Professional Documents
Culture Documents
An Introduction to
Aruba Networking
Solutions
Remote Labs
TRAINING MANUAL
EDU-$&17-RLABS-v22.11
Get the Edge:
An Introduction
to Aruba
Networking
Solutions
Rev 22.11
Lab Guide
JANUARY 2022
Get the Edge: An Introduction to Aruba Networking Solutions
Copyright
© 2022 Aruba Networks, Inc. AirWave®, Aruba Networks®, Aruba Mobility
Management System®, Bluescanner, For Wireless That Works®, Mobile Edge
Architecture, People Move. Networks Must Follow., RFProtect, The All Wireless
Workplace Is Now Open For Business, and The Mobile Edge Company® are
trademarks of Aruba Networks, Inc. All rights reserved. All other trademarks are the
property of their respective owners.
Open Source Code
Certain Aruba products include Open Source software code developed by third
parties, including software code subject to the GNU General Public License ("GPL"),
GNU Lesser General Public License ("LGPL"), or other Open Source Licenses. The
Open Source code used can be found at this site:
http://www.arubanetworks.com/open_source
Legal Notice
The use of Aruba Networks, Inc. switching platforms and software, by all individuals
or corporations, to terminate other vendors' VPN client devices constitutes complete
acceptance of liability by that individual or corporation for this action and
indemnifies, in full, Aruba Networks, Inc. from any and all legal actions that might
be taken against it with respect to infringement of copyright on behalf of those
vendors.
Warranty
This hardware product is protected by the standard Aruba warranty of one year
parts/labor. For more information, refer to the ARUBACARE SERVICE AND SUPPORT
TERMS AND CONDITIONS.
Altering this device (such as painting it) voids the warranty.
SKU: EDU-ACNT-RLABS-22.11
JANUARY 2022
Get the Edge: An
Introduction to Aruba
Networking Solutions
Feb 2022 rev.22.11 # | © Copyright 2022 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
Get the Edge: An
Introduction to Aruba
Networking Solutions
Feb 2022 rev.22.11 # | © Copyright 2022 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 0
Overview
The Aruba Training Lab provides you with the equipment you need for completing several lab
activities. You should know the purpose and access procedures to this equipment.
• PC-1: This client is used for traffic analysis & connectivity testing.
• PC-2: This client is only used as a connectivity testing target. You won’t access it.
• Windows Server: This is a DHCP, Web and TFTP server, you will also use it for
connectivity testing.
• AOS 10 AP: This Access Point will be used for deploying a WLAN via Aruba Central
• vCX-1 switch: This will be one of the virtual switches you will configure, it provides
connectivity to PC-1, PC-2 and the AP.
• vCX-2 switch: This will be one of the virtual switches you will configure, it provides
connectivity to the Windows Server.
Objectives
After completing this lab, you will have all the information needed to support the hands-on labs in
this course.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
1
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 0
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
2
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 0
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
3
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 0
1. To connect to the console of the vCX-1 switch, right-click on the icon in the lab diagram
and select “Open Console.”
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
4
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 0
6. To access the desktop PC-1, just Right-click on the icon in the lab diagram and select
“Open Desktop.”
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
5
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 0
NOTE: It may take a few minutes for the PC-1 desktop to come up. Also, if your
Aruba Training Lab has been idle for a while after you login, you may need to
log out of the lab interface and log back in and then launch the desktop again.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
6
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 0
Aruba Central
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
7
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 0
Note. The Central username uses email format, and this lab environment uses
arubatraininglabs.net as domain.
4. Click Continue.
5. You will gain access to the Single Sign On (SSO) authentication web page.
6. Re-enter the same email as username and enter the password assigned to you.
Note. Be patient, the first time you login into Central it could take up to 30 seconds.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
8
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 1
Overview
Welcome to the training course. This lab manual will be your companion in your networking
education journey. It contains different activities such as configuration, debugging and verification,
troubleshooting, topology discovery, subnetting, traffic analysis, demonstrations and more, with
the main goal of sharing with you the knowledge and required skills for deploying a small sized
single site campus network using AOS-CX switching platforms.
This training assumes no previous networking knowledge and is intended to teach solid
fundamental concepts. Some tasks will cover details in depth, from the ground up.
The current lab covers practicing binary and hexadecimal conversions. You need to understand
this binary and hexadecimal conversions so you can understand how to configure, diagnose, and
troubleshoot your network.
Objectives
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
9
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 1
a. 11001110
b. 10101001
c. 111000
d. 10001
e. 11111100
Steps
1. Fill out Table 1-1 with the “Power of two” information shown in Module 1 – Numerical
Systems.
2. Use table 1-1 for completing your conversions.
TIP: In your time off, practice writing the table down. The more times you do it
the easier it is for you to remember it. This is a good shortcut for decimal to
binary conversion whenever a calculator isn’t close.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
10
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 1
Decimal
Exercise a
Binary
Decimal
Exercise b
Binary
Decimal
Exercise c
Binary
Decimal
Exercise d
Binary
Decimal
Exercise e
Binary
Decimal
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
11
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 1
Convert the following decimal values into binary using the power of two method.
a. 124
b. 147
c. 26
d. 235
Steps
1. Fill out Table 1-2 with the “power of two” information shown in Module 1 – Numerical
Systems.
2. Use table 1-2 for completing your conversions.
Decimal
Exercise a
Binary
Exercise b
Binary
Exercise c
Binary
Exercise d
Binary
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
12
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 1
a. 01110110
b. 01101101
c. 11001010
d. 0111000
Steps
1. Fill out Table 1-3 with the “Decimal to Hexadecimal” information shown in Module 1 –
Numerical Systems.
Use table 1-3 for completing your conversions.
Binary Hexadecimal
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
13
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 1
a. Convert 01110110
b. Convert 01101101
c. Convert 11001010
d. Convert 0111000
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
14
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 1
a. 0xFB
b. 0xC390
c. 0x8F4E
d. 0xCD
Steps
a. Convert 0xFB
b. Convert 0xC390
c. Convert 0x8F4E
d. Convert 0xCD
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
15
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 1
Exercise a
Binary 1 1 0 0 1 1 1 0
Decimal 128 64 0 0 8 4 2 1
128+64+8+4+2 = 206
Exercise b
Binary 1 0 1 0 1 0 0 1
Decimal 128 0 32 0 8 0 2 1
128 + 32 + 8 + 1 = 169
Exercise c
Binary 0 0 1 1 1 0 0 0
Decimal 0 0 32 16 8 0 0 0
32 + 16 + 8 = 56
Exercise d
Binary 0 0 0 1 0 0 0 1
Decimal 0 0 0 16 0 0 0 1
16 + 1 = 17
Exercise e
Binary 1 1 1 1 1 1 0 0
Decimal 128 64 32 16 8 4 2 0
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
16
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 1
Exercise a
Binary 0 1 1 1 1 1 0 0
Exercise b
Binary 1 0 0 1 0 0 1 1
Exercise c
Binary 0 0 0 1 1 0 1 0
Exercise d
Binary 1 1 1 0 1 0 1 1
Exercise a
01110110 = 0x76
Exercise b
01101101 = 0x6D
Exercise c
11001010 = 0xCA
Exercise d
0111000 = 0x38
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
17
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 1
Exercise a
0xFB = 1111 1011
Exercise b
Exercise c
Exercise d
0xCD = 1100 1101
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
18
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 2
In the current lab you will explore Ethernet, IP, TCP and UDP packet headers and be familiar with
their contents and characteristics such as length, fields, and flags.
Learning how to perform packet analysis and understanding the contents of the headers is a great
troubleshooting tool that you can use for determining what the problem is when communications
are not occurring as expected. It can be used to validate if the packets are created and transmitted,
if the connections are established, if the destination is responding, or even to conclude if there is
a problem on any of the layers of the OSI model.
Objectives
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
19
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 2
A key step for learning data forwarding and networking protocols is being able to look at packets
and identify their OSI model headers, and the headers’ contents.
In this task you will explore Ethernet, IP, UDP and TCP headers.
Steps
PC-1
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
20
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 2
such as Microsoft Windows, MacOS and many Linux distributions. For more
information, please go to:
www.wireshark.org
https://wikipedia.org/wiki/Wireshark
3. Expand the “View” menu and uncheck the “Packet Bytes” option.
4. Double click the Lab NIC entry. That will begin the packet capture in that interface.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
21
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 2
6. On filter toolbar type “ip.addr == 10.254.1.22” with no quotes and hit [Enter]. That will
instruct Wireshark to only display packets to and from that server.
7. Open a browser and type “10.254.1.22” IP address in the URL field and hit [Enter]. A page
will pop up.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
22
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 2
8. Move back to Wireshark. You should see a long list of entries that represent every single
Data Unit exchanged with the server in order to download the page.
9. Click on the stop capture button, but do not close the Wireshark window.
TIP: You can use the magnifying glass to increase the size of the packets.
You will first see three packets listed as “SYN”, “SYN, ACK” and “ACK” under the Info column.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
23
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 2
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
11. Select the entry that lists “GET / HTTP/1.1” in the Info column. Five entries will appear in
the “Packet Details” section including Frame details and Data Link, Network, Transport and
Application headers.
What protocols are listed in “Frame details” section and what OSI model layers do they
belong to?
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
24
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 2
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
TIP: You can see the header length at the very bottom of the window.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
25
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 2
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
ANSWER: TTL is an 8-bit field with an initial value when the packet is created,
every time the packet crosses a layer 3 boundary then TTL is decreased by 1,
when it reaches 0 the packet gets discarded.
________________________________________________________________________
What does the IP protocol number represent and what is its main purpose of this field?
________________________________________________________________________
________________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
26
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 2
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
27
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 2
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
Please do some research and find out what the following flags are for?
Acknowledgement: _________________________________________________________
________________________________________________________________________
________________________________________________________________________
Reset: ___________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
28
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 2
________________________________________________________________________
________________________________________________________________________
Syn: _____________________________________________________________________
________________________________________________________________________
________________________________________________________________________
Fin: _____________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
ANSWER: The window size field is the number of bytes the sender will buffer
for the response. During 3-way handshake both sender and receiver will say
how large their receive window is.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
29
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 2
After requesting the web page, there will be a lot of packets coming from the server.
These are acknowledged by the client and displayed as the black with red entries
(image below), they contain the web page itself. Once the page is fully loaded in the
browser there is a FIN segment coming from the client signaling the end of the session.
It is followed by similar one from the server, and finally a last ACK is sent by the client.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
30
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 2
Now you will look into a UDP header and compare it with the TCP one.
Steps
PC-1
1. Click the restart button then click “Continue without Saving” button, or, if you stopped your
packet capture in the previous task, simply click “Start Capturing Packets”. This will clean
up the packet capture.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
31
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 2
9. Back in TFTP Client click the Go button. The software will begin a TFTP connection and
download the file.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
32
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 2
10. Move to Wireshark. You will see a new capture with all packets involved in the transfer.
________________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
33
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 2
________________________________________________________________________
What is the first impression when comparing with the TCP header (Task 1 step 13)?
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
13. Click and expand the “Trivial File Transfer Protocol” entry.
NOTE: This is the TFTP application header, just by looking in its contents you
can tell this is the IANS.txt file request sent by the client.
14. Click the last packet (Acknowledgement). It will automatically show the TFTP header
contents
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
34
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 2
________________________________________________________________________
IMPORTANT: Due the lack of acknowledgement at the transport level, some UDP
based applications do support the feature at Layer 7 level, this is the case of TFTP.
Also notice how, unlike TCP, the transmission suddenly stops without any FIN signaling
at the transport layer. This is because at the application layer level the TFTP server told
the client how many bytes the file has, once those bytes were sent and acknowledged
(again at Layer 7), then both parties assume the session is over.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
35
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 3
BrilliantAcademy is a college that just started operations a few months ago. The faculty members
have determined the need to install a Local Area Network for supporting teachers, students, and
computer lab equipment. In most cases Windows PCs and smart devices will require wired and
wireless access to file sharing, web servers, and the Internet. Because of this, you have been
contacted to provide network consulting services, as well as take care of configuring and managing
the switching and WLAN equipment that has been recently purchased.
This lab is intended to introduce the ArubaOS-CX Code and Command Line Interface. You will
explore the different contexts and use the context sensitive help to discover what commands you
have available on each. You will also run initial configuration commands that will prepare the switch
for a deployment in an Enterprise Network. You will also explore show commands that provide
valuable diagnostic information.
Objectives
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
36
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 3
Objectives
In this task, you will delete the initial configuration (startup-config checkpoint) and reboot your
switch. Then you will explore and become more familiar with the AOS-CX switch CLI. Do not be
afraid to try out different commands on the CLI, you will learn by experimenting!
Steps
vCX-1
1. Open a console connection to the vCX-1. Login using admin and no password. You will
be taken directly to Manager Context
2. Erase the startup-config checkpoint.
3. Reboot the switch. You will be asked to save the configuration and confirm to reboot the
unit. Answer n and y respectively.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
37
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 3
4. After the switch completes booting, login using admin and no password.
5. Hit the [?] key to show the available commands that you can execute in the current
command context.
switch# ?
aruba-central Configure Aruba-Central
auto-confirm Disables user confirmation, and executes the operation without
prompting
boot Reboot all or part of the system; configure default boot
parameters
checkpoint Checkpoint information
clear Reset functions
configure Configuration from vty interface
copy Copy data or files to/from the switch
debug Configure debug logging
diagnostics Change diagnostic commands availability
disable Turn off privileged mode command
end End current mode and change to enable mode
erase Erase device information or files
exit Exit current mode and change to previous mode
https-server HTTPS Server management
list Print command list
mtrace Multicast traceroute for tracing multicast routing path
from a receiver to a source
no Negate a command or set its defaults
page Enable page break
ping Send IPv4 ping requests to a device on the network
ping6 Send IPv6 ping requests to a device on the network
port-access Port based network access.
repeat Repeat a list of commands from history
show Show running system information
ssh Configure SSH.
start-shell Start Bash shell
top Top command
traceroute Trace the IPv4 route to a device on the network
traceroute6 Trace the IPv6 route to a device on the network
usb Commands to control the USB Port
vsx VSX execution command
vsx-configmate VSX configuration validation utility
write Write running configuration to memory, network, or terminal
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
38
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 3
TIP: Page through the commands available at this level. Some important
commands available at this level include.
6. List the parameters available for the show command. By typing “show” followed by [?].
switch# show ?
aaa Authentication, Authorization and Accounting.
access-list Access control list (ACL)
accounting Show local accounting information
active-gateway Show active gateway settings
alias Short names configured for a set of commands
allow-unsafe-updates Show allowed non-failsafe updates
arp Show IPv4 addresses from neighbor table
aruba-central Configure Aruba-Central
banner Show one of the configured system banners
bfd BFD information
bgp BGP specific commands
bluetooth Display information about Bluetooth wireless management
boot-history Display boot history details
capacities Show system capacities and its values.
capacities-status Show system capacities status and its values.
cdp Show various CDP settings
checkpoint Checkpoint information
---- output omitted ---
7. Scroll through.
8. Delete the “show” command and type “disable”.
switch# disable
switch>
________________________________________________________________________
ANSWER: This turns privileged mode off, which means only basic commands with no
control upon the device will be available.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
39
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 3
9. Hit the [?] key to show the available commands that you can execute in this non-Privileged
command context.
switch> ?
clear Reset functions
enable Turn on privileged mode command
exit Exit current mode and change to previous mode
list Print command list
mtrace Multicast traceroute for tracing multicast routing path from a
receiver to a source
no Negate a command or set its defaults
page Enable page break
ping Send IPv4 Ping requests to a device on the network
ping6 Send IPv6 Ping requests to a device on the network
repeat Repeat a list of commands from history
show Show running system information
top Top command
10. Type “enable” and hit enter, this will turn privileged mode back again.
switch> enable
switch#
11. Type “co” then hit the [tab] key twice to list commands that start with “co”:
switch# co[tab][tab]
________________________________________________________________________
switch# configure
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
40
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 3
________________________________________________________________________
TIP: You can execute any command as soon as you have entered an
unambiguous character string. For instance, conf [Enter] will have the same
effect as configure [Enter].
13. Hit [Enter] key. This takes you to global configuration mode, where you can start making
changes that take immediate effect upon the device’s configuration.
switch# configure
switch(config)#
14. Hit [?] key to show the available commands that you can execute in the global config mode.
switch(config)# ?
aaa Configure Authentication, Authorization and Accounting
feature
access-list Access control list (ACL)
alias Create a short name for the specified command(s).
apply Apply a configuration record
aruba-central Configure Aruba-Central
banner Customize login banner
bfd Enable Bidirectional Forwarding Detection (BFD)
bluetooth Configure Bluetooth wireless management
cdp Configure CDP operating mode
checkpoint Configure checkpoint related feature
class Configure classifier class
cli-session Configure CLI session management
---- output omitted ---
NOTE: You can notice how commands available here are different than in
previous CLI modes due the configuration nature of them.
15. Type “interface 1/1/1” then hit [enter]. You will be moved to the interface sub configuration
mode.
16. Hit [?] key. Again, you will see a different list of available commands for this sub context.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
41
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 3
switch(config-if)# ?
aaa Configure Authentication, Authorization and Accounting feature.
apply Apply a configuration record
arp Configure ARP commands
bfd Set BFD configuration
cdp Configure CDP operating mode
description Add an interface description
dhcpv4-snooping Configure DHCPv4-Snooping
dhcpv6-snooping Configure DHCPv6-Snooping
end End current mode and change to enable mode
exit Exit current mode and change to previous mode
---- output omitted ---
switch(config-if)# end
switch#
________________________________________________________________________
________________________________________________________________________
Next, you will enter a command that is invalid, and then fix issues with it by using the command-recall
feature.
TIP: Repeating commands can be a useful way to enter similar commands more
quickly, as well as to correct mistakes in commands.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
42
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 3
24. Recall the wrong command by pressing the [Up] arrow key.
25. Add “system” to the show command followed by “?”.
________________________________________________________________________
NOTE: Notice the <cr> at the end, this means that you can execute the
command without supplying any further parameters.
26. Try “show system” command. This command will also show current hostname, description
SNMP contact and location, serial number, base MAC address, up time, etc.
Vendor : Aruba
Product Name : ABC123 ArubaOS-CX_OVA
Chassis Serial Nbr : OVA29D09A
Base MAC Address : 080009-29d09a
ArubaOS-CX Version : Virtual.10.07.0010
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
43
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 3
Up Time : 23 minutes
CPU Util (%) : 5
Memory Usage (%) : 30
switch#
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
IMPORTANT: This training lab was developed using virtual CX switches, hence
the product name output reads “ABC123 ArubaOS-CX_OVA”, making reference
that this VM was deployed using an Aruba supplied OVA. Real switches will
normally display the SKU followed by the prodcuct name. E.g “JL668A 6300F
24G 4SFP56 Sw”
switch# list
show hostname
show domain-name
list
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
44
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 3
configure { terminal }
disable
exit
end
page
page <2-1000>
no page
show running-config vsx-sync {vsx-peer}
show running-config vsx-sync peer-diff {vsx-peer}
show running-config {all |vsx-peer}
show session-timeout {vsx-peer}
start-shell
auto-confirm
no auto-confirm
diagnostics
no diagnostics
show history {timestamp}
repeat { id <A:1-500>|count <1-1000>|delay <1-1000> }
show vrf {vsx-peer}
show vrf VRF {vsx-peer}
-- MORE --, next page: Space, next line: Enter, quit: q
IMPORTANT: “list” command shows the right syntax for all commands available
at the current context along with their variants and extensions. This can be
helpful for discovering new commands and previewing their different forms.
Service OS Version :
BIOS Version :
switch#
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
45
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 3
________________________________________________________________________
30. Execute the “show capacities” command (be prepared for a long output).
System Capacities:
Capacities Name Value
---------------------------------------------------------------------------------
---- output omitted ---
Maximum number of route map entries in a single route-map 16
Maximum number of route-maps 64
Maximum number of SVIs supported in the system 4094
Maximum number of UBT zones per VRF 1
Maximum number of UBT zones 8
Maximum number of active UDLD interface 42
Maximum number of routes (IPv4+IPv6) on the system 16000
Maximum number of IPv4 routes on the system 12000
Maximum number of IPv6 routes on the system 4000
Maximum number of VLANs supported in the system 4094
Maximum number of unique IPv4 VRRP VRIDs configurable between 1 to 255 8
Maximum number of unique IPv6 VRRP VRIDs configurable between 1 to 255 8
Maximum number of VRRP IPv4 addresses supported 1024
Maximum number of VRRP IPv4 addresses supported per virtual router 16
Maximum number of VRRP IPv4 virtual routers supported per port 8
---- output omitted ---
What is the maximum amount of IP routes (IPv4 and IPv6 combined) supported in the system?
________________________________________________________________________
________________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
46
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 3
IMPORTANT: Output displays among many things, the interface state, interface
type, current speed, and duplex settings, MTU configured, if a L2 port then VLAN
mode: access or trunk, and interface counters.
________________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
47
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 3
In this task, you will explore the AOS-CX configuration script and make minor customization
changes like setting a hostname, setting interface descriptions, and disabling unused ports. Also,
you will ask the system to display the event log contents.
Steps
vCX-1
1. Open a console connection to the vCX-1. Login using admin and no password.
2. Issue the “show running-config” command to display the current configuration of the
system.
NOTE: You will notice that most portions of the configuration are shown by listing
the switch ports and their settings. The code version and actual admin account
are listed first.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
48
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 3
!
!
!
ssh server vrf mgmt
vlan 1
interface mgmt
no shutdown
ip dhcp
!
!
!
!
!
https-server vrf mgmt
switch#
NOTE: You will notice that the whole output fits within the screen. This is
because in the case of 8000 series and Virtual switches, the command’s output
will only include VLAN 1, mgmt. port, ssh and https services when the switch is
in factory defaults. Once you start changing port settings and other parameters
then they will be included in the show running-configuration command’s output.
In the case of 6000 series switches, the command will display the port’s
configurations even if the device is in factory defaults.
Switch-1
4. Apply the console session timeout to 1 day (1440 minutes) to prevent a logout during the
lab activities.
TIP: An alternative method you can use is the next configuration script:
Switch-1(config)# cli-session
Switch-1(config-cli-session)# timeout 1440
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
49
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 3
Switch-1(config-cli-session)# exit
5. Use “show interface brief” for displaying a table of ports and their more relevant settings.
________________________________________________________________________
________________________________________________________________________
NOTE: 8000 series and Virtual switches have L3 routed ports by default, unlike 6000
series switches that come with L2 switchports (VLAN and Spanning Tree capable), be
aware that the port Mode can be changed on all ArubaOS-CX switches.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
50
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 3
Switch-1(config-if)# no routing
Switch-1(config-if)# exit
________________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
51
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 3
What link stats messages can you see at top related to 1/1/1
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
ANSWER: You should see notifications informing you that port 1/1/1 is coming UP and
is being deleted from router discovery because you are making it a Layer 2 port. Also,
since AOS-CX switches periodically attempt to contact the Aruba Activate Cloud service
and the switch has no internet connectivity the device complains that the service is
unreachable.
10. Define interface descriptions for port 1/1/1. Do not leave the interface yet.
11. Inside of interface 1/1/1 type the “show running-config current-context” command.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
52
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 3
Switch-1(config-if)# end
IMPORTANT: This command is a shortcut for displaying only the commands available
at the context/subcontext level. Get used to it, since it is of great use when configuring
and editing ports, protocols, access control lists, etcetera.
12. Run the “show interface 1/1/1” command followed by “| include Description”.
NOTE: The information will be filtered out, listing the lines that include the
“Description” string only, hence it is removing any other line part of that
command’s regular output.
NOTICE: The pipe (|) command filters the output of show commands according
to the criteria specified by the parameter include, exclude, count, begin, or
redirect.
Strings of characters that follow the filtering tool (e.g. “Description” in command
above) are case sensitive. Typing the wrong capitalization may lead to the
absence of output.
13. Try the same command but use “| begin 4 Interface” instead.
NOTE: The information will be filtered out, listing only the lines that include the
“Interface” string along with the 4 subsequent lines.
________________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
53
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 3
________________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
54
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 3
Objectives
You have made some configuration changes in vCX-1, now is a good time to keep those changes
stored in the system and protect them from any power cycle events. Next you will explore
checkpoints, see how they are created, and make your own to save your progress.
Steps
Switch-1
________________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
55
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 3
________________________________________________________________________
IMPORTANT: AOS-CX systems are 100% database driven. This means that
configuration scripts you save are stored in a local database instead of a regular
configuration file. The database is periodically tracked and whenever the changes are
made, they will be automatically stored after a 5-minute idle period. Any new
configuration change, followed by a 5-minute idle period, will create a new checkpoint
that can later be used to back up or restore the running configuration state of the
system.
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
IMPORTANT:
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
56
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 3
The “show checkpoint” command shows the list of checkpoints along with more detailed
data about them, like checkpoint type, user who created it, date and time it was created
and OS release that was running when they were created. Keeping track of when
checkpoints are created is important during regular maintenance tasks. This is the
reason configuring all switches with Network Time Protocol server is important.
Since IP connectivity is not enabled yet, you will continue working without setting up an
NTP server and trust the system clock for now. NTP configuration will be covered in a
later Module.
18. Create a checkpoint called Lab3 using the running-configuration as the source.
________________________________________________________________________
20. Now make a checkpoint called Lab3_final using the running-config as the source.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
57
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 3
________________________________________________________________________
NOTE: AOS-CX cannot have two different configuration snapshots with identical
contents in its database (that would not be resource efficient). If you want to rename a
checkpoint, then you will have to delete it first, then create a new one.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
58
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 3
Switch-1#
IMPORTANT:
Checkpoints can be restored by using the copy command and applying the
checkpoint’s contents into the running-configuration (or startup configuration
and invoking the “boot system” command), like in the example below.
Or
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
59
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
Overview
At this point the Switch-1 switch is up and running and ready for configuration. The next task in
your initial network deployment at BrilliantAcademy will be to place a wired user group (in this case
teachers) in a custom VLAN in order to enable inter-user communication. Next you will add a
second switch for adding more ports and increase scalability to the network. Finally, a redundant
inter-switch link will be enabled for making your network fault-tolerant, on which you will enable
both multiple VLAN support and Spanning Tree to avoiding Layer 2 loops.
Objectives
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
60
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
Objectives
In this task you will create the employee VLAN and configure Windows PCs with IP addresses of
the corresponding IP segment according to the network design. Then you will verify IP connectivity
between clients and explore the MAC address table.
Steps
Switch-1
2. Remember, in aOS-CX virtual switches, ports are routed by default. First we will need to
make interface 1/1/2 an L2 port and enable it.
3. Use the “show vlan” command to display current Virtual Local Area Networks configured
in the switch. You should only see VLAN 1 assigned to all ports. This is the default setting
for the switch.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
61
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
---------------------------------------------------------------------------------
VLAN Name Status Reason Type Interfaces
---------------------------------------------------------------------------------
1 DEFAULT_VLAN_1 up ok default 1/1/1-1/1/2
Switch-1(config)#
Switch-1(config)# vlan 2
Switch-1(config-vlan-2)# name TEACHERS
Switch-1(config-vlan-2)# exit
---------------------------------------------------------------------------------
VLAN Name Status Reason Type Interfaces
---------------------------------------------------------------------------------
1 DEFAULT_VLAN_1 up ok default 1/1/1-1/1/2
2 TEACHERS down no_member_port static
Switch-1(config)#
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
ANSWER: Since the VLAN has not been assigned to any enabled physical port,
the status is down. No MAC address learning process is happening in the switch
for that VLAN.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
62
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
---------------------------------------------------------------------------------
VLAN Name Status Reason Type Interfaces
---------------------------------------------------------------------------------
1 DEFAULT_VLAN_1 down no_member_forwarding default
2 TEACHERS up ok static 1/1/1-1/1/2
Switch-1(config)#
________________________________________________________________________
NOTE: Currently, only ports 1/1/1 and 1/1/2 are UP. When you replaced VLAN
1 with VLAN 2 on the ports, both VLANs will still appear, but VLAN 1 is no longer
associated with any port in the UP state. Therefore, VLAN 1’s status was
changed to down.
-------------------------------------------------------------------------------
VLAN Name Mode Mapping
-------------------------------------------------------------------------------
2 TEACHERS access port
Switch-1(config)#
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
63
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
________________________________________________________________________
9. Use the “show vlan summary” command. This command shows the VLAN count in the
system.
10. Issue the “show interface 1/1/1” command. You will be able to see VLAN ID and VLAN
Mode at the bottom of the command.
Switch-1(config)# show interface 1/1/1
Interface 1/1/1 is up
Admin state is up
Link state: up
Link transitions: 0
Description: TO_PC-1
Hardware: Ethernet, MAC Address: 08:00:09:29:d0:e3
MTU 1500
Full-duplex
qos trust none
Speed 1000 Mb/s
Auto-negotiation is off
Flow-control: off
Error-control: off
MDI mode: none
VLAN Mode: access
Access VLAN: 2
11. Finally, try the “show interface brief” command followed by a filtering option “| begin 5
Port”.
NOTE: The information will be filtered out, listing only the lines that include the
“Port” string along with the 5 subsequent lines.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
64
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
NOTE: The pipe (|) command filters the output of show commands according to
the criteria specified by the parameter include, exclude, count, begin, or redirect.
Strings of characters that follow the filtering tool (e.g. “Port” in the example
above) are case sensitive. Incorrect capitalization may lead to the absence of
output or other unexpected result.
What is the value under Native VLAN for ports 1/1/1 and 1/1/2 vs 1/1/3?
________________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
65
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
Objectives
In this second task, you will statically define IP addresses to PC-1 and PC-2, so they can achieve
intra VLAN layer 3 connectivity, and users on those machines can start collaborating to run their
company’s daily operations.
Steps
PC-1
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
66
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
4. In Control Panel, click “View network status and tasks” under Network and Internet.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
67
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
NOTICE: There is an interface called “Do NOT Touch!”, please repeat with me,
“do not touch!!!” If changes are made to that NIC (like modifying the IP address
or disabling the interface) the access to this virtual machine will be disrupted.
Only the lab support team will be able to recover the system and that process
may delay your lab progress.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
68
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
8. In Lab NIC Properties section, select “Internet Protocol Version 4 (TCP/IPv4), then click
“Properties” button.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
69
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
v
Figure 4-8: Lab NIC Properties
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
70
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
13. Click the top result (Command Prompt). A new window will pop up.
14. Type “ipconfig” and hit [Enter]. This command will display IPv4 settings of all NICs in the
system.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
71
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
15. Confirm the Ethernet adapter called Lab NIC has the IPv4 address you just configured.
16. Type “ipconfig -all” version of the command and hit [Enter]. This command displays
additional information like DNS servers IP addresses (if configured) and the NICs physical
MAC address.
________________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
72
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
NOTICE: PC-2 has already been preconfigured with 10.0.2.2, you will use that
address as a ping target to validate connectivity and the forwarding tables.
17. From PC-1, ping PC-2’s IP address (10.0.2.2). Ping should be successful.
18. Inspect PC-1’s ARP table by entering the command “arp -a -N 10.0.2.1” this is the windows
command to view the arp table for the network adapter with that IP address.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
73
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
________________________________________________________________________
Switch-1
________________________________________________________________________
20. Using the output information, write down the client’s MAC addresses in the bottom figure,
along with ports and VLAN IDs.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
74
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
Were these MAC addresses discovered on the ports that you expected?
________________________________________________________________________
TIP: There are multiple forms of the “show mac-address-table” command that
can be used for displaying only entries that match a certain criteria, such as an
address learned in a particular VLAN or port, or learned dynamically versus
configured statically in the MAC table, use the [?] key at the end of the command
for displaying the options.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
75
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
Objectives
Task 3 defines the initial settings for Switch-2. Then you will move to the Windows Server and
assign an IP address to its NIC.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
76
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
Steps
vCX-2
1. Open a console connection to the vCX-2. Login using admin and no password. You will
be taken directly to Manager Context
2. Erase the startup-config checkpoint.
3. Reboot the switch. You will be asked to save the configuration and confirm to reboot the
unit. Answer n and y respectively.
4. After the switch completes booting, login using admin and no password.
5. Move to configuration mode and change the switch’s hostname to Switch-2 and set session
timeout to 1440 minutes.
6. Access interface 1/1/1 and set a description (this interface connects to the Windows
Server).
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
77
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
Switch-2(config-if)# no shutdown
Switch-2(config-if)# no routing
Switch-2(config-if)# exit
Windows Server
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
78
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
10. Open the Command Prompt by clicking on the icon in the task bar
NOTE: When destination IP address is within the source’s IP segment and ping
test result is “Destination host unreachable” it means that the Layer 3 to Layer 2
address resolution using Address Resolution Protocol (ARP) has failed and the
ICMP echo message was not sent at all. However, if result is “timeout” then it
means that host was able to resolve destination’s MAC and ICMP packet was
sent, but there is no reply coming back.
________________________________________________________________________
Why?
________________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
79
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
In this task you will enable an ethernet connection between Access switches in order to increase
the number of ports on the network. Next, you will explore the information that Link Layer Discovery
Protocol (LLDP) can provide.
Steps
Switch-1
Switch-2
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
80
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
Switch-2(config-if)#no routing
Switch-2(config-if)#end
Switch-2#
5. Confirm interface 1/1/8 came up. Using the “show interface brief” command followed by
the filter “| exclude down”.
NOTE: The information will be filtered out, listing all the lines except the ones
that contain the “down” string.
NOTE: The pipe (|) command filters the output of show commands according to
the criteria specified by the parameter include, exclude, count, begin, or redirect.
Strings of characters that follow the filtering tool (e.g. “down” in command above)
are case sensitive. Typing the wrong capitalization may lead to the absence of
output.
________________________________________________________________________
________________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
81
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
Next you will use LLDP to analyze the information the protocol can provide regarding what device
is connected to specific interfaces.
TLVs Advertised
===============
Management Address
Port Description
Port VLAN-ID
System Capabilities
System Description
System Name
OUI
________________________________________________________________________
What are the transmit interval and hold time multiplier values?
________________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
82
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
What are the LLDP transmit and receive modes on all of the ports?
________________________________________________________________________
7. Issue the “show lldp local device” command. This will show the information the local
device shares/advertises with LLDP messages.
Global Data
===========
Chassis-ID : 08:00:09:5b:19:f1
System Name : Switch-2
System Description : Aruba ABC123 Virtual.10.07.0010
Management Address : 08:00:09:5b:19:f1
Capabilities Available : Bridge, Router
Capabilities Enabled : Bridge, Router
TTL : 120
Port-ID : 1/1/1
Port-Desc : "1/1/1"
Port Mgmt-Address : 08:00:09:5b:19:f1
Port VLAN ID : 1
Parent Interface : interface 1/1/1
Port-ID : 1/1/8
Port-Desc : "1/1/8"
Port Mgmt-Address : 08:00:09:5b:19:f1
Port VLAN ID : 1
Parent Interface : interface 1/1/8
Port-ID : mgmt
Port-Desc : "mgmt"
Port Mgmt-Address : 08:00:09:5b:19:f1
Switch-2(config)# end
Switch-2#
________________________________________________________________________
What are the available capabilities supported by the system?
________________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
83
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
IMPORTANT: AOS-CX systems have IP routing service enabled by default and cannot
be disabled. This means they will automatically populate entries in the Routing Table
for whatever IP segment they are configured with in Layer 3 ports (ether physical or
logical) and start moving packets at Layer 3 between those segments. IP routing cannot
be disabled in these systems.
________________________________________________________________________
Steps
Switch-1
9. Move to Switch-1.
10. Issue the “show lldp neighbor-info” command. You should see only one entry in the
output.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
84
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
Does the entry match the Chassis-ID and System Name seen in step 8?
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
11. Try the same command but specify the local interface number at the end of the command.
Port : 1/1/8
Neighbor Entries : 1
Neighbor Entries Deleted : 0
Neighbor Entries Dropped : 0
Neighbor Entries Aged-Out : 0
Neighbor Chassis-Name : Switch-2
Neighbor Chassis-Description : Aruba ABC123 Virtual.10.07.0010
Neighbor Chassis-ID : 08:00:09:5b:19:f1
Neighbor Management-Address : 08:00:09:5b:19:f1
Chassis Capabilities Available : Bridge, Router
Chassis Capabilities Enabled : Bridge, Router
Neighbor Port-ID : 1/1/8
Neighbor Port-Desc : 1/1/8
Neighbor Port VLAN ID : 1
TTL : 120
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
85
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
Switch-1#
NOTE: This version of the command displays the detailed data of the neighbor just like
the command, “show lldp local-device” used earlier on Switch-2.
12. Finally, run “show lldp local-device” on Switch-1. Then use the output of this step and the
previous step to complete the remaining fields of Figure 4-9.
Global Data
===========
Chassis-ID : 08:00:09:29:d0:9a
System Name : Switch-1
System Description : Aruba ABC123 Virtual.10.07.0010
Management Address : 08:00:09:29:d0:9a
Capabilities Available : Bridge, Router
Capabilities Enabled : Bridge, Router
TTL : 120
Port-ID : 1/1/1
Port-Desc : "1/1/1"
Port Mgmt-Address : 08:00:09:29:d0:9a
Port VLAN ID : 2
Parent Interface : interface 1/1/1
Port-ID : 1/1/2
Port-Desc : "1/1/2"
Port Mgmt-Address : 08:00:09:29:d0:9a
Port VLAN ID : 2
Parent Interface : interface 1/1/2
Port-ID : 1/1/8
Port-Desc : "1/1/8"
Port Mgmt-Address : 08:00:09:29:d0:9a
Port VLAN ID : 0
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
86
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
Port-ID : mgmt
Port-Desc : "mgmt"
Port Mgmt-Address : 08:00:09:29:d0:9a
Switch-1#
NOTE: Understanding LLDP and the information it provides can help you verify
and troubleshoot Layer 1 communication between devices.
Now that you are sure about which ports are used, you are ready to set the interface descriptions.
Windows Server
14. Move back to Windows Server and ping PC-2’s IP address (10.0.2.2).
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
87
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
________________________________________________________________________
Why?
________________________________________________________________________
ANSWER: Even though a link between both switches has been enabled, ping still fails.
In order to better understand why, you should explore the mac-address-table of either
switch. Let’s do it on Switch-1.
15. Open console session to Switch-1 and use the “show mac-address-table” command.
TIP: This output may give you more entries than the ones in example above (e.g. PC-
1), ignore all but the interfaces to PC-2 and the Windows Server’s.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
88
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
________________________________________________________________________
________________________________________________________________________
ANSWER: As you can see these two devices are on different ports (which is
expected) and also on different VLANs. The Windows Server is seen on VLAN
1 because that is the only VLAN that exists on Switch-2, and the only VLAN it
forwards is its 1/1/8 interface.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
89
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
Objectives
After finding the root cause that prevents communication between two endpoints it is time to apply
a configuration that solves the issue. You will proceed now to extend VLAN 2 to Switch-2 switch.
Steps
Switch-1
1. Configure Switch-1’s interface 1/1/8 as trunk link that permits VLANs 1 and 2
----------------------------------------------------------------------
Port Native VLAN Trunk VLANs
----------------------------------------------------------------------
1/1/8 1 1-2
Switch-1#
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
90
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
Switch-2
3. Move to Switch-2.
4. Create VLAN 2 and name it TEACHERS.
5. Configure Switch-2’s interface 1/1/8 as trunk link that permits VLANs 1 and 2.
---------------------------------------------------------------------------------
VLAN Name Status Reason Type Interfaces
----------------------------------------------------------------------------------
2 TEACHERS up ok static 1/1/1-1/1/2,1/1/8
Switch-2#
8. Display trunk interfaces. You should have only one trunk port.
----------------------------------------------------------------------
Port Native VLAN Trunk VLANs
----------------------------------------------------------------------
1/1/8 1 1-2
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
91
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
Switch-2#
9. Move back to the Windows Server and ping PC-2’s IP address (10.0.2.2).
________________________________________________________________________
Let’s now explore the MAC address tables of both switches and trace the MAC addresses of each station
in order to confirm they are learned in the expected ports and VLANs.
10. Display the mac address table of both Switch-1 and Switch-2.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
92
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
--------------------------------------------------------------
00:50:56:b1:a9:86 2 dynamic 1/1/8
00:50:56:b1:ae:e8 2 dynamic 1/1/2
Switch-1#
11. With the information shown please fill out the fields on the Figure below.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
93
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
Objectives
At this point you have extended connectivity for the TEACHERS user group with an inter-switch
link. However, if the link should fail, the faculty members will not be able to reach the Windows
Server. To provide redundancy for this link, you have proposed adding a second link. First, some
important measures must be taken in order to prevent Layer 2 loops.
In this task you will validate the default operational status of Spanning-Tree, identify the Bridge ID
of the switches, then modify the Bridge Priority on one of them to anticipate what port will be
blocked in the process for avoiding the loop. This information will allow you to draw the current
logical Common Spanning Tree (CST) topology. Once the network is protected against Layer 2
loops you will proceed to add a second link and test redundancy.
Steps
Switch-1
Switch-1#
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
94
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
________________________________________________________________________
Switch-1# config t
Switch-1(config)# spanning-tree
Switch-1(config)#
MST0
Root ID Priority : 32768
MAC-Address: 08:00:09:29:d0:9a
This bridge is the root
Hello time(in seconds):2 Max Age(in seconds):20
Forward Delay(in seconds):15
Port Role State Cost Priority Type BPDU-Tx BPDU-Rx TCN-Tx TCN-
Rx
------------ -------------- ---------- -------------- ---------- -------------------------
1/1/1 Designated Forwarding 20000 128 P2P 26 0 0 0
1/1/2 Designated Forwarding 20000 128 P2P 26 0 0 0
1/1/8 Designated Forwarding 20000 128 P2P 26 0 0 0
Switch-1(config)#
________________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
95
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
IMPORTANT: Both the Bridge ID Priority and Switch MAC address are
combined to form what is known as Bridge ID. In the example of the output
above, Switch-1’s Bridge ID is 32768.08:00:09:29:d0:9a. Notice that the priority
goes first and has a higher weight than the MAC. This priority can be configured
in a multiplies of 4096 and comes in a range between 0 to 61440 and the default
value as you can see is 32768.
Since the identifier uses the MAC of the switch then every switch in your network
will have a different Identifier.
________________________________________________________________________
________________________________________________________________________
ANSWER: The ports are UP and in Forwarding state. Root Bridge’s ports will
always be in this state unless there is a local loop.
Switch-2
Switch-2# config t
Switch-2(config)# spanning-tree
Switch-2(config)#
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
96
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
MST0
Root ID Priority : 32768
MAC-Address: 08:00:09:29:d0:9a
Hello time(in seconds):2 Max Age(in seconds):20
Forward Delay(in seconds):15
Port Role State Cost Priority Type BPDU-Tx BPDU-Rx TCN-Tx TCN-Rx
------------ -------------- ---------- -------------- ---------- ---------------- --------
-- ---------- ---------- ----------
1/1/1 Designated Forwarding 20000 128 P2P 0 0 0 0
1/1/8 Root Forwarding 20000 128 P2P Bound 0 0 0 0
Switch-2(config)#
________________________________________________________________________
________________________________________________________________________
ANSWER: Since now there are two switches running STP, there will be a Root
Bridge election, where the device that has the lowest Bridge ID will become the
root. Therefore, depending on what switch has the lowest value, either Swtich-
1 or Switch-2 can be elected root. According to the output above, Switch-1
remains the root.
________________________________________________________________________
ANSWER: All ports should be in Forwarding state because no loops have been
detected.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
97
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
At this point you have two switches running STP with a single link between them. Either Switch-1
or Switch-2 is the root. The root switch elected is determined by comparing the Bridge IDs, the
one with the lowest Bridge ID wins the election.
Since both devices share the same default Bridge Priority (32768) then the MAC address was
the tie breaker. However, depending on the MAC address alone for the Root Bridge election is
not a good practice. A better option is to define a lower Bridge Priority on the device that we want
to be the root switch.
You will proceed to decrease the Bridge Priority on Switch-2 and make sure it always gets
elected Root.
MST0
Root ID Priority : 0
MAC-Address: 08:00:09:5b:19:f1
This bridge is the root
Hello time(in seconds):2 Max Age(in seconds):20
Forward Delay(in seconds):15
Bridge ID Priority : 0
MAC-Address: 08:00:09:5b:19:f1
Hello time(in seconds):2 Max Age(in seconds):20
Forward Delay(in seconds):15
---- output omitted ---
________________________________________________________________________
________________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
98
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
10. Enable interface 1/1/7 and configure it with trunk settings permitting VLAN 1 and 2.
Switch-1
MST0
Root ID Priority : 0
MAC-Address: 08:00:09:5b:19:f1
Hello time(in seconds):2 Max Age(in seconds):20
Forward Delay(in seconds):15
Port Role State Cost Priority Type BPDU-Tx BPDU-Rx TCN-Tx TCN-Rx
------------ -------------- ---------- -------------- ---------- ---------------- --------
-- ---------- ----------
---------
1/1/1 Designated Forwarding 20000 128 P2P 214 0 0 0
1/1/2 Designated Forwarding 20000 128 P2P 213 0 0 0
1/1/8 Root Forwarding 2000 128 P2P Bound 183 35 2
4
Switch-1(config)#
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
99
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
12. Enable interface 1/1/7 and configure it with trunk settings permitting VLAN 1 and 2.
13. Validate the role and state of the inter-switch links on Switch-1.
MST0
Root ID Priority : 0
MAC-Address: 08:00:09:5b:19:f1
Hello time(in seconds):2 Max Age(in seconds):20
Forward Delay(in seconds):15
Port Role State Cost Priority Type BPDU-Tx BPDU-Rx TCN-Tx TCN-Rx
------------ -------------- ---------- -------------- ---------- ---------------- --------
1/1/1 Designated Forwarding 20000 128 P2P 272 0 0 0
1/1/2 Designated Forwarding 20000 128 P2P 271 0 0 0
1/1/7 Root Forwarding 20000 128 P2P Bound 3 9 2
1/1/8 Alternate Blocking 20000 128 P2P Bound 183 93 2
Switch-1#
________________________________________________________________________
________________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
100
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
root, however because if its very nature of being redundant it may generate
Layer 2 loops if it is not blocked.
Alternate ports are always in blocking state and ready to become active in
Forwarding mode if the Root port on the local device fails.
PC-1
14. Move to PC-1 and begin a continuous ping to the Windows Server (10.0.2.10). The ping
should be successful.
You will now simulate a link failure by bringing one of the inter-switch links down.
Switch-1
15. Move back to Switch-1 and disable the Root port (1/1/7).
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
101
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
MST0
Root ID Priority : 0
MAC-Address: 08:00:09:5b:19:f1
Hello time(in seconds):2 Max Age(in seconds):20
Forward Delay(in seconds):15
Port Role State Cost Priority Type BPDU-Tx BPDU-Rx TCN-Tx TCN-Rx
------------ -------------- ---------- -------------- ---------- ---------------- --------
-- ---------- ---------- -
---------
1/1/1 Designated Forwarding 20000 128 P2P 2473 0 0 0
1/1/2 Designated Forwarding 20000 128 P2P 2472 0 0 0
1/1/7 Disabled Blocking 20000 128 P2P 21 589 6 4
1/1/8 Root Forwarding 20000 128 P2P Bound 19 2292 6 1
0
Switch-1(config)#
________________________________________________________________________
________________________________________________________________________
PC-1
________________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
102
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
ANSWER: The ping is running even after the simulated failure, thanks to the
switchover of port 1/1/8 from Alternate to Root.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
103
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 4
Objectives
Steps
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
104
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
Lab 5 – IP Routing
Overview
After proving the resiliency and robustness of the network, BrilliantAcademy faculty members are
eager to support the second user group, STUDENTS, and offer them access to the server as well
as the Internet.
In this lab you will create an additional VLAN and use inter-VLAN routing along with a Default
Gateway to enable Layer 3 connectivity between them. But this is not enough to create
connectivity. You will be asked to deploy static routes to interconnect remote segments between
them and to the Internet. Once the IPv4 routing is configured, you will add functions on the
Gateway to allow clients receiving addressing information via DHCP using a centralized Server.
As an added value a deep dive into packet exchange, L3 to L2 address resolution and how they
correlate for inter-VLAN routing is included.
Objectives
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
105
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
Objectives
You will now create VLAN 3 on Switch-1 and move PC-1 on it. Then you will test inter-VLAN
communication at Layer 2.
Steps
Switch-1
Switch-1# config t
Switch-1(config)# vlan 3
Switch-1(config-vlan-3)# name STUDENTS
Switch-1(config-vlan-3)# exit
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
106
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
------------------------------------------------------------------------------------------
----------------------
VLAN Name Status Reason Type
Interfaces
------------------------------------------------------------------------------------------
----------------------
3 STUDENTS up ok static 1/1/1
Switch-1(config)#
PC-1
________________________________________________________________________
ANSWER: The ping was not successful because now both PCs are in different
broadcast domains, which prevents the Layer 2 communication between
devices.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
107
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
5. Change the IP address of PC-1 to 10.0.3.1/24 to make it belong to VLAN 3’s IP segment
(10.0.3.0/24).
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
108
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
________________________________________________________________________
ANSWER: The ping was not successful because even when each PC has an IP
address of a different segment and inter-VLAN Layer 3 communication (also
known as inter-VLAN routing) is in theory possible, there is no Layer 3 device
capable of providing the IP routing service yet.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
109
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
Objectives
You will now create VLAN 3 on Switch-1 and move PC-1 on it. Then you will test inter-VLAN
communication at Layer 2.
Steps
Switch-1
1. Move back to Switch-1 and create the Switch Virtual Interface (SVI) for VLAN 2 and assign
it the 10.0.2.254/24 IP address.
2. Create the SVI for VLAN 3 and assign it the 10.0.3.254/24 IP address
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
110
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
VRF: default
Switch-1#
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
111
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
5. Ping both PC-1 (10.0.3.1) and PC-2 (10.0.2.2). Pings should be successful.
PC-1
Switch-1#
________________________________________________________________________
ANSWER: The ping was not successful because even though both clients
reside on different VLANs with the proper addresses and a Layer 3 device is
available and ready to perform routing, PC-1 is not configured to use Switch-1
as a Default Gateway yet.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
112
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
113
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
Now you will proceed to analyze how the Layer 2 and Layer 3 addresses are used on inter-VLAN
routing.
10. Clear the ARP table on PC-1. You will have to run Command Prompt as administrator.
a. Click on the Start menu and type command
b. Right click on Command Prompt and choose “Run as administrator”
c. Confirm the User Account Control message by clicking “Yes”
d. Enter the command "arp -d” without the quotes into the command prompt window.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
114
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
11. Confirm there is no entry in the 10.0.3.0/24 subnet in the ARP table of the Lab NIC using
the “arp -a -N 10.0.3.1” command. If you see a 10.0.3.254 record, then clear the table and
verify again.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
115
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
116
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
117
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
________________________________________________________________________
ANSWER: The second packet is an ARP reply that contains the MAC address
of the Gateway in VLAN 3.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
118
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
________________________________________________________________________
________________________________________________________________________
Why?
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
ANSWER:
At Layer 3, the source is PC-1, and the destination is PC-2. At Layer 2, the
source is also PC-1, but the destination is Switch-1’s MAC address on SVI 3.
This is because PC-1’s packet can only reach PC-2 by passing through Switch-
1. Switch-1 receives the packet, decapsulates it, and looks at the L3 destination.
It then performs an IP routing table lookup to determine that the outbound port
is interface VLAN 2.
Switch-1 creates a new Layer 2 Ethernet header with its own MAC address for
Interface VLAN 2 as the source, and PC-2’s MAC as the destination. The IP
header remains intact.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
119
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
Based on this behavior, please write down the Layer 2 and Layer 3 source and destination addresses
the IP packet Switch-1 sends out in VLAN 2?
________________________________________________________________________
________________________________________________________________________
Assuming PC-2 responds back, what Layer 2 and Layer 3 source and destination addresses would the
ICMP Echo Reply have when the frame is delivered to Switch-1?
________________________________________________________________________
________________________________________________________________________
Assuming PC-2 responds back, what Layer 2 and Layer 3 source and destination addresses would the
ICMP Echo Reply have when the frame is delivered from Switch-1 to PC-1? This data you can see on 4TH
packet of the capture or the first ICMP echo reply you got.
________________________________________________________________________
________________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
120
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
ANSWER: The PC-2’s MAC and Switch-1 VLAN 2’s MAC addresses should be
the source and the destination respectively for the frame that PC-2 is sending
out. Then these two addresses change for Switch-1 VLAN 3’s and PC-1’s MAC
addresses as Source and Destination respectively when the frame is sent by
Switch-1 to PC-1.
The source and destination IP addresses are PC-2’s and PC-1’s respectively for
both the packet before and after the routing event.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
121
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
Objectives
In this task you will configure port 1/1/8 on both switches as routed interfaces for creating a L3 link
between them. This link will subsequently be used as the transport for traffic between client PCs
and the Windows Server. You will also move the Windows Server to VLAN 10 and change its IP
address.
Steps
Switch-1
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
122
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
Switch-2
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
123
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
Switch-2(config)# vlan 10
Switch-2(config-vlan-10)# name SERVERS
Switch-2(config-vlan-10)# exit
12. Confirm both 10.0.0.0/24 and 10.0.10.0/24 IP segments are connected routes in Switch-2’s
routing table.
VRF: default
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
124
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
Switch-2(config)#
Windows-Server
13. Move to the Windows Server and change the IP address of the Lab NIC to 10.0.10.10/24
and use 10.0.10.254 as the Default Gateway.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
125
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
126
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
________________________________________________________________________
PC-1
________________________________________________________________________
ANSWER: No, the reason is that although PC-1 has a Default Gateway (Switch-
1) it does not have route to the 10.0.10.0/24 destination network.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
127
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
Objectives
In this task you will configure static routes on both Switch-1 and Switch-2 so they can reach each
other’s connected routes. Then you will add a route to the internet and test connectivity.
Steps
Switch-1
1. Move to Switch-1 and configure a static route to the 10.0.10.0/24 network using Switch-2
as the next-hop (10.0.0.2).
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
128
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
VRF: default
Switch-1(config)#
Switch-1(config)#ping 10.0.10.10
PING 10.0.10.10 (10.0.10.10) 100(128) bytes of data.
108 bytes from 10.0.10.10: icmp_seq=1 ttl=127 time=6.14 ms
108 bytes from 10.0.10.10: icmp_seq=2 ttl=127 time=3.20 ms
108 bytes from 10.0.10.10: icmp_seq=3 ttl=127 time=2.69 ms
108 bytes from 10.0.10.10: icmp_seq=4 ttl=127 time=2.86 ms
108 bytes from 10.0.10.10: icmp_seq=5 ttl=127 time=3.16 ms
PC-1
4. Move back to PC-1 and run a traceroute by entering the command “tracert 10.0.10.10”
without the quotes.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
129
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
ANSWER: The last stop in the output is Switch-1. This is because even though
Switch-1 knows how to get to the 10.0.10.0/24 segment and achieve
bidirectional communication with devices in that network, this will only work if
traffic is sourced from the 10.0.0.0/24 segment. Similar to the ping you ran on
step 3. Switch-1 will by default use the closest interface to the destination for
generating its own packets (port 1/1/8 in that case).
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
130
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
Switch-2
5. Move to Switch-2 and add a route to 10.0.3.0/24 using 10.0.0.1 (Switch-1) as the next-hop.
VRF: default
Switch-2(config)#
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
131
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
PC-1
8. Move back to PC-1 and attempt the traceroute again. The trace should be successful.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
132
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
At this point you have enabled bidirectional connectivity between the TEACHERS and STUDENTS
VLANs and the SERVERS one. However, the client PCs can’t reach the Internet yet.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
133
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
Objectives
In this task you will configure a special form of a static route called Default route, which you will
use to provide BrilliantAcademy users with Internet, then you will test IP connectivity.
Steps
Switch-1
1. Move to Switch-1 and configure a static route to the 0.0.0.0/0 network using Switch-2 as
the next-hop (10.0.0.2).
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
134
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
Switch-1(config)#end
VRF: default
Switch-1(config)#
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
135
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
Switch-1(config)#
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
ANSWER: Even though you have a default route on Switch-1 and traffic is
handed over to Switch-2 at layer 3, this latter device does not have a route to
the internet yet. Remember all intermediary devices must know how to reach
both the source and the destination networks to have successful bidirectional
communication.
Switch-2
5. Move to Switch-2 and configure a routed link to the Internet Gateway using port 1/1/9 and
the 10.254.1.1/24 IP address.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
136
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
7. Configure a static route to the 0.0.0.0/0 network using the internet Gateway as the next-hop
(10.254.1.253).
VRF: default
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
137
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
Switch-2(config)#
Switch-1
10. Move to Switch-1 and attempt the ping again. It should be successful.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
138
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
Switch-1(config)#
PC-1
11. Move back to PC-1 and ping the 1.1.1.1 address. Ping should be successful.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
139
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
Objectives
In this task you will configure a DHCP relay function on VLAN 2 and VLAN 3’s Default Gateway.
Thus, when Switch-1 hears DHCP discover messages from VLANs 2 and 3, it redirects them to
the Windows server. The server can then offer IP address information to those clients. This allows
for automatic IP address provisioning as opposed to non-scalable static addressing.
Steps
Switch-1
1. Move to Switch-1 and enable the DHCP Relay role on SVI 2 and SV3 pointing to 10.0.10.10
as the DHCP Server.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
140
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
them with a new DHCP header, with its own L3 interface IP address as the
source. It converts the packet to a Unicast packet and sends it to the Server.
The server receives the packet, with the Relay’s IP address included in the
DHCP header. It compares this address with any preconfigured IP pool it has. If
there is a match, the Server responds with an Offering back to the Relay. The
Relay then forwards this on to the client. Assuming the address is compatible,
the client uses this address.
PC-1
2. Change the Lab NIC IP settings from static configuration to dynamic provisioning.
3. Validate the client is receiving a valid IP address using the “ipconfig” command in the
command prompt. It should be in the .100 to .200 range.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
141
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
142
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 5
Objectives
Steps
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
143
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 06
You have deployed a solid, redundant, yet loop free wired network infrastructure with user
segmentation, Inter-vlan routing and internet services for wired clients. Now, BrilliantAcademy
needs to extend the service to wireless users as well and has purchased the required equipment
for that. However, before jumping into the deployment and configuration of the WLAN
infrastructure, you want to study the Radio Frequency environment at the facility and identify any
potential source of interference that you should avoid in the process.
In this lab you will analyze some Layer 1 and Layer 2 aspects of the WiFi. First using a freeware
tool, you will detect the WLANs that are propagated around PC-1, pick one and see its details such
as band, channel, RSSI, data rate, etc. Then you will open a packet capture and visualize the
802.11 management frames exchanges between a wireless station and an Access Point.
Objectives
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
144
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 06
Objectives
In this task you will use a popular freeware tool called “inSSIDer Home” to detect different SSIDs
in the air and analyze their characteristics.
Steps
PC-1
2. Once inSSIDer Home is opened. Find your WLAN adapter, then click on NETWORKS.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
145
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 06
This will display all WLANs PC-1 can detect with the network adapter used and listed in the
previous page.
NOTE: The WLANs that you see may be different to the ones shown in the
figures, because it will depend on the 802.11 capabilities of the wireless adapter
and of the networks propagated by the nearby APs. The remote lab environment
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
146
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 06
is a very dense deployment of APs, so it is likely that you may see many SSIDs
that do not pertain to this course.
The new panel has 3 main sections. The first at the top left is the SSIDs list, that includes the
details of every detected WLAN, including the name, Signal (Signal strength), Channel, Security,
MAC Address or BSSID, Max Rate and the 802.11 PHY.
The second at the top right is the SSID trend chart, which displays some details of the selected
SSID, along with a basic interference analysis.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
147
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 06
Last of at the bottom you can see the representation of the advertised WLANs in a 2.4 GHz and a
5 GHz charts that show the RSSI on the Y axis and the band channel on the X axis.
3. Go to View > 2.4 GHz Band to remove the 5 Ghz band networks from the list and use the
bottom space for the 2.4 Ghz band chart only.
4. Click on signal to sort the WLANs from the strongest to the weakest.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
148
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 06
6. Using the information listed on the SSID list answer the following questions.
________________________________________________________________________
What is the Signal strength or RSSI?
________________________________________________________________________
What unit of measure is the signal strength listed as?
________________________________________________________________________
What is the WLAN Security?
________________________________________________________________________
What is the WLAN’s MAC Address or BSSID?
________________________________________________________________________
What is the MAX Rate?
________________________________________________________________________
Which 802.11 amendment or standard are you using?
________________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
149
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 06
Has the WLAN had a consistent power level in the past minutes, or there are noticeable power changes
on it?
________________________________________________________________________
________________________________________________________________________
How many networks does this WLAN have co-channel interference with?
________________________________________________________________________
Is this WLAN running Channel Bonding?
________________________________________________________________________
Also, a broader trapeze that includes the two channel numbers will be shown in
the bottom chart.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
150
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 06
8. Go to View > 5 GHz Band to remove the 2.4 Ghz band networks from the list and use the
bottom space for the 5 Ghz band chart only.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
151
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 06
10. Using the information listed on the SSID list answer the following questions.
________________________________________________________________________
What is the Signal strength or RSSI?
________________________________________________________________________
What unit of measure is the signal strength listed as?
________________________________________________________________________
What is the WLAN Security?
________________________________________________________________________
What is the WLAN’s MAC Address or BSSID?
________________________________________________________________________
What is the MAX Rate?
________________________________________________________________________
Which 802.11 amendment or standard are you using?
________________________________________________________________________
11. Focus on the trend chart and answer the following questions.
Has the WLAN had a consistent power level in the past minutes, or there are noticeable power changes
on it?
________________________________________________________________________
________________________________________________________________________
Is this WLAN running Channel Bonding?
________________________________________________________________________
How many networks does this WLAN have co-channel interference with?
________________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
152
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 06
________________________________________________________________________
Why?
________________________________________________________________________
________________________________________________________________________
________________________________________________________________________
NOTE: The 2.4 GHz Industrial Scientific and Medical (ISM) band has fewer
channels than the 5 GHz one and it is used by many non-WiFi consumer
products. This is why 2.4 GHz channel has considerably more co-channel
interference. Most Enterprise oriented networks will be typically designed and
deployed with the 5GHz band in mind for most of the communication
requirements while the 2.4 is mostly for backwards compatibility with legacy
devices.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
153
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 06
Objectives
In this task you will open a packet capture file in pcap format on PC-1 using Wireshark and look
for the most relevant frames used in a connect to a WiFi network. It includes:
• SSID discovery and the SSID to BSS Id resolution via Beacons, Probe Requests and Probe
Responses management frames.
• 802.11 connection with Authentication Request/Response and Association
Request/Response management frames.
• Traffic exchange using Data frames.
• The end of the connection via Deauthentication management frames.
NOTE: Due the monitor mode limitations of the WiFi adapters used in this lab,
a live capture is not possible, instead a pcap file has been provided that
correspond to a capture performed during an Apple Macbook client
(b0:be:83:41:a3:78) association to an Aruba Access Point (38:17:c3:3b:32:24)
on Channel 11.
Steps
PC-1
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
154
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 06
___________________________________________________________________
What is the Bandwidth?
___________________________________________________________________
What is the Data Rate for this frame?
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
155
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 06
___________________________________________________________________
What is the Channel and frequency?
___________________________________________________________________
What are the Signal strength and Noise Level?
___________________________________________________________________
What is the Signal/noise ratio?
___________________________________________________________________
___________________________________________________________________
What is the Transmitter address?
___________________________________________________________________
What is the BSS Id?
___________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
156
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 06
Answer: Destination address is the all F’s broadcast one. Transmitter is the
AP’s BSSID (38:17:c3:3b:32:24).
6. Expand the IEEE 802.11 wireless LAN > Fixed parameters details.
___________________________________________________________________
___________________________________________________________________
What are the Supported Rates?
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
157
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 06
___________________________________________________________________
What are Extended Supported Rates?
___________________________________________________________________
What are the HT Capabilities?
___________________________________________________________________
Answer: The SSID or WLAN name is IANS, this is one of the main reasons for
the Beacons, to provide the SSID to BSS Id mapping, that way the clients will
know what AP and AP’s radio they should connect to.
The supported rates are 1, 2, 5.5, 6, 9, 11, 12 and 18 Mbps while extended
rates are 24, 36, 48 and 54 Mbps, these are the different data transition rates
the AP supports for receiving frames from clients, the rate for specific client will
mainly depend on the SNR.
___________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
158
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 06
___________________________________________________________________
What is the Transmitter address?
___________________________________________________________________
What is the BSS Id?
___________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
159
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 06
___________________________________________________________________
___________________________________________________________________
12. Expand the IEEE 802.11 Wireless LAN > Fixed parameters details.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
160
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 06
___________________________________________________________________
Answer: Open System. This means that no real authentication data is being
exchanged here, but this is a merely a handshake defined by the 802.11 protocol
required to complete the client association.
___________________________________________________________________
What is the purpose of the Authentication frames?
___________________________________________________________________
___________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
161
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 06
15. Expand 802.11 Wireless Management > Fixed parameters > Capabilities Information
___________________________________________________________________
Answer: Announcing what capabilities are supported by each device (Client and
AP).
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
162
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 06
___________________________________________________________________
What is the purpose of the Association Request/Response frames?
___________________________________________________________________
Answer: This is an Association Response sent by the AP. The purpose of the
Association Request and Response is to complete the 802.11 association phase
and make sure that both the client and AP support all mandatory WiFi
capabilities.
___________________________________________________________________
Who is the source and the destination of this frame?
___________________________________________________________________
Answer: This is a Deauthentication frame that was sent by the AP to notify that
the client should not be associated to the network anymore. In other words, it is
officially disconnecting the client.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
163
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 06
___________________________________________________________________
Answer: Deauthenticated because sending STA is leaving (or has left) IBSS or
ESS.
___________________________________________________________________
What purpose do they have?
___________________________________________________________________
Answer: They are data frames, exchanged between the client and the network
via the AP during the life the 802.11 connection, before the Deauthentication
frame was sent to disconnect the client. Although these frames are not properly
decoded, and therefore their contents are uncertain, they most likely include
DHCP and DNS packets among other protocols traffic.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
164
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
After studying the Radio Frequency environment, you have successfully identified the high
demand, low interference areas and mounted a few Access Points there. Then provisioned them
with an ethernet drop that terminates on Switch-1.
In this lab activity you will enable an Aruba AP and deploy a WLAN for the BrilliantAcademy
students. To do so you must first configure the switchport where the Access Point is plugged in,
then you will access Aruba Central, an Enterprise grade Cloud-based management solution to
assign its initial settings and create the SSID. Finally, you will test your setup.
Objectives
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
165
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
Objective
In this task you will add an Aruba Access Point to your topology using a trunk port on Switch-1
using VLAN 1 for managing the AP and VLAN 3 for the future STUDENTS WLAN. Then you will
configure the required Layer 3 settings such as creating an SVI and give its IP address, enabling
DHCP Relay and enable routing for the AP’s management network.
Steps
Switch-1
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
166
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
Switch-2
5. Move to Switch-2 and add a new static route for the 10.0.1.0/24 segment using Switch-1
(10.0.0.1) as next hop.
So far you have enabled Layer 2 and Layer 3 connectivity for your AP, and it is only a matter of
waiting for it to complete its boot process and acquire its own IP settings with DHCP.
6. Reboot the AP by clicking on the AP Icon in the Lab Dashboard and choosing the option
to “reboot”
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
167
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
7. Wait 5 minutes and confirm you can ping your AP. It should be given the 10.0.1.10 IP
address.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
168
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
Objective
In this task you will connect to Aruba Central from a local browser, then you will verify the Central
version and finally you will explore the Aruba Central dashboard.
Aruba Central
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
169
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
NOTE. The Central username uses email format, and this lab environment uses
arubatraininglabs.net as domain.
4. Click Continue.
5. You will fall into the Single Sign On (SSO) authentication web page.
6. Re-enter the same email as username and enter the password assigned to you.
NOTE. Be patient, the first time you login into Central it could take up to 30 seconds.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
170
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
171
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
Aruba APs run a multi-phase boot process. One of the steps is contacting Aruba Activate,
a cloud-based service used for Zero Touch Provisioning, that redirects to the correct
management platform either as Aruba Central or AirWave.
Your table Access Point has already been onboarded and given a license in Aruba Central.
As consequence a redirection rule was pushed to Aruba Activate and let it know the AP
should be Central Managed. Hence as soon as your Access Point gained Internet access,
it received the order to contact Central.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
172
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
13. On the left panel click Devices (alternatively you can click on the Access Point number on
the top bar).
14. Click on the 3-dot icon then and select Group column.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
173
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
Click on the MAC address that appears under Device Name. You will be redirected to
device specific details page.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
174
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
ANSWER: Your Aruba Devices must be set with a country code to properly
function, without this parameter your APs never will broadcast a custom SSID.
You will set up this parameter in the next task.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
175
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
Objective
In this task you will configure a new Central Group to manage your AP, then you will setup general
parameters on this device.
Steps
Aruba Central
1. Click on the MAC address that appear on the top left corner and set the context filter to
Global.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
176
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
4. Expand the default group, you should see an entry on this group (your AP).
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
177
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
a. Name: Campus-1
b. Check the box for Access Points
c. Leave other options unchecked.
7. Click Add.
9. Click Add.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
178
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
179
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
14. Click on the gear icon that appears on the right to start the configuration of your group.
15. The system requires a new password for the group, set the password to “@ruba123”
with no quotes.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
180
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
Note: If you do not see the tab, select Show Advanced button.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
181
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
NOTE: Your AP needs to reboot to apply the new country code. This is the reason the
warning message still appears at the bottom of the page.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
182
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
183
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
184
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
185
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
33. Hover your mouse on your Access Point, a reboot icon should appear.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
186
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
NOTE. Optionally you can monitor the reboot process from your console.
Wait a few minutes until the Access Point is back. The warning message at bottom should
disappear.
IMPORTANT. In case you still see the warning message at the bottom of the page, then
follow the following optional steps.
Optional steps
35. Scroll down and at the bottom, click on “Set Country Code now”. A new window appears.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
187
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
Aruba Central includes a remote console feature, this option is very convenient when you do not
have physical access to the managed device. In the following steps you will explore how to use it.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
188
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
189
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
________________________________________________________________________
ANSWER: Your Aruba Devices must be set with a country code to properly
function, without this parameter your APs never will broadcast a custom SSID.
You will set up this parameter in the next task.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
190
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
191
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
___________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
192
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
Objective
Steps
Aruba Central
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
193
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
For example:
6. Click Next.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
194
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
8. Click Next.
9. For the Security tab select the following options:
a. Security Level: Personal
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
195
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
Note. Due to some limitations with the lab environment you need to select WPA2 and not
WPA3. This however is not a recommended action in a real environment since WPA2-
Personal is susceptible to dictionary attacks.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
196
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
197
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
198
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
Objective
In this task you will connect your Wireless client to your SSID.
Steps
PC-1
1. From your local computer, move to Aruba Training Lab web page
(https://arubatraininglab.computerdata.com)
2. Click on PC-1 icon.
3. Select Open Desktop, a new tab or window will be open in your browser.
4. Disable your wired network adapter
a. Click on the Start Menu and type “Control Panel”
b. click on “Network and Internet”, and then select "Network and Sharing Center”
c. Click on “Lab NIC” and choose “Disable” in the popup window.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
199
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
5. Click on the Network icon on the task bar and verify you can see the Students-
[YOUR_INITIALS] SSID.
NOTE. If your wireless network card cannot see any SSIDs, please notify your instructor or
submit a trouble ticket using the instructions given to you.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
200
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
10. On the Permit your PC to be discovered by other PCs message, select No.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
201
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
According to your configuration, from which subnet your PC obtained its IP address?
__________________________________________________________________________
C:\Users\student>ipconfig
Windows IP Configuration
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
202
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
15. Ping your default gateway (10.0.3.254). The ping should be successful.
C:\Users\student>ping 10.0.3.254
Aruba Central
16. Move to Aruba Central (If you have been automatically logged out, log back in.).
17. From the global context filter select Global.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
203
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
204
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
__________________________________________________________________________
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
205
Get the Edge: An Introduction to
Aruba Networking Solutions
Lab 7
__________________________________________________________________________
__________________________________________________________________________
ANSWER: You should see three elements in the Datapath, your client, the SSID and
the AP. Your AP is capable to analyze the client’s traffic including the DHCP
messages and the HTTP traffic to determine the OS. You can see more details about
this under the Profile tab.
Rev 22.11 | © Copyright 2020 Hewlett Packard Enterprise Development LP | Confidential – For Training Purposes Only
206
3333 Scott Blvd, Santa Clara, CA 95054
TEL: 408.227.4500 | FAX: 408.227.4550
www.ARUBANETWORKS.com
EDU-$&17-RLABS-v22.11