We have been experiencing a problem with our Cambium routers where they randomly drop and are unresponsive till a reboot. They’ll also stop handing out addresses on the LAN side.
A reboot “fixes” the problem, until it does it again. You can trigger the behavior by running a port scan against the router. Wondering if the CPU/Memory get overloaded?
nmap -T4 -A -v 192.168.11.1
While running a scan on the LAN side, the web interface slows down, but doesn’t seem to take it down as fast as a scan on the WAN side.
goahead.sh is a script that may be maxing out the cpu, but could be completely unrelated.
Configuring the “Allowed Remote IP(IP1;IP2;)” to limit WAN access effectively blocks port scans and resolves the issue. Setting is under Administration -> Management -> Web Settings. You can add multiple ranges with
It looks like the public ip ranges are limited to /24’s so if you you have a block of public IP addresses larger than a /24, you’ll need to break it down into 24’s to work properly.
Template for cnMaestro
You can also create a template in the Cambium Cloud so you can apply the change to multiple routers fairly easily.
Go to Configuration -> Templates and add a new template.
And then you can go to your device -> Configuration and apply your new config.
Do note that if you run a scan from an allowed range, it still seems to cause problems. But at least setting the Allowed Remote IPs will keep others from scanning your network and causing problems on your R195’s.
nvram_get  
rt2860_nvram_show - display rt2860 values in nvram
rtdev_nvram_show - display 2nd ralink device values in nvram
show - display values in nvram for
gen - generate config file from nvram for
renew - replace nvram values for with
clear - clear all entries in nvram for
2860 - rt2860
rtdev - 2nd ralink device
- file name for renew command
nvram_get show 2860
The following template can be used to set the user name and passwords for cambium pmp gear. Create a new template in cnMaestro, past in the following, change the passwordEncrypted to the hash of your password and run the config.
You can get the hashed password by pulling it out of a current radio config.