Aruba Central User guide

Type
User guide
Aruba
SD-WAN Solution
User Guide
Revision 01 | June 2020 Aruba SD-WAN Solution | User Guide
Copyright Information
© Copyright 2020 Hewlett Packard Enterprise Development LP.
Open Source Code
This product includes code licensed under the GNU General Public License, the GNU Lesser General Public
License, and/or certain other open source licenses. A complete machine-readable copy of the source code
corresponding to such code is available upon request. This offer is valid to anyone in receipt of this information
and shall expire three years following the date of the final distribution of this product version by Hewlett
Packard Enterprise Company. To obtain such source code, send a check or money order in the amount of US
$10.00 to:
Hewlett Packard Enterprise Company
6280 America Center Drive
San Jose, CA 95002
USA
Contents
Contents 3
About This Document 18
Intended Audience 18
Related Documents 18
Conventions 18
Contacting Support 19
Aruba SD-Branch Solution 20
Why SD-WAN? 20
Key Features and Benefits 20
Understanding SD-WAN 21
What are the Solution Requirements? 23
At the Branch Site 23
At the Data Center 23
In the Cloud 23
Supported Aruba Gateways 24
Getting Started 26
Onboarding Devices to Aruba Central 26
Manually Adding Devices to Inventory 27
Assigning Subscriptions to Aruba Gateways 27
Gateway Subscriptions 27
Gateway Subscriptions with Security License 28
Assigning Subscriptions to Gateways 28
Virtual Gateway Subscriptions 29
Assigning Subscriptions to Virtual Gateways 29
Assigning Gateways to a Group 30
Aruba Gateway Groups for SD-WAN Deployments 30
Important Points to Note 30
Assigning Gateways to Sites 31
Assigning Labels to Gateways 31
Assigning a Group Role to an Aruba Gateway Group 31
Gateways in MSP Mode 32
Connecting Aruba Gateways to Aruba Central 32
Recovering an Aruba Gateway 34
Using the disaster-recovery on command in the Gateway's Local Configuration 34
Using the branchsupport account 34
Aruba SD-WAN Solution | User Guide Contents | 3
4| Contents Aruba SD-WAN Solution | User Guide
Configuring Communication Ports 34
Certificates 35
Uploading Certificates 35
Managing Certificates on Instant APs Configured Using Templates 36
Provisioning Aruba Gateways in Aruba Central 37
Different Modes of Configuring Gateways and Gateway Groups 37
Configuring Branch Gateway Groups Using the Guided Setup 38
Before You Begin 38
Configuring a Branch Gateway Group using the Guided Setup 38
39
Configuring System Parameters for a Branch Gateway Group 39
Configuring a LAN Interface for a Branch Gateway Group 41
Configuring a WAN Interface for a Branch Gateway Group 42
Configuring VPN Hubs and Routing Profiles for a Branch Gateway Group 44
Configuring Policies for a Branch Gateway Group 45
Configuring Branch Gateways Using the Guided Setup 50
Before You Begin 50
Configuring a Branch Gateway Device in the Guided Setup 50
Configuring a System IP Address for a Branch Gateway 51
Configuring a LAN Interface for a Branch Gateway 51
Configuring a WAN Interface for a Branch Gateway 53
Configuring Routing Profiles for a Branch Gateway 54
Configuring LANRedundancy for High Availability 55
Configuring VPN Concentrator Group Using the Guided Setup 55
Before You Begin 55
Configuring a VPNC Group in the Guided Setup 55
56
Configuring System Parameters for a VPNCGroup 56
Configuring a VLAN Interface for a VPNCGroup 58
Configuring VPN Routing Profiles for a VPNCGroup (Static Routing) 59
Configuring Route Maps 60
Configuring Overlay Routing 63
Configuring VPN Concentrators Using the Guided Setup 64
Before You Begin 64
Configuring a VPN Concentrator in the Guided Setup 65
Configuring a System IP Address for a VPN Concentrator 65
Configuring a LAN Interface for a VPN Concentrator 65
Configuring a WAN Interface for a VPN Concentrator 66
Configuring SDWANand Routing Profiles for a VPN Concentrator 67
Configuring Route Maps 67
Configuring OSPF 71
Configuring BGP 72
Configure Overlay Routing 74
Deploying Aruba Virtual Gateways 77
Deploying Aruba Virtual Gateways in AWS 77
Virtual Gateway Sizing 78
Features Supported by Virtual Gateway 78
Virtual Gateway Redundancy 78
Software Image for Virtual Gateways 78
Deployment Procedure 78
Additional References 79
Deploying Aruba Virtual Gateways in AWS (Managed Mode) 79
Orchestration Workflow 79
Setting up a Virtual Gateway Instance using the Orchestration Service 80
Creating a VPC 80
Configuring an Internet Gateway for the VPC 81
Creating a Security Group 81
Configuring a Key Pair 82
Creating a Cloud Provider Account in Aruba Central 82
Creating a Role ARN 83
Deploying Virtual Gateways from Aruba Central 86
Verifying the Aruba VGW deployment on AWS 89
Deploying Aruba Virtual Gateways in AWS (Unmanaged Mode) 91
Creating a VPC for Virtual Gateway Instance on AWS 92
Creating a Security Group 92
Creating a Network Interface 93
Launching a Virtual Gateway Instance 95
Generating User Data in Aruba Central 96
Uploading the User Data to the Virtual Gateway Instance in AWS Instance 96
Troubleshooting Deployment Issues 97
Provisioning Virtual Gateways to Groups 97
Monitoring Virtual Gateways 97
Deploying Aruba Virtual Gateway in Microsoft Azure (Managed Mode) 97
Setting up a Virtual Gateway Instance using the Orchestration Service 98
Deployment Procedure 98
Additional References 98
Registering a New Application in Azure 98
Creating a Client Secret 99
Aruba SD-WAN Solution | User Guide Contents | 5
6| Contents Aruba SD-WAN Solution | User Guide
Adding the Application Permissions 100
Setting up Access control and Role Assignments 101
Viewing the Application IDs 101
Creating a Resource Group 102
Creating a Storage Account 103
Configuring Containers 104
Creating a VNET 105
Uploading the Aruba Virtual Gateway Software Image 106
Creating SSH keys 106
Creating a Security group 106
Adding a Cloud Provider Account in Aruba Central 107
Deploying the Virtual Gateway 109
Licensing Confirmation 111
Verifying the Deployment Status 111
Deploying Aruba Virtual Gateway in Microsoft Azure (Unmanaged Mode) 111
Virtual Machine Sizing Recommendations 112
Deployment Procedure 112
Creating a Resource Group 113
Creating a Storage Account 114
Creating a VNET 115
Creating a Network Security Group 117
Creating Security Rules 119
Configuring Subnets 120
Configuring a Gateway Subnet for a VNET 121
Configuring Subnets for Virtual Gateway Network Interfaces 121
Creating Network Interfaces 124
Uploading the Aruba Virtual Gateway Software Image 126
Creating Image and Data Disk 127
Setting up a Virtual Machine 130
Creating SSH Key Pairs 131
Generating User Data in Aruba Central 132
Verifying the Deployment Status 134
Configuring an SD-Branch Network Using the Advanced Setup 135
Configuration Checklist 135
Configuring Address Pools for Aruba Gateways 135
Configuring Gateway Pools for Aruba Gateways 136
Creating Gateway Pools for Aruba Gateways 136
Assigning a VLAN to a Gateway Pool 136
Configuring DHCP Address Pools on Aruba Gateways 137
Creating a DHCP Pool 137
Excluding IP Address Range 138
Reserving IPaddresses 139
Configuring NAT Pools 139
Creating a NAT Pool 139
Creating a Static 1:1 NAT 140
Configuring Tunnel Pools for Aruba Gateways 140
Uploading Bulk Configuration Template 141
Configuring System Information on Aruba Gateways 141
Configuring Hostname 141
Configuring System IP Address 142
Configuring a Loopback Interface 143
Setting System Clock and Time Zone 143
Configuring NTP Server 143
Enabling NTPAuthentication 143
Setting Time Zone 144
Setting the Clock to Summer Time 144
Configuring Domain Name System 144
Configuring Redirect DNS Servers 144
Configuring Dynamic Domain Name System 145
Setting Capacity Threshold 146
Configuring Device Administrator Credentials for Aruba Gateways 146
Configuring Management User Accounts for Aruba Gateways 147
Configuring Management User Authentication Options 148
Configuring WebUI Authentication 148
Configuring SSH Authentication for CLI Access 149
Enabling Ciphers and MAC Algorithms 149
Configuring Servers for Management User Authentication 150
Configuring Switching Parameters 150
Configuring AMON Receivers for Aruba Gateways 151
Configuring VLANs on Aruba Gateways 152
Adding VLANs for Aruba Gateways 152
153
Configuring VLANs for WAN Interfaces 153
153
Configuring VLANs for LAN Interfaces 153
Configuring Other Parameters for VLAN 154
Configuring SLB using NAT 156
Configuring Health-Check Profile 157
Configuring an SLB Server Group 157
Aruba SD-WAN Solution | User Guide Contents | 7
8| Contents Aruba SD-WAN Solution | User Guide
Configuring an SLB Server 158
Configuring Ports 158
Adding Ports 159
159
Configuring Ports for LAN Interfaces 159
160
Configuring Ports for WAN Interfaces 160
161
Configuring Other Parameters for Port 161
Configuring Uplinks 163
Uplink Load Balancing 163
WAN Bandwidth Optimization 164
Configuring Uplink Interfaces on Branch Gateways 164
Configuring Uplink Interfaces on VPNConcentrators 167
Managing 9004-LTE Branch Gateway 168
Configuring Uplink Interfaces on a 9004-LTE Branch Gateway 168
Viewing the 9004-LTE Gateway Details 169
WAN Tab 169
Overview Tab 170
Enabling WAN Health Check Probes 171
Monitoring WANHealth 172
Configuring WAN Interface Bandwidth Priorities 172
Creating a WAN Scheduler Profile 172
Configuring the SD-WAN Overlay Network 174
Configuration Recommendations 175
Configuring Overlay Tunnels Automatically 176
Manually Configuring Hub and Spoke VPN 176
Enabling Automatic Whitelisting of Gateways 176
Enabling Automatic Whitelisting of Branch Gateway on a VPN Concentrator 176
Enabling Automatic Whitelisting on Branch Gateways 177
Whitelisting Gateways Manually 177
Adding a VPNEndpoint on Branch Gateways 177
Adding Branch Gateways on VPNConcentrators 178
Advertising Branch Subnets to Hub Sites 179
Monitoring VPNTunnels 179
Configuring Site-to-Site VPN 180
Configuring IPsec Map for Site-to-Site VPNs 180
Enabling Dead Peer Detection 183
Configuring Dead Peer Detection Parameters 183
Configuring Site-to-Site VPN with GRE Tunnel 184
Configuring GRE Tunnels 184
Configuring Layer 2 GRE Tunnels 184
Layer 2 GRE Tunnels 184
Configuring a Layer 2 GRE Tunnel 185
Configuring Layer 3 GRE Tunnels 186
Layer 3 GRE Tunnels 186
Configuring a Layer 3 GRE Tunnel 186
Configuring Tunnel Keepalives 187
GRE Tunnel Groups 188
Configuring Tunnel Groups 188
Directing Traffic into the GRE Tunnel 189
Configuring Static Routes 189
Configuring a Firewall Policy Rule 189
Configuring IKE Policies 189
Configuring IKEv1 Policies and Dynamic Maps 189
Configuring IKEv2 Policies and Dynamic Maps 192
Routing 194
Dynamic Routing 195
Underlay Routing 195
Overlay Routing 195
Routes Configuration on Aruba Gateways 196
Configuring Static IP Routes 196
Creating a Static IP Route 196
Configuring Static Default Gateways 197
Configuring Default Gateways for Dynamic Routing 197
Routes Advertisement Using OSPF 198
OSPF Areas 198
Best Practices for OSPF Configuration 198
Workflow for Configuring OSPF Routing on VPNConcentrators 198
Enabling OSPFConfiguration 199
Configuring a Prefix List 199
Configuring Route Maps 200
Configuring Route Redistribution Criteria 203
Enabling OSPF Configuration on VLANInterfaces 204
Enabling OSPF on the Layer-3 GRETunnel Interface 205
Configuring Administrative Distance 205
Viewing OSPF Configuration Status 206
Monitoring OSPF Routes 207
Troubleshooting OSPF Configuration Issues 208
Advertising Routes Using BGP 208
Aruba SD-WAN Solution | User Guide Contents | 9
10 | Contents Aruba SD-WAN Solution | User Guide
Configuring BGP Routing on Aruba Gateways 209
Enabling BGP 209
Configuring a Prefix List 210
Configuring an IP Community List 211
Configuring Route Maps 212
Adding BGP Neighbors 215
Advertising Networks to BGP 216
Configuring Redistribution Rules for BGP Routes 217
Configuring BGP Timers 218
Configuring Multipath Selection 218
Configuring Graceful Restart 219
Configuring Administrative Distance 219
Configuring BGP over an IPsec Tunnel 220
Verifying the BGP Configuration 220
Viewing Route Table with BGP Routes 222
Troubleshooting BGP Configuration Issues 222
Routes Advertisement Using RIPv2 222
Workflow for Configuring RIPv2 Routing on Gateways 223
Enabling RIPv2 223
Configuring RIPv2 on a VLANInterface 223
Configuring RIP Timers for All VLANInterfaces on Gateways 224
Configuring Administrative Distance 225
Configuring Infinity Value for RIP Routing 225
Verifying RIP Configuration and Monitoring Routes 225
Troubleshooting RIP Configuration Issues 226
Configuring Policies for PBR 226
PBRPolicies for WANNetworks 226
Configuring Policies for PBR 227
Assigning PBRPolicies to User Role or VLAN 227
Configuring Next Hop Lists for PBR 228
Configuring Policies for Dynamic Path Steering 229
How Dynamic Path Selection Works 230
Configuring a Dynamic Path Steering Policy 230
Creating a Dynamic Path Steering Policy 230
Configuring Traffic Specification Rules 231
Configuring SLAParameters 232
Routing Traffic After Path Selection 233
SaaS Application Traffic Management with SaaS Express 233
Criteria for SaaS Express Optimal Path 233
SaaS Application Profile Parameters 233
HTTP Probes 234
DNS Resolution 234
Traffic Steering and Path Selection 234
Supported Deployment Scenarios 234
Configuring SaaS Express 235
Prerequisites 235
Configuring an SLAProfile 236
Configuring an Exit Profile 236
Configuring a SaaS Application Profile 237
Configuring DNS Servers for Path Exit 238
Configuring Aruba Gateways for Application Visibility and Control 238
Using Deep Packet Inspection 239
Creating Custom Application and Application Categories 239
Enabling DPI 240
Configuring Proxy Server on Branch Gateway for DPI 240
MonitoringApplication Usage 240
Configuring Security Policies for Application Access Control 241
Configuring Bandwidth Contracts Per Applications 241
Filtering URLs Based on Website Content and Reputation 241
Enabling Web Content Classification 242
Configuring Security Policies for Filtering Websites and IP Addresses 242
Dropping Unclassified Web Content 242
Configuring Redirect URLs for Blocked Sessions 242
Configuring IP Reputation and Filtering 243
Configure Geolocation-Based Filtering 244
MonitoringApplication Traffic 244
Enforcing a Common Security Policy for Wired and Wireless Users 244
Configuring Firewall Policies and ACLs 245
Firewall Policies for SD Branch 245
Types of ACLs 245
Configuring Aliases for Firewall Policies 246
Creating a Network Alias 246
Creating a Service Alias 246
Creating a Firewall Policy for Network Services 247
Configuring Access Rules 248
Configuring ACLs for Deep Packet Inspection 249
Creating ACLs for Application Access Control 249
Configuring ACLs for Web Content Classification 250
Configuring Global Firewall Parameters 251
Advanced Monitoring Parameters 256
Aruba SD-WAN Solution | User Guide Contents | 11
12 | Contents Aruba SD-WAN Solution | User Guide
Configuring User Roles for Clients 256
Creating a Role 256
Assigning a Policy to a Role 257
Assigning User Roles in AAA Profiles 257
Configuring a Default Role Based on Authentication Methods 258
Configuring Bandwidth Contracts 258
Assigning Bandwidth Contracts to User Roles 258
Configuring Global Bandwidth Contracts for Applications 259
Configuring Authentication Profiles 259
Configuring RADIUS Authentication Server on Aruba Gateways 260
Configuring an RFC3576 Server 262
Configuring Other External Authentication Servers on Aruba Gateways 262
Configuring an LDAP Server 262
Configuring a TACACS+ Server 263
Configuring a Windows Server 264
Configuring XML API Server 265
Configuring Server Groups 265
Creating a AAA Profile 266
Configuring Authentication Timers 268
L3 Authentication 269
269
Captive Portal Authentication 269
273
VIAAuthentication 273
Configuring VIA Authentication Profile 273
274
Configuring VIA Connection Profile 274
Attaching the VIA Connection Profile to User Role 278
Configuring VIA Web Authentication 279
VPNAuthentication 279
Applying Policies to Gateway Interfaces 282
Applying Policies for VLANs on Access Ports 282
Applying Policies for VLANs on Trunk Ports 283
Applying Route ACLs for VLAN Interfaces 283
Assigning AAA profile to VLAN Interfaces for Role Assignment 284
SDBranch Redundancy 284
Data Center Redundancy 284
VRRP Redundancy 284
Configuring Redundant Gateways for High Availability 285
285
Configuring Peer Aruba Gateways and Transport VLAN for WANRedundancy 285
287
Configuring DHCPState Synchronization 287
287
Configuring VRRP for LAN Redundancy 287
Configuring Aruba Gateways for Certificate-Based Authentication 289
Adding Certificates to Certificate Store in Aruba Central 290
Installing Certificates 290
Installing Certificates for Server Authentication 290
Installing Certificates for VPNClients 290
Configuring Revocation Checkpoint 291
Configuring Revocation Checkpoint Using OCSP 291
Configuring Revocation Checkpoint Using CRL 292
Configuring Aruba Gateways for SNMP-Based Reporting 293
Community String for SNMPv1 and SNMPv2 293
SNMP Trap Receivers 294
Viewing Gateway Configuration Status 294
Managing Configuration Overrides 294
Configuration Overrides 295
Important Points to Note 295
Limitations 295
Configuring Aruba Gateways for Syslog Message Collection 295
Configuring Logging Levels 297
SD-WANOverlay Tunnel and Route Orchestration 298
Configuring Overlay Network Using SD-WANOrchestrator 298
Prerequisites 298
Configuration Steps 298
Configuring Uplinks for Tunnel Orchestration 299
Configuring Data Center Preference 299
Enabling SD-WANOrchestrator 300
Aggregating Routes from VPN Concentrators in the Data Center 300
Additional Documents 301
Cloud Survivability 301
Advertising Overlay Routes 302
Configuring Route Maps 302
Configuring a Prefix List 305
Redistributing Overlay Routes 306
Configuring Administrative Distance 307
Viewing Overlay Routes in the Route Table 307
Aruba SD-WAN Solution | User Guide Contents | 13
14 | Contents Aruba SD-WAN Solution | User Guide
Troubleshooting Overlay Configuration Issues 308
Monitoring SD-WAN Overlay Tunnels and Routes 308
Monitoring SD-WAN Overlay Route Orchestrator 308
Overlay Route Orchestrator Summary 309
Overlay Route Orchestrator Topology 309
Route Details for Each Group and Device 309
Monitoring SD-WAN Overlay Tunnel Orchestrator 312
Overlay Tunnel Orchestrator Summary 312
Overlay Tunnel Orchestrator Topology 312
Tunnel Details for Each Group and Device 313
Aruba SD-Branch Integration with Zscaler Cloud Security Service 315
Integrating SD-Branch with ZIA 316
Setting up Tunnels to ZIA 316
Enabling Automatic Configuration of IPsec Tunnels to ZIA 316
Configuring IPsec Tunnels to ZENs Manually 317
Configuring Zscaler Nexthop List 318
Adding Nexthop List to PBR Policy 318
Verifying Tunnel Status 318
Additional References 318
Configuring Prisma Access 318
Configuring Prisma Access for Aruba SD-Branch Integration 318
Configuring Branch Gateways for Prisma Access Integration 319
Configuring IPsec Maps 319
Configuring Prisma Access Next-hop List 320
Adding Next-hop List to a Routing Policy 321
Applying Policies to Roles or VLANs 321
Verifying Tunnel Status 321
Aruba SD-Branch Integration with Prisma Access 323
Deployment Scenarios 323
Branch Gateways to Prisma Access 323
Regional Hub to Prisma Access 324
Supported IKE and IPSec Cryptographic Profiles 325
Aruba SD-Branch Integration with Check Point 327
Supported IKE and IPsec Cryptographic Profiles 327
Configuration Steps 327
Configuring Check Point for SD-Branch Integration 328
Configuring Aruba Gateways for Integration with Check Point 330
Configuring IPsec Tunnels to Check Point 330
Configuring a Next-hop List 332
Adding the Next-hop List to a Routing Policy 332
Applying Policies to a Role or VLAN 333
Verifying Tunnel Status 334
Aruba SD-Branch Integration with Symantec WSS 335
Integration Overview 335
Role-Based and Application-Based Routing 336
Branch Gateway to WSS 336
Supported IKE and IPSec Cryptographic Profiles 337
Configuring Symantec WSS 338
Configuring WebSecurity Service for SD-Branch Integration 338
Creating IPSec and IKE Crypto Profiles 338
Adding Branch Sites to WSSDatacenters 338
Configuring an Authentication Policy (Optional) 339
Configuring Aruba Gateways for Integration with WSS 340
Configuring IPsec Tunnels to WSS 340
Configuring a Next-hop List 342
Adding the Nexthop List to PBR Policy 343
Applying Policies to a Role or VLAN 344
Verifying Tunnel Status 344
Configuring a Microbranch with Instant APs 345
Configuring Instant APs for Micro Branch Solution 345
VPNConcentrators for Micro Branch Solution 345
Configuring Instant AP VPN Pool for Aruba Gateways 345
Authentication Servers 346
Configuring an Internal Server 346
Configuring and Mapping External RADIUSServer 347
Redistributing Branch Subnets 347
Configuring Support for Aruba VIA Service 348
Configuring VIA 348
Configuring VPN IP Pool 348
Defining IKEv1 Shared Secret 349
Configuring VIA User Role 349
Creating VIA Server Group for Authenticating VIA Users 349
Configuring VIA Authentication Parameters 350
Configuring VIA Authentication Profile 350
Configuring VIA Web Authentication 351
Loading and Applying VIA Certificates 352
Configuring and Attaching VIA Connection Profile 352
Configuring VIA Connection Profile 352
Aruba SD-WAN Solution | User Guide Contents | 15
16 | Contents Aruba SD-WAN Solution | User Guide
Attaching the VIA Connection Profile to User Role 356
Uploading VIA Installer to VPN Concentrator 357
Provisioning Gateways Using ConfigurationTemplates 358
Important Points to Note 358
Configuring Gateways Using a Template 358
Creating a Template Group 358
Assigning a Gateway to a Template Group 359
Creating a Configuration Template for Gateways 359
Customizing a Template Using Variable Definitions 360
Downloading a Sample Variables File 361
Modifying a Variables File 361
Uploading a Variables File 361
Sample Template and Variables Files 362
Template Text 362
Sample Variables File 364
Verifying Configuration Status 365
Backing up and Restoring Templates 366
Monitoring SD Branch 367
Gateways 367
Gateway Details 368
Gateways—Overview Tab 370
Gateways—WAN Tab 373
Gateways—LAN Tab 380
Gateways—Tunnels Tab 385
Gateways—IDPS Tab 387
Viewing the IDPS Tab 387
Traffic Inspection Engine Status 387
Traffic Inspection Engine CPU Usage 387
Traffic Inspection Engine Memory Usage 388
Dropped Packets 388
Gateways—Routing Tab 388
BGP 389
Overlay 395
RIP 397
Route Table 399
Gateways—Path Steering Tab 400
Application Visibility 402
Gateways—Sessions Tab 403
Deleting an Offline Gateway 405
WAN Health—Global 406
Page Views 406
WAN Health 408
WAN Health—Site 409
Topology 410
Before You Begin 410
Viewing the Topology Map 410
Grouping VPN Concentrators 411
Example of a Topology Map: 411
Details and Filter Pane 412
Gateway Alerts 413
Reports 415
Report Categories 415
Creating a Report 421
Editing a Report 422
Viewing a Report 423
Downloading a Report 423
Deleting a Report 423
Deleting Multiple Reports 423
Maintenance 425
Troubleshooting Devices 425
Gateway Diagnostic Tests 425
Control Plane 426
Control PlaneNode Details 426
Data Plane 427
Data Plane—Node Details 428
Node-Specific Error Messages 429
Asymmetric Routing 429
Routing Loop 430
Error Notifications 430
Updating Software Images on Aruba Gateways 431
Feature Availability Across Multiple Software Versions 431
Upgrading Software 431
Configuring Aruba Gateways for Syslog Message Collection 431
Configuring Logging Levels 433
APIs 435
Aruba SD-WAN Solution | User Guide Contents | 17
Chapter 1
About This Document
This user guide describes the Aruba Software-Defined WAN (SD-WAN)Solution and provides detailed
instructions for setting up, configuring, and managing SD-WAN Gateways from Aruba Central.
Intended Audience
This guide is intended for network administrators who manage and monitor branch networks.
Related Documents
In addition to this document, see the following documents for more details on the SD Branch devices and
Aruba Central:
nAruba Central Help Center
nArubaOS User Guide
nHPE-ArubaOS Switch Management and Configuration Guide
nAruba ClearPass Policy Manager User Guide
Conventions
Table 1 lists the typographical conventions used throughout this guide to emphasize important concepts:
Type Style Description
Italics This style is used to emphasize important terms and to mark the titles of books.
System items This fixed-width font depicts the following:
nSample screen output
nSystem prompts
Bold nKeys that are pressed
nText typed into a GUI element
nGUI elements that are clicked or selected
Table 1: Typographical Conventions
The following informational icons are used throughout this guide:
Indicates helpful suggestions, pertinent information, and important things to remember.
Indicates a risk of damage to your hardware or loss of data.
Indicates a risk of personal injury or death.
Aruba SD-WAN Solution | User Guide About This Document | 18
19 | About This Document Aruba SD-WAN Solution | User Guide
Contacting Support
Main Site arubanetworks.com
Support Site support.arubanetworks.com
Airheads Social Forums and Knowledge
Base
community.arubanetworks.com
North American Telephone 1-800-943-4526 (Toll Free)
1-408-754-1200
International Telephone arubanetworks.com/support-services/contact-support/
Software Licensing Site lms.arubanetworks.com
End-of-life Information arubanetworks.com/support-services/end-of-life/
Security Incident Response Team Site: arubanetworks.com/support-services/security-bulletins/
Email: aruba-sirt@hpe.com
Table 2: Contact Information
Chapter 2
Aruba SD-Branch Solution
The Aruba SD Branch solution offers the best-in-class wireless and wired infrastructure and management
orchestration features with the SD-WAN capabilities. The SD Branch solution extends the SD-WAN concept to
all elements in the branch to deliver a full stack solution that addresses the business challenges of distributed
enterprises. Coupled with Aruba Central, the solution provides a cloud-hosted environment for simplified
operations and improved agility.
Why SD-WAN?
A traditional branch setup supports client connectivity requirements across different geographical locations for
various types of business operations. The sites in remote geographical locations serve as branch offices, while
the headquarters or main office serves as a data center that hosts network resources to store, manage, and
distribute data. The main office also hosts a centralized Virtual Private Network(VPN) management system to
aggregate traffic from the remote branch sites. A Wide Area Network (WAN) —with Multiprotocol Label
Switching (MPLS), T1, T3, Broadband, or Cellular links—is used for connecting multiple local area networks to a
central corporate network or data centers separated by distance.
Due to an increase in the number of client devices at the remote sites and the new bandwidth requirements,
branch office networks are expected rapidly scale to provide uninterrupted user experience. A traditional
branch infrastructure with multiple appliances, different operating systems, and management tools only adds
to the cost, involves a maintenance overhead, and demands skilled IT personnel.
The Aruba SD-WANsolution simplifies your branch deployments with a single management interface for
administering, managing, and monitoring your branch networks. It also provides a unified policy enforcement
framework with operational ease.
Key Features and Benefits
The SD-WANsolution comes with the following key capabilities:
nZero Touch Provisioning of devices—Ability to self-provision without operator's intervention.
nCentralized overlay management and control—A single cloud-based network management interface for
managing and monitoring SDBranch devices. Aruba Central, the cloud based network management system,
supports unified management of SDbranch devices with ZTP and hierarchical configuration.
nIPsec based Automatic VPN Tunnels—Support for high-performance and automatic IPsec VPN for secure
overlay networking.
nUnified security policy for wired, wireless, and WAN—Support for a common security policy framework
based on user roles for WAN, WLAN, and LAN users.
nDynamic path selection—Support for dynamically steering traffic or a service request to the best available
path. For example, you can configure a policy to dynamically route the real-time voice and video traffic on
the link with the lowest latency and jitter, and the bulk file traffic on the link with the maximum bandwidth.
nDeep Packet Inspection and Web Content Classification—Support for monitoring and analyzing application
usage by clients.
nVisibility, analytics, and troubleshooting—Dashboards for monitoring branch health, device performance,
and client connectivity metrics. Alerts, reports, and audit trails for monitoring and troubleshooting network
performance issues.
nPolicy-based Routing—In addition to the traditional destination-based routing, the SD Branch devices
support routing client traffic based on user role or type of application, For example, traffic generated from
Aruba SD-WAN Solution | User Guide Aruba SD-Branch Solution | 20
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20
  • Page 21 21
  • Page 22 22
  • Page 23 23
  • Page 24 24
  • Page 25 25
  • Page 26 26
  • Page 27 27
  • Page 28 28
  • Page 29 29
  • Page 30 30
  • Page 31 31
  • Page 32 32
  • Page 33 33
  • Page 34 34
  • Page 35 35
  • Page 36 36
  • Page 37 37
  • Page 38 38
  • Page 39 39
  • Page 40 40
  • Page 41 41
  • Page 42 42
  • Page 43 43
  • Page 44 44
  • Page 45 45
  • Page 46 46
  • Page 47 47
  • Page 48 48
  • Page 49 49
  • Page 50 50
  • Page 51 51
  • Page 52 52
  • Page 53 53
  • Page 54 54
  • Page 55 55
  • Page 56 56
  • Page 57 57
  • Page 58 58
  • Page 59 59
  • Page 60 60
  • Page 61 61
  • Page 62 62
  • Page 63 63
  • Page 64 64
  • Page 65 65
  • Page 66 66
  • Page 67 67
  • Page 68 68
  • Page 69 69
  • Page 70 70
  • Page 71 71
  • Page 72 72
  • Page 73 73
  • Page 74 74
  • Page 75 75
  • Page 76 76
  • Page 77 77
  • Page 78 78
  • Page 79 79
  • Page 80 80
  • Page 81 81
  • Page 82 82
  • Page 83 83
  • Page 84 84
  • Page 85 85
  • Page 86 86
  • Page 87 87
  • Page 88 88
  • Page 89 89
  • Page 90 90
  • Page 91 91
  • Page 92 92
  • Page 93 93
  • Page 94 94
  • Page 95 95
  • Page 96 96
  • Page 97 97
  • Page 98 98
  • Page 99 99
  • Page 100 100
  • Page 101 101
  • Page 102 102
  • Page 103 103
  • Page 104 104
  • Page 105 105
  • Page 106 106
  • Page 107 107
  • Page 108 108
  • Page 109 109
  • Page 110 110
  • Page 111 111
  • Page 112 112
  • Page 113 113
  • Page 114 114
  • Page 115 115
  • Page 116 116
  • Page 117 117
  • Page 118 118
  • Page 119 119
  • Page 120 120
  • Page 121 121
  • Page 122 122
  • Page 123 123
  • Page 124 124
  • Page 125 125
  • Page 126 126
  • Page 127 127
  • Page 128 128
  • Page 129 129
  • Page 130 130
  • Page 131 131
  • Page 132 132
  • Page 133 133
  • Page 134 134
  • Page 135 135
  • Page 136 136
  • Page 137 137
  • Page 138 138
  • Page 139 139
  • Page 140 140
  • Page 141 141
  • Page 142 142
  • Page 143 143
  • Page 144 144
  • Page 145 145
  • Page 146 146
  • Page 147 147
  • Page 148 148
  • Page 149 149
  • Page 150 150
  • Page 151 151
  • Page 152 152
  • Page 153 153
  • Page 154 154
  • Page 155 155
  • Page 156 156
  • Page 157 157
  • Page 158 158
  • Page 159 159
  • Page 160 160
  • Page 161 161
  • Page 162 162
  • Page 163 163
  • Page 164 164
  • Page 165 165
  • Page 166 166
  • Page 167 167
  • Page 168 168
  • Page 169 169
  • Page 170 170
  • Page 171 171
  • Page 172 172
  • Page 173 173
  • Page 174 174
  • Page 175 175
  • Page 176 176
  • Page 177 177
  • Page 178 178
  • Page 179 179
  • Page 180 180
  • Page 181 181
  • Page 182 182
  • Page 183 183
  • Page 184 184
  • Page 185 185
  • Page 186 186
  • Page 187 187
  • Page 188 188
  • Page 189 189
  • Page 190 190
  • Page 191 191
  • Page 192 192
  • Page 193 193
  • Page 194 194
  • Page 195 195
  • Page 196 196
  • Page 197 197
  • Page 198 198
  • Page 199 199
  • Page 200 200
  • Page 201 201
  • Page 202 202
  • Page 203 203
  • Page 204 204
  • Page 205 205
  • Page 206 206
  • Page 207 207
  • Page 208 208
  • Page 209 209
  • Page 210 210
  • Page 211 211
  • Page 212 212
  • Page 213 213
  • Page 214 214
  • Page 215 215
  • Page 216 216
  • Page 217 217
  • Page 218 218
  • Page 219 219
  • Page 220 220
  • Page 221 221
  • Page 222 222
  • Page 223 223
  • Page 224 224
  • Page 225 225
  • Page 226 226
  • Page 227 227
  • Page 228 228
  • Page 229 229
  • Page 230 230
  • Page 231 231
  • Page 232 232
  • Page 233 233
  • Page 234 234
  • Page 235 235
  • Page 236 236
  • Page 237 237
  • Page 238 238
  • Page 239 239
  • Page 240 240
  • Page 241 241
  • Page 242 242
  • Page 243 243
  • Page 244 244
  • Page 245 245
  • Page 246 246
  • Page 247 247
  • Page 248 248
  • Page 249 249
  • Page 250 250
  • Page 251 251
  • Page 252 252
  • Page 253 253
  • Page 254 254
  • Page 255 255
  • Page 256 256
  • Page 257 257
  • Page 258 258
  • Page 259 259
  • Page 260 260
  • Page 261 261
  • Page 262 262
  • Page 263 263
  • Page 264 264
  • Page 265 265
  • Page 266 266
  • Page 267 267
  • Page 268 268
  • Page 269 269
  • Page 270 270
  • Page 271 271
  • Page 272 272
  • Page 273 273
  • Page 274 274
  • Page 275 275
  • Page 276 276
  • Page 277 277
  • Page 278 278
  • Page 279 279
  • Page 280 280
  • Page 281 281
  • Page 282 282
  • Page 283 283
  • Page 284 284
  • Page 285 285
  • Page 286 286
  • Page 287 287
  • Page 288 288
  • Page 289 289
  • Page 290 290
  • Page 291 291
  • Page 292 292
  • Page 293 293
  • Page 294 294
  • Page 295 295
  • Page 296 296
  • Page 297 297
  • Page 298 298
  • Page 299 299
  • Page 300 300
  • Page 301 301
  • Page 302 302
  • Page 303 303
  • Page 304 304
  • Page 305 305
  • Page 306 306
  • Page 307 307
  • Page 308 308
  • Page 309 309
  • Page 310 310
  • Page 311 311
  • Page 312 312
  • Page 313 313
  • Page 314 314
  • Page 315 315
  • Page 316 316
  • Page 317 317
  • Page 318 318
  • Page 319 319
  • Page 320 320
  • Page 321 321
  • Page 322 322
  • Page 323 323
  • Page 324 324
  • Page 325 325
  • Page 326 326
  • Page 327 327
  • Page 328 328
  • Page 329 329
  • Page 330 330
  • Page 331 331
  • Page 332 332
  • Page 333 333
  • Page 334 334
  • Page 335 335
  • Page 336 336
  • Page 337 337
  • Page 338 338
  • Page 339 339
  • Page 340 340
  • Page 341 341
  • Page 342 342
  • Page 343 343
  • Page 344 344
  • Page 345 345
  • Page 346 346
  • Page 347 347
  • Page 348 348
  • Page 349 349
  • Page 350 350
  • Page 351 351
  • Page 352 352
  • Page 353 353
  • Page 354 354
  • Page 355 355
  • Page 356 356
  • Page 357 357
  • Page 358 358
  • Page 359 359
  • Page 360 360
  • Page 361 361
  • Page 362 362
  • Page 363 363
  • Page 364 364
  • Page 365 365
  • Page 366 366
  • Page 367 367
  • Page 368 368
  • Page 369 369
  • Page 370 370
  • Page 371 371
  • Page 372 372
  • Page 373 373
  • Page 374 374
  • Page 375 375
  • Page 376 376
  • Page 377 377
  • Page 378 378
  • Page 379 379
  • Page 380 380
  • Page 381 381
  • Page 382 382
  • Page 383 383
  • Page 384 384
  • Page 385 385
  • Page 386 386
  • Page 387 387
  • Page 388 388
  • Page 389 389
  • Page 390 390
  • Page 391 391
  • Page 392 392
  • Page 393 393
  • Page 394 394
  • Page 395 395
  • Page 396 396
  • Page 397 397
  • Page 398 398
  • Page 399 399
  • Page 400 400
  • Page 401 401
  • Page 402 402
  • Page 403 403
  • Page 404 404
  • Page 405 405
  • Page 406 406
  • Page 407 407
  • Page 408 408
  • Page 409 409
  • Page 410 410
  • Page 411 411
  • Page 412 412
  • Page 413 413
  • Page 414 414
  • Page 415 415
  • Page 416 416
  • Page 417 417
  • Page 418 418
  • Page 419 419
  • Page 420 420
  • Page 421 421
  • Page 422 422
  • Page 423 423
  • Page 424 424
  • Page 425 425
  • Page 426 426
  • Page 427 427
  • Page 428 428
  • Page 429 429
  • Page 430 430
  • Page 431 431
  • Page 432 432
  • Page 433 433
  • Page 434 434
  • Page 435 435

Aruba Central User guide

Type
User guide

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI