• Category : Cognitive Wi-Fi

 
 

How to Troubleshoot Arista AP Connection to the Cloud

Introduction This article describes how to troubleshoot the Arista AP connectivity to the Cognitive Wi-Fi cloud. When the AP has disconnected from the cloud service, it will appear Inactive on the CloudVision Wi-Fi / Wireless Manager UI. Prerequisites Access to the CloudVision Wi-Fi (CVW) or Wireless Manager (WM) UI. config CLI access to the Arista AP. Solution Step 1 Check if the AP is provisioned on your cloud service. On CloudVision Wi-Fi, navigate to Monitor > Wi-Fi > Access Point and hover your mouse cursor on the Status icon beside the AP in question. A green icon indicates that it...
Continue reading →

How to Upgrade Access Points to a Specific Build (On-Premises)

Introduction This article describes how to update the firmware on Arista Access Points via the On-Premises Wireless Manager server. On the Arista Cognitive Wi-Fi Cloud, the AP firmware update bundle will be available via the cloud. CloudVision Wi-Fi or the Wireless Manager UI will indicate if new firmware is available for any APs and you can initiate the firmware update for these devices from the UI. If you are using an on-premises Wireless Manager server with Internet connectivity, that is configured to sync with the cloud firmware repository, the update bundle will be available on Wireless Manager itself, after it...
Continue reading →

Packets FAQs

Packets is a cloud based network analysis and visual troubleshooting tool. Here are a few frequently asked questions and useful tips.   What file formats are supported? Captures with the formats – .pcap, .cap, .wcap, .pkt and .pcapng – are supported. Both wireless and wire-side captures are supported.   How do I capture the packets on my network? You can use tools like Wireshark to capture packets on your network. If you are on Mac, you can install AirTool or use Wireless Diagnostics.   What other tools can be integrated with Packets? AirTool users can upload traces from AirTool directly...
Continue reading →

Getting Started With Packets

  Packets is a cloud based network analysis and visual troubleshooting tool. The workflow is pretty simple and straightforward. Here is a quick guide to get you started with the tool.       Uploading A Tracefile On login you will be presented with the Home page as shown below. The Home Page allows you upload new traces or to manage already uploaded traces.   To upload a new trace, simply drag and drop it in the section marked as ‘Drag Your Traces Here’ or you can also click on the ‘Select Files’ text to browse and select a file...
Continue reading →

Troubleshooting an AP in "Non-Recoverable" State after Firmware Update Failure

Introduction This article will assist you in troubleshooting when an AP goes into a “non-recoverable” state. This may happen if the device suddenly loses loses power or connectivity with the cloud/on-prem Wi-Fi management server during the firmware update process. On CloudVision Wi-Fi, the Update column shows that “Firmware Update Failed” for the AP in question. On Wireless Manager you will see the icon beside the AP listing, indicating that the device is in a “non-recoverable” state. Prerequisites Access to the CloudVision Wi-Fi (CVW) or Wireless Manager (WM) UI. config CLI access to the Arista AP or a crossover cable and...
Continue reading →

Interpreting EoGRE Traffic Using Wireshark

Introduction The Ethernet over GRE (EoGRE) is an unencrypted, stateless, Layer 2 tunneling technology. EoGRE encapsulates Ethernet packets and provides the ability to set up one or more tunnels from an AP to an aggregation device such as a Router. There is no connection setup or tear-down procedure. As such, the tunnel interface always remains ON and ready to send/receive on the AP side. This article describes how to interpret EOGRE traffic using Wireshark. Solution The GRE header has the following fields: Checksum – 1 bit. This field is assumed to be zero in this version. If set to 1,...
Continue reading →

Can I Use LDAP to Authenticate Wireless Users?

Introduction As the number of users in an organization increases, so does the need for a centralized database for user management. Arista APs can be used to authenticate users who sign in to Wi-Fi, using their credentials stored in a centralized or distributed database. Lightweight Directory Access Protocol (LDAP) cannot be directly implemented as an authentication mechanism by an Arista AP, primarily because the Arista APs do not support this protocol for authentication. Another reason is that LDAP is not really an authentication protocol but a directory lookup/access protocol, for querying and modifying items in directory service providers like Active...
Continue reading →

CDE Networks and Their Relevance to PCI Standards

Introduction In this article we will discuss CDE networks in the context of PCI DSS reports on CloudVision Wi-Fi. First let’s understand what these acronyms mean. PCI DSS: The Payment Card Industry Data Security Standard is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment. Therefore, wirelesses being an important part of the network, will also have to follow the set of security standards defined under PCI DSS. CDE: Over the years, PCI DSS has come up with enhancements in the defined standards, PCI DSS...
Continue reading →

AP Classification with Arista WIPS

Introduction This article explains the classification of Access Points on Wireless Manager, based on tests performed to get their wired identity and their activity in your network. Solution AP Categories Authorized Access Point Access Points (APs) that are wired to the corporate network and are compliant with the Authorized Wireless LAN (WLAN) configuration defined by the Administrator on Wireless Manager (WM) are classified as Authorized APs. Typically, these will be Arista APs, but the administrator can configure the Authorized WLAN policies for any AP vendors. Arista APs/Sensors monitor the corporate VLANs and perform various connectivity tests over the wired network...
Continue reading →

Essential Guide to Client Classification with Arista WIPS

Introduction Client classification policies define the how the wireless clients are going to be classified based on their initial discovery or the AP association. It is vital feature that is used to leverage the WIPS functionality appropriately. Prerequisites Administrative access to Wireless Manager. Solution Correct classification of wireless clients is necessary for effective Intrusion Prevention. Client Auto-classification settings are present on Wireless Manager at Configuration >WIPS > Client Auto-classification. Initial Client Classification Enabling this feature will ensure that new clients seen by the Arista AP/Sensor are automatically assigned to one particular category which may be External/Authorized/Guest, according to the administrator’s...
Continue reading →

Working of a Hidden SSID

Introduction In conventional WLANs, APs advertise their presence by sending out beacon frames that include their Service Set Identifier (SSID) and Basic Service Set Identifier (BSSID). Prior to association, clients gather information about the APs by scanning the channels one by one and listening for beacons on each channel. This is called “Passive scanning”. Clients also perform “Active scanning”, whereby they send out Probe Request frames on each channel. These are requests for APs to send out information about themselves. APs respond to Probe Requests with Probe Response frames, the contents of which are similar to beacon frames. Once the...
Continue reading →

How to Check EOGRE Tunnel Status on CloudVision Wi-Fi

Introduction This article explains how to verify the status of the GRE/IPSec tunnel on CloudVision Wi-Fi. Prerequisites CloudVision Wi-Fi version 2.4 or higher. 802.11ac capable Arista APs. Solution In order to view the status of the tunnel formed by the AP(s) with remote endpoints, navigate to Monitor > Wi-Fi > Tunnels. The green dot indicates that the status of the tunnel is up/active, and the red dot indicates that the tunnel is down/disconnected. The AP will check for the increase in Receiving Packet count (Rx) in order to determine the status of the tunnel. In case there is no increase...
Continue reading →

Introduction to Stream Marker Packets

Introduction This document describes the Stream Marker enhancement that avoids any potential impact of Marker packets on AP performance. Marker packets are injected by Arista APs and sensors to detect Rogue APs. In some cases, the Marker packets themselves may adversely impact the performance of other APs, as these are broadcast packets forwarded at basic rates on the wireless side. Prerequisites Administrator privileges on Wireless Manager and CloudVision Wi-Fi. Solution The number of Marker packets seen on the wireless side is multiplied by the number of VLANs and the number of APs on the same channel in the vicinity. With...
Continue reading →

How to enable BLE (Bluetooth Low Energy) on CloudVision Wi-Fi

Introduction Bluetooth beacon advertising is a wireless personal area network technology that is used in healthcare, fitness, security based applications, etc. Bluetooth beacons use Bluetooth Low Energy (BLE) proximity sensing to transmit universally unique identifier picked up by a compatible app or operating system. This identifier, along with several bytes sent with it, can be used to determine a device’s (e.g. Smartphones) physical location, track customers, or trigger location based actions on device such as check-in on social media. Another use is distributing messages at a specific point of interest, e.g. a shopping mall or bus stop to advertise products...
Continue reading →

How to Setup SSH banner and Idle Timeout for APs from CloudVision Wi-Fi

Introduction This document describes the new feature on CloudVision Wi-Fi/WM UI to have the option to either display or not display the banner when SSH client tries to log in to AP. Prerequisites Administrator or higher privilege on CloudVision Wi-Fi/Wireless Manager. Solution CloudVision Wi-Fi provides the following options for a client that establishes an SSH connection with an Arista AP. SSH Banner: This feature allows the administrator to enable/disable the banner that will be displayed when an SSH session is initiated to an AP. The banner contains device details such as model and version. SSH Idle timeout: This avoids idle...
Continue reading →

How to Check AP Uptime on CloudVision Wi-Fi

Introduction This document explains how to check the uptime of an AP on CloudVision Wi-Fi and Wireless Manager. Prerequisites Administrator privileges on Wireless Manager and CloudVision Wi-Fi. Wireless Manager version 8.7 or higher and CloudVision Wi-Fi version 2.4 or higher. Solution On CloudVision Wi-Fi, navigate to Monitor > WIPS > Managed Wi-Fi Device. The ‘Last Booted At’ column shows how long an AP has been Up/running. No configuration is required to enable/disable this feature. On Wireless Manager, navigate to Monitoring > Managed Devices to view the ‘Last Booted At’ column. Supported AP Platforms All Arista 802.11 ac AP platforms.

How to Configure EoGRE over IPSec on CloudVision Wi-Fi

Introduction In this article, we will see how to configure EoGRE over IPSec. GRE encapsulates the Layer 2 traffic and IPSec encrypts this encapsulated traffic. IPSec protocol is used to provide security services for IP packets such as encrypting sensitive data, authentication, protection against replay and data confidentiality. IPSec is used in conjunction with GRE to provide encryption for data, thereby providing a complete secure and flexible VPN solution. This feature provides support for both IKEv1 and IKEv2 using Tunnel and Transport mode. Prerequisites Wireless Manager/CloudVision Wi-Fi and AP version on 8.6 and above. This feature is supported only for...
Continue reading →

How to Configure EoGRE over IPSec on Wireless Manager

Introduction In this article, we will see how to configure EoGRE over IPSec. GRE encapsulates the Layer 2 traffic and IPSec encrypts this encapsulated traffic. IPSec protocol is used to provide security services for IP packets such as encrypting sensitive data, authentication, protection against replay and data confidentiality. IPSec is used in conjunction with GRE to provide encryption for data, thereby providing a complete secure and flexible VPN solution. This feature provides support for both IKEv1 and IKEv2 using Tunnel and Transport mode. Prerequisites Wireless Manager and AP version on 8.6 and above. This feature is supported only for 802.11ac...
Continue reading →

Smart TVs and Captive portal based SSIDs

Introduction What is a Smart TV? Smart TV by definition is a TV that can be connected to the internet to access streaming media services and that can run entertainment apps, such as on-demand video-rental services, internet music stations and web browsers. How does Smart TV connect to Internet? A smart TV uses either a wired Ethernet connection or built-in Wi-Fi to connect to a home network for internet access. Most models today have built-in Wi-Fi adapter and offer 802.11ac capabilities. How does a smart TV connect to Wi-Fi? Most Smart TVs support WEP, WPA/WPA2. Configurations are very straight forward,...
Continue reading →

How to Enable HTTPS Redirection on CloudVision Wi-Fi

Introduction This article describes how you can enable HTTPS redirection on the SSID which has a captive portal enabled on CloudVision Wi-Fi. Use Case We need the ability to redirect to the captive portal when the client hits an HTTPS website. This can be achieved by HTTPS redirection feature on CloudVision Wi-Fi UI. The new configuration for HTTPS redirection will be under Redirect URL settings. Prerequisites CloudVision Wi-Fi administrator privileges. Solution This feature will be configurable under Configure > Wi-Fi > SSID > Add/Select the Guest SSID > Captive Portal as shown in the screenshot below. The configuration includes fields...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: