What's New

The following sections provide an overview of the new features and enhancements that are added to Aruba Central 2.5.8 and ArubaOS 10.6 release.

Central 2.5.8
ArubaOS 10.6
New Features
Enhancements

The following is the new AI Ops feature added in this release:

AI Insights

The following new insight is added in the AI Insight dashboard:

AI-Driven Power save Config Recommendation for Access PointsAruba Central now supports Power Save AP recommendations for Access Points at the Device level. This insight will display the power save recommended APs from the list of access points present in the network. To implement the recommended configuration for the Power Save APs, you can set the power save profile configuration at the AP or Group level from the AP configuration page, Advanced Settings to either of the following:

  • Automatic

  • Manual

For more, information, see AI-Driven Power Save Configuration Recommendation for Access Points.

This is selectively available Aruba Central feature. Contact your Aruba Account Manager to enable it in your Aruba Central account.

AI Search

Aruba Central is known as the AI-powered Network Management Solution for Enterprise Networks. It is now equipped with an GenAI-driven Search bar. By integrating the latest advancements in AI/ML and leveraging sophisticated Large Language Models (LLMs), the Search bar transcends the capabilities of conventional search functions.

The Search bar now creates pathways by providing direct links to both the Aruba Central user interface and the TechDocs WebHelp. This integrated approach ensures that users have immediate access to detailed information, offering depth and context at their fingertips.

For more information, see Using the Search Bar.

Listed below are APIs introduced in this release: 

API Category New APIs

Cloud Connect > Cloud connect

  • [GET] /cloud-connect/v1/all-tunnel-policy-configs
  • [GET] /cloud-connect/v1/custom-account/{account_name}
  • [GET] /cloud-connect/v1/prisma-account/{account_name}

 

  • [POST] /cloud-connect/v1/node_list/{node_id}/config/prisma
  • [POST] /cloud-connect/v1/custom-account/{account_name}
  • [POST] /cloud-connect/v1/prisma-account/{account_name}

 

  • [PUT] /cloud-connect/v1/node_list/{node_id}/config/prisma
  • [PUT] /cloud-connect/v1/custom-account/{account_name}
  • [PUT] /cloud-connect/v1/prisma-account/{account_name}

 

  • [DELETE] /cloud-connect/v1/prisma-account/{account_name}

Device Replacement > Offline Devices

  • [GET] /v1/offline_device

Device Replacement > Request Replacement

  • [POST] /v1/request_replacement

Device Replacement > Check Compliance

  • [POST] /v1/check_compliance

Device Replacement > Initiate Replacement

  • [POST] /v1/initiate_replacement

Device Replacement > Cancel Replacement

  • [POST] /v1/cancel_replacement

Device Replacement > Devices Under Replacement

  • [GET] /v1/devices

Device Replacement > Devices Status

  • [GET] /v1/device_status

Device Replacement > Devices count

  • [GET] /v1/device_count

Device Replacement > Get MSP customers

  • [GET] /v1/msp_customers

Device Replacement > MSP Replacement Count

  • [GET] /v1/msp_replacement_count

Device Replacement > MSP replacement detail

  • [GET] /v1/msp_replacement_details

Monitoring > Switch

  • [GET] /monitoring/v1/cx_switches/{serial}/neighbors
  • [GET] /monitoring/v1/cx_switch_stacks/{stack_id}/neighbors

Service UCC > Aruba ucc

  • [GET] /ucc-config/v1/node_list/{node_type}/{node_id}/config/ucc_alg/zoom/
  • [POST] /ucc-config/v1/node_list/{node_type}/{node_id}/config/ucc_alg/zoom/
  • [PUT] /ucc-config/v1/node_list/{node_type}/{node_id}/config/ucc_alg/zoom/
  • [DELETE] /ucc-config/v1/node_list/{node_type}/{node_id}/config/ucc_alg/zoom/

For more information, see Changes to Aruba Central APIs

The following is the new certificate feature added in this release:

Edit a Certificate

Starting from Aruba Central 2.5.8, users can edit an existing custom certificate listed in the Certificate Store table. For more information, see Editing a Certificate.

The following are the new Gateway features added in this release:

Configure Static Host List for LAN Interfaces

You now have the option to configure Static Host List for LAN Interfaces.

For more information, see Configuring Static Host List for LAN interfaces

Support for Overlay Route Drop Mechanism

The overlay route drop mechanism is a feature designed to enhance network security, specifically by ensuring that traffic is not inadvertently rerouted over the underlay network when SD-WAN overlay routes are unavailable. For more information, see Configuring Overlay Route Drop Mechanism.

The following are the new Instant AP features added in this release:

Support for AP System Location

Aruba Central now displays the system location of an AP. For more information, see Configuring System Parameters for an IAP

Support for Free Channel Index Configuration

Aruba Central now allows you to set the free channel index for an AP. For more information, see Configuring Radio Parameters.

Support for Honor 40 MHz Intolerance for APs

Aruba Central now supports 40 MHz Intolerance for APs that decides whether the APs using this radio profile will advertise intolerance of 40 MHz operation. This feature is disabled by default. For more information, see Configuring Radio Parameters.

Support for IPv6 RA and ND Optimization in WLAN SSIDs

Aruba Central now supports IPv6 RA and ND optimization that allows local IPv6 hosts to automatically configure their own IP address based on information advertised by switches or routers operating on the network. For more information, see Configuring Advanced Settings for a WLAN SSID Profile.

Support for Non-DFS Channels

Aruba Central now allows you to select the non-DFS valid channels only for 5 GHz bands. For more information, see Configuring ARM Features

Support for SSH Timed Account Lockout

Aruba Central now supports SSH Timed Account Lockout feature on APs without any RADIUS server that allows an administrator to configure the number of unsuccessful authentication attempts to authenticate remotely. For more information, see Configuring Users Accounts for the IAP Management Interface.

Support for Zero Wait DFS

Aruba Central now supports zero wait DFS that provides seamless change of radio channels and to avoid the period of no transmission. Zero wait DFS can be configured for the 5 GHz and secondary 5 GHz radio profiles. For more information, see Configuring Radio Parameters.

Updates to Certificate Usage Verbiage for RadSec

In the Aruba Central UI, the RadSec and RadSec Certificate Authority is renamed to RadSec Client Cert and RadSec CA respectively. For more information, see Mapping IAP Certificates.

The following are the new MSP features added in this release:

MSP Deployment Scenarios

Please contact your HPE GreenLake sales representative or your HPE Aruba account manager to enable the Deployment Model 2 or Deployment Model 3 feature in your HPE GreenLake workspace. For more information see: End-Customer Owns Both Devices and Subscriptions But MSP Manages (Deployment Model 2) and Hybrid MSP Deployment Model (Deployment Model 3).

MSP Group Supports AOS-10 Gateway

The ArubaOS 10 architecture and gateway configuration are supported in this release. For more information, see Creating an MSP Group Persona with ArubaOS 10 Architecture.

AOS-CX support for MSP

AOS-CX Groups are supported at the MSP level.

For more information, see MSP Groups for AOS-CX.

Aruba Central Cloud Connect

Aruba Central now allows you to integrate Palo Alto Prisma Access with Aruba Cloud Connect to orchestrate the deployment of Aruba SD-Branch gateways or Branch Gateway groups and Microbranch APs or AP groups. For more information, see Integration of Cloud Connect with Palo Alto Prisma Access.

Aruba Central NetConductor

The following are the new Aruba Central NetConductor features added in this release:

  • Configuration for System VLAN-Client-Presence for Fabric WizardAruba Central NetConductor now supports a toggle for VLAN Client Presence Detect to disable the VNI mapped VLANs if there are no authenticated clients on the VLAN, or if the VLAN has no statically configured ports and those ports are up.

    For more information, see Setting Up an Overlay Fabric.

  • Muti-Fabric EVPN OverviewAruba Central NetConductor now supports Muti-Fabric EVPN deployment provides end-to-end segmentation across SD-WAN Fabric by carrying the VRF and Role information natively in the data-plane.

    For more information, see Muti-Fabric EVPN Overview .

  • RIB-to-FIB Optimization Knob for Fabric WizardAruba Central NetConductor now supports FIB Optimization to optimize unused host routes.

    For more information, see Setting Up an Overlay Fabric.

  • Support for Extended Edge Fabric Persona and Fabric DesignsAruba Central NetConductor now supports extended edge fabric persona and provides two types of Fabric Design options Routed-Access and Scaled-Access Design.

    For more information, see Overlay Fabric Overview .

  • VSX Support for Campus Access Aggregation in Network WizardAruba Central NetConductor now supports a checkbox to specify the VSX pair in the Access-Aggregration when configuring a a Campus (3 tier L3 access) Underlay Network.

    For more information, see Setting Up a Campus (3 tier L3 access) Underlay Network.

Cloud Authentication and Policy

The following is the new Cloud Authentication and Policy feature added in this release:

  • Support for Okta Workforce Identity CloudAruba Central now supports Okta Workforce Identity Cloud identity provider in the Cloud Auth application.

    For more information, see Okta Workforce Identity Cloud.

  • Dual Layer User Policy — Cloud Authentication and Policy supports the dual layer user policy wherein the administrator can configure user policies based on group membership and client tags. Users will now be able to configure advanced user policies by incorporating the tags from Client Insights into user access policy decisions. For more information, see Editing User Access Policy.

The following are the new Switch features added in this release:

IPv6 Support

Starting from Aruba Central 2.5.8, users can onboard, monitor their devices, and upgrade the AOS-CX firmware over IPv6 or dual stack networks. For more information, see AOS-CX Overview.

Advanced License for AOS-CX Switch Features

Some of the AOS-CX switch features require Aruba Central Advanced licenses. A notification message is displayed indicating that a valid advanced license is required for the Fabric Overlay, Network Underlay workflows, and for AOS-CX Advanced Feature Pack using MultiEdit. You can acknowledge the message by clicking the close button. The notification message is user-specific. Once the message is closed, it will not be displayed for the same user, but the message will be displayed for other users. Also, the message acknowledgment needs to be done independently for each feature. For more information, refer to the AOS-CX switches Feature Pack Ordering Guide and EULA.

One Touch Provisioning of AOS-CX Switches using Aruba Installer Mobile App

The Aruba Installer mobile app now supports the one-touch provisioning (OTP) of AOS-CX switches workflow. Using this workflow, the administrator can configure an AOS-CX with some basic configuration settings through the Aruba Installer mobile app. You can configure either a standalone AOS-CX switch or a VSF stack. For more information, see One Touch Provisioning of AOS-CX Switches using Aruba Installer Mobile App.

The following are the newly supported Aruba APs in Aruba Central 2.5.8 release:

  • AP-605H

  • AP-675

  • AP-677

  • AP-679

For more information on supported devices, see Supported Instant APs.

The following Alerts & Events enhancements are introduced in this release:

AOS-CX Switch Alerts

  • Switch Uplink Port Usage—Generates an alert when the total uplink port usage of a switch at a site exceeds the configured value within the specified duration.

  • Switch Routing Neighbor Status Change—Generates an alert when the current status of the BGP neighbor changes from up (established) to down.

  • Switch NAE Agent Status—Generates an alert when an NAE agent hits a condition that requires to be reported. This alert is disabled by default. This alert is supported only on AOS-CX switches running 10.13.1000 or later versions. This alert is generated only for the following NAE agent scripts:

    • routing_health_monitor

    • EVPN_VXLAN

    • Client Services

    • VSF_agent

    • VSX

    • default_agent

AOS-CX Switch Events

Support for the AOS-CX switch events in the following categories are now available in Aruba Central:

  • Services

  • Routing

  • Interface

  • Hardware

  • Overlays

For more information about the AOS-CX switch events, navigate to the AOS-CX Switch Software Documentation Portal. In the AOS-CX Switch Software Documentation portal, navigate to a switch model and click the View software feature and user guides (HTML) link. Click Software Release Version listed next to the Event Log Message Reference Guide to view the events for the software release version selected.

Gateways Logs

While uploading log files under Manage > Devices > Gateway > Tools > Logs, you can now prepare and upload packet capture log files at a later time. You can schedule the date and time when you want to upload the log files. For more information, see Enabling Gateway Logs.

Listed below are APIs enhanced in this release.

API Category

Modified APIs

Authentication & Policy

  • [PUT] /cloudAuth/api/v1/user_policy
  • [GET] /cloudAuth/api/v1/user_policy

Authentication & Policy > User Policy

  • [GET]/cloudAuth/api/v1/user_policy
  • [PUT]/cloudAuth/api/v1/user_policy

Ble Beacon Service

  • [GET] /ble_cfg_beacons/{group_name}
  • [GET] /ble_run_beacons/{group_name}
  • [GET] /ble_beacon_profiles
  • [POST] /ble_cfg_beacons/{group_name}
  • [POST] /edit_beacon_profiles/{group_name}/{profile_id}

Configuration > AP Configuration

  • [GET]/configuraon/v1/ap_cli/{group_name_or_guid_or_serial_number}
  • [POST]/configuraon/v1/ap_cli/{group_name_or_guid_or_serial_number}

Listed below are APIs removed in this release.

API Category

Removed APIs

Monitoring > AP

  • [GET] /monitoring/v1/aps
  • [GET] /monitoring/v2/aps/{serial}/rf_summary
  • [GET] /monitoring/v1/aps/bandwidth_usage
  • [GET] /monitoring/v2/aps/bandwidth_usage
  • [GET] /monitoring/v1/aps/{serial}/neighbouring_clients
  • [GET] /monitoring/v1/bssids
  • [GET] /monitoring/v1/aps/bandwidth_usage/topn

Monitoring > Network

  • [GET] /monitoring/v1/networks
  • [GET] /monitoring/v1/networks/{network_name}
  • [GET] /monitoring/v1/networks/bandwidth_usage

Monitoring > VPN

  • [GET] /monitoring/v1/vpn/usage
  • [GET] /monitoring/v2/vpn/usage
UnitedCommunications
  • [GET] /v1/summery
  • [GET] /v1/client/count
  • [GET] /v1/session/trend
  • [GET] /v1/session/count/alg
  • [GET] /v1/session/quality/type
  • [GET] /v1/session/quality/ssid
  • [GET] /v1/insights/count
  • [GET] /v1/insights
  • [GET] /v1/cdr/list
  • [GET] /v1/cdr/export
  • [GET] /v1/SkypeCentralURL

For more information, see Changes to Aruba Central APIs

AirGroup - Follow-the-User

Aruba Central supports personal device accessibility by device owners from any location beyond the on-hop neighborhood, within the network. For more information, see AirGroup.

AirGroup - Personal Device Visibility and Sharing

Aruba Central supports sharing of personal devices by device owners across the network, using CloudGuest. For more information, see Sharing of Personal Devices.

BLE Beacon Service Support for Open Locate Beacon

The Open Locate advertising format enables you to broadcast LCI details. Open Locate only supports auto configuration method. If Open Locate is configured from the UI, then Measured Power and Geo Location information is broadcast. If the profile is configured using API, then you can configure more options such as Measured Power, Geo Location, Floor Location, Identity, URL, and Signature.

For more information see, Configuring IoT BBS Profile for ArubaOS 10 APs.

IoT Operations - Group Support

Aruba Central now supports group-level configurations only for IoT connectors, as well as applications and transport profile configurations. For more information, see IoT Operations.

This is selectively available Aruba Central feature. Contact your Aruba Account Manager to enable it in your Aruba Central account.

IoT Operations - Application Developer Portal (ADP)

Aruba Central supports the IoT Application Developer Portal (ADP), which provides an interface for IoT application developers to manage their IoT applications lifecycle, while offering easy to use workflows for creating, modifying, versioning and publishing IoT applications. For more information, see Application Developer Portal (ADP).

This is selectively available Aruba Central feature. Contact your Aruba Account Manager to enable it in your Aruba Central account.

The following Applications enhancements are introduced in this release:

Unified Communications Support for Zoom

Aruba Central supports Zoom as an Unified Communications application. Identification, prioritization and visibility is provided for Zoom audio calls. Zoom media traffic is tagged with the applicable and configured WMM/DSCP priority. Visibility of the Zoom audio sessions is available in the Unified Communications list and summary views and CDR. For more information, see Unified Communications.

Unified Communications Reports

Aruba Central supports Unified Communications reports. Unified Communications reports may be created or scheduled from the Analyze > Reports > Applications > UCC page. For more information, see Unified Communications Reports.

The following Gateway enhancements are introduced in this release:

Config Failure status directs to configuration audit page.

In the event of configuration failure, Aruba Central now allows you to click on the Config Failure status in the Summary page and move directly to the configuration audit page.

For more information, see Summary Tab in Gateway Dashboard

Global Firewall Parameters supports IPv6

You now have the option to configure global firewall parameters via IPv6 processing in Gateways.

For more information, see Configuring Global Firewall Parameters

Support for TLS to Configure Syslog Servers

Aruba Central now allows you to secure log messages sent to an external logging server using the TLS parameter in the WebUI. Under Manage > Devices > Gateways, click a gateway to view the gateway context and navigate to System > Logging > Add New Syslog Servers to use the TLS parameter. For more information, see Configuring Syslog Servers.

The following is the new Install Manager feature added in this release:

Install Manager Support

Starting Aruba Central 2.5.8, you can assign all sites to an installer using the Select All option in the Add Installer page. For more information, see Add an Installer and Assign Sites for Installation and Generate a QR Code and Assigning Sites for Installation

The following Instant AP enhancements are introduced in this release:

Configuration Support for IP MTU for EAP Fragmentation

Aruba Central now allows you to specify the IP MTU for EAP fragmentation for an authentication server. For more information, see Configuring External Authentication Servers for IAPs.

Enhancements to EST Certificates

Aruba Central UI now displays the Radsec CA option when Radsec use EST server is enabled. For more information, see Mapping IAP Certificates.

New XML Definition File Added to DHCP Option 82 XML

A new XML definition file, default_dhcpopt82_3.xml, is now added to the DHCP Option 82 XML parameter sub-type options. The default_dhcpopt82_3.xml option is supported only on APs running ArubaOS 10.5.1.0 or later versions.

The DHCP Option 82 XML VLAN list field allows you to define the VLANs for default_dhcpopt82_3.xml. The maximum number of supported VLANs is 128.

For more information, see Configuring System Parameters for an IAP

Support for New USB-based Modems

Aruba Central now extends support for new USB-based modems. You can view the complete list of supported USB-based modems in the drop-down list of the USB Device in the Access Points > Security > USB Port Policy > Add Rule page.

Support for 8 WLAN SSID profiles

Aruba Central now allows you to create a maximum number of eight WLAN SSID profiles with 6 GHz band. For more information, see Viewing the Wireless SSIDs Table

The following MSP enhancements are introduced in this release:

Device Replacement in MSP Mode

Aruba Central now supports device replacement workflows in the MSP mode. For more information, see Device Replacement.

Managing Site Installations and SD-WAN Support in MSP

Managing Site Installations for MSPs and SD-WAN Support in MSP Mode are no longer allowlisted features.

For more information, see Managed Service Provider.

The following enhancement is introduced in this release:

Guest Report

A new option Last 90 Days is added to the Report Period context for Guest report.

For more information, see Report Configuration Options.

 

Configure Centralized Firewall Policies from Gateway Configuration Page

For tunnel SSIDs and wired tunnel port profiles, you can configure centralized firewall policies from the gateway configuration page. For AP-Specific policies, navigate to the Security tab.

For more information, see Configuring Access Rule for a WLAN SSID Profile in Tunnel and Mixed Mode.

For microbranch-specific information, see Configuring ACLs for User Access to a WLAN

IDPS

The following IDPS enhancements are introduced in this release:

  • IDPS-Supported Gateways Aruba 9114 and Aruba 9240 gateways support the IDPS feature and its functionalities on Branch Gateway and Mobility Gateway personas. They are added to the list of IDPS-supported gateways.

    For more information, see Preparing to add the Aruba IDPS-Supported Gateways.

  • Selective Inspection —A new threat vector namely the Netaliases is introduced for Selective Inspection. You can use this option individually or in conjunction with Roles threat vector to define rules for the selective inspection.

    For more information, see Manage Selective Inspection.

  • Threat Data to SIEM —Threat data is sent in batches in the .gzip format to the Splunk server. The Category, Name, and Severity parameters are added to the alert detail.

    For more information, see Configure SIEM.

  • Threats List —The title for User Role column is changed to Client Role in the Threats List table.

    For more information, see Viewing the Threats List.

Aruba Central NetConductor

The following Aruba Central NetConductor enhancement is introduced in this release:

  • Use Switch Fabric for Role Propagation question has been modified to Are roles propagated between AOS 10 Gateways? in the Global Client Roles page to allow more flexibility in terms of what options can be configured.

    For more information, see Global Client Roles.

 

The following Switches enhancements are introduced in this release:

Advanced License for AOS-CX switch features

Some of the AOS-CX switch features require Aruba Central Advanced licenses. A notification message is displayed indicating that a valid advanced license is required for the MultiEdit, Fabric Overlay and Network Underlay workflows. You can acknowledge the message by clicking the close button. The notification message is user-specific. Once the message is closed, it will not be displayed for the same user, but for other users, the message will be displayed. Also, the message acknowledgment needs to be done independently for each feature. The notification message will reappear every 90 days.

For more information, refer to the AOS-CX switches Feature Pack Ordering Guide and EULA.

Monitoring CPU Utilization in AOS-CX Switches

Starting from this version of Aruba Central, the AOS-CX switches calculate their own average CPU utilization for every five minutes. This feature is supported only on switches running AOS-CX 10.12.xx or later versions.

One Touch Provisioning of AOS-CX Switches using Aruba Installer Mobile App

The Aruba Installer mobile app now supports the one-touch provisioning (OTP) of AOS-CX switches workflow. Using this workflow, the administrator can configure an AOS-CX with some basic configuration settings through the Aruba Installer mobile app. You can configure either a standalone AOS-CX switch or a VSF stack. For more information, see One Touch Provisioning of AOS-CX Switches using Aruba Installer Mobile App.

The following Template Group enhancements are introduced in this release:

Enhancements to Template Group Configurations

Starting from this release, when firmware compliance is set for a template group, then the template configuration push will be blocked on all non-compliant devices. The configurations will be pushed to these devices only when a compliant build firmware is downloaded and when the devices are rebooted. For more information, see

Template Group Configurations

Aruba Central now allows users to maximize the Template text box and enter full screen mode while adding or editing configuration text to a template. For more information, see Creating a Configuration Template.

The following troubleshooting enhancement is introduced in this release:

Gateways Logs

While uploading log files under Manage > Devices > Gateway > Tools > Logs, you can now prepare and upload packet capture log files at a later time. You can schedule the date and time when you want to upload the log files. For more information, see Enabling Gateway Logs.

New Features
Enhancements

The following is the new AI Ops feature added in this release:

AI Insights

The following new insight is added in the AI Insight dashboard:

AI-Driven Power save Config Recommendation for Access PointsAruba Central now supports Power Save AP recommendations through Net Insight. This insight will display the power save recommended APs from the list of access points present in the network. To implement the recommended configuration for the Power Save APs, you can set the power save profile configuration at the AP or Group level from the AP configuration page, Advanced Settings to either of the following:

  • Automatic

  • Manual

For more, information, see AI-Driven Power Save Configuration Recommendation for Access Points.

This is selectively available Aruba Central feature. Contact your Aruba Account Manager to enable it in your Aruba Central account.

AI Search

Aruba Central is known as the AI-powered Network Management Solution for Enterprise Networks. AI/ML have been extensively used to build the AI Search capabilities that helps customers with their day to day tasks by understanding their intent and presenting them with relevant information on clients, devices and documentation. The Search bar now enables AI search and provides an augmented search experience by leveraging technologies like Large Language Models (LLM).

While searching for a relevant information for any query that you might have, you can type the query on the search bar and a summary for the specific query will be displayed along with the links to the Aruba Central user interface and documentation Webhelp for further detailed information.

For more information, see Using the Search Bar.

The following are the new Campus and Microbranch AP features added in this release:

Display Cell Information

The show cellular cell command displays the cell information of the cellular connection.

Option to Disable Wired Port When Tunnel is Down

You can enable the ability to track the status of the AP tunnel, such that, if the AP tunnel goes down the wired-port mirrors this state. When the AP-tunnel state is restored, the wired-port transitions to an UP state.

For more information, see Configuring General Network Profile Settings. For microbranch-specific information, see Configuring General Network Profile Settings.

Support for AAA Server Groups

For bridged AP SSID deployments, you can create multiple servers and add them in a group. The maximum number of server groups is 32 and the maximum number of authentication servers is 8, in one server group. Aruba Central currently supports RADIUS and RadSec servers within a Server Group definition. Server group is not only supported in wireless SSID profile (mac dot1x cp) but also in wired port profile (mac dot1x cp).

For more information see, Configuring Server Groups. For microbranch-specific information, see Configuring Server Groups for Microbranch APs.

Support for AP System Location

Aruba Central now displays the system location of an AP.

For more information, see Configuring System Parameters for an AP. For microbranch-specific information, see Configuring Properties for Microbranch.

Support for Background Spectrum Monitoring

Aruba Central now supports background spectrum monitoring that provides additional function of monitoring RF interference (from both neighboring APs and non Wi-Fi sources such as, microwaves and cordless phones) on the channel they are currently serving the clients.

For more information, see Configuring Radio Parameters For microbranch-specific information, see Configuring Radio Profile Parameters.

Support for Broadcasting LCI details of an AP

Aruba Central now supports the Open Locate format to broadcast the LCI details of an AP. For more information, see Configuring IoT BBS Profile for ArubaOS 10 APs.

Support for Free Channel Index Configuration

Aruba Central now allows you to set the free channel index for an AP.

For more information, see Configuring Radio Parameters For microbranch-specific information, see Configuring Radio Profile Parameters.

Support for Honor 40 MHz Intolerance for APs

Aruba Central now supports 40 MHz Intolerance for APs that decides whether the APs using this radio profile will advertise intolerance of 40 MHz operation. This feature is disabled by default.

For more information, see Configuring Radio Parameters For microbranch-specific information, see Configuring Radio Profile Parameters.

Support for IPv6 RA and ND Optimization in WLAN SSIDs

Aruba Central now supports IPv6 RA and ND optimization that allows local IPv6 hosts to automatically configure their own IP address based on information advertised by switches or routers operating on the network.

For more information, see Configuring Advanced Settings for a WLAN SSID Profile. For microbranch-specific information, see Configuring WLAN SSID Settings.

Support for Manual EoGRE Tunnel To Third-Party Devices

Aruba Central now allows you to configure manual EoGRE tunnels to third-party devices. For more information, see Configuring Manual EoGRE Tunnel to Third-Party Devices.

Support for One Touch Provisioning (OTP) for Microbranch APs

To account for circumstances where a microbranch AP requires additional configuration before it can communicate with Aruba Central, Aruba Central now offers One Touch Provisioning (OTP) feature for Microbranch APs.

For more information, see Connecting Microbranch APs to Aruba Central.

This is a selectively available Aruba Central feature. Contact your Aruba Account Manager to enable it in your Aruba Central account.

Support for SSH Timed Account Lockout

Aruba Central now supports SSH Timed Account Lockout feature on APs without any RADIUS server that allows an administrator to configure the number of unsuccessful authentication attempts to authenticate remotely.

For more information, see Configuring Users Accounts for the AP Management Interface. For microbranch-specific information, see Configuring User Accounts in Microbranch.

Support for Personal Wireless Network

During AP configuration, when Cloud Auth is selected as the Radius source, you can turn on Personal Wireless Network. This feature enables you to establish Personal Area Network (PAN) among a set of selected wireless devices in order to exchange information isolated from others on the same network.

For more information, see Personal Wireless Network.

Support for Zero Wait DFS

Aruba Central now supports zero wait DFS that provides seamless change of radio channels and to avoid the period of no transmission. Zero wait DFS can be configured for the 5 GHz and secondary 5 GHz radio profiles.

For more information, see Configuring Radio Parameters For microbranch-specific information, see Configuring Radio Profile Parameters.

Updates to Certificate Usage Verbiage for RadSec

In the Aruba Central UI, the RadSec and RadSec Certificate Authority is renamed to RadSec Client Cert and RadSec CA respectively.

For more information, see Mapping AP Certificates. For microbranch-specific information, see Configuring and Managing Certificates .

 

The following are the new Gateway features added in this release:

Configure Static Host List for LAN Interfaces

You now have the option to configure Static Host List for LAN Interfaces.

For more information, see Configuring Static Host List for LAN interfaces

Custom Tunnel Settings

You can create customized tunnel settings as per your requirement. You can also edit the default tunnel settings. For more information, see Creating Customized Tunnel Settings.

New Hypervisor Support for Virtual Gateways

You can now deploy virtual gateways in VMware ESXi version 8.0.

The following are the newly supported Aruba APs in ArubaOS 10.6.0.0 release:

  • AP-634

  • AP-654

The following is the newly supported Gateway in ArubaOS 10.6 release:

  • 9106

For more information on supported devices, see Supported Devices for ArubaOS 10.

The following Application enhancement is introduced in this release:

IOT

BLE Beacon Service Support for Open Locate Beacon

The Open Locate advertising format enables you to broadcast LCI details. Open Locate only supports auto configuration method. If Open Locate is configured from the UI, then Measured Power and Geo Location information is broadcast. If the profile is configured using API, then you can configure more options such as Measured Power, Geo Location, Floor Location, Identity, URL, and Signature.

For more information see, Configuring IoT BBS Profile for ArubaOS 10 APs.

Extended Advertisements on BLE 5

BLE extended advertisement scanning allows advertising devices (e.g., BLE devices) to transmit larger advertising packets and allows scanning devices (e.g., Aruba AP’s) to receive and process these extended packets. With this enhancement, packets can now be up to 255 bytes in length. No AOS or Central configuration changes are necessary for Aruba ecosystem partners to utilize this enhancement.

Unified Communications Support for Zoom

Aruba Central supports Zoom as an Unified Communications application. Identification, prioritization and visibility is provided for Zoom audio calls. Zoom media traffic is tagged with the applicable and configured WMM/DSCP priority. Visibility of the Zoom audio sessions is available in the Unified Communications list and summary views and CDR. For more information, see Unified Communications.

The following Campus and Microbranch AP enhancements are introduced in this release:

Configure Power Save on APs

Aruba Central now provides the ability to sleep and wake up APs based on AI-Driven recommendations. The Power Save feature provides an AI-based power-save recommendation to customers' sites or groups with ArubaOS 10 APs.

For more information, see Configuring Power Save Mode on ArubaOS 10 APs.

This is a selectively available Aruba Central feature. Contact your Aruba Account Manager to enable it in your Aruba Central account.

Configuration Support for IP MTU for EAP Fragmentation

Aruba Central now allows you to specify the IP MTU for EAP fragmentation for an authentication server. For more information, see Configuring External Authentication Servers for APs.

Enhancements to EST Certificates

Aruba Central UI now displays the Radsec CA option when Radsec use EST server is enabled. For more information, see Mapping AP Certificates.

Improvements to Cloud-assisted Roaming

General architectural improvements have been made to cloud-assisted roaming to increase the success rate and serviceability of 802.11r roaming.

Monitoring Support for Power Save Mode on APs

Aruba Central now provides monitoring support for power save mode on APs. For more information, see Monitoring Power Save Mode on ArubaOS 10 APs.

Power Save is supported in this release as a selectively available feature. Contact your Aruba Account Manager to enable it in your Aruba Central account.

New XML Definition File Added to DHCP Option 82 XML

A new XML definition file, default_dhcpopt82_3.xml, is now added to the DHCP Option 82 XML parameter sub-type options. The default_dhcpopt82_3.xml option is supported only on APs running ArubaOS 10.5.1.0 or later versions.

The DHCP Option 82 XML VLAN list field allows you to define the VLANs for default_dhcpopt82_3.xml. The maximum number of supported VLANs is 128.

For more information, see Configuring System Parameters for an AP.

For microbranch-specific information, see Configuring Properties for Microbranch.

Number of User Roles Increased to 128

ArubaOS 10 APs running 10.6.0.0 or higher versions now support a total of 128 user roles. ArubaOS 10 APs running versions lower than 10.6.0.0, support 64 user roles.

For more information see, Configuring User Roles for AP Clients.

Support for MPLS Uplink for Microbranch APs

The WAN framework of Microbranch uplinks is now aligned with SD-WAN Orchestrator framework which enables the same usability for Microbranch uplinks, as well as the use of MPLS uplinks.

For more information see, Configuring the WAN Uplink.

The following Gateway enhancements are introduced in this release:

Config Failure Status Directs to Configuration Audit Page

In the event of configuration failure, Aruba Central now allows you to click on the Config Failure status in the Summary page and move directly to the configuration audit page.

For more information, see Summary Tab in Gateway Dashboard

Global Firewall Parameters Supports IPv6

You now have the option to configure global firewall parameters via IPv6 processing in Gateways.

For more information, see Configuring Global Firewall Parameters

Important Information for WAN Compression on VPNC Groups

Following are the important points to note for WAN compression on VPNC groups:

  • For VPNC groups created in releases prior to Aruba Central 2.5.8 and upgraded to AOS 10.6.0.0, you must use NBAPI to enable WAN compression on the VPNC group.

  • For VPNC groups created in Aruba Central 2.5.8 release with compression enabled on Branch group tunnels terminating at the VPNC, it is recommended to upgrade the VPNC to AOS 10.6.0.0.

Important Upgrade Information for Aruba9000 Series, 9100 Series, and 9200 Series Gateways

Upgrading to ArubaOS 10.6.0.0 will take longer than usual as we will be automatically upgrading the BIOS version to support additional functionality in the future. This upgrade is estimated to take up to 15 minutes and should not be interrupted for any reason. Power failures and interruptions during the upgrade may make the gateway unusable. Please use caution and plan accordingly.

Increase in the Number of Hubs in a Topology

You can now configure up to 32 hubs, or 16 hub groups, in a branch mesh topology. For more information, see Setting Data Center Preference.

Support for Dynamic VLAN Probing

Aruba Central now supports dynamic VLAN probing when new users connect to a VLAN in a gateway cluster. This feature initiates VLAN probing automatically by detecting and validating VLANs associated with the first user in a cluster.

For more information, see Dynamic VLAN Probing.

Support for TLS to Configure Syslog Servers

Aruba Central now allows you to secure log messages sent to an external logging server using the TLS parameter in the WebUI. Under Manage > Devices > Gateways, click a gateway to view the gateway context and navigate to System > Logging > Add New Syslog Servers to use the TLS parameter.

For more information, see Configuring Syslog Servers.

Enhancement to PPPoE Operation

Prior to ArubaOS version 10.6, enabling PPPoE on a VLAN assigned to a trunk port restricted the port's use to only that VLAN. This often resulted in communication issues with other VLANs, particularly when multiple VLANs were required on the same trunk port. Some PPPoE modems require gateways to support multiple VLANs on the uplink port: one for data traffic to the internet and another for modem control plane operations. Therefore, with the introduction of ArubaOS version 10.6, enabling PPPoE on a trunk port with multiple VLANs is a supported configuration. This enhancement is designed to ensure effective PPPoE operation on trunk ports while maintaining the integrity and functionality of other VLANs associated with the trunk. For more information, see Configuring WAN Interface for an ArubaOS 10 Branch Gateway.

Ignore MTU Support

You now have the option to ignore MTU mismatch check between OSPF neighbors. For more information, see Enabling OSPF Configuration on VLAN Interfaces.

IDPS

Listed below are the feature enhanced for IDPS:

  • IDPS-Supported GatewaysAruba 9114 and Aruba 9240 gateways support the IDPS feature and its functionalities. They are added to the list of IDPS-supported gateways.

    For more information, see Preparing to add the Aruba IDPS-Supported Gateways.

  • Selective Inspection —A new threat vector namely the Netaliases is introduced for Selective Inspection. You can use this option individually or in conjunction with Roles threat vector to define rules for the selective inspection.

    For more information, see Manage Selective Inspection.

  • Threat Data to SIEM —Threat data is sent in batches in the .gzip format to the Splunk server. The Category, Name, and Severity parameters are added to the alert detail.

    For more information, see Configure SIEM.

  • Threats List —The title for User Role column is changed to Client Role in the Threats List table.

    For more information, see Viewing the Threats List.