What's New in AOS-8

The command displays the mgmt-server profiles and their corresponding AMON Advanced Monitoring. AMON is used in Aruba WLAN deployments for improved network management, monitoring and diagnostic capabilities. messages, providing more visibility into the monitoring data.

DPDK is upgraded to version 22.11.7 in all x86-based platforms and new 9106 platforms to enhance stability.

Increased the size of the error.log files from 0.28 MB to 4.5 MB in order to facilitate troubleshooting in all platforms.

This release includes enhancements in accessibility features.

• Luminosity Contrast Fix: Improved the contrast ratio on the Managed Network page to ensure better visibility and readability for users with visual impairments.

• Enhanced Keyboard Accessibility: Tab elements and table headers on the Access Points and Services pages now support keyboard navigation to ensure a smoother and more intuitive experience for users who navigate without a mouse.

• Enhanced Alerts for Screen Readers: Improved the alerts with labels in multiple pages to ensure screen readers can notify users of any pop-ups or messages.

AOS-8.13.1.0 adds support for Ubuntu 24.04 LTS, enabling smoother integration with the Linux kernel, and enhancing security and stability.

AOS-8.13.0.0 adds an additional layer of security to VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. tunnels by ensuring that devices periodically re-verify their identities, protecting networks from unauthorized accesses. Also, it enhances the IKE Internet Key Exchange. IKE is a key management protocol used with IPsec protocol to establish a secure communication channel. IKE provides additional feature, flexibility, and ease of configuration for IPsec standard. SA Security Association. SA is the establishment of shared security attributes between two network entities to support secure communication. structure and global statistics to support reauthentication. New counters are added to track reauthentication events, such as:

• Number of reauthentication triggers

• Number of reauthentication failures

• Number of reauthentication intervals expired

AOS-8.13.0.0 implements webserver access logging of events to help assist attack detection. These logs may be useful in detecting attacks such as, but is not limited to:

• XSS attacks (detect in server, mproxy, and WAF types logs)

• Cross site request forgery attacks

• Web cache poisoning

• Instances of session hijacking

• Instances of server side request forgery

AOS-8.13.0.0 now supports TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. 1.3 for webserver and API Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. interactions.

The provision-ap command introduces three new parameters: aruba-modem-user, aruba-modem-passwd, and aruba-modem-auth.

This enhancement extends 6 GHz Gigahertz. standard power radio support using FCO for indoor locations of standard power access points. While many of these platforms include a GPS Global Positioning System. A satellite-based global navigation system. chip and support GNSS, they may face challenges in receiving GNSS signals indoors with the necessary level of accuracy to use for standard power operations. To address this, a SP AP without a GPS Global Positioning System. A satellite-based global navigation system. location can now use a neighboring AP that does have a GPS Global Positioning System. A satellite-based global navigation system. location for FCO, or through multiple neighbors, using RSSI Received Signal Strength Indicator. RSSI is a mechanism by which RF energy is measured by the circuitry on a wireless NIC (0-255). The RSSI is not standard across vendors. Each vendor determines its own RSSI scale/values. or FTM measurements, so that the standard power AP can provide the necessary data to the FCO to enable its 6 GHz Gigahertz. radio.
The ap gps-profile command has been added to configure this feature. Use the indoor-sp-location or no indoor-sp-location parameter to enable or disable the feature. This configuration can also be accessed by selecting the Broadcast GPS Global Positioning System. A satellite-based global navigation system. of the AP checkbox on the GPS Global Positioning System. A satellite-based global navigation system. Service page, located under Configuration > System > Profiles > All Profiles > AP > AP group in the WebUI.

Starting with AOS-8.13.0.0, the drop-ipv4-options and no drop-ipv4-options parameters are added to the firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. command to enable or disable all IPv4 packet options. When enabled, IPv4 packets are dropped if the IPv4 header length is greater than 20 bytes. Additionally, a new counter for Drop IPv4 Options is included in the output of the show datapath command, which counts the number of IPv4 packets dropped when this feature is enabled. This functionality is also available by selecting the Deny IPv4 options checkbox under the Global Settings accordion on the Configuration > Services > Firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. page of the WebUI. This feature is available only on Controllers.

AOS-8.13.0.0 adds support for IPSec tunnels with SHA256 algorithm provided that both the tunnel endpoints support SHA256. The preferred integrity algorithm is SHA256 going forward. If the initiator starts communicating with HMAC-SHA256, then the responder will reply back with HMAC-SHA256. If either the initiator or responder does not support HMAC-SHA256, tunnels will be formed with HMAC-SHA1.

Starting with AOS-8.13.0.0, two Civic Address (CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.-types) elements which are part of the Location-Data attribute, are added. The new CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.-types are CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.-type 19 (House Number) and CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.-type 34 (Primary Road Name).

For more information, see Generic RADIUS Location Information Delivery Service.

Starting with AOS-8.13.0.0 Qosmos SDK is upgraded to SDK-5.10.0-35 PB1.740.0-20.

Starting with AOS-8.13.0.0 IPSec tunnels can be set to require PPK configuration on the initiator and responder. This feature can be enabled by running the crypto-local isakmp ppk-mandatory command on the responder. When ppk-mandatory is enabled, both the responder and initiator are expected to have the PPK configured. Otherwise, the tunnel will not come up. The ppk-mandatory parameter will not have any effect if it is enabled on the initiator, it is applicable only on the responder.

For more information, visit Configuring a VPN with Postquantum Preshared Keys in the User Guide.

This feature is a security improvement for Password-based Pre-Shared Key. The solution creates a profile to configure the composition of the PSK Pre-shared key. A unique shared secret that was previously shared between two parties by using a secure channel. This is used with WPA security, which requires the owner of a network to provide a passphrase to users for network access. based on the requirements.

For more information, visit Configuring Crypto Password Policy Profile in the User Guide.

From AOS-8.13.0.0, controllers use DTLS Datagram Transport Layer Security. DTLS communications protocol provides communications security for datagram protocols. v1.2 protocol when DTLS Datagram Transport Layer Security. DTLS communications protocol provides communications security for datagram protocols. security is turned on to secure the traffic between controllers and servers like AirWave (from version 8.3.0.3). DTLS Datagram Transport Layer Security. DTLS communications protocol provides communications security for datagram protocols. v1 is disabled by default in FIPS Federal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. AirWave server.

Added support for configuring SHA2 hash function in the following commands:

• mgmt-user
• show mgmt-user

Starting from AOS-8.13.0.0, IPM Intelligent Power Monitoring. IPM is a feature supported on certain APs that actively measures the power utilization of an AP and dynamically adapts to the power resources. and ITM are enabled by default. For more information, see Intelligent Power and Temperature Monitoring.

NOTE:

Standard Power operations for Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. 6E APs will be disabled until all FCC Federal Communications Commission. FCC is a regulatory body that defines standards for the interstate and international communications by radio, television, wire, satellite, and cable. certifications are accomplished. Once FCC Federal Communications Commission. FCC is a regulatory body that defines standards for the interstate and international communications by radio, television, wire, satellite, and cable. certifications are in place, Frequency Coordination Orchestrator (FCO) service will be available for implementation in 6 GHz Gigahertz. Standard Power GPS Global Positioning System. A satellite-based global navigation system. enabled APs running AOS-8.12.0.0.

This release includes significant enhancements in accessibility features:

• Luminosity Contrast Fixes: Improved contrast ratios throughout the user interface to ensure better visibility and readability for users with visual impairments.

• Redesigned Form Elements: Checkboxes, ratio buttons, and toggle buttons have been redesigned for higher visibility. These elements now stand out more clearly against various backgrounds, aiding users with visual challenges.

• Enhanced Support for Screen Readers: Significant improvements have been added in the software's compatibility with screen readers.

• Improved Keyboard Navigation: Enhanced keyboard navigation capabilities, ensuring a smoother and more intuitive experience for users who navigate without a mouse.

AOS-8.12.0.0 adds Aruba-IoT Internet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet.-Gen1, Aruba-IoT Internet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet.-Gen2, Inseego SC4 to the USB Universal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. ACL Access Control List. ACL is a common way of restricting certain types of traffic on a physical port. device list.

AOS-8.12.0.0 adds the symmetric cipher Advanced Encryption Standard 256 (AES Advanced Encryption Standard. AES is an encryption standard used for encrypting and protecting electronic data. The AES encrypts and decrypts data in blocks of 128 bits (16 bytes), and can use keys of 128 bits, 192 bits, and 256 bits.-256) as an SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. server functionality.

AOS-8.12.0.0 relaunches support for Server Based Policy in AirGroup v2 .

Starting with AOS-8.12.0.0, Mobility Conductor and Managed Devices will run AirGroup The application that allows the end users to register their personal mobile devices on a local network and define a group of friends or associates who are allowed to share them. AirGroup is primarily designed for colleges and other institutions. AirGroup uses zero configuration networking to allow Apple mobile devices, such as the AirPrint wireless printer service and the AirPlay mirroring service, to communicate over a complex access network topology. Version 2. This enhancement is true for both Standalone and Distributed modes of the managed devices

Authentication survivability has been enhanced to include MPSK authentication. This enables cached data from a prior MPSK authentication to be available for gateways Gateway is a network node that allows traffic to flow in and out of the network. to authenticate and authorize users in case of RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server inaccessibility.

In large deployments, it is now to possible capture traffic statistics with the addition of a 64-bit counter to the MIB Management Information Base. A hierarchical database used by SNMP to manage the devices being monitored.. This new counter is referred as wlanAPChTotBytes64, and will coexist with the 32-bit wlanAPChTotBytes integer. When traffic exceeds the limit number imposed by the 32-bit integer, it will reset to 0 and the new 64 bit integer will continue to increase.

Starting from AOS-8.12.0.0, the AP-654 and AP-634 platforms will support 6 GHz Gigahertz. band Band refers to a specified range of frequencies of electromagnetic radiation. operation, with support from Aruba’s Frequency Coordination Orchestrator (FCO) solution, which will enable the Automated Frequency Coordination (AFC) feature for standard power operation.

This release introduces significant enhancements in the management of BLE Bluetooth Low Energy. The BLE functionality is offered by Bluetooth® to enable devices to run for long durations with low power consumption. (Bluetooth Low Energy) beacons within Mobility Conductor- Managed Device topology. This update introduces changes in the WebUI and CSV Comma-Separated Values. A file format that stores tabular data in the plain text format separated by commas. export functionality for BLE Bluetooth Low Energy. The BLE functionality is offered by Bluetooth® to enable devices to run for long durations with low power consumption. beacon information, streamlining the management process for large-scale deployments.

AirGroup profiles now allow the explicit configuration of auto-association hops. The option permits both 0-hop and 1-hop configurations to accommodate different deployment necessities, as well as compatibility with ClearPass Policy Manager and CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. location policies. The new parameter can be set through both the WebUI and CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. and is set to 1 by default.

AOS-8.12.0.0 improves how the delete option displays in the Mobility Conductor’s panel tree.

In the updated IPv6 address generation process, users can now seamlessly switch between address generation methods. While the default method remains the AP MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address (EUI-64) format, an option to change to the Stable Privacy method is now available. This update introduces a new parameter, ip6-addr-gen-mode, within the provision-ap command for easy switching between these methods. The new parameter offers the following set of configuration options:

• ip6-addr-gen-mode eui64
• p6-addr-gen-mode stable-privacy
• no ip6-addr-gen-mode

The scheduler-mode parameter is being added to the radio profile to provide a better debugging experience. The parameter accepts two possible configurations, fairness and latency. The default parameter is set to fairness, which enables Traffic Allocation Framework (TAF) on the radio profile. The latency parameter disables TAF. It is recommended that Aruba support engineering is contacted to adjust the scheduler-mode configuration. Manipulating this configuration without guidance from Aruba support could cause fairness issues on the network.

This enhancement eliminates the need for Virtual AP reconfiguration. This is achieved by no longer updating cluster bucketmaps at the time of VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. configuration, whenever a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. is added or removed. Additionally, with this change, STA L2 vs. L3 connectedness in a cluster has been eliminated. In turn, all stations are now assumed to be L2 connected. This enhancement introduces three key changes:

• Hitless failover: Cluster APs switch station traffic over to their standby UAC, but leave their 802.1x authentication association intact, resulting in a no-deauthentication failover.

• VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. retention: No new VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. derivation occurs on standby UACs. Stations will keep the originally assigned VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.. It is important to note that this means that if the VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. association is not present on the standby UAC, the station’s traffic will be blackholed until the station reconnects.

• Cluster CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands: To check for VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. mismatches, the command show lc-cluster vlan-probe status is recommended. Per the change above, the show lc-cluster group-membership will always display devices as L2-connected.

Note: It is expected that all user VLANs Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. within a cluster are configured on all managed devices within the cluster to ensure seamless client failovers.

Starting with AOS-8.12.0.0, PIN Personal Identification Number. PIN is a numeric password used to authenticate a user to a system. configurations can be set on Remote APs Remote APs extend corporate network to the users working from home or at temporary work sites. Remote APs are deplyed at branch office sites and are connected to the central network on a WAN link. by using CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. commands instead of AT commands.

AOS-8.12.0.0 introduces the cm-deauth-steer-mode parameter in the arm profile, which enables or disables deauth-based steers for both 802.11v 802.11v is an IEEE standard that allows client devices to exchange information about the network topology and RF environment. This information is used for assigning best available radio resources for the client devices to provide seamless connectivity. and non 802.11v 802.11v is an IEEE standard that allows client devices to exchange information about the network topology and RF environment. This information is used for assigning best available radio resources for the client devices to provide seamless connectivity. clients.

AOS-8.12.0.0 implements an option to configure enforce DCHP for UBT clients in the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.. When using various roles or VLANs Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. with user-based tunneling, the enforce-dhcp functionality is available at the role level.

AOS-8 introduces the show ap debug wlan-firmware-alert-logs command to record TARGET ASSERT logs from 500 Series and 600 Series access points.

In this release, we introduce a significant enhancement to the SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention.  (Simple Network Management Protocol) server configuration.

The new vrrp-id parameter has been added to the snmp-server command, allowing users to assign a unique IP address as an identifier for each controller. This feature is designed to address the challenges faced in environments where multiple controllers are configured with the same IP address under the Virtual Router Redundancy Protocol (VRRP Virtual Router Redundancy Protocol. VRRP is an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN.). This enhancement ensures SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention.  traps and informs are correctly attributed to individual controllers, particularly after VRRP Virtual Router Redundancy Protocol. VRRP is an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN. state changes.

This release introduces generic location information support in RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. , which facilitate advanced location-aware network functionalities. These enhancements enable precise location-based policy enforcement and improve billing and accounting practices. For the purpose of this release, only civic location attributes are supported. This enhancement introduces the following changes: 

• The ap location-profile command is added to configure a profile that specifies the location information for access points.
• A new parameter ap location profile has been added to the ap-group command, and a new ap location profile parameter has been added to the ap-name command.
• Two new parameters, radius-loc-obj-in-access and radius-loc-obj-in-accting have been added to the aaa-profile command.
• The show ap debug ap-location command has been added to display effective AP location information as well as metadata for debugging purposes.
• The output of the existing show dot1x ap-hash-table command has been enhanced to display the effective AP location information.

As part of AFC implementation, it is possible to calculate the GPS Global Positioning System. A satellite-based global navigation system. ellipse, by means of a series of functions based on the GPS Global Positioning System. A satellite-based global navigation system. data. This feature is available on Mobility Conductors and It can only be configured in APs equipped with GPS Global Positioning System. A satellite-based global navigation system. chip.

This release introduces updates to the management of logical ports on the controller. The update includes hardening enhancements designed to optimize port usage by removing references to unused ports. Previously, certain legacy application integrations required specific ports for communication. Since these applications are no longer in use, the interfaces and ports dedicated to them have become unnecessary. Such ports and interfaces have been dereferenced. Default control plane firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. rules have been applied. This change is applicable across all controller platforms. These ports are deactivated by default and no additional configurations are required. If required, ports can be activated by configuring firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. rules under the firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. cp command.

This release provides additional radio, client, and virtual access points statistical data leveraging the latest Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. 6 capabilities for improved network management and optimization. This data is key for enhanced troubleshooting, allowing for quick identification and resolution of network issues and more precise network tuning.

AOS-8.12.0.0 implements the utilization of HMAC based SHA Secure Hash Algorithm. SHA is a family of cryptographic hash functions. The SHA algorithm includes the SHA, SHA-1, SHA-2 and SHA-3 variants. -224, SHA Secure Hash Algorithm. SHA is a family of cryptographic hash functions. The SHA algorithm includes the SHA, SHA-1, SHA-2 and SHA-3 variants. -256, SHA Secure Hash Algorithm. SHA is a family of cryptographic hash functions. The SHA algorithm includes the SHA, SHA-1, SHA-2 and SHA-3 variants. -384 and SHA Secure Hash Algorithm. SHA is a family of cryptographic hash functions. The SHA algorithm includes the SHA, SHA-1, SHA-2 and SHA-3 variants. -512 cryptographic hashing within SNMPv3 Simple Network Management Protocol version 3. SNMPv3 is an enhanced version of SNMP that includes security and remote configuration features.. The show snmp user-table command was updated for AOS-8.12.0.0.

In AOS-8.12.0.0, the speed and quality of random channel selection has been improved in Mobility Conductors when the configuration is changed for the APs.

Several statistics have been improved for APs running AOS-8.12.0.0.

In AOS-8.12.0.0, a new parameter called coverage-level-2-4GHz under the airmatch profile command is introduced to configure the aggressiveness threshold. It is required to enable the airmatch-mode-aware parameter under the rf profile command.

AOS-8.12.0.0 implements the SCP Secure Copy Protocol. SCP is a network protocol that supports file transfers between hosts on a network. protocol for secure image download. The scp-img-upgrade-preference command is available to enable SCP Secure Copy Protocol. SCP is a network protocol that supports file transfers between hosts on a network. for secure image download and it uses port 22 as default.

For more details on how to handle AP image download, see Possible Scenarios during AP Image Download.

This release includes a significant update to our 6 GHz Gigahertz. radio telemetry capabilities. This feature enhances the statistical data available for 6 GHz Gigahertz. radios providing deeper insights and analytics. These new statistics are incorporated into the existing telemetry flow, from Air Monitors (AM Air Monitor. AM is a mode of operation supported on wireless APs. When an AP operates in the Air Monitor mode, it enhances the wireless networks by collecting statistics, monitoring traffic, detecting intrusions, enforcing security policies, balancing wireless traffic load, self-healing coverage gaps, and more. However, clients cannot connect to APs operating in the AM mode.) to the Spectrum Telemetry Module (STM Station Management. STM is a process that handles AP management and user association.), and from STM Station Management. STM is a process that handles AP management and user association. to Aruba Monitoring and Network Operations (AMON Advanced Monitoring. AMON is used in Aruba WLAN deployments for improved network management, monitoring and diagnostic capabilities./MON).

In AOS-8.12.0.0, a syslog error alert appears in Mobility Controllers for misconfigured or failed AirMatch States which can be checked with the show log errorlog all | include AirMatch and show log errorlog all | include mcell_recv commands.

Starting with AOS-8.12.0.0, Air Slice support will not be available. If Air Slice is enabled prior to the upgrade, it will be displayed as enabled in the configuration, but it will not take effect internally. The following commands have been impacted:

• show profile-list airslice-profile
• show ap bss-table
• show airslice
• ap-group
• ap-name
• airslice

MongoDB is used by several services, and any issue on the database impacts all of its users. If the process dbstart_mongo is found to be in INIT state, customers can run the process cleanup name dbstart_mongo command and trigger the database cleanup when needed. This feature is particularly effective in scale deployments with large databases.

AOS-8.12.0.0 optimizes Tx rate adaptation to reduce retransmissions during idle background traffic when using 5 GHz Gigahertz. and 6 GHz Gigahertz. connections.

The AirGroup version 2 module now accepts RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  authentication profile changes such as nas-IP and source-interface through the aaa authentication-server radius command. Rather than depending on the Mobility Conductor's settings, this feature allows for specific authentication-related configurations to be applied to managed devices.

The configuration varies depending on the AirGroup mode used:

• Centralized mode requires configurations to be applied on both the Mobility Conductor and managed device. In the case of having different profiles configured, the managed device's profile will take priority
• Distributed mode requires node-specific configuration. In the case of having governing managed devices, the configuration will apply to all member nodes. However, node-specific configuration can still be applied to member nodes if needed.

The DRT Downloadable Regulatory Table. The DRT feature allows new regulatory approvals to be distributed for APs without a software upgrade or patch. information for AP-584 access points now complies with the regulatory guidelines that allow for outdoor operation in France and Israel.

This release broadens the capabilities of APs with enhanced support for Multiple BSSID Basic Service Set Identifier. The BSSID identifies a particular BSS within an area. In infrastructure BSS networks, the BSSID is the MAC address of the AP. In independent BSS or ad hoc networks, the BSSID is generated randomly. (MBSSID) groups, particularly targeting the 6 GHz Gigahertz. band Band refers to a specified range of frequencies of electromagnetic radiation. for Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. 6E compliance.

• APs are equipped to manage up to 2 MBSSID groups.
• Each group can accommodate up to four 6 GHz Gigahertz. VAPs (Virtual Access Points) to broadcast 8 unique SSIDs Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. across the 6 GHz Gigahertz. spectrum.
• Addition of new CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. options and MultiZone configurations, providing granular control and customization for network users.

AOS-8.12.0.0 introduces support for higher key sizes in certificate signature generation to comply with United States Government security guidelines. Specifically, RSA Rivest, Shamir, Adleman. RSA is a cryptosystem for public-key encryption, and is widely used for securing sensitive data, particularly when being sent over an insecure network such as the Internet. keys will be 3072 bits or greater, while ECDSA Elliptic Curve Digital Signature Algorithm. ECDSA is a cryptographic algorithm that supports the use of public or private key pairs for encrypting and decrypting information. keys will be 384 bits or higher.

Starting with AOS-8.12.0.0, all Virtual Mobility Controllers and Virtual Mobility Conductors, support VMware ESXi version 8.0 and Microsoft Hyper-V 2022 version. For complete technical details and installation instructions, see the Aruba Virtual Appliance Installation Guide.

AOS-8.12.0.0 supports RSA Rivest, Shamir, Adleman. RSA is a cryptosystem for public-key encryption, and is widely used for securing sensitive data, particularly when being sent over an insecure network such as the Internet. and ECDSA Elliptic Curve Digital Signature Algorithm. ECDSA is a cryptographic algorithm that supports the use of public or private key pairs for encrypting and decrypting information. public key The part of a public-private key pair that is made public. The public key encrypts a message and the message is decrypted with the private key of the recipient. authentication, which allow users to securely access remote servers or computers.

Starting with AOS-8.12.0.0, AP-605H access points support tactile control to toggle the operating LED Light Emitting Diode. LED is a semiconductor light source that emits light when an electric current passes through it. mode between normal and off. This flip occurs only when the AP is active and configured in normal mode just by tapping the front of the AP.

This feature enables the tracking of probe requests from clients using randomized MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. addresses, offering deeper insights into client presence within the network infrastructure. This update is pivotal for businesses seeking advanced analytics in environments where understanding visitor behavior and network usage patterns is essential. With this enhancement, the new parameters laa-counter-msg and laa-counter-msg-interval are introduced on existing ids general-profile default. Counter information is sent to ALE Analytics and Location Engine. ALE gives visibility into everything the wireless network knows. This enables customers and partners to gain a wealth of information about the people on their premises. This can be very important for many different verticals and use cases. ALE includes a location engine that calculates associated and unassociated device location periodically using context streams, including RSSI readings, from WLAN controllers or Instant clusters. using profile default-ale command.

This release introduces updates for the SES-Imagotag SCD firmware. This enhancement enables the capability for USB Universal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices.  dongles to generate a Claim-ID, a critical component for establishing a secure connection to V:Cloud. This feature addresses the need for enhanced security in data communication between retail management systems and V:Cloud.

In AOS-8.12.0.0, the maximum AP count for 9012 controllers is upgraded from 32 to 64.

AOS-8.12.0.0 incorporates an option to add multiple channels in the Zigbee's radio profile. This new feature is available in the Managed Network > Configuration > IoT Internet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet. > IoT Internet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet. Radios page of the WebUI.

Frequency Coordination Orchestrator (FCO) is a cloud service that is offered to GPS Global Positioning System. A satellite-based global navigation system. supported, standard power APs operating in the 6 GHz Gigahertz. band Band refers to a specified range of frequencies of electromagnetic radiation.. HPE Aruba Networking’s Frequency Coordination Orchestrator (FCO) solution, also known as Automatic Frequency Coordination (AFC), will enable the Automated Frequency Coordination (AFC) for 6 GHz Gigahertz. standard power APs in campus deployments.

Note: This feature is not intended to work with standalone deployments or any other deployment in campus mode that does not involve Mobility Conductors.

This feature addresses connection issues between OFC and AirGroup The application that allows the end users to register their personal mobile devices on a local network and define a group of friends or associates who are allowed to share them. AirGroup is primarily designed for colleges and other institutions. AirGroup uses zero configuration networking to allow Apple mobile devices, such as the AirPrint wireless printer service and the AirPlay mirroring service, to communicate over a complex access network topology. in Centralized mode through ZMQ, particularly when the outgoing packet rate exceeds a certain threshold (15,000 packets per second (pps) or 900,000 packets per minute (ppm), resulting in scaling challenges with the ZMQ send operation to OFC. To mitigate this, the feature introduces packet transmission throttling as the packet count approaches this limit. Throttling is implemented by monitoring the number of AirGroup The application that allows the end users to register their personal mobile devices on a local network and define a group of friends or associates who are allowed to share them. AirGroup is primarily designed for colleges and other institutions. AirGroup uses zero configuration networking to allow Apple mobile devices, such as the AirPrint wireless printer service and the AirPlay mirroring service, to communicate over a complex access network topology. packets transmitted each minute and then determining whether to allow or drop a packet based on the configurable throttling threshold (Default: 900000 ppm). The max-servers-per-query parameter is ignored till 75% of this throttling limit and will be honored between 75% to 90% mark. Post 90% throttling limit, the packets will be dropped.

Along with this change, some updates have been made to the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. to manage this feature. The new configuration parameter pkt-throttle-limit has been added to the airgroup profile network command to set the throttling limit in packets per minute. Additionally, the outputs of the commands, show airgroup status, show airgroup internal-state statistics ppm, and show airgroup tracebuf have been enhanced to include related information.

The 670 Series access points (AP-675, AP-675EX, AP-677, AP-677EX, AP-679, AP-679EX) are Aruba’s first outdoor APs that support 6 GHz Gigahertz. operation. These 802.11ax Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. 6E Outdoor Access Points offer 2x2 MIMO Multiple Input Multiple Output. An antenna technology for wireless communications in which multiple antennas are used at both source (transmitter) and destination (receiver). The antennas at each end of the communications circuit are combined to minimize errors and optimize data speed. radios that allow for simultaneous tri-band operation. These APs also feature a wired 2.5 Gbps Gigabits per second. Smart Rate network interface and one SFP The Small Form-factor Pluggable. SFP is a compact, hot-pluggable transceiver that is used for both telecommunication and data communications applications. port for fiber support. The 670 Series access points require deployments managed by a Mobility Conductor for 6 GHz Gigahertz. operation when running AOS-8.12.0.0. The APs also support 802.11a 802.11a provides specifications for wireless systems. Networks using 802.11a operate at radio frequencies in the 5 GHz band. The specification uses a modulation scheme known as orthogonal frequency-division multiplexing (OFDM) that is especially well suited to use in office settings. The maximum data transfer rate is 54 Mbps., 802.11b 802.11b is a WLAN standard often called Wi-Fi and is backward compatible with 802.11. Instead of the Phase-Shift Keying (PSK) modulation method used in 802.11 standards, 802.11b uses Complementary Code Keying (CCK) that allows higher data speeds and makes it less susceptible to multipath-propagation interference. 802.11b operates in the 2.4 GHz band and the maximum data transfer rate is 11 Mbps., 802.11g 802.11g offers transmission over relatively short distances at up to 54 Mbps, compared with the 11 Mbps theoretical maximum of 802.11b standard. 802.11g employs Orthogonal Frequency Division Multiplexing (OFDM), the modulation scheme used in 802.11a, to obtain higher data speed. Computers or terminals set up for 802.11g can fall back to speed of 11 Mbps, so that 802.11b and 802.11g devices can be compatible within a single network., 802.11n 802.11n is a wireless networking standard to improve network throughput over the two previous standards, 802.11a and 802.11g. With 802.11n, there will be a significant increase in the maximum raw data rate from 54 Mbps to 600 Mbps with the use of four spatial streams at a channel width of 40 MHz., 802.11ac 802.11ac is a wireless networking standard in the 802.11 family that provides high-throughput WLANs on the 5 GHz band., and 802.11ax wireless services.

Additional features include:

• Data rates up to 2.4 Gbps Gigabits per second.
• Support for Automatic Frequency Coordination (AFC)
• Maximum Ratio Combining (MRC)
• Orthogonal Frequency Division Multiple Access (OFDMA)
• IoT Internet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet.-ready (integrated Bluetooth 5 and 802.15.4 radio for Zigbee support)
• Target Wake Time (TWT) for improved client power savings
• Advanced Cellular Coexistence (ACC Advanced Cellular Coexistence. The ACC feature in APs enable WLANs to perform at peak efficiency by minimizing interference from 3G/4G/LTE networks, distributed antenna systems, and commercial small cell/femtocell equipment.)
• WiFi uplink support

For complete technical details and installation instructions, see the Aruba 670 Series Access Points Installation Guide.

Improved AP-505H PSE port compatibility with early generation Telematrix IP phones.

The aaa-profile command now accepts the denylist-sco-attack parameter, which enables denylisting for clients that attempt to perform a security context override, improving security against malicious authenticated clients. The default value of this parameter is set to disabled.

The AirGroup version 2 module now accepts RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  authentication profile changes such as nas-IP and source-interface through the aaa authentication-server radius command. Rather than depending on the Mobility Conductor's settings, this feature allows for specific authentication-related configurations to be applied to managed devices.

The configuration varies depending on the AirGroup mode used:

• Centralized mode requires configurations to be applied on both the Mobility Conductor and managed device. In the case of having different profiles configured, the managed device's profile will take priority.
• Distributed mode requires node-specific configuration. In the case of having governing managed devices, the configuration will apply to all member nodes. However, node-specific configuration can still be applied to member nodes if needed.

The AP-654 access point is the external antenna platform variant of the 650 Series, supporting two sets of antenna interfaces for 2.4 GHz Gigahertz. and 5 GHz Gigahertz. (A, left side) as well as 6 GHz Gigahertz. (B, right side). The Aruba650 Series access points are high performance, multi-radio access points that can be deployed in either controller-based ((Undefined variable: Variables.ArubaOS)) or controller-less (Instant AOS-8) network environments. These APs deliver comprehensive tri-band coverage across 2.4 GHz Gigahertz., 5 GHz Gigahertz., and 6 GHz Gigahertz. 802.11ax Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. (Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. 6E) functionality with concurrent 4x4 MU-MIMO Multi-User Multiple-Input Multiple-Output. MU-MIMO is a set of multiple-input and multiple-output technologies for wireless communication, in which users or wireless terminals with one or more antennas communicate with each other. radios for both uplink and downlink in the 5 GHz Gigahertz. and 6 GHz Gigahertz. bands Band refers to a specified range of frequencies of electromagnetic radiation., while also supporting 802.11a 802.11a provides specifications for wireless systems. Networks using 802.11a operate at radio frequencies in the 5 GHz band. The specification uses a modulation scheme known as orthogonal frequency-division multiplexing (OFDM) that is especially well suited to use in office settings. The maximum data transfer rate is 54 Mbps., 802.11b 802.11b is a WLAN standard often called Wi-Fi and is backward compatible with 802.11. Instead of the Phase-Shift Keying (PSK) modulation method used in 802.11 standards, 802.11b uses Complementary Code Keying (CCK) that allows higher data speeds and makes it less susceptible to multipath-propagation interference. 802.11b operates in the 2.4 GHz band and the maximum data transfer rate is 11 Mbps., 802.11g 802.11g offers transmission over relatively short distances at up to 54 Mbps, compared with the 11 Mbps theoretical maximum of 802.11b standard. 802.11g employs Orthogonal Frequency Division Multiplexing (OFDM), the modulation scheme used in 802.11a, to obtain higher data speed. Computers or terminals set up for 802.11g can fall back to speed of 11 Mbps, so that 802.11b and 802.11g devices can be compatible within a single network., 802.11n 802.11n is a wireless networking standard to improve network throughput over the two previous standards, 802.11a and 802.11g. With 802.11n, there will be a significant increase in the maximum raw data rate from 54 Mbps to 600 Mbps with the use of four spatial streams at a channel width of 40 MHz., 802.11ac 802.11ac is a wireless networking standard in the 802.11 family that provides high-throughput WLANs on the 5 GHz band., and 802.11ax wireless services.

Additional features include:

• Up to 7.8 Gbps Gigabits per second. combined peak datarate
• Dual wired 5 Gbps Gigabits per second. Smart Rate ethernet ports for hitless failover
• Orthogonal Frequency Division Multiple Access (OFDMA)
• Aruba Advanced Cellular Coexistence (ACC Advanced Cellular Coexistence. The ACC feature in APs enable WLANs to perform at peak efficiency by minimizing interference from 3G/4G/LTE networks, distributed antenna systems, and commercial small cell/femtocell equipment.)
• IoT Internet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet.-ready (integrated Bluetooth 5 and 802.15.4 radio for Zigbee support)
• Ultra Tri-Band (UTB) filtering
• Maximum ratio combining (MRC)
• Intelligent Power Monitoring (IPM Intelligent Power Monitoring. IPM is a feature supported on certain APs that actively measures the power utilization of an AP and dynamically adapts to the power resources.)
• Dynamic frequency selection (DFS Dynamic Frequency Selection. DFS is a mandate for radio systems operating in the 5 GHz band to be equipped with means to identify and avoid interference with Radar systems.)

For complete technical details and installation instructions, see the Aruba650 Series Access Points Installation Guide.

A new sub-parameter, verbose is added to the show ap monitor ap-list ap-name <ap-name> command. The output of the show ap monitor ap-list ap-name <ap-name> verbose command displays additional information about flags and the flag, W is introduced to identify the Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. direct devices. This flag will be displayed only if the detection of WIFI-Direct P2P groups is enabled in the IDS Intrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. unauthorized device profile.

The dump-auto-uploading-profile parameter is introduced to configure settings for automatically uploading dump files to the controller when Transfer Enable is open and when the Server IP is not configured in the dump collection profile.

The ISO mounting procedure can now be used to install AOS-8.

AOS-8 now provides support for configuring OVS-DPDK on Oracle Linux 7.9 using KVM Hypervisor.

AirMatch provides support for dynamic selection of the opmode, in addition to assigning channel and EIRP Effective Isotropic Radiated Power or Equivalent Isotropic Radiated Power. EIRP refers to the output power generated when a signal is concentrated into a smaller area by the Antenna. to the current opmode in 610 Series access points (AP-615). AirMatch selects the opmode dynamically depending on the RF Radio Frequency. RF refers to the electromagnetic wave frequencies within a range of 3 kHz to 300 GHz, including the frequencies used for communications or Radar signals. coverage for each radio band—2.4 GHz Gigahertz., 5 GHz Gigahertz. and 6 GHz Gigahertz..

AOS-8 can now bypass Apple Wireless Direct Link protocol frames. The user can also select whether to discard and stop IDS Intrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. from processing captured frames.

Starting from this release, APs with Gen-2 BLE Bluetooth Low Energy. The BLE functionality is offered by Bluetooth® to enable devices to run for long durations with low power consumption./IoT Internet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet. radios will adjust the calibrated RSSI Received Signal Strength Indicator. RSSI is a mechanism by which RF energy is measured by the circuitry on a wireless NIC (0-255). The RSSI is not standard across vendors. Each vendor determines its own RSSI scale/values. values for iBeacon advertisements when BLE Bluetooth Low Energy. The BLE functionality is offered by Bluetooth® to enable devices to run for long durations with low power consumption. transmit power levels are modified using the ble-txpower setting in the IoT Internet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet. Radio Profile configuration. The calibrated values can then be verified using the show ap debug ble-advertisement-info command.

The cipher-suite parameter is introduced to replace ciphers parameter. This feature allows users to select specific ciphers from the supported list of ciphers. Cipher suites are streamlined in such a way that only strong cipher suites are enabled by default. This is compatible with the FIPS Federal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. mode as well. As a part of this enhancement, users are given the option to selectively enable and disable the remaining cipher suits while configuring the web server profile.

The maximum number of concurrent VIA Virtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. session per user is restricted. The admin is enabled to configure a value between 1-32 to restrict the concurrent VIA Virtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. sessions per user.

A new SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention.  trap, wlsxLicenseThresholdLimitHit, is introduced that sends an alert when the license usage is more than 75% of the allocated licenses and before all licenses are used.

Starting from AOS-8.11.0.0, you can use the ip default-gateway mgmt <nexthop> CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command to configure the default gateway Gateway is a network node that allows traffic to flow in and out of the network. on the OOB management port for 7000 Series controllers.

Starting from AOS-8.11.0.0, the default value for global firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. parameter Monitor/Police ARP Attack (non Gratuitous ARP) rate (per 30 seconds) is set to 100.

AOS-8 now supports the detection and containment of devices associated to WIFI-Direct groups.

The Aruba USB Universal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. LTE Long Term Evolution. LTE is a 4G wireless communication standard that provides high-speed wireless communication for mobile phones and data terminals. See 4G. Modem now supports dual access point names (APN)s for the Remote APs automatically.

The BLE Bluetooth Low Energy. The BLE functionality is offered by Bluetooth® to enable devices to run for long durations with low power consumption. Telemetry setting can now be enabled or disabled in the webUI. A new CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. parameter blePeriodicTelemetryReporting is introduced in the iot transportProfile command to disable periodic telemetry reporting.

AOS-8.11.0.0 enables FILS for the 6 GHz Gigahertz. VAPs configured on the AP that allows the 6 GHz Gigahertz. clients to obtain the SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. when the 2.4 GHz Gigahertz. and 5 GHz Gigahertz. VAPs are unavailable.

As an enhancement, a new wlanStaApName MIB Management Information Base. A hierarchical database used by SNMP to manage the devices being monitored. object is added to the wlsxWlanStationTable MIB Management Information Base. A hierarchical database used by SNMP to manage the devices being monitored. to simplify the correlation of APs and Stations.

AOS-8.11.0.0 now supports flex dual band Band refers to a specified range of frequencies of electromagnetic radiation. support on Aruba AP-615 that provides flexibility for the radios to operate on different radio bands Band refers to a specified range of frequencies of electromagnetic radiation..AP-615 access points operate in 2.4 GHz Gigahertz. and 5 GHz Gigahertz. radio bands Band refers to a specified range of frequencies of electromagnetic radiation. by default. To enable the AP to broadcast on 6 GHz Gigahertz. radio band Band refers to a specified range of frequencies of electromagnetic radiation., set the flexible dual band Band refers to a specified range of frequencies of electromagnetic radiation. radio mode to either 5 GHz Gigahertz. and 6 GHz Gigahertz. or 2.4 GHz Gigahertz. and 6 GHz Gigahertz. mode.

AirGroup The application that allows the end users to register their personal mobile devices on a local network and define a group of friends or associates who are allowed to share them. AirGroup is primarily designed for colleges and other institutions. AirGroup uses zero configuration networking to allow Apple mobile devices, such as the AirPrint wireless printer service and the AirPlay mirroring service, to communicate over a complex access network topology. now allows the 802.1x authenticated users to view the list of all servers that share the same username.

The show ap debug iot-audit-trail command is introduced to display all the action commands executed in the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. and report the Southbound API Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. messages received from the server.

The IPM Intelligent Power Monitoring. IPM is a feature supported on certain APs that actively measures the power utilization of an AP and dynamically adapts to the power resources. power reduction steps use radio indices (0,1, and 2) that replace all references to the radio bands Band refers to a specified range of frequencies of electromagnetic radiation. (2.4 GHz Gigahertz., 5 GHz Gigahertz., secondary 5 GHz Gigahertz., and 6 GHz Gigahertz. bands Band refers to a specified range of frequencies of electromagnetic radiation.) associated with radio power restrictions.

AOS-8.11.0.0 now supports the Jumbo frames in both IPv4 and IPv6 networks over an IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. site-to-site tunnel between two managed devices.

The write erase all, halt, and reload commands can be issued only from the /mm and /mm/mynode nodes of the Mobility Conductor.

AOS-8 no longer supports WEP Wired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. parameters for configuring Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. uplink profile. The following parameters have been removed from Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. uplink profile:

• Static WEP Wired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN.

• WEP Wired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. Key 1

• WEP Wired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. Key 2

• WEP Wired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. Key 3

• WEP Wired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. Key 4

• WEP Wired Equivalent Privacy. WEP is a security protocol that is specified in 802.11b and is designed to provide a WLAN with a level of security and privacy comparable to what is usually expected of a wired LAN. Transmit Key Index

AOS-8 allows users to configure OOB 6 GHz Gigahertz. scanning settings for AP-615 access points. The oob-switch parameter is introduced in the regulatory domain profile to enable and disable OOB 6 GHz Gigahertz. scanning for AP-615 access points. Disabling oob-switch, disables 6 GHz Gigahertz. scanning and it is applicable only when AP-615 access points are in the 5GHz-and-2.4GHz operation mode.

AOS-8 allows users to disable the opmode-transition parameter for virtual APs to be deployed on 6 GHz Gigahertz. bands Band refers to a specified range of frequencies of electromagnetic radiation. using MFP.

Organizational Unit (OU) is no longer a mandatory parameter for VIA Virtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. Domain Name profiles. This is because the OU parameter is now deprecated by various certificate authorities. Hence, OU is an optional parameter under Add New window of Configuration > Authentication > L3 Authentication > VIA Virtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. Connection > default > VIA Virtual Intranet Access. VIA provides secure remote network connectivity for Android, Apple iOS, Mac OS X, and Windows mobile devices and laptops. It automatically scans and selects the best secure connection to the corporate network. Domain Name Profiles in the WebUI. In the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions., the OU sub-parameter is optional under the dn-profile parameter of aaa authentication via connection-profile command.

AOS-8 allows users to control RTS Request to Send. RTS refers to the data transmission and protection mechanism used by the 802.11 wireless networking protocol to prevent frame collision occurrences. See CTS. frame transmission to the clients.

AOS-8 now includes all available flags associated with an AP in the show ap database flags <flags> command.

AOS-8.11.0.0 now supports the bucket based client load balancing feature that distributes the buckets based on the platform capacity in a cluster.

AOS-8.11.0.0 now supports deploying a Mobility Controller Virtual Appliance or a Mobility Conductor Virtual Appliance using CentOS 7.9 or Ubuntu 20.04 KVM Hypervisor.

Starting from AOS-8.11.0.0, Ethernet Ethernet is a network protocol for data transmission over LAN. Port 0 can be assigned as the downlink port if Ethernet Ethernet is a network protocol for data transmission over LAN. Port 1 is configured or running as the primary uplink. This enhancement is supported in AP-318, AP-374, AP-375, AP-375ATEX, AP-377, AP-584, AP-585, AP-585EX, AP-587, and AP-587EX.

The following two new ABB sensors are supported by Instant APs:

• DFU Target Device—The DFU target device sensor is recognized by service class UUID : 0xFE59.

• SALT Star Vario—The SALT Star Vario sensor is recognized by local name : perma. When the local name is parsed to the Instant AP, the identity of the sensor is assigned as SALT + MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network.  Address. For example, if device's MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address is 00:80:25:FB:1A:73, then its identity is SALT008036FB1A73.

AOS-8.11.0.0 now supports deploying a Mobility Controller Virtual Appliance or a Mobility Conductor Virtual Appliance using Hyper-V Version Windows Server 2019.

The following two commands are introduced to support packet debugging functionality to troubleshoot the data packets through the AP datapath:

• ap remote-debug-pkt

• show ap remote-debug-pkt

AOS-8 supports UNII-4 (channels 169-177) on 530 Series, 550 Series, 630 Series, and 650 Series access points.

AOS-8.11.0.0 now supports 1024 clients on the 2G and 5G bands Band refers to a specified range of frequencies of electromagnetic radiation. of an AP-655.

AOS-8 allows users to control frame bursting if one or more active clients are associated to the AP.

AOS-8 allows to configure exclusions for IDS Intrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. containment based on vendor specific IE information. This feature allows APs to be exempted from containment even when the devices use randomized MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. addresses.

VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. derivation support is extended to wired and wireless clients using split-tunnel forwarding mode along with tunnel, bridge and decrypt-tunnel modes.

AOS-8 supports Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. uplink feature on 610 Series access points for 2.4 GHz Gigahertz., 5 GHz Gigahertz., and 6 GHz Gigahertz. radio bands Band refers to a specified range of frequencies of electromagnetic radiation..

AOS-8 supports zero-wait DFS Dynamic Frequency Selection. DFS is a mandate for radio systems operating in the 5 GHz band to be equipped with means to identify and avoid interference with Radar systems. feature on 650 Series access points for 5 GHz Gigahertz. radio band Band refers to a specified range of frequencies of electromagnetic radiation. only.

AOS-8 now supports a maximum of 1024 wireless clients per radio. This value is controlled by using the max-client parameter in the wlan Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. ssid-profile command.

AOS-8.11.0.0 now extends mesh support for AP-615. The mesh link and Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. uplink features continue to operate on the band Band refers to a specified range of frequencies of electromagnetic radiation. configured in the AP system profile. When the radio modes are changed, the mesh and wifi uplink modules will restart and resume on the radio defined in the existing configuration.

AOS-8 supports Capacity Licenses option in the WebUI.

Starting with AOS-8.10.0.0 rsa-sha2-256 and higher ciphers are supported for SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. protocol.

Improved AP-505H PSE port compatibility with early generation Telematrix IP phones.

A new setting called Advertise Wide Bandwidth IE in Neighbor Report Responses is added to the 802.11k 802.11k is an IEEE standard that enables APs and client devices to discover the best available radio resources for seamless BSS transition in a WLAN. profile configuration to include wide channel bandwidth information element in the neighbor report responses. This setting is enabled by default.

AOS-8 allows to dynamically optimize the use of 2.4 GHz Gigahertz. radios in dense RF Radio Frequency. RF refers to the electromagnetic wave frequencies within a range of 3 kHz to 300 GHz, including the frequencies used for communications or Radar signals. environment. With AirMatch mode aware, AirMatch converts some of the 2.4 GHz Gigahertz. radios to monitoring mode keeping coverage for all the bands Band refers to a specified range of frequencies of electromagnetic radiation. at priority.

From AOS-8.10.0.0 onwards, user can search, sort, or filter APs, Controllers, Client devices even when they have special characters such as +, *, &, %, $, #, etc.

AOS-8 supports Mesh APs and Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. uplink on 580 Series APs.

With the introduction of the Long Supported Release (LSR) and Short Supported Release (SSR) terminology in AOS-8.10.0.0, a Mobility Conductor running an LSR release supports managed devices running the same release and the three preceding releases. This is considered as N-3 support. This allows a customer to run the latest LSR, the previous SSRs and the previous LSR simultaneously. A Mobility Conductor running an SSR release supports managed devices running the same release and the two preceding releases. This would be considered N-2 support and is the same behavior as the pre-AOS-8.10.0.0 multiversion support.

AOS-8 supports a new Aruba USB Universal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. LTE Long Term Evolution. LTE is a 4G wireless communication standard that provides high-speed wireless communication for mobile phones and data terminals. See 4G. modem that allows plug-and-play to provision the modem for both 3G Third Generation of Wireless Mobile Telecommunications Technology. See W-CDMA. and 4G Fourth Generation of Wireless Mobile Telecommunications Technology. See LTE. networks on Remote APs.

AOS-8 supports the show ap antenna status command for Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. 6E APs (630 Series and 650 Series access points).

AOS-8 supports sorting and filtering capabilities on the following columns in the Dashboard > Security > Detected Radios page:

• Bandwidth
• Secondary Channel
• Confidence Level
• Encryption
• Discovered Time
• Match Time
• Match AP/Rule

The aaa-profile command now accepts the denylist-sco-attack parameter, which enables denylisting for clients that attempt to perform a security context override, improving security against malicious authenticated clients. The default value of this parameter is set to disabled.

The show ap debug client-kickout-logs command is introduced to display detailed information on the last 12 occurrences of the client deauthentication logs in 530 Series, 550 Series, 630 Series, and 650 Series access points.

The WebUI now displays LLDP Link Layer Discovery Protocol. LLDP is a vendor-neutral link layer protocol in the Internet Protocol suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, which is principally a wired Ethernet. Neighbor Chassis ID / Port ID while provisioning an AP.

A new icon VIA is introduced to display the remote VIA clients in the Dashboard > Overview page of the WebUI. This icon displays the number of remote VIA clients that are connected to the Managed Device.

Enhancements in the 802.11r 802.11r is an IEEE standard for enabling seamless BSS transitions in a WLAN. 802.11r standard is also referred to as Fast BSS transition. tunnel mode to ensure that AOS-8 responds within 100 milliseconds (ms) to roaming client requests so that the clients can roam successfully even when AOS-8 is under heavy load.

The ip default-gateway command is modified to configure the default gateway Gateway is a network node that allows traffic to flow in and out of the network. for dedicated OOB management Ethernet Ethernet is a network protocol for data transmission over LAN. port on 7000 Seriescontrollers.

The WebUI is modified to allow users to regulate the core dump files sent to the managed device. The transfer-enable sub-parameter was added to the dump-collection-profile parameter to enable APs to transfer the core dump.

Additional reduction steps are introduced in the ap-system profile <name>ipm-power-reduction-step-prio ipm-step command to reduce the power consumption and the operating temperature of the AP when IPM Intelligent Power Monitoring. IPM is a feature supported on certain APs that actively measures the power utilization of an AP and dynamically adapts to the power resources. is enabled.

The Import option in the Configuration > System > Profiles > All Profiles > RF Radio Frequency. RF refers to the electromagnetic wave frequencies within a range of 3 kHz to 300 GHz, including the frequencies used for communications or Radar signals. Management > 6 GHz Gigahertz. radio > RRM IE Settings for 6GHz page of the WebUI allows to copy the configuration parameters of an existing WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. RRM IE profile .

The 6G parameter has been added to the show mon-serv-mesh-tbl-entry command to display the entries of 6 GHz Gigahertz. radio band Band refers to a specified range of frequencies of electromagnetic radiation..

AOS-8 allows to export the list of denied clients to a CSV Comma-Separated Values. A file format that stores tabular data in the plain text format separated by commas. file with a progress indicator.

AOS-8 allows to export the list of detected clients to a CSV Comma-Separated Values. A file format that stores tabular data in the plain text format separated by commas. file with a progress indicator.

AOS-8 allows to export the list of detected radios to a CSV Comma-Separated Values. A file format that stores tabular data in the plain text format separated by commas. file with a progress indicator.

AOS-8 allows to export the list of events radios to a CSV Comma-Separated Values. A file format that stores tabular data in the plain text format separated by commas. file with a progress indicator.

AOS-8 allows detection of ghost tunnels on both the server side and client side.

AOS-8 supports configuring the GPS Global Positioning System. A satellite-based global navigation system.  profile. The GPS Global Positioning System. A satellite-based global navigation system. profile enables or disablesof the U-Blox GPS Global Positioning System. A satellite-based global navigation system. receiver in APs.

AOS-8 allows grouping of policy enforcement firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. visibility sessions for managed devices based on the same BSSID Basic Service Set Identifier. The BSSID identifies a particular BSS within an area. In infrastructure BSS networks, the BSSID is the MAC address of the AP. In independent BSS or ad hoc networks, the BSSID is generated randomly..

The AP’s USB Universal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. port will now automatically shut down if the temperature of the port reaches 125°C.

The cell-size-reduction parameter in the rf-dot11a-radio-profile command has been reintroduced to reduce cell size by controlling Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. Rx sensitivity. This parameter is used to manage dense deployments and to increase overall system performance and capacity by minimizing co-channel interference and optimizing channel reuse. The default value of this setting is 0. The sensitivity range values can be configured from 0 to 20. It is recommended that Aruba support engineering is contacted in order to adjust the cell-size-reduction configuration. Manipulating this configuration without guidance from Aruba support may have serious adverse effects on network performance.

Starting from AOS-8.10.0.0, the maximum timeout value for RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server authentication has been increased from 30 seconds to 120 seconds.

Currently, the maximum character count for username and password in management authentication is 32. Starting from AOS-8.10.0.0 , the character count has been increased to 128.

Starting from AOS-8 8.10.0.9, a new command is being added to the CLI, show datapath dpi counters. This command displays additional DPI debug counters to improve debugging.

AOS-8 now supports Jumbo Lite frames over IPv4 and IPv6 site-to-site tunnels for the virtual mobility controllers (VMC)s. This feature allows the VMC to forward data frames over an IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. site-to-site tunnel that are larger than 1500 bytes without fragmentation, which enhances the overall network performance.

AOS-8.10.0.0 is the first release to adopt the new Long Supported Release (LSR) and Short Supported Release (SSR) terminology. Releases going forward are delivered in the following pattern, LSR, SSR, SSR and then LSR.

LSRs include 4 years of routine maintenance (bugs and vulnerability patches) and an additional 1 year of vulnerability patches on an as needed basis for High or Critical CVSS issues. SSR includes routine maintenance until the next SSR or LSR is released.

AOS-8.10.0.0 is an LSR and the WebUI, CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions., and SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention.  commands will reflect this update.

Postquantum Preshared Key (PPK) support is added to IKEv2 Internet Key Exchange version 2. IKEv2 uses the secure channel established in Phase 1 to negotiate Security Associations on behalf of services such as IPsec. IKEv2 uses pre-shared key and Digital Signature for authentication. See RFC 4306. . It is limited to site-to-site VPNs.

The AirGroup version 2 module now accepts RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  authentication profile changes such as nas-IP and source-interface through the aaa authentication-server radius command. Rather than depending on the Mobility Conductor's settings, this feature allows for specific authentication-related configurations to be applied to managed devices.

The configuration varies depending on the AirGroup mode used:

• Centralized mode requires configurations to be applied on both the Mobility Conductor and managed device. In the case of having different profiles configured, the managed device's profile will take priority.
• Distributed mode requires node-specific configuration. In the case of having governing managed devices, the configuration will apply to all member nodes. However, node-specific configuration can still be applied to member nodes if needed.

ClientMatch supports separate band-steer for 5 GHz Gigahertz. and 6 GHz Gigahertz. capable clients on Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. 6E APs.

AOS-8 now supports SES-Imagotag and Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. Co-existence for Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. 6 and Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. 6E access points.

AOS-8 supports 802.11mc Fine Timing Measurement feature on Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. 6E APs (630 Series and 650 Series access points).

AOS-8 now supports DigiCert Global G2 root CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. certifications for Azure IoTHub and DPS connection.

AOS-8 supports the Flash EIRP Effective Isotropic Radiated Power or Equivalent Isotropic Radiated Power. EIRP refers to the output power generated when a signal is concentrated into a smaller area by the Antenna. limit for UNII channels of 6 GHz Gigahertz. bands Band refers to a specified range of frequencies of electromagnetic radiation. on Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. 6E APs (630 Series and 650 Series access points).

AOS-8 can now be installed using vSphere Hypervisor version 7.0.

AOS-8 supports the Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. uplink feature on Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. 6E APs (630 Series and 650 Series access points) for 2.4 GHz Gigahertz., 5 GHz Gigahertz., and 6 GHz Gigahertz. radio bands Band refers to a specified range of frequencies of electromagnetic radiation..

Starting from AOS-8.10.0.0, a new process named Telemetry Manager (TM ) has been introduced to offload the management interfaces, AMON Advanced Monitoring. AMON is used in Aruba WLAN deployments for improved network management, monitoring and diagnostic capabilities. and MON from the station management process(STM Station Management. STM is a process that handles AP management and user association.).

Starting from AOS-8.10.0.0, the scaling capacity of Aruba7240controllers has been reduced to that of Aruba7220controllers.

A new parameter VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. is introduced for the wireless clients in the Customize Column on the Dashboard > Overview page.

AOS-8 allows exporting IDS Intrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. event logs from the Security dashboard from the Web UI User Interface..

In AOS-8.10.0.9, AAC will send AMON Advanced Monitoring. AMON is used in Aruba WLAN deployments for improved network management, monitoring and diagnostic capabilities. AP information messages to indicate the AP's standby AAC.

In AOS-8.10.0.9, port monitoring has been implemented on port channels interface on x86 platforms.