Overview
This course teaches you the advanced skills necessary to implement and operate enterprise level Aruba campus switching solutions. You will build on the skills you learned at the Associate level to configure and manage modern, open standards-based networking solutions using Aruba's OS-CX routing and switching technologies. In this course, participants learn about ArubaOS-CX switch technologies including: securing port access with Aruba's dynamic segmentation, redundancy technologies such as Multiple Spanning Tree Protocol (MSTP), link aggregation techniques including Link Aggregation Protocol (LACP) and switch virtualization with Aruba’s Virtual Switching Extension (VSX) and Aruba's Virtual Switching Framework (VSF). This course is approximately 50% lecture and 50% hands-on lab exercises.
Prerequisites
Suggested prerequisites
- Aruba OS-CX Switching Fundamentals (CXF)
Delegates will learn how to
After you successfully complete this course, expect to be able to:
- Use NetEdit to manage switch configurations
- Use the Network Analytics Engine (NAE) to implement scripting solutions to provide for proactive network management and monitoring
- Compare and contrast VSX, VSF, and backplane stacking
- Explain how VSX handles a split-brain scenario
- Implement and manage a VSX fabric
- Define ACLs and identify the criteria by which ACLs select traffic
- Configure ACLs on AOS-CX switches to select given traffic
- Apply static ACLs to interfaces to meet the needs of a particular scenario
- Examine an ACL configuration and determine the action taken on specific packets
- Deploy AOS-Switches in single-area and multi-area OSPF systems
- Use area definitions and summaries to create efficient and scalable multiple area designs
- Advertise routes to external networks in a variety of OSPF environments
- Promote fast, effective convergence during a variety of failover situations
- Use virtual links as required to establish non-direct connections to the backbone
- Implement OSFP authentication
- Establish and monitor BGP sessions between your routers and ISP routers
- Advertise an IP block to multiple ISP routers
- Configure a BGP router to advertise a default route in OSPF
- Use Internet Group Management Protocol (IGMP) to optimize forwarding of multicast traffic within VLANs
- Describe the differences between IGMP and IGMP snooping
- Distinguish between PIM-DM and PIM-SM
- Implement PIM-DM and PIM-SM to route multicast traffic
- Implement Virtual Routing Forwarding (VRF) policies to contain and segregate routing information
- Create route maps to control routing policies
- Understand the use of user roles to control user access on AOS-CX switches
- Implement local user roles on AOS-CX switches and downloadable user roles using a ClearPass solution
- Implement 802.1X on AOS-CX switch ports
- Integrate AOS-CX switches with an Aruba ClearPass solution, which might apply dynamic role settings
- Implement RADIUS-based MAC Authentication (MAC-Auth) on AOS-CX switch ports
- Configure captive portal authentication on AOS-CX switches to integrate them with an Aruba ClearPass solution
- Combine multiple forms of authentication on a switch port that supports one or more simultaneous users
- Configure dynamic segmentation on AOS-CX switches
- Explain how technologies such as sFlow and traffic mirroring allow you to monitor network traffic
- Describe how AOS-CX switches prioritize traffic based on its queue
- Configure AOS-CX switches to honor the appropriate QoS marks applied by other devices
- Configure AOS-CX switches to select traffic, apply the appropriate QoS marks, and place the traffic in the proper priority queues
- Implement rate limiting
- Understand how the Virtual Output Queuing (VOQ) feature mitigates head-of-line (HOL) blocking
- Configure a voice VLAN and LLDP-MED
Outline
Introduction to Aruba Switching
- Switches overview
- Architectures
NetEdit
- Overview
- Centralized configuration
- Switch groups/templates
- AOS-CX mobile App
Network Analytics Engine (NAE)
- Overview
- Configuration
- Core NAE feature lab
- sflow, local mirror, remote mirror
VSX
- VSF vs. VSX: access and Agg/core design
- Stacking review
- VSF and uni/multi packet forwarding
- Stack fragments / split brain
- VSX Overview: roles, control, data, management planes
- VSX components (ISL, Keepalive, VSX LAG, Active Gateway, Active-Forwarding, Link Delay)
- Split Brain scenario
- Upstream Connectively Options (ROP single VRF, SVIs with multiple VRF, VSX Lag SVIs with multiple VRFs)
- Upstream/Downstream unicast traffic flow (South-North and North-South)
- VSX Configuration: VSX and Active Gateway
- VSX firmware updates
ACLs
- Overview: types, components
- MAC ACL, Standard ACL, Extended ACL,
- Classifier-based Policies
- Configuration: wildcard bits, logging, pacl, vacl, racl
Advanced OSPF
- Review basic OSPF
- Multi area: setup and aggregation
- Area-Types Stub, Totally Stub, NSSA, Totally NSSA
- External routes
- OSPF tuning: costs, bfd, gr, auth, vrrp, virt link
BGP
- Overview: i/e bgp, as numbers
- Best path selection
- Configuration: route announcement
- Route filtering to prevent transit as
IGMP
- Overview
- Querier
- Snooping
- Unknown multicasts
Multicast Routing: PIM
- Overview
- PIM DM
802.1X Authentication
- Overview: roles, requirements, coa, accounting
- Dynamic port configuration: avp, acl, qos, VLAN
- Port-based vs. user-based: examples
- Radius service tracking, critical VLAN
MAC Authentication
- Overview: Use cases
- Radius-based MAC Auth
Dynamic Segmentation
- Leverage dynamic segmentation features
- Configure tunneled-node on AOS-CX switches
- Describe when and how to configure PAPI enhanced security, high availability, and fallback switching for tunneled-node
Quality of Service
- Overview
- VoQ (Virtual Output Queue)
- QOS: queueing, QOS marks, dot1p, dscp
- Trust levels
- QOS configuration: port, VLAN, policies
- Interaction with user roles
- Queue configuration
- Rate limiters
- LLDP-MED
Additional Routing Technologies
- VRF - Management VRF
- PBR
- MDNS
- PIM SM
Capitve Portal Authentication
- Overview of guest solutions
- Built-in web auth
- ClearPass redirect with CPPM
Frequently asked questions
How can I create an account on myQA.com?
There are a number of ways to create an account. If you are a self-funder, simply select the "Create account" option on the login page.
If you have been booked onto a course by your company, you will receive a confirmation email. From this email, select "Sign into myQA" and you will be taken to the "Create account" page. Complete all of the details and select "Create account".
If you have the booking number you can also go here and select the "I have a booking number" option. Enter the booking reference and your surname. If the details match, you will be taken to the "Create account" page from where you can enter your details and confirm your account.
Find more answers to frequently asked questions in our FAQs: Bookings & Cancellations page.
How do QA’s virtual classroom courses work?
Our virtual classroom courses allow you to access award-winning classroom training, without leaving your home or office. Our learning professionals are specially trained on how to interact with remote attendees and our remote labs ensure all participants can take part in hands-on exercises wherever they are.
We use the WebEx video conferencing platform by Cisco. Before you book, check that you meet the WebEx system requirements and run a test meeting to ensure the software is compatible with your firewall settings. If it doesn’t work, try adjusting your settings or contact your IT department about permitting the website.
How do QA’s online courses work?
QA online courses, also commonly known as distance learning courses or elearning courses, take the form of interactive software designed for individual learning, but you will also have access to full support from our subject-matter experts for the duration of your course. When you book a QA online learning course you will receive immediate access to it through our e-learning platform and you can start to learn straight away, from any compatible device. Access to the online learning platform is valid for one year from the booking date.
All courses are built around case studies and presented in an engaging format, which includes storytelling elements, video, audio and humour. Every case study is supported by sample documents and a collection of Knowledge Nuggets that provide more in-depth detail on the wider processes.
When will I receive my joining instructions?
Joining instructions for QA courses are sent two weeks prior to the course start date, or immediately if the booking is confirmed within this timeframe. For course bookings made via QA but delivered by a third-party supplier, joining instructions are sent to attendees prior to the training course, but timescales vary depending on each supplier’s terms. Read more FAQs.
When will I receive my certificate?
Certificates of Achievement are issued at the end the course, either as a hard copy or via email. Read more here.