Cloud Managed Networks

Hello,

I just made POC where I created basic configuration to switches using USB (ZT)P (needed to do firmware update first from cli because lack of usb ztp support in out-of-box firmware... But anyway)
Idea is to send switches to installation site in cardboard boxes and when people installs them to racks, they will use given usb stick to install basic configuration to switches.
Basic configuration removes vlan 1 L3 interface and create separate control vlan 101 having static ip plus proper routing/DNS server addresses/hostnames/lag configurations to bring system alive when switches are connected to core. 

In Classic Central I can onboard & move switch described above to proper device group using "Keep existing sw configuration" and switch will get group's configurations and apped them to existing configuration and ip addresses/default gw/dns stuff remains untouched.

In New Central there is no option to "Keep existing configuration" and all existing configuration including ip address of switch will be deleted... How this kind of situation should be handled in CNX where 3rd party is installs devices and initial configuration from usb, there is no dhcp mgmt network and vlan 1 L3 is removed by default. 
How do I pre-configure ip addresses to devices beforehand so that I don't need console connection to device to fix missing configuration?

------------------------------
Jori Luoto
AV-IT Specialist
Audico Systems oy
------------------------------

------------------------------
Pavan Arshewar
Technical Lead Aruba ERT


If my post addresses your query, give kudos!
Note: Please note that the views, opinions, and statements expressed are solely my own and are provided in my personal capacity. They do not represent, reflect, or bind the Aruba HPE Networking in any manner.

Original Message:
Sent: Feb 23, 2026 09:03 AM
From: JL24
Subject: New Central/CNX and initial switch onboarding...

Hello,

I just made POC where I created basic configuration to switches using USB (ZT)P (needed to do firmware update first from cli because lack of usb ztp support in out-of-box firmware... But anyway)
Idea is to send switches to installation site in cardboard boxes and when people installs them to racks, they will use given usb stick to install basic configuration to switches.
Basic configuration removes vlan 1 L3 interface and create separate control vlan 101 having static ip plus proper routing/DNS server addresses/hostnames/lag configurations to bring system alive when switches are connected to core. 

In Classic Central I can onboard & move switch described above to proper device group using "Keep existing sw configuration" and switch will get group's configurations and apped them to existing configuration and ip addresses/default gw/dns stuff remains untouched.

In New Central there is no option to "Keep existing configuration" and all existing configuration including ip address of switch will be deleted... How this kind of situation should be handled in CNX where 3rd party is installs devices and initial configuration from usb, there is no dhcp mgmt network and vlan 1 L3 is removed by default. 
How do I pre-configure ip addresses to devices beforehand so that I don't need console connection to device to fix missing configuration?

------------------------------
Jori Luoto
AV-IT Specialist
Audico Systems oy
------------------------------

Hello,

End of linked page "Auto-Import of Basic Connectivity Configurations" seems to be false information:
If I onboard switch containing vlan/lag/def route/dns/etc configuration to new central group, all configuration in switch will be overwritten by configurations from central.

Tested that today with old central (which was doing thing right importing data to central) and new central (which was overwriting all configurations in switch losing connectivity because of overwrite) If I need to remove "vid 101" configuration from new central to do "auto-impoort", there is need to always remember to NOT to add vid 101 there because it will be overwritten in switches losing connectivity again.

As I wrote our plan is to order switches directly to installation site, do physical installation, do fw upgrade from usb and after upgrade run usb ztp and use switch serial number specific configuration using our asset data containing hostname/control vid/def gw/dns/ntp/lag configurations ready there and then connection to preconfigured core which connects to preconfigured fw and wan... That sounds that if classic central will go away and development path in new central remains same I'm in deep s...

------------------------------
Pavan Arshewar
Technical Lead Aruba ERT


If my post addresses your query, give kudos!
Note: Please note that the views, opinions, and statements expressed are solely my own and are provided in my personal capacity. They do not represent, reflect, or bind the Aruba HPE Networking in any manner.

Original Message:
Sent: Feb 23, 2026 09:03 AM
From: JL24
Subject: New Central/CNX and initial switch onboarding...

Hello,

I just made POC where I created basic configuration to switches using USB (ZT)P (needed to do firmware update first from cli because lack of usb ztp support in out-of-box firmware... But anyway)
Idea is to send switches to installation site in cardboard boxes and when people installs them to racks, they will use given usb stick to install basic configuration to switches.
Basic configuration removes vlan 1 L3 interface and create separate control vlan 101 having static ip plus proper routing/DNS server addresses/hostnames/lag configurations to bring system alive when switches are connected to core. 

In Classic Central I can onboard & move switch described above to proper device group using "Keep existing sw configuration" and switch will get group's configurations and apped them to existing configuration and ip addresses/default gw/dns stuff remains untouched.

In New Central there is no option to "Keep existing configuration" and all existing configuration including ip address of switch will be deleted... How this kind of situation should be handled in CNX where 3rd party is installs devices and initial configuration from usb, there is no dhcp mgmt network and vlan 1 L3 is removed by default. 
How do I pre-configure ip addresses to devices beforehand so that I don't need console connection to device to fix missing configuration?

------------------------------
Jori Luoto
AV-IT Specialist
Audico Systems oy
------------------------------

Who told you that Classic Central is going away for configuration? I haven't seen such official communication.

Sounds to me that a workflow where you put/prepare the configuration in a management system instead of on a customized USB stick, it's more clean; it just needs a different approach. It may be good to speak/work with your local HPE Networking SE to explore the best workflow for the longer term.

Hello,

End of linked page "Auto-Import of Basic Connectivity Configurations" seems to be false information:
If I onboard switch containing vlan/lag/def route/dns/etc configuration to new central group, all configuration in switch will be overwritten by configurations from central.

Tested that today with old central (which was doing thing right importing data to central) and new central (which was overwriting all configurations in switch losing connectivity because of overwrite) If I need to remove "vid 101" configuration from new central to do "auto-impoort", there is need to always remember to NOT to add vid 101 there because it will be overwritten in switches losing connectivity again.

As I wrote our plan is to order switches directly to installation site, do physical installation, do fw upgrade from usb and after upgrade run usb ztp and use switch serial number specific configuration using our asset data containing hostname/control vid/def gw/dns/ntp/lag configurations ready there and then connection to preconfigured core which connects to preconfigured fw and wan... That sounds that if classic central will go away and development path in new central remains same I'm in deep s...

------------------------------
Pavan Arshewar
Technical Lead Aruba ERT


If my post addresses your query, give kudos!
Note: Please note that the views, opinions, and statements expressed are solely my own and are provided in my personal capacity. They do not represent, reflect, or bind the Aruba HPE Networking in any manner.

Original Message:
Sent: Feb 23, 2026 09:03 AM
From: JL24
Subject: New Central/CNX and initial switch onboarding...

Hello,

I just made POC where I created basic configuration to switches using USB (ZT)P (needed to do firmware update first from cli because lack of usb ztp support in out-of-box firmware... But anyway)
Idea is to send switches to installation site in cardboard boxes and when people installs them to racks, they will use given usb stick to install basic configuration to switches.
Basic configuration removes vlan 1 L3 interface and create separate control vlan 101 having static ip plus proper routing/DNS server addresses/hostnames/lag configurations to bring system alive when switches are connected to core. 

In Classic Central I can onboard & move switch described above to proper device group using "Keep existing sw configuration" and switch will get group's configurations and apped them to existing configuration and ip addresses/default gw/dns stuff remains untouched.

In New Central there is no option to "Keep existing configuration" and all existing configuration including ip address of switch will be deleted... How this kind of situation should be handled in CNX where 3rd party is installs devices and initial configuration from usb, there is no dhcp mgmt network and vlan 1 L3 is removed by default. 
How do I pre-configure ip addresses to devices beforehand so that I don't need console connection to device to fix missing configuration?

------------------------------
Jori Luoto
AV-IT Specialist
Audico Systems oy
------------------------------

Hello,

End of linked page "Auto-Import of Basic Connectivity Configurations" seems to be false information:
If I onboard switch containing vlan/lag/def route/dns/etc configuration to new central group, all configuration in switch will be overwritten by configurations from central.

Tested that today with old central (which was doing thing right importing data to central) and new central (which was overwriting all configurations in switch losing connectivity because of overwrite) If I need to remove "vid 101" configuration from new central to do "auto-impoort", there is need to always remember to NOT to add vid 101 there because it will be overwritten in switches losing connectivity again.

As I wrote our plan is to order switches directly to installation site, do physical installation, do fw upgrade from usb and after upgrade run usb ztp and use switch serial number specific configuration using our asset data containing hostname/control vid/def gw/dns/ntp/lag configurations ready there and then connection to preconfigured core which connects to preconfigured fw and wan... That sounds that if classic central will go away and development path in new central remains same I'm in deep s...

------------------------------
Pavan Arshewar
Technical Lead Aruba ERT


If my post addresses your query, give kudos!
Note: Please note that the views, opinions, and statements expressed are solely my own and are provided in my personal capacity. They do not represent, reflect, or bind the Aruba HPE Networking in any manner.

Original Message:
Sent: Feb 23, 2026 09:03 AM
From: JL24
Subject: New Central/CNX and initial switch onboarding...

Hello,

I just made POC where I created basic configuration to switches using USB (ZT)P (needed to do firmware update first from cli because lack of usb ztp support in out-of-box firmware... But anyway)
Idea is to send switches to installation site in cardboard boxes and when people installs them to racks, they will use given usb stick to install basic configuration to switches.
Basic configuration removes vlan 1 L3 interface and create separate control vlan 101 having static ip plus proper routing/DNS server addresses/hostnames/lag configurations to bring system alive when switches are connected to core. 

In Classic Central I can onboard & move switch described above to proper device group using "Keep existing sw configuration" and switch will get group's configurations and apped them to existing configuration and ip addresses/default gw/dns stuff remains untouched.

In New Central there is no option to "Keep existing configuration" and all existing configuration including ip address of switch will be deleted... How this kind of situation should be handled in CNX where 3rd party is installs devices and initial configuration from usb, there is no dhcp mgmt network and vlan 1 L3 is removed by default. 
How do I pre-configure ip addresses to devices beforehand so that I don't need console connection to device to fix missing configuration?

------------------------------
Jori Luoto
AV-IT Specialist
Audico Systems oy
------------------------------

Hi Jori,

Currently this is the limitation in new central, in future release we may provide support to keep sw configuration while onboarding. For more details on this I would encourage you to follow up with your Aruba Account manager.

Hello,

End of linked page "Auto-Import of Basic Connectivity Configurations" seems to be false information:
If I onboard switch containing vlan/lag/def route/dns/etc configuration to new central group, all configuration in switch will be overwritten by configurations from central.

Tested that today with old central (which was doing thing right importing data to central) and new central (which was overwriting all configurations in switch losing connectivity because of overwrite) If I need to remove "vid 101" configuration from new central to do "auto-impoort", there is need to always remember to NOT to add vid 101 there because it will be overwritten in switches losing connectivity again.

As I wrote our plan is to order switches directly to installation site, do physical installation, do fw upgrade from usb and after upgrade run usb ztp and use switch serial number specific configuration using our asset data containing hostname/control vid/def gw/dns/ntp/lag configurations ready there and then connection to preconfigured core which connects to preconfigured fw and wan... That sounds that if classic central will go away and development path in new central remains same I'm in deep s...

------------------------------
Pavan Arshewar
Technical Lead Aruba ERT


If my post addresses your query, give kudos!
Note: Please note that the views, opinions, and statements expressed are solely my own and are provided in my personal capacity. They do not represent, reflect, or bind the Aruba HPE Networking in any manner.

Original Message:
Sent: Feb 23, 2026 09:03 AM
From: JL24
Subject: New Central/CNX and initial switch onboarding...

Hello,

I just made POC where I created basic configuration to switches using USB (ZT)P (needed to do firmware update first from cli because lack of usb ztp support in out-of-box firmware... But anyway)
Idea is to send switches to installation site in cardboard boxes and when people installs them to racks, they will use given usb stick to install basic configuration to switches.
Basic configuration removes vlan 1 L3 interface and create separate control vlan 101 having static ip plus proper routing/DNS server addresses/hostnames/lag configurations to bring system alive when switches are connected to core. 

In Classic Central I can onboard & move switch described above to proper device group using "Keep existing sw configuration" and switch will get group's configurations and apped them to existing configuration and ip addresses/default gw/dns stuff remains untouched.

In New Central there is no option to "Keep existing configuration" and all existing configuration including ip address of switch will be deleted... How this kind of situation should be handled in CNX where 3rd party is installs devices and initial configuration from usb, there is no dhcp mgmt network and vlan 1 L3 is removed by default. 
How do I pre-configure ip addresses to devices beforehand so that I don't need console connection to device to fix missing configuration?

------------------------------
Jori Luoto
AV-IT Specialist
Audico Systems oy
------------------------------

"...in future release we may provide support..." 

Yet another uncertainty factor...

Hi Jori,

Currently this is the limitation in new central, in future release we may provide support to keep sw configuration while onboarding. For more details on this I would encourage you to follow up with your Aruba Account manager.

Hello,

End of linked page "Auto-Import of Basic Connectivity Configurations" seems to be false information:
If I onboard switch containing vlan/lag/def route/dns/etc configuration to new central group, all configuration in switch will be overwritten by configurations from central.

Tested that today with old central (which was doing thing right importing data to central) and new central (which was overwriting all configurations in switch losing connectivity because of overwrite) If I need to remove "vid 101" configuration from new central to do "auto-impoort", there is need to always remember to NOT to add vid 101 there because it will be overwritten in switches losing connectivity again.

As I wrote our plan is to order switches directly to installation site, do physical installation, do fw upgrade from usb and after upgrade run usb ztp and use switch serial number specific configuration using our asset data containing hostname/control vid/def gw/dns/ntp/lag configurations ready there and then connection to preconfigured core which connects to preconfigured fw and wan... That sounds that if classic central will go away and development path in new central remains same I'm in deep s...

------------------------------
Pavan Arshewar
Technical Lead Aruba ERT


If my post addresses your query, give kudos!
Note: Please note that the views, opinions, and statements expressed are solely my own and are provided in my personal capacity. They do not represent, reflect, or bind the Aruba HPE Networking in any manner.

Original Message:
Sent: Feb 23, 2026 09:03 AM
From: JL24
Subject: New Central/CNX and initial switch onboarding...

Hello,

I just made POC where I created basic configuration to switches using USB (ZT)P (needed to do firmware update first from cli because lack of usb ztp support in out-of-box firmware... But anyway)
Idea is to send switches to installation site in cardboard boxes and when people installs them to racks, they will use given usb stick to install basic configuration to switches.
Basic configuration removes vlan 1 L3 interface and create separate control vlan 101 having static ip plus proper routing/DNS server addresses/hostnames/lag configurations to bring system alive when switches are connected to core. 

In Classic Central I can onboard & move switch described above to proper device group using "Keep existing sw configuration" and switch will get group's configurations and apped them to existing configuration and ip addresses/default gw/dns stuff remains untouched.

In New Central there is no option to "Keep existing configuration" and all existing configuration including ip address of switch will be deleted... How this kind of situation should be handled in CNX where 3rd party is installs devices and initial configuration from usb, there is no dhcp mgmt network and vlan 1 L3 is removed by default. 
How do I pre-configure ip addresses to devices beforehand so that I don't need console connection to device to fix missing configuration?

------------------------------
Jori Luoto
AV-IT Specialist
Audico Systems oy
------------------------------

Hello,

I just made POC where I created basic configuration to switches using USB (ZT)P (needed to do firmware update first from cli because lack of usb ztp support in out-of-box firmware... But anyway)
Idea is to send switches to installation site in cardboard boxes and when people installs them to racks, they will use given usb stick to install basic configuration to switches.
Basic configuration removes vlan 1 L3 interface and create separate control vlan 101 having static ip plus proper routing/DNS server addresses/hostnames/lag configurations to bring system alive when switches are connected to core. 

In Classic Central I can onboard & move switch described above to proper device group using "Keep existing sw configuration" and switch will get group's configurations and apped them to existing configuration and ip addresses/default gw/dns stuff remains untouched.

In New Central there is no option to "Keep existing configuration" and all existing configuration including ip address of switch will be deleted... How this kind of situation should be handled in CNX where 3rd party is installs devices and initial configuration from usb, there is no dhcp mgmt network and vlan 1 L3 is removed by default. 
How do I pre-configure ip addresses to devices beforehand so that I don't need console connection to device to fix missing configuration?

I think you are hitting the current New Central + Switches = No-go problem.

Any switches managed from New Central i my opinion should/needs to be managed using a dedicated OOB management interface linked to a separate management Network. 
It's quite simply not "workable" to manage switches in New Central via VLAN SVI interfaces due to the way New central applies config changes.
It applies config linie by line instead of uploading a combined config file and enabling that as running-config at our command (pressing sync/apply). This causes complete havoc and loss of connection/rollback when manipulating IP interfaces, routes, uplink interfaces and such.
This means you cannot onboard switches with VLAN SVI managament interfaces without several "manual" steps pr switch because you will loose connection to the switch on it's former management/ztp interface. Also, once you have management setup via a VLAN SVI you need to VERY carefully about touching the actual Uplink L2/L3 interface and routing/dns with new config (fx. A port profile or such).  
Examples are many but New Central fx. Starts many config profile operations by "cleaning the config" and applyying the new - almost same - config.
This will cause loss of Central connectivity, and nothing new is ever applied if it pertains to the management link (Interface/SVI/VRF). Sometimes it will roll back, sometimes you need to get your console cable out on location. So you cannot fx. Apply a standard "Uplink" port profile to the actual uplink port - it will never complete and be stuck in a catch22 deleting, lossing connectivty and sometimes attempt rollback.

Classic has some of these problems as well, but you can to some extent control that using multiple steps in the CLI editor.

I am more and more concluding New Central is not for me and my customers when it comes to switch config. It really needs a lot new features, and workarounds to become "usable" in real life. I like the idea though, so one day when it's mature and all my customers has a separate OOB management network in place……. 

Hello,

I just made POC where I created basic configuration to switches using USB (ZT)P (needed to do firmware update first from cli because lack of usb ztp support in out-of-box firmware... But anyway)
Idea is to send switches to installation site in cardboard boxes and when people installs them to racks, they will use given usb stick to install basic configuration to switches.
Basic configuration removes vlan 1 L3 interface and create separate control vlan 101 having static ip plus proper routing/DNS server addresses/hostnames/lag configurations to bring system alive when switches are connected to core. 

In Classic Central I can onboard & move switch described above to proper device group using "Keep existing sw configuration" and switch will get group's configurations and apped them to existing configuration and ip addresses/default gw/dns stuff remains untouched.

In New Central there is no option to "Keep existing configuration" and all existing configuration including ip address of switch will be deleted... How this kind of situation should be handled in CNX where 3rd party is installs devices and initial configuration from usb, there is no dhcp mgmt network and vlan 1 L3 is removed by default. 
How do I pre-configure ip addresses to devices beforehand so that I don't need console connection to device to fix missing configuration?

I think you are hitting the current New Central + Switches = No-go problem.

Any switches managed from New Central i my opinion should/needs to be managed using a dedicated OOB management interface linked to a separate management Network. 
It's quite simply not "workable" to manage switches in New Central via VLAN SVI interfaces due to the way New central applies config changes.
It applies config linie by line instead of uploading a combined config file and enabling that as running-config at our command (pressing sync/apply). This causes complete havoc and loss of connection/rollback when manipulating IP interfaces, routes, uplink interfaces and such.
This means you cannot onboard switches with VLAN SVI managament interfaces without several "manual" steps pr switch because you will loose connection to the switch on it's former management/ztp interface. Also, once you have management setup via a VLAN SVI you need to VERY carefully about touching the actual Uplink L2/L3 interface and routing/dns with new config (fx. A port profile or such).  
Examples are many but New Central fx. Starts many config profile operations by "cleaning the config" and applyying the new - almost same - config.
This will cause loss of Central connectivity, and nothing new is ever applied if it pertains to the management link (Interface/SVI/VRF). Sometimes it will roll back, sometimes you need to get your console cable out on location. So you cannot fx. Apply a standard "Uplink" port profile to the actual uplink port - it will never complete and be stuck in a catch22 deleting, lossing connectivty and sometimes attempt rollback.

Classic has some of these problems as well, but you can to some extent control that using multiple steps in the CLI editor.

I am more and more concluding New Central is not for me and my customers when it comes to switch config. It really needs a lot new features, and workarounds to become "usable" in real life. I like the idea though, so one day when it's mature and all my customers has a separate OOB management network in place……. 

Hello,

I just made POC where I created basic configuration to switches using USB (ZT)P (needed to do firmware update first from cli because lack of usb ztp support in out-of-box firmware... But anyway)
Idea is to send switches to installation site in cardboard boxes and when people installs them to racks, they will use given usb stick to install basic configuration to switches.
Basic configuration removes vlan 1 L3 interface and create separate control vlan 101 having static ip plus proper routing/DNS server addresses/hostnames/lag configurations to bring system alive when switches are connected to core. 

In Classic Central I can onboard & move switch described above to proper device group using "Keep existing sw configuration" and switch will get group's configurations and apped them to existing configuration and ip addresses/default gw/dns stuff remains untouched.

In New Central there is no option to "Keep existing configuration" and all existing configuration including ip address of switch will be deleted... How this kind of situation should be handled in CNX where 3rd party is installs devices and initial configuration from usb, there is no dhcp mgmt network and vlan 1 L3 is removed by default. 
How do I pre-configure ip addresses to devices beforehand so that I don't need console connection to device to fix missing configuration?

Hi,

I really hesitate to stay with classic central for VSX. We onboard two 8360 throught the OOBM interface and try to "migrate" to VSX configuration with keepalive on OOBM and in-band management on a SVI and it doesn't work. I don't know if someone has already done this with New Central but we have a lot a problem and finally loose connection..Sometimes switches rollback or the rollback doesn't work, take a long time for giving access from central, loose IP configuration on OOBM, don't download configuration with central "activated", it's really a mess to undertsand what's wrong.

I think you are hitting the current New Central + Switches = No-go problem.

Any switches managed from New Central i my opinion should/needs to be managed using a dedicated OOB management interface linked to a separate management Network. 
It's quite simply not "workable" to manage switches in New Central via VLAN SVI interfaces due to the way New central applies config changes.
It applies config linie by line instead of uploading a combined config file and enabling that as running-config at our command (pressing sync/apply). This causes complete havoc and loss of connection/rollback when manipulating IP interfaces, routes, uplink interfaces and such.
This means you cannot onboard switches with VLAN SVI managament interfaces without several "manual" steps pr switch because you will loose connection to the switch on it's former management/ztp interface. Also, once you have management setup via a VLAN SVI you need to VERY carefully about touching the actual Uplink L2/L3 interface and routing/dns with new config (fx. A port profile or such).  
Examples are many but New Central fx. Starts many config profile operations by "cleaning the config" and applyying the new - almost same - config.
This will cause loss of Central connectivity, and nothing new is ever applied if it pertains to the management link (Interface/SVI/VRF). Sometimes it will roll back, sometimes you need to get your console cable out on location. So you cannot fx. Apply a standard "Uplink" port profile to the actual uplink port - it will never complete and be stuck in a catch22 deleting, lossing connectivty and sometimes attempt rollback.

Classic has some of these problems as well, but you can to some extent control that using multiple steps in the CLI editor.

I am more and more concluding New Central is not for me and my customers when it comes to switch config. It really needs a lot new features, and workarounds to become "usable" in real life. I like the idea though, so one day when it's mature and all my customers has a separate OOB management network in place……. 

Hello,

I just made POC where I created basic configuration to switches using USB (ZT)P (needed to do firmware update first from cli because lack of usb ztp support in out-of-box firmware... But anyway)
Idea is to send switches to installation site in cardboard boxes and when people installs them to racks, they will use given usb stick to install basic configuration to switches.
Basic configuration removes vlan 1 L3 interface and create separate control vlan 101 having static ip plus proper routing/DNS server addresses/hostnames/lag configurations to bring system alive when switches are connected to core. 

In Classic Central I can onboard & move switch described above to proper device group using "Keep existing sw configuration" and switch will get group's configurations and apped them to existing configuration and ip addresses/default gw/dns stuff remains untouched.

In New Central there is no option to "Keep existing configuration" and all existing configuration including ip address of switch will be deleted... How this kind of situation should be handled in CNX where 3rd party is installs devices and initial configuration from usb, there is no dhcp mgmt network and vlan 1 L3 is removed by default. 
How do I pre-configure ip addresses to devices beforehand so that I don't need console connection to device to fix missing configuration?

Hi,

I really hesitate to stay with classic central for VSX. We onboard two 8360 throught the OOBM interface and try to "migrate" to VSX configuration with keepalive on OOBM and in-band management on a SVI and it doesn't work. I don't know if someone has already done this with New Central but we have a lot a problem and finally loose connection..Sometimes switches rollback or the rollback doesn't work, take a long time for giving access from central, loose IP configuration on OOBM, don't download configuration with central "activated", it's really a mess to undertsand what's wrong.

I think you are hitting the current New Central + Switches = No-go problem.

Any switches managed from New Central i my opinion should/needs to be managed using a dedicated OOB management interface linked to a separate management Network. 
It's quite simply not "workable" to manage switches in New Central via VLAN SVI interfaces due to the way New central applies config changes.
It applies config linie by line instead of uploading a combined config file and enabling that as running-config at our command (pressing sync/apply). This causes complete havoc and loss of connection/rollback when manipulating IP interfaces, routes, uplink interfaces and such.
This means you cannot onboard switches with VLAN SVI managament interfaces without several "manual" steps pr switch because you will loose connection to the switch on it's former management/ztp interface. Also, once you have management setup via a VLAN SVI you need to VERY carefully about touching the actual Uplink L2/L3 interface and routing/dns with new config (fx. A port profile or such).  
Examples are many but New Central fx. Starts many config profile operations by "cleaning the config" and applyying the new - almost same - config.
This will cause loss of Central connectivity, and nothing new is ever applied if it pertains to the management link (Interface/SVI/VRF). Sometimes it will roll back, sometimes you need to get your console cable out on location. So you cannot fx. Apply a standard "Uplink" port profile to the actual uplink port - it will never complete and be stuck in a catch22 deleting, lossing connectivty and sometimes attempt rollback.

Classic has some of these problems as well, but you can to some extent control that using multiple steps in the CLI editor.

I am more and more concluding New Central is not for me and my customers when it comes to switch config. It really needs a lot new features, and workarounds to become "usable" in real life. I like the idea though, so one day when it's mature and all my customers has a separate OOB management network in place……. 

Hello,

I just made POC where I created basic configuration to switches using USB (ZT)P (needed to do firmware update first from cli because lack of usb ztp support in out-of-box firmware... But anyway)
Idea is to send switches to installation site in cardboard boxes and when people installs them to racks, they will use given usb stick to install basic configuration to switches.
Basic configuration removes vlan 1 L3 interface and create separate control vlan 101 having static ip plus proper routing/DNS server addresses/hostnames/lag configurations to bring system alive when switches are connected to core. 

In Classic Central I can onboard & move switch described above to proper device group using "Keep existing sw configuration" and switch will get group's configurations and apped them to existing configuration and ip addresses/default gw/dns stuff remains untouched.

In New Central there is no option to "Keep existing configuration" and all existing configuration including ip address of switch will be deleted... How this kind of situation should be handled in CNX where 3rd party is installs devices and initial configuration from usb, there is no dhcp mgmt network and vlan 1 L3 is removed by default. 
How do I pre-configure ip addresses to devices beforehand so that I don't need console connection to device to fix missing configuration?

Acknowledge the feedback. We will investigate and check if there is product changes or a workflow that can be done to make this seamless.  Do you have any tac case open . Is it ok if we reach out to you in case we need more details or logs.

Hi,

I really hesitate to stay with classic central for VSX. We onboard two 8360 throught the OOBM interface and try to "migrate" to VSX configuration with keepalive on OOBM and in-band management on a SVI and it doesn't work. I don't know if someone has already done this with New Central but we have a lot a problem and finally loose connection..Sometimes switches rollback or the rollback doesn't work, take a long time for giving access from central, loose IP configuration on OOBM, don't download configuration with central "activated", it's really a mess to undertsand what's wrong.

I think you are hitting the current New Central + Switches = No-go problem.

Any switches managed from New Central i my opinion should/needs to be managed using a dedicated OOB management interface linked to a separate management Network. 
It's quite simply not "workable" to manage switches in New Central via VLAN SVI interfaces due to the way New central applies config changes.
It applies config linie by line instead of uploading a combined config file and enabling that as running-config at our command (pressing sync/apply). This causes complete havoc and loss of connection/rollback when manipulating IP interfaces, routes, uplink interfaces and such.
This means you cannot onboard switches with VLAN SVI managament interfaces without several "manual" steps pr switch because you will loose connection to the switch on it's former management/ztp interface. Also, once you have management setup via a VLAN SVI you need to VERY carefully about touching the actual Uplink L2/L3 interface and routing/dns with new config (fx. A port profile or such).  
Examples are many but New Central fx. Starts many config profile operations by "cleaning the config" and applyying the new - almost same - config.
This will cause loss of Central connectivity, and nothing new is ever applied if it pertains to the management link (Interface/SVI/VRF). Sometimes it will roll back, sometimes you need to get your console cable out on location. So you cannot fx. Apply a standard "Uplink" port profile to the actual uplink port - it will never complete and be stuck in a catch22 deleting, lossing connectivty and sometimes attempt rollback.

Classic has some of these problems as well, but you can to some extent control that using multiple steps in the CLI editor.

I am more and more concluding New Central is not for me and my customers when it comes to switch config. It really needs a lot new features, and workarounds to become "usable" in real life. I like the idea though, so one day when it's mature and all my customers has a separate OOB management network in place……. 

Hello,

I just made POC where I created basic configuration to switches using USB (ZT)P (needed to do firmware update first from cli because lack of usb ztp support in out-of-box firmware... But anyway)
Idea is to send switches to installation site in cardboard boxes and when people installs them to racks, they will use given usb stick to install basic configuration to switches.
Basic configuration removes vlan 1 L3 interface and create separate control vlan 101 having static ip plus proper routing/DNS server addresses/hostnames/lag configurations to bring system alive when switches are connected to core. 

In Classic Central I can onboard & move switch described above to proper device group using "Keep existing sw configuration" and switch will get group's configurations and apped them to existing configuration and ip addresses/default gw/dns stuff remains untouched.

In New Central there is no option to "Keep existing configuration" and all existing configuration including ip address of switch will be deleted... How this kind of situation should be handled in CNX where 3rd party is installs devices and initial configuration from usb, there is no dhcp mgmt network and vlan 1 L3 is removed by default. 
How do I pre-configure ip addresses to devices beforehand so that I don't need console connection to device to fix missing configuration?

If you are addressing me, you're always welcome to reach out as I would be happy to help/further explain the catch22 problem in CNX/Switches setups.

But I don't have logs or something running apart from my own test setup, because I have given up migrating switches to CNX at my customers. 
I'm missing critical ACL features, and this management catch22 makes it VERY problematic as they do not have a separate management network. 
Even migration from classic will require visiting every switch with a console cable or a temporary uplink as the profiles in CNX will hit a catch22 and disconnect when being applied to a classic central switch managed using a SVI interface.

Acknowledge the feedback. We will investigate and check if there is product changes or a workflow that can be done to make this seamless.  Do you have any tac case open . Is it ok if we reach out to you in case we need more details or logs.

Hi,

I really hesitate to stay with classic central for VSX. We onboard two 8360 throught the OOBM interface and try to "migrate" to VSX configuration with keepalive on OOBM and in-band management on a SVI and it doesn't work. I don't know if someone has already done this with New Central but we have a lot a problem and finally loose connection..Sometimes switches rollback or the rollback doesn't work, take a long time for giving access from central, loose IP configuration on OOBM, don't download configuration with central "activated", it's really a mess to undertsand what's wrong.

I think you are hitting the current New Central + Switches = No-go problem.

Any switches managed from New Central i my opinion should/needs to be managed using a dedicated OOB management interface linked to a separate management Network. 
It's quite simply not "workable" to manage switches in New Central via VLAN SVI interfaces due to the way New central applies config changes.
It applies config linie by line instead of uploading a combined config file and enabling that as running-config at our command (pressing sync/apply). This causes complete havoc and loss of connection/rollback when manipulating IP interfaces, routes, uplink interfaces and such.
This means you cannot onboard switches with VLAN SVI managament interfaces without several "manual" steps pr switch because you will loose connection to the switch on it's former management/ztp interface. Also, once you have management setup via a VLAN SVI you need to VERY carefully about touching the actual Uplink L2/L3 interface and routing/dns with new config (fx. A port profile or such).  
Examples are many but New Central fx. Starts many config profile operations by "cleaning the config" and applyying the new - almost same - config.
This will cause loss of Central connectivity, and nothing new is ever applied if it pertains to the management link (Interface/SVI/VRF). Sometimes it will roll back, sometimes you need to get your console cable out on location. So you cannot fx. Apply a standard "Uplink" port profile to the actual uplink port - it will never complete and be stuck in a catch22 deleting, lossing connectivty and sometimes attempt rollback.

Classic has some of these problems as well, but you can to some extent control that using multiple steps in the CLI editor.

I am more and more concluding New Central is not for me and my customers when it comes to switch config. It really needs a lot new features, and workarounds to become "usable" in real life. I like the idea though, so one day when it's mature and all my customers has a separate OOB management network in place……. 

Hello,

I just made POC where I created basic configuration to switches using USB (ZT)P (needed to do firmware update first from cli because lack of usb ztp support in out-of-box firmware... But anyway)
Idea is to send switches to installation site in cardboard boxes and when people installs them to racks, they will use given usb stick to install basic configuration to switches.
Basic configuration removes vlan 1 L3 interface and create separate control vlan 101 having static ip plus proper routing/DNS server addresses/hostnames/lag configurations to bring system alive when switches are connected to core. 

In Classic Central I can onboard & move switch described above to proper device group using "Keep existing sw configuration" and switch will get group's configurations and apped them to existing configuration and ip addresses/default gw/dns stuff remains untouched.

In New Central there is no option to "Keep existing configuration" and all existing configuration including ip address of switch will be deleted... How this kind of situation should be handled in CNX where 3rd party is installs devices and initial configuration from usb, there is no dhcp mgmt network and vlan 1 L3 is removed by default. 
How do I pre-configure ip addresses to devices beforehand so that I don't need console connection to device to fix missing configuration?

This  was addressed to both @Keyser and @StfObs as you have experienced this problem.

Our engineering team is currently investigating the problem and has identified a few issues. We will share an update once they are resolved.

In the meantime, if you have the initial configuration during  on-boarding and the target configuration that you want to get to causing the issue, please share them for validation. You can post a sample configuration here or send it to me via DM.

------------------------------
-Mubeesh

Original Message:
Sent: Mar 17, 2026 06:16 AM
From: Keyser
Subject: New Central/CNX and initial switch onboarding...

If you are addressing me, you're always welcome to reach out as I would be happy to help/further explain the catch22 problem in CNX/Switches setups.

But I don't have logs or something running apart from my own test setup, because I have given up migrating switches to CNX at my customers. 
I'm missing critical ACL features, and this management catch22 makes it VERY problematic as they do not have a separate management network. 
Even migration from classic will require visiting every switch with a console cable or a temporary uplink as the profiles in CNX will hit a catch22 and disconnect when being applied to a classic central switch managed using a SVI interface.

Original Message:
Sent: Mar 17, 2026 05:51 AM
From: mubeesh
Subject: New Central/CNX and initial switch onboarding...

Acknowledge the feedback. We will investigate and check if there is product changes or a workflow that can be done to make this seamless.  Do you have any tac case open . Is it ok if we reach out to you in case we need more details or logs.

------------------------------
-Mubeesh

Original Message:
Sent: Mar 16, 2026 06:02 PM
From: StfObs
Subject: New Central/CNX and initial switch onboarding...

Hi,

I really hesitate to stay with classic central for VSX. We onboard two 8360 throught the OOBM interface and try to "migrate" to VSX configuration with keepalive on OOBM and in-band management on a SVI and it doesn't work. I don't know if someone has already done this with New Central but we have a lot a problem and finally loose connection..Sometimes switches rollback or the rollback doesn't work, take a long time for giving access from central, loose IP configuration on OOBM, don't download configuration with central "activated", it's really a mess to undertsand what's wrong.

Original Message:
Sent: Mar 02, 2026 05:05 PM
From: Keyser
Subject: New Central/CNX and initial switch onboarding...

I think you are hitting the current New Central + Switches = No-go problem.

Any switches managed from New Central i my opinion should/needs to be managed using a dedicated OOB management interface linked to a separate management Network. 
It's quite simply not "workable" to manage switches in New Central via VLAN SVI interfaces due to the way New central applies config changes.
It applies config linie by line instead of uploading a combined config file and enabling that as running-config at our command (pressing sync/apply). This causes complete havoc and loss of connection/rollback when manipulating IP interfaces, routes, uplink interfaces and such.
This means you cannot onboard switches with VLAN SVI managament interfaces without several "manual" steps pr switch because you will loose connection to the switch on it's former management/ztp interface. Also, once you have management setup via a VLAN SVI you need to VERY carefully about touching the actual Uplink L2/L3 interface and routing/dns with new config (fx. A port profile or such).  
Examples are many but New Central fx. Starts many config profile operations by "cleaning the config" and applyying the new - almost same - config.
This will cause loss of Central connectivity, and nothing new is ever applied if it pertains to the management link (Interface/SVI/VRF). Sometimes it will roll back, sometimes you need to get your console cable out on location. So you cannot fx. Apply a standard "Uplink" port profile to the actual uplink port - it will never complete and be stuck in a catch22 deleting, lossing connectivty and sometimes attempt rollback.

Classic has some of these problems as well, but you can to some extent control that using multiple steps in the CLI editor.

I am more and more concluding New Central is not for me and my customers when it comes to switch config. It really needs a lot new features, and workarounds to become "usable" in real life. I like the idea though, so one day when it's mature and all my customers has a separate OOB management network in place……. 

Original Message:
Sent: Feb 23, 2026 09:03 AM
From: JL24
Subject: New Central/CNX and initial switch onboarding...

Hello,

I just made POC where I created basic configuration to switches using USB (ZT)P (needed to do firmware update first from cli because lack of usb ztp support in out-of-box firmware... But anyway)
Idea is to send switches to installation site in cardboard boxes and when people installs them to racks, they will use given usb stick to install basic configuration to switches.
Basic configuration removes vlan 1 L3 interface and create separate control vlan 101 having static ip plus proper routing/DNS server addresses/hostnames/lag configurations to bring system alive when switches are connected to core. 

In Classic Central I can onboard & move switch described above to proper device group using "Keep existing sw configuration" and switch will get group's configurations and apped them to existing configuration and ip addresses/default gw/dns stuff remains untouched.

In New Central there is no option to "Keep existing configuration" and all existing configuration including ip address of switch will be deleted... How this kind of situation should be handled in CNX where 3rd party is installs devices and initial configuration from usb, there is no dhcp mgmt network and vlan 1 L3 is removed by default. 
How do I pre-configure ip addresses to devices beforehand so that I don't need console connection to device to fix missing configuration?

------------------------------
Jori Luoto
AV-IT Specialist
Audico Systems oy
------------------------------

@Keyser @StfObs This issue was internally reproduced and is fixed in the March sprint. The IP was being cleared and that is being addressed.

The fix should be rolled out in the next 30 days within the clusters as part of next sprint update.

This  was addressed to both @Keyser and @StfObs as you have experienced this problem.

Our engineering team is currently investigating the problem and has identified a few issues. We will share an update once they are resolved.

In the meantime, if you have the initial configuration during  on-boarding and the target configuration that you want to get to causing the issue, please share them for validation. You can post a sample configuration here or send it to me via DM.

If you are addressing me, you're always welcome to reach out as I would be happy to help/further explain the catch22 problem in CNX/Switches setups.

But I don't have logs or something running apart from my own test setup, because I have given up migrating switches to CNX at my customers. 
I'm missing critical ACL features, and this management catch22 makes it VERY problematic as they do not have a separate management network. 
Even migration from classic will require visiting every switch with a console cable or a temporary uplink as the profiles in CNX will hit a catch22 and disconnect when being applied to a classic central switch managed using a SVI interface.

Acknowledge the feedback. We will investigate and check if there is product changes or a workflow that can be done to make this seamless.  Do you have any tac case open . Is it ok if we reach out to you in case we need more details or logs.

Hi,

I really hesitate to stay with classic central for VSX. We onboard two 8360 throught the OOBM interface and try to "migrate" to VSX configuration with keepalive on OOBM and in-band management on a SVI and it doesn't work. I don't know if someone has already done this with New Central but we have a lot a problem and finally loose connection..Sometimes switches rollback or the rollback doesn't work, take a long time for giving access from central, loose IP configuration on OOBM, don't download configuration with central "activated", it's really a mess to undertsand what's wrong.

I think you are hitting the current New Central + Switches = No-go problem.

Any switches managed from New Central i my opinion should/needs to be managed using a dedicated OOB management interface linked to a separate management Network. 
It's quite simply not "workable" to manage switches in New Central via VLAN SVI interfaces due to the way New central applies config changes.
It applies config linie by line instead of uploading a combined config file and enabling that as running-config at our command (pressing sync/apply). This causes complete havoc and loss of connection/rollback when manipulating IP interfaces, routes, uplink interfaces and such.
This means you cannot onboard switches with VLAN SVI managament interfaces without several "manual" steps pr switch because you will loose connection to the switch on it's former management/ztp interface. Also, once you have management setup via a VLAN SVI you need to VERY carefully about touching the actual Uplink L2/L3 interface and routing/dns with new config (fx. A port profile or such).  
Examples are many but New Central fx. Starts many config profile operations by "cleaning the config" and applyying the new - almost same - config.
This will cause loss of Central connectivity, and nothing new is ever applied if it pertains to the management link (Interface/SVI/VRF). Sometimes it will roll back, sometimes you need to get your console cable out on location. So you cannot fx. Apply a standard "Uplink" port profile to the actual uplink port - it will never complete and be stuck in a catch22 deleting, lossing connectivty and sometimes attempt rollback.

Classic has some of these problems as well, but you can to some extent control that using multiple steps in the CLI editor.

I am more and more concluding New Central is not for me and my customers when it comes to switch config. It really needs a lot new features, and workarounds to become "usable" in real life. I like the idea though, so one day when it's mature and all my customers has a separate OOB management network in place……. 

Hello,

I just made POC where I created basic configuration to switches using USB (ZT)P (needed to do firmware update first from cli because lack of usb ztp support in out-of-box firmware... But anyway)
Idea is to send switches to installation site in cardboard boxes and when people installs them to racks, they will use given usb stick to install basic configuration to switches.
Basic configuration removes vlan 1 L3 interface and create separate control vlan 101 having static ip plus proper routing/DNS server addresses/hostnames/lag configurations to bring system alive when switches are connected to core. 

In Classic Central I can onboard & move switch described above to proper device group using "Keep existing sw configuration" and switch will get group's configurations and apped them to existing configuration and ip addresses/default gw/dns stuff remains untouched.

In New Central there is no option to "Keep existing configuration" and all existing configuration including ip address of switch will be deleted... How this kind of situation should be handled in CNX where 3rd party is installs devices and initial configuration from usb, there is no dhcp mgmt network and vlan 1 L3 is removed by default. 
How do I pre-configure ip addresses to devices beforehand so that I don't need console connection to device to fix missing configuration?

@mubeesh If I understood correctly this "issue" you are talking about is mgmt/oobm issue?

What about more bigger issue why I open this thread?

While importing/deploying switches to CNX (which by the way I cannot do at the moment!!!)
I need way to either keep 100% of configuration which is in switch when it is deployed to CNX or way to pre-configure separate SVI and ip/mask per switch BEFORE CNX even sees device first time!?

------------------------------
Jori Luoto
AV-IT Specialist
Audico Systems oy

Original Message:
Sent: Apr 02, 2026 05:59 AM
From: mubeesh
Subject: New Central/CNX and initial switch onboarding...

@Keyser @StfObs This issue was internally reproduced and is fixed in the March sprint. The IP was being cleared and that is being addressed.

The fix should be rolled out in the next 30 days within the clusters as part of next sprint update.

------------------------------
-Mubeesh

Original Message:
Sent: Mar 20, 2026 01:18 AM
From: mubeesh
Subject: New Central/CNX and initial switch onboarding...

This  was addressed to both @Keyser and @StfObs as you have experienced this problem.

Our engineering team is currently investigating the problem and has identified a few issues. We will share an update once they are resolved.

In the meantime, if you have the initial configuration during  on-boarding and the target configuration that you want to get to causing the issue, please share them for validation. You can post a sample configuration here or send it to me via DM.

------------------------------
-Mubeesh

Original Message:
Sent: Mar 17, 2026 06:16 AM
From: Keyser
Subject: New Central/CNX and initial switch onboarding...

If you are addressing me, you're always welcome to reach out as I would be happy to help/further explain the catch22 problem in CNX/Switches setups.

But I don't have logs or something running apart from my own test setup, because I have given up migrating switches to CNX at my customers. 
I'm missing critical ACL features, and this management catch22 makes it VERY problematic as they do not have a separate management network. 
Even migration from classic will require visiting every switch with a console cable or a temporary uplink as the profiles in CNX will hit a catch22 and disconnect when being applied to a classic central switch managed using a SVI interface.

Original Message:
Sent: Mar 17, 2026 05:51 AM
From: mubeesh
Subject: New Central/CNX and initial switch onboarding...

Acknowledge the feedback. We will investigate and check if there is product changes or a workflow that can be done to make this seamless.  Do you have any tac case open . Is it ok if we reach out to you in case we need more details or logs.

------------------------------
-Mubeesh

Original Message:
Sent: Mar 16, 2026 06:02 PM
From: StfObs
Subject: New Central/CNX and initial switch onboarding...

Hi,

I really hesitate to stay with classic central for VSX. We onboard two 8360 throught the OOBM interface and try to "migrate" to VSX configuration with keepalive on OOBM and in-band management on a SVI and it doesn't work. I don't know if someone has already done this with New Central but we have a lot a problem and finally loose connection..Sometimes switches rollback or the rollback doesn't work, take a long time for giving access from central, loose IP configuration on OOBM, don't download configuration with central "activated", it's really a mess to undertsand what's wrong.

Original Message:
Sent: Mar 02, 2026 05:05 PM
From: Keyser
Subject: New Central/CNX and initial switch onboarding...

I think you are hitting the current New Central + Switches = No-go problem.

Any switches managed from New Central i my opinion should/needs to be managed using a dedicated OOB management interface linked to a separate management Network. 
It's quite simply not "workable" to manage switches in New Central via VLAN SVI interfaces due to the way New central applies config changes.
It applies config linie by line instead of uploading a combined config file and enabling that as running-config at our command (pressing sync/apply). This causes complete havoc and loss of connection/rollback when manipulating IP interfaces, routes, uplink interfaces and such.
This means you cannot onboard switches with VLAN SVI managament interfaces without several "manual" steps pr switch because you will loose connection to the switch on it's former management/ztp interface. Also, once you have management setup via a VLAN SVI you need to VERY carefully about touching the actual Uplink L2/L3 interface and routing/dns with new config (fx. A port profile or such).  
Examples are many but New Central fx. Starts many config profile operations by "cleaning the config" and applyying the new - almost same - config.
This will cause loss of Central connectivity, and nothing new is ever applied if it pertains to the management link (Interface/SVI/VRF). Sometimes it will roll back, sometimes you need to get your console cable out on location. So you cannot fx. Apply a standard "Uplink" port profile to the actual uplink port - it will never complete and be stuck in a catch22 deleting, lossing connectivty and sometimes attempt rollback.

Classic has some of these problems as well, but you can to some extent control that using multiple steps in the CLI editor.

I am more and more concluding New Central is not for me and my customers when it comes to switch config. It really needs a lot new features, and workarounds to become "usable" in real life. I like the idea though, so one day when it's mature and all my customers has a separate OOB management network in place……. 

Original Message:
Sent: Feb 23, 2026 09:03 AM
From: JL24
Subject: New Central/CNX and initial switch onboarding...

Hello,

I just made POC where I created basic configuration to switches using USB (ZT)P (needed to do firmware update first from cli because lack of usb ztp support in out-of-box firmware... But anyway)
Idea is to send switches to installation site in cardboard boxes and when people installs them to racks, they will use given usb stick to install basic configuration to switches.
Basic configuration removes vlan 1 L3 interface and create separate control vlan 101 having static ip plus proper routing/DNS server addresses/hostnames/lag configurations to bring system alive when switches are connected to core. 

In Classic Central I can onboard & move switch described above to proper device group using "Keep existing sw configuration" and switch will get group's configurations and apped them to existing configuration and ip addresses/default gw/dns stuff remains untouched.

In New Central there is no option to "Keep existing configuration" and all existing configuration including ip address of switch will be deleted... How this kind of situation should be handled in CNX where 3rd party is installs devices and initial configuration from usb, there is no dhcp mgmt network and vlan 1 L3 is removed by default. 
How do I pre-configure ip addresses to devices beforehand so that I don't need console connection to device to fix missing configuration?

------------------------------
Jori Luoto
AV-IT Specialist
Audico Systems oy
------------------------------

@Keyser @StfObs This issue  of VSX  onboarding was internally reproduced and is fixed in the March sprint. The IP was being cleared and that is being addressed.

The fix should be rolled out in the next 30 days within the clusters as part of next sprint update.

------------------------------
-Mubeesh

Original Message:
Sent: Mar 20, 2026 01:18 AM
From: mubeesh
Subject: New Central/CNX and initial switch onboarding...

This  was addressed to both @Keyser and @StfObs as you have experienced this problem.

Our engineering team is currently investigating the problem and has identified a few issues. We will share an update once they are resolved.

In the meantime, if you have the initial configuration during  on-boarding and the target configuration that you want to get to causing the issue, please share them for validation. You can post a sample configuration here or send it to me via DM.

------------------------------
-Mubeesh

Original Message:
Sent: Mar 17, 2026 06:16 AM
From: Keyser
Subject: New Central/CNX and initial switch onboarding...

If you are addressing me, you're always welcome to reach out as I would be happy to help/further explain the catch22 problem in CNX/Switches setups.

But I don't have logs or something running apart from my own test setup, because I have given up migrating switches to CNX at my customers. 
I'm missing critical ACL features, and this management catch22 makes it VERY problematic as they do not have a separate management network. 
Even migration from classic will require visiting every switch with a console cable or a temporary uplink as the profiles in CNX will hit a catch22 and disconnect when being applied to a classic central switch managed using a SVI interface.

Original Message:
Sent: Mar 17, 2026 05:51 AM
From: mubeesh
Subject: New Central/CNX and initial switch onboarding...

Acknowledge the feedback. We will investigate and check if there is product changes or a workflow that can be done to make this seamless.  Do you have any tac case open . Is it ok if we reach out to you in case we need more details or logs.

------------------------------
-Mubeesh

Original Message:
Sent: Mar 16, 2026 06:02 PM
From: StfObs
Subject: New Central/CNX and initial switch onboarding...

Hi,

I really hesitate to stay with classic central for VSX. We onboard two 8360 throught the OOBM interface and try to "migrate" to VSX configuration with keepalive on OOBM and in-band management on a SVI and it doesn't work. I don't know if someone has already done this with New Central but we have a lot a problem and finally loose connection..Sometimes switches rollback or the rollback doesn't work, take a long time for giving access from central, loose IP configuration on OOBM, don't download configuration with central "activated", it's really a mess to undertsand what's wrong.

Original Message:
Sent: Mar 02, 2026 05:05 PM
From: Keyser
Subject: New Central/CNX and initial switch onboarding...

I think you are hitting the current New Central + Switches = No-go problem.

Any switches managed from New Central i my opinion should/needs to be managed using a dedicated OOB management interface linked to a separate management Network. 
It's quite simply not "workable" to manage switches in New Central via VLAN SVI interfaces due to the way New central applies config changes.
It applies config linie by line instead of uploading a combined config file and enabling that as running-config at our command (pressing sync/apply). This causes complete havoc and loss of connection/rollback when manipulating IP interfaces, routes, uplink interfaces and such.
This means you cannot onboard switches with VLAN SVI managament interfaces without several "manual" steps pr switch because you will loose connection to the switch on it's former management/ztp interface. Also, once you have management setup via a VLAN SVI you need to VERY carefully about touching the actual Uplink L2/L3 interface and routing/dns with new config (fx. A port profile or such).  
Examples are many but New Central fx. Starts many config profile operations by "cleaning the config" and applyying the new - almost same - config.
This will cause loss of Central connectivity, and nothing new is ever applied if it pertains to the management link (Interface/SVI/VRF). Sometimes it will roll back, sometimes you need to get your console cable out on location. So you cannot fx. Apply a standard "Uplink" port profile to the actual uplink port - it will never complete and be stuck in a catch22 deleting, lossing connectivty and sometimes attempt rollback.

Classic has some of these problems as well, but you can to some extent control that using multiple steps in the CLI editor.

I am more and more concluding New Central is not for me and my customers when it comes to switch config. It really needs a lot new features, and workarounds to become "usable" in real life. I like the idea though, so one day when it's mature and all my customers has a separate OOB management network in place……. 

Original Message:
Sent: Feb 23, 2026 09:03 AM
From: JL24
Subject: New Central/CNX and initial switch onboarding...

Hello,

I just made POC where I created basic configuration to switches using USB (ZT)P (needed to do firmware update first from cli because lack of usb ztp support in out-of-box firmware... But anyway)
Idea is to send switches to installation site in cardboard boxes and when people installs them to racks, they will use given usb stick to install basic configuration to switches.
Basic configuration removes vlan 1 L3 interface and create separate control vlan 101 having static ip plus proper routing/DNS server addresses/hostnames/lag configurations to bring system alive when switches are connected to core. 

In Classic Central I can onboard & move switch described above to proper device group using "Keep existing sw configuration" and switch will get group's configurations and apped them to existing configuration and ip addresses/default gw/dns stuff remains untouched.

In New Central there is no option to "Keep existing configuration" and all existing configuration including ip address of switch will be deleted... How this kind of situation should be handled in CNX where 3rd party is installs devices and initial configuration from usb, there is no dhcp mgmt network and vlan 1 L3 is removed by default. 
How do I pre-configure ip addresses to devices beforehand so that I don't need console connection to device to fix missing configuration?

------------------------------
Jori Luoto
AV-IT Specialist
Audico Systems oy
------------------------------