Network Management

 View Only

  • 1.  VSX and Lag best practices

    Posted Jan 14, 2026 08:24 AM
    Edited by redgoldpaws Jan 14, 2026 09:19 AM

    Would this be the correct setup? For LACP Lags at 2 different Sites? or should each controller have its own Lag? 





    Note: they are not set up as multi-chaise Lags



  • 2.  RE: VSX and Lag best practices

    Posted Jan 14, 2026 10:20 AM
    Hi, no.

    Are the two VSX Cluster members (8325A-1 and 8325A-2) placed in different sites? say 8325A-1 on Site A and 8325A-2 on Site B or 8325A-1 on Site A Room 1 and 8325A-2 on Site A Room 2 or - again - simple case both in the same Site and same Room?

    In any case if I were you I will connect each peer (access/distribution) switch - the four ones you have below the VSX - to both VSX members: it means a simple LAG to VSX from the peer switch standpoint and a VSX LAG (also known as Multi-Chassis LAG or MC-LAG) to the peer Switch from the VSX standpoint.

    This to gain resiliency in case one VSX members goes down or when a link broke and so on.

    In your diagram each pair of peer switches is "tied" to only one VSX member (the nearer one)...are you forced to do so?



    Original Message


  • 3.  RE: VSX and Lag best practices

    Posted Jan 14, 2026 11:03 AM

    Ah! Thats my bad...

    Yes the 2 8325s are in a vsx pair, but they are physically located in to different buildings A and B....

    We are not able to set up a multi chassis lags due to cabling limitations between the sites...

    Both 8325s have 3 LAGs 2,3,&4 each of those connect to a wireless controller/conductor

    so the config looks like this 

    8325A-1# sh int br
    --------------------------------------------------------------------------------------------------------
    Port           Native  Mode   Type           Enabled Status  Reason                  Speed   Description
                   VLAN                                                                  (Mb/s)
    --------------------------------------------------------------------------------------------------------
    1/1/1          --      routed 1G-LX          yes     up                              1000    Keepalive
    1/1/2          --      routed 1G-LX          yes     up                              1000    Keepalive
    1/1/3          100     trunk  --             no      down    No XCVR installed       --      
    1/1/4          100     trunk  --             no      down    No XCVR installed       --      
    1/1/5          100     trunk  --             yes     down    No XCVR installed       --      8325A-1gw1-aos10
    1/1/6          100     trunk  --             yes     down    No XCVR installed       --      8325A-1gw1-aos10
    1/1/7          100     trunk  --             yes     down    No XCVR installed       --      8325A-1gw1-aos10
    1/1/8          100     trunk  --             yes     down    No XCVR installed       --      8325A-1gw1-aos10
    1/1/9          100     trunk  10G-DAC3       yes     up                              10000   8325A-1mc1-aos8
    1/1/10         100     trunk  10G-DAC3       yes     up                              10000   8325A-1mc1-aos8
    1/1/11         100     trunk  10G-DAC3       yes     up                              10000   8325A-1mc1-aos8
    1/1/12         100     trunk  10G-DAC3       yes     up                              10000   8325A-1mc1-aos8
    1/1/13         100     trunk  10G-DAC3       yes     up                              10000   8325A-1mc2-aos8
    1/1/14         100     trunk  10G-DAC3       yes     up                              10000   8325A-1mc2-aos8
    1/1/15         100     trunk  10G-DAC3       yes     up                              10000   8325A-1mc2-aos8
    1/1/16         100     trunk  10G-DAC3       yes     up                              10000   8325A-1mc2-aos8
    1/1/45         --      routed 25G-SR         yes     up                              25000   6400AC1
    1/1/46         --      routed 25G-SR         yes     up                              25000   6400AC2
    1/1/47         1       trunk  25G-LR         yes     up                              25000   ISL
    1/1/48         1       trunk  25G-LR         yes     up                              25000   ISL
    lag1           1       trunk  --             yes     up      --                      25000   ISL

    lag2          100     trunk  --             yes     down    --                      auto    8325A-1gw1-aos10
    lag3          100     trunk  --             yes     up      --                      40000   8325A-1mc1-aos8
    lag4          100     trunk  --             yes     up      --                      40000   8325A-1mc2-aos8
    lag256         --      routed --             yes     up      --                      2000    VSX_KeepAlive

    8325A-1# sh run int lag 2
    interface lag 2
        description 8325A-1gw1-aos10
        no shutdown
        no routing
        vlan trunk native 100
        vlan trunk allowed all
        lacp mode active
        exit
    8325A-1# sh run int lag 3
    interface lag 3
        description 8325A-1mc1-aos10
        no shutdown
        no routing
        vlan trunk native 100
        vlan trunk allowed all
        lacp mode active
        exit
    8325A-1# sh run int lag 4
    interface lag 4
        description 8325A-1mc4-aos10
        no shutdown
        no routing
        vlan trunk native 100
        vlan trunk allowed all
        lacp mode active
        exit
    ===========================================================================
    8325B-1# sh int br
    --------------------------------------------------------------------------------------------------------
    Port           Native  Mode   Type           Enabled Status  Reason                  Speed   Description
                   VLAN                                                                  (Mb/s)
    --------------------------------------------------------------------------------------------------------
    1/1/1          --      routed 1G-LX          yes     up                              1000    Keepalive
    1/1/2          --      routed 1G-LX          yes     up                              1000    Keepalive
    1/1/3          100     trunk  --             no      down    No XCVR installed       --      
    1/1/4          100     trunk  --             no      down    No XCVR installed       --      
    1/1/5          100     trunk  --             yes     down    No XCVR installed       --      8325B-1gw1-aos10
    1/1/6          100     trunk  --             yes     down    No XCVR installed       --      8325B-1gw1-aos10
    1/1/7          100     trunk  --             yes     down    No XCVR installed       --      8325B-1gw1-aos10
    1/1/8          100     trunk  --             yes     down    No XCVR installed       --      8325B-1gw1-aos10
    1/1/9          100     trunk  10G-DAC3       yes     up                              10000   8325B-1mc1-aos8
    1/1/10         100     trunk  10G-DAC3       yes     up                              10000   8325B-1mc1-aos8
    1/1/11         100     trunk  10G-DAC3       yes     up                              10000   8325B-1mc1-aos8
    1/1/12         100     trunk  10G-DAC3       yes     up                              10000   8325B-1mc1-aos8
    1/1/13         100     trunk  10G-DAC3       yes     up                              10000   8325B-1mc2-aos8
    1/1/14         100     trunk  10G-DAC3       yes     up                              10000   8325B-1mc2-aos8
    1/1/15         100     trunk  10G-DAC3       yes     up                              10000   8325B-1mc2-aos8
    1/1/16         100     trunk  10G-DAC3       yes     up                              10000   8325B-1mc2-aos8
    1/1/45         --      routed 25G-SR         yes     up                              25000   6400BC1
    1/1/46         --      routed 25G-SR         yes     up                              25000   6400BC2
    1/1/47         1       trunk  25G-LR         yes     up                              25000   ISL
    1/1/48         1       trunk  25G-LR         yes     up                              25000   ISL
    lag1           1       trunk  --             yes     up      --                      25000   ISL

    lag2          100     trunk  --             yes     down    --                      auto    8325B-1gw1-aos10
    lag3          100     trunk  --             yes     up      --                      40000   8325B-1mc1-aos8
    lag4          100     trunk  --             yes     up      --                      40000   8325B-1mc2-aos8
    lag256         --      routed --             yes     up      --                      2000    VSX_KeepAlive

    8325B-1# sh run int lag 2
    interface lag 2
        description 8325B-1gw1-aos10
        no shutdown
        no routing
        vlan trunk native 100
        vlan trunk allowed all
        lacp mode active
        exit
    8325B-1# sh run int lag 3
    interface lag 3
        description 8325B-1mc1-aos10
        no shutdown
        no routing
        vlan trunk native 100
        vlan trunk allowed all
        lacp mode active
        exit
    8325B-1# sh run int lag 4
    interface lag 4
        description 8325B-1mc2-aos10
        no shutdown
        no routing
        vlan trunk native 100
        vlan trunk allowed all
        lacp mode active
        exit

    So my question is, in this configuration, where we are not set up with mutli-chassis lags, should each controller/conductor be on a separate lag# or because its not multi-chassis lag does it not matter.  

    -------------------------------------------

    Original Message


  • 4.  RE: VSX and Lag best practices
    Best Answer

    Posted Jan 15, 2026 11:55 AM

    Hi, listen...it's quite simple (no matter peer devices involved): a LAG needs to terminate its physical member links on a single logical entity (which is (a) a single standalone Switch e.g. a single 8325 Switch of your pair - the VSX - or (b) a against the VSX as a whole if, from the VSX members standpoint, a corresponding MC-LAG = VSX LAG was setup to receive those incoming LAG links from a peer device).

    Since you can't implement the scenario (b) because you haven't enough links to use between the two sites (and - in any case - you're not going to implement VSX LAGs = MC-LAGs on the VSX Cluster to manage these peer devices) you are forced to consider each VSX member (the VSX Primary and the VSX Secondary) as it is a standalone switch (from the peer device standpoint) and so you are forced to deploy the scenario (a)...so a LAG on a peer device must terminates its physical member links into the same VSX Primary switch OR into the same VSX Secondary switch (and since you're forced to stay local at each site: peer devices on site A link to VSX in site A and peer devices on site B link to VSX in site B) this implies that on both ends (peer and on each VSX member) standard - non-Multi-Chassis - LAGs are required.

    -------------------------------------------

    Original Message


  • 5.  RE: VSX and Lag best practices

    Posted Jan 14, 2026 12:43 PM

    Hello. I was going to post a new message related to VSX so I thought of instead making a new message maybe post my message here ?

    In a VSX pair, the recommended system mac-values for access function is 02:00:00:00:XX:00. and XX is the cluster ID. So what are the values I should change ? for example something like this 02:00:00:00:01:00  as a system-mac ? And If i have more than one VSX pair in the same Data Center, what system-mac should I assign for the second pair, 02:00:00:00:02:00 for example ?

    Sorry for invading your post.

    -------------------------------------------

    Original Message


  • 6.  RE: VSX and Lag best practices

    Posted Jan 19, 2026 06:35 AM
    Edited by parnassus Jan 19, 2026 06:35 AM

    Hello, hijacking a thread is not a good thing to do, always better to search if your topic was already discussed (for sure it was, believe me) or - if you find nothing - create a new dedicated thread.

    In any case, have a look at VSX Configuration Best Practices HPE Aruba Networking CX Switches - Technical Note (Revision 2.0 June 2025) on Page 46 (47 of 306) at Chapter "VSX Deployment and Configuration Best Practices - Virtual MAC and System-MAC Guidance", there it is better explained than here.

    If your VSX Clusters on your datacenters act as Core (VSX Clusters) I will use the 02:02:00:00:XX:00 as the base for imposing a system-mAC Id (say 1st VSX Cluster: 02:02:00:00:01:00, 2nd VSX Cluster: 02:02:00:00:02:00 and so on). Related Active-gateway Virtual MAC Id(s) - if any (and I believe they are necessary if your VSX Cluster(s) act as Core doing IP routing for other peers <- use Access/Distribution lines instead) will follow using the same "naming" rule.

    -------------------------------------------

    Original Message


  • 7.  RE: VSX and Lag best practices

    Posted Jan 19, 2026 07:02 AM

    Hello. I didn't mean to hijack this post. apologies for that.

    Thank you for your reply. much appreciated.

    -------------------------------------------

    Original Message


Related Content