cnMatrix Release 4.4-r3

cnMatrix Release 4.4-r3 is now available at https://support.cambiumnetworks.com/files/cnmatrix/

What’s New in 4.4-r3

cnMatrix Software Release 4.4-r3 is supported on all cnMatrix hardware platforms: EX2K, EX1K, TX2K and TX1K.

The cnMatrix 4.4 software archive file can be loaded on both EX and TX models. The archive file name contains EX and TX model names - cnMatrix-EXTX-4.4-r3.tar.gz.

cnMatrix Release 4.4 consists of new features, enhanced functionality and critical bug fixes.

Custom Banner

Login banner and Message-of-the-day (motd) banner can be created and are displayed in console, SSH sessions and Web GUI. The login banner is displayed prior to the user login, whereas the motd is displayed immediately after a successful login.

Banner creation is not supported via Web GUI.

Command Explanation
(config)# banner {login | motd} <text> Create banner. Max. length = 256 characters. Must be inside double quotation if contains space.
(config)# no banner {login | motd} Remove banner

OSPF Network Type

The previous release only supported the broadcast OSPF network type. In 4.4 additional network types are
supported: Non-broadcast, Point-to-Multipoint Non-Broadcast, and Point-to-Point.

Command Explanation
(config-if)# ip ospf network {broadcast | non-broadcast | point-to-multipoint non-broadcast | point-to-point} Default: broadcast

DHCP Client Option 66

DHCP option 66 & 67 provides zero-touch configuration mechanism for a factory-default switch. DHCP server can specify the TFTP server’s IP address in the option 66 and the configuration file name in option 67. If filename is not specified in option 67, the switch will look for the default file names in this order: network-config, cambium.cnf, cambium.conf, and <hostname>, where <hostname> is the current hostname of the switch.

Option 66 is ignored on a non-defaulted switch.

Note: The configuration file must contain only CLI commands. The commands write startup-config or copy running-config startup-config must be included at the end of the configuration file to trigger the configuration save in persistent memory.

Show Tech

The show tech command displays most common data from various show commands for debugging purpose.

Command Explanation
# show tech Display data of different show commands
# copy show-tech { tftp://server/file | scp:// } Copy the output of show tech command to remote file

Enhancements

PBA Enhancement

Applicability of a policy can be limited to specific port(s). If port(s) are not specified in the policy configuration, the policy is applicable to all ports.

Security Enhancement

  1. Configurable inactivity timeout
  2. Configurable number of SSH sessions, Web sessions
  3. Lockout for failed login attempts.
  4. User with role administrator (or privilege 15) can modify their own password. Previously only user admin can modify another user’s password.
Command Explanation
(config)# web-session timeout <1-15mins> Configure inactivity timeout for Web session. Default: 10min
(config)# exec-timeout <1-18000secs> Configure inactivity timeout for CLI sessions. Default: 1800 secs
# show sessions timeout Show CLI and Web sessions timeout.
(config)# ssh max-sessions <1-8> Configure SSH maximum sessions. Default: 8.
# show ip ssh Display SSH information, including SSH max sessions.
(config)# ip http max-sessions <1-10> Configure max http(s) sessions. Default: 10.
(config)# login block-for <30-900secs> attempts <1-10> Configure login password lockout Default: 600 secs, 3 attempts
(config)# enable <username> Unblock a user from the lockout list. Only user ‘admin’ can unblock other users

Web GUI Enhancement

  1. Support UI configuration for DHCP Snooping
    Layer 2 → DHCP Snooping
  2. Support IPv4/IPv6 Ping
    Layer 3 → IP Connectivity
  3. Quick Start for SNMP configuration
    System → SNMP
  4. Web improvement for ease of use

Bug Fixes

Tracking Product Feature Description
3930 All Management Allow user with admin role (privilege 15) to modify password. Previously only user admin can modify other user’s password.
4315 All ACL ACL is not properly installed when switch is configured to use ‘consolidated’ ACL provision-mode
4407 All Web UI The Mirroring Web page (Layer 2 > Mirroring) has been modified to support port numbers and port ranges (e.g., “5,10-20" - no more “Gi0/5,Ex0/1”). Error checking, help text and formatting have been improved as well.
4284 All Management Fixed crash when using domain name instead of IP address for NTP server
1 Like

This seems to be missing from cnMaestro On Premises when i click to add from cloud, had to add manually.