This is an old revision of the document!
Table of Contents
Aruba CX 6400v2 / 6200 Series Switches
AOS-CX 10.10 IP Services Guide 6300, 6400 Switch Series
AOS-CX 10.10 IP Services Guide 6300, 6400 Switch Series
hpe_a00094242en_us_vsx_configuration_best_practices_for_aruba_cx_6400_8320_8325_8360_8400_v1.3.pdf
Laboratory
Configuring a Layer 2 static aggregation group
Configuring a Layer 3 static aggregation group
Note: ISL stands for Inter-Switch Link, and it is a Cisco proprietary protocol. It works by adding a 26-byte header and a 4-byte trailer to the original Ethernet frame, creating a new ISL frame. The header contains the VLAN ID, which identifies the VLAN to which the frame belongs; ISL adds more overhead to the Ethernet frame compared to IEEE 802.1Q due to its proprietary encapsulation, which can impact network performance, especially in high-throughput environments. In contrast, IEEE 802.1Q has a lower overhead, making it more efficient in terms of bandwidth utilization.
VLAN Aggregation Mode-------IEEE 802.1Q and ISL
IEEE 802.1Q
IEEE 802.1Q, commonly known as “Dot One Q”, is an IEEE-certified protocol for attaching VLAN identification information to data frames.
Here, please recall the standard format of Ethernet data frames.
The VLAN identification information attached by IEEE 802.1Q is located between the “Sending Source MAC Address” and the “Type Field” (Type Field) in the data frame. The specific content is 2 bytes of TPID (Tag Protocol Identifier) and 2 bytes of TCI (Tag Control Information), a total of 4 bytes.
Add 4 bytes of content to the data frame, so the CRC value will naturally change. At this time, the CRC on the data frame is the value obtained by recalculating the entire data frame including them after inserting TPID and TCI.
When the data frame leaves the aggregation link, the TPID and TCI will be removed, and a CRC recalculation will be performed at this time.
The position of the TPID field in the Ethernet packet is the same as the position of the protocol type field in the packet without a VLAN tag. The value of TPID is fixed to 0x8100, which indicates the 802.1Q type carried by the network frame, and the switch uses it to determine that the IEEE 802.1Q-based VLAN information is attached to the data frame. The actual VLAN ID is 12 bits in TCI. Since there are 12 bits in total, up to 4096 VLANs can be identified.
The VLAN information attached based on IEEE 802.1Q is like a tag attached when transferring items. Therefore, it is also called “Tagging VLAN” (Tagging VLAN).
ISL (Inter-Switch Link)
ISL is a protocol similar to IEEE 802.1Q supported by Cisco products for attaching VLAN information to the aggregation link.
After using ISL, 26 bytes of “ISL Header” will be appended to the header of each data frame, and 4 words obtained by calculating the entire data frame including the ISL header on the frame tail band Section CRC value. In other words, a total of 30 bytes of information have been added.
In an environment where ISL is used, when a data frame leaves the convergence link, simply remove the ISL header and the new CRC. Since the original data frame and its CRC are completely preserved, there is no need to recalculate the CRC.
ISL is like wrapping the entire original data frame with an ISL header and a new CRC, so it is also called an “Encapsulated VLAN” (Encapsulated VLAN).
It should be noted that neither the “Tagging VLAN” of IEEE802.1Q or the “Encapsulated VLAN” of ISL is a very strict term. In different books and reference materials, the above words may be mixed and used, so you need to pay special attention when studying.
And because ISL is a Cisco unique protocol, it can only be used for interconnection between Cisco network devices.
¿Maximum transmission unit - MTU -)?
Note: For Ethernet networks, the recommended MTU size is usually 9000 bytes. This is because Ethernet networks are designed to handle larger frames, making it easier to achieve higher performance with JUMBO Frames.
Note: What is MTU 9198 (Jumbo frames)?; this is the value of the global jumbos IP MTU (or L3 MTU) supported by the switch. The default value is set to 9198 bytes (a value that is 18 bytes less than the largest possible maximum frame size of 9216 bytes). This object can be used only in switches that support max-frame-size and ip- mtu configuration.
Note: What is the best MTU setting (WAN)?; it is generally recommended that the MTU for a WAN interface connected to a PPPoE DSL network be 1492. In fact, with auto MTU discovery, 1492 is discovered to be the maximum allowed MTU. However, having an MTU of 1452 is most optimal.
¿What is power over ethernet PoE?
VSX/VSF - CLI test configuration
2.aos-cx-simulator-vsx-part-2-lab-guide.pdf
Virtual MAC and System-MAC Guidance
One of the main VSX best practice is to set VSX system-mac and not leave it blank with default HW system-mac being used. By doing so, the VSX system-mac is independent from the physical hardware MAC address and in case of hardware replacement of the VSX primary, the new switch can be configured with the same configuration than the previous primary unit with no impact on the VSX secondary as the cluster ID remains unchanged. With such practice, VSX primary HW replacement is hitless for the VSX secondary. (Otherwise the VSX secondary would have to join a new cluster ID, ID from VSX primary, and would turn-off temporary its VSX LAG ports).
Please use locally administered unicast MAC Address when assigning system-mac or active-gateway virtual MAC address. There are 4 ranges reserved for private use for unicast (with second least significant bit of the first octet of the unicast address set to 1). x is any Hexadecimal value.
- x2-xx-xx-xx-xx-xx
- x6-xx-xx-xx-xx-xx
- xA-xx-xx-xx-xx-xx
- xE-xx-xx-xx-xx-xx
In this document, 02:01:00:00:01:00 is used or system-mac and 12:01:00:00:01:00 is used for active-gateway Virtual MAC.
The scope of this VMAC is purely link-local. Consequently, the same Virtual MAC address value can be used on any L3 VLAN interface (SVI).
If some servers or systems have dual-attachment to two different SVIs, and the system administrator would like to see distinct MAC addresses for the next-hops over these separate interfaces, then 16 VMACs are available. For dual-stack IPv4 and IPv6, 16 VMACs can be used for IPv4 and the same VMACs can be used for IPv6. It is however a best practice to use only 8 VMACs for IPv4 and 8 different VMACs for IPV6.
Note: any other allocation rules can be chosen according to administrative rules in place by the network operational team. Multicast orbroadcast MAC addresses must not be used for System-mac.
vsx-sync
Switch 8360-1
8360-1#conf 8360-1#hotname 8360-1 8360-1#int mgmt 8360-1#ip static 10.1.1.12/24 8360-1#no shut 8360-1#end 8360-1#wr mem 8360-1#sh ver //must have the same software version// 8360-1#int lag 256 8360-1#no shut 8360-1#description ISL Link 8360-1#no routing 8360-1#vlan trunk native 1 8360-1#vlan trunk allowed all 8360-1#lacp mode active 8360-1#exit //over QSFP28 DAC X 2 // 8360-1#interface 1/1/25 8360-1#no shut 8360-1#mtu 9198 8360-1#description ISL port 1 8360-1#lag 256 8360-1#interface 1/1/26 8360-1#no shut 8360-1#mtu 9198 8360-1#description ISL port 2 8360-1#lag 256 8360-1#exit 8360-1#wr mem 8360-1#sh interface lag 256 8360-1#sh lacp interfaces //over SFP+ DAC// 8360-1#config t 8360-1#vrf keepAlive 8360-1#exit 8360-1#interface 1/1/24 8360-1#no shut 8360-1#vrf attach keepAlive 8360-1#routing 8360-1#ip address 192.168.99.1/30 8360-1#end 8360-1#wr mem //test// 8360-1#ping 192.168.99.2 vrf keepAlive 8360-1#conf 8360-1#vsx 8360-1#system-mac 02:01:00:00:01:00 8360-1#inter-switch-link lag 256 8360-1#role primary 8360-1#vsx-sync vsx-global 8360-1#end 8360-1#wr mem 8360-1#sh vsx status 8360-1#sh run | begin vsx 8360-1#sh run vsx-sync 8360-1#sh vsx brief 8360-1#conf 8360-1#vsx 8360-1#keepalive peer 192.168.99.2 source 192.168.99.1 vrf keepAlive 8360-1#end 8360-1#wr mem 8360-1#sh vsx brief 8360-1#sh vsx status config-sync 8360-1#conf 8360-1#vsx 8360-1#vsx-sync aaa acl-log-timer bfd-global bgp copp-policy dhcp-relay dhcp-server dns icmp-tcp lldp loop- protect-global mac-lockout mclag-interfaces neighbor ospf qos-global route-map sflow-global snmp ssh stp-global time vsx-global 8360-1#end 8360-1#wr mem //Lag multi-chassis// 8360-1#config 8360-1#interface lag 1 multi-chassis 8360-1#description Access VSX LAG 8360-1#no shut 8360-1#vlan trunk allowed 10,20 8360-1#exit 8360-1#interface 1/1/1 8360-1#no shut 8360-1#mtu 9100 8360-1#description LAG1 Port 8360-1#lag 1 8360-1#end 8360-1#wr mem //VLAN 10 - VIP - 10.1.10.1// //VLAN 20 - VIP - 10.1.20.1// 8360-1#conf 8360-1#interface vlan 10 8360-1#vsx-sync active-gateways 8360-1#ip mtu 9100 8360-1#ip address 10.1.10.2/24 8360-1#active-gateway ip mac 12:01:00:00:01:00 8360-1#active-gateway ip 10.1.10.1 8360-1#no shut 8360-1#exit 8360-1#interface vlan 20 8360-1#vsx-sync active-gateways 8360-1#ip mtu 9100 8360-1#ip address 10.1.20.2/24 8360-1#active-gateway ip mac 12:01:00:00:01:00 8360-1#active-gateway ip 10.1.20.1 8360-1#end 8360-1#wr mem 8360-1# 8360-1#
Enabling or disabling IGMP snooping
switch(config)# vlan 2 switch(config-vlan)# ip igmp snooping enable switch(config-vlan)# ip igmp snooping version 2
Enabling or disabling IGMP
switch(config)# interface vlan 2 switch(config-if-vlan)# ip igmp enable
ip igmp querier
switch(config)# vlan 2 switch(config)# interface vlan 2 switch(config-if-vlan)# ip igmp enable switch(config-if-vlan)# ip igmp querier
IGMP snooping runs on a Layer 2 device as a multicast constraining mechanism to improve multicast forwarding efficiency. It creates Layer 2 multicast forwarding entries from IGMP packets that are exchanged between the hosts and the router.
When IGMP snooping is not enabled, the snooping switch floods multicast packets to all hosts in a VLAN. IGMP L2 snooping switch provides the benefit of conserving bandwidth on those segments of the network where no node has expressed interest in receiving packets addressed to the group address. When IGMP snooping is enabled, the L2 snooping switch forwards multicast packets of known multicast groups to only the receivers.
multicast_6200-6300-6400-8xxx.pdf
access-list ip mygroup
10 permit any any 239.1.1.1/24
access-list ip mygroup1
10 permit any any any
vlan 1
ip igmp snooping enable
ip igmp snooping version 2
ip igmp snooping apply access-list mygroup
vlan 500
name ServerVM
ip igmp snooping enable
ip igmp snooping version 2
ip igmp snooping apply access-list mygroup
vlan 501
name ServerStack
ip igmp snooping enable
ip igmp snooping version 2
ip igmp snooping apply access-list mygroup
vlan 502
name ISP1
ip igmp snooping enable
ip igmp snooping version 2
ip igmp snooping apply access-list mygroup
vlan 503
name ISP2
ip igmp snooping enable
ip igmp snooping version 2
ip igmp snooping apply access-list mygroup
vlan 504
name ISP3
ip igmp snooping enable
ip igmp snooping version 2
ip igmp snooping apply access-list mygroup
vlan 505
name LAN-UTM
ip igmp snooping enable
ip igmp snooping version 2
ip igmp snooping apply access-list mygroup
vlan 506
name WIFI-AP
ip igmp snooping enable
ip igmp snooping version 2
ip igmp snooping apply access-list mygroup
vlan 507
name VIP
ip igmp snooping enable
ip igmp snooping version 2
ip igmp snooping apply access-list mygroup
vlan 508
name ST
ip igmp snooping enable
ip igmp snooping version 2
ip igmp snooping apply access-list mygroup
vlan 509
name Staff
ip igmp snooping enable
ip igmp snooping version 2
ip igmp snooping apply access-list mygroup
vlan 510
name Teacher
ip igmp snooping enable
ip igmp snooping version 2
ip igmp snooping apply access-list mygroup
vlan 511
name Students
ip igmp snooping enable
ip igmp snooping version 2
ip igmp snooping apply access-list mygroup
vlan 512
name Accounting
ip igmp snooping enable
ip igmp snooping version 2
ip igmp snooping apply access-list mygroup
vlan 513
name Printer
ip igmp snooping enable
ip igmp snooping version 2
ip igmp snooping apply access-list mygroup
vlan 514
name AC
ip igmp snooping enable
ip igmp snooping version 2
ip igmp snooping apply access-list mygroup
vlan 515
name iDRAC
ip igmp snooping enable
ip igmp snooping version 2
ip igmp snooping apply access-list mygroup
vlan 516
name KVM
ip igmp snooping enable
ip igmp snooping version 2
ip igmp snooping apply access-list mygroup
vlan 517
name Guest
ip igmp snooping enable
ip igmp snooping version 2
ip igmp snooping apply access-list mygroup
vlan 518
name VoIP
ip igmp snooping enable
ip igmp snooping version 2
ip igmp snooping apply access-list mygroup
vlan 519
name IoT
ip igmp snooping enable
ip igmp snooping version 2
ip igmp snooping apply access-list mygroup
vlan 520
name Cameras
ip igmp snooping enable
ip igmp snooping version 2
ip igmp snooping apply access-list mygroup
vlan 521
name VC
ip igmp snooping enable
ip igmp snooping version 2
ip igmp snooping apply access-list mygroup
vlan 522
name VPN
ip igmp snooping enable
ip igmp snooping version 2
ip igmp snooping apply access-list mygroup
vlan 523
ip igmp snooping enable
ip igmp snooping version 2
ip igmp snooping apply access-list mygroup
vlan 524
ip igmp snooping enable
ip igmp snooping version 2
ip igmp snooping apply access-list mygroup
vlan 525
ip igmp snooping enable
ip igmp snooping version 2
ip igmp snooping apply access-list mygroup
interface vlan 1
ip igmp enable
ip igmp version 2
ip igmp querier
ip igmp querier interval 100
interface vlan 500
ip igmp enable
ip igmp version 2
ip igmp querier
ip igmp querier interval 100
interface vlan 501
ip igmp enable
ip igmp version 2
ip igmp querier
ip igmp querier interval 100
interface vlan 505
ip igmp enable
ip igmp version 2
ip igmp querier
ip igmp querier interval 100
interface vlan 506
ip igmp enable
ip igmp version 2
ip igmp querier
ip igmp querier interval 100
interface vlan 507
ip igmp enable
ip igmp version 2
ip igmp querier
ip igmp querier interval 100
interface vlan 508
ip igmp enable
ip igmp version 2
ip igmp querier
ip igmp querier interval 100
interface vlan 509
ip igmp enable
ip igmp version 2
ip igmp querier
ip igmp querier interval 100
interface vlan 510
ip igmp enable ip igmp version 2 ip igmp querier ip igmp querier interval 100 interface vlan 511 ip igmp enable ip igmp version 2 ip igmp querier ip igmp querier interval 100 interface vlan 512 ip igmp enable ip igmp version 2 ip igmp querier ip igmp querier interval 100 interface vlan 513 ip igmp enable ip igmp version 2 ip igmp querier ip igmp querier interval 100 interface vlan 514 ip igmp enable ip igmp version 2 ip igmp querier ip igmp querier interval 100 interface vlan 515 ip igmp enable ip igmp version 2 ip igmp querier ip igmp querier interval 100 interface vlan 516 ip igmp enable ip igmp version 2 ip igmp querier ip igmp querier interval 100 interface vlan 517 ip igmp enable ip igmp version 2 ip igmp querier ip igmp querier interval 100 interface vlan 518 ip igmp enable ip igmp version 2 ip igmp querier ip igmp querier interval 100 interface vlan 519 ip igmp enable ip igmp version 2 ip igmp querier ip igmp querier interval 100 interface vlan 520 ip igmp enable ip igmp version 2 ip igmp querier ip igmp querier interval 100 interface vlan 521 ip igmp enable ip igmp version 2 ip igmp querier ip igmp querier interval 100 interface vlan 522 ip igmp enable ip igmp version 2 ip igmp querier ip igmp querier interval 100 interface vlan 523 ip igmp enable ip igmp version 2 ip igmp querier ip igmp querier interval 100 interface vlan 524 ip igmp enable ip igmp version 2 ip igmp querier ip igmp querier interval 100 interface vlan 525 ip igmp enable ip igmp version 2 ip igmp querier ip igmp querier interval 100
DHCP relay
DHCP relay is enabled by default. If it was previously disabled, enable it.
Switch A:
switch#config switch(config)#dhcp-relay switch(config)#dhcp-smart-relay
switch(config)#interface vlan 508 switch(config-if-vlan)#description Vlan 508 ST switch(config-if-vlan)#vsx-sync active-gateways switch(config-if-vlan)#ip mtu 9100 switch(config-if-vlan)#ip address 10.28.72.2/23 switch(config-if-vlan)#active-gateway ip mac 12:01:00:00:01:00 switch(config-if-vlan)#active-gateway ip 10.28.72.1 switch(config-if-vlan)#ip helper-address 10.28.64.22
Switch B:
switch#config switch(config)#dhcp-relay switch(config)#dhcp-smart-relay
switch(config)#interface vlan 508 switch(config-if-vlan)#description Vlan 508 ST switch(config-if-vlan)#vsx-sync active-gateways switch(config-if-vlan)#ip mtu 9100 switch(config-if-vlan)#ip address 10.28.72.3/23 switch(config-if-vlan)#active-gateway ip mac 12:01:00:00:01:00 switch(config-if-vlan)#active-gateway ip 10.28.72.1 switch(config-if-vlan)#ip helper-address 10.28.64.22
Other scenarios:
switch#config switch(config)#dhcp-relay switch(config)#dhcp-smart-relay switch(config)#interface 1/1/1 switch(config-if)#ip address 192.168.2.11/24 switch(config-if)#ip helper-address 192.168.1.1 switch(config-if)#interface 1/1/2 switch(config-if)#ip address 192.168.2.12/24 switch(config-if)#ip helper-address1 92.168.1.1
switch(config-if-vlan)#show dhcp-relay switch(config-if-vlan)#show ip helper-address
DHCP-SERVER
enabled the DHCPv4 server on VRF primary.
Option1: switch(config)# dhcp-server vrf primary switch(config-dhcp-server)# enable Option2: switch(config)# dhcp-server vrf default switch(config-dhcp-server)# enable
Disables the DHCPv4 server on VRF primary.
Option1: switch(config)# dhcp-server vrf primary switch(config-dhcp-server)# disable Option2: switch(config)# dhcp-server vrf default switch(config-dhcp-server)# disable
dhcp-server vrf default
pool VLAN_523_10.28.196.0_23
range 10.28.196.21 10.28.197.254 prefix-len 23
default-router 10.28.196.1
dns-server 45.90.28.15 45.90.30.15 8.8.8.8 8.8.4.4
lease 00:00:30
exit
pool VLAN_524_10.28.200.0_23
range 10.28.200.21 10.28.201.254 prefix-len 23
default-router 10.28.200.1
dns-server 45.90.28.15 45.90.30.15 8.8.8.8 8.8.4.4
lease 00:00:30
exit
pool VLAN_525_10.28.204.0_23
range 10.28.204.21 10.28.205.254 prefix-len 23
default-router 10.28.204.1
dns-server 45.90.28.15 45.90.30.15 8.8.8.8 8.8.4.4
lease 00:00:30
exit
enable
When the DHCP-SERVER is local to the 6400 chassis, no relay is required for interfaces that require the service:
interface vlan 523
description Vlan 523
vsx-sync active-gateways
ip mtu 9100
ip address 10.28.196.2/23
active-gateway ip mac 12:01:00:00:01:00
active-gateway ip 10.28.196.1
interface vlan 524
description Vlan 524
vsx-sync active-gateways
ip mtu 9100
ip address 10.28.200.2/23
active-gateway ip mac 12:01:00:00:01:00
active-gateway ip 10.28.200.1
interface vlan 525
description Vlan 525
vsx-sync active-gateways
ip mtu 9100
ip address 10.28.204.2/23
active-gateway ip mac 12:01:00:00:01:00
active-gateway ip 10.28.204.1
Switch 8360-2
8360-2#conf 8360-2#hotname 8360-2 8360-2#int mgmt 8360-2#ip static 10.1.1.11/24 8360-2#no shut 8360-2#end 8360-2#wr mem 8360-2#int lag 256 8360-2#no shut 8360-2#description ISL Link 8360-2#no routing 8360-2#vlan trunk native 1 8360-2#vlan trunk allowed all 8360-2#lacp mode active 8360-2#exit //over QSFP28 DAC X 2 // 8360-2#interface 1/1/25 8360-2#no shut 8360-2#mtu 9198 8360-2#description ISL port 1 8360-2#lag 256 8360-2#interface 1/1/26 8360-2#no shut 8360-2#mtu 9198 8360-2#description ISL port 2 8360-2#lag 256 8360-2#exit 8360-2#wr mem 8360-2#sh interface lag 256 8360-2#sh lacp interfaces //over SFP+ DAC// 8360-2#config t 8360-2#vrf keepAlive 8360-2#exit 8360-2#interface 1/1/24 8360-2#no shut 8360-2#vrf attach keepAlive 8360-2#routing 8360-2#ip address 192.168.99.2/30 8360-2#end 8360-2#wr mem //test// 8360-2#ping 192.168.99.1 vrf keepAlive 8360-2#config 8360-2#vsx 8360-2#inter-switch-link lag 256 8360-2#role secondary 8360-2#end 8360-2#wr mem 8360-2#sh vsx status 8360-2#sh run | begin vsx 8360-2#sh vsx brief 8360-2#conf 8360-2#vsx 8360-2#keepalive peer 192.168.99.1 source 192.168.99.2 vrf keepAlive 8360-2#end 8360-2#wr mem 8360-2#sh vsx brief 8360-2#sh vsx status keepAlive 8360-2#sh run | beg vsx 8360-2#vlan 10,20 8360-2#vsx-sync 8360-2#exit 8360-2#wr mem 8360-2#sh vlan //Lag multi-chassis// 8360-2#conf 8360-2#interface lag 1 multi-chassis 8360-2#no shut 8360-2#exit 8360-2#interface 1/1/1 8360-2#no shut 8360-2#mtu 9100 8360-2#description LAG1 Port 8360-2#lag 1 8360-2#end 8360-2#wr mem 8360-2#sh run int lag 1 //VLAN 10 - VIP - 10.1.10.1// //VLAN 20 - VIP - 10.1.20.1// 8360-2#conf 8360-2#interface vlan 10 8360-2#ip mtu 9100 8360-2#ip address 10.1.10.3/24 8360-2#no shut 8360-2#exit 8360-2#interface vlan 20 8360-2#ip mtu 9100 8360-2#ip address 10.1.20.3/24 8360-2#no shut 8360-2#exit 8360-2#end 8360-2#wr mem 8360-2#sh run int vlan 10 8360-2#sh vsx status 8360-2#sh vsx brief
Enabling or disabling IGMP snooping
switch(config)# vlan 2 switch(config-vlan)# ip igmp snooping enable switch(config-vlan)# ip igmp snooping version 2
Enabling or disabling IGMP
switch(config)# interface vlan 2 switch(config-if-vlan)# ip igmp enable
ip igmp querier
switch(config)# vlan 2 switch(config)# interface vlan 2 switch(config-if-vlan)# ip igmp enable switch(config-if-vlan)# ip igmp querier
VSF
Switch 6200-1
6200-1#conf 6200-1#hotname 6200-1 6200-1#int mgmt 6200-1#ip static 10.1.1.21/24 6200-1#no shut 6200-1#end 6200-1#wr mem 6200-1#conf 6200-1#vsf member 1 6200-1#link 1 1/1/27 6200-1#link 2 1/1/28 6200-1#exit 6200-1#vsf secondary-member 2 this will save the configuration and reboot the specified switch. Do you want to continue (y/n)? y 6200-1#end 6200-1#wr mem 6200-1#conf 6200-1#vlan 10,20 6200-1#no shut 6200-1#exit 6200-1#interface lag 1 6200-1#loop-protect 6200-1#description IDF 1 6200-1#no shut 6200-1#vlan trunk allowed 10,20 6200-1#lacp 6200-1#lacp mode active 6200-1#exit 6200-1#interface 1/1/25,2/1/25 6200-1#no shut 6200-1#mtu 9100 6200-1#lag 1 6200-1#exit 6200-1#int 1/1/1 6200-1#no shut 6200-1#vlan access 10 6200-1#end 6200-1#wr mem //SFP+ DAC (ARUBAOS)// 6200-1#sh lacp interfaces multi-chassis 6200-1#
6200-1# show lacp interfaces State abbreviations : A - Active P - Passive F - Aggregable I - Individual S - Short-timeout L - Long-timeout N - InSync O - OutofSync C - Collecting D - Distributing X - State m/c expired E - Default neighbor state
Actor details of all interfaces:
----------------------------------------------------------------------------------
Intf Aggr Port Port State System-ID System Aggr Forwarding
Name Id Pri Pri Key State
----------------------------------------------------------------------------------
1/1/52 lag1 53 1 ALFNCD 4c:d5:87:19:1f:00 65534 1 up
2/1/28 lag1 93 1 ALFNCD 4c:d5:87:19:1f:00 65534 1 up
Partner details of all interfaces:
----------------------------------------------------------------------------------
Intf Aggr Port Port State System-ID System Aggr
Name Id Pri Pri Key
----------------------------------------------------------------------------------
1/1/52 lag1 129 1 ALFNCD 02:01:00:00:01:00 65534 1
2/1/28 lag1 1129 1 ALFNCD 02:01:00:00:01:00 65534 1
Switch 6200-2
6200-2#conf 6200-2#hotname 6200-2 6200-2#int mgmt 6200-2#ip static 10.1.1.22/24 6200-2#no shut 6200-2#end 6200-2#wr mem 6200-2#conf 6200-2#vsf member 1 6200-2#link 1 1/1/27 6200-2#link 2 1/1/28 6200-2#end 6200-2#conf 6200-2#vsf renumber-to 2 this will save the VSF configuration and reboot the switch. Do you want to continue (y/n)? y 6200-2#end 6200-2#wr mem
Verification setting
6200-1#sh vsf 6200-1#sh vsf link 6200-1#sh vsf topology 6200-1# 6200-1#
6200-1# show vsf Force Autojoin : Disabled Autojoin Eligibility Status: Not Eligible MAC Address : 4c:d5:87:19:1f:00 Secondary : 2 Topology : Ring Status : No Split Split Detection Method : None Mbr Mac Address type Status ID --- ------------------- -------------- --------------- 1 4c:d5:87:19:1f:00 JL659A Conductor 2 9c:37:08:06:c1:00 JL658A Standby
6200-1# show vsf link
VSF Member 1
Link Peer Peer
Link State Member Link Interfaces
---- ---------- ------- ------ ---------------------------
1 up 2 1 1/1/49
2 up 2 2 1/1/50
VSF Member 2
Link Peer Peer
Link State Member Link Interfaces
---- ---------- ------- ------ ---------------------------
1 up 1 1 2/1/25
2 up 1 2 2/1/26
6200-1# sh vsf topology
Conductor Standby
+-------+ +-------+
| 1 |1==1| 2 |
+-------+ +-------+
2 2
+============+
6200-1# show vlan 1
------------------------------------------------------------------------------------------------------------------
VLAN Name Status Reason Type Interfaces
------------------------------------------------------------------------------------------------------------------
1 DEFAULT_VLAN_1 up ok default 1/1/1-1/1/48,1/1/51-1/1/52,
2/1/1-2/1/24,2/1/27-2/1/28
VSF best practices for Aruba CX 6300 switch series
VSF best practices for Aruba CX 6300 switch series.
Remote AAA (TACACS+, RADIUS) commands
Switch SSH and user password authentication
This option is a subset of full certificate authentication of the client public-key authentication shown in Client public-key authentication (login/operator level) with user password authentication (enable/manager level). It occurs if the switch has SSH enabled but does not have login access (login public-key) configured to authenticate the client’s key. As in Client public-key authentication (login/operator level) with user password authentication (enable/manager level), the switch authenticates itself to SSH clients. Users on SSH browser then authenticate themselves to the switch (login and/or enable levels) by providing passwords stored locally on the switch or on a TACACS+ or RADIUS server. However, the client does not use a certificate to authenticate itself to the switch.
How do I disable VSF on 2930F switch?
vsf disable vsf member <MEMBER-ID> remove
Switch 6300 example code
Current configuration:
!
!Version ArubaOS-CX FL.10.10.1070
!export-password: default
banner motd !
This computing system is a St. Francis School owned asset and provided for the exclusive use of authorized personnel for technical purposes.
All information and data created, accessed, processed, or stored using this system (including personal information) are subject to monitoring, auditing, or review to the extent permitted by applicable law.
Unauthorized use or abuse of this system may lead to corrective action including termination of employment, civil and/or criminal penalties.
!
banner exec !
This computing system is a St. Francis School owned asset and provided for the exclusive use of authorized personnel for technical purposes.
All information and data created, accessed, processed, or stored using this system (including personal information) are subject to monitoring, auditing, or review to the extent permitted by applicable law.
Unauthorized use or abuse of this system may lead to corrective action including termination of employment, civil and/or criminal penalties.
!
user admin group administrators password ciphertext AQBapbpjjaGqvjsW372p3ay3Qy23SBZqdgORp3dt7dBgFq/1YgAAAMc5kaYk7mkg7Vw8JspGEjAgaZvfqEr6pPrZMnc2dep+NGGyPq++9HpItww7f7x1I3uokFIt9r3PtFwtCF3XBbV6kb06gEyo3VKlGS7NwJ7eHEOFBNaq3wGonPHYpdwKwXi6
user manager group administrators password ciphertext AQBapYDzadb2pSm6IB5urLSMywx+5PxeWV7VEeQ6EnfoGzqGYgAAAOd/Z2sSXnAf4Jy2+Zt3+rxRY3FlmEekAQnJhGpPdr3gTXSCgJTlv0ukI/P7YjjGjnPCLkKyzveFWMVcju0KitYBN/7AcfGkg+FZE9sWVrUiedsi2w0p3x/W88gwl9TxP/dx
loop-protect re-enable-timer 30
loop-protect trap loop-detected
ntp server pool.ntp.org minpoll 4 maxpoll 4 iburst
ntp server time.google.com
ntp enable
!
!
!
!
!
!
ssh server vrf default
ssh server vrf mgmt
vsf secondary-member 2
vsf member 1
type jl658a
link 1 1/1/25
link 2 1/1/26
vsf member 2
type jl658a
link 1 2/1/25
link 2 2/1/26
vlan 1
ip igmp snooping enable
vlan 500
name ServerVM
ip igmp snooping enable
vlan 501
name ServerStack
ip igmp snooping enable
vlan 502
name ISP1
ip igmp snooping enable
vlan 503
name ISP2
ip igmp snooping enable
vlan 504
name ISP3
ip igmp snooping enable
vlan 505
name LAN-UTM
ip igmp snooping enable
vlan 506
name WIFI-AP
ip igmp snooping enable
vlan 507
name VIP
ip igmp snooping enable
vlan 508
name ST
ip igmp snooping enable
vlan 509
name Staff
ip igmp snooping enable
vlan 510
name Teacher
ip igmp snooping enable
vlan 511
name Students
ip igmp snooping enable
vlan 512
name Accounting
ip igmp snooping enable
vlan 513
name Printer
ip igmp snooping enable
vlan 514
name AC
ip igmp snooping enable
vlan 515
name iDRAC
ip igmp snooping enable
vlan 516
name KVM
ip igmp snooping enable
vlan 517
name Guest
ip igmp snooping enable
vlan 518
name VoIP
ip igmp snooping enable
vlan 519
name IoT
ip igmp snooping enable
vlan 520
name Cameras
ip igmp snooping enable
vlan 521
name VC
ip igmp snooping enable
vlan 522
name VPN
ip igmp snooping enable
vlan 523
ip igmp snooping enable
vlan 524
ip igmp snooping enable
vlan 525
ip igmp snooping enable
spanning-tree mode rpvst
no spanning-tree
spanning-tree priority 5
spanning-tree vlan 1,500-525
spanning-tree vlan 1 priority 5
spanning-tree vlan 500 priority 5
spanning-tree vlan 501 priority 5
spanning-tree vlan 502 priority 5
spanning-tree vlan 503 priority 5
spanning-tree vlan 504 priority 5
spanning-tree vlan 505 priority 5
spanning-tree vlan 506 priority 5
spanning-tree vlan 507 priority 5
spanning-tree vlan 508 priority 5
spanning-tree vlan 509 priority 5
spanning-tree vlan 510 priority 5
spanning-tree vlan 511 priority 5
spanning-tree vlan 512 priority 5
spanning-tree vlan 513 priority 5
spanning-tree vlan 514 priority 5
spanning-tree vlan 515 priority 5
spanning-tree vlan 516 priority 5
spanning-tree vlan 517 priority 5
spanning-tree vlan 518 priority 5
spanning-tree vlan 519 priority 5
spanning-tree vlan 520 priority 5
spanning-tree vlan 521 priority 5
spanning-tree vlan 522 priority 5
spanning-tree vlan 523 priority 5
spanning-tree vlan 524 priority 5
spanning-tree vlan 525 priority 5
interface mgmt
no shutdown
ip static 192.168.150.23/23
interface lag 1
description Access LAG-1 to MDF-1 - 6400 IP: 172.16.28.1
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed all
lacp mode active
loop-protect
interface 1/1/1
no shutdown
no routing
vlan access 1
interface 1/1/2
no shutdown
no routing
vlan access 1
interface 1/1/3
no shutdown
no routing
vlan access 1
interface 1/1/4
no shutdown
no routing
vlan access 1
interface 1/1/5
no shutdown
no routing
vlan access 1
interface 1/1/6
no shutdown
no routing
vlan access 1
interface 1/1/7
no shutdown
no routing
vlan access 1
interface 1/1/8
no shutdown
no routing
vlan access 1
interface 1/1/9
no shutdown
no routing
vlan access 1
interface 1/1/10
no shutdown
no routing
vlan access 1
interface 1/1/11
no shutdown
no routing
vlan access 1
interface 1/1/12
no shutdown
no routing
vlan access 1
interface 1/1/13
no shutdown
no routing
vlan access 1
interface 1/1/14
no shutdown
no routing
vlan access 1
interface 1/1/15
no shutdown
no routing
vlan access 1
interface 1/1/16
no shutdown
no routing
vlan access 1
interface 1/1/17
no shutdown
no routing
vlan access 1
interface 1/1/18
no shutdown
no routing
vlan access 1
interface 1/1/19
no shutdown
no routing
vlan access 1
interface 1/1/20
no shutdown
no routing
vlan access 1
interface 1/1/21
no shutdown
no routing
vlan access 1
interface 1/1/22
no shutdown
no routing
vlan access 1
interface 1/1/23
no shutdown
no routing
vlan access 1
interface 1/1/24
no shutdown
no routing
vlan access 1
interface 1/1/25
no shutdown
interface 1/1/26
no shutdown
interface 1/1/27
no shutdown
no routing
vlan access 1
interface 1/1/28
description Access LAG-1 to MDF-1 - 6400 IP: 172.16.28.1
no shutdown
mtu 9100
lag 1
interface 2/1/1
no shutdown
no routing
vlan access 1
interface 2/1/2
no shutdown
no routing
vlan access 1
interface 2/1/3
no shutdown
no routing
vlan access 1
interface 2/1/4
no shutdown
no routing
vlan access 1
interface 2/1/5
no shutdown
no routing
vlan access 1
interface 2/1/6
no shutdown
no routing
vlan access 1
interface 2/1/7
no shutdown
no routing
vlan access 1
interface 2/1/8
no shutdown
no routing
vlan access 1
interface 2/1/9
no shutdown
no routing
vlan access 1
interface 2/1/10
no shutdown
no routing
vlan access 1
interface 2/1/11
no shutdown
no routing
vlan access 1
interface 2/1/12
no shutdown
no routing
vlan access 1
interface 2/1/13
no shutdown
no routing
vlan access 1
interface 2/1/14
no shutdown
no routing
vlan access 1
interface 2/1/15
no shutdown
no routing
vlan access 1
interface 2/1/16
no shutdown
no routing
vlan access 1
interface 2/1/17
no shutdown
no routing
vlan access 1
interface 2/1/18
no shutdown
no routing
vlan access 1
interface 2/1/19
no shutdown
no routing
vlan access 1
interface 2/1/20
no shutdown
no routing
vlan access 1
interface 2/1/21
no shutdown
no routing
vlan access 1
interface 2/1/22
no shutdown
no routing
vlan access 1
interface 2/1/23
no shutdown
no routing
vlan access 1
interface 2/1/24
no shutdown
no routing
vlan access 1
interface 2/1/25
no shutdown
interface 2/1/26
no shutdown
interface 2/1/27
no shutdown
no routing
vlan access 1
interface 2/1/28
description Access LAG-1 to MDF-1 - 6400 IP: 172.16.28.1
no shutdown
mtu 9100
lag 1
interface vlan 1
ip address 172.16.28.21/23
no ip dhcp
ip route 0.0.0.0/0 172.16.28.1
!
!
!
!
!
https-server vrf default
https-server vrf mgmt
aos-cx_simulator_lab_-_ipv4_dhcp_lab_guide.pdf
United States of America rangos de direcciones IP
QinQ vs VLAN vs VXLAN: A Comprehensive Introduction of Switch Functions
Redundancy with opnsense UTM
show inventory
#show inventory
Description: This command displays the hardware inventory of Mobility Conductor or the managed device. Example: Execute this command to display the hardware component inventory of Mobility Conductor.
(host) [mynode] #show inventory
Mgmt Port HW MAC Addr : 00:0C:29:71:10:0B HW MAC Addr : 00:0C:29:71:10:15 System Serial# : DC0604083 Activate license : Not applicable Supported device type : MM Active device type : MM
(host-md) #show inventory
Supervisor Card slot : 0 System Serial# : BA0009743 (Date:12/26/14) CPU Card Serial# : AE51038711 (Date:12/25/14) CPU Card Assembly# : 2010216H CPU Card Revision : (Rev:01.00) Interface Card Serial# : AE51031572 (Date:12/25/14) Interface Card Assembly# : 2010085E Interface Card Revision : (Rev:04.00) SC Model# : Aruba7210 HW MAC Addr : 00:1a:1e:01:b2:28 to 00:1a:1e:01:b2:2f CPLD Version : (Rev: 1.4) Power Supply 0 : Present : No Power Supply 1 : Present : Yes : 12V OK : Yes : Fan OK : Yes : Aruba Model No : 2510057 : Vendor & Model No : QCS DCJ3501-01P : Serial No : QCS142320YU : MFG Date : 6/5/14 : Output 1 Config : 12V 350W : Input Min : 90V AC : Input Max : 264V AC Main Board Temperatures : : U24 - Local Temp 30 C (shadow of XLP heatsink) : Q1 - Remote 1 Temp 34 C (shadow of VRM, VDD_CPU) : Q2 - Remote 2 Temp 33 C (shadow of VRM, VDD_SOC) : U44 - Local Temp 25 C (shadow of DPI connector) : U29 - Remote 1 Temp 31 C (XLP die temperature) : Q36 - Remote 2 Temp 28 C (shadow of 98X1422) : J2 - DDR A Temp 24 C (DDR3 A temp) : J4 - DDR B Temp 26 C (DDR3 B temp) : J1 - DDR C Temp 25 C (DDR3 C temp) : J3 - DDR D Temp 27 C (DDR3 D temp) : Port 0 Temp 148 C (1G PHY temp) : Port 1 Temp 148 C (1G PHY temp) Interface Board Temperatures : : U21 - Local Temp 27 C (shadow of port 1 RJ45) : Q4 - Remote 1 Temp 28 C (shadow of 88E1543) : Q3 - Remote 2 Temp 34 C (shadow of 88X2140) Fan 0 : 8916 rpm (5.495 V),Speed Low Fan 1 : 9029 rpm (5.495 V),Speed Low Fan 2 : 9029 rpm (5.450 V),Speed Low Fan 3 : 8998 rpm (5.630 V),Speed Low Main Board Voltages : ispPAC_POWR1014A_A : : 1V2 1.20V sense 1.232 V : VDD SOC 0.937V sense 0.918 V : VCC IOBD 1V5 1.50V sense 1.528 V : DDR3BD_VTT 0.75V sense 0.750 V : VCC 1A 1.00V sense 1.024 V : IV8_DIGITAL 1.80V sense 1.848 V : 3V3_MAIN 3.30V sense 3.366 V : VCC1 1.00V sense 1.018 V : VCC25 2.50V sense 2.556 V : 3V3 SB 3.30V sense 3.360 V ispPAC_POWR1014A_B : : VDD 0.806V sense 0.786 V : VCC IOAC 1V5 1.50V sense 1.528 V : DDR3AC_VTT 0.75V sense 0.752 V : VDD_SRAM 1.00V sense 1.042 V : VCC1B 1.00V sense 1.030 V : 1V8_ANALOG 1.80V sense 1.854 V : 1V8 1.80V sense 1.866 V : VDDIO12_XAUI 1.20V sense 1.224 V : 5V 5.00V sense 5.016 V Interface Board Voltages : ispPAC_POWR6AT6 : : VCC33 3.30V sense 3.366 V : VCC 18 1.80V sense 1.856 V : VCC1 1.00V sense 1.026 V : VCC12 1.20V sense 1.224 V : VCC12-DVDD 1.20V sense 1.212 V : VCC9 0.90V sense 0.928 V
show system
6300# show system Hostname : 6300 System Description : FL.10.10.1070 System Contact : System Location : Vendor : Aruba Product Name : JL659A 6300M 48SR5 CL6 PoE 4SFP56 Swch Chassis Serial Nbr : SG30KMY0ZP Base MAC Address : 4cd587-191f00 ArubaOS-CX Version : FL.10.10.1070 Time Zone : UTC Up Time : 5 days, 7 hours, 59 minutes CPU Util (%) : 22 Memory Usage (%) : 25 6300#
6300 Switch LAG errror: State information : Disabled by aggregation
State information : Disabled by LACP or LAG
6400-SWITCH# show lag 1 System-ID : ec:67:94:f5:69:00 System-priority : 65534 Aggregate lag1 is down Admin state is up State information : Disabled by LACP or LAG Description : Access VSX LAG-1 to IDF-1 - 6300-24-PORT-SFP+ - IP: 172.16.28.21 Type : multi-chassis Lacp Fallback : Disabled MAC Address : 02:01:00:00:01:00 Aggregated-interfaces : 1/3/1 Aggregation-key : 1 Aggregate mode : active Hash : l3-src-dst LACP rate : slow Speed : 0 Mb/s Mode : trunk
Aggregate lag1 is down Admin state is up State information : Disabled by aggregation Description : MAC Address : bc:d7:a5:6a:e8:00 Aggregated-interfaces : 1/1/1 1/1/2 Aggregation-key : 1 Aggregate mode : active Speed : 0 Mb/s qos trust dscp VLAN Mode: native-untagged Native VLAN: 1 Allowed VLAN List: all L3 Counters: Rx Disabled, Tx Disabled
Note: Usually when we see lacp_block on an interface in a LAG group, it is because the interface isn't receiving LACP BPDUs from the link partner. The reason could be the peer switch is not configured with LACP mode or BPDUs are getting dropped due to link specific issues. If it is the case where the link partner isn't sending LACP BPDUs, a static LAG group assignment of ports should work and probably worth trying.
Some commands for support:
- show interface brief
- show lag brief
- show lacp interfaces
- show lacp aggregates
- show lacp interface 1/1/3
- show lacp interface 1/1/4
- show lldp neighbor-info
6300(config-lag-if)# show lldp neighbor-info LLDP Neighbor Information ========================= Total Neighbor Entries : 2 Total Neighbor Entries Deleted : 3 Total Neighbor Entries Dropped : 0 Total Neighbor Entries Aged-Out : 3 LOCAL-PORT CHASSIS-ID PORT-ID PORT-DESC TTL SYS-NAME ----------------------------------------------------------------------------------------------------------- 1/1/28 ec:67:94:f5:69:00 1/3/1 Access VSX LAG-1 to IDF-... 120 CS-2P-MDFHA-A 2/1/28 ec:67:94:f5:89:00 1/3/1 Access VSX LAG-1 to IDF-... 120 CS-2P-MDFHA-B