Scribd
Upload
327 views

AOS-CX Switch Simulator - NetEdit 2.1 Part 1 Lab Guide

This document provides instructions for a lab using NetEdit 2.1 to manage Aruba AOS-CX switches. The lab objectives are to install NetEdit, set up a simple network, discover devices using NetEdit, and learn how to review device details and apply configuration changes. The lab tasks include deploying the NetEdit VM, logging in and creating users, discovering the switches on the network, and preparing the switches for management by NetEdit by configuring IP addresses, enabling SSH and the REST API.

Uploaded by

test test
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
327 views

AOS-CX Switch Simulator - NetEdit 2.1 Part 1 Lab Guide

This document provides instructions for a lab using NetEdit 2.1 to manage Aruba AOS-CX switches. The lab objectives are to install NetEdit, set up a simple network, discover devices using NetEdit, and learn how to review device details and apply configuration changes. The lab tasks include deploying the NetEdit VM, logging in and creating users, discovering the switches on the network, and preparing the switches for management by NetEdit by configuring IP addresses, enabling SSH and the REST API.

Uploaded by

test test
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 13

LAB GUIDE

NetEdit 2.1 - Part 1 – Network


Setup
IMPORTANT! THIS GUIDE ASSUMES THAT THE AOS-CX OVA HAS BEEN INSTALLED AND WORKS IN GNS3
OR EVE-NG. PLEASE REFER TO GNS3/EVE-NG INITIAL SETUP LABS IF REQUIRED.
https://www.eve-ng.net/index.php/documentation/howtos/howto-add-aruba-cx-switch/

TABLE OF CONTENTS
Lab Objective ................................................................................................................................................. 2
Lab Overview ................................................................................................................................................. 2
Lab Network Layout ....................................................................................................................................... 2
Lab Task 1. Deploy NetEdit ........................................................................................................................... 2
Lab Task 2. Login to NetEdit and Create New Users .................................................................................... 3
Lab Task 3. Onboard the switches (Network Discovery) ............................................................................... 7
Lab Task 4. Prepare and Apply NetEdit Settings........................................................................................... 9
Appendix A: Notes for VirtualBox/GNS3 users ............................................................................................ 13

1
Lab Objective
This is the first of a NetEdit lab series. At the end of the lab series, you will be able to operate an Aruba AOS-CX Network using
Aruba NetEdit 2.1.

Lab Overview
In this first lab of the NetEdit Series, you will install NetEdit in your environment (EVE-NG or GNS3), setup a simple network,
discover it and learn how to review device details, create and apply NetEdit Settings.

Lab Network Layout

Figure 1. Lab topology and addresses

Note: NetEdit can be deployed as another device in the EVE-NG or GNS-3 environment. In this lab series, for simplicity, you will
deploy it externally and connect it to the managed switches (CX Simulators) using an external network and in Figure 1 for EVE-
NG - Management (Cloud0)

Lab Task 1. Deploy NetEdit


• The NetEdit server runs on a Linux VM and is distributed as an OVA
• Download the NetEdit 2.1 OVA from the Aruba Support Portal
o License: you can download and use the NetEdit VM for free and manage up to 25 devices
• Deploy the NetEdit 2.1 as any other OVA
• Follow the NetEdit installation guide instructions including the initial configuration wizard
o For the purpose of these labs, reduce the number of CPUs to 4 and the RAM size to 8 GB

o Ensure that the Network adapter 1 is on the same network as the EVE-NG Server

Initialize NetEdit
• Start the NetEdit VM and open its console
• Login using the net-edit server login name: neadmin

2
o At the prompt enter a new password (in this case use (password”)
• Enter the same (sudo) password to start the Service Installation wizard
• Follow the wizard steps (Next) and enter the basic server networking parameters, enter Next and OK until the wizard closes
and confirms the configuration

Lab Task 2. Login to NetEdit and Create New Users


• Open your browser and connect to the NetEdit server (if you just installed it, you may have to wait a few minutes until the
server Is ready.
• Login with username: admin (no password)
o Once you log in for the first time, you will be prompted to assign a password (minimum length: 8 characters)

Interface Tour
Take a few minutes to visit all the different options on the left-hand menu and notice the pages opened with each.

Configure a new NetEdit administrator


Select the Users icon on the left menu.

Then, click on the button (top right) and select and create a user called admin01 with the role ADMIN.

Copy the temporary password and paste it to a Notepad file for later use. Click OK.

3
On the top right of the screen, look for the user icon . Click on it and logout.

Login using the new username admin01, and paste the temporary password. When prompted, change the temporary password
for the word password.

Select the Users icon on the left menu and confirm the two user names: admin and admin01. Notice the columns Active
Sessions, Role, and Type.

Task 3. Preparing the switches for NetEdit


To prepare the switch for NetEdit:

• Assign a host name


• Assign a management IP address and default gateway
• Enable the SSH Server on the management VRF
Note: SSH is necessary for NetEdit’s change validation process

• Ensure that the REST API is enabled and in read-write mode for NetEdit to be able to manage the switch
Note:

• In the following scripts, replace the X in the IP Addresses with your user number. Your user number is the number at
the end of your vLabs login name and password
• In this lab switches are managed through the management interface (management VRF, OOBM port). In other
environments, an out-of-band management network might not be available, and management would be done using the
data network, for example defining a management VLAN.
• This process is necessary in this lab environment. However: DHCP can be used to assign an IP address and default
gateway to the management interface (DHCP client is enabled by default)
• HTTPS and REST are enabled on the management interface by default
• Disable all data ports – You will use NetEdit to turn on the ports used in this workshop
On the 6300-A
configure
hostname ACC1A
interface mgmt
ip static 192.168.1.201/24
default-gateway 192.168.1.1
exit
ssh server vrf mgmt
interface 1/1/1-1/1/9
shutdown
end
write memory
copy running checkpoint NETEDIT-ONBOARD
!
! Verify
!
show interface mgmt
Address Mode : static
Admin State : up
Link State : up
Mac Address : 10:4f:58:f7:19:c1
IPv4 address/subnet-mask : 192.168.1.201/24
Default gateway IPv4 : 192.168.1.1
IPv6 address/prefix :

4
IPv6 link local address/prefix: fe80::124f:58ff:fef7:19c1/64
Default gateway IPv6 :
Primary Nameserver :
Secondary Nameserver :
Tertiary Nameserver :
!
show https-server
HTTPS Server Configuration
----------------------------
VRF : mgmt

REST Access Mode : read-write


!
ping 192.168.1.200 vrf mgmt
PING 192.168.1.200 (10.253.1.201) 100(128) bytes of data.
108 bytes from 10.253.1.201: icmp_seq=1 ttl=63 time=0.504 ms
108 bytes from 10.253.1.201: icmp_seq=2 ttl=63 time=0.512 ms
108 bytes from 10.253.1.201: icmp_seq=3 ttl=63 time=0.508 ms
108 bytes from 10.253.1.201: icmp_seq=4 ttl=63 time=0.508 ms
108 bytes from 10.253.1.201: icmp_seq=5 ttl=63 time=0.474 ms

--- 192.168.1.200 ping statistics ---


5 packets transmitted, 5 received, 0% packet loss, time 4083ms
rtt min/avg/max/mdev = 0.474/0.501/0.512/0.013 ms
On the 6300-B
configure
hostname ACC1B
interface mgmt
ip static 192.168.1.202/24
default-gateway 192.168.1.1
exit
https-server rest access-mode read-write
ssh server vrf mgmt
interface 1/1/1-1/1/9
shutdown
end
write memory
copy running checkpoint NETEDIT-ONBOARD
!
! Verify
!
show interface mgmt
Address Mode : static
Admin State : up
Link State : up
Mac Address : 10:4f:58:f7:19:c1
IPv4 address/subnet-mask : 192.168.1.202
Default gateway IPv4 : 192.168.1.1
IPv6 address/prefix :
IPv6 link local address/prefix: fe80::124f:58ff:fef7:19c1/64
Default gateway IPv6 :
Primary Nameserver :
Secondary Nameserver :
Tertiary Nameserver :
!
show https-server
HTTPS Server Configuration
----------------------------
VRF : mgmt

REST Access Mode : read-write

5
!
ping 192.168.1.200 vrf mgmt
PING 192.168.1.200 (10.253.1.201) 100(128) bytes of data.
108 bytes from 10.253.1.201: icmp_seq=1 ttl=63 time=0.504 ms
108 bytes from 10.253.1.201: icmp_seq=2 ttl=63 time=0.512 ms
108 bytes from 10.253.1.201: icmp_seq=3 ttl=63 time=0.508 ms
108 bytes from 10.253.1.201: icmp_seq=4 ttl=63 time=0.508 ms
108 bytes from 10.253.1.201: icmp_seq=5 ttl=63 time=0.474 ms

--- 192.168.1.200 ping statistics ---


5 packets transmitted, 5 received, 0% packet loss, time 4083ms
rtt min/avg/max/mdev = 0.474/0.501/0.512/0.013 ms
On the 8325-A
configure
hostname COR1A
interface mgmt
ip static 192.168.1.203/24
default-gateway 192.168.1.1
exit
https-server rest access-mode read-write
ssh server vrf mgmt
system interface-group 1 speed 10g
!
! at the Continue (y/n) prompt answer y
!
end
write memory
copy running checkpoint NETEDIT-ONBOARD
!
! Verify
!
show interface mgmt
Address Mode : static
Admin State : up
Link State : up
Mac Address : 10:4f:58:f7:19:c1
IPv4 address/subnet-mask : 192.168.1.203
Default gateway IPv4 : 192.168.1.1
IPv6 address/prefix :
IPv6 link local address/prefix: fe80::124f:58ff:fef7:19c1/64
Default gateway IPv6 :
Primary Nameserver :
Secondary Nameserver :
Tertiary Nameserver :
!
show https-server
HTTPS Server Configuration
----------------------------
VRF : mgmt
REST Access Mode : read-write
!
ping 192.168.1.200 vrf mgmt
PING 192.168.1.200 (10.253.1.201) 100(128) bytes of data.
108 bytes from 10.253.1.201: icmp_seq=1 ttl=63 time=0.504 ms
108 bytes from 10.253.1.201: icmp_seq=2 ttl=63 time=0.512 ms
108 bytes from 10.253.1.201: icmp_seq=3 ttl=63 time=0.508 ms
108 bytes from 10.253.1.201: icmp_seq=4 ttl=63 time=0.508 ms
108 bytes from 10.253.1.201: icmp_seq=5 ttl=63 time=0.474 ms

--- 192.168.1.200 ping statistics ---


5 packets transmitted, 5 received, 0% packet loss, time 4083ms
rtt min/avg/max/mdev = 0.474/0.501/0.512/0.013 ms
!

6
Lab Task 3. Onboard the switches (Network Discovery)
Log back into NetEdit using the following credentials: admin / password.
Go to the Network page and in the menu select .

Note: If the network topology map is empty, the Discover Devices window will popup automatically.

• Create a new subnet: 192.168.1.0/24

• Then create a new set of credentials


Credentials Name: admin
REST
• Username: admin
• Password: admin
• SNMP
• Keep defaults
• SSH
• Username: admin
• Password: admin
• And click CREATE
On the discover window, add the seed addresses

Note: In real networks, one seed address per subnet is enough to discover of all AOS-CX devices. However, in this lab
enviroment, you will have to enter all IP addresses manually as seeds. Another option is to enter the list of devices in a CSV
file. This file is just a list containing one IP address per line.

• Click and enter the IP addresses of your 3 switches (again X is your user number):
o 192.168.1.201
o 192.168.1.202
o 192.168.1.203
• Finally click DISCOVER. After a few seconds, you will find all 3 switches in the topology map

Review the Information that NetEdit gathered from each Device


NetEdit uses the REST interface to gather the initial information on the device. This action is called a device scan.
• Select COR1A, right-click on it and choose
• Identify the different panels on the Device Details page: Device Details, Attributes, Device Revision History, and the Device
logs (you may have to scroll down to find them)
• In the first panel, use the ACTION menu to review the options

7
Open and review:

• View Running Config


• View Firmware Info
• View Hardware Info: this option allows you to get the information of each hardware
component. It is especially important for chassis-based switches, and very useful when the
serial number of a component is required, for example when opening a support case
• Note: you will assign Attributes later in this lab.

IMPORTANT NetEdit will repeat the device scan every 5 minutes for all AOS-CX switches in its database. That is necessary to
discover changes in the devices that were not generated by NetEdit, for instance: configuration changes made through the CLI
or the REST interface, hardware changes / component replacement.

• On the left part of the Device Revision History, you will find a chain of boxes with the first at the bottom and the latest at the
top. Each one of these boxes represents a change Plan.

The first two plans contain the initial information of the device: New Device, and Config Change (initial configuration).

• Select the Config Change plan and review the right side of the History panel

8
• Notice
• Plan name and description
• Modified-By and Deployed-By
o If the name is (as in this case) system, it means that
this change was not made by NetEdit, and that it
was found during a device scan
o Otherwise, the value would be name of the NetEdit
user that made the change
• Note: Conformance will be covered later
Note: You will revisit and learn more about the Device Details page in subsequent simulator labs.

Lab Task 4. Prepare and Apply NetEdit Settings


Step 1 - Device Attributes
Note: NetEdit allows you to assign attributes to CX switches. These attributes can represent location, role, and more. Attributes
can be used for searches, either individually or in combinations.

Creating Device Attributes


• Go to the settings page and select the option.
• Use the icon to create an attribute with the following parameters:
Name: Role

Type: LIST

List Values: core,access,other

Default Value: other

Assigning Attributes and creating Queries


• Go to the Devices page
• Select both access switches

• In the ACTION menu, select and assign the access role to these two switches

• Repeat the ACTION to assign a core role to the COR1A switch


• Deselect all switches in the list and in the search box enter: Role:access

9
• Notice that the proper switches were selected
• Use the parameter not to do a reverse selection

• Do some research on the options you can use in the search box
For more information on attributes and searches: NetEdit offers an online documentation file in which you will find a detailed
explanation of the different features.
To access it, go to the help button on the top right and select . A new web page will open. Read the
Search section and the Example Queries part.
Use the attributes to create a permanent query

• Deselect all switches in the list and in the search box enter: Role:access

• On the right side of the search box, click on the icon to save the search as a permanent query with the name access.

Notice that the search is already in the second box

• Repeat the procedure to create a core query


• Delete the search and click on the IP address of COR1A
On the Device Details page, the attribute list will appear now on the top-right panel

Use the queries to create specific device lists in the main dashboard (new tiles)

Go to the main dashboard (Overview page) and analyze the default tiles.

• The title of each tile is actually a Query


• Click on one of them and observe that it takes you to the Network view page and in the topology the switches matching the
query are now highlighted
• You can create your own tiles. For that purpose, return to the page
• At the top-right, click on the list icon (next to the help icon)
Notice that you can toggle the tiles to show or hide them in the dashboard

• Create a new tile called Core using the add (+) button – use the parameters shown in the picture and repeat the operation to
create a Tile for the Access switches

10
• Enable both tiles and hide the Tiles list by clicking outside it
Notice the different tile types in the dashboard: LIST, COUNT, and CHART

Step 2 - Conformance Tests


Overview

Conformance validation detects configurations that violate your corporate policies or network design by comparing switch
configurations against conformance tests. You can define policies by creating and enabling conformance tests in Settings /
Conformance. The tests are run continuously against both candidate and running configurations. Conformance test results for
running configurations are searchable on the device search page and displayed on both the dashboard and plan details page.
Conformance test results for candidate configurations are displayed in the editor and on the plan details page.

Using the Built-In Conformance Tests


Go to the Settings page, the sub-page and the tab.

Note: NetEdit comes with 3 built-in conformance tests:

• Common Criteria
o Default: disabled
o Description: Federal security requirements for US-CERT
• Requirements
o Default: enabled
o Description: A set of conditions that a CX switch configuration must meet for NetEdit to access it for management
• Secure Remote Login
o Default: disabled
o Description: Configuration that ensures the connection between the switch and remote server is cryptographically
secure
Open the Common Criteria test and:

• Read the command script – notice that it uses a particular language and notation
• Toggle it on and click OK
• Return to the main dashboard and after a few seconds you will notice that the Device Configuration Policy Violations tile
is now showing a 3. This means that all 3 devices are violating the policy.
• Click on the tile’s title and the embedded query will take you to the topology map and show all 3 switches selected
• Go to the ACTION menu and select View Config. This action will take you to the Editor (in read-only mode). The editor has 3
vertical panels, Left: Selected devices, Center: Configuration, Right: Insights
• On the Insights panel notice the Conformance Failures line.

11
• Click on the “v” icon on the right until you see that the conformance failures have to do with the Common Criteria test
Return to the Settings page, the sub-page and the tab.

• Disable the Common Criteria test


• Create a new test called: Interface Description
• Name: Interface Description
• Description: All individual and LAG interfaces that are active
must have a description.
• Severity: WARNING
• Device Filter: None (check all devices)

• Commands:
WITHIN interface 1/(\d+)/(\d+) IF no shutdown THEN description MUST EXIST
WITHIN interface lag (\d+) multi-chassis IF no shutdown THEN description MUST EXIST
WITHIN interface lag (\d+)$ IF no shutdown THEN description MUST EXIST
In the next section you will enable ports and the Interface Description rule will validate if the description has been added
according to the policy.

Important:

The next part of the NetEdit lab series, make sure you save the configuration on the switches and the lab in your environment.

12
Appendix A: Notes for VirtualBox/GNS3 users
• You will need to increase the screen Scale Factor to 150% for the setup wizard in the Linux console to work
• You can connect the NetEdit Server and port 1 on each of your switches to the same Host-Only Network

Once you start each switch, return to the VirtualBox Manager and re-assign interface 1 of each switch to the Host-Only
Network (GNS3 resets all ports when starting them to “Generic Driver” )

www.arubanetworks.com
3333 Scott Blvd. Santa Clara, CA 95054
1.844.472.2782 | T: 1.408.227.4500 | FAX: 1.408.227.4550 | [email protected]
13

You might also like