What's New in 2.5.6

Aruba Central APIs

This release introduces the following changes to Aruba Central APIs Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software..

In Aruba Central the API Gateway > Usage page provides more statistical data on API usage.

The number of API calls per day is dynamic and is based on the number of subscribed devices. By default, the value is set to 5000 API calls per day.

Listed below are the APIs introduced in this release, under the following pages: 

• Ble Beacon Service

  • [GET]:
    • /ble_cfg_beacons/{profile_id}
    • /ble_run_beacons/{profile_id}
    • /ble_beacon_profiles
  • [POST]:
    • /ble_beacon/{iot_radio_mac}/{profile_id}
  • [DELETE]:
    • /ble_beacon/{iot_radio_mac}/{profile_id}

• Authentication & Policy > Authentication and Sessions

  • [GET]:
    • /auth/air_pass/list
    • /auth/cloud_identity/list
    • /auth/{request_id}
    • /session/air_pass/list
    • /session/cloud_identity/list

• Authentication & Policy > Wi-Fi Easy Connect

  • [GET]:
    • /dpp_registration
  • [POST]:
    • /dpp_registration
    • /dpp_registration/{id}
  • [DELETE]:
    • /dpp_registration/{id}

• Configuration > AP Configuration

  • [GET]:
    • /configuration/v1/group/ssh_credential/{group_name}
    • /configuration/v1/device/ssh_credential/{serial_number_or_guid}
  • [POST]:
    • /configuration/v1/group/ssh_credential/{group_name}
    • /configuration/v1/device/ssh_credential/{serial_number_or_guid}

• Configuration > AOS-S

  • [GET]:
    • /configuration/v1/aos_switch/system/groups/{group_name}
    • /configuration/v1/aos_switch/system/devices/{device_serial}
    • /configuration/v1/aos_switch/system_time/groups/{group_name}
    • /configuration/v1/aos_switch/system_time/devices/{device_serial}
  • [PUT]:
    • /configuration/v1/aos_switch/system/groups/{group_name}
    • /configuration/v1/aos_switch/system/devices/{device_serial}
    • /configuration/v1/aos_switch/system_time/groups/{group_name}
    • /configuration/v1/aos_switch/system_time/devices/{device_serial}

• Configuration > AOS-CX

  • [GET]:
    • /configuration/v1/switch/cx/portaccess-auth
  • [POST]:
    • /configuration/v1/switch/cx/portaccess-auth

• Client Match
  • [GET]:
    • /bandsteer-6ghz-enable/v1/{tenant_id}
  • [POST]:
    • /bandsteer-6ghz-enable/v1/{tenant_id}

• MSP > Customers
  • [PUT]:
    • /msp_api/v2/customers/{customer_id
  • [POST]:
    • /msp_api/v2/customers

• MSP > Get Country code
  • [GET]:
    • /msp_api/v2/get_country_code

• MSP > Devices
  • [PUT]:
    • /msp_api/v2/{customer_id}/devices.

• Service Airgroup
  • [GET]:
    • /airgroup-config/v2/custom_services/{name}/service_ids/{service_id}/
    • /airgroup-config/v2/custom_services/{name}/service_ids/
    • /airgroup-config/v2/custom_services/{name}/
    • /airgroup-config/v2/custom_services/
  • [POST]:
    • /airgroup-config/v2/custom_services/{name}/service_ids/{service_id}/
    • /airgroup-config/v2/custom_services/{name}/
  • [PUT]:
    • /airgroup-config/v2/custom_services/{name}/service_ids/{service_id}/
    • /airgroup-config/v2/custom_services/{name}/
  • [DELETE]:
    • /airgroupconfig/v2/custom_services/{name}/service_ids/{service_id}/
    • /airgroupconfig/v2/custom_services/{name}/

• VisualRF > Import
  • [GET]:
    • /visualrf_api/v1/restore_sites/status
  • [POST]:
    • /visualrf_api/v1/restore_sites

• VisualRF > Anonymization 
  • [GET]:
    • /visualrf_api/v1/anonymization
  • [POST]:
    • /visualrf_api/v1/anonymization
  • [DELETE]:
    • /visualrf_api/v1/anonymization

For more information, see Changes to Aruba Central APIs.

AirGroup Custom Services

AirGroup allows administrators to define and add custom services in addition to the seven predefined services.

For more information, see AirGroup.

AirGroup Support for Wired Devices

AirGroup supports wired devices in underlay deployments. For more information, see AirGroup.

AirMatch Channel Quality Metric

The AirMatch channel quality metric enhances the channel computation during high retry-rate conditions, non WiFi interference, MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. error, or PHY error conditions. Based on channel quality metric, AirMatch avoids the impacted channels for a predefined period of time.

For more information, see Enabling Channel Quality Metric..

AirMatch Threshold per Band

AirMatch supports per band Band refers to a specified range of frequencies of electromagnetic radiation. thresholds at the global configuration level. The AirMatch thresholds can be defined separately for 2.4 GHz Gigahertz., 5 GHz, and 6 GHz radios.

For more information, see Configuring per Band AirMatch Threshold.

AirMatch 160 MHz Support

AirMatch supports 160 MHz Megahertz bandwidth on the 5 GHz and 6 GHz radios of access points.

For more information, see AirMatch.

AOS-CX Monitoring-Only Mode

Aruba Central allows you to add AOS-CX switches to UI groups in the monitoring-only mode, for monitoring, reporting, and troubleshooting. For switches that are added in this mode, you cannot make configuration changes using the UI group in which they are added.

For more information, see Monitoring-Only Mode for AOS-CX Switches.

BLE Beacons Monitoring Support

Aruba Central supports monitoring the BLE Bluetooth Low Energy. The BLE functionality is offered by Bluetooth® to enable devices to run for long durations with low power consumption. beacons configured in the Devices > Access Points > List view page, for access points running ArubaOS 8.11.0.0.

For more information, see BLE Beacons Table.

Cloud Authentication and Policy

Listed below are the features introduced for Cloud Authentication and Policy, in this release: 

• Default Policy Mapping is supported for user and client policies. With this policy, users and clients can assign roles to the unspecified user groups and client profile tags.

  For more information, see Configuring User Access Policy and Configuring Client Access Policy.

• Cloud Authentication and Policy is enabled for tenants that are managed within the MSP account.

  For more information, see Configuring Cloud Authentication and Policy .

• The Cloud Authentication server enables the Multi Pre-Shared Key (MPSK Multi Pre-Shared Key. The Cloud Authentication and Policy server enables MPSK in a WLAN network in Aruba Central, to provide seamless wireless network connection to the end-users and client devices.) in a WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. network in Aruba Central. The feature provides a seamless wireless network connection to the end-users and client devices. The MPSK feature is supported in the Underlay deployment mode only.

  For more information, see Configuring MPSK.

  Requires ArubaOS 10 ArubaOS 10 (AOS 10) is the distributed network operating system working with Aruba Central that controls Aruba Access Points (APs) and optional gateways..4 and higher.

• The Aruba Central supports configuring Cloud Auth server in a wired network for IAP devices.

  For more information, see Configuring Wired Port on an AP or IAP.

• Cloud Authentication and Policy support is added for AOS-CX switch to manage network access.

  For more information see, Configuring AOS-CX for Cloud Authentication and Policy.

• Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. Easy Connect uses Device Provisioning Protocol (DPP Device Provisioning Protocol. DPP is a provisioning protocol certified by the Wi-Fi Alliance that allows onboarding IoT devices easily, securely, and on a large scale.) which enables easy configuration and provisioning of IoT Internet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet. Wi-Fi devices using Aruba User Experience Insight (UXI User Experience Insight. The Aruba UXI devices support Wi-Fi Easy Connect and can be deployed and onboarded easily and securely.) sensors.

  For more information, see Configuring Wi-Fi Easy Connect for UXI Sensors.

  Wi-Fi Easy Connect is supported on AP underlay deployments and requires ArubaOS 10.4 and higher.

• Using the self-service portal end-users can revoke certificates for one or more devices. Cloud Authentication and Policy also provides automatic revocation of profiles and certificates of deleted users.

  For more information, see Revoking Client Certificates.

• Captive Portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. is supported for Cloud Authentication and Policy. Captive Portal provides an authentication method for guest users to access network resources. For more information, see Captive Portal for Cloud Authentication and Policy. This is a selectively available feature. Contact your Aruba Account Manager to enable it in your Aruba Central account.

ClientMatch

ClientMatch identifies wireless clients that do not get the required level of service from the AP to which they are currently associated and intelligently steers them to an AP that can provide better service.

For more information, see ClientMatch.

Device Provisioning Protocol

Device Provisioning Protocol allows onboarding IoT devices easily, securely, and on a large scale.

For more information, see Device Provisioning Protocol.

Device Replacement

Device Replacement allows replacing a faulty device with a new device using the Device Replacement tile. The existing attributes and configurations of the faulty device are inherited by the new device. In the Global dashboard, navigate to Maintain > Organization > Network Structure to access the Device Replacement tile.

For more information, see Device Replacement.

Flexible Dual Band

The Flexible Dual Band parameter in the Access Points > Radio tab in Aruba Central supports configuring a flexible dual radio band mode on AP-615 access points.

For more information, see Configuring Device Parameters .

MSP support for Air Pass

Air Pass is enabled for tenants that are managed within the MSP account.

For more information, see Air Pass Overview and Configuring Air Pass in a WLAN Network for Guest Users.

Resource Management Information Element (RRM IE) Profiles

Aruba Central supports the Radio Resource Management Information Element (RRM IE) profiles advertised by the AP. You can configure the RRM IE profiles on the Services > RRM IE Profile WebUI page.

For more information, see Configuring RRM IE Profile.

You can assign the RRM IE profiles to the radio profiles on the Radios > RF Radio Frequency. RF refers to the electromagnetic wave frequencies within a range of 3 kHz to 300 GHz, including the frequencies used for communications or Radar signals. > Radio WebUI page.

For more information, see Configuring Radio Parameters.

Restricting Access to Group-Level Configuration

Using the HPE GreenLake portal, you can now restrict users to device-level configuration access by configuring appropriate options in the Central Permissions page. This feature allows the users to only view the device configuration pages and the Configuration Audit page at the group-level, but users will have edit access at the device-level.

For more information, see Restricting Access to Group-Level Configuration

Support for AP-615

Aruba Central introduces configuring and monitoring support for AP-615 access points.

For more information, see Supported Instant APs

Support for NSLookup

Aruba Central now supports NSLookup tool to conduct tests from the access point to isolate DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. issues.

For more information, see Network Check.

UTB Filter Block

The UTB Filter Block on the System > General WebUI page allows you to control the band on which the Ultra Tri-Band (UTB) limitation is applied in the regulatory-domain-profile.

For more information, see Configuring System Parameters for an AP .

160 MHz ARM Support

The 160 MHz Support toggle switch is added to the RF > Adaptive Radio Management (ARM) > Access Point Control page in Aruba Central.

For more information, see Configuring ARM Features.

Aruba Central APIs

Listed below are the APIs enhanced in this release, under the following pages:

• VisualRF > Client Location
  • [GET]:
    • /visualrf_api/v1/floor/{floor_id}/client_location
    • /visualrf_api/v1/client_location/{macaddr}

• VisualRF > Rogue Location
  • [GET]:
    • /visualrf_api/v1/floor/{floor_id}/rogue_location
    • /visualrf_api/v1/rogue_location/{macaddr}

• User Management> Users
  • [GET]:
    • /platform/rbac/v1/users
  • [POST The HTTP POST method is used for transferring data from a client (browser) to a server using the HTTP protocol. The POST method is considered a secure way of transferring data from a client as it carries the request parameter in the message body and does not append it in the URL string.]:
    • /platform/rbac/v1/users}
    • /platform/rbac/v1/users/{user_id}/password
    • /platform/rbac/v1/users/{user_id}/password/reset
  • [PATCH]:
    • /platform/rbac/v1/users/{user_id}

• User Management> Roles
  • [GET]:
    • /platform/rbac/v1/roles
    • /platform/rbac/v1/apps/{app_name}/roles/{rolename}
  • [POST]:
    • /platform/rbac/v1/apps/{app_name}/roles
  • [PATCH]:
    • /platform/rbac/v1/apps/{app_name}/roles/{rolename}
  • [DELETE]:
    • /platform/rbac/v1/apps/{app_name}/roles/{rolename}

• Service Airmatch
  • [GET]:
    • /airmatchconfig/v1/node_list/{node_type}/{node_d}/config/system/
    • /airmatchconfig/v1/node_list/{node_type}/{node_id}/config/
    • airmatchconfig/v1/node_list/{node_type}/{node_id}/
  • [POST]:
    • /airmatchconfig/v1/node_list/{node_type}/{node_id}/config/system/
    • /airmatchconfig/v1/node_list/{node_type}/{node_id}/config/
  • [PUT]:
    • /airmatchconfig/v1/node_list/{node_type}/{node_id}/config/system/
    • /airmatchconfig/v1/node_list/{node_type}/{node_id}/config/

• Monitoring > Site:

  • [POST]:
    • /central/v2/sites
  • [PATCH]:
    • /central/v2/sites/{site_id}
  • [DELETE]:
    • /central/v2/sites/{site_id}

• Monitoring > Label
  • [DELETE]:
    • /central/v1/labels/{label_id}

• MSP > Customers
  • [DELETE]:
    • /msp_api /v1/customers/{customer_id}

• Configuration > Devices
  • [GET]:
    • /configuration/v1/devices/{device_serial}/configuration

You can now use the device serial number of AOS 10.x APs to call APIs in the following categories:
• Configuration > WLAN Configuration
• Configuration > AP Configuration

These APIs were listed as deprecated in Aruba Central 2.5.4, however they are re-introduced back in Aruba Central 2.5.6.

• VisualRF > Floorplan
  • [GET]:
    • /visualrf_api/v1/campus
    • /visualrf_api/v1/campus/{campus_id}

The following APIs are removed:
• Service Cloud Security
  • [GET GET refers HTTP request method or an SNMP operation method. The GET HTTP request method submits data to be processed to a specified resource. The GET SNMP operation method obtains information from the Management Information Base (MIB).]
    • /cloud-securityconfig/v1/node_list/
    • /cloud-securityconfig/v1/node_list/{node_type}/{node_id}/config/
    • /cloud-securityconfig/v1/node_list/{node_type}/{node_id}/config/zscaler/

For more information, see Changes to Aruba Central APIs.

Aruba Central NetConductor

The Edge Edge is a device persona that connects endpoints to the fabric.-to-cloud network and security framework is designed to tackle the complex problems of an enterprise network within a site or campus (wired and wireless) and across sites with Aruba SD-Branch or 3rd party WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance.. NetConductor offers Role-based Segmentation, Intelligent Overlays, and Automation and AI Artificial intelligence (AI) is the simulation of human intelligence processes by machines, especially computer systems. AI reduces trouble tickets by identifying the network entity that is facing problems through event correlation and root cause analysis. Ops.

The following is a list of the enhancements introduced in Aruba Central NetConductor:

• You can now configure custom policy rules on switches using the MultiEdit MultiEdit mode allows configuring single or multiple AOS-CX switches using the CLI syntax. You can also view the difference between the Central running configuration and the switch running configuration. mode with sequence numbers above 9999. For more information, see Global Client Roles.

• Multiple DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  relays can be added manually when configuring the overlay segment. For more information, see Fabric Provisioning Wizard.

• The Maximum Transmission Unit setting default value is set to 9198 to avoid fragmentation within the fabric. For more information, see Static VXLAN Tunnels on AOS 10 Gateways.

• A default overlay network is created automatically. You can create, move or delete an additional overlay network. Personas under the VSX Virtual Switching Extension. VSX is a virtualization technology for aggregation/core switches running the AOS-CX operating system. This solution lets the switches present as one virtualized switch in critical areas. pair should be the same. For more information, see Fabric Provisioning Wizard.

• Aruba Central NetConductor is now available to all existing Aruba Central users. For more information, see Aruba Central NetConductor .

• AOS-CX 6300 Switch Series and AOS-CX 8400 Switch Series is supported from this release. For more information, see Supported Devices.

• Aruba Central NetConductor allows you to view the existing User-based Tunneling and Static VXLAN Virtual Extensible LAN creates virtual networks overlaid on a physical network. tunnels on Cluster Gateways. For more information, see Static VXLAN Tunnels on AOS 10 Gateways.

• Aruba Central NetConductor allows you to view newly created or existing fabrics. For more information, see Fabric Provisioning Wizard.

Fabric Provisioning Wizard Prerequisites

Before provisioning the overlay fabric using Aruba Central, ensure that the following prerequisites are fulfilled:

• All devices should be on firmware version 10.10.1020 and above.

• At least one instance of OSPF Open Shortest Path First. OSPF is a link-state routing protocol for IP networks. It uses a link-state routing algorithm and falls into the group of interior routing protocols that operates within a single Autonomous System (AS). or BGP Border Gateway Protocol. BGP is a routing protocol for exchanging data and information between different host gateways or autonomous systems on the Internet. should be configured on all devices of the overlay fabric.

• OSPF or BGP router ID is the IP address of an existing loopback interface.

• OSPF or BGP is configured on at least two loopback interfaces (one is used for OSPF and BGP, and the other for the VXLAN source IP).

• The Virtual MAC should be assigned to the Primary and Secondary switches of the VSX Pair. The Virtual MAC is auto-generated and pushed to stand alone devices and VSF Virtual Switching Framework. VSF allows network administrators to stack multiple individual switches into a single logical device using standard Ethernet links. conductors only.

For more information, see Fabric Provisioning Wizard.

Alerts

The following alerts are added in this release:

Stack Link Status Change

A new AOS-CX switch alert is added to the alerts configuration page. This alert is generated when there is a change in the VSF link between AOS-CX switch stack members.

For more information, see AOS-CX Switch Alerts.

Critical hardware fault, thermal failure

These AOS-CX alerts are part of the Switch Hardware Failure alert. These alerts are generated when there is a critical hardware fault or when the temperature of the switch crosses the lower or higher threshold.

For more information, see AOS-CX Switch Alerts.

Switch Reboot (AOS-CX)

A new AOS-CX switch alert is added to the alerts configuration page. This alert is generated when the switch reboots, crashes, or when the Redundancy Switchover action is executed on the active module in the switch.

For more information, see AOS-CX Switch Alerts.

Switch Uplink Port Status Change

A new AOS-S switch alert is added to the alerts configuration page. This alert is generated when there is a change in the status of the uplink port.

For more information, see AOS-S Switch Alerts.

Branch Gateway

Branch Gateway Cluster Deployment

Aruba Central now mitigates underlay/overlay client traffic issues and reduces the delay in publishing bucket map, VDG, and DDG in Branch Gateway cluster deployments. The bucket map, VDG, and DDG are published based on the client load on each node (leader and member) in a cluster.

For more information, see Automatic Cluster Configuration for Branch Gateway Groups.

Branch Gateways in Branch Mesh Topology

You can configure up to 128 Branch Gateways in a branch mesh topology.

For more information, see Important Points to Note.

Channels Supported on Instant Access Point

Information about channels supported by APs is now available in Aruba Central. For more information, see Configuring Device Parameters .

Ekahau Floor Plan Import

Floor plans designed using the Ekahau software can be imported into Aruba Central. For more information, see Importing a Floor Plan.

Encrypting credentials on AOS-S Switches using Templates

Aruba Central now allows encrypting credentials on AOS-S switches using templates. The encrypt credentials support allows storing, displaying, and transferring of credentials in the encrypted form.

For more information, see Encrypting Credentials on AOS-S Switches using Templates.

Export Reports and Access Request List

The Export as CSV Comma-Separated Values. A file format that stores tabular data in the plain text format separated by commas. icon added to the Access Requests table under the Authentication and Policy tab, enables you to download the access request and the sessions list in CSV file format.

For more information, see Viewing Access Request List and Viewing Sessions List.

Filtering Capability on Instant Access Point List

Aruba Central allows you to filter the Device Name, IP Address, and Virtual Controller in the access points table on Access Points > List page.

For more information, see Monitoring IAPs in List View.

Firmware Upgrade Recommendations for Access Points Using AIOps

Aruba Central now utilizes an AIOps based firmware recommendation for access points. The AIOps recommender engine provides a firmware version that is valid, safe, and optimal for the networking needs of the user. The AIOps recommender engine learns and determines pattern from the last six months of data to recommend the optimal firmware version for the varying networking needs of a user.

For more information, see:

• Managing Firmware Upgrades for Access Points
• Managing Firmware Upgrades

Instant Access Point Crash Log Support

Aruba Central supports capturing of crash log for Instant Access Point. For more information, see Dynamic Logs.

Microbranch APs Transport Health

The health information for Microbranch APs uplinks can now be monitored. The uplinks information is added to the WAN Interfaces table under WAN Health > Transport for IAP monitoring purpose. For more information, see WAN Health—Transport.

Passpoint Service Profile Options

The Radius Location Data and Radius Chargeable User Identity parameters have been added to Passpoint Passpoint is a Wi-Fi certified solution that enables the mobile devices to automatically authenticate on enterprise Wi-Fi networks using their cellular credentials. Service Profile to enable the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server to identify the location of the user and to assist with gathering the roaming details of the user. For more information, see Configuring a Passpoint Service Profile in a WLAN Network

Security Compliance Report

The Radio column is added to the Security Compliance report.

For more information, see Report Categories.

Sites and Labels

You can now create a site using latitude and longitude values. This helps to accurately display the building on a map with the same address.

Aruba Central restricts the use of words like Default, Default Site, Default_Site, and Default-Site as the site name.

The site deletion icon is available only when all devices are disassociated from the site. The label deletion icon is available only when the label is not assigned to any device.

For more information, see Managing Sites and Managing Labels.

Supported Events

The Events table under Analyze > Alerts & Events > Events lists new client and AP events.

For more information, see Supported IAP Events and Supported Client Events .

Supported Hubs in Data Center Table

You can now add a maximum of sixteen hubs in the Data Center table.

For more information, see Setting Data Center Preference.

For more information, see Threats List.

WIDS Events

The Manage >Security > RAPIDS > IDS tab provides a summary of the total number of infrastructure and client attacks detected for a given duration. The WIDS Wireless Intrusion Detection System. WIDS is an application that detects the attacks on a wireless network or wireless system. Events table now displays the event types in a more synchronized manner and filters out the duplicate events for a better visibility. The event types are categorized based on levels, High, Medium, and Low.

For more information, see WIDS Events.

AOS-CX Troubleshooting

In this version of Aruba Central, new show commands have been introduced to troubleshoot AOS-CX switches.

For information on the show commands, see AOS-CX Commands.