Link Search Menu Expand Document
calendar_month 24-Feb-23

Two-Tier Core 1-1 Configuration

!
!Version ArubaOS-CX GL.10.10.1030
!export-password: default
hostname RSVDC-CORE1-1
user admin group administrators password ciphertext AQBape4UWoq1QvpeP/EUIekSdFSBgaeEGVA7RKm+HP0Tmko+YgAAAHuqROWVS8fPYrbtdYe5lD0dxPBFpXfKML0K4gG6ScwaG2bXOqZIeS/r19tJ07ALCny/PPtRAvWRQYoqwCje4v6skHRKM1EFb9AKaOH+P0ymPeekET6K87SCg5tyDTDhlVqt
clock timezone america/los_angeles
profile leaf
ntp server 10.2.120.98
ntp server 10.2.120.99
ntp server pool.ntp.org minpoll 4 maxpoll 4 iburst
ntp enable
ntp vrf mgmt
!
!
!
!
tacacs-server host 10.2.120.94 key ciphertext AQBapQDxXZNnGRQj1Q1Fffu5mmoWws6M8pQyMHYEwKnGJBaYCQAAAP6VOqlv87BJhA== vrf mgmt
tacacs-server host 10.2.120.95 key ciphertext AQBapWtdMVGfg7il+3C8B8ho3whJ9iQnIn2D8J/990ZCCQMKCQAAAB7Q8QYqCYmqmQ== vrf mgmt
!
!
ssh server vrf mgmt
access-list ip RSVDC_Border_ACL
    10 comment Allow_All_HTTPS_to_Prod_Web
    10 permit tcp 0.0.0.0/0.0.0.0 10.1.101.0/255.255.255.0 eq https
    20 comment Allow_Supporting_Services
    20 permit any 10.2.120.0/255.255.255.0 10.1.0.0/255.255.0.0
    30 comment Allow_Admins_to_DC_Hosts
    30 permit any 10.254.1.0/255.255.255.0 10.1.0.0/255.255.0.0
    40 comment Allow_Admins_to_DC_loopbacks
    40 permit any 10.254.1.0/255.255.255.0 10.18.0.0/255.255.255.0
    50 comment Allow_ICMP_to_Prod_Web
    50 permit icmp 0.0.0.0/0.0.0.0 10.1.101.0/255.255.255.0
    60 comment Allow_Traceroute_to_Prod_Web
    60 permit udp 0.0.0.0/0.0.0.0 10.1.101.0/255.255.255.0 range 33434 33535
    70 comment Allow_BGP_peering
    70 permit tcp 10.0.0.0/255.255.255.0 10.0.0.0/255.255.255.0 eq bgp
vlan 1
vlan 101
    name PROD-WEB
vlan 102
    name PROD-DB
vlan 4000
    name CORE-ROUTED-TRANSIT
vlan 4001
    name CORE1-1-TO-EXT-FW
vlan 4002
    name CORE1-2-TO-EXT-FW
spanning-tree
spanning-tree priority 0
spanning-tree config-name RSVDC
interface mgmt
    no shutdown
    ip dhcp
interface lag 1 multi-chassis
    description RACK-1
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed all
    lacp mode active
    spanning-tree root-guard
interface lag 2 multi-chassis
    description RACK-2
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed all
    lacp mode active
    spanning-tree root-guard
interface lag 256
    description VSX_ISL_LAG
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed all
    lacp mode active
interface 1/1/1
    description RSVDC-ACCESS1-1
    no shutdown
    mtu 9198
    lag 1
interface 1/1/2
    description RSVDC-ACCESS1-2
    no shutdown
    mtu 9198
    lag 1
interface 1/1/3
    description RSVDC-ACCESS2-1
    no shutdown
    mtu 9198
    lag 2
interface 1/1/4
    description RSVDC-ACCESS2-2
    no shutdown
    mtu 9198
    lag 2
interface 1/1/5
    description EXT-FW-1
    no shutdown
    mtu 9198
    no routing
    vlan access 4001
interface 1/1/6
    description EXT-FW-2
    no shutdown
    mtu 9198
    no routing
    vlan access 4001
interface 1/1/7
    no shutdown
    no routing
    vlan access 1
interface 1/1/8
    no shutdown
    no routing
    vlan access 1
interface 1/1/9
    no shutdown
    no routing
    vlan access 1
interface 1/1/10
    no shutdown
    no routing
    vlan access 1
interface 1/1/11
    no shutdown
    no routing
    vlan access 1
interface 1/1/12
    no shutdown
    no routing
    vlan access 1
interface 1/1/13
    no shutdown
    no routing
    vlan access 1
interface 1/1/14
    no shutdown
    no routing
    vlan access 1
interface 1/1/15
    no shutdown
    no routing
    vlan access 1
interface 1/1/16
    no shutdown
    no routing
    vlan access 1
interface 1/1/17
    no shutdown
    no routing
    vlan access 1
interface 1/1/18
    no shutdown
    no routing
    vlan access 1
interface 1/1/19
    no shutdown
    no routing
    vlan access 1
interface 1/1/20
    no shutdown
    no routing
    vlan access 1
interface 1/1/21
    no shutdown
    no routing
    vlan access 1
interface 1/1/22
    no shutdown
    no routing
    vlan access 1
interface 1/1/23
    no shutdown
    no routing
    vlan access 1
interface 1/1/24
    no shutdown
    no routing
    vlan access 1
interface 1/1/25
    no shutdown
    no routing
    vlan access 1
interface 1/1/26
    no shutdown
    no routing
    vlan access 1
interface 1/1/27
    no shutdown
    no routing
    vlan access 1
interface 1/1/28
    no shutdown
    no routing
    vlan access 1
interface 1/1/29
    no shutdown
    no routing
    vlan access 1
interface 1/1/30
    no routing
    vlan access 1
interface 1/1/31
    no shutdown
    mtu 9198
    lag 256
interface 1/1/32
    no shutdown
    mtu 9198
    lag 256
interface loopback 0
    ip address 10.18.0.1/32
    ip ospf 1 area 0.0.0.0
interface vlan 101
    description PROD-WEB-SVI
    ip mtu 9198
    ip address 10.1.101.2/24
    active-gateway ip mac 02:00:0a:01:65:01
    active-gateway ip 10.1.101.1
interface vlan 102
    description PROD-DB-SVI
    ip mtu 9198
    ip address 10.1.102.2/24
    active-gateway ip mac 02:00:0a:01:66:01
    active-gateway ip 10.1.102.1
interface vlan 4000
    description CORE-ROUTED-TRANSIT-SVI
    ip mtu 9198
    ip address 10.18.0.254/31
    ip ospf 1 area 0.0.0.0
    no ip ospf passive
    ip ospf network point-to-point
interface vlan 4001
    description CORE1-1-FW-SVI
    ip mtu 9198
    ip address 10.0.0.21/31
    apply access-list ip RSVDC_Border_ACL routed-in
snmp-server system-location DC01, Roseville, CA
snmp-server system-contact netadmin@orangetme.local
vsx
    system-mac 02:00:00:00:10:00
    inter-switch-link lag 256
    role primary
    keepalive peer 172.16.104.22 source 172.16.104.21 vrf mgmt
ip dns server-address 10.2.120.98 vrf mgmt
ip dns server-address 10.2.120.99 vrf mgmt
ip prefix-list PL_DC-Prefixes-In seq 10 permit 0.0.0.0/0
ip prefix-list PL_DC-Prefixes-Out seq 10 permit 10.1.0.0/16 le 24
!
!
!
!
route-map RM_DC-Prefixes-In permit seq 10
     match ip address prefix-list PL_DC-Prefixes-In
route-map RM_DC-Prefixes-In deny seq 20
route-map RM_DC-Prefixes-Out permit seq 10
     match ip address prefix-list PL_DC-Prefixes-Out
route-map RM_DC-Prefixes-Out deny seq 20
!
router ospf 1
    router-id 10.18.0.1
    passive-interface default
    area 0.0.0.0
router bgp 65001
    bgp router-id 10.18.0.1
    neighbor 10.0.0.20 remote-as 65520
    neighbor 10.18.0.2 remote-as 65001
    neighbor 10.18.0.2 update-source loopback 0
    address-family ipv4 unicast
        neighbor 10.0.0.20 activate
        neighbor 10.0.0.20 route-map RM_DC-Prefixes-In in
        neighbor 10.0.0.20 route-map RM_DC-Prefixes-Out out
        neighbor 10.18.0.2 activate
        neighbor 10.18.0.2 next-hop-self
        redistribute connected
    exit-address-family
!
https-server vrf mgmt
configuration-lockout central managed

Back to top

© Copyright 2022 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.