What's New in this Release

This section lists the new features, enhancements, or hardware platforms introduced in Aruba Instant 8.12.0.0.

New Features and Enhancements

Table 1: New Features in Aruba Instant 8.12.0.0

Feature

Description

Short Supported Release

Instant AOS-8.12.0.0 is a Short Supported Release (SSR).

Ability to Specify Key Type When Using EST

A new option to select RSA Rivest, Shamir, Adleman. RSA is a cryptosystem for public-key encryption, and is widely used for securing sensitive data, particularly when being sent over an insecure network such as the Internet.-4096 key length and ECDSA Elliptic Curve Digital Signature Algorithm. ECDSA is a cryptographic algorithm that supports the use of public or private key pairs for encrypting and decrypting information. certificates is available.

For complete technical details, see the Instant AOS-8 CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. Guide.

Auto-assign an EST Provisioned Certificate to the Wi-Fi Uplink

Instant AOS-8.12.0.0 introduces the ability to auto-assign an EST received certificate to the Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. Uplink features, such that it can be used to support an EAP-TLS EAP–Transport Layer Security. EAP-TLS is a certificate-based authentication method supporting mutual authentication, integrity-protected ciphersuite negotiation and key exchange between two endpoints. See RFC 5216. authentication.

Support for AP-584 Access Points Outdoor Operation in France and Israel

The DRT Downloadable Regulatory Table. The DRT feature allows new regulatory approvals to be distributed for APs without a software upgrade or patch. information for AP-584 access points now complies with the regulatory guidelines that allow for outdoor operation in France and Israel.

Detection and Containment of Wi-Fi Direct Devices

New commands have been introduced to detect and contain devices associated with Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. Direct groups under the IDS Intrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. profile.

  • detect-wifi-direct-p2p-groups
  • no detect-wifi-direct-p2p-groups
  • protect-wifi-direct-p2p-groups
  • no protect-wifi-direct-p2p-groups
  • wifi-direct-network-quiet-time

Deprecation of SHA-1 Cipher Suites for RadSec Server

Instant AOS-8.12.0. allows users to include or exclude SHA Secure Hash Algorithm. SHA is a family of cryptographic hash functions. The SHA algorithm includes the SHA, SHA-1, SHA-2 and SHA-3 variants. -1 cipher suites from the RadSec server. Th cipher suite can be configured using the newly introduced radsec-ciphers-level <all|high> parameter.

Enhanced Debugging Experience in the Radio Profile

The scheduler-mode parameter is being added to the radio profile in order to provide a better debugging experience. The parameter accepts two possible configurations, fairness and latency. The default parameter is set to fairness, which enables Traffic Allocation Framework (TAF) on the radio profile. The latency parameter disables TAF. It is recommended that Aruba support engineering is contacted in order to adjust the scheduler-mode configuration. Manipulating this configuration without guidance from Aruba support could cause fairness issues on the network.

Enhanced LLDP Link Layer Discovery Protocol. LLDP is a vendor-neutral link layer protocol in the Internet Protocol suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, which is principally a wired Ethernet. Information for Neighbor Devices

This enhancement enables users to access more detailed information about neighboring devices. The output of the show ap debug lldp info command has been updated to provide a richer set of data regarding neighboring devices. A new remote_system_description field in the command output now includes device information such as device model information, software version information, among others.

Enhancement for Configuring Non-DFS Channels

Starting with Instant AOS-8.12.0.0, when configuring access point control settings for the 5 GHz Gigahertz. radio, a new checkbox named Check All Non-DFS Dynamic Frequency Selection. DFS is a mandate for radio systems operating in the 5 GHz band to be equipped with means to identify and avoid interference with Radar systems. Channels is available to select all Non-DFS Dynamic Frequency Selection. DFS is a mandate for radio systems operating in the 5 GHz band to be equipped with means to identify and avoid interference with Radar systems. channels at once in order to remove them from the allow-channel list. In the WebUI, this new checkbox can be found under Configuration > RF Radio Frequency. RF refers to the electromagnetic wave frequencies within a range of 3 kHz to 300 GHz, including the frequencies used for communications or Radar signals. > ARM Adaptive Radio Management. ARM dynamically monitors and adjusts the network to ensure that all users are allowed ready access. It enables full utilization of the available spectrum to support maximum number of users by intelligently choosing the best RF channel and transmit power for APs in their current RF environment. > Show advanced options > Customize valid channels > Valid 5 GHz Gigahertz. channels> Edit > Check All Non-DFS Dynamic Frequency Selection. DFS is a mandate for radio systems operating in the 5 GHz band to be equipped with means to identify and avoid interference with Radar systems. Channels.

Enhanced Telemetry with New Radio, Client, and VAP Statistics

This release broadens our telemetry capabilities with the addition of new statistics for radios, clients, and virtual APs (VAPs). These new metrics provide deeper visibility into network performance, user experience, and the wireless environment. These new statistics are visible in the output of the commands show ap debug radio-stats, show ap debug client-stats, and show ap debug bss-stats.

Enhancements to the show audit-trail Command Output

This release introduces improvements to the show audit-trail command output to assist users in better diagnosing and understanding system events. The command now provides a more detailed and comprehensive output, offering deeper insights into system operations and changes. New output details:

  • Member Receive Full Config Events
  • Conductor Receive Delta Events
  • Config Init Event with Reason
  • System Time Change Events
  • Capture Fail Reason for Command Execution.
  • Reboot Event Logging

Enhanced USB Universal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. Dongle Firmware Upgrade for SES-Imagotag SCD

This releases introduces an advanced feature for the SES-Imagotag SCD. This enhancement enables the capability for dongles to generate a Claim-ID, a critical component for establishing a secure connection to V:Cloud. This feature addresses the need for enhanced security in data communication between retail management systems and V:Cloud.

Port Bounce for Wired Clients on Instant APs

This release introduces a new feature for Instant Access Point(IAP) that automatically reinitiates DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  requests following a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. change. This enhancement specifically affects wired non-802.1x clients in scenarios where there is a change in authorization events.

External Antenna Provision Support for 6 GHz

In Instant AOS-8.12.0.0, 6 GHz Gigahertz. external antenna provision configuration is available in the radio settings of APs. The external-antenna-6ghz and ant-pol-6ghz commands have been included as an option to properly configure 6 GHz Gigahertz. external antenna gain.

Firmware Synchronization Improvement in CoP for Instant AP Cluster with Different Models

Instant AOS-8.12.0.0 improves firmware synchronization in CoP for Instant AP cluster with different models.

Configuring WLAN Settings for an SSID Profile

In Instant AOS-8.12.0.0, an option to control QBSS Load Information Element has been implemented, it is activated with the wlan Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. ssid-profile <ssid-profile> qbss-load-enable command.

Configuring IDS

Instant AOS-8.12.0.0 implements an option to control parsing AWDL frames.

No Support for Air Slice in Instant AP Deployments

Starting with Instant AOS-8.12.0.0, Air Slice support will not be available. If Air Slice is enabled prior to the upgrade, it will be displayed as enabled in the configuration, but it will not take effect internally. The following commands have been impacted:

SKU Stock Keeping Unit. SKU refers to the product and service identification code for the products in the inventory. Number Added to the show activate status Command

Starting with Instant AOS-8.12.0.0, APs will display their SKU Stock Keeping Unit. SKU refers to the product and service identification code for the products in the inventory. number to identify themselves to Activate/Central if the SKU Stock Keeping Unit. SKU refers to the product and service identification code for the products in the inventory. number is shipped in flash.

Recovery Mechanism in the Event of Central Connection Failure

DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  option 43 will now support an alternate IP address for data center redundancy. This will help customers with multiple data centers set up a backup server IP address for APs to switch to in case of a localized failure. This configuration can be applied through the ip dhcp pool option 43 CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command.

Support for 6 GHz Gigahertz. in REST Representational State Transfer. REST is a simple and stateless architecture that the web services use for providing interoperability between computer systems on the Internet. In a RESTful web service, requests made to the URI of a resource will elicit a response that may be in XML, HTML, JSON or some other defined format. APIs Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software.

Instant AOS-8.12.0.0 supports 6 GHz Gigahertz. in REST Representational State Transfer. REST is a simple and stateless architecture that the web services use for providing interoperability between computer systems on the Internet. In a RESTful web service, requests made to the URI of a resource will elicit a response that may be in XML, HTML, JSON or some other defined format. APIs Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software., which includes the addition of radio-profile-6ghz, utb-filter-block and rf-zone APIs Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software., as well as new JSON JavaScript Object Notation. JSON is an open-standard, language-independent, lightweight data-interchange format used to transmit data objects consisting of attribute–value pairs. JSON uses a "self-describing" text format that is easy for humans to read and write, and that can be used as a data format by any programming language. parameters in ssid Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network., channel and radio-state APIs Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software.. It also adds Norma and Leo as platforms to the allowed list of API Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. upgrades.

Support for NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. Authentication Mode

Instant AOS-8 allows users to configure Network Time Protocol (NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network.) keys to authenticate servers. This feature can be configured through the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. using the following commands.

  • ntp-authentication-key
  • ntp-trustedkey
  • ntp-server-key

The following commands list the details of the configured ntp authentication keys.

  • show ntp authentication keys
  • show running | include ntp

Tracking of Randomized MAC Addresses

This feature enables the tracking of probe requests from clients using randomized MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. addresses, offering deeper insights into client presence within the network infrastructure. This update is pivotal for businesses seeking advanced analytics in environments where understanding visitor behavior and network usage patterns is essential. New commands laa-counter-msg and laa-counter-msg-interval are introduced. Counters are sent to ALE Analytics and Location Engine. ALE gives visibility into everything the wireless network knows. This enables customers and partners to gain a wealth of information about the people on their premises. This can be very important for many different verticals and use cases. ALE includes a location engine that calculates associated and unassociated device location periodically using context streams, including RSSI readings, from WLAN controllers or Instant clusters. using profile default-ale.

Virtual Access Point Configuration for 6 GHz in MBSSID Groups

This release introduces support for up to 8 Virtual Access Points (VAPs) on the 6 GHz Gigahertz. radio. This update significantly expands the possibilities for network customization and segmentation, particularly beneficial for complex or high-density environments. The commands show mbssid-group-profile, show mbssid-group-profile <profile name>, mbssid-group-profile <profile name>, and no mbssid-group-profile <profile name> are introduced for visualizing and configuring MBSSID group profiles and their references to SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. profiles.

Vendor Specific IE-based Containment

Instant AOS-8 allows users to configure exclusions for IDS Intrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. containment based on vendor specific IE information. This feature allows APs to be exempted from containment even when the devices use randomized MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. addresses. This feature can be configures using the vendor-specific-ie-exclusion command.

New Hardware Platforms

Table 2: New Hardware Platforms in Instant AOS-8.12.0.0

Hardware

Description

Support for 670 Series Outdoor Access Points

The 670 Series access points (AP-675, AP-675EX, AP-677, AP-677EX, AP-679, AP-679EX) are 802.11ax Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. 6E Outdoor Access Points that offer 2x2 MIMO Multiple Input Multiple Output. An antenna technology for wireless communications in which multiple antennas are used at both source (transmitter) and destination (receiver). The antennas at each end of the communications circuit are combined to minimize errors and optimize data speed. radios, allowing for simultaneous tri-band operation. These APs also feature a wired 2.5 Gbps Gigabits per second. Smart Rate network interface and one SFP The Small Form-factor Pluggable. SFP is a compact, hot-pluggable transceiver that is used for both telecommunication and data communications applications. port for fiber support. If deployed with Instant AOS-8, the Aruba 670 Series access points will only operate as a dual-band AP in the 2.4 GHz Gigahertz. and 5 GHz Gigahertz. radios. For 6 GHz Gigahertz. operation, the APs require AOS-8.12.0.0 or later versions and deployments managed by a Mobility Conductor.

Additional features include:

For complete technical details and installation instructions, see the Aruba 670 Series Access Points Installation Guide.

Support for AP-605H Access Points

The AP-605H access point is a high-end dual-radio tri-band 2x2 MIMO Multiple Input Multiple Output. An antenna technology for wireless communications in which multiple antennas are used at both source (transmitter) and destination (receiver). The antennas at each end of the communications circuit are combined to minimize errors and optimize data speed. 802.11ax WiFi 6E hospitality AP platform supporting concurrent operation in any two of the three supported bands Band refers to a specified range of frequencies of electromagnetic radiation. (2.4 GHz Gigahertz., 5 GHz Gigahertz. and 6 GHz Gigahertz.). The mode of operation is configurable either manually or through AirMatch. Ideal for hospitality, branch, and teleworker use-cases, the AP-605H access points can be deployed in either controller-based (AOS-8) or controller-less (Instant AOS-8) network environments.

Additional features include:

For complete technical details and installation instructions, see the Aruba 600H Series Hospitality Access Points datasheet and the Aruba 600H Series Hospitality Access Points Installation Guide.

NOTE: Check with your local Aruba sales representative on new managed devices and access points availability in your country.