• Author : Aditi


Secure WiFi Networks with WPA3

Description With the 8.9 release, Arista APs now support the WPA3 WiFi security protocol. WPA3 is supported only in 802.11ax access points (APs) such as C-250, C-230, and O-235. WPA3 has two types — WPA3 Personal and WPA3 Enterprise. WPA3 Personal is typically meant for home users. Its robust password-based authentication and 128-bit data AES encryption provides stronger security and protection than WPA2. WPA3 Personal provides protection against attacks such as offline dictionary attacks that attempt to guess passwords. WPA3 Enterprise has an option to use 192-bit encryption and it is meant for enterprises and office networks where the need...
Continue reading →

Monitoring VLANs Using Access Points

Description Virtual Local Area Network (VLAN) Monitoring is used to monitor access points (APs) and clients associated with these APs on a VLAN. Arista’s Wireless Intrusion Prevention System (WIPS) solution automatically classifies devices on the monitored VLANs as Authorized, Rogue or External. Types of VLAN Monitoring On the CloudVision WiFi (CVW) UI, under Device Settings > Security > VLAN Monitoring, you can enable the following types of VLAN Monitoring: SSID VLAN Monitoring: APs monitor their SSID VLANs. Auto VLAN Monitoring: APs automatically monitor any VLAN on which they detect activity. Additional VLANs: Additional VLANs to be monitored by APs in...
Continue reading →

IPv6 Support in CloudVision WiFi

Description With the 8.9 release, some operations in CloudVision WiFi (CVW) that used IPv4 addresses of WiFi clients and access points (APs) now support the use of IPv6 addresses as well. CVW processes and presents relevant information separately for IPv4 and IPv6 addresses. This document describes some of the operations that use IPv6 addresses, and lists which UI fields support or do not support IPv6 addresses. Example Operations Using IPv6 Addresses This section describes some operations that use IPv6 addresses and, where relevant, how CVW improves network administration by differentiating between IPv4 and IPv6. Search Using IPv6 As shown in...
Continue reading →

Schedule Access Point Update

Description With the 8.9 release, you can schedule the firmware update of Arista access point (APs) for a particular location. By scheduling your update, you can strategically choose the time and duration of updating APs with least impact to your network usage. For example if your offices remain closed during weekends, you can choose to update your access points during weekends so that your employees are least impacted with the update. You can schedule an update of existing APs at a location as well as automatically update new APs that get added to that location. The schedule can be a...
Continue reading →

Secure Open Network With Enhanced Open

Description With the 8.9 release, Arista APs now support the Enhanced Open security protocol built for open networks. Enhanced Open is based on Opportunistic Wireless Encryption (OWE). It is supported only in 802.11ax access points (APs) such as C-230, and O-235. Open SSID networks are widely used in coffee shops, shopping malls, airport lounges, and enterprise guest networks, and they offer minimum or no data security to client devices. OWE offers data security to your clients with encrypted sessions. OWE is an SSID setting. In CloudVision WiFi (CVW), you can configure OWE from the Security tab in the SSID settings....
Continue reading →

Setting Up a Mesh Network

Description A mesh network is typically used when it’s difficult to run a wired Ethernet connection to every access point (AP). In a mesh deployment, only some APs have a wired Ethernet connection—these APs are called “root nodes”. Other APs (called “non-root nodes”) form “mesh links” or “hops”—a chain of  wireless links leading ultimately to the root node. Thus, in a mesh, root nodes are directly connected to a switch, whereas the other APs connect to the wired network via one or more wireless hops to the root node. Each hop introduces a drop in the throughput, so a mesh...
Continue reading →

Locate Clients and APs

Description With the 8.9 release, you can locate a specific access point (AP) or client that is added to a floor plan from CloudVision WiFi (CVW). For example, you can use this feature to locate a rogue AP or client in your floor plan. However, you can’t locate multiple devices or clients. CVW locates an AP or client based on the triangulation method. You can locate a device from the following places in CVW: FLOOR PLANS MONITOR > WiFi > Clients MONITOR > WiFi > Access Points MONITOR > WIPS > Managed WiFi Devices MONITOR > WIPS > Access Points...
Continue reading →

Root Cause Analysis Using the Inference Engine

Description Arista CloudVision WiFi (CVW) eliminates the need to manually troubleshoot some commonly occuring network issues. CVW has a powerful, intelligent engine called the Inference Engine that identifies the root causes of network issues and recommends solutions to those problems. With the 8.9 release, you can now perform root cause analysis for total clients as well as a single client. The Inference Engine can diagnose and recommend solutions for the following symptoms: Low RSSI Low data rate High retry Note that root cause analysis is not supported for sticky clients. The Inference Engine analyzes the following causes to display the...
Continue reading →

Cloud Integration Points in High Availability Mode

Description A Cloud Integration Point (CIP) is an Arista access point (AP) that enables the integration of the Wireless Manager (WM) server in the cloud with the following on-premises third-party services: Syslog servers SNMP servers Cisco Wireless LAN Controllers (WLC) Aruba Mobility Controllers Integrating the Arista cloud with your on-premises systems allows you to leverage key advantages of the cloud WM while continuing to use your existing on-premises infrastructure. It also saves you the time, effort, and cost of installing and maintaining an on-premises WM. With the 8.9 release, you can define a pair of CIPs—a primary CIP and a...
Continue reading →

Application Visibility and Dashboard

Description With the 8.9 release, you can now monitor two more applications: Microsoft Teams and Zoom from the DASHBOARD. CloudVision WiFi (CVW) uses deep packet inspection to gain visibility into applications being used by WiFi clients. Application visibility gives you data on the usage and performance of applications. To see applications on the DASHBOARD, you must enable Application Visibility and optionally enable Application Firewall Rules while configuring the SSID. Note that if you enable Application Firewall Rules, then, by default the Application Visibility checkbox gets enabled and the field is grayed out. Enable Application Visibility Navigate to CONFIGURE > WiFi....
Continue reading →

Access Point Wired Network Information in CloudVision WiFi

Description With the 8.9 release, CloudVision WiFi (CVW) shows wired network information for access points (APs). This improves network monitoring and troubleshooting, since you can now identify some wired side issues on the AP. For instance, on the Monitor tab in CVW, you can filter the AP list by the switch name to debug issues such as multiple APs constantly rebooting themselves because of their switch flapping (going up and down). As another example, by drilling down on an AP and viewing its wired properties, you can check the list of VLANs detected by the AP to verify that the...
Continue reading →

CloudVision WiFi 8.9

Access Point Wired Network Information in CloudVision WiFi Application Visibility and Dashboard Cloud Integration Points in High Availability Mode Root Cause Analysis Using the Inference Engine Locate Clients and APs Setting Up a Mesh Network Secure Open Network With Enhanced Open Schedule Access Point Update IPv6 Support in CloudVision WiFi Monitoring VLANs Using Access Points Secure WiFi Networks with WPA3

CloudVision WiFi 8.8.2

Access Points in CIP Mode Updated AP LED States MSS Clamping Support on Access Points

Access Point LEDs Simplified

Description Release 8.8.1 introduces a simplified and unified specification for LED indicators across all Arista 802.11ax and 802.11ac Access Points. The table below describes the new LED states and what they indicate. Blink Patterns LEDs Power LED LAN LED(s) when present WiFi LEDs Green Orange Green Green Solid Normal  operation @ Full capability Normal operation @ Reduced capability Interface Active Interface Active Blinking No Server connectivity Received IP address No IP address NA NA Off Device not receiving power Interface Inactive Interface Inactive Platform Compatibility The revised Access Point LED Specification is applicable to the following models. Access Point Type...
Continue reading →

JSON License File for On-Premises WiFi

Description With the 8.8.1 release, the license for an on-premises Arista WiFi server is a JSON file. The JSON license is sent in an email from Arista. It contains fields such as customer information, the features supported on that deployment, platform details, and digital signature information. Note: The new licensing mechanism does not, in general, affect upgrades to existing servers. After an upgrade, an existing on-premises WiFi server with a valid license continues to operate as before. If an existing license expires, support for the new (JSON) license is provided. The application of the new license proceeds as described in...
Continue reading →

Role-Based Access Control for RADIUS MAC Authentication

Description With the 8.8.1 release, RADIUS MAC Authentication can be configured to assign roles to clients both before and after authentication. This allows for better integration of Arista WiFi with third-party RADIUS servers, especially for scenarios that use central web authentication via an external captive portal with RADIUS (e.g., for the onboarding of guest users or employee-owned devices). An example workflow using roles is shown in the figure below. When the client first connects to the SSID, the WiFi access point (AP) sends an Access Request containing the client’s MAC address to the RADIUS server. The RADIUS server responds with...
Continue reading →

CloudVision WiFi 8.8.1

Role-Based Access Control for RADIUS MAC Authentication JSON License File for On-Premises WiFi Access Point LEDs Simplified

VXLAN On Arista AP

Overview VXLAN is a Layer 2 technology that helps you to create a virtual Layer 2 network (overlay network) on top of a physical Layer 3 network (underlay network), enabling you to use Layer 3 features of the underlying network, which cannot be achieved using 802.1q VLANs. Each VXLAN tunnel is identified by the VXLAN segment ID or VXLAN Network Identifier (VNI) which is 24 bits, which enables you to create up to 16 million isolated networks. This overcomes the limitation of VLANs, which have a 12 bit VLAN ID, allowing a maximum of 4,094 isolated networks. Arista WiFi Access...
Continue reading →

RF Transmit Power configuration enhancements

Description The transmit power configured on UI is now treated as EIRP (Equivalent Isotropically Radiated Power) instead of radio output power. EIRP is the effective power emitted by the AP in the direction of maxima of radiation pattern and is equal to the sum of Radio Transmit power and antenna gain. UI configuration for External Antennas has been introduced. It applies only to the APs with external antennas. APs with internal antennas would take default values (refer to datasheet for details on antenna gain values). Wireless Manager UI Configuration Tx power and External antenna gain values can be configured from...
Continue reading →

Packaging of Access Point (AP) Firmware Images on WM Server

Description This document describes a few enhancements done in Wireless Manager (WM) release 8.8 in respect of  AP firmware updates and packaging of AP firmware images in on-prem WM server. These changes affect only the on-prem WM servers that do not have HTTPs connectivity to Arista Cloud repository of AP images. On-prem WM servers that have such connectivity are not impacted. Current Behavior: Firmware images of different AP models such as. C-75, O-90, C-120, C-130, etc. are part of the WM server upgrade bundle. During server upgrade, AP images of the new build get copied onto the  WM server. When...
Continue reading →


Get every new post on this blog delivered to your Inbox.

Join other followers: