Differences

This shows you the differences between two versions of the page.

--- aruba_networks:switch:6400:6400_configuration_example_script [2025/02/20 13:28] – aperez
+++ aruba_networks:switch:6400:6400_configuration_example_script [2025/09/12 08:32] (current) – aperez
@@ Line 361: / Line 361: @@
 When IGMP snooping is not enabled, the snooping switch floods multicast packets to all hosts in a VLAN. IGMP L2 snooping switch provides the benefit of conserving bandwidth on those segments of the network where no node has expressed interest in receiving packets addressed to the group address. When IGMP snooping is enabled, the L2 snooping switch forwards multicast packets of known multicast groups to only the receivers.
+====== Multicast — UDP Ports and Recommended Addressing ======
+===== 1. General Concept =====
+* Multicast is based on **IP Multicast addresses (224.0.0.0 – 239.255.255.255)** + **UDP**.
+* **TCP is not applicable to multicast**, only UDP is viable.
+* **UDP ports** define the application/service that uses the multicast group.
+===== 2. Common UDP Ports in Multicast =====
+^ Application / Protocol              ^ Typical Multicast Address ^ UDP Port Used ^
+| **RTP/RTSP (Streaming)**            | 239.x.x.x / 232.x.x.x     | 5004–5005 |
+| **SAP/SDP (Session Announce)**      | 224.2.127.254             | 9875 |
+| **mDNS / AirGroup (Apple)**         | 224.0.0.251               | 5353 |
+| **SSDP / UPnP discovery**           | 239.255.255.250           | 1900 |
+| **NTP (multicast sync)**            | 224.0.1.1                 | 123 |
+| **OSPF (routing)**                  | 224.0.0.5 / 224.0.0.6     | (IP protocol, no UDP) |
+| **PIM / IGMP control**              | 224.0.0.x                 | (no UDP/TCP) |
+| **Videoconferencing (dynamic RTP)** | 239.x.x.x                 | 16384–32767 |
+| **IPTV / DVB**                      | 232.x.x.x / 239.x.x.x     | 5000–5500 |
+| **GDOI/GMS (Key management)**       | 224.0.0.x                 | 848 |
+===== 3. Recommended Addressing =====
+* **Administratively Scoped Range**: **239.0.0.0/8**
+  * Equivalent to “private IP” in multicast (similar to RFC1918 for unicast).
+  * Not routed on the Internet, designed for internal/private use.
+* Within this range it is recommended to:
+  * Allocate blocks **per project or application**, e.g.:
+    * 239.16.0.0/16 → Internal video traffic (e.g., 239.16.x.x).
+    * 239.20.0.0/16 → Telemetry and IoT sensors.
+  * Keep sub-ranges clearly separated to avoid overlap.
+* Avoid local control addresses (224.0.0.x) as they are reserved for routing protocols.
+* For IPTV, streaming, or lab testing, **239.16.x.x** or **239.20.x.x** are valid and safe inside a private network.
+===== 4. Restrictions =====
+* Avoid **reserved or widely used ports**:
+  * 123 (NTP), 1900 (SSDP), 5004 (RTP), 5353 (mDNS), 9875 (SAP).
+* Aruba CX (e.g., 6400) with IGMP Snooping **does not filter by UDP port**, only by multicast IP address.
+* Transport ports matter only for the **end application** (client/server).
+===== 5. Safe Port Recommendations =====
+* **Do not use:** 0–1023 (well-known).
+* **Safe for internal/lab services:**
+  * **20000–29999 UDP** → recommended for internal video/audio streams.
+  * **40000–49999 UDP** → good option for lab testing and telemetry.
+===== 6. Best Practices on Aruba =====
+* Validate group membership with:
+  ``show igmp-snooping groups vlan <ID>``
+* Confirm only interested ports receive traffic:
+  ``show ip igmp interface vlan <ID>``
+* Example:
+  * Group: **239.16.0.2**
+  * UDP Port: **20001**
+  * Traffic will be delivered **only** to ports that issued an **IGMP Join**.
+----
+**Summary:**
+✔ Multicast uses **UDP**.
+✔ Commonly occupied ports include 123, 1900, 5004, 5353, 9875.
+✔ To avoid conflicts, use internal ranges **20000–29999** or **40000–49999**.
+✔ For private addressing, use **239.0.0.0/8** (e.g., 239.16.x.x for video, 239.20.x.x for IoT) and separate per application.
 {{ :aruba_networks:switch:igmp-snooping-overview_603x386.png?600 | }}
@@ Line 1803: / Line 1873: @@
   * **65.535** – reserved.
-**Switch A - 6400:**
+**OSPF**
-  interface loopback 0
+**[[https://arubanetworking.hpe.com/techdocs/AOS-CX/10.15/HTML/ip_route_6300-6400-8100-83xx-9300-10000/Content/Chp_OSPFv2/OSPFv2_cmds/red-osp-10.htm|Redistribute (ospf)]]**
-    ip address 172.22.0.1/32
-  interface loopback 1
-    ip address 172.22.0.2/32
-  router ospf 1
-    router-id 172.22.0.1
-    redistribute bgp
-    area 0.0.0.0
-  router bgp 65010
-    bgp router-id 172.22.0.1
-    neighbor 172.18.0.4 remote-as 65020
-    address-family ipv4 unicast
-        neighbor 172.18.0.4 default-originate
-        neighbor 172.18.0.4 activate
-        network 172.18.0.0/27
-    exit-address-family
-  interface vlan 1
+----
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
+{{ :aruba_networks:switch:6400:ospf_final.png?600 |}}
+----
+================
+**SIDE-A 6400-A**
+================
+  Example set vlan L2 to both SW 6400 A and B:
-  interface vlan 500
+  vlan 508
-  ip ospf 1 area 0.0.0.0
+      name ST
-  ip ospf network point-to-point
+      vsx-sync
+      ip igmp snooping enable
+      ip igmp snooping version 2
+      ip igmp snooping apply access-list mygroup1
+  vsx
+      system-mac 02:01:00:00:01:00
+      inter-switch-link lag 256
+      role primary
+      keepalive peer 192.168.100.2 source 192.168.100.1 vrf keepAlive
+      vsx-sync aaa acl-log-timer bfd-global bgp copp-policy dhcp-relay dhcp-server dns icmp-tcp lldp loop-protect-
+  global mac-lockout mclag-interfaces ospf qos-global route-map sflow-global snmp ssh stp-global time vsx-global
-  interface vlan 501
+  ip route 0.0.0.0/0 172.16.32.4
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
-  interface vlan 505
+  router ospf 1
-  ip ospf 1 area 0.0.0.0
+      router-id 172.22.0.1
-  ip ospf network point-to-point
+      max-metric router-lsa on-startup
+      passive-interface default
+      graceful-restart restart-interval 300
+      trap-enable
+      area 0.0.0.0
-  interface vlan 506
+  interface loopback 0
-  ip ospf 1 area 0.0.0.0
+      ip address 172.22.0.1/32
-  ip ospf network point-to-point
+      ip ospf 1 area 0.0.0.0
-  interface vlan 507
+  vlan 531
-  ip ospf 1 area 0.0.0.0
+      name NORTH-OSPF
-  ip ospf network point-to-point
+      vsx-sync
+      description TRANSIT VLAN
   interface vlan 508
-  ip ospf 1 area 0.0.0.0
+      description Vlan 508 ST
-  ip ospf network point-to-point
+      vsx-sync active-gateways
+      ip mtu 1500
+      ip address 10.28.72.2/23
+      active-gateway ip mac 12:01:00:00:01:00
+      active-gateway ip 10.28.72.1
+      ip helper-address 10.28.64.22
+      ip ospf 1 area 0.0.0.0
-  interface vlan 509
+  interface vlan 514
-  ip ospf 1 area 0.0.0.0
+      description Vlan 514 AC
-  ip ospf network point-to-point
+      vsx-sync active-gateways
+      ip mtu 1500
+      ip address 172.16.40.2/23
+      active-gateway ip mac 12:01:00:00:01:00
+      active-gateway ip 172.16.40.1
+      ip ospf 1 area 0.0.0.0
-  interface vlan 510
+  interface vlan 530
-  ip ospf 1 area 0.0.0.0
+      description Vlan 530
-  ip ospf network point-to-point
+      vsx-sync active-gateways
+      ip mtu 1500
+      ip address 10.28.216.2/23
+      active-gateway ip mac 12:01:00:00:01:00
+      active-gateway ip 10.28.216.1
+      ip ospf 1 area 0.0.0.0
-  interface vlan 511
+  interface vlan 531
-  ip ospf 1 area 0.0.0.0
+      description TRANSIT VLAN
-  ip ospf network point-to-point
+      vsx active-forwarding
+      ip address 172.18.0.5/30
+      ip ospf 1 area 0.0.0.0
+      no ip ospf passive
+      ip ospf cost 50
+      ip ospf network point-to-point
-  interface vlan 512
+  interface vlan 1019
-  ip ospf 1 area 0.0.0.0
+      description Vlan 1019 PtP
-  ip ospf network point-to-point
+      vsx active-forwarding
+      ip address 172.18.0.1/30
+      ip ospf 1 area 0.0.0.0
+      no ip ospf passive
+      ip ospf cost 10
+      ip ospf network point-to-point
+================
+**SIDE-A 6400-B**
+================
+  vsx
+      system-mac 02:01:00:00:01:00
+      inter-switch-link lag 256
+      role secondary
+      keepalive peer 192.168.100.1 source 192.168.100.2 vrf keepAlive
+      vsx-sync aaa acl-log-timer bfd-global bgp copp-policy dhcp-relay dhcp-server dns icmp-tcp lldp loop-protect-
+  global mac-lockout mclag-interfaces ospf qos-global route-map sflow-global snmp ssh stp-global time vsx-global
-  interface vlan 513
+  ip route 0.0.0.0/0 172.16.32.4
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
+   router ospf 1
+      router-id 172.22.0.2
+      max-metric router-lsa on-startup
+      passive-interface default
+      graceful-restart restart-interval 300
+      trap-enable
+      area 0.0.0.0
-  interface vlan 514
+  interface loopback 0
-  ip ospf 1 area 0.0.0.0
+      ip address 172.22.0.2/32
-  ip ospf network point-to-point
+      ip ospf 1 area 0.0.0.0
-  interface vlan 515
+  vlan 531
-  ip ospf 1 area 0.0.0.0
+      name NORTH-OSPF
-  ip ospf network point-to-point
+      vsx-sync
+      description TRANSIT VLAN
-  interface vlan 516
+  interface vlan 508
-  ip ospf 1 area 0.0.0.0
+      description Vlan 508 ST
-  ip ospf network point-to-point
+      vsx-sync active-gateways
+      ip mtu 1500
+      ip address 10.28.72.3/23
+      active-gateway ip mac 12:01:00:00:01:00
+      active-gateway ip 10.28.72.1
+      ip helper-address 10.28.64.22
+      ip ospf 1 area 0.0.0.0
-  interface vlan 517
+  interface vlan 514
-  ip ospf 1 area 0.0.0.0
+      description Vlan 514 AC
-  ip ospf network point-to-point
+      vsx-sync active-gateways
+      ip mtu 1500
+      ip address 172.16.40.3/23
+      active-gateway ip mac 12:01:00:00:01:00
+      active-gateway ip 172.16.40.1
+      ip ospf 1 area 0.0.0.0
-  interface vlan 518
+  interface vlan 530
-  ip ospf 1 area 0.0.0.0
+      description Vlan 530
-  ip ospf network point-to-point
+      vsx-sync active-gateways
+      ip mtu 1500
+      ip address 10.28.216.3/23
+      active-gateway ip mac 12:01:00:00:01:00
+      active-gateway ip 10.28.216.1
+      ip ospf 1 area 0.0.0.0
-  interface vlan 519
+  interface vlan 531
-  ip ospf 1 area 0.0.0.0
+      description TRANSIT VLAN
-  ip ospf network point-to-point
+      vsx active-forwarding
+      ip address 172.18.0.6/30
+      ip ospf 1 area 0.0.0.0
+      no ip ospf passive
+      ip ospf cost 50
+      ip ospf network point-to-point
-  interface vlan 520
+  interface vlan 1019
-  ip ospf 1 area 0.0.0.0
+      description Vlan 1019 PtP
-  ip ospf network point-to-point
+      vsx active-forwarding
+      ip address 172.18.0.14/30
+      ip ospf 1 area 0.0.0.0
+      no ip ospf passive
+      ip ospf cost 10
+================
+**SIDE-B 6400-A**
+================
+  Example set vlan L2 to both SW 6400 A and B:
+  vlan 708
+      name ST
+      vsx-sync
+      ip igmp snooping enable
+      ip igmp snooping version 2
+      ip igmp snooping apply access-list mygroup1
+  vsx
+      system-mac 02:01:00:00:02:00
+      inter-switch-link lag 256
+      role primary
+      keepalive peer 192.168.102.2 source 192.168.102.1 vrf keepAlive
+      vsx-sync aaa acl-log-timer bfd-global bgp copp-policy dhcp-relay dhcp-server dns icmp-tcp lldp loop-protect-
+  global mac-lockout mclag-interfaces ospf qos-global route-map sflow-global snmp ssh stp-global time vsx-global
-  interface vlan 521
+  ip route 0.0.0.0/0 172.20.32.4
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
-  interface vlan 522
+  router ospf 1
-  ip ospf 1 area 0.0.0.0
+      router-id 172.22.0.3
-  ip ospf network point-to-point
+      max-metric router-lsa on-startup
+      passive-interface default
+      graceful-restart restart-interval 300
+      trap-enable
+      area 0.0.0.0
-  interface vlan 523
+  vlan 731
-  ip ospf 1 area 0.0.0.0
+      name SOUTH-OSPF
-  ip ospf network point-to-point
+      vsx-sync
+      description TRANSIT VLAN
-  interface vlan 524
+  interface loopback 0
-  ip ospf 1 area 0.0.0.0
+      ip address 172.22.0.3/32
-  ip ospf network point-to-point
+      ip ospf 1 area 0.0.0.0
-  interface vlan 525
+  interface vlan 708
-  ip ospf 1 area 0.0.0.0
+      description Vlan 708 ST
-  ip ospf network point-to-point
+      vsx-sync active-gateways
+      ip mtu 1500
+      ip address 10.56.72.2/23
+      active-gateway ip mac 12:01:00:00:01:00
+      active-gateway ip 10.56.72.1
+      ip helper-address 10.56.64.22
+      ip ospf 1 area 0.0.0.0
-  interface vlan 526
+  interface vlan 714
-  ip ospf 1 area 0.0.0.0
+      description Vlan 714 AC
-  ip ospf network point-to-point
+      vsx-sync active-gateways
+      ip mtu 1500
+      ip address 172.20.40.2/23
+      active-gateway ip mac 12:01:00:00:01:00
+      active-gateway ip 172.20.40.1
+      ip helper-address 10.56.64.22
+      ip ospf 1 area 0.0.0.0
-  interface vlan 527
+  interface vlan 730
-  ip ospf 1 area 0.0.0.0
+      description VLAN 730 9K
-  ip ospf network point-to-point
+      vsx-sync active-gateways
+      ip mtu 1500
+      ip address 10.56.216.2/23
+      active-gateway ip mac 12:01:00:00:01:00
+      active-gateway ip 10.56.216.1
+      ip ospf 1 area 0.0.0.0
-  interface vlan 530
+  interface vlan 731
-  ip ospf 1 area 0.0.0.0
+      description TRANSIT VLAN
-  ip ospf network point-to-point
+      vsx active-forwarding
+      ip address 172.18.0.9/30
+      ip ospf 1 area 0.0.0.0
+      no ip ospf passive
+      ip ospf cost 50
+      ip ospf network point-to-point
+  interface vlan 1019
+      description Vlan 1019 PtP
+      vsx active-forwarding
+      ip address 172.18.0.2/30
+      ip ospf 1 area 0.0.0.0
+      no ip ospf passive
+      ip ospf cost 10
+      ip ospf network point-to-point
+================
+**SIDE-B 6400-B**
+================
-**SwitchA(config)# show ip ospf neighbors**
+  vsx
+      system-mac 02:01:00:00:02:00
-**SwitchB# show lldp neighbor**
+      inter-switch-link lag 256
+      role secondary
-  SwitchA# show ip ospf neighbors
+      keepalive peer 192.168.102.1 source 192.168.102.2 vrf keepAlive
-  VRF : default                          Process : 1
+      vsx-sync aaa acl-log-timer bfd-global bgp copp-policy dhcp-relay dhcp-server dns icmp-tcp lldp loop-protect-
-  ===================================================
+  global mac-lockout mclag-interfaces ospf qos-global route-map sflow-global snmp ssh stp-global time vsx-global
-  Total Number of Neighbors : 26
+  ip route 0.0.0.0/0 172.20.32.4
-  Neighbor ID      Priority  State             Nbr Address       Interface
+  vlan 731
-  -------------------------------------------------------------------------
+      name SOUTH-OSPF
-.168.2.3      n/a       FULL              172.16.28.3        vlan1
+      vsx-sync
+      description TRANSIT VLAN
+  router ospf 1
+      router-id 172.22.0.4
+      max-metric router-lsa on-startup
+      passive-interface default
+      graceful-restart restart-interval 300
+      trap-enable
+      area 0.0.0.0
-.168.2.3      n/a       FULL              10.28.64.3         vlan500
+  interface loopback 0
+      ip address 172.22.0.4/32
+      ip ospf 1 area 0.0.0.0
-.168.2.3      n/a       FULL              192.168.2.3        vlan501
+  interface vlan 708
+      description Vlan 708 ST
+      vsx-sync active-gateways
+      ip mtu 1500
+      ip address 10.56.72.3/23
+      active-gateway ip mac 12:01:00:00:01:00
+      active-gateway ip 10.56.72.1
+      ip helper-address 10.56.64.22
+      ip ospf 1 area 0.0.0.0
+  interface vlan 714
+      description Vlan 714 AC
+      vsx-sync active-gateways
+      ip mtu 1500
+      ip address 172.20.40.3/23
+      active-gateway ip mac 12:01:00:00:01:00
+      active-gateway ip 172.20.40.1
+      ip helper-address 10.56.64.22
+      ip ospf 1 area 0.0.0.0
-.168.2.3      n/a       FULL              172.16.32.3        vlan505
+  interface vlan 730
+      description VLAN 730 9K
+      vsx-sync active-gateways
+      ip mtu 1500
+      ip address 10.56.216.3/23
+      active-gateway ip mac 12:01:00:00:01:00
+      active-gateway ip 10.56.216.1
+      ip ospf 1 area 0.0.0.0
-.168.2.3      n/a       FULL              172.16.36.3        vlan506
+  interface vlan 731
+      description TRANSIT VLAN
+      vsx active-forwarding
+      ip address 172.18.0.10/30
+      ip ospf 1 area 0.0.0.0
+      no ip ospf passive
+      ip ospf cost 50
+      ip ospf network point-to-point
+  interface vlan 1019
+      description Vlan 1019 PtP
+      vsx active-forwarding
+      ip address 172.18.0.13/30
+      ip ospf 1 area 0.0.0.0
+      no ip ospf passive
+      ip ospf cost 10
+      ip ospf network point-to-point
 ----
 ----
-**Switch B - 6400:**
+**OSPF Troubleshooting**
-  interface loopback 0
-    ip address 172.22.0.4/32
-  interface loopback 1
-    ip address 172.22.0.5/32
-router ospf 1
+**{{ :aruba_networks:switch:6400:15be0a8e-5922-47b6-ae26-a7218295f7e8.pdf |OSPF Troubleshooting}}**
-    router-id 172.22.0.4
-    redistribute bgp
-    area 0.0.0.0
-router bgp 65020
-    bgp router-id 172.22.0.4
-    neighbor 172.18.0.1 remote-as 65010
-    address-family ipv4 unicast
-        neighbor 172.18.0.1 default-originate
-        neighbor 172.18.0.1 activate
-        network 172.18.0.0/27
-    exit-address-family
+{{pdfjs 46em >:aruba_networks:switch:6400:15be0a8e-5922-47b6-ae26-a7218295f7e8.pdf }}
-  interface vlan 1
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
+{{ youtube>N9dIGVzdjIU }}
+----
+----
+**FEC** on an SFP port refers to **Forward Error Correction (FEC)**, which is a technique used in fiber optic and Ethernet networks to enhance data transmission reliability by detecting and correcting errors without the need for retransmission.
+**FEC (Forward Error Correction)**:
+FEC is a mechanism that adds redundant information to the transmitted data. This redundancy allows the receiving end to detect and correct errors caused by signal degradation or noise during transmission.
+Purpose: FEC is essential for high-speed data links (e.g., 10G, 25G, 40G, 100G Ethernet) to improve link quality and performance.
+Types: Different FEC modes can be used depending on the standard and speed of the connection (e.g., Reed-Solomon FEC).
+  *   **auto**   Enable FEC Auto-Neg
+  *   **cl108**  Enable clause108 with 25G
+  *   **cl74**   Enable clause74 with 25G
+  *   **off**    Turn FEC off, FEC is mandatory for speeds 50G or higher
+----
+----
+**Benefits of FEC on SFP Ports**:
+  * Error Correction: FEC can correct errors due to signal attenuation or interference.
+  * Better Link Performance: Allows for longer cable runs or higher speeds by improving signal integrity.
+  * No Retransmissions: Unlike other error correction methods, FEC works proactively without needing retransmissions, which is important for low-latency environments.
+----
+**Aruba Switch 6400:**
+  CS-2P-MDFHA-A#** show ver**
+  -----------------------------------------------------------------------------
+  ArubaOS-CX
+  (c) Copyright 2017-2024 Hewlett Packard Enterprise Development LP
+  -----------------------------------------------------------------------------
+  Version      : FL.10.13.1010
+  Build Date   : 2024-04-09 00:34:12 UTC
+  Build ID     : ArubaOS-CX:FL.10.13.1010:ef2109377880:202404090010
+  Build SHA    : ef21093778805e954ec130b0939d34927bb7ba19
+  Hot Patches  :
+  Active Image : primary
-  interface vlan 700
+  Service OS Version : FL.01.14.0002
-  ip ospf 1 area 0.0.0.0
+  BIOS Version       : FL.01.0002
-  ip ospf network point-to-point
+CS-2P-MDFHA-A(config)# **interface 1/3/36**
+**error-control**    Configure the error control (**FEC**) mode
+  CS-2P-MDFHA-A(config-if)# error-control
+    auto        Use the transceiver default
+    base-r-fec  Use IEEE BASE-R (Firecode) FEC
+    none        Do not use any FEC
+    rs-fec      Use IEEE Reed-Solomon FEC
+----
+----
+====== boot system ======
+**Rebooting the system from the configured default operating system image**:
+  switch# boot system
+  Do you want to save the current configuration (y/n)? y
+  The running configuration was saved to the startup configuration.
-  interface vlan 701
+  This will reboot the entire switch and render it unavailable
-  ip ospf 1 area 0.0.0.0
+  until the process is complete.
-  ip ospf network point-to-point
+  Continue (y/n)? y
+  The system is going down for reboot.
+  The system is going down for reboot.
+**Rebooting the system from the secondary operating system image, setting the secondary operating system image as the configured default boot image:**
+  switch# boot system secondary
+  Default boot image set to secondary.
-  interface vlan 705
+  Do you want to save the current configuration (y/n)? n
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
-  interface vlan 706
+  This will reboot the entire switch and render it unavailable
-  ip ospf 1 area 0.0.0.0
+  until the process is complete.
-  ip ospf network point-to-point
+  Continue (y/n)? y
+  The system is going down for reboot.
-  interface vlan 707
+  Canceling a system reboot:
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
-  interface vlan 708
+  switch# boot system
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
-  interface vlan 709
+  Do you want to save the current configuration (y/n)? n
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
-  interface vlan 710
+  This will reboot the entire switch and render it unavailable
-  ip ospf 1 area 0.0.0.0
+  until the process is complete.
-  ip ospf network point-to-point
+  Continue (y/n)? n
+  Reboot aborted.
+  switch#
-  interface vlan 711
-  ip ospf 1 area 0.0.0.0
+----
-  ip ospf network point-to-point
+----
+====== Steps to get the support files for both the switches: ======
+**For SFTP**:
+  Switch# copy support-files all sftp:// user@Address of Local Server>/support-files.tar.gz vrf default
+**For TFTP**:
+  Switch# copy support-files all tftp:// Address of Local Server>/support-files.tar.gz vrf default
+  CS-2C-MDFHA-A# copy support-files all tftp://10.56.64.22/support-files.tar.gz vrf default
+  The operation to copy all support files could take a while to complete.
-  interface vlan 712
+  Do you want to continue (y/n)? y
-  ip ospf 1 area 0.0.0.0
+  Collection in progress...
-  ip ospf network point-to-point
+  Standby management module is not reachable
+  Unable to gather information from the standby management module
-  interface vlan 713
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
-  interface vlan 714
+  show tech output collection is in progress...
-  ip ospf 1 area 0.0.0.0
+  Done
-  ip ospf network point-to-point
-  interface vlan 715
+  Done
-  ip ospf 1 area 0.0.0.0
+  Attempting to copy...
-  ip ospf network point-to-point
+    % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
+                                   Dload  Upload   Total   Spent    Left  Speed
+69.8M    0     0   65 45.6M      0   467k  0:02:32  0:01:40  0:00:52  648k
+Please note on both the above cases you can use the specific VRF (ex, here we have used management VRF), if you do not specify a VRF, then it will take the default VRF
+OR
+Copy the support files to USB and then upload manually.
+**For USB**:
+For USB option, First you need to enable the USB and then you need to Mount, To do so
+  Switch#(config) usb mount
+Verification can be done by
+  Switch# show usb
+  enabled: yes
+  mounted: yes
+  Switch# copy support-files all usb://support-files.tar.gz
+After copied use this command to unmount the usb
+  Switch#(config) usb unmount
+ USB should be formatted with FAT32 option before inserting to switch.
+----
+----
+====== Images ======
+  CS-2P-MDFHA-B(config-if-vlan)# show images
+  ---------------------------------------------------------------------------
+  ArubaOS-CX Primary Image
+  ---------------------------------------------------------------------------
+  Version : FL.10.13.1010
+  Size    : 998 MB
+  Date    : 2024-04-09 00:34:12 UTC
+  SHA-256 : 53bbd1354dd22bffa2df52b22fe8f2dd5cc05a10bcd9ae8c9e01fc93c830d0ec
-  interface vlan 716
+  ---------------------------------------------------------------------------
-  ip ospf 1 area 0.0.0.0
+  ArubaOS-CX Secondary Image
-  ip ospf network point-to-point
+  ---------------------------------------------------------------------------
+  Version : FL.10.09.1050
+  Size    : 872 MB
+  Date    : 2022-09-13 23:40:16 UTC
+  SHA-256 : 631640f32e58f3719f56b36474d02c98666a519fb7775d3b263a36783eaafcfd
-  interface vlan 717
+  Default Image : primary
-  ip ospf 1 area 0.0.0.0
+  Boot Profile Timeout : 5 seconds
-  ip ospf network point-to-point
-  interface vlan 718
+  ------------------------------------------------------
-  ip ospf 1 area 0.0.0.0
+  Management Module 1/1 (Active)
-  ip ospf network point-to-point
+  ------------------------------------------------------
+  Active Image       : primary
+  Service OS Version : FL.01.14.0002
+  BIOS Version       : FL.01.0002
-  interface vlan 719
+  CS-2P-MDFHA-A# boot system primary
-  ip ospf 1 area 0.0.0.0
+  Default boot image set to primary.
-  ip ospf network point-to-point
+  Checking if the configuration needs to be saved...
-  interface vlan 720
+  Do you want to save the current configuration (y/n)? y
-  ip ospf 1 area 0.0.0.0
+  The running configuration was saved to the startup configuration.
-  ip ospf network point-to-point
-  interface vlan 721
+  Checking for updates needed to programmable devices...
-  ip ospf 1 area 0.0.0.0
+  Done checking for updates.
-  ip ospf network point-to-point
-  interface vlan 722
+non-failsafe device(s) also need to be updated.
-  ip ospf 1 area 0.0.0.0
+  Please run the 'allow-unsafe-updates' command to enable these updates.
-  ip ospf network point-to-point
+  This will reboot the entire switch and render it unavailable
-  interface vlan 723
+  until the process is complete.
-  ip ospf 1 area 0.0.0.0
+  Continue (y/n)?
-  ip ospf network point-to-point
-  interface vlan 724
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
-  interface vlan 725
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
-  interface vlan 726
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
-  interface vlan 727
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
-  interface vlan 730
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
 ----
 ----
-**OSPF Troubleshooting**
+====== Aruba 6300M Uplink Port Compatibility ======
+===== Summary =====
+During the deployment of a 10Gbps LAG between an Aruba 6300M and an Aruba 6400, the link failed to come up when using standard 10G SFP+ SR modules (e.g., JL260A) in ports 51 and 52. These ports are SFP28 with MACsec capabilities and may reject modules that do not support MACsec.
+After inserting the same SFP+ module into port 50 (SFP56 type, no MACsec), the link came up successfully at 10Gbps.
+This indicates that:
+  * Ports 51 and 52 require MACsec-capable transceivers.
+  * Ports 49 and 50 (SFP56) are fully backward compatible and work reliably with standard 10G SFP+ modules.
+  * It is recommended to use ports 49 and 50 for standard uplinks or non-MACsec LAGs.
+===== Uplink Port Compatibility Table =====
+^ Port       ^ Physical Type ^ Supported Speeds     ^ MACsec Support ^ Compatible Modules           ^ Recommended Use                           ^
+| 1/1/49     | SFP56         | 10G / 25G / 50G       | No             | SFP+, SFP28, SFP56            | Standard uplinks, LAGs, non-secure 10G    |
+| 1/1/50     | SFP56         | 10G / 25G / 50G       | No             | SFP+, SFP28, SFP56            | Standard uplinks, LAGs, non-secure 10G    |
+| 1/1/51     | SFP28         | 10G / 25G             | Yes            | SFP+ MACsec, SFP28 MACsec     | Secure uplinks only (MACsec modules)     |
+| 1/1/52     | SFP28         | 10G / 25G             | Yes            | SFP+ MACsec, SFP28 MACsec     | Secure uplinks only (MACsec modules)     |
+===== SFP/SFP+ Module Compatibility =====
+^ Module     ^ Speed     ^ MACsec Support ^ Compatible Ports ^ Notes                                      ^
+| JL260A     | 10G       | No             | 49, 50           | Standard SFP+ SR module, not for 51/52     |
+| JL261A     | 10G       | No             | 49, 50           | Standard SFP+ LR module                    |
+| JL685A     | 10G       | Yes            | 51, 52           | MACsec-capable SFP+ SR module              |
+| JL640A     | 25G       | Yes            | 51, 52           | SFP28 SR MACsec module                     |
+| JL563A     | 25G       | No             | 49, 50           | SFP28 SR non-MACsec module                 |
+===== Notes =====
+  * If a module is not MACsec-capable, it may not link on ports 51–52.
+  * Use the command ''show macsec summary'' to check MACsec status.
+  * Ensure both ends of a LAG use modules of the same type and speed.
+  * When in doubt, test modules on ports 49 or 50 for basic link validation.
-**{{ :aruba_networks:switch:6400:15be0a8e-5922-47b6-ae26-a7218295f7e8.pdf |OSPF Troubleshooting}}**
-{{pdfjs 46em >:aruba_networks:switch:6400:15be0a8e-5922-47b6-ae26-a7218295f7e8.pdf }}
 ----
@@ Line 2104: / Line 2485: @@
+====== VXLAN Configuration between Aruba 6300 and Aruba 6400 ======
+This document outlines the required configuration and logical architecture to enable VXLAN Layer 2 extension between an Aruba 6300 and an Aruba 6400 switch. It includes the architecture summary, logical diagram, VNI-to-VLAN mapping, and complete CLI configuration focused solely on VXLAN.
+===== Architecture Summary =====
+This design extends Layer 2 domains using point-to-point VXLAN tunnels (ingress-replication). Each Aruba switch acts as a VXLAN Tunnel Endpoint (VTEP), using its Loopback interface as the source IP for encapsulation.
+  * VXLAN mode: Static EVPN
+  * Transport: VXLAN over IP using loopback source
+  * Encapsulation: Ingress-replication VXLAN
+  * MTU: Minimum 9100 on transport interfaces
+===== Logical Architecture =====
+  +------------------------+                   VXLAN Tunnel                   +------------------------+
+  | Aruba 6300 (VTEP)      |<----------------------------------------------->| Aruba 6400 (VTEP)      |
+  | Loopback: 172.22.32.3  |                                                 | Loopback: 172.22.32.4  |
+  | VLANs: 1, 700–732      |                                                 | VLANs: 1, 700–732      |
+  | VXLAN Interface: 1     |                                                 | VXLAN Interface: 1     |
+  +------------------------+                                                 +------------------------+
+Each switch encapsulates traffic from local VLANs into VXLAN using its loopback as the tunnel source.
+===== VXLAN Mapping Table: VLAN ↔ VNI ↔ Tunnel =====
+^ VLAN ID ^ VNI    ^ Description      ^ Local VTEP (6300) ^ Remote VTEP (6400) ^
+| 1       | 10001  | Management       | 172.22.32.3        | 172.22.32.4         |
+| 700     | 10700  | ServerVM         | 172.22.32.3        | 172.22.32.4         |
+| 701     | 10701  | ServerStack      | 172.22.32.3        | 172.22.32.4         |
+| 702     | 10702  | ISP1             | 172.22.32.3        | 172.22.32.4         |
+| ...     | ...    | ...              | ...                | ...                 |
+| 732     | 10732  | OldNet           | 172.22.32.3        | 172.22.32.4         |
+===== CLI Configuration – Aruba 6300 =====
+<code>
+interface 1/1/15
+    description PTP Link to ARUBA 6300 IP: 172.18.32.42
+    no shutdown
+    mtu 9100
+    routing
+    ip address 172.18.32.41/30
+    ip ospf 1 area 0.0.0.0
+    ip ospf network point-to-point
+ip route 172.22.32.5/32 172.18.32.42
+interface loopback 1
+    ip address 172.22.32.6/32
+    ip ospf 1 area 0.0.0.0
+interface vxlan 1
+    source ip 172.22.32.6
+    inter-vxlan-bridging-mode static-evpn
+    no shutdown
+    vni 10001
+        vlan 1
+        vtep-peer 172.22.32.5
+    vni 10700
+        vlan 700
+        vtep-peer 172.22.32.5
+    ...
+    vni 10732
+        vlan 732
+        vtep-peer 172.22.32.5
+router ospf 1
+    router-id 172.22.32.6
+    area 0.0.0.0
+</code>
+===== CLI Configuration – Aruba 6300 =====
+<code>
+interface 1/1/15
+    description PTP Link to ARUBA 6300 IP: 172.18.32.41
+    no shutdown
+    mtu 9100
+    routing
+    ip address 172.18.32.42/30
+    ip ospf 1 area 0.0.0.0
+    ip ospf network point-to-point
+ip route 172.22.32.6/32 172.18.32.41
+interface loopback 1
+    ip address 172.22.32.5/32
+    ip ospf 1 area 0.0.0.0
+interface vxlan 1
+    source ip 172.22.32.5
+    inter-vxlan-bridging-mode static-evpn
+    no shutdown
+    vni 10001
+        vlan 1
+        vtep-peer 172.22.32.6
+    vni 10700
+        vlan 700
+        vtep-peer 172.22.32.6
+    ...
+    vni 10732
+        vlan 732
+        vtep-peer 172.22.32.6
+router ospf 1
+    router-id 172.22.32.6
+    area 0.0.0.0
+</code>
+----
+----
+{{ :aruba_networks:switch:6400:vxlan_cli_ap.pdf |}}
+{{pdfjs 46em >:aruba_networks:switch:6400:vxlan_cli_ap.pdf}}
+----
+----
+{{ :cisco:switch:9500:mtu_utm_switch_6400_9500.pdf |}}
+{{pdfjs 46em >:cisco:switch:9500:mtu_utm_switch_6400_9500.pdf }}
+----
+----