!
!Version ArubaOS-CX DL.10.11.1050
!export-password: default
hostname RSVDC-FB1-LF3-2
user admin group administrators password ciphertext AQBapU260s0qW+dAOIoHC6SQNkwoDJduGsK/PJuOcFPVKf4BYgAAAEZtDcTr9IjogvLBf2SjusjhExgVC0xeuEBpDkCkohLxGN086iLEtcSNDo4MEB34z/NGRJDvaNROCTRPzPCnnOBHv5ehVzY+cqz2ELC4WWrAC5hOu45LNLuokDp5tVVDjZnH
user afc_admin group administrators password ciphertext AQBapdsJsKHNO9inv5h+vlmWYtGIXz5gcAJRnY568ztlxMJcYgAAAA5EIouuB11ckrZrniHvjQGRjpglPGwIVo4n9HS91HmCbjkNhjJ61HcqB40bhKw9aHRrMIiN4ZrC1avQ+1r3O0XQpXyYnKqrb83S1omVSELQrF0uFf988tFSfstuWpO+U13g
clock timezone america/los_angeles
bfd
profile leaf
vrf DEV-DC-VRF
rd 10.250.2.0:11
route-target export 65001:100002 evpn
route-target import 65001:100002 evpn
vrf PROD-DC-VRF
rd 10.250.2.0:10
route-target export 1:100001 evpn
route-target export 65001:100001 evpn
route-target import 1:100001 evpn
route-target import 65001:100001 evpn
ntp server 10.2.120.98 prefer
ntp server 10.2.120.99 prefer
ntp enable
ntp vrf mgmt
cli-session
timeout 0
!
!
!
!
!
!
ssh server vrf mgmt
psm
host 172.16.104.51 172.16.104.52 172.16.104.53 vrf mgmt
vlan 1
vlan 50
private-vlan primary
vlan 51
private-vlan isolated primary-vlan 50
vlan 101
description AFC-created VLAN
vlan 102
description AFC-created VLAN
vlan 201
description AFC-created VLAN
vlan 202
description AFC-created VLAN
vlan 3999
virtual-mac 02:00:01:00:00:00
evpn
arp-suppression
vlan 50
rd auto
route-target export auto
route-target import auto
redistribute host-route
vlan 101
rd auto
route-target export auto
route-target export 1:10101
route-target import auto
route-target import 1:10101
redistribute host-route
vlan 102
rd auto
route-target export auto
route-target export 1:10102
route-target import auto
route-target import 1:10102
redistribute host-route
vlan 201
rd auto
route-target export auto
route-target import auto
redistribute host-route
vlan 202
rd auto
route-target export auto
route-target import auto
redistribute host-route
spanning-tree config-name
interface mgmt
no shutdown
ip dhcp
interface lag 1 multi-chassis
description L2 Subleaf Leaf MLAG
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed all
lacp mode active
lacp fallback
lacp rate slow
interface lag 2 multi-chassis
description MC-LAG for ESXi host 7
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 1,101-102,201-202
lacp mode active
lacp fallback
lacp rate slow
interface lag 11 multi-chassis
description MC-LAG for example microsegmentation of ESXI-07
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 1,50-51
lacp mode active
lacp fallback
lacp rate slow
interface lag 256
description ISL
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed all
lacp mode active
lacp rate slow
interface 1/1/1
no shutdown
mtu 9198
lag 2
interface 1/1/2
no shutdown
mtu 9198
lag 11
interface 1/1/3
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/4
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/5
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/6
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/7
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/8
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/9
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/10
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/11
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/12
no shutdown
mtu 9198
lag 1
interface 1/1/13
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/14
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/15
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/16
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/17
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/18
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/19
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/20
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/21
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/22
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/23
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/24
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/25
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/26
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/27
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/28
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/29
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/30
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/31
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/32
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/33
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/34
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/35
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/36
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/37
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/38
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/39
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/40
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/41
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/42
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/43
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/44
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/45
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/46
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/47
no shutdown
mtu 9198
ip mtu 9198
interface 1/1/48
description Keep alive Interface RSVDC-FB1-LF3-2
no shutdown
mtu 9198
ip mtu 9198
ip address 10.250.0.0/31
interface 1/1/49
no shutdown
persona access
mtu 9198
lag 256
interface 1/1/50
no shutdown
persona access
mtu 9198
lag 256
interface 1/1/51
no shutdown
persona uplink
mtu 9198
ip mtu 9198
interface 1/1/52
no shutdown
persona uplink
mtu 9198
ip mtu 9198
interface 1/1/53
description Leaf Spine RPI to RSVDC-FB1-SP1
no shutdown
persona uplink
mtu 9198
ip mtu 9198
ip address 10.255.0.3/31
ip ospf 1 area 0.0.0.0
no ip ospf passive
ip ospf network point-to-point
interface 1/1/54
description Leaf Spine RPI to RSVDC-FB1-SP2
no shutdown
persona uplink
mtu 9198
ip mtu 9198
ip address 10.255.0.19/31
ip ospf 1 area 0.0.0.0
no ip ospf passive
ip ospf network point-to-point
interface loopback 0
description BGP/OSPF underlay
ip address 10.250.0.6/32
interface loopback 1
description BGP VXLAN overlay
ip address 10.250.2.0/32
interface vlan 50
description Example microsegmentation SVI
vrf attach PROD-DC-VRF
ip mtu 9198
ip address 10.5.50.1/24
active-gateway ip mac 02:00:0a:05:00:01
active-gateway ip 10.5.50.1
ip local-proxy-arp
interface vlan 101
description Production web app SVI/VLAN 101 in DC overlay
vrf attach PROD-DC-VRF
ip mtu 9198
ip address 10.5.101.1/24
active-gateway ip mac 02:00:0a:05:00:01
active-gateway ip 10.5.101.1
interface vlan 102
description Production database SVI/VLAN 102 DC overlay
vrf attach PROD-DC-VRF
ip mtu 9198
ip address 10.5.102.1/24
active-gateway ip mac 02:00:0a:05:00:01
active-gateway ip 10.5.102.1
interface vlan 201
description Development web app SVI/VLAN 201 in DC overlay
vrf attach DEV-DC-VRF
ip mtu 9198
ip address 10.6.201.1/24
active-gateway ip mac 02:00:0a:06:00:01
active-gateway ip 10.6.201.1
interface vlan 202
description Development database SVI/VLAN 202 in DC overlay
vrf attach DEV-DC-VRF
ip mtu 9198
ip address 10.6.202.1/24
active-gateway ip mac 02:00:0a:06:00:01
active-gateway ip 10.6.202.1
interface vlan 3999
description Transit VLAN
ip mtu 9198
ip address 10.250.0.14/31
ip ospf 1 area 0.0.0.0
no ip ospf passive
ip ospf cost 1
ip ospf network point-to-point
interface vxlan 1
source ip 10.250.2.0
no shutdown
vni 10050
vlan 50
vni 10101
vlan 101
vni 10102
vlan 102
vni 10201
vlan 201
vni 10202
vlan 202
vni 100001
vrf PROD-DC-VRF
routing
vni 100002
vrf DEV-DC-VRF
routing
vsx
system-mac 02:00:00:00:10:00
inter-switch-link lag 256
role secondary
keepalive peer 10.250.0.1 source 10.250.0.0
linkup-delay-timer 600
vsx-sync vsx-global
ip dns domain-name example.local vrf mgmt
ip dns server-address 10.2.120.98 vrf mgmt
ip dns server-address 10.2.120.99 vrf mgmt
!
!
!
!
route-map connected-ospf permit seq 10
set tag 1000
!
router ospf 1
router-id 10.250.0.6
passive-interface default
maximum-paths 8
redistribute local loopback route-map connected-ospf
area 0.0.0.0
router bgp 65001
bgp router-id 10.250.0.6
maximum-paths 8
bgp log-neighbor-changes
bgp deterministic-med
bgp always-compare-med
bgp bestpath as-path multipath-relax
neighbor RSVDC-FB1-RR peer-group
neighbor RSVDC-FB1-RR remote-as 65001
neighbor RSVDC-FB1-RR description Spine and RR peer-group
neighbor RSVDC-FB1-RR fall-over
neighbor RSVDC-FB1-RR update-source loopback 0
neighbor 10.250.0.9 peer-group RSVDC-FB1-RR
neighbor 10.250.0.13 peer-group RSVDC-FB1-RR
address-family ipv4 unicast
redistribute connected
exit-address-family
address-family l2vpn evpn
neighbor RSVDC-FB1-RR send-community both
neighbor 10.250.0.9 activate
neighbor 10.250.0.13 activate
exit-address-family
!
vrf DEV-DC-VRF
bgp router-id 10.250.0.6
maximum-paths 8
bgp log-neighbor-changes
bgp deterministic-med
bgp always-compare-med
bgp bestpath as-path multipath-relax
address-family ipv4 unicast
redistribute connected
exit-address-family
!
vrf PROD-DC-VRF
bgp router-id 10.250.0.6
maximum-paths 8
bgp log-neighbor-changes
bgp deterministic-med
bgp always-compare-med
bgp bestpath as-path multipath-relax
address-family ipv4 unicast
redistribute connected
exit-address-family
!
https-server vrf mgmt