Differences

This shows you the differences between two versions of the page.

--- aruba_networks:switch:6400:6400_configuration_example_script [2025/03/07 11:23] – aperez
+++ aruba_networks:switch:6400:6400_configuration_example_script [2025/08/04 11:57] (current) – [CLI Configuration – Aruba 6400] aperez
@@ Line 1803: / Line 1803: @@
   * **65.535** – reserved.
+**OSPF**
 **[[https://arubanetworking.hpe.com/techdocs/AOS-CX/10.15/HTML/ip_route_6300-6400-8100-83xx-9300-10000/Content/Chp_OSPFv2/OSPFv2_cmds/red-osp-10.htm|Redistribute (ospf)]]**
-**Switch A - 6400:**
-  interface loopback 0
+----
-    ip address 172.24.0.1/32
-  interface loopback 1
-    ip address 172.24.0.2/32
-  router ospf 1
+{{ :aruba_networks:switch:6400:ospf_final.png?600 |}}
-    router-id 172.24.0.1
-    redistribute bgp
-    redistribute connected
-    redistribute static
-    area 0.0.0.0
-  router bgp 65010
-    bgp router-id 172.24.0.1
-    neighbor 172.18.0.4 remote-as 65020
-    address-family ipv4 unicast
-        neighbor 172.18.0.4 default-originate
-        neighbor 172.18.0.4 activate
-        network 172.18.0.0/27
-    exit-address-family
-  interface vlan 1
+----
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
+================
+**SIDE-A 6400-A**
+================
+  Example set vlan L2 to both SW 6400 A and B:
-  interface vlan 500
+  vlan 508
-  ip ospf 1 area 0.0.0.0
+      name ST
-  ip ospf network point-to-point
+      vsx-sync
+      ip igmp snooping enable
+      ip igmp snooping version 2
+      ip igmp snooping apply access-list mygroup1
+  vsx
+      system-mac 02:01:00:00:01:00
+      inter-switch-link lag 256
+      role primary
+      keepalive peer 192.168.100.2 source 192.168.100.1 vrf keepAlive
+      vsx-sync aaa acl-log-timer bfd-global bgp copp-policy dhcp-relay dhcp-server dns icmp-tcp lldp loop-protect-
+  global mac-lockout mclag-interfaces ospf qos-global route-map sflow-global snmp ssh stp-global time vsx-global
-  interface vlan 501
+  ip route 0.0.0.0/0 172.16.32.4
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
-  interface vlan 505
+  router ospf 1
-  ip ospf 1 area 0.0.0.0
+      router-id 172.22.0.1
-  ip ospf network point-to-point
+      max-metric router-lsa on-startup
+      passive-interface default
+      graceful-restart restart-interval 300
+      trap-enable
+      area 0.0.0.0
-  interface vlan 506
+  interface loopback 0
-  ip ospf 1 area 0.0.0.0
+      ip address 172.22.0.1/32
-  ip ospf network point-to-point
+      ip ospf 1 area 0.0.0.0
-  interface vlan 507
+  vlan 531
-  ip ospf 1 area 0.0.0.0
+      name NORTH-OSPF
-  ip ospf network point-to-point
+      vsx-sync
+      description TRANSIT VLAN
   interface vlan 508
-  ip ospf 1 area 0.0.0.0
+      description Vlan 508 ST
-  ip ospf network point-to-point
+      vsx-sync active-gateways
+      ip mtu 9100
-  interface vlan 509
+      ip address 10.28.72.2/23
-  ip ospf 1 area 0.0.0.0
+      active-gateway ip mac 12:01:00:00:01:00
-  ip ospf network point-to-point
+      active-gateway ip 10.28.72.1
+      ip helper-address 10.28.64.22
-  interface vlan 510
+      ip ospf 1 area 0.0.0.0
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
-  interface vlan 511
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
-  interface vlan 512
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
-  interface vlan 513
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
   interface vlan 514
-  ip ospf 1 area 0.0.0.0
+      description Vlan 514 AC
-  ip ospf network point-to-point
+      vsx-sync active-gateways
+      ip mtu 9100
+      ip address 172.16.40.2/23
+      active-gateway ip mac 12:01:00:00:01:00
+      active-gateway ip 172.16.40.1
+      ip ospf 1 area 0.0.0.0
-  interface vlan 515
+  interface vlan 530
-  ip ospf 1 area 0.0.0.0
+      description Vlan 530
-  ip ospf network point-to-point
+      vsx-sync active-gateways
+      ip mtu 9100
+      ip address 10.28.216.2/23
+      active-gateway ip mac 12:01:00:00:01:00
+      active-gateway ip 10.28.216.1
+      ip ospf 1 area 0.0.0.0
-  interface vlan 516
+  interface vlan 531
-  ip ospf 1 area 0.0.0.0
+      description TRANSIT VLAN
-  ip ospf network point-to-point
+      vsx active-forwarding
+      ip address 172.18.0.5/30
+      ip ospf 1 area 0.0.0.0
+      no ip ospf passive
+      ip ospf cost 50
+      ip ospf network point-to-point
-  interface vlan 517
+  interface vlan 1019
-  ip ospf 1 area 0.0.0.0
+      description Vlan 1019 PtP
-  ip ospf network point-to-point
+      vsx active-forwarding
+      ip address 172.18.0.1/30
+      ip ospf 1 area 0.0.0.0
+      no ip ospf passive
+      ip ospf cost 10
+      ip ospf network point-to-point
+================
+**SIDE-A 6400-B**
+================
+  vsx
+      system-mac 02:01:00:00:01:00
+      inter-switch-link lag 256
+      role secondary
+      keepalive peer 192.168.100.1 source 192.168.100.2 vrf keepAlive
+      vsx-sync aaa acl-log-timer bfd-global bgp copp-policy dhcp-relay dhcp-server dns icmp-tcp lldp loop-protect-
+  global mac-lockout mclag-interfaces ospf qos-global route-map sflow-global snmp ssh stp-global time vsx-global
-  interface vlan 518
+  ip route 0.0.0.0/0 172.16.32.4
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
+   router ospf 1
+      router-id 172.22.0.2
+      max-metric router-lsa on-startup
+      passive-interface default
+      graceful-restart restart-interval 300
+      trap-enable
+      area 0.0.0.0
-  interface vlan 519
+  interface loopback 0
-  ip ospf 1 area 0.0.0.0
+      ip address 172.22.0.2/32
-  ip ospf network point-to-point
+      ip ospf 1 area 0.0.0.0
-  interface vlan 520
+  vlan 531
-  ip ospf 1 area 0.0.0.0
+      name NORTH-OSPF
-  ip ospf network point-to-point
+      vsx-sync
+      description TRANSIT VLAN
-  interface vlan 521
+  interface vlan 508
-  ip ospf 1 area 0.0.0.0
+      description Vlan 508 ST
-  ip ospf network point-to-point
+      vsx-sync active-gateways
+      ip mtu 9100
+      ip address 10.28.72.3/23
+      active-gateway ip mac 12:01:00:00:01:00
+      active-gateway ip 10.28.72.1
+      ip helper-address 10.28.64.22
+      ip ospf 1 area 0.0.0.0
-  interface vlan 522
+  interface vlan 514
-  ip ospf 1 area 0.0.0.0
+      description Vlan 514 AC
-  ip ospf network point-to-point
+      vsx-sync active-gateways
+      ip mtu 9100
+      ip address 172.16.40.3/23
+      active-gateway ip mac 12:01:00:00:01:00
+      active-gateway ip 172.16.40.1
+      ip ospf 1 area 0.0.0.0
-  interface vlan 523
+  interface vlan 530
-  ip ospf 1 area 0.0.0.0
+      description Vlan 530
-  ip ospf network point-to-point
+      vsx-sync active-gateways
+      ip mtu 9100
+      ip address 10.28.216.3/23
+      active-gateway ip mac 12:01:00:00:01:00
+      active-gateway ip 10.28.216.1
+      ip ospf 1 area 0.0.0.0
-  interface vlan 524
+  interface vlan 531
-  ip ospf 1 area 0.0.0.0
+      description TRANSIT VLAN
-  ip ospf network point-to-point
+      vsx active-forwarding
+      ip address 172.18.0.6/30
+      ip ospf 1 area 0.0.0.0
+      no ip ospf passive
+      ip ospf cost 50
+      ip ospf network point-to-point
-  interface vlan 525
+  interface vlan 1019
-  ip ospf 1 area 0.0.0.0
+      description Vlan 1019 PtP
-  ip ospf network point-to-point
+      vsx active-forwarding
+      ip address 172.18.0.14/30
-  interface vlan 526
+      ip ospf 1 area 0.0.0.0
-  ip ospf 1 area 0.0.0.0
+      no ip ospf passive
-  ip ospf network point-to-point
+      ip ospf cost 10
-  interface vlan 527
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
-  interface vlan 530
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
+================
+**SIDE-B 6400-A**
+================
-**SwitchA(config)# show ip ospf neighbors**
+  Example set vlan L2 to both SW 6400 A and B:
+  vlan 708
+      name ST
+      vsx-sync
+      ip igmp snooping enable
+      ip igmp snooping version 2
+      ip igmp snooping apply access-list mygroup1
-**SwitchB# show lldp neighbor**
-  SwitchA# show ip ospf neighbors
+  vsx
-  VRF : default                          Process : 1
+      system-mac 02:01:00:00:02:00
-  ===================================================
+      inter-switch-link lag 256
+      role primary
+      keepalive peer 192.168.102.2 source 192.168.102.1 vrf keepAlive
+      vsx-sync aaa acl-log-timer bfd-global bgp copp-policy dhcp-relay dhcp-server dns icmp-tcp lldp loop-protect-
+  global mac-lockout mclag-interfaces ospf qos-global route-map sflow-global snmp ssh stp-global time vsx-global
-  Total Number of Neighbors : 26
+  ip route 0.0.0.0/0 172.20.32.4
-  Neighbor ID      Priority  State             Nbr Address       Interface
+  router ospf 1
-  -------------------------------------------------------------------------
+      router-id 172.22.0.3
-.168.2.3      n/a       FULL              172.16.28.3        vlan1
+      max-metric router-lsa on-startup
+      passive-interface default
+      graceful-restart restart-interval 300
+      trap-enable
+      area 0.0.0.0
-.168.2.3      n/a       FULL              10.28.64.3         vlan500
+  vlan 731
+      name SOUTH-OSPF
+      vsx-sync
+      description TRANSIT VLAN
-.168.2.3      n/a       FULL              192.168.2.3        vlan501
-.168.2.3      n/a       FULL              172.16.32.3        vlan505
-.168.2.3      n/a       FULL              172.16.36.3        vlan506
-----
-----
-**Switch B - 6400:**
   interface loopback 0
-    ip address 172.24.0.4/32
+      ip address 172.22.0.3/32
-  interface loopback 1
+      ip ospf 1 area 0.0.0.0
-    ip address 172.24.0.5/32
-router ospf 1
-    router-id 172.24.0.4
-    redistribute bgp
-    redistribute connected
-    redistribute static
-    area 0.0.0.0
-router bgp 65020
-    bgp router-id 172.24.0.4
-    neighbor 172.18.0.1 remote-as 65010
-    address-family ipv4 unicast
-        neighbor 172.18.0.1 default-originate
-        neighbor 172.18.0.1 activate
-        network 172.18.0.0/27
-    exit-address-family
-  interface vlan 1
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
-  interface vlan 700
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
-  interface vlan 701
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
-  interface vlan 705
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
-  interface vlan 706
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
-  interface vlan 707
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
   interface vlan 708
-  ip ospf 1 area 0.0.0.0
+      description Vlan 708 ST
-  ip ospf network point-to-point
+      vsx-sync active-gateways
+      ip mtu 9100
-  interface vlan 709
+      ip address 10.56.72.2/23
-  ip ospf 1 area 0.0.0.0
+      active-gateway ip mac 12:01:00:00:01:00
-  ip ospf network point-to-point
+      active-gateway ip 10.56.72.1
+      ip helper-address 10.56.64.22
-  interface vlan 710
+      ip ospf 1 area 0.0.0.0
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
-  interface vlan 711
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
-  interface vlan 712
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
-  interface vlan 713
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
   interface vlan 714
-  ip ospf 1 area 0.0.0.0
+      description Vlan 714 AC
-  ip ospf network point-to-point
+      vsx-sync active-gateways
+      ip mtu 9100
+      ip address 172.20.40.2/23
+      active-gateway ip mac 12:01:00:00:01:00
+      active-gateway ip 172.20.40.1
+      ip helper-address 10.56.64.22
+      ip ospf 1 area 0.0.0.0
-  interface vlan 715
+  interface vlan 730
-  ip ospf 1 area 0.0.0.0
+      description VLAN 730 9K
-  ip ospf network point-to-point
+      vsx-sync active-gateways
+      ip mtu 9100
+      ip address 10.56.216.2/23
+      active-gateway ip mac 12:01:00:00:01:00
+      active-gateway ip 10.56.216.1
+      ip ospf 1 area 0.0.0.0
-  interface vlan 716
+  interface vlan 731
-  ip ospf 1 area 0.0.0.0
+      description TRANSIT VLAN
-  ip ospf network point-to-point
+      vsx active-forwarding
+      ip address 172.18.0.9/30
+      ip ospf 1 area 0.0.0.0
+      no ip ospf passive
+      ip ospf cost 50
+      ip ospf network point-to-point
-  interface vlan 717
+  interface vlan 1019
-  ip ospf 1 area 0.0.0.0
+      description Vlan 1019 PtP
-  ip ospf network point-to-point
+      vsx active-forwarding
+      ip address 172.18.0.2/30
+      ip ospf 1 area 0.0.0.0
+      no ip ospf passive
+      ip ospf cost 10
+      ip ospf network point-to-point
-  interface vlan 718
+================
-  ip ospf 1 area 0.0.0.0
+**SIDE-B 6400-B**
-  ip ospf network point-to-point
+================
+  vsx
+      system-mac 02:01:00:00:02:00
+      inter-switch-link lag 256
+      role secondary
+      keepalive peer 192.168.102.1 source 192.168.102.2 vrf keepAlive
+      vsx-sync aaa acl-log-timer bfd-global bgp copp-policy dhcp-relay dhcp-server dns icmp-tcp lldp loop-protect-
+  global mac-lockout mclag-interfaces ospf qos-global route-map sflow-global snmp ssh stp-global time vsx-global
-  interface vlan 719
+  ip route 0.0.0.0/0 172.20.32.4
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
-  interface vlan 720
+  vlan 731
-  ip ospf 1 area 0.0.0.0
+      name SOUTH-OSPF
-  ip ospf network point-to-point
+      vsx-sync
+      description TRANSIT VLAN
+  router ospf 1
+      router-id 172.22.0.4
+      max-metric router-lsa on-startup
+      passive-interface default
+      graceful-restart restart-interval 300
+      trap-enable
+      area 0.0.0.0
-  interface vlan 721
+  interface loopback 0
-  ip ospf 1 area 0.0.0.0
+      ip address 172.22.0.4/32
-  ip ospf network point-to-point
+      ip ospf 1 area 0.0.0.0
-  interface vlan 722
+  interface vlan 708
-  ip ospf 1 area 0.0.0.0
+      description Vlan 708 ST
-  ip ospf network point-to-point
+      vsx-sync active-gateways
+      ip mtu 9100
+      ip address 10.56.72.3/23
+      active-gateway ip mac 12:01:00:00:01:00
+      active-gateway ip 10.56.72.1
+      ip helper-address 10.56.64.22
+      ip ospf 1 area 0.0.0.0
+  interface vlan 714
+      description Vlan 714 AC
+      vsx-sync active-gateways
+      ip mtu 9100
+      ip address 172.20.40.3/23
+      active-gateway ip mac 12:01:00:00:01:00
+      active-gateway ip 172.20.40.1
+      ip helper-address 10.56.64.22
+      ip ospf 1 area 0.0.0.0
-  interface vlan 723
+  interface vlan 730
-  ip ospf 1 area 0.0.0.0
+      description VLAN 730 9K
-  ip ospf network point-to-point
+      vsx-sync active-gateways
+      ip mtu 9100
+      ip address 10.56.216.3/23
+      active-gateway ip mac 12:01:00:00:01:00
+      active-gateway ip 10.56.216.1
+      ip ospf 1 area 0.0.0.0
-  interface vlan 724
+  interface vlan 731
-  ip ospf 1 area 0.0.0.0
+      description TRANSIT VLAN
-  ip ospf network point-to-point
+      vsx active-forwarding
+      ip address 172.18.0.10/30
+      ip ospf 1 area 0.0.0.0
+      no ip ospf passive
+      ip ospf cost 50
+      ip ospf network point-to-point
-  interface vlan 725
+  interface vlan 1019
-  ip ospf 1 area 0.0.0.0
+      description Vlan 1019 PtP
-  ip ospf network point-to-point
+      vsx active-forwarding
+      ip address 172.18.0.13/30
-  interface vlan 726
+      ip ospf 1 area 0.0.0.0
-  ip ospf 1 area 0.0.0.0
+      no ip ospf passive
-  ip ospf network point-to-point
+      ip ospf cost 10
+      ip ospf network point-to-point
-  interface vlan 727
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
-  interface vlan 730
-  ip ospf 1 area 0.0.0.0
-  ip ospf network point-to-point
@@ Line 2173: / Line 2226: @@
 ----
 ----
+====== boot system ======
+**Rebooting the system from the configured default operating system image**:
+  switch# boot system
+  Do you want to save the current configuration (y/n)? y
+  The running configuration was saved to the startup configuration.
+  This will reboot the entire switch and render it unavailable
+  until the process is complete.
+  Continue (y/n)? y
+  The system is going down for reboot.
+  The system is going down for reboot.
+**Rebooting the system from the secondary operating system image, setting the secondary operating system image as the configured default boot image:**
+  switch# boot system secondary
+  Default boot image set to secondary.
+  Do you want to save the current configuration (y/n)? n
+  This will reboot the entire switch and render it unavailable
+  until the process is complete.
+  Continue (y/n)? y
+  The system is going down for reboot.
+  Canceling a system reboot:
+  switch# boot system
+  Do you want to save the current configuration (y/n)? n
+  This will reboot the entire switch and render it unavailable
+  until the process is complete.
+  Continue (y/n)? n
+  Reboot aborted.
+  switch#
+----
+----
+====== Steps to get the support files for both the switches: ======
+**For SFTP**:
+  Switch# copy support-files all sftp:// user@Address of Local Server>/support-files.tar.gz vrf default
+**For TFTP**:
+  Switch# copy support-files all tftp:// Address of Local Server>/support-files.tar.gz vrf default
+  CS-2C-MDFHA-A# copy support-files all tftp://10.56.64.22/support-files.tar.gz vrf default
+  The operation to copy all support files could take a while to complete.
+  Do you want to continue (y/n)? y
+  Collection in progress...
+  Standby management module is not reachable
+  Unable to gather information from the standby management module
+  show tech output collection is in progress...
+  Done
+  Done
+  Attempting to copy...
+    % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
+                                   Dload  Upload   Total   Spent    Left  Speed
+69.8M    0     0   65 45.6M      0   467k  0:02:32  0:01:40  0:00:52  648k
+Please note on both the above cases you can use the specific VRF (ex, here we have used management VRF), if you do not specify a VRF, then it will take the default VRF
+OR
+Copy the support files to USB and then upload manually.
+**For USB**:
+For USB option, First you need to enable the USB and then you need to Mount, To do so
+  Switch#(config) usb mount
+Verification can be done by
+  Switch# show usb
+  enabled: yes
+  mounted: yes
+  Switch# copy support-files all usb://support-files.tar.gz
+After copied use this command to unmount the usb
+  Switch#(config) usb unmount
+ USB should be formatted with FAT32 option before inserting to switch.
+----
+----
+====== Images ======
+  CS-2P-MDFHA-B(config-if-vlan)# show images
+  ---------------------------------------------------------------------------
+  ArubaOS-CX Primary Image
+  ---------------------------------------------------------------------------
+  Version : FL.10.13.1010
+  Size    : 998 MB
+  Date    : 2024-04-09 00:34:12 UTC
+  SHA-256 : 53bbd1354dd22bffa2df52b22fe8f2dd5cc05a10bcd9ae8c9e01fc93c830d0ec
+  ---------------------------------------------------------------------------
+  ArubaOS-CX Secondary Image
+  ---------------------------------------------------------------------------
+  Version : FL.10.09.1050
+  Size    : 872 MB
+  Date    : 2022-09-13 23:40:16 UTC
+  SHA-256 : 631640f32e58f3719f56b36474d02c98666a519fb7775d3b263a36783eaafcfd
+  Default Image : primary
+  Boot Profile Timeout : 5 seconds
+  ------------------------------------------------------
+  Management Module 1/1 (Active)
+  ------------------------------------------------------
+  Active Image       : primary
+  Service OS Version : FL.01.14.0002
+  BIOS Version       : FL.01.0002
+  CS-2P-MDFHA-A# boot system primary
+  Default boot image set to primary.
+  Checking if the configuration needs to be saved...
+  Do you want to save the current configuration (y/n)? y
+  The running configuration was saved to the startup configuration.
+  Checking for updates needed to programmable devices...
+  Done checking for updates.
+non-failsafe device(s) also need to be updated.
+  Please run the 'allow-unsafe-updates' command to enable these updates.
+  This will reboot the entire switch and render it unavailable
+  until the process is complete.
+  Continue (y/n)?
+----
+----
+====== Aruba 6300M Uplink Port Compatibility ======
+===== Summary =====
+During the deployment of a 10Gbps LAG between an Aruba 6300M and an Aruba 6400, the link failed to come up when using standard 10G SFP+ SR modules (e.g., JL260A) in ports 51 and 52. These ports are SFP28 with MACsec capabilities and may reject modules that do not support MACsec.
+After inserting the same SFP+ module into port 50 (SFP56 type, no MACsec), the link came up successfully at 10Gbps.
+This indicates that:
+  * Ports 51 and 52 require MACsec-capable transceivers.
+  * Ports 49 and 50 (SFP56) are fully backward compatible and work reliably with standard 10G SFP+ modules.
+  * It is recommended to use ports 49 and 50 for standard uplinks or non-MACsec LAGs.
+===== Uplink Port Compatibility Table =====
+^ Port       ^ Physical Type ^ Supported Speeds     ^ MACsec Support ^ Compatible Modules           ^ Recommended Use                           ^
+| 1/1/49     | SFP56         | 10G / 25G / 50G       | No             | SFP+, SFP28, SFP56            | Standard uplinks, LAGs, non-secure 10G    |
+| 1/1/50     | SFP56         | 10G / 25G / 50G       | No             | SFP+, SFP28, SFP56            | Standard uplinks, LAGs, non-secure 10G    |
+| 1/1/51     | SFP28         | 10G / 25G             | Yes            | SFP+ MACsec, SFP28 MACsec     | Secure uplinks only (MACsec modules)     |
+| 1/1/52     | SFP28         | 10G / 25G             | Yes            | SFP+ MACsec, SFP28 MACsec     | Secure uplinks only (MACsec modules)     |
+===== SFP/SFP+ Module Compatibility =====
+^ Module     ^ Speed     ^ MACsec Support ^ Compatible Ports ^ Notes                                      ^
+| JL260A     | 10G       | No             | 49, 50           | Standard SFP+ SR module, not for 51/52     |
+| JL261A     | 10G       | No             | 49, 50           | Standard SFP+ LR module                    |
+| JL685A     | 10G       | Yes            | 51, 52           | MACsec-capable SFP+ SR module              |
+| JL640A     | 25G       | Yes            | 51, 52           | SFP28 SR MACsec module                     |
+| JL563A     | 25G       | No             | 49, 50           | SFP28 SR non-MACsec module                 |
+===== Notes =====
+  * If a module is not MACsec-capable, it may not link on ports 51–52.
+  * Use the command ''show macsec summary'' to check MACsec status.
+  * Ensure both ends of a LAG use modules of the same type and speed.
+  * When in doubt, test modules on ports 49 or 50 for basic link validation.
+----
+----
+====== VXLAN Configuration between Aruba 6300 and Aruba 6400 ======
+This document outlines the required configuration and logical architecture to enable VXLAN Layer 2 extension between an Aruba 6300 and an Aruba 6400 switch. It includes the architecture summary, logical diagram, VNI-to-VLAN mapping, and complete CLI configuration focused solely on VXLAN.
+===== Architecture Summary =====
+This design extends Layer 2 domains using point-to-point VXLAN tunnels (ingress-replication). Each Aruba switch acts as a VXLAN Tunnel Endpoint (VTEP), using its Loopback interface as the source IP for encapsulation.
+  * VXLAN mode: Static EVPN
+  * Transport: VXLAN over IP using loopback source
+  * Encapsulation: Ingress-replication VXLAN
+  * MTU: Minimum 9100 on transport interfaces
+===== Logical Architecture =====
+  +------------------------+                   VXLAN Tunnel                   +------------------------+
+  | Aruba 6300 (VTEP)      |<----------------------------------------------->| Aruba 6400 (VTEP)      |
+  | Loopback: 172.22.32.3  |                                                 | Loopback: 172.22.32.4  |
+  | VLANs: 1, 700–732      |                                                 | VLANs: 1, 700–732      |
+  | VXLAN Interface: 1     |                                                 | VXLAN Interface: 1     |
+  +------------------------+                                                 +------------------------+
+Each switch encapsulates traffic from local VLANs into VXLAN using its loopback as the tunnel source.
+===== VXLAN Mapping Table: VLAN ↔ VNI ↔ Tunnel =====
+^ VLAN ID ^ VNI    ^ Description      ^ Local VTEP (6300) ^ Remote VTEP (6400) ^
+| 1       | 10001  | Management       | 172.22.32.3        | 172.22.32.4         |
+| 700     | 10700  | ServerVM         | 172.22.32.3        | 172.22.32.4         |
+| 701     | 10701  | ServerStack      | 172.22.32.3        | 172.22.32.4         |
+| 702     | 10702  | ISP1             | 172.22.32.3        | 172.22.32.4         |
+| ...     | ...    | ...              | ...                | ...                 |
+| 732     | 10732  | OldNet           | 172.22.32.3        | 172.22.32.4         |
+===== CLI Configuration – Aruba 6300 =====
+<code>
+interface loopback 1
+    ip address 172.22.32.3/32
+    ip ospf 1 area 0.0.0.0
+interface vxlan 1
+    source ip 172.22.32.3
+    inter-vxlan-bridging-mode static-evpn
+    no shutdown
+    vni 10001
+        vlan 1
+        vtep-peer 172.22.32.4
+    vni 10700
+        vlan 700
+        vtep-peer 172.22.32.4
+    ...
+    vni 10732
+        vlan 732
+        vtep-peer 172.22.32.4
+router ospf 1
+    router-id 172.22.32.3
+    area 0.0.0.0
+ip route 172.22.32.0/24 172.20.28.1
+</code>
+===== CLI Configuration – Aruba 6400 =====
+<code>
+interface loopback 1
+    ip address 172.22.32.4/32
+    ip ospf 1 area 0.0.0.0
+interface vxlan 1
+    source ip 172.22.32.4
+    inter-vxlan-bridging-mode static-evpn
+    no shutdown
+    vni 10001
+        vlan 1
+        vtep-peer 172.22.32.3
+    vni 10700
+        vlan 700
+        vtep-peer 172.22.32.3
+    ...
+    vni 10732
+        vlan 732
+        vtep-peer 172.22.32.3
+router ospf 1
+    router-id 172.22.32.4
+    area 0.0.0.0
+ip route 172.22.32.0/24 172.20.28.1
+</code>
+----
+----
+{{ :aruba_networks:switch:6400:vxlan_cli_ap.pdf |}}
+{{pdfjs 46em >:aruba_networks:switch:6400:vxlan_cli_ap.pdf}}
+----
+----