With the 16.0 release, network administrators do not have to define the VLANs received from the RADIUS server or CoA servers. The RADIUS server can dynamically generate VLANS for clients and send the VLAN to the access point (AP) when the client connects. This eliminates the need to manually configure all the dynamic VLANS in the SSID and Device settings. When Dynamic VLAN is enabled, network administrators do not have to configure the VLANs in SSID Settings; they are created dynamically on the AP.

With the 16.0 release, you can authenticate edge devices from a centrally managed network access control server using the 802.1X authentication. As a network administrator, you want to authenticate the access points (APs), before the APs connect to the network. To enable the authentication, you need to first configure the uplink port on the AP using CV-CUE.

VXLAN tunneling requires that the switch where the tunnel terminates is configured with a VTEP that matches the configuration on the AP. CV-CUE now provides an easier way to match configurations on both AP and the switch. By having the same VXLAN configuration for access points (APs) and switches, you can aggregate all wireless traffic from the same VXLAN to a single wired destination for better traffic management and visibility.

With the 15.0 release, access points can authenticate themselves to the network using respective certificates. With access point (AP) VPN, AP uses the EAP-TLS protocol for authentication. Since EAP-TLS requires the client and network to authenticate themselves using respective certificates, the protocol is considered robust compared to exchanging shared secret and Xauth password. 

RadSec or RADIUS over TLS is a protocol for secure communication between a client and the RADIUS server. RadSec uses TCP and TLS protocols to form a secure tunnel between the client and the server.

One of the reasons why Wi-Fi clients encounter RF issues is non-Wi-Fi interference. All Wi-Fi 6 and above APs can perform interference classification. CloudVision Cognitive Unified Edge (CV-CUE) classifies interference into four categories — Wi-Fi, Microwave Oven (MWO), Frequency Hopping Spread Spectrum (FHSS), and Continuous Wave (CW).

You can import Ekahau floor plans to CloudVision Cognitive Unified Edge (CV-CUE) and then manage the access points (AP) from CV-CUE. Once you import the floor plan to CV-CUE, you can map the AP to CV-CUE and start managing the AP.

With the 14.0 release, you can integrate OpenID Connect with a captive portal for authentication. The OpenID Connect integration functionality is available only for captive portals hosted on the Arista Cloud. It is not available if the captive portal is hosted on third-party servers or on the access point.

With the 14.0 release, you can add device passwords and AP-Server Key passphrase as defined in the password policy. The passwords are based on the password policy and password settings that you configure in CV-CUE.

With the 13.0.1 release, you can authenticate wired hosts connected to the LAN ports of access points (W-118 and W-318) using 802.1X or MAC-based authentication. You can configure the authentication parameters for each downlink port on the access point (AP) using a LAN Port profile in CV-CUE. The communication happens either through a bridged network or transferred using L2 Tunnels.

With the 13.0.1 release, you can monitor wired hosts that are physically connected to access points (APs) through Ethernet cables. Currently, the W-118 AP and W-318 AP through their additional LAN ports support connecting hosts directly to the AP.

With the 13.0 release, you can enable spatial reuse from CloudVision Cognitive Unified Edge (CV-CUE) to improve the spectral efficiency and optimally allocate resources to meet the Quality of Service (QoS). With spatial reuse, two or more Wi-Fi devices (AP or client) that support 802.11ax protocols can send transmissions simultaneously without any significant data loss.

With the 13.0 release, CloudVision Cognitive Unified Edge (CV-CUE) can redirect onboarding clients to a dynamic URL defined by the RADIUS. If the  RADIUS access-accept request has a role and a redirection URL for a client, access points (AP) can redirect such client’s HTTP or HTTPS requests. 

With the 13.0 release, you can schedule the Automatic Channel Selection (ACS) to run at a specific time of the day and minimize service disruption.

With the 13.0 release, you can integrate SAML SSO with a captive portal for authentication. The SAML integration functionality is only available for captive portals hosted on the Arista Cloud. It is not available if the captive portal is hosted on third-party servers or on the access point.

With the 13.0 release, you can now view switch-related data, which is managed by CVaaS, from CV-CUE. With this capability, CV-CUE provides you full visibility of the edge network from a single pane. You can monitor the network and make informed decisions –  for example, when you want to troubleshoot any network issues and find out whether the root cause lies in the wired architecture or the wireless.