Managing Appliances
Viewing SteelConnect appliances
SteelConnect appliances are gateways, switches, and access points that connect to SCM.
The appliances overview lists the SteelConnect hardware configuration within an organization. It includes the hardware, software, and shadow appliances.
Tip: You can perform several of the tasks described in this topic using your iPhone. For details, see the SteelConnect iOS Application User’s Guide.
To view the appliances within an organization
Choose Appliances > Overview.
Viewing the appliances within an organization
The display includes the appliance status and if its configuration is up-to-date. It also shows if a firmware upgrade is pending or up to date and whether the appliance is set up as an automatic VPN gateway for a site.
The license column shows the license expiration date. A blue label displays the bandwidth limit for the appliance if one exists.
For details on 570-SD, 770-SD, and 3070-SD appliances, see the SteelHead SD Installation Guide.
Viewing appliance details
Click an individual appliance to view its properties, such as serial number and firmware version. You can also generate a support package to send to Riverbed support for troubleshooting, ping another appliance, or start a reverse shell access session for troubleshooting. For details, see Support package.
Tip: We recommend that you always specify a detailed location for the appliance using the Location field under the Location tab in the appliance page. Setting the location associates an appliance with its location wherever an appliance is referenced. The location is especially important when adding access points.
Appliance date and time
In DHCP client mode, the appliances use the DHCP-provided Network Time Protocol (NTP) server for synchronizing their internal clock. If the DHCP-provided NTP server is not reachable, the appliance connects to known NTP servers on the internet.
Viewing gateways
To view the gateways within an organization
Choose Appliances > Gateways.
Viewing the gateways for all sites
The display includes the gateways for all sites. You can filter the display by selecting a site from the drop-down list. You can also search for a specific gateway.
To view gateway details
Select a gateway.
SCM displays details on the gateway. You can change settings associated with a gateway using the tabs on the gateway detail page. Use the Actions menu to reboot or delete the gateway (and more).
Gateway detail page
STP
The Spanning Tree Protocol (STP) prevents network malfunction by blocking ports that can cause loops in redundant network paths.
SteelConnect implements the 802.1w Rapid Spanning Tree Protocol (RSTP) defined in the IEEE 802.1D-2004 specification. By default, RSTP is activated on all ports of SteelConnect gateways and switches. We recommend leaving STP on; however, you can use the STP tab to deactivate it. When you deactivate STP, it’s deactivated for all ports.
SCM displays an alert when STP is blocking ports.
STP is never active on WAN ports.
STP is not supported on gateways configured for high availability.
AutoVPN
For sites with more than one gateway, enabling AutoVPN on a gateway makes it the hub concentrator for AutoVPN connections (including RouteVPN and SwitchVPN). The ideal placement for the hub gateway is inline with all traffic entering and exiting the site.
Alternatively, if you’re using Classic VPN, you might need to turn AutoVPN off. For details, see AutoVPN modes.
Adding shadow appliances
SCM stores all configurations, including your existing and future network plans. This means you can either add an appliance when you physically have it or you can preplan and configure an appliance by adding a shadow appliance and later drop the physical appliance into the topology with no further configuration. Shadow appliances are basically cardboard cutouts that you can use to represent what will be a physical appliance after registering it with a serial number.
To add shadow appliances
1. Choose Appliances > Gateways.
2. Click Add appliances and select Create Shadow Appliance.
3. Select a gateway from the model drop-down list.
The SteelHead SD 570-SD gateway, 770-SD gateway, and 3070-SD gateway models deliver the benefits of SteelHead WAN optimization and SteelConnect SD-WAN while providing the flexibility of a single box solution. For details, see the SteelHead SD Installation Guide.
4. Select the site where you want to deploy the shadow appliance from the site drop-down list.
When you deploy a SDI-5030 gateway into a site, a dialog box lets you know that you must associate the appliance with a cluster.
Adding a 5030 gateway
For details, see Creating clusters.
5. Click Submit.
6. Repeat these steps for each of your appliances.
After adding the virtual gateways, SCM automatically connects them using AutoVPN to create secure VPN tunnels. Next, you’ll register the gateways to transform them from shadow appliances to physical appliances.
7. Choose Network Design > Uplinks to see that SCM has automatically assigned uplinks to the new gateways.
Before deploying the hardware, you can configure other SteelConnect features now or wait until later.
Registering appliances
When you add an appliance for future deployment, it’s called a shadow appliance. Shadow appliances are basically cardboard cutouts that you can use to represent what will be a physical appliance after registering it with a serial number. For example, you can deploy a shadow SDI-130 gateway into the headquarters site and work with it as though it were a real, physical gateway before deploying the physical SDI-130 gateway in your network.
You can create and register an appliance on the Appliances Overview page.
To register a shadow appliance
1. Choose Appliances.
2. Click the shadow appliance description.
3. Click Register hardware.
4. Type the serial number.
To help you identify an appliance without unmounting it, unregistered appliances with an OLED display (Gateway 330, Switch S24, and Switch S48) display their serial number in the screen until you register the appliance with SCM.
5. Click Submit.
6. Plug the network cables into the configured ports.
The provisioning server hands off the appliance when it connects into the particular organization and the particular site, and it gives the appliance its configuration, brings it online, performs all the firmware upgrades, and realizes your design on the appliance in the real world. This provisioning process also makes the appliances easily replaceable.
After AutoVPN establishes the tunnels, you can click a site marker on the dashboard map to see a representation of the network. You can see on the map that the locations are completely connected with a full mesh VPN, and these lines will change if problems arise or if there is downtime at any of the sites.
Gateway provisioning
By default, when you register a gateway, SCM automatically creates a DHCP-client uplink and attaches it to the gateway WAN1 port. In addition, it preconfigures all switched LAN ports with the site-local zone.
You can add more networks in Network Design > Zones later. You can then assign these zones to a gateway port.
When gateway selection is set to automatic (the default setting), the SteelConnect gateway always uses the default gateway IP from the IP configuration of the zone.
Additionally you can enable gateway services like IPv4 DHCP server and IPv6 RA per zone.
Make sure that internet connectivity and a DHCP server are available on the WAN port of the gateway to allow the first provisioning to succeed. While booting up, one green LED of the gateway will glow as long as a connection to SteelConnect Manager was established successfully. Glowing will stop in normal operation mode.
For networks with no DHCP server available, or when you want to use a static IP or DSL uplink for the gateway, you can use offline provisioning.
How do I provision a gateway offline?
Adding a new gateway to your network requires the appliance to contact the SteelConnect Manager, which provides the initial configuration. In a scenario where no DHCP server is available in the existing network, or where a static IP address should be assigned to the new gateway, you can use offline provisioning.
You can set up the configuration on SCM, even if the hardware is currently not present at the related site.
You’ll need the serial number of the new gateway to create an offline provisioning configuration file.
This procedure supports a gateway only; you can’t provision an access point or switch offline using a USB stick.
To provision an appliance without DHCP
1. Log in to SteelConnect Manager.
2. Choose Network Design > Sites > Add Site(s).
3. Specify at least the site tag, name, and city.
4. Click Submit.
5. Choose Network Design > Uplinks.
An uplink is the last network segment connecting the local site to a WAN network.
6. Select the uplink for the new site and define an uplink type: for example, static IPv4 or DSL.
7. Fill out the required IP address or user account information and click Submit.
8. Choose Appliances > Add Appliances > Register Hardware Appliance.
9. Enter the serial number of the SteelConnect Gateway and select the site you want to deploy the appliance.
10. Select the new hardware appliance, click Actions, and select Download config.
The system downloads a configuration file named with the gateway serial number.
11. Apply the file on a FAT32 formatted USB stick. The system does not support other file system types like Linux ext2,3,4, NTFS, and so on.
12. Deploy the gateway on the site and power on the appliance.
Wait at least 30 seconds until the new appliance powers up correctly before plugging in the USB stick.
Because the gateway does not mount the stick during boot up, it won’t import the configuration automatically.
13. Plug in the USB stick to restore the configuration.
The gateway connects to SCM with the previous set up configuration.