Wireless Access

Reply
Contributor II
Posts: 43
Registered: ‎06-15-2016

Port Channels

So I'm seeing two different ways to configure port channels, is there a difference or both acheieve the same results?

1) Configure port channel and then add members to it

2) Configure port channel, configure all members and then under the members add channel-group x command?

*** 6.4.4.x user guide shows to configure individual links and then add "channel-group x mode active" command under them.  However when I do that and try to set a Native VLAN I can't, I have to remove "channel-group" add native VLAN and re add it.

 

Secondly I'm a bit confused about the whole Trusted and UnTrusted concept of VLAN's and Ports.  Does Trusted mean no policies and ACL's and Un Trusted mean I can apply ACL's for that VLAN?

 

Is it a best practice to turn off spanning tree globally?

Guru Elite
Posts: 8,335
Registered: ‎09-08-2010

Re: Port Channels

Trusted = traditional switchport
Untrusted = role based authentication and access enabled.

I generally let the upstream device handle STP and disable on the controller.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II
Posts: 43
Registered: ‎06-15-2016

Re: Port Channels

Thank you, what about the port channel config?  Any pointers as I have read multiple ways so not sure which one is right.  Results either way are not making sense.

Guru Elite
Posts: 8,335
Registered: ‎09-08-2010

Re: Port Channels

I always do the following:

1) Configure individual interface descriptions
2) Configure individual interface lldp settings
3) Add the lacp config to the individual interfaces (lacp group X mode Y)
4) Add switching configuration to the port-channel interface.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II
Posts: 43
Registered: ‎06-15-2016

Re: Port Channels

So is this good?

 

interface gigabitethernet 0/0/0
 trusted vlan 1-4094
 switchport trunk native vlan 10
 switchport mode trunk
 lacp timeout short
 lacp group 0 mode active
!
interface gigabitethernet 0/0/1
 trusted vlan 1-4094
 switchport trunk native vlan 10
 switchport mode trunk
 lacp timeout short
 lacp group 0 mode active

!

interface portchannel 0

  trusted vlan 1-4094
 switchport trunk native vlan 10
 switchport mode trunk

 add gigabitethernet 0/0/0

 add gigabitethernet 0/0/1

 

Thank you.

Guru Elite
Posts: 8,335
Registered: ‎09-08-2010

Re: Port Channels

Yes but you don't need the add commands since you're using LACP and it's negotiated.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor
Posts: 3
Registered: ‎04-25-2015

Re: Port Channels

I'm not sure about the best way but what I've noticed is I could not get the port channel up on the cisco switch side when i used the first method. The members were up and functioning with no issues but port channel on cusco switch side was showing down. It came up once I reconfigured the mobility controllers interfaces using the 2nd way.


#AirheadsMobile
Contributor II
Posts: 43
Registered: ‎06-15-2016

Re: Port Channels

So apparently in order to bring up the VLAN interface I had to add it under the port channel as access VLAN on top of it being a trunk.  Is that right?

 

So everytime I create a new VLAN interface I will need to add it under the port channel as an access VLAN? 

 

interface gigabitethernet 0/0/1
        description "GE0/0/1"
        trusted
        trusted vlan 1-4094
        switchport trunk native vlan 206
        switchport trunk allowed vlan 15,23,32,99,134-138,200-206,812,1001
        lacp timeout short
        lacp group 0 mode active

!
interface port-channel 0
        trusted
        trusted vlan 1-4094
        switchport mode trunk
        switchport access vlan 206
        switchport trunk native vlan 206
        switchport trunk allowed vlan 15,23,32,99,134-138,200-206,812,1001

Guru Elite
Posts: 20,811
Registered: ‎03-29-2007

Re: Port Channels

[ Edited ]

On an interface (port channel included), commands that start with "switchport access VLAN" is ignored if you have "switchport mode trunk" configured on that port.  You most likely have to have that vlan in the "switchport trunk allowed vlan" list for it to pass traffic on that trunk.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor II
Posts: 43
Registered: ‎06-15-2016

Re: Port Channels

That is what I figured how it should be.  But no joke VLAN206 interface would not come up or work until I added the switch port access vlan 206 under the port channel.  Took it out after that and it started to work but I think it was weird that I had to do that. 

 

Not sure if there are bugs with the Aruba Code or its by design like this.

Search Airheads
Showing results for 
Search instead for 
Did you mean: