Tech Blog

LANCOM Active Radio Control 2.0

Optimize Wi-Fi at the push of a button

Automated adjustment suggestions based on real usage data

Network administrators face the challenge of configuring wireless networks in such a way that availability and capacity are guaranteed at all times. Channel conflicts, incorrect transmitting power, or interference from third-party networks often lead to considerable losses in capacity.

LANCOM Active Radio Control 2.0 is the answer to increasingly complex networks coupled with increasing cost pressure and a shortage of IT specialists: The self-learning automation solution optimizes Wi-Fi installations on the basis of real usage data and minimizes the workload for IT administrators. As a true market first in Wi-Fi optimization, LANCOM Active Radio Control 2.0 is patent-pending and offers the best possible user experience for every scenario: from office, hotel, or hospital Wi-Fi to large-scale installations in stadiums and event arenas.

LANCOM ARC 2.0 in operation

In our techpaper you will learn all about the functionality and operation of LANCOM Active Radio Control 2.0. This will give you a detailed overview of LANCOM’s unique Wi-Fi optimization solution and helpful hints for user-defined settings such as learning and prioritizing of access points.

Get to know mor about ARC 2.0

LCOS LX devices supported as of LCOS LX 6.10

  • LX-6500 / LX-6500E
  • LX-6400 / LX-6402
  • LX-6200 / LX-6200E
  • LW-600
  • OX-6400 / OX-6402
  • OW-600

LCOS devices supported as of LCOS 10.72

  • LN-1700B / LN-1702B
  • LN-1700 / LN-1702
  • LN-1700UE
  • LN-860 / LN-862
  • LN-830U
  • LN-830acn
  • LN-630acn
  • OAP-1700B / OAP-1702B
  • OAP-830 / OAP-822 / OAP-821
  • IAP-822 / IAP-821
  • 1780EW-4G+
  • 1790VAW
  • 1793VAW
  • 1800EFW

 

LCOS LX 6.10 enhances the feature set of LANCOM Systems LW, LX & OW series APs

New highlight features for best Wi-Fi

LCOS LX 6.10 takes your wireless LAN infrastructure to a new level. Your LX-based access points will benefit from point-to-point capability, improved resilience and performance through LACP, and increased flexibility thanks to L2TPv3. In addition, LCOS LX 6.10 prepares your access points for LANCOM Active Radio Control 2.0. The automated, self-learning optimization solution gives you the best WLAN experience.

Feature Highlights LCOS LX 6.10

Preparation for LANCOM Active Radio Control 2.0

With the support of LANCOM Active Radio Control 2.0 (ARC 2.0), you radically simplify the optimization of your Wi-Fi networks. Based on computer-aided learning, the solution from the LANCOM Management Cloud uses real usage data to calculate the best configuration in each case to improve your wireless LAN. The result: Channel conflicts are resolved, external networks are taken into account, channel widths and transmission powers are automatically optimized, and available capacities are provided where they are needed based on the learned usage behavior.

Get to know more about ARC 2.0

Support for point-to-point connections thanks to Wireless Distribution System

Whenever Internet needs to be provided over longer distances or through obstacles such as walls and ceilings in entire office buildings, or legal requirements such as fire protection do not allow cabling, point-to-point connections are an ideal solution. The advantage is that complex or perhaps even impossible cabling through the entire premises is no longer necessary. With support of WDS (Wireless Distribution System), your LX-based access points can pass on Wi-Fi signals to other access points and thus supply even hard-to-reach places with fast Internet. The access points can be used both as Wi-Fi repeaters for connecting Wi-Fi clients or for connecting wired networks via a radio link.

LACP for double speed and security


The supported LACP (Link Aggregation Control Protocol) standard offers you enormous added value in terms of performance and reliability. LACP enables Ethernet connections to be bundled into a virtual unit. This means that the transmission speed of redundantly connected devices is combined and subsequently greatly increased. In addition, LACP allows redundant connections to be set up between the access point and the switch infrastructure, giving you double protection: if one physical line fails, data traffic will continue to be transmitted via the other line.

L2TPv3 – more flexibility for Wi-Fi managementspeed

With L2TPv3 (Layer Two Tunneling Protocol Version 3), LANs can be interconnected across network and sites. If you operate your network via the LANCOM Management Cloud, this opens up the possibility for you to couple the traffic of the access points into an L2TPv3 Ethernet tunnel and decouple it again at a central concentrator without the need for a separate WLAN controller.

Further features & improvements

New features
  • Client isolation prevents data traffic between Wi-Fi clients, for example for hotspot networks
  • Wi-Fi driver update enables increased stability and compatibility
  • Support for Wi-Fi 6E
  • Improvements & bug fixes

 

Note: The features and improvements specified here apply to all LX-based access points (except LW-500).

Downloads

Release Notes LCOS LX 6.10

Reference Manual LCOS LX 6.10

ECSE – Design 4-Day Wi-Fi Design Training Course (ONLINE)

Date – Tuesday 27th of September to  Friday the 30th of September inclusive.

Time – 0900hrs to 1700hrs each day (Irish Summer Time)

Location Online

Cost €2,999 per person

Trainer – Renzo Notter https://www.linkedin.com/in/renzo-notter-37010613a/

This 4-day course consists of lectures and labs taught by Wi-Fi experts. Learn how to design, optimize, and troubleshoot Wi-Fi using Ekahau products.

Dive into all aspects of Wi-Fi lifecycle management including:

  • RF fundamentals
  • Predictive designs
  • Capturing and analyzing survey data
  • Spectrum analysis
  • Design across all three bands, 6 GHz included
  • And much more!

Course Specifics

  • Updated in 2022 to include 6 GHz
  • Designed for Wi-Fi engineers, architects, network owners, IT administrators, and other Wi-Fi and IT professionals
  • Receive a highly regarded ECSE Design certification via our partner Credly upon passing the certification exam
  • Four-day format: 9:00-12:30, 1 hour lunch break, 13:30-17:00
  • Training offered in English

Technical requirements:

During the course, students receive a temporary Ekahau Connect license to run Ekahau AI Pro on their computer and Ekahau Survey and Analyzer on their mobile device. Students will need:

  • Admin rights on their local machine to install AI Pro
  • A strong internet connection and a computer with video and audio capability
  • A physical mouse rather than a trackpad for designing

Please select a date below and fill out the form to find out about classes happening in your region.

Download Agenda

Call us now on +353 (1) 4011064 or email training@ethos.ie to book your place.

LCOS LX 5.36 enhances the feature set of LANCOM Systems LW, LX & OW series APs

More flexibility in WLAN management

With LCOS LX 5.36 you get new features and improvements for your LX-based access points. For example, the LANCOM Layer 2 Management (LL2M) functions save the use of time-consuming on-site operations by activating and configuring unreachable devices via other LANCOM devices in the network.

Find out more about LCOS LX here.

Feature Highlights LCOS LX 5.36

LANCOM Layer 2 Management (LL2M)

Whenever a device in the network can no longer be reached and does not respond even via the LANCOM Management Cloud or LANconfig, LANCOM Layer 2 Management is the ideal solution to avoid the time-consuming on-site operations of technicians (e.g. for ceiling-mounted access points). To enable configuration access to a device without an IP connection, the LANCOM Layer 2 Management protocol (LL2M) is used. This integrates a client-server structure so that the inaccessible access point can be found, activated, and configured via another LANCOM device in the network.

Proxy ARP 

With Proxy ARP (Address Resolution Protocol), the access point assumes responsibility for forwarding data packets to the receiving end device. In this way, the access point intercepts ARP requests for the WLAN client and answers them on its behalf. The advantage here: Valuable airtime is saved, because ARP requests do not place an unnecessary load on the wireless network. The end device can remain in power-saving mode until the data is forwarded to it.

Untagged VLAN for Ethernet port

Untagged VLAN gives you more flexibility by allowing you to connect an additional network client to all LX-based access points with two Ethernet ports. You determine the VLAN to be used as untagged VLAN for the port according to your requirements and use the function e.g. to integrate TVs, cash registers or also wired customer devices in the hotel.

LCOS LX improvements 5.36

New features
  • LL2M protocol support
  • Support for proxy ARP / ARP handling in wireless LAN
  • Untagged VLAN/access port configuration of additional Ethernet ports on
    access points
  • Delayed reboot
  • Opportunistic Key Caching (OKC).
Bugfixes / Improvements
  • A vulnerability in the zlib library has been fixed (CVE-2018-25032).
  • A vulnerability in the OpenSSL library has been fixed (CVE-2022-0778).
  • When an access point tried to connect to a LANCOM WLAN controller operating in a remote network, the connection could sporadically fail because the WLAN controller rejected the connection request due to a parameter in the DTLS protocol used that was unknown to the LCOS.
  • When a LANCOM WLAN controller tried to enable the ‘Multicast-to-Unicast’ function on a managed LANCOM LW-500, this failed because the LANCOM LW-500 did not use the correct Multicast  protocol.
  • When using the Fast Roaming function, access points could sporadically restart without warning due to a memory leak.
  • An access point has different MAC addresses for the two Wi-Fi interfaces. In a WLAN controller scenario, the access points each reported the MAC address of a different Wi-Fi interface (WTP MAC) to the WLAN controller when adding and deleting Wi-Fi end devices, so that these did not match. This resulted in a discrepancy between the Wi-Fi end devices registered in the station table on
    the WLAN controller and the access points.
  • When trying to connect via LL2M with specification of the correct interface, it could happen that the specification of the interface was not recognized and the options available for LL2M were output instead. The connection setup via LL2M failed as a result.
  • If only one change was made to the netmask in the IP parameter profile in the LANCOM WLAN controller, the WLC transferred this change to the access point. The access point did not accept the change due to a missing comparison function (actual state/setpoint state) and continued to use the old netmask.
  • Sporadic packet loss could occur within a WLC tunnel

Downloads

Release Notes LCOS LX 5.36

Comparison LCOS & LCOS LX

Reference Manual LCOS LX 5.36

WLAN vulnerability “Fragattacks” – LANCOM provides patches

Introduction

FragAttacks (fragmentation and aggregation attacks) is a collection of new security vulnerabilities that affect Wi-Fi devices. An adversary that is within radio range of a victim can abuse these vulnerabilities to steal user information or attack devices.

Three of the discovered vulnerabilities are design flaws in the Wi-Fi standard and therefore affect most devices. On top of this, several other vulnerabilities were discovered that are caused by widespread programming mistakes in Wi-Fi products. Experiments indicate that every Wi-Fi product is affected by at least one vulnerability and that most products are affected by several vulnerabilities.

The discovered vulnerabilities affect all modern security protocols of Wi-Fi, including the latest WPA3 specification. Even the original security protocol of Wi-Fi, called WEP, is affected. This means that several of the newly discovered design flaws have been part of Wi-Fi since its release in 1997! Fortunately, the design flaws are hard to abuse because doing so requires user interaction or is only possible when using uncommon network settings. As a result, in practice the biggest concern are the programming mistakes in Wi-Fi products since several of them are trivial to exploit.

Fragattacks and LANCOM

These vulnerabilities have been fixed in LANCOM WLAN products that are operated with LCOS as of LCOS 10.42.  A corresponding security patch has also been released for the older LCOS versions below:

With LANCOM access points of the type LW-500 the vulnerabilities have been fixed as of LCOS LX 5.30 RU2. The security patch as of firmware version 5.30 SU3 is available for Wi-Fi 6-capable LANCOM access points of the type LW-600 and LX-6400/6402.

LANCOM Systems recommends updating to the firmware versions mentioned which can be downloaded free of charge from the LANCOM website. In the LANCOM Management Cloud, all patches are available now. If you use the LANconfig auto-updater, the availability may take some time. For older products that no longer receive this security patch, we recommend migrating to new WLAN technologies in the medium term.

For more information on Fragattacks please see the website related to the discovery below.

https://www.fragattacks.com/

LCOS LX 5.30 enhances the feature set of LANCOM Systems LW & LX series APs

For cutting-edge wireless applications

With LCOS LX 5.30 you upgrade your access points based on LCOS LX with new features.

For example, a new Bluetooth Low Energy interface (REST) enables the integration of the access point into systems for offering location-based services.

With the support of the LANCOM Wireless ePaper USB extension module, you can also now upgrade your access points for the implementation of Wireless ePaper applications.

The option of a cloud-managed hotspot, in which the LANCOM Management Cloud acts as a central hotspot portal, rounds off this LCOS LX version.

Find out more about LCOS LX here.

Feature Highlights

BLE API for the realization of innovative location-based services

Whether for indoor localization of patients in hospitals, evaluation of customer traffic in retail stores or asset tracking in the logistics sector: For all LANCOM access points with Bluetooth Low Energy Module (BLE), a new API interface (REST) is now available for the integration of location-based services. In cooperation with third-party providers, this enables the implementation of a wide range of location-based services (LBS) and innovative IoT applications.

LANCOM Wireless ePaper extension for your LX series access points

Now you can easily connect your existing LANCOM access points of the LX series to the Internet of Things (IoT), because with LCOS LX 5.30 your devices now support the extension module LANCOM Wireless ePaper USB Stick. With this your access points can easily be upgraded with Wireless ePaper functionality. An ideal solution for the subsequent implementation of Wireless ePaper applications such as digital room signage or wireless price labelling.

Cloud-managed Hotspot

Create a simple Wi-Fi hotspot with a few clicks – directly from the LMC. No additional gateway or WLAN controller with LANCOM Public Spot Option is required. Intuitive menus provide you with the opportunity to customize your hotspot welcome screen with your logo and corporate colors and integrate important information such as imprint and usage guidelines for your hotspot users. Afterwards you can assign the new hotspot to the respective location and it will be available to your visitors.

LCOS LX improvements 5.30

New features
  • Support for the cloud-managed Hotspot in combination with the LANCOM Management Cloud
  • Wireless ePaper support (for the LX-640x series in combination with the LANCOM Wireless ePaper USB expansion module)
  • Support for the BLE REST API
  • Support for setting a Wi-Fi target transmission power
  • Support for packet capturing via WEBconfig
  • Support for remote syslog servers
  • The Wi-Fi multicast and broadcast transmission rates can now be configured
  • Automatic collection of diagnostic information in the event of a device crash
  • Wi-Fi driver update for increased stability and compatibility
  • Multiple NTP servers can now be configured simultaneously
  • Ping and traceroute commands are now available on the CLI

Downloads

Datasheet LCOS LX5.30

Release Notes LCOS LX 5.30

Comparison LCOS & LCOS LX

Reference Manual LCOS LX 5.10

Preserve or Nuke? Strategies for updating older LANCOM routers to latest LCOS firmware

The Problem

During recent interactions with some LANCOM resellers we became aware of some LANCOM routers in the wild that were still running their originally deployed LCOS firmware. This was even though the hardware was capable of running the very latest LCOS firmware.

We remotely viewed some LANCOM 178x series routers that were actually running LCOS 8.82 dating from 2013. We consider a router running firmware this ancient to be a security threat and recommend that ALL deployed routers running such very old firmware should be upgraded as a matter of urgency to the latest LCOS release which is currently LCOS 10.50ru7 (as of 11/04/22), if they are capable.

Reasons to Upgrade

There are obviously a number of very good reasons to upgrade from older LCOS to the latest but some of the reasons are list below…

  1. Latest feature set for FREE
  2. Newer SSL defaults, older standards such as SSLv3 are depreciated and newer standards are introduced such as TLS v1.3 and many other encryption algorithms DH codes etc are improved. Having latest SSL defaults substantially aids the passing of PCI testing.
  3. Newer SSH defaults use larger minimum SSH key lengths & newer algorithms that are mandatory to pass current PCI testing.
  4. Newer SNMP defaults such as SNMPv3 offer encrypted access and are therefore safer. Older SNMPv1 & v2 standards are NOT secure and if WAN access is allowed router information may be read out.
  5. Complex Passwords enabled by default.
  6. Updated IKEv1 proposals make for more secure VPNs.
  7. IKEv2 offers quicker VPN establishment and automatic HTTPS failover.
  8. IPv6 on LAN / WAN / WLAN / VPN
  9. LANCOM Management Cloud integration if needed
  10. More internet performance through routing improvements & better VDSL code.
  11. More Wi-Fi performance through better drivers and more features such as WPA3 etc.
  12. Enables operation of ESL ePaper radio via existing USB port
  13. Did we say the latest firmware is FREE?

All features from page 10 back to page 4 of the LCOS 10.50 datasheet are features that have been added to LCOS devices for FREE since LCOS 8.82. This means that a 7 year old 1781va/vaw router gets almost all the latest software features of a brand new 1790x router.

Preserve Configuration or Nuke Configuration.

Once you decide to upgrade your devices to you need to choose whether to maintain the existing configuration or whether to upgrade, factory reset and start from scratch. Many LANCOM routers in the wild have only a basic configuration, many have only a single internet connection with no backup, many have only a small amount of defined VPN tunnels if any and many utilise only limited port forwarding configurations.

The two options

a. Maintain Configuration – If a deployed LANCOM has a complex configuration with VoIP integration, complex firewall rules or many VPNs you should upgrade* firmware whilst maintaining legacy settings.
b. Nuke Configuration – If a deployed LANCOM has only a simple configuration it is best to upgrade* firmware, factory default and configure from scratch.

*In both cases above make a manual backup in LANconfig using BOTH configuration file and configuration script before starting any upgrade process.

Scenario A – Maintain Configuration

It may take multiple steps to upgrade firmware from 8.82 all the way or 10.50. So we would recommend upgrading in intermediate steps as suggested below.

  1. Make sure host PC is running very latest release or release update version of LANconfig and LANmonitor.
  2. If on 8.8x upgrade to 8.84su10
  3. If on 8.84su10 upgrade to 9.24ru11
  4. If on 9.x go to 9.24ru11
  5. If on 9.24ru11 go to LATEST
  6. Log into router via CLI
  7. Run command “ssldefaults” and enter Y when asked to verify. This resets SSL settings to the latest LCOS defaults
  8. Navigate to SSH directory by typing cd Setup/Config/SSH/, verify you are in correct location then type “Default -r”. This resets SSH to the latest LCOS defaults.
  9. Navigate to SNMP directory by typing cd\ then cd Setup/SNMP, verify you are in correct location then type “Default -r”. This disables SNMP v1 & v2 and enables v3
  10. Navigate to root directory by typing cd\ and then run command “deletebootlog” to clear old bootlog entries
  11. Navigate to root directory by typing cd\ and then run command “do Status/TCP-IP/Syslog/Delete-Values” this clears the syslog
  12. Navigate to root directory by typing cd\ and then run command “do Other/Cold-Boot” to reboot.
  13. After reboot Click on device in LANconfig and using the backup config as a template recreate the Comments in Configuration -> Management -> General -> Comments as defaulting SNMP will have erased them.

Scenario B – Nuke Configuration

It may take multiple steps to upgrade from for example 8.82 all the way to 10.50. So we would recommend upgrading in intermediate steps as suggested below.

  1. Make sure host PC is running very latest release or release update version of LANconfig and LANmonitor.
  2. If on 8.8x upgrade to 8.84su10
  3. If on 8.84su10 upgrade to 9.24ru11
  4. If on 9.x go to 9.24ru11
  5. If on 9.24ru11 go to LATEST.
  6. Reset to factory defaults using CLI or reset button.
  7. Configure as new.
  8. Create new VPN Client profiles as required.
  9. Create new Drag & Drop VPN links BUT ONLY IF OTHER SIDE HAS ALSO BEEN NUKED.

How to stay updated automatically

LANCOM devices since LCOS 10.20 now feature  automatic software update feature at Configuration-> Management->Software Update

We would suggest configuring the Update Mode as “Check & Update” and “Update Policy” to “Current Version”. This means that if you are on 10.40 the router will receive 10.40ru1, 10.40ru2, 10.40su3 etc but NOT 10.50.

LANCOM devices being managed by the LANCOM Management Cloud can also use functionality within the LMC to keep devices on the latest firmware.

For very old router that are no longer receiving new release versions of LCOS we recommend that they should be upgraded to the last available Release Update (RU) or Security Update (SU).

Since writing this blog post LANCOM have released a Knowledge Base article offering another alternative method of updating a LANCOM LCOS device from very old to recente firmware.

LCOS LX 5.10 Enhances feature set of LW-500 & LX-640x APs

LCOS LX is a newly developed operating system for selected LANCOM access points. The management
and monitoring of the functions is carried out extremely convenient and flexible either via a new intuitive web interface or automatically via the LANCOM Management Cloud.

Find out more about LCOS LX here.

LCOS LX improvements 5.10.0004 Rel

New features
  • Support for WPA3
  • Support for Wi-Fi 6
  • Automatic software updates via auto-updater
  • Band Steering (for IEEE 802.11v-capable and legacy clients)
  • Fast Roaming based on IEEE 802.11r
  • IEEE 802.1X pre-authentication
  • LEPS-U (LANCOM Enhanced Passphrase Security – User)
  • Support for LLDP
  • A Support for SNMPv3
  • A Support for LANmonitor
  • A IEEE 802.1X supplicant for the Ethernet interface

Downloads

Datasheet LCOS LX5.10

Release Notes LCOS LX 5.10

Comparison LCOS & LCOS LX

Reference Manual LCOS LX 5.10

ECSE – Design 4-Day Wi-Fi Design Training Course

Date – Tuesday 24rd of September to  Friday the 27th of September inclusive.

Time – 0900hrs to 1700hrs each day.

Location Leixlip Manor Hotel – https://leixlipmanorhotel.ie/

Cost €2,995 per person -> €500 discount if booked before 14th September.

Trainer – Raymond Hendrix  https://www.linkedin.com/in/raymondhendrix/

This 4-day course consists of classroom lectures and labs taught by Wi-Fi experts. Learn how to design, optimise, and troubleshoot better Wi-Fi using Ekahau products.

  • Designed for Wi-Fi systems engineers, IT administrators, and other wireless professionals.
  • Dive into all aspects of Wi-Fi life-cycle management including RF fundamentals, predictive designs, spectrum analysis, and much more
  • Receive a highly regarded Ekahau Certified Survey Engineer (ECSE) certification after passing the certification exam
  • Maximum of 12 students per class

Audience

This course and certification are designed for Wi-Fi systems engineers, IT administrators, and others working with Wi-Fi, who require an in-depth knowledge on how to deploy and maintain Wi-Fi networks using Ekahau Wi-Fi tools.

Content

Dive into all aspects of Wi-Fi life-cycle management including:

  • The life cycle of a Wi-Fi network
  • How to design and deploy robust Wi-Fi networks
  • Product installation & activation, basics
  • Pre- and post deployment Wi-Fi site surveys
  • Troubleshooting Wi-Fi issues
  • Spectrum Analysis
  • Reporting
  • ECSE Certification Exam

Prerequisites

Students are expected to have the following skills & knowledge before attending this course:

  • Basics of networking
  • Strong general computer skills
  • CWNA recommended (Not required)
  • Windows laptop with Admin rights for installing software

Course Objectives

At the end of this course the student will hold expert knowledge in designing, deploying and troubleshooting Wi-Fi networks, using Ekahau Wi-Fi tools. The knowledge applies to all Wi-Fi network brands. A certification exam will be held at the end of the course.

Download Flyer

Download Agenda

Call us now on +353 (1) 4011064 or email training@ethos.ie to book your place.

New from LANCOM Systems – R&S Unified Firewalls

LANCOM R&S®Unified Firewalls complement your network by the relevant feature of cyber-security. These easy-to-operate all-round solutions are tailored to the specific security needs of small and medium-sized businesses. Thanks to state-of-the-art security technologies and unified threat management (UTM), these next-generation firewalls provide reliable cyber-security.

A prominent feature is the innovative graphical user interface granting a concise overview of all of the secured areas in the company’s network. Formerly complex and time-consuming configurations are greatly simplified since security policies can be systematically designed and enforced.

123
%d bloggers like this: