Wired Intelligent Edge

 View Only
  • 1.  Cisco IOS to ArubaOS-CX

    Posted Aug 16, 2022 09:37 AM
    I am having some issue migrating Csico Catalyst switch config to ArubaOS-CX on 6300M.  I found some documents (CLI Reference Guide for ArubaOS-CX, ArubaOS-Switch, and Cisco IOS) on Aruba website but as expected it does not give me equivalent Aruba command for everything.

    Here are few  things I need to ask:

    1. On Cisco switchport we have data and voice vlan configured but the port is configured as access port. I only see trunk port options in Aruba. Is that correct?
    Can you please post a sample working config?
    Here is Cisco config: 
                                       
    interface GigabitEthernet1/1/1
     switchport access vlan 50
     switchport mode access
     switchport nonegotiate
     switchport voice vlan 90
     switchport port-security maximum 4
     switchport port-security
     spanning-tree portfast
     spanning-tree bpduguard enable

    2. What is the equivalent to rapid spanning-tree in Aruba?
    Here is Cisco config: 
    spanning-tree mode rapid-pvst

    3. What is the config for dhcp snooping for vlan?
    Here is Cisco config: 
    ip dhcp snooping vlan 50,53,54,55,90

    4. What is equivalent for vtp mode?
    Here is Cisco config: 
    vtp mode transparent

    5. WHat is the equivalent for errdisable?
    Here is Cisco config: 
    errdisable recovery cause udld
    errdisable recovery cause bpduguard

    6. What is the correct config for port-channel?
    Here is Cisco config: 
    interface Port-channel2
    switchport trunk native vlan 10
    switchport mode trunk
    ip dhcp snooping trust

    7. What is the correct L3 SVI config?
    interface Vlan590
     description "Data Switch Management"
     ip address 172.20.2.213 255.255.255.0
     no ip proxy-arp

    8. What is the correct line config for console and vty?


  • 2.  RE: Cisco IOS to ArubaOS-CX

    Posted Aug 17, 2022 01:55 AM
    Hi faadi

    1. There is no "voice vlan" on the interface itself. Rather config the "voice" option in the vlan context, e.g. "vlan 90; name VoIP; voice". This information will then be taken by LLDP to announce the correct voice VLAN to the device.

    2. Yes, Aruba supports Rapid per-VLAN Spanning-Tree. Just configure the following
    spanning-tree
    spanning-tree mode rpvst

    3. See IP-Services Guide, page 111+ (esp. page 122):
    https://www.arubanetworks.com/techdocs/AOS-CX/10.08/PDF/ip_services_6300-6400.pdf

    4. there is no such thing. You can enable or disable ssh server on a given vrf (vrf mgmt, vrf default, etc.) by using the following command:
    ssh server vrf default

    5. that is called a fault-monitor profile, try the following:
    config-fault-monitor-profile <name>
    [...]
       and then on the interface itself:
    apply fault-monitor profile <name>

    6. it is called a "lag" (link aggregation group). So try the following and don't forget the nasty "no shutdown" on both the lag and the physical interface:
    interface lag 2
     vlan trunk native 10
     vlan trunk allowed 10,11,12,13,14
     no shutdown
    interface 1/1/1
     no shutdown
     lag 2
    interface 2/1/1
     no shutdown
     lag 2

    7. Apart from the not needed "no ip proxy-arp" command, it's similar to Cisco. Proxy-arp is disabled by default, if you need it, you need to activate it manually with "ip proxy-arp".

    8. That doesn't exist on ArubaOS-CX. Serial console is active by default, ssh server can be activated on a per-VRF basis, see above. Authentication can be controlled by "aaa authentication login ...." commands.


    I hope this helps.

    Kind regards,
    Thomas




  • 3.  RE: Cisco IOS to ArubaOS-CX

    Posted Aug 31, 2022 03:42 AM
    Thank you for the reply. After spending some time I was able to figure out answers to all my questions.  

    I am using the following configuration for the switchport that is configured for both Voice and Data. It has Voice vlan as tagged and for the data traffic I am using the native vlan. Is this correct and the recommended solution? Is there any security implication?

    vlan 500
    name USERS

    vlan 900
    name VOICE-1
    voice

    interface 1/1/10
    no shutdown
    no routing
    vlan trunk native 500
    vlan trunk allowed 500,900
    spanning-tree bpdu-guard
    spanning-tree loop-guard
    spanning-tree port-type admin-edge
    port-access port-security
    enable
    client-limit 4