cnMaestro 6.1.0 Cloud Release

Products cnMaestro
1

We are pleased to announce the cnMaestro 6.1.0 cloud release**.**

Key Features in cnMaestro 6.1.0:

  • EasyPass Hospitality PMS: Integration with TigerTMS PMS service provider for the Hospitality market (Beta release)

  • NSE Cellular WAN: integration with Teltonika 4G/5G modems (Beta release)

  • NSE Two-Factor Authentication over Wireguard VPNs

  • NSE Enhancements: Virtual WAN Statistics, Per-WAN Firewall, and Inter-VLAN Routing

  • MarketApps: Per-site monitoring dashboards for MDU, Outdoor Hospitality, and Senior Living MarketApps

  • MarketApps: cnMatrix Device Replacement Support in Installer App

  • MarketApps: Installer App Enhancements including streamlined workflows

  • Switch Groups Enhanced with simplified port Configuration

  • Device Replacement support for cnMatrix and Wi-Fi Access Points while preserving key device context

  • 60 GHz cnWave Enhancements: Inter-POP Insufficient Path MTU Alarm, L2GRE Events

  • PON Temperature Graph

  • Overdraft Subscription Reordering when subscription capacity is unavailable

  • Remote CLI Access Opt-In Consent from customers to Cambium Support

  • And more…

For a more details on these new features, see the video demo release notes below, in addition to a summary of the key features.

Thank you,

cnMaestro Product Team

*************************************

1. NSE Two-Factor Authentication over Wireguard VPNs

This release introduces two-factor authentication for WireGuard.

The NSE WireGuard remote VPN solution implements two-factor authentication in two steps:

  1. WireGuard cryptographic keys are required to establish the VPN tunnel (something you have).

  2. After the tunnel is established, the user must authenticate using a username and password before traffic forwarding is allowed (something you know).

By requiring both the VPN configuration with keys and user credentials, the NSE ensures that access is granted only after two independent authentication factors are verified.

The user can enable two-factor authentication on a per-client basis.

image.png

2. NSE Enhancements

Virtual WAN Status

  • In the previous release, we introduced the Virtual WAN feature on NSE. In this release, we have added Virtual WAN statistics.

  • On the NSE dashboard, users can now view the status of the Virtual WAN interface, verify whether it is up or down, and confirm if traffic is being forwarded by checking the uplink and downlink counters.

image.png

On the network WAN page, you can view the usage of the virtual WAN link:

image.png

Per-WAN Firewall

In some deployments, the uplink router handles NAT, and the NSE operates mainly as a router.

If the firewall remains enabled on the NSE, the uplink router may not be able to reach the LAN subnets behind the NSE

To address this, in 6.1.0, we introduced an option to disable the firewall on a per-WAN interface, allowing traffic from WAN to LAN.

By default, stateful firewalls are enabled on every WAN interface.

image.png

Inter-VLAN Routing

This release introduces an option to disable inter-VLAN routing, preventing communication between VLANs.

This is useful in scenarios such as a guest VLAN, where users should have internet access only but must be restricted from accessing devices in other local VLANs.

By enabling inter-VLAN blocking, traffic between VLANs is prevented while still allowing internet access, meeting this requirement effectively

The option to disable inter-VLAN routing is available while creating the VLAN interface. By default, inter-VLAN routing is enabled.

image.png

3. Cellular WAN Integration image.png

This release introduces integration with Teltonika LTE modems.

If the NSE is connected behind a Teltonika modem, it can fetch cellular statistics from the modem and display them in cnMaestro.

To configure this:

  • Set the uplink type to Cellular under WAN configuration

  • Provide the required username and password

Once configured, the NSE will fetch statistics from the modem and display them in cnMaestro.

Note: This feature requires NSE devices running software version 2.2 or later.

image.png

The statistics are available at Network > Cellular WAN.

As part of the statistics displayed, we provide the following details:

  • Hardware and software version of the modem

  • Mobile signal information

  • Cellular signal strength details

  • Network status

  • Traffic statistics

image.png

4. EasyPass: Hospitality PMS Integration image.png

TigerTMS is a PMS system service provider for Hospitality. They provide a full management system for property managers from check-in, billing, etc. They provide API for Captive Portal deployment in their systems through which guests are authenticated, and session is managed through it.

Navigate to EasyPass > Add Portal > Hospitality PMS

Configure Server URL, Username and Password under PMS integration page to connect with PMS service.

image.png

5. MarketApps: Per-site Monitoring Dashboards

This feature enhances MarketApps by enabling property managers to configure which sites they wish to monitor within their network infrastructure. This feature is available for MDU Managed WiFi, Outdoor Hospitality Managed WiFi, and Senior Living Managed WiFi.

Navigate to MarketApps > Settings > Site Monitoring > Enable and add the sites that need to be monitored.

image.png

Once enabled, navigate to Add Site and select the intended Networks and Sites.

image.png

Navigate to the manager portal to see the monitoring details like Health Summary, Wireless Clients, WiFi networks, and Unit Health.

image.png

6. Switch Groups Enhanced with Simplified Port Configuration

This feature improves the Switch Group user experience by simplifying port configuration and reducing confusion between model-level and device-level changes.

With this enhancement, port configuration (Port overrides and Port channels) is moved under Switch Groups > Configuration > Ports, while the existing model baseline configuration is available in a collapsible section.

The switch group clearly distinguishes between model configuration changes, which apply to all matching switches in the group, and port override changes, which apply only to the applicable switch. The Devices and Statistics views are also consolidated to provide a cleaner experience, and users can jump directly from port statistics to the related port configuration.

When saving changes, the system provides clear feedback about the scope of the changes and the impacted switches.

This enhancement makes switch port configuration easier to understand, reduces accidental bulk edits, and improves the overall configuration workflow.

image.png

image.png

7. 60 GHz cnWave Enhancements

Inter-POP Insufficient Path MTU alarm

This feature introduces the INTERPOP_INSUFFICIENT_MTU alarm in cnMaestro for cnWave deployments. The alarm is triggered when the effective path MTU between two cnWave PoP nodes is less than 1934 bytes, typically due to an intermediate managed switch configured with the default MTU of 1500.

This enhancement helps operators quickly identify misconfigured MTU settings on switches between PoP nodes, preventing potential fragmentation or loss of subscriber traffic. If the issue is not resolved, the alarm automatically clears after 7 days.

Note: This feature is supported by 60 GHz cnWave PoP devices running firmware version 1.8 or later.

image.png

**
L2GRE Events**

The L2GRE Tunnel Events in Notifications feature adds support for displaying cnWave L2GRE tunnel state changes in the Notifications > Events page.

With this enhancement, users can track L2GRE tunnel state changes directly from cnMaestro and review when tunnels go up or down using the following event names:

  • L2GRE_TUNNEL_UP

  • L2GRE_TUNNEL_DOWN

image.png

Note: This feature is supported by 60 GHz cnWave devices running firmware 1.8 or later.

image.png