Link Search Menu Expand Document
calendar_month 29-Oct-23

Fabric 1 Leaf 1-1 Configuration

!
!Version ArubaOS-CX GL.10.11.1050
!export-password: default
hostname RSVDC-FB1-LF1-1
user admin group administrators password ciphertext AQBapXXq57MmlEWTQNNp43GAgpVMhnGxG/G9Dy7HKVvmfC2WYgAAAMfPqIDlEA5+spxkDKk08NSsVfGEiL2qOdQsbg0eG/jmAjXx9/la4xyO9PBuuF9WAgB/FsAfdNyHRQluClpjtUxfJUjBnBPwrQo6KRgK8UjoLJaE+vuLQEoYTjp9nAbgg75q
user afc_admin group administrators password ciphertext AQBapXcEfMBcCuvLZPN8cR1rAJ1NG5NaYXq9hrr5xNvgeuRoYgAAAEL5LdozLcho3rM+hr1HTifsie2e1ToNDKq/UZxGaJXgyFSC54zx5RolUsypAdNLjFN5vr2dc8G9rcXLvDVZO+vvFhlzEiRp2JWMlkK2/lWlEmz6NraoxFqjVu+nGa0zENQg
clock timezone america/los_angeles
bfd
profile leaf
vrf DEV-DC-VRF
    rd 10.250.2.1:11
    route-target export 65001:100002 evpn
    route-target import 65001:100002 evpn
vrf PROD-DC-VRF
    rd 10.250.2.1:10
    route-target export 1:100001 evpn
    route-target export 65001:100001 evpn
    route-target import 1:100001 evpn
    route-target import 65001:100001 evpn
ntp server 10.2.120.98 prefer
ntp server 10.2.120.99 prefer
ntp enable
ntp vrf mgmt
cli-session
    timeout 0
!
!
!
!
!
!
ssh server vrf mgmt
system internal-vlan-range 4039-4094
vlan 1
vlan 101
    description AFC-created VLAN
vlan 102
    description AFC-created VLAN
vlan 201
    description AFC-created VLAN
vlan 202
    description AFC-created VLAN
vlan 2021
    description AFC-created VLAN
vlan 2022
    description AFC-created VLAN
vlan 3999
virtual-mac 02:00:01:00:00:01
evpn
    arp-suppression
    dyn-vxlan-tunnel-bridging-mode ibgp-ebgp
    vlan 101
        rd auto
        route-target export auto
        route-target export 1:10101
        route-target import auto
        route-target import 1:10101
        redistribute host-route
    vlan 102
        rd auto
        route-target export auto
        route-target export 1:10102
        route-target import auto
        route-target import 1:10102
        redistribute host-route
    vlan 201
        rd auto
        route-target export auto
        route-target import auto
        redistribute host-route
    vlan 202
        rd auto
        route-target export auto
        route-target import auto
        redistribute host-route
interface mgmt
    no shutdown
    ip dhcp
system interface-group 1 speed 10g
    !interface group 1 contains ports 1/1/1-1/1/12
system interface-group 2 speed 10g
    !interface group 2 contains ports 1/1/13-1/1/24
system interface-group 3 speed 10g
    !interface group 3 contains ports 1/1/25-1/1/36
interface lag 1 multi-chassis
    description MLAG 1 created by AFC
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 1,101-102,201-202
    lacp mode active
interface lag 2 multi-chassis
    description MLAG 2 created by AFC
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 1,101-102,201-202
    lacp mode active
interface lag 251 multi-chassis
    description MC-LAG from border leaf switches to FW1 in firewall cluster
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 1,2021-2022
    lacp mode active
    lacp fallback
interface lag 252 multi-chassis
    description MC-LAG from border leaf switches to FW2 in firewall cluster
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 1,2021-2022
    lacp mode active
    lacp fallback
interface lag 256
    description ISL
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed all
    lacp mode active
interface 1/1/1
    no shutdown
    mtu 9198
    lag 1
interface 1/1/2
    no shutdown
    mtu 9198
    lag 2
interface 1/1/3
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/4
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/5
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/6
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/7
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/8
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/9
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/10
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/11
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/12
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/13
    description WAN IP address for multifabric on RSVDC-LF1-1
    no shutdown
    mtu 9198
    ip mtu 9198
    ip address 10.255.6.1/29
interface 1/1/14
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/15
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/16
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/17
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/18
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/19
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/20
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/21
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/22
    no shutdown
    mtu 9198
    lag 251
interface 1/1/23
    no shutdown
    mtu 9198
    lag 252
interface 1/1/24
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/25
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/26
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/27
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/28
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/29
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/30
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/31
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/32
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/33
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/34
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/35
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/36
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/37
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/38
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/39
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/40
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/41
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/42
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/43
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/44
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/45
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/46
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/47
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/48
    description Keep alive Interface RSVDC-FB1-LF1-1
    no shutdown
    mtu 9198
    ip mtu 9198
    ip address 10.250.0.3/31
interface 1/1/49
    no shutdown
    mtu 9198
    lag 256
interface 1/1/50
    no shutdown
    mtu 9198
    lag 256
interface 1/1/51
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/52
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/53
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/54
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/55
    description Leaf Spine RPI to RSVDC-FB1-SP1
    no shutdown
    mtu 9198
    ip mtu 9198
    ip address 10.255.0.7/31
    ip ospf 1 area 0.0.0.0
    no ip ospf passive
    ip ospf network point-to-point
interface 1/1/56
    description Leaf Spine RPI to RSVDC-FB1-SP2
    no shutdown
    mtu 9198
    ip mtu 9198
    ip address 10.255.0.21/31
    ip ospf 1 area 0.0.0.0
    no ip ospf passive
    ip ospf network point-to-point
interface loopback 0
    description BGP/OSPF underlay
    ip address 10.250.0.11/32
interface loopback 1
    description BGP VXLAN overlay
    ip address 10.250.2.1/32
interface vlan 101
    description Production web app SVI/VLAN 101 in DC overlay
    vrf attach PROD-DC-VRF
    ip mtu 9198
    ip address 10.5.101.1/24
    active-gateway ip mac 02:00:0a:05:00:01
    active-gateway ip 10.5.101.1
interface vlan 102
    description Production database SVI/VLAN 102 DC overlay
    vrf attach PROD-DC-VRF
    ip mtu 9198
    ip address 10.5.102.1/24
    active-gateway ip mac 02:00:0a:05:00:01
    active-gateway ip 10.5.102.1
interface vlan 201
    description Development web app SVI/VLAN 201 in DC overlay
    vrf attach DEV-DC-VRF
    ip mtu 9198
    ip address 10.6.201.1/24
    active-gateway ip mac 02:00:0a:06:00:01
    active-gateway ip 10.6.201.1
interface vlan 202
    description Development database SVI/VLAN 202 in DC overlay
    vrf attach DEV-DC-VRF
    ip mtu 9198
    ip address 10.6.202.1/24
    active-gateway ip mac 02:00:0a:06:00:01
    active-gateway ip 10.6.202.1
interface vlan 2021
    description Border leaf PROD-DC-VRF uplink to external FW cluster
    vrf attach PROD-DC-VRF
    ip mtu 9198
    ip address 10.255.2.1/29
interface vlan 2022
    description Border leaf DEV-DC-VRF uplink to external FW cluster
    vrf attach DEV-DC-VRF
    ip mtu 9198
    ip address 10.255.2.9/29
interface vlan 3999
    description Transit VLAN
    ip mtu 9198
    ip address 10.250.0.17/31
    ip ospf 1 area 0.0.0.0
    no ip ospf passive
    ip ospf cost 1
    ip ospf network point-to-point
interface vxlan 1
    source ip 10.250.2.1
    no shutdown
    vni 10101
        vlan 101
    vni 10102
        vlan 102
    vni 10201
        vlan 201
    vni 10202
        vlan 202
    vni 100001
        vrf PROD-DC-VRF 
        routing
    vni 100002
        vrf DEV-DC-VRF 
        routing
vsx
    system-mac 02:00:00:00:10:01
    inter-switch-link lag 256
    role primary
    keepalive peer 10.250.0.2 source 10.250.0.3
    linkup-delay-timer 600
    vsx-sync vsx-global
ip dns domain-name example.local vrf mgmt
ip dns server-address 10.2.120.98 vrf mgmt
ip dns server-address 10.2.120.99 vrf mgmt
ip prefix-list PL-HOST-P2P description Match /31 and /32 routes
ip prefix-list PL-HOST-P2P seq 10 permit 0.0.0.0/0 ge 31 
!
!
!
ip aspath-list ALLOWED-EXT-AS description External ASNs allowed to advertise into DC overlay
ip aspath-list ALLOWED-EXT-AS seq 10 permit ^65501 65000$
ip aspath-list ALLOWED-EXT-AS seq 20 permit ^65501$
ip aspath-list local-fabric description local fabric
ip aspath-list local-fabric seq 10 permit ^$
!
route-map BGP-OSPF deny seq 10
     match tag 1000
route-map BGP-OSPF permit seq 20
route-map OSPF-BGP permit seq 10
     match tag 1000
route-map RM-EXT-OUT deny seq 10
     description filter host and P2P prefixes
     match ip address prefix-list PL-HOST-P2P
route-map RM-EXT-OUT permit seq 20
route-map RM-PERMIT-CAMPUS permit seq 10
     description allow campus and firewall ASNs
     match aspath-list ALLOWED-EXT-AS
route-map RM-PERMIT-CAMPUS deny seq 20
route-map RSVDC-to-borders permit seq 10
     description permit local overlay advertisements
     match aspath-list local-fabric
route-map RSVDC-to-borders permit seq 20
     description permit campus/firewall prefixes
     match aspath-list ALLOWED-EXT-AS
route-map connected-ospf permit seq 10
     set tag 1000
route-map to-border-leaders permit seq 10
     match aspath-list local-fabric
!
router ospf 1
    router-id 10.250.0.11
    passive-interface default
    maximum-paths 8
    redistribute bgp route-map BGP-OSPF
    redistribute local loopback route-map connected-ospf
    area 0.0.0.0
router bgp 65001
    bgp router-id 10.250.0.11
    maximum-paths 8
    bgp log-neighbor-changes
    bgp deterministic-med
    bgp always-compare-med
    bgp bestpath as-path multipath-relax
    neighbor RSVDC-FB1-RR peer-group
    neighbor RSVDC-FB1-RR remote-as 65001
    neighbor RSVDC-FB1-RR description Spine and RR peer-group
    neighbor RSVDC-FB1-RR fall-over
    neighbor RSVDC-FB1-RR update-source loopback 0
    neighbor border-leaders peer-group
    neighbor border-leaders description peering with remote-Fabrics
    neighbor border-leaders fall-over
    neighbor border-leaders update-source loopback 0
    neighbor 10.250.0.9 peer-group RSVDC-FB1-RR
    neighbor 10.250.0.13 peer-group RSVDC-FB1-RR
    neighbor 10.250.3.5 remote-as 65002
    neighbor 10.250.3.5 peer-group border-leaders
    neighbor 10.250.3.5 ebgp-multihop 10
    neighbor 10.250.3.7 remote-as 65002
    neighbor 10.250.3.7 peer-group border-leaders
    neighbor 10.250.3.7 ebgp-multihop 10
    neighbor 10.255.6.3 remote-as 65002
    neighbor 10.255.6.3 description Underlay BGP between RSVDC-LF1-1 and RSVCO-LF1-1
    neighbor 10.255.6.3 fall-over bfd
    neighbor 10.255.6.4 remote-as 65002
    neighbor 10.255.6.4 description Underlay BGP between RSVDC-LF1-1 and RSVCO-LF1-2
    neighbor 10.255.6.4 fall-over bfd
    address-family ipv4 unicast
        neighbor 10.255.6.3 activate
        neighbor 10.255.6.4 activate
        redistribute connected
        redistribute local loopback
        redistribute ospf 1 route-map OSPF-BGP
    exit-address-family
    address-family l2vpn evpn
        neighbor RSVDC-FB1-RR next-hop-self
        neighbor RSVDC-FB1-RR send-community both
        neighbor border-leaders route-map RSVDC-to-borders out
        neighbor border-leaders send-community both
        neighbor 10.250.0.9 activate
        neighbor 10.250.0.13 activate
        neighbor 10.250.3.5 activate
        neighbor 10.250.3.7 activate
    exit-address-family
!
    vrf DEV-DC-VRF
        bgp router-id 10.250.0.11
        maximum-paths 8
        bgp log-neighbor-changes
        bgp deterministic-med
        bgp always-compare-med
        bgp bestpath as-path multipath-relax
        neighbor 10.255.2.10 remote-as 65001
        neighbor 10.255.2.10 description PROD VRF peering between border leaf switches
        neighbor 10.255.2.11 remote-as 65501
        neighbor 10.255.2.11 description BGP peering from LF1-1 DEV VRF to FW cluster
        neighbor 10.255.2.11 fall-over bfd
        address-family ipv4 unicast
            neighbor 10.255.2.10 activate
            neighbor 10.255.2.10 route-map RM-PERMIT-CAMPUS out
            neighbor 10.255.2.11 activate
            neighbor 10.255.2.11 route-map RM-EXT-OUT out
            redistribute connected
        exit-address-family
!
    vrf PROD-DC-VRF
        bgp router-id 10.250.0.11
        maximum-paths 8
        bgp log-neighbor-changes
        bgp deterministic-med
        bgp always-compare-med
        bgp bestpath as-path multipath-relax
        neighbor 10.255.2.2 remote-as 65001
        neighbor 10.255.2.2 description PROD VRF peering between border leaf switches
        neighbor 10.255.2.3 remote-as 65501
        neighbor 10.255.2.3 description BGP peering from LF1-1 PROD VRF to FW cluster
        neighbor 10.255.2.3 fall-over bfd
        address-family ipv4 unicast
            neighbor 10.255.2.2 activate
            neighbor 10.255.2.2 route-map RM-PERMIT-CAMPUS out
            neighbor 10.255.2.3 activate
            neighbor 10.255.2.3 route-map RM-EXT-OUT out
            redistribute connected
        exit-address-family
!
https-server vrf mgmt

Back to top

© Copyright 2022 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.