• Blog

 
 

Troubleshooting On-premises CloudVision WiFi

ContentsIntroductionUse CasePrerequisitesSolutionSetupTroubleshooting Introduction CloudVision WiFi service was originally available only as a service on the Arista Cognitive WiFi Cloud. From Wireless Manager version 8.5.1, an administrator can now install CloudVision WiFi for an on-premise Wireless Manager server. This document lists the steps to troubleshoot issues with the CloudVision WiFi plugin. Use Case This article is useful to troubleshoot scenarios where the hyperlink to launch CloudVision WiFi from Wireless Manager is not displayed. Prerequisites Wireless Manager (WM) must be running software version 8.5.1 or higher The administrator will have to download and install the CloudVision WiFi (CVW) plugin. Solution Setup Follow...
Continue reading →

TCP/UDP Ports used by Arista WiFi Products

Introduction This article explains the network ports, and the purpose for each, that need to be allowed in an environment where Arista WiFi products are deployment. A network port is a process-specific or an application-specific software construct serving as a communication endpoint, which is used by the Transport Layer protocols of Internet Protocol suite, such as User Diagram Protocol (UDP) and Transmission Control Protocol (TCP). Solution Here are the TCP Ports that need to be allowed in your network. Port Purpose TCP 21 File upload/download. e.g. db backup. TCP 22 Remote CLI access over SSH and file upload/download. TCP 25...
Continue reading →

Troubleshooting WiFi Throughput Issues with iPerf3 on Arista APs

ContentsIntroductionPrerequisitesSolutionRun iPerf on an Arista APResults Introduction When we observe low throughput in the network it is important to understand whether the issue lies on the WiFi or the wired side of the network. The method to achieve this is to perform an iPerf test and compare results. This utility is present on the Arista AP which acts as an iPerf server, eliminating the need for a second client connected to the WiFi network. Online speed tests are good for quick results; however, they are not ideal for troubleshooting as these speed tests are also dependent on factors outside the...
Continue reading →

How Frequently is Data Updated on CloudVision WiFi?

Introduction The article lists the different modules and frequency at which CloudVision WiFi updates its UI by fetching data from Wireless Manager. Solution The Wireless Manager collects all data and stores it in its database. CloudVision WiFi polls this data from the Wireless Manager database periodically and presents it using an internal webserver. There are different counters and charts across different modules on CloudVision WiFi which have their own polling intervals, default duration filter and granularity for which data is being shown. Modules Counters or Charts Default Filter Duration Granularity Polling Interval All Pages AP counters Current 2 minutes Clients...
Continue reading →

CloudVision WiFi and APIs

ContentsIntroductionPrerequisitesSolutionAPI  SamplesExample 1: Get SSID list from the WM serverExample 2 : Get the list of network interfacesExample 3: Modify an AP name on CVW Introduction The article describes a few examples of how CloudVision WiFi uses APIs to interface with Wireless Manager. Prerequisites Administrator or higher access to the Wireless Manager and API Keys Solution CloudVision WiFi (CVW) does not store any WiFi data or configuration. Instead, the Wireless Manager (WM) server collects all the data and stores it in its database. CVW polls the WM database periodically and represents it on its own UI using an internal web...
Continue reading →

How to Work with Groups on CloudVision WiFi

ContentsIntroductionPrerequisitesSolutionCreating GroupsConfiguring Groups Introduction Groups provide a network administrator the flexibility to apply custom configurations to APs across locations in CloudVision WiFi, regardless of the default templates configured at those individual locations. In this article we will walk through some common operations using Groups. Prerequisites Superuser or Administrator access to CloudVision WiFi (CVW). CloudVision WiFi version 2.4 or higher. Wireless Manager (WM) version 8.7 or higher. Solution Creating Groups A Group can be created in any of the following ways in CVW: Navigate to System > Navigator > Folder > Right click on a folder > Add Group Note: Groups...
Continue reading →

Live Client Debugging on CloudVision WiFi

ContentsIntroductionPrerequisitesSolutionValidate/Verify Introduction This article is step-by-step guide to collect client connectivity logs via CloudVision WiFi, using Live Client Debugging. This feature is similar to the Connection Logs on Wireless Manager. Live Client Debugging is useful to isolate the reason for WiFi client connectivity problems in real-time. These logs show the exchange between AP and the client and can capture issues with authentication, authorization, IP address assignment, etc. Prerequisites Administrative access to CloudVision WiFi. 802.11ac AP platform must be connected and active at the location where debugging will be performed. Solution Access CloudVision WiFi from the Launchpad and navigate to Monitor...
Continue reading →

How to Assign a Static IP to an Arista AP via CloudVision WiFi

ContentsIntroductionPrerequisitesSolution Introduction This article explains how to setup Static IP address on Arista APs via CloudVision WiFi. Prerequisites Administrator access to CloudVision WiFi (CVW) / Wireless Manager (WM). The AP must show Active status on CVW. Solution Static IP address can be assigned to any Arista AP using the “Additional VLAN Monitoring” option. To enable this, navigate to Monitoring > WiFi > Access Points Right-click the AP to which you want to assign Static IP address and select Customize > Additional VLAN Monitoring. In the right hand side panel, select Add VLANs to Monitor, enter the VLAN ID and click...
Continue reading →

How to Integrate Cisco Wireless LAN Controller with CloudVision WiFi

ContentsIntroductionPrerequisitesSolution Introduction This article describes the steps to integrate Cisco Wireless LAN Controller with CloudVision WiFi. Wireless LAN Controllers (WLC) govern a collection of Lightweight Access Points (APs). Light Weight Access Point Protocol (LWAPP) defines the network protocol between the APs and WLC. The Cisco Unified WLAN architecture consists of WLC and APs. At any time, the WLC has all the information about the APs and devices seen or associated with these APs. Integration with Cisco WLC allows the system to fetch this information from WLC. Using this information the system can automatically classify devices managed by WLC and do...
Continue reading →

How to Troubleshoot WiFi Client Connectivity Issues

ContentsIntroductionPrerequisitesSolutionTroubleshoot Based on Connectivity DashboardTroubleshoot Based on Known Failures/ClientsTroubleshoot Based on Client Failure AlertsLive Troubleshooting Introduction This article describes how to troubleshoot client connectivity issues using CloudVision WiFi. Prerequisites Access to CloudVision WiFi Knowledge of affected Clients (MAC address/IP address) Solution Troubleshoot Based on Connectivity Dashboard Troubleshoot Based on Known Failures/Clients Troubleshoot Based on Client Failure Alerts Live Troubleshooting Troubleshoot Based on Connectivity Dashboard The quickest way to identify clients facing connectivity issues across a site is by using the Client Journey widget on the Connectivity Dashboard, which is a live feed for all the clients attempting to connect and...
Continue reading →

Syslog Server Integration with CloudVision WiFi

ContentsIntroductionPrerequisitesSolution Introduction This article describes how an external syslog server can be integrated with CloudVision WiFi. Prerequisites Access to CloudVision WiFi Information about the syslog server to integrate like IP address and port. Cloud Integration Point device (if using Cognitive WiFi cloud) Solution CloudVision WiFi can be used as a cloud service or with on-premises Wireless Manager. Syslog server integration can be configured at System > Third-Party Servers > Syslog.   Check Enable Syslog Servers and click “Add” to input a new syslog destination. If your syslog is on a public IP address, the integration is straightforward and you can...
Continue reading →

How to Troubleshoot Arista AP Connection to the Cloud

ContentsIntroductionPrerequisitesSolution Introduction This article describes how to troubleshoot the Arista AP connectivity to the Cognitive WiFi cloud. When the AP has disconnected from the cloud service, it will appear Inactive on the CloudVision WiFi / Wireless Manager UI. Prerequisites Access to the CloudVision WiFi (CVW) or Wireless Manager (WM) UI. config CLI access to the Arista AP. Solution Step 1 Check if the AP is provisioned on your cloud service. On CloudVision WiFi, navigate to Monitor > WiFi > Access Point and hover your mouse cursor on the Status icon beside the AP in question. A green icon indicates that...
Continue reading →

Streaming EOS telemetry states to ELK stack using openconfigbeat

ContentsIntroductionPrerequisiteAdaptersConfiguring ELK StackInstalling and Configuring openconfigbeat for EOSConfiguration file for openconfigbeatopenconfigbeat.yml file permissionsConfiguring TerminAttr and openconfigbeat daemonDefault VRF without CVPDefault VRF with CVPVRF management without CVPVRF management with CVPVRF management without CVP and authenticationSetting up Kibana index patternUsing native OpenConfig CLI and gRPC transportDefault VRFVRF managementTroubleshootingExample Configuration files Introduction The purpose of this document is to help you to set up an ELK (Elasticsearch/Logstash/Kibana) stack and stream EOS Telemetry states from an Arista Switch using openconfigbeat that can stream gRPC updates from OpenConfig or TerminAttr directly into Elasticsearch. Please note, that this app was written as a proof-of-concept and is...
Continue reading →

Commit Signing with Git at Enterprise Scale

ContentsCommit Signing with Git at Enterprise ScaleWhat Does Git Need for Commit Signing at an “Enterprise” Scale?What is commit signing like with Git today?What Does Enterprise Scale Commit Signing Look Like?How were the new features implemented?Central Key ManagementValidation of SignaturesAuditability of Signed CommitsPost-Mortem Commit Signing with Git at Enterprise Scale Git is one of the most ubiquitous version control systems used today, seeing extensive usage in projects both around the world and within Arista. Everyday numerous Arista employees, located around the world, make commits to the codebase to fix bugs, add features, and save works in progress. The same scenario...
Continue reading →

How to build and install DPDKCap

ContentsIntroductionAssumptionsSystem used to validate performanceBuild steps Introduction DPDKCap is high performance packet capture tool based on DPDK. This guide explains how to build, install and use DPDKCap on a CentOS 7 based system. Arista Fork : https://github.com/aristanetworks/dpdkcap Assumptions CentOS 7 Linux NVMe capture drive (not mandatory but recommended for line rate capture) Running as root user CPU & NIC combination that supports DPDK System used to validate performance Manufacturer: Supermicro Part number: SYS-E300-8D Processor: Intel Xeon CPU D-1518 Memory: 2x Micron 9ASF1G72PZ-2G3A1 8GB DIMMs HDD: Samsung 860 PRO SSD 4TB NVMe: Samsung 960 EVO 1TB Build steps Create a directory...
Continue reading →

Syslog message generation on MAC table changes

This feature provides the ability to generate Syslog messages for the events related to mac address entries being learnt or removed from the mac address-table on the switch. Here we will leverage following two key features of EOS: Event Monitor Event Handler ContentsPlatform compatibilityConfigurationResultMAC LearningMAC movesMAC deletionLimitation Platform compatibility This feature is supported on all platforms.   Configuration The following shows how to configure the event monitor and event-handler for generating syslog messages for each mac address entry learnt or removed from the eventmon database.   1) First of all, enable the event monitor on the switch with the help...
Continue reading →

Arista CloudEOS MultiCloud – CloudEOS Router in GCP Deployment Guide

ContentsIntroductionOverviewPrerequisitesTopologyGCP LoginVPC and its componentsCreate ‘Edge1’, ‘Leaf1’ and ‘Leaf2’ VPCsAdd Firewall RulesCreate VPC PeeringsArista CloudEOS Instances and its ComponentsCreate a New SSH KeyInstantiate a CloudEOS Router instanceInstantiate Linux instancesUpdate Routing TablesConnect to the CloudEOS Router instances and Linux VM’sCloudEOS Router configuration Introduction In this document we demonstrate deployment of Arista’s CloudEOS Router in Google Cloud Platform (GCP).  Sections of this document have been set forth based on order of execution, hence it is pertinent that the order is maintained for successful deployment of Arista’s CloudEOS Router. Overview Arista’s cloud infrastructure both public and private offers significant efficiencies that make it...
Continue reading →

CloudVision Portal Hardening Guide

ContentsIntroductionCVP Default SettingsChoosing of passwordsPassword selection for SSH loginForcing root login via SSH keyPassword selection for CVP UI loginRestrict Listening PortsDefault Listening PortsOptional Services to RestrictLogon BannerSecuring Web and gRPC AccessChoosing TLS CertificatesRestrict TLS CiphersuitesRestrict TLS VersionGenerate Diffie-Hellman ParametersDisable older TLS ProtocolsRole Based Access Control for CVP user interfaceAppendix 1Open Ports in CVP ClusterOpen Ports used by Prometheus Scraper for Health Monitoring Introduction This guide is provided as a starting point for securing CloudVision Portal, also known as CVP. In the below sections various best practices such as non-default configurations, setup instructions, and discussions of other monitoring systems are discussed. ...
Continue reading →

Hardening and Security

ContentsOverviewHardening GuidesOther Security Topics Overview An organisation’s communications infrastructure and the tools that surround it carry business critical, high value commercially sensitive information and are obvious targets for malicious actors to attempt to compromise and organisation or exfiltrate its intellectual property. Arista Networks takes its role in ensuring ongoing security extremely seriously through both secure manufacturing and supply as well as an ongoing commitment to vulnerability detection, mitigation and remediation. Product security must also be complemented by the implementation of product hardening best practices during the installation and operation of the infrastructure. The links provided below offer the latest best...
Continue reading →

Pause – Revisit the Fundamentals – Rehearse, Rehearse, Rehearse

ContentsWhy?Measure the ExistingExperimentRehearse, Rehearse, RehearseHave Whiteboard, Will TravelSweet SuccessSummary Why? I’d like to think of this as a chapter in the manual of “CoNE.” Code of Network Ethics. OK, so I made that up. But it should be a thing, right? How many outages have you experienced where the original problem wasn’t nearly as impactful as the attempted fix? We have all experienced maintenance windows where we tried a fall-forward approach because we didn’t want to back-out the change. And the fall- or fail-forward method cost us an extended maintenance window that bled into the production time. The impact of...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: