9240 AOS8 - UX/ - Capacity Licensing
|
AOS-8 supports Capacity Licenses option in the WebUI.
|
Add support for rsa-sha2-256 and higher ciphers
|
Starting with AOS-8.10.0.0 rsa-sha2-256 and higher ciphers are supported for protocol.
|
Advertise Wide Bandwidth Information Element in Neighbor Report Responses
|
A new setting called Advertise Wide Bandwidth IE in Neighbor Report Responses is added to the profile configuration to include wide channel bandwidth information element in the neighbor report responses. This setting is enabled by default.
|
AirMatch Mode Aware
|
AOS-8 allows to dynamically optimize the use of 2.4 radios in dense environment. With AirMatch mode aware, AirMatch converts some of the 2.4 radios to monitoring mode keeping coverage for all the at priority.
|
Allow search based on special characters
|
From AOS-8.10.0.0 onwards, user can search, sort, or filter APs, Controllers, Client devices even when they have special characters such as +, *, &, %, $, #, etc.
|
AP-58x: Support CAP mesh
|
AOS-8 supports Mesh APs on 580 Series APs.
|
AP-58x: Support WIFI uplink
|
AOS-8 supports uplink on 580 Series APs.
|
AOS-8 8 Multiversion Enhancement
|
With the introduction of the Long Supported Release (LSR) and Short Supported Release (SSR) terminology in AOS-8.10.0.0, a Mobility Conductor running an LSR release supports managed devices running the same release and the three preceding releases. This is considered as N-3 support. This allows a customer to run the latest LSR, the previous SSRs and the previous LSR simultaneously. A Mobility Conductor running an SSR release supports managed devices running the same release and the two preceding releases. This would be considered N-2 support and is the same behavior as the pre-AOS-8.10.0.0 multiversion support.
|
Aruba USB LTE Modem for Remote APs
|
AOS-8 supports a new Aruba modem that allows plug-and-play to provision the
modem for both and networks on Remote APs.
|
Command Support for AP Antenna Detection on 6E APs
|
AOS-8 supports the show ap antenna status command for 6E APs (630 Series and 650 Series access points).
|
Detected Radios
|
AOS-8 supports sorting and filtering capabilities on the following columns in the Dashboard > Security > Detected Radios page:
- Bandwidth
- Secondary Channel
- Confidence Level
- Encryption
- Discovered Time
- Match Time
- Match AP/Rule
|
Denylist clients in case of a security context override attempt with the denylist-sco-attack parameter
|
The aaa-profile command now accepts the denylist-sco-attack parameter, which enables denylisting for clients that attempt to perform a security context override, improving security against malicious authenticated clients. The default value of this parameter is set to disabled.
|
Display Client Kickout Occurrences on APs
|
The show ap debug client-kickout-logs command is introduced to display detailed information on the last 12 occurrences of the client deauthentication logs in 530 Series, 550 Series, 630 Series, and 650 Series access points.
|
Display LLDP Neighbor Chassis ID / Port ID during AP Provisioning
|
The WebUI now displays Neighbor Chassis ID / Port ID while provisioning an AP.
|
Displaying remote client count from WebUI
|
A new icon VIA is introduced to display the remote VIA clients in the Dashboard > Overview page of the WebUI. This icon displays the number of remote VIA clients that are connected to the Managed Device.
|
Enhancements in the tunnel mode
|
Enhancements in the tunnel mode to ensure that AOS-8 responds within 100 milliseconds (ms) to roaming client requests so that the clients can roam successfully even when AOS-8 is under heavy load.
|
Enhancements to Default Gateway for dedicated OOB Management
|
The ip default-gateway command is modified to configure the default
for dedicated OOB management port on 7000 Seriescontrollers.
|
Enhancements to Dump Collection
|
The WebUI is modified to allow users to regulate the core dump files sent to the managed device. The transfer-enable sub-parameter was added to the dump-collection-profile parameter to enable APs to transfer the core dump.
|
Enhancements to
|
Additional reduction steps are introduced in the ap-system profile <name> ipm-power-reduction-step-prio ipm-step command to reduce the power consumption and the operating temperature of the AP when is enabled.
|
Enhancements to RRE IM Profile configuration
|
The Import option in the Configuration > System > Profiles > All Profiles > Management > 6 radio > RRM IE Settings for 6GHz page of the WebUI allows to copy the configuration parameters of an existing RRM IE profile .
|
Enhancements to the show mon-serv-mesh-tbl-entry command
|
The 6G parameter has been added to the show mon-serv-mesh-tbl-entry command to display the entries of 6 radio .
|
Export Denied Clients to CSV
|
AOS-8 allows to export the list of denied clients to a file with a progress indicator.
|
Export Detected Clients to CSV
|
AOS-8 allows to export the list of detected clients to a file with a progress indicator.
|
Export Detected Radios to CSV
|
AOS-8 allows to export the list of detected radios to a file with a progress indicator.
|
Export Events to CSV
|
AOS-8 allows to export the list of events radios to a file with a progress indicator.
|
Ghost Tunnel Attack Detection
|
AOS-8 allows detection of ghost tunnels on both the server side and client side.
|
GPS Profile
|
AOS-8 supports configuring the profile. The profile enables or disablesof the U-Blox receiver in APs.
|
Grouping Firewall Sessions for Managed Devices
|
AOS-8 allows grouping of policy enforcement visibility sessions for managed devices based on the
same .
|
Handling over current in AP’s USB Port
|
The AP’s port will now automatically shut down if the temperature of the port reaches 125°C.
|
Improved Interference Immunity by Decreasing Rx Desense Level
|
The cell-size-reduction parameter in the rf-dot11a-radio-profile command has been reintroduced to reduce cell size by controlling Rx sensitivity. This parameter is used to manage dense deployments and to increase overall system performance and capacity by minimizing co-channel interference and optimizing channel reuse. The default value of this setting is 0. The sensitivity range values can be configured from 0 to 20. It is recommended that Aruba support engineering is contacted in order to adjust the cell-size-reduction configuration. Manipulating this configuration without guidance from Aruba support may have serious adverse effects on network performance.
|
Increase in the RADIUS server authentication timeout value
|
Starting from AOS-8.10.0.0, the maximum timeout value for server authentication has been increased from 30 seconds to 120 seconds.
|
Increase in the Username and Password Character Limit for Management Authentication
|
Currently, the maximum character count for username and password in management authentication is 32. Starting from AOS-8.10.0.0 , the character count has been increased to 128.
|
Introduction of the show datapath dpi counters command
|
Starting from AOS-8 8.10.0.9, a new command is being added to the CLI, show datapath dpi counters. This command displays additional DPI debug counters to improve debugging.
|
Jumbo Lite Frames Support
|
AOS-8 now supports Jumbo Lite frames over IPv4 and IPv6 site-to-site tunnels for the virtual mobility controllers (VMC)s. This feature allows the VMC to forward data frames over an site-to-site tunnel that are larger than 1500 bytes without fragmentation, which enhances the overall network performance.
|
New AOS-8 8 Release Terminology
|
AOS-8.10.0.0 is the first release to adopt the new Long Supported Release (LSR) and Short Supported Release (SSR) terminology. Releases going forward are delivered in the following pattern, LSR, SSR, SSR and then LSR.
LSRs include 4 years of routine maintenance (bugs and vulnerability patches) and an additional 1 year of vulnerability patches on an as needed basis for High or Critical CVSS issues.
SSR includes routine maintenance until the next SSR or LSR is released.
AOS-8.10.0.0 is an LSR and the WebUI, , and commands will reflect this update.
|
Postquantum Preshared Key (PPK) support for IKEv2
|
Postquantum Preshared Key (PPK) support is added to . It is limited to site-to-site VPNs.
|
RADIUS Authentication Server Profile Configurations Added to AirGroup Version 2
|
The AirGroup version 2 module now accepts authentication profile changes such as nas-IP and source-interface through the aaa authentication-server radius command. Rather than depending on the (Undefined variable: Variables.Mobility Conductor)'s settings, this feature allows for specific authentication-related configurations to be applied to managed devices.
The configuration varies depending on the AirGroup mode used:
- Centralized mode requires configurations to be applied on both the (Undefined variable: Variables.Mobility Conductor) and managed device. In the case of having different profiles configured, the managed device's profile will take priority.
- Distributed mode requires node-specific configuration. In the case of having governing managed devices, the configuration will apply to all member nodes. However, node-specific configuration can still be applied to member nodes if needed.
|
Separate Band-Steer for 5 GHz and 6 GHz Radios
|
ClientMatch supports separate band-steer for 5 and 6 capable clients on 6E APs.
|
SES-Imagotag and Co-Existence Support for 6 and 6E Access Points
|
AOS-8 now supports SES-Imagotag and Co-existence for 6 and 6E access points.
|
Support for 802.11mc Fine Timing Measurement on 6E APs
|
AOS-8 supports 802.11mc Fine Timing Measurement feature on 6E APs (630 Series and 650 Series access points).
|
Support for DigiCert Global G2 root certifications
|
AOS-8 now supports DigiCert Global G2 root certifications for Azure IoTHub and DPS connection.
|
Support for Flash EIRP limit on 6 GHz bands
|
AOS-8 supports the Flash limit for UNII channels of 6 on 6E APs (630 Series and 650 Series access points).
|
Support for Hypervisor version 7.0
|
AOS-8 can now be installed using vSphere Hypervisor version 7.0.
|
Support for Wi-Fi Uplink on Wi-Fi 6E APs
|
AOS-8 supports the uplink feature on 6E APs (630 Series and 650 Series access points) for 2.4 , 5 , and 6 radio .
|
Telemetry Manager Process
|
Starting from AOS-8.10.0.0, a new process named Telemetry Manager (TM ) has been introduced to offload the management interfaces, and MON from the station management process().
|
The revised scaling capacity of Aruba 7240 controllers
|
Starting from AOS-8.10.0.0, the scaling capacity of Aruba 7240 controllers has been reduced to that of Aruba 7220 controllers.
|
VLAN support for Wireless Clients
|
A new parameter is introduced for the wireless clients in the Customize Column on the Dashboard > Overview page.
|
WIDS Event Export Enhancement - Add More Fields to Exported Data
|
AOS-8 allows exporting event logs from the Security dashboard from the Web .
|
AAC will report link status to other devices
|
In AOS-8.10.0.9, AAC will send AP information messages to indicate the AP's standby AAC.
|
Implementation of Port Monitoring on x86 Platforms
|
In AOS-8.10.0.9, port monitoring has been implemented on port channels interface on x86 platforms.
|