Link Search Menu Expand Document
calendar_month 07-Mar-24

Assembling Base Configuration

In the following procedure will cover configuring templates, deployment profiles and loopback orchestration. This procedure will leverage roles, security zones and network segments configured in the Setting Security Policy section.

Table of contents

Configure Templates

Configuration templates allow users to configure a set of standard configuration across devices, the following steps will walk through configuring a template.

Step 1 Select the Configuration tab in the top left hand side.

Step 2 In the Templates & Policy column select Templates

Step 3 Set the default admin password.

Step 4 Configure SNMP.

Step 5 Set the Message of the Day.

Step 6 (Optional) Set Login Message, in this case it’s left to default.

template_start

Step 7 Click the Show All button next to Active Templates.

Step 8 In the expanded available templates double click Routes to add it to the Active Template.

Step 9 Click the Pencil icon next to the quarantine. Check the automatically advertise local LAN subnets box

Step 10 Click update.

Step 11 Click the Pencil icon next to the guest. Check the automatically advertise local LAN subnets box.

Step 12 In the expanded available templates double click CLI to add it to the Active Template.

Step 13 In the CLI box enter the following commands to enable LLDP.

```
discoveryd enable
interface wan0 lldp enable
interface wan1 lldp enable
interface lan0 lldp enable
interface lan1 lldp enable
```

2023-08-10_12-14-08

Note: LLDP is only supported on 9.3 and higher. CDP is supported on all versions and can be enabled by doing CDP enable.

Configure Deployment profiles

This procedure will demonstrate how to configure the Deployment profile which will be used as a template to onboard gateways. The following section will show how to configure a deployment profile for a single Hub site the process will need to be repeated for both the redundant gateway sites.

Note: It is possible to create a deployment profile for the hub’s or any custom configuration by clicking the +Add button and following the same procedure this guide will not demonstrate creating a hub/custom profile to demonstrate how to manually add configuration.

Configure Labels

Step 1 Navigate to Configuration in the Overlay & Security column select Deployment Profiles.

Step 2 Select MPLS + Internet Branch.

Step 3 Click the Pencil ** Icon next to **Label.

Step 4 In the Interface Label page click New Label.

Step 5 Select the Lan toggle and enter in the VLAN descriptions as the label.

Step 6 Click Ok.

Step 7 Repeat Steps 1-6 for each item in the table.

Step 8 Click Save when all the labels are created.

VLAN IDLabel
100MGMT VLAN
101Employee
102Camera
103IOT
104Guest
105Reject
106Critical
107Quarantine
LoopbackLOOPBACK

2023-02-13_16-13-33

Apply Labels, Zones, Segments and DHCP

In the following section Labels, Zones and Segments will be applied to the interfaces and associated with the VLANs. This will allow the gateway to enforce the policy that was defined previously.

Step 1 Under the Lan Interfaces section of the page click the +IP (7 times) under LAN0.

Step 2 Enter the VLAN ID in each of the newly created sub-interfaces.

Step 3 Set the FW Zone, Segment, and Label for each sub interface using the table below.

Note: The MGMT VLAN does will be a native VLAN do not enter the VLAN Id on this interface.

VLAN IDLabelFW ZoneSegment
100MGMT VLANLANDefault
101EmployeeLANDefault
102CameraLANDefault
103IOTIOTDefault
104GuestDefaultguest
105RejectLANDefault
106CriticalLANDefault
107QuarantineDefaultquarantine

2023-02-13_16-29-59

Step 4 In the Lan Interfaces section of enter the sub interface line click No DHCP.

Step 5 Click the DHCP/BOOTP Relay radio button.

Step 6 Enter in the following DHCP servers.

  • DHCP Server 1: 10.2.120.99
  • DHCP Server 2: 10.2.120.98

Step 7 Click OK.

Step 8 Repeat Steps 1-3 for ever sub interface except the Critical VLAN.

Step 9 For the Critical VLAN select the No DHCP.

Step 10 Click the Radio button for DHCP Server.

Step 11 Click OK.

2023-02-13_16-43-14

Configure WAN Interfaces

Step 1 In the WAN Interfaces section change the Label for WAN0 to INET1.

Step 2 In the WAN Interfaces section change the Label for WAN1 to MPLS1.

Step 3 Set the FW Zone to WAN for both WAN interfaces.

Step 4 Set the FW Mode for set the MPLS Interface to Stateful + SNAT.

Step 5 Enter the following Bandwidth.

  • INET Download: 100,000 Kbps (100Mbps)
  • INET Upload: 25,000 Kbps (25Mbps)
  • MPLS Download: 10,000 Kbps (10Mbps)
  • MPLS Upload: 5,000 Kbps (5Mbps)

Step 6 Click the Calc button.

Step 7 Click Save.

Note: If the deployment requires a BGP peering on the MPLS connection set the FW Mode to allow all.

2023-04-04_14-32-39

Redundant Gateway Deployment Profiles

Repeat the procedure for the Single internet branch and MPLS Only Branch profiles. The result of the configuration should look like the examples below.

Single internet branch

image-20230308141445999

MPLS Only Branch

2023-04-04_14-38-36

Note: If the deployment requires a BGP peering on the MPLS connection set the FW Mode to allow all.

Loopback Orchestration Configuration

Loopback Orchestration dynamically assigns a loopback interface to gateways when they are onboarded into orchestrator.

Step 1 Navigate to Configuration in the Networking column select Loopback Orchestration.

Step 2 In the Segment section clear the All input. Select the default segment.

Step 3 Click the +Add Loopback Interface button.

Step 4 In the Pop-up set enter the following.

  • Label: LOOPBACK
  • Zone: LAN

Step 5 Check the Management IP box.

Step 6 Click Add

Step 7 In the newly added row select the Loopback Pool.

Step 8 Enter the Subnet IP Pool. For this deployment the pool will be: 10.14.255.64/26

Step 9 Click Update, then Click Save in the bottom left.

2023-04-04_15-04-33


Back to top

© Copyright 2024 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.