Simplified Operations
New Successful Connects SLE
This week we made some improvements to our Successful Connects Metric. Successful Connects in the SLE represents the % of successfully completed connections. For failed connection attempts, we identify the reasons for failure.
In the previous implementation, we had 3 failure classifiers – Authorization, Association and DHCP which detected failures during the client connection phase.These can be termed as pre-connection classifiers since they capture failures during client’s connection with the AP, including new connections and during roams.
With the new improvements to this existing logic, more failure classifiers have been introduced to capture post connection failures as well i.e. the failures after the connection with the AP is successful (auth/assoc and DHCP is complete). This post-connection phase includes ARP and DNS resolutions for the clients as well as DHCP renew requests by clients after expiry of lease time for the IP.
New Classifier Changes
New changes involving post connection failures include two new classifiers (ARP and DNS) as well as improvements to the existing DHCP classifier.
ARP – ARP for the default gateway fails, or ARP gateway fails after the initial connection or roam.
DNS – DNS failures (failures in domain name resolution) experienced during or after the connection process.
DHCP – Connection fails during the DHCP process. This classifier already existed but there are some improvements in the existing DHCP classifier. While the previous DHCP classifier only considered DHCP failures during initial connection or roams, the new DHCP implementation also captures failures after connection/roams, and during DHCP renew requests.
DHCP post connection failures are further categorized into sub-classifiers. We have renamed the existing sub-classifiers and added some new ones to cover more cases:
- Discover Unresponsive – This sub-classifier already existed (called ‘Unresponsive’), it includes when there is no response to a DHCP discover.
- Renew Unresponsive – This new sub-classifier includes when there is no response to a DHCP renew.
- DHCP Nack – This sub-classifier already existed (called ‘Nack’), but now it also includes DHCP Nack attempts of DHCP renew requests.
- DHCP Incomplete – This sub-classifier already existed (called ‘Stuck’), when the client received a response to its request, but did not complete the transaction. Now it also includes DHCP incomplete attempts of DHCP renew requests.
Please note that with the new support added for DHCP renew attempt failure detection, we are now counting both renew attempts and connection attempts, which will increase the total attempts considered while calculating success % for Successful Connects.
Client Roaming Visualization
Recently, we offered a sneak peek at the enhanced visual representation of client roams. Starting today, these features are available on our UI! These visualizations can be found in two areas on the Mist portal – the client insights page, and in the Marvis results when searching for roaming clients.
In the Client Insights page you can find the Roaming Visualization within the Post-connection section. This widget view gives a basic graphical representation of your client roams. Clicking on the expand button opens up a more detailed modal view where you can modify the time range by zooming in and out. Viewing a smaller time window will allow a more granular view of all roam events, including short interval roams.
The colored bars indicate the RSSI values during the roam, and the Roam Status icons indicate “Good,” “Warning,” and “Bad” roams. Roam events are marked “Warning” when the client goes through a change in Band or WLAN. Roam events are marked “Bad” when the RSSI value during a client roam is below -70 dBm.
Hover over the Roam Status indicators to reveal a details box with more information such as the BSSID, WLAN, Protocol, etc.
Use the Marvis search query “Roaming of <Client>” to view even more details for the roam events. The Graph view should look familiar, as it is the same visual representation used in Client Insights.
The Floorplan view allows you to cycle through the list of roam events in the Associations box on the right. Here, either click on the arrow buttons or use your keyboard arrows to follow along with the roam path the client took. The AP that the client roams to will be highlighted on the Floorplan with the color correlating to its RSSI value during the roam. If the client roamed through multiple floorplans on your site, you can select the Multi-Map View tab to see all of your floorplans in one page. Navigating with Single-Map View is easy as well since the Floorplan will automatically change according to the selected AP location.
The Table view shows a detailed list of all roam events for a client in the selected time range. The RSSI colors and Roam Status indicators are both still visible in this view. Use this to quickly glance through the roams and identify problem areas on your site. To save this data, click on the download button in the top right corner to export a CSV file of your roam history.
Password Policy Improvements
Now, Org admins can enforce 2-factor authentication as well as password restrictions for any user who has access to the site or organization. In the Organization Settings page (Organization > Settings), there is a Password Policy section where you may select Require 2-factor authentication. Users without 2FA enabled on their accounts will be redirected to their Account Settings page and be prompted to enable 2FA. The same behavior applies to those with passwords that don’t satisfy the Org Password Policy. Until the user makes the needed changes to their password/2FA, they will be locked out of navigating the organization.
Password Reset Disables Two-Factor Authentication
By default, whenever you go through the password reset process, we disable the 2-factor authentication on your account. This is to prevent instances where you will not have a way to recover your account when you lose your authenticator app. To ensure that you are aware of the 2FA getting disabled, we are now including a reminder message on our UI when you request a password recovery. Make sure to enable 2FA after you change your password in your Account Settings page (👤 > My Account).
Network Programmability
AP Invalid Config Recovery [requires rc1 firmware]
We now have the option in the UI to automatically revert your AP to its last known configuration if it ever encounters a corrupt config. This function was previously available via our API, but now you may set this up in our GUI as well. Under your site settings page (Organization > Site Configuration > Select your site), locate the Access Point Settings section. Here, you can enable this feature for all APs on your site as long as they are running rc1 firmware or newer.
Wired Assurance
Switch Photos
To help with managing and locating physical switches on your switch rack, we are introducing the Switch Photos feature as a part of a new Wired Assurance capability. This may sound familiar as we are using the same implementation as our AP Photos feature. In your Switch details page (Switches > Select a Switch), you will find the Switch Photos option under Properties. Here, you may upload up to 3 pictures taken of your switch setup to help easily find your switches in person. You may want to take several photos to indicate location of the switch, any Virtual Chassis connections, and any other landmarks to look for.