Aruba Central User Guide

Transcription

User GuideAruba Central

Copyright Information Copyright 2019 Hewlett Packard Enterprise Development LP.Open Source CodeThis product includes code licensed under the GNU General Public License, the GNU Lesser General PublicLicense, and/or certain other open source licenses. A complete machine-readable copy of the source codecorresponding to such code is available upon request. This offer is valid to anyone in receipt of this informationand shall expire three years following the date of the final distribution of this product version by HewlettPackard Enterprise Company. To obtain such source code, send a check or money order in the amount of US 10.00 to:Hewlett Packard Enterprise Company6280 America Center DriveSan Jose, CA 95002USARevision 01 July 2019Aruba Central User Guide

ContentsContents3About this Guide23Intended Audience23Related Documents23Conventions23Contacting Support24About Aruba Central25Key Features25Operational Modes and Interfaces26Standard Enterprise Mode26Managed Service Provider Mode26Supported Web Browsers27Supported Devices27Supported Aruba Gateways27Supported Switch Platforms28Supported Instant APs29Getting Started with Aruba Central30Workflow Summary31Related Topics31Creating an Aruba Central Account32Zones and Sign Up URLs32Signing up for an Aruba Central Account32Accessing Aruba Central Portal36Login URLs36Logging in to Aruba Central:37Aruba Central User GuideContents 3

Changing Your Password37Logging Out of Aruba Central37Exploring the User Interface38Aruba Central User Interface38Left Navigation Pane38Search Bar41User Icon42Filter bar42Data Pane43Notifications Pane43Need Help Bubble43MSP User InterfaceLeft Navigation Pane43Search Bar45User Icon45Filter bar46Data Pane46Notifications Pane46Starting Your Free Trial46Get Started with the Free Trial47Setting up Your Aruba Central Instance51Getting Started with Aruba Central52Manually Adding Devices54Provisioning Instant APsGeneral AdministrationManaging Your Device Inventory4 Contents43575858Viewing Devices59Adding Devices to Inventory59Aruba Central User Guide

Onboarding Devices59Adding Devices (Evaluation Account)59Adding Devices (Paid Subscription)60Manually Adding Devices When Device Sync Fails61Managing Subscriptions63Managing Subscription Keys63Viewing Subscription Key Details64Supported Subscription Types64Assigning Subscriptions65Manually Assigning Subscriptions66Assigning Network Service Subscriptions67Assigning Gateway Subscriptions67Gateway Subscriptions67Assigning Subscriptions to Gateways67Removing Subscriptions from Devices68Acknowledging Subscription Expiry Notifications68Renewing Subscriptions68Managing Sites69Overview69Sites Page69Creating a Site69Adding Multiple Sites in Bulk70Assigning a Device to a Site70Converting Existing Labels to Sites70Editing a Site71Deleting a Site71Managing Labels71Device Classification71Labels Page72Aruba Central User GuideContents 5

Using Groups for Device Configuration and ManagementGroup Operations74Group Configuration Modes74Default Groups and Unprovisioned Devices75Best Practices and Recommendations75Working with Groups75Managing Groups76Creating a Group76Assigning Devices to Groups77Viewing Groups and Associated Devices77Creating a New Group by Importing Configuration from a Device77Cloning a Group78Moving Devices between Groups78Configuring Device Groups78Deleting a Group78Provisioning Devices Using UI-based WorkflowsProvisioning Instant APs using UI-based Configuration Method7879Configuration Steps80Configuration Overrides80Provisioning Switches Using UI-based Configuration Method80Configuration Steps81Configuration Overrides81Configuration Steps82Configuration Overrides82Provisioning Devices Using Configuration Templates6 Contents7383Creating a Group with Template-Based Configuration Method83Provisioning Devices Using Configuration Templates and Variable Definitions83Editing a Template83Managing Variable Files83Aruba Central User Guide

Backing Up and Restoring Configuration TemplatesImportant Points to NoteViewing Configuration Status888891Accessing the Configuration Audit Page91Applying Configuration Changes92Auto Commit Workflow92Manual Commit Workflow92Viewing Configuration Overrides and Errors93Backing up and Restoring Configuration Templates95Connecting Devices to Aruba Central96Domain names for Aruba Central Portal Access96Domain Names for Device Communication with Aruba Central96Domain Names for Device Communication with Aruba Activate97Cloud Guest Server Domains for Guest Access Service97Domain Names for OpenFlow97Other Domain Names98Connecting Instant APs to Aruba Central99Connecting Aruba Switches to Aruba Central99Connecting SD-WAN Gateways to Aruba Central99Uploading Certificates100Uploading Certificates100Managing Certificates on Instant APs Configured Using Templates101Managing Software Upgrades102Viewing Firmware Details102Upgrading a Device103Setting Firmware Compliance104Troubleshooting Devices104Troubleshooting a Device104Viewing Command Output107Aruba Central User GuideContents 7

Viewing Audit TrailsViewing Audit Trails in the Standard Enterprise Portal108Classification of Audit Trails109Removing DevicesRemoving a Device from the Device Inventory PageManaging User Accounts109109110Configuring System Users110Adding a System User110Editing a User111Deleting a User111Viewing Audit Logs111Configuring User Roles112Predefined User Roles112Custom Roles112Adding a Custom Role112Application Permissions113Viewing User Role Details113Two-Factor Authentication113Support Access115Monitoring & Reports8 Contents107116Network Overview116APs117Page Views117Filters117Navigation and Granularity118Access Points Table118AP Details Page View119AP Details Panel119Aruba Central User Guide

APs—Overview Tab120Device120Network121Radios122Data Path122Health Status123APs—Usage Tab123Throughput123Clients123APs—Clients Tab124APs—RF Tab124Channel Utilization124Noise Floor124Frames125Channel Quality125RF Neighbors125APs—VPN Tab126Tunnels126Throughput Usage Per VPN126Packet Loss126APs—Location Tab126APs—Alerts & Logs Tab127APs—Actions128Live Instant AP Monitoring128Enabling and Disabling Live Monitoring129AP Details in Go Live Mode129Deleting an Offline AP129Monitoring Switches and Switch Stacks130Page ViewsAruba Central User Guide130Contents 9

Filters130Navigation and Granularity130Switches Table131Switch DetailsSwitches—Overview Tab131Switches—Ports Tab135Switches—PoE Tab136PoE Status136Faceplate136Ports PoE137PoE Consumption137Viewing PoE Port-Level Information137Switches—VLANs Tab10 are Tab139Switches—Connected Tab140Client Devices Table140Neighbor Devices Table140Switches—Alerts & Logs Tab141Switches—Actions141Deleting an Offline Switch142Switches—Assigning Uplink Ports142Gateways142Page Views142Filters143Navigation and Granularity143Gateways Table143Gateway Details Page View144Aruba Central User Guide

Gateways—Overview Tab145Gateway—WAN Tab147Gateways—LAN Tab153Gateways—Tunnels Tab163Gateways—Routing Tab164Gateways—Path Steering Tab175Gateways—Applications Tab177Gateway—Alerts & Logs Tab178Gateways—Sessions Tab179Deleting an Offline Gateway181Security181Viewing Rogue AP Detectors181Viewing Intrusion Detection Attacks182Viewing WIDS Events182Network Health183Data Source183Page Views183Legend184Summary184Gateway185Site Health185Label Health189Data Source189Page Views189Summary189Per Label Details190Client Overview193Unified Clients194Client Details197Aruba Central User GuideContents 11

Viewing Clients Connected to Wireless NetworksClient Summary Bar198Live Client Monitoring198Disconnecting a Wireless Client from an AP198Wireless Client 0Location201Events201Open Tools201AI Insights201Viewing Clients Connected to Wired Networks202Wired Client 3Application Visibility204Application Visibility Dashboard205Quick Reference Illustration of Blocked Traffic Section208VisualRF208VisualRF Dashboard209Viewing Network Information209Viewing Rogue Devices212Planning and Provisioning Devices212Printing a Bill of Materials Report215Topology12 Contents197216Before You Begin216Viewing Topology Map216Aruba Central User Guide

Navigating the Topology MapAn example of a Topology map:Task PaneAlerts216216217219Viewing the Alerts Summary and Acknowledging Alerts219Configuring Alerts220Alert Types221Reports224Types of reports224Creating a report227Generated Reports228Viewing generated reports228Editing a report229Deleting report(s)229Exporting a report229Deploying a Wireless Network Using Instant APsSetting Country Code230230Country Code Configuration in Aruba Central from UI230Setting Country Code At Group Level231Setting Country Code At Device Level231Country Code Configuration at Group Level from API232Configuring Device Parameters233Configuring External Antenna235EIRP and Antenna Gain235Configuring Antenna Gain236Adding an Instant AP236Deleting an Instant AP from the Network236Configuring System Parameters an Instant AP ClusterAruba Central User Guide236Contents 13

Configuring VLAN Name and VLAN ID240Points to remember240Configuring Dual 5 GHz Radio Bands on an Instant AP241Configuring Network Profiles on Instant APs242Configuring Wireless Network Profiles on Instant APs242Configuring Wireless Networks on Guest Users on Instant APs253Splash Page Profiles253Configuring Access Points Ports Networks on Guest Users on Instant APs259Splash Page Profiles260Downloadable User RolesClearPass Policy Manager Certificate Validation for Downloadable User Roles (DUR)267Enabling Downloadable User Roles Feature for Wireless Networks in Aruba Central267Enabling Downloadable User Roles Feature for Wired Networks in Aruba Central268Configuring Wired Port Profiles on Instant APs268Configuring General Network Profile Settings269Configuring VLAN Settings269Configuring Security Settings270Configuring Access Settings271Configuring Network Port Profile Assignment272Viewing Summary Table272Editing a Network Profile272Deleting a Network Profile272Mesh Network and Mesh Instant AP273Mesh Network Overview273Mesh Instant APs273Instant AP as Mesh Portal273Instant AP as Mesh Point273Automatic Mesh Role AssignmentMesh Role Detection during System Boot-Up14 Contents266273274Aruba Central User Guide

Mesh Role Detection during System Running Time274Setting up Instant Mesh Network274Configuring Wired Bridging on Ethernet 0 for Mesh Point274Mesh Cluster Function275Configuring Time-Based Services for Wireless Network Profiles275Before You Begin275Creating a Time Range Profile275Configuring ARM and RF Parameters on Instant APs277ARM Overview277Configuring ARM Features278Configuring Radio Parameters281Configuring IDS Parameters on Instant APs282Rogue APs282Configuring Wireless Intrusion Detection and Protection Policies282Containment Methods285Configuring Authentication and Security Profiles on Instant APs285Supported Authentication Methods286Support for Multiple PSK in WLAN SSID290Points to RememberWPA3 Encryption290291WPA3-Enterprise291Configuring WPA3 for Enterprise Security for Wireless Network292Configuring WPA3 for Personal Security292Authentication Servers for Instant APs292External RADIUS Server292RADIUS Server Authentication with VSA293Internal RADIUS Server293Authentication Termination on Instant AP293Dynamic Load Balancing between Authentication Servers294Aruba Central User GuideContents 15

Configuring External Authentication Servers for an Instant AP Cluster294Configuring Users Accounts for the Instant AP Management Interface296Configuring Guest and Employee User Profiles on Instant APs297Configuring Roles and Policies on Instant APs for User Access Control298ACL Rules298Configuring Network Address Translation Rules299Configuring Network Service ACLs299Configuring User Roles for Instant AP Clients301Configuring Role Derivation Rules for Instant AP Clients302Configuring Firewall Parameters for Wireless Network Protection304Configuring ACLs for Application Usage Analysis305Configuring ACLs on Instant APs for Website Content Classification306Configuring Custom Redirection URLs for Instant AP Clients308Creating a List of Error Page URLs308Configuring ACL Rules to Redirect Users to a Specific URL308Configuring Firewall Parameters for Inbound Traffic308Enabling ALG Protocols on Instant APs311Blacklisting Instant AP Clients311Configuring Instant APs for VPN ServicesInstant AP VPN OverviewSupported VPN ProtocolsConfiguring Instant APs for VPN Tunnel Creation313313314Configuring IPsec VPN Tunnel314Configuring Automatic GRE VPN Tunnel315Configuring a GRE VPN Tunnel315Configuring an L2TPv3 VPN Tunnel316Configuring Routing Profiles for Instant AP VPNConfiguring DHCP Pools and Client IP Assignment Modes on Instant APsConfiguring DHCP Scopes on Instant APs16 Contents312317318318Aruba Central User Guide

Configuring DHCP Server for Assigning IP Addresses to Instant AP ClientsConfiguring Services323324Configuring AirGroup Services324Configuring an Instant AP for RTLS Support326Configuring an Instant AP for ALE Support326ALE with Aruba Central327Enabling ALE support on an Instant AP327Managing BLE Beacons327Support for BLE Asset Tracking327Configuring OpenDNS Credentials on Instant APs328Configuring CALEA Server Support on Instant APs328Configuring Instant APs for Palo Alto Networks Firewall Integration329Configuring an Instant AP for Network IntegrationConfiguring XML API InterfaceEnabling Application Visibility Service on Instant APsConfiguring Uplink Interfaces on Instant APs329330330331Uplink Interfaces331Uplink Preferences and Switching334Enforcing Uplinks335Setting an Uplink Priority335Enabling Uplink Pre-emption335Switching Uplinks based on the Internet Availability336Mobility and Client ManagementLayer-3 Mobility for Instant AP Clients336336Home agent load balancing337Configuring L3 mobility dom

Network 104 Radios 105 DataPath 105 HealthStatus 106 APs—UsageTab 106 Throughput 106 Clients 106 APs—ClientsTab 107 APs—RFTab 107 ChannelUtilization 107 NoiseFloor 107 Frames 108 ChannelQuality 108 RFNeighbors 108 APs—VPNTab 109 Tunnels 109 ThroughputUsagePerVPN 109 PacketLoss 109 APs—LocationTab 109 APs—EventsTab 110 APs—ToolsTab 111