Access Points: AP440 & AP840E firmware release notes

Topic

This article contains all release notes for AP840 and AP840E access points.

Environment

• Datto AP440 Access Points
• Datto AP840 Access Points
• Datto AP840E Access Points

Description

Index

2023

• Version 7.0.19 - 2024-01-15
• Version 7.0.18 - 2023-10-04
• Version 7.0.17 - 2023-07-31
• Version 7.0.16 - 2023-03-06

2022

• Version 7.0.15 - 2022-11-30
• Version 7.0.14 - 2022-11-30
• Version 7.0.13 - 2022-07-06
• Version 7.0.12 - 2022-02-16

2021

• Version 7.0.8 - 2021-10-26
• Version 7.0.6 - 2021-05-25
• Version 7.0.4 - 2021-05-11
• Version 7.0.2 - 2021-04-13

Latest release

Release 2024-01-15

Version 7.0.19

This release will first be available to networks that are configured to use the Latest firmware train and have automatic upgrades enabled. Updates will install during the network's configured maintenance window.

Improvements

• To prevent memory exhaustion, this release increases the default log size for AP42, AP62, AP440, AP840 and AP840E and enables log rotation.

• We've made operational enhancements to improve connectivity and reduce service disruption for some customer deployments.

NOTE  As of Q2 2021, beginning with the version 7.0 family of Access Point firmware, Datto Network Manager uses IP address-based geolocation to ensure that APs are only deployed in regions where their broadcast power levels comply with local regulatory bodies. If your APs stop broadcasting WiFi following an upgrade to v7.0.x, please contact Support to verify the installed APs' physical location and available service recovery options.

Previous releases

Release 2023-10-04

Version 7.0.18

Bug fixes

• We've fixed an issue that could cause DNS Intercept to block DNS resolution to local servers.

• Under certain circumstances, some devices experienced intermittent issues with establishing or maintaining network connectivity. This problem is resolved.

• With this release, clients will no longer experience repeated and unexpected band-steering.

• iOS and macOS can now use HE channel modes.

• Previously, the Block LAN Access setting did not block all private IP ranges. We have corrected this issue.

• Splash pages now work as expected with the Bridge to VLAN setting enabled.

Release 2023-07-31

Version 7.0.17

New Features and Functionality

All Access Points updated to firmware version 7.0.17 or later can now export syslog information in the Common Event Format (CEF). The improvement enables you to integrate your workflows with leading security information and event management (SIEM) products.

Notable Issues Resolved

• We've fixed an issue that could prevent client connections to WiFi-6 Access Points after several days of uptime.

• AP840E units operating in Canada will no longer experience 2.4 GHz transmit power issues.

• Under certain circumstances, AP42 and AP62 units experienced operational issues when attempting to leverage DFS. This problem is resolved.

• With this release, Access Points use enhanced logic to make roaming recommendations, leading to improved roaming performance.

Known Issues

• If a switch does not provide the 30 watts of power required by the 802.3at standard, any connected AP440, AP840, or AP840E units will negotiate Power over Ethernet (PoE) via Link Layer Discovery Protocol (LLDP). Some customers have reported resolving this issue in Cisco Catalyst switches by upgrading to Cisco IOS 15.2(4)E5 or later.

• If you change the activation status or order of any of your SSIDs, the associated WiFi network will stop broadcasting for approximately one minute while the configuration change takes effect.

• When connected to L24 switches, AP840s and AP840Es may report reduced operating capacity after the switch reboots. To resolve the issue, disable and then re-enable PoE on the impacted switch ports.

• Under certain circumstances, internet access for Windows devices with Intel AX201 WiFi cards may fail after connecting to an Access Point.

• We have identified a phenomenon in which certain Internet of Things (IoT) devices may cause connectivity issues for all clients on an Access Point. If you notice frequent syslog messages about failures with the same MAC address referenced, you may be experiencing this issue.

Release 2023-03-06

Version 7.0.16

Notable Issues Resolved

• We've fixed an issue to prevent the event reporting service from crashing.
• If an AP is powered off at the wrong time during boot up, the LED will continue to work properly.
• This release introduces general improvements to our remote support service.
• Now, the platform will ignore double entries for access and gateway interfaces.
• HE beacons for 2.4 GHz will now correctly parse and report.
• Devices on the WiFi Clients page will no longer display outdated IP addresses.
• New IP addresses discovered for clients will now report correctly.

Known Issues

• The lowest numbered SSID on each radio/band is the primary SSID. If this primary SSID is changed, either by it going down, or a lower numbered SSID coming up, all SSIDs will still be restarted.
• AP840s and AP840Es connected to L24 switches may show up as operating at reduced capacity after the switch is rebooted. Resetting the APs by disabling and re-enabling PoE (Power Over Ethernet) on the connected switch ports will allow them to operate at full capacity.
• Some Windows devices with Intel AX201 WiFi cards may be unable to access the internet after connecting to an AP.
• Some types of IoT devices may cause connectivity issues for all clients on an AP. This can be identified by frequent syslog messages about failures with the same MAC address referenced.
• WiFi-6 access points (AP440, AP840 & AP840E) connected to insufficient PoE sources may get stuck in an initializing and rebooting state.

Potential resolution methods

• If the WiFi-6 access point is connected to a switch providing Power over Ethernet (PoE), ensure that the switch supports PoE+ (also known as 802.3at). If it is not, consider the use of a 802.3at PoE injector until you can replace the switch with an upgraded model.

• To ensure sufficient power is available to the access point, configure your PoE+ switch to send the correct amount of power over the port. Steps for doing so will vary based on the switch's manufacturer and operating system.

Release 2022-11-30

Version 7.0.15

Notable Security Updates

• Fix several WiFi stack security vulnerabilies: CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722
• Risk remediation for curl vulnerabilities unlikely to be exploited: CVE-2020-8231, CVE-2022-32206

Notable Issues Resolved

• Workaround for an issue where the wired port on AP42 and AP62 may get into a stuck state and no longer transmit or receive data. The AP will be rebooted when the condition is detected.
• Noisy syslog/kernel OMI change event messages will no longer be reported.

Known Issues

• The lowest numbered SSID on each radio/band is the primary SSID. If this primary SSID is changed, either by it going down, or a lower numbered SSID coming up, all SSIDs will still be restarted.
• AP840s and AP840Es connected to L24 switches may show up as operating at reduced capacity after the switch is rebooted. Resetting the APs by disabling and re-enabling PoE (Power Over Ethernet) on the connected switch ports will allow them to operate at full capacity.
• Some Windows devices with Intel AX201 WiFi cards may be unable to access the internet after connecting to an AP.
• Some types of IoT devices may cause connectivity issues for all clients on an AP. This can be identified by frequent syslog messages about failures with the same MAC address referenced.

Release 2022-11-30

Version 7.0.14

Notable Issues Resolved

• Fixed an issue that prevented negotiating power levels over LLDP. AP840s and AP840Es connected to switches that require LLDP will now draw the optimal amount of power. This does not address the issues when L24 switches reboot.
• Add official support for AP440 in Singapore and the Philippines.

Known Issues

• The lowest numbered SSID on each radio/band is the primary SSID. If this primary SSID is changed, either by it going down, or a lower numbered SSID coming up, all SSIDs will still be restarted.
• AP840s and AP840Es connected to L24 switches may show up as operating at reduced capacity after the switch is rebooted. Resetting the APs by disabling and re-enabling PoE on the connected switch ports will allow them to operate at full capacity.
• Some Windows devices with Intel AX201 WiFi cards may be unable to access the internet after connecting to an AP.

Release 2022-07-06

Version 7.0.13

Notable Security Updates

• Upgraded OpenSSL to 1.1.1n to address various security vulnerabilities. Additional information about what these changes entail can be found here

Notable Issues Resolved

• Fixed an issue where enabling or disabling one SSID (including WiFi scheduling) would cause other SSIDs to go down (see Known Issues for caveats)
• Fixed an issue where the hostnames of some clients weren't properly reported in Network Manager
• Fixed an issue where a brief internet outage could cause an AP to lose connection for an extended period of time
• Fixed an issue where if the device is running low on memory, it may not checkin and reboot requests may not be honored
• Fixed an issue where some devices, particularly Apple iOS devices and some WiFi6 equipped Windows 11 devices, would fail to connect to SSIDs configured with WPA2/3 mixed and 802.11r enabled
• Fixed an issue where traffic data would occasionally not be reported for clients when DPI is enabled
• Fixed an issue where clients using IPv6 for DNS lookups would be able to circumvent DNS intercept, including splash pages
• Fixed an issue where IPv6 connections could sometimes bypass splash pages
• Fixed an issue where Facebook WiFi would not correctly authenticate users in certain configurations
• Fixed an issue where some forms of traffic could inadvertently escape the walled garden for splash pages
• Fixed an issue where, particularly on repeaters, status about the network and WiFi were not properly reported, resulting in N/A channels displayed as one side effect
• Fixed an issue where the watchdog wasn’t properly refreshed during the upgrade process, causing devices to potentially reboot prematurely and enter an infinite loop of trying to upgrade and rebooting
• Fixed an issue where the AP would not send complete 802.11k roaming neighbor reports and could cause roaming issues
• Fixed a rare issue where hostapd could crash and restart, causing WiFi interfaces to restart, disconnecting all clients
• Fixed an issue where lonely or orphan recovery modes could continue running even after regaining a wired link
• Lowered the verbosity of some WiFi roaming messages within syslog
• Stopped listening to the wired uplink for DHCP requests, which prevents some very repetitive and frequent log messages within syslog
• Fixed a rare issue where the event reporting system could deplete available AP memory in a very short period of time
• Fixed an issue where igmpproxy would always run, regardless of the network configuration
• Fixed an issue where an incorrect WiFi configuration was not getting corrected during periodic system checks
• Fixed an issue where splash pages would take several minutes to be served to clients

Known Issues

• The lowest numbered SSID on each radio/band is the "primary" SSID. If this "primary" SSID is changed, either by it going down, or a lower numbered SSID coming up, all SSIDs will still be restarted.
• On switches which negotiate 802.3at power using LLDP, AP840 and AP840E do not properly negotiate this power and will operate in a degraded state
• AP840s and AP840Es connected to L24 switches may show up as operating at reduced capacity. This is an issue with the L24 switch and happens after it reboots. Disabling and re-enabling PoE on the ports to the APs will reset the APs and allow them to work at full capacity.
• Datto is currently working with Facebook to address issues with Facebook for Guest WiFi. New registration with Facebook for Guest WiFi is currently unavailable, and existing registrations may experience problems with service.

Release 2022-02-16

Version 7.0.12

New features and improvements

• General stability improvements to AP840, AP840E, and AP440. This includes resolutions to several client disconnect issues.
• Reduced data usage by APs in idle state.
• Increased the number of MAC addresses in the access control list supported by the firmware to 256.
• Improved performance on SSIDs which are bridged to LAN and do not use DNS intercept, LAN blocking, or DPI.
• Improved performance under high temperature conditions by correcting the thermal throttling thresholds.

Bug and vulnerability fixes

• Fixed a CPU load issue on AP42 and AP62 which occurred when AP mesh is disabled.
• Fixed an issue on AP42 and AP62 where clients were not always reported when as few as 10 clients were on the AP. This issue was also present on WiFi-6 APs, but with a much higher number of clients as the threshold.
• Fixed several issues surrounding multicast traffic and DNS intercept, which includes issues with Windows' gpupdate tool, active directory, and inconsistencies with Apple TV and Chromecast operation.
• Fixed issues where Block LAN access was not fully functional before authenticating to a splash page.
• Fixed issues where occasionally configurations would take some time to apply, notably on AP42 and AP62, and particularly on boot.
• Fixed several issues surrounding 802.11r, greatly improving stability and usability of the feature.
• Fixed an issue with repeaters where, under certain circumstances, they could continuously fail to mesh with other APs.
• Fixed an issue where presence reporting would only report data from either 2.4 GHz or 5 GHz, but not both.
• Fixed an issue where clients configured for WPA-3 Enterprise were unable to connect to an SSID configured for WPA Enterprise 2/3 mixed.
• Fixed an issue where the download of an over-the-air upgrade could get stuck until the AP rebooted.
• Fixed an issue which caused bandwidth throttling to be inconsistent on repeaters.
• Fixed an issue with the LED logic where it was reporting low mesh speed at 2 MB/s instead of 2 Mbit/s, causing repeaters to flash green much more often than desired.
• Fixed an issue where AP42 and AP62 repeaters which were stranded could not be rescued by WiFi-6 APs.
• Fixed an issue where repeaters with multiple hops were not correctly reporting the number of hops.
• Fixed an issue where an “unexpected upgrade” event would be shown when an AP42 or AP62 upgraded from ng6 to ng7.
• Fixed an issue where upgrades could fail to complete, resulting in a reboot and another upgrade attempt. This could happen multiple times in a row and was most prevalent on AP840 and AP840E, but affects all APs since 7.0.0. A hotfix has been deployed to address this issue on all affected versions.

Release 2021-10-26

Version 7.0.8

New features and improvements

• Added support for AP42 and AP62
• Improved reboot tracking reasons
• Various improvements to 802.11r
• Implemented DFS (Dynamic Frequency Selection) support
• Implemented WPA3 support for AP42 and AP62

Bug fixes

• Various stability improvements
• Splash page improvements and fixes
• Status LED will now remain disabled without unintentionally turning back on
• http://logout will now help users log out of being authenticated to splash pages
• Various improvements and bug fixes for repeaters
• Fixed some issues with bandwidth throttling

Vulnerability Fixes

• Notable security fixes:
  • FragAttack Vulnerability fixed. See https://www.fragattacks.com for more details about the vulnerability
    • CVE-2020-24586 - Fragmentation cache not cleared on reconnection
    • CVE-2020-24587 - Reassembling fragments encrypted under different keys
    • CVE-2020-24588 - Accepting non-SPP A-MSDU frames, which leads to payload being parsed as an L2 frame under an A-MSDU bit toggling attack
    • CVE-2020-26139 - Forwarding EAPOL from unauthenticated sender
    • CVE-2020-26140 - Accepting plaintext data frames in protected networks
    • CVE-2020-26141 - Not verifying TKIP MIC of fragmented frames
    • CVE-2020-26142 - Processing fragmented frames as full frames
    • CVE-2020-26143 - Accepting fragmented plaintext frames in protected networks
    • CVE-2020-26144 - Always accepting unencrypted A-MSDU frames that start with RFC1042 header with EAPOL ethertype
    • CVE-2020-26145 - Accepting plaintext broadcast fragments as full frames
    • CVE-2020-26146 - Reassembling encrypted fragments with non-consecutive packet numbers
    • CVE-2020-26147 - Reassembling mixed encrypted/plaintext fragments
• Input Validation Vulnerability in Open Source Library fixed. See: https://c-ares.org/adv_20210810.html for more details about the vulnerability.
  • CVE-2021-3672 - Missing input validation on hostnames returned by DNS servers

Release 2021-05-25

Version 7.0.6

New features and improvements

• Added additional strict controls for indoor and outdoor regional compliance

Known issues

• DFS is pending certification
• Auto-channel can select HT mode and must be manually set to HE mode
• Access points configured for channel 1 and 40 MHz width on 2.4 GHz can cause connectivity issues
• Splash pages do not work on repeaters

• Splash pages can sometimes fail to download

• WiFi interfaces may go down/up when unrelated configurations are changed

• Facebook WiFi will fail to redirect clients to Facebook

Release 2021-05-11

Version 7.0.4

This firmware version is only supported on AP840 and AP840E models.

New features and improvements

• Introduces WPA3 support for networks running this firmware
• Introduces 802.11ax capabilities
• General stability, performance, and logging improvements

Bug fixes

• Fixed an issue where splash pages do not work on repeaters
• Fixed an issue where WiFi interfaces may go down/up when unrelated configurations are changed
• Fixed an issue where walled garden on splash pages is not operational
• Fixed an issue where repeaters do not correctly roam between gateways when a gateway goes down.
• Fixed an issue where WPA3 was not operational, and clients may fail to connect to APs configured with it.
• Fixed an issue where wired clients are sometimes not connected to the correct SSID
• Fixed an issue where client reporting does not always work
• Fixed an issue where certain channel configurations cause the AP/UI to report a different channel
• Fixed an issue where disabling lower phy rates causes mesh not to work.
• Fixed an issue where mesh does not work on channel 165
• Fixed an issue where clients roaming to an AP840(E) from another device on the same network will have a few minutes of inability to connect to the internet.
• Fixed an issue where hostname of the AP is always reported as “OpenWRT”
• Fixed an issue where splash pages are not preserved over an upgrade
• Fixed an issue where APs will NAT traffic on bridge to LAN SSIDs
• Fixed an issue where enabling DNS intercept causes APs to fall offline.
• Fixed an issue where changing the access control list does not take effect until reboot
• Fixed an issue where wired clients on repeaters do not work

Known issues

• Splash pages do not work on repeaters
• Splash pages can sometimes fail to download
• WiFi interfaces may go down/up when unrelated configurations are changed
• Facebook WiFi will fail to redirect clients to facebook

Release 2021-04-13

Version 7.0.2

This firmware version is only supported on AP840 and AP840E models.

New features and improvements

• Initial release

Known issues

• Splash pages do not work on repeaters
• Splash pages can sometimes fail to download
• WiFi interfaces may go down/up when unrelated configurations are changed
• Facebook WiFi will fail to redirect clients to facebook
• Walled garden on splash pages is not operational
• Repeaters do not correctly roam between gateways when a gateway goes down.
• WPA3 is not operational, and clients may fail to connect to APs configured with it.
• Wired clients are sometimes not connected to the correct SSID
• Client reporting does not always work
• Certain channel configurations cause the AP/UI to report a different channel
• Disabling lower phy rates causes mesh not to work.
• Mesh does not work on channel 165
• Clients roaming to an AP840(E) from another device on the same network will have a few minutes of inability to connect to the internet.
• Hostname of the AP is always reported as “OpenWRT”
• Splash pages are not preserved over an upgrade
• APs will NAT traffic on bridge to LAN SSIDs
• Enabling DNS intercept causes APs to fall offline.
• Changing the access control list does not take effect until reboot
• Wired clients on repeaters do not work