HG G-76343 / HG G-76344 / HG G-76345 / HG G-76346

Photo WLAN radio modem HG G-76343

WLAN Radio Modem for 802.11 a/b/g/n networks (version for 802.11 ac) / Serial / Ethernet / USB / Version with LTE/5G

The client adapter HG G-76343/4/5/6 is used for operation in Wireless Local Area Networks (WLAN) according to the standard 802.11a/b/g/n. The usage of a 32-Bit ARM processor enhances the throughput performance. In addition to standard encryption according to WEP64/128 and TKIP/AES further security measures according to the 802.1x standard are available (WPA(2), EAP and more).

Security Notes

  • Starting with Firmware 2.11b a fix is included for the vulnerability issue known under the name KRACK ("Key Reinstallation Attack") in the security standard WPA2.
  • Firmware 2.12r and higher include security related updates, for more info see the complete Changelog. The firmware 2.12w1 has a new kernel that closes the security gap that became public under the keyword "FragAttacks".
  • Firmware 2.14: All firmware versions of line 2.14 contain security relevant updates related to line 2.14, see also complete Changelog. Those still using firmware 2.12x do not need to update to 2.14 for security reasons. Those who have any version of 2.14 installed must keep it up to date.

Variants

The radio modem is available in different variants. The differences are the casing and the number of available interfaces. All variants can use the firmware file and can be configured with the MC-Config program attached at the bottom of this page. You can find a detailed variant overview in the data sheet attached below. The variants are:

  • HG G-76343 (1x serial / 1x LAN)
  • HG G-76344 (1x serial / 2x LAN), also available as a version with either Public LTE (4G), Private LTE or 5G, s. data sheet HG G-76344-A LTE in the downloads
  • HG G-76345 (no serial / 4x LAN)
  • HG G-76346 (small AGVs / KATE)
  • all variants are available in a version ac with 802.11 ac, s. data sheet HG G-76343-76344-76345-A ac in the downloads

Connection of 1 serial device (RS 232) and 1 LAN device to a WLAN

  • No modification of hard- or software required
  • Transparent, bidirectional transmission with all control lines
  • Transmission rate on the serial interface up to 460,8 kBaud
  • Optional usage of the serial interface with RS485/RS422 protocols
  • LAN Port with 10/100/1000MBit Auto MDIX

Perfectly suited for mobile vehicles like fork lift trucks and AGVs

  • Input voltages from 10 to 72 VDC galvanically separated for battery operation or Power over Ethernet (PoE)
  • Current consumption
  • Temperature range 0 to 60o C
  • Relay contact triggered via WLAN for re-activation of vehicles in standby mode
  • Robust aluminium casing with different options for fixing (strap, top hat rail)
  • Voltage supply and relay contact via screwable M12 plugs
  • 2 antenna connectors (Diversity)
  • Different antenna plugs, RP-SMA (standard), RP-TNC (optional)

Latest technology and superior usability

  • Powerful processor with low current consumption and enough memory resources for fast roaming and short authentication times, start-up time approx.15 s
  • Configuration and software updates with a web browser via LAN and WLAN or REST-API
  • MC-Config: Dedicated program for the localization, configuration and status monitoring of several
  • HG 76343 in a network
  • Encryption according to WEP with 64/128 Bit + TKIP/AES
  • Security according to 802.11i WPA(2) and 802.1x with certificate management (EAP-PEAP, -TLS, -TTLS, -LEAP)
  • Data rates of up to 300 MBit/s, frequency band 2,4 GHz resp. 5 GHz
  • Compatible to former Access Points according to 802.11b / 11MBit
  • USB interface for firmware updates and for the logging of system messages on USB memory sticks
  • The USB port can also be used to connect extensions that give e.g. additional serial or I/O interfaces

Release Notes for the Firmware Updates (Changelog)

Changelog 2.04b –> 2.14o

Firmware 2.04b --> 2.04d
  1. Linux Kernel 4.0.0-rc5+ --> 4.0.0+
  2. Change in the roaming strategy. With the firmware 2.04b the roaming has been controlled by the bridge application. With the 2.04e roaming is completely left to the WLAN driver of the Linux kernel.
  3. access point parameters that prevent a connection to the client are now show in red in the accesspoint list.
Firmware 2.04d --> 2.04r
  1. DHCP-Server with clear function for reservations
  2. MWLC Bridge-Mode added
  3. (Wireless --> Roaming) Lower SNR Threshold Parameter removed.
  4. (Wireless --> Roaming) in AP Denisty Modus : "Auto detect" Mode the roaming decisions are done by the bridge application and not only by the WLAN driver of the operating system. The focus is now more on a good signal strength of the APs and not so much on the potentially possible transmission speed. It is recommended by us to set the AP Density Mode to "Auto Detect".
Firmware 2.04r --> 2.06d
  1. new Linux-Kernel 4.1.5+
  2. DHCP problem in "Level 2 Pseudo-Bridge" Mode solved
  3. DHCP-Server revised. Now the processing of the reservations is better.
  4. new parameter "Stay connected" in "LAN Client Cloning" - Mode added
  5. Improved processing of certificate files
  6. NTP RTC Config --> now a start date can defined by a parameter that is set at start up. at “Admin” the HTTPS - Port can be configured.
Firmware 2.06d --> 2.06f
  1. No downgrade of the firmware to 2.04x should be done with 2.06d. The device will crash and needs maintenance.
  2. Some unnecessary parameter in the config were removed.
Firmware 2.06f --> 2.06k
  1. SCEP (Simple Certificate Enrollment Protocol ) Function added („Wireless --> SCEP“)
  2. „MWLC Master“ Mode corrected
Firmware 2.06k --> 2.06p
  1. Bugfix: The firmware 2.06k in bridge-mode „Single Client NAT“ generates a reboot of the device. The rebooting can only be stopped by doing a default reset of the device
  2. Changes in the firmware to serve new radio modems.
  3. Additional function to send the state of the WLAN connection to a node connected to the LAN side of the radio modem. This information is send with UDP datagrams.
  4. Changes to the definition of NAT rules: In a simple NAT rule now several ports can be defined for forwarding to an IP address
  5. The MC-Config-Program can now communicate with unicast datagrams via the LAN site of the radio modems. This will fasten the firmware upgrade.
Firmware 2.06p --> 2.06q
  1. Changes to the USB-Printerserver: So far, the manufacturer and the product info has been registered when a printer is connected to the radio modem. Without this information, the printer server has not been started. Some printers do not provide this information. The Firmware 2.06q starts the printer server even without this information.
  2. Small changes to the website.
Firmware 2.06q --> 2.06s
  1. Bugfix in the serial interface modul: Falsification of the serial received data could happen, when the interface received special character sequences and the mode “no parity” was active.
  2. Change in the roaming module: To make a decision for a change to another AP a “Probe response” has to be received from that AP in the last 10 seconds.
Firmware 2.06s --> 2.06u
  1. Handshake handling in serial COMSERVER mode revised.
  2. Error found in the processing of NAT rules.
Firmware 2.06u --> 2.07b
  1. Re-worked the Ping function in „Roaming“.
  2. Resolved error in Timer module. This error could under certain circumstances lead to a re-boot of the radio modem or make it necessary to reset it manually.
  3. Serial interface: improved treatment of the XON - XOFF protocol
Firmware 2.07b --> 2.07c
  1. The state of the LAN-Ports are now transferred to the MC Config-Program.
  2. The LAN-Status is now shown correctly by the LAN-Port-LEDs
  3. The optional temperature sensor is integrated into the firmware
Firmware 2.07c --> 2.07g
  1. The state of the serial port (Ser1) and the USB-Memory-Stick is now transferred to the MCConfig-Program.
  2. Now up to 16 DNS-Server-IPs can be registered by the DHCP-Client (WLAN side).
  3. Now 2 NTP-Server can be configured.
  4. Now DHCP-Server-Rules can be defined as config parameter, to ensure that the LAN clients gets there right IP addresses.
  5. A list of BSSIDs can be defined that will be preferred or avoided by the roaming algorithm to select the best access point.
  6. It is now possible with the MC Config program (v. 2.2.0.11) to send a preliminary configuration to a device. Only when the configuration is confirmed via the MCConfig program within a predetermined time after restart, this configuration is marked as permanent. This can prevent a permanently access via WLAN to the device by an erroneous input of a parameter.
Firmware 2.07g --> 2.07k
  1. If the LAN-Client-Cloning Mode is selected and the LAN Client Type is Static or Autodetect DNS Server IP addresses can now be configured. If the LAN-Client has a static IP address the device does not have any DNS information. The device can not resolve given hostnames for NTP or SCEP. With the configured DNS IPs the device can do the name resolutions
  2. The number of entries for specific tables was designed variable. These tables have Add and Remove button at the end of the table. This simplifies the configuration pages and can make them clearer.
  3. Bugfix in the serial module. In UDP mode with not defined remote IP the fist datagram should be registered by the radio modem to send the answer back to that IP. There was an error that the information of the first datagram war not registered correctly. The second received datagram solves that problem. With the firmware 2.07i the first datagram will be registered correctly.
Firmware 2.07k --> 2.07v
  1. Fixed error in Pingtest mode (Roaming). Due to a faulty evaluation of the sequence numbers after several days of operation this function becomes inoperative (depending on the interval parameters).
  2. Extension of the wireless dump function:
    • It is possible to set what is to happen when the available Flash memory is used up during wireless-dump:
      1. Stop recording
      2. Deletion of oldest recording
  3. Change in DHCP client module. With some DHCP servers the request of an IP address did not work correctly. With this change it supposedly works better.
Firmware 2.07v --> 2.08a
  1. Revision of the Dump function (wireless + Ethernet) for better storage of the wireless and Ethernet recordings.
  2. The SNMP function has been significantly expanded. The MIB file of the radio modem can now be downloaded from the website of the radio modem (-> Admin -> SNMP)
  3. Error in the HTTPS function. If the initial generation of the self-signed certificate was for some reason not fully completed, the HTTPS access to the radio modem website could not be used. The firmware 2.08a will start the generation again when a defective certificate is detected.
Firmware 2.08a --> 2.09d
  1. new: Multi-SSID. Several (up to 8) WLAN profiles can now be configured.
  2. The number of instances for the serial interfaces are now also displayed dynamically in the MC-Config program and on the web page
  3. The function to limit the transmission bit rates has been revised. With the firmware 2.09d, however, only the bit rates for the mode 802.11 b / g can be set.
  4. In some WLAN systems it happens that the WLAN controller allocates BSSIDs, which occur twice, whereby a BSSID exists in 2.4GHz and the same BSSID is also used in the 5GHz band. The firmware 2.09d takes this into account and runs both BSSIDs separately in the access point list.
  5. There is now possible to prioritize traffic through the tunnel in MWLC mode.
  6. A time zone can now be configured to get the right local time stamp in the debug log files. -> see “realtime clock”
Firmware 2.09d --> 2.10c
  1. New Linux kernel version 4.9.13+ integrated
  2. Improved response of the radio modem to malfunctions during the authentication phase
  3. Fixed an error while handling multiple active WLAN profiles.
  4. The processing of the files for the trace recordings (WLAN + LAN) has been improved so that now individual files can be selected for download via the MC Config program. These files can be downloaded from the internal flash and from a plugged USB stick
  5. Additional informations are now displayed on the home page of the radio modem in the list of APs. As far as the AP supplies this information, the following is displayed in the "Extra Info" column:
    • Amount of logged in clients
    • Workload (%)
    • TPC Specification of AP
    This information is now also used for roaming in order to determine the most suitable AP.
  6. Fixed an error in the NTP client. If the IP of the timer server had to be determined via DNS and the first attempt of this address resolution failed, the attempt was not renewed. Thus, no time was obtained via an NTP server.
Firmware 2.10c --> 2.10i
  1. Error in the roaming module when compiling the channels to be scanned..
  2. Introduction of a new parameter "Hostname" in the DHCP client module. This means that the "Hostname" parameter, which the DHCP client transmits to the DHCP server, can be set independently of the "Device name" parameter.
  3. Fixed bug in the checking certificate validity function. A date beyond 2038 was considered invalid.
  4. Wireless Status Information Service extended by some status queries
Firmware 2.10i --> 2.10k
  1. Improved scan behavior in the 5 GHz band. Now also "hidden" SSIDs are recognized.
  2. Improved the transmission of broadcast packets in the pseudo-level 2 bridge mode. These packets are sometimes sent by the WLAN system as unicast (level 2) packets.
Firmware 2.10k --> 2.10n
  1. With the 2.10k firmware it came isolated to reboots when roaming, if the signal values (SNR) were only relatively weak. It could be determined that these reboots were triggered by overly intensive debug messages of the Linux kernel. After switching off these messages, this behavior could no longer be observed.
  2. The SNMP function has now a CommunityName parameter so that a value other than public can be set.
  3. In bridge mode Level 2 Pseudo-Bridge you can now activate a DHCP Relay Agent.
Firmware 2.10n --> 2.10r
  1. Implementation of a monitoring function which ensures that the bridge process is restarted after an unintended termination.
  2. A "memory leak" caused the free memory to be used up. This was especially the case when the LAN client often opened and disconnected new TCP connections. Depending on the intensity, this could lead to a standstill of the bridge function and require a manual reboot.
  3. The Serial Port Config has a new option that determines how to handle data that is received when a wireless connection is not yet available.
Firmware 2.10r --> 2.10s
  1. Bug found that can terminate the bridge process. This could happened in conditions of a weak signal level with many faulty transmission attempts.
  2. Linux kernel Version 4.9.46+ integrated
Firmware 2.10s --> 2.11a
  1. In the debug log messages, the date is now also given in the time stamp.
  2. Correction in the SNMP module. Some counters defined as 64-bit values were previously supplied as 32-bit values only.
  3. Additional option in NAT & Single Client NAT Mode: With the "Forward DNS requests" option active, the DNS queries that arrive via the LAN side on the local LAN IP are routed to the DNS server defined on the WLAN side.
  4. During repeated failed attempts to authenticate, the WPA Supplikant has blocked the affected SSID for 10 seconds. However, the resulting interruption is very troublesome in some applications. Therefore, an algorithm has been installed, which cancels this lock very soon after activation. The interruption is thus limited to approx. 3 seconds.
  5. Linux kernel version 4.9.53+ integrated
Firmware 2.11a --> 2.11b
  1. Update of the WPA supplicant due to the vulnerability issue known under the name KRACK ("Key Reinstallation Attack") in the security standard WPA2.
Firmware 2.11b --> 2.11c
  1. Linux kernel version 4.9.61+ integrated
  2. Zero pointer error in DHCP client fixed.
  3. Bug in the log server function fixed.
  4. Implemented a NTP server on the LAN side. This NTP server is only active in NAT or Single-Client-NAT mode and transmits the data received by the NTP client on the WLAN side.
Firmware 2.11c --> 2.11m
  1. Linux kernel version 4.9.105+ integrated.
  2. Memory error in "Level2 Bridge Mode" fixed. If the LAN client often went offline, memory was reserved that was not freed. This could lead to the radio modem being unable to communicate after a longer time.
  3. Additional parameter "AP Scoring" in the “Roaming” section: This parameter can be used to determine whether all information such as transmission power, channel load, bandwidth (20 or 40 Mhz) and signal strength (SNR) is used for the rating of an AP or whether the stronger signal alone is rated.
  4. Additional "Connection Watchdog" function introduced in the "Roaming" section: This function enables a monitor that registers the incoming WLAN data from the currently connected AP. If any data is not received for the given time, a new scan is performed. The current AP is rated lower in the following "scoring", so that the AP is likely to change.
  5. New parameter in "LAN Client Cloning Mode": “MAC to Clone" can be used to define a MAC address that is to communicate via WLAN.
Firmware 2.11m --> 2.11p
  1. “Logging” --> WLAN Dump Event function deactivated. It turned out that this function has no practical benefit.
  2. At „Roaming“ --> "Preferred / avoided access points" there is now the option "strictly avoid" with which an access point can be blocked.
  3. Fixed an error in the relay function in UDP mode.
Firmware 2.11p --> 2.11p1
  • Fixed an error in the ranking of the APs in the 2.4GHz band.
Firmware 2.11p1 --> 2.12a
  1. Linux kernel version 4.9.140 integrated
  2. The interfaces via which the MC-Config program can access the radio modem can now be restricted:
    • LAN + WLAN (default)
    • LAN
    • Access blocked
  3. integrated support for AC radio cards
  4. The switching status of the relay can now also be queried via the WLAN info from the LAN client.
  5. If WLAN or LAN recordings are active on a radio modem (-> Logging), this status is displayed in the MCConfig in the Status column (MCConfig from version 2.0.2.42).
  6. Experimental power save function implemented. This allows the radio modem to be put into sleep mode for a certain time. In this state, the energy requirement is reduced to approx. 30% of normal consumption.
  7. Port MAC authentication for LAN clients implemented in NAT mode
  8. Faster start-up of the radio modem at the same location (first test last WLAN frequency)
  9. If a default reset is done via the reset button, the radio modem checks whether a USB stick with the file "Default.cfg" is plugged into the device. If yes, this Config is stored internally and activated.
  10. LAN cloning: Improved and corrected procedure for handling ARP packets
Firmware 2.12a --> 2.12f
  1. Linux kernel version 4.9.164 integrated
  2. Pseudo Level 2 Bridge Mode: Support for passive clients implemented. When this function is activated, LAN clients that do not send any data on their own are made "known" in the WLAN by the radio modem sending pings with the IP of the passive LAN client to a specific IP via WLAN.
  3. Home Website: In addition to the SNR, the signal strength and the noise level of the received signal are now also displayed.
  4. Relay Function: You can now append a sequence to the command to switch off the relay, which specifies a delay time with which the relay is to be switched off. The delay time is defined as follows (xx = time in seconds)
  5. Bugfix: Special certificate format can now be imported again.
  6. Feature: Bridge-Mode: If the bridge function is deactivated, it is now possible to define the IP settings on the LAN side (incl. DHCP client function).
  7. Antenna gain can now be specified as a parameter. This allows the radio transmitter to adjust the transmit power so that the legal requirements are met
Firmware 2.12f --> 2.12k
  1. Linux kernel version 4.9.193 integrated
  2. Possible use of TLS to encrypt communication with MCConfig during firmware upgrades or log file downloads
  3. Bugfix for crashes when using SNMP with SNMPWalk. Corrections when querying unsigned values.
  4. Relay function: Error with missing zero termination eliminated. Now it is also possible to switch on the relay with a delay.
  5. Serial function with RS485: Correction for the control of the driver IC
  6. WPA3 modes extended. The WPA/WPA2/WPA3 mode can now also be selected.
  7. Wireless: DHCP-Renew now also configurable when changing the access point.
  8. Website now also works with TLS 1.2
  9. Wireless-Info now provides information not only about the configured interval. Now status information can also be queried by request. (only via the LAN side)
  10. An attached USB stick with FAT file system can be formatted on EXT4 via the website. This makes it better suited for recording debug data (logs or dumps).
Firmware 2.12k --> 2.12m
  1. New Kernel 4.9.196 and Openssl 1.0.2t integrated
  2. Monitoring the use of the internal flash memory: In the meantime, there have been cases where the (W)LANDump function (see Logging) has been permanently switched on by the user. Due to this intensive use over months, the function of the flash memory as a file system is severely restricted after some time due to the high "consumption" of reserve sectors. With firmware version 2.12m, the (W)LANDump function is automatically switched off with regard to the amount of data written, the time that the dump function is active, and the amount of spare sectors that are still available.
  3. Also in the 5GHz range you can now set the minimum bitrate.
  4. Consideration of special characters in certificate password
Firmware 2.12m --> 2.12o

New/Changed Features:
  1. Upgrade to kernel version 4.9.209
  2. In "relay ON-mode" it is now possible to set a timeout for relay functionality.
  3. When LAN client cloning is activated, redundant network information is no longer shown on more than one place on the homepage.
  4. Wireless configuration can now be changed on the fly, without a need to reboot!
  5. Now also pkcs8 keys without passphrase encryption are accepted.
Bugfixes:
  1. A bitrate option for 11gb and 11a was wrong (11MBit instead of 12MBit).
  2. Serial RS422 implementation was broken due to an previous patch.
  3. WEP-LEAP was not functional so far.
  4. DHCP client now changes gateway correctly based on changing of gateway availability or prioritizing.
  5. In LAN client cloning mode, ARP requests were sent with the IP of cloned client to the LAN interface. This could lead to ip conflicts on client side.
  6. Reloading Website content too fast in conjunction with updating configuration could lead to crashes.
  7. The DHCP client is now deactivated if the chosen options prevent needing it.
  8. Already closed internal processes were continuing to occupy system resources.
  9. When using the relay port, the connection wasn´t closed properly, which lead to malfunction of the device.
Security updates:
  1. Webserver was hardened against CSS attacks (OWASP-Header & Cookies)
  2. DoS attacks and other suspicious connections are now recognized, prevented and logged.
  3. Accessing over HTTPS is now only possible with acknowledged secure ciphers.
  4. HTTPS und HTTP connections are distinctly separated.
  5. Too long configuration variables are now discarded directly after input.
Firmware 2.12o --> 2.12p

Bugfixes:
  1. Under certain circumstances, it could happen that the gateway IP and the DNS server were not set correctly with static IP settings.
Firmware 2.12p --> 2.12r

New/Changed Features:
  1. New kernel 4.9.223 integrated
  2. WPA3 now also works with FT (802.11r)
  3. An optional custom certificate for the radio modem internal web server can now be uploaded.
  4. Rest-API now provides more information about the serial interface and the relay under /API/Status. Under /API/Status/Device the kernel version is now also specified.
  5. BridgeMode NAT: If the WLAN interface does not do DHCP and no gateway is defined, a gateway can now be defined on the LAN side.
  6. Optimization of the LTE variant for LTE campus networks.
  7. Roaming optimization based on IEEE 802.11k with configuration options under "Roaming"
Security updates:
  1. jQuery library updated to version 3.5.1
  2. Measures against SYN and PING Floods.
Firmware 2.12r --> 2.12s

New/Changed Features:
  1. New Kernel 4.9.240 integrated
  2. Improvement in certificate import
  3. Wireless: Bugfix for the adhoc mode
  4. Serial: Instead of an IP address you can now also specify a hostname
  5. Rest API: Import of certificates and status query of loaded certificates is now possible
  6. Long-term recording of WLAN signal values and roaming processes is now possible
  7. Relay: Status information of the current state on the website corrected
Firmware 2.12s --> 2.12u

New/Changed Features:
  1. New kernel 4.9.253 integrated.
  2. Possible deadlock on startup fixed.
  3. The AP list on the "Home" page now also shows the minimum bitrate of the AP. This allows to make settings regarding the minimum bitrate on the "Wireless -> Main Parameter" page if necessary.
  4. The function for monitoring the WLAN connection could generate a reset of the WLAN connection too early during the first authentication (EAP). This has been corrected.
  5. The status query via API now provides information about the WLAN and (or) the LTE radio card.
  6. 802.11ac option only visible if an AC wireless card is present.
  7. Maximum switch-off delay for relay function increased from 100 to 3600 seconds.
Firmware 2.12u --> 2.12v

New/Changed Features:
  1. Shortens the time it takes to establish a WLAN connection after a restart, only in the case when EAP authentication is active.
Firmware 2.12v --> 2.12w1

Security updates:
  1. New kernel 4.9.271: This kernel closes the vulnerability that became public under the keyword "FragAttacks".
Functional changes:
  1. Admin: Under "Admin" –> "Securing Passwords" you can now set that the encrypted parameters (passwords, PSK, certificate keys etc) are not exported when downloading the config.
  2. NAT bridge mode: NAT mode now supports the operation of an FTP server on the LAN port. Due to the dynamic ports used for FTP file transfers, it was not possible to define NAT rules for them before. It is now possible to mark a port forwarding rule with the ":ftp" property, so that with the support of the Linux kernel the used ports are automatically forwarded correctly. In NAT mode, it is now possible to specify a DMZ IP. This allows you to define an IP to which all data packets for which there is no matching forwarding rule are forwarded.
  3. SCEP: Expiration improvements. (Improvements for Nexus SCEP service) Certificate is only replaced after successful expiration (initial generic certificate for SCEP possible). A challenge password is now also transferred during a renewal. Renewal/enrollment can be triggered by configuration value. If possible, an HTTP session is used for the entire renewal/enrollment process (necessary for load balancing of the SCEP service).
  4. Statistics –> Network: Bit rates and transmitted bytes/frames are displayed more legibly.
  5. LANCloning: Parsing the host name from the DHCP request and displaying it on the status page.
  6. Serial –> Special Options –> Resend unacknowledged: Data received via the serial interface and forwarded via TCP are not considered confirmed until they are confirmed as correctly received by the other side via TCP. If a TCP connection is interrupted and reestablished, the data saved as unacknowledged is sent again via the new connection. This can lead to repetitions at the receiver of this data.
  7. Network –> IP Address: You can now additionally define special routes if certain IP address ranges are to be reached via special gateways
Bug fixes:
  1. Serial –> Comserver Mode: In Comserver Mode the handshake mode (RTS/CTS or DTR/DSR) did not work properly
  2. Kernel: Fixed problem with transmit bitrate selection in 802.11b/g networks. This problem occurred as of firmware 2.12u.
Firmware 2.12w1 --> 2.12x

Security updates:
  1. New kernel 4.9.290 integrated
Functional changes:
  1. Start date: The radio modem now no longer starts from the year 2000, but starts with the year in which the firmware was compiled.
  2. Json: UTF-8 and ISO8859-1 escaping corrected
  3. LTE: Delta upgrade function for firmware of EC25 and RM500Q
  4. TLS1.2: NULL ciphers disabled
  5. Wireless: When connecting to access points, a warning will be issued if the channel usage is particularly high. The channel usage for 2.4GHz and 5GHz is better displayed on the web page.
  6. SNMP: The status of the individual LAN ports can now be queried.
  7. NAT: Added configuration for +hairpinning (NAT loopback).
  8. SCEP:
    • Longer CA/SCEP server URL possible
    • Option for HTTP redirect ("Location: ...") added
    • Option HTTP proxy added.
Bug fixes:
  1. Wireless: 802.11k – the Number of neighbor APs limited. If the AP provided a list with more than 31 neighbor APs, a crash could occur.
  2. Wireless: If the radio modem was switched on with WLAN switched off and DHCP active, the DHCP client was not started correctly when the WLAN was subsequently switched on via API.
Firmware 2.12x --> 2.14b

Security updates:
  1. Change Linux kernel version from 4.9.290 –> 5.4.202
Functional changes:
  1. MWLC: PAE (Port Access Entity) forwarding implemented in MWLC mode MWLC master can now also be defined as host name.
  2. Print Server: Adaptive detection of whether a connected printer is detected as lp0 or lp1.
  3. Web-Interface: Additional page under „Device“ –> „Network Test“. Network connections can be tested there starting from the radio modem. Home page: additional information about the connected LAN clients in NAT mode.
  4. Default Reset (Clear Dumps and Log): Now also existing coredump files are deleted.
  5. SNMP: New info about theIP address of the WLAN interface (1.3.6.1.4.1.29456.3.15.0)
  6. AUX-IN: Switching the AUX-IN function on and off via Config no longer leads to a reboot of the radio modem
  7. NAT-Mode: snat option introduced. With this the LAN client sees the IP of theLAN interface from the radio modem as source.
  8. ARP-Porbe: During the ARP probe test of the radio modem, incoming responses are now better evaluated. This avoids that repetitions of ARP probes sent by the AP are recognized as such and are not evaluated as an IP conflict.
  9. LTE: Added selection of authentication types "PHP+CHAP,PAP,CHAP".
    OpenVPN: Import of client config improved.
    OpenVPN client: TUN mode correction. Masquerading and NAT support.
    OpenVPN server/client: New version: OpenVPN 2.5.6.
    Upgrade LTE firmware only if it is not already the current one
    International Mobile Equipment Identity) in status query
    5G: Campus network corrections (5G-SA).
Firmware 2.14b --> 2.14c

Security updates:
  1. Change Linux kernel version from 5.4.202 –> 5.4.215
Functional changes:
  1. new REST API function: LAN port status + OpenVPN server request for CA-Cert and Client-Config
  2. MQTT-Client for serial, relay and AUX input
Bug fixes:
  1. Relay: The relay timeout that can be started via the input was not reset if the relay was controlled via the network during the expiry time of this timer.
  2. Serial: Fixed RTS/CTS handshake error.
Firmware 2.14c --> 2.14d

Security updates:
  • Change Linux kernel version from 5.4.215 –> 5.4.218 – includes the following fixes
  • CVE-2022-41674
  • CVE-2022-42720
  • CVE-2022-42721
  • CVE-2022-42722
Firmware 2.14d --> 2.14e

Security updates:
  • Change Linux kernel version from 5.4.218 –> 5.4.219 – includes the following fix
  • CVE-2022-42719
Firmware 2.14e –> 2.14f

Security updates:
  • Change Linux kernel version from 5.4.215 –> 5.4.228 BuildRoot 2022.08.3
Functional changes:
  1. With firmware 2.14, the ARP table of the WLAN interface was deleted after each AP change, so that ARP request - response always had to be exchanged before communication could be continued. With the 2.14f there is the option "Clear ARP" (->Roaming) with which the deletion of the ARP table is prevented by default.
  2. (Roaming) The EAP authentication watchdog is now configurable. Previously, this timeout
  3. was adjusted based on the measured duration of the last successful EAP handshake. Now a fixed timeout (1,2,3,4 seconds) can also be set.
  4. For the transfer of the configuration file a compression of the data takes place now. This leads to a faster transfer of the configuration.
  5. (Logging) A separator can now be specified between the various information output. This makes it easier to insert the debug output into a table, if necessary.
  6. Detection of replay packets. If these are registered in large numbers within a short time, the WLAN connection is disconnected and re-established.
  7. The numbering of the debug files in the USB stick is now done with leading zeros, so that a better sorting of the file names results.
  8. MQTT broker: The maximum length of the hostname has been extended to 256.
Firmware 2.14f –> 2.14g1

Security updates:
  • Linux kernel version change from 5.4.228 –> 5.4.231 BuildRoot 2022.08.3.
Functional changes:
  • The REST API query API/Status/Device now also provides the device name.
Bugfix:
  • As of version 2.14, an AP Density setting not equal to "autodetect" resulted in poor roaming behavior.
Firmware 2.14g1 –> 2.14h

Security updates:
  • Change of Linux kernel version from 5.4.231 –> 5.4.233
Functional changes:
  1. MQTT client: MQTT client can now send status values, which can also be read via the REST API (Status).
  2. MQTT client: QoS adjustable for all publishes.
  3. MQTT client: connection timeout adjustable (Previously fixed to 60 seconds).
  4. MQTT client: the LWT is now also triggered when the radio modem is specifically restarted.
  5. Logging: WLAN dumps with filter option. So you can e.g. log only your own WLAN traffic. This significantly extends the monitored period in many systems.
Bugfix:
  • Network dumps: If a lot of data was sent or received via (W)LAN when the memory for the dump files was full, the system could crash (reset). This bug has been fixed.
Firmware 2.14h –> 2.14i

Security updates:
  • Linux kernel version change from 5.4.233 –> 5.4.240
Functional changes:
  1. EAP hanging and 4-way Handshake timeout are now also included in the connection statistics of the AP’s used. EAP authentication: additional option for enabling TLS 1.2. TLS 1.2 was not active until now because of problems with older RADIUS servers For compatibility reasons this option is not active by default.
  2. ping test: The debug output has been revised. The debug level for this function is now dependent on the “Wireless Debug Level”.
Firmware 2.14i –> 2.14k

Security updates:
  • Change of Linux kernel version from 5.4.240 –> 5.4.242
Functional changes:
  1. relay is now controllable via REST API and using statement sequences.
  2. authentication of individual API/URLs: This makes it possible to secure access to specific API functions with a separate user/password without having to use the user/password for device configuration.
  3. remote capture deamon: This allows e.g. via Wireshark recordings on the (W)LAN interface of a radio modem to be remotely retrieved and displayed live.
Bugfix:
  • Segfault error in the MQTT function fixed (TLS-Write).
  • Segfault error in the timer module fixed (Blacklist + ConfigChange)
Firmware 2.14k --> 2.14m

Security updates:
  • Change of Linux kernel version from 5.4.242 –> 5.4.246
Functional changes:
  1. wpa_supplicant updated to 2.11-dev (Git Rev. 95C3f0d1)
  2. Improvement in relay control via REST API: Erroneous sequences and relay commands are now rejected with HTTP Error 400.
  3. Output a warning in the debug log if all matching SSIDs are evaluated with 0 during the score calculation. This indicates that one of the crypto settings does not fit.
  4. Warning in debug log after startup if certificates (client and CA certificates) are loaded that are about to expire or have already expired.
Firmware 2.14m --> 2.14n

Security updates:
  • Change Linux kernel version from 5.4.246 → 5.4.249
Functional changes:
  1. Web server security:
    - Preferences for the TLS session handshake algorithms can now be set.
    - New option Send HSTS header
  2. EAP: EAP-TTLS can now also be performed without certificates. (similar to EAP-PEAP)
  3. Wireless: wpa_supplicant now with 802.11v support.
  4. Wireless: now shows in the AP list whether an access point supports 802.11v.
  5. Serial: The serial interface can now also communicate via TLS. Certificates for authentication can also be installed for this purpose
  6. Bridge/NAT: now with warnings for conflicts of local services of the device with NAT rules defined by setup.
  7. MQTT Bridge: Now also with local web socket port (default 8080)
Bugfix:
  • Serial: Approx. 1.5KB of memory were not released on each TCP reconnect.
  • WLAN dump: If a filter was set in LAN client cloning to record only its own traffic, then the correct MAC was not taken to define the filter.
Firmware 2.14n --> 2.14o

Security updates:
  • Change Linux kernel version from 5.4.249 → 5.4.252
Functional changes:
  1. SYN flood detection increased to 40 SYN burst. On average 5 SYN / sec. are still ok.
  2. SNMP: Addition of status values from the info of /proc/net/dev
  3. Improvement for IPv6 bridging
  4. SCEP: If the CA Identity parameter for the URL contains illegal characters the value is URL-Encoded
  5. Display of additional warnings in MCConfig (from Vers.: 2_0_3_9) in the column "Status":
    - For certificates that are about to expire or have already expired.
    - For incorrectly configured ping test.

Open Source Compliance Information

The firmware of the radio modems described on this page includes software code developed by third parties under the GNU General Public License ("GPL") or GNU Lesser General Public License ("LGPL"). More information about the terms of use and how to access the GPL code and LGPL code used in this product can be found on our Open Source page.

Firmware Update Notes

To get to the latest firmware version intermediate steps are necessary that depend on the firmware version currently installed on a device. If this procedure is not followed, the radio modem could become unusable and must be sent in for repair afterwards. The intermediate steps are shown in the following diagram:

Flowchart with the required firmware update steps depending on the currently installed firmware version

Flowchart: Intermediate steps when updating to the latest firmware version

The following applies:

  • After loading a new firmware into a radio modem, this new firmware must run for 2-3 minutes before performing the next step. In no case a reset must be triggered nor may the power supply be disconnected during this time.
  • If the MC Config program is used for the update, always the latest version of this program must be used (available via the downloads below).
  • It is recommended – especially for major version upgrades – to save the configuration of the radio modem as a file. This can be done e.g. with the MC Config program: Select device > Config key > Save to File.

Downloads