Link Search Menu Expand Document
calendar_month 07-Mar-24

Aruba Central Initial Configuration

This guide demonstrates initial configuration of Aruba Central UI groups and sites and the assignment of switches to both configurations.

Switches with a common set of configuration elements should be assigned to the same Central UI group. In a Two-Tier data center, one group is defined for core switches and a second group for access switches.

Configuration common to both groups is defined once for the core group, then cloned to create the access group.

Features configured at the group level include:

  • the hostname,
  • admin account password,
  • Network Time Protocol (NTP) servers,
  • Domain Name System (DNS) servers,
  • VLANs,
  • Spanning-Tree,
  • Terminal Access Controller Access Control System (TACACS) servers,
  • Authentication, Authorization, and Accounting (AAA) servers.

Best practice is to use as few groups as necessary to provide logical organization for the network and consistent configuration among devices. Configuration is not shared among groups.

Switches in the same physical location can be assigned to the same Central Site to aggregate statistics, reporting, and troubleshooting tools.

Table of contents

Create Core Switch Group

Step 1 Open HPE GreenLake in a web browser and login with administrator credentials.

Step 2 Locate the account associated with the data center switches and click Go to Account.

Step 3 Click Launch in the Aruba Central tile.

Step 4 On the left Aruba Central navigation menu, click Global.

Step 5 On the dropdown, click the Groups column title.

Step 6 At the upper right corner of the Groups table, click the + (plus sign).

Step 7 In the Add Group wizard, enter a UI group name for the data center core switches in the Name field, click the Switches checkbox, then click Next.

Step 8 Click the AOS-CX only radio button, then click Add.

Configure Core Switch Group Settings

Device configuration can be performed at the UI group level or at an individual device level. In this section, the core switch group is defined with initial configuration settings. Configuration defined at the group level is applied to all member switches, but exceptions can be made at the individual device level.

The access group is cloned from the core group, inheriting all group level settings at the time of cloning. In this initial configuration of the core switch group, only values shared with the access group are defined.

Step 1 On the left navigation menu, click Global.

Step 2 In the Groups column, click the data center core switch group name.

Note: After clicking the group name, text can be entered immediately in the Filter lists field. Enter a portion of the switch group name in the Filter lists field to display items containing the string. The filter applies simultaneously to the groups, sites, and labels columns.

Step 3 On the left navigation menu, click Devices.

Step 4 At the upper right of the Switches pane, click Config.

Step 5 In the Set Device Password window, enter the switch Administrator password value, then click SAVE.

Step 6 In the System tile, click Properties.

Step 7 In the Edit Properties window, assign the following values, then click SAVE.

  • Contact: netadmin@orangetme.local
  • Location: DC01, Roseville, CA
  • Timezone: Los Angeles (UTC-8:00)
  • VRF: Management
  • DNS servers:,
  • *NTP servers: ** *,

Note: Set the VRF to the network where DNS and NTP will be reachable. When using a dedicated out-of-band management network connected to the mgmt interface, the Management value should be selected for VRF.

Enter a complete IP address for DNS and NTP servers to make the + (plus sign) appear for entering additional servers.

Step 8 In the Security tile, select Authentication Servers.

Step 9 Mouse-over the TACACS row. At the far right of the TACACS row, click the edit icon (pencil).

Step 10 At the top right corner of the TACACS Servers table, click the + (plus sign).

Step 11 Assign the following settings on the Add TACACS page, then click Apply.

  • FQDN or IP address:

  • Authentication Port: 49 (default)

  • VRF: Management

  • Shared secret: < shared secret >

  • Timeout (secs): 5 (default)

Step 12 Assign additional servers by clicking the + (plus sign) at the top right corner of the TACACS Servers table.

Step 13 After all servers are added, click SAVE.

Step 14 At the top left of the Server Groups table, click (left arrow).

Configure Group VLANs

Define the data center host VLANs shared by both core and access switches. Additional VLANs required only at the core level are defined in subsequent steps.

Step 1 In the Bridging tile, click VLANs.

Step 2 At the top right of the VLANs table, click the + (plus sign).

Step 3 On the Add VLAN page, enter the following field values, then click ADD.

  • ID: 101

  • Name: PROD-WEB

  • Description: < no value >

  • Admin Up: < checked >

  • Voice: < unchecked >

Step 4 Repeat this process to create additional data center host VLANs.

  • ID: 102

  • Name: PROD-DB

  • Description: < no value >

  • Admin Up: < checked >

  • Voice: < unchecked >

Clone Core Group for Access Switches

Aruba Central supports cloning group settings to a new UI group. Follow the steps below to create an access switch group that contains the same initial settings configured for the core switch group.

Step 1 On the left navigation menu, click DC-RSVCORE.

Step 2 On the dropdown, click the Groups column heading.

Step 3 Enter search text in the Group Name column to filter displayed groups.

Step 4 Move the cursor to the right of the name, and click the Clone Group icon.

Step 5 On the Clone Group page, enter a name for the data center access switch group in the Name field, and click Clone.

Step 6 Verify that the new access switch group is populated in the list of groups.

Assign Switches to a Group

Use this procedure to assign switches to groups and synchronize initial configuration.

Step 1 Expand the Unprovisioned devices group by clicking > (greater than) next to its name.

Note: Only switches that were not previously configured in Central appear in the Unprovisioned devices group. If switches were removed from a different Central group for use in the data center, they appear in the default group.
Switches new to Central must be identified by the unique serial number or MAC address.

Step 2 Click both core switches.

Step 3 In the lower right corner of the Unprovisioned devices group table, click the Move button.

Step 4 On the Move Devices page, select the appropriate destination group for the selected switches and click Move.

Step 5 Expand the list of switches for the destination group to verify that the switches moved.

Note: The search filter in the top right corner of the Groups window can filter content to display devices matching the search criteria and the groups that contain those devices. The search criteria can match text in the Name, Type, Serial Number, and MAC address fields.

Displayed group names also can be filtered by clicking the Group Name column heading and entering match criteria.

Step 6 Repeat this procedure to assign access switches to the access switch group.

Configure Switch Hostname

Step 1 On the left navigation menu, click Global and select the data center core switch group.

Step 2 On the left navigation menu, select Devices.

Step 3 Scroll horizontally to view the identifying serial number and click the name of the recently added switch.

Step 4 On the left navigation menu, click Device.

Step 5 In the System tile, click Properties.

Step 6 On the Edit Properties page, enter a hostname for the switch in the Name field, then click SAVE.

Step 7 To return to the device list, at the top of the left navigation menu, click (left arrow) next to the switch name.

Step 8 Repeat this procedure to assign a hostname for each switch in both data center groups.

Note: It may take several minutes for a newly assigned name to display in the Central device list.

Configure Data Center Site

Step 1 At the top of the left navigation menu, click the current switch, then click the Sites column heading.

Step 2 At the bottom left of the Network Structure pane, click New Site.

Step 3 In the CREATE NEW SITE window, enter the site location information, then click Add.

Step 4 Click the Site Name column heading in the left table and enter search criteria to limit the site names displayed.

Step 5 Click the Name column heading in the right table and enter search criteria to limit the switch names displayed.

Step 6 In the device list, select all data center core and access switches.

Step 7 Click and hold on one device name and drag it to the group name on the left. When the group name is highlighted in blue, release the mouse button.

Step 8 In the CONFIRMATION ACTION window, click Yes.

Step 9 In the site list, click the name of the data center site.

Step 10 Verify that the complete list of data center switches appears in the device list on the right.

Verify Data Center Cabling

Step 1 At the top of the left navigation menu, click Global, then click the data center site name in the Sites column.

Step 2 On the left navigation menu, click Tools.

Step 3 On the Tools menu at the top, click the Commands tab.

Step 4 Click the Available Devices dropdown, then select all data center switches.

Step 5 In the Categories list, click All Category, enter lldp in the commands list filter, click show lldp neighbor, and click Add >.

Step 6 At the lower left of the Commands pane, click RUN.

Step 7 Scroll down to the command output. Review the results for each switch to ensure that LLDP neighbor relationships are consistent with planned cabling.

Note: To reduce line wrapping, click the three dots/dashes icon to the left of "Output for the device:" to toggle Device column visibility and expand the the output window. The output also can be expanded to fill the web browser page by clicking the fill screen icon ([ ]) at the upper right of the window header.

Back to top

© Copyright 2024 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.