First is that the product has been designed for ease of deployment, and with having the management VLAN untagged there is no pre-required configuration to add APs, configure, add more in a cluster, etc. With the management VLAN tagged, you need to pre-configure each of your APs.
The question back would be, why would you want to have the management network tagged? You can have one untagged VLAN on most switches, and from the architecture design of Instant, it makes sense to have that for management.
Secondly, initially having a tagged management VLAN was not even possible, and the feature was added for a customer that could for one reason or the other not have the management VLAN untagged (or it was hard, or the old solution that was replaced was setup like that). By far most deployments are with the management VLAN untagged, according to the best-practice. I see relatively many questions and issues on the Airheads forum around deployments with tagged management VLAN. By sticking to the basics, you avoid possible issues and keep things as simple as possible. That also is where best-practices are for... replicate a proven concept, which makes deployments but also troubleshooting easier. I prefer to keep things as simple as possible.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
------------------------------
Original Message:
Sent: Feb 24, 2021 08:23 AM
From: Jochem Knoben
Subject: Ip address issue
Hi Herman,
could you put some more light on your statement "There is a possibility to have a tagged management VLAN, but please stay away from that."
Why it's not recommended to use tagged for the management VLAN ?
I now it's nothing directly related to this issue - but would be interesting to get to know
Thanx and Groetjes
Jochem
------------------------------
Jochem Knoben
Original Message:
Sent: Feb 22, 2021 03:13 AM
From: Herman Robers
Subject: Ip address issue
Having untagged vlan for management is, like Ayman mentioned how you should do it. There is no real why, that is just how it works. There is a possibility to have a tagged management VLAN, but please stay away from that. Also in the IAP, you can configure a management VLAN, but leave that empty to have the management traffic untagged.
After you have done that, if you still see that cdp neighbors 169.254.x.x IP for the switch, post the output of the command and exactly on what type of device your see that output. If you didn't have an untagged management VLAN assigned on the switch port that connects to the IP, and the output is on the switch reporting the IP of the IAP, that can well be the reason and it should be better after fixing your configuration.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
Original Message:
Sent: Feb 20, 2021 10:18 AM
From: Shivam Ojha
Subject: Ip address issue
Why i have to untagged management vlan on switch in order to obtain ip address for iap
And also why in show cdp neighbors details command it is not showing dhcp switch IP WHY 169 series ip?
------------------------------
Shivam Ojha
------------------------------