner, I have some time trying to reveal a mystery that occurred with my ePMP radios, is returning to the factory configuration without intervention, which caused me a great displeasure of the customers. What I could add:
1 - I read in a postagen that due to electrical problems, the radios could be redefined due to the power sequencing reset feature. But, I've disabled this functionality and the cases have reappeared.
3 - By indication of the cambium support team, I took the radios from 3.1 to 3.5, going from 3.2, 3.4, 3.4.1 to 3.5, and new cases occurred.
4 - Check all the Log files, and found no clues about what could be happening.
5 - I noticed that the problems began to appear after implementing CNMaestro in my network. Maybe the Radio loses the connection with the CNMestro and Reseta, I do not know.

I'm desperate and lost clients, someone would have light.

thank you.

Hello Vagner,

We didn't hear about this kind of issue from other customers..

The only scenario I can imagine is that someone resets your radios through GUI or SNMP illegally.

Have you changed SNMP communities strings from default values?

Thank you.

2 Likes

Thanks for the answer.

I've come to think of this hypothesis, but I've been careful to change everything by naming SNMP communities when user credentials (Admin / Installer) and WPA2 Key.
Our equipment is not exposed on the internet, being in an invalid management network (Private), and we have blocking ACLs for external networks (Internet). I think that would not be the case, unless the access is coming from within the own network of management, and in this case, which I consider very difficult, how could I diagnose?

As for the versions of the ePMP 1000 GPS and the CNMAestro radios, would you have something to consider?

I'm working with Hipoteses, if you have any that you can check, please share?

thank you.

Do you have firewall rules blocking your own customers from getting back to your management LANs ? Blocking the internet would keep most risks at bay, but a network savvy person may attempt an IP sweep if internall addresses through your delivery networks and possibly get access to your radios with default snmp info if it has not been changed. Adding firewall rules to stop your distribution ranges from being able to reach then would stop this. Also your installer user accounts i believe are able to factory default if thise passwords are default and the accounts are active that is another vulnerability that would be blocked with firewall rules.

2 Likes

In fact, we have firewall rules that block external access. The radios were changed to HTTPS, and the default users' credentials were changed, I think if there is some access, it would not be outside the network management, but I find it very difficult for anyone within the network to redefine the equipment.

The radios are mainly in PTP, using FDD and not WIFI Standard. The WPA2 key has changed.

I can not identify the cause, in some cases I had to change the equipment due to the recurrence of the problems.

It was certain that the problems were due to some electrical instability in the localities, which may be triggering the restart via power sequence, as I saw some reports here in the forum.

Is it possible for my CNMaestro to be performing these actions? Any viruses?

Worried about here!

I haven't heard of CNmaetro doing it.  

there are a number of bugs out there and it's always a possibility as well as an infected client PC designed to target anything it can find.   I've yet to hear of one, but as with anything, a chance exists.   

it is unlikely to redefine within the network but possible. 

1) if you have ruled out power by means of ensuring power is stable and reliable, 

2) secured from the outside world

3) changed most of the access criteria

it's possible its an on net problem rather it is intentional or not,  I would revisit anything that is able to reach these radios no matter the difficulty. not saying its intentionally malicious but narrow down your sources of access to check what could be the source. once you've got it narrowed down exactly what can and cannot reach your radios, you can completely rule out someone or a malicious script bothering your radios.

we have all of our radios management completely secured away from our access network and is only accessible through 1 port in the local switch at the towers (not occupied unless we need to use them onsite), and only accessible from a  /27 private range from our NOC

if you are using DHCP to give IPs to your radios, might want to grab a few packets and see what all information is being sent, make sure you are seeing the information you expect.  no boot services etc. being sent. (not aware of epmp support them, but doesn't hurt to check out that data if its involved in your service)  

and last but not least, physical access to your radios, any chance the reset button is being pressed on a power cycle?

Is there some sort of power method that a Force200 could get defaulted as well? I've been seeing more radios getting defaulted after weird power events (Brownouts, rapid on off, etc)

I would like to shut that option off if possible. 

Tools - Backup/Restore - Reset Via Power Sequence - Mark Disabled

2 Likes