Configuring Configuration Audit Properties

HPE Aruba Networking Central provides an audit dashboard for reviewing configuration changes for the devices provisioned in UI and template groups. The Configuration Audit page is available for APs, switches, and gateways.

The Configuration Audit page and the auto commit feature is available for Foundation and Advanced licenses for APs, switches, and gateways.

Viewing the Configuration Audit Page

To view the Configuration Audit page, complete the following steps:

  • For APs:
    1. In the WebUI, set the filter to a group that contains at least one AP.

      The dashboard context for the selected group is displayed.

    2. Under Manage, click Devices > Access Points.
    3. Click the Config icon.

      The tabs to configure access points are displayed.

    4. Click Show Advanced, and click the Configuration Audit tab.

      The Configuration Audit details page is displayed.

  • For HPE Aruba Networking switches:
    1. In the WebUI, set the filter to a group that contains at least one switch.

      The dashboard context for the selected group is displayed.

    2. Under Manage, click Devices > Switches.
    3. Click the Config icon.

      The tabs to configure switches are displayed.

    4. Click Configuration Audit.

      The Configuration Audit details page is displayed.

  • For HPE Aruba Networking gateways:
    1. In the WebUI, set the filter to a group that contains at least one Branch Gateway.

      The dashboard context for the selected group is displayed.

    2. Under Manage, click Devices > Gateways.
    3. Click the Config icon.

      The tabs to configure gateways are displayed.

    4. Click Show Advanced, and click the Configuration Audit tab.

      The Configuration Audit details page is displayed.

Applying Configuration Changes

HPE Aruba Networking Central supports a two-staged configuration commit workflow for APs and switches. HPE Aruba Networking Central now supports the auto commit feature at a group level. When the auto commit state is enabled for a group, the configuration changes are instantly applied to all devices where auto commit state is enabled.

In the Configuration Audit page of the group, the auto commit State section allows administrators to switch their preference for committing configuration changes to the devices within the group.

  • To enable auto commit, click Change auto commit state to ON. When the auto commit state is enabled for a group, the configuration changes are instantly applied to all devices where auto commit state is enabled.
  • To disable auto commit, click Change auto commit state to OFF. When the auto commit state is disabled for a group, you can build the configuration and save it on cloud. Subsequently, you can review the configuration and then commit the configuration to all devices within the group.

HPE Aruba Networking Central resets the auto commit state when a device moves to another group. The device inherits the auto commit state of the group to which the device is moved.
When the auto commit state is disabled for a group, HPE Aruba Networking Central restricts modification to the auto commit state at a device level. When auto commit state is enabled for a group, HPE Aruba Networking Central allows modification to the auto commit state at a device level.
The auto commit at a group level is not applicable for MAS switches and gateways in the Configuration Audit page. auto commit state is always enabled for MAS switches and gateways.

Viewing and Editing

To modify the auto commit state of devices within the group, when auto commit State for a group is enabled, complete the following steps:

  1. Click View & Edit under auto commit State: ON tile.
  2. Select a device name, click Disable auto commit, and then click OK.
  3. Click Yes in the Confirm Action dialog box.

To modify the auto commit state of devices within the group, when auto commit State for a group is disabled, complete the following steps:

  1. Click View & Edit under auto commit State: OFF tile.
  2. Select a device name, click Enable auto commit, and then click OK.
  3. Click Yes in the Confirm Action dialog box.

When auto commit state for a group is disabled, the View & Edit link is disabled to restrict modifications to the auto commit state of the devices within the group. When auto commit state for a group is enabled, the View & Edit link allows you to modify the auto commit state of the devices within the group.

auto commit Workflow

To enable HPE Aruba Networking Central to commit configuration changes instantly, complete the following steps:

  1. In the WebUI, set the filter to a group that contains at least one AP and a switch.

    The dashboard context for the selected group is displayed.

  2. Under Manage, click Devices > Access Points.

    In HPE Aruba Networking Central, the auto commit workflow for a group can be implemented either from the switch configuration audit page or AP configuration audit page. Alternatively, you can navigate to Devices > Switches.

  3. Click the Config icon.

    The tabs to configure access points are displayed.

  4. Click Show Advanced, and click the Configuration Audit tab.

    The Configuration Audit details page is displayed.

  5. Ensure that the auto commit State for the group is set to ON.
  6. Based on configuration mode set for the devices in the group, use either the UI workflows or a configuration template to complete the configuration workflow and save the changes.

    HPE Aruba Networking Central automatically commits the configuration changes to all devices where auto commit state is enabled.

  7. View the Local Overrides and Configuration Sync Issues, if any.

HPE Aruba Networking Central does not support the two-staged configuration commit workflow for HPE Aruba Networking MAS switches and HPE Aruba Networking gateways.
The tenant accounts in the MSP Managed Service Provider. The Managed Service Provider (MSP) mode is a multi-tenant operational mode that Aruba Central accounts can be converted into, provided these accounts have subscribed to the Aruba Central app. deployments do not inherit the auto commit State configured at the MSP level. The tenant account users can enable or disable auto commit state for the devices in their respective accounts.

Manual Commit Workflow

To build configuration and review it before committing the configuration changes, complete the following steps:

  1. In the WebUI, set the filter to a group that contains at least one AP and a switch.

    The dashboard context for the selected group is displayed.

  2. Under Manage, click Devices > Access Points.

    In HPE Aruba Networking Central, the manual commit workflow for a group can be implemented either from the switch configuration audit page or AP configuration audit page. Alternatively, you can navigate to Devices > Switches.

  3. Click the Config icon.

    The tabs to configure access points are displayed.

  4. Click Show Advanced, and click the Configuration Audit tab.

    The Configuration Audit details page is displayed.

  5. Ensure that the auto commit State for the group is set to OFF.
  6. Based on configuration mode set for the device, use either the UI workflows or a configuration template to complete the configuration workflow and save the changes.

    When you try to save the save changes, HPE Aruba Networking Central displays the following warning message.

    When the auto commit state for a group is set to OFF, HPE Aruba Networking Central displays the following warning message when you try to save the changes.

  7. View the Local Overrides and Configuration Sync Issues, if any.
  8. Click Commit Now to commits the configuration changes to all devices within the group.

Viewing Configuration Overrides and Errors

The Configuration Audit page allows you to view the configuration push errors, template synchronization errors, configuration sync, and device level configuration overrides. Some of notable status indicators available on the page includes:

  • Configuration Status—Provides details of the number of devices with configuration sync errors. To view the devices with configuration sync errors, click View Details. In the Config Difference window, you can view configuration differences for each device within the group.
  • Local Overrides—Provides details of the number of devices with local overrides. To view a complete list of overrides, click Manage Local Overrides. In the Local Overrides window, you can view configuration differences for each device within the group. The overrides are grouped based on the features that are configured in the UI and are displayed as drop-down sections. For example, all overrides for IGMP Internet Group Management Protocol. Communications protocol used by hosts and adjacent routers on IP networks to establish multicast group memberships. are listed under a separate drop-down with the heading IGMP.

    To preserve the overrides, click Close. To remove the overrides, select the group name with local override, type REMOVE in the text box and click OK.

  • Configuration Conflicts—Provides details of the number of devices with configuration conflict errors. To view a complete list of configuration conflicts, click Manage Configuration Conflicts. The Configuration Conflict window is displayed. To resolve the configuration conflicts, enable the check box against each conflict, and then click Remove to remove the conflict.
  • Template Errors—Provides the details of the number of devices with template errors. To view a complete list of configuration template errors, click View Template Errors. The Template Errors window is displayed. You can view a list of templates with errors.
  • Move FailuresHPE Aruba Networking Central supports moving a device from one group to another. If the move operation fails, HPE Aruba Networking Central logs such instances as Move Failures.

Viewing Configuration Audit Status for Devices in a Template Group

When you select a template group from the filter, the Configuration Audit page displays the following information.

Table 1: Configuration Audit Status for a Template Group

Data Pane Content

Description

Template Errors

Provides details of the number of devices with template errors for the selected template group.

Devices deployed in the template group are provisioned using configuration templates. If there are errors in the templates or variable definitions, the configurations push to the devices fails. HPE Aruba Networking Central records such failed instances as template errors and displays these errors on the Configuration Audit page.

To view a complete list of errors, click View Template Errors. The Template Errors window allows you to view and resolve the template errors issues if any.

Configuration Status

Provides details of the number of devices with configuration sync errors for the selected template group.

 

To view the configuration sync errors, click View Details. The Configuration Sync Issues window is displayed with the following tabs:

Not In Sync Configuration—Displays the configuration changes that are not synched with the switch.

Device Running Configuration—Displays the running configuration on the switch.

 

To resolve the configuration sync errors, click Re-Sync Configuration. HPE Aruba Networking Central will attempt to synchronize the configuration with the switch or access point again. Click Yes in the confirmation window. To check whether the configuration was synchronized and pushed to the switch or access point, see the Audit Trail page.

Group & Device Modes

Allows you to view and edit devices that are set to managed or monitored operation mode.

Managed Mode Devices—Click View & Edit. The Managed Mode Devices window is displayed and displays the list of devices operating in the managed mode. To change the device operation mode to be monitored, click Change to Monitor Mode.

Monitored Mode Devices—Click View & Edit. The Monitored Mode Devices window is displayed. To change the device operation mode to be managed, click Change to Managed Mode.

Configuration Backup & Restore

Allows you to create a backup of templates and variables applied to the devices in the template group.

New Configuration Backup—Allows you to create a backup of templates and variables applied to the devices in the template group.

All Devices

The All Devices table provides the following device information for the selected group:

Name—The name of the device.

Type—The type of the device.

Mode—Device operation mode.

auto commit—The status of the auto commit state for all the devices within the group.

Config Sync—Indicator showing configuration sync errors.

Template Errors—Indicator showing configuration template errors for the devices deployed in template groups.

Viewing Configuration Audit Status for a Device in a Template Group

When you select a device that is provisioned in a template group, the Configuration Audit page displays the following information:

Table 2: Configuration Audit Status for Devices in Template Groups

Data Pane Content

Description

Template Applied

Displays the template that is applied on the selected device.

Template Errors

Displays the number of template errors for the selected device. To view a complete list of errors, click View Template Errors.

Configuration Status

Displays the configuration sync errors for the selected device.

 

To view the configuration sync errors, click View Details. The Configuration Sync Issues window is displayed with the following tabs:

Not In Sync Configuration—Displays the configuration changes that are not synched with the switch.

Device Running Configuration—Displays the running configuration on the switch.

 

To resolve the configuration sync errors, click Re-Sync Configuration. HPE Aruba Networking Central will attempt to synchronize the configuration with the switch or access point again. Click Yes in the confirmation window. To check whether the configuration was synchronized and pushed to the switch or access point, see the Audit Trail page.

Config Comparison Tool

Allows you to view the difference between the current configuration (Device Running Configuration) and the configuration that is yet to be pushed to the device (Attempted Configuration).

To view the running and attempted configuration changes side by side, click View.

Group & Device Modes

Allows you to view and edit devices that are operating in the managed or monitored mode.

Managed Mode Devices—Click View & Edit. The Managed Mode Devices window is displayed and displays the list of devices operating in the managed mode. To change the device operation mode to be monitored, click Change to Monitor Mode.

Monitored Mode Devices—Click View & Edit. The Monitored Mode Devices window is displayed. To change the device operation mode to be managed, click Change to Managed Mode.

Viewing Configuration Audit Status for Devices in a UI Group

When you select a UI group, the Configuration Audit page displays the following information:

Table 3: Configuration Audit Status for a UI Group

Data Pane Content

Description

Configuration Status

Displays the number of devices with configuration sync errors for the selected UI group.

 

To view the configuration sync errors, click View Details. The Configuration Sync Issues window is displayed with the following tabs:

Not In Sync Configuration—Displays the configuration changes that are not synched with the switch.

Device Running Configuration—Displays the running configuration on the switch.

 

To resolve the configuration sync errors, click Re-Sync Configuration. HPE Aruba Networking Central will attempt to synchronize the configuration with the switch or access point again. Click Yes in the confirmation window. To check whether the configuration was synchronized and pushed to the switch or access point, see the Audit Trail page.

Local Overrides

Displays the number of devices with local overrides. To view a complete list of overrides, click Manage Local Overrides.

The Local Overrides window is displayed. The overrides are grouped based on the features that are configured in the UI and are displayed as drop-down sections. For example, all overrides for IGMP are listed under a separate drop-down with the heading IGMP.

To preserve the overrides, click Close.

To remove the overrides, select the group name with local override, type REMOVE in the text box and then click OK.

All Devices

The All Devices table provides the following device information for the selected group:

MAC AddressMAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address of the device.

Name—The name of the device.

IP Address—IP address of the device.

Site—Name of the site to which the device is assigned.

Type—The type of the device.

auto commit—The status of the auto commit state for all the devices within the group.

Config Sync/Config Status—Indicator showing configuration sync errors.

Local Overrides—Indicator showing configuration overrides for the devices deployed in the UI groups.

NOTE: The MAC Address, IP Address, Site, and Config Status columns are available only for groups in which HPE Aruba Networking gateways are provisioned (Manage > Device > Gateways, click the Config icon. The gateway configuration page is displayed. Navigate to Configuration Audit).

Viewing Configuration Audit Status for a Device in a UI Group

When you select a device assigned to a UI group, the Configuration Audit page displays the following information:

Table 4: Configuration Audit Status for a Device Assigned to a UI Group

Data Pane Content

Description

Configuration Status

Displays the number of devices with configuration sync errors for the selected device.

 

To view the configuration sync errors, click View Details. The Configuration Sync Issues window is displayed with the following tabs:

Not In Sync Configuration—Displays the configuration changes that are not synched with the switch.

Device Running Configuration—Displays the running configuration on the switch.

 

To resolve the configuration sync errors, click Re-Sync Configuration. HPE Aruba Networking Central will attempt to synchronize the configuration with the switch or access point again. Click Yes in the confirmation window. To check whether the configuration was synchronized and pushed to the switch or access point, see the Audit Trail page.

Local Overrides

Displays the number of local overrides. To view a complete list of overrides, click Manage Local Overrides.

The Local Overrides window is displayed. The overrides are grouped based on the features that are configured in the UI and are displayed as drop-down sections. For example, all overrides for IGMP are listed under a separate drop-down with the heading IGMP.

To preserve the overrides, click Close.

To remove the overrides, click Remove Local Overrides, type REMOVE in the text box and then click OK.