Enterprise Wi-Fi Access Point System Release 6.4 is now available. For the full release notes, please see the Wi-Fi Documentation section of the support site.
Introduction
System Release 6.4 adds support for new platform XE3-4. Beta support for e410, e510, e430, e600, and e700 Wi-Fi 5 platforms are also added in this release.
XE3-4 Wi-Fi 6E Indoor Access Point
The XE3-4 is a Tri-Radio Wi-Fi 6/6E 4x4/2x2 Access Point designed to deliver future-proof performance and value for building next generation networks. Wi-Fi 6 delivers faster and more efficient wireless network connections than previous generation Wi-Fi technologies. Wi-Fi 6E extends the capacity of Wi- Fi into the 6 GHz band, more than tripling the wireless spectrum available. With a high-speed software- defined radio, the XE3-4 enables seamless transition to Wi-Fi 6E with the ability to easily change from dual-band to (2.4 GHz, 5 GHz, and 6 GHz) mode when sufficient 6 GHz clients are available.
New Features
System Release 6.4 adds support for a number of new features.
RADIUS based ePSK
Cambium Networks ePSK feature is an extension of WPA2 PSK where multiple passphrases can be assigned to a single SSID. The Wi-Fi clients can have unique passphrases that can be used by each client using this feature. The same feature has been now extended to RADIUS. The RADIUS server can provide the matching PMK for a given client, and corresponding standard RADIUS attributes can be enforced for client session. This requires custom development on the RADIUS server.
Real Time Location System (RTLS)
Bluetooth (BLE) tags are supported on XV3-8, XV2-2T, and XE3-4 devices.
Mesh
Enterprise Wi-Fi APs support the Mesh feature.
Packet capture
Allows the administrator to capture packets from the APs UI, cnMaestro UI, or XMS-Cloud. The administrator can filter the packets being captured by specifying a particular MAC address, IP address, and port number. The user can trigger packet capture on one or more interfaces, simultaneously view the progress of the capture. The user can also download the captured pcap file on completion.
DHCP
Enterprise Wi-Fi APs supports Option 82 in Dynamic Host Configuration Protocol (DHCP) request as per the WLAN configuration.
PPPoE Tunnel
Enterprise Wi-Fi AP supports Point-to-Point Protocol over Ethernet (PPPoE) that provides ability to
establish a connection to ISP with user authentication.
L2TPv2 Tunnel
Enterprise Wi-Fi APs provide ability to establish the tunnel to L2TPv2 server.
Band Steering (Beta)
This feature steers the clients from loaded band to unloaded band on the same AP. The logic takes care of all supported bands. That is, 6E capable client can be moved to 6 GHz radio if 2.4 and 5 GHz radios are loaded on the same AP.
Multicast-snooping and Multicast-to-Unicast conversion (Beta)
Multicast-to-Unicast conversion heavily depends on multicast (IGMP) snooping. With IGMP snooping enabled, the device monitors IGMP traffic on the network and forwards multicast traffic to only the downstream interfaces that are connected to interested receivers. The device conserves bandwidth by sending multicast traffic only to clients connected to devices that receive the traffic (instead of flooding the traffic to all the downstream clients in a VLAN).
802.11k
Radio Resource Measurement (RRM) defines and exposes radio and network information to facilitate the management and maintenance of a wireless network. 802.11k is intended to improve the way traffic is distributed within a network.
802.11v
802.11v is deployed on the APs to govern the wireless networking transmission methods. It allows client and APs to exchange information regarding the network topology and RF environment. This facilitates the wireless devices to be RF-aware for participating in network assisted power savings and network assisted roaming methods.
Enhanced Roaming (Smart steering)
A client with low RSSI impacts the overall throughput of the AP as it takes more airtime to deliver data at low data rates. With Enhanced Roaming, users can set a RSSI threshold. If a client connects to the AP with RSSI below this threshold, the client gets disconnected.
MAC Authentication Fallback
Enterprise Wi-Fi AP supports MAC Authentication Fallback in which wireless stations are redirected to Guest Access login page on any supported type of MAC address authentication failure. Only RADIUS-based MAC authentication is supported now.
HTTPS Proxy for Management Traffic
This feature is used to help the AP in obtaining cnMaestro IP/HTTPs Proxy server address from the DHCP server.
IPv6
Enterprise Wi-Fi AP can set IPv6 address in following modes:
- AutoConfig
- Static
- Stateless DHCPv6
- Stateful DHCPv6
The following management features now support IPv6:
- Enterprise Wi-Fi AP devises can be onboarded to cnMaestro with IPv6 addresses.
- Users can configure syslog with IPv6 address.
- RADIUS authentication and accounting with IPv6 server are supported.
Spectralink
Spectralink wireless phone solution is designed to handle a range of industries, including healthcare, retail, manufacturing, hospitality, and general office applications. Spectralink’s Voice Interoperability for Enterprise Wireless (VIEW) Certification Program is designed to ensure interoperability and high performance between Spectralink Wireless telephones and Cambium Networks Wi-Fi 6/6E APs.
Enhancements
Tracking | Product | Description |
---|---|---|
FLCN-10812 | All | AP performs URL encoding of SSID field in the DHCP option 82 as per RFC 3986. |
FLCN-10034 | All | The RADIUS attribute-Called Station ID is now supported with WLAN BSSID option. |
FLCN-9659 | All | Additional support has been added to DSCP for WMM AC mapping. |
FLCN-9535 | All | EasyPass-UPSK-Client roams between two XMSC accounts. |
FLCN-8529 | All | WPA2 Group Rekey support has been added. |
FLCN-8153 | All | Syslog messages are now sent to the configured Syslog server based on the Syslog severity configuration. |
Fixed Issues
Tracking | Product | Description |
---|---|---|
FLCN-10916 | All | Radio Transmit Power not reflected correctly on dashboard or CLI. |
FLCN-10915 | XV2-2 | AP got lesser power (13W) from Cisco PoE Switch (SF350) despite requested power was 16W. |
FLCN-10851 | All | The drop-down menus and the text boxes were narrow from the AP UI with display resolution 1024x768. |
FLCN-10815 | All | EasyPass Guest Access Portal was not working. |
FLCN-10707 | All | AP showed offline but communication was evident. |
FLCN-10543 | XV3-8 | Fixed boot issues. |
FLCN-10493 | XV3-8 | Radio 3 did not beacon if channel was set to auto for 40 MHz bandwidth. |
FLCN-10425 | All | Client failed to connect when Guest Access portal was enabled with enterprise security. |
FLCN-10381 | All | Username length display must contain 64 characters. |
FLCN-10374 | All | Provided protection for ARP flood attack comingfrom wireless clients. |
FLCN-10252 | All | Client disconnect reason was not showing in the cnMaestro events. |
FLCN-10215 | All | Unable to connect with WPA2/WPA3 pre-shared key. |
FLCN-10212 | All Wi-Fi 6/6E APs | Using Eth2 for wired network connection only allowed internet access when using native VLAN of Eth1. |
FLCN-9960 | All | 11w capable client was not able to connect AP when 802.11w was set to Optional in cnMaestro. |
FLCN-9918 | All | Optimized channels were not getting reset when configuration was pushed from XMS. |
FLCN-9898 | All | Dell Optiplex 780 with wNIC Realtek RTL8192CU did not see SSIDs on AP. |
FLCN-9654 | All | Improved error message when using wrong image to upgrade. |
FLCN-9607 | All | AP with Hidden SSID profile sent probe response with SSID while receiving probe request of other network. |
FLCN-9570 | All | An error message was thrown on CLI when you tried to disable PMF on WPA2-WPA3-PSK security mode. |
FLCN-9557 | All | Time mismatch observed for client count, throughput graphs in AP’s dashboard. |
FLCN-9446 | All Wi-Fi 6/6E APs | The application deny filter usage for Facebook did not completely block Facebook traffic and continued to receive new Facebook content. |
FLCN-9395 | All | Provisioned to shut/no shut the ethernet interface of AP. |
FLCN-9657 | All | DNS-ACL applied before the Guest Access. |
FLCN-8819 | XV3-8 | Observed Target Assert while executing channel power automation test with ROW (WCSS). |
FLCN-8391 | All | The device was not able to decode few Macro-Based NAS identifiers. |
FLCN-8107 | All | Information on very High Throughput (VHT) was advertised in the 11n/11gn mode (2.4 GHz band). |
Known Issues
Tracking | Product | Description | Workaround |
---|---|---|---|
FLCN-11467 | All | Client to client UDP traffic fails if clients are on different VLANs. | SNAT Rule can be added in default Gateway from STA1 to STA2. |
FLCN-11442 | All | Sometimes, Kernal Panic is seen when L2TPv2 is configured over PPPoE. | Change the default MTU value of PPPoE to 1492. |
FLCN-11369 | All | AP is not able to pass the traffic with Huawei-E3372 4G dongle. | None |
FLCN-11310 | XE3-4 | Sometimes, kernel panic is seen while creating WLAN interface in 6 GHz. | None |
FLCN-11303 | e410,e510, e430,e600, and e700 | Qualcomm 61x4A 11ac Wave 2 disconnects continuously. | Disable 802.11w |
FLCN-11299 | All Wi-Fi 6/6E APs | When roaming from an Xirrus AOS to Cambium Networks Wi-Fi 6/6E APs, Azure prompts for re-authentication. | None |
FLCN-11182 | XE3-4 | XE3-4 6E radio Txpower reverts to 18 dBm from configured value of 24 dBm. | None |
FLCN-11115 | All | With PMF enabled and agressive roaming, client disconnects while roaming to nearby AP (M1 Anonce does not go out). | Disable PMF, or Keep PMF enabled, then enable fast-roaming 802.11r where the 4-way HS is not an issue during roaming. |
FLCN-10995 | All | Control Frames are sent at unsupported data rates when data rate is configured to Non Default values. | None |
FLCN-10982 | All | 802.11b clients still connects to AP radio configured to 802.11 gn or 11n only Mode. | None |
FLCN-10917 | All | Guest Access is not working on Apple, Android, and Windows when private addresses mechanism is enabled. | None |
FLCN-10856 | All | Wi-Fi 6/6E APs Siphon application is not being blocked by Application Control. | None |
FLCN-10847 | All | With Open/WPA2-PSK Guest Access, Accounting-Multi-Sess-ID changes after roaming. | None |
FLCN-10307 | All | RADIUS Failover order is wrong when three RADIUS servers are configured. | None |
FLCN-9723 | All | The Guest Access redirection for Proxy Redirection port is not working properly. | None |
FLCN-9721 | All | Modifying the management rate to 12 Mbps in a ANACAX mode causes beacons to go out at 12 Mbps but other packet types such as Association Responses and EAPoL packets remain at 6 Mbps. | None |
FLCN-9697 | All | Client VLAN gets changed after roaming. | None |
FLCN-9512 | All | The DNS resolution fails for GRE host when primary DNS server is not reachable. | None |
FLCN-8103 | All | Rate Limit for cnMaestro Guest Portal/RADIUS-based is not supported. | None |
Limitations
Tracking | Product | Description |
---|---|---|
FLCN-11284 | e410, e510, e430, e600, and e700 | Deep Packet Inspection (DPI) is not supported. |
FLCN-10410 | e410, e510, e430, e600, and e700 | AeroScout feature is not supported. |
FLCN-10215 | All | WLAN client does not connect with WPA3 when EPSK is enabled. |
FLCN-9424 | All | Smart Steering/Enhanced roaming must not be enabled in single AP deployment scenario. |
FLCN-8476 | XV2-2 | 160 MHz bandwidth is not supported. |
FLCN-7675 | All | Multicast isolation is not supported. |
FLCN-7674 | All | Cisco Discovery Protocol (CDP) is not supported. |