I have two ARUBA 8320 connected with VSX technology as L2 and Checkpoint FW as L3 above them.
When I try pinging to a server connected to 8320 from the 8320 SW I have reachability but from the FW I do not have.
In my last case, the engineer sends me two commands useful from the shell:
ovs-appctl -t hpe-vsxd vsx_filter_dump
ovs-appctl -t ops-switchd vsx/show_isl
but when I typing dose commands I get access denied
also "sh -" in shell mode with my admin password dosn׳t work
Dose anyone have such a problem or can help?
Hello Itay and welcome!
I fear that starting a thread about Aruba 8320 VSX into the Airheads's Volunteer Corps - Support Request section could made it less visible than desired; it's better if you move (or ask the Airheads moderator to move) it into the proper Airheads's Wired Intelligent Edge (Campus Switching and Routing) section.
Said that, it looks like "the engineer" (he/she is from Aruba Support?) suggested you to execute two Shell commands (ovs-appctl) ...well...before going that deep (usually networking related issue can be diagnosed and solved without using the ServiceOS Shell but just using the ArubaOS-CX CLI) I suggest you to explain what is your actual Aruba VSX running configuration (do sanitize it by properly obfuscating sensitive information) providing as much information as you can (software version, network topology, interface information) and explain here how you configured your Checkpoint Firewall (acting as the router for your network) and how you connected it to the VSX (acting just as a Layer 2, as you worte) showing relevant VLAN/Interfaces configurations.
Doing so it's highly probable other Airheads community members can give you valuable help.
Thank you for your response.
There is a Topology diagram attached to the post.
system-mac 00:00:00:01:83:20inter-switch-link lag 1inter-switch-link hello-interval 3inter-switch-link dead-interval 10inter-switch-link hold-time 2
keepalive peer 126.96.36.199 source 188.8.131.52 vrf VSX-KEEPALIVE
keepalive dead-interval 10keepalive hello-interval 3
interface lag 1description ISL-SW-CORE-2no shutdownno routingvlan trunk native 1 tagvlan trunk allowed alllacp mode activelacp rate fast
interface lag 10 multi-chassisdescription Core-FW-1no shutdownno routingvlan trunk native 1vlan trunk allowed alllacp mode activelacp rate fast
interface lag 20 multi-chassisdescription Core-FW-2no shutdownno routingvlan trunk native 1vlan trunk allowed alllacp mode activelacp rate fast
interface lag 101 multi-chassisdescription SW-TOR-1-2no shutdownno routingvlan trunk native 1vlan trunk allowed alllacp mode activelacp rate fast
keepalive peer 184.108.40.206 source 220.127.116.11 vrf VSX-KEEPALIVE
interface lag 1description ISL-SW-CORE-1no shutdownno routingvlan trunk native 1 tagvlan trunk allowed alllacp mode activelacp rate fast
inter-switch-link lag 1inter-switch-link hello-interval 3inter-switch-link dead-interval 10inter-switch-link hold-time 2
interface lag 1description ISL-SW-TOR-2no shutdownno routingvlan trunk native 1 tagvlan trunk allowed alllacp mode activelacp rate fast
interface lag 101 multi-chassisdescription SW-Coreno shutdownno routingvlan trunk native 1vlan trunk allowed alllacp mode activelacp rate fast
interface lag 11 multi-chassisdescription A220\C1no shutdownno routingvlan trunk native 1vlan trunk allowed alllacp mode activelacp rate fast
I have another area in the network that was with the same issue and connected with the same design and products (Aruba 8320&Checkpoint FWs) when "the engineer" came to our office and troubleshoot exactly the same behavior as this issue.
When he got into shell mode and execute a few VSX shell commands and reboot the switch the VSX starting to work and we can ping from the FW (GW) to the servers. after that, he shows us the "show commands" from shell to see the VSX function and working.
the configuration in the regular CLI copied from the working area to the second area that not working properly.
I looking, someone that can guide me who to see in shell mode the VSX status and if the VSX status not good who to fix it from shell mode because I tried anything and nothing works
That's strange, I recall your posts were already answered here. Is this a duplicate (was this thread moved from another section?).
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.