Link Search Menu Expand Document
calendar_month 30-Oct-23

Fabric 2 Leaf 1-2 Configuration

!
!Version ArubaOS-CX GL.10.11.1050
!export-password: default
hostname RSVCO-FB2-LF1-2
user admin group administrators password ciphertext AQBapfZDYCxZJWGdGDGnH1sB9JCa4ssmwYvjURzzNbJK3rSSYgAAAMxLAPMVf0pKQuxRzY71UmOlO1uq5HSDNo+ls+wepjvwKkZ39WuSjZcGwMbRHV6a8icno+5g8uc+L6mZTroN+iQkCeqEu7t3f65lObHgUiKWE0425LiR0Q81N6AEF0AEt5Sg
user afc_admin group administrators password ciphertext AQBapXqro++rS0IAzJPx7+i5WUEb3H/kFLN6pkdQ+32Ah6nbYgAAAACMXxbaCerh+mga+sY6JNx/yaeD3ZUf1RmPuN2gyVw/PhdaxNXTFiuECf44Xux4Z0cHlVggsaSoF2DKjhqV1qyYPfOqQ8JkjvP9XJpp6rW9/4HwzfEYtUgMoUuhaiIela0S
clock timezone america/los_angeles
bfd
profile leaf
vrf PROD-DC-VRF
    rd 10.250.4.1:14
    route-target export 1:100001 evpn
    route-target export 65002:100001 evpn
    route-target import 1:100001 evpn
    route-target import 65002:100001 evpn
ntp server 10.2.120.98 prefer
ntp server 10.2.120.99 prefer
ntp enable
ntp vrf mgmt
cli-session
    timeout 0
!
!
!
!
!
!
ssh server vrf mgmt
system internal-vlan-range 4039-4094
vlan 1
vlan 101
    description AFC-created VLAN
vlan 102
    description AFC-created VLAN
vlan 2021
    description AFC-created VLAN
vlan 3999
virtual-mac 02:00:02:00:00:01
evpn
    arp-suppression
    dyn-vxlan-tunnel-bridging-mode ibgp-ebgp
    vlan 101
        rd auto
        route-target export auto
        route-target export 1:10101
        route-target import auto
        route-target import 1:10101
        redistribute host-route
    vlan 102
        rd auto
        route-target export auto
        route-target export 1:10102
        route-target import auto
        route-target import 1:10102
        redistribute host-route
interface mgmt
    no shutdown
    ip dhcp
system interface-group 1 speed 10g
    !interface group 1 contains ports 1/1/1-1/1/12
system interface-group 2 speed 10g
    !interface group 2 contains ports 1/1/13-1/1/24
interface lag 1 multi-chassis
    description MC-LAG for ESXi host 21
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 1,101-102
    lacp mode active
    lacp fallback
    lacp rate slow
interface lag 2 multi-chassis
    description MC-LAG for ESXi host 22
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 1,101-102
    lacp mode active
    lacp fallback
    lacp rate slow
interface lag 251 multi-chassis
    description MC-LAG from border leaf switch to FW1 in firewall cluster
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 1,2021
    lacp mode active
    lacp fallback
    lacp rate slow
interface lag 252 multi-chassis
    description MC-LAG from border leaf switches to FW2 in firewall cluster
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 1,2021
    lacp mode active
    lacp fallback
    lacp rate slow
interface lag 256
    description ISL
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed all
    lacp mode active
    lacp rate slow
interface 1/1/1
    no shutdown
    mtu 9198
    lag 1
interface 1/1/2
    no shutdown
    mtu 9198
    lag 2
interface 1/1/3
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/4
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/5
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/6
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/7
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/8
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/9
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/10
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/11
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/12
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/13
    description WAN IP address for multifabric on RSVCO-LF1-2
    no shutdown
    mtu 9198
    ip mtu 9198
    ip address 10.255.6.4/29
interface 1/1/14
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/15
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/16
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/17
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/18
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/19
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/20
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/21
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/22
    no shutdown
    mtu 9198
    lag 251
interface 1/1/23
    no shutdown
    mtu 9198
    lag 252
interface 1/1/24
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/25
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/26
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/27
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/28
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/29
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/30
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/31
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/32
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/33
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/34
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/35
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/36
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/37
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/38
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/39
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/40
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/41
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/42
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/43
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/44
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/45
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/46
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/47
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/48
    description Keep alive Interface RSVCO-FB2-LF1-2
    no shutdown
    mtu 9198
    ip mtu 9198
    ip address 10.250.3.0/31
interface 1/1/49
    no shutdown
    mtu 9198
    lag 256
interface 1/1/50
    no shutdown
    mtu 9198
    lag 256
interface 1/1/51
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/52
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/53
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/54
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/55
    description Leaf Spine RPI to RSVCO-FB2-SP1
    no shutdown
    mtu 9198
    ip mtu 9198
    ip address 10.255.4.3/31
    ip ospf 1 area 0.0.0.0
    no ip ospf passive
    ip ospf network point-to-point
interface 1/1/56
    description Leaf Spine RPI to RSVCO-FB2-SP2
    no shutdown
    mtu 9198
    ip mtu 9198
    ip address 10.255.4.11/31
    ip ospf 1 area 0.0.0.0
    no ip ospf passive
    ip ospf network point-to-point
interface loopback 0
    description BGP/OSPF underlay
    ip address 10.250.3.5/32
interface loopback 1
    description BGP VXLAN overlay
    ip address 10.250.4.1/32
interface vlan 101
    description Production web app SVI/VLAN 101 in DC overlay
    vrf attach PROD-DC-VRF
    ip mtu 9198
    ip address 10.5.101.1/24
    active-gateway ip mac 02:00:0a:05:00:01
    active-gateway ip 10.5.101.1
interface vlan 102
    description Production database SVI/VLAN 102 DC overlay
    vrf attach PROD-DC-VRF
    ip mtu 9198
    ip address 10.5.102.1/24
    active-gateway ip mac 02:00:0a:05:00:01
    active-gateway ip 10.5.102.1
interface vlan 2021
    description Border leaf PROD-DC-VRF uplink to colo FW cluster
    vrf attach PROD-DC-VRF
    ip mtu 9198
    ip address 10.255.5.2/29
interface vlan 3999
    description Transit VLAN
    ip mtu 9198
    ip address 10.250.3.8/31
    ip ospf 1 area 0.0.0.0
    no ip ospf passive
    ip ospf cost 1
    ip ospf network point-to-point
interface vxlan 1
    source ip 10.250.4.1
    no shutdown
    vni 10101
        vlan 101
    vni 10102
        vlan 102
    vni 100001
        vrf PROD-DC-VRF 
        routing
vsx
    system-mac 02:00:00:00:20:00
    inter-switch-link lag 256
    role primary
    keepalive peer 10.250.3.1 source 10.250.3.0
    vsx-sync vsx-global
ip dns domain-name example.local vrf mgmt
ip dns server-address 10.2.120.98 vrf mgmt
ip dns server-address 10.2.120.99 vrf mgmt
ip prefix-list PL-ALLOW-DEFAULT description Allow default route
ip prefix-list PL-ALLOW-DEFAULT seq 10 permit 0.0.0.0/0
ip prefix-list PL-HOST-P2P description Match /31 and /32 routes
ip prefix-list PL-HOST-P2P seq 10 permit 0.0.0.0/0 ge 31 
!
!
!
ip aspath-list local-fabric description local fabric
ip aspath-list local-fabric seq 10 permit ^$
!
route-map BGP-OSPF deny seq 10
     match tag 1000
route-map BGP-OSPF permit seq 20
route-map OSPF-BGP permit seq 10
     match tag 1000
route-map RM-ALLOW-DEFAULT permit seq 10
     match ip address prefix-list PL-ALLOW-DEFAULT
route-map RM-ALLOW-DEFAULT deny seq 20
route-map RM-COLO-DEFAULT permit seq 10
     match ip address prefix-list PL-ALLOW-DEFAULT
     set local-preference 200
route-map RM-COLO-DEFAULT deny seq 20
route-map RM-EXT-OUT deny seq 10
     description filter host and P2P prefixes
     match ip address prefix-list PL-HOST-P2P
route-map RM-EXT-OUT permit seq 20
route-map connected-ospf permit seq 10
     set tag 1000
route-map to-border-leaders permit seq 10
     match aspath-list local-fabric
!
router ospf 1
    router-id 10.250.3.5
    max-metric router-lsa include-stub on-startup 300
    passive-interface default
    maximum-paths 8
    redistribute bgp route-map BGP-OSPF
    redistribute local loopback route-map connected-ospf
    area 0.0.0.0
router bgp 65002
    bgp router-id 10.250.3.5
    maximum-paths 8
    bgp log-neighbor-changes
    bgp deterministic-med
    bgp always-compare-med
    bgp bestpath as-path multipath-relax
    neighbor RSVCO-FB2-RR peer-group
    neighbor RSVCO-FB2-RR remote-as 65002
    neighbor RSVCO-FB2-RR description Spine and RR peer-group
    neighbor RSVCO-FB2-RR fall-over
    neighbor RSVCO-FB2-RR update-source loopback 0
    neighbor border-leaders peer-group
    neighbor border-leaders description peering with remote-Fabrics
    neighbor border-leaders fall-over
    neighbor border-leaders update-source loopback 0
    neighbor 10.250.0.7 remote-as 65001
    neighbor 10.250.0.7 peer-group border-leaders
    neighbor 10.250.0.7 ebgp-multihop 10
    neighbor 10.250.0.11 remote-as 65001
    neighbor 10.250.0.11 peer-group border-leaders
    neighbor 10.250.0.11 ebgp-multihop 10
    neighbor 10.250.3.2 peer-group RSVCO-FB2-RR
    neighbor 10.250.3.3 peer-group RSVCO-FB2-RR
    neighbor 10.255.6.1 remote-as 65001
    neighbor 10.255.6.1 description Underlay BGP between RSVCO-LF1-2 and RSVDC-LF1-1
    neighbor 10.255.6.1 fall-over bfd
    neighbor 10.255.6.2 remote-as 65001
    neighbor 10.255.6.2 description Underlay BGP between RSVCO-LF1-2 and RSVDC-LF1-2
    neighbor 10.255.6.2 fall-over bfd
    address-family ipv4 unicast
        neighbor 10.255.6.1 activate
        neighbor 10.255.6.2 activate
        redistribute connected
        redistribute local loopback
        redistribute ospf 1 route-map OSPF-BGP
    exit-address-family
    address-family l2vpn evpn
        neighbor RSVCO-FB2-RR next-hop-self
        neighbor RSVCO-FB2-RR send-community both
        neighbor border-leaders route-map to-border-leaders out
        neighbor border-leaders send-community both
        neighbor 10.250.0.7 activate
        neighbor 10.250.0.11 activate
        neighbor 10.250.3.2 activate
        neighbor 10.250.3.3 activate
    exit-address-family
!
    vrf PROD-DC-VRF
        bgp router-id 10.250.3.5
        maximum-paths 8
        bgp log-neighbor-changes
        bgp deterministic-med
        bgp always-compare-med
        bgp bestpath as-path multipath-relax
        neighbor 10.255.5.1 remote-as 65002
        neighbor 10.255.5.1 description PROD VRF peering between border leaf switches
        neighbor 10.255.5.3 remote-as 65502
        neighbor 10.255.5.3 fall-over
        address-family ipv4 unicast
            neighbor 10.255.5.1 activate
            neighbor 10.255.5.1 route-map RM-ALLOW-DEFAULT out
            neighbor 10.255.5.3 activate
            neighbor 10.255.5.3 route-map RM-COLO-DEFAULT in
            neighbor 10.255.5.3 route-map RM-EXT-OUT out
            redistribute connected
        exit-address-family
!
https-server vrf mgmt

Back to top

© Copyright 2022 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.