Wired Intelligent Edge

Certificate enrollment via EST through config distribution

Aruba AOS-CX 10.11 Enrollment over Secure Transport [EST] Technical Update. Certificate association with an EST (Enrollment over Secure Transport) profile can now be pushed within a configuration to initiate certificate provisioning. When a certificate property profile contains an EST profile association, it will trigger a certificate enrollment automatically, provided the corresponding EST profile is also in the configuration and the corresponding EST server has been established. If new certificates are created or enrolled, the configuration needs to be saved for the certificates to persist across reboots or upgrades.

For details, visit the Technical update video -
Aruba AOS-CX 10.11: Enrollment over Secure Transport [EST] Technical Update

YouTube		remove preview
Aruba AOS-CX 10.11: Enrollment over Secure Transport [EST] Technical Update View this on YouTube >

------------------------------
Shobana
TME
Aruba
------------------------------

Support for LACP fallback

LACP Fallback feature provides a configuration mechanism for dynamic LAGs to enable non-bonded interfaces that would otherwise be blocked due to the absence of any LACP BPDUs received from the peer LACP fallback was first introduced into AOS-CX 10.02.0020 Initial support was limited to VSX multi-chassis LAG interfaces only The new CLI command to enable the feature on non-VSX Dynamic LAGs is called lacp fallback-static The pre-existing CLI command lacp fallback is retained for support with VSX Supported Platforms Now starting with AOS-CX 10.11, the feature has been extended to other Dynamic LAGs on the following platforms: OVA, 4100, 6000, 6100, 6200, 6300, 6400, 8320, 8325, 8360, 9300, 10000

For details, visit the Technical update video -
Aruba AOS-CX 10.11: LACP Fallback

YouTube		remove preview
Aruba AOS-CX 10.11: LACP Fallback View this on YouTube >

------------------------------
Shobana
Aruba
------------------------------

Host to Switch MACsec

Media Access Control security (MACsec) provides Layer 2 security for wired LANs, protecting network communications against a range of attacks including: denial of service, intrusion, man-in-the-middle, and eavesdropping. These attacks exploit Layer 2 vulnerabilities and often cannot be detected. MACsec appends a header and tail to all Ethernet frames, and encrypts data payload within the frame. Receiving device checks header and tail for integrity. If the check fails, traffic is dropped. If the check is successful, the frame is encrypted.

For more details, visit the Technical update video -
Aruba AOS-CX 10.11: Host to Switch MACsec Technical Update

YouTube		remove preview
Aruba AOS-CX 10.11: Host to Switch MACsec Technical Update View this on YouTube >

------------------------------
Shobana
Aruba
------------------------------

Original Message:
Sent: Dec 12, 2022 06:40 AM
From: Shobana Nandakumar
Subject: AOS-CX 10.11 Release Updates

Support for LACP fallback

LACP Fallback feature provides a configuration mechanism for dynamic LAGs to enable non-bonded interfaces that would otherwise be blocked due to the absence of any LACP BPDUs received from the peer LACP fallback was first introduced into AOS-CX 10.02.0020 Initial support was limited to VSX multi-chassis LAG interfaces only The new CLI command to enable the feature on non-VSX Dynamic LAGs is called lacp fallback-static The pre-existing CLI command lacp fallback is retained for support with VSX Supported Platforms Now starting with AOS-CX 10.11, the feature has been extended to other Dynamic LAGs on the following platforms: OVA, 4100, 6000, 6100, 6200, 6300, 6400, 8320, 8325, 8360, 9300, 10000

For details, visit the Technical update video -
https://www.youtube.com/watch?v=mjy4mUlzwQ0


------------------------------
Shobana
Aruba
------------------------------

Dynamic BGP peering

Before AOS-CX 10.11, each BGP peer IP address must be statically configured as a specific neighbor. With the Dynamic BGP peering feature, AOS-CX dynamically establishes peering with a group of remote neighbors that are configured using a range of IP addresses and BGP peer group : Instead of being configured individually in the BGP neighbors table, BGP dynamic neighbors are configured as ranges of remote addresses with associated peer groups After a subnet range is configured for a BGP peer group and a TCP session is initiated by a remote peer using an IP address in the specified subnet range, a new BGP neighbor is dynamically created as a member of that group, if it has been accepted.

For more details visit the Technical update video -
Aruba AOS-CX 10.11: Dynamic BGP peering Technical Update

YouTube		remove preview
Aruba AOS-CX 10.11: Dynamic BGP peering Technical Update View this on YouTube >

------------------------------
Shobana
Aruba
------------------------------

Original Message:
Sent: Dec 13, 2022 01:05 AM
From: Shobana Nandakumar
Subject: AOS-CX 10.11 Release Updates

Host to Switch MACsec

Media Access Control security (MACsec) provides Layer 2 security for wired LANs, protecting network communications against a range of attacks including: denial of service, intrusion, man-in-the-middle, and eavesdropping. These attacks exploit Layer 2 vulnerabilities and often cannot be detected. MACsec appends a header and tail to all Ethernet frames, and encrypts data payload within the frame. Receiving device checks header and tail for integrity. If the check fails, traffic is dropped. If the check is successful, the frame is encrypted.

For more details, visit the Technical update video -
https://www.youtube.com/watch?v=EgFGpAKIiNY


------------------------------
Shobana
Aruba
------------------------------


Original Message:
Sent: Dec 12, 2022 06:40 AM
From: Shobana Nandakumar
Subject: AOS-CX 10.11 Release Updates

Support for LACP fallback

LACP Fallback feature provides a configuration mechanism for dynamic LAGs to enable non-bonded interfaces that would otherwise be blocked due to the absence of any LACP BPDUs received from the peer LACP fallback was first introduced into AOS-CX 10.02.0020 Initial support was limited to VSX multi-chassis LAG interfaces only The new CLI command to enable the feature on non-VSX Dynamic LAGs is called lacp fallback-static The pre-existing CLI command lacp fallback is retained for support with VSX Supported Platforms Now starting with AOS-CX 10.11, the feature has been extended to other Dynamic LAGs on the following platforms: OVA, 4100, 6000, 6100, 6200, 6300, 6400, 8320, 8325, 8360, 9300, 10000

For details, visit the Technical update video -
https://www.youtube.com/watch?v=mjy4mUlzwQ0


------------------------------
Shobana
Aruba

Multi Fabric VXLAN Campus Border RR Next Hop Self

Enables Campus Border/Route-Reflector VTEP to utilize evpn next-hop-self to reset next-hop for inter fabric eBGP EVPN routes

For more details visit the Technical update video -
AOS-CX 10.11: Multi Fabric VXLAN Campus Border RR Next Hop Self Technical Update

YouTube		remove preview
AOS-CX 10.11: Multi Fabric VXLAN Campus Border RR Next Hop Self Technical Update View this on YouTube >

------------------------------
Shobana
Aruba
------------------------------

Original Message:
Sent: Dec 13, 2022 01:08 AM
From: Shobana Nandakumar
Subject: AOS-CX 10.11 Release Updates

Dynamic BGP peering

Before AOS-CX 10.11, each BGP peer IP address must be statically configured as a specific neighbor. With the Dynamic BGP peering feature, AOS-CX dynamically establishes peering with a group of remote neighbors that are configured using a range of IP addresses and BGP peer group : Instead of being configured individually in the BGP neighbors table, BGP dynamic neighbors are configured as ranges of remote addresses with associated peer groups After a subnet range is configured for a BGP peer group and a TCP session is initiated by a remote peer using an IP address in the specified subnet range, a new BGP neighbor is dynamically created as a member of that group, if it has been accepted.

For more details visit the Technical update video -
https://www.youtube.com/watch?v=jR9Zjc9Z11U

------------------------------
Shobana
Aruba
------------------------------


Original Message:
Sent: Dec 13, 2022 01:05 AM
From: Shobana Nandakumar
Subject: AOS-CX 10.11 Release Updates

Host to Switch MACsec

Media Access Control security (MACsec) provides Layer 2 security for wired LANs, protecting network communications against a range of attacks including: denial of service, intrusion, man-in-the-middle, and eavesdropping. These attacks exploit Layer 2 vulnerabilities and often cannot be detected. MACsec appends a header and tail to all Ethernet frames, and encrypts data payload within the frame. Receiving device checks header and tail for integrity. If the check fails, traffic is dropped. If the check is successful, the frame is encrypted.

For more details, visit the Technical update video -
https://www.youtube.com/watch?v=EgFGpAKIiNY


------------------------------
Shobana
Aruba


Original Message:
Sent: Dec 12, 2022 06:40 AM
From: Shobana Nandakumar
Subject: AOS-CX 10.11 Release Updates

Support for LACP fallback

LACP Fallback feature provides a configuration mechanism for dynamic LAGs to enable non-bonded interfaces that would otherwise be blocked due to the absence of any LACP BPDUs received from the peer LACP fallback was first introduced into AOS-CX 10.02.0020 Initial support was limited to VSX multi-chassis LAG interfaces only The new CLI command to enable the feature on non-VSX Dynamic LAGs is called lacp fallback-static The pre-existing CLI command lacp fallback is retained for support with VSX Supported Platforms Now starting with AOS-CX 10.11, the feature has been extended to other Dynamic LAGs on the following platforms: OVA, 4100, 6000, 6100, 6200, 6300, 6400, 8320, 8325, 8360, 9300, 10000

For details, visit the Technical update video -
https://www.youtube.com/watch?v=mjy4mUlzwQ0


------------------------------
Shobana
Aruba