ePMP 4525 - A nightmare to do pre-install evaluations with

I am still new to ePMP equipment as I have only used either Canopy PMP100, AirmaxM or AirmaxAC gear for PtMP. I am evaluating ePMP 4000 series and have found the ePMP 4525 SM radios to be a nightmare to do field configurations and pre-install evaluations with.

Our standard process right now with AirmaxAC is to always do a pre-install live signal check evaluation at the customer site. This helps us determine which tower they can see or not see and which AP on the tower is best. It also lets us know the RSSI and the modulation rates of the device. As most experienced installers know RSSI is not the end all of determining if the link is a good one or not.

On AirmaxAC it is very simple to do. I have all our APs set with the same long random WPA2 key that is then stored in our default SM configuration file. All we then have to do for installing is customize the device name and any other network settings and then just change the SSID to the AP from the pre-install survey. For UI gear the SSID is separate from the WPA2 key in the device.

For pre-install evaluations we just use a portable battery pack to power the SM via 24v POE and then connect to the SM’s built-in wifi management radio. From there I use either the GUI or their mobile app (UISP) to login to the SM and then run the Site Survey tool. It then lists the RSSI of the seen APs which I then select the one I want to test with. It shows me a screen then with the new SSID and the WPA2 key which I can then keep the same as already programmed in the SM or change it if needed. I then apply the change and the SM comes up on the selected SSID and I can do signal, modulation, and alignment tests.

Conversely on ePMP 4525 it is not anywhere close to that simple and it actually is probably the most non-user friendly as it can be.

On the SM under Configuration->Security there is a place to select the Wireless Security Type as WPA2 and then enter a WPA2 Key. I assumed this is the default key that the SM GUI will use when selecting the Preferred AP. I thought that because if you have a Preferred AP configured on the SM you get the message “Preferred APs configured. Security Options not Available.” However, that is not the case as I came to find out.

I went to our outdoor test site with a pre-configured SM that has no Preferred AP configured. I then powered the SM up with a portable battery pack connected to a Mikrotik mAP so I could use wifi to manage the SM via my cellphone.

After the SM booted up I connected using my phone browser to the SM GUI and went to Tools->eAlign where after a few minutes the AP I was testing for showed up in the list. I then clicked on Add to make the AP the Preferred AP of the SM, but then the GUI asked me to enter the AP WPA2 key. Since I use long random keys on my APs I have no idea on what the password is. I wrongly expected the SM to auto-populate that field with the WPA2 key stored in the Configuration->WPA2 key field. Since it did not I guess I wonder what is the actual function of the WPA2 key in the Security section?

I then thought that maybe the cnArcher tool would be the way to go. Maybe it did some things the GUI did not do. Well that was a failure as well. The tool was able to see the SM but when I went to do a Quick Scan it would fail as it uses a proxy to the SM GUI to give that information. I have my SMs all set to use HTTPS on a non-standard port. The cnArcher tool only uses HTTP so it cannot connect via that proxy to my SM for doing the scan. I am then left trying to then configure the SM using the web GUI on a cellphone where it is not really that well optimized for.

I suggest a few simple changes to both the SM GUI and to the cnArcher tool that would easily fix this.

  1. When selecting a Preferred AP, pre-populate the WPA2 field with the key stored under Configuration->Security. I can then change it if the AP has a different key than the one stored.
  2. Allow cnArcher tool to use HTTP or HTTPs.

Honestly the ePMP 4000 series GUI needs a lot of usability tweaks in other areas as I find the GUI sub-par, but at least making some minor changes to make installation and pre-evaluation of sites much easier is not too much to ask.

Frankly things like this make me pause as I now have to weigh the performance of the ePMP 4000 platform vs the extreme non-user friendly nature of the software.


Sorry to hear you’re having such a frustrating first time experience with ePMP. We’ve been using the ePMP line and 4525 for awhile now and have a few things that we do to help speed up the installation process and ensure things go smoothly.

Typically we’ll unpackage the radio and do some light preassembly the day before or morning of the install. We’ll also do a DOA test, update the firmware, and then load a golden config on it.

When the installer goes to test, they have a battery powered PoE they use, and a small-ish Dell laptop plugged directly into the PoE that they use to do the signal test. First they just do a quick scan on the Monitor → Wireless page. Then they pick the AP with best RSSI, copy the SSID, then go to Configuration → Radio and change a pre-entered generic SSID w/key already entered. We use the same key everywhere, so that’s already entered and stays the same. It would be pretty easy if you had multiple keys however to have these pre-entered into the golden config as generic SSID’s 1 through whatever, and then the installer knows which SSID corresponds to what key, they enter in the right SSID, and delete the unused SSID’s.

At this point you reboot… when it comes back up it’s time to align under Tools → eAlign. If the signal is marginal and you’re having drop outs, we further lock the channel and channel width so that it will re-register immediately. This helps reduce alignment time in difficult circumstances.

Lastly, just change some of the generic IP config and do some speed tests and then it’s pretty much ready to hand off to the customer.

Total time to do all this is around 10min give or take a few.

Anyway, this is how we do it… maybe there’s slightly faster ways, but it doesn’t seem like it takes any longer then any of the other Cambium or other manufactures radios we have to configure and install. I’ll admit, it would be nice to have a better GUI with Cambium products, but in the big scheme of things, after we access the GUI the first time, we rarely use it again… so if there’s limited development resources, I’d rather it go to improvements under the hood, like increasing RF performance, PPS increases, stability improvements, etc… optimizing the GUI would be close to last on my list.


That is I guess one way to work around a very bad user interface. Doesn’t really solve anything to just let bad design be ignored though.

Really wouldn’t take much effort to do a few minor adjustments to the GUI, and I assume the GUI people are not the same people that engineer the wireless drivers an protocol so it should not interfere with the ability to make a good RF product.

Also it does not answer my question of what is the point of the Configuration->Security WPA2 key if it is not used as the default WPA2 key and is ignored if you have preferred APs configured.

1 Like

LOL… oh poor sweet innocent WISP. You have no idea the pain in store for you. Wait until you try to trouble shoot links using a GUI that will tell you interfaces are up when they are down , down when they are up, show IP address for interfaces that don’t have ip addresses or show wrong IP addresses for interfaces. A spectrum analyzer / site survey tool that can’t find/see ePMP access points mounted on the same tower with it while simultaneously claiming it sees a wifi router with the SSID of “JoesGasNGo” and though Joes is 6 miles away it claims it sees it at -12dBm and that’s when it isn’t showing anything at all on the SA or SS or it’s freezing and crashing or wiping and starting over and it’s soooo sloooooow you have to leaving it running and running and running but don’t leave it running to long or accidently leave it on because that can cause its own problems.

That’s not even touching on the outright bizarre design choices forcing you to click multiple links go several layers deep, with just enough response lag to make every single click annoying, just to see 1 piece of basic information. Oh and once you get there that data may or may not be made up, accurate or even for that radio because it may actually be displaying data from the previous radio you was in OR you may not even be connected to the radio and it’s just showing you data that is somehow cached even though you are in incognito. And you better always be in incognito or private or whatever your browser calls it because things get really weird once you let the ePMP cache/save/store it’s entire interface so it can pretend to be faster and more responsive by showing you bogus info until it can load the mostly not bogus info. ePMP seems have gone out of their way to make sure you can’t see more than 1 piece of information at a time which completely defeats what is normally the biggest advantage of a GUI over CLI and they don’t seem to think that showing accurate data is really all that important.

Try troubleshooting a customer’s connection problems with a radio that tells you that both the wireless and ethernet interfaces are down when you log into it.

Are you planning to use PPPoE on the CPE’s ? Welcome to trouble shooting connection problems when the radio will tell you PPPoE is connected when it isn’t, isn’t connected when it is and more!

Use DHCP on the CPE ? Well have fun trying to figure out the customer’s issues when the radio may or may not tell you if it has handed out any addresses because the DHCP list may or may not populate , the ARP list also blanks out just because so maybe their router is getting an ip and maybe it isnt.

The hardware is good but the interface is absolute trash that I’m pretty sure was designed by some executive’s “My grandkid is really good at making those internet page things”.

1 Like

Two things I can tell you is

  1. Cambium radios and firmware/drivers are excellent, and worth it
  2. It’s sadly unlikely to see any substantial improvements in the GUI. Cambium apparently believes in a bleak GUI with every piece of information three clicks deep on its own page.

I’ve also thought the same thing as you – the web interface are essentially web pages, So it seems like it should be possible (on a days or weeks long time scale) to improve the usability. But after 11 years, there has been only modest updates, and every small request typically gets answered with “would you rather have fancy graphs, or have us work on the driver” :person_shrugging: It just doesn’t seem like those two things should be mutually exclusive.

However - like Eric, we did eventually get a system in place which works to do installations, without two terribly much pain, and then we don’t look at the GUI very often afterwards. So for me, I don’t really find it a deal breaker anymore.

As well, the spectacular performance of the 4500 / 4525 is rather spectacular… so I’ve kind of come to accept that the world’s best WISP gear or just come with the world’s most meager interface. :person_shrugging:

So, I encourage you to stick it out, the 4000 series is super new so it will have bugs and quirks of its own which you’ll also have to suffer through somewhat, but as it matures over the next months, it’s going to be rather brilliant.


Ok. So I guess they won’t ever improve the GUI. Could Cambium at least fix cnArcher to allow for HTTPS?


Maybe post a comment under the cnArcher area, or the Your Ideas - Cambium Community

@terintamel Configuration → Security WPA2 key is always used unless a preferred AP is configured, in which case you have to enter the WPA2 key for each preferred AP. If you don’t specify a preferred AP, the SM will connect to any AP it sees that will allow it to and has the same wpa2 key.


@Jacob_Turner Maybe there is a bug in the 5.4.2FW because I had this test SM pointed at the AP for over 5+ minutes and it did not connect to it at all unless I put it as a preferred AP, and since Cambium gives you practially zero information about the connection process I do not even know if it was trying to connect or not.

At least with UI devices I can see what channel it is currently scanning, whether it is trying to connect or not, and the device logs on both the AP and SM will show the connection status and attempts.

The signal on the survey was -45db and this is the only ePMP 4500 AP I have deployed.

1 Like

I’m not sure if there is a bug or not, but I completely agree with you that the entire scan/registering/registered process on ePMP leaves the operator pretty much in the dark. The logging is also not very useful.

If Cambium spent some energy improving their web UI I think more folks would switch. The current UI (especially ePMP) has information so scattered and is so slow to refresh that sometimes people just give up.


On Monitor → Wireless page you can see if SM sees the AP and if it can connect to it(Matches the registration criteria).
If it doesn’t connect you can see the reason why there as well.


@Fedor I will test that out next week to see why the SM would not connect unless the Preferred AP was configured.

You know a good place for this registration status information would be on the main page of the GUI. At least that is my opinion.

1 Like