Hi, We are trying to setup Guest and BYOD SSID with HTTP Redirection to Cisco ISE, but im having difficulty getting the HTTP redirection to work, any advise will be appreciated. FYI, i’ve gone thru the ISE Integration and Role Profile documentation. Thanks
Arista products are not affected by CVE-2019-15126 (Kr00k vulnerability) Kr00k – also known as CVE-2019-15126 – is a vulnerability in certain Wi-Fi chips that allows unauthorized decryption of some WPA2-encrypted traffic. Arista Networks Wifi products AP and management systems are not exploitable by the above mentioned CVEs. The vulnerability affects all unpatched devices with Broadcom and Cypress FullMac Wi-Fi chips. Devices using Wi-Fi chips from other manufacturers, including Qualcomm, Realtek, Ralink and Mediatek do not exhibit this vulnerability. Arista networks APs do not use the Wi-Fi chips that are affected. The vulnerability exploits a bug in the WiFi chipset that...
Continue reading →
Description With the 8.8.1 release, the license for an on-premises Arista WiFi server is a JSON file. The JSON license is sent in an email from Arista. It contains fields such as customer information, the features supported on that deployment, platform details, and digital signature information. Note: The new licensing mechanism does not, in general, affect upgrades to existing servers. After an upgrade, an existing on-premises WiFi server with a valid license continues to operate as before. If an existing license expires, support for the new (JSON) license is provided. The application of the new license proceeds as described in...
Continue reading →
The CloudVision WiFi (CVW) service is available as a container on the Arista CloudVision platform from its 2019.1.0/Grant release. Once you activate the CVW service, you can configure, monitor, troubleshoot, and upgrade Arista WiFi access points using the cognitive CVW UI. This chapter gives an overview of the CVW containerization on CV and explains how to set up the service. An appendix lists the CLI commands you can run on the CVW service. Overview of CVW on CV The figure below shows a conceptual overview of the Arista CVW solution. As shown in the figure, CVW is containerized within the...
Continue reading →
Hello, I’m currently testing Arista Wifi and I have issues with getting the tunneling part to work. I have setup a tunnel interface with vlan 203 and key 203. The endpoint is a Cisco ASR 1001. The SSID is set to tunneling mode, I chose that tunnel interface I just created and I can see the GRE packets going out to the ASR. I even see the DHCP DISCOVERs from my test client. However then nothing happens :( I found a few guides online and the ASR is configured like this: interface Tunnel68 mac-address 0000.5e00.0068 ip address 192.168.0.1 255.255.255.0 no...
Continue reading →
Overview VXLAN is a Layer 2 technology that helps you to create a virtual Layer 2 network (overlay network) on top of a physical Layer 3 network (underlay network), enabling you to use Layer 3 features of the underlying network, which cannot be achieved using 802.1q VLANs. Each VXLAN tunnel is identified by the VXLAN segment ID or VXLAN Network Identifier (VNI) which is 24 bits, which enables you to create up to 16 million isolated networks. This overcomes the limitation of VLANs, which have a 12 bit VLAN ID, allowing a maximum of 4,094 isolated networks. Arista WiFi Access...
Continue reading →
Description The transmit power configured on UI is now treated as EIRP (Equivalent Isotropically Radiated Power) instead of radio output power. EIRP is the effective power emitted by the AP in the direction of maxima of radiation pattern and is equal to the sum of Radio Transmit power and antenna gain. UI configuration for External Antennas has been introduced. It applies only to the APs with external antennas. APs with internal antennas would take default values (refer to datasheet for details on antenna gain values). Wireless Manager UI Configuration Tx power and External antenna gain values can be configured from...
Continue reading →
Description This document describes a few enhancements done in Wireless Manager (WM) release 8.8 in respect of AP firmware updates and packaging of AP firmware images in on-prem WM server. These changes affect only the on-prem WM servers that do not have HTTPs connectivity to Arista Cloud repository of AP images. On-prem WM servers that have such connectivity are not impacted. Current Behavior: Firmware images of different AP models such as. C-75, O-90, C-120, C-130, etc. are part of the WM server upgrade bundle. During server upgrade, AP images of the new build get copied onto the WM server. When...
Continue reading →
Description Cloud: SNMP support for Event/Alerts (New Feature) Starting 8.8 release, Cloud customers can receive all events/alerts as SNMP traps. While configuring an SNMP trap destination server, an AP can be configured to act as CIP (Cloud Integration Point) to receive traps without exposing the SNMP destination server over the Internet. An SNMP destination server can be added through either “CloudVision WiFi” (SYSTEM -> Third-Party Servers -> SNMP-Alerts) or “Wireless Manager” UI (Configuration -> ESM Integration -> Events SNMP). To configure SNMP trap destination server through “CloudVision WiFi”, go to “SNMP-Alerts” configuration page from the SYSTEM -> “Third-Party Servers”. Click...
Continue reading →
Description Arista WM gathers a wealth of data about the wireless deployment. The data gathered includes Wireless Intrusion Prevention System (WIPS) related incidents, state of the devices, etc. Reports allow compact, printable and scheduled delivery of relevant pieces of information. The reports generated by Arista WM are useful for assessing the WIPS outlook of the wireless deployment, meeting regulatory compliance requirements and for inventory management. The ability to work with reports has been added to CloudVision WiFi in version 8.8. CloudVision WiFi currently supports the following types of reports. Wireless Intrusion Prevention System (WIPS) Compliance Inventory Reports about the WiFi...
Continue reading →
Description Keeping WiFi Access Point (AP) firmware up-to-date allows network administrators to take advantage of the latest features, bug fixes, and security enhancements. The firmware of Arista APs can be upgraded via the Wireless Manager UI or CloudVision WiFi, by using any of these three techniques: New Device AP Upgrade: Newly provisioned APs can be automatically upgraded as soon as they connect to the Wireless Manager. Scheduled AP Upgrade: All the APs at a particular location can be upgraded within a particular time window—configurable in terms of specific days of the week and hours of the day. The schedule can...
Continue reading →
Hitless WiFi AP Upgrades Reports in CloudVision WiFi SNMP support for Cloud and On-Prem deployments Packaging of Access Point (AP) Firmware Images on WM Server RF Transmit Power configuration enhancements VXLAN On Arista AP
Introduction This article describes how to update the firmware on Arista Access Points via the On-Premises Wireless Manager server. On the Arista Cognitive WiFi Cloud, the AP firmware update bundle will be available via the cloud. CloudVision WiFi or the Wireless Manager UI will indicate if new firmware is available for any APs and you can initiate the firmware update for these devices from the UI. If you are using an on-premises Wireless Manager server with Internet connectivity, that is configured to sync with the cloud firmware repository, the update bundle will be available on Wireless Manager itself, after it...
Continue reading →
Packets is a cloud based network analysis and visual troubleshooting tool. Here are a few frequently asked questions and useful tips. What file formats are supported? Captures with the formats – .pcap, .cap, .wcap, .pkt and .pcapng – are supported. Both wireless and wire-side captures are supported. How do I capture the packets on my network? You can use tools like Wireshark to capture packets on your network. If you are on Mac, you can install AirTool or use Wireless Diagnostics. What other tools can be integrated with Packets? AirTool users can upload traces from AirTool directly...
Continue reading →
Packets is a cloud based network analysis and visual troubleshooting tool. The workflow is pretty simple and straightforward. Here is a quick guide to get you started with the tool. Uploading A Tracefile On login you will be presented with the Home page as shown below. The Home Page allows you upload new traces or to manage already uploaded traces. To upload a new trace, simply drag and drop it in the section marked as ‘Drag Your Traces Here’ or you can also click on the ‘Select Files’ text to browse and select a file...
Continue reading →
Introduction Groups provide a network administrator the flexibility to apply custom configurations to APs across locations in CloudVision WiFi, regardless of the default templates configured at those individual locations. In this article we will walk through some common operations using Groups. Prerequisites Superuser or Administrator access to CloudVision WiFi (CVW). CloudVision WiFi version 2.4 or higher. Wireless Manager (WM) version 8.7 or higher. Solution Creating Groups A Group can be created in any of the following ways in CVW: Navigate to System > Navigator > Folder > Right click on a folder > Add Group Note: Groups cannot be created...
Continue reading →
Introduction The Ethernet over GRE (EoGRE) is an unencrypted, stateless, Layer 2 tunneling technology. EoGRE encapsulates Ethernet packets and provides the ability to set up one or more tunnels from an AP to an aggregation device such as a Router. There is no connection setup or tear-down procedure. As such, the tunnel interface always remains ON and ready to send/receive on the AP side. This article describes how to interpret EOGRE traffic using Wireshark. Solution The GRE header has the following fields: Checksum – 1 bit. This field is assumed to be zero in this version. If set to 1,...
Continue reading →
Introduction The article lists the different modules and frequency at which CloudVision WiFi updates its UI by fetching data from Wireless Manager. Solution The Wireless Manager collects all data and stores it in its database. CloudVision WiFi polls this data from the Wireless Manager database periodically and presents it using an internal webserver. There are different counters and charts across different modules on CloudVision WiFi which have their own polling intervals, default duration filter and granularity for which data is being shown. Modules Counters or Charts Default Filter Duration Granularity Polling Interval All Pages AP counters Current 2 minutes Clients...
Continue reading →
Introduction As the number of users in an organization increases, so does the need for a centralized database for user management. Arista APs can be used to authenticate users who sign in to WiFi, using their credentials stored in a centralized or distributed database. Lightweight Directory Access Protocol (LDAP) cannot be directly implemented as an authentication mechanism by an Arista AP, primarily because the Arista APs do not support this protocol for authentication. Another reason is that LDAP is not really an authentication protocol but a directory lookup/access protocol, for querying and modifying items in directory service providers like Active...
Continue reading →
Introduction The article describes a few examples of how CloudVision WiFi uses APIs to interface with Wireless Manager. Prerequisites Administrator or higher access to the Wireless Manager and API Keys Solution CloudVision WiFi (CVW) does not store any WiFi data or configuration. Instead, the Wireless Manager (WM) server collects all the data and stores it in its database. CVW polls the WM database periodically and represents it on its own UI using an internal web server. So, how does CVW fetch this data from the WM database? API Samples Below are few examples of the APIs that CVW uses to...
Continue reading →
