Access Points: General firmware release notes

Topic

This article provides information about firmware updates to Datto Access Points.

Environment

  • Datto Access Points

Description

IMPORTANT  These release notes do not include releases for Datto AP440, AP840, and AP840E Access Points. To see release notes for these devices, visit Datto Networking: WiFi-6 device release notes

Latest releases are Datto Networking's newest software updates and features available for beta testing. Stable releases are firmware versions that Datto has tested after one release cycle, or after Datto performs testing and validation. All firmware versions lower than the Stable release become Previous Releases.

Latest release

Release 2024-01-15

Version 7.0.19

This release will first be available to networks that are configured to use the Latest firmware train and have automatic upgrades enabled. Updates will install during the network's configured maintenance window.

Improvements

  • To prevent memory exhaustion, this release increases the default log size for AP42, AP62, AP440, AP840 and AP840E and enables log rotation.

  • We've made operational enhancements to improve connectivity and reduce service disruption for some customer deployments.

NOTE  As of Q2 2021, beginning with the version 7.0 family of Access Point firmware, Datto Network Manager uses IP address-based geolocation to ensure that APs are only deployed in regions where their broadcast power levels comply with local regulatory bodies. If your APs stop broadcasting WiFi following an upgrade to v7.0.x, please contact Support to verify the installed APs' physical location and available service recovery options.

Previous releases

Release 2023-10-04

Version 7.0.18

Bug fixes

  • We've fixed an issue that could cause DNS Intercept to block DNS resolution to local servers.

  • Under certain circumstances, some devices experienced intermittent issues with establishing or maintaining network connectivity. This problem is resolved.

  • With this release, clients will no longer experience repeated and unexpected band-steering.

  • iOS and macOS can now use HE channel modes.

  • Previously, the Block LAN Access setting did not block all private IP ranges. We have corrected this issue.

  • Splash pages now work as expected with the Bridge to VLAN setting enabled.

Release 2023-07-31

Version 7.0.17

New Features and Functionality

All Access Points updated to firmware version 7.0.17 or later can now export syslog information in the Common Event Format (CEF). The improvement enables you to integrate your workflows with leading security information and event management (SIEM) products.

Notable Issues Resolved

  • We've fixed an issue that could prevent client connections to WiFi-6 Access Points after several days of uptime.

  • AP840E units operating in Canada will no longer experience 2.4 GHz transmit power issues.

  • Under certain circumstances, AP42 and AP62 units experienced operational issues when attempting to leverage DFS. This problem is resolved.

  • With this release, Access Points use enhanced logic to make roaming recommendations, leading to improved roaming performance.

Known Issues

  • If a switch does not provide the 30 watts of power required by the 802.3at standard, any connected AP440, AP840, or AP840E units will negotiate Power over Ethernet (PoE) via Link Layer Discovery Protocol (LLDP). Some customers have reported resolving this issue in Cisco Catalyst switches by upgrading to Cisco IOS 15.2(4)E5 or later.

  • If you change the activation status or order of any of your SSIDs, the associated WiFi network will stop broadcasting for approximately one minute while the configuration change takes effect.

  • When connected to L24 switches, AP840s and AP840Es may report reduced operating capacity after the switch reboots. To resolve the issue, disable and then re-enable PoE on the impacted switch ports.

  • Under certain circumstances, internet access for Windows devices with Intel AX201 WiFi cards may fail after connecting to an Access Point.

  • We have identified a phenomenon in which certain Internet of Things (IoT) devices may cause connectivity issues for all clients on an Access Point. If you notice frequent syslog messages about failures with the same MAC address referenced, you may be experiencing this issue.

Release 2023-03-06

Version 7.0.16

Notable Issues Resolved

  • We've fixed an issue to prevent the event reporting service from crashing.
  • If an AP is powered off at the wrong time during boot up, the LED will continue to work properly.
  • This release introduces general improvements to our remote support service.
  • Now, the platform will ignore double entries for access and gateway interfaces.
  • HE beacons for 2.4 GHz will now correctly parse and report.
  • Devices on the WiFi Clients page will no longer display outdated IP addresses.
  • New IP addresses discovered for clients will now report correctly.

Known Issues

  • The lowest numbered SSID on each radio/band is the primary SSID. If this primary SSID is changed, either by it going down, or a lower numbered SSID coming up, all SSIDs will still be restarted.
  • AP840s and AP840Es connected to L24 switches may show up as operating at reduced capacity after the switch is rebooted. Resetting the APs by disabling and re-enabling PoE (Power Over Ethernet) on the connected switch ports will allow them to operate at full capacity.
  • Some Windows devices with Intel AX201 WiFi cards may be unable to access the internet after connecting to an AP.
  • Some types of IoT devices may cause connectivity issues for all clients on an AP. This can be identified by frequent syslog messages about failures with the same MAC address referenced.
  • WiFi-6 access points (AP440, AP840 & AP840E) connected to insufficient PoE sources may get stuck in an initializing and rebooting state.

Potential resolution methods

  • If the WiFi-6 access point is connected to a switch providing Power over Ethernet (PoE), ensure that the switch supports PoE+ (also known as 802.3at). If it is not, consider the use of a 802.3at PoE injector until you can replace the switch with an upgraded model.

  • To ensure sufficient power is available to the access point, configure your PoE+ switch to send the correct amount of power over the port. Steps for doing so will vary based on the switch's manufacturer and operating system.

Release 2022-11-30

Version 7.0.15

Notable Security Updates

  • Fixed several WiFi stack security vulnerabilies: CVE-2022-41674, CVE-2022-42719, CVE-2022-42720, CVE-2022-42721, CVE-2022-42722
  • Risk remediation for curl vulnerabilities unlikely to be exploited: CVE-2020-8231, CVE-2022-32206

Notable Issues Resolved

  • Workaround for an issue where the wired port on AP42 and AP62 may get into a stuck state and no longer transmit or receive data. The AP will be rebooted when the condition is detected.
  • Noisy syslog/kernel OMI change event messages will no longer be reported.

Known Issues

  • The lowest numbered SSID on each radio/band is the primary SSID. If this primary SSID is changed, either by it going down, or a lower numbered SSID coming up, all SSIDs will still be restarted.
  • AP840s and AP840Es connected to L24 switches may show up as operating at reduced capacity after the switch is rebooted. Resetting the APs by disabling and re-enabling PoE (Power Over Ethernet) on the connected switch ports will allow them to operate at full capacity.
  • Some Windows devices with Intel AX201 WiFi cards may be unable to access the internet after connecting to an AP.
  • Some types of IoT devices may cause connectivity issues for all clients on an AP. This can be identified by frequent syslog messages about failures with the same MAC address referenced.

Release 2022-11-30

Version 7.0.14

Notable Issues Resolved

  • Fixed an issue that prevented negotiating power levels over LLDP. AP840s and AP840Es connected to switches that require LLDP will now draw the optimal amount of power. This does not address the issues when L24 switches reboot.
  • Add official support for AP440 in Singapore and the Philippines.

Known Issues

  • The lowest numbered SSID on each radio/band is the primary SSID. If this primary SSID is changed, either by it going down, or a lower numbered SSID coming up, all SSIDs will still be restarted.
  • AP840s and AP840Es connected to L24 switches may show up as operating at reduced capacity after the switch is rebooted. Resetting the APs by disabling and re-enabling PoE on the connected switch ports will allow them to operate at full capacity.
  • Some Windows devices with Intel AX201 WiFi cards may be unable to access the internet after connecting to an AP.

Release 2022-07-06

Version 7.0.13

Notable Security Updates

  • Upgraded OpenSSL to 1.1.1n to address various security vulnerabilities. Additional information about what these changes entail can be found here.

Notable Issues Resolved

  • Fixed an issue where enabling or disabling one SSID (including WiFi scheduling) would cause other SSIDs to go down (see Known Issues for caveats)
  • Fixed an issue where the hostnames of some clients weren't properly reported in Network Manager
  • Fixed an issue where a brief internet outage could cause an AP to lose connection for an extended period of time
  • Fixed an issue where if the device is running low on memory, it may not checkin and reboot requests may not be honored
  • Fixed an issue where some devices, particularly Apple iOS devices and some WiFi6 equipped Windows 11 devices, would fail to connect to SSIDs configured with WPA2/3 mixed and 802.11r enabled
  • Fixed an issue where traffic data would occasionally not be reported for clients when DPI is enabled
  • Fixed an issue where clients using IPv6 for DNS lookups would be able to circumvent DNS intercept, including splash pages
  • Fixed an issue where IPv6 connections could sometimes bypass splash pages
  • Fixed an issue where Facebook WiFi would not correctly authenticate users in certain configurations
  • Fixed an issue where some forms of traffic could inadvertently escape the walled garden for splash pages
  • Fixed an issue where, particularly on repeaters, status about the network and WiFi were not properly reported, resulting in N/A channels displayed as one side effect
  • Fixed an issue where the watchdog wasn’t properly refreshed during the upgrade process, causing devices to potentially reboot prematurely and enter an infinite loop of trying to upgrade and rebooting
  • Fixed an issue where the AP would not send complete 802.11k roaming neighbor reports and could cause roaming issues
  • Fixed a rare issue where hostapd could crash and restart, causing WiFi interfaces to restart, disconnecting all clients
  • Fixed an issue where lonely or orphan recovery modes could continue running even after regaining a wired link
  • Lowered the verbosity of some WiFi roaming messages within syslog
  • Stopped listening to the wired uplink for DHCP requests, which prevents some very repetitive and frequent log messages within syslog
  • Fixed a rare issue where the event reporting system could deplete available AP memory in a very short period of time
  • Fixed an issue where igmpproxy would always run, regardless of the network configuration
  • Fixed an issue where an incorrect WiFi configuration was not getting corrected during periodic system checks
  • Fixed an issue where splash pages would take several minutes to be served to clients

Known Issues

  • The lowest numbered SSID on each radio/band is the "primary" SSID. If this "primary" SSID is changed, either by it going down, or a lower numbered SSID coming up, all SSIDs will still be restarted.
  • On switches which negotiate 802.3at power using LLDP, AP840 and AP840E do not properly negotiate this power and will operate in a degraded state
  • AP840s and AP840Es connected to L24 switches may show up as operating at reduced capacity. This is an issue with the L24 switch and happens after it reboots. Disabling and re-enabling PoE on the ports to the APs will reset the APs and allow them to work at full capacity.
  • Datto is currently working with Facebook to address issues with Facebook for Guest WiFi. New registration with Facebook for Guest WiFi is currently unavailable, and existing registrations may experience problems with service.

Release 2022-02-16

Version 7.0.12

New features and improvements

  • General stability improvements to AP840, AP840E, and AP440. This includes resolutions to several client disconnect issues.
  • Reduced data usage by APs in idle state.
  • Increased the number of MAC addresses in the access control list supported by the firmware to 256.
  • Improved performance on SSIDs which are bridged to LAN and do not use DNS intercept, LAN blocking, or DPI.
  • Improved performance under high temperature conditions by correcting the thermal throttling thresholds.

Bug and vulnerability fixes

  • Fixed a CPU load issue on AP42 and AP62 which occurred when AP mesh is disabled.
  • Fixed an issue on AP42 and AP62 where clients were not always reported when as few as 10 clients were on the AP. This issue was also present on WiFi-6 APs, but with a much higher number of clients as the threshold.
  • Fixed several issues surrounding multicast traffic and DNS intercept, which includes issues with Windows' gpupdate tool, active directory, and inconsistencies with Apple TV and Chromecast operation.
  • Fixed issues where Block LAN access was not fully functional before authenticating to a splash page.
  • Fixed issues where occasionally configurations would take some time to apply, notably on AP42 and AP62, and particularly on boot.
  • Fixed several issues surrounding 802.11r, greatly improving stability and usability of the feature.
  • Fixed an issue with repeaters where, under certain circumstances, they could continuously fail to mesh with other APs.
  • Fixed an issue where presence reporting would only report data from either 2.4 GHz or 5 GHz, but not both.
  • Fixed an issue where clients configured for WPA-3 Enterprise were unable to connect to an SSID configured for WPA Enterprise 2/3 mixed.
  • Fixed an issue where the download of an over-the-air upgrade could get stuck until the AP rebooted.
  • Fixed an issue which caused bandwidth throttling to be inconsistent on repeaters.
  • Fixed an issue with the LED logic where it was reporting low mesh speed at 2 MB/s instead of 2 Mbit/s, causing repeaters to flash green much more often than desired.
  • Fixed an issue where AP42 and AP62 repeaters which were stranded could not be rescued by WiFi-6 APs.
  • Fixed an issue where repeaters with multiple hops were not correctly reporting the number of hops.
  • Fixed an issue where an “unexpected upgrade” event would be shown when an AP42 or AP62 upgraded from ng6 to ng7.
  • Fixed an issue where upgrades could fail to complete, resulting in a reboot and another upgrade attempt. This could happen multiple times in a row and was most prevalent on AP840 and AP840E, but affects all APs since 7.0.0. A hotfix has been deployed to address this issue on all affected versions.

Known Issues

  • 802.11k neighbor reports only contain other BSSIDs from the same AP.

  • Enabling or disabling one SSID causes a temporary disruption of service to other SSIDs.

  • Some clients may not have their hostnames and IP addresses in the clients pane.

  • The firmware only allows 256 MAC addresses in the access control list, while the UI allows an unlimited number. Only the first 256 MAC addresses will be allowed to connect to the SSID.

  • Wired client statistics do not update properly when wired clients are configured to be connected to an SSID which is bridged to LAN.

  • 802.11r is not supported with WPA Enterprise WPA 3 only. When our APs are configured for WPA Enterprise WPA 3 only, they will use Suite-B 192 bit encryption. This security suite focuses on strong encryption to protect the communication between a client device and an AP. Because of the focus on security, this suite does not include support for 802.11r Fast Transition roaming. If 802.11r is desired, WPA 2 / 3 mixed should be used instead.

Release 2021-11-10

Cloud hotfix

Bug fixes

  • Fixed issue around pairing when upgrading from NG6.5.x to NG7
  • Fixed issue where HE160 was listed for AP840(e)
  • Fixed issue where devices were downgrading when initially reporting
  • 0.0.0 firmware after upgrade to NG7

Release 2021-10-26

Version 7.0.8

Improvements

  • Added support for AP42 and AP62
  • Improved reboot tracking reasons
  • Various improvements to 802.11r
  • Implemented DFS (Dynamic Frequency Selection) support
  • Implemented WPA3 support for AP42 and AP62

Bug fixes

  • Various stability improvements
  • Splash page improvements and fixes
  • Status LED will now remain disabled without unintentionally turning back on
  • http://logout will now help users log out of being authenticated to splash pages
  • Various improvements and bug fixes for repeaters
  • Fixed some issues with bandwidth throttling

Vulnerability fixes

  • Notable security fixes:
    • FragAttack Vulnerability fixed. See https://www.fragattacks.com for more details about the vulnerability
      • CVE-2020-24586 - Fragmentation cache not cleared on reconnection
      • CVE-2020-24587 - Reassembling fragments encrypted under different keys
      • CVE-2020-24588 - Accepting non-SPP A-MSDU frames, which leads to payload being parsed as an L2 frame under an A-MSDU bit toggling attack
      • CVE-2020-26139 - Forwarding EAPOL from unauthenticated sender
      • CVE-2020-26140 - Accepting plaintext data frames in protected networks
      • CVE-2020-26141 - Not verifying TKIP MIC of fragmented frames
      • CVE-2020-26142 - Processing fragmented frames as full frames
      • CVE-2020-26143 - Accepting fragmented plaintext frames in protected networks
      • CVE-2020-26144 - Always accepting unencrypted A-MSDU frames that start with RFC1042 header with EAPOL ethertype
      • CVE-2020-26145 - Accepting plaintext broadcast fragments as full frames
      • CVE-2020-26146 - Reassembling encrypted fragments with non-consecutive packet numbers
      • CVE-2020-26147 - Reassembling mixed encrypted/plaintext fragments
    • Input Validation Vulnerability in Open Source Library fixed. See: https://c-ares.org/adv_20210810.html for more details about the vulnerability.
      • CVE-2021-3672 - Missing input validation on hostnames returned by DNS servers

Release 2019-10-30

Version 6.5.3

Improvements:

  • Improved reliability of Presence Analytics
  • Added upgrade events
  • Reduced the likelihood of switching to non-DFS channels when a DFS radar event is detected

Bug Fixes:

  • Resolved an issue that could cause an access point's status LED to stay white
  • Resolved an issue that prevented users from disabling legacy data rate support
  • Resolved an issue that could cause an access point to reboot
  • Resolved an issue that could prevent splash pages from functioning

Vulnerability Fixes:

  • Updated the Linux kernel to address the TCP Sack Panic vulnerabilities (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479)
  • Updated OpenSSL to address CVE-2019-1559

Release 2019-05-15

Version 6.5.2

New Features and Improvements:

  • Resolved multiple issues with 802.11r functionality, resulting in improved behavior for some client devices
  • Introduced support for events and alerts

Bug Fixes

  • Resolved an issue where some access points would consistently show missed check-ins
  • Fixed an issue where wired clients traffic stats were inaccurate
  • Resolved an issue where WiFi scheduling events could occasionally cause DNS resolution to fail (Resolves known issue in 6.5.1 release: WiFi Scheduling events may halt DNS functionality on access points. As a workaround, disable WiFi Scheduling or flash your access point to firmware version 6.4 if the feature is required)
  • Resolved an issue where AP62s could go offline due to a radio configuration problem after being moved to a network in a different country. (Resolves known issue in 6.5.1 release: When moving an AP62 to a network in a different country, the access point may go offline due to a radio configuration problem, requiring a pinhole reset. Refer to What does the reset pinhole on my access point or switch do?
  • Fixed an issue in which DNS Intercept would not work without the Alternate DNS setting if multiple SSIDs are bridged
  • Resolved an issue where users would be unable to use the logout page when in a splash page's Free Access mode, receiving a "Logout is not possible" error
  • Resolved an issue where Alternate DNS settings were malformed when the Bridge to VLAN setting was used
  • Fixed an issue where switching between the gateway to repeater modes would occasionally cause DNS resolution to fail
  • Fixed an issue where reconfiguring an AP could rarely cause it to get into a bad state where DNS resolution would fail
  • Resolved an issue where RADIUS authentication requests were configured used the incorrect port by default
  • Resolved an issue where check-in would fail if DNS resolution failed (Resolved the known issue in the 6.5.1 release: Access points may crash if they cannot resolve their primary check-in server via DNS, and will not use the fallback server as a result. Afflicted access points will remain offline until DNS is functional again, or until you do a pinhole reset. Refer to What does the reset pinhole on my access point or switch do?

Release 2018-11-07

Version 6.5.1

Bug Fixes

  • Resolved an issue where AP62 access points in Europe failed to check-in

Known Issues

  • When moving an AP62 to a network in a different country, the access point may go offline due to a radio configuration problem, requiring a pinhole reset.
  • WiFi Scheduling events may halt DNS functionality on access points. As a workaround, disable WiFi Scheduling or flash your access point to firmware version 6.4 if the feature is required.
  • Access points may crash if they cannot resolve their primary check-in server via DNS, and will not use the fallback server as a result. Afflicted access points will remain offline until DNS is functional again, or until you do a pinhole reset.

Release 2018-10-29

Version 6.5.0

New Features

  • Client Device Roaming: We added functionality to improve client roaming performance. For more information, see our Client Device Roaming article.

Stable Release

Release 2019-02-04

Version 6.4.15

Bug Fixes:

  • Resolved an issue that could cause Access Points to check in every ten minutes instead of every five minutes
  • Resolved an issue in which the date defaulted to February 5, 2017, on first boot, causing check-in failure when NTP breaks

Vulnerability Fixes:

  • Update curl to address CVE-2018-16839 and CVE-2018-16842 on ng6.4.x.

Known Issues:

  • DNS intercept does not work without Alternate DNS when multiple SSIDs are in a bridged state.
  • The http://logout function does not work with Bridge to LAN enabled.
  • Rarely, an Access Point might boot without DNS resolution. Rebooting the device should resolve the issue.

Previous Releases

Release 2018-09-26

Version 6.4.14

Improvements

  • Improved HTTP fallback handling when the primary server check-in fails

Bug Fixes

  • Resolved an issue that impaired access point radio functionality for users in South Africa
  • Resolved an issue that generated false outage reports due to the check-in process crashing
  • Addressed CVE-2018-0497 and CVE-2018-0498 for mbedtls security fixes

Release 2018-09-04

Version 6.4.13

Improvements

  • Added the default server ntp.cloudtrax.com for time synchronization
  • Updated Datto Networking Portal SSL certificates
  • Improved HTTP fallback handling when the primary server check-in fails

Bug Fixes

  • Resolved an issue where a DNS server would crash during reconfiguration
  • Resolved an issue where radio broadcast transmission exceeded limits set by the Netherlands
  • Resolved an issue where the access point failed to use its fallback server when SSL certificate expired prevented check-in

Known Issues

  • The hostname reported via Syslog might display as "lede" instead of the actual hostname.
  • Roaming VLANs may become re-enabled after reboot, even when they are turned off.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the MAC address +1. Consequently, the access point uses a different MAC address for DHCP requests compared to 6.4.2/6.4.1.

Release 2018-07-16

Version 6.4.11

  • Added Snapchat into application-level tracking.
  • AP42 and AP62 access points now throttle when overheated.
  • Improved AP62 client transmit rate reporting functionality.

Bug Fixes

  • Resolved an issue where an access point would reboot due to erroneous healthcare checks or missing interfaces
  • Resolved memory usage issues on the AP42 & AP62 access points
  • Resolved an issue that prevented access point setting modification in some countries
  • Resolved an issue preventing disabling 5GHz in some countries
  • Resolved an issue in which the firmware upgrade process hung
  • Resolved an issue where the auto channel optimization feature failed due to invalid scan results
  • Resolved issues with wireless repeaters rebooted after losing mesh connectivity
  • Resolved an issue where the band steering daemon hung
  • Resolved an issue in which the 40MHz channel width could not be used on the mesh interface
  • Resolved an issue where disabled roaming VLANs re-enabled after reboot

Known Issues

  • The hostname reported via syslog might report as "lede" instead of the actual hostname.
  • Roaming VLANs may become re-enabled after reboot, even when they are turned off.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. Consequently, the access point uses a different MAC address for DHCP requests compared to 6.4.2/6.4.1.

Release 2018-05-10

Version 6.4.8

Improvements

  • When Application Reporting is enabled, all clients are reported, even those with 0 bytes of transfer.

Bug Fixes

  • Resolved an issue where 5GHz meshing always used 80MHz channel width, regardless of channel width settings
  • Resolved an issue preventing unblocked clients that were previously blocked from remaining blocked until reboot
  • Resolved an issue where WPA password authentication failed on SSIDs set to 2.4GHz or 5GHz only
  • Resolved an issue that, when using an alternate DNS, the external splash page would display a "too many redirects" error

Known Issues

  • The hostname reported via Syslog might report as "lede" instead of the actual hostname.
  • The Datto Networking Portal may incorrectly report some clients as having a 169.x.x.x IP address.
  • Roaming VLANs may become re-enabled after reboot, even when they are turned off in the Datto Networking Portal.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. Consequently, the access point uses a different MAC address for DHCP requests compared to 6.4.2/6.4.1.

Release 2018-04-11

Version 6.4.7

New Features

  • Operators can now disable the external splash page pre-authentication.

Fixes

  • Resolved an issue where enabling band steering may result in high processor load and client connection issues

Known Issues

  • The Datto Networking Portal may incorrectly report some clients as having a 169.x.x.x IP address.
  • A WPA password may not work on SSIDs set to 2.4GHz or 5GHz only.
  • Unblocking previously blocked clients via Manage?Clients may not work until reboot.
  • 5Ghz Meshing always uses 80Mhz channel width, regardless of channel settings.
  • The hostname reported via Syslog might report as "lede" instead of actual hostname.
  • Roaming VLANs may become re-enabled after reboot, even when they are turned off.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. Consequently, the access point uses a different MAC address for DHCP requests compared to 6.4.2/6.4.1.

Release 2018-03-12

Version 6.4.6

Improvements

  • Remote Syslog server support
  • Removed outdated crypto algorithms from SSH implementation

Bug Fixes

  • Some clients may report connecting to the wrong band (e.g., 2.4Ghz instead of 5Ghz).
  • If another SSID is set to use Both-Combined SSID, the AP might not honor the 2.4Ghz only and 5Ghz only band settings. The AP may continue to broadcast both bands.
  • Disabling Application Reporting breaks throttling on non-bridged SSIDs.
  • Some wireless repeaters may report 0 hops on large mesh networks.
  • Some APs may stop reporting client traffic.
  • Throttling does not work on non-bridged SSIDs with Application Reporting disabled.
  • The captive portal may prevent client connections on busy networks if it does not clear the clients list when Application Reporting is disabled.
  • Setting the throttle to 100mbit/sec resulted in 10mbit/sec throttle.
  • Auto channel mode may fail due to incorrect channel values reported by AP.

Known Issues

  • The Datto Networking Portal may incorrectly report some clients as having a 169.x.x.x IP address.
  • Enabling Band Steering may result in high processor load and client connection issues.
  • Unblocking previously blocked clients via Manage?Clients may not work until reboot.
  • The access point does not report wired clients' IP address when Application Reporting is turned off.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. Consequently, the access point uses a different MAC address for DHCP requests compared to 6.4.2/6.4.1.

Release 2018-01-08

Version 6.4.5

Bug Fixes

  • Using the SSID Band setting Both - Unique SSIDs truncates the first character of each SSID name.
  • The AP may report N/A N/A for channels, despite broadcasting correctly.

Known Issues

  • Disabling Application Reporting breaks throttling on non-bridged SSIDs.
  • If another SSID is set to use Both-Combined SSID, the AP might not honor the 2.4Ghz only and 5Ghz only band settings. The AP may continue to broadcast both bands.
  • Traffic for wired clients is not reported when Application Reporting is turned off.
  • The IP address for wired clients not reported.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. Consequently, the access point uses a different MAC address for DHCP requests compared to 6.4.2/6.4.1.

Release 2017-12-27

Version 6.4.4

Improvements

  • Unused splash page images are now deleted automatically from the access point when it saves the SSID settings.
  • Bridge Loop Avoidance is now more aggressive to avoid looping scenarios on complex networks.
  • If AP Mesh is disabled, the access point will reconfigure channel changes immediately.
Bug Fixes
  • Facebook WiFi would not pop-up automatically or would be displayed incorrectly on iOS and macOS devices.
  • Clients w/ hostnames may cause malformed JSON, resulting in a striped pattern on the outage graph due to check-in failure.
  • External splash pages that worked in 6.3 firmware fail to work on 6.4 firmware due to internal CONN_ERR.
  • SSIDs may fail to broadcast with WiFi Scheduling enabled.
  • Disabled LED lights may turn back on after firmware upgrade.

Known Issues

  • If another SSID is set to use Both-Combined SSID, the 2.4Ghz only and 5Ghz only band settings may not be honored. The AP may continue to broadcast both bands.
  • Using the SSID Band setting Both - Unique SSIDs truncates the first character of each SSID name.
  • Traffic for wired clients is not reported when Application Reporting is turned off.
  • The IP address for wired clients not reported.
  • The AP may report N/A N/A for channels, despite broadcasting correctly.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. Consequently, the access point uses a different MAC address for DHCP requests compared to 6.4.2/6.4.1.

Release 2017-12-04

Version 6.4.3

New Features

  • Client IP addresses now report to Datto Managed Networking.
  • We added functionality where preference is given to 5Ghz 802.11ac for AP meshing if available.
  • The firmware upgrade delay is reduced, and firmware can upgrade when in orphan mode, allowing for faster firmware updates.
  • Added functionality for bridging multiple SSIDs to LAN.

Bug Fixes

  • Bandwidth throttling was not always being applied to some clients when the SSID was bridged to a VLAN or after a WiFi Scheduling event.
  • Upload/Download usage reporting could get reversed.
  • The mesh interface could get set to managed mode, leaving repeaters orphaned.
  • When Status LEDs were turned off, the LEDs would remain off even during reconfiguration or error events.
  • The LED may get stuck showing the white color.
  • A channel scan could send incorrect channel values causing Auto channel mode to fail.
  • The BATMAN Mesh Protocol was reverted to BATMAN IV, to restore repeater mesh compatibility with 6.3.x firmware.

Known Issues

  • Disabled LEDs could turn themselves back on after an upgrade.
  • Layer 7 traffic for wired clients is not reported.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. Consequently, the access point uses a different MAC address for DHCP requests compared to 6.4.2/6.4.1.

Release 2017-10-20

Version 6.4.2

Bug Fixes
  • WPA2 "Key Reinstallation Attack (KRACK)" exploit (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)
  • Dnsmasq remote code execution vulnerability identified by Google (CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496, CVE-2017-13704, CVE-2017-14491)
  • When using RADIUS for the external splash page, you'll no longer see an "[acct_unique] WARNING: Attribute User-Name was not found in request, unique ID MAY be inconsistent" error in your server logs
  • APs will no longer show striping due to an issue causing missed check-ins
Known Issues
  • Repeaters will take longer than normal to finish upgrading?.
  • Disabled LEDs could turn themselves back on after an upgrade.
  • AP Mesh on 802.11ac devices is currently limited to 5GHz only.
  • Layer 7 traffic for wired clients is not reported.
  • The AP may reverse Layer 7 upload/download traffic.
  • Bandwidth throttling might not work.
  • Upload throttling won't work if the SSID is bridged to VLAN.
  • A-series LED could hang at "white" even after configuration.

Note: Once your network has upgraded to 6.4.2, if you intend to add any additional repeaters with 6.3 or earlier installed, they'll need to be hard-wired first (to get the update) as they can't mesh with an AP on Version 6.4.

Release 2017-10-12

Version 6.4.1

Improvements

  • AP Mesh over 5GHz is now supported on 802.11ac devices.
  • Airtime Fairness on 2.4GHz, improves download throughput and provides equal access to clients.
  • Throughput-based Mesh routing is now provided by B.A.T.M.A.N version 5.
  • We changed from OpenWRT to LEDE Project (lede-project.org), which contains many performance and security improvements.

Bug Fixes

  • The Neighbor RSSI now shows correctly within Datto Managed Networking.
Known Issues
  • Repeaters will take longer than normal to finish upgrading.
  • Some APs will show “striping” due to an issue causing missed check-ins.
  • AP Mesh on 802.11ac devices is limited to 5GHz only at present.

Note: Once your network has upgraded to 6.4, if you intend to add any additional repeaters with 6.3 or earlier installed, they'll need to be hard-wired first (to get the update) as they can't mesh with an AP on 6.4

Release 2017-10-07

Version 6.3.16

Bug Fixes

  • WPA2 "Key Reinstallation Attack (KRACK)" exploit (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088)
  • Dnsmasq remote code execution vulnerability identified by Google (CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496, CVE-2017-13704, CVE-2017-14491)
  • Neighbor list may fail to populate

Release 2017-09-25

Version 6.3.15

Improvements

  • Added IGMP Proxy support (see Configure?Advanced).
  • Configuration changes to one SSID won't disrupt other SSIDs.
  • External splash page now sends CIP parameter (for client IP) in addition to client_mac.
  • Client sessions are now reported back to Datto Managed Networking in the event an AP's local session cache is purged for any reason; this will ensure that the built-in splash-page won't unexpectedly appear before reaching the client force or session timeouts.
  • Band Steering no longer prevents clients from joining the SSID by consuming a high amount of CPU .
  • Bridged clients won't get non-bridged DHCP on initial AP boot.
  • Images uploaded to the splash page can now support 250 character filenames.
  • We improved reliability of automatic self-heal mode changes from Gateway ? Repeater.
  • Resolves a situation where disabling DNS Intercept could prevent DNS from working.
  • The Internet Check works better when wired clients are connected.
  • Certain model POE switches no longer experience gateways switching to a repeater.
  • Performance of an encrypted SSID would degrade if 802.11r were enabled.
  • Redirection from a URL with “res” parameter (to external splash page) no longer causes a loop.
  • Addresses an edge-case where clients could potentially bypass a splash page (including blocked clients).
  • Logging out of a voucher (not supported) no longer redirects you to www.open-mesh.com.
  • An SSH segmentation fault is now resolved with Dropbear.
  • Significant improvements have been made to the configuration/reconfiguration of bridged SSIDs (including VLANs).
  • WMM Power Save now works for 802.11n devices in addition to 802.11ac (already supported).
  • The AP now logs changes to the radio channel; log buffer size increased to 128KB.
  • The out-of-box 2.4GHz channel, before configuration, is now Datto Managed Networking default of 6 instead of 5.

Known Issues

  • The neighbor list may fail to populate.

Release 2017-07-11

Version 6.3.14

Improvements

  • Images for built-in splash pages are now displaying properly.
  • The SSIDs stay up when Internet Check is disabled, and AP loses internet (but not DHCP).
  • VLAN changes to an SSID now save without needing a reboot.
  • Repeaters with bridged SSIDs and no splash page now get LAN IPs as expected.
  • Various additional improvements and enhancements have been made.

Release 2017-06-29

Version 6.4.13

Improvements

  • We added IGMP Proxy support (see Configure?Advanced).
  • WiFi scheduling works again.
  • Client isolation wasn’t always isolating.
  • Bandwidth throttling in many cases wasn’t working.
  • SSIDs using Band Steering have improved stability.
  • Certain model POE switches no longer experience gateways switching to a repeater.
  • SSIDs configured for 2.4/5GHz-only broadcast correctly utilize Roaming VLANs.
  • The 5GHz radio no longer fails to broadcast if using channel 165 before the next upgrade.
  • Fixed an issue where performance of an encrypted SSID would degrade if 802.11r were enabled.
  • Redirection from a URL with “res” parameter (to external splash page) no longer causes a loop.
  • Addresses an edge-case where clients could potentially bypass a splash page (including blocked clients).
  • Logout of a voucher (not supported) no longer redirects you to www.open-mesh.com.
  • An SSH segmentation fault is now resolved with Dropbear.

Release 2017-05-01

Version 6.3.12

Improvements

  • Client sessions are now reported back to Datto Networking if an AP's local session cache is purged for any reason. This ensures the built-in splash-page won't unexpectedly appear before reaching the client force or session timeouts.

Release 2017-04-20

Version 6.3.11

Improvements

  • Significant improvements have been made to the configuration/reconfiguration of bridged SSIDs (including VLANs).
  • Bridged SSIDs no longer reverse their reported upload/download traffic in Datto Networking Portal.
  • We prevented SSIDs from accidentally being bridged to the LAN when in NAT mode.
  • Repeaters with bridged SSIDs could prevent DHCP assignment to clients.
  • We Addressed a condition where repeaters could go offline or into lonely/orphan mode unnecessarily.
  • WMM Power Save now works for 802.11n devices in addition to 802.11ac ( supported).
  • The AP now logs the radio channel changes; log buffer size increased to 128KB.
  • Turning on “Use AP Name” now correctly changes the 2.4GHz SSID name. without a reboot.
  • Bandwidth throttling on bridged SSIDs works if you have Application DPI disabled.
  • Client blocking now properly behaves on networks without a splash page enabled.

Release 2017-03-08

Version 6.3.10

Improvements

  • Configuration changes to one SSID won't disrupt other SSIDs
  • External splash page now sends CIP parameter (for client IP) in addition to client_mac
  • Out-of-box 2.4GHz channel, before configuration, is now Datto Managed Networking default of 6 instead of 5
  • Security updates for CVE-2013-4421, CVE-2013-4434, CVE-2016-3116, CVE-2016-7406, CVE-2016-7408, CVE-2016-7409, CVE-2016-7407