Wired Intelligent Edge

 View Only

  • 1.  Aruba AOS-CX in EVE-NG LACP Blocked Issue 10.09

    Posted Aug 23, 2024 03:26 AM

    Hey! I have a topology as follows; There is HA between FortiGates and there is Aggregate that contains VLANs on port5-port6 and no problem with the config for sure. And Kat-1-L2, Kat-2-L2, Kat-3-L2, Kat-1-2-L2 switches has all vlans and trunks configured well. So no problem with them. SW-L3-A-1 has vsx between SW-L3-A-2. If I don't start SW-L3-A-2 there is no problem, every switch can access each other but if I start it then all lacp ports blocking and nothing works. I have no idea why. L3-A-1 and L3-A-2 configs in the below. (LAG256 was working very well when only Fortigates and SW-L3-A-1, SW-L3-A-2 works. When I start L2 Switches then it stopped)

    This is what "sh lacp int" says when I start A-2;
    SW-L3-A-1 configuration;
    hostname SW-L3-A-1
lacp system-priority 100
user admin group administrators password ciphertext AQBapdOyMVI/aHJ49fx9rz4K3RAwC2qm1ov9omOnwJZFKnFBYgAAALCHxtu2O24d03aJr49vrD7I6UjNBlX39Vh03MZd0KMBymU9eJIFfKwm2MOgu2Aqhar1tvzQi6S2WMbTu2oIUH8PS+UwVRtXFGgdaIBeJ2mJpfHGTHzHImXGbqoi022pMQtf
led locator on
vrf keepalive
ntp server pool.ntp.org minpoll 4 maxpoll 4 iburst
ntp enable
!
!
!
!
!
!
ssh server vrf mgmt
vlan 1
vlan 1100
    name BoardOfDirect
vlan 1101
    name HR
vlan 1105
    name AR-GE
vlan 1106
    name IT
vlan 1110
    name Sales
vlan 1120
    name Marketing
vlan 1132
    name NetworkDevice
vlan 1145
    name ServerDevice
interface mgmt
    no shutdown
    ip dhcp
interface lag 1
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed all
    lacp mode active
interface lag 256
    no shutdown
    description ISL
    no routing
    vlan trunk native 1 tag
    vlan trunk allowed all
    lacp mode active
interface 1/1/1
    no shutdown
    ip address 10.1.91.7/24
interface 1/1/2
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed all
interface 1/1/3
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed all
interface 1/1/4
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed all
interface 1/1/5
    no shutdown
    lag 1
interface 1/1/6
    no shutdown
    lag 1
interface 1/1/7
    no shutdown
    lag 256
interface 1/1/8
    no shutdown
    lag 256
interface 1/1/9
    no shutdown
    vrf attach keepalive
    description VSX keepalive
    ip address 192.168.99.1/30
interface vlan 1132
    ip address 10.8.3.2/25
vsx
    inter-switch-link lag 256
    role primary
    keepalive peer 192.168.99.2 source 192.168.99.1 vrf keepalive
    vsx-sync vsx-global
ip route 0.0.0.0/0 10.8.3.1

    SW-L3-A-2 configuration;

    hostname SW-L3-A-2
user admin group administrators password ciphertext AQBapWhfUon6JJWNQk/xDaGakfV8e/n6Cj09DuDQ9OjzXDmNYgAAAMLEsLdP5myg5irLsam+Eg8QkzRW3vVdow85nPADFXe1PXXany7ko0wJc6kp10OLzfmXzqnyWdZYR2yJE14y6PxhMBkDXFJUdoBHhXqCfezf/6gcfmF4jSMIAZi8+qhAAFMC
led locator on
vrf keepalive
ntp server pool.ntp.org minpoll 4 maxpoll 4 iburst
ntp enable
!
!
!
!
!
!
ssh server vrf mgmt
vlan 1
vlan 1100
    name BoardOfDirect
vlan 1101
    name HR
vlan 1105
    name AR-GE
vlan 1106
    name IT
vlan 1110
    name Sales
vlan 1120
    name Marketing
vlan 1132
    name NetworkDevice
vlan 1145
    name ServerDevice
interface mgmt
    no shutdown
    ip dhcp
interface lag 1
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed all
    lacp mode active
interface lag 256
    no shutdown
    description ISL
    no routing
    vlan trunk native 1
    vlan trunk allowed all
    lacp mode active
interface 1/1/1
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed all
interface 1/1/2
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed all
interface 1/1/3
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed all
interface 1/1/4
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed all
interface 1/1/5
    no shutdown
    lag 1
interface 1/1/6
    no shutdown
    lag 1
interface 1/1/7
    no shutdown
    lag 256
interface 1/1/8
    no shutdown
    lag 256
interface 1/1/9
    no shutdown
    vrf attach keepalive
    description VSX keepalive
    ip address 192.168.99.2/30
interface vlan 1132
    ip address 10.8.3.3/25
vsx
    inter-switch-link lag 256
    role secondary
    keepalive peer 192.168.1.1 source 192.168.1.2 vrf keepalive
    vsx-sync vsx-global
ip route 0.0.0.0/0 10.8.3.1


  • 2.  RE: Aruba AOS-CX in EVE-NG LACP Blocked Issue 10.09

    Posted Aug 24, 2024 08:27 AM

    Hi, 

    Do you have MC LAG at the Fortigates? If you don't have MCLAG at the FortiGates yoy need it an the CX side.

    interface lag 1 multi-chassis

        no shutdown
        no routing
        vlan trunk native 1
        vlan trunk allowed all
        lacp mode active

    interface lag 2 multi-chassis

        no shutdown
        no routing
        vlan trunk native 1
        vlan trunk allowed all
        lacp mode active

    interface 1/1/5
        no shutdown
        lag 1
    interface 1/1/6
        no shutdown
        lag 2

    Without spanning-tree yout L2 topology creates loop.

    And the simulators don't have a functional STP, it forwards packets out on blocked interfaces.

    On Kat-2 and Kat-3 you may create a LAG and a MCLAG on your VSX to avoid the loop.

    On Kat-1-2 you must remove one of the links to upstream switch becase you cant avoid to create a loop there.



    ------------------------------
    Arne Opdal
    ------------------------------

    Original Message


  • 3.  RE: Aruba AOS-CX in EVE-NG LACP Blocked Issue 10.09

    Posted Aug 24, 2024 04:37 PM

    Thank you so much. I made a change in the topology because there was a mistake. The change is SW-L3-A-2 1/1/4 port to Kat-1-L2. It was 1/1/4 to Kat-1-2-L2. When I create multi-chassis lags on L3s and normal lags on L2s everything worked well. Now I want to know why, could you please explain it to me. The first thing is we create mclags on L3s and the second is normal lags on L2s. Why we needed to create MCLAGs on L3s and why we dont needed to create MCLAGs on L2s?

    This is what I do and works like a charm;

    SW-L3-A-1 and SW-L3-A-2 configs;

    interface lag 1 multi-chassis
        no shutdown
        no routing
        vlan trunk native 1
        vlan trunk allowed all
        lacp mode active
    interface lag 2 multi-chassis
        no shutdown
        no routing
        vlan trunk native 1
        vlan trunk allowed all
        lacp mode active
    interface lag 3 multi-chassis
        no shutdown
        no routing
        vlan trunk native 1
        vlan trunk allowed all
        lacp mode active
    interface lag 4 multi-chassis
        no shutdown
        no routing
        vlan trunk native 1
        vlan trunk allowed all
        lacp mode active
    interface lag 5 multi-chassis
        no shutdown
        no routing
        vlan trunk native 1
        vlan trunk allowed all
        lacp mode active
    interface lag 256
        no shutdown
        description ISL
        no routing
        vlan trunk native 1 tag
        vlan trunk allowed all
        lacp mode active
    interface 1/1/2
        no shutdown
        lag 3
    interface 1/1/3
        no shutdown
        lag 4
    interface 1/1/4
        no shutdown
        lag 5
    interface 1/1/5
        no shutdown
        lag 1
    interface 1/1/6
        no shutdown
        lag 2

    and Kat-1-L2, Kat-2-L2, Kat-3-L2 configs;

    interface lag 1
        no shutdown
        no routing
        vlan trunk native 1
        vlan trunk allowed all
        lacp mode active
    interface 1/1/3
        no shutdown
        lag 1
    interface 1/1/4
        no shutdown
        lag 1

    Original Message


  • 4.  RE: Aruba AOS-CX in EVE-NG LACP Blocked Issue 10.09

    Posted Aug 25, 2024 07:04 AM

    A LAG is when you are using one or more interfaces on the same device, like your ISL on the VSX members or on the "single device" switches in your lab.

    When using interfaces on two different devices (VSX) you need to configure your LAG in a way that the devices know its spanning both devices. multi-chassis in configuration an VSX LAG in documentation https://www.arubanetworks.com/techdocs/AOS-CX/10.09/HTML/vsx/Content/Chp_Start/vsx-lag-10.11.htm

    If you are running VSF stack with physical devices, its one controlplane so you will use just LAG (not supported on the simulator).

    And enable MSTP to learn, you should use it in your real network even if you design for no loops. The protocol behaves correct, but is non functional when you tries to send packets in the dataplan in the simulator if you have interfaces in blocking state.

    You should also upgrade your simulator to a new release ;-)



    ------------------------------
    Arne Opdal
    ------------------------------

    Original Message


  • 5.  RE: Aruba AOS-CX in EVE-NG LACP Blocked Issue 10.09

    Posted Aug 27, 2024 12:43 PM
    • Verify that the LACP system priorities are correctly configured. You have set lacp system-priority 100 on SW-L3-A-1, but this should be consistent across both switches.
    • Check the LACP mode (active) and ensure that it matches on all LAGs (especially LAG 256)

    Original Message


  • 6.  RE: Aruba AOS-CX in EVE-NG LACP Blocked Issue 10.09

    Posted Aug 27, 2024 12:43 PM
    • Verify that the LACP system priorities are correctly configured. You have set lacp system-priority 100 on SW-L3-A-1, but this should be consistent across both switches.
    • Check the LACP mode (active) and ensure that it matches on all LAGs (especially LAG 256)

    Original Message


Related Content