Wired Intelligent Edge

Hi,

I'm setting up a pair of 8320 with VSX and have approx 30 VLANs that i was trying to setup with active gateways. I've found there is a limitation of 16 vmacs, so i can't have a unique vmac on every activate gateway.

My question is, is it ok to have different active gateways with the same vmac and is there any downside to this.

Also if it is ok then why is it shown in the config examples in the Aruba guide as them having a different vmac per active gateway.

Hi,

You can reuse the same vmac for different vlan...

There is abolutely no downside of using same VMAC as the VMAC is purely link-local.

Would you have dual-NIC systems connected to the same VSX cluster,

you may want, for arp table clarity on server, to use different VMACs specifically for SVI (L3 VLAN i/f) used for such dual-zone servers.

There will be no dual-homed servers, the setup will be utising mclags going to a 5130 IRF access switch stack and only ipv4 will be used.

This is the first VSX setup i've done and i'm still getting my head around it.

Are you saying the activate gateway vmac can be the same in each vlan as it's restricted to each vlans broadcast domain.

Exactly. Use same active-gateway VMAC for all L3 VLAN interfaces.

Thanks for clearing that up.

Can anyone suggest what MAC can we use that by no chance will overlap with some other MAC address?
Is there any suggested range by Aruba?

Best regards,

Alon.

---

@alonhav wrote:

Can anyone suggest what MAC can we use that by no chance will overlap with some other MAC address?
Is there any suggested range by Aruba?

 

Best regards,

Alon.

---

Yes, you can look Best Pratice guide : https://asp.arubanetworks.com/downloads/documents/RmlsZTplNzhhMzAxOC0yMmFhLTExZWEtOWYwMy00NzM4YTZiOGJhYWQ%3D

Hi! you would probably find this thread interesting (especially considerations reported on the latest reply, the one by @pv2b).

For additional clarity, I use the same VMAC for all SVI's which also matches the VSX VMAC. I got the impression this was necessary or at least recommended though I cannot confirm it in docs.

eg of my config
vsx
    system-mac 02:02:00:00:01:00
    inter-switch-link lag 256

interface vlan2150 
    ip address 10.3.150.251/24 
    vsx-sync active-gateways
    active-gateway ip mac 02:02:00:00:01:00

I am now seeing as I PoC Aruba Central that it does not genreate them with different VMACs, which makes me think this could be the wrong way or at least not preferred.

Another interesting observation is Aruba Central configures the SVIs ip address and active-gateway IP with the same IP....I was under the assumption once again that the IP was the same on either side of the VSX pair and the active-gateway IP on either side had to be unique

ArubaCentral - NetConductor config example

VSX-1
interface vlan 64
    vrf attach Employee
    ip address 10.0.71.254/21
    active-gateway ip 10.0.71.254

VSX-1
interface vlan 64
    vrf attach Employee
    ip address 10.0.71.254/21
    active-gateway ip 10.0.71.254

Thoughts?

Thanks in advance!