What's New in ArubaOS 10.3.1
New Features in ArubaOS 10.3.1
The following sections provide an overview of the new features that are added to ArubaOS 10 ArubaOS 10 (AOS 10) is the distributed network operating system working with Aruba Central that controls Aruba Access Points (APs) and optional gateways..3.1 release.
The following are the newly supported AP and gateways in this release:
- AP-375 ATEX
- 560 Series
- AP-565EX and AP-567EX
- Aruba 7205 Mobility Controller
NextHop List for Microbranch
Microbranch forwards packets to the next hop devices using policy-based routing (PBR Policy-based Routing. PBR provides a flexible mechanism for forwarding data packets based on polices configured by a network administrator.). With the next hop list, the administrators can ensure that when the next hop device becomes unreachable, the packets matching the policy can still reach their destination.
For more information, see Configuring NextHop List.
Dynamic DNS for Microbranch
Microbranch supports the configuration of Dynamic DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. for AP and DL3 clients. The hostname is automatically updated on the DNS server each time the IP address is changed by the ISP Internet Service Provider. An ISP is an organization that provides services for accessing and using the Internet..
For more information, see Configuring Dynamic DNS for Microbranch .
You can define a persona for ArubaOS devices while creating a group. The persona of a device represents the role that the device plays in a network deployment. The group persona and device architecture are set at the group level. All devices within a group inherit the same persona from the group settings. You can save the preferred settings to apply the same persona and architecture for subsequent group creations.
- Creating a group with a persona and architecture—You can set the architecture and persona for devices, when creating a group.
For more information, see Creating a Group Persona with ArubaOS 8 Architecture and Creating a Group Persona with ArubaOS 10 Architecture.
- Editing a group—You can edit a group to add a new device type. You can mark the settings of an edited group as preferred settings for subsequent group creations.
- Cloning a group—You can clone an existing group to create a new group with the same architecture and persona. You can also upgrade the architecture for the new group to ArubaOS 10.
For more information, see Cloning a Group.
- Importing a device configuration to create a new group—You can import a device configuration and create a new group with the same configuration. You can create a new group for IAPs with ArubaOS 8 architecture by importing configuration from an IAP.
For more information, see Creating a New Group by Importing Configuration from a Device.
- Moving devices between groups—You can move devices between groups. The moved devices will adopt the destination group configuration. The destination group accepts only the devices for which the group is created. For example, if a group is created for Access Points only, then only Access Points can be assigned to that group. You cannot assign other Aruba devices like switches and gateways to the group.
For more information, see Moving Devices between Groups.
For more information, see Managing Groups.
Provisioning AOS 10 Gateways
This deployment model allows you to provision Aruba gateways and configure the same for multiple AOS 10.x device and group personas using Guided setup, Basic setup, and Advanced setup modes.
For more information about configuration, see Different Modes of Configuring Gateways and Gateway Groups for AOS 10.x section in Provisioning Aruba Gateways in Aruba Central.
Third-Party Tunnel Monitoring
The traffic from Branch Gateway can now choose the best path towards a third-party VPNC with better quality and better monitor reachability. This is done by sending DPS probes to cloud destinations, which measures the quality of the traffic routed through the cloud node.
- Defining IP-SLA Profiles
IP-SLA profiles defines threshold values for path performance indicators. To determine if the path meets the performance criteria, Branch Gateways use the loss, latency, and jitter information, which are fetched from the HTTP Hypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands. probes. These probes measure the quality of the traffic routed through the cloud node. For more information about configuring IP-SLA profiles and assigning them to NextHop, see Configuring IP-SLA Profiles.
Configuring DPS Probes for Cloud Security Providers
Aruba Central allows you to define a probe responder to measure the quality of the different tunnels going to the third-party service. For more information about configuring DPS probes for third-party service providers, see the following:
- Configuring ZIA section in Integration with Zscaler Cloud Security Service
- Configuring IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. Tunnels to WSS section in Configuring Symantec WSS
- Configuring IPsec Tunnels to Check Point section in Integration with Check Point
- Configuring IPsec Maps section in Configuring Prisma Access
Source NAT VLAN
While configuring uplinks, Aruba Central allows to select a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. to perform source NAT Source NAT changes the source address of the packets passing through the router. Source NAT is typically used when an internal (private) host initiates a session to an external (public) host. on all the IP unicast packets that exits from an uplink.
For more information about Configuring Uplinks.and configuring uplinks, see
Reverse Path Pinning for Site to Site Tunnels
The traffic from Branch Gateway may need to be routed through a cloud security service. Currently, Reverse Path Pinning is only implemented on SD-WAN Software-Defined Wide Area Network. SD-WAN is an application for applying SDN technology to WAN connections that connect enterprise networks across disparate geographical locations. overlay tunnels, which means that introducing a cloud security service in between could lead to asymmetric routing. To overcome this problem, feature is introduced for site to site tunnels. When a site to site tunnel on VPNC has enabled, the gateway will keep track of the sessions to ensure the reverse traffic is forwarded through the same path it came from.
For more information on Configuring Site-to-Site VPN., see
Automatic Cluster Configuration for Branch Gateway Groups
The Branch Gateway groups now support the automatic cluster configuration functionality. A cluster is formed automatically when the Branch Gateways and AP are assigned to the same site. The Auto Site cluster is a two-node cluster consisting of two gateway devices, where one is a leader and the other is a member. The Clusters tab is introduced for the gateway configuration. You can configure Preferred Leader and Management VLAN for the change of authorization (CoA Change of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions. ) at group level. At the device level, you can configure the WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. Redundancy and VRRP Virtual Router Redundancy Protocol. VRRP is an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN..
For more information, see Automatic Cluster Configuration for Branch Gateway Groups.
AOS 10.3 currently supports deploying a single AP as a Microbranch AP in such remote sites such as home offices, small branch offices, retail locations, and so on. The AOS 10.3 enables these APs to form an IPsec tunnel to a Gateway VPNC cluster. AOS 10’s Microbranch capabilities combine Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. and SD-WAN to extend the WAN to remote workers – without requiring gateways. Using a single access point, IT can secure the home office by applying unified policy-based routing and cloud security inspection.
Microbranch Configuration Dashboard
AOS 10.3 supports the UI configurations categorized by the System, WAN, LAN Local Area Network. A LAN is a network of connected devices within a distinct geographic area such as an office or a commercial establishment and share a common communications line or wireless link to a server., Wireless, Tunnels & Routing, Services, and Security tiles to improve Microbranch configuration at group level.
These menu items are described as follows:
- System—Administrators can now view or configure system properties such as country code, DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. , IP address pools, DNS, and NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. servers, time-based services, external server configuration, proxy server configuration, and Intelligent Power Monitoring (IPM Intelligent Power Monitoring. IPM is a feature supported on certain APs that actively measures the power utilization of an AP and dynamically adapts to the power resources.).
For more information, see Configuring System Properties of Microbranch.
- WAN—Administrators can now view or configure WAN properties such as WAN uplink, uplink management, and WAN health check.
For more information, see Configuring WAN Properties of Microbranch.
- LAN—Administrators can now view or configure LAN properties such as Virtual subnet Subnet is the logical division of an IP network. management (VLANs), access controls, and wired network profiles.
For more information, see Configuring LAN Properties of Microbranch.
- Wireless—Administrators can now view or configure wireless properties such as network profiles, SSIDs Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network., radios, and mesh radio networks.
For more information, see Configuring Wireless Properties of Microbranch.
- Tunnels & Routing—Administrators can now view or configure tunnels and routing properties such as VPNC priority, overlay orchestration, data center configuration, static routing, and Policy-based Routing (PBR).
For more information, see Configuring Tunnels and Routing Properties of Microbranch.
- Services—Administrators can now view or configure services properties such as Real-Time Locating System, OpenDNS, CALEA Communications Assistance for Law Enforcement Act. To comply with the CALEA specifications and to allow lawful interception of Internet traffic by the law enforcement and intelligence agencies, the telecommunications carriers and manufacturers of telecommunications equipment are required to modify and design their equipment, facilities, and services to ensure that they have built-in surveillance capabilities., network integration, AppRF, and SIP Session Initiation Protocol. SIP is used for signaling and controlling multimedia communication session such as voice and video calls. .
For more information, see Configuring Services on Microbranch.
- Security—Administrators can now view or configure security properties such as client authentication, wireless IDS Intrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network./IPS Intrusion Prevention System. The IPS monitors a network for malicious activities such as security threats or policy violations. The main function of an IPS is to identify suspicious activity, log the information, attempt to block the activity, and report it. , polices and access control, and manage certificates.
For more information, see Configuring Security Properties of Microbranch.
The Routing tab in the overview section of an Access Point provides the routing information that is used to monitor, report, and troubleshoot the network infrastructure of Microbranch. Thetab under > in the Access Point dashboard displays information pertaining to the Routes Summary and Routes of Microbranch.
For more information, see Access Points > Overview > Routing.
IP Address Management System
Microbranch now supports an IP address management system that aids in planning, tracking, and managing the IP addresses used within the network . With fewer devices, it is easier for administrators to manage the IP addresses through manual methods. With expansion in business, the number of devices within the network also increases and it becomes more difficult for administrators to manage and maintain the increasing number of IP addresses and devices. Thepage in a dashboard automates the IP address management tasks by distributing the IP addresses uniquely to the devices from the IP range to ensure seamless business connectivity.
In Aruba Central, the IP Address Manager allows you to configure and assign inner IP addresses to the Microbranch AP. It also allows you to configure DHCP shared pools and assigns IP addresses to clients connecting to the Microbranch AP.
For more information, see IP Management System.
The following monitoring enhancements are introduced in this release.
In the Topology page, the Show Device Labels is now renamed to Show Device Names.
The Topology page includes the tunnel details for Access Point.
The Tunnel Details in the Topology page now shows ANY if the source IP or destination IP is 0.0.0.0.
For more information, see Monitoring Sites in the Topology Tab.
The WAN Summary page is available on the AP Summary page. The WAN Summary page includes the WAN Availability, VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. Availability, Usage, and Throughput details with chart.
WAN availability in the WAN Summary page is available only for AP with firmware version ArubaOS 10.3.0.0 or later, and with Aruba Central Advanced licenses.
For more information, see WAN Summary .
The following orchestration enhancements are introduced in this release.
Microbranch Integration with Zscaler Through Cloud Connect Service
This release introduces the Microbranch integration with Zscaler through the new Cloud Connect service.
Microbranch integration with Zscaler through Cloud Connect service allows you to set up a secure connection between the Microbranch AP and one or several cloud-hosted enforcement points called Zscaler Internet Access (ZIA) Public Service Edges. The Cloud Connect service uses the SD-Branch Orchestrator as the transport medium to send configurations to the Microbranch AP. The Microbranch AP connects to ZIA Public Service Edges through the automatically orchestrated IPsec tunnels—Orch-IKE Internet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. tunnels, which uses the Internet Key Exchange (IKE) protocol to set up a security association (SA Security Association. SA is the establishment of shared security attributes between two network entities to support secure communication.) in the IPsec protocol suite with Zscaler. This provides the ability to traverse NAT Network Address Translation. NAT is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. boundaries and leverage IKEv2 Internet Key Exchange version 2. IKEv2 uses the secure channel established in Phase 1 to negotiate Security Associations on behalf of services such as IPsec. IKEv2 uses pre-shared key and Digital Signature for authentication. See RFC 4306. for authentication, while at the same time limiting the overhead. After the tunnels are established between the Microbranch AP and ZIA Public Service Edges, Zscaler uses reverse-pinning technology to ensure that the traffic is sent back through the same tunnel from which the traffic originated.
The Cloud Connect service continuously looks for new ZIA Public Service Edges. If there are new ZIA Public Service Edges available, it pushes the maps of these ZIA Public Service Edges to the Microbranch AP and ensures that they are always connected to a Public Service Edge at any give time.
For more information, see Microbranch Integration with Zscaler through Cloud Connect Service.
IDPS Convergence with AOS 10.3
AOS 10.3 supports all IDPS features available in SD-Branch 4.0. The SD-Branch and AOS 10.3 merge has incorporated the wireless devices packets also to go through the IDPS engine for scanning any potential threats. Aruba IDPS provides an extra layer of protection that actively analyzes the network and takes actions on the traffic flows based on preconfigured rules. These actions include sending threat events and dropping data packets. Aruba IDPS has the capability to analyze data packets that enter the network and act quickly to prevent threats in real time.
For more information about IDPS, seeAruba IDPS.
IP Flow Information Export
The IP Flow Information Export (IPFIX) protocol allows clients to easily monitor network traffic to and from the node. IPFIX exports IP flow information from Branch Gateways and other network devices, such as switches, and routers to network monitoring and analysis applications known as collector systems. This information is cached on the gateway, and then exported to an assigned collector server within the node. The information is then logged and stored by the collector server for viewing.
For more information, see Configuring Network Traffic Using IP Flow Information Export.
The following new insights are added in this release:
Availability - Gateway
For more information, see Gateways with Uncommon Health-Probe IPs.
insight provides information about uncommon health-probe IP addresses in the network.
- The LTE Long Term Evolution. LTE is a 4G wireless communication standard that provides high-speed wireless communication for mobile phones and data terminals. See 4G.) link is available in the network.
For more information, see Gateways with Underperforming WAN Links
insight provides information about gateways that are using poorer performing WAN links when a better (non-
For more information, see Gateways WAN Uplinks Having Higher Latency than Peers.
insight is triggered when a link latency is greater than 50 ms or above 75 percent of the peers in the same geographical location.
Remote Console Session
The new Console tab allows users to open a remote console for a CLI session through SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. for a gateway, switch, and access point. Users with admin roles can access the device directly from the console to debug any device issues. The Console tab enables users to either view previously recorded sessions or create new SSH sessions and troubleshoot devices.
For more information, see the following topics:
Enhancements in ArubaOS 10.3.1
The following sections provide an overview of the enhancements introduced in ArubaOS 10.3.1 release.
Port Bonding Renamed as Port Mode
The Port Bonding field is renamed as Port Mode with options Uplink/bonded state and Downlink/unbonded state to select from the drop-down on the Advanced Settings section of Create New Network page.
For more information, see Configuring General Network Profile Settings.
Re-Sync Configuration Button
The Aruba Central to synchronize the configuration with the access points again and to resolve the configuration sync errors. For more information, see Viewing Configuration Status.button on the Configuration Audit > page allows
ESSID Configuration in WLAN SSID Profile
In Aruba Central, ESSID Extended Service Set Identifier. ESSID refers to the ID used for identifying an extended service set. field on the WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID configuration page allows you to specify the identifier that serves as an identification and address for the device to connect to a wireless router, which can then access the Internet.
For more information, see Configuring General > Advanced Settings for a WLAN SSID Profile.
Bulk Operations for Access Points
In Aruba Central, you can now specify the Name, Country code, and Timezone for multiple APs from the Access Points table.
For more information, see the following topics:
- Configuring Device Parameters for an AP
- Setting the Country Code for an AP
- Configuring System > General Parameters for an AP
Support for configuring multiple ISPs uplinks for VPNCs
Aruba SD-Branch solution allows you to configure multiple WAN uplinks with a single VPNC INET uplink. For more information, see the following topics:
- Configuring WAN Uplinks and Ports for WAN Interface for a VPNC
- Configuring Uplink Interfaces for VPNCs
Support for configuring System IP pool in AOS 10 Branch Gateway groups
Aruba SD-Branch solution allows you to configure System IP pool in AOS 10 Branch Gateway groups. For more information, see the following topics:
- Configuring System Parameters for AOS 10 Branch Gateway Groups
- Configuring System Parameters for an AOS 10 Branch Gateway Group
WAN policies for control-plane traffic
Aruba Central allows you to define WAN policies for control-pane traffic. These policies provide AOS 10 gateways the ability to provide the necessary telemetry for the MRT/AI insights apps to inform the network administrator about any issues concerning important traffic flows. As a part of this enhancement, an additional field in the
For more information about configuring WAN policies for control-plane traffic, see Configuring WAN Policy for Control-Plane Traffic section in Configuring Policies for Dynamic Path Steering.
Support for Web Content Classification (WebCC) feature on Aruba 9000 Series Gateways
The Aruba9000 Series gateways support Web Content and IP Classification.
For more information about configuring WebCC for Aruba9000 Series gateways, see Filtering URLs Based on Web Content and IP Classification.
Role-based Robust Ageout Mechanism for Wired Clients
This feature introduces a Role-based Robust Age-out Mechanism for wired passive clients where a wired client such as a printer, will not be deleted from the system without its network un-reachability being verified by ICMP Internet Control Message Protocol. ICMP is an error reporting protocol. It is used by network devices such as routers, to send error messages and operational information to the source IP address when network problems prevent delivery of IP packets. first.
For more information on setting up role-based robust age-out mechanism for wired clients, see Configuring User Roles for Clients.
Controller IP Enhancements
The following Controller IP enhancements are introduced in this release.
- Aruba Gateway reboot is avoided when a System IP is configured or modified. This enhancement reduces the bring-up time of Aruba Gateways during ZTP Zero Touch Provisioning. ZTP is a device provisioning mechanism that allows automatic and quick provisioning of devices with a minimal or at times no manual intervention..
- Configuring System IP is not mandatory while configuring Aruba Gateways in Aruba Central. That is, when you configure a Aruba Gateway without System IP, the Aruba Gateway will be partially operational without a System IP. The administrator must configure System IP for the Aruba Gateway to become completely operational.
- Aruba Gateway is accessible when the DHCP-based controller IP is not available during the bootstrap phase. However, the administrator can access the device and execute CLI commands to collect logs for troubleshooting purposes. For more information about CLI, see SD-Branch CLI guide.
System IP cannot be modified when an AOS 10.x gateway is part of a cluster. If the cluster is enabled on the AOS 10.x gateway, you must first disable the cluster and then modify the System IP.
For more information about System IP configuration for various AOS 10.x Gateways, see the following sections.
- Configuring System IP Address for an AOS 10 Branch Gateway
- Configuring System IP Address for an AOS 10 VPNC
- Configuring a System IP Address for an AOS 10 Mobility Gateway
Enhanced DHCP Size Limit
AOS 10.3 onwards, the DHCP lease limits for 7000 Series and 9000 Series gateways have been enhanced.
For more information, see DHCP Lease Limits and Additional DHCP Scope table in DHCP Lease Limit.
VRRP Configuration for LAN Redundancy
In the Redundancy configuration page, Tracing Uplink table is added to perform VRRP priority tracking based on the uplink health of a specific VLAN.
Source NAT VLAN
While configuring uplinks, Aruba Central allows to select a VLAN to perform source NAT on all the IP unicast packets that exits from an uplink.
For more information about Configuring Uplinks.and configuring uplinks, see
The following orchestration features are introduced in this release.
Branch Mesh—Data path support
Each Aruba Branch Gateway can now be a part of multiple branch mesh topologies. For more information about configuring branch mesh topologies, see Branch Mesh Topology in SD-Branch .
The tunnel table and route table are displayed based on the Aruba site and the pin that is selected. For more information about monitoring SD-WAN Overlay Tunnels and Routes, see Monitoring SD-WAN Overlay Tunnels and Route.
The following UI and template configuration enhancements are introduced in this release.
RRM Quiet IE in SSID
The RRM Quiet IE in the Security > Fast Roaming WLAN SSID configuration UI page allows you to enable or disable the Radio Resource Management IE profile elements advertised by an AP in the SSID profile.
For more information, see Configuring a Security Profile on a WLAN SSID.
Mesh Support for Multiple Radios
Aruba Central now allows you to configure mesh profiles for multiple radios in the System > Mesh UI page. Although most mesh deployments require only a single mesh cluster profile, you can configure and apply multiple mesh cluster profiles to an individual AP.
For more information, see Configuring Mesh for Multiple Radios.
Fast Roaming with Mesh
The RSSI Received Signal Strength Indicator. RSSI is a mechanism by which RF energy is measured by the circuitry on a wireless NIC (0-255). The RSSI is not standard across vendors. Each vendor determines its own RSSI scale/values. of the parent is lower than the threshold value.in the Access Points > Mesh configuration UI page allows you to trigger fast roaming on a mobility mesh point when the
For more information, see Access Points Configuration Parameters.
Enhanced Access Points Configuration
- The USB Universal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. Port and USB Power Override in the Access Points > Uplink configuration UI page allows you to set the uplink preferences.
- The Installation Type in the Access Points configuration UI page allows you to configure the installation type of the AP from the drop-down list based on the AP model as either Default, Indoor, or Outdoor.
For more information, see Configuring Device Parameters for an AP
TPM Certificate Support for 802.1X Authentication
You can now configure a factory-installed TPM Trusted Platform Module. TPM is an international standard for a secure cryptoprocessor, which is a dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices. certificate for 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication. You can configure the TPM certificate as a Certificate Type using the Interfaces > Uplink > AP1X Type UI page.
For more information, see Configuring Uplinks
Add Named VLAN
Aruba Central supports adding multiple VLAN IDs and VLAN range in the Add Named VLAN window in SSID configuration page.
For more information, see Configuring WLAN SSID Settings for Microbranch Deployments.
Increased Route Count for APs
The total number of configured routes for AP has been increased to 256. For more information, see Configuring Static Routing.
Enhanced Security for Teleworker Deployments
In teleworker deployments, security features are enhanced by disabling local management of the AP, managing it through a secured tunnel, and blocking client access to the reserved IP addresses.
Local Probe Request Threshold and Min RSSI for Auth Request
To improve the performance of the indoor Wi-Fi clients, this release supports configuring a WLAN SSID with Local Probe Request Threshold and Min RSSI for auth request advanced settings. Based on your selection, the local probe request threshold value and the Min RSSI for auth request changes to the recommended value automatically from the AI insight.
For more information, see Configuring WLAN SSID Settings for Microbranch Deployments.
The following monitoring enhancements are introduced in this release.
Health Bar for the AP Dashboard
Radio health in the Health Bar indicates the number of radios in good, poor, or disabled status and summarizes the Radio 2.4 GHz Gigahertz., Radio 5 GHz, and Radio 5 GHz (Secondary) health details. Hovering over the Radio Health displays the device health, the exact value of the channel utilization, and the noise floor.
Tunnel status in the Health Bar indicates the number of tunnels that are up and down. AP status and device health value in the health bar changes according to the change in tunnel status.
For more information, see The Health Bar.
Wired Clients in Data Path
The AP Summary page displays the number of ports that include USB ports available in the AP and the number of wired clients connected to the AP in the data path.
For more information, see Data Path.
This release introduces the following enhancements to thefeature:
- The floor plan user interface for a site has been enhanced and now includes a view and view. The summary view in the dashboard now features the tile that displays all the available floors in a tile view for a selected site. You can add a new floor using the icon and can also search for an AP or floor names using the icon. The list view displays all the floors in a table.
- The view mode of a floor is also enhanced to provide a better user experience. For a selected floor, you can now view the floor details in the window by clicking the icon. To view any device details in the window, click any device in the floor plan. You can also view the settings applied to the floor plan by clicking the icon.
- The new dashboard for the site, allows you to delete or edit a floor plan directly from the summary view and the list view.
For more information, see About Floor plan.
The following improvements are made to thedashboards:
In thetab, the and column are removed from the table. You can use the filter option in the and column to filter any application and category by its name. Use the sort icon to sort the list in an ascending or descending order.
- In the view, the dashboard user interface is enhanced to include a pie chart along with the stacked bars. The new graphs display both the and usage data, along with the clients traffic flow. You can select or deselect the application/ category check box to show or hide the traffic flow data from the pie chart and stacked bar. By hovering the mouse over the pie chart and stacked bar, you can view the size of the data.
For more information, see Application Visibility.
Client Data Path on IAP Overlay Tunnel
The client data path is enhanced to show the data path for IAP-VPN overlay tunnel for wired and wireless clients. In the Client Details page, the Tunneled column shows Yes and the Segmentation column shows Overlay for the tunneled network. To view the details of an overlay tunnel, the IAP and VPNC must be licensed in the same Aruba Central account.
Firmware Upgrade and Compliance
This release introduces the following enhancements to thedashboard:
Under theradio, the drop-down menu includes the option that allows you to schedule compliance and upgrade based on the local site time.
- The , , and option includes a drop-down option that allows you to select a Primary or Secondary partition to install the firmware.
Thetable includes a column that displays the group to which the devices are associated. This information is available only in the global context.
- At the device level when you hover over the
column, the following information is displayed:
- version number and compliance configured level for a set compliance
- date, time (UTC Coordinated Universal Time. UTC is the primary time standard by which the world regulates clocks and time.), and firmware version number
- compliance configured level for a scheduled compliance
For more information, see Software Upgrades.
In the Network Operations app, use the filter to select a group, label, site, or a device and then, select Analyze > Tools to use different troubleshooting tools. The Tools menu option enables users to troubleshoot AP, gateway, and switch issues in the network through various tests available in the Network Check, Device Check, Commands, and Console tabs. The following troubleshooting enhancements are introduced in this release.
VLAN – based Ping Test
Under Analyze > Tools > Network Check, you can now perform ping test based on VLAN IDs on IAPs running firmware version AOS 10.3 and later, to troubleshoot network issues. The SSID drop-down is added to enable users to troubleshoot client SSIDs.
For more information, see Troubleshooting Network Issues
Live Events – Wired Client Packet Capture
Aruba Central now allows read-write and admin users to launch targeted packet capture on a wired client connected to a gateway or switch. Packet capture can be done at a site level or for a selected client.
Gateway Troubleshooting – Ping Sweep Test
For Ping Sweep Test additional parameters are introduced in the Show Additional Test Settings section to enhance the troubleshooting procedure. For more information, see Troubleshooting Gateway Connectivity Issues.
The following enhancements are added to AI Insights in this release:
Outdoor clients are impacting Wi-Fi performance
In the Topology page, the Show Device Labels is now renamed to Show Device Names.
The insight recommendation for this insight can be switched from manual to AI-driven by changing the AP configuration. The recommended SNR Signal-to-Noise Ratio. SNR is used for comparing the level of a desired signal with the level of background noise. threshold values for the Local Probe Request Threshold and Min RSSI for Auth Request can be applied automatically (AI-driven) or updated manually to the impacted APs whenever this insight is triggered. You can update the AP to AI-driven mode directly from the AI Insight page by clicking the Update button or you can also change the configuration settings from the AP configuration page.
In the AP configuration page, Advanced Settings, you must set the Local Probe Request Threshold and Min RSSI for Auth Request to either of the following:
- Automatic—The AP is switched to AI-driven mode. In this approach the values recommended by the insight are applied automatically whenever the insight is triggered.
- Manual—The AP is switched to manual mode. In this approach the values recommended by the insight should be applied manually by the user.
If there is no SNR recommendation value from this insight, the AP uses the previously configured recommended default value.
For more information, see Outdoor Clients Impacting Wi-Fi Performance.
DNS Queries Failed to Reach or Return from the Server
In this insight a new Loss pattern card is added to show persistent DNS loss patterns observed in the network. This insight operates by identifying similar failure events observed during the DNS resolution stage between entities (site, server, AP) and groups them into a set of specific loss patterns. These patterns help network administrators to identify which combination of DNS server and AP setting result in DNS loss events in single or multiple sites in the network.
For more information, see the following help pages:
Alerts and Events
The following alert and event enhancements are introduced in this release:
In the Site context, while suppressing alert notifications, you can select Override or Append to either override or append the configured email addresses to receive notifications when an individual or site level alter alert is generated. You can also override or append the configured default recipient email list to receive alert notifications.
For more information, see Suppressing Alert Notifications in the Site Dashboard and Adding Default Recipients.
The Events table columns enables filtration and search ability at all levels. It also allows free text search to enhance the search capability. You can also copy and paste text on the column headers to improve the search mechanism.
For more information, see Viewing Events in List view.
Client Event Filter
Aruba Central allows you to troubleshoot issues related to a wired or wireless client connected to IAPs. The Events tab in the client context provides a detailed drill-down capability to filter events further to identity a specific issue and perform troubleshooting in both List and Summary view. It provides an aggregate view of events in different categories to provide a deep insight to the client's health.
For more information, see Client Events.
The Dynamic Logs feature enables Aruba Central to dynamically run CLI commands on IAPs or APs and gateways to collect the output as logs, which can be used for troubleshooting device issues. Dynamic Logs sends notification to the Aruba Support team when failure events are generated in the network.
To collect dynamic logs on IAPs, the recommended firmware version is ArubaOS 184.108.40.206 and later. Whereas for gateways, the recommended firmware version is ArubaOS 220.127.116.11-18.104.22.168 and later. Dynamic Logs is supported on gateways with AOS 10.1.0.0 and later versions.
Dynamic Logs also support dynamic packet capture (PCAP) for wireless clients connected to IAPs. You can filter Dynamic Logs events based on event types.
For more information, see Dynamic Logs.
The following enhancements are added to reports.
Wired Client Support in Client and Network Reports
- The explicit details for the wired clients are available in the Client Inventory, Client Usage, Client Session, and Network reports.
- In the Client Inventory report, the Client Count by Connection Type table displays the client count by wireless and wired connection type.
In the Client Usage report, you can filter the data in the Top Ten Clients by Usage widget by All, Connection Type (wireless, wired, or remote) or SSIDs. The inbound and outbound clients data usage metrics is displayed in the Client Usage widget by Connection Type (wireless, wired, or remote) and client count data metrics is displayed in the Client Count widget by Connection Type (wireless, wired, or remote).
In the Network report, you can filter the data in the Top Ten Clients by Usage widget by All, Connection Type (wireless, wired, or remote) or SSIDs. The Wired Clients and Peak & Average Wired Data Usage widgets are also added. The client count is displayed on the time series graph in the Wired Clients widget. The inbound and outbound peak or average data usage metrics is displayed in the Peak & Average Wired Data Usage widget.
- In the Client Session report, the Session Data By Role and Clients By Role widgets display the details by role, connection type (wireless or wired) and SSIDs. You can filter the data in the Top Ten Clients by Usage widget by All, Connection Type (wireless or wired) or SSIDs.
For more information, see Report Categories.
RF Health Report
In the RF Radio Frequency. RF refers to the electromagnetic wave frequencies within a range of 3 kHz to 300 GHz, including the frequencies used for communications or Radar signals. Health report, the Optional Widgets section is introduced to include the RF Details and IAP Uplink Usage details in the CSV Comma-Separated Values. A file format that stores tabular data in the plain text format separated by commas. format. The IAP Uplink Usage information is available only for Instant APs with Advanced license.
This section provides an overview of the latest AOS 10.x release notes.