SHARIFUL's TECH BLOG

There is a new switching family released by HPE under the brand name Aruba CX series switches. These switches supports stacking in the form of MLAG. Today we will look at how to configure MLAG (multi chassis link aggregation) between two Aruba CX series switches. Aruba calls their implementation of mlag - Virtual Switching Extension (VSX) . Let's look at our network topology - Two Aruba CX switches will run peering between them and will form MLAG. Two Debian 10 linux machine will form multichassis link-aggregation with Aruba switches. They will simulate the client connection. Our topology looks like below - Aruba CX MLAG Topology Let's have a look at some terminology first before start configuring VSX. We need to define one switch as Master and another switch as Slave. VSX is an active-active forwarding solution, but the roles of master and slave is required. The purpose of that is during a VSX split, only the master will forward traffic and it will d...

In previous blog post , we have configured DMVPN phase 1 and eliminated any configuration change required at the Hub site when a new Spoke is added to the network. But there is a limitation. That is even though we have achieved configuration flexibility, our underlying topology is still hub-and-spoke. All spoke-to-spoke communication goes through the hub first. With DMVPN phase 3, we can remove that limitation. We can achieve a fully meshed network by using phase 3 of DMVPN. Before explaining how DMVPN phase 3 works, have a look at our physical and routing topology from phase 1 -  DMVPN Physical Topology DMVPN Routing Topology For example, when Spoke2 tries to communicate with Spoke3 - as usual traffic goes to the Hub1. Hub1 knows the whole network topology. But with phase 3, when Hub1 sees that two spokes are trying to communicate with each other, it will intervene. The Hub1 will signal Spoke2 that there is a better path and that is - Spoke2 can communicat...

Another day and I am covering wired 802.1X authentication for another vendor. This time it is for HP/Aruba branded procurve switches . In this blog, I will just cover HP/Aruba procurve switches's configuration commands for 802.1x. I will not present a network topology and work with that. If someone is interested about a full network setup and example, I recommend reading  part I ,  part II  and compare the configuration accordingly. Our policy is simple, if a client is authenticated it will be assigned client vlan (vlan 246) from radius server. In all other case, switch port will be assigned to guest vlan (vlan 247) by the switch. Configuration of the switch We need to configure a radius server first - SW(config)# radius-server host 172.16.245.11 key test123 auth-port 1812 acct-port 1813 Then we will assign this radius server to an aaa server group -  SW(config)# aaa server-group radius nps-servers host  172.16.245.11 ...