Wireless Access

Reply
Occasional Contributor II

Need help with VLAN configuration on the 3600 controller

This is related to my previous question but since it's more deeper to the vlan, I thought better create a new question.

 

Previously, the controller is connected directly to an "ISP" or service provider.

The way they setup the controller is as follows:

VLAN 1: 10.0.0.1/21, Port 1/1,1/3,Pc0-7 --> AP LAN and MGMT LAN.

VLAN 2: 32.145.145.32/24, Port 1/0-1 --> WAN IP address

VLAN 3: 10.3.0.1/24, Port 1/1 --> WLAN for SSID A

VLAN 4: 10.4.0.1/24, Port 1/1 --> WLAN for SSID B

VLAN 5: 10.5.0.1/21, Port 1/1 --> WLAN for SSID C

 

Now that we have moved the controller to our LAN, my plan is to replace VLAN 1 and split them to  two parts:

1. VLAN 100 for MGMT and Private SSID WLAN

2. VLAN 80 for all APs LAN.

 

And then replace VLAN 5 with VLAN 50 and delete the other unused vlans.

 

So in my head, the VLAN configuration should like this:

VLAN 2: 192.168.100.2/24, Port 1/0-1 --> WAN IP address

VLAN 50: 192.50.0.1/21, Port 1/1 --> WLAN for SSID C

VLAN 80: 192.80.0.1/24, Port 1/1 --> WLAN for APs

VLAN 100: (I didn't assign IP because it's the native VLAN in our environment) Port 1/1 --> WLAN for Private SSID and MGMT

 

At the moment, only VLAN 1 and 2 is in operation state UP but I don't use VLAN 1.

I can get to the controller through VLAN 2 but the others are DOWN.

I'm clueless at the moment because I have set TRUNK mode on the switch and they are able to communicate to the other switches through VLAN 2, 50, 80, 100 with no issue.

Is the controller not tagging the VLANs on Port 1/1 or I need to manually enable those VLAN first?

I rebooted the controller and the POE switch where the APs are connected to but still not working.

I also unable to ping the controller's VLAN 50 and 80 IP addresses from the switch that's connected directly to Port 1/1. It seems like it's in shutdown mode.

Currently Port 1/0 is set to Access mode and Port 1/1 is set to Trunk mode in the controller.

 

Where should I start to troubleshoot this?

Help please? :)

 

Valued Contributor II

Re: Need help with VLAN configuration on the 3600 controller

Hi,

 

Couple of questions to understand the issue,

1. What is your controller IP ? ( Use "show controller-ip" command to know)

2. All VLAN interfaces are UP ? ( Use "Show ip interface Brief")

3. Is Master-Master or Master-Local configured or configured and removed ?

4. Check the routing table to verify VLAN subnets are populated and there are no IPSec routes available .

 

Please clarify the above. we can can easily fix the issue.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Occasional Contributor II

Re: Need help with VLAN configuration on the 3600 controller


dhanraj_puduchery@yahoo.com wrote:

Hi,

 

Couple of questions to understand the issue,

1. What is your controller IP ? ( Use "show controller-ip" command to know)

2. All VLAN interfaces are UP ? ( Use "Show ip interface Brief")

3. Is Master-Master or Master-Local configured or configured and removed ?

4. Check the routing table to verify VLAN subnets are populated and there are no IPSec routes available .

 

Please clarify the above. we can can easily fix the issue.


Thank you kindly for the respond.

 

1. What is your controller IP ? ( Use "show controller-ip" command to know)

It's the VLAN-2 IP address.

Switch IP Address: 192.168.100.219

Switch IP is configured to be Vlan Interface: 2

 

2. All VLAN interfaces are UP ? ( Use "Show ip interface Brief")

No. That's the problem that I don't get why.

 

vlan 2                 192.168.100.2 / 255.255.255.0     up      up
vlan 1                        10.0.0.1 / 255.255.248.0     up      down
vlan 5                        10.5.0.1 / 255.255.248.0     up      down
vlan 4                        10.4.0.1 / 255.255.255.0     up      down
vlan 3                        10.3.0.1 / 255.255.255.0     up      down
vlan 50                     192.50.0.1 / 255.255.248.0     up      down
vlan 80                     192.80.0.1 / 255.255.255.0     up      down
vlan 100                    unassigned / unassigned        up      down
loopback                    unassigned / unassigned        up      up
mgmt                        unassigned / unassigned        down    down

 

3. Is Master-Master or Master-Local configured or configured and removed ?

I don't know what that means but I'll google it.

 

4. Check the routing table to verify VLAN subnets are populated and there are no IPSec routes available .

 

(Aruba3600-US-Highline) #show ip route

Codes: C - connected, O - OSPF, R - RIP, S - static
       M - mgmt, U - route usable, * - candidate default

Gateway of last resort is Imported from DHCP to network 0.0.0.0 at cost 10
Gateway of last resort is Imported from CELL to network 0.0.0.0 at cost 10
Gateway of last resort is Imported from PPPOE to network 0.0.0.0 at cost 10
Gateway of last resort is 192.168.100.1 to network 0.0.0.0 at cost 1
S*    0.0.0.0/0  [1/0] via 192.168.100.1*
C    192.168.100.0 is directly connected, VLAN2

 

Do I need to add route for each vlan? I'm using the controller as the gateway for all the WiFi VLANs.   

How do I check the IPSec routes? I'll google it also.

 

Thank you

 

Valued Contributor II

Re: Need help with VLAN configuration on the 3600 controller

HI,

 

Solution is very simple.

you need to use the following commands to get it done.

"interface VLAN 1"

"operstate up"

 

if there are no active intrfaces mapped to a VLAN, that VLAN interface protocol will be down so in Aruba we have use "operstate UP" to bring up a VLAN interface unconditionally.

 

 

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Occasional Contributor II

Re: Need help with VLAN configuration on the 3600 controller

Thank you for the reply.

 

But I'm not going to use VLAN 1. Our native VLAN is 100.

Do I still have to use VLAN 1 for the AP to communicate or is that just an example command that I need to do on VLAN 100?

I apologize for the basic question since I'm new to this. 

 

Valued Contributor II

Re: Need help with VLAN configuration on the 3600 controller

HI,

That was an example. whichever the VLAN interface you want to enable ( bring up) you need to apply "operstate up".

 

coming to AP VLAN, it can be any VLAN but you need to ensure that AP subnet is reachable to Controller IP (in your case VLAN 2) means, AP and Controller should have reachability.

 

Please feel free for any further clarity on this.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Occasional Contributor II

Re: Need help with VLAN configuration on the 3600 controller

Thank you.

 

I did what you told me to and now the VLANs are in oper UP.

But, I still not able to ping that VLAN IP address on the controller.

 

This is the network layout. 

 

Controller --> Force10 Switch --> Gateway

 

From Force10 Switch, I can ping the gateway IP on VLAN 50, 80 and 100.

From Force10 Switch and Gateway, I'm not able to ping the Controller IP on VLAN 50 and 80 and vice versa. 

 

It seems like the controller is not tagging the packets even though the port 1/1 is already set as a trunk and allowed VLAN 50 and 80 traffic. 

 

Any other suggestions?

 

 

 

Valued Contributor II

Re: Need help with VLAN configuration on the 3600 controller

HI,

 

What link you have between Controller and Force switch ? what is the gateway for Force switch ? what is if the link between Controller and Switch is a trunk, so what is the native VLAN configured on the force Switch ?

 

can you share the output of " show port status", "show trunk" and "show iproute" on the controller.

 

it is a routing issue, we can fix it by understanding datapath.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Occasional Contributor II

Re: Need help with VLAN configuration on the 3600 controller

Please ignore the other VLANs because I was testing it.

The VLAN that we need to worry about is 50,80 and 100.

 

Port Status
-----------
Slot-Port  PortType  adminstate  operstate  poe      Trusted  SpanningTree  PortMode
---------  --------  ----------  ---------  ---      -------  ------------  --------
1/0        GE        Enabled     Up         Enabled  Yes      Forwarding    Access
1/1        GE        Enabled     Up         Enabled  Yes      Blocking      Trunk
1/2        GE        Enabled     Up         Enabled  Yes      Forwarding    Access
1/3        GE        Enabled     Up         Enabled  Yes      Blocking      Access

 

Trunk Port Table
-----------------
Port   Vlans Allowed            Vlans Active             Native Vlan
----   -------------            ------------             -----------
GE1/1  2,30,50,80,100,146,1401  2,30,50,80,100,146,1401  100

 

Codes: C - connected, O - OSPF, R - RIP, S - static
       M - mgmt, U - route usable, * - candidate default

Gateway of last resort is Imported from DHCP to network 0.0.0.0 at cost 10
Gateway of last resort is Imported from CELL to network 0.0.0.0 at cost 10
Gateway of last resort is Imported from PPPOE to network 0.0.0.0 at cost 10
Gateway of last resort is 192.168.30.1 to network 0.0.0.0 at cost 3
Gateway of last resort is 192.168.100.1 to network 0.0.0.0 at cost 1
S*    0.0.0.0/0  [1/0] via 192.168.100.1*
C    192.168.100.0 is directly connected, VLAN2
C    192.168.30.0 is directly connected, VLAN30
C    192.50.0.0 is directly connected, VLAN50
C    192.80.0.0 is directly connected, VLAN80

 

 

 

Valued Contributor II

Re: Need help with VLAN configuration on the 3600 controller

HI,

 

Issue is identified. look at your trunk port (1/1        GE        Enabled     Up         Enabled  Yes      Blocking      Trunk ). STP is blocking that port for some VLANs.

 

1. Do you have multiple links between Controller and Force Switch which is causing a loop? if not, disable Spanning tree in Aruba Controller "no spanning tree" globally and on the interface.

2. If you have multiple links, and configure the PVSTP properly such that the trunk links on the Controller is forwarding all VLAN traffic.

 

Please feel free if you need any further help on this.

Cheers,
Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: