Link Search Menu Expand Document
calendar_month 21-Nov-24

Aggregation Switch Reference Configuration

   hostname %_sys_hostname%
   banner motd !
   **********************************************************
   NOTICE TO USERS
   This is a private computer system and is the property of
   Aruba Networks. It is for authorized use only.
   users (authorized or unauthorized) have no explicit or
   implicit expectation of privacy while connected to this
   system.
   Any or all uses of this system and all files on this system
   may be intercepted, monitored, recorded, copied, audited,
   inspected, and disclosed to an authorized site, Aruba networks,
   and law enforcement personnel
   (foreign and domestic).
   By using this system, the user consents to such interception,
   monitoring, recording, copying, auditing, inspection, and
   disclosure at the discretion of an authorized site or Aruba Networks
   personnel.
   Unauthorized or improper use of this system may result in
   administrative disciplinary action and civil and criminal
   penalties. By continuing to use of this system you indicate
   your awareness of and consent to these terms and conditions
   of use. LOG OFF IMMEDIATELY if you do not agree to the
   conditions stated in this warning.
   ***********************************************************
   !
   allow-unsupported-transceiver
   user admin group administrators password ciphertext AQBapYgH7fQfCF/KrVb/BQgUokVkgVv3Uy40a9ORbWmjXSAkYgAAAARIutMR8CXywenaYnWmITrkEhZYN1gqxgeaCc629vQ4cRc2RtSBzMZz/ewMjXmxdyCPF9uTiuMqjfeJ7p06obLWUNn0jytGDYpkGhrWLkfzK4vBKOLjfHl35xsIR/dviTUp
   clock timezone pst8pdt
   no ip icmp redirect
   vrf VSX-Keepalive
   ntp server %NTP_IP_Address_1% iburst version 3
   ntp server %NTP_IP_Address_2% iburst version 3
   ntp enable
   cli-session
       timeout 0
   !
   !
   !
   !
   tacacs-server host %TACACS_SERVER1_IP% key Plaintext %TACACS_KEY%
   tacacs-server host %TACACS_SERVER2_IP% key Plaintext %TACACS_KEY%
   aaa authentication allow-fail-through
   !
   aaa group server tacacs ClearPass
       server %TACACS_SERVER1_IP%
       server %TACACS_SERVER2_IP%
   aaa authentication login console group ClearPass local
   aaa authentication login ssh group ClearPass local
   aaa authorization commands default group local ClearPass
   ssh server vrf default
   ssh server vrf mgmt
   vlan 1
   vlan 2
       name SW_ZTP
   vlan 3
       name EMPLOYEE
   vlan 5
       name CAMERA
   vlan 6
       name PRINTER
   vlan 13
       name REJECT_AUTH
   vlan 14
       name CRITICAL_AUTH
   vlan 15
       name MGMT_VLAN
   spanning-tree mode rpvst
   spanning-tree
   spanning-tree priority 0
   spanning-tree vlan %VLAN_RANGE%
   spanning-tree vlan 1 priority 0
   spanning-tree vlan 2 priority 0
   spanning-tree vlan 3 priority 0
   spanning-tree vlan 5 priority 0
   spanning-tree vlan 6 priority 0
   spanning-tree vlan 13 priority 0
   spanning-tree vlan 14 priority 0
   spanning-tree vlan 15 priority 0
   interface mgmt
       no shutdown
       ip static %MGMT_IP%/24
       default-gateway 172.16.10.1
   interface lag 11 multi-chassis
       no shutdown
       description 5400-AG1-AC1
       no routing
       vlan trunk native 2
       vlan trunk allowed %VLAN_RANGE%
       lacp mode active
       ip pim-sparse enable
   interface lag 12 multi-chassis
       no shutdown
       description 3810-AG1-AC2
       no routing
       vlan trunk native 2
       vlan trunk allowed %VLAN_RANGE%
       lacp mode active
       ip pim-sparse enable
   interface lag 13 multi-chassis
       no shutdown
       description 3810-AG1-AC3
       no routing
       vlan trunk native 2
       vlan trunk allowed %VLAN_RANGE%
       lacp mode active
   interface lag 14 multi-chassis
       no shutdown
       description 2930M-AG1-AC4
       no routing
       vlan trunk native 2
       vlan trunk allowed %VLAN_RANGE%
       lacp mode active
       ip pim-sparse enable
   interface lag 15 multi-chassis
       no shutdown
       description 6300M-AG1-AC5
       no routing
       vlan trunk native 2
       vlan trunk allowed %VLAN_RANGE%
       lacp mode active
       ip pim-sparse enable
   interface lag 16 multi-chassis
       no shutdown
       description 6300M-AG1-AC6
       no routing
       vlan trunk native 2
       vlan trunk allowed %VLAN_RANGE%
       lacp mode active
       ip pim-sparse enable
   interface lag 128
       vsx-sync vlans
       no shutdown
       description ISL
       no routing
       vlan trunk native 2 
       vlan trunk allowed all
       lacp mode active
   interface 1/1/1
       no shutdown
       mtu 9198
       lag 11
   interface 1/1/2
       no shutdown
       mtu 9198
       lag 13
   interface 1/1/3
       no shutdown
       mtu 9198
       lag 14
   interface 1/1/4
       no shutdown
       mtu 9198
       lag 15
   interface 1/1/5
       no shutdown
       lag 16
   interface 1/1/49
       mtu 9198
       description 8400_C2_LNK
       ip mtu 9198
       ip address %OSPF_UPLINK1_IP%/30
       ip ospf 1 area 0.0.0.0
       no ip ospf passive
       ip ospf network point-to-point
       ip pim-sparse enable
   interface 1/1/50
       no shutdown
       mtu 9198
       lag 12
   interface 1/1/51
       no shutdown
       mtu 9198
       vrf attach VSX-Keepalive
       description VSX Keepalive
       ip address %KEEPALIVE_IP%/30
   interface 1/1/52
       mtu 9198
       description 8400_C1_LNK
       ip mtu 9198
       ip address %OSPF_UPLINK2_IP%/30
       ip ospf 1 area 0.0.0.0
       no ip ospf passive
       ip ospf network point-to-point
       ip pim-sparse enable
   interface 1/1/53
       no shutdown
       mtu 9198
       description ISL Lag
       lag 128
   interface 1/1/54
       no shutdown
       mtu 9198
       description ISL Lag
       lag 128
   interface loopback 1
       ip address %AGG_LOOPBACK0_IP%/32
       ip ospf 1 area 0.0.0.0
       ip pim-sparse enable
   interface vlan 1
       description SW_ZTP
       ip mtu 9198
       ip address  %VLAN_ID_1_IP%/24
       active-gateway ip mac a2:00:00:a1:a1:a1
       active-gateway ip 10.1.1.1
       ip helper-address %HELPER_ADDRESS_1%
       ip helper-address %HELPER_ADDRESS_2%
       ip ospf 1 area 0.0.0.0
       ip igmp enable
       ip pim-sparse enable
   interface vlan 2
       description SW_ZTP
       ip mtu 9198
       ip address %VLAN_ID_2_IP%/24
       active-gateway ip mac a2:00:00:a2:a2:a2
       active-gateway ip 10.1.2.1
       ip helper-address %HELPER_ADDRESS_1%
       ip helper-address %HELPER_ADDRESS_2%
       ip ospf 1 area 0.0.0.0
       ip igmp enable
       ip pim-sparse enable
   interface vlan 3
       description EMPLOYEE
       ip mtu 9198
       ip address %VLAN_ID_3_IP%/24
       active-gateway ip mac a2:00:00:a3:a3:a3
       active-gateway ip 10.1.3.1
       ip helper-address %HELPER_ADDRESS_1%
       ip helper-address %HELPER_ADDRESS_2%
       ip ospf 1 area 0.0.0.0
       ip igmp enable
       ip pim-sparse enable
   interface vlan 5
       description CAMERA
       ip mtu 9198
       ip address %VLAN_ID_5_IP%/24
       active-gateway ip mac a2:00:00:a5:a5:a5
       active-gateway ip 10.1.5.1
       ip helper-address %HELPER_ADDRESS_1%
       ip helper-address %HELPER_ADDRESS_2%
       ip ospf 1 area 0.0.0.0
       ip igmp enable
       ip pim-sparse enable
   interface vlan 6
       description PRINTER
       ip mtu 9198
       ip address %VLAN_ID_5_IP%/24
       active-gateway ip mac a2:00:00:a6:a6:a6
       active-gateway ip 10.1.6.1
       ip helper-address %HELPER_ADDRESS_1%
       ip helper-address %HELPER_ADDRESS_2%
       ip ospf 1 area 0.0.0.0
       ip igmp enable
       ip pim-sparse enable
   interface vlan 13
       description REJECT_AUTH
       ip mtu 9198
       ip address %VLAN_ID_13_IP%/24
       active-gateway ip mac a2:00:00:13:13:13
       active-gateway ip 10.1.13.1
       ip helper-address %HELPER_ADDRESS_1%
       ip helper-address %HELPER_ADDRESS_2%
       ip ospf 1 area 0.0.0.0
       ip igmp enable
       ip pim-sparse enable
   interface vlan 14
       description CRITICAL_AUTH
       ip mtu 9198
       ip address %VLAN_ID_14_IP%/24
       active-gateway ip mac a2:00:00:14:14:14
       active-gateway ip 10.1.14.1
       ip helper-address %HELPER_ADDRESS_1%
       ip helper-address %HELPER_ADDRESS_2%
       ip ospf 1 area 0.0.0.0
       ip igmp enable
       ip pim-sparse enable
   interface vlan 15
       description MGMT_VLAN
       ip mtu 9198
       ip address %VLAN_ID_15_IP%/24
       active-gateway ip mac a2:00:00:15:15:15
       active-gateway ip 10.1.15.1
       ip helper-address %HELPER_ADDRESS_1%
       ip helper-address %HELPER_ADDRESS_2%
       ip ospf 1 area 0.0.0.0
       ip igmp enable
       ip pim-sparse enable
   vsx
       system-mac 00:00:10:00:01:01
       inter-switch-link lag 128
       role %VSX_ROLE%
       keepalive peer %KEEPALIVE_IP_PEER% source %KEEPALIVE_IP_SOURCE% vrf VSX_KEEPALIVE
       vsx-sync aaa acl-log-timer bfd-global bgp copp-policy dhcp-relay dhcp-server dhcp-snooping dns icmp-tcp lldp loop-protect-global mac-lockout mclag-interfaces neighbor ospf qos-global route-map sflow-global snmp ssh stp-global time vsx-global 
   ip dns domain-name example.local
   ip dns server-address 10.2.120.98
   ip dns server-address 10.2.120.99
   !
   !
   !
   !
   !
   router ospf 1
       router-id %AGG_LOOPBACK0_IP%
       passive-interface default
       area 0.0.0.0
   router pim
       enable
       active-active
   https-server vrf default
   https-server vrf mgmt