What's New in ArubaOS 10.3.1

New Features in ArubaOS 10.3.1

The following sections provide an overview of the new features that are added to ArubaOS 10 ArubaOS 10 (AOS 10) is the distributed network operating system working with Aruba Central that controls Aruba Access Points (APs) and optional gateways..3.1 release.

Supported Devices

The following are the newly supported AP and gateways in this release:

  • AP-375 ATEX
  • AP-375EX
  • AP-377EX
  • AP-503H
  • 560 Series
  • AP-565EX and AP-567EX
  • Aruba 7205 Mobility Controller

NextHop List for Microbranch

Microbranch forwards packets to the next hop devices using policy-based routing (PBR Policy-based Routing. PBR provides a flexible mechanism for forwarding data packets based on polices configured by a network administrator.). With the next hop list, the administrators can ensure that when the next hop device becomes unreachable, the packets matching the policy can still reach their destination.

For more information, see Configuring NextHop List.

Dynamic DNS for Microbranch

Microbranch supports the configuration of Dynamic DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. for AP and DL3 clients. The hostname is automatically updated on the DNS server each time the IP address is changed by the ISP Internet Service Provider. An ISP is an organization that provides services for accessing and using the Internet..

For more information, see Configuring Dynamic DNS for Microbranch .

Group Persona

You can define a persona for ArubaOS devices while creating a group. The persona of a device represents the role that the device plays in a network deployment. The group persona and device architecture are set at the group level. All devices within a group inherit the same persona from the group settings. You can save the preferred settings to apply the same persona and architecture for subsequent group creations.

  • Creating a group with a persona and architecture—You can set the architecture and persona for devices, when creating a group.

    For more information, see Creating a Group Persona with ArubaOS 8 Architecture and Creating a Group Persona with ArubaOS 10 Architecture.

  • Editing a group—You can edit a group to add a new device type. You can mark the settings of an edited group as preferred settings for subsequent group creations.

    For more information about allowed device combinations, see Editing an ArubaOS 8 architecture group and Editing an ArubaOS 10 architecture group.

  • Cloning a group—You can clone an existing group to create a new group with the same architecture and persona. You can also upgrade the architecture for the new group to ArubaOS 10.

    For more information, see Cloning a Group.

  • Importing a device configuration to create a new group—You can import a device configuration and create a new group with the same configuration. You can create a new group for IAPs with ArubaOS 8 architecture by importing configuration from an IAP.

    For more information, see Creating a New Group by Importing Configuration from a Device.

  • Moving devices between groups—You can move devices between groups. The moved devices will adopt the destination group configuration. The destination group accepts only the devices for which the group is created. For example, if a group is created for Access Points only, then only Access Points can be assigned to that group. You cannot assign other Aruba devices like switches and gateways to the group.

    For more information, see Moving Devices between Groups.

For more information, see Managing Groups.

Provisioning AOS 10 Gateways

This deployment model allows you to provision Aruba gateways and configure the same for multiple AOS 10.x device and group personas using Guided setup, Basic setup, and Advanced setup modes.

For more information about configuration, see Different Modes of Configuring Gateways and Gateway Groups for AOS 10.x section in Provisioning Aruba Gateways in Aruba Central.

Third-Party Tunnel Monitoring

The traffic from Branch Gateway can now choose the best path towards a third-party VPNC with better quality and better monitor reachability. This is done by sending DPS probes to cloud destinations, which measures the quality of the traffic routed through the cloud node.

Source NAT VLAN

While configuring uplinks, Aruba Central allows to select a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. to perform source NAT Source NAT changes the source address of the packets passing through the router. Source NAT is typically used when an internal (private) host initiates a session to an external (public) host. on all the IP unicast packets that exits from an uplink.

For more information about Source NAT VLAN and configuring uplinks, see Configuring Uplinks.

Reverse Path Pinning for Site to Site Tunnels

The traffic from Branch Gateway may need to be routed through a cloud security service. Currently, Reverse Path Pinning is only implemented on SD-WAN Software-Defined Wide Area Network. SD-WAN is an application for applying SDN technology to WAN connections that connect enterprise networks across disparate geographical locations. overlay tunnels, which means that introducing a cloud security service in between could lead to asymmetric routing. To overcome this problem, Reverse Path Pinning feature is introduced for site to site tunnels. When a site to site tunnel on VPNC has Reverse Path Pinning enabled, the gateway will keep track of the sessions to ensure the reverse traffic is forwarded through the same path it came from.

For more information on Reverse Path Pinning, see Configuring Site-to-Site VPN.

Automatic Cluster Configuration for Branch Gateway Groups

The Branch Gateway groups now support the automatic cluster configuration functionality. A cluster is formed automatically when the Branch Gateways and AP are assigned to the same site. The Auto Site cluster is a two-node cluster consisting of two gateway devices, where one is a leader and the other is a member. The Clusters tab is introduced for the gateway configuration. You can configure Preferred Leader and Management VLAN for the change of authorization (CoA Change of Authorization. The RADIUS CoA is used in the AAA service framework to allow dynamic modification of the authenticated, authorized, and active subscriber sessions. ) at group level. At the device level, you can configure the WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. Redundancy and VRRP Virtual Router Redundancy Protocol. VRRP is an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN..

For more information, see Automatic Cluster Configuration for Branch Gateway Groups.

Microbranch Configuration

AOS 10.3 currently supports deploying a single AP as a Microbranch AP in such remote sites such as home offices, small branch offices, retail locations, and so on. The AOS 10.3 enables these APs to form an IPsec tunnel to a Gateway VPNC cluster. AOS 10’s Microbranch capabilities combine Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. and SD-WAN to extend the WAN to remote workers – without requiring gateways. Using a single access point, IT can secure the home office by applying unified policy-based routing and cloud security inspection.

Microbranch Configuration Dashboard

AOS 10.3 supports the UI configurations categorized by the System, WAN, LAN Local Area Network. A LAN is a network of connected devices within a distinct geographic area such as an office or a commercial establishment and share a common communications line or wireless link to a server., Wireless, Tunnels & Routing, Services, and Security tiles to improve Microbranch configuration at group level.

These menu items are described as follows:

Routing Tab

The Routing tab in the overview section of an Access Point provides the routing information that is used to monitor, report, and troubleshoot the network infrastructure of Microbranch. The Routing tab under Manage > Overview in the Access Point dashboard displays information pertaining to the Routes Summary and Routes of Microbranch.

For more information, see Access Points > Overview > Routing.

IP Address Management System

Microbranch now supports an IP address management system that aids in planning, tracking, and managing the IP addresses used within the network . With fewer devices, it is easier for administrators to manage the IP addresses through manual methods. With expansion in business, the number of devices within the network also increases and it becomes more difficult for administrators to manage and maintain the increasing number of IP addresses and devices. The Network Services > IP Address Manager page in a Global dashboard automates the IP address management tasks by distributing the IP addresses uniquely to the devices from the IP range to ensure seamless business connectivity.

In Aruba Central, the IP Address Manager allows you to configure and assign inner IP addresses to the Microbranch AP. It also allows you to configure DHCP shared pools and assigns IP addresses to clients connecting to the Microbranch AP.

For more information, see IP Management System.

Microbranch Monitoring

The following monitoring enhancements are introduced in this release.

Topology Page

In the Topology page, the Show Device Labels is now renamed to Show Device Names.

The Topology page includes the tunnel details for Access Point.

The Tunnel Details in the Topology page now shows ANY if the source IP or destination IP is 0.0.0.0.

For more information, see Monitoring Sites in the Topology Tab.

WAN Summary

The WAN Summary page is available on the AP Summary page. The WAN Summary page includes the WAN Availability, VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. Availability, Usage, and Throughput details with chart.

WAN availability in the WAN Summary page is available only for AP with firmware version ArubaOS 10.3.0.0 or later, and with Aruba Central Advanced licenses.

For more information, see WAN Summary .

Microbranch Orchestration

The following orchestration enhancements are introduced in this release.

Microbranch Integration with Zscaler Through Cloud Connect Service

This release introduces the Microbranch integration with Zscaler through the new Cloud Connect service.

Microbranch integration with Zscaler through Cloud Connect service allows you to set up a secure connection between the Microbranch AP and one or several cloud-hosted enforcement points called Zscaler Internet Access (ZIA) Public Service Edges. The Cloud Connect service uses the SD-Branch Orchestrator as the transport medium to send configurations to the Microbranch AP. The Microbranch AP connects to ZIA Public Service Edges through the automatically orchestrated IPsec tunnels—Orch-IKE Internet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. tunnels, which uses the Internet Key Exchange (IKE) protocol to set up a security association (SA Security Association. SA is the establishment of shared security attributes between two network entities to support secure communication.) in the IPsec protocol suite with Zscaler. This provides the ability to traverse NAT Network Address Translation. NAT is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. boundaries and leverage IKEv2 Internet Key Exchange version 2. IKEv2 uses the secure channel established in Phase 1 to negotiate Security Associations on behalf of services such as IPsec. IKEv2 uses pre-shared key and Digital Signature for authentication. See RFC 4306. for authentication, while at the same time limiting the overhead. After the tunnels are established between the Microbranch AP and ZIA Public Service Edges, Zscaler uses reverse-pinning technology to ensure that the traffic is sent back through the same tunnel from which the traffic originated.

The Cloud Connect service continuously looks for new ZIA Public Service Edges. If there are new ZIA Public Service Edges available, it pushes the maps of these ZIA Public Service Edges to the Microbranch AP and ensures that they are always connected to a Public Service Edge at any give time.

For more information, see Microbranch Integration with Zscaler through Cloud Connect Service.

IDPS Convergence with AOS 10.3

AOS 10.3 supports all IDPS features available in SD-Branch 4.0. The SD-Branch and AOS 10.3 merge has incorporated the wireless devices packets also to go through the IDPS engine for scanning any potential threats. Aruba IDPS provides an extra layer of protection that actively analyzes the network and takes actions on the traffic flows based on preconfigured rules. These actions include sending threat events and dropping data packets. Aruba IDPS has the capability to analyze data packets that enter the network and act quickly to prevent threats in real time.

For more information about IDPS, seeAruba IDPS.

IP Flow Information Export

The IP Flow Information Export (IPFIX) protocol allows clients to easily monitor network traffic to and from the node. IPFIX exports IP flow information from Branch Gateways and other network devices, such as switches, and routers to network monitoring and analysis applications known as collector systems. This information is cached on the gateway, and then exported to an assigned collector server within the node. The information is then logged and stored by the collector server for viewing.

For more information, see Configuring Network Traffic Using IP Flow Information Export.

AI Insights

The following new insights are added in this release:

Availability - Gateway

Troubleshooting

Remote Console Session

The new Console tab allows users to open a remote console for a CLI session through SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. for a gateway, switch, and access point. Users with admin roles can access the device directly from the console to debug any device issues. The Console tab enables users to either view previously recorded sessions or create new SSH sessions and troubleshoot devices.

For more information, see the following topics:

Enhancements in ArubaOS 10.3.1

The following sections provide an overview of the enhancements introduced in ArubaOS 10.3.1 release.

Port Bonding Renamed as Port Mode

The Port Bonding field is renamed as Port Mode with options Uplink/bonded state and Downlink/unbonded state to select from the drop-down on the Advanced Settings section of Create New Network page.

For more information, see Configuring General Network Profile Settings.

Re-Sync Configuration Button

The Re-Sync Configuration button on the Configuration Audit > Configuration Status page allows Aruba Central to synchronize the configuration with the access points again and to resolve the configuration sync errors. For more information, see Viewing Configuration Status.

ESSID Configuration in WLAN SSID Profile

In Aruba Central, ESSID Extended Service Set Identifier. ESSID refers to the ID used for identifying an extended service set. field on the WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID configuration page allows you to specify the identifier that serves as an identification and address for the device to connect to a wireless router, which can then access the Internet.

For more information, see Configuring General > Advanced Settings for a WLAN SSID Profile.

Bulk Operations for Access Points

In Aruba Central, you can now specify the Name, Country code, and Timezone for multiple APs from the Access Points table.

For more information, see the following topics:

Support for configuring multiple ISPs uplinks for VPNCs

Aruba SD-Branch solution allows you to configure multiple WAN uplinks with a single VPNC INET uplink. For more information, see the following topics:

Support for configuring System IP pool in AOS 10 Branch Gateway groups

Aruba SD-Branch solution allows you to configure System IP pool in AOS 10 Branch Gateway groups. For more information, see the following topics:

WAN policies for control-plane traffic

Aruba Central allows you to define WAN policies for control-pane traffic. These policies provide AOS 10 gateways the ability to provide the necessary telemetry for the MRT/AI insights apps to inform the network administrator about any issues concerning important traffic flows. As a part of this enhancement, an additional field in the

For more information about configuring WAN policies for control-plane traffic, see Configuring WAN Policy for Control-Plane Traffic section in Configuring Policies for Dynamic Path Steering.

Support for Web Content Classification (WebCC) feature on Aruba 9000 Series Gateways

The Aruba9000 Series gateways support Web Content and IP Classification.

For more information about configuring WebCC for Aruba9000 Series gateways, see Filtering URLs Based on Web Content and IP Classification.

Role-based Robust Ageout Mechanism for Wired Clients

This feature introduces a Role-based Robust Age-out Mechanism for wired passive clients where a wired client such as a printer, will not be deleted from the system without its network un-reachability being verified by ICMP Internet Control Message Protocol. ICMP is an error reporting protocol. It is used by network devices such as routers, to send error messages and operational information to the source IP address when network problems prevent delivery of IP packets. first.

For more information on setting up role-based robust age-out mechanism for wired clients, see Configuring User Roles for Clients.

Controller IP Enhancements

The following Controller IP enhancements are introduced in this release.

System IP cannot be modified when an AOS 10.x gateway is part of a cluster. If the cluster is enabled on the AOS 10.x gateway, you must first disable the cluster and then modify the System IP.

For more information about System IP configuration for various AOS 10.x Gateways, see the following sections.

Enhanced DHCP Size Limit

AOS 10.3 onwards, the DHCP lease limits for 7000 Series and 9000 Series gateways have been enhanced.

For more information, see DHCP Lease Limits and Additional DHCP Scope table in DHCP Lease Limit.

VRRP Configuration for LAN Redundancy

In the Redundancy configuration page, Tracing Uplink table is added to perform VRRP priority tracking based on the uplink health of a specific VLAN.

Source NAT VLAN

While configuring uplinks, Aruba Central allows to select a VLAN to perform source NAT on all the IP unicast packets that exits from an uplink.

For more information about Source NAT VLAN and configuring uplinks, see Configuring Uplinks.

Orchestration Features

The following orchestration features are introduced in this release.

Branch Mesh—Data path support

  • Each Aruba Branch Gateway can now be a part of multiple branch mesh topologies. For more information about configuring branch mesh topologies, see Branch Mesh Topology in SD-Branch .

  • The tunnel table and route table are displayed based on the Aruba site and the pin that is selected. For more information about monitoring SD-WAN Overlay Tunnels and Routes, see Monitoring SD-WAN Overlay Tunnels and Route.

Configuration

The following UI and template configuration enhancements are introduced in this release.

RRM Quiet IE in SSID

The RRM Quiet IE in the Security > Fast Roaming WLAN SSID configuration UI page allows you to enable or disable the Radio Resource Management IE profile elements advertised by an AP in the SSID profile.

For more information, see Configuring a Security Profile on a WLAN SSID.

Mesh Support for Multiple Radios

Aruba Central now allows you to configure mesh profiles for multiple radios in the System > Mesh UI page. Although most mesh deployments require only a single mesh cluster profile, you can configure and apply multiple mesh cluster profiles to an individual AP.

For more information, see Configuring Mesh for Multiple Radios.

Fast Roaming with Mesh

The Mesh mobility RSSI threshold in the Access Points > Mesh configuration UI page allows you to trigger fast roaming on a mobility mesh point when the RSSI Received Signal Strength Indicator. RSSI is a mechanism by which RF energy is measured by the circuitry on a wireless NIC (0-255). The RSSI is not standard across vendors. Each vendor determines its own RSSI scale/values. of the parent is lower than the threshold value.

For more information, see Access Points Configuration Parameters.

Enhanced Access Points Configuration

TPM Certificate Support for 802.1X Authentication

You can now configure a factory-installed TPM Trusted Platform Module. TPM is an international standard for a secure cryptoprocessor, which is a dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices. certificate for 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication. You can configure the TPM certificate as a Certificate Type using the Interfaces > Uplink > AP1X Type UI page.

For more information, see Configuring Uplinks

Add Named VLAN

Aruba Central supports adding multiple VLAN IDs and VLAN range in the Add Named VLAN window in SSID configuration page.

For more information, see Configuring WLAN SSID Settings for Microbranch Deployments.

Increased Route Count for APs

The total number of configured routes for AP has been increased to 256. For more information, see Configuring Static Routing.

Enhanced Security for Teleworker Deployments

In teleworker deployments, security features are enhanced by disabling local management of the AP, managing it through a secured tunnel, and blocking client access to the reserved IP addresses.

For more information, see Disabling Local Management of the AP and Managing the AP Through a Secured Tunnel and Blocking Client Access to IP Addresses Reserved for the AP.

Local Probe Request Threshold and Min RSSI for Auth Request

To improve the performance of the indoor Wi-Fi clients, this release supports configuring a WLAN SSID with Local Probe Request Threshold and Min RSSI for auth request advanced settings. Based on your selection, the local probe request threshold value and the Min RSSI for auth request changes to the recommended value automatically from the AI insight.

For more information, see Configuring WLAN SSID Settings for Microbranch Deployments.

Monitoring

The following monitoring enhancements are introduced in this release.

Health Bar for the AP Dashboard

Radio health in the Health Bar indicates the number of radios in good, poor, or disabled status and summarizes the Radio 2.4 GHz Gigahertz., Radio 5 GHz, and Radio 5 GHz (Secondary) health details. Hovering over the Radio Health displays the device health, the exact value of the channel utilization, and the noise floor.

Tunnel status in the Health Bar indicates the number of tunnels that are up and down. AP status and device health value in the health bar changes according to the change in tunnel status.

For more information, see The Health Bar.

Wired Clients in Data Path

The AP Summary page displays the number of ports that include USB ports available in the AP and the number of wired clients connected to the AP in the data path.

For more information, see Data Path.

Floor Plan

This release introduces the following enhancements to the Floor Plan feature:

  • The floor plan user interface for a site has been enhanced and now includes a Summary view and List view. The summary view in the Floor Plan dashboard now features the All Floors tile that displays all the available floors in a tile view for a selected site. You can add a new floor using theadd icon and can also search for an AP or floor names using the search icon. The list view displays all the floors in a Floor table.
  • The view mode of a floor is also enhanced to provide a better user experience. For a selected floor, you can now view the floor details in the Floor Details window by clicking the icon. To view any device details in the <Device> Details window, click any device in the floor plan. You can also view the settings applied to the floor plan by clicking the eye icon.
  • The new Floor Plan dashboard for the site, allows you to delete or edit a floor plan directly from the summary view and the list view.

For more information, see About Floor plan.

Application Visibility

The following improvements are made to the Application > Visibility dashboards:

  • In the Visibility > Applications tab, the Usage and Sent column are removed from the Applications table. You can use the filter option in the Applications and Category column to filter any application and category by its name. Use the sort icon to sort the list in an ascending or descending order.

  • In the Summary view, the Visibility dashboard user interface is enhanced to include a pie chart along with the stacked bars. The new graphs display both the Applications and Websites usage data, along with the clients traffic flow. You can select or deselect the application/ category check box to show or hide the traffic flow data from the pie chart and stacked bar. By hovering the mouse over the pie chart and stacked bar, you can view the size of the data.

For more information, see Application Visibility.

Client Data Path on IAP Overlay Tunnel

The client data path is enhanced to show the data path for IAP-VPN overlay tunnel for wired and wireless clients. In the Client Details page, the Tunneled column shows Yes and the Segmentation column shows Overlay for the tunneled network. To view the details of an overlay tunnel, the IAP and VPNC must be licensed in the same Aruba Central account.

For more information, see All Clients Monitoring in List View , Dashboard for Wireless Clients, Dashboard for Wired Clients.

Firmware Upgrade and Compliance

This release introduces the following enhancements to the Firmware dashboard:

  • Under the Later Date radio, the Select Zone drop-down menu includes the Device Local Time option that allows you to schedule compliance and upgrade based on the local site time.

  • The Set Compliance, Upgrade, and Upgrade All option includes a Install on drop-down option that allows you to select a Primary or Secondary partition to install the firmware.
  • The Firmware <Device> table includes a Group column that displays the group to which the devices are associated. This information is available only in the global context.

  • At the device level when you hover over the Compliance Status column, the following information is displayed: 

For more information, see Software Upgrades.

Troubleshooting Tools

In the Network Operations app, use the filter to select a group, label, site, or a device and then, select Analyze > Tools to use different troubleshooting tools. The Tools menu option enables users to troubleshoot AP, gateway, and switch issues in the network through various tests available in the Network Check, Device Check, Commands, and Console tabs. The following troubleshooting enhancements are introduced in this release.

VLAN – based Ping Test

Under Analyze > Tools > Network Check, you can now perform ping test based on VLAN IDs on IAPs running firmware version AOS 10.3 and later, to troubleshoot network issues. The SSID drop-down is added to enable users to troubleshoot client SSIDs.

For more information, see Troubleshooting Network Issues

Live Events – Wired Client Packet Capture

Aruba Central now allows read-write and admin users to launch targeted packet capture on a wired client connected to a gateway or switch. Packet capture can be done at a site level or for a selected client.

Gateway Troubleshooting – Ping Sweep Test

For Ping Sweep Test additional parameters are introduced in the Show Additional Test Settings section to enhance the troubleshooting procedure. For more information, see Troubleshooting Gateway Connectivity Issues.

AI Insights

The following enhancements are added to AI Insights in this release:

Outdoor clients are impacting Wi-Fi performance

In the Topology page, the Show Device Labels is now renamed to Show Device Names.

The insight recommendation for this insight can be switched from manual to AI-driven by changing the AP configuration. The recommended SNR Signal-to-Noise Ratio. SNR is used for comparing the level of a desired signal with the level of background noise. threshold values for the Local Probe Request Threshold and Min RSSI for Auth Request can be applied automatically (AI-driven) or updated manually to the impacted APs whenever this insight is triggered. You can update the AP to AI-driven mode directly from the AI Insight page by clicking the Update button or you can also change the configuration settings from the AP configuration page.
In the AP configuration page, Advanced Settings, you must set the Local Probe Request Threshold and Min RSSI for Auth Request to either of the following:

  • Automatic—The AP is switched to AI-driven mode. In this approach the values recommended by the insight are applied automatically whenever the insight is triggered.
  • Manual—The AP is switched to manual mode. In this approach the values recommended by the insight should be applied manually by the user.

If there is no SNR recommendation value from this insight, the AP uses the previously configured recommended default value.

For more information, see Outdoor Clients Impacting Wi-Fi Performance.

DNS Queries Failed to Reach or Return from the Server

In this insight a new Loss pattern card is added to show persistent DNS loss patterns observed in the network. This insight operates by identifying similar failure events observed during the DNS resolution stage between entities (site, server, AP) and groups them into a set of specific loss patterns. These patterns help network administrators to identify which combination of DNS server and AP setting result in DNS loss events in single or multiple sites in the network.

For more information, see the following help pages:

Alerts and Events

The following alert and event enhancements are introduced in this release:

Suppress Alerts

In the Site context, while suppressing alert notifications, you can select Override or Append to either override or append the configured email addresses to receive notifications when an individual or site level alter alert is generated. You can also override or append the configured default recipient email list to receive alert notifications.

For more information, see Suppressing Alert Notifications in the Site Dashboard and Adding Default Recipients.

Filter Events

The Events table columns enables filtration and search ability at all levels. It also allows free text search to enhance the search capability. You can also copy and paste text on the column headers to improve the search mechanism.

For more information, see Viewing Events in List view.

Client Event Filter

Aruba Central allows you to troubleshoot issues related to a wired or wireless client connected to IAPs. The Events tab in the client context provides a detailed drill-down capability to filter events further to identity a specific issue and perform troubleshooting in both List and Summary view. It provides an aggregate view of events in different categories to provide a deep insight to the client's health.

For more information, see Client Events.

Dynamic Logs

The Dynamic Logs feature enables Aruba Central to dynamically run CLI commands on IAPs or APs and gateways to collect the output as logs, which can be used for troubleshooting device issues. Dynamic Logs sends notification to the Aruba Support team when failure events are generated in the network.

To collect dynamic logs on IAPs, the recommended firmware version is ArubaOS 8.5.0.0 and later. Whereas for gateways, the recommended firmware version is ArubaOS 8.6.0.4-2.2.0.0 and later. Dynamic Logs is supported on gateways with AOS 10.1.0.0 and later versions.

Dynamic Logs also support dynamic packet capture (PCAP) for wireless clients connected to IAPs. You can filter Dynamic Logs events based on event types.

For more information, see Dynamic Logs.

Reports

The following enhancements are added to reports.

Wired Client Support in Client and Network Reports

  • The explicit details for the wired clients are available in the Client Inventory, Client Usage, Client Session, and Network reports.
    • In the Client Inventory report, the Client Count by Connection Type table displays the client count by wireless and wired connection type.
    • In the Client Usage report, you can filter the data in the Top Ten Clients by Usage widget by All, Connection Type (wireless, wired, or remote) or SSIDs. The inbound and outbound clients data usage metrics is displayed in the Client Usage widget by Connection Type (wireless, wired, or remote) and client count data metrics is displayed in the Client Count widget by Connection Type (wireless, wired, or remote).

    • In the Network report, you can filter the data in the Top Ten Clients by Usage widget by All, Connection Type (wireless, wired, or remote) or SSIDs. The Wired Clients and Peak & Average Wired Data Usage widgets are also added. The client count is displayed on the time series graph in the Wired Clients widget. The inbound and outbound peak or average data usage metrics is displayed in the Peak & Average Wired Data Usage widget.

    • In the Client Session report, the Session Data By Role and Clients By Role widgets display the details by role, connection type (wireless or wired) and SSIDs. You can filter the data in the Top Ten Clients by Usage widget by All, Connection Type (wireless or wired) or SSIDs.

For more information, see Report Categories.

RF Health Report

In the RF Radio Frequency. RF refers to the electromagnetic wave frequencies within a range of 3 kHz to 300 GHz, including the frequencies used for communications or Radar signals. Health report, the Optional Widgets section is introduced to include the RF Details and IAP Uplink Usage details in the CSV Comma-Separated Values. A file format that stores tabular data in the plain text format separated by commas. format. The IAP Uplink Usage information is available only for Instant APs with Advanced license.

For more information, see Report Categories and Report Configuration Options.

Release Notes

This section provides an overview of the latest AOS 10.x release notes.