HPE6-A72 Identify, describe, and differentiate the functions and features of Aruba products and solutions

Identify, describe, and differentiate the functions and features of Aruba products and solutions Detailed Explanation

I. Aruba Product Families (Switching)

Aruba has a wide range of switches for different network sizes and roles. Some are older (legacy), while others are based on Aruba's modern operating system (ArubaOS-CX).

Aruba Switch Series

1. Aruba 2530

• Type: Layer 2 only (no routing)

• Operating System: ArubaOS (legacy)

• Features:

  • Basic VLAN support

  • No dynamic routing (only Layer 2)

  • Limited security features

• Use Case:

  • Small offices or very simple networks

  • Budget-friendly access layer switch

2. Aruba 2540

• Type: Layer 2/3 Lite

• Operating System: ArubaOS (legacy)

• Features:

  • Supports static routing

  • Basic ACLs

  • Basic QoS

• Use Case:

  • Small-to-medium business (SMB) edge deployments

  • Suitable for environments needing limited routing

3. Aruba 2930F

• Type: Layer 3 switch

• Operating System: ArubaOS (legacy)

• Features:

  • Static routing, RIP, and OSPF (dynamic routing)

  • Supports VSF (Virtual Switching Framework)

  • Optional PoE+ for powering devices

• Use Case:

  • Campus access or distribution layer

  • Ideal for medium-to-large enterprise networks

4. Aruba 2930M

• Very similar to 2930F, but with:

  • Modular power supplies (for redundancy)

  • Hot-swappable fans

  • Better for high availability setups

• Use Case:

  • Larger networks needing greater resilience

  • Places where uptime is critical

5. Aruba 3810

• Type: Advanced Layer 3

• Operating System: ArubaOS

• Features:

  • High performance

  • Advanced routing (OSPF, VRRP)

  • VSF support

  • Hot-swappable components

• Use Case:

  • Distribution or small core layer

  • Networks needing strong redundancy and Layer 3 capabilities

6. Aruba CX 6200/6300

• Type: Full Layer 3

• Operating System: ArubaOS-CX (modern)

• Features:

  • Dynamic routing: OSPF, BGP

  • Real-time telemetry

  • REST API and Python scripting

  • VSF supported (6300)

• Use Case:

  • Modern access/distribution

  • High-performance enterprise switching

6200 is fixed power/non-modular; 6300 supports VSF and hot-swappable hardware.

7. Aruba CX 8320/8400

• Type: High-end modular Layer 3 switches

• Operating System: ArubaOS-CX

• Features:

  • VSX (active-active core switching)

  • Deep analytics and telemetry

  • Redundant supervisors, line cards

  • Up to 100Gbps ports

• Use Case:

  • Enterprise core

  • Data centers

  • Mission-critical networks

Summary Table:

Series	OS	Layer	Routing	Use Case
2530	ArubaOS	2	No	Basic access layer
2540	ArubaOS	2/3	Static only	SMB edge switching
2930F/M	ArubaOS	3	Static, RIP, OSPF	Campus access/distribution
3810	ArubaOS	3	Advanced Routing	Distribution/Core
CX 6200	ArubaOS-CX	3	Full Layer 3	Modern access layer
CX 6300	ArubaOS-CX	3	Full Layer 3	Access/Distribution + VSF
CX 8320/8400	ArubaOS-CX	3	Full + VSX	Core/Data Center

II. ArubaOS vs. ArubaOS-CX

Understanding the two major operating systems used in Aruba switches is essential to choosing the right switch for your network. The differences between ArubaOS (legacy) and ArubaOS-CX (modern) go far beyond appearance — they affect performance, automation, and management capabilities.

1. ArubaOS (Legacy / Provision OS)

ArubaOS is the older OS platform used in switches like the 2530, 2540, 2930F, 2930M, and 3810.

Key Characteristics:

Feature	Description
Traditional CLI	Similar to Cisco IOS; commands follow a flat hierarchy.
Limited telemetry	Cannot store or display historical data (only real-time output).
Basic scripting	No native support for Python or REST APIs.
Routing features	Static routing, RIP, OSPF available depending on model.
Common in SMB networks	Still widely deployed in non-mission-critical or budget environments.

Use Case Scenarios:

• Small to mid-size companies

• Environments with basic Layer 2/3 needs

• Simple manual configurations

2. ArubaOS-CX (Modern OS)

ArubaOS-CX is a next-generation, modular, Linux-based OS. It runs on switches like the CX 6200, 6300, 8320, and 8400 and brings enterprise-grade capabilities into the switching fabric.

Key Features:

Capability	ArubaOS-CX Description
Modular architecture	Each system function (routing, QoS, logging) runs independently; improves stability.
Database-driven	Real-time and historical state database — you can see what happened hours ago.
Python scripting	Automate tasks directly from the switch using Python.
REST API support	Full programmatic control over configuration, monitoring, and automation.
Event-driven automation	Can trigger actions based on events (e.g., link down).
Error prevention tools	Config validation and transactional CLI allow you to test and commit safely.

Why It's a Game-Changer:

Legacy ArubaOS	ArubaOS-CX
Static config only	Live + historical monitoring
No APIs	Full REST API + NetEdit
No automation	Python scripting, ZTP, NetEdit
No rollback	Config checkpoints + rollback
Limited routing	Full Layer 3: OSPF, BGP, VRF

User Interface:

• ArubaOS-CX CLI is structured and context-aware.
  Example:

  config
    interface 1/1/1
      description "Link to Core"
      no shutdown
  

• Also supports a web GUI for configuration and monitoring.

Use Case Scenarios:

• Modern enterprise networks

• Access to core switching

• Automation-heavy or cloud-integrated environments

• Network teams using CI/CD principles

Summary Comparison Table:

Feature	ArubaOS	ArubaOS-CX
Architecture	Monolithic	Modular + database-driven
Telemetry & History	No	Yes (real-time + historical)
API Support	No	Yes (RESTful API)
Scripting	No	Yes (Python)
Automation	Manual only	Full automation pipeline
Use Case	Basic/legacy networks	Modern enterprise networks

III. Aruba Switching Features and Technologies

This section explains the built-in technologies that make Aruba switches powerful, flexible, and suited for enterprise environments. These features enable resilience, traffic control, and high performance in real-world networks.

1. VSF (Virtual Switching Framework)

What is VSF?

• VSF allows you to stack multiple Aruba switches into a single logical switch.

• Managed as one device with one IP address.

Benefits of VSF:

• Redundancy: If one switch fails, traffic continues through the others.

• Simplicity: Manage 2–4 switches as if they were one.

• Scalability: Easily add ports by adding another switch to the stack.

VSF Supported Models:

• Aruba 2930F, 2930M, 3810, 6300

Use Case:

• Access or distribution layer deployments needing resilience without complex configurations.

2. VSX (Virtual Switching Extension)

What is VSX?

• VSX is for core switches.

• Creates an active-active cluster of two switches, each running independently but sharing routing information.

Why it's better than VSF for the core:

• No single point of failure.

• Supports hitless upgrades (you can upgrade one switch without affecting traffic).

• Uses LAG + dynamic routing across both switches.

VSX Supported Models:

• Aruba CX 8320, CX 8400

Use Case:

• Core and data center deployments needing maximum uptime and live upgrades.

3. ACLs (Access Control Lists)

What are ACLs?

• ACLs filter network traffic based on:

  • IP addresses

  • Ports

  • Protocols

They are used to enforce security policies and block unwanted traffic.

Where to apply ACLs:

• On VLAN interfaces (SVIs)

• On physical interfaces

• Inbound or outbound directions

Example Use Case:

• Block HTTP traffic from guest VLAN to internal servers:

  ip access-list "BLOCK_HTTP"
   10 deny tcp any 192.168.1.0 0.0.0.255 eq 80
   20 permit ip any any
  

4. QoS (Quality of Service)

What is QoS?

QoS ensures that important traffic (like VoIP) gets priority over less critical traffic (like file downloads).

Common QoS Features:

• DSCP (Layer 3): Marks packets with priority values.

• 802.1p (CoS, Layer 2): Marks Ethernet frames for switching priority.

• Queue scheduling: Determines which traffic is sent first (e.g., strict priority, weighted round robin).

Use Case:

• Guarantee low delay and jitter for voice traffic on VLAN 10.

5. Multicast Support

What is Multicast?

• Used to send data to multiple specific devices (like IPTV users or video streamers), not to all.

IGMP Snooping:

• Monitors IGMP Join/Leave messages.

• Only forwards multicast traffic to ports that have requested it.

Use Case:

• In a classroom or campus where many devices watch the same live video stream.

6. LAG / LACP (Link Aggregation)

What is LAG?

LAG (Link Aggregation Group) combines multiple physical links into a single logical connection.

LACP (Link Aggregation Control Protocol):

• Dynamically negotiates the LAG.

• Helps avoid misconfigurations and link mismatches.

Benefits of LAG:

• Higher bandwidth

• Redundancy (if one link fails, the others continue working)

• Load balancing

Common Aruba LAG Commands:

interface 1/1/1
  lag 1
  mode active

interface 1/1/2
  lag 1
  mode active

Recap of Aruba Switching Features:

Feature	Purpose	Use Case
VSF	Stack multiple switches	Campus access/distribution
VSX	Active-active core switching	Core, data center
ACLs	Filter traffic	Enforce security policies
QoS	Prioritize important traffic	Voice/video over network
Multicast	Efficient broadcast to groups	IPTV, streaming
LAG/LACP	Aggregate links for speed/redundancy	Switch-to-switch or switch-to-core uplinks

IV. Aruba Network Management Platforms

Aruba provides powerful tools for centralized network management, monitoring, and automation. Whether your environment is cloud-native, hybrid, or fully on-premises, Aruba has a platform to match.

1. Aruba Central (Cloud-Based NMS)

What is Aruba Central?

• A cloud-based platform to manage:

  • Switches

  • Access Points (APs)

  • Gateways/Controllers

• Accessible through a web portal from anywhere.

Key Features:

Feature	Description
Zero-Touch Provisioning (ZTP)	Automatically configure devices when they boot for the first time.
Monitoring & Troubleshooting	Real-time stats, logs, and health scores.
AI Insights	Identifies anomalies (e.g., interface flapping, broadcast storms).
Configuration Management	Push global or device-level configurations via templates or GUI.
Firmware Updates	Schedule and automate upgrades across devices.
Role-Based Access Control (RBAC)	Assign different permissions to different admins.
Visual Topology Maps	See how devices connect in real time.

Use Case:

• Ideal for distributed networks, such as:

  • Retail stores

  • Schools

  • Branch offices

Aruba Central supports both ArubaOS-CX and ArubaOS-based devices.

2. Aruba NetEdit (On-Prem, CX-Focused)

What is NetEdit?

• An on-premises network automation tool focused on ArubaOS-CX switches.

Key Features:

Feature	Description
Multi-device editing	Edit configurations across many switches at once.
Validation engine	Detects errors before they go live.
Audit and history	Tracks changes for compliance and troubleshooting.
Snapshot and rollback	Save and revert configurations safely.
REST API integration	Supports CI/CD and automation workflows.

Use Case:

• Enterprise networks using CX 6200/6300/8320/8400

• IT teams that want programmable, automated network changes

NetEdit is complementary to Aruba Central, not a replacement.

3. Aruba AirWave (Legacy NMS)

What is AirWave?

• A traditional on-premises network management system.

• Designed for both wired and wireless infrastructure.

Key Features:

Feature	Description
Device Monitoring	Status and health of APs, switches, controllers
Visual RF Planning	Helps plan Wi-Fi deployments and detect coverage gaps
Alerts and Reports	Custom alert rules, historical usage reports
Config Management	Manage and push switch configurations
Client Tracking	See which device is connected to which switch port or AP

Use Case:

• Enterprises with older Aruba deployments

• Environments that do not use Aruba Central

Aruba recommends migrating to Central for newer installations.

Quick Comparison Table:

Platform	Deployment Type	Focus	Best for...
Aruba Central	Cloud	Full-stack (switches, APs, gateways)	New networks, distributed sites
NetEdit	On-prem (local)	ArubaOS-CX switches	CX environments, automation-focused ops
AirWave	On-prem	Legacy wired/wireless	Existing deployments, migration planning

V. Key Aruba Features

Aruba offers advanced features that go beyond traditional switching, helping you build a smarter, more secure, and automated network. These features are built into the ArubaOS-CX ecosystem and are especially powerful when used alongside Aruba Central and ClearPass.

1. NAP (Network Analytics Processor)

What it is:

• An onboard analytics engine built into ArubaOS-CX switches.

• Continuously collects real-time and historical data from the switch.

What it does:

• Monitors:

  • Interface stats (errors, discards)

  • CPU and memory usage

  • Protocol events (e.g., OSPF flaps)

• Supports custom scripts and queries to detect anomalies.

Why it matters:

• Enables faster troubleshooting (you can see what happened before a ticket was raised).

• No external agent or appliance is needed.

• Works with Aruba Central AI Insights for smart alerting.

2. Dynamic Segmentation

What it is:

• A feature that enforces access policies automatically across both wired and wireless users.

• Based on the user’s identity, device type, role, or group membership.

How it works:

1. User plugs into a port (or connects to Wi-Fi).

2. Aruba switch contacts ClearPass (Aruba’s NAC solution).

3. ClearPass tells the switch:

   • Which VLAN to assign

   • What ACL to apply

   • What QoS profile to enforce

4. The switch dynamically segments traffic based on policy — not physical port or SSID.

Benefits:

• Users can move between ports or sites and keep the same access policy.

• Great for BYOD, guest, and IoT device control.

3. NetEdit (Automation Platform)

We covered this in Section IV, but here’s a recap focused on features:

Function	Description
Multi-device edits	Change configs across many CX switches at once
Validation engine	Prevents misconfigurations before deployment
Audit history	Tracks who did what, and when
Integration	Works with REST APIs and Git-based workflows

NetEdit is a must-have for large ArubaOS-CX environments with change control or compliance needs.

4. Colorless Ports

What it is:

• A port that doesn’t need to be pre-configured for a specific user or device type.

How it works:

• When a device connects, the switch automatically assigns VLAN, ACL, and QoS policies based on:

  • Device MAC address

  • Authentication result from ClearPass

  • Device type or group

Benefits:

• Simplifies port configuration — you no longer need to remember which port is for which department.

• Dynamic and scalable — great for hot-desking, mobile users, and IoT devices.

5. Zero Touch Provisioning (ZTP)

What it is:

• A feature that automates switch setup — no manual configuration needed.

How it works:

1. Switch boots up and sends a DHCP request.

2. DHCP server provides:

   • IP address

   • Option for ZTP server (or Aruba Central link)

3. Switch downloads configuration and firmware.

4. Instantly becomes part of the network.

Use Case:

• Large-scale deployments (e.g., branch rollouts)

• Non-technical staff can simply rack and power on the switch — Aruba handles the rest.

Recap Table of Key Features:

Feature	Purpose	ArubaOS-CX?	Aruba Central?
NAP	Real-time and historical switch analytics	Y	Y (integrates)
Dynamic Segmentation	Role-based, identity-aware access enforcement	Y	Y
NetEdit	Multi-device automation with config validation	Y	—
Colorless Ports	Automatically assign roles/policies to users/devices	Y	Y
ZTP	Automatic provisioning on first boot	Y	Y

VI. Security and Access Features

In enterprise networks, security starts at the edge — meaning the switch ports where users and devices connect. Aruba switches include built-in access control features that help enforce who can connect, what they can access, and how to protect the network from attacks.

1. MAC Authentication & 802.1X

MAC Authentication (MAC Auth)

• Authenticates a device based on its MAC address.

• Used for non-user devices that don’t support usernames/passwords (e.g., printers, cameras, VoIP phones).

• Requires integration with a RADIUS server (typically ClearPass).

How it works:

1. Device connects to a port.

2. Switch sends the MAC address to RADIUS.

3. RADIUS checks if the MAC is allowed and returns access decision.

Use Case:

• IoT devices

• Non-802.1X devices

802.1X Authentication

• A standards-based protocol for port-based network access control.

• Authenticates users/devices before they can send traffic through the switch.

How it works:

1. User connects a device to the switch.

2. The switch (authenticator) communicates with the RADIUS server (ClearPass).

3. The server checks credentials.

4. If authorized, the switch opens the port; otherwise, it stays blocked.

Benefits:

• Strong security using user credentials, certificates, or tokens.

• Works with Dynamic VLAN Assignment — each user gets their own VLAN and policy.

Configuration Summary:

• Enable 802.1X on access ports:

interface 1/1/10
  aaa port-access authenticator
  aaa port-access enable

• Configure switch as authenticator and define RADIUS server.

2. Port Security

• Limits how many MAC addresses can be learned on a port.

• Can lock the port to specific MAC addresses.

Options:

Setting	What It Does
max 1	Only one MAC allowed
mac-address sticky	Learns the first MAC and remembers it
violation shutdown	Disables port if unauthorized MAC appears

Use Case:

• Prevent rogue devices in office networks

• Enforce "one user per port" policy

3. DHCP Snooping

• Protects against rogue DHCP servers in the network.

• Ensures only authorized DHCP servers can respond to clients.

How it works:

1. Switch watches for DHCP traffic.

2. Trusted ports (e.g., uplinks) can send DHCP offers.

3. Untrusted ports (user ports) cannot act as DHCP servers.

DHCP Snooping Table:

• Switch maintains a binding table of:

  • IP address

  • MAC address

  • VLAN

  • Interface

This table can be used for other security features like ARP Inspection and IP Source Guard.

Configuration Example:

dhcp-snooping
dhcp-snooping vlan 10
interface 1/1/1
  dhcp-snooping trust

4. ARP Inspection & IP Source Guard

These features protect Layer 2 and Layer 3 from spoofing attacks.

ARP Inspection

• Blocks fake ARP replies that try to redirect traffic (ARP spoofing).

• Cross-checks ARP packets against the DHCP snooping table.

Use Case:

• Prevent man-in-the-middle attacks in sensitive VLANs.

IP Source Guard

• Prevents a device from using an IP address that doesn’t belong to it.

• Uses DHCP snooping bindings to verify IP/MAC/interface combinations.

Why These Matter:

Feature	What It Protects Against	Common Use Case
MAC Auth / 802.1X	Unauthorized users/devices	Secure enterprise access
Port Security	Device spoofing / MAC flooding	Limiting users per port
DHCP Snooping	Rogue DHCP servers	Prevent fake IP assignments
ARP Inspection	ARP spoofing / MITM attacks	Secure VLANs (finance, HR)
IP Source Guard	IP spoofing	Protect Layer 3 traffic

VII. Aruba Switching Use Cases

To make good network design decisions, it’s essential to understand which Aruba switch series fits best in which part of the network. Aruba offers different switch families optimized for cost, performance, scalability, or advanced features — so choosing the right one ensures your network is reliable, scalable, and secure.

1. Small/Medium Business (SMB)

Recommended Models:

• Aruba 2530

• Aruba 2540

Why These Work:

Criteria	Details
Low cost	Great for budget-conscious environments
Simple Layer 2 or static Layer 3	Most small offices don’t need advanced routing
Fanless options	Quiet, suitable for office closets
PoE support	Can power phones and access points

Common Use Cases:

• Retail shops

• Small offices

• Remote branch deployments

• Simple wired LANs with a few VLANs

2. Campus Access / Edge

Recommended Models:

• Aruba 2930F

• Aruba 2930M

• Aruba CX 6200

Why These Work:

Feature	Benefit
VSF support (2930F/M)	Stack multiple switches for redundancy
Static and dynamic routing	Enables inter-VLAN routing at the edge
Advanced PoE options	Power access points, VoIP phones, IoT devices
ArubaOS-CX on 6200	Modern features + automation + telemetry

Common Use Cases:

• School classroom switches

• Office floor edge switches

• Access layer in hospitals or universities

3. Distribution Layer

Recommended Models:

• Aruba 3810

• Aruba CX 6300

Why These Work:

Feature	Benefit
Layer 3 scalability	Handles traffic aggregation from many access switches
VSF and LAG support	High availability and bandwidth
Modular options (3810)	Flexible power and cooling
Full CX OS (6300)	Automation, scripting, and monitoring included

Common Use Cases:

• Aggregation switches in large buildings

• Connecting multiple access switch stacks

• Medium-size core/distribution for enterprises

4. Core Layer / Data Center

Recommended Models:

• Aruba CX 8320

• Aruba CX 8400

Why These Work:

Feature	Benefit
VSX	Active-active core with hitless upgrades
Modular hardware	Hot-swappable line cards, power, and fans
High-speed ports	40/100Gbps uplinks for maximum throughput
Full automation/telemetry	Perfect for large-scale and cloud-integrated networks

Common Use Cases:

• Campus core switches

• Data center spine-leaf architectures

• High-density traffic aggregation and routing

Quick Matching Table:

Use Case	Recommended Series	Notes
Small Office / Retail	2530, 2540	Basic Layer 2/3, low cost
Enterprise Edge / Access	2930F, 2930M, CX 6200	PoE+, VSF, some Layer 3
Distribution Layer	3810, CX 6300	High performance, full Layer 3, stackable
Campus Core / Data Center	CX 8320, CX 8400	VSX, modular, high-speed uplinks, full automation

VIII. Differentiators vs. Competitors

This section highlights what sets Aruba switching solutions apart from competitors like Cisco, Juniper, or HP ProCurve. These unique features and design philosophies are important to know — not just for the HPE6-A72 exam, but also for real-world conversations with customers or decision-makers.

1. ArubaOS-CX is Modular, Database-Driven, and Telemetry-Rich

How it's different:

• Most traditional switch OSs are monolithic: all services (routing, QoS, etc.) run together.

• ArubaOS-CX is modular, meaning each function runs independently — if one crashes, others stay running.

• Everything is backed by a state database, so you can query:

  • Interface states

  • Routing changes

  • Historical performance trends

Benefits:

Feature	Advantage Over Competitors
Crash resilience	One module can fail without killing the whole switch
Real-time + historical data	View past CPU usage, interface errors, and link flaps
Structured CLI + REST API	Full automation and DevOps integration out of the box

2. Aruba Central Offers AI-Powered, Cloud-Native Network Management

Why it matters:

• Competing cloud NMS platforms often lack deep AI or full-stack visibility.

• Aruba Central provides:

  • End-to-end visibility (switches, APs, gateways, clients)

  • AI Insights: Identifies and explains root causes

  • Built-in security and segmentation tools

  • Scalable from one site to thousands

Differentiator:

Unlike Cisco DNA Center (which is expensive and complex), Aruba Central is more accessible and 100% cloud-native — no on-prem appliances needed.

3. ClearPass Integration for Role-Based Access

• Aruba has seamless integration with ClearPass Policy Manager, its NAC (Network Access Control) solution.

• You can apply dynamic access policies on both wired and wireless ports using:

  • User identity

  • Device type (IoT, BYOD, corporate laptop)

  • Location

Why it’s unique:

• ClearPass is vendor-agnostic (works with Cisco, Juniper too).

• Aruba switches support colorless ports, dynamic VLANs, ACLs, and more based on ClearPass policies.

4. Consistency Across Wired and Wireless

Unified Infrastructure Philosophy:

• Aruba treats switches and access points as equal citizens.

• You can:

  • Use one management platform for wired + wireless.

  • Apply the same policy framework across both.

  • Analyze and troubleshoot both layers in Aruba Central.

Competitor Comparison:

Feature	Aruba	Cisco
One cloud for wired + wireless	Aruba Central	Separate tools (Meraki/DNAC)
NAC integration	ClearPass (deep, flexible)	ISE (more complex, less flexible)
Automation support	Native Python + REST	Often requires extra software
Historical telemetry	Built-in	Requires DNA Center or external tools

Summary Table: Aruba Differentiators

Differentiator	What It Means in Practice
ArubaOS-CX modular OS	Reliable, resilient, easy to automate
Real-time + historical telemetry	See trends and past issues natively
Aruba Central (cloud-native)	Manage everything from anywhere, scale easily
AI-powered insights	Fast root cause detection, fewer support tickets
ClearPass integration	Unified security across wired and wireless
Colorless ports and dynamic policies	No manual port configs; policies follow the user/device
Unified network stack	One OS, one policy model, one management tool

Identify, describe, and differentiate the functions and features of Aruba products and solutions (Additional Content)

1. ArubaOS-CX Web UI Overview

The ArubaOS-CX Web Interface provides a GUI-based management portal for CX switches, offering a modern and responsive alternative to CLI.

Key Web UI Features:

• Dashboard Overview

  • Displays system health (CPU, memory, temperature)

  • Interface status and traffic graphs

  • Device uptime and firmware version

• Interface Configuration

  • Enable/disable ports, set speed/duplex

  • Assign VLANs or trunk modes

  • View real-time counters

• VLAN and Layer 3 Features

  • Create/assign VLANs

  • Configure IP interfaces (SVIs)

  • Static routing setup

• Monitoring Tools

  • Live log viewer (equivalent of show logging)

  • Interface traffic history

  • Access to event-handler status (CX only)

• Management

  • Firmware image selection and upgrades

  • Backup/restore config

  • Role-based access management

Why This Matters for the Exam:

Many entry-level and mid-tier questions may ask about management options available on ArubaOS-CX, and Web UI is one of them alongside CLI and REST API.

2. Zero Touch Provisioning (ZTP) Process Flow

ZTP allows Aruba switches to be provisioned automatically upon first boot — ideal for scaling deployment without manual intervention.

Typical ZTP Flow (Step-by-Step):

1. Switch boots with factory config

2. Sends DHCP Discover

3. DHCP server replies with:

• IP address

• Option 66: TFTP/HTTP server IP

• Option 67: File name (config or script)

4. Switch downloads:

• Startup configuration

• Optional firmware image

5. Applies config and reboots (if required)

6. Registers with Aruba Central (if pre-provisioned)

What ZTP Enables:

• Remote, hands-free switch setup

• Consistent provisioning via Central or NetEdit

• Ideal for distributed sites (e.g., retail, campus branches)

Optional Addition for Visual Learners:

While a diagram isn’t shown here (as per instruction), students are encouraged to sketch a simple line flow from “switch boot” → “DHCP” → “config download” → “network join” to visualize the automation path.

3. Interaction Between Aruba Central and Instant APs

To make this section more comprehensive and exam-relevant, candidates should understand how Aruba Central manages Instant APs (IAPs) and switches together.

Central’s Role in Unifying AP & Switch Policy:

• Groups & Templates:

  • Devices are organized into groups (e.g., Branch, HQ)

  • Each group can apply:

    • Global templates (CLI-style config snippets)

    • UI-based policies (WLAN, VLANs, ACLs)

• Instant AP Management:

  • Configure SSIDs, firewall rules, and radio profiles

  • Monitor client health and roaming

  • Apply WLAN roles and band steering

• Switch Management:

  • Assign VLANs to uplinks

  • Control PoE ports for APs

  • Deploy ACLs and QoS policies

  • Sync time, syslog, and SNMP from Central templates

• Unified Monitoring:

  • Both APs and switches appear on the same topology map

  • Cross-device AI Insights (e.g., detect if switch config is blocking AP registration)

Why This Is Important:

Aruba Central isn’t just a GUI — it's a central policy controller. The exam may test how switches and APs interact as one system under Central’s management, not as isolated nodes.