This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Global Leader in 4G LTE Network Solutions 1111 W Jefferson Street, Ste. 400, Boise, ID 83702-5389 | Toll Free: +1 855-813-3385 | Local: +1 208-424-5054 | Cradlepoint.com | Page: 1
Release Notes for Cradlepoint Rev 6.2.3 Firmware
Products supported/tested:
CBA750B MBR1400/MBR1400 HW v2.0 Note1: Before upgrading to new firmware, it is always a good idea to save the configuration file from your current version. This firmware version will remove a configuration for version 3.2 or lower and will not try to keep your settings.
Modems tested: (new 6.2.0 modems / modem platforms are in blue text)
Cradlepoint Cellular Devices (Embedded & USB Modems)
Cradlepoint AER16x0LPE-AT / AT&T (USA)
Cradlepoint AER16x0LPE-GN / T-Mobile, US Cellular (USA); Generic (North America)
Global Leader in 4G LTE Network Solutions 1111 W Jefferson Street, Ste. 400, Boise, ID 83702-5389 | Toll Free: +1 855-813-3385 | Local: +1 208-424-5054 | Cradlepoint.com | Page: 3
Analog Modems
Portsmith PSA1U1M (“Portsmith USB Client to Analog Modem Adapter”) / POTS phone providers
Portsmith PS6EX1M ("Portsmith ExCard to Analog Modem Adapter”) / POTS phone providers (ExpressCard format, compatible with MBR1400s, MBR1200B, & CBA750B only)
New features added in this release (Not all features are in all products – see their respective Data Sheets):
No new features, defect fixes only
Additional UI/Usability changes:
None
Defects fixed:
Multiple routers DynDNS fail after update to 6.2.2
Security issues:
Sweet32 mitigation. https://sweet32.info/ describes an attack that is unlikely but possible to recover secure HTTP cookies. To mitigate this attack, we changed the default cryptographic algorithms from the Mozilla recommended Intermediate compatibility list to their Modern compatibility list. The list can be modified by changing /config/system/cipher_list in the CLI. https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29
Global Leader in 4G LTE Network Solutions 1111 W Jefferson Street, Ste. 400, Boise, ID 83702-5389 | Toll Free: +1 855-813-3385 | Local: +1 208-424-5054 | Cradlepoint.com | Page: 4
Release Notes for Cradlepoint Rev 6.2.2 Firmware
Products supported/tested:
AER1600/AER1650
IBR1100/IBR1150
IBR900/IBR950
IBR600/IBR650
IBR600B/IBR650B
MBR1400/MBR1400 HW v2.0
Note1: Before upgrading to new firmware, it is always a good idea to save the configuration file from your current version. This firmware version will remove a configuration for version 3.2 or lower and will not try to keep your settings.
Modems tested: (new 6.2.0 modems / modem platforms are in blue text)
Cradlepoint Cellular Devices (Embedded & USB Modems)
Cradlepoint AER16x0LPE-AT / AT&T (USA)
Cradlepoint AER16x0LPE-GN / T-Mobile, US Cellular (USA); Generic (North America)
Portsmith PSA1U1M (“Portsmith USB Client to Analog Modem Adapter”) / POTS phone providers
Portsmith PS6EX1M ("Portsmith ExCard to Analog Modem Adapter”) / POTS phone providers (ExpressCard format, compatible with MBR1400s, MBR1200B, & CBA750B only)
New features added in this release (Not all features are in all products – see their respective Data Sheets)
System -> Administration -> Router Services -> Enable Proxy. HTTP/HTTPS Proxy Client Support for Router Firmware, Modem Firmware, and IPS rules updates.
(SDK support) Multiple changes to ping support in /control tree to support SDK
◦ Feature parity with CLI
◦ Added the ability to source ICMP traffic from a name:
▪ Interface name
▪ Device UID
▪ Network name
◦ Changed default number of ICMP requests from 40 to 4
(SDK Support) Allow an SDK application to write to an attached USB stick at /var/media (vFAT file format only)
Source ICMP traffic to a name as well as an IP address
Connection Manager -> WAN Interface Profile -> General -> Allow QoS. Per-WAN QoS settings added so that you can specify which WANs are governed by QoS settings and which ones are not.
Additional UI/Usability changes
LP4 modem signal strength modification in LEDs, signal bars
Defects fixed
(SDK support) Applications with subdirectories crash on installation on 6.2.1
Global Leader in 4G LTE Network Solutions 1111 W Jefferson Street, Ste. 400, Boise, ID 83702-5389 | Toll Free: +1 855-813-3385 | Local: +1 208-424-5054 | Cradlepoint.com | Page: 7
(SDK ping) Fixed the ‘status’ field
Fixed duplicate icmp_sequence issue
Fixed and extended CLI ping help (ping -h)
GPS fix does not indicate hemisphere when below 1 degree longitude
Remote Access to the Primary LAN over an MPLS network to a CP router running VRRP/DMNR routing issue with HTTPs response
WAN connection no longer retries immediately upon link down, only retries if device was connected, now allows failback usage rate setting to trigger appropriately
USB Ethernet adapter UID correction for ECM data usage display
(SDK support) A security issue where an SDK application could get elevated permissions was fixed. SDK users are encouraged to upgrade to 6.2.2
(SDK support) The router was vulnerable to the “dirtyc0w” exploit (CVE-2016-5195) when using an SDK application.
SDK users are encouraged to upgrade to 6.2.2
Global Leader in 4G LTE Network Solutions 1111 W Jefferson Street, Ste. 400, Boise, ID 83702-5389 | Toll Free: +1 855-813-3385 | Local: +1 208-424-5054 | Cradlepoint.com | Page: 8
Release Notes for Cradlepoint Rev 6.2.1 Firmware
Products supported/tested:
AER3100/AER3150
AER2100
AER1600/AER1650
IBR1100/IBR1150
IBR600/IBR650
IBR600B/IBR650B
Note1: Before upgrading to new firmware, it is always a good idea to save the configuration file from your current version. This firmware version will remove a configuration for version 3.2 or lower and will not try to keep your settings.
Modems tested: (new 6.2.0 modems / modem platforms are in blue text)
Cradlepoint Cellular Devices (Embedded & USB Modems)
Cradlepoint AER16x0LPE-AT / AT&T (USA)
Cradlepoint AER16x0LPE-GN / T-Mobile, US Cellular (USA); Generic (North America)
Portsmith PSA1U1M (“Portsmith USB Client to Analog Modem Adapter”) / POTS phone providers
Portsmith PS6EX1M ("Portsmith ExCard to Analog Modem Adapter”) / POTS phone providers (ExpressCard format, compatible with MBR1400s, MBR1200B, & CBA750B only)
New features added in this release (Not all features are in all products – see their respective Data Sheets):
None. Defect fix only.
Defects fixed
Replaced an expired certificate that allows Zscaler Internet Security to operate.
Release Notes for Cradlepoint Rev 6.2.0 Firmware
Products supported/tested:
AER3100/AER3150
AER2100
AER1600/AER1650
IBR1100/IBR1150
IBR600/IBR650
IBR600B/IBR650B
IBR350
CBA850
Note1: Before upgrading to new firmware, it is always a good idea to save the configuration file from your current version. This firmware version will remove a configuration for version 3.2 or lower and will not try to keep your settings.
Global Leader in 4G LTE Network Solutions 1111 W Jefferson Street, Ste. 400, Boise, ID 83702-5389 | Toll Free: +1 855-813-3385 | Local: +1 208-424-5054 | Cradlepoint.com | Page: 11
Modems tested (New 6.2.0 modems / modem platforms are in blue text)
Cradlepoint Cellular Devices (Embedded & USB Modems)
Cradlepoint AER16x0LPE-AT / AT&T (USA)
Cradlepoint AER16x0LPE-GN / T-Mobile, US Cellular (USA); Generic (North America)
Portsmith PSA1U1M (“Portsmith USB Client to Analog Modem Adapter”) / POTS phone providers
Portsmith PS6EX1M ("Portsmith ExCard to Analog Modem Adapter”) / POTS phone providers (ExpressCard format, compatible with MBR1400s, MBR1200B, & CBA750B only)
New features added in this release (Not all features are in all products – see their respective Data Sheets)
Disable router bounce pages by default
Dashboard UI alert and set Attention LED if the user has not changed the default admin or WiFi passwords.
(SDK Beta) Updated pyserial to the latest version
(SDK Beta) We made a change to the manifest. A new option “auto_start” was added that
Global Leader in 4G LTE Network Solutions 1111 W Jefferson Street, Ste. 400, Boise, ID 83702-5389 | Toll Free: +1 855-813-3385 | Local: +1 208-424-5054 | Cradlepoint.com | Page: 13
controls whether the SDK application will start upon router boot. If this option does not exist, then the application will not be run. This is a change from 6.1.0 behavior and applications that automatically started in 6.1.0 will stop working until they get this change.
Improved SSH port forwarding
Allow routing policies to match on router-generated traffic
Respond to NTP requests based on router time without having to forward to WAN
6.1.1, 6.1.2, and 6.1.3 features added to multiple products
◦ See full release notes for each release below, in general:
▪ 6.1.1 GPS improvements and WiFi client driver
▪ 6.1.2 Defect fixes
▪ 6.1.3 Routing changes, NTP improvements
(CBA850) Added QoS support to the product
LP4 modem automatic carrier detection and modem image switching support on multiple routers
Security defects fixed
OpenSSL was upgraded to version 1.0.1t. No issues were known to affect our routers
Sanitize strings to mitigate XSRF attacks
Limit exposure to XSS attacks
When debug logging and TACACS authentication was enabled, the user’s password was showing up in log messages
Additional UI/Usability changes
Networking -> WiFi as WAN menu dropdowns changed from “Wireless as WAN” to “WiFi as WAN”
Updated Security -> Cloud-Based Security page
Add priority to Zone Firewall zone matching
Allow the user to upload the HTTPS private certificate
Changes to microstatus improve performance for Remote Administration
Combine static and policy-based routing. Make the system routing policy and table a special entry in a larger list of policies/tables used for policy routing. Allow drag-drop reordering of the routing policies to control the priorities. Generalize the UI for adding/editing/deleting policies and tables to work for both static and policy-based.
Improved the Policy Based Routing UI
Sort help results by relevance
Administration -> Device Control -> Device Console allows the user to save CLI history
Additional Routing Protocol status
Make DHCP server’s start and end range more informative
Added ability to configure IPsec responder only for DMVPN hubs from UI
CLI – Added the “clients” command to show currently connected clients and perform actions on them.
Support backup RADIUS server for WPA Enterprise in AER products
Renamed Web Filter Settings to Upstream Proxy Settings and improved the Network Web Filter
Global Leader in 4G LTE Network Solutions 1111 W Jefferson Street, Ste. 400, Boise, ID 83702-5389 | Toll Free: +1 855-813-3385 | Local: +1 208-424-5054 | Cradlepoint.com | Page: 14
Rules UI
Identities MAC and Host Address Add form should use the same entry form as Ports
Missing help on RIP Interfaces wizard page
AER1600 has 802.11b Wireless Mode for 5Ghz Radio
“Common Name” field in local certificate needs to be a required field
RIP, add split-horizon poisoned-reverse setting
Route map values not getting reset when set action is changed
Clean up edit dialog for status route
GRE tunnel status is not updated when configured as failover/failback tunnel
Added IPsec exclusion policies
Clarified some wording on the NHRP page
QoS settings for modem download was limited to 75Mbps, that number was increased to 300Mbps. WiFi as WAN or client was increased to 600Mbps. The CLI can be used to increase the QoS upload/download settings if the interface is faster than the UI allows.
Dashboard was changed to not display WiFi values if it is disabled
PoE status reports voltage with no current for externally powered CBA850
(AER3100) When a PD is plugged into one of the PoE ports, it may be detected as class 6 (0-4 are allowed)
VLAN interfaces UI does not display new VLAN added until refresh of browser
Zone Definition does not always match against the highest priority Zone Definition rule
LAN Config Name in Zone Definition that has the interfaces field left blank should set the field to "Any". When this is saved, the Zone Definition created displays "Incomplete ()" for the interface in the Zone.
Added help to Zone Priority
RIP authentication should be per interface and not per router
AER1600 Support link broken
Network scheduler help refers to an “interface” scheduler
Added many EMEA cellular operators to the cellular modem’s Auto APN feature
Added Verizon to Auto APN feature, as executed when (modem) > SIM/APN/Auth > Access Point Name (APN) is set to Default
LP6 (Cat 6) modem. Displays carrier aggregation (LTE-A) diagnostic information when connected
LP6 modem, AT&T only. Checkbox now available to disable/enable AT&T Band 30. Enabled by default.
Defects fixed
Advanced NTP takes a long time to set time after VPN establishes
ECM ping results screen showed unexpected behavior when ping host is unreachable
MAC address based content filtering allows all clients access
Router needed to be rebooted to restore a Zscaler tunnel that disconnected
Wired 802.1x authentication doesn’t work after reboot while server is remote
Connection Manager fails to disconnect AP completely when disable is selected
Default information originate not implemented for RIP
RIP md5 auth mismatch not logged
DHCP relay: responding dhcp server seeing request coming from original network
IPsec “always on” sometimes chooses wrong WAN interface
Network scheduler issues: doesn’t respond to timezone change doesn’t suspend added BSS ignored Sunday is inverted from UI
For dial-up modems, the profile configuration now includes the SIM/APN/Auth menu
Known issues
Reputation Services (6.0.1). If you upload a reputation file to the router, save the configuration, factory reset, then reload the configuration file any firewall entries referencing that reputation file will fail. The reputation file is not saved in the exported configuration file.
If any of the router’s WAN connections (Ethernet, Wi-Fi as WAN, modem) connects to a device that has the same IP subnet as the router, the router will disable the interface and provide a
Global Leader in 4G LTE Network Solutions 1111 W Jefferson Street, Ste. 400, Boise, ID 83702-5389 | Toll Free: +1 855-813-3385 | Local: +1 208-424-5054 | Cradlepoint.com | Page: 16
Bounce Page warning that the WAN interface has a conflict (if bounce pages are enabled). Simply change the LAN IP Address on the Network Settings -> WiFi / Local Network Settings page in the UI.
LTE
Unless you have a specific service from your carrier, LTE modems will not generally provide an externally-available IP address. Services, such as Remote Management, will not work.
Modem
Franklin U770. The Modem’s Ethernet address conflicts with the default address of the Guest LAN. A warning message is placed in the log and the Guest LAN is disabled. If you change the address of the Guest LAN to a non-conflicting address, this restriction will not occur.
Sierra Wireless 313U, 330U. When these modems connect on 2G or 3G bands, specifically on GSM 850, they will sometimes cause interference on the USB bus, resulting in the modem not plugging properly. If this occurs, attaching the modem to a USB extension cable will generally fix the problem.
The following USB modems contain an embedded web server through which many modem
settings are configured. To access the modem’s web pages, you must be logged in as the router
administrator. Once logged in, you can then access the modem web pages at these given IP