Initial Steps for Successful Adoption
Adopting AOS 10, regardless of the starting point, requires some initial configuration within Central for the best outcome during migration.
Prerequisites
- The device hardware (AP or Gateway) is supported on AOS 10.
- Devices are present within the GLCP inventory and have a valid application and subscription applied; refer to the guide “Setting up Your Aruba Central Instance” for assistance.
- The “pre-validate” option for conversion of Campus APs requires pre-provisioning the AP into an AOS 10 Access Point Group in Central.
- Devices can resolve all applicable FQDNs and reach those targets on required ports; refer to the guide “Opening Firewall Ports for Device Communication” for assistance.
- Access Points must be running IPv4 or dual stack mode; native IPv6 on APs is not supported
- Instant APs must be running Aruba Instant OS 8.6.0.18, 8.7.1.0, or later releases for a successful firmware upgrade.
- A cluster of Instant APs must not contain any AP models not supported by AOS 10.
- Instant APs must not have the uplink native VLAN configured.
- To convert Campus APs, the associated gateway should be running AOS 8.7.1.9, AOS 8.10.0.5, or a later release.
- If using AOS 8.7.1.X or a release of AOS 8.10 prior to 8.10.0.5, transferring an image to the controller using SCP will result in incorrect permissions applied to the image; upload the image to the controller using a method other than SCP.
- Mobility Controllers/Gateways that have previously undergone a firmware upgrade will not contact Aruba Activate for an upgrade to a Central-enabled firmware version and must be manually upgraded to AOS 10. After upgrade, the Gateway must have the configuration erased and the appliance must be rebooted before they can be provisioned in Central.
- Mobility Controllers/Gateways to be upgraded must be removed from any Activate folder with existing provisioning rules before attempting the upgrade or connecting to Central.
- Using AirWave 8.2.15.1 or later to perform a firmware upgrade to AOS 10 is not possible.
Caution: Do not apply the methodology in this document to production SD-Branch Gateways or VPN Concentrators.
Caution: Aruba Instant APs explicitly configured with an uplink native VLAN will have connectivity issues after upgrading to AOS 10. Configuration through the WebUI of the “Uplink Switch Native VLAN” or through the CLI of the “enet-vlan” values will not behave in the same manner in AOS 10. Aruba Instant 8 automatically used the configured native VLAN as the management VLAN; AOS 10 does not. Aruba Instant APs must be operating without the uplink VLAN set for successful AOS 10 operation. Support for native and management VLANs on AOS 10 APs will be added in a later version of AOS 10.
Note: All new Gateways shipped from the factory since 2017 are cloud-enabled and will be automatically upgraded by Activate to a version of software that permits management by Central. The Gateways then can be upgraded to the specified AOS 10 version using firmware compliance assigned to the Central Group.
Prepare an AOS 10 Group in Central
Step 1 Create a new group on the Aruba Central account. Go to Global > Organization > Network Structure > Groups. A new group must be created; do not attempt to use a cloned or existing group with IAP 8.X configuration for AOS 10. Use the + (plus sign) button to add a new group.
Step 2 Choose the hardware the Group will administer. A single group can contain a single type or a mixture of hardware.
**Group dedicated to APs:**
Group dedicated to Gateways:
Note: If there is a need to preserve the naming convention for this new AOS 10 group for a particular customer requirement, clone the original group with a different name, move devices to the temporary group, and delete the original. As a good practice, avoid deleting the temporary group until you are completely satisfied with the AOS 10 conversion.
Step 3 Choose ArubaOS 10 as the architecture to use for the new group and select the appropriate Network Role for the APs:
If creating a group including or dedicated to Gateways, the role for the gateways must be indicated:
Note: The VPN Concentrator (VPNC) role is available only when configuring a Gateway-only group, the VPNC group cannot contain APs or switches.
Step 4 Select the newly created group and choose the desired hardware type. In the left menu, use the Firmware option to set the firmware compliance to an AOS 10 firmware version. Click Set Compliance in the upper right.
Step 5 Enable the Set firmware compliance toggle and choose a version of AOS 10 from the dropdown to ensure that devices added to the group will be upgraded appropriately.
Step 6 Prepare the configuration for this new AOS 10 group by configuring System settings such as country code, time zone, NTP, WLAN configuration, etc. For AP groups, refer to “Configuring Access Points”. Gateway configuration information can be found at “Provisioning Branch Gateways in Aruba Central.”
Mixed Model Aruba Instant Cluster
Before migrating a cluster of Aruba Instant APs to AOS 10, any models unsupported in AOS 10 must be removed or moved to a separate management network to split the cluster. Attempting to upgrade firmware to AOS 10 when unsupported models are in the cluster will result in an error for the download and none of the APs will be upgraded.