# Aruba OS-CX # Global Configuration # Using Interface Persona (Template) #### Description Starting in Aruba OS CX 10.10 a new feature called interface persona was introduced. This feature allows you to build interface templates and attach or copy a interfaces to those personas (templates). This is great for configuring multiple interfaces with the same configuration. There are a couple of things to note, copying a interface persona will copy the config from the persona into the interface and nothing more. Attaching a interface to a persona will link the configuration to the persona, if you make a change to the persona it will also change all of the interfaces that are attached to the persona. You will see how to attach a interface to a persona in the config example below. #### Defining a interface persona In this example I am setting up a dot1x persona (template) that I want to apply to several interfaces. > interface persona dot1x-auth > no shutdown > mtu 9198 > no routing > vlan access 1 > qos trust dscp > loop-protect action tx-rx-disable > aaa authentication port-access client-limit 10 > aaa authentication port-access dot1x authenticator > eapol-timeout 10 > max-eapol-requests 1 > max-retries 1 > enable > aaa authentication port-access mac-auth > enable #### Attaching a interface to a persona This is an example of a default interface before I attach it to a persona > show running-config interface 1/1/10 > interface 1/1/10 > no shutdown > no routing > vlan access 1 > exit Now I will attach the interface to a persona > (config)# interface 1/1/10 > CX6300-Core(config-if)# persona custom dot1x-auth attach After the interface has been attached to the persona you can see that the interface is linked to the configuration in the persona > \# show running-config interface 1/1/10 > interface 1/1/10 > no shutdown > persona custom dot1x-auth attach > mtu 9198 > no routing > vlan access 1 > qos trust dscp > aaa authentication port-access client-limit 10 > aaa authentication port-access dot1x authenticator > eapol-timeout 10 > max-eapol-requests 1 > max-retries 1 > enable > aaa authentication port-access mac-auth > enable > loop-protect action tx-rx-disable > exit # Random Examples # Prioritize and Rate Limit This is an example configuration showing how to apply prioritization and rate limiting on a interface level. > class ip any > 10 match any any any > class ip priority-hosts > 10 match any 10.128.0.120 any > 20 match any any 10.128.0.120 > policy elan-in > 10 class ip priority-hosts action local-priority 6 > 20 class ip any action local-priority 1 > policy elan-out > 10 class ip priority-hosts action cir kbps 20480 cbs 128 exceed drop > 20 class ip any action cir kbps 286720 cbs 256 exceed drop > > interface 1/1/27 > no shutdown > mtu 9198 > no routing > vlan trunk native 1280 > vlan trunk allowed all > qos trust dscp > loop-protect action tx-rx-disable > apply policy elan-in in > apply policy elan-out out > > interface 1/1/28 > no shutdown > mtu 9198 > no routing > vlan trunk native 1280 > vlan trunk allowed all > qos trust dscp > loop-protect action tx-rx-disable > apply policy elan-in in > apply policy elan-out out # EVPN/VXLAN # Symmetric IRB ### AOS-CX EVPN/VXLAN Symmetric IRB [![Screenshot 2025-06-02 at 1.41.43 PM.png](https://books.designlogic.net/uploads/images/gallery/2025-06/scaled-1680-/screenshot-2025-06-02-at-1-41-43-pm.png)](https://books.designlogic.net/uploads/images/gallery/2025-06/screenshot-2025-06-02-at-1-41-43-pm.png) ### Configuration for Route Reflector > bfd > ! > vlan 1280 > name data-1280 > vlan 4020 > name vxlan-connect > evpn > vlan 1280 > rd auto > route-target export auto > route-target import auto > interface 1/1/23 > no shutdown > mtu 9198 > no routing > vlan access 4020 > interface 1/1/24 > no shutdown > mtu 9198 > no routing > vlan access 4020 > interface loopback 1 > ip address 10.255.1.1/32 > ip ospf 1 area 0.0.0.0 > interface vlan 4020 > ip mtu 9198 > ip address 172.16.1.10/24 > ip ospf 1 area 0.0.0.0 > no ip ospf passive > interface vxlan 1 > source ip 10.255.1.1 > no shutdown > vni 1001280 > vlan 1280 > router ospf 1 > router-id 10.255.1.1 > passive-interface default > bfd all-interfaces > redistribute connected > area 0.0.0.0 > router bgp 65001 > bgp router-id 10.255.1.1 > neighbor mcast-mdf peer-group > neighbor mcast-mdf remote-as 65001 > neighbor mcast-mdf update-source loopback 1 > neighbor 10.255.1.2 peer-group mcast-mdf > neighbor 10.255.1.3 peer-group mcast-mdf > address-family l2vpn evpn > neighbor mcast-mdf send-community both > neighbor 10.255.1.2 route-reflector-client > neighbor 10.255.1.2 activate > neighbor 10.255.1.3 route-reflector-client > neighbor 10.255.1.3 activate > exit-address-family > ! ### Configuration for leaf 1 switch VLAN 90 > bfd > vrf Data > rd 65001:100 > route-target export 65001:100 evpn > route-target import 65001:100 evpn > vlan 90 > name v90 > vlan 1280 > name Data-1280 > vlan 4020 > name vxlan-connect > virtual-mac 00:00:02:00:03:00 > evpn > vlan 90 > rd auto > route-target export auto > route-target import auto > redistribute host-route > vlan 1280 > rd auto > route-target export auto > route-target import auto > interface 1/1/11 > no shutdown > no routing > vlan access 90 > interface 1/1/24 > no shutdown > no routing > mtu 9198 > vlan access 4020 > interface loopback 1 > ip address 10.255.1.3/32 > ip ospf 1 area 0.0.0.0 > interface vlan 90 > vrf attach Data > ip address 192.168.90.1/24 > active-gateway ip mac 00:00:02:00:00:03 > active-gateway ip 192.168.90.1 > interface vlan 1280 > ip address 10.128.0.251/24 > interface vlan 4020 > ip mtu 9198 > ip address 172.16.1.30/24 > ip ospf 1 area 0.0.0.0 > interface vxlan 1 > source ip 10.255.1.3 > no shutdown > vni 1000090 > vlan 90 > vni 1001280 > vlan 1280 > vni 2000100 > vrf Data > routing > ! > router ospf 1 > router-id 10.255.1.3 > bfd all-interfaces > area 0.0.0.0 > router bgp 65001 > bgp router-id 10.255.1.3 > neighbor mcast-core peer-group > neighbor mcast-core remote-as 65001 > neighbor mcast-core update-source loopback 1 > neighbor 10.255.1.1 peer-group mcast-core > neighbor 10.255.1.2 peer-group mcast-core > address-family l2vpn evpn > neighbor mcast-core send-community both > neighbor 10.255.1.1 activate > exit-address-family > ! > vrf Data > address-family ipv4 unicast > redistribute connected > exit-address-family > ! ### Configuration for leaf 2 switch VLAN 91 > bfd > vrf Data > rd 65001:100 > route-target export 65001:100 evpn > route-target import 65001:100 evpn > vlan 91 > name v91 > vlan 1280 > name data-1280 > vlan 4020 > name vxlan-connect > virtual-mac 00:00:02:00:02:00 > evpn > vlan 91 > rd auto > route-target export auto > route-target import auto > redistribute host-route > vlan 1280 > rd auto > route-target export auto > route-target import auto > interface 1/1/11 > no shutdown > no routing > vlan access 91 > interface 1/1/48 > no shutdown > mtu 9198 > no routing > vlan access 4020 > interface loopback 1 > ip address 10.255.1.2/32 > ip ospf 1 area 0.0.0.0 > interface vlan 91 > vrf attach Data > ip address 192.168.91.1/24 > active-gateway ip mac 00:00:02:00:00:02 > active-gateway ip 192.168.91.1 > interface vlan 4020 > ip mtu 9198 > ip address 172.16.1.20/24 > ip ospf 1 area 0.0.0.0 > no ip ospf passive > interface vxlan 1 > source ip 10.255.1.2 > no shutdown > vni 1000091 > vlan 91 > vni 1001280 > vlan 1280 > vni 2000100 > vrf Data > routing > ! > router ospf 1 > router-id 10.255.1.2 > passive-interface default > bfd all-interfaces > redistribute connected > area 0.0.0.0 > router bgp 65001 > bgp router-id 10.255.1.2 > neighbor mcast-core peer-group > neighbor mcast-core remote-as 65001 > neighbor mcast-core update-source loopback 1 > neighbor 10.255.1.1 peer-group mcast-core > neighbor 10.255.1.3 peer-group mcast-core > address-family l2vpn evpn > neighbor mcast-core send-community both > neighbor 10.255.1.1 activate > exit-address-family > ! > vrf Data > address-family ipv4 unicast > redistribute connected > exit-address-family > !