Wired Intelligent Edge

last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Some best practices for managing an Aruba Switch in Airwave

This thread has been viewed 10 times

  • 1.  Some best practices for managing an Aruba Switch in Airwave

    EMPLOYEE
    Posted Apr 24, 2018 10:50 AM

    As you can have maximum of one template in Airwave for every Switch model, how to manage switches of the same/different models but with different port numbers in Airwave? The 2930F for instance comes in 8, 24 and 48 ports variants.

     

    There can be 3 different ways on doing this:

     

    Use different Groups for different port numbers

     

    So maybe you have 24 and 48 ports of the 2930F. Therefore you would have 2 groups for every variant.

    Even if you perform ZTP using DHCP all switches will get in one group and get one template pushed (if automatic authorization is set to R/W). This Template will include configuration for 24-port switch.

    At a later step you would move the switch to another group for 48-port switch.

     

    Use one Group with partial configuration

     

    As the method before, your ZTP group will contain a template for 24-port switch. But instead of moving a switch to another group, you would here go to partial configuration and run a configuration snippet (you may have saved separately) that only contains configuration that only apply to a 48-port switch.

    Set then this configuration as baseline.

     

    Use one Group with variables

     

    This method is intended when you don’t want to have any manual action on Airwave and the 24 and 48 port switch gets its config automatically. That’s being said, you need to be familiar with template variables, if not please have a look at Airwave user guide.

    There are 3 useful variables when it comes to port numbers on switches

    • num_of_a_port: count of number of interfaces starting with letter A. Example: if device has A1, A2 
    • num_of_b_port: count of number of interfaces starting with letter B. Example: if device has B1, B2
    • num_of_normal_port: Count of ports except A ports and B ports and OOBM ports

     

    So the configuration for VLAN10 in a template will look like this

    vlan 10

       name "VLAN10"

    %if num_of_normal_port=24%

       tagged 2-24

    %endif%

    %if num_of_normal_port=48%

       tagged 2-48

    %endif%

       no ip address

       exit

     

    You can of course optimize the configuration and say that the template contains 24-port config and the if statement writes only what is related to 48-porrt config.

    So the config for VLAN10 will look like

    vlan 10

       name "VLAN10"

       tagged 2-24

    %if num_of_normal_port=48%

       tagged 25-48

    %endif%

       no ip address

       exit

     

    If you are using port access on all ports except port 1. So the template will include

    aaa port-access authenticator 2

    aaa port-access authenticator 3

    .

    .

    .

    aaa port-access authenticator 24

    %if num_of_normal_port=48%

      aaa port-access authenticator 25

    .

    .

    .

    aaa port-access authenticator 48

    %endif%

     

    Note: if you execute the command aaa port-access authenticator 2-24. The switch will write in the config the command explicitly for every port. So you will end up having a mismatch.

     

    Note: pushing config for 48-port switch on a 24-port one might cause some issues. Therefor please review your template carefully and test before applying on live switches.

     

     

    General Tips

    • The template should only contain configuration that apply to all switches. Don’t use the template for tagging/untagging vlans on ports (unless you have uplink ports that apply for all switches).
    • For tagging/untagging vlans use partial configuration and set the new config as a baseline.
    • Always use Switch Firmware 16.05+ and Airwave 8.2.6+. After these versions, the switch must not reboot after making a change in the template.


  • 2.  RE: Some best practices for managing an Aruba Switch in Airwave

    Posted Apr 29, 2020 11:36 PM

    Thank you for this write up. How would this apply in the case of a stack of switches in this case 3810M where you will now have 1/1-1/48,2/1-2/48 with the if statements?

    How will the template match  a single switch with interface 1-48 and a stack with 1/1-1/4? 

    Will you need different groups for stacks and single switches as well?



  • 3.  RE: Some best practices for managing an Aruba Switch in Airwave

    Posted May 15, 2020 02:18 PM

    I'd love to see more advanced support for stacks in the future. While you can get pretty far with both automatic and dynamic template variables, it takes quite a bit of work to get set up reliably, and you still have to edit some of them for each stack. Not entirely trivial with just over two houndred 2930F-24 and -48, about half of which are in various stacks.

     

    If you're going down that road: Enable VSF on all your switches, even if they'll never see another stack member. That way you'll have consistency in things like interface ID, both for template management and general config. I've got it to where I only need to edit port variables for each member (member_2=48, member_3=24 etc.) and loop-protect ports for the whole stack. I do have a pretty homogenous and simple config, though.