Wired

last person joined: 4 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

Typical Aruba Central setup

This thread has been viewed 16 times
  • 1.  Typical Aruba Central setup

    Posted May 08, 2021 01:35 AM
    We're finally moving to Aruba Central as our NMS. The thing is we're moving from a not-so-mature 'system' where switch access is pretty open from the old nms. I was wondering if anyone can point me to a 'best practices' document that's  that can guide me. My browsing has given me answers that are too generic. What I'm looking for is first, security. How should access layer switches be monitored (by Central)? Do you limit switch access to a management vlan (only accessible via Central)? What is your backup access  plan (out of band)?

    ------------------------------
    Dennis Sevilla
    ------------------------------


  • 2.  RE: Typical Aruba Central setup

    Posted May 10, 2021 09:53 AM
    That is a topic where people can have different views. I think the ArubaOS-Switch hardening guide is a good starting point, and with cloud management having out-of-band management is less logical. I would allow SSH traffic, or access to the serial console as backup mechanism.

    Your Aruba partner can probably assist you in creating the optimal design. The official Aruba product training covers the topic of in-band/out-of-band management as well and the practical answer is: 'it depends'.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------