NOTE:
Standard Power operations for 6E APs will be disabled until all certifications are accomplished. Once certifications are in place, Frequency Coordination Orchestrator (FCO) service will be available for implementation in 6 Standard Power enabled APs running AOS-8.12.0.0.
|
Short Supported Release
AOS-8.12.0.0 is a Short Supported Release (SSR).
|
Accessibility Improvements
|
This release includes significant enhancements in accessibility features:
-
Luminosity Contrast Fixes: Improved contrast ratios throughout the user interface to ensure better visibility and readability for users with visual impairments.
-
Redesigned Form Elements: Checkboxes, ratio buttons, and toggle buttons have been redesigned for higher visibility. These elements now stand out more clearly against various backgrounds, aiding users with visual challenges.
-
Enhanced Support for Screen Readers: Significant improvements have been added in the software's compatibility with screen readers.
-
Improved Keyboard Navigation: Enhanced keyboard navigation capabilities, ensuring a smoother and more intuitive experience for users who navigate without a mouse.
|
Addition of Aruba and New Modems to Device List
|
AOS-8.12.0.0 adds Aruba--Gen1, Aruba--Gen2, Inseego SC4 to the device list.
|
Addition of Symmetric Cipher -256
|
AOS-8.12.0.0 adds the symmetric cipher Advanced Encryption Standard 256 (-256) as an server functionality.
|
AirGroup Server Based Policy Support
|
AOS-8.12.0.0 relaunches support for Server Based Policy in AirGroup v2 .
|
Version 2 Support
|
Starting with AOS-8.12.0.0, Mobility Conductor and Managed Devices will run Version 2. This enhancement is true for both Standalone and Distributed modes of the managed devices
|
Authentication Survivability Allows Automatic MPSK Passphrase Caching
|
Authentication survivability has been enhanced to include MPSK authentication. This enables cached data from a prior MPSK authentication to be available for to authenticate and authorize users in case of server inaccessibility.
|
64 bits Counter for External Monitoring Systems
|
In large deployments, it is now to possible capture traffic statistics with the addition of a 64-bit counter to the . This new counter is referred as wlanAPChTotBytes64, and will coexist with the 32-bit wlanAPChTotBytes integer. When traffic exceeds the limit number imposed by the 32-bit integer, it will reset to 0 and the new 64 bit integer will continue to increase.
|
6 Enablement for AP-654 and AP-634 Access Points
|
Starting from AOS-8.12.0.0, the AP-654 and AP-634 platforms will support 6 operation, with support from Aruba’s Frequency Coordination Orchestrator (FCO) solution, which will enable the Automated Frequency Coordination (AFC) feature for standard power operation.
|
BLE Beacon Monitoring in Mobility Conductor - Managed Device Topology
|
This release introduces significant enhancements in the management of (Bluetooth Low Energy) beacons within Mobility Conductor- Managed Device topology. This update introduces changes in the WebUI and export functionality for beacon information, streamlining the management process for large-scale deployments.
|
New Parameter for Number of Autoassociate Hops in AirGroup Version 2 Profiles
|
AirGroup profiles now allow the explicit configuration of auto-association hops. The option permits both 0-hop and 1-hop configurations to accommodate different deployment necessities, as well as compatibility with ClearPass Policy Manager and location policies. The new parameter can be set through both the WebUI and and is set to 1 by default.
|
The Delete Option has been Improved in the Mobility Conductor’s Panel Tree
|
AOS-8.12.0.0 improves how the delete option displays in the Mobility Conductor’s panel tree.
|
Enhanced Support for AP IPv6 Address Generation
|
In the updated IPv6 address generation process, users can now seamlessly switch between address generation methods. While the default method remains the AP address (EUI-64) format, an option to change to the Stable Privacy method is now available. This update introduces a new parameter, ip6-addr-gen-mode, within the provision-ap command for easy switching between these methods. The new parameter offers the following set of configuration options:
- ip6-addr-gen-mode eui64
- p6-addr-gen-mode stable-privacy
- no ip6-addr-gen-mode
|
Enhanced Debugging Experience in the 2.4 GHz and 5 GHz Radio Profile
|
The scheduler-mode parameter is being added to the radio profile to provide a better debugging experience. The parameter accepts two possible configurations, fairness and latency. The default parameter is set to fairness, which enables Traffic Allocation Framework (TAF) on the radio profile. The latency parameter disables TAF. It is recommended that Aruba support engineering is contacted to adjust the scheduler-mode configuration. Manipulating this configuration without guidance from Aruba support could cause fairness issues on the network.
|
Enhanced Debugging Experience in the 6 GHz Radio Profile
|
Enhancement to BMAP Handling in VLAN Configuration
|
This enhancement eliminates the need for Virtual AP reconfiguration. This is achieved by no longer updating cluster bucketmaps at the time of configuration, whenever a is added or removed. Additionally, with this change, STA L2 vs. L3 connectedness in a cluster has been eliminated. In turn, all stations are now assumed to be L2 connected. This enhancement introduces three key changes:
-
Hitless failover: Cluster APs switch station traffic over to their standby UAC, but leave their 802.1x authentication association intact, resulting in a no-deauthentication failover.
-
retention: No new derivation occurs on standby UACs. Stations will keep the originally assigned . It is important to note that this means that if the association is not present on the standby UAC, the station’s traffic will be blackholed until the station reconnects.
-
Cluster commands: To check for mismatches, the command show lc-cluster vlan-probe status is recommended. Per the change above, the show lc-cluster group-membership will always display devices as L2-connected.
Note: It is expected that all user within a cluster are configured on all managed devices within the cluster to ensure seamless client failovers.
|
Enabling SIM PIN Configurations for USB LTE Modems on Remote APs
|
Starting with AOS-8.12.0.0, configurations can be set on by using commands instead of AT commands.
|
Enable or Disable Deauth-based Steers for 802.11v and non-802.11v Clients
|
AOS-8.12.0.0 introduces the cm-deauth-steer-mode parameter in the arm profile, which enables or disables deauth-based steers for both and non clients.
|
Enforce DHCP for UBT Clients
|
AOS-8.12.0.0 implements an option to configure enforce DCHP for UBT clients in the . When using various roles or with user-based tunneling, the enforce-dhcp functionality is available at the role level.
|
Enhanced ASSERT Logging on 500 Series and 600 Series Access Points
|
AOS-8 introduces the show ap debug wlan-firmware-alert-logs command to record TARGET ASSERT logs from 500 Series and 600 Series access points.
|
Enhanced SNMP Server Configuration for Individual Controller Identification
|
In this release, we introduce a significant enhancement to the (Simple Network Management Protocol) server configuration.
The new vrrp-id parameter has been added to the snmp-server command, allowing users to assign a unique IP address as an identifier for each controller. This feature is designed to address the challenges faced in environments where multiple controllers are configured with the same IP address under the Virtual Router Redundancy Protocol (). This enhancement ensures traps and informs are correctly attributed to individual controllers, particularly after state changes.
|
Generic RADIUS Location Information Delivery Service
|
This release introduces generic location information support in , which facilitate advanced location-aware network functionalities. These enhancements enable precise location-based policy enforcement and improve billing and accounting practices. For the purpose of this release, only civic location attributes are supported. This enhancement introduces the following changes:
- The ap location-profile command is added to configure a profile that specifies the location information for access points.
- A new parameter ap location profile has been added to the ap-group command, and a new ap location profile parameter has been added to the ap-name command.
- Two new parameters, radius-loc-obj-in-access and radius-loc-obj-in-accting have been added to the aaa-profile command.
- The show ap debug ap-location command has been added to display effective AP location information as well as metadata for debugging purposes.
- The output of the existing show dot1x ap-hash-table command has been enhanced to display the effective AP location information.
|
GPS Ellipse Computation
|
As part of AFC implementation, it is possible to calculate the ellipse, by means of a series of functions based on the data. This feature is available on Mobility Conductors and It can only be configured in APs equipped with chip.
|
Hardening Logical Port Security
|
This release introduces updates to the management of logical ports on the controller. The update includes hardening enhancements designed to optimize port usage by removing references to unused ports. Previously, certain legacy application integrations required specific ports for communication. Since these applications are no longer in use, the interfaces and ports dedicated to them have become unnecessary. Such ports and interfaces have been dereferenced. Default control plane rules have been applied. This change is applicable across all controller platforms. These ports are deactivated by default and no additional configurations are required. If required, ports can be activated by configuring rules under the cp command.
|
Introduction of New 11ax Statistics
|
This release provides additional radio, client, and virtual access points statistical data leveraging the latest 6 capabilities for improved network management and optimization. This data is key for enhanced troubleshooting, allowing for quick identification and resolution of network issues and more precise network tuning.
|
Implementation of Cryptographic Hashing within
|
AOS-8.12.0.0 implements the utilization of HMAC based -224, -256, -384 and -512 cryptographic hashing within . The show snmp user-table command was updated for AOS-8.12.0.0.
|
Improvement of Random Channel Selection in Mobility Conductors
|
In AOS-8.12.0.0, the speed and quality of random channel selection has been improved in Mobility Conductors when the configuration is changed for the APs.
|
Improvement in Aruba AP Statistics
|
Several statistics have been improved for APs running AOS-8.12.0.0.
|
Implementation of an Option to Configure the Aggressiveness Threshold
|
In AOS-8.12.0.0, a new parameter called coverage-level-2-4GHz under the airmatch profile command is introduced to configure the aggressiveness threshold. It is required to enable the airmatch-mode-aware parameter under the rf profile command.
|
Implementation of SCP for Secure Image Download
|
AOS-8.12.0.0 implements the protocol for secure image download. The scp-img-upgrade-preference command is available to enable for secure image download and it uses port 22 as default.
For more details on how to handle AP image download, see Possible Scenarios during AP Image Download.
|
Integration of New Statistics for 6 Radio into Telemetry Systems
|
This release includes a significant update to our 6 radio telemetry capabilities. This feature enhances the statistical data available for 6 radios providing deeper insights and analytics. These new statistics are incorporated into the existing telemetry flow, from Air Monitors () to the Spectrum Telemetry Module (), and from to Aruba Monitoring and Network Operations (/MON).
|
New Syslog Error Alert in Mobility Controllers for Misconfigured or Failed AirMatch States
|
In AOS-8.12.0.0, a syslog error alert appears in Mobility Controllers for misconfigured or failed AirMatch States which can be checked with the show log errorlog all | include AirMatch and show log errorlog all | include mcell_recv commands.
|
No Support for Air Slice in AOS Campus Deployments
|
Starting with AOS-8.12.0.0, Air Slice support will not be available. If Air Slice is enabled prior to the upgrade, it will be displayed as enabled in the configuration, but it will not take effect internally. The following commands have been impacted:
- show profile-list airslice-profile
- show ap bss-table
- show airslice
- ap-group
- ap-name
- airslice
|
On-Demand MongoDb Clean up
|
MongoDB is used by several services, and any issue on the database impacts all of its users. If the process dbstart_mongo is found to be in INIT state, customers can run the process cleanup name dbstart_mongo command and trigger the database cleanup when needed. This feature is particularly effective in scale deployments with large databases.
|
Optimization in Tx Retransmissions
|
AOS-8.12.0.0 optimizes Tx rate adaptation to reduce retransmissions during idle background traffic when using 5 and 6 connections.
|
RADIUS Authentication Server Profile Configurations Added to AirGroup Version 2
|
The AirGroup version 2 module now accepts authentication profile changes such as nas-IP and source-interface through the aaa authentication-server radius command. Rather than depending on the Mobility Conductor's settings, this feature allows for specific authentication-related configurations to be applied to managed devices.
The configuration varies depending on the AirGroup mode used:
- Centralized mode requires configurations to be applied on both the Mobility Conductor and managed device. In the case of having different profiles configured, the managed device's profile will take priority
- Distributed mode requires node-specific configuration. In the case of having governing managed devices, the configuration will apply to all member nodes. However, node-specific configuration can still be applied to member nodes if needed.
|
Support for AP-584 Access Points Outdoor Operation in France and Israel
|
The information for AP-584 access points now complies with the regulatory guidelines that allow for outdoor operation in France and Israel.
|
Support for 2 MBSSID Groups with 8 SSIDs on the 6 GHz Band
|
This release broadens the capabilities of APs with enhanced support for Multiple (MBSSID) groups, particularly targeting the 6 for 6E compliance.
- APs are equipped to manage up to 2 MBSSID groups.
- Each group can accommodate up to four 6 VAPs (Virtual Access Points) to broadcast 8 unique across the 6 spectrum.
- Addition of new options and MultiZone configurations, providing granular control and customization for network users.
|
Support for Higher Bit Sizes in Signature Generation
|
AOS-8.12.0.0 introduces support for higher key sizes in certificate signature generation to comply with United States Government security guidelines. Specifically, keys will be 3072 bits or greater, while keys will be 384 bits or higher.
|
Support for Latest VMware and Microsoft Hypervisors
|
Starting with AOS-8.12.0.0, all Virtual Mobility Controllers and Virtual Mobility Conductors, support VMware ESXi version 8.0 and Microsoft Hyper-V 2022 version. For complete technical details and installation instructions, see the Aruba Virtual Appliance Installation Guide.
|
Support for Public Key Authentication
|
AOS-8.12.0.0 supports and authentication, which allow users to securely access remote servers or computers.
|
Tap Functionality to Control LED Behavior on AP-605H Access Points
|
Starting with AOS-8.12.0.0, AP-605H access points support tactile control to toggle the operating mode between normal and off. This flip occurs only when the AP is active and configured in normal mode just by tapping the front of the AP.
|
Tracking of Randomized MAC Addresses
|
This feature enables the tracking of probe requests from clients using randomized addresses, offering deeper insights into client presence within the network infrastructure. This update is pivotal for businesses seeking advanced analytics in environments where understanding visitor behavior and network usage patterns is essential. With this enhancement, the new parameters laa-counter-msg and laa-counter-msg-interval are introduced on existing ids general-profile default. Counter information is sent to using profile default-ale command.
|
Updated Dongle Firmware Upgrade for SES-Imagotag SCD
|
This release introduces updates for the SES-Imagotag SCD firmware. This enhancement enables the capability for dongles to generate a Claim-ID, a critical component for establishing a secure connection to V:Cloud. This feature addresses the need for enhanced security in data communication between retail management systems and V:Cloud.
|
Upgrade in Maximum AP Count in 9012 Controllers
|
In AOS-8.12.0.0, the maximum AP count for 9012 controllers is upgraded from 32 to 64.
|
Zigbee Radio Profile Supports Multiple Channels
|
AOS-8.12.0.0 incorporates an option to add multiple channels in the Zigbee's radio profile. This new feature is available in the Managed Network > Configuration > > Radios page of the WebUI.
|
Wi-Fi 6E Standard-Power Support for Automated Frequency Coordination
|
Frequency Coordination Orchestrator (FCO) is a cloud service that is offered to supported, standard power APs operating in the 6 . HPE Aruba Networking’s Frequency Coordination Orchestrator (FCO) solution, also known as Automatic Frequency Coordination (AFC), will enable the Automated Frequency Coordination (AFC) for 6 standard power APs in campus deployments.
Note: This feature is not intended to work with standalone deployments or any other deployment in campus mode that does not involve Mobility Conductors.
|
AirGroup Throttling Mechanism
|
This feature addresses connection issues between OFC and in Centralized mode through ZMQ, particularly when the outgoing packet rate exceeds a certain threshold (15,000 packets per second (pps) or 900,000 packets per minute (ppm), resulting in scaling challenges with the ZMQ send operation to OFC. To mitigate this, the feature introduces packet transmission throttling as the packet count approaches this limit. Throttling is implemented by monitoring the number of packets transmitted each minute and then determining whether to allow or drop a packet based on the configurable throttling threshold (Default: 900000 ppm). The max-servers-per-query parameter is ignored till 75% of this throttling limit and will be honored between 75% to 90% mark. Post 90% throttling limit, the packets will be dropped.
Along with this change, some updates have been made to the to manage this feature. The new configuration parameter pkt-throttle-limit has been added to the airgroup profile network command to set the throttling limit in packets per minute. Additionally, the outputs of the commands, show airgroup status, show airgroup internal-state statistics ppm, and show airgroup tracebuf have been enhanced to include related information.
|