Wireless Access

Reply
Frequent Contributor II

Help with VLAN Trunking

Hello,

 

I'm sure this is probably trivial for most on here, but I'm struggling enabling other VLANs on my 3600 controller running 6.1.3.1.  Here is a snippet of the config.

 

vlan 2
vlan 3
vlan 4
vlan 5
vlan 6
vlan 7
vlan 8 "Guest"
vlan 300 "Northside Wireless VLAN Staff"
vlan 301 "Northside Wireless VLAN Student"
vlan 400 "Rockhill Wireless VLAN Staff"
vlan 401 "Rockhill Wireless VLAN Student"
vlan 500 "AELS Wireless VLAN Staff"
vlan 501 "AELS Wireless VLAN Student"
vlan 600 "Parkway Wireless VLAN Staff"
vlan 601 "Parkway Wireless VLAN Student"
vlan 700 "AMS Wireless VLAN Staff"
vlan 701 "AMS Wireless VLAN Student"
vlan 800 "AHS Wireless VLAN Staff"
vlan 801 "AHS Wireless VLAN Student"


interface gigabitethernet 1/0
description "GE1/0"
trusted
trusted vlan 1-4094
!

interface gigabitethernet 1/1
description "GE1/1"
trusted
trusted vlan 1-4094
switchport access vlan 8
!

interface gigabitethernet 1/2
description "GE1/2"
trusted
trusted vlan 1-4094
switchport access vlan 5
!

interface gigabitethernet 1/3
description "GE1/3"
trusted
trusted vlan 300-301,400-401,500-501,600-601,700-701,800-801
switchport mode trunk
switchport trunk allowed vlan 300-301
!

interface vlan 1
ip address 10.110.40.240 255.255.248.0
ip helper-address 10.110.40.154
!

interface vlan 8
ip address 10.110.96.2 255.255.248.0
shutdown
!

interface vlan 5
ip address 10.110.72.47 255.255.248.0
ip helper-address 10.110.40.154
!

interface vlan 2
ip address 10.110.48.16 255.255.248.0
!

interface vlan 300
ip address 10.110.116.2 255.255.254.0
no ip routing
ip helper-address 10.110.40.154
!

ip default-gateway 10.110.40.1
uplink disable

 

Right now I think all my traffic flows of G 1/0  It is on the default vlan.  What I thought I could do is trunk port G 1/3 to the Cisco switch it is plugged into to get traffic for VLAN 300 if I allowed and trusted the VLANS on that physical port.

 

Right now I only have access to VLAN 1 for any clients.  How would I configure another port on this controller to deal with traffic for other VLANs like 300, 301, 400 etc?  As I was just sitting here typing this I thought of something....  

 

Would I have to trunk or allow vlans on the ports the APs are plugged in to as well?

 

By the way I know the config is right on the Cisco switch because I was able to join to VLAN 300 on the wire with my Mac and a VLAN Interface.

 

What my goal is, is to have a user sign in to 802.1x and assign them to a VLAN based on Filter-ID which I've got working but just can't get an IP address from the DHCP server which does work with the setup above with the VLAN on my Mac as well.

Guru Elite

Re: Help with VLAN Trunking

You need to make sure that your native VLAN on both sides of the trunk match:

 

Aruba Side:

 

config t

interface gigabitethernet1/3

switchport trunk native vlan 1

switchport trunk allowed vlan all

 

 

Cisco side

config t

interface <whatever>

switchport mode trunk

switchport trunk native vlan 1

switchport allowed vlan 1-4096

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II

Re: Help with VLAN Trunking

Thanks for the quick response!  I will try it out when I get a chance. 

Frequent Contributor II

Re: Help with VLAN Trunking

Okay I ran the commands you said and it is still a no go.  When I authenticate and assign the VLAN based on Radius Authentication it does not supply me with an IP address from the DHCP Server.  I continue to get a self assigned IP address.

 

Any other thoughts?

Guru Elite

Re: Help with VLAN Trunking


morrisch@alliancecityschools.org wrote:

Okay I ran the commands you said and it is still a no go.  When I authenticate and assign the VLAN based on Radius Authentication it does not supply me with an IP address from the DHCP Server.  I continue to get a self assigned IP address.

 

Any other thoughts?


If you can go on the commandline of the controller, type "show user-table verbose".  You should see your failed user in the user table and in parentheses will be the VLAN that the user ends up on when he has the problem.

 

Then type "show vlan status" and it will tell you what ports that VLAN is on.  Use that to make sure that VLAN is on that port.  Next, type "show trunk" to make sure the trunk configuration is right.  Look at the interface on the opposite site of your Cisco switch, as well.

 

In addition, you probably need to have a helper address on the layer-3 interface of your Cisco router/switch on that VLAN to forward traffic to your DHCP server



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II

Re: Help with VLAN Trunking

Okay so I did check and it is showing up as VLAN 300 on my user as I wanted.  Here is the output from show vlan status and show trunk.

 

Vlan Status
-----------
VlanId IPAddress Adminstate Operstate PortCount Nat Inside Mode Ports AAA Profile
------ --------- ---------- --------- --------- ---------- ---- ----- -----------
1 10.110.40.240/255.255.248.0 Enabled Up 2 Disabled Regular GE1/0 GE1/3 Pc0-7 N/A
2 10.110.48.16/255.255.248.0 Enabled Down 1 Disabled Regular GE1/3 N/A
3 N/A N/A N/A 1 Disabled Regular GE1/3 N/A
4 N/A N/A N/A 1 Disabled Regular GE1/3 N/A
5 10.110.72.47/255.255.248.0 Enabled Down 2 Disabled Regular GE1/2-3 N/A
6 N/A N/A N/A 1 Disabled Regular GE1/3 N/A
7 N/A N/A N/A 1 Disabled Regular GE1/3 N/A
8 10.110.96.2/255.255.248.0 Disabled Down 2 Disabled Regular GE1/1 GE1/3 N/A
300 10.110.116.2/255.255.254.0 Enabled Up 1 Disabled Regular GE1/3 N/A
301 N/A N/A N/A 1 Disabled Regular GE1/3 N/A
400 N/A N/A N/A 1 Disabled Regular GE1/3 N/A
401 N/A N/A N/A 1 Disabled Regular GE1/3 N/A
500 N/A N/A N/A 1 Disabled Regular GE1/3 N/A
501 N/A N/A N/A 1 Disabled Regular GE1/3 N/A
600 N/A N/A N/A 1 Disabled Regular GE1/3 N/A
601 N/A N/A N/A 1 Disabled Regular GE1/3 N/A
700 N/A N/A N/A 1 Disabled Regular GE1/3 N/A
701 N/A N/A N/A 1 Disabled Regular GE1/3 N/A
800 N/A N/A N/A 1 Disabled Regular GE1/3 N/A
801 N/A N/A N/A 1 Disabled Regular GE1/3 N/A

(aruba-master) #show trunk

Trunk Port Table
-----------------
Port Vlans Allowed Vlans Active Native Vlan
---- ------------- ------------ -----------
GE1/3 ALL 1-8,300-301,400-401,500-501,600-601,700-701,800-801 1

 

Looks like vlan 300 is showing up on g1/3 and also on teh trunk all theose vlans are allowed.

 

Here is the interface on the Cisco Switch

 

interface GigabitEthernet1/46
no ip address
switchport
switchport mode trunk
!

 

Here is the VLAN Interface.

 

interface Vlan300
description "Northside Wireless VLAN Staff"
ip address 10.110.116.1 255.255.254.0
ip helper-address 10.110.40.154
ip pim sparse-dense-mode
!

 

 

Guru Elite

Re: Help with VLAN Trunking

On the Cisco side, you need to set a native VLAN and allow all of those VLANs, as well:

 

interface GigabitEthernet1/46
no ip address
switchport
switchport mode trunk

switchport trun native vlan 1

switchport trunk allowed vlan 1-801

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor II

Re: Help with VLAN Trunking

Hmm...

 

When I run the command to set the native vlan it does not seem to take...

 

After running those commands this is what I see.

 

interface GigabitEthernet1/46
no ip address
switchport
switchport trunk allowed vlan 1-801
switchport mode trunk
!

Frequent Contributor II

Re: Help with VLAN Trunking

Voice VLAN: none (Inactive)
Appliance trust: none
Name: Gi1/46
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: 1-801
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

 

This shows native VLAN 1 

Guru Elite

Re: Help with VLAN Trunking

Looks good to me.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: