Differences

This shows you the differences between two versions of the page.

--- aruba_networks:switch:6400:6400_configuration_example_script [2025/05/09 09:29] – aperez
+++ aruba_networks:switch:6400:6400_configuration_example_script [2025/08/04 11:57] (current) – [CLI Configuration – Aruba 6400] aperez
@@ Line 1809: / Line 1809: @@
-{{:aruba_networks:switch:6400:ospf_final.png?600|}}
+----
+{{ :aruba_networks:switch:6400:ospf_final.png?600 |}}
+----
 ================
-SIDE-A 6400-A
+**SIDE-A 6400-A**
 ================
+  Example set vlan L2 to both SW 6400 A and B:
+  vlan 508
+      name ST
+      vsx-sync
+      ip igmp snooping enable
+      ip igmp snooping version 2
+      ip igmp snooping apply access-list mygroup1
   vsx
@@ Line 1852: / Line 1867: @@
       ip helper-address 10.28.64.22
       ip ospf 1 area 0.0.0.0
   interface vlan 514
       description Vlan 514 AC
@@ Line 1891: / Line 1906: @@
 ================
-SIDE-A 6400-B
+**SIDE-A 6400-B**
 ================
@@ Line 1967: / Line 1982: @@
 ================
-SIDE-B 6400-A
+**SIDE-B 6400-A**
 ================
+  Example set vlan L2 to both SW 6400 A and B:
+  vlan 708
+      name ST
+      vsx-sync
+      ip igmp snooping enable
+      ip igmp snooping version 2
+      ip igmp snooping apply access-list mygroup1
   vsx
@@ Line 2006: / Line 2031: @@
       ip helper-address 10.56.64.22
       ip ospf 1 area 0.0.0.0
   interface vlan 714
       description Vlan 714 AC
@@ Line 2016: / Line 2041: @@
       ip helper-address 10.56.64.22
       ip ospf 1 area 0.0.0.0
   interface vlan 730
       description VLAN 730 9K
@@ Line 2044: / Line 2069: @@
       ip ospf network point-to-point
 ================
-SIDE-B 6400-B
+**SIDE-B 6400-B**
 ================
@@ Line 2064: / Line 2088: @@
       vsx-sync
       description TRANSIT VLAN
   router ospf 1
       router-id 172.22.0.4
@@ Line 2076: / Line 2100: @@
       ip address 172.22.0.4/32
       ip ospf 1 area 0.0.0.0
   interface vlan 708
       description Vlan 708 ST
@@ Line 2347: / Line 2371: @@
 ----
 ----
+====== Aruba 6300M Uplink Port Compatibility ======
+===== Summary =====
+During the deployment of a 10Gbps LAG between an Aruba 6300M and an Aruba 6400, the link failed to come up when using standard 10G SFP+ SR modules (e.g., JL260A) in ports 51 and 52. These ports are SFP28 with MACsec capabilities and may reject modules that do not support MACsec.
+After inserting the same SFP+ module into port 50 (SFP56 type, no MACsec), the link came up successfully at 10Gbps.
+This indicates that:
+  * Ports 51 and 52 require MACsec-capable transceivers.
+  * Ports 49 and 50 (SFP56) are fully backward compatible and work reliably with standard 10G SFP+ modules.
+  * It is recommended to use ports 49 and 50 for standard uplinks or non-MACsec LAGs.
+===== Uplink Port Compatibility Table =====
+^ Port       ^ Physical Type ^ Supported Speeds     ^ MACsec Support ^ Compatible Modules           ^ Recommended Use                           ^
+| 1/1/49     | SFP56         | 10G / 25G / 50G       | No             | SFP+, SFP28, SFP56            | Standard uplinks, LAGs, non-secure 10G    |
+| 1/1/50     | SFP56         | 10G / 25G / 50G       | No             | SFP+, SFP28, SFP56            | Standard uplinks, LAGs, non-secure 10G    |
+| 1/1/51     | SFP28         | 10G / 25G             | Yes            | SFP+ MACsec, SFP28 MACsec     | Secure uplinks only (MACsec modules)     |
+| 1/1/52     | SFP28         | 10G / 25G             | Yes            | SFP+ MACsec, SFP28 MACsec     | Secure uplinks only (MACsec modules)     |
+===== SFP/SFP+ Module Compatibility =====
+^ Module     ^ Speed     ^ MACsec Support ^ Compatible Ports ^ Notes                                      ^
+| JL260A     | 10G       | No             | 49, 50           | Standard SFP+ SR module, not for 51/52     |
+| JL261A     | 10G       | No             | 49, 50           | Standard SFP+ LR module                    |
+| JL685A     | 10G       | Yes            | 51, 52           | MACsec-capable SFP+ SR module              |
+| JL640A     | 25G       | Yes            | 51, 52           | SFP28 SR MACsec module                     |
+| JL563A     | 25G       | No             | 49, 50           | SFP28 SR non-MACsec module                 |
+===== Notes =====
+  * If a module is not MACsec-capable, it may not link on ports 51–52.
+  * Use the command ''show macsec summary'' to check MACsec status.
+  * Ensure both ends of a LAG use modules of the same type and speed.
+  * When in doubt, test modules on ports 49 or 50 for basic link validation.
+----
+----
+====== VXLAN Configuration between Aruba 6300 and Aruba 6400 ======
+This document outlines the required configuration and logical architecture to enable VXLAN Layer 2 extension between an Aruba 6300 and an Aruba 6400 switch. It includes the architecture summary, logical diagram, VNI-to-VLAN mapping, and complete CLI configuration focused solely on VXLAN.
+===== Architecture Summary =====
+This design extends Layer 2 domains using point-to-point VXLAN tunnels (ingress-replication). Each Aruba switch acts as a VXLAN Tunnel Endpoint (VTEP), using its Loopback interface as the source IP for encapsulation.
+  * VXLAN mode: Static EVPN
+  * Transport: VXLAN over IP using loopback source
+  * Encapsulation: Ingress-replication VXLAN
+  * MTU: Minimum 9100 on transport interfaces
+===== Logical Architecture =====
+  +------------------------+                   VXLAN Tunnel                   +------------------------+
+  | Aruba 6300 (VTEP)      |<----------------------------------------------->| Aruba 6400 (VTEP)      |
+  | Loopback: 172.22.32.3  |                                                 | Loopback: 172.22.32.4  |
+  | VLANs: 1, 700–732      |                                                 | VLANs: 1, 700–732      |
+  | VXLAN Interface: 1     |                                                 | VXLAN Interface: 1     |
+  +------------------------+                                                 +------------------------+
+Each switch encapsulates traffic from local VLANs into VXLAN using its loopback as the tunnel source.
+===== VXLAN Mapping Table: VLAN ↔ VNI ↔ Tunnel =====
+^ VLAN ID ^ VNI    ^ Description      ^ Local VTEP (6300) ^ Remote VTEP (6400) ^
+| 1       | 10001  | Management       | 172.22.32.3        | 172.22.32.4         |
+| 700     | 10700  | ServerVM         | 172.22.32.3        | 172.22.32.4         |
+| 701     | 10701  | ServerStack      | 172.22.32.3        | 172.22.32.4         |
+| 702     | 10702  | ISP1             | 172.22.32.3        | 172.22.32.4         |
+| ...     | ...    | ...              | ...                | ...                 |
+| 732     | 10732  | OldNet           | 172.22.32.3        | 172.22.32.4         |
+===== CLI Configuration – Aruba 6300 =====
+<code>
+interface loopback 1
+    ip address 172.22.32.3/32
+    ip ospf 1 area 0.0.0.0
+interface vxlan 1
+    source ip 172.22.32.3
+    inter-vxlan-bridging-mode static-evpn
+    no shutdown
+    vni 10001
+        vlan 1
+        vtep-peer 172.22.32.4
+    vni 10700
+        vlan 700
+        vtep-peer 172.22.32.4
+    ...
+    vni 10732
+        vlan 732
+        vtep-peer 172.22.32.4
+router ospf 1
+    router-id 172.22.32.3
+    area 0.0.0.0
+ip route 172.22.32.0/24 172.20.28.1
+</code>
+===== CLI Configuration – Aruba 6400 =====
+<code>
+interface loopback 1
+    ip address 172.22.32.4/32
+    ip ospf 1 area 0.0.0.0
+interface vxlan 1
+    source ip 172.22.32.4
+    inter-vxlan-bridging-mode static-evpn
+    no shutdown
+    vni 10001
+        vlan 1
+        vtep-peer 172.22.32.3
+    vni 10700
+        vlan 700
+        vtep-peer 172.22.32.3
+    ...
+    vni 10732
+        vlan 732
+        vtep-peer 172.22.32.3
+router ospf 1
+    router-id 172.22.32.4
+    area 0.0.0.0
+ip route 172.22.32.0/24 172.20.28.1
+</code>
+----
+----
+{{ :aruba_networks:switch:6400:vxlan_cli_ap.pdf |}}
+{{pdfjs 46em >:aruba_networks:switch:6400:vxlan_cli_ap.pdf}}
+----
+----