cnMaestro 2.2.0 (On-Premises)

Introduction

This document highlights new features and significant updates in cnMaestro On-Premises. Note 2.2.0, is a major release, and Cambium recommends all customers update to the latest version.

Important

cnMaestro 2.2.0 On-Premises is distributed as an OVA file, which can be installed as a new Virtual Machine or used to update an existing 2.1.0 OVA installation. Please verify at least 1 GB of available memory before updating using the OVA.

Existing cnMaestro On-Premises users running with version 1.6.3 should export their data and import it into cnMaestro 2.2.0. Data exported from cnMaestro 1.6.3 is supported.

Important: Web Browser

You may need to restart your browser (or clear the browser cache with a hard reload) after the 2.2.0 update.

Important: AMI Installation

This OVA cannot be used to upgrade the cnMaestro 2.1.1 AWS AMI released in the Amazon AWS Marketplace. There will be a separate AMI release for 2.2.0.

Layer 2 High Availability (HA) Pro.png Beta.png  (On-Premises)

cnMaestro On-Premises supports Layer 2 High Availability Beta through an Active-Standby (1+1) architecture. The default HA installation has a single Management interface (eth0) and a Shared (floating) Management IP address. HA is configured through the Console.

2.2.0-1.png

Failover Times

An on-premises failover occurs over the following intervals:

15-20 seconds

Commit to failover.

60-90 seconds

Transition databases and services. UI becomes available during this period.

Up to 5 minutes

Devices reconnect in staggered fashion, to limit large deployment overhead.

During a failover, RADIUS Proxy will be unavailable until the hosting device reconnects, and EoGRE requires service initiation on the new Active system. Data Plane failover will be optimized in a later release.

Rogue AP Detection

A Rogue AP is an unsanctioned AP not onboarded to a Site. The Cambium AP scans channels and collects details about neighboring APs, which are displayed in cnMaestro.

Configuring Rogue (Unsanctioned) AP

  1. Navigate to AP Groups > Configuration > Security page
  2. Select the Enable Rogue AP detection check box

Monitoring Rogue APs

Rogue APs can be monitored at the Access Point and Site levels in the hierarchy. The graphic below highlights the Rogue AP Dashboard for an Access Point. Rogues can be visualized by channel over time, and they can be whitelisted directly from the Dashboard.

 

Secondary External Authentication Servers Pro.png (On-Premises)

Support for an optional Secondary Authentication Server for cnMaestro application authentication. The default Local Users authentication will only be performed if both Primary and Secondary servers are unreachable.

Guest Portal Self Registration

The user can customize the fields in the Splash page by choosing the Custom Field option in the Guest Access Portal page and clicking Add New button.

Wired Clients for cnPilot Home

Added support to display Wired Clients for cnPilot Home devices.

Wired Guest Clients for cnPilot Enterprise

Added support to display Wired Guest Clients for cnPilot Enterprise devices.

CLI Debug Option for cnPilot Enterprise APs

Execute CLI commands on cnPilot Enterprise APs as part of Advanced Debug option. This feature is for debugging purposes: it is not meant to configure APs. This option is supported on APs running software version 3.10.2 or higher.

 

cnPilot Radio Enable/Disable Override

The Device Override section in the Device Configuration tab now has the option to enable/disable Radio 2.4 GHz and Radio 5 GHz.

Enhanced Statistics for PTP Devices

Below parameters are added to Statistics table for PTP devices:

  1. Error Seconds
  2. Severe Error Seconds
  3. Unavailable Seconds

A new Network Info tab is added under the Details tab for PTP devices.

Enhanced Data Report for PTP Devices Pro.png

Existing Devices Data Report is enhanced with addition of significant PTP Radio parameters.

Unique Device Name Enforcement

Device name validation to enforce uniqueness across the system. In case of Managed Services, uniqueness is enforced within the Managed Account.

Satellite View (US and EU)

Support for Satellite View in Map is added in limited United States and European Union regions. This option can be enabled from Application > Settings > Advanced Features page.

API Updates Pro.png (On-Premises)

New APIs

Path

Details

Guest Portal API (Section 19.3)

/api/v1/portals/{Portal ID}/vouchers/{voucher plan}

List of vouchers

/api/v1/portals/{Portal ID}/vouchers/{voucher plan}/generate

Generate vouchers

/api/v1/portals/{Portal ID}/events

List of guest login events

Devices API (Section 8.5.6)

/api/v1/devices/{MAC Address}/disconnect_clients

Disconnect clients under an AP

Supported Cambium Products

cnMaestro supports the following Cambium Networks products. The software versions are the minimum required to use cnMaestro (not the recommended versions).

Family

Model

Version

cnPilot

cnPilot R200, R200P

4.2.3-R4

cnPilot R201, R201P

4.2.3-R4

cnPilot R190V,  R190W

4.3.2-R4

cnPilot E400/E500

2.5.2-r3

cnPilot E410/E430w/E600

3.5.2-R4

cnPilot E501S

3.2.1-r6

cnPilot E502S

3.2.1-r6

cnPilot E700

3.8

ePMP 1000 Hotspot

ePMP 1000 Hotspot

2.5.2-r3

ePMP

ePMP 1000, Force 180/200

2.6.2

ePMP 2000

3.0.1

ePMP Elevate

3.0.1

ePMP Force 190

3.5

ePMP Force 300

4.1.1

ePMP PTP 550

4.1.1

ePMP 3000

4.3.0.1

PMP

PMP 450i, PMP 450, PMP 450m, PMP 430 SM

15.0.1

PTP 450, and PTP 450i

15.0.1

PTP

PTP 650

01-47

PTP 670 (650 Emulation)

01-47

PTP 670, PTP 700

02-67

cnReach (Beta)

N500

5.2.17e

cnMatrix

cnMatrix

2.0.4-r1

Supported Browsers

cnMaestro supports the following browsers:

Platform

Browser

Version

Windows

Internet Explorer

11 and above

Firefox

45 and above

Chrome

49 and above

MacOS

Safari

9 and above

Linux

Firefox

45 and above

Chrome

49 and above

Significant Fixes

The following issues have been fixed:

Id

Details

CNSSNG-2396

cnMaestro is logging out automatically even though the session should not expire until the browser closes.

CNSSNG-3910

PTP 450 Bi-directional Frame Utilization information is missing.

CNSSNG-9596

Client sessions data not exporting when exporting and importing to new server.

CNSSNG-9611

No option to enable/disable SSIDs in C3VoIP.

CNSSNG-9705

Link Test does not work for ePMP AC devices.

CNSSNG-9723

R201 supports 1Gbps for LAN and WAN port, while setting speed from cnMaestro using QoS, we can set maximum as 100 Mbps.

CNSSNG-10356

Replacement variables can't be unset. Blank defaults not properly supported.

CNSSNG-10362

Report jobs which are in processing state during failover is creating empty/incomplete report.

CNSSNG-10478

Static gateway is not being deleted from cnMaestro.

CNSSNG-10546

Device name restrictions not consistent.

CNSSNG-10604

By default, Telnet is enabled for config pushed through cnMeastro.

CNSSNG-10633

Delimiter for MAC Address in MAC Authentication (in WLAN Group) must accept only valid parameters.

CNSSNG-10670

802.11k RRM configuration is not available in cnMaestro WLAN configuration page.

CNSSNG-10804

Equals sign = Breaks User-Defined Overrides.

CNSSNG-10820

Maps view do not display any device with Lat/Long coordinate of 0,0.

CNSSNG-10986

Not able to export vouchers after creation using generate and export option.

CNSSNG-11002

Top Wi-Fi Networks by Throughput/Clients is not fetching managed accounts.

CNSSNG-11015

"Redirect Hostname" option missing for external hotspot in cnMaestro.

CNSSNG-11072

Move PPPoE configuration as per cnPilot device.

CNSSNG-11090

Web access protocol HTTPS needs to be removed under R-Series AP Group under Management.

Known Issues

The following issues exist:

Id

Issue

Details

AURA-388

WiFi Guest Access does not work with Microsoft Edge Browser

Guest Access on cnMaestro does not work with Edge browser on cnPilot 1.4.0-r12 with 3.2.1-6 and 1.5.0-r4 with 3.3 beta builds.

Workaround: Users need to use supported browsers like Chrome, Firefox, or Internet Explorer (IE) 11.

AURA-470

Failure to load success page after quick pay authentication

AURA-474

Error contacting server when clicking on Orange Money button

CNSSNG-4083

DHCP errors after cnMaestro Reboot

When cnMaestro On-Premises is rebooted, after Data Import, sometimes DHCP and Disk Errors are encountered.

Workaround: Explicitly run the dhclient command from the Command Line (accessed through the CLI) after reboot to assign the IP address.

CNSSNG-4906

Captive Portal Auto Login fails with latest Android devices

Workaround: Whitelist the URL for Google (*.google.com).

CNSSNG-5365

RADIUS Proxy drops packets after retry exhausted

After RADIUS Proxy Retries are exhausted in cnMaestro On-Premises, all subsequent RADIUS packets are dropped.

Workaround: Reboot cnMaestro.

CNSSNG-7626

Access token is expired after data migration

Workaround: User has to generate a new token after the migration.

CNSSNG-7372

Auto sync always times out if the device IP changes during auto sync

CNSSNG-8304

ePMP: “No GPS Sync” or
“GPS Sync Down” alarm/event not raised in cnMaestro

ePMP devices are not sending the GPS Sync status events to cnMaestro when GPS Sync is down or there is NO GPS Sync.

Also for PMP GPS SYNC events, details shows sync source instead of indicating whether the GPS SYNC source is up or Down.

CNSSNG-10145

Certificate export is not part of Data Backup and restore

Certificates must be exported manually.

CNSSNG-10187

While Migration is happening moving or deleting a device from the Managed account will mark all the events and alarms as undefined once migration is completed

CNSSNG-10189

cnReach performance reports do not have throughput values for radios

CNSSNG-10223

MSP images not imported on server when exported from 1.6.3 and imported in 2.2.0 

Workaround: Customers need to apply 1.6.3-r39 build and then import the data to 2.2.0

CNSSNG-9631

HA: Network cable unplug: Device count is taken from NOC1 and jobs/users list is taken from NOC2.

CNSSNG-9632

HA: Network cable unplug: Devices Onboarded during network disconnect needs to be reapproved by user.

CNSSNG-11289

HA No Standby Server Banner message will be seen when we do any bulk operation in cnMaestro.

CNSSNG-11299

AP Regulatory Channel list support check needed for checking valid channels.

CNSSNG-11389

Microsoft Edge Browser does not support in system OVA file upgrade.

Workaround: Use the Google chrome browser

Where to Get Help

There are a number of places to get help with cnMaestro.

Cambium Community: The cnMaestro Forum provides the best place to ask questions and get up-to-date information.

  1. On-Premises Quick Start Guide: This guide walks you through the initial management process and allows you to get onboarded quickly. It is embedded into the cnMaestro image and can be accessed on the Home Page of the UI. It can also be downloaded in PDF format from the Cambium Support website.
  2. Cambium Support: The Cambium Support team is available 24x7 to answer questions and resolve issues.
3 Likes

With HA support in cnMaestro 2.2, connected Wi-Fi clients should see no interruption to their session if they are not roaming during the failiover period. 

cnMaestro 2.1.1-r14

Is this procedure correct for updating with the OVA? When it arrives at 100% it does nothing and the page it's refreshed. I have already tried to restart the server without success.

I'm seeing this same issue.  Any further word?

Hi jhh -- please verify you have enough available memory. We updated the Release Notes to require at least 1 GB. Also, there is a pending issue with the Microsoft Edge browser.

Thanks for the quick reply.  I'm configured for 4GB of memory, and am using Chrome.

Hi Jhh -- just want to check a couple more things. The 1 GB needs to be available. So if you had 2,000 devices, the recommendation would be 8 GB RAM total (which should be sufficient). Also, the upgrade occurs in two steps, because the OVA is large and needs to be unpacked. Once 100% is reached for the partition, there should be an "Apply" link next to the partition. Clicking that will reboot into the 2.2 image. Just want to make sure you see "Apply" and have clicked it.

We have tried a few time now. seems like after getting to 100% it stalls and reboot or reloads. It stays at 100% for about 1 or 2 minutes. I never get an accept button. Got an error with html code in it one time but other times it refreshes like nothing happened. Also, we have 10gb for memory and i am also using chrome Version 74.0.3729.131 (Official Build) (64-bit)

Hi Josephistre -- thanks, this is helpful. The image is first uploaded into the system (which is the 100% you are seeing), and then it is unpacked into the unused partition (which takes about 10 minutes, due to the size and the composition in the OVA). The unpacking status is displayed next to the partition as another percent-to-completion. When that hits 100%, then the Apply is displayed. But it looks like the system is not even getting to the unpacking. I was able to verify it works in a local environment without devices. We will prioritize trying to reproduce in our test setup.

Is there a way to "unboard" device and then try uploading? Since i have downloaded a generated backup.

Hi Joseph

How many device you are managing?

Rupam

If you're getting strange behavior with attempting to upgrade via the OVA option in the GUI double-check the hash value of the OVA you downloaded. Downloaded a couple copies of the OVA earlier that had an incorrect hash but just got a correct one a few minutes ago and it's working fine now.

For reference: 

SHA-256 Checksum: e46f3aa0e4ca760e905739486d8d0720868c609cba1903a085b2d3f82061164a

1 Like

Just checked the hash on the file I downloaded yesterday and it's good.  I'll try downloading again just to see if it makes a difference despite that.

I'm only managing 5 devices. 

Here's are screenshots of df -h and top's memory statistics from my system.

cnmaestro_df-h.jpgcnmaestro_top_memory.jpg 

Top doesn't show 1GB free, but when I rebooted yesterday it did.

i have sent a private message, could you please check and confirm?

we are running right under 2000 devices. We decided to reinstall with the new ova file. It is up now.. but the upgrade never worked.

I understand that all users are in the same situation. 
Are there solutions apart from completely rebuilding the machine? Should we expect a patch?

I got connected to a Cambium employee through this thread and they remoted in to my environment to troubleshoot the issue.  In the end I was told they did find a bug that will be fixed in the next release.  He also helped me manually update.  The manual update is supposed to be documented somewhere, but I don't think I've seen that in all my research.  It involved enabling ssh, then using WinSCP to transfer the OVA to the cnmaestro host, then running a command to have it start the upgrade.  Wish I could give you the details, but perhaps they will interject into this thread with those details.

Thanks Anish!!!

Hi Tuvix_IT -- it looks like there is an issue with the image download and staging through the UI. There is a failsafe mechanism to manage this using the Command Line. Once the image is accessible to the OS (either by downloading through SCP or mounting a shared folder), you can execute the following commands:

# Extract and stage the image into the unused partition

sudo /srv/bin/cnmaestro-image stage <OVA Filename>

# View status of the extraction (wait until it completes/hits 100% -- about 10 minutes)

watch -n2 sudo /srv/bin/cnmaestro-image status

# Boot into the new image. Use the inactive partition from the status command

sudo /srv/bin/cnmaestro-image upgrade <os2 or os1>

Edit (3/30/2021): Note these steps are only a failsafe if the UI upgrade is unavailable. They should not be used for downgrades, which are unsupported.

3 Likes

On the homepage (Manage) and keep selected the "SYSTEM" tree, in the general map at the right of the screen, the towers become red even if a SM is offline, so the map is almost red.

I think will be helpful if the Tower become red if an AP in the tower go offline instead a single SM.

Thanks!

Hi,

Agree. We should show tower in red color only if any of the APs installed on the tower are offline. This one looks like a bug, will validate this behavior in our lab setup and let you know. Thanks for bringing this observation to our notice.