Differences

This shows you the differences between two versions of the page.

--- aruba_networks:switch:6400:6400_configuration_example_script [2025/07/24 05:02] – aperez
+++ aruba_networks:switch:6400:6400_configuration_example_script [2025/12/28 12:07] (current) – removed aperez
@@ Line 1: / Line 1: @@
-Aruba CX 6400v2 / 6200 Series Switches
-{{ youtube>e4evouQLb0I }}
-----
-----
-{{ youtube>1JKSd0HCRXg }}
-----
-----
-====== Select a Product to View the List of Commands ======
-**[[https://www.arubanetworks.com/techdocs/AOS-CX/AOSCX-CLI-Bank/cli_832x/Content/aos-cx-home.htm|Select a Product to View the List of Commands]]
-**
-----
-----
-{{ :aruba_networks:switch:ds_6400series.pdf |}}
-{{pdfjs 46em >:aruba_networks:switch:ds_6400series.pdf}}
-{{ :aruba_networks:switch:ds_6400series_hpe.pdf |}}
-{{pdfjs 46em >:aruba_networks:switch:ds_6400series_hpe.pdf}}
-{{ :aruba_networks:switch:aruba_6400_igsg.pdf |}}
-{{pdfjs 46em >:aruba_networks:switch:aruba_6400_igsg.pdf}}
-{{ :aruba_networks:switch:fundamentals_6300-6400.pdf |}}
-{{pdfjs 46em >:aruba_networks:switch:fundamentals_6300-6400.pdf}}
-{{ :aruba_networks:switch:diagnostics_6300-6400.pdf |}}
-{{pdfjs 46em >:aruba_networks:switch:diagnostics_6300-6400.pdf}}
-----
-----
-====== AOS-CX 10.10 IP Services Guide 6300, 6400 Switch Series ======
-{{ :aruba_networks:switch:6400:ip_services_6300-6400.pdf |AOS-CX 10.10 IP Services Guide 6300, 6400 Switch Series}}
-{{pdfjs 46em >:aruba_networks:switch:6400:ip_services_6300-6400.pdf}}
-----
-----
-{{ :aruba_networks:switch:hpe_a00094242en_us_vsx_configuration_best_practices_for_aruba_cx_6400_8320_8325_8360_8400_v1.3.pdf |}}
-{{pdfjs 46em >:aruba_networks:switch:hpe_a00094242en_us_vsx_configuration_best_practices_for_aruba_cx_6400_8320_8325_8360_8400_v1.3.pdf}}
-----
-----
-**Disables connection to Aruba Central server.**
-When the connection is disabled, the switch does not attempt to connect to the Aruba Central server or fetch central location from any of the three sources (CLI/Aruba Activate/DHCP). It also disconnects any active connection to the Aruba Central server.
-Example
-   switch(config)# aruba-central
-   switch(config-aruba-central)# disable
-   switch(config-aruba-central)#
-----
-----
-====== Laboratory ======
-----
-----
-[[https://www.arubanetworks.com/techdocs/AOS-CX/10.09/HTML/vsx/Content/Chp_Ups_con/ups-con-opt.htm|Upstream connectivity options]]
-[[https://www.arubanetworks.com/techdocs/AOS-CX/10.10/HTML/link_aggregation/Content/Chp_LAG/LACP_LAG_cmds/lag-10.htm|LAG]]
-[[https://www.arubanetworks.com/techdocs/AOS-CX/10.09/HTML/link_aggregation/Content/Chp_LAG/con-l2-sta-agg-gro-10.htm|Configuring a Layer 2 static aggregation group]]
-[[https://www.arubanetworks.com/techdocs/AOS-CX/10.07/HTML/5200-7869/Content/Chp_LAG/con-l3-sta-agg-gro-10.htm|Configuring a Layer 3 static aggregation group]]
-[[https://www.arubanetworks.com/techdocs/AOS-CX/10.09/HTML/vsx/Content/Chp_Pre_tra_loss/kee-10.htm|Keepalive]]
-[[https://www.arubanetworks.com/techdocs/AOS-CX/10.07/HTML/5200-7888/Content/Chp_Start/int-swi-lin-isl-10.htm#:~:text=In%20the%20VSX%20solution%20topology,to%20its%20peer%20VSX%20switch.|Inter-Switch Link (ISL)]]
-  Note: ISL stands for Inter-Switch Link, and it is a Cisco proprietary protocol. It works by adding a 26-byte
-  header and a 4-byte trailer to the original Ethernet frame, creating a new ISL frame. The header contains the
-  VLAN ID, which identifies the VLAN to which the frame belongs;  ISL adds more overhead to the Ethernet frame
-  compared to IEEE 802.1Q due to its proprietary encapsulation, which can impact network performance, especially in
-  high-throughput environments. In contrast, IEEE 802.1Q has a lower overhead, making it more efficient in terms of
-  bandwidth utilization.
-**[[https://forum.huawei.com/enterprise/en/ne40e-software-version/thread/667247366849314816-667213852955258880|VLAN Aggregation Mode-------IEEE 802.1Q and ISL]]**
-----
-----
-====== IEEE 802.1Q ======
-IEEE 802.1Q, commonly known as "Dot One Q", is an IEEE-certified protocol for attaching VLAN identification information to data frames.
-Here, please recall the standard format of Ethernet data frames.
-The VLAN identification information attached by IEEE 802.1Q is located between the "Sending Source MAC Address" and the "Type Field" (Type Field) in the data frame. The specific content is 2 bytes of TPID (Tag Protocol Identifier) and 2 bytes of TCI (Tag Control Information), a total of 4 bytes.
-Add 4 bytes of content to the data frame, so the CRC value will naturally change. At this time, the CRC on the data frame is the value obtained by recalculating the entire data frame including them after inserting TPID and TCI.
-{{ :aruba_networks:switch:802.1q.png?600 |}}
-When the data frame leaves the aggregation link, the TPID and TCI will be removed, and a CRC recalculation will be performed at this time.
-The position of the TPID field in the Ethernet packet is the same as the position of the protocol type field in the packet without a VLAN tag. The value of TPID is fixed to 0x8100, which indicates the 802.1Q type carried by the network frame, and the switch uses it to determine that the IEEE 802.1Q-based VLAN information is attached to the data frame. The actual VLAN ID is 12 bits in TCI. Since there are 12 bits in total, up to 4096 VLANs can be identified.
-The VLAN information attached based on IEEE 802.1Q is like a tag attached when transferring items. Therefore, it is also called "Tagging VLAN" (Tagging VLAN).
-====== ISL (Inter-Switch Link) ======
-ISL is a protocol similar to IEEE 802.1Q supported by Cisco products for attaching VLAN information to the aggregation link.
-After using ISL, 26 bytes of "ISL Header" will be appended to the header of each data frame, and 4 words obtained by calculating the entire data frame including the ISL header on the frame tail band Section CRC value. In other words, a total of 30 bytes of information have been added.
-In an environment where ISL is used, when a data frame leaves the convergence link, simply remove the ISL header and the new CRC. Since the original data frame and its CRC are completely preserved, there is no need to recalculate the CRC.
-{{ :aruba_networks:switch:isl.png?600 |}}
-ISL is like wrapping the entire original data frame with an ISL header and a new CRC, so it is also called an "Encapsulated VLAN" (Encapsulated VLAN).
-It should be noted that neither the "Tagging VLAN" of IEEE802.1Q or the "Encapsulated VLAN" of ISL is a very strict term. In different books and reference materials, the above words may be mixed and used, so you need to pay special attention when studying.
-And because ISL is a Cisco unique protocol, it can only be used for interconnection between Cisco network devices.
-----
-----
-**[[networking:mtu|¿Maximum transmission unit - MTU -)?]]**
-[[https://techhub.hpe.com/eginfolib/networking/docs/switches/RA/15-18/5998-8161_ra_2620_mcg/content/ch05s04.html#:~:text=This%20is%20the%20value%20of%20the%20global%20jumbos%20IP%20MTU,size%20and%20ip%2Dmtu%20configuration.|Jumbo frames]]
-  Note: For Ethernet networks, the recommended MTU size is usually 9000 bytes. This is because Ethernet networks
-  are designed to handle larger frames, making it easier to achieve higher performance with JUMBO Frames.
-  Note: What is MTU 9198 (Jumbo frames)?; this is the value of the global jumbos IP MTU (or L3 MTU) supported by
-  the switch. The default value is set to 9198 bytes (a value that is 18 bytes less than the largest possible
-  maximum frame size of 9216 bytes). This object can be used only in switches that support max-frame-size and ip-
-  mtu configuration.
-  Note: What is the best MTU setting (WAN)?; it is generally recommended that the MTU for a WAN interface connected
-  to a PPPoE DSL network be 1492. In fact, with auto MTU discovery, 1492 is discovered to be the maximum allowed
-  MTU. However, having an MTU of 1452 is most optimal.
-----
-----
-**[[networking:poe:what_is_power_over_ethernet_poe|¿What is power over ethernet PoE?]]**
-----
-----
-**VSX/VSF - CLI test configuration**
-----
-----
-{{ :aruba_networks:switch:2.aos-cx-simulator-vsx-part-2-lab-guide.pdf |}}
-{{pdfjs 46em >:aruba_networks:switch:2.aos-cx-simulator-vsx-part-2-lab-guide.pdf}}
-{{ :aruba_networks:switch:modelo0.jpg?600 |}}
-{{ :aruba_networks:switch:modelo1.jpg?600 |}}
-{{ :aruba_networks:switch:modelo2.jpg?600 |}}
-{{ :aruba_networks:switch:modelo3.jpg?600 |}}
-{{ :aruba_networks:switch:modelo4.jpg?600 |}}
-{{ :aruba_networks:switch:modelo5.jpg?600 |}}
-----
-----
-**Virtual MAC and System-MAC Guidance**
-One of the main VSX best practice is to set VSX system-mac and not leave it blank with default HW system-mac being used. By doing so, the VSX system-mac is independent from the physical hardware MAC address and in case of hardware replacement of the VSX primary, the new switch can be configured with the same configuration than the previous primary unit with no impact on the VSX secondary as the cluster ID remains unchanged. With such practice, VSX primary HW replacement is hitless for the VSX secondary. (Otherwise the VSX secondary would have to join a new cluster ID, ID from VSX primary, and would turn-off temporary its VSX LAG ports).
-Please use locally administered unicast MAC Address when assigning system-mac or active-gateway virtual MAC address. There are 4 ranges reserved for private use for unicast (with second least significant bit of the first octet of the unicast address set to 1). x is any Hexadecimal value.
-  *  x2-xx-xx-xx-xx-xx
-  *  x6-xx-xx-xx-xx-xx
-  *  xA-xx-xx-xx-xx-xx
-  *  xE-xx-xx-xx-xx-xx
-In this document, **02:01:00:00:01:00** is used or **system-mac** and **12:01:00:00:01:00** is used for **active-gateway Virtual MAC.**
-{{ :aruba_networks:switch:cluster_id.jpg?600 |}}
-The scope of this VMAC is purely link-local. Consequently, __**the same Virtual MAC address value can be used on any L3 VLAN interface (SVI)**__.
-If some servers or systems have dual-attachment to two different SVIs, and the system administrator would like to see distinct MAC addresses for the next-hops over these separate interfaces, then 16 VMACs are available. For dual-stack IPv4 and IPv6, 16 VMACs can be used for IPv4 and the same VMACs can be used for IPv6. It is however a best practice to use only 8 VMACs for IPv4 and 8 different VMACs for IPV6.
-----
-----
-  Note: any other allocation rules can be chosen according to administrative rules in place by the network
-  operational team. Multicast orbroadcast MAC addresses must not be used for System-mac.
-----
-----
-**vsx-sync**
-{{ :aruba_networks:switch:csx_option.jpg?600 |}}
-[[https://www.arubanetworks.com/techdocs/AOS-CX/10.07/HTML/5200-7888/Content/VSX_cmds/vsx-syn-10.htm|vsx-sync]]
-----
-**Switch 8360-1**
-----
--1#conf
--1#hotname 8360-1
--1#int mgmt
--1#ip static 10.1.1.12/24
--1#no shut
--1#end
--1#wr mem
--1#sh ver
-  //must have the same software version//
--1#int lag 256
--1#no shut
--1#description ISL Link
--1#no routing
--1#vlan trunk native 1
--1#vlan trunk allowed all
--1#lacp mode active
--1#exit
-  //over QSFP28 DAC X 2 //
--1#interface 1/1/25
--1#no shut
--1#mtu 9198
--1#description ISL port 1
--1#lag 256
--1#interface 1/1/26
--1#no shut
--1#mtu 9198
--1#description ISL port 2
--1#lag 256
--1#exit
--1#wr mem
--1#sh interface lag 256
--1#sh lacp interfaces
-  //over SFP+ DAC//
--1#config t
--1#vrf keepAlive
--1#exit
--1#interface 1/1/24
--1#no shut
--1#vrf attach keepAlive
--1#routing
--1#ip address 192.168.99.1/30
--1#end
--1#wr mem
-  //test//
--1#ping 192.168.99.2 vrf keepAlive
--1#conf
--1#vsx
--1#system-mac 02:01:00:00:01:00
--1#inter-switch-link lag 256
--1#role primary
--1#vsx-sync vsx-global
--1#end
--1#wr mem
--1#sh vsx status
--1#sh run | begin vsx
--1#sh run vsx-sync
--1#sh vsx brief
--1#conf
--1#vsx
--1#keepalive peer 192.168.99.2 source 192.168.99.1 vrf keepAlive
--1#end
--1#wr mem
--1#sh vsx brief
--1#sh vsx status config-sync
--1#conf
--1#vsx
--1#vsx-sync aaa acl-log-timer bfd-global bgp copp-policy dhcp-relay dhcp-server dns icmp-tcp lldp loop-
-  protect-global mac-lockout mclag-interfaces neighbor ospf qos-global route-map sflow-global snmp ssh stp-global
-  time vsx-global
--1#end
--1#wr mem
-  //Lag multi-chassis//
--1#config
--1#interface lag 1 multi-chassis
--1#description Access VSX LAG
--1#no shut
--1#vlan trunk allowed 10,20
--1#exit
--1#interface 1/1/1
--1#no shut
--1#mtu 9100
--1#description LAG1 Port
--1#lag 1
--1#end
--1#wr mem
-  //VLAN 10 - VIP - 10.1.10.1//
-  //VLAN 20 - VIP - 10.1.20.1//
--1#conf
--1#interface vlan 10
--1#vsx-sync active-gateways
--1#ip mtu 9100
--1#ip address 10.1.10.2/24
--1#active-gateway ip mac 12:01:00:00:01:00
--1#active-gateway ip 10.1.10.1
--1#no shut
--1#exit
--1#interface vlan 20
--1#vsx-sync active-gateways
--1#ip mtu 9100
--1#ip address 10.1.20.2/24
--1#active-gateway ip mac 12:01:00:00:01:00
--1#active-gateway ip 10.1.20.1
--1#end
--1#wr mem
--1#
--1#
-**Enabling or disabling IGMP snooping**
-  switch(config)# vlan 2
-  switch(config-vlan)# ip igmp snooping enable
-  switch(config-vlan)# ip igmp snooping version 2
-**Enabling or disabling IGMP**
-  switch(config)# interface vlan 2
-  switch(config-if-vlan)# ip igmp enable
-**ip igmp querier**
-  switch(config)# vlan 2
-  switch(config)# interface vlan 2
-  switch(config-if-vlan)# ip igmp enable
-  switch(config-if-vlan)# ip igmp querier
-**[[https://www.arubanetworks.com/techdocs/AOS-CX/10.08/HTML/multicast_4100i-6000-6100/Content/Chp_igmp_sno/igm-sno.htm|AOS-CX 10.08 Multicast Guide]]**
-[[https://www.arubanetworks.com/techdocs/AOS-CX/10.07/HTML/5200-7876/Content/Chp_igmp/ena-dis-igm.htm|Enabling or disabling IGMP]]
-[[https://www.arubanetworks.com/techdocs/AOS-CX/10.08/HTML/multicast_4100i-6000-6100/Content/Chp_igmp/igmp_cmds/ip-igm-que.htm|ip igmp querier]]
-IGMP snooping runs on a Layer 2 device as a multicast constraining mechanism to improve multicast forwarding efficiency. It creates Layer 2 multicast forwarding entries from IGMP packets that are exchanged between the hosts and the router.
-When IGMP snooping is not enabled, the snooping switch floods multicast packets to all hosts in a VLAN. IGMP L2 snooping switch provides the benefit of conserving bandwidth on those segments of the network where no node has expressed interest in receiving packets addressed to the group address. When IGMP snooping is enabled, the L2 snooping switch forwards multicast packets of known multicast groups to only the receivers.
-{{ :aruba_networks:switch:igmp-snooping-overview_603x386.png?600 | }}
-----
-----
-{{ :aruba_networks:switch:6400:multicast_6200-6300-6400-8xxx.pdf |}}
-{{pdfjs 46em >:aruba_networks:switch:6400:multicast_6200-6300-6400-8xxx.pdf}}
-----
-----
-  access-list ip mygroup
-permit any any 239.1.1.1/24
-  access-list ip mygroup1
-permit any any any
-  vlan 1
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup
-  vlan 500
-      name ServerVM
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup
-  vlan 501
-      name ServerStack
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup
-  vlan 502
-      name ISP1
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup
-  vlan 503
-      name ISP2
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup
-  vlan 504
-      name ISP3
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup
-  vlan 505
-      name LAN-UTM
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup
-  vlan 506
-      name WIFI-AP
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup
-  vlan 507
-      name VIP
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup
-  vlan 508
-      name ST
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup
-  vlan 509
-      name Staff
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup
-  vlan 510
-      name Teacher
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup
-  vlan 511
-      name Students
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup
-  vlan 512
-      name Accounting
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup
-  vlan 513
-      name Printer
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup
-  vlan 514
-      name AC
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup
-  vlan 515
-      name iDRAC
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup
-  vlan 516
-      name KVM
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup
-  vlan 517
-      name Guest
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup
-  vlan 518
-      name VoIP
-      ip igmp snooping enable
-      ip igmp snooping version 2
-       ip igmp snooping apply access-list mygroup
-  vlan 519
-      name IoT
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup
-  vlan 520
-      name Cameras
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup
-  vlan 521
-      name VC
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup
-  vlan 522
-      name VPN
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup
-  vlan 523
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup
-  vlan 524
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup
-  vlan 525
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup
-  interface vlan 511
-    ip igmp enable
-    ip igmp version 2
-    ip igmp querier
-    ip igmp querier interval 100
-    ip igmp query-max-response-time 30
-    ip igmp robustness 5
-    ip igmp last-member-query-interval 2
-    ip igmp query-max-response-time 50
-    ip igmp apply access-list mygroup1
-  interface vlan 512
-    ip igmp enable
-    ip igmp version 2
-    ip igmp querier
-    ip igmp querier interval 100
-    ip igmp query-max-response-time 30
-    ip igmp robustness 5
-    ip igmp last-member-query-interval 2
-    ip igmp query-max-response-time 50
-    ip igmp apply access-list mygroup1
-  interface vlan 513
-    ip igmp enable
-    ip igmp version 2
-    ip igmp querier
-    ip igmp querier interval 100
-    ip igmp query-max-response-time 30
-    ip igmp robustness 5
-    ip igmp last-member-query-interval 2
-    ip igmp query-max-response-time 50
-    ip igmp apply access-list mygroup1
-  interface vlan 514
-    ip igmp enable
-    ip igmp version 2
-    ip igmp querier
-    ip igmp querier interval 100
-    ip igmp query-max-response-time 30
-    ip igmp robustness 5
-    ip igmp last-member-query-interval 2
-    ip igmp query-max-response-time 50
-    ip igmp apply access-list mygroup1
-  interface vlan 515
-    ip igmp enable
-    ip igmp version 2
-    ip igmp querier
-    ip igmp querier interval 100
-    ip igmp query-max-response-time 30
-    ip igmp robustness 5
-    ip igmp last-member-query-interval 2
-    ip igmp query-max-response-time 50
-    ip igmp apply access-list mygroup1
-  interface vlan 516
-    ip igmp enable
-    ip igmp version 2
-    ip igmp querier
-    ip igmp querier interval 100
-    ip igmp query-max-response-time 30
-    ip igmp robustness 5
-    ip igmp last-member-query-interval 2
-    ip igmp query-max-response-time 50
-    ip igmp apply access-list mygroup1
-  interface vlan 517
-    ip igmp enable
-    ip igmp version 2
-    ip igmp querier
-    ip igmp querier interval 100
-    ip igmp query-max-response-time 30
-    ip igmp robustness 5
-    ip igmp last-member-query-interval 2
-    ip igmp query-max-response-time 50
-    ip igmp apply access-list mygroup1
-  interface vlan 518
-    ip igmp enable
-    ip igmp version 2
-    ip igmp querier
-    ip igmp querier interval 100
-    ip igmp query-max-response-time 30
-    ip igmp robustness 5
-    ip igmp last-member-query-interval 2
-    ip igmp query-max-response-time 50
-    ip igmp apply access-list mygroup1
-  interface vlan 519
-    ip igmp enable
-    ip igmp version 2
-    ip igmp querier
-    ip igmp querier interval 100
-    ip igmp query-max-response-time 30
-    ip igmp robustness 5
-    ip igmp last-member-query-interval 2
-    ip igmp query-max-response-time 50
-    ip igmp apply access-list mygroup1
-  interface vlan 520
-    ip igmp enable
-    ip igmp version 2
-    ip igmp querier
-    ip igmp querier interval 100
-    ip igmp query-max-response-time 30
-    ip igmp robustness 5
-    ip igmp last-member-query-interval 2
-    ip igmp query-max-response-time 50
-    ip igmp apply access-list mygroup1
-  interface vlan 521
-    ip igmp enable
-    ip igmp version 2
-    ip igmp querier
-    ip igmp querier interval 100
-    ip igmp query-max-response-time 30
-    ip igmp robustness 5
-    ip igmp last-member-query-interval 2
-    ip igmp query-max-response-time 50
-    ip igmp apply access-list mygroup1
-  interface vlan 522
-    ip igmp enable
-    ip igmp version 2
-    ip igmp querier
-    ip igmp querier interval 100
-    ip igmp query-max-response-time 30
-    ip igmp robustness 5
-    ip igmp last-member-query-interval 2
-    ip igmp query-max-response-time 50
-    ip igmp apply access-list mygroup1
-  interface vlan 523
-    ip igmp enable
-    ip igmp version 2
-    ip igmp querier
-    ip igmp querier interval 100
-    ip igmp query-max-response-time 30
-    ip igmp robustness 5
-    ip igmp last-member-query-interval 2
-    ip igmp query-max-response-time 50
-    ip igmp apply access-list mygroup1
-  interface vlan 524
-    ip igmp enable
-    ip igmp version 2
-    ip igmp querier
-    ip igmp querier interval 100
-    ip igmp query-max-response-time 30
-    ip igmp robustness 5
-    ip igmp last-member-query-interval 2
-    ip igmp query-max-response-time 50
-    ip igmp apply access-list mygroup1
-  interface vlan 525
-    ip igmp enable
-    ip igmp version 2
-    ip igmp querier
-    ip igmp querier interval 100
-    ip igmp query-max-response-time 30
-    ip igmp robustness 5
-    ip igmp last-member-query-interval 2
-    ip igmp query-max-response-time 50
-    ip igmp apply access-list mygroup1
-----
-----
-**DHCP relay**
-DHCP relay is enabled by default. If it was previously disabled, enable it.
-  Switch A:
-  switch#config
-  switch(config)#dhcp-relay
-  switch(config)#dhcp-smart-relay
-  switch(config)#interface vlan 508
-  switch(config-if-vlan)#description Vlan 508 ST
-  switch(config-if-vlan)#vsx-sync active-gateways
-  switch(config-if-vlan)#ip mtu 9100
-  switch(config-if-vlan)#ip address 10.28.72.2/23
-  switch(config-if-vlan)#active-gateway ip mac 12:01:00:00:01:00
-  switch(config-if-vlan)#active-gateway ip 10.28.72.1
-  switch(config-if-vlan)#ip helper-address 10.28.64.22
-  Switch B:
-  switch#config
-  switch(config)#dhcp-relay
-  switch(config)#dhcp-smart-relay
-  switch(config)#interface vlan 508
-  switch(config-if-vlan)#description Vlan 508 ST
-  switch(config-if-vlan)#vsx-sync active-gateways
-  switch(config-if-vlan)#ip mtu 9100
-  switch(config-if-vlan)#ip address 10.28.72.3/23
-  switch(config-if-vlan)#active-gateway ip mac 12:01:00:00:01:00
-  switch(config-if-vlan)#active-gateway ip 10.28.72.1
-  switch(config-if-vlan)#ip helper-address 10.28.64.22
-  Other scenarios:
-  switch#config
-  switch(config)#dhcp-relay
-  switch(config)#dhcp-smart-relay
-  switch(config)#interface 1/1/1
-  switch(config-if)#ip address 192.168.2.11/24
-  switch(config-if)#ip helper-address 192.168.1.1
-  switch(config-if)#interface 1/1/2
-  switch(config-if)#ip address 192.168.2.12/24
-  switch(config-if)#ip helper-address1 92.168.1.1
-  switch(config-if-vlan)#show dhcp-relay
-  switch(config-if-vlan)#show ip helper-address
-----
-----
-====== DHCP-SERVER ======
-**enabled the DHCPv4 server on VRF primary.**
-  Option1:
-   switch(config)# dhcp-server vrf primary
-   switch(config-dhcp-server)# enable
-  Option2:
-    switch(config)# dhcp-server vrf default
-    switch(config-dhcp-server)# enable
-**Disables the DHCPv4 server on VRF primary.**
-  Option1:
-    switch(config)# dhcp-server vrf primary
-    switch(config-dhcp-server)# disable
-  Option2:
-    switch(config)# dhcp-server vrf default
-    switch(config-dhcp-server)# disable
-**show dhcp-server**
-   show dhcp-server [all-vrfs]
-   show dhcp-server leases {all-vrfs | vrf <VRF-NAME>}
-   show dhcp-server pool <POOL-NAME> [vrf <VRF-NAME>]
-----
-  dhcp-server vrf default
-      pool VLAN_523_10.28.196.0_23
-          range 10.28.196.21 10.28.197.254 prefix-len 23
-          default-router 10.28.196.1
-          dns-server 45.90.28.15 45.90.30.15 8.8.8.8 8.8.4.4
-          lease 00:00:30
-          exit
-      pool VLAN_524_10.28.200.0_23
-          range 10.28.200.21 10.28.201.254 prefix-len 23
-          default-router 10.28.200.1
-          dns-server 45.90.28.15 45.90.30.15 8.8.8.8 8.8.4.4
-          lease 00:00:30
-          exit
-      pool VLAN_525_10.28.204.0_23
-          range 10.28.204.21 10.28.205.254 prefix-len 23
-          default-router 10.28.204.1
-          dns-server 45.90.28.15 45.90.30.15 8.8.8.8 8.8.4.4
-          lease 00:00:30
-          exit
-    enable
-**When the DHCP-SERVER is local to the 6400 chassis, no relay is required for interfaces that require the service:**
-  interface vlan 523
-      description Vlan 523
-      vsx-sync active-gateways
-      ip mtu 9100
-      ip address 10.28.196.2/23
-      active-gateway ip mac 12:01:00:00:01:00
-      active-gateway ip 10.28.196.1
-  interface vlan 524
-      description Vlan 524
-      vsx-sync active-gateways
-      ip mtu 9100
-      ip address 10.28.200.2/23
-      active-gateway ip mac 12:01:00:00:01:00
-      active-gateway ip 10.28.200.1
-  interface vlan 525
-      description Vlan 525
-      vsx-sync active-gateways
-      ip mtu 9100
-      ip address 10.28.204.2/23
-      active-gateway ip mac 12:01:00:00:01:00
-      active-gateway ip 10.28.204.1
-----
-----
-**Switch 8360-2**
-----
--2#conf
--2#hotname 8360-2
--2#int mgmt
--2#ip static 10.1.1.11/24
--2#no shut
--2#end
--2#wr mem
--2#int lag 256
--2#no shut
--2#description ISL Link
--2#no routing
--2#vlan trunk native 1
--2#vlan trunk allowed all
--2#lacp mode active
--2#exit
-  //over QSFP28 DAC X 2 //
--2#interface 1/1/25
--2#no shut
--2#mtu 9198
--2#description ISL port 1
--2#lag 256
--2#interface 1/1/26
--2#no shut
--2#mtu 9198
--2#description ISL port 2
--2#lag 256
--2#exit
--2#wr mem
--2#sh interface lag 256
--2#sh lacp interfaces
-  //over SFP+ DAC//
--2#config t
--2#vrf keepAlive
--2#exit
--2#interface 1/1/24
--2#no shut
--2#vrf attach keepAlive
--2#routing
--2#ip address 192.168.99.2/30
--2#end
--2#wr mem
-  //test//
--2#ping 192.168.99.1 vrf keepAlive
--2#config
--2#vsx
--2#inter-switch-link lag 256
--2#role secondary
--2#end
--2#wr mem
--2#sh vsx status
--2#sh run | begin vsx
--2#sh vsx brief
--2#conf
--2#vsx
--2#keepalive peer 192.168.99.1 source 192.168.99.2 vrf keepAlive
--2#end
--2#wr mem
--2#sh vsx brief
--2#sh vsx status keepAlive
--2#sh run | beg vsx
--2#vlan 10,20
--2#vsx-sync
--2#exit
--2#wr mem
--2#sh vlan
-  //Lag multi-chassis//
--2#conf
--2#interface lag 1 multi-chassis
--2#no shut
--2#exit
--2#interface 1/1/1
--2#no shut
--2#mtu 9100
--2#description LAG1 Port
--2#lag 1
--2#end
--2#wr mem
--2#sh run int lag 1
-  //VLAN 10 - VIP - 10.1.10.1//
-  //VLAN 20 - VIP - 10.1.20.1//
--2#conf
--2#interface vlan 10
--2#ip mtu 9100
--2#ip address 10.1.10.3/24
--2#no shut
--2#exit
--2#interface vlan 20
--2#ip mtu 9100
--2#ip address 10.1.20.3/24
--2#no shut
--2#exit
--2#end
--2#wr mem
--2#sh run int vlan 10
--2#sh vsx status
--2#sh vsx brief
-**Enabling or disabling IGMP snooping**
-  switch(config)# vlan 2
-  switch(config-vlan)# ip igmp snooping enable
-  switch(config-vlan)# ip igmp snooping version 2
-**Enabling or disabling IGMP**
-  switch(config)# interface vlan 2
-  switch(config-if-vlan)# ip igmp enable
-**ip igmp querier**
-  switch(config)# vlan 2
-  switch(config)# interface vlan 2
-  switch(config-if-vlan)# ip igmp enable
-  switch(config-if-vlan)# ip igmp querier
-----
-**VSF**
-----
-----
-**Switch 6200-1**
-----
--1#conf
--1#hotname 6200-1
--1#int mgmt
--1#ip static 10.1.1.21/24
--1#no shut
--1#end
--1#wr mem
--1#conf
--1#vsf member 1
--1#link 1 1/1/27
--1#link 2 1/1/28
--1#exit
--1#vsf secondary-member 2
-  this will save the configuration and reboot the specified switch.
-  Do you want to continue (y/n)? y
--1#end
--1#wr mem
--1#conf
--1#vlan 10,20
--1#no shut
--1#exit
--1#interface lag 1
--1#loop-protect
--1#description IDF 1
--1#no shut
--1#vlan trunk allowed 10,20
--1#lacp
--1#lacp mode active
--1#exit
--1#interface 1/1/25,2/1/25
--1#no shut
--1#mtu 9100
--1#lag 1
--1#exit
--1#int 1/1/1
--1#no shut
--1#vlan access 10
--1#end
--1#wr mem
-  //SFP+ DAC (ARUBAOS)//
--1#sh lacp interfaces multi-chassis
--1#
--1# show lacp interfaces
-  State abbreviations :
-  A - Active        P - Passive      F - Aggregable I - Individual
-  S - Short-timeout L - Long-timeout N - InSync     O - OutofSync
-  C - Collecting    D - Distributing
-  X - State m/c expired              E - Default neighbor state
-  Actor details of all interfaces:
-  ----------------------------------------------------------------------------------
-  Intf       Aggr       Port  Port  State   System-ID         System Aggr Forwarding
-             Name       Id    Pri                             Pri    Key  State
-  ----------------------------------------------------------------------------------
-/1/52     lag1       53    1     ALFNCD  4c:d5:87:19:1f:00 65534  1    up
-/1/28     lag1       93    1     ALFNCD  4c:d5:87:19:1f:00 65534  1    up
-  Partner details of all interfaces:
-  ----------------------------------------------------------------------------------
-  Intf       Aggr       Port  Port  State   System-ID         System Aggr
-             Name       Id    Pri                             Pri    Key
-  ----------------------------------------------------------------------------------
-/1/52     lag1       129   1     ALFNCD  02:01:00:00:01:00 65534  1
-/1/28     lag1       1129  1     ALFNCD  02:01:00:00:01:00 65534  1
-----
-**Switch 6200-2**
-----
--2#conf
--2#hotname 6200-2
--2#int mgmt
--2#ip static 10.1.1.22/24
--2#no shut
--2#end
--2#wr mem
--2#conf
--2#vsf member 1
--2#link 1 1/1/27
--2#link 2 1/1/28
--2#end
--2#conf
--2#vsf renumber-to 2
-  this will save the VSF configuration and reboot the switch.
-  Do you want to continue (y/n)? y
--2#end
--2#wr mem
-----
-**Verification setting**
-----
--1#sh vsf
--1#sh vsf link
--1#sh vsf topology
--1#
--1#
--1# show vsf
-  Force Autojoin             : Disabled
-  Autojoin Eligibility Status: Not Eligible
-  MAC Address                : 4c:d5:87:19:1f:00
-  Secondary                  : 2
-  Topology                   : Ring
-  Status                     : No Split
-  Split Detection Method     : None
-  Mbr Mac Address         type           Status
-  ID
-  --- ------------------- -------------- ---------------
-   4c:d5:87:19:1f:00   JL659A         Conductor
-   9c:37:08:06:c1:00   JL658A         Standby
--1# show vsf link
-  VSF Member 1
-       Link       Peer    Peer
-  Link State      Member  Link   Interfaces
-  ---- ---------- ------- ------ ---------------------------
-    up         2       1      1/1/49
-    up         2       2      1/1/50
-  VSF Member 2
-       Link       Peer    Peer
-  Link State      Member  Link   Interfaces
-  ---- ---------- ------- ------ ---------------------------
-    up         1       1      2/1/25
-    up         1       2      2/1/26
--1# sh vsf topology
-   Conductor    Standby
-   +-------+    +-------+
-   |   1   |1==1|   2   |
-   +-------+    +-------+
-            2
-       +============+
--1# show vlan 1
-  ------------------------------------------------------------------------------------------------------------------
-  VLAN  Name                              Status  Reason                  Type        Interfaces
-  ------------------------------------------------------------------------------------------------------------------
-     DEFAULT_VLAN_1                    up      ok                      default     1/1/1-1/1/48,1/1/51-1/1/52,
-/1/1-2/1/24,2/1/27-2/1/28
-----
-----
-====== VSF best practices for Aruba CX 6300 switch series ======
-{{ :aruba_networks:switch:6400:aos-cx_vsf_best_practices.pdf |VSF best practices for Aruba CX 6300 switch series.}}
-{{pdfjs 46em >:aruba_networks:switch:6400:aos-cx_vsf_best_practices.pdf}}
-----
-----
-**[[https://www.arubanetworks.com/techdocs/AOS-CX/10.07/HTML/5200-7834/Content/Rem_AAA_cmds/rem-aaa-tac-rad-com.htm|Remote AAA (TACACS+, RADIUS) commands]]**
-----
-----
-**[[https://www.arubanetworks.com/techdocs/AOS-S/16.11/ASG/YC/content/common%20files/swi-ssh-use-pas-aut.htm|Switch SSH and user password authentication]]**
-This option is a subset of full certificate authentication of the client public-key authentication shown in Client public-key authentication (login/operator level) with user password authentication (enable/manager level). It occurs if the switch has SSH enabled but does not have login access (login public-key) configured to authenticate the client’s key. As in Client public-key authentication (login/operator level) with user password authentication (enable/manager level), the switch authenticates itself to SSH clients. Users on SSH browser then authenticate themselves to the switch (login and/or enable levels) by providing passwords stored locally on the switch or on a TACACS+ or RADIUS server. However, the client does not use a certificate to authenticate itself to the switch.
-{{ :aruba_networks:switch:6400:figure_8-2_hpe_604x141.png?400 |}}
-----
-----
-How do I disable VSF on 2930F switch?
-  vsf disable
-  vsf member <MEMBER-ID> remove
-----
-----
-----
-----
-**Switch 6300 example code**
-  Current configuration:
-  !
-  !Version ArubaOS-CX FL.10.10.1070
-  !export-password: default
-  banner motd !
-  This computing system is a St. Francis School owned asset and provided for the exclusive use of authorized personnel for technical purposes.
-  All information and data created, accessed, processed, or stored using this system (including personal information) are subject to monitoring, auditing, or review to the extent permitted by applicable law.
-  Unauthorized use or abuse of this system may lead to corrective action including termination of employment, civil and/or criminal penalties.
-  !
-  banner exec !
-  This computing system is a St. Francis School owned asset and provided for the exclusive use of authorized personnel for technical purposes.
-  All information and data created, accessed, processed, or stored using this system (including personal information) are subject to monitoring, auditing, or review to the extent permitted by applicable law.
-  Unauthorized use or abuse of this system may lead to corrective action including termination of employment, civil and/or criminal penalties.
-  !
-  user admin group administrators password ciphertext AQBapbpjjaGqvjsW372p3ay3Qy23SBZqdgORp3dt7dBgFq/1YgAAAMc5kaYk7mkg7Vw8JspGEjAgaZvfqEr6pPrZMnc2dep+NGGyPq++9HpItww7f7x1I3uokFIt9r3PtFwtCF3XBbV6kb06gEyo3VKlGS7NwJ7eHEOFBNaq3wGonPHYpdwKwXi6
-  user manager group administrators password ciphertext AQBapYDzadb2pSm6IB5urLSMywx+5PxeWV7VEeQ6EnfoGzqGYgAAAOd/Z2sSXnAf4Jy2+Zt3+rxRY3FlmEekAQnJhGpPdr3gTXSCgJTlv0ukI/P7YjjGjnPCLkKyzveFWMVcju0KitYBN/7AcfGkg+FZE9sWVrUiedsi2w0p3x/W88gwl9TxP/dx
-  loop-protect re-enable-timer 30
-  loop-protect trap loop-detected
-  ntp server pool.ntp.org minpoll 4 maxpoll 4 iburst
-  ntp server time.google.com
-  ntp enable
-  !
-  !
-  !
-  !
-  !
-  !
-  ssh server vrf default
-  ssh server vrf mgmt
-  vsf secondary-member 2
-  vsf member 1
-      type jl658a
-      link 1 1/1/25
-      link 2 1/1/26
-  vsf member 2
-      type jl658a
-      link 1 2/1/25
-      link 2 2/1/26
-  vlan 1
-      ip igmp snooping enable
-  vlan 500
-      name ServerVM
-      ip igmp snooping enable
-  vlan 501
-      name ServerStack
-      ip igmp snooping enable
-  vlan 502
-      name ISP1
-      ip igmp snooping enable
-  vlan 503
-      name ISP2
-      ip igmp snooping enable
-  vlan 504
-      name ISP3
-      ip igmp snooping enable
-  vlan 505
-      name LAN-UTM
-      ip igmp snooping enable
-  vlan 506
-      name WIFI-AP
-      ip igmp snooping enable
-  vlan 507
-      name VIP
-      ip igmp snooping enable
-  vlan 508
-      name ST
-      ip igmp snooping enable
-  vlan 509
-      name Staff
-      ip igmp snooping enable
-  vlan 510
-      name Teacher
-      ip igmp snooping enable
-  vlan 511
-      name Students
-      ip igmp snooping enable
-  vlan 512
-      name Accounting
-      ip igmp snooping enable
-  vlan 513
-      name Printer
-      ip igmp snooping enable
-  vlan 514
-      name AC
-      ip igmp snooping enable
-  vlan 515
-      name iDRAC
-      ip igmp snooping enable
-  vlan 516
-      name KVM
-      ip igmp snooping enable
-  vlan 517
-      name Guest
-      ip igmp snooping enable
-  vlan 518
-      name VoIP
-      ip igmp snooping enable
-  vlan 519
-      name IoT
-      ip igmp snooping enable
-  vlan 520
-      name Cameras
-      ip igmp snooping enable
-  vlan 521
-      name VC
-      ip igmp snooping enable
-  vlan 522
-      name VPN
-      ip igmp snooping enable
-  vlan 523
-      ip igmp snooping enable
-  vlan 524
-      ip igmp snooping enable
-  vlan 525
-      ip igmp snooping enable
-  spanning-tree mode rpvst
-  no spanning-tree
-  spanning-tree priority 5
-  spanning-tree vlan 1,500-525
-  spanning-tree vlan 1 priority 5
-  spanning-tree vlan 500 priority 5
-  spanning-tree vlan 501 priority 5
-  spanning-tree vlan 502 priority 5
-  spanning-tree vlan 503 priority 5
-  spanning-tree vlan 504 priority 5
-  spanning-tree vlan 505 priority 5
-  spanning-tree vlan 506 priority 5
-  spanning-tree vlan 507 priority 5
-  spanning-tree vlan 508 priority 5
-  spanning-tree vlan 509 priority 5
-  spanning-tree vlan 510 priority 5
-  spanning-tree vlan 511 priority 5
-  spanning-tree vlan 512 priority 5
-  spanning-tree vlan 513 priority 5
-  spanning-tree vlan 514 priority 5
-  spanning-tree vlan 515 priority 5
-  spanning-tree vlan 516 priority 5
-  spanning-tree vlan 517 priority 5
-  spanning-tree vlan 518 priority 5
-  spanning-tree vlan 519 priority 5
-  spanning-tree vlan 520 priority 5
-  spanning-tree vlan 521 priority 5
-  spanning-tree vlan 522 priority 5
-  spanning-tree vlan 523 priority 5
-  spanning-tree vlan 524 priority 5
-  spanning-tree vlan 525 priority 5
-  interface mgmt
-      no shutdown
-      ip static 192.168.150.23/23
-  interface lag 1
-      description Access LAG-1 to MDF-1 - 6400 IP: 172.16.28.1
-      no shutdown
-      no routing
-      vlan trunk native 1
-      vlan trunk allowed all
-      lacp mode active
-      loop-protect
-  interface 1/1/1
-      no shutdown
-      no routing
-      vlan access 1
-  interface 1/1/2
-      no shutdown
-      no routing
-      vlan access 1
-  interface 1/1/3
-      no shutdown
-      no routing
-      vlan access 1
-  interface 1/1/4
-      no shutdown
-      no routing
-      vlan access 1
-  interface 1/1/5
-      no shutdown
-      no routing
-      vlan access 1
-  interface 1/1/6
-      no shutdown
-      no routing
-      vlan access 1
-  interface 1/1/7
-      no shutdown
-      no routing
-      vlan access 1
-  interface 1/1/8
-      no shutdown
-      no routing
-      vlan access 1
-  interface 1/1/9
-      no shutdown
-      no routing
-      vlan access 1
-  interface 1/1/10
-      no shutdown
-      no routing
-      vlan access 1
-  interface 1/1/11
-      no shutdown
-      no routing
-      vlan access 1
-  interface 1/1/12
-      no shutdown
-      no routing
-      vlan access 1
-  interface 1/1/13
-      no shutdown
-      no routing
-      vlan access 1
-  interface 1/1/14
-      no shutdown
-      no routing
-      vlan access 1
-  interface 1/1/15
-      no shutdown
-      no routing
-      vlan access 1
-  interface 1/1/16
-      no shutdown
-      no routing
-      vlan access 1
-  interface 1/1/17
-      no shutdown
-      no routing
-      vlan access 1
-  interface 1/1/18
-      no shutdown
-      no routing
-      vlan access 1
-  interface 1/1/19
-      no shutdown
-      no routing
-      vlan access 1
-  interface 1/1/20
-      no shutdown
-      no routing
-      vlan access 1
-  interface 1/1/21
-      no shutdown
-      no routing
-      vlan access 1
-  interface 1/1/22
-      no shutdown
-      no routing
-      vlan access 1
-  interface 1/1/23
-      no shutdown
-      no routing
-      vlan access 1
-  interface 1/1/24
-      no shutdown
-      no routing
-      vlan access 1
-  interface 1/1/25
-      no shutdown
-  interface 1/1/26
-      no shutdown
-  interface 1/1/27
-      no shutdown
-      no routing
-      vlan access 1
-  interface 1/1/28
-      description Access LAG-1 to MDF-1 - 6400 IP: 172.16.28.1
-      no shutdown
-      mtu 9100
-      lag 1
-  interface 2/1/1
-      no shutdown
-      no routing
-      vlan access 1
-  interface 2/1/2
-      no shutdown
-      no routing
-      vlan access 1
-  interface 2/1/3
-      no shutdown
-      no routing
-      vlan access 1
-  interface 2/1/4
-      no shutdown
-      no routing
-      vlan access 1
-  interface 2/1/5
-      no shutdown
-      no routing
-      vlan access 1
-  interface 2/1/6
-      no shutdown
-      no routing
-      vlan access 1
-  interface 2/1/7
-      no shutdown
-      no routing
-      vlan access 1
-  interface 2/1/8
-      no shutdown
-      no routing
-      vlan access 1
-  interface 2/1/9
-      no shutdown
-      no routing
-      vlan access 1
-  interface 2/1/10
-      no shutdown
-      no routing
-      vlan access 1
-  interface 2/1/11
-      no shutdown
-      no routing
-      vlan access 1
-  interface 2/1/12
-      no shutdown
-      no routing
-      vlan access 1
-  interface 2/1/13
-      no shutdown
-      no routing
-      vlan access 1
-  interface 2/1/14
-      no shutdown
-      no routing
-      vlan access 1
-  interface 2/1/15
-      no shutdown
-      no routing
-      vlan access 1
-  interface 2/1/16
-      no shutdown
-      no routing
-      vlan access 1
-  interface 2/1/17
-      no shutdown
-      no routing
-      vlan access 1
-  interface 2/1/18
-      no shutdown
-      no routing
-      vlan access 1
-  interface 2/1/19
-      no shutdown
-      no routing
-      vlan access 1
-  interface 2/1/20
-      no shutdown
-      no routing
-      vlan access 1
-  interface 2/1/21
-      no shutdown
-      no routing
-      vlan access 1
-  interface 2/1/22
-      no shutdown
-      no routing
-      vlan access 1
-  interface 2/1/23
-      no shutdown
-      no routing
-      vlan access 1
-  interface 2/1/24
-      no shutdown
-      no routing
-      vlan access 1
-  interface 2/1/25
-      no shutdown
-  interface 2/1/26
-      no shutdown
-  interface 2/1/27
-      no shutdown
-      no routing
-      vlan access 1
-  interface 2/1/28
-      description Access LAG-1 to MDF-1 - 6400 IP: 172.16.28.1
-      no shutdown
-      mtu 9100
-      lag 1
-  interface vlan 1
-      ip address 172.16.28.21/23
-      no ip dhcp
-  ip route 0.0.0.0/0 172.16.28.1
-  !
-  !
-  !
-  !
-  !
-  https-server vrf default
-  https-server vrf mgmt
-----
-----
-{{ :aruba_networks:switch:aos-cx_simulator_lab_-_ipv4_dhcp_lab_guide.pdf |}}
-{{pdfjs 46em >:aruba_networks:switch:aos-cx_simulator_lab_-_ipv4_dhcp_lab_guide.pdf}}
-----
-----
-**[[networking:private_ip_address_ranges|Private IP Address Ranges]]**
-----
-----
-[[https://lite.ip2location.com/united-states-of-america-ip-address-ranges?lang=es|United States of America rangos de direcciones IP]]
-[[https://www.lookip.net/|Lookup IP Tools]]
-----
-----
-**[[networking:small_form_factor_pluggable_sfp_p|Small Form-factor Pluggable]]**
-----
-----
-**[[https://community.fs.com/article/qinq-vs-vlan-vs-vxlan.html|QinQ vs VLAN vs VXLAN: A Comprehensive Introduction of Switch Functions]]**
-----
-----
-**[[https://www.juniper.net/mx/es/research-topics/what-is-evpn-vxlan.html|¿What is EVPN-VXLAN?]]**
-----
-----
-**Redundancy with opnsense UTM**
-{{ :aruba_networks:switch:opnsense.png?600 |}}
-----
-----
-**[[networking:eir-pir-mbs-cir-cbs|EIR-PIR-MBS-CIR-CBS]]**
-----
-----
-**[[networking:shannon_theorem|Shannon's theorem]]**
-----
-----
-**[[cybersecurity:ztna|¿How Does ZTNA Work?]]**
-----
-----
-**[[dell:switch:dell_emc_switch_n3048p|Dell EMC Networking N-Series N1100-ON, N1500, N2000, N2100-ON, N3000, N3000-ON, N3100-ON, and N4000 Switches CLI Reference Guide]]**
-----
-----
-====== show inventory ======
-[[https://www.arubanetworks.com/techdocs/CLI-Bank/Content/aos8/sh-inventory.htm|show inventory]]
-#show inventory
-**Description:** This command displays the hardware inventory of Mobility Conductor or the managed device.
-**Example:** Execute this command to display the hardware component inventory of Mobility Conductor.
-(host) [mynode] #show inventory
-  Mgmt Port HW MAC Addr           : 00:0C:29:71:10:0B
-  HW MAC Addr                     : 00:0C:29:71:10:15
-  System Serial#                  : DC0604083
-  Activate license                : Not applicable
-  Supported device type           : MM
-  Active device type              : MM
-**(host-md) #show inventory**
-  Supervisor Card slot            : 0
-  System Serial#                  : BA0009743 (Date:12/26/14)
-  CPU Card Serial#                : AE51038711 (Date:12/25/14)
-  CPU Card Assembly#              : 2010216H
-  CPU Card Revision               : (Rev:01.00)
-  Interface Card Serial#          : AE51031572 (Date:12/25/14)
-  Interface Card Assembly#        : 2010085E
-  Interface Card Revision         : (Rev:04.00)
-  SC Model#                       : Aruba7210
-  HW MAC Addr                     : 00:1a:1e:01:b2:28 to 00:1a:1e:01:b2:2f
-  CPLD Version                    : (Rev: 1.4)
-  Power Supply 0                  : Present               : No
-  Power Supply 1                  : Present               : Yes
-  : 12V OK                : Yes
-  : Fan OK                : Yes
-  : Aruba Model No        : 2510057
-  : Vendor & Model No     : QCS DCJ3501-01P
-  : Serial No             : QCS142320YU
-  : MFG Date              : 6/5/14
-  : Output 1 Config       : 12V 350W
-  : Input Min             : 90V AC
-  : Input Max             : 264V AC
-  Main Board Temperatures         :
-  : U24 - Local Temp      30 C (shadow of XLP heatsink)
-  : Q1  - Remote 1 Temp   34 C (shadow of VRM, VDD_CPU)
-  : Q2  - Remote 2 Temp   33 C (shadow of VRM, VDD_SOC)
-  : U44 - Local Temp      25 C (shadow of DPI connector)
-  : U29  - Remote 1 Temp  31 C (XLP die temperature)
-  : Q36  - Remote 2 Temp  28 C (shadow of 98X1422)
-  : J2  - DDR A Temp      24 C (DDR3 A temp)
-  : J4  - DDR B Temp      26 C (DDR3 B temp)
-  : J1  - DDR C Temp      25 C (DDR3 C temp)
-  : J3  - DDR D Temp      27 C (DDR3 D temp)
-  : Port 0 Temp           148 C (1G PHY temp)
-  : Port 1 Temp           148 C (1G PHY temp)
-  Interface Board Temperatures    :
-  : U21 - Local Temp      27 C (shadow of port 1 RJ45)
-  : Q4 - Remote 1 Temp    28 C (shadow of 88E1543)
-  : Q3 - Remote 2 Temp    34 C (shadow of 88X2140)
-  Fan  0                          : 8916 rpm (5.495 V),Speed Low
-  Fan  1                          : 9029 rpm (5.495 V),Speed Low
-  Fan  2                          : 9029 rpm (5.450 V),Speed Low
-  Fan  3                          : 8998 rpm (5.630 V),Speed Low
-  Main Board Voltages             :
-  ispPAC_POWR1014A_A              :
-  : 1V2                  1.20V sense 1.232 V
-  : VDD SOC              0.937V sense 0.918 V
-  : VCC IOBD 1V5         1.50V sense 1.528 V
-  : DDR3BD_VTT           0.75V sense 0.750 V
-  : VCC 1A               1.00V sense 1.024 V
-  : IV8_DIGITAL          1.80V sense 1.848 V
-  : 3V3_MAIN             3.30V sense 3.366 V
-  : VCC1                 1.00V sense 1.018 V
-  : VCC25                2.50V sense 2.556 V
-  : 3V3 SB               3.30V sense 3.360 V
-  ispPAC_POWR1014A_B              :
-  : VDD                  0.806V sense 0.786 V
-  : VCC IOAC 1V5         1.50V sense 1.528 V
-  : DDR3AC_VTT           0.75V sense 0.752 V
-  : VDD_SRAM             1.00V sense 1.042 V
-  : VCC1B                1.00V sense 1.030 V
-  : 1V8_ANALOG           1.80V sense 1.854 V
-  : 1V8                  1.80V sense 1.866 V
-  : VDDIO12_XAUI         1.20V sense 1.224 V
-  : 5V                   5.00V sense 5.016 V
-  Interface Board Voltages        :
-  ispPAC_POWR6AT6                 :
-  : VCC33                3.30V sense 3.366 V
-  : VCC 18               1.80V sense 1.856 V
-  : VCC1                 1.00V sense 1.026 V
-  : VCC12                1.20V sense 1.224 V
-  : VCC12-DVDD           1.20V sense 1.212 V
-  : VCC9                 0.90V sense 0.928 V
-----
-----
-====== show system ======
-# show system
-  Hostname           : 6300
-  System Description : FL.10.10.1070
-  System Contact     :
-  System Location    :
-  Vendor             : Aruba
-  Product Name       : JL659A 6300M 48SR5 CL6 PoE 4SFP56 Swch
-  Chassis Serial Nbr : SG30KMY0ZP
-  Base MAC Address   : 4cd587-191f00
-  ArubaOS-CX Version : FL.10.10.1070
-  Time Zone          : UTC
-  Up Time            : 5 days, 7 hours, 59 minutes
-  CPU Util (%)       : 22
-  Memory Usage (%)   : 25
-#
-----
-----
-====== 6300 Switch LAG errror:  State information : Disabled by aggregation ======
-**State information : Disabled by LACP or LAG**
--SWITCH# show lag 1
-  System-ID       : ec:67:94:f5:69:00
-  System-priority : 65534
-  Aggregate lag1 is down
-  Admin state is up
-  State information : Disabled by LACP or LAG
-  Description : Access VSX LAG-1 to IDF-1 - 6300-24-PORT-SFP+ - IP: 172.16.28.21
-  Type                        : multi-chassis
-  Lacp Fallback               : Disabled
-  MAC Address                 : 02:01:00:00:01:00
-  Aggregated-interfaces       : 1/3/1
-  Aggregation-key             : 1
-  Aggregate mode              : active
-  Hash                        : l3-src-dst
-  LACP rate                   : slow
-  Speed                       : 0 Mb/s
-  Mode                        : trunk
-  Aggregate lag1 is down
-  Admin state is up
-  State information : Disabled by aggregation
-  Description :
-  MAC Address                 : bc:d7:a5:6a:e8:00
-  Aggregated-interfaces       : 1/1/1 1/1/2
-  Aggregation-key             : 1
-  Aggregate mode              : active
-  Speed                       : 0 Mb/s
-  qos trust dscp
-  VLAN Mode: native-untagged
-  Native VLAN: 1
-  Allowed VLAN List: all
-  L3 Counters: Rx Disabled, Tx Disabled
-  Note:  Usually when we see lacp_block on an interface in a LAG group, it is because the interface isn't receiving
-  LACP BPDUs from the link partner.  The reason could be the peer switch is not configured with LACP mode or BPDUs
-  are getting dropped due to link specific issues.  If it is the case where the link partner isn't sending LACP
-  BPDUs, a static LAG group assignment of ports should work and probably worth trying.
-**Some commands for support:**
-  - **show interface brief**
-  - **show lag brief**
-  - **show lacp interfaces**
-  - **show lacp aggregates**
-  - **show lacp interface 1/1/3**
-  - **show lacp interface 1/1/4**
-  - **show lldp neighbor-info**
-(config-lag-if)#  show lldp neighbor-info
-  LLDP Neighbor Information
-  =========================
-  Total Neighbor Entries          : 2
-  Total Neighbor Entries Deleted  : 3
-  Total Neighbor Entries Dropped  : 0
-  Total Neighbor Entries Aged-Out : 3
-  LOCAL-PORT  CHASSIS-ID         PORT-ID                      PORT-DESC                    TTL      SYS-NAME
-  -----------------------------------------------------------------------------------------------------------
-/1/28      ec:67:94:f5:69:00  1/3/1                        Access VSX LAG-1 to IDF-...  120      CS-2P-MDFHA-A
-/1/28      ec:67:94:f5:89:00  1/3/1                        Access VSX LAG-1 to IDF-...  120      CS-2P-MDFHA-B
-----
-----
-**BGP**
-{{ :aruba_networks:switch:6400:bgp-duplicate-as-number4.png?400 |}}
-To prevent the above from happening, IANA is in control of the AS numbers (similar to public IP addresses). If you want an AS number for the Internet then you’ll have to request one. They started with 16-bit AS numbers (also called 2-octet AS numbers) that were assigned like this:
-  * **0**: reserved.
-  * **1-64.495**: public AS numbers.
-  * **64.496 – 64.511** – reserved to use in documentation.
-  * **64.512 – 65.534** – private AS numbers.
-  * **65.535** – reserved.
-**OSPF**
-**[[https://arubanetworking.hpe.com/techdocs/AOS-CX/10.15/HTML/ip_route_6300-6400-8100-83xx-9300-10000/Content/Chp_OSPFv2/OSPFv2_cmds/red-osp-10.htm|Redistribute (ospf)]]**
-----
-{{ :aruba_networks:switch:6400:ospf_final.png?600 |}}
-----
-================
-**SIDE-A 6400-A**
-================
-  Example set vlan L2 to both SW 6400 A and B:
-  vlan 508
-      name ST
-      vsx-sync
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup1
-  vsx
-      system-mac 02:01:00:00:01:00
-      inter-switch-link lag 256
-      role primary
-      keepalive peer 192.168.100.2 source 192.168.100.1 vrf keepAlive
-      vsx-sync aaa acl-log-timer bfd-global bgp copp-policy dhcp-relay dhcp-server dns icmp-tcp lldp loop-protect-
-  global mac-lockout mclag-interfaces ospf qos-global route-map sflow-global snmp ssh stp-global time vsx-global
-  ip route 0.0.0.0/0 172.16.32.4
-  router ospf 1
-      router-id 172.22.0.1
-      max-metric router-lsa on-startup
-      passive-interface default
-      graceful-restart restart-interval 300
-      trap-enable
-      area 0.0.0.0
-  interface loopback 0
-      ip address 172.22.0.1/32
-      ip ospf 1 area 0.0.0.0
-  vlan 531
-      name NORTH-OSPF
-      vsx-sync
-      description TRANSIT VLAN
-  interface vlan 508
-      description Vlan 508 ST
-      vsx-sync active-gateways
-      ip mtu 9100
-      ip address 10.28.72.2/23
-      active-gateway ip mac 12:01:00:00:01:00
-      active-gateway ip 10.28.72.1
-      ip helper-address 10.28.64.22
-      ip ospf 1 area 0.0.0.0
-  interface vlan 514
-      description Vlan 514 AC
-      vsx-sync active-gateways
-      ip mtu 9100
-      ip address 172.16.40.2/23
-      active-gateway ip mac 12:01:00:00:01:00
-      active-gateway ip 172.16.40.1
-      ip ospf 1 area 0.0.0.0
-  interface vlan 530
-      description Vlan 530
-      vsx-sync active-gateways
-      ip mtu 9100
-      ip address 10.28.216.2/23
-      active-gateway ip mac 12:01:00:00:01:00
-      active-gateway ip 10.28.216.1
-      ip ospf 1 area 0.0.0.0
-  interface vlan 531
-      description TRANSIT VLAN
-      vsx active-forwarding
-      ip address 172.18.0.5/30
-      ip ospf 1 area 0.0.0.0
-      no ip ospf passive
-      ip ospf cost 50
-      ip ospf network point-to-point
-  interface vlan 1019
-      description Vlan 1019 PtP
-      vsx active-forwarding
-      ip address 172.18.0.1/30
-      ip ospf 1 area 0.0.0.0
-      no ip ospf passive
-      ip ospf cost 10
-      ip ospf network point-to-point
-================
-**SIDE-A 6400-B**
-================
-  vsx
-      system-mac 02:01:00:00:01:00
-      inter-switch-link lag 256
-      role secondary
-      keepalive peer 192.168.100.1 source 192.168.100.2 vrf keepAlive
-      vsx-sync aaa acl-log-timer bfd-global bgp copp-policy dhcp-relay dhcp-server dns icmp-tcp lldp loop-protect-
-  global mac-lockout mclag-interfaces ospf qos-global route-map sflow-global snmp ssh stp-global time vsx-global
-  ip route 0.0.0.0/0 172.16.32.4
-   router ospf 1
-      router-id 172.22.0.2
-      max-metric router-lsa on-startup
-      passive-interface default
-      graceful-restart restart-interval 300
-      trap-enable
-      area 0.0.0.0
-  interface loopback 0
-      ip address 172.22.0.2/32
-      ip ospf 1 area 0.0.0.0
-  vlan 531
-      name NORTH-OSPF
-      vsx-sync
-      description TRANSIT VLAN
-  interface vlan 508
-      description Vlan 508 ST
-      vsx-sync active-gateways
-      ip mtu 9100
-      ip address 10.28.72.3/23
-      active-gateway ip mac 12:01:00:00:01:00
-      active-gateway ip 10.28.72.1
-      ip helper-address 10.28.64.22
-      ip ospf 1 area 0.0.0.0
-  interface vlan 514
-      description Vlan 514 AC
-      vsx-sync active-gateways
-      ip mtu 9100
-      ip address 172.16.40.3/23
-      active-gateway ip mac 12:01:00:00:01:00
-      active-gateway ip 172.16.40.1
-      ip ospf 1 area 0.0.0.0
-  interface vlan 530
-      description Vlan 530
-      vsx-sync active-gateways
-      ip mtu 9100
-      ip address 10.28.216.3/23
-      active-gateway ip mac 12:01:00:00:01:00
-      active-gateway ip 10.28.216.1
-      ip ospf 1 area 0.0.0.0
-  interface vlan 531
-      description TRANSIT VLAN
-      vsx active-forwarding
-      ip address 172.18.0.6/30
-      ip ospf 1 area 0.0.0.0
-      no ip ospf passive
-      ip ospf cost 50
-      ip ospf network point-to-point
-  interface vlan 1019
-      description Vlan 1019 PtP
-      vsx active-forwarding
-      ip address 172.18.0.14/30
-      ip ospf 1 area 0.0.0.0
-      no ip ospf passive
-      ip ospf cost 10
-================
-**SIDE-B 6400-A**
-================
-  Example set vlan L2 to both SW 6400 A and B:
-  vlan 708
-      name ST
-      vsx-sync
-      ip igmp snooping enable
-      ip igmp snooping version 2
-      ip igmp snooping apply access-list mygroup1
-  vsx
-      system-mac 02:01:00:00:02:00
-      inter-switch-link lag 256
-      role primary
-      keepalive peer 192.168.102.2 source 192.168.102.1 vrf keepAlive
-      vsx-sync aaa acl-log-timer bfd-global bgp copp-policy dhcp-relay dhcp-server dns icmp-tcp lldp loop-protect-
-  global mac-lockout mclag-interfaces ospf qos-global route-map sflow-global snmp ssh stp-global time vsx-global
-  ip route 0.0.0.0/0 172.20.32.4
-  router ospf 1
-      router-id 172.22.0.3
-      max-metric router-lsa on-startup
-      passive-interface default
-      graceful-restart restart-interval 300
-      trap-enable
-      area 0.0.0.0
-  vlan 731
-      name SOUTH-OSPF
-      vsx-sync
-      description TRANSIT VLAN
-  interface loopback 0
-      ip address 172.22.0.3/32
-      ip ospf 1 area 0.0.0.0
-  interface vlan 708
-      description Vlan 708 ST
-      vsx-sync active-gateways
-      ip mtu 9100
-      ip address 10.56.72.2/23
-      active-gateway ip mac 12:01:00:00:01:00
-      active-gateway ip 10.56.72.1
-      ip helper-address 10.56.64.22
-      ip ospf 1 area 0.0.0.0
-  interface vlan 714
-      description Vlan 714 AC
-      vsx-sync active-gateways
-      ip mtu 9100
-      ip address 172.20.40.2/23
-      active-gateway ip mac 12:01:00:00:01:00
-      active-gateway ip 172.20.40.1
-      ip helper-address 10.56.64.22
-      ip ospf 1 area 0.0.0.0
-  interface vlan 730
-      description VLAN 730 9K
-      vsx-sync active-gateways
-      ip mtu 9100
-      ip address 10.56.216.2/23
-      active-gateway ip mac 12:01:00:00:01:00
-      active-gateway ip 10.56.216.1
-      ip ospf 1 area 0.0.0.0
-  interface vlan 731
-      description TRANSIT VLAN
-      vsx active-forwarding
-      ip address 172.18.0.9/30
-      ip ospf 1 area 0.0.0.0
-      no ip ospf passive
-      ip ospf cost 50
-      ip ospf network point-to-point
-  interface vlan 1019
-      description Vlan 1019 PtP
-      vsx active-forwarding
-      ip address 172.18.0.2/30
-      ip ospf 1 area 0.0.0.0
-      no ip ospf passive
-      ip ospf cost 10
-      ip ospf network point-to-point
-================
-**SIDE-B 6400-B**
-================
-  vsx
-      system-mac 02:01:00:00:02:00
-      inter-switch-link lag 256
-      role secondary
-      keepalive peer 192.168.102.1 source 192.168.102.2 vrf keepAlive
-      vsx-sync aaa acl-log-timer bfd-global bgp copp-policy dhcp-relay dhcp-server dns icmp-tcp lldp loop-protect-
-  global mac-lockout mclag-interfaces ospf qos-global route-map sflow-global snmp ssh stp-global time vsx-global
-  ip route 0.0.0.0/0 172.20.32.4
-  vlan 731
-      name SOUTH-OSPF
-      vsx-sync
-      description TRANSIT VLAN
-  router ospf 1
-      router-id 172.22.0.4
-      max-metric router-lsa on-startup
-      passive-interface default
-      graceful-restart restart-interval 300
-      trap-enable
-      area 0.0.0.0
-  interface loopback 0
-      ip address 172.22.0.4/32
-      ip ospf 1 area 0.0.0.0
-  interface vlan 708
-      description Vlan 708 ST
-      vsx-sync active-gateways
-      ip mtu 9100
-      ip address 10.56.72.3/23
-      active-gateway ip mac 12:01:00:00:01:00
-      active-gateway ip 10.56.72.1
-      ip helper-address 10.56.64.22
-      ip ospf 1 area 0.0.0.0
-  interface vlan 714
-      description Vlan 714 AC
-      vsx-sync active-gateways
-      ip mtu 9100
-      ip address 172.20.40.3/23
-      active-gateway ip mac 12:01:00:00:01:00
-      active-gateway ip 172.20.40.1
-      ip helper-address 10.56.64.22
-      ip ospf 1 area 0.0.0.0
-  interface vlan 730
-      description VLAN 730 9K
-      vsx-sync active-gateways
-      ip mtu 9100
-      ip address 10.56.216.3/23
-      active-gateway ip mac 12:01:00:00:01:00
-      active-gateway ip 10.56.216.1
-      ip ospf 1 area 0.0.0.0
-  interface vlan 731
-      description TRANSIT VLAN
-      vsx active-forwarding
-      ip address 172.18.0.10/30
-      ip ospf 1 area 0.0.0.0
-      no ip ospf passive
-      ip ospf cost 50
-      ip ospf network point-to-point
-  interface vlan 1019
-      description Vlan 1019 PtP
-      vsx active-forwarding
-      ip address 172.18.0.13/30
-      ip ospf 1 area 0.0.0.0
-      no ip ospf passive
-      ip ospf cost 10
-      ip ospf network point-to-point
-----
-----
-**OSPF Troubleshooting**
-**{{ :aruba_networks:switch:6400:15be0a8e-5922-47b6-ae26-a7218295f7e8.pdf |OSPF Troubleshooting}}**
-{{pdfjs 46em >:aruba_networks:switch:6400:15be0a8e-5922-47b6-ae26-a7218295f7e8.pdf }}
-{{ youtube>N9dIGVzdjIU }}
-----
-----
-**FEC** on an SFP port refers to **Forward Error Correction (FEC)**, which is a technique used in fiber optic and Ethernet networks to enhance data transmission reliability by detecting and correcting errors without the need for retransmission.
-**FEC (Forward Error Correction)**:
-FEC is a mechanism that adds redundant information to the transmitted data. This redundancy allows the receiving end to detect and correct errors caused by signal degradation or noise during transmission.
-Purpose: FEC is essential for high-speed data links (e.g., 10G, 25G, 40G, 100G Ethernet) to improve link quality and performance.
-Types: Different FEC modes can be used depending on the standard and speed of the connection (e.g., Reed-Solomon FEC).
-  *   **auto**   Enable FEC Auto-Neg
-  *   **cl108**  Enable clause108 with 25G
-  *   **cl74**   Enable clause74 with 25G
-  *   **off**    Turn FEC off, FEC is mandatory for speeds 50G or higher
-----
-----
-**Benefits of FEC on SFP Ports**:
-  * Error Correction: FEC can correct errors due to signal attenuation or interference.
-  * Better Link Performance: Allows for longer cable runs or higher speeds by improving signal integrity.
-  * No Retransmissions: Unlike other error correction methods, FEC works proactively without needing retransmissions, which is important for low-latency environments.
-----
-**Aruba Switch 6400:**
-  CS-2P-MDFHA-A#** show ver**
-  -----------------------------------------------------------------------------
-  ArubaOS-CX
-  (c) Copyright 2017-2024 Hewlett Packard Enterprise Development LP
-  -----------------------------------------------------------------------------
-  Version      : FL.10.13.1010
-  Build Date   : 2024-04-09 00:34:12 UTC
-  Build ID     : ArubaOS-CX:FL.10.13.1010:ef2109377880:202404090010
-  Build SHA    : ef21093778805e954ec130b0939d34927bb7ba19
-  Hot Patches  :
-  Active Image : primary
-  Service OS Version : FL.01.14.0002
-  BIOS Version       : FL.01.0002
-CS-2P-MDFHA-A(config)# **interface 1/3/36**
-**error-control**    Configure the error control (**FEC**) mode
-  CS-2P-MDFHA-A(config-if)# error-control
-    auto        Use the transceiver default
-    base-r-fec  Use IEEE BASE-R (Firecode) FEC
-    none        Do not use any FEC
-    rs-fec      Use IEEE Reed-Solomon FEC
-----
-----
-====== boot system ======
-**Rebooting the system from the configured default operating system image**:
-  switch# boot system
-  Do you want to save the current configuration (y/n)? y
-  The running configuration was saved to the startup configuration.
-  This will reboot the entire switch and render it unavailable
-  until the process is complete.
-  Continue (y/n)? y
-  The system is going down for reboot.
-  The system is going down for reboot.
-**Rebooting the system from the secondary operating system image, setting the secondary operating system image as the configured default boot image:**
-  switch# boot system secondary
-  Default boot image set to secondary.
-  Do you want to save the current configuration (y/n)? n
-  This will reboot the entire switch and render it unavailable
-  until the process is complete.
-  Continue (y/n)? y
-  The system is going down for reboot.
-  Canceling a system reboot:
-  switch# boot system
-  Do you want to save the current configuration (y/n)? n
-  This will reboot the entire switch and render it unavailable
-  until the process is complete.
-  Continue (y/n)? n
-  Reboot aborted.
-  switch#
-----
-----
-====== Steps to get the support files for both the switches: ======
-**For SFTP**:
-  Switch# copy support-files all sftp:// user@Address of Local Server>/support-files.tar.gz vrf default
-**For TFTP**:
-  Switch# copy support-files all tftp:// Address of Local Server>/support-files.tar.gz vrf default
-  CS-2C-MDFHA-A# copy support-files all tftp://10.56.64.22/support-files.tar.gz vrf default
-  The operation to copy all support files could take a while to complete.
-  Do you want to continue (y/n)? y
-  Collection in progress...
-  Standby management module is not reachable
-  Unable to gather information from the standby management module
-  show tech output collection is in progress...
-  Done
-  Done
-  Attempting to copy...
-    % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
-                                   Dload  Upload   Total   Spent    Left  Speed
-69.8M    0     0   65 45.6M      0   467k  0:02:32  0:01:40  0:00:52  648k
-Please note on both the above cases you can use the specific VRF (ex, here we have used management VRF), if you do not specify a VRF, then it will take the default VRF
-OR
-Copy the support files to USB and then upload manually.
-**For USB**:
-For USB option, First you need to enable the USB and then you need to Mount, To do so
-  Switch#(config) usb mount
-Verification can be done by
-  Switch# show usb
-  enabled: yes
-  mounted: yes
-  Switch# copy support-files all usb://support-files.tar.gz
-After copied use this command to unmount the usb
-  Switch#(config) usb unmount
- USB should be formatted with FAT32 option before inserting to switch.
-----
-----
-====== Images ======
-  CS-2P-MDFHA-B(config-if-vlan)# show images
-  ---------------------------------------------------------------------------
-  ArubaOS-CX Primary Image
-  ---------------------------------------------------------------------------
-  Version : FL.10.13.1010
-  Size    : 998 MB
-  Date    : 2024-04-09 00:34:12 UTC
-  SHA-256 : 53bbd1354dd22bffa2df52b22fe8f2dd5cc05a10bcd9ae8c9e01fc93c830d0ec
-  ---------------------------------------------------------------------------
-  ArubaOS-CX Secondary Image
-  ---------------------------------------------------------------------------
-  Version : FL.10.09.1050
-  Size    : 872 MB
-  Date    : 2022-09-13 23:40:16 UTC
-  SHA-256 : 631640f32e58f3719f56b36474d02c98666a519fb7775d3b263a36783eaafcfd
-  Default Image : primary
-  Boot Profile Timeout : 5 seconds
-  ------------------------------------------------------
-  Management Module 1/1 (Active)
-  ------------------------------------------------------
-  Active Image       : primary
-  Service OS Version : FL.01.14.0002
-  BIOS Version       : FL.01.0002
-  CS-2P-MDFHA-A# boot system primary
-  Default boot image set to primary.
-  Checking if the configuration needs to be saved...
-  Do you want to save the current configuration (y/n)? y
-  The running configuration was saved to the startup configuration.
-  Checking for updates needed to programmable devices...
-  Done checking for updates.
-non-failsafe device(s) also need to be updated.
-  Please run the 'allow-unsafe-updates' command to enable these updates.
-  This will reboot the entire switch and render it unavailable
-  until the process is complete.
-  Continue (y/n)?
-----
-----
-====== Aruba 6300M Uplink Port Compatibility ======
-===== Summary =====
-During the deployment of a 10Gbps LAG between an Aruba 6300M and an Aruba 6400, the link failed to come up when using standard 10G SFP+ SR modules (e.g., JL260A) in ports 51 and 52. These ports are SFP28 with MACsec capabilities and may reject modules that do not support MACsec.
-After inserting the same SFP+ module into port 50 (SFP56 type, no MACsec), the link came up successfully at 10Gbps.
-This indicates that:
-  * Ports 51 and 52 require MACsec-capable transceivers.
-  * Ports 49 and 50 (SFP56) are fully backward compatible and work reliably with standard 10G SFP+ modules.
-  * It is recommended to use ports 49 and 50 for standard uplinks or non-MACsec LAGs.
-===== Uplink Port Compatibility Table =====
-^ Port       ^ Physical Type ^ Supported Speeds     ^ MACsec Support ^ Compatible Modules           ^ Recommended Use                           ^
-| 1/1/49     | SFP56         | 10G / 25G / 50G       | No             | SFP+, SFP28, SFP56            | Standard uplinks, LAGs, non-secure 10G    |
-| 1/1/50     | SFP56         | 10G / 25G / 50G       | No             | SFP+, SFP28, SFP56            | Standard uplinks, LAGs, non-secure 10G    |
-| 1/1/51     | SFP28         | 10G / 25G             | Yes            | SFP+ MACsec, SFP28 MACsec     | Secure uplinks only (MACsec modules)     |
-| 1/1/52     | SFP28         | 10G / 25G             | Yes            | SFP+ MACsec, SFP28 MACsec     | Secure uplinks only (MACsec modules)     |
-===== SFP/SFP+ Module Compatibility =====
-^ Module     ^ Speed     ^ MACsec Support ^ Compatible Ports ^ Notes                                      ^
-| JL260A     | 10G       | No             | 49, 50           | Standard SFP+ SR module, not for 51/52     |
-| JL261A     | 10G       | No             | 49, 50           | Standard SFP+ LR module                    |
-| JL685A     | 10G       | Yes            | 51, 52           | MACsec-capable SFP+ SR module              |
-| JL640A     | 25G       | Yes            | 51, 52           | SFP28 SR MACsec module                     |
-| JL563A     | 25G       | No             | 49, 50           | SFP28 SR non-MACsec module                 |
-===== Notes =====
-  * If a module is not MACsec-capable, it may not link on ports 51–52.
-  * Use the command ''show macsec summary'' to check MACsec status.
-  * Ensure both ends of a LAG use modules of the same type and speed.
-  * When in doubt, test modules on ports 49 or 50 for basic link validation.
-----
-----