Software Upgrade Package for AmpCon-Campus V2.2.1

11 dic. 2025 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

11 dic. 2025 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

11 dic. 2025 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

AmpCon-Campus User Manual V2.2

09 set. 2025 - AmpCon-Campus User Manual V2.2 Release Notes Before you install or upgrade AmpCon-Campus, read this topic to get a quick overview of what is added, changed, improved, or deprecated in each release. AmpCon-Campus 2.2.1 Improvements SSH key authentication is available for device access in AmpCon-Campus 2.2.1. You can access devices (switches or terminals) by using either password or SSH key authentication, enhancing flexibility and security. For more information, see Accessing Devices through SSH Sessions. Previously, if a device session remained inactive for 1 minute on the “CLI Configuration” page, the session automatically terminated due to a timeout. In AmpCon-Campus 2.2.1, the timeout period is extended to 5 minutes, enhancing device access stability. Fixed Issues Previously, for integrated hardware and software PicOS switches that had the Web service enabled by default, the ZTP process through AmpCon-Campus might fail. In AmpCon-Campus 2.2.1, this issue is fixed. Previously, the AmpCon-Campus license expiration date was wrongly calculated. In AmpCon-Campus 2.2.1, this issue is fixed. Previously, after you backed up switch configurations by clicking Backup Config, the Last Backup Time value was not updated if the current backup was identical to the previous one. In AmpCon-Campus 2.2.1, this issue is fixed. Previously, the switch configuration rollback function couldn’t work. In AmpCon-Campus 2.2.1, this issue is fixed. AmpCon-Campus 2.2.0 New Features The following features are added to AmpCon-Campus 2.2.0: Supports designing MLAG campus fabrics for small or mid-size campus networks and designing IP Clos campus fabrics for large-scale campus networks. For more information, see Designing Campus Fabircs. Supports receiving immediate alarm notifications through emails when issues arise. For more information, see Alarm Notifications. Supports automatically identifying terminal devices connected to each managed switch and manually adding terminal devices. For more information, see Wired Clients. Improvements The following improvements are added to AmpCon-Campus 2.2.0: The supported switch list is updated with more supported switch models. For more information, see Supported Switches for 2.2.0. When you click a switch in a topology, the Client Info tab is displayed, where you can see metrics of terminal devices connected to the switch. For more information, see Client Info. The following telemetry metrics are added to the “Telemetry Dashboard” page. For more information, see Global Telemetry Data. CPU usage Memory usage Fan In Bits Rate Out Bits Rate Out Pkts Rate In Pkts Rate The following telemetry metrics are added to the detail page of each managed switch. For more information, see Telemetry Data of a Switch. Added Version (means PicOS version) in the Device Information tab Added In Bits Rate, Out Bits Rate, Out Pkts Rate, In Pkts Rate, Usage, and Fan in the Switch Overview tab Added In Bandwidth Utilization, Out Bandwidth Utilization, Out Bits Rate, In Bits Rate, Out Pkts Rate, and In Pkts Rate in the Port Overview tab Added a Device Overview tab with Redundant Power Supply Unit (RPSUs) and fans related metrics Added an ARP tab with ARP-related metrics Added a MAC tab with MAC-related metrics Added an OSPF tab with OSPF-related metrics Added a BGP tab with BGP-related metrics Added an IP Route tab with IP Route related metrics The following resource usage related alarms are supported. For more information, see Resource Usage Alarms. The CPU usage is over 85% The memory usage is over 85% The input bandwidth usage is over 85% The output bandwidth usage is over 85% The switch is offline The switch is powered down The proportion of the fan's Pulse Width Modulation (PWM) to the total width is over 85% New Changes The recommended PicOS version for supported switches is PicOS 4.6.0E or later. Importing the AmpCon-Campus license is no longer required during initial UI login. You can log in to the AmpCon-Campus UI first and then import the license. For more information, see Importing AmpCon-Campus Licenses. Overview AmpCon-Campus Management Platform is a powerful management platform for PicOS® campus switches, offering automated Zero Touch Provisioning (ZTP), real-time telemetry monitoring, topology auto-discovery, and automated lifecycle management. In addition, AmpCon-Campus supports designing and managing MLAG fabrics and IP Clos fabrics and monitoring terminal devices. With an intuitive web-based UI, AmpCon-Campus automates routine workflows, eliminating costly downtime and time-consuming manual tasks. By using AmpCon-Campus, you can efficiently deploy, orchestrate, and manage campus networks at scale. Deployed as a software appliance on a virtual machine (VM) or Docker, AmpCon-Campus operates seamlessly in campus networks. How AmpCon-Campus Can Help AmpCon-Campus is highly scalable and includes only the features that you truly need. You can use it to build small, medium, and large campus networks. Simplify physical network design By using AmpCon-Campus, you can design MLAG campus fabrics for small or mid-size campus networks and design IP Clos campus fabrics for large-scale campus networks. AmpCon-Campus helps you eliminate the complex campus networking configurations during the fabric design and management process. Enhance terminal device management AmpCon-Campus supports automatically identifying terminal devices connected to each managed switch and manually adding terminal devices. By using this feature, you can accurately and securely identify terminal devices in your network and thus facilitate refined management of terminal devices. Automate switch configurations and provide unified switch management AmpCon-Campus helps you to configure, monitor, and manage switches in campus networks. By using AmpCon-Campus, you can maintain the High-Performance Network (HPN) architecture more efficiently, prevent and eliminate issues, and thus increase the resource utilization rate and decrease the operation costs. Improve the efficiency of switch deployment by using ZTP AmpCon-Campus supports using ZTP to automatically deploy switches in campus networks. Provide telemetry for real-time network monitoring AmpCon-Campus supports telemetry to capture rich information about real-time network telemetry information, application workload usage, and system configurations. Provide automatic discovery of topology for visual switch management AmpCon-Campus supports automatic discovery of topology to provide the network view of switches in all locations. You can simplify the network management by checking switch stats and port-level running status. Automate daily operation tasks by using Ansible playbooks AmpCon-Campus supports using Ansible playbooks to automate daily network operations and decrease the operation cost. Deliver multiple deployment solutions AmpCon-Campus provides multiple deployment solutions, including Docker, KVM, VMware, and Nutanix AHV. Support deploying, configuring, and managing remote switches at scale AmpCon-Campus makes it easy to deploy, configure, and manage a large number of remote switches. You can use AmpCon-Campus to deploy, configure, or manage switches at scale. Key Features AmpCon-Campus provides a powerful feature set, which simplifies the deployment, configuration, and management of switches. Zero Touch Provisioning Zero Touch Provisioning (ZTP) is a technology for automated deployment and configuration of network devices. When large numbers of switches need to be deployed or upgraded, you can use ZTP to reduce labor costs and improve deployment efficiency. ZTP can help you to implement fast, accurate, and reliable switch deployments. Simplifying Switch Deployment In scenarios like the construction or expansion of campus networks, a large number of switches are required. If these switches are configured manually, improper configurations might lead to errors, and it’s difficult to troubleshoot issues. AmpCon-Campus provides ZTP, which improves the efficiency of switch deployment, daily maintenance, and fault handling, while reducing labor costs. After you plug in the switch, the DHCP server automatically provides the switch with an IP address and the address of a provision script that is obtained from AmpCon-Campus server. The switch automatically runs the script to register with the AmpCon-Campus server, install PicOS (for white-box switches only), configure the switch based on system configurations and switch configurations, and install a valid license on the switch. By using AmpCon-Campus, no experienced network personnel are required at the remote site; anyone who can put the switch in the right place and plug it in will do. Automating Switch Management After switches are deployed through ZTP, they can be automatically added to sites and managed by AmpCon-Campus. In traditional solutions, such tasks are manually performed by network administrators. The AmpCon-Campus ZTP solution, however, frees administrators from these tasks, allowing them to focus on the orchestration of core overlay services. Full-Stack Network Design AmpCon-Campus supports two standards-based campus fabric architectures, MLAG fabrics and IP Clos fabrics. These two fabric types cover the networking requirements of small, medium-sized, and large-scale campus fabrics. Dual-Architecture Flexibility By using AmpCon-Campus, you can deploy an MLAG campus fabric on a two-layer network with the collapsed core and access layers, or you can deploy an IP Clos campus fabric on a campus-wide network that involves multiple buildings with separate distribution and core layers. Zero-Configuration Simplicity AmpCon-Campus automatically pushes networking configurations to switches in batches, eliminating manual CLI work and cutting deployment time from weeks to hours. Full-Stack Control AmpCon-Campus provides comprehensive lifecycle management of switches and supports managing and redesigning fabrics to meet changing requirements of campus networks. Switch Lifecycle Management AmpCon-Campus simplifies the management of switches, including configuration management, switch inventory, software updates, and more. Configuration Management AmpCon-Campus includes native configuration management capabilities, which you can use to push an update to a single switch or to an entire group of switches. By using AmpCon-Campus, you don’t need to edit and push switch configurations one by one. In this way, the likelihood of errors can be reduced, the switch configuration process can be simplified, and you don’t need to deal with the added expense or headache of a third-party tool. In practice, the configuration management feature can greatly simplify the job of updating switches to deal with a new class of devices, such as security devices to protect Internet of Things (IoT) sensors. Your network administrators can detail how the network needs to treat the security devices (such as putting them on your own VLAN), and detail where traffic from devices is allowed to go. By adding only one configuration in the AmpCon-Campus UI, you can push the update to appropriate switches. AmpCon-Campus greatly simplifies the job of detailing network access level and priority each class of devices need to get and pushing the update to all relevant switches. Configuration Backup, Compliance, and Rollback Once the desired configurations are set and the network is stable, you might want to make sure that accidental changes don’t disrupt operations. When you make a configuration change such as adding devices or a VLAN, it is important to back up your configuration. AmpCon-Campus makes configuration backup easy by automating and scheduling configuration backup on a specified date and time and saving the last N backups as you need. You can use the backup configuration to recover quickly from a crash or corruption of a switch. In addition, you can mark a specific backup instance as the Golden Config. The Golden Config will never be deleted and is used by default as the configuration to roll back a switch to a stable configuration when the switch operation is compromised. You can also use the Golden Config as the basis to run an automated compliance check to verify whether the network is operating as designed. Switch Inventory AmpCon-Campus also supports switch inventory features. Though third-party tools also support this capability, these tools add expense to your company. In addition, such tools typically run on a Windows Server Enterprise Edition machine, which also adds additional server licensing costs. In contrast, AmpCon-Campus can be deployed in minutes on a virtual machine. AmpCon-Campus provides detailed inventory of all switches, including switch hardware details, software versions, configurations, and more. License Updates AmpCon-Campus automates the process of checking and updating switch licenses with the latest support entitlements. A License Audit task checks whether a group of specified switches has valid licenses and creates a report of the license status including the support expiration date and other details. The License Action task automatically updates the license keys on all switches whose support is due to expire in the next 30 days and logs the result to a report, which you can examine or download. RMA Replacements AmpCon-Campus incorporates a unique workflow to enable return merchandise authorization (RMA) replacements. When hardware of a switch fails and is replaced with new switch hardware, the RMA feature takes the configurations from the failed switch hardware, updates the serial number of the new switch, and pushes the configurations to the new switch to bring it up seamlessly in the network. Simplified Software and Switch Upgrade The nature of PicOS itself makes it simpler to manage switches compared to other legacy network operating system (NOS) of switches or routers. Because PicOS is Linux-based and compartmentalized, you can update or change one component or aspect without affecting other components. For example, if you’re pushing a security patch, it affects only the security component of the NOS; you don’t need to replace the entire software or firmware image. Additional Features Role-Based Access Control (RBAC) AmpCon-Campus adopts role-based access control, which is used to permit individual users to perform specific actions and get visibility to an access scope. You can assign each user a specific role with associated permissions. In addition, you can authenticate user logins through a TACACS+ server, which also determines their access permissions based on their roles. If the TACACS+ server can’t be reached from AmpCon-Campus, you can log in to the AmpCon-Campus UI with local users that are defined in AmpCon-Campus. Parking lot You can use parking lot to manage switches that have been shown in the network and registered with the AmpCon-Campus server but haven’t been configured by the administrator. Setting up a group of switches To perform switch lifecycle operations more conveniently, you can organize switches in groups by region, location, building, and more. Importing switches For those switches that were not originally deployed through AmpCon-Campus, you can import them directly to AmpCon-Campus to manage them. Decommission workflow To shut a switch down temporarily and then redeploy it in another location, you can decommission the switch in the AmpCon-Campus UI. Operational logs You can use operational logs to track all activities and troubleshoot issues by drilling down and analyzing issues. Monitoring You can get an overview of all switches or drill down to a switch to check its status and metrics such as port stats. Automatic Discovery of Topology AmpCon-Campus supports automatic discovery of topology for automated identification and visualization of the network structure. It provides a map view to display all the locations. You can use the map view to pull up any location and drill down into an individual switch, right to the port level, to check port stats and overall health of the switch. In this way, network management and maintenance can be simplified. Planning Topology AmpCon-Campus supports automatic discovery of neighboring information to generate a topology map after switches are added. You can manually plan the topology and customize the network structure layout according to actual needs. image.png Viewing Real-time Topology AmpCon-Campus dynamically shows the current network status, which reflects changes such as device online status and link faults in real time. By clicking a device or a link, you can see detailed stats information. image.png Viewing Historical Topology By selecting a timeline, you can see the network topology and device link status at different time. You can analyze the historical topology to trace problems. image.png Viewing Switch Details, Ports, and Terminal Devices When you click a switch in a topology, you can view real-time or historical information about the switch, switch ports, and terminal devices connected to the switch. image.png Telemetry Monitoring AmpCon-Campus uses the telemetry technology to automatically collect real-time or historical metric data from managed switches. In addition, AmpCon-Campus analyzes the telemetry data to predict equipment failures and performance anomalies and then trigger immediate alarms. Comprehensive Data Collection AmpCon-Campus collects real-time data from various network devices, including routing neighbors, switch utilization, and port stats. The data can help network administrators gain insights for quick decisions and network adjustments. You can view the telemetry data of all managed switches on the “Telemetry Dashboard” page. image.png Real-time Performance Monitoring AmpCon-Campus uses telemetry to track performance metrics of each managed switch in real time, such as port traffic, bandwidth utilization, and packet loss rate. With telemetry information, you can identify bottlenecks, optimize configurations, and ensure efficient resource usage on a switch. You can view the telemetry data of a specific switch on the detail page of the switch. image.png Predictive Maintenance AmpCon-Campus uses real-time telemetry data to predict equipment failures and performance anomalies, issuing immediate alerts. The operation team can take corrective actions before issues are escalated. The downtime risk can be reduced, and the continuity and reliability of your campus networks can be improved. image.png If you can't access the AmpCon-Campus UI to view alarms but need immediate alerts when issues arise, use the alarm notification feature to receive real-time email notifications. In this way, you can promptly find problems and prevent incident escalation. Flexible Ansible Extensions Ansible is an open-source tool to automate configuration management, application deployment, and task automation. Ansible uses simple, declarative language written in YAML, which is called playbooks, to automate your tasks. You declare the desired state of a local or remote system in your playbook. Ansible ensures that the system remains in that state. For more information about Ansible, see Getting started with Ansible and Using Ansible playbooks. AmpCon-Campus integrates with Ansible to automate and simplify network management, such as configuring interfaces, VLANs, and security settings. By using Ansible to automate network management, you can reduce errors, save time, and ensure consistency across your network. Then, you can focus on more strategic tasks. Automation with Ansible AmpCon-Campus provides commonly used features that your network teams need for day-to-day operations. You can also use AmpCon-Campus to add capabilities that you might require by writing Ansible playbooks. If a network management task follows a certain routine regularly, build an Ansible playbook to automate the task. Pre-Built Playbooks AmpCon-Campus offers a series of Ansible playbooks, which are templates for automating the following routines: Compliance and consistency checks, to ensure switches stay in compliance with industry regulations that require a certain configuration to maintain proper security and privacy Connectivity checks for PicOS Software Switches Network operation and remediation routines such as dynamic policy enforcement image.png Customized Playbooks If the pre-built Ansible playbooks can’t meet your needs, you can customize an automation workflow by writing a playbook on AmpCon-Campus or importing a local playbook to AmpCon-Campus. image.png Playbook Run AmpCon-Campus supports the following schedule types of playbook run: Run Now: Executes the task immediately upon creation One Time: Executes the task within the selected time range after creation Scheduled: Executes the task periodically after creation image.png Ansible Jobs An Ansible job is a single execution of an Ansible playbook. AmpCon-Campus displays the list of Ansible jobs, the list of switches with Ansible jobs, the execution results, and the output of these jobs. image.png Linux Server Support In addition to running Ansible playbooks on managed switches, AmpCon-Campus supports running Ansible playbooks on the Linux servers that you added. Terminal Device Management In the AmpCon-Campus UI, you can easily monitor third-party devices and track their status. By using this feature, you can view terminal devices connecting to each managed switch in your network and thus facilitate refined management of terminal devices. AmpCon-Campus supports automatically identifying terminal devices. But if a terminal device is removed or always offline, you might not see the terminal device in the AmpCon-Campus UI. To monitor the status of the terminal device, you can manually add it to AmpCon-Campus. When you click a switch in a topology, you can see the real-time or historical information about the terminal devices connected to this switch in the topology. image.png Architecture AmpCon-Campus is built on Ubuntu Linux and incorporates a web GUI and a MySQL database with Python codes built on top of an Ansible engine. Switches and AmpCon-Campus communicate with the SSH protocol. AmpCon-Campus gets switch stats through gNMI. Zero Touch Provisioning (ZTP) Workflow White-Box Switches Figure 1. ZTP Workflow of White-Box Switches image.png After a switch is powered on, the switch sends DHCP Discover to get an IP address, and the DHCP server provides the switch with an IP address. The switch sends a request to the DHCP server, and the DHCP server sends a response including the HTTP server address. The switch sends an HTTP request to the HTTP server to get the shell script, and the HTTP server sends an HTTP response with the shell script. The switch executes the shell script to complete the ZTP deployment, including downloading a PicOS image, installing PicOS and its license, registering with the AmpCon-Campus server, updating switch configurations, and rebooting the switch. Integrated Hardware and Software Switches Figure 2. ZTP Workflow of Integrated Hardware and Software Switches image.png After a switch is powered on, the switch sends DHCP Discover to get an IP address, and the DHCP server provides the switch with an IP address. The switch sends a DHCP request to the DHCP server, and the DHCP server sends a DHCP response including the TFTP server address. The switch sends a TFTP request to the TFTP server to get the shell script, and the TFTP server sends a TFTP response with the shell script. The switch executes the shell script to complete the ZTP deployment, including registering with the AmpCon-Campus server, installing a PicOS license on the switch, updating switch configurations, and rebooting the switch. Switch Configuration Workflow The AmpCon-Campus server includes a component called Configuration Manager, which is used to create a standard configuration to configure switches. All configurations are tied to specific switches by the switch serial number (or Service Tag) and are stored in the AmpCon-Campus database. After you use the AmpCon-Campus UI to push configurations to switches, each switch then downloads its appropriate configurations. At the same time, the switch accesses another AmpCon-Campus server component, License Manager, which accesses the customer’s account on the License Portal to generate a license key and install the license on the switch. The switch runs a shell script to automatically apply and validate the new configurations, update its status in the AmpCon-Campus database, and join the network. From your perspective, all these switch configurations happen with the touch of a button in the AmpCon-Campus UI. You can use the AmpCon-Campus UI to deploy dozens or hundreds of switches to far-flung sites while your network team stays at home and monitors the process centrally. Getting Started Welcome to the AmpCon-Campus management platform. AmpCon-Campus helps you deploy and manage your network more efficiently and gives you deep visibility into your network. Read “how to” guides to learn how to use AmpCon-Campus with your network landscape, and then start your AmpCon-Campus tour based on the quick start flow. Managing Switch Lifecycle Deploy, configure, and manage switches in one click with AmpCon-Campus. Step 1: Importing or Deploying Switches Step 2: Configuring Switches Step 3: Managing Switch Lifecycle Step 1: Importing or Deploying Switches To manage switches with AmpCon-Campus, you need to deploy switches or import switches first. For switches that are deployed but not deployed with AmpCon-Campus, you need to import these switches to AmpCon-Campus via IP Discovery. The importing process can be easily done through the AmpCon-Campus UI. image.png After you import switches, you can use AmpCon-Campus to configure and monitor these switches and manage the lifecycle of these switches. For switches that are not deployed, you can deploy these switches with AmpCon-Campus via Zero Touch Provisioning (ZTP). AmpCon-Campus simplifies the switch deployment process. For white-box switches, the deployment procedure is as follows: image.png Learn more about detailed deployment steps here. For integrated hardware and software switches, the deployment procedure is as follows: image.png Learn more about detailed deployment steps here. Step 2: Configuring Switches AmpCon-Campus includes native switch configuration management capabilities, which you can use to push configurations to a single or multiple switches. image.png After the desired configurations are pushed to switches and the network is stable, you might want to make sure that accidental changes don’t disrupt operations. You can back up and restore configurations for disaster recovery. image.png You can compare configurations for troubleshooting or auditing. Compare running configurations with initial configurations on the same switch Compare running configurations or backup configurations on one switch or on different switches image.png Step 3: Managing Switch Lifecycle By using AmpCon-Campus, you can upgrade PicOS on a single switch or on multiple switches at scale. image.png AmpCon-Campus supports Returning Merchandise Authorization (RMA), which means replacing a switch with another switch of the same switch model. When the hardware of a switch fails and is replaced with a new switch, you can RMA to take the configurations from the failed switch, install or upgrade PicOS, update the serial number of the new switch, and push the configurations to the new switch to seamlessly manage it with AmpCon-Campus. You can decommission (DECOM) a deployed switch to revoke the PicOS license and configurations from the switch. The decommissioned switch will not be managed by AmpCon-Campus. You can remove a deployed or imported switch from AmpCon-Campus. The switch will be removed from the AmpCon-Campus database and thus not be displayed in the AmpCon-Campus UI. You can connect to a switch from the AmpCon-Campus UI by creating an SSH session. image.png Viewing Network Landscape Explore powerful dashboards in AmpCon-Campus to have deep visibility into your network and devices. Switch View Page: Getting an Overview of All Switches The “Switch View” page gives you an overview of switches in your deployment and helps you understand the current status of all switches. The page covers the following information: The total numbers for different types of switch configurations and templates The proportion of switches in each lifecycle state The total numbers of switch models and their proportions The currently available license number The total number of devices that will expire in each month over the next six months The license usage information All activities for all switches and each activity progress The total numbers for different types of running tasks The total numbers for different types of automation jobs Learn more about the “Switch View” page here. image.png Switch Page: Diving Deep into Each Switch The “Switch” page lets you view all managed switches at a glance and monitors each switch by analyzing detailed telemetry metrics. Learn more about the “Switch” page here. image.png Telemetry Pages: Monitoring Switch Metrics To ensure the network is healthy and switches are working well, AmpCon-Campus uses the telemetry technology to automatically collect real-time and historical metric data from managed switches. You can view telemetry data of all managed switches in the “Telemetry Dashboard” page. Learn more about the “Telemetry Dashboard” page here. image.png You can view the telemetry data of a specific switch on the switch detail page to gain detailed insights into the switch. Learn more about the telemetry data on the switch detail page here. image.png Topology Page: Visualizing Your Network Structure The “Topology” page provides a map view to display switches and their connectivity status. You can drill down into an individual switch, right to the port level, to check port stats and overall health of the switch. Learn more about the “Topology” page here. image.png Wired Clients Page: Identifying Terminal Devices The “Wired Clients” page displays terminal devices connected to each managed switch. AmpCon-Campus supports automatically identifying terminal devices and manually adding terminal devices. Learn more about the “Wired Clients” page here. image.png Designing a Campus Fabric Design your campus fabric with AmpCon-Campus to eliminate complex networking configurations. Step 1: Preparing Supported Switches Step 2: Choosing Campus Fabric Types Step 3: Designing a Campus Fabric Step 4: Verifying the Fabric Deployment Step 1: Preparing Supported Switches Check the supported switches for fabric design. Import or deploy switches used for the fabric design. Add a site used for the fabric design. If you don’t create a site, you can use the built-in site default. Add switches to the site. These added switches will be used for the fabric design. Ensure that all switches used for the fabric design are up and connected to AmpCon-Campus. You can verify by clicking Service > Switch from the navigation bar and checking the Mgmt IP column. ✓: The switch is up and connected to AmpCon-Campus. x: The switch is down or not connected to AmpCon-Campus. Ensure that all switches used for the fabric design retain only basic routing configurations, without any other service configurations. Step 2: Choosing Campus Fabric Types AmpCon-Campus supports two standard-based campus fabric architectures, MLAG fabrics and IP Clos fabrics. These two fabric types cover the networking requirements of small, medium-sized, and large-scale campus fabrics. The MLAG fabric architecture is applicable to small or mid-size campus networking. This architecture simplifies the network topology, reduces latency, and lowers costs by eliminating the need for separate core and distribution devices. The 5-stage IP Clos fabric architecture is applicable to large-scale campus networking. This architecture provides a scalable and flexible solution for interconnecting multiple switches in a hierarchical manner, allowing efficient utilization of network resources and simplified routing. Step 3: Designing a Campus Fabric Click Topo > Campus Fabric from the navigation bar. On the “Topo” page, click + Campus Fabric. image.png Start to design a campus fabric by using AmpCon-Campus. The MLAG fabric design procedure and IP Clos fabric design procedure are similar. See the following diagram: image.png Learn more about the MLAG fabric design procedure here. Learn more about the IP Clos fabric design procedure here. Step 4: Verifying the Fabric Deployment On the “Topo” page, locate the fabric, and then click View. Click the Deployment Status button to go to the status page. Check the Deployment Status column to see whether the status is SUCCEED. If the deployment status of any switch is FAILED, click Log to check more details for troubleshooting. If the deployment status of any switch is PENDING, the fabric is waiting to be deployed. If the deployment status of any switch is RUNNING, the fabric is being deployed. If the deployment status of all switches is SUCCEED, the fabric deployment is finished. image.png Alerting for Predictive Maintenance Check for alarms to find issues, and enable email notifications to get informed and take actions when something unusual happens. Checking Alarms AmpCon-Campus automatically detects equipment failures and performance anomalies and displays discovered issues on the “Alarms” page. Click Monitor > Alarm from the navigation bar. On the “Alarms” page, you can check alarms of different types and then take corrective actions based on alarm details. You can filter alarms with alarm levels. The following alarm types are supported: Packet Loss Alarms Resource Usage Alarms Interface Monitoring Alarms Optical Module Alarms Learn more about alarms here. image.png Setting and Receiving Alarm Notifications If you need to be notified immediately when issues happen, you can enable the alarm notification feature to receive real-time notifications through emails. Configure an SMTP Server for sending, relaying, and routing email messages. image.png Configure a notification rule to define the alarm types, alarm levels, and fabrics to be monitored and to designate the email address to be notified. image.png Once done, alarm notifications will be sent to the designated email address. You can get notified immediately when issues happen and then take correction actions to prevent issue escalation. View all historical alarm notifications sent in the last 30 days for root cause analysis or auditing. image.png Running Ansible Playbooks Run Ansible playbooks on AmpCon-Campus to automate routine operations in your network. Prerequisites Ensure that each switch to run Ansible playbooks is managed by AmpCon-Campus. For more information, see Prerequisites. Step 1: Checking Pre-Built Playbooks AmpCon-Campus offers a series of pre-built Ansible playbooks for automating the following routines: Compliance and consistency checks, to ensure switches stay in compliance with industry regulations that require a certain configuration to maintain proper security and privacy Connectivity checks for PicOS Software Switches Network operation and remediation routines such as dynamic policy enforcement Click Maintain > Automation > Playbooks. On the “Playbooks” page, click the Show Pre-built Playbooks toggle. Check whether these pre-built Ansible playbooks meet your needs. If yes, click Save AS on the “Playbooks” page to create a copy playbook, and then go to Step 4: Running Playbooks. image.png Step 2: Writing or Importing Playbooks If the pre-built Ansible playbooks can’t meet your needs, you can create a customized workflow by writing a playbook on AmpCon-Campus or importing a local playbook to AmpCon-Campus. Click Maintain > Automation > Playbooks. On the “Playbooks” page, click + Playbook, and then write a playbook in the AmpCon-Campus UI. When you write playbooks for managed switches, refer to Examples for Ansible Playbooks. When you write playbooks for added Linux servers, refer to Using Ansible playbooks. image.png Click Import, and then Import a local playbook to AmpCon-Campus. image.png Step 3: Checking Playbook Syntax Before you run a playbook, check whether the playbook syntax is valid or not. image.png Step 4: Running Playbooks Run a playbook to complete the automation operations. You can designate the schedule type of the playbook run. Run Now: Executes the task immediately upon creation One Time: Executes the task within the selected time range after creation Scheduled: Executes the task periodically after creation image.png Step 5: Checking Ansible Job Results and Output After you run the Ansible playbook, you can check the execution result and output of the Ansible job. image.png Planning Before you install AmpCon-Campus, you must check supported information, installation requirements, and prepare the AmpCon-Campus license. Supported Information Before you deploy AmpCon-Campus, check the supported AmpCon-Campus deployments and supported switches. For detailed information, see the following child topics: Supported Deployments AmpCon-Campus supports the following deployments: Table 1. Supported Deployment Information Indicator Support information Deployment method VMware ESXi 6.7, 7.0, 8.0, QEMU / KVM for Ubuntu 22.04 LTS, Oracle VirtualBox for lab only, physical machine based on Ubuntu 22.04 TLS with Docker Maximum number of switches supported 1000 Maximum number of registered users 1000 Maximum number of online users 100 Storage duration of system logs 2 months Storage duration of operation logs 2 months Maximum storage of current alerts Unlimited Maximum storage of historical alerts 2 months Supported Switches for 2.2.x AmpCon-Campus 2.2.0 supports managing the following switches: NOTE You are recommended to install PicOS 4.6.0E or later. Or else, some features of AmpCon-Campus might not work. For switches with S3410 and S3270 switch models, the recommended PicOS version is 4.4.5.24 or later. FS Hardware Table 1. Supported FS Switches Category Model Port Configuration Switch ASIC CPU 1G Switch Portfolio S5870-48T6BC 48 x 1G, 4 x 25G,2 x 100G Trident3-X3 Intel x86 1G Switch Portfolio S5870-48T6BC-U 48 x 1G PoE, 4 x 25G, 2 x 100G Trident3-X3 Intel x86 1G Switch Portfolio S5870-48MX6BC-U 36 x 1/2.5G PoE, 12 x 1/2.5/5/10G PoE, 4 x 25G, 2 x 100G Trident3-X3 Intel x86 1G Switch Portfolio S5810-48TS-P 48 x 1G copper, 4 x 10G SFP+ Helix4 ARM Cortex A9 1G Switch Portfolio S5810-28TS 28 x 1G copper, 4 x 1G SFP, 4 x 10G SFP+ The last 4 x 1G copper ports and 4 x 1G SFP ports are combo ports. Helix4 ARM Cortex A9 1G Switch Portfolio S5810-28FS 8 x 1G copper, 28 x 1G SFP, 4 x 10G SFP+ The 8 x 1G copper ports and the first 8 x 1G SFP ports are combo ports. Helix4 ARM Cortex A9 1G Switch Portfolio S5810-48TS 48 x 1G copper,4 x 10G SFP+ Helix4 ARM Cortex A9 1G Switch Portfolio S5810-48FS 48 x 1G SFP,4 x 10G SFP+ Helix4 ARM Cortex A9 5G Switch Portfolio S5860-24MG-U 24 x 5G copper UPOE,4 x 25G SFP28 Hurricane3-MG ARM Cortex A9 5G Switch Portfolio S5860-48MG-U 48 x 5G copper UPOE, 4 x 25G SFP28, 2 x 40G QSFP+ Hurricane3-MG ARM Cortex A9 10G Switch Portfolio S5860-48XMG-U 48 x 10G copper UPOE, 4 x 25G SFP28, 2 x 40G QSFP+ Hurricane3-MG ARM Cortex A9 10G Switch Portfolio S5860-24XMG 24 x 10G copper, 4 x 10G SFP+, 4 x 25G SFP28 Hurricane3-MG ARM Cortex A9 10G Switch Portfolio S5860-48XMG 48 x 10G copper, 4 x 25G SFP28, 2 x 40G QSFP+ Hurricane3-MG ARM Cortex A9 10G Switch Portfolio S5860-20SQ 20 x 10G SFP+, 4 x 25G SFP28, 2 x 40G QSFP+ Hurricane3-MG ARM Cortex A9 10G Switch Portfolio S5860-24XB-U 24 x 10G copper UPOE, 4 x 10G SFP+, 4 x 25G SFP28 Hurricane3-MG ARM Cortex A9 10G Switch Portfolio N5850-48S6Q 48 x 10G, 6 x 40G Trident2+ Intel x86 10G Switch Portfolio N5850-48S6C 48 x 10G, 6 x 100G Trident3-X5 Intel x86 10G Switch Portfolio N5850-48X6C 48 x 10G-T, 6 x 100G Trident3-X5 Intel x86 1G Switch Portfolio S3410-24TS 24 x 1G/100M/10M copper, 4 x 10G/1G SFP+ Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410-24TS-P 24 x 1G/100M/10M copper PoE, 2 x 10G/1G SFP+ Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410-48TS 48 x 1G/100M/10M copper,4 x 10G/1G SFP+ Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410-48TS-P 48 x 1G/100M/10M copper PoE,4 x 10G/1G SFP+ Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410C-16TF 16 x 1G/100M/10M copper, 2 x 1G SFP Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410C-16TF-P 2 x 1G SFP,16 x 1G/10M/100M copper The first 8 copper ports support PoE. Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410C-16TMS-P 2 x 10G/1G SFP+, 2 x 5G/2.5G/1G copper PoE, 16 x 1G/100M/10M copper The first 6 x 1G/100M/10M copper ports support PoE. Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410C-8TMS-P 2 x 10G/1G SFP+,2 x 5G/2.5G/1G copper PoE, 8 x 1G/100M/10M copperThe first 6 x 1G copper ports support PoE. Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410L-24TF 24 x 1G/100M/10M copper, 4 x 1G SFP Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410L-24TF-P 24 x 1G/100M/10M copper PoE, 4 x 1G SFP Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410L-48TF 48 x 1G/100M/10M copper, 4 x 10G/1G SFP+ Hurricane2 ARM Cortex A9 1G Switch Portfolio S3270-10TM 10 x 1G/100M/10M copper, 2 x 2.5G/1G SFP Hurricane2 ARM Cortex A9 1G Switch Portfolio S3270-24TM 24 x 1G/100M/10M copper, 4 x 2.5G/1G SFP Hurricane2 ARM Cortex A9 1G Switch Portfolio S3270-48TM 48 x 1G/100M/10M copper, 4 x 2.5G/1G SFP Hurricane2 ARM Cortex A9 1G Switch Portfolio S3270-10TM-P 10 x 1G/100M/10M copper PoE, 2 x 2.5G/1G SFP Hurricane2 ARM Cortex A9 1G Switch Portfolio S3270-24TM-P 24 x 1G/100M/10M copper PoE, 4 x 2.5G/1G SFP Hurricane2 ARM Cortex A9 1G Switch Portfolio S5870-48T6S 48 x 1G-T, 6 x 10G Trident3-X2 Intel x86 1G Switch Portfolio S5870-48T6S-U 48 x 1G PoE, 6 x 10G Trident3-X2 Intel x86 25G Switch Portfolio N8550-48B8C 48 x 25G, 8 x 100G Trident3-X7 Intel x86 100G Switch Portfolio N8550-32C 32 x 100G Trident3-X7 Intel x86 100G Switch Portfolio N8550-64C 64 x 100G Tomahawk2 Intel x86 100G Switch Portfolio N8560-32C 32 x 100G QSFP28 Trident3 Intel x86 100G Switch Portfolio S5890-32C 32 x 100G QSFP28 Trident3-X7 Intel x86 25G Switch Portfolio S5580-48Y 48 x 25G, 8 x 100G Trident3-X7 Intel x86 Edgecore Hardware Table 2. Supported Edgecore Switches Category Model Port Configuration Switch ASIC CPU 1G Switch Portfolio AS4610-30P 24 x 1G PoE, 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio AS4610-30T 24 x 1G-T, 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio AS4610-54P 48 x 1G PoE, 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio AS4610-54T(B) 48 x 1G-T, 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio AS4625-54P 48 x 1G PoE, 6 x 10G Trident3-X2 Intel x86 1G Switch Portfolio AS4625-54T 48 x 1G-T, 6 x 10G Trident3-X2 Intel x86 1G Switch Portfolio AS4630-54PE (EPS202) 48 x 1G PoE, 4 x 25G Trident3 Intel x86 1G Switch Portfolio AS4630-54TE (EPS201) 48 x 1G PoE, 4 x 25G Trident3 Intel x86 Multi- Gig SwitchPortfolio AS4630-54NPE (EPS203) 36 x 1/2.5G PoE,12 x 1/2.5/5/10G PoE Trident3 Intel x86 10G Switch Portfolio AS5712-54X 48 x 10G, 6 x 40G Trident2 Intel x86 25G Switch Portfolio AS7312-54X(S) 48 x 25G, 6 x 100G Tomahawk+ Intel x86 25G Switch Portfolio AS7326-56X (DCS203) 48 x 25G, 8x 100G Trident3-X7 Intel x86 40G Switch Portfolio AS6812-32X 32 x 40G Trident2+ Intel x86 100G Switch Portfolio AS7712-32X (DCS501) 32 x 100G Tomahawk Intel x86 100G Switch Portfolio AS7726-32X (DCS204) 32 x 100G Trident3-X7 Intel x86 100G Switch Portfolio AS7816-64X (DCS500) 64 x 100G Tomahawk2 Intel x86 10G Switch Portfolio AS5812-54T (DCS209) 48 x 10G-T, 6 x 100G Trident3 Intel x86 10G Switch Portfolio AS5812-54X (DCS208) 48 x 10G, 6 x 100G Trident2+ Intel x86 10G Switch Portfolio AS5835-54T (DCS202) 48 x 10G RJ-45, 6 x 100G QSFP28 Trident3 Intel x86 10G Switch Portfolio AS5835-54X (DCS201) 48 x 10G SFP+, 6 x 100G QSFP28 Trident3 Intel x86 DELL Hardware Table 3. Supported DELL Switches Category Model Port Configuration Switch ASIC CPU 1G Switch Portfolio N3024EP-ON 24 x 1G PoE, 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio N3024ET-ON 24 x 1G, 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio N3048EP-ON 48 x 1G PoE, 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio N3048ET-ON 48 x 1G, 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio N3224F-ON 24 x 1G SFP, 4 x 10 G Trident3-X3 Intel x86 1G Switch Portfolio N3224P-ON 24 x 1G 30W PoE, 4 x 10G Trident3-X3 Intel x86 1G Switch Portfolio N3224T-ON 24 x 1G, 4 x 10G Trident3-X3 Intel x86 1G Switch Portfolio N3248P-ON 48 x 1G 30W PoE, 4 x 10G Trident3-X3 Intel x86 1G Switch Portfolio N3248TE-ON 48 x 1G, 4 x 10G Trident3-X3 Intel x86 Multi-Gig Switch Portfolio N2224PX-ON 24 x 1G/2.5G30W/60W PoE, 4 x 25G Hurricane3-MG Intel x86 Multi-Gig Switch Portfolio N2224X-ON 24 x 1G/2.5G, 4 x 25G Hurricane3-MG Intel x86 Multi-Gig Switch Portfolio N2248PX-ON 48 x 1G/2.5G30W/60W PoE, 4 x 25G Hurricane3-MG Intel x86 Multi-Gig Switch Portfolio N2248X-ON 48 x 1G/2.5G, 4 x 25G Hurricane3-MG Intel x86 Multi-Gig Switch Portfolio N3132PX-ON 24 x 1G PoE,8 x 1/2.5/5G PoE, 4 x 10G Firebolt 4 FS ARM Cortex A9 Multi-Gig Switch Portfolio N3208PX-ON 4 x 1/2.5/5G PoE,4 x 1G PoE, 2 x 10G SFP+ Hurricane3-MG Intel x86 Multi-Gig Switch Portfolio N3224PX-ON 24 x 1/2.5/5/10G 90W PoE, 4 x 25G Trident3-X3 Intel x86 Multi-Gig Switch Portfolio N3248PXE-ON 48 x 1/2.5/5/10G 90W PoE, 4 x 25G Trident3-X5 Intel x86 Multi-Gig Switch Portfolio N3248X-ON 48 x 1/2.5/5/10G, 4 x 25G Trident3-X5 Intel x86 10G Switch Portfolio S4048-ON 48 x 10G, 6 x 40G Trident2 Intel x86 10G Switch Portfolio S4128F-ON 28 x 10G, 2 x 100G Maverick Intel x86 10G Switch Portfolio S4128T-ON 28 x 10G, 2 x 100G Maverick Intel x86 10G Switch Portfolio S4148F-ON 48 x 10G SFP, 2 x 40G, 4 x 100G Maverick Intel x86 10G Switch Portfolio S4148T-ON 48 x 10G BASE-T, 2 x 40G, 4 x 100G Maverick Intel x86 25G Switch Portfolio S5212F-ON 12 x 25G, 3 x 100G Trident3-X5 Intel x86 25G Switch Portfolio S5224F-ON 24 x 25G, 4 x 100G Trident3-X5 Intel x86 25G Switch Portfolio S5248F-ON 48 x 25G, 8 x 100G Trident3-X7 Intel x86 25G Switch Portfolio S5296F-ON 96 x 25G, 8 x 100G Trident3-X7 Intel x86 100G Switch Portfolio Z9100-ON 32 x 100G Tomahawk Intel x86 100G Switch Portfolio Z9264F-ON 64 x 100G Tomahawk2 Intel x86 100G Switch Portfolio S5232F-ON 32 x 100G Trident3-X7 Intel x86 Delta Hardware Table 4. Supported Delta Switches Category Model Port Configuration Switch ASIC CPU 10G Switch Portfolio AG7648 48 x 10G Trident2 Intel x86 25G Switch Portfolio AG5648 v1-R 48 x 25G Tomahawk+ Intel x86 100G Switch Portfolio AG9032 v1 32 x 100G Tomahawk Intel x86 HPE Hardware Table 5. Supported HPE Switches Category Model Port Configuration Switch ASIC CPU 10G Switch Portfolio HPE AL 6921-54T 48 x 10G-T, 6 x 40G Trident2+ Intel x86 10G Switch Portfolio HPE AL 6921-54X 48 x 10G-T, 6 x 40G Trident2+ Intel x86 Installation Requirements Before you install AmpCon-Campus, check the following requirements: Server Requirements Ensure that the machine to install the AmpCon-Campus server meets the following requirements: Table 1. Server Requirement Details Indicators Requirements CPU Clock speed 2.0 GHz or faster Number of cores 4 CPU cores Memory 16 GB Hard disk 512 GB Operating systems Ubuntu 22.04 X86 architecture Network Requirements Set the firewall and proxy properly to allow the following network access. Ensure that the AmpCon-Campus server machine allows the following protocols and ports: Table 2. Network Requirement for the AmpCon-Campus Server Machine TCP/UDP Port Protocol TCP 80 HTTP TCP 443 HTTPS UDP 69 TFTP UDP 80 OpenVPN Ensure that the switch machines to be managed allow the following protocols and ports: Table 3. Network Requirement for Switches TCP/UDP Port Protocol TCP 22 SSH TCP 9339 gRPC/gNMI Browser Requirements When you use a browser to log in to the AmpCon-Campus UI, use Chrome 98, Edge 98, Firefox 94, or higher versions. Deploying AmpCon-Campus To deploy AmpCon-Campus, see the following instructions: Installing the AmpCon-Campus Server You can install the AmpCon-Campus server on a virtual machine or a physical machine by using one of the following methods: Installing on VirtualBox for Lab Only You can install the AmpCon-Campus server on VirtualBox for lab purposes only. Production environments require a proper enterprise-scale virtualization solution as described in Supported Deployments. For how to use VirtualBox in general, see the Oracle VirtualBox documentation. Prerequisites Ensure that the installation requirements are met. Download the compressed AmpCon-Campus server image file by going to the FS AmpCon-Campus website and then clicking AmpCon-Campus for VirtualBox 2.2.x Software in the Resources section. Put the compressed AmpCon-Campus server image file to the machine where the hypervisor exists, and unzip the file. Installation Procedure Open the VirtualBox console, and then click File > Import Appliance. image.png Select Local File System, and then select the AmpCon-Campus server .ova image file. image.png Confirm the settings for the .ova file, and then click Finish. image.png Wait for the importing process to finish. Once completed, the virtual machine is successfully imported, and the AmpCon-Campus server is installed. NOTE: The AmpCon-Campus server is installed in the /usr/share/automation/server directory. Currently, you can’t customize the installation directory. image.png Check the settings of the imported virtual machine. image.png Start the imported virtual machine by clicking the virtual machine and then clicking Start. image.png Modify the network interface configuration. a. Log in to the virtual machine with the default username (pica8) and password (pica8). b. Modify the IP address with the real IP address of the virtual machine. image.png c. Apply the network interface configuration by running the following command: sudo netplan apply Start the AmpCon-Campus server: a. Go to the AmpCon-Campus installation directory by running the following command: cd /usr/share/automation/server b. Start the AmpCon-Campus server by running the following command: sudo ./start.sh Now the AmpCon-Campus server is installed and started. What to Do Next After you install the AmpCon-Campus server, you need to add system configurations and import AmpCon-Campus Licenses. Installing on VMware ESXi You can install the AmpCon-Campus server on VMware ESXi 6.7, 7.0, 8.0. For how to use VMware ESXi in general, see the VMware ESXi documentation. Prerequisites Ensure that the installation requirements are met. Download the compressed AmpCon-Campus server image file by going to the FS AmpCon-Campus website and then clicking AmpCon-Campus for VMWare ESXi 2.2.x Software in the Resources section. Put the compressed AmpCon-Campus server image file to the machine where the hypervisor exists, and unzip the file. Installation Procedure Open the VMware ESXi console, and then click Create / Register VM. image.png Select Deploy a virtual machine from an OVF or OVA file, and then click Next. image.png Enter the virtual machine name, upload the AmpCon-Campus server .ovf and .vmdk files, and then click Next. image.png Confirm the storage type and datastore, and then click Next. image.png In the Network mappings drop-down list of the Deployment Options window, select the network adapter to which the virtual machine is connected, and then click Next. Click Finish. image.png Wait for the importing process to finish. Once completed, the virtual machine is successfully imported, and the AmpCon-Campus server is installed. NOTE The AmpCon-Campus server is installed in the /usr/share/automation/server directory. Currently, you can’t customize the installation directory. On the VMware ESXi console, click the new virtual machine name that you specified in step 3. image.png Click Console to open the virtual machine console. image.png Modify the network interface configuration. a. Log in to the virtual machine with the default username (pica8) and password (pica8). b. Modify the IP address with the real IP address of the virtual machine. sudo vi /etc/netplan/00-installer-config.yaml image.png c. Apply the network interface configuration by running the following command: sudo netplan apply Start the AmpCon-Campus server: a. Go to the AmpCon-Campus installation directory by running the following command: cd /usr/share/automation/server b. Start the AmpCon-Campus server by running the following command: sudo ./start.sh Now the AmpCon-Campus server is installed and started. What to Do Next After you install the AmpCon-Campus server, you need to add system configurations and import AmpCon-Campus Licenses. Installing on QEMU or KVM You can install the AmpCon-Campus server on QEMU or KVM. For how to use QEMU or KVM in general, see the KVM documentation and QEMU documentation. In this topic, KVM virt-manager is used to demonstrate the AmpCon-Campus server installation steps. Prerequisites Ensure that the installation requirements are met. Download the compressed AmpCon-Campus server image file by going to the FS AmpCon-Campus website and then clicking AmpCon-Campus for QEMU/KVM 2.2.x Software in the Resources section. Put the compressed AmpCon-Campus server image file to the machine where the hypervisor exists, and unzip the file. Installation Procedure Open the virt-manager console by running the following command: virt-manager Click the following button to start the importing process. image.png Select Import existing disk image, and then click Forward. image.png Click Browse to select the AmpCon-Campus server .qcow2 image file. image.png Click Browse Local to add a local location. image.png Find the location of the AmpCon-Campus server .qcow2 image file, and then click Open. image.png Select Ubuntu 22.04 LTS, and then click Forward. NOTE: Do not select other operating systems because AmpCon-Campus supports only Ubuntu 22.04 currently. image.png Adjust the memory and CPU settings as needed, and then click Forward. NOTE: The memory and CPU settings need to meet the Server Requirements. image.png In the Network selection section, select Macvtap device, and enter the device name. Then, click Finish. image.png Wait for the importing process to finish. Once completed, the virtual machine is successfully imported, and the AmpCon-Campus server is installed. NOTE: The AmpCon-Campus server is installed in the /usr/share/automation/server directory. Currently, you can’t customize the installation directory. image.png Modify the network interface configuration. a. Log in to the virtual machine with the default username (pica8) and password (pica8). b. Modify the IP address with the real IP address of the virtual machine. image.png c. Apply the network interface configuration by running the following command: sudo netplan apply Start the AmpCon-Campus server: a. Go to the AmpCon-Campus installation directory by running the following command: cd /usr/share/automation/server b. Start the AmpCon-Campus server by running the following command: sudo ./start.sh Now the AmpCon-Campus server is installed and started. What to Do Next After you install the AmpCon-Campus server, you need to add system configurations and import AmpCon-Campus Licenses. Installing on Physical Machines (Ubuntu Docker) You can install the AmpCon-Campus server on a physical machine based on Ubuntu 22.04 with Docker installed. Prerequisites Ensure that the installation requirements are met. Prepare a physical machine based on Ubuntu 22.04 with Docker installed. Download the AmpCon-Campus server installation package by going to the FS AmpCon-Campus website and then clicking AmpCon-Campus for Ubuntu Docker 2.2.x Software in the Resources section. Installation Procedure Unzip the AmpCon-Campus server installation package by running the following command: tar -zxvf Replace with the name of the compressed AmpCon-Campus server installation package. Modify the network interface configuration. a. Modify the IP address with the real IP address of the physical machine. sudo vi /etc/netplan/00-installer-config.yaml image.png b. Apply the network interface configuration by running the following command: sudo netplan apply Go to the directory where the unzipped AmpCon-Campus server installation files exist. cd Replace with the name of the directory containing the unzipped AmpCon-Campus server installation files. Install the AmpCon-Campus server by running the following command: sudo ./install_or_upgrade.sh Wait for the installation process to finish. Once completed, the AmpCon-Campus server is installed and started. NOTE The AmpCon-Campus server is installed in the /usr/share/automation/server directory. Currently, you can’t customize the installation directory. What to Do Next If multiple NICs are added to the virtual machine or physical machine, you must specify one NIC IP address, which is used by AmpCon-Campus server to establish connections with the switches to be managed, in the configuration file (/usr/share/automation/server/.env). Otherwise, the connections between the AmpCon-Campus server and the switches to be managed might fail. For more information, see Multi-NIC Deployment for Switch Connectivity. After you install the AmpCon-Campus server, you need to add system configurations and import AmpCon-Campus Licenses. Multi-NIC Deployment for Switch Connectivity As described in Installing the AmpCon-Campus Server, you need to import the AmpCon-Campus image file to a virtual machine or unzip the AmpCon-Campus installation packet file on a physical machine to install the AmpCon-Campus server. If multiple NICs are added to the virtual machine or physical machine, you must specify one NIC IP address, which is used by AmpCon-Campus server to establish connections with the switches to be managed, in the configuration file (/usr/share/automation/server/.env). Otherwise, the connections between the AmpCon-Campus server and the switches to be managed might fail. NOTE When you install the AmpCon-Campus server on a virtual machine, the imported AmpCon-Campus image file contains only one Network Interface Card (NIC). But you can manually add more NICs. When you install the AmpCon-Campus server on a physical machine, the AmpCon-Campus installation package file is not an image file, and thus no NIC is contained in the file. But you can manually add one or multiple NICs to the physical machine. Prerequisite Ensure that the AmpCon-Campus server is installed on a virtual machine or a physical machine. Procedure Log in to the virtual machine or the physical machine, and then open the /usr/share/automation/server/.env file. sudo vim /usr/share/automation/server/.env Locate the line containing PROD_IP= in the file, and add the NIC IP address of the AmpCon-Campus server machine, which is used to connect to the switches to be managed. image.png Restart the AmpCon-Campus server by the following commands: cd /usr/share/automation/server/ sudo ./start.sh Adding System Configurations Before you deploy, configure, and manage switches with AmpCon-Campus, you must configure system configurations in the AmpCon-Campus UI. System Configurations System configurations contain the following two types: Global system configuration The first time you log in to AmpCon-Campus, you must add information to the global system configuration, The global system configuration can’t be removed. Non-global system configuration If the default username and password of switches to be managed are different, you can add multiple non-global system configurations. You can remove the non-global system configuration if it is not needed. A system configuration contains the following information: The URL, username, and password of the License Portal. The information is used to send requests to the License Portal. Default username and password of switches to be managed. The information is used to access the switches. A security configuration file with PicOS security-related set CLIs. Before you deploy and configure a switch, the switch needs to be configured with an initial security configuration to eliminate any unauthorized access. Security Config file is loaded to switch at the beginning of switch deployment. A parking security configuration file, which is used to push initial parking security configuration for those switches in the parking status. This configuration is not included in the non-global system configuration. The maximum backup number for the configuration snapshots. This configuration is not included in the non-global system configuration. The IP ranges of switches that are allowed for AmpCon-Campus management. This configuration is not included in the non-global system configuration. Whether to enable debug logs for server-side operations or not. This configuration is not included in the non-global system configuration. Adding a Global System Configuration The first time you log in to AmpCon-Campus, the global system configuration is blank. You must configure the global system configuration: Log in to the AmpCon-Campus UI with the URL of the AmpCon-Campus server in the format of "https://.com/login" or "https:///login". The default AmpCon-Campus UI username and password is admin/admin. Click Service > System Config from the navigation bar. On the “System Config” page, input the following information: Configuration Name: The name of the configuration. Device Default Login User: The default username of switches to be managed. Device Default Password: The default password of the default user. NOTEs Ensure that the Device Default Login User and Device Default Password on the “System Configuration” page can be used to log in to these switches. If the switches to be managed don’t share the same username and password in the global system configuration, create one or multiple non-global system configurations and apply system configurations to these switches based on the Device Default Login User and Device Default Password values. License Portal URL: https://license.pica8.com License Portal User: The user ID for the License Portal. License Portal Password: The password of the user for the License Portal. Config Backup Number: The maximum backup number for the configuration snapshots. DB Backup Number: The allowed maximum number of database backups. Security Config File: The .txt file with PicOS security-related set CLIs. Parking Security Config File: Optional. To eliminate any unauthorized access, switches in the parking lot need to be configured with an initial parking security configuration. That is, configurations in Initial parking security config file will be pushed to switches that already registered to AmpCon-Campus but without generated configurations. Allow Switch Source IP: Optional. Allow specified subnets from which switches can access AmpCon-Campus. Debug: Optional. Enable debug logs for server-side operations or not. Click Save. image.png The global system configuration is configured now. If you don’t add non-global system configurations, the global system configuration will be used to deploy switches. Adding a Non-global System Configuration To add a non-global system configuration, follow these steps: Log in to the AmpCon-Campus UI, and click Service > System Config. Click the + icon. The “Add New System Config” page opens. Input the following information： Configuration Name: The name of the configuration. Device Default Login User: The default username of switches to be managed. Device Default Password: The default password of the default user. License Portal URL: https://license.pica8.com License Portal User: The user ID for the License Portal. License Portal Password: The password of the user for the License Portal. License Portal URL, License Portal User, and License Portal Password are used to access the License Portal. Security Config File: The .txt file with PicOS security-related set CLIs. image.png Click Add. After you add the non-global system configuration, you can do the following actions: To view the switch information associated with the system configuration, click View Associated Switch on the ”System Config” page. image.png To apply a non-global system configuration to specific switches, click Manage Switch, select the switches, and then click Save. image.png To remove a non-global system configuration, click View Associated Switch to check whether the system configuration is associated with any switches or not. If not, click Remove. NOTE If the non-global system configuration is still associated with some switches, the removal will fail. You need to click Manage Switch to unselect these switches first. Importing AmpCon-Campus Licenses AmpCon-Campus is the control center for all switch licensing. It tracks the current switch entitlement and allows the appropriate number of switches to be managed by AmpCon-Campus. AmpCon-Campus needs a valid license with active support to perform its functions. The following license types are provided: Trial license: The trial period lasts for 90 days and an additional 14 days. After the trial license is expired, you must install a formal license to continue using AmpCon-Campus. Formal license: After a formal license is installed, you cannot install a trial license. To manage switches with AmpCon-Campus, you need to add the Hardware IDs of the switches to an AmpCon-Campus license and then import the license to AmpCon-Campus. Prerequisite Obtain the Hardware ID of each switch that you want to manage by running the following commands in each switch: run start shell sh sudo license -s image.png Creating an AmpCon-Campus License To create an AmpCon-Campus license, follow these steps: Log in to the License Portal, and then click AmpCon Licenses > New AmpCon License. NOTE You can get the username and password of the License Portal from the sales team. Input the following information: Software Type: Select Ampcon-Campus. Software Version: Select AmpCon-Campus 2.2.0. Device Type: From the drop-down list, select a device type. Feature Type: Select Foundation. Currently, only the Foundation feature type is supported. License Type: Select Trial License or Standard License. License Name: The name of the license. In the Addition Method section, select either of the following ways: Form input: Enter the Hardware IDs of switches to be managed with AmpCon-Campus, and select the expiration date. image.png File upload: Click Upload to upload a .xlsx file with the Hardware IDs of switches to be managed with AmpCon-Campus and the expiration date. You can click Blank template to download a .xlsx template file. image.png Click Add AmpCon License. Importing an AmpCon-Campus License To import an AmpCon-Campus license, follow these steps: Get the updated or new license from the License Portal. Log in to the License Portal, and then click AmpCon Licenses. Click Copy to copy the license string or click Download to download the .lic license file. image.png In the AmpCon-Campus UI, click System > Software License > License Management from the navigation bar. On the “License Management” page, click Import. Select either of the following ways to import licenses: Select Copy License.txt, and paste the license strings that you copied in step 1.b to the License Key box. image.png Select Copy License.lic, and then upload the .lic license file that you downloaded in step 1.b in the License Key selection box. image.png Click Apply. After you import the new license, the All Licenses table is refreshed. Optional: Editing an AmpCon-Campus License After you create an AmpCon-Campus license, if you want to manage new switches with AmpCon-Campus, you can edit the license. Follow these steps: Log in to the License Portal, and click AmpCon Licenses. Locate the license that you want to edit, and click the edit icon in the Total hw-ids column. Click the Add Device icon, enter the Hardware ID of each new switch that you want to manage, and select the expiration date. image.png Click Save. NOTE After you edit a license, import the updated license to AmpCon-Campus so that newly added switches can be managed by AmpCon-Campus. For more information, see Importing a License. Upgrading the AmpCon-Campus Server To upgrade the AmpCon-Campus server, follow these steps: Procedure Download the new AmpCon-Campus server package from the FS website. Go to the package directory, and run the following upgrade command: sudo install_or_upgrade.sh image.png Wait for the upgrade process to complete. Once you see a success message, the upgrade is finished. image.png Log in to the AmpCon-Campus UI to see whether the server is upgraded to the new version. Uninstalling the AmpCon-Campus Server To uninstall the AmpCon-Campus server, follow these steps: Procedure Go to the root directory of the AmpCon-Campus server, and run the stop script with sudo privileges: cd /usr/share/automation/server sudo ./stop.sh Clear the files in the server directory with sudo privileges: sudo rm -rf /usr/share/automation/server Administering AmpCon-Campus You can administer AmpCon-Campus by using the user interface. For more information, see the following child topics: Managing User Access After you deploy AmpCon-Campus, you can manage user access so that users are assigned with appropriate permissions. NOTE Only users with the SuperAdmin role have access to the “User Management” page. Adding, editing, or deleting users, login restrictions, and TACACS+ configuration are only available to AmpCon-Campus users with the SuperAdmin role. Role-Based Access Control Role-Based Access Control (RBAC) is used to permit individual users to perform specific actions and get visibility to an access scope. Each user can be assigned to a specific role with associated permissions. AmpCon-Campus supports the following user roles. The permission levels are as follows: SuperAdmin > Admin > Operator > Readonly. SuperAdmin Provides access to all AmpCon-Campus functions The only role that can manage users and groups Admin Provides access to almost all AmpCon-Campus functions Can’t manage users and groups Can’t access Switch model and System Config Operator Provides access to most of AmpCon-Campus functions Can’t manage users and groups Can’t access Switch model and System Config Can’t view and manage licenses and can’t view license logs Can view but can’t configure Campus Fabric and Wired Clients Readonly Views limited pages such as Dashboard, Switch, Topology, Config Files View, and Alarms Provides access to CLI Configuration, Template Verify, and Config Snapshot Diff User Self-Management All AmpCon-Campus users can change their own passwords and email addresses. Follow these steps: In the AmpCon-Campus UI, click the username, and then click User Management. image.png To change the user password, enter a new password in the New Password field, and then enter the password again in the Confirm Password field. image.png To change the email address associated with the AmpCon-Campus user, enter a new email address in the Email field. Managing All Added Users Adding a Global User or a Group User When you add a user, you need to select a user role for the user and specify the user type (a group user or a global user). A group user means that the user is a member of a specific group. A global user means that the user is not limited to a group. To add a user, follow these steps: Log in to the AmpCon-Campus UI with a user of the SuperAdmin role. Click System > User management from the navigation bar. Click Add User, and enter the following information: User Name: The username. User Password: The password of the user. The password needs to be a combination of uppercase letters, lowercase letters, numbers, and special symbols. The character count needs to be greater than 10. Confirm Password: The password of the user. User Role: SuperAdmin, Admin, Operator, or Readonly. User Type: Global or Group. Email: The email of the user. If you select Group as the user type, select a group name from the Group Name drop-down list. To assign the user to a new group that hasn’t been created, create a group as described in Managing Groups. image.png Click OK. Editing Users To edit an added user, follow these steps: Log in to the AmpCon-Campus UI with a user of the SuperAdmin role. Click System > User management from the navigation bar. On the “User Management” page, locate a user, and then click Edit. NOTE The built-in user admin can’t be edited here. Modify user information as needed. image.png Click OK. Deleting Users To delete an added AmpCon-Campus user, follow these steps: Log in to the AmpCon-Campus UI with a user of the SuperAdmin role. Click System > User management from the navigation bar. On the ”User Management” page, locate a user, and then click Delete. NOTE The built-in user admin can’t be deleted. image.png In the pop-up window, click Yes to confirm the deletion. Setting Login Restrictions for AmpCon-Campus Users You can lock an added user so that the user can’t be used to log in to the AmpCon-Campus UI. Or you can unlock an added user to enable the login again. NOTE The built-in user admin can’t be locked or unlocked. To lock an added user, follow these steps: Log in to the AmpCon-Campus UI with a user of the SuperAdmin role. Click System > User management from the navigation bar. On the ”User Management” page, locate a user, and then click Lock. In the pop-up window, click Yes to confirm the lock operation. To unlock an added user, follow these steps: Log in to the AmpCon-Campus UI with a user of the SuperAdmin role. Click System > User management from the navigation bar. On the ”User Management” page, locate the locked user, and then click Unlock. image.png In the pop-up window, click Yes to confirm the unlock operation. Now you can log in to the AmpCon-Campus UI with the user again. User Permissions on Menu Pages For menu pages in the AmpCon-Campus UI, different user roles have different permissions. For more information, see the User Permission Table topic. Configuring TACACS+ Authentication and Authorization In addition to using local users (global users or group users), you can also enable the TACACS+ integration to manage user access. For more information, see the Configuring TACACS+ Authentication and Authorization topic. User Permission Table For menu pages in the AmpCon-Campus UI, different user roles have different permissions. See the following table: User Permissions on Menu Pages Table 1. Menu Permissions Configuring TACACS+ Authentication and Authorization AmpCon-Campus supports integrating with the Access Controller Access Control System (TACACS+) server to do authentication and authorization for the AmpCon-Campus login users. In addition to using local users (global users or group users), you can also enable the TACACS+ integration to manage user access. Before You Begin Procedure Sample Configuration of Authorization Level on TACACS+ Server (Linux tac_plus) Before You Begin Before you enable the TACACS+ integration, read the following notes: You can configure at most two TACACS+ servers on the AmpCon-Campus server. One is the primary and active server, while the other one is the secondary server, which is used for backup. Configure the secondary server only when backup is needed. You can designate authorization levels by using the priv-lvl parameter on the TACACS+ server. The priv-lvl configuration is sent in the TACACS+ authorization response. The priv-lvl parameter value is mapped to one of these local role levels: Readonly, Operator, Admin, and Superadmin. For how to configure authorization levels on the TACACS+ server, see the Sample Configuration of Authorization Level on TACACS+ Server (Linux tac_plus) section. AmpCon-Campus sends authorization requests with “Arg[0]” service=AmpCon-Campus. On the TACACS+ server, you need to set the value of the parameter “service=AmpCon-Campus” to process authorization requests of AmpCon-Campus users. If both the primary and the secondary TACACS+ servers are unreachable, you can use local users (global user or group user) to log in to the AmpCon-Campus UI. Procedure To enable the TACACS+ integration, follow these steps: In the AmpCon-Campus UI, click System > User management. Click TACACS+ Settings. Click Enable to activate the TACACS+ service. The TACACS+ Settings pop-up window is displayed. image.png Enter the following information: Parameter Description Enable Enable or disable TACACS+ authentication and authorization. Primary Server IP The IP address of the primary TACACS+ server. Secondary Server IP Optional. The IP address of the backup TACACS+ server. Server Key The shared key of TACACS+. NOTE The value of the Server Key field needs to be the same as the shared keys of the primary and secondary TACACS+ servers. The shared keys on both TACACS+ servers need to be the same. Session Timeout The TACACS+ connection timeout in seconds. Auth Protocol The authentication protocol type of TACACS+ including ASCII, PAP, or CHAP. TACACS+ User Level Mapping The mapping ranges for TACACS+ authorization. The configuration page displays the default mapping values. You can configure a custom range for mapping values. The values are integers that range from 0 to15. NOTEs Don’t overlap any range with other ranges among different user levels.If the priv-lvl configuration of a user on the TACACS+ server is not found in the level-mapping configuration on AmpCon-Campus, the user role level is mapped to Readonly. Click OK. Sample Configuration of Authorization Level on TACACS+ Server (Linux tac_plus) For how to configure authorization levels on the TACACS+ server, see the following example: user = leontest { global = cleartext "abc" service = AmpCon { default attribute = permit priv-lvl = 15 } } user = automation1 { global = cleartext "automation" service = AmpCon { default attribute = permit priv-lvl = 10 } } user = testtest { global = cleartext "testtest" service = AmpCon { default attribute = permit priv-lvl = 5 } } user = testpica8 { global = cleartext "testpica8" service = AmpCon { default attribute = permit priv-lvl = 1 } } Updating the Encrypt Key for Sensitive Data Encryption After you deploy AmpCon-Campus, a default encrypt key is generated to encrypt sensitive data in the AmpCon-Campus database. In this way, plain text like password and sensitive TACACS+ keys is not shown in the AmpCon-Campus UI. You can update the encrypt key as you need. Procedure To update the encrypt key, follow these steps: Log in to the AmpCon-Campus UI, and click Service > System Config. On the “Global System Config” page, click Update Encrypt Key. Enter the original key and the new key. The default encrypt key is pica8pica8 image.png Click Save. Configuring External Syslog Servers You can forward AmpCon-Campus logs to other external Syslog servers. Prerequisite Ensure that the Syslog service of the target server is enabled. Procedure To update the encrypt key, follow these steps: Log in to the AmpCon-Campus UI, and click Service > System Config. On the “Global System Config” page, click Syslog Config. Enter the following information: IP: The IP address of the external Syslog server. Port: The port number of the external Syslog server. Protocol: TCP or UDP. Level: SUCCESS or ERROR. The mapping rules of AmpCon-Campus Log levels and Syslog rules are as follows: SUCCESS is equal to info (level=6) ERROR is equal to warning (level=4) For example, if the ERROR level is specified, the Syslog server receives logs with a warning level or higher from AmpCon-Campus. image.png Click Add. Verifying Syslog Forwarding To verify whether AmpCon-Campus logs can be forwarded to the Syslog server, follow these steps: Log in to the AmpCon-Campus UI, and click Service > System Config. In the License Portal User field, enter an incorrect username, and click Save. image.png Access the AmpCon-Campus server by using MobaXterm for verification. image.png Backing up and Restoring the AmpCon-Campus Database You can back up and restore the AmpCon-Campus database securely for disaster recovery. Prerequisite The allowed maximum number of database backups is set based on the DB Backup Number field on the “System Config” page. Before you create a database backup, ensure that the current backup number doesn’t reach the allowed maximum number. You can remove a database backup if it is not needed. image.png Creating a Database Backup To create a database backup, follow these steps: Log in to the AmpCon-Campus UI, and click Maintain > System Backup. Click Backup. The Create Backup Config pop-up window opens. Enter the following information: Backup Name: The name of the backup to differentiate from the other backups. Encrypt Key: The encrypt key that you set on the global “System Config” page. The default encrypt key is pica8pica8 AmpCon Version: The version of AmpCon-Campus that you use. Click OK. Restoring from a Database Backup To restore from a database backup, follow these steps: NOTE The restore operation can only be executed once, and after an update, previous files cannot be restored. Log in to the AmpCon-Campus UI, and click Maintain > System Backup. Locate the backup, and click Restore on the right. In the Restore Backup Config pop-up window, enter the following information: Encrypt Key: The encrypt key that you set on the global “System Config” page. The default encrypt key is pica8pica8 AmpCon Version: The version of AmpCon-Campus that you use. image.png Click OK. Optional: Editing a Database Backup To edit a database backup, follow these steps: Log in to the AmpCon-Campus UI, and click Maintain > System Backup. Locate the backup, and click Edit on the right. In the Edit Backup Config pop-up window, modify the backup name or AmpCon-Campus version as you need. Click OK. Optional: Removing a Database Backup To remove a database backup, follow these steps: Log in to the AmpCon-Campus UI, and click Maintain > System Backup. Select the backup, and click Remove on the right. Click Yes to confirm the removal. Designing Campus Fabrics AmpCon-Campus supports two standard-based campus fabric architectures, MLAG fabrics and IP Clos fabrics. You can deploy an MLAG campus fabric on a two-layer network with the collapsed core and access layers. Or you can deploy an IP Clos campus fabric on a campus-wide network that involves multiple buildings with separate distribution and core layers. These two fabric types, which have different use cases, cover the networking requirements of small, medium-sized, and large-scale campus fabrics. You can choose a fabric type based on your network needs. AmpCon-Campus helps you eliminate complex campus networking configurations during the fabric design and management process. Supported Switches This feature supports only switches with PicOS 4.6.0E or later installed. Check the supported switch list in Supported Switches for Fabric Design. Key Concepts You need to understand networking-related concepts. For more information, see Key Concepts. Prerequisites Make sure that the following prerequisites are met: Create a site as described in Adding a Site. If you don’t create a site, you can use the built-in site default. Import or deploy switches used for the fabric design. For more information, see Deploying or Importing Switches. Add switches used for the fabric design to the site. For more information, see Adding Switches to a Site. Ensure that all switches used for the fabric design are up and connected to AmpCon-Campus. You can verify by clicking Service > Switch from the navigation bar and checking the Mgmt IP column. ✓: The switch is up and connected to AmpCon-Campus. x: The switch is down or not connected to AmpCon-Campus. Ensure that all switches used for the fabric design retain only basic routing configurations, without any other service configurations. Choosing a Campus Fabric Type You can use AmpCon-Campus to design an MLAG campus fabric or an IP Clos campus fabric. To determine which campus fabric type to use, see Choosing Campus Fabric Types. Designing Procedure To design an MLAG campus fabric, see Designing MLAG Fabrics. To design an IP Clos campus fabric, see Designing IP Clos Fabrics. Currently, this feature is for experimental purposes only. What to Do Next After you complete the fabric deployment, you can use AmpCon-Campus to manage the fabric and configure, manage, or monitor switches in the fabric. See the following topics: Key Concepts Before you design a campus fabric, you need to understand the following concepts: Autonomous System (AS) A collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain, which presents a common and clearly defined routing policy to the Internet. Each AS is assigned an autonomous system number (ASN), for use in Border Gateway Protocol (BGP) routing. An AS is a collection of routers and networks under a single technical administration, using an interior routing protocol and common metrics to determine how to route packets within the AS, and using an exterior routing protocol to determine how to route packets to other AS. Border Gateway Protocol (BGP) A routing protocol used to connect independent systems on the Internet. It is designed by the Internet Engineering Task Force (IETF) as a robust, scalable, and well-defined protocol for exchanging routing information among BGP routers within a single AS (IBGP) or among different AS (EBGP). DHCP Snooping A Layer 2 security function that monitors and controls DHCP traffic on a network. It inspects DHCP messages and blocks unauthorized DHCP servers from distributing IP addresses, thereby mitigating potential attacks such as DHCP spoofing or rogue server activity. DHCP Relay A function implemented in Layer 3 switches to forward DHCP messages between DHCP clients and servers across different subnets. Ethernet Virtual Private Network (EVPN) EVPN is a next-generation VPN solution that introduces a control plane to better control the MAC address learning process. Fabric The logistic representation of an actual physical network. You can deploy a physical network by designing a fabric. Multi-Chassis Link Aggregation (MLAG) Implements link aggregation among multiple devices. AmpCon-Campus networking solution supports using MLAG on leaf switches. Two leaf switches set up an MLAG through peer links. Both peer leaf switches are displayed as a logical device on the forwarding plane and as two independent switches on the management control plane. Upgrading and replacing devices are carried out independently, achieving simple maintenance and high running reliability. Network Access Control (NAC) A security solution that ensures only authorized devices and users can access a network. It enforces policies to control access based on factors such as device type, user identity, and compliance with security standards. AmpCon-Campus supports the following NAC authentication methods: 802.1X authentication offers a high level of security, but it requires the installation of an 802.1X client on the end-user devices, making network deployment less flexible. The MAC authentication method in NAC does not require client installation, but it necessitates registering MAC addresses on the authentication server, which complicates management. Open Shortest Path First (OSPF) A dynamic interior gateway protocol that uses link-state information to build and maintain a complete and consistent map of the network topology within an AS. It employs the Dijkstra algorithm to calculate the shortest path tree from each router to all the other routers in the AS, based on which routing tables are built. Overlay Network An overlay network is a virtual network built on top of the underlay network. It allows for the creation of logical, software-based networks that can span the entire physical network. This abstraction layer simplifies the management of network resources and services and allows for greater flexibility and scalability. Technologies such as Virtual Extensible LAN (VXLAN) or EVPN are examples of overlay networks, providing advanced functionalities like network virtualization and multi-tenancy. If the underlay network is like the physical roads connecting different cities (the devices), the overlay network is like the GPS that helps you navigate these roads most efficiently and can also create virtual pathways or tunnels (VXLAN) to reach distant cities more directly. The underlay network refers to the physical infrastructure and protocols that make data transmission possible. In contrast, the overlay network is a virtual, software-defined layer that sits on top of the underlay network, allowing for advanced network functionalities and easier management. Overlay Network Control Plane Manages the creation, maintenance, and tear-down of overlay networks, which are virtual networks built on top of an underlying physical network (the underlay). The control plane ensures efficient communication between endpoints, handles network virtualization, and supports advanced features like multi-tenancy, workload mobility, and scalability. Overlay Data Plane Responsible for the actual forwarding of traffic within an overlay network, including packet encapsulation, packet decapsulation, traffic forwarding, secure transmission of data, prioritizing certain types of traffic by using QoS policies, and distributing traffic across multiple paths in the underlay using mechanisms like Equal-Cost Multi-Path (ECMP). Underlay Network The physical infrastructure (routers, switches, cabling) that transports the actual network traffic. It is the foundational layer of your network that includes all the hardware and protocols needed for data transmission. Virtual Routing and Forwarding (VRF) The technology that allows multiple instances of a routing table to coexist within the same router at the same time. It enables logical isolation between different networks on the same physical device. By using VRF, different instances can use the same IP address without conflicts. Virtual Extensible Local Area Network (VXLAN) The overlay network virtualization technology that enables the creation of virtual Layer 2 networks across Layer 3 network boundaries by encapsulating Layer 2 frames within Layer 3 UDP packets. VXLAN extends traditional VLAN technology, addresses the limitations of VLANs, such as the 4096-network limit, and meets the needs of large-scale, virtualized campus networks with multi-tenant capabilities. Supported Switches Before you design your fabric, check the supported switches based on the campus fabric type that you choose. MLAG Fabrics See the following supported access-layer and core-layer switches for MLAG fabrics: Table 1. Supported Switches for MLAG Fabrics Access Layer Core Layer All Edgecore, DELL, Delta, and HPE white-box switches supported by AmpCon-Campus FS switches S5870-48T6BC S5870-48T6BC-U S5870-48T6S S5870-48T6S-U S5870-48MX6BC-U S5860-20SQ S5860-24MG-U S5860-24XB-U S5860-24XMG S5860-48MG-U S5860-48XMG S5860-48XMG-U S5810-28FS S5810-28TS S5810-48FS S5810-48TS S5810-48TS-P All Edgecore, DELL, Delta, and HPE white-box switches supported by AmpCon-Campus FS switches S5860-20SQ N5850-48S6Q N5850-48X6C N8550-32C N8550-48B8C N8550-64C N8560-32C N5850-48S6C N8550-24CD8D S6860-24CD8D S5890-32C S5580-48Y IP Clos Fabrics See the following supported access-layer, distribution-layer, and core-layer switches for IP Clos fabrics: Table 2. Supported Switches for IP Clos Fabrics Access Layer Distribution Layer Core Layer Edgecore switches AS7726_32X AS6812_32X AS7326_56X AS5835_54T AS5835_54X AS5812_54T AS5812_54X AS4630-54NPE AS4630-54PE DELL switches N3248P-ON S5212F-ON N3224PX-ON N3248TE-ON N3224F-ON S5224F-ON S5248F-ON S5296F-ON N3224T-ON S5232F-ON N3248X-ON N3248PXE-ON N3224P-ON FS switches S5870-48T6BC S5870-48T6BC-U S5870-48T6S S5870-48T6S-U S5870-48MX6BC-U Edgecore switches AS7726_32X AS6812_32X AS7326_56X AS5835_54T AS5835_54X AS5812_54T AS5812_54X AS4630-54NPE AS4630-54PE DELL switches N3248P-ON S5212F-ON N3224PX-ON N3248TE-ON N3224F-ON S5224F-ON S5248F-ON S5296F-ON N3224T-ON S5232F-ON N3248X-ON N3248PXE-ON N3224P-ON FS switches N8550-48B8C N8550-32C N8550-64C N8560-32C S5890-32C S5580-48Y Edgecore switches AS7726_32X AS6812_32X AS7326_56X AS5835_54T AS5835_54X AS5812_54T AS5812_54X AS4630-54NPE AS4630-54PE DELL switches N3248P-ON S5212F-ON N3224PX-ON N3248TE-ON N3224F-ON S5224F-ON S5248F-ON S5296F-ON N3224T-ON S5232F-ON N3248X-ON N3248PXE-ON N3224P-ON FS switches N8560-32C S5890-32C N8550-32C Choosing Campus Fabric Types You can use AmpCon-Campus to design an MLAG campus fabric or an IP Clos campus fabric. Currently, the IP Clos fabric feature is for experimental purposes only. To determine which campus fabric type to use, see the following descriptions: MLAG Campus Fabric Use Cases AmpCon-Campus supports the two-layer (collapsed core layer and access layer) MLAG fabric architecture, which is scalable to a certain extent and is applicable to small or mid-size campus networking. This architecture simplifies the network topology, reduces latency, and lowers costs by eliminating the need for separate core and distribution devices. To avoid single-point failure, two collapsed core switches are added to MLAG, and each access switch connects to both collapsed core switches. If your topology is simple and very small, the two-layer MLAG fabric is sufficient. However, when your topology is complex, you are suggested to deploy an IP Clos campus fabric. Components The two-layer MLAG fabric architecture contains the following components: Collapsed core layer The layer where the core and distribution layers are consolidated into a single unified structure. Access layer The layer that connects devices like computers, printers, and wireless access points to the rest of the network. Situated at the network's edge, access switches serve as the entry point for end user devices to communicate with each other and with the network infrastructure. Network Architecture The two-layer MLAG fabric architecture in AmpCon-Campus is as follows: Figure 1. MLAG Fabric Architecture image.png The core layer consists of Layer 3 switches, the access layer consists of Layer 2 switches, and the access gateway is located at the core layer. OSPF or BGP is used as the underlay routing protocol to establish Layer 3 routing and provide routing configurations for the core switches and uplink devices (such as routers, gateways, and firewalls). At the port level, you can select the uplink port of each core switch to be connected to a WAN device. After each uplink port is chosen, AmpCon-Campus automatically assigns an uplink IP address, adds the link subnet to BGP or OSPF, and creates a default route to the WAN device. The core switches and the WAN device establish routing neighbor relationships and exchange routing information. The collapsed core switches handle both the aggregation of access-layer traffic and the high-speed forwarding of data across the network, making it suitable for smaller or less complex networks where scalability and redundancy requirements are not highly required. No overlay technology is introduced to this architecture. IP Clos Campus Fabric Use Cases Enterprise campus networks are undergoing massive transitions to accommodate the growing demand for networks. To meet the demands of modern networks, campus networks must prioritize the most critical functionalities, such as robust network bandwidth, high availability, scalability, and security. The IP Clos fabric architecture provides a scalable and flexible solution for interconnecting multiple switches in a hierarchical manner, allowing efficient utilization of network resources and simplified routing. It’s more suitable for large-scale campus networking. Enhance network scalability The IP Clos fabric architecture extends EVPN to connect VXLANs across multiple buildings. You can rapidly and easily scale up your campus network without adding complexity. By managing IP Clos fabrics with AmpCon-Campus, you can easily add core, distribution, or access layer switches when your business grows without having to redesign the network. Improve network flexibility The IP Clos architecture uses a Layer 3 IP-based underlay network and an EVPN-VXLAN overlay network. In the underlay, the simple IP-based Layer 3 underlay network limits the Layer 2 broadcast domain and eliminates the need for Spanning Tree Protocol (STP). In the overlay, a flexible overlay network based on VXLAN tunnels combined with an EVPN control plane efficiently provides Layer 3 or Layer 2 connectivity. Boost network security and segmentation By creating multiple VLANs based on VXLAN tunnels, devices and data in each VLAN are securely isolated from other VLANs in Layer 2. By configuring different routing instances based on Virtual Routing and Forwarding (VRF), routing and switching tables on each VPN instance are isolated. Increase network bandwidth and avoid Flooding The propagation of MAC-IP Network Layer Reachability Information (NLRI) is handled by BGP. The use of BGP for routing ensures updates are propagated efficiently throughout the network. MAC address flooding and learning might use excessive network bandwidth. EVPN separates the control plane and data plane and makes the control plane based Layer 2 or Layer 3 learning faster. The EVPN control plane handles the exchange and learning of routes, and thus the MAC address flooding and learning mechanisms are not used. Components AmpCon-Campus supports the 5-stage IP Clos fabric architecture. This architecture contains the following layers: Access layer The layer that connects devices like computers, printers, and wireless access points to the rest of the network. Situated at the network's edge, access switches serve as the entry point for end-user devices to communicate with each other and with the network infrastructure. Distribution layer The layer that receives traffic from access switches and forwards it to core switches. Distribution switches act as intermediaries that aggregate data from multiple access switches before routing it to core switches. Core layer The layer that receives traffic from the distribution switches. Core switches handle high-speed data transfer, connect different distribution switches, and ensure fast and reliable connections among devices in different subnets. Network Architecture The 5-stage IP Clos fabric architecture in AmpCon-Campus is as follows: Figure 2. IP Clos Fabric Architecture image.png All core switches, distribution switches, and access switches are connected in Layer 3. EBGP is used as the underlay routing protocol. It provides better prefix filtering, traffic engineering, and route tagging. BGP unnumbered and loopback addresses are used to establish neighbors, thereby saving IP address resources. AmpCon-Campus automatically provisions ASN and BGP configurations for the overlay and underlay and provides routing configurations for core switches and uplink devices (such as routers, gateways, and firewalls). At the port level, you can select the uplink port of each core switch to be connected to a WAN device. After each uplink port is chosen, AmpCon-Campus automatically assigns an uplink IP address, adds the link subnet to EBGP, and creates a default route to the WAN device. Routing neighbor relationships are established and routing information is exchanged between core switches and the WAN device. The overlay data plane uses VXLAN as the encapsulation protocol, and the overlay control plane uses EVPN. Distributed VXLAN gateways are used, and the VXLAN L2 gateway is located at the access layer. VXLAN tunnels terminate at the access layer. Designing MLAG Fabrics AmpCon-Campus supports the two-layer (collapsed core layer and access layer) MLAG fabric architecture. This architecture merges the core and distribution layers into a collapsed core layer. Merging these layers into a single layer turns the traditional three-tier hierarchical network into a two-tiered network. By using AmpCon-Campus, you can design and manage two-layer MLAG fabrics to simplify the network topology, reduce latency, and lower costs by eliminating the need for separate core and distribution devices. Prerequisites Ensure that all prerequisites described in Prerequisites are met. Adding MLAG Fabrics Log in to the AmpCon-Campus UI with a user of the SuperAdmin or Admin role. NOTEs AmpCon-Campus users with the Readonly role can’t view and configure fabrics. AmpCon-Campus users with the Operator role can only view fabrics but can’t configure fabrics. Click Topo > Campus Fabric from the navigation bar, and then click + Campus Fabric. You are now redirected to the fabric design page. The fabric design includes the following processes: Adding a Topology In the Site drop-down list, select a site that you added. If you didn’t add any site as described in Adding a Site, you can select the site default. In the Type section, select MLAG, which means the fabric you are adding is an MLAG fabric. In the Topology Name field, specify the name of the fabric topology. The name must be unique. In the Underlay Settings section, select BGP or OSPF , which will be used as the underlay protocol. image.png If BGP is selected, enter the following information: AS Base: The AS base number. Valid ranges are as follows: 64512 to 65534 (16-bit) 4200000000 to 4294967294 (32-bit) Subnet: The IP address range used to allocate IP addresses to underlay physical interfaces. The value must be in xxx.xxx.xxx.0/xx format. For example, 192.168.1.0/24. Inband Subnet: The IP address range allocated to interconnection interfaces of core and access switches. The value must be in xxx.xxx.xxx.0/xx format. Route ID Subnet: The IP address range used to allocate Router IDs for each device in the fabric. Router IDs are loopback interfaces (lo0.0) for the route protocol peering between devices. The value must be in xxx.xxx.xxx.0/xx format. NOTE Subnet, Inband Subnet, and Route ID Subnet values can’t be the same. If OSPF is selected, enter the following information: Area ID: The OSPF area ID allocated to core switches. The default value is 0.0.0.0 and cannot be changed. Subnet: The IP address range used to allocate IP addresses to underlay physical interfaces. The subnet must be in xxx.xxx.xxx.0/xx format. For example, 192.168.1.0/24. Inband Subnet: The IP address range used to allocate IP addresses to interconnection interfaces of core and access switches. The value must be in xxx.xxx.xxx.0/xx format. Route ID Subnet: The IP address range used to allocate Router IDs for each device in the fabric. Router IDs are loopback interfaces (lo0.0) for the route protocol peering between devices. The value must be in xxx.xxx.xxx.0/xx format. NOTE Subnet, Inband Subnet, and Route ID Subnet values can’t be the same. Click Next to add switches that form the campus fabric. Adding Switch Nodes In the Collapsed Core section, click + to add core switches. You must select two core switches. NOTEs Only online switches (can connect to the AmpCon-Campus server) can be added to the fabric. If a switch is added to a fabric, the switch can’t be added to other fabrics. In the Access section, click + to add access switches. You must select at least one access switch. Optional: To remove a switch, hover over the switch, and then click the remove icon. Then, click Yes to complete the removal. image.png Click Next to add network configurations. Configuring Networks In the Network section, click + Add, and then enter the following information: Name: The network name. The name needs to be unique. VLAN ID: The VLAN ID of the network. VLAN ID values in different networks can’t be the same. Subnet: Specify the subnet of the network. Subnet values in different networks can’t be the same. Click Apply to save the network configurations. You can edit or delete networks as needed. To edit a network, locate the network, and then click Edit. To delete a network, locate the network, and then click Delete. image.png In the Domain ID field, enter the MLAG domain ID, which is the unique identifier of the core switch MLAG. In the NAC section, select Enable or Disable to enable NAC server configurations or not. AmpCon-Campus supports only 802.1X authentication and MAC authentication. If you selected Enable, add an NAC server by clicking + Add and entering the following information: Name: The name of the NAC server. Server Address: The IPv4 address of the NAC server. Port: The port used to connect to the NAC server. The default value is 1812. Shared Secret: The confidential key used for secure communication between the NAC server and other network devices. Tip You can add one or multiple NAC servers, and you can edit or delete these NAC servers. To add another NAC server, click + Add again. To edit the configurations of an NAC server, locate the NAC server, and then click Edit. To delete an NAC server, locate the NAC server, and then click Delete. image.png In the DHCP Snooping section, select Enable or Disable to enable DHCP snooping or not. If you selected Enable, add the network where DHCP snooping is enabled. a. Click + Add. b. In the Network drop-down list, select a network from all networks that you added in step 1. In the VLAN ID field, the VLAN ID of the selected network is added automatically and can’t be changed. Tip You can add one or multiple networks for DHCP snooping, and you can edit or delete these networks. To add another network, click + Add again. To edit a network, locate the network, and then click Edit. To delete a network, locate the network, and then click Delete. image.png In the DHCP Relay section, select Enable or Disable to enable DHCP relay or not. If you selected Enable, add the DHCP relay server and the network where DHCP relay needs to be enabled . a. Click + Add. b. In the Network drop-down list, select a network from all networks that you added in step 1. In the VLAN ID field, the VLAN ID of the selected network is added automatically and can’t be changed. c. In the DHCP Server field, enter the IPv4 address of the DHCP server. If a PicOS switch is used as the DHCP server, you need to enter the Layer 3 IPv4 address of the DHCP server. Tip You can enable DHCP relay for one or multiple networks, and you can edit or delete these DHCP relay configurations. To enable DHCP relay for another network, click + Add again. To edit a DHCP relay configuration, locate the DHCP relay configuration, and then click Edit. To remove a DHCP relay configuration, locate the DHCP relay configuration, and then click Delete. image.png Click Next to allocate connection ports for all selected collapsed core and access switches. Allocating Ports In the Core tab, click + before a switch, and select ports connected to another core switch (peer link), access switches, and WAN devices (optional). Allocate two ports connected to the peer core switch. a. Click a port. In the pop-up window, click Link to Core. b. Click another port. In the pop-up window, click Link to Core. NOTE In MLAG fabrics, you can assign only two core switches. For each core switch, you need to allocate two ports to connect to the peer core switch. Allocate ports connected to all the access switches. a. Check the Link to Access column to see how many ports need to be allocated. For example, 0/2 means that you must allocate two ports to connect to two access switches but now you haven’t allocated any port. b. Click a port. In the pop-up window, click Link to Access. c. Repeat step b to allocate all required number of ports. If core switches need to connect to a WAN device, allocate ports connected to the WAN device by clicking a port and then clicking Link to WAN in the pop-up window. NOTEs For each core switch, you can allocate at most one port connected to a WAN device. If core switches don’t need to connect to a WAN device, do not click Link to WAN. Repeat step 1 to allocate ports for the other core switch. You can also click Apply to All xx Models to apply the port allocation choice to the other core switch of the same model. In the Access tab, click + before an access switch, and select ports connected to two core switches. a. Click a port. b. In the pop-up window, select a core switch from the Switch SN drop-down list. c. Click Link to Core. d. Repeat step a to c to allocate another port connected to the other core switch. e. Check the Link to Core column of all access switches, and ensure that the numbers are displayed in green, which means all required ports have been allocated. For example, the Link to Core column changes from 0/2 to 2/2. image.png Repeat step 3 to allocate ports for all the other access switches. You can also click Apply to All xx Models to apply the port allocation choice to all the other access switches of the same model. Click Next to confirm the fabric configurations. Confirming Configurations Click a blank space in the canvas to show all links in the topology, and then check whether the topology is correct. Click each switch, and check fabric configurations in the pop-up window. NOTE You must check the Status column of each switch and ensure that all switches are in online status, which means the switches can connect to the AmpCon-Campus server. Fabric configurations will not be pushed to offline switches. image.png Optional: To check the details of a switch, click Switch Insights in the PICOS pop-up window. You can see the “Switch” page in a new browser tab. NOTE Only when the switch is online, the Switch Insights button can be clicked. Optional: To connect to a switch from the AmpCon-Campus UI through an SSH session, click Remote Shell. In the pop-up window, enter the username and password to log in to the switch. NOTE Only when the switch is online (can connect to the AmpCon-Campus server), the Remote Shell button can be clicked. Click Apply to push the fabric configurations to the selected core and access switches. You are redirected to the “Topo” page. The configuration pushing process takes about 10 minutes (depending on the number of switches in the fabric) to complete. Verifying the Deployment To check whether the fabric configurations are pushed to switches successfully, follow these steps: On the “Topo” page, locate the fabric, and then click View. Click the Deployment Status button to go to the status page. image.png Check the Deployment Status column to see whether the status is SUCCEED. image.png If the deployment status of any switch is FAILED, click Log to check more details for troubleshooting. Example You might see the error message “Error: Configuration failed on host xxx: commit;BGP instance is already running; AS is 111;Commit failed” in the log. This error message means that the BGP local AS has been configured on the switch. You need to log in to the switch and delete these configurations first. Then, redeploy the fabric as described in Redeploying MLAG Fabrics. If the deployment status of any switch is PENDING, the fabric is waiting to be deployed. If the deployment status of any switch is RUNNING, the fabric is being deployed. If the deployment status of all switches is SUCCEED, the fabric deployment is finished. Redeploying MLAG Fabrics If fabric configurations are not pushed to switches due to some reasons, resolve the issues based on switch logs, and then redeploy the fabric by following these steps: On the “Topo” page, locate the fabric, and then click View. Click Edit Config to edit the fabric. Click Next until going to the Confirm section. Check whether all switches in the fabric are in online status, and then click Apply. Designing IP Clos Fabrics IP Clos is a network design architecture commonly used in large-scale campus networking. The IP Clos fabric architecture provides a scalable and flexible solution for interconnecting multiple switches in a hierarchical manner, allowing efficient utilization of network resources and simplified routing. By using AmpCon-Campus, you can design and manage 5-stage IP Clos fabrics to meet the increasing network challenges. NOTE Currently, this feature is for experimental purposes only. Prerequisites Ensure that all prerequisites described in Prerequisites are met. Adding IP Clos Fabrics Log in to the AmpCon-Campus UI with a user of the SuperAdmin or Admin role. NOTEs AmpCon-Campus users with the Readonly role can’t view and configure fabrics. AmpCon-Campus users with the Operator role can only view fabrics but can’t configure fabrics. Click Topo > Campus Fabric from the navigation bar, and then click + Campus Fabric. You are now redirected to the fabric design page. The fabric design includes the following processes: Adding a Topology In the Site drop-down list, select a site that you added. If you didn’t add any site as described in Adding a Site, you can select the site default. In the Type section, select IP Clos, which means the fabric you are adding is an IP Clos fabric. In the Topology Name field, specify the name of the fabric topology. The name must be unique. In the Underlay Settings section, enter the following information: image.png BGP Local AS: The AS base number. Valid ranges are as follows: 64512 to 65534 (16-bit) 4200000000 to 4294967294 (32-bit) Subnet: The IP address range used to allocate IP addresses to underlay physical interfaces. The subnet must be in xxx.xxx.xxx.0/xx format. For example, 192.168.1.0/24. Route ID Subnet: The IP address range used to allocate Router IDs for each device in the fabric. Router IDs are loopback interfaces (lo0.0) for the route protocol peering between devices. The subnet must be in xxx.xxx.xxx.0/xx format. NOTE Subnet and Route ID Subnet values can’t be the same. Click Next to add switches that form the campus fabric. Adding Switch Nodes In the Core section, click + to add one or multiple core switches. You must select at least one core switch. NOTEs Only online switches (can connect to the AmpCon-Campus server) can be added to the fabric. If a switch is added to a fabric, the switch can’t be added to other fabrics. In the Pods section, click + Add to add pods. A pod is composed of distribution switches and access switches. You can add one or multiple pods. In each pod, click + to add distribution switches and access switches. NOTEs Add at least one distribution switch in each pod. If you add only one pod, add at least two access switches in the pod. If you add two or more pods, add at least one access switch in each pod. To remove a pod, click the remove icon in the canvas. image.png To remove a switch, hover over the switch, and then click the remove icon. Then, click Yes to complete the removal. image.png Click Next to add network configurations. Configuring Networks In the Network section, click + Add, and then enter the following information: Name: Specify the network name. The name needs to be unique. VLAN ID: Specify the VLAN ID of the network. The VLAN ID needs to be unique with valid ranges from 2 to 3837. Subnet: Specify the subnet of the network. The subnet needs to be unique. NOTE Subnet values in different networks can’t be the same. Click Apply to save the network configurations. You can edit or delete the added networks as needed. To edit the network, locate the network, and then click Edit. To delete the network, locate the network, and then click Delete. image.png In the Other IP Configuration section, you don’t need to do anything. AmpCon-Campus automatically assigns an Anycast IP address to each switch in the fabric. The Anycast IP address is a virtual IP used for distributed VXLAN. image.png In the VRF section, add a VRF instance as follows: a. Click + Add. image.png NOTE You must add at least one but no more than 128 VRF instances. b. In the Name field, enter the name of the VRF instance. NOTE The VRF name can’t be test because this name has been reserved for other purposes. c. In the Networks section, select one or multiple networks from all networks that you added in step 1. image.png Tip You can add one or multiple VRF instances, and you can edit or delete these VRF instances. To add another VRF instance, click + Add again. To edit a VRF instance, locate the VRF instance, and then click Edit. To delete a VRF instance, locate the VRF instance, and then click Delete. In the NAC section, select Enable or Disable to enable NAC server configurations or not. AmpCon-Campus supports only 802.1X authentication and MAC authentication. If you selected Enable, add an NAC server by clicking + Add and entering the following information: Name: The name of the NAC server. Server Address: The IPv4 address of the NAC server. Port: The port used to connect to the NAC server. The default value is 1812. Shared Secret: The confidential key used for secure communication between the NAC server and other network devices. Tip You can add one or multiple NAC servers, and you can edit or delete these NAC servers. To add another NAC server, click + Add again. To edit the configurations of an NAC server, locate the NAC server, and then click Edit. To delete an NAC server, locate the NAC server, and then click Delete. image.png In the DHCP Relay section, select Enable or Disable to enable DHCP relay or not. If you selected Enable, add the DHCP relay server and the network where DHCP relay needs to be enabled . a. Click + Add. b. In the Network drop-down list, select a network from all networks that you added in step 1. In the VLAN ID field, the VLAN ID of the selected network is added automatically and can’t be changed. c. In the DHCP Server field, enter the IPv4 address of the DHCP relay server. Tip You can enable DHCP relay for one or multiple networks, and you can edit or delete these DHCP relay configurations. To enable DHCP relay for another network, click + Add again. To edit a DHCP relay configuration, locate the DHCP relay configuration, and then click Edit. To remove a DHCP relay configuration, locate the DHCP relay configuration, and then click Delete. image.png Click Next to allocate connection ports for all switches in the fabric. Allocating Ports In the Core tab, click + before a core switch, and select ports connected to a WAN device (optional) or distribution switches. You need to select ports connected to distribution switches. a. Check the Link to Distribution column to see how many ports need to be allocated. b. Click a port. In the pop-up window, click Link to Distribution. c. Repeat step b to allocate ports connected to all the other distribution switches. If core switches need to connect to a WAN device, allocate ports connected to a WAN device by clicking a port and then clicking Link to WAN in the pop-up window. NOTEs For each core switch, you can allocate at most one port connected to a WAN device. If core switches don’t need to connect to a WAN device, do not click Link to WAN. Repeat step 1 to allocate ports for the other core switches. You can also click Apply to All xx Models to apply the port allocation choice to the other core switches of the same model. In the Distribution section of the Pod tab, click + before a distribution switch, and select ports connected to core and access switches. a. Check the Link to Core column to see how many ports need to be allocated. b. Click a port. In the pop-up window, click Link to Core. c. Repeat step b to allocate ports connected to all the other core switches. d. Check the Link to Access column to see how many ports need to be allocated. f. Click a port. In the pop-up window, click Link to Access. g. Repeat step f to allocate ports connected to all the other access switches. image.png Repeat step 3 to allocate ports for the other distribution switches. You can also click Apply to All xx Models to apply the port allocation choice to the other distribution switches of the same model. In the Access section of the Pod tab, click + before an access switch, and select ports connected to distribution switches. a. Check the Link to Distribution column to see how many ports need to be allocated. b. Click a port. In the pop-up window, select a distribution switch from the Distribution Switch SN list. c. Click Link to Distribution. d. Repeat step b to c to allocate ports connected to all the other distribution switches. image.png Repeat step 5 to allocate ports for the other access switches. You can also click Apply to All xx Models to apply the port allocation choice to the other access switches of the same model. Click Next to confirm the fabric configurations. Confirming Configurations Click a blank space in the canvas to show all links in the topology, and then check whether the topology is correct. image.png Click each switch, and check fabric configurations in the pop-up window. NOTE You must check the Status column of each switch and ensure that all switches are in online status, which means the switches can connect to the AmpCon-Campus server. Fabric configurations will not be pushed to offline switches. Optional: To check the details of a switch, click Switch Insights in the PICOS pop-up window. You can see the “Switch” page in a new browser tab. NOTE Only when the switch is online, the Switch Insights button can be clicked. Optional: To connect to a switch from the AmpCon-Campus UI through an SSH session, click Remote Shell. In the pop-up window, enter the username and password to log in to the switch. NOTE Only when the switch is online (can connect to the AmpCon-Campus server), the Remote Shell button can be clicked. Click Apply to push the fabric configurations to the selected switches. You are redirected to the “Topo” page. Verifying the Deployment To check whether the fabric configurations are pushed to switches successfully, follow these steps: On the “Topo” page, locate the fabric, and then click View. Click the Deployment Status button to go to the status page. Check the Deployment Status column to see whether the status is SUCCEED. If the deployment status of any switch is FAILED, click Log to check more details for troubleshooting. Example You might see the error message “Error: Configuration failed on host xxx: commit;BGP instance is already running; AS is 111;Commit failed” in the log. This error message means that the BGP local AS has been configured on the switch. You need to log in to the switch and delete these configurations first. Then, redeploy the fabric as described in Redeploying IP Clos Fabrics. If the deployment status of any switch is PENDING, the fabric is waiting to be deployed. If the deployment status of any switch is RUNNING, the fabric is being deployed. If the deployment status of all switches is SUCCEED, the fabric deployment is finished. Redeploying IP Clos Fabrics If fabric configurations are not pushed to switches due to some reasons, resolve the issues based on switch logs, and then redeploy the fabric by following these steps: On the “Topo” page, locate the fabric, and then click View. Click Edit Config to edit the fabric. Click Next until going to the Confirm section. Check whether all switches in the fabric are in online status, and then click Apply. Managing Campus Fabrics You can manage the added fabrics in the AmpCon-Campus UI, such as redesigning a fabric, viewing fabric topology and configurations, and deleting a fabric. Viewing All Fabrics In the AmpCon-Campus UI, click Topo > Campus Fabric from the navigation bar. On the “Topo” page, you can see all the added fabrics. image.png Table 1. Fabric Metrics Metric Description Name The name of the fabric Site The number of switches added to the fabric Topology Type The number of AZ added to the fabric Date Created The last time when you modified the fabric To check the fabric configurations and topology, locate the fabric, click View. Click a blank space in the canvas, and then the whole topology is displayed. To check the details of a switch, hover over the switch in the canvas. image.png Redesigning Fabrics To redesign a fabric, follow these steps: On the “Topo” page, locate the fabric, and then click View. Click Edit Config to edit the fabric. Redesign the fabric as described in the following topics: Designing MLAG Fabrics Designing IP Clos Fabrics NOTE Before you click Apply to redeploy the fabric, you must check the Status column of each switch and ensure that all switches are in online status, which means the switches can connect to the AmpCon-Campus server. Fabric configurations will not be pushed to offline switches. Deleting a Fabric To delete a fabric, use either of the following ways: Deleting through the “Topo” page 1. On the “Topo” page, locate the fabric, and then click Delete. 2. Click Yes to confirm the deletion. Deleting through the fabric view page 1. On the “Topo” page, locate the fabric, and click View. 2. On the fabric view page, click Delete. 3. Click Yes to confirm the deletion. Deploying or Importing Switches To manage switches with AmpCon-Campus, you need to deploy switches or import switches. Importing Switches For switches that are deployed but not deployed with AmpCon-Campus, you can import these switches so that they can be managed by AmpCon-Campus. For more information, see Importing Switches. Deploying Switches For switches that are not deployed, you can deploy these switches with AmpCon-Campus. Then, these switches can be managed by AmpCon-Campus. Deploying a white-box switch (switch on which PicOS is not installed) includes registering with the AmpCon-Campus server, obtaining a PicOS image from the AmpCon-Campus server, installing PicOS, configuring the switch based on system configurations and switch configurations, and installing a valid license on the switch. Deploying an integrated hardware and software switch (switch that has PicOS installed) includes registering with the AmpCon-Campus server, configuring the switch based on system configurations and switch configurations, and installing a valid license on the switch. Deploying White-Box Switches To deploy white-box switches, follow these steps: Ensure that the system configuration for each switch contains the default username and password of the switch. For more information, see Adding System Configurations. Click Service > Switch Model in the AmpCon-Campus UI, and check whether the PicOS image that you want to install for each switch model is listed in the Deployed ONIE Image drop-down list. If the images are not listed there, upload these PicOS images and their MD5 files to AmpCon-Campus. For more information, see Uploading Images. If the images are listed there, you don’t need to upload PicOS images and their MD5 files. Configure each switch model that you want to manage with AmpCon-Campus. For more information, see Configuring Switch Models. If not, the default port number ranges and built-in PicOS images are used to deploy switches with these switch models. Prepare the global configurations that you want to push to each switch. For more information, see Configuring Global Configurations. Prepare the configuration templates that you want to use. For more information, see Configuring Configuration Templates. Add a switch configuration for each switch. For more information, see Adding Switch Configurations. After you add a switch configuration, the switch is listed on the “Switch” page with the Configured status. NOTEs If you provision a switch without adding a switch configuration beforehand, the switch will be in Parking status. The switch in Parking status is not listed on the “Switch” page and can’t be staged. In the AmpCon-Campus UI, click Service > Switch. On the “Switch” page, click Parking Lot, and then you can see all switches in Parking status. Locate a parking switch, and then click Create Config to add a switch configuration. After you add the switch configuration, the switch will be listed on the “Switch” page with the Configured status. Stage each switch to make them ready for Zero Touch Provisioning (ZTP). For more information, see Staging Switches. After you stage a switch, the switch is shown as Staged on the “Switch” page. Provision new switches with ZTP to complete the PicOS installation and configuration without manual intervention. For more information, see Provisioning New Switches with ZTP. After you provision a switch, the switch is shown as Provisioning Success on the “Switch” page. On the “Switch View” page, it’s shown as Deployed. Deploying Integrated Hardware and Software Switches To deploy integrated hardware and software switches, follow these steps: Ensure that the system configuration for each switch contains the default username and password of the switch to be deployed. For more information, see Adding System Configurations. Prepare the global configurations that you want to push to each switch. For more information, see Configuring Global Configurations. Prepare the configuration templates that you want to use. For more information, see Configuring Configuration Templates. Add a switch configuration for each switch. For more information, see Adding Switch Configurations. After you add a switch configuration, the switch is listed on the “Switch” page with the Configured status. NOTEs If you provision a switch without adding a switch configuration beforehand, the switch will be in Parking status. The switch in Parking status is not listed on the “Switch” page and can’t be staged. In the AmpCon-Campus UI, click Service > Switch. On the “Switch” page, click Parking Lot, and then you can see all switches in Parking status. Locate a parking switch, and then click Create Config to add a switch configuration. After you add the switch configuration, the switch will be listed on the “Switch” page with the Configured status. Stage each switch to make them ready for Zero Touch Provisioning (ZTP) deployment. For more information, see Staging Switches. After you stage a switch, the switch is shown as Staged on the “Switch” page. Provision new switches with ZTP to complete the PicOS installation and configuration without manual intervention. For more information, see Provisioning New Switches with ZTP. After you provision a switch, the switch is shown as Provisioning Success on the “Switch” page. On the “Switch View” page, it’s shown as Deployed. Uploading and Pushing Images AmpCon-Campus provides multiple built-in PicOS images, which you can use to deploy switches. To deploy a switch with a PicOS image that is not built in AmpCon-Campus, upload the image and its MD5 file first before you deploy the switch. Prerequisite Click Service > Switch Model in the AmpCon-Campus UI, and check whether the PicOS image to deploy is listed in the Deployed ONIE Image drop-down list. If the image is not listed there, upload the PicOS image and its MD5 file to AmpCon-Campus as described in the Uploading Images section. If the image is listed there, you don’t need to upload the PicOS image and its MD5 file. Uploading Images To upload a PicOS image, follow these steps: In the AmpCon-Campus UI, click Resource > Upgrade Management. Click Upload. In the pop-up window, upload an image by using one of the following ways: Click File, and select a local image file (required) and its MD5 file (optional). image.png Click Link, and enter the image URL (required) and the MD5 file URL (optional). image.png Click Latest, and check the image files that you want to upload. image.png Click Upload. Optional: Uploading MD5 Files An MD5 file is used to verify the completeness of the corresponding PicOS image. If the MD5 file is not uploaded when you upload the PicOS image, AmpCon-Campus will not verify the completeness of the PicOS image when it installs the PicOS image. To upload an MD5 file for a PicOS image, follow these steps: In the AmpCon-Campus UI, click Resource > Upgrade Management. In the Software list, locate the PicOS image, and then click Upload Md5. Upload the MD5 file by using either of the following ways: Click File, and select the MD5 file. Click Link, and enter the URL of the MD5 file. Click Upload. Optional: Removing Images In the AmpCon-Campus UI, click Resource > Upgrade Management. In the Software list, locate an image, and then click Delete. Click Yes to confirm the deletion. Optional: Pushing Images You can push PicOS images to one or multiple switches. The pushed images are located in the /home/automation directory. To push a PicOS image to a single switch, follow these steps: In the AmpCon-Campus UI, click Resource > Upgrade Management. In the Software list, select the PicOS image that you want to push. In the Switch list, locate the switch, and then click Push Image. image.png To push a PicOS image to multiple switches, follow these steps: In the AmpCon-Campus UI, click Resource > Upgrade Management. In the Software list, select the PicOS image that you want to push. In the Switch list, select the corresponding switches, and then click Push Image. image.png Configuring Switch Models Before you deploy switches, configure each switch model that you want to manage with AmpCon-Campus. If not, the default port number ranges and built-in PicOS images are used to deploy switches with these switch models. Configuring a Switch Model To configure a switch model, follow these steps: In the AmpCon-Campus UI, click Service > Switch Model. To ensure the Switch Model drop-down list is the latest, click Update Switch Model, and then click Yes. image.png In the Switch Model drop-down list, select the switch model that you want to configure. Configure the port number range for each speed. In the Deployed ONIE Image drop-down list, select the PicOS image that you want to install for this switch model. If the PicOS image to install is not listed here, upload the PicOS image and its MD5 file to AmpCon-Campus first. For more information, see Uploading Images. image.png Click Save. Optional: Resetting a Switch Model To reset a switch model, follow these steps: In the AmpCon-Campus UI, click Service > Switch Model. Click Reset. Click Save. After you reset a switch model, the port number range for each speed is set to zero, and the PicOS image in the Deployed ONIE Image drop-down list is reset to the built-in image. Configuring Global Configurations Global configurations are configurations that you push to switches during the switch deployment process. When you add a switch configuration, you need to select a global configuration file. Prepare the global configuration before you add a switch configuration. Adding a Global Configuration To add a global configuration, follow these steps: In the AmpCon-Campus UI, click Service > Global Configuration. Input the following information: Switch Model: The model of the switch. Global Config Name: The name of the global configuration. Generic Global File: Select a .txt file with general configurations to push to the switch. Security Global File: Select a .txt file with security-related configurations to push to the switch. image.png Click Generate. In the Admin Global Config Preview section, confirm or edit the configurations that are retrieved from the Generic Global File and the Security Global File. image.png Click Save. Viewing a Global Configuration In the Historical Configuration section, you can see all global configurations, which are grouped by switch models. To search for a global configuration, enter the global configuration name in the search box (supports fuzzy matching). Editing a Global Configuration To edit a global configuration, follow these steps: In the Historical Configuration section, locate the global configuration, and then click it. In the Admin Global Config Preview section, click Edit. Edit the configurations as needed. image.png Click Save. Configuring Configuration Templates AmpCon-Campus provides powerful configuration templates to help you simplify the configuration writing process: When you add a switch configuration during the switch deployment process, you must select a configuration template. When you push configurations to a switch after the switch is deployed or imported, you can use one or multiple configuration templates. Prepare configuration templates before you add a switch configuration or push configurations to a switch. Adding a Configuration Template To add a configuration template, follow these steps: In the AmpCon-Campus UI, click Service > Config Template. In the New Template tab, input the following information: Name: The name of the configuration template. Descr: The description of the configuration template. Model: Select the switch model that is applicable to the configuration template. Version: Select the PicOS version that is applicable to the configuration template. Action: Select Config or Delete. Optional: Click Update CLI Tree to refresh the CLI tree. image.png In the CLI Tree section, add one or multiple template configurations by clicking the plus icon. The selected template configurations appear on the right. image.png Click Save. Viewing or Editing a Configuration Template To view or edit a configuration template, follow these steps: In the AmpCon-Campus UI, click Service > Config Template. In the Template List tab, locate a switch, and then click View Template. To view a configuration template, select the format for viewing the template in the pop-up window. Then, you can see the template configurations. image.png To edit a configuration template, click Edit in the pop-up window, and then click Save. Optional: Removing a Configuration Template To remove a configuration template, follow these steps: In the AmpCon-Campus UI, click Service > Config Template. In the Template List tab, locate a switch, and then click Remove Template. Click Yes to confirm the deletion. Optional: Viewing or Updating Pre-Built Templates To view or update pre-built configuration templates, follow these steps: In the AmpCon-Campus UI, click Service > Config Template, and then click the Template List tab. To view the pre-built templates, click Show Pre-built Template. To refresh the pre-built template list, click Update Pre-built Template. Optional: Copying a Configuration Template To copy a configuration template, follow these steps: In the AmpCon-Campus UI, click Service > Config Template. In the Template List tab, locate a switch, and then click Copy. Enter the name for the copied template and a description (optional). Click Save. Optional: Exporting a Configuration Template To export a configuration template, follow these steps: In the AmpCon-Campus UI, click Service > Config Template. In the Template List tab, locate a switch, and then click Export. Optional: Exporting All Configuration Template To export all configuration templates, follow these steps: In the AmpCon-Campus UI, click Service > Config Template. In the Template List tab, click Export All Template. Optional: Adding a Label to a Configuration Template To add a label to a configuration template, follow these steps: In the AmpCon-Campus UI, click Service > Config Template. In the Template List tab, locate a switch, and then click Tag Management. In the pop-up window, enter the name of the tag. Click Add. Click Save. Optional: Uploading a Local Configuration Template To upload a local configuration template, follow these steps: In the AmpCon-Campus UI, click Service > Config Template. In the Template List tab, click Upload Template. In the pop-up window, enter the name of the configuration template and the template description (optional). Click or drag a .txt template file to upload it. Click Upload. image.png Adding Switch Configurations Before you provision a switch as described in Provisioning New Switches with ZTP, add a switch configuration. You can also add multiple switch configurations by using a JSON file. Before You Begin If you provision a switch without adding a switch configuration beforehand, the switch will be in Parking status. The switch in Parking status is not listed on the “Switch” page and can’t be staged. In the AmpCon-Campus UI, click Service > Switch. On the “Switch” page, click Parking Lot, and then you can see all switches in Parking status. Locate a parking switch, and then click Create Config to add a switch configuration. After you add the switch configuration, the switch will be listed on the “Switch” page with the Configured status. Ensure that the global configuration file and configuration template for the switch have been created. For more information, see Adding Global Configurations and Adding Configuration Templates. Adding a Switch Configuration In the AmpCon-Campus UI, click Service > Switch Configuration. Input the following information: Switch SN/Service Tag: The SN or service tag of the switch. Switch Model: Select the switch model of the switch. Deployment Location: The location where the switch exists, such as Beijing. Site: Select the site that the switch belongs to. The default site is selected by default. Select Global Config: Select the global configuration file with configurations to push to the switch. Select Site Template: Select the configuration template to use. Option Post-Deployed: Select whether to back up the switch configuration. image.png Click Next. You can see an input section, which is related to the selected configuration template. Enter the relevant information. image.png Click Save. In the Preview Config pop-up window, preview or edit the global configurations. image.png Click Save. The switch configuration is added now. On the “Switch List” page, you can see the switch status is shown as Configured. Click System Config to select the system configuration that is applicable to the switch. NOTE The selected system configuration needs to contain the default username and password of the switch. image.png Optional: Click Agent to edit the Pushing Agent Configuration information. Adding Multiple Switch Configurations with a JSON file You can add multiple switch configurations by uploading a JSON file. In this way, you don’t need to add each switch configuration one by one. Follow these steps: Prepare a JSON file with switch configurations. See the following example: { "sn": [ "EC1631000063","EC1806001292","732656X2007017"], "hardware_model": "ag5648", "location": "Beijing", "global_config_name": "2024-8-2-glob-ag5648-test1", "site_template_name": ["test1"], "agent_config": { "enable": true, "vpn_enable": true, "server_domain": "http://pica8.com ", "inband_native_vlan": "4094", "server_vpn_host": "vpn.pica8.com", "inband_vlan": "4094", "server_hostname_prefix": "ac", "inband_lacp": true, "uplink_ports": "te-1/1/49,te-1/1/50", "uplink_speed": "1000" }, "vpn": true, "retrieve_config": true, "default_config_param": { "test1": { "vlan_id": "12", "vlan_name": "23" } }, "unique_config_param": { } } In the AmpCon-Campus UI, click Service > Switch Configuration. Click Upload by JSON. Click or drag a file to upload the JSON file. Click Upload. Viewing or Editing Switch Configurations In the Historical Switch Config Edit section, you can see all the added switch configurations, which are grouped by switch models. To edit a switch configuration, follow these steps: Locate the global configuration, and then click it. image.png In the pop-up window, click Edit. Edit the configurations as needed. Click Save. Optional: Checking the Switch Status After you add a switch configuration, check whether the switch status is shown as Configured. If not, locate the switch, and click Log to see more details. image.png Staging Switches After you add a switch configuration, you must stage the switch to make it ready for Zero Touch Provisioning (ZTP). Procedure In the AmpCon-Campus UI, click Service > Switch. In the Switch list, locate the switch, and then click Stage. image.png Check whether the switch status is shown as Staged. image.png After you stage the switch, you can continue to provision new switches with ZTP. Provisioning New Switches with ZTP Zero Touch Provisioning (ZTP) is a technology for automated deployment and configuration of network devices. AmpCon-Campus supports using ZTP to provision new switches. ZTP relies on the DHCP service, and thus you need to configure DHCP first. After you plug in and reboot the switch, DHCP automatically provides the switch with an IP address and the address of a provision script that is obtained from AmpCon-Campus server. Then, the switch automatically runs the shell script to complete the ZTP deployment: The white-box switch runs the shell script to download a PicOS image, install PicOS and its license, register with the AmpCon-Campus server, update switch configurations, and reboot the switch. The integrated hardware and software switch runs the shell script to register with the AmpCon-Campus server, install a PicOS license on the switch, update switch configurations, and reboot the switch. Prerequisites Ensure that the following prerequisites are met: The Hardware IDs of the switches to provision have been added to the AmpCon-Campus license, and you have imported the license to AmpCon-Campus. For more information, see Importing AmpCon-Campus Licenses. For white-box switches, step 1 to 7 in Deploying White-Box Switches are completed. For integrated hardware and software switches, step 1 to 5 in Deploying Integrated Hardware and Software Switches are completed. You have installed a DHCP server and added configurations as follows to the DHCP configuration file (/etc/dhcp/dhcpd.conf): For white-box switches, refer to the following configuration example: image.png The assigned IP address of the switch is “10.10.51.198“. The IP address of the AmpCon-Campus server is “10.56.20.184”. NOTE The following DHCP option is used： Option default-url: 114 For integrated hardware and software switches, refer to the following configuration example: image.png The assigned IP address of the switch is “10.10.51.4“. The IP address of the AmpCon-Campus server is “10.56.20.180”. NOTE The following DHCP options are used： Option bootfile-name: 67 Option tftp-server-name: 66 Provisioning a White-Box Switch Download and install MobaXterm. Open MobaXterm, and then create a session to connect with the switch. Reboot the switch by running the following command: sudo reboot -f If you see the “Hit any key to stop autoboot” message, press the Enter key to exit the autoboot mode. If you don’t see this message, go to step 5 directly. Reboot the switch. For switches with the ONIE menu, select ONIE, and then select ONIE: Install OS. image.png image.png For AS4610 switches, reboot from ONIE by running the following command: run onie bootcmd Then, the switch will be restarted and automatically register with the AmpCon-Campus server. Wait for the registration process to be completed. image.png In the AmpCon-Campus UI, click Service > Switch. Check whether the switch status is shown as Provisioning Success. image.png Provisioning an Integrated Hardware and Software Switch Download and install MobaXterm. Open MobaXterm, and then create a session to connect with the switch. Reboot the switch by running the following command. sudo reboot image.png Then, the switch will be restarted and automatically register with the AmpCon-Campus server. Wait for the registration process to be completed. image.png In the AmpCon-Campus UI, click Service > Switch. Check whether the switch status is shown as Provisioning Success. image.png Importing switches For switches that are deployed but not deployed with AmpCon-Campus, you can import these switches so that they can be managed by AmpCon-Campus. Prerequisites The switches to be imported haven’t been managed by AmpCon-Campus. The Hardware IDs of the switches to be imported have been added to the AmpCon-Campus license, and you have imported the license to AmpCon-Campus. For more information, see Importing AmpCon-Campus Licenses. Automatically Importing a Switch Importing a Switch with a Global User Log in to the AmpCon-Campus UI with a global user, and then click Service > Switch. Click Import Actions, and then select Import. In the IP field, enter the IP address of the switch. In the System Config drop-down list, select the appropriate system configuration. NOTE The selected system configuration needs to contain the default username and password of the switch. image.png In the Site drop-down list, select a site. To add a site, see Managing Sites. Click OK. In the AmpCon-Campus UI, click Service > Switch. Check whether the switch status is shown as Imported. Importing a Switch with a Group User Log in to the AmpCon-Campus UI with a group user, and then click Service > Switch. Click Import Actions, and then select Import. In the IP field, enter the IP address of the switch. In the System Config drop-down list, select the appropriate system configuration. NOTE The selected system configuration needs to contain the default username and password of the switch. In the Site drop-down list, select a site. To add a site, see Managing Sites. In the Group drop-down list, select a group. To add a group, see Managing Groups. image.png Click OK. In the AmpCon-Campus UI, click Service > Switch. Check whether the switch status is shown as Imported. Manually Importing a Switch Generate the tunnel keys based on the input serial number. These keys are used to ensure that the VPN tunnel between the switch and the AmpCon-Campus server is encrypted. Log in to the AmpCon-Campus UI, and then click Service > Switch from the navigation bar. Click Import Actions, and then select Adopt. In the SN field, enter the serial number of the switch. image.png Click OK. Download the VPN script and run it on the switch. The script will retrieve the tunnel keys and establish a VPN tunnel between the switch and the AmpCon-Campus server. Log in to the AmpCon-Campus UI, and then click Service > Switch from the navigation bar. Click Import Actions, and then select Download VPN Script image.png SSH log in to the switch, enter the Linux shell mode, and run the script using the command: In the AmpCon-Campus UI, click Service > Switch from the navigation bar. Check whether the switch status is shown as Imported. Configuring Switches After you deploy or import a switch with AmpCon-Campus, you can push configurations to the switch, manage configurations, back up and restore configurations for disaster recovery, or compare configurations for troubleshooting or auditing. Pushing Configurations to Switches After switches are successfully deployed or imported with AmpCon-Campus, you can push configurations to these switches as needed. Prerequisite Ensure that you have created the configuration templates to push to each switch. For more information, see Configuring Configuration Templates. Procedure To push configurations to one or multiple switches, follow these steps: In the AmpCon-Campus UI, click Service > Config Template. In the Push Config tab, select a folder, and then click Add Node. A node represents a configuration file. Enter the node name and its description (optional). Click OK to save the node. Click the node that you just created, and click Edit. image.png Add configurations to push to switches by using either of the following ways: Enter the configurations manually. Using the configuration templates that you created before: a. Click Generate Config. b. Select a configuration template file from the drop-down list. c. Click Next, and enter the value for each variable. d. Click Save. image.png Click Push Config, and then select the switches to apply these configurations. You can select specific switches in the Config Switch tab or select a group in the Config Group tab. For how to add a group or manage switches in a group, see Managing Groups. image.png Click OK to start the configuration pushing. Optional: Verifying the Pushing Status and Log To verify whether the configuration is pushed to each switch successfully, follow these steps: In the AmpCon-Campus UI, click Service > Config Template. In the Push Config tab, click Push Config Logs. Click Task List, check whether the pushing status is success. If the pushing status is not success, click Push Log to check more pushing details for troubleshooting. Viewing, Editing, or Deleting Configurations On the “Config Files Views” page, you can manage all global configurations and site configurations. In the Push Config tab of the “Config Template” page, you can manage all general configurations. Global configurations Configurations that you created as described in Adding a Global Configuration Site configurations Configurations that you created as described in Adding Switch Configurations General configurations Configurations that you pushed to switches as described in Pushing Configurations to Switches Managing Global Configurations and Site Configurations Viewing or Editing Global and Site Configuration Files In the AmpCon-Campus UI, click Service > Config Files View. On the “Config Files Views” page, locate the configuration file, and then click View. You can see a pop-up window with detailed configurations. To close the pop-up window, click the close icon. To edit the configurations, click Edit, modify configurations, and then click Save. image.png Checking Switches Associated with a Configuration File In the AmpCon-Campus UI, click Service > Config Files View. Locate the configuration file, and then click Associated. You can see the switches that are associated with the configuration file. image.png To close the pop-up window, click the close icon. Deleting a Configuration File NOTE If a configuration file is still associated with one or multiple switches, the configuration file can’t be deleted. In the AmpCon-Campus UI, click Service > Config Files View. Locate the configuration file, and then click Delete. Click Yes to confirm the deletion. Managing General Configurations Viewing or Editing a General Configuration File In the AmpCon-Campus UI, click Service > Config Template. In the Push Config tab of the “Config Template” page, click the node that you want to view. Each node represents a general configuration file. image.png To edit a configuration file, click Edit, modify configurations, and then click Save. image.png Deleting a General Configuration File In the AmpCon-Campus UI, click Service > Config Template. In the Push Config tab, click the node that you want to delete. Click Delete Node. Click Yes to confirm the deletion. Comparing Running or Backup Configurations You can compare running configurations or backup configurations on one switch or on different switches. Running configurations Configurations that are currently running on a switch Backup configurations Configuration files that were backed up as described in Backing up Switch Configurations Procedure In the AmpCon-Campus UI, click Service > Config Template. In the first SN field, click Select to choose one switch to compare. In the pop-up window, select the switch. In the first Select Config drop-down list, select a running configuration file or a backup configuration file. NOTE The running configuration is available only for online switches (switches can connect with the AmpCon-Campus server). image.png In the second SN field, click Select to choose another switch to compare. In the pop-up window, select the switch. In the second Select Config drop-down list, select a running configuration file or a backup configuration file. Then, you can see configuration differences as follows: image.png Comparing Running Configurations with Initial Configurations You can compare running configurations with initial configurations on the same switch. Initial configurations Configurations that you selected when you add a switch configuration, including the global configuration file and the configuration template Running configurations Configurations that are currently running on the switch This feature doesn’t support the following scenarios: Comparing configurations on different switches Comparing configurations on imported switches Comparing configurations on disconnected switches (switches can’t connect with the AmpCon-Campus server) Prerequisites Check the Mgmt IP column on the “Switch” page, and ensure that the switch to compare is connected to the AmpCon-Campus server. √: The switch is connected to the AmpCon-Campus server. x: The switch is not connected to the AmpCon-Campus server. image.png Ensure that the switch to compare is not in Imported status on the “Switch” page. NOTE After you Return Merchandise Authorization (RMA) to replace an imported switch with a new switch, the new switch is shown as Provisioning Success. However, you can’t compare running configurations with initial configurations on this new switch. This is because the new switch is configured by using the backup configuration file or uploaded configurations of the imported switch during the deployment process, instead of by creating a switch configuration. Procedure In the AmpCon-Campus UI, click Service > Config Template. In the SN field, click Select. image.png In the pop-up window, select the switch to compare. image.png In the Template field, click Select. In the pop-up window, select the global configuration file and the configuration template that you pushed to the switch during the initial switch deployment process. Then, click Generate. image.png In the SN drop-down list, select Running Config(set format) or Running Config(all set format). Running Config(set format): Displays configurations as the show | display set command result in the switch Running Config(all set format): Displays configurations as the show all | display set command result in the switch Then, you can see differences between the running configurations and the initial configurations on the switch. image.png Backing up and Restoring Configurations You can manually back up switch configurations or automatically back up configurations at a specific interval. In addition, you can restore configurations based on a backup configuration file for disaster recovery. Backing up Switch Configurations Backing up Configurations for a Single Device To back up configurations for a single switch, follow these steps: In the AmpCon-Campus UI, click Service > Config Template. In the Config Backup tab, locate a switch, and then click Backup Config. image.png Optional: Check whether the backup file is created successfully. Locate a switch, and then click Snapshot List. Check whether the backup file is in the snapshot list. To see the configuration details, click Snapshot. Backing up Configurations for a Group of Switches To back up configurations for a group of switches, follow these steps: In the AmpCon-Campus UI, click Service > Config Template. In the Config Backup tab, select the group, and then click Backup Config. image.png Optional: Check whether the backup file for each switch is created successfully. Locate a switch, and then click Snapshot List. Check whether the backup file is in the snapshot list. To see the configuration details, click Snapshot. Backing up Configurations Automatically To back up configurations periodically and automatically, follow these steps: In the AmpCon-Campus UI, click Service > Config Template. In the Config Backup tab, set the backup interval and time: Interval Days: The interval in days between each backup Hours: The time in hour to do the backup Click Save. Then, AmpCon-Campus will automatically back up configurations at a specific interval. image.png Rolling Back Configurations To restore configurations based on a backup configuration file, follow these steps: In the AmpCon-Campus UI, click Service > Config Template. In the Config Backup tab, locate a switch, and then click Snapshot List. Locate the configuration to roll back, and then click Rollback Config. image.png Set the wait time in seconds. The default value is 10. Click Save. Optional: Viewing Backup Logs To view configuration backup logs on a switch, follow these steps: In the AmpCon-Campus UI, click Service > Config Template. In the Config Backup tab, locate a switch, and then click Log. image.png Optional: Viewing All Configurations on a Switch To view detailed configurations on a switch, follow these steps: In the AmpCon-Campus UI, click Service > Config Template. In the Config Backup tab, locate a switch, and then click Config. Optional: Viewing or Deleting Backup Configuration Files To view or delete backup configuration files, follow these steps: In the AmpCon-Campus UI, click Service > Config Template. In the Config Backup tab, locate a switch, and then click Snapshot List. You can see all available backup configuration files for the switch. To view configuration details, click Snapshot. To delete a backup configuration file, click Delete. image.png Optional: Uploading Local Configuration Files You can upload a local switch configuration file to AmpCon-Campus. After you upload the configuration file, the uploaded configurations can’t be pushed to the switch directly but can be pushed to the new switch during the Returning Merchandise Authorization (RMA) process. If you didn’t back up configurations but uploaded a local configuration file before, when you RMA, the uploaded configurations will be pushed to the new switch. If you backed up configurations and also uploaded a local configuration file before, when you RMA, the backup configurations will be pushed to the new switch. To upload a local configuration file, follow these steps: In the AmpCon-Campus UI, click Service > Config Template. In the Config Backup tab, locate a switch, and then click Upload Config. image.png Select a .boot file with switch configurations and upload it. image.png Click Config. In the pop-up window, check whether the uploaded configurations are added. image.png Optional: Setting Golden Config The backup file with Golden Config will never be deleted. When the switch operation is compromised, the backup file with Golden Config is used to roll back a switch. You can also check whether the switch is operating as designed by comparing running configurations with the backup configuration file with Golden Config. To set Golden Config, follow these steps: In the AmpCon-Campus UI, click Service > Config Template. In the Config Backup tab, locate a switch, and then click Snapshot List. Locate a backup file, and then click Set Golden Config. Optional: Adding or Deleting Configuration File Tags You can add or delete tags for a backup configuration file. Follow these steps: In the AmpCon-Campus UI, click Service > Config Template. In the Config Backup tab, locate a switch, and then click Snapshot List. Locate a backup snapshot, and then click Tag Management. To add a tag, enter the tag name, and then click Add > Save. image.png To delete a tag, locate the tag, click the deletion icon, and then click Save. Managing Switches After you deploy or import switches with AmpCon-Campus, you can manage the lifecycle of these switches: Upgrading PicOS on Switches Before You Upgrade Before upgrading a switch to PicOS 4.6.0E or later, if both EVPN VXLAN and static VXLAN have been configured on the switch, you must manually delete the static VXLAN configuration. Otherwise, the upgrade will fail and terminate with the following error message: For more information, see Upgrading PICOS from Version 4.0.0 or Later Using Upgrade Command and Upgrading PICOS from Version 3.0 or Later Using Upgrade2. Upgrading PicOS on a Single Switch To upgrade PicOS on a single switch, follow these steps: In the AmpCon-Campus UI, click Resource > Upgrade Management. In the Software list, select the PicOS image to which you want to upgrade. Locate the switch in the Switch list, and then click Upgrade. image.png Click Yes to confirm the upgrade operation. Upgrading PicOS on Multiple Switches To upgrade PicOS on multiple switches, follow these steps: In the AmpCon-Campus UI, click Resource > Upgrade Management. In the Software list, select the PicOS image to which you want to upgrade. In the Switch list, select the corresponding switches, and then click Upgrade. image.png Verifying the Upgrade To verify the upgrade, follow these steps: In the Switch list, locate the switch, and then check the Upgrade Status column to see whether the status is upgraded. If the status is upgrade failed, click Log to see more details for troubleshooting. You can click the refresh icon to update the logs. image.png Returning Merchandise Authorization for Switches AmpCon-Campus supports Returning Merchandise Authorization (RMA), which means replacing a switch with another switch of the same switch model. When hardware of a switch fails and is replaced with a new switch, you can RMA to take the configurations from the failed switch, install or upgrade PicOS, update the serial number of the new switch, and push the configurations to the new switch to seamlessly manage it with AmpCon-Campus. During the RMA process, AmpCon-Campus deploys PicOS on the new switch based on the Deployed ONIE Image setting on the “Switch Model” page and configure the new switch based on the backup configuration file or uploaded configurations of the replaced switch. The backup configuration file with Golden Config is used to configure the new switch. If no backup configuration file is set with Golden Config, the latest backup configuration file is used to configure the new switch. If you haven’t done any configuration backup, the uploaded configurations are used to configure the new switch. Prerequisites Ensure that the following prerequisites are met: The switch to RMA must be in the Provisioning Success or Imported status, and you have backed up or uploaded switch configurations before. The new switch must have the same switch model as the replaced switch. Procedure To RMA, follow these steps: In the AmpCon-Campus UI, click Service > Switch. You can see a list of managed switches. Locate the switch to RMA, click Lifecycle Actions > RMA. Input the following information: Staged: Whether to stage the new switch SN: The SN number of the new switch System Configuration: The system configuration that is applicable to the new switch NOTE The selected system configuration needs to contain the default username and password of the new switch. image.png Click OK. Optional: Click Service > Switch, and check whether the switch to RMA disappears from the switch list and the new switch is shown as Provisioning Success in the switch list. Decommissioning Switches You can decommission (DECOM) a deployed switch to revoke the PicOS license and configurations from the switch. The decommissioned switch will not be managed by AmpCon-Campus. NOTEs Imported switches can’t be decommissioned but can be removed as described in Removing Switches. After an imported switch is upgraded, the switch can be decommissioned. Decommissioned switches are still displayed in the AmpCon-Campus UI. You can remove the decommissioned switch from AmpCon-Campus as described in Removing Switches. Procedure To DECOM a switch, follow these steps: In the AmpCon-Campus UI, click Service > Switch. Locate the switch, click Lifecycle Actions, and select DECOM. Click Yes to confirm the deletion. image.png Optional: Click Service > Switch, and check whether the switch is removed from the switch list. Removing Switches You can remove a deployed or imported switch from AmpCon-Campus. The switch will be removed from the AmpCon-Campus database and thus not be displayed in the AmpCon-Campus UI. NOTE Removing a switch doesn’t revoke the PicOS license and configurations from the switch. Procedure To remove a switch, follow these steps: In the AmpCon-Campus UI, click Service > Switch. Locate the switch, click Lifecycle Actions, and select Remove. Click Yes to confirm the deletion. image.png Optional: Click Service > Switch, and check whether the switch is removed from the switch list. Monitoring Switches After switches are deployed or imported with AmpCon-Campus, you can monitor these switches easily: Global View In the AmpCon-Campus UI, click Dashboard > Global View. On the “Global View” page, you can check managed switches and the health of the AmpCon-Campus server. In the CPU, MEM, and DISK sections, you can see the status of the AmpCon-Campus server including CPU, memory, and hard disk. image.png In the CPU Utilization and Memory Utilization sections, you can see the historical utilization curves for CPU and memory in the AmpCon-Campus server. image.png In the Devices section, you can see information about managed switches. The Online status means that the switch can connect with the AmpCon-Campus server. The Offline status means that the switch can’t connect with the AmpCon-Campus server. image.png In the Recent Alarms section, you can see recent switch alarms and the numbers for different types of switch alarms. image.png Switch View In the AmpCon-Campus UI, click Dashboard > Switch View. On the “Switch View” page, check the following information for managed switches: Checking Configurations or Templates In the Config/Templates section, you can see the total numbers for different types of switch configurations and templates. image.png Click the number for one specific type. You are redirected to the related page in the Service menu: Click Global Config to go to the “Global Configuration” page. Click Site Config to go to the “Switch Configuration” page. Click General Config to go to the Push Config section of the “Config Template” page. Click Retrieved Config to go to the Config Backup section of the “Config Template” page. Click Template to go to the Template List of the “Config Template” page. Click Hardware Model Configured to go to the “Switch Model” page. Checking Switches Checking Lifecycle Workflow In the Deployment and Lifecycle Work Flow section, you can see the lifecycle transition process of switches and the total number of each state. See the explanation of each state: Parking: If you provision a switch without adding a switch configuration beforehand, the switch is in Parking status. Configured: After you add a switch configuration, the switch is in Configured status. Staged: After you stage a switch, the switch is in Staged status. Deploy Failed: The switch fails to be deployed by using AmpCon-Campus. Deployed: The switch is deployed by using AmpCon-Campus. Imported: The switch is imported to AmpCon-Campus. DECOM: The deployed switch is decommissioned (DECOM) when it’s online. image.png Click Switch List. You can check all managed switches on the “Switch” page. image.png Checking the Proportions of Switches in Each Lifecycle State In the Deployment section, you can see the proportion of switches in each lifecycle state. Parking Switch: The total number of switches in Parking status Deployed Switch: The total number of switches in Deployed status Imported Switch: The total number of switches in Imported status Configured/Staged: The total number of switches in Configured or Staged status Decom Switch: The total number of switches in DECOM status Provisioning Switch: The total number of switches in Provisioning status image.png Checking Switch Models In the Hardware Models section, you can see the total numbers of switch models and their proportions. image.png Checking Licenses Checking Available License Numbers In the Available Licenses section, you can see the currently available license number. image.png Click Available Licenses, and then you are redirected to the License Portal, where you can see more details about available licenses. Checking License Expiration Dates In the License Expiration section, you can see the total number of devices that will expire in each month over the next six months. image.png Checking License Usage In the License Usage section, you can see the license usage information. image.png Checking Tasks Checking All Switch Activities In the Deployment Tasks section, click Deployment. You can see activities for all switches and each activity progress. image.png In the pop-up window, you can do the following actions: Click Display to see the initial configurations during the switch deployment process. This button is not available for imported switches. Click Log to see the log information. Click Report to see the corresponding report. Checking System Tasks In the System Tasks tab of the Deployment Tasks section, you can see the total numbers for different types of running tasks. image.png Checking Automation Jobs In the Automation Jobs tab of the Deployment Tasks section, you can see the total numbers for different types of automation jobs. image.png Click the number for one specific type. You are redirected to the related page: Click Playbooks Number to go to the “Playbooks” page. Click Jobs Number to go to the Job View section of the “Ansible Jobs List” page. Click IDLE Jobs to go to the Job View section of the “Ansible Jobs List” page. Click Running Jobs to go to the Job View section of the “Ansible Jobs List” page. Click Executed Jobs to go to the Job View section of the “Ansible Jobs List” page. Switch List and Details You can view the list of all managed switches and check detailed telemetry data related to each switch. Viewing the Switch List In the AmpCon-Campus UI, click Service > Switch. On the “Switch” page, you can see the list of all managed switches. image.png Table 1. Switch Metrics Metric Description Sysname The hostname of the switch. SN/Service Tag The serial number or service tag of the switch. Model The model of the switch. Version The version of the switch. Status The state of the switch. The following states are supported: Imported: The switch is imported to AmpCon-Campus. Provisioning Success: The switch is deployed by using AmpCon-Campus. Configured: After you add a switch configuration, the switch is in Configured status. Staged: After you stage a switch, the switch is in Staged status. Registered: The switch has registered with AmpCon-Campus but hasn’t been deployed completely. Provisioning Failed: The switch fails to be deployed by using AmpCon-Campus. DECOM: The deployed switch is decommissioned (DECOM) when it’s online. DECOM-Manual: The deployed switch is decommissioned (DECOM) when it’s offline. RMA: The switch is replaced with another switch of the same switch model by using Return Merchandise Authorization (RMA). Mgmt IP The switch IP address used to connect to AmpCon-Campus. The status icons ✓ and x. ✓: The switch is up and connected to AmpCon-Campus. x: The switch is down or not connected to AmpCon-Campus. In the Operation column, you can manage the switch as follows: To connect to the switch from the AmpCon-Campus UI through an SSH session, follow these steps: Click SSH. You can select either Password or SSH Key to access a device in the Select Authentication section. a. If you select Password, input the following information: Table 1. Password Parameters Parameter Description Username The username to log in to the switch. NOTE The value is a string with at most 32 characters. The following characters are supported: Lowercase letters including a to z. Uppercase letters including A to Z. Digits including 0 to 9. Special characters including "_", "-", and ".". Usernames cannot start with a special character ("_", "-", and "."). Password The password of the user. image.png b. If you select SSH Key, input the following information: Table 2. SSH Key Parameters Parameter Description Username The username to log in to the switch. NOTE The value is a string with at most 32 characters. The following characters are supported: Lowercase letters including a to z. Uppercase letters including A to Z. Digits including 0 to 9. Special characters including "_", "-", and ".". Usernames cannot start with a special character ("_", "-", and "."). Key The private key generated by using the ssh-keygen command. Click Upload, find the file where the private key is saved, and upload it. Passphrase Optional. The password used to protect the SSH keys. You can choose whether to specify a passphrase when generating the SSH keys. If you do not specify a passphrase when generating SSH keys, you must leave this field blank. For more information about SSH keys, see SSH Key Authentication. Click Apply. To check the operation log of the switch, click Log. To change the system configuration of the switch, click Configuration. To back up configurations for the switch, hover your mouse over Config View, and then click Backup Config. For more information, see Backing up Switch Configurations. To upload configurations of the switch, hover your mouse over Config View, and then click Upload Config. For more information, see Uploading Local Configuration Files. To replace the switch with another switch of the same switch model, hover your mouse over Lifecycle Actions, and then click RMA. For more information, see Returning Merchandise Authorization for Switches. To remove the switch from AmpCon-Campus, hover your mouse over Lifecycle Actions, and then click Remove. For more information, see Removing Switches. Viewing Telemetry Data of a Switch Click a specific switch SN or service tag in the switch list. You can see detailed telemetry data related to the switch. For more information, see Telemetry Data of a Switch. image.png Viewing the Parking Lot If you provisioned a switch without adding a switch configuration beforehand, the switch will be in Parking status. The switch in Parking status is not listed on the “Switch” page and can’t be staged. In the AmpCon-Campus UI, click Service > Switch from the navigation bar. On the “Switch” page, click Parking Lot, and then you can see all switches in Parking status. image.png Table 2. Switch Metrics Metric Description SN The serial number of the switch Hardware ID The Hardware ID of the switch IP Address The switch IP address used to connect to AmpCon-Campus Model The model of the switch Register Count The number of times the switch initiates ZTP authentication with the AmpCon-Campus server Time In The time when the switch initiates the first ZTP authentication with the AmpCon-Campus server Latest Time The time when the switch initiates the last ZTP authentication with the AmpCon-Campus server Flag Indicates whether the switch has been investigated In the Operation column, you can manage the switch as follows: To add a switch configuration, click Create Config. Then, the switch will be listed on the “Switch” page and can be staged. To confirm whether you have viewed the switch, click Investigated. After you click the button, the value of the Flag field will be "I". To remove the switch from the parking lot list, click Remove. To save all the switch information from the parking lot list to a local file, click Export in the top-left corner. Updating the Switch Hostname During the switch lifecycle, you might need to change their hostnames. To see the latest hostnames, follow these steps: Log in to the AmpCon-Campus UI, and then click Service > Switch from the navigation bar. Click Lifecycle Actions, and then select Sync Hostname. image.png Click Yes. Updating the Switch Mgmt IP Address During the switch lifecycle, you might need to change their Mgmt IP addresses, which are used to connect to AmpCon-Campus. To see the latest Mgmt IP addresses, follow these steps: Log in to the AmpCon-Campus UI, and then click Service > Switch from the navigation bar. Click Lifecycle Actions, and then select Sync Mgmt IP Address. image.png Click Yes. Wired Clients AmpCon-Campus supports automatically identifying terminal devices connected to each managed switch and manually adding terminal devices. By using this feature, you can accurately and securely identify terminal devices in your network and thus facilitate refined management of terminal devices. Viewing Terminal Devices You can view terminal devices (like PCs, Printers, cameras, smartphones, tablets, IP phones) connected to each managed switch on the “Wired Clients” page. To check the terminal devices, click Monitor > Wired Clients in the AmpCon-Campus UI. Then, on the “Wired Clients” page, you can see the following information: image.png Table 1. Wired Client Metrics Metric Description Client Name The name of the terminal device. During the automatic terminal identification process, AmpCon-Campus assigns the MAC address of the terminal device as its client name. When you manually add a terminal device, you need to designate its client name. For terminal devices displayed on the “Wired Clients” page, you can modify their client names as described in the Editing Terminal Device Names section. MAC Address The MAC address of the terminal device. Manufacturer The manufacturer of the terminal device. Switch SN The SN of the switch to which the terminal device connects. State The state of the terminal device. Online: The terminal device is up and connected to the switch. Offline: The terminal device is down or isn’t connected to the switch. Up/Down Time The last time the terminal device was online and offline. Latest Time The time when the switch initiates the last ZTP authentication with the AmpCon-Campus server Flag Indicates whether the switch has been investigated Filtering Terminal Devices To check all terminal devices connected to a managed switch, click the filter icon in the Switch SN column, and then enter the switch SN. image.png To check all terminal devices with a specific manufacturer, click the filter icon in the Manufacturer column, and then enter the keyword of the manufacturer. To check a specific terminal information, click the filter icon in the MAC Address column, and then enter the MAC address. To check all offline or online terminals, click the filter icon in the State column, and then enter “online“ or “offline“. Sorting the Terminal Device List All columns on the “Wired Clients” page support descending and ascending sorting. To sort terminal devices based on a column, click the sorting icon at the top of the column. image.png Editing Terminal Device Names To edit the name of a terminal device, follow the steps: On the “Wired Clients” page, locate the terminal device, and then click Edit. Enter a new name. image.png Click Save. Removing Offline Terminal Devices To remove an offline terminal device from AmpCon-Campus, follow the steps: NOTE Only terminal devices in offline state can be removed. On the “Wired Clients” page, locate the terminal device, and then click Remove. Click Yes to confirm the removal. Adding Terminal Devices If a terminal device is removed or always offline, you might not see the terminal device on the “Wired Clients” page. To monitor the status of the terminal device, you can manually add it to AmpCon-Campus. Follow these steps: On the “Wired Clients” page, click Create Client. In the Client Name field, enter a name to distinguish the terminal device. In the MAC Address field, enter the MAC Address of the terminal device. NOTE You must enter a valid MAC address. Or else, the verification will fail. image.png In the Switch drop-down list, click the plus icon, and click the switch to which the terminal device connects, and then click Update. Click Save. After you manually add a terminal device, AmpCon-Campus determines its state based on the following rules: If the terminal device is up and connected to the selected switch, the state is displayed as Online. If the terminal device is down or isn’t connected to the selected switch, the state is displayed as Offline. If you remove the switch to which the terminal device is connected as described in Removing Switches, the state of the terminal device is displayed as Offline. Viewing Terminal Devices in a Topology When you click a switch in a topology, you can see the real-time or historical information about the terminal devices connected to this switch in the topology. For more information, see Viewing Terminal Devices in a Topology. image.png Telemetry To ensure that the network is healthy and devices are working well, you need to continuously monitor and validate the operational state of your network and devices. AmpCon-Campus uses the telemetry technology to automatically collect real-time or historical metric data from managed switches. In addition, AmpCon-Campus analyzes the telemetry data to predict equipment failures and performance anomalies and then trigger immediate alarms. By using AmpCon-Campus, you can view multi-dimensional telemetry data of all managed switches in a centralized user interface, gain detailed insights into network performance and device health, and proactively troubleshoot and optimize your network performance. Prerequisites The telemetry data can be displayed in the AmpCon-Campus UI only when the following prerequisites are met: The switch to be monitored is connected to the AmpCon-Campus server. Click Service > Switch, and then check the Mgmt IP column √ means the switch is connected to the AmpCon-Campus server. × means the switch is not connected to the AmpCon-Campus server. Google Remote Procedure Call (gRPC) and Link Layer Discovery Protocol (LLDP) are enabled on the switch to be monitored. By default, gRPC and LLDP are enabled automatically after you deploy a switch with AmpCon-Campus or import a switch to AmpCon-Campus. Use Cases The following scenarios are examples of using the telemetry data: Monitor your network comprehensively with the telemetry data You can have an overall understanding about the network running status by checking telemetry metrics like routing neighbors, switch resource utilization, port counts, and Layer 2 and Layer 3 forwarding tables. Track real-time performance metrics from various switches You can monitor performance-related telemetry metrics for all managed switches, such as port traffic, bandwidth utilization, and packet loss rate. Optimize network performance based on the telemetry data You can better distribute the load based on the routing neighbor information, avoid excessive load on certain neighbors, and improve the overall network performance. Decrease time and efforts on locating and resolving network problems You can get early warnings of network failures, be notified when equipment failures and performance anomalies happen, and quickly troubleshoot and address network issues. Viewing Global Telemetry Data To view the telemetry data of all managed switches, click Dashboard > Telemetry Dashboard in the AmpCon-Campus UI. For detailed information about each telemetry metric, see Global Telemetry Data. Viewing Telemetry Data of a Switch To view the telemetry data of a specific switch, click Service > Switch in the AmpCon-Campus UI, and then click the SN or service tag of the switch. For detailed information about each telemetry metric, see Telemetry Data of a Switch. Filtering Telemetry Data To filter telemetry data as needed, use the following methods: To specify the metrics that you want to monitor, click the All Counters icon, select the metrics, and then click OK. To specify how many ports that you want to monitor, select one of the following options: Top 5: The 5 switch ports with the largest values. By default, Top 5 is selected. Top 10: The 10 switch ports with the largest values. Top 25: The 25 switch ports with the largest values. NOTE Even though Top X is selected, you might see less than the selected number of switch ports in the line chart when other ports are down. image.png To specify the time range for the data display, select the start date and end date in the Time section. Open image-20250520-095537.png To display or hide the data of a switch port, click the square before the port. 9c26a6be-0216-46fd-8fae-d75073240ab8.gif To view the metric details in a specific time point, hover the mouse over that time point. image.png Global Telemetry Data Click Dashboard > Telemetry Dashboard in the AmpCon-Campus UI, and then you can see the following telemetry data of all managed switches: CPU and Memory image.png Table 1. CPU and Memory NOTE The CPU and Memory sections are always displayed and can’t be hidden. You can display or hide other metrics by clicking the setting icon and selecting the metrics to be monitored. Port Metrics image.png Table 2. Port Metrics Metric Description In Octets The number of octets (8-bit bytes) received by a switch port. In Pkts The number of incoming packets received by a switch port. In Discards The number of incoming packets that a switch port intentionally discards (drops) during processing. In Errors The number of incoming packets that contain errors and are dropped by a switch port. In Fcs Errors The number of incoming packets that fail the Frame Check Sequence (FCS) validation. Out Octets The number of octets (8-bit bytes) transmitted out of a switch port. Out Pkts The number of outgoing packets transmitted by a switch port. Out Discards The number of outgoing packets that a switch port intentionally discards (drops) before they are transmitted. Out Errors The number of outgoing packets that a switch port fails to transmit successfully due to errors. Out Bits Rate The rate at which bits are transmitted from a switch port. It’s measured in bits per second (bps). In Bits Rate The rate at which bits are received by a switch port. It’s measured in bits per second (bps). Out Pkts Rate The rate of data packets sent from a switch port. It’s measured in Packets Per Second (pps). In Pkts Rate The rate of data packets received by a switch port. It’s measured in Packets Per Second (pps). Module Metrics image.png Table 3. Module Metrics Metric Description Output Power The amount of optical power delivered by the optical module connected to the switch port. It’s measured in dBm. Input Power The amount of optical power consumed by the optical module connected to the switch port. It’s measured in dBm. Laser Temperature The temperature of the optical module connected to the switch port. It’s measured in Celsius (°C). Output Power - Input Power The difference between the output power and the input power. Telemetry Data of a Switch Click Service > Switch in the AmpCon-Campus UI, and click a specific switch SN or service tag in the switch list. Then, you can see the following telemetry data related to the switch: Device Information In the Device Information section, you can see the following information: image.png Table 1. Device Information Metrics Metric Description Model The model of the switch. SN The serial number of the switch. Hardware-ID The hardware ID of the switch. MAC Address The MAC address of the switch. Sysname The hostname of the switch. IP Address The switch VPN IP address that is used to communicate with AmpCon-Campus. Version The PicOS version on the switch. Switch Overview Click the Switch Overview tab. Then, you can see the following line charts: image.png NOTE The Usage and Fan sections are always displayed and can’t be hidden. You can display or hide other metrics by clicking the setting icon and selecting the metrics to be monitored. Table 2. Switch Overview Metrics Metric Description Usage The CPU and memory usage of the switch. It’s measured in percentage. Fan The proportion of the fan's PWM to the total width. In Octets The number of octets (8-bit bytes) received by the switch port. In Pkts The number of incoming packets received by the switch port. In Discards The number of incoming packets that the switch port intentionally discards (drops) during processing. In Errors The number of incoming packets that contain errors and are dropped by the switch port. In Fcs Errors The number of incoming packets that fail the Frame Check Sequence (FCS) validation. Out Octets The number of octets (8-bit bytes) transmitted out of the switch port. Out Pkts The number of packets transmitted out of the switch port. Out Discards The number of outgoing packets that the switch port intentionally discards (drops). Out Errors The number of outgoing packets that the switch port fails to transmit successfully due to errors. Out Bits Rate The rate at which bits are transmitted from the switch port. It’s measured in bits per second (bps). In Bits Rate The rate at which bits are received by the switch port. It’s measured in bits per second (bps). Out Pkts Rate The rate of data packets sent from the switch port. It’s measured in Packets Per Second (pps). In Pkts Rate The rate of data packets received by the switch port. It’s measured in Packets Per Second (pps). Output Power The amount of optical power delivered by the optical module connected to the switch port. It’s measured in dBm. Input Power The amount of optical power consumed by the optical module connected to the switch port. It’s measured in dBm. Laser Temperature The temperature of the optical module connected to the switch port. It’s measured in Celsius (°C). Output Power - Input Power The difference between the output power and the input power. Device Overview Click the Device Overview tab. Then, you can see the following tables: image.png Redundant Power Supply Units (RPSUs) Table 3. RPSU Metrics Metric Description PSU Index The index of the Power Supply Unit (PSU). Power on Whether the PSU is powered on. Enabled Whether the PSU is activated or turned on. Present Whether the PSU is properly plugged. Fans Table 4. Fan Metrics Metric Description Position The position of the fan. Direction The direction of the wind, forward or back. PWM The proportion of the fan's PWM to the total width. Speed The fan speed. Port Overview Click the Port Overview tab. Then, you can see the following table: image.png Table 5. Port Overview Metrics Metric Description Port Name The name of the switch port. Port State The state of the switch port. MTU The largest size of a data packet that can be transmitted over a network without being fragmented. It’s measured in bytes. Loopback Mode Whether the loopback mode is enabled on this port.In loopback mode, the switch port sends data packets that are then routed back to itself. You can enable this mode to verify whether data can be sent or received as expected without involving external networks. Port Speed The maximum data transfer rate that the port can support. In Bandwidth Utilization The percentage of the inbound bandwidth that is being used on the port. Out Bandwidth Utilization The percentage of the outbound bandwidth that is being used on the port. Auto Negotiate Whether the Auto Negotiate feature on the port is enabled.Auto Negotiate means the process to automatically negotiate and select the optimal operating parameters, such as the speed and duplex mode. Mac Addr The MAC address of the switch port connecting to this switch port. Duplex Mode Whether data can flow in one direction (half duplex) at a time or both directions (full duplex) simultaneously. In Broadcast Pkts The number of broadcast packets received by the port. In Discards The number of incoming packets that the switch port intentionally discards (drops) during processing. In Errors The number of incoming packets that contain errors and are dropped by the switch port. In Fcs Errors The number of incoming packets that fail the Frame Check Sequence (FCS) validation. In Multicast Pkts The number of multicast packets received by the switch port. In Octets The number of octets (8-bit bytes) received by the switch port. In Pkts The number of incoming packets received by the switch port. In Unicast Pkts The number of unknown unicast packets received by the switch port. Out Broadcast Pkts The number of broadcast packets sent by the switch port. Out Discards The number of outgoing packets that the switch port intentionally discards (drops). Out Errors The number of outgoing packets that the switch port fails to transmit successfully due to errors. Out Multicast Pkts The number of multicast packets sent by the switch port. Out Octets The number of octets (8-bit bytes) transmitted out of the switch port. Out Pkts The number of packets transmitted out of the switch port. Out Unicast Pkts The number of unknown unicast packets sent by the switch port. In Oversize Frames The number of oversize frames received by a switch port.Oversize frames mean frames that exceed the typical maximum transmission unit (MTU) size. In Undersize Frames The number of undersize frames received by a switch port.Undersize frames mean frames with a length less than 64 bytes and a correct checksum. Out Bits Rate The rate at which bits are transmitted from the switch port. It’s measured in bits per second (bps). In Bits Rate The rate at which bits are received by the switch port. It’s measured in bits per second (bps). Out Pkts Rate The rate of data packets sent from the switch port. It’s measured in Packets Per Second (pps). In Pkts Rate The rate of data packets received by the switch port. It’s measured in Packets Per Second (pps). In Frames 64 Octets The number of 64-byte frame packets received by the switch port. In Frames 65-127 Octets The number of frame packets between 65 and 127 bytes received by the switch port. In Frames 128-255 Octets The number of frame packets between 128 and 255 bytes received by the switch port. In Frames 256-511 Octets The number of frame packets between 256 and 511 bytes received by the switch port. In Frames 512-1023 Octets The number of frame packets between 512 and 1023 bytes received by the switch port. In Frames 1024-1518 Octets The number of frame packets between 1024 and 1518 bytes received by the switch port. Modules Overview Click the Modules Overview tab. Then, you can see the following table: image.png Table 6. Module Overview Metrics Metric Description Port Name The name of the switch port connected with the optical module. Connector Type The type of the connector used by the optical module. Form Factor The physical size, shape, and interface specifications of the optical module. Vendor The manufacturer of the optical module. Vendor Part The model name of the optical module. Transmission Distance The maximum distance over which an optical signal can be transmitted effectively through the module. Transmission Rate The speed at which data can be transmitted through the module. It’s measured in gigabits per second (Gbps). WaveLength The distance between two corresponding points on an optical wave, typically measured from crest to crest (or trough to trough). It’s measured in nanometers (nm). Tx Power The amount of optical power consumed by the optical module. It’s measured in dBm. Rx Power The amount of optical power delivered by the optical module. It’s measured in dBm. Power Budget The difference between the output power and the input power. Temperature The temperature of the optical module. It’s measured in Celsius (°C). BGP Click the BGP tab. Then, you can see the following table: image.png Table 7. BGP Metrics Metric Description VRF Name The name of the Virtual Routing and Forwarding (VRF) instance. BGP Version The version of Border Gateway Protocol (BGP). Local AS The Autonomous System Number (ASN) of the local switch. Local Router ID The unique BGP identifier of the local switch. Remote AS The ASN of the remote device. Remote Router ID The unique BGP identifier of the remote device. BGP State The state of the BGP session. Hold Time The allowed maximum time between two BGP peers without receiving any messages. It’s measured in seconds. Keepalive Interval The time interval for sending KEEPALIVE messages between BGP peers. It’s measured in seconds. OSPF Click the OSPF tab. Then, you can see the following table: image.png Table 8. OSPF Metrics Metric Description VRF Name The name of the VRF instance. Neighbor ID The unique identifier to distinguish a neighboring device. Pri The OSPF router priority, which is a parameter that influences the election process for the Designated Router (DR) and Backup Designated Router (BDR) within an OSPF network. State The current status of the OSPF router. Dead Time The amount of time that a router waits to receive a Hello packet from a neighboring router before it declares that neighbor as "dead" or unreachable. It’s measured in seconds. Address The IP address of the neighbor. Interface The interface on a router to establish the OSPF neighbor relationship. RXmtl The total number of link state advertisements on the retransmission queue sent to neighbors. Rqstl The total number of link state advertisements on the request messages queue sent to neighbors. DBsml The total number of link state advertisements on the Database Description (DD) messages queue sent to neighbors. DR The Designated Router, a special router elected within an OSPF area to handle the exchange of link-state information. BDR Backup Designated Router, a backup to the DR in an OSPF network. MAC Click the MAC tab. Then, you can see the following table: image.png Table 9. MAC Metrics Metric Description MAC address The MAC address of the switch port connecting to this switch. Interface The physical port associated with the MAC address. Vlan Th identifier of the VLAN including this MAC address. Age The duration during which the MAC address entry remains valid before it is deleted due to lack of updates. It’s measured in seconds. Type The obtaining method of the MAC address, dynamic or static. ARP Click the ARP tab. Then, you can see the following table: image.png Table 10. ARP Metrics Metric Description Address The IP address of the neighboring switch. HW Address The MAC address of the neighboring switch. Type The types of the ARP entry, dynamic or static. Interface The physical or logical port on the switch associated with the IP address and the MAC address. IP Route image.png Table 11. IP Route Metrics Metric Description Type The protocol through which the route was learned or configured. DIRECTLY_CONNECTED: This is a directly connected network. STATIC: This is a static route. OSPF: This is a route learned through the OSPF protocol. BGP: This is a route learned through the BGP protocol. Destination Network The address and subnet mask of the destination network. Route Metrics The metric (or cost) of the route, which determines the priority of the route. For example, [110/2] indicates that the route uses the OSPF protocol, where 110 is the OSPF priority (cost) and 2 is the metric of the route. Next-Hop The next hop IP address to which packets are forwarded. Outgoing Interface The network interface from which packets are forwarded. Route Age The elapsed time since the route was learned or configured. Topology You can use the automatic discovery of topology feature to visualize your switches in all locations and drill down into an individual switch, right to the port level, to check port stats and overall health of the switch. In addition, you can view real-time or historical information about terminal devices connected to the switch. Managing Topologies Topologies can help you identify and visualize your network structure. You can add, edit, or delete topologies by using the AmpCon-Campus UI. NOTE The topologies in the Site section are automatically created and can’t be manually added or deleted. To add switches to a site or remove switches from a site, see Managing Sites. Adding a Topology In the AmpCon-Campus UI, click Topo > Topology. In the Topology List section, click the “Add Topology” icon. image.png Enter the topology name and description (optional), add then click Add. Wait for the process to complete. Then, you can see the new topology in the Topology list. Editing a Topology Click the topology in the Topology List section, and then click the edit icon. Enter a new name or description, and then click Save. Deleting a Topology Click the topology in the Topology List section, and then click the delete icon. In the pop-up window, verify the name of the topology, and then click Yes to confirm the deletion. Verify whether the topology is removed from the Topology List section. Setting or Unsetting a Default Topology When you click Topo > Topology, the default topology is displayed. To set a default topology, follow these steps: Click a non-default topology, and then click the “Set Default Topology” icon. image.png Verify whether the selected topology is marked with the default icon. image.png To unset a default topology, click the default topology, and then click the “Set Default Topology” icon again. Planning Topologies You can enter the topology edit mode to customize a topology based on your actual needs. Entering the Topology Edit Mode In the AmpCon-Campus UI, click Topo > Topology. Select the topology in the Topology List section to enter the real-time topology mode. Click the "Edit" icon to enter the topology edit mode. image.png Adding Switches to a Topology To add switches to a topology, follow these steps: Enter the topology edit mode as described in the last section. Click the topology, and then click the "Add Device" icon. image.png Select the switches that you want to add, and then click Save. Removing Switches from a Topology To remove switches from a topology, follow these steps: Enter the topology edit mode as described in the Entering the Topology Edit Mode section. Remove switches by using either of the following ways: Using the "Add Device" icon Click the topology, and then click the "Add Device" icon. Uncheck the switches that you want to remove, and then click Save. Using the “Delete Node” icon Click the topology, and then click the "Delete Node" icon. Automatically Discovering Links In the topology edit mode, click the "Auto Discover" icon. image.png In the pop-up window, click Yes to start the auto-discovery process. Wait for the process to complete. Then, the links in the topology are updated. NOTE If switches in the topology don’t connect with each other in the real network, you will not see links. Manually Adding Links To add a link, follow these steps: In the topology edit mode, hover your mouse over a switch until you see a cross symbol. Connect the switch with another switch. Then, you can see an Add Link pop-up window. In the Ports section, input the connection ports for these two switches. Click + on the right to add a new port connection, or click - to remove a port connection. If a selected port is already in use by another link, a warning is displayed. image.png Click Add Link. After you add a link and save the topology, the link is displayed in red or green based on real connectivity status: If the link between these two switches doesn’t exist in the real network, the link is marked in red. If the link between these two switches exists in the real network, the link is marked in green. Editing Links After a link is added, you can edit the link. Follow these steps: Right-click a link, and click Edit. In the pop-up window, modify the link as needed. Click Add Link. image.png Selecting a Topology Layout In the topology edit mode, you can see the topology in the auto hierarchy layout by default. To select a topology layout, follow these steps: Click the arrow below the Auto Hierarchy Layout button. image.png Select a layout from the following four layout styles: Auto Hierarchy Layout (Tree Layout) Select a specific switch in the topology, and then click Auto Hierarchy Layout. You can see a tree layout with the switch as the root node. The auto hierarchy layout cannot be applied when no switches are selected or no links exist among switches. Grid Layout If no switches are selected, the grid layout automatically lays out all global elements. If some switches are selected, the grid layout is applied only to the selected switches. Circular Layout If no switches are selected, the circular layout automatically lays out all global elements. If some devices are selected, the circular layout is applied only to the selected switches. Elliptical Layout If no switches are selected, the elliptical layout automatically lays out all global elements. If some switches are selected, the elliptical layout is applied only to the selected switches. Zooming in or out of a Topology To zoom in a topology, hover the mouse over the topology diagram, hold down the Ctrl key on the keyboard, and scroll the mouse wheel forward. To zoom out of a topology, hover the mouse over the topology diagram, hold down the Ctrl key on the keyboard, and scroll the mouse wheel backward. Undoing or Redoing Operations In the topology edit mode, you can undo or redo operations. To revert to the last operation, click Undo. To redo the last operation, click Redo. If no undo or redo operations are available, these two buttons are grayed out and disabled. image.png Saving a Topology In the topology edit mode, click Save to save the current topology. Wait for the process to complete. After the topology is saved, you will automatically exit the topology edit mode. image.png Setting whether to Display the Legend To hide the legend, click the "Hide Legend" icon in the topology edit mode. image.png To show the legend, click the "Show Legend" icon in the topology edit mode. Refreshing the Current Topology In the topology edit mode, click the "Refresh" icon. image.png The topology diagram will revert to the last saved state, and any unsaved changes will be lost. Exiting the Topology Edit Mode To exit the topology edit mode, click the "Cancel Edit" icon in the topology edit mode. image.png Viewing Real-Time Topologies You can enter the real-time topology mode to view real-time network status such as switch status and link faults. By clicking a switch or a link, you can see detailed stats information. Entering the Real-Time Topology mode In the AmpCon-Campus UI, click Topo > Topology. Click the topology in the Topology List section, and then you enter the real-time topology mode automatically. image.png NOTE If you are in the historical topology mode, click the “Back To Real-Time Topology” icon to return to the real-time topology mode. image.png Refreshing the Topology In the real-time topology mode, click the "Refresh" icon. image.png Zooming in or out of a Topology To zoom in a topology, hover the mouse over the topology diagram, hold down the Ctrl key on the keyboard, and then scroll the mouse wheel forward. To zoom out of a topology, hover the mouse over the topology diagram, hold down the Ctrl key on the keyboard, and then scroll the mouse wheel backward. Exporting a Topology In the real-time topology mode, click the "Download Image" icon. You can view the exported topology in the download history of your browser. image.png Viewing Historical Topologies You can enter the historical topology mode to view the network status at different time or analyze the historical topology to trace problems. Viewing a Historical Topology In the AmpCon-Campus UI, click Topo > Topology. Click the topology in the Topology List section, and then you enter the real-time topology mode automatically. To enter the historical topology mode, click the "History" icon. image.png Then, you can see the historical topology as follows: image.png In the historical topology mode, click the "Aim" icon. image.png Modify the time as needed in the pop-up window, and click OK. image.png After the topology is loaded completely, the topology shows the state at the selected time point. The timeline shows 35 minutes forward or backward from that time point. Click the time points in the timeline to view historical topologies at different time. Zooming in or out of a Topology To zoom in a topology, hover the mouse over the topology, hold down the Ctrl key on the keyboard, and then scroll the mouse wheel forward. To zoom out of a topology, hover the mouse over the topology, hold down the Ctrl key on the keyboard, and then scroll the mouse wheel backward. Exporting a Topology In the historical topology mode, click the "Download Image" icon. You can view the exported topology in the download history of your browser. image.png Returning to the Real-Time Topology Mode In the historical topology mode, click the “Back To Real-Time Topology” icon to leave the historical mode. image.png Viewing Switch Details, Ports, and Terminal Devices When you click a s witch in a topology, you can view real-time or historical information about the switch, switch ports, and terminal devices connected to the switch. Viewing Real-Time or Historical Data To view real-time switch details, switch ports, and terminal devices, enter the real-time topology mode, and then click the switch to be monitored. To view historical switch details, switch ports, and terminal devices, enter the historical topology mode, and then click the switch to be monitored. Then, you can see the following sections in the topology: Device Info In the Device Info section, you can see the following switch-related information: image.png Table 1. Device Info Metrics Metric Description Switch Name The name of the switch. Switch SN The SN of the switch. Model The model of the switch. Version The PicOS version of the switch. State The state of the switch. For the topologies in the Site section, the following switch states are supported: Imported: The switch is imported to AmpCon-Campus. Provisioning Success: The switch is deployed by using AmpCon-Campus. Configured: After you add a switch configuration, the switch is in Configured status. Staged: After you stage a switch, the switch is in Staged status. Registered: The switch has registered with AmpCon-Campus but hasn’t been deployed completely. Provisioning Failed: The switch fails to be deployed by using AmpCon-Campus. DECOM: The deployed switch is decommissioned (DECOM) when it’s online. DECOM-Manual: The deployed switch is decommissioned when it’s offline. RMA: The switch is replaced with another switch of the same switch model by using Return Merchandise Authorization (RMA). For the topologies in the Topology section, the following switch states are supported: Imported: The switch is imported to AmpCon-Campus. Provisioning Success: The switch is deployed by using AmpCon-Campus. Mgmt IP The management IP address (VPN IP address) of the switch. Port Info In the Port Info section, you can see the following port-related metrics: image.png Table 2. Port Info Metrics Metric Description Port Name The name of the switch port Port State The state of the switch port, up or down Port Speed The maximum data transfer rate that the port can support In Octets The number of octets (8-bit bytes) received by the switch port In Pkts The number of incoming packets received by the switch port In Discards The number of incoming packets that the switch port intentionally discards (drops) during processing In Errors The number of incoming packets that contain errors and are dropped by the switch port Out Octets The number of octets (8-bit bytes) transmitted out of the switch port Out Pkts The number of outgoing packets transmitted by the switch port Out Discards The number of outgoing packets that the switch port intentionally discards (drops) before they are transmitted Out Errors The number of outgoing packets that the switch port fails to transmit successfully due to errors Client Info In the Client Info section, you can view the following metrics for terminal devices connected to the switch: Open image-20250520-100906.png Table 3. Client Info Metrics Metric Description Client Name The name of the terminal device. During the automatic terminal identification process, AmpCon-Campus assigns the MAC address of the terminal device as its client name. When you manually add a terminal device, you need to designate its client name. For more information, see Adding Terminal Devices. For terminal devices displayed on the “Wired Clients” page, you can modify their client names as described in the Editing Terminal Device Names section. State The state of the terminal device, including Online and Offline: Online: The terminal device is up and connected to the switch. Offline: The terminal device is down or isn’t connected to the switch. MAC Address The MAC address of the terminal device. Manufacturer The manufacturer of the terminal device. Alarms AmpCon-Campus uses monitoring data to predict equipment failures and performance anomalies and then trigger immediate alarms. By checking these alarms, you can take corrective actions before issues are escalated. Supported Alarm Types and Levels AmpCon-Campus supports the following alarm levels: Error Warning Info AmpCon-Campus supports the following alarm types: Packet Loss Alert Resource Usage Alert Interface Monitoring Alert Optical Module Alert For detailed alarms and related alarm levels, see Alarm Types and Levels. Viewing Alarms Viewing All Unread Alarms In the AmpCon-Campus UI, click Monitor > Alarm. You can see all unread alarms. image.png Viewing All Alarms Click All Messages, and then you can see all alarms. image.png Click Back to Alarms, and then you can see all unread alarms. image.png Viewing All Unread "Error" Alarms Click the red flame icon, and then you can see all unread "error" alarms. image.png Viewing All Unread "Warn" Alarms Click the orange warning icon, and then you can see all unread "warn" alarms. image.png Viewing All Unread "Info" Alarms Click the blue bell icon, and then you can see all unread "info" alarms. image.png Alarm Types and Levels Packet Loss Alarms Table 1. Packet Loss Alarms Alarm Metric Description Triggering Condition Alarm Level In Errors The number of incoming packets that contain errors and are dropped by a switch port increase The metric value changes two times in the last four sampling cycles. Error Out Errors The number of outgoing packets that a switch port fails to transmit successfully due to errors The metric value changes two times in the last four sampling cycles. Error In Discards The number of incoming packets that a switch port intentionally discards (drops) during processing The metric value changes two times in the last four sampling cycles. Error Out Discards The number of outgoing packets that a switch port intentionally discards (drops) before they are transmitted The metric value changes two times in the last four sampling cycles. Error In Fcs Errors The number of incoming packets that fail the Frame Check Sequence (FCS) validation The metric value changes two times in the last four sampling cycles. Error Resource Usage Alarms Table 2. Resource Usage Alarms Alarm Metric Description Triggering Condition Alarm Level CPU Usage The CPU usage The metric value exceeds 85%. Warn Memory Usage The memory usage The metric value exceeds 85%. Warn In Bindwidth Usage The input bandwidth usage The metric value exceeds 85%. Warn Out Bindwidth Usage The output bandwidth usage The metric value exceeds 85%. Warn Fan PWM Usage The proportion of the fan's Pulse Width Modulation (PWM) to the total width The metric value is over 85%. Warn RPSU Power-on Whether the Power Supply Unit (PSU) is powered on or off The metric value changes. Info Interface Monitoring Alarms Table 3. Interface Monitoring Alarms Alarm Metric Description Triggering Condition Alarm Level Admin Status The port status (Up or Down) manually configured by the network administrator, including Up and Down The metric value changes. Info Oper Status The actual operational port status (Up or Down), which is detected by the switch The metric value changes. Warn MTU The largest size of a data packet that can be transmitted over a network without being fragmented. It’s measured in bytes The metric value changes. Info Loopback Mode Whether the loopback mode is enabled on this port The metric value changes. Info Duplex Mode Whether data can flow in one direction (half duplex) at a time or both directions (full duplex) simultaneously The metric value changes. Warn Port Speed The maximum data transfer rate that the port can support The metric value changes. Warn Optical Module Alarms Table 4. Optical Module Alarms Alarm Metric Description Triggering Condition Alarm Level Laser Temperature The temperature of the optical module connected to the switch port. It’s measured in Celsius (°C) The metric value exceeds 90 °C. Warn Tx Power The amount of optical power delivered by the optical module connected to the switch port The metric value is not in the output power range. See the Tx Power and Rx Power Ranges section. Warn Rx Power The amount of optical power consumed by the optical module connected to the switch port The metric value is not in the input power range. See the Tx Power and Rx Power Ranges section. Warn Power Budget The difference between the output power and the input power The metric value changes. Info Tx Power and Rx Power Ranges Table 5. Tx Power and Rx Power Ranges Optical Module Type Input Power Range Output Power Range CFP Min: -10, Max: 0 Min: -8, Max: 2 CFP2 Min: -10, Max: 0 Min: -8, Max: 2 CFP2_ACO Min: -10, Max: 0 Min: -5, Max: 5 CFP4 Min: -10, Max: 0 Min: -8, Max: 2 QSFP Min: -10, Max: 0 Min: -8, Max: 2 QSFP28 Min: -10, Max: 0 Min: -8, Max: 2 QSFP28_DD Min: -10, Max: 0 Min: -8, Max: 2 QSFP56 Min: -10, Max: 0 Min: -8, Max: 2 QSFP56_DD Min: -10, Max: 0 Min: -8, Max: 2 QSFP56_DD_TYPE1 Min: -10, Max: 0 Min: -8, Max: 2 QSFP56_DD_TYPE2 Min: -10, Max: 0 Min: -8, Max: 2 QSFP_PLUS Min: -10, Max: 0 Min: -8, Max: 2 SFP Min: -17, Max: -1 Min: -9, Max: -1 SFP_PLUS Min: -17, Max: -1 Min: -9, Max: -1 SFP28 Min: -12, Max: -1 Min: -8, Max: 4 SFP56 Min: -12, Max: -1 Min: -8, Max: 4 SFP_DD Min: -12, Max: -1 Min: -8, Max: 4 CPAK Min: -10, Max: 0 Min: -8, Max: 2 CSFP Min: -17, Max: -1 Min: -9, Max: -1 DSFP Min: -12, Max: -1 Min: -8, Max: 4 XFP Min: -10, Max: 0 Min: -8, Max: 2 X2 Min: -10, Max: 0 Min: -8, Max: 2 OSFP Min: -10, Max: 0 Min: -8, Max: 2 Alarm Notifications If you can't access the AmpCon-Campus UI to view alarms but need immediate alerts when issues arise, use the alarm notification feature to receive real-time email notifications. In this way, you can promptly find problems and prevent incident escalation. Configuring an SMTP Server Simple Mail Transfer Protocol (SMTP) servers are specialized applications responsible for sending, relaying, and routing email messages between senders and recipients over the internet or a network. To receive alarm notifications through emails, you need to configure an SMTP server first. Supported Information AmpCon-Campus supports mainstream email service providers like Outlook and Gmail. AmpCon-Campus supports using email encryption transmission or not (SSL, TLS, or none). Adding an SMTP Server To add an SMTP server, follow these steps: NOTE When you add an SMTP server, ensure to send a test email and check whether the email can be received by the receiver. Click System > Email Setting in the AmpCon-Campus UI. On the “Email Setting” page, input the following information: SMTP Server Address: The hostname or IP address of the SMTP Server. SMTP Server Port: The TCP port number to connect to the SMTP Server. Secure Connection: The encryption method for secure email transmission, including SSL, TSL, or None. None means that the emails sent to this SMTP server are not encrypted. Sender Email: The email address to send a test email. Use Authentication: Select Enabled or Disabled. The default value is Disabled. Enabled: The SMTP server requires authentication for logged-in users. If you selected Enabled, specify the following parameters: Username: The name of the user to log in to the SMTP server. Password: The password of the SMTP server user. Disabled: The SMTP server doesn’t require authentication for logged-in users. NOTEs If you selected SSL or TSL in the Secure Connection section, you must select Enabled. If you selected None in the Secure Connection section, you must select Disabled. Click Send Test Email. In the Test Email Address field of the pop-up window, enter the email address of the receiver. image.png Click Send. Ensure that the test email can be received by the receiver. Click Apply to complete the SMTP server configuration. Optional: Editing an SMTP Server To edit an SMTP server, modify the configurations on the “Email Setting” page as needed, and then click Apply. NOTE Do not forget to send a test email and check whether the email can be received by the receiver. Optional: Resetting an SMTP Server To reset SMTP server configurations, click Reset on the “Email Setting” page. NOTE After you reset SMTP server configurations, configure a new SMTP server. Or else, AmpCon-Campus will still use the previous SMTP server configurations. Configuring Alarm Notification Rules After you configure an SMTP server, configure alarm notification rules. In alarm notification rules, specify the alarm types, alarm levels, and fabrics to be monitored. You are informed of these specified alarms when they are triggered. Adding Alarm Notification Rules To add an alarm notification rule, follow these steps: NOTE: At most 100 alarm notification rules can be added. Click Monitor > Alarm > Alarm Notification Rules in the AmpCon-Campus UI. On the “Alarm Notification Rules” page, click + Rule. In the pop-up window, input the following information: image.png Rule Name: The name of the rule. The rule name needs to be unique. Site: The sites to be monitored. You can select one or multiple sites. Email: The email addresses of the receivers to be notified. You can enter one or multiple email addresses, which need to be separated by commas (,). Silent Period (Minutes): The period (in minutes) during which the same alarm notification is not sent repeatedly. To prevent email bombing, set the silent period to at least 30 minutes. If you set the silent period to a value less than 30, the silent period is changed to 30 automatically. Email Notification: Whether to enable email notifications. Enabled: Alarm notifications will be sent to the receiver email address and will be displayed on the “Historical Alarm Email Logs” page. Disabled: Alarm notifications will not be sent to the receiver email address and will not be displayed on the “Historical Alarm Email Logs” page. NOTEs If you selected Enabled to enable email notifications, only the selected levels and types of alarms can be sent to the receiver email address and displayed on the “Historical Alarm Email Logs” page. For how to select alarm levels and alarm types, see step 4 and step 5. All triggered alarms can be displayed on the “Alarms” page no matter you enabled email notifications or not. In the Alert Level section, select the levels of alarms to be monitored in the left cell, including Warning, Error, and Info. Then, click >. To disable the monitoring of specific alarm levels, select the alarm levels in the right cell, and then click <. In the Alert Type section, select the types of alarms to be monitored in the left cell, and then click >. To disable the monitoring of specific alarm types, select the alarm types in the right cell, and then click <. For supported alarm types and alarm levels, see Alarm Types and Levels. Click Add. Viewing Alarm Notification Rules On the “Alarm Notification Rules” page, you can see the following information: image.png Table 1. Alarm Notification Rule Metrics Metric Description Rule Name The name of the rule. Alarm Scope (Site) The site to be monitored. Alarm Level The levels of alarms to be monitored, including Warning, Error, and Info. Alarm Type The types of alarms to be monitored. Silent Period (Minutes) The period (in minutes) during which the same alarm notification is not sent repeatedly. Status Whether alarm notifications can be sent to the receiver’s email address. Create User The AmpCon-Campus user who created the alarm notification rule. Optional: Editing Alarm Notification Rules To edit an alarm notification rule, follow these steps: Locate the rule on the “Alarm Notification Rules” page, and then click Edit. In the pop-up window, modify the rule as needed. Click Save. Optional: Deleting Alarm Notification Rules To delete an alarm notification rule, locate the rule on the “Alarm Notification Rules” page, and then click Delete. After you configure an SMTP server, configure alarm notification rules. In alarm notification rules, specify the alarm types, alarm levels, and fabrics to be monitored. You are informed of these specified alarms when they are triggered. Viewing Historical Alarm Notification Logs You can view all alarm notifications sent in the last 30 days for root cause analysis, fault prevention, or auditing. Checking Historical Alarm Notifications To check historical alarm notifications, follow these steps: Click Monitor > Alarm > Historical Alarm Email Logs in the AmpCon-Campus UI. On the “Historical Alarm Email Logs” page, you can see all the historical alarm notifications that are sent in the last 30 days. Open image-20250520-101252.png Table 1. Historical Alarm Email Log Metrics Metric Description Rule Name The name of the alarm notification rule Subject The alarm levels and alarm types Receivers The email addresses of the receivers to be notified Status Whether the email is sent to the receivers successfully Send Time The time when the alarm notification email is sent To view the email contents of a historical alarm notification, locate the alarm notification, and then click Details. image.png Deleting Historical Alarm Notifications To delete a historical alarm notification, locate the alarm notification, and click Delete. Managing Groups and Sites Groups and sites are used for different purposes in AmpCon-Campus: Managing Groups You can create a group and then add switches and users to the group so that these users can manage only the assigned switches in this group. You can also designate the operation permissions for a group so that the users and switches in the group can only perform the allowed operations. Adding a Group In the AmpCon-Campus UI, click Resource > Authority Management > Group Management. On the “Group Management” page, click Create. Enter the group name and description (optional), and select the allowed operation permissions in the Group Class section. License Audit: You can perform the license audit operation. License Actions: You can perform the license audit operation. Upgrading: You can perform the PicOS upgrading operation. Retrieve Config: You can perform the configuration backup operation. image.png Click OK. Editing a Group By editing a group, you can add switches to a group or remove switches from a group. In addition, you can modify the allowed operation permissions for the group. In the AmpCon-Campus UI, click Resource > Authority Management > Group Management. Select the group. Click Edit Group. Select the switches to add or remove. You can filter switches by entering keywords in the search box. image.png Select the allowed operation permissions including “License Audit”, “License Actions”, “Upgrading”, and “Retrieve Config”. Click Save. Adding Users to a Group In the AmpCon-Campus UI, click System > User management. Click Add User, and input the following information: User Name: The username. User Password: The password of the user. The password needs to be a combination of uppercase letters, lowercase letters, numbers, and special symbols. The character count needs to be greater than 10. Confirm Password: The password of the user. User Role: Select “SuperAdmin”, “Admin”, “Operator”, or “Readonly”. User Type: Select “Group”. Email: The email of the user. Select the group name from the Group Name drop-down list. image.png Click OK. Displaying Users Associated with a Group In the AmpCon-Campus UI, click Resource > Authority Management > Group Management. Click the group. image.png Click the User View tab to see the users belonging to this group. image.png NOTE If no users are listed here, it means that you haven’t added any users to the group. Add a new user to this group or add a currently existed user to this group by editing the user. For more information, see Managing User Access. Searching for Switches and Users To search for specific switches, enter keywords in the search box of the Switch View tab. image.png To search for specific users, enter keywords in the search box of the User View tab. image.png Deleting a Group In the AmpCon-Campus UI, click Resource > Authority Management > Group Management. Click the group, and then click Delete. image.png Click Yes to confirm the deletion. Managing Sites When you import a switch or add a switch configuration, you need to select which site the switch belongs to. Then, after switches are managed by AmpCon-Campus, you can also add switches to a site or remove switches from a site as needed. Topologies are created based on each site automatically. You can view the topology associated with switches in a site to check the linking of switches in the site. Adding a Site In the AmpCon-Campus UI, click Resource > Authority Management > Group Management. On the “Site Management” page, click Create. image.png Enter the site name and the site description (optional). Click OK. Adding Switches to a Site In the AmpCon-Campus UI, click Resource > Authority Management > Group Management. Click the site name, and then click Edit Site. image.png Select the switches to be added. You can filter switches by entering keywords in the search box. image.png Click Save. Removing Switches from a Site In the AmpCon-Campus UI, click Resource > Authority Management > Group Management. Click the site name. Click Edit Site. Unselect the switches to be removed. You can filter switches by entering keywords in the search box. image.png Click Save. Searching for Switches in a Site In the AmpCon-Campus UI, click Resource > Authority Management > Group Management. Click the site name. image.png Enter keywords in the search box. Displaying the Topology Associated with a Site In the AmpCon-Campus UI, click Topo > Topology. Click the corresponding site name. Then, you can see the topology graph of switches that belong to this site. For more information, see Topology. image.png Deleting a Site In the AmpCon-Campus UI, click Resource > Authority Management > Group Management. On the “Site Management” page, click Delete. image.png Click Yes to confirm the deletion. Managing Licenses To deploy and manage switches with AmpCon-Campus, both AmpCon-Campus licenses and PicOS licenses are needed: To deploy and manage a switch with AmpCon-Campus, the Hardware ID of the switch needs to be added to an AmpCon-Campus license and the AmpCon-Campus license needs to be imported to AmpCon-Campus. During the switch deployment process, AmpCon-Campus installs a PicOS license on the switch by getting the license information from the License Portal that you specified in the system configuration. To manage AmpCon-Campus licenses or PicOS licenses, see the following child topics: Managing AmpCon-Campus Licenses You can view all imported AmpCon-Campus licenses, import a new or updated AmpCon-Campus license to manage more switches, or invalidate the AmpCon-Campus license on a switch to release the license. In addition, you can check the operation logs and alarms related to AmpCon-Campus licenses. Managing PicOS Licenses You can verify whether PicOS licenses are valid or not by using the License Audit feature. Or you can verify whether PicOS licenses are valid and extend expired PicOS licenses by using the License Action feature. If the AmpCon-Campus server can’t access the License Portal that you specified in the system configuration, you can add local PicOS licenses to AmpCon-Campus so that AmpCon-Campus can install PicOS licenses on corresponding switches. Managing AmpCon-Campus Licenses You can view all imported AmpCon-Campus licenses, import a new or updated AmpCon-Campus license to manage more switches, or invalidate the AmpCon-Campus license on a switch to release the license. In addition, you can check the operation logs and alarms related to AmpCon-Campus licenses. Viewing AmpCon-Campus licenses In the AmpCon-Campus UI, click System > Software License > License View. You can see the AmpCon-Campus licenses that are imported to AmpCon-Campus. In addition, you can see the status and usage information of these AmpCon-Campus licenses. For more information, see Viewing AmpCon-Campus Licenses. image.png image.png Importing an AmpCon-Campus License To manage new switches with AmpCon-Campus, you need to add the Hardware IDs of these new switches to an AmpCon-Campus license by updating an existing AmpCon-Campus license or creating a new AmpCon-Campus license as described in Creating an AmpCon-Campus License and Editing an AmpCon-Campus License. Then, you need to import the updated or new license to AmpCon-Campus. For how to import an AmpCon-Campus license, see Importing a License. image.png Invalidating the AmpCon-Campus License on a Switch If you don’t need to deploy and manage a switch with AmpCon-Campus, you can invalidate the AmpCon-Campus license on the switch. For how to invalidate an AmpCon-Campus license, see Invalidating a License. image.png Checking License Logs and Alarms In the AmpCon-Campus UI, click System > Software License > License Log. You can check the operation logs and alarms that are related to AmpCon-Campus licenses. For more information, see Checking License Logs and Alarms. image.png Refreshing AmpCon-Campus Licenses To get the latest license information, click System > Software License > License management. On the “License Management” page, click Refresh. image.png Searching for AmpCon-Campus Licenses To search for specific licenses on the “License Management” page, enter keywords in the search box. Except for the Operation column, other columns support both ascending and descending sorting. image.png Viewing AmpCon-Campus Licenses In the AmpCon-Campus UI, click System > Software License > License View. You can see the AmpCon-Campus licenses that are imported to AmpCon-Campus. In addition, you can see the status and usage information of these AmpCon-Campus licenses. License Status In the License File Status section, you can see the numbers of “all“, “invalid“, and “expired“ AmpCon-Campus licenses. All Indicates all licenses Invalid Indicates that the license is invalid Expired Indicates that the license has expired image.png License Usage In the License Usage section, you can see the numbers of normal, abnormal, and expired AmpCon-Campus licenses. Abnormal licenses include both invalid licenses and expired licenses. image.png License Details In the License Information section, you can view the following columns. All columns support ascending and descending sorting. License ID: The ID of the AmpCon-Campus license Hardware ID: The ID of the switch hardware Model Name: The name of the switch model License Type: Includes standard license (formal License) and trial license (temporary License) License File Status: The status of the AmpCon-Campus license for the switch Valid Date: The date from when the switch can be managed by AmpCon-Campus Expiration Date: The date until when the switch can be managed by AmpCon-Campus You can filter licenses with the license status file keywords. In the License Information table, click the License File Status column, and select a status to view relevant licenses. image.png Fuzzy Search for License Information In the search box of the License Information table, enter keywords to search for specific licenses. image.png Importing a License To manage new switches with AmpCon-Campus, you need to add the Hardware IDs of these new switches to an AmpCon-Campus license by updating an existing AmpCon-Campus license or creating a new AmpCon-Campus license as described in Creating an AmpCon-Campus License and Editing an AmpCon-Campus License. Then, you need to import the updated or new license to AmpCon-Campus. Procedure To import an AmpCon-Campus license, follow these steps: Get the updated or new license from the License Portal. Log in to the License Portal, and then click AmpCon Licenses. Click Copy to copy the license string or click Download to download the .lic license file. image.png In the AmpCon-Campus UI, click System > Software License > License Management. On the “License Management” page, click Import. Select either of the following ways to import licenses: Select Copy License.txt, and paste the license strings that you copied in step 1.b to the License Key box. image.png Select Copy License.lic, and then upload the .lic license file that you downloaded in step 1.b in the License Key selection box. image.png Click Apply. After you import the new license, the All Licenses table is refreshed. Invalidating a License If you don’t need to deploy and manage a switch with AmpCon-Campus, you can invalidate the AmpCon-Campus license on the switch to release this license. NOTEs The Hardware ID of a switch might exist in multiple AmpCon-Campus licenses. Ensure that you invalidate all AmpCon-Campus licenses on the switch. After you invalidate all AmpCon-Campus licenses on a switch, the switch can’t be deployed and managed with AmpCon-Campus. The switch that has been deployed will be removed from the switch list on the “Switch” page. You can perform three invalidation operations at most. Procedure In the AmpCon-Campus UI, click System > Software License > License Management. Click the license file, and click the Hardware ID to be invalidated. Then, click Invalid License. image.png In the pop-up window, click Yes. You can see the invalid code is displayed in a pop-up window. The status of the license is changed to Invalid, and show invalid code in the Operation column is shown as clickable instead of grayed out. If the license status is not displayed as Invalid, click Refresh to update the license status. image.png Click Show Invalid Code to copy the invalid code. Release the invalidated license in the License Portal. Log in to the License Portal, and then click AmpCon Licenses > Verify Revoke Code. In the Software Type drop-down list, select AmpCon-Campus. Use either of the following ways: - In the Addition Method section, select Form Input. In the Revoke Code field, paste the invalid code that you copied in step 4. image.png - In the Addition Method section, select File Upload. Click Blank template to download a template file. Open the template file, and enter the invalid code in the .xlsx template file. Then, upload the file. image.png Click Save. Checking License Logs and Alarms In the AmpCon-Campus UI, click System > Software License > License Log. You can check the operation logs and alarms that are related to AmpCon-Campus licenses. Viewing License Operation Logs On the “License Log” page, you can view license-related operation records (such as license import operations and license invalidation operations), the time of each operation, and the status of each operation. image.png Exporting License Operation Logs To export license logs as a .csv file, select one or more entries, and then click Export in the License Log section. image.png Searching for License Operation Logs To perform a fuzzy search for logs, enter keywords in the search box of the License Log section. image.png Checking License Alarms To check license alarm information, check the License Alarm section. image.png Tips During the grace period of a trial AmpCon-Campus license, the AmpCon-Campus login interface displays "License is expired, you have a 14-day grace period". If a formal AmpCon-Campus license expires, you can see the license status is expired in the License Alarm section of the AmpCon-Campus UI. Exporting License Alarms To export alarms as a .csv file, select one or more alarm entries, and then click Export in the License Alarm section. image.png Searching for License Alarms To perform a fuzzy search for alarms, enter keywords in the search box of the License Alarm section. image.png Managing PicOS Licenses You can verify whether PicOS licenses are valid or not by using the License Audit feature. Or you can verify whether PicOS licenses are valid and extend expired PicOS licenses by using the License Action feature. If the AmpCon-Campus server can’t access the License Portal, you can add local PicOS licenses to AmpCon-Campus so that AmpCon-Campus can install PicOS licenses on corresponding switches. Verifying License Validity By using the License Audit feature, you can verify whether PicOS licenses are valid or not. Verifying the PicOS License for a Switch To check the PicOS license validity for a switch, follow these steps: In the AmpCon-Campus UI, click Resource > Authority Management > Device License Management. In the License Audit tab, locate a PicOS license, and then click License Audit. image.png Click Yes. Check the License Status and License Expiry columns. License expiry means the expiration date of the PicOS license. License status means the current status of the PicOS license. You might see the following license status: Expired: The PicOS license is expired. Active: The PicOS license is valid. Unknown: The PicOS license is not related to the switch. No License: The switch has no PicOS license assigned. Click Log to view the license audit logs. image.png Verifying PicOS Licenses for a Group of Switches To check the PicOS license validity for a group of switches, follow these steps: In the AmpCon-Campus UI, click Resource > Authority Management > Device License Management. In the License Audit tab, select a group name from the Group Name drop-down list, and then click License Audit. image.png Check the License Status and License Expiry columns. License expiry means the expiration date of the PicOS license. License status means the current status of the PicOS license. Optional: Select the newly generated report from the drop-down list, and then click View Report. NOTE The View Report button is applicable to only License Action operations based on groups. image.png Verifying License Validity and Extending Expired Licenses By using the License Action feature, you can verify whether PicOS licenses are valid and extend expired PicOS licenses if these PicOS licenses are extended in the License Portal. Verifying and Extending the PicOS License for a Switch In the AmpCon-Campus UI, click Resource > Authority Management > Device License Management. Click the License Action tab. Locate a license, and then click License Action. image.png Click Yes. Check the License Status and License Expiry columns. License expiry means the expiration date of the PicOS license. License status means the current status of the PicOS license. Optional: Click Log to view the License Action logging information. Verifying and Extending PicOS Licenses for a Group of Switches In the AmpCon-Campus UI, click Resource > Authority Management > Device License Management. Click the License Action tab. Select a group name from the Group Name drop-down list, and then click License Action. image.png Check the License Status and License Expiry columns. License expiry means the expiration date of the PicOS license. License status means the current status of the PicOS license. Optional: Select the newly generated report from the drop-down list, and then click View Report. NOTE The View Report button is applicable to only License Action operations based on groups. Adding Local PicOS Licenses By default, when you deploy a switch with AmpCon™-DC, AmpCon-Campus installs the PicOS license based on License Portal URL, username, and password information in the system configuration. But if the AmpCon-Campus server can’t access the License Portal that you specified in the system configuration, for example in an air-gapped environment, you need to add local PicOS licenses to AmpCon-Campus so that AmpCon-Campus can install PicOS licenses on corresponding switches. NOTEs Only after you add a switch configuration for the switch with the local PicOS license, the local PicOS license can be added to AmpCon-Campus. When AmpCon-Campus can access the License Portal to get the PicOS license for the switch and a local PicOS license is added for the switch, AmpCon-Campus will install the added local PicOS license. To add a local PicOS license, follow these steps: Click Resource > Auth Management > Device License Management. Click the Local License tab, and then click Add License. image.png In the SN field, enter the SN of the switch with the uploaded PicOS license. In the License field, enter the local PicOS license key. image.png Click Save. Running Ansible Playbooks for Automation Ansible is an open-source tool to automate configuration management, application deployment, and task automation. Ansible uses the simple, declarative language written in YAML, which is called playbook, to automate your tasks. You declare the desired state of a local or remote system in your playbook. Ansible ensures that the system remains in that state. For more information about Ansible, see Getting started with Ansible. AmpCon-Campus offers the picos_config Ansible module to interact with managed devices, making it easy to automate tasks such as configuring interfaces, VLANs, and managing security settings. The picos_config module is included in the AmpCon-Campus server. By using AmpCon-Campus, you can write, run, and schedule Ansible playbooks on managed switches and added Linux servers, reducing manual work, eliminating configuration errors, and improving network management efficiency. Use Cases and Benefits Ansible helps you automate virtually any task. Check the common use cases of Ansible: Eliminate repetition and simplify workflows Manage and maintain system configurations Continuously deploy complex software Perform zero-downtime rolling updates Ansible provides open-source automation that reduces complexity and runs everywhere. Check the benefits of Ansible: Agentless architecture Ansible operates in an agentless manner, meaning you don’t need to install anything on the devices being managed. Simplicity Automation playbooks use straightforward YAML syntax for code that reads like documentation. Ansible is also decentralized, using SSH with existing OS credentials to access remote machines. Scalability and flexibility You can easily and quickly scale the systems to be automated through a modular design that supports a large range of operating systems, cloud platforms, and network devices. Idempotence and predictability When the system is in the state that your playbook describes, Ansible does not change anything, even if the playbook runs multiple times. Best Practices Test in a lab: Always test your automation scripts in a lab or on non-production devices to ensure they work as expected. Idempotency: Ansible playbooks should be written to be idempotent, meaning running the playbook multiple times won’t cause unintended changes. Backups: Before applying any configuration, ensure that you have backups of the current configurations. For more information, see Backing up and Restoring Configurations. Prerequisites Ensure that each switch to run Ansible playbooks has been managed by AmpCon-Campus. You have added system configurations in the AmpCon-Campus UI. For more information, see Adding System Configurations. NOTE Ensure that the Device Default Login User and Device Default Password on the “System Configuration” page can be used to log in to these switches. You have imported or deployed these switches so that they are managed by AmpCon-Campus. For more information, see Deploying or Importing Switches. These switches are connected to the AmpCon-Campus server. Check the connectivity by clicking Service > Switch from the navigation bar and then checking the Mgmt IP column. ✓: The switch is up and connected to the AmpCon-Campus server. x: The switch is down or not connected to the AmpCon-Campus server. Quick Start To quickly get started with the Ansible automation feature, see Getting Started: Running Ansible Playbooks. Playbook Examples Before you run Ansible playbooks on managed switches, write playbooks based on the configuration examples. For more information, see Examples for Ansible Playbooks. Adding Other Devices In addition to running Ansible playbooks on managed switches, you can add third-party Linux server devices and then run Ansible playbooks on these added devices. This feature supports only Linux servers currently. Adding a Linux Server Click Maintain > Automation > Other Device in the AmpCon-Campus UI. Click + Device. Enter the following information: Name: The name of the Linux server IP: The IP address of of the Linux server Type: Select Password or Pkey User: The name of the user to log in to the Linux server Password: The password of the user to log in to the Linux server Pkey: The public key to log in to the Linux server SudoPassword: The password of the administrator user used by AmpCon-DC to install a monitoring tool for device monitoring. This field can be seen only if you selected Pkey in the Type drop-down list. image.png Click OK. Deleting a Linux Server Click Maintain > Automation > Other Device in the AmpCon-Campus UI. Locate a Linux server, and then click Delete. image.png Click Yes to confirm the deletion. Testing Device Connectivity To check whether the added Linux servers can connect with AmpCon-Campus or not, click Ping. Then, you can see the connectivity status in the Status column. image.png Running Playbooks on Linux Servers To run an Ansible playbook on Linux servers that you added, follow the steps: Write a playbook based on playbook syntax described in Using Ansible playbooks. Add the playbook to AmpCon-Campus by writing or importing the playbook in the AmpCon-Campus UI, and then run the playbook. For more information, see Running Playbooks. Check the playbook execution result in the AmpCon-Campus UI. For more information, see Managing Ansible Jobs. Running Playbooks On the “Playbooks” page, you can see the list of playbooks that are created. You can add or import a playbook, check syntax for a playbook, or run a playbook as needed. In addition, AmpCon-Campus provides multiple playbook management functions including copying playbooks, using pre-built playbooks, editing, deleting, copying, or exporting playbooks, and adding tags to playbooks. Writing a Playbook on AmpCon-Campus Click Maintain > Automation > Playbooks in the AmpCon-Campus UI. On the “Playbooks” page, click Playbook. Enter the playbook name and description (optional). Click playbook.yml, and add contents to the .yml file. image.png Optional: Click Add File or Add Folder to add files or folders to the playbook. For example, to load configurations from a configuration file to the playbook, click Add File to add a .conf file. For more information, see Loading Configurations in a Configuration File. image.png Click Save All. Importing a Playbook Click Maintain > Automation > Playbooks in the AmpCon-Campus UI. On the “Playbooks” page, click Import. Enter the playbook name and description (optional), and upload the playbook .zip file. NOTE The playbook .zip file needs to contain a playbook .yml file and a configuration .conf file (optional). image.png Click Import. Running a Playbook Click Maintain > Automation > Playbooks in the AmpCon-Campus UI. On the “Playbooks” page, locate a playbook, and then click Run. Select the playbook.yml file, and then click Next. Open 239.png Select target switches to run the playbook by using the following ways: NOTE If you select switches, groups, and other devices in the Choose Switches, Choose Groups, and Choose Other Devices tabs, the playbook will be run on all selected targets. Choose switches In the Choose Switches tab, select one or multiple switches. Choose groups In the Choose Groups tab, select one or multiple groups. Choose other devices In the Choose Other Devices tab, select one or multiple devices that you added in Adding Other Devices. Click Next. If variables are specified in the playbook, enter variable values in JSON format, and then click Next. image.png Select the schedule type to run the playbook. Run Now: Executes the task immediately upon creation One Time: Executes the task within the selected time range after creation Scheduled: Executes the task periodically after creation image.png Click Run Playbook. Optional: Checking Syntax for a Playbook On the “Playbooks” page, locate a playbook, and then click Check. A message pops up with the checking result. image.png Optional: Using Pre-built Playbooks AmpCon-Campus provides multiple pre-built playbooks, which are hidden by default. NOTE Pre-built playbooks can’t be run directly. You need to click Save As to copy a pre-built playbook as a new playbook and then run the new playbook. You can’t edit or remove pre-built playbooks. And you can’t add tags or check syntax for pre-built playbooks. To show the pre-built playbooks, click the Show Pre-built Playbooks toggle on the “Playbooks” page. image.png To view a pre-built playbook, locate the playbook, and then click View. image.png To refresh the pre-built playbook list, click Update Pre-built Playbooks. image.png To export a pre-built playbook, locate the playbook, and then click Export. Optional: Editing a Playbook On the “Playbooks” page, locate a playbook, and then click Edit. Modify the playbook contents as needed. You can also add or remove folders and files. Then, click Save All. image.png Optional: Deleting a Playbook On the “Playbooks” page, locate a playbook, and then click Remove. Then, click Yes to confirm the deletion. image.png Optional: Copying a Playbook On the “Playbooks” page, locate a playbook, and then click Save As. The new playbook has a default name, which you can modify as needed. Then, click Save. image.png Optional: Exporting a Playbook On the “Playbooks” page, locate a playbook, and then click Export. image.png Optional: Adding or removing Tags to a Playbook On the “Playbooks” page, locate a playbook, and then click Tag Management. Enter the tag name in the Tag Name field, and then click Add. You can remove a tag by clicking the removal icon. image.png Managing Ansible Jobs An Ansible job is a single execution of an Ansible playbook. On the “Ansible Jobs List” page, you can view the list of Ansible jobs and the list of switches with Ansible jobs. You can also check the execution results and output of these jobs. Job View Viewing Ansible Jobs Click Maintain > Automation > Ansible Jobs List in the AmpCon-Campus UI. In the Job View tab, you can see the list of playbook execution jobs. image.png The Schedule Type column including the following types: DIRECT Playbooks are executed with "Run Now". ONCE Playbooks are executed with "One Time". SCHEDULED Playbooks are executed with "Scheduled". The Status column includes the following status: IDLE The playbook has not been executed. For example, after a playbook is created and before it’s executed, the status is IDLE. NOTE For playbooks with the schedule type of "SCHEDULED", the status is changed to IDLE after the playbook execution is completed. RUNNING The playbook is currently running. EXECUTED The playbook execution has been completed. Checking Ansible Job Results and Output In the Job View tab, locate a job, and then click Task Results. You can see the playbook execution result in the Result Table tab . image.png To view detailed result information, click Show Result. To view the output of the playbook execution, click the Result Output tab. image.png Removing an Ansible Job In the Job View tab, locate a job, and then click Remove. Click Yes to confirm the deletion. Switch View Viewing Switches with Ansible Jobs In the Switch View tab, you can see the list of switches that have playbook execution jobs. image.png Checking Ansible Job Results and Output In the Switch View tab, locate a switch, and then click Task Results. image.png To view detailed result information, click Show Result. To view the output of the playbook execution, click the Result Output tab. Viewing Playbook Scheduling On the “Schedule” page, you can view executed playbooks based on months, weeks, or days. You can also view executed playbooks in the list format. Procedure Click Maintain > Automation > Schedule in the AmpCon-Campus UI. View executed playbooks by using the following ways: To view executed playbooks each month, click MONTH. Click < to view playbooks executed in the previous month. Click > to view playbooks executed in the next month. image.png To view executed playbooks each week, click WEEK. Click < to view playbooks executed in the previous week. Click > to view playbooks executed in the next week. image.png To view executed playbooks each day, click DAY. Click < to view playbooks executed on the previous day. Click > to view playbooks executed on the next day. Click Today to view playbooks executed today. image.png To view executed playbooks in the list format, click LIST. Click < to view playbooks executed on the previous day. Click > to view playbooks executed on the next day. Click Today to view playbooks executed today. image.png Optional: Click a playbook, and then you can see the playbook execution result and output. In the Result Table tab, you can see the playbook execution result. To view detailed result information, click Show Result. image.png In the Result Output tab, you can see the playbook execution output. image.png Troubleshooting If a playbook fails to be run on switches or Linux servers, refer to the following reasons and solutions: Playbook Syntax Issues If the playbook syntax is wrong, the playbook can’t be run on specified devices. Symptom When you check the playbook execution result in the AmpCon-Campus UI, you can see the error log as follows: image.png Solutions For playbooks run on switches, check as follows: Check whether you follow the syntax as described in Examples for Ansible Playbooks. Check whether the commands included in each playbook are correct. When you run a playbook with variables designated, check whether you have set the variable values in JSON format as described in Step 6 of Running a Playbook. When you run a playbook with a configuration file (.conf) specified, check whether you have clicked Add File to add the configuration file. For playbooks run on added Linux servers, check whether you follow the playbook syntax as described in Using Ansible playbooks. Connection Issues If the AmpCon-Campus server fails to access the switches or added Linux servers, the playbook can’t be run on these devices. Symptom When checking the playbook execution result in the AmpCon-Campus UI, you can see the error log as follows: image.png Solutions Test the connectivity between the problematic switches (or Linux servers) and the AmpCon-Campus server by running the following Ansible playbook: --- - name: Test connectivity hosts: all tasks: - name: Ping ping: You can write and run the playbook in the AmpCon-Campus UI. Follow these steps: Write a playbook. image.png Run the playbook on problematic switches or Linux servers. image.png Check the playbook execution result in the AmpCon-Campus UI to see whether the AmpCon-Campus server can access the problematic switches or Linux servers. If the AmpCon-Campus server can access the problematic switches or Linux servers, the result is as follows: image.png If the AmpCon-Campus server can’t access the problematic switches or Linux servers, the result is as follows: image.png In this case, check whether the prerequisites for running playbooks are met. Accessing Devices through SSH Sessions You can access a device (a switch or terminal) from the AmpCon-Campus UI by creating an SSH session. NOTE AmpCon-Campus 2.2.0 supports accessing devices only through the password authentication. AmpCon-Campus 2.2.1 improves device access flexibility and security by supporting two types of authentication: password and SSH keys. Benefits You can choose either authentication type to access a device. The following benefits are provided: Flexibility Password authentication is suitable for environments with lower security and higher usability demands, while SSH key authentication provides stronger security for high security scenarios. Choose the authentication type that best fits your needs for flexible device access. Security During password authentication, a password is transmitted over the network, which might expose passwords to interception. In contrast, the private key in SSH keys is securely stored and never transmitted over the network, eliminating theft risk and enhancing session security. Procedure Click Maintain > CLI Configuration from the navigation bar, and then you can use either password or SSH key authentication to access a device. Password Authentication To access a device by using password authentication, follow these steps: In the Select Authentication radio box, select Password. Input the following information: Table 1. Password Parameters Parameter Description Host The IP address of the device. User Name The username to log in to the device. NOTE The value is a string with at most 32 characters. The following characters are supported: Lowercase letters including a to z. Uppercase letters including A to Z. Digits including 0 to 9. Special characters including "_", "-", and ".". Usernames cannot start with a special character ("_", "-", and "."). Password The password of the user. Port The port to establish the session. Session Select SSH. New Tab Toggle on or off to open the SSH session in a new browser tab or not. Click Submit. SSH Key Authentication SSH keys consist of a public key and a private key. When you log in to the AmpCon-Campus UI and access a device through SSH keys, the session between the AmpCon-Campus server and the device to be accessed is verified through the private key entered in the AmpCon-Campus UI and the public key stored on the device side. To access a device by using SSH key authentication, follow these steps: Prerequisites On a server (for example, 10.56.xx.xx), run the ssh-keygen command to generate the SSH keys (including a public key and a private key). Put the generated public key in the ~/.ssh/authorized_keys file of the device to be accessed. You are recommended to use the scp command. For example, run the following command on the device side. sudo scp pica8@10.56.xx.xx:/tmp/id_rsa.pub /home/key_user/.ssh/authorized_keys Then, the public key will be copied from the server 10.56.x.x to the device. In the Select Authentication radio box, select SSH Key. Input the following information: image.png Table 2. SSH Key Parameters Parameter Description Host The IP address of the device. User Name The username to log in to the device. NOTE The value is a string with at most 32 characters. The following characters are supported: Lowercase letters including a to z. Uppercase letters including A to Z. Digits including 0 to 9. Special characters including "_", "-", and ".". Usernames cannot start with a special character ("_", "-", and "."). Key The private key generated by using the ssh-keygen command. Click Upload, find the file where the private key is saved, and upload it. Passphrase Optional. The password used to protect the SSH keys. You can choose whether to specify a passphrase when generating the SSH keys. If you do not specify a passphrase when generating SSH keys, you must leave this field blank. Port The port to establish the session. Session Select SSH. New Tab Toggle on or off to open the SSH session in a new browser tab or not. Click Submit. References When you configure switches, you can refer to the following examples: Example for Global Configurations See the following example for global configurations, including PoE, IP routing, VLAN, and inband configurations: NOTE These configurations are just used for illustration. Ensure that the CLIs you use are compatible with the version of PicOS being used. set poe interface all enable true set ip routing enable true set vlans vlan-id 20 l3-interface vlan20 set l3-interface vlan-interface vlan20 address 192.168.20.10 prefix-length 24 set interface gigabit-ethernet te-1/1/1 family ethernet-switching native-vlan-id 20 set system inband enable true set protocols lldp enable true set system services ssh idle-timeout 60 set protocols spanning-tree enable true set protocols spanning-tree force-version 4 Example for Security Configurations See the following example for security configurations: NOTE These configurations are just used for illustration. Ensure that the CLIs you use are compatible with the version of PicOS being used. See the following example for security configurations: NOTE These configurations are just used for illustration. Ensure that the CLIs you use are compatible with the version of PicOS being used. # TACACS+ configurations set system aaa tacacs-plus disable false set system aaa tacacs-plus key 12345678 set system aaa tacacs-plus server-ip 10.10.51.42 set system login user test authentication plain-text-password xxxxxx set system login user test class super-user # SNMP ACL configurations set system snmp-acl network 192.168.1.0/24 set system snmp-acl network 10.8.0.0/24 # NAC configurations # Provide the RADIUS server connection information set protocols dot1x aaa radius authentication server-ip shared-key "" # Configure the access profile set protocols dot1x aaa radius nas-ip # Configure a RADIUS dynamic authorization client from which the switch accepts the Change of Authorization (CoA) messages set protocols dot1x aaa radius dynamic-author client shared-key "" # Configure Server Priority set protocols dot1x aaa radius authentication server-ip priority [1|2] set protocols dot1x server-fail-vlan-id Example for Configuration Template See the following example for the configuration template of the switch N3248PXE-ON, which includes the host name, Out of Band Management IP, and gateway: NOTE The template is just used for illustration. Ensure that the CLIs you use are compatible with the version of PicOS being used. name: N3248PXE-ON-Nov20 description: N3248PXE-ON-Nov20 platform: N3248PXE-ON content_start: {#::::: For input Variable::::#} set system hostname {{ Hostname }} {% if Hostname %} set protocols static route 0.0.0.0/0 next-hop {{ Default_gateway }} {% endif %} {#::::: Basic PoE config::::#} set poe interface all enable true {#::::: Basic VLAN config::::#} set vlans vlan-id {{Data_VLAN_id}} vlan-name "DataVlan1" set vlans vlan-id {{Data_VLAN_id}} l3-interface Vlan{{Data_VLAN_id}} set l3-interface vlan-interface Vlan{{Data_VLAN_id}} address {{Data_VLAN_IP_Address_Mask.split('/')[0]}} prefix-length {{Data_VLAN_IP_Address_Mask.split('/')[1]}} set vlans vlan-id {{Voice_VLAN_id}} {#:::::For ports 1/1/1 through 1/1/24:data vlan 100 voice 101 ::::#} {% for i in range(1,51) %} set interface gigabit-ethernet te-1/1/{{ i }} family ethernet-switching port-mode "trunk" {#::::: Inband port :::::#} set interface gigabit-ethernet te-1/1/{{ i }} family ethernet-switching native-vlan-id {{Data_VLAN_id}} set interface gigabit-ethernet te-1/1/{{ i }} voice-vlan vlan-id {{Voice_VLAN_id}} {% endfor %} {#::::: Outband port :::::#} set system management-ethernet eth0 ip-address IPv4 {{Management_IP_Address_Mask.split('/')[0]}}/{{Management_IP_Address_Mask.split('/')[1]}} set system management-ethernet eth0 ip-gateway IPv4 192.168.42.1 content_end$ param_start: { "Hostname": { "param_default": "P8-Access-BR-1-SW-1", "type": "text", "required": "not required", "description": "Configure the hostname", "param_check": "" }, "Management_IP_Address_Mask": { "param_default": "192.168.42.169/24", "type": "text", "required": "required", "description": "Configure management IP mask.e.g. 192.168.42.169/24", "param_check": "" }, "Default_gateway": { "param_default": "192.168.42.1", "type": "IPv4", "required": "required", "description": "Configure the default gateway e.g 192.168.42.1", "param_check": "" }, "Data_VLAN_id": { "param_default": "10", "type": "text", "required": "required", "description": "Configure Data VLAN id , e.g. 10", "param_check": "" }, "Data_VLAN_IP_Address_Mask": { "param_default": "192.168.43.169/24", "type": "text", "required": "required", "description": "Configure management IP mask.e.g. 192.168.43.169/24", "param_check": "" }, "Voice_VLAN_id": { "param_default": "800", "type": "text", "required": "required", "description": "Configure Voice VLAN id , e.g. 800", "param_check": "" } } param_end$ Example for Switch Configuration JSON File See the following example for the JSON file used to add multiple switch configurations: { "sn": ["TEST-SN-1", "TEST-SN-2"], "hardware_model": "as4610_54p", "location": "Beijing", "global_config_name": "2022-8-2-glob-as4610_54p-test", "site_template_name": ["test-template-1", "test-template-2"], "agent_config": {}, "vpn": true, "retrieve_config": true, "default_config_param": { "test-template-1": { "address": "1.1.1.1", "interface": "1", "prefix_length": "4", "vif": "1" }, "test-template-2": { "classifier": "4" } }, "unique_config_param": { "TEST-SN-2": { "test-template-1": { "address": "111.2.2.2" }, "test-template-2": { "classifier": "5" } } } } Examples for Ansible Playbooks Ansible modules are code or binaries that Ansible copies to and executes on each managed device to accomplish the action defined in each Ansible task. AmpCon-Campus offers the picos_config Ansible module to interact with managed switches. The picos_config module, included in the AmpCon-Campus server, makes it easy to automate tasks such as configuring interfaces, VLANs, and managing security settings. Before you run Ansible playbooks on managed switches, write playbooks based on the following configuration examples, which are supported by the picos_config Ansible module. NOTE This topic only shows playbook examples for managed switches with PicOS installed. To run Ansible playbooks on Linux servers that you added, write playbooks based on playbook syntax described in Using Ansible playbooks. For the flow of using Ansible playbooks on AmpCon-Campus, see Getting Started: Running Ansible Playbooks. For detailed steps of writing, importing, and running playbooks on AmpCon-Campus, see Running Playbooks. Syntax Examples Running Linux Shell Commands To run Linux shell commands in managed switches, use the shell mode. Playbook YAML Example: --- - name: Shows uptime info for all switches hosts: all tasks: - name: Shows uptime info for all switches picos_config: mode='shell' cmd='uptime' register: exec_result - name: Show execution result debug: var=exec_result.stdout_lines This playbook example runs the Linux shell command uptime under the Linux shell mode to show the current time, the time since the system and processes started, the number of logged-in users, and the average time of system load in the last 1 minute, 5 minutes, and 15 minutes. Replace the command in the cmd field with any other Linux shell command to meet your needs. After you run this playbook, check the playbook execution result in the AmpCon-Campus UI. For how to check playbook execution results, see Managing Ansible Jobs. image.png Showing Switch Configurations or Status To show configurations or status of managed switches, use the cli_show mode. Playbook YAML Example: --- - name: Show Version info of all switches hosts: all tasks: - name: Show version of switches picos_config: mode='cli_show' cmd='show version' register: exec_result - name: Show execution result debug: var=exec_result.stdout_lines This playbook example runs the PicOS command show version under the operation mode to show switch version information. Replace the command in the cmd field with any other Linux shell command to meet your needs. After you run this playbook, check the playbook execution result in the AmpCon-Campus UI. image.png Modifying Switch Configurations To modify configurations of managed switches, use the cli_config mode. Playbook YAML Example: --- - name: Enable Global Config hosts: all tasks: - name: Enable Global Config picos_config: mode: 'cli_config' cmd: > set ip routing enable true; set protocols lldp enable true; set system services ssh idle-timeout 60; set system inband enable true; set system timezone "America/Los_Angeles"; register: exec_result - name: Show execution result debug: var=exec_result.stdout_lines This playbook example runs the following PicOS commands under the configuration mode. Replace the commands in the cmd section with any other PicOS commands to meet your needs. After you run this playbook, check the playbook execution result in the AmpCon-Campus UI. image.png Loading Configurations in a Configuration File To load configurations from a configuration file into an Ansible playbook, use the config_load mode. Playbook YAML Example: --- - name: Deploy services hosts: all tasks: - name: Transfer the script copy: src=set_global.conf dest=/home/admin/setconfig1.conf force=yes mode=0777 - name: Activate the configuration picos_config: mode='config_load' cmd='/home/admin/setconfig1.conf' register: exec_result - name: Show execution result debug: var=exec_result.stdout_lines This playbook example contains a syntax to copy the commands in the set_global.conf file (the file you added in the AmpCon-Campus UI) to the local /home/admin/setconfig1.conf file on the switch side. When you run the playbook on one or multiple switches, the copied commands will be loaded and then executed on these switches. After you write the playbook.yml file, ensure to click Add File to add the set_global.conf file. image.png The set_global.conf file contains the following commands. Replace the commands with any other PicOS commands to meet your needs. set ip routing enable true set protocols lldp enable true set system services ssh idle-timeout 60 set system inband enable true set system timezone "America/Los_Angeles" After you run this playbook, check the playbook execution result in the AmpCon-Campus UI. image.png Using Variables in a Playbook To define variables in an Ansible playbook, use the variable syntax {{variable_name}}. Playbook YAML Example: --- - name: Set Dynamic VLAN hosts: all tasks: - name: Set Dynamic VLAN picos_config: mode='cli_config' cmd='set vlans vlan-id {{vlan_id}} vlan-name "{{vlan_id}}"' register: exec_result - name: Show execution result debug: var=exec_result.stdout_lines This playbook example runs the PicOS command set vlans vlan-id {{vlan_id}} vlan-name "{{vlan_id}}" to create a VLAN. In the command, vlan_id is a variable and must be included in a set of curly braces. When you run the playbook, ensure to set the variable value in JSON format as described in Step 6 of Running a Playbook. After you run this playbook, check the playbook execution result in the AmpCon-Campus UI. image.png Real-World Example: Automating VLAN Configurations As a network administrator, you might feel tedious and time-consuming to configure VLANs on multiple switches manually. By using Ansible playbooks on AmpCon-Campus, you can automate this process. Playbook YAML Example: --- - name: Set VLAN Network hosts: all tasks: - name: Set VLAN Network picos_config: mode: 'cli_config' cmd: > set vlans vlan-id 10 l3-interface vlan10; set vlans vlan-id 20 l3-interface vlan20; set vlans vlan-id 30 l3-interface vlan30; set interface gigabit-ethernet te-1/1/1 family ethernet-switching port-mode trunk; set interface gigabit-ethernet te-1/1/1 family ethernet-switching vlan members 10,20,30; set l3-interface vlan-interface vlan10 address 192.160.10.1 prefix-length 24; set l3-interface vlan-interface vlan20 address 192.160.20.1 prefix-length 24; set l3-interface vlan-interface vlan30 address 192.160.30.1 prefix-length 24; register: exec_result - name: Show execution result debug: var=exec_result.stdout_lines This playbook example runs multiple PicOS commands to achieve the following goals: Create vlan10, vlan20, and vlan30. Add a trunk LAG port (te-1/1/1) to vlan10, vlan20, and vlan30. Configure IPv4 addresses for L3 interfaces of vlan10, vlan20, and vlan30. After you run this playbook, check the playbook execution result in the AmpCon-Campus UI. image.png Related PicOS References Linux Shell Mode, Operation Mode, and Configuration Mode Routing and Switching Command Reference

AmpCon-Campus Compatible Hardware Matrix

09 set. 2025 - AmpCon-Campus Compatible Hardware Matrix AmpCon-Campus Management Platform is designed for PicOS® enterprise switches, offering automated Zero Touch Provisioning (ZTP), real-time telemetry monitoring, topology auto-discovery, and automated lifecycle management. Deployed as a software appliance on a virtual machine (VM) or Docker, AmpCon-Campus operates seamlessly in enterprise or cloud environments. With an intuitive web-based UI, AmpCon-Campus automates routine workflows, eliminating costly downtime and time-consuming manual tasks. By using AmpCon-Campus to manage switches, you can efficiently deploy, orchestrate, and manage High Performance Computing (HPC) and enterprise networks at scale. AmpCon-Campus supports FS, Edgecore, DELL, Delta, and HPE switches. Before you deploy, check the supported switches on AmpCon-Campus. Supported Switches for 2.2.x AmpCon-Campus 2.2.0 and 2.2.1 supports managing the following switches: NOTE You are recommended to install PicOS 4.6.0E or later. Or else, some features of AmpCon-Campus might not work. For switches with S3410 and S3270 switch models, the recommended PicOS version is 4.4.5.24 or later. FS Hardware Table 1. Supported FS Switches Category Model Port Configuration Switch ASIC CPU 1G Switch Portfolio S3410-24TS 24 x 1G/100M/10M copper, 4 x 10G/1G SFP+ Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410-24TS-P 24 x 1G/100M/10M copper PoE, 2 x 10G/1G SFP+ Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410-48TS 48 x 1G/100M/10M copper,4 x 10G/1G SFP+ Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410-48TS-P 48 x 1G/100M/10M copper PoE,4 x 10G/1G SFP+ Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410C-16TF 16 x 1G/100M/10M copper, 2 x 1G SFP Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410C-16TF-P 2 x 1G SFP,16 x 1G/10M/100M copper The first 8 copper ports support PoE. Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410C-16TMS-P 2 x 10G/1G SFP+, 2 x 5G/2.5G/1G copper PoE, 16 x 1G/100M/10M copper The first 6 x 1G/100M/10M copper ports support PoE. Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410C-8TMS-P 2 x 10G/1G SFP+,2 x 5G/2.5G/1G copper PoE, 8 x 1G/100M/10M copperThe first 6 x 1G copper ports support PoE. Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410L-24TF 24 x 1G/100M/10M copper, 4 x 1G SFP Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410L-24TF-P 24 x 1G/100M/10M copper PoE, 4 x 1G SFP Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410L-48TF 48 x 1G/100M/10M copper, 4 x 10G/1G SFP+ Hurricane2 ARM Cortex A9 1G Switch Portfolio S3270-10TM 10 x 1G/100M/10M copper, 2 x 2.5G/1G SFP Hurricane2 ARM Cortex A9 1G Switch Portfolio S3270-24TM 24 x 1G/100M/10M copper, 4 x 2.5G/1G SFP Hurricane2 ARM Cortex A9 1G Switch Portfolio S3270-48TM 48 x 1G/100M/10M copper, 4 x 2.5G/1G SFP Hurricane2 ARM Cortex A9 1G Switch Portfolio S3270-10TM-P 10 x 1G/100M/10M copper PoE, 2 x 2.5G/1G SFP Hurricane2 ARM Cortex A9 1G Switch Portfolio S3270-24TM-P 24 x 1G/100M/10M copper PoE, 4 x 2.5G/1G SFP Hurricane2 ARM Cortex A9 1G Switch Portfolio S5870-48T6S 48 x 1G-T, 6 x 10G Trident3-X2 Intel x86 1G Switch Portfolio S5870-48T6S-U 48 x 1G PoE, 6 x 10G Trident3-X2 Intel x86 1G Switch Portfolio S5870-48T6BC 48 x 1G, 4 x 25G,2 x 100G Trident3-X3 Intel x86 1G Switch Portfolio S5870-48T6BC-U 48 x 1G PoE, 4 x 25G, 2 x 100G Trident3-X3 Intel x86 1G Switch Portfolio S5870-48MX6BC-U 36 x 1/2.5G PoE, 12 x 1/2.5/5/10G PoE, 4 x 25G, 2 x 100G Trident3-X3 Intel x86 1G Switch Portfolio S5810-48TS-P 48 x 1G copper, 4 x 10G SFP+ Helix4 ARM Cortex A9 1G Switch Portfolio S5810-28TS 28 x 1G copper, 4 x 1G SFP, 4 x 10G SFP+ The last 4 x 1G copper ports and 4 x 1G SFP ports are combo ports. Helix4 ARM Cortex A9 1G Switch Portfolio S5810-28FS 8 x 1G copper, 28 x 1G SFP, 4 x 10G SFP+ The 8 x 1G copper ports and the first 8 x 1G SFP ports are combo ports. Helix4 ARM Cortex A9 1G Switch Portfolio S5810-48TS 48 x 1G copper,4 x 10G SFP+ Helix4 ARM Cortex A9 1G Switch Portfolio S5810-48FS 48 x 1G SFP,4 x 10G SFP+ Helix4 ARM Cortex A9 5G Switch Portfolio S5860-24MG-U 24 x 5G copper UPOE,4 x 25G SFP28 Hurricane3-MG ARM Cortex A9 5G Switch Portfolio S5860-48MG-U 48 x 5G copper UPOE, 4 x 25G SFP28, 2 x 40G QSFP+ Hurricane3-MG ARM Cortex A9 10G Switch Portfolio S5860-48XMG-U 48 x 10G copper UPOE, 4 x 25G SFP28, 2 x 40G QSFP+ Hurricane3-MG ARM Cortex A9 10G Switch Portfolio S5860-24XMG 24 x 10G copper, 4 x 10G SFP+, 4 x 25G SFP28 Hurricane3-MG ARM Cortex A9 10G Switch Portfolio S5860-48XMG 48 x 10G copper, 4 x 25G SFP28, 2 x 40G QSFP+ Hurricane3-MG ARM Cortex A9 10G Switch Portfolio S5860-20SQ 20 x 10G SFP+, 4 x 25G SFP28, 2 x 40G QSFP+ Hurricane3-MG ARM Cortex A9 10G Switch Portfolio S5860-24XB-U 24 x 10G copper UPOE, 4 x 10G SFP+, 4 x 25G SFP28 Hurricane3-MG ARM Cortex A9 25G Switch Portfolio S5580-48Y 48 x 25G, 8 x 100G Trident3-X7 Intel x86 100G Switch Portfolio S5890-32C 32 x 100G QSFP28 Trident3-X7 Intel x86 10G Switch Portfolio N5850-48S6Q 48 x 10G, 6 x 40G Trident2+ Intel x86 10G Switch Portfolio N5850-48S6C 48 x 10G, 6 x 100G Trident3-X5 Intel x86 10G Switch Portfolio N5850-48X6C 48 x 10G-T, 6 x 100G Trident3-X5 Intel x86 25G Switch Portfolio N8550-48B8C 48 x 25G, 8 x 100G Trident3-X7 Intel x86 100G Switch Portfolio N8550-32C 32 x 100G Trident3-X7 Intel x86 100G Switch Portfolio N8550-64C 64 x 100G Tomahawk2 Intel x86 100G Switch Portfolio N8560-32C 32 x 100G QSFP28 Trident3 Intel x86 Edgecore Hardware Table 2. Supported Edgecore Switches Category Model Port Configuration Switch ASIC CPU 1G Switch Portfolio AS4610-30P 24 x 1G PoE, 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio AS4610-30T 24 x 1G-T, 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio AS4610-54P 48 x 1G PoE, 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio AS4610-54T(B) 48 x 1G-T, 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio AS4625-54P 48 x 1G PoE, 6 x 10G Trident3-X2 Intel x86 1G Switch Portfolio AS4625-54T 48 x 1G-T, 6 x 10G Trident3-X2 Intel x86 1G Switch Portfolio AS4630-54PE (EPS202) 48 x 1G PoE, 4 x 25G Trident3 Intel x86 1G Switch Portfolio AS4630-54TE (EPS201) 48 x 1G PoE, 4 x 25G Trident3 Intel x86 10G Switch Portfolio AS5812-54T (DCS209) 48 x 10G-T, 6 x 100G Trident3 Intel x86 10G Switch Portfolio AS5812-54X (DCS208) 48 x 10G, 6 x 100G Trident2+ Intel x86 10G Switch Portfolio AS5835-54T (DCS202) 48 x 10G RJ-45, 6 x 100G QSFP28 Trident3 Intel x86 10G Switch Portfolio AS5835-54X (DCS201) 48 x 10G SFP+, 6 x 100G QSFP28 Trident3 Intel x86 10G Switch Portfolio AS5712-54X 48 x 10G, 6 x 40G Trident2 Intel x86 25G Switch Portfolio AS7312-54X(S) 48 x 25G, 6 x 100G Tomahawk+ Intel x86 25G Switch Portfolio AS7326-56X (DCS203) 48 x 25G, 8x 100G Trident3-X7 Intel x86 40G Switch Portfolio AS6812-32X 32 x 40G Trident2+ Intel x86 100G Switch Portfolio AS7712-32X (DCS501) 32 x 100G Tomahawk Intel x86 100G Switch Portfolio AS7726-32X (DCS204) 32 x 100G Trident3-X7 Intel x86 100G Switch Portfolio AS7816-64X (DCS500) 64 x 100G Tomahawk2 Intel x86 Multi- Gig SwitchPortfolio AS4630-54NPE (EPS203) 36 x 1/2.5G PoE,12 x 1/2.5/5/10G PoE Trident3 Intel x86 DELL Hardware Table 3. Supported DELL Switches Category Model Port Configuration Switch ASIC CPU 10G Switch Portfolio S4048-ON 48 x 10G, 6 x 40G Trident2 Intel x86 10G Switch Portfolio S4128F-ON 28 x 10G, 2 x 100G Maverick Intel x86 10G Switch Portfolio S4128T-ON 28 x 10G, 2 x 100G Maverick Intel x86 10G Switch Portfolio S4148F-ON 48 x 10G SFP, 2 x 40G, 4 x 100G Maverick Intel x86 10G Switch Portfolio S4148T-ON 48 x 10G BASE-T, 2 x 40G, 4 x 100G Maverick Intel x86 25G Switch Portfolio S5212F-ON 12 x 25G, 3 x 100G Trident3-X5 Intel x86 25G Switch Portfolio S5224F-ON 24 x 25G, 4 x 100G Trident3-X5 Intel x86 25G Switch Portfolio S5248F-ON 48 x 25G, 8 x 100G Trident3-X7 Intel x86 25G Switch Portfolio S5296F-ON 96 x 25G, 8 x 100G Trident3-X7 Intel x86 100G Switch Portfolio S5232F-ON 32 x 100G Trident3-X7 Intel x86 1G Switch Portfolio N3024EP-ON 24 x 1G PoE, 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio N3024ET-ON 24 x 1G, 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio N3048EP-ON 48 x 1G PoE, 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio N3048ET-ON 48 x 1G, 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio N3224F-ON 24 x 1G SFP, 4 x 10 G Trident3-X3 Intel x86 1G Switch Portfolio N3224P-ON 24 x 1G 30W PoE, 4 x 10G Trident3-X3 Intel x86 1G Switch Portfolio N3224T-ON 24 x 1G, 4 x 10G Trident3-X3 Intel x86 1G Switch Portfolio N3248P-ON 48 x 1G 30W PoE, 4 x 10G Trident3-X3 Intel x86 1G Switch Portfolio N3248TE-ON 48 x 1G, 4 x 10G Trident3-X3 Intel x86 Multi-Gig Switch Portfolio N2224PX-ON 24 x 1G/2.5G30W/60W PoE, 4 x 25G Hurricane3-MG Intel x86 Multi-Gig Switch Portfolio N2224X-ON 24 x 1G/2.5G, 4 x 25G Hurricane3-MG Intel x86 Multi-Gig Switch Portfolio N2248PX-ON 48 x 1G/2.5G30W/60W PoE, 4 x 25G Hurricane3-MG Intel x86 Multi-Gig Switch Portfolio N2248X-ON 48 x 1G/2.5G, 4 x 25G Hurricane3-MG Intel x86 Multi-Gig Switch Portfolio N3132PX-ON 24 x 1G PoE,8 x 1/2.5/5G PoE, 4 x 10G Firebolt 4 FS ARM Cortex A9 Multi-Gig Switch Portfolio N3208PX-ON 4 x 1/2.5/5G PoE,4 x 1G PoE, 2 x 10G SFP+ Hurricane3-MG Intel x86 Multi-Gig Switch Portfolio N3224PX-ON 24 x 1/2.5/5/10G 90W PoE, 4 x 25G Trident3-X3 Intel x86 Multi-Gig Switch Portfolio N3248PXE-ON 48 x 1/2.5/5/10G 90W PoE, 4 x 25G Trident3-X5 Intel x86 Multi-Gig Switch Portfolio N3248X-ON 48 x 1/2.5/5/10G, 4 x 25G Trident3-X5 Intel x86 100G Switch Portfolio Z9100-ON 32 x 100G Tomahawk Intel x86 100G Switch Portfolio Z9264F-ON 64 x 100G Tomahawk2 Intel x86 Delta Hardware Table 4. Supported Delta Switches Category Model Port Configuration Switch ASIC CPU 10G Switch Portfolio AG7648 48 x 10G Trident2 Intel x86 25G Switch Portfolio AG5648 v1-R 48 x 25G Tomahawk+ Intel x86 100G Switch Portfolio AG9032 v1 32 x 100G Tomahawk Intel x86 HPE Hardware Table 5. Supported HPE Switches Category Model Port Configuration Switch ASIC CPU 10G Switch Portfolio HPE AL 6921-54T 48 x 10G-T, 6 x 40G Trident2+ Intel x86 10G Switch Portfolio HPE AL 6921-54X 48 x 10G-T, 6 x 40G Trident2+ Intel x86 Supported Switches for 2.1.0 AmpCon-Campus 2.1.0 supports managing the following switches: NOTE You are recommended to install PicOS 4.5.0 or later. Or else, the telemetry and automatic discovery of topology features might not work. FS Hardware Table 1. Supported FS Switches Category Model Configuration Switch ASIC CPU 1G Switch Portfolio S5870-48T6BC 48 x 1G 4 x 25G Broadcom Trident III Intel Atom C3558 1G Switch Portfolio S5870-48T6BC-U 48 x 1G PoE++ 4 x 25G 2 x 100G Broadcom Trident III Intel Atom C3558 2.5G Switch Portfolio S5870-48MX6BC-U 36 x 2.5G PoE++ 12 x 10G PoE++ 4 x 25G 2 x 100G BCM56370 Intel Atom C3558 1G Switch Portfolio S5810-48TS-P 48 x 1G PoE+ 4 x 10G BCM56340 ARM A9 1G Switch Portfolio S5810-28TS 24 x 1000BASE-T 4 x 1G 4 x 10G BCM56342 ARM A9 1G Switch Portfolio S5810-28FS 8x 1000BASE-T 28 x 1G 4 x 10G BCM56342 ARM A9 1G Switch Portfolio S5810-48TS 48 x 1G 4 x 10G BCM56340 ARM A9 1G Switch Portfolio S5810-48FS 48 x 1G 4 x 10G BCM56340 ARM A9 5G Switch Portfolio S5860-24MG-U 24 x 5GBASE-T/Multi-Gigabit PoE++ 4 x 25G BCM56170 ARM A9 5G Switch Portfolio S5860-48MG-U 48 x 5GBASE-T/Multi-Gigabit PoE++ 4 x 25G2 x 40G BCM56170 ARM A9 10G Switch Portfolio S5860-48XMG-U 48 x 10GBASE-T/Multi-GigabitPoE++ 4 x 25G 2 x 40G BCM56170 ARM A9 10G Switch Portfolio S5860-24XMG 24 x 10GBASE-T/Multi-Gigabit 4 x 10G 4 x 25G BCM56170 ARM A9 10G Switch Portfolio S5860-48XMG 48 x 10GBASE-T/Multi-Gigabit 4 x 25G 2 x 40G BCM56170 ARM A9 10G Switch Portfolio S5860-20SQ 20 x 10G 4 x 25G 2 x 40G BCM56170 ARM A9 10G Switch Portfolio S5860-24XB-U 24 x 10GBASE-T/Multi-Gigabit PoE++ 4 x 10G 4 x 25G BCM56170 ARM A9 10G Switch Portfolio N5850-48S6Q 48 x10G 6 x 40G Broadcom Trident II+ Intel Atom C2538 10G Switch Portfolio N5850-48S6C 48 x 10G 6 x 100G Broadcom Trident III Intel Atom C3558 10G Switch Portfolio N5850-48X6C 48 x 10G 6 x 100G Broadcom Trident III Intel Atom C3558 25G Switch Portfolio N8550-48B8C 48 x 25G 2 x 10G 8 x 100G Broadcom Trident III Intel Xeon D- 1518 100G Switch Portfolio N8550-32C 32 x 100G 2 x 10G Broadcom Trident III Intel Xeon D- 1518 100G Switch Portfolio N8560-32C 32 x 100G BCM56870 Intel Xeon D- 1527 100G Switch Portfolio N8550-64C 64 x 100G Broadcom Tomahawk II Intel XeonD- 1518 Edgecore Hardware Table 2. Supported Edgecore Switches Category Model Configuration Switch ASIC CPU 1G Switch Portfolio AS4610-30P 24 x 1G PoE 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio AS4610-30T 24 x 1G- T 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio AS4610-54P 48 x 1G PoE 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio AS4610-54T(B) 48 x 1G- T 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio AS4625-54P 48 x 1G PoE 6 x 10G Trident3-X2 Intel x86 1G Switch Portfolio AS4625-54T 48 x 1G-T 6 x 10G Trident3-X2 Intel x86 1G Switch Portfolio AS4630-54PE (EPS202) 48 x 1G PoE 4 x 25G Trident III Intel x86 1G Switch Portfolio AS4630-54TE (EPS201) 48 x 1G 4 x 25G Trident III Intel x86 Multi- Gig SwitchPortfolio AS4630-54NPE (EPS203) 36 x 1/2.5G PoE 12 x 1/2.5/5/10G PoE Trident III Intel x86 10G Switch Portfolio AS5712-54X 48 x 10G 6 x 40G Trident II Intel x86 10G Switch Portfolio AS5812-54T 48 x 10G- T 6 x 40G Trident II+ Intel x86 10G Switch Portfolio AS5812-54X 48 x 10G 6 x 40G Trident II+ Intel x86 10G Switch Portfolio AS5835-54T (DCS209) 48 x 10G- T 6 x 100G Trident III Intel x86 10G Switch Portfolio AS5835-54X (DCS208) 48 x 10G 6 x 100G Trident III Intel x86 25G Switch Portfolio AS7312-54X(S) 48 x 25G 6 x 100G Tomahawk Intel x86 25G Switch Portfolio AS7326-56X (DCS203) 48 x 25G 8x 100G Trident 3 × 7 Intel x86 40G Switch Portfolio AS6812-32X 32 x 40G Trident II+ Intel x86 100G Switch Portfolio AS7712-32X (DCS501) 32 x 100G Tomahawk Intel x86 100G Switch Portfolio AS7726-32X (DCS204) 32 x 100G Trident 3× 7 Intel x86 100G Switch Portfolio AS7816-64X (DCS500) 64 x 100G Tomahawk 2 Intel x86 DELL Hardware Table 3. Supported DELL Switches Category Model Configuration Switch ASIC CPU 1G Switch Portfolio N3024EP-ON 24 x 1G PoE 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio N3024ET-ON 24 x 1G 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio N3048EP-ON 48 x 1G PoE 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio N3048ET-ON 48 x 1G 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio N3224F-ON 24 x 1G SFP 4 x 10 G Trident 3×3 Intel x86 1G Switch Portfolio N3224P-ON 24 x 1G 30W PoE 4 x 10 G Trident 3×3 Intel x86 1G Switch Portfolio N3224T-ON 24 x 1G 4 x 10G Trident 3×3 Intel x86 1G Switch Portfolio N3248P-ON 48 x 1G 30W PoE 4 x 10G Trident 3×3 Intel x86 1G Switch Portfolio N3248TE-ON 48 x 1G 4 x 10G Trident 3×3 Intel x86 Multi-Gig Switch Portfolio N2224PX-ON 24 x 1G/2.5G30W/60W PoE 4 x 25G Hurricane 3 MG Intel x86 Multi-Gig Switch Portfolio N2224X-ON 24 x 1G/2.5G 4 x 25G Hurricane 3 MG Intel x86 Multi-Gig Switch Portfolio N2248PX-ON 48 x 1G/2.5G30W/60W PoE 4 x 25G Hurricane 3 MG Intel x86 Multi-Gig Switch Portfolio N2248X-ON 48 x 1/ 2.5/ 5/10G 4 x 25G Trident 3×3 Intel x86 Multi-Gig Switch Portfolio N3132PX-ON 24 x 1G PoE8 x 1/2.5/5G PoE 4 x 10G Firebolt 4 FS ARM Cortex A9 Multi-Gig Switch Portfolio N3208PX-ON 4 x 1/2.5/5G PoE 4 x 1G PoE 2 x 10G SFP+ Hurricane 3 MG Intel x86 Multi-Gig Switch Portfolio N3224PX-ON 24 x 10G 90W PoE 4 x 25 G Trident 3×3 Intel x86 Multi-Gig Switch Portfolio N3248PXE-ON 48 x 10G 90W PoE 4 x 25 G Trident 3×5 Intel x86 Multi-Gig Switch Portfolio N3248X-ON 48 x 1/ 2.5/ 5/10G 4 x 25G Trident 3×3 Intel x86 10G Switch Portfolio S4048-ON 48 x 10G 6 x 40G Trident II Intel x86 10G Switch Portfolio S4128F-ON 28 x 10G 2 x 100G Maverick Intel x86 10G Switch Portfolio S4128T-ON 28 x 10G 2 x 100G Maverick Intel x86 10G Switch Portfolio S4148F-ON 48 x 10G 2 x 40G 4 x 100G Maverick Intel x86 10G Switch Portfolio S4148T-ON 48 x 10G 2 x 40G 4 x 100G Maverick Intel x86 25G Switch Portfolio S5212F-ON 12 x25G 3 x 100G Trident 3×5 Intel x86 25G Switch Portfolio S5224F-ON 12 x 25G 4 x 100G Trident 3×5 Intel x86 25G Switch Portfolio S5248F-ON 48 x 25G 8 x 100G Trident 3× 7 Intel x86 25G Switch Portfolio S5296F-ON 96 x 25G 8 x 100G Trident 3× 7 Intel x86 100G Switch Portfolio Z9100-ON 32 x 100G Tomahawk Intel x86 100G Switch Portfolio Z9264F-ON 64 x 100G Tomahawk 2 Intel x86 100G Switch Portfolio S5232F-ON 32 x 100G Trident 3×7 Intel x86 Delta Hardware Table 4. Supported Delta Switches Category Model Configuration Switch ASIC CPU 10G Switch Portfolio AG7648 48 x 10G Trident II Intel x86 25G Switch Portfolio AG5648 v1-R 48 x 25G Tomahawk + Intel x86 100G Switch Portfolio AG9032v1 32 x 100G Tomahawk Intel x86 HPE Hardware Table 5. Supported HPE Switches Category Model Configuration Switch ASIC CPU 10G Switch Portfolio HPE AL 6921-54T 48 x 10G-T6 x 40G Trident II+ Intel x86 10G Switch Portfolio HPE AL 6921-54X 48 x 10G-T6 x 40G Trident II+ Intel x86 Supported Switches for 2.1.1 AmpCon-Campus 2.1.1 supports managing the following switches: NOTE You are recommended to install PicOS 4.5.0 or later. Or else, the telemetry and automatic discovery of topology features might not work. FS Hardware Table 1. Supported FS Switches Category Model Configuration Switch ASIC CPU 1G Switch Portfolio S3410-48TS-P 48x1G/100M/10M copper PoE 4x10G/1G SFP+ Broadcom Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410-48TS 48x1G/100M/10M copper 4x10G/1G SFP+ Broadcom Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410L-48TF 48x1G/100M/10M copper 4x10G/1G SFP+ Broadcom Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410L-24TF 24x1G/100M/10M copper 4x1G SFP Broadcom Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410-24TS 24x1G/100M/10M copper 4x10G/1G SFP+ Broadcom Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410L-24TF-P 24x1G/100M/10M copper POE 4x1G SFP Broadcom Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410-24TS-P 24x1G/100M/10M copper POE 2x10G/1G SFP+ Broadcom Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410C-16TF 16x1G/100M/10M copper 2x1G SFP Broadcom Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410C-16TF-P 16x1G/100M/10M copper (First 8 copper port support POE) 2x1G SFP Broadcom Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410C-16TMS-P 2x5G/2.5G/1G copper POE 16x1G/100M/10M copper (First 6x1G/100M/10M copper port support POE) 2x10G/1G SFP+ Broadcom Hurricane2 ARM Cortex A9 1G Switch Portfolio S3410C-8TMS-P 2x5G/2.5G/1G copper POE 8x1G/100M/10M copper (First 6x1G copper port support POE) 2x10G/1G SFP+ Broadcom Hurricane2 ARM Cortex A9 1G Switch Portfolio S5870-48T6BC 48 x 1G 4 x 25G Broadcom Trident III Intel Atom C3558 1G Switch Portfolio S5870-48T6BC-U 48 x 1G PoE++ 4 x 25G 2 x 100G Broadcom Trident III Intel Atom C3558 2.5G Switch Portfolio S5870-48MX6BC-U 36 x 2.5G PoE++ 12 x 10G PoE++ 4 x 25G 2 x 100G BCM56370 Intel Atom C3558 1G Switch Portfolio S5810-48TS-P 48 x 1G PoE+ 4 x 10G BCM56340 ARM A9 1G Switch Portfolio S5810-28TS 24 x 1000BASE-T 4 x 1G 4 x 10G BCM56342 ARM A9 1G Switch Portfolio S5810-28FS 8x 1000BASE-T 28 x 1G 4 x 10G BCM56342 ARM A9 1G Switch Portfolio S5810-48TS 48 x 1G 4 x 10G BCM56340 ARM A9 1G Switch Portfolio S5810-48FS 48 x 1G 4 x 10G BCM56340 ARM A9 5G Switch Portfolio S5860-24MG-U 24 x 5GBASE-T/Multi-Gigabit PoE++ 4 x 25G BCM56170 ARM A9 5G Switch Portfolio S5860-48MG-U 48 x 5GBASE-T/Multi-Gigabit PoE++ 4 x 25G2 x 40G BCM56170 ARM A9 10G Switch Portfolio S5860-48XMG-U 48 x 10GBASE-T/Multi-GigabitPoE++ 4 x 25G 2 x 40G BCM56170 ARM A9 10G Switch Portfolio S5860-24XMG 24 x 10GBASE-T/Multi-Gigabit 4 x 10G 4 x 25G BCM56170 ARM A9 10G Switch Portfolio S5860-48XMG 48 x 10GBASE-T/Multi-Gigabit 4 x 25G 2 x 40G BCM56170 ARM A9 10G Switch Portfolio S5860-20SQ 20 x 10G 4 x 25G 2 x 40G BCM56170 ARM A9 10G Switch Portfolio S5860-24XB-U 24 x 10GBASE-T/Multi-Gigabit PoE++ 4 x 10G 4 x 25G BCM56170 ARM A9 10G Switch Portfolio N5850-48S6Q 48 x10G 6 x 40G Broadcom Trident II+ Intel Atom C2538 10G Switch Portfolio N5850-48S6C 48 x 10G 6 x 100G Broadcom Trident III Intel Atom C3558 10G Switch Portfolio N5850-48X6C 48 x 10G 6 x 100G Broadcom Trident III Intel Atom C3558 25G Switch Portfolio N8550-48B8C 48 x 25G 2 x 10G 8 x 100G Broadcom Trident III Intel Xeon D- 1518 100G Switch Portfolio N8550-32C 32 x 100G 2 x 10G Broadcom Trident III Intel Xeon D- 1518 100G Switch Portfolio N8560-32C 32 x 100G BCM56870 Intel Xeon D- 1527 100G Switch Portfolio N8550-64C 64 x 100G Broadcom Tomahawk II Intel XeonD- 1518 Edgecore Hardware Table 2. Supported Edgecore Switches Category Model Configuration Switch ASIC CPU 1G Switch Portfolio AS4610-30P 24 x 1G PoE 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio AS4610-30T 24 x 1G- T 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio AS4610-54P 48 x 1G PoE 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio AS4610-54T(B) 48 x 1G- T 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio AS4625-54P 48 x 1G PoE 6 x 10G Trident3-X2 Intel x86 1G Switch Portfolio AS4625-54T 48 x 1G-T 6 x 10G Trident3-X2 Intel x86 1G Switch Portfolio AS4630-54PE (EPS202) 48 x 1G PoE 4 x 25G Trident III Intel x86 1G Switch Portfolio AS4630-54TE (EPS201) 48 x 1G 4 x 25G Trident III Intel x86 Multi- Gig SwitchPortfolio AS4630-54NPE (EPS203) 36 x 1/2.5G PoE 12 x 1/2.5/5/10G PoE Trident III Intel x86 10G Switch Portfolio AS5712-54X 48 x 10G 6 x 40G Trident II Intel x86 10G Switch Portfolio AS5812-54T 48 x 10G- T 6 x 40G Trident II+ Intel x86 10G Switch Portfolio AS5812-54X 48 x 10G 6 x 40G Trident II+ Intel x86 10G Switch Portfolio AS5835-54T (DCS209) 48 x 10G- T 6 x 100G Trident III Intel x86 10G Switch Portfolio AS5835-54X (DCS208) 48 x 10G 6 x 100G Trident III Intel x86 25G Switch Portfolio AS7312-54X(S) 48 x 25G 6 x 100G Tomahawk Intel x86 25G Switch Portfolio AS7326-56X (DCS203) 48 x 25G 8x 100G Trident 3 × 7 Intel x86 40G Switch Portfolio AS6812-32X 32 x 40G Trident II+ Intel x86 100G Switch Portfolio AS7712-32X (DCS501) 32 x 100G Tomahawk Intel x86 100G Switch Portfolio AS7726-32X (DCS204) 32 x 100G Trident 3× 7 Intel x86 100G Switch Portfolio AS7816-64X (DCS500) 64 x 100G Tomahawk 2 Intel x86 DELL Hardware Table 3. Supported DELL Switches Category Model Configuration Switch ASIC CPU 1G Switch Portfolio N3024EP-ON 24 x 1G PoE 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio N3024ET-ON 24 x 1G 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio N3048EP-ON 48 x 1G PoE 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio N3048ET-ON 48 x 1G 4 x 10G Helix4 ARM Cortex A9 1G Switch Portfolio N3224F-ON 24 x 1G SFP 4 x 10 G Trident 3×3 Intel x86 1G Switch Portfolio N3224P-ON 24 x 1G 30W PoE 4 x 10 G Trident 3×3 Intel x86 1G Switch Portfolio N3224T-ON 24 x 1G 4 x 10G Trident 3×3 Intel x86 1G Switch Portfolio N3248P-ON 48 x 1G 30W PoE 4 x 10G Trident 3×3 Intel x86 1G Switch Portfolio N3248TE-ON 48 x 1G 4 x 10G Trident 3×3 Intel x86 Multi-Gig Switch Portfolio N2224PX-ON 24 x 1G/2.5G30W/60W PoE 4 x 25G Hurricane 3 MG Intel x86 Multi-Gig Switch Portfolio N2224X-ON 24 x 1G/2.5G 4 x 25G Hurricane 3 MG Intel x86 Multi-Gig Switch Portfolio N2248PX-ON 48 x 1G/2.5G30W/60W PoE 4 x 25G Hurricane 3 MG Intel x86 Multi-Gig Switch Portfolio N2248X-ON 48 x 1/ 2.5/ 5/10G 4 x 25G Trident 3×3 Intel x86 Multi-Gig Switch Portfolio N3132PX-ON 24 x 1G PoE8 x 1/2.5/5G PoE 4 x 10G Firebolt 4 FS ARM Cortex A9 Multi-Gig Switch Portfolio N3208PX-ON 4 x 1/2.5/5G PoE 4 x 1G PoE 2 x 10G SFP+ Hurricane 3 MG Intel x86 Multi-Gig Switch Portfolio N3224PX-ON 24 x 10G 90W PoE 4 x 25 G Trident 3×3 Intel x86 Multi-Gig Switch Portfolio N3248PXE-ON 48 x 10G 90W PoE 4 x 25 G Trident 3×5 Intel x86 Multi-Gig Switch Portfolio N3248X-ON 48 x 1/ 2.5/ 5/10G 4 x 25G Trident 3×3 Intel x86 10G Switch Portfolio S4048-ON 48 x 10G 6 x 40G Trident II Intel x86 10G Switch Portfolio S4128F-ON 28 x 10G 2 x 100G Maverick Intel x86 10G Switch Portfolio S4128T-ON 28 x 10G 2 x 100G Maverick Intel x86 10G Switch Portfolio S4148F-ON 48 x 10G 2 x 40G 4 x 100G Maverick Intel x86 10G Switch Portfolio S4148T-ON 48 x 10G 2 x 40G 4 x 100G Maverick Intel x86 25G Switch Portfolio S5212F-ON 12 x25G 3 x 100G Trident 3×5 Intel x86 25G Switch Portfolio S5224F-ON 12 x 25G 4 x 100G Trident 3×5 Intel x86 25G Switch Portfolio S5248F-ON 48 x 25G 8 x 100G Trident 3× 7 Intel x86 25G Switch Portfolio S5296F-ON 96 x 25G 8 x 100G Trident 3× 7 Intel x86 100G Switch Portfolio Z9100-ON 32 x 100G Tomahawk Intel x86 100G Switch Portfolio Z9264F-ON 64 x 100G Tomahawk 2 Intel x86 100G Switch Portfolio S5232F-ON 32 x 100G Trident 3×7 Intel x86 Delta Hardware Table 4. Supported Delta Switches Category Model Configuration Switch ASIC CPU 10G Switch Portfolio AG7648 48 x 10G Trident II Intel x86 25G Switch Portfolio AG5648 v1-R 48 x 25G Tomahawk + Intel x86 100G Switch Portfolio AG9032v1 32 x 100G Tomahawk Intel x86 HPE Hardware Table 5. Supported HPE Switches Category Model Configuration Switch ASIC CPU 10G Switch Portfolio HPE AL 6921-54T 48 x 10G-T6 x 40G Trident II+ Intel x86 10G Switch Portfolio HPE AL 6921-54X 48 x 10G-T6 x 40G Trident II+ Intel x86

AmpCon-Campus Installation and Upgrade Guide

09 set. 2025 - AmpCon-Campus Installation and Upgrade Guide Supported Deployments AmpCon-Campus supports the following deployments: Table 1. Supported Deployment Information Indicator Support information Deployment method VMware ESXi 6.7, 7.0, 8.0, QEMU / KVM for Ubuntu 22.04 LTS, Oracle VirtualBox for lab only, physical machine based on Ubuntu 22.04 TLS with Docker Maximum number of switches supported 1000 Maximum number of registered users 1000 Maximum number of online users 100 Storage duration of system logs 2 months Storage duration of operation logs 2 months Maximum storage of current alerts Unlimited Maximum storage of historical alerts 2 months Installation Requirements Before you install AmpCon-Campus, check the following requirements: Server Requirements Ensure that the machine to install the AmpCon-Campus server meets the following requirements: Table 1. Server Requirement Details Indicators Requirements CPU Clock speed 2.0 GHz or faster Number of cores 4 CPU cores Memory 16 GB Hard disk 512 GB Operating systems Ubuntu 22.04 X86 architecture Network Requirements Set the firewall and proxy properly to allow the following network access. Ensure that the AmpCon-Campus server machine allows the following protocols and ports: Table 2. Network Requirement for the AmpCon-Campus Server Machine TCP/UDP Port Protocol TCP 80 HTTP TCP 443 HTTPS UDP 69 TFTP UDP 80 OpenVPN Ensure that the switch machines to be managed allow the following protocols and ports: Table 3. Network Requirement for Switches TCP/UDP Port Protocol TCP 22 SSH TCP 9339 gRPC/gNMI Browser Requirements When you use a browser to log in to the AmpCon-Campus UI, use Chrome 98, Edge 98, Firefox 94, or higher versions. age file to the machine where the hypervisor exists, and unzip the file. Installing the AmpCon-Campus Server You can install the AmpCon-Campus server on a virtual machine or a physical machine by using one of the following methods: Installing on VirtualBox for Lab Only You can install the AmpCon-Campus server on VirtualBox for lab purposes only. Production environments require a proper enterprise-scale virtualization solution as described in Supported Deployments. For how to use VirtualBox in general, see the Oracle VirtualBox documentation. Prerequisites Ensure that the installation requirements are met. Download the compressed AmpCon-Campus server image file by going to the FS AmpCon-Campus website and then clicking AmpCon-Campus for VirtualBox 2.2.x Software in the Resources section. Put the compressed AmpCon-Campus server image file to the machine where the hypervisor exists, and unzip the file. Installation Procedure Open the VirtualBox console, and then click File > Import Appliance. image.png Select Local File System, and then select the AmpCon-Campus server .ova image file. image.png Confirm the settings for the .ova file, and then click Finish. image.png Wait for the importing process to finish. Once completed, the virtual machine is successfully imported, and the AmpCon-Campus server is installed. NOTE: The AmpCon-Campus server is installed in the /usr/share/automation/server directory. Currently, you can’t customize the installation directory. image.png Check the settings of the imported virtual machine. image.png Start the imported virtual machine by clicking the virtual machine and then clicking Start. image.png Modify the network interface configuration. a. Log in to the virtual machine with the default username (pica8) and password (pica8). b. Modify the IP address with the real IP address of the virtual machine. sudo vi /etc/netplan/00-installer-config.yaml image.png c. Apply the network interface configuration by running the following command: sudo netplan apply Start the AmpCon-Campus server: a. Go to the AmpCon-Campus installation directory by running the following command: cd /usr/share/automation/server b. Start the AmpCon-Campus server by running the following command: sudo ./start.sh Now the AmpCon-Campus server is installed and started. What to Do Next After you install the AmpCon-Campus server, you need to add system configurations and import AmpCon-Campus Licenses. Installing on VMware ESXi You can install the AmpCon-Campus server on VMware ESXi 6.7, 7.0, 8.0. For how to use VMware ESXi in general, see the VMware ESXi documentation. Prerequisites Ensure that the installation requirements are met. Download the compressed AmpCon-Campus server image file by going to the FS AmpCon-Campus website and then clicking AmpCon-Campus for VMWare ESXi 2.2.x Software in the Resources section. Put the compressed AmpCon-Campus server image file to the machine where the hypervisor exists, and unzip the file. Installation Procedure Open the VMware ESXi console, and then click Create / Register VM. image.png Select Deploy a virtual machine from an OVF or OVA file, and then click Next. image.png Enter the virtual machine name, upload the AmpCon-Campus server .ovf and .vmdk files, and then click Next. image.png Confirm the storage type and datastore, and then click Next. image.png In the Network mappings drop-down list of the Deployment Options window, select the network adapter to which the virtual machine is connected, and then click Next. Click Finish. image.png Wait for the importing process to finish. Once completed, the virtual machine is successfully imported, and the AmpCon-Campus server is installed. NOTE The AmpCon-Campus server is installed in the /usr/share/automation/server directory. Currently, you can’t customize the installation directory. On the VMware ESXi console, click the new virtual machine name that you specified in step 3. image.png Click Console to open the virtual machine console. image.png Modify the network interface configuration. a. Log in to the virtual machine with the default username (pica8) and password (pica8). b. Modify the IP address with the real IP address of the virtual machine. sudo vi /etc/netplan/00-installer-config.yaml image.png c. Apply the network interface configuration by running the following command: sudo netplan apply Start the AmpCon-Campus server: a. Go to the AmpCon-Campus installation directory by running the following command: cd /usr/share/automation/server b. Start the AmpCon-Campus server by running the following command: sudo ./start.sh Now the AmpCon-Campus server is installed and started. What to Do Next After you install the AmpCon-Campus server, you need to add system configurations and import AmpCon-Campus Licenses. Installing on QEMU or KVM You can install the AmpCon-Campus server on QEMU or KVM. For how to use QEMU or KVM in general, see the KVM documentation and QEMU documentation. In this topic, KVM virt-manager is used to demonstrate the AmpCon-Campus server installation steps. Prerequisites Ensure that the installation requirements are met. Download the compressed AmpCon-Campus server image file by going to the FS AmpCon-Campus website and then clicking AmpCon-Campus for QEMU/KVM 2.2.x Software in the Resources section. Put the compressed AmpCon-Campus server image file to the machine where the hypervisor exists, and unzip the file. Installation Procedure Open the virt-manager console by running the following command: virt-manager Click the following button to start the importing process. image.png Select Import existing disk image, and then click Forward. image.png Click Browse to select the AmpCon-Campus server .qcow2 image file. image.png Click Browse Local to add a local location. image.png Find the location of the AmpCon-Campus server .qcow2 image file, and then click Open. image.png Select Ubuntu 22.04 LTS, and then click Forward. NOTE: Do not select other operating systems because AmpCon-Campus supports only Ubuntu 22.04 currently. image.png Adjust the memory and CPU settings as needed, and then click Forward. NOTE: The memory and CPU settings need to meet the Server Requirements. image.png In the Network selection section, select Macvtap device, and enter the device name. Then, click Finish. image.png Wait for the importing process to finish. Once completed, the virtual machine is successfully imported, and the AmpCon-Campus server is installed. NOTE: The AmpCon-Campus server is installed in the /usr/share/automation/server directory. Currently, you can’t customize the installation directory. image.png Modify the network interface configuration. a. Log in to the virtual machine with the default username (pica8) and password (pica8). b. Modify the IP address with the real IP address of the virtual machine. image.png c. Apply the network interface configuration by running the following command: sudo netplan apply Start the AmpCon-Campus server: a. Go to the AmpCon-Campus installation directory by running the following command: cd /usr/share/automation/server b. Start the AmpCon-Campus server by running the following command: sudo ./start.sh Now the AmpCon-Campus server is installed and started. What to Do Next After you install the AmpCon-Campus server, you need to add system configurations and import AmpCon-Campus Licenses. Installing on Physical Machines (Ubuntu Docker) You can install the AmpCon-Campus server on a physical machine based on Ubuntu 22.04 with Docker installed. Prerequisites Ensure that the installation requirements are met. Prepare a physical machine based on Ubuntu 22.04 with Docker installed. Download the AmpCon-Campus server installation package by going to the FS AmpCon-Campus website and then clicking AmpCon-Campus for Ubuntu Docker 2.2.x Software in the Resources section. Installation Procedure Unzip the AmpCon-Campus server installation package by running the following command: tar -zxvf Replace with the name of the compressed AmpCon-Campus server installation package. Modify the network interface configuration. a. Modify the IP address with the real IP address of the physical machine. sudo vi /etc/netplan/00-installer-config.yaml image.png b. Apply the network interface configuration by running the following command: sudo netplan apply Go to the directory where the unzipped AmpCon-Campus server installation files exist. cd Replace with the name of the directory containing the unzipped AmpCon-Campus server installation files. Install the AmpCon-Campus server by running the following command: sudo ./install_or_upgrade.sh Wait for the installation process to finish. Once completed, the AmpCon-Campus server is installed and started. NOTE The AmpCon-Campus server is installed in the /usr/share/automation/server directory. Currently, you can’t customize the installation directory. What to Do Next If multiple NICs are added to the virtual machine or physical machine, you must specify one NIC IP address, which is used by AmpCon-Campus server to establish connections with the switches to be managed, in the configuration file (/usr/share/automation/server/.env). Otherwise, the connections between the AmpCon-Campus server and the switches to be managed might fail. For more information, see Multi-NIC Deployment for Switch Connectivity. After you install the AmpCon-Campus server, you need to add system configurations and import AmpCon-Campus Licenses. Multi-NIC Deployment for Switch Connectivity As described in Installing the AmpCon-Campus Server, you need to import the AmpCon-Campus image file to a virtual machine or unzip the AmpCon-Campus installation packet file on a physical machine to install the AmpCon-Campus server. If multiple NICs are added to the virtual machine or physical machine, you must specify one NIC IP address, which is used by AmpCon-Campus server to establish connections with the switches to be managed, in the configuration file (/usr/share/automation/server/.env). Otherwise, the connections between the AmpCon-Campus server and the switches to be managed might fail. NOTE When you install the AmpCon-Campus server on a virtual machine, the imported AmpCon-Campus image file contains only one Network Interface Card (NIC). But you can manually add more NICs. When you install the AmpCon-Campus server on a physical machine, the AmpCon-Campus installation package file is not an image file, and thus no NIC is contained in the file. But you can manually add one or multiple NICs to the physical machine. Prerequisite Ensure that the AmpCon-Campus server is installed on a virtual machine or a physical machine. Procedure Log in to the virtual machine or the physical machine, and then open the /usr/share/automation/server/.env file. sudo vim /usr/share/automation/server/.env Locate the line containing PROD_IP= in the file, and add the NIC IP address of the AmpCon-Campus server machine, which is used to connect to the switches to be managed. image.png Restart the AmpCon-Campus server by the following commands: cd /usr/share/automation/server/ sudo ./start.sh Adding System Configurations Before you deploy, configure, and manage switches with AmpCon-Campus, you must configure system configurations in the AmpCon-Campus UI. System Configurations System configurations contain the following two types: Global system configuration The first time you log in to AmpCon-Campus, you must add information to the global system configuration, The global system configuration can’t be removed. Non-global system configuration If the default username and password of switches to be managed are different, you can add multiple non-global system configurations. You can remove the non-global system configuration if it is not needed. A system configuration contains the following information: The URL, username, and password of the License Portal. The information is used to send requests to the License Portal. Default username and password of switches to be managed. The information is used to access the switches. A security configuration file with PicOS security-related set CLIs. Before you deploy and configure a switch, the switch needs to be configured with an initial security configuration to eliminate any unauthorized access. Security Config file is loaded to switch at the beginning of switch deployment. A parking security configuration file, which is used to push initial parking security configuration for those switches in the parking status. This configuration is not included in the non-global system configuration. The maximum backup number for the configuration snapshots. This configuration is not included in the non-global system configuration. The IP ranges of switches that are allowed for AmpCon-Campus management. This configuration is not included in the non-global system configuration. Whether to enable debug logs for server-side operations or not. This configuration is not included in the non-global system configuration. Adding a Global System Configuration The first time you log in to AmpCon-Campus, the global system configuration is blank. You must configure the global system configuration: Log in to the AmpCon-Campus UI with the URL of the AmpCon-Campus server in the format of "https://.com/login" or "https:///login". The default AmpCon-Campus UI username and password is admin/admin. Click Service > System Config from the navigation bar. On the “System Config” page, input the following information: Configuration Name: The name of the configuration. Device Default Login User: The default username of switches to be managed. Device Default Password: The default password of the default user. NOTEs Ensure that the Device Default Login User and Device Default Password on the “System Configuration” page can be used to log in to these switches. If the switches to be managed don’t share the same username and password in the global system configuration, create one or multiple non-global system configurations and apply system configurations to these switches based on the Device Default Login User and Device Default Password values. License Portal URL: https://license.pica8.com License Portal User: The user ID for the License Portal. License Portal Password: The password of the user for the License Portal. Config Backup Number: The maximum backup number for the configuration snapshots. DB Backup Number: The allowed maximum number of database backups. Security Config File: The .txt file with PicOS security-related set CLIs. Parking Security Config File: Optional. To eliminate any unauthorized access, switches in the parking lot need to be configured with an initial parking security configuration. That is, configurations in Initial parking security config file will be pushed to switches that already registered to AmpCon-Campus but without generated configurations. Allow Switch Source IP: Optional. Allow specified subnets from which switches can access AmpCon-Campus. Debug: Optional. Enable debug logs for server-side operations or not. Click Save. image.png The global system configuration is configured now. If you don’t add non-global system configurations, the global system configuration will be used to deploy switches. Adding a Non-global System Configuration To add a non-global system configuration, follow these steps: Log in to the AmpCon-Campus UI, and click Service > System Config. Click the + icon. The “Add New System Config” page opens. Input the following information： Configuration Name: The name of the configuration. Device Default Login User: The default username of switches to be managed. Device Default Password: The default password of the default user. License Portal URL: https://license.pica8.com License Portal User: The user ID for the License Portal. License Portal Password: The password of the user for the License Portal. License Portal URL, License Portal User, and License Portal Password are used to access the License Portal. Security Config File: The .txt file with PicOS security-related set CLIs. image.png Click Add. After you add the non-global system configuration, you can do the following actions: To view the switch information associated with the system configuration, click View Associated Switch on the ”System Config” page. image.png To apply a non-global system configuration to specific switches, click Manage Switch, select the switches, and then click Save. image.png To remove a non-global system configuration, click View Associated Switch to check whether the system configuration is associated with any switches or not. If not, click Remove. NOTE If the non-global system configuration is still associated with some switches, the removal will fail. You need to click Manage Switch to unselect these switches first. Importing AmpCon-Campus Licenses AmpCon-Campus is the control center for all switch licensing. It tracks the current switch entitlement and allows the appropriate number of switches to be managed by AmpCon-Campus. AmpCon-Campus needs a valid license with active support to perform its functions. The following license types are provided: Trial license: The trial period lasts for 90 days and an additional 14 days. After the trial license is expired, you must install a formal license to continue using AmpCon-Campus. Formal license: After a formal license is installed, you cannot install a trial license. To manage switches with AmpCon-Campus, you need to add the Hardware IDs of the switches to an AmpCon-Campus license and then import the license to AmpCon-Campus. Prerequisite Obtain the Hardware ID of each switch that you want to manage by running the following commands in each switch: run start shell sh sudo license -s image.png Creating an AmpCon-Campus License To create an AmpCon-Campus license, follow these steps: Log in to the License Portal, and then click AmpCon Licenses > New AmpCon License. NOTE You can get the username and password of the License Portal from the sales team. Input the following information: Software Type: Select Ampcon-Campus. Software Version: Select AmpCon-Campus 2.2.0. Device Type: From the drop-down list, select a device type. Feature Type: Select Foundation. Currently, only the Foundation feature type is supported. License Type: Select Trial License or Standard License. License Name: The name of the license. In the Addition Method section, select either of the following ways: Form input: Enter the Hardware IDs of switches to be managed with AmpCon-Campus, and select the expiration date. image.png File upload: Click Upload to upload a .xlsx file with the Hardware IDs of switches to be managed with AmpCon-Campus and the expiration date. You can click Blank template to download a .xlsx template file. image.png Click Add AmpCon License. Importing an AmpCon-Campus License To import an AmpCon-Campus license, follow these steps: Get the updated or new license from the License Portal. Log in to the License Portal, and then click AmpCon Licenses. Click Copy to copy the license string or click Download to download the .lic license file. image.png In the AmpCon-Campus UI, click System > Software License > License Management from the navigation bar. On the “License Management” page, click Import. Select either of the following ways to import licenses: Select Copy License.txt, and paste the license strings that you copied in step 1.b to the License Key box. image.png Select Copy License.lic, and then upload the .lic license file that you downloaded in step 1.b in the License Key selection box. image.png Click Apply. After you import the new license, the All Licenses table is refreshed. Optional: Editing an AmpCon-Campus License After you create an AmpCon-Campus license, if you want to manage new switches with AmpCon-Campus, you can edit the license. Follow these steps: Log in to the License Portal, and click AmpCon Licenses. Locate the license that you want to edit, and click the edit icon in the Total hw-ids column. Click the Add Device icon, enter the Hardware ID of each new switch that you want to manage, and select the expiration date. image.png Click Save. NOTE After you edit a license, import the updated license to AmpCon-Campus so that newly added switches can be managed by AmpCon-Campus. For more information, see Importing a License. Upgrading the AmpCon-Campus Server To upgrade the AmpCon-Campus server, follow these steps: Procedure Download the new AmpCon-Campus server package from the FS website. Go to the package directory, and run the following upgrade command: sudo install_or_upgrade.sh image.png Wait for the upgrade process to complete. Once you see a success message, the upgrade is finished. image.png Log in to the AmpCon-Campus UI to see whether the server is upgraded to the new version. Uninstalling the AmpCon-Campus Server To uninstall the AmpCon-Campus server, follow these steps: Procedure Go to the root directory of the AmpCon-Campus server, and run the stop script with sudo privileges: cd /usr/share/automation/server sudo ./stop.sh Clear the files in the server directory with sudo privileges: sudo rm -rf /usr/share/automation/server

AmpCon-Campus Management Platform Release Notes

09 set. 2025 - AmpCon-Campus Management Platform Release Notes Before you install or upgrade AmpCon-Campus, read this topic to get a quick overview of what is added, changed, improved, or deprecated in each release. AmpCon-Campus 2.2.1 Improvements SSH key authentication is available for device access in AmpCon-Campus 2.2.1. You can access devices (switches or terminals) by using either password or SSH key authentication, enhancing flexibility and security. For more information, see Accessing Devices through SSH Sessions. Previously, if a device session remained inactive for 1 minute on the “CLI Configuration” page, the session automatically terminated due to a timeout. In AmpCon-Campus 2.2.1, the timeout period is extended to 5 minutes, enhancing device access stability. Fixed Issues Previously, for integrated hardware and software PicOS switches that had the Web service enabled by default, the ZTP process through AmpCon-Campus might fail. In AmpCon-Campus 2.2.1, this issue is fixed. Previously, the AmpCon-Campus license expiration date was wrongly calculated. In AmpCon-Campus 2.2.1, this issue is fixed. Previously, after you backed up switch configurations by clicking Backup Config, the Last Backup Time value was not updated if the current backup was identical to the previous one. In AmpCon-Campus 2.2.1, this issue is fixed. Previously, the switch configuration rollback function couldn’t work. In AmpCon-Campus 2.2.1, this issue is fixed. AmpCon-Campus 2.2.0 New Features The following features are added to AmpCon-Campus 2.2.0: Supports designing MLAG campus fabrics for small or mid-size campus networks and designing IP Clos campus fabrics for large-scale campus networks. For more information, see Designing Campus Fabircs. Supports receiving immediate alarm notifications through emails when issues arise. For more information, see Alarm Notifications. Supports automatically identifying terminal devices connected to each managed switch and manually adding terminal devices. For more information, see Wired Clients. Improvements The following improvements are added to AmpCon-Campus 2.2.0: The supported switch list is updated with more supported switch models. For more information, see AmpCon-Campus Compatible Hardware Matrix. When you click a switch in a topology, the Client Info tab is displayed, where you can see metrics of terminal devices connected to the switch. For more information, see Client Info. The following telemetry metrics are added to the “Telemetry Dashboard” page. For more information, see Global Telemetry Data. CPU usage Memory usage Fan In Bits Rate Out Bits Rate Out Pkts Rate In Pkts Rate The following telemetry metrics are added to the detail page of each managed switch. For more information, see Telemetry Data of a Switch. Added Version (means PicOS version) in the Device Information tab Added In Bits Rate, Out Bits Rate, Out Pkts Rate, In Pkts Rate, Usage, and Fan in the Switch Overview tab Added In Bandwidth Utilization, Out Bandwidth Utilization, Out Bits Rate, In Bits Rate, Out Pkts Rate, and In Pkts Rate in the Port Overview tab Added a Device Overview tab with Redundant Power Supply Unit (RPSUs) and fans related metrics Added an ARP tab with ARP-related metrics Added a MAC tab with MAC-related metrics Added an OSPF tab with OSPF-related metrics Added a BGP tab with BGP-related metrics Added an IP Route tab with IP Route related metrics The following resource usage related alarms are supported. For more information, see Resource Usage Alarms. The CPU usage is over 85% The memory usage is over 85% The input bandwidth usage is over 85% The output bandwidth usage is over 85% The switch is offline The switch is powered down The proportion of the fan's Pulse Width Modulation (PWM) to the total width is over 85% New Changes The recommended PicOS version for the majority of supported switches is PicOS 4.6.0E or later. However, for switches with S3410 and S3270 switch models, the recommended PicOS version is 4.4.5.24 or later. Importing the AmpCon-Campus license is no longer required during initial UI login. You can log in to the AmpCon-Campus UI first and then import the license. For more information, see Importing AmpCon-Campus Licenses. AmpCon-Campus 2.1.1 New Features FS switches with the following switch models can be managed by AmpCon-Campus 2.1.1: S3410-48TS-P S3410-48TS S3410L-48TF S3410-24TS S3410-24TS-P S3410L-24TF S3410L-24TF-P S3410C-16TF S3410C-16TF-P S3410C-16TMS-P S3410C-8TMS-P For the full list of the supported switches, see Supported Switches for AmpCon-Campus 2.1.1. AmpCon-Campus 2.1.0 New Features The following new features are added to AmpCon-Campus 2.1.0: Supports automatic discovery of topology Supports telemetry to display real-time data from modules (optical or electrical) and switches including port status, port packet stats, and classification information of port packets Supports event alarming Supports monitoring of Intelligent Lossless Network, Priority-based Flow Control (PFC), and Explicit Congestion Notification (ECN) Supports importing PicOS-V switches to AmpCon-Campus Improvements The following improvements are added to AmpCon-Campus 2.1.0: The following improvements are added for automation with Ansible playbooks: Supports pre-testing of Ansible playbooks Supports importing third-party devices with a host name and a port number and SSH key validation Supports connectivity test of devices Adds descriptions to Ansible playbook functions in the AmpCon-Campus UI Previously, Zero Touch Provisioning (ZTP) supports only deploying white-box switches. Now ZTP also supports deploying integrated hardware and software switches.

AmpCon-Campus for VMWare ESXi 2.2.1 Software

09 set. 2025 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

AmpCon-Campus for VirtualBox 2.2.1 Software

09 set. 2025 - For details, please click the attachment icon below to view or download for a good reading experience or resources.

AmpCon-Campus for Ubuntu Docker 2.2.1 Software

09 set. 2025 - For details, please click the attachment icon below to view or download for a good reading experience or resources.