Link Search Menu Expand Document

Configure HPE Aruba Networking Central

The following sections outline the steps to create a VPNC group in HPE Aruba Networking Central and add EdgeConnect gateways to the group, so that HPE Aruba Networking Central recognizes the gateways as VPNCs. This is done after you have added the EdgeConnect gateways and applied the subscription license.

This section does not cover how to create a Branch Gateway group for SD-Branch and Microbranch and assumes that has already been created. If you need to create a Branch Gateway group, see the SD-Branch documents in Related Documents.

Create an EdgeConnect SD-WAN VPNC Group

In HPE Aruba Networking Central, the Global dashboard shows the customer name and a map of the device locations.

img

  1. Log in to HPE Aruba Networking Central, and click Organization.

  2. Click Groups to see the unprovisioned devices. The Groups page shows a table with the Group names of all connected devices and unprovisioned devices.

  3. Click + to create a new group.

  4. Enter a name for EC VPNC Group, select the EdgeConnect SD-WAN check box, and click Next.

    img

  5. Click Add.

    The EC VPNC Group now appears on the Groups page.

Add Headend EdgeConnect Gateways to the EdgeConnect SD-WAN VPNC Group

  1. In HPE Aruba Networking Central, click Organization, and then click Groups.

  2. Select the unprovisioned EdgeConnect gateways.

  3. Click Move Devices.

    img

NOTE: Hub and spoke overlay tunnel orchestration is only supported in the Unified Fabric when using Orchestrator 9.5+, ECOS 9.5+, and HPE Aruba Networking Central 2.5.8 releases.

Set the Data Center (DC) Preference for the Branch Gateway Group

  1. In HPE Aruba Networking Central, navigate to the Global dashboard, and then click to open the filter lists.

    img

  2. Select the BGW group you have configured to use for the Unified Fabric. In the following example, the SEWAN-Branch group that was previously configured is selected.

  3. Click Devices, and then click Config.

    img

  4. Navigate to VPN > SD WAN Overlay.

  5. Check that Overlay Mode is set to “Orchestrated”, and that Overlay Orchestrator Peering is “Running”.

  6. Under DC Preference, select Hubs.

  7. In the Hub Group column, select the VPNC Group you created.

  8. In the VPNC1 column, select an EdgeConnect gateway hub from your BGW.

    NOTE: To add more hubs, click + in the Hubs section. To change the preference for the hubs, drag the rows up or down. The preference determines the priority in which orchestration establishes the overlay tunnels to the VPNC for each interface.

    In the following example, the Hub Group is set to SEWAN-EC-Hub, VPNC1 is set to Andover-EC1, and VPNC2 is set to Andover-EC2. The DC preference creates OTO tunnels between the BGW and VPNCs. After the ORO control channel is up, the EdgeConnect learns routes from the ORO and the routes are displayed.

    img

    The following figure illustrates how the metric is applied to each VPNC.

    img

Set the Data Center (DC) Preference for a Microbranch (Access Point) Group

The following instructions describe how to set the DC preference for a Microbranch (Access Point) group, so tunnels and routes are orchestrated to the headed EC gateway.

  1. In HPE Aruba Networking Central, navigate to the Global dashboard and select the AP group you configured for use with the Unified Fabric. In the following example, the SEWAN-MB group that was previously configured is selected.

  2. Click Devices, and then click Config.

  3. Under Tunnels & Routing, click Data Center.

    img

  4. Select Hubs.

  5. In the Data Center table, click + to add the VPNC group, and then change the preferences of the devices in the hub by dragging the rows up and down. The first device in the list is set as the first VPNC in the hub. In the following example, SEWAN-EC-Hub is set as the hub for the VPNC group, and Andover-EC1 is the first VPNC in the hub.

    NOTE: Click the arrow to scroll through the available hubs and devices in the Data Center table. Click + to add more hubs or devices. To change the preference of the devices in a hub, select and drag the rows up or down.

    You can add up to four EdgeConnect gateways to a single Hub group. Each EdgeConnect gateway in a Hub group has a metric assigned to it starting with 10 and increasing by an increment of 10 for each additional gateway. In the following example, Andover-EC1 has a metric of 10 and Andover-EC2 has a metric of 20. If another EdgeConnect gateway is added to the group, it would have a metric of 30.

    img

Validate the Tunnels in Orchestrator

The following instructions describe how to validate the tunnels in Orchestrator after you have created the VPNC groups, added the headend gateways, and set the DC preferences.

  1. Log in to Orchestrator and navigate to Administration > Tools > Monitoring > Reachability Status.

  2. Click Appliance/HPE ANW Central.

    It should display the appliances set as Hubs, the HPE ANW Central hostname, the HPE ANW Central IP address, and the statuses of HPE Aruba Networking Central ORO and OTO connectivity. If the connectivity statuses are not showing green “Connected”, as shown in the following figure, see Monitoring and Troubleshooting.

    img

  3. Navigate to Configuration > Networking > Tunnels > Tunnels.

  4. On the Tunnels tab, to show the IPSec tunnels built with IPSec OTO, select the hub from the appliances tree and click HPE ANW Central. In the following example, Andover-EC1 is selected.

    img

  5. In the Advanced Options column, click the info icon.

    The Tunnel Advanced Options dialog box opens and displays settings details for the tunnel, as shown in the following example.

    img

Check the OTO gRPC Status in HPE Aruba Networking Central

  1. Log in to HPE Aruba Networking Central and navigate to Network Services > SD-WAN Overlay > Tunnel > Hubs.

  2. Select a hub group, and then select CONTROL CONNECTIONS to show the status of the gRPC connection state for each of the EdgeConnect VPNCs. In the following example, SEWAN-EC-Hub is selected.

    img

  3. Click to expand the details for an EdgeConnect peer in the hub group. The details show the WAN uplink information shared by the EC and the corresponding public IP address, if available, for the uplink.

  4. Select a location on the site map to display the hub groups available at that site.

  5. Select a hub group. In the following example, SEWAN-EC-Hub is selected.

  6. Select Tunnels. The Tunnel state column indicates if the tunnels are “Up”. Expand the details for a hub in the group. In the following example, the details for Andover are expanded.

    img

Next Steps

After you have configured HPE Aruba Networking Central, your Unified Fabric solution should be fully deployed. If you experience any issues with your Unified Fabric, see Monitoring and Troubleshooting.


Back to top

© Copyright 2025 Hewlett Packard Enterprise Development LP.

For third-party trademark acknowledgements, go to Trademark Acknowledgements. All third-party marks are property of their respective owners.

To view the end-user software agreement, go to HPE Aruba Networking EULA.

Open Source Code:

This product includes code licensed under certain open source licenses which require source compliance. The corresponding source for these components is available upon request. This offer is valid to anyone in receipt of this information and shall expire three years following the date of the final distribution of this product version by Hewlett Packard Enterprise Company. To obtain such source code, please check if the code is available in the HPE Software Center at https://myenterpriselicense.hpe.com/cwp-ui/software but, if not, send a written request for specific software version and product for which you want the open source code. Along with the request, please send a check or money order in the amount of US $10.00 to:

Hewlett Packard Enterprise Company
Attn: General Counsel
WW Corporate Headquarters
1701 E Mossy Oaks Rd Spring, TX 77389
United States of America