Storm season is back, bringing with it the potential for significant weather events. If you have clients in areas prone to infrastructure disruption, visit the Disaster Recovery Resources guide for preparedness information. Datto recommends performing proactive disaster recovery testing to mitigate potential downtime. See our articles about the importance of disaster recovery testing and Preparing For A Cloud Virtualization Test: Policies, Procedures, And Partner Responsibilities to learn more. For live updates, follow @datto on Twitter.

Datto Access Point Firmware Release Notes

Follow

Topic

This article provides information about firmware updates to Datto Access Points.

Environment

  • Datto Access Points

Description

Portal releases may change the management options available for your devices. You can learn more about functionality changes for specific appliances in their dedicated release notes articles.

6.4.14 (September 26, 2018)

Improvements

  • Improved HTTP fallback handling when the primary server checkin fails.

Bug Fixes

  • Resolved an issue that impaired access point radio functionality for users in South Africa.
  • Resolved an issue that generated false outage reports due to the checkin process crashing.
  • Addressed CVE-2018-0497 and CVE-2018-0498 for mbedtls security fixes.

6.4.13 (September 4, 2018)

Improvements

  • Added the default server ntp.cloudtrax.com for time synchronization.
  • Updated Datto Networking Portal SSL certificates.

Bug Fixes

  • Resolved an issue where a DNS server would crash during reconfiguration.
  • Resolved an issue where radio broadcast transmission exceeded limits set by the Netherlands.
  • Resolved an issue where the access point failed to use its fallback server when SSL certificate expired prevented check-in.

Known Issues

  • The hostname reported via syslog might report as "lede", instead of actual hostname.
  • Roaming VLANs may become re-enabled after reboot, even when they are turned off.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. This results in a different MAC address being used for DHCP requests compared to 6.4.2/6.4.1.

6.4.11 (July 16, 2018)

  • Added Snapchat into application level tracking.
  • Added functionality where the AP42 and AP62 access points now throttle when overheated.
  • Improved AP62 client transmit rate reporting functionality.

Bug Fixes

  • Resolved an issue where an access point would reboot due to erroneous healthcare checks or missing interfaces.
  • Resolved a memory usage on the AP42 & AP62 access points
  • Resolved an issue that prevented access point setting modification in some countries.
  • Resolved an issue that prevented disabling 5GHz in some countries.
  • Resolved an issue where the firmware upgrade process hung.
  • Resolved an issue where the auto channel optimization feature failed due to invalid scan results.
  • Resolved an issue where wireless repeaters rebooted after losing mesh connectivity.
  • Resolved an issue where the band steering daemon hung.
  • Resolved an issue where the 40MHz channel width could not be used on the mesh interface.
  • Resolved an issue where disabled roaming VLANs re-enabled after reboot.

Known Issues

  • The hostname reported via syslog might report as "lede", instead of actual hostname.
  • Roaming VLANs may become re-enabled after reboot, even when they are turned off.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. This results in a different MAC address being used for DHCP requests compared to 6.4.2/6.4.1.

6.4.8 (May 10, 2018)

Improvements

  • All clients are reported when Application Reporting is enabled, even those with 0 bytes of transfer.

Bug Fixes

  • Resolved an issue where 5GHz meshing always used 80MHz channel width, regardless of channel width settings.
  • Resolved an issue where unblocked clients that were previously blocked may remained so until reboot.
  • Resolved an issue where WPA password authentication failed on SSIDs set to 2.4GHz or 5GHz only.
  • Resolved an issue that, when using an alternate DNS, the external splash page would display a "too many redirects" error.

Known Issues

  • Hostname reported via syslog might report as "lede", instead of actual hostname.
  • The Datto Networking Portal may incorrectly report some clients as having a 169.x.x.x IP address.
  • Roaming VLANs may become re-enabled after reboot, even when they are turned off in the Datto Networking Portal.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. This results in a different MAC address being used for DHCP requests compared to 6.4.2/6.4.1.

6.4.7 (April 11, 2018)

New Features

  • Operators can now disable the external splash page pre-authentication.

Fixes

  • Resolved an issue where enabling band steering may result in high processor load and/or client connection issues.

Known Issues

  • The Datto Networking Portal may incorrectly report some clients as having a 169.x.x.x IP address.
  • A WPA password may not work on SSIDs set to 2.4GHz or 5GHz only.
  • Unblocked clients that were previously blocked via Manage -> Clients may remain blocked until reboot.
  • 5Ghz Meshing always uses 80Mhz channel width, regardless of channel settings.
  • Hostname reported via syslog might report as "lede", instead of actual hostname.
  • Roaming VLANs may become re-enabled after reboot, even when they are turned off.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. This results in a different MAC address being used for DHCP requests compared to 6.4.2/6.4.1.

6.4.6 (Mar 12, 2018)

Improvements

  • Remote syslog server support
  • Removed outdated crypto algorithms from SSH implementation

Bug Fixes

  • Some clients may report being connected to the wrong band(e.g. 2.4Ghz instead of 5Ghz).
  • "2.4Ghz only" and "5Ghz only" band setting may not be honored if another SSID is set to use the "Both - Combined SSID". The AP may continue to broadcast both bands.
  • Disabling Application Reporting breaks throttling on non-bridged SSIDs.
  • Some wireless repeaters may report 0 hops on large mesh networks.
  • Some APs may stop reporting client traffic.
  • Throttling does not work on non-bridged SSIDs with Application Reporting disabled.
  • Captive portal may prevent client connections on busy networks due to not clearing its clients list when Application Reporting is disabled.
  • Setting throttle to 100mbit/sec resulted in 10mbit/sec throttle.
  • Auto channel mode may fail due to incorrect channel values reported by AP.

Known Issues

  • The Datto Networking Portal may incorrectly report some clients as having a 169.x.x.x IP address.
  • Enabling Band Steering may result in high processor load and/or client connection issues.
  • Unblocked clients that were previously blocked via Manage -> Clients may remain blocked until reboot.
  • The IP address of wired clients is not reported when Application Reporting is turned off.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. This results in a different MAC address being used for DHCP requests compared to 6.4.2/6.4.1.

6.4.5 (Jan 8, 2018)

Bug Fixes

  • Using the SSID Band setting "Both - Unique SSIDs", results in the first character of each SSID name being truncated.
  • AP may report N/A N/A for channels, despite broadcasting correctly.

Known Issues

  • Disabling Application Reporting breaks throttling on non-bridged SSIDs.
  • "2.4Ghz only" and "5Ghz only" band setting may not be honored if another SSID is set to use the "Both - Combined SSID". The AP may continue to broadcast both bands.
  • Traffic for wired clients not reported when Application Reporting is turned off.
  • IP address for wired clients not reported.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. This results in a different MAC address being used for DHCP requests compared to 6.4.2/6.4.1.

6.4.4 (Dec 27, 2017)

Improvements

  • Unused splash page images are now deleted automatically from the access point when SSID settings are saved.
  • Bridge Loop Avoidance is now more aggressive to avoid looping scenarios on complex networks.
  • If AP Mesh is disabled, access point will reconfigure channel changes immediately.
Bug Fixes
  • Facebook WiFi would not pop-up automatically or would be displayed incorrectly on iOS and macOS devices.
  • Clients w/ hostnames may cause malformed JSON, resulting in striped pattern on the outage graph due to check-in failure.
  • External splash pages that worked in 6.3 firmware fail to work on 6.4 firmware due to internal CONN_ERR.
  • SSIDs may fail to broadcast with WiFi Scheduling enabled.
  • Disabled LED lights may turn back on after firmware upgrade.

Known Issues

  • "2.4Ghz only" and "5Ghz only" band setting may not be honored if another SSID is set to use "Both - Combined SSID". The AP may continue to broadcast both bands.
  • Using the SSID Band setting "Both - Unique SSIDs", results in the first character of each SSID name being truncated.
  • Traffic for wired clients not reported when Application Reporting is turned off.
  • IP address for wired clients not reported.
  • AP may report N/A N/A for channels, despite broadcasting correctly.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. This results in a different MAC address being used for DHCP requests compared to 6.4.2/6.4.1.

6.4.3 (Dec 4, 2017)

New Features

  • Client IP addresses now reports to Datto Managed Networking.
  • Added functionality where preference is given to 5Ghz 802.11ac for AP meshing, if available.
  • Firmware upgrade delay reduced and firmware can upgrade when in orphan mode, allowing for faster firmware updates.
  • Added functionality for bridging multiple SSIDs to LAN.

Bug Fixes

  • Bandwidth throttling was not always being applied to some clients, when the SSID was bridged to a VLAN or after a WiFi Scheduling event.
  • Upload/Download usage reporting could get reversed.
  • Mesh interface could get set to managed mode, leaving repeaters orphaned.
  • When Status LEDs were turned off, the LEDs would remain off even during reconfiguration or an error events.
  • LED may get stuck showing white color.
  • Channel scan could send incorrect channel values causing Auto channel mode to fail.
  • BATMAN Mesh Protocol reverted to BATMAN IV, to restore repeater mesh compatibility with 6.3.x firmware.

Known Issues

  • Disabled LEDs could turn themselves back on after upgrade.
  • Layer 7 traffic for wired clients not reported.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. This results in a different MAC address used for DHCP requests compared to 6.4.2/6.4.1.

6.4.2 (Oct 20, 2017)

Bug Fixes
  • WPA2 "Key Reinstallation Attack (KRACK)" exploit (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) 
  • Dnsmasq remote code execution vulnerability identified by Google (CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496, CVE-2017-13704, CVE-2017-14491)
  • When using RADIUS for external splash page, you'll no longer see an "[acct_unique] WARNING: Attribute User-Name was not found in request, unique ID MAY be inconsistent" error in your server logs
  • APs will no longer show “striping” due to an issue causing missed check-ins


Known Issues
  • Repeaters will take longer than normal to finish upgrading
.
  • Disabled LEDs could turn themselves back on after upgrade.
  • AP Mesh on 802.11ac devices is currently limited to 5GHz only.
  • Layer 7 traffic for wired clients not reported.
  • Layer 7 upload/download traffic could be reversed.
  • Bandwidth throttling might not always work.
  • Upload throttling won't work if SSID is bridged to VLAN.
  • A-series LED could be stuck at "white" even after configuration.

Note: Once your network has upgraded to 6.4.2, if you intend to add any additional repeaters with 6.3 or earlier installed, they'll need to be hard-wired first (to get the update) as they can't mesh with an AP on 6.4

6.4.1 (Oct 12, 2017)

Improvements

  • AP Mesh over 5GHz now supported on 802.11ac devices.
  • Airtime Fairness on 2.4GHz, to improve download throughput and provide equal access to clients
  • Throughput-based Mesh routing provided by B.A.T.M.A.N version 5
  • Changed  change from OpenWRT to LEDE Project (lede-project.org), containing many performance and security improvements

Bug Fixes

  • Neighbor RSSI now properly shows within Datto Managed Networking.
Known Issues
  • Repeaters will take longer than normal to finish upgrading
  • Some APs will show “striping” due to an issue causing missed check-ins
  • AP Mesh on 802.11ac devices is limited to 5GHz only at present

Note: Once your network has upgraded to 6.4, if you intend to add any additional repeaters with 6.3 or earlier installed, they'll need to be hard-wired first (to get the update) as they can't mesh with an AP on 6.4


6.3.16 (October 17, 2017)

  • WPA2 "Key Reinstallation Attack (KRACK)" exploit (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) 
  • Dnsmasq remote code execution vulnerability identified by Google (CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496, CVE-2017-13704, CVE-2017-14491)
  • The neighbor list may fail to populate.

6.3.15 (Sept 25, 2017)

Improvements

  • IGMP Proxy support (see Configure -> Advanced)
  • Configuration changes to one SSID won't disrupt other SSIDs
  • External splash page now sends CIP parameter (for client IP) in addition to client_mac
  • Client sessions are now reported back to Datto Managed Networking in the event an AP's local session cache is purged for any reason; this will ensure that the built-in splash-page won't unexpectedly appear prior to the client force timeout or session timeout being reached.
  • Band Steering no longer consumes high amount of CPU preventing clients from joining SSID
  • Bridged clients won't get non-bridged DHCP on initial AP boot
  • Uploaded images to splash page can now support 250 character filenames
  • Improves reliability of automatic self-heal mode changes from Gateway -> Repeater
  • Resolves a situation where disabling DNS Intercept could prevent DNS from working
  • Internet Check better handles when wired clients are connected
  • Certain model POE switches no longer experience gateways switching to repeater
  • Performance of an encrypted SSID would degrade if 802.11r was enabled
  • Redirection from a URL with “res” parameter (to external splash page) no longer causes loop
  • Addresses an edge-case where clients could potentially bypass a splash page (including blocked clients)
  • Logout of a voucher (which isn’t supported) no longer redirects you to www.open-mesh.com
  • Resolves SSH segmentation fault with Dropbear
  • Significant improvements to the configuration/reconfiguration of bridged SSIDs (including VLANs) 
  • WMM Power Save now works for 802.11n devices in addition to 802.11ac (which was already supported)
  • Change to radio channel is now logged on the AP; log buffer size increased to 128KB
  • Out-of-box 2.4GHz channel, prior to configuration, is now Datto Managed Networking default of 6 instead of 5

Known Issues

  • The neighbor list may fail to populate.

6.3.14 (July 11, 2017)

Improvements

  • Images for built-in splash pages are now displaying properly
  • When Internet Check is disabled and AP loses internet (but not DHCP) the SSIDs stay up
  • VLAN changes to an SSID now save without need for reboot
  • Repeaters with bridged SSIDs and no splash page now get LAN IPs as expected
  • Various additional improvements and enhancements

6.3.13 (June 29, 2017)

Improvements

  • IGMP Proxy support (see Configure -> Advanced)
  • WiFi scheduling works again
  • Client isolation wasn’t always isolating
  • Bandwidth throttling in many cases wasn’t working
  • Improved stability for SSIDs using Band Steering
  • Certain model POE switches no longer experience gateways switching to repeater
  • SSIDs configured for 2.4/5GHz-only broadcast correctly utilize Roaming VLANs
  • 5GHz radio no longer fails to broadcast if using channel 165 prior to next upgrade
  • Performance of an encrypted SSID would degrade if 802.11r was enabled
  • Redirection from a URL with “res” parameter (to external splash page) no longer causes loop
  • Addresses an edge-case where clients could potentially bypass a splash page (including blocked clients)
  • Logout of a voucher (which isn’t supported) no longer redirects you to www.open-mesh.com
  • Resolves SSH segmentation fault with Dropbear

6.3.12 (May 1, 2017)

Improvements

  • Client sessions are now reported back to Datto Networking in the event an AP's local session cache is purged for any reason; this will ensure that the built-in splash-page won't unexpectedly appear prior to the client force timeout or session timeout being reached.

6.3.11 (April 20, 2017)

Improvements

  • Significant improvements to the configuration/reconfiguration of bridged SSIDs (including VLANs) 
  • Bridged SSIDs no longer reverse their reported upload/download traffic in Datto Networking Portal.
  • Prevent SSIDs from accidentally being bridged to the LAN when in NAT mode
  • Repeaters with bridged SSIDs could prevent DHCP assignment to clients
  • Addresses a rare condition where repeaters could go offline or into lonely/orphan mode unnecessarily
  • WMM Power Save now works for 802.11n devices in addition to 802.11ac (which was already supported)
  • Change to radio channel is now logged on the AP; log buffer size increased to 128KB
  • “Use AP Name” being turned on now correctly changes the 2.4GHz SSID name without a reboot
  • Bandwidth throttling on bridged SSIDs works if you have Application DPI disabled
  • Client blocking now properly behaves on networks without a splash page enabled

6.3.10 (March 8, 2017)

Improvements

  • Configuration changes to one SSID won't disrupt other SSIDs
  • External splash page now sends CIP parameter (for client IP) in addition to client_mac
  • Out-of-box 2.4GHz channel, prior to configuration, is now Datto Managed Networking default of 6 instead of 5
  • Security updates for CVE-2013-4421, CVE-2013-4434, CVE-2016-3116, CVE-2016-7406, CVE-2016-7408, CVE-2016-7409, CVE-2016-7407

Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Calling all Partners! We want to hear your feedback! Please participate in this quick survey and help us build a better, more-relevant Knowledge Base!

Want to talk about it? Head on over to our Community Forum!