Before you get started with your onboarding and provisioning operations, browse through the list of Supported AOS-CX Platforms in Aruba Central.
The following sections list the steps required for provisioning AOS-CX switches in Aruba Central.
Provisioning a Factory Default Switch
Like most Aruba devices, AOS-CX switches support ZTP Zero Touch Provisioning. ZTP is a device provisioning mechanism that allows automatic and quick provisioning of devices with a minimal or at times no manual intervention.. Switches with factory default configuration have very basic configuration for all ports in VLAN-1. When a new AOS-CX switch (factory default) is powered on, it automatically obtains IP address, connects to Aruba Activate and downloads the provisioning parameters. When the switch identifies Aruba Central as its management entity, it connects to Aruba Central.
To manage AOS-CX switches from Aruba Central, you must onboard the switches to the device inventory and assign a valid subscription.
For step-by-step instructions, see Provisioning Factory Default AOS-CX Switches.
Provisioning a Pre-configured or Locally-Managed Switch
Pre-configured switches have customized configuration; for example, an additional VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. or static IP address configured on the default.
Aruba Central management service is enabled by default on AOS-CX switches. When the switch is powered on, it identifies Aruba Central as its management entity and connects to Aruba Central.
To manage AOS-CX switches from Aruba Central, you must onboard the switches to the device inventory and assign a valid subscription.
For step-by-step instructions, see Provisioning Pre-Configured AOS-CX Switches.
Aruba Central supports provisioning AOS-CX switches in UI and template groups. Template groups allow you to configure devices using CLI-based configuration templates. UI groups allow you to configure devices using UI-based configuration options.
The following figure illustrates the group assignment workflow in Aruba Central:
Figure 1 Group Assignment- AOS-CX Switches
Moving AOS-CX Switches Between Groups
AOS-CX switches can also be moved between groups in Aruba Central. When moving switches from an unprovisioned, template, or UI group to another UI group, the existing switch configuration can be retained by selecting the Retain CX-Switch Configuration check box on the Move Devices page. If the configuration on the device and the group are different, Aruba Central retains the device configuration as device overrides. Consider the following points when selecting this check box:
- When moving the switches to the UI group, all supported UI group configurations except the following, if present at the group-level for the destination group, are applied to the switches:
- System Properties—Only the device administrator password, if configured in the group, is updated on the switch.
- Authentication (MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. and 802.1X 802.1X is an IEEE standard for port-based network access control designed to enhance 802.11 WLAN security. 802.1X provides an authentication framework that allows a user to be authenticated by a central authority.)
- Spanning Tree (Loop Prevention)
- HTTP Hypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands. Proxy
- User-based tunneling
- Logging servers
- SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention.
- Port interfaces
- If any group configuration has dependent configuration, then the dependent configuration will not be applied to the device.
For example, any LAG Link Aggregation Group . A LAG combines a number of physical ports together to make a single high-bandwidth data path. LAGs can connect two switches to provide a higher-bandwidth connection to a public network. configuration that is present at the group-level (not at the device level) will be applied. However, the port configuration in a LAG will not be applied, as port configuration is a dependent configuration of LAGs.
- Device-level RADIUS Remote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. and TACACS Terminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. server configuration will be retained, if present. And also any new group-level configuration will be applied. However, if any retained device configuration conflicts with group-level configuration, then group-level configuration takes precedence, and those conflicting configuration will be replaced.
AOS-CX Switch Configuration
Aruba Central supports managing AOS-CX switches configuration using configuration templates and UI group configuration.
When an AOS-CX switch is connected to Aruba Central and managed using the Aruba Central app, Aruba Central becomes the single source of configuration for the switch. In the Aruba Central Manged mode, the switch cannot be configured using any of the other switch configuration interfaces, such as the switch CLI, REST Representational State Transfer. REST is a simple and stateless architecture that the web services use for providing interoperability between computer systems on the Internet. In a RESTful web service, requests made to the URI of a resource will elicit a response that may be in XML, HTML, JSON or some other defined format. APIs Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software., NBAPIs, and SNMP. You can use any configuration options available in Aruba Central to configure the AOS-CX switches in the Managed mode. You can use the MultiEdit mode on the UI to run commands on the switch through Aruba Central. For information, see Using MultiEdit View for AOS-CX.
The Aruba Central Managed mode is applicable to AOS-CX switches running the firmware version 10.07 or later, and to those switches that have been added to an Aruba Central group. This mode is not applicable to switches in the unprovisioned state.
Configuration Using Templates
Aruba Central supports managing AOS-CX switches configuration using configuration templates. Ensure that you assign the AOS-CX switches to a template group.
- When initially onboarding an AOS-CX switch to Aruba Central, you must manually create the template for the switch in a group, along with the password in plaintext format. You can use the output of the show running-config command to create the template. You can also add variables to use the same template for onboarding multiple AOS-CX switches.
- In the AOS-CX template configuration, the pound sign (#) is used for adding comments. When using the
banner motdcode in the template configuration, use a delimiter such as at (@) symbol or any other special character, than using the pound sign (#). Using the pound sign (#) with the
banner motdcode will cause the code to be dropped when processing the template.
For more information on managing AOS-CX switches in Aruba Central using templates, see Configuring AOS-CX Using Templates.
Configuration Using UI Groups
Aruba Central supports managing AOS-CX switches configuration using UI groups. You can configure AOS-CX switches that are added to a UI group, using the UI options and MultiEdit mode. You can pre-configure groups in the absence of switches.
For more information on managing AOS-CX switches in Aruba Central using UI group configuration, see Configuring AOS-CX Switches in UI Groups.
Replacing a VSX member
When replacing a VSX switch member that is configured and managed through Aruba Central, ensure that the new replacement switch is assigned to the same group as the old switch. If the assigned group is the template group, ensure that the variables for the new replacement switch are same as the old switch. In the case of the UI group, if the VSX switch is configured using MultiEdit, you need to copy the original configuration from the MultiEdit configuration editor and paste it to the new replacement switch after moving it into the group.
AOS-CX Stack Configuration
Aruba Central supports managing AOS-CX switch stacks configuration using UI group configuration and templates.
For more information on managing AOS-CX switch stacks in Aruba Central using UI group configuration, see Configuring AOS-CX VSF Stacks Using UI Groups.
For more information on managing AOS-CX switch stacks in Aruba Central using templates, see Configuring AOS-CX Using Templates.
AOS-CX Switch Monitoring
To view the operation status of switches and health of wired access network:
- In the Aruba Central app, set the filter to a group containing at least one switch.
For all devices, set the filter to. Ensure that the filter selected contains at least one active switch.
The dashboard context for the selected filter is displayed.
A list of switches is displayed in theview.
, click > .
- Click an AOS-CX switch under .
The dashboard context for the switch is displayed.
For more information, see Monitoring Switches and Switch Stacks.
Viewing VSX Details
Aruba Central displays information about VSX configuration of AOS-CX switches. For more information, see Switch > VSX.
Last synced data is displayed in the Switch > VSX page only when VSX synchronization is enabled for the AOS-CX switch. However, enabling VSX synchronization using template configuration in Aruba Central is not recommended. By enabling VSX synchronization, the peer switch may get into an unknown configuration state.
Viewing Topology Map
In Aruba Central, the tab in the site dashboard provides a graphical representation of the site including the network layout, details of the devices deployed and health of the WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. uplinks and tunnels. Aruba Central supports AOS-CX switches to be displayed in the tab. For more information, see Monitoring Sites in the Topology Tab.
Troubleshooting and Diagnostics
If you are unable to view all details of the AOS-CX switch, then maybe the template configuration was not applied correctly, the password was missing in the template configuration, or the password was not in plaintext. See the audit trail to check the status of the switch. The audit trail should show the device onboarded message for the switch serial number followed by the configuration push and login successful messages. For more information on troubleshooting AOS-CX switch onboarding issues, see Troubleshooting AOS-CX Switch Onboarding Issues.
The Aruba Central > > in the Aruba Central UI displays errors in configuration sync, template configuration, and a list of configuration overrides. For more information, see Viewing Configuration Status.page under
The Aruba Central > > in the AOS-CX UI configuration page of Aruba Central displays configuration status of the switches, pending changes, and local overrides present in the AOS-CX switches. For more information, see Using Configuration Status on AOS-CX.page under
To troubleshoot AOS-CX switches remotely, use the tools available under Aruba Central > > . For more information, see Troubleshooting Tools.
You can also reboot, connect to the remote console of the switch, or generate a tech support dump for troubleshooting the device, by using the tools available under thedrop-down. The drop-down is available in the switch monitoring pages.
Thedown-down lists the following options available for remote administration of the switch:
- Rebooting Switches. —Reboots the switch. See
- Troubleshooting Aruba Switches. —Allows the administrators to generate a tech support dump for troubleshooting the device. See
- SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. . Ensure that you allow SSH over port 443. The default user ID is admin, but you can edit and customize the user ID. This custom user ID must be mapped to the device. See Remote Console Session. —Opens the remote console for a CLI session through
If the Copy and Paste function from the keyboard shortcut keys (CTRL+C and CTRL+V) do not work in your web browser, use the Copy and Paste functions available under the menu options in the web browser.
You can only troubleshoot Aruba switches using the option in Aruba Central. You cannot configure the switches.