Dynamic BGP peering
Before AOS-CX 10.11, each BGP peer IP address must be statically configured as a specific neighbor. With the Dynamic BGP peering feature, AOS-CX dynamically establishes peering with a group of remote neighbors that are configured using a range of IP addresses and BGP peer group : Instead of being configured individually in the BGP neighbors table, BGP dynamic neighbors are configured as ranges of remote addresses with associated peer groups After a subnet range is configured for a BGP peer group and a TCP session is initiated by a remote peer using an IP address in the specified subnet range, a new BGP neighbor is dynamically created as a member of that group, if it has been accepted.
For more details visit the Technical update video -
Aruba AOS-CX 10.11: Dynamic BGP peering Technical Update
------------------------------
Shobana
Aruba
------------------------------
Original Message:
Sent: Dec 13, 2022 01:05 AM
From: Shobana Nandakumar
Subject: AOS-CX 10.11 Release Updates
Host to Switch MACsec
Media Access Control security (MACsec) provides Layer 2 security for wired LANs, protecting network communications against a range of attacks including: denial of service, intrusion, man-in-the-middle, and eavesdropping. These attacks exploit Layer 2 vulnerabilities and often cannot be detected. MACsec appends a header and tail to all Ethernet frames, and encrypts data payload within the frame. Receiving device checks header and tail for integrity. If the check fails, traffic is dropped. If the check is successful, the frame is encrypted.
For more details, visit the Technical update video -
https://www.youtube.com/watch?v=EgFGpAKIiNY
------------------------------
Shobana
Aruba
Original Message:
Sent: Dec 12, 2022 06:40 AM
From: Shobana Nandakumar
Subject: AOS-CX 10.11 Release Updates
Support for LACP fallback
LACP Fallback feature provides a configuration mechanism for dynamic LAGs to enable non-bonded interfaces that would otherwise be blocked due to the absence of any LACP BPDUs received from the peer LACP fallback was first introduced into AOS-CX 10.02.0020 Initial support was limited to VSX multi-chassis LAG interfaces only The new CLI command to enable the feature on non-VSX Dynamic LAGs is called lacp fallback-static The pre-existing CLI command lacp fallback is retained for support with VSX Supported Platforms Now starting with AOS-CX 10.11, the feature has been extended to other Dynamic LAGs on the following platforms: OVA, 4100, 6000, 6100, 6200, 6300, 6400, 8320, 8325, 8360, 9300, 10000
For details, visit the Technical update video -
https://www.youtube.com/watch?v=mjy4mUlzwQ0
------------------------------
Shobana
Aruba
Original Message:
Sent: Dec 12, 2022 06:34 AM
From: Shobana Nandakumar
Subject: AOS-CX 10.11 Release Updates
Aruba AOS-CX 10.11 Enrollment over Secure Transport [EST] Technical Update. Certificate association with an EST (Enrollment over Secure Transport) profile can now be pushed within a configuration to initiate certificate provisioning. When a certificate property profile contains an EST profile association, it will trigger a certificate enrollment automatically, provided the corresponding EST profile is also in the configuration and the corresponding EST server has been established. If new certificates are created or enrolled, the configuration needs to be saved for the certificates to persist across reboots or upgrades.
For details, visit the Technical update video -
https://www.youtube.com/watch?v=J45Fin6CvR0
------------------------------
Shobana
TME
Aruba
------------------------------