Enterprise Wi-Fi Access Point System Release 6.4 is now available

Enterprise Wi-Fi Access Point System Release 6.4 is now available. For the full release notes, please see the Wi-Fi Documentation section of the support site.


System Release 6.4 adds support for new platform XE3-4. Beta support for e410, e510, e430, e600, and e700 Wi-Fi 5 platforms are also added in this release.

XE3-4 Wi-Fi 6E Indoor Access Point

The XE3-4 is a Tri-Radio Wi-Fi 6/6E 4x4/2x2 Access Point designed to deliver future-proof performance and value for building next generation networks. Wi-Fi 6 delivers faster and more efficient wireless network connections than previous generation Wi-Fi technologies. Wi-Fi 6E extends the capacity of Wi- Fi into the 6 GHz band, more than tripling the wireless spectrum available. With a high-speed software- defined radio, the XE3-4 enables seamless transition to Wi-Fi 6E with the ability to easily change from dual-band to (2.4 GHz, 5 GHz, and 6 GHz) mode when sufficient 6 GHz clients are available.


New Features

System Release 6.4 adds support for a number of new features.


Cambium Networks ePSK feature is an extension of WPA2 PSK where multiple passphrases can be assigned to a single SSID. The Wi-Fi clients can have unique passphrases that can be used by each client using this feature. The same feature has been now extended to RADIUS. The RADIUS server can provide the matching PMK for a given client, and corresponding standard RADIUS attributes can be enforced for client session. This requires custom development on the RADIUS server.

Real Time Location System (RTLS)

Bluetooth (BLE) tags are supported on XV3-8, XV2-2T, and XE3-4 devices.


Enterprise Wi-Fi APs support the Mesh feature.

Packet capture

Allows the administrator to capture packets from the APs UI, cnMaestro UI, or XMS-Cloud. The administrator can filter the packets being captured by specifying a particular MAC address, IP address, and port number. The user can trigger packet capture on one or more interfaces, simultaneously view the progress of the capture. The user can also download the captured pcap file on completion.


Enterprise Wi-Fi APs supports Option 82 in Dynamic Host Configuration Protocol (DHCP) request as per the WLAN configuration.

PPPoE Tunnel

Enterprise Wi-Fi AP supports Point-to-Point Protocol over Ethernet (PPPoE) that provides ability to
establish a connection to ISP with user authentication.

L2TPv2 Tunnel

Enterprise Wi-Fi APs provide ability to establish the tunnel to L2TPv2 server.

Band Steering (Beta)

This feature steers the clients from loaded band to unloaded band on the same AP. The logic takes care of all supported bands. That is, 6E capable client can be moved to 6 GHz radio if 2.4 and 5 GHz radios are loaded on the same AP.

Multicast-snooping and Multicast-to-Unicast conversion (Beta)

Multicast-to-Unicast conversion heavily depends on multicast (IGMP) snooping. With IGMP snooping enabled, the device monitors IGMP traffic on the network and forwards multicast traffic to only the downstream interfaces that are connected to interested receivers. The device conserves bandwidth by sending multicast traffic only to clients connected to devices that receive the traffic (instead of flooding the traffic to all the downstream clients in a VLAN).


Radio Resource Measurement (RRM) defines and exposes radio and network information to facilitate the management and maintenance of a wireless network. 802.11k is intended to improve the way traffic is distributed within a network.


802.11v is deployed on the APs to govern the wireless networking transmission methods. It allows client and APs to exchange information regarding the network topology and RF environment. This facilitates the wireless devices to be RF-aware for participating in network assisted power savings and network assisted roaming methods.

Enhanced Roaming (Smart steering)

A client with low RSSI impacts the overall throughput of the AP as it takes more airtime to deliver data at low data rates. With Enhanced Roaming, users can set a RSSI threshold. If a client connects to the AP with RSSI below this threshold, the client gets disconnected.

MAC Authentication Fallback

Enterprise Wi-Fi AP supports MAC Authentication Fallback in which wireless stations are redirected to Guest Access login page on any supported type of MAC address authentication failure. Only RADIUS-based MAC authentication is supported now.

HTTPS Proxy for Management Traffic

This feature is used to help the AP in obtaining cnMaestro IP/HTTPs Proxy server address from the DHCP server.


Enterprise Wi-Fi AP can set IPv6 address in following modes:

  • AutoConfig
  • Static
  • Stateless DHCPv6
  • Stateful DHCPv6

The following management features now support IPv6:

  • Enterprise Wi-Fi AP devises can be onboarded to cnMaestro with IPv6 addresses.
  • Users can configure syslog with IPv6 address.
  • RADIUS authentication and accounting with IPv6 server are supported.


Spectralink wireless phone solution is designed to handle a range of industries, including healthcare, retail, manufacturing, hospitality, and general office applications. Spectralink’s Voice Interoperability for Enterprise Wireless (VIEW) Certification Program is designed to ensure interoperability and high performance between Spectralink Wireless telephones and Cambium Networks Wi-Fi 6/6E APs.


Tracking Product Description
FLCN-10812 All AP performs URL encoding of SSID field in the DHCP option 82 as per RFC 3986.
FLCN-10034 All The RADIUS attribute-Called Station ID is now supported with WLAN BSSID option.
FLCN-9659 All Additional support has been added to DSCP for WMM AC mapping.
FLCN-9535 All EasyPass-UPSK-Client roams between two XMSC accounts.
FLCN-8529 All WPA2 Group Rekey support has been added.
FLCN-8153 All Syslog messages are now sent to the configured Syslog server based on the Syslog severity configuration.

Fixed Issues

Tracking Product Description
FLCN-10916 All Radio Transmit Power not reflected correctly on dashboard or CLI.
FLCN-10915 XV2-2 AP got lesser power (13W) from Cisco PoE Switch (SF350) despite requested power was 16W.
FLCN-10851 All The drop-down menus and the text boxes were narrow from the AP UI with display resolution 1024x768.
FLCN-10815 All EasyPass Guest Access Portal was not working.
FLCN-10707 All AP showed offline but communication was evident.
FLCN-10543 XV3-8 Fixed boot issues.
FLCN-10493 XV3-8 Radio 3 did not beacon if channel was set to auto for 40 MHz bandwidth.
FLCN-10425 All Client failed to connect when Guest Access portal was enabled with enterprise security.
FLCN-10381 All Username length display must contain 64 characters.
FLCN-10374 All Provided protection for ARP flood attack comingfrom wireless clients.
FLCN-10252 All Client disconnect reason was not showing in the cnMaestro events.
FLCN-10215 All Unable to connect with WPA2/WPA3 pre-shared key.
FLCN-10212 All Wi-Fi 6/6E APs Using Eth2 for wired network connection only allowed internet access when using native VLAN of Eth1.
FLCN-9960 All 11w capable client was not able to connect AP when 802.11w was set to Optional in cnMaestro.
FLCN-9918 All Optimized channels were not getting reset when configuration was pushed from XMS.
FLCN-9898 All Dell Optiplex 780 with wNIC Realtek RTL8192CU did not see SSIDs on AP.
FLCN-9654 All Improved error message when using wrong image to upgrade.
FLCN-9607 All AP with Hidden SSID profile sent probe response with SSID while receiving probe request of other network.
FLCN-9570 All An error message was thrown on CLI when you tried to disable PMF on WPA2-WPA3-PSK security mode.
FLCN-9557 All Time mismatch observed for client count, throughput graphs in AP’s dashboard.
FLCN-9446 All Wi-Fi 6/6E APs The application deny filter usage for Facebook did not completely block Facebook traffic and continued to receive new Facebook content.
FLCN-9395 All Provisioned to shut/no shut the ethernet interface of AP.
FLCN-9657 All DNS-ACL applied before the Guest Access.
FLCN-8819 XV3-8 Observed Target Assert while executing channel power automation test with ROW (WCSS).
FLCN-8391 All The device was not able to decode few Macro-Based NAS identifiers.
FLCN-8107 All Information on very High Throughput (VHT) was advertised in the 11n/11gn mode (2.4 GHz band).

Known Issues

Tracking Product Description Workaround
FLCN-11467 All Client to client UDP traffic fails if clients are on different VLANs. SNAT Rule can be added in default Gateway from STA1 to STA2.
FLCN-11442 All Sometimes, Kernal Panic is seen when L2TPv2 is configured over PPPoE. Change the default MTU value of PPPoE to 1492.
FLCN-11369 All AP is not able to pass the traffic with Huawei-E3372 4G dongle. None
FLCN-11310 XE3-4 Sometimes, kernel panic is seen while creating WLAN interface in 6 GHz. None
FLCN-11303 e410,e510, e430,e600, and e700 Qualcomm 61x4A 11ac Wave 2 disconnects continuously. Disable 802.11w
FLCN-11299 All Wi-Fi 6/6E APs When roaming from an Xirrus AOS to Cambium Networks Wi-Fi 6/6E APs, Azure prompts for re-authentication. None
FLCN-11182 XE3-4 XE3-4 6E radio Txpower reverts to 18 dBm from configured value of 24 dBm. None
FLCN-11115 All With PMF enabled and agressive roaming, client disconnects while roaming to nearby AP (M1 Anonce does not go out). Disable PMF, or Keep PMF enabled, then enable fast-roaming 802.11r where the 4-way HS is not an issue during roaming.
FLCN-10995 All Control Frames are sent at unsupported data rates when data rate is configured to Non Default values. None
FLCN-10982 All 802.11b clients still connects to AP radio configured to 802.11 gn or 11n only Mode. None
FLCN-10917 All Guest Access is not working on Apple, Android, and Windows when private addresses mechanism is enabled. None
FLCN-10856 All Wi-Fi 6/6E APs Siphon application is not being blocked by Application Control. None
FLCN-10847 All With Open/WPA2-PSK Guest Access, Accounting-Multi-Sess-ID changes after roaming. None
FLCN-10307 All RADIUS Failover order is wrong when three RADIUS servers are configured. None
FLCN-9723 All The Guest Access redirection for Proxy Redirection port is not working properly. None
FLCN-9721 All Modifying the management rate to 12 Mbps in a ANACAX mode causes beacons to go out at 12 Mbps but other packet types such as Association Responses and EAPoL packets remain at 6 Mbps. None
FLCN-9697 All Client VLAN gets changed after roaming. None
FLCN-9512 All The DNS resolution fails for GRE host when primary DNS server is not reachable. None
FLCN-8103 All Rate Limit for cnMaestro Guest Portal/RADIUS-based is not supported. None


Tracking Product Description
FLCN-11284 e410, e510, e430, e600, and e700 Deep Packet Inspection (DPI) is not supported.
FLCN-10410 e410, e510, e430, e600, and e700 AeroScout feature is not supported.
FLCN-10215 All WLAN client does not connect with WPA3 when EPSK is enabled.
FLCN-9424 All Smart Steering/Enhanced roaming must not be enabled in single AP deployment scenario.
FLCN-8476 XV2-2 160 MHz bandwidth is not supported.
FLCN-7675 All Multicast isolation is not supported.
FLCN-7674 All Cisco Discovery Protocol (CDP) is not supported.
1 Like