AOS-CX CENTRAL ONBOARDING AND ZTP
WORKFLOWS
2
.
TABLE OF CONTENTS
1 DOCUMENT VERSION CONTROL...........................................................................................................3
2 AOS-CX ONBOARDING TO CENTRAL WITH TEMPLATE GROUPS ..............................................4
3 AOS-CX ONBOARDING WORKFLOWS WITH TEMPLATE GROUPS ............................................5
3.1 ZTP onboarding and firmware upgrade for factory default (standalone) switches .................................5
3.2 VSF stack auto-join and onboarding in Central template groups ............................................................5
3.3 Onboarding pre-provisioned switches to Central .....................................................................................5
3.4 One Touch Provisioning (OTP) ...............................................................................................................6
4 MANAGING AOS-CX SWITCHES IN TEMPLATE GROUPS ............................................................10
4.1 High-level definitions .............................................................................................................................10
4.2 Managing device types in Central ..........................................................................................................10
4.2.1 VSF stack formation with Template groups .......................................................................................10
4.2.2 VSX configuration management with Template groups .....................................................................11
5 MOVING DEVICES FROM TG TO UI GROUP (BROWNFIELD) .....................................................11
3
.
1 Document Version Control
Rev No. Date Description of Changes
0.00 10/19/2022 Initial Draft (Jobin Joseph)
0.01 10/21/2022 Incorporated initial feedback (Jobin Joseph)
0.02 10/26/2022 Added high level definitions and notes for auto-commit status (Jobin
Joseph)
1.0 01/20/2023 Added template group onboarding workflows including ZTP scenarios
(Jobin Joseph)
1.1 05/12/2023 Added OTP scenarios for preconfiguring AOS-CX switches and VSF
stacks using CX Mobile App
4
.
2 AOS-CX Onboarding to Central with Template groups
Add AOS-CX switches to Central
device inventory with subscription and
application assignment
Create template groups with the golden
template for each device persona in
Central
Upload variables file for each of the
template groups created (contains
device serial and mac)
(Optional)
Set firmware compliance for the
intended AOS-CX version in Central
‘default’ group and all newly created
template groups
Connect the uplink from AOS-CX
switch to Central
Is the switch in
factory default
state or zeroized?
Yes
No
Is this a VSF
stack device?
Note: For VSF stack
formation in Central TG, all
stack members must be in
factory default state or
zeroized and only conductor
and standby member need
uplink connectivity
Yes
Switches
onboard to
‘default’ group
(must for VSF).
Firmware
compliance
kicks in
Move only the
conductor to
pre-configured
TG
VSF config is
pushed to
conductor and
other members
join the group
Pre-provision
switch to TG.
Switch onboards
to ‘default’
group if not pre-
provisioned
Move switch to
group that is pre-
configured with
desired template
config for config
push and sync
Note: For VSX config, both primary and
secondary member should be managed with
a single template and no vsx sync config
No
Pre-provision
switch to TG.
Switch are listed in
Central as ‘un-
provisioned’ if they
are not pre-
provisioned
Move un-
provisioned
switches to the
desired TG for
firmware
compliance and
configuration push
Note: For VSF stacks
formed outside of Central,
move only the conductor
from unprovisioned to the
intended TG. Members
join automatically after
successful config push.
Note: If firmware compliance is set for the
TG, then template/s should be created for
the specific firmware version instead of ‘All’
5
.
Note:
• Users have the option to import configuration from the switch to the template in TG if the template has not been
setup already.
• If users wish to move devices to their intended group without triggering the configuration push from Central
immediately, they have the option to disable auto-commit for the TG and choose the ‘commit now’ option to
trigger configuration push and synchronization with Central when needed.
3 AOS-CX onboarding workflows with Template Groups
3.1 ZTP onboarding and firmware upgrade for factory default (standalone)
switches
1. Create template group in Central with the software version in template/s set to the desired version
2. Add the desired configuration (golden template) and variables for the TG
3. Set firmware compliance for the group to the desired switch version
4. In the CCS device inventory, add the serial number and mac address of the new switches. Also add assignment
and subscription for them
5. In Central Organization, pre-provision the devices to the desired TG. Optionally, users can choose to have
the devices onboarded to the ‘default’ group and then move them to the desired TG
6. The desired configuration is pushed to switches and status shows ‘in sync’ in Central
3.2 VSF stack auto-join and onboarding in Central template groups
1. The VSF auto-join functionality with template groups is available for AOS-CX releases 10.07 and higher
only. For AOS-CX releases 10.06 and lower, the VSF stack will need to be formed outside of Central.
2. All members of the VSF stack should be in their factory default state and physical links for VSF should be
connected. Central uplink connectivity is required only for conductor and standby member
3. Create TG with desired configuration for the VSF stack
4. Add all members to CCS device inventory along with assignment and subscription
5. Set firmware compliance in the ‘default’ group to the desired version for the switches
6. All members onboard to the default group (must for VSF)
7. Move only the conductor to the pre-configured template group
8. All other members join the VSF stack join the group automatically and have their configuration synced
Note: For VSF stacks that have already been setup before onboarding to Central, the uplink connectivity to Central
should be setup only for the conductor initially. Once the stack is moved to the desired TG, the standby uplink can be
connected
3.3 Onboarding pre-provisioned switches to Central
1. In the CCS device inventory, add the serial number and mac address of the switches. Also add assignment and
subscription for them
6
.
2. Connect the Central uplink for the switches. They are onboarded to the ‘un-provisioned’ devices list if not pre-
provisioned to a group already
3. Move the devices to the desired template group
4. Create a new template and import existing configuration from the switch/s
5. Upload variables file to manage multiple switches in the same template group
6. Configuration is pushed from Central to all devices in the group
3.4 One Touch Provisioning (OTP)
This option is useful for someone who wants to initially determine the switch’s management IP address, VLAN,
trunk/native status and/or the management VLAN does not offer DHCP. It is also useful in cases where the VSF stack
is pre-configured outside of Central before onboarding.
With this scenario, you have several initial config options:
Using the console port – RJ45, USB-C
Using the CX mobile app via Bluetooth
The below procedure defines the workflow for setting up a VSF stack using the CX mobile app and pushing initial
configuration (non-default) to the AOS-CX switch before onboarding to Central –
Step 1 – Setup VSF stack using CX Mobile App
1. Power all devices out-of-box
2. Cable and connect all devices members of the VSF stack as per intended VSF topology.
3. Connect the Bluetooth Dongle to the first switch that is destined as VSF-Master member.
4. On the mobile device discover and connect to the switch destined as VSF-Master member via Bluetooth
5. Open CX Mobile App and navigate to Initial Config
6. On the Device Login screen set a password for “admin” user
7
.
7. On Initial Config start the stack configuration
(Note: Stacking Automation will result in the device that is currently connected via Bluetooth becoming the Master
of the stack.)
8. The VSF-Master switch will discover the other connected devices in VSF stack (step 2) based on Link Layer
Discovery Protocol (LLDP) neighbors. The app will also collect information from the BLE beacons sent out
by the neighboring switches. The app will check to ensure that the MAC address from LLDP and the BLE
beacons match.
(Note: Any beacons with a MAC address that do not match the LLDP table will be disregarded.)
8
.
9. Assign a member as the VSF-secondary and change member IDs from the Stack Topology view.
- With the stack member selected change the member ID number using the dropdown selector or designate
it as the stack secondary using the checkbox and you can see the connection of VSF links.
- Once done editing the member, tap the Back button at the bottom of the screen.
- After all members are assigned their settings, tap Configure Members to continue.
Single VSF link Multi VSF lik
10. The CX Mobile app will then apply member IDs and secondary configuration to all switches in the stack,
which will cause each member other than the primary to reboot.
11. Once all switches have rebooted and joined the stack, the message Stack Set Up Successful! will be displayed;
tap Configure Stack to continue.
9
.
Step 2 - Apply custom template from CX Mobile App
1. Upload the template file to the CX mobile App.
2. Input the required information prompted by the template (example: VLAN 802 IP address and netmask,
default gateway, DNS server)
(Note: the CX mobile app will use the DryRun API to validate configuration entered into the template before actually
incorporating it into the running configuration)
3. Once the configuration is verified the device will be configured with a template. Before deploying action, the
proposed candidate configuration is shown for review to the operator.
Aruba CX Mobile App – VSF Stacking and Using Template videos:
Part-1: https://www.youtube.com/watch?v=qqYGEGnGjSo
Part-2: https://www.youtube.com/watch?v=EwOlB6lIzc4
Step 3 - Apply full template from Central
Note: CX VSF stack be setup using CX Mobile app before onboarding to Central. Any modifications to stack
configuration also require the stack to be taken offline from Central and then onboarded back. Details for setting up
VSF stack are available in the following slides
1. Create template group for the VSF stack in Central.
2. Create the VSF template in Central (copy & paste form a fully configured VSF switch)
Note: Update password to plaintext in Central template
3. Add and subscribe the Master and Standby members of the VSF stack in Central (other members are optional)
4. Assign the stack members to the template group in Central.
5. VSF stack will show as a single entity under switches for the template group and details of members and links
will be available.
10
.
4 Managing AOS-CX switches in template groups
4.1 High-level definitions
Groups:
Aruba Central supports provisioning AOS-CX switches in UI and template groups. Template groups allow you to
configure devices using CLI-based configuration templates. UI groups allow you to configure devices using UI-based
configuration options. The scope of this document is restricted to template group workflows.
Templates:
Templates in Aruba Central refer to a set of configuration commands that can be used by administrators for
provisioning devices in a group. Configuration templates enable administrators to apply a set of configuration
parameters simultaneously to multiple switches in a group and thus automate switch deployments.
• Note: When importing the running configuration of an AOS-CX switch to Aruba Central using template
configuration, the original running configuration that was present on the device when it was onboarded will
be used. Any changes made to the running configuration after initial onboarding of the AOS-CX switch will
not be reflected in the import running configuration feature.
Variables:
Aruba Central allows you to configure multiple devices in bulk using templates. However, in some cases, the
configuration parameters may vary per device. To address this, Aruba Central identifies some customizable CLI
parameters as variables and allows you to modify the definitions for these variables as per your requirements.
You can download a sample file with variables for a template group or for the devices deployed in a template group,
update the variable definitions, upload the file with the customized definitions, and apply these configuration changes
in bulk.
• Note:
o Variables are associated to a device and not to a group. If you move a device between
groups, variables remain with the device.
o Variables are displayed as part of the group to which the device belongs. After you upload
the variables for a device, the association would stay in the system even if the device is moved to a UI
group or template group.
o If the device is part of a UI group, variables are unused and not displayed in the UI. Aruba Central
ignores the variables.
o If the device is moved to a template group, variables are displayed in the UI and used for
configuration purposes.
Default group:
A factory default (or zeroized) AOS-CX switch will be added to the default groups when onboarded to Central if it
was not pre-provisioned to a group already. The default group is a UI group.
• Note: For successful ZTP onboarding of AOS-CX VSF stacks, users should not set a group level password or
any configuration in the default group since that will undo the factory default state of the VSF stack members.
Unprovisioned devices:
Pre-configured (non-factory-default) switches are listed under unprovisioned devices in Central if they have not been
pre-provisioned to a group already. ‘Unprovisioned’ is not a group in Central but only a placeholder for the switches.
4.2 Managing device types in Central
4.2.1 VSF stack formation with Template groups
Pre-requisites –
All switches in the VSF stack are added to the device inventory and assigned with a valid license.
All switches in the VSF stack are set to the factory default configuration.
All switches in the VSF stack are running AOS-AOS-CX 10.07 or later firmware versions.
All switches in the VSF stack are of the same switch series.
11
.
Members in the VSF stack other than the conductor should not have uplink connectivity. Otherwise, auto-
stacking will not work.
The VSF member 1 line must be present in the configuration template for stackable AOS-AOS-CX switches
running 10.07 or later versions. This is required to apply configuration to the switches. Also, the vsf member
1 line cannot be removed from the template.
All switches in the VSF stack must be physically connected in the chain or ring topology on the ports reserved for
auto-stacking. For auto-stacking to work, the members should be connected in the direction of the higher
denomination port to the lower denomination port.
The following ports are reserved for auto-stacking:
o 24-port switch models— Ports 25 and 26
o 48-port switch models— Ports 49 and 50
Connect the uplink to the switch that should act as the conductor. The switch will connect to Aruba Central as a
standalone device and will be added to the assigned template group.
Once the switch is added to the template group, Aruba Central pushes the template group configuration to the switch.
After the configuration is pushed, starting with the second switch, each switch in the stack reboots automatically and
joins the stack one after another. Each member may take up to 10 minutes to join the stack.
4.2.2 VSX configuration management with Template groups
Aruba Central provides support for VSX by displaying information about the configurations of the switches and the
status of the inter-switch link (ISL) between the switches.
It is recommended to have a single template (with variables file) manage configuration for both the primary
and secondary VSX members.
The following limitations apply when configuring VSX or viewing VSX data for AOS-AOS-CX switches in Aruba
Central:
Enabling VSX synchronization using template configuration in Aruba Central is not recommended. By
enabling VSX synchronization, the peer switch might get into an unknown configuration state.
Last synced data is not displayed on the VSX page in Aruba Central.
5 Moving devices from TG to UI group (brownfield)
Aruba Central supports managing AOS-CX switches configuration using UI groups. You can configure AOS-
CX switches that are added to a UI group, using the UI options and MultiEdit mode.
One of the recommended workflows for managing AOS-CX switches in UI groups is to first onboard them to
template groups and then move them to UI groups while preserving the full configuration of the switches.
This can be done at the Global Groups management tab in Central where you have the option to retain
configuration when the AOS-CX switch is moved from TG to UI group –
-
1
-
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
Ask a question and I''ll find the answer in the document
Finding information in a document is now easier with AI
Related papers
Other documents
-
ResMed AirFit F30 Operating instructions
-
Digisol DIGISOL 24/ 48 Port Gigabit Ethernet Access Layer 3 Switch User manual
-
LG-Ericsson iPECS SBG-1000 User manual
-
Ericsson MFIM300 Feature Description And Operation Manual
-
Cobalt Digital 9990-DEC-MPEG MPEG4 AVC and MPEG2 Decoder User manual
-
AJA IPT-1G-SDI User manual
-
Vertical summit 800 Operating instructions
-
iPECS UCP Feature Description And Operation Manual