• Author : Aditi

 
 

Access Point Communication with RADIUS Server via Tunnel 

Description Enterprise networks sometimes need to tunnel WiFi traffic from a remote location to an endpoint in the corporate network—for example, the Arista Remote Access Point (RAP) solution uses an IPSec-based VPN tunnel to connect RAPs to the corporate network. In such networks, as shown in the following figure, the RADIUS server could be located in the private corporate network behind the remote endpoint. With release 9.0, CloudVision WiFi supports the tunneling of RADIUS messages between the AP and the RADIUS server. Key Characteristics Across Tunnel Types All types of tunnel interfaces support tunneling of RADIUS messages between APs and...
Continue reading →

Enhanced Open (OWE) with Transition Mode

Description With the 9.0 release, Arista access points (APs) now support the Enhanced Open security protocol with Transition Mode that is built for open networks. Enhanced Open is based on Opportunistic Wireless Encryption (OWE), which provides over-the-air encryption of data, but no authentication. OWE is supported only in 802.11ax APs such as C-260, C-250, C-230/C-230E, and O-235/O-235E. However, if you enable Transition Mode with OWE, clients that don’t support OWE can also connect to the OWE SSID using the Open protocol. OWE with Transition Mode is an SSID setting. In CloudVision WiFi (CVW), you can configure OWE with Transition Mode...
Continue reading →

Turn Access Point Radios On or Off

Description With CloudVision WiFi (CVW) 9.0, you can turn individual access point (AP) radios on or off. To understand the motivation for this, consider a floor where WiFi access points (APs) with both 2.4GHz and 5GHz radios are deployed. Since the 2.4GHz signal propagates better than 5GHz and APs are often deployed to provide high 5GHz RSSI all over the floor, some areas on the floor end up having an “excess” of 2.4GHz signal, i.e., these areas get high RSSI signal from multiple 2.4GHz AP radios. This could cause interference in those areas because the 2.4GHz band has only three...
Continue reading →

Service Impact of Configuration Changes

Description With release 9.0, CloudVision WiFi (CVW) warns a user of any service impact caused by settings changed on the UI. In general, the configuration changes affect the WiFi service as follows: Changes to SSID settings cause the SSID to restart. Changes to RADIUS profiles, Role Profiles, and Tunnel Interfaces cause SSIDs that use these profiles to restart. Changes to Device and Radio Settings can cause either SSIDs using these settings to restart or access points (APs) using these settings to reboot. Exceptions to the general rule exist—settings that do not cause any service interruptions. The table below is a...
Continue reading →

Remote Access Points

Description With the release 9.0, the Remote Access Point (RAP) solution enables organizations to extend their Enterprise SSIDs to an Arista AP installed at a remote worker’s home office or a small branch office. The RAP solution uses industry-standard protocols to securely connect the remote AP deployed at a workplace with the enterprise data center over the public Internet. The Network Administrators configure the APs with appropriate security and settings, and handover the APs to remote employees. Remote employees simply have to install the AP at their location and get connected to the broadcasted Enterprise SSID. All communication between the...
Continue reading →

CloudVision WiFi 9.0.1

Remote Access Points Service Impact of Configuration Changes Turn Access Point Radios On or Off Access Point Communication with RADIUS Server via Tunnel Enhanced Open (OWE) with Transition Mode

Secure WiFi Networks with WPA3

Description With the 8.9 release, Arista APs now support the WPA3 WiFi security protocol. WPA3 is supported only in 802.11ax access points (APs) such as C-250, C-230, and O-235. WPA3 has two types — WPA3 Personal and WPA3 Enterprise. WPA3 Personal is typically meant for home users. Its robust password-based authentication and 128-bit data AES encryption provides stronger security and protection than WPA2. WPA3 Personal provides protection against attacks such as offline dictionary attacks that attempt to guess passwords. WPA3 Enterprise has an option to use 192-bit encryption and it is meant for enterprises and office networks where the need...
Continue reading →

Monitoring VLANs Using Access Points

Description Virtual Local Area Network (VLAN) Monitoring is used to monitor access points (APs) and clients associated with these APs on a VLAN. Arista’s Wireless Intrusion Prevention System (WIPS) solution automatically classifies devices on the monitored VLANs as Authorized, Rogue or External. Types of VLAN Monitoring On the CloudVision WiFi (CVW) UI, under Device Settings > Security > VLAN Monitoring, you can enable the following types of VLAN Monitoring: SSID VLAN Monitoring: APs monitor their SSID VLANs. Auto VLAN Monitoring: APs automatically monitor any VLAN on which they detect activity. Additional VLANs: Additional VLANs to be monitored by APs in...
Continue reading →

IPv6 Support in CloudVision WiFi

Description With the 8.9 release, some operations in CloudVision WiFi (CVW) that used IPv4 addresses of WiFi clients and access points (APs) now support the use of IPv6 addresses as well. CVW processes and presents relevant information separately for IPv4 and IPv6 addresses. This document describes some of the operations that use IPv6 addresses, and lists which UI fields support or do not support IPv6 addresses. Example Operations Using IPv6 Addresses This section describes some operations that use IPv6 addresses and, where relevant, how CVW improves network administration by differentiating between IPv4 and IPv6. Search Using IPv6 As shown in...
Continue reading →

Schedule Access Point Update

Description With the 8.9 release, you can schedule the firmware update of Arista access point (APs) for a particular location. By scheduling your update, you can strategically choose the time and duration of updating APs with least impact to your network usage. For example if your offices remain closed during weekends, you can choose to update your access points during weekends so that your employees are least impacted with the update. You can schedule an update of existing APs at a location as well as automatically update new APs that get added to that location. The schedule can be a...
Continue reading →

Secure Open Network With Enhanced Open

Description With the 8.9 release, Arista APs now support the Enhanced Open security protocol built for open networks. Enhanced Open is based on Opportunistic Wireless Encryption (OWE). It is supported only in 802.11ax access points (APs) such as C-230, and O-235. Open SSID networks are widely used in coffee shops, shopping malls, airport lounges, and enterprise guest networks, and they offer minimum or no data security to client devices. OWE offers data security to your clients with encrypted sessions. OWE is an SSID setting. In CloudVision WiFi (CVW), you can configure OWE from the Security tab in the SSID settings....
Continue reading →

Setting Up a Mesh Network

Description A mesh network is typically used when it’s difficult to run a wired Ethernet connection to every access point (AP). In a mesh deployment, only some APs have a wired Ethernet connection—these APs are called “root nodes”. Other APs (called “non-root nodes”) form “mesh links” or “hops”—a chain of  wireless links leading ultimately to the root node. Thus, in a mesh, root nodes are directly connected to a switch, whereas the other APs connect to the wired network via one or more wireless hops to the root node. Each hop introduces a drop in the throughput, so a mesh...
Continue reading →

Locate Clients and APs

Description With the 8.9 release, you can locate a specific access point (AP) or client that is added to a floor plan from CloudVision WiFi (CVW). For example, you can use this feature to locate a rogue AP or client in your floor plan. However, you can’t locate multiple devices or clients. CVW locates an AP or client based on the triangulation method. You can locate a device from the following places in CVW: FLOOR PLANS MONITOR > WiFi > Clients MONITOR > WiFi > Access Points MONITOR > WIPS > Managed WiFi Devices MONITOR > WIPS > Access Points...
Continue reading →

Root Cause Analysis Using the Inference Engine

Description Arista CloudVision WiFi (CVW) eliminates the need to manually troubleshoot some commonly occuring network issues. CVW has a powerful, intelligent engine called the Inference Engine that identifies the root causes of network issues and recommends solutions to those problems. With the 8.9 release, you can now perform root cause analysis for total clients as well as a single client. The Inference Engine can diagnose and recommend solutions for the following symptoms: Low RSSI Low data rate High retry Note that root cause analysis is not supported for sticky clients. The Inference Engine analyzes the following causes to display the...
Continue reading →

Cloud Integration Points in High Availability Mode

Description A Cloud Integration Point (CIP) is an Arista access point (AP) that enables the integration of the Wireless Manager (WM) server in the cloud with the following on-premises third-party services: Syslog servers SNMP servers Cisco Wireless LAN Controllers (WLC) Aruba Mobility Controllers Integrating the Arista cloud with your on-premises systems allows you to leverage key advantages of the cloud WM while continuing to use your existing on-premises infrastructure. It also saves you the time, effort, and cost of installing and maintaining an on-premises WM. With the 8.9 release, you can define a pair of CIPs—a primary CIP and a...
Continue reading →

Application Visibility and Dashboard

Description With the 8.9 release, you can now monitor two more applications: Microsoft Teams and Zoom from the DASHBOARD. CloudVision WiFi (CVW) uses deep packet inspection to gain visibility into applications being used by WiFi clients. Application visibility gives you data on the usage and performance of applications. To see applications on the DASHBOARD, you must enable Application Visibility and optionally enable Application Firewall Rules while configuring the SSID. Note that if you enable Application Firewall Rules, then, by default the Application Visibility checkbox gets enabled and the field is grayed out. Enable Application Visibility Navigate to CONFIGURE > WiFi....
Continue reading →

Access Point Wired Network Information in CloudVision WiFi

Description With the 8.9 release, CloudVision WiFi (CVW) shows wired network information for access points (APs). This improves network monitoring and troubleshooting, since you can now identify some wired side issues on the AP. For instance, on the Monitor tab in CVW, you can filter the AP list by the switch name to debug issues such as multiple APs constantly rebooting themselves because of their switch flapping (going up and down). As another example, by drilling down on an AP and viewing its wired properties, you can check the list of VLANs detected by the AP to verify that the...
Continue reading →

CloudVision WiFi 8.9

Access Point Wired Network Information in CloudVision WiFi Application Visibility and Dashboard Cloud Integration Points in High Availability Mode Root Cause Analysis Using the Inference Engine Locate Clients and APs Setting Up a Mesh Network Secure Open Network With Enhanced Open Schedule Access Point Update IPv6 Support in CloudVision WiFi Monitoring VLANs Using Access Points Secure WiFi Networks with WPA3

CloudVision WiFi 8.8.2

Access Points in CIP Mode Updated AP LED States MSS Clamping Support on Access Points

Access Point LEDs Simplified

Description Release 8.8.1 introduces a simplified and unified specification for LED indicators across all Arista 802.11ax and 802.11ac Access Points. The table below describes the new LED states and what they indicate. Blink Patterns LEDs Power LED LAN LED(s) when present WiFi LEDs Green Orange Green Green Solid Normal  operation @ Full capability Normal operation @ Reduced capability Interface Active Interface Active Blinking No Server connectivity Received IP address No IP address NA NA Off Device not receiving power Interface Inactive Interface Inactive Platform Compatibility The revised Access Point LED Specification is applicable to the following models. Access Point Type...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: