cnMaestro - NAS-Identifier

joaodossantos · November 9, 2021, 3:02pm

Hi Team,

We’ve had a behavior in our customers since the update that took place in March/2020 in cnMaestro, which impacted the consistency of the data applied by the WLAN to the Access Point, specifically to the NAS-Identifier field on the AAA Servers tab.

In short, it turns out that the NAS-ID field is very important for our hotspot solution, however, instead of this custom parameter being passed on to our RADIUS server, it sends us the following erroneous information in certain authentications to portal, being these: custom, null, =28null=29 or is empty.

The same happens for the portal URL that the Access Point directs, in the example below the gas_nas_id parameter informs the custom erroneous information.

HOTSPOT PORTAL URL

/cambium-login?ga_ssid=Wifi&ga_ap_mac=58-C1-7A-0F-30-8B&ga_nas_id=custom&ga_srvr=10.200.112.239&ga_cmac=64-32-A8-10-E8-20&ga_cip=10.200.112.7&ap_loc=(null)&ga_Qv=eEROBR86HBgAGDEEVgQAGw4UWRUCACYVMgFPRV9ZVydfVVBGUS9FU3pZR1dLBhMUMww.

Note that this isn’t related to cnPilot models or firmware, but to cnMaestro. Anyway, the palliative way we found to solve the case was as follows.

In the case of the URL, we programmatically made the following customization to the Cambium scenario, if the gas_nas_id parameter is not found on our platform, it’ll therefore be checked if the MAC Address of the Access Point of the ga_ap_mac parameter exists in our base, being valid, the exchange of erroneous information of the gas_nas_id parameter is performed.

As for changing the erroneous information that arrives at the RADIUS server, it’s necessary that the Access Point adopted to cnMaestro is updated to the most current recommended firmware, after saving it in another AP Group such as Default Enterprise, synchronize and return to the original AP Group synchronizing, sometimes you need to do this more than once or even restart it with another AP Group.

However, I’d like this to be remedied, because in order to carry out a firmware update of an Access Point park, it is necessary to do this for each one and authenticate to know if the parameters are correct.

Thanks in advance for your help

cireddy · November 10, 2021, 8:06am

hi,

can you share the present AP and cnMaestrp version? and also previous version of cnMaestro i.e. just before the upgrade.

joaodossantos · November 11, 2021, 2:42pm

Hi,

AP’s: cnpilot e430w; cnPilot e400; cnPilot e410; cnPilot e500; cnPilot e600
Current cnMaestro version: 3.0.4-r59

Sorry, I don’t remember and can’t find the latest version, these automatic updates used to happen normally and are notified by a fixed band, but specifically on that date March 3,2020 incongruities started to occur.

cireddy · November 13, 2021, 12:13am

Thanks, can you share APs firmware version? Hope all APs are in the same firmware version.

joaodossantos · November 16, 2021, 8:49pm

Hi,

Yeah, nowadays they are using version 4.2.1-r12 , but as this isn’t something new, whenever this inconsistency of the NAS-ID happened, I needed to remove the AP Group from the Access Point and take the opportunity to upgrade to recommended firmware and apply the AP Group again, so it has already gone through these versions below:

4.1-r3; 3.11.4.1-r3; 3.11.4-r9; 3.11.3.1-r4; 3.11.2-r2

But as I said before, this inconsistency occurs in several clients in their certain cnMaestros, whenever the need to update the firmware or any change is in the WLAN and/or AP Group, it is necessary to remove the Access Point from the AP Group and return it.

cireddy · November 22, 2021, 12:24pm

Thank you. Do we have any AP which is in this condition i.e. sending invalid NAS-ID? If yes, can we get access to cnMaestro and the device?