Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
What's New in Classic Central 2.5.8-AOS-10.7
The following sections provide an overview of the new features and enhancements that are added to Classic Central 2.5.8 and AOS 10.7 release.
New Features in AOS-10.7
Campus and Microbranch APs
The following are the new Campus and Microbranch AP features added in this release:
Support for RFC-5580 Based Location-Information for Access and Accounting Requests
This release introduces support for adding Location-Information, based on RFC Request For Comments. RFC is a commonly used format for the Internet standards documentss.-5580, for RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. Access and Accounting Requests. These enhancements enable precise location-based policy enforcement and improve billing and accounting practices.
This feature introduces the following changes:
-
Two new parameters, radius-loc-obj-in-access and radius-loc-obj-in-accting, have been added to the SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. profile and port profile.
-
The show ap debug stm-config command has been enhanced to display effective AP location information.
Currently, location-related RADIUS attributes are configurable only through Classic Central APIs Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software.. For more information on using APIs, see APIs for Gateway Management.
For more information on location-information, see Location-Information for Access and Accounting Requests.
Split Image Firmware Upgrade
A split image firmware upgrade is introduced for some AP models. It consists of a base and an extension image.
For more information, see Managing Firmware Upgrades.
Support for Application Performance Monitoring on APs
AOS-10 now supports Application Performance Monitoring on APs to monitor the TCP Transmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. flows going through the datapath session. It uses passive QoE monitoring to compute performance metrics such as packet drop and latency for TCP-based applications. This provides application performance insights for large WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. networks.
The following new commands are introduced in this release.
| Command Type | Command |
Description |
|---|---|---|
| Config | apm |
Enables passive QoE monitoring on all TCP sessions. |
| Config | no apm |
Disables QoE monitoring. |
|
Show |
show datapath session perf |
Displays TCP performance stats such as response time, latency, packet drops computed by APM. For more information, see |
Prerequisites:
-
Application Performance Monitoring requires advanced subscriptions in AOS-10 access points.
-
To enable QoE computation on an AP, the following configurations must be enabled:
-
Enable apm using the config command.
-
Enable DPI Deep Packet Inspection. DPI is an advanced method of network packet filtering that is used for inspecting data packets exchanged between the devices and systems over a network. DPI functions at the Application layer of the Open Systems Interconnection (OSI) reference model and enables users to identify, categorize, track, reroute, or stop packets passing through a network. for application classification. For more information, see Enabling Deep Packet Inspection on APs.
-
Support for Automated Frequency Coordination on Wi-Fi 6E Standard-Power APs
Starting from AOS-10.7.0.0, HPE Aruba Networking's Frequency Coordination Orchestrator (FCO) cloud service is introduced for GPS Global Positioning System. A satellite-based global navigation system. -supported, standard power APs operating in the 6 GHz Gigahertz. band Band refers to a specified range of frequencies of electromagnetic radiation.. The FCO solution will automatically enable Automated Frequency Coordination (AFC) for 6 GHz standard power APs in AOS-10 cloud deployments.
The AFC feature is currently supported on AP-634, AP-654, AP-674, AP-675, AP-677, AP-679, AP-734, and AP-754 access points.
Support for VLAN Name for Wired or Wireless Clients
AOS-10 now supports sending VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. names for wired or wireless clients to Cloud.
Support for Full BLE on Dual IoT Radios in Wi-Fi 7 APs
AP-734, AP-735, AP-754, and AP-755 access points support full Bluetooth Low Energy (BLE Bluetooth Low Energy. The BLE functionality is offered by Bluetooth® to enable devices to run for long durations with low power consumption.) and Zigbee on dual IoT Internet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet. radios beginning with AOS-10.7.1.0.
Support for 16 VAPs of 6 GHz in Wi-Fi 7 and 600 Series APs
AOS-10 now supports 16 x 6 GHz MBSSID Virtual APs in Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. 7 and 600 Series APs:
-
700 Series: AP-754, AP-755, AP-734, AP-735
-
600 Series: AP-635, AP-615, AP-605H, AP-655
Support for 320 MHz Scanning in Wi-Fi 7 APs
AOS-10 now supports 320 MHz Megahertz scanning in the following Wi-Fi 7 APs:
-
AP-754
-
AP-755
-
AP-734
-
AP-735
Signature Generation Upgrade
AOS-10 has upgraded signature generation with CSfC guidelines for the following instances:
-
RSA Rivest, Shamir, Adleman. RSA is a cryptosystem for public-key encryption, and is widely used for securing sensitive data, particularly when being sent over an insecure network such as the Internet. must be 3072 bits or greater
-
ECDSA Elliptic Curve Digital Signature Algorithm. ECDSA is a cryptographic algorithm that supports the use of public or private key pairs for encrypting and decrypting information. must be 384 bits or greater
Multi-Link Operation Support
Multi-Link Operation (MLO) is one of the prominent features defined in new 802.11be protocol that allows WLAN traffic exchange over multiple links. It is applicable only for Wi-Fi 7 enabled APs in the network.
For more information, see the following topics:
New Hardware Platforms
The following are the newly supported HPE Aruba Networking APs in AOS-10.7.2.0 release:
-
AP-725
The AP-725 access points support 802.11be standard (Wi-Fi 7) in a 2x2 MIMO Multiple Input Multiple Output. An antenna technology for wireless communications in which multiple antennas are used at both source (transmitter) and destination (receiver). The antennas at each end of the communications circuit are combined to minimize errors and optimize data speed. tri-radio platform and provides wired 2.5 Gbps Gigabits per second. Ethernet Ethernet is a network protocol for data transmission over LAN. network interface.
The following are the newly supported HPE Aruba Networking APs in AOS-10.7.1.0 release:
-
AP-674 Wi-Fi 6E Outdoor Access Points
-
AP-679 Wi-Fi 6E Outdoor Access Points
The following is the newly supported HPE Aruba Networking bridge in the AOS-10.7.1.0 release:
-
BR-150 5G Ethernet Bridge
The following are the newly supported HPE Aruba Networking APs in AOS-10.7.0.0 release:
-
AP-605H
-
AP-675
-
AP-677
-
AP-734
-
AP-735
-
AP-754
-
AP-755
AP-734, AP-735, AP-754, and AP-755 are Wi-Fi 7 (802.11be) capable access points. These Wi-Fi 7 AP models support full Bluetooth Low Energy (BLE) and Zigbee on dual IoT radios beginning with AOS 10.7.1.0.
For more information on supported devices, see Supported Devices for AOS-10.
Enhancements in AOS-10.7
Campus and Microbranch APs
The following Campus and Microbranch AP enhancements are introduced in this release:
Beacon Protection Support in Wi-Fi 7 APs
AOS-10 now supports beacon protection in Wi-Fi Certified 700 Series access points. Beacon protection is a security feature introduced in the WPA3 standard that enhances the security of Wi-Fi networks by protecting the integrity of beacon frames to prevent attackers from interfering with these frames. For more information, see ArubaOS 10 ArubaOS 10 (AOS 10) is the distributed network operating system working with Aruba Central that controls Aruba Access Points (APs) and optional gateways..x Command-Line Interface Reference Guide.
Change of Name to Meet Legal Obligation
To meet legal requirements, the names appearing in external displays of the brand image have been updated.
| Type |
SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. /LLDP Link Layer Discovery Protocol. LLDP is a vendor-neutral link layer protocol in the Internet Protocol suite used by network devices for advertising their identity, capabilities, and neighbors on an IEEE 802 local area network, which is principally a wired Ethernet./UI/CLI |
Old Name |
New Name |
|---|---|---|---|
|
short name |
|
ArubaOS |
AOS-10 |
|
long name |
|
Aruba Operating System Software |
HPE Aruba Networking Wireless Operating System |
Enhancement to show tech-support CLI Command
The show tech-support command now includes
-
show ap debug ble-firmware-upgrade-info
-
show ap debug ble-table all
-
show ap debug ble-advertisement-info
-
show ap debug iot-radio-counters
-
show ap debug aec awc-status
-
show ap debug aec disp-config-objs
-
show ap debug ble-relay iot-profile
-
show ap debug ble-daemon ap-iot-connector
-
show container service list
-
show container stats
-
show container processes
-
show log container
-
show ap debug service api-gateway access
-
show ap debug service api-gateway error
-
show ap debug service api-gateway wrapper
-
show ap debug zigbee radio-table
-
show ap debug zigbee client-table
-
show ap debug zigbee event-trail
-
show ap debug zigbee packet-trail
-
show ap debug usb-enet client
-
show ap debug iot-usb device
-
show ap debug iot-usb iface
-
show esl status
-
show tech-support iot
Improvement to External Antenna Gain Setting
For the connectorized AP models (like AP-xx4), AOS-10 now restricts 5G/6G radio operation if external-antenna gain is not configured.
When external-antenna gain is not configured:
-
2.4G Fourth Generation of Wireless Mobile Telecommunications Technology. See LTE. radio is up with an effective Actual Antenna Gain of 8.0 (Indoor AP) or 14.0 (Outdoor AP).
-
5G or 6G radio is down.
For more information on configuring external-antenna gain, see Configuring External Antenna
Maximum Number of VLAN Names Increased for APs
Starting from AOS-10.7.2, the maximum number of VLAN names supported is now increased from 32 to 128 in all APs, except 300 Series APs. The 300 Series APs will continue to support a maximum of 32 VLAN names.
For more information on configuring VLAN names, see Configuring VLAN Name and VLAN ID.
RadSec or EST Enhancements for APs
When AP is configured to use EST certificate, RadSec uses EST client certificate and can have custom CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. for TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. connection. For more information, see Mapping AP Certificates.
Support for LAA Counters for Tracking Randomized MAC Addresses
AOS-10 now supports tracking of probe requests from clients using randomized MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. addresses, offering deeper insights into client presence within the network infrastructure. For more information, see ArubaOS 10.x Command-Line Interface Reference Guide.
Security
IDPS
IDPS Intrusion Detection and Prevention System (IDPS) monitors, detects, and prevents threats in the inbound and outbound traffic. Aruba IDPS provides an extra layer of protection that actively analyzes the network and takes actions on the traffic flows based on the defined rules. It inspects data packets, and if any threat is identified, acts real-time to prevent it.-Supported Gateways—VPNC persona support is added to HPE Aruba Networking 9114 and HPE Aruba Networking 9240 gateways for using the IDPS feature and its functionalities. Branch Gateway persona support is added to HPE Aruba Networking 9106 gateway for using the IDPS feature and its functionalities.
For more information, see Preparing to add IDPS-Supported Gateways.
Web Traffic Classification Support for New TLS Key Encapsulation Mechanism
This AOS version addresses the WebCC web traffic classification issues that are caused due to TLS 1.3 Hybridized Kyber support, which is now enabled by default in Chromium browsers. This change results in larger TLS Client Hello which is transmitted in multiple TCP-segments. The extraction of SNI (Server Name Identifier) attribute, which contains the domain visited by a client, now leverages the DPI (Deep Packet Inspection) engine to handle the segments.
You must enable DPI for this enhancement to take effect. This is applicable to both, APs and gateways.
Support for Country-Specific SKU
The AOS-10 software is now updated to support Indonesia country-specific SKUs, and the configuration is locked to ensure compliance with regulations.
Gateways
DHCP Reservation Limit
The DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. reservation limit is increased to 256 from earlier value of 64 for devices running AOS-10.7.2.0 or higher versions. Devices running lower AOS-10 versions might have issues with the increased reservation value. For more information, see Reserving IP Addresses.
Increase in WAN Scheduler Bandwidth Limit
The AOS-10.7.2 release introduces an increase in the existing limit of the WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. scheduler from 500 Mbps to 10 Gbps. This increase of the WAN scheduler bandwidth will ensure that the network performance aligns with the subscribed bandwidth and physical interface capabilities of the users. For more information, see Creating a WAN Scheduler Profile.
