This release has been withdrawn.
Cambium is officially releasing the PMP450x Radio 20.0 software. Please, refer to release notes for a complete detailed of new features and bug fixes.
- Radio software and documentation can be found at Log In / Cambium Networks Support
- CBRS procedures that involve both cnMaestro and radio software can be found in the cnMaestro repository at Log In / Cambium Networks Support
20.0 will be available on cloud cnMaestro within 24 hours.
Feature Overview
Improved Link Performance
This release introduces an improved scrambling/descrambling that increases the reliability of the link in a variety of traffic payloads.
Increased Packets Per Second
This release enhances the aggregate sector Packets Per Second (PPS) performance of 450i, 450b and MicroPoP APs, from 45K PPS to over 150K PPS.
Intermediate Modulation Modes
This feature enables operation of 3x (8-QAM MIMO-B), 5x (32-QAM MIMO-B), and 7x (128-QAM MIMO-B) modulations. The automatic rate adapt may select these rates as necessary based on signal quality, providing higher throughput. These rates are also available for use with Multicast Data Channel and PTP Min/Max Modulation Rate feature.
IPv6
This release supports radio management using IPv6 address
TLS 1.2 and 1.3
This release supports web server using TLS 1.2 and TLS 1.3 for HTTPS connections.
User Certificate Import
This feature allows users to import their own certificate to be used by HTTPS server.
SSHv2
This release introduces SSHv2 support and once the user is logged in via SSH, the Command Line Interface (CLI) which is the same as Telnet will be presented to the user.
SNMPv3 Security Protocol
This feature supports SHA-1 and SHA-256 as choices for SNMPv3 Authentication Protocol.
Reconfigure without Reboot
This release avoids device reboot for the following configuration parameters:
- Sector ID on AP
- Transmit Power on AP
- Site Name
- Site Contact
- Site Location
Point to Point Target Receive Power Level on BHM
This feature allows the Backhaul Master to control the transmit power of the Backhaul Slave.
Enhanced Frame Utilization Statistics
This release introduces an enhanced Frame Utilization Statistics on GUI (Not available on 450m).
DSCP Stream Prioritization
This features allows certain DSCP streams to be prioritized, irrespective of
the Diffserv configuration, in both downlink and uplink directions.
Improved Link Performance
This release introduces an improved scrambling/descrambling that increases the reliability of the link in a variety of traffic payloads. It also decreases the likelihood of lower modulation or a dropped session due to a specific packet payload. For this reason, we recommend that SMs are upgraded first. If the AP is upgraded first, each link will run at a maximum of 2X MIMO-B until the SM side is also upgraded. As always, it is recommended that both sides of the link should be running the same software version.
Increased Packets Per Second
This release enhances the aggregate sector Packets Per Second (PPS) performance of 450i, 450b and MicroPoP APs, from 45K PPS to over 150K PPS.
Intermediate Modulation Modes
This feature is automatically enabled at the AP and will be functional if the AP and SM are running System release 20.0 or later software. This feature adds 3 new modulations:
- 3x (8-QAM)
- 5x (32-QAM)
- 7x (128-QAM).
It is supported on 450, 450i and MicroPoP APs. This feature is currently not supported on 450m APs. As shown in the figure below, the additional modulation levels are added to the following configuration parameters:
- Downlink Maximum Modulation Rate (PMP and PTP)
- Uplink Maximum Modulation Rate (PMP and PTP)
- Multicast Data Channel Modulation Rate (PMP only)
- Minimum Modulation Rate (PTP only)
IPv6
To enable this feature, perform the following steps:
- Go to Configuration â IP â LAN1 IPv6 Network Interface Configuration.
- Set the IPv6 parameter as Enabled.
- Once IPv6 is enabled and the device is rebooted, the device generates a link-local IPv6 address using the EUI-64 format.
When the IPv6 feature is enabled, the IPv6 LAN interface addresses are displayed on General â Network Interface page of the radio GUI.
Once the Stateless Auto Address Configuration (SLAAC) IP is received, Network Interface page is updated with most recent SLAAC IP address and gateway information as follows:
IPv6 Trap Addresses
Go to Configuration â SNMP â IPv6 Trap Addresses of radio to configure a maximum of five IPv6 trap addresses. Any changes made to the IPv6 Trap Addresses requires a reboot.
IPv6 Statistics
Go to Statistics â IPv6 MIB Statistics of radio to view the IPv6 and ICMPv6 MIB statistics.
IPv6 Neighbor Discovery Cache
Go to Statistics â IPv6 Neighbor Discover Cache of the GUI to view Neighbor Discovery Cache.
SNMP
GUI Name | OID | MIB | Access | Syntax |
---|---|---|---|---|
ipv6State | .1.3.6.1.4.1.161.19.3.3.2.178.0 |
WHISP-BOX-MIB | read-write | INTEGER {disable (0), enable (1)} |
The IPv6 feature is supported with HTTP, HTTPS, SSH, Telnet, SNMPv2c, and SNMPv3
application protocols.
IPv6 Ping Test
To perform IPv6 ping test, perform the following steps:
- Go to Tools â Ping Test â Ping IPv6 Test Settings of the radio.
- Configure the IPv6 Address parameter
- Configure the Count parameter with any value from 3 to 64.
- Click Perform Ping v6 Test. The IPv6 ping test results are displayed under Ping IPv6 Test Results.
DHCPv6
- DHCPv6 can either be enabled explicitly or can be enabled when radio receives Managed bit set in Router Advertisement (RA).
- DHCPv6 Status can be: Disabled/Enabled (explicitly enabled) or Managed (DHCPv6 enabled due to M-bit been set in RA).
AP Statistics
When this feature is enabled a new statistics page is available on the AP GUI. To access this page, go to Statistics â DHCPv6 Statistics.
DHCPv6 Relay Agent
DHCPv6 relay agent currently supports âInserting Option 82â only. âFull Relay Operationâ mode is currently not supported with DHCPv6. DHCP Relay Agent configuration is common for both DHCPv4 and DHCPv6.
DHCPv4 and DHCPv6
DHCPv4 Option 82 sub-options are mapped to DHCPv6 options as follows:
DHCPv4 sub options | DHCPv6 options |
---|---|
Sub option 1 (Agent Circuit-ID) | Option 18 (Interface-ID) |
Sub option 2 (Agent Remote-ID) | Option 37 (Remote-Identifier) |
Sub option 2 (Agent Remote-ID) | Option 37 (Remote-Identifier) |
Sub option 9 (Vendor Specific information) | Option 17 (Vendor Specific information). ![]() |
Option 16 (vendor Class) will have radio model information, for example: âCambium PMP 450 APâ. |
Following is an example of Statistics â DHCP Relay page:
DNSv6
DNS information can be obtained 3 different ways in IPv6:
- Router Advertisement support DNS information as mentioned by RFC 8106. If the router sends DNSv6 information, radio will display on Network Interface page.
-
Stateless DHCPv6: In this scenario Router Advertisement wonât send any DNS information but will set O-bit. Radio will initiate a DHCPv6 Information Request transaction (RFC 8415) and fetch the
DNS information from server. - Stateful DHCPv6: Router Advertisement will be sent with M-bit set, Radio will initiate a complete DHCPv6 transaction to obtain IPv6 address and DNSv6 information.
Maximum two DNS IPv6 server are supported. If there is a static entry configured, it will be overridden with received value.
DNS Recursive Name Server & DNS Suffix Search List are the only vendor options that are currently supported.
DNS IPv6 Resolution
DNS test tool can be used to resolve IPv6 address for Fully Qualified Domain Name (FQDN) using DNS IPv6 Lookup.
DNS resolution will use two IPv4 DNS server address and two IPv6 address in a round robin manner.
TLS 1.2 and 1.3
This release supports web server using TLS 1.2 and TLS 1.3 for HTTPS connections. Protocol version will be selected after handshake.
User Certificate Import
This feature allows user to import their own certificate to be used by HTTPS server. This option can be found under Configuration â Security.
Users can import a certificate in PKCS12 format which contains a private key and certificate signed CA. Private key can be password protected and a password field is also given to user while importing.
After successful import, the certificate information will be displayed as follows:
If certificate must be deployed on multiple radio, following configuration file template can be pushed through cnMaestro.
{
"userParameters": {
"networkConfig": {
"httpsCertificates": [
{"certificate": CERTIFICATE_IN_PEM_FORMAT},
{"encryptedPassword": ENCRYPTED_PASSWORD},
{"encryptedPrivateKey": ENCRYPTED_PRIVATE_KEY}
]
}
}
}
The password can be encrypted using the Canopy Encryption tool located on Configuration â Unit Settings.
SSHv2
This release introduces SSHv2 support and once the user is logged in via SSH, the Command Line Interface (CLI) which is the same as Telnet will be presented to the user.
SSH is enabled by default and four user sessions are allowed. To turn enable or disable SSH, go to Configuration â Security Mode â SSH Server.
Supported algorithms:
ssh2-enum-algos:
kex_algorithms: (2)
diffie-hellman-group1-sha1
diffie-hellman-group14-sha1
server_host_key_algorithms: (2)
ssh-dss
ssh-rsa
encryption_algorithms: (1)
aes128-ctr
mac_algorithms: (1)
hmac-sha1
compression_algorithms: (1)
none
SSH SNMP Object
Name | OID | MIB | Access | Syntax |
---|---|---|---|---|
sshStatus | .1.3.6.1.4.1.161.19.3.3.2.292 |
WHISP-BOX- MIB | read- write | INTEGER { disable (0), enable (1) } |
SNMPv3 Security Protocol
SNMPv3 Authentication Protocol: SHA-1 and SHA-256
SHA-1
This release introduces SHA-1 (Secure Hash Algorithm 1), is a cryptographic hash function which takes an input and produces a 160-bit (20-byte) hash value known as a message digest.
SHA-256
This release introduces SHA-256 (Secure Hash Algorithm 2) is a cryptographic hash functions designed by the United States National Security Agency (NSA). SHA-2 includes significant changes from its predecessor, SHA-1. The SHA-256 hash function is implemented in some widely used security applications and protocols, including TLS and SSL, PGP, SSH, S/MIME, and IPsec.
To enable this feature, go to Configuration â SNMP page â SNMPv3 Settings.
SNMPv3 Privacy Protocol: AES CFB ( 128)
This release introduces AES encryption (Advanced Encryption Standard), is a symmetric block cipher chosen by the U.S. government to protect classified information and is implemented in software and hardware throughout the world to encrypt sensitive data. The algorithm described by AES is a symmetric-key algorithm, meaning the same key is used for both encrypting and decrypting the data.
To enable this feature, go to Configuration â SNMP page â SNMPv3 Settings.
SNMPv3 security Protocol SNMP Object
Name | OID | MIB | Access | Syntax |
---|---|---|---|---|
snmpv3AuthProt | .1.3.6.1.4.1.161.19.3.3.2.292 |
WHISP-BOX-MIB | read-write | INTEGER { disable (0), enable (1) } |
snmpv3PrivProt | .1.3.6.1.4.1.161.19.3.3.14.5 |
WHISP-BOX-MIBV2-MIB | read-write | INTEGER {cbc- des(0), cfb-aes(1)} |
Reconfigure without Reboot
This release avoids device reboot for the following configuration parameters:
- Sector ID on AP
- Transmit Power on AP
- Site Name
- Site Contact
- Site Location
Point to Point Target Receive Power Level on BHM
This feature allows the Backhaul Master to control the transmit power of the Backhaul Slave. To enable this feature, go to Configuration â Radio page,
- Under Power Control section, enable BHS TX Power Control
- Configure BHS Receive Target Level
Enhanced Frame Utilization Statistics
This release introduces an enhanced Frame Utilization Statistics on GUI (not available on 450m). In addition to reorganization of information, it provides useful Spectral Efficiency information. Following figure dispays the new layout.
The layout is broken into several major sections:
- Frame Utilization Interval
- Frame Utilization Summary
- Interval Slot Count Summary
- Packet Discard Counts
Frame Utilization Interval is unchanged from previous releases. This is a great place to start when determining how fully utilized a sector is running.
Frame Utilization Summary contains much of the previous releaseâs information in a new tabular form. It also contains some entirely new information, specifically Spectral Efficiency. This is included to provide an actual measure of how many bits per hertz per second we achieved for user data in the most recent frame utilization interval. A useful table of maximum spectral efficiencies achievable versus modulation is included.
Note that in the above figure, the sector was achieving a downlink spectral efficiency of 4.52 and an uplink spectral efficiency of 2.54. This shows that the sector downlink is operating at nearly 7x downlink efficiency and nearly 8x uplink efficiency. It does vary slightly based on channel bandwidth. The Tools â OFDM Frame Calculator can be used to see the impact of channel bandwidth on spectral efficiency. Below figure displays 40 MHz channel bandwidth (used for capture of frame utilization screenshot) and 5 MHz channel bandwidth. This difference can be traced back to differences in the ratio of how many slots are available for user data versus overhead (beacons, MAC level acknowledgements, scheduling maps).
There is a new Data to Overhead Percentage table that provides a breakdown of user data to overhead data. Overhead data is made up of slots used by transmissions like beacons, scheduling maps, and MAC level acknowledgement slots.
The Data Per Modulation Percentage table provides a breakdown of data slots used per modulation. The Frame Utilization screenshot shows that the Data Per Modulation table confirms what the Spectral Efficiency table showed (7x downlink and 8x uplink).
The Data Per QoS Percentage table breaks down what percentage of used slots were due to which QoS levels.
The AAA QoS refers to slots used for authentication/authorization/accounting and Ctl QoS refers to slots used for system level messages (registration, encryption).
Interval Slot Count Summary provides a summary of actual slot counts rather than the percentages provided in the Frame Utilization Summary.
The Used table provides a breakdown of total slots used in each direction. It further breaks down the total between data and acks. Finally, it provides an average slots used per TDD frame.
- The Modulation table provides a breakdown of the number of slots used at each modulation.
- The Quality of Service table provides a breakdown of the number of slots used at each QoS level.
The Acknowledgements table provides the number of slots used for acks. It also provides a new count called âPartialâ. For all previous releases, acknowledgements were always sent QPSK MIMO-A modulation. This meant that the âpayloadâ of an ack only had 64 bytes for information. Depending on the quality of a users link, it was possible that the 64 byte payload was not sufficient to âfullyâ acknowledge the data that was just received. When this happened, we described this as a âPartialâ ack. Beginning with this new release, if a user link can support modulations higher than QPSK MIMO-A, acknowledgements can now take advantage of these higher modulations. This increases the available payload size for acknowledgements and therefore will reduce (if not eliminate) the occurrence of partial acks.
DSCP Stream Prioritization
The configuration of this feature is on the PMP SM and PTP BHS with a minor difference being that the PTP
has an additional option called âRoleâ for the BHM device to play.
PMP Configuration
The PMP Configuration is available on the SMâs Configuration â DIffServ page.
The first option is the enable/disable the feature for this SMâs link. This option is controlled by the overall
DiffServ pageâs âSave Changesâ button. To configure specific mappings, the next 3 entries are used as well
as the associated buttons.
To add a new, or modify an existing, mapping, enter the values in the boxes and click the Add/Modify
DSCP Stream Priority button. Adding DSCP 45, for High, for âZoom Meetingsâ is shown in the below figure:
To modify this to change the priority or the description, make the change and use the Add/Modify DSCP Stream Priority button again:
Up to 10 entries can be configured per SM and the description field can be up to 32 characters long.
In order to remove a mapping:
- Enter the DSCP and click the Remove DSCP Stream Priority button.
To clear all entries:
- Press the Clear DSCP Stream Priorities button.
The SMâs configuration is sent to the AP at registration time as well as any time that there is a change made to the configuration. There is no Reboot Required when making changes to this configuration.
The configuration will be seen on the APâs DiffServ page, grouped per SM, to note that there is an overlay being used for a particular SM link:
If there were multiple SMs with this feature enabled, each of them would show up on this page. And you can have different Priorities for each SM even on the same DSCP.
Also, on the PMP AP, since it is the Upstream Device, you can see the captured Tuples of a tracked stream. This can be found on the new Logs â DSCP Priority Streams page. Here is an example of a Zoom Meeting being tracked and prioritized:
As seen in the above figure, all of the data is for LUID 3 DSCP 45, for âZoom Meetingsâ stream. All of this is from the same Source IP, but using different source ports and remote IPs, and a mixture of TCP and UDP traffic.
By default, each entry will timeout after 5 minutes of inactivity at which point, it will need to be relearned in the uplink to be properly handled in the downlink.
The easiest way to track this feature working is to use the Statistics â Data Channels page to see traffic on the desired priority level in both directions, and then changing the configuration on the fly to watch the traffic move to different priority levels. With this method, it is very easy to see the priority channel change as the configuration changes with constant DSCP uplink marked traffic.
PTP Configuration
For PTP mode, the operation and GUI is the same except that the Configuration is on the PTP BHM always and has an extra configuration item called âRoleâ. The DSCP Streams Priority Mappings Log page will be on the âUpstreamâ Role Device; Think of the PTP âUpstreamâ Role Device as acting like the PMP AP and the PTP âDownstreamâ Role Device acting as the PMP SM as far as the feature operation is concerned. The configuration for this will be found on the PTP BHM Configuration â DiffServ page.
In the example below, the BHM is the âDownstreamâ device.
Problems and Limitations Corrected in System Release 20.0
These issues have been corrected since System release 16.2.3:
Products Affected | Tracking | Description |
---|---|---|
PMP 450 | CPY-16936 | SM Watchdog reset due to âMisaligned Data Access associated with MPU violationâ |
MicroPoP | CPY-16776 | SNMP Sync Loss Trap indicated wrong sync source |
PMP 450 | CPY-16976 | PMP 450 AP having MPU violation reset in GPSI Task |
All CBRS | CPY-16961 | SM does not adjust power after enabling CBRS |
450i AP | CPY-16932 | Software watchdog reset due to âData Abort exceptionâ |
PTP 450i BHS | CPY-16919 | PTP 450i BHS crashes with âNo NiBufs, buffer stack exhaustedâ with DHCPv6 packets on network |
All CBRS | CPY-16918 | CBRS Device statistics count values are wrong |
PMP 450b Hig | CPY-16818 | PMP 450b High Gain SM is not displayed in AP session->Link Quality tab when Link Quality Metric=Rate |
450m | CPY-16594 | CBRS enabled running into repeatedly RFLinkSyncQueue failure and repeatedly FatalError reset |
MicroPoP | CPY-16776 | SNMP Sync Loss Trap Indicates Wrong Sync Source on a MicroPoP AP |
All SM | CPY-16972 | Add support to ârfScanListâ OID to accept keywords âallwholeâ and âallhalfâ |
PTP 450 | CPY-15852 | PTP 450 BHM does not recover, if a packet with BHS MAC address as source address, enters BHMâs Ethernet port. |
Known Problems or Limitations in System Release 20.0
Products Affected | Tracking | Description |
---|---|---|
450 AP with CBRS | CPY-16748 | Occasionally with CBRS enabled the AP resets due to âInvalid NiBufâ. |
All | CPY-15912 | When Link Test is performed with Bridging and MIR, while there is significant user traffic, Link Test throughput results are low, when compared to Link Test results with Bridging. |
450 AP | CPY-16937 | AP randomly fails to resolve URLs correctly |
BHM | CPY-16826 | BHM does not show CBSD logs for BHS in engineering.cgi |
450m | CPY-16975 | 3 GHz 450m looses connection to main Ethernet port and requires a power-cycle |
450b | CPY-16965 | 450b SM in NAT mode, with VPN end point on itâs LAN, stops passing traffic when NAT table entry > 1500 |
450m | CPY-16820 | 5 GHz 450m locks up until it is recovered by a power-cycle |
Additional Enhancements in System Release 20.0
Products Affected | Tracking | Description |
---|---|---|
450i | CPY-16891 | Several Packet Per Second improvements |
All | CPY-16209 | Support 5600-5650 MHz licensed band for Australia |
450m | CPY-16929 | Added support to send LLDP packets on boot up before it consumes full power, on 450m AP. |
All SM | CPY-16972 | Added support to ârfScanListâ OID to accept keywords âallwholeâ and "allhalfâ |
All SM | CPY-16958 | Added new OIDs to add and remove frequencies from SM scan list |
All 3 GHz AP/BHM | CPY-16642 | In System Release 20.0, two new CoExistence related parameters have been added to the CBRS configuration section of the AP/BHM. For now-for this initial System Release 20.0, Cambium advises customers to leave these at their default values, which is MAC address for AP/BHM, and blank for Resuse ID. Cambium will provide additional Guidance on these parameters and CBRS CoExistence in the near future. |