Duration
5 Days
30 CPD hours
This course is intended for
Typical candidates for this course are IT Professionals who will deploy and manage networks based on HPE's ArubaOS-CX switches.
Overview
After you successfully complete this course, expect to be able to:
Use NetEdit to manage switch configurations
Use the Network Analytics Engine (NAE) to implement scripting solutions to provide for proactive network management and monitoring
Compare and contrast VSX, VSF, and backplane stacking
Explain how VSX handles a split-brain scenario
Implement and manage a VSX fabric
Define ACLs and identify the criteria by which ACLs select traffic
Configure ACLs on AOS-CX switches to select given traffic
Apply static ACLs to interfaces to meet the needs of a particular scenario
Examine an ACL configuration and determine the action taken on specific packets
Deploy AOS-Switches in single-area and multi-area OSPF systems
Use area definitions and summaries to create efficient and scalable multiple area designs
Advertise routes to external networks in a variety of OSPF environments
Promote fast, effective convergence during a variety of failover situations
Use virtual links as required to establish non-direct connections to the backbone
Implement OSFP authentication
Establish and monitor BGP sessions between your routers and ISP routers
Advertise an IP block to multiple ISP routers
Configure a BGP router to advertise a default route in OSPF
Use Internet Group Management Protocol (IGMP) to optimize forwarding of multicast traffic within VLANs
Describe the differences between IGMP and IGMP snooping
Distinguish between PIM-DM and PIM-SM
Implement PIM-DM and PIM-SM to route multicast traffic
Implement Virtual Routing Forwarding (VRF) policies to contain and segregate routing information
Create route maps to control routing policies
Understand the use of user roles to control user access on AOS-CX switches
Implement local user roles on AOS-CX switches and downloadable user roles using a ClearPass solution
Implement 802.1X on AOS-CX switch ports
Integrate AOS-CX switches with an Aruba ClearPass solution, which might apply dynamic role settings
Implement RADIUS-based MAC Authentication (MAC-Auth) on AOS-CX switch ports
Configure captive portal authentication on AOS-CX switches to integrate them with an Aruba ClearPass solution
Combine multiple forms of authentication on a switch port that supports one or more simultaneous users
Configure dynamic segmentation on AOS-CX switches
This course teaches you the advanced skills necessary to implement and operate enterprise level Aruba campus switching solutions. You will build on the skills you learned at the Associate level to configure and manage modern, open standards-based networking solutions using Aruba's OS-CX routing and switching technologies. In this course, participants learn about ArubaOS-CX switch technologies including: securing port access with Aruba's dynamic segmentation, redundancy technologies such as Multiple Spanning Tree Protocol (MSTP), link aggregation techniques including Link Aggregation Protocol (LACP) and switch virtualization with Aruba?s Virtual Switching Extension (VSX) and Aruba's Virtual Switching Framework (VSF). This course is approximately 50% lecture and 50% hands-on lab exercises.
Introduction to Aruba Switching
Switches overview
Architectures
NetEdit
Overview
Centralized configuration
Switch groups/templates
AOS-CX mobile App
Network Analytics Engine (NAE)
Overview
Configuration
Core NAE feature lab
sflow, local mirror, remote mirror
VSX
VSF vs. VSX: access and Agg/core design
Stacking review
VSF and uni/multi packet forwarding
Stack fragments / split brain
VSX Overview: roles, control, data, management planes
VSX components (ISL, Keepalive, VSX LAG, Active Gateway, Active-Forwarding, Link Delay)
Split Brain scenario
Upstream Connectively Options (ROP single VRF, SVIs with multiple VRF, VSX Lag SVIs with multiple VRFs)
Upstream/Downstream unicast traffic flow (South-North and North-South)
VSX Configuration: VSX and Active Gateway
VSX firmware updates
ACLs
Overview: types, components
MAC ACL, Standard ACL, Extended ACL,
Classifier-based Policies
Configuration: wildcard bits, logging, pacl, vacl, racl
Advanced OSPF
Review basic OSPF
Multi area: setup and aggregation
Area-Types Stub, Totally Stub, NSSA, Totally NSSA
External routes
OSPF tuning: costs, bfd, gr, auth, vrrp, virt link
BGP
Overview: i/e bgp, as numbers
Best path selection
Configuration: route announcement
Route filtering to prevent transit as
IGMP
Overview
Querier
Snooping
Unknown multicasts
Multicast Routing: PIM
Overview
PIM DM
802.1X Authentication
Overview: roles, requirements, coa, accounting
Dynamic port configuration: avp, acl, qos, VLAN
Port-based vs. user-based: examples
Radius service tracking, critical VLAN
MAC Authentication
Overview: Use cases
Radius-based MAC Auth
Dynamic Segmentation
Leverage dynamic segmentation features
Configure tunneled-node on AOS-CX switches
Describe when and how to configure PAPI enhanced security, high availability, and fallback switching for tunneled-node
Quality of Service
Overview
VoQ (Virtual Output Queue)
QOS: queueing, QOS marks, dot1p, dscp
Trust levels
QOS configuration: port, VLAN, policies
Interaction with user roles
Queue configuration
Rate limiters
LLDP-MED
Additional Routing Technologies
VRF - Management VRF
PBR
MDNS
PIM SM
Capitve Portal Authentication
Overview of guest solutions
Built-in web auth
ClearPass redirect with CPPM