What's New in HPE Aruba Networking Central 2.5.8-AOS-10.7

Campus and Microbranch APs

The following are the new Campus and Microbranch AP features added in this release:

Support for RFC-5580 Based Location-Information for Access and Accounting Requests

This release introduces support for adding Location-Information, based on RFC Request For Comments. RFC is a commonly used format for the Internet standards documentss.-5580, for RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources.  Access and Accounting Requests. These enhancements enable precise location-based policy enforcement and improve billing and accounting practices.

This feature introduces the following changes:

• Two new parameters, radius-loc-obj-in-access and radius-loc-obj-in-accting, have been added to the SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. profile and port profile.

• The show ap debug stm-config command has been enhanced to display effective AP location information.

Currently, location-related RADIUS attributes are configurable only through HPE Aruba Networking Central APIs Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software.. For more information on using APIs, see APIs for Gateway Management.

For more information on location-information, see Location-Information for Access and Accounting Requests.

Support for Application Performance Monitoring on APs

AOS-10 now supports Application Performance Monitoring on APs to monitor the TCP Transmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. flows going through the datapath session. It uses passive QoE monitoring to compute performance metrics such as packet drop and latency for TCP-based applications. This provides application performance insights for large WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. networks.

The following new commands are introduced in this release.

Command Type	Command	Description
Config	apm	Enables passive QoE monitoring on all TCP sessions.
Config	no apm	Disables QoE monitoring.
Show	show datapath session perf	Displays TCP performance stats such as response time, latency, packet drops computed by APM. For more information, see show datapath session perf.

Prerequisites:

• Application Performance Monitoring requires advanced subscriptions in AOS-10 access points.

• To enable QoE computation on an AP, the following configurations must be enabled:

  • Enable apm using the config command.

  • Enable DPI Deep Packet Inspection. DPI is an advanced method of network packet filtering that is used for inspecting data packets exchanged between the devices and systems over a network. DPI functions at the Application layer of the Open Systems Interconnection (OSI) reference model and enables users to identify, categorize, track, reroute, or stop packets passing through a network. for application classification. For more information, see Enabling Deep Packet Inspection on APs.

Support for Automated Frequency Coordination on Wi-Fi 6E Standard-Power APs

Starting from AOS-10.7.0.0, HPE Aruba Networking's Frequency Coordination Orchestrator (FCO) cloud service is introduced for GPS Global Positioning System. A satellite-based global navigation system. -supported, standard power APs operating in the 6 GHz Gigahertz. band Band refers to a specified range of frequencies of electromagnetic radiation.. The FCO solution will automatically enable Automated Frequency Coordination (AFC) for 6 GHz standard power APs in AOS-10 cloud deployments.

The AFC feature is currently supported on AP-634, AP-654, AP-674, AP-675, AP-677, AP-679, AP-734, and AP-754 access points.

Support for VLAN Name for Wired or Wireless Clients

AOS-10 now supports sending VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. names for wired or wireless clients to Cloud.

Support for Full BLE on Dual IoT Radios in Wi-Fi 7 APs

AP-734, AP-735, AP-754, and AP-755 access points support full Bluetooth Low Energy (BLE Bluetooth Low Energy. The BLE functionality is offered by Bluetooth® to enable devices to run for long durations with low power consumption.) and Zigbee on dual IoT Internet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet. radios beginning with AOS-10.7.1.0.

Support for 16 VAPs of 6 GHz in Wi-Fi 7 and 600 Series APs

AOS-10 now supports 16 x 6 GHz MBSSID Virtual APs in Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. 7 and 600 Series APs:

• 700 Series: AP-754, AP-755, AP-734, AP-735

• 600 Series: AP-635, AP-615, AP-605H, AP-655

Support for 320 MHz Scanning in Wi-Fi 7 APs

AOS-10 now supports 320 MHz Megahertz scanning in the following Wi-Fi 7 APs:

• AP-754

• AP-755

• AP-734

• AP-735

Signature Generation Upgrade

AOS-10 has upgraded signature generation with CSfC guidelines for the following instances:

• RSA Rivest, Shamir, Adleman. RSA is a cryptosystem for public-key encryption, and is widely used for securing sensitive data, particularly when being sent over an insecure network such as the Internet. must be 3072 bits or greater

• ECDSA Elliptic Curve Digital Signature Algorithm. ECDSA is a cryptographic algorithm that supports the use of public or private key pairs for encrypting and decrypting information. must be 384 bits or greater

Multi-Link Operation Support

Multi-Link Operation (MLO) is one of the prominent features defined in new 802.11be protocol that allows WLAN traffic exchange over multiple links. It is applicable only for Wi-Fi 7 enabled APs in the network.

For more information, see the following topics:

• Multi-link Operation

• Configuring Advanced Settings for a WLAN SSID Profile

New Hardware Platforms

The AP-725 access points support 802.11BE standard (Wi-Fi 7) in a 2x2 MIMO Multiple Input Multiple Output. An antenna technology for wireless communications in which multiple antennas are used at both source (transmitter) and destination (receiver). The antennas at each end of the communications circuit are combined to minimize errors and optimize data speed. tri-radio platform and provides wired 2.5 Gbps Gigabits per second. Ethernet Ethernet is a network protocol for data transmission over LAN. network interface. These APs are fully backward-compatible with 802.11AX (Wi-Fi 6 and 6E) APs such as the 510 and 630 Series APs.

The following are the newly supported HPE Aruba Networking APs in AOS-10.7.1.0 release:

• AP-674 Wi-Fi 6E Outdoor Access Points

• AP-679 Wi-Fi 6E Outdoor Access Points

The following is the newly supported HPE Aruba Networking bridge in the AOS-10.7.1.0 release:

• BR-150 5G Ethernet Bridge

The following are the newly supported HPE Aruba Networking APs in AOS-10.7.0.0 release:

• AP-605H

• AP-675

• AP-677

• AP-734

• AP-735

• AP-754

• AP-755

AP-734, AP-735, AP-754, and AP-755 are Wi-Fi 7 (802.11be) capable access points. These Wi-Fi 7 AP models support full Bluetooth Low Energy (BLE) and Zigbee on dual IoT radios beginning with AOS 10.7.1.0.

For more information on supported devices, see Supported Devices for AOS-10.

Campus and Microbranch APs

The following Campus and Microbranch AP enhancements are introduced in this release:

Beacon Protection Support in Wi-Fi 7 APs

AOS-10 now supports beacon protection in Wi-Fi Certified 700 Series access points. Beacon protection is a security feature introduced in the WPA3 standard that enhances the security of Wi-Fi networks by protecting the integrity of beacon frames to prevent attackers from interfering with these frames. For more information, see ArubaOS 10 ArubaOS 10 (AOS 10) is the distributed network operating system working with Aruba Central that controls Aruba Access Points (APs) and optional gateways..x Command-Line Interface Reference Guide.

Change of Name to Meet Legal Obligation

To meet legal requirements, the names appearing in external displays of the brand image have been updated.

Type	SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. /LLDP Link Layer Discovery Protocol. LLDP is a vendor-neutral link layer protocol in the Internet Protocol suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, which is principally a wired Ethernet./UI/CLI	Old Name	New Name
short name	SNMP LLDP Device UI show version	ArubaOS	AOS-10
long name	show version show about	Aruba Operating System Software	HPE Aruba Networking Wireless Operating System

Enhancement to show tech-support CLI Command

The show tech-support command now includes the following commands. This information can be used by the technical support representatives for debugging.

• show container service list

• show container stats

• show container processes

• show log container

Improvement to External Antenna Gain Setting

For the connectorized AP models (like AP-xx4), AOS-10 now restricts 5G/6G radio operation if external-antenna gain is not configured.

When external-antenna gain is not configured:

• 2.4G Fourth Generation of Wireless Mobile Telecommunications Technology. See LTE. radio is up with an effective Actual Antenna Gain of 8.0 (Indoor AP) or 14.0 (Outdoor AP).

• 5G or 6G radio is down.

For more information on configuring external-antenna gain, see Configuring External Antenna

Support for LAA Counters for Tracking Randomized MAC Addresses

AOS-10 now supports tracking of probe requests from clients using randomized MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. addresses, offering deeper insights into client presence within the network infrastructure. For more information, see ArubaOS 10.x Command-Line Interface Reference Guide.

Security

IDPS

IDPS Intrusion Detection and Prevention System (IDPS) monitors, detects, and prevents threats in the inbound and outbound traffic. Aruba IDPS provides an extra layer of protection that actively analyzes the network and takes actions on the traffic flows based on the defined rules. It inspects data packets, and if any threat is identified, acts real-time to prevent it.-Supported Gateways—VPNC persona support is added to HPE Aruba Networking 9114 and HPE Aruba Networking 9240 gateways for using the IDPS feature and its functionalities. Branch Gateway persona support is added to HPE Aruba Networking 9106 gateway for using the IDPS feature and its functionalities.

For more information, see Preparing to add IDPS-Supported Gateways.

Web Traffic Classification Support for New TLS Key Encapsulation Mechanism

This AOS version addresses the WebCC web traffic classification issues that are caused due to TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. 1.3 Hybridized Kyber support, which is now enabled by default in Chromium browsers. This change results in larger TLS Client Hello which is transmitted in multiple TCP-segments. The extraction of SNI (Server Name Identifier) attribute, which contains the domain visited by a client, now leverages the DPI (Deep Packet Inspection) engine to handle the segments.