Configuring Single Gateways
The following section of this guide will illustrate the steps for upgrading and configuring both individual gateway deployments and redundant gateway deployments using the configuration wizard. After completing the onboarding process, the guide will also provide instructions for configuring WAN HA and VRRP for redundant gateway deployments.
Table of contents
Upgrade Gateways
Step 1 Click the Appliances Discovered button.
Step 2 Click the Approve button for the Boise gateway appliance.
Step 3 Click the software version and change it to the desired version. This example uses: 9.2.2.0_94322
Step 4 Repeat this process for the remaining gateways.
Setup Gateway Appliance
The following process will walk through all 5 of the configuration wizard steps.
Step 1 Click Approve on the Non redundant gateway appliance.
Step 2 Click Skip
Step 3 For the first step of the appliance enter in the following information for the Boise-Branch.
Input | Boise-Branch | Portland-Branch | Chicago-Branch |
---|---|---|---|
Appliance | BOIBR-ECE-1 | PORBR-ECE-1 | CHIBR-ECE-1/CHIBR-ECE-2 |
Admin Password | < Password> | < Password> | < Password> |
Group | Branch | Branch | Branch |
Site Name | Boise-Branch | Portland-Branch | Chicago-Branch |
Contact Name | Aruba TME | Aruba TME | Aruba TME |
Contact Email | < Company Email> | < Company Email> | < Company Email> |
Address | 12601 W Explorer Dr | 308 SW 2nd Ave #700 | 303 E Wacker Dr Suite 2700 |
City | Bosie | Portland | Chicago |
State | Idaho | Oregon | Illinois |
Zip Code | 83713 | 97204 | 60601 |
Step 4 Click Next
Step 5 Click the Deployment profile drop down menu. Select the MPLS + Internet Branch profile.
Note: The Chicago branches will use the Internet Only branch profile for CHIBR-ECE-1 and the MPLS Only Branch profile for CHIBR-ECE-2.
Step 6 Enter the IP and mask for each of the VLAN’s using the following table:
VLAN ID | Description | BOIBR-ECE-1 IP Address | PORBR-ECE-1 IP Address | CHIBR-ECE-1 IP Address | CHIBR-ECE-2 IP Address |
---|---|---|---|---|---|
100 | MGMT VLAN | 10.14.48.1/24 | 10.14.40.1/24 | 10.14.32.2/24 | 10.14.32.3/24 |
101 | Employee | 10.14.49.1/24 | 10.14.41.1/24 | 10.14.33.3/24 | 10.14.33.3/24 |
102 | Camera | 10.14.50.1/24 | 10.14.42.1/24 | 10.14.34.3/24 | 10.14.34.3/24 |
103 | IOT | 10.14.51.1/24 | 10.14.43.1/24 | 10.14.35.3/24 | 10.14.35.3/24 |
104 | Guest | 10.14.52.1/24 | 10.14.44.1/24 | 10.14.36.3/24 | 10.14.36.3/24 |
105 | Reject | 10.14.53.1/24 | 10.14.45.1/24 | 10.14.37.3/24 | 10.14.37.3/24 |
106 | Critical | 10.14.54.1/24 | 10.14.46.1/24 | 10.14.38.3/24 | 10.14.38.3/24 |
107 | Quarantine | 10.14.55.1/24 | 10.14.47.1/24 | 10.14.39.3/24 | 10.14.39.3/24 |
Step 7 On the Critical Auth VLAN select the DHCP Server button.
Step 8 Use the Following settings to configure the DHCP server. Use the relevant IP subnet for the other branches.
Subnet/Mask: 10.14.54.0/24
Start IP: 10.14.54.10
End IP: 10.14.54.254
Default Lease: 8
Gateway IP: 10.14.54.1
DNS Server: 8.8.8.8, 8.8.4.4
Step 9 Configure the WAN1 for the Bosie-Branch, enter the following for the:
Boise-Branch | Portland-Branch | Chicago-Branch | |
---|---|---|---|
IP/Mask: | 100.100.7.66/29 | 100.100.7.58/29 | 100.100.7.50/29 |
Next Hop: | 100.100.7.65 | 100.100.7.57 | 100.100.7.49 |
Step 10 Click the Calc button to set the license.
Step 11 Click Next.
Step 12 Click Next.
Note: The Loopback interface will be configured automatically by Loopback Orchestration.
Step 13 Configure a summary route for the Branch network. Click Add
Step 14 Enter Summary Address for branch: 10.14.48.0/21
Step 15 Click Next
Step 16 Verify the BIO overlays configured in the Initial setup.
Step 17 Click Next
Step 18 Click Apply
Step 19 Repeat Steps 1-18 for the other branch gateways.
Step 20 Verify tunnels are up, Navigate to Configuration> Tunnels.
Configuring EdgeHA
The following steps assume that the Chicago gateways have been onboarded using the configuration wizard. Once the devices have been configured Enable WAN HA, this will allow the gateways to appear as a single logical devices and share WAN uplinks.
Step 1 Right click the CHIBR-ECE-1 device, select Deployment.
Step 2 In the top left side check the EdgeConnect HA box.
Step 3 When the EdgeConnect overview page appears, click close
Step 4 In the bottom left select the HA Peer, CHIBR-ECE-2
Step 5 Change the HA-Link to LAN0 for both appliances.
Step 6 Click Save
Caution: Each Appliance must have a unique WAN side connection, do not connect redundant WAN connections or enable active active forwarding.
Configuring VRRP
The following section walks through configuring VRRP, for the HA pair. The device with a higher priority will be the VRRP leader (CHIBR-ECE1), the device with the lower priority will be the backup (CHIBR-ECE2). Both devices will have preemption enabled so in the case that CHIBR-ECE1 fails and comes back online it will become the leader again.
Step 1 Select the Configuration tab in the top left hand side.
Step 2 In the Networking column select VRRP.
Step 3 Select CHIBR-ECE1, click the Pencil Icon.
Step 4 In the Popup menu, click Add VRRP
Step 5 In the new VRRP row, enter the following:
Group ID | Virtual IP Address |
---|---|
100 | 10.14.32.1 |
101 | 10.14.33.1 |
102 | 10.14.34.1 |
103 | 10.14.35.1 |
104 | 10.14.36.1 |
105 | 10.14.37.1 |
106 | 10.14.38.1 |
107 | 10.14.39.1 |
Step 6 Repeat steps 1-5 for CHIBR-ECE-2
Step 7 Set the Priority Config to 100.
Group ID | Virtual IP Address | Priority Config |
---|---|---|
100 | 10.14.32.1 | 100 |
101 | 10.14.33.1 | 100 |
102 | 10.14.34.1 | 100 |
103 | 10.14.35.1 | 100 |
104 | 10.14.36.1 | 100 |
105 | 10.14.37.1 | 100 |
106 | 10.14.38.1 | 100 |
107 | 10.14.39.1 | 100 |
Configuring VRRP IP SLA
Step 1 Select the Configuration tab in the top left hand side.
Step 2 In the Templates & Policy column select IP SLA.
Step 3 Click the Pencil Icon next to any of the listed SLA’s.
Step 4 When the popup appears click the Add button on the top left side.
Step 5 In the new IP SLA Rule set the Monitor to: VRRP Monitor
Step 6 Select the Lan1 interface.
Step 7 Set the Down Action to: Modify Subnet Metric
Step 8 Set the delta to : 1000
Step 9 Set the up action to: Default subnet Action
Step 10 Repeat the following settings for each Lan1 sub interface.
Step 11 The complete configuration should look like the following.
Step 12 Repeat steps 1-10 for CHIBR-CHI-2.
Configuring App Express (Optional)
App Express is designed to optimize application performance by steering SaaS applications to the path with the best connectivity. The following example will demonstrate how to configure a custom SaaS application and enabled App Express.
Step 1 Select Configuration.
Step 2 Click Application Definitions.
Step 3 On the Application definition page click Hide Advanced App Definitions.
Step 4 Click Add New Application.
Step 5 On the Application definition page enter the following.
Type: TCP Port
Port Number: 443
Name: slack_homepage
AppExpress: Monitor and Steer
Ping Type: Https
Ping Hostname: app.slack.com
User Experience Thresholds: 200 , 500
Note: Monitor and Steer must be selected for app express to work.
Step 6 Click AppExpress Group in the sub-menu.
Step 7 Click Add Group.
Step 8 On The Add AppExpress group enter the following.
- Group Name: business_critical
- Overlay: BulkApps
- Check both Transports.
- Target QoE: Excellent
Step 9 Drag the below applications over to the business_critical group. Then click save.
- Atlassian
- Office365Common
- Office365Exchange
- Slack
- Slack_homepage
- Zoom
Step 10 Click Apply AppExpress in the sub-menu.
Step 11 Click Add next to the business_critical group that was created.
Step 12 Click Apply.
Step 13 Select AppExpress Summary
Step 14 Verify App Express is working.