Link Search Menu Expand Document
calendar_month 23-Jan-25

Aggregation Switch Reference Configuration

   hostname %_sys_hostname%
   banner motd !
   **********************************************************
   NOTICE TO USERS
   This is a private computer system and is the property of
   Aruba Networks. It is for authorized use only.
   users (authorized or unauthorized) have no explicit or
   implicit expectation of privacy while connected to this
   system.
   Any or all uses of this system and all files on this system
   may be intercepted, monitored, recorded, copied, audited,
   inspected, and disclosed to an authorized site, Aruba networks,
   and law enforcement personnel
   (foreign and domestic).
   By using this system, the user consents to such interception,
   monitoring, recording, copying, auditing, inspection, and
   disclosure at the discretion of an authorized site or Aruba Networks
   personnel.
   Unauthorized or improper use of this system may result in
   administrative disciplinary action and civil and criminal
   penalties. By continuing to use of this system you indicate
   your awareness of and consent to these terms and conditions
   of use. LOG OFF IMMEDIATELY if you do not agree to the
   conditions stated in this warning.
   ***********************************************************
   !
   allow-unsupported-transceiver
   user admin group administrators password ciphertext AQBapYgH7fQfCF/KrVb/BQgUokVkgVv3Uy40a9ORbWmjXSAkYgAAAARIutMR8CXywenaYnWmITrkEhZYN1gqxgeaCc629vQ4cRc2RtSBzMZz/ewMjXmxdyCPF9uTiuMqjfeJ7p06obLWUNn0jytGDYpkGhrWLkfzK4vBKOLjfHl35xsIR/dviTUp
   clock timezone pst8pdt
   no ip icmp redirect
   vrf VSX-Keepalive
   ntp server %NTP_IP_Address_1% iburst version 3
   ntp server %NTP_IP_Address_2% iburst version 3
   ntp enable
   cli-session
       timeout 0
   !
   !
   !
   !
   tacacs-server host %TACACS_SERVER1_IP% key Plaintext %TACACS_KEY%
   tacacs-server host %TACACS_SERVER2_IP% key Plaintext %TACACS_KEY%
   aaa authentication allow-fail-through
   !
   aaa group server tacacs ClearPass
       server %TACACS_SERVER1_IP%
       server %TACACS_SERVER2_IP%
   aaa authentication login console group ClearPass local
   aaa authentication login ssh group ClearPass local
   aaa authorization commands default group local ClearPass
   ssh server vrf default
   ssh server vrf mgmt
   vlan 1
   vlan 2
       name SW_ZTP
      ip igmp snooping enable
   vlan 3
       name EMPLOYEE
       ip igmp snooping enable
   vlan 5
       name CAMERA
       ip igmp snooping enable
   vlan 6
       name PRINTER
       ip igmp snooping enable
   vlan 13
       name REJECT_AUTH
       ip igmp snooping enable
   vlan 14
       name CRITICAL_AUTH
     ip igmp snooping enable
 vlan 15
       name MGMT_VLAN
       ip igmp snooping enable
spanning-tree mode rpvst
spanning-tree
spanning-tree priority 0
spanning-tree vlan %VLAN_RANGE%
spanning-tree vlan 1 priority 0
spanning-tree vlan 2 priority 0
spanning-tree vlan 3 priority 0
spanning-tree vlan 5 priority 0
spanning-tree vlan 6 priority 0
spanning-tree vlan 13 priority 0
spanning-tree vlan 14 priority 0
spanning-tree vlan 15 priority 0
interface mgmt
    no shutdown
    ip static %MGMT_IP%/24
    default-gateway 172.16.10.1
interface lag 11 multi-chassis
       no shutdown
       description 5400-AG1-AC1
       no routing
       vlan trunk native 2
       vlan trunk allowed %VLAN_RANGE%
       lacp mode active
       ip pim-sparse enable
interface lag 12 multi-chassis
   no shutdown
   description 3810-AG1-AC2
   no routing
   vlan trunk native 2
   vlan trunk allowed %VLAN_RANGE%
   lacp mode active
   ip pim-sparse enable
interface lag 13 multi-chassis
   no shutdown
   description 3810-AG1-AC3
   no routing
   vlan trunk native 2
   vlan trunk allowed %VLAN_RANGE%
   lacp mode active
interface lag 14 multi-chassis
   no shutdown
   description 2930M-AG1-AC4
   no routing
   vlan trunk native 2
   vlan trunk allowed %VLAN_RANGE%
   lacp mode active
   ip pim-sparse enable
interface lag 15 multi-chassis
   no shutdown
   description 6300M-AG1-AC5
   no routing
   vlan trunk native 2
   vlan trunk allowed %VLAN_RANGE%
   lacp mode active
   ip pim-sparse enable
interface lag 16 multi-chassis
   no shutdown
   description 6300M-AG1-AC6
   no routing
   vlan trunk native 2
   vlan trunk allowed %VLAN_RANGE%
   lacp mode active
   ip pim-sparse enable
interface lag 128
   vsx-sync vlans
   no shutdown
   description ISL
   no routing
   vlan trunk native 2 
   vlan trunk allowed all
   lacp mode active
interface 1/1/1
   no shutdown
   mtu 9198
   lag 11
interface 1/1/2
   no shutdown
   mtu 9198
   lag 13
interface 1/1/3
   no shutdown
   mtu 9198
   lag 14
interface 1/1/4
   no shutdown
   mtu 9198
   lag 15
interface 1/1/5
   no shutdown
   lag 16
interface 1/1/49
   mtu 9198
   description 8400_C2_LNK
   ip mtu 9198
   ip address %OSPF_UPLINK1_IP%/30
   ip ospf 1 area 0.0.0.0
   no ip ospf passive
   ip ospf network point-to-point
   ip pim-sparse enable
interface 1/1/50
   no shutdown
   mtu 9198
   lag 12
interface 1/1/51
   no shutdown
   mtu 9198
   vrf attach VSX-Keepalive
   description VSX Keepalive
   ip address %KEEPALIVE_IP%/30
interface 1/1/52
   mtu 9198
   description 8400_C1_LNK
   ip mtu 9198
   ip address %OSPF_UPLINK2_IP%/30
   ip ospf 1 area 0.0.0.0
   no ip ospf passive
   ip ospf network point-to-point
   ip pim-sparse enable
interface 1/1/53
   no shutdown
   mtu 9198
   description ISL Lag
   lag 128
interface 1/1/54
   no shutdown
   mtu 9198
   description ISL Lag
   lag 128
interface loopback 1
   ip address %AGG_LOOPBACK0_IP%/32
   ip ospf 1 area 0.0.0.0
   ip pim-sparse enable
interface vlan 1
   description SW_ZTP
   ip mtu 9198
   ip address  %VLAN_ID_1_IP%/24
   active-gateway ip mac a2:00:00:a1:a1:a1
   active-gateway ip 10.1.1.1
   ip helper-address %HELPER_ADDRESS_1%
   ip helper-address %HELPER_ADDRESS_2%
   ip ospf 1 area 0.0.0.0
   ip igmp enable
   ip pim-sparse enable
interface vlan 2
   description SW_ZTP
   ip mtu 9198
   ip address %VLAN_ID_2_IP%/24
   active-gateway ip mac a2:00:00:a2:a2:a2
   active-gateway ip 10.1.2.1
   ip helper-address %HELPER_ADDRESS_1%
   ip helper-address %HELPER_ADDRESS_2%
   ip ospf 1 area 0.0.0.0
   ip igmp enable
   ip pim-sparse enable
interface vlan 3
   description EMPLOYEE
   ip mtu 9198
   ip address %VLAN_ID_3_IP%/24
   active-gateway ip mac a2:00:00:a3:a3:a3
   active-gateway ip 10.1.3.1
   ip helper-address %HELPER_ADDRESS_1%
   ip helper-address %HELPER_ADDRESS_2%
   ip ospf 1 area 0.0.0.0
   ip igmp enable
   ip pim-sparse enable
interface vlan 5
   description CAMERA
   ip mtu 9198
   ip address %VLAN_ID_5_IP%/24
   active-gateway ip mac a2:00:00:a5:a5:a5
   active-gateway ip 10.1.5.1
   ip helper-address %HELPER_ADDRESS_1%
   ip helper-address %HELPER_ADDRESS_2%
   ip ospf 1 area 0.0.0.0
   ip igmp enable
   ip pim-sparse enable
interface vlan 6
   description PRINTER
   ip mtu 9198
   ip address %VLAN_ID_5_IP%/24
   active-gateway ip mac a2:00:00:a6:a6:a6
   active-gateway ip 10.1.6.1
   ip helper-address %HELPER_ADDRESS_1%
   ip helper-address %HELPER_ADDRESS_2%
   ip ospf 1 area 0.0.0.0
   ip igmp enable
   ip pim-sparse enable
interface vlan 13
   description REJECT_AUTH
   ip mtu 9198
   ip address %VLAN_ID_13_IP%/24
   active-gateway ip mac a2:00:00:13:13:13
   active-gateway ip 10.1.13.1
   ip helper-address %HELPER_ADDRESS_1%
   ip helper-address %HELPER_ADDRESS_2%
   ip ospf 1 area 0.0.0.0
   ip igmp enable
   ip pim-sparse enable
interface vlan 14
   description CRITICAL_AUTH
   ip mtu 9198
   ip address %VLAN_ID_14_IP%/24
   active-gateway ip mac a2:00:00:14:14:14
   active-gateway ip 10.1.14.1
   ip helper-address %HELPER_ADDRESS_1%
   ip helper-address %HELPER_ADDRESS_2%
   ip ospf 1 area 0.0.0.0
   ip igmp enable
   ip pim-sparse enable
interface vlan 15
   description MGMT_VLAN
   ip mtu 9198
   ip address %VLAN_ID_15_IP%/24
   active-gateway ip mac a2:00:00:15:15:15
   active-gateway ip 10.1.15.1
   ip helper-address %HELPER_ADDRESS_1%
   ip helper-address %HELPER_ADDRESS_2%
   ip ospf 1 area 0.0.0.0
   ip igmp enable
   ip pim-sparse enable
vsx
   system-mac 00:00:10:00:01:01
   inter-switch-link lag 128
   role %VSX_ROLE%
   keepalive peer %KEEPALIVE_IP_PEER% source %KEEPALIVE_IP_SOURCE% vrf VSX_KEEPALIVE
   vsx-sync aaa acl-log-timer bfd-global bgp copp-policy dhcp-relay dhcp-server dhcp-snooping dns icmp-tcp lldp loop-protect-global mac-lockout mclag-interfaces neighbor ospf qos-global route-map sflow-global 
snmp ssh stp-global time vsx-global 
ip dns domain-name example.local
ip dns server-address 10.2.120.98
ip dns server-address 10.2.120.99
!
!
!
!
!
router ospf 1
   router-id %AGG_LOOPBACK0_IP%
   passive-interface default
   area 0.0.0.0
router pim
   enable
   active-active
https-server vrf default
https-server vrf mgmt