This topic describes how to manage the gateways, switches, and access points. It includes these sections:

SteelConnect appliances are SDI gateways, SteelHead SD appliances, switches, and access points that connect to SCM.

The appliances overview lists the SteelConnect hardware configuration within an organization. It includes the hardware, software, and shadow appliances.

The display includes the appliance status and if its configuration is up-to-date. It also shows if a firmware upgrade is pending or up to date and whether the appliance is set up as an automatic VPN gateway for a site.

Click an individual appliance to view its properties, such as serial number and firmware version. You can also generate a support package to send to Riverbed support for troubleshooting and ping another appliance. For details, see Support package.

In DHCP client mode, the appliances use the DHCP-provided Network Time Protocol (NTP) server for synchronizing their internal clock. If the DHCP-provided NTP server is not reachable, the appliance connects to known NTP servers on the internet.

The display includes the gateways for all sites. You can filter the display by selecting a site from the drop-down list. You can also search for a specific gateway.

The Wi-Fi tab shows all active client sessions on the radios of the appliance.

The Spanning Tree Protocol (STP) prevents network malfunction by blocking ports that can cause loops in redundant network paths.

SteelConnect gateways and switches implement the Multiple Spanning Tree (MST) protocol defined in the IEEE 802.1s specification.

By default, STP is activated on all LAN ports of SteelConnect gateways and switches. We strongly recommend leaving STP enabled; however, you can use the STP tab to disable it. When you disable STP on an appliance, it’s deactivated for all ports.

To work with an existing STP root bridge configuration on non-Riverbed equipment, and to configure Riverbed appliances to be compatible with an existing configuration, you can set the STP root bridge priority at the appliance level. You can also configure a Riverbed gateway or switch as the STP root bridge. The appliance with the highest priority (assigned the lowest number as its priority value) in the site assumes the role as the root bridge. By default, SCM assigns the root bridge priority levels shown in STP tab to all STP-enabled appliances.

The number in parentheses following the priority level references the legacy Cisco method of assigning a priority in increments of 4096.

The SteelHead SD 570-SD, 770-SD, and 3070-SD appliances, the SDI-VGW virtual gateway, and the SDI-1030 and SDI-2030 gateways do not support STP.

SCM displays an alert when STP is blocking ports on an appliance. Blocked ports do not allow traffic to be sent or received through the port. A port blocked by STP isn’t disabled, and the switch on the other end of the link still sees the link as active, but frames sent over that link are blocked.

For details, see the SD-WAN Deployment Guide.

For sites with more than one gateway, enabling AutoVPN on a gateway makes it the hub concentrator for AutoVPN connections (including RouteVPN and SwitchVPN). The ideal placement for the hub gateway is inline with all traffic entering and exiting the site.

Alternatively, if you’re using Classic VPN, you might need to turn AutoVPN off. For details, see AutoVPN modes.

SCM stores all configurations, including your existing and future network plans. This means you can either add an appliance when you physically have it or you can preplan and configure an appliance by adding a shadow appliance and later drop the physical appliance into the topology with no further configuration. Shadow appliances are basically cardboard cutouts that you can use to represent what will be a physical appliance after registering it with a serial number.

Before deploying the hardware, you can configure other SteelConnect features now or wait until later.

When you add an appliance for future deployment, it’s called a shadow appliance. Shadow appliances are basically cardboard cutouts that you can use to represent what will be a physical appliance after registering it with a serial number. For example, you can deploy a shadow SDI-130 gateway into the headquarters site and work with it as though it were a real, physical gateway before deploying the physical SDI-130 gateway in your network.

You can create and register an appliance on the Appliances Overview page.

After AutoVPN establishes the tunnels, you can click a site marker on the dashboard map to see a representation of the network. You can see on the map that the locations are completely connected with a full mesh VPN, and these lines will change if problems arise or if there is downtime at any of the sites.

By default, when you register a gateway, SCM automatically creates a DHCP-client uplink and attaches it to the gateway WAN1 port. In addition, it preconfigures all switched LAN ports with the site-local zone.

You can add more networks in Network Design > Zones later. You can then assign these zones to a gateway port.

When gateway selection is set to automatic (the default setting), the SteelConnect gateway always uses the default gateway IP from the IP configuration of the zone.

Additionally you can enable gateway services like IPv4 DHCP server and IPv6 RA per zone.

For networks with no DHCP server available, or when you want to use a static IP or DSL uplink for the gateway, you can use offline provisioning.

Adding a new gateway to your network requires the appliance to contact the SteelConnect Manager, which provides the initial configuration. In a scenario where no DHCP server is available in the existing network, or where a static IP address should be assigned to the new gateway, you can use offline provisioning.

You can set up the configuration on SCM, even if the hardware is currently not present at the related site.

You’ll need the serial number of the new gateway to create an offline provisioning configuration file.

This procedure supports all SteelConnect SDI gateways only. You can’t provision an access point or switch offline using a USB stick.

This procedure doesn’t apply to SteelHead SD appliances. For SteelHead SD models, see https://supportps://supportkb.riverbed.com/support/index?page=content&id=S30215.

NetFlow export is typically enabled at the realm or organization level and you don't need to configure individual appliances. It can be useful to analyze NetFlow data for an appliance when you want to temporarily narrow the flows for troubleshooting.

NetFlow export is enabled at the appliance level by default, and becomes active when NetFlow is enabled at the realm or organization level. SteelConnect supports NetFlow exporting on the SDI-130, SDI-330, SDI-1030, SDI-2030, and SDI-5030 gateways; the SDI-VGW virtual gateway; and SteelHead SD appliances. Collectors can be configured using an IPv4 address or a fully qualified domain name.

For more NetFlow details and information on configuring NetFlow at the realm level, see Exporting NetFlow data.

SteelConnect monitors the CPU temperature on the SteelHead SD appliances and the SDI-2030 and SDI-5030 gateways.

The thresholds for CPU temperature for the 570-SD and 770-SD appliances are:

The temperature is shown on the Health Check page, under Appliance Resources. For details, see Appliance Health page details. The Health Check resources display for a SteelHead SD 3070-SD, a SDI-2030 gateway, and an SDI-5030 gateway shows the CPU temperature as the number of degrees lower than the upper limit.

A display of 0 means that the appliance is in an upper nonrecoverable state. The appliance temperature for a SteelHead SD 3070-SD appliance, a SteelConnect SDI-2030 gateway, and a SteelConnect SDI-5030 gateway might report a negative Celsius temperature as a green check mark because the Intelligent Platform Management Interface (IPMI) tool does not report the actual temperature, but instead reports the thermal margin, which is the processor's thermal specification minus its current temperature.

For example, -60° C means that it is 60 degrees lower than the temperature upper limit. Thus, if the temperature is 0° C, it means the system is in an upper nonrecoverable state and will be displayed as a red check mark.