Cloud Managed Networks

 View Only
last person joined: 20 hours ago 

Forum to discuss all things related to HPE Aruba Networking Central and UXI Network Management, including deployment of managed networks, configuration, best practices, APIs, Cloud Guest, AIOps, Presence Analytics, and other included Applications
Expand all | Collapse all

Is Aruba central Enterprise ready?

This thread has been viewed 26 times
  • 1.  Is Aruba central Enterprise ready?

    Posted Sep 09, 2024 07:33 AM

    Hi Community

    We are planning on implement Aruba central on a large scale soon. We are currently on aos 8 spanning on several clusters and mobility masters. The hole structure build around aos 8 isn't something I can see fit in the new aruba central on the same enterprise level. The way we are inherits the configuration from the above level in the cluster and the profiles we see in VAP, aaa and ssid configuration is configuration that can be reused across several ap groups. For my understating and the little expericane I have had with central for now, there is no such things as an VAP og even an aaa profile that can be used in any ap groups like the way we see in aos 8. 

    I noticed when creating the wireless ssid > security in and access point group using tunnel and gateways, you can specify the authentication servers and security level and all the advanced settings. This results in the creation of and aaa profile on the gateway with the ssid name and a default number referring to that group. The expected behavior happens when crating a new group with same ssid, the aaa profile on the gateway with the ssid name and a default number referring to the new group. The same thing happened to the server group reference.

    This means that a new aaa profile is created for each group, and lets say we have 20-30 groups and 4-5 ssid, it's a lot of profiles and server group references. What happened if you want edit that ssid aaa configuration. How are you able to tell the apart, the number is not visible on the ssid in the groups?

    What am I missing here ?

    Like I wrote in the heading, is Central enterprise ready?

    Can someone explain the "AP Role" and "Gateway Role" term?

    In the access menu under the ssid creation there are 3 levels of access rules you can chose from. But when should you chose what? When creating a wpa2-enterpise network you are not allowed to pick the role base access rule and is automatically going back to unrestricted. We are using clearpass to return the role and for what I have tested the unrestricted access rule give you the default role the ssid was created with and retuning the correct role form clearpass. It seems a little misleading to chose unrestricted access?



  • 2.  RE: Is Aruba central Enterprise ready?

    Posted Sep 10, 2024 02:41 AM

    Hi.

    We have simmilar discussions quite often in this community. There are many resources available on web like youtube videos in Airheads broadcasting channel where you can get familliar with new concepts.

    Also there are trainings and workshops available from Aruba Education where you can get practical expirience with AOS10 and Aruba Central. And you will get answers to your questions and dilemas.

    By my humble opinion, Aruba Central is ready for enterprise use. With REST API you can automate deployments and management of your networks. 

    There is a quite a shift in concept from AOS8 to AOS10. Also there are some subtile differences in security settings you need to be avare of. Clearpass and Central work great together. 

    Best, Gorazd

     



    ------------------------------
    Gorazd Kikelj
    MVP Guru 2024
    ------------------------------



  • 3.  RE: Is Aruba central Enterprise ready?

    Posted 30 days ago

    I have had the same concerns as the original poster.  At this point in time, I would recommend waiting for Central NG which is supposed to address the configuration hierarchy and reusable configuration elements.  It is out now, but my understanding is the  configuration parts are being phased in, instant first, then controller, then switching and should be complete by end of this calendar year.