Controllerless Networks

Hello,

We migrated from Aruba Instant to Aruba Central.  I was recently try to add a secondary Authentication Server.  I had issue because there were setting for this in both the Group and Site (virtual controller)  Needless to say this gave me quite a bit of headaches.  I would prefer these servers be configured at the Group level.  Currently it seems to get things to work I must have the same settings in both Group and site.  Is there a way to remove the setting from the virtual controller and manage the authentication server at the group level for all my common WLANS?

Sorry if this is a dumb question, I am just trying to understand who is master in this scenario and how to consolidate these settings.

When you create a configuration override in the device level (at the virtual controller in your case) you will be able to detect these in the Configuration Audit tab for that device.

Group level configuration is the highest tier of the hierarchy and any configuration override which occurs at the device level does override what is applied at the group level. It's best to keep as much of the configuration as possible at the Group level for ease of management.

1. Go to the device list and select the device where you have made the configuration change which overrides the group config.
2. Select Config
3. Select the Configuration Audit tab
4. Check the Local Overrides, this box will likely indicate an Override Exists.
5. Select Manage Local Overrides
6. If there is a single override configuration in here which you are willing to remove then select the Remove Local Overrides button

Original Message:
Sent: Feb 01, 2023 02:45 PM
From: RB13
Subject: Authentication Servers Groups vs Sites

Hello,

We migrated from Aruba Instant to Aruba Central.  I was recently try to add a secondary Authentication Server.  I had issue because there were setting for this in both the Group and Site (virtual controller)  Needless to say this gave me quite a bit of headaches.  I would prefer these servers be configured at the Group level.  Currently it seems to get things to work I must have the same settings in both Group and site.  Is there a way to remove the setting from the virtual controller and manage the authentication server at the group level for all my common WLANS?

Sorry if this is a dumb question, I am just trying to understand who is master in this scenario and how to consolidate these settings.

Thanks you so much for your response!  I do have a follow up question.  So I one a the local configurations, I specify the radius servers for a particular wlan in addition to several other local configurations.  Is there a way to remove only the local settings for the radius without removing the other local configurations?  For instance I have the same WLAN throughout my sites, but because of the evolution, they don't have the same vlan in each site.  So this is a local setting.  I don't want to lose those settings.  I was afraid to click the button that said "Remove Local Overrides" for fear it would remove everything.  If I can't remove a setting individually, I may have to record what is there, remove everything, and add only the necessary things back.  I hope I'm understanding this correctly.
Original Message:
Sent: Feb 03, 2023 06:34 AM
From: Matthew Sutherland
Subject: Authentication Servers Groups vs Sites

When you create a configuration override in the device level (at the virtual controller in your case) you will be able to detect these in the Configuration Audit tab for that device.

Group level configuration is the highest tier of the hierarchy and any configuration override which occurs at the device level does override what is applied at the group level. It's best to keep as much of the configuration as possible at the Group level for ease of management.

1. Go to the device list and select the device where you have made the configuration change which overrides the group config.
2. Select Config
3. Select the Configuration Audit tab
4. Check the Local Overrides, this box will likely indicate an Override Exists.
5. Select Manage Local Overrides
6. If there is a single override configuration in here which you are willing to remove then select the Remove Local Overrides button

Original Message:
Sent: Feb 01, 2023 02:45 PM
From: RB13
Subject: Authentication Servers Groups vs Sites

Hello,

We migrated from Aruba Instant to Aruba Central.  I was recently try to add a secondary Authentication Server.  I had issue because there were setting for this in both the Group and Site (virtual controller)  Needless to say this gave me quite a bit of headaches.  I would prefer these servers be configured at the Group level.  Currently it seems to get things to work I must have the same settings in both Group and site.  Is there a way to remove the setting from the virtual controller and manage the authentication server at the group level for all my common WLANS?

Sorry if this is a dumb question, I am just trying to understand who is master in this scenario and how to consolidate these settings.

AOS 8 Wi-Fi groups don't seem to utilise the blue dot indicator of overrides like you might see elsewhere (or in a Mobility Conductor environment). I assume you are configuring an AOS8 system? Clicking Remove Local Overrides would remove all overrides, you are correct. Don't do this if you want to retain some of them.

For example with the RADIUS server local override, if you have just changed the IP address of the radius server at the VC level then you could go and change that back to reflect the Group configuration. Once done this should no longer reflect as an override. 

I am seeing some conflict in my environment after making the change of RADIUS server through the WLAN config workflow and reverting it back. Seeing a variable utf8 on the SSID and access-rule config. It seems generic enough to remove the override. 

In your case it will depend on how much is overridden. I would start by cleaning up the Group configuration as much as possible and allocating the configuration at that Group where it makes sense. Then attempt to reduce the differences for your local overrides by manually removing overrides on a config by config basis (as long your scale is not enormous). See what is left over afterwards.

Where scale makes this tricky, you could look to leverage API to make the configuration changes. Although maybe you're best to just remove overrides and start again.
Original Message:
Sent: Feb 03, 2023 08:29 AM
From: RB13
Subject: Authentication Servers Groups vs Sites

Thanks you so much for your response!  I do have a follow up question.  So I one a the local configurations, I specify the radius servers for a particular wlan in addition to several other local configurations.  Is there a way to remove only the local settings for the radius without removing the other local configurations?  For instance I have the same WLAN throughout my sites, but because of the evolution, they don't have the same vlan in each site.  So this is a local setting.  I don't want to lose those settings.  I was afraid to click the button that said "Remove Local Overrides" for fear it would remove everything.  If I can't remove a setting individually, I may have to record what is there, remove everything, and add only the necessary things back.  I hope I'm understanding this correctly.
Original Message:
Sent: Feb 03, 2023 06:34 AM
From: Matthew Sutherland
Subject: Authentication Servers Groups vs Sites

When you create a configuration override in the device level (at the virtual controller in your case) you will be able to detect these in the Configuration Audit tab for that device.

Group level configuration is the highest tier of the hierarchy and any configuration override which occurs at the device level does override what is applied at the group level. It's best to keep as much of the configuration as possible at the Group level for ease of management.

1. Go to the device list and select the device where you have made the configuration change which overrides the group config.
2. Select Config
3. Select the Configuration Audit tab
4. Check the Local Overrides, this box will likely indicate an Override Exists.
5. Select Manage Local Overrides
6. If there is a single override configuration in here which you are willing to remove then select the Remove Local Overrides button

Original Message:
Sent: Feb 01, 2023 02:45 PM
From: RB13
Subject: Authentication Servers Groups vs Sites

Hello,

We migrated from Aruba Instant to Aruba Central.  I was recently try to add a secondary Authentication Server.  I had issue because there were setting for this in both the Group and Site (virtual controller)  Needless to say this gave me quite a bit of headaches.  I would prefer these servers be configured at the Group level.  Currently it seems to get things to work I must have the same settings in both Group and site.  Is there a way to remove the setting from the virtual controller and manage the authentication server at the group level for all my common WLANS?

Sorry if this is a dumb question, I am just trying to understand who is master in this scenario and how to consolidate these settings.