CXW01 - Campus Switching Fundamentals - Lab Guide
CXW01 - Campus Switching Fundamentals - Lab Guide
CXW01 - Campus Switching Fundamentals - Lab Guide
Campus Switching
Fundamentals
CX SWITCHING WORKSHOP
OBJECTIVE
At the end of this workshop, you will be able to implement and troubleshoot the fundamental technologies of a campus
switching infrastructure based on Aruba CX Switches, including VSF and VSX.
OVERVIEW
Lab Network Layout
This workshop is a lab activity that will allow you to implement the different components of the scenario described above,
including:
1
(*) IMPORTANT
• The port numbers of the 6300-B switch will change from 1/1/x to 2/1/x at the end of the VSF stack setup.
• Both 8325 switches have 48 25GbE SFP28 ports, however, all inter-switch connections are 10 GbE SFP+ DAC cables. To
enable these cables/transceivers, the speed on the ports will have to be changed to 10Gbps. On the 6300 switches, this
step is not necessary as they recognize SFP56, SFP28, and SFP+ automatically.
Note: if you are not using a US keyboard, use the “Keyboard” option to select the appropriate configuration.
Logging in will open a remote desktop session to the Win 10 client (see Figure 2).
DO NOT MODIFY This is the NIC that provides you RDP connection to the Win 10 Client
Once logged in open MTPuTTY or PuTTY open the console of the following devices: 6300-A, 6300-B, 8325-A and 8325-B.
Note: if while opening MTPuTTY you are prompted for the location of PuTTY, find it here: C:\Program Files\PuTTY
2
Exiting the lab environment
If at any point you need to close the session: Click on the X button located at the bottom on the left margin menu
These steps will guarantee that next time you connect you will be able to access the lab environment without difficulty.
INITIAL CONFIGURATION
All switches are preconfigured with the following parameters and states:
To start:
and verify that the connection is between the ports shown in figure 2.
The VSF auto-stacking process will be triggered by entering the CLI command on the 6300-A (the one with the largest VSF link-
candidate port number). However, VSF auto-stacking:
o requires that both switches are in default configuration
o however, as you have seen, they have an initial configuration
o the way to overcome this issue is different on the 6300-A and the 6300-B
o you will start by preparing the 6300-B to receive the VSF join message
3
On the 6300-B
• In the next steps you will
o Verify that the 6300-B is not eligible for VSF auto-join (it has a non-default configuration)
o Force eligibility
o Verify the change
Note: lines that start with “!” are comments in the CLI scripts and do not need to be entered in the console.
show vsf
Force Autojoin : Disabled
Autojoin Eligibility Status: Not Eligible
MAC Address : 88:3a:30:92:d5:00
Secondary :
Topology : Standalone
Status : No Split
Split Detection Method : None
Now the 6300-B is ready to join the stack when it receives the command from the 6300-A through its port 1/1/25.
On the 6300-A
The switch on which you will start the VSF process must be reset to the default configuration. Take the following steps:
!
! erase all non-VSF configurations
!
erase startup-config
!
! answer y at the prompt: Erase checkpoint startup-config?
!
! and reboot the switch
!
boot system primary
!
! at the following prompt
!
4
! Default boot image set to primary.
! Checking if the configuration needs to be saved...
! Do you want to save the current configuration (y/n)?
! answer n
!
! and then at the prompt
! This will reboot the entire switch and render it unavailable
! until the process is complete.
! Continue (y/n)?
! answer y
!
When the 6300-A completes the reboot process, you will notice that its prompt has changed to the default. Login using the
default credentials (username: admin, and no password). And without making any changes trigger the VSF auto-stack:
configure
vsf start-auto-stacking
!
! at the prompt answer y
!
The 6300-B will reboot and join the stack. Monitor the process by entering on the 6300-A:
end
show vsf link
VSF Member 1
VSF Member 2
Once the stack is complete, with both switches running, complete the initial configuration:
auto-confirm
! The previous command automatically provides a “y” to any confirmation request prompt
configure
session-timeout 0
! in the next commands replace the x with your user number for consistency
user admin password
! at the prompt enter the new password admin twice
host PNx-6300-VSF
! configure the management port
interface mgmt
ip static 10.251.x.4/24
default-gateway 10.251.x.254
end
write memory
5
Figure 3. VSF Stack Uplink
configure
! vlan 10 is the device management VLAN
! vlan 20 will be assigned to the Windows 10 client
! and its SVI will connect to VRF20
vlan 10
name Acc-mgmt
vlan 20
name Client-20
interface vlan 10
ip address 10.0.10.10/24
ip mtu 2048
exit
! Create a layer 2 LAG (#10) and map the VLANs and the uplink ports to it
interface lag 10
no shutdown
no routing
lacp mode active
vlan trunk allowed 10,20
exit
! use an interface range to simplify assigning ports to LAG 10
! use an L2 MTU of 2048 Bytes to accommodate for tunneling if necessary
interface 1/1/27,1/1/28,2/1/27,2/1/28
no shutdown
mtu 2048
lag 10
exit
• Add ports 1/1/1 and 2/1/1 to VLAN 20 to provide connectivity to the client
interface 1/1/1,2/1/1
! check the default configuration
show running current
! notice that factory default of the port is “no routing” and “vlan access 1”
no shutdown
vlan access 20
exit
• Add a default route pointing to 10.0.10.1 (gateway on VLAN 10)
ip route 0.0.0.0/0 10.0.10.1
• Verify that spanning tree is enabled and check the default STP mode: MSTP? RPVST+?
Notes
o As the uplink is a single LAG, STP will only be used as a loop protection mechanism running on Instance 0
show spanning-tree
• Save
end
write memory
• Validate the LAG configuration by entering the following commands and checking that LAG member port and transceivers
match
show lacp interfaces
show interface transceiver
6
Note: the interfaces of the LAG will be all down as the LAG is not configured/enabled on the core VSX
• On each 8325, start by changing the port speed from 25G to 10G to enable support for the existing 10G SFP+
transceivers/DACs.
Note: these 8325 models (JL635A) have 48 25GbE SFP28 ports divided into 4 interface-groups of 12 ports each. To adjust
their speed, a whole group must be configured, in other words, all ports in an interface-group will operate at the same
speed.
A similar configuration must be used on the 8400 25GbE modules to support 10GbE transceivers.
!
! verify speed mismatch – by entering:
show interface brief
! and identifying those ports that report:
! 1/1/xx -- routed SFP+DAC1 no down Group speed mismatch --
!
auto-confirm
configure
! Disable the console session timeout
session-timeout 0
system interface-group 1 speed 10g
system interface-group 4 speed 10g
• Display the interfaces again and verify that those ports are shown now as Administratively down instead of Group
speed mismatch
• Repeat the link validation process used on the 6300s to verify that your 8325s are connected according to Figure 2. Use
the show interface transceiver command. If necessary, change the port numbers use throughout this activity.
On both 8325 switches:
7
no routing
lacp mode active
vlan trunk allowed all
! use the “show run current” command to validate the LAG configuration
! Note: use the full word show
interface 1/1/46
no shutdown
mtu 2048
lag 256
end
write memory
• Create an L3 link for the VSX Keepalive using port 1/1/47. Place it in VRF KA.
Important: the keepalive only requires Layer 3 connectivity. In this case, a direct L3 link is used for this purpose. It is placed
in a dedicated VRF to isolate it from any routing issues. Notice that if the VSX pair is connected via L3 links to a core, the
keepalive can be configured using the Loopback addresses.
8
! and verify that this last command has been synchronized (copied)
!
! verify the VSX infrastructure by running the following show commands:
!
show vsx brief
show vsx status
show vsx lacp configuration
show vsx config-consistency
! explore other show vsx commands
! save
end
write memory
Create the VSX LAG downlink (to the 6300 VSF Stack)
VSX-Sync copied the Spanning Tree priority from the primary to the secondary and enabled it on the secondary
9
o STP is using the VSX system MAC as the bridge ID
o The VSX pair is the root
o LAG 256 (the ISL) has the lowest cost possible
MAC-Address: 02:00:00:00:10:01
This bridge is the root
• Confirm by running the same command (show spanning-tree) on the 6300 stack and check the root’s Bridge ID, and
notice that LAG 10 is a root port
On the 6300-A (VSF Stack)
On the 8320: configure basic parameters and the LAG to the VSX pair
auto-confirm
configure
session-timeout 0
vlan 3010
name TRANSIT-VRF-DEFAULT
vlan 3020
name TRANSIT-VRF-20
!
interface lag 20
no shutdown
no routing
lacp mode active
vlan trunk allowed 3010,3020
!
interface 1/1/1,1/1/2
no shutdown
mtu 2048
lag 20
end
write memory
On both 8325 switches: create LAG 20
configure
vlan 3010
name TRANSIT-VRF-DEFAULT
vlan 3020
10
name TRANSIT-VRF-20
!
interface lag 20 multi-chassis
no shutdown
vlan trunk allowed 3010,3020
exit
!
interface 1/1/48
no shutdown
mtu 2048
lag 20
end
write memory
• Verify the status of the Core-Aggregation LAG. On each core and aggregation switch:
show lacp interface
On the 8320-Core
!
configure
!
! VRF Default
!
router ospf 1
router-id 10.210.1.1
area 0
passive-interface default
!
interface loopback 0
ip address 10.210.1.1/32
ip ospf 1 area 0
!
interface vlan 3010
ip mtu 2048
ip address 10.30.10.1/24
ip ospf 1 area 0
no ip ospf passive
exit
!
! VRF20
!
vrf VRF20
!
router ospf 2 vrf VRF20
11
router-id 10.220.1.1
area 0
passive-interface default
!
interface loopback 2
vrf attach VRF20
ip address 10.220.1.1/32
ip ospf 2 area 0
!
interface vlan 3020
vrf attach VRF20
ip mtu 2048
ip address 10.30.20.1/24
ip ospf 2 area 0
no ip ospf passive
end
write memory
On the 8325-A
configure
!
! VRF Default
!
router ospf 1
router-id 10.210.2.1
area 0
passive-interface default
!
interface loopback 0
ip address 10.210.2.1/32
ip ospf 1 area 0
exit
!
no ip icmp redirect
!
interface vlan 10
vsx-sync active-gateways
ip mtu 2048
12
ip address 10.0.10.2/24
active-gateway ip mac 02:00:00:00:00:01
active-gateway ip 10.0.10.1
ip ospf 1 area 0
!
interface vlan 3010
vsx active-forwarding
ip mtu 2048
ip address 10.30.10.2/24
ip ospf 1 area 0
no ip ospf passive
!
! VRF20
!
vrf VRF20
router ospf 2 vrf VRF20
router-id 10.220.2.1
area 0
passive-interface default
!
interface loopback 2
vrf attach VRF20
ip address 10.220.2.1/32
ip ospf 2 area 0
!
interface vlan 20
vrf attach VRF20
vsx-sync active-gateways
ip mtu 2048
ip address 10.0.20.2/24
active-gateway ip mac 02:00:00:00:00:01
active-gateway ip 10.0.20.1
ip ospf 2 area 0
!
interface vlan 3020
vrf attach VRF20
vsx active-forwarding
ip mtu 2048
ip address 10.30.20.2/24
ip ospf 2 area 0
no ip ospf passive
!
end
write memory
13
On the 8325-B
configure
!
! VRF Default
!
router ospf 1
router-id 10.210.2.2
area 0
passive-interface default
!
interface loopback 0
ip address 10.210.2.2/32
ip ospf 1 area 0
exit
!
! IP ICMP Redirect is mutually exclusive with Active Forwarding
!
no ip icmp redirect
!
interface vlan 10
ip mtu 2048
ip address 10.0.10.3/24
active-gateway ip mac 02:00:00:00:00:01
active-gateway ip 10.0.10.1
ip ospf 1 area 0
!
interface vlan 3010
vsx active-forwarding
ip mtu 2048
ip address 10.30.10.3/24
ip ospf 1 area 0
no ip ospf passive
!
! VRF20
!
vrf VRF20
router ospf 2 vrf VRF20
router-id 10.220.2.2
area 0
14
passive-interface default
!
interface loopback 2
vrf attach VRF20
ip address 10.220.2.2/32
ip ospf 2 area 0
!
interface vlan 20
vrf attach VRF20
ip mtu 2048
ip address 10.0.20.3/24
active-gateway ip mac 02:00:00:00:00:01
active-gateway ip 10.0.20.1
ip ospf 2 area 0
!
interface vlan 3020
vrf attach VRF20
vsx active-forwarding
ip mtu 2048
ip address 10.30.20.3/24
ip ospf 2 area 0
no ip ospf passive
!
end
write memory
15
The Ethernet Adapter “6300” is connected to the 6300 Stack port 1/1/1.
16
Reply from 10.0.20.1: bytes=32 time<1ms TTL=64
Reply from 10.0.20.1: bytes=32 time<1ms TTL=64
Try:
C:\>tracert 10.210.1.1
• Ping the 8320’s loopback 2 address:
C:\>ping 10.220.1.1
What happened? Did it work or fail? Why?
Try:
C:\>tracert 10.220.1.1
17
LAB ACTIVITY 6 (OPTIONAL): TROUBLESHOOTING - BREAK AND FIX
Take your time to run these failure scenarios. Take notes.
IMPORTANT: this is your opportunity to gather information that will be crucial for troubleshooting.
• On the 6300-A console: shutdown ports 1/1/25 and 1/1/26 (VSF links on 6300-A)
• Go to the 6300-B console and observe what happens
Did it reboot?
If it is in a boot loop, break it with CTRL-C and login
END OF LAB
18
www.arubanetworks.com
3333 Scott Blvd. Santa Clara, CA 95054
1.844.472.2782 | T: 1.408.227.4500 | FAX: 1.408.227.4550 | [email protected]
19