Cisco IXM
Installation
To perform a clean installation and prevent installation issues, please use the "/factory" option while installing the Cisco firmware:
# archive download-sw firmware /factory /save-reload flash:<targz fw file>
To learn more about the installation steps, see Installing the LRR image on Cisco IXM.
Version 2.8.54
Supported hardware
Hardware Model | FPGA | Firmware | HAL |
---|---|---|---|
Cisco IXM standalone/1-box version (Corsica) | 61 | 2.3.2 | 5.1 |
New features
- SSH key security improvement (GRAL-285): Explicitly generating 2048-bits RSA key.
Other improvements
-
Upgrade of LRR dependencies to the following versions:
- slang (2.1.4) -> 2.3.3
- popt (1.16) -> 1.19
- newt (0.52.18) -> 0.52.24
- jansson (2.11) -> 2.14
- zlib (1.2.11) if needed -> 1.3.1
-
Fix Terrapin vulnerability
-
Access to stunnel logs within suplog
Bug fixes
-
PT-2634/PT-2670/PT-2683/GRAL-287: Fix TLS issue after regenerating stunnel.conf. This fix lifts the known limitation present in the previous LRR version, about RF Region update and RF scan in TLS mode.
-
PT-2676: Fix an update issue of the ISM band during RF Region update.
-
PT-2548: Fix the RFscan upload result. rfScanState using countrfscan now returns the correct rp_code (not just 0 or 1).
-
PT-2506: When pingaddrconf is in automatic mode and security=none, use lrc addr instead of slrc addr.
-
PT-2708: kill all sshpass.x processes when exiting rescue SSH.
-
PT-2717: shellcmd should not set secondarylrc if it doesn't exist.
-
PT-2513: Fix the GUI error during LRR upgrade, by restoring cmd_shells files after reboot when upgrading LRR (only for cisco IXM).
-
PT-2619/PT-2721: Always check for /var/run/hosts_ip_status file (only for cisco IXM).
-
PT-2713/PT-2719: When upgrading the LRR, unpack cpkg file without the lrr-opk.pubkey signature but with md5 file (only for cisco IXM).
Known issues
- PT-2504/PT-2659: No support for IPtable rules in Cisco's firmware 2.3.2.
Version 2.8.47
Supported hardware
Hardware Model | FPGA | Firmware | HAL |
---|---|---|---|
Cisco IXM standalone/1-box version (Corsica) | 61 | 2.3.2 | 5.1 |
New features
-
New firmware support: This version introduces the support of Cisco firmware 2.3.2.
-
Possibility to customize the SUPPORT password from SUPLOG (RDTP-15143): For enhanced security, the default SUPPORT password may be changed by the user from SUPLOG console, under Identifiers > Set Actility support tool password.
-
Enhanced filtering of non-LoRaWAN uplink packets (RDTP-17897): Optimized LRR filtering of uplink packets to discard non-LoRaWAN frames.
Other improvements
- RF Region download enhancements (PT-2528): Try download:1 if download:0 fails.
Bug fixes
-
PT-2643: Only 1 IPSEC tunnel is established after reload, although all tunnels should be up.
-
PT-2548/PT-2641: Rework of RF-scan upload to avoid transmission failure in case only one 1 FTP is configured (e.g. for self-hosted configuration without high availability).
-
PT-2618: Routes in ipfailover2.ini & netitf.pingaddr in lrr.ini not updated correctly after rollback.
-
PT-2631: Checkpki does not detect IPSec connection issue if IPSec is not connected at all.
-
PT-2619: [Cisco IXM] gateway connected but shows as "NOT CONNECTED" in the GUI.
-
GRAL-179: Remove hardcoded key from suplog.
-
GRAL-205: Fix ip static configuration and misc network config changes (gwmgr).
-
PT-2515: Fix uninitialized values in suplog.
-
PT-2542: Failed to reboot displayed on GUI when rebooting base station from GUI.
-
PT-2595: $ROOTACT/var/log/lrr/cmd_shells logs keep accumulating.
Known issues
-
PT-1814: "NTP not synchronized" when GPS is used. This is a firmware restriction (GPS sync is independent of NTP).
-
PT-2504/PT-2659: No support for IPtable rules in Cisco's firmware 2.3.2.
-
PT-2670: RFRegion on GUI not updated accordingly after restoration.
-
PT-2683: In TLS security mode, when the BS certificate is regenerated, either upon automatic renewal or manually regenerated by the user, some functions may be disturbed such as RF region update and RF scan. The workaround is to manually reboot the BS after it has downloaded the new certificate.
-
PT-2513: LRR upgrade via GUI returns “ERR_NOEND”.
Version 2.8.36
Supported hardware
Hardware Model | FPGA | Firmware | HAL |
---|---|---|---|
Cisco IXM standalone/1-box version (Corsica) | 61 | 2.3.1 | 5.1 |
New features
-
New firmware support: This version introduces the support of Cisco firmware 2.3.1.
-
Support TLS as a new communication security protocol: TLS (Transport Layer Security) has been added along with IPSec (Internet Protocol Security). By default, TLS is used to encrypt every message going from the LRR to the ThingPark platform. IPSec can still be used and configured using the Suplog. To learn more, see Activating a secure connection via IPSec or TLS.
-
Allow configuring ICMP destinations in SUPLOG (RDTP-17415): Make it possible to customize the ICMP destinations in SUPLOG to comply with specific deployment use cases where ICMP protocol is not authorized on ThingPark's server side.
-
Introduction of embedded virtual device probe: This feature provides insight into the RF quality of the network using an emulated device in the LRR to send messages over the LRR antenna, and then analyze the quality of the received uplink packet by other surrounding LRRs.
-
Introduction of new managers: Centralmgr is now centralizing all information from the other managers: gwmgr, failovermgr, restoremgr, rollbackmgr, lrrmgr, pkimgr.
Other improvements
-
IPsec configuration improvements
-
Reboot as an environment variable
-
NTP configuration improvement
-
Reverse SSH improvements when losing connection to the gateway
-
Improvements on SUPLOG
-
Improvements on failover
-
Improvement when cleaning certificates
-
Improvement of log rotation
-
Improvement of backup/restore
-
Improvement of sysconfiglrr
Bug fixes
-
PT-1945: Temporary SUPLOG log working files deleted in tmp folder
-
PT-2448: Fix switchover to TLS mode
-
PT-2452: Fix error ERR_NOEND when restoring from TPE GUI
-
PT-2454: Deactivate ethernet static configuration via SUPLOG
-
PT-2160: reboot disconnects the gateway for good
-
PT-2395: IPSEC tunnel failed to setup
-
PT-2449: Multiple rescue SSH sessions remained open
-
PT-2399: NTP server with IP can be configured via SUPLOG menu
-
PT-2419: Clean PKI certificates
-
PT-2420: "reboot" command is now an env variable
-
GRAL-38: SSH lock preventing concurrent accesses to the host
Known issues
-
PT-1814: "NTP not synchronized" when GPS is used. This is a firmware restriction (GPS sync is independent of NTP).
-
PT-866: restriction: upgrade LRR not available for router version
-
PT-2683: In TLS security mode, when the BS certificate is regenerated, either upon automatic renewal or manually regenerated by the user, some functions may be disturbed such as RF region update and RF scan. The workaround is to manually reboot the BS after it has downloaded the new certificate.