Wired Intelligent Edge (Campus Switching and Routing)

Aruba 5406R /5412R Behavior When Enabling VSF And Secure Mode Enhanced

MVP
MVP
Problem:

When enabling secure-mode enhanced and configuring VSF stacking on Aruba 5406/12R zl2 switches all V3 modules go into a persistent booting state or the switch gets stuck in an "initializing" state.

 



Diagnostics:

This Article discusses the behavior when two Aruba 5406 or 5412R zl2 switches are on secure mode enhanced and we attempt to stack them using VSF is made.

 



Solution

VSF stacking when two Aruba 5406R / 5412R switches have been configured with secure-mode enhanced is NOT supported. 

However if you did unknowingly attempt the above configuration this is what you should expect:

  • You configure both switches to be on secure-mode enahnced.
  • Aruba-5406R-A(config)# secure-mode enhanced
    Validating software and configurations, this may take a minute...
    The system will be rebooted and all management module files except
    software images will be erased and zeroized.  This will take up to
    60 minutes and the switch will not be usable during that time.  A
    power-cycle will then be required to complete the transition.

    Continue (y/n)?y

  • Aruba-5406R-A(config)# show secure-mode

      Level: Enhanced

  • Aruba-5406R-B(config)# show secure-mode

      Level: Enhanced

  • Now to check the module status on both switches 

  • Aruba-5406R-A(config)# show modules

     Status and Counters - Module Information

      Chassis: 5406Rzl2 J9850A         Serial Number:   SG5AGPR183

      Allow V2 Modules:   Yes

                                                                           Core  Mod
      Slot  Module Description                     Serial Number  Status   Dump  Ver
      ----- -------------------------------------- -------------- -------- ----- ---
      MM1   HP J9827A Management Module 5400Rzl2   SG5AG4C02F     Standby  YES   1
      MM2   HP J9827A Management Module 5400Rzl2   SG46G4C1BH     Active   YES   1


      A     HP J9990A 20p PoE+ / 4p SFP+ v3 zl2... SG5AGPG09Q     Up       YES   3
      B     HP J9986A 24p 10/100/1000BASE-T PoE... SG50GPB6BL     Up       YES   3

  • Aruba-5406R-B(config)# show modules

     Status and Counters - Module Information

      Chassis: 5406Rzl2 J9850A         Serial Number:   SG51GM30GL

      Allow V2 Modules:   Yes

                                                                           Core  Mod
      Slot  Module Description                     Serial Number  Status   Dump  Ver
      ----- -------------------------------------- -------------- -------- ----- ---
      MM2   HP J9827A Management Module 5400Rzl2   SG51G4C0L2     Active   YES   1

      1/A   HP J9993A 8p 1G/10GbE SFP+ v3 zl2 Mod  SG94GPK0MP     UP  YES   3  

      1/B   HP J9993A 8p 1G/10GbE SFP+ v3 zl2 Mod  SG94GPK0FK     UP YES   3  
                                                                          
      

  • Next we enable VSF on Aruba-5405R-A, switch and let 5406R-B( factory reset condition) join the stack automatically like we would do normally.

  • Aruba-5406R-A(config)# vsf member 1 link 1 b21
    All configuration on this port has been removed and port is placed in VSF mode.
    Aruba-5406R-A(config)# vsf do
    Invalid input: do
    HP-Switch-5406Rzl2(config)# vsf do
    Invalid input: do
    Aruba-5406R-A(config)# vsf enable domain
     <1-4294967295>        The VSF virtual chassis domain ID.
    Aruba-5406R-A(config)# vsf enable domain 1
    This will save the current configuration and reboot the switch.
    Continue (y/n)?  y

  • After enabling VSF on the switch the switches might either not boot back up and be stuck in "initializing" state or all it's version 3 modules would show a persistent "Booting" state rendering the switches useless since now you can't connect any device to it. 

  • An example

  • Slot  Module Description                            Serial Number                  Status   Dump  Ver
      ----- -------------------------------------- -------------- -------- ----- ---
      1/A   HP J9993A 8p 1G/10GbE SFP+ v3 zl2 Mod  SG94GPK0MP     Booting  YES   3  
                                                                           
      1/B   HP J9993A 8p 1G/10GbE SFP+ v3 zl2 Mod  SG94GPK0FK     Booting  YES   3  
    *some output omitted

  • So in order to get the switches back , if the switch is stuck in a "initializing" state, boot the switch, keep pressing 0 to enter into the boot rom menu and the recover the switch using "erase-all" which would bring the switch to factory settings

  • If the modules are stuck in "booting" state, either remove VSF configuration from the switch or configure the switch to be in "secure-mode standard" 

  • Take away, secure-mode enhanced and VSF on Aruba 5406R/5412R zl2 are mutually exclusive.

Version history
Revision #:
1 of 1
Last update:
‎03-31-2020 08:53 AM
Updated by:
 
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: