first post in this category.
I just purchased a second hand 2530 24-port switch and have it up and running with latest firmware.
I have created a couple of VLANS ID50 and ID100.
The default ID1 is the management VLAN.
I coming from Ubiquiti Unifi switches so pardon me if I'm not that familiar with these.
So I have tagged the 50 and 100 ports with "untagged" will this be enough.. so when I hook up device to one of these ports they will have their packages tagged?
Do I need to do any other VLAN settings?
I have some AP:s attached to the Managed VLAN ports and they also have SSID:s with VLAN tagged packets. Will the Management VLAN ports also send the tagged packets forward to the router on do I need to configure these with tagged or..
In unifi the ports have a selection either selected the desired VLAN or ALL, the ports with ALL will always forward everything from tagged to no tagged packets. What is the ALL in Aruba language?
So basically if I want the Management LAN ports be able to carry all VLANS 1,50 and 100 tagged packets.. do I need to set all the VLAN1 ports to tagged? Or is the other way around?
Untagged = Carries all packages (tagged and untagged)
Tagged = Only carries specific tagged packages
Well in HP/Aruba jargon (older HP ProVision or newer ArubaOS-Switch for the records) an interface (either physical or logical) can be made untagged/tagged member of one or more VLAN IDs (it needs to be at least member of one VLAN either tagged or untagged...in other words...it can't be orphaned of a VLAN ID).
An interface (either physical or logical) can be untagged member of one (and only one) VLAN ID...and, concurrently, be also a tagged member of various others VLAN IDs (there is no concept of "all" to enumerate all possible VLAN IDs, VLAN IDs need to exist first to be used/referenced)...but it could also be only a tagged member of one VLAN ID or of more VLAN IDs without necessarily being untagged member of another VLAN ID.
Generally an "access" interface (where a VLAN unaware host would be connected) is set to be untagged members of a particular VLAN ID (supposing you're going to set it to VLAN <n>...it will appear as "no untagged" on VLAN 1...because it will lose its VLAN 1 untagged membership in favor of VLAN <n>). You will seldom see an "access" interface only tagged on a particular VLAN ID (it will require a VLAN aware host with its NIC port properly set with that very VLAN ID)...but this doesn't mean it is an unsupported configuration.
With regards to VLAN memberships...there is another "operating mode"...an interface could set to behave as a "trunk" (carrying multiple VLAN IDs): in HP/Aruba jargon that mean simply having that interface set concurrently to be untagged+tagged (or just only tagged) member of various VLAN IDs (remember that only one untagged is permitted).
The Wireless AP case fits this latter operating mode (Pay attention that trunk means aggregated links in HP jargon...so don't get confused...here we're speaking about VLAN tagging): if it is configured to have its port untagged on <z> (e.g. for management purposes) and tagged on <x> and <y> (e.g. for carrying SSIDs)...then you need a matching configuration on the connected switch port...untagged on <z> and tagged on <x> and <y>.
You can assign tagging/untagging (no prepended removes) once in the VLAN context: say VLAN 50 tagged on port 24...simply commit vlan 50 then tagged 24, exit to return.
Repeat for VLAN 100...
To see what is the VLAN membership status of port 24: show vlan port ethernet 24 details
Hope it clarifies a little bit.
Thanks for taking the time to answer a VLAN newbie.
If I put it simple:
Ports 2-6 have access points connected to them and these ports need to carry packages with all VLAN IDs 1,50 and 100 how do I configure these ports?
Ports 7-10 needs to carry only VLAN ID 50 packages, how do I configure these ports?
Port 15 is connected to another aruba switch and needs to carry all VLAN ID packages, how is this configured?
Port 1 -> uplink to router / dhcp server where the VLAN packages are handled.
Appreciate your response.
Original Message:Sent: 12/23/2020 1:55:00 PMFrom: ToubeSubject: Aruba 2530 24-port switch
Ports 2-6 -> VLANID 1 untagged and VLANID 50 and 100 tagged
Ports 7-10 -> VLANID 50 untagged
? Cant figure this one out
Port 1-> VLANID 1 untagged and VLANID 50 and 100 tagged
Did I understand this correctly?
------------------------------ToubeOriginal Message:Sent: Dec 23, 2020 03:09 PMFrom: Davide PolettoSubject: Aruba 2530 24-port switch
Case 1: Ports 2-6 have access points connected to them and these ports need to carry packages with all VLAN IDs 1,50 and 100 how do I configure these ports?
Configuration with just ONE command (supposing ports 2-6 are default untagged members of VLAN 1 and you already in configuration mode):
interface ethernet 2-6 tagged vlan 50,100
Result: ports 2-6 will be configured as tagged members of VLAN 50 and VLAN 100, they will continue to be also untagged members of VLAN 1 (in this case VLAN 1 is the native VLAN, the native VLAN is also known as the PVID Port VLAN ID = the VLAN id the egressing untagged traffic will be placed into once inside the switch).
show vlan port ethernet 2-6 details
You can do also with FOUR commands:
vlan 50tagged 2-6exitvlan 100tagged 2-6exit
Result: the same as above.
The above interfaces are operating in "trunk mode" (more VLAN).
Case 2: Ports 7-10 needs to carry only VLAN ID 50 packages, how do I configure these ports?
Tagged or Untagged?
If untagged (acting as ports dedicated to access devices...like VLAN unaware hosts you want "to place" into VLAN id 50) then:
interface ethernet 7-10 untagged vlan 50
as said in my previous reply. Ports 7-10 will lose their VLAN 1 untagging in favor of VLAN 50 untagging. VLAN 50 will become the Native VLAN (AKA PVID) of ports 7-10.
If Tagged (because you are connecting VLAN aware hosts with NIC ports set to accept incoming (and also egress) tagged traffic in VLAN 50) then:
interface ethernet 7-10 tagged vlan 50
BUT you then should know if ports 7-10 should still or not be also untagged members of VLAN 1 (eventually remove VLAN 1 with the command no interface ethernet 7-10 untagged vlan 1). It's up to you and your configuration.
The above interfaces are operating in "access mode" (one VLAN).
Case 3: Port 15 is connected to another aruba switch and needs to carry all VLAN ID packages, how is this configured?
Generally this should mean that port 15 (used as an uplink to a peer switch) should/could be: untagged member of VLAN 1 and tagged member of VLAN 50 and 100. See above case 1. This is a port operating in "trunk mode" (carries more VLAN IDs).
Do a show vlan port ethernet <interface-id> details to see the VLAN membership status on that Aruba.
The point is you should know the peer switch uplink port VLAN configuration...both ports' configurations (local and remote) should match with that regard.
Case 4: Port 1 -> uplink to router / dhcp server where the VLAN packages are handled.
Since Aruba 2530 is Layer 2 (no routing features) it means you Router/Firewall is doing the dirty job of routing VLANs (SVI are managed on the Router/Firewall).
Again, as above Case 3...it depends on how Router's LAN interface (with its logical sub-interfaces) was configured in terms of VLAN IDs.
If you have Router's LAN<x>.1 (sub-interface for VLAN Id 1) outputs untagged traffic (and thus accepts incoming untagged traffic too) and LAN<x>.50 (sub-interface for VLAN id 50) and LAN<x>.100 (sub-interface for VLAN id 100) output tagged traffic (and thus accept incoming tagged traffic only with, respectively, VLAN Id 50 tag and VLAN Id 100 tag) then you fall in Case 1.
But YMMV...it depends on your Router/Firewall configuration (it could also be: all three VLAN IDs tagged...so you need to adapt port 1 configuration accordingly).
good response thank you.
So I guess my theory is correct then, I can use the Case 1 for all cases except for the VLANID 50 only (Case 2)
I just tested setting the Port 1 to with tagged 1,50 and 100.. I lost connection to the Switch so I guess it's not working.. easy to revert back using micro usb input and putty :D
------------------------------Davide PolettoOriginal Message:Sent: Dec 23, 2020 04:23 PMFrom: Tobias FransmanSubject: Aruba 2530 24-port switch
Just tested my setup and all is working great, VLANID50 ja VLANID1 are being assigned as before.
One thing I noticed, I can't see any clients in the SwitchOS.. is this a feature.. can I enable it somehow so that the wired clients would show up in the SwitchOS clients section?
"Just tested my setup and all is working great, VLANID50 ja VLANID1 are being assigned as before."
Glad it worked.
"One thing I noticed, I can't see any clients in the SwitchOS.. is this a feature.. can I enable it somehow so that the wired clients would show up in the SwitchOS clients section?"
I don't understand what are you trying to say...SwitchOS? what are you referring to with "SwitchOS"? are you referring to Wireless Clients or Wired Clients?
Remember that - from what you told us about your scenario - the IP routing between your VLAN IDs' clients happens at Router level where SVIs of VLAN 1, 50 and 100 are defined (clients' default gateways should point to those SVIs): this means that if you have a Wireless Client belonging to VLAN 50 IP Addressing (say, as example, with an IP within the 192.168.50.0/24 subnet) and a Wireless Client belonging to VLAN 100 IP Addressing (say, as example, with an IP within the 192.168.100.0/24 subnet), those two Wireless clients will reach each others (when ACL - if implemented - clearly permits that) through your Router'r IP Routing service. The same if you include a Wired Client...this at least...considering the description, in broad terms, you did of your implementation.
------------------------------ToubeOriginal Message:Sent: Dec 24, 2020 01:54 AMFrom: Tobias FransmanSubject: Aruba 2530 24-port switch
------------------------------ToubeOriginal Message:Sent: Dec 23, 2020 06:26 PMFrom: Davide PolettoSubject: Aruba 2530 24-port switch
The wireless clients are visible in my IAPs virtual controller. I merely ment that I cant see the clients that are directly plugged in to the switch port for example a rPi or a chromecast device that are plugged in to the switch ports are not visible in the switch GUI client section.
Does this 2530 switch even support visible clients in its GUI?
By switchOS I meant the switch GUI.
Thanks for helping.
------------------------------Davide PolettoOriginal Message:Sent: Dec 24, 2020 03:06 AMFrom: Tobias FransmanSubject: Aruba 2530 24-port switch
What about VMC, I have a linux.. could one install a Vmc to a linux? Does the vmc have a high price tag?
Hi Toube, I believe I can't help you more.
It is one thing help to fix/understand/configure VLAN tagging/untagging (with limited information you provided) another is to solve your other issues.
You need first to establish a marking point (say: first understand your VLAN tagging/untagging status, your IP Routing status, systems involved, etc. all of YOUR network...you will not be a newbie anymore) and then you can move on with all other possible questions/doubts that can arise about it.
I don't want to be unpolite, but writing "I cant see" ("I cant see the clients that are directly plugged in to the switch port for example a rPi or a chromecast device that are plugged in to the switch ports are not visible in the switch GUI client section") doesn't help others to help you effectively at all...because "others" should waste their spare time to initially guess or to just ask you WHAT is your network composed of...instead of help you troubleshooting a detailed scenario already well described by you. It's reasonable, isn't it?
To perform troubleshooting you need to be a little bit more detailed and IMHO adopt another approach: establish who is connected where (IP Address, Subnet Mask, Default Gateway, Switch Port used, VLAN memberships in that Switch Port, Switch configuration, etc.) and what is trying to accomplish (Ping? Traceroute? etc.) against who...try to understand players' locations on their battlefield.
Are you testing unidirectional/bidirectional communications to/from/between a Wired Host A and a Wireless Host B? to/from/between two Wired Hosts? to/from/between two Wireless Hosts? are those hosts in the same VLAN? are they on different VLANs? Is your Router correctly configured to route this traffic between those players? and so on....
Try to simplify (divide a big problem "I cant see") into little - more manageable - issues, fix one issue after the other...try to not complicate (don't panic, don't go OT: "What about VMC, I have a linux.. could one install a Vmc to a linux? Does the vmc have a high price tag?").
Sure no problem.
You are right I haven't explained my setup at all.. in short:
4 x iap 305 with 4 SSID
2 x SSID vlanid 1
1 x SSID vlanid 50
1 x SSID vlanid 100
1 x Unifi switch (uplink for 1 x iap 305
1 x 2530 24 port aruba switch (uplink for 3 x iap 305)
Router / firewall / dhcp: pfsense-> connected to fiber modem
DNS through piHole (using DOH) for all wireless and wired devices
Not totally newbie when it comes to this stuff.. just not that familiar with aruba hpe stuff.. wich imo looks like it is pretty reliable compared to Unifi buggy software.
So I was using unifi aps and all unifi stuff before turning to aruba. The Unifi controller provides a view for all devices connected to aps and switch ports. Thus why I was surprised that the aruba switch is not able to show any connected wired clients connected to the switch ports.
And thus why I was asking about the mobility controller or vmc.
I know aruba central can do this but the aruba central app is just not worth the money imo.
Don't know if this clarifies my setup in any how.. hopefully it gives an idea. I'm not totally new to this stuff.. VLANS are not new to me.. just the aruba way is totally different from Unifi meaning the tagged and untagged stuff I needed to understand and thank you for taking the time to explain it to me I appreciate it💪💪
All my iaps are on the same VLANs(default) just SSIDs are separated using VLAN tags and some wired devices on the aruba switch.
Pfsense takes care of all dhcp / vlan requests and the iaps and aruba switch are just forwarding the tagged vlan packets.
So that is why I asked the question of being able to see all wired clients connected to the aruba switch ports in the switch gui.
I understand if I'm asking questions that is not relevant to my setup but just curious about on how I can achieve a gui were I can follow up on all connected wireless and wired devices using aruba software to achieve this. Already paid a fortune for the iaps, luckily the switch was not expensive(second hand).
I thank you and hopefully you can give some points on what you would suggest for my requirements to able to see all wireless and wired devices on my network in one gui/place.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.