Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
HTTP Proxy support with ZTP overview
The Aruba switch connects through Public Cloud or infrastructure to access Aruba Activate and Aruba Central. The switch can use a combination of the Public and Private networks to access Aruba AirWave, and Aruba ClearPass. In this case, the switch is visible as an Internet asset that can cause data breaching. Routing connections through the enterprise proxy servers prevents the data breaching.
The AOS-S does not set up an HTTP/SSL Secure Sockets Layer. A technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems. connection with the public or private server directly. Instead, the switch sets up a TCP Transmission Control Protocol. A connection-oriented communications protocol that facilitates the exchange of messages between computing devices in a network. connection with the proxy server.
If the public server is available and reachable through the proxy server, then the switch connection to the destination server is successful. After establishing the connection, the proxy server behaves as a Network Address Translation (NAT Network Address Translation. A process in which one or more local IP address is translated into one or more Global IP address and vice versa to provide Internet access to the local hosts.) device, in which case, the proxy server forwards the received packets to the intended destinations.
Limitations
-
HTTPS proxy is not supported.
-
Authenticating the HTTP proxy is not supported.
-
HTTP proxy support is only for IPv4 endpoints.
When the switch is provisioned for Central or Controller, switch is managed once it is connected to the public network. In case the user wants to reach the public network through the proxy, then the IP address of the proxy server must be present in the switch before initiating the Activate or Central connectivity.
In ZTP mode, the proxy IP address can be received using the DHCP Dynamic Host Configuration Protocol. A network management protocol used for automatically assigning IP addresses and other communication parameters to devices connected to the network. option. The ZTP mode works when the switch is booted with a default configuration. For the switch to connect to public servers through proxy, the proxy IP must be known through DHCP. The switch requests an IP address from the primary VLAN Virtual Local Area Network. Separate logical broadcast domain created within a physical network..
The proxy IP address is received through a vendor-specific DHCP option. The switch parses and uses the proxy IP address to connect in ZTP mode. Aruba switches reserve suboption -148 under DHCP vendor-specific option 43 for configuring proxy URL.
After the switch is out of ZTP mode, the proxy IP address if configured through CLI takes precedence. Otherwise, the Aruba OS switch may use the DHCP received proxy IP address for connectivity.
