I switched from Netgear to Aruba equipment and had now a configuration issue with my new Aruba 1930 24 Port Switch.
I need 2 Interfaces (e.g. Interface 23 and 24 in VLAN9) for my KNX Routers that must be isolated from the rest of the Interfaces from the switch. (VLAN1)
But I want to control the KNX Network and have access to the whole Interfaces with my "Homeassistant" (Interface 22) so this Interface must be able to access both VLANs (VLAN1 and VLAN9) at the same time.
At the Aruba-Community I found a hint to "download, change and upload" the Switch-Configuration (1930 - Allow all VLANs on a port?)
But it seems not work because only one VLAN in the Configuration File is imported. I use Software Version 126.96.36.199_139.
e.g. this not work:
switchport general allowed vlan add 1 untagged
switchport general allowed vlan add 9 untagged
switchport general pvid 1
Can somebody help me to configure my new switch?
Thank you for explanation about the different VLAN conventions, but unfortunately I didn't found a solution for me with a TRUNK to access both VLANs at one Interface with my 1930-Switch.
I tried several TRUNK configurations, but I can't create a TRUNK with 2 "untagged" VLAN-members that can be taken for one interface for my homeassistant. (Homeserver)
Following didn't work:
channel-group 1 mode on
switchport general pvid 9
Do you perhaps know somebody who can help me with the configuration-lines for interface 22 and the TRUNK1.
thank you for your detailed explanation why it is not possible to access more than one untagged VLANs at one interface. Yes, all this stood in the documentation I read about ARUBA.
But I am also a technician and the words "not possible" are not the right answer for me.
For a simple VLAN-configuration it must be possible to solve it!
Now my temporary solution is that my 12 year old sun borrows me his Christmas-Gift Smart managed 8-Port Switch (about 30 Euro) from an other brand and he configured the Port-VLAN with a lot of untagged VLAN-Members on a single interface as I requested and didn't need more than 2 minutes for it. (See picture) This cheap switch doesn't think about what is to do with different VLAN IDs with untagged packages, it delivers to all Interfaces that are member of the VLAN, a little overhead but all are satisfied.
The 1930 Switch is also for "small business", I think the VLAN-scale should also be a little bit flexible than an Enterprise-Switch that each package can only delivered to a "known" VLAN.
My question is, what can I tell my son when – in comparison my expensive - new 1930 ARUBA-Switch will work so that I can return him his switch?
Sorry for writing so late but I want to describe the Switch-Config from my son: the screenshot is complete, nothing else is visible, you can see the Management VLAN1 is mapped to Interface 1-5 that is neglectable at this stage.
The VLAN2 used Interface 1 as Uplink and at Interface8 the Raspberry is connected with running Software Homeassistant. The "tagged" or "untagged" option is not visible, but I think it must be "untagged" because Homeassistant can't deal direct with "tagged" Packages.
The interesting thing is that the configuration of VLAN3 with 6-8, the Interface8 is accessible from VLAN2 and VLAN3. The configuration works and looks safe, there is no traffic between Interface1 and 6-7 (KNX-Routers)
The Switch-documentation describes "Assign Ports to Multiple Port-Based VLANs" at page 30 and 31:
I can look about the configuration also for dot1Q in advanced mode as at page 32 and following described, but my goal is to use ARUBA not the switch of my son.
I also want to post my configuration of my previous Hardware-"died" 24 Port-Switch (see attachement) to document, that with this Smart Managed Switch GS324TP S350 it was also possible to Link one "Port" (all untagged!) to more than one VLANs with positive result!
The magic words here are: vlan participation include X to participate "more" VLANs to the specific "Port" as the default VLAN. You can see nothing has a "tagged"-configuration. Sorry, but this "untagged Interface" regulation for only one VLAN doesn't exist for other brands.
Sorry it was not my intention to "downgrade" any brand. I want to solve my security trouble.
My first goal is to use less equipment because this costs a lot of energy during the year and the durability I have learned is also not the best. My network-equipment is now a Fritzbox, Raspberry, 2 KNX-Routers and an ARUBA-1930 Switch.
What possibilities do I have to secure the KNX-Routers in my intranet? (Without KNXsecure, that's not supported by the Routers and homeassistant)
Maybe a new way might be an other Subnet for the KNX-Routers, Enabling option "routing" (of the ARUBA-Switch) and option "Port-Security". Is this sufficient enough? Is this save about e.g. SmartTVs, PCs, Tablets etc. that are searching around the Intranet for all "things" but we don't know what they are doing with this information. And e.g. what are about Multicast-traffic, …?
Eventually you have a better concept without VLANs, then we open a new Topic?
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.