OmniVista Cirrus Production Notes 4.6.2
OmniVista Cirrus Production Notes 4.6.2
OmniVista® Cirrus Production Notes detail new features and functions, network/device configuration prerequisites, supported devices, and known issues/workarounds in OmniVista Cirrus. Please read the Production Notes in their entirety as they contain important operational information that may impact successful use of the application.
New Features and Functions
An overview of new features and functions is provided below.
Devices
OmniVista Cirrus now supports the following devices:
- AOS Switches
- OS6900-C32E
- OS6860N-P24Z
- OS6860N-P24M
- OS6465H-P12
- Stellar APs
- OAW-AP1301H
- OAW-AP1331
Software
OmniVista Cirrus now supports the following OS Software Versions:
- AOS 5.1R2 - OmniVista Cirrus now supports AOS 5.1R2 for the new OS2260 and OS2360 Series Switches.
- AOS 6.7.2.R08 MR - OmniVista Cirrus now supports AOS 6.7.2.R08 MR on all previously supported AOS Switches
- AOS 8.8R1 - OmniVista Cirrus now supports AOS 8.8R1 on all previously supported AOS Switches.
- AWOS 4.0.4 MR1 and MR2 - OmniVista Cirrus now supports AWOS 4.0.4 MR1 and 4.0.4 MR2 on all supported APs.
New Applications
The following section details new applications introduced in this release.
OmniVista Monitoring and Reporting Status of NaaS 2.0 Devices
Alcatel-Lucent has released Network as a Service (NaaS) 2.0 support on AOS switches running release 8.8R1. The NaaS offering introduces a flexible hybrid model for customers to purchase network infrastructure solutions through subscriptions. OmniVista plays a key role in the NaaS offering.
- AOS switches obtain a Device License through interaction with an Alcatel-Lucent License Activation Server. The Device License information for the switch is obtained when OmniVista polls the switch via SNMP or the switch is rediscovered.
- The following Device License information obtained by OmniVista is reported on the new NaaS Device Licenses screen under Network – Discovery.
- Device License mode of operation (NaaS, CAPEX, or CAPEX Undecided)
- The licensed features (Management, Upgrade, Essentials, Advanced).
- The status of the license for each feature (Licensed, Not Licensed, Grace Period, Expired).
- New NaaS 2.0 traps supported.
Stellar AP 802.1x Client
A Stellar AP device can now be configured to operate as an 802.1x (supplicant) device. When a Stellar AP is connected to an OmniSwitch UNP port on which the AP Mode and 802.1X authentication is enabled, the switch starts to send EAP frames to the AP device. If the AP device does not respond to the EAP frames, the switch will identify the AP as a non-802.1x (non-supplicant) device and will attempt to authenticate the AP with other methods. To ensure that the switch will identify the AP device as a supplicant (802.1X client), 802.1X functionality can now be enabled for the AP Group to which the AP belongs.
- All AP client traffic (wired/wireless) is VLAN-tagged on uplink to the OmniSwitch.
- If the AP secure mode is enabled on the switch UNP port (disabled by default), the VLAN tag of the client traffic is trusted after successful AP authentication. See note below.
- A classification policy on the OmniSwitch can be configured to catch any untagged traffic.
- Third-party switches with 802.1X authentication functionality are also supported.
Note: The AP Mode is enabled on an OmniSwitch UNP port by default. However, the AP mode is not secured by default. This means that the VLAN-tagged client traffic is trusted and forwarded on the UNP port even if the AP device fails 802.1x authentication. When the AP mode is secured, VLAN-tagged client traffic is not trusted and forwarded until the AP device passes 802.1x authentication. The AP mode is secured by enabling the “Secure” option for the AP Mode in the OmniVista Access Authentication Profile to which an AP device is assigned.
Application Updates/Enhancements
The following section details updates and enhancements to existing OmniVista Cirrus applications.
AOS 5.1R2
- OmniVista 2500 NMS supports the following features for the OS2260 and OS2360 that were added with the AOS 5.1R2 release:
- Cloud Agent
- PolicyView QoS
- Troubleshooting
- Unified Policies (including LDAP)
- UNP (Universal Network Profile)
- Virtual Chassis
- VLAN Manager - MVRP
Notification Bell
- The Notification Bell on the Main Menu lists devices where the configuration is not saved.
Golden Configuration Trap Notification
- When a Golden Configuration audit detects changes in a switch configuration, OmniVista sends the “alaOvProvisioningSwitchGCDiffers” Trap notification.
OmniVista Cirrus Framework Improvements
Performance
- REST API Polling for AOS Switches Expanded to Include Additional SNMP Tables
- To further improve performance, OmniVista REST API polling has been expanded to include additional SNMP tables. The following configuration pre-requisites are required to enable OmniVista to use the HTTP interface on the switch for REST API polling:
- OmniVista REST API polling must be enabled (the default); navigate to Managed Devices Settings to configure.
- The switch CLI user must be specified in device properties with read permissions to access the configuration and statistical data of the features. To update device properties, navigate to Managed Devices (Network - Discovery), select one or more switch(es) and Edit.
- Configure HTTP AAA authentication on the switch using the following CLI command:
- aaa authentication http <server name>
- Enable HTTP and WebView services on the switch using the following CLI commands:
- webview server enable
- ip service http admin-state enable
RAP Enhancements
- RAP is supported over DS-Lite router
- RAP is supported on Wi-Fi 6 APs
Framework Enhancements
- Apache Log4j Security Vulnerabilities Addressed
The vulnerable Log4j components were not used by OmniVista; however, they were removed to avoid any potential security risk.
- OpenSSL Version Upgrade
Open SSL version was upgraded from 1.0.2k to 1.1.1l ("L") to address security vulnerabilities.
- Niginx Upgrade
Nginx was upgraded from 1.16.1 to 1.21.4 to address a High-Risk vulnerability.
OmniVista Cirrus Production Notes 4.6.1
OmniVista Cirrus Production Notes 4.6.1
OmniVista® Cirrus Production Notes detail new features and functions, network/device configuration prerequisites, supported devices, and known issues/workarounds in OmniVista Cirrus. Please read the Production Notes in their entirety as they contain important operational information that may impact successful use of the application.
New Features and Functions
An overview of new features and functions is provided below.
Devices
OmniVista Cirrus now supports the following devices:
- AOS Devices
- OS2260 Series Switches - The new OS2260 Series Switch is now supported. The following models are available: OS2260-10, OS2260-P10, OS2260-24, OS2260-P24, OS2260-48, and OS2260-P48.
- OS2360 Series Switches -The new OS2260 Series Switch is now supported. The following models are supported: OS2360-24, OS2360-48, OS2360-P24, OS2360-P48, OS2360-P24X, and OS2360-P48X.
- New OS6900 Switch Model - OS6900-V48C8 switches are now supported.
- APs
- OAW-AP1351 - OAW-AP1351 is now supported in OmniVista.
Note: On the OS2260 and OS2360 switches, the Cloud Agent is disabled by default. This means that an out-of-the-box switch will not automatically call home to OmniVista Cirrus. To restart the Cloud Agent on the switch, telnet to the switch and enter the “cloud-agent admin-state disable force” CLI command and then “y” at the confirmation prompt. Next, enter the “cloud-agent admin-state enable” CLI Command to trigger the call home to OmniVista Cirrus.
Software
OmniVista Cirrus now supports the following OS Software Versions:
- AOS 5.1R1 - OmniVista Cirrus now supports AOS 5.1R1 for the new OS2260 and OS2360 Series Switches.
- AOS 8.7R3 - OmniVista Cirrus now supports AOS 8.7R3 on all previously supported AOS Switches.
- AWOS 4.0.3 - OmniVista Cirrus now supports AWOS 4.0.3 on all supported APs.
New Applications
Introducing OmniVista Cirrus 10.1
A “teaser” version of OmniVista 10.1 is now available. OmniVista Cirrus 10.1 is a cloud-based Network Management System (NMS) that simplifies monitoring and troubleshooting of Stellar Access Points through detailed QoE Measurements and WiFi Analytics in an easy-to-read dashboard display. An existing installation of OmniVista 2500 or OmniVista Cirrus 4.6 is required to initially discover, register, and manage Stellar Access Points. Once discovered, the Access Points are then configured to send events to OmniVista Cirrus 10.1, where the data is gathered and can be analyzed by a Network Administrator. For more information see Getting-Started with OmniVista Cirrus 10.1.
To access OmniVista Cirrus 10.1, use the following URL:
https://manage.ovcirrus.com
Application Updates/Enhancements
The following section details updates and enhancements to existing OmniVista Cirrus applications.
Audit
- User Activity Report Purge Settings Can Now Be Controlled from the UI.
- User can control how long they want to retain the user activity history. Range: 7 days to 365 days, Default = 90 days.
CLI Scripting
- Tabs Added to the CLI Terminal Screen
- If you open multiple CLI Terminal sessions, the IP address of each device is displayed in a tab at the top of the Terminal Screen for easy access.
Discovery
- When you get a warning status for a device, the word “warning” now provides a link to the SNMP Traps for that device.
Resource Manager
- Restoring an RMA Switch from a Golden Config or Resource Manager Backup
- OmniVista now supports RMA use case via Golden Config and Resource Manager Backup features.
SSID
- Option to Enable/Disable UAPSD
- You can now enable Unscheduled Automatic Power Save Delivery (UAPSD) on an SSID. The UAPSD field is located in the “Advanced WLAN Service Configuration†section when configuring an SSID. The field is also available on the WLAN (Expert) page. (Default = Enabled).
- SSID UI is now enhanced to differentiate AP groups that advertise SSIDs according to a configured schedule versus those that advertise SSIDs all the time.
UPAM
- You can now disable multiple accounts at the same time.
WLAN
- RF Profile Support for 160 Mhz Channel Width
- Kick-off Client is Now Allowed from the Wireless Client List Page.
- AP Support Roaming RSSI Threshold for non-802.11K/V Clients
OmniVista Cirrus Framework Improvements
- Performance
- OmniVista now supports polling of large SNMP tables using REST API for switches running greater or equal to AOS 8.7R3. Enabled by default; go to Managed Devices settings to disable polling.
- Topology improved to handle large number of devices and links in the network.
OmniVista Cirrus Production Notes 4.5.3
OmniVista Cirrus Production Notes 4.5.3
OmniVista® Cirrus Production Notes detail new features and functions, network/device configuration prerequisites, supported devices, and known issues/workarounds in OmniVista Cirrus. Please read the Production Notes in their entirety as they contain important operational information that may impact successful use of the application.
New Features and Functions
An overview of new features and functions is provided below.
Devices
OmniVista Cirrus now supports the following devices:
- AOS Devices
- OS6360 Series Switches - The new OS6360 Series Switch is now available. OS6360-10, OS6360-P10, OS6360-24, OS6360-P24, OS6360-PH24, OS6360-P24X, OS6360-P48X, OS6360-48, and OS6360-P48, Switches are now supported in all OmniVista applications, except for Application Visibility.
- New OS6900 Switch Models - OS6900-V48C8 and OS6900-X48C4E Switches are now supported in all OmniVista applications.
- APs
- OAW-AP1301 - OAW-AP1301 is now supported in OmniVista.
- OAW-AP1311 - OAW-AP1311 is now supported in OmniVista.
Software
OmniVista Cirrus now supports the following OS Software Versions:
- AWOS 4.0.2 - OmniVista Cirrus now supports AWOS 4.0.2 on all supported APs.
- AOS 8.7R2 - OmniVista 2500 NMS now supports AOS 8.7R2 on all previously supported AOS Switches, as well as the new OS6360 Series Switches. Application Visibility is now supported on OS6860N Switches running AOS 8.7R2 using a 6860N Signature Kit.
Application Updates/Enhancements
The following section details updates and enhancements to existing OmniVista Cirrus applications.
Analytics
- Filter Analytics Reports by Profile
- You can now filter and display Top N Ports, Top N Poe Ports, and Top N PoE Switches. Reports by Analytics Profiles. A user can set up different profiles for groups of switches and use the Profile Filter option of the Report Screen to display specific switches based on Profile.
AP Registration
- Group Description Column Added to the Access Points List
- A Group Description column had been added to the Access Points List. The column contains the optional AP Group Description configured by the user for the AP Group.
Authentication Servers
- Longer RADIUS Server Password Supported
- The RADIUS Server Shared Secret can now contain up to 64 characters.
License
- Manual Polling for Immediate Subscription Update
- A Check For Updates To Subscription button has been added to the top of the License Home Screen that the user can click on to immediately activate any subscription updates.
mDNS
- Access Role Profile Condition for mDNS Client and Server Policies
- You can now include an Access Role Profile Condition in mDNS Client Policies and mDNS Server Policies.
Notifications
- Acknowledge/Clear All Traps
- You can now acknowledge or clear all traps in the Notifications Table in a single step. Click on the new Actions button at the top of the Notifications Home Screen and select Ack All or Clear All. The Poll button to poll devices for traps, is now under the new Actions button.
- Option to Ignore Stellar AP “Unsaved Changes” Traps
- There is a new option under the Unsaved Device Notifications icon (Bell) at the top of the OmniVista UI. Unsaved changes on Stellar APs are generally not a problem since Stellar APs receive the latest configuration at reboot. To prevent notifications for unsaved changes on Stellar APs, click on the Bell icon, then click on Settings. Uncheck the "Unsaved Changes Notification for Stellar Access Points" checkbox, and click OK.
Preferences
- Create Alarm Sounds for UI Inactivity and Notifications Traps
- You can now set audible alarm sounds for UI Inactivity and Notifications Traps. For Notifications, you can set the same sound for all traps or set different sounds for different Severity Levels. The sounds are configured on the Preferences “ Sounds Screen (Administration “Preferences “ User Settings “ Sounds).
Unified Access
- Map Access Role Profiles to Dynamic VLANs
- On 6.x Switches (running 6.7R08 and higher) and 8.x Switches (running 8.6R1 and higher) you can map an Access Role Profile to a dynamically-created VLAN. On 6.x Switches, you can map an Access Role Profile to a VLAN learned by a dynamic protocol (e.g., MVRP). On 8.x Switches you can map an Access Role Profile to any VLAN even if the VLAN does not yet exist on the switch. The switch will create a UNP Dynamic VLAN. In both cases, the switch will decide whether it will permit the mapping.
- For dynamic VLAN mapping, you must first configure a Unified Access Global Configuration Setting with Global Dynamic UNP VLAN creation enabled, and assign that Global Configuration to network switches.
- Assign an Access Auth Profile to an AP Downlink Port
- You can now assign an Access Auth Profile to a Downlink Port on AP1201H, AP1201HL, and AP1311 Devices. When you assign the profile to an AP Group, you have the option of selecting up to three Downlink Ports. OmniVista will apply the profile to the selected port(s) on supported APs/ports in the AP Group. OmniVista will ignore unsupported APs/ports in the AP Group.
- Map a UNP VLAN to UNP Port When Assigning an Access Authentication Profile
- When assigning an Access Authentication Profile, you can map a UNP VLAN to a UNP Port. This configures a Tagged or Untagged VLAN Port Association between the specified UNP Bridge Port and the VLAN This feature is useful when connecting “Silent" devices (e.g., printers) to Bridge Ports. The feature is supported on 6.x Switches (running AOS 6.7.2.R07 and higher) and 8.x Switches (running AOS 8.6R1 and higher).
- Bypass VLAN Feature for AP1201H and 1201HL APs
- A Bypass VLAN attribute in now available when configuring Access Auth Profiles. The Bypass VLAN attribute is supported on Stellar AP1201H and AP1201HL Devices. The feature improves wired port forwarding performance by skipping the CPU process. When a Bypass VLAN is configured, traffic from the AP uplink port to the downlink port, or vice versa, is forwarded directly through the switch chipset without CPU intervention.
- The Bypass VLAN has higher priority than Trust Tag. When a VLAN is configured as the Bypass VLAN and Trust Tag at the same time, the Bypass VLAN function is effective on that VLAN, while Trust Tag is not. Note that when Bypass VLAN is configured, Authentication/ACL/Policy etc. features cannot be applied to the traffic in the Bypass VLAN.
- This attribute is supported on AP1201H and AP1201HL Devices. When an Access Auth Profile is applied to an AP Group, OmniVista will pass the Bypass VLAN attribute to all APs in the AP Group. 1201H and 1201HL APs will accept it, other APs in the group will silently ignore this attribute. Bypass VLAN is recommended for the use case of HD IPTV.
UPAM
- New Web Content Filtering Feature
- A new Web Content Filtering (WCF) Feature has been added to the UPAM application (UPAM – Web Content Filtering). WCF Profiles can be configured to allow/deny client access through Stellar APs to web sites based on specific security or content conditions (e.g., Malware Sites, Gambling). A single WCF profile can contain multiple filtering conditions. To configure Web Content Filtering on an AP, you create a WCF Profile, configure an Access Role Profile or SSID with the WCF Profile, and then apply the Access Role Profile or SSID to APs.
- When a client tries to access a restricted website, the page will fail to load, and the browser will display an error. In a future release, if a client attempts to access a restricted site, OmniVista will redirect the client to a specific block page.
- Web Content Filtering is supported on APs running AWOS 4.0.2 (except AP1101, AP1201H, AP1201L, and AP1201HL models).
- You must have a Web Content Filtering License installed to use this feature. Licenses are purchased for a set number of APs.
- Configure Automatic Deletion of Expired UPAM Guest Accounts
- You can now configure automatic deletion of UPAM Guest Accounts once their validity period expires. The “Guest Account Deletion Policy” field on the UPAM Global Configuration page (UPAM “ Guest Access “ Global Configuration) enables you to configure how long expired Guest Accounts are retained before they are automatically deleted. The following retention options are available: never accounts, delete accounts as soon as they expire, delete accounts after a certain number of days (1 “ 90).
- Configure Guest Access Batch Account Access Code Length
- You can now configure the Access Code Length for Guest Accounts when creating accounts using the Batch Account Creation Feature. The Access Code Length is configured on the UPAM Guest Account page (UPAM “ Guest Access “ Guest Account). The Access Code Length can be between 6 and 16.
- Set the Validity Period Start Time for Guest Accounts
- You can now configure a Guest Account Validity Period to start the first time a user logs in. This is set in the “Effective at First Login” field on the UPAM Guest Account page (UPAM “ Guest Access “ Guest Account).
- EAP Option Available for UPAM Access Policy Configuration
- A new EAP option is now available when configuring a UPAM Access Policy that enables the user to restrict authentication to specific EAP Protocols (EAP-PEAP, EAP-TLS). The option is available under the Advanced Attributes Mapping Conditions (Attribute = Service-Type, Value = Framed User).
- Guest Access User Password Reset Option
- A “Reset Password” option is now available when configuring a Guest Access Strategy. If this option is enabled, a Guest User can change their login password without Administrator operation by receiving a Verification Code through e-mail or SMS. The user will be able to click on the "Forget Password?" link on the login screen for their account to request a Verification Code to change their password.
Users and User Groups
- Two-Factor Authentication
- You can now configure Two-Factor Authentication for user login based on User Role (Security “ Users and User Groups “ Two Factor Authentication). Two-Factor Authentication requires a user to enter an authentication code after entering their login/password to access OmniVista Cirrus. The authentication code is a time-based, 6-digit code generated using the Google Authenticator App, a free App that the user downloads to their Smartphone. When Two-Factor Authentication is enabled/disabled, the configuration is applied to all users who are members of a User Group with a User Role configured for Two-Factor Authentication.
OmniVista Cirrus Framework Improvements
- Improved Performance and Redundancy
- OmniVista Cirrus is now more fault tolerant and offers better performance due to redundancy and load balancing on key components.
- New Analytics AP Uptime/Downtime Report Display Options
- The Analytics AP Uptime/Downtime Report now has the option to filter the display data by device or map; as well as displaying data by time range or displaying the most recent data.
- Search Bar Added to Configuration Fields in UI
- A Search Bar has been added to configuration fields throughout the UI to assist the user in locating information from drop-down menus during configuration.
- IoT Device Classification Improvements
- The IoT device classification process between the cloud-based Device Fingerprinting Service and OmniVista has been streamlined, speeding up the IoT device classification process.
- Faster Loading of Application Visibility Screens
- The Application Visibility Signature Profile Screen now loads more quickly regardless of the number of Signature Profiles.
- VLAN Polling Improvements
- VLAN Polling has been streamlined for faster updates of VLAN information.
Remote Access Points
- Increased Scalability
- OmniVista can now support up to 1,000 Remote Access Points. Required CPU and Memory configurations are detailed in the OmniVista 4.5R3 Remote Access Point and VPN VA Installation Guide.
- Assign an Access Auth Profile to an AP Downlink Port
- As described above, you can now assign an Access Auth Profile to an AP Downlink port on AP1201H, AP1201HL, and AP1311 Devices.
- Tagged VLAN Traffic and VLAN Pool Supported
- Remote Access Points now supports Tagged VLAN traffic via GRE Tunnel, as well as VLAN Pool.
OmniVista Cirrus Production Notes 4.5.2
OmniVista Cirrus Production Notes 4.5.2
OmniVista® Cirrus Production Notes detail new features and functions, network/device configuration prerequisites, supported devices, and known issues/workarounds in OmniVista Cirrus. Please read the Production Notes in their entirety as they contain important operational information that may impact successful use of the application.
New Features and Functions
An overview of new features and functions is provided below.
Devices
OmniVista Cirrus now supports the following devices:
- AOS Devices
- OS6860N - OS6860N-U28, OS6860N-P48Z, and OS6860N-P48M
- OS6900 - OS6900T48 and OS6900X48
Software
OmniVista Cirrus now supports the following OS Software Versions:
- AWOS 4.0.1.44 and higher
- AOS 6.7.2.R08
- AOS 8.7R1
Applications
New Applications
The following section details new applications introduced in this release.
- Scheduled Upgrades
- The new Scheduled Upgrades feature (Network - Inventory - Scheduled Upgrades) enables you to schedule automatic upgrades to specific network devices during specific time windows (e.g., non-business hours) to ensure minimal network disruption. Scheduled upgrades can also be configured on the Device Catalog Screen (Inventory - Device Catalog) by selecting a device(s) in the Device Catalog and clicking on the "Set Software Version" button to bring up the Schedule Software Upgrade Wizard. A device must be managed and the Running Configuration must be saved for an upgrade to occur.
- Responder mDNS
- You can now configure mDNS using the Responder Model. Responder mDNS is configured on Responder Switches which communicate with Edge Switches/APs to which clients connect. In this mode, the Responder Device acts as a core switch. Server Rules are created on the Responder Device that contain Server Policies and Client Policies. The Service Rules define the criteria by which the Responder Device decides which services can be shared with which client requests.
It is recommended that you schedule upgrades on devices so that they do not adversely affect network performance. For example, stagger upgrades of different devices in different time windows during non-busy hours.
The following devices can be configured as Responder Devices: OS6860, OS6865, OS6900, and higher. The following switches and APs can be configured as Edge Devices: OS6465, OS6560, OS6860, OS6865, and OS6900; and APs running 4.0.1.44 and higher (except for OAW-AP1101).
Note that OmniVista does not support importing existing mDNS configurations.
Application Updates/Enhancements
The following section details updates and enhancements to existing OmniVista Cirrus applications.
Analytics
- New Stellar AP Uptime/Downtime Report
- The new Analytics AP Uptime/Downtime Report displays detailed information about the Uptime/Downtime of APs, and the Uptime/Downtime of the link between APs and OmniVista.
- Port Statistics Displayed in Kbps
- Port Tx/Rx Kpbs options are now available when configuring Analytics Statistics Collection Profiles.
Application Visibility
- Application Visibility Support on AP132x and AP136x
- Application Visibility is now supported on Stellar AP132x and AP136x models (requires minimum Signature Kit version 3.6.11).
AP Registration
- Out-of-the-Box Mesh Configuration
- Out-of-the- box Mesh is a feature that helps you quickly set up a Mesh Network without configuring the out-of-box APs. The out-of-box APs will establish a Mesh network with hardcoded settings. You only need to specify the Mesh root, then other APs will establish a Mesh configuration automatically. Select an AP in the Access Points List and select Edit Mesh Configuration to enable Mesh and configure Mesh root. Note that to enable Out-of-box Mesh, the factory AP should be powered up by adapter or PoE injector without connecting to wired LAN.
- Edit Bridge AP Name
- You can now edit a Bridge AP Name. Go to the Bridge AP Tab, select an AP and select the Edit Basic Info edit option.
- AP Uptime Displayed in Detailed View
- AP Uptime is now displayed in the Detailed View of an AP. Select an AP to bring up the Detailed View. AP Uptime information is in the General section.
- IoT/Location Server KonSP BLE Beacon Is Now Supported
- The KonSP BLE Beacon format is now supported. This format must be used for location data when tags are not in motion.
- APs Support Multiple VLANs for Local Breakout
- APs can now support Local Breakout for multiple APs. Local Breakout is configured as part of a tunnel configuration in the Unified Profile application and the SSIDs application.
Authentication Servers
- Increased Password Length for LDAP Servers
- You can now create a password of up to 128 characters when configuring an LDAP Server (Security - Authentication Servers - LDAP Server).
CLI Scripting
- Browser Tab Improvement When Connecting to a Device
- When you connect to a device using the CLI Scripting Terminal application, the browser tab now displays the devices IP address.
- Improved Device Selection Process to Connect to a Switch
- You can now enter search criteria (e.g., IP address, OS Version, Location) in the Device field to search for and select a device to connect to. The Switch Picker and Topology options are still available.
IoT
- IPv6 Endpoint Support
- IPv6 endpoints connected to AOS 8x switches are now reported in the IoT application.
Report
- Report Name and Widget Name Included in Report PDF
- When you create a PDF of a Report, the Report Name and Widget Name are now included in the Report PDF.
Security
- External Apps Feature
- The new External Apps feature (Security - External Apps) is used to create an API security key that is used by external devices/applications to access the OmniVista Server. For example, the Asset Tracking Engine will use this key to access OmniVista Cirrus.
SSID (and WLAN Expert)
- New Roaming Option
- FBD Update on Association - Enables/Disables FDB update on Association. If enabled, when a client roams to a new AP, the AP will send ARP packets to the uplink switch to notify the switch to change the downstream forwarding port for the wireless client's traffic.
Topology
- New Highlight Filters
- There is a new Filter Category - Device Properties, that can be used to highlight SPB Backbone Edge Bridge (BEB) devices and Backbone Core Bridge (BCB) devices in a map.
Users and User Groups
- New Permissions for Netadmin User
- The netadmin user now has read/write access to the License Screen and can also create/edit/delete AP Groups, Trust/Untrust APs, create/delete maps/sites, and modify the accessible maps of role.
UPAM
- Enable the Local UPAM Database for ASA
- You can enable Switch User Authentication through the local Switch User Account Database in UPAM. By default, this option is disabled, and Switch User Accounts are authenticated through an external Authentication Server. To enable ASA using the local UPAM Database, go to the Switch User Account Screen (UPAM “Authentication“ Switch User Account), select a username(s) and click on the “Enable ASA” button.
- Automatically Generate Random Device Specific Passphrase
- When you are creating/editing an entry in the Company Property List, click on the “Generate” button to automatically create a random Device Specific Passphrase.
- Device Specific Passphrase Validity Period
- You can now set the duration for a Device Specific Passphrase (e.g., Always, 6 Weeks, 3 Months). You can also set a specific date and time for the validity period to expire.
- Additional Information on Company Property PSK Printout
- The Device Name and PSK Passcode Validity Period are now displayed on the PSK Printout.
- PSK Passphrase Can Be Viewed Company Property List
- You can now view the Device Specific Passphrase for a device in the Company Property List. In the Detailed View for the device click on the “Show Password” icon next to the field to view the passphrase. It can also be viewed when creating/editing the passphrase.
- Custom Attributes Displayed for Captive Portal Access Records
- Custom Attributes created by a user are now displayed in the Detailed View of Captive Portal Access Records as well as in exported .csv files of Captive Portal Access Records if Login Strategy = “Terms and Conditions”.
- Create Employee Account or Company Property Entry from Authentication Record
- If a device fails authenticated through the Local Database, you can automatically create an Employee Account, or add the device to the Company Property List by selection it and clicking on the Generation button at the top of the Authentication Record Screen.
Unified Policy
- Reflexive Policies for Stellar APs
- You can now configure Reflexive Policies for Stellar APs in when configuring a Unified Policy. Note that if the Reflexive option is set to "No", the policy will be a stateless rule. In this case, the iptable rule is with "NOTRACK". If some traffic matches the NOTRACK rule, functions depending on conntrack will not work. For example, DPI depends on the first 15 packets of the same conntrack session, it might not work if the traffic matches a "NOTRACK" policy.
WLAN
- Filter Clients by Physical Map and Logical Map
- You can now filter the Wireless Client List, Wired Client List, Wireless Client Session, Wired Client Session, and Client Summary data by Physical or Logical Map.
- Heat Map Improvement
- You can now configure up to 150 floors in a Heat Map.
- Export the Wireless Client List
- You can now export the List of Clients on All APs List to a .csv file. You can include all clients. However, only the clients included in the current filter applied to the list, if applicable.
- New RF Profile Settings
- MU-MIMO - Enables/Disables Multi-User, Multiple-Input, Multiple-Output (MU-MIMO) feature. If enabled, the AP can communicate with multiple devices simultaneously. This decreases the time each device has to wait for a signal and speeds up the network.
- High-Efficiency - Enables/Disables 802.11ax high efficiency wireless functionality. If Disabled, an HE mode capable AP will downgrade to VHT (Very High Throughput) mode.
- Scanning Channel -Specify the channel(s) on which the wireless background scanning is executed (Working Channel/Working Channel and Non-Working Channel). For a highly-sensitive packet delay use case, it is recommended that you enable background scanning only for the Working Channel.
Remote Access Points
- Hyper-V Deployment Support
- Hyper-V is now supported for RAP VPN VA deployment.
- Improved RAP Import Process
- You can now include the VPN Server Settings name in the .csv file used to import RAPs into the Device Catalog of your Freemium OmniVista account.
- Improved VPN Settings Export Process
- You can now export VPN Settings for RAP as soon as the RAP is added to the Device Catalog. You do not have to wait until the AP reaches “Registered” status.
- Remote APs Support for Multiple VLANs and Local Breakout
- SSID Tagged VLAN - SSID Tagged VLANs are now supported. Note that on AP1201H downlink ports, only untagged traffic is supported for tunneling.
- Local Breakout - Local Breakout is now supported. Local Breakout must be configured in the SSIDs application. The routes are applied to all SSIDs.
OmniVista Cirrus Production Notes 4.5.1
OmniVista® Cirrus Production Notes detail new features and functions, network/device configuration prerequisites, supported devices, and known issues/workarounds in OmniVista Cirrus. Please read the Production Notes in their entirety as they contain important operational information that may impact successful use of the application.
New Features and Functions
An overview of new features and functions is provided below.
Devices
OmniVista Cirrus now supports the following devices:
- APs
- AP1201BG - AP1201BG is now supported in OmniVista. The 1201BG AP has limited functionality and is used primarily for scanning in the Asset Tracking application.
- AP1321/AP1322 - AP1321 and AP 1322 are now supported in OmniVista Cirrus.
- AP1361/AP1361D/1362 - AP1361, AP1361D, and AP1362 are now supported in OmniVista Cirrus.
Software
OmniVista Cirrus now supports the following OS Software Versions:
- AWOS 4.0.0.x - APs
Browser Support
- Internet Explorer is no longer supported. Chrome 68+ and Firefox 62+ are supported.
Applications
New Applications
The following section details new applications introduced in this release.
- Asset Tracking - A separate Asset Tracking application is available. OmniVista supports this application with the new OAW-AP1201BG AP as well as the existing OAW-AP1231and OAW-AP1231 APs.
- Mobile App for Template Based Provisioning - The OmniVista Assistant Mobile App is now available to provision and configure AOS Switches. The OmniVista Assistant App enables you to easily provision and configure new switches or re-configure existing switches. The OmniVista Assistant App connects to the OmniVista Server to push switch configurations defined in a matching Provisioning Rule to the switch you are configuring. A Provisioning Rule matching the switch you are configuring must exist in the OmniVista Provisioning Application before you can configure it with the OmniVista Assistant App.
- A Provisioning Rule matching the switch you are configuring must exist in the Provisioning Application before you can configure it with the OmniVista Assistant App.
- The OmniVista Assistant App is supported on all AOS 6x and Switches. You can connect to the switch via cable (6x and 8x Switches) or Bluetooth (8x Switches). Note that you cannot connect via Bluetooth on the OS9900 Switch.
- The OmniVista Assistant App is supported on Android devices running versions 7.0, 8.0, and 9.0. It is not supported on Android 10.0.
Application Updates/Enhancements
The following section details updates and enhancements to existing OmniVista Cirrus applications.
Analytics
- New Analytics Reports - Two new Analytics Reports can now be generated:
- Top N PoE Ports - Displays the top network PoE ports based on the amount of power being utilized by each PoE Port. Reports can be generated by creating an Analytics PoE Report Profile or a Statistics Collection Profile, and can also be generated on the fly by selecting devices and attributes on the Statistics Screen. New PoE widgets are also available and can be displayed on the Global Dashboard.
- Top N PoE Switches - Displays total PoE utilization by switch. When you create an Analytics PoE Report Profile or a Statistics Collection Profile, the Top N PoE Switches Report is also generated.
- Improved Statistics
- The Statistics Feature in Analytics (formally called Performance Monitoring) has been simplified. By default, statistics are now automatically collected from all switches and ports for all new switches added to the network. There is no need to manually create a Collection Profile to gather Statistics data. This default setting can be changed on the Analytics Settings page.
- Statistics collection and statistics views are now separate. In previous releases, graphical views of statistics data were based on the switches as configured in the Collection Profile. Now you can create custom Statistics Views from any switches generating Statistics data.
AP Registration
- Remote Access Points (RAP)
- You can now configure an offsite, remote AP as a Remote Access Point (RAP) that can be managed by your local OmniVista Cirrus installation through a VPN Tunnel.
- The Remote AP Feature is supported on all OAW-AP12xx Series APs. It is not supported on OAW-AP1101 or OAW-AP13xx Series APs.
- Set AP Root Account Password Seed
- You can now set an AP Root Account Password Seed for APs. Configuring a Root Account Password Seed adds a second layer of security for AP access. When you configure a Password Seed, the Root Password is derived from a character string composed of two parts - the Password Seed and the Fixed Root Password. The Password Seed can be changed at any time. The password is set by AP Group and is only supported on APs running AWOS 4.0.0 and higher. A Root Account Password Seed will not be applied to any APs in the group running a lower AWOS.
- Limit/Shutdown an AP's Radio
- You can now edit an APs configuration by limiting an APs radio to a specific band or shutting down the APs radio. Select an AP in the Access Points List, click on the Edit icon, and select Edit Radio Configuration.
- Default Beaconing AP Group
- There is a new default Beaconing AP Group ("default BLEGW group") for OAW-AP1201BG APs. When a 1201BG when a 1201 BG AP initially registers, it is placed in this group. OAW-AP1201BG APs have limited functionality and are used specifically for scanning for the Asset Tracking application.
Dashboard
- Performance Monitoring Dashboard
- A new Performance Monitoring Dashboard tab has been added to the OmniVista Dashboard. The Performance Dashboard displays Analytics Statistics Chart View Profile widgets. Statistics Chart View Profiles are graphical displays of collected statistics data. The profiles are configured in the Analytics application on the Analytics Statistics Chart View Screen (Network - Analytics - Statistics - Chart Views). The data can be displayed in graphical or table view and you can configure the display time range. You can add up to 20 widgets to the dashboard.
- New Global Dashboard Widgets
- Top N PoE Ports Utilization Detail View - Displays PoE Port power utilization in bar chart format for PoE-enabled ports on the network. Hover the mouse over a bar chart for more detailed information. You must create an Analytics PoE Profile in the Analytics application and assign the profile to switches/ports to generate and display information for this widget.
- Top N PoE Ports Utilization Trending View - Displays PoE Port power utilization in line chart format for PoE-enabled ports on the network. Click on a data point for more detailed information. You must create an Analytics PoE Profile in the Analytics application and assign the profile to switches/ports to generate and display information for this widget.
- Top N PoE Switches Utilization Summary View - Displays PoE Port power utilization by switch in pie chart format. Hover the mouse over a section for more detailed information. You must create an Analytics PoE Profile in the Analytics application and assign the profile to switches/ports to generate and display information for this widget.
- New WLAN Advanced Dashboard Widget
- Most Recent 1000 Client Records - Displays information about all active clients on the network. Click on the "More" link at the bottom of the widget to display the most recent 1,000 client sessions on all Stellar APs on the network. Click on a client in the widget to bring up the "Details of Client" window, which displays detailed information about the selected client and its sessions.
IoT
- IoT Enforcement
- The new IoT Enforcement feature enables you to authenticate devices by associating an IoT Category with an Access Role Profile. Once a device accesses the network and is categorized, the assigned Access Role Profile is applied to the device. You can associate different Access Role Profiles with different categories; and you can enable automatic or manual enforcement Categories. IoT Enforcement is not supported on OS6560-P48Z16 switches.
- IoT Data Retention Settings
- The new IoT Settings screen enables you to configure IoT data retention preferences for IoT data.
- G Suite Integration
- The IoT application can now be configured to integrate with Google G Suite to collect device information and provide network security for Chrome devices. G Suite Integration is only supported on devices connected to AOS Switches running AOS 8.6R2 and later, or devices connected to APs connected to AOS Switches running AOS 8.6R2 and later.
Topology
- You can now set the line style and line weight you want to use when displaying LLDP/AMAP/SPB/ERP Links and Manual Links in a Topology Map. The preference is set in the Topology Configuration Window. Click on the Configuration icon in the upper-right corner of the topology map to bring up the Configuration window.
- Link information now includes the Link Type (Copper or Fiber) and Link Speed when you hover over a link or click on a link in a Topology Map.
- In previous releases, a link status color would display Red if any port in a Linkagg was down. The link will now display Orange if any port in a Linkagg is down.
Unified Access
- Tunnel Profiles to Connect to Third-Party Devices
- You can now configure a Tunnel with a Tunnel ID of “0”, with “Entropy” disabled, enabling a GRE Tunnel Server connection to a third-party Tunnel Server (e.g., Linux), which require no Entropy.
UPAM
- Authenticated Switch Access Through UPAM
- You can now use UPAM for Authenticated Switch Access (ASA) for network switches. Users are configured on the UPAM Switch User Account Screen (UPAM Authentication Switch User Account). You can set user credentials as well as user privileges for switch operations. You then configure a AAA Profile (Unified Access Template Global Configuration AAA), select the UPAM Server as the authentication server for switch access, and assign the AAA Profile to network switches.
- Device Specific PSK Encryption Option
- You can now configure WLAN/SSID Encryption with Device Specific PSK. A Device Specific PSK provides more security that traditional PSK. When Device Specific PSK is enabled, when the AAA Server sends the Radius Access Accept of MAC Authentication, it will also send the specific pre-shared key for that client, distinguished by the client's MAC Address. This means that each client will have a different key.
- Print PSK or QR Code
- The Company Property Screen has options to print the Device Specific PSK Passphrase for devices in the Company Property List. The passphrase can be printed in standard format or in QR Code that a user can scan and use to log into the network. Select a device(s) in the Company Property List and click on either the Print PSK or Print QR Code button.
- Auto-Generate PSK
- The Authentication Records Screen had the option to quickly add a device(s) in the Authentication Records List to the Company Property List as a Device Specific PSK device. Select the device(s) in the Authentication Records List and click on the Generation PSK button. OmniVista will add the device(s) to the Company List with an auto-generated PSK Passphrase. The device information, including the PSK Passphrase can be edited at any time on the Company Property Screen.