Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
What's New in HPE Aruba Networking Central 2.5.8-AOS-10.6
The following sections provide an overview of the new features and enhancements that are added to HPE Aruba Networking Central 2.5.8 and AOS 10.6 release.
New Features in HPE Aruba Networking Central 2.5.8
AI Ops
The following is the new AI Artificial intelligence (AI) is the simulation of human intelligence processes by machines, especially computer systems. AI reduces trouble tickets by identifying the network entity that is facing problems through event correlation and root cause analysis. Ops feature added in this release:
AI Insights
The following new insight is added in the AI Insight dashboard:
AI-Driven Power save Config Recommendation for Access Points—HPE Aruba Networking Central now supports Power Save AP recommendations for Access Points at the Device level. This insight will display the power save recommended APs from the list of access points present in the network. To implement the recommended configuration for the Power Save APs, you can set the power save profile configuration at the AP or Group level from the AP configuration page, Advanced Settings to either of the following:
-
Automatic
-
Manual
For more information, see AI-Driven Power Save Configuration Recommendation for Access Points.
This is a selectively available feature. Contact your Account Manager to enable it in your HPE Aruba Networking Central account.
AI Search
HPE Aruba Networking Central is an AI-powered Network Management Solution for Enterprise Networks. It is now equipped with a GenAI-driven Search bar. By integrating the latest advancements in AI/ML and leveraging sophisticated Large Language Models (LLMs), the Search bar transcends the capabilities of conventional search functions.
The Search bar now creates pathways by providing direct links to both the user interface and the TechDocs WebHelp. This integrated approach ensures that users have immediate access to detailed information, offering depth and context at their fingertips.
For more information, see Using the Search Bar.
APIs
Listed below are APIs Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. introduced in this release:
API Category | New APIs |
---|---|
Cloud Connect > Cloud connect |
|
|
|
|
|
|
|
Device Replacement > Offline Devices |
|
Device Replacement > Request Replacement |
|
Device Replacement > Check Compliance |
|
Device Replacement > Initiate Replacement |
|
Device Replacement > Cancel Replacement |
|
Device Replacement > Devices Under Replacement |
|
Device Replacement > Devices Status |
|
Device Replacement > Devices count |
|
Device Replacement > Get MSP Managed Service Provider. The Managed Service Provider (MSP) mode is a multi-tenant operational mode that Aruba Central accounts can be converted into, provided these accounts have subscribed to the Aruba Central app. customers |
|
Device Replacement > MSP Replacement Count |
|
Device Replacement > MSP replacement detail |
|
Monitoring > Switch |
|
|
|
|
|
|
|
|
For more information, see Changes to HPE Aruba Networking Central APIs
Certificates
The following is the new certificate feature added in this release:
Edit a Certificate
Starting from HPE Aruba Networking Central 2.5.8, users can edit an existing custom certificate listed in the Certificate Store table. For more information, see Editing a Certificate.
Gateways
The following are the new Gateway features added in this release:
Configure Static Host List for LAN Interfaces
You now have the option to configure Static Host List for LAN Local Area Network. A LAN is a network of connected devices within a distinct geographic area such as an office or a commercial establishment and share a common communications line or wireless link to a server. Interfaces.
For more information, see Configuring Static Host List for LAN interfaces
Support for Overlay Route Drop Mechanism
The overlay route drop mechanism is a feature designed to enhance network security, specifically by ensuring that traffic is not inadvertently rerouted over the underlay network when SD-WAN Software-Defined Wide Area Network. SD-WAN is an application for applying SDN technology to WAN connections that connect enterprise networks across disparate geographical locations. overlay routes are unavailable. For more information, see Configuring Overlay Route Drop Mechanism.
Gateway supports HPE Aruba Networking 9106
The HPE Aruba Networking Gateway now supports HPE Aruba Networking 9106 with AOS 10.6 and later versions that function as Branch Gateways.
For more information, see Supported Gateways.
Support for WAN Uplink Backup Health Check
If the Backup health check is enabled and the destination address is reachable, the WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. Status for the uplink will be displayed as Healthy under WAN Monitoring.
For more information, see Configuring Uplink Interfaces on Branch Gateways.
Configure Gateway Device Flash Memory Usage Alert
You can now configure device flash memory usage alert for gateways. Alert will be triggered when a gateway flash memory usage has exceeded 80% threshold.
For more information, see Gateway Alerts.
Instant APs
The following are the new Instant AP features added in this release:
Support for AP System Location
HPE Aruba Networking Central now displays the system location of an AP. For more information, see Configuring System Parameters for an IAP
Support for Free Channel Index Configuration
HPE Aruba Networking Central now allows you to set the free channel index for an AP. For more information, see Configuring Radio Parameters.
Support for Honor 40 MHz Intolerance for APs
HPE Aruba Networking Central now supports 40 MHz Megahertz Intolerance for APs that decides whether the APs using this radio profile will advertise intolerance of 40 MHz operation. This feature is disabled by default. For more information, see Configuring Radio Parameters.
Support for IPv6 RA and ND Optimization in WLAN SSIDs
HPE Aruba Networking Central now supports IPv6 RA Router Advertisement. The RA messages are sent by the routers in the network when the hosts send multicast router solicitation to the multicast address of all routers. and ND optimization that allows local IPv6 hosts to automatically configure their own IP address based on information advertised by switches or routers operating on the network. For more information, see Configuring Advanced Settings for a WLAN SSID Profile.
Support for Non-DFS Channels
HPE Aruba Networking Central now allows you to select the non-DFS Dynamic Frequency Selection. DFS is a mandate for radio systems operating in the 5 GHz band to be equipped with means to identify and avoid interference with Radar systems. valid channels only for 5 GHz Gigahertz. bands Band refers to a specified range of frequencies of electromagnetic radiation.. For more information, see Configuring ARM Features for Instant APs in AOS-8
Support for SSH Timed Account Lockout
HPE Aruba Networking Central now supports SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. Timed Account Lockout feature on APs without any RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. server that allows an administrator to configure the number of unsuccessful authentication attempts to authenticate remotely. For more information, see Configuring Users Accounts for the IAP Management Interface.
Support for Zero Wait DFS
HPE Aruba Networking Central now supports zero wait DFS that provides seamless change of radio channels and to avoid the period of no transmission. Zero wait DFS can be configured for the 5 GHz and secondary 5 GHz radio profiles. For more information, see Configuring Radio Parameters.
Updates to Certificate Usage Verbiage for RadSec
In the HPE Aruba Networking Central UI, the RadSec and RadSec Certificate Authority is renamed to RadSec Client Cert and RadSec CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. respectively. For more information, see Mapping IAP Certificates.
MSP
The following are the new MSP features added in this release:
MSP Deployment Scenarios
Please contact your HPE GreenLake sales representative or your HPE HPE Aruba Networking account manager to enable the Deployment Model 2 or Deployment Model 3 feature in your HPE GreenLake workspace. For more information see: End-Customer Owns Both Devices and Subscriptions But MSP Manages (Deployment Model 2) and Hybrid MSP Deployment Model (Deployment Model 3).
MSP Group Supports AOS-10 Gateway
The AOS-10 architecture and gateway configuration are supported in this release. For more information, see Creating an MSP Group Persona with AOS-10 Architecture.
AOS-CX support for MSP
AOS-CX Groups are supported at the MSP level.
For more information, see MSP Groups for AOS-CX.
Security
HPE Aruba Networking Central Cloud Connect
HPE Aruba Networking Central now allows you to integrate Palo Alto Prisma Access with HPE Aruba Networking Cloud Connect to orchestrate the deployment of HPE Aruba Networking EdgeConnect SD-Branch gateways or Branch Gateway groups and Microbranch APs or AP groups. For more information, see Integration of Cloud Connect with Palo Alto Prisma Access.
NetConductor
The following are the new NetConductor features added in this release:
-
Configuration for System VLAN-Client-Presence for Fabric Fabric is a group of AOS-CX Switches that are part of the BGP-EVPN VXLAN overlay. The overlay fabric is created by configuring VXLAN tunnels between stub and edge Switches. This is in context to Aruba Central NetConductor. Wizard—NetConductor now supports a toggle for VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. Client Presence Detect to disable the VNI VXLAN Network Identifier refers to VXLAN network identifier or VXLAN segment ID. mapped VLANs if there are no authenticated clients on the VLAN, or if the VLAN has no statically configured ports and those ports are up.
For more information, see Setting Up an Overlay Fabric.
-
Muti-Fabric EVPN Overview—NetConductor now supports Muti-Fabric EVPN deployment provides end-to-end segmentation across SD-WAN Fabric by carrying the VRF Virtual Routing and Forwarding. VRF is a technology that allows multiple instances of a routing table to co-exist within the same router. and Role information natively in the data-plane.
For more information, see Muti-Fabric EVPN Overview .
-
RIB-to-FIB Forwarding Information Base. FIB is a forwarding table that maps MAC addresses to ports. FIB is used in network bridging, routing, and similar functions to identify the appropriate interface for forwarding packets. Optimization Knob for Fabric Wizard—NetConductor now supports FIB Optimization to optimize unused host routes.
For more information, see Setting Up an Overlay Fabric.
-
Support for Extended Edge Edge is a device persona that connects endpoints to the fabric. Fabric Persona and Fabric Designs—NetConductor now supports extended edge fabric persona and provides two types of Fabric Design options Routed-Access and Scaled-Access Design.
For more information, see Overlay Fabric Overview .
-
VSX Virtual Switching Extension. VSX is a virtualization technology for aggregation/core switches running the AOS-CX operating system. This solution lets the switches present as one virtualized switch in critical areas. Support for Campus Access Aggregation in Network Wizard —NetConductor now supports a checkbox to specify the VSX pair in the Access-Aggregration when configuring a a Campus (3 tier L3 access) Underlay Network.
For more information, see Setting Up a Campus (3 tier L3 access) Underlay Network.
Cloud Authentication and Policy
The following is the new Cloud Authentication and Policy feature added in this release:
-
Support for Okta Workforce Identity Cloud—HPE Aruba Networking Central now supports Okta Workforce Identity Cloud identity provider in the Cloud Auth Cloud Authentication and Policy allows you to configure user and client access policies that provide a secured, cloud-based network access control (NAC). application.
For more information, see Okta Workforce Identity Cloud.
-
Dual Layer User Policy — Cloud Authentication and Policy supports the dual layer user policy wherein the administrator can configure user policies based on group membership and client tags. Users will now be able to configure advanced user policies by incorporating the tags from Client Insights into user access policy decisions. For more information, see Editing User Access Policy.
Switches
The following are the new Switch features added in this release:
IPv6 Support
Starting from HPE Aruba Networking Central 2.5.8, users can onboard, monitor their devices, and upgrade the AOS-CX firmware over IPv6 or dual stack networks. For more information, see AOS-CX Overview.
Advanced License for AOS-CX Switch Features
Some of the AOS-CX switch features require HPE Aruba Networking Central Advanced licenses. A notification message is displayed indicating that a valid advanced license is required for the Fabric Overlay, Network Underlay workflows, and for AOS-CX Advanced Feature Pack using MultiEdit MultiEdit mode allows configuring single or multiple AOS-CX switches using the CLI syntax. You can also view the difference between the Central running configuration and the switch running configuration.. You can acknowledge the message by clicking the close button. The notification message is user-specific. Once the message is closed, it will not be displayed for the same user, but the message will be displayed for other users. Also, the message acknowledgment needs to be done independently for each feature. For more information, refer to the AOS-CX switches Feature Pack Ordering Guide and EULA End User License Agreement. EULA is a legal contract between a software application publisher or author and the users of the application..
One Touch Provisioning of AOS-CX Switches using the Installer Mobile App
The Installer mobile app now supports the one-touch provisioning (OTP) of AOS-CX switches workflow. Using this workflow, the administrator can configure an AOS-CX with some basic configuration settings through the Installer mobile app. You can configure either a standalone AOS-CX switch or a VSF Virtual Switching Framework. VSF allows network administrators to stack multiple individual switches into a single logical device using standard Ethernet links. stack. For more information, see One Touch Provisioning of AOS-CX Switches using Aruba Installer Mobile App.
New Hardware Platforms
The following are the newly supported APs in HPE Aruba Networking Central 2.5.8 release:
-
AP-605H
-
AP-675
-
AP-677
-
AP-679
For more information on supported devices, see Supported Instant APs.
Enhancements in HPE Aruba Networking Central 2.5.8
Alerts and Events
The following Alerts & Events enhancements are introduced in this release:
AOS-CX Switch Alerts
-
Switch Uplink Port Usage—Generates an alert when the total uplink port usage of a switch at a site exceeds the configured value within the specified duration.
-
Switch Routing Neighbor Status Change—Generates an alert when the current status of the BGP Border Gateway Protocol. BGP is a routing protocol for exchanging data and information between different host gateways or autonomous systems on the Internet. neighbor changes from up (established) to down.
-
Switch NAE Network Analytics Engine. The NAE feature within AOS-CX switches is a framework for automating the detection of issues and automating root cause analysis. Agent Status—Generates an alert when an NAE agent hits a condition that requires to be reported. This alert is disabled by default. This alert is supported only on AOS-CX switches running 10.13.1000 or later versions. This alert is generated only for the following NAE agent scripts:
-
routing_health_monitor
-
EVPN_VXLAN Virtual Extensible LAN creates virtual networks overlaid on a physical network.
-
Client Services
-
VSF_agent
-
VSX
-
default_agent
-
AOS-CX Switch Events
Support for the AOS-CX switch events in the following categories are now available in HPE Aruba Networking Central:
-
Services
-
Routing
-
Interface
-
Hardware
-
Overlays
For more information about the AOS-CX switch events, navigate to the AOS-CX Switch Software Documentation Portal. In the AOS-CX Switch Software Documentation portal, navigate to a switch model and click the View software feature and user guides (HTML) link. Click Software Release Version listed next to the Event Log Message Reference Guide to view the events for the software release version selected.
Gateways Logs
While uploading log files under Manage > Devices > Gateway > Tools > Logs, you can now prepare and upload packet capture log files at a later time. You can schedule the date and time when you want to upload the log files. For more information, see Enabling Gateway Logs.
APIs
Obtaining Token Using OAuth Grant Mechanism
The rate limit is set to 1 access token per 30 minutes when you generate a new access token for a client ID using the OAuth Open Standard for Authorization. OAuth is a token-based authorization standard that allows websites or third-party applications to access user information, without exposing the user credentials. Grant Mechanism. For more information, see Obtaining Token Using OAuth Grant Mechanism topic.
REST APIs
Listed below are the REST Representational State Transfer. REST is a simple and stateless architecture that the web services use for providing interoperability between computer systems on the Internet. In a RESTful web service, requests made to the URI of a resource will elicit a response that may be in XML, HTML, JSON or some other defined format. APIs available in swagger that are enhanced in this release.
API Category |
Modified APIs |
---|---|
Authentication & Policy |
|
|
|
Ble Beacon Service |
|
|
|
Configuration > AP Configuration |
|
|
Listed below are APIs removed in this release.
API Category |
Removed APIs |
---|---|
|
|
Monitoring > Network |
|
|
|
UnitedCommunications |
|
For more information, see Changes to HPE Aruba Networking Central APIs.
Applications
AirGroup - Follow-the-User
HPE Aruba Networking Central supports personal device accessibility by device owners from any location beyond the on-hop neighborhood, within the network. For more information, see AirGroup.
AirGroup - Personal Device Visibility and Sharing
HPE Aruba Networking Central supports sharing of personal devices by device owners across the network, using CloudGuest. For more information, see Sharing of Personal Devices.
BLE Beacon Service Support for Open Locate Beacon
The Open Locate advertising format enables you to broadcast LCI details. Open Locate only supports auto configuration method. If Open Locate is configured from the UI, then Measured Power and Geo Location information is broadcast. If the profile is configured using API, then you can configure more options such as Measured Power, Geo Location, Floor Location, Identity, URL Uniform Resource Locator. URL is a global address used for locating web resources on the Internet., and Signature.
For more information see, Configuring IoT BBS Profile for AOS-10 APs.
IoT Operations - Group Support
HPE Aruba Networking Central now supports group-level configurations only for IoT Internet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet. connectors, as well as applications and transport profile configurations. For more information, see HPE Aruba Networking IoT Operations.
This is selectively available Aruba Central feature. Contact your Aruba Account Manager to enable it in your Aruba Central account.
IoT Operations - Application Developer Portal (ADP)
HPE Aruba Networking Central supports the IoT Application Developer Portal (ADP Aruba Discovery Protocol. ADP is an Aruba proprietary Layer 2 protocol. It is used by the APs to obtain the IP address of the TFTP server from which it downloads the AP boot image.), which provides an interface for IoT application developers to manage their IoT applications lifecycle, while offering easy to use workflows for creating, modifying, versioning and publishing IoT applications. For more information, see Application Developer Portal (ADP).
This is selectively available Aruba Central feature. Contact your Aruba Account Manager to enable it in your Aruba Central account.
The following Applications enhancements are introduced in this release:
Unified Communications Support for Zoom
HPE Aruba Networking Central supports Zoom as an Unified Communications application. Identification, prioritization and visibility is provided for Zoom audio calls. Zoom media traffic is tagged with the applicable and configured WMM Wi-Fi Multimedia. WMM is also known as WME. It refers to a Wi-Fi Alliance interoperability certification, based on the IEEE 802.11e standard. It provides basic QoS features to IEEE 802.11 networks. WMM prioritizes traffic according to four ACs: voice (AC_VO), video (AC_VI), best effort (AC_BE), and background (AC_BK)./DSCP Differentiated Services Code Point. DSCP is a 6-bit packet header value used for traffic classification and priority assignment. priority. Visibility of the Zoom audio sessions is available in the Unified Communications list and summary views and CDR Call Detail Record. A CDR contains the details of a telephone or VoIP call, such as the origin and destination addresses of the call, the start time and end time of the call, any toll charges that were added through the network or charges for operator services, and so on.. For more information, see Unified Communications.
Unified Communications Reports
HPE Aruba Networking Central supports Unified Communications reports. Unified Communications reports may be created or scheduled from the > > > page. For more information, see Unified Communications Reports.
Gateways
The following Gateway enhancements are introduced in this release:
Config Failure status directs to configuration audit page.
In the event of configuration failure, HPE Aruba Networking Central now allows you to click on the Config Failure status in the Summary page and move directly to the configuration audit page.
For more information, see Summary Tab in Gateway Dashboard
Global Firewall Parameters supports IPv6
You now have the option to configure global firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. parameters via IPv6 processing in Gateways.
For more information, see Configuring Global Firewall Parameters
Support for TLS to Configure Syslog Servers
HPE Aruba Networking Central now allows you to secure log messages sent to an external logging server using the TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. parameter in the HPE Aruba Networking Central app. Under > > , click a gateway to view the gateway context and navigate to > > Add New Syslog Servers to use the TLS parameter. For more information, see Configuring Syslog Servers.
Install Manager
The following is the new Install Manager feature added in this release:
Install Manager Support
Starting HPE Aruba Networking Central 2.5.8, you can assign all sites to an installer using the Select All option in the Add Installer page. For more information, see Add an Installer and Assign Sites for Installation and Generate a QR Code and Assigning Sites for Installation
Instant APs
The following Instant AP enhancements are introduced in this release:
Configuration Support for IP MTU for EAP Fragmentation
HPE Aruba Networking Central now allows you to specify the IP MTU Maximum Transmission Unit. MTU is the largest size packet or frame specified in octets (eight-bit bytes) that can be sent in networks such as the Internet. for EAP Extensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication. fragmentation for an authentication server. For more information, see Configuring External Authentication Servers for IAPs.
Enhancements to EST Certificates
HPE Aruba Networking Central UI now displays the Radsec CA option when Radsec use EST server is enabled. For more information, see Mapping IAP Certificates.
New XML Definition File Added to DHCP Option 82 XML
A new XML Extensible Markup Language. XML is a markup language that defines a set of rules for encoding documents in a format that is both human-readable and machine-readable. definition file, default_dhcpopt82_3.xml, is now added to the DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. Option 82 XML parameter sub-type options. The option is supported only on APs running AOS 10.5.1.0 or later versions.
The
field allows you to define the VLANs for . The maximum number of supported VLANs is 128.For more information, see Configuring System Parameters for an IAP
Support for New USB-based Modems
HPE Aruba Networking Central now extends support for new USB Universal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. -based modems. You can view the complete list of supported USB-based modems in the drop-down list of the USB Device in the Access Points > Security > USB Port Policy > Add Rule page.
Support for 8 WLAN SSID profiles
HPE Aruba Networking Central now allows you to create a maximum number of eight WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID profiles with 6 GHz band. For more information, see Viewing the Wireless SSIDs Table
MSP
The following MSP enhancements are introduced in this release:
Device Replacement in MSP Mode
HPE Aruba Networking Central now supports device replacement workflows in the MSP mode. For more information, see Device Replacement.
Managing Site Installations and SD-WAN Support in MSP
Managing Site Installations for MSPs and SD-WAN Support in MSP Mode are no longer allowlisted features.
For more information, see Managed Service Provider.
Reports
The following enhancement is introduced in this release:
Guest Report
A new option Last 90 Days is added to the Report Period context for Guest report.
For more information, see Report Configuration Options.
Capacity Planning and Infra Inventory Reports
Active and Expired categories are added to the Subscription Utilization widget of Capacity Planning and Infra Inventory reports.
For more information, see Report Categories.
Security
Configure Centralized Firewall Policies from Gateway Configuration Page
For tunnel SSIDs and wired tunnel port profiles, you can configure centralized firewall policies from the gateway configuration page. For AP-Specific policies, navigate to the Security tab.
For more information, see Configuring Access Rule for a WLAN SSID Profile in Tunnel and Mixed Mode.
For microbranch-specific information, see Configuring ACLs for User Access to a WLAN
IDPS
The following IDPS Intrusion Detection and Prevention System (IDPS) monitors, detects, and prevents threats in the inbound and outbound traffic. Aruba IDPS provides an extra layer of protection that actively analyzes the network and takes actions on the traffic flows based on the defined rules. It inspects data packets, and if any threat is identified, acts real-time to prevent it. enhancements are introduced in this release:
-
IDPS-Supported Gateways —HPE Aruba Networking 9114 and HPE Aruba Networking 9240 gateways support the IDPS feature and its functionalities on Branch Gateway and Mobility Gateway personas. They are added to the list of IDPS-supported gateways.
For more information, see Preparing to add IDPS-Supported Gateways.
-
Selective Inspection —A new threat vector namely the Netaliases is introduced for Selective Inspection. You can use this option individually or in conjunction with Roles threat vector to define rules for the selective inspection.
For more information, see Manage Selective Inspection.
-
Threat Data to SIEM Security Incident and Event Management (SIEM) is a server where Aruba IDPS sends the threat data to perform advanced analysis and generate reports. SIEM provides a holistic picture of the security posture by aggregating and correlating data from disparate sources in the network. —Threat data is sent in batches in the .gzip format to the Splunk server. The Category, Name, and Severity parameters are added to the alert detail.
For more information, see Configure SIEM.
-
Threats List —The title for User Role column is changed to Client Role in the Threats List table.
For more information, see Viewing the Threats List.
NetConductor
The following NetConductor enhancement is introduced in this release:
-
Use Switch Fabric for Role Propagation question has been modified to Are roles propagated between AOS 10 Gateways? in the Global Client Roles page to allow more flexibility in terms of what options can be configured.
For more information, see Global Client Roles.
Switches
The following Switches enhancements are introduced in this release:
Advanced License for AOS-CX switch features
Some of the AOS-CX switch features require HPE Aruba Networking Central Advanced licenses. A notification message is displayed indicating that a valid advanced license is required for the MultiEdit, Fabric Overlay and Network Underlay workflows. You can acknowledge the message by clicking the close button. The notification message is user-specific. Once the message is closed, it will not be displayed for the same user, but for other users, the message will be displayed. Also, the message acknowledgment needs to be done independently for each feature. The notification message will reappear every 90 days.
For more information, refer to the AOS-CX switches Feature Pack Ordering Guide and EULA.
Monitoring CPU Utilization in AOS-CX Switches
Starting from this version of HPE Aruba Networking Central, the AOS-CX switches calculate their own average CPU Central Processing Unit. A CPU is an electronic circuitry in a computer for processing instructions. utilization for every five minutes. This feature is supported only on switches running AOS-CX 10.12.xx or later versions.
One Touch Provisioning of AOS-CX Switches using Aruba Installer Mobile App
The Aruba Installer mobile app now supports the one-touch provisioning (OTP) of AOS-CX switches workflow. Using this workflow, the administrator can configure an AOS-CX with some basic configuration settings through the Aruba Installer mobile app. You can configure either a standalone AOS-CX switch or a VSF stack. For more information, see One Touch Provisioning of AOS-CX Switches using Aruba Installer Mobile App.
Template Group
The following Template Group enhancements are introduced in this release:
Enhancements to Template Group Configurations
Starting from this release, when firmware compliance is set for a template group, then the template configuration push will be blocked on all non-compliant devices. The configurations will be pushed to these devices only when a compliant build firmware is downloaded and when the devices are rebooted. For more information, see
Template Group Configurations
HPE Aruba Networking Central now allows users to maximize the Template text box and enter full screen mode while adding or editing configuration text to a template. For more information, see Creating a Configuration Template.
Troubleshooting
The following troubleshooting enhancement is introduced in this release:
Gateways Logs
While uploading log files under Manage > Devices > Gateway > Tools > Logs, you can now prepare and upload packet capture log files at a later time. You can schedule the date and time when you want to upload the log files. For more information, see Enabling Gateway Logs.
New Features in AOS-10.6
AI Ops
The following is the new AI Ops feature added in this release:
AI Insights
The following new insight is added in the AI Insight dashboard:
AI-Driven Power save Config Recommendation for Access Points—HPE Aruba Networking Central now supports Power Save AP recommendations through Net Insight. This insight will display the power save recommended APs from the list of access points present in the network. To implement the recommended configuration for the Power Save APs, you can set the power save profile configuration at the AP or Group level from the AP configuration page, Advanced Settings to either of the following:
-
Automatic
-
Manual
For more, information, see AI-Driven Power Save Configuration Recommendation for Access Points.
This is selectively available Aruba Central feature. Contact your Aruba Account Manager to enable it in your Aruba Central account.
AI Search
HPE Aruba Networking Central is known as the AI-powered Network Management Solution for Enterprise Networks. AI/ML have been extensively used to build the AI Search capabilities that helps customers with their day to day tasks by understanding their intent and presenting them with relevant information on clients, devices and documentation. The Search bar now enables AI search and provides an augmented search experience by leveraging technologies like Large Language Models (LLM).
While searching for a relevant information for any query that you might have, you can type the query on the search bar and a summary for the specific query will be displayed along with the links to the HPE Aruba Networking Central user interface and documentation Webhelp for further detailed information.
For more information, see Using the Search Bar.
Campus and Microbranch APs
The following are the new Campus and Microbranch AP features added in this release:
Display Cell Information
The show cellular cell command displays the cell information of the cellular connection.
Option to Disable Wired Port When Tunnel is Down
You can enable the ability to track the status of the AP tunnel, such that, if the AP tunnel goes down the wired-port mirrors this state. When the AP-tunnel state is restored, the wired-port transitions to an UP state.
For more information, see Configuring General Network Profile Settings. For microbranch-specific information, see Configuring General Network Profile Settings.
Support for AAA Server Groups
For bridged AP SSID deployments, you can create multiple servers and add them in a group. The maximum number of server groups is 32 and the maximum number of authentication servers is 8, in one server group. HPE Aruba Networking Central currently supports RADIUS and RadSec servers within a Server Group definition. Server group is not only supported in wireless SSID profile (mac dot1x cp) but also in wired port profile (mac dot1x cp).
For more information see, Configuring Server Groups. For microbranch-specific information, see Configuring Server Groups for Microbranch APs.
Support for AP System Location
HPE Aruba Networking Central now displays the system location of an AP.
For more information, see Configuring System Parameters for an AP. For microbranch-specific information, see Configuring Properties for Microbranch.
Support for Background Spectrum Monitoring
HPE Aruba Networking Central now supports background spectrum monitoring that provides additional function of monitoring RF Radio Frequency. RF refers to the electromagnetic wave frequencies within a range of 3 kHz to 300 GHz, including the frequencies used for communications or Radar signals. interference (from both neighboring APs and non Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. sources such as, microwaves Electromagnetic energy with a frequency higher than 1 GHz, corresponding to wavelength shorter than 30 centimeters. and cordless phones) on the channel they are currently serving the clients.
For more information, see Configuring Radio Parameters For microbranch-specific information, see Configuring Radio Profile Parameters.
Support for Broadcasting LCI details of an AP
HPE Aruba Networking Central now supports the Open Locate format to broadcast the LCI details of an AP. For more information, see Configuring IoT BBS Profile for AOS-10 APs.
Support for Free Channel Index Configuration
HPE Aruba Networking Central now allows you to set the free channel index for an AP.
For more information, see Configuring Radio Parameters For microbranch-specific information, see Configuring Radio Profile Parameters.
Support for Honor 40 MHz Intolerance for APs
HPE Aruba Networking Central now supports Honor 40 MHz Intolerance. When enabled, the radios will stop using the 40 MHz channels if the 40 MHz intolerance indication is received from another AP or station. This feature is enabled by default.
For more information, see Configuring Radio Parameters For microbranch-specific information, see Configuring Radio Profile Parameters.
Support for IPv6 RA and ND Optimization in WLAN SSIDs
HPE Aruba Networking Central now supports IPv6 RA and ND optimization that allows local IPv6 hosts to automatically configure their own IP address based on information advertised by switches or routers operating on the network.
For more information, see Configuring Advanced Settings for a WLAN SSID Profile. For microbranch-specific information, see Configuring WLAN SSID Settings.
Support for Manual EoGRE Tunnel To Third-Party Devices
HPE Aruba Networking Central now allows you to configure manual EoGRE tunnels to third-party devices. For more information, see Configuring Manual EoGRE Tunnel to Third-Party Devices.
Support for One Touch Provisioning (OTP) for Microbranch APs
To account for circumstances where a microbranch AP requires additional configuration before it can communicate with HPE Aruba Networking Central, HPE Aruba Networking Central now offers One Touch Provisioning (OTP) feature for Microbranch APs.
For more information, see Connecting Microbranch APs to HPE Aruba Networking Central.
This is a selectively available HPE Aruba Networking Central feature. Contact your HPE Aruba Networking Account Manager to enable it in your HPE Aruba Networking Central account.
Support for SSH Timed Account Lockout
HPE Aruba Networking Central now supports SSH Timed Account Lockout feature on APs without any RADIUS server that allows an administrator to configure the number of unsuccessful authentication attempts to authenticate remotely.
For more information, see Configuring Users Accounts for the AP Management Interface. For microbranch-specific information, see Configuring User Accounts in Microbranch.
Support for Personal Wireless Network
During AP configuration, when Cloud Auth is selected as the Radius source, you can turn on Personal Wireless Network. This feature enables you to establish Personal Area Network (PAN) among a set of selected wireless devices in order to exchange information isolated from others on the same network.
For more information, see Personal Wireless Network.
Support for Zero Wait DFS
HPE Aruba Networking Central now supports zero wait DFS that provides seamless change of radio channels and to avoid the period of no transmission. Zero wait DFS can be configured for the 5 GHz and secondary 5 GHz radio profiles.
For more information, see Configuring Radio Parameters For microbranch-specific information, see Configuring Radio Profile Parameters.
Updates to Certificate Usage Verbiage for RadSec
In the HPE Aruba Networking Central UI, the RadSec and RadSec Certificate Authority is renamed to RadSec Client Cert and RadSec CA respectively.
For more information, see Mapping AP Certificates. For microbranch-specific information, see Configuring and Managing Certificates .
Gateways
The following are the new Gateway features added in this release:
Configure Static Host List for LAN Interfaces
You now have the option to configure Static Host List for LAN Interfaces.
For more information, see Configuring Static Host List for LAN interfaces
Custom Tunnel Settings
You can create customized tunnel settings as per your requirement. You can also edit the default tunnel settings. For more information, see Creating Customized Tunnel Settings.
New Hypervisor Support for Virtual Gateways
You can now deploy virtual gateways in VMware ESXi version 8.0.
New Hardware Platforms
The following are the newly supported Aruba APs in ArubaOS 10 ArubaOS 10 (AOS 10) is the distributed network operating system working with Aruba Central that controls Aruba Access Points (APs) and optional gateways..6.0.0 release:
-
AP-634
-
AP-654
The following is the newly supported Gateway in AOS 10.6 release:
- 9106
For more information on supported devices, see Supported Devices for AOS-10.
Enhancements in AOS-10.6
Applications
The following Application enhancement is introduced in this release:
IOT
BLE Beacon Service Support for Open Locate Beacon
The Open Locate advertising format enables you to broadcast LCI details. Open Locate only supports auto configuration method. If Open Locate is configured from the UI, then Measured Power and Geo Location information is broadcast. If the profile is configured using API, then you can configure more options such as Measured Power, Geo Location, Floor Location, Identity, URL, and Signature.
For more information see, Configuring IoT BBS Profile for AOS-10 APs.
Extended Advertisements on BLE 5
BLE Bluetooth Low Energy. The BLE functionality is offered by Bluetooth® to enable devices to run for long durations with low power consumption. extended advertisement scanning allows advertising devices (e.g., BLE devices) to transmit larger advertising packets and allows scanning devices (e.g., Aruba AP’s) to receive and process these extended packets. With this enhancement, packets can now be up to 255 bytes in length. No AOS or Central configuration changes are necessary for Aruba ecosystem partners to utilize this enhancement.
Unified Communications Support for Zoom
HPE Aruba Networking Central supports Zoom as an Unified Communications application. Identification, prioritization and visibility is provided for Zoom audio calls. Zoom media traffic is tagged with the applicable and configured WMM/DSCP priority. Visibility of the Zoom audio sessions is available in the Unified Communications list and summary views and CDR. For more information, see Unified Communications.
Campus and Microbranch APs
The following Campus and Microbranch AP enhancements are introduced in this release:
Configure Power Save on APs
HPE Aruba Networking Central now provides the ability to sleep and wake up APs based on AI-Driven recommendations. The Power Save feature provides an AI-based power-save recommendation to customers' sites or groups with HPE Aruba Networking Wireless Operating System 10 APs.
For more information, see Configuring Power Save Mode on AOS-10 APs.
This is a selectively available HPE Aruba Networking Central feature. Contact your HPE Aruba Networking Account Manager to enable it in your HPE Aruba Networking Central account.
Configuration Support for IP MTU for EAP Fragmentation
HPE Aruba Networking Central now allows you to specify the IP MTU for EAP fragmentation for an authentication server. For more information, see Configuring External Authentication Servers for APs.
Enhancements to EST Certificates
HPE Aruba Networking Central UI now displays the Radsec CA option when Radsec use EST server is enabled. For more information, see Mapping AP Certificates.
Improvements to Cloud-assisted Roaming
General architectural improvements have been made to cloud-assisted roaming to increase the success rate and serviceability of 802.11r 802.11r is an IEEE standard for enabling seamless BSS transitions in a WLAN. 802.11r standard is also referred to as Fast BSS transition. roaming.
Monitoring Support for Power Save Mode on APs
HPE Aruba Networking Central now provides monitoring support for power save mode on APs. For more information, see Monitoring Power Save Mode on AOS-10 APs.
Power Save is supported in this release as a selectively available feature. Contact your Aruba Account Manager to enable it in your Aruba Central account.
New XML Definition File Added to DHCP Option 82 XML
A new XML definition file, default_dhcpopt82_3.xml, is now added to the DHCP Option 82 XML parameter sub-type options. The AOS 10.5.1.0 or later versions.
option is supported only on APs runningThe
field allows you to define the VLANs for . The maximum number of supported VLANs is 128.For more information, see Configuring System Parameters for an AP.
For microbranch-specific information, see Configuring Properties for Microbranch.
Number of User Roles Increased to 128
HPE Aruba Networking Wireless Operating System 10 APs running 10.6.0.0 or higher versions now support a total of 128 user roles. HPE Aruba Networking Wireless Operating System 10 APs running versions lower than 10.6.0.0, support 64 user roles.
For more information see, Configuring User Roles for AP Clients.
Support for MPLS Uplink for Microbranch APs
The WAN framework of Microbranch uplinks is now aligned with SD-WAN Orchestrator framework which enables the same usability for Microbranch uplinks, as well as the use of MPLS Multiprotocol Label Switching. The MPLS protocol speeds up and shapes network traffic flows. uplinks.
For more information see, Configuring the WAN Uplink.
Enhancements to PMK Caching Timeout Interval
HPE Aruba Networking Central now supports PMK Pairwise Master Key. PMK is a shared secret key that is generated after PSK or 802.1X authentication. caching timeout in APs running AOS 10 10.4.1.0, AOS 10.5.1.0, or later versions.
For more information, see Configuring System Parameters for an AP.
Enhanced Routing Capacity for 9240 Platform
The 9240 gateway platform has been enhanced to support a route table size of 64K routes, doubling its previous capacity of 32K routes.
Gateways
The following Gateway enhancements are introduced in this release:
Config Failure Status Directs to Configuration Audit Page
In the event of configuration failure, HPE Aruba Networking Central now allows you to click on the Config Failure status in the Summary page and move directly to the configuration audit page.
For more information, see Summary Tab in Gateway Dashboard
Global Firewall Parameters Supports IPv6
You now have the option to configure global firewall parameters via IPv6 processing in Gateways.
For more information, see Configuring Global Firewall Parameters
Important Information for WAN Compression on VPNC Groups
Following are the important points to note for WAN compression on VPNC groups:
-
For VPNC groups created in releases prior to HPE Aruba Networking Central 2.5.8 and upgraded to AOS 10.6.0.0, you must use NBAPI to enable WAN compression on the VPNC group.
-
For VPNC groups created in HPE Aruba Networking Central 2.5.8 release with compression enabled on Branch group tunnels terminating at the VPNC, it is recommended to upgrade the VPNC to AOS 10.6.0.0.
Important Upgrade Information for HPE Aruba Networking9000 Series, 9100 Series, and 9200 Series Gateways
Upgrading to AOS 10.6.0.0 will take longer than usual as we will be automatically upgrading the BIOS version to support additional functionality in the future. This upgrade is estimated to take up to 15 minutes and should not be interrupted for any reason. Power failures and interruptions during the upgrade may make the gateway unusable. Please use caution and plan accordingly.
Increase in the Number of Hubs in a Topology
You can now configure up to 32 hubs, or 16 hub groups, in a branch mesh topology. For more information, see Setting Data Center Preference.
Support for Dynamic VLAN Probing
HPE Aruba Networking Central now supports dynamic VLAN probing when new users connect to a VLAN in a gateway cluster. This feature initiates VLAN probing automatically by detecting and validating VLANs associated with the first user in a cluster.
For more information, see Dynamic VLAN Probing.
Support for TLS to Configure Syslog Servers
HPE Aruba Networking Central now allows you to secure log messages sent to an external logging server using the TLS parameter in the HPE Aruba Networking Central app. Under > > , click a gateway to view the gateway context and navigate to > > Add New Syslog Servers to use the TLS parameter.
For more information, see Configuring Syslog Servers.
Enhancement to PPPoE Operation
Prior to ArubaOS version 10.6, enabling PPPoE Point-to-Point Protocol over Ethernet. PPPoE is a method of connecting to the Internet, typically used with DSL services, where the client connects to the DSL modem. on a VLAN assigned to a trunk port restricted the port's use to only that VLAN. This often resulted in communication issues with other VLANs, particularly when multiple VLANs were required on the same trunk port. Some PPPoE modems require gateways to support multiple VLANs on the uplink port: one for data traffic to the internet and another for modem control plane operations. Therefore, with the introduction of ArubaOS version 10.6, enabling PPPoE on a trunk port with multiple VLANs is a supported configuration. This enhancement is designed to ensure effective PPPoE operation on trunk ports while maintaining the integrity and functionality of other VLANs associated with the trunk. For more information, see Configuring WAN Interface for an AOS-10 Branch Gateway.
Ignore MTU Support
You now have the option to ignore MTU mismatch check between OSPF Open Shortest Path First. OSPF is a link-state routing protocol for IP networks. It uses a link-state routing algorithm and falls into the group of interior routing protocols that operates within a single Autonomous System (AS). neighbors. For more information, see Enabling OSPF Configuration on VLAN Interfaces.
Security
IDPS
Listed below are the feature enhanced for IDPS:
-
IDPS-Supported Gateways —HPE Aruba Networking 9114 and HPE Aruba Networking 9240 gateways support the IDPS feature and its functionalities. They are added to the list of IDPS-supported gateways.
For more information, see Preparing to add IDPS-Supported Gateways.
-
Selective Inspection —A new threat vector namely the Netaliases is introduced for Selective Inspection. You can use this option individually or in conjunction with Roles threat vector to define rules for the selective inspection.
For more information, see Manage Selective Inspection.
-
Threat Data to SIEM —Threat data is sent in batches in the .gzip format to the Splunk server. The Category, Name, and Severity parameters are added to the alert detail.
For more information, see Configure SIEM.
-
Threats List —The title for User Role column is changed to Client Role in the Threats List table.
For more information, see Viewing the Threats List.