Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Getting Started with AOS-CX Deployments
Before you get started with your onboarding and provisioning operations, browse through the list of Supported AOS-CX Platforms in HPE Aruba Networking Central.
Provisioning Workflow
The following sections list the steps required for provisioning AOS-CX switches in HPE Aruba Networking Central.
Provisioning a Factory Default Switch
Like most HPE Aruba Networking devices, AOS-CX switches support ZTP Zero Touch Provisioning. ZTP is a device provisioning mechanism that allows automatic and quick provisioning of devices with a minimal or at times no manual intervention.. Switches with factory default configuration have very basic configuration for all ports in VLAN-1. When a new AOS-CX switch (factory default) is powered on, it automatically obtains IP address, connects to HPE Aruba Networking Activate and downloads the provisioning parameters. When the switch identifies HPE Aruba Networking Central as its management entity, it connects to HPE Aruba Networking Central.
To manage AOS-CX switches from HPE Aruba Networking Central, you must onboard the switches to the device inventory and assign a valid subscription.
For step-by-step instructions, see Provisioning Factory Default AOS-CX Switches.
Provisioning a Pre-configured or Locally-Managed Switch
Pre-configured switches have customized configuration; for example, an additional VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. or static IP address configured on the default.
HPE Aruba Networking Central management service is enabled by default on AOS-CX switches. When the switch is powered on, it identifies HPE Aruba Networking Central as its management entity and connects to HPE Aruba Networking Central.
To manage AOS-CX switches from HPE Aruba Networking Central, you must onboard the switches to the device inventory and assign a valid subscription.
For step-by-step instructions, see Provisioning Pre-Configured AOS-CX Switches.
Group Assignment
HPE Aruba Networking Central supports provisioning AOS-CX switches in UI and template groups. Template groups allow you to configure devices using CLI-based configuration templates. UI groups allow you to configure devices using UI-based configuration options.
The following figure illustrates the group assignment workflow in HPE Aruba Networking Central:
Figure 1 Group Assignment- AOS-CX Switches
Moving AOS-CX Switches Between Groups
AOS-CX switches can also be moved between groups in HPE Aruba Networking Central. When moving switches from an unprovisioned, template, or UI group to another UI group, the existing switch configuration can be retained by selecting the Retain CX-Switch Configuration check box on the Move Devices page. If the configuration on the device and the group are different, HPE Aruba Networking Central retains the device configuration as device overrides. Consider the following points when selecting this check box:
- When moving the switches to the UI group, all supported UI group configurations except the following, if present at the group-level for the destination group, are applied to the switches:
- System Properties—Only the device administrator password, if configured in the group, is updated on the switch.
- Authentication (MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. and 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority.)
- Spanning Tree (Loop Prevention)
- HTTP Hypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands. Proxy
- User-based tunneling
- Logging servers
- SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention.
- Port interfaces
- If any group configuration has dependent configuration, then the dependent configuration will not be applied to the device.
For example, any LAG Link Aggregation Group . A LAG combines a number of physical ports together to make a single high-bandwidth data path. LAGs can connect two switches to provide a higher-bandwidth connection to a public network. configuration that is present at the group-level (not at the device level) will be applied. However, the port configuration in a LAG will not be applied, as port configuration is a dependent configuration of LAGs.
- Device-level RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. and TACACS Terminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. server configuration will be retained, if present. And also any new group-level configuration will be applied. However, if any retained device configuration conflicts with group-level configuration, then group-level configuration takes precedence, and those conflicting configuration will be replaced.
If you are onboarding a switch and keeping it in its current group, any existing configuration on the switch will be modified if it is moved to a UI group. However, if the switch has the CLI command configuration-lockout central managedapplied, the configuration will be locked and remain unchanged during the move to the UI group.
AOS-CX Switch Configuration
HPE Aruba Networking Central supports managing AOS-CX switches configuration using configuration templates and UI group configuration.
When an AOS-CX switch is connected to HPE Aruba Networking Central and managed using the WebUI, HPE Aruba Networking Central becomes the single source of configuration for the switch. In the HPE Aruba Networking Central Manged mode, the switch cannot be configured using any of the other switch configuration interfaces, such as the switch CLI, REST Representational State Transfer. REST is a simple and stateless architecture that the web services use for providing interoperability between computer systems on the Internet. In a RESTful web service, requests made to the URI of a resource will elicit a response that may be in XML, HTML, JSON or some other defined format. APIs Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software., NBAPIs, and SNMP. You can use any configuration options available in HPE Aruba Networking Central to configure the AOS-CX switches in the Managed mode. You can use the MultiEdit MultiEdit mode allows configuring single or multiple AOS-CX switches using the CLI syntax. You can also view the difference between the Central running configuration and the switch running configuration. mode on the UI to run commands on the switch through HPE Aruba Networking Central. For information, see Configuring and Viewing AOS-CX Switches in MultiEdit Mode .
The HPE Aruba Networking Central Managed mode is applicable to AOS-CX switches running the firmware version 10.07 or later, and to those switches that have been added to an HPE Aruba Networking Central group. This mode is not applicable to switches in the unprovisioned state.
Configuration Using Templates
HPE Aruba Networking Central supports managing AOS-CX switches configuration using configuration templates. Ensure that you assign the AOS-CX switches to a template group.
- When initially onboarding an AOS-CX switch to HPE Aruba Networking Central, you must manually create the template for the switch in a group, along with the password in plaintext format. You can use the output of the show running-config command to create the template. You can also add variables to use the same template for onboarding multiple AOS-CX switches.
- In the AOS-CX template configuration, the pound sign (#) is used for adding comments. When using the
banner motd
code in the template configuration, use a delimiter such as at (@) symbol or any other special character, than using the pound sign (#). Using the pound sign (#) with thebanner motd
code will cause the code to be dropped when processing the template.
For more information on managing AOS-CX switches in HPE Aruba Networking Central using templates, see AOS-CX Configuration Using Templates.
Configuration Using UI Groups
HPE Aruba Networking Central supports managing AOS-CX switches configuration using UI groups. You can configure AOS-CX switches that are added to a UI group, using the UI options and MultiEdit mode. You can pre-configure groups in the absence of switches.
For more information on managing AOS-CX switches in HPE Aruba Networking Central using UI group configuration, see Configuring AOS-CX Switches in UI Groups.
Replacing a VSX member
When replacing a VSX Virtual Switching Extension. VSX is a virtualization technology for aggregation/core switches running the AOS-CX operating system. This solution lets the switches present as one virtualized switch in critical areas. switch member that is configured and managed through HPE Aruba Networking Central, ensure that the new replacement switch is assigned to the same group as the old switch. If the assigned group is the template group, ensure that the variables for the new replacement switch are same as the old switch. In the case of the UI group, if the VSX switch is configured using MultiEdit, you need to copy the original configuration from the MultiEdit configuration editor and paste it to the new replacement switch after moving it into the group.
AOS-CX Stack Configuration
HPE Aruba Networking Central supports managing AOS-CX switch stacks configuration using UI group configuration and templates.
For more information on managing AOS-CX switch stacks in HPE Aruba Networking Central using UI group configuration, see AOS-CX VSF Stack Configuration Using UI Groups.
For more information on managing AOS-CX switch stacks in HPE Aruba Networking Central using templates, see AOS-CX Configuration Using Templates.
AOS-CX Switch Monitoring
To view the operation status of switches and health of wired access network:
- In the WebUI, set the filter to a group containing at least one switch.
For all devices, set the filter to
. Ensure that the filter selected contains at least one active switch.The dashboard context for the selected filter is displayed.
- Under
A list of switches is displayed in the
view.
, click > . - Click an AOS-CX switch under .
The dashboard context for the switch is displayed.
For more information, see Monitoring Switches and Switch Stacks.
Viewing VSX Details
HPE Aruba Networking Central displays information about VSX configuration of AOS-CX switches. For more information, see VSX Details in Switch Dashboard.
Last synced data is displayed in the Switch > VSX page only when VSX synchronization is enabled for the AOS-CX switch. However, enabling VSX synchronization using template configuration in HPE Aruba Networking Central is not recommended. By enabling VSX synchronization, the peer switch may get into an unknown configuration state.
Viewing Topology Map
In HPE Aruba Networking Central, the tab in the site dashboard provides a graphical representation of the site including the network layout, details of the devices deployed and health of the WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. uplinks and tunnels. HPE Aruba Networking Central supports AOS-CX switches to be displayed in the tab. For more information, see Topology Tab in Site Dashboard.
Troubleshooting and Diagnostics
If you are unable to view all details of the AOS-CX switch, then maybe the template configuration was not applied correctly, the password was missing in the template configuration, or the password was not in plaintext. See the audit trail to check the status of the switch. The audit trail should show the device onboarded message for the switch serial number followed by the configuration push and login successful messages. For more information on troubleshooting AOS-CX switch onboarding issues, see Troubleshooting AOS-CX Switch Onboarding Issues.
Configuration Status
The HPE Aruba Networking Central > > in the HPE Aruba Networking Central UI displays errors in configuration sync, template configuration, and a list of configuration overrides. For more information, see Configuring Audit Properties.
page underThe HPE Aruba Networking Central > > in the AOS-CX UI configuration page of HPE Aruba Networking Central displays configuration status of the switches, pending changes, and local overrides present in the AOS-CX switches. For more information, see Configuration Status of AOS-CX Switches.
page underTroubleshooting Tools
To troubleshoot AOS-CX switches remotely, use the tools available under HPE Aruba Networking Central > > . For more information, see Troubleshooting Tools.
Actions Drop-down
You can also reboot, connect to the remote console of the switch, or generate a tech support dump for troubleshooting the device, by using the tools available under the
drop-down. The drop-down is available in the switch monitoring pages.The
drop-down lists the following options available for remote administration of the switch:Figure 2 Actions Menu
- Rebooting Switches. —Reboots the switch. See
- Troubleshooting HPE Aruba Networking Switches. —Allows the administrators to generate a tech support dump for troubleshooting the device. See
- SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. . Ensure that you allow SSH over port 443. The default user ID is admin, but you can edit and customize the user ID. This custom user ID must be mapped to the device. See Remote Console Session. —Opens the remote console for a CLI session through
- VSF Virtual Switching Framework. VSF allows network administrators to stack multiple individual switches into a single logical device using standard Ethernet links. Switchover—Triggers the standby conductor switch to take over the conductor role. This option is applicable only for AOS-CX switch stacks. See Switching Over the Conductor Role.
If the Copy and Paste function from the keyboard shortcut keys (CTRL+C and CTRL+V) do not work in your web browser, use the Copy and Paste functions available under the menu options in the web browser.
You can only troubleshoot HPE Aruba Networking switches using the option in HPE Aruba Networking Central. You cannot configure the switches.