June 03, 2021 By BlueAlly
We’ve become all to accustomed to seeing news of major security breaches from social media companies, service providers, and other companies we trusted. Our email addresses, passwords, and other private information is compromised again and again. It’s no surprise that data breaches are a top concern for people in their personal and professional lives. But very few small business owners take the next step and use multifactor authentication to secure access to their sensitive data and customer information.
As successful security breaches continue to rise, a username and password isn’t enough to secure account access. That’s why two-factor authentication (2FA) has become an essential tool to mitigate risk against compromised login credentials.
Two-factor authentication is now available on Aruba Instant On mobile app and web portal, providing our business partners and customers with an additional layer of authentication, helping to prevent attackers from remotely accessing your network and securing sensitive customer information. Using 2FA strengthens security by requiring an additional layer of authentication, such as an authentication app, in addition to a username and password.
2FA can be enabled from the security page under the Accounts Management page on the Instant On mobile app and an authenticator app is required to validate a one-time password (OTP) and save a recovery code.
In addition to 2FA, here are some of the cool new capabilities in Aruba Instant On 2.3 release.
1. Partners and customers can maintain better ownership of their accounts with the option to lock admin accounts.
Instant On allows you to create three admin accounts per site, and revoking or transferring ownership of an account can be done at any moment.
The Lock account option prevents non-primary admin users from revoking or transferring account ownership. This setting is available only for the primary administrator account, which by default is the account used to create the site and can be transferred.
2. Easy troubleshooting tool to help diagnose network connectivity issue with connectivity tests like ping and traceroute.
This new option can be used to test the reachability of an Instant On device by using ping and traceroute. Ping provides a way to test connectivity from any Instant On device on the network to any host names or IP addresses. Ping measures the roundtrip time for messages sent from the originating host to a destination. Users can easily review the connectivity condition in good, fair, or poor results with roundtrip time. When in non-ideal connectivity result, path analysis will be done through traceroute to help troubleshoot.
3. Fine-tune RF coverage for a specific environment with transmit power control and per-device radio management.
You can now control the radios of an Instant On AP to fine-tune the RF plan for a specific environment. In addition to the existing site radio configuration page, with Instant On 2.3, each AP now has its own radio configuration page, with a per-radio toggle to indicate whether the AP's radio uses its own local device configuration or inherits it from the global (site) configuration.
New per-device radio management allows you to fine-tune the RF plan for specific environments needs. Proper configuration of transmit power is important to ensure a wireless network is operating at its highest capacity.
4. Secure your network by authenticating devices based on their physical MAC addresses.
Every network device has a unique physical Media Access Control (MAC), which can be used to authenticate the device for network access. In addition to 802.1X authentication, Instant On 2.3 now supports Radius MAC-based authentication, providing flexible options for security configuration.
MAC authentication enables authentication for IoT devices that do not support 802.1X authentication (cameras, smart door locks, lighting controllers, etc.) and for legacy devices like printers without an 802.1X supplicant.
5. Gain path redundancy while preventing undesirable loops in the network with STP visibility.
Spanning tree protocol (STP) is used to prevent layer 2 loops and broadcast storms on a network as well as for network redundancy. Instant On 2.3 supports an enhanced STP feature with root bridge and bridge priority visibility features. Automatic bridge priority is assigned for each device based on Instant On network topology, which bypasses tedious per-device STP setup.
6. Diagnose errors on the network without affecting flow of traffic on the source interfaces with switch port monitoring.
Port mirroring allows traffic from specific ports or a network (i.e. VLAN) to be copied to a destination port for better monitoring of network performance and troubleshooting of network issues. Port mirroring is used to analyze and debug data or diagnose errors on networks without affecting the packet processing capabilities of the network devices.
7. Easily assign the same IP address to a specific device whenever that device connects to your network with DHCP IP Reservation
Users now have an option to reserve IP addresses for connected devices, when an Instant On Access Point is used as DHCP server (router mode) in the network.
With reserved IP addresses, users can easily locate devices like a printer or a network-attached storage (NAS) with the same IP addresses without worrying about the IP address changes after device reboot or DHCP IP lease expiration.
8. Eliminate sticky client issue and optimize roaming performance with the 802.11k standard.
A sticky Wi-Fi client remains connected to an access point (AP) even as the device roams further and further away from the AP. It’s a frustrating experience when your device shows low signal even when you are standing directly underneath an AP. With 802.11k enabled in Instant On 2.3, supporting clients can request a neighbor report from the currently associated APs. When the signal strength of the current AP weakens, the user’s device will scan for target APs in the vicinity.
The use of 802.11k is dependent on client support for this feature, but it is becoming well supported among newer mobile devices.
Instant On 2.3 includes other great enhancements, including delivering faster on-boarding experience, reducing boot-up time for access points to get the latest firmware updates. This significantly improves on-boarding experience allowing users to continue with network setup, while the access point processes latest firmware in the background.
In addition to the above, new bulk VLAN assignment feature provides an accelerated way to configure all ports on an AP11D or switch at once to a particular VLAN network. The three types of bulk operations available are: All clear, All Tagged, All untagged.
Simple, Powerful Business Wi-Fi That Keeps Getting Better
At Aruba, we’re committed to incredibly simple, incredibly powerful business networking. We’re equally committed to continually enhancing Instant On to provide our customers and partners with more value and more amazing features with every software release.