On two Aruba 8320 VSX (ArubaOS-CX 10.01.0011) I'm noticing this oddity:
I started from this VSX LAG configuration for my lag1:
interface lag 1 multi-chassis
vsx-sync vlans
description 8320-1-VSX-LAG-TSM
no shutdown
no routing
vlan trunk native 20
vlan trunk allowed 20
lacp mode active
loop-protect
loop-protect vlan 20
to this configuration:
interface lag 1 multi-chassis
vsx-sync vlans
description 8320-1-VSX-LAG-TSM
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 1,20,30,40
lacp mode active
loop-protect
loop-protect vlan 1,20,30,40
by executing - at level of interface lag 1 - these commands:
vlan trunk native 1
vlan trunk allowed 1,20,30,40
loop-protect vlan 1,20,30,40
this to change, respectively, native VLAN from 20 to 1, allowed VLANs from 20 only to 1, 20, 30 and 40 and finally loop-protect from 20 only to 1, 20, 30 and 40.
The strangeness is that - since vsx-sync is enabled on lag1 interface, I expected to see the same exact configuration (description apart) on Secondary VSX node...BUT what I see is currently this:
interface lag 1 multi-chassis
vsx-sync vlans
description 8320-2-VSX-LAG-TSM
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 20,30,40
lacp mode active
loop-protect
What worries me is not the absence of loop-protect with specified VLANs (that one is going to be added manually since it is not a synced status)...what worries me really is the fact I see this row:
vlan trunk allowed 20,30,40
and not the one I expect:
vlan trunk allowed 1,20,30,40
Is there a reason to not see 1 as VLAN ID allowed explicitly for the lag 1 interface on trunk mode?
This make me think both nodes - from the point of view of VLANs - are not totally synched even if synchronization seems to have happened (vsx status looks good to me):
Aruba-8320-1(config-lag-if)# do show vsx status
VSX Operational State
---------------------
ISL channel : In-Sync
ISL mgmt channel : operational
Config Sync Status : in-sync
NAE : peer_reachable
HTTPS Server : peer_reachable
Attribute Local Peer
------------ -------- --------
ISL link lag128 lag128
ISL version 2 2
System MAC d0:67:26:xx:xx:xx d0:67:26:yy:yy:yy
Platform 8320 8320
Software Version TL.10.01.0011 TL.10.01.0011
Device Role primary secondary
The fact is that there is a big difference on Secondary Aruba 8320 (8320-2) if VLAN 1 is not allowed in trunk mode as it is instructed to happen on Primary Aruba 8320 (8320-1)...untagged traffic will be dropped on lag1 on Secondary. Isn't it?
Is this a bug?
Or this behaviour could be related that I didn't added vsx-sync to VLAN 1 (I added vsx-sync only to VLAN 20, 30 and 40)? if so...should I add the vsx-sync option also to VLAN 1?