Aruba Central User guide

Aruba

SD-WAN Solution

User Guide

Revision 01 | June 2020 Aruba SD-WAN Solution | User Guide

Copyright Information

Open Source Code

This product includes code licensed under the GNU General Public License, the GNU Lesser General Public

License, and/or certain other open source licenses. A complete machine-readable copy of the source code

corresponding to such code is available upon request. This offer is valid to anyone in receipt of this information

and shall expire three years following the date of the final distribution of this product version by Hewlett

Packard Enterprise Company. To obtain such source code, send a check or money order in the amount of US

$10.00 to:

Hewlett Packard Enterprise Company

6280 America Center Drive

San Jose, CA 95002

USA

Contents

Contents 3

About This Document 18

Intended Audience 18

Related Documents 18

Conventions 18

Contacting Support 19

Aruba SD-Branch Solution 20

Why SD-WAN? 20

Key Features and Benefits 20

Understanding SD-WAN 21

What are the Solution Requirements? 23

At the Branch Site 23

At the Data Center 23

In the Cloud 23

Supported Aruba Gateways 24

Getting Started 26

Onboarding Devices to Aruba Central 26

Manually Adding Devices to Inventory 27

Assigning Subscriptions to Aruba Gateways 27

Gateway Subscriptions 27

Gateway Subscriptions with Security License 28

Assigning Subscriptions to Gateways 28

Virtual Gateway Subscriptions 29

Assigning Subscriptions to Virtual Gateways 29

Assigning Gateways to a Group 30

Aruba Gateway Groups for SD-WAN Deployments 30

Important Points to Note 30

Assigning Gateways to Sites 31

Assigning Labels to Gateways 31

Assigning a Group Role to an Aruba Gateway Group 31

Gateways in MSP Mode 32

Connecting Aruba Gateways to Aruba Central 32

Recovering an Aruba Gateway 34

Using the disaster-recovery on command in the Gateway's Local Configuration 34

Using the branchsupport account 34

Aruba SD-WAN Solution | User Guide Contents | 3

4| Contents Aruba SD-WAN Solution | User Guide

Configuring Communication Ports 34

Certificates 35

Uploading Certificates 35

Managing Certificates on Instant APs Configured Using Templates 36

Provisioning Aruba Gateways in Aruba Central 37

Different Modes of Configuring Gateways and Gateway Groups 37

Configuring Branch Gateway Groups Using the Guided Setup 38

Before You Begin 38

Configuring a Branch Gateway Group using the Guided Setup 38

39

Configuring System Parameters for a Branch Gateway Group 39

Configuring a LAN Interface for a Branch Gateway Group 41

Configuring a WAN Interface for a Branch Gateway Group 42

Configuring VPN Hubs and Routing Profiles for a Branch Gateway Group 44

Configuring Policies for a Branch Gateway Group 45

Configuring Branch Gateways Using the Guided Setup 50

Before You Begin 50

Configuring a Branch Gateway Device in the Guided Setup 50

Configuring a System IP Address for a Branch Gateway 51

Configuring a LAN Interface for a Branch Gateway 51

Configuring a WAN Interface for a Branch Gateway 53

Configuring Routing Profiles for a Branch Gateway 54

Configuring LANRedundancy for High Availability 55

Configuring VPN Concentrator Group Using the Guided Setup 55

Before You Begin 55

Configuring a VPNC Group in the Guided Setup 55

56

Configuring System Parameters for a VPNCGroup 56

Configuring a VLAN Interface for a VPNCGroup 58

Configuring VPN Routing Profiles for a VPNCGroup (Static Routing) 59

Configuring Route Maps 60

Configuring Overlay Routing 63

Configuring VPN Concentrators Using the Guided Setup 64

Before You Begin 64

Configuring a VPN Concentrator in the Guided Setup 65

Configuring a System IP Address for a VPN Concentrator 65

Configuring a LAN Interface for a VPN Concentrator 65

Configuring a WAN Interface for a VPN Concentrator 66

Configuring SDWANand Routing Profiles for a VPN Concentrator 67

Configuring Route Maps 67

Configuring OSPF 71

Configuring BGP 72

Configure Overlay Routing 74

Deploying Aruba Virtual Gateways 77

Deploying Aruba Virtual Gateways in AWS 77

Virtual Gateway Sizing 78

Features Supported by Virtual Gateway 78

Virtual Gateway Redundancy 78

Software Image for Virtual Gateways 78

Deployment Procedure 78

Additional References 79

Deploying Aruba Virtual Gateways in AWS (Managed Mode) 79

Orchestration Workflow 79

Setting up a Virtual Gateway Instance using the Orchestration Service 80

Creating a VPC 80

Configuring an Internet Gateway for the VPC 81

Creating a Security Group 81

Configuring a Key Pair 82

Creating a Cloud Provider Account in Aruba Central 82

Creating a Role ARN 83

Deploying Virtual Gateways from Aruba Central 86

Verifying the Aruba VGW deployment on AWS 89

Deploying Aruba Virtual Gateways in AWS (Unmanaged Mode) 91

Creating a VPC for Virtual Gateway Instance on AWS 92

Creating a Security Group 92

Creating a Network Interface 93

Launching a Virtual Gateway Instance 95

Generating User Data in Aruba Central 96

Uploading the User Data to the Virtual Gateway Instance in AWS Instance 96

Troubleshooting Deployment Issues 97

Provisioning Virtual Gateways to Groups 97

Monitoring Virtual Gateways 97

Deploying Aruba Virtual Gateway in Microsoft Azure (Managed Mode) 97

Setting up a Virtual Gateway Instance using the Orchestration Service 98

Deployment Procedure 98

Additional References 98

Registering a New Application in Azure 98

Creating a Client Secret 99

Aruba SD-WAN Solution | User Guide Contents | 5

6| Contents Aruba SD-WAN Solution | User Guide

Adding the Application Permissions 100

Setting up Access control and Role Assignments 101

Viewing the Application IDs 101

Creating a Resource Group 102

Creating a Storage Account 103

Configuring Containers 104

Creating a VNET 105

Uploading the Aruba Virtual Gateway Software Image 106

Creating SSH keys 106

Creating a Security group 106

Adding a Cloud Provider Account in Aruba Central 107

Deploying the Virtual Gateway 109

Licensing Confirmation 111

Verifying the Deployment Status 111

Deploying Aruba Virtual Gateway in Microsoft Azure (Unmanaged Mode) 111

Virtual Machine Sizing Recommendations 112

Deployment Procedure 112

Creating a Resource Group 113

Creating a Storage Account 114

Creating a VNET 115

Creating a Network Security Group 117

Creating Security Rules 119

Configuring Subnets 120

Configuring a Gateway Subnet for a VNET 121

Configuring Subnets for Virtual Gateway Network Interfaces 121

Creating Network Interfaces 124

Uploading the Aruba Virtual Gateway Software Image 126

Creating Image and Data Disk 127

Setting up a Virtual Machine 130

Creating SSH Key Pairs 131

Generating User Data in Aruba Central 132

Verifying the Deployment Status 134

Configuring an SD-Branch Network Using the Advanced Setup 135

Configuration Checklist 135

Configuring Address Pools for Aruba Gateways 135

Configuring Gateway Pools for Aruba Gateways 136

Creating Gateway Pools for Aruba Gateways 136

Assigning a VLAN to a Gateway Pool 136

Configuring DHCP Address Pools on Aruba Gateways 137

Creating a DHCP Pool 137

Excluding IP Address Range 138

Reserving IPaddresses 139

Configuring NAT Pools 139

Creating a NAT Pool 139

Creating a Static 1:1 NAT 140

Configuring Tunnel Pools for Aruba Gateways 140

Uploading Bulk Configuration Template 141

Configuring System Information on Aruba Gateways 141

Configuring Hostname 141

Configuring System IP Address 142

Configuring a Loopback Interface 143

Setting System Clock and Time Zone 143

Configuring NTP Server 143

Enabling NTPAuthentication 143

Setting Time Zone 144

Setting the Clock to Summer Time 144

Configuring Domain Name System 144

Configuring Redirect DNS Servers 144

Configuring Dynamic Domain Name System 145

Setting Capacity Threshold 146

Configuring Device Administrator Credentials for Aruba Gateways 146

Configuring Management User Accounts for Aruba Gateways 147

Configuring Management User Authentication Options 148

Configuring WebUI Authentication 148

Configuring SSH Authentication for CLI Access 149

Enabling Ciphers and MAC Algorithms 149

Configuring Servers for Management User Authentication 150

Configuring Switching Parameters 150

Configuring AMON Receivers for Aruba Gateways 151

Configuring VLANs on Aruba Gateways 152

Adding VLANs for Aruba Gateways 152

153

Configuring VLANs for WAN Interfaces 153

153

Configuring VLANs for LAN Interfaces 153

Configuring Other Parameters for VLAN 154

Configuring SLB using NAT 156

Configuring Health-Check Profile 157

Configuring an SLB Server Group 157

Aruba SD-WAN Solution | User Guide Contents | 7

8| Contents Aruba SD-WAN Solution | User Guide

Configuring an SLB Server 158

Configuring Ports 158

Adding Ports 159

159

Configuring Ports for LAN Interfaces 159

160

Configuring Ports for WAN Interfaces 160

161

Configuring Other Parameters for Port 161

Configuring Uplinks 163

Uplink Load Balancing 163

WAN Bandwidth Optimization 164

Configuring Uplink Interfaces on Branch Gateways 164

Configuring Uplink Interfaces on VPNConcentrators 167

Managing 9004-LTE Branch Gateway 168

Configuring Uplink Interfaces on a 9004-LTE Branch Gateway 168

Viewing the 9004-LTE Gateway Details 169

WAN Tab 169

Overview Tab 170

Enabling WAN Health Check Probes 171

Monitoring WANHealth 172

Configuring WAN Interface Bandwidth Priorities 172

Creating a WAN Scheduler Profile 172

Configuring the SD-WAN Overlay Network 174

Configuration Recommendations 175

Configuring Overlay Tunnels Automatically 176

Manually Configuring Hub and Spoke VPN 176

Enabling Automatic Whitelisting of Gateways 176

Enabling Automatic Whitelisting of Branch Gateway on a VPN Concentrator 176

Enabling Automatic Whitelisting on Branch Gateways 177

Whitelisting Gateways Manually 177

Adding a VPNEndpoint on Branch Gateways 177

Adding Branch Gateways on VPNConcentrators 178

Advertising Branch Subnets to Hub Sites 179

Monitoring VPNTunnels 179

Configuring Site-to-Site VPN 180

Configuring IPsec Map for Site-to-Site VPNs 180

Enabling Dead Peer Detection 183

Configuring Dead Peer Detection Parameters 183

Configuring Site-to-Site VPN with GRE Tunnel 184

Configuring GRE Tunnels 184

Configuring Layer 2 GRE Tunnels 184

Layer 2 GRE Tunnels 184

Configuring a Layer 2 GRE Tunnel 185

Configuring Layer 3 GRE Tunnels 186

Layer 3 GRE Tunnels 186

Configuring a Layer 3 GRE Tunnel 186

Configuring Tunnel Keepalives 187

GRE Tunnel Groups 188

Configuring Tunnel Groups 188

Directing Traffic into the GRE Tunnel 189

Configuring Static Routes 189

Configuring a Firewall Policy Rule 189

Configuring IKE Policies 189

Configuring IKEv1 Policies and Dynamic Maps 189

Configuring IKEv2 Policies and Dynamic Maps 192

Routing 194

Dynamic Routing 195

Underlay Routing 195

Overlay Routing 195

Routes Configuration on Aruba Gateways 196

Configuring Static IP Routes 196

Creating a Static IP Route 196

Configuring Static Default Gateways 197

Configuring Default Gateways for Dynamic Routing 197

Routes Advertisement Using OSPF 198

OSPF Areas 198

Best Practices for OSPF Configuration 198

Workflow for Configuring OSPF Routing on VPNConcentrators 198

Enabling OSPFConfiguration 199

Configuring a Prefix List 199

Configuring Route Maps 200

Configuring Route Redistribution Criteria 203

Enabling OSPF Configuration on VLANInterfaces 204

Enabling OSPF on the Layer-3 GRETunnel Interface 205

Configuring Administrative Distance 205

Viewing OSPF Configuration Status 206

Monitoring OSPF Routes 207

Troubleshooting OSPF Configuration Issues 208

Advertising Routes Using BGP 208

Aruba SD-WAN Solution | User Guide Contents | 9

10 | Contents Aruba SD-WAN Solution | User Guide

Configuring BGP Routing on Aruba Gateways 209

Enabling BGP 209

Configuring a Prefix List 210

Configuring an IP Community List 211

Configuring Route Maps 212

Adding BGP Neighbors 215

Advertising Networks to BGP 216

Configuring Redistribution Rules for BGP Routes 217

Configuring BGP Timers 218

Configuring Multipath Selection 218

Configuring Graceful Restart 219

Configuring Administrative Distance 219

Configuring BGP over an IPsec Tunnel 220

Verifying the BGP Configuration 220

Viewing Route Table with BGP Routes 222

Troubleshooting BGP Configuration Issues 222

Routes Advertisement Using RIPv2 222

Workflow for Configuring RIPv2 Routing on Gateways 223

Enabling RIPv2 223

Configuring RIPv2 on a VLANInterface 223

Configuring RIP Timers for All VLANInterfaces on Gateways 224

Configuring Administrative Distance 225

Configuring Infinity Value for RIP Routing 225

Verifying RIP Configuration and Monitoring Routes 225

Troubleshooting RIP Configuration Issues 226

Configuring Policies for PBR 226

PBRPolicies for WANNetworks 226

Configuring Policies for PBR 227

Assigning PBRPolicies to User Role or VLAN 227

Configuring Next Hop Lists for PBR 228

Configuring Policies for Dynamic Path Steering 229

How Dynamic Path Selection Works 230

Configuring a Dynamic Path Steering Policy 230

Creating a Dynamic Path Steering Policy 230

Configuring Traffic Specification Rules 231

Configuring SLAParameters 232

Routing Traffic After Path Selection 233

SaaS Application Traffic Management with SaaS Express 233

Criteria for SaaS Express Optimal Path 233

SaaS Application Profile Parameters 233

HTTP Probes 234

DNS Resolution 234

Traffic Steering and Path Selection 234

Supported Deployment Scenarios 234

Configuring SaaS Express 235

Prerequisites 235

Configuring an SLAProfile 236

Configuring an Exit Profile 236

Configuring a SaaS Application Profile 237

Configuring DNS Servers for Path Exit 238

Configuring Aruba Gateways for Application Visibility and Control 238

Using Deep Packet Inspection 239

Creating Custom Application and Application Categories 239

Enabling DPI 240

Configuring Proxy Server on Branch Gateway for DPI 240

MonitoringApplication Usage 240

Configuring Security Policies for Application Access Control 241

Configuring Bandwidth Contracts Per Applications 241

Filtering URLs Based on Website Content and Reputation 241

Enabling Web Content Classification 242

Configuring Security Policies for Filtering Websites and IP Addresses 242

Dropping Unclassified Web Content 242

Configuring Redirect URLs for Blocked Sessions 242

Configuring IP Reputation and Filtering 243

Configure Geolocation-Based Filtering 244

MonitoringApplication Traffic 244

Enforcing a Common Security Policy for Wired and Wireless Users 244

Configuring Firewall Policies and ACLs 245

Firewall Policies for SD Branch 245

Types of ACLs 245

Configuring Aliases for Firewall Policies 246

Creating a Network Alias 246

Creating a Service Alias 246

Creating a Firewall Policy for Network Services 247

Configuring Access Rules 248

Configuring ACLs for Deep Packet Inspection 249

Creating ACLs for Application Access Control 249

Configuring ACLs for Web Content Classification 250

Configuring Global Firewall Parameters 251

Advanced Monitoring Parameters 256

Aruba SD-WAN Solution | User Guide Contents | 11

12 | Contents Aruba SD-WAN Solution | User Guide

Configuring User Roles for Clients 256

Creating a Role 256

Assigning a Policy to a Role 257

Assigning User Roles in AAA Profiles 257

Configuring a Default Role Based on Authentication Methods 258

Configuring Bandwidth Contracts 258

Assigning Bandwidth Contracts to User Roles 258

Configuring Global Bandwidth Contracts for Applications 259

Configuring Authentication Profiles 259

Configuring RADIUS Authentication Server on Aruba Gateways 260

Configuring an RFC3576 Server 262

Configuring Other External Authentication Servers on Aruba Gateways 262

Configuring an LDAP Server 262

Configuring a TACACS+ Server 263

Configuring a Windows Server 264

Configuring XML API Server 265

Configuring Server Groups 265

Creating a AAA Profile 266

Configuring Authentication Timers 268

L3 Authentication 269

269

Captive Portal Authentication 269

273

VIAAuthentication 273

Configuring VIA Authentication Profile 273

274

Configuring VIA Connection Profile 274

Attaching the VIA Connection Profile to User Role 278

Configuring VIA Web Authentication 279

VPNAuthentication 279

Applying Policies to Gateway Interfaces 282

Applying Policies for VLANs on Access Ports 282

Applying Policies for VLANs on Trunk Ports 283

Applying Route ACLs for VLAN Interfaces 283

Assigning AAA profile to VLAN Interfaces for Role Assignment 284

SDBranch Redundancy 284

Data Center Redundancy 284

VRRP Redundancy 284

Configuring Redundant Gateways for High Availability 285

285

Configuring Peer Aruba Gateways and Transport VLAN for WANRedundancy 285

287

Configuring DHCPState Synchronization 287

287

Configuring VRRP for LAN Redundancy 287

Configuring Aruba Gateways for Certificate-Based Authentication 289

Adding Certificates to Certificate Store in Aruba Central 290

Installing Certificates 290

Installing Certificates for Server Authentication 290

Installing Certificates for VPNClients 290

Configuring Revocation Checkpoint 291

Configuring Revocation Checkpoint Using OCSP 291

Configuring Revocation Checkpoint Using CRL 292

Configuring Aruba Gateways for SNMP-Based Reporting 293

Community String for SNMPv1 and SNMPv2 293

SNMP Trap Receivers 294

Viewing Gateway Configuration Status 294

Managing Configuration Overrides 294

Configuration Overrides 295

Important Points to Note 295

Limitations 295

Configuring Aruba Gateways for Syslog Message Collection 295

Configuring Logging Levels 297

SD-WANOverlay Tunnel and Route Orchestration 298

Configuring Overlay Network Using SD-WANOrchestrator 298

Prerequisites 298

Configuration Steps 298

Configuring Uplinks for Tunnel Orchestration 299

Configuring Data Center Preference 299

Enabling SD-WANOrchestrator 300

Aggregating Routes from VPN Concentrators in the Data Center 300

Additional Documents 301

Cloud Survivability 301

Advertising Overlay Routes 302

Configuring Route Maps 302

Configuring a Prefix List 305

Redistributing Overlay Routes 306

Configuring Administrative Distance 307

Viewing Overlay Routes in the Route Table 307

Aruba SD-WAN Solution | User Guide Contents | 13

14 | Contents Aruba SD-WAN Solution | User Guide

Troubleshooting Overlay Configuration Issues 308

Monitoring SD-WAN Overlay Tunnels and Routes 308

Monitoring SD-WAN Overlay Route Orchestrator 308

Overlay Route Orchestrator Summary 309

Overlay Route Orchestrator Topology 309

Route Details for Each Group and Device 309

Monitoring SD-WAN Overlay Tunnel Orchestrator 312

Overlay Tunnel Orchestrator Summary 312

Overlay Tunnel Orchestrator Topology 312

Tunnel Details for Each Group and Device 313

Aruba SD-Branch Integration with Zscaler Cloud Security Service 315

Integrating SD-Branch with ZIA 316

Setting up Tunnels to ZIA 316

Enabling Automatic Configuration of IPsec Tunnels to ZIA 316

Configuring IPsec Tunnels to ZENs Manually 317

Configuring Zscaler Nexthop List 318

Adding Nexthop List to PBR Policy 318

Verifying Tunnel Status 318

Additional References 318

Configuring Prisma Access 318

Configuring Prisma Access for Aruba SD-Branch Integration 318

Configuring Branch Gateways for Prisma Access Integration 319

Configuring IPsec Maps 319

Configuring Prisma Access Next-hop List 320

Adding Next-hop List to a Routing Policy 321

Applying Policies to Roles or VLANs 321

Verifying Tunnel Status 321

Aruba SD-Branch Integration with Prisma Access 323

Deployment Scenarios 323

Branch Gateways to Prisma Access 323

Regional Hub to Prisma Access 324

Supported IKE and IPSec Cryptographic Profiles 325

Aruba SD-Branch Integration with Check Point 327

Supported IKE and IPsec Cryptographic Profiles 327

Configuration Steps 327

Configuring Check Point for SD-Branch Integration 328

Configuring Aruba Gateways for Integration with Check Point 330

Configuring IPsec Tunnels to Check Point 330

Configuring a Next-hop List 332

Adding the Next-hop List to a Routing Policy 332

Applying Policies to a Role or VLAN 333

Verifying Tunnel Status 334

Aruba SD-Branch Integration with Symantec WSS 335

Integration Overview 335

Role-Based and Application-Based Routing 336

Branch Gateway to WSS 336

Supported IKE and IPSec Cryptographic Profiles 337

Configuring Symantec WSS 338

Configuring WebSecurity Service for SD-Branch Integration 338

Creating IPSec and IKE Crypto Profiles 338

Adding Branch Sites to WSSDatacenters 338

Configuring an Authentication Policy (Optional) 339

Configuring Aruba Gateways for Integration with WSS 340

Configuring IPsec Tunnels to WSS 340

Configuring a Next-hop List 342

Adding the Nexthop List to PBR Policy 343

Applying Policies to a Role or VLAN 344

Verifying Tunnel Status 344

Configuring a Microbranch with Instant APs 345

Configuring Instant APs for Micro Branch Solution 345

VPNConcentrators for Micro Branch Solution 345

Configuring Instant AP VPN Pool for Aruba Gateways 345

Authentication Servers 346

Configuring an Internal Server 346

Configuring and Mapping External RADIUSServer 347

Redistributing Branch Subnets 347

Configuring Support for Aruba VIA Service 348

Configuring VIA 348

Configuring VPN IP Pool 348

Defining IKEv1 Shared Secret 349

Configuring VIA User Role 349

Creating VIA Server Group for Authenticating VIA Users 349

Configuring VIA Authentication Parameters 350

Configuring VIA Authentication Profile 350

Configuring VIA Web Authentication 351

Loading and Applying VIA Certificates 352

Configuring and Attaching VIA Connection Profile 352

Configuring VIA Connection Profile 352

Aruba SD-WAN Solution | User Guide Contents | 15

16 | Contents Aruba SD-WAN Solution | User Guide

Attaching the VIA Connection Profile to User Role 356

Uploading VIA Installer to VPN Concentrator 357

Provisioning Gateways Using ConfigurationTemplates 358

Important Points to Note 358

Configuring Gateways Using a Template 358

Creating a Template Group 358

Assigning a Gateway to a Template Group 359

Creating a Configuration Template for Gateways 359

Customizing a Template Using Variable Definitions 360

Downloading a Sample Variables File 361

Modifying a Variables File 361

Uploading a Variables File 361

Sample Template and Variables Files 362

Template Text 362

Sample Variables File 364

Verifying Configuration Status 365

Backing up and Restoring Templates 366

Monitoring SD Branch 367

Gateways 367

Gateway Details 368

Gateways—Overview Tab 370

Gateways—WAN Tab 373

Gateways—LAN Tab 380

Gateways—Tunnels Tab 385

Gateways—IDPS Tab 387

Viewing the IDPS Tab 387

Traffic Inspection Engine Status 387

Traffic Inspection Engine CPU Usage 387

Traffic Inspection Engine Memory Usage 388

Dropped Packets 388

Gateways—Routing Tab 388

BGP 389

Overlay 395

RIP 397

Route Table 399

Gateways—Path Steering Tab 400

Application Visibility 402

Gateways—Sessions Tab 403

Deleting an Offline Gateway 405

WAN Health—Global 406

Page Views 406

WAN Health 408

WAN Health—Site 409

Topology 410

Before You Begin 410

Viewing the Topology Map 410

Grouping VPN Concentrators 411

Example of a Topology Map: 411

Details and Filter Pane 412

Gateway Alerts 413

Reports 415

Report Categories 415

Creating a Report 421

Editing a Report 422

Viewing a Report 423

Downloading a Report 423

Deleting a Report 423

Deleting Multiple Reports 423

Maintenance 425

Troubleshooting Devices 425

Gateway Diagnostic Tests 425

Control Plane 426

Control Plane—Node Details 426

Data Plane 427

Data Plane—Node Details 428

Node-Specific Error Messages 429

Asymmetric Routing 429

Routing Loop 430

Error Notifications 430

Updating Software Images on Aruba Gateways 431

Feature Availability Across Multiple Software Versions 431

Upgrading Software 431

Configuring Aruba Gateways for Syslog Message Collection 431

Configuring Logging Levels 433

APIs 435

Aruba SD-WAN Solution | User Guide Contents | 17

Chapter 1

About This Document

This user guide describes the Aruba Software-Defined WAN (SD-WAN)Solution and provides detailed

instructions for setting up, configuring, and managing SD-WAN Gateways from Aruba Central.

Intended Audience

This guide is intended for network administrators who manage and monitor branch networks.

Related Documents

In addition to this document, see the following documents for more details on the SD Branch devices and

Aruba Central:

nAruba Central Help Center

nArubaOS User Guide

nHPE-ArubaOS Switch Management and Configuration Guide

nAruba ClearPass Policy Manager User Guide

Conventions

Table 1 lists the typographical conventions used throughout this guide to emphasize important concepts:

Type Style Description

Italics This style is used to emphasize important terms and to mark the titles of books.

System items This fixed-width font depicts the following:

nSample screen output

nSystem prompts

Bold nKeys that are pressed

nText typed into a GUI element

nGUI elements that are clicked or selected

Table 1: Typographical Conventions

The following informational icons are used throughout this guide:

Indicates helpful suggestions, pertinent information, and important things to remember.

Indicates a risk of damage to your hardware or loss of data.

Indicates a risk of personal injury or death.

Aruba SD-WAN Solution | User Guide About This Document | 18

19 | About This Document Aruba SD-WAN Solution | User Guide

Contacting Support

Main Site arubanetworks.com

Support Site support.arubanetworks.com

Airheads Social Forums and Knowledge

Base

community.arubanetworks.com

North American Telephone 1-800-943-4526 (Toll Free)

1-408-754-1200

International Telephone arubanetworks.com/support-services/contact-support/

Software Licensing Site lms.arubanetworks.com

End-of-life Information arubanetworks.com/support-services/end-of-life/

Security Incident Response Team Site: arubanetworks.com/support-services/security-bulletins/

Email: aruba-sirt@hpe.com

Table 2: Contact Information

Chapter 2

Aruba SD-Branch Solution

The Aruba SD Branch solution offers the best-in-class wireless and wired infrastructure and management

orchestration features with the SD-WAN capabilities. The SD Branch solution extends the SD-WAN concept to

all elements in the branch to deliver a full stack solution that addresses the business challenges of distributed

enterprises. Coupled with Aruba Central, the solution provides a cloud-hosted environment for simplified

operations and improved agility.

Why SD-WAN?

A traditional branch setup supports client connectivity requirements across different geographical locations for

various types of business operations. The sites in remote geographical locations serve as branch offices, while

the headquarters or main office serves as a data center that hosts network resources to store, manage, and

distribute data. The main office also hosts a centralized Virtual Private Network(VPN) management system to

aggregate traffic from the remote branch sites. A Wide Area Network (WAN) —with Multiprotocol Label

Switching (MPLS), T1, T3, Broadband, or Cellular links—is used for connecting multiple local area networks to a

central corporate network or data centers separated by distance.

Due to an increase in the number of client devices at the remote sites and the new bandwidth requirements,

branch office networks are expected rapidly scale to provide uninterrupted user experience. A traditional

branch infrastructure with multiple appliances, different operating systems, and management tools only adds

to the cost, involves a maintenance overhead, and demands skilled IT personnel.

The Aruba SD-WANsolution simplifies your branch deployments with a single management interface for

administering, managing, and monitoring your branch networks. It also provides a unified policy enforcement

framework with operational ease.

Key Features and Benefits

The SD-WANsolution comes with the following key capabilities:

nZero Touch Provisioning of devices—Ability to self-provision without operator's intervention.

nCentralized overlay management and control—A single cloud-based network management interface for

managing and monitoring SDBranch devices. Aruba Central, the cloud based network management system,

supports unified management of SDbranch devices with ZTP and hierarchical configuration.

nIPsec based Automatic VPN Tunnels—Support for high-performance and automatic IPsec VPN for secure

overlay networking.

nUnified security policy for wired, wireless, and WAN—Support for a common security policy framework

based on user roles for WAN, WLAN, and LAN users.

nDynamic path selection—Support for dynamically steering traffic or a service request to the best available

path. For example, you can configure a policy to dynamically route the real-time voice and video traffic on

the link with the lowest latency and jitter, and the bulk file traffic on the link with the maximum bandwidth.

nDeep Packet Inspection and Web Content Classification—Support for monitoring and analyzing application

usage by clients.

nVisibility, analytics, and troubleshooting—Dashboards for monitoring branch health, device performance,

and client connectivity metrics. Alerts, reports, and audit trails for monitoring and troubleshooting network

performance issues.

nPolicy-based Routing—In addition to the traditional destination-based routing, the SD Branch devices

support routing client traffic based on user role or type of application, For example, traffic generated from

Aruba SD-WAN Solution | User Guide Aruba SD-Branch Solution | 20

Page is loading ...

Aruba Central User guide

Aruba Central User guide

Related papers

Other documents