What's New

The following sections provide an overview of the new features and enhancements that are added to Aruba Central 2.5.7 and ArubaOS 10.5 release.

Central 2.5.7
ArubaOS 10.5
New Features
Enhancements

AI Insights

The following new insight is added in the AI Insight dashboard:

NTP Server Unreachable—If a network device is unable to communicate to an NTP server, this insight helps administrators to prevent clock drift in the network that can impact the usefulness of the telemetry data. For more information, see NTP Server Unreachable.

Listed below are APIs introduced in this release: 

API Category New APIs

Authentication & Policy > Client Policy

  • [PUT] /cloudAuth/api/v3/client_policy/reset

Authentication & Policy > Download

  • [GET] /cloudAuth/api/v2/download/mpsk
  • [GET] /cloudAuth/api/v3/bulk/mac

Authentication & Policy > MPSK Networks Configs

  • [GET] /cloudAuth/api/v2/mpsk
  • [GET] /cloudAuth/api/v2/mpsk/{mpsk_id}
  • [GET] /cloudAuth/api/v2/mpsk/{mpsk_id}/namedMPSK
  • [GET] /cloudAuth/api/v2/mpsk/{mpsk_id}/namedMPSK/{named_mpsk_id}
  • [GET] /cloudAuth/api/v2/usage/mpsk
  • [PATCH] /cloudAuth/api/v2/mpsk/{mpsk_id}/namedMPSK/{named_mpsk_id}
  • [POST] /cloudAuth/api/v2/mpsk
  • [POST] /cloudAuth/api/v2/mpsk/{mpsk_id}/namedMPSK /v2/mpsk
  • [PUT] /cloudAuth/api/v2/mpsk/{mpsk_id}
  • [PUT] /cloudAuth/api/v2/mpsk/{mpsk_id}/namedMPSK/{named_mpsk_id}
  • [DELETE] /cloudAuth/api/v2/mpsk/{mpsk_id}
  • [DELETE] /cloudAuth/api/v2/mpsk/{mpsk_id}/namedMPSK/{named_mpsk_id}

Authentication & Policy > File Upload

 

 

 

  • [GET] /cloudauth/api/v3/bulk/{upload_type}/status
  • [GET] /cloudauth/api/v3/bulk/{upload_type}/error
  • [POST] /cloudauth/api/v3/bulk/{upload_type}
  • [PUT] /cloudauth/api/v3/bulk/{upload_type}/terminate

Authentication & Policy > MAC Registration

  • [GET] /cloudauth/api/v3/client/mac/registration
  • [POST] /cloudauth/api/v3/client/mac/registration
  • [PATCH] /cloudauth/api/v3/client/mac/registration/{mac_address}
  • [DELETE] /cloudauth/api/v3/client/mac/registration/{mac_address}

Authentication & Policy > User Policy

  • [PUT] /cloudAuth/api/v3/user_policy/reset

Authentication & Policy > User Management

  • [GET] /cloudauth/api/v3/user/certificate

  • [POST] /cloudauth/api/v3/user/certificate/revocation

Cloud Connect

  • [GET] /cloud-connect/topology-scan
  • [GET] /cloud-connect/topology-eps
  • [GET] /cloud-connect/zscaler/node-scan
  • [GET] /cloud-connect/vlan-cfg
  • [GET] /cloud-connect/config-summary
  • [GET] /cloud-connect/v1/tunnel-policy-config-metadata
  • [GET] /cloud-connect/v1/tunnel-policy-config/{policy_name}
  • [POST] /cloud-connect/v1/node_list/{node_id}/config/custom
  • [POST] /cloud-connect/v1/node_list/{node_id}/config/zscaler
  • [POST] /cloud-connect/v1/node_list/{node_id}/config/aws
  • [POST] /cloud-connect/v1/node_list/{node_id}/config/azure
  • [POST] /cloud-connect/v1/tunnel-policy-config/{policy_name}
  • [PUT] /cloud-connect/v1/node_list/{node_id}/config/custom
  • [PUT] /cloud-connect/v1/node_list/{node_id}/config/zscaler
  • [PUT] /cloud-connect/v1/node_list/{node_id}/config/aws
  • [PUT] /cloud-connect/v1/node_list/{node_id}/config/azure
  • [PUT] /cloud-connect/v1/tunnel-policy-config/{policy_name}
  • [DELETE] /cloud-connect/v1/node_list/{node_id}/config/custom
  • [DELETE] /cloud-connect/v1/node_list/{node_id}/config/zscaler
  • [DELETE] /cloud-connect/v1/node_list/{node_id}/config/aws
  • [DELETE] /cloud-connect/v1/node_list/{node_id}/config/azure
  • [DELETE] /cloud-connect/v1/tunnel-policy-config/{policy_name}

Install Manager > Sites

  • [POST] /v1/update_site_status

Service RAPIDS > Aruba Rapids

 

 

 

  • [GET] /rapids-config/v1/node_list/{node_type}/{node_id}/config/
  • [GET] /rapids-config/v1/node_list/{node_type}/{node_id}/config/classification_rule/
  • [GET] /rapids-config/v1/node_list/{node_type}/{node_id}/config/classification_rule/{rule_name}/
  • [GET] /rapids-config/v1/node_list/{node_type}/{node_id}/config/classification_rule/{rule_name}/match_criteria/
  • [GET] /rapids-config/v1/node_list/{node_type}/{node_id}/config/classification_rules/{rule_name}/match_criteria/site_excludes/
  • [GET] /rapids-config/v1/node_list/{node_type}/{node_id}/config/classification_rules/{rule_name}/match_criteria/site_excludes/{name}/
  • [GET] /rapids-config/v1/node_list/{node_type}/{node_id}/config/classification_rules/{rule_name}/match_criteria/site_includes/
  • [GET] /rapids-config/v1/node_list/{node_type}/{node_id}/config/classification_rules/{rule_name}/match_criteria/site_includes/{name}/
  • [GET] /rapids-config/v1/node_list/{node_type}/{node_id}/config/classification_rules/{rule_name}/match_criteria/ssid_excludes/
  • [GET] /rapids-config/v1/node_list/{node_type}/{node_id}/config/classification_rules/{rule_name}/match_criteria/ssid_excludes/{essid}/
  • [GET] /rapids-config/v1/node_list/{node_type}/{node_id}/config/classification_rules/{rule_name}/match_criteria/ssid_includes/
  • [GET] /rapids-config/v1/node_list/{node_type}/{node_id}/config/classification_rules/{rule_name}/match_criteria/ssid_includes/{essid}/
  • [POST] /rapids-config/v1/node_list/{node_type}/{node_id}/config/
  • [POST] /rapids-config/v1/node_list/{node_type}/{node_id}/config/classification_rule/{rule_name}/match_criteria/
  • [POST] /rapids-config/v1/node_list/{node_type}/{node_id}/config/classification_rules/{rule_name}/match_criteria/site_excludes/{name}/
  • [POST] /rapids-config/v1/node_list/{node_type}/{node_id}/config/classification_rules/{rule_name}/match_criteria/ssid_excludes/{essid}/
  • [POST] /rapids-config/v1/node_list/{node_type}/{node_id}/config/classification_rules/{rule_name}/match_criteria/ssid_includes/{essid}/
  • [PUT] /rapids-config/v1/node_list/{node_type}/{node_id}/config//rapids-config/v1/node_list/{node_type}/node_id}/config/classification_rule/{rule_name}/
  • [PUT] /rapids-config/v1/node_list/{node_type}/{node_id}/config/classification_rule/{rule_name}/match_criteria/
  • [PUT] /rapids-config/v1/node_list/{node_type}/{node_id}/config/classification_rules/{rule_name}/match_criteria/site_excludes/{name}/
  • [PUT] /rapids-config/v1/node_list/{node_type}/{node_id}/config/classification_rules/{rule_name}/match_criteria/site_includes/{name}/
  • [PUT] /rapids-config/v1/node_list/{node_type}/{node_id}/config/classification_rules/{rule_name}/match_criteria/ssid_excludes/{essid}/
  • [PUT] /rapids-config/v1/node_list/{node_type}/{node_id}/config/classification_rules/{rule_name}/match_criteria/ssid_includes/{essid}/
  • [DELETE] /rapids-config/v1/node_list/{node_type}/{node_id}/config/
  • [DELETE] /rapids-config/v1/node_list/{node_type}/{node_id}/config/classification_rule/{rule_name}/
  • [DELETE] /rapids-config/v1/node_list/{node_type}/{node_id}/config/classification_rule/{rule_name}/match_criteria/
  • [DELETE] /rapids-config/v1/node_list/{node_type}/{node_id}/config/classification_rules/{rule_name}/match_criteria/site_excludes/{name}/
  • [DELETE] /rapids-config/v1/node_list/{node_type}/{node_id}/config/classification_rules/{rule_name}/match_criteria/site_includes/{name}/
  • [DELETE] /rapids-config/v1/node_list/{node_type}/{node_id}/config/classification_rules/{rule_name}/match_criteria/ssid_excludes/{essid}/
  • [DELETE] /rapids-config/v1/node_list/{node_type}/{node_id}/config/classification_rules/{rule_name}/match_criteria/ssid_includes/{essid}/

VisualRF > GeoFence

  • [GET] /visualrf_api/v1/geofence
  • [POST] /visualrf_api/v1/geofence
  • [DELETE] /visualrf_api/v1/geofence

For more information, see Changes to Aruba Central APIs

Support for LTE Firmware Upgrade

Aruba Central now supports LTE firmware upgrade for Aruba USB LTE modem capable gateways and APs when new LTE firmware versions are available.

LTE modem firmware upgrade in Aruba Central is supported for the following devices:

  • Gateways

    • 9000 Series

    • 9012

    • 7000 Series

  • APs including microbranch

    • AP-303H, AP-303HR, AP-304, AP-305, AP-314, AP-315, AP-324, AP-325, AP-334, AP-335

    • AP-504, AP-505, AP-505H, AP-505HR, AP-514, AP-515, AP-534, AP-535, AP-555, AP-635, AP-655

For more information, see Upgrade LTE Modem Firmware.

Configuring DDNS Server Profile

Aruba Central now supports configuring a public DDNS server profile for an AP to which the AP will send updates. A maximum of three DDNS profiles can be configured. However, only one DDNS profile can be assigned to the DL3 DHCP profile and the AP at any given time.

For more information, see the following topics:

Configuring External Antenna in a Group Context

Aruba Central now allows you to configure the external antenna in a group context. If an AP has external antenna connectors, you need to configure the transmit power of the system. The configuration must ensure that the system’s EIRP is in compliance with the limit specified by the regulatory authority of the country in which the AP is deployed. For more information, see Configuring External Antenna.

Configuring PMK Cache

Aruba Central now allows you to configure PMK cache stores the details of the connected clients for authenticating clients roaming between different APs. By default, the client details is stored for 8 hours after the client disconnects or gets timed out from the network. For more information, see Configure Wireless Network Profiles on APs.

Configuring USB Port Policy

Aruba Central now allows you to configure USB ACL profiles that consists of one or more permit or deny rules for supported USB vendor product names. For more information, see Configuring USB ACL Profiles

Support for Maximum Number of Clients

Aruba Central now allows you to configure maximum number of 1024 clients that can be configured for each BSSID on a WLAN. Specify max, MAX, or 1024 in the Max clients threshold text-box to set the maximum number of clients. For more information, see Configure Wireless Network Profiles on APs.

Support for UNII-4 Channels

Aruba Central now supports UNII-4 channels (169-177) on 630 Series and 650 Series access points.

Support for WPA3 Transition

Aruba Central now supports WPA3 Transition mode that allows WPA2 and WPA3 clients to be on the same SSID. The WPA3 Transition is available only when WPA-3 Enterprise(CCM 128) option is selected from the Key Management drop-down list for Enterprise security level. For more information, see Configure Wireless Network Profiles on APs.

Cable Test Support for AOS-CX Switches

Aruba Central now supports cable test for AOS-CX switches. This enables testing of the electrical connections in the switch cable. For more information, see Troubleshooting Switch Issues.

Configuring Client Events for AOS-CX

Users can configure client events to generate authentication and DHCP events of clients. For more information, see Configuring Authentication and DHCP Related Client Events on AOS-CX

Configuring Port Profiles on AOS-CX

Port profiles is a feature that allows you to configure interface-specific commands at the group level through an editor that supports syntax and semantic checking. For more information, see Configuring Port Profiles on AOS-CX.

Configuring RADIUS Server Settings on AOS-S Switches

Aruba Central supports Window Size and Time Window as the RADIUS server parameters.

Configuring Switch Ports on AOS-S Switches

Aruba Central allows the user to enable/disable the unsupported transceivers (third-party transceivers).

Configuring System Access for AOS-S Switches

Aruba Central supports the following new features:

  • TELNET toggle switch - Allows the user to enable or disable the login access via the TELNET server.

  • Management Authentication - Allows the user to select either RADIUS, TACACS, LOCAL as the primary management authentication server.

  • MOTD Login Banner - Allows the user to enter the message to be displayed before the login prompt.

For more information, see Configuring System Access and DNS Parameters for AOS-S Switches.

Configuring TACACS Server Settings on AOS-S Switches

Aruba Central now allows the user to configure TACACS server settings. For more information, see Configuring TACACS Server Settings on AOS-S Switches.

Device Override Visualization

Users can now view the local override configuration details of a switch or its group. For more information, see Configuration Status of AOS-CX Switches

Aruba Central NetConductor

Listed below are the features introduced for Aruba Central NetConductor, in this release: 

  • Users can configure underlay network in Aruba Central NetConductor.

    For more information, see Network Wizard Overview Network Wizard .

  • Aruba Central NetConductor now provides a re-sync button to resolve configuration conflicts within existing overlay fabrics. This button is only available when a configuration conflicts exists.

    For more information, see Overlay Fabric Overview Overlay Fabric Overview .

  • Aruba Central NetConductor now supports Layer 2 overlay segments for the default gateways.

    For more information, see Overlay Segment Overview Overlay Segment Overview .

Cloud Authentication and Policy

Listed below are the features introduced for Cloud Authentication and Policy, in this release: 

  • Cloud Authentication and Policy server supports Multi Pre-Shared Key (MPSK) which is used to authenticate users to connect to the MPSK network. You can create and manage an MPSK network, configure MPSKs, create and manage named MPSKs. For more information, see Named MPSK.

  • Cloud Authentication and Policy server supports Captive Portal, an authentication method for guest users to access network resources. This is now a general availability feature. Using Cloud Guest, users can connect their devices through AP or IAP wired ports. For more information, see Configure Captive Portal.

  • Cloud Authentication and Policy supports wired authentication for clients connecting to branch gateways. Cloud Authentication and Policy can be enabled to perform 802.1X, MAC, or Cloud Guest authentication. For more info, see Cloud Authentication and Policy for Gateways and Configuring Cloud Authentication and Policy for Gateways using Cloud Guest.

Custom Cloud Connect Service

Aruba Central now allows you to integrate SD-Branch Gateways and Microbranch APs with Security Service Edge (SSE) providers. The Custom Cloud Connect Service provides network administrators with a mechanism to efficiently orchestrate the connectivity between Aruba devices with cloud enforcement points from leading SSE providers such as HPE Aruba Networking SSE, Netskope, Check Point, McAfee, PaloAlto, Symantec, iBoss, and so on. For more information, see Integrating a Custom SSE Partner in Cloud Connect.

RAPIDS

Aruba Central now allow users to enable or disable the RAPIDS feature as a whole on per customer basis. Users who want to configure rules can enable the Enable RAPIDS toggle button under Manage > Security > RAPIDS. Upon enabling the RAPIDS feature, users can see the Classification Rules table with the default configured rules. In addition to the default rules, users can configure a predefined set of customized classification criteria at the global level to determine the classification of a neighboring AP. For more information, see Configure RAPIDS.

The following Alerts & Events enhancements are introduced in this release:

IP Management System

A new alert type IP Management System is added under Alerts & Events. The following alert is added under IP Management System alert type:

IPMS Pool Capacity Alert—Generates an alert when IPMS pool allocation crosses 80% of assigned pool size. The alert is cleared when the pool capacity is below 80% of the assigned capacity in the network.

For more information, see IP Management System Alert.

Gateway Alerts

EST Enrollment Failure gateway alert now enables alert notification for all gateway devices. To view the gateway EST alert you must enable EST enrollment failure alerts under gateway alert configuration page:

EST Enrollment Failure—Generates an alert when gateway devices fail to enroll or re-enroll with the EST server. EST enrollment and re-enrollment failure alerts automatically closes after the success event is received.

For more information, see Gateway Alerts.

Access Point Alerts

DPP Attack—Generates an alert when there is a DPP-related DoS attack in the network.

For more information, see Access Point Alerts.

Connectivity Alerts

The following new authentication alert types are added in Connectivity alerts to enhance user experience by adding detailed information regarding the server IP, Auth type, number of users impacted, and percentage of users effected.

  • Wi-Fi Security Key-Exchange Failure Detected—Generates an alert when there are high number of client authentication failures (Wi-Fi Security Key-Exchange) in the network.

  • Wi-Fi Security Key-Exchange Delay Detected—Generates an alert when there is excessive delay in the client authentication (Wi-Fi Security Key-Exchange) with the AP in the network.

  • 802.1x Authentication Delay Detected—Generates an alert when there is excessive delay in the 802.1x authentication process in the network.

  • 802.1x Authentication Failure Detected—Generates an alert when there are high number of 802.1x authentication failures in the network.

  • MAC Authentication Delay Detected—Generates an alert when there is excessive delay in the MAC authentication process in the network.

  • MAC Authentication Failure Detected—Generates an alert when there are high number of MAC authentication failures in the network.

  • Captive Delay Detected—Generates an alert when there is excessive delay in the captive portal authentication process in the network.

  • Captive Failure Detected—Generates an alert when there are high number of captive portal failures in the network.

This additional categorization of the authentication alerts enable users to quickly triage the alerts and take appropriate action.

For more information, see Connectivity Alerts.

Instant Access Point Events

Support for the following events are available:

  • 802.11 Re-Association Reject event

  • Various tunnel down reasons for Tunnel Down Event

AOS-CX Switch Alerts

  • Management module failure—Generates an alert when the state of the management module changes to down or failed.

  • Line-card failure—Generates an alert when the state of the line card changes to down or failed.

  • Fan tray failure —Generates an alert when the state of the fan tray in the slot changes to down or failed.

  • Fan failure —Generates an alert when the state of the fan in the slot tray changes to fault.

  • Power supply failure—Generates an alert when the state of the power supply in the slot changes to fault input or warning.

  • Switch Uplink Port Status Change—Generates an alert when there is a change in the status of the uplink port. This alert is generated when the uplink port goes down and it is cleared when the port status is restored.

For more information, see AOS-CX Switch Alerts.

AOS-CX Switch Events

Support for the following events are available:

  • MSTP events

  • RPVST events

  • Loop protect events

For more information about the AOS-CX switch events, navigate to the AOS-CX Switch Software Documentation Portal. In the AOS-CX Switch Software Documentation portal, navigate to a switch model and click the View software feature and user guides (HTML) link. Click Software Release Version listed next to the Event Log Message Reference Guide to view the events for the software release version selected.

Listed below are APIs enhanced in this release.

API Category

Modified APIs

Authentication & Policy > Authentication and Session

  • [GET] /v1/auth/cloud_identity/list
  • [GET] /v1/auth/{request_id}

Authentication & Policy > Client Policy

  • [GET] /cloudAuth/api/v1/client_policy
  • [PUT] /cloudAuth/api/v1/client_policy

Authentication & Policy > User Policy

  • [GET]/cloudAuth/api/v1/user_policy
  • [PUT]/cloudAuth/api/v1/user_policy

Configuration > Certificates

  • [POST /configuration/v1/certificates/
  • [PUT] /configuration/v1/msp/certificate
  • [PUT] /configuration/v1/non_msp/certificate

Configuration > WLAN Configuration

  • [POST] /configuration/v2/wlan/{group_name_or_guid_or_serial_number}/{wlan_name}
  • [PUT] /configuration/v2/wlan/{group_name_or_guid_or_serial_number}/{wlan_name}
  • [PATCH] /configuration/v2/wlan/{group_name_or_guid_or_serial_number}/{wlan_name}

Firmware

  • [GET] /firmware/v1/devices
  • [GET] /firmware/v1/devices/{serial}
  • [GET] /firmware/v1/versions
  • [GET] /firmware/v1/versions/{firmware_version}
  • [GET] /firmware/v1/status
  • [GET] /firmware/v2/upgrade/compliance_version
  • [GET] /firmware/v1/upgrade/compliance_version
  • [GET] /firmware/v1/models
  • [GET] /firmware/v1/msp/upgrade/compliance_version
  • [GET] /firmware/v1/msp/upgrade/customers/{customer_id}/compliance_version
  • [GET] /firmware/v1/msp/tenants/{tenant_id}
  • [POST] /firmware/v1/upgrade
  • [POST] /firmware/v1/upgrade/cancel
  • [POST] /firmware/v1/upgrade/compliance_version
  • [POST] /firmware/v1/msp/upgrade
  • [POST] /firmware/v1/msp/upgrade/customers/{customer_id}
  • [POST] /firmware/v1/msp/upgrade/cancel
  • [POST] /firmware/v1/msp/upgrade/customers/{customer_id}/cancel
  • [POST] /firmware/v2/msp/upgrade/cancel
  • [POST] /firmware/v2/msp/upgrade/customers/{customer_id}/cancel
  • [POST] /firmware/v1/msp/upgrade/compliance_version
  • [POST] /firmware/v1/msp/upgrade/customers/{customer_id}/compliance_version
  • [DELETE] /firmware/v2/upgrade/compliance_version
  • [DELETE] /firmware/v1/msp/upgrade/compliance_version
  • [DELETE] /firmware/v1/msp/upgrade/customers/{customer_id}/compliance_version

New Device Inventory > Devices

  • [GET] /platform/device_inventory/v1/devices

New Licensing

  • [GET] /platform/licensing/v1/subscriptions

Configuration > Device

Depending on the role and group scope assigned to a users, the behavior of the APIs are updated .

  • [GET] /configuration/v1/devices/{device_serial}/group
  • [GET] /configuration/v1/devices/{device_serial}/configuration
  • [GET] /configuration/v1/devices/{device_serial}/config_details
  • [GET] /configuration/v1/devices/{device_serial}/variablised_template

Configuration > MM-MD

Depending on the role and group scope assigned to a users, the behavior of the API is updated.

  • [POST] /configuration/v1/devices/{device_serial}/recover_device

Monitoring > Switch

Depending on the role and group scope assigned to a users, the behavior of the APIs listed under Monitoring > Switch category are updated.

Monitoring > Gateway

Depending on the role and group scope assigned to a users, the behavior of the APIs listed under Monitoring > Gateway category are updated.

Listed below are APIs deprecated in this release.

API Category

Deprecated APIs

Authentication & Policy > Client Policy

  • [DELETE] /cloudAuth/api/v1/client_policy

Authentication & Policy > Client Registration

 

  • [GET] /cloudAuth/api/v1/client_registration
  • [POST] /cloudAuth/api/v1/client_registration
  • [PATCH] /cloudAuth/api/v1/client_registration/{mac_address}
  • [DELETE] /cloudAuth/api/v1/client_registration/{mac_address}

Authentication & Policy > File Upload

  • [GET] /cloudauth/api/v2/upload/{upload_type}/status
  • [GET] /cloudauth/api/v2/upload/{upload_type}/errors
  • [POST] /cloudauth/api/v2/upload/{upload_type]
  • [PUT] /cloudauth/api/v2/upload/{upload_type}/terminate

Authentication & Policy > User Policy

  • [DELETE] /cloudAuth/api/v1/user_policy

Listed below are APIs removed in this release.

API Category

Removed APIs

Rapids > SSIDs

The following APIs in the RAPIDS category are removed. You can now configure RAPIDS from the RAPIDS configuration page. For more information, see Configure RAPIDS.

  • [GET] /rapids/v1/ssid_allow
  • [GET] /rapids/v1/ssid_block
  • [POST] /rapids/v1/ssid_allow
  • [POST] /rapids/v1/ssid_block
  • [DELETE] /rapids/v1/ssid_allow
  • [DELETE] /rapids/v1/ssid_block

For more information, see Changes to Aruba Central APIs

Aruba Central supports streaming GeoFence events using streaming API. For more information, see Streaming API.

To enhance security client_id and client_secret are part of the body paraameters for custome facing Token generation APIs. For more information, see Obtaining Token Using OAuth Grant Mechanism.

Power Save

The green AP feature allows the APs to enter the power save state and wake up at the scheduled time. In the power save state, the AP will neither function nor send any AirMatch telemetry to Aruba Central. For more information, see AirMatch

IoT

Debug Commands

IoT Operations supports debug commands to troubleshoot IoT radio, BLE, ZigBee, USB, Ethernet over USB dongle, and IoT transport. For more information, see Configuring IoT Operations.

Unified Communications

Aruba Central supports only Unified Communications version 2 by default and support for Unified Communications version 1 is removed. For more information, see Unified Communications.

When any segment of either the donut graph or the bar graph in the Summary view is clicked, the List view opens and the Calls table is filtered by the segment that was clicked in the graph and the time filter. For more information, see Unified Communications List View.

The following fields are added to the Unified Communications CDR card:

  • Session Type

  • OS

  • User Role

  • BSSID

  • DSCP

  • Source Port

  • Destination Port

  • WMM Priority

The following fields are renamed in the Unified Communications CDR card:

  • AP Model from AP Type

  • Peer IP Address from Destination IP

  • Call Duration from Duration

  • Protocol Type from Application

  • SSID/Port from SSID

  • Client Name from MAC Address

The following fields are removed from the Unified Communications CDR card:

  • From

  • To

  • State

  • Termination Reason

  • In Call Roam

  • QoS Correlation

The following fields are hidden in the default view of the Unified Communications Calls table:

  • MAC Address

  • OS

  • User Role

  • Call Duration

  • IP Address

  • Peer IP Address

  • AP Name

  • AP Model

  • BSSID

  • DSCP

  • Quality Score

  • Source Port

  • Destination Port

  • WMM Priority

  • Codec

The following fields support filtering in the Unified Communications Calls table:

  • CDR ID

  • Start Time

  • Client Name

  • MAC Address

  • Call Quality

  • Client Health

  • SSID/Port

  • Protocol Type

  • Session Type

  • OS

  • User Role

  • IP Address

  • Peer IP Address

  • AP Name

  • AP Model

  • Quality Score

For more information, see Unified Communications List View.

Firmware Management for Gateway Clusters

You can now view the site information for the SD-WAN gateway clusters from the Firmware management page. Prior to this release, the site information was not available for the gateway clusters. This enhancement allows easy tracking of the site information for each cluster and helps in effective firmware management. Additionally, you can click the cluster name to view the gateways assigned to the cluster. For more information, see Firmware Management.

Generating a QR Code for Device Installation

Aruba Central now allows administrators to generate a QR code and assigning sites for device installation. By using the Aruba Installer mobile app, the technician can scan the generated QR code and install the devices on a site. For more information, see Installation Management.

Branch Mesh Configuration

To establish a branch mesh, a branch group does not require to be connected to a hub or data center. For more information, see Branch Mesh Topology in SD-Branch .

Cluster Support for VPNCs

You can now select clustered hub groups while selecting preferred data center for ArubaBranch Gateways. For more information, see Setting Data Center Preference.

Device Provisioning Protocol

Aruba Central supports extends DPP support to include the detection and reporting of DPP related Denial-of-Service attacks. DPP now supports deployment on tunneled-SSIDs and incrementally adds supports for the provisioning of PSK or SAE passphrases for DPP-enrollees. For more information, see Device Provisioning Protocol.

IPM Radio Power Reduction Steps

The IPM radio power reduction steps use radio indices (1, 0, and 2) that replace all references to the radio bands (2.4 GHz, 5 GHz, secondary 5 GHz, and 6 GHz bands) associated with radio power restrictions. Prior to this release, the IPM radio power reduction steps referred to the operating bands of the radio. This enhancement removes the association between the power reduction steps and the operating bands to simplify the IPM feature design.

Automatic Rollback Configuration for AOS-CX

Aruba Central now supports an auto-rollback mechanism for AOS-CX switches running software version 10.06 or later versions. The rollback mechanism is triggered when the switch loses its connectivity to Aruba Central after a configuration push. This feature is supported only on UI groups. For more information, see Automatic Rollback Configuration.

aruba-central support-mode no longer supported in Aruba Central

Any configuration changes made to the AOS-CX switches using the aruba-central support-mode command will no longer be absorbed by Aruba Central. If you need to make any configuration changes to the switches, it is recommended to use the Port Profiles or MultiEdit feature.

The following are the exceptions where AOS-CX switch configurations made outside Aruba Central:

  • Firmware upgrade or downgrade triggered configuration changes

  • Hardware triggered configuration changes such as adding or removing VSF stack member or chassis linecards .

  • Switch system and daemon-triggered configuration changes (For example, SNMP and NTP)

Cable Test Support for AOS-CX Switches

Aruba Central now supports cable test for AOS-CX switches. This enables testing of the electrical connections in the switch cable. For more information, see Troubleshooting Switch Issues.

Managing Local Overrides for AOS-CX

In this version of Aruba Central, users can view the local overrides of a switch or its group. For more information, see Configuration Status of AOS-CX Switches.

NAE Scripts

In this version of Aruba Central, new NAE scripts are supported. For more information, see Express Configuration on AOS-CX.

Removing Multiple Devices from a Site

Aruba Central now allows users to remove multiple devices at a time. For more information, see Managing Sites.

Replacement Details Page

You can now view the device replacement details page for a particular device by clicking on the old device serial from the Devices Under Replacement and Replacement History pages. For more information, see Device Replacement

New Features
Enhancements

AI Insights

The following new insight is added in the AI Insight dashboard:

NTP Server Unreachable—If a network device is unable to communicate to an NTP server, this is insight helps administrators to prevent clock drift in the network that can impact the usefulness of the telemetry data. For more information, see NTP Server Unreachable.

Configuring AP Management VLAN

Aruba Central now supports a management VLAN for the uplink traffic on an AP. You can configure an uplink VLAN when an AP needs to be managed from a non-native VLAN. After an AP is provisioned with the uplink management VLAN, all management traffic sent from the AP is tagged with the management VLAN. For more information, see Configuring VLANs.

Configuring DDNS Server Profile

Aruba Central now supports configuring a public DDNS server profile for an AP to which the AP will send updates. A maximum of three DDNS profiles can be configured. However, only one DDNS profile can be assigned to the DL3 DHCP profile and the AP at any given time.

For more information, see the following topics:

Configuring External Antenna in a Group Context

Aruba Central now allows you to configure the external antenna in a group context. If an AP has external antenna connectors, you need to configure the transmit power of the system. The configuration must ensure that the system’s EIRP is in compliance with the limit specified by the regulatory authority of the country in which the AP is deployed.

For more information, see the following topics:

Configuring Flex Dual Band Support

Aruba Central now supports dual band support on AP-615 access points that provides flexibility for the radios of AP-615 to operate on different radio bands. For more information, see Configuring Access Points Parameters.

Configuring Keepalive Type Messages for RadSec Servers

Aruba Central now allows you to configure Keepalive messages for Radsec servers that specifies the keepalive message type to keep the Radsec server connection alive.

For more information, see the following topics:

Configuring Local Routing Traffic

Aruba Central now allows you to enable or disable routing traffic between two clients connected to the same AP on different VLANs. When enabled, the clients can connect to the Internet but cannot communicate with each other, and the routing traffic between the clients is sent to the upstream device to make the forwarding decision.

For more information on configuring local routing traffic, see the following topics:

Configuring Loop Protection and Storm Control Broadcast

Aruba Central now supports loop protection and storm control broadcast for a wired interface. The loop protection feature detects and avoids the formation of loops on the Ethernet ports of an AP. The storm control broadcast feature shutdown the ports if the number of broadcast packets per second on one port of an AP exceeds the configured threshold. For more information, see Configuring General Network Profile Settings.

Configuring Mesh Metric Mode

Aruba Central now allows you to manage the centralized mesh service either by Aruba Central or locally by an AP. For more information, see Enterprise Mesh Network with Mesh APs.

Configuring PMK Cache

Aruba Central now allows you to configure PMK cache stores the details of the connected clients for authenticating clients roaming between different APs. By default, the client details is stored for 8 hours after the client disconnects or gets timed out from the network.

For more information, see the following topics:

Configuring PMK Cache Timeout

Aruba Central now enables you to configure the PMK cache timeout between 1-2000 hours. By default, cache expiry time is 8 hours after that client pmk cache is deleted.

You can configure PMK cache timeout through NBAPI. For more information on using APIs, refer to API Gateway.

Configuring USB Port Policy

Aruba Central now allows you to configure USB ACL profiles that consists of one or more permit or deny rules for supported USB vendor product names.

For more information, see the following topics:

Configuring WebUI Access and Management Subnets

Aruba Central now allows you to enable or disable AP WebUI access and any communications via HTTPS or SSH. Aruba Central also allows you to configure subnets to ensure that the AP management is carried out only from these subnets. When the management subnets are configured, Telnet, SSH, and UI access is restricted to these subnets only.

For more information on configuring WebUI access and restricting management subnets, see the following topics:

Fast Initial Link Setup Support for an AP in 6 GHz Only Mode

Aruba Central now supports Fast Initial Link Setup Support (FILS) for an AP in a 6 GHz only mode. If 2.4 GHz and 5 GHz VAPs are unavailable, then FILS will be automatically enabled for the 6 GHz VAPs, configured on the AP allowing the 6 GHz clients to obtain the SSID information by FILS. For more information, see Configuring Access Points Parameters.

Mesh AP Configuration Enhancements

When an AP is functioning as a Mesh AP and then, you configure mesh-cluster and mesh-band, you need not reboot the AP for the changes to take effect. For more information, see Enterprise Mesh Network with Mesh APs.

Mesh Support for AP-615

Aruba Central now extends mesh support for AP-615. The mesh link and Wi-Fi uplink features continue to operate on the band configured in the AP system profile. When the radio modes are changed, the mesh and Wi-Fi uplink modules will restart and resume on the radio defined in the existing configuration. For more information, see Enterprise Mesh Network with Mesh APs.

Mesh Support for WPA3-SAE Operating Mode

Aruba Central now provides mesh support for WPA3-SAE operating mode on all radio bands of an Aruba AP. For more information, see Enterprise Mesh Network with Mesh APs.

Support for Automatic Mode in Flex Dual Band and Split Radio

Aruba Central now supports automatic flex-dual mode for AP-615 access points that automatically sets the operating bands of radio 0 and radio 1 to 5 GHz and 2.4 GHz. Aruba Central also supports automatic split radio mode for AP-555 access points that automatically splits the radios of the AP to operate in the tri-radio mode.

For more information, see the following topics:

Support for Green AP

Aruba Central now supports the power save feature that helps save energy consumption from common equipment in various areas like airports, offices, universities, hotels and so on. Based on the feeds, the power save feature dynamically enables, disables, or reduces functionality of an allocated AP to reduce the consumption of energy. The APs that support the power save feature are also referred as Green APs.

For more information, see the following topics:

Power Save is supported in this release as a selectively available feature. Contact your Aruba Account Manager to enable it in your Aruba Central account.

Support for Maximum Number of Clients

Aruba Central now allows you to configure maximum number of 1024 clients that can be configured for each BSSID on a WLAN. Specify max, MAX, or 1024 in the Max clients threshold text-box to set the maximum number of clients.

For more information, see the following topics:

Support for WPA2-PSK-TKIP Encryption

Aruba Central now supports WPA2-PSK-TKIP encryption method for legacy IoT devices that do not support any higher strength or newer encryption methods. For more information, see Support for WPA2-PSK-TKIP.

Vendor Specific IE Exclusion

Aruba Central now allows users to configure exclusions for IDS containment based on vendor specific IE information. For more information, see Configuring Vendor Specific IE Exclusion.

The output of the show ap monitor ap-list containment-exclusion command displays the details of the APs exempted from containment.

Support for LTE Firmware Upgrade

Aruba Central now supports LTE firmware upgrade for Aruba USB LTE modem capable gateways and APs when new LTE firmware versions are available.

LTE modem firmware upgrade in Aruba Central is supported for the following devices:

  • Gateways:

    • 9000 Series

    • 9012

    • 7000 Series

  • APs, including microbranch:

    • AP-503R, AP-504, AP-505, AP-505H, AP-514, AP-515, AP-534, AP-535, AP-555, AP-605R, AP-615, AP-635, AP-655

For more information, see Upgrade LTE Modem Firmware.

AirGroup Visibility of Personal Devices

The personal devices are visible only to the device owner on the connected AP and its one-hop neighbor. For more information, see AirGroup Configuration

This feature is applicable only to Campus APs.

Configuring LCD Menu

Aruba Central now allows you to enable or disable the LCD functions either completely or for specific operations. For more information, see Configuring LCD Menu.

Uplinks Tracking

Uplink Tracking enables you to assign the role of the leader to the Branch Gateway with the highest number of active uplinks in a Branch Gateway cluster. This feature is effective only when a preferred leader is not configured. For more information, see Uplink Tracking.

The following are the newly supported Aruba APs in ArubaOS 10.5.0.0 release:

  • AP-503
  • AP-503R
  • AP-605R
  • AP-615

The following are the newly supported Aruba Gateways in ArubaOS 10.5.0.1 release:

  • 9114

For more information on supported devices, see Supported Devices for ArubaOS 10.

The following Alerts & Events enhancements are introduced in this release:

Gateway Alerts

EST Enrollment Failure gateway alert now enables alert notification for all gateway devices. To view the gateway EST alert you must enable EST enrollment failure alerts under gateway alert configuration page:

EST Enrollment Failure—Generates an alert when gateway devices fail to enroll or re-enroll with the EST server. EST enrollment and re-enrollment failure alerts automatically closes after the success event is received.

For more information, see Gateway Alerts.

Connectivity Alerts

The following new authentication alert types are added in Connectivity alerts to enhance user experience by adding detailed information regarding the server IP, Auth type, number of users impacted, and percentage of users effected.

  • Wi-Fi Security Key-Exchange Failure Detected—Generates an alert when there are high number of client authentication failures (Wi-Fi Security Key-Exchange) in the network.

  • Wi-Fi Security Key-Exchange Delay Detected—Generates an alert when there is excessive delay in the client authentication (Wi-Fi Security Key-Exchange) with the AP in the network.

  • 802.1x Authentication Delay Detected—Generates an alert when there is excessive delay in the 802.1x authentication process in the network.

  • 802.1x Authentication Failure Detected—Generates an alert when there are high number of 802.1x authentication failures in the network.

  • MAC Authentication Delay Detected—Generates an alert when there is excessive delay in the MAC authentication process in the network.

  • MAC Authentication Failure Detected—Generates an alert when there are high number of MAC authentication failures in the network.

  • Captive Delay Detected—Generates an alert when there is excessive delay in the captive portal authentication process in the network.

  • Captive Failure Detected—Generates an alert when there are high number of captive portal failures in the network.

This additional categorization of the authentication alerts enable users to quickly triage the alerts and take appropriate action.

For more information, see Connectivity Alerts.

These features are applicable only to Campus APs.

Microbranch AP Alert 

AP DHCP pool consumption Alert—An AP Alert is generated for Microbranch APs when a client uses an IP address from the DHCP Pool. For more information, see Access Point Alerts.

BLE Daemon Support for Per-AP Calibrated RSSI Tables

APs with Gen-2 BLE/IoT radios will now adjust the calibrated RSSI values for iBeacon advertisements when BLE transmit power levels are modified, using the Tx Power setting in the IoT Radio Profile configuration. The calibrated values can be verified using the show ap debug ble-advertisement-info command. For more information, see Creating IoT Radio Profile.

Device Provisioning Protocol

Aruba Central supports extends DPP support to include the detection and reporting of DPP related Denial-of-Service attacks. DPP now supports deployment on tunneled-SSIDs and incrementally adds supports for the provisioning of PSK or SAE passphrases for DPP-enrollees. For more information, see Device Provisioning Protocol.

This feature is applicable only to Campus APs.

IoT External Antenna Gain is provisioned

Using the External Antenna tab, you can configure IoT Antenna Gain for AP-584.

Power Save

The green AP feature allows the APs to enter the power save state and wake up at the scheduled time. In the power save state, the AP will neither function nor send any AirMatch telemetry to Aruba Central. For more information, see AirMatch

This feature is applicable only to Campus APs.

Unified Communications

Aruba Central supports only Unified Communications version 2 by default and support for Unified Communications version 1 is removed. For more information, see Unified Communications.

When any segment of either the donut graph or the bar graph in the Summary view is clicked, the List view opens and the Calls table is filtered by the segment that was clicked in the graph and the time filter. For more information, see Unified Communications List View.

The following fields are added to the Unified Communications CDRcard:

  • Session Type

  • OS

  • User Role

  • BSSID

  • DSCP

  • Source Port

  • Destination Port

  • WMM Priority

The following fields are renamed in the Unified Communications CDR card:

  • AP Model from AP Type

  • Peer IP Address from Destination IP

  • Call Duration from Duration

  • Protocol Type from Application

  • SSID/Port from SSID

  • Client Name from MAC Address

The following fields are removed from the Unified Communications CDR card:

  • From

  • To

  • State

  • Termination Reason

  • In Call Roam

  • QoS Correlation

The following fields are hidden in the default view of the Unified Communications Calls table:

  • MAC Address

  • OS

  • User Role

  • Call Duration

  • IP Address

  • Peer IP Address

  • AP Name

  • AP Model

  • BSSID

  • DSCP

  • Quality Score

  • Source Port

  • Destination Port

  • WMM Priority

  • Codec

The following fields support filtering in the Unified Communications Calls table:

  • CDR ID

  • Start Time

  • Client Name

  • MAC Address

  • Call Quality

  • Client Health

  • SSID/Port

  • Protocol Type

  • Session Type

  • OS

  • User Role

  • IP Address

  • Peer IP Address

  • AP Name

  • AP Model

  • Quality Score

For more information, see Unified Communications List View.

This feature is applicable only to Campus APs.

AP Management VLAN Configuration

You can now enable the AP Management VLAN as the native VLAN. For more information, see Configuring VLAN Network Profile Settings.

IPM Radio Power Reduction Steps

The IPM radio power reduction steps use radio indices (1, 0, and 2) that replace all references to the radio bands (2.4 GHz, 5 GHz, secondary 5 GHz, and 6 GHz bands) associated with radio power restrictions. Prior to this release, the IPM radio power reduction steps referred to the operating bands of the radio. This enhancement removes the association between the power reduction steps and the operating bands to simplify the IPM feature design. For more information, see Configuring Intelligent Power Monitoring for Microbranch APs and Configuring Intelligent Power Monitoring for APs.

IPM Status

The show ap power-mgmt-statistics command displays the power consumption information of the AP like the status of IPM and ITM functions among other power consumption statistics.

Link Health Monitoring Updates

The show lhm status command displays the number of times all configured NSLookup policies on an AP have been run.

Loop Protection Support for Microbranch APs

Microbranch APs support loop protection for port profiles. For more information, see Configuring Port Profiles.

MAC Authentication Status Enabled in Aruba Central

The MAC authentication status is enabled based on the traffic forwarding modes for a VPNC and Gateway. For more information, see Configuring Security Settings for an AP and Configuring Port Profiles.

Microbranch Device Level Configuration

Aruba Central now supports Microbranch configuration at the device level. For more information, see Microbranch Configuration Dashboard.

MultiZone Enhancement

AOS 10.5.0.0 now displays a warning message in the WebUI when the user configures WLAN SSID profile in tunnel mode, and selects a different cluster in the same AP group that has only foundation licenses. Since MultiZone supports only advanced licenses, the warning message prevents misconfiguration and allows the user to easily manage and redirect the user traffic to specific clusters within the same AP group.

Onboarding Event Details

The show ap onboarding event and show ap onboarding status command display details regarding onboarding events that occur when a device connects to the network.

Routing Profile Status

The show routing-profile command displays all global static route status configured on an AP for a routing profile.

RTS Frame Transmission

AOS 10.5.0.0 now allows users to control RTS frame transmission to the clients. For more information, see Configuring Radio Parameters.

The output of the show radio config command has been updated to display the status of RTS frame transmission.

This feature is applicable only to Campus APs.

Support for UNII-4 Channels

AOS 10.5.0.0 now supports UNII-4 channels (169-177) on 630 Series and 650 Series access points.

This feature is applicable only to Campus APs.

Support to Enable Frame Bursting

AOS 10.5.0.0 now allows users to control frame bursting if one or more active clients are associated to the AP. For more information, see Configuring Radio Parameters.

The output of the show radio config command has been updated to display the status of the frame bursting mode.

This feature is applicable only to Campus APs.

Firmware Management for Gateway Clusters

You can now view the site information for the SD-WAN gateway clusters from the Firmware management page. Prior to this release, the site information was not available for the gateway clusters. This enhancement allows easy tracking of the site information for each cluster and helps in effective firmware management. Additionally, you can click the cluster name to view the gateways assigned to the cluster. For more information, see Firmware Management.

This feature is applicable only to SD-Branch.

NAS-ID for Air Pass SSID

As part of the NAS-ID solution, the WLAN backend configuration has been updated for new customer and existing customer configurations, without affecting their connectivity. This ensures that when an Air Pass SSID is created, the Domain Name and Venue Name are added to form the NAS-ID string, and the authentication server ID is updated, as per the required formats. For more information, see Air Pass Overview.

Branch Mesh Configuration

To establish a branch mesh, a branch group does not require to be connected to a hub or data center. For more information, seeBranch Mesh Topology in SD-Branch .

This feature is applicable only to SD-Branch.

Configure SLA Profile

You have the option to manually configure the SLA Profile.

For more information, see and Creating IP-SLA Profiles.

This feature is applicable only to SD-Branch.

C5D Instances Supported in AWS

AWS now supports C5D instances in Aruba Central. For more information, see Deploy Aruba Virtual Gateways in AWS.

This feature is applicable only to SD-Branch.

Cluster Support for VPNCs

You can now select clustered hub groups while selecting preferred data center for Aruba Branch Gateways. For more information, see Setting Data Center Preference.

This feature is applicable only to SD-Branch.

Concurrent VIA VPN Sessions Limit

AOS 10.5.0.0 now allows you to limit the maximum number of concurrent VIA VPN session per user. For more information, see Configuring Instant AP VPN Pool for Aruba Gateways

This feature is applicable only to SD-Branch.

DHCP Relay Support

DHCP server and DHCP relay are supported on VLANs for Microbranch APs. This facilitates the Microsoft BitLocker feature. For more information, see Configuring VLANs.

IKEv2 Reauthentication Support

The Reauthentication Frequency field is added for Branch Gateways under VPN > IKEv2. The reauthentication frequency value indicates the number of IKE rekey operations at which the initiator of the session repeats authentication. For more information, see Configuring IKEv2 Policies, Dynamic Maps, and Reauthentication Frequency.

This feature is applicable only to SD-Branch.

Increase in Data Center Preference Limit

The data center preference limit is increased to 32 hubs per group. For more information, see Setting Data Center Preference.

Microbranch Configuration Dashboard Enhancement

The Microbranch configuration dashboard is enhanced to include AP Properties, AP Uplink, and AP Installation type under the System tile. AP Channel & Power and AP External Antenna are added under the Wireless tile. For more information, see Configuring System Properties of Microbranch and Configure Wireless Properties of Microbranch.

Microbranch Device Level Configuration

Aruba Central now supports Microbranch configuration at the device level. For more information, see Microbranch Configuration Dashboard.

Monitoring DHCP Pool

DHCP pools table displays DHCP pool information for Microbranch APs. For more information, see Viewing DHCP Pool for Microbranch.

Overlay Routing Table for Microbranch Group

The overlay routing table is added under the routing tab for a Microbranch group to view the information related to the overlay routes. For more information, see Overlay Tab in the AP Dashboard.

Packet Capture Logs

You can now upload packet capture logs on the Tools page of the Branch Gateway dashboard. For more information, see Enabling Gateway Logs.

This feature is applicable only to SD-Branch.

SSH Server Configurations

Aruba Central now supports ecdsa-sha2-nistp256 and ssh-ed25519 for HostKeyAlgorithms in the SSH server. ssh-rsa is no longer supported for SSH server's PubkeyAcceptedKeyTypes and HostKeyAlgorithms. For more information, see SSH Authentication for CLI Access.

Support Static Assigned Address for WAN Interfaces

Microbranch APs support static assigned address for WAN interfaces as DHCP cannot be used in all deployments. For more information, see Configuring the WAN Uplink and Configuring Static Routing.

VHD Image Compressed with Gzip

The Virtual Hard Drive (VHD) image is now compressed using Gzip, which reduces the size of the compressed file from 4 GB to 120 MB. You must decompress the compressed file before uploading it to your Microsoft Azure account. For more information, see Aruba Virtual Gateway Software Image Upload.

This feature is applicable only to SD-Branch.

VLAN Probe Failure

VLAN Mismatch column in Gateway Clusters is updated to VLAN Probe Failed. VLAN Probe Failed displays upto first twenty probe failures.

For more information, see Gateways Tab in Gateway Cluster Dashboard.

This feature is applicable only to Campus APs.

WAN Uplink Monitoring for VPNC Gatways

Aruba Central now provides an option to monitor WAN uplinks for VPNC devices. For more information, see Navigating to the WAN Summary Tab.

This feature is applicable only to SD-Branch.

Support for /31 Subnets

AOS 10.5.0.0 now supports /31 subnet addresses in the VLAN static IP configuration. For more information on how to configure the VLAN parameters, see Configuring Other Parameters for VLAN.

AWDL Protocol Detection

The output of the show ap monitor status command is modified to display the detected and discarded AWDL frames when AWDL network detection is configured through templates.

This feature is applicable only to Campus APs.

Configuring VIA Connection Profile

Aruba Central now allows users to configure up to 256 VIA connection profile entries. For more information, see VIA Profiles for Authentication.

This feature is applicable only to Campus APs.

IDPS Enhancements

The following IDPS enhancement is introduced in this release:

Threats List

The Model and User Role columns are added to the Threats List table.

For more information, see Threats List.

Opmode-transition Support for WPA-3

AOS 10.5.0.0 now allows users to deploy virtual APs on the 6 GHz bands using PMF by disabling the transition mode. For more information, see WPA-3 Enterprise Operating Modes.

This feature is applicable only to Campus APs.

Support for WPA3 Transition

Aruba Central now supports WPA3 Transition mode that allows WPA2 and WPA3 clients to be on the same SSID. The WPA3 Transition is available only when WPA-3 Enterprise(CCM 128) option is selected from the Key Management drop-down list for Enterprise security level. For more information, see the following topics:

Backup Configuration Restore

The show ap debug cloud-restore-status command displays the restoration status of the AP configuration for APs.

This feature is applicable only to Campus APs.