ALERT: Datto Drive Cloud service will no longer be available as of July 1, 2019. For more information, see our end-of-life article. To learn how to download your Datto Drive Cloud data, please visit this article.

Datto Networking: Datto Access Point Firmware Release Notes

Follow

Topic

This article provides information about firmware updates to Datto Access Points.

Environment

  • Datto Access Points

Description

Latest releases are Datto Networking's newest software updates and features available for beta testing. Stable releases are firmware versions that Datto has tested after one release cycle, or after Datto performs testing and validation. All firmware versions lower than the Stable release become Previous Releases.

Latest Release

6.5.2 (2019-05-15)

New Features and Improvements:

  • Resolved multiple issues with 802.11r functionality, resulting in improved behavior for some client devices.
  • Added support for DFS channels on AP42 and AP62 models.
  • Added support for AP event reporting, which can be found in the Network Overview page.

Bug Fixes

  • Resolved an issue where some access points would consistently show missed check-ins.
  • Fixed an issue where wired clients traffic stats were inaccurate
  • Resolved an issue where WiFi scheduling events could occasionally cause DNS resolution to fail (Resolves known issue in 6.5.1 release: WiFi Scheduling events may halt DNS functionality on access points. As a workaround, disable WiFi Scheduling or flash your access point to firmware version 6.4 if the feature is required).
  • Resolved an issue where AP62s could go offline due to a radio configuration problem after being moved to a network in a different country. (Resolves known issue in 6.5.1 release: When moving an AP62 to a network in a different country, the access point may go offline due to a radio configuration problem, requiring a pinhole reset).
  • Fixed an issue in which DNS Intercept would not work without the Alternate DNS setting if multiple SSIDs are bridged.
  • Resolved an issue where users would be unable to use the logout page when in a splash page's Free Access mode, receiving a "Logout is not possible" error.
  • Resolved an issue where Alternate DNS settings were malformed when the Bridge to VLAN setting was used.
  • Fixed an issue where switching between the gateway to repeater modes would occasionally cause DNS resolution to fail.
  • Fixed an issue where reconfiguring an AP could rarely cause it to get into a bad state where DNS resolution would fail.
  • Resolved an issue where RADIUS authentication requests were configured used the incorrect port by default.
  • Resolved an issue where check-in would fail if DNS resolution failed (Resolved the known issue in the 6.5.1 release: Access points may crash if they cannot resolve their primary check-in server via DNS, and will not use the fallback server as a result. Afflicted access points will remain offline until DNS is functional again, or until you do a pinhole reset).

6.5.1 (2018-11-7)

Bug Fixes

  • Resolved an issue where AP62 access points in Europe failed to check-in.

Known Issues

  • When moving an AP62 to a network in a different country, the access point may go offline due to a radio configuration problem, requiring a pinhole reset.
  • WiFi Scheduling events may halt DNS functionality on access points. As a workaround, disable WiFi Scheduling or flash your access point to firmware version 6.4 if the feature is required.
  • Access points may crash if they cannot resolve their primary check-in server via DNS, and will not use the fallback server as a result. Afflicted access points will remain offline until DNS is functional again, or until you do a pinhole reset.

6.5.0 (2018-10-29)

New Features


Stable Release

6.4.15 (2019-2-4)

Bug Fixes:

  • Resolved an issue which could cause Access Points to check in every ten minutes instead of every five minutes.
  • Resolved an issue in which the date defaulted to February 5, 2017, on first boot, causing check-in failure when NTP breaks.

Vulnerability Fixes:

  • Update curl to address CVE-2018-16839 and CVE-2018-16842 on ng6.4.x.

Known Issues:

  • DNS intercept does not work without Alternate DNS when multiple SSIDs are in a bridged state.
  • The http://logout function does not work with Bridge to LAN enabled.
  • Rarely, an Access Point might boot without DNS resolution. Rebooting the device should resolve the issue.

Previous Releases

6.4.14 (2018-9-26)

Improvements

  • Improved HTTP fallback handling when the primary server check-in fails.

Bug Fixes

  • Resolved an issue that impaired access point radio functionality for users in South Africa.
  • Resolved an issue that generated false outage reports due to the check-in process crashing.
  • Addressed CVE-2018-0497 and CVE-2018-0498 for mbedtls security fixes.

6.4.13 (2018-9-4)

Improvements

  • Added the default server ntp.cloudtrax.com for time synchronization.
  • Updated Datto Networking Portal SSL certificates.
  • Improved HTTP fallback handling when the primary server check-in fails.

Bug Fixes

  • Resolved an issue where a DNS server would crash during reconfiguration.
  • Resolved an issue where radio broadcast transmission exceeded limits set by the Netherlands.
  • Resolved an issue where the access point failed to use its fallback server when SSL certificate expired prevented check-in.

Known Issues

  • The hostname reported via Syslog might display as "lede" instead of the actual hostname.
  • Roaming VLANs may become re-enabled after reboot, even when they are turned off.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the MAC address +1. Consequently, the access point uses a different MAC address for DHCP requests compared to 6.4.2/6.4.1.

6.4.11 (2018-7-16)

  • Added Snapchat into application level tracking.
  • AP42 and AP62 access points now throttle when overheated.
  • Improved AP62 client transmit rate reporting functionality.

Bug Fixes

  • Resolved an issue where an access point would reboot due to erroneous healthcare checks or missing interfaces.
  • Resolved memory usage issues on the AP42 & AP62 access points
  • Resolved an issue that prevented access point setting modification in some countries.
  • Resolved an issue preventing disabling 5GHz in some countries.
  • Resolved an issue in which the firmware upgrade process hung.
  • Resolved an issue where the auto channel optimization feature failed due to invalid scan results.
  • Resolved issues with wireless repeaters rebooted after losing mesh connectivity.
  • Resolved an issue where the band steering daemon hung.
  • Resolved an issue in which the 40MHz channel width could not be used on the mesh interface.
  • Resolved an issue where disabled roaming VLANs re-enabled after reboot.

Known Issues

  • The hostname reported via syslog might report as "lede" instead of the actual hostname.
  • Roaming VLANs may become re-enabled after reboot, even when they are turned off.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. Consequently, the access point uses a different MAC address for DHCP requests compared to 6.4.2/6.4.1.

6.4.8 (2018-5-10)

Improvements

  • When Application Reporting is enabled, all clients are reported, even those with 0 bytes of transfer.

Bug Fixes

  • Resolved an issue where 5GHz meshing always used 80MHz channel width, regardless of channel width settings.
  • Resolved an issue preventing unblocked clients that were previously blocked from remaining blocked until reboot.
  • Resolved an issue where WPA password authentication failed on SSIDs set to 2.4GHz or 5GHz only.
  • Resolved an issue that, when using an alternate DNS, the external splash page would display a "too many redirects" error.

Known Issues

  • Hostname reported via Syslog might report as "lede" instead of the actual hostname.
  • The Datto Networking Portal may incorrectly report some clients as having a 169.x.x.x IP address.
  • Roaming VLANs may become re-enabled after reboot, even when they are turned off in the Datto Networking Portal.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. Consequently, the access point uses a different MAC address for DHCP requests compared to 6.4.2/6.4.1.

6.4.7 (2018-4-11)

New Features

  • Operators can now disable the external splash page pre-authentication.

Fixes

  • Resolved an issue where enabling band steering may result in high processor load and client connection issues.

Known Issues

  • The Datto Networking Portal may incorrectly report some clients as having a 169.x.x.x IP address.
  • A WPA password may not work on SSIDs set to 2.4GHz or 5GHz only.
  • Unblocking previously blocked clients via ManageClients may not work until reboot.
  • 5Ghz Meshing always uses 80Mhz channel width, regardless of channel settings.
  • Hostname reported via Syslog might report as "lede" instead of actual hostname.
  • Roaming VLANs may become re-enabled after reboot, even when they are turned off.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. Consequently, the access point uses a different MAC address for DHCP requests compared to 6.4.2/6.4.1.

6.4.6 (2018-3-12)

Improvements

  • Remote Syslog server support
  • Removed outdated crypto algorithms from SSH implementation

Bug Fixes

  • Some clients may report connecting to the wrong band (e.g., 2.4Ghz instead of 5Ghz).
  • If another SSID is set to use Both-Combined SSID, the AP might not honor the 2.4Ghz only and 5Ghz only band settings. The AP may continue to broadcast both bands.
  • Disabling Application Reporting breaks throttling on non-bridged SSIDs.
  • Some wireless repeaters may report 0 hops on large mesh networks.
  • Some APs may stop reporting client traffic.
  • Throttling does not work on non-bridged SSIDs with Application Reporting disabled.
  • The captive portal may prevent client connections on busy networks if it does not clear the clients list when Application Reporting is disabled.
  • Setting throttle to 100mbit/sec resulted in 10mbit/sec throttle.
  • Auto channel mode may fail due to incorrect channel values reported by AP.

Known Issues

  • The Datto Networking Portal may incorrectly report some clients as having a 169.x.x.x IP address.
  • Enabling Band Steering may result in high processor load and client connection issues.
  • Unblocking previously blocked clients via ManageClients may not work until reboot.
  • The access point does not report wired clients' IP address when Application Reporting is turned off.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. Consequently, the access point uses a different MAC address for DHCP requests compared to 6.4.2/6.4.1.

6.4.5 (2018-1-8)

Bug Fixes

  • Using the SSID Band setting Both - Unique SSIDs truncates the first character of each SSID name.
  • The AP may report N/A N/A for channels, despite broadcasting correctly.

Known Issues

  • Disabling Application Reporting breaks throttling on non-bridged SSIDs.
  • If another SSID is set to use Both-Combined SSID, the AP might not honor the 2.4Ghz only and 5Ghz only band settings. The AP may continue to broadcast both bands.
  • Traffic for wired clients not reported when Application Reporting is turned off.
  • The IP address for wired clients not reported.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. Consequently, the access point uses a different MAC address for DHCP requests compared to 6.4.2/6.4.1.

6.4.4 (2017-12-27)

Improvements

  • Unused splash page images are now deleted automatically from the access point when it saves the SSID settings.
  • Bridge Loop Avoidance is now more aggressive to avoid looping scenarios on complex networks.
  • If AP Mesh is disabled, the access point will reconfigure channel changes immediately.
Bug Fixes
  • Facebook WiFi would not pop-up automatically or would be displayed incorrectly on iOS and macOS devices.
  • Clients w/ hostnames may cause malformed JSON, resulting in a striped pattern on the outage graph due to check-in failure.
  • External splash pages that worked in 6.3 firmware fail to work on 6.4 firmware due to internal CONN_ERR.
  • SSIDs may fail to broadcast with WiFi Scheduling enabled.
  • Disabled LED lights may turn back on after firmware upgrade.

Known Issues

  • If another SSID is set to use  Both-Combined SSID, the 2.4Ghz only and 5Ghz only band settings may not be honored. The AP may continue to broadcast both bands.
  • Using the SSID Band setting Both - Unique SSIDs truncates the first character of each SSID name.
  • Traffic for wired clients not reported when Application Reporting is turned off.
  • The IP address for wired clients not reported.
  • The AP may report N/A N/A for channels, despite broadcasting correctly.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. Consequently, the access point uses a different MAC address for DHCP requests compared to 6.4.2/6.4.1.

6.4.3 (2017-12-4)

New Features

  • Client IP addresses now report to Datto Managed Networking.
  • Added functionality where preference is given to 5Ghz 802.11ac for AP meshing, if available.
  • Firmware upgrade delay reduced and firmware can upgrade when in orphan mode, allowing for faster firmware updates.
  • Added functionality for bridging multiple SSIDs to LAN.

Bug Fixes

  • Bandwidth throttling was not always being applied to some clients when the SSID was bridged to a VLAN or after a WiFi Scheduling event.
  • Upload/Download usage reporting could get reversed.
  • Mesh interface could get set to managed mode, leaving repeaters orphaned.
  • When Status LEDs were turned off, the LEDs would remain off even during reconfiguration or error events.
  • LED may get stuck showing white color.
  • Channel scan could send incorrect channel values causing Auto channel mode to fail.
  • BATMAN Mesh Protocol reverted to BATMAN IV, to restore repeater mesh compatibility with 6.3.x firmware.

Known Issues

  • Disabled LEDs could turn themselves back on after an upgrade.
  • Layer 7 traffic for wired clients not reported.
  • The A42 802.3af port now uses the MAC address shown on the underside sticker, instead of the sticker MAC address +1. Consequently, the access point uses a different MAC address for DHCP requests compared to 6.4.2/6.4.1.

6.4.2 (2017-10-20)

Bug Fixes
  • WPA2 "Key Reinstallation Attack (KRACK)" exploit (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) 
  • Dnsmasq remote code execution vulnerability identified by Google (CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496, CVE-2017-13704, CVE-2017-14491)
  • When using RADIUS for the external splash page, you'll no longer see an "[acct_unique] WARNING: Attribute User-Name was not found in request, unique ID MAY be inconsistent" error in your server logs
  • APs will no longer show striping due to an issue causing missed check-ins

Known Issues
  • Repeaters will take longer than normal to finish upgrading
.
  • Disabled LEDs could turn themselves back on after an upgrade.
  • AP Mesh on 802.11ac devices is currently limited to 5GHz only.
  • Layer 7 traffic for wired clients not reported.
  • The AP may reverse Layer 7 upload/download traffic.
  • Bandwidth throttling might not always work.
  • Upload throttling won't work if the SSID is bridged to VLAN. 
  • A-series LED could hang at "white" even after configuration.

Note: Once your network has upgraded to 6.4.2, if you intend to add any additional repeaters with 6.3 or earlier installed, they'll need to be hard-wired first (to get the update) as they can't mesh with an AP on 6.4


6.4.1 (2017-10-12)

Improvements

  • AP Mesh over 5GHz now supported on 802.11ac devices.
  • Airtime Fairness on 2.4GHz, to improve download throughput and provide equal access to clients.
  • Throughput-based Mesh routing provided by B.A.T.M.A.N version 5.
  • Changed from OpenWRT to LEDE Project (lede-project.org), containing many performance and security improvements.

Bug Fixes

  • Neighbor RSSI now shows correctly within Datto Managed Networking.
Known Issues
  • Repeaters will take longer than normal to finish upgrading.
  • Some APs will show “striping” due to an issue causing missed check-ins.
  • AP Mesh on 802.11ac devices is limited to 5GHz only at present.

Note: Once your network has upgraded to 6.4, if you intend to add any additional repeaters with 6.3 or earlier installed, they'll need to be hard-wired first (to get the update) as they can't mesh with an AP on 6.4


6.3.16 (2017-10-7)

Bug Fixes

  • WPA2 "Key Reinstallation Attack (KRACK)" exploit (CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088) 
  • Dnsmasq remote code execution vulnerability identified by Google (CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496, CVE-2017-13704, CVE-2017-14491)
  • The neighbor list may fail to populate.

6.3.15 (2017-9-25)

Improvements

  • IGMP Proxy support (see Configure -> Advanced).
  • Configuration changes to one SSID won't disrupt other SSIDs.
  • External splash page now sends CIP parameter (for client IP) in addition to client_mac.
  • Client sessions are now reported back to Datto Managed Networking in the event an AP's local session cache is purged for any reason; this will ensure that the built-in splash-page won't unexpectedly appear before reaching the client force or session timeouts. 
  • Band Steering no longer prevents clients from joining the SSID by consuming a high amount of CPU .
  • Bridged clients won't get non-bridged DHCP on initial AP boot.
  • Uploaded images to splash page can now support 250 character filenames.
  • Improves reliability of automatic self-heal mode changes from Gateway -> Repeater.
  • Resolves a situation where disabling DNS Intercept could prevent DNS from working.
  • Internet Check better handles when wired clients are connected.
  • Certain model POE switches no longer experience gateways switching to a repeater.
  • Performance of an encrypted SSID would degrade if 802.11r were enabled.
  • Redirection from a URL with “res” parameter (to external splash page) no longer causes a loop.
  • Addresses an edge-case where clients could potentially bypass a splash page (including blocked clients).
  • Logging out of a voucher (not supported) no longer redirects you to www.open-mesh.com
  • Resolves SSH segmentation fault with Dropbear.
  • Significant improvements to the configuration/reconfiguration of bridged SSIDs (including VLANs).
  • WMM Power Save now works for 802.11n devices in addition to 802.11ac (already supported).
  • The AP now logs changes to the radio channel; log buffer size increased to 128KB.
  • The out-of-box 2.4GHz channel, before configuration, is now Datto Managed Networking default of 6 instead of 5.

Known Issues

  • The neighbor list may fail to populate.

6.3.14 (2017-7-11)

Improvements

  • Images for built-in splash pages are now displaying properly
  • The SSIDs stay up when Internet Check is disabled, and AP loses internet (but not DHCP). 
  • VLAN changes to an SSID now save without needing a reboot
  • Repeaters with bridged SSIDs and no splash page now get LAN IPs as expected
  • Various additional improvements and enhancements

6.3.13 (2017-6-29)

Improvements

  • Added IGMP Proxy support (see Configure -> Advanced).
  • WiFi scheduling works again.
  • Client isolation wasn’t always isolating.
  • Bandwidth throttling in many cases wasn’t working.
  • SSIDs using Band Steering have improved stability.
  • Certain model POE switches no longer experience gateways switching to a repeater.
  • SSIDs configured for 2.4/5GHz-only broadcast correctly utilize Roaming VLANs.
  • The 5GHz radio no longer fails to broadcast if using channel 165 before the next upgrade.
  • Performance of an encrypted SSID would degrade if 802.11r were enabled.
  • Redirection from a URL with “res” parameter (to external splash page) no longer causes a loop.
  • Addresses an edge-case where clients could potentially bypass a splash page (including blocked clients).
  • Logout of a voucher (not supported) no longer redirects you to www.open-mesh.com.
  • Resolves SSH segmentation fault with Dropbear.

6.3.12 (2017-5-1)

Improvements

  • Client sessions are now reported back to Datto Networking if an AP's local session cache is purged for any reason. This ensures the built-in splash-page won't unexpectedly appear before reaching the client force or session timeouts .

6.3.11 (2017-4-20)

Improvements

  • Significant improvements to the configuration/reconfiguration of bridged SSIDs (including VLANs).
  • Bridged SSIDs no longer reverse their reported upload/download traffic in Datto Networking Portal.
  • Prevent SSIDs from accidentally being bridged to the LAN when in NAT mode.
  • Repeaters with bridged SSIDs could prevent DHCP assignment to clients.
  • Addresses a rare condition where repeaters could go offline or into lonely/orphan mode unnecessarily.
  • WMM Power Save now works for 802.11n devices in addition to 802.11ac ( supported).
  • The AP now logs the radio channel changes; log buffer size increased to 128KB.
  • Turning on “Use AP Name” now correctly changes the 2.4GHz SSID name. without a reboot.
  • Bandwidth throttling on bridged SSIDs works if you have Application DPI disabled.
  • Client blocking now properly behaves on networks without a splash page enabled.

6.3.10 (2017-3-8)

Improvements

  • Configuration changes to one SSID won't disrupt other SSIDs
  • External splash page now sends CIP parameter (for client IP) in addition to client_mac
  • Out-of-box 2.4GHz channel, before configuration, is now Datto Managed Networking default of 6 instead of 5
  • Security updates for CVE-2013-4421, CVE-2013-4434, CVE-2016-3116, CVE-2016-7406, CVE-2016-7408, CVE-2016-7409, CVE-2016-7407

Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Want to talk about it? Have a feature request?

Head on over to our Community Forum or get live help.