Verifying Aruba SD-Branch Hub Spoke Topology
This section explains how to verify the SD-Branch topology.
Table of contents
Verify SD-WAN Tunnels
Check the VPNCs first because they manage the aggregation of all branch gateway tunnels.
To verify that the tunnels are up, navigate to the UI-VPNC-SD-WAN and select one of the VPNCs. Select WAN from the left navigation pane to view and verify that all tunnels are up.
Repeat this step for the second VPNC.
Verify that the following is displayed:
- Status is Up.
- Availability is trending upward or 100%.
Click Tools on the left menu. Select the Console tab, log into the console, and use the show crypto ipsec sa option to see the tunnel type
Verify that the following is displayed:
- Tunnel Type is Hubandspoke.
- Flags display UTlt.
Go to UI-BGW-01 and select one of the Branch Gateways. Select WAN, then select the Tunnels tab.
Verify that the following is displayed:
- Status is Up
- Availability is trending upward or 100%
Verify Routes
Select the UI-VPNC-SD-WAN group. Select one of the Branch gateways. On the Overview page, select the Routing tab.
Select Overlay, then change the overlay details to Routes learned.
Verify that summarized routes are learned using the overlay.
Ensure the following is displayed:
- Summary routes from each branch
- Availability is trending upward or 100%.
Select the UI-BGW-01 group. Select one of the Branch Gateways. On the Overview page, select the Routing tab.
Select Overlay and change the overlay details to Routes learned. Verify that routes are learned via using overlay.
Ensure the following is displayed:
- A summary route for the campus network is learned via the Overlay.
Verify NTP
Verify the NTP configuration using the show ntp status command.
Verify that the following is displayed:
- The NTP status is enabled.
- The NTP server connections are in the default VRF.
- The reference time is correct for the timezone
These values indicate the NTP service is reachable by the switch.
Verify DHCP Snooping
Verify the DHCP Snooping and ARP inspection configurations using the show dhcpv4-snooping statistics, show dhcpv4-snooping binding, and show arp inspection statistics vlan commands.
Verify that the following is displayed:
- Packet-Type: server, Action is forward.
- Packet-Type: client, Action is forward.
The non-zero values indicate that DHCP snooping is actively forwarding traffic from servers and clients.
Verify Radius
Verify the RADIUS configuration using the show radius-server command.
Ensure the following is displayed:
- Both servers are reachable, without a “*” before their name.
- The VRF is set to default.
These values indicate that the RADIUS servers are reachable in the correct VRF.
Verify Device Profile and Radius Authentication
Verify the device profile configuration using the show port-access clients and show port-access device-profile all commands.
Verify that the following is displayed:
- Radius Onboarding displays Success.
- The Authorization Details are applied.
- The VLAN is displayed.
- The device-profile onboarding method is a Success.
- The profile name and LLDP group state are applied
These values indicate the device profiles are applied and devices are onboarded.