Aruba Central User guide

Aruba

SD-WAN Solution

User Guide

Revision 02 | May 2020 Aruba SD-WAN Solution | User Guide

Copyright Information

Open Source Code

This product includes code licensed under the GNU General Public License, the GNU Lesser General Public

License, and/or certain other open source licenses. A complete machine-readable copy of the source code

corresponding to such code is available upon request. This offer is valid to anyone in receipt of this information

and shall expire three years following the date of the final distribution of this product version by Hewlett

Packard Enterprise Company. To obtain such source code, send a check or money order in the amount of US

$10.00 to:

Hewlett Packard Enterprise Company

6280 America Center Drive

San Jose, CA 95002

USA

Contents

Contents 3

About This Document 14

Intended Audience 14

Related Documents 14

Conventions 14

Contacting Support 15

Aruba SD-Branch Solution 16

Why SD-WAN? 16

Key Features and Benefits 16

How It Works 17

What are the Solution Requirements? 19

How Do I Get Started? 20

Supported Aruba Gateways 20

Getting Started 22

Onboarding Devices to Aruba Central 22

Manually Adding Devices to Inventory 23

Assigning Subscriptions to Aruba Gateways 23

Gateway Subscriptions 23

Assigning Subscriptions to Gateways 24

Virtual Gateway Subscriptions 24

Assigning Gateways to a Group 25

Aruba Gateway Groups for SD-WAN Deployments 25

Assigning Gateways to a Group 25

Assigning Devices to Sites 26

Assigning Labels 26

Assigning a Group Role to an Aruba Gateway Group 27

Connecting Aruba Gateways to Aruba Central 27

Configuring Communication Ports 28

Certificates 29

Uploading Certificates 29

Managing Certificates on Instant APs Configured Using Templates 30

Provisioning Aruba Gateways in Aruba Central 31

Different Modes of Configuring Gateways and Gateway Groups 31

Configuring Branch Gateway Groups Using the Guided Setup 32

Before You Begin 32

Aruba SD-WAN Solution | User Guide Contents | 3

4| Contents Aruba SD-WAN Solution | User Guide

Configuring a Branch Gateway Group using the Guided Setup 32

Step 1: Configuring System Parameters for a Branch Gateway Group 33

Step 2: Configuring a LAN Interface for a Branch Gateway Group 35

Step 3: Configuring a WAN Interface for a Branch Gateway Group 36

Step 4: Configuring VPN Hubs and Routing Profiles for a Branch Gateway Group 38

Step 5: Configuring Policies for a Branch Gateway Group 38

Configuring Branch Gateways Using the Guided Setup 44

Before You Begin 44

Configuring a Branch Gateway Device in the Guided Setup 44

Step 1: Configuring a System IP Address for a Branch Gateway 44

Step 2: Configuring a LAN Interface for a Branch Gateway 45

Step 3: Configuring a WAN Interface for a Branch Gateway 46

Step 4: Configuring Routing Profiles for a Branch Gateway 48

Step 5: Configuring LANRedundancy for High Availability 49

Configuring VPN Concentrator Group Using the Guided Setup 49

Before You Begin 49

Configuring a VPNC Group in the Guided Setup 49

Initiating the Guided Setup 50

Configure Overlay Routing 56

Configuring VPN Concentrators Using the Guided Setup 57

Before You Begin 57

Configuring a VPN Concentrator in the Guided Setup 57

Initiating the Guided Setup 57

Step 1: Configuring a System IP Address for a VPN Concentrator 58

Step 2: Configuring a LAN Interface for a VPNCGroup 58

Step 3: Configuring a WAN Interface for a VPN Concentrator 59

Configuring OSPF 63

Configuring BGP 63

Configure Overlay Routing 65

Deploying Aruba Virtual Gateways 66

Deploying Aruba Virtual Gateways in AWS 66

Virtual Gateway Sizing 67

Features Supported by Virtual Gateway 67

Virtual Gateway Redundancy 67

Software Image for Virtual Gateways 67

Deployment Procedure 67

Additional References 67

Deploying Aruba Virtual Gateways in AWS (Managed Mode) 68

Orchestration Workflow 68

Setting up a Virtual Gateway Instance using the Orchestration Service 69

Deploying Aruba Virtual Gateways in AWS (Unmanaged Mode) 81

Step 1—Set up Virtual Gateway Instance on AWS 81

Step 2—Generate User Data in Aruba Central 85

Step 2—Generate User Data in Aruba Central 86

Step 3—Upload the User Data to the Virtual Gateway Instance in AWS Instance 87

Step 4—Verify the Instantiation Status 87

Troubleshooting Deployment Issues 87

Provisioning Virtual Gateways to Groups 88

Monitoring Virtual Gateways 88

Deploying Aruba Virtual Gateway in Microsoft Azure (Managed Mode) 88

Setting up a Virtual Gateway Instance using the Orchestration Service 88

Deployment Procedure 89

Registering a New Application in Azure 89

Creating a Client Secret 90

Adding the Application Permissions 91

Setting up Access control and Role Assignments 92

Viewing the Application IDs 93

Creating a Resource Group 93

Creating a VNET 94

Creating a Storage Account 95

Configuring containers 96

Uploading the Aruba Virtual Gateway Software Image 97

Creating SSH keys 97

Creating a Security group 98

Adding a Cloud Provider Account in Aruba Central 99

Deploying the Virtual Gateway 100

Licensing Confirmation 103

Verifying the Deployment Status 103

Deploying Aruba Virtual Gateway in Microsoft Azure (Unmanaged Mode) 103

Virtual Machine Sizing Recommendations 104

Deployment Procedure 104

Step 1—Creating a Resource Group 105

Step 2—Creating a Storage Account 106

Step 3—Creating a VNET 107

Step 4—Creating a Network Security Group 109

Step 5—Creating Security Rules 110

Step 6—Configuring Subnets 112

Step 7—Creating Network Interfaces 116

Step 8—Assigning a Public IP Address to NIC2 118

Aruba SD-WAN Solution | User Guide Contents | 5

6| Contents Aruba SD-WAN Solution | User Guide

Step 9—Uploading the Aruba Virtual Gateway Software Image 119

Step 10—Creating Image and Data Disk 121

Step 11—Setting up a Virtual Machine 123

Step 12—Creating SSH Key Pairs 124

Step 13—Generating User Data in Aruba Central 125

Verifying the Deployment Status 127

Configuring an SD-Branch Network Using the Advanced Setup 128

Configuration Checklist 128

Configuring Address Pools for Aruba Gateways 128

Configuring Gateway Pools for Aruba Gateways 129

Configuring DHCP Address Pools on Aruba Gateways 130

Creating a DHCP Pool 130

Excluding IP Address Range 131

Reserving IPaddresses 131

Configuring NAT Pools 132

Creating a NAT Pool 132

Creating a Static 1:1 NAT 132

Configuring Tunnel Pools for Aruba Gateways 133

Uploading Bulk Configuration Template 134

Configuring System Information on Aruba Gateways 134

Configuring Hostname 134

Configuring System IP Address 134

Configuring a Loopback Interface 135

Setting System Clock and Time Zone 136

Configuring Domain Name System 137

Configuring Redirect DNS Servers 137

Configuring Dynamic Domain Name System 138

Setting Capacity Threshold 139

Configuring Device Administrator Credentials for Aruba Gateways 139

Configuring Switching Parameters 143

Configuring AMON Receivers for Aruba Gateways 144

Configuring VLANs on Aruba Gateways 145

Adding VLANs for Aruba Gateways 145

Configuring VLANs for WAN Interfaces 146

Configuring VLANs for LAN Interfaces 146

Configuring Other Parameters for VLAN 147

Configuring SLB using NAT 149

Configuring Health-Check Profile 149

Configuring a SLB Server Group 150

Configuring a SLB Server 150

Configuring Ports 151

Adding Ports 152

Configuring Ports for WAN Interfaces 152

Configuring Ports for LAN Interfaces 153

Configuring Other Parameters for Port 154

Configuring Uplinks 156

Uplink Load Balancing 156

WAN Bandwidth Optimization 156

Configuring Uplink Interfaces on Branch Gateways 157

Configuring Uplink Interfaces on VPNConcentrators 158

Enabling WAN Health Check Probes 159

Monitoring WANHealth 160

Configuring WAN Interface Bandwidth Priorities 160

Creating a WAN Scheduler Profile 160

Configuring the SD-WAN Overlay Network 162

Configuration Recommendations 163

Configuring Overlay Tunnels Automatically 164

Manually Configuring Hub and Spoke VPN 164

Enabling Automatic Whitelisting of Gateways 164

Enabling Automatic Whitelisting of Branch Gateway on a VPN Concentrator 164

Enabling Automatic Whitelisting on Branch Gateways 165

Whitelisting Gateways Manually 165

Adding a VPNEndpoint on Branch Gateways 165

Adding Branch Gateways on VPNConcentrators 166

Advertising Branch Subnets to Hub Sites 167

Monitoring VPNTunnels 167

Configuring Site-to-Site VPN 168

Configuring IPsec Map for Site-to-Site VPNs 168

Enabling Dead Peer Detection 171

Configuring Dead Peer Detection Parameters 171

Configuring Site-to-Site VPN with GRE Tunnel 172

Configuring GRE Tunnels 172

Directing Traffic into the GRE Tunnel 177

Configuring Static Routes 177

Configuring a Firewall Policy Rule 177

Configuring IKE Policies 177

Configuring IKEv1 Policies and Dynamic Maps 177

Configuring IKEv2 Policies and Dynamic Maps 180

Routing 182

Aruba SD-WAN Solution | User Guide Contents | 7

8| Contents Aruba SD-WAN Solution | User Guide

Dynamic Routing 183

Underlay Routing 183

Overlay Routing 183

Routes Configuration on Aruba Gateways 184

Configuring Static IP Routes 184

Creating a Static IP Route 184

Configuring Static Default Gateways 185

Configuring Default Gateways for Dynamic Routing 185

Routes Advertisement Using OSPF 186

OSPF Areas 186

Best Practices for OSPF Configuration 186

Workflow for Configuring OSPF Routing on VPNConcentrators 186

Enabling OSPFConfiguration 187

Configuring a Prefix List 187

Configuring Route Maps 188

Configuring Route Redistribution Criteria 191

Enabling OSPF Configuration on VLANInterfaces 192

Enabling OSPF on the Layer-3 GRETunnel Interface 193

Configuring Administrative Distance 193

Advertising Routes Using BGP 196

Configuring BGP Routing on Aruba Gateways 197

Enabling BGP 197

Configuring a Prefix List 198

Configuring an IP Community List 199

Configuring Route Maps 200

Adding BGP Neighbors 203

Advertising Networks to BGP 204

Configuring Redistribution Rules for BGP Routes 205

Configuring BGP Timers 206

Configuring Multipath Selection 206

Configuring Graceful Restart 207

Configuring Administrative Distance 207

Configuring BGP over an IPsec Tunnel 207

Configuring Policies for PBR 210

PBRPolicies for WANNetworks 211

Configuring Policies for Dynamic Path Steering 213

How Dynamic Path Selection Works 214

Configuring a Dynamic Path Steering Policy 214

SaaS Application Traffic Management with SaaS Express 217

Criteria for SaaS Express Optimal Path 217

Supported Deployment Scenarios 218

Workflow for SaaS Express Configuration 219

Configuring Aruba Gateways for Application Visibility and Control 222

Using Deep Packet Inspection 223

Filtering URLs Based on Website Content and Reputation 225

Enforcing a Common Security Policy for Wired and Wireless Users 229

Configuring Firewall Policies and ACLs 229

Firewall Policies for SD Branch 229

Types of ACLs 230

Configuring Aliases for Firewall Policies 230

Creating a Firewall Policy for Network Services 231

Configuring Access Rules 232

Configuring ACLs for Deep Packet Inspection 233

Creating ACLs for Application Access Control 234

Configuring ACLs for Web Content Classification 235

Configuring Global Firewall Parameters 236

Advanced Monitoring Parameters 240

Configuring User Roles for Clients 240

Creating a Role 241

Assigning a Policy to a Role 241

Assigning User Roles in AAA Profiles 241

Configuring a Default Role Based on Authentication Methods 242

Configuring Bandwidth Contracts 243

Configuring Authentication Profiles 244

Configuring RADIUS Authentication Server on Aruba Gateways 244

Configuring an RFC3576 Server 246

Configuring Other External Authentication Servers on Aruba Gateways 246

Configuring an LDAP Server 246

Configuring a TACACS+ Server 248

Configuring a Windows Server 249

Configuring XML API Server 250

Configuring Server Groups 250

Creating a AAA Profile 251

Applying Policies to Gateway Interfaces 252

Applying Policies for VLANs on Access Ports 252

Applying Policies for VLANs on Trunk Ports 253

Applying Route ACLs for VLAN Interfaces 253

Assigning AAA profile to VLAN Interfaces for Role Assignment 254

Configuring Aruba Gateways for Certificate-Based Authentication 254

Adding Certificates to Certificate Store in Aruba Central 255

Aruba SD-WAN Solution | User Guide Contents | 9

10 | Contents Aruba SD-WAN Solution | User Guide

Installing Certificates 255

Configuring Revocation Checkpoint 256

Configuring Aruba Gateways for SNMP-Based Reporting 258

Community String for SNMPv1 and SNMPv2 258

SNMP Trap Receivers 259

Viewing Configuration Status 259

Applying Configuration Changes 259

Auto Commit Workflow 259

Manual Commit Workflow 260

Viewing Configuration Overrides and Errors 260

Backing up and Restoring Configuration Templates 263

Managing Configuration Overrides 264

Configuration Overrides 264

Important Points to Note 264

Limitations 265

SDBranch Redundancy 266

Data Center Redundancy 266

VRRP Redundancy 266

Workflow for Configuring Redundant Gateways for High Availability 266

Configuring Aruba Gateways for Syslog Message Collection 271

Configuring Logging Levels 273

SD-WANOverlay Tunnel and Route Orchestration 274

Configuring Overlay Network Using SD-WANOrchestrator 274

Prerequisites 274

Configuration Steps 274

Additional Documents 277

Advertising Overlay Routes 277

Configuring Route Maps 277

Configuring a Prefix List 280

Redistributing Overlay Routes 280

Configuring Administrative Distance 281

Monitoring SD-WAN Overlay Tunnels and Routes 283

Overlay Route Orchestrator Summary 283

Overlay Route Orchestrator Topology 283

Route Details for Each Group and Device 284

Overlay Tunnel Orchestrator 286

Overlay Tunnel Orchestrator Summary 286

Overlay Tunnel Orchestrator Topology 287

Tunnel Details for Each Group and Device 287

Aruba SD-Branch Integration with Zscaler Cloud Security Service 290

Integrating SD-Branch with ZIA 291

Setting up Tunnels to ZIA 291

Additional References 293

Aruba SD-Branch Integration with Prisma Access 294

Deployment Scenarios 294

Branch Gateways to Prisma Access 294

Regional Hub to Prisma Access 295

Supported IKE and IPSec Cryptographic Profiles 296

Configuration Procedure 297

Configuring Prisma Access for Aruba SD-Branch Integration 297

Configuring Branch Gateways for Prisma Access Integration 297

Aruba SD-Branch Integration with Check Point 302

Supported IKE and IPsec Cryptographic Profiles 302

Configuration Steps 302

Configuring Check Point for SD-Branch Integration 303

Configuring Aruba Gateways for Integration with Check Point 305

Aruba SD-Branch Integration with Symantec WSS 311

Integration Overview 311

Role-Based and Application-Based Routing 312

Branch Gateway to WSS 312

Supported IKE and IPSec Cryptographic Profiles 313

Configuration Steps 314

Configuring WebSecurity Service for SD-Branch Integration 314

Configuring Aruba Gateways for Integration with WSS 316

Configuring a Microbranch with Instant APs 322

Configuring Instant APs for Micro Branch Solution 322

VPNConcentrators for Micro Branch Solution 322

Configuring Instant AP VPN Pool for Aruba Gateways 322

Authentication Servers 323

Redistributing Branch Subnets 324

Configuring Support for Aruba VIA Service 325

Configuring VIA 325

Provisioning Gateways Using ConfigurationTemplates 335

Important Points to Note 335

Configuring Gateways Using a Template 335

Monitoring SD Branch 343

Gateways 343

Aruba SD-WAN Solution | User Guide Contents | 11

12 | Contents Aruba SD-WAN Solution | User Guide

Page Views 343

Gateway Details Page 344

Gateways—Overview Tab 345

Gateway—WAN Tab 348

Gateways—LAN Tab 354

Gateways—Tunnels Tab 359

Gateways—Routing Tab 361

Gateways—Path Steering Tab 373

Application Visibility 375

Gateways—Sessions Tab 376

Deleting an Offline Gateway 378

Network Health for Gateways 379

Page Views 379

WAN Health 381

WAN - Gateways Site Health 382

Topology 383

Before You Begin 383

Viewing the Topology Map 384

Grouping VPN Concentrators 384

Example of a Topology Map: 384

Details and Filter Pane 385

Alerts for Gateways and WAN Events 387

Types of Alerts 387

Configuring Alerts 389

Viewing and Acknowledging Alerts 389

Viewing Enabled Alerts 390

Gateway Reports 390

Types of Gateway Reports 391

Creating a Report 393

Generated Reports 394

Viewing Generated Reports 394

Editing a Report 394

Deleting Report 395

Exporting a Report 395

Maintenance 396

Troubleshooting Devices 396

Updating Software Images on Aruba Gateways 396

Feature Availability Across Multiple Software Versions 396

Upgrading Software 397

Configuring Aruba Gateways for Syslog Message Collection 398

Configuring Logging Levels 399

APIs 401

Aruba SD-WAN Solution | User Guide Contents | 13

Chapter 1

About This Document

This user guide describes the Aruba Software-Defined WAN (SD-WAN)Solution and provides detailed

instructions for setting up, configuring, and managing SD-WAN Gateways from Aruba Central.

Intended Audience

This guide is intended for network administrators who manage and monitor branch networks.

Related Documents

In addition to this document, see the following documents for more details on the SD Branch devices and

Aruba Central:

nAruba Central Help Center

nArubaOS User Guide

nHPE-ArubaOS Switch Management and Configuration Guide

nAruba ClearPass Policy Manager User Guide

Conventions

Table 1 lists the typographical conventions used throughout this guide to emphasize important concepts:

Type Style Description

Italics This style is used to emphasize important terms and to mark the titles of books.

System items This fixed-width font depicts the following:

nSample screen output

nSystem prompts

Bold nKeys that are pressed

nText typed into a GUI element

nGUI elements that are clicked or selected

Table 1: Typographical Conventions

The following informational icons are used throughout this guide:

Indicates helpful suggestions, pertinent information, and important things to remember.

Indicates a risk of damage to your hardware or loss of data.

Indicates a risk of personal injury or death.

Aruba SD-WAN Solution | User Guide About This Document | 14

15 | About This Document Aruba SD-WAN Solution | User Guide

Contacting Support

Main Site arubanetworks.com

Support Site support.arubanetworks.com

Airheads Social Forums and Knowledge

Base

community.arubanetworks.com

North American Telephone 1-800-943-4526 (Toll Free)

1-408-754-1200

International Telephone arubanetworks.com/support-services/contact-support/

Software Licensing Site lms.arubanetworks.com

End-of-life Information arubanetworks.com/support-services/end-of-life/

Security Incident Response Team Site: arubanetworks.com/support-services/security-bulletins/

Email: aruba-sirt@hpe.com

Table 2: Contact Information

Chapter 2

Aruba SD-Branch Solution

The Aruba SD Branch solution offers the best-in-class wireless and wired infrastructure and management

orchestration features with the SD-WAN capabilities. The SD Branch solution extends the SD-WAN concept to

all elements in the branch to deliver a full stack solution that addresses the business challenges of distributed

enterprises. Coupled with Aruba Central, the solution provides a cloud-hosted environment for simplified

operations and improved agility.

Why SD-WAN?

A traditional branch setup supports client connectivity requirements across different geographical locations for

various types of business operations. The sites in remote geographical locations serve as branch offices, while

the headquarters or main office serves as a data center that hosts network resources to store, manage, and

distribute data. The main office also hosts a centralized Virtual Private Network(VPN) management system to

aggregate traffic from the remote branch sites. A Wide Area Network (WAN) —with Multiprotocol Label

Switching (MPLS), T1, T3, Broadband, or Cellular links—is used for connecting multiple local area networks to a

central corporate network or data centers separated by distance.

Due to an increase in the number of client devices at the remote sites and the new bandwidth requirements,

branch office networks are expected rapidly scale to provide uninterrupted user experience. A traditional

branch infrastructure with multiple appliances, different operating systems, and management tools only adds

to the cost, involves a maintenance overhead, and demands skilled IT personnel.

The Aruba SD-WANsolution simplifies your branch deployments with a single management interface for

administering, managing, and monitoring your branch networks. It also provides a unified policy enforcement

framework with operational ease.

Key Features and Benefits

The SD-WANsolution comes with the following key capabilities:

nZero Touch Provisioning of devices— Ability to self-provision without operator's intervention.

nCentralized overlay management and control— A single cloud-based network management interface for

managing and monitoring SDBranch devices. Aruba Central, the cloud based network management system,

supports unified management of SDbranch devices with ZTP and hierarchical configuration.

nIPsec based Automatic VPN Tunnels—Support for high-performance and automatic IPsec VPN for secure

overlay networking.

nUnified security policy for wired, wireless, and WAN—Support for a common security policy framework

based on user roles for WAN, WLAN, and LAN users.

nDynamic path selection—Support for dynamically steering traffic or a service request to the best available

path. For example, you can configure a policy to dynamically route the real-time voice and video traffic on

the link with the lowest latency and jitter, and the bulk file traffic on the link with the maximum bandwidth.

nDeep Packet Inspection and Web Content Classification—Support for monitoring and analyzing application

usage by clients.

nVisibility, analytics, and troubleshooting—Dashboards for monitoring branch health, device performance,

and client connectivity metrics. Alerts, reports, and audit trails for monitoring and troubleshooting network

performance issues.

nPolicy-based Routing—In addition to the traditional destination-based routing, the SD Branch devices

Aruba SD-WAN Solution | User Guide Aruba SD-Branch Solution | 16

17 | Aruba SD-Branch Solution Aruba SD-WAN Solution | User Guide

support routing client traffic based on user role or type of application, For example, traffic generated from

the guest devices can be routed directly to the internet, while traffic from the employees can be routed to

the MPLS network.

How It Works

The SD-WAN solution includes a new set of devices called Aruba Gateways that inter-operate Aruba Switches

and Instant APs to provide a full-fledged WAN architecture.

Based on the size of your branch setup, you can choose device combination that best suits your requirement:

nMedium to large branches—For branches that require more than 24 ports, you can use a combination of

Branch Gateways and one or more Aruba switches at the branch site, with Aruba7200 SeriesMobility

Controller as VPNConcentrator at the data center.

nSmall to medium branches—For branches that require less than 24 ports (including all WANandLANports),

you can deploy Branch Gateways at the branch sites, with Aruba7200 SeriesMobility Controller as

VPNConcentrator at the data center.

nMicro branches—For micro branches, you can deploy an Instant AP cluster at the branch site, with

Aruba7200 SeriesMobility Controller as the VPNConcentrator at the data center.

Figure 1 shows a typical deployment topology of an SD Branch with Branch Gateways and a micro branch with

Instant APs:

Figure 1 SD Branch Topology

Figure 2 illustrates the communication flow between Aruba Central, branch sites, and data center.

Figure 2 Aruba Central and Cloud Communication

Figure 3 shows all elements in an SD Branch and the SD-WANdata flow.

Figure 3 Aruba SD-WANData Flow

Aruba SD-WAN Solution | User Guide Aruba SD-Branch Solution | 18

19 | Aruba SD-Branch Solution Aruba SD-WAN Solution | User Guide

What are the Solution Requirements?

The ArubaGateways are the most important components of the Aruba SD-Branch Solution. The SD-WAN

Gateway portfolio includes Aruba7000 Series and Aruba7200 SeriesMobility Controllers that function as

Branch Gateways and VPNConcentrators respectively.

The following sections list the supported hardware platforms and minimum software versions required for

setting up an SD-Branch.

At the Branch Site

Table 3 shows the list of hardware and software requirements for a branch site:

SD Branch Component Hardware Platforms Minimum Software

Version

Branch Gateways Aruba7000 SeriesMobility

Controller

ArubaOS 8.1.0.0-1.0.0.0

Aruba Switches function with Branch Gateways to

detect and isolate rogue APs, and blacklist rogue

devices.

Aruba 3810 Switch Series KB.16.05.0007 or later

Aruba 5400R Switch Series KB.16.05.0007 or later

Aruba 2920 Switch Series WB.16.05.0007 or later

Aruba 2930F Switch Series WC.16.05.0007 or later

Instant APs function as VPNclients at branch sites. The

client data traffic from these APs are aggregated by

the VPN Concentrator located at the data center

Aruba310 Series and 300

SeriesInstant APs

ArubaInstant 6.5.3.x

ArubaInstant 8.3.0.0 or

later

Table 3: SD Branch Site Devices

At the Data Center

At the data center, you can deploy Aruba7200 SeriesMobility Controller as VPNConcentrator. For data center

redundancy, you can deploy two VPNconcentrators in the active-standby or active-active mode.

SD-Branch Component Hardware Platform Minimum Software

Version

VPNC—A VPN Concentrator functions as a

VPNmanagement system that aggregates data

traffic from the branches and terminates IPsec

VPNtunnels.

Aruba7200 SeriesMobility

Controllers ArubaOS 8.1.0.0-1.0.0.0

Virtual Gateway—The headend gateway at the

enterprise data center can be hosted as a virtual

appliance. The virtualised instance enterprise data

center gateway in public or private cloud is referred

to as Virtual Gateway. Aruba Virtual Gateways

function as VPNConcentrators.

Aruba Virtual Mobility

Controller

ArubaOS8.1.0.0-1.0.4.1

Table 4: Data Center

In the Cloud

A valid Aruba Central subscription is required to avail cloud-based administration, management, configuration

and monitoring of SD branch components such as Branch Gateways, VPN Concentrators, Instant APs, and

Aruba Switches.

How Do I Get Started?

To start using the SD-WAN solution, complete the steps described in the Getting Started section.

Supported Aruba Gateways

The Aruba SD-WAN Gateway portfolio includes Aruba Gateways that function as Branch Gateways and

VPNConcentrators.

The following tables list the Aruba Gateway platforms and the ArubaOS software versions supported in Aruba

Central:

Platform

Minimum

Supported Software

Version

Latest Software Version

Recommended

Software

Version

Aruba7210,

7220, and

7240

ArubaOS 8.5.0.0-2.0.0.0 ArubaOS 8.5.0.0-2.0.0.0 ArubaOS 8.5.0.0-

2.0.0.0

Aruba 9012 ArubaOS 8.5.0.0-2.0.0.0 ArubaOS 8.5.0.0-2.0.0.0 ArubaOS 8.5.0.0-

2.0.0.0

Aruba 9004 ArubaOS 8.5.0.0-1.0.7.0 ArubaOS 8.5.0.0-2.0.0.0 ArubaOS 8.5.0.0-

1.0.7.1

Aruba7005 ArubaOS 8.1.0.0-1.0.0.0 ArubaOS 8.5.0.0-2.0.0.0 ArubaOS 8.4.0.0-

1.0.6.1

Aruba7008 ArubaOS 8.1.0.0-1.0.0.0 ArubaOS 8.5.0.0-2.0.0.0 ArubaOS 8.4.0.0-

1.0.6.1

Aruba7010 ArubaOS 8.1.0.0-1.0.0.0 ArubaOS 8.5.0.0-2.0.0.0 ArubaOS 8.4.0.0-

1.0.6.1

Aruba7024 ArubaOS 8.1.0.0-1.0.0.0 ArubaOS 8.5.0.0-2.0.0.0 ArubaOS 8.4.0.0-

1.0.6.1

Aruba7030 ArubaOS 8.1.0.0-1.0.0.0 ArubaOS 8.5.0.0-2.0.0.0 ArubaOS 8.4.0.0-

1.0.6.1

Table 5: Supported Aruba Branch Gateways

Aruba SD-WAN Solution | User Guide Aruba SD-Branch Solution | 20

Page is loading ...

Aruba Central User guide

This manual is also suitable for

Aruba Central User guide

Related papers

Other documents