Aruba OS-CX

• Global Configuration
• Using Interface Persona (Template)
• Random Examples
• Prioritize and Rate Limit

Global Configuration

Using Interface Persona (Template)

Description

Starting in Aruba OS CX 10.10 a new feature called interface persona was introduced. This feature allows you to build interface templates and attach or copy a interfaces to those personas (templates). This is great for configuring multiple interfaces with the same configuration.

There are a couple of things to note, copying a interface persona will copy the config from the persona into the interface and nothing more. Attaching a interface to a persona will link the configuration to the persona, if you make a change to the persona it will also change all of the interfaces that are attached to the persona. You will see how to attach a interface to a persona in the config example below.

Defining a interface persona

In this example I am setting up a dot1x persona (template) that I want to apply to several interfaces.

interface persona dot1x-auth
    no shutdown
    mtu 9198
    no routing
    vlan access 1
    qos trust dscp
    loop-protect action tx-rx-disable
    aaa authentication port-access client-limit 10
    aaa authentication port-access dot1x authenticator
        eapol-timeout 10
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable

Attaching a interface to a persona

This is an example of a default interface before I attach it to a persona

show running-config interface 1/1/10
interface 1/1/10
    no shutdown
    no routing
    vlan access 1
    exit

Now I will attach the interface to a persona

(config)# interface 1/1/10
CX6300-Core(config-if)# persona custom dot1x-auth attach

After the interface has been attached to the persona you can see that the interface is linked to the configuration in the persona

# show running-config interface 1/1/10
interface 1/1/10
    no shutdown
    persona custom dot1x-auth attach
    mtu 9198
    no routing
    vlan access 1
    qos trust dscp
    aaa authentication port-access client-limit 10
    aaa authentication port-access dot1x authenticator
        eapol-timeout 10
        max-eapol-requests 1
        max-retries 1
        enable
    aaa authentication port-access mac-auth
        enable
    loop-protect action tx-rx-disable
    exit

Random Examples

Prioritize and Rate Limit

This is an example configuration showing how to apply prioritization and rate limiting on a interface level.

class ip any
    10 match any any any
class ip priority-hosts
    10 match any 10.128.0.120 any
    20 match any any 10.128.0.120
policy elan-in
    10 class ip priority-hosts action local-priority 6
    20 class ip any action local-priority 1
policy elan-out
    10 class ip priority-hosts action cir kbps 20480 cbs 128 exceed drop
    20 class ip any action cir kbps 286720 cbs 256 exceed drop

interface 1/1/27
    no shutdown
    mtu 9198
    no routing
    vlan trunk native 1280
    vlan trunk allowed all
    qos trust dscp
    loop-protect action tx-rx-disable
    apply policy elan-in in
    apply policy elan-out out

interface 1/1/28
    no shutdown
    mtu 9198
    no routing
    vlan trunk native 1280
    vlan trunk allowed all
    qos trust dscp
    loop-protect action tx-rx-disable
    apply policy elan-in in
    apply policy elan-out out