Cloud Managed Networks

Hello
I got a question
We need to migrate switches that are doing tunnel mode from one gateway that is not on aruba central and not managing aps to a gateway that is on aruba central managing aps

The tunnel carry all the users that are doing 802.1x. Everything related ro thw user roles comes from the clearpass, then roles goes to the switches and finally the swirches send the roles to the gateway

The change looks really simple but i would like to check anyways

Gateway with without aruba Central i will call it Gateway A
Gateway with managed by aruba central i will call it Gateway B

What i would need to do is
1- Create all the roles related to tunnels that the gateway A has on the gateway B
2-  Change the ip address of the tunnels from the gateway A to Gateway B for example

tunneled-node-server
controller-ip 172.16.6.3   // IP of the Gateway A
mode role-based
exit

To

tunneled-node-server
controller-ip 172.16.7.2    // IP of the Gateway B
mode role-based
exit

3- All the lines that are like this

tunneled-node-server-redirect secondary-role "yyyyyy"

Are the roles that i have to configure on the Gateway B, and well those are the ones i need to pay attention


4- Gateway A is on aruba OS8 and Gateway B is on Aruba OS 10   is there is any issue with this??



The ther thing i wanted to ask is that if the client manage the switches through the aruba central he just can manage it with templates? he will no longer see the web gui ?
The client does not want to loose hise web gui so this is really important.


The last thing to ask is that the order for all this should be
1-create the roles on gateway B
2-Change the tunneled node server
3-finnally add the switches to aruba central on monitor mode? if he want to stay with this web gui?

Let me know if this is correct or i need to change something? or im missing anything? do i need to check for the Fimrware of all the switches to see if aruba central support it?

What model switches are in use?

Is there some functionality that is preventing managing the switches in UI mode that has led you to believe that template mode is the only way?

The current support table for AOS Switch devices is here: https://www.arubanetworks.com/techdocs/central/latest/content/nms/aos-switch/supported-platforms/supported_switches.htm

The current support table for AOS CX Switch devices is here: https://www.arubanetworks.com/techdocs/central/latest/content/nms/aos-cx/supported-platforms/supported-switches-cx.htm

Original Message:
Sent: Dec 15, 2022 07:17 PM
From: Carlos De La Rosa
Subject: migrating switches that does tunnel mode

Hello
I got a question
We need to migrate switches that are doing tunnel mode from one gateway that is not on aruba central and not managing aps to a gateway that is on aruba central managing aps

The tunnel carry all the users that are doing 802.1x. Everything related ro thw user roles comes from the clearpass, then roles goes to the switches and finally the swirches send the roles to the gateway

The change looks really simple but i would like to check anyways

Gateway with without aruba Central i will call it Gateway A
Gateway with managed by aruba central i will call it Gateway B

What i would need to do is
1- Create all the roles related to tunnels that the gateway A has on the gateway B
2-  Change the ip address of the tunnels from the gateway A to Gateway B for example

tunneled-node-server
controller-ip 172.16.6.3   // IP of the Gateway A
mode role-based
exit

To

tunneled-node-server
controller-ip 172.16.7.2    // IP of the Gateway B
mode role-based
exit

3- All the lines that are like this

tunneled-node-server-redirect secondary-role "yyyyyy"

Are the roles that i have to configure on the Gateway B, and well those are the ones i need to pay attention


4- Gateway A is on aruba OS8 and Gateway B is on Aruba OS 10   is there is any issue with this??



The ther thing i wanted to ask is that if the client manage the switches through the aruba central he just can manage it with templates? he will no longer see the web gui ?
The client does not want to loose hise web gui so this is really important.


The last thing to ask is that the order for all this should be
1-create the roles on gateway B
2-Change the tunneled node server
3-finnally add the switches to aruba central on monitor mode? if he want to stay with this web gui?

Let me know if this is correct or i need to change something? or im missing anything? do i need to check for the Fimrware of all the switches to see if aruba central support it?