What's New in this Release

This chapter describes features that are new in the April 2026 release of CloudVision Cognitive Unified Edge (CV-CUE).

Monitoring and Troubleshooting

Client Monitoring with Related AP Events Chart

The Related AP Events chart correlates a client's connectivity experience with the health of the Access Points they are using on a single timeline. This feature allows network administrators to determine whether a connection issue was caused by an infrastructure event or a client device issue, eliminating the need to manually cross-reference timestamps across multiple logs.

UI Navigation: MONITOR > Wi-Fi > Client > Client Detail > Overview

Latency Threshold in Client Connectivity Test

Configure latency thresholds for DHCP, DNS, AAA, WAN, and Gateway while creating a Client Connectivity Test (CCT) profile. DNS and WAN latencies are disabled when you select proxy configuration. Also, if you configure an SSID with WPA2 or WPA3 security and the client authentication is RADIUS MAC authentication, then for such profiles, the AAA latencies are ignored in the CCT result.

UI Navigation: TROUBLESHOOT > Client Connectivity Test > Add Test Profile > Latency Thresholds

Operations

Beacon Protection

Beacon protection ensures the management beacon frames are secure and prevents attackers from manipulating them. It ensures protection from tampering of beacon frames and also prevents DoS attacks. Beacon protection is required for the WPA3 security mode. Beacon protection is not supported in Transition Modes.

UI Navigation:CONFIGURE > WiFi > SSID > Security > WPA3 > Enable Beacon Protection

Secure AP-Syslog Server Communication

Send logs of Access Points (AP) securely to a remote Syslog server. When Secure Remote Syslog is enabled, the AP sends logs securely to the Syslog server over TLS on port 6514. APs support TLS 1.2 and higher for communication.

Note: If you do not select the Secure Remote Syslog checkbox, the AP connects to the Syslog server on UDP port 514, which is the default Syslog communication mode.

UI Navigation: CONFIGURE > Device Access Points > General > Send Clients and Access Point Logs to the Syslog Server > Secure Remote Syslog

Support for Three NTP Servers

CV-CUE supports three NTP servers for synchronizing APs with them. Providing the IP address or hostname of at least one server, Server 1, is mandatory. For the other two servers, the sequence of operation is inconsequential. You can add the third server (Server 3) and leave the second server (Server 2) empty.

You can also secure NTP communication by selecting Secure NTP mode, which is an additional security measure. Secure mode lets you add the NTP server's Authentication Key and Key ID for each server.

UI Navigation: CONFIGURE > Device > Access Point > General > Network > NTP Configuration

Allow Arista to Upgrade Access Points

Allow Arista Networks to automatically upgrade your APs whenever there’s a new version available. Selecting the Allow Arista to Upgrade Access Points checkbox allows Arista to upgrade your Access Points according to the upgrade schedule you define.

UI Navigation: SYSTEM > Advanced Settings > Allow Arista to Upgrade Access Points

Customize Device Attributes for Location-Specific Overrides

Network Administrators can now override specific device (AP) attributes at child locations without breaking inheritance from the parent folder. This allows for consistent global policies while accommodating local requirements, such as regional time zones or wireless regulations. The following parameters can be overridden:
  • NTP Configuration
  • Device Password
  • Regulatory Domain
  • Wi-Fi Radios Candidate Channels
  • Wi-Fi Radios Channel Width
  • Wi-Fi Radios Transmit Power Selection

UI Navigation: CONFIGURE > Customized Configuration > Device

Certificate Revocation

Network Administrators can configure Certificate Revocation List (CRL) in CV-CUE to facilitate secure communication between AP and Server. A Certificate Revocation List (CRL) contains a list of digital certificates, typically provided as URLs, that have been revoked by the issuing authority before their scheduled expiration date.

UI Navigation: SYSTEM > Advanced Settings > Certificate Management > Certificate Revocation

Validate SAN or CN for Server Identity

Validate Subject Alternative Name (SAN) and Common Name (CN) during the TLS handshake for RadSec and Syslog communication. The additional security ensures the AP establishes a secure connection with verified and trusted peers.

UI Navigation: SYSTEM > Advanced Settings > Certificate Management > General > Validate SAN or CN.