• Author : Aditi

 
 

AP Health

Introduction With CloudVision Wi-Fi (CVW) release 10.0, you can drill down on an access point (AP) and see more information related to the RF conditions, performance, and health of an AP. RF Conditions: Broadly, three new views show the RF information for an AP: the Spectrum Occupancy chart, the Channel Utilization chart, and the RF Explorer view. Note: Views and charts that show information about channels other than the operating channels of the AP work best when the AP has a dedicated scanning radio. APs that do not have a dedicated scanning radio use background scanning, where typically an AP...
Continue reading →

Access Point Web Shell

Introduction Web Shell is an online interface to remotely log into an AP via SSH. With the 10.0 release, an administrator or a superuser can open Web Shell for a specific access point (AP) from CloudVision Wi-Fi (CVW). Web Shell is helpful to troubleshoot AP issues, especially if an AP is behind a NAT. The URL for the Web Shell is specific to an AP. You can bookmark the URL to open a shell session to the AP directly instead of opening the shell session from CVW. Depending on the limit defined in the config parameter, you can open concurrent...
Continue reading →

Authenticate Users Using Okta in Captive Portal

Introduction Okta is an identity management service that is primarily built for the enterprise cloud but it is also compatible with many on-premises applications. Using Okta, you can authenticate and manage employee access to any application or device (network access). Okta supports following methods to onboard Wi-Fi and wired clients: Okta On-premises Radius Agents (wired and wireless) O-Auth Integration with Okta (wireless only) Arista supports both these methods; however, this article focuses only on wireless clients (called as clients hereafter) on-boarding using Okta OAuth. Call Flow The following call-flow is used for Okta OAuth: Administrator configures the Okta OAuth application...
Continue reading →

Tagging mDNS Packets

Description Multicast DNS (mDNS) is used to resolve hostnames to IP addresses in networks that do not have a local name server.  mDNS gateways running on Arista aggregation switches extend the scope of mDNS messages to additional subnets, allowing hosts to discover services and resolve domain names over a larger logical network. A Wi-Fi client sends an mDNS packet querying for services on the network—for example, printers. With release 10.0, an Arista access point (AP) can tag client mDNS query packets with a location name. The AP adds its location, i.e. the name of the folder in the CloudVision Wi-Fi...
Continue reading →

VLAN Name Mapping to VLAN IDs

Introduction With the release 10.0, you can now use a VLAN Name to specify the SSID VLAN. One VLAN Name can be mapped to multiple VLAN IDs. By doing this, an SSID can have the same VLAN name mapped to different VLAN IDs for different locations. This mapping is called SSID VLAN Mapping and you can perform the mapping from SSID settings. Another mapping is the Location-based VLAN mapping, where the VLAN ID is mapped to a VLAN Name at a specific location. Note: If both the mappings are present, then the Location-based VLAN mapping takes preference over the SSID...
Continue reading →

Quality of Experience for Web-Based Applications

Introduction With the 10.0 release, CloudVision Wi-Fi (CVW) supports monitoring the performance of web-based enterprise applications (such as Email applications, HR and Project Management applications, Intranet, Online Drive, and others) along with the existing VOIP-based applications such as Zoom, Hangouts, and others. Arista APs capture essential details of the TCP flows of a web application and send it to the server to determine the health of the application. If the overall health is calculated as poor, CVW displays the percentage of application experience for the duration. A lower percentage indicates a poor application experience whereas a higher percentage indicates a...
Continue reading →

CloudVision Wi-Fi 10.0

Quality of Experience for Web-Based Applications VLAN Name Mapping to VLAN IDs Tagging mDNS Packets Authenticate Users Using Okta in Captive Portal Access Point Web Shell AP Health

Access Point Communication with RADIUS Server via Tunnel 

Description Enterprise networks sometimes need to tunnel Wi-Fi traffic from a remote location to an endpoint in the corporate network—for example, the Arista Remote Access Point (RAP) solution uses an IPSec-based VPN tunnel to connect RAPs to the corporate network. In such networks, as shown in the following figure, the RADIUS server could be located in the private corporate network behind the remote endpoint. With release 9.0, CloudVision Wi-Fi supports the tunneling of RADIUS messages between the AP and the RADIUS server. Key Characteristics Across Tunnel Types All types of tunnel interfaces support tunneling of RADIUS messages between APs and...
Continue reading →

Enhanced Open (OWE) with Transition Mode

Description With the 9.0 release, Arista access points (APs) now support the Enhanced Open security protocol with Transition Mode that is built for open networks. Enhanced Open is based on Opportunistic Wireless Encryption (OWE), which provides over-the-air encryption of data, but no authentication. OWE is supported only in 802.11ax APs such as C-260, C-250, C-230/C-230E, and O-235/O-235E. However, if you enable Transition Mode with OWE, clients that don’t support OWE can also connect to the OWE SSID using the Open protocol. OWE with Transition Mode is an SSID setting. In CloudVision Wi-Fi (CVW), you can configure OWE with Transition Mode...
Continue reading →

Turn Access Point Radios On or Off

Description With CloudVision Wi-Fi (CVW) 9.0, you can turn individual access point (AP) radios on or off. To understand the motivation for this, consider a floor where Wi-Fi access points (APs) with both 2.4GHz and 5GHz radios are deployed. Since the 2.4GHz signal propagates better than 5GHz and APs are often deployed to provide high 5GHz RSSI all over the floor, some areas on the floor end up having an “excess” of 2.4GHz signal, i.e., these areas get high RSSI signal from multiple 2.4GHz AP radios. This could cause interference in those areas because the 2.4GHz band has only three...
Continue reading →

Service Impact of Configuration Changes

Description With release 9.0, CloudVision Wi-Fi (CVW) warns a user of any service impact caused by settings changed on the UI. In general, the configuration changes affect the Wi-Fi service as follows: Changes to SSID settings cause the SSID to restart. Changes to RADIUS profiles, Role Profiles, and Tunnel Interfaces cause SSIDs that use these profiles to restart. Changes to Device and Radio Settings can cause either SSIDs using these settings to restart or access points (APs) using these settings to reboot. Exceptions to the general rule exist—settings that do not cause any service interruptions. The table below is a...
Continue reading →

Remote Access Points

Description With the release 9.0, the Remote Access Point (RAP) solution enables organizations to extend their Enterprise SSIDs to an Arista AP installed at a remote worker’s home office or a small branch office. The RAP solution uses industry-standard protocols to securely connect the remote AP deployed at a workplace with the enterprise data center over the public Internet. The Network Administrators configure the APs with appropriate security and settings, and handover the APs to remote employees. Remote employees simply have to install the AP at their location and get connected to the broadcasted Enterprise SSID. All communication between the...
Continue reading →

CloudVision Wi-Fi 9.0.1

Remote Access Points Service Impact of Configuration Changes Turn Access Point Radios On or Off Access Point Communication with RADIUS Server via Tunnel Enhanced Open (OWE) with Transition Mode

Secure Wi-Fi Networks with WPA3

Description With the 8.9 release, Arista APs now support the WPA3 Wi-Fi security protocol. WPA3 is supported only in 802.11ax access points (APs) such as C-250, C-230, and O-235. WPA3 has two types — WPA3 Personal and WPA3 Enterprise. WPA3 Personal is typically meant for home users. Its robust password-based authentication and 128-bit data AES encryption provides stronger security and protection than WPA2. WPA3 Personal provides protection against attacks such as offline dictionary attacks that attempt to guess passwords. WPA3 Enterprise has an option to use 192-bit encryption and it is meant for enterprises and office networks where the need...
Continue reading →

Monitoring VLANs Using Access Points

Description Virtual Local Area Network (VLAN) Monitoring is used to monitor access points (APs) and clients associated with these APs on a VLAN. Arista’s Wireless Intrusion Prevention System (WIPS) solution automatically classifies devices on the monitored VLANs as Authorized, Rogue or External. Types of VLAN Monitoring On the CloudVision Wi-Fi (CVW) UI, under Device Settings > Security > VLAN Monitoring, you can enable the following types of VLAN Monitoring: SSID VLAN Monitoring: APs monitor their SSID VLANs. Auto VLAN Monitoring: APs automatically monitor any VLAN on which they detect activity. Additional VLANs: Additional VLANs to be monitored by APs in...
Continue reading →

IPv6 Support in CloudVision Wi-Fi

Description With the 8.9 release, some operations in CloudVision Wi-Fi (CVW) that used IPv4 addresses of Wi-Fi clients and access points (APs) now support the use of IPv6 addresses as well. CVW processes and presents relevant information separately for IPv4 and IPv6 addresses. This document describes some of the operations that use IPv6 addresses, and lists which UI fields support or do not support IPv6 addresses. Example Operations Using IPv6 Addresses This section describes some operations that use IPv6 addresses and, where relevant, how CVW improves network administration by differentiating between IPv4 and IPv6. Search Using IPv6 As shown in...
Continue reading →

Schedule Access Point Update

Description With the 8.9 release, you can schedule the firmware update of Arista access point (APs) for a particular location. By scheduling your update, you can strategically choose the time and duration of updating APs with least impact to your network usage. For example if your offices remain closed during weekends, you can choose to update your access points during weekends so that your employees are least impacted with the update. You can schedule an update of existing APs at a location as well as automatically update new APs that get added to that location. The schedule can be a...
Continue reading →

Secure Open Network With Enhanced Open

Description With the 8.9 release, Arista APs now support the Enhanced Open security protocol built for open networks. Enhanced Open is based on Opportunistic Wireless Encryption (OWE). It is supported only in 802.11ax access points (APs) such as C-230, and O-235. Open SSID networks are widely used in coffee shops, shopping malls, airport lounges, and enterprise guest networks, and they offer minimum or no data security to client devices. OWE offers data security to your clients with encrypted sessions. OWE is an SSID setting. In CloudVision Wi-Fi (CVW), you can configure OWE from the Security tab in the SSID settings....
Continue reading →

Setting Up a Mesh Network

Description A mesh network is typically used when it’s difficult to run a wired Ethernet connection to every access point (AP). In a mesh deployment, only some APs have a wired Ethernet connection—these APs are called “root nodes”. Other APs (called “non-root nodes”) form “mesh links” or “hops”—a chain of  wireless links leading ultimately to the root node. Thus, in a mesh, root nodes are directly connected to a switch, whereas the other APs connect to the wired network via one or more wireless hops to the root node. Each hop introduces a drop in the throughput, so a mesh...
Continue reading →

Locate Clients and APs

Description With the 8.9 release, you can locate a specific access point (AP) or client that is added to a floor plan from CloudVision Wi-Fi (CVW). For example, you can use this feature to locate a rogue AP or client in your floor plan. However, you can’t locate multiple devices or clients. CVW locates an AP or client based on the triangulation method. You can locate a device from the following places in CVW: FLOOR PLANS MONITOR > Wi-Fi > Clients MONITOR > Wi-Fi > Access Points MONITOR > WIPS > Managed Wi-Fi Devices MONITOR > WIPS > Access Points...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: