Wired Intelligent Edge

Hello,

This is a test setup. We have two Aruba Switches Model 2530-48G (J9775A), that are connected with two cables (TRUNK). We are also working with PFSense as our firewall. We would like to trunk the Aruba Switches over two ports to pass the VLANS. On our Pfsense we have the following VLANs setup:

1) VLAN 10 - Server/Domain Controller
2) VLAN 30 - Printers
3) VLAN 60 - IOT
4) VLAN 50 - ABC Dept
5) VLAN 20 - DEF Dept
6) VLAN 100 - Guest Wi-Fi VLAN

We would like to connect PFSense to the switch and also create a management network. But how?


Thank you,
James

------------------------------
James Lee
------------------------------

Hello James, since the Aruba 2530 Switch series doesn't support L3 features (IP Routing) you can adopt this top->down approach: connect one Aruba 2530 to the LAN port of the pfSense Firewall (where those VLAN IDs are currently defined with their SVI, AKA IP Interfaces): the downlink should be able to carry all those VLAN IDs as tagged (here I'm implying that VLAN 1 is left untagged on both sides).

On the Aruba 2530 the uplink port to pfSense needs to be a tagged member of VLAN 10, 20, 30, 50, 60 and 100 so you need to define those VLAN IDs on the Aruba 2530. The command to tag a port <port-id> with the above existing IDs list will be: interface ethernet <port-ID> vlan tagged 10, 20, 30, 50, 60, 100 otherwise you can enter each VLAN ID context and do a tagged <port-id> but it's longer. At this point each SVI (e.g. VLAN 50 10.0.50.254/24 or VLAN 60 10.0.60.254/24) on the pfSense Firewall is the default gateway for hosts belonging to, respectively, each VLAN ID. An access port for VLAN ID x will be an untagged member of VLAN ID x (interface ethernet <port-id> vlan untagged x or, conversely, once inside the VLAN ID x context: untagged <port-id>).

Test ping from host to pfSense and vice-versa.

To connect two Aruba 2530 and transport (allow) all those VLAN IDs you just need to repeat the uplink port setting on both ends (if the chain is Aruba 2530 - Aruba 2530 - pfSense then between both Aruba 2530 Switches you just need a link terminating on ports tagged members of all the above VLAN IDs).

------------------------------
Davide Poletto
------------------------------

Original Message:
Sent: Jan 14, 2022 02:36 PM
From: James Lee
Subject: 2530-48G Management Network & Setup

Hello,

This is a test setup. We have two Aruba Switches Model 2530-48G (J9775A), that are connected with two cables (TRUNK). We are also working with PFSense as our firewall. We would like to trunk the Aruba Switches over two ports to pass the VLANS. On our Pfsense we have the following VLANs setup:

1) VLAN 10 - Server/Domain Controller
2) VLAN 30 - Printers
3) VLAN 60 - IOT
4) VLAN 50 - ABC Dept
5) VLAN 20 - DEF Dept
6) VLAN 100 - Guest Wi-Fi VLAN

We would like to connect PFSense to the switch and also create a management network. But how?


Thank you,
James

------------------------------
James Lee
------------------------------