Client Connectivity

The following section provides details on the typical issues that you might face while connecting to the clients in the Aruba Central network and the steps to help troubleshoot these issues.

Troubleshooting Made Easy Using the AI Search Bar

When there are many clients and devices in a network, it is difficult for a user to navigate and identify a particular client or a device to diagnose an issue. The search bar in the Aruba Central app enables users to search for clients, devices, and infrastructure connected to the network. The search also retrieves relevant documentation to help users efficiently operate their networks. The search engine uses Natural Language Processing (NLP) to analyze queries and return relevant search results.

The following figure illustrates the search bar option in Aruba Central.

Figure 1  Search Bar

To start a search in the Aruba Central UI, click the search bar or press / (forward slash) on your computer keyboard.

When you click the search bar, you can see the search suggestions in the Recent and Suggested Search list.

  • Recent—Shows the searches performed recently in the search bar. These suggestions help you quickly look at the previous searches.
  • Suggested Search—Shows search suggestions corresponding to the workflow that you follow in the Aruba Central app. The suggested search help you perform onboarding, monitoring, configuring, and troubleshooting tasks. For more information, see the Suggested Search page.

The following figure illustrates the sample search results in Aruba Central.

Figure 2  Sample Search Result

From the search results, you can navigate to:

  • Search Cards—displays monitoring summary and links to configuration, monitoring, and troubleshooting pages in the Aruba Central app.
  • View—relevant links to the corresponding pages in the Aruba Central app.
  • Read—relevant links to the help pages in the Aruba Central Help Center.

To view a list of recommended search terms for different categories, see:

Datapath of a WLAN Client

Aruba Central automatically populates the datapath of a WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. client.

To view the datapath of a WLAN client, complete the following steps:

  1. In the Aruba Central app, set the filter to one of the options under Groups, Labels, or Sites. For all devices, set the filter to Global.

    The dashboard context for the selected filter is displayed.

  2. Under Manage, click Clients.

    The Clients page is displayed in List view.

    By default, the Clients page displays a unified list of all clients.

  3. To filter clients based on the device to which the clients are connected, select the device type from the Clients drop-down list:
    • All—Displays a list of all the clients connected to the network.
    • AP—Displays a list of clients connected to the Instant AP.
    • Switch—Displays a list of clients connected to the switch.
    • Gateway—Displays a list of clients connected to the gateway.
  4. To filter the clients based on the state of connectivity, click the connectivity type from the Client Summary bar:
    • Connecting—Displays a list of client connections that are in progress.
    • Connected—Displays a list of clients that are successfully connected to the network.
    • Failed—Displays a list of all failed client connections.
    • Offline—Displays a list of all offline clients.
    • Blocked—Displays a list of all blocked clients.
  5. In the Clients Summary bar, click Wireless, Wired, or Remote to filter the clients based on connectivity type.
  6. In the Clients table, click a client listed under Client Name.

    The Summary tab is displayed.

  7. In the Client Details page, the Data Path pane displays the datapath of the client in the network.

    The Datapath can be one of the following:

    • Client > SSID > AP
    • Client > SSID > AP > Switch
    • Client > SSID > AP > Switch > Gateway
    • Client > SSID > AP > Gateway

The list of clients is populated for a time range of 3 hours. To view the list of clients for a different time range, click the Time Range Filter and select the required time period. Total data usage for the selected time period is displayed above the client summary bar.

Figure 3  Client—Datapath

Client Health Issues

Client health is the efficiency at which an AP transmits downstream traffic to a particular client. This value is determined as the ratio of ideal airtime required for transmitting a packet from an AP to a client to the actual time taken for the packet transmission in percentage. Ideal air time assumes the highest data rate without any retransmission.

A client health metric of 100% means the actual airtime that the AP spends transmitting data is equal to the ideal amount of time required to send data to the client. A client health metric of 50% means that the AP is taking twice as long as is ideal, or is sending one extra transmission to that client for every packet. A metric of 25% means that the AP is taking four times longer than the ideal transmission time, or sending 3 extra transmissions to that client for every packet.

Viewing the Client Health

To view the client health, complete the following steps:

  1. In the Aruba Central app, set the filter to one of the options under Groups, Labels, or Sites. For all devices, set the filter to Global.

    The dashboard context for the selected filter is displayed.

  2. Under Manage, click Clients.

    The Clients page is displayed in List view.

    By default, the Clients page displays a unified list of all clients.

  3. To filter clients based on the device to which the clients are connected, select the device type from the Clients drop-down list:
    • All—Displays a list of all the clients connected to the network.
    • AP—Displays a list of clients connected to the Instant AP.
    • Switch—Displays a list of clients connected to the switch.
    • Gateway—Displays a list of clients connected to the gateway.

    The wired client will show up in the All Clients page only if the client is connected to an Aruba 2540 Series, Aruba 2920 Series, Aruba 2930F Series, Aruba 2930M Series, Aruba 3810 Series, or Aruba 5400R Series switch.

  4. To filter clients based on the network to which the clients are connected, click the network type from the Clients Summary bar:
  5. To filter the clients based on the state of connectivity, click the connectivity type from the Clients Summary bar:
    • Connecting—Displays a list of client connections that are in progress.
    • Connected—Displays a list of clients that are successfully connected to the network.
    • Failed—Displays a list of all failed client connections.
    • Offline—Displays a list of all offline clients.
    • Blocked—Displays a list of all blocked clients.
  6. In the Clients table, click the Health column to view the health of the client. The value of the client health can be one of the following:
    • Poor—0-30
    • Fair—31-70
    • Good—71-100

The list of clients is populated for a time range of 3 hours. To view the list of clients for a different time range, click the Time Range Filter and select the required time period. Total data usage for the selected time period is displayed above the client summary bar.

Offline Clients

Offline clients are the clients that were seen in a selected time duration, but are currently disconnected from the Aruba Central network. Aruba Central provides details of offline clients connected to the wireless and wired network. The Clients page provides a summary view of all the clients connected to the network.

To view the offline clients, complete the following steps:

  1. In the Aruba Central app, set the filter to one of the options under Groups, Labels, or Sites. For all devices, set the filter to Global.

    The dashboard context for the selected filter is displayed.

  2. Under Manage, click Clients.

    The Clients page is displayed in List view.

    By default, the Clients page displays a unified list of all clients.

  3. To filter clients based on the device to which the clients are connected, select the device type from the Clients drop-down list:
    • All—Displays a list of all the clients connected to the network.
    • AP—Displays a list of clients connected to the Instant AP.
    • Switch—Displays a list of clients connected to the switch.
    • Gateway—Displays a list of clients connected to the gateway.

    The wired client will show up in the All Clients page only if the client is connected to an Aruba 2540 Series, Aruba 2920 Series, Aruba 2930F Series, Aruba 2930M Series, Aruba 3810 Series, or Aruba 5400R Series switch.

  4. To filter clients based on the network to which the clients are connected, click the network type from the Clients Summary bar:
    • All—Displays a list of all the clients connected to the network.
    • Wireless—Displays a list of clients connected to the wireless network.
    • Wired—Displays a list of clients connected to the wired network.
    • Remote—Displays a list of clients connected through a VPN. The remote clients are denoted by the icon.
  5. In the Clients Summary bar, click Offline to view the offline clients.

The list of clients is populated for a time range of 3 hours. To view the list of clients for a different time range, click the Time Range Filter and select the required time period. Total data usage for the selected time period is displayed above the client summary bar.

The Clients table lists the details of each client. By default, All clients is selected and the table displays the following columns: Client Name, Status, IP Address, VLAN, Connected To, SSID/Port, AP Role, Gateway Role, and Health. The default columns displayed are different and contextual based on AP, switch, and gateway.

Click the ellipsis icon to perform additional operations:

  • Select All—Selects all columns.
  • Reset Columns—Resets the table view to the default columns.

Aruba Central allows you to download the global list of events to your local browser. Click to download the list of events as a .csv file.

If a filter icon appears next to the column header, click and enter the filter criteria or select a filter criteria. For example, to search a client, click the predefined filter criteria: ConnectingConnected, Offline, Failed, or Blocked from the Client Summary bar and in the Client Name column enter the name of the client. Aruba Central provides a near-instant refresh of the client status if the client is connecting or connected to an access point. For more information, see Client Status Changes.

Table 1: All Client Details

Column Names

Applicability

Description

Client Name

  • All
  • AP
  • Switch
  • Gateway

Username, hostname, or MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the client. Click the client name to view the Summary page.

Status

  • All
  • AP
  • Switch
  • Gateway

Client connection status. Use the filter option to view the following:

  • Connecting—Applicable only for wireless clients.
  • Connected—Applicable for all client types.
  • Offline—Applicable for all client types.
  • Failed—Applicable only for wireless clients.
  • Blocked—Applicable only for wireless clients.

Hover the cursor over the status column to view a pop-up summary based on the connection status. The status summary is populated based on the status type. Each status type and the summary is described below:

  • Connecting:
    • Client name—Name of the client.
    • Last Seen Time—Date and time the client was last connected.
  • Connected:
    • Client name—Name of the client.
    • Authentication—Type of authentication. Displays the authentication label only for authenticated clients.
    • IP address—Client IP address.
    • Connected Since—Date and time at which the client was connected.
    • Failure Stage—Stage of the connection where the client failed to connect. It is not applicable for the wired clients, so displayed as NA.
    • Health Score—Device health.
    • Connected Device Port—The device port that the wired client is connected to.
  • Failed:
    • Client name—Name of the client.
    • Last Seen Time—Date and time the client was last connected.
    • Failure Stage—Stage of the connection where the client failed to connect.
    • Failure Reason—Reason for the connection failure.
  • Offline:
    • Client name—Name of the client.
    • Authentication—Type of authentication. Displays the authentication label only for authenticated clients.
    • IP address—Client IP address
    • Connected Since—Date and time at which the client was connected.
    • Last Seen Time—Date and time the client was last connected.
    • Failure Stage—Stage of the connection where the client failed to connect.
    • Connected Device Port—The device port that the wired client is connected to.
  • Blocked:
    • Client name—Name of the client.
    • Last Seen Time—Date and time the client was last connected.

IP Address

  • All
  • AP
  • Switch
  • Gateway

IP address of the client.

VLAN

  • All
  • AP
  • Switch
  • Gateway

VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. of the device to which the client is connected.

Connected To

All

AP name, Switch name, or Gateway name. This is the first layer 2 hop for the client. If the device does not have a name, the MAC address is displayed.

AP Role

  • All
  • AP

Role assigned by the AP.

Gateway Role

  • All
  • Gateway

Role assigned by the Aruba Gateway.

Health

  • All
  • AP

Client health. The value can be one of the following:

  • Poor—0-30
  • Fair—31-70
  • Good—71-100

SSID/Port

  • All
  • AP
  • Switch
  • Gateway

Displays the SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. for wireless clients and the port number for wired clients. The column title displays SSID and Port interchangeably based on the device filters. For APs, the column title displays SSID. For switch and gateway, the column title displays Port.

Insights

  • All
  • AP

The total number of AI Artificial intelligence (AI) is the simulation of human intelligence processes by machines, especially computer systems. AI reduces trouble tickets by identifying the network entity that is facing problems through event correlation and root cause analysis. insights generated for the client.

Switch Role

  • All
  • Switch

Role assigned by the Aruba switch.

Failure Stage

  • All
  • AP

Failure status of the client that failed to connect. The failure reasons could be:

Group Name

  • All
  • AP
  • Switch
  • Gateway

Displays the name of the group that the device is connected to. The Connected To column displays the device name that the client is connected to.

Site Name

  • All
  • AP
  • Switch
  • Gateway

Displays the name of the site that the device is connected to. The Connected To column displays the device name that the client is connected to.

MAC Address

  • All
  • AP
  • Switch
  • Gateway

MAC address of the client.

Hostname

  • All
  • AP
  • Gateway

Host name of the client.

User Name

  • All
  • AP
  • Switch
  • Gateway

Username of the client.

Key Management

  • All
  • AP

Security mode used by the client.

Authentication

  • All
  • AP
  • Switch
  • Gateway

Authentication type used by the client to connect with the device.

Global Unicast IPv6 Address

  • All
  • AP
  • Gateway

When the IPv6 address is present for a client, you can view its Global Unicast IPv6 address. Click the ellipsis and select the column to view the value if the column is not displayed.

Link Local IPv6 Address

  • All
  • AP
  • Gateway

When the IPv6 address is present for a client, you can view its Link Local IPv6 address. Click the ellipsis and select the column to view the value if the column is not displayed.

Capabilities

  • All
  • AP

Client 802.11 802.11 is an evolving family of specifications for wireless LANs developed by a working group of the Institute of Electrical and Electronics Engineers (IEEE). 802.11 standards use the Ethernet protocol and Carrier Sense Multiple Access with collision avoidance (CSMA/CA) for path sharing. capabilities.

Usage

  • All
  • AP
  • Switch
  • Gateway

Total data usage for the selected time period.

Last Seen Time

  • All
  • AP
  • Switch
  • Gateway

Date and time when the client was last seen.

Connected Since

  • All
  • AP
  • Switch
  • Gateway

Date and time since when the client was connected.

AP Name

  • All
  • AP

Name of the AP.

AP Mac Address

  • All
  • AP

MAC address of the AP.

Channel/Band

  • All
  • AP

Last connected channel and band Band refers to a specified range of frequencies of electromagnetic radiation..

Switch Name

  • All
  • Switch

Name of the switch.

Port

  • All
  • Switch
  • Gateway

Port number of the switch.

Gateway Name

  • All
  • Gateway

Name of the Aruba Gateway.

Tunneled

  • All
  • AP
  • Switch
  • Gateway

Tunnel mode is applicable for the Aruba Gateway managed WLAN, UBT User-Based Tunneling. UBT allows you to redirect specific wired users traffic from the switches to the Gateway to enforce DPI and firewall functionality, application visibility, and bandwidth control offered by Aruba Gateway., or PBT client.

Segmentation

  • All
  • AP
  • Switch
  • Gateway

Type of segmentation. The type of segmentation can be:

  • None
  • UBT
  • PBT
  • Underlay
  • Overlay

NOTE: To view the details about dynamic segmentation, a gateway must be licensed in Aruba Central and connected to the switch.

Client Category

  • All
  • AP
  • Gateway

Displays the category of the profiled device. For example, Access Points, Computer, Smart Device, VoIP Voice over IP. VoIP allows transmission of voice and multimedia content over an IP network. phone.

For more information, see Classifying Clients.

Client Family

  • All
  • AP
  • Gateway

Displays the type of operating system or vendor. For example, if the client category is Computer, the client family can be Windows, Linux, or Apple Mac.

For more information, see Classifying Clients.

Client OS

  • All
  • AP
  • Gateway

Displays the operating system that the device runs on. For example, if the client category is Computer and the client family is Windows, the client OS can be Windows or Windows 8/10.

For more information, see Classifying Clients.

Issues in the Application Layer

In an Aruba Central-managed network, Network Check aims to identify, diagnose, and debug issues on your network. The Network Check tab under Analyze > Tools page captures the troubleshooting utilities that are used to test a network entity and collect results based on your selection. You must have admin privileges or read-write privileges to perform network checks.

The following tests are available to diagnose issues pertaining to WLAN network connections:

HTTP Test

To perform an HTTP test, complete the following steps:

  1. In the Aruba Central app, search for a specific wireless client in the Search Bar.
  2. Click on the wireless client listed in the search result under Clients, to navigate to the corresponding Client Details page.
  3. Under Analyze, click Tools.

    The Network Check tab is displayed.

  4. From the Device Type drop-down list, select Access Point.
  5. From the Test drop-down list, select HTTP Test.
  6. The value in the Sources drop-down list is auto-populated based on the wireless client selected.
  7. In the URL field, enter the HTTP URL for which you want to perform the HTTP test. For example, http://hostname or http://ipaddress.
  8. Optionally, expand Show Additional Test Settings to enter the timeout value in seconds in the Timeout field. The value should be between 1 to 10 seconds. The default timeout value is 5 seconds.

    Show Additional Test Settings is disabled when no Test type is selected.

  9. Click Run. The output is displayed in the Device Output section.

Figure 4  HTTP Test—Device Output

The HTTP test is supported only from ArubaOS 8.3.0.0 or later versions. The test support only IPv4 address or domain name in the URL field.

HTTPS Test

To perform an HTTPS test, complete the following steps:

  1. In the Aruba Central app, search for a specific wireless client in the Search Bar.
  2. Click on the wireless client listed in the search result under Clients, to navigate to the corresponding Client Details page.
  3. Under Analyze, click Tools.

    The Network Check tab is displayed.

  4. From the Device Type drop-down list, select Access Point.
  5. From the Test drop-down list, select HTTPS Test.
  6. The value in the Sources drop-down list is auto-populated based on the wireless client selected.
  7. In the URL field, enter the HTTPS URL for which you want to perform the HTTPS test. For example, https://hostname or http://ipaddress.
  8. Optionally, expand Show Additional Test Settings to enter the timeout value in seconds in the Timeout field. The value should be between 1 to 10 seconds. The default timeout value is 5 seconds.

    Show Additional Test Settings is disabled when no Test type is selected.

  9. Click Run. The output is displayed in the Device Output section.

Figure 5  HTTPS Test—Device Output

The HTTPS test is supported only from ArubaOS 8.4.0.0 or later versions. The test support only IPv4 address or domain name in the URL field.

TCP Test

To perform a TCP test, complete the following steps:

  1. In the Aruba Central app, search for a specific wireless client in the Search Bar.
  2. Click on the wireless client listed in the search result under Clients, to navigate to the corresponding Client Details page.
  3. Under Analyze, click Tools.

    The Network Check tab is displayed.

  4. From the Device Type drop-down list, select Access Point.
  5. From the Test drop-down list, select TCP Test.
  6. The value in the Sources drop-down list is auto populated based on the wireless client selected.
  7. In the Host field, enter the IPv4 address. Hostname is not supported.
  8. In the Port field, enter the port number. The port number should be in the range 1 to 65535.
  9. Optionally, expand Show Additional Test Settings to enter the timeout value in seconds in the Timeout field. The value should be between 1 to 10 seconds. The default timeout value is 5 seconds.

    Show Additional Test Settings is disabled when no Test type is selected.

  10. Click Run. The output is displayed in the Device Output section.

Figure 6  TCP Test—Device Output

The TCP test is supported only from ArubaOS 8.3.0.0 or later versions.

Viewing the Device Output

After you execute troubleshooting commands on the device, Aruba Central displays the output in the Device Output section of the Tools page.

The output pane displays a list of devices on which the troubleshooting commands were executed, the test type, initial timestamp, source, and target. It also shows the status of the tests as, in progress, complete, and the buffer time. If there are multiple devices, select the device for which you want to view the output.

Output history of a device with buffer space issues shall be automatically cleared.

You can perform the following tasks from the Device Output section:

  • Click Clear to clear the output. You can clear the output for a single device or for all devices. The Clear option is disabled for read-only users.
  • Click the Search icon to search for text in the output.
  • Click the Email icon and click Send to send the output as an email. You can also add email recipients in the CC field.
  • Click Export to export the command output as a zip file.
  • Click the maximize icon to maximize the device output pane.

For more information on the output displayed for the CLI commands, see the following documents:

Roaming Issues in a Wireless Client

Roaming is the process of a wireless client moving from one source AP to another AP within the same Extended Service Set (ESS Extended Service Set. An ESS is a set of one or more interconnected BSSs that form a single sub network. ) without losing connection. When a wireless client roams between two APs, the association to the new AP terminates the previous AP association and the destination AP creates an event.

In Aruba Central, the Roaming Experience pane provides the details of the roaming events and latency parameters of a client.

Viewing the Roaming Experience Pane

To view the Roaming Experience pane, complete the following steps:

  1. In the Aruba Central app, search for a specific wireless client in the Search Bar.
  2. Click any one of the wireless clients listed in the search result under Clients, to navigate to the corresponding Client Details page.
  3. In the Client Details page, the Roaming Experience pane displays the details of the roaming events and latency parameters of a client.

The Roaming Experience pane displays two views, the grid view and the trend view.

Grid View

The grid view is the default view and provides the following information:

Table 2: Grid View

Parameter

Description

Date/Time

Displays the date and time of occurrence of the client roaming/association events.

SSID

The SSID to which the client is connected.

Latency(ms)

Roaming latency in milliseconds between source and destination AP.

NOTE: Roaming latencies above 50 ms are considered as high latency roaming events.

To BSSID

The BSSID Basic Service Set Identifier. The BSSID identifies a particular BSS within an area. In infrastructure BSS networks, the BSSID is the MAC address of the AP. In independent BSS or ad hoc networks, the BSSID is generated randomly. of the destination AP.

Source AP

AP to which the client was connected.

Destination AP

AP to which the client is connected.

Roaming Type

The type of roaming. Click the icon to filter the data based on the following roaming types:

  • 11r
  • okc
  • 802.11

Band

Radio band on which the client is connected.

RSSI (dBm)

Received Signal Strength Indicator (RSSI Received Signal Strength Indicator. RSSI is a mechanism by which RF energy is measured by the circuitry on a wireless NIC (0-255). The RSSI is not standard across vendors. Each vendor determines its own RSSI scale/values.) on the client. It is the estimated measure of the power level received by client from the AP.

  • By default, the Roaming Experience table displays data for the last 3 hours. To view the table for a different time range, use the Time Range Filter.

  • A search filter is provided only for the Data/Time and Roaming Type columns.

Trend View

The trend view displays a chart that shows the percentage of high latency roaming events, total roaming events, and the number of high latency roaming events at a particular instance based on the value selected in the Time Range Filter.

Figure 7  Roaming Experience—Trend View

Client Connection to the Network

When a client tries to connect to the AP or the network, and is unable to do so, you can navigate to the Clients page and check the reasons for failure.

The Clients page provides a list view of all the clients connected to the network. You can filter clients based on the network the clients are connected to. This page displays key client information and also allows you to view a specific client detail page.

To view the list of Failed clients, complete the following steps:

  1. In the Aruba Central app, set the filter to one of the options under Groups, Labels, or Sites. For all devices, set the filter to Global.

    The dashboard context for the selected filter is displayed.

  2. Under Manage, click Clients.

    The Clients page is displayed in List view.

    By default, the Clients page displays a unified list of all clients.

  3. To filter clients based on the device to which the clients are connected, select the device type from the Clients drop-down list:
    • All—Displays a list of all the clients connected to the network.
    • AP—Displays a list of clients connected to the Instant AP.
    • Switch—Displays a list of clients connected to the switch.
    • Gateway—Displays a list of clients connected to the gateway.

    The wired clients will show up in the All Clients page only if the client is connected to an Aruba 2540 Series, Aruba 2920 Series, Aruba 2930F Series, Aruba 2930M Series, Aruba 3810 Series, or Aruba 5400R Series switch.

  4. To filter clients based on the network to which the clients are connected, click the network type from the Client Summary bar:
    • All—Displays a list of all the clients connected to the network.
    • Wireless—Displays a list of clients connected to the wireless network.
    • Wired—Displays a list of clients connected to the wired network.
    • Remote—Displays a list of clients connected through a VPN. The remote clients are denoted by the icon.
  5. In the Client Summary bar, click Failed to view a list of all failed client connections.
  6. In the Clients table, the Failure Stage column provides the following information:

Table 3: Client Details

Failure Stage

  • All
  • AP

Failure status of the client that failed to connect. The failure reasons could be:

  • Association error
  • MAC authentication error
  • 802.1X authentication error
  • Key exchange error
  • DHCP error
  • Captive Portal error

Hover over the specific failure stage to display detailed information regarding the type of error. For example, if the failure stage column displays failure stage as DHCP, and you hover your mouse over DHCP, it displays the following:

  • Failure Reason
  • Last Seen time

The list of clients is populated for a time range of 3 hours. To view the list of clients for a different time range, click the Time Range Filter and select the required time period. Total data usage for the selected time period is displayed above the client summary bar.

Figure 8  Client Details

You must also check if multiple failures have occurred and if the client is denylisted. When a client is denylisted, it is not allowed to associate with an AP in the network. If a client is connected to the network when it is denylisted, a deauthentication message is sent to force client disconnection. You can denylist a client manually or dynamically.

Denylisting Clients Manually

Manual denylisting adds the MAC address of a client to the denylist. These clients are added into a permanent denylist and are not allowed to connect to the network unless they are removed from the denylist.

To add a client to the denylist manually, complete the following steps:

  1. In the Aruba Central app, set the filter to a group containing at least one AP.

    The dashboard context for the group is displayed.

  2. Under Manage, click Devices > Access Points.

    A list of access points is displayed in the List view.

  3. Click the Config icon.

    The tabs to configure the access points are displayed.

  4. Click Show Advanced, and click the Security tab.

    The Security details page is displayed.

  5. Click the Denylisting accordion.
  6. Under Manual Denylisting, click + and enter the MAC address of the client to be denylisted.
  7. Click OK.
  8. Click Save Settings.

To delete a client from the manual denylist, select the MAC Address of the client under the Manual Denylisting, and then click the delete icon.

You can configure a maximum number of authentication failures by the clients, after which a client must be denylisted. For the denylisting to take effect, you must enable the denylisting option when you create or edit the WLAN SSID profile. Go to WLANs > Security > Advanced Settings and enable the Denylisting option.

Denylisting Clients Dynamically

Clients can be denylisted dynamically when they exceed the authentication failure threshold or when a denylisting rule is triggered as part of the authentication process.

When a client takes time to authenticate and exceeds the configured failure threshold, it is automatically denylisted by an Instant AP.

In session firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. based denylisting, an ACL Access Control List. ACL is a common way of restricting certain types of traffic on a physical port. rule automates denylisting. When the ACL rule is triggered, it sends out denylist information, and the client is denylisted.

To configure the denylisting duration, complete the following steps:

  1. In the Aruba Central app, set the filter to a group containing at least one AP.

    The dashboard context for the group is displayed.

  2. Under Manage, click Devices > Access Points.

    A list of access points is displayed in the List view.

  3. Click the Config icon.

    The tabs to configure the access points are displayed.

  4. Click Show Advanced, and click the Security tab.

    The Security details page is displayed.

  5. Click the Denylisting accordion.
  6. Under Dynamic Denylisting, enter the following information:
    1. For Auth Failure Denylist Time, enter the duration after which the clients that exceed the authentication failure threshold must be denylisted.
    2. For Policy Enforcement Failure Rule Denylisted Time, enter the duration after which the clients can be denylisted due to an ACL rule trigger.
  7. Click Save Settings.

You can configure a maximum number of authentication failures by the clients, after which a client must be denylisted. To enable session-firewall-based denylisting, select the Denylist check box in the Access Rule page during the WLAN SSID profile creation.

After the failure reasons are detected, select the client and navigate to the Clients Detail page. Click Tools under Analyze in the left navigation pane, and perform network check and advance troubleshooting check under Network Check and Commands respectively.

Client Live Troubleshooting

Aruba Central allows you to troubleshoot issues related to a client or a site in real time for detailed analysis. Live troubleshooting is supported only if the Instant APs are running 8.4.0.0 firmware version or a later version.

To troubleshoot a client at the site level, complete the following steps:

  1. In the Aruba Central app, set the filter to one of the options under Sites.
  2. Under Analyze, click Live Events. The Live Events page is displayed.
  3. Enter the MAC address of the client and click Start Troubleshooting.

To troubleshoot a wireless client, complete the following steps:

  1. In the Aruba Central app, search for the specific wireless client in the Search Bar for which you want to perform live troubleshooting.
  2. Click on the wireless client listed in the search result under Clients, to navigate to the corresponding Client Details page.
  3. Under Analyze, click Live Events. The Live Events page is displayed.

The troubleshooting session runs for 15 minutes and the status is displayed every minute. If you want to stop, live troubleshooting, click Stop Troubleshooting to go back to the historical view.

After the live troubleshooting session ends, the details of the events are displayed in the live events table.

Live Events Details

The following details are captured and displayed in the Live Events table:

  • Occurred On—Displays the timestamp of the event. Use the filter option to filter the events by date and time.
  • Device Name—Displays the name of the device that the client is connected to. Set the filter to select a specific device under Sites.
  • AP Name—Displays the name of the AP that the client is connected to. Use the filter option to select a specific AP.
  • Category—Displays the category of the event. Use the filter option to filter the events by category.
  • Description—Displays a description of the event. Use the filter option to filter the events based on description.

Packet Capture

Aruba Central allows you to interact and launch a targeted packet capture on a client connected to a specific access point or a switch. After you start packet capture from the UI, Aruba Central notifies the access point and the switch. The default packet capture duration is 15 minutes. After you start packet capture, use the toggle button to stop packet capture, or go back to the Client Overview page.

For packet capture, for a wired client connected to an Aruba 5400R Switch Series (V3 mode), ensure that “no-allow v2 modules” is set for the switch. Packet capture for stack switches works only if the client is connected to the commander of the stack.

Starting Packet Capture

You can start packet capture from the wireless or wired clients page. Packet capture can be done at a site level (wireless client only) or for a selected client.

To start packet capture at a site level, perform the following steps:

  1. In the Aruba Central app, set the filter to one of the options under Sites that contains at least one device. The dashboard context for the selected site is displayed.
  2. Under Analyze, click Live Events.The Live Events page is displayed.
  3. Enter the MAC address of the client.

    At a site level, Aruba Central does not support packet capture for a wired client connected to a switch.

  4. Enable the Packet Capture toggle button to start live packet capture for the selected client.
  5. Click Start Troubleshooting.

To start packet capture for a wireless or wired client, perform the following steps:

  1. In the Aruba Central app, set the filter to one of the options under Groups, Labels, or Sites. For all devices, set the filter to Global.

    The dashboard context for the selected filter is displayed.

  2. Under Manage, click Clients. The Clients overview page is displayed in List view.
  3. By default, the Clients table displays a unified list of clients.
  4. Click the name of the wireless or wired client to open the corresponding Client Details page. If there are many clients connected to the network, click Wireless or Wired to filter the clients connected to the wireless or wired clients respectively.
  5. Enter the client name in the Client Name column, and click the client name.
  6. Under Analyze, click Live Events. The Live Events page is displayed. The client live troubleshooting starts automatically for the selected client.
  7. Click Stop Troubleshooting to stop live troubleshooting.
  8. Enable the Packet Capture toggle button to start live packet capture for the selected client.
  9. Click Start Troubleshooting to live troubleshoot the selected client. Live packet capture starts for the selected client.

    The live troubleshooting session runs for a duration of 15 minutes. After the live troubleshooting session ends, a Download PCAP text appears above the live events table. Click Download PCAP to download the generated PCAP file on your local system.

Figure 9  Live Events

Notifying Network and Client Anomalies to the Administrator

The Wi-Fi Connectivity page in Aruba Central enables you to check connection details of all the clients connected to an AP in the network. The data can be used to notify administrators of the possible anomalies in the network.

To view the Wi-Fi Connectivity page, complete the following steps:

  1. In the Aruba Central app, set the filter to one of the options under Groups or Sites. For all devices, set the filter to Global.

     The dashboard context for the selected filter is displayed.

  2. Under Manage > Overview, click Wi-Fi Connectivity.

    The Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. Connectivity page is displayed.

To view the connectivity data for all the Instant APs in the Wi-Fi Connectivity dashboard, ensure the NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. server is configured for all the devices and time is synced correctly corresponding to the respective time zone. If the time stamp is not correct, the telemetry data received from the Instant APs will be dropped. Also, set the firewall to allow traffic on port 123 to sync the time with the NTP server.

By default, the graphs on the Wi-Fi Connectivity page is plotted for a time range of 3 hours. To view the graphs for a different time range, click the Time Range Filter icon. You can choose to view graphs for a time period of 3 hours, 1 day, 1 week, and 1 month.

This section includes the following topics:

Connectivity Summary Bar

The connectivity summary bar displays the details of all clients in percentage. It displays the percentage success rate of each stage for the users to know the network performance.

Figure 10  Connectivity Summary Bar

The following table describes the information displayed in each section:

Table 4: Connectivity Summary Bar

Field

Description

All

Displays the aggregated success percentage of Association, Authentication, and DHCP for all clients connected to the network.

Association

Displays the percentage of successful attempts made by a client to connect to the network.

Authentication

Displays the percentage of successful attempts of client authentication.

DHCP

Displays the percentage of successful attempts of DHCP requests and responses when onboarding a client.

DNS

Displays the percentage of successful attempts in the detected DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. resolutions, when a client is connected to the network.

Connection Experience

The Connection Experience tile displays the overall success percentage, total number of attempts, number of successful attempts, total delays, and the total failures for each stage based on the selected time range filter. To view the connection experience for individual stage, select the stage type from the Connectivity Summary bar, the Connection Experience displays the chart for the selected stage. Select All to view the success percentage for all the stages. You can hover over the time series graph to view the success percentage for a specific time. The individual stage displays the Attempts, Failures, Success, and Delays on the time series graph.

Figure 11  Connection Experience Tile—Global or Group Context

Only in the site context, the Connection Experience tile provides the Baseline Comparison option. You can compare the connection with either Company Baseline or Class Baseline.

The following comparisons are available:

  • Company Baseline—Compares the connection between the selected site and other sites associated to the same user. It is selected by default.
  • Class Baseline—Compares the selected site and sites having similar configuration. The baseline is denoted by orange dotted line on the time series graph and the blue line is the Wi-Fi connection of the selected site.

Figure 12  Connection Experience Tile—Site Context

AI Insights

The AI Insights tile provides a list of AI Insights generated for a selected time range. To view the details, click on a selected AI Insight. The page gets redirected to the AI Insights under the AI Insights page. Click each of the listed AI Insight for a detailed analysis based on the impact on the network. For more information on AI Insights, see AI Insights in Global Dashboard.

AI Insights is not implemented at a Group level and the page displays No AI Insights observed.

Connection Problems

The Connection Problems tile displays the details of Failures and Delays graphically for each of the categories from the drop-down list. Each graph displays the top five MAC addresses or SSID based on the selected category. Each category in the Connection Problems drop-down lists changes based on the selected stage in the Connectivity Summary bar. Selecting the required category from the drop-down displays the failures and delays in a pie chart with percentage, and a bar graph with the number of failures and delays. Hover the cursor over each graph to view the number of failures or delays for each stage.

Figure 13  Connection Problems Tile

The following table describes the information displayed in each connection category based on the selected stage:

Table 5: Connection Problems Rolls-Ups

Data Pane Content

Description

All

Displays the details of the failures and delays that occurred during a client connection. The chart displays the failure details of Association, Authentication, and DHCP for each client. The Connection Problems drop-down list includes the following categories:

  • By Stage
  • By Clients
  • By Access Points
  • By Band
  • By SSID

Association

Charts the details of the failures and delays that occurred during a client association. The Connection Problems drop-down list includes the following categories:

  • By Clients
  • By Access Points
  • By Band
  • By SSID
  • By Reason

Authentication

Charts the details of the failures and delays that occurred during a client authentication. The Connection Problems drop-down list includes the following categories:

  • By Type
  • By Clients
  • By Access Points
  • By Band
  • By SSID
  • By Server

DHCP

Charts the details of the failures and delays that occurred during the attempts of DHCP requests and responses by a client. The Connection Problems drop-down list includes the following categories:

  • By Clients
  • By Access Points
  • By Reason

DNS

Charts the details of the failures and delays that occurred during the attempts in detected DNS resolutions when a client is connected to the network. The Connection Problems drop-down list includes the following categories:

  • By Access Points
  • By Reason
  • By Server

Connection Events

The Connection Events table details out the list of delays and failures for each client based on the client MAC addresses. Click the List icon to view the connection events table. Click the Connection Events drop-down list to filter the events By Clients or By Access Points. The Connection Events table displays the following information:

Table 6: Connection Events

Data Pane Content

Description

MAC Address

Displays the MAC address of the client.

Name

Displays the name of the access point.

Delays

Displays the delays that occurred during the event.

Failures

Displays the failure details that occurred during the event.

Client Devices do not Discover Printers across the Subnet

For client devices to discover printers across the subnet Subnet is the logical division of an IP network., you have to turn on the AirGroup service available in Aruba Central.

AirGroup is a zero configuration networking protocol that enables service discovery, address assignment, and name resolution for desktop computers, mobile devices, and network services. It is designed for flat, single-subnet IP networks such as wireless networking at home.

Bonjour can be installed on computers running Microsoft Windows and is supported by the new network-capable printers. Bonjour uses multicast DNS (mDNS Multicast Domain Name System. mDNS provides the ability to perform DNS-like operations on the local link in the absence of any conventional unicast DNS server. The mDNS protocol uses IP multicast User Datagram Protocol (UDP) packets, and is implemented by the Apple Bonjour and Linux NSS-mDNS services. mDNS works in conjunction with DNS Service Discovery (DNS-SD), a companion zero-configuration technique specified. See RFC 6763.) to locate devices and the services offered by these devices. The AirGroup solution supports both wired and wireless devices. Wired devices that support Bonjour services are part of AirGroup when connected to a VLAN that is terminated on the Virtual Controller.

In addition to the mDNS protocol, Instant APs also support Universal Plug and Play (UPnP Universal Plug and Play. UPnp is a set of networking protocols that permits networked devices, such as personal computers, printers, Internet gateways, Wi-Fi APs, and mobile devices to seamlessly discover each other's presence on the network and establish functional network services for data sharing, communications, and entertainment.) and Digital Living Network Alliance (DLNA Digital Living Network Alliance. DLNA is a set of interoperability guidelines for sharing digital media among multimedia devices. ) enabled devices. DLNA is a network standard derived from UPnP, which enables devices to discover the services available in a network.

DLNA also provides the ability to share data between the Windows or Android-based multimedia devices. All the features and policies applicable to mDNS are extended to DLNA to ensure full interoperability between compliant devices.

To enable AirGroup services, complete the following steps:

  1. In the Aruba Central app, set the filter to a group that contains at least one AP.

    The dashboard context for the group is displayed.

  2. Under Manage, click Devices > Access Points.
  3. Click the Config icon.

    The tabs to configure access points is displayed.

  4. Click Show Advanced, and then click the Services tab.

    The Services details page is displayed.

  5. Click the AirGroup accordion.
  6. Select the AirGroup check box.
    • The mDNS (Bonjour) and SSDP (DLNA/UPNP) check-boxes are selected by default. Select at least mDNS (Bonjour) or SSDP (DLNA/UPNP) to proceed further.
    • Optionally, select the Guest Bonjour Multicast check box to allow guest users to use the Bonjour services that are enabled in a guest VLAN. When Guest Bonjour Multicast is enabled, the Bonjour devices are visible only in the guest VLAN and AirGroup does not discover or enforce policies in the guest VLAN.
  7. Expand AirGroup Settings, and then select the AirPrint check box to enable wireless printing between AirPrint capable devices and AirPrint compatible printers.
    • Optionally, when enabling an AirGroup service, define disallowed roles. The disallowed roles are not allowed to use the specific AirGroup service. To disallow roles:
      1. Click Edit against Disallowed Roles.
      2. Move the roles from the Available pool to the Selected pool.
      3. Click Ok.
    • Optionally, when enabling an AirGroup service, define disallowed VLANs. The disallowed VLANs are not allowed to use the specific AirGroup service. To disallow VLANs:
      1. Click Edit against Disallowed VLANs.
      2. Type the VLANs in Enter comma-separated list of VLAN IDs. Separate multiple VLANs with a comma.
      3. Click Ok.
    • Optionally, configure and enable a new AirGroup service. If defined, disallowed roles or VLANs are not allowed to use the new AirGroup service. To configure and enable a new AirGroup service:
      1. Click Add New Service.
      2. Type the service name in Service Name. Use alphanumeric characters.
      3. Type a service ID in Service ID. Use + to add additional service IDs.

        Sample service ID: urn:schemas-upnp-org:service:RenderingControl:1 or _sleep-proxy._udp.

      4. Click Ok.
      5. Select the check box against the new AirGroup service.
  8. Optionally, under ClearPass Settings sub-accordion, configure the following parameters listed:

    Table 7: ClearPass Settings

    Mode

    Description

    ClearPass Policy Manager ClearPass Policy Manager is a baseline platform for policy management, AAA, profiling, network access control, and reporting. With ClearPass Policy Manager, the network administrators can configure and manage secure network access that accommodates requirements across multiple locations and multivendor networks, regardless of device ownership and connection method. Server 1

    Specify the ClearPass Policy Manager server to use. Select one from the drop-down or define a new ClearPass Policy Manager server.

    Enforce ClearPass ClearPass is an access management system for creating and enforcing policies across a network to all devices and applications. The ClearPass integrated platform includes applications such as Policy Manager, Guest, Onboard, OnGuard, Insight, Profile, QuickConnect, and so on. Registration

    Specify is ClearPass registration should be enforced.

  9. Click Save Settings.

Poor Voice Call Quality Issues

The growing use of Wi-Fi and the proliferation of mobile tablet and smartphone clients cause control and visibility challenges for communication and collaboration applications. To overcome these challenges, Aruba offers the Unified Communication and Collaboration (UCC Unified Communications and Collaboration. UCC is a term used to describe the integration of various communications methods with collaboration tools such as virtual whiteboards, real-time audio and video conferencing, and enhanced call control capabilities.) application service to manage your enterprise communication ecosystem.

The UCC application on Aruba devices provides a seamless user experience for voice calls, video calls, and application sharing when using communication and collaboration tools. The UCC application actively monitors voice, video, and application sharing sessions, provides traffic visibility, and allows you to prioritize the required sessions. The UCC application also leverages the functions of the service engine on the cloud platform and provides rich visual metrics for analytical purposes.

To access the UCC application, obtain a valid subscription. To obtain a subscription for the UCC application, contact the Aruba Central Sales team.

To analyze the VOIP call quality of a specific client, complete the following steps:

  1. In the Aruba Central app, search for a specific wireless client in the Search Bar.
  2. Click on the wireless client listed in the search result under Clients, to navigate to the corresponding Client Details page.
  3. Under Manage, click Applications > UCC.

    The UCC page is displayed in the List view.

Alternatively, you can also perform the following steps to navigate to the UCC tab to check the VOIP call quality of a specific client:

  1. In the Aruba Central app, set the filter to one of the options under Groups, Labels, or Sites. For all devices, set the filter to Global.

    The dashboard context for the selected filter is displayed.

  2. Under Manage, click Clients.

    The Clients page is displayed in the List view.

  3. In the Clients Summary bar, click Wireless to filter the clients connected to the wireless network.
  4. In the Clients table, click a client listed under Client Name.

    The Summary tab is displayed.

  5. Under Manage, click Applications > UCC.

    The UCC page is displayed in the List view.

  6. Click the Summary icon to view the UCC dashboard.

Summary View

The Summary view in the Applications > UCC page provides the following information:

Time Filter

The time filter allows you to set a time range to display the corresponding data on the graph. You can set the filter to any of the following time ranges:

  • 3 Hours—The graph displays the details for the past three hours.
  • 1 Day—The graph displays the details for the current day.
  • 1 Week—The graph displays the details for the current week.
  • 1 Month—The graph displays the details for the current month.

Summary Bar

The banner in the header pane shows the following call quality details:

  • Calls—Displays the total number of calls that have ended.
  • Good—Displays the total number of good calls that have ended. A good call has an UCC RTPA score of more than 70.
  • Fair—Displays the total number of fair calls that have ended. A fair call has an UCC RTPA score in the range of 30 to 70.
  • Poor—Displays the total number of poor calls that have ended. A poor call has an UCC RTPA score of less than 30.
  • Unknown—Displays the total number of calls whose status is unknown. A call is classified as unknown if the ALG Application Layer Gateway. ALG is a security component that manages application layer protocols such as SIP, FTP and so on. does not support RTPA or the UCC score is not available.

Click any option to view the corresponding graph. For example, if you click Good. The Calls graph displays only the calls that are categorized as good for the selected time range.

By comparing the call quality and client health score, you can find out if the wireless network was the reason for the poor quality of VOIP calls. A poor value of the client health indicates that the issue is at the wireless network side. In that case, go to the Overview > AI Insights page in the wireless Client Details page and check if the client is dwelling on the 2.4 GHz Gigahertz. band. If the client is dwelling on the 2.4 GHz band, configure the VOIP Wireless LAN Local Area Network. A LAN is a network of connected devices within a distinct geographic area such as an office or a commercial establishment and share a common communications line or wireless link to a server. to the 5 GHz band. For more information, see AI Insights in Global Dashboard.

If there are no client insights in the AI Insights page, you must check for the following AI Insights in the site context:

  • Access Points were impacted by high 5 GHz usage
  • Access Points impacted by high 2.4 GHz usage
  • Access Points had an excessive number of channel changes

Calls

The Calls graph displays a donut graph and bar graph of all, good, fair, poor, or unknown calls. You can filter the graph by SSID, Protocol, OS, Session Type, or Quality. By default, the graph is displayed for Protocol. Hover over any segment on the graph to view additional information. Click any segment on the graph to open the list view. Click the Enlarge icon to view the enlarged graph.

Figure 14  Summary View

Client Insights: Traffic Pattern Visibility

The Application page displays the Visibility tab.

The Visibility dashboard provides a summary of client traffic and their data usage to and from applications and websites. You can use this data to analyze the client traffic flow using the graphs displayed in the Visibility dashboard. This data helps users to troubleshoot any traffic issues for any specific client. The tab consists of a list view and a graph view. The Visibility dashboard displays metrics and graphs related to client traffic flow in the following sections:

  • Applications
  • Websites

Viewing Visibility Dashboard

To view the Visibility dashboard, complete the following steps:

  1. In the Aruba Central app, set the filter to one of the options under Groups or Sites.

    For all devices, set the filter to Global. The dashboard context for the selected filter is displayed.

  2. Under Manage, click Applications.

    The visibility dashboard is displayed.

The Visibility dashboard displays metrics and graphs related to client traffic flow in the following sections:

  • Applications
  • Websites
  • Blocked Traffic

Figure 15  Visibility dashboard at the global level

Graph View in the Visibility Dashboard

Click the Summary icon in the Visibility dashboard to view both the applications and websites graphical information:

  • Applications
    • Applications—The stacked bar graph and the pie chart in this tab displays details of the client traffic flowing to or from the top five classified applications listed on the Applications table. The legend below the graph displays the list of applications to which the traffic flow is detected. Select or deselect the application check box to show or hide the traffic flow data from the pie chart and stacked bar. By hovering the mouse on a pie chart and stacked bar, you can view the size of data flowing to and from the application same as displayed in legend.
    • Categories—The stacked bar graph in this tab displays details of the client traffic flowing to or from the top five classified application categories listed on the Applications table. The legend below the graph displays the list of applications categories to which the traffic flow is detected. Select or deselect the application category check box to show or hide the traffic flow data from the pie chart and stacked bar. By hovering the mouse on a pie chart and stacked bar, you can view the size of data flowing to and from the application same as displayed in legend.
  • Websites

    • Reputations—The stacked bar graph and the pie chart in this tab displays details of client traffic flow for the top three reputations listed on the Websites table. The legend displays the list of websites based on its reputation, to which the traffic flow is detected. Select or deselect the reputation check box to show or hide the data from the pie chart and stacked bar. By hovering the mouse on a pie chart and stacked bar, you can view the size of data flowing to and from each of the websites that are categorized based on reputation.
    • Web Categories—The stacked bar graph and the pie chart in this tab displays details of client traffic flow for the top five web categories listed on the Websites table. Select or deselect the web category check box to show or hide the data from the pie chart and stacked bar. You can view the size of data flowing to and from each of the web categories by hovering the mouse on both the stacked bar graph and pie chart. The legend below the graph displays the list of websites based on its reputation, to which the traffic flow is detected.

Figure 16  Visibility dashboard in summary view