cnMaestro 3.1.0 (On-Premises)


This document highlights new features and significant updates in cnMaestro On-Premises.

cnMaestro 3.1.0 On-Premises is distributed as an OVA file, which can be installed as a new Virtual Machine or used to update an existing installation running cnMaestro 3.0.0/3.0.2/3.0.3/3.0.4.

Important: Web Browser
Restart your browser (or clear the browser cache with a hard reload) if you are having UI problems with the 3.1.0 version.

Important: Two Interface Installations
Please review the section below on the enforcement changes for Management traffic through eth0 and Device traffic through eth1.

Wireless Client Application Visibility x2

A dedicated page provides insight into the applications accessed by a Wi-Fi Client. This is only supported for Enterprise Wi-Fi 6 Access Points. The feature must be enabled in the AP Group, so the Access Points collect the application data and forward to cnMaestro.


Applications View

The Application page provides aggregate and time-series application details.


Wireless Client Dashboard and Performance x2

Wireless Client Dashboard and Performance pages improve insight into Client activity. This feature is accessed by clicking any Client (Clients > Wireless Clients) at the System, Network, Site, or Wi-Fi AP levels.

Wireless Clients Table

The Wireless Clients Table is presented below.


Wireless Client Dashboard and Performance Views

The Client Dashboard provides application and runtime details on the Clients. The Performance page (not shown) displays key performance parameters over time.


CBRS Co-Existence for CommScope and Federated Wireless

Support is added for CBRS Co-Existence using CommScope or Federated Wireless SAS. This support is already available for Google SAS users.

For CommScope and Federated Wireless, a “Merge User ID” option is displayed when importing a new sector. The default behavior (when set to “yes”) results in the tool sending CBRS registration requests with the SAS User ID prepended to the Sector ID and Spectrum Reuse ID. This allows the SAS to distinguish between operators (if both operators pick the same Reuse ID). In most cases, operators will want the default behavior.

See the Cambium 20.3 PMP Training Course on the Cambium Networks Learning site for more information. It details cases where an operator might want to set this to “no”.


Federated Wireless Enhancements

Federated Wireless operators will see the following additions to the Spectrum Inquiry Response pop-up GUI.

A second view of the bar graph showing channel sorting by ranking.

A timer near the bottom of the pop-up GUI which counts down to the next CPAS cycle and guides operators to wait until the timer expires to obtain a newly sorted spectrum inquiry response, before making the final channel selections for grant requests.

See the CBRS Consolidated Procedures Guide for more details.


Other CBRS Enhancements

The addition and countdown timer shown above is available for Google and Federated Wireless operators.

3.1.0 also adds support for newer CBRS alarms and events introduced in PMP version R21.0. The ability for an operator to manually clear these CBRS alarms by alarm type has also been added, as shown in the screenshot below.


Wi-Fi AP Configuration Updates and Bulk Overrides x2

The Wi-Fi AP Configuration flow has been simplified, and Bulk Overrides are added to efficiently update values across many APs.

Primary Configuration Page

The simplified Device Configuration page is presented below. It is now used to filter devices.


AP Group/Template Selection and Bulk Overrides Page x2

A subsequent update page supports Bulk Overrides applied to selected devices.


Wireless Clients Report x2

Existing Wireless Clients Report is enhanced to provide an aggregate view of Client activity within a period. Report generation can be scheduled and downloaded in CSV format from the Administration > Jobs > Reports page.


Note the previous Client Report was a Session Report, which detailed statistics for each Client connection. This has been moved to the Client Dashboard as Roaming History.

Guest Access Login Events Report x2

A new report type is added for Guest Access Login Events. Report generation can be scheduled and downloaded in CSV format from the Administration > Jobs > Reports page.


Enhanced Packet Capture for Enterprise Wi-Fi APs

The existing Packet Capture tool is enhanced to create a packet capture file (with a ‘.pcap’ extension) that can be downloaded. It allows packet capture on a single interface or simultaneously on multiple interfaces. This feature is supported for Enterprise Wi-Fi APs running software version 6.4 or higher.


SDR Moved to Essentials

The Software Defined Radios (SDR) support for XV3-8 Wi-Fi APs is now an Essentials feature.


Mesh Peers Moved to Essentials

The Mesh Peers detailed view is moved to Essentials.


cnArcher Installation Summary x2

The cnArcher Installation Summary is available at Network Services > cnArcher Installation Summary. It is only supported by PMP SMs, and the cnArcher mobile application version must be 1.6.37 or higher.

cnArcher is used to install PMP Subscriber Modules (SMs), ePMP SMs, and cnRanger SMs. The Installation Summary provides an overview of the data collected by cnArcher during the installation process.

A list of PMP installations is presented below.


Details are captured and displayed for each install, including pictures taken at the site.

Map Enhancements

The MAP view is moved to the side tabs to provide better access.


Traffic Separation Enforced for Dual Interfaces

cnMaestro supports configuring two interfaces: eth0 for management/cluster traffic and eth1 for control/device traffic. In previous versions of cnMaestro, the Web UI and Device traffic enforcement was not enabled, because they both connected to the same Web Server. This behavior is updated in 3.1.0, and all Web UI traffic is now required to traverse eth0, and all Device traffic eth1.

Two Interface Installations
cnMaestro 3.1.0 enforces Web UI traffic through eth0 and Device traffic through eth1 in two interface installations.

Overriding the management/control traffic separation is possible by applying a network override. The steps are as follows:

Override the Management (eth0) Interface to Accept Control Traffic

  1. Manually edit /srv/files/etc/cnmaestro-network.overrides to include the following:
    iptables -t nat -D PREROUTING -i eth0 -p tcp --dport 443 -j REDIRECT --to-ports 1443
    iptables -A INPUT -i eth0 -p tcp -m tcp --dport 443 -j ACCEPT
  2. Restart the system (or type “sudo /srv/bin/cnmaestro-network”)

Override the Control (eth1) Interface to Accept Management Traffic

  1. Manually edit /srv/files/etc/cnmaestro-network.overrides to include the following:
    iptables -t nat -D PREROUTING -i eth1 -p tcp --dport 443 -j REDIRECT --to-ports 1444
    iptables -A INPUT -i eth1 -p tcp -m tcp --dport 443 -j ACCEPT
  2. Restart the system (or type “sudo /srv/bin/cnmaestro-network”)

High Availability Deployment Considerations

In a High Availability deployment, if the overrides file is edited on the Primary instance, it is automatically replicated to the Secondary. However the Secondary will still need to be manually restarted in order for the update to take effect.

Citrix Hypervisor Installation

cnMaestro can be installed on Citrix Hypervisor (formerly known as XenServer). For detailed installation steps, refer to Citrix Hypervisor Installation Appendix in the cnMaestro On-Premises User Guide.

API Updates x2

The Swagger documentation for the updated RESTful API is found at: cnMaestro - RESTful API.

Changes to Existing APIs

Path Details
GET /api/v2/networks Type field is added for 60 GHz cnWave Networks.

New APIs

Path Details
GET /api/v2/cnwave60/networks/{network_id}/devices/overrides Multiple device configuration.
PUT /api/v2/cnwave60/networks/{network_id}/devices/overrides Commit multiple device configuration.
GET /api/v2/cnwave60/networks/{network_id}/links Network level links topology.
/api/v2/cnwave60/networks/{network_id}/links/{link_name}/{ignition status}
POST /devices/{mac}/pull_config Initiate device pull configuration request.
GET /devices/{mac}/pull_config Returns result of device pull configuration request.

Features Removed

Feature Name Details
L2GRE/EoGRE Tunnel Concentrator As communicated during the 3.0.0 On-Premises release, this feature is removed in 3.1.0. Please refer to the community post for more details - Deprecating L2GRE Concentrator from cnMaestro on premises

Supported Cambium Products

cnMaestro supports the following Cambium Networks products. The software versions are the minimum required to use cnMaestro (not the recommended versions).

Family Model Version
60 GHz cnWave V1000 1.0
V3000 1.0
V5000 1.0
cnMatrix EX2K/EX1K 2.0.4-r1
cnPilot Home cnPilot R200, R200P 4.4.2-R2
cnPilot R201, R201P 4.4.2-R2
cnPilot R190V, R190W 4.4.2-R2
cnPilot R195P 4.5.2
cnPilot R195W 4.7
cnRanger Sierra 800
Tyndall 101
Tyndall 201
cnReach N500 5.2.17e
cnVision Hub 360r, FLEXr 4.6
Client Micro, Mini, Maxr 4.6
Enterprise Wi-Fi cnPilot e400/e500 2.5.2-r3
cnPilot e410/e430w/e600 3.5.2-R4
cnPilot e501S/e502S 3.2.1-r6
cnPilot e700 3.8
cnPilot e425/e505 4.0-r17
cnPilot e510 3.11.4-r9
XV3-8 6.0
XV2-2 6.1
XV2-2T0 6.3.5
XE3-4 6.4
ePMP 1000 Hotspot ePMP 1000 Hotspot 2.5.2-r3
ePMP ePMP 1000, Force 180/200 2.6.2
ePMP 2000 3.0.1
ePMP Elevate XM/XW 3.2
ePMP Force 190 3.5
ePMP Force 300 4.1
ePMP PTP 550 4.1.1
ePMP Force 130 5 GHz 4.3.2
ePMP 3000L 4.3.2
ePMP Force 130 2.4 GHz 4.4
ePMP Force 300-19, 19R, 13 4.4
ePMP 3000 4.4.1
ePMP PTP 550 E 4.4.2
ePMP MP 3000 4.5
ePMP Force 300-13L 4.5.2
ePMP Force 300-13LC, 22L, 25L 4.6
ePMP Force 200L 4.7.0
ePMP 4000, Force 400 GPS, 400 CSM, 425 5.1.0
PMP PMP 450i, PMP 450, PMP 450m, PMP 430 SM 15.0.1
PTP 450, and PTP 450i 15.0.1
MicroPoP Omni/Sector 16.2.1
PTP PTP 650 01-47
PTP 670 (650 Emulation) 01-47
PTP 670, PTP 700 02-67

Supported Browsers

cnMaestro supports the following browsers:

Platform Browser Version
Linux Firefox 45 and above
Chrome 49 and above
MacOS Safari 9 and above
MS Windows Internet Explorer Deprecated
Microsoft Edge 44.17763.1.0
Firefox 45 and above
Chrome 49 and above

Significant Fixes

The following issues have been fixed:

Id Details
CNSSNG-20441 DMZ external proxy is not working when cnMaestro has no internet.
CNSSNG-20556 Cannot sort wireless clients by hostname.
CNSSNG-21169 If an MSP account user is deleted, then the devices claimed by that user are not reconnecting to cnMaestro.
CNSSNG-21590 AP not syncing: Configuration failed: system_name: Only alphabets, digits, hyphens and underscores are allowed.
CNSSNG-22079 RF Quality does not update properly for ePMP 11 AX SM devices.
CNSSNG-22190 Alarm count is seen, but no record found in the alarms when clicking on the alarm.
CNSSNG-22343 Alarm for link down still exists even if link is removed.
CNSSNG-22443 URL is stripped in the latest cnMaestro version 3.0.4-r59.
CNSSNG-22473 Announcement sync fails on on-premises connectivity.
CNSSNG-22506 SNMPv3 Username, SNMPv3 Password are mandatory fields under Enterprise AP Groups>Configuration>Management.
CNSSNG-22911 Clients Now column in AP Groups table is not updating properly.
CNSSNG-22931 Does not showing performance on SFP port of TX2012R-P
CNSSNG-23062 Offline APs shown as online.

Known Issues

The following issues exist:

Id Issue Details
CNREACH-139 Radio Software Update is not happening for EP-based devices.
CNSSNG-4083 DHCP errors after cnMaestro reboot When cnMaestro On-Premises is rebooted, after Data Import, sometimes DHCP and Disk Errors are encountered.
Workaround: Explicitly run the dhclient command from the Command Line (accessed through the CLI) after reboot to assign the IP address.
CNSSNG-5365 RADIUS Proxy drops packets after retrying exhausted After RADIUS Proxy Retries are exhausted in cnMaestro On-Premises, all subsequent RADIUS packets are dropped.
Workaround: Reboot cnMaestro server.
CNSSNG-9631 High Availability: Network cable unplug: Device count is taken from Primary and jobs/users list is taken from Secondary.
CNSSNG-9632 High Availability: Network cable unplug: Devices onboarded during network disconnect need to be reapproved by user.
CNSSNG-10145 Certificate exports are not part of Data Backup and Restore Certificates must be exported manually.
CNSSNG-10187 During Migration, moving, or deleting a device from the Managed Account will mark all events and alarms as undefined once Migration has completed
CNSSNG-11299 AP Regulatory Channel list support check needed for checking valid channels.
CNSSNG-11389 Microsoft Edge Browser does not support in system OVA file upgrade. Workaround : Use the Google Chrome browser
CNSSNG-11987 Failed - Bad Certificate’ errors while downloading the generated report after a period of report generation.
CNSSNG-12812 cnPilot R-series dual radio devices (r-201P, r-195W) AP Group country code/SSID configured from overrides getting applied only to 2.4 GHz radio.
CNSSNG-12888 Connected Clients count in the WLAN page is not properly shown when SSID is overridden for the WLAN at Device level.
CNSSNG-13054 Mismatch in Clients count for cnPilot E-series device at WLAN and AP Group configuration level.
CNSSNG-14030 CBRS race condition: SM “stuck” in cnMaestro during reparenting if import and start occurs as SMs arrive in onboarding queue Workaround : To avoid this issue, follow the suggested SM reparenting procedures listed in the latest version of Cambium CBRS standalone procedures document.
CNSSNG-14518 Device Type selection needs to be provided at Site and AP Group for Report generation.
CNSSNG-15432 Deleting a device in Base Infrastructure and claiming it immediately to another Managed Account returns Device Registration Failed message.
CNSSNG-15595 cnMatrix Hostname fall backs to old Hostname if the template is pushed for the first time (if a Switch Group already exists)
CNSSNG-15656 Duplicate entries observed in 802.11ax Clients Report.
CNSSNG-15838 Issues related to Monetization Subscription Events.
CNSSNG-16019 Subscriptions are not listed in the correct order.
CNSSNG-16197 CBSDID search will not work when device was synced from tool without obtaining grant first. Workaround : Perform CBSDID search from domain proxy view on Cloud to obtain mac address, then perform MAC address search on tool to find the device.
CNSSNG-17011 After the migration completed for PPPoE with server update, devices still show in sync. Workaround : User must manually apply the AP Group again on devices with minor changes to the AP Group.
CNSSNG-18710 Tier issues related to 450i, 450i AP, and 450i SM.
CNSSNG-18913 On resizing, the graph/widgets are not properly rendering.
CNSSNG-18923 After migration Reports Job page is empty due to cached data. Workaround : Clear Cache and Cookies after migration.
CNSSNG-18927 Configuration push from Onboarding page is getting device timeout error in ePMP 1000 Hotspot device.
CNSSNG-18936 Graphs plotting is getting empty if the page is zoomed out/in.
CNSSNG-19264 Unmanaged expired device approve button is not disabled.
CNSSNG-19273 Expired Wi-Fi devices are not handled for AP Group dashboards and tree level.
CNSSNG-19274 Expired devices count should not be added to connection health graph.
CNSSNG-19275 Issues related to Offline alarm of expired devices.
CNSSNG-19511 support for scheduled config jobs feature is missing at Switch groups > Switches > Actions > Configuration tab
CNSSNG-20508 Last Super Administrator deletion should be shown proper error message.
CNSSNG-20605 User-Defined Overrides (Advanced) should be handled from Switch Groups > Switches > Actions > Configuration tab.
CNSSNG-20745 AP Count is -1 in Anchor when deregistering the device from Anchor.
CNSSNG-20820 After server upgrade, device throws error [Invalid CBSD ID and Grant ID], even the Domain Proxy shows the device is registered.
CNSSNG-21068 Not able to deregister or delete the SM when PMAC mismatched (SM reported different PMAC). Workaround: Reinitialize the SM from inside the sector of the AP, not by directly searching for the SM in the tool; then deregister and delete the device.
CNSSNG-21264 Auto refresh is not working when Site/Tower/Device details are updated in network level map.
CNSSNG-21268 cnMatrix devices are not reflecting in maps.
CNSSNG-21271 Map: SM status is missing in AP details.
CNSSNG-21345 RF Statistics related information should not be available in reports for XV type device.
CNSSNG-21396 Issues related to cnMatrix onboarding overrides.
CNSSNG-21425 Left side menu is not properly shown in Firefox browser.
CNSSNG-21703 SM icon is missing in Network-level Maps.
CNSSNG-22089 New Changes in Clients report in 3.1.0.
CNSSNG-22116 On Demand Packet Capture: Supported Channel list for few country codes differs between CnMaestro and AP.
CNSSNG-22518 Start now/ later buttons should be disabled if wireless LANs are not selected.
CNSSNG-23100 The device overrides are getting updated with null values on every device reconnect.
CNSSNG-23284 UI does not allow to save configuration for eth4 interfaces.
CNSSNG-23298 Cloud Sync with cnMaestro as Proxy server will not work. Workaround : Use the external server proxy
CNSSNG-23322 Cloud sync: cambium id is not getting updated if the cloud sync fails on the first attempt after OVA upgrade Workaround : Find the pid of the CnsCloudSyncServer using "sudo ps -ef

Where to Get Help

There are several places to get help with cnMaestro.

Cambium Community : The cnMaestro Forum provides the best place to ask questions and get up-to-date information.

On-Premises Quick Start Guide : This guide walks you through the initial management process and allows you to get onboard quickly. It is embedded into the cnMaestro image and can be accessed on the Home Page of the UI. It can also be downloaded in PDF format from the Cambium Support website.

Cambium Support : The Cambium Support team is available 24x7 to answer questions and resolve issues.

Oh, why? This will break some(?) installations.
This is a huge change, in my opinion there should be the option to keep the old configuration.

Hi Rob
If we are currently using only one Ethernet interface I think that we can continue to do so, and we won’t be affected by this change. Is this correct?

Hi dworkman – yes, this will not impact installations using a single eth0 interface.

I have connect some cnWave on our cnMaestro on Premises and works everything fine.
There’s not a throughput graph in the performance tab and would be very helpful.

There’s the throughput in the dashboard of the device but is not settable like the graps in the performance tab.