Study Flashcards
VIA
VIA solution elements are VIA client and mobility master with managed device configuration.
Two license types: PEFV (full limit of controller) or VIA (per user but failover) license.
To setup config VPN for VIA in MM and config an auth profile and connection profile in the managed network.
RAP
Same SSID, same encryption type and same access rights as a CAP.
RAP is another AP group and is an extension of corp network.
Uses L2TP/IPsec to traverse internet.
Can have ports etc.
RAP contacts activate server and gets directed to MC. The remote AP uses the IP address of the corporate firewall.
How can APs discover their controller?
Using DNS where the AP learns multiple IP addresses to associate with a MD. If the primary node is unavailable the AP continues through the list until it finds an available MD.
Using ADP where the AP and controller are on the same layer 2 network the AP periodically send out multicast and broadcast traffic to locate the MD.
Using a DHCP server to provide the MDs IP address. You must configure the DHCP server to send the managed devices IP address using vendor specific option 43.
What is Activate?
Aruba Activate is a cloud-based, zero-touch provisioning system.
SD-Branch main points
WAN connectivity (PQM, Stateful FW, DPS) LAN security and automation (Simplification of network by removing reliance on VLANs and ACLs) Flattens the branch and eliminates static IP addressing and hardwired ACLs Branch on-boarding and life-cycle mgmt (ZTP and cloud mgmt)
SD-Branch elements
Aruba Central - mgmt
Aruba Installer and Activate - provisioning
Headend GWs and BGWs
Introspect - how does it work?
Finds and detects insider attacks.
reduces the time attacks can run undetected.
Collects data from packets, traffic flows, logs and alerts across the infrastructure.
The applies behavioral analytics such as supervised and unsupervised machine learning to establish baseline user or device behavior.
Looks for abnormal usage from users and devices such as accessing resources at an odd time or high downloads from a high value server and alerts IT teams.
Introspect elements
consists of an analyzer and optional packet processors. Comes in standard for entry level customers or advanced which is a complete UEBA solution.
Multizone
Has one primary zone and one or more data zones.
Primary zone is for corprate traffic or in a mutli tennant zone is where the service provider manages the MCs (reboots or upgrades)
The AP initially contacts the MC in the primary zone which provisions the AP. The primary zone deplys all settins to the AP (radio settings and VAP settings for SSIDs that terminate in this zone). Primary also has full control of the AP.
The data zone only has control of VAP settings so essentially can configure the SSIDs that terminate on it. It requires no licenses.
Aruba OS-CX
Automated visibility to help IT organizations scale: The Aruba Network Analytics Engine allows IT to monitor and troubleshoot network, system, application, and security-related issues easily through simple scripts. This engine comes with a built-in time series database that enables customers and developers to create software modules that allow historical troubleshooting, as well as analysis of historical trends to predict and avoid future problems due to scale, security, and performance bottlenecks.
• Programmability simplified: A switch that is running the ArubaOS-CX operating system is fully programmable with a built-in Python interpreter as well as REST-based APIs, allowing easy integration with other devices both on premise and in the cloud. This programmability accelerates IT organization understanding of and response to network issues. The database holds all aspects of the configuration, statistics, and status information in a highly structured and fully defined form.
• Faster resolution with network insights: With legacy switches, IT organizations must troubleshoot problems after the fact, using traditional tools like CLI and SNMP, augmented by separate, expensive monitoring, analytics, and troubleshooting solutions. These capabilities are built in to the ArubaOS-CX operating system and are extensible.
• High availability: For switches that support active and standby management modules, the ArubaOS-CX database can synchronize data between active and standby modules and maintain current configuration and state information during a failover to the standby management module.
• Ease of roll-back to previous configurations: The built-in database acts as a network record, enabling support for multiple configuration checkpoints and the ability to roll back to a previous configuration checkpoint.
Differences between Airwave and Central?
Pro:
More detailed reporting and customizable reports.
More detailed client info
Visualization of the floorplan and RF coverage via VisualRF
Troubleshooting tools for the Helpdesk.
Comes as an appliance or a VM
Zero-Touch provisioning of IAP
Con:
More complex product, due to feature richness, hence steeper learning curve than Central.
Not a multi-tenant application so no separation of client data. Not an issue if you are the only one with access to airWave.
Central
Pro:
Cloud based so no HW/SW to maintain
Simpler product with intuitive interface
Support is included in the subscription
Each customer has their own account and can see only their own networks. “Service Provider login” coming soon
Zero-Touch provisioning of IAP
Con:
Less detailed reporting and not customizable
Clustering?
Seamless roaming of clients
Hitless AP failover - A-AAC
Hitless client failover - A-UAC
User load balancing
QoS
ALG and DSCP WMM
Similarities between VSF and BP?
- One management and control plane
- Distributed forwarding
- Redundant topologies based on link aggregation
Differences between VSF and BP?
- VSF uses front plane stacking on 1/10/40G links
- Backplane uses modules and special stacking cables
- VSF you need to plan adequate bandwidth on VSF links
- BP has dedicated, high bandwidth links
- VSF supports long distance stacking between members
- BP can only stack to short distances
- VSF has deep-level queuing and forwarding at a member level
- BP has deep level queuing and forwarding at a stack level.
