EAP225-Outdoor firmware 1.5.0 still missing in OC200

EAP225-Outdoor firmware 1.5.0 still missing in OC200
EAP225-Outdoor firmware 1.5.0 still missing in OC200
2019-05-26 12:48:09 - last edited 2019-05-26 12:50:14
Hardware Version: V1
Firmware Version:

Hello @forrest,

 

why is firmware 1.5.0 Build 20190404 for EAP225-Outdoor still missing in OC200's list of available firmware versions?

 

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
0
0
#1
Options
8 Replies
Re:EAP225-Outdoor firmware 1.5.0 still missing in OC200
2019-05-27 00:40:08

Hi,

 

We will have a test in our lab, I will answer you as soon as possible.

0
0
#2
Options
More bugs (was: Re: EAP225-Outdoor firmware 1.5.0 still missing in OC200)
2019-05-27 09:44:06 - last edited 2019-05-27 09:52:37

forrest wrote

We will have a test in our lab, I will answer you as soon as possible.

 

Hello @forrest,

 

thanks. While you're at it, can you please ask R&D about:

 

1. When can we expect the fix of the 1:1 aspect ratio for logos on the portal page introduced in Omada Controller v2.5? We did discuss this issue already last year when v2.5 came out. It is still not possible to use rectangular non-quadratic logos in latest OC200 version 1.1.1 (Omada Controller 3.1.13):

 

 

 

 

2. Manual upgrade function for OC200 disappears from Controller Settings if connecting to the Omada Controller's web UI through the cloud. If we need to downgrade OC200 firmware at the customer's site, we need accessing the built-in web UI directly which is not always possible (we had the need already to downgrade an OC200 remotely via cloud/Internet - wasn't possible without visiting the customer's site for physical access to the OC200):

 

See menu controller settings when remotely connected through the cloud:

 

 

 

Controller settings when connected physically to the OC200 through the LAN:

 

 

 

3. Please add missing AP isolation ASAP. This is an important function for public WiFi hotspots. One of our key customer did turn on »Guest network« after updating to latest controller version causing our own hotspot system to fail at several of this customer's location. Our support did waste hours to isolate the problem caused by blocking all private IPs due to this setting.

 

As I wrote at several other occasions, it is a very bad idea to integrate elementary functions (such as AP isolation and access control, ACLs) in other functions (such as guest networks) while at the same time removing fine-grained controls.

 

If unexperienced users are not capable to set up guest networks using the traditional way (Multi-SSID, VLANs, ACLs), it's perfectly fine to add a »wizard« function just for them, but please don't remove fine-grained controls such as AP isolation which are still needed by professional users using Omada products together with their own solutions.

 

 

4. It would be helpful for OEMs such as us to have access to OC200 through serial console, for example to install own SSL certificates, to set up additional cron jobs/schedules and to automate backups using our own way using backup servers etc. Seems that this access method has been disabled on the board, so it's just making it much harder (but not impossible at all) to activate.

 

 

5. Please document hard-coded limits of the controller software such as maximum number of sites per controller, maximum numbers of EAPs per site and controller, maximum numbers of WLAN groups etc. It is important for us to be able to plan how many sites and EAPs we can manage with one (software) controller.

 

 

Minor (cosmetic) quirks:

 

6. When adopting/changing settings of an EAP, display of status »Provisioning« doesn't change after it has been provisioned. Other status changes will be displayed without having to reload the page.

 

7. Tables on all listings don't scale well on smaller screens/laptops. Makes it hard to read when there are several dozens EAPs connected to the same controller.

 

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
2
2
#3
Options
Re:EAP225-Outdoor firmware 1.5.0 still missing in OC200
2019-05-28 03:50:45

Hello,

 

For the issue, I had a test in our lab, and I found that when the firmware is 20181107, I can see the latest version in OC200. 


0
0
#4
Options
Re:More bugs (was: Re: EAP225-Outdoor firmware 1.5.0 still missing in OC200)
2019-05-28 06:41:16 - last edited 2019-05-28 06:42:10

Hi R1D1,

 

Thank you for your feedback.

 

1. For the first issue, we have already fixed this in Controller 3.1.13, you can see it in the following picture.

 

 

2. For the second issue, we can upgrade the firmware through cloud, you can see it in the following picture.

 

 

3. For the thrid issue, now the guest network has two function, that is SSID Isolation and block the private subnet. You can try to add some items in the ACL to allow to access the private subnet. 

 

4. For the fourth issue, it may not convenient for us to achieve, I will add it to our suggestion list and consult with our colleagues.

 

5. For the fifth issue, in each Controller we can add no more than 100 sites. We cannot tell you the number of EAP in each site becasue it is up to you. But please manage no more than 500 EAP in each Controller. There is no limit for the WLAN Group.

 

6. For the sixth issue, do you mean that if you don't load the page, the provisioning will not change to provisioned?

 

7. For the last issue, could you please use a picture to describe it?

 

 

0
0
#5
Options
Re: EAP225-Outdoor firmware 1.5.0 still missing in OC200
2019-05-28 08:12:06

forrest wrote

Hello,

 

For the issue, I had a test in our lab, and I found that when the firmware is 20181107, I can see the latest version in OC200. 

 

Ok, so to be precise:

 

One has to go to batch upgrade, check for upgrades, go back to the AP list and click the upgrade button to do an individual upgrade one-by-one to avoid all EAPs of the same type to become inaccessible to users during upgrade.

 

 

 

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
0
0
#6
Options
Re: More bugs (was: Re: EAP225-Outdoor firmware 1.5.0 still missing in OC200)
2019-05-28 09:30:39 - last edited 2019-05-28 15:04:09

forrest wrote

 

2. For the second issue, we can upgrade the firmware through cloud, you can see it in the following picture.

 

Thanks for your reply.

 

Re 2) I know that upgrade works through cloud access. My question was why »Manual upgrade« option disappears through cloud access thus forcing physical (direct) access from LAN to OC200 in order to downgrade firmware if it becomes necessary.

 

3. For the thrid issue, now the guest network has two function, that is SSID Isolation and block the private subnet. You can try to add some items in the ACL to allow to access the private subnet. 

 

 

Still a bad idea to combine this two functions into one. I did notice this policy change in Omada Controller only because in half a dozen hotspots which use their own servers running Omada Controller the IT folks did enable the guest network and broke access to an app running on our own WiFi gateway in their LAN. I have no access to the customer's Omada Controllers and couldn't change or even look to anything they did change.

 

Thus, the customer did suspect the bug in our software at first and we tried to track down a problem not caused by our system at all for several hours until I found out that they did enable guest network in their Omada Controller. Downtime of Internet access for several hundred users was 13 hours until they informed us and 4 more hours until we found the cause for this interruption of service.

 

They already did use ACLs to block private IPs, so I now have to tell them to change all ACLs for allowing access to our system and to enable guest network in order to get AP isolation back. Combining AP isolation with guest network setting is a profound change in policy, should be stated prominently in a warning dialog popping up during a transition time to avoid such situations of loss of services.

 

4. For the fourth issue, it may not convenient for us to achieve, I will add it to our suggestion list and consult with our colleagues.

 

 

Ok, thanks. Alternatively we could run the Omada server software on our dedicated embedded hardware running Debian, but I would prefer to sell OC200.

 

5. For the fifth issue, in each Controller we can add no more than 100 sites. We cannot tell you the number of EAP in each site becasue it is up to you. But please manage no more than 500 EAP in each Controller. There is no limit for the WLAN Group.

 

 

Great, thanks. Good to know, so we can still add more customers to the software server.

 

6. For the sixth issue, do you mean that if you don't load the page, the provisioning will not change to provisioned?

 

 

No, I mean all status changes are done using AJAX thus displaying such status changes automatically except for provisioning state in which the status display gets stuck until you reload the page. No big deal, just a minor quirk anyway.

 

7. For the last issue, could you please use a picture to describe it? 

 

 

Sure. Your web table layout uses hardcoded sizes for cells, leading to line wraps in cells. Hard to read if you have dozens of APs:

 

 

 

 

You could instead let the browser resize table cells - it can do this better and that's what tables are for. Just remove the width="NNpx" attribute from the table data (td) element. This saves lot of space on the page, especially if you remove or minimize cell padding, too. Did suggest this in V2.7.0 already, could look like this:

 

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
1
1
#7
Options
Re:Re: More bugs (was: Re: EAP225-Outdoor firmware 1.5.0 still missing in OC200)
2019-05-28 23:41:06

Hi R1D2,

 

Re 2) I know that upgrade works through cloud access. My question was why »Manual upgrade« option disappears through cloud access thus forcing physical (direct) access from LAN to OC200 in order to downgrade firmware if it becomes necessary.

 

----> The firmware of the PC200 is too big, there may be something wrong when we manually upgrade the firmware, and when we downgrade the firmware, all configuration will be lost, so we doesn't support manual upgrade.

 

Still a bad idea to combine this two functions into one. I did notice this policy change in Omada Controller only because in half a dozen hospitals which use their own servers running Omada Controller the IT folks did enable the guest network and broke access to an app running on our own WiFi gateway in their LAN. I have no access to the customer's Omada Controllers and couldn't change or even look to anything they did change. Thus, the customer did suspect the bug in our software at first and we tried to track down a problem not caused by our system at all for several hours until I found out that they did enable guest network in their Omada Controller. Downtime of Internet access for several hundred users was 13 hours until they informed us and 4 more hours until we found the cause.

 

They already did use ACLs to block private IPs, so I now have to tell them to change all ACLs for allowing access to our system and to enable guest network in order to get AP isolation back. Combining AP isolation in guest network is a profound change in policy, should be stated prominently in a warning dialog popping up during a transition time to avoid such situations.

 

----> For this we will add it to our suggestion lists.

0
0
#8
Options
Re: More bugs (was: Re: EAP225-Outdoor firmware 1.5.0 still missing in OC200)
2019-05-29 08:50:57 - last edited 2019-05-29 08:56:49

forrest wrote

 ----> The firmware of the PC200 is too big, there may be something wrong when we manually upgrade the firmware, and when we downgrade the firmware, all configuration will be lost, so we doesn't support manual upgrade.

 

Does this mean that the developers have lost control over their software running on OC200?

 

Maybe it could help to make Omada Controller Open Source software (OSS) then. The OSS community is able to handle even bigger and much more complex software products such as the Linux system and we would be glad to help out.

 

[AP isolation vs. Guest Network] 

----> For this we will add it to our suggestion lists.

 

Ok, thanks. Please decide quickly.

 

Just today, next customer did complain about interruption of service with two EAP225 V3/firmware V2.5.0 just deployed in their network. Same cause, they did enable guest network setting and blocked access to our WiFi gateway in their LAN.

༺ 0100 1101 0010 10ཏ1 0010 0110 1010 1110 ༻
0
0
#9
Options