This real-world example follows on from a post several years ago (Wired and wireless networking provided by HPE Aruba at AIS ICT 2016 conference ) about the annual AIS conference. I have built and managed the network for this for many years.
This year, the event was relocated to a new location. As a consequence, more switches were required, and there was access to single mode fibre plant allowing for 10Gb links.
I took the opportunity to demonstrate that Central can manage both the wired and wireless.
Key components:
All this equipment was pre-staged in the Sydney Solution Centre, and trucked 850km to the venue.
Wired - Switches
The five switches are connected as shown in the diagram below, as seen in Central.
Templates
These two switches (both 5406R) are managed via templates:
The 5406R only has the option of template management today.
Templates are used to manage devices with a template and variable file. This could get quite involved if you have several families, models and port combinations. Since events often have changes - some at the last minute - I created two template groups, one for each switch. This allows me to make changes to the template on the fly without worrying about the impact on different switches.
Whilst you can make changes to the switch at the CLI (after using the "aruba-central support enable" command), changes will be overwritten when the switch resyncs with Central (eg after reconnecting or restarting).
Each group for switches is prefixed with Sw- to make it clear it is a switch group. It also helps to filter larger lists.
GUI
These three switches are managed in "hybrid mode" (GUI + CLI)
- EH4-3810M
- L3-2930F
- L4-2930F
As with the template configs, I have a group for each switch config. (You can make changes to an individual switch rather than a group - select the switch instead of a group.) You have to use the GUI for all the GUI-manageable items otherwise they will be overwritten on next sync. However, any element not managed by the GUI can be changed from the CLI and retained.
Anything not on this list can be changed at the CLI. My manual CLI changes included this list for all switches:
alias "sic" "sh int cus all port:14 type status vlan name:30"
console idle-timeout 2700
console idle-timeout serial-usb 2700
ip authorized-managers 10.2.0.0 255.255.0.0 access manager
ip authorized-managers 10.20.30.0 255.255.255.0 access manager
ip authorized-managers 10.8.0.0 255.255.255.0 access manager
mvrp enable
no spanning-tree bpdu-throttle
fastboot
copp traffic-class all limit default
fault-finder all sensitivity high
fault-finder broadcast-storm all action warn percent 10
device-profile name "AIS-APs"
untagged-vlan 8
tagged-vlan 11-13
allow-jumbo-frames
poe-priority high
exit
device-profile type "aruba-ap"
associate "AIS-APs"
enable
exit
vlan 8
jumbo
exit
vlan 10
ip igmp
exit
vlan 930
ip igmp
jumbo
exit
And this list needs to be customised for each switch:
interface a1-a4
mvrp registration fixed
mvrp enable
exit
no lldp config a1-a4 dot1TlvEnable port-vlan-id
dhcp-snooping
dhcp-snooping vlan 8 10
dhcp-snooping authorized-server 10.8.0.1
dhcp-snooping authorized-server 10.10.0.1
no dhcp-snooping option 82
no dhcp-snooping verify mac
interface a1-a4
dhcp-snooping trust
Wireless - Instant APs
Central has been managing wireless APs for a long time, and I have used it to manage wireless for several years at this event. The key wireless elements are:
- Delegates - captive portal provided by ClearPass Guest
- Speakers - WPA2 PSK
- Sponsors - WPA3 PSK
