Aruba AWMS-HW-PRO User guide

Category
Software
Type
User guide

This manual is also suitable for

AirWave 8.3.0.1
User Guide
Copyright Information
© Copyright 2023 Hewlett Packard Enterprise Development LP
Open Source Code
This product includes code licensed under certain open source licenses which require source
compliance. The corresponding source for these components is available upon request. This
offer is valid to anyone in receipt of this information and shall expire three years following the
date of the final distribution of this product version by Hewlett Packard Enterprise Company. To
obtain such source code, please check if the code is available in the HPE Software Center at
https://myenterpriselicense.hpe.com/cwp-ui/software but, if not, send a written request for
specific software version and product for which you want the open source code. Along with the
request, please send a check or money order in the amount of US $10.00 to:
Hewlett Packard Enterprise Company
Attn: General Counsel
WW Corporate Headquarters
1701 E Mossy Oaks Rd Spring, TX 77389
United States of America.
AirWave 8.3.0.1 | User Guide Contents | iii
Contents
Contents iii
Introduction 7
What's New in AirWave 8.3.0.1 7
Contacting Support 8
Terminology Change 8
Discovering, Adding, and Auditing Devices 9
How to Set Up Device Discovery 9
Adding Devices into AirWave 13
Supported Devices 17
Verifying the Device Configuration 18
Authorizing Devices to AirWave from Devices > New Page 19
Ignoring Discovered Devices 19
Setting the Management Mode 21
Troubleshooting a Newly Discovered Down Device 21
Using Device Groups 24
Navigation Basics 24
Viewing Device Groups 25
Monitoring Device Groups 32
Configuring Basic Settings for Device Groups 36
Configuring AAA Servers for Device Groups 47
Configuring Security for Device Groups 48
Configuring SSIDs and VLANs for Device Groups 54
Configuring Group Radio Settings 58
Configuring Cisco WLC Device Groups 63
Configuring PTMP Settings for Device Groups 69
Configuring Proxim Mesh Radio Settings 70
Configuring Group MAC ACLs for Device Groups 72
Specifying the Minimum Firmware Version for Device Groups 73
Configuring AirWave Settings 76
Defining General AirWave Server Settings 76
Configuring Cisco WLSE and WLSE Rogue Scanning 131
Configuring ACS Servers 136
Integrating NMS Servers 137
PCI Compliance Monitoring 137
Deploying WMS Offload 140
Integrating External Servers 141
Using ZTP Orchestrator 142
Before You Begin 142
Minimum Requirements 142
Create ZTP Groups and Add Access Components 142
Create Groups for ZTP 142
Add ClearPass Policy Manager 143
Add Mobility Conductor 144
Add the ArubaOS-CX Switch 145
iv | Contents AirWave 8.3.0.1 | User Guide
Deployment Workflow 146
Deploying Mobility Controllers 146
Deploying ArubaOS-S Switches 146
Deployment Verification 148
Post Deployment 148
Monitoring the Network 149
Monitoring Basics 149
Monitoring Access Points, Mesh Devices, and Controllers 154
Monitoring ArubaOS-CX and Mobility Access Switches 175
Monitoring ArubaOS-Switches 182
Monitoring 7000 Controllers 201
Monitoring Controller Clusters 206
Monitoring Clients 209
Troubleshooting Client Issues 217
Configuring and Managing Devices 224
Moving a Device from Monitor Only to Manage Read/Write Mode 224
Configuring Device Settings 225
Adding a Maintenance Window for a Device 233
Creating Dynamic Variables 234
Configuring Device Interfaces for Switches 235
Individual Device Support and Firmware Upgrades 236
Using Configuration Templates 240
Group Templates 240
Viewing, Adding and Editing Templates 242
Configuring General Template Files and Variables 246
Configuring Templates for Aruba Instant 251
Configuring Templates for AirMesh 252
Configuring Cisco IOS Templates 253
Configuring Cisco Catalyst Switch Templates 255
Configuring Symbol Controller / HPE WESM Templates 255
Configuring a Global Template 257
Batch Command Result in XML Format 259
Using the Home Pages 260
Customizing the Dashboard 260
Monitoring Your Network Health 268
Monitoring Application Traffic 271
Using the UCC Dashboard 273
Viewing RF Performance 278
Viewing RFCapacity 279
Using the AirMatch Dashboard 281
Viewing Network Deviations 282
Using Clarity 284
Using Topology 292
Using the Mesh Dashboard 305
Working with Licenses 309
Configuring User Information and Customizing the WebUI 310
Using the System Pages 317
Checking the Status of AirWave Services 317
Viewing Device Events 319
Using the Event Log 320
Creating New Triggers 321
Types of Triggers 322
Viewing Triggers 334
About Alerts 336
Viewing System Alerts 337
Backing Up Your Data 339
Using the System > Configuration Change Jobs Page 339
Using the System > Firmware Upgrade Jobs Page 340
Viewing DRT Upgrade Jobs 341
Using the System > Performance Page 342
Creating, Running, and Sending Reports 346
What You Can Do With Reports 346
Sorting Reports 348
About the Default Reports 348
Creating Custom Reports 380
Viewing Generated Reports 384
Sending Reports 385
Using VisualRF 388
Features 389
Useful Terms 389
Starting VisualRF 390
Basic VisualRF Navigation 390
Advanced VisualRF Settings 395
Planning and Provisioning 402
Increasing Location Accuracy 418
Using VisualRF to Assess RF Environments 422
Importing and Exporting in VisualRF 426
Using the VisualRF Audit Log 428
VisualRF Location APIs 428
About VisualRF Plan 430
Using RAPIDS 432
Introduction to RAPIDS 432
Viewing RAPIDS Summary 433
Setting Up RAPIDS 433
Defining RAPIDS Rules 438
Viewing Rogues 445
Overview of the RAPIDS > Detail Page 448
Score Override 450
Using the Audit Log 451
Additional Resources 452
Using the Conductor Console 453
Using the Public Portal on Conductor Console 453
Adding a Managed AMP with the Conductor Console 454
Using Global Groups with Conductor Console 455
Using AirWave Failover for Backup 457
Using FIPS Encryption 458
Enabling FIPS 140-2 Approved Mode 458
AMP Command Line Interface 459
AirWave 8.3.0.1 | User Guide Contents | v
vi | Contents AirWave 8.3.0.1 | User Guide
CLI Access 459
VisualRF and Performance 460
How Floor Components Impact Performance 460
Identifying Performance Problems 460
Resolving Performance Problems 460
Chapter 1
Introduction
Introduction
AirWave is a network management platform that provides a single console where you can monitor,
analyze, and configure wired and wireless networks. Whether your network is simple or a large,
complex, multi-vendor installation, AirWave makes it easy to monitor your network with features like
AppRF, Clarity, and VisualRF.
What's New in AirWave 8.3.0.1
Update Description
Ethernet Port Profiles Enhancements AirWave 8.3.0.1 introduces the following enhancements for Ethernet
Port Profiles:
nRemoval of Default Option, Wired-SetMeUp
The default option, wired-SetMeUp in the Groups > [specific-iap-
group] > Instant Config >Assign wired profiles to Interfaces is
now removed from Enet0-port-profile.
nSupport for Assigning USB Wired Port Profiles
The Groups > [specific-iap-group] > Instant Config > Assign
wired profiles to Interfaces page now displays the option to
assign USB wired port profiles to IAPs USB ports.
For more information, see AirWave Instant Deployment Guide.
Support for AP-503 Series Access Points AirWave 8.3.0.1 introduces support for AP-503 access points. For
more information, see AirWave Supported Infrastructure Devices
document.
Support for AOS-CX 6200V2 and AOS-CX
8100 switches
AirWave 8.3.0.1 introduces support for AOS-CX 6200V2 and AOS-CX
8100 Switch Series. For more information, see AirWave Supported
Infrastructure Devices document.
Support for Max-IPv4 Users and Deny
Intra VLANTraffic
The Groups > [specific-iap-group] > Instant Config > Networks >
Wireless > Advanced Options > Miscellaneous page now displays
a dedicated field to show Max IPv4 users.
Support for the prefer-higher-band
value in Band Steering mode setting
The Groups >[specific-iap-group] >Instant Config >RF
>ARMpage now provides support for the prefer-higher-band value
in Band Steering mode.
Support for VIA Roles The Clients > VPN Users page now displays VIA roles.
Table 1: What's New in AirWave 8.3.0.1
AirWave 8.3.0.1 | User Guide 7
Contacting Support
Main Site arubanetworks.com
Support Site asp.arubanetworks.com
Airheads Social Forums and Knowledge
Base
community.arubanetworks.com
North American Telephone 1-800-943-4526 (Toll Free)
1-408-754-1200
International Telephone arubanetworks.com/support-services/contact-support/
Software Licensing Site lms.arubanetworks.com
End-of-life Information arubanetworks.com/support-services/end-of-life/
Security Incident Response Team (SIRT) Site: arubanetworks.com/support-services/security-bulletins/
Terminology Change
As part of advancing HPE's commitment to racial justice, we are taking a much-needed step in
overhauling HPE engineering terminology to reflect our belief system of diversity and inclusion.
Some legacy products and publications may continue to include terminology that seemingly
evokes bias against specific groups of people. Such content is not representative of our HPE
culture and moving forward, Aruba will replace racially insensitive terms and instead use the
following new language:
Usage Old Language New Language
Campus Access Points + Controllers Master-Slave Conductor-Member
Instant Access Points Master-Slave Conductor-Member
Switch Stack Master-Slave Conductor-Member
Wireless LAN Controller Mobility Master Mobility Conductor
Firewall Configuration Blacklist, Whitelist Denylist, Allowlist
Types of Hackers Black Hat, White Hat Unethical, Ethical
Chapter 2
Discovering, Adding, and Auditing
Devices
Discovering, Adding, and Auditing Devices
This chapter describes how to add devices, setup device discovery, and verify the device configurations.
It also describes how to troubleshoot a device that is down.
If the device reports both the IPv4 and IPv6 addresses on the device discovery, then the IPv6 address is
used for the management.
nHow to Set Up Device Discovery
nAdding Devices into AirWave
nVerifying the Device Configuration
nSetting the Management Mode
nIgnoring Discovered Devices
nTroubleshooting a Newly Discovered Down Device
How to Set Up Device Discovery
In order for AirWave to discover devices on your network, you must first enable SNMP/HTTP scanning
from the Device Setup > Discover page and then configure SNMP/HTTP scanning.
This page is only visible to users with the AirWave Administrator role or roles that have Allow
authorization of Devices enabled in AMP Setup > Roles.
This process includes:
nAdding Networks for SNMP/HTTP Scanning
nAdding Credentials for Scanning
nDefining a Scan Set
nRunning a Scan Set
Adding Networks for SNMP/HTTP Scanning
The first step when enabling SNMP/HTTP scanning for devices is to define the network segments to be
scanned.
To add networks for SNMP/HTTP scanning:
1. Go to the Device Setup > Discover page.
2. Scroll down to the Networks section, and click Add.
3. Enter a network name.
4. Enter the IP network range to be scanned. Or, enter the first IP address on the network.
5. Enter the network subnet mask. The largest subnet AirWave supports is 255.255.255.0.
6. Click Add.
AirWave 8.3.0.1 | User Guide 9
10 |AirWave 8.3.0.1 | User Guide
Figure 1 shows an example of adding a scan network called Accounting Network, where the network IP
address is 10.52.0.0, and the subnet mask is 255.255.255.0.
Figure 1 Adding a Scan Network
AirWave displays all network segments in the Network section of the Device Setup > Discover page.
Adding Credentials for Scanning
The next step in SNMP/HTTP device discovery is to define the scan credentials that govern scanning of a
given network. New devices inherit scan credentials from the System Credentials that you configure on
the Device Setup > Communications page.
Perform these steps to define scan credentials for SNMP/HTTP scanning:
1. Locate the Credentials section on the Device Setup > Discover page. (Scroll down if necessary.)
This page displays scan sets, networks, and credentials that have been configured so far, and
allows you to define new elements for device scanning.
2. To create a new scan credential, select the Add button to add a new scan credential.Figure 2
illustrates this page. (Note that you may have to scroll down the page again to view this section.)
Figure 2 Device Setup > Discover > Add/Edit New Scan Credential Section Illustration
3. Enter a name for the credential in the Name field (for example, Default). This field supports
alphanumeric characters (both upper and lower case), blank spaces, hyphens, and underscore
characters.
4. Choose the type of scan to be completed (SNMPv1, SNMPv2, or HTTP). In most cases, perform
scans using SNMP for device discovery, but consider the following factors in your decision:
nSNMPv1 and SNMP v2 differ between in their supported traps, supported MIBs, and network
query elements used in device scanning.
AirWave 8.3.0.1 | User Guide Discovering, Adding, and Auditing Devices | 11
nHTTP discovers devices using the HyperText Transfer Protocol in communications between
servers and additional network components. HTTP is not as robust in processing network events
as is SNMP, but HTTP may be sufficient, simpler, or preferable in certain scenarios.
oIf you selected SNMPv1 or SNMPv2, then define and confirm the Community String to be used
during scanning. In this section, the community string used can be either read-only or read/write
because AirWave only uses it for discovering devices. To bring devices under management,
AirWave uses the credentials supplied in the Device Setup > Communication SNMP section.
Once the device is authorized, it will use the non-scanning credentials.
oIf you selected HTTP for the type, then enter a user name and password for the scan credentials.
AirWave automatically appends the type of scan (SNMP or HTTP) to the Label.
5. Select Add after you have completed the previous steps. The Device Setup > Discover page
displays the new scan credential or credentials just created or edited.
6. Repeat these steps to add as many credentials as you require.
7. Once scan networks and scan credentials are defined, combine them by creating scan sets using
the next procedure: Defining a Scan Set.
Defining a Scan Set
After you have defined at least one network and one scan credential, you can create a scan set that
combines the two for device discovery.
To create a scan set.
1. Locate the Scan Set area at the top of the Device Setup > Discover page.
2. Select Add New Scan Set to see all scan components configured so far. If you wish to create a
new network, or new scanning credentials, you can select Add in either of these fields to create
new components prior to creating a scan set.
3. Select the network(s) to be scanned and the Credential(s) to be used. AirWave defines a unique
scan for each Network-Credential combination.
4. In the Automatic Authorization section, select whether to override the global setting in AMP
Setup> General and have New Devices be automatically authorized into the New Device List, the
same Group/Folder as the discovering devices, the same Group/Folder as the closest IP neighbor,
and/or a specified auto-authorization group and folder.
5. Select Add to create the selected scans, which then appear in a list at the top of the Device Setup
> Discover page.
6. To edit an existing scan, select the pencil icon next to the scan on the Device Setup > Discover
page.
7. When ready, proceed to the next task, Running a Scan Set.
Scheduling an HTTP scan to run daily on your network can help you to discover rogues. Some
consumer APs, like most D-Link, Linksys, and NetGear models, do not support SNMP and are found
only on the wired side with an HTTP scan. These devices are discovered only if they have a valid IP
address. Proper credentials are not required to discover these APs. Wireless scans discover these
rogues without any special changes.
Device Discovery Overview
12 |AirWave 8.3.0.1 | User Guide
After you have deployed AirWave on the network, the next step is to discover all existing devices
connected to your network. AirWave allows device discovery through SNMP/HTTP scanning and CDP
polling of Cisco switches and routers.
Running a Scan Set
Once a scan has been defined on the Device Setup > Discover page, AirWave can now scan for devices.
To run a scan set:
1. Browse to the Device Setup > Discover page and locate the list of all scan sets that have been
defined so far. Figure 3 illustrates this page.
Figure 3 Device Setup > Discover Executing a Scan Illustration
2. Check the box next to the scan(s) that you would like to execute.
3. Select Scan to execute the selected scans, and the scan immediately begins. The Stop column
indicates the scan is In Progress. Clicking this column heading will stop the scan(s).
4. For future scans, select the Show Scheduling Options link and enter the desired date and time
to schedule a future scan.
5. After several minutes have passed, refresh the browser page and view the results of the scan.
When the Start and Stop columns display date and time information, the scan is available to
display the results.
6. Select the pencil icon for the scan to display the results. Table 2 describes the scan results and
related information.
Column Description
Network Displays the network to be scanned.
Credentials Displays the credentials used in the scan.
Total Devices
Found
Displays the total number of APs detected during the scan that AirWave can
configure and monitor. Total includes both APs that are currently being managed
by AirWave as well as newly discovered APs that are not yet being managed.
New Devices
Found
Displays the number of discovered APs that are not yet managed, but are available.
Total Rogues
Found
Displays the total number of APs detected during the scan that AirWave could not
configure or monitor. Total includes both APs that have been discovered in earlier
scans as well as newly discovered APs from the most recent scan.
Table 2: Device Setup > Discover > Discovery Execution Fields
AirWave 8.3.0.1 | User Guide Discovering, Adding, and Auditing Devices | 13
Column Description
New Rogues
Found
Displays the number of rogue APs discovered on the most recent scan.
Start Displays the date and time the most recent scan was started.
Stop Displays the date and time the scan most recently completed.
Scheduled Displays the scheduled date and time for scans that are scheduled to be run.
7. Go to the Devices > New page to see a full list of the newly discovered devices that the scan
detected. Figure 4 illustrates this page.
This page is only visible to users with the AirWave Administrator role or roles that have Allow
authorization of Devices enabled in AMP Setup > Roles.
Figure 4 Devices > New Page Illustration
The Cisco Discovery Protocol (CDP)
CDP uses the polling interval configured for each individual Cisco switch or router on the Groups > List
page. AirWave requires read-only access to a router or switch for all subnets that contain wired or
wireless devices. The polling interval is specified on the Groups > Basic page.
Adding Devices into AirWave
If AirWave doesn't discover devices automatically, there are two methods of adding devices to AirWave.
One is where you manually select your device type and model from the Add page. The other is where
you bulk import devices from a CSV file.
Adding Devices Manually
If AirWave doesn't discover devices automatically, you can manually add devices. When you add a Cisco
or Aruba device, AirWave adds the make and model into its database. When you add a universal device,
AirWave gets only basic monitoring information. If you don't provide SNMP credentials for the device,
AirWave will monitor upstream switches, RADIUS servers, and other devices in the wired network using
ICMP monitoring. Once you have added a universal device, you can view a list of its interfaces by
navigating to Devices > Manage.
14 |AirWave 8.3.0.1 | User Guide
By selecting the pencil icon next to an interface, you can assign it to be non-monitored or monitored as
Interface 1 or 2. AirWave collects this information and displays it on the Devices > Monitor page in the
Interface section. AirWave supports MIB-II interfaces and polls in/out byte counts for up to two
interfaces. AirWave also monitors sysUptime.
To add a device into AirWave:
1. Log in to the AirWave with the following credentials:
a. Username: admin
b. Password: admin password.
2. Navigate to Devices > New, then click Add.
3. From the Device Setup > Add page, select the device from the drop-down menu.
Figure 5 Selecting the Device
4. Select Add.
5. From the Add page, enter the device communications settings and location settings. The
configuration options on this page vary depending on the device. See Table 3 for information
about each setting.
When adding an Aruba device, be sure to add controllers and switches to separate groups.
6. At the bottom of the page, set the device management mode to Monitor Only or Management
read/write.
If you select Manage read/write, AirWave overwrites existing device settings with the
Groups settings. Place newly discovered devices in Monitor read/only mode to enable
auditing of actual settings instead of Group Policy settings. For more information, refer to
Management Modes in the latest AirWave User Guide.
7. Select Add to finish adding the device to the network.
Table 3 describes the settings on the Add Page.
AirWave 8.3.0.1 | User Guide Discovering, Adding, and Auditing Devices | 15
Setting Default Description
Name None User-configurable name for the AP (maximum of 20
characters).
IP Address None IP address of the device (required). AirWave supports IPv4
and IPv6 addresses.
SNMP Port 161 The port AirWave uses to communicate with the AP using
SNMP.
SSH Port 22 For devices that support SSH, specify the SSH port
number.
Community
String
(Confirm)
Taken from Device Setup
> Communication
Community string used to communicate with the AP.
NOTE: The Community String should have RW (Read-
Write) capability. New, out-of-the-box Cisco devices
typically have SNMP disabled and a blank user name and
password combination for HTTP and Telnet. Cisco
supports multiple community strings per AP.
SNMPv3
Username
Taken from Device Setup
> Communication
User name of the SNMP v3 user on the controller. If you
are going to manage configuration for the device, this field
provides a read-write user account (SNMP, HTTP, and
Telnet) within the Cisco Security System for access to
existing APs. AirWave initially uses this user name and
password combination to control the Cisco AP. AirWave
creates a user-specified account with which to manage the
AP if the User Creation Options are set to Create and
user specified as User.
Auth
Password
Taken from Device Setup
> Communication
SNMPv3 authentication password.
NOTE: SNMPv3 supports three security levels: (1) no
authentication and no encryption, (2) authentication and
no encryption, and (3) authentication and encryption.
AirWave currently only supports authentication and
encryption.
Privacy
Password
(Confirm)
Taken from Device Setup
> Communication
SNMPv3 privacy password.
NOTE: SNMPv3 supports three security levels: (1) no
authentication and no encryption, (2) authentication and
no encryption, and (3) authentication and encryption.
AirWave currently only supports authentication and
encryption.
SNMPv3 Auth
Protocol
Taken from Device Setup
> Communication
Specifies the SNMPv3 auth protocol, either MD5 or SHA-1.
SNMPv3
Privacy
Protocol
Taken from Device Setup
> Communication
Specifies the SNMPv3 Privacy protocol as either DES or
AES. This option is not available for all devices.
Table 3: Device Communication and Location Fields and Default Values
16 |AirWave 8.3.0.1 | User Guide
Setting Default Description
Telnet/SSH
Username
Taken from Device Setup
> Communication
Telnet user name for existing Cisco IOS APs. AirWave uses
the Telnet user name/password combination to manage
the AP and to enable SNMP if desired.
NOTE: New, out-of-the-box Cisco IOS-based APs typically
have SNMP disabled with a default telnet user name of
Cisco and default password of Cisco. This value is
required for management of any existing Cisco IOS-based
APs.
Telnet/SSH
Password
(Confirm)
Taken from Device Setup
> Communication
Telnet password for existing Cisco IOS APs. AirWave uses
the Telnet user name/password combination to manage
the AP and to enable SNMP if desired.
NOTE: New, out-of-the-box Cisco IOS-based APs typically
have SNMP disabled with a default telnet user name of
Cisco and default password of Cisco. This value is required
for management of any existing Cisco IOS-based APs.
enable
Password
(Confirm)
Taken from Device Setup
> Communication
Password that allows AirWave to enter enable mode on
the device.
Adding Devices from a CSV File
You can use a CSV file to bulk add devices to AirWave. If you specify the vendor name, AirWave
automatically determines the correct type while bringing up the device. If your CSV file includes make
and model information, AirWave will add the information provided in the CSV file as it did before.
AirWave will not override what you have specified in this CSV file in any way.
Use the example provided on the bottom of the page, or click the blue "Download a sample CSV file"
link to save the sample as a CSV file and edit the contents with an external application.
To import a CSV file:
1. From the Device Setup > Add page, click the blue Import Devices via CSV link. The Upload a
list of devices page displays. See Figure 6.
AirWave 8.3.0.1 | User Guide Discovering, Adding, and Auditing Devices | 17
Figure 6 Adding Devices from CSV File
2. Select a group and folder into which to import the list of devices.
3. Click Choose File to select the CSV file on your computer.
4. Click Upload to add the devices from the list into AirWave.
Supported Devices
For information on supported devices, refer to the latest Supported Devices Guide.
Aruba Mobility Controllers
AirWave supports global and group-level configuration of Aruba mobility controllers. Several controllers
can work together with APs to provide a hierarchical and redundant mobility controller system.
The mobility controller system provides:
nAP tunnel termination and translational bridging
nGRE tunnel between each AP and a mobility controller
nA virtual connection point to wireless clients
nFrame translation from 802.11 to 802.3 and 802.3 to 802.11, including encryption and decryption of
wireless traffic
nQuality of Service (QoS) and traffic prioritization
Working alone or in conjunction with ClearPass, the mobility controller authenticates wireless clients
and includes a stateful firewall that can be configured to filter wireless traffic.
In this document, mobility controllers are also called access devices. For information about controller
configuration, refer to the AirWave 8.3.0.1 Controller Configuration Guide.
Instant Access Points
Aruba Instant (Instant) is a system of access points in a Layer 2 subnet. The Instant APs (IAPs) are
controlled by a single IAP that serves a dual role as both an IAP and primary Virtual Controller (VC),
eliminating the need for dedicated controller hardware. This system can be deployed through a
18 |AirWave 8.3.0.1 | User Guide
simplified setup process appropriate for smaller organizations, or for multiple geographically dispersed
locations without an on-site administrator.
With AirWave, IT can centrally configure, monitor, and troubleshoot ArubaInstant WLANs, upload new
software images, track devices, generate reports, and perform other vital management tasks, all from a
remote location.
A Virtual Controller or Instant AP can authenticate to the AirWave server using a pre-shared key, or
using two-way certificate-based authentication using an SSL certificate sent from AirWave to the Instant
device. Virtual Controllers push data to AirWave via HTTPS. If your enterprise has a security policy that
restricts the use of port 443 for inbound communication, you can change the port AirWave uses to
communicate with Instant devices.
For additional information about Instant AP configuration, refer to the Aruba Instant in AirWave
Deployment Guide.
ArubaOS-S Switches and ArubaOS-CX Switches
AirWave supports group-level configuration of ArubaOS-S Switches and ArubaOS-CX Switches. These
switches connect APs, wired clients and other endpoints to the network. Working alone or in
conjunction with ClearPass, the ArubaOS-S Switches provide authentication, authorization and
accounting.
In this document, ArubaOS-S Switches are also called access switches, and ArubaOS-CX Switches are
also called core and aggregation switches. For information about switch configuration, refer to the
AirWave 8.3 Switch Configuration Guide.
Verifying the Device Configuration
When you have placed a newly discovered device in to a group and set the management mode to
Monitor Only, the next step is to check the device configuration status. Determine whether AirWave will
apply changes to the device if you change the management mode to Manage Read/Write.
AirWave uses SNMP or Telnet to read a device’s configuration. SNMP is used for Cisco controllers. Aruba
devices and wired routers and switches use Telnet/SSH to read device configuration. See Individual
Device Support and Firmware Upgrades on page 236 for more details.
To verify the device configuration status:
1. Navigate to the Devices > List, then locate the device in the Device list.
2. Check the configuration status in the Configuration column:
nindicates that the device is in Monitor Only mode. AirWave won't make any device
configuration changes.
nGood indicates that all of the device's current settings match the group policy settings. AirWave
won't make any changes to the device configuration when the management mode changes to
Manage Read/Write.
nError indicates that there is a problem with the device configuration. Click the blue Error link to
access the Device Configuration page and review the error.
nMismatch indicates that at least one of the device's current configuration settings doesn't
match the group policy. AirWave will push configuration changes to the device when the
management mode changes to Manage Read/Write.
3. If there is a configuration mismatch, from the Device Configuration page, click the blue Error link
toview the device configuration settings and it with the group configuration. When the device
AirWave 8.3.0.1 | User Guide Discovering, Adding, and Auditing Devices | 19
management mode is set to Manage Read/Write, the settings on the right side of the Compare
Configurations page will be pushed to the device.
4. Review the list of changes to be applied to the device to determine whether the changes are
appropriate. If not, you need to change the group settings or move the device to another group.
Authorizing Devices to AirWave from Devices > New Page
Once you have discovered devices on your network, add these devices to a group and specify whether
the device is to be placed in Manage Read/Write or Monitor Only mode. To configure a new group,
refer to Using Device Groups on page 24.
In Manage Read/Write mode, AirWave compares the device’s current configuration settings with the
Group configuration settings and automatically updates the device’s configuration to match the Group
policy.
In Monitor Only mode, AirWave updates the firmware, compares the current configuration with the
policy, and displays any discrepancies on the Devices > Audit page, but does not change the
configuration of the device.
Put devices in Monitor Only mode when they are added to a newly established device group. This
avoids overwriting any important existing configuration settings.
Once you have added several devices to the Group, and verified that no unexpected or undesired
configuration changes will be made to the devices, you can begin to put the devices in Manage
Read/Write mode using the Devices > Manage or the Modify these devices link on any list page.
Perform the following steps to add a newly discovered device to a group:
1. Browse to the Devices > New page. The Devices > New page displays all newly discovered
devices, the related controller (when known/applicable) and the device vendor, model, LAN MAC
Address, IP Address, and the date/time of discovery.
2. Select the group and folder to which the device will be added from the drop-down menu (the
default group appears at the top of the Group listing). Devices cannot be added to a Global
Group; groups designated as Global Groups cannot contain access points.
3. Select either the Monitor Only or the Manage Read/Write radio button and select Add.
4. At this point, you can go to the Devices > List page and select the folder(s) to which you have
assigned one or more devices to verify that your device has been properly assigned. If you want
to assign a device to the Ignored page or delete it entirely from AirWave, go to step on page 19.
If you select Manage Select Devices, AirWave automatically overwrites existing device
settings with the specified group settings. Placing newly discovered devices in Monitor mode
is strongly recommended until you can confirm that all group configuration settings are
appropriate for that device.
5. If you do not want to manage or monitor a discovered device, you may select the device(s) from
the list and select either Ignore or Delete. If you choose to Ignore the devices, they will not be
displayed in the Devices > New list, even if they are discovered in subsequent scans. You can
view a list of all Ignored devices on the Devices > Ignored page. If you choose to Delete the
device, it will be listed on the Devices > New list if discovered by AirWave in a subsequent scan.
Refer to Ignoring Discovered Devices on page 19.
Ignoring Discovered Devices
20 |AirWave 8.3.0.1 | User Guide
You might want to ignore a discovered device. If you know that the device will be down temporarily, you
can add it to the ignore list and then remove it from the ignored list when it is online again.
If AirWave discovers an ignored device in a subsequent scan, it doesn't display the device in the list of
new devices on the Devices > New page. However, AirWave lists a deleted device on this page if it
discovers it again.
To ignore a device:
1. Go to the Devices > New page.
2. Select the checkbox beside the device, and then select Ignore Selected Devices from the drop-
down menu. You can select more than one at a time.
Figure 7 Devices > New Page Illustration
Unignoring a Device
Perform these steps to return an ignored device to a managed status.
1. To view all devices that are ignored, go to the Devices > Ignored page.
Figure 8 Devices > Ignored Page Illustration
2. This page provides the following information for any ignored device:
nDevice name or MAC address, when known
nController associated with that device
nDevice type
nDevice IP address
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74
  • Page 75 75
  • Page 76 76
  • Page 77 77
  • Page 78 78
  • Page 79 79
  • Page 80 80
  • Page 81 81
  • Page 82 82
  • Page 83 83
  • Page 84 84
  • Page 85 85
  • Page 86 86
  • Page 87 87
  • Page 88 88
  • Page 89 89
  • Page 90 90
  • Page 91 91
  • Page 92 92
  • Page 93 93
  • Page 94 94
  • Page 95 95
  • Page 96 96
  • Page 97 97
  • Page 98 98
  • Page 99 99
  • Page 100 100
  • Page 101 101
  • Page 102 102
  • Page 103 103
  • Page 104 104
  • Page 105 105
  • Page 106 106
  • Page 107 107
  • Page 108 108
  • Page 109 109
  • Page 110 110
  • Page 111 111
  • Page 112 112
  • Page 113 113
  • Page 114 114
  • Page 115 115
  • Page 116 116
  • Page 117 117
  • Page 118 118
  • Page 119 119
  • Page 120 120
  • Page 121 121
  • Page 122 122
  • Page 123 123
  • Page 124 124
  • Page 125 125
  • Page 126 126
  • Page 127 127
  • Page 128 128
  • Page 129 129
  • Page 130 130
  • Page 131 131
  • Page 132 132
  • Page 133 133
  • Page 134 134
  • Page 135 135
  • Page 136 136
  • Page 137 137
  • Page 138 138
  • Page 139 139
  • Page 140 140
  • Page 141 141
  • Page 142 142
  • Page 143 143
  • Page 144 144
  • Page 145 145
  • Page 146 146
  • Page 147 147
  • Page 148 148
  • Page 149 149
  • Page 150 150
  • Page 151 151
  • Page 152 152
  • Page 153 153
  • Page 154 154
  • Page 155 155
  • Page 156 156
  • Page 157 157
  • Page 158 158
  • Page 159 159
  • Page 160 160
  • Page 161 161
  • Page 162 162
  • Page 163 163
  • Page 164 164
  • Page 165 165
  • Page 166 166
  • Page 167 167
  • Page 168 168
  • Page 169 169
  • Page 170 170
  • Page 171 171
  • Page 172 172
  • Page 173 173
  • Page 174 174
  • Page 175 175
  • Page 176 176
  • Page 177 177
  • Page 178 178
  • Page 179 179
  • Page 180 180
  • Page 181 181
  • Page 182 182
  • Page 183 183
  • Page 184 184
  • Page 185 185
  • Page 186 186
  • Page 187 187
  • Page 188 188
  • Page 189 189
  • Page 190 190
  • Page 191 191
  • Page 192 192
  • Page 193 193
  • Page 194 194
  • Page 195 195
  • Page 196 196
  • Page 197 197
  • Page 198 198
  • Page 199 199
  • Page 200 200
  • Page 201 201
  • Page 202 202
  • Page 203 203
  • Page 204 204
  • Page 205 205
  • Page 206 206
  • Page 207 207
  • Page 208 208
  • Page 209 209
  • Page 210 210
  • Page 211 211
  • Page 212 212
  • Page 213 213
  • Page 214 214
  • Page 215 215
  • Page 216 216
  • Page 217 217
  • Page 218 218
  • Page 219 219
  • Page 220 220
  • Page 221 221
  • Page 222 222
  • Page 223 223
  • Page 224 224
  • Page 225 225
  • Page 226 226
  • Page 227 227
  • Page 228 228
  • Page 229 229
  • Page 230 230
  • Page 231 231
  • Page 232 232
  • Page 233 233
  • Page 234 234
  • Page 235 235
  • Page 236 236
  • Page 237 237
  • Page 238 238
  • Page 239 239
  • Page 240 240
  • Page 241 241
  • Page 242 242
  • Page 243 243
  • Page 244 244
  • Page 245 245
  • Page 246 246
  • Page 247 247
  • Page 248 248
  • Page 249 249
  • Page 250 250
  • Page 251 251
  • Page 252 252
  • Page 253 253
  • Page 254 254
  • Page 255 255
  • Page 256 256
  • Page 257 257
  • Page 258 258
  • Page 259 259
  • Page 260 260
  • Page 261 261
  • Page 262 262
  • Page 263 263
  • Page 264 264
  • Page 265 265
  • Page 266 266
  • Page 267 267
  • Page 268 268
  • Page 269 269
  • Page 270 270
  • Page 271 271
  • Page 272 272
  • Page 273 273
  • Page 274 274
  • Page 275 275
  • Page 276 276
  • Page 277 277
  • Page 278 278
  • Page 279 279
  • Page 280 280
  • Page 281 281
  • Page 282 282
  • Page 283 283
  • Page 284 284
  • Page 285 285
  • Page 286 286
  • Page 287 287
  • Page 288 288
  • Page 289 289
  • Page 290 290
  • Page 291 291
  • Page 292 292
  • Page 293 293
  • Page 294 294
  • Page 295 295
  • Page 296 296
  • Page 297 297
  • Page 298 298
  • Page 299 299
  • Page 300 300
  • Page 301 301
  • Page 302 302
  • Page 303 303
  • Page 304 304
  • Page 305 305
  • Page 306 306
  • Page 307 307
  • Page 308 308
  • Page 309 309
  • Page 310 310
  • Page 311 311
  • Page 312 312
  • Page 313 313
  • Page 314 314
  • Page 315 315
  • Page 316 316
  • Page 317 317
  • Page 318 318
  • Page 319 319
  • Page 320 320
  • Page 321 321
  • Page 322 322
  • Page 323 323
  • Page 324 324
  • Page 325 325
  • Page 326 326
  • Page 327 327
  • Page 328 328
  • Page 329 329
  • Page 330 330
  • Page 331 331
  • Page 332 332
  • Page 333 333
  • Page 334 334
  • Page 335 335
  • Page 336 336
  • Page 337 337
  • Page 338 338
  • Page 339 339
  • Page 340 340
  • Page 341 341
  • Page 342 342
  • Page 343 343
  • Page 344 344
  • Page 345 345
  • Page 346 346
  • Page 347 347
  • Page 348 348
  • Page 349 349
  • Page 350 350
  • Page 351 351
  • Page 352 352
  • Page 353 353
  • Page 354 354
  • Page 355 355
  • Page 356 356
  • Page 357 357
  • Page 358 358
  • Page 359 359
  • Page 360 360
  • Page 361 361
  • Page 362 362
  • Page 363 363
  • Page 364 364
  • Page 365 365
  • Page 366 366
  • Page 367 367
  • Page 368 368
  • Page 369 369
  • Page 370 370
  • Page 371 371
  • Page 372 372
  • Page 373 373
  • Page 374 374
  • Page 375 375
  • Page 376 376
  • Page 377 377
  • Page 378 378
  • Page 379 379
  • Page 380 380
  • Page 381 381
  • Page 382 382
  • Page 383 383
  • Page 384 384
  • Page 385 385
  • Page 386 386
  • Page 387 387
  • Page 388 388
  • Page 389 389
  • Page 390 390
  • Page 391 391
  • Page 392 392
  • Page 393 393
  • Page 394 394
  • Page 395 395
  • Page 396 396
  • Page 397 397
  • Page 398 398
  • Page 399 399
  • Page 400 400
  • Page 401 401
  • Page 402 402
  • Page 403 403
  • Page 404 404
  • Page 405 405
  • Page 406 406
  • Page 407 407
  • Page 408 408
  • Page 409 409
  • Page 410 410
  • Page 411 411
  • Page 412 412
  • Page 413 413
  • Page 414 414
  • Page 415 415
  • Page 416 416
  • Page 417 417
  • Page 418 418
  • Page 419 419
  • Page 420 420
  • Page 421 421
  • Page 422 422
  • Page 423 423
  • Page 424 424
  • Page 425 425
  • Page 426 426
  • Page 427 427
  • Page 428 428
  • Page 429 429
  • Page 430 430
  • Page 431 431
  • Page 432 432
  • Page 433 433
  • Page 434 434
  • Page 435 435
  • Page 436 436
  • Page 437 437
  • Page 438 438
  • Page 439 439
  • Page 440 440
  • Page 441 441
  • Page 442 442
  • Page 443 443
  • Page 444 444
  • Page 445 445
  • Page 446 446
  • Page 447 447
  • Page 448 448
  • Page 449 449
  • Page 450 450
  • Page 451 451
  • Page 452 452
  • Page 453 453
  • Page 454 454
  • Page 455 455
  • Page 456 456
  • Page 457 457
  • Page 458 458
  • Page 459 459
  • Page 460 460
  • Page 461 461

Aruba AWMS-HW-PRO User guide

Category
Software
Type
User guide
This manual is also suitable for

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI