What's New in HPE Aruba Networking Central 2.5.8-AOS-10.7

Campus and Microbranch APs

The following are the new Campus and Microbranch AP features added in this release:

Generic RADIUS Location Information Delivery Service

This release introduces generic location information support in RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. , which facilitate advanced location-aware network functionalities. These enhancements enable precise location-based policy enforcement and improve billing and accounting practices. For the purpose of this release, only civic location attributes are supported.

This enhancement introduces the following changes:

• Two new parameters, radius-loc-obj-in-access and radius-loc-obj-in-accting have been added to the SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. profile and port profile.

• The show ap debug stm-config command has been enhanced to display effective AP location information.

For more information, see Generic RADIUS Location Information Delivery Service.

Support for Application Performance Monitoring on APs

AOS-10 now supports Application Performance Monitoring on APs to monitor the TCP Transmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. flows going through the datapath session. It uses passive QoE monitoring to compute performance metrics such as packet drop and latency for TCP-based applications. This provides application performance insights for large WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. networks.

The following new commands are introduced in this release.

Command Type	Command	Description
Config	apm	Enables passive QoE monitoring on all TCP sessions.
Config	no apm	Disables QoE monitoring.
Show	show datapath session perf	Displays TCP performance stats such as response time, latency, packet drops computed by APM. For more information, see show datapath session perf.

Prerequisites:

• Application Performance Monitoring requires advanced subscriptions in AOS-10 access points.

• To enable QoE computation on an AP, the following configurations must be enabled:

  • Enable apm using the config command.

  • Enable DPI Deep Packet Inspection. DPI is an advanced method of network packet filtering that is used for inspecting data packets exchanged between the devices and systems over a network. DPI functions at the Application layer of the Open Systems Interconnection (OSI) reference model and enables users to identify, categorize, track, reroute, or stop packets passing through a network. for application classification. For more information, see Enabling Deep Packet Inspection on APs.

Support for Automated Frequency Coordination on Wi-Fi 6E Standard-Power APs

Starting from AOS-10.7.0.0, HPE Aruba Networking's Frequency Coordination Orchestrator (FCO) cloud service is introduced for GPS Global Positioning System. A satellite-based global navigation system. -supported, standard power APs operating in the 6 GHz Gigahertz. band Band refers to a specified range of frequencies of electromagnetic radiation.. The FCO solution will automatically enable Automated Frequency Coordination (AFC) for 6 GHz standard power APs in AOS-10 cloud deployments.

The AFC feature is currently supported on AP-634, AP-654, AP-674, AP-675, AP-677, AP-679, AP-734, and AP-754 access points.

Support for VLAN Name for Wired or Wireless Clients

AOS-10 now supports sending VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. names for wired or wireless clients to Cloud.

Support for Full BLE on Dual IoT Radios in Wi-Fi 7 APs

AP-734, AP-735, AP-754, and AP-755 access points support full Bluetooth Low Energy (BLE Bluetooth Low Energy. The BLE functionality is offered by Bluetooth® to enable devices to run for long durations with low power consumption.) and Zigbee on dual IoT Internet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet. radios beginning with AOS-10.7.1.0.

Support for 16 VAPs of 6 GHz in Wi-Fi 7 and 600 Series APs

AOS-10 now supports 16 x 6 GHz MBSSID Virtual APs in Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. 7 and 600 Series APs:

• 700 Series: AP-754, AP-755, AP-734, AP-735

• 600 Series: AP-635, AP-615, AP-605H, AP-655

Support for 320 MHz Scanning in Wi-Fi 7 APs

AOS-10 now supports 320 MHz Megahertz scanning in the following Wi-Fi 7 APs:

• AP-754

• AP-755

• AP-734

• AP-735

Signature Generation Upgrade

AOS-10 has upgraded signature generation with CSfC guidelines for the following instances:

• RSA Rivest, Shamir, Adleman. RSA is a cryptosystem for public-key encryption, and is widely used for securing sensitive data, particularly when being sent over an insecure network such as the Internet. must be 3072 bits or greater

• ECDSA Elliptic Curve Digital Signature Algorithm. ECDSA is a cryptographic algorithm that supports the use of public or private key pairs for encrypting and decrypting information. must be 384 bits or greater

Multi-Link Operation Support

Multi-Link Operation (MLO) is one of the prominent features defined in new 802.11be protocol that allows WLAN traffic exchange over multiple links. It is applicable only for Wi-Fi 7 enabled APs in the network.

For more information, see the following topics:

• Multi-link Operation

• Configuring Advanced Settings for a WLAN SSID Profile

New Hardware Platforms

The following are the newly supported HPE Aruba Networking APs in AOS-10.7.1.0 release:

• AP-674 Wi-Fi 6E Outdoor Access Points

• AP-679 Wi-Fi 6E Outdoor Access Points

The following is the newly supported HPE Aruba Networking bridge in the AOS-10.7.1.0 release:

• BR-150 5G Ethernet Ethernet is a network protocol for data transmission over LAN. Bridge

The following are the newly supported HPE Aruba Networking APs in AOS-10.7.0.0 release:

• AP-605H

• AP-675

• AP-677

• AP-734

• AP-735

• AP-754

• AP-755

For more information on supported devices, see Supported Devices for AOS-10.

Campus and Microbranch APs

The following Campus and Microbranch AP enhancements are introduced in this release:

Beacon Protection Support in Wi-Fi 7 APs

AOS-10 now supports beacon protection in Wi-Fi Certified 700 Series access points. Beacon protection is a security feature introduced in the WPA3 standard that enhances the security of Wi-Fi networks by protecting the integrity of beacon frames to prevent attackers from interfering with these frames. For more information, see ArubaOS 10 ArubaOS 10 (AOS 10) is the distributed network operating system working with Aruba Central that controls Aruba Access Points (APs) and optional gateways..x Command-Line Interface Reference Guide.

Support for LAA Counters for Tracking Randomized MAC Addresses

AOS-10 now supports tracking of probe requests from clients using randomized MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. addresses, offering deeper insights into client presence within the network infrastructure. For more information, see ArubaOS 10.x Command-Line Interface Reference Guide.

Security

IDPS

IDPS Intrusion Detection and Prevention System (IDPS) monitors, detects, and prevents threats in the inbound and outbound traffic. Aruba IDPS provides an extra layer of protection that actively analyzes the network and takes actions on the traffic flows based on the defined rules. It inspects data packets, and if any threat is identified, acts real-time to prevent it.-Supported Gateways—VPNC persona support is added to HPE Aruba Networking 9114 and HPE Aruba Networking 9240 gateways for using the IDPS feature and its functionalities. Branch Gateway persona support is added to HPE Aruba Networking 9106 gateway for using the IDPS feature and its functionalities.

For more information, see Preparing to add IDPS-Supported Gateways.

Web Traffic Classification Support for New TLS Key Encapsulation Mechanism

This AOS version addresses the WebCC web traffic classification issues that are caused due to TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. 1.3 Hybridized Kyber support, which is now enabled by default in Chromium browsers. This change results in larger TLS Client Hello which is transmitted in multiple TCP-segments. The extraction of SNI (Server Name Identifier) attribute, which contains the domain visited by a client, now leverages the DPI (Deep Packet Inspection) engine to handle the segments.