Wired Intelligent Edge

Hi, 

I have two ARUBA 8320 connected with VSX technology as L2 and Checkpoint FW as L3 above them.

When I try pinging to a server connected to 8320 from the 8320 SW I have reachability but from the FW I do not have.

In my last case, the engineer sends me two commands useful from the shell:

ovs-appctl -t hpe-vsxd vsx_filter_dump

ovs-appctl -t ops-switchd  vsx/show_isl

but when I typing dose commands I get access denied

also "sh -" in shell mode with my admin password dosn׳t work

Dose anyone have such a problem or can help?

Thanks!!

Hello Itay and welcome!

I fear that starting a thread about Aruba 8320 VSX into the Airheads's Volunteer Corps - Support Request section could made it less visible than desired; it's better if you move (or ask the Airheads moderator to move) it into the proper Airheads's Wired Intelligent Edge (Campus Switching and Routing) section.

Said that, it looks like "the engineer" (he/she is from Aruba Support?) suggested you to execute two Shell commands (ovs-appctl) ...well...before going that deep (usually networking related issue can be diagnosed and solved without using the ServiceOS Shell but just using the ArubaOS-CX CLI) I suggest you to explain what is your actual Aruba VSX running configuration (do sanitize it by properly obfuscating sensitive information) providing as much information as you can (software version, network topology, interface information) and explain here how you configured your Checkpoint Firewall (acting as the router for your network) and how you connected it to the VSX (acting just as a Layer 2, as you worte) showing relevant VLAN/Interfaces configurations.

Doing so it's highly probable other Airheads community members can give you valuable help.

Hi Parnassus,

Thank you for your response.

There is a Topology diagram attached to the post.

#VSX-Configurations Core-SW1#
vsx

system-mac 00:00:00:01:83:20
inter-switch-link lag 1
inter-switch-link hello-interval 3
inter-switch-link dead-interval 10
inter-switch-link hold-time 2

role primary

keepalive peer 1.1.1.2 source 1.1.1.1 vrf VSX-KEEPALIVE

keepalive dead-interval 10
keepalive hello-interval 3

interface lag 1
description ISL-SW-CORE-2
no shutdown
no routing
vlan trunk native 1 tag
vlan trunk allowed all
lacp mode active
lacp rate fast

interface 1/1/54

no shutdown

lag 1

interface 1/1/53

no shutdown

lag 1

interface lag 10 multi-chassis
description Core-FW-1
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed all
lacp mode active
lacp rate fast

interface 1/1/1

no shutdown

lag 10

interface lag 20 multi-chassis
description Core-FW-2
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed all
lacp mode active
lacp rate fast

interface 1/1/2

no shutdown

lag 20

interface lag 101 multi-chassis
description SW-TOR-1-2
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed all
lacp mode active
lacp rate fast

interface 1/1/47

no shutdown

lag 101

interface 1/1/48

no shutdown

lag 101

#VSX-Configurations Core-SW2#

vsx

system-mac 00:00:00:01:83:20
inter-switch-link lag 1
inter-switch-link hello-interval 3
inter-switch-link dead-interval 10
inter-switch-link hold-time 2

role secondary

keepalive peer 1.1.1.1 source 1.1.1.2 vrf VSX-KEEPALIVE

keepalive dead-interval 10
keepalive hello-interval 3

interface lag 1
description ISL-SW-CORE-1
no shutdown
no routing
vlan trunk native 1 tag
vlan trunk allowed all
lacp mode active
lacp rate fast

interface 1/1/54

no shutdown

lag 1

interface 1/1/53

no shutdown

lag 1

interface lag 10 multi-chassis
description Core-FW-1
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed all
lacp mode active
lacp rate fast

interface 1/1/1

no shutdown

lag 10

interface lag 20 multi-chassis
description Core-FW-2
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed all
lacp mode active
lacp rate fast

interface 1/1/2

no shutdown

lag 20

interface lag 101 multi-chassis
description SW-TOR-1-2
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed all
lacp mode active
lacp rate fast

interface 1/1/47

no shutdown

lag 101

interface 1/1/48

no shutdown

lag 101

#VSX-Configurations Core-TOR1#

vsx

inter-switch-link lag 1
inter-switch-link hello-interval 3
inter-switch-link dead-interval 10
inter-switch-link hold-time 2

role primary

keepalive peer 1.1.1.2 source 1.1.1.1 vrf VSX-KEEPALIVE

keepalive dead-interval 10
keepalive hello-interval 3

interface lag 1
description ISL-SW-TOR-2
no shutdown
no routing
vlan trunk native 1 tag
vlan trunk allowed all
lacp mode active
lacp rate fast

interface 1/1/54

no shutdown

lag 1

interface 1/1/53

no shutdown

lag 1

interface lag 101 multi-chassis
description SW-Core
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed all
lacp mode active
lacp rate fast

interface 1/1/1

no shutdown

lag 101

interface 1/1/2

no shutdown

lag 101

interface lag 11 multi-chassis
description A220\C1
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed all
lacp mode active
lacp rate fast

interface 1/1/3

no shutdown

lag 11

#VSX-Configurations Core-TOR2#

vsx

inter-switch-link lag 1
inter-switch-link hello-interval 3
inter-switch-link dead-interval 10
inter-switch-link hold-time 2

role secondary

keepalive peer 1.1.1.1 source 1.1.1.2 vrf VSX-KEEPALIVE

keepalive dead-interval 10
keepalive hello-interval 3

interface lag 1
description ISL-SW-TOR-2
no shutdown
no routing
vlan trunk native 1 tag
vlan trunk allowed all
lacp mode active
lacp rate fast

interface 1/1/54

no shutdown

lag 1

interface 1/1/53

no shutdown

lag 1

interface lag 101 multi-chassis
description SW-Core
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed all
lacp mode active
lacp rate fast

interface 1/1/1

no shutdown

lag 101

interface 1/1/2

no shutdown

lag 101

interface lag 11 multi-chassis
description A220\C1
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed all
lacp mode active
lacp rate fast

interface 1/1/3

no shutdown

lag 11

I have another area in the network that was with the same issue and connected with the same design and products (Aruba 8320&Checkpoint FWs) when "the engineer" came to our office and troubleshoot exactly the same behavior as this issue.

When he got into shell mode and execute a few VSX shell commands and reboot the switch the VSX starting to work and we can ping from the FW (GW) to the servers. after that, he shows us the "show commands" from shell to see the VSX function and working.

the configuration in the regular CLI copied from the working area to the second area that not working properly.

I  looking, someone that can guide me who to see in shell mode the VSX status and if the VSX status not good who to fix it from shell mode because I tried anything and nothing works

Thanks!

Attachment(s)

VSX-Topology.pptx   39 KB 1 version

That's strange, I recall your posts were already answered here. Is this a duplicate (was this thread moved from another section?).