What's New

Important Notes

New Features

The following sections provide an overview of the new features that are added to Aruba Central On-Premises in this release.

HPE GreenLake Account Home

The following section lists the features of HPE GreenLake account home:

Accessing Aruba Central On-Premises Account

The Aruba Central On-Premises app Short form for application. It generally refers to the application that is downloaded and used on mobile devices. must now be accessed from HPE GreenLake account home using the Dashboard. For more information, see the Accessing Aruba Central On-Premises.

Features Moved Within Aruba Central On-Premises

The following features are now moved to a different path within Aruba Central On-Premises:

Device Pre-provisioning

The Device Pre-provisioning feature was earlier available on the Account Home page of Aruba Central On-Premises and it is now moved to the Organization page (Organization > Network Structure > Device Preprovisioning) within Aruba Central On-Premises

For more information, see Device Preprovisioning.

Integration with UXI Sensors

Aruba Central On-Premises supports integration with User Experience Insight (UXI) sensors that enables you to monitor the network health of a specific site from the end user perspective as seen by UXI sensors.

In Aruba Central On-Premises, the UXI sensor monitoring data is available in the Network Health dashboard. To access the dashboard in the Aruba Central On-Premises app, set the filter to Global. Under Manage, click Overview > Network Health to access the dashboard.

The UXI field in the Network Health card displays the network health of a wireless environment in a site. This information is displayed when there is at least one UXI sensor deployed in the site. Clicking on the UXI field redirects to the UXI Dashboard for further troubleshooting.

For more information about Aruba Central On-Premises integration with UXI sensors, see User Experience Insight Sensors Integration.

Aruba Central On-Premises APIs

This release introduces the following changes to Aruba Central On-Premises APIs:

Following are the APIs introduced:

AOS-S APIs

Following APIs are introduced in the Configuration > AOS-S category:

  • [GET]:
    • /configuration/v1/aos_switch/ports/groups/{group_name}
    • /configuration/v1/aos_switch/ports/devices/{device_serial}

    • /configuration/v1/aos_switch/vlans/groups/{group_name}
    • /configuration/v1/aos_switch/vlans/devices/{device_serial}

  • [PUT]:
    • /configuration/v1/aos_switch/ports/groups/{group_name}

    • /configuration/v1/aos_switch/ports/devices/{device_serial}

    • /configuration/v1/aos_switch/vlans/groups/{group_name}
    • /configuration/v1/aos_switch/vlans/devices/{device_serial}

Pre Provisioned Group APIs

The following API is introduced in the Configuration > Pre Provisioned Group category:

  • [POST]:
    • /configuration/v1/preassign

For more information, see New APIs.

Radius Server User Roles

New user role mappings are now available for radius server users. These new roles cannot be assigned with custom roles, if the role names match with predefined roles. For more information about radius server user roles, see Configuring a RADIUS Authentication and Authorization .

Support for 9240 Mobility Controller

Aruba Central On-Premises supports the Aruba 9240 Mobility Controller in discovery and monitoring. After Aruba Central On-Premises discovers these controllers, you can receive diagnostics, reports, and triggers for these controllers.

For a complete list of supported products, see Aruba Central (on-premises) Supported Devices Guide.

Enhancements

The following sections provide an overview of the enhancements introduced in Aruba Central On-Premises in this release.

Alerts and Events

The following alert and event enhancement is introduced in this release.

Blocking Alert and Events visibility

The Alerts & Events pane is not visible to users who do not have edit or view permission to the Alerts and Events module.

For more information, see Alerts & Events Dashboard.

Central System Alerts

The following five new Central System alerts are added in Aruba Central On-Premises:

  • ILO Fans Status
  • ILO Network Status
  • ILO Power Supply Status
  • ILO Storage Status
  • ILO Temperature Status
  • COP Certificate Expiry Status
  • COP Certificate Revocation Status

For more information, see Central System Alerts.

Aruba Central On-Premises UI Access and Permissions

User and role management is now available on HPE GreenLake account home. The administrator must assign appropriate permissions to users and roles, to access the UI User Interface. pages on Aruba Central. For example, the users can view labels and sites if they have the View or Edit permission assigned for label and site management.

Users can configure the features on Aruba Central On-Premises only if they have the Edit permission assigned for the feature. For example, the users can configure labels and sites on Aruba Central only if they have the Edit permission assigned for label and site management configured in HPE GreenLake account home.

The administrator must assign groups to users after assigning the Aruba Central On-Premises role. The users can see the list of allowed groups from HPE GreenLake account home.

If a new group is created on Aruba Central On-Premises and if the all groups option is not selected for the user on the account home, then the administrator must assign that group to the user, and only after that, the group name appears on Aruba Central On-Premises.

For more information about the user roles, see Managing Users and Roles.

Enabling Application Visibility at Client and Site Level for Campus APs

Aruba Central On-Premises supports Application Visibility feature at client or site level for Campus APs. To enable the Application Visibility feature, the firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. visibility sessions telemetry must be grouped based on the same BSSID Basic Service Set Identifier. The BSSID identifies a particular BSS within an area. In infrastructure BSS networks, the BSSID is the MAC address of the AP. In independent BSS or ad hoc networks, the BSSID is generated randomly. and sent to Aruba Central On-Premises server.

For more information, see Enabling Application Visibility at Client and Site Level.

ESSID configuration in WLAN SSID profile

In Aruba Central On-Premises, ESSID Extended Service Set Identifier. ESSID refers to the ID used for identifying an extended service set. field on the WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. configuration page allows you to specify the identifier that serves as an identification and address for the device to connect to a wireless router, which can then access the Internet.

For more information, see Configuring Wireless Network Profiles on IAPs.

Integrated Management of Template Variables for AOS-S Stacks

Aruba Central On-Premises introduces integrated management of template variables for an AOS-S stack to keep the variables of all members in sync. All the stack members are automatically synced with the same set of variables when you upload or edit variables using the UI or Aruba Central On-Premises API.

For more information, see Integrated Management of Template Variables for AOS-S Stacks.

Setup NTP

The following enhancements are made to the Setup NTP CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.:

  • All the nodes in a multi-cluster must synchronize to the same NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. server. Run the command NTP/Timezone info to verify if all the nodes are synchronized with the same NTP server. To run the NTP/Timezone info, enter command option 2 from the show configuration menu.
  • If Setup NTP is executed after the cluster is configured, then the modified details of NTP server is updated to the cluster. Otherwise, it is updated only to the node.

For more information, see Setup NTP.

Multiple FQDNs

As a part of Aruba Central On-Premises 2.5.5 upgrade, Aruba Central On-Premises now requires multiple FQDNs to be configured for Aruba Central On-Premises cluster.

The FQDNs created must resolve to the same cluster IP address (VIP). The new FQDNs should be in the format mentioned below:

  • cluster_fqdn
  • central-<cluster_fqdn>
  • apigw-<cluster_fqdn>
  • ccs-user-api-<cluster_fqdn>
  • sso-<cluster_fqdn>

For more information, see Aruba Central On-Premises Installation and Setup Guide.

Certificate Management

The following changes are introduced in this release.

Certificate Revocation Check

Aruba Central On-Premises now validates the revocation status of the client certificates. A certificate revocation check validates a TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. or SSL Secure Sockets Layer. SSL is a computer networking protocol for securing connections between network application clients and servers over the Internet. protocol before its scheduled expiration date. A certificate should be revoked immediately when its private key The part of a public-private key pair that is always kept private. The private key encrypts the signature of a message to authenticate the sender. The private key also decrypts a message that was encrypted with the public key of the sender. is compromised or when the domain for which it was issued is no longer operational.

Under Maintain, click OrganizationNetwork Structure tab, and click the Certificates tile. In the Certificates page, click the Enable revocation check toggle switch to enable certificate revocation check.

For more information, see Certificate Revocation.

Captive Portal Certificates

The Device Certificates accordion is renamed to Captive Portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. Certificates in the WebUI.

Under Maintain, click OrganizationNetwork Structure tab, and click the Certificates tile. In the Certificates page, expand the Captive Portal Certificates accordion to view and configure captive portal certificates.

For more information, see Captive Portal Certificates.

Supported Services for Server Certificates

The Services Supported drop-down list allows you to select the following services that are supported by the server certificate:

  • Web UI And API Gateway
  • Device

Under Maintain, click OrganizationNetwork Structure tab, and click the Certificates tile. In the Certificates page, expand the Appliance Certificates accordion and click + to access the Services Supported parameter under Add Certificate dialog box.

For more information, see Appliance Certificates.

Syslog Server

Aruba Central On-Premises now supports TCP Transmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. and Secure TCP connection types to the Syslog server. When you select Secure TCP as the type of connection to the Syslog server, ensure to upload a CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. certificate for the Syslog server in the Organization > Network Structure > Certificates page.

In addition to alerts, Aruba Central On-Premises now sends audit trail messages as syslog messages to the Syslog server. Aruba Central On-Premises sends the syslog messages to the Syslog server in the Common Event Format (CEF Common Event Format. The CEF is a standard for the interoperability of event or log-generating devices and applications. The standard syntax for CEF includes a prefix and a variable extension formatted as key-value pairs.) format. The CEF format is a log management standard that uses a standardized logging format so that data can easily be collected and aggregated for analysis by an enterprise management system.

For more information, see SysLog Server Details.

Trunk Group Configuration

If your AOS-S switches are running 16.10.0013 or later firmware versions:

  • You can remove the untagged VLAN from the trunk group at the group and device levels. At the group level, if you remove untagged VLAN from the devices running the firmware prior to the 16.10.0013 version, an event will be logged in the Audit Trail page stating that the untagged VLAN deletion is not supported.
  • You must either configure tagged VLAN or untagged VLAN as a mandatory parameter for the trunk group.

For more information, see Configuring Trunk Groups on AOS-S Switches in UI Groups.

Aruba Central On-Premises APIs

Following are the API changes and enhancements.

Group APIs

The following API is enhanced in the Configuration > Group category:

  • [GET]:
    • /configuration/v2/groups

Pre Provisioned Group APIs

The following API is deprecated in the Configuration > Pre Provisioned Group category:

The location for this API now moved within Configuration > Pre Provisioned Group. In previous release, It was placed under Device Management.

  • [POST]:
    • /device_management/v1/group/assign

User Management APIs

The following APIs are enhanced in the User Management > Roles category:

For more information, see Modified API and Deprecated API.

RAPIDS

Aruba Central On-Premises now enables manual classification of rogue devices through Security > RAPIDS Rogue Access Point identification and Detection System. An AMP module that is designed to identify and locate wireless threats by making use of all of the information available from your existing infrastructure. > Rogues > Manually Contained. Manual classification enables rogue containment against the selected AP. You can reclassify rogue devices as rogues, neighbors, or manually contained.

For more information, see RAPIDS.

External Services - SNMP Trap Destinations

On the Maintain > System Management > External Services page, you can configure the SMTP Simple Mail Transfer Protocol. SMTP is an Internet standard protocol for electronic mail transmission. server settings, syslog servers, and SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention.  traps destination. Along with configuring SNMP traps destination version 2 (v2), Aruba Central On-Premises now supports configuration of SNMP version 3 (v3).

For more information, see Viewing Audit Trail.

Audit Trail

Audit Trail page now shows the total number logs generated for all unsuccessful user login attempts.

For more information, see Viewing Audit Trail.