Differences

This shows you the differences between two versions of the page.

--- aruba_networks:switch:6400:6400_configuration_example_script [2025/08/04 11:57] – [CLI Configuration – Aruba 6400] aperez
+++ aruba_networks:switch:6400:6400_configuration_example_script [2025/10/03 19:47] (current) – aperez
@@ Line 361: / Line 361: @@
 When IGMP snooping is not enabled, the snooping switch floods multicast packets to all hosts in a VLAN. IGMP L2 snooping switch provides the benefit of conserving bandwidth on those segments of the network where no node has expressed interest in receiving packets addressed to the group address. When IGMP snooping is enabled, the L2 snooping switch forwards multicast packets of known multicast groups to only the receivers.
+====== Multicast — UDP Ports and Recommended Addressing ======
+===== 1. General Concept =====
+* Multicast is based on **IP Multicast addresses (224.0.0.0 – 239.255.255.255)** + **UDP**.
+* **TCP is not applicable to multicast**, only UDP is viable.
+* **UDP ports** define the application/service that uses the multicast group.
+===== 2. Common UDP Ports in Multicast =====
+^ Application / Protocol              ^ Typical Multicast Address ^ UDP Port Used ^
+| **RTP/RTSP (Streaming)**            | 239.x.x.x / 232.x.x.x     | 5004–5005 |
+| **SAP/SDP (Session Announce)**      | 224.2.127.254             | 9875 |
+| **mDNS / AirGroup (Apple)**         | 224.0.0.251               | 5353 |
+| **SSDP / UPnP discovery**           | 239.255.255.250           | 1900 |
+| **NTP (multicast sync)**            | 224.0.1.1                 | 123 |
+| **OSPF (routing)**                  | 224.0.0.5 / 224.0.0.6     | (IP protocol, no UDP) |
+| **PIM / IGMP control**              | 224.0.0.x                 | (no UDP/TCP) |
+| **Videoconferencing (dynamic RTP)** | 239.x.x.x                 | 16384–32767 |
+| **IPTV / DVB**                      | 232.x.x.x / 239.x.x.x     | 5000–5500 |
+| **GDOI/GMS (Key management)**       | 224.0.0.x                 | 848 |
+===== 3. Recommended Addressing =====
+* **Administratively Scoped Range**: **239.0.0.0/8**
+  * Equivalent to “private IP” in multicast (similar to RFC1918 for unicast).
+  * Not routed on the Internet, designed for internal/private use.
+* Within this range it is recommended to:
+  * Allocate blocks **per project or application**, e.g.:
+    * 239.16.0.0/16 → Internal video traffic (e.g., 239.16.x.x).
+    * 239.20.0.0/16 → Telemetry and IoT sensors.
+  * Keep sub-ranges clearly separated to avoid overlap.
+* Avoid local control addresses (224.0.0.x) as they are reserved for routing protocols.
+* For IPTV, streaming, or lab testing, **239.16.x.x** or **239.20.x.x** are valid and safe inside a private network.
+===== 4. Restrictions =====
+* Avoid **reserved or widely used ports**:
+  * 123 (NTP), 1900 (SSDP), 5004 (RTP), 5353 (mDNS), 9875 (SAP).
+* Aruba CX (e.g., 6400) with IGMP Snooping **does not filter by UDP port**, only by multicast IP address.
+* Transport ports matter only for the **end application** (client/server).
+===== 5. Safe Port Recommendations =====
+* **Do not use:** 0–1023 (well-known).
+* **Safe for internal/lab services:**
+  * **20000–29999 UDP** → recommended for internal video/audio streams.
+  * **40000–49999 UDP** → good option for lab testing and telemetry.
+===== 6. Best Practices on Aruba =====
+* Validate group membership with:
+  ``show igmp-snooping groups vlan <ID>``
+* Confirm only interested ports receive traffic:
+  ``show ip igmp interface vlan <ID>``
+* Example:
+  * Group: **239.16.0.2**
+  * UDP Port: **20001**
+  * Traffic will be delivered **only** to ports that issued an **IGMP Join**.
+----
+**Summary:**
+✔ Multicast uses **UDP**.
+✔ Commonly occupied ports include 123, 1900, 5004, 5353, 9875.
+✔ To avoid conflicts, use internal ranges **20000–29999** or **40000–49999**.
+✔ For private addressing, use **239.0.0.0/8** (e.g., 239.16.x.x for video, 239.20.x.x for IoT) and separate per application.
 {{ :aruba_networks:switch:igmp-snooping-overview_603x386.png?600 | }}
@@ Line 1861: / Line 1931: @@
       description Vlan 508 ST
       vsx-sync active-gateways
-      ip mtu 9100
+      ip mtu 1500
       ip address 10.28.72.2/23
       active-gateway ip mac 12:01:00:00:01:00
@@ Line 1871: / Line 1941: @@
       description Vlan 514 AC
       vsx-sync active-gateways
-      ip mtu 9100
+      ip mtu 1500
       ip address 172.16.40.2/23
       active-gateway ip mac 12:01:00:00:01:00
@@ Line 1880: / Line 1950: @@
       description Vlan 530
       vsx-sync active-gateways
-      ip mtu 9100
+      ip mtu 1500
       ip address 10.28.216.2/23
       active-gateway ip mac 12:01:00:00:01:00
@@ Line 1939: / Line 2009: @@
       description Vlan 508 ST
       vsx-sync active-gateways
-      ip mtu 9100
+      ip mtu 1500
       ip address 10.28.72.3/23
       active-gateway ip mac 12:01:00:00:01:00
@@ Line 1949: / Line 2019: @@
       description Vlan 514 AC
       vsx-sync active-gateways
-      ip mtu 9100
+      ip mtu 1500
       ip address 172.16.40.3/23
       active-gateway ip mac 12:01:00:00:01:00
@@ Line 1958: / Line 2028: @@
       description Vlan 530
       vsx-sync active-gateways
-      ip mtu 9100
+      ip mtu 1500
       ip address 10.28.216.3/23
       active-gateway ip mac 12:01:00:00:01:00
@@ Line 2025: / Line 2095: @@
       description Vlan 708 ST
       vsx-sync active-gateways
-      ip mtu 9100
+      ip mtu 1500
       ip address 10.56.72.2/23
       active-gateway ip mac 12:01:00:00:01:00
@@ Line 2035: / Line 2105: @@
       description Vlan 714 AC
       vsx-sync active-gateways
-      ip mtu 9100
+      ip mtu 1500
       ip address 172.20.40.2/23
       active-gateway ip mac 12:01:00:00:01:00
@@ Line 2045: / Line 2115: @@
       description VLAN 730 9K
       vsx-sync active-gateways
-      ip mtu 9100
+      ip mtu 1500
       ip address 10.56.216.2/23
       active-gateway ip mac 12:01:00:00:01:00
@@ Line 2104: / Line 2174: @@
       description Vlan 708 ST
       vsx-sync active-gateways
-      ip mtu 9100
+      ip mtu 1500
       ip address 10.56.72.3/23
       active-gateway ip mac 12:01:00:00:01:00
@@ Line 2114: / Line 2184: @@
       description Vlan 714 AC
       vsx-sync active-gateways
-      ip mtu 9100
+      ip mtu 1500
       ip address 172.20.40.3/23
       active-gateway ip mac 12:01:00:00:01:00
@@ Line 2124: / Line 2194: @@
       description VLAN 730 9K
       vsx-sync active-gateways
-      ip mtu 9100
+      ip mtu 1500
       ip address 10.56.216.3/23
       active-gateway ip mac 12:01:00:00:01:00
@@ Line 2452: / Line 2522: @@
 <code>
+interface 1/1/15
+    description PTP Link to ARUBA 6300 IP: 172.18.32.42
+    no shutdown
+    mtu 9100
+    routing
+    ip address 172.18.32.41/30
+    ip ospf 1 area 0.0.0.0
+    ip ospf network point-to-point
+ip route 172.22.32.5/32 172.18.32.42
 interface loopback 1
-    ip address 172.22.32.3/32
+    ip address 172.22.32.6/32
     ip ospf 1 area 0.0.0.0
 interface vxlan 1
-    source ip 172.22.32.3
+    source ip 172.22.32.6
     inter-vxlan-bridging-mode static-evpn
     no shutdown
     vni 10001
         vlan 1
-        vtep-peer 172.22.32.4
+        vtep-peer 172.22.32.5
     vni 10700
         vlan 700
-        vtep-peer 172.22.32.4
+        vtep-peer 172.22.32.5
     ...
     vni 10732
         vlan 732
-        vtep-peer 172.22.32.4
+        vtep-peer 172.22.32.5
 router ospf 1
-    router-id 172.22.32.3
+    router-id 172.22.32.6
     area 0.0.0.0
-ip route 172.22.32.0/24 172.20.28.1
 </code>
-===== CLI Configuration – Aruba 6400 =====
+===== CLI Configuration – Aruba 6300 =====
 <code>
+interface 1/1/15
+    description PTP Link to ARUBA 6300 IP: 172.18.32.41
+    no shutdown
+    mtu 9100
+    routing
+    ip address 172.18.32.42/30
+    ip ospf 1 area 0.0.0.0
+    ip ospf network point-to-point
+ip route 172.22.32.6/32 172.18.32.41
 interface loopback 1
-    ip address 172.22.32.4/32
+    ip address 172.22.32.5/32
     ip ospf 1 area 0.0.0.0
 interface vxlan 1
-    source ip 172.22.32.4
+    source ip 172.22.32.5
     inter-vxlan-bridging-mode static-evpn
     no shutdown
     vni 10001
         vlan 1
-        vtep-peer 172.22.32.3
+        vtep-peer 172.22.32.6
     vni 10700
         vlan 700
-        vtep-peer 172.22.32.3
+        vtep-peer 172.22.32.6
     ...
     vni 10732
         vlan 732
-        vtep-peer 172.22.32.3
+        vtep-peer 172.22.32.6
 router ospf 1
-    router-id 172.22.32.4
+    router-id 172.22.32.6
     area 0.0.0.0
-ip route 172.22.32.0/24 172.20.28.1
 </code>
@@ Line 2513: / Line 2607: @@
 {{pdfjs 46em >:aruba_networks:switch:6400:vxlan_cli_ap.pdf}}
+----
+----
+{{ :cisco:switch:9500:mtu_utm_switch_6400_9500.pdf |}}
+{{pdfjs 46em >:cisco:switch:9500:mtu_utm_switch_6400_9500.pdf }}
+----
+----
+{{ :aruba_networks:switch:6400:mtu_pmtu.pdf |}}
+{{pdfjs 46em >:aruba_networks:switch:6400:mtu_pmtu.pdf }}
 ----
 ----