Link Search Menu Expand Document
calendar_month 01-Nov-24

Multifabric: Fabric 1 Leaf 3-2 Configuration

!
!Version ArubaOS-CX DL.10.11.1050
!export-password: default
hostname RSVDC-FB1-LF3-2
user admin group administrators password ciphertext AQBapU260s0qW+dAOIoHC6SQNkwoDJduGsK/PJuOcFPVKf4BYgAAAEZtDcTr9IjogvLBf2SjusjhExgVC0xeuEBpDkCkohLxGN086iLEtcSNDo4MEB34z/NGRJDvaNROCTRPzPCnnOBHv5ehVzY+cqz2ELC4WWrAC5hOu45LNLuokDp5tVVDjZnH
user afc_admin group administrators password ciphertext AQBapdsJsKHNO9inv5h+vlmWYtGIXz5gcAJRnY568ztlxMJcYgAAAA5EIouuB11ckrZrniHvjQGRjpglPGwIVo4n9HS91HmCbjkNhjJ61HcqB40bhKw9aHRrMIiN4ZrC1avQ+1r3O0XQpXyYnKqrb83S1omVSELQrF0uFf988tFSfstuWpO+U13g
clock timezone america/los_angeles
bfd
profile leaf
vrf DEV-DC-VRF
    rd 10.250.2.0:11
    route-target export 65001:100002 evpn
    route-target import 65001:100002 evpn
vrf PROD-DC-VRF
    rd 10.250.2.0:10
    route-target export 1:100001 evpn
    route-target export 65001:100001 evpn
    route-target import 1:100001 evpn
    route-target import 65001:100001 evpn
ntp server 10.2.120.98 prefer
ntp server 10.2.120.99 prefer
ntp enable
ntp vrf mgmt
cli-session
    timeout 0
!
!
!
!
!
!
ssh server vrf mgmt
psm
    host 172.16.104.51 172.16.104.52 172.16.104.53 vrf mgmt
vlan 1
vlan 50
    private-vlan primary
vlan 51
    private-vlan isolated primary-vlan 50
vlan 101
    description AFC-created VLAN
vlan 102
    description AFC-created VLAN
vlan 201
    description AFC-created VLAN
vlan 202
    description AFC-created VLAN
vlan 3999
virtual-mac 02:00:01:00:00:00
evpn
    arp-suppression
    vlan 50
        rd auto
        route-target export auto
        route-target import auto
        redistribute host-route
    vlan 101
        rd auto
        route-target export auto
        route-target export 1:10101
        route-target import auto
        route-target import 1:10101
        redistribute host-route
    vlan 102
        rd auto
        route-target export auto
        route-target export 1:10102
        route-target import auto
        route-target import 1:10102
        redistribute host-route
    vlan 201
        rd auto
        route-target export auto
        route-target import auto
        redistribute host-route
    vlan 202
        rd auto
        route-target export auto
        route-target import auto
        redistribute host-route
spanning-tree config-name 
interface mgmt
    no shutdown
    ip dhcp
interface lag 1 multi-chassis
    description L2 Subleaf Leaf MLAG
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed all
    lacp mode active
    lacp fallback
    lacp rate slow
interface lag 2 multi-chassis
    description MC-LAG for ESXi host 7
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 1,101-102,201-202
    lacp mode active
    lacp fallback
    lacp rate slow
interface lag 11 multi-chassis
    description MC-LAG for example microsegmentation of ESXI-07
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 1,50-51
    lacp mode active
    lacp fallback
    lacp rate slow
interface lag 256
    description ISL
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed all
    lacp mode active
    lacp rate slow
interface 1/1/1
    no shutdown
    mtu 9198
    lag 2
interface 1/1/2
    no shutdown
    mtu 9198
    lag 11
interface 1/1/3
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/4
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/5
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/6
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/7
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/8
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/9
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/10
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/11
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/12
    no shutdown
    mtu 9198
    lag 1
interface 1/1/13
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/14
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/15
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/16
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/17
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/18
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/19
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/20
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/21
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/22
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/23
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/24
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/25
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/26
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/27
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/28
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/29
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/30
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/31
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/32
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/33
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/34
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/35
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/36
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/37
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/38
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/39
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/40
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/41
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/42
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/43
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/44
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/45
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/46
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/47
    no shutdown
    mtu 9198
    ip mtu 9198
interface 1/1/48
    description Keep alive Interface RSVDC-FB1-LF3-2
    no shutdown
    mtu 9198
    ip mtu 9198
    ip address 10.250.0.0/31
interface 1/1/49
    no shutdown
    persona access
    mtu 9198
    lag 256
interface 1/1/50
    no shutdown
    persona access
    mtu 9198
    lag 256
interface 1/1/51
    no shutdown
    persona uplink
    mtu 9198
    ip mtu 9198
interface 1/1/52
    no shutdown
    persona uplink
    mtu 9198
    ip mtu 9198
interface 1/1/53
    description Leaf Spine RPI to RSVDC-FB1-SP1
    no shutdown
    persona uplink
    mtu 9198
    ip mtu 9198
    ip address 10.255.0.3/31
    ip ospf 1 area 0.0.0.0
    no ip ospf passive
    ip ospf network point-to-point
interface 1/1/54
    description Leaf Spine RPI to RSVDC-FB1-SP2
    no shutdown
    persona uplink
    mtu 9198
    ip mtu 9198
    ip address 10.255.0.19/31
    ip ospf 1 area 0.0.0.0
    no ip ospf passive
    ip ospf network point-to-point
interface loopback 0
    description BGP/OSPF underlay
    ip address 10.250.0.6/32
interface loopback 1
    description BGP VXLAN overlay
    ip address 10.250.2.0/32
interface vlan 50
    description Example microsegmentation SVI
    vrf attach PROD-DC-VRF
    ip mtu 9198
    ip address 10.5.50.1/24
    active-gateway ip mac 02:00:0a:05:00:01
    active-gateway ip 10.5.50.1
    ip local-proxy-arp
interface vlan 101
    description Production web app SVI/VLAN 101 in DC overlay
    vrf attach PROD-DC-VRF
    ip mtu 9198
    ip address 10.5.101.1/24
    active-gateway ip mac 02:00:0a:05:00:01
    active-gateway ip 10.5.101.1
interface vlan 102
    description Production database SVI/VLAN 102 DC overlay
    vrf attach PROD-DC-VRF
    ip mtu 9198
    ip address 10.5.102.1/24
    active-gateway ip mac 02:00:0a:05:00:01
    active-gateway ip 10.5.102.1
interface vlan 201
    description Development web app SVI/VLAN 201 in DC overlay
    vrf attach DEV-DC-VRF
    ip mtu 9198
    ip address 10.6.201.1/24
    active-gateway ip mac 02:00:0a:06:00:01
    active-gateway ip 10.6.201.1
interface vlan 202
    description Development database  SVI/VLAN 202 in DC overlay
    vrf attach DEV-DC-VRF
    ip mtu 9198
    ip address 10.6.202.1/24
    active-gateway ip mac 02:00:0a:06:00:01
    active-gateway ip 10.6.202.1
interface vlan 3999
    description Transit VLAN
    ip mtu 9198
    ip address 10.250.0.14/31
    ip ospf 1 area 0.0.0.0
    no ip ospf passive
    ip ospf cost 1
    ip ospf network point-to-point
interface vxlan 1
    source ip 10.250.2.0
    no shutdown
    vni 10050
        vlan 50
    vni 10101
        vlan 101
    vni 10102
        vlan 102
    vni 10201
        vlan 201
    vni 10202
        vlan 202
    vni 100001
        vrf PROD-DC-VRF 
        routing
    vni 100002
        vrf DEV-DC-VRF 
        routing
vsx
    system-mac 02:00:00:00:10:00
    inter-switch-link lag 256
    role secondary
    keepalive peer 10.250.0.1 source 10.250.0.0
    linkup-delay-timer 600
    vsx-sync vsx-global
ip dns domain-name example.local vrf mgmt
ip dns server-address 10.2.120.98 vrf mgmt
ip dns server-address 10.2.120.99 vrf mgmt
!
!
!
!
route-map connected-ospf permit seq 10
     set tag 1000
!
router ospf 1
    router-id 10.250.0.6
    passive-interface default
    maximum-paths 8
    redistribute local loopback route-map connected-ospf
    area 0.0.0.0
router bgp 65001
    bgp router-id 10.250.0.6
    maximum-paths 8
    bgp log-neighbor-changes
    bgp deterministic-med
    bgp always-compare-med
    bgp bestpath as-path multipath-relax
    neighbor RSVDC-FB1-RR peer-group
    neighbor RSVDC-FB1-RR remote-as 65001
    neighbor RSVDC-FB1-RR description Spine and RR peer-group
    neighbor RSVDC-FB1-RR fall-over
    neighbor RSVDC-FB1-RR update-source loopback 0
    neighbor 10.250.0.9 peer-group RSVDC-FB1-RR
    neighbor 10.250.0.13 peer-group RSVDC-FB1-RR
    address-family ipv4 unicast
        redistribute connected
    exit-address-family
    address-family l2vpn evpn
        neighbor RSVDC-FB1-RR send-community both
        neighbor 10.250.0.9 activate
        neighbor 10.250.0.13 activate
    exit-address-family
!
    vrf DEV-DC-VRF
        bgp router-id 10.250.0.6
        maximum-paths 8
        bgp log-neighbor-changes
        bgp deterministic-med
        bgp always-compare-med
        bgp bestpath as-path multipath-relax
        address-family ipv4 unicast
            redistribute connected
        exit-address-family
!
    vrf PROD-DC-VRF
        bgp router-id 10.250.0.6
        maximum-paths 8
        bgp log-neighbor-changes
        bgp deterministic-med
        bgp always-compare-med
        bgp bestpath as-path multipath-relax
        address-family ipv4 unicast
            redistribute connected
        exit-address-family
!
https-server vrf mgmt