What's New in Instant AOS-8

The tpm parameter is added to the ap1x command to configure a factory-installed TPM Trusted Platform Module. TPM is an international standard for a secure cryptoprocessor, which is a dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices. certificate for 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication. This configuration can be selected after choosing TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. from the AP1X type drop-down list in the Configuration > System > Show advanced options > Uplink page of the WebUI.

Starting with Instant AOS-8.13.0.0, Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. Uplink has added WPA3-Enterprise support for EAP-TLS EAP–Transport Layer Security. EAP-TLS is a certificate-based authentication method supporting mutual authentication, integrity-protected ciphersuite negotiation and key exchange between two endpoints. See RFC 5216.. Specifically, as part of this update, the wpa3-ccm-128, wpa3-gcm-256, and wpa3-cnsa parameters have been added to the wlan Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. sta-profile command. These new options are also available from the Key Management drop-down list in the Configuration > System > Uplink > WiFi page of the WebUI. This feature is supported only on 500 Series and 600 Series APs.

This feature restricts Captive-Portal users from accessing the management login page of network devices. Previously, users with a pre-authentication role could access the AP local WebUI or execute CGI Common Gateway Interface. CGI is a standard protocol for exchanging data between the web servers and executable programs running on a server to dynamically process web pages. opcodes. Now, access is denied for these users, with an error message displayed if they attempt to do so.

Starting with Instant AOS-8.13.0.0, a new configuration option has been introduced to allow users to choose between using the Subject Alternative Name (SAN) or the Common Name (CN Common Name. CN is the primary name used to identify a certificate. ) as the primary field for server certificate validation. By default, the CN Common Name. CN is the primary name used to identify a certificate. is validated first. However, a new option is available to prioritize SAN validation over CN Common Name. CN is the primary name used to identify a certificate. . This option is disabled by default, ensuring that CN Common Name. CN is the primary name used to identify a certificate. validation is performed first. To configure SAN as the primary validation field, the preference-of-san-over-cn command should be used, while the no preference-of-san-over-cn command maintains CN Common Name. CN is the primary name used to identify a certificate. validation as the primary check.

DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  multicast and unicast failure messages and alerts are sent separately for improved categorization between multicast and unicast logs.

Starting from Instant AOS-8.13.0.0, an option to write a custom banner in the Instant AP WebUI has been introduced. For more information, see Accessing the Instant CLI.

A configuration option has been introduced to enable or disable the enforcement of the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  message authenticator attribute. Refer to the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. Reference Guide for the new msg-auth-required command.

Two configuration options are introduced to support the setting of Non-Preferred Scanning Channels (non-PSCs) in the 6 GHz Gigahertz. spectrum. Refer to the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. Reference Guide for the new init-scan-mode and psc-channel-assignment commands.

Central-initiated compliance firmware upgrades failed during device onboarding The process of preparing a device for use on an enterprise network, by creating the appropriate access credentials and setting up the network connection parameters.. The root cause was identified as conflicts between local DRT Downloadable Regulatory Table. The DRT feature allows new regulatory approvals to be distributed for APs without a software upgrade or patch. upgrades, DRT Downloadable Regulatory Table. The DRT feature allows new regulatory approvals to be distributed for APs without a software upgrade or patch. synchronization, local image upgrades, and image synchronization. Starting with Instant AOS-8.13.0.0, to ensure that the auto DRT Downloadable Regulatory Table. The DRT feature allows new regulatory approvals to be distributed for APs without a software upgrade or patch. upgrades and Central-initiated compliance firmware upgrades happen in the correct order and without any conflicts, the device logic is enhanced to block the Centrallogin process until the initial DRT Downloadable Regulatory Table. The DRT feature allows new regulatory approvals to be distributed for APs without a software upgrade or patch. upgrade is complete.

Starting with 8.13.0.0, Datagram TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. will be enabled by default in new field deployments. This mitigates possible attacks for not having this feature enabled.

For more details, please refer to Instant AOS-8.13.0.0 Release Notes.

• This enhancement in the show dpi debug statistics command includes SDK Version, Avg time taken for cloud lookups, and Avg RTT reset time information in the command output.

  For more information, see show dpi.

• The enhancement introduces the show log dpi-webcc command, which shows the output logs of the WebCC SDK.

In the cellular uplink-profile command, the usb-auth-type parameter previously supported two types of ranges, plus one default range. This enhancement introduces two additional ranges: NONE and MSCHAPV2.

A new option to select RSA Rivest, Shamir, Adleman. RSA is a cryptosystem for public-key encryption, and is widely used for securing sensitive data, particularly when being sent over an insecure network such as the Internet.-4096 key length and ECDSA Elliptic Curve Digital Signature Algorithm. ECDSA is a cryptographic algorithm that supports the use of public or private key pairs for encrypting and decrypting information. certificates is available.

For complete technical details, see the Instant AOS-8 CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. Guide.

Instant AOS-8.12.0.0 introduces the ability to auto-assign an EST received certificate to the Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. Uplink features, such that it can be used to support an EAP-TLS EAP–Transport Layer Security. EAP-TLS is a certificate-based authentication method supporting mutual authentication, integrity-protected ciphersuite negotiation and key exchange between two endpoints. See RFC 5216. authentication.

The DRT Downloadable Regulatory Table. The DRT feature allows new regulatory approvals to be distributed for APs without a software upgrade or patch. information for AP-584 access points now complies with the regulatory guidelines that allow for outdoor operation in France and Israel.

New commands have been introduced to detect and contain devices associated with Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. Direct groups under the IDS Intrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. profile.

• detect-wifi-direct-p2p-groups
• no detect-wifi-direct-p2p-groups
• protect-wifi-direct-p2p-groups
• no protect-wifi-direct-p2p-groups
• wifi-direct-network-quiet-time

Instant AOS-8.12.0. allows users to include or exclude SHA Secure Hash Algorithm. SHA is a family of cryptographic hash functions. The SHA algorithm includes the SHA, SHA-1, SHA-2 and SHA-3 variants. -1 cipher suites from the RadSec server. Th cipher suite can be configured using the newly introduced radsec-ciphers-level <all|high> parameter.

The scheduler-mode parameter is being added to the radio profile in order to provide a better debugging experience. The parameter accepts two possible configurations, fairness and latency. The default parameter is set to fairness, which enables Traffic Allocation Framework (TAF) on the radio profile. The latency parameter disables TAF. It is recommended that Aruba support engineering is contacted in order to adjust the scheduler-mode configuration. Manipulating this configuration without guidance from Aruba support could cause fairness issues on the network.

This enhancement enables users to access more detailed information about neighboring devices. The output of the show ap debug lldp info command has been updated to provide a richer set of data regarding neighboring devices. A new remote_system_description field in the command output now includes device information such as device model information, software version information, among others.

Starting with Instant AOS-8.12.0.0, when configuring access point control settings for the 5 GHz Gigahertz. radio, a new checkbox named Check All Non-DFS Dynamic Frequency Selection. DFS is a mandate for radio systems operating in the 5 GHz band to be equipped with means to identify and avoid interference with Radar systems. Channels is available to select all Non-DFS Dynamic Frequency Selection. DFS is a mandate for radio systems operating in the 5 GHz band to be equipped with means to identify and avoid interference with Radar systems. channels at once in order to remove them from the allow-channel list. In the WebUI, this new checkbox can be found under Configuration > RF Radio Frequency. RF refers to the electromagnetic wave frequencies within a range of 3 kHz to 300 GHz, including the frequencies used for communications or Radar signals. > ARM Adaptive Radio Management. ARM dynamically monitors and adjusts the network to ensure that all users are allowed ready access. It enables full utilization of the available spectrum to support maximum number of users by intelligently choosing the best RF channel and transmit power for APs in their current RF environment. > Show advanced options > Customize valid channels > Valid 5 GHz Gigahertz. channels> Edit > Check All Non-DFS Dynamic Frequency Selection. DFS is a mandate for radio systems operating in the 5 GHz band to be equipped with means to identify and avoid interference with Radar systems. Channels.

This release broadens our telemetry capabilities with the addition of new statistics for radios, clients, and virtual APs (VAPs). These new metrics provide deeper visibility into network performance, user experience, and the wireless environment. These new statistics are visible in the output of the commands show ap debug radio-stats, show ap debug client-stats, and show ap debug bss-stats.

This release introduces improvements to the show audit-trail command output to assist users in better diagnosing and understanding system events. The command now provides a more detailed and comprehensive output, offering deeper insights into system operations and changes. New output details:

• Member Receive Full Config Events
• Conductor Receive Delta Events
• Config Init Event with Reason
• System Time Change Events
• Capture Fail Reason for Command Execution.
• Reboot Event Logging

This releases introduces an advanced feature for the SES-Imagotag SCD. This enhancement enables the capability for dongles to generate a Claim-ID, a critical component for establishing a secure connection to V:Cloud. This feature addresses the need for enhanced security in data communication between retail management systems and V:Cloud.

This release introduces a new feature for Instant Access Point(IAP) that automatically reinitiates DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  requests following a VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. change. This enhancement specifically affects wired non-802.1x clients in scenarios where there is a change in authorization events.

In Instant AOS-8.12.0.0, 6 GHz Gigahertz. external antenna provision configuration is available in the radio settings of APs. The external-antenna-6ghz and ant-pol-6ghz commands have been included as an option to properly configure 6 GHz Gigahertz. external antenna gain.

Instant AOS-8.12.0.0 improves firmware synchronization in CoP for Instant AP cluster with different models.

In Instant AOS-8.12.0.0, an option to control QBSS Load Information Element has been implemented, it is activated with the wlan Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. ssid-profile <ssid-profile> qbss-load-enable command.

Instant AOS-8.12.0.0 implements an option to control parsing AWDL frames.

Starting with Instant AOS-8.12.0.0, Air Slice support will not be available. If Air Slice is enabled prior to the upgrade, it will be displayed as enabled in the configuration, but it will not take effect internally. The following commands have been impacted:

• show datapath session dpi
• show datapath ipv6 session
• show datapath acl Access Control List. ACL is a common way of restricting certain types of traffic on a physical port.
• show datapath acl-rule
• airslice-policy
• show ap debug airslice client-stats
• show ap bss-table

Starting with Instant AOS-8.12.0.0, APs will display their SKU Stock Keeping Unit. SKU refers to the product and service identification code for the products in the inventory. number to identify themselves to Activate/Central if the SKU Stock Keeping Unit. SKU refers to the product and service identification code for the products in the inventory. number is shipped in flash.

DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  option 43 will now support an alternate IP address for data center redundancy. This will help customers with multiple data centers set up a backup server IP address for APs to switch to in case of a localized failure. This configuration can be applied through the ip dhcp pool option 43 CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command.

Instant AOS-8.12.0.0 supports 6 GHz Gigahertz. in REST Representational State Transfer. REST is a simple and stateless architecture that the web services use for providing interoperability between computer systems on the Internet. In a RESTful web service, requests made to the URI of a resource will elicit a response that may be in XML, HTML, JSON or some other defined format. APIs Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software., which includes the addition of radio-profile-6ghz, utb-filter-block and rf-zone APIs Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software., as well as new JSON JavaScript Object Notation. JSON is an open-standard, language-independent, lightweight data-interchange format used to transmit data objects consisting of attribute–value pairs. JSON uses a "self-describing" text format that is easy for humans to read and write, and that can be used as a data format by any programming language. parameters in ssid Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network., channel and radio-state APIs Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software.. It also adds Norma and Leo as platforms to the allowed list of API Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. upgrades.

Instant AOS-8 allows users to configure Network Time Protocol (NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network.) keys to authenticate servers. This feature can be configured through the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. using the following commands.

• ntp-authentication-key
• ntp-trustedkey
• ntp-server-key

The following commands list the details of the configured ntp authentication keys.

• show ntp authentication keys
• show running | include ntp

This feature enables the tracking of probe requests from clients using randomized MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. addresses, offering deeper insights into client presence within the network infrastructure. This update is pivotal for businesses seeking advanced analytics in environments where understanding visitor behavior and network usage patterns is essential. New commands laa-counter-msg and laa-counter-msg-interval are introduced. Counters are sent to ALE Analytics and Location Engine. ALE gives visibility into everything the wireless network knows. This enables customers and partners to gain a wealth of information about the people on their premises. This can be very important for many different verticals and use cases. ALE includes a location engine that calculates associated and unassociated device location periodically using context streams, including RSSI readings, from WLAN controllers or Instant clusters. using profile default-ale.

This release introduces support for up to 8 Virtual Access Points (VAPs) on the 6 GHz Gigahertz. radio. This update significantly expands the possibilities for network customization and segmentation, particularly beneficial for complex or high-density environments. The commands show mbssid-group-profile, show mbssid-group-profile <profile name>, mbssid-group-profile <profile name>, and no mbssid-group-profile <profile name> are introduced for visualizing and configuring MBSSID group profiles and their references to SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. profiles.

Instant AOS-8 allows users to configure exclusions for IDS Intrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. containment based on vendor specific IE information. This feature allows APs to be exempted from containment even when the devices use randomized MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. addresses. This feature can be configures using the vendor-specific-ie-exclusion command.

The 670 Series access points (AP-675, AP-675EX, AP-677, AP-677EX, AP-679, AP-679EX) are 802.11ax Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. 6E Outdoor Access Points that offer 2x2 MIMO Multiple Input Multiple Output. An antenna technology for wireless communications in which multiple antennas are used at both source (transmitter) and destination (receiver). The antennas at each end of the communications circuit are combined to minimize errors and optimize data speed. radios, allowing for simultaneous tri-band operation. These APs also feature a wired 2.5 Gbps Gigabits per second. Smart Rate network interface and one SFP The Small Form-factor Pluggable. SFP is a compact, hot-pluggable transceiver that is used for both telecommunication and data communications applications. port for fiber support. If deployed with Instant AOS-8, the Aruba670 Series access points will only operate as a dual-band AP in the 2.4 GHz Gigahertz. and 5 GHz Gigahertz. radios. For 6 GHz Gigahertz. operation, the APs require AOS-8.12.0.0 or later versions and deployments managed by a Mobility Conductor.

Additional features include:

• Data rates up to 2.4 Gbps Gigabits per second.
• Maximum Ratio Combining (MRC)
• Orthogonal Frequency Division Multiple Access (OFDMA)
• IoT Internet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet.-ready (integrated Bluetooth 5 and 802.15.4 radio for Zigbee support)
• Target Wake Time (TWT) for improved client power savings
• Advanced Cellular Coexistence (ACC Advanced Cellular Coexistence. The ACC feature in APs enable WLANs to perform at peak efficiency by minimizing interference from 3G/4G/LTE networks, distributed antenna systems, and commercial small cell/femtocell equipment.)

For complete technical details and installation instructions, see the Aruba670 Series Access Points Installation Guide.

In the updated IPv6 address generation process, users can now seamlessly switch between address generation methods. While the default method remains the Instant AP MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address (EUI-64) format, an option to change to the Stable Privacy method is now available. This enhancement introduces the following set of commands.

• ipv6 addr-gen-mode eui64

• ipv6 addr-gen-mode stable-privacy

• no ipv6 addr-gen-mode

Several 802.11ax performance metrics statistics have been enhanced in this release.

Software upgrades performed in Aruba Central or ArubaCentral On-Premises will enforce certificate validation for APs in FIPS Federal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. mode. Aruba Central orArubaCentral On-Premises will check FIPS Federal Information Processing Standards. FIPS refers to a set of standards that describe document processing, encryption algorithms, and other information technology standards for use within non-military government agencies, and by government contractors and vendors who work with these agencies. mode and turn the certificate check ON or OFF accordingly. The default behavior will be same for non-Central connected APs.

The AP-654 access point is the external antenna platform variant of the 650 Series, supporting two sets of antenna interfaces for 2.4 GHz Gigahertz. and 5 GHz Gigahertz. (A, left side) as well as 6 GHz Gigahertz. (B, right side). The Aruba650 Series access points are high performance, multi-radio access points that can be deployed in either controller-based ((Undefined variable: Variables.ArubaOS)) or controller-less (Instant AOS-8) network environments. These APs deliver comprehensive tri-band coverage across 2.4 GHz Gigahertz., 5 GHz Gigahertz., and 6 GHz Gigahertz. 802.11ax Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. (Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. 6E) functionality with concurrent 4x4 MU-MIMO Multi-User Multiple-Input Multiple-Output. MU-MIMO is a set of multiple-input and multiple-output technologies for wireless communication, in which users or wireless terminals with one or more antennas communicate with each other. radios for both uplink and downlink in the 5 GHz Gigahertz. and 6 GHz Gigahertz. bands Band refers to a specified range of frequencies of electromagnetic radiation., while also supporting 802.11a 802.11a provides specifications for wireless systems. Networks using 802.11a operate at radio frequencies in the 5 GHz band. The specification uses a modulation scheme known as orthogonal frequency-division multiplexing (OFDM) that is especially well suited to use in office settings. The maximum data transfer rate is 54 Mbps., 802.11b 802.11b is a WLAN standard often called Wi-Fi and is backward compatible with 802.11. Instead of the Phase-Shift Keying (PSK) modulation method used in 802.11 standards, 802.11b uses Complementary Code Keying (CCK) that allows higher data speeds and makes it less susceptible to multipath-propagation interference. 802.11b operates in the 2.4 GHz band and the maximum data transfer rate is 11 Mbps., 802.11g 802.11g offers transmission over relatively short distances at up to 54 Mbps, compared with the 11 Mbps theoretical maximum of 802.11b standard. 802.11g employs Orthogonal Frequency Division Multiplexing (OFDM), the modulation scheme used in 802.11a, to obtain higher data speed. Computers or terminals set up for 802.11g can fall back to speed of 11 Mbps, so that 802.11b and 802.11g devices can be compatible within a single network., 802.11n 802.11n is a wireless networking standard to improve network throughput over the two previous standards, 802.11a and 802.11g. With 802.11n, there will be a significant increase in the maximum raw data rate from 54 Mbps to 600 Mbps with the use of four spatial streams at a channel width of 40 MHz., 802.11ac 802.11ac is a wireless networking standard in the 802.11 family that provides high-throughput WLANs on the 5 GHz band., and 802.11ax wireless services.

Additional features include:

• Up to 7.8 Gbps Gigabits per second. combined peak datarate
• Dual wired 5 Gbps Gigabits per second. Smart Rate ethernet ports for hitless failover
• Orthogonal Frequency Division Multiple Access (OFDMA)
• Aruba Advanced Cellular Coexistence (ACC Advanced Cellular Coexistence. The ACC feature in APs enable WLANs to perform at peak efficiency by minimizing interference from 3G/4G/LTE networks, distributed antenna systems, and commercial small cell/femtocell equipment.)
• IoT Internet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet.-ready (integrated Bluetooth 5 and 802.15.4 radio for Zigbee support)
• Ultra Tri-Band (UTB) filtering
• Maximum ratio combining (MRC)
• Intelligent Power Monitoring (IPM Intelligent Power Monitoring. IPM is a feature supported on certain APs that actively measures the power utilization of an AP and dynamically adapts to the power resources.)
• Dynamic frequency selection (DFS Dynamic Frequency Selection. DFS is a mandate for radio systems operating in the 5 GHz band to be equipped with means to identify and avoid interference with Radar systems.)

For complete technical details and installation instructions, see the Aruba650 Series Access Points Installation Guide.

The following commands have been introduced to support the automatic uploading of dump files for crash events:

• show ap debug ctb-status
• show ap debug subscribe-event-statistics
• show log event-to-cloud
• debug-ctb-test data-chunk-upload-interval

The Air Range feature is now supported by Instant AOS-8. Air Range allows you to detect nearby wireless devices. This information is used to map the location of the Instant AP on a global or virtual map.

APs with Gen-2 BLE Bluetooth Low Energy. The BLE functionality is offered by Bluetooth® to enable devices to run for long durations with low power consumption./IoT Internet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet. radios will adjust the calibrated RSSI Received Signal Strength Indicator. RSSI is a mechanism by which RF energy is measured by the circuitry on a wireless NIC (0-255). The RSSI is not standard across vendors. Each vendor determines its own RSSI scale/values. values for iBeacon advertisements when BLE Bluetooth Low Energy. The BLE functionality is offered by Bluetooth® to enable devices to run for long durations with low power consumption. transmit power levels are modified using the ble-txpower setting in the IoT Internet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet. Radio Profile configuration. The calibrated values can then be verified using the show ap debug ble-advertisement-info command.

All references to the radio bands Band refers to a specified range of frequencies of electromagnetic radiation. (2.4 GHz Gigahertz., 5 GHz Gigahertz., secondary 5 GHz Gigahertz., and 6 GHz Gigahertz. bands Band refers to a specified range of frequencies of electromagnetic radiation.) are removed and replaced with radio indices (0, 1, or 2) that are associated with radio power restrictions.

The BLE Bluetooth Low Energy. The BLE functionality is offered by Bluetooth® to enable devices to run for long durations with low power consumption. Telemetry setting can now be enabled or disabled using the Instant webUI. Alternatively, a new CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. parameter blePeriodicTelemetryDisable is introduced in the IoT Internet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet. Transport Profile configuration to stop BLE Bluetooth Low Energy. The BLE functionality is offered by Bluetooth® to enable devices to run for long durations with low power consumption. periodic telemetry reporting.

New command parameters to view routing profile and datapath session information are added. The following new parameters have been introduced:

• show datapath route verbose

• show datapath session verbose

• show log routing

• show routing-profile verbose

For more information, see the Instant AOS-8 8.x CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. Reference Guide.

When an Instant AP joins a swarm and its configuration is different from the configuration received from Aruba Central, the Conductor sets the config-not-effected flag for the swarm in a configuration audit . This flag indicates that some configuration is yet to take effect in the swarm. Use the show need-reboot-config and show need-reboot-env commands to view the Instant APs that require reboot.

The WPA3 authentication method is used instead of the WPA2 Wi-Fi Protected Access 2. WPA2 is a certification program maintained by IEEE that oversees standards for security over wireless networks. WPA2 supports IEEE 802.1X/EAP authentication or PSK technology, but includes advanced encryption mechanism using CCMP that is referred to as AES. authentication method. The WPA3 OKC Opportunistic Key Caching. OKC is a technique available for authentication between multiple APs in a network where those APs are under common administrative control. Using OKC, a station roaming to any AP in the network will not have to complete a full authentication exchange, but will instead just perform the 4-way handshake to establish transient encryption keys. function also supports PMKSA caching.

To enable this feature, use the okc parameter under the wlan Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. ssid Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. profile configure command, and the Opportunistic Key Caching(OKC Opportunistic Key Caching. OKC is a technique available for authentication between multiple APs in a network where those APs are under common administrative control. Using OKC, a station roaming to any AP in the network will not have to complete a full authentication exchange, but will instead just perform the 4-way handshake to establish transient encryption keys. ) knob under Security Level for the selected Instant AP on the Configuration > Networks page.

Starting from this release, APs establish WebSocket connections with Central by exchanging TPM Trusted Platform Module. TPM is an international standard for a secure cryptoprocessor, which is a dedicated microcontroller designed to secure hardware by integrating cryptographic keys into devices. certificates. Earlier, the AP used https based authentication to establish WebSocket connections with Central.

The port used for DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  relay, port 1067, now opens and closes based on the status of DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  relay configuration. The port opens when DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  relay is configured and closes when the configuration is removed. This enhances the security of the AP by closing unused ports.

The port used for DTLS Datagram Transport Layer Security. DTLS communications protocol provides communications security for datagram protocols. connections, port 4434, now opens and closes based on the status of DTLS Datagram Transport Layer Security. DTLS communications protocol provides communications security for datagram protocols. configuration. The port opens when DTLS Datagram Transport Layer Security. DTLS communications protocol provides communications security for datagram protocols. is enabled and closes when DTLS Datagram Transport Layer Security. DTLS communications protocol provides communications security for datagram protocols. is disabled. This enhances the security of the AP by closing unused ports.

610 Series access points are equipped with Flexible Dual Band Band refers to a specified range of frequencies of electromagnetic radiation. radios. These radios can operate in two different bands- radio 0 can operate in 5 GHz Gigahertz. and 2.4 GHz Gigahertz. bands Band refers to a specified range of frequencies of electromagnetic radiation. while radio 1 can operate in 2.4 GHz Gigahertz. and 6 GHz Gigahertz. band Band refers to a specified range of frequencies of electromagnetic radiation.. With this radio combination, the AP can operate in one of the radio band Band refers to a specified range of frequencies of electromagnetic radiation. modes: 5 GHz Gigahertz. and 2.4 GHz Gigahertz., 5 GHz Gigahertz. and 6 GHz Gigahertz., and 2.4 GHz Gigahertz. and 6 GHz Gigahertz..

NOTE: By default, AP-615 access points operate in 2.4 GHz Gigahertz. and 5 GHz Gigahertz. radio bands Band refers to a specified range of frequencies of electromagnetic radiation.. To enable the AP to broadcast on 6 GHz Gigahertz. radio band Band refers to a specified range of frequencies of electromagnetic radiation., set the flexible dual band Band refers to a specified range of frequencies of electromagnetic radiation. radio mode to either 5 GHz Gigahertz. and 6 GHz Gigahertz. or 2.4 GHz Gigahertz. and 6 GHz Gigahertz..

The show ap debug iot-audit-trail command is introduced to display all the action commands executed in the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. and report the Southbound API Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. messages received from the server.

The output of the show ap debug cloud-restore-status command is modified to include details about the status of AP configuration restoration. The following new fields have been introduced:

• State
• Cloud Config Effected
• Self-Reboot Time
• Self-Reboot After Restore
• Total Count
• FSM State
• Restore Flag
• Time
• New Changes During Validation

For more information, see the Instant AOS-8 8.x CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. Reference Guide.

The Link Health Monitoring feature has been modified to run nslookup tests. The output of the show lhm status command has been modified to include the details of nslookup tests.

The get-sysctl user_table, show ap onboarding The process of preparing a device for use on an enterprise network, by creating the appropriate access credentials and setting up the network connection parameters. status, and show ap onboarding The process of preparing a device for use on an enterprise network, by creating the appropriate access credentials and setting up the network connection parameters. event commands are introduced. These commands display information regarding onboarding The process of preparing a device for use on an enterprise network, by creating the appropriate access credentials and setting up the network connection parameters. events that occur when a device connects to the network.

The following two new ABB sensors are supported by Instant APs:

• DFU Target Device—The DFU target is the device that runs the DFU having at least one active DFU transport. It can be the bootloader in DFU mode, or an application with DFU running in the background. To be able to perform an update using the AP the sensor must be discovered when it enters the bootloader mode.

  • Sensor Identifier—The DFU target device sensor is recognized by service class UUID : 0xFE59. This service UUID needs to be configured under Filters in the IoT Internet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet. transport profile.

• SALT Star Vario—The SALT Star Vario sensor is recognized by local name : perma. When the local name is parsed to the Instant AP, the identity of the sensor is assigned as SALT + MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network.  Address. For example, if device's MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address is 00:80:25:FB:1A:73, then its identity is SALT008036FB1A73. This sensor identifier can be configured under Filters in the IoT Internet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet. transport profile.

A new show command, show ap power-mgmt-statistics, is introduced. This command allows you to view the power consumption statistics of an AP.

Instant AOS-8 supports concurrent scanning and bleConnect connections to the IoT Internet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet. devices. A maximum of ten concurrent connections can be established. This function is currently supported only on Instant APs with Nordic radios —500 Series, 510 Series, 530 Series, 550 Series, 560 Series, 570 Series, 610 Series, and 630 Series access points, along with an external USB Universal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices.  dongle.

Instant AOS-8 supports broadcast on UNII-4 channels (169-177) in the 5 GHz Gigahertz. radio band Band refers to a specified range of frequencies of electromagnetic radiation.. This is supported only on 530 Series, 550 Series, 630 Series, and 650 Series access points.

Instant AOS-8 allows users to control frame bursting behavior of the AP, irrespective of whether there are one or more active clients associated to it.

The LCI broadcast feature enables the AP to respond with location information to FTM queries, probe requests, and beacon responses. APs broadcast the location information stored on the AP. Please reach out toAruba Technical Support for configuring location data for your AP.

This feature is supported on 500 Series, 510 Series, 518 Series, 530 Series, 550 Series, 560 Series, 570 Series, 570EX Series, 580 Series, 580EX Series, 610 Series, 630 Series, and 650 Series access points.

Instant AOS-8 allows users to control RTS Request to Send. RTS refers to the data transmission and protection mechanism used by the 802.11 wireless networking protocol to prevent frame collision occurrences. See CTS. frame transmission to the clients. RTS Request to Send. RTS refers to the data transmission and protection mechanism used by the 802.11 wireless networking protocol to prevent frame collision occurrences. See CTS. is configured in the profile settings of the respective radios.

A new option, 160MHz support, is added to the Instant webUI under ARM Adaptive Radio Management. ARM dynamically monitors and adjusts the network to ensure that all users are allowed ready access. It enables full utilization of the available spectrum to support maximum number of users by intelligently choosing the best RF channel and transmit power for APs in their current RF environment. > Access Point Control in the Configuration > RF Radio Frequency. RF refers to the electromagnetic wave frequencies within a range of 3 kHz to 300 GHz, including the frequencies used for communications or Radar signals. page. This allows you to configure 160 MHz Megahertz channels on an Instant AP. This option is visible when 80 MHz Megahertz channels are enabled on the AP.

Instant APs now allow you to apply additional restrictions to AP functions in IPM Intelligent Power Monitoring. IPM is a feature supported on certain APs that actively measures the power utilization of an AP and dynamically adapts to the power resources. and ITM such as:

• Disabling the 2.4 GHz Gigahertz., 5 GHz Gigahertz., secondary 5 GHz Gigahertz., and 6 GHz Gigahertz. radios.
• Disabling additional PSE ports in the AP.
• Applying power restrictions to the secondary 5 GHz Gigahertz. radio.
• Reducing the radio chains of the secondary 5 GHz Gigahertz. radio.
• Applying power restrictions to the 6 GHz Gigahertz. radio.
• Reducing the radio chains of the 6 GHz Gigahertz. radio.

These options can be configured only using the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. and are available in the ipm command.

The tracking of MPDUs has been added to the radio/vap/client stats section of Central. This allows users to see the total Tx MPDU MAC Protocol Data Unit. MPDU is a message exchanged between MAC entities in a communication system based on the layered OSI model. Transmitted as a value in their consoles. Users may check the MPDUs through the show ap debug radio-stats, show ap bss-stats, and show ap debug client-stats commands, followed by |include MPDU MAC Protocol Data Unit. MPDU is a message exchanged between MAC entities in a communication system based on the layered OSI model. in the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. of their Instant APs.

A new parameter disable-nb-resp_wide-band-ie is added to disable the wide channel bandwidth information element from being included in the neighbor report responses, when dot11k is enabled on the Instant AP.

Instant AOS-8.10.0.0 is a long supported release that extends support for up to 5 years.

Instant APs now automatically open and close the TCP Transmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. /UDP User Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. ports used by various AP services. When an AP service is initiated, the AP opens the required TCP Transmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. /UDP User Datagram Protocol. UDP is a part of the TCP/IP family of protocols used for data transfer. UDP is typically used for streaming media. UDP is a stateless protocol, which means it does not acknowledge that the packets being sent have been received. port and closes the port when the service operation is completed.

A new CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command iot-ant-gain is introduced to configure an antenna gain value for Instant APs with exterbal antennas.

Starting from Instant AOS-8.10.0.0, the 6 GHz Gigahertz. radio can be disabled using the AP console settings. This allows users to permanently disable the 6 GHz Gigahertz. radio when an AP boots up.

The output of the show ap debug received-reg-table command will now display the DRT Downloadable Regulatory Table. The DRT feature allows new regulatory approvals to be distributed for APs without a software upgrade or patch. information for BLE Bluetooth Low Energy. The BLE functionality is offered by Bluetooth® to enable devices to run for long durations with low power consumption. and 802.15.4 standard for 580 Series access points.

Starting from Instant AOS-8 8.10.0.0, the ports 8080 and 8081 will be open or closed dynamically based on the AP configuration. Ports 8080 and 8081 are closed by default and will be opened only when the related features are configured.

The show ap debug port-8080-status command is used to view the current status of ports 8080 and 8081.

Instant APs AP now automatically send Chargeable User Identity attribute as defined by RFC Request For Comments. RFC is a commonly used format for the Internet standards documentss. 4372 and RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  location data as defined by RF Radio Frequency. RF refers to the electromagnetic wave frequencies within a range of 3 kHz to 300 GHz, including the frequencies used for communications or Radar signals. 5580, to the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server for clients connecting to an Hotspot Hotspot refers to a WLAN node that provides Internet connection and virtual private network (VPN) access from a given location. A business traveler, for example, with a laptop equipped for Wi-Fi can look up a local hotspot, contact it, and get connected through its network to reach the Internet. 2.0 profile. These attributes can be turned off using the radius-cui-disable and radius-loc-disable parameters in the Hotspot Hotspot refers to a WLAN node that provides Internet connection and virtual private network (VPN) access from a given location. A business traveler, for example, with a laptop equipped for Wi-Fi can look up a local hotspot, contact it, and get connected through its network to reach the Internet. profile using the hotspot Hotspot refers to a WLAN node that provides Internet connection and virtual private network (VPN) access from a given location. A business traveler, for example, with a laptop equipped for Wi-Fi can look up a local hotspot, contact it, and get connected through its network to reach the Internet. hs-profile command.

The Intrusion Detection System in Instant APs can now detect ghost tunnel attacks and issue alerts. When enabled, Instant AP analyzes abnormal probe request behavior to detect attacks from the client side and analyzes abnormal beacon packets to detect attacks from the server side.

A new command, show radio-mode-history, that displays the list of radio mode changes in the AP radios is introduced.

A new parameter called probe-ip is introduced in the vpn tunnel-profile command. This parameter allows an IP address or hostname to probe connections, when VIG is enabled.

A new tag that indicates the release type of the software version is introduced. This release type tag helps identify the maintenance schedule of the software version and can be viewed in the Instant webUI and the CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions..

Instant APs can now automatically detect Aruba Central (on-premises) deployments and route management traffic through the IAP-VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. tunnel. The status of Aruba Central (on-premises) mode is now added to the output of show debug cloud-server and show ap debug airwave commands.

Instant AOS-8 now supports SES-Imagotag and Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. Co-existence for Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. 6 and Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. 6E access points.

Instant AOS-8 supports the Aruba USB Universal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices. LTE Long Term Evolution. LTE is a 4G wireless communication standard that provides high-speed wireless communication for mobile phones and data terminals. See 4G. modem that connects the AP to the Internet through a 3G Third Generation of Wireless Mobile Telecommunications Technology. See W-CDMA. or 4G Fourth Generation of Wireless Mobile Telecommunications Technology. See LTE. cellular connection. The USB Universal Serial Bus. USB is a connection standard that offers a common interface for communication between the external devices and a computer. USB is the most common port used in the client devices.  modem supports plug and play provisioning which allows the AP to connect to the Internet without any manual configuration.

Instant AOS-8 now supports EAP Extensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  with TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. 1.3 in data packet transmission between the supplicant and the RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server.

EAP Extensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication.  with TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. 1.3 is not supported with the following AP functions in this release:

• Internal RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  server functions.
• EAP Extensible Authentication Protocol. An authentication protocol for wireless networks that extends the methods used by the PPP, a protocol often used when connecting a computer to the Internet. EAP can support multiple authentication mechanisms, such as token cards, smart cards, certificates, one-time passwords, and public key encryption authentication. -Termination.
• Internal 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority. authentication (AP1X).

The Aruba580 Series access points (AP-584, AP-585, AP-585EX, AP-587, and AP-587EX) are high performance, dual-radio, outdoor access points that can be in either controller-based (AOS-8) or controller-less (Instant AOS-8) network environments. These APs deliver high performance concurrent 2.4 GHz Gigahertz. and 5 GHz Gigahertz. 802.11ax Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. functionality with MIMO Multiple Input Multiple Output. An antenna technology for wireless communications in which multiple antennas are used at both source (transmitter) and destination (receiver). The antennas at each end of the communications circuit are combined to minimize errors and optimize data speed. radios (4x4 in 2.4 GHz Gigahertz. and 5 GHz Gigahertz.), while also supporting 802.11a 802.11a provides specifications for wireless systems. Networks using 802.11a operate at radio frequencies in the 5 GHz band. The specification uses a modulation scheme known as orthogonal frequency-division multiplexing (OFDM) that is especially well suited to use in office settings. The maximum data transfer rate is 54 Mbps., 802.11b 802.11b is a WLAN standard often called Wi-Fi and is backward compatible with 802.11. Instead of the Phase-Shift Keying (PSK) modulation method used in 802.11 standards, 802.11b uses Complementary Code Keying (CCK) that allows higher data speeds and makes it less susceptible to multipath-propagation interference. 802.11b operates in the 2.4 GHz band and the maximum data transfer rate is 11 Mbps., 802.11g 802.11g offers transmission over relatively short distances at up to 54 Mbps, compared with the 11 Mbps theoretical maximum of 802.11b standard. 802.11g employs Orthogonal Frequency Division Multiplexing (OFDM), the modulation scheme used in 802.11a, to obtain higher data speed. Computers or terminals set up for 802.11g can fall back to speed of 11 Mbps, so that 802.11b and 802.11g devices can be compatible within a single network., 802.11n 802.11n is a wireless networking standard to improve network throughput over the two previous standards, 802.11a and 802.11g. With 802.11n, there will be a significant increase in the maximum raw data rate from 54 Mbps to 600 Mbps with the use of four spatial streams at a channel width of 40 MHz., and 802.11ac 802.11ac is a wireless networking standard in the 802.11 family that provides high-throughput WLANs on the 5 GHz band. wireless services.

Additional features include:

• Support for high power BLE Bluetooth Low Energy. The BLE functionality is offered by Bluetooth® to enable devices to run for long durations with low power consumption..
• Support for 10G SFP+ Small Form-factor Pluggable+. SFP+ supports up to data rates up to 16 Gbps. (SX and LX) and 1G (SX and LX).
• Support for 1G PSE Out.
• Support for GPS Global Positioning System. A satellite-based global navigation system. .
• Support for AC Access Category. As per the IEEE 802.11e standards, AC refers to various levels of traffic prioritization in Enhanced Distributed Channel Access (EDCA) operation mode. The WLAN applications prioritize traffic based on the Background, Best Effort, Video, and Voice access categories. AC can also refer to Alternating Current, a form of electric energy that flows when the appliances are plugged to a wall socket. power over new Molex connector kit.
• AP-584 access points with external antennas.
• AP-585 and AP-585EX access points with internal omni-directional antennas.
• AP-587 and AP-587EX access points with internal directional antennas.

For complete technical details and installation instructions, seeAruba 580 Series Access Points Installation Guide.