Differences

This shows you the differences between two versions of the page.

--- aruba_networks:switch:6400 [2024/06/26 22:18] – aperez
+++ aruba_networks:switch:6400 [2024/07/17 18:09] (current) – removed aperez
@@ Line 1: / Line 1: @@
-Aruba CX 6400v2 / 6200 Series Switches
-{{ youtube>e4evouQLb0I }}
-----
-----
-{{ youtube>1JKSd0HCRXg }}
-----
-----
-{{ :aruba_networks:switch:ds_6400series.pdf |}}
-{{pdfjs 46em >:aruba_networks:switch:ds_6400series.pdf}}
-{{ :aruba_networks:switch:ds_6400series_hpe.pdf |}}
-{{pdfjs 46em >:aruba_networks:switch:ds_6400series_hpe.pdf}}
-{{ :aruba_networks:switch:aruba_6400_igsg.pdf |}}
-{{pdfjs 46em >:aruba_networks:switch:aruba_6400_igsg.pdf}}
-{{ :aruba_networks:switch:fundamentals_6300-6400.pdf |}}
-{{pdfjs 46em >:aruba_networks:switch:fundamentals_6300-6400.pdf}}
-{{ :aruba_networks:switch:diagnostics_6300-6400.pdf |}}
-{{pdfjs 46em >:aruba_networks:switch:diagnostics_6300-6400.pdf}}
-----
-{{ :aruba_networks:switch:hpe_a00094242en_us_vsx_configuration_best_practices_for_aruba_cx_6400_8320_8325_8360_8400_v1.3.pdf |}}
-{{pdfjs 46em >:aruba_networks:switch:hpe_a00094242en_us_vsx_configuration_best_practices_for_aruba_cx_6400_8320_8325_8360_8400_v1.3.pdf}}
-----
-----
-====== Laboratory ======
-----
-----
-[[https://www.arubanetworks.com/techdocs/AOS-CX/10.09/HTML/vsx/Content/Chp_Ups_con/ups-con-opt.htm|Upstream connectivity options]]
-[[https://www.arubanetworks.com/techdocs/AOS-CX/10.10/HTML/link_aggregation/Content/Chp_LAG/LACP_LAG_cmds/lag-10.htm|LAG]]
-[[https://www.arubanetworks.com/techdocs/AOS-CX/10.09/HTML/link_aggregation/Content/Chp_LAG/con-l2-sta-agg-gro-10.htm|Configuring a Layer 2 static aggregation group]]
-[[https://www.arubanetworks.com/techdocs/AOS-CX/10.07/HTML/5200-7869/Content/Chp_LAG/con-l3-sta-agg-gro-10.htm|Configuring a Layer 3 static aggregation group]]
-[[https://www.arubanetworks.com/techdocs/AOS-CX/10.09/HTML/vsx/Content/Chp_Pre_tra_loss/kee-10.htm|Keepalive]]
-[[https://www.arubanetworks.com/techdocs/AOS-CX/10.07/HTML/5200-7888/Content/Chp_Start/int-swi-lin-isl-10.htm#:~:text=In%20the%20VSX%20solution%20topology,to%20its%20peer%20VSX%20switch.|Inter-Switch Link (ISL)]]
-  Note: ISL stands for Inter-Switch Link, and it is a Cisco proprietary protocol. It works by adding a 26-byte
-  header and a 4-byte trailer to the original Ethernet frame, creating a new ISL frame. The header contains the
-  VLAN ID, which identifies the VLAN to which the frame belongs;  ISL adds more overhead to the Ethernet frame
-  compared to IEEE 802.1Q due to its proprietary encapsulation, which can impact network performance, especially in
-  high-throughput environments. In contrast, IEEE 802.1Q has a lower overhead, making it more efficient in terms of
-  bandwidth utilization.
-**[[https://forum.huawei.com/enterprise/en/ne40e-software-version/thread/667247366849314816-667213852955258880|VLAN Aggregation Mode-------IEEE 802.1Q and ISL]]**
-----
-----
-====== IEEE 802.1Q ======
-IEEE 802.1Q, commonly known as "Dot One Q", is an IEEE-certified protocol for attaching VLAN identification information to data frames.
-Here, please recall the standard format of Ethernet data frames.
-The VLAN identification information attached by IEEE 802.1Q is located between the "Sending Source MAC Address" and the "Type Field" (Type Field) in the data frame. The specific content is 2 bytes of TPID (Tag Protocol Identifier) and 2 bytes of TCI (Tag Control Information), a total of 4 bytes.
-Add 4 bytes of content to the data frame, so the CRC value will naturally change. At this time, the CRC on the data frame is the value obtained by recalculating the entire data frame including them after inserting TPID and TCI.
-{{ :aruba_networks:switch:802.1q.png?600 |}}
-When the data frame leaves the aggregation link, the TPID and TCI will be removed, and a CRC recalculation will be performed at this time.
-The position of the TPID field in the Ethernet packet is the same as the position of the protocol type field in the packet without a VLAN tag. The value of TPID is fixed to 0x8100, which indicates the 802.1Q type carried by the network frame, and the switch uses it to determine that the IEEE 802.1Q-based VLAN information is attached to the data frame. The actual VLAN ID is 12 bits in TCI. Since there are 12 bits in total, up to 4096 VLANs can be identified.
-The VLAN information attached based on IEEE 802.1Q is like a tag attached when transferring items. Therefore, it is also called "Tagging VLAN" (Tagging VLAN).
-====== ISL (Inter-Switch Link) ======
-ISL is a protocol similar to IEEE 802.1Q supported by Cisco products for attaching VLAN information to the aggregation link.
-After using ISL, 26 bytes of "ISL Header" will be appended to the header of each data frame, and 4 words obtained by calculating the entire data frame including the ISL header on the frame tail band Section CRC value. In other words, a total of 30 bytes of information have been added.
-In an environment where ISL is used, when a data frame leaves the convergence link, simply remove the ISL header and the new CRC. Since the original data frame and its CRC are completely preserved, there is no need to recalculate the CRC.
-{{ :aruba_networks:switch:isl.png?600 |}}
-ISL is like wrapping the entire original data frame with an ISL header and a new CRC, so it is also called an "Encapsulated VLAN" (Encapsulated VLAN).
-It should be noted that neither the "Tagging VLAN" of IEEE802.1Q or the "Encapsulated VLAN" of ISL is a very strict term. In different books and reference materials, the above words may be mixed and used, so you need to pay special attention when studying.
-And because ISL is a Cisco unique protocol, it can only be used for interconnection between Cisco network devices.
-----
-----
-**[[networking:mtu|¿Maximum transmission unit - MTU -)?]]**
-[[https://techhub.hpe.com/eginfolib/networking/docs/switches/RA/15-18/5998-8161_ra_2620_mcg/content/ch05s04.html#:~:text=This%20is%20the%20value%20of%20the%20global%20jumbos%20IP%20MTU,size%20and%20ip%2Dmtu%20configuration.|Jumbo frames]]
-  Note: For Ethernet networks, the recommended MTU size is usually 9000 bytes. This is because Ethernet networks
-  are designed to handle larger frames, making it easier to achieve higher performance with JUMBO Frames.
-  Note: What is MTU 9198 (Jumbo frames)?; this is the value of the global jumbos IP MTU (or L3 MTU) supported by
-  the switch. The default value is set to 9198 bytes (a value that is 18 bytes less than the largest possible
-  maximum frame size of 9216 bytes). This object can be used only in switches that support max-frame-size and ip-
-  mtu configuration.
-  Note: What is the best MTU setting (WAN)?; it is generally recommended that the MTU for a WAN interface connected
-  to a PPPoE DSL network be 1492. In fact, with auto MTU discovery, 1492 is discovered to be the maximum allowed
-  MTU. However, having an MTU of 1452 is most optimal.
-----
-----
-**[[networking:poe:what_is_power_over_ethernet_poe|¿What is power over ethernet PoE?]]**
-----
-----
-**VSX/VSF - CLI test configuration**
-----
-----
-{{ :aruba_networks:switch:2.aos-cx-simulator-vsx-part-2-lab-guide.pdf |}}
-{{pdfjs 46em >:aruba_networks:switch:2.aos-cx-simulator-vsx-part-2-lab-guide.pdf}}
-{{ :aruba_networks:switch:modelo0.jpg?600 |}}
-{{ :aruba_networks:switch:modelo1.jpg?600 |}}
-{{ :aruba_networks:switch:modelo2.jpg?600 |}}
-{{ :aruba_networks:switch:modelo3.jpg?600 |}}
-{{ :aruba_networks:switch:modelo4.jpg?600 |}}
-{{ :aruba_networks:switch:modelo5.jpg?600 |}}
-----
-----
-**Virtual MAC and System-MAC Guidance**
-One of the main VSX best practice is to set VSX system-mac and not leave it blank with default HW system-mac being used. By doing so, the VSX system-mac is independent from the physical hardware MAC address and in case of hardware replacement of the VSX primary, the new switch can be configured with the same configuration than the previous primary unit with no impact on the VSX secondary as the cluster ID remains unchanged. With such practice, VSX primary HW replacement is hitless for the VSX secondary. (Otherwise the VSX secondary would have to join a new cluster ID, ID from VSX primary, and would turn-off temporary its VSX LAG ports).
-Please use locally administered unicast MAC Address when assigning system-mac or active-gateway virtual MAC address. There are 4 ranges reserved for private use for unicast (with second least significant bit of the first octet of the unicast address set to 1). x is any Hexadecimal value.
-  *  x2-xx-xx-xx-xx-xx
-  *  x6-xx-xx-xx-xx-xx
-  *  xA-xx-xx-xx-xx-xx
-  *  xE-xx-xx-xx-xx-xx
-In this document, **02:01:00:00:01:00** is used or **system-mac** and **12:01:00:00:01:00** is used for **active-gateway Virtual MAC.**
-{{ :aruba_networks:switch:cluster_id.jpg?600 |}}
-The scope of this VMAC is purely link-local. Consequently, __**the same Virtual MAC address value can be used on any L3 VLAN interface (SVI)**__.
-If some servers or systems have dual-attachment to two different SVIs, and the system administrator would like to see distinct MAC addresses for the next-hops over these separate interfaces, then 16 VMACs are available. For dual-stack IPv4 and IPv6, 16 VMACs can be used for IPv4 and the same VMACs can be used for IPv6. It is however a best practice to use only 8 VMACs for IPv4 and 8 different VMACs for IPV6.
-----
-----
-  Note: any other allocation rules can be chosen according to administrative rules in place by the network
-  operational team. Multicast orbroadcast MAC addresses must not be used for System-mac.
-----
-----
-**vsx-sync**
-{{ :aruba_networks:switch:csx_option.jpg?600 |}}
-[[https://www.arubanetworks.com/techdocs/AOS-CX/10.07/HTML/5200-7888/Content/VSX_cmds/vsx-syn-10.htm|vsx-sync]]
-----
-**Switch 8360-1**
-----
--1#conf
--1#hotname 8360-1
--1#int mgmt
--1#ip static 10.1.1.12/24
--1#no shut
--1#end
--1#wr mem
--1#sh ver
-  //must have the same software version//
--1#int lag 256
--1#no shut
--1#description ISL Link
--1#no routing
--1#vlan trunk native 1
--1#vlan trunk allowed all
--1#lacp mode active
--1#exit
-  //over QSFP28 DAC X 2 //
--1#interface 1/1/25
--1#no shut
--1#mtu 9198
--1#description ISL port 1
--1#lag 256
--1#interface 1/1/26
--1#no shut
--1#mtu 9198
--1#description ISL port 2
--1#lag 256
--1#exit
--1#wr mem
--1#sh interface lag 256
--1#sh lacp interfaces
-  //over SFP+ DAC//
--1#config t
--1#vrf keepAlive
--1#exit
--1#interface 1/1/24
--1#no shut
--1#vrf attach keepAlive
--1#routing
--1#ip address 192.168.99.1/30
--1#end
--1#wr mem
-  //test//
--1#ping 192.168.99.2 vrf keepAlive
--1#conf
--1#vsx
--1#system-mac 02:01:00:00:01:00
--1#inter-switch-link lag 256
--1#role primary
--1#vsx-sync vsx-global
--1#end
--1#wr mem
--1#sh vsx status
--1#sh run | begin vsx
--1#sh run vsx-sync
--1#sh vsx brief
--1#conf
--1#vsx
--1#keepalive peer 192.168.99.2 source 192.168.99.1 vrf keepAlive
--1#end
--1#wr mem
--1#sh vsx brief
--1#sh vsx status config-sync
--1#conf
--1#vsx
--1#vsx-sync aaa acl-log-timer bfd-global bgp copp-policy dhcp-relay dhcp-server dns icmp-tcp lldp loop-
-  protect-global mac-lockout mclag-interfaces neighbor ospf qos-global route-map sflow-global snmp ssh stp-global
-  time vsx-global
--1#end
--1#wr mem
-  //Lag multi-chassis//
--1#config
--1#interface lag 1 multi-chassis
--1#description Access VSX LAG
--1#no shut
--1#vlan trunk allowed 10,20
--1#exit
--1#interface 1/1/1
--1#no shut
--1#mtu 9100
--1#description LAG1 Port
--1#lag 1
--1#end
--1#wr mem
-  //VLAN 10 - VIP - 10.1.10.1//
-  //VLAN 20 - VIP - 10.1.20.1//
--1#conf
--1#interface vlan 10
--1#vsx-sync active-gateways
--1#ip mtu 9100
--1#ip address 10.1.10.2/24
--1#active-gateway ip mac 12:01:00:00:01:00
--1#active-gateway ip 10.1.10.1
--1#no shut
--1#exit
--1#interface vlan 20
--1#vsx-sync active-gateways
--1#ip mtu 9100
--1#ip address 10.1.20.2/24
--1#active-gateway ip mac 12:01:00:00:01:00
--1#active-gateway ip 10.1.20.1
--1#end
--1#wr mem
--1#
--1#
-**Enabling or disabling IGMP snooping**
-  switch(config)# vlan 2
-  switch(config-vlan)# ip igmp snooping enable
-  switch(config-vlan)# ip igmp snooping version 2
-**Enabling or disabling IGMP**
-  switch(config)# interface vlan 2
-  switch(config-if-vlan)# ip igmp enable
-**ip igmp querier**
-  switch(config)# vlan 2
-  switch(config)# interface vlan 2
-  switch(config-if-vlan)# ip igmp enable
-  switch(config-if-vlan)# ip igmp querier
-**[[https://www.arubanetworks.com/techdocs/AOS-CX/10.08/HTML/multicast_4100i-6000-6100/Content/Chp_igmp_sno/igm-sno.htm|AOS-CX 10.08 Multicast Guide]]**
-{{ :aruba_networks:switch:igmp-snooping-overview_603x386.png?600 | }}
-----
-**Switch 8360-2**
-----
--2#conf
--2#hotname 8360-2
--2#int mgmt
--2#ip static 10.1.1.11/24
--2#no shut
--2#end
--2#wr mem
--2#int lag 256
--2#no shut
--2#description ISL Link
--2#no routing
--2#vlan trunk native 1
--2#vlan trunk allowed all
--2#lacp mode active
--2#exit
-  //over QSFP28 DAC X 2 //
--2#interface 1/1/25
--2#no shut
--2#mtu 9198
--2#description ISL port 1
--2#lag 256
--2#interface 1/1/26
--2#no shut
--2#mtu 9198
--2#description ISL port 2
--2#lag 256
--2#exit
--2#wr mem
--2#sh interface lag 256
--2#sh lacp interfaces
-  //over SFP+ DAC//
--2#config t
--2#vrf keepAlive
--2#exit
--2#interface 1/1/24
--2#no shut
--2#vrf attach keepAlive
--2#routing
--2#ip address 192.168.99.2/30
--2#end
--2#wr mem
-  //test//
--2#ping 192.168.99.1 vrf keepAlive
--2#config
--2#vsx
--2#inter-switch-link lag 256
--2#role secondary
--2#end
--2#wr mem
--2#sh vsx status
--2#sh run | begin vsx
--2#sh vsx brief
--2#conf
--2#vsx
--2#keepalive peer 192.168.99.1 source 192.168.99.2 vrf keepAlive
--2#end
--2#wr mem
--2#sh vsx brief
--2#sh vsx status keepAlive
--2#sh run | beg vsx
--2#vlan 10,20
--2#vsx-sync
--2#exit
--2#wr mem
--2#sh vlan
-  //Lag multi-chassis//
--2#conf
--2#interface lag 1 multi-chassis
--2#no shut
--2#exit
--2#interface 1/1/1
--2#no shut
--2#mtu 9100
--2#description LAG1 Port
--2#lag 1
--2#end
--2#wr mem
--2#sh run int lag 1
-  //VLAN 10 - VIP - 10.1.10.1//
-  //VLAN 20 - VIP - 10.1.20.1//
--2#conf
--2#interface vlan 10
--2#ip mtu 9100
--2#ip address 10.1.10.3/24
--2#no shut
--2#exit
--2#interface vlan 20
--2#ip mtu 9100
--2#ip address 10.1.20.3/24
--2#no shut
--2#exit
--2#end
--2#wr mem
--2#sh run int vlan 10
--2#sh vsx status
--2#sh vsx brief
-**Enabling or disabling IGMP snooping**
-  switch(config)# vlan 2
-  switch(config-vlan)# ip igmp snooping enable
-  switch(config-vlan)# ip igmp snooping version 2
-**Enabling or disabling IGMP**
-  switch(config)# interface vlan 2
-  switch(config-if-vlan)# ip igmp enable
-**ip igmp querier**
-  switch(config)# vlan 2
-  switch(config)# interface vlan 2
-  switch(config-if-vlan)# ip igmp enable
-  switch(config-if-vlan)# ip igmp querier
-----
-**VSF**
-----
-----
-**Switch 6200-1**
-----
--1#conf
--1#hotname 6200-1
--1#int mgmt
--1#ip static 10.1.1.21/24
--1#no shut
--1#end
--1#wr mem
--1#conf
--1#vsf member 1
--1#link 1 1/1/27
--1#link 2 1/1/28
--1#exit
--1#vsf secondary-member 2
-  this will save the configuration and reboot the specified switch.
-  Do you want to continue (y/n)? y
--1#end
--1#wr mem
--1#conf
--1#vlan 10,20
--1#no shut
--1#exit
--1#interface lag 1
--1#no shut
--1#vlan trunk allowed 10,20
--1#lacp
--1#lacp mode active
--1#exit
--1#interface 1/1/25,2/1/25
--1#no shut
--1#mtu 9100
--1#lag 1
--1#exit
--1#int 1/1/1
--1#no shut
--1#vlan access 10
--1#end
--1#wr mem
-  //SFP+ DAC (ARUBAOS)//
--1#sh lacp interfaces multi-chassis
--1#
-----
-**Switch 6200-2**
-----
--2#conf
--2#hotname 6200-2
--2#int mgmt
--2#ip static 10.1.1.22/24
--2#no shut
--2#end
--2#wr mem
--2#conf
--2#vsf member 1
--2#link 1 1/1/27
--2#link 2 1/1/28
--2#end
--2#conf
--2#vsf renumber-to 2
-  this will save the VSF configuration and reboot the switch.
-  Do you want to continue (y/n)? y
--2#end
--2#wr mem
-----
-**Verification setting**
-----
--1#sh vsf
--1#sh vsf link
--1#sh vsf topology
--1#
--1#
-----
-----
-{{ :aruba_networks:switch:aos-cx_simulator_lab_-_ipv4_dhcp_lab_guide.pdf |}}
-{{pdfjs 46em >:aruba_networks:switch:aos-cx_simulator_lab_-_ipv4_dhcp_lab_guide.pdf}}
-----
-----
-**[[networking:private_ip_address_ranges|Private IP Address Ranges]]**
-----
-----
-[[https://lite.ip2location.com/united-states-of-america-ip-address-ranges?lang=es|United States of America rangos de direcciones IP]]
-[[https://www.lookip.net/|Lookup IP Tools]]
-----
-----
-**[[networking:small_form_factor_pluggable_sfp_p|Small Form-factor Pluggable]]**
-----
-----
-**[[https://community.fs.com/article/qinq-vs-vlan-vs-vxlan.html|QinQ vs VLAN vs VXLAN: A Comprehensive Introduction of Switch Functions]]**
-----
-----
-**[[https://www.juniper.net/mx/es/research-topics/what-is-evpn-vxlan.html|¿What is EVPN-VXLAN?]]**
-----
-----
-**Redundancy with opnsense UTM**
-{{ :aruba_networks:switch:opnsense.png?600 |}}
-----
-----
-**[[networking:eir-pir-mbs-cir-cbs|EIR-PIR-MBS-CIR-CBS]]**
-----
-----
-**[[networking:shannon_theorem|Shannon's theorem]]**
-----
-----
-**[[cybersecurity:ztna|¿How Does ZTNA Work?]]**
-----
-----
-**[[dell:switch:dell_emc_switch_n3048p|Dell EMC Networking N-Series N1100-ON, N1500, N2000, N2100-ON, N3000, N3000-ON, N3100-ON, and N4000 Switches CLI Reference Guide]]**
-----
-----