cnMaestro 3.2.0 (Cloud) Beta Programs


This document describes features available in the cnMaestro Cloud Beta.

  • Assists for PMP Devices x
  • NSE (Network Services Edge) 3000 Support
  • PTP 820/850 Support (using cnMaestro Edge Controller)

Important: Web Browser
Restart your browser (or clear the browser cache with a hard reload) if you are having UI problems with the 3.2.0 version.

Beta Access

You can sign up by selecting Beta Programs in the header after logging into cnMaestro. You will be prompted to create a new cnMaestro account hosted on a beta server. This account should not be used for production devices, and CBRS and Wi-Fi Guest Access are not supported. The account will persist over time and can be used across multiple beta programs.


Assists X3

The Assists feature scans PMP configuration and generates an Assists Score. It evaluates settings that may lead to security or deployment issues, and it generates a summary score at System, Network, Tower, and Device levels. Assists Scores are displayed as a percentage of successful evaluations. This score allows users to recognize and isolate issues in their infrastructure.

NOTE: This feature is evaluated every 24 hours, and it is currently only available for PMP devices. In the future, Assists will be extended to support additional evaluations and device types.

Assists Dashboard

The Assists Dashboard presents the Assists Score and the list of evaluated Assists.


Assist Details

Assist Details presents information about individual Assists.


Affected Devices

Devices failing the evaluation are displayed in a table.


PMP Dashboard with Assists Score

The PMP Dashboard is enhanced to include the Assists Score.


NSE 3000 Device Support

The NSE 3000 (Network Services Edge) is a new Cambium device that implements edge security and is managed through cnMaestro Cloud (it is not supported in cnMaestro On-Premises). The following management functionalities are available.

Feature Details
Onboarding Onboard using the serial number (MSN). Zero-touch deployment is supported.
Software Update Bulk software update.
Configuration Configure using NSE Groups. The following sections are available:
  • Basic Settings
  • Management
  • Network
  • WAN
  • Firewall
  • Threat Protection
  • VPN and RADIUS Server
Dashboard Device-level dashboard.
Security IDS/IPS Threats and Vulnerabilities for connected clients.
Network WAN, LAN, and DHCP details.
Clients Connected clients.
Performance Performance graphs for CPU and Available Memory.
Notifications Events and Alarms.


The NSE 3000 is claimed using its MSN (Manufacturer Serial Number) in cnMaestro Cloud.


When the device contacts cnMaestro, it is placed in the Onboarding Queue, where it needs to be approved in order to be managed.


Device Dashboard

The dashboard provides a high-level overview of device and security status.




Configuration Using NSE Groups

NSE devices can be configured by creating a new NSE Group and mapping it to a device. The configuration sections of an NSE Group are listed below:










Threat Protection





The security page details network security events discovered by the NSE 3000. It includes threats detected by an onboard IDS/IPS, which monitors traffic in real-time, as well as a vulnerability assessment against internal clients.


The Threats page provides IDS/IPS statistics and includes a map displaying a visual representation of threat origins.


The Vulnerabilities page details problematic services discovered by scanning connected clients



Network statistics are available for LAN, Routes, and WAN.


The LAN page provides a list of VLANs configured on the device, including the status of the DHCP server on VLAN interfaces.



The route table displays the status of the default gateway on the WAN1 and WAN2 interfaces and the administrator-configured static routes.



The WAN page displays status of both WAN links, including details of the WAN connection (IP Mode, IP Address, Default Gateway, and Link Status).

The WAN Connectivity section presents health based on periodic keepalive responses; the Speed Test graph highlights the maximum capacity of the links; and the Throughput graph shows link utilization in real-time.



The performance page displays information about system performance, such as CPU and Available Memory.



The Clients table displays information about local clients and remote clients (VPN users). Clicking on the hostname navigates to the Client Dashboard page, which shows detailed statistics about application usage and security.


Client Dashboard

The Client Dashboard presents important KPIs, application usage, vulnerable services, and device details learned through fingerprinting.


Application Visibility

The NSE 3000 uses DPI (deep packet inspection) to identify client applications and present detailed usage data, such as uplink, downlink, and total bytes.



The NSE 3000 scans the LAN network to identify vulnerable services running on client devices and provides the CVE ID for the discovered vulnerabilities.


Upgrade Software

Select the recommended software version from the drop-down menu to upgrade the device.


Edge Controller and PTP 820/850 Device Support

cnMaestro now supports PTP 820/850 device management using an Edge Controller, which is a software application installed on a Ubuntu or CentOS server running behind the customer firewall. The following management functionalities are available:

Edge Controller

Feature Details
Onboarding Onboard the Edge Controller using Cambium ID.
Dashboard Device Dashboard for Edge Controller.
Discovery Configure SNMP rules to discover PTP 820/850 devices.
Monitor Monitor Edge Controller CPU Utilization and Load, Process Activity, Memory Usage, Swap Usage, and File system.
Software Update Edge Controller updates (Edge Controller > Tools >Operations).

PTP 820/850

Feature Details
Onboarding Onboard PTP 820/850 through SNMP discovery rules.
Dashboard Dashboard for PTP 820/850 devices.
Configuration Template support for a subset of PTP 820/850 configuration.
Details Overview, Ethernet, Security, and Activation Key details
Notifications Device-specific notifications and alarms.
Performance Performance graphs.
Statistics System, Network, and Tower Statistics can be viewed and exported.
Software Update Bulk software updates.
Maps Device and link display on the Map.
Tools Diagnostics, Operations, and Services
Reports System, Network, and Tower level Reports for PTP 820/850 devices

Edge Controller


The Edge Controller is installed using a script executed as super user. See the Edge Controller User Guide for more details.


The Edge Controller is onboarded to cnMaestro by configuring the cnMaestro URL, Cambium ID, and Onboarding Key through the Edge Controller CLI:


Once onboarded, the Edge Controller is placed into the Onboarding Queue in cnMaestro.


It needs to be Approved to complete onboarding.



A basic dashboard is available for the Edge Controller application.



SNMP discovery rules can be configured, and devices ignored through a blacklist.





Monitor resource utilization on the Edge Controller installation.


PTP 820/850


Onboarding PTP 820/850 devices is though SNMP discovery rules, configured in Edge Controller > Configuration. The Edge Controller will discover PTP 820/850 devices using SNMP.


Discovered devices are placed in Onboard > Edge Controller > Devices Onboarding Queue.


They need to be Approved in order to be onboarded into cnMaestro.


PTP 820/850 Device Dashboard

The PTP 820/850 Device Dashboard is presented below. It displays information on Radio Health as well as Radio Groupings, such as MC-ABC, HSB, XPIC, and AMCC.


PTP 820/850 Notifications


PTP 820/850 Configuration

A subset of PTP 820/850 configuration is available through Templates.


PTP 820/850 Details


PTP 820/850 Performance

Device performance graphs are available for various metrics, including Throughput, Signal, Modem MSE, and Modem XPI.


PTP 820/850 Statistics

PTP 820/850 Statistics are displayed at the System level in the hierarchy.


PTP 820/850 Reports

PTP 820/850 details are also available in Data Report aggregations.


PTP 820/850 Software Update

Bulk Software Update is available.


Supported Cambium Products

cnMaestro supports the following Cambium Networks products. The software versions are the minimum required to use cnMaestro (not the recommended versions).

Family Model Version
28 GHz cnWave B1000 (BTS) 2.0
C100 (CPE) 2.0
60 GHz cnWave V1000 1.0
V2000 1.2.2-beta3
V3000 1.0
V5000 1.0
cnMatrix EX2K/EX1K 2.0.4-r1
cnPilot Home cnPilot R200, R200P 4.4.2-R2
cnPilot R201, R201P 4.4.2-R2
cnPilot R190V, R190W 4.4.2-R2
cnPilot R195P 4.5.2
cnPilot R195W 4.7
cnRanger Sierra 800
Tyndall 101
Tyndall 201
cnReach N500 5.2.17e
cnVision Hub 360r, FLEXr 4.6
Client Micro, Mini, Maxr 4.6
Edge Controller N/A 1.0.0
Enterprise Wi-Fi cnPilot e400/e500 2.5.2-r3
cnPilot e410/e430w/e600 3.5.2-R4
cnPilot e501S/e502S 3.2.1-r6
cnPilot e700 3.8
cnPilot e425/e505 4.0-r17
cnPilot e510 3.11.4-r9
XV3-8 6.0
XV2-2T0 6.1
XV2-2T1 6.4.1-r15
XE3-4 6.4
XE5-8 6.4.1-r15
ePMP 1000 Hotspot ePMP 1000 Hotspot 2.5.2-r3
ePMP ePMP 1000, Force 180/200 2.6.2
ePMP 2000 3.0.1
ePMP Elevate XM/XW 3.2
ePMP Force 190 3.5
ePMP Force 300 4.1
ePMP PTP 550 4.1.1
ePMP Force 130 5 GHz 4.3.2
ePMP 3000L 4.3.2
ePMP Force 130 2.4 GHz 4.4
ePMP Force 300-19, 19R, 13 4.4
ePMP 3000 4.4.1
ePMP PTP 550 E 4.4.2
ePMP MP 3000 4.5
ePMP Force 300-13L 4.5.2
ePMP Force 300-13LC, 22L, 25L 4.6
ePMP Force 200L 4.7.0
ePMP 4000, Force 400 GPS, 400 CSM, 425 5.1.0
NSE NSE 3000 1.0-b46
PMP PMP 450i, PMP 450, PMP 450m, PMP 430 SM 15.0.1
PTP 450, and PTP 450i 15.0.1
MicroPoP Omni/Sector 16.2.1
PTP PTP 650 01-47
PTP 670 (650 Emulation) 01-47
PTP 670, PTP 700 02-67
PTP 820/850 PTP 820C, 820E, 820F, 820G, 820S 11.9
PTP 850C, 850E 11.9
Xirrus (Enterprise Wi-Fi) XA4-240 8.7.0
XD2-230 8.7.0
XD2-240 8.7.0
XD4-130 8.7.0
XH2-120 8.7.0
XR-630 8.7.0
XR-620 8.7.0
XR-2436 8.7.0
XR-2426 8.7.0
XR-4436 8.7.0
XR-4426 8.7.0
XR-2226 8.7.0
XR-2236 8.7.0

Supported Browsers

cnMaestro supports the following browsers:

Platform Browser Version
Linux Firefox 45 and above
Chrome 49 and above
MacOS Safari 9 and above
MS Windows Internet Explorer Deprecated
Microsoft Edge 44.17763.1.0
Firefox 45 and above
Chrome 49 and above

Known Issues

The following issues exist:

Id Issue Details
CNREACH-139 Radio Software Update is not happening for EP-based devices.
CNSSNG-4083 DHCP errors after cnMaestro reboot When cnMaestro On-Premises is rebooted, after Data Import, sometimes DHCP and Disk Errors are encountered.
Workaround: Explicitly run the dhclient command from the Command Line (accessed through the CLI) after reboot to assign the IP address.
CNSSNG-5365 RADIUS Proxy drops packets after retrying exhausted After RADIUS Proxy Retries are exhausted in cnMaestro On-Premises, all subsequent RADIUS packets are dropped.
Workaround: Reboot cnMaestro server.
CNSSNG-9631 High Availability: Network cable unplug: Device count is taken from Primary and jobs/users list is taken from Secondary.
CNSSNG-9632 High Availability: Network cable unplug: Devices onboarded during network disconnect need to be reapproved by user.
CNSSNG-10145 Certificate exports are not part of Data Backup and Restore. Certificates must be exported manually.
CNSSNG-10187 During Migration, moving, or deleting a device from the Managed Account will mark all events and alarms as undefined once Migration has completed.
CNSSNG-11299 AP Regulatory Channel list support check needed for checking valid channels.
CNSSNG-11389 Microsoft Edge Browser does not support in system OVA file upgrade. Workaround : Use the Google Chrome browser
CNSSNG-11987 Failed - Bad Certificate errors while downloading the generated report after a period of report generation.
CNSSNG-12812 cnPilot R-series dual radio devices (r-201P, r-195W) AP Group country code/SSID configured from overrides getting applied only to 2.4 GHz radio.
CNSSNG-12888 Connected Clients count in the WLAN page is not properly shown when SSID is overridden for the WLAN at Device level.
CNSSNG-13054 Mismatch in Clients count for cnPilot E-series device at WLAN and AP Group configuration level.
CNSSNG-14030 CBRS race condition: SM “stuck” in cnMaestro during reparenting if import and start occurs as SMs arrive in onboarding queue. Workaround : To avoid this issue, follow the suggested SM reparenting procedures listed in the latest version of Cambium CBRS standalone procedures document.
CNSSNG-14518 Device Type selection needs to be provided at Site and AP Group for Report generation.
CNSSNG-14932 PMP/ePMP Configuration Backup: LAST BACKUP date and time is not updating if device under an MSP account.
CNSSNG-15432 Deleting a device in Base Infrastructure and claiming it immediately to another Managed Account returns Device Registration Failed message.
CNSSNG-15595 cnMatrix Hostname fall backs to old Hostname if the template is pushed for the first time (if a Switch Group already exists).
CNSSNG-15656 Duplicate entries observed in 802.11ax Clients Report.
CNSSNG-15838 Issues related to Monetization Subscription Events.
CNSSNG-16019 Subscriptions are not listed in the correct order.
CNSSNG-16197 CBSDID search will not work when device was synced from tool without obtaining grant first. Workaround : Perform CBSDID search from domain proxy view on Cloud to obtain mac address, then perform MAC address search on tool to find the device.
CNSSNG-17011 After the migration completed for PPPoE with server update, devices still show in sync. Workaround : User must manually apply the AP Group again on devices with minor changes to the AP Group.
CNSSNG-18710 Tier issues related to 450i, 450i AP, and 450i SM.
CNSSNG-18856 cnVision Client is not shown under hub. Workaround : Reboot the Client
CNSSNG-18913 On resizing, the graph/widgets are not properly rendering.
CNSSNG-18923 After migration Reports Job page is empty due to cached data. Workaround : Clear Cache and Cookies after migration.
CNSSNG-18927 Configuration push from Onboarding page is getting device timeout error in ePMP 1000 Hotspot device.
CNSSNG-18936 Graph plotting is empty if the page is zoomed out/in.
CNSSNG-19264 Unmanaged expired device approve button is not disabled.
CNSSNG-19273 Expired Wi-Fi devices are not handled for AP Group dashboards and tree level.
CNSSNG-19274 Expired devices count should not be added to connection health graph.
CNSSNG-19275 Issues related to Offline alarm of expired devices.
CNSSNG-20508 Last Super Administrator deletion should be shown proper error message.
CNSSNG-20605 User-Defined Overrides (Advanced) should be handled from Switch Groups > Switches > Actions > Configuration tab.
CNSSNG-20745 AP Count is -1 in Anchor when deregistering the device from Anchor.
CNSSNG-20820 After server upgrade, device throws error [Invalid CBSD ID and Grant ID], even the Domain Proxy shows the device is registered.
CNSSNG-21068 Not able to deregister or delete the SM when PMAC mismatched (SM reported different PMAC) Workaround: Reinitialize the SM from inside the sector of the AP, not by directly searching for the SM in the tool; then deregister and delete the device.
CNSSNG-21264 Auto refresh is not working when Site/Tower/Device details are updated in Network level map.
CNSSNG-21271 Map: SM status is missing in AP details.
CNSSNG-21345 RF Statistics related information should not be available in reports for XV type device.
CNSSNG-21396 Issues related to cnMatrix onboarding overrides.
CNSSNG-21443 System generated critical alarms are not counted for Aggregation.
CNSSNG-21703 SM icon is missing in Network-level Maps.
CNSSNG-22089 New Changes in Clients report in 3.1.0.
CNSSNG-23732 Min Data Rate and Multicast Data Rate configuration push always sets default for both bands.
CNSSNG-24487 AP Group Migration issues from 3.1.0 to 3.1.1. Workaround: clear cache after upgrade to 3.1.1 from 3.1.0 for the overrides to reflect properly
CNSSNG-24529 Multi-floor issue with Firefox browser.
CNSSNG-24649 Others filter is not working for old events.
CNSSNG-24750 Node Performance graphs are plotting 5 minutes delay.
CNSSNG-24823 Device overrides and config apply will not work after Migration from 3.1.0 to 3.1.1 due to cache.
CNSSNG-24826 Site Floorplan: In Edit mode, able to drag devices outside the boundary without an error.
CNSSNG-25071 If ePSK entries exist under an MSP WLAN, then upon disabling MSP in the account, the MSP WLAN ePSK count persists.
CNSSNG-25150 AOS device Configuration Job times out if Device is in DHCP.
CNSSNG-25238 AOS device WebSocket does not disconnect for an X account downgraded to Pure ESS after Retention expired.
CNSSNG-25264 Bulk edit tab at radios is removed/hidden in 3.1.1 release.
CNSSNG-25587 cnVision Hub Retransmission UL values not shown in performance graphs.

Where to Get Help

There are several places to get help with cnMaestro.

Cambium Community : The cnMaestro Forum provides the best place to ask questions and get up-to-date information.

On-Premises Quick Start Guide : This guide walks you through the initial management process and allows you to get onboard quickly. It is embedded into the cnMaestro image and can be accessed on the Home Page of the UI. It can also be downloaded in PDF format from the Cambium Support website.

Cambium Support : The Cambium Support team is available 24x7 to answer questions and resolve issues.

1 Like

Would Cambium consider releasing the security aspect of this into the base version? Security as a paid feature is a bad look.