We at Mist are constantly working on making the Mist experience the best possible experience. So every week you will see new and updated cloud features. Here are the updates for March 20th, 2018.
Simplified Operations
Search filter improvements
Our search filter box has been an integral part of the Mist experience, providing a seamless way of finding specific sites, APs, and clients. This week we are improving on the search function by allowing partial phrases to be entered in the search field. If you have key phrases incorporated in your naming scheme, our new search can filter these out to your needs. For example APs with the names “Floor1_A,” “Floor1_B,” “Floor1_C” can now be grouped and found by searching for “Floor1.”
Disable specific AP ports
On our AP41 model Access Points, there are three existing ethernet ports: The Eth0+PoE In, Eth1, and the module port. The Eth0 port is the only mandatory port for the AP to receive connectivity, so for security purposes we are allowing the option of disabling the other two ethernet ports if they are inactive. If your AP is in a public space that is easily accessible to unknown users, disabling Eth1 would remove situations where someone can access your network without the correct permissions.
To disable or enable your eth1 and module ports, navigate to Access Points and find the Ethernet Properties section to make your changes.
Network Programmability
Additional interoperability features in Tunnelling (beta users only)
Please note that this feature requires beta access as well as specific firmware. Please contact support@mist.com for access.
Mist supports tunneled architecture with 3rd party concentrators using L2TPv3. This addresses a traditional layer 2 tunneling use case.
In certain remote branch or telecommuter deployments, the data is required to traverse the public internet, while still requiring to extend a corporate vlan to the edge on the Mist Access Point behind a DHCP/NAT modem or router. Mist is introducing IPSec over multipoint GRE/DMVPN to address these remote deployments with tunneling considerations. An administrator can run DMVPN with or without IPSec enabled.
IPsec
Internet Protocol Security, or IPsec, ensures additional security by encrypting data packets sent over networks. With the use of IPsec in our WLAN Data Tunnels, you can better protect the data flows transmitted between hosts and security gateways.
By default, IPsec in the Tunnels configuration is disabled. To use this feature, navigate to Network -> Tunnels and select Enabled in the DMVPN box. This will allow IPsec options to be displayed. Here you can enable IPsec, provide a passphrase and click save to apply the changes. Now your tunnel will require a passphrase for access.
802.1ad
802.1ad, otherwise known as QinQ, allows for the use of multiple VLAN tags in single ethernet frames. Mist is excited to announce the inclusion of QinQ in our WLAN Data Tunnel configurations. With this additional feature, users can run their own personal VLANs while inside of a provider’s VLAN, allowing for additional personalization of their personal network configurations. This also removes the needs of the provider to configure a different VLAN for each user. QinQ is useful for deployments where some tunnel concentrators need unique 802.11q/VLAN tag for a sub-interface where each sub-interface is used to logically terminate a tunnel from a Mist Access Point. When a corporate vlan is extended remotely, one can generate unique outer tags with an inner corporate vlan tag.
By default, 802.1ad is disabled, but to enable this feature navigate to Network -> Tunnelsand select the 802.1ad checkbox for each desired session configured with VLAN type.
Please contact Mist for details around provisioning and use of DMVPN/IPSec with tunnel concentrators that may require QinQ.
If you would like access to beta features, please contact support@mist.com and we can help grant you access.