Course Content
- Introduction to Aruba Switching
- NetEdit
- Network Analytics Engine (NAE)
- VSX
- ACLs
- Advanced OSPF
- BGP
- IGMP
- Multicast Routing: PIM
- 802.1X Authentication
- MAC Authentication
- Dynamic Segmentation
- Quality of Service
- Additional Routing Technologies
- Capitve Portal Authentication
Who should attend
Typical candidates for this course are IT Professionals who will deploy and manage networks based on HPE’s ArubaOS-CX switches.
Certifications
This course is part of the following Certifications:
Aruba Certified Switching Professional
Prerequisites
Suggested prerequisites
ArubaOS-CX Switching Fundamentals (CXF)
Course Objectives
After you successfully complete this course, expect to be able to:
- Use NetEdit to manage switch configurations
- Use the Network Analytics Engine (NAE) to implement scripting solutions to provide for proactive network management and monitoring
- Compare and contrast VSX, VSF, and backplane stacking
- Explain how VSX handles a split-brain scenario
- Implement and manage a VSX fabric
- Define ACLs and identify the criteria by which ACLs select traffic
- Configure ACLs on AOS-CXÂ switches to select given traffic
- Apply static ACLs to interfaces to meet the needs of a particular scenario
- Examine an ACL configuration and determine the action taken on specific packets
- Deploy AOS-Switches in single-area and multi-area OSPF systems
- Use area definitions and summaries to create efficient and scalable multiple area designs
- Advertise routes to external networks in a variety of OSPF environments
- Promote fast, effective convergence during a variety of failover situations
- Use virtual links as required to establish non-direct connections to the backbone
- Implement OSFP authentication
- Establish and monitor BGP sessions between your routers and ISP routers
- Advertise an IP block to multiple ISP routers
- Configure a BGP router to advertise a default route in OSPF
- Use Internet Group Management Protocol (IGMP) to optimize forwarding of multicast traffic within VLANs
- Describe the differences between IGMP and IGMP snooping
- Distinguish between PIM-DM and PIM-SM
- Implement PIM-DM and PIM-SM to route multicast traffic
- Implement Virtual Routing Forwarding (VRF) policies to contain and segregate routing information
- Create route maps to control routing policies
- Understand the use of user roles to control user access on AOS-CXÂ switches
- Implement local user roles on AOS-CXÂ switches and downloadable user roles using a ClearPass solution
- Implement 802.1X on AOS-CXÂ switch ports
- Integrate AOS-CX switches with an Aruba ClearPass solution, which might apply dynamic role settings
- Implement RADIUS-based MAC Authentication (MAC-Auth) on AOS-CXÂ switch ports
- Configure captive portal authentication on AOS-CX switches to integrate them with an Aruba ClearPass solution
- Combine multiple forms of authentication on a switch port that supports one or more simultaneous users
- Configure dynamic segmentation on AOS-CXÂ switches
- Explain how technologies such as sFlow and traffic mirroring allow you to monitor network traffic
- Describe how AOS-CXÂ switches prioritize traffic based on its queue
- Configure AOS-CXÂ switches to honor the appropriate QoS marks applied by other devices
- Configure AOS-CXÂ switches to select traffic, apply the appropriate QoS marks, and place the traffic in the proper priority queues
- Implement rate limiting
- Understand how the Virtual Output Queuing (VOQ) feature mitigates head-of-line (HOL) blocking
- Configure a voice VLAN and LLDP-MED
Outline: Implementing Aruba OS-CX Switching (ICX)
Introduction to Aruba Switching
- Switches overview
- Architectures
NetEdit
- Overview
- Centralized configuration
- Switch groups/templates
- AOS-CXÂ mobile App
Network Analytics Engine (NAE)
- Overview
- Configuration
- Core NAE feature lab
- sflow, local mirror, remote mirror
VSX
- VSF vs. VSX: access and Agg/core design
- Stacking review
- VSF and uni/multi packet forwarding
- Stack fragments / split brain
- VSX Overview: roles, control, data, management planes
- VSX components (ISL, Keepalive, VSX LAG, Active Gateway, Active-Forwarding, Link Delay)
- Split Brain scenario
- Upstream Connectively Options (ROP single VRF, SVIs with multiple VRF, VSX Lag SVIs with multiple VRFs)
- Upstream/Downstream unicast traffic flow (South-North and North-South)
- VSX Configuration: VSX and Active Gateway
- VSX firmware updates
ACLs
- Overview: types, components
- MAC ACL, Standard ACL, Extended ACL,
- Classifier-based Policies
- Configuration: wildcard bits, logging, pacl, vacl, racl
Advanced OSPF
- Review basic OSPF
- Multi area: setup and aggregation
- Area-Types Stub, Totally Stub, NSSA, Totally NSSA
- External routes
- OSPF tuning: costs, bfd, gr, auth, vrrp, virt link
BGP
- Overview: i/e bgp, as numbers
- Best path selection
- Configuration: route announcement
- Route filtering to prevent transit as
IGMP
- Overview
- Querier
- Snooping
- Unknown multicasts
Multicast Routing: PIM
- Overview
- PIM DM
802.1X Authentication
- Overview: roles, requirements, coa, accounting
- Dynamic port configuration: avp, acl, qos, VLAN
- Port-based vs. user-based: examples
- Radius service tracking, critical VLAN
MAC Authentication
- Overview: Use cases
- Radius-based MAC Auth
Dynamic Segmentation
- Leverage dynamic segmentation features
- Configure tunneled-node on AOS-CXÂ switches
- Describe when and how to configure PAPI enhanced security, high availability, and fallback switching for tunneled-node
Quality of Service
- Overview
- VoQ (Virtual Output Queue)
- QOS: queueing, QOS marks, dot1p, dscp
- Trust levels
- QOS configuration: port, VLAN, policies
- Interaction with user roles
- Queue configuration
- Rate limiters
- LLDP-MED
Additional Routing Technologies
- VRF – Management VRF
- PBR
- MDNS
- PIM SM
Capitve Portal Authentication
- Overview of guest solutions
- Built-in web auth
- ClearPass redirect with CPPM
