Wired Intelligent Edge

last person joined: 17 hours ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Stumped on setting up S3500 demo unit with our config

This thread has been viewed 0 times

  • 1.  Stumped on setting up S3500 demo unit with our config

    Posted Jun 21, 2012 01:38 PM

    OK so we have a 3600 controller and we have the first 3 port (0,1,2) setup as a trunk/PC.  It appears you can not use "Tunnel Node" on port channels... I have another port (3) would it make sense to set that on a new VLAN give it a new IP and then connect the tunneled ports VIA that vlan ?  Or am I not even remotely looking at this correctly :)

     

    I am a bit confused with the documentation.

     

    Versions: 

    6.1.3.1 - controller

    7.1.3.0 - switch

     

    I am guessing I am over complicating something here... as this seems counter intuitive compared to how easy it has been to setup other aruba gear...


    #3600


  • 2.  RE: Stumped on setting up S3500 demo unit with our config

    EMPLOYEE
    Posted Jun 21, 2012 03:13 PM

    I'm not sure I follow your comment about port channels. Are your first three ports setup as trunks (aka 802.1q) or setup as as members of a Link Aggregation Bundle (aka Etherchannel, Port Channel, etc)? If they are setup as trunks, you can set these up as tunneled node ports. If these ports are aggregated together, you cannot.



  • 3.  RE: Stumped on setting up S3500 demo unit with our config

    Posted Jun 21, 2012 03:18 PM

    Sorry had my "ProCurve" hat on :) Link Aggregated.  

     

    I have another port (3)... can I use that for testing (on a different VLAN so we dont cause a loop)?



  • 4.  RE: Stumped on setting up S3500 demo unit with our config

    EMPLOYEE
    Posted Jun 21, 2012 03:38 PM

    Yes, you can use any port on the Mobility Access Switch. You would set the tunneled node profile and a switch profile (with the different client VLAN) on the 3rd port. The client VLAN would also then be programmed on your controller.



  • 5.  RE: Stumped on setting up S3500 demo unit with our config

    Posted Jun 21, 2012 03:53 PM

    do you know if there are plans on supporting aggregated links?  It would seem to me that this would be a prefered connection especially for wired connections for bandwidth reasons...  I understand the work-around for my config, but I think it does add un-needed complexity....



  • 6.  RE: Stumped on setting up S3500 demo unit with our config

    EMPLOYEE
    Posted Jun 21, 2012 04:37 PM

    I'm not aware of any plans but help me visualize the use case:

     

    PC ======2xGE=======S3500

     

    Or is this with a downstream switch?

     

    Switch=======S3500

     

    Thanks.



  • 7.  RE: Stumped on setting up S3500 demo unit with our config

    Posted Jun 22, 2012 08:06 AM

    Madjali,

     

    I'm not speaking for this poster as I don't know what or how his systems is setup.

     

    But for my installs the 2nd on your list above would be helpful.

     

    Switch A==========3500

     

     

    This would give you redundant links without using spanning tree



  • 8.  RE: Stumped on setting up S3500 demo unit with our config

    Posted Jun 25, 2012 11:30 AM

    Here is our test config:

     

    client <======> S3500 <=======>[3x Gbe- aggregates links Port channel]3600

     

    In the documentation it states I need to turn on "Enable Tunneled Node" on the port on my controller (3600). In the 3600, if I do this I get an error that says: GigabitEthernet 1/0:Illegal Operation: Interface belongs to a port-channel group

     

    The option is not present in the PC group on the 3600.

     

    It would be my understanding that I would just have to turn the "Wireless access concentration" ON, and make sure my controller's IP is in the Server IP (I only have a single controller).

     

    And then point the S3500 to the 3600's IP address (Tunneled Server IP Address).  But it is not working...  

     

    This should not be this complicated :)

     

    -Dan




  • 9.  RE: Stumped on setting up S3500 demo unit with our config

    Posted Jun 25, 2012 11:51 AM

    Crap.... Its working now.. I clicked "Enable Concentrator Server" on the controller, and everything started to work.  That would have been helpful if that was actually in the documentation!

     

    -Dan



  • 10.  RE: Stumped on setting up S3500 demo unit with our config

    EMPLOYEE
    Posted Jun 25, 2012 11:55 AM

    Dan,

    I'm glad you got it working.

     

    I'll let the product team know that we need to improve the documentation in this area. Thanks for the feedback.



  • 11.  RE: Stumped on setting up S3500 demo unit with our config

    Posted Jun 25, 2012 04:08 PM

    A couple of fine points.  If you have been just using radius for wifi then you also need to modify your radius connection profiles on your radius server to make sure you allow authentication over ethernet (otherwise authentication will fail).  Also its important to keep in mind that the initial role is VERY important with a wired connection, as this is what the computer connects as when authentication fails or does not exist (computer is sitting at login screen, and you require user/pass VIA PEAP).  

     

    Overall once this is going it is quite seemeless, I created a new AAA wired profile that had some additional tweeks over our wifi 802.1x profiles, but overall it seems like a good fit.  

     

    I am annoyed that I can not see my authenticated wired cliens in the "dashboard" view - this is really an oversite.

     

    The documentation on the switch does need a bit of clean up though - to reflect this information...

     

    EDIT:  It appears that OS fingerprinting is also broken, device type is blank on our 802.1x wired users...