CnPilot Cert 1 7 Introduction All C7

cnPilot™ Training
Introduction to Wi-Fi, cnPilot and

cnMaestro
Who is Cambium?
Point-to-Point (PTP) Point-to-Multipoint

Backhaul Infrastructure (PMP) Access Networks
Copyright 2016 Cambium Networks, Inc. All rights reserved. 2

What we do?
2 Meters to 245 Kilometers – End-to-End! Outdoor to Indoor!
cnMaestro: Planning Cloud Manager

Network Lifecycle Management
Network Management
Inventory Management
Wi-Fi Controller
Support & Warranty Services On Premises
Network Manager
Long Distance: PTP 650, 820 Distribution Access: PMP 450, ePMP Edge Access: cnPilot
Home + Small
Business
Outdoor
- Single Band
- Dual Band
Indoor
Point to Point Point to Multipoint 802.11n, 802.11ac Indoor & Outdoor

Introdução
• Quem é você?
• Qual o tamanho da sua rede?
• Quais os seus planos de crescimento para sua
rede?
• Qual tecnologia/fabricante vc usa atualmente?
• Quais são suas maiores dificuldades?

Learning Resources
http://community.cambiumnetworks.com/
Copyright 2017 Cambium Networks, Ltd. All rights reserved.

Course Topics
Wi-Fi Fundamentals
Cambium cloud-Managed Wi-Fi portfolio
cnMaestro™ - Overview, Features and Management
Install, configure & monitor: cnPilot Wi-Fi Access Points

A Few Words Before We Begin
Material de Curso de Treinamento Técnico
Este material é fornecido para ajudá-lo na avaliação, implantação, solução de problemas e compreensão
dos aspectos técnicos dos produtos Cambium Networks e não deve ser reproduzido ou distribuído a
outros sem a permissão da Cambium Networks.
Ao participar deste curso e aceitar todos os softwares e materiais relacionados, você concorda em
respeitar os termos e condições descritos acima.
Cambium Networks

Wi-Fi Fundamentals
Wi-Fi Organizations
➢ Consists of member Creates Certifies

individuals ➢ Consists of member
Standards Products
➢ Design and document organizations – primarily
network protocols, such equipment vendors
as: ➢ Certifies Wi-Fi
➢802.3 Ethernet equipment for
➢802.11 Wi-Fi interoperability
➢802.15 Bluetooth Set Local ➢ Promote adoption of
➢802.16 WiMAX Regulations IEEE 802.11 standards in
the market

History of 802.11 PHY/MAC standards
802.11a 802.11b 802.11g 802.11n 802.11ac
Ratified in 1999
Ratified in
Ratified in 2003 Ratified in 2009 Ratified in 2013
1999
High-Rate DSSS
(HR/DSSS) Extended Rate Uses HT-OFDM 5 GHz frequency
OFDM
Physical (ERP) only
modulation
2.4 GHz
frequency band 2.4 GHz frequency 2.4 & 5 GHz Very High
band frequency bands Throughput PHY
5 GHz Backward
frequency Backward
compatible with Backward Backward compatible with
bands DSSS (1 & 2 compatible with compatible with 802.11a/n 5 GHz
Mbps) 802.11b (1-11 802.11a/b/g (1-
6-54 Mbps
Mbps) 54 Mbps) Data rates
6.93Gbps
5.5 and 11 Mbps 6-54 Mbps Up to 600 Mbps

Principles of Propagation
What is Radio Frequency (RF)?

• Medium of communication for wireless technologies.
– AM/FM radio, VHF/UHF radio Systems, Cordless phones
– Microwaves, GPS
– Cellular: GSM, CDMA, UMTS
– Fixed Wireless: WiMAX & Wi-Fi
• Range of RF
– 3 KHz to 300 GHz

• Radio waves are electromagnetic waves which propagate at

the speed of light, or 1,86,000 miles per second (3,00,000
km/s)
• Radio Frequencies:
12
Copyright 2016 Cambium Networks, Inc. All rights reserved.
Frequency & Wavelength
2.4Ghz Has longer Wavelength than 5.8Ghz
Popular Radio Frequencies

AM Radio 1100 kHz Weather 162.4 MHz
Shortwave 3 – 30 kHz Cellular Phones 700MHz – 2GHz
FM Radio 88 – 108 MHz Wifi a/b/g/n 2.4 & 5 GHz

RF Fundamentals
• The Wavelength (λ)
– The Wavelength of an electro magnetic field is related to the
frequency:
– Radio signals in the atmosphere propagate at almost the speed of
light in vacuum
14
Channels in 2.4GHz

UNII Bands and Channels

Modulation & Coding
Complex Modulation Schemes - OFDM

OFDM is a Orthogonal frequency-division
multiplexing (FDM) scheme used as a digital multi-
carrier modulation method.
A large number of closely spaced orthogonal sub-

carrier signals are used to carry data on
OFDM splits the radio signal into multiple several parallel data streams or channels.
smaller sub-signals that are transmitted
Each sub-carrier is modulated with a conventional
simultaneously at different frequencies to modulation scheme
the receiver.
Take-away here is that 802.11n is a method of
Generally speaking, the faster the data rate
using special modulation techniques and NOT
the more powerful signal needs to be at the
receiver to be decoded. specific to a frequency like 2.4 or 5 GHz. It can be
used in either band.
OFDM
Modulation & Coding
Quadrature Amplitude Modulation

ou QAM é um dos tipos mais rápidos que efetivamenteenvia dois
sinais que estão fora de fase um com o outro e, de alguma forma,
"colocando as peças de volta em conjunto" para uma taxa de
transferência ainda mais rápida
19
Modulation & Coding
Generally speaking, the faster the data rate the more powerful
signal needs to be at the receiver to be decoded.

Modulation and Coding
• Os padrões 802.11 atuais usam MCS Modulation Coding

modulação de divisão de freqüência 0 BPSK 1/2
ortogonal (OFDM) 1 QPSK 1/2
• Canal dividido em múltiplas 2 QPSK 3/4
subportadoras
3 16-QAM 1/2
• Cada subportadora usa um esquema 4 16-QAM 1/2
de modulação: Chave de Mudança de
Fase (PSK) ou Modulação de Amplitude 5 64-QAM 3/4
em Quadratura (QAM) - até 256 QAM 6 64-QAM 3/4
– MCS 8 & 9 introduzido por .11ac 7 64-QAM 5/6
• E quanto ao MCS0-15 802.11n? 8 256-QAM 3/4
– Simplificado em 11ac em comparação com 9 256-QAM 5/6
11n

Modulation and Coding
http://mcsindex.com/

Radio Frequency Behavior – Example- Reflection
■ As reflexões ocorrem quando um sinal de RF salta uma superfície lisa e não

absorvente, alterando a direção do sinal
■ Ambientes refletivos causam “multipath” (multicaminhos)

Inglês
Multipath advantageous for MIMO
• Sinal de RF quando salta de uma superfície grande e lisa, ele

muda a direção do sinal, fazendo com que o sinal faça vários
caminhos.
• A MIMO aproveita as estruturas ambientais e aproveita as
reflexões do sinal multipath para realmente melhorar o
desempenho da transmissão de rádio
• Espelho

MIMO – Multiple Input Multiple Output
Transmit Beamforming
Maximal Ratio Combining
(TxBF)
Spatial Multiplexing 802.11 n Enhancement

Units of Measurement
• Signal Strength – in dBm

• Noise Floor – in dBm
• SNR = SS – NF – in dB
• RSSI – Received Signal Strength Indicator
SNR
0
-10 1 6 11
-20
-30 -30
-40 -40
dBm
-50 -50 Signal

-60 -60 Noise Floor
-70 -70
-80
-90 -90
-100
Channel

802.11 MAC (Acesso ao Meio)
• Função de Coordenação Distribuída

• Parâmetros são considerados para evitar colisão por CSMA / CA
– Physical Carrier Sense (CCA) – Clear Channel Assessment
– Virtual Carrier Sense (NAV)
– Recuar
– Espaçamento Interframe
• SSID - Service Set Identifier
– Nome WLAN (mostra quando você procura a rede)
• BSSID - BSS Identifier
– Endereço MAC da interface sem fio do AP. Um por SSID.

Frame Format
• MAC header
• Frame Body
• FCS

Frame Aggregation
• Introduced by 802.11n
• Higher efficiency by avoiding inter frame gaps and using block ACKs
• A-MSDU (Super)
– Single 802.11 MAC header and FCS
– More efficient
• A-MPDU (Pobre)
– Each sub-frame has an 802.11 header and FCS
– More reliable
• With .11ac, every transmission is required to be an A-MPDU (even
if contains a single MPDU)

Frames
• (Dis-)Association
• (De-)Authentication
Management • Beacon
• Probe Request / Response
• RTS/CTS
• Ack
Control • Block-Ack
• Simple Data
• QoS Data
Data
• Data + CF-Ack

Association Process
• At this point
– On open WLANs data can now be exchanged
– On networks with security, enters 802.1x Port blocked state
WPA2 Personal and WPA2 Enterprise
• WPA2 Personal Shared Key - chave pré-

compartilhada
• Envolve uma única senha para ser conectada
na rede sem fio.
• O WPA 2 Enterprise requer um servidor
RADIUS que manipule o acesso de
autenticação.
• A autenticação é baseada em 802.1X

Security – WPA2 Enterprise

Security Keys
PMK Pairwise Master Key

• Shared key if using WPA2 Personal
• EAP negotiation if using WPA2 Enterprise
PTK WPA 2 involves 4 way handshake

• Prove the client knows the PMK
• Derive a Pairwise Transient Key (PTK)
• PTK is used to encrypt unicast messages
GTK AP sends the Group Transient Key (GTK) to the client

• GTK is used to encrypt multicast / broadcast messages
• Periodic group key handshake to update GTK

WMM
Wi-Fi Alliance subset of 802.11e
Defines four Access Categories (AC)

Voice, Video, Best Effort, Background
Does not guarantee throughput
Enforces priority by modifying contention windows and

contention free tx parameters
WMM parameters mapped to DSCP and 802.1p priorities

Power Save
• Many wireless clients are battery operated, so power saving
features are important
• Devices can be in CAM (Constantly Awake Mode) or PSM (Power
Save Mode)
• The AP knows the power-save state of each client and buffers
frames for sleeping clients
• The beacon indicates which clients have buffered frames
• PSM wake up periodically to check the beacon and poll the AP for
frame delivery if required
• Broadcast / multicast frames are delivered every fixed number of
beacon intervals

Power Save - Enhanced
U-APSD (Unscheduled Automatic Power Save Delivery) / WMM-PS

• Client can request buffered frames at any time
• QoS aware - can be enabled per-priority queue
• Less common scheduled version S-APSD exists
PSMP Power Save Multi-Poll

• 802.11n extensions to APSD
MIMO Dynamic MIMO

• Reduces MIMO configuration when there is low traffic
(e.g. 2x2 to 1x1)

Other 802.11 standards
802.11 e : Quality of Service (QoS) enhancements

Improves voice and video performance
802.11 k: Radio Resource Management
Radio and network measurements
802.11 r: Fast secure roaming mechanisms, aka

“Fast BSS Transition”
802.11 w: Protected Management Frames, prevents

some security vulnerabilities
802.11 u: Interworking with external networks

Hotspot 2.0 enabler

Best Pratics – By myself
• Data Rate;
• Localização AP:
– Planta, local de maior propagação;
– Altura Indoor (1,80 a 2m), Outdoor (3,5 a 5m);
• Antena setorial p/ densidade e menos interferência;
• Config: Usar mesmo SSID e Canais diferentes. (1,6,11)

Guest Access

Guest Access
• Provide internet access to third parties
– Hotels
– Coffee Shops
– Stadiums
– Outdoor events
– Home (!)
• “O Wi-Fi é igual ou mais eficaz para tornar os clientes bem vindos
do que outras amenidades, como revistas, boletins informativos da
comunidade, doces ou água”
– Brendin Research
• Use existing infrastructure, monetize, customer retention

Onboarding Models
• Click to sign-on
• “Freemium”
– E.g. 30 minutes free, pay for longer duration or higher bandwidth
• Voucher based
– Can be purchased or given out for free
• Payment portal
– Online purchase using credit card / Paypal
• Integration with other systems
– Third-part hotspot management applications
• Username / password with RADIUS backend

Hotspot 2.0
• Wi-Fi Certification Passpoint

• Secure and seamless public access over existing service
provider public Wi-Fi network
• Wireless client can discover whether AP supports their home
service provider
• AP authenticates client against various home provider’s system
• Encrypted communications

Enhance Client Experience:
Band Steering
Data Rate Tweaking
Airtime Fairness

Band Steering
• Clients tend to connect to the first radio they discover.
• 2.4GHz is a narrower (fewer channels), crowded (legacy
devices) and slower (no 802.11ac benefits).
• User experience would be better if clients are ‘nudged’
towards the 5GHz radio of the AP.
• Typical implementation: Don’t respond to Probes and
Association attempts on 2.4GHz from new clients and
give it a chance to go to 5GHz.
– Persistent clients are allowed on to 2.4GHz.
– If 5GHz is fairly heavily loaded, clients are allowed on
2.4GHz

Data Rate Tweaking
• APs support several data rates that clients use based on their capability
and connection quality.
• A client at 1Mbps or 2Mbps is using up shared airtime and reducing the
efficiency of the cell.
• Disabling lower data rates in radio configuration ensures that such clients
are dropped off rather than struggle and maintain a poor connection. For
the greater good.
• Depending on client mix and capability minimum rate of 12Mbps could
help improve cell efficiency.
• CAVEAT: if you have very old devices (11b-only) they will be unable to
connect unless data rates such as 5.5 or even 1 or 2Mbps are enabled. So
check client mix.

Airtime Fairness
• Problema:
– Wi-Fi é um meio compartilhado, todos os clientes competem pelo acesso.
– Um cliente de 11g tem um tiro quase igual em obter acesso ao meio e um
cliente "rápido" 11n.
– Cada transmissão de 11g leva tempo de antena que um cliente 11n
poderia ter enviado muito mais dados em (maior modulação, agregação,
maior uso de canal, etc.).
• Solução:
– Acelere os clientes mais lentos na presença de tráfego de clientes de taxa
de dados mais altos. Mais dados são transmitidos na mesma quantidade
de tempo em relação a esse AP.

Cambium Cloud-Managed WiFi

Wi-Fi for Enterprises and Service Providers
SP Managed Enterprises SP Managed Home
Enterprise Service Provider Home WiFi
Target Market
Service Provider Managed
Homes, Small Enterprises,
Public Hotspots, Industrial
Solutions in the Market Today Need for Svc Provider Cambium’s WiFi Solution
1. Expensive and Complex: - • Easy to Manage ✓ Zero Touch Deployment
large enterprises
• Scalable ✓ Easy Remote Manageability
2. Inexpensive: lacking in
scalability, manageability and • Quick to Deploy ✓ Cloud Managed with Very
reliability High Scalability
• Reliable and Affordable
✓ Reliable and Affordable End to
End Wireless

Indoor Wi-Fi Access Point Portfolio
E400 E410 E600 R190 R200 R201

MARKET ENTERPRISE HOME
RADIOS 2x2 11ac 2x2 11ac 4x4 11ac 2x2 11n 2x2 11n 2x2 11ac
2.4 &
BAND 2.4 & 5GHz 2.4 & 5GHz 2.4 GHz 2.4GHz 2.4 & 5GHz
5GHz
MU-MIMO N Y Y N N N
1x WAN 1x WAN 1x WAN

ETHERNET 1x GE 1x GE 2x GE
3x-4x LAN 4x LAN 4x LAN
USB N N Y N Y Y
ATA / FXS N N N Y Y Y
Outdoor Wi-Fi Access Point Portfolio
ePMP1000 E500 E501S E502S*

MARKET ENTERPRISE, SERVICE PROVIDER
RADIOS 2x2 11n 2x2 11ac 2x2 11ac 2x2 11ac
External OMNI SECTOR SECTOR

ANTENNA
(Omni in kit) 360° 90°-120° 30°
ETHERNET 2x FE 2x GE 2x GE 2x GE
Cambium, Cambium, Cambium,

PoE-Output Cambium
802.3af 802.3af 802.3af
LTE Filter N Y Y Y
E502S Launching in
Q3-2017
Access Point Naming Convention
E501S
CAMBIUM
INTERNAL
AP CLASS COVERAGE
E : Enterprise AP TYPE SPECIALIZED AP
0 : Omni
R : Residential EVEN: Indoor (Optional)
1 : 90-120 Sector
ODD: Outdoor S : Sector
2 : 30 Sector
W : Wallplate
E4xx, E6xx : indoor Skipped otherwise
E5xx: Outdoor

Residential Router overview
WiFi PoE VoIP
Single, 2.4, 802.11n Cambium ✓
Single, 2.4, 802.11n – ✓
Single band
Dual band, 802.11ac Cambium ✓
2.4 GHz 802.11n Dual band, 802.11ac – ✓
PoE to PMP 450
Dual band
or ePMP SM Dual band, 802.11ac – –
802.11ac
Rich Voice/Call Features

• Voice Activity Detection,
Echo cancellation, Three-way calling
• Call hold, Call forwarding,
Call transfer, Call waiting
Networking Features
4LAN Ports 2 Phone Ports
• VoIP: SIP V2, Adaptive jitter buffer
management
• DHCP, Dynamic DNS, 802.1Q,802.1P,
L3(DSCP)
Management
Desktop Internet TV Printer Network FAX Phone • Cambium Cloud /NoC Management,
Storage Remote Troubleshooting, Provisioning
• SNMP V2 ,TR-069

Enterprise Indoor overview
RF Security
• 802.11a/b/g/n/ac • HTTPS, SNMPv3, Firewall, NAT,
• MIMO and MU-MIMO Client isolation
• 2.4/5GHz • Secure Configuration Store,
• 2x2 and 4x4 versions Time based access
• Max TX power = 25dB (2.4, 5 GHz)
Guest Access
Physical • Built-in Hotspot, Interop with third
• Ceiling, Wall, Desk mount Party Hotspot WISPr, Rate-limiting
• Software controlled LED (per client/per WiFi)
• Operating Temp 0-45 C • 802.1x, EAP-SIM/AKA, Hotspot 2.0
Installation WiFi
• Installable shoes for table • WPA-TKIP, WPA2 AES, 802.11i
mount • Auto-channel selection, WMM
• Detached back-plate for easy • 16 SSIDs, 256 Users
ceiling mount
Management
Ports • Cloud/NOC Management,
• 802.3af PoE Gigabit Autonomous operation
• Quick troubleshooting
Ceiling, wall, or desktop mount options
• GUI, SNMPv3, CLI

Enterprise Outdoor Overview
RF Operations
• 802.11a/b/g/n/ac • Max. Capacity: 256 users, 16 SSIDs
• Dual band: 2.4, 5 GHz • Software controlled front LED
• 2x2 MIMO, Omni and Sector • cnMaestro controller managed
• Max TX power
28dBm @ 2.4GHz,
29dBm @ 5 GHz Physical
• LTE Coexistence filter • IP67
• Operating Temp: −30 to 60ºC

Ports
• 802.3at PoE in Gigabit
Same basic software capabilites
• 2 output power options
(a) Canopy or (b) 802.3af PoE out as Enterprise Indoor since both
are built off the same codebase.
Installation
• Detachable bracket pole or wall mount
Thank you
cnPilot™ Training
cnMaestro WiFi Controller

Overall Objectives
At the end of this session, participants should be able to:
1. Create a cnMaestro account and add administrators
2. Claim and onboard devices and place them in a network
3. Monitor Cambium equipment
4. Configure devices with AP Groups and WLANs
5. Investigate and acknowledge issues using alarms
6. Bulk update device software
7. Troubleshoot common deployment issues
58
2m to 245 KM – Connecting the unconnected
cnMaestro
Planning
Network Management
Inventory Management
Wi-Fi Controller
Support & Warranty Services
From 2m to 245km
Indoor to Outdoor
Long Distance: PTP 650, 820 Distribution Access: PMP 450, ePMP Edge Access: cnPilot
Home + Small
Business
Outdoor
- Single Band
- Dual Band
Indoor
Point to Point Point to Multipoint 802.11n, 802.11ac Indoor & Outdoor

Network Management…Simplified
Cloud Manager
cnMaestro
Local
On-Premise NOC
• Devices discover cnMaestro

• Firewall-friendly -- all traffic over HTTPS
• Access from anywhere using a standard Web browser
• Full visibility from tower to edge
• Easy to create an account and get started!
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 60

Cloud based architecture Highly Scalable Architecture
• Distributed Processes, Message-bus, Database
• Redundancy
New UI Architecture Distributed Process
• Support of Various Devices
Distributed
Message-bus
Instant Discovery of APs
• Traditional SNMP Discovery is Slow
and Requires Firewall Configuration
Distributed
• Cambium Devices Instantly Discovered Database
Communicating over HTTPS
ISP ISP ISP

A B C
Multi-Tenancy
• Cambium Cloud Serves Multiple ISPs Securely
• ISPs can Serve Multiple Networks and
Customers with Privacy and Security

Centralized Management and Operations
See the status of all
Quickly find a device your devices ……All from your single
using the Search • PTP Cambium account
function. • Point-to-Multipoint
• WiFi
Click to focus
on problematic
devices
Use Networks and Towers to

organize your system.
Devices are automatically
organized hierarchically.

Centralized Troubleshooting
Preloaded Status of all the
component of end to end network - John Smith
from mobile device having problem
to the backhaul
Remote Packet Capture

and RF analysis tools
Easily identify the

mobile device through
their names and
manufacturer

Benefits
• Quick to Get Started
– Create your cloud account and start onboarding your devices
– No servers to purchase, setup, update, or manage
• Access from Anywhere With a Standard Web Browser
– No need for a VPN or a Java web client
• Scalable
– Supports individual cnMaestro accounts up to 10,000 devices
– Customers can have multiple accounts
– Leverage the cloud to manage 100,000s devices
• Rich Feature Set
– Designed for wireless networks
– End-to-end management of your Cambium network

Adaptive Architecture – 3 Flexible ways to deploy
1 Cloud
cnMaestro
Local breakout (LBO)
Freedom!
cnPilot APs
cnMaestro controller
2 Local Controller
Tunnel
Full control
Clients Internet
3 autoPilot
Local breakout
Autonomous

Features
Hierarchical Dashboards
• Visualize devices from tower to edge with customized dashboards for each device type.
Dashboards for WiFi devices include AP, AP Group, and Site.
Advanced Troubleshooting
• Display tower-to-edge status in a single graphic, view WiFi client details and health, and
troubleshoot client connectivity directly on the AP.
Notifications
• View immediate status with stateful alarms, and troubleshoot customer issues by filtering
on alarm history and reviewing events
Device Inventory
• Access your devices at the system level, or by network, tower, or site. Device data can be
exported in PDF or CSV formats.
Statistics, Trending, and Reporting

• View historical radio and network statistics. Download CSV data reports for offline investigation.
Copyright 2017 Cambium Networks, Inc. All rights reserved

Features
Bulk Image Upgrade

• Upgrade the software images in a site or across sectors in a single job.
AP Group and WLAN Configuration

• Automatically synchronize configuration across devices mapped to an AP Group.
Maps and Map Modes

• Leverage Google Maps to visualize device health. Change the mode of the map to
graphically display various wireless key performance indicators.
Zero Touch Onboarding

• Preconfigure Cambium devices so they will be automatically onboarded when connected to
the network.
Multiple Administrators
• Invite colleagues by email to manage the devices in your organization’s cnMaestro account.

Account Creation
Goals Understand the types of cnMaestro accounts.

Know where to go for help.
Lab Create a User account on test.cloud.cambiumnetworks.com.

Add a Company account for the course devices.

Lab: Create Company Account
• Access test.cloud.cambiumnetworks.com
• Select “Create a Company Account”

• Register as a New User
– Use an email you can access from the Web.
– Click on email confirmation (check spam folder).
– The User Login represents you.
• Create a Cloud Management Account
– Enter the requested information.
– The Company Account holds your devices.
– Provides all the cnMaestro NMS functionality.

Define a friendly name to easily

recognize this cnMaestro account.
Must be unique. Cannot be changed.

Uniquely identifies this cnMaestro account.
Onboarding Key only applies to the person

creating the account. As additional users are
invited to this cnMaestro account, they can set
their own Onboarding Key.
Copyright 2017 Cambium Networks, Inc. All rights reserved 71

cnMaestro Terminology
User Login Associated with an individual
• Same login shared with Cambium Support Center and Community
cnMaestro Associated with a company (i.e. ISP/Enterprise)

• Device management account for an ISP / Enterprise
Cambium ID User-defined string

• User-defined string
• Uniquely identifies the Company Account
• Optionally used during device onboarding

Home Page Documentation
and Training
Always Accessible
via Home Menu
Quick Access to
Key Functions
Access Cambium Community

and Support
• Maximum of 10 Administrators
• Cambium employees don’t count towards limit
Account Types
Goals Understand the Access and Backhaul Accounts

Understand Wireless LAN Accounts
Lab Toggle the Wireless LAN View.

Two Primary Account Types
Access and
Backhaul Support for cnPilot, ePMP, and PMP
• Support for cnPilot, ePMP, and PMP
• Integrated view across all product lines
• Hierarchical navigation
• Devices grouped by Networks
Wireless LAN
Support for cnPilot Enterprise only
• cnPilot E-Series and ePMP Hotspot
• Simplified Wi-Fi-specific view
• Tabular navigation
• Networks not supported

Access and Backhaul Account
• Default Account Type
• Support for cnPilot, ePMP, PMP Devices
Header Status
Side Menu
Alarm Count
Quick Buttons
Dashboard KPIs
Hierarchical Tree

Hierarchical Navigation
• Hierarchy to Organize Devices

– Includes Networks, Towers, Sites
– Parent/child relationships
determined automatically
– PMP AP -> PMP SM -> WiFi AP
• Select Node to View Content
Note: to force a refresh of the tree status, click
Refresh

Wireless LAN Account
• Support for cnPilot Enterprise
• Simplified Menu Structure
Header Status
Side Menu
Tabbed Navigation

Switch Account Type
• Navigate to Application > Settings
• Change Account Type to Wireless LAN
– cnPilot E-Series supported in Wireless LAN UI
– cnPilot R-Series must use Access and Backhaul UI

AP Groups and Sites:
WiFi Device Aggregations
Goals Understand the Tree Hierarchy.

Add a new Network and Tower.
Lab Create a hierarchy to be used in the demo.

AP Groups
• Aggregate Devices by Configuration
– Group devices that share configuration parameters.
– Updating AP Group changes all devices mapped to the group.
• AP Group Dashboard
– Consolidated statistics for all devices in group.

Sites
• Aggregate Devices by Geographic Location
– Group devices by location.
– Devices can share a floor plan.
• Site Dashboard
– Consolidated statistics for all devices at site.

Site Floor Plan
• Support for Single Floor Plan per Site
• Devices Placed on Image

Lab: Create AP Group and Site
• Navigate to AP Group
– Click “New AP Group”
• Navigate to Site
– Click “New Site”

Onboard Devices
Understand claiming, onboarding, and pre-provisioning.

Goals
Review difference between Cambium ID and MSN Onboarding.
Detail networking considerations for adding devices.
Lab Onboard devices into the company account.

Set up location pre-provisioning for the devices.

Architecture
• Devices Contact
cnMaestro
• HTTPS Protocol
• NAT/Firewall: No
Problem
• Edge Router
Allows Outgoing
Packets

Network Requirements
• Devices Must Have
– Internet access
– Ability to resolve and access https://cloud.cambiumnetworks.com
– Ability to resolve and access http://s3.amazonaws.com
• Not Required
– Public IP address -- devices can have private IP addresses and sit
behind a NAT firewall
– Inbound connections -- devices will always initiate the connection
with cnMaestro

Onboarding Flow
Claim Add device to your account
Approve
Onboarding
Provision device with software,

Onboard configuration, and location
cnMaestro
Provisioning
Device sends statistics to network

Managed management system and is available
for administration

Claiming Devices
Claiming a device = tying it to your cnMaestro account

• Via Serial Number (MSN)
– Occurs on cnMaestro
– Serial number can be bar-code scanned from the box
– Supported on R200, R201, E400, E500
• Via a Cambium-ID and Onboarding key

– Occurs on device
– Configured on devices through their CLI, GUI, SNMP.
– Supported on all platforms (such as ePMP 1000).
Copyright 2017 Cambium Networks, Ltd. All rights reserved

Onboarding Devices
• After Device Has Been Claimed and Approved
– Optionally pre-provision the device by setting location, configuration,
or software version
– Approval required before onboarding begins
– Claim devices using Serial number or Cambium ID

Lab: Onboard Devices Using MSN
• cnMaestro UI
– Select Onboard Devices from Home or Navigate to Onboard
– Select “Claim Device”
– Enter MSN of R200/201 or E400/E500 Device
▪ R-Series devices require the Access and Backhaul account

Lab: Onboard Device Using MSN (cont’d)
• cnMaestro UI
– Navigate to Onboarding Queue
▪ We won’t pre-provision yet, but you can look at the options
– Configure (optional)
▪ Set device location, place in network, on tower, set software and
configuration
– Approve Device

Lab: Onboard Device Using MSN (cont’d)
• Device
– Turn on Device and connect Device to Network
– For this lab only, set the URL to test.cloud.cambiumnetworks.com
▪ ePMP 1000 Hotspot and cnPilot E400
o Configure --> System --> cnMaestro
▪ cnPilot R200/R201
o Administration -> cnMaestro -> Configuration
• Device should be Onboarded in cnMaestro

– Will show up in the tree in a few minutes

Onboarding Queue
• The device will not be onboarded when it accesses cnMaestro -
- it will remain in the Onboarding Queue until approved.
• Onboarding key is set on the device UI, in tandem with the
Cambium ID to claim the device in a specific account.

Device UI: Onboard cnPilot Enterprise
• CONFIGURE →SYSTEM.

Device UI: Onboard cnPilot Enterprise
• The status of
the device
connection to
cnMaestro can
be viewed on
the Device UI
dashboard.

Optional: Quick Start Onboarding
• Wizard Available with Brand New Account
• Step Through Single Device Onboarding

Monitoring
Goals Understand the cnMaestro UI components.

Discuss core navigation methodologies.
System Dashboard (Access and Backhaul)
Aggregate
Alarms
Hierarchy
Level Manual
Refresh
Key
Performance
Indicators
Dashboard
Components

AP Dashboard

Inventory (Access and Backhaul)
Column
Search Groups
Export as CSV
Filter by Tree or PDF
• Column Groups Change Column Display

• Wireless LAN View Uses AP Table Instead

Notifications
Goals Understand difference between Events and Alarms.

Review Alarm lifecycle.

Events
• Generated by a Device
– Analogous to SNMP traps
• Also Generated Internally
– Device/Link up/down, etc.
• Logged in an Event Database
• Categorized by an Event Type

State-Based Alarms
Alarm Lifecycle
• Alarms Have State and a Lifecycle Raised
– Only active when condition persists
Active
• Acknowledge to Decrease Visibility
– Add note for other administrators Acknowledged
• Visualize Historical Active Alarms Inactive
– Filter for a specific time window Expired

Alarm Page
Global Alarm
Alarm View Counts
Accessible from
Toolbar
24 Hour Alarm
Summary Charts
Navigating Narrows
the Alarm View
Content
Alarm Table
Containing all
Active Alarms
Alarms can be
Acknowledged
Details Available by
Clicking on an
Alarm

Software Update
Goals Discuss software architecture and terms.

Review the jobs infrastructure.
Tasks Create a software update job and add to queue.

Execute job to update lab device software.

Software Updates
• cnMaestro Uses a Device Pull Model
– Devices are notified where to download images
– https://s3.amazonaws.com
• Bulk Updates Supported
– Select a level in the tree, then select devices to be upgraded
• Each Update is a Job
– Only one device type and software version per job
– Jobs can be created and then executed later
▪ Day Staff can create jobs for Night Staff to execute

Software Update Page
Image
Select Device Selection
Type
Software
Versions in
Use in Devices
Filter Level
Using Tree
Select Devices
Using Table
Update
Options
Create Job
• Options Include: Stop on Critical Error; Parallelism of

Device Updates; and Order of Device Updates in a Sector

Active Jobs Page
Active Job
Queue
Run Job
Detailed Job
Status
Individual
Device Status
• Only One Job Executes at a Time

• Jobs Can Be Paused or Stopped
• Will Not Run in Parallel With Configuration Jobs

Lab: Software Update
• Update Software on a Lab Device
– Navigate to appropriate tree level
– Create a job to update the software
– Add to Job Queue
– Start Job Running
– Wait until completion
• View Image Version for Device in Inventory
• View Image History for Device in
– Performance (WLAN)

Configuration Update
Understand AP Groups and WLANs

Goals
Learn about Device Overrides
Create a new AP Group and map a WLAN to it.

Tasks
Apply the AP Group to a Device.
Advanced: override the AP Group for a specific Device.

Configuration Model
• Two Types of cnMaestro Configuration
– Wireless LAN: AP Groups and WLANs
– Access and Backhaul: Templates
• AP Groups: shared device configuration
• WLANs: shared wireless network configuration
• cnPilot Enterprise and Home
– Different WLANs and AP Groups for each

Automatic Synchronization
• Automatically Push Configuration to Devices
– Enabled by Default in cnPilot Enterprise
– Disabled by Default in cnPilot Home
• Changed in AP Group Configuration
– If Disabled, Requires Manual Synchronization

Lab: Create an Enterprise WLAN
• Select SSID and Save

Lab: Create Enterprise AP Group
• Map WLAN to AP Group

Lab: Map AP Group to Access Point
• Navigate to AP > Configuration

Advanced: Device Overrides
• Override AP Group Settings at Device
• Static IP, Channel, Power, Etc.

Advanced Troubleshooting
Goals Review Advanced Troubleshooting features.

Discuss current device support.

Powerful Troubleshooting
Status and KPIs

Latency Test
for Connected
Devices
Tools and
Visualizations
Connected Client
Details in WiFi

Lab: Advanced Troubleshooting
• Start WLAN Device
• Associate Wireless Client
– Review client connectivity and status
• Explore Additional Troubleshooting Tools
– Such as Unconnected Clients and Network
Connectivity
• Run Wi-Fi Analyzer
• View Device Logs and Run Packet Capture

WiFi Guest Access Portal
Goals Review cnMaestro Guest Portal service.

Hosted Captive Portal
• Services > Guest Access Portal
• Customize Splash Page with Editor
• Add One to Four Portals
• Four Templates to Get Started

Multiple Access Control options
• Free Service: restricted by time (Eg: free 30min every 24 hours)
• Social Login: allow access by Facebook, Google IDs
• SMS Authentication: phone number and text message access code
• Vouchers: pre-print and distribute access vouchers

Access Point configuration
• WLAN Guest Access Configuration
• Point to same Portal name on cnMaestro

On-Premises
Goals Understand difference between On-Premises and Cloud.

Detail how On-Premises is deployed and managed.

On-Premises Deployment
• cnMaestro Installed in Local Data Center

• Same Functionality as Cloud Service
• Distributed as a Virtual Machine
– Packaged as an OVA (Open Virtualization Archive)
– All components available in a single image
cnmaestro.company.com
cnMaestro On-Premise

Virtualization Frameworks Supported
• Bare Metal Hypervisor
– VMware ESXi
• Desktop Virtualization
– VMware Workstation
– Oracle VirtualBox
cnMaestro On-Premises
Workstation / VirtualBox
cnMaestro On-Premises
Windows / Linux
ESXi
Bare Metal Hypervisor Desktop Virtualization

Differences with Cloud
• Administrators
• Device Connectivity
• Onboarding
• Device Image Management
• cnMaestro Software Update
• Server Management
• Command Line Interface (CLI)

Administrators
• On-Premises Administrators are Local
– No connection to Cambium Cloud
– Default username/password: admin/admin

Device Connectivity
• Devices Access Hosted Server
• How Do Devices Know Server URL?
– Configure URL in Device UI (highest priority)
– Configure DHCP Option 43
▪ Set URL for cnMaestro (https://manage.company.com)
– Configure DHCP Option 15
▪ Set domain as company.com
▪ Device contacts cnmaestro.company.com
– Default Cambium Cloud access (lowest priority)
▪ cloud.cambiumnetworks.com

Onboarding
• Devices Added to Onboarding Queue by Default
– Devices must be approved in order to complete onboard
• Optional Pre-Provisioning
– Pre-provision devices with MAC Address
▪ Not Serial Number (MSN), as with Cloud
▪ Supported by all devices
▪ Allows one to set configuration, software version, and pre-approve
• Optional Authentication
– Enable authentication using Onboarding Key
– Onboarding Key entered into Device UI
– Device rejected if key is incorrect
▪ Device will not be added to Onboarding Queue

Device Image Management
• Existing Device Images (ePMP, etc.) Packaged in OVA
• New Device Images Require Installation
– Download images from Support Center
▪ http://support.cambiumnetworks.com > Downloads
– Access and Backhaul: Manage > Software Update > Manage Images
– Wireless LAN: Application > Manage Images

cnMaestro Software Update
• Two Types of Updates to cnMaestro Software
– OVA Update: includes complete virtual machine
– Package Update: includes cnMaestro software only
• OVA Update
– Infrequent (every couple months)
– New OVA installed on virtualization infrastructure
– Manual export / import of data from old to new
• Package Update
– Replace cnMaestro software
– No data export required
– Download package and install through cnMaestro UI
– Only used for minor updates

cnMaestro VM Management
• Basic Support for Server Instance Monitoring
– Monitoring (CPU, Memory, Disk)
– Technical Support Dump

Command Line Interface (CLI)
• Accessible through Virtual Machine Console
– Default username/password: cambium/cnmaestro
• VM Management and Networking
– Change virtual machine administrator password
– Configure virtual machine networking
– Reboot system

Dashboard & Main Menu

Wireless LAN Configuration
• Up to 16 WLANs on E400 and 8 on ePMP 1000
Hotspot
• Each WLAN has its own:
– Name (SSID)
– Security Configuration
▪ Pre-shared keys
▪ RADIUS authentication
▪ MAC authentication
– VLAN
– Guest Access Policy
– Other policies such as ACLs, Rate-limit, Access Schedules

WLAN - Configure

RADIUS Configuration
• Up to 3 RADIUS servers for authentication and accounting,
used for:
– EAP/802.1x Access
– Guest Access
– MAC authentication
• Servers can load balance or failover
• Standard interoperability: 3GPP-AAA servers, Windows Active
Directory, free Radius etc.

WLAN - Rate Limit
• Each client’s traffic: avoids one user monopolizing bandwidth
at coffee-shop or airport
• All WLAN traffic: limiting guest network over corporate
network

WLAN – Scheduled Access
• Control when clients are allowed on a network
• College dorms, schools, libraries, retail stores

GUEST Access : splash pages

WLAN – Guest Access

Radio - Basic

Automatic RF Management
• Auto Channel Select – Individual AP scans list of channels and
pick the best one
• Auto RF – Group of APs periodically scan channels. Coordinate
to assign non-overlapping channels and avoid excess cell
overlap (reduce tx power)
• Interference avoidance – trigger channel change if interference
is above threshold for particular duration

Deployment recommendations
Enable ACS and Interference
Avoidance when Enable Auto RF when
• Non-overlapping channels can • APs are deployed with many

be easily found overlapping cells
• APs are located at a distance • Dense small cell deployments
from each other so there is
low self-interference For example
For example • >3 indoor AP deployments
• 1-3 AP indoor deployments • Small cell outdoor
deployments like stadiums
• Sparse outdoor deployments
like parks, beaches

Band Steering
5 GHz
2.4 GHz
2.4 GHz
5 GHz
5 GHz
Dual-Radio
AP
Requests on 2.4GHz are ignored if a client is dual band, with association

allowed only on the 5GHz radio.

Traffic Tunneling Options: L2TP, GRE
• Selected per-SSID. Default is locally bridged.

Operations
• Firmware upgrade
▪ From GUI by uploading file through browser.
▪ From CLI pointing to a TFTP or FTP server.

Operations - System
• Tech Support – information that can be used by engineering to

debug
• Flash LEDs to locate APs

Operations - Configuration
• Export configuration as a text file

• Generate / modify configuration offline and upload

WiFi Analyzer

Connectivity

Packet Capture

Unconnected Clients
• System remembers and tracks clients that had connection

issues.
• Tracks things like connection denial due to ACLs, invalid keys
etc.

Tech Support
• Contains technical information
useful support / engineering
• Include it with support requests
• Multiple snapshots if possible

Factory Default
• All configuration is reset to default
– Configuration, configuration password, Cambium ID
• While powered on, hold the reset button for 10s
▪ Device will reset to factory defaults and reboot
Connectorized Radio E400 Reset R200/R201 Reset

Reset Button Button Button

Thank you
cnPilot™ Training
Overall Objectives

1. Understand the cnPilot home product line
2. Become familiar with the Cambium cloud-Managed WiFi
3. Monitor and operate cnPIlot™ devices using cnMaestro™
4. Troubleshoot common wireless issues using on-device tools as
well as the cloud.
16
0
Managed cnPilot™ Home + Small Business:
Key Specifications
WiFi PoE VoIP
Single, 2.4, 802.11n Cambium ✓
Single, 2.4, 802.11n – ✓
Single band
Dual band, 802.11ac Cambium ✓
2.4 GHz 802.11n Dual band, 802.11ac – ✓
PoE to PMP 450
Dual band
or ePMP SM Dual band, 802.11ac – –
802.11ac
Rich Voice/Call Features

• Voice Activity Detection,
Echo cancellation, Three-way calling
• Call hold, Call forwarding,
Call transfer, Call waiting
Networking Features
4LAN Ports 2 Phone Ports
• VoIP: SIP V2, Adaptive jitter buffer
management
• DHCP, Dynamic DNS, 802.1Q,802.1P,
L3(DSCP)
Management
Desktop Internet TV Printer Network FAX Phone • Cambium Cloud /NoC Management,
Storage Remote Troubleshooting, Provisioning
• SNMP V2 ,TR-069
Copyright 2015 Cambium Networks, Inc. All rights reserved. Company Confidential 161
cnPilot™ R200/R201

Front Panel LEDs
LED Status Explanation
Phone 1/2 Blinking Not registered
On Registered
LAN 1/2/3/4 On Link
Off Disconnected
Blinking Activity
WAN On Link
Off Disconnected
Blinking Activity
Power On Powered On
Off No power
WLAN On Radio On
Off Radio Off
Blinking Wireless Activity

Rear ports
Interface Description
Power Connector for power adapter
Phone 1 / 2 ATA connector to phone
USB USB storage
WAN Ethernet to WAN
LAN 1/2/3/4 Ethernet to LAN

Installing cnPilot™ R200/201
• Power ON the wireless router using the power supply/PoE

– POWER LED will glow after 5 seconds of powering ON and wait for 2
minutes to boot up device properly.
• Insert the Ethernet cable to any LAN port on the RJ45 port labeled LAN1
to LAN4 and connect other end of the cable to Ethernet port of PC
– LAN LED will turn ON after connecting the LAN cable
– Make sure you’re connecting it to LAN 1-4 and not the WAN port
• Configure the LAN interface of your PC to acquire an IP address using
DHCP.
– It will get an IP address in the 192.168.11.x/24 subnet
165
• Connect to the wireless router by typing http://192.168.11.1 in web browser

• Enter default username “admin” and password “admin”
• Change the default password by going to Administration->Management-
>Password Reset option.

• Go to the WAN Tab

• Configure WAN connectivity as
per ISP’s requirements

• Under the Wireless->Basic tab

• Turn on the radio
• Type in your SSID name

• Under Wireless->Wireless
Security
• Configure Security Mode
• Enter your password

Monitoring - General
Product Information Device related information like Product

Name, MAC address and hardware and
firmware versions
SIP Account Status Registration of ATA phone with SIP server
FXS Port Status Status of ATA phones connected at FXS
ports.
Internet Port Status WAN
LAN Port Status LAN connectivity and speed
System Status Clock and uptime

Monitoring - WLAN
• Summary of all wireless clients

Configuring WAN Access

WAN – Static IP
• Specify IP address / mask, router IP and DNS

servers

WAN - DHCP
▪ AP will get WAN IP and other

information from ISP’s DHCP server.
▪ Can specify value of vendor option (60)
sent in DHCP discover

WAN - PPPoE
PPPoE Account Username

PPPoE Password Account password
Operation Mode KeepAlive –
Periodically send
PPPoE Keepalives
(period specified
below)
On Demand – Tear
down connection
after idle time
(specified below)
Manual – always-
on connection

LAN
IP Address Router IP address in subnet
Local DHCP pool subnet mask

Subnet
Mask
Local DHCP Enable / Disable server
Server
DHCP Start First IP address in client pool
Address
DHCP End Last IP address in client pool
Address
DNS Mode Auto: DNS server is DHCP offer is
automatically populated
Manual: User configured Primary and
secondary servers
Client Lease Duration of client lease
Time
DNS Proxy If enabled, the device will forward the
DNS request of LAN-side network to
the WAN side network

Wireless - Basic
Radio on/off Enable / Disable the radio
Wireless connection AP or repeater

mode
Network Mode Choose which of 11b/g/n is enabled
Multiple Configure:
SSID Name
SSID1~SSID3 Hidden – Don’t populate SSID name in
beacons
Isolated – Disable client-client
communication
Broadcast(SSID) Don’t populate SSID name in beacons
AP Isolation Disable wireless client-client

communication
MBSSID AP Isolation Disable inter-BSSID communication
Frequency (Channel) Auto or specified channel
HT Physical Mode Mixed Mode: Support pre 11n devices

Green Field: pre 11n devices not
Operating supported, increasing throughput
Mode
Channel Bandwidth 20MHz or 20/40MHz.
Guard Interval Set to short for best performance

Wireless - Security
• Choose WPA2-PSK and AES for security

• Access policy – you can whitelist / blacklist wireless clients
– Disable
– Allow: Accept listed clients, reject all others
– Reject: Reject listed clients, allow all others
Management - configuration
• Download current configuration in text format

• Generate or modify configuration files offline and upload to
device

Management – Admin Settings
User type Admin User / Normal

User / Basic User
Language GUI language
Remote Web Login Enable GUI access
from WAN
Web Port HTTP and HTTPS port
for GUI.
Web Idle timeout Idle timeout for GUI
sessions
Allowed Remote Filter for IPs allowed
IP(IP1,IP2,...) to log in to the GUI

Administration - SNMP

Frictionless Deployment: cnPilot + cnMaestro
Claim Devices with Serial Number
34564567, 12367490, 1298620986,

5285296
Setup Config
Onboarding Queue and s/w Ver.
Auto Registration
Onboarding Queue
The onboarding queue holds devices before they are added to your account. Devices must be approved in
order to complete the onboarding process.
Select Device Type All (3)
Device Details Added By Settings Status Actions
Config & Upgrade

Device (6069QN010F) Noah Wiley Waiting
Residence Ha ll 1 Wireless A ccess 15h 20m (Serial Number) 20m
PTP AP (6070QN011F) Saurabh Updating

3d 2h (Cambium Id) 3d 2h
Wi-Fi AP (6069QN111F) Noah Wiley Waiting

5d 3h 20m (Cambium Id) 5d 3h 20m
Access Points
Copyright 2015 Cambium Networks, Inc. All rights reserved. Company Confidential 182
Provisioning using DHCP / Config Polling
• cnPilot R200/R201 can poll a configuration file over the network and apply new configuration on change
• Two ways of specifying file location
– Use DHCP option 66 (and optionally 67) to specify a file location accessed using TFTP
– Use device configuration to specify a URL accessed using TFTP/HTTP/HTTPS
▪ URL can contain macros
• Multiple triggers for polling

– On boot
– On upgrade
– Periodic
• Provisioning file is a set of key=value pairs in plaintext
– Dowload configuration from a device to get a model for a template
– The special key DBID_DBASE_VERSION is used to determine whether config has changed
▪ Simple strategy is to increment it on every config change

Provisioning – Macros
Macro Name Macro Expansion
$ The form $$ expands to a single $ character.
MA MAC address using lower case hex digits, for example,
0021f2011b19.
MAU MAC address using upper case hex digits, for example
0021F2011B19.
MAC MAC address using lower case hex digits, and colons to
separate hex digit pairs, for example 00:21:f2:01:1b:19.
PN Product Name, for example G502 or VOIP ATA.
SN Serial Number, for example E3C08109000051
IP WAN IP address, for example 201.45.12.89
SWVER Software version, for example v3.3.8
HWVER Hardware version, for example v1.0.1
• Invoked by prefixing the name with a ‘$’ character(e.g.’$MAC’)

• If the variable name is immediately followed by an alphanumeric character,
enclose the variable name in parentheses(e.g.‘$(MAC).conf’).
Security - Filtering
• Default policy
– Accept / drop on no match
• Rules
– Matching criteria
▪ MAC
▪ SIP
▪ DIP
▪ Source port range
▪ Destination port range
– Action: accept or drop

FXS
Line Enable Enable / Disable line
Proxy Server IP address or the domain of SIP Server
Display Name Name / number used for display
Phone Number Telephone number provided by SIP service provider
Account SIP account name
Password SIP password
Other Parameters Configure as required by your provider, usually

defaults work. There is also a SIP tab with additional
parameters
IPv6 Support
Configuration
Enable IPv6:
Network->IPv6 Advanced->Ipv6 Enable.
Also optionally supported on the onboard DHCP server.

Stateless Mode : Listen for ICMPv6 Router advertisements
Field Name Description

IP Protocol Version : Enable IPv4 & IPv6.
WAN IP Mode : DHCP
NAT Enable : Enable.
DHCPv6 Address Settings : Stateful
Prefix Delegation : Enable.

Stateless configuration example
Field Name Description

IP Protocol Version : Enable IPv4 & IPv6.
WAN IP Mode : DHCP
NAT Enable : Enable.
DHCPv6 Address Settings : Stateless
Prefix Delegation : Enable.

WAN port status indicates IPv6 address

Troubleshooting

WiFi Analyzer on cnMaestro
General troubleshooting steps
• Dashboard – check RF quality
• Dashboard client table – check SNR
– Excellent >40db, poor performance below 20db
• Run WiFi analyzer
• Is the client able to associate and stay associated?
– Check unconnected client table
• Does the client have an IP address
• Use on-device packet capture with filters to isolate problem to wireless interface / Ethernet interface
• Wireless captures using other tools
– Wireshark on Macbook
– Omnipeek
• Use cnMaestro troubleshooting page to get a comprehensive view of the wireless backhaul and
access
• If you need to contact Cambium support make sure you download Tech Support data

Labs

Initial setup and Firmware upgrade
• Download latest firmware from support site and upgrade

device, creating a Cambium account if necessary
a. Go to:
https://support.cambiumnetworks.com
b. Register for an account.
c. From your email, follow the link to
activate your account.
Setup
• First, connect the AP to port 1 on the Trendnet router

• Then connect laptops to ports 2-4
• Leave WAN port disconnected
Student Laptop
Internet 4 Port Switch

via Instructor w/ DHCP Server
Switch
WAN
Exercise 1 – cnPilot™ R 200 installation
• Set up the R200 connecting it to a LAN port on the Trendnet

• Configure a wireless LAN TrainingHomeX
• Ensure your wireless client can access the Internet

Exercise 1 –Solution 1/2
3
Exercise 1 – Solution 2/2
4 5
Exercise 2 – Install an FXS phone
• Connect the supplied ATA phone to the cnPilot R200

• Set up the FXS port using the credentials on the whiteboard
• Successfully place a call to the instructor phone or one of the
other lab groups

Exercise 2 - Solution
2
3
4 6
5 7

Thank you
cnPilot™ Training
Enterprise Wi-Fi Access Points

Overall Objectives
1. Understand WiFi basics

2. Become familiar with the Cambium cloud-Managed WiFi portfolio
3. Install, configure and monitor cnPilot™ R200 / R201, cnPilot E400 and ePMP™ 1000 Hotspot
devices
4. Understand and deploy cnPilot™ features such as:
– Guest access
– Bandwidth limiting
– Scheduled access
– NAT and ACLs
5. Set up a cnMaestro™ cloud management account and on-board cnPilot™ and ePMP™ devices.
6. Monitor and operate cnPIlot™ devices using cnMaestro™
7. Troubleshoot common wireless issues using on-device tools as well as the cloud.
20
6
Hardware Overview

Hardware Characteristics
INDOOR OUTDOOR
AP Models E400, E410, E600 E500, E501S, E502S
Typical Installation Ceiling, Wall or Desk Pole or Wall

Mounting Options and Bracket for ceiling, Wall E500 : Bracket with wall
Hardware mount keyholes built into mount key-holes and Pole
AP. mount with metal clips
E410, E600 include T-Bar E501/E502: Tilting Bracket
mounting Clip on housing for Pole mount
Powering up the AP PoE Injector or any PoE Injector or any
standard PoE switch. standard PoE switch.
E600: 802.3at for full 802.3AT needed if
functionality powering up another
device over poe-out
LEDs Software controlled, Software controlled,
indicate power-up and indicate power-up and
connectivity to cnMaestro connectivity to cnMaestro
LEDs
cnPilot™ E400, E500, E501S, E502S cnPilot E410, E600 (single LED)
Orange Powered up, Orange Powering up
system starting
up
Green Powered up, system operational
Green Powered up,
system
operational Managed by cnMaestro or
Blue
Orange Not connected autopilot
to cnMaestro
Green Connected to ePMP 1000 Hotspot

and managed
Power Green Powered up
by cnMaestro
Eth1 Green Link up
Blinking Link activity
Eth2 Green Link up
Blinking Link activity

Login Page
• Default IP 192.168.0.1 for all APs except ePMP1000 Hotspot which

uses 192.168.0.2
• Zeroconf IP
– 169.254.X. Y: X and Y are the last two bytes of the MAC address
• Username: admin password: admin
Dashboard & Main Menu

System Configuration
• System Name, Location, Contact used by SNMP and also appears in cnMaestro
• Country of Operation : radio regulatory

System - Management
• Always change admin

password
– Leaving at default can
compromise the AP and your
network
• Disable less secure access
methods (HTTP, Telnet) unless
you have clients which only
support that.
• Disable SNMP if not using it to
monitor the AP.
System - NTP, Syslog
• Can be set as IP or full server name.

• Sync AP time from an NTP server
– Useful for features like Scheduled Access
– Helps easily co-ordinate AP logs
– AP time resets on reboot (no battery backup)
• Set timezone depending on location
• When managed through cnMaestro, time is synced automatically by
cnMaestro, no need to set NTP.
• Send system events to an external Syslog server.
– AP has limited resources to buffer events
– External syslog can consolidate logs from multiple APs.
• When managed through cnMaestro all events are sent to
cnMaestro anyway, syslog may not be necessary.
Wireless LAN Configuration
• Up to 16 WLANs. (8 on ePMP 1000 Hotspot)
• Each WLAN has its own:
– Name (SSID)
– Security Configuration
▪ Pre-shared keys
▪ RADIUS authentication
▪ MAC authentication
– VLAN
– Guest Access Policy
– Other policies such as ACLs, Rate-limit, Access Schedules
• Can be mapped to one radio or both on dual-band APs.

WLAN - Configure

RADIUS Configuration
• Upto 3 RADIUS servers for authentication and accounting, used

for:
– EAP/802.1x Access
– Guest Access
– MAC authentication
• Servers can load balance or failover
• Standard interoperability: 3GPP-AAA servers, Windows Active
Directory, freeRadius etc.

WLAN - RADIUS

RADIUS tunneling through cnMaestro
• RADIUS packets are sent from AP to AAA server by default. Can be
cumbersome in two scenarios:
– Requires the AAA server to map the IP of each client to a shared secret.
– If there is a per-source-IP firewall rule in the middle requires all AP IP addresses
to be added.
– In either of these cases using the AP subnet may not be acceptable for some
reason.
• There is an option for all cases like this to tunnel RADIUS packets through
cnMaestro on-premises.
• AP will forward RADIUS packets to cnMaestro on the existing management
tunnel (HTTPS) and receive responses back on the same path.
• cnMaestro forwards the packets to AAA server, the server only sees one
peer with one peer IP address to manage.
WLAN - Rate Limit
• Each clients traffic: avoids one user monopolizing bw at coffee-

shop or airport
• All WLAN traffic: limiting guest network over corporate
network

WLAN – Scheduled Access
• Control when clients are allowed on a network

• College dorms, schools, libraries, retail stores

GUEST Access : splash pages

GUEST Access Configuration
• Three landing page locations
– On AP
– On cnMaestro
– External hotspot provider (cloud4wi, purple etc)
• Four authentication options
– Click-through (terms and conditions)
– RADIUS authentication of username/password
– LDAP server lookup
– On-AP username/password
• Walled Garden support
▪ Advertise hotspot owners website
▪ Allow sign-on server
• Accounting – session time, data packets

WLAN – Guest Access

Radio - Basic

Radio – Enhanced Roaming
• Client with poor connectivity can bring down the

performance of the entire WLAN
• Some clients have poor roaming algorithms and
don’t roam even if a better signal is available
• NOTE: can be disruptive is coverage does not overlap
sufficiently
Automatic RF Management
• Auto Channel Select – Individual AP scans list of channels and

pick the best one
• Auto RF – Group of APs periodically scan channels. Coordinate
to assign non-overlapping channels and avoid excess cell
overlap (reduce tx power)
• Interference avoidance – trigger channel change if interference
is above threshold for particular duration

Parameters
• Min Tx Power – minimum value to which Tx power

will be reduced to avoid self interference
• RSSI Threshold – reduce Tx power if neighbor
receives signal above this value
• Period – how often to run Auto RF scan
• Samples – number of samples to collect per channel
per period
• Interval – interval between sample collection within
a period
• Dwell time – time spent off-channel to measure a
sample
Deployment recommendations
Enable ACS and Interference Enable Auto RF when

Avoidance when • APs are deployed with many
• Non-overlapping channels can be overlapping cells
easily found • Dense small cell deployments
• APs are located at a distance from For example
each other so there is low self-
interference • >3 indoor AP deployments
For example • Small cell outdoor deployments like
stadiums
• 1-3 AP indoor deployments
• Sparse outdoor deployments like
parks, beaches

Wireless Mesh Support
• Single as well as multiple hops

▪ Multiple hops reduce throughput by >50%
• Mesh Base – root AP, radio auto starts
• Mesh Client – radio scans for mesh base
• Radio can service Mesh and Clients
▪ No need to dedicate a radio to mesh
• Manual Provisioning. Recovery
• WPA2-PSK Security supported
• OK to mix AP types:
• ePMP1000 to E400, or
• E500 to E400
Configuration: Mesh

Fast Roaming
• 802.11r: Fast BSS Transition

• Supported by newer mobile devices: iPhones
and Android (Samsung Galaxy)
• Reduced protocol handshakes when moving
from one AP to another with WPA2-Enteprise or
WPA2-PSK
• OKC: Opportunistic Key Caching
• Reduced protocol handshakes with WPA2-
Enterprise
• Supported on many laptops as well as mobiles

Band Steering : Why?
• 5GHz spectrum generally better for clients:

▪ Wider channels (40, 80MHz vs only 20)
▪ Cleaner (lower interference, more channels)
▪ Faster (11ac data rates)
• Clients connect to the first radio they see
• sometimes that is the 2.4GHz even if the
client was capable of 5GHz.
• Band Steering tries to nudge such clients to
the 5GHz band on the radio, improving cell
efficiency
Band Steering : How?
• By not responding to Probe and Association

packets for clients seen the first time or
known to be dual band.
• Delays cause the client to scan all
channels again, and hopefully it finds the
5GHz radio now.
• Delays on first association to network, but
then APs ‘remember’ the client.
• State also Sync’ed across all APs at a site so a

Configuration: Fast Roam, Band-Steering

Enhanced SNMP Support: RF-MIB
• AP Information
▪ Software version
▪ Hostname
▪ MAC address
• Radio Information
▪ RF Parameters: current channel, power
▪ Traffic parameters (tx/rx bytes, packets)
▪ Capacity: # clients
• Client Information
▪ RF parameters: RSSI
▪ Traffic Parameters (tx/rx bytes, packets)
Network - VLAN Interfaces
• Create layer 3 interfaces

• Enable NAT on it
• Run DHCP relay on the subnet

Network - Routing

Network - Ethernet
• Access ports have one untagged VLAN

• Trunk ports have a native VLAN and additional tagged VLANs
• The native VLAN can be optionally tagged

Network – DHCP Server
• For single cell networks. Typically with NAT.

DoS attack protection
Type Description
ip-spoof Checks if source IP addresses are reachable
smurf-attack Protect from smurf (broadcast ICMP)
icmp-frag Handle fragmented ICMP ping messages

Access Control List (ACL)
• Upto 256 rules Per Ethernet interface and WLAN
• Examine each packet and match rule based on
– Source or Destination MAC, IP or Port number. Packet protocol, and direction.
• For each rule specify permit / deny action and order/precedence

• Default action is to drop
– Add a low priority rule to permit all remaining traffic if so desired

DNS Access Control List (DNS-ACL)
• Provide basic URL filtering based on the domain name in DNS Requests.
• Wildcards in domain names supported (Eg: *.google.com)
• On match action is either permit or deny
• Configurable per WLAN, upto 256 entries.
– Rules have precedence (1=high, 256=low) and are processed in order
– If rules are present, and none match the default action is to drop
– User should create a wildcard allow rule

MAC Authentication
• Use as a whitelist or blacklist

• Options to configure upto 256 entries on AP, or use an external
RADIUS server

Traffic Tunneling Options: L2TP, GRE
• Selected per-SSID. Default is locally bridged.

Operations
• Firmware upgrade
▪ From GUI by uploading file through browser.
▪ From CLI pointing to a TFTP or FTP server.

Operations - System
• Tech Support – information that can be used by engineering to

debug
• Flash LEDs to locate APs

Operations - Configuration
• Export configuration as a text file

• Generate / modify configuration offline and upload

Command Line Interface
• Hierarchical, each mode supports a set of configuration commands:
– Global mode
– WLAN mode, radio mode
– Ethernet interface, vlan interface
– DHCP mode
• ? – display command menu and help
• <TAB> completion
• Prefix configuration commands with no to negate or delete configuration
• Commands to view information are prefixed by show
– show version
• Action commands are verbs
– reload
• show config – display current configuration
• save – apply and save configuration
• apply – apply config without saving (to test config)

CLI example
TMI010-04:~ tmi010$ ssh admin@10.140.134.151
admin@10.140.134.151's password:
ePMP-testlab(config)#
ePMP-testlab(config)# interface ?
eth : Configure ethernet interface
vlan : Configure vlan interface
ePMP-testlab(config)# interface v<TAB>

ePMP-testlab(config)# interface vlan 34
ePMP-testlab(config-vlan-34)# ip address 34.1.1.10 /24
ePMP-testlab(config-vlan-34)# exit
ePMP-testlab(config)# no interface vlan 34

Config text
ePMP-testlab(config)# show config
!
management user admin password $crypt$1$dc5rZyXwR6aoLtZme/jeg+NzwA4MfO1I
poe-out
country-code IN
!
wireless radio 1
no shutdown
channel 6
channel-width 20
power 20
antenna-gain 5
!
wireless wlan 1
ssid orrery
no shutdown
vlan 1
security wpa2-psk
passphrase $crypt$1$+BeqsUJHdQaOPhJD0cDkQk98q4JldLO
!
interface eth 1
switchport trunk allowed vlan 10-20
!
interface vlan 1
ip address 10.140.134.151 255.255.255.0
ntp server pool.ntp.org

Troubleshooting

WiFi Analyzer
Connectivity

Packet Capture

Unconnected Clients

System Logs

Tech Support
• Contains technical information

useful support / engineering
• Include it with support requests
• Multiple snapshots if possible

Factory Default
• All configuration is reset to default

– Configuration, configuration password, Cambium ID
• While powered on, hold the reset button for 10s
▪ Device will reset to factory defaults and reboot
Connectorized Radio E400 Reset R200/R201 Reset

Reset Button Button Button

PoE Out
• PoE-out to an auxiliary device, such as an ePMP or 450 SM
• NOT 802.3af, only powers devices with Cambium-PoE
• Supported on ePMP1000 Hotspot and E500

Labs

Exercise 1 – Initial setup and Firmware upgrade
• Download latest firmware from support site and upgrade

device
a. Go to:
https://support.cambiumnetworks.com
b. Register for an account.
c. From your email, follow the link to
activate your account.
Download Current Software Version
• Go to https://support.cambiumnetworks.com/files/e400/
• Download the latest software release for E400
Setup
• First, connect the E400 power brick to port 1 on the Trendnet

router
• Then connect laptops to ports 2-4
• Leave WAN port disconnected
Student Laptop
Internet 4 Port Switch

via Instructor w/ DHCP Server
Switch
WAN
Get the E400’s IP address
• Log in to http://192.168.10.1 (admin/admin)
• Click on
– Advanced Setup
– LAN
– DHCP Client List
• Look for the IP address of device with MAC OUI 00:04:56
• If you plugged in the E400 first it should be 192.168.10.101

Log in to the E400
• Use default username / password (admin/admin)

• Select Configure->System from the menu tree
– Ensure country is configured
• Select Configure->Radio from the menu tree and set a static
channel (149/153/157/161)
Check current firmware version
• Check version on dashboard screen

Upgrade firmware
• Choose file download from Cambium support site

• Reboot after upgrade completes
• Verify firmware version

Exercise 2 – Set up basic WLAN and Monitor statistics
• Create a wireless LAN TrainingBridgeX

• Keep it mapped to the default VLAN 1
• Use WPA2 encryption
• Associate your phone / laptop to it and verify you can browse
the internet
• Verify the WLAN is bridged and your device has an IP address
assigned by the Trendnet router (use dashboard in the UI)
• Monitor client

Solution
3
4

Exercise 3 - ACLs
• Modify WLAN 2 created in the previous activity

• Verify you can access http://java.com from your client
• Add a rule to drop all http traffic (tcp port 80)
• Verify that you can no longer access http://java.com but can
access https://java.com
• Make sure you create the default permit all rule!

Solution 3 – Step 1/2
2 3
4 5 6 7 8

Solution 3 – Step 2/2
2 3 4

Exercise 4 – Guest Access
• Create WLAN 3 with SSID TrainingGuestX
• Enable Guest Access on it
• Configure your splash page with an appropriate title and other content
• Redirect the user to www.cambiumnetworks.com on success
• Configure the DNS ACL to deny access to ebay.com
– DNS ACL configuration can be found under Wireless->Access->DNS ACL
– As ebay has various subdomains enter “*.ebay.com” as the domain name
– Make sure you allow all other domain by adding a “permit *” rule at the end
• Verify your client only obtains internet access after signing on
• Verify user is redirected to www.cambiumnetworks.com after signing on
• Verify access to ebay.com does not work but you can access other sites

Solution 4 – 1/2
1
5
6
7

Solution 4 - 2/2
4
1 2 3
4
1 2 3

Exercise 5 – Troubleshooting 1
• Ping your wireless client from your wired laptop

• Run packet capture to view the ICMP packets
• Use the filters to only view ICMP packets


Exercise 6 – Troubleshooting 2
• Run the WiFi Analyzer

• Examine and interpret the graphs and tabular output


Thank you
cnPilot™ Training
AUTOPILOT : AP as a Controller
Overall Objectives
1. Understand what is Autopilot

2. Configure APs for Autopilot and Monitor them
28
4
What is Autopilot
• AP as a controller. In a small network (up to 32 APs) one of the

APs acts as a controller for:
– Configuration of all APs
– Aggregating Statistics from all APs
– Aggregating Events from all APs
• Currently independent of cnMaestro
– APs managed just by the Master-AP
– Future plans for cnMaestro integration for backup and services
Positioning and Use-Case
• Analogous topology to:

– Motorola Virtual Controller, Aruba Instant, Ruckus Unleashed etc.
• Optimal for small networks that
– do not want to use cloud
– do not want to install on-premises cnMaestro on a server (cost, extra
hardware etc)
• Does not include all cnMaestro features
– SMS Authentication, Payment Gateway etc

Master AP function
• Some memory and CPU dedicated to autopilot functionality

(depending on size of network)
• No functions removed, can service wireless clients on its own
radio even when it is a Master-AP.
• Configured by user. Should be set on one AP.
– Failover (active-standby) in future software

Capacity Numbers
• 32 APs in total
– One Master-AP managing up to 31 others
– APs can be mixed types (E400, E500, E501 all in one network if
necessary)
• 1000 clients
– Statistics tracked and managed for upto 1000 clients
• 16 SSIDs
– Can be grouped into 4 wlan-groups.

Initial Setup
• Any AP Firmware with version > 3.4.2

• Any Enterprise AP other than ePMP1000 Hotspot
– cnPilot E400, E500, E501S, E410, E600
• No special licenses or different firmware

Converting to Autopilot
• System -> Management set Autopilot mode to Master. Refresh

web page

Login : admin/admin by default

Dashboard : Overview Stats and Events
Main Menu Dashboard Menu Other potential
Key Site Stats
Member APs
Top APs and Clients

Client distributrion Live events view
by traffic etc
Dashboard : Access Points
Second Menu: Overview | Performance | System | RF
Master-AP (controller) is
highlighted with a crown next to it
in any AP table

Dashboard : Wireless Clients
Second Menu: Overview | RF
Clients roam among APs, and this information is aggregated

with periodic stats updates (every 30-60 seconds). So a client
might show up here on an ’old’ AP if it has just roamed.
Search box on top right searches multiple fields: MAC, IP,

device-type etc.
INSIGHT : PULSE
• Flag common problems from analyzing statistics.

• Administrator need not dig through all the logs and stats
• Ethernet Port Not Gigabit
• High CPU Usage
• Low AP Uptime
• Low Memory
• & more

INSIGHT: Timeview
• History of statistics with synchronized, zoomable view.
• Client counts, throughput, Peak CPU usage, Peak Memory usage,
Events
• 1 hour data
• Not persistent (lost on reboot)

INSIGHT: Events
• Aggregated from across the site

• Filterable.
• Color coded for severity
• Rolling buffer of last 1000 events
Configuration
System : Country-Code, Password, Time
Management : HTTP/HTTPS/Telnet/SSH, SNMP etc For all

WLAN Groups: SSID, Security, VLAN, ACL
APs in
network
Radio Channel, Power
Only on
IP Address, Route, DNS, L3 Interfaces
Master
All APs
Ethernet Port, Data Tunnels
Per-AP Settings (overrides) All APs

Configuration : Wireless LANS
• Add by clicking Add Wireless LAN

• Named, no numbers (system handles numbering on its own)
• Summary of WLAN, with WLAN group on top right side
Configuration : WLAN Group
• Container for WLANs

• Easier AP-SSID mapping
• Upto 16 WLANS in System
• Upto 4 WLAN Groups for those 16
• A default group created by the system
• No need for new ones unless AP-SSID mapping is not uniform

• WLANs created in a group remain inside it
• WLAN part of one group only not shared across groups
Configuration : WLAN Parameters
Subitems menu. Dynamic: guest-access tab shows when
guest-access is enabled on WLAN
Option to view
password/key
Advanced params in their own hidden menu

Configuration : WLAN Advanced
Available for advanced users to use. Hidden by default so other users avoid complexity
Configuration : Master IP Address Settings
Static IP settings.
Recommended for master-AP
Configuration : AP Settings
Custom values for this ONE AP
Radio parameters can

be custom or inherited
from Global ones
DHCP by default, can be set

to static
Configuration : Networks Interface
By default only on Master-AP.

Needed on members if Captive
Portal in use
Master AP can be DHCP

Server on this network
Manage AP Firmware
Backup Firmware, will

change on upgrade
Firmware Upgrade
Status
Current Firmware Version

Firmware Upgrade Process
1. Upload firmware to master AP from browser GUI

2. Click Upgrade All Devices
a) Master AP will download firmware to others
b) All APs will upgrade their firmware, reporting back status
periodically to master
3. Click Reboot All Devices to restart, and to activate new
firmware.
4. (optional) click Upgrade next to any one device to upgrade
just its firmware (Eg: replacement AP).
NOTE: AP needs 20-25MB of free memory to cache the firmware

file. Post upgrade if not rebooting immediately, delete the cached
firmware file.
Manage AP Firmware
When a new firmware file is uploaded, the AP will check its
meta-data and display basic information about it (such as
version).
Only after the upload is done and successful can upgrades begin
System Management
▪ Reboot any or all devices.
▪ Disable Autopilot to go back to standalone mode.
▪ Export Config (text file) or import it back in.
Troubleshooting
• Download Tech-support from master-AP
• Only downloads from master, not from the member devices.
• Option to open device GUI of other member APs for access to
other troubleshooting tools on them.
Details: AP Discovery & Connectivity
• Autopilot discover occurs over Layer2 with a broadcast packet
periodically sent out by the master AP on its native vlan.
• The packet has a destination of 11-11-11-11-11-11 and an

etherType assigned to Cambium of 89-41
• Packet capture of this packet:
• Inter AP communication is encrypted (SSL/TLS) and uses TCP

port 31415.
Lab
LAB1: Enable autopilot and onboard 2nd AP
1. Connect both APs to a switch with connectivity to a DHCP

server. Note the IP address of one of these APs and log onto
its GUI using a browser.
2. Convert the AP to autopilot master
3. Refresh the GUI to load autopilot GUI.
4. Wait for the second AP to show up under Discovered Devices
and click Approve or Approve-All to onboar the AP
LAB2: Setup an SSID and connect a client
1. Log onto the GUI of the master-AP and Click Configure

2. Set up a country-code under System if it is not setup.
3. Go to wireless LAN and create a new WLAN under the
existing (default) wlan group
4. Configure an SSID testing123 and hit Save
5. Connect a wireless client to the SSID and view the dashboard
to confirm the client shows up under Events as well as in the
client related widgets and tables of the dashboard
Thank you
cnPilot
Guest Portal Configuration
Connect the Unconnected

Guest Access Features
❑ Usage control
New in 3.2
– Time
– Rate Limit
– Data limits
❑ Social Login
& m any m ore…
– Facebook
Fully Customizable Portal Interoperate with many
– Google
Social Login
popular Eco-system vendors
Rate, Time , and Quota Limits
Voucher generation ❑ Voucher Generation

Three Configuration Options, Three Portal Locations
• Configuration via
– cnMaestro
– AP GUI
– AP CLI
• Guest Portal via
– cnMaestro
– AP
– External
cnMaestro – Steps to create Guest SSID
• Create Guest Portal Service in cnMaestro
– Configure access options
– Customize Splash Page
• Create WLAN in cnMaestro
• Create/Edit AP Group
– Add Guest WLAN into appropriate AP Group
– Sync APs within AP Group to new configuration
cnMaestro – Adding a new Guest Portal Service
• Guest Portal is added under

Services
• The Name of the Service must not
have spaces or special characters
• Choose to log client login events if
you wish to track access
information
cnMaestro – Access Control
• Select the Guest Portal that you want to

configure
• Selection Access Control – From here you
can configure settings for
• Free Access
• Paid Access
• Vouchers
cnMaestro – Free Access Client Session Settings
• Enable Free access if desired
• Client Session
• Session Duration sets the time limit for
each free session.
• Renewal Frequency sets the time required
before a new session will be granted
• Client Rate Limit
• Downlink sets the data rate for downlink
traffic to a single client. Uplink sets the
data rate for uplink traffic to a single
client.
• Client Quota Limit sets the data limit for a
session
• Quota type can be None, Directional,
or Total
cnMaestro – Social Login Configuration
• Free access must be
enabled to use Social Login
• Either Google, Facebook, or
both can be use for login
• Allows for gathering of
information provided
on public profiles
• For Google, you will need
to create a “Project”
• For Facebook, you will
need to create an “App”
• Bypass Captive Portal
Detection will be needed
for IOS and Android
devices.
See the Tech note on the Cambium Support site for details on setting up both Google and Facebook login at:
http://community.cambiumnetworks.com/t5/cnMaestro/Guest-Access-Portal-Social-Login-Configuration-Beta/td-p/60333
cnMaestro – SMS Configuration
• If SMS is to be used, enable in this

section
• Select the SMS Gateway Provider. At
this time, Cambium supports:
• Twilio
• SMS Country
• SMS Gupshup
• Depending n the provider selected,
there will be different settings to
configure
• Select the appropriate country code
cnMaestro – White List
Add web sites into the White List to aid

Captive portal bypass for IOS and Android
devices.
These devices require a confirmation that

they can access the internet before Social
Login is complete, necessitating the ability
to access them first.
cnMaestro – Paypal settings
If a Paid option is desired,

Enable here
Provide your Paypal PDT

Identify Token.
cnMaestro – Adding a new Voucher Plan
• To add a Voucher plan, first go to the

Vouchers tab.
• Enable Vouchers
• Click on the Add New Plan option
• Create the new plan
• Session Duration
• Voucher Expiry
• Client Rate Limit
• Client Quota Limit
• Voucher Device Limit
• Message and Colors for Voucher
cnMaestro – Adding a new Voucher Plan, continued
cnMaestro – Voucher Plans
Click Add Vouchers to create

new ones
Vouchers that have been

generated can be viewed here
- Voucher ID
- Status (valid, expired)
- Creation Time
- Claimed Time
cnMaestro – Splash Page Configuration
• Navigate to the Splash

Page Tab
• Choose Theme or upload a
Custom Design
• Configure
• Logo
• Background
• Text Design
• Content
cnMaestro – Splash Page Content
Fill in content information to customize your Splash Page
Utilize Terms and Conditions
Changes will not display in the Preview until they are saved
cnMaestro – Splash Page Custom
Beyond the customization options

already displayed, it is possible to fully
customize the Splash Page with an CSS
file.
Download a Sample CSS file to obtain the

format used
Upload the new CSS file and Save.

cnMaestro – Guest Portal Sessions
Once the Guest Portal has been assigned to an SSID and users connect, you can view information
from the Sessions tab.
If desired, users connected to the Guest Portal can be forced off via the Disconnect option.
cnMaestro – Create Guest WLAN
• Select WLAN Options

• Click on “New WLAN”
• Configure Basic WLAN Settings
cnMaestro – Guest WLAN Tied to Guest Portal
Navigate to the Guest Access Tab
Enable under Basic Settings
Choose cnMaestro as the Portal

Mode
Enter in the name of the Guest

Portal Service already created
cnMaestro – Guest WLAN Advanced Settings
• If redirection is desired, set the port number

• Configure timeouts
• Session
• Inactivity
• MAC Authentication Fallback allows for the use of a single SSID for MAC authentication,
using Guest Access for MAC addresses not already known by Radius Server
cnMaestro – Guest WLAN Whitelist
If a Whitelist is desired, it can be added to the Guest WLAN Configuration
We already created one within the Guest Portal Service, but this field can be used for
greater customization of specific Guest WLANs utilizing the Guest Portal Service
previously created
cnMaestro – Adding Guest WLAN to AP Group
Navigate to AP Groups
Select the Edit icon (pencil) to edit the AP Group where the Guest WLAN will be applied
cnMaestro – Edit AP Group
• Auto Sync will push

any saved changes
to all APs in the
Group
• Click on Add WLAN
• Select Guest WLAN
that was just
created and click
on Add
AP – Steps to Configure Guest WLAN
• A Guest Portal can be configured to reside in the AP three
different ways
– Configure from cnMaestro GUI
– Configure from AP GUI
– Configure through CLI
AP – Guest Portal Configured via cnMaestro
• Navigate to WLANs
• Select Guest Access
• Enable
• Select Internal Access Point
• Configure as desired
• Access Policy
• Redirect Mode
• Title
• Contents
• Terms
• Logo
• Background
AP – Guest Portal Configured via cnMaestro, continued
• Choose Success Action – what

happens after a client agrees to
Terms and Conditions.
• Advanced Settings
• Redirect Port
• Timeouts
• Session
• Inactivity
• MAC Authentication Fallback
• Whitelist
cnMaestro – Adding Guest WLAN to AP Group
Navigate to AP Groups
Select the Edit icon (pencil) to edit the AP Group where the Guest WLAN will be applied
cnMaestro – Edit AP Group
• Auto Sync will push

any saved changes
to all APs in the
Group
• Click on Add WLAN
• Select Guest WLAN
that was just
created and click
on Add
AP – Guest Portal Configured via AP GUI
• Login into the target AP

• Select Configure
• Select WLAN
• Choose Add WLAN
• Enter in the next WLAN ID#
• Select OK
AP – Guest WLAN Basic Settings
Configure the Guest WLAN Basic Settings

AP – Create Guest Portal
Navigate to Guest Access on the

specified WLAN
Now the configuration is the same

as shown previously
The Guest Portal can reside on

- cnMaestro
- AP
- External Server
External Captive Portal Workflow
Details on configuration for integration with 3rd party vendors with External Captive Portal support can be found here:
https://support.cambiumnetworks.com/files/e400/#r3) Guest Access Portal Integration
Thank you!
cnPilot™ Training
AUTORF
Overall Objectives
1. Understand what is Autorf

2. Configure APs for Autorf and Monitor them
35
3
What is AutoRF
• Automatically configure channel & power

• Choose appropriate channel to minimize interference and
maximize throughput
• Choose optimal power for coverage while minimizing
interference
• Constantly monitor operating channel and react appropriately
when performance is not as per required standards
AutoRF modes
Two different modes of operation to choose from based on

network topology and number of access points
• Centralized mode
• Autonomous mode

AutoRF – Centralized mode
• Channel & Power assignment is handled by a leader access

point
• Suitable for networks with up to 128 access points
• Data is collected by all access points and sent to a leader
• Leader makes the decision on best channel and power for
every access point

AutoRF – Autonomous mode
• Suitable for very large scale networks of 1000’s of access points

• Decision is taken autonomously by every single access point
• Every access point collects data and makes decision on channel
and power by itself
• All neighboring APs including our own are treated as source of
interference

How it works
• Periodic off channel scanning to collect data on neighboring

APs, interference and usage
• Assign channel and power based on OCS data
– AP itself in case of ‘Autonomous mode’
– Leader AP for ‘Centralized mode’
• Interference Avoidance
– Constantly monitor current channel and force a channel change if
required

Centralized mode – Leader AP
• Leader AP collects data from all member APs in a network

• Uses collective information from all APs to decide channel and
power
• The AP with the highest mac address is chosen as the leader
• When leader goes down, the next APs with the highest mac
address becomes the leader

Off Channel Scan
• Performed every configured ‘Off channel period’

• A configured number of ‘samples’ are taken and APs switch
channel every configured ‘interval’
• A special broadcast probe is sent when we go off channel
which is used for discovering neighbors
• Channel load and interfering sources are identified on all
channels

Channel Selection - Centralized
• Channel selection algorithm is run every 2 minutes on the

leader AP
• For each access point the interference profile for all channels is
generated
– Interference due to neighbors & no of neighbors
– Noise floor on each channel
• Best channel is chosen for assignment
• Only assigned if we are past channel hold time

Channel selection – Autonomous
• Performed on AP itself at the end of an off channel scan period

• Interference profile for all channels is generated
– Interference due to all neighbors on that channel
– Noise floor
– Channel load
• Best channel is assigned if we are past channel hold time

Power assignment - Centralized
• We are always monitoring current channel and keep track of

our own neighboring APs
• When we have no neighbors on the current operating channel,
maximum power is chosen
• When we have neighbors and if they are above ‘RSSI
threshold’, we reduce power by 1db.
• Happens every 3 minutes

Power assignment - Autonomous
• Operates on max power by default

• No power reduction based on neighbors
• AP can be configured to use a specific power if
max power is not suitable

Interference Avoidance
• Once chosen, channel is fixed for channel hold time period

• OCS happens only on configured period
• Interference avoidance constantly monitors current channel
and forces a channel change if required
– Force an OCS collection
– Assign channel even if we are within channel hold time

• Run every 10 seconds

• Configured number of samples are taken
• If the channel is not usable for over a configured usage
percentage for number of samples, avoidance kicks in
• Forces an off channel scan
• New channel is assigned based on collected data

Configuration
• AutoRF Configuration is done on a per radio basis

• Exists under Configuration > Radio
• Configured separately for 2.4GHz and 5GHz radio
• Channel needs to be ‘Automatic’ for AutoRF channel
assignment
• Power needs to be ‘Auto’ for AutoRF power assignment

Radio configuration

AutoRF configuration

OCS Configuration


ACS & AutoRF
• Currently they are independent

• ACS both scheduled and polled work irrespective of AutoRF
configuration.
• Please disable scheduled / polled ACS when AutoRF is enabled
• Initial channel upon bootup is chosen by ACS. AutoRF then
monitors and chooses appropriate channel.

Thank you

CnPilot Cert 1 7 Introduction All C7

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

CnPilot Cert 1 7 Introduction All C7

Hochgeladen von

Copyright:

Verfügbare Formate

cnPilot™ Training

Introduction to Wi-Fi, cnPilot and

Point-to-Point (PTP) Point-to-Multipoint

Copyright 2016 Cambium Networks, Inc. All rights reserved. 2

cnMaestro: Planning Cloud Manager

Point to Point Point to Multipoint 802.11n, 802.11ac Indoor & Outdoor

Copyright 2016 Cambium Networks, Inc. All rights reserved. 3

Copyright 2016 Cambium Networks, Inc. All rights reserved. 4

Copyright 2017 Cambium Networks, Ltd. All rights reserved.

Cambium cloud-Managed Wi-Fi portfolio

cnMaestro™ - Overview, Features and Management

Install, configure & monitor: cnPilot Wi-Fi Access Points

Copyright 2017 Cambium Networks, Ltd. All rights reserved.

Material de Curso de Treinamento Técnico

Copyright 2017 Cambium Networks, Ltd. All rights reserved.

➢ Consists of member Creates Certifies

Copyright 2017 Cambium Networks, Ltd. All rights reserved.

802.11a 802.11b 802.11g 802.11n 802.11ac

Copyright 2017 Cambium Networks, Ltd. All rights reserved.

What is Radio Frequency (RF)?

Copyright 2016 Cambium Networks, Inc. All rights reserved. 11

• Radio waves are electromagnetic waves which propagate at

2.4Ghz Has longer Wavelength than 5.8Ghz

Popular Radio Frequencies

Copyright 2016 Cambium Networks, Inc. All rights reserved. 13

Copyright 2017 Cambium Networks, Ltd. All rights reserved.

Copyright 2017 Cambium Networks, Ltd. All rights reserved.

Complex Modulation Schemes - OFDM

A large number of closely spaced orthogonal sub-

Quadrature Amplitude Modulation

Complex Modulation Schemes - OFDM

Copyright 2016 Cambium Networks, Inc. All rights reserved. 20

• Os padrões 802.11 atuais usam MCS Modulation Coding

Copyright 2017 Cambium Networks, Ltd. All rights reserved.

Copyright 2017 Cambium Networks, Ltd. All rights reserved.

■ As reflexões ocorrem quando um sinal de RF salta uma superfície lisa e não

Copyright 2017 Cambium Networks, Ltd. All rights reserved.

Multipath advantageous for MIMO

• Sinal de RF quando salta de uma superfície grande e lisa, ele

Copyright 2017 Cambium Networks, Ltd. All rights reserved.

Spatial Multiplexing 802.11 n Enhancement

Copyright 2017 Cambium Networks, Ltd. All rights reserved.

• Signal Strength – in dBm

-50 -50 Signal

Copyright 2017 Cambium Networks, Ltd. All rights reserved.

• Função de Coordenação Distribuída

Copyright 2017 Cambium Networks, Ltd. All rights reserved.

Copyright 2017 Cambium Networks, Ltd. All rights reserved.

Copyright 2017 Cambium Networks, Ltd. All rights reserved.

Copyright 2017 Cambium Networks, Ltd. All rights reserved.

• WPA2 Personal Shared Key - chave pré-

Copyright 2017 Cambium Networks, Ltd. All rights reserved.

Copyright 2017 Cambium Networks, Ltd. All rights reserved.

PMK Pairwise Master Key

PTK WPA 2 involves 4 way handshake

GTK AP sends the Group Transient Key (GTK) to the client

Copyright 2017 Cambium Networks, Ltd. All rights reserved.

Wi-Fi Alliance subset of 802.11e

Defines four Access Categories (AC)

Does not guarantee throughput

Enforces priority by modifying contention windows and

WMM parameters mapped to DSCP and 802.1p priorities

Copyright 2017 Cambium Networks, Ltd. All rights reserved.

U-APSD (Unscheduled Automatic Power Save Delivery) / WMM-PS