Aruba Central Online Help

Aruba Central Licenses Feature Details

This section provides a description about the different configuration and monitoring options available for Aruba Central features tied to Foundation and Advanced Licenses.

Configuration

AP Configuration

License Applicability: AP configuration is available for AP Foundation License.

Network administrators can manage APs through the Aruba Instant UI, Aruba Central, or AirWave management system. Templates in Aruba Central refer to a set of configuration commands that can be used by the administrators for provisioning devices in a group. Configuration templates enable administrators to apply a set of configuration parameters simultaneously to multiple devices in a group and thus automate AP deployments.

For template-based provisioning, APs must be assigned to a group with template-based configuration method enabled.

For more information, see Configuring APs Using UI Configuration Tabs and Configuring APs Using Templates.

AOS-Switch Configuration

License Applicability: AOS-Switch configuration is available for Switch Foundation License.

Network administrators can manage AOS-Switches through the Aruba Central UI menu options. Templates in Aruba Central refer to a set of configuration commands that can be used by the administrators for provisioning devices in a group. Configuration templates enable administrators to apply a set of configuration parameters simultaneously to multiple devices in a group and thus automate AOS-Switch deployments.

For more information, see Configuring AOS-Switches in UI Groups and Using Configuration Templates for AOS-Switch Management.

AOS-CX Configuration

License Applicability: AOS-CX configuration is available for Switch Foundation License.

Network administrators can manage AOS-CX switches through the Aruba Central UI menu options and the MultiEdit mode. The MultiEdit mode in Aruba Central provides a single window for viewing and editing the configuration for one or more AOS-CX switches. In this mode, viewing and editing the configuration is performed using the CLI syntax.

Templates in Aruba Central refer to a set of configuration commands that can be used by the administrators for provisioning devices in a group. Configuration templates enable administrators to apply a set of configuration parameters simultaneously to multiple devices in a group and thus automate AOS-CX deployments.

For more information, see Configuring AOS-CX Switches in UI Groups, Using Configuration Templates for AOS-CX Switch Management, and Using MultiEdit View for AOS-CX.

Auto-Commit

License Applicability: Auto-Commit is available for Foundation and Advanced Licenses for APs, switches, and gateways.

Aruba Central supports a two-staged configuration commit workflow for Instant APs. When the auto-commit state is enabled for a group, the configuration changes are instantly applied to all devices where the auto-commit state is enabled.

For more information about Auto Commit, see Viewing Configuration Status.

Configuration Audit

License Applicability: Configuration Audit is available for Foundation and Advanced Licenses for APs, switches, and gateways.

In Aruba Central, the Configuration Audit page provides an audit dashboard for reviewing configuration changes of the devices provisioned in the UI and template groups. The Configuration Audit page allows you to view configuration push errors, template synchronization errors, configuration sync, and device-level configuration overrides.

For more information about Configuration Audit, see Viewing Configuration Status.

Gateway Configuration

License Applicability: Gateway configuration is available for Gateway Foundation and Foundation Base Licenses.

Aruba Central supports the following methods to configure Gateway groups and Gateways in SD-Branch deployments:

Template groups in Aruba Central allow network administrators to create a common configuration output by using a combination of CLI commands and variables, and apply this configuration to the other Gateway devices provisioned in that group.

For more information about configuring gateways using templates, see Provisioning Gateways Using Configuration Templates.

Monitoring and Reporting

Access, Spectrum, Monitor Mode of Radio Operations

License Applicability: The Access, Spectrum, and Monitor modes of the radios of an access point are available for AP Foundation and Advanced Licenses.

In the Access mode, the Instant AP serves clients, while also monitoring for rogue Instant APs in the background. In the Monitor mode, the Instant AP acts as a dedicated monitor, scanning all channels for rogue Instant APs and clients. In the Spectrum mode, the Instant AP functions as a dedicated full-spectrum RFRadio Frequency. RF refers to the electromagnetic wave frequencies within a range of 3 kHz to 300 GHz, including the frequencies used for communications or Radar signals. monitor, scanning all channels to detect interference, whether from the neighboring Instant APs or from non Wi-FiWi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. devices such as microwavesElectromagnetic energy with a frequency higher than 1 GHz, corresponding to wavelength shorter than 30 centimeters. and cordless phones.

For more information about radio modes of an AP, see Configuring Device Parameters.

Alerts and Events

License Applicability: Alerts and events for APs, Gateways, and switches is part of Foundation License and does not require any extra configuration. This tab shows data for all devices irrespective of device license type.

The Alerts and Events dashboard displays a list of alerts and events generated for events pertaining to device provisioning, configuration, and user management. You can view the alerts and events in the List view and Summary view. Configuration view is used to configure alerts and is available only at the Global context.

For more information about Alerts and Events, see Alerts and Events.

Application Visibility

License Applicability: The Application Visibility feature is a part of a Foundation License. However, as APIApplication Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. streaming is available for Advanced Licenses only, the Application Visibility streaming service is supported only for APs with an Advanced License.

Application Visibility is a custom-built Layer-7 firewallFirewall is a network security system used for preventing unauthorized access to or from a private network. capability in Aruba Central that allows you to create firewall policies based on the types of applications in IAPs. Application Visibility provides features like deep packet inspection, application monitoring, and AirSlice Policy.

For more information about AppRF, see Application Visibility.

Audit Trail

License Applicability: Audit Trail logs for APs, gateways, and switches, is part of Foundation License and does not require any extra configuration. This tab shows data for all devices irrespective of device license type.

The Audit Trail page in Aruba Central shows the total number of logs generated for all device management, configuration, and user management events triggered in the network.

For more information about Audit Trail, see Audit Trail.

Client List and Details

License Applicability: Clients monitoring is available for the Foundation License of AP, switch, and gateway.

The Clients page is also called the unified clients list and it provides a list of all clients that are connected to access points, switches, or gateways in the network. The List and Summary views under the Clients tab serve as dashboards. It displays details about the network performance, client connection status, instantaneous client refresh, Go Live (only AP), and other information required for monitoring the clients.

For more information about clients monitoring, see All Clients.

Floorplans

License Applicability: Floorplans is available for AP and gateway Foundation Licenses. Floorplans allow you to plan sites, create and manage floorplans, and provision access points. Floorplans provide a real-time picture of the radio environment of your wireless network and the ability to plan the wireless coverage of new sites.

For more information about floorplans, see About Floorplans.

Reports

License Applicability: Reports is available for the Foundation License.

The Reports feature enables you to generate reports for the Clients, Infrastructure, Security Compliance, and Applications categories. The Reports feature is present under the Analyze section of the Network Operations app. The functionalities present are creating a report, generating a report, scheduling the report generation, previewing a report, and downloading a report in PDF and CSVComma-Separated Values. A file format that stores tabular data in the plain text format separated by commas. formats. The Custom range for the Summary report is available for the last one year, except the current date (today). All other reports are available for 90 days.

For more information about Reports, see Reports.

Topology

License Applicability: Topology is available for Foundation and Advanced Licenses for APs, switches, and gateways.

In Aruba Central, the Topology tab in the site dashboard provides a graphical representation of the site, including the network layout, details of the devices deployed, and the health of the WAN uplinks and tunnels. The topology map provides information about third-party devices and devices that are not managed by Aruba. It also provides information about orphan and offline third-party devices, and the VLANsVirtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. configured on switches running AOS-Switch and AOS-CX software.

For more information about Topology, see Monitoring Sites in the Topology Tab.

Web Content Classification (WebCC)

License Applicability: The WebCC feature is available for Foundation Licenses for APs and gateways.

The WebCC allows you to classify website content based on reputation and take measures to block malicious sites. It fetches information about website content classification and geolocation of IPs. The IP reputation database contains known IP addresses associated with various malicious activities or threats such as botnet, DOS, and spam sources. The geolocation IP database contains the geographical location of the IP address from where the traffic is received or to which the traffic is sent. This provides geolocation and reputation filtering as part of the security suite.

The table below lists the features supported for AP and gateway licenses:

AP Foundation

Gateway Foundation and Foundation Base

WebCC Firewall rules, visualization by reputation and category

WebCC Firewall rules, visualization by reputation and category

For more information about WebCC, see Filtering URLs Based on Website Content and Reputation.

Wi-Fi Connectivity

License Applicability: The Wi-Fi Connectivity dashboard for APs is part of Foundation License and does not require any extra configuration.

The Wi-Fi Connectivity page displays an overall view of the connection details for all clients that are connected to or tried to connect to each connection phase. The connection phases include the following:

For more information about Wi-Fi Connectivity, see Wi-Fi Connectivity.

AI Operations

AI Insights

License Applicability: AI Insights is available for Foundation and Advanced Licenses for APs, switches, and gateways. The Insights that require an Advanced License are marked as Advanced in the UI.

The AI Insights dashboard displays a report of network events that could possibly affect the quality of the overall network performance. These are anomalies observed at the access point, connectivity, and client level for the selected time range. Each insight provides specific details on the occurrences of these events for easy debugging.

Different types of insights are generated by Aruba Central and they can be accessed from different contexts such as Global, Site, Clients, and Device. Some of the insights are part of an Advanced License only and they are marked as Advanced in the user interface.

The following figure displays various AI Insights available and some are marked as Advanced.

Figure 1  AI Insights List

The table below lists the features supported for AP, switch, and gateway licenses:

AP Foundation License

AP Advanced License Switch Foundation Gateway Foundation, Foundation Base, and VGW
  • Connectivity—Wi-Fi
  • Wireless Quality
  • Availability—Access Points
  • Class and Company Baselines
  • Wireless Quality
    • Outdoor clients impacting Wi-Fi performance
    • Coverage Hole Detection
    • Transmit power optimization
  • Availability—Switch
  • Class and Company Baselines
  • Availability—Gateways
  • Class and Company Baselines

In this release, all AI Insights are available irrespective of the user role or Aruba Central subscription. In the upcoming Aruba Central release, AI Insights marked as Advanced in the user interface would require an advanced subscription.

For more information about AI Insights, see Insights Context.

AI Search

License Applicability: AI Search feature is available for Foundation License for AP, switch, and gateway.

The AI search feature in Aruba Central enables you to search for clients, devices, and infrastructure connected to the network. Using the search results, you can navigate to the configuration and troubleshooting pages. The search also retrieves relevant documentation to help you efficiently operate your networks. The search engine uses Natural Language Processing (NLP) to analyze queries and return relevant search results.

For more information about Alerts and Events, see Using the Search Bar.

Dynamic Logs

License Applicability: Dynamic Log is available for both Foundation and Advanced Licenses for APs and gateways.

The Dynamic Logs feature enables Aruba Central to dynamically run CLI show commands on APs and gateways, and collect the output as logs. You can also enable Aruba support notification option to notify TACTechnical Assistance Center. support regarding the logs generated. These logs can be used to troubleshoot the APs and gateways.

 Dynamic Logs is supported in this release as an Early-Access feature. Contact your Aruba SE or Account Manager to enable it in your Aruba Central account.

The following figure displays the available options for Dynamic Logs.

Figure 2  Dynamic Logs Option

For devices assigned with the Foundation License, the Dynamic Logs feature only supports the log collection activity. Even if you enable the Notify Aruba Support option, the option is not activated for devices licensed with Foundation License.

For devices assigned with Advanced Licenses, Dynamic Logs support both log collection and the Aruba support notification option.

For example, assume an Aruba Central account with Dynamic Logs enabled, where you configure a group of three Access Points (APs), AP1, AP2, and AP3. AP1 has a Foundation License while AP2 and AP3 have Advanced Licenses. For this group, both Dynamic logs collection and Notify Aruba Support options are enabled. However, the Aruba support notification option is only applicable for AP2 and AP3, which have Advanced Licenses.

Troubleshooting

Live Events

Licensing Applicability: Live Events for clients, APs and switches is part of Foundation License and does not require any extra configuration.

The clients Live Events page shows information required to troubleshoot issues related to a client or a site in real time for detailed analysis. Aruba Central also allows to troubleshoot issues related to access points. The AP Live Events feature is similar to client live troubleshooting, but in this case we can enable Live Events at the AP level. Currently, users can subscribe to Radio, VPNVirtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two., and Spectrum events.

For more information about Client and AP Live Events, see Client Live Troubleshooting.

Live Packet Capture (PCAP)

Licensing Applicability: Live PCAP for APs and switches is part of Foundation License and does not require any extra configuration.

Aruba Central allows users to interact and launch a targeted packet capture on a client connected to a specific AP or a switch. When the user starts packet capture from the UI, Aruba Central notifies the AP and the switch. The default packet capture duration is 15 minutes.

For more information about Live PCAP, see Client Live Troubleshooting.

Troubleshooting Tools

License Applicability: Troubleshooting for APs, gateways, and switches is part of Foundation License and does not require any extra configuration.

The Tools menu option allows network administrators and users with troubleshooting permission to perform troubleshooting or diagnostics tests on devices and networks managed by Aruba Central.

The Tools page is divided into the following tabs:

  • Network Check—Allows you to run diagnostic checks on networks and troubleshoot client connectivity issues.
  • Device Check—Allows you to run diagnostic checks and troubleshoot switches.
  • Commands—Allows you to perform network health check on devices at an advanced level using command categories.

For more information about Tools, see Using Troubleshooting Tools.

Services

AirGroup

License Applicability: AirGroupThe application that allows the end users to register their personal mobile devices on a local network and define a group of friends or associates who are allowed to share them. AirGroup is primarily designed for colleges and other institutions. AirGroup uses zero configuration networking to allow Apple mobile devices, such as the AirPrint wireless printer service and the AirPlay mirroring service, to communicate over a complex access network topology. is available for both AP Foundation and Advanced Licenses.

AirGroup is a zero–configuration networking protocol that enables service discovery, address assignment, and name resolution for desktop computers, mobile devices, and network services. It is designed for flat, single-subnet IP networks such as wireless networking at home. AirGroup supports both wired and wireless devices.

 AirGroup is supported in this release as an Early-Access feature. Contact your Aruba SE or Account Manager to enable it in your Aruba Central account.

In InstantOS-based APs, the service is hosted on the IAP Virtual controller and all services are supported.

AirMatch

License Applicability: AirMatch is available for AP Foundation License.

AirMatch channel planning evens out channel distributions in any size of network and in any subset of the contiguous network. AirMatch also minimizes channel coupling where adjacent radios are assigned to the same channel.

For more information about AirMatch, see Support for Dual 5 GHz AP.

AirSlice

License Applicability: The AirSlice feature is available for only AP Advanced Licenses.

The AirSlice feature allows network operators to build virtual networks suitable for specific application requirements. It allows network operators to monitor applications used by clients and supports multiple services such as gaming, IoTInternet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet., voice, video, and so on.

 AirSlice is supported in this release as an Early-Access feature. Contact your Aruba SE or Account Manager to enable it in your Aruba Central account.

For devices that have Advanced Licenses, the AirSlice feature supports unlimited applications and provides prioritization of custom-applications with visibility and configuration.

The table below lists the features supported for AP licenses:

Advanced
  • Visibility and prioritization of applications
  • Maximum number of applications as supported by the Aruba Central platform

ClientMatch

License Applicability: ClientMatch is available for AP Foundation License.

ClientMatch continually monitors the RF neighborhood for each client to provide ongoing client bandBand refers to a specified range of frequencies of electromagnetic radiation. steering, load balancing, and enhanced AP reassignment for roaming mobile clients.

For more information about ClientMatch, see Configuring ARM Features.

Presence Analytics

License Applicability: Presence Analytics is available for Foundation AP License.

Presence Analytics enables businesses to collect and analyze user presence data in public venues, enterprise environments, and retail hubs. Presence Analytics also enables businesses to collect real-time data on user footprints within the wireless network range.

For more information about Presence Analytics, see Presence Analytics.

SaaS Express

License Applicability: SaaS Express is available for Advanced Gateway License and Advanced with Security Gateway License only.

The SaaS Express feature, on SD-WAN Gateways, enables discovery of the SaaS application servers, monitors application performance, and steers traffic to the best-available servers, and thus provides an improved user experience.

For more information about Saas Express, see SaaS Application Traffic Management with SaaS Express.

Unified Communications

License Applicability: Unified Communications is available for AP Advanced Licenses.

The Unified Communications feature enables a seamless user experience for voice calls, video calls, and application-sharing when using communication and collaboration tools. It allows you to actively monitor voice, video, and application-sharing sessions, provide traffic visibility, prioritize the required sessions, and provide rich visual metrics for analytical purposes.

Unified Communications is supported in this release as an Early-Access feature. Contact your Aruba SE or Account Manager to enable it in your Aruba Central account.

Security

Cloud Guest

License Applicability: Cloud Guest is available for the AP Foundation License.

The Cloud Guest access enables the guest users to connect to the network. This is provided through the splash page profile that is created by the administrators for the guest users in the Guests tab under Manage. The Summary page in the Manage > Guest Access application is the monitoring dashboard that displays the number of guests, guest SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network., client count, type of clients, and guest connection. Cloud Guest deals with the AP, so the license that is assigned to the AP is also applicable to Cloud Guest. By default, the Foundation License is applicable. The Advanced License features will also be available if the Cloud Guest is assigned to it.

For more information about Cloud Guest, see Guest Access.

Clients Profile

The Clients Profile enables network and security administrators to discover, monitor, and automatically classify new and existing devices that connect to a network. You can identify devices that include IoT devices, medical devices, printers, smart devices, laptops, VoIPVoice over IP. VoIP allows transmission of voice and multimedia content over an IP network. phones, computers, gaming consoles, routers, servers, switches, and so on.

The table below lists the features supported for switch licenses:

Intrusion Detection and Prevention (IDS or IPS)

License Applicability: IDSIntrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. and IPSIntrusion Prevention System. The IPS monitors a network for malicious activities such as security threats or policy violations. The main function of an IPS is to identify suspicious activity, log the information, attempt to block the activity, and report it. is available for Foundation with Security Gateway License, Foundation Base with Security Gateway License, and Advanced with Security Gateway License.

The IDS and IPS monitors, detects, and prevents threats in the inbound and outbound traffic. Aruba IDS or IPS adds an extra layer of security that focuses on users, applications, network connections, and can be integrated with the Aruba SD-Branch solution.

For more information about IDPS, see Overview of Aruba IDPS.

RAPIDS

License Applicability: RAPIDS is available for Foundation and Advanced Licenses for APs.

The RAPIDS feature enables Aruba Central to quickly identify and act on interfering APs in the network that can be later considered for investigation, restrictive action, or both. Once the interfering APs are discovered, Aruba Central sends alerts for security events to the network administrators about the possible threat and provides essential information needed to locate and manage the threat.

RAPIDS is supported in this release as an Early-Access feature. Contact your Aruba SE or Account Manager to enable it in your Aruba Central account.

This feature is part of the AP Foundation License. However, as API streaming is available for Advanced License only, Aruba Central would not stream any security events for APs with Foundation License. For APs with Advanced License, API streaming of security events is available for further diagnosis and threat management.

For more information about RAPIDs, see About RAPIDS.

API

Streaming APIs

License Applicability: The Streaming API service requires that devices such as IAPs and gateways are assigned with Advanced License.

The Streaming API feature enables you to subscribe to a select set of services, instead of polling the NB API to get an aggregated state, or statistics of the events, pertinent to the monitoring activities of Aruba Central. With Streaming API, you can write value-added applications based on the aggregated context.

For example, with Streaming API, you are notified about the following types of events:

  • The UP and DOWN status of the devices
  • Change in location of stations

The Streaming API feature in Aruba Central is enabled only when any one of the devices in the account has an Advanced License. If the account has devices with only Foundation License, the Steaming API tab is not displayed in Aruba Central.

If the Streaming API feature is enabled, and the account has a mix of Foundation License and Advanced License for devices, the devices that are assigned with Foundation License do not stream any data for any topics.

For more information about Streaming APIs. see Streaming API.

SD-Branch

Application-based Policy

License Applicability: The application-based policy configuration is available for Foundation License for Branch Gateways.

The Application-based policy configuration helps in deep packet inspection of application usage by clients. Using this configuration, you can define applications, security, and service aliases. You can configure Access Control Lists (ACLsAccess Control List. ACL is a common way of restricting certain types of traffic on a physical port.) to restrict user access to an application or application category.

For more information about application-based policies, see Configuring ACLs for Deep Packet Inspection.

Dynamic Path Steering

License Applicability: Dynamic Path Steering is available for Gateway Foundation and Foundation Base License.

In the Path Steering tab, you can view traffic path steering details for the Dynamic Path Steering policies configured on the Branch Gateway. This tab also displays the number of policies that are compliant along with the total number of policies configured on the Branch Gateway.

For more information about Dynamic Path Steering and configuration steps, see Configuring Policies for Dynamic Path Steering.

Full SD-LAN Control

License Applicability: SD-LANLocal Area Network. A LAN is a network of connected devices within a distinct geographic area such as an office or a commercial establishment and share a common communications line or wireless link to a server. monitoring is available for Foundation License for Branch Gateways.

The LAN Summary page displays a graphical representation of the LAN link availability of a Branch Gateway. It also provides a summary of all the LAN interfaces and port details.

For more information about full SD-LAN control, see Gateway LAN Summary.

IPsec VPN

License Applicability: IPsecInternet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. VPN is available for Gateway Foundation and Foundation Base License.

An IPsec tunnel is configured to ensure that the data flow between the networks is encrypted. When configured, the IPsec tunnel to the controller secures corporate data. You can configure an IPsec tunnel from virtual controller using Aruba Central.

For more information about IPsec VPN, see Configuring IPsec VPN Tunnel.

Role-based Access Policy

License Applicability: Role-based Access Policy configuration is available for Foundation License for Branch Gateways.

The Role-based Access Policy determines client access based on the user roles assigned to a client. Each user or device connected to the branch network is associated with a user role. Once the role is assigned, traffic and security policies are applied to devices based on the role.

For more information about role-based access policy, see Configuring Policies for a Branch Gateway Group.

SD-WAN Overlay

License Applicability: SD-WAN Overlay monitoring is available for Gateway Foundation License.

The SD-WAN Overlay is an orchestrator service for branch deployments, which is done by setting up IPsec tunnels between the Branch Gateways and VPN Concentrators. This is achieved through Tunnel and Route orchestration. The tunnel configuration between the branch and hub sites is automatic and the route configuration is done by redistributing the routing information learnt from the branch in a dynamic way. The Map and Grid views of the Tunnel and Route tabs under SD-WAN Overlay serve as dashboards for monitoring purpose, providing information about the tunnels and routes configured for an individual Branch Gateway.

For more information about SD-WAN Overlay monitoring, see Monitoring SD-WAN Overlay Tunnels and Routes.

Stateful Firewalls

License Applicability: Stateful Firewalls is available for Gateway Foundation and Foundation Base License.

Aruba Gateways support stateful firewall for stateful inspection of packets. Stateful firewalls provide an additional layer of security by tracking the state of network connections and using the state information from previous communications to monitor and control new communication attempts. To protect your network from external attacks and unauthorized communication attempts, you can configure match conditions and packet filtering criteria for the Aruba Gateways.

For more information about Stateful firewalls, see Configuring Global Firewall Parameters.

Web Content Filtering

License Applicability: Website content filtering is available for Foundation License for Branch Gateways. Aruba Gateways enhance branch security by providing real-time web content and reputation filtering. The Website Content Classification feature on Branch Gateways allows you to classify website content based on reputation and take measures to block malicious sites.

For more information about web content filtering, see Filtering URLs Based on Website Content and Reputation.