AOS-CX Switch Simulator

I've been having really odd issues with AOS CX switches under Eve-NG. 

I've set up a lab with a VSX cluster, MCLAG to an OPNsense firewall and MCLAGs to some access switches. 

I can receive DHCP on an Ubuntu client connected to one of the access switches, both through VLAN 1 and VLAN 100. I can successfully ping the gateway, and out to 8.8.8.8. However, I cannot access the gateway over HTTP/HTTPS, nor can I reach DNS at 8.8.8.8 or 1.1.1.1. All interfaces in OPNsense are set up as any/any/allow. I have set up this exact same scenario in GNS3 (Same configs 1:1) without issues. Under Eve, I tried a single AOS switch simply connected to a standard interface on the firewall, also no DNS or HTTP traffic, yet pings work. If I replace the AOS switches with Cisco, I have no issues either, which leads me to believe this odd behaviour is relared to the AOS CX simulator itself. 

I am running the latest 10.15 version of the AOS CX image.

Below are the configs currently loaded on the switches. Any insight would be appreciated, thank you!

Core 1

hostname Core-SW1
!
vrf KA
!
vlan 1
vlan 100
    vsx-sync
!
interface mgmt
    no shutdown
    ip dhcp
interface lag 1 multi-chassis
    description Access-SW1 VSX LAG
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface lag 2 multi-chassis
    description Access-SW2 VSX LAG
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface lag 10 multi-chassis
    description To Firewall
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface lag 256
    description ISL
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed all
    lacp mode active
interface 1/1/1
    description To Access-SW1
    no shutdown
    mtu 9100
    lag 1
interface 1/1/2
    description To Access-SW2
    no shutdown
    mtu 9100
    lag 2
interface 1/1/3
    description To Firewall
    no shutdown
    lag 10
interface 1/1/7
    description Keepalive
    no shutdown
    vrf attach KA
    ip address 192.168.0.0/31
interface 1/1/8
    description ISL link
    no shutdown
    mtu 9198
    lag 256
interface 1/1/9
    description ISL link
    no shutdown
    mtu 9198
    lag 256
vsx
    system-mac 02:01:00:00:01:00
    inter-switch-link lag 256
    role primary
    keepalive peer 192.168.0.1 source 192.168.0.0 vrf KA
    vsx-sync aaa acl-log-timer bfd-global bgp control-plane-acls copp-policy dhcp-relay dhcp-server dhcp-snooping dns icmp-tcp lldp loop-protect-global mac-lockout mclag-interfaces neighbor ospf qos-global route-map sflow-global snmp ssh stp-global time vsx-global

Core 2

hostname Core-SW2
!
vrf KA
!
ssh server vrf mgmt
vlan 1
vlan 100
    vsx-sync
!
interface mgmt
    no shutdown
    ip dhcp
interface lag 1 multi-chassis
    description Access-SW1 VSX LAG
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface lag 2 multi-chassis
    description Access-SW2 VSX LAG
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface lag 10 multi-chassis
    description To Firewall
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface lag 256
    description ISL
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed all
    lacp mode active
interface 1/1/1
    description To Access-SW1
    no shutdown
    mtu 9100
    lag 1
interface 1/1/2
    description To Access-SW2
    no shutdown
    mtu 9100
    lag 2
interface 1/1/3
    description To Firewall
    no shutdown
    lag 10
interface 1/1/7
    description Keepalive
    no shutdown
    vrf attach KA
    ip address 192.168.0.1/31
interface 1/1/8
    description ISL link
    no shutdown
    mtu 9198
    lag 256
interface 1/1/9
    description ISL link
    no shutdown
    mtu 9198
    lag 256
vsx
    system-mac 02:01:00:00:01:00
    inter-switch-link lag 256
    role secondary
    keepalive peer 192.168.0.0 source 192.168.0.1 vrf KA
    vsx-sync aaa acl-log-timer bfd-global bgp control-plane-acls copp-policy dhcp-relay dhcp-server dhcp-snooping dns icmp-tcp lldp loop-protect-global mac-lockout mclag-interfaces neighbor ospf qos-global route-map sflow-global snmp ssh stp-global time vsx-global

Access 1

hostname Access-SW1
!
vlan 1,100
interface mgmt
    no shutdown
    ip dhcp
interface lag 1
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface 1/1/1
    no shutdown
    no routing
    vlan access 100
interface 1/1/8
    description to Core-SW1
    no shutdown
    lag 1
interface 1/1/9
    description to Core-SW2
    no shutdown
    lag 1

Access 2

hostname Access-SW2
!
vlan 1,100
interface mgmt
    no shutdown
    ip dhcp
interface lag 1
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface 1/1/1
    no shutdown
    no routing
    vlan access 100
interface 1/1/2
    description To Ubuntu Client
    no shutdown
    no routing
    vlan access 100
interface 1/1/8
    description to SW1
    no shutdown
    lag 1
interface 1/1/9
    description to SW2
    no shutdown
    lag 1

First, keep in mind that AOS-CX is a simulator and is not primarily designed for testing with real traffic.

• Are you running the AOS-CX simulator in GNS3?
• you might try changing your gateway to use a port other than 80 or 443 to see if that resolves the issue.

Most likely a EVE-NG issue, I had this before with a Fortigate VM appliance in EVE-NG.
------------------------------
Marcel Koedijk | MVP Expert 2024 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own

Original Message:
Sent: Feb 02, 2025 08:16 PM
From: MatazaNz
Subject: Issues with CX Simulator on Eve-NG

I've been having really odd issues with AOS CX switches under Eve-NG. 

I've set up a lab with a VSX cluster, MCLAG to an OPNsense firewall and MCLAGs to some access switches. 

I can receive DHCP on an Ubuntu client connected to one of the access switches, both through VLAN 1 and VLAN 100. I can successfully ping the gateway, and out to 8.8.8.8. However, I cannot access the gateway over HTTP/HTTPS, nor can I reach DNS at 8.8.8.8 or 1.1.1.1. All interfaces in OPNsense are set up as any/any/allow. I have set up this exact same scenario in GNS3 (Same configs 1:1) without issues. Under Eve, I tried a single AOS switch simply connected to a standard interface on the firewall, also no DNS or HTTP traffic, yet pings work. If I replace the AOS switches with Cisco, I have no issues either, which leads me to believe this odd behaviour is relared to the AOS CX simulator itself. 

I am running the latest 10.15 version of the AOS CX image.

Below are the configs currently loaded on the switches. Any insight would be appreciated, thank you!

Core 1

hostname Core-SW1
!
vrf KA
!
vlan 1
vlan 100
    vsx-sync
!
interface mgmt
    no shutdown
    ip dhcp
interface lag 1 multi-chassis
    description Access-SW1 VSX LAG
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface lag 2 multi-chassis
    description Access-SW2 VSX LAG
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface lag 10 multi-chassis
    description To Firewall
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface lag 256
    description ISL
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed all
    lacp mode active
interface 1/1/1
    description To Access-SW1
    no shutdown
    mtu 9100
    lag 1
interface 1/1/2
    description To Access-SW2
    no shutdown
    mtu 9100
    lag 2
interface 1/1/3
    description To Firewall
    no shutdown
    lag 10
interface 1/1/7
    description Keepalive
    no shutdown
    vrf attach KA
    ip address 192.168.0.0/31
interface 1/1/8
    description ISL link
    no shutdown
    mtu 9198
    lag 256
interface 1/1/9
    description ISL link
    no shutdown
    mtu 9198
    lag 256
vsx
    system-mac 02:01:00:00:01:00
    inter-switch-link lag 256
    role primary
    keepalive peer 192.168.0.1 source 192.168.0.0 vrf KA
    vsx-sync aaa acl-log-timer bfd-global bgp control-plane-acls copp-policy dhcp-relay dhcp-server dhcp-snooping dns icmp-tcp lldp loop-protect-global mac-lockout mclag-interfaces neighbor ospf qos-global route-map sflow-global snmp ssh stp-global time vsx-global

Core 2

hostname Core-SW2
!
vrf KA
!
ssh server vrf mgmt
vlan 1
vlan 100
    vsx-sync
!
interface mgmt
    no shutdown
    ip dhcp
interface lag 1 multi-chassis
    description Access-SW1 VSX LAG
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface lag 2 multi-chassis
    description Access-SW2 VSX LAG
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface lag 10 multi-chassis
    description To Firewall
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface lag 256
    description ISL
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed all
    lacp mode active
interface 1/1/1
    description To Access-SW1
    no shutdown
    mtu 9100
    lag 1
interface 1/1/2
    description To Access-SW2
    no shutdown
    mtu 9100
    lag 2
interface 1/1/3
    description To Firewall
    no shutdown
    lag 10
interface 1/1/7
    description Keepalive
    no shutdown
    vrf attach KA
    ip address 192.168.0.1/31
interface 1/1/8
    description ISL link
    no shutdown
    mtu 9198
    lag 256
interface 1/1/9
    description ISL link
    no shutdown
    mtu 9198
    lag 256
vsx
    system-mac 02:01:00:00:01:00
    inter-switch-link lag 256
    role secondary
    keepalive peer 192.168.0.0 source 192.168.0.1 vrf KA
    vsx-sync aaa acl-log-timer bfd-global bgp control-plane-acls copp-policy dhcp-relay dhcp-server dhcp-snooping dns icmp-tcp lldp loop-protect-global mac-lockout mclag-interfaces neighbor ospf qos-global route-map sflow-global snmp ssh stp-global time vsx-global

Access 1

hostname Access-SW1
!
vlan 1,100
interface mgmt
    no shutdown
    ip dhcp
interface lag 1
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface 1/1/1
    no shutdown
    no routing
    vlan access 100
interface 1/1/8
    description to Core-SW1
    no shutdown
    lag 1
interface 1/1/9
    description to Core-SW2
    no shutdown
    lag 1

Access 2

hostname Access-SW2
!
vlan 1,100
interface mgmt
    no shutdown
    ip dhcp
interface lag 1
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface 1/1/1
    no shutdown
    no routing
    vlan access 100
interface 1/1/2
    description To Ubuntu Client
    no shutdown
    no routing
    vlan access 100
interface 1/1/8
    description to SW1
    no shutdown
    lag 1
interface 1/1/9
    description to SW2
    no shutdown
    lag 1

Yes, I am aware of this. I am not using the simulator for a real network. I am using it to build out proof of concept network designs, as well as learn the CX platform. The design I am currently working on requires testing web access and restrictions.

As per my original post, I am running under both EVE NG and GNS3. The issue I am running into is under EVE NG. GNS3 has no issues thus far. I am evaluating both simulation platforms as part of this too, to decide which I want to use long term. EVE NG is much nicer in some points, but this issue I am experiencing may be a blocker.

This is affecting more than just HTTP/HTTPS. I also cannot use DNS, queries just time out. Bypassing the Aruba CX switch (Either by directly connecting to the firewall, or by using a Cisco switch) restores this functionality.

If this is a known issue under EVE NG, then I will make note of this and move forward with GNS3 instead.

First, keep in mind that AOS-CX is a simulator and is not primarily designed for testing with real traffic.

• Are you running the AOS-CX simulator in GNS3?
• you might try changing your gateway to use a port other than 80 or 443 to see if that resolves the issue.

Most likely a EVE-NG issue, I had this before with a Fortigate VM appliance in EVE-NG.
------------------------------
Marcel Koedijk | MVP Expert 2024 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own

Original Message:
Sent: Feb 02, 2025 08:16 PM
From: MatazaNz
Subject: Issues with CX Simulator on Eve-NG

I've been having really odd issues with AOS CX switches under Eve-NG. 

I've set up a lab with a VSX cluster, MCLAG to an OPNsense firewall and MCLAGs to some access switches. 

I can receive DHCP on an Ubuntu client connected to one of the access switches, both through VLAN 1 and VLAN 100. I can successfully ping the gateway, and out to 8.8.8.8. However, I cannot access the gateway over HTTP/HTTPS, nor can I reach DNS at 8.8.8.8 or 1.1.1.1. All interfaces in OPNsense are set up as any/any/allow. I have set up this exact same scenario in GNS3 (Same configs 1:1) without issues. Under Eve, I tried a single AOS switch simply connected to a standard interface on the firewall, also no DNS or HTTP traffic, yet pings work. If I replace the AOS switches with Cisco, I have no issues either, which leads me to believe this odd behaviour is relared to the AOS CX simulator itself. 

I am running the latest 10.15 version of the AOS CX image.

Below are the configs currently loaded on the switches. Any insight would be appreciated, thank you!

Core 1

hostname Core-SW1
!
vrf KA
!
vlan 1
vlan 100
    vsx-sync
!
interface mgmt
    no shutdown
    ip dhcp
interface lag 1 multi-chassis
    description Access-SW1 VSX LAG
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface lag 2 multi-chassis
    description Access-SW2 VSX LAG
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface lag 10 multi-chassis
    description To Firewall
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface lag 256
    description ISL
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed all
    lacp mode active
interface 1/1/1
    description To Access-SW1
    no shutdown
    mtu 9100
    lag 1
interface 1/1/2
    description To Access-SW2
    no shutdown
    mtu 9100
    lag 2
interface 1/1/3
    description To Firewall
    no shutdown
    lag 10
interface 1/1/7
    description Keepalive
    no shutdown
    vrf attach KA
    ip address 192.168.0.0/31
interface 1/1/8
    description ISL link
    no shutdown
    mtu 9198
    lag 256
interface 1/1/9
    description ISL link
    no shutdown
    mtu 9198
    lag 256
vsx
    system-mac 02:01:00:00:01:00
    inter-switch-link lag 256
    role primary
    keepalive peer 192.168.0.1 source 192.168.0.0 vrf KA
    vsx-sync aaa acl-log-timer bfd-global bgp control-plane-acls copp-policy dhcp-relay dhcp-server dhcp-snooping dns icmp-tcp lldp loop-protect-global mac-lockout mclag-interfaces neighbor ospf qos-global route-map sflow-global snmp ssh stp-global time vsx-global

Core 2

hostname Core-SW2
!
vrf KA
!
ssh server vrf mgmt
vlan 1
vlan 100
    vsx-sync
!
interface mgmt
    no shutdown
    ip dhcp
interface lag 1 multi-chassis
    description Access-SW1 VSX LAG
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface lag 2 multi-chassis
    description Access-SW2 VSX LAG
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface lag 10 multi-chassis
    description To Firewall
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface lag 256
    description ISL
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed all
    lacp mode active
interface 1/1/1
    description To Access-SW1
    no shutdown
    mtu 9100
    lag 1
interface 1/1/2
    description To Access-SW2
    no shutdown
    mtu 9100
    lag 2
interface 1/1/3
    description To Firewall
    no shutdown
    lag 10
interface 1/1/7
    description Keepalive
    no shutdown
    vrf attach KA
    ip address 192.168.0.1/31
interface 1/1/8
    description ISL link
    no shutdown
    mtu 9198
    lag 256
interface 1/1/9
    description ISL link
    no shutdown
    mtu 9198
    lag 256
vsx
    system-mac 02:01:00:00:01:00
    inter-switch-link lag 256
    role secondary
    keepalive peer 192.168.0.0 source 192.168.0.1 vrf KA
    vsx-sync aaa acl-log-timer bfd-global bgp control-plane-acls copp-policy dhcp-relay dhcp-server dhcp-snooping dns icmp-tcp lldp loop-protect-global mac-lockout mclag-interfaces neighbor ospf qos-global route-map sflow-global snmp ssh stp-global time vsx-global

Access 1

hostname Access-SW1
!
vlan 1,100
interface mgmt
    no shutdown
    ip dhcp
interface lag 1
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface 1/1/1
    no shutdown
    no routing
    vlan access 100
interface 1/1/8
    description to Core-SW1
    no shutdown
    lag 1
interface 1/1/9
    description to Core-SW2
    no shutdown
    lag 1

Access 2

hostname Access-SW2
!
vlan 1,100
interface mgmt
    no shutdown
    ip dhcp
interface lag 1
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface 1/1/1
    no shutdown
    no routing
    vlan access 100
interface 1/1/2
    description To Ubuntu Client
    no shutdown
    no routing
    vlan access 100
interface 1/1/8
    description to SW1
    no shutdown
    lag 1
interface 1/1/9
    description to SW2
    no shutdown
    lag 1

Yes, I am aware of this. I am not using the simulator for a real network. I am using it to build out proof of concept network designs, as well as learn the CX platform. The design I am currently working on requires testing web access and restrictions.

As per my original post, I am running under both EVE NG and GNS3. The issue I am running into is under EVE NG. GNS3 has no issues thus far. I am evaluating both simulation platforms as part of this too, to decide which I want to use long term. EVE NG is much nicer in some points, but this issue I am experiencing may be a blocker.

This is affecting more than just HTTP/HTTPS. I also cannot use DNS, queries just time out. Bypassing the Aruba CX switch (Either by directly connecting to the firewall, or by using a Cisco switch) restores this functionality.

If this is a known issue under EVE NG, then I will make note of this and move forward with GNS3 instead.

First, keep in mind that AOS-CX is a simulator and is not primarily designed for testing with real traffic.

• Are you running the AOS-CX simulator in GNS3?
• you might try changing your gateway to use a port other than 80 or 443 to see if that resolves the issue.

Most likely a EVE-NG issue, I had this before with a Fortigate VM appliance in EVE-NG.
------------------------------
Marcel Koedijk | MVP Expert 2024 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own

Original Message:
Sent: Feb 02, 2025 08:16 PM
From: MatazaNz
Subject: Issues with CX Simulator on Eve-NG

I've been having really odd issues with AOS CX switches under Eve-NG. 

I've set up a lab with a VSX cluster, MCLAG to an OPNsense firewall and MCLAGs to some access switches. 

I can receive DHCP on an Ubuntu client connected to one of the access switches, both through VLAN 1 and VLAN 100. I can successfully ping the gateway, and out to 8.8.8.8. However, I cannot access the gateway over HTTP/HTTPS, nor can I reach DNS at 8.8.8.8 or 1.1.1.1. All interfaces in OPNsense are set up as any/any/allow. I have set up this exact same scenario in GNS3 (Same configs 1:1) without issues. Under Eve, I tried a single AOS switch simply connected to a standard interface on the firewall, also no DNS or HTTP traffic, yet pings work. If I replace the AOS switches with Cisco, I have no issues either, which leads me to believe this odd behaviour is relared to the AOS CX simulator itself. 

I am running the latest 10.15 version of the AOS CX image.

Below are the configs currently loaded on the switches. Any insight would be appreciated, thank you!

Core 1

hostname Core-SW1
!
vrf KA
!
vlan 1
vlan 100
    vsx-sync
!
interface mgmt
    no shutdown
    ip dhcp
interface lag 1 multi-chassis
    description Access-SW1 VSX LAG
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface lag 2 multi-chassis
    description Access-SW2 VSX LAG
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface lag 10 multi-chassis
    description To Firewall
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface lag 256
    description ISL
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed all
    lacp mode active
interface 1/1/1
    description To Access-SW1
    no shutdown
    mtu 9100
    lag 1
interface 1/1/2
    description To Access-SW2
    no shutdown
    mtu 9100
    lag 2
interface 1/1/3
    description To Firewall
    no shutdown
    lag 10
interface 1/1/7
    description Keepalive
    no shutdown
    vrf attach KA
    ip address 192.168.0.0/31
interface 1/1/8
    description ISL link
    no shutdown
    mtu 9198
    lag 256
interface 1/1/9
    description ISL link
    no shutdown
    mtu 9198
    lag 256
vsx
    system-mac 02:01:00:00:01:00
    inter-switch-link lag 256
    role primary
    keepalive peer 192.168.0.1 source 192.168.0.0 vrf KA
    vsx-sync aaa acl-log-timer bfd-global bgp control-plane-acls copp-policy dhcp-relay dhcp-server dhcp-snooping dns icmp-tcp lldp loop-protect-global mac-lockout mclag-interfaces neighbor ospf qos-global route-map sflow-global snmp ssh stp-global time vsx-global

Core 2

hostname Core-SW2
!
vrf KA
!
ssh server vrf mgmt
vlan 1
vlan 100
    vsx-sync
!
interface mgmt
    no shutdown
    ip dhcp
interface lag 1 multi-chassis
    description Access-SW1 VSX LAG
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface lag 2 multi-chassis
    description Access-SW2 VSX LAG
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface lag 10 multi-chassis
    description To Firewall
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface lag 256
    description ISL
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed all
    lacp mode active
interface 1/1/1
    description To Access-SW1
    no shutdown
    mtu 9100
    lag 1
interface 1/1/2
    description To Access-SW2
    no shutdown
    mtu 9100
    lag 2
interface 1/1/3
    description To Firewall
    no shutdown
    lag 10
interface 1/1/7
    description Keepalive
    no shutdown
    vrf attach KA
    ip address 192.168.0.1/31
interface 1/1/8
    description ISL link
    no shutdown
    mtu 9198
    lag 256
interface 1/1/9
    description ISL link
    no shutdown
    mtu 9198
    lag 256
vsx
    system-mac 02:01:00:00:01:00
    inter-switch-link lag 256
    role secondary
    keepalive peer 192.168.0.0 source 192.168.0.1 vrf KA
    vsx-sync aaa acl-log-timer bfd-global bgp control-plane-acls copp-policy dhcp-relay dhcp-server dhcp-snooping dns icmp-tcp lldp loop-protect-global mac-lockout mclag-interfaces neighbor ospf qos-global route-map sflow-global snmp ssh stp-global time vsx-global

Access 1

hostname Access-SW1
!
vlan 1,100
interface mgmt
    no shutdown
    ip dhcp
interface lag 1
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface 1/1/1
    no shutdown
    no routing
    vlan access 100
interface 1/1/8
    description to Core-SW1
    no shutdown
    lag 1
interface 1/1/9
    description to Core-SW2
    no shutdown
    lag 1

Access 2

hostname Access-SW2
!
vlan 1,100
interface mgmt
    no shutdown
    ip dhcp
interface lag 1
    no shutdown
    no routing
    vlan trunk native 1
    vlan trunk allowed 100
    lacp mode active
interface 1/1/1
    no shutdown
    no routing
    vlan access 100
interface 1/1/2
    description To Ubuntu Client
    no shutdown
    no routing
    vlan access 100
interface 1/1/8
    description to SW1
    no shutdown
    lag 1
interface 1/1/9
    description to SW2
    no shutdown
    lag 1