Aruba Central Online Help

What's New in 2.5.4

Use the following tabs to see the New Features and Enhancements available in this release.

The following sections provide an overview of the new features that are added to Aruba Central in this release.

Silver Peak Unity EdgeConnect Device Integration

Silver Peak Unity EdgeConnect device integration in Aruba Central provides a platform to monitor Unity EdgeConnect devices that are managed in Silver Peak Unity Orchestrator, and help the administrators in the decision making process.

  • Aruba Central supports the integration of Unity EdgeConnect devices at the Edge. This integration enables you to monitor the network health of Unity EdgeConnect devices, which are mapped with sites in Aruba Central.

    For more information, see Silver Peak Unity EdgeConnect Integration.

  • Aruba Central provides manageability and visibility into the Unity EdgeConnect devices at the Edge. The EdgeConnect Status column in the Network Health dashboard indicates the health of EdgeConnect devices that are mapped with sites in Aruba Central.

    For more information, see Network Health Dashboard.

Aruba Cloud Authentication and Policy

Aruba Cloud Authentication and Policy for Aruba Central is a cloud-based solution that helps you to configure user and client policies for network access control (NACNetwork Access Control. NAC is a computer networking solution that uses a set of protocols to define and implement a policy that describes how devices can secure access to network nodes when they initially attempt to connect to a network.).

For more information, see Aruba Cloud Authentication and Policy Overview.

User and Client Access Policy Configuration

You can create, update, and delete user and client access policy using client roles and WLANWireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSIDsService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.. In the Network Operations app, the user and client access policy configuration is available under Security > Authentication and Policy.

For more information, see Configuring Aruba Cloud Authentication and Policy .

Aruba Onboard App

App-based provisioning enables a device to connect to the enterprise wireless network through network profiles and Cloud Authentication and Policy authentication. With the Aruba Onboard app, you can download, install, and manage network profiles on your devices. The Aruba Onboard app is available on Windows, Android, and macOS platforms.

For more information, see Onboarding Wireless Devices using Cloud Authentication and Policy.

Monitoring Dashboard

Aruba Cloud Authentication and Policy provides various dashboards with charts and tables to view and analyze the authentication requests and sessions from users and clients.

For more information, see Monitoring Access Requests and Sessions.

Cloud Authentication details on the Client AAA Page

Under Client > Security, the AAAAuthentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. page is added to show the authorization details of a client. The AAA page displays authentication, accounting, and authorization details of a client authenticated by the Cloud Authentication and Policy.

For more information, see Client Security.

AOS-CX 4100i and 6100 Platform Support

Aruba Central now supports configuring and monitoring AOS-CX 6100 Switch Series using UI options and MultiEdit mode. Aruba Central also supports configuring and monitoring AOS-CX 4100i Switch Series using UI options, MultiEdit mode, and templates.

For more information, see Supported AOS-CX Platforms.

AOS-CX Stacking Configuration

In addition to onboarding pre-configured AOS-CX VSF stacks, Aruba Central now supports configuring and managing AOS-CX VSF stacks using UI options and templates.

VSF Stacking UI Configuration

You can now configure an AOS-CX VSF stack using UI group. The following stack-related configurations can be performed using the web UI:

  • Creating a stack
  • Adding a stack member
  • Removing a stack member
  • Modifying VSF links
  • Changing the secondary member

For more information, see Configuring AOS-CX VSF Stacks Using UI Groups.

VSF Stacking Template Configuration

You can now configure an AOS-CX VSF stack using templates group. The following stack-related configurations can be performed using templates:

  • Creating a stack
  • Adding a stack member
  • Removing a stack member
  • Modifying VSF links
  • Changing the secondary member

For more information, see, Configuring AOS-CX VSF Stacks Using Template Groups.

AOS-CX UI Configuration

The following new features are available for the AOS-CX UI group and device configuration.

Client Roles

Client Roles allows administrators to assign network access to clients. A network administrator can create configuration profiles (roles) and associate them to clients. Client Roles allows you to create and manage roles and attributes for the network.

For more information, see Configuring Client Roles for AOS-CX.

Device Finger Printing

Device Fingerprinting allows you to classify the end devices connected to a AOS-CX switch. You can find clients’ details such as the type of device, host name, vendor identification, and capability of the device, using Device Fingerprinting. Device Fingerprinting is supported on AOS-CX firmware version 10.8 and later. To upgrade the firmware version on the switch, load it locally and then re-join the switch to Aruba Central. Device Fingerprinting configuration is supported only in the MultiEdit mode.

In this release, Aruba Central uses Device Fingerprinting to get only the clients’ hostname.

To enable Device Fingerprinting and DHCPDynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  Option 12 on the switch, run the following commands.

(config)# client device-fingerprint profile dfp1

(config)# dhcp option-num 12

To apply Device Fingerprinting profile to the interface 1/1/1-1/1/3, run the following commands.

(config)# int 1/1/1-1/1/3

(config-if-1/1/1-1/1/3)# client device-fingerprint apply-profile dfp1

Enabling Device Fingerprinting on the AOS-CX switch displays the hostname of the client in the Client Name and Hostname columns on the Clients page.

HTTP Proxy

HTTPHypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands. proxy enhances security for device management. An IP address can be made a proxy for all HTTP connections. If your network requires a proxy server for Internet access, ensure that you configure the HTTP proxy on the AOS-CX switch to download the image from the cloud server.

For more information, see Configuring HTTP Proxy on AOS-CX.

Managed Mode

When an AOS-CX switch running 10.07 or a later version connects to Aruba Central 2.5.4 or a later version, Aruba Central takes control of modifying the configuration of the AOS-CX switch. A switch cannot be configured using the CLI when the switch is in the Aruba Central Manged mode. Aruba Central becomes the single source of configuration for the switch.

For more information, see Getting Started with AOS-CX Deployments.

Multiple Browser Tab Support and Configuration Drift Warning

Aruba Central allows users to open multiple browser tab sessions of the same Aruba Central instance with a different switch group or device pages simultaneously. For example, you can open the group configuration of a switch in one browser tab and the device-level configuration of a switch in another browser tab.

Aruba Central stores the data from the different browser tabs separately.

However, if you edit the configuration of one AOS-CX switch in the MultiEdit mode in two different browser tab sessions, and try to save the configuration one after the other, the following events occur:

  • The configuration that you save first in the editor in any of the two browser tabs is saved on the switch.
  • When you try to save the configuration in the editor in the other browser tab, Aruba Central displays a warning that the configuration has been changed outside the current editor.
  • If you ignore the warning and continue to save the configuration, Aruba Central overwrites the changes saved earlier with the current changes.

For more information, see Configuring AOS-CX Switches in UI Groups and Using MultiEdit View for AOS-CX.

Source Interface

Aruba Central allows you to configure a single source interface for a service so that all traffic routed through the AOS-CX switch is sent with the same IP address. You can add the source interface only for Aruba Central and User-based Tunneling services in this release for the AOS-CX switch.

For more information see Configuring Source Interface for AOS-CX.

User-Based Tunneling

User-based tunneling uses GREGeneric Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. to tunnel ingress traffic on a switch interface to a gateway for further processing. User-based tunneling enables a gateway to provide a centralized security policy, using per-user authentication, and access control to ensure consistent access and permissions.

For more information, see Configuring User-Based Tunneling for AOS-CX.

SNMP Enable

Concurrent Authentication

A new Concurrent option is added in the Authentication drop-down to configure 802.1x and MACMedia Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. authentication on the ports. This option allows the switch to initiate both authentication methods at the same time to onboard client devices faster. The default priority for concurrent authentication is 802.1x.

For more information, see Configuring Authentication on AOS-CX.

Port Filter

On the Interfaces > Ports & Link Aggregations page, in the device view, all access ports are shown by default. The port filter provides options to select All Uplink Ports or All Access Ports. You can also search for a port using the port name.

For more information, see Configuring Ports and LAGs on AOS-CX.

AOS-S UI Configuration

The following new features are available for the AOS-S UI group and device configuration.

IP Client Tracker

The IP Client tracker allows you to identify both trusted and untrusted clients that access the system. This feature is supported only on the AOS-S 2930F, 2930M, and 3810 switches. This feature is available on AOS-S versions 16.10.0008 and later.

For more information, see Configuring IP Client Tracker on AOS-S Switches.

Device Identifier for Device Profile

The Device Identifier configuration allows you to configure multiple identifiers for a single device profile. You can create different profiles with predefined rules applicable to a group of devices, directly connected to the switch. This feature is available on AOS-S version 16.10.0011 and later. For CDPCisco Discovery Protocol. CDP is a proprietary Data Link Layer protocol developed by Cisco Systems. CDP runs on Cisco devices and enables networking applications to learn about the neighboring devices directly connected to the network., this feature is not supported by the AOS-S 2530 and 2920 switches.

For more information, see Configuring Device Profile and Device Identifier .

Loop Protection – Disable Timer

The Disable Timer parameter in the Loop Protection tab allows you to access the switch console with non-administrative credentials. This feature allows you to configure a timer to auto-recover ports if the switch detects a loop.

For more information, see Configuring Loop Protection on AOS-S Ports.

AOS-S Monitoring-Only Mode

Aruba Central allows you to add AOS-S switches to UI groups in the monitoring-only mode, for monitoring, reporting, and troubleshooting. For switches that are added in this mode, configuration changes are not allowed to be performed using UI groups in Aruba Central.

To configure these switches using Aruba Central, you must add them to a template group.

For more information, see Monitoring-Only Mode for AOS-S Switches.

IAP Configuration – 6 GHz Radio Support

Aruba Central supports Wi-FiWi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. 6E standard that introduces 6 GHzGigahertz. radio bandBand refers to a specified range of frequencies of electromagnetic radiation. for IAPs. In this release, only the AP-635 IAPs support 2.4 GHz, 5 GHz, and 6 GHz radio bands simultaneously. This allows client devices to switch seamlessly between the three radio bands.

Network Structure

Under Organization, a new Network Structure page is added, and the existing tabs such as Groups, Sites,and Labels, are added as tiles on this page. You can click a tile to navigate to the respective page.

For more information, see Network Structure.

Group Persona

You can define a persona for ArubaOS devices while creating a group. The persona of a device represents the role that the device plays in a network deployment. The group persona and device architecture are set at the group level. All devices within a group inherit the same persona from the group settings. You can save the preferred settings to apply the same persona and architecture for subsequent group creations.

  • Creating a group with a persona and architecture—You can set the architecture and persona for devices, when creating a group.

    For more information, see Creating a Group Persona with ArubaOS 8 Architecture.

  • Editing a group—You can edit a group to add a new device type. You can mark the settings of an edited group as preferred settings for subsequent group creations.

    For more information about allowed device combinations, see Editing an ArubaOS 8 architecture group.

  • Cloning a group—You can clone an existing group to create a new group with the same architecture and persona.

    For more information, see Cloning a Group.

  • Importing a device configuration to create a new group—You can import a device configuration and create a new group with the same configuration. You can create a new group for IAPs with ArubaOS 8 architecture by importing configuration from an IAP.

    For more information, see Creating a New Group by Importing Configuration from a Device.

  • Moving devices between groups—You can move devices between groups. The moved devices will adopt the destination group configuration. The destination group accepts only the devices for which the group is created. For example, if a group is created for Access Points only, then only Access Points can be assigned to that group. You cannot assign other Aruba devices like switches and gateways to the group.

    For more information, see Moving Devices between Groups.

For more information, see Managing Groups.

Group Persona for MSP

As an MSP, you can define a persona for devices in a UI group while creating the group. The persona of a device represents the role that the device plays in a network deployment. Persona and architecture are set at the MSP group level. You can percolate the group settings to a tenant group. All devices within a group inherit the same persona from the group settings. You can save the preferred settings to apply the same persona and architecture for subsequent group creations.

  • Creating an MSP UI group with a persona and architecture—The MSPs can create an MSP UI group and assign a persona and Aruba Instant OS architecture to the group. The UI groups settings can be percolated to the tenant groups.

    For more information, see Creating an MSP Group Persona with ArubaOS 8 Architecture.

  • Editing an MSP UI group—You can edit an MSP UI group to add a new device type to the group. You can mark the settings of an edited group as preferred settings for subsequent group creations.

    For more information about allowed device combinations, see Editing an MSP UI group with ArubaOS 8 architecture.

  • Cloning a group—You can clone an existing MSP UI group to create a new group with same architecture and persona.

    For more information, see Cloning an MSP UI Group.

For more information, see Groups in the MSP Mode.

AI Insights

The following new insights are added in this release:

Wireless Quality

Availability - Gateway

Outdoor Clients Report

The Outdoor Clients is a new report in the Reports module for the Insights category. This report provides a comparison of an outdoor client's impact on the Wi-Fi performance for two weeks based on the Outdoor clients are impacting Wi-Fi performanceAI Insight. The report shows data before and after applying the recommended SNRSignal-to-Noise Ratio. SNR is used for comparing the level of a desired signal with the level of background noise. threshold values (Local Probe Request Threshold and Min RSSIReceived Signal Strength Indicator. RSSI is a mechanism by which RF energy is measured by the circuitry on a wireless NIC (0-255). The RSSI is not standard across vendors. Each vendor determines its own RSSI scale/values. for Auth Request) in the AI Insight.

For more information, see Report Categories.

Alerts and Events

The following new alerts are added in this release:

Gateway Threat Count per User

Device Category and System Tags

System tags allow you to filter clients based on conditions related to the client profile. Similar device categories are grouped and classified under a tag. For more information, see Managing Tags.

Dynamic Logs

The Dynamic Logs feature enables Aruba Central to dynamically run CLI commands on IAPs or APs and gateways to collect the output as logs, which can be used for troubleshooting device issues. Dynamic Logs sends notification to the Aruba Support team when failure events are generated in the network.

To collect dynamic logs on IAPs, the recommended firmware version is ArubaOS 8.5.0.0 and later. Whereas for gateways, the recommended firmware version is ArubaOS 8.6.0.4-2.2.0.0 and later.

Dynamic Logs also support dynamic packet capture (PCAP) for wireless clients connected to IAPs. You can filter Dynamic Logs events based on event types.

For more information, see Dynamic Logs.

Troubleshooting Tools

A new Console tab is added under Analyze > Tools.

Remote Console Session

The new Console tab allows users to open a remote console for a CLI session through SSHSecure Shell. SSH is a network protocol that provides secure access to a remote device. for a gateway, switch, and access point. Users with admin roles can access the device directly from the console to debug any device issues. The Console tab enables users to either view previously recorded sessions or create new SSH sessions and troubleshoot devices.

For more information, see the following topics:

Aruba Central APIs

This release introduces the following new APIsApplication Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software.:

WLAN Configuration APIs

Following APIs are introduced in the ConfigurationWLAN Configuration category:

Clients APIs

Following APIs are introduced in the Monitoring > Clients category:

  • [GET]:
    • /monitoring/v2/clients
    • /monitoring/v2/clients/{macaddr}

Clients Match APIs

Following APIs are introduced in the Client Match > Status category:

  • [GET]:
    • /loadbal-enable/v1/{tenant_id}
  • POST:
    • /loadbal-enable/v1/{tenant_id}

Troubleshooting APIs

Following API are introduced in the Troubleshooting category:

  • [GET]:
    • /troubleshooting/v1/running-config-backup/serial/{serial}
    • /troubleshooting/v1/running-config-backup/serial/{serial}/prefix/{prefix}
    • /troubleshooting/v1/running-config-backup/name/{name}
  • [POST]:

    • /troubleshooting/v1/running-config-backup/serial/{serial}/prefix/{prefix}
    • /troubleshooting/v1/running-config-backup/group_name/{group_name}/prefix/{prefix}

MSP APIs

Following API is introduced in the MSP > Groups category:

  • [GET]:
    • /msp_api/v1/groups/{group_name}/customers

Groups APIs

Following API are introduced in the Configuration > Groups category:

  • [POST]:
    • /configuration/v3/groups
    • /configuration/v2/groups/{group}/properties

Service IPMS APIs

Following API is introduced in the Service IPMS > Aruba ipms category:

  • [GET]:
    • /ipms-config/v1/node_list/{node_type}/{node_id}/config/address_pool/{pool_name}/ip_range/
    • /ipms-config/v1/node_list/{node_type}/{node_id}/config/
    • /ipms-config/v1/node_list/{node_type}/{node_id}/config/address_pool/
    • /ipms-config/v1/node_list/{node_type}/{node_id}/config/address_pool/{pool_name}/
    • /ipms-config/v1/node_list/{node_type}/{node_id}/config/address_pool/{pool_name}/ip_range/{range_id}/
    • /ipms-config/v1/node_list/{node_type}/{node_id}/
  • [DELETE]:

    • /ipms-config/v1/node_list/{node_type}/{node_id}/config/
    • /ipms-config/v1/node_list/{node_type}/{node_id}/config/address_pool/{pool_name}/
    • /ipms-config/v1/node_list/{node_type}/{node_id}/config/address_pool/{pool_name}/ip_range/{range_id}/
  • [POST]:

    • /ipms-config/v1/node_list/{node_type}/{node_id}/config/address_pool/{pool_name}/
    • /ipms-config/v1/node_list/{node_type}/{node_id}/config/address_pool/{pool_name}/ip_range/{range_id}/
  • [PUT]:

    • /ipms-config/v1/node_list/{node_type}/{node_id}/config/address_pool/{pool_name}/
    • /ipms-config/v1/node_list/{node_type}/{node_id}/config/address_pool/{pool_name}/ip_range/{range_id}/

Authentication & Policy APIs

Following APIs are introduced in the Authentication & Policy > Client Registration category:

  • [GET]:
    • /client_registration
  • [DELETE]:
    • /client_registration/{mac_address}
  • [POST]:
    • /client_registration
  • [PATCH]:
    • /client_registration/{mac_address}

Following APIs are introduced in the Authentication & Policy > Client Policy category:

  • [GET]:
    • /client_policy
  • [DELETE]:
    • /client_policy
  • [PUT]:
    • /client_policy

Following APIs are introduced in the Authentication & Policy > User policy category:

  • [GET]:
    •  /user_policy
  • [DELETE]:
    • /user_policy
  • [PUT]:
    • /user_policy

AI OPs APIs

Following APIs are introduced in the AI OPs > Wi-Fi Connectivity at Global category:

  • [GET]:
    • /aiops/v1/connectivity/global/stage/{stage}/export
    • /aiops/v1/connectivity/site/{site_id}/stage/{stage}/export

    • /aiops/v1/connectivity/group/{group}/stage/{stage}/export

Following APIs are introduced in the AI OPs > AI Insights List category:

  • [GET]:
    • /aiops/v2/insights/global/list
    • /aiops/v2/insights/site/{site_id}/list

    • /aiops/v2/insights/ap/{ap_serial}/list

    • /aiops/v2/insights/client/{sta_mac}/list

    • /aiops/v2/insights/gateway/{gw_serial}/list

    • /aiops/v2/insights/switch/{sw_serial}/list

Following APIs are introduced in the AI OPs > AI Insight Details category:

  • [GET]:
    • /aiops/v2/insights/global/id/{insight_id}/export
    • /aiops/v2/insights/site/{site_id}/id/{insight_id}/export

    • /aiops/v2/insights/ap/{ap_serial}/id/{insight_id}/export

    • /aiops/v2/insights/client/{sta_mac}/id/{insight_id}/export

    • /aiops/v2/insights/gateway/{gw_serial}/id/{insight_id}/export

    • /aiops/v2/insights/switch/{sw_serial}/id/{insight_id}/export

Guest APIs

Following API is introduced in the Guest > Summary category:

  • [GET]:
    • /guest/v1/summary

For more information, see New APIs.

The following sections provide an overview of the enhancements introduced in Aruba Central in this release.

UI Navigation Changes

The following Aruba Central UI enhancement is introduced in this release.

Retain the Same Order of the View Icons

The Summary, List, and Config view icons are displayed in the same order for all dashboards. The default view is displayed when you select any item on the left navigation menu and the tabs on the dashboard.

On any dashboard, when you select a view, the view is retained when you switch between the tabs on the same dashboard. If a particular view is not applicable for a tab, the default view for the tab is selected.

For more information, see About the Network Operations App User Interface.

AOS-CX Template Configuration

The following enhancements are introduced in this release.

Plaintext Password Override after Migrating from Version 2.5.3 to 2.5.4

After upgrading Aruba Central to version 2.5.4, for security reasons, any plaintext passwords, previously configured directly or using variables in the AOS-CX switch template, are hidden and displayed as asterisk (*) symbols.

The plaintext passwords, previously configured in the template, directly or using variables, will work as expected; however, these plaintext passwords, displayed as asterisk (*) symbols, will not work if you copy them to a new template. You must re-enter the plaintext passwords in the new template for the template to work correctly.

For more information, see Configuring AOS-CX Using Templates.

VSF Stack Configuration

The vsf member 1 line must be present in the configuration template for stackable AOS-CX switches running 10.07 or later versions. This is required to apply the configuration to the switches. Also, the vsf member 1 line cannot be removed from the template.

For more information, see Configuring AOS-CX VSF Stacks Using Template Groups.

IAP Configuration

The following IAP configuration enhancements are introduced in this release.

RRM Quiet IE in SSID

The RRM Quiet IE in the Security > Fast Roaming WLAN SSID configuration UI page allows you to enable or disable the Radio Resource Management IE profile elements advertised by an AP in the SSID profile.

For more information, see Configuring Security Settings for Wireless Network.

Mesh Support for Multiple Radios

Aruba Central now allows you to configure mesh profiles for multiple radios in the System > Mesh UI page. Although most mesh deployments require only a single mesh cluster profile, you can configure and apply multiple mesh cluster profiles to an individual AP.

For more information, see Configuring Mesh for Multiple Radios.

Fast Roaming with Mesh

The Mesh mobility RSSI threshold in the Access Points > Mesh configuration UI page allows you to trigger fast roaming on a mobility mesh point when the RSSI of the parent is lower than the threshold value.

For more information, see Access Points Configuration Parameters.

EST support for Radsec and AP1x

Aruba Central now allows EST to support Radsec , AP1X CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate., and AP1X Client Cert on the AP in the Security > Certificate Usage UI page. The Radsec use EST Server allows Radsec to use the certificates enrolled using the EST Profile.

For more information, see Mapping IAP Certificates and Configuring an EST Profile

DHCP Relay Support

The DHCP Relay and Helper Address in the System > DHCP UI page allows the AP to relay the DHCP requests for Centralized DHCP Scopes, Local DHCP Scopes, and DHCP For WLANs.

For more information, see Configuring a Centralized DHCP Scope, Configuring Local DHCP Scopes, and Configuring DHCP Server for Assigning IP Addresses to IAP Clients

Local Probe Request Threshold and Min RSSI for Auth Request

To improve the performance of the indoor Wi-Fi clients, this release supports configuring a WLAN SSID with Local Probe Request Threshold and Min RSSI for auth request advanced settings. Based on your selection, the local probe request threshold value and the Min RSSI for authentication request changes to the recommended value automatically from the AI insight.

For more information, see Configuring Wireless Network Profiles on IAPs.

Authentication Server with fallback to Internal when timeout

In the Authentication drop-down list, select Authentication Server with fallback to Internal when timeout if you want to use authentication server as a primary authentication method and Internal authentication as a backup authentication option. The AP will fall back to internal authentication only when the response from the authentication server times out.

For more information, see Configuring Users Accounts for the AP Management Interface.

IAP Beacon Rate in SSID Profile

The Beacon Rate for 2.4 GHz band and 5 GHz band under Advanced Settings in the SSID configuration page is modified. You can only set the maximum transmission rate from the 2.4 GHz and 5 GHz drop-down list.

For more information, see Configuring Wireless Network Profiles on IAPs

Add Named VLAN

UCC Configuration

In the UCCUnified Communications and Collaboration. UCC is a term used to describe the integration of various communications methods with collaboration tools such as virtual whiteboards, real-time audio and video conferencing, and enhanced call control capabilities. configuration page, the Facetime protocol row and Server column are removed from the table. Additional system default carriers are added to the DNS Pattern list of Wi-Fi Calling protocol.

For more information, see Configuring UCC.

Confirmation Message for Deleting a Site

When you delete a site, the Aruba Central UI now displays a confirmation message to indicate that deleting a site will disassociate all devices that are associated with it. The disassociated devices are moved to the unassigned devices list.

For more information, see the Deleting a Site section in the Managing Sites page.

Monitoring

The following monitoring enhancements are introduced in this release.

AOS-CX VSF Stack

This release introduces the following enhancements to the Switch > LAN > Ports tab:

The switch stack faceplate now displays the following configuration and connection errors related to the AOS-CX VSF stack. You can monitor and troubleshoot these errors from the Ports tab:

  • Auto-join eligibility error
  • VSF link error
  • Cabling error
  • Incompatible switch firmware error

For more information, see Monitoring AOS-CX Switch Stacks.

Global Dashboard

The Connection Experience tile in the Summary view of Manage > Overview > WiFi Connectivity tab is changed to a time series graph. You can hover over the graph to see the connection success percentage for a specific time. In the site context, you can also compare the connection with company or class baseline.

For more information, see Wi-Fi Connectivity.

Application Visibility

The following improvements are made to the Application > Visibility dashboards:

  • In the Visibility > Applications tab, the Usage and Sent column are removed from the Applications table. You can use the filter option in the Applications and Category column to filter any application and category by its name. Use the sort icon to sort the list in an ascending or descending order.

  • In the Summary view, the Visibility dashboard user interface is enhanced to include a pie chart along with the stacked bars. The new graphs display both the Applications and Websites usage data, along with the clients traffic flow. You can select or deselect the application/ category check box to show or hide the traffic flow data from the pie chart and stacked bar. By hovering the mouse over the pie chart and stacked bar, you can view the size of the data.

For more information, see Application Visibility.

Health Bar on the Site Health Dashboard

The Health Bar in the Overview > Site Health tab displays a short description for the potential issues at the site and the devices connected.

For more information, see Site Health Dashboard.

Timezone on the Site Health Dashboard

Health Bar for the AP Dashboard

Radio health in the Health Bar indicates the number of radios in good, poor, or disabled status. It also summarizes the Radio 2.4 GHz, Radio 5 GHz, and Radio 5 GHz (Secondary) health details. Hovering over the Radio Health displays the device health, the exact value of the channel utilization, and the noise floor.

Tunnel status in the Health Bar indicates the number of tunnels that are up and down. AP status and device health value in the health bar changes based on the change in the tunnel status.

For more information, see The Health Bar.

Client Data Path on IAP Overlay Tunnel

The client data path is enhanced to show the data path for IAP-VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. overlay tunnel for wired and wireless clients. In the Client Details page, the Tunneled column shows Yes and the Segmentation column shows Overlay for the tunneled network. To view the details of an overlay tunnel, the IAP and VPNC must be licensed in the same Aruba Central account.

For more information, see All Clients, Clients > Wireless Client > Overview, Clients > Wired Client > Overview.

Wired Clients in Data Path

The AP Summary page displays the number of ports that include USBUniversal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. ports available in the AP and the number of wired clients connected to the AP in the data path.

For more information, see Data Path.

WAN Summary

The WAN Summary page is available in the AP Summary page. The WAN Summary page includes the VPN Availability, Usage, and Throughput details with chart.

For more information, see WAN Summary.

UCC Monitoring

The following improvements are made to the UCC monitoring dashboard:

For more information, see Monitoring UCC in List View and Monitoring UCC in Summary View.

Clients Monitoring

The List view in the Clients section is enhanced with the following features:

  • The filter criterion for the MAC Address column supports all delimiters when searching for a MAC address. You can search for a MAC address with any delimiter, Aruba Central automatically converts it to a semicolon and displays the corresponding results.
  • The download icon is moved next to the ellipsis icon in the Clients table for quick and easy access. The download icon exports the data in the table to a CSVComma-Separated Values. A file format that stores tabular data in the plain text format separated by commas. file.
  • In the List view, you can hover over the row for a wireless client and select DISCONNECT FROM AP to disconnect the client from an AP.

For more details, see All Clients and Disconnecting a Wireless Client from an AP.

Download Client Live Events

The clients Live Events page allows you to download the list of live events to a CSV file for offline analysis.

For more information, see Client Live Events.

Download AP Live Events

The AP Live Events page allows you to download the list of live events to a CSV file for offline analysis.

For more information, see AP Live Events.

Client Category and System Tags

Client tags allow you to filter clients based on conditions related to the client profile. Clients belonging to similar categories are grouped and classified under different tags.

For more information, see Managing Tags.

Topology

In the Topology page, the Show Device Labels is now renamed to Show Device Names.

The Topology page includes the tunnel details for an IAP. The tunnel details on the Topology page now shows ANY if the source IP or destination IP is 0.0.0.0.

For more information, see Monitoring Sites in the Topology Tab.

Floor Plan

This release introduces the following enhancements to the Floor Plan feature:

  • The floor plan user interface for a site has been enhanced and now includes a Summary view and List view. The summary view in the Floor Plan dashboard now features the All Floors tile that displays all the available floors in a tile view for a selected site. You can add a new floor using the add icon and can also search for an AP or floor names using the search icon. The list view displays all the floors in a Floor table.
  • The view mode of a floor is also enhanced to provide a better user experience. For a selected floor, you can now view the floor details in the Floor Details window by clicking the icon. To view any device details in the <Device> Details window, click any device in the floor plan. You can also view the settings applied to the floor plan by clicking the eye icon.
  • The new Floor Plan dashboard for the site, allows you to delete or edit a floor plan directly from the summary view and the list view.

For more information, see About Floor plan.

Gateway Firewall Logging

This release introduces the following enhancements to the Security > Firewall tab:

For more information, see Gateway Firewall Logging.

AI Insights

The following enhancements are added to AI Insights in this release:

Outdoor clients are impacting Wi-Fi performance

The insight recommendation for this insight can be switched from manual to AI-driven by changing the AP configuration. The recommended SNR threshold values for the Local Probe Request Threshold and Min RSSI for Auth Request can be applied automatically (AI-driven) or updated manually to the impacted APs whenever this insight is triggered. You can update the AP to AI-driven mode directly from the AI Insight page by clicking the Update button or you can also change the configuration settings from the AP configuration page.
In the AP configuration page, Advanced Settings, you must set the Local Probe Request Threshold and Min RSSI for Auth Request to either of the following:

  • Automatic—The AP is switched to AI-driven mode. In this approach the values recommended by the insight are applied automatically whenever the insight is triggered.
  • Manual—The AP is switched to manual mode. In this approach the values recommended by the insight should be applied manually by the user.

If there is no SNR recommendation value from this insight, the AP uses the previously configured recommended default value.

For more information, see Outdoor Clients Impacting Wi-Fi Performance and Configuring Wireless Network Profiles on IAPs.

DNS Queries Failed to Reach or Return from the Server

In this insight a new Loss pattern card is added to show persistent DNS loss patterns observed in the network. This insight operates by identifying similar failure events observed during the DNS resolution stage between entities (site, server, AP) and groups them into a set of specific loss patterns. These patterns help network administrators to identify which combination of DNS server and AP setting result in DNS loss events in single or multiple sites in the network.

For more information, see the following help pages:

Firmware Upgrade and Compliance

This release introduces the following enhancements to the Firmware dashboard:

  • Under the Later Date radio, the Select Zone drop-down menu includes the Device Local Time option that allows you to schedule compliance and upgrade based on the local site time.

  • The Set Compliance, Upgrade, and Upgrade All option includes a Install on drop-down option that allows you to select a Primary or Secondary partition to install the firmware.
  • The Firmware <Device> table includes a Group column that displays the group to which the devices are associated. This information is available only in the global context.

  • At the device level when you hover over the Compliance Status column, the following information is displayed: 

For more information, see Managing Software Upgrades.

Reports

The following enhancements are added to reports.

Uptime for an Offline IAP

In the Network report, the - (hyphen) symbol in the Uptime column of APs table indicates that the corresponding IAP is in offline status.

For more information, see Report Categories.

Wired Client Support in Client and Network Reports

  • The explicit details for the wired clients are available in the Client Inventory, Client Usage, Client Session, and Network reports.
    • In the Client Inventory report, the Client Count by Connection Type table displays the client count by wireless and wired connection type.
    • In the Client Usage report, you can filter the data in the Top Ten Clients by Usage widget by All, Connection Type (wireless, wired, or remote) or SSIDs. The inbound and outbound clients data usage metrics is displayed in the Client Usage widget by Connection Type (wireless, wired, or remote) and client count data metrics is displayed in the Client Count widget by Connection Type (wireless, wired, or remote).

    • In the Network report, you can filter the data in the Top Ten Clients by Usage widget by All, Connection Type (wireless, wired, or remote) or SSIDs. The Wired Clients and Peak & Average Wired Data Usage widgets are also added. The client count is displayed on the time series graph in the Wired Clients widget. The inbound and outbound peak or average data usage metrics is displayed in the Peak & Average Wired Data Usage widget.

    • In the Client Session report, the Session Data By Role and Clients By Role widgets display the details by role, connection type (wireless or wired) and SSIDs. You can filter the data in the Top Ten Clients by Usage widget by All, Connection Type (wireless or wired) or SSIDs.

For more information, see Report Categories.

RF Health Report

In the RF Health report, the Optional Widgets section is introduced to include the RF Details and IAP Uplink Usage details in the CSV format. The IAP Uplink Usage information is available only for Instant APs with Advanced license.

For more information, see Report Categories and Report Configuration Options.

Alerts and Events

The following alert and event enhancements are introduced in this release:

Suppress Alerts

In the Site context, while suppressing alert notifications, you can select Override or Append to either override or append the configured email addresses to receive notifications when an individual or site level alter alert is generated. You can also override or append the configured default recipient email list to receive alert notifications.

For more information, see Suppressing Alert Notifications in the Site Dashboard and Adding Default Recipients.

Filter Events

The Events table columns enables filtration and search ability at all levels. It also allows free text search to enhance the search capability. You can also copy and paste text on the column headers to improve the search mechanism.

For more information, see Viewing Events in List view.

Client Event Filter

Aruba Central allows you to troubleshoot issues related to a wired or wireless client connected to IAPs. The Events tab in the client context provides a detailed drill-down capability to filter events further to identity a specific issue and perform troubleshooting in both List and Summary view. It provides an aggregate view of events in different categories to provide a deep insight to the client's health.

For more information, see Client Events.

Troubleshooting Tools

The following enhancements are added for troubleshooting.

Status Indicator in Logs Collection

In the Analyze > Tools > Logs tab, the Status column now displays a status bar when you upload logs. The status bar displays the Scheduled, In Progress, Complete, or Failed statuses as a percentage value, as the logs are uploaded. This helps customers and internal users to understand the status of the log collection.

For more information, see Enabling Gateway Logs.

Live Events – Wired Client Packet Capture

Aruba Central now allows read-write and admin users to launch targeted packet capture on a wired client connected to a gateway or switch. Packet capture can be done at a site level or for a selected client.

For more information, see Client Live Events.

Gateway Troubleshooting - Ping Sweep Test

For Ping Sweep Test additional parameters are introduced in the Show Additional Test Settings section to enhance the troubleshooting procedure. For more information, see Troubleshooting Gateway Connectivity Issues.

API Gateway

The following enhancements are introduced for API gateway:

  • The API call volume is now rate-limited to seven (7) calls per second, per customer.

  • MSP users can now use their access token to perform the operation on their tenant accounts using NBAPI. User privileges as per the tenant role are applied for these operations. For more information, see Accessing Tenant APIs using MSP Access Token.

  • The API Gateway > Usage tab now includes a Current usage status bar that displays the current usage of API calls assigned for a day along with the reset time in local time zone.

For more information, see API Gateway.

Aruba Central APIs

Following are the API changes and enhancements:

Clients APIs

The following APIs are enhanced in the Monitoring > Clients category:

  • [GET]:
    • /monitoring/v1/clients/wireless
    • /monitoring/v1/clients/wired

Topology APIs

The following APIs are enhanced in the Topology category:

  • [GET]:
    • /{site_id}
    • /devices/{device_serial}

Switch APIs

The following API is enhanced in the Monitoring > Switches category:

  • [GET]:
    • /monitoring/v1/switches

Groups APIs

The following APIs are enhanced in the Configuration > Groups category:

  • [POST]:
    • /configuration/v2/groups
    • /configuration/v2/groups/clone
  • [GET]:

    • /configuration/v1/groups/properties

The following APIs are removed:

  • [PATCH]:
    • /configuration/v1/groups/{group}
    • /configuration/v1/groups/{group}/properties

MobilityController APIs

The following APIs are deprecated in the Monitoring > MobilityController category:

  • [DELETE]:
    • /monitoring/v1/mobility_controllers/{serial}
  • [GET]:

    • /monitoring/v1/mobility_controllers
    • /monitoring/v1/mobility_controllers/{serial}
    • /monitoring/v1/mobility_controllers/{serial}/uplinks
    • /monitoring/v1/mobility_controllers/uplinks/bandwidth_usage
    • /monitoring/v1/mobility_controllers/{serial}/uplinks/tunnel_stats
    • /monitoring/v1/mobility_controllers/uplinks/wan_compression_stats
    • /monitoring/v1/mobility_controllers/uplinks/distribution
    • /monitoring/v1/mobility_controllers/{serial}/ports/bandwidth_usage
    • /monitoring/v1/mobility_controllers/{serial}/ports
    • /monitoring/v1/mobility_controllers/{serial}/tunnels
    • /monitoring/v1/mobility_controllers/{serial}/dhcp_clients
    • /monitoring/v1/mobility_controllers/{serial}/dhcp_servers
    • /monitoring/v1/mobility_controllers/{serial}/vlan

    For a list of Aruba recommended alternate APIs, see Deprecated APIs.

For more information, see Modified API and Removed APIs.