Introduction
This document describes features available in the cnMaestro Cloud Beta.
-
Assists for PMP Devices
- NSE (Network Services Edge) 3000 Support
- PTP 820/850 Support (using cnMaestro Edge Controller)
Important: Web Browser
Restart your browser (or clear the browser cache with a hard reload) if you are having UI problems with the 3.2.0 version.
Beta Access
You can sign up by selecting Beta Programs in the header after logging into cnMaestro. You will be prompted to create a new cnMaestro account hosted on a beta server. This account should not be used for production devices, and CBRS and Wi-Fi Guest Access are not supported. The account will persist over time and can be used across multiple beta programs.
Assists 
The Assists feature scans PMP configuration and generates an Assists Score. It evaluates settings that may lead to security or deployment issues, and it generates a summary score at System, Network, Tower, and Device levels. Assists Scores are displayed as a percentage of successful evaluations. This score allows users to recognize and isolate issues in their infrastructure.
NOTE: This feature is evaluated every 24 hours, and it is currently only available for PMP devices. In the future, Assists will be extended to support additional evaluations and device types.
Assists Dashboard
The Assists Dashboard presents the Assists Score and the list of evaluated Assists.
Assist Details
Assist Details presents information about individual Assists.
Affected Devices
Devices failing the evaluation are displayed in a table.
PMP Dashboard with Assists Score
The PMP Dashboard is enhanced to include the Assists Score.
NSE 3000 Device Support
The NSE 3000 (Network Services Edge) is a new Cambium device that implements edge security and is managed through cnMaestro Cloud (it is not supported in cnMaestro On-Premises). The following management functionalities are available.
| Feature | Details |
|---|---|
| Onboarding | Onboard using the serial number (MSN). Zero-touch deployment is supported. |
| Software Update | Bulk software update. |
| Configuration | Configure using NSE Groups. The following sections are available:
|
| Dashboard | Device-level dashboard. |
| Security | IDS/IPS Threats and Vulnerabilities for connected clients. |
| Network | WAN, LAN, and DHCP details. |
| Clients | Connected clients. |
| Performance | Performance graphs for CPU and Available Memory. |
| Notifications | Events and Alarms. |
Onboarding
The NSE 3000 is claimed using its MSN (Manufacturer Serial Number) in cnMaestro Cloud.
When the device contacts cnMaestro, it is placed in the Onboarding Queue, where it needs to be approved in order to be managed.
Device Dashboard
The dashboard provides a high-level overview of device and security status.
Notifications
Configuration Using NSE Groups
NSE devices can be configured by creating a new NSE Group and mapping it to a device. The configuration sections of an NSE Group are listed below:
Basic
Management
Network
WAN
Firewall
Threat Protection
VPN and RADIUS
Security
The security page details network security events discovered by the NSE 3000. It includes threats detected by an onboard IDS/IPS, which monitors traffic in real-time, as well as a vulnerability assessment against internal clients.
Threats
The Threats page provides IDS/IPS statistics and includes a map displaying a visual representation of threat origins.
Vulnerabilities
The Vulnerabilities page details problematic services discovered by scanning connected clients
Network
Network statistics are available for LAN, Routes, and WAN.
LAN
The LAN page provides a list of VLANs configured on the device, including the status of the DHCP server on VLAN interfaces.
Routes
The route table displays the status of the default gateway on the WAN1 and WAN2 interfaces and the administrator-configured static routes.
WAN
The WAN page displays status of both WAN links, including details of the WAN connection (IP Mode, IP Address, Default Gateway, and Link Status).
The WAN Connectivity section presents health based on periodic keepalive responses; the Speed Test graph highlights the maximum capacity of the links; and the Throughput graph shows link utilization in real-time.
Performance
The performance page displays information about system performance, such as CPU and Available Memory.
Clients
The Clients table displays information about local clients and remote clients (VPN users). Clicking on the hostname navigates to the Client Dashboard page, which shows detailed statistics about application usage and security.
Client Dashboard
The Client Dashboard presents important KPIs, application usage, vulnerable services, and device details learned through fingerprinting.
Application Visibility
The NSE 3000 uses DPI (deep packet inspection) to identify client applications and present detailed usage data, such as uplink, downlink, and total bytes.
Vulnerabilities
The NSE 3000 scans the LAN network to identify vulnerable services running on client devices and provides the CVE ID for the discovered vulnerabilities.
Upgrade Software
Select the recommended software version from the drop-down menu to upgrade the device.
Edge Controller and PTP 820/850 Device Support
cnMaestro now supports PTP 820/850 device management using an Edge Controller, which is a software application installed on a Ubuntu or CentOS server running behind the customer firewall. The following management functionalities are available:
Edge Controller
| Feature | Details |
|---|---|
| Onboarding | Onboard the Edge Controller using Cambium ID. |
| Dashboard | Device Dashboard for Edge Controller. |
| Discovery | Configure SNMP rules to discover PTP 820/850 devices. |
| Monitor | Monitor Edge Controller CPU Utilization and Load, Process Activity, Memory Usage, Swap Usage, and File system. |
| Software Update | Edge Controller updates (Edge Controller > Tools >Operations). |
PTP 820/850
| Feature | Details |
|---|---|
| Onboarding | Onboard PTP 820/850 through SNMP discovery rules. |
| Dashboard | Dashboard for PTP 820/850 devices. |
| Configuration | Template support for a subset of PTP 820/850 configuration. |
| Details | Overview, Ethernet, Security, and Activation Key details |
| Notifications | Device-specific notifications and alarms. |
| Performance | Performance graphs. |
| Statistics | System, Network, and Tower Statistics can be viewed and exported. |
| Software Update | Bulk software updates. |
| Maps | Device and link display on the Map. |
| Tools | Diagnostics, Operations, and Services |
| Reports | System, Network, and Tower level Reports for PTP 820/850 devices |
Edge Controller
Installation
The Edge Controller is installed using a script executed as super user. See the Edge Controller User Guide for more details.
Onboarding
The Edge Controller is onboarded to cnMaestro by configuring the cnMaestro URL, Cambium ID, and Onboarding Key through the Edge Controller CLI:
Once onboarded, the Edge Controller is placed into the Onboarding Queue in cnMaestro.
It needs to be Approved to complete onboarding.
Dashboard
A basic dashboard is available for the Edge Controller application.
Configuration
SNMP discovery rules can be configured, and devices ignored through a blacklist.
Tools
Monitoring
Monitor resource utilization on the Edge Controller installation.
PTP 820/850
Onboarding
Onboarding PTP 820/850 devices is though SNMP discovery rules, configured in Edge Controller > Configuration. The Edge Controller will discover PTP 820/850 devices using SNMP.
Discovered devices are placed in Onboard > Edge Controller > Devices Onboarding Queue.
They need to be Approved in order to be onboarded into cnMaestro.
PTP 820/850 Device Dashboard
The PTP 820/850 Device Dashboard is presented below. It displays information on Radio Health as well as Radio Groupings, such as MC-ABC, HSB, XPIC, and AMCC.
PTP 820/850 Notifications
PTP 820/850 Configuration
A subset of PTP 820/850 configuration is available through Templates.
PTP 820/850 Details
PTP 820/850 Performance
Device performance graphs are available for various metrics, including Throughput, Signal, Modem MSE, and Modem XPI.
PTP 820/850 Statistics
PTP 820/850 Statistics are displayed at the System level in the hierarchy.
PTP 820/850 Reports
PTP 820/850 details are also available in Data Report aggregations.
PTP 820/850 Software Update
Bulk Software Update is available.
Supported Cambium Products
cnMaestro supports the following Cambium Networks products. The software versions are the minimum required to use cnMaestro (not the recommended versions).
| Family | Model | Version |
|---|---|---|
| 28 GHz cnWave | B1000 (BTS) | 2.0 |
| C100 (CPE) | 2.0 | |
| 60 GHz cnWave | V1000 | 1.0 |
| V2000 | 1.2.2-beta3 | |
| V3000 | 1.0 | |
| V5000 | 1.0 | |
| cnMatrix | EX2K/EX1K | 2.0.4-r1 |
| cnPilot Home | cnPilot R200, R200P | 4.4.2-R2 |
| cnPilot R201, R201P | 4.4.2-R2 | |
| cnPilot R190V, R190W | 4.4.2-R2 | |
| cnPilot R195P | 4.5.2 | |
| cnPilot R195W | 4.7 | |
| cnRanger | Sierra 800 | 1.0.1.0-r1 |
| Tyndall 101 | 1.0.1.0-r1 | |
| Tyndall 201 | 2.0.0.0-r1 | |
| cnReach | N500 | 5.2.17e |
| cnVision | Hub 360r, FLEXr | 4.6 |
| Client Micro, Mini, Maxr | 4.6 | |
| Edge Controller | N/A | 1.0.0 |
| Enterprise Wi-Fi | cnPilot e400/e500 | 2.5.2-r3 |
| cnPilot e410/e430w/e600 | 3.5.2-R4 | |
| cnPilot e501S/e502S | 3.2.1-r6 | |
| cnPilot e700 | 3.8 | |
| cnPilot e425/e505 | 4.0-r17 | |
| cnPilot e510 | 3.11.4-r9 | |
| XV3-8 | 6.0 | |
| XV2-2T0 | 6.1 | |
| XV2-2T1 | 6.4.1-r15 | |
| XE3-4 | 6.4 | |
| XE5-8 | 6.4.1-r15 | |
| ePMP 1000 Hotspot | ePMP 1000 Hotspot | 2.5.2-r3 |
| ePMP | ePMP 1000, Force 180/200 | 2.6.2 |
| ePMP 2000 | 3.0.1 | |
| ePMP Elevate XM/XW | 3.2 | |
| ePMP Force 190 | 3.5 | |
| ePMP Force 300 | 4.1 | |
| ePMP PTP 550 | 4.1.1 | |
| ePMP Force 130 5 GHz | 4.3.2 | |
| ePMP 3000L | 4.3.2 | |
| ePMP Elevate SXGLITE5, LHG5 | 4.3.2.1 | |
| ePMP Force 130 2.4 GHz | 4.4 | |
| ePMP Force 300-19, 19R, 13 | 4.4 | |
| ePMP 3000 | 4.4.1 | |
| ePMP PTP 550 E | 4.4.2 | |
| ePMP MP 3000 | 4.5 | |
| ePMP Force 300-13L | 4.5.2 | |
| ePMP Force 300-13LC, 22L, 25L | 4.6 | |
| ePMP Force 200L | 4.7.0 | |
| ePMP 4000, Force 400 GPS, 400 CSM, 425 | 5.1.0 | |
| NSE | NSE 3000 | 1.0-b46 |
| PMP | PMP 450i, PMP 450, PMP 450m, PMP 430 SM | 15.0.1 |
| PTP 450, and PTP 450i | 15.0.1 | |
| MicroPoP Omni/Sector | 16.2.1 | |
| PTP | PTP 650 | 01-47 |
| PTP 670 (650 Emulation) | 01-47 | |
| PTP 670, PTP 700 | 02-67 | |
| PTP 820/850 | PTP 820C, 820E, 820F, 820G, 820S | 11.9 |
| PTP 850C, 850E | 11.9 | |
| Xirrus (Enterprise Wi-Fi) | XA4-240 | 8.7.0 |
| XD2-230 | 8.7.0 | |
| XD2-240 | 8.7.0 | |
| XD4-130 | 8.7.0 | |
| XH2-120 | 8.7.0 | |
| XR-630 | 8.7.0 | |
| XR-620 | 8.7.0 | |
| XR-2436 | 8.7.0 | |
| XR-2426 | 8.7.0 | |
| XR-4436 | 8.7.0 | |
| XR-4426 | 8.7.0 | |
| XR-2226 | 8.7.0 | |
| XR-2236 | 8.7.0 |
Supported Browsers
cnMaestro supports the following browsers:
| Platform | Browser | Version |
|---|---|---|
| Linux | Firefox | 45 and above |
| Chrome | 49 and above | |
| MacOS | Safari | 9 and above |
| MS Windows | Internet Explorer | Deprecated |
| Microsoft Edge | 44.17763.1.0 | |
| Firefox | 45 and above | |
| Chrome | 49 and above |
Known Issues
The following issues exist:
| Id | Issue | Details |
|---|---|---|
| CNREACH-139 | Radio Software Update is not happening for EP-based devices. | |
| CNSSNG-4083 | DHCP errors after cnMaestro reboot | When cnMaestro On-Premises is rebooted, after Data Import, sometimes DHCP and Disk Errors are encountered. Workaround: Explicitly run the dhclient command from the Command Line (accessed through the CLI) after reboot to assign the IP address. |
| CNSSNG-5365 | RADIUS Proxy drops packets after retrying exhausted | After RADIUS Proxy Retries are exhausted in cnMaestro On-Premises, all subsequent RADIUS packets are dropped. Workaround: Reboot cnMaestro server. |
| CNSSNG-9631 | High Availability: Network cable unplug: Device count is taken from Primary and jobs/users list is taken from Secondary. | |
| CNSSNG-9632 | High Availability: Network cable unplug: Devices onboarded during network disconnect need to be reapproved by user. | |
| CNSSNG-10145 | Certificate exports are not part of Data Backup and Restore. | Certificates must be exported manually. |
| CNSSNG-10187 | During Migration, moving, or deleting a device from the Managed Account will mark all events and alarms as undefined once Migration has completed. | |
| CNSSNG-11299 | AP Regulatory Channel list support check needed for checking valid channels. | |
| CNSSNG-11389 | Microsoft Edge Browser does not support in system OVA file upgrade. | Workaround : Use the Google Chrome browser |
| CNSSNG-11987 | Failed - Bad Certificate errors while downloading the generated report after a period of report generation. | |
| CNSSNG-12812 | cnPilot R-series dual radio devices (r-201P, r-195W) AP Group country code/SSID configured from overrides getting applied only to 2.4 GHz radio. | |
| CNSSNG-12888 | Connected Clients count in the WLAN page is not properly shown when SSID is overridden for the WLAN at Device level. | |
| CNSSNG-13054 | Mismatch in Clients count for cnPilot E-series device at WLAN and AP Group configuration level. | |
| CNSSNG-14030 | CBRS race condition: SM “stuck” in cnMaestro during reparenting if import and start occurs as SMs arrive in onboarding queue. | Workaround : To avoid this issue, follow the suggested SM reparenting procedures listed in the latest version of Cambium CBRS standalone procedures document. |
| CNSSNG-14518 | Device Type selection needs to be provided at Site and AP Group for Report generation. | |
| CNSSNG-14932 | PMP/ePMP Configuration Backup: LAST BACKUP date and time is not updating if device under an MSP account. | |
| CNSSNG-15432 | Deleting a device in Base Infrastructure and claiming it immediately to another Managed Account returns Device Registration Failed message. | |
| CNSSNG-15595 | cnMatrix Hostname fall backs to old Hostname if the template is pushed for the first time (if a Switch Group already exists). | |
| CNSSNG-15656 | Duplicate entries observed in 802.11ax Clients Report. | |
| CNSSNG-15838 | Issues related to Monetization Subscription Events. | |
| CNSSNG-16019 | Subscriptions are not listed in the correct order. | |
| CNSSNG-16197 | CBSDID search will not work when device was synced from tool without obtaining grant first. | Workaround : Perform CBSDID search from domain proxy view on Cloud to obtain mac address, then perform MAC address search on tool to find the device. |
| CNSSNG-17011 | After the migration completed for PPPoE with server update, devices still show in sync. | Workaround : User must manually apply the AP Group again on devices with minor changes to the AP Group. |
| CNSSNG-18710 | Tier issues related to 450i, 450i AP, and 450i SM. | |
| CNSSNG-18856 | cnVision Client is not shown under hub. | Workaround : Reboot the Client |
| CNSSNG-18913 | On resizing, the graph/widgets are not properly rendering. | |
| CNSSNG-18923 | After migration Reports Job page is empty due to cached data. | Workaround : Clear Cache and Cookies after migration. |
| CNSSNG-18927 | Configuration push from Onboarding page is getting device timeout error in ePMP 1000 Hotspot device. | |
| CNSSNG-18936 | Graph plotting is empty if the page is zoomed out/in. | |
| CNSSNG-19264 | Unmanaged expired device approve button is not disabled. | |
| CNSSNG-19273 | Expired Wi-Fi devices are not handled for AP Group dashboards and tree level. | |
| CNSSNG-19274 | Expired devices count should not be added to connection health graph. | |
| CNSSNG-19275 | Issues related to Offline alarm of expired devices. | |
| CNSSNG-20508 | Last Super Administrator deletion should be shown proper error message. | |
| CNSSNG-20605 | User-Defined Overrides (Advanced) should be handled from Switch Groups > Switches > Actions > Configuration tab. | |
| CNSSNG-20745 | AP Count is -1 in Anchor when deregistering the device from Anchor. | |
| CNSSNG-20820 | After server upgrade, device throws error [Invalid CBSD ID and Grant ID], even the Domain Proxy shows the device is registered. | |
| CNSSNG-21068 | Not able to deregister or delete the SM when PMAC mismatched (SM reported different PMAC) | Workaround: Reinitialize the SM from inside the sector of the AP, not by directly searching for the SM in the tool; then deregister and delete the device. |
| CNSSNG-21264 | Auto refresh is not working when Site/Tower/Device details are updated in Network level map. | |
| CNSSNG-21271 | Map: SM status is missing in AP details. | |
| CNSSNG-21345 | RF Statistics related information should not be available in reports for XV type device. | |
| CNSSNG-21396 | Issues related to cnMatrix onboarding overrides. | |
| CNSSNG-21443 | System generated critical alarms are not counted for Aggregation. | |
| CNSSNG-21703 | SM icon is missing in Network-level Maps. | |
| CNSSNG-22089 | New Changes in Clients report in 3.1.0. | |
| CNSSNG-23732 | Min Data Rate and Multicast Data Rate configuration push always sets default for both bands. | |
| CNSSNG-24487 | AP Group Migration issues from 3.1.0 to 3.1.1. | Workaround: clear cache after upgrade to 3.1.1 from 3.1.0 for the overrides to reflect properly |
| CNSSNG-24529 | Multi-floor issue with Firefox browser. | |
| CNSSNG-24649 | Others filter is not working for old events. | |
| CNSSNG-24750 | Node Performance graphs are plotting 5 minutes delay. | |
| CNSSNG-24823 | Device overrides and config apply will not work after Migration from 3.1.0 to 3.1.1 due to cache. | |
| CNSSNG-24826 | Site Floorplan: In Edit mode, able to drag devices outside the boundary without an error. | |
| CNSSNG-25071 | If ePSK entries exist under an MSP WLAN, then upon disabling MSP in the account, the MSP WLAN ePSK count persists. | |
| CNSSNG-25150 | AOS device Configuration Job times out if Device is in DHCP. | |
| CNSSNG-25238 | AOS device WebSocket does not disconnect for an X account downgraded to Pure ESS after Retention expired. | |
| CNSSNG-25264 | Bulk edit tab at radios is removed/hidden in 3.1.1 release. | |
| CNSSNG-25587 | cnVision Hub Retransmission UL values not shown in performance graphs. |
Where to Get Help
There are several places to get help with cnMaestro.
Cambium Community : The cnMaestro Forum provides the best place to ask questions and get up-to-date information.
On-Premises Quick Start Guide : This guide walks you through the initial management process and allows you to get onboard quickly. It is embedded into the cnMaestro image and can be accessed on the Home Page of the UI. It can also be downloaded in PDF format from the Cambium Support website.
Cambium Support : The Cambium Support team is available 24x7 to answer questions and resolve issues.