OmniVista Cirrus Production Notes 4.5.2
OmniVista Cirrus Production Notes 4.5.2
OmniVista® Cirrus Production Notes detail new features and functions, network/device configuration prerequisites, supported devices, and known issues/workarounds in OmniVista Cirrus. Please read the Production Notes in their entirety as they contain important operational information that may impact successful use of the application.
New Features and Functions
An overview of new features and functions is provided below.
Devices
OmniVista Cirrus now supports the following devices:
- AOS Devices
- OS6860N - OS6860N-U28, OS6860N-P48Z, and OS6860N-P48M
- OS6900 - OS6900T48 and OS6900X48
Software
OmniVista Cirrus now supports the following OS Software Versions:
- AWOS 4.0.1.44 and higher
- AOS 6.7.2.R08
- AOS 8.7R1
Applications
New Applications
The following section details new applications introduced in this release.
- Scheduled Upgrades
- The new Scheduled Upgrades feature (Network - Inventory - Scheduled Upgrades) enables you to schedule automatic upgrades to specific network devices during specific time windows (e.g., non-business hours) to ensure minimal network disruption. Scheduled upgrades can also be configured on the Device Catalog Screen (Inventory - Device Catalog) by selecting a device(s) in the Device Catalog and clicking on the "Set Software Version" button to bring up the Schedule Software Upgrade Wizard. A device must be managed and the Running Configuration must be saved for an upgrade to occur.
- Responder mDNS
- You can now configure mDNS using the Responder Model. Responder mDNS is configured on Responder Switches which communicate with Edge Switches/APs to which clients connect. In this mode, the Responder Device acts as a core switch. Server Rules are created on the Responder Device that contain Server Policies and Client Policies. The Service Rules define the criteria by which the Responder Device decides which services can be shared with which client requests.
It is recommended that you schedule upgrades on devices so that they do not adversely affect network performance. For example, stagger upgrades of different devices in different time windows during non-busy hours.
The following devices can be configured as Responder Devices: OS6860, OS6865, OS6900, and higher. The following switches and APs can be configured as Edge Devices: OS6465, OS6560, OS6860, OS6865, and OS6900; and APs running 4.0.1.44 and higher (except for OAW-AP1101).
Note that OmniVista does not support importing existing mDNS configurations.
Application Updates/Enhancements
The following section details updates and enhancements to existing OmniVista Cirrus applications.
Analytics
- New Stellar AP Uptime/Downtime Report
- The new Analytics AP Uptime/Downtime Report displays detailed information about the Uptime/Downtime of APs, and the Uptime/Downtime of the link between APs and OmniVista.
- Port Statistics Displayed in Kbps
- Port Tx/Rx Kpbs options are now available when configuring Analytics Statistics Collection Profiles.
Application Visibility
- Application Visibility Support on AP132x and AP136x
- Application Visibility is now supported on Stellar AP132x and AP136x models (requires minimum Signature Kit version 3.6.11).
AP Registration
- Out-of-the-Box Mesh Configuration
- Out-of-the- box Mesh is a feature that helps you quickly set up a Mesh Network without configuring the out-of-box APs. The out-of-box APs will establish a Mesh network with hardcoded settings. You only need to specify the Mesh root, then other APs will establish a Mesh configuration automatically. Select an AP in the Access Points List and select Edit Mesh Configuration to enable Mesh and configure Mesh root. Note that to enable Out-of-box Mesh, the factory AP should be powered up by adapter or PoE injector without connecting to wired LAN.
- Edit Bridge AP Name
- You can now edit a Bridge AP Name. Go to the Bridge AP Tab, select an AP and select the Edit Basic Info edit option.
- AP Uptime Displayed in Detailed View
- AP Uptime is now displayed in the Detailed View of an AP. Select an AP to bring up the Detailed View. AP Uptime information is in the General section.
- IoT/Location Server KonSP BLE Beacon Is Now Supported
- The KonSP BLE Beacon format is now supported. This format must be used for location data when tags are not in motion.
- APs Support Multiple VLANs for Local Breakout
- APs can now support Local Breakout for multiple APs. Local Breakout is configured as part of a tunnel configuration in the Unified Profile application and the SSIDs application.
Authentication Servers
- Increased Password Length for LDAP Servers
- You can now create a password of up to 128 characters when configuring an LDAP Server (Security - Authentication Servers - LDAP Server).
CLI Scripting
- Browser Tab Improvement When Connecting to a Device
- When you connect to a device using the CLI Scripting Terminal application, the browser tab now displays the devices IP address.
- Improved Device Selection Process to Connect to a Switch
- You can now enter search criteria (e.g., IP address, OS Version, Location) in the Device field to search for and select a device to connect to. The Switch Picker and Topology options are still available.
IoT
- IPv6 Endpoint Support
- IPv6 endpoints connected to AOS 8x switches are now reported in the IoT application.
Report
- Report Name and Widget Name Included in Report PDF
- When you create a PDF of a Report, the Report Name and Widget Name are now included in the Report PDF.
Security
- External Apps Feature
- The new External Apps feature (Security - External Apps) is used to create an API security key that is used by external devices/applications to access the OmniVista Server. For example, the Asset Tracking Engine will use this key to access OmniVista Cirrus.
SSID (and WLAN Expert)
- New Roaming Option
- FBD Update on Association - Enables/Disables FDB update on Association. If enabled, when a client roams to a new AP, the AP will send ARP packets to the uplink switch to notify the switch to change the downstream forwarding port for the wireless client's traffic.
Topology
- New Highlight Filters
- There is a new Filter Category - Device Properties, that can be used to highlight SPB Backbone Edge Bridge (BEB) devices and Backbone Core Bridge (BCB) devices in a map.
Users and User Groups
- New Permissions for Netadmin User
- The netadmin user now has read/write access to the License Screen and can also create/edit/delete AP Groups, Trust/Untrust APs, create/delete maps/sites, and modify the accessible maps of role.
UPAM
- Enable the Local UPAM Database for ASA
- You can enable Switch User Authentication through the local Switch User Account Database in UPAM. By default, this option is disabled, and Switch User Accounts are authenticated through an external Authentication Server. To enable ASA using the local UPAM Database, go to the Switch User Account Screen (UPAM “Authentication“ Switch User Account), select a username(s) and click on the “Enable ASA” button.
- Automatically Generate Random Device Specific Passphrase
- When you are creating/editing an entry in the Company Property List, click on the “Generate” button to automatically create a random Device Specific Passphrase.
- Device Specific Passphrase Validity Period
- You can now set the duration for a Device Specific Passphrase (e.g., Always, 6 Weeks, 3 Months). You can also set a specific date and time for the validity period to expire.
- Additional Information on Company Property PSK Printout
- The Device Name and PSK Passcode Validity Period are now displayed on the PSK Printout.
- PSK Passphrase Can Be Viewed Company Property List
- You can now view the Device Specific Passphrase for a device in the Company Property List. In the Detailed View for the device click on the “Show Password” icon next to the field to view the passphrase. It can also be viewed when creating/editing the passphrase.
- Custom Attributes Displayed for Captive Portal Access Records
- Custom Attributes created by a user are now displayed in the Detailed View of Captive Portal Access Records as well as in exported .csv files of Captive Portal Access Records if Login Strategy = “Terms and Conditions”.
- Create Employee Account or Company Property Entry from Authentication Record
- If a device fails authenticated through the Local Database, you can automatically create an Employee Account, or add the device to the Company Property List by selection it and clicking on the Generation button at the top of the Authentication Record Screen.
Unified Policy
- Reflexive Policies for Stellar APs
- You can now configure Reflexive Policies for Stellar APs in when configuring a Unified Policy. Note that if the Reflexive option is set to "No", the policy will be a stateless rule. In this case, the iptable rule is with "NOTRACK". If some traffic matches the NOTRACK rule, functions depending on conntrack will not work. For example, DPI depends on the first 15 packets of the same conntrack session, it might not work if the traffic matches a "NOTRACK" policy.
WLAN
- Filter Clients by Physical Map and Logical Map
- You can now filter the Wireless Client List, Wired Client List, Wireless Client Session, Wired Client Session, and Client Summary data by Physical or Logical Map.
- Heat Map Improvement
- You can now configure up to 150 floors in a Heat Map.
- Export the Wireless Client List
- You can now export the List of Clients on All APs List to a .csv file. You can include all clients. However, only the clients included in the current filter applied to the list, if applicable.
- New RF Profile Settings
- MU-MIMO - Enables/Disables Multi-User, Multiple-Input, Multiple-Output (MU-MIMO) feature. If enabled, the AP can communicate with multiple devices simultaneously. This decreases the time each device has to wait for a signal and speeds up the network.
- High-Efficiency - Enables/Disables 802.11ax high efficiency wireless functionality. If Disabled, an HE mode capable AP will downgrade to VHT (Very High Throughput) mode.
- Scanning Channel -Specify the channel(s) on which the wireless background scanning is executed (Working Channel/Working Channel and Non-Working Channel). For a highly-sensitive packet delay use case, it is recommended that you enable background scanning only for the Working Channel.
Remote Access Points
- Hyper-V Deployment Support
- Hyper-V is now supported for RAP VPN VA deployment.
- Improved RAP Import Process
- You can now include the VPN Server Settings name in the .csv file used to import RAPs into the Device Catalog of your Freemium OmniVista account.
- Improved VPN Settings Export Process
- You can now export VPN Settings for RAP as soon as the RAP is added to the Device Catalog. You do not have to wait until the AP reaches “Registered” status.
- Remote APs Support for Multiple VLANs and Local Breakout
- SSID Tagged VLAN - SSID Tagged VLANs are now supported. Note that on AP1201H downlink ports, only untagged traffic is supported for tunneling.
- Local Breakout - Local Breakout is now supported. Local Breakout must be configured in the SSIDs application. The routes are applied to all SSIDs.
OmniVista Cirrus Production Notes 4.5.1
OmniVista® Cirrus Production Notes detail new features and functions, network/device configuration prerequisites, supported devices, and known issues/workarounds in OmniVista Cirrus. Please read the Production Notes in their entirety as they contain important operational information that may impact successful use of the application.
New Features and Functions
An overview of new features and functions is provided below.
Devices
OmniVista Cirrus now supports the following devices:
- APs
- AP1201BG - AP1201BG is now supported in OmniVista. The 1201BG AP has limited functionality and is used primarily for scanning in the Asset Tracking application.
- AP1321/AP1322 - AP1321 and AP 1322 are now supported in OmniVista Cirrus.
- AP1361/AP1361D/1362 - AP1361, AP1361D, and AP1362 are now supported in OmniVista Cirrus.
Software
OmniVista Cirrus now supports the following OS Software Versions:
- AWOS 4.0.0.x - APs
Browser Support
- Internet Explorer is no longer supported. Chrome 68+ and Firefox 62+ are supported.
Applications
New Applications
The following section details new applications introduced in this release.
- Asset Tracking - A separate Asset Tracking application is available. OmniVista supports this application with the new OAW-AP1201BG AP as well as the existing OAW-AP1231and OAW-AP1231 APs.
- Mobile App for Template Based Provisioning - The OmniVista Assistant Mobile App is now available to provision and configure AOS Switches. The OmniVista Assistant App enables you to easily provision and configure new switches or re-configure existing switches. The OmniVista Assistant App connects to the OmniVista Server to push switch configurations defined in a matching Provisioning Rule to the switch you are configuring. A Provisioning Rule matching the switch you are configuring must exist in the OmniVista Provisioning Application before you can configure it with the OmniVista Assistant App.
- A Provisioning Rule matching the switch you are configuring must exist in the Provisioning Application before you can configure it with the OmniVista Assistant App.
- The OmniVista Assistant App is supported on all AOS 6x and Switches. You can connect to the switch via cable (6x and 8x Switches) or Bluetooth (8x Switches). Note that you cannot connect via Bluetooth on the OS9900 Switch.
- The OmniVista Assistant App is supported on Android devices running versions 7.0, 8.0, and 9.0. It is not supported on Android 10.0.
Application Updates/Enhancements
The following section details updates and enhancements to existing OmniVista Cirrus applications.
Analytics
- New Analytics Reports - Two new Analytics Reports can now be generated:
- Top N PoE Ports - Displays the top network PoE ports based on the amount of power being utilized by each PoE Port. Reports can be generated by creating an Analytics PoE Report Profile or a Statistics Collection Profile, and can also be generated on the fly by selecting devices and attributes on the Statistics Screen. New PoE widgets are also available and can be displayed on the Global Dashboard.
- Top N PoE Switches - Displays total PoE utilization by switch. When you create an Analytics PoE Report Profile or a Statistics Collection Profile, the Top N PoE Switches Report is also generated.
- Improved Statistics
- The Statistics Feature in Analytics (formally called Performance Monitoring) has been simplified. By default, statistics are now automatically collected from all switches and ports for all new switches added to the network. There is no need to manually create a Collection Profile to gather Statistics data. This default setting can be changed on the Analytics Settings page.
- Statistics collection and statistics views are now separate. In previous releases, graphical views of statistics data were based on the switches as configured in the Collection Profile. Now you can create custom Statistics Views from any switches generating Statistics data.
AP Registration
- Remote Access Points (RAP)
- You can now configure an offsite, remote AP as a Remote Access Point (RAP) that can be managed by your local OmniVista Cirrus installation through a VPN Tunnel.
- The Remote AP Feature is supported on all OAW-AP12xx Series APs. It is not supported on OAW-AP1101 or OAW-AP13xx Series APs.
- Set AP Root Account Password Seed
- You can now set an AP Root Account Password Seed for APs. Configuring a Root Account Password Seed adds a second layer of security for AP access. When you configure a Password Seed, the Root Password is derived from a character string composed of two parts - the Password Seed and the Fixed Root Password. The Password Seed can be changed at any time. The password is set by AP Group and is only supported on APs running AWOS 4.0.0 and higher. A Root Account Password Seed will not be applied to any APs in the group running a lower AWOS.
- Limit/Shutdown an AP's Radio
- You can now edit an APs configuration by limiting an APs radio to a specific band or shutting down the APs radio. Select an AP in the Access Points List, click on the Edit icon, and select Edit Radio Configuration.
- Default Beaconing AP Group
- There is a new default Beaconing AP Group ("default BLEGW group") for OAW-AP1201BG APs. When a 1201BG when a 1201 BG AP initially registers, it is placed in this group. OAW-AP1201BG APs have limited functionality and are used specifically for scanning for the Asset Tracking application.
Dashboard
- Performance Monitoring Dashboard
- A new Performance Monitoring Dashboard tab has been added to the OmniVista Dashboard. The Performance Dashboard displays Analytics Statistics Chart View Profile widgets. Statistics Chart View Profiles are graphical displays of collected statistics data. The profiles are configured in the Analytics application on the Analytics Statistics Chart View Screen (Network - Analytics - Statistics - Chart Views). The data can be displayed in graphical or table view and you can configure the display time range. You can add up to 20 widgets to the dashboard.
- New Global Dashboard Widgets
- Top N PoE Ports Utilization Detail View - Displays PoE Port power utilization in bar chart format for PoE-enabled ports on the network. Hover the mouse over a bar chart for more detailed information. You must create an Analytics PoE Profile in the Analytics application and assign the profile to switches/ports to generate and display information for this widget.
- Top N PoE Ports Utilization Trending View - Displays PoE Port power utilization in line chart format for PoE-enabled ports on the network. Click on a data point for more detailed information. You must create an Analytics PoE Profile in the Analytics application and assign the profile to switches/ports to generate and display information for this widget.
- Top N PoE Switches Utilization Summary View - Displays PoE Port power utilization by switch in pie chart format. Hover the mouse over a section for more detailed information. You must create an Analytics PoE Profile in the Analytics application and assign the profile to switches/ports to generate and display information for this widget.
- New WLAN Advanced Dashboard Widget
- Most Recent 1000 Client Records - Displays information about all active clients on the network. Click on the "More" link at the bottom of the widget to display the most recent 1,000 client sessions on all Stellar APs on the network. Click on a client in the widget to bring up the "Details of Client" window, which displays detailed information about the selected client and its sessions.
IoT
- IoT Enforcement
- The new IoT Enforcement feature enables you to authenticate devices by associating an IoT Category with an Access Role Profile. Once a device accesses the network and is categorized, the assigned Access Role Profile is applied to the device. You can associate different Access Role Profiles with different categories; and you can enable automatic or manual enforcement Categories. IoT Enforcement is not supported on OS6560-P48Z16 switches.
- IoT Data Retention Settings
- The new IoT Settings screen enables you to configure IoT data retention preferences for IoT data.
- G Suite Integration
- The IoT application can now be configured to integrate with Google G Suite to collect device information and provide network security for Chrome devices. G Suite Integration is only supported on devices connected to AOS Switches running AOS 8.6R2 and later, or devices connected to APs connected to AOS Switches running AOS 8.6R2 and later.
Topology
- You can now set the line style and line weight you want to use when displaying LLDP/AMAP/SPB/ERP Links and Manual Links in a Topology Map. The preference is set in the Topology Configuration Window. Click on the Configuration icon in the upper-right corner of the topology map to bring up the Configuration window.
- Link information now includes the Link Type (Copper or Fiber) and Link Speed when you hover over a link or click on a link in a Topology Map.
- In previous releases, a link status color would display Red if any port in a Linkagg was down. The link will now display Orange if any port in a Linkagg is down.
Unified Access
- Tunnel Profiles to Connect to Third-Party Devices
- You can now configure a Tunnel with a Tunnel ID of “0”, with “Entropy” disabled, enabling a GRE Tunnel Server connection to a third-party Tunnel Server (e.g., Linux), which require no Entropy.
UPAM
- Authenticated Switch Access Through UPAM
- You can now use UPAM for Authenticated Switch Access (ASA) for network switches. Users are configured on the UPAM Switch User Account Screen (UPAM Authentication Switch User Account). You can set user credentials as well as user privileges for switch operations. You then configure a AAA Profile (Unified Access Template Global Configuration AAA), select the UPAM Server as the authentication server for switch access, and assign the AAA Profile to network switches.
- Device Specific PSK Encryption Option
- You can now configure WLAN/SSID Encryption with Device Specific PSK. A Device Specific PSK provides more security that traditional PSK. When Device Specific PSK is enabled, when the AAA Server sends the Radius Access Accept of MAC Authentication, it will also send the specific pre-shared key for that client, distinguished by the client's MAC Address. This means that each client will have a different key.
- Print PSK or QR Code
- The Company Property Screen has options to print the Device Specific PSK Passphrase for devices in the Company Property List. The passphrase can be printed in standard format or in QR Code that a user can scan and use to log into the network. Select a device(s) in the Company Property List and click on either the Print PSK or Print QR Code button.
- Auto-Generate PSK
- The Authentication Records Screen had the option to quickly add a device(s) in the Authentication Records List to the Company Property List as a Device Specific PSK device. Select the device(s) in the Authentication Records List and click on the Generation PSK button. OmniVista will add the device(s) to the Company List with an auto-generated PSK Passphrase. The device information, including the PSK Passphrase can be edited at any time on the Company Property Screen.