TOI Author :: Dhruba Jyoti Pokhrel

With the 19.0 release, Access Points (AP) can seamlessly switch between LAN 1 and LAN 2 as the Uplink Port without disturbing the client connectivity and without any reboot. For the list of enhancements done for the same feature in the previous release, see the 18.0 TOI.

CV-CUE displays the missing VLANs in the network, allowing Network Administrators to diagnose and resolve the issue quickly. Sometimes out-of-the-box Access Points (APs) cannot send and receive traffic through the switchport they are connected to because the Switch doesn’t have the same VLAN as the AP. This issue could be time-consuming to diagnose and identify as Network Administrators follow a series of error elimination steps to determine the root cause. After the administrator identifies the root cause, the fix is trivial; they only need to create the missing VLANs in the Switch network.

The audit report includes the start and end timestamps of the communication key timers for the past six months, the event type, MAC address, type of the key used between AP and the server, and the login ID. It also lists the non-TPM Access Points connected to the server during the onboarding window.

VLAN Pooling is a list of VLAN IDs defined by the Network Administrator. The Access Point (AP) distributes the VLAN IDs from this pool of VLAN to the clients connecting to the SSID.VLAN Pooling offers better scalability and optimized load-balancing of traffic.

RADIUS Pooling lets you assign a pre-defined list of RADIUS Servers that Access Points (AP) can use to authenticate, authorize, and maintain clients' accounts. It offers better load-balancing capabilities and improved scalability.You do not have to specify the order of the RADIUS servers as Primary or Secondary. Every AP randomly chooses the RADIUS servers from the pool, and then independently decides the sequence of the RADIUS servers and follows the order. Two APs sharing the same RADIUS pool may not share the same order for the RADIUS servers. APs automatically distribute the client load based on an intelligent algorithm.

With the 18.0 release, you can send a copy of DHCP Packets from Access Points (AP) to Network Access Control (NAC) solutions for profiling clients and assigning appropriate network segments. When you enable the packet forwarding option on the UI, the AP forwards a copy of the DHCP packets to Port 67 of the destination server.

With the 18.0 release, Access Points (AP) can also use LAN2 as the Uplink Port. If both the LAN Ports are available as Uplink, the AP monitors both ports equally. Only on the first AP boot will AP consider LAN1 as the default Uplink, and LAN2 will be the failover. If LAN1 and LAN2 are connected and LAN1 fails to receive any packets, the AP can fail over to LAN2 as the Uplink Port and will continue to operate on the same uplink even if LAN1 is active again. 

Network Administrators can create SSIDs at any location in CV-CUE, and the same SSID can be inherited from a parent to a child location. The inherited SSIDs, by default, share the same attributes as the parent location. With the 18.0 release, Administrators can override certain attributes of SSID at a child location without breaking the inheritance, so that the entire SSID configuration remains the same, except for the overridden attributes.

With the 18.0 release, the Access Point (AP) and CV-CUE Server (previously called Wireless Manager Server or WM Server) connectivity for on-premises and cloud deployments have been updated with additional security and improved security posture of AP-Server communication.

The 802.11be standards build on 802.11ax by providing ultra-high throughput, improved resource utilization, and interference mitigation. The 320 MHz support increases the throughput and performance in the 6GHz band. The improved resource utilization is attributed to the introduction of Multiple Resource Units (MRU) in Orthogonal Frequency Division Multiple Access (OFDMA) transmission and Multi-Link Operation (MLO).

Local Authentication (also known as authentication survivability) is the ability of access points (AP) to authenticate and onboard clients to the network using root CA certificates through the integrated EAP server of the AP. Use Local Authentication when the RADIUS servers are not reachable to authenticate the clients. It is typically a temporary authentication mechanism; avoid using it as a primary authentication. If there are certificate chains, you must upload the root CA certificate along with the certificate chain.

Multiple VLAN Registration Protocol (MVRP) is a Layer 2 protocol. The protocol allows access points to propagate the VLAN created on CV-CUE to the connected Switches. The real-time propagation of configuration allows you the flexibility of configuring your wired and wireless network in one interface and distributing it to other active interfaces. You do not have to worry about managing and maintaining the configurations in all interfaces.

Organizations may have multiple access points (APs) of different models operating with various firmware versions. As an organization, you may want to designate a specific version as a compliant firmware version for a certain model. Assigning a compliant firmware version helps network administrators identify non-compliant AP models by generating notification alerts.

With the 16.0.1 release, clients connecting to the 6 GHz band can seamlessly connect to OWE-enabled SSIDs having Transition Mode. Arista APs support the Enhanced Open security protocol with Transition Mode built for open networks. Enhanced Open is based on Opportunistic Wireless Encryption (OWE). It is supported only in WiFi 6 and higher AP models. A few examples are C-360, C-260, C-250, C-230, O-235, etc.

This feature lets you freeze the channel and transmit power in the Auto mode to operate a specific radio at a specific channel number and transmit power. To switch to other channels, unfreeze the settings and select a custom channel and power, or enable the Auto mode to select the optimum channel and transmit power. Freeze and unfreeze Auto Channel Selection (ACS) and Transmit Power Control (TPC) configurations are configured for each radio. You can select multiple radios and freeze the ACS and TPC settings.

With the 16.0 release, you can authenticate edge devices from a centrally managed network access control server using the 802.1X authentication. As a network administrator, you want to authenticate the access points (APs), before the APs connect to the network. To enable the authentication, you need to first configure the uplink port on the AP using CV-CUE.

With the 16.0 release, network administrators do not have to define the VLANs received from the RADIUS server or CoA servers. The RADIUS server can dynamically generate VLANS for clients and send the VLAN to the access point (AP) when the client connects. This eliminates the need to manually configure all the dynamic VLANS in the SSID and Device settings. When Dynamic VLAN is enabled, network administrators do not have to configure the VLANs in SSID Settings; they are created dynamically on the AP.

VXLAN tunneling requires that the switch where the tunnel terminates is configured with a VTEP that matches the configuration on the AP. CV-CUE now provides an easier way to match configurations on both AP and the switch. By having the same VXLAN configuration for access points (APs) and switches, you can aggregate all wireless traffic from the same VXLAN to a single wired destination for better traffic management and visibility.

You can import Ekahau floor plans to CloudVision Cognitive Unified Edge (CV-CUE) and then manage the access points (AP) from CV-CUE. Once you import the floor plan to CV-CUE, you can map the AP to CV-CUE and start managing the AP.

One of the reasons why Wi-Fi clients encounter RF issues is non-Wi-Fi interference. All Wi-Fi 6 and above APs can perform interference classification. CloudVision Cognitive Unified Edge (CV-CUE) classifies interference into four categories — Wi-Fi, Microwave Oven (MWO), Frequency Hopping Spread Spectrum (FHSS), and Continuous Wave (CW).

RadSec or RADIUS over TLS is a protocol for secure communication between a client and the RADIUS server. RadSec uses TCP and TLS protocols to form a secure tunnel between the client and the server.

With the 15.0 release, access points can authenticate themselves to the network using respective certificates. With access point (AP) VPN, AP uses the EAP-TLS protocol for authentication. Since EAP-TLS requires the client and network to authenticate themselves using respective certificates, the protocol is considered robust compared to exchanging shared secret and Xauth password. 

With the 14.0 release, you can add device passwords and AP-Server Key passphrase as defined in the password policy. The passwords are based on the password policy and password settings that you configure in CV-CUE.

With the 14.0 release, you can integrate OpenID Connect with a captive portal for authentication. The OpenID Connect integration functionality is available only for captive portals hosted on the Arista Cloud. It is not available if the captive portal is hosted on third-party servers or on the access point.

With the 13.0.1 release, you can monitor wired hosts that are physically connected to access points (APs) through Ethernet cables. Currently, the W-118 AP and W-318 AP through their additional LAN ports support connecting hosts directly to the AP.

With the 13.0.1 release, you can authenticate wired hosts connected to the LAN ports of access points (W-118 and W-318) using 802.1X or MAC-based authentication. You can configure the authentication parameters for each downlink port on the access point (AP) using a LAN Port profile in CV-CUE. The communication happens either through a bridged network or transferred using L2 Tunnels.

With the 13.0 release, you can schedule the Automatic Channel Selection (ACS) to run at a specific time of the day and minimize service disruption.

With the 13.0 release, CloudVision Cognitive Unified Edge (CV-CUE) can redirect onboarding clients to a dynamic URL defined by the RADIUS. If the  RADIUS access-accept request has a role and a redirection URL for a client, access points (AP) can redirect such client’s HTTP or HTTPS requests. 

With the 13.0 release, you can enable spatial reuse from CloudVision Cognitive Unified Edge (CV-CUE) to improve the spectral efficiency and optimally allocate resources to meet the Quality of Service (QoS). With spatial reuse, two or more Wi-Fi devices (AP or client) that support 802.11ax protocols can send transmissions simultaneously without any significant data loss.

With the 13.0 release, you can integrate SAML SSO with a captive portal for authentication. The SAML integration functionality is only available for captive portals hosted on the Arista Cloud. It is not available if the captive portal is hosted on third-party servers or on the access point.

With the 13.0 release, you can now view switch-related data, which is managed by CVaaS, from CV-CUE. With this capability, CV-CUE provides you full visibility of the edge network from a single pane. You can monitor the network and make informed decisions –  for example, when you want to troubleshoot any network issues and find out whether the root cause lies in the wired architecture or the wireless.