Datto Access Point Firmware Release Notes

Follow

Topic

This article provides information about firmware updates to Datto Access Points.

Environment

Datto Access Points

Release Notes

Firmware 6.4

6.4.8 (May 10, 2018)

Improvements:

  • All clients are reported when Application Reporting is enabled, even those with 0 bytes of transfer.

Bug Fixes:

  • Resolved an issue where 5GHz meshing always used 80MHz channel width, regardless of channel width settings.
  • Resolved an issue where unblocked clients that were previously blocked may remained so until reboot.
  • Resolved an issue where WPA password authentication failed on SSIDs set to 2.4GHz or 5GHz only.
  • Resolved an issue that, when using an alternate DNS, the external splash page would display a "too many redirects" error.

Known Issues:

  • Hostname reported via syslog might report as "lede", instead of actual hostname.
  • The Datto Networking Portal may incorrectly report some clients as having a 169.x.x.x IP address.
  • Roaming VLANs may become re-enabled after reboot, even when they are turned off in CloudTrax.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. This results in a different MAC address being used for DHCP requests compared to 6.4.2/6.4.1.
6.4.7 (April 11, 2018)

New:

  • Operators can now disable external splash page pre-authentication.

Fixes:

  • Resolved an issue where enabling Band Steering may result in high processor load and/or client connection issues.

Known Issues:

  • The Datto Networking Portal may incorrectly report some clients as having a 169.x.x.x IP address.
  • A WPA password may not work on SSIDs set to 2.4GHz or 5GHz only.
  • Unblocked clients that were previously blocked via Manage -> Clients may remain blocked until reboot.
  • 5Ghz Meshing always uses 80Mhz channel width, regardless of channel settings.
  • Hostname reported via syslog might report as "lede", instead of actual hostname.
  • Roaming VLANs may become re-enabled after reboot, even when they are turned off.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. This results in a different MAC address being used for DHCP requests compared to 6.4.2/6.4.1.

6.4.6 (Mar 12, 2018)

New:

  • NEW: Remote syslog server support.
  • NEW: Removed outdated crypto algorithms from SSH implementation.

Fixes:

  • FIXED: Some clients may report being connected to the wrong band(e.g. 2.4Ghz instead of 5Ghz).
  • FIXED: "2.4Ghz only" and "5Ghz only" band setting may not be honored if another SSID is set to use the "Both - Combined SSID". The AP may continue to broadcast both bands.
  • FIXED: Disabling Application Reporting breaks throttling on non-bridged SSIDs.
  • FIXED: Some wireless repeaters may report 0 hops on large mesh networks.
  • FIXED: Some APs may stop reporting client traffic.
  • FIXED: Throttling does not work on non-bridged SSIDs with Application Reporting disabled.
  • FIXED: Captive portal may prevent client connections on busy networks due to not clearing its clients list when Application Reporting is disabled.
  • FIXED: Setting throttle to 100mbit/sec resulted in 10mbit/sec throttle.
  • FIXED: Auto channel mode may fail due to incorrect channel values reported by AP.

Known Issues:

  • KNOWN ISSUE: CloudTrax may incorrectly report some clients as having a 169.x.x.x IP address.
  • KNOWN ISSUE: Enabling Band Steering may result in high processor load and/or client connection issues.
  • KNOWN ISSUE: Unblocked clients that were previously blocked via Manage -> Clients may remain blocked until reboot.
  • KNOWN ISSUE: The IP address of wired clients is not reported when Application Reporting is turned off.
  • KNOWN ISSUE: The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. This results in a different MAC address being used for DHCP requests compared to 6.4.2/6.4.1.

Previous Development Releases

6.4.5 (Jan 8, 2018)

Fixes:

  • FIXED: Using the SSID Band setting "Both - Unique SSIDs", results in the first character of each SSID name being truncated.
  • FIXED: AP may report N/A N/A for channels, despite broadcasting correctly.

Known Issues:

  • KNOWN ISSUE: Disabling Application Reporting breaks throttling on non-bridged SSIDs.
  • KNOWN ISSUE: "2.4Ghz only" and "5Ghz only" band setting may not be honored if another SSID is set to use the "Both - Combined SSID". The AP may continue to broadcast both bands.
  • KNOWN ISSUE: Traffic for wired clients not reported when Application Reporting is turned off.
  • KNOWN ISSUE: IP address for wired clients not reported.
  • KNOWN ISSUE: The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. This results in a different MAC address being used for DHCP requests compared to 6.4.2/6.4.1.

 6.4.4 (Dec 27, 2017)

New Features:

  • NEW: Unused splash page images are now deleted automatically from the access point when SSID settings are saved.
  • NEW: Bridge Loop Avoidance is now more aggressive to avoid looping scenarios on complex networks.
  • New: If AP Mesh is disabled, access point will reconfigure channel changes immediately.

Fixes:

  • FIXED: Facebook WiFi would not pop-up automatically or would be displayed incorrectly on iOS and macOS devices.
  • FIXED: Clients w/ hostnames may cause malformed JSON, resulting in striped pattern on the outage graph due to check-in failure.
  • FIXED: External splash pages that worked in 6.3 firmware fail to work on 6.4 firmware due to internal CONN_ERR.
  • FIXED: SSIDs may fail to broadcast with WiFi Scheduling enabled.
  • FIXED: Disabled LED lights may turn back on after firmware upgrade.

Known Issues:

  • KNOWN ISSUE: "2.4Ghz only" and "5Ghz only" band setting may not be honored if another SSID is set to use "Both - Combined SSID". The AP may continue to broadcast both bands.
  • KNOWN ISSUE: Using the SSID Band setting "Both - Unique SSIDs", results in the first character of each SSID name being truncated.
  • KNOWN ISSUE: Traffic for wired clients not reported when Application Reporting is turned off.
  • KNOWN ISSUE: IP address for wired clients not reported.
  • KNOWN ISSUE: AP may report N/A N/A for channels, despite broadcasting correctly.
  • KNOWN ISSUE: The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. This results in a different MAC address being used for DHCP requests compared to 6.4.2/6.4.1.

6.4.3 (Dec 4, 2017)

New Features:

  • NEW: Client IP addresses reported to Datto Managed Networking.
  • NEW: Prefer 5Ghz 802.11ac meshing, if available.
  • NEW: Firmware upgrade delay reduced and firmware can upgrade when in orphan mode, allowing for faster firmware updates.
  • NEW: Bridge multiple SSIDs to LAN. (GUI Coming Soon...)

Fixes:

  • FIX: Bandwidth throttling was not always being applied to some clients, when the SSID was bridged to a VLAN or after a WiFi Scheduling event.
  • FIX: Upload/Download usage reporting could get reversed.
  • FIX: Mesh interface could get set to managed mode, leaving repeaters orphaned.
  • FIX: When Status LEDs were turned off, the LEDs would remain off even during reconfiguration or an error events.
  • FIX: LED may get stuck showing white color.
  • FIX: Channel scan could send incorrect channel values causing Auto channel mode to fail.
  • FIX: BATMAN Mesh Protocol reverted to BATMAN IV, to restore repeater mesh compatibility with 6.3.x firmware.

Known Issues: 

  • KNOWN ISSUE: Disabled LEDs could turn themselves back on after upgrade.
  • KNOWN ISSUE: Layer 7 traffic for wired clients not reported.
  • KNOWN ISSUE: The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. This results in a different MAC address used for DHCP requests compared to 6.4.2/6.4.1.

Earlier 6.4 Releases

6.4.2 (Oct 20, 2017)

Fixes:

  • FIX: WPA2 "Key Reinstallation Attack (KRACK)" exploit (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) 
  • FIX: Dnsmasq remote code execution vulnerability identified by Google (CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496, CVE-2017-13704, CVE-2017-14491)
  • FIX: When using RADIUS for external splash page, you'll no longer see an "[acct_unique] WARNING: Attribute User-Name was not found in request, unique ID MAY be inconsistent" error in your server logs
  • FIX: APs will no longer show “striping” due to an issue causing missed check-ins

Known Issues: 
  • KNOWN ISSUE: Repeaters will take longer than normal to finish upgrading
.
  • KNOWN ISSUE: Disabled LEDs could turn themselves back on after upgrade.
  • KNOWN ISSUE: AP Mesh on 802.11ac devices is currently limited to 5GHz only.
  • KNOWN ISSUE: Layer 7 traffic for wired clients not reported.
  • KNOWN ISSUE: Layer 7 upload/download traffic could be reversed.
  • KNOWN ISSUE: Bandwidth throttling might not always work.
  • KNOWN ISSUE: Upload throttling won't work if SSID is bridged to VLAN.
  • KNOWN ISSUE: A-series LED could be stuck at "white" even after configuration.

Note: Once your network has upgraded to 6.4.2, if you intend to add any additional repeaters with 6.3 or earlier installed, they'll need to be hard-wired first (to get the update) as they can't mesh with an AP on 6.4

6.4.1 (Oct 12, 2017)

Changes made since 6.3.15:
  • NEW: AP Mesh over 5GHz now supported on 802.11ac devices (A-series, MR1750, OM5P-AC)
  • NEW: Airtime Fairness on 2.4GHz, to improve download throughput and provide equal access to clients
  • NEW: Throughput-based Mesh routing provided by B.A.T.M.A.N version 5
  • NEW: Linux OS change from OpenWrt to LEDE Project (lede-project.org), containing many performance and security improvements
  • FIX: Neighbor RSSI now properly shows within Datto Managed Networking.
Known Issues: 
  • Repeaters will take longer than normal to finish upgrading
  • Some APs will show “striping” due to an issue causing missed check-ins
  • AP Mesh on 802.11ac devices is limited to 5GHz only at present

Note: Once your network has upgraded to 6.4, if you intend to add any additional repeaters with 6.3 or earlier installed, they'll need to be hard-wired first (to get the update) as they can't mesh with an AP on 6.4

Firmware 6.3

Latest Stable Release

6.3.16 (October 17, 2017)

  • FIX: WPA2 "Key Reinstallation Attack (KRACK)" exploit (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) 
  • FIX: Dnsmasq remote code execution vulnerability identified by Google (CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496, CVE-2017-13704, CVE-2017-14491)
  • Known issues: The Neighbor list might not always be populated, we're aware and working on a fix.

NOTE: Due to higher memory requirements, this version does not support OM1P, MR500 and OM2Pv1 devices. The OM1P/MR500 are legacy devices and limited to 481 firmware on "legacy" networks only, the OM2P is supported only to 6.1.2, and the OM2P (32 MB) is supported only up to 590 firmware. 

More info about supported devices is found here: https://help.cloudtrax.com/hc/en-us/articles/115000589630-Open-Mesh-End-of-Life-Policy-and-Product-Matrix

Previous 6.3 Releases

6.3.15 (Sept 25, 2017)

Changes below since 6.2.12:

  • NEW: IGMP Proxy support (see Configure -> Advanced)
  • NEW: Configuration changes to one SSID won't disrupt other SSIDs
  • NEW: External splash page now sends CIP parameter (for client IP) in addition to client_mac
  • NEW: Client sessions are now reported back to Datto Managed Networking in the event an AP's local session cache is purged for any reason; this will ensure that the built-in splash-page won't unexpectedly appear prior to the client force timeout or session timeout being reached.
  • FIX: Band Steering no longer consumes high amount of CPU preventing clients from joining SSID
  • FIX: Bridged clients won't get non-bridged DHCP on initial AP boot
  • FIX: Uploaded images to splash page can now support 250 character filenames
  • FIX: Improves reliability of automatic self-heal mode changes from Gateway -> Repeater
  • FIX: Resolves a situation where disabling DNS Intercept could prevent DNS from working
  • FIX: Internet Check better handles when wired clients are connected
  • FIX: Certain model POE switches no longer experience gateways switching to repeater
  • FIX: Performance of an encrypted SSID would degrade if 802.11r was enabled
  • FIX: Redirection from a URL with “res” parameter (to external splash page) no longer causes loop
  • FIX: Addresses an edge-case where clients could potentially bypass a splash page (including blocked clients)
  • FIX: Logout of a voucher (which isn’t supported) no longer redirects you to www.open-mesh.com
  • FIX: Resolves SSH segmentation fault with Dropbear
  • FIX: Significant improvements to the configuration/reconfiguration of bridged SSIDs (including VLANs) 
  • FIX: WMM Power Save now works for 802.11n devices in addition to 802.11ac (which was already supported)
  • FIX: Change to radio channel is now logged on the AP; log buffer size increased to 128KB
  • FIX: Out-of-box 2.4GHz channel, prior to configuration, is now Datto Managed Networking default of 6 instead of 5
  • Known issues: The Neighbor list might not always be populated, we're aware and working on a fix.

6.3.14 (July 11, 2017)

  • FIX: Images for built-in splash pages are now displaying properly
  • FIX: When Internet Check is disabled and AP loses internet (but not DHCP) the SSIDs stay up
  • FIX: VLAN changes to an SSID now save without need for reboot
  • FIX: Repeaters with bridged SSIDs and no splash page now get LAN IPs as expected
  • FIX: Various additional improvements and enhancements

6.3.13 (June 29, 2017)

  • NEW: IGMP Proxy support (see Configure -> Advanced)
  • FIX: WiFi scheduling works again
  • FIX: Client isolation wasn’t always isolating
  • FIX: Bandwidth throttling in many cases wasn’t working
  • FIX: Improved stability for SSIDs using Band Steering
  • FIX: Certain model POE switches no longer experience gateways switching to repeater
  • FIX: SSIDs configured for 2.4/5GHz-only broadcast correctly utilize Roaming VLANs
  • FIX: 5GHz radio no longer fails to broadcast if using channel 165 prior to next upgrade
  • FIX: Performance of an encrypted SSID would degrade if 802.11r was enabled
  • FIX: Redirection from a URL with “res” parameter (to external splash page) no longer causes loop
  • FIX: Addresses an edge-case where clients could potentially bypass a splash page (including blocked clients)
  • FIX: Logout of a voucher (which isn’t supported) no longer redirects you to www.open-mesh.com
  • FIX: Resolves SSH segmentation fault with Dropbear

6.3.12 (May 1, 2017)

  • NEW: Client sessions are now reported back to Datto Managed Networking in the event an AP's local session cache is purged for any reason; this will ensure that the built-in splash-page won't unexpectedly appear prior to the client force timeout or session timeout being reached.

6.3.11 (April 20, 2017)

  • FIX: Significant improvements to the configuration/reconfiguration of bridged SSIDs (including VLANs) 
  • FIX: Bridged SSIDs no longer reverse their reported upload/download traffic in CloudTrax
  • FIX: Prevent SSIDs from accidentally being bridged to the LAN when in NAT mode
  • FIX: Repeaters with bridged SSIDs could prevent DHCP assignment to clients
  • FIX: Addresses a rare condition where repeaters could go offline or into lonely/orphan mode unnecessarily
  • FIX: WMM Power Save now works for 802.11n devices in addition to 802.11ac (which was already supported)
  • FIX: Change to radio channel is now logged on the AP; log buffer size increased to 128KB
  • FIX: “Use AP Name” being turned on now correctly changes the 2.4GHz SSID name without a reboot
  • FIX: Bandwidth throttling on bridged SSIDs works if you have Application DPI disabled
  • FIX: Client blocking now properly behaves on networks without a splash page enabled

6.3.10 (March 8, 2017)

  • NEW: Support for new HW (OM2Pv4, OM2P-HSv4, A-series)
  • NEW: Configuration changes to one SSID won't disrupt other SSIDs
  • NEW: External splash page now sends CIP parameter (for client IP) in addition to client_mac
  • FIX: Out-of-box 2.4GHz channel, prior to configuration, is now Datto Managed Networking default of 6 instead of 5
  • FIX: Security updates for CVE-2013-4421, CVE-2013-4434, CVE-2016-3116, CVE-2016-7406, CVE-2016-7408, CVE-2016-7409, CVE-2016-7407
  • Includes all other changes included in 6.2.10 and earlier

Firmware 6.2

Last 6.2 Stable Release

6.2.12 (April 10, 2017)

  • FIX: No internet access on a Gateway AP that's been physically switched to a Repeater AP

Previous 6.2 Stable Releases

6.2.11 (March 21, 2017)

  • FIX: Repeaters with bridged SSIDs could prevent DHCP assignment to clients
  • FIX: Client blocking now properly works on networks without a splash page enabled
  • FIX: Addresses a rare condition where repeaters could go offline or into lonely/orphan mode unnecessarily
  • FIX: Security updates for CVE-2013-4421, CVE-2013-4434, CVE-2016-3116, CVE-2016-7406, CVE-2016-7408, CVE-2016-7409, CVE-2016-7407

6.2.10 (March 8, 2017)

  • NEW: Ability to disable Application Reporting (Layer 7 Deep Packet Inspection) for higher throughput on AC-capable devices, especially on bridged SSIDs. Found under Configure -> Advanced
  • NEW: Ability to control per-SSID band, i.e. dual-band, 2.4GHz only, 5GHz only
  • NEW: 802.11r support for clients that support this faster roaming authentication standard
  • NEW: Automatic disabling of DNS intercept (local DNS relay) for all SSIDs which don't have an Alt DNS defined and aren't using client blocking or splash pages
  • NEW: Ability to disable "failsafe" protection for when internal/external splash page authentication servers can't be reached
  • NEW: Support for future "instant commands" (ping, trace route, etc) that will be included in an upcoming Datto Managed Networking update
  • NEW: When a RADIUS authentication server replies with zero values for download/upload throttle or session timeout, we'll now default to what's configured in the Datto Managed Networking network
  • FIX: Significant improvements to Band-Steering performance and reliability
  • FIX: Several WiFi driver-related issues on 802.11ac devices
  • FIX: Corrects a condition where walled garden entries fail to update properly when Alt DNS is specified
  • FIX: Bridged SSIDs configured with a VLAN tag will now reliably resolve DNS
  • FIX: Prevents a situation where unauthenticated clients could potentially bypass the splash-page
  • FIX: Amazon Instant Video (on mobile app) is no longer improperly identified as "Misc Video"
  • FIX: Resolves ping packet loss when connected to certain 802.3af POE switches (OM5P-AC only)
  • FIX: Addresses a condition where DNS resolution temporarily stops working during AP reconfiguration
  • FIX: Cache cleanup of non-voucher sessions has increased from 12 hours to 72 hours, preventing clients from inadvertently being sent to the splash page before their session timeout
  • FIX: Prevents a condition where a previously-working repeater could become orphaned when using per-AP channel overrides or auto-channel

Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Calling all Partners! We want to hear your feedback! Please participate in this quick survey and help us build a better, more-relevant Knowledge Base!

Want to talk about it? Head on over to our Community Forum!