Advanced System Settings

License Settings for On-Premises Users

You can apply licenses from CV-CUE for on-premises users. After you upload the license file, you need to log out and then log in again for the license to be effective.

Follow these steps to apply the license:
  1. Got to SYSTEM > Advanced Settings > License.
  2. (Optional) Click Download License to download the existing license details in a text file format.
  3. Click Select License File and select the license file from your local or shared drive. Licences must be in the json file format.
  4. Apply the license.
  5. When prompted, log out and then log in again to successfully activate the license.

Language Settings

You can define the system language that is used by CV-CUE as a mode of communication. CV-CUE uses the system language to send default messages from the application. For example, alerts and notifications are communicated using the system language. The default system language is English.

Follow these steps to configure the system language:
  1. Got to SYSETM > Advanced Settings > Language.
  2. Select the system language and the SSID encoding language.
  3. Save the changes.

High Availability Status

If you have enabled the High Availability (HA) service, you can see the HA status and configuration details of the servers. For example, you can see whether the HA service is running or stopped or disabled. If you have not configured the HA service, you will see the status as Disabled. This is a read-only page; you can not configure anything on this page. Configure the HA service using the CLI.

To see the HA status from CV-CUE, go to System > Advanced Settings > High Availability Status.

System Status

You can see the status of the Wi-Fi server and other system-related information from SYSTEM > Advanced Settings > System Status. You can also start and stop system services from the System Status page.

The following system-related information is displayed on this page:
  • Server ID
  • Server Access URL
  • Managed Device Communication Port
  • Maximum Managed Devices Allowed (Physical Devices)
  • Allowed Mode of Operation — Indicates whether Wi-Fi or WIPS or both services are enabled on the server.
  • Software Version — Indicates the software version of CV-CUE
  • Software Build — Indicates the software build version of CV-CUE
  • Operating System
  • Appliance Model
  • IPv4 — Indicates the IPv4 address, if available
  • IPv6 — Indicates the IPv4 address, if available

Cluster Configurations

A server cluster or a cluster is a group of CV-CUE. A cluster comprises a parent CV-CUE (parent server) and one or more child CV-CUE (child servers). A cluster is created to manage multiple servers using a single server. This managing server is called the parent server and the servers that are managed from the parent server are called the child servers. A server can be part of only one cluster at any given time. A child server cannot be a parent of any other server in the cluster. Creating a cluster helps in managing multiple servers together. For example, you can create a policy and implement it across different servers using a cluster.

You can create clusters using the server command line console. For more information on creating clusters and managing servers in a cluster, refer to the following chapters in your respective server installation guide.
  • Setup and Manage Server Cluster - For details on setting up server clusters
  • Server Config Shell Commands- For details on server cluster commands.
After you have assigned a parent server to a cluster and have added child servers to the server cluster, login into CV-CUE to view cluster data and manage cluster configuration.
Note: You must be a superuser to view cluster data and manage cluster configurations.

View Cluster Configurations

To view the cluster data:
  1. Go to SYSTEM > Advanced Settings.
  2. Click the Cluster Configuration tile. All the existing servers in a cluster are displayed.


The table displays the following data:
Table 1. Cluster Configuration Details
Field Description
Status The status of the server. The icons mean the following:
Table 2.
Icon Description


Connected Server


Disconnected server


Expired license or mismatched version
Server Name Name of the CV-CUE instance
Mount Point Mount location of CV-CUE
Server IP Address IP Address of CV-CUE
Version Software Version number of CV-CUE
You can perform the following actions on a cluster server:
  • Mount or Unmount the server
  • Change mount location
  • Copy Policies
  • Fix version mismatch
  • Fix License
Note: You can perform the actions only a connected server.

Mount or Unmount the Child Server

To view the server cluster data or to copy the parent server’s policy, you need to mount the individual child servers on the parent server location tree. Before you mount the child server, ensure that you have applied a valid license to it and it has the same build version as the parent server.

To mount the child server:
  1. Select the child server. Click Mount from the three-dot menu next to it.
  2. Select the mount location and click Save.

The child server is mounted on the selected location.

Note: When you mount a child server, the parent server policies are not inherited by the child server automatically. The child server continues to use its existing policies. You need to explicitly apply the parent server’s policy.

Similarly, you can umnount the child server from the parent server by clicking Unmountfrom the three-dot menu next to it.

Change the Mount Point of the Child Server

You can change the mount point of a child server and mount it to another location. Before you change the mount point of a server, ensure that a valid license is applied to it.

To change the mount location of the child server:
  1. Select the child server. Click Change Mount from the three-dot menu next to it. The Change Mount Point pane appears.
  2. Select the new mount point and click Save.

Copy Policies

Policies are configuration settings that you define for a server. If you want to keep the same configurations or settings across servers in a cluster setup, you need to create only one policy and copy the policy to all other servers. This helps in maintaining consistency in your settings, provides ease of replication, and reduces human errors. You can copy policy settings from a child server to another child server, a parent server to a child server, or a child server to a parent server. You can copy the following policies:
  • Account Suspension
  • Password Policy
  • Language Setting
  • Audit Logs
  • Auto Deletion
  • SMTP Configuration
  • RADIUS Configuration
  • Server Upgrade
  • Certificate
  • LDAP Configuration
  • AP Server Key (Device Communication Key)
  • ArcSight Integration
  • Banned APs
  • Banned Clients
  • License
  • Reports Look and Feel
  • SysLog Integration
  • SNMP

You can copy a single policy or copy multiple policies at once.

To copy policies in a cluster server:
  1. Navigate to SYSTEM > Advanced Settings.
  2. Click the Cluster Configuration tile. Alternatively, you can also navigate to the particular policy setting that you want to copy.
  3. Click Copy Policies.
  4. The Copy Policy pane is displayed. Select your To and From Servers.

  5. Select the policies to copy.
  6. Click Save. The Confirm Copy Policy dialog box appears.
  7. Click Confirm.
Once the policy settings are copied, you will get the Copy Policy Results pane displaying the success or failure of the copied policies.

Fix Mismatched Version of the Child Server

The parent server and the child servers in a cluster must have the same software versions. If there is a mismatch between the versions of the parent server and the child server, you need to upgrade your child server to match the version of the parent server.

To fix the child server version:
  1. Click Fix Version Mismatch from the three-dot menu next to it. The fix version mismatch pane opens.
  2. Upgrade your child server. For more information on upgrading your server, refer to Upgrade Server.

Fix Invalid License of the Child Server

The child servers in a cluster must have a valid license. In case of a missing license or an expired license, you need to fix the license of the child server.

Note: This feature is available for on-premise setup only.

To fix the child server license:
  1. Click Fix License from the three-dot menu next to it. The fix license pane opens.
  2. Select the appropriate license file from your local storage and click Apply License.

NTP Configuration

Network Time Protocol (NTP) is used to synchronize the time in servers and computers that are in different networks over the internet. You can add a maximum of three NTP servers.
  1. Go to System > Advanced Settings > NTP Configuration.
  2. Click the Enable NTP check box.
  3. Add the NTP servers. You must add at least one NTP server.
  4. Click Check Drift to check the time drift between NTP servers.
  5. Sync and save the settings

Upgrade Server

You can check for available upgrades and upgrade your server to the latest version of CloudVision Cognitive Unified Edge (CV-CUE). Only a Superuser can initiate a server upgrade.
Note: This feature is available for on-premises deployments only.

Prerequisites for Upgrade

  • TCP Port 8080 of the server is accessible from your computer.
  • Popups are not blocked.

Upgrading your Server

Before you start, ensure that you have downloaded the upgrade bundle to your computer. Also note that you cannot abort or cancel the server upgrade process once the server upgrade is in progress. The upgrade process continues even if you close the browser window.

To upgrade your server:
  1. Go to SYSTEM > Advanced Settings > Upgrade Server. The Upgrade Server screen displays the current build details.
  2. Click Check for Upgrade to check if upgrades are available. You can download the upgrade bundle from Arista’s support website.
  3. (Optional) Select the Check Server upgrade availability at each login checkbox to check for available upgrades on every login.
  4. Click Select File and select the upgrade bundle from your local storage.
  5. Click Check Compatibility and verify that the upgrade bundle is compatible with the server.
  6. Click Upload and Upgrade. The Confirm Upgrade screen displays the current build and upgrade build details.
  7. Click Confirm to initiate the server upgrade. Once the upload is complete, the server upgrade starts automatically.
  8. Refresh your browser and log in to CV-CUE after the server is upgraded.
While the server upgrade is in progress, you cannot access the CV-CUE UI. After the server upgrade is successful, the server reboots automatically. Wait for a few minutes for the server to reboot. After this, you can access the CV-CUE UI again.

Parent-Child or Multi Server Setup

If you have a Parent-Child or a Multiple Server setup and you are upgrading a child server, only the child server is inaccessible while it is upgrading. You will be redirected to the dashboard of the parent server and you can access the parent server.

If you are upgrading the parent server, wait for a few minutes for the server to reboot and log in again to access the server. While the parent server is upgrading, you can access the child server(s).

Base URLs for APIs

Since the Wireless Manager (WM) UI is deprecated, you canot access the WM directly. However, you can view the WM host URL in CV-CUE and use the URL to test APIs offered by CV-CUE or create your own applications. Similarly, if you use the Guest Manager sevices, you can also view the URL for guest analytics (Guest Manager) from CV-CUE.

To view the base URLs, navigate to SYSTEM > Advanced Settings > Base URLs for APIs .

The URLs for both guest analytics, and configuration and management are static links. For more information on availale APIs, see the API Help Portal. The URL for specific end point is available in the API Help Portal. The base URL is available in CV-CUE. For example, if the API endpoint is client, then the URL is <CV-CUE_base_url>/wifi/api/clients.

Import Devices

You can import an authorized AP List, and an authorized or unauthorized client list in CV-CUE. The Import Device feature is an efficient alternative to manual movement and classification of these devices.

You must have administrator privileges to import a device list. Import devices is a location specific feature and cannot be inherited from the parent location folder.

You can import Authorized AP List, Rogue AP List, Authorized Client List, Guest Client List, and Rogue Client List.

Follow these steps to import a device list:
  1. Go to System > Advanced Settings .
  2. Click the Import Device tile.
  3. Download the CSV Template.
  4. In the downloaded CSV file, delete the sample data and enter your device list by providing a comma-separated list of MAC Address, IP Address, and Device Name. Save the CSV file.
  5. In the UI, select the Device Type.
  6. Click Select File and select your saved file.
  7. Click Import.

Password Policy

For on-premises deployments, you can configure the minimum requirements for a password in the Password Policy tab. The password settings apply to all user roles - Superuser, Administrator, Operator, and Viewer. If you change the password settings, older passwords are not affected. Only those passwords that are created after you change the settings are subject to the new password settings. This setting applies only to local authentication and does not apply to LDAP and RADIUS authentication.

To configure password settings, follow these steps:
  1. Go to System > Advanced Settings > Password Policy.
  2. Specify the number of characters required for the password. Minimum number of characters is 4, maximum number of characters is 15.
  3. Select the check boxes if you want numeric and special characters respectively in the password.
  4. Save the changes.

System Backup and Restore

You can back up the entire system or only the configuration files, and restore them when needed.
Note: This feature is available for on-premises deployments only.

System Backup

CV-CUE provides two types of backup — full backup and configuration-only backup. The full backup takes a complete backup of the configuration and data. In a configuration-only backup, data related to events, performance, analytics, etc are not backed up.

When you perform a system backup, a TGZ file and an MD5 file are generated. Backup is taken in the form of a TGZ file and the MD5 file is used to verify the data integrity.

Perform a Backup

To perform a full or config-only backup:
  1. Go to SYSTEM > Advanced Settings.
  2. Click the System Backup tile.
  3. Click Full Backup or Config Only Backup from the Backup drop-down menu.
  4. Provide a custom file name and click Continue.

After successful backup, the backup file is stored in the server and you can use it to restore your server database. You can also download the backup files to your local storage. To download a backup file, click the more-menu next to the backup file and download the backup file and MD5 file.
Note: You will be logged out of the server while the backup is in progress.

Renaming a Backup File

To rename the backup file:
  1. Click the System Backup tile.
  2. Click Rename from the more menu next to the backup file entry in the Backup Files table.
  3. Provide the new file name and click Ok.

System Restore

If you have taken a backup of the Arista server database, you can restore the Arista server to a last known working state, in the case of a server failure. You can restore the database or configuration files from a list of backup files available on the server or you can upload a backup file and use it to restore the server.

Before you perform the restore, ensure that the TGZ and MD5 files are present in the same folder.

Restore Database from Available Backups

To restore the database from available backups:
  1. Go to SYSTEM > Advanced Settings.
  2. Click the System Backup tile.
  3. Click the more menu next to the backup file entry in the Backup Files table.
  4. Click Restore Backup.
  5. In the pop-up, select Restore Licenses if you want to restore the licenses of the backup file as well.
  6. Click OK.

Restore Database by Uploading a Restore Bundle

You can upload a restore bundle from an external location to restore the database on the server. The uploaded file is validated before it is used to restore the database.

To upload a restore bundle:
  1. Go to SYSTEM > Advanced Settings.
  2. Click the System Backup tile.
  3. Click Upload Backup Files.
  4. Select your .TGZ and .MD5 files and click Save.
Once the upload files are validated, the server will start the restore process.
Note: You will be logged out of the server while the server restore is in progress.

Hotspot SSIDs

APs with Hotspot SSIDs can be present in the neighborhood. When an enterprise client probes for common Hotspot SSIDs, it is at risk of connecting to the neighborhood AP, without the user knowing about it. You can classify such SSIDs with a higher chance of undesirable connections as Hotspot SSIDs.

To add Hotspot SSIDs,

  1. Go to System > Advanced Settings.
  2. Click Hotspot SSIDs.

  3. Click Add.
  4. Enter your SSID name and click Ok.

You can edit, delete, and search Hotspot SSIDs from the created list. You can also copy the list of Vulnerable SSIDs across servers present in the same cluster, by using the Copy Policy feature.

Vulnerable SSIDs

Access Points (APs) have default SSIDs. Many users do not change these SSIDs before deploying the APs. Therefore, it is very likely that APs using default SSIDs are present in the enterprise neighborhood. If an enterprise client probes for default SSIDs, it is at risk of connecting to the neighborhood AP, without the user knowing about it. Such SSIDs with a higher risk of undesirable connections are classified as Vulnerable SSIDs.

To add Vulnerable SSIDs,

  1. Go to System > Advanced Settings.
  2. Click Vulnerable SSIDs.

  3. Click Add.
  4. Enter your SSID name and click Ok.

You can edit, delete, and search Vulnerable SSIDs from the created list. You can also copy the list of Vulnerable SSIDs across servers present in the same cluster, by using the Copy Policy feature.

Automatic Frequency Coordination

The Federal Communications Commission (FCC) mandates that operations in the 6 GHz band require all Access Points (APs) operating at standard power to communicate their geolocation to an Automatic Frequency Coordination (AFC) system. The AFC system evaluates this geolocation data to ensure compliance with regulatory requirements by providing the APs with the permissible frequencies and the maximum allowable transmission power for each frequency range at their specific locations. This process helps avoid interference with licensed users operating in the 6 GHz spectrum, such as satellite and fixed wireless systems.

Note:

AFC is mandatory for all outdoor and external antenna model APs.

Currently, Arista APs communicate with the AFC system using the proxy mode through CV-CUE.

Configuring AFC in CV-CUE

Arista APs support AFC in proxy mode using the Qualcomm AFC system to retrieve the list of permissible frequencies and the maximum permissible power in each frequency range at their locations. The query timeout parameter specifies how long CV-CUE waits for a response from the Qualcomm AFC system before sending another request.

To configure AFC:
  1. Navigate to System > Advanced Settings. Click the Automatic Frequency Coordination (AFC) tab.
  2. Select the AFC Server Endpoint. Currently, CV-CUE only supports Qualcomm.
  3. Select the Query Timeout duration.
  4. Click Save.

For on-prem deployments, you also need to set the value of afc_proxy_endpoint as follows using the set config parameters CLI command:

  • Enter parameter name: afc_proxy_endpoint
  • Enter parameter value:www.cv-prod-us-central1-b.arista.io:443
  • Enter configid: 5

Once the config parameters are set, ensure that you restart the server using set server CLI command.

[config]$ set config parameter
Sets a configuration parameter directly in the database. You must know the exact 
name, ID and value of the database parameter to use this command. 

Enter parameter name: afc_proxy_endpoint
Enter parameter value: www.cv-prod-us-central1-b.arista.io:443
Enter configid: 5
 
Current value of parameter [afc_proxy_endpoint] is [www.cv-play.corp.arista.io:443]
 
Do you want to update [afc_proxy_endpoint] to [www.cv-prod-us-central1-b.arista.io:443] in configid [5]? (y/n):y
Value of parameter [afc_proxy_endpoint] has been updated successfully.

Note: Ensure that the endpoint is reachable by CV-CUE.

Enabling AFC for an AP

To enable AFC:
  1. Navigate to CONFIGURE > Device > Access Points.
  2. Under the General tab, select Automatic Frequency Coordination.

  3. Click Save.

This is a location-specific setting. After you have enabled it for your location, navigate to the device listing page to set the height of your AP.

Note: AFC feature is not available for APs deployed in staging environment. Move the AP from staging to your required location.

Note: If you disable AFC, the AP stops operating in the 6 GHz band.

Setting the height of APs

Once you have enabled AFC, ensure that you set the height of the APs. If the AP is deployed with external antenna connectors, then enter the height of the antenna.

Note: Only a Certified Professional Installer can configure AP’s height information.

You can set the height individually for each AP or via a bulk update using a csv file.

To set the height of the AP:
  1. Navigate to MONITOR > WiFi > APs.
  2. Right-click the AP and click Customize > Height Above Mean Sea Level.

  3. Set the Height Above Mean Sea Level and click Save.

Setting the height of APs in bulk

From the AP listing page, click AFC Height. Click Upload and select a CSV containing the APs' MAC Addresses and Heights.



Once the height is set successfully, it takes a few minutes for the AP to bring up the 6 GHz radio and send an AFC request to the AFC System. You can view the AFC Logs to view AFC Request and Response.

Note: Height of the AP resets if you change the AP location.

AFC Communication Flow

The following image shows how a standard power device communicates with the AFC system.

Once you set the AP height and enable Automatic Frequency Coordination (AFC), the AP sends a request to the AFC system via Arista’s cloud-based AFC proxy.

The AFC request is triggered:
  • Every 24 hours,
  • Whenever the AP powers on, and
  • Whenever the AP’s height or geo-location change

The AFC system evaluates the request and provides a list of permissible channels and power levels. The AP sets the allowed transmit power for all the channels received in the AFC response.

The channels received in the AFC response take precedence over the configured channel list. That is, the AP can only be configured on a channel that is present in the AFC response. When the AFC response expires, the AP automatically initiates a new request. If no response is received, the AP continues using the channels from the last successful AFC response until 11:59 PM on the same day (grace period). Thereafter, the AP will shut down the 6 GHz radio if it doesn’t receive AFC response during the grace period. This mechanism ensures continuous operation while adhering to AFC policies, even during temporary communication disruptions with the AFC system.

AP AFC Status

You can view the AFC Status and the Height of the APs by navigating to MONITOR > WIFI > Access Points.

Click the three-dot menu next to the AP to view its properties. Under the AFC section, you will see the AFC Response Time along with the allowed channel and the maximum allowed power for that AP.

Troubleshooting AFC

You can view and download AFC logs to troubleshoot AFC issues.

To view AFC Logs:

  1. Navigate to TROUBLESHOOT > AFC Logs.

  2. Click ⓘ next to the AFC log entry to view the JSON containing the AFC request and response.

AFC Reports

You can generate on-demand reports or scheduled reports. AFC reports contain information present on the AFC Logs page.

To generate AFC Reports:
  1. Go to REPORTS > WiFi > AFC.
  2. Click Schedule Report or Generate Report.

Allow Arista to Upgrade Access Points

Allow Arista Networks to upgrade the Access Point (AP) firmware whenever a new version becomes available. Enabling this feature ensures the AP firmware stays up to date with the latest CV-CUE version.

Selecting the Allow Arista to Upgrade Access Points checkbox allows Arista to upgrade your AP firmware. If you don’t have any Scheduled Updates configured for any location in CV-CUE, Arista will notify you of the schedule for when they will perform the firmware upgrade for that location's APs. If you already have Scheduled Updates configured, the firmware upgrade will occur according to the schedule you have defined in CV-CUE. Arista will not interfere with your pre-configured schedule.

Alternatively, you can manage the firmware upgrade yourself by deselecting the checkbox. By deselecting the checkbox, you notify Arista that you will manually upgrade the APs to the available version you prefer. The upgrade will still follow the schedule that you may have defined in your Scheduled Update settings.

Important Points:
  • Previous Opt-Outs: If you have previously contacted Arista to opt out of automatic upgrades, this setting is preemptively turned off for your account.
  • Default Status: This feature is disabled by default, and you have to manage the AP firmware yourself. Turn it on to allow Arista to manage your AP upgrades.
  • Existing Schedules: If you allow Arista to upgrade your APs, and you already have a preconfigured Scheduled Update for some locations, Arista will not upgrade any APs for those locations. Such locations will continue to follow the schedule configured by customers.
Follow these steps to enable this feature:
  1. Select SYSTEM > Advanced Settings > Allow Arista to Upgrade Access Points .
  2. Select Enable.

Certificate Management

Manage your CA Certificates, Certificate Revocation List, and common certificate settings such as SAN or CN validation.

Certificate Revocation List

Configure the Certificate Revocation List (CRL) in CV-CUE to facilitate secure communication between the Access Points (AP) and the RadSec or Rsyslog server. A Certificate Revocation List (CRL) contains a list of digital certificates, typically provided as URLs, that the issuing authority has revoked before their scheduled expiration date. You can provide a maximum of 10 URLs for CRL

When the CRL download fails, you can configure CV-CUE to accept or deny the connection request. If you accept the connection request despite the CRL download failure, the connection will proceed without verifying the RadSec or Syslog server.

Configuring the CRL Refresh Interval specifies the frequency with which CV-CUE checks for an updated CRL. Only if there’s an update, the RadSec or Syslog server restarts to initiate the verification with the new CRL. If the URL doesn't change, the RadSec and Rsyslog servers don't restart.

Follow these steps to configure CRL:
  1. Navigate to SYSTEM > Advanced Settings > Certificate Management .
  2. Select the Certificate Revocation tab.
  3. In the Access Point section, select the Certificate Revocation check box.
  4. Select Deny or Accept as the action to perform when the Certificate Revocation List download fails.
  5. Select the Certificate Revocation List Refresh Interval to define how often (range 1 to 7 days) the system should fetch the updated list from the URLs. The default value is 1 day.
  6. Provide the list of Certificate Revocation List URLS. Each URL must start with http:// or https://. IPv6 addresses must be enclosed in brackets, for example, http://[2001:db8::1]/crl.
  7. (Applicable for on-premises deployment only) You can apply the same settings to the Server as the Access Point or define server-specific settings.
  8. Save the settings.

Validate SAN or CN for Server Identity

Network Administrators can enable identity validation to ensure that Access Points (APs) establish secure RadSec and Rsyslog connections only with verified and trusted servers. When enabled, the AP verifies the server's identity during the TLS handshake for RadSec and Rsyslog communication by matching the server's hostname against the Subject Alternative Name (SAN) or Common Name (CN) fields in the server’s certificate. If both the fields are present, then SAN takes priority over CN. CN validation happens only if SAN is not provided.

If there’s a mismatch between the SAN value presented by the AP and the server certificate, then APs can’t connect to the RadSec or Rsyslog server.

Follow these steps to validate the SAN or CN:
  1. Navigate to SYSTEM > Advanced Settings > Certificate Management .
  2. Click the General tab.
  3. Select Validate SAN or CN.
  4. Save the settings.

Configuring Proxy for On-Premise Deployments

CV-CUE utilizes several external cloud-hosted services to enable key features, including AFC, Ekahau integration, Webhooks, and Arista Firmware Repositories.

In a standard on-premises deployment, CV-CUE often resides within a restricted network with no direct access to the Internet. To use and leverage the cloud-dependent features while maintaining security policies, CV-CUE supports the proxy server configuration. This service allows CV-CUE to communicate with specific external services via a customer-managed proxy server.

Prerequisites

  • Proxy Server Availability: A forward proxy reachable from the CV-CUE cluster host.
  • HTTPS Tunneling: The proxy must be configured to support the HTTP CONNECT method for secure HTTPS tunneling.
  • Authentication: If your proxy requires authentication, have the Username and Password ready.
  • Network Path:
    • IPv4/Dual Stack: Ensure the CV-CUE host can route traffic to the Proxy IP/FQDN.
    • IPv6-only: If your environment is pure IPv6, a NAT64/DNS64 gateway must be configured in your network to translate requests to the IPv4-based Arista cloud services.

Configuring Forward Proxy

To configure the proxy server:

  1. Navigate to System > Advanced Settings.
  2. Click the Proxy Server tile.
  3. Provide the Proxy Server details as follows:

    • Proxy Server URL: Enter the IP address or FQDN of the proxy server, starting with http:// or https://
    • Self-Signed Certificate: Enable it if you are using an HTTPS proxy address with a private CA.
    • Test Proxy Server URL: Enter the IP or FQDN of the test proxy server, starting with http:// or https://
    • Port Number: Enter the port used by the proxy server.
    • Enable Proxy Server Authentication (Optional): Select this option if the proxy server requires authentication. Provide the required credentials.
    • Proxy Server Bypass List: Enter a list of IP addresses that CV-CUE server can contact directly without using the proxy server.
    • Enable Proxy: Select it to enable the forward proxy.
  4. Click Save.

When you save these settings, CV-CUE performs a real-time connectivity test to the test Proxy Server URL you provide or to the default Arista Repository, if no test server URL is provided. If the proxy rejects this connection due to restricted ACLs, incorrect credentials, or firewall rules, the configuration is not applied.

Troubleshooting

  • Connection Refused: Verify that the Proxy Server is running and that the CV-CUE server's IP address is in the proxy's Access Control List (ACL).
  • SSL Errors: If you are using HTTPS, ensure the Self-Signed Certificate field includes the full chain if the proxy uses a private CA.
  • Validation Failed: Ensure the proxy allows traffic to your test URL and that the HTTP CONNECT method is enabled for port 443.

Caveats

Extended AP Upgrade Duration

AP upgrade operations may take slightly longer than usual when the cloud repository path is temporarily inaccessible during the build collection phase. In such scenarios, the system performs the configured retry attempts before automatically falling back to the local build path. Once the fallback is completed, the remaining upgrade process continues within the normal expected timeframe. This limitation also applies to bulk AP upgrade operations.

AFC Proxy IPv6 Support

AFC Proxy currently does not support IPv6, while the Qualcomm server operates over IPv4. This limitation is applicable only to pure IPv6 deployments.