cnMaestro 3.0.4 (On-Premises)


This document highlights new features and significant updates in cnMaestro 3.0.4.

Important: Package Upgrade
cnMaestro On-Premises 3.0.4 is a Package release rather than a full OVA image. It must be applied on top of an existing 3.0.0 or 3.0.2/3.0.3 On-Premises installation.

Important: Web Browser
Restart your browser (or clear the browser cache with a hard reload) if you still see the older version.

Important: Update Precautions for CBRS Customers!
If you are using CBRS with cnMaestro acting as an HTTP Proxy, we strongly recommend configuring an external HTTP Proxy before updating to 3.0.4.

Anchor Account Creation
Cambium recommends all cnMaestro On-Premises users create Anchor accounts for their On-Premises installations, so they can simplify CBRS management. This will become a mandatory requirement starting in cnMaestro 3.2.0.

Only Super Administrators can configure Organizations.

Third-Party WMS Geolocation Map Server

Support for a third-party WMS Geolocation Map Server is added to replace the default cloud-based tile mapping service. This configuration is available at the Administration > Settings page.


60 GHz cnWave Enhancements

Auto Manage Routes: Automates IPv6 Routes to DNs and CNs based on topology and PoP nodes status. Applicable only if PoP nodes and E2E Controller are in same Network/Prefix length.


Download device software image over HTTPS (supported from E2E Controller version 1.2).


Hide Sites and Add Nodes in E2E Network Tree Menu.


Debug and Remote Commands at Node and Network level (Supported from E2E Controller version 1.1).



New flow to send Node Association/Disassociation requests for links.


Summarized CPE Prefix in BGP parameters and removed offline node BGP statistics.


VLAN configuration to allow/drop untagged packets when Layer 2 Bridge is enabled.


Option to configure DHCP option 82 when Layer 2 Bridge is enabled.


Instantaneous Offline Alarm

Support instantaneous “Device Offline” alarms, instead of waiting 5 minutes before sending the alarm. Enable this with caution, because it may generate false alarms due to slow or unstable connections.


Enhancements to Active Alarms

The following updates have been made to Acknowledged Alarms:

  1. They are no longer included in the Active Alarm count.
  2. They are displayed after Unacknowledged Alarms at the same severity level.
  3. The font of the Active label will be regular instead of bold.

Sorting and filtering support are also added for the Acknowledge column.


Map Enhancements

The following are significant updates to Maps:

  1. The Map display is restructured with a collapsible sidebar that supports configuration and status.
  2. The icons are leaner to optimize real estate. The Tower and Site icons display device count.
  3. Smoother zoom experience on scroll.

Removed Reregistration Map Mode and added a new Link Quality Indicator (PMP).


Miscellaneous UI Improvements

Grid size is retained while moving across different grids within the current UI session. Also, column chooser options are retained for individual grids within the current UI session.

Supported Cambium Products

cnMaestro supports the following Cambium Networks products. The software versions are the minimum required to use cnMaestro (not the recommended versions).

Family Model Version
cnPilot Home cnPilot R200, R200P 4.2.3-R4
cnPilot R201, R201P 4.2.3-R4
cnPilot R190V, R190W 4.3.2-R4
cnPilot R195P 4.5.2
cnPilot R195W 4.7
Enterprise Wi-Fi cnPilot e400/e500 2.5.2-r3
cnPilot e410/e430w/e600 3.5.2-R4
cnPilot e501S/e502S 3.2.1-r6
cnPilot e700 3.8
cnPilot e425/e505 4.0-r17
cnPilot e510 3.11.4-r9
XV3-8 6.0
XV2-2 6.1
ePMP 1000 Hotspot ePMP 1000 Hotspot 2.5.2-r3
ePMP ePMP 1000, Force 180/200 2.6.2
ePMP 2000 3.0.1
ePMP Elevate XM/XW 3.2
ePMP Force 190 3.5
ePMP Force 300 4.1
ePMP PTP 550 4.1.1
ePMP Force 130 5 GHz 4.3.2
ePMP 3000L 4.3.2
ePMP Force 130 2.4 GHz 4.4
ePMP Force 300-19, 19R, 13 4.4
ePMP 3000 4.4.1
ePMP PTP 550 E 4.4.2
ePMP MP 3000 4.5
ePMP Force 300-13L 4.5.2
ePMP Force 300-13LC, 22L, 25L 4.6
ePMP Force 200L 4.7.0
ePMP 4000, Force 400 GPS, 400 CSM, 425 5.1.0
PMP PMP 450i, PMP 450, PMP 450m, PMP 430 SM 15.0.1
PTP 450, and PTP 450i 15.0.1
MicroPoP Omni/Sector 16.2.1
PTP PTP 650 01-47
PTP 670 (650 Emulation) 01-47
PTP 670, PTP 700 02-67
cnReach N500 5.2.17e
cnVision Hub 360r, FLEXr 4.6
Client Micro, Mini, Maxr 4.6
cnRanger Sierra 800
Tyndall 101
Tyndall 201
60 GHz cnWave V5000 1.0
V3000 1.0
V1000 1.0

Supported Browsers

cnMaestro supports the following browsers:

Platform Browser Version
MS Windows Chrome 49 and above
Firefox 45 and above
Internet Explorer Deprecated
Microsoft Edge 44.17763.1.0
MacOS Safari 9 and above
Linux Chrome 49 and above
Firefox 45 and above

Significant Fixes

The following issues have been fixed:

Id Details
CNSSNG-10144 Provide view permissions for Floor plan for operator/monitor users.
CNSSNG-19906 When clients roam from one AP to another AP, the client count in Dashboard and Client Table do not match.
CNSSNG-20576 Delete option is not visible when the browser zoom resolution is more than 50%.
CNSSNG-20868 On-Premises still shows old Cambium ID in the Cloud Connectivity page when the Anchor account Cambium ID is renamed.
CNSSNG-20891 Scheduled Job with multiple devices is marked completed if any device in the Job is deleted.
CNSSNG-20993 CBRS Tool sends duplicate request, which sometimes causes an error.
CNSSNG-21022 PMP 450 5GHz CBRS error messages.
CNSSNG-21185 Mobile View: Site, AP Group, ePMP, cnVision device graphs are not reflecting.
CNSSNG-21349 Inventory shows only Site as column name but includes Site/Tower under it; however, Grid export pulls only Site names and ignores Towers.
CNSSNG-21356 ‘Search’ functionality of substrings is not working in the Port column of Switch Group.
CNSSNG-21862 GPS Firmware is out of date triggered by the latest GPS firmware versions.

Known Issues

The following issues exist:

Id Issue Details
CNREACH-139 Radio Software Update is not happening for EP-based devices.
CNSSNG-4083 DHCP errors after cnMaestro reboot When cnMaestro On-Premises is rebooted, after Data Import, sometimes DHCP and Disk Errors are encountered. Workaround: Explicitly run the dhclient command from the Command Line (accessed through the CLI) after reboot to assign the IP address.
CNSSNG-5365 RADIUS Proxy drops packets after retrying exhausted After RADIUS Proxy Retries are exhausted in cnMaestro On-Premises, all subsequent RADIUS packets are dropped. Workaround: Reboot cnMaestro server.
CNSSNG-9631 High Availability: Network cable unplug: Device count is taken from Primary and jobs/users list is taken from Secondary.
CNSSNG-9632 High Availability: Network cable unplug: Devices onboarded during network disconnect need to be reapproved by user.
CNSSNG-10145 Certificate exports are not part of Data Backup and Restore Certificates must be exported manually.
CNSSNG-10187 During Migration, moving, or deleting a device from the Managed Account will mark all events and alarms as undefined once Migration has completed.
CNSSNG-11299 AP Regulatory Channel list support check needed for checking valid channels.
CNSSNG-11389 Microsoft Edge Browser does not support in system OVA file upgrade. Workaround : Use the Google Chrome browser.
CNSSNG-11987 Failed - Bad Certificate’ errors while downloading the generated report after a period of report generation.
CNSSNG-12812 cnPilot R-series dual radio devices (r-201P, r-195W) AP Group country code/SSID configured from overrides getting applied only to 2.4 GHz radio.
CNSSNG-12888 Connected Clients count in the WLAN page is not properly shown when SSID is overridden for the WLAN at Device level.
CNSSNG-13054 Mismatch in Clients count for cnPilot E-series device at WLAN and AP Group configuration level.
CNSSNG-13144 CBRS Management tool status field is not updated in heartbeat state. Workaround: Prior to syncing the configuration to the radios, any state change from the SAS does not automatically get updated on cnMaestro. A refresh on the Management tool page is necessary.
CNSSNG-14030 CBRS race condition: SM “stuck” in cnMaestro during reparenting if import and start occurs as SMs arrive in onboarding queue Workaround: To avoid this issue, follow the suggested SM reparenting procedures listed in the latest version of Cambium CBRS standalone procedures document.
CNSSNG-14518 Device Type selection needs to be provided at Site and AP Group for Report generation.
CNSSNG-15432 Deleting a device in Base Infrastructure and claiming it immediately to another Managed Account returns Device Registration Failed message.
CNSSNG-15595 cnMatrix Hostname fall backs to old Hostname if the template is pushed for the first time (if a Switch Group already exists).
CNSSNG-15656 Duplicate entries observed in 802.11ax Clients Report.
CNSSNG-15838 Issues related to Monetization Subscription Events.
CNSSNG-16019 Subscriptions are not listed in the correct order.
CNSSNG-16197 CBSDID search will not work when device was synced from tool without obtaining grant first. Workaround: Perform CBSDID search from domain proxy view on Cloud to obtain MAC address, then perform MAC address search on tool to find the device.
CNSSNG-17011 After the migration completed for PPPoE with server update, devices still show in sync. Workaround: User must manually apply the AP Group again on devices with minor changes to the AP Group.
CNSSNG-18710 Tier issues related to 450i, 450i AP, and 450i SM.
CNSSNG-18913 On resizing, the graph/widgets are not properly rendering.
CNSSNG-18923 After migration Reports Job page is empty due to cached data. Workaround: Clear Cache and Cookies after migration.
CNSSNG-18927 Configuration push from Onboarding page is getting device timeout error in ePMP 1000 Hotspot device.
CNSSNG-18936 Graphs plotting is getting empty if the page is zoomed out/in.
CNSSNG-19264 Unmanaged expired device approve button is not disabled.
CNSSNG-19273 Expired Wi-Fi devices are not handled for AP Group dashboards and tree level.
CNSSNG-19274 Expired devices count should not be added to connection health graph.
CNSSNG-19275 Issues related to Offline alarm of expired devices.
CNSSNG-20491 Cloud-Connect action data missing for Cloud-Sync module in Audit logs.
CNSSNG-20508 Last Super Administrator deletion should be shown proper error message.
CNSSNG-20605 User-Defined Overrides (Advanced) should be handled from Switch Groups > Switches > Actions > Configuration tab.
CNSSNG-20745 AP Count is -1 in Anchor when deregistering the device from Anchor.
CNSSNG-20820 After server upgrade, device throws error [Invalid CBSD ID and Grant ID], even the Domain Proxy shows the device is registered.
CNSSNG-20868 On-Premises still shows old Cambium ID in the Cloud Connectivity page when the Anchor account Cambium ID is renamed.
CNSSNG-20993 CBRS tool sends duplicate request, which sometimes causes an error.
CNSSNG-21264 Auto refresh is not working when Site/Tower/Device details are updated in network level map.
CNSSNG-21268 cnMatrix devices are not reflecting in maps.
CNSSNG-21271 Map: SM status is missing in AP details.
CNSSNG-21345 RF Statistics related information should not be available in reports for XV type device.
CNSSNG-21396 Issues related to cnMatrix onboarding overrides.
CNSSNG-21425 Left side menu is not properly shown in Firefox browser.
CNSSNG-21540 Found 'Failed to start SNMP Adapter for cnMaestro’ error.
CNSSNG-21590 AP not syncing Error: Configuration failed: system_name: Only alphabets, digits, hyphens and underscores are allowed. Workaround: User must manually apply the AP Group again on devices with minor changes to the AP Group.
CNSSNG-21703 SM icon is missing in Network-level Maps.
CNSSNG-21909 Link availability graph shows down even though links are up when cnMaestro is rebooted.
CNSSNG-21911 60 GHz cnWave Dashboard Map, when there is more than one node per Site, node details are not available although count is shown.

Where to Get Help

There are several places to get help with cnMaestro:

Cambium Community : The cnMaestro Forum provides the best place to ask questions and get up-to-date information.

On-Premises Quick Start Guide : This guide walks you through the initial management process and allows you to get onboarded quickly. It is embedded into the cnMaestro image and can be accessed on the Home Page of the UI. It can also be downloaded in PDF format from the Cambium Support website.

Cambium Support : The Cambium Support team is available 24x7 to answer questions and resolve issues.

Thanks for the update Rob! We have a support ticket with Cambium referencing CNSSNG-20911. I didn’t see it in the fixed bugs nor open bugs list. Would it be possible to share the status of this ticket?

Hi @rnelson - this was fixed and made it into the 3.0.4 release too (sorry it didnt make the major fixes list!)


The whole point of using the on-prem is to not share data outside the network. If we are not using CBRS, then an anchor account should not be required. Please make this optional.


We share the same opinion

1 Like

Its less of an opinion and more of a requirement.

In todays internet any surface area is an attack vector, including remotely hosted services. It could be said that a property configured firewall will reduce the attact vectors but that wont stop a man in the middle attack nor will it stop a social attack. Its hard enough keeping your own co-workers from just blindly clicking things, but now we have a third-party that we really dont want having access to our network to worry about.

This seems like Cambium wants us to pay for device licenses (think Motorola’s Wireless Manager) on devices we own (Meraki anyone?) and by binding our service to an account they control they can turn off our service or that same access can be used to gather information about our network without our expressed consent regardless of how that data is intended to be used.

The total lack of consideration towards our security rights and our policies has significantly reduced our use of this product and since it has already been announced that all revisions going forward will require an anchor account, we are looking to abandon the product.


So I was considering giving CNMaestro another go. I’m setting here with a server I just got all set up and I come here looking for the software / instructions etc… to get it going and…

Anchor Account Creation
Cambium recommends all cnMaestro On-Premises users create Anchor accounts for their On-Premises installations, so they can simplify CBRS management. This will become a mandatory requirement starting in cnMaestro 3.2.0.

Aside from the already pointed out just one more hole I have to punch in my defenses and maintain and take into consideration and worry about until the end of time for no reason other than Cambium wants information they can use/sell/whatever. As someone that only used CNMaestro briefly and when it first came out… will my on premisis CNMaestro go down or stop working every time there is a hiccup that causes it to lose connection to the Cambium Mothership ?

Seriously… if there was a Super Hero called CambiumMan he would have all the powers of Superman but Cambium would make his Super Suit out of Kryptonite… and he would randomly punch you in the face and ask you for cigarette money.

Edit: Also, no links in the above release-notes post to any of the alluded to files/documents/support. I’m not finding anything called a " Quick Start" anything in files download area only the regular On Prem User Guide.

Edit Edit :

It can also be downloaded in PDF format from the Cambium Support website.

Well yes and no… or at least I think you mean you can download the On Premises User Guide and it has a Quick Start section in it. There is , or at least not that I can find, no stand alone Quick Start Guide that can be downloaded.


We don’t use on premise, but I believe the hole is for your licensing management. So as long as your not down for a significate time and or you don’t have any licensing management then I believe you should be good to go.



The actual reason is because they plan to start charging for the X features even on the on-premises, which, at that point mise as well be running in cloud almost and save a server/VM, hopefully its at least cheaper than cloud since it’s running on our hardware.

except if there is an outage between you and cambium’s server farm then your SOL for access, data, metrics or issue notifications. Worse yet the system will start sending you emails regarding outages on your network just because the server can talk to the radios on your network, which can happen for a number of reasons.
There is no actual reason to require a cloud based anchor account on an on-prem server other than to gather data from said server and identify the customer its coming from. All of the X features can easily be turned off by default and require periodic check in to the license servers (with grace time IF previously authenticated).

I think Cambium will drop on-prem cnMaestro at the next hardware refresh.

They better not. We can’t utilize the cloud completely and it doesn’t have the same feature parity as on prem.

Can you please list those features.