230| BranchSwitch Config for Cloud Services Switches AOS-W 6.5.3.x| User Guide
Inbound Interface Access Lists
In a branch switch environment, where an IPsec map defines the connections between the local branch
switches and a master switch, the global routing ACL master-boc-traffic is applied to all IPsec maps between
the master and the branch switches. If any branch switch requires a different ACL, access the command-line
interface of that branch switch and issue the command routing-policy-map branch <mac-addr> access-
list <acl> to associate a different ACL to the L3 GRE tunnel between that one branch switch and its master.
This local setting will override the global settings defined in the master-boc-traffic ACL.For more information
on configuring routing ACLs, see Creating a Firewall Policy on page 376.
To immediately associate a branch switch to the secondary master without waiting for the switchover timeout
period to elapse, navigate to the Network>Switch>System settings page of the branch switch WebUI, and
click the Switchover link.
If a branch switch detects that the link to the primary master switch is active but the branch cannot properly connect
to the primary master due to a configuration error, the branch switch will wait for 10 minutes, then reboot and
attempt to reconnect to the primary master. After 10 failed reboot and reconnect attempts, the branch switch will
return to a factory default state and restart the provisioning process.
Cloud Management
AOS-W enables the OAW-40xx Series switches to be managed by Aruba Central at a future date.
All communication between the switches and Central will be secured. The switches can establish connection
with Central even if the switches are behind NAT servers.
If the topology includes master and local switches, a single master switch can communicate with Central. In a
master-local cluster topology, a local switch can communicate with both the master switch and Central. The
master switch will be the source for configuration data of the local switches. Central manages the local
configuration on the local switch.
Zero-Touch Provisioning
Traditionally, the deployment of switches was a multiple step process where the master switch information and
local configurations were first pre-provisioned. After the local switch connected to the network, it established a
secure tunnel to the master and downloaded the global configuration.
Zero touch provisioning makes the deployment of local switches plug-n-play. The local switch now learns the
required information from the network and provisions itself automatically. A OAW-40xx Series branch switch is
a zero-touch provision (ZTP) switch that automatically gets its local and global configuration and license limits
from a central switch.
A switch does not need to be configured as a branch switch to be provisioned using ZTP.
ZTP offers the following advantages over a standard local switch:
n simple deployment
n reduced operational cost
n limits to provisioning errors
The main elements of ZTP are:
n auto discovery of the primary master (and optionally, backup master) switch.
n configuration download from the master switch
To Next Page
Loading...