Note: Some of the OmniVista Cirrus 10.3 microservices were updated to 10.3.017.9_GA for this Maintenance Release.
OmniVista Cirrus provides a free trial version of the full OmniVista Cirrus Solution. The trial version extends for 6 months and can be used to monitor up to 20 wireless devices (additional time and number of devices can be requested). You can then upgrade from the free trial version to a paid licensed version of OmniVista Cirrus.
OmniVista Cirrus 10.3 can be accessed from anywhere, using any approved browser and device (e.g., workstation, tablet). Access to OmniVista Cirrus is supported on the following browsers: Chrome 79+ (on Windows and Redhat/SuSE Linux client PCs), and Firefox 62+ (on Windows and Redhat/SuSE Linux client PCs).
These Production Notes detail features and enhancements, network/device configuration prerequisites, supported devices, and known issues/workarounds in OmniVista Cirrus 10.3. Please read the Production Notes in their entirety as they contain important operational information that may impact successful use of the application.
This section provides an overview of the features introduced with this release.
The Automatic WPA/WPA2, or mixed mode Encryption with dynamic keys support, option is now available while creating a new SSID for the following user networks:
Enterprise Network Employees using the 802.1X Authentication method,
Protected Network for Guest Users using pre-shared key and an optional Captive Portal Authentication method.
Protected Network for Enterprise Employees using pre-shared key and the BYOD Registration Portal Authentication method.
Network and Device Prerequisites
To ensure the necessary communication between Access Point devices and OmniVista Cirrus 10.3, verify/configure the following prerequisites on your local network:
Network Prerequisites - Network deployment, bandwidth, proxy, firewall, and NTP server requirements.
Device Prerequisites - Supported Access Point software and models.
If your fully managed Access Points are running AWOS 4.0.5, please upgrade to AWOS 126.96.36.1990 first before accessing OmniVista Cirrus 10.3.
AWOS 188.8.131.520 is supported only by OmniVista Cirrus 10.3.
OmniVista Legacy for Analytics Only Mode - Configure an OmniVista 2500 NMS or OmniVista Cirrus 4 to support communication between Analytics Only Access Point devices and OmniVista Cirrus 10.3.
Note: The APAC Broker URL supports Advanced Analytics Only mode. To continue to use Advanced Analytics Only mode on OmniVista Cirrus 10.3:
Restart a new OmniVista Cirrus 10 subscription on either the EU or Americas Broker URL:
Configure the Analytics Server configuration to point to the OmniVista Cirrus 10 Broker URL that you selected.
This release of OmniVista Cirrus 10.3 supports monitoring and reporting of advanced analytics for Stellar Access Points, except for the following models:
REST API Management
You can use REST APIs for scripting or integration with any third-party systems in your management network. The complete API reference can be found at the following link based on your region (no login is required):
For more information, see Automation with APIs.
PKSC8 private key is not supported for LDAP cert and AP Web Cert (OVNG-7726)
Summary: PKSC8 private key will NOT be supported in OmniVista Cirrus 10.2
Workaround: Use RSA private key for AP Web certificate and Local LDAP certificate.
NaaS Device Licenses
Collect Support Info Feature Does Not Work on NaaS APs that have an expired Management License (OVNG-6271)
Summary: If the NaaS management license expires for an AP in NaaS mode, the Collect Support Info operation will fail.
Workaround: Make sure the NaaS Management License is active when the AP is functioning in the NaaS mode.
Current Client Density Screen Displays Incorrect Session Start Time for AP Clients (OVNG-11243)
Summary: When you click on an AP on the Current Client Density screen to display a list of clients connected to the AP, the “Session Start Time” field displays the wrong start time.
Workaround: Check the client “Session Start Time” in the Online Wireless Clients Table for the correct date and time.
Errors Occur When the Client Continuously Connects and Reconnects to SSID Portal (OVNG-9735)
Summary: When a user logs into the network, then logs out, and then logs in again, the user may see error messages on the login portal and won’t be able to access the network.
Workaround: User should try avoid continuously logging in and logging out of the network.
After Upgrading to Android 11 or 12, EAP-TLS Protected Wi-Fi No Longer Works (OVNG-9786)
Summary: In 2021, Android (Google) made a change in their OS to enforce "Validate Server Certificate" option for a 802.1X authentication. This means that, Android 11 and 12 will validate the server's device certificate. Hence users need to specify server's device certificate chain (Root And/Or Intermediate CA's) on their Android devices. If not the authentication will fail. Android 10 and below still works.
Workaround: An alternative is to upgrade the devices to Android 13. Android 13 offers "Trust on First Use" (TOFU) feature. TOFU enables installing the Root CA certificate received from the server during initial connection to a new network. The user must approve installing the Root CA certificate.
Client Unable to Join 802.1X SSID When All EAP = NO and Allowed Method = EAP-TLS for the Access Policy (OVNG-10155)
Summary: When you create an SSID and select an Access Policy with All EAP set to “No” and Allowed Method set to “EAP-TLS” for the SSID Authentication Strategy, the client is unable to join an 802.1X SSID.
Workaround: There is no workaround at this time.
Delay in Seeing BYOD IPv4 Client in the List of BYOD Device Records (OVNG-10759)
Summary: Once a client connects to a BYOD SSID, there is a delay before seeing the Client IPv4 address in BYOD device records. The AP to which the Client is connected will send the client IPv4 with the second accounting packet.
Workaround: No workaround at this time. Problem will be fixed in the next release.
Service Temporarily Unavailable Message With External RadSec Server (OVNG-11564)
Summary: When attempting to authenticate with an External RADIUS Server that is using RadSec ((RADIUS-over-TLS), you may receive a “Service Temporarily Unavailable” message from OmniVista Cirrus.
Workaround: Configure a new External RadSec Server to replace the old one.
Limitation When Selecting an Existing Group for a Unified Policy Condition (OVNG-10669)
Summary: When using the “Choose Existing Group” option for an L2 MAC or L3 IP Policy Condition, if you modify the Group after the Policy is saved and applied to APs, your changes to the Group will not be applied to the APs. This limitation does not occur when using the “Create a New Group” option.
Workaround: After you modify the Group on the Group screen, go to the Unified Policy and select the “Not defined” option (or make any other change to the Policy) and save it. Then edit the Unified Policy again and select the “Choose Existing Group” option.
Each AP Group Can Only Support Up to Seven SSIDs (OVNG-10474)
Summary: When you try to assign a new SSID into an existing AP Group that already has seven SSIDs, that AP group will not be included into the new SSID.
Workaround: No workaround at this time.
AP does not Send “portal.report” Event when Wrong Username/Password Entered (OVNG-2811)
Summary: When a user logs in to UPAM Captive Portal with an incorrect username/password, the login will fail but the failure is not immediately indicated on the QoE Analytics UI. Only after 15 minutes will QoE report the failure and the failure is reported as a “Timeout”. Two consequences of this are: Users won’t find out about the failures to login to UPAM Captive Portal until after 15 minutes, and the user will not be able to differentiate between a true “Timeout” with UPAM Captive Portal versus wrong credentials entered at UPAM Captive Portal login.
Workaround: No workaround at this time.
"HostName" Information Lost in “user.report” After the Client Roams to Another AP (OVNG-7792)
Summary: The Client Name (aka “HostName”) information in WLAN Client List is lost after the client roams to another AP.
Workaround: No workaround at this time.
Issues Fixed Since Release 10.3 GA
The False Captive Portal Authentication Failure Alert Messages are rectified and getting Successful Authentication Attempts Alert Messages. (OVNG-11239)
The ''Client Session Timeline” Page under “Monitor Clients” section Dashboard is displaying correct Date and Time Format. (OVNG-11709)
The Wireless Clients are having stable connections to SSID without roaming and the Clients connections will roams among Access Points when they move. (OVNG-11688)
The Session Start Time format for “IoT Devices” under Monitor > Network > Access Records Dashboard is set to user’s Local Timezone. ( OVNG-11620)
The Alert Templates are reflecting the updated Alert values for creation of new Sites and moving Alert Template from one type to another type at the Organizational Level and Site Level. (OVNG-11603)
When the AP group of a AP device is a part of Schedule Upgrade, then the AP device will be upgraded to new desired software version based on the Schedule Upgrade of the group Access Point in next call home. (OVNG-11461)
When the AP group of a AP device is a part of Schedule Upgrade, then the AP device will be upgraded to new desired software version based on the Schedule Upgrade of the group Access Point in next call home. If the AP Group of the AP device is not part of a Schedule Upgrade, then the Desired Software Version is set to “Do Not Upgrade”. (OVNG-10470)
The Schedule report generation process is automated and the report is successfully sent to the user via the e-mail. (OVNG-11453)
When we Create a Scheduled Software upgrade for a Access point Group, after the Schedule upgrade the Access Point Name displays the edited Device Name which was set earlier before Upgrade. (OVNG-11293)
For the Guest Accounts section, the user can successfully edit the information under Default Registration Profile Settings. (OVNG-11292)
For Login Strategy Section under Guest Access Strategy Settings, ‘the Success Redirect URL' field will successfully redirect the ‘Go to fixed URL’ to a fixed web page as specified the Administrator. (OVNG-11291)
The Asia Pacific Region is listed under Select Region Category when the User Sign In into new Account in the build. (OVNG-11232)
For ‘Self-registration Strategy’ Settings under ‘Guest Access Strategy’ Section, for Self-registration if User selects the Required Attributes as Email ID or Phone Number the “Authorize By Verification Code” button is Enabled by default else it is Disabled. (OVNG-7633)
The User can successfully Import and edit the Access Points Device List from OmniVista CSV File in Analytics mode only. (OVNG-11458)
The Access Role Profile Name will accept all the special characters when we Create the Access Role Profile in Access role Profile Settings and also accepts the SSID Name with special characters which are linked with Access Role Profile. (OVNG-11451)
The Access Points are generating Events Successfully by Upgrading the MDPS Module. (OVNG-11606)
Online help is available in OmniVista Cirrus and can be accessed by clicking on the Help Link (?) in the upper-right corner of any screen. You can also search through the online help on the OmniVista Cirrus Documentation home page and/or use the following links to familiarize yourself with OmniVista Cirrus 10.3 features and functionality:
Getting Started – What you need to know to get up and running.
Configure Organizations for Network Management - How to create and manage Organizations, including creating/modifying sites, adding devices, and adding users.
Configure and Manage Device Inventory - Add, edit, or remove Access Point devices from the device inventory. The Device Inventory is also where devices obtain their provisioning configuration when they are added to the inventory.
Configure WLAN Network Management- Configure wireless networks, policies to prevent attacks on Stellar AP Series Wireless Devices, and Radio Frequency (RF) profiles for devices. It is also used to configure External Engines and UPAM server certificates.
Configure Network Access Control - Configure security functions (authentication, classification) to provide network access controls that are applied to devices attempting to access the network.
Monitoring Network Device Activity – Monitor, evaluate, and troubleshoot network components and device activity.
Automation with APIs – Develop applications to integrate with OmniVista Cirrus 10.3.
For technical support, contact your sales representative or go to the ALE MyPortal: