ECW536

v1.7.83

[Issues Fixed]

  1. Enhance the gateway detection mechanism in Bridge Mode to solve the problem that captive portal clients could not correctly redirect to gateway.

  2. Solve the issue that LSP can still access when Local Web Pages was disabled.

  3. Fix the problem that AP goes offline when the third octet of gateway (GW) subnet mask is less than 255 (e.g., GW IP 192.168.1.1, mask 255.255.254.0).

  4. Fix the issue that TX Bytes and RX Bytes statistics in the disconnection log always show 0.

  5. Fix AP cannot send 802.11v post-association packets properly when band steering is enabled.

v1.7.82

  • Support EnGenius fast-handover algorithm 2.0

  • Remove dropbear chacha20-poly1305@openssh.com encryption due to security concern.

  • Fix the issue that clients may get disconnected after editing ACL rules.

  • Add country code for Japan.

v1.7.81

  • Add support for SAMLv2 (Security Assertion Markup Language version 2) in Captive portal with Azure-AD.

  • Support HTTPS-Only for local device page.

  • Support WPA2-PSK[AES] + WPA-PSK[TKIP] encryption mode.

  • Speed up the LED turn-off time when the user disables the LED Light function.

Appendix for v1.x.81

  1. Add support for SAMLv2 in Captive portal with Azure-AD

A captive portal is a web page that users must interact with to gain network access, often seen in public Wi-Fi networks. This update introduces support for SAMLv2 (Security Assertion Markup Language version 2), a prominent protocol used for exchanging authentication and authorization data between identity providers and service providers.

(a) What is SAMLv2?

SAMLv2 is an XML-based open standard for secure exchange of authentication and authorization data. It enables Single Sign-On (SSO), allowing users to authenticate once and gain access to multiple applications without re-entering credentials. In the context of Azure AD, SAMLv2 facilitates secure communication between Azure AD (the identity provider) and various services (service providers) users want to access.

(b) Implications of This Update

  • Enhanced Authentication: Users can now authenticate through Azure AD when accessing a network via a captive portal. This means that organizations leveraging Azure AD for identity management can extend its use to captive portals, ensuring a consistent and secure authentication process.

  • Single Sign-On (SSO): With SAMLv2, users benefit from SSO capabilities. They log in once with their Azure AD credentials and gain seamless access to multiple services and applications without the need to re-authenticate, improving user experience and productivity.

  • Increased Security: SAMLv2 enhances security by enabling strong authentication and reducing password fatigue. It ensures that authentication tokens are securely transmitted and managed, protecting user credentials from potential attacks.

(c) Practical Applications

Organizations can now implement SAMLv2-based captive portals, allowing users to connect to networks using their Azure AD credentials. This integration streamlines access management and bolsters security, making it especially beneficial for enterprises with a high reliance on Azure AD for identity services.

In summary, the support for SAMLv2 in Azure-AD captive portals facilitates a more secure, efficient, and user-friendly authentication process, aligning with modern enterprise needs for robust identity and access management.

  1. Support HTTPS-Only for local device page

To address security concerns, we have introduced an HTTPS-only switch that allows users to control access to the Local Service Page (LSP). This feature is essential for enhancing the security of local device management by ensuring that all communications are encrypted.

(a) Importance of HTTPS for Security

HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP and is widely used to secure data transmission over the internet. When enabled, HTTPS ensures that all data exchanged between the user's browser and the local device page is encrypted. This encryption is crucial for several reasons:

  • Data Privacy: HTTPS uses TLS (Transport Layer Security) to encrypt the data, making it unreadable to any third party that might intercept the communication. This protects sensitive information such as login credentials and configuration settings from being exposed.

  • Data Integrity: Encryption also ensures that the data transferred has not been altered during transmission. It prevents tampering and ensures that the information received by the user is exactly what the server sent.

  • Authentication: HTTPS verifies the identity of the local device page, ensuring that users are connecting to the correct page and not a malicious site impersonating it. This helps prevent man-in-the-middle attacks where an attacker might intercept and alter communications between the user and the device.

  • User Trust: Users are more likely to trust and engage with local device pages that employ HTTPS, as indicated by the padlock icon in the browser's address bar. This visual assurance helps build confidence in the security of the connection.

(b) Implementation and Control

By introducing an HTTPS-only switch, we empower users to enforce this level of security. Users can easily enable this switch to ensure that all access to the Local Service Page is through HTTPS. This change mitigates risks associated with unencrypted HTTP connections, such as eavesdropping and data breaches.

In summary, the HTTPS-only feature significantly enhances the security of local device pages by ensuring encrypted, authentic, and tamper-proof communication, thereby protecting user data and fostering trust.

v1.7.74

  • Fix the issue that AP sometimes goes offline even when the network is functioning normally.

v1.7.73

  • Fix the device online status issue where certificates may sometimes disappear after device firmware update.

  • Fix AP sometimes getting offline upon device firmware updates, requiring a reboot to get AP online.

  • Fix AP offline issue caused by UTF-8 device name.

  • Resolve the issue of a full system reload occurring when adding/deleting MyPSK Users.

v1.7.71

  • Add multi-language support for System Name in LSP--You can modify the name of your AP from the cloud page where multiple languages are supported. Any changes made will synchronize to the LSP page “Device Overview” -> “System Name” field

  • Update LSP web GUI style--We've revamped the LSP web GUI with a sleek and modern design, enhancing visual appeal without compromising any of the existing LSP functionality. Enjoy an updated interface that not only looks stylish but also aligns with contemporary design standards, providing a more visually pleasing and user-friendly experience.

  • Support shaping policies or block schemes on a per-application basis--Elevate network management with our SSID traffic throttling feature, now upgraded to customize bandwidth limits for specific applications such as YouTube, Apple iCloud, Facebook, Netflix, Apple App Store, and Line, etc. Facilitate enterprise clients to efficiently allocate limited bandwidth, ensuring optimal service delivery for a larger clientele.

  • If mDNS forwarding is enabled, BCMC suppression will not block mDNS packets.

  1. mDNS (Multicast DNS) Overview:

    mDNS, or Multicast DNS, is a protocol that allows devices on a local network to discover and connect to each other without the need for a centralized DNS (Domain Name System) server. It enables automatic assignment of domain names to devices, making it easier for users to access services on the network without manual configuration.

    In practical terms, mDNS simplifies the process of identifying and connecting to devices such as printers, smart home devices, and other networked services within a local environment. Instead of relying on traditional DNS, which typically involves a central server, mDNS uses multicast packets to resolve domain names to IP addresses directly on the local network.

  2. BCMC (Broadcast/Multicast Control) suppression Functionality:

    On the other hand, BCMC, or Broadcast/Multicast Control, is a feature designed to manage and control the impact of broadcast and multicast traffic on a network. Broadcasting and multicasting can lead to increased network congestion and reduced efficiency, especially in large-scale deployments.

    BCMC helps address these challenges by suppressing or controlling unnecessary broadcast and multicast traffic. By doing so, it ensures that the network operates more efficiently, reducing the risk of bandwidth saturation and enhancing overall performance.

  3. Interplay between mDNS and BCMC:

    In certain network scenarios, there may be a potential conflict between mDNS and BCMC functionalities. By allowing mDNS packets to pass through when mDNS forwarding is enabled, the network ensures that devices can continue to discover and communicate with each other seamlessly using the mDNS protocol. This synergy between mDNS and BCMC functionality aims to strike a balance between efficient network management and the need for smooth, decentralized device discovery and connectivity in local environments.

  • Client List supports more OS types - Meta VR devices, Honeywell IoT device…etc--Clients List feature now includes expanded compatibility with various operating systems such as Meta VR devices, Honeywell IoT devices, and more. To ensure ongoing accuracy and relevance, we regularly update our fingerprint identification system. This proactive approach allows us to seamlessly integrate newly released devices into the Cloud Clients List page, ensuring that you have precise and up-to-date information about connected clients.

  • SSID on LAN : support AD and LDAP captive portal authentication.

  • Disable 6GHz radio if selected Wi-Fi encryption is not supported on the 6GHz band.

  • Support 6GHz all-channel-utilization scan in diag tool.

v1.7.60

  • This f/w version is for the first release.

PreviousECW526NextSwitch Firmware

Last updated