CloudVision CUE 22.0.0 TOI

Allow Arista Networks to upgrade the Access Point (AP) firmware whenever a new version becomes available. Enabling this feature ensures the AP firmware stays up to date with the latest CV-CUE version. Selecting the Allow Arista to Upgrade Access Points checkbox allows Arista to upgrade your AP firmware. If you don’t have any Scheduled Updates configured for any location in CV-CUE, Arista will notify you of the schedule for when they will perform the firmware upgrade for that location's APs. If you already have Scheduled Updates configured, the firmware upgrade will occur according to the schedule you have defined in CV-CUE. Arista will not interfere with your pre-configured schedule.

Beacon protection ensures the management beacon frames are secure and prevents attackers from manipulating them. It ensures protection from tampering of beacon frames and also prevents DoS attacks. Beacon protection is applicable for the WPA3 security mode and is mandatory for Wi-Fi 7. Beacon protection is not supported in Transition Modes.

Network Administrators can configure the Certificate Revocation List (CRL) in CV-CUE to facilitate secure communication between the Access Points (AP) and the RadSec or Rsyslog server. A Certificate Revocation List (CRL) contains a list of digital certificates, typically provided as URLs, that the issuing authority has revoked before their scheduled expiration date. You can provide a maximum of 10 URLs for CRL

The Related AP Events chart is a diagnostic chart that correlates a client's connectivity experience with the health of the Access Points (AP) they are connected to. Using this chart, network administrators can instantly see whether a client’s connection issue was caused by an infrastructure event, such as an Access Point reboot or a configuration change, or whether the problem was isolated to the client's device. By syncing these two perspectives, network administrators no longer need to manually cross-reference timestamps across multiple logs, making troubleshooting significantly faster and more efficient.

CV-CUE utilizes several external cloud-hosted services to enable key features, including AFC, Ekahau integration, Webhooks, and Arista Firmware Repositories. In a standard on-premises deployment, CV-CUE often resides within a restricted network with no direct access to the Internet. To use and leverage the cloud-dependent features while maintaining security policies, CV-CUE supports the proxy server configuration. This service allows CV-CUE to communicate with specific external services via a customer-managed proxy server

Network Administrators can configure device settings at any location in CV-CUE, and the device configuration attributes get inherited from a parent to a child location. By default, inherited settings share the same attributes as the parent location. With this release, Administrators can override certain attributes of a device configuration at a child location without breaking inheritance, so that the entire device configuration remains unchanged except for the overridden attributes.

Configure latency thresholds for DHCP, DNS, AAA, WAN, and Gateway while creating a Client Connectivity Test (CCT) profile. When the latency exceeds the defined threshold, the CCT result is displayed as a partial failure.

CloudVision Cognitive Unified Edge (CV-CUE) introduces the following new features and enhanced functionalities

Send logs of Access Points (AP) securely to a remote Syslog server. On enabling Secure Remote Syslog, the AP sends the logs securely to the Syslog server using the TLS protocol through port 6514. APs support TLS 1.2 and higher for communication.

CV-CUE supports three NTP servers for synchronizing APs with them. Providing the IP address or hostname of at least one server, Server 1, is mandatory. For the other two servers, the sequence of operation is inconsequential. You can add the third server (Server 3) and leave the second server (Server 2) empty.

Network administrators can use the TACACS+ server with CV-CUE to manage administrator access to networking devices. Terminal Access Controller Access-Control System Plus (TACACS+) is widely used in on-premises deployments for AAA (Authentication, Authorization, and Accounting) functionality to manage user access to networks and devices.

Network Administrators can enable identity validation to ensure that Access Points (APs) establish secure RadSec and Rsyslog connections only with verified and trusted servers. When enabled, the AP verifies the server's identity during the TLS handshake for RadSec and Rsyslog communication by matching the server's hostname against the Subject Alternative Name (SAN) or Common Name (CN) fields in the server’s certificate. If both the fields are present, then SAN takes priority over CN. CN validation happens only if SAN is not provided.