Aruba SD-Branch from scratch - Part 2 - BGW
ฝัง
- เผยแพร่เมื่อ 17 ธ.ค. 2024
- The second video of the video series about deploying Aruba’s SD-Branch solution from scratch. This video covers the configuration of Branch location on a Group/device level, as well performing the ZTP process of Branch Gateway and validating the configuration.
Do you want to know what happened between configuring the BGW and the appearance of the BGW in Central? Check out this video of the ZTP console output of 9004 BGW:
Excited? Get yourself started with Aruba Central and try for yourself: www.arubanetwo...
If any possibility to use other vendor device as a gateway (velocloud sd-wan box) instead of our Aruba gateway
Yes as long as it can reach central .
How do the Branch1-BGW1 will get a DHCP IP from the Internet Provider if Provider do not DHCP pool on their router?
Then you can use static strategy. Every ISP provides either DHCP or Static option (with bit of extra price).
is the BGW set-up the same with the VPNC set up? do you have an in depth video for VPNC?
The VPNC set-up is mostly the same. The process of configuring and deploying the VPNC's will be covered in the next video :).
So where/how would you apply the acl to deny traffic between specific vlans?
The recommended way is: Create a session ACL -> Apply ACL into Role -> Apply role as Initial Role in a AAA-Profile for a VLAN. Then make the VLAN untrusted and attach the AAA-Profile to that vlan under 'Security -> Apply Policy'.
when doing the reboot of the branch gateway, can we continue to do the configuration while it's rebooting or we have to wait for the gateway to be back online to continue with the configuration?
You can keep on doing configuration work while the gateway reboots and it will synchronize again with Central after the reboot completes and control channel to Central is re-established.
You can do the settings on the group when the device comes online it inherit the settings from the parent group.
Good video!
Do not recommend putting a 2nd static default GW for MPLS link, should use static route with nexthop gateway.
Currently, in order to enable automatic orchestration of the VPN tunnel, a default gateway must be set. The MPLS VPN tunnels will not be established if the BGW can reach the VPNC with the use of a static route. If there is no internet connectivity for the MPLS link the cost could be set higher, like a floating route.