cnPilot_Cert_1_7_Introduction_All_C7

Prévia do material em texto

cnPilot™ Training
Introduction to Wi-Fi, cnPilot and 
cnMaestro
Copyright 2016 Cambium Networks, Inc. 
All rights reserved.
Who is Cambium?
Point-to-Multipoint
(PMP) Access Networks
Point-to-Point (PTP)
Backhaul Infrastructure
2
Copyright 2016 Cambium Networks, Inc. 
All rights reserved.
What we do?
2 Meters to 245 Kilometers – End-to-End! Outdoor to Indoor!
Point to Point Point to Multipoint
Long Distance: PTP 650, 820 Distribution Access: PMP 450, ePMP
Indoor
Outdoor
- Single Band
- Dual Band
Home + Small 
Business
802.11n, 802.11ac Indoor & Outdoor
Edge Access: cnPilot
Cloud ManagercnMaestro: 
Network Lifecycle Management
Planning
Network Management
Wi-Fi Controller
Support & Warranty Services
Inventory Management
On Premises 
Network Manager
3
• Quem é você?
• Qual o tamanho da sua rede?
• Quais os seus planos de crescimento para sua 
rede?
• Qual tecnologia/fabricante vc usa atualmente?
• Quais são suas maiores dificuldades?
Copyright 2016 Cambium Networks, Inc. 
All rights reserved.
Introdução
4
Learning Resources
http://community.cambiumnetworks.com/
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
http://community.cambiumnetworks.com/
Course Topics
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Wi-Fi Fundamentals
Cambium cloud-Managed Wi-Fi portfolio
Install, configure & monitor: cnPilot Wi-Fi Access Points
cnMaestro™ - Overview, Features and Management
A Few Words Before We Begin
Material de Curso de Treinamento Técnico 
Este material é fornecido para ajudá-lo na avaliação, implantação, solução de problemas e compreensão 
dos aspectos técnicos dos produtos Cambium Networks e não deve ser reproduzido ou distribuído a 
outros sem a permissão da Cambium Networks. 
Ao participar deste curso e aceitar todos os softwares e materiais relacionados, você concorda em 
respeitar os termos e condições descritos acima.
Cambium Networks
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Wi-Fi Fundamentals
Wi-Fi Organizations
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
 Consists of member 
individuals
 Design and document 
network protocols, such 
as:
802.3 Ethernet
802.11 Wi-Fi
802.15 Bluetooth
802.16 WiMAX
Certifies 
Products
Set Local 
Regulations
Creates 
Standards  Consists of member 
organizations – primarily 
equipment vendors
 Certifies Wi-Fi 
equipment for 
interoperability
 Promote adoption of 
IEEE 802.11 standards in 
the market
History of 802.11 PHY/MAC standards
802.11a
Ratified in 
1999
OFDM 
modulation
5 GHz 
frequency 
bands
6-54 Mbps
802.11b
Ratified in 1999
High-Rate DSSS 
(HR/DSSS)
2.4 GHz 
frequency band
Backward 
compatible with 
DSSS (1 & 2 
Mbps)
5.5 and 11 Mbps
802.11g
Ratified in 2003
Extended Rate 
Physical (ERP)
2.4 GHz frequency 
band
Backward 
compatible with 
802.11b (1-11 
Mbps)
6-54 Mbps
802.11n
Ratified in 2009
Uses HT-OFDM 
2.4 & 5 GHz 
frequency bands
Backward 
compatible with 
802.11a/b/g (1-
54 Mbps)
Up to 600 Mbps
802.11ac
Ratified in 2013
5 GHz frequency 
only
Very High 
Throughput PHY
Backward 
compatible with 
802.11a/n 5 GHz
Data rates 
6.93Gbps
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
What is Radio Frequency (RF)?
• Medium of communication for wireless technologies.
– AM/FM radio, VHF/UHF radio Systems, Cordless phones
– Microwaves, GPS
– Cellular: GSM, CDMA, UMTS
– Fixed Wireless: WiMAX & Wi-Fi
• Range of RF
– 3 KHz to 300 GHz 
11Copyright 2016 Cambium Networks, Inc. 
All rights reserved.
Principles of Propagation
• Radio waves are electromagnetic waves which propagate at 
the speed of light, or 1,86,000 miles per second (3,00,000 
km/s) 
• Radio Frequencies:
12
Copyright 2016 Cambium Networks, Inc. All rights reserved.
Principles of Propagation
13Copyright 2016 Cambium Networks, Inc. 
All rights reserved.
Principles of Propagation
2.4Ghz Has longer Wavelength than 5.8Ghz
Frequency & Wavelength
AM Radio 1100 kHz Weather 162.4 MHz
Shortwave 3 – 30 kHz Cellular Phones 700MHz – 2GHz
FM Radio 88 – 108 MHz Wifi a/b/g/n 2.4 & 5 GHz
Popular Radio Frequencies
• The Wavelength (λ)
– The Wavelength of an electro magnetic field is related to the 
frequency:
– Radio signals in the atmosphere propagate at almost the speed of 
light in vacuum
14
Copyright 2016 Cambium Networks, Inc. All rights reserved.
RF Fundamentals
Channels in 2.4GHz
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
UNII Bands and Channels
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Complex Modulation Schemes - OFDM
OFDM splits the radio signal into multiple 
smaller sub-signals that are transmitted 
simultaneously at different frequencies to 
the receiver. 
OFDM is a Orthogonal frequency-division 
multiplexing (FDM) scheme used as a digital multi-
carrier modulation method. 
A large number of closely spaced orthogonal sub-
carrier signals are used to carry data on 
several parallel data streams or channels. 
Each sub-carrier is modulated with a conventional 
modulation scheme
Take-away here is that 802.11n is a method of 
using special modulation techniques and NOT 
specific to a frequency like 2.4 or 5 GHz. It can be 
used in either band. 
17Copyright 2016 Cambium Networks, Inc. 
All rights reserved.
Modulation & Coding
Generally speaking, the faster the data rate 
the more powerful signal needs to be at the 
receiver to be decoded.
OFDM
Complex Modulation Schemes - OFDM
19
Quadrature Amplitude Modulation
ou QAM é um dos tipos mais rápidos que efetivamenteenvia dois 
sinais que estão fora de fase um com o outro e, de alguma forma, 
"colocando as peças de volta em conjunto" para uma taxa de 
transferência ainda mais rápida
Copyright 2016 Cambium Networks, Inc. All rights reserved.
Modulation & Coding
Complex Modulation Schemes - OFDM
20Copyright 2016 Cambium Networks, Inc. 
All rights reserved.
Modulation & Coding
Generally speaking, the faster the data rate the more powerful 
signal needs to be at the receiver to be decoded.
Modulation and Coding
• Os padrões 802.11 atuais usam 
modulação de divisão de freqüência
ortogonal (OFDM) 
• Canal dividido em múltiplas 
subportadoras
• Cada subportadora usa um esquema 
de modulação: Chave de Mudança de 
Fase (PSK) ou Modulação de Amplitude 
em Quadratura (QAM) - até 256 QAM
– MCS 8 & 9 introduzido por .11ac 
• E quanto ao MCS0-15 802.11n?
– Simplificado em 11ac em comparação com 
11n
MCS Modulation Coding
0 BPSK 1/2
1 QPSK 1/2
2 QPSK 3/4
3 16-QAM 1/2
4 16-QAM 1/2
5 64-QAM 3/4
6 64-QAM 3/4
7 64-QAM 5/6
8 256-QAM 3/4
9 256-QAM 5/6
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Modulation and Coding
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
http://mcsindex.com/
http://mcsindex.com/
Radio Frequency Behavior – Example- Reflection
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
■ As reflexões ocorrem quando um sinal de RF salta uma superfície lisa e não 
absorvente, alterando a direção do sinal
■ Ambientes refletivos causam “multipath” (multicaminhos)
Multipath advantageous for MIMO
• Sinal de RF quando salta de uma superfície grande e lisa, ele 
muda a direção do sinal, fazendo com que o sinal faça vários 
caminhos.
• A MIMO aproveita as estruturas ambientais e aproveita as 
reflexões do sinal multipath para realmente melhorar o 
desempenho da transmissão de rádio
• Espelho
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
MIMO – Multiple Input Multiple Output
Transmit Beamforming
(TxBF)
Maximal Ratio Combining
Spatial Multiplexing 802.11 n Enhancement
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Units of Measurement
• Signal Strength – in dBm
• Noise Floor – in dBm
• SNR = SS – NF – in dB
• RSSI – Received Signal Strength Indicator
• VDC
-30
-50
-40
-60
-70
-90
-100
-90
-80
-70
-60
-50
-40
-30
-20
-10
0
1 6 11
d
B
m
Channel
SNR
SignalNoise Floor
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
802.11 MAC (Acesso ao Meio)
• Função de Coordenação Distribuída 
• Parâmetros são considerados para evitar colisão por CSMA / CA 
– Physical Carrier Sense (CCA) – Clear Channel Assessment
– Virtual Carrier Sense (NAV) 
– Recuar 
– Espaçamento Interframe
• SSID - Service Set Identifier
– Nome WLAN (mostra quando você procura a rede) 
• BSSID - BSS Identifier
– Endereço MAC da interface sem fio do AP. Um por SSID.
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Frame Format
• MAC header
• Frame Body
• FCS
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Frame Aggregation
• Introduced by 802.11n
• Higher efficiency by avoiding inter frame gaps and using block ACKs
• A-MSDU (Super)
– Single 802.11 MAC header and FCS
– More efficient
• A-MPDU (Pobre)
– Each sub-frame has an 802.11 header and FCS
– More reliable
• With .11ac, every transmission is required to be an A-MPDU (even 
if contains a single MPDU)
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Frames
Management
• (Dis-)Association
• (De-)Authentication
•Beacon
•Probe Request / Response
Control
•RTS/CTS 
•Ack
•Block-Ack
Data
•Simple Data
•QoS Data
•Data + CF-Ack
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Association Process
• At this point
– On open WLANs data can now be exchanged
– On networks with security, enters 802.1x Port blocked state
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
WPA2 Personal and WPA2 Enterprise
• WPA2 Personal Shared Key - chave pré-
compartilhada 
• Envolve uma única senha para ser conectada 
na rede sem fio. 
• O WPA 2 Enterprise requer um servidor 
RADIUS que manipule o acesso de 
autenticação. 
• A autenticação é baseada em 802.1X
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Security – WPA2 Enterprise
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Security Keys
Pairwise Master KeyPMK
• Shared key if using WPA2 Personal
• EAP negotiation if using WPA2 Enterprise
WPA 2 involves 4 way handshakePTK
• Prove the client knows the PMK
• Derive a Pairwise Transient Key (PTK)
• PTK is used to encrypt unicast messages
AP sends the Group Transient Key (GTK) to the clientGTK
• GTK is used to encrypt multicast / broadcast messages
• Periodic group key handshake to update GTK
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
WMM
Wi-Fi Alliance subset of 802.11e
Defines four Access Categories (AC)
Voice, Video, Best Effort, Background
Does not guarantee throughput
Enforces priority by modifying contention windows and 
contention free tx parameters
WMM parameters mapped to DSCP and 802.1p priorities
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Power Save
• Many wireless clients are battery operated, so power saving 
features are important
• Devices can be in CAM (Constantly Awake Mode) or PSM (Power 
Save Mode)
• The AP knows the power-save state of each client and buffers 
frames for sleeping clients
• The beacon indicates which clients have buffered frames
• PSM wake up periodically to check the beacon and poll the AP for 
frame delivery if required
• Broadcast / multicast frames are delivered every fixed number of 
beacon intervals
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Power Save - Enhanced
(Unscheduled Automatic Power Save Delivery) / WMM-PSU-APSD
• Client can request buffered frames at any time
• QoS aware - can be enabled per-priority queue
• Less common scheduled version S-APSD exists
Power Save Multi-PollPSMP
• 802.11n extensions to APSD
Dynamic MIMOMIMO
• Reduces MIMO configuration when there is low traffic 
(e.g. 2x2 to 1x1)
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Other 802.11 standards
802.11 e : Quality of Service (QoS) enhancements 
Improves voice and video performance
802.11 k: Radio Resource Management
Radio and network measurements
802.11 r: Fast secure roaming mechanisms, aka 
“Fast BSS Transition”
802.11 w: Protected Management Frames, prevents 
some security vulnerabilities
802.11 u: Interworking with external networks
Hotspot 2.0 enabler
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Best Pratics – By myself
• Data Rate;
• Localização AP:
– Planta, local de maior propagação;
– Altura Indoor (1,80 a 2m), Outdoor (3,5 a 5m);
• Antena setorial p/ densidade e menos interferência;
• Config: Usar mesmo SSID e Canais diferentes. (1,6,11)
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Guest Access
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Guest Access
• Provide internet access to third parties
– Hotels
– Coffee Shops
– Stadiums
– Outdoor events
– Home (!)
• “O Wi-Fi é igual ou mais eficaz para tornar os clientes bem vindos 
do que outras amenidades, como revistas, boletins informativos da 
comunidade, doces ou água”
– Brendin Research
• Use existing infrastructure, monetize, customer retention
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Onboarding Models
• Click to sign-on
• “Freemium”
– E.g. 30 minutes free, pay for longer duration or higher bandwidth
• Voucher based
– Can be purchased or given out for free
• Payment portal
– Online purchase using credit card / Paypal
• Integration with other systems
– Third-part hotspot management applications
• Username / password with RADIUS backend
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Hotspot 2.0
• Wi-Fi Certification Passpoint
• Secure and seamless public access over existing service 
provider public Wi-Fi network
• Wireless client can discover whether AP supports their home 
service provider
• AP authenticates client against various home provider’s system
• Encrypted communications
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Enhance Client Experience:
Band Steering 
Data Rate Tweaking
Airtime Fairness
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Band Steering
• Clients tend to connect to the first radio they discover.
• 2.4GHz is a narrower (fewer channels), crowded (legacy 
devices) and slower (no 802.11ac benefits).
• User experience would be better if clients are ‘nudged’ 
towards the 5GHz radio of the AP.
• Typical implementation: Don’t respond to Probes and 
Association attempts on 2.4GHz from new clients and 
give it a chance to go to 5GHz.
– Persistent clients are allowed on to 2.4GHz.
– If 5GHz is fairly heavily loaded, clients are allowed on 
2.4GHz
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Data Rate Tweaking
• APs support several data rates that clients use based on their capability 
and connection quality.
• A client at 1Mbps or 2Mbps is using up shared airtime and reducing the 
efficiency of the cell.
• Disabling lower data rates in radio configuration ensures that such clients 
are dropped off rather than struggle and maintain a poor connection. For 
the greater good.
• Depending on client mix and capability minimum rate of 12Mbps could 
help improve cell efficiency.
• CAVEAT: if you have very old devices (11b-only) they will be unable to 
connect unless data rates such as 5.5 or even 1 or 2Mbps are enabled. So 
check client mix.
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Airtime Fairness
• Problema:
– Wi-Fi é um meio compartilhado, todos os clientes competem pelo acesso.
– Um cliente de 11g tem um tiro quase igual em obter acesso ao meio e um 
cliente "rápido" 11n.
– Cada transmissão de 11g leva tempo de antena que um cliente 11n 
poderia ter enviado muito mais dados em (maior modulação, agregação, 
maior uso de canal, etc.).
• Solução:
– Acelere os clientes mais lentos na presença de tráfego de clientes de taxa 
de dados mais altos. Mais dados são transmitidos na mesma quantidade 
de tempo em relação a esse AP.
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Cambium Cloud-Managed WiFi
Copyright2017 Cambium Networks, Ltd. All rights reserved.
Wi-Fi for Enterprises and Service Providers
Home WiFiService ProviderEnterprise
SP Managed HomeSP Managed Enterprises
Target Market
Service Provider Managed 
Homes, Small Enterprises, 
Public Hotspots, Industrial
Solutions in the Market Today
1. Expensive and Complex: -
large enterprises
2. Inexpensive: lacking in 
scalability, manageability and 
reliability
Need for Svc Provider
• Easy to Manage
• Scalable
• Quick to Deploy
• Reliable and Affordable
Cambium’s WiFi Solution
 Zero Touch Deployment
 Easy Remote Manageability
 Cloud Managed with Very 
High Scalability
 Reliable and Affordable End to 
End Wireless
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Indoor Wi-Fi Access Point Portfolio
E400 E410 E600 R190 R200 R201
MARKET ENTERPRISE HOME
RADIOS 2x2 11ac 2x2 11ac 4x4 11ac 2x2 11n 2x2 11n 2x2 11ac
BAND
2.4 &
5GHz
2.4 & 5GHz 2.4 & 5GHz 2.4 GHz 2.4GHz 2.4 & 5GHz
MU-MIMO N Y Y N N N
ETHERNET 1x GE 1x GE 2x GE
1x WAN
3x-4x LAN
1x WAN
4x LAN
1x WAN
4x LAN
USB N N Y N Y Y
ATA / FXS N N N Y Y Y
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Outdoor Wi-Fi Access Point Portfolio
ePMP1000 E500 E501S E502S*
MARKET ENTERPRISE, SERVICE PROVIDER
RADIOS 2x2 11n 2x2 11ac 2x2 11ac 2x2 11ac
ANTENNA
External
(Omni in kit)
OMNI 
360°
SECTOR
90°-120°
SECTOR
30°
ETHERNET 2x FE 2x GE 2x GE 2x GE
PoE-Output Cambium
Cambium, 
802.3af
Cambium, 
802.3af
Cambium, 
802.3af
LTE Filter N Y Y Y
E502S Launching in 
Q3-2017
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Access Point Naming Convention
E 5 0 1 S
AP CLASS
E : Enterprise
R : Residential
AP TYPE
EVEN: Indoor
ODD: Outdoor
E4xx, E6xx : indoor
E5xx: Outdoor
COVERAGE
0 : Omni
1 : 90-120 Sector
2 : 30 Sector
SPECIALIZED AP
(Optional)
S : Sector
W : Wallplate
Skipped otherwise
CAMBIUM 
INTERNAL
Residential Router overview
Dual band 
802.11ac
Single band 
2.4 GHz 802.11n
PoE to PMP 450 
or ePMP SM
Desktop Internet TV Printer Network 
Storage
FAX Phone
Rich Voice/Call Features
• Voice Activity Detection, 
Echo cancellation, Three-way calling
• Call hold, Call forwarding, 
Call transfer, Call waiting
Networking Features
• VoIP: SIP V2, Adaptive jitter buffer 
management
• DHCP, Dynamic DNS, 802.1Q,802.1P, 
L3(DSCP)
Management
• Cambium Cloud /NoC Management, 
Remote Troubleshooting, Provisioning
• SNMP V2 ,TR-069
WiFi PoE VoIP
Single, 2.4, 802.11n Cambium ✓
Single, 2.4, 802.11n – ✓
Dual band, 802.11ac Cambium ✓
Dual band, 802.11ac – ✓
Dual band, 802.11ac – –
4LAN Ports 2 Phone Ports
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Enterprise Indoor overview
Ceiling, wall, or desktop mount options
Security
• HTTPS, SNMPv3, Firewall, NAT, 
Client isolation 
• Secure Configuration Store, 
Time based access
Guest Access
• Built-in Hotspot, Interop with third 
Party Hotspot WISPr, Rate-limiting 
(per client/per WiFi)
• 802.1x, EAP-SIM/AKA, Hotspot 2.0
WiFi
• WPA-TKIP, WPA2 AES, 802.11i
• Auto-channel selection, WMM
• 16 SSIDs, 256 Users
Management
• Cloud/NOC Management, 
Autonomous operation
• Quick troubleshooting
• GUI, SNMPv3, CLI
RF
• 802.11a/b/g/n/ac
• MIMO and MU-MIMO
• 2.4/5GHz
• 2x2 and 4x4 versions
• Max TX power = 25dB (2.4, 5 GHz)
Physical
• Ceiling, Wall, Desk mount
• Software controlled LED
• Operating Temp 0-45 C
Installation
• Installable shoes for table 
mount
• Detached back-plate for easy 
ceiling mount
Ports
• 802.3af PoE Gigabit
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Enterprise Outdoor Overview
RF
• 802.11a/b/g/n/ac 
• Dual band: 2.4, 5 GHz 
• 2x2 MIMO, Omni and Sector
• Max TX power
28dBm @ 2.4GHz, 
29dBm @ 5 GHz
• LTE Coexistence filter
Ports
• 802.3at PoE in Gigabit
• 2 output power options
(a) Canopy or (b) 802.3af PoE out
Operations
• Max. Capacity: 256 users, 16 SSIDs
• Software controlled front LED
• cnMaestro controller managed
Physical
• IP67
• Operating Temp: −30 to 60ºC
Installation
• Detachable bracket pole or wall mount
Same basic software capabilites
as Enterprise Indoor since both 
are built off the same codebase.
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Thank you
cnPilot™ Training
cnMaestro WiFi Controller
Overall Objectives
At the end of this session, participants should be able to:
1. Create a cnMaestro account and add administrators
2. Claim and onboard devices and place them in a network
3. Monitor Cambium equipment
4. Configure devices with AP Groups and WLANs
5. Investigate and acknowledge issues using alarms
6. Bulk update device software
7. Troubleshoot common deployment issues
58
2m to 245 KM – Connecting the unconnected
59
Inventory Management
Planning
Network Management
Wi-Fi Controller
Support & Warranty Services
Point to Point Point to Multipoint
Long Distance: PTP 650, 820 Distribution Access: PMP 450, ePMP
Indoor
Outdoor
- Single Band
- Dual Band
Home + Small 
Business
802.11n, 802.11ac Indoor & Outdoor
Edge Access: cnPilot
From 2m to 245km
Indoor to Outdoor
cnMaestro
Copyright 2017 Cambium Networks, Inc. All rights reserved.
Network Management…Simplified
• Devices discover cnMaestro
• Firewall-friendly -- all traffic over HTTPS
• Access from anywhere using a standard Web browser
• Full visibility from tower to edge
• Easy to create an account and get started!
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 60
cnMaestro
Cloud Manager
Local 
On-Premise NOC
Cloud based architecture
New UI Architecture
• Support of Various Devices
Instant Discovery of APs
• Traditional SNMP Discovery is Slow 
and Requires Firewall Configuration
• Cambium Devices Instantly Discovered 
Communicating over HTTPS
Multi-Tenancy
• Cambium Cloud Serves Multiple ISPs Securely
• ISPs can Serve Multiple Networks and 
Customers with Privacy and Security
Highly Scalable Architecture
• Distributed Processes, Message-bus, Database
• Redundancy
Distributed Process
Distributed 
Database
Distributed 
Message-bus
ISP
A
ISP
B
ISP
C
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Centralized Management and Operations
Use Networks and Towers to 
organize your system. 
Devices are automatically 
organized hierarchically.
Click to focus 
on problematic 
devices
Quickly find a device 
using the Search 
function.
See the status of all 
your devices
• PTP
• Point-to-Multipoint
• WiFi
……All from your single 
Cambium account
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Easily identify the 
mobile device through 
their names and 
manufacturer
Remote Packet Capture 
and RF analysis tools
Preloaded Status of all the 
component of end to end network -
from mobile device having problem 
to the backhaul
John Smith
Centralized Troubleshooting
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Benefits
• Quick to Get Started 
– Create your cloud account and start onboarding your devices
– No servers to purchase, setup, update, or manage
• Access from Anywhere With a Standard Web Browser
– No need for a VPN or a Java web client
• Scalable 
– Supports individual cnMaestro accounts up to 10,000 devices
– Customers can have multiple accounts
– Leverage the cloud to manage 100,000s devices
• Rich Feature Set
– Designed for wireless networks
– End-to-end management of your Cambium network
Copyright 2017 Cambium Networks, Inc. All rights reserved. 64
Clients Internet
Local breakout
3 autoPilo
t
Tunnel
2 cnMaestro controllerLocal Controller 
cnMaestro
cnPilot APs
Local breakout (LBO)
1 Cloud 
65
Autonomous
Full control
Freedom!
Copyright 2017 Cambium Networks, Inc. All rights reserved.
Adaptive Architecture – 3 Flexible ways to deploy
Features
Hierarchical Dashboards
• Visualize devices from tower to edge with customized dashboards for each device type. 
Dashboards forWiFi devices include AP, AP Group, and Site.
Advanced Troubleshooting
• Display tower-to-edge status in a single graphic, view WiFi client details and health, and 
troubleshoot client connectivity directly on the AP.
Notifications
• View immediate status with stateful alarms, and troubleshoot customer issues by filtering 
on alarm history and reviewing events
Device Inventory
• Access your devices at the system level, or by network, tower, or site. Device data can be 
exported in PDF or CSV formats.
Statistics, Trending, and Reporting
• View historical radio and network statistics. Download CSV data reports for offline investigation. 
Copyright 2017 Cambium Networks, Inc. All rights reserved
Features
Bulk Image Upgrade
• Upgrade the software images in a site or across sectors in a single job. 
AP Group and WLAN Configuration
• Automatically synchronize configuration across devices mapped to an AP Group.
Maps and Map Modes
• Leverage Google Maps to visualize device health. Change the mode of the map to 
graphically display various wireless key performance indicators.
Zero Touch Onboarding
• Preconfigure Cambium devices so they will be automatically onboarded when connected to 
the network.
Multiple Administrators
• Invite colleagues by email to manage the devices in your organization’s cnMaestro account. 
Copyright 2017 Cambium Networks, Inc. All rights reserved
Account Creation
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 68
Lab Create a User account on test.cloud.cambiumnetworks.com.
Add a Company account for the course devices.
Goals Understand the types of cnMaestro accounts.
Know where to go for help.
Lab: Create Company Account
• Access test.cloud.cambiumnetworks.com
• Select “Create a Company Account”
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 69
Lab: Create Company Account 
• Register as a New User
– Use an email you can access from the Web.
– Click on email confirmation (check spam folder).
– The User Login represents you.
• Create a Cloud Management Account
– Enter the requested information.
– The Company Account holds your devices.
– Provides all the cnMaestro NMS functionality.
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 70
Lab: Create Company Account
Copyright 2017 Cambium Networks, Inc. All rights reserved 71
Define a friendly name to easily 
recognize this cnMaestro account.
Must be unique. Cannot be changed. 
Uniquely identifies this cnMaestro account.
Onboarding Key only applies to the person 
creating the account. As additional users are 
invited to this cnMaestro account, they can set 
their own Onboarding Key.
cnMaestro Terminology
Copyright 2017 Cambium Networks, Inc. All rights reserved
Associated with an individualUser Login
• Same login shared with Cambium Support Center and Community
Associated with a company (i.e. ISP/Enterprise)cnMaestro
• Device management account for an ISP / Enterprise
User-defined stringCambium ID
• User-defined string
• Uniquely identifies the Company Account
• Optionally used during device onboarding
Home Page
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 73
Quick Access to 
Key Functions
Access Cambium Community 
and Support
Documentation 
and Training
Always Accessible 
via Home Menu
• Maximum of 10 Administrators
• Cambium employees don’t count towards limit
Account Types
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 74
Lab Toggle the Wireless LAN View.
Goals Understand the Access and Backhaul Accounts
Understand Wireless LAN Accounts
Two Primary Account Types
Copyright 2017 Cambium Networks, Inc. All rights reserved
Support for cnPilot, ePMP, and PMP
Access and 
Backhaul
• Support for cnPilot, ePMP, and PMP
• Integrated view across all product lines
• Hierarchical navigation
• Devices grouped by Networks
Support for cnPilot Enterprise only
Wireless LAN 
• cnPilot E-Series and ePMP Hotspot
• Simplified Wi-Fi-specific view
• Tabular navigation
• Networks not supported
Access and Backhaul Account
• Default Account Type
• Support for cnPilot, ePMP, PMP Devices
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 76
Side Menu
Quick Buttons
Hierarchical Tree
Alarm Count
Dashboard KPIs
Header Status
Hierarchical Navigation
• Hierarchy to Organize Devices
– Includes Networks, Towers, Sites
– Parent/child relationships 
determined automatically
– PMP AP -> PMP SM -> WiFi AP 
• Select Node to View Content 
Note: to force a refresh of the tree status, click 
Refresh
Copyright 2017 Cambium Networks, Inc. All rights reserved. 77
Wireless LAN Account
• Support for cnPilot Enterprise
• Simplified Menu Structure
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 78
Side Menu
Tabbed Navigation
Header Status
Switch Account Type
• Navigate to Application > Settings
• Change Account Type to Wireless LAN
– cnPilot E-Series supported in Wireless LAN UI
– cnPilot R-Series must use Access and Backhaul UI
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 79
AP Groups and Sites:
WiFi Device Aggregations
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 80
Lab Create a hierarchy to be used in the demo.
Goals Understand the Tree Hierarchy.
Add a new Network and Tower.
AP Groups
• Aggregate Devices by Configuration
– Group devices that share configuration parameters.
– Updating AP Group changes all devices mapped to the group.
• AP Group Dashboard
– Consolidated statistics for all devices in group.
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 81
Sites
• Aggregate Devices by Geographic Location
– Group devices by location.
– Devices can share a floor plan.
• Site Dashboard
– Consolidated statistics for all devices at site.
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 82
Site Floor Plan
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 83
• Support for Single Floor Plan per Site
• Devices Placed on Image
Lab: Create AP Group and Site
• Navigate to AP Group
– Click “New AP Group”
• Navigate to Site
– Click “New Site”
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 84
Onboard Devices
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 85
Lab Onboard devices into the company account.
Set up location pre-provisioning for the devices.
Goals Understand claiming, onboarding, and pre-provisioning.
Review difference between Cambium ID and MSN Onboarding.
Detail networking considerations for adding devices.
Architecture
• Devices Contact 
cnMaestro
• HTTPS Protocol
• NAT/Firewall: No 
Problem
• Edge Router 
Allows Outgoing 
Packets
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 86
Network Requirements
• Devices Must Have 
– Internet access
– Ability to resolve and access https://cloud.cambiumnetworks.com
– Ability to resolve and access http://s3.amazonaws.com
• Not Required
– Public IP address -- devices can have private IP addresses and sit 
behind a NAT firewall
– Inbound connections -- devices will always initiate the connection 
with cnMaestro
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 87
https://cloud.cambiumnetworks.com/
http://s3.amazonaws.com/
Onboarding Flow
Copyright 2017 Cambium Networks, Inc. All rights reserved
Claim
Onboard
Managed
Add device to your account
Provision device with software, 
configuration, and location
Device sends statistics to network 
management system and is available 
for administration
Approve 
Onboarding
cnMaestro
Provisioning
Claiming Devices
Claiming a device = tying it to your cnMaestro account
Copyright 2017 Cambium Networks, Ltd. All rights reserved
• Via Serial Number (MSN)
– Occurs on cnMaestro
– Serial number can be bar-code scanned from the box
– Supported on R200, R201, E400, E500
• Via a Cambium-ID and Onboarding key
– Occurs on device
– Configured on devices through their CLI, GUI, SNMP.
– Supported on all platforms (such as ePMP1000).
Onboarding Devices
• After Device Has Been Claimed and Approved
– Optionally pre-provision the device by setting location, configuration, 
or software version
– Approval required before onboarding begins
– Claim devices using Serial number or Cambium ID
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 90
Lab: Onboard Devices Using MSN
• cnMaestro UI
– Select Onboard Devices from Home or Navigate to Onboard
– Select “Claim Device”
– Enter MSN of R200/201 or E400/E500 Device 
 R-Series devices require the Access and Backhaul account
Copyright 2017 Cambium Networks, Inc. All rights reserved. 91
Lab: Onboard Device Using MSN (cont’d)
• cnMaestro UI
– Navigate to Onboarding Queue
 We won’t pre-provision yet, but you can look at the options
– Configure (optional)
 Set device location, place in network, on tower, set software and 
configuration
– Approve Device
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 92
Lab: Onboard Device Using MSN (cont’d)
• Device
– Turn on Device and connect Device to Network
– For this lab only, set the URL to test.cloud.cambiumnetworks.com
 ePMP 1000 Hotspot and cnPilot E400
o Configure --> System --> cnMaestro
 cnPilot R200/R201
o Administration -> cnMaestro -> Configuration
• Device should be Onboarded in cnMaestro
– Will show up in the tree in a few minutes
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 93
Onboarding Queue
• The device will not be onboarded when it accesses cnMaestro -
- it will remain in the Onboarding Queue until approved.
• Onboarding key is set on the device UI, in tandem with the 
Cambium ID to claim the device in a specific account.
Copyright 2017 Cambium Networks, Ltd. All rights reserved
Device UI: Onboard cnPilot Enterprise
• CONFIGURE SYSTEM. 
Copyright 2017 Cambium Networks, Inc. All rights reserved. 95
Device UI: Onboard cnPilot Enterprise
• The status of 
the device 
connection to 
cnMaestro can 
be viewed on 
the Device UI 
dashboard.
Copyright 2017 Cambium Networks, Inc. All rights reserved. 96
Optional: Quick Start Onboarding
• Wizard Available with Brand New Account
• Step Through Single Device Onboarding
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 97
Monitoring
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 98
Goals Understand the cnMaestro UI components.
Discuss core navigation methodologies.
System Dashboard (Access and Backhaul)
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 99
Hierarchy 
Level
Key 
Performance 
Indicators
Aggregate 
Alarms
Manual 
Refresh
Dashboard 
Components
AP Dashboard
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 100
Inventory (Access and Backhaul)
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 101
Column 
Groups
Export as CSV 
or PDFFilter by Tree
• Column Groups Change Column Display
• Wireless LAN View Uses AP Table Instead
Search
Notifications
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 102
Goals Understand difference between Events and Alarms.
Review Alarm lifecycle.
Events
• Generated by a Device
– Analogous to SNMP traps
• Also Generated Internally
– Device/Link up/down, etc.
• Logged in an Event Database
• Categorized by an Event Type
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 103
State-Based Alarms
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
• Alarms Have State and a Lifecycle
– Only active when condition persists
• Acknowledge to Decrease Visibility
– Add note for other administrators
• Visualize Historical Active Alarms
– Filter for a specific time window
Raised
Active
Acknowledged
Inactive
Expired
Alarm Lifecycle
Alarm Page
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 105
Navigating Narrows 
the Alarm View 
Content
Alarm Table 
Containing all 
Active Alarms
Details Available by 
Clicking on an 
Alarm
Alarms can be 
Acknowledged
24 Hour Alarm 
Summary Charts
Global Alarm 
CountsAlarm View 
Accessible from 
Toolbar
Software Update
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 106
Tasks Create a software update job and add to queue.
Execute job to update lab device software.
Goals Discuss software architecture and terms.
Review the jobs infrastructure.
Software Updates
• cnMaestro Uses a Device Pull Model
– Devices are notified where to download images
– https://s3.amazonaws.com
• Bulk Updates Supported
– Select a level in the tree, then select devices to be upgraded
• Each Update is a Job
– Only one device type and software version per job
– Jobs can be created and then executed later
 Day Staff can create jobs for Night Staff to execute
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 107
http://s3.amazonaws.com/
Software Update Page
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 108
Select Device 
Type
Filter Level 
Using Tree
Select Devices 
Using Table
Software 
Versions in 
Use in Devices
Image 
Selection
Update 
Options
Create Job
• Options Include: Stop on Critical Error; Parallelism of 
Device Updates; and Order of Device Updates in a Sector
Active Jobs Page
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 109
Run Job
Active Job 
Queue
Detailed Job 
Status
Individual 
Device Status
• Only One Job Executes at a Time
• Jobs Can Be Paused or Stopped
• Will Not Run in Parallel With Configuration Jobs
Lab: Software Update
• Update Software on a Lab Device
– Navigate to appropriate tree level
– Create a job to update the software
– Add to Job Queue
– Start Job Running 
– Wait until completion
• View Image Version for Device in Inventory
• View Image History for Device in
– Performance (WLAN)
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 110
Configuration Update
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 111
Tasks Create a new AP Group and map a WLAN to it.
Apply the AP Group to a Device.
Advanced: override the AP Group for a specific Device.
Goals Understand AP Groups and WLANs
Learn about Device Overrides
Configuration Model
• Two Types of cnMaestro Configuration
– Wireless LAN: AP Groups and WLANs
– Access and Backhaul: Templates
• AP Groups: shared device configuration
• WLANs: shared wireless network configuration
• cnPilot Enterprise and Home
– Different WLANs and AP Groups for each
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 112
Automatic Synchronization
• Automatically Push Configuration to Devices
– Enabled by Default in cnPilot Enterprise
– Disabled by Default in cnPilot Home
• Changed in AP Group Configuration
– If Disabled, Requires Manual Synchronization
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 113
Lab: Create an Enterprise WLAN
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 114
• Select SSID and Save
Lab: Create Enterprise AP Group
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
• Map WLAN to AP Group
Lab: Map AP Group to Access Point
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
• Navigate to AP > Configuration
Advanced: Device Overrides
Copyright 2017 Cambium Networks, Inc. All rights reserved. 117
• Override AP Group Settings at Device
• Static IP, Channel, Power, Etc.
Advanced Troubleshooting
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 118
Goals Review Advanced Troubleshooting features.
Discuss current device support.
Powerful Troubleshooting
Copyright 2017 Cambium Networks, Ltd. All rights reserved
Status and KPIs 
for Connected 
Devices
Connected Client 
Details in WiFi
Tools and 
Visualizations
Latency Test
Lab: Advanced Troubleshooting
• Start WLAN Device 
• Associate Wireless Client
– Review client connectivity and status
• Explore Additional Troubleshooting Tools
– Such as Unconnected Clients and Network 
Connectivity
• Run Wi-Fi Analyzer
• View Device Logs and Run Packet Capture
Copyright 2017Cambium Networks, Ltd. All rights reserved. 120
WiFi Guest Access Portal
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 121
Goals Review cnMaestro Guest Portal service.
Hosted Captive Portal
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 122
• Services > Guest Access Portal
• Customize Splash Page with Editor
• Add One to Four Portals
• Four Templates to Get Started
Multiple Access Control options
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 123
• Free Service: restricted by time (Eg: free 30min every 24 hours)
• Social Login: allow access by Facebook, Google IDs
• SMS Authentication: phone number and text message access code
• Vouchers: pre-print and distribute access vouchers
Access Point configuration
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 124
• WLAN Guest Access Configuration 
• Point to same Portal name on cnMaestro
On-Premises
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 125
Goals Understand difference between On-Premises and Cloud.
Detail how On-Premises is deployed and managed.
On-Premises Deployment
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 126
• cnMaestro Installed in Local Data Center
• Same Functionality as Cloud Service
• Distributed as a Virtual Machine
– Packaged as an OVA (Open Virtualization Archive)
– All components available in a single image
cnmaestro.company.com
cnMaestro On-Premise
Virtualization Frameworks Supported
• Bare Metal Hypervisor
– VMware ESXi
• Desktop Virtualization
– VMware Workstation
– Oracle VirtualBox
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 127
ESXi
Bare Metal Hypervisor
cnMaestro On-Premises
Workstation / VirtualBox
Desktop Virtualization
cnMaestro On-Premises
Windows / Linux
Differences with Cloud
• Administrators
• Device Connectivity
• Onboarding
• Device Image Management
• cnMaestro Software Update
• Server Management
• Command Line Interface (CLI)
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 128
Administrators
• On-Premises Administrators are Local
– No connection to Cambium Cloud
– Default username/password: admin/admin
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 129
Device Connectivity
• Devices Access Hosted Server
• How Do Devices Know Server URL?
– Configure URL in Device UI (highest priority)
– Configure DHCP Option 43
 Set URL for cnMaestro (https://manage.company.com)
– Configure DHCP Option 15
 Set domain as company.com
 Device contacts cnmaestro.company.com
– Default Cambium Cloud access (lowest priority)
 cloud.cambiumnetworks.com
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 130
https://manage.company.com/
Onboarding
• Devices Added to Onboarding Queue by Default
– Devices must be approved in order to complete onboard
• Optional Pre-Provisioning
– Pre-provision devices with MAC Address
 Not Serial Number (MSN), as with Cloud
 Supported by all devices
 Allows one to set configuration, software version, and pre-approve
• Optional Authentication
– Enable authentication using Onboarding Key
– Onboarding Key entered into Device UI
– Device rejected if key is incorrect
 Device will not be added to Onboarding Queue
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 131
Device Image Management
• Existing Device Images (ePMP, etc.) Packaged in OVA
• New Device Images Require Installation
– Download images from Support Center
 http://support.cambiumnetworks.com > Downloads
– Access and Backhaul: Manage > Software Update > Manage Images
– Wireless LAN: Application > Manage Images
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 132
http://support.cambiumnetworks.com/
cnMaestro Software Update
• Two Types of Updates to cnMaestro Software
– OVA Update: includes complete virtual machine
– Package Update: includes cnMaestro software only
• OVA Update 
– Infrequent (every couple months)
– New OVA installed on virtualization infrastructure
– Manual export / import of data from old to new
• Package Update
– Replace cnMaestro software
– No data export required
– Download package and install through cnMaestro UI
– Only used for minor updates
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 133
cnMaestro VM Management
• Basic Support for Server Instance Monitoring
– Monitoring (CPU, Memory, Disk)
– Technical Support Dump
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 134
Command Line Interface (CLI)
• Accessible through Virtual Machine Console
– Default username/password: cambium/cnmaestro
• VM Management and Networking
– Change virtual machine administrator password
– Configure virtual machine networking
– Reboot system
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 135
Dashboard & Main Menu
Copyright 2017 Cambium Networks, Ltd. All rights reserved.
Wireless LAN Configuration
• Up to 16 WLANs on E400 and 8 on ePMP 1000 
Hotspot
• Each WLAN has its own:
– Name (SSID)
– Security Configuration
 Pre-shared keys
 RADIUS authentication
 MAC authentication
– VLAN
– Guest Access Policy
– Other policies such as ACLs, Rate-limit, Access Schedules
Copyright 2017 Cambium Networks, Ltd. All rights reserved
WLAN - Configure
Copyright 2017 Cambium Networks, Ltd. All rights reserved
RADIUS Configuration
• Up to 3 RADIUS servers for authentication and accounting, 
used for:
– EAP/802.1x Access
– Guest Access
– MAC authentication
• Servers can load balance or failover
• Standard interoperability: 3GPP-AAA servers, Windows Active 
Directory, free Radius etc.
Copyright 2017 Cambium Networks, Ltd. All rights reserved
WLAN - Rate Limit
• Each client’s traffic: avoids one user monopolizing bandwidth 
at coffee-shop or airport 
• All WLAN traffic: limiting guest network over corporate 
network
Copyright 2017 Cambium Networks, Ltd. All rights reserved
WLAN – Scheduled Access
• Control when clients are allowed on a network
• College dorms, schools, libraries, retail stores
Copyright 2017 Cambium Networks, Ltd. All rights reserved
GUEST Access : splash pages
Copyright 2017 Cambium Networks, Ltd. All rights reserved
WLAN – Guest Access
Copyright 2017 Cambium Networks, Ltd. All rights reserved
Radio - Basic
Copyright 2017 Cambium Networks, Ltd. All rights reserved
Automatic RF Management
• Auto Channel Select – Individual AP scans list of channels and 
pick the best one
• Auto RF – Group of APs periodically scan channels. Coordinate 
to assign non-overlapping channels and avoid excess cell 
overlap (reduce tx power)
• Interference avoidance – trigger channel change if interference 
is above threshold for particular duration
Copyright 2017 Cambium Networks, Ltd. All rights reserved
Deployment recommendations
• Non-overlapping channels can 
be easily found
• APs are located at a distance 
from each other so there is 
low self-interference
For example
• 1-3 AP indoor deployments
• Sparse outdoor deployments 
like parks, beaches
• APs are deployed with many 
overlapping cells
• Dense small cell deployments
For example
• >3 indoor AP deployments
• Small cell outdoor 
deployments like stadiums
Copyright 2017 Cambium Networks, Ltd. All rights reserved
Enable Auto RF when
Enable ACS and Interference 
Avoidance when
Band Steering
Copyright 2017 Cambium Networks, Ltd. All rights reserved
Dual-Radio 
AP
2.4 GHz
5 GHz
2
.4
 G
H
z
5
 G
H
z
5
 G
H
z
Requests on 2.4GHz are ignored if a client is dual band, with association 
allowed only on the 5GHz radio.
Traffic Tunneling Options: L2TP, GRE
• Selected per-SSID. Default is locally bridged.
Copyright 2017 Cambium Networks, Ltd. All rights reserved
Operations
• Firmware upgrade
 From GUI by uploading file through browser.
 From CLI pointing to a TFTP or FTP server.
Copyright 2017 Cambium Networks, Ltd. All rights reserved
Operations - System
• Tech Support – information that can be used by engineeringto 
debug
• Flash LEDs to locate APs
Copyright 2017 Cambium Networks, Ltd. All rights reserved
Operations - Configuration
• Export configuration as a text file
• Generate / modify configuration offline and upload
Copyright 2017 Cambium Networks, Ltd. All rights reserved
WiFi Analyzer
Copyright 2017 Cambium Networks, Ltd. All rights reserved
Connectivity
Copyright 2017 Cambium Networks, Ltd. All rights reserved
Packet Capture
Copyright 2017 Cambium Networks, Ltd. All rights reserved
Unconnected Clients
• System remembers and tracks clients that had connection 
issues.
• Tracks things like connection denial due to ACLs, invalid keys 
etc.
Copyright 2017 Cambium Networks, Ltd. All rights reserved
Tech Support
• Contains technical information 
useful support / engineering
• Include it with support requests
• Multiple snapshots if possible
Copyright 2017 Cambium Networks, Ltd. All rights reserved
Factory Default
• All configuration is reset to default
– Configuration, configuration password, Cambium ID
• While powered on, hold the reset button for 10s
 Device will reset to factory defaults and reboot
Connectorized Radio 
Reset Button
E400 Reset 
Button
	
R200/R201 
Reset Button
Copyright 2017 Cambium Networks, Ltd. All rights reserved
Thank you
cnPilot™ Training
Overall Objectives
At the end of this session, participants should be able to:
1. Understand the cnPilot home product line
2. Become familiar with the Cambium cloud-Managed WiFi
3. Monitor and operate cnPIlot™ devices using cnMaestro™
4. Troubleshoot common wireless issues using on-device tools as 
well as the cloud.
16
0
Managed cnPilot™ Home + Small Business: 
Key Specifications
Dual band 
802.11ac
Single band 
2.4 GHz 802.11n
Copyright 2015 Cambium Networks, Inc. All rights reserved. Company Confidential 161
PoE to PMP 450 
or ePMP SM
Desktop Internet TV Printer Network 
Storage
FAX Phone
Rich Voice/Call Features
• Voice Activity Detection, 
Echo cancellation, Three-way calling
• Call hold, Call forwarding, 
Call transfer, Call waiting
Networking Features
• VoIP: SIP V2, Adaptive jitter buffer 
management
• DHCP, Dynamic DNS, 802.1Q,802.1P, 
L3(DSCP)
Management
• Cambium Cloud /NoC Management, 
Remote Troubleshooting, Provisioning
• SNMP V2 ,TR-069
WiFi PoE VoIP
Single, 2.4, 802.11n Cambium ✓
Single, 2.4, 802.11n – ✓
Dual band, 802.11ac Cambium ✓
Dual band, 802.11ac – ✓
Dual band, 802.11ac – –
4LAN Ports 2 Phone Ports
cnPilot™ R200/R201
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Front Panel LEDs
Copyright 2015 Cambium Networks, Ltd. All rights reserved
LED Status Explanation
Phone 1/2 Blinking Not registered
On Registered
LAN 1/2/3/4 On Link
Off Disconnected
Blinking Activity
WAN On Link
Off Disconnected
Blinking Activity
Power On Powered On
Off No power
WLAN On Radio On
Off Radio Off
Blinking Wireless Activity
	
Rear ports
Copyright 2015 Cambium Networks, Ltd. All rights reserved
	
Interface Description
Power Connector for power adapter
Phone 1 / 2 ATA connector to phone
USB USB storage
WAN Ethernet to WAN
LAN 1/2/3/4 Ethernet to LAN
165
Installing cnPilot™ R200/201 
• Power ON the wireless router using the power supply/PoE
– POWER LED will glow after 5 seconds of powering ON and wait for 2 
minutes to boot up device properly.
• Insert the Ethernet cable to any LAN port on the RJ45 port labeled LAN1 
to LAN4 and connect other end of the cable to Ethernet port of PC
– LAN LED will turn ON after connecting the LAN cable
– Make sure you’re connecting it to LAN 1-4 and not the WAN port
• Configure the LAN interface of your PC to acquire an IP address using 
DHCP.
– It will get an IP address in the 192.168.11.x/24 subnet
Installing cnPilot™ R200/201 
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• Connect to the wireless router by typing http://192.168.11.1 in web browser 
• Enter default username “admin” and password “admin” 
• Change the default password by going to Administration->Management-
>Password Reset option.
http://192.168.11.1/
Installing cnPilot™ R200/201 
• Go to the WAN Tab
• Configure WAN connectivity as 
per ISP’s requirements
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Installing cnPilot™ R200/201 
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• Under the Wireless->Basic tab
• Turn on the radio
• Type in your SSID name
Installing cnPilot™ R200/201 
• Under Wireless->Wireless 
Security
• Configure Security Mode
• Enter your password
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Monitoring - General
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Product Information Device related information like Product 
Name, MAC address and hardware and 
firmware versions 
SIP Account Status Registration of ATA phone with SIP server
FXS Port Status Status of ATA phones connected at FXS 
ports.
Internet Port Status WAN
LAN Port Status LAN connectivity and speed
System Status Clock and uptime
Monitoring - WLAN
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• Summary of all wireless clients
Configuring WAN Access
Copyright 2015 Cambium Networks, Ltd. All rights reserved
WAN – Static IP
• Specify IP address / mask, router IP and DNS 
servers
Copyright 2015 Cambium Networks, Ltd. All rights reserved
WAN - DHCP
 AP will get WAN IP and other 
information from ISP’s DHCP server.
 Can specify value of vendor option (60) 
sent in DHCP discover
Copyright 2015 Cambium Networks, Ltd. All rights reserved
WAN - PPPoE
PPPoE Account Username
PPPoE Password Account password
Operation Mode KeepAlive –
Periodically send 
PPPoE Keepalives
(period specified 
below)
On Demand – Tear 
down connection 
after idle time
(specified below)
Manual – always-
on connection
Copyright 2015 Cambium Networks, Ltd. All rights reserved
LAN
IP Address Router IP address in subnet
Local 
Subnet 
Mask
DHCP pool subnet mask
Local DHCP 
Server
Enable / Disable server
DHCP Start 
Address
First IP address in client pool
DHCP End 
Address
Last IP address in client pool
DNS Mode Auto: DNS server is DHCP offer is
automatically populated
Manual: User configured Primary and
secondary servers
Client Lease 
Time
Duration of client lease
DNS Proxy If enabled, the device will forward the
DNS request of LAN-side network to
the WAN side network
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Wireless - Basic
Radio on/off Enable / Disable the radio
Wireless connection 
mode
AP or repeater
Network Mode Choose which of 11b/g/n is enabled
Multiple 
SSID1~SSID3 
Configure:
SSID Name
Hidden – Don’t populate SSID name in
beacons
Isolated – Disable client-client
communication
Broadcast(SSID) Don’t populate SSID name in beacons
AP Isolation Disable wireless client-client
communication
MBSSID AP Isolation Disable inter-BSSID communication
Frequency (Channel) Auto or specified channel
HT Physical Mode 
Operating 
Mode
Mixed Mode: Support pre 11n devices
Green Field: pre 11n devices not
supported, increasing throughput
Channel Bandwidth 20MHz or 20/40MHz.
Guard Interval Set to short for best performance
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Wireless - Security
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• Choose WPA2-PSK and AES for security
• Access policy – you can whitelist / blacklist wireless clients
– Disable
– Allow: Accept listed clients, reject all others
– Reject: Reject listed clients, allow all others
Management - configuration
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• Download current configuration in text format
• Generate or modify configuration files offline and upload to 
device
Management – Admin Settings
User type Admin User / Normal
User / Basic User
Language GUI language
Remote Web Login Enable GUI access
from WAN
Web Port HTTP and HTTPS port
for GUI.
Web Idle timeout Idle timeoutfor GUI
sessions
Allowed Remote 
IP(IP1,IP2,...)
Filter for IPs allowed
to log in to the GUI
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Administration - SNMP
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Frictionless Deployment:
Copyright 2015 Cambium Networks, Inc. All rights reserved. Company Confidential 182
34564567, 12367490, 1298620986, 
5285296
Claim Devices with Serial Number
cnPilot + cnMaestro
Config & Upgrade
Auto Registration
Device Details Actions
 Device (6069QN010F)
Residence Hall 1 Wireless Access
 PTP AP (6070QN011F)
 Wi-Fi AP (6069QN111F)
Settings
Onboarding Queue
The onboarding queue holds devices before they are added to your account. Devices must be approved in 
order to complete the onboarding process. 
Status
Updating
3d 2h
Waiting
20m
Waiting
5d 3h 20m
Added By
Saurabh
3d 2h (Cambium Id)
Noah Wiley
15h 20m (Serial Number)
Noah Wiley
5d 3h 20m (Cambium Id)
Select Device Type All (3)
Onboarding QueueSetup Config and s/w Ver.
Access Points
Provisioning using DHCP / Config Polling
• cnPilot R200/R201 can poll a configuration file over the network and apply new configuration on change
• Two ways of specifying file location
– Use DHCP option 66 (and optionally 67) to specify a file location accessed using TFTP
– Use device configuration to specify a URL accessed using TFTP/HTTP/HTTPS
 URL can contain macros
• Multiple triggers for polling
– On boot
– On upgrade
– Periodic
• Provisioning file is a set of key=value pairs in plaintext
– Dowload configuration from a device to get a model for a template
– The special key DBID_DBASE_VERSION is used to determine whether config has changed
 Simple strategy is to increment it on every config change
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Provisioning – Macros
Macro Name Macro Expansion
$ The form $$ expands to a single $ character.
MA MAC address using lower case hex digits, for example, 
0021f2011b19.
MAU MAC address using upper case hex digits, for example 
0021F2011B19.
MAC MAC address using lower case hex digits, and colons to 
separate hex digit pairs, for example 00:21:f2:01:1b:19.
PN Product Name, for example G502 or VOIP ATA.
SN Serial Number, for example E3C08109000051
IP WAN IP address, for example 201.45.12.89
SWVER Software version, for example v3.3.8
HWVER Hardware version, for example v1.0.1
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• Invoked by prefixing the name with a ‘$’ character(e.g.’$MAC’)
• If the variable name is immediately followed by an alphanumeric character, 
enclose the variable name in parentheses(e.g.‘$(MAC).conf’). 
Security - Filtering
• Default policy
– Accept / drop on no match
• Rules
– Matching criteria
 MAC
 SIP
 DIP
 Source port range
 Destination port range
– Action: accept or drop
Copyright 2015 Cambium Networks, Ltd. All rights reserved
FXS
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Line Enable Enable / Disable line
Proxy Server IP address or the domain of SIP Server
Display Name Name / number used for display
Phone Number Telephone number provided by SIP service provider
Account SIP account name
Password SIP password
Other Parameters Configure as required by your provider, usually 
defaults work. There is also a SIP tab with additional 
parameters
IPv6 Support
Configuration
Enable IPv6:
Network->IPv6 Advanced->Ipv6 Enable.
188Copyright 2014 Cambium Networks, Ltd. All rights reserved.
Also optionally supported on the onboard DHCP server.
Stateless Mode : Listen for ICMPv6 Router advertisements
189Copyright 2014 Cambium Networks, Ltd. All rights reserved.
Field Name Description
IP Protocol Version : Enable IPv4 & IPv6.
WAN IP Mode : DHCP
NAT Enable : Enable.
DHCPv6 Address Settings : Stateful
Prefix Delegation : Enable.
Stateless configuration example
190Copyright 2014 Cambium Networks, Ltd. All rights reserved.
Field Name Description
IP Protocol Version : Enable IPv4 & IPv6.
WAN IP Mode : DHCP
NAT Enable : Enable.
DHCPv6 Address Settings : Stateless
Prefix Delegation : Enable.
WAN port status indicates IPv6 address
191Copyright 2014 Cambium Networks, Ltd. All rights reserved.
Troubleshooting
Copyright 2015 Cambium Networks, Ltd. All rights reserved
WiFi Analyzer on cnMaestro
General troubleshooting steps
• Dashboard – check RF quality
• Dashboard client table – check SNR
– Excellent >40db, poor performance below 20db
• Run WiFi analyzer
• Is the client able to associate and stay associated?
– Check unconnected client table
• Does the client have an IP address
• Use on-device packet capture with filters to isolate problem to wireless interface / Ethernet interface
• Wireless captures using other tools
– Wireshark on Macbook
– Omnipeek
• Use cnMaestro troubleshooting page to get a comprehensive view of the wireless backhaul and 
access
• If you need to contact Cambium support make sure you download Tech Support data
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Labs
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Initial setup and Firmware upgrade
• Download latest firmware from support site and upgrade 
device, creating a Cambium account if necessary
a. Go to: 
https://support.cambiumnetworks.com
b. Register for an account.
c. From your email, follow the link to 
activate your account.
https://support.cambiumnetworks.com/
Setup
• First, connect the AP to port 1 on the Trendnet router
• Then connect laptops to ports 2-4
• Leave WAN port disconnected
4 Port Switch
w/ DHCP Server
Student Laptop
Internet
via Instructor 
Switch
W
A
N
Exercise 1 – cnPilot™ R 200 installation
• Set up the R200 connecting it to a LAN port on the Trendnet
• Configure a wireless LAN TrainingHomeX
• Ensure your wireless client can access the Internet
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Exercise 1 –Solution 1/2
Copyright 2015 Cambium Networks, Ltd. All rights reserved
1
2
3
Exercise 1 – Solution 2/2
Copyright 2015 Cambium Networks, Ltd. All rights reserved
1
2
3
4 5
Exercise 2 – Install an FXS phone
• Connect the supplied ATA phone to the cnPilot R200
• Set up the FXS port using the credentials on the whiteboard
• Successfully place a call to the instructor phone or one of the 
other lab groups
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Exercise 2 - Solution
Copyright 2015 Cambium Networks, Ltd. All rights reserved
1
2
3
4
5
6
7
Thank you
cnPilot™ Training
Enterprise Wi-Fi Access Points
Overall Objectives
At the end of this session, participants should be able to:
1. Understand WiFi basics
2. Become familiar with the Cambium cloud-Managed WiFi portfolio
3. Install, configure and monitor cnPilot™ R200 / R201, cnPilot E400 and ePMP™ 1000 Hotspot 
devices
4. Understand and deploy cnPilot™ features such as:
– Guest access
– Bandwidth limiting
– Scheduled access
– NAT and ACLs
5. Set up a cnMaestro™ cloud management account and on-board cnPilot™ and ePMP™ devices.
6. Monitor and operate cnPIlot™ devices using cnMaestro™
7. Troubleshoot common wireless issues using on-device tools as well as the cloud.
20
6
Hardware Overview
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Hardware Characteristics
Copyright 2015 Cambium Networks, Ltd. All rights reserved
INDOOR OUTDOOR
AP Models E400, E410, E600 E500, E501S, E502S
Typical Installation Ceiling, Wall or Desk Pole or Wall
Mounting Options and 
Hardware
Bracket for ceiling, Wall 
mount keyholes built into 
AP.
E410, E600 include T-Bar 
mounting Clip on housing
E500 : Bracket with wall 
mount key-holes and Pole 
mount with metal clips
E501/E502: Tilting Bracket 
for Pole mount
Powering up the AP PoE Injector or any 
standard PoE switch. 
E600: 802.3at for full 
functionality
PoE Injector or any 
standard PoE switch.
802.3AT needed if 
powering up another 
device over poe-out
LEDsSoftware controlled, 
indicate power-up and 
connectivity to cnMaestro
Software controlled, 
indicate power-up and 
connectivity to cnMaestro
LEDs
ePMP 1000 Hotspot
Power Green Powered up
Eth1 Green Link up
Blinking Link activity
Eth2 Green Link up
Blinking Link activity
cnPilot™ E400, E500, E501S, E502S
Orange Powered up, 
system starting 
up
Green Powered up, 
system 
operational
Orange Not connected 
to cnMaestro
Green Connected to 
and managed 
by cnMaestro
Copyright 2015 Cambium Networks, Ltd. All rights reserved
cnPilot E410, E600 (single LED)
Orange Powering up
Green Powered up, system operational
Blue
Managed by cnMaestro or 
autopilot
Login Page
210Copyright 2015 Cambium Networks, Ltd. All rights reserved.
• Default IP 192.168.0.1 for all APs except ePMP1000 Hotspot which 
uses 192.168.0.2
• Zeroconf IP
– 169.254.X. Y: X and Y are the last two bytes of the MAC address
• Username: admin password: admin
Dashboard & Main Menu
211Copyright 2015 Cambium Networks, Ltd. All rights reserved.
System Configuration
• System Name, Location, Contact used by SNMP and also appears in cnMaestro
• Country of Operation : radio regulatory
Copyright 2015 Cambium Networks, Ltd. All rights reserved
System - Management
• Always change admin 
password
– Leaving at default can 
compromise the AP and your 
network
• Disable less secure access 
methods (HTTP, Telnet) unless 
you have clients which only 
support that.
• Disable SNMP if not using it to 
monitor the AP.
System - NTP, Syslog
• Can be set as IP or full server name.
• Sync AP time from an NTP server
– Useful for features like Scheduled Access
– Helps easily co-ordinate AP logs
– AP time resets on reboot (no battery backup)
• Set timezone depending on location
• When managed through cnMaestro, time is synced automatically by 
cnMaestro, no need to set NTP.
• Send system events to an external Syslog server. 
– AP has limited resources to buffer events
– External syslog can consolidate logs from multiple APs.
• When managed through cnMaestro all events are sent to 
cnMaestro anyway, syslog may not be necessary.
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Wireless LAN Configuration
• Up to 16 WLANs. (8 on ePMP 1000 Hotspot)
• Each WLAN has its own:
– Name (SSID)
– Security Configuration
 Pre-shared keys
 RADIUS authentication
 MAC authentication
– VLAN
– Guest Access Policy
– Other policies such as ACLs, Rate-limit, Access Schedules
• Can be mapped to one radio or both on dual-band APs.
Copyright 2015 Cambium Networks, Ltd. All rights reserved
WLAN - Configure
Copyright 2015 Cambium Networks, Ltd. All rights reserved
RADIUS Configuration
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• Upto 3 RADIUS servers for authentication and accounting, used 
for:
– EAP/802.1x Access
– Guest Access
– MAC authentication
• Servers can load balance or failover
• Standard interoperability: 3GPP-AAA servers, Windows Active 
Directory, freeRadius etc.
WLAN - RADIUS
Copyright 2015 Cambium Networks, Ltd. All rights reserved
RADIUS tunneling through cnMaestro
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• RADIUS packets are sent from AP to AAA server by default. Can be 
cumbersome in two scenarios:
– Requires the AAA server to map the IP of each client to a shared secret.
– If there is a per-source-IP firewall rule in the middle requires all AP IP addresses 
to be added.
– In either of these cases using the AP subnet may not be acceptable for some 
reason.
• There is an option for all cases like this to tunnel RADIUS packets through 
cnMaestro on-premises. 
• AP will forward RADIUS packets to cnMaestro on the existing management 
tunnel (HTTPS) and receive responses back on the same path.
• cnMaestro forwards the packets to AAA server, the server only sees one 
peer with one peer IP address to manage.
WLAN - Rate Limit
• Each clients traffic: avoids one user monopolizing bw at coffee-
shop or airport 
• All WLAN traffic: limiting guest network over corporate 
network
Copyright 2015 Cambium Networks, Ltd. All rights reserved
WLAN – Scheduled Access
• Control when clients are allowed on a network
• College dorms, schools, libraries, retail stores
Copyright 2015 Cambium Networks, Ltd. All rights reserved
GUEST Access : splash pages
Copyright 2015 Cambium Networks, Ltd. All rights reserved
GUEST Access Configuration
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• Three landing page locations
– On AP
– On cnMaestro
– External hotspot provider (cloud4wi, purple etc)
• Four authentication options
– Click-through (terms and conditions)
– RADIUS authentication of username/password
– LDAP server lookup
– On-AP username/password
• Walled Garden support
 Advertise hotspot owners website
 Allow sign-on server
• Accounting – session time, data packets
WLAN – Guest Access
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Radio - Basic
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Radio – Enhanced Roaming
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• Client with poor connectivity can bring down the 
performance of the entire WLAN
• Some clients have poor roaming algorithms and 
don’t roam even if a better signal is available
• NOTE: can be disruptive is coverage does not overlap 
sufficiently
Automatic RF Management
• Auto Channel Select – Individual AP scans list of channels and 
pick the best one
• Auto RF – Group of APs periodically scan channels. Coordinate 
to assign non-overlapping channels and avoid excess cell 
overlap (reduce tx power)
• Interference avoidance – trigger channel change if interference 
is above threshold for particular duration
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Parameters
• Min Tx Power – minimum value to which Tx power 
will be reduced to avoid self interference
• RSSI Threshold – reduce Tx power if neighbor 
receives signal above this value
• Period – how often to run Auto RF scan
• Samples – number of samples to collect per channel 
per period
• Interval – interval between sample collection within 
a period
• Dwell time – time spent off-channel to measure a 
sample
Deployment recommendations
Enable ACS and Interference 
Avoidance when
• Non-overlapping channels can be 
easily found
• APs are located at a distance from 
each other so there is low self-
interference
For example
• 1-3 AP indoor deployments
• Sparse outdoor deployments like 
parks, beaches
Enable Auto RF when
• APs are deployed with many 
overlapping cells
• Dense small cell deployments
For example
• >3 indoor AP deployments
• Small cell outdoor deployments like 
stadiums
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Wireless Mesh Support
230Copyright 2016 Cambium Networks, Ltd. All rights reserved.
• Single as well as multiple hops
 Multiple hops reduce throughput by >50%
• Mesh Base – root AP, radio auto starts
• Mesh Client – radio scans for mesh base
• Radio can service Mesh and Clients
 No need to dedicate a radio to mesh
• Manual Provisioning. Recovery
• WPA2-PSK Security supported
• OK to mix AP types:
• ePMP1000 to E400, or
• E500 to E400
Configuration: Mesh
231Copyright 2016 Cambium Networks, Ltd. All rights reserved.
Fast Roaming
232Copyright 2016 Cambium Networks, Ltd. All rights reserved.
• 802.11r: Fast BSS Transition
• Supported by newer mobile devices: iPhones 
and Android (Samsung Galaxy)
• Reduced protocol handshakes when moving 
from one AP to another with WPA2-Enteprise or 
WPA2-PSK
• OKC: Opportunistic Key Caching
• Reduced protocol handshakes with WPA2-
Enterprise
• Supported on many laptops as well as mobiles
Band Steering : Why?
233Copyright 2016 Cambium Networks, Ltd. All rights reserved.
• 5GHz spectrum generally better for clients:
 Wider channels (40, 80MHz vs only 20)
 Cleaner (lower interference, more channels)
 Faster (11ac data rates)• Clients connect to the first radio they see
• sometimes that is the 2.4GHz even if the 
client was capable of 5GHz.
• Band Steering tries to nudge such clients to 
the 5GHz band on the radio, improving cell 
efficiency
Band Steering : How?
234Copyright 2016 Cambium Networks, Ltd. All rights reserved.
• By not responding to Probe and Association 
packets for clients seen the first time or 
known to be dual band.
• Delays cause the client to scan all 
channels again, and hopefully it finds the 
5GHz radio now.
• Delays on first association to network, but 
then APs ‘remember’ the client.
• State also Sync’ed across all APs at a site so a 
Configuration: Fast Roam, Band-Steering
235Copyright 2016 Cambium Networks, Ltd. All rights reserved.
Enhanced SNMP Support: RF-MIB
236Copyright 2016 Cambium Networks, Ltd. All rights reserved.
• AP Information
 Software version
 Hostname
 MAC address
• Radio Information
 RF Parameters: current channel, power
 Traffic parameters (tx/rx bytes, packets)
 Capacity: # clients
• Client Information
 RF parameters: RSSI
 Traffic Parameters (tx/rx bytes, packets)
Network - VLAN Interfaces
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• Create layer 3 interfaces
• Enable NAT on it
• Run DHCP relay on the subnet
Network - Routing
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Network - Ethernet
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• Access ports have one untagged VLAN
• Trunk ports have a native VLAN and additional tagged VLANs
• The native VLAN can be optionally tagged
Network – DHCP Server
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• For single cell networks. Typically with NAT.
DoS attack protection
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Type Description
ip-spoof Checks if source IP addresses are reachable
smurf-attack Protect from smurf (broadcast ICMP)
icmp-frag Handle fragmented ICMP ping messages
Access Control List (ACL)
• Upto 256 rules Per Ethernet interface and WLAN
• Examine each packet and match rule based on
– Source or Destination MAC, IP or Port number. Packet protocol, and direction.
• For each rule specify permit / deny action and order/precedence
• Default action is to drop
– Add a low priority rule to permit all remaining traffic if so desired 
Copyright 2015 Cambium Networks, Ltd. All rights reserved
DNS Access Control List (DNS-ACL)
• Provide basic URL filtering based on the domain name in DNS Requests.
• Wildcards in domain names supported (Eg: *.google.com)
• On match action is either permit or deny
• Configurable per WLAN, upto 256 entries.
– Rules have precedence (1=high, 256=low) and are processed in order
– If rules are present, and none match the default action is to drop
– User should create a wildcard allow rule
Copyright 2015 Cambium Networks, Ltd. All rights reserved
MAC Authentication
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• Use as a whitelist or blacklist
• Options to configure upto 256 entries on AP, or use an external 
RADIUS server
Traffic Tunneling Options: L2TP, GRE
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• Selected per-SSID. Default is locally bridged.
Operations
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• Firmware upgrade
 From GUI by uploading file through browser.
 From CLI pointing to a TFTP or FTP server.
Operations - System
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• Tech Support – information that can be used by engineering to 
debug
• Flash LEDs to locate APs
Operations - Configuration
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• Export configuration as a text file
• Generate / modify configuration offline and upload
Command Line Interface
• Hierarchical, each mode supports a set of configuration commands:
– Global mode
– WLAN mode, radio mode
– Ethernet interface, vlan interface
– DHCP mode
• ? – display command menu and help
• <TAB> completion
• Prefix configuration commands with no to negate or delete configuration
• Commands to view information are prefixed by show
– show version
• Action commands are verbs
– reload
• show config – display current configuration
• save – apply and save configuration
• apply – apply config without saving (to test config)
Copyright 2015 Cambium Networks, Ltd. All rights reserved
CLI example
TMI010-04:~ tmi010$ ssh admin@10.140.134.151
admin@10.140.134.151's password: 
ePMP-testlab(config)#
ePMP-testlab(config)# interface ?
eth : Configure ethernet interface
vlan : Configure vlan interface
ePMP-testlab(config)# interface v<TAB>
ePMP-testlab(config)# interface vlan 34
ePMP-testlab(config-vlan-34)# ip address 34.1.1.10 /24
ePMP-testlab(config-vlan-34)# exit
ePMP-testlab(config)# no interface vlan 34
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Config text
ePMP-testlab(config)# show config
!
management user admin password $crypt$1$dc5rZyXwR6aoLtZme/jeg+NzwA4MfO1I
poe-out
country-code IN
!
wireless radio 1
no shutdown
channel 6
channel-width 20
power 20
antenna-gain 5
!
wireless wlan 1
ssid orrery
no shutdown
vlan 1
security wpa2-psk
passphrase $crypt$1$+BeqsUJHdQaOPhJD0cDkQk98q4JldLO
!
interface eth 1
switchport trunk allowed vlan 10-20
!
interface vlan 1
ip address 10.140.134.151 255.255.255.0
ntp server pool.ntp.org
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Troubleshooting
Copyright 2015 Cambium Networks, Ltd. All rights reserved
WiFi Analyzer
Connectivity
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Packet Capture
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Unconnected Clients
Copyright 2015 Cambium Networks, Ltd. All rights reserved
System Logs
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Tech Support
• Contains technical information 
useful support / engineering
• Include it with support requests
• Multiple snapshots if possible
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Factory Default
• All configuration is reset to default
– Configuration, configuration password, Cambium ID
• While powered on, hold the reset button for 10s
 Device will reset to factory defaults and reboot
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Connectorized Radio 
Reset Button
E400 Reset 
Button
	
R200/R201 
Reset Button
PoE Out
• PoE-out to an auxiliary device, such as an ePMP or 450 SM
• NOT 802.3af, only powers devices with Cambium-PoE
• Supported on ePMP1000 Hotspot and E500
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Labs
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Exercise 1 – Initial setup and Firmware upgrade
• Download latest firmware from support site and upgrade 
device
a. Go to: 
https://support.cambiumnetworks.com
b. Register for an account.
c. From your email, follow the link to 
activate your account.
https://support.cambiumnetworks.com/
Download Current Software Version
• Go to https://support.cambiumnetworks.com/files/e400/
• Download the latest software release for E400
https://support.cambiumnetworks.com/files/e400/
Setup
• First, connect the E400 power brick to port 1 on the Trendnet
router
• Then connect laptops to ports 2-4
• Leave WAN port disconnected
4 Port Switch
w/ DHCP Server
Student Laptop
Internet
via Instructor 
Switch
W
A
N
Get the E400’s IP address
• Log in to http://192.168.10.1 (admin/admin)
• Click on
– Advanced Setup
– LAN
– DHCP Client List
• Look for the IP address of device with MAC OUI 00:04:56
• If you plugged in the E400 first it should be 192.168.10.101
Copyright 2015 Cambium Networks, Ltd. All rights reserved
http://192.168.10.1/
Log in to the E400
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• Use default username / password (admin/admin)
• Select Configure->System from the menu tree
– Ensurecountry is configured
• Select Configure->Radio from the menu tree and set a static 
channel (149/153/157/161)
Check current firmware version
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• Check version on dashboard screen
Upgrade firmware
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• Choose file download from Cambium support site
• Reboot after upgrade completes
• Verify firmware version
Exercise 2 – Set up basic WLAN and Monitor statistics
• Create a wireless LAN TrainingBridgeX
• Keep it mapped to the default VLAN 1
• Use WPA2 encryption
• Associate your phone / laptop to it and verify you can browse 
the internet
• Verify the WLAN is bridged and your device has an IP address 
assigned by the Trendnet router (use dashboard in the UI)
• Monitor client 
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Solution
Copyright 2015 Cambium Networks, Ltd. All rights reserved
1
2
3
4
5
Exercise 3 - ACLs
• Modify WLAN 2 created in the previous activity
• Verify you can access http://java.com from your client
• Add a rule to drop all http traffic (tcp port 80)
• Verify that you can no longer access http://java.com but can 
access https://java.com
• Make sure you create the default permit all rule!
Copyright 2015 Cambium Networks, Ltd. All rights reserved
http://java.com/
http://java.com/
https://java.com/
Solution 3 – Step 1/2
Copyright 2015 Cambium Networks, Ltd. All rights reserved
1
2 3
4
9
5 6 7 8
Solution 3 – Step 2/2
Copyright 2015 Cambium Networks, Ltd. All rights reserved
1
2 3 4
5
Exercise 4 – Guest Access
• Create WLAN 3 with SSID TrainingGuestX
• Enable Guest Access on it
• Configure your splash page with an appropriate title and other content
• Redirect the user to www.cambiumnetworks.com on success
• Configure the DNS ACL to deny access to ebay.com
– DNS ACL configuration can be found under Wireless->Access->DNS ACL
– As ebay has various subdomains enter “*.ebay.com” as the domain name
– Make sure you allow all other domain by adding a “permit *” rule at the end
• Verify your client only obtains internet access after signing on
• Verify user is redirected to www.cambiumnetworks.com after signing on
• Verify access to ebay.com does not work but you can access other sites
Copyright 2015 Cambium Networks, Ltd. All rights reserved
http://www.cambiumnetworks.com/
http://www.cambiumnetwors.com/
Solution 4 – 1/2
Copyright 2015 Cambium Networks, Ltd. All rights reserved
1
2
3
4
5
6
7
8
Solution 4 - 2/2
Copyright 2015 Cambium Networks, Ltd. All rights reserved
1 2 3
4
1 2 3
4
Exercise 5 – Troubleshooting 1
• Ping your wireless client from your wired laptop
• Run packet capture to view the ICMP packets
• Use the filters to only view ICMP packets 
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Exercise 5 - Solution
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Exercise 6 – Troubleshooting 2
• Run the WiFi Analyzer
• Examine and interpret the graphs and tabular output
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Exercise 6 - Solution
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Thank you
cnPilot™ Training
AUTOPILOT : AP as a Controller
Overall Objectives
At the end of this session, participants should be able to:
1. Understand what is Autopilot
2. Configure APs for Autopilot and Monitor them
28
4
What is Autopilot
• AP as a controller. In a small network (up to 32 APs) one of the 
APs acts as a controller for:
– Configuration of all APs
– Aggregating Statistics from all APs
– Aggregating Events from all APs
• Currently independent of cnMaestro
– APs managed just by the Master-AP
– Future plans for cnMaestro integration for backup and services
• Analogous topology to:
– Motorola Virtual Controller, Aruba Instant, Ruckus Unleashed etc.
• Optimal for small networks that 
– do not want to use cloud
– do not want to install on-premises cnMaestro on a server (cost, extra 
hardware etc)
• Does not include all cnMaestro features
– SMS Authentication, Payment Gateway etc
Positioning and Use-Case
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• Some memory and CPU dedicated to autopilot functionality 
(depending on size of network)
• No functions removed, can service wireless clients on its own 
radio even when it is a Master-AP.
• Configured by user. Should be set on one AP.
– Failover (active-standby) in future software
Master AP function
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• 32 APs in total
– One Master-AP managing up to 31 others
– APs can be mixed types (E400, E500, E501 all in one network if 
necessary)
• 1000 clients
– Statistics tracked and managed for upto 1000 clients
• 16 SSIDs
– Can be grouped into 4 wlan-groups.
Capacity Numbers
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• Any AP Firmware with version > 3.4.2
• Any Enterprise AP other than ePMP1000 Hotspot
– cnPilot E400, E500, E501S, E410, E600
• No special licenses or different firmware
Initial Setup
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• System -> Management set Autopilot mode to Master. Refresh 
web page
Converting to Autopilot
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Login : admin/admin by default
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Dashboard : Overview Stats and Events
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Key Site Stats
Other potential 
Member APs
Live events view
Main Menu Dashboard Menu
Top APs and Clients 
by traffic etc
Client distributrion
Dashboard : Access Points
Second Menu: Overview | Performance | System | RF
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Master-AP (controller) is 
highlighted with a crown next to it 
in any AP table
Dashboard : Wireless Clients
Second Menu: Overview | RF
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Clients roam among APs, and this information is aggregated 
with periodic stats updates (every 30-60 seconds). So a client 
might show up here on an ’old’ AP if it has just roamed.
Search box on top right searches multiple fields: MAC, IP, 
device-type etc.
INSIGHT : PULSE
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• Flag common problems from analyzing statistics.
• Administrator need not dig through all the logs and stats
• Ethernet Port Not Gigabit
• High CPU Usage
• Low AP Uptime
• Low Memory
• & more
INSIGHT: Timeview
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• History of statistics with synchronized, zoomable view.
• Client counts, throughput, Peak CPU usage, Peak Memory usage, 
Events
• 1 hour data
• Not persistent (lost on reboot)
INSIGHT: Events
Copyright 2015 Cambium Networks, Ltd. All rights reserved
• Aggregated from across the site
• Filterable.
• Color coded for severity
• Rolling buffer of last 1000 events 
Configuration
Copyright 2015 Cambium Networks, Ltd. All rights reserved
System : Country-Code, Password, Time 
Management : HTTP/HTTPS/Telnet/SSH, SNMP etc
WLAN Groups: SSID, Security, VLAN, ACL
Radio Channel, Power
For all 
APs in 
network
IP Address, Route, DNS, L3 Interfaces
Only on 
Master
Ethernet Port, Data Tunnels
All APs
Per-AP Settings (overrides) All APs
Configuration : Wireless LANS
• Add by clicking Add Wireless LAN
• Named, no numbers (system handles numbering on its own)
• Summary of WLAN, with WLAN group on top right side
Configuration : WLAN Group
• Container for WLANs
• Easier AP-SSID mapping
• Upto 16 WLANS in System
• Upto 4 WLAN Groups for those 16
• A default group created by the system
• No need for new ones unless AP-SSID mapping is not uniform
• WLANs created in a group remain inside it
• WLAN part of one group only not shared across groups
Configuration : WLAN Parameters
Subitems menu. Dynamic: guest-access tab shows when 
guest-access is enabledon WLAN
Option to view 
password/key
Advanced params in their own hidden menu
Configuration : WLAN Advanced
Available for advanced users to use. Hidden by default so other users avoid complexity
Configuration : Master IP Address Settings
Static IP settings. 
Recommended for master-AP
Configuration : AP Settings
Custom values for this ONE AP
Radio parameters can 
be custom or inherited 
from Global ones
DHCP by default, can be set 
to static
Configuration : Networks Interface
By default only on Master-AP. 
Needed on members if Captive 
Portal in use
Master AP can be DHCP 
Server on this network
Manage AP Firmware
Current Firmware Version
Backup Firmware, will 
change on upgrade
Firmware Upgrade 
Status
Firmware Upgrade Process
1. Upload firmware to master AP from browser GUI
2. Click Upgrade All Devices
a) Master AP will download firmware to others
b) All APs will upgrade their firmware, reporting back status 
periodically to master
3. Click Reboot All Devices to restart, and to activate new 
firmware.
4. (optional) click Upgrade next to any one device to upgrade 
just its firmware (Eg: replacement AP).
NOTE: AP needs 20-25MB of free memory to cache the firmware 
file. Post upgrade if not rebooting immediately, delete the cached 
firmware file. 
Manage AP Firmware
When a new firmware file is uploaded, the AP will check its 
meta-data and display basic information about it (such as 
version).
Only after the upload is done and successful can upgrades begin
System Management
 Reboot any or all devices.
 Disable Autopilot to go back to standalone mode.
 Export Config (text file) or import it back in.
Troubleshooting
• Download Tech-support from master-AP
• Only downloads from master, not from the member devices.
• Option to open device GUI of other member APs for access to 
other troubleshooting tools on them.
Details: AP Discovery & Connectivity
• Autopilot discover occurs over Layer2 with a broadcast packet 
periodically sent out by the master AP on its native vlan.
• The packet has a destination of 11-11-11-11-11-11 and an 
etherType assigned to Cambium of 89-41
• Packet capture of this packet:
• Inter AP communication is encrypted (SSL/TLS) and uses TCP 
port 31415.
Lab
LAB1: Enable autopilot and onboard 2nd AP
1. Connect both APs to a switch with connectivity to a DHCP 
server. Note the IP address of one of these APs and log onto 
its GUI using a browser.
2. Convert the AP to autopilot master
3. Refresh the GUI to load autopilot GUI.
4. Wait for the second AP to show up under Discovered Devices 
and click Approve or Approve-All to onboar the AP
LAB2: Setup an SSID and connect a client
1. Log onto the GUI of the master-AP and Click Configure
2. Set up a country-code under System if it is not setup.
3. Go to wireless LAN and create a new WLAN under the 
existing (default) wlan group
4. Configure an SSID testing123 and hit Save
5. Connect a wireless client to the SSID and view the dashboard 
to confirm the client shows up under Events as well as in the 
client related widgets and tables of the dashboard
Thank you
Guest Portal Configuration
cnPilot
Connect the Unconnected
Guest Access Features
Copyright 2017 Cambium Networks, Ltd. All rights reserved. 318
New	in	3.2
 Usage control
– Time
– Rate Limit
– Data limits
 Social Login
– Facebook
– Google
 Voucher Generation
Fully	Customizable	Portal
Rate,	Time	,	and	Quota	Limits
Social	Login
Voucher	generation
Interoperate	with	many	
popular	Eco-system	vendors
&	many	more…
Three Configuration Options, Three Portal Locations
• Configuration via
– cnMaestro
– AP GUI
– AP CLI
• Guest Portal via
– cnMaestro
– AP
– External
cnMaestro – Steps to create Guest SSID
• Create Guest Portal Service in cnMaestro
– Configure access options
– Customize Splash Page
• Create WLAN in cnMaestro
• Create/Edit AP Group
– Add Guest WLAN into appropriate AP Group
– Sync APs within AP Group to new configuration
cnMaestro – Adding a new Guest Portal Service
• Guest Portal is added under 
Services
• The Name of the Service must not 
have spaces or special characters
• Choose to log client login events if 
you wish to track access 
information
cnMaestro – Access Control 
• Select the Guest Portal that you want to 
configure 
• Selection Access Control – From here you 
can configure settings for
• Free Access
• Paid Access
• Vouchers
cnMaestro – Free Access Client Session Settings 
• Enable Free access if desired
• Client Session
• Session Duration sets the time limit for 
each free session.
• Renewal Frequency sets the time required 
before a new session will be granted
• Client Rate Limit
• Downlink sets the data rate for downlink 
traffic to a single client. Uplink sets the 
data rate for uplink traffic to a single 
client. 
• Client Quota Limit sets the data limit for a 
session
• Quota type can be None, Directional, 
or Total
cnMaestro – Social Login Configuration
• Free access must be 
enabled to use Social Login
• Either Google, Facebook, or 
both can be use for login 
• Allows for gathering of 
information provided 
on public profiles
• For Google, you will need 
to create a “Project”
• For Facebook, you will 
need to create an “App”
• Bypass Captive Portal 
Detection will be needed 
for IOS and Android 
devices.
See the Tech note on the Cambium Support site for details on setting up both Google and Facebook login at:
http://community.cambiumnetworks.com/t5/cnMaestro/Guest-Access-Portal-Social-Login-Configuration-Beta/td-p/60333
cnMaestro – SMS Configuration
• If SMS is to be used, enable in this 
section
• Select the SMS Gateway Provider. At 
this time, Cambium supports:
• Twilio
• SMS Country
• SMS Gupshup
• Depending n the provider selected, 
there will be different settings to 
configure
• Select the appropriate country code
cnMaestro – White List
Add web sites into the White List to aid 
Captive portal bypass for IOS and Android 
devices.
These devices require a confirmation that 
they can access the internet before Social 
Login is complete, necessitating the ability 
to access them first.
cnMaestro – Paypal settings
If a Paid option is desired, 
Enable here
Provide your Paypal PDT 
Identify Token.
cnMaestro – Adding a new Voucher Plan
• To add a Voucher plan, first go to the 
Vouchers tab.
• Enable Vouchers
• Click on the Add New Plan option
• Create the new plan
• Session Duration
• Voucher Expiry
• Client Rate Limit
• Client Quota Limit
• Voucher Device Limit
• Message and Colors for Voucher 
cnMaestro – Adding a new Voucher Plan, continued
cnMaestro – Voucher Plans
Click Add Vouchers to create 
new ones
Vouchers that have been 
generated can be viewed here
- Voucher ID
- Status (valid, expired)
- Creation Time
- Claimed Time
cnMaestro – Splash Page Configuration
• Navigate to the Splash 
Page Tab
• Choose Theme or upload a 
Custom Design
• Configure
• Logo
• Background
• Text Design
• Content
cnMaestro – Splash Page Content
Fill in content information to customize your Splash Page 
Utilize Terms and Conditions
Changes will not display in the Preview until they are saved
cnMaestro – Splash Page Custom
Beyond the customization options 
already displayed, it is possible to fully 
customize the Splash Page with an CSS 
file.
Download a Sample CSS file to obtain the 
format used
Upload the new CSS file and Save.
cnMaestro – Guest Portal Sessions
Once the Guest Portal has been assigned to an SSID and users connect, you can view information 
from the Sessions tab.
If desired, users connected to the Guest Portal can be forced off via the Disconnect option.
cnMaestro – Create Guest WLAN
• Select WLAN Options
• Click on “New WLAN”
• Configure Basic WLAN Settings
cnMaestro – Guest WLAN Tied to Guest Portal
Navigate to the Guest Access Tab
Enable under Basic Settings
Choose cnMaestro as the Portal 
Mode
Enter in the name of the Guest 
Portal Service alreadycreated
cnMaestro – Guest WLAN Advanced Settings
• If redirection is desired, set the port number
• Configure timeouts
• Session
• Inactivity
• MAC Authentication Fallback allows for the use of a single SSID for MAC authentication, 
using Guest Access for MAC addresses not already known by Radius Server
cnMaestro – Guest WLAN Whitelist
If a Whitelist is desired, it can be added to the Guest WLAN Configuration
We already created one within the Guest Portal Service, but this field can be used for 
greater customization of specific Guest WLANs utilizing the Guest Portal Service 
previously created
cnMaestro – Adding Guest WLAN to AP Group
Navigate to AP Groups
Select the Edit icon (pencil) to edit the AP Group where the Guest WLAN will be applied
cnMaestro – Edit AP Group
• Auto Sync will push 
any saved changes 
to all APs in the 
Group
• Click on Add WLAN
• Select Guest WLAN 
that was just 
created and click 
on Add
AP – Steps to Configure Guest WLAN
• A Guest Portal can be configured to reside in the AP three 
different ways
– Configure from cnMaestro GUI 
– Configure from AP GUI
– Configure through CLI
AP – Guest Portal Configured via cnMaestro
• Navigate to WLANs
• Select Guest Access
• Enable 
• Select Internal Access Point
• Configure as desired
• Access Policy
• Redirect Mode
• Title
• Contents
• Terms
• Logo
• Background
AP – Guest Portal Configured via cnMaestro, continued
• Choose Success Action – what 
happens after a client agrees to 
Terms and Conditions.
• Advanced Settings
• Redirect Port
• Timeouts
• Session
• Inactivity
• MAC Authentication Fallback
• Whitelist
cnMaestro – Adding Guest WLAN to AP Group
Navigate to AP Groups
Select the Edit icon (pencil) to edit the AP Group where the Guest WLAN will be applied
cnMaestro – Edit AP Group
• Auto Sync will push 
any saved changes 
to all APs in the 
Group
• Click on Add WLAN
• Select Guest WLAN 
that was just 
created and click 
on Add
AP – Guest Portal Configured via AP GUI
• Login into the target AP
• Select Configure
• Select WLAN
• Choose Add WLAN
• Enter in the next WLAN ID#
• Select OK
AP – Guest WLAN Basic Settings
Configure the Guest WLAN Basic Settings
AP – Create Guest Portal
Navigate to Guest Access on the 
specified WLAN
Now the configuration is the same 
as shown previously
The Guest Portal can reside on
- cnMaestro
- AP
- External Server
External Captive Portal Workflow
Details on configuration for integration with 3rd party vendors with External Captive Portal support can be found here:
https://support.cambiumnetworks.com/files/e400/#r3) Guest Access Portal Integration
https://support.cambiumnetworks.com/files/e400/#r3
Thank you!
cnPilot™ Training
AUTORF
Overall Objectives
At the end of this session, participants should be able to:
1. Understand what is Autorf
2. Configure APs for Autorf and Monitor them
35
3
What is AutoRF
• Automatically configure channel & power
• Choose appropriate channel to minimize interference and 
maximize throughput
• Choose optimal power for coverage while minimizing 
interference
• Constantly monitor operating channel and react appropriately 
when performance is not as per required standards
Two different modes of operation to choose from based on 
network topology and number of access points
• Centralized mode
• Autonomous mode
AutoRF modes
Copyright 2015 Cambium Networks, Ltd. All rights reserved
AutoRF – Centralized mode
• Channel & Power assignment is handled by a leader access 
point
• Suitable for networks with up to 128 access points
• Data is collected by all access points and sent to a leader
• Leader makes the decision on best channel and power for 
every access point
Copyright 2015 Cambium Networks, Ltd. All rights reserved
AutoRF – Autonomous mode
• Suitable for very large scale networks of 1000’s of access points
• Decision is taken autonomously by every single access point
• Every access point collects data and makes decision on channel 
and power by itself
• All neighboring APs including our own are treated as source of 
interference
Copyright 2015 Cambium Networks, Ltd. All rights reserved
How it works
• Periodic off channel scanning to collect data on neighboring 
APs, interference and usage
• Assign channel and power based on OCS data
– AP itself in case of ‘Autonomous mode’
– Leader AP for ‘Centralized mode’
• Interference Avoidance
– Constantly monitor current channel and force a channel change if 
required
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Centralized mode – Leader AP
• Leader AP collects data from all member APs in a network
• Uses collective information from all APs to decide channel and 
power
• The AP with the highest mac address is chosen as the leader
• When leader goes down, the next APs with the highest mac 
address becomes the leader
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Off Channel Scan
• Performed every configured ‘Off channel period’
• A configured number of ‘samples’ are taken and APs switch 
channel every configured ‘interval’
• A special broadcast probe is sent when we go off channel 
which is used for discovering neighbors
• Channel load and interfering sources are identified on all 
channels
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Channel Selection - Centralized
• Channel selection algorithm is run every 2 minutes on the 
leader AP
• For each access point the interference profile for all channels is 
generated
– Interference due to neighbors & no of neighbors
– Noise floor on each channel
• Best channel is chosen for assignment
• Only assigned if we are past channel hold time
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Channel selection – Autonomous
• Performed on AP itself at the end of an off channel scan period
• Interference profile for all channels is generated 
– Interference due to all neighbors on that channel
– Noise floor
– Channel load
• Best channel is assigned if we are past channel hold time
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Power assignment - Centralized
• We are always monitoring current channel and keep track of 
our own neighboring APs
• When we have no neighbors on the current operating channel, 
maximum power is chosen
• When we have neighbors and if they are above ‘RSSI 
threshold’, we reduce power by 1db. 
• Happens every 3 minutes 
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Power assignment - Autonomous
• Operates on max power by default
• No power reduction based on neighbors
• AP can be configured to use a specific power if 
max power is not suitable
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Interference Avoidance
• Once chosen, channel is fixed for channel hold time period
• OCS happens only on configured period
• Interference avoidance constantly monitors current channel 
and forces a channel change if required
– Force an OCS collection 
– Assign channel even if we are within channel hold time
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Interference Avoidance
• Run every 10 seconds
• Configured number of samples are taken
• If the channel is not usable for over a configured usage 
percentage for number of samples, avoidance kicks in
• Forces an off channel scan
• New channel is assigned based on collected data
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Configuration
• AutoRF Configuration is done on a per radio basis
• Exists under Configuration > Radio
• Configured separately for 2.4GHz and 5GHz radio
• Channel needs to be ‘Automatic’ for AutoRF channel 
assignment
• Power needs to be ‘Auto’ for AutoRF power assignment
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Radio configuration
Copyright 2015 Cambium Networks, Ltd. All rights reserved
AutoRF configuration
Copyright 2015 Cambium Networks, Ltd. All rights reserved
OCS Configuration
Copyright2015 Cambium Networks, Ltd. All rights reserved
Interference Avoidance
Copyright 2015 Cambium Networks, Ltd. All rights reserved
ACS & AutoRF
• Currently they are independent
• ACS both scheduled and polled work irrespective of AutoRF
configuration.
• Please disable scheduled / polled ACS when AutoRF is enabled
• Initial channel upon bootup is chosen by ACS. AutoRF then 
monitors and chooses appropriate channel.
Copyright 2015 Cambium Networks, Ltd. All rights reserved
Thank you