AOS-CX Switch Simulator

 View Only
last person joined: yesterday 

Expand all | Collapse all

VSX Part 1 Lab

This thread has been viewed 49 times
  • 1.  VSX Part 1 Lab

    Posted Nov 23, 2021 10:13 AM
    In the vsx lab 1 directions it states to do the following;

    SW1
    interface 1/1/7
    no shutdown
    vrf attach KA
    description VSX keepalive
    ip address 192.168.0.0/31

    SW2
    interface 1/1/7
    no shutdown
    vrf attach KA
    description VSX keepalive
    ip address 192.168.0.1/31

    I add this and I am able to ping both sides via the "ping 192.168.0.x vrf KA" command.


    Later on the lab states to do the following Step #4;

    vsx
    keepalive peer 192.168.0.1 source 192.168.0.0 vrf KA

    Here is where I have an issue, complains, "keepalive is already defined" and Keepalive State never changes from "Keepalive-Init to "Keepalive-Established" If I remove "vrf attach KA" from int 1/1/7 everything seems to work, other than I can now ping 192.168.0.x outside the vrf, don't need to add "vrf KA to the end of the ping command. I get the impression adding "vrf attach KA" to interface 1/1/7 is not needed but best practice? Any insight on this?







    ------------------------------
    jeffrey nappi
    ------------------------------


  • 2.  RE: VSX Part 1 Lab

    Posted Nov 24, 2021 04:11 AM
    Hi Jeffrey.

    Did you put interface 1/1/7 to KA on both switches and also use vrf KA in VSX keepalive configuration on both switches? I have the same problem with this lab and then I realize that I forget to put keepalive to vrf KA on second switch. Just typing mistake :-)

    It is a best practice to put keepalive in separate vrf. It is explained in VSX Best Practices document and video series.

    Best, Gorazd

    ------------------------------
    Gorazd Kikelj
    ------------------------------



  • 3.  RE: VSX Part 1 Lab

    EMPLOYEE
    Posted Nov 24, 2021 04:11 AM
    You need to define the keepalive in a symmetrical way, i.e. on the VSX secondary as well with
    vsx
       keepalive peer 192.168.0.0 source 192.168.0.1 vrf KA

    Is it the case ?

    Dedicated VRF for keepalive packets is not mandatory, however this is a best practice to avoid mixing up keepalive trafffic with other traffic in term of routing,
    so that the keepalive protection is hardened.

    ------------------------------
    Vincent Giles
    ------------------------------