Wired Intelligent Edge

 View Only

  • 1.  6300M MACsec Ports

    Posted Dec 21, 2023 04:38 PM

    We have a few of the new 6300M COS 8 switches where ports 51 and 52 are labeled MACsec ports ( 2x 10G/25G SFP ports MACsec). MACsec doesn't seem to be enabled on these ports but we aren't able to use them as normal uplink ports. Any ideas what config we might need to change or do they require a certain SFP?



  • 2.  RE: 6300M MACsec Ports

    Posted Dec 21, 2023 05:44 PM

    is this "R8S90A/R8S91A" 6300 switch? and what firmware version are you running?

    whats the output of "show run int 1/1/51-1/1/52"?



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 3.  RE: 6300M MACsec Ports

    Posted Dec 21, 2023 07:43 PM

    Yes the R8S90A and firmware 10.10.1030.

    The config is just:

    sho run int 1/1/52
    interface 1/1/52
        no shutdown
        no routing
        vlan trunk native 900
        vlan trunk allowed all
     


    Original Message


  • 4.  RE: 6300M MACsec Ports

    Posted Dec 21, 2023 08:15 PM

    you should be able to use it as normal uplinks, what error do you get when you connect 1/1/52 ?

    show event -r



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------

    Original Message


  • 5.  RE: 6300M MACsec Ports

    Posted Dec 22, 2023 05:05 AM
    Edited by HH-e4c878 Dec 22, 2023 05:05 AM

    On the below switches

    • R8S89A Aruba 6300M 24SR CL6 PoE 2p50G 2p25G Switch
    • R8S90A Aruba 6300M 48SR5 CL8 PoE 2p50G 2p25G Switch
    • R8S92A Aruba 6300M 24p SFP+ LRM 2p50G 2p25G Switch

    you have to set both 25G ports to match the same speed. By default they are configured for 25G SFP28 transceivers.  Run the command "show system interface-group" to see the current configured speed setting.

    If you want to use 10G SFP+ transceivers in those 25G ports you need to configure them first using the following command:
    (config)# system interface-group <group id> speed 10g


    Original Message


  • 6.  RE: 6300M MACsec Ports

    Posted Jul 23, 2025 11:52 AM

    I have a new CX-6300 S0E91A 4p100G. 

    I want to set the system Interface grp3 from 100G down to 40G.  I can't get the group speed command to stick for any change.

    Any ideas why I get invalid input: speed.  Am I specifying the wrong input format?


    Original Message


  • 7.  RE: 6300M MACsec Ports

    Posted Jul 24, 2025 03:07 AM

    Probably... can you try the ? in the CLI to build up your command? Type system interface-group 3 ?

    It should show the applicable options. For example on my 6405, I need the line-module before the speed. Also make sure that the switch is not managed by Central, but in that case the command line completion with the ? should not work either...

    6405-BR(config)# system interface-group 4
  line-module  The line module of the group
6405-BR(config)# system interface-group 4 line-module
  SLOT_ID  The slot ID of the line module (e.g. 1/1)
6405-BR(config)# system interface-group 4 line-module 3
  speed  Configure the permitted transceiver speed for this group
6405-BR(config)# system interface-group 4 line-module 3 speed
  25g  Allow up to 25Gbps transceivers only (default)
  50g  Allow 50Gbps transceivers only


    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 8.  RE: 6300M MACsec Ports

    Posted Jul 24, 2025 09:56 AM

    Thanks Herman - Solved my problem

    Even though I didn't have VSF stacking enabled per se I still had to specify the switches VSF membership ID in the command

    2CB-TOR-ServerRoom(config)# show vsf                 

    Force Autojoin             : Disabled

    Autojoin Eligibility Status: Not Eligible

    MAC Address                : 7c:a8:ec:a3:0f:80

    Egress Shape Rate          : None

    Secondary                  :   

    Topology                   : Standalone

    Status                     : No Split

    Split Detection Method     : None

    Mbr Mac Address         type           Status   

    ID

    --- ------------------- -------------- ---------------

    1   7c:a8:ec:a3:0f:80   S0E91A         Conductor

    2CB-TOR-ServerRoom(config)# system interface-group 3 member 1                

      speed  Configure the permitted transceiver speed for this group

    2CB-TOR-ServerRoom(config)# system interface-group 3 member 1 speed 40G

    This command will disable any transceivers in the group that do not support

    the new speed and may disrupt the network.

    Continue (y/n)? y

    2CB-TOR-ServerRoom(config)#


    Original Message


Related Content