Aruba Central, Central 2.5.0 SD-WAN Solution User guide

  • Hello! I'm your chat assistant and I have thoroughly analyzed the Aruba SD-WAN Solution User Guide. This document provides detailed instructions on setting up, configuring, and managing SD-WAN Gateways, including Aruba 7000, 7200 and 9000 Series Gateways, and Virtual Gateways. I'm ready to answer your questions about features like zero-touch provisioning, automatic VPN tunnels, dynamic path selection, and much more. Feel free to ask me anything related to the device and its implementation.
  • What is the purpose of Aruba SD-WAN solution?
    What is an Aruba Gateway?
    What are the key capabilities of the SD-WAN solution?
    What are the types of subscriptions for Gateways?
    What is the purpose of groups in Aruba Central??
Aruba
SD-WAN Solution
User Guide
Revision 02 | May 2020 Aruba SD-WAN Solution | User Guide
Copyright Information
© Copyright 2020 Hewlett Packard Enterprise Development LP.
Open Source Code
This product includes code licensed under the GNU General Public License, the GNU Lesser General Public
License, and/or certain other open source licenses. A complete machine-readable copy of the source code
corresponding to such code is available upon request. This offer is valid to anyone in receipt of this information
and shall expire three years following the date of the final distribution of this product version by Hewlett
Packard Enterprise Company. To obtain such source code, send a check or money order in the amount of US
$10.00 to:
Hewlett Packard Enterprise Company
6280 America Center Drive
San Jose, CA 95002
USA
Contents
Contents 3
About This Document 14
Intended Audience 14
Related Documents 14
Conventions 14
Contacting Support 15
Aruba SD-Branch Solution 16
Why SD-WAN? 16
Key Features and Benefits 16
How It Works 17
What are the Solution Requirements? 19
How Do I Get Started? 20
Supported Aruba Gateways 20
Getting Started 22
Onboarding Devices to Aruba Central 22
Manually Adding Devices to Inventory 23
Assigning Subscriptions to Aruba Gateways 23
Gateway Subscriptions 23
Assigning Subscriptions to Gateways 24
Virtual Gateway Subscriptions 24
Assigning Gateways to a Group 25
Aruba Gateway Groups for SD-WAN Deployments 25
Assigning Gateways to a Group 25
Assigning Devices to Sites 26
Assigning Labels 26
Assigning a Group Role to an Aruba Gateway Group 27
Connecting Aruba Gateways to Aruba Central 27
Configuring Communication Ports 28
Certificates 29
Uploading Certificates 29
Managing Certificates on Instant APs Configured Using Templates 30
Provisioning Aruba Gateways in Aruba Central 31
Different Modes of Configuring Gateways and Gateway Groups 31
Configuring Branch Gateway Groups Using the Guided Setup 32
Before You Begin 32
Aruba SD-WAN Solution | User Guide Contents | 3
4| Contents Aruba SD-WAN Solution | User Guide
Configuring a Branch Gateway Group using the Guided Setup 32
Step 1: Configuring System Parameters for a Branch Gateway Group 33
Step 2: Configuring a LAN Interface for a Branch Gateway Group 35
Step 3: Configuring a WAN Interface for a Branch Gateway Group 36
Step 4: Configuring VPN Hubs and Routing Profiles for a Branch Gateway Group 38
Step 5: Configuring Policies for a Branch Gateway Group 38
Configuring Branch Gateways Using the Guided Setup 44
Before You Begin 44
Configuring a Branch Gateway Device in the Guided Setup 44
Step 1: Configuring a System IP Address for a Branch Gateway 44
Step 2: Configuring a LAN Interface for a Branch Gateway 45
Step 3: Configuring a WAN Interface for a Branch Gateway 46
Step 4: Configuring Routing Profiles for a Branch Gateway 48
Step 5: Configuring LANRedundancy for High Availability 49
Configuring VPN Concentrator Group Using the Guided Setup 49
Before You Begin 49
Configuring a VPNC Group in the Guided Setup 49
Initiating the Guided Setup 50
Configure Overlay Routing 56
Configuring VPN Concentrators Using the Guided Setup 57
Before You Begin 57
Configuring a VPN Concentrator in the Guided Setup 57
Initiating the Guided Setup 57
Step 1: Configuring a System IP Address for a VPN Concentrator 58
Step 2: Configuring a LAN Interface for a VPNCGroup 58
Step 3: Configuring a WAN Interface for a VPN Concentrator 59
Configuring OSPF 63
Configuring BGP 63
Configure Overlay Routing 65
Deploying Aruba Virtual Gateways 66
Deploying Aruba Virtual Gateways in AWS 66
Virtual Gateway Sizing 67
Features Supported by Virtual Gateway 67
Virtual Gateway Redundancy 67
Software Image for Virtual Gateways 67
Deployment Procedure 67
Additional References 67
Deploying Aruba Virtual Gateways in AWS (Managed Mode) 68
Orchestration Workflow 68
Setting up a Virtual Gateway Instance using the Orchestration Service 69
Deploying Aruba Virtual Gateways in AWS (Unmanaged Mode) 81
Step 1Set up Virtual Gateway Instance on AWS 81
Step 2Generate User Data in Aruba Central 85
Step 2Generate User Data in Aruba Central 86
Step 3Upload the User Data to the Virtual Gateway Instance in AWS Instance 87
Step 4Verify the Instantiation Status 87
Troubleshooting Deployment Issues 87
Provisioning Virtual Gateways to Groups 88
Monitoring Virtual Gateways 88
Deploying Aruba Virtual Gateway in Microsoft Azure (Managed Mode) 88
Setting up a Virtual Gateway Instance using the Orchestration Service 88
Deployment Procedure 89
Registering a New Application in Azure 89
Creating a Client Secret 90
Adding the Application Permissions 91
Setting up Access control and Role Assignments 92
Viewing the Application IDs 93
Creating a Resource Group 93
Creating a VNET 94
Creating a Storage Account 95
Configuring containers 96
Uploading the Aruba Virtual Gateway Software Image 97
Creating SSH keys 97
Creating a Security group 98
Adding a Cloud Provider Account in Aruba Central 99
Deploying the Virtual Gateway 100
Licensing Confirmation 103
Verifying the Deployment Status 103
Deploying Aruba Virtual Gateway in Microsoft Azure (Unmanaged Mode) 103
Virtual Machine Sizing Recommendations 104
Deployment Procedure 104
Step 1Creating a Resource Group 105
Step 2Creating a Storage Account 106
Step 3Creating a VNET 107
Step 4Creating a Network Security Group 109
Step 5—Creating Security Rules 110
Step 6—Configuring Subnets 112
Step 7—Creating Network Interfaces 116
Step 8Assigning a Public IP Address to NIC2 118
Aruba SD-WAN Solution | User Guide Contents | 5
6| Contents Aruba SD-WAN Solution | User Guide
Step 9Uploading the Aruba Virtual Gateway Software Image 119
Step 10—Creating Image and Data Disk 121
Step 11—Setting up a Virtual Machine 123
Step 12Creating SSH Key Pairs 124
Step 13—Generating User Data in Aruba Central 125
Verifying the Deployment Status 127
Configuring an SD-Branch Network Using the Advanced Setup 128
Configuration Checklist 128
Configuring Address Pools for Aruba Gateways 128
Configuring Gateway Pools for Aruba Gateways 129
Configuring DHCP Address Pools on Aruba Gateways 130
Creating a DHCP Pool 130
Excluding IP Address Range 131
Reserving IPaddresses 131
Configuring NAT Pools 132
Creating a NAT Pool 132
Creating a Static 1:1 NAT 132
Configuring Tunnel Pools for Aruba Gateways 133
Uploading Bulk Configuration Template 134
Configuring System Information on Aruba Gateways 134
Configuring Hostname 134
Configuring System IP Address 134
Configuring a Loopback Interface 135
Setting System Clock and Time Zone 136
Configuring Domain Name System 137
Configuring Redirect DNS Servers 137
Configuring Dynamic Domain Name System 138
Setting Capacity Threshold 139
Configuring Device Administrator Credentials for Aruba Gateways 139
Configuring Switching Parameters 143
Configuring AMON Receivers for Aruba Gateways 144
Configuring VLANs on Aruba Gateways 145
Adding VLANs for Aruba Gateways 145
Configuring VLANs for WAN Interfaces 146
Configuring VLANs for LAN Interfaces 146
Configuring Other Parameters for VLAN 147
Configuring SLB using NAT 149
Configuring Health-Check Profile 149
Configuring a SLB Server Group 150
Configuring a SLB Server 150
Configuring Ports 151
Adding Ports 152
Configuring Ports for WAN Interfaces 152
Configuring Ports for LAN Interfaces 153
Configuring Other Parameters for Port 154
Configuring Uplinks 156
Uplink Load Balancing 156
WAN Bandwidth Optimization 156
Configuring Uplink Interfaces on Branch Gateways 157
Configuring Uplink Interfaces on VPNConcentrators 158
Enabling WAN Health Check Probes 159
Monitoring WANHealth 160
Configuring WAN Interface Bandwidth Priorities 160
Creating a WAN Scheduler Profile 160
Configuring the SD-WAN Overlay Network 162
Configuration Recommendations 163
Configuring Overlay Tunnels Automatically 164
Manually Configuring Hub and Spoke VPN 164
Enabling Automatic Whitelisting of Gateways 164
Enabling Automatic Whitelisting of Branch Gateway on a VPN Concentrator 164
Enabling Automatic Whitelisting on Branch Gateways 165
Whitelisting Gateways Manually 165
Adding a VPNEndpoint on Branch Gateways 165
Adding Branch Gateways on VPNConcentrators 166
Advertising Branch Subnets to Hub Sites 167
Monitoring VPNTunnels 167
Configuring Site-to-Site VPN 168
Configuring IPsec Map for Site-to-Site VPNs 168
Enabling Dead Peer Detection 171
Configuring Dead Peer Detection Parameters 171
Configuring Site-to-Site VPN with GRE Tunnel 172
Configuring GRE Tunnels 172
Directing Traffic into the GRE Tunnel 177
Configuring Static Routes 177
Configuring a Firewall Policy Rule 177
Configuring IKE Policies 177
Configuring IKEv1 Policies and Dynamic Maps 177
Configuring IKEv2 Policies and Dynamic Maps 180
Routing 182
Aruba SD-WAN Solution | User Guide Contents | 7
8| Contents Aruba SD-WAN Solution | User Guide
Dynamic Routing 183
Underlay Routing 183
Overlay Routing 183
Routes Configuration on Aruba Gateways 184
Configuring Static IP Routes 184
Creating a Static IP Route 184
Configuring Static Default Gateways 185
Configuring Default Gateways for Dynamic Routing 185
Routes Advertisement Using OSPF 186
OSPF Areas 186
Best Practices for OSPF Configuration 186
Workflow for Configuring OSPF Routing on VPNConcentrators 186
Enabling OSPFConfiguration 187
Configuring a Prefix List 187
Configuring Route Maps 188
Configuring Route Redistribution Criteria 191
Enabling OSPF Configuration on VLANInterfaces 192
Enabling OSPF on the Layer-3 GRETunnel Interface 193
Configuring Administrative Distance 193
Advertising Routes Using BGP 196
Configuring BGP Routing on Aruba Gateways 197
Enabling BGP 197
Configuring a Prefix List 198
Configuring an IP Community List 199
Configuring Route Maps 200
Adding BGP Neighbors 203
Advertising Networks to BGP 204
Configuring Redistribution Rules for BGP Routes 205
Configuring BGP Timers 206
Configuring Multipath Selection 206
Configuring Graceful Restart 207
Configuring Administrative Distance 207
Configuring BGP over an IPsec Tunnel 207
Configuring Policies for PBR 210
PBRPolicies for WANNetworks 211
Configuring Policies for Dynamic Path Steering 213
How Dynamic Path Selection Works 214
Configuring a Dynamic Path Steering Policy 214
SaaS Application Traffic Management with SaaS Express 217
Criteria for SaaS Express Optimal Path 217
Supported Deployment Scenarios 218
Workflow for SaaS Express Configuration 219
Configuring Aruba Gateways for Application Visibility and Control 222
Using Deep Packet Inspection 223
Filtering URLs Based on Website Content and Reputation 225
Enforcing a Common Security Policy for Wired and Wireless Users 229
Configuring Firewall Policies and ACLs 229
Firewall Policies for SD Branch 229
Types of ACLs 230
Configuring Aliases for Firewall Policies 230
Creating a Firewall Policy for Network Services 231
Configuring Access Rules 232
Configuring ACLs for Deep Packet Inspection 233
Creating ACLs for Application Access Control 234
Configuring ACLs for Web Content Classification 235
Configuring Global Firewall Parameters 236
Advanced Monitoring Parameters 240
Configuring User Roles for Clients 240
Creating a Role 241
Assigning a Policy to a Role 241
Assigning User Roles in AAA Profiles 241
Configuring a Default Role Based on Authentication Methods 242
Configuring Bandwidth Contracts 243
Configuring Authentication Profiles 244
Configuring RADIUS Authentication Server on Aruba Gateways 244
Configuring an RFC3576 Server 246
Configuring Other External Authentication Servers on Aruba Gateways 246
Configuring an LDAP Server 246
Configuring a TACACS+ Server 248
Configuring a Windows Server 249
Configuring XML API Server 250
Configuring Server Groups 250
Creating a AAA Profile 251
Applying Policies to Gateway Interfaces 252
Applying Policies for VLANs on Access Ports 252
Applying Policies for VLANs on Trunk Ports 253
Applying Route ACLs for VLAN Interfaces 253
Assigning AAA profile to VLAN Interfaces for Role Assignment 254
Configuring Aruba Gateways for Certificate-Based Authentication 254
Adding Certificates to Certificate Store in Aruba Central 255
Aruba SD-WAN Solution | User Guide Contents | 9
10 | Contents Aruba SD-WAN Solution | User Guide
Installing Certificates 255
Configuring Revocation Checkpoint 256
Configuring Aruba Gateways for SNMP-Based Reporting 258
Community String for SNMPv1 and SNMPv2 258
SNMP Trap Receivers 259
Viewing Configuration Status 259
Applying Configuration Changes 259
Auto Commit Workflow 259
Manual Commit Workflow 260
Viewing Configuration Overrides and Errors 260
Backing up and Restoring Configuration Templates 263
Managing Configuration Overrides 264
Configuration Overrides 264
Important Points to Note 264
Limitations 265
SDBranch Redundancy 266
Data Center Redundancy 266
VRRP Redundancy 266
Workflow for Configuring Redundant Gateways for High Availability 266
Configuring Aruba Gateways for Syslog Message Collection 271
Configuring Logging Levels 273
SD-WANOverlay Tunnel and Route Orchestration 274
Configuring Overlay Network Using SD-WANOrchestrator 274
Prerequisites 274
Configuration Steps 274
Additional Documents 277
Advertising Overlay Routes 277
Configuring Route Maps 277
Configuring a Prefix List 280
Redistributing Overlay Routes 280
Configuring Administrative Distance 281
Monitoring SD-WAN Overlay Tunnels and Routes 283
Overlay Route Orchestrator Summary 283
Overlay Route Orchestrator Topology 283
Route Details for Each Group and Device 284
Overlay Tunnel Orchestrator 286
Overlay Tunnel Orchestrator Summary 286
Overlay Tunnel Orchestrator Topology 287
Tunnel Details for Each Group and Device 287
Aruba SD-Branch Integration with Zscaler Cloud Security Service 290
Integrating SD-Branch with ZIA 291
Setting up Tunnels to ZIA 291
Additional References 293
Aruba SD-Branch Integration with Prisma Access 294
Deployment Scenarios 294
Branch Gateways to Prisma Access 294
Regional Hub to Prisma Access 295
Supported IKE and IPSec Cryptographic Profiles 296
Configuration Procedure 297
Configuring Prisma Access for Aruba SD-Branch Integration 297
Configuring Branch Gateways for Prisma Access Integration 297
Aruba SD-Branch Integration with Check Point 302
Supported IKE and IPsec Cryptographic Profiles 302
Configuration Steps 302
Configuring Check Point for SD-Branch Integration 303
Configuring Aruba Gateways for Integration with Check Point 305
Aruba SD-Branch Integration with Symantec WSS 311
Integration Overview 311
Role-Based and Application-Based Routing 312
Branch Gateway to WSS 312
Supported IKE and IPSec Cryptographic Profiles 313
Configuration Steps 314
Configuring WebSecurity Service for SD-Branch Integration 314
Configuring Aruba Gateways for Integration with WSS 316
Configuring a Microbranch with Instant APs 322
Configuring Instant APs for Micro Branch Solution 322
VPNConcentrators for Micro Branch Solution 322
Configuring Instant AP VPN Pool for Aruba Gateways 322
Authentication Servers 323
Redistributing Branch Subnets 324
Configuring Support for Aruba VIA Service 325
Configuring VIA 325
Provisioning Gateways Using ConfigurationTemplates 335
Important Points to Note 335
Configuring Gateways Using a Template 335
Monitoring SD Branch 343
Gateways 343
Aruba SD-WAN Solution | User Guide Contents | 11
12 | Contents Aruba SD-WAN Solution | User Guide
Page Views 343
Gateway Details Page 344
Gateways—Overview Tab 345
GatewayWAN Tab 348
Gateways—LAN Tab 354
Gateways—Tunnels Tab 359
Gateways—Routing Tab 361
Gateways—Path Steering Tab 373
Application Visibility 375
Gateways—Sessions Tab 376
Deleting an Offline Gateway 378
Network Health for Gateways 379
Page Views 379
WAN Health 381
WAN - Gateways Site Health 382
Topology 383
Before You Begin 383
Viewing the Topology Map 384
Grouping VPN Concentrators 384
Example of a Topology Map: 384
Details and Filter Pane 385
Alerts for Gateways and WAN Events 387
Types of Alerts 387
Configuring Alerts 389
Viewing and Acknowledging Alerts 389
Viewing Enabled Alerts 390
Gateway Reports 390
Types of Gateway Reports 391
Creating a Report 393
Generated Reports 394
Viewing Generated Reports 394
Editing a Report 394
Deleting Report 395
Exporting a Report 395
Maintenance 396
Troubleshooting Devices 396
Updating Software Images on Aruba Gateways 396
Feature Availability Across Multiple Software Versions 396
Upgrading Software 397
Configuring Aruba Gateways for Syslog Message Collection 398
Configuring Logging Levels 399
APIs 401
Aruba SD-WAN Solution | User Guide Contents | 13
Chapter 1
About This Document
This user guide describes the Aruba Software-Defined WAN (SD-WAN)Solution and provides detailed
instructions for setting up, configuring, and managing SD-WAN Gateways from Aruba Central.
Intended Audience
This guide is intended for network administrators who manage and monitor branch networks.
Related Documents
In addition to this document, see the following documents for more details on the SD Branch devices and
Aruba Central:
nAruba Central Help Center
nArubaOS User Guide
nHPE-ArubaOS Switch Management and Configuration Guide
nAruba ClearPass Policy Manager User Guide
Conventions
Table 1 lists the typographical conventions used throughout this guide to emphasize important concepts:
Type Style Description
Italics This style is used to emphasize important terms and to mark the titles of books.
System items This fixed-width font depicts the following:
nSample screen output
nSystem prompts
Bold nKeys that are pressed
nText typed into a GUI element
nGUI elements that are clicked or selected
Table 1: Typographical Conventions
The following informational icons are used throughout this guide:
Indicates helpful suggestions, pertinent information, and important things to remember.
Indicates a risk of damage to your hardware or loss of data.
Indicates a risk of personal injury or death.
Aruba SD-WAN Solution | User Guide About This Document | 14
15 | About This Document Aruba SD-WAN Solution | User Guide
Contacting Support
Main Site arubanetworks.com
Support Site support.arubanetworks.com
Airheads Social Forums and Knowledge
Base
community.arubanetworks.com
North American Telephone 1-800-943-4526 (Toll Free)
1-408-754-1200
International Telephone arubanetworks.com/support-services/contact-support/
Software Licensing Site lms.arubanetworks.com
End-of-life Information arubanetworks.com/support-services/end-of-life/
Security Incident Response Team Site: arubanetworks.com/support-services/security-bulletins/
Email: aruba-sirt@hpe.com
Table 2: Contact Information
Chapter 2
Aruba SD-Branch Solution
The Aruba SD Branch solution offers the best-in-class wireless and wired infrastructure and management
orchestration features with the SD-WAN capabilities. The SD Branch solution extends the SD-WAN concept to
all elements in the branch to deliver a full stack solution that addresses the business challenges of distributed
enterprises. Coupled with Aruba Central, the solution provides a cloud-hosted environment for simplified
operations and improved agility.
Why SD-WAN?
A traditional branch setup supports client connectivity requirements across different geographical locations for
various types of business operations. The sites in remote geographical locations serve as branch offices, while
the headquarters or main office serves as a data center that hosts network resources to store, manage, and
distribute data. The main office also hosts a centralized Virtual Private Network(VPN) management system to
aggregate traffic from the remote branch sites. A Wide Area Network (WAN) —with Multiprotocol Label
Switching (MPLS), T1, T3, Broadband, or Cellular links—is used for connecting multiple local area networks to a
central corporate network or data centers separated by distance.
Due to an increase in the number of client devices at the remote sites and the new bandwidth requirements,
branch office networks are expected rapidly scale to provide uninterrupted user experience. A traditional
branch infrastructure with multiple appliances, different operating systems, and management tools only adds
to the cost, involves a maintenance overhead, and demands skilled IT personnel.
The Aruba SD-WANsolution simplifies your branch deployments with a single management interface for
administering, managing, and monitoring your branch networks. It also provides a unified policy enforcement
framework with operational ease.
Key Features and Benefits
The SD-WANsolution comes with the following key capabilities:
nZero Touch Provisioning of devices— Ability to self-provision without operator's intervention.
nCentralized overlay management and control— A single cloud-based network management interface for
managing and monitoring SDBranch devices. Aruba Central, the cloud based network management system,
supports unified management of SDbranch devices with ZTP and hierarchical configuration.
nIPsec based Automatic VPN Tunnels—Support for high-performance and automatic IPsec VPN for secure
overlay networking.
nUnified security policy for wired, wireless, and WAN—Support for a common security policy framework
based on user roles for WAN, WLAN, and LAN users.
nDynamic path selection—Support for dynamically steering traffic or a service request to the best available
path. For example, you can configure a policy to dynamically route the real-time voice and video traffic on
the link with the lowest latency and jitter, and the bulk file traffic on the link with the maximum bandwidth.
nDeep Packet Inspection and Web Content Classification—Support for monitoring and analyzing application
usage by clients.
nVisibility, analytics, and troubleshooting—Dashboards for monitoring branch health, device performance,
and client connectivity metrics. Alerts, reports, and audit trails for monitoring and troubleshooting network
performance issues.
nPolicy-based Routing—In addition to the traditional destination-based routing, the SD Branch devices
Aruba SD-WAN Solution | User Guide Aruba SD-Branch Solution | 16
17 | Aruba SD-Branch Solution Aruba SD-WAN Solution | User Guide
support routing client traffic based on user role or type of application, For example, traffic generated from
the guest devices can be routed directly to the internet, while traffic from the employees can be routed to
the MPLS network.
How It Works
The SD-WAN solution includes a new set of devices called Aruba Gateways that inter-operate Aruba Switches
and Instant APs to provide a full-fledged WAN architecture.
Based on the size of your branch setup, you can choose device combination that best suits your requirement:
nMedium to large branches—For branches that require more than 24 ports, you can use a combination of
Branch Gateways and one or more Aruba switches at the branch site, with Aruba7200 SeriesMobility
Controller as VPNConcentrator at the data center.
nSmall to medium branches—For branches that require less than 24 ports (including all WANandLANports),
you can deploy Branch Gateways at the branch sites, with Aruba7200 SeriesMobility Controller as
VPNConcentrator at the data center.
nMicro branches—For micro branches, you can deploy an Instant AP cluster at the branch site, with
Aruba7200 SeriesMobility Controller as the VPNConcentrator at the data center.
Figure 1 shows a typical deployment topology of an SD Branch with Branch Gateways and a micro branch with
Instant APs:
Figure 1 SD Branch Topology
Figure 2 illustrates the communication flow between Aruba Central, branch sites, and data center.
Figure 2 Aruba Central and Cloud Communication
Figure 3 shows all elements in an SD Branch and the SD-WANdata flow.
Figure 3 Aruba SD-WANData Flow
Aruba SD-WAN Solution | User Guide Aruba SD-Branch Solution | 18
19 | Aruba SD-Branch Solution Aruba SD-WAN Solution | User Guide
What are the Solution Requirements?
The ArubaGateways are the most important components of the Aruba SD-Branch Solution. The SD-WAN
Gateway portfolio includes Aruba7000 Series and Aruba7200 SeriesMobility Controllers that function as
Branch Gateways and VPNConcentrators respectively.
The following sections list the supported hardware platforms and minimum software versions required for
setting up an SD-Branch.
At the Branch Site
Table 3 shows the list of hardware and software requirements for a branch site:
SD Branch Component Hardware Platforms Minimum Software
Version
Branch Gateways Aruba7000 SeriesMobility
Controller
ArubaOS 8.1.0.0-1.0.0.0
Aruba Switches function with Branch Gateways to
detect and isolate rogue APs, and blacklist rogue
devices.
Aruba 3810 Switch Series KB.16.05.0007 or later
Aruba 5400R Switch Series KB.16.05.0007 or later
Aruba 2920 Switch Series WB.16.05.0007 or later
Aruba 2930F Switch Series WC.16.05.0007 or later
Instant APs function as VPNclients at branch sites. The
client data traffic from these APs are aggregated by
the VPN Concentrator located at the data center
Aruba310 Series and 300
SeriesInstant APs
ArubaInstant 6.5.3.x
ArubaInstant 8.3.0.0 or
later
Table 3: SD Branch Site Devices
At the Data Center
At the data center, you can deploy Aruba7200 SeriesMobility Controller as VPNConcentrator. For data center
redundancy, you can deploy two VPNconcentrators in the active-standby or active-active mode.
SD-Branch Component Hardware Platform Minimum Software
Version
VPNC—A VPN Concentrator functions as a
VPNmanagement system that aggregates data
traffic from the branches and terminates IPsec
VPNtunnels.
Aruba7200 SeriesMobility
Controllers ArubaOS 8.1.0.0-1.0.0.0
Virtual Gateway—The headend gateway at the
enterprise data center can be hosted as a virtual
appliance. The virtualised instance enterprise data
center gateway in public or private cloud is referred
to as Virtual Gateway. Aruba Virtual Gateways
function as VPNConcentrators.
Aruba Virtual Mobility
Controller
ArubaOS8.1.0.0-1.0.4.1
Table 4: Data Center
In the Cloud
A valid Aruba Central subscription is required to avail cloud-based administration, management, configuration
and monitoring of SD branch components such as Branch Gateways, VPN Concentrators, Instant APs, and
Aruba Switches.
How Do I Get Started?
To start using the SD-WAN solution, complete the steps described in the Getting Started section.
Supported Aruba Gateways
The Aruba SD-WAN Gateway portfolio includes Aruba Gateways that function as Branch Gateways and
VPNConcentrators.
The following tables list the Aruba Gateway platforms and the ArubaOS software versions supported in Aruba
Central:
Platform
Minimum
Supported Software
Version
Latest Software Version
Recommended
Software
Version
Aruba7210,
7220, and
7240
ArubaOS 8.5.0.0-2.0.0.0 ArubaOS 8.5.0.0-2.0.0.0 ArubaOS 8.5.0.0-
2.0.0.0
Aruba 9012 ArubaOS 8.5.0.0-2.0.0.0 ArubaOS 8.5.0.0-2.0.0.0 ArubaOS 8.5.0.0-
2.0.0.0
Aruba 9004 ArubaOS 8.5.0.0-1.0.7.0 ArubaOS 8.5.0.0-2.0.0.0 ArubaOS 8.5.0.0-
1.0.7.1
Aruba7005 ArubaOS 8.1.0.0-1.0.0.0 ArubaOS 8.5.0.0-2.0.0.0 ArubaOS 8.4.0.0-
1.0.6.1
Aruba7008 ArubaOS 8.1.0.0-1.0.0.0 ArubaOS 8.5.0.0-2.0.0.0 ArubaOS 8.4.0.0-
1.0.6.1
Aruba7010 ArubaOS 8.1.0.0-1.0.0.0 ArubaOS 8.5.0.0-2.0.0.0 ArubaOS 8.4.0.0-
1.0.6.1
Aruba7024 ArubaOS 8.1.0.0-1.0.0.0 ArubaOS 8.5.0.0-2.0.0.0 ArubaOS 8.4.0.0-
1.0.6.1
Aruba7030 ArubaOS 8.1.0.0-1.0.0.0 ArubaOS 8.5.0.0-2.0.0.0 ArubaOS 8.4.0.0-
1.0.6.1
Table 5: Supported Aruba Branch Gateways
Aruba SD-WAN Solution | User Guide Aruba SD-Branch Solution | 20
/