What's New in HPE Aruba Networking Central 2.5.8-AOS-10.6

The following sections provide an overview of the new features and enhancements that are added to HPE Aruba Networking Central 2.5.8 and AOS 10.6 release.

New Features in HPE Aruba Networking Central 2.5.8

AI Ops

The following is the new AI Artificial intelligence (AI) is the simulation of human intelligence processes by machines, especially computer systems. AI reduces trouble tickets by identifying the network entity that is facing problems through event correlation and root cause analysis. Ops feature added in this release:

AI Insights

The following new insight is added in the AI Insight dashboard:

AI-Driven Power save Config Recommendation for Access PointsHPE Aruba Networking Central now supports Power Save AP recommendations for Access Points at the Device level. This insight will display the power save recommended APs from the list of access points present in the network. To implement the recommended configuration for the Power Save APs, you can set the power save profile configuration at the AP or Group level from the AP configuration page, Advanced Settings to either of the following:

  • Automatic

  • Manual

For more information, see AI-Driven Power Save Configuration Recommendation for Access Points.

This is a selectively available feature. Contact your Account Manager to enable it in your HPE Aruba Networking Central account.

AI Search

HPE Aruba Networking Central is an AI-powered Network Management Solution for Enterprise Networks. It is now equipped with a GenAI-driven Search bar. By integrating the latest advancements in AI/ML and leveraging sophisticated Large Language Models (LLMs), the Search bar transcends the capabilities of conventional search functions.

The Search bar now creates pathways by providing direct links to both the user interface and the TechDocs WebHelp. This integrated approach ensures that users have immediate access to detailed information, offering depth and context at their fingertips.

For more information, see Using the Search Bar.

APIs

Listed below are APIs Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. introduced in this release: 

API Category New APIs

Cloud Connect > Cloud connect

 

 

  • [PUT] /cloud-connect/v1/node_list/{node_id}/config/prisma
  • [PUT] /cloud-connect/v1/custom-account/{account_name}
  • [PUT] /cloud-connect/v1/prisma-account/{account_name}

 

  • [DELETE] /cloud-connect/v1/prisma-account/{account_name}

Device Replacement > Offline Devices

  • [GET] /v1/offline_device

Device Replacement > Request Replacement

  • [POST] /v1/request_replacement

Device Replacement > Check Compliance

  • [POST] /v1/check_compliance

Device Replacement > Initiate Replacement

  • [POST] /v1/initiate_replacement

Device Replacement > Cancel Replacement

  • [POST] /v1/cancel_replacement

Device Replacement > Devices Under Replacement

  • [GET] /v1/devices

Device Replacement > Devices Status

  • [GET] /v1/device_status

Device Replacement > Devices count

  • [GET] /v1/device_count

Device Replacement > Get MSP Managed Service Provider. The Managed Service Provider (MSP) mode is a multi-tenant operational mode that Aruba Central accounts can be converted into, provided these accounts have subscribed to the Aruba Central app. customers

  • [GET] /v1/msp_customers

Device Replacement > MSP Replacement Count

  • [GET] /v1/msp_replacement_count

Device Replacement > MSP replacement detail

  • [GET] /v1/msp_replacement_details

Monitoring > Switch

  • [GET] /monitoring/v1/cx_switches/{serial}/neighbors
  • [GET] /monitoring/v1/cx_switch_stacks/{stack_id}/neighbors

Service UCC Unified Communications and Collaboration. UCC is a term used to describe the integration of various communications methods with collaboration tools such as virtual whiteboards, real-time audio and video conferencing, and enhanced call control capabilities. > Aruba ucc

  • [GET] /ucc-config/v1/node_list/{node_type}/{node_id}/config/ucc_alg/zoom/
  • [POST] /ucc-config/v1/node_list/{node_type}/{node_id}/config/ucc_alg/zoom/
  • [PUT] /ucc-config/v1/node_list/{node_type}/{node_id}/config/ucc_alg/zoom/
  • [DELETE] /ucc-config/v1/node_list/{node_type}/{node_id}/config/ucc_alg/zoom/

For more information, see Changes to HPE Aruba Networking Central APIs

Certificates

The following is the new certificate feature added in this release:

Edit a Certificate

Starting from HPE Aruba Networking Central 2.5.8, users can edit an existing custom certificate listed in the Certificate Store table. For more information, see Editing a Certificate.

Gateways

The following are the new Gateway features added in this release:

Configure Static Host List for LAN Interfaces

You now have the option to configure Static Host List for LAN Local Area Network. A LAN is a network of connected devices within a distinct geographic area such as an office or a commercial establishment and share a common communications line or wireless link to a server. Interfaces.

For more information, see Configuring Static Host List for LAN interfaces

Support for Overlay Route Drop Mechanism

The overlay route drop mechanism is a feature designed to enhance network security, specifically by ensuring that traffic is not inadvertently rerouted over the underlay network when SD-WAN Software-Defined Wide Area Network. SD-WAN is an application for applying SDN technology to WAN connections that connect enterprise networks across disparate geographical locations. overlay routes are unavailable. For more information, see Configuring Overlay Route Drop Mechanism.

Gateway supports HPE Aruba Networking 9106

The HPE Aruba Networking Gateway now supports HPE Aruba Networking 9106 with AOS 10.6 and later versions that function as Branch Gateways.

For more information, see Supported Gateways.

Support for WAN Uplink Backup Health Check

If the Backup health check is enabled and the destination address is reachable, the WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. Status for the uplink will be displayed as Healthy under WAN Monitoring.

For more information, see Configuring Uplink Interfaces on Branch Gateways.

Configure Gateway Device Flash Memory Usage Alert

You can now configure device flash memory usage alert for gateways. Alert will be triggered when a gateway flash memory usage has exceeded 80% threshold.

For more information, see Gateway Alerts.

Instant APs

The following are the new Instant AP features added in this release:

Support for AP System Location

HPE Aruba Networking Central now displays the system location of an AP. For more information, see Configuring System Parameters for an IAP

Support for Free Channel Index Configuration

HPE Aruba Networking Central now allows you to set the free channel index for an AP. For more information, see Configuring Radio Parameters.

Support for Honor 40 MHz Intolerance for APs

HPE Aruba Networking Central now supports 40 MHz Megahertz Intolerance for APs that decides whether the APs using this radio profile will advertise intolerance of 40 MHz operation. This feature is disabled by default. For more information, see Configuring Radio Parameters.

Support for IPv6 RA and ND Optimization in WLAN SSIDs

HPE Aruba Networking Central now supports IPv6 RA Router Advertisement. The RA messages are sent by the routers in the network when the hosts send multicast router solicitation to the multicast address of all routers. and ND optimization that allows local IPv6 hosts to automatically configure their own IP address based on information advertised by switches or routers operating on the network. For more information, see Configuring Advanced Settings for a WLAN SSID Profile.

Support for Non-DFS Channels

HPE Aruba Networking Central now allows you to select the non-DFS Dynamic Frequency Selection. DFS is a mandate for radio systems operating in the 5 GHz band to be equipped with means to identify and avoid interference with Radar systems. valid channels only for 5 GHz Gigahertz. bands Band refers to a specified range of frequencies of electromagnetic radiation.. For more information, see Configuring ARM Features for Instant APs in AOS-8

Support for SSH Timed Account Lockout

HPE Aruba Networking Central now supports SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. Timed Account Lockout feature on APs without any RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server that allows an administrator to configure the number of unsuccessful authentication attempts to authenticate remotely. For more information, see Configuring Users Accounts for the IAP Management Interface.

Support for Zero Wait DFS

HPE Aruba Networking Central now supports zero wait DFS that provides seamless change of radio channels and to avoid the period of no transmission. Zero wait DFS can be configured for the 5 GHz and secondary 5 GHz radio profiles. For more information, see Configuring Radio Parameters.

Updates to Certificate Usage Verbiage for RadSec

In the HPE Aruba Networking Central UI, the RadSec and RadSec Certificate Authority is renamed to RadSec Client Cert and RadSec CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. respectively. For more information, see Mapping IAP Certificates.

MSP

The following are the new MSP features added in this release:

MSP Deployment Scenarios

Please contact your HPE GreenLake sales representative or your HPE HPE Aruba Networking account manager to enable the Deployment Model 2 or Deployment Model 3 feature in your HPE GreenLake workspace. For more information see: End-Customer Owns Both Devices and Subscriptions But MSP Manages (Deployment Model 2) and Hybrid MSP Deployment Model (Deployment Model 3).

MSP Group Supports AOS-10 Gateway

The AOS-10 architecture and gateway configuration are supported in this release. For more information, see Creating an MSP Group Persona with AOS-10 Architecture.

AOS-CX support for MSP

AOS-CX Groups are supported at the MSP level.

For more information, see MSP Groups for AOS-CX.

Security

HPE Aruba Networking Central Cloud Connect

HPE Aruba Networking Central now allows you to integrate Palo Alto Prisma Access with HPE Aruba Networking Cloud Connect to orchestrate the deployment of HPE Aruba Networking EdgeConnect SD-Branch gateways or Branch Gateway groups and Microbranch APs or AP groups. For more information, see Integration of Cloud Connect with Palo Alto Prisma Access.

NetConductor

The following are the new NetConductor features added in this release:

Cloud Authentication and Policy

The following is the new Cloud Authentication and Policy feature added in this release:

Switches

The following are the new Switch features added in this release:

IPv6 Support

Starting from HPE Aruba Networking Central 2.5.8, users can onboard, monitor their devices, and upgrade the AOS-CX firmware over IPv6 or dual stack networks. For more information, see AOS-CX Overview.

Advanced License for AOS-CX Switch Features

Some of the AOS-CX switch features require HPE Aruba Networking Central Advanced licenses. A notification message is displayed indicating that a valid advanced license is required for the Fabric Overlay, Network Underlay workflows, and for AOS-CX Advanced Feature Pack using MultiEdit MultiEdit mode allows configuring single or multiple AOS-CX switches using the CLI syntax. You can also view the difference between the Central running configuration and the switch running configuration.. You can acknowledge the message by clicking the close button. The notification message is user-specific. Once the message is closed, it will not be displayed for the same user, but the message will be displayed for other users. Also, the message acknowledgment needs to be done independently for each feature. For more information, refer to the AOS-CX switches Feature Pack Ordering Guide and EULA End User License Agreement. EULA is a legal contract between a software application publisher or author and the users of the application..

One Touch Provisioning of AOS-CX Switches using the Installer Mobile App

The Installer mobile app now supports the one-touch provisioning (OTP) of AOS-CX switches workflow. Using this workflow, the administrator can configure an AOS-CX with some basic configuration settings through the Installer mobile app. You can configure either a standalone AOS-CX switch or a VSF Virtual Switching Framework. VSF allows network administrators to stack multiple individual switches into a single logical device using standard Ethernet links. stack. For more information, see One Touch Provisioning of AOS-CX Switches using Aruba Installer Mobile App.

New Hardware Platforms

The following are the newly supported APs in HPE Aruba Networking Central 2.5.8 release:

  • AP-605H

  • AP-675

  • AP-677

  • AP-679

For more information on supported devices, see Supported Instant APs.

Enhancements in HPE Aruba Networking Central 2.5.8

Alerts and Events

The following Alerts & Events enhancements are introduced in this release:

AOS-CX Switch Alerts

AOS-CX Switch Events

Support for the AOS-CX switch events in the following categories are now available in HPE Aruba Networking Central:

  • Services

  • Routing

  • Interface

  • Hardware

  • Overlays

For more information about the AOS-CX switch events, navigate to the AOS-CX Switch Software Documentation Portal. In the AOS-CX Switch Software Documentation portal, navigate to a switch model and click the View software feature and user guides (HTML) link. Click Software Release Version listed next to the Event Log Message Reference Guide to view the events for the software release version selected.

Gateways Logs

While uploading log files under Manage > Devices > Gateway > Tools > Logs, you can now prepare and upload packet capture log files at a later time. You can schedule the date and time when you want to upload the log files. For more information, see Enabling Gateway Logs.

APIs

Obtaining Token Using OAuth Grant Mechanism

The rate limit is set to 1 access token per 30 minutes when you generate a new access token for a client ID using the OAuth Open Standard for Authorization. OAuth is a token-based authorization standard that allows websites or third-party applications to access user information, without exposing the user credentials. Grant Mechanism. For more information, see Obtaining Token Using OAuth Grant Mechanism topic.

REST APIs

Listed below are the REST Representational State Transfer. REST is a simple and stateless architecture that the web services use for providing interoperability between computer systems on the Internet. In a RESTful web service, requests made to the URI of a resource will elicit a response that may be in XML, HTML, JSON or some other defined format. APIs available in swagger that are enhanced in this release.

API Category

Modified APIs

Authentication & Policy

  • [PUT] /cloudAuth/api/v1/user_policy
  • [GET] /cloudAuth/api/v1/user_policy

Authentication & Policy > User Policy

  • [GET]/cloudAuth/api/v1/user_policy
  • [PUT]/cloudAuth/api/v1/user_policy

Ble Beacon Service

  • [GET] /ble_cfg_beacons/{group_name}
  • [GET] /ble_run_beacons/{group_name}
  • [GET] /ble_beacon_profiles
  • [POST] /ble_cfg_beacons/{group_name}
  • [POST] /edit_beacon_profiles/{group_name}/{profile_id}

Configuration > AP Configuration

  • [GET]/configuraon/v1/ap_cli/{group_name_or_guid_or_serial_number}
  • [POST]/configuraon/v1/ap_cli/{group_name_or_guid_or_serial_number}

Listed below are APIs removed in this release.

API Category

Removed APIs

Monitoring > AP

Monitoring > Network

  • [GET] /monitoring/v1/networks
  • [GET] /monitoring/v1/networks/{network_name}
  • [GET] /monitoring/v1/networks/bandwidth_usage

Monitoring > VPN

  • [GET] /monitoring/v1/vpn/usage
  • [GET] /monitoring/v2/vpn/usage
UnitedCommunications

For more information, see Changes to HPE Aruba Networking Central APIs.

Applications

AirGroup - Follow-the-User

HPE Aruba Networking Central supports personal device accessibility by device owners from any location beyond the on-hop neighborhood, within the network. For more information, see AirGroup.

AirGroup - Personal Device Visibility and Sharing

HPE Aruba Networking Central supports sharing of personal devices by device owners across the network, using CloudGuest. For more information, see Sharing of Personal Devices.

BLE Beacon Service Support for Open Locate Beacon

The Open Locate advertising format enables you to broadcast LCI details. Open Locate only supports auto configuration method. If Open Locate is configured from the UI, then Measured Power and Geo Location information is broadcast. If the profile is configured using API, then you can configure more options such as Measured Power, Geo Location, Floor Location, Identity, URL Uniform Resource Locator. URL is a global address used for locating web resources on the Internet., and Signature.

For more information see, Configuring IoT BBS Profile for AOS-10 APs.

IoT Operations - Group Support

HPE Aruba Networking Central now supports group-level configurations only for IoT Internet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet. connectors, as well as applications and transport profile configurations. For more information, see HPE Aruba Networking IoT Operations.

This is selectively available Aruba Central feature. Contact your Aruba Account Manager to enable it in your Aruba Central account.

IoT Operations - Application Developer Portal (ADP)

HPE Aruba Networking Central supports the IoT Application Developer Portal (ADP Aruba Discovery Protocol. ADP is an Aruba proprietary Layer 2 protocol. It is used by the APs to obtain the IP address of the TFTP server from which it downloads the AP boot image.), which provides an interface for IoT application developers to manage their IoT applications lifecycle, while offering easy to use workflows for creating, modifying, versioning and publishing IoT applications. For more information, see Application Developer Portal (ADP).

This is selectively available Aruba Central feature. Contact your Aruba Account Manager to enable it in your Aruba Central account.

The following Applications enhancements are introduced in this release:

Unified Communications Support for Zoom

HPE Aruba Networking Central supports Zoom as an Unified Communications application. Identification, prioritization and visibility is provided for Zoom audio calls. Zoom media traffic is tagged with the applicable and configured WMM Wi-Fi Multimedia. WMM is also known as WME. It refers to a Wi-Fi Alliance interoperability certification, based on the IEEE 802.11e standard. It provides basic QoS features to IEEE 802.11 networks. WMM prioritizes traffic according to four ACs: voice (AC_VO), video (AC_VI), best effort (AC_BE), and background (AC_BK)./DSCP Differentiated Services Code Point. DSCP is a 6-bit packet header value used for traffic classification and priority assignment. priority. Visibility of the Zoom audio sessions is available in the Unified Communications list and summary views and CDR Call Detail Record. A CDR contains the details of a telephone or VoIP call, such as the origin and destination addresses of the call, the start time and end time of the call, any toll charges that were added through the network or charges for operator services, and so on.. For more information, see Unified Communications.

Unified Communications Reports

HPE Aruba Networking Central supports Unified Communications reports. Unified Communications reports may be created or scheduled from the Analyze > Reports > Applications > UCC page. For more information, see Unified Communications Reports.

Gateways

The following Gateway enhancements are introduced in this release:

Config Failure status directs to configuration audit page.

In the event of configuration failure, HPE Aruba Networking Central now allows you to click on the Config Failure status in the Summary page and move directly to the configuration audit page.

For more information, see Summary Tab in Gateway Dashboard

Global Firewall Parameters supports IPv6

You now have the option to configure global firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. parameters via IPv6 processing in Gateways.

For more information, see Configuring Global Firewall Parameters

Support for TLS to Configure Syslog Servers

HPE Aruba Networking Central now allows you to secure log messages sent to an external logging server using the TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. parameter in the HPE Aruba Networking Central app. Under Manage > Devices > Gateways, click a gateway to view the gateway context and navigate to System > Logging > Add New Syslog Servers to use the TLS parameter. For more information, see Configuring Syslog Servers.

Install Manager

The following is the new Install Manager feature added in this release:

Install Manager Support

Starting HPE Aruba Networking Central 2.5.8, you can assign all sites to an installer using the Select All option in the Add Installer page. For more information, see Add an Installer and Assign Sites for Installation and Generate a QR Code and Assigning Sites for Installation

Instant APs

The following Instant AP enhancements are introduced in this release:

Configuration Support for IP MTU for EAP Fragmentation

HPE Aruba Networking Central now allows you to specify the IP MTU Maximum Transmission Unit. MTU is the largest size packet or frame specified in octets (eight-bit bytes) that can be sent in networks such as the Internet. for EAP Extensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  fragmentation for an authentication server. For more information, see Configuring External Authentication Servers for IAPs.

Enhancements to EST Certificates

HPE Aruba Networking Central UI now displays the Radsec CA option when Radsec use EST server is enabled. For more information, see Mapping IAP Certificates.

New XML Definition File Added to DHCP Option 82 XML

A new XML Extensible Markup Language. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. definition file, default_dhcpopt82_3.xml, is now added to the DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  Option 82 XML parameter sub-type options. The default_dhcpopt82_3.xml option is supported only on APs running AOS 10.5.1.0 or later versions.

The DHCP Option 82 XML VLAN list field allows you to define the VLANs for default_dhcpopt82_3.xml. The maximum number of supported VLANs is 128.

For more information, see Configuring System Parameters for an IAP

Support for New USB-based Modems

HPE Aruba Networking Central now extends support for new USB Universal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. -based modems. You can view the complete list of supported USB-based modems in the drop-down list of the USB Device in the Access Points > Security > USB Port Policy > Add Rule page.

Support for 8 WLAN SSID profiles

HPE Aruba Networking Central now allows you to create a maximum number of eight WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID profiles with 6 GHz band. For more information, see Viewing the Wireless SSIDs Table

MSP

The following MSP enhancements are introduced in this release:

Device Replacement in MSP Mode

HPE Aruba Networking Central now supports device replacement workflows in the MSP mode. For more information, see Device Replacement.

Managing Site Installations and SD-WAN Support in MSP

Managing Site Installations for MSPs and SD-WAN Support in MSP Mode are no longer allowlisted features.

For more information, see Managed Service Provider.

Reports

The following enhancement is introduced in this release:

Guest Report

A new option Last 90 Days is added to the Report Period context for Guest report.

For more information, see Report Configuration Options.

Capacity Planning and Infra Inventory Reports

Active and Expired categories are added to the Subscription Utilization widget of Capacity Planning and Infra Inventory reports.

For more information, see Report Categories.

Security

Configure Centralized Firewall Policies from Gateway Configuration Page

For tunnel SSIDs and wired tunnel port profiles, you can configure centralized firewall policies from the gateway configuration page. For AP-Specific policies, navigate to the Security tab.

For more information, see Configuring Access Rule for a WLAN SSID Profile in Tunnel and Mixed Mode.

For microbranch-specific information, see Configuring ACLs for User Access to a WLAN

IDPS

The following IDPS Intrusion Detection and Prevention System (IDPS) monitors, detects, and prevents threats in the inbound and outbound traffic. Aruba IDPS provides an extra layer of protection that actively analyzes the network and takes actions on the traffic flows based on the defined rules. It inspects data packets, and if any threat is identified, acts real-time to prevent it. enhancements are introduced in this release:

  • IDPS-Supported Gateways HPE Aruba Networking 9114 and HPE Aruba Networking 9240 gateways support the IDPS feature and its functionalities on Branch Gateway and Mobility Gateway personas. They are added to the list of IDPS-supported gateways.

    For more information, see Preparing to add IDPS-Supported Gateways.

NetConductor

The following NetConductor enhancement is introduced in this release:

  • Use Switch Fabric for Role Propagation question has been modified to Are roles propagated between AOS 10 Gateways? in the Global Client Roles page to allow more flexibility in terms of what options can be configured.

    For more information, see Global Client Roles.

Switches

The following Switches enhancements are introduced in this release:

Advanced License for AOS-CX switch features

Some of the AOS-CX switch features require HPE Aruba Networking Central Advanced licenses. A notification message is displayed indicating that a valid advanced license is required for the MultiEdit, Fabric Overlay and Network Underlay workflows. You can acknowledge the message by clicking the close button. The notification message is user-specific. Once the message is closed, it will not be displayed for the same user, but for other users, the message will be displayed. Also, the message acknowledgment needs to be done independently for each feature. The notification message will reappear every 90 days.

For more information, refer to the AOS-CX switches Feature Pack Ordering Guide and EULA.

Monitoring CPU Utilization in AOS-CX Switches

Starting from this version of HPE Aruba Networking Central, the AOS-CX switches calculate their own average CPU Central Processing Unit. A CPU is an electronic circuitry in a computer for processing instructions. utilization for every five minutes. This feature is supported only on switches running AOS-CX 10.12.xx or later versions.

One Touch Provisioning of AOS-CX Switches using Aruba Installer Mobile App

The Aruba Installer mobile app now supports the one-touch provisioning (OTP) of AOS-CX switches workflow. Using this workflow, the administrator can configure an AOS-CX with some basic configuration settings through the Aruba Installer mobile app. You can configure either a standalone AOS-CX switch or a VSF stack. For more information, see One Touch Provisioning of AOS-CX Switches using Aruba Installer Mobile App.

Template Group

The following Template Group enhancements are introduced in this release:

Enhancements to Template Group Configurations

Starting from this release, when firmware compliance is set for a template group, then the template configuration push will be blocked on all non-compliant devices. The configurations will be pushed to these devices only when a compliant build firmware is downloaded and when the devices are rebooted. For more information, see

Template Group Configurations

HPE Aruba Networking Central now allows users to maximize the Template text box and enter full screen mode while adding or editing configuration text to a template. For more information, see Creating a Configuration Template.

Troubleshooting

The following troubleshooting enhancement is introduced in this release:

Gateways Logs

While uploading log files under Manage > Devices > Gateway > Tools > Logs, you can now prepare and upload packet capture log files at a later time. You can schedule the date and time when you want to upload the log files. For more information, see Enabling Gateway Logs.

New Features in AOS-10.6

AI Ops

The following is the new AI Ops feature added in this release:

AI Insights

The following new insight is added in the AI Insight dashboard:

AI-Driven Power save Config Recommendation for Access PointsHPE Aruba Networking Central now supports Power Save AP recommendations through Net Insight. This insight will display the power save recommended APs from the list of access points present in the network. To implement the recommended configuration for the Power Save APs, you can set the power save profile configuration at the AP or Group level from the AP configuration page, Advanced Settings to either of the following:

  • Automatic

  • Manual

For more, information, see AI-Driven Power Save Configuration Recommendation for Access Points.

This is selectively available Aruba Central feature. Contact your Aruba Account Manager to enable it in your Aruba Central account.

AI Search

HPE Aruba Networking Central is known as the AI-powered Network Management Solution for Enterprise Networks. AI/ML have been extensively used to build the AI Search capabilities that helps customers with their day to day tasks by understanding their intent and presenting them with relevant information on clients, devices and documentation. The Search bar now enables AI search and provides an augmented search experience by leveraging technologies like Large Language Models (LLM).

While searching for a relevant information for any query that you might have, you can type the query on the search bar and a summary for the specific query will be displayed along with the links to the HPE Aruba Networking Central user interface and documentation Webhelp for further detailed information.

For more information, see Using the Search Bar.

Campus and Microbranch APs

The following are the new Campus and Microbranch AP features added in this release:

Display Cell Information

The show cellular cell command displays the cell information of the cellular connection.

Option to Disable Wired Port When Tunnel is Down

You can enable the ability to track the status of the AP tunnel, such that, if the AP tunnel goes down the wired-port mirrors this state. When the AP-tunnel state is restored, the wired-port transitions to an UP state.

For more information, see Configuring General Network Profile Settings. For microbranch-specific information, see Configuring General Network Profile Settings.

Support for AAA Server Groups

For bridged AP SSID deployments, you can create multiple servers and add them in a group. The maximum number of server groups is 32 and the maximum number of authentication servers is 8, in one server group. HPE Aruba Networking Central currently supports RADIUS and RadSec servers within a Server Group definition. Server group is not only supported in wireless SSID profile (mac dot1x cp) but also in wired port profile (mac dot1x cp).

For more information see, Configuring Server Groups. For microbranch-specific information, see Configuring Server Groups for Microbranch APs.

Support for AP System Location

HPE Aruba Networking Central now displays the system location of an AP.

For more information, see Configuring System Parameters for an AP. For microbranch-specific information, see Configuring Properties for Microbranch.

Support for Background Spectrum Monitoring

HPE Aruba Networking Central now supports background spectrum monitoring that provides additional function of monitoring RF Radio Frequency. RF refers to the electromagnetic wave frequencies within a range of 3 kHz to 300 GHz, including the frequencies used for communications or Radar signals. interference (from both neighboring APs and non Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. sources such as, microwaves Electromagnetic energy with a frequency higher than 1 GHz, corresponding to wavelength shorter than 30 centimeters. and cordless phones) on the channel they are currently serving the clients.

For more information, see Configuring Radio Parameters For microbranch-specific information, see Configuring Radio Profile Parameters.

Support for Broadcasting LCI details of an AP

HPE Aruba Networking Central now supports the Open Locate format to broadcast the LCI details of an AP. For more information, see Configuring IoT BBS Profile for AOS-10 APs.

Support for Free Channel Index Configuration

HPE Aruba Networking Central now allows you to set the free channel index for an AP.

For more information, see Configuring Radio Parameters For microbranch-specific information, see Configuring Radio Profile Parameters.

Support for Honor 40 MHz Intolerance for APs

HPE Aruba Networking Central now supports Honor 40 MHz Intolerance. When enabled, the radios will stop using the 40 MHz channels if the 40 MHz intolerance indication is received from another AP or station. This feature is enabled by default.

For more information, see Configuring Radio Parameters For microbranch-specific information, see Configuring Radio Profile Parameters.

Support for IPv6 RA and ND Optimization in WLAN SSIDs

HPE Aruba Networking Central now supports IPv6 RA and ND optimization that allows local IPv6 hosts to automatically configure their own IP address based on information advertised by switches or routers operating on the network.

For more information, see Configuring Advanced Settings for a WLAN SSID Profile. For microbranch-specific information, see Configuring WLAN SSID Settings.

Support for Manual EoGRE Tunnel To Third-Party Devices

HPE Aruba Networking Central now allows you to configure manual EoGRE tunnels to third-party devices. For more information, see Configuring Manual EoGRE Tunnel to Third-Party Devices.

Support for One Touch Provisioning (OTP) for Microbranch APs

To account for circumstances where a microbranch AP requires additional configuration before it can communicate with HPE Aruba Networking Central, HPE Aruba Networking Central now offers One Touch Provisioning (OTP) feature for Microbranch APs.

For more information, see Connecting Microbranch APs to HPE Aruba Networking Central.

This is a selectively available HPE Aruba Networking Central feature. Contact your HPE Aruba Networking Account Manager to enable it in your HPE Aruba Networking Central account.

Support for SSH Timed Account Lockout

HPE Aruba Networking Central now supports SSH Timed Account Lockout feature on APs without any RADIUS server that allows an administrator to configure the number of unsuccessful authentication attempts to authenticate remotely.

For more information, see Configuring Users Accounts for the AP Management Interface. For microbranch-specific information, see Configuring User Accounts in Microbranch.

Support for Personal Wireless Network

During AP configuration, when Cloud Auth is selected as the Radius source, you can turn on Personal Wireless Network. This feature enables you to establish Personal Area Network (PAN) among a set of selected wireless devices in order to exchange information isolated from others on the same network.

For more information, see Personal Wireless Network.

Support for Zero Wait DFS

HPE Aruba Networking Central now supports zero wait DFS that provides seamless change of radio channels and to avoid the period of no transmission. Zero wait DFS can be configured for the 5 GHz and secondary 5 GHz radio profiles.

For more information, see Configuring Radio Parameters For microbranch-specific information, see Configuring Radio Profile Parameters.

Updates to Certificate Usage Verbiage for RadSec

In the HPE Aruba Networking Central UI, the RadSec and RadSec Certificate Authority is renamed to RadSec Client Cert and RadSec CA respectively.

For more information, see Mapping AP Certificates. For microbranch-specific information, see Configuring and Managing Certificates .

 

Gateways

The following are the new Gateway features added in this release:

Configure Static Host List for LAN Interfaces

You now have the option to configure Static Host List for LAN Interfaces.

For more information, see Configuring Static Host List for LAN interfaces

Custom Tunnel Settings

You can create customized tunnel settings as per your requirement. You can also edit the default tunnel settings. For more information, see Creating Customized Tunnel Settings.

New Hypervisor Support for Virtual Gateways

You can now deploy virtual gateways in VMware ESXi version 8.0.

New Hardware Platforms

The following are the newly supported Aruba APs in ArubaOS 10 ArubaOS 10 (AOS 10) is the distributed network operating system working with Aruba Central that controls Aruba Access Points (APs) and optional gateways..6.0.0 release:

  • AP-634

  • AP-654

The following is the newly supported Gateway in AOS 10.6 release:

  • 9106

For more information on supported devices, see Supported Devices for AOS-10.

Enhancements in AOS-10.6

Applications

The following Application enhancement is introduced in this release:

IOT

BLE Beacon Service Support for Open Locate Beacon

The Open Locate advertising format enables you to broadcast LCI details. Open Locate only supports auto configuration method. If Open Locate is configured from the UI, then Measured Power and Geo Location information is broadcast. If the profile is configured using API, then you can configure more options such as Measured Power, Geo Location, Floor Location, Identity, URL, and Signature.

For more information see, Configuring IoT BBS Profile for AOS-10 APs.

Extended Advertisements on BLE 5

BLE Bluetooth Low Energy. The BLE functionality is offered by Bluetooth® to enable devices to run for long durations with low power consumption. extended advertisement scanning allows advertising devices (e.g., BLE devices) to transmit larger advertising packets and allows scanning devices (e.g., Aruba AP’s) to receive and process these extended packets. With this enhancement, packets can now be up to 255 bytes in length. No AOS or Central configuration changes are necessary for Aruba ecosystem partners to utilize this enhancement.

Unified Communications Support for Zoom

HPE Aruba Networking Central supports Zoom as an Unified Communications application. Identification, prioritization and visibility is provided for Zoom audio calls. Zoom media traffic is tagged with the applicable and configured WMM/DSCP priority. Visibility of the Zoom audio sessions is available in the Unified Communications list and summary views and CDR. For more information, see Unified Communications.

Campus and Microbranch APs

The following Campus and Microbranch AP enhancements are introduced in this release:

Configure Power Save on APs

HPE Aruba Networking Central now provides the ability to sleep and wake up APs based on AI-Driven recommendations. The Power Save feature provides an AI-based power-save recommendation to customers' sites or groups with HPE Aruba Networking Wireless Operating System 10 APs.

For more information, see Configuring Power Save Mode on AOS-10 APs.

This is a selectively available HPE Aruba Networking Central feature. Contact your HPE Aruba Networking Account Manager to enable it in your HPE Aruba Networking Central account.

Configuration Support for IP MTU for EAP Fragmentation

HPE Aruba Networking Central now allows you to specify the IP MTU for EAP fragmentation for an authentication server. For more information, see Configuring External Authentication Servers for APs.

Enhancements to EST Certificates

HPE Aruba Networking Central UI now displays the Radsec CA option when Radsec use EST server is enabled. For more information, see Mapping AP Certificates.

Improvements to Cloud-assisted Roaming

General architectural improvements have been made to cloud-assisted roaming to increase the success rate and serviceability of 802.11r 802.11r is an IEEE standard for enabling seamless BSS transitions in a WLAN. 802.11r standard is also referred to as Fast BSS transition. roaming.

Monitoring Support for Power Save Mode on APs

HPE Aruba Networking Central now provides monitoring support for power save mode on APs. For more information, see Monitoring Power Save Mode on AOS-10 APs.

Power Save is supported in this release as a selectively available feature. Contact your Aruba Account Manager to enable it in your Aruba Central account.

New XML Definition File Added to DHCP Option 82 XML

A new XML definition file, default_dhcpopt82_3.xml, is now added to the DHCP Option 82 XML parameter sub-type options. The default_dhcpopt82_3.xml option is supported only on APs running AOS 10.5.1.0 or later versions.

The DHCP Option 82 XML VLAN list field allows you to define the VLANs for default_dhcpopt82_3.xml. The maximum number of supported VLANs is 128.

For more information, see Configuring System Parameters for an AP.

For microbranch-specific information, see Configuring Properties for Microbranch.

Number of User Roles Increased to 128

HPE Aruba Networking Wireless Operating System 10 APs running 10.6.0.0 or higher versions now support a total of 128 user roles. HPE Aruba Networking Wireless Operating System 10 APs running versions lower than 10.6.0.0, support 64 user roles.

For more information see, Configuring User Roles for AP Clients.

Support for MPLS Uplink for Microbranch APs

The WAN framework of Microbranch uplinks is now aligned with SD-WAN Orchestrator framework which enables the same usability for Microbranch uplinks, as well as the use of MPLS Multiprotocol Label Switching. The MPLS protocol speeds up and shapes network traffic flows. uplinks.

For more information see, Configuring the WAN Uplink.

Enhancements to PMK Caching Timeout Interval

HPE Aruba Networking Central now supports PMK Pairwise Master Key. PMK is a shared secret key that is generated after PSK or 802.1X authentication. caching timeout in APs running AOS 10 10.4.1.0, AOS 10.5.1.0, or later versions.

For more information, see Configuring System Parameters for an AP.

Enhanced Routing Capacity for 9240 Platform

The 9240 gateway platform has been enhanced to support a route table size of 64K routes, doubling its previous capacity of 32K routes.

Gateways

The following Gateway enhancements are introduced in this release:

Config Failure Status Directs to Configuration Audit Page

In the event of configuration failure, HPE Aruba Networking Central now allows you to click on the Config Failure status in the Summary page and move directly to the configuration audit page.

For more information, see Summary Tab in Gateway Dashboard

Global Firewall Parameters Supports IPv6

You now have the option to configure global firewall parameters via IPv6 processing in Gateways.

For more information, see Configuring Global Firewall Parameters

Important Information for WAN Compression on VPNC Groups

Following are the important points to note for WAN compression on VPNC groups:

  • For VPNC groups created in releases prior to HPE Aruba Networking Central 2.5.8 and upgraded to AOS 10.6.0.0, you must use NBAPI to enable WAN compression on the VPNC group.

  • For VPNC groups created in HPE Aruba Networking Central 2.5.8 release with compression enabled on Branch group tunnels terminating at the VPNC, it is recommended to upgrade the VPNC to AOS 10.6.0.0.

Important Upgrade Information for HPE Aruba Networking9000 Series, 9100 Series, and 9200 Series Gateways

Upgrading to AOS 10.6.0.0 will take longer than usual as we will be automatically upgrading the BIOS version to support additional functionality in the future. This upgrade is estimated to take up to 15 minutes and should not be interrupted for any reason. Power failures and interruptions during the upgrade may make the gateway unusable. Please use caution and plan accordingly.

Increase in the Number of Hubs in a Topology

You can now configure up to 32 hubs, or 16 hub groups, in a branch mesh topology. For more information, see Setting Data Center Preference.

Support for Dynamic VLAN Probing

HPE Aruba Networking Central now supports dynamic VLAN probing when new users connect to a VLAN in a gateway cluster. This feature initiates VLAN probing automatically by detecting and validating VLANs associated with the first user in a cluster.

For more information, see Dynamic VLAN Probing.

Support for TLS to Configure Syslog Servers

HPE Aruba Networking Central now allows you to secure log messages sent to an external logging server using the TLS parameter in the HPE Aruba Networking Central app. Under Manage > Devices > Gateways, click a gateway to view the gateway context and navigate to System > Logging > Add New Syslog Servers to use the TLS parameter.

For more information, see Configuring Syslog Servers.

Enhancement to PPPoE Operation

Prior to ArubaOS version 10.6, enabling PPPoE Point-to-Point Protocol over Ethernet. PPPoE is a method of connecting to the Internet, typically used with DSL services, where the client connects to the DSL modem. on a VLAN assigned to a trunk port restricted the port's use to only that VLAN. This often resulted in communication issues with other VLANs, particularly when multiple VLANs were required on the same trunk port. Some PPPoE modems require gateways to support multiple VLANs on the uplink port: one for data traffic to the internet and another for modem control plane operations. Therefore, with the introduction of ArubaOS version 10.6, enabling PPPoE on a trunk port with multiple VLANs is a supported configuration. This enhancement is designed to ensure effective PPPoE operation on trunk ports while maintaining the integrity and functionality of other VLANs associated with the trunk. For more information, see Configuring WAN Interface for an AOS-10 Branch Gateway.

Ignore MTU Support

You now have the option to ignore MTU mismatch check between OSPF Open Shortest Path First. OSPF is a link-state routing protocol for IP networks. It uses a link-state routing algorithm and falls into the group of interior routing protocols that operates within a single Autonomous System (AS). neighbors. For more information, see Enabling OSPF Configuration on VLAN Interfaces.

Security

IDPS

Listed below are the feature enhanced for IDPS:

  • IDPS-Supported GatewaysHPE Aruba Networking 9114 and HPE Aruba Networking 9240 gateways support the IDPS feature and its functionalities. They are added to the list of IDPS-supported gateways.

    For more information, see Preparing to add IDPS-Supported Gateways.

  • Selective Inspection —A new threat vector namely the Netaliases is introduced for Selective Inspection. You can use this option individually or in conjunction with Roles threat vector to define rules for the selective inspection.

    For more information, see Manage Selective Inspection.

  • Threat Data to SIEM —Threat data is sent in batches in the .gzip format to the Splunk server. The Category, Name, and Severity parameters are added to the alert detail.

    For more information, see Configure SIEM.

  • Threats List —The title for User Role column is changed to Client Role in the Threats List table.

    For more information, see Viewing the Threats List.