Wired Intelligent Edge

last person joined: 23 hours ago 

Bring performance and reliability to your network with the Aruba Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of the ArubaOS-Switch and ArubaOS-CX devices, and find ways to improve security across your network to bring together a mobile first solution.
Expand all | Collapse all

Aruba 6200F cannot access connected devices

Jump to Best Answer
This thread has been viewed 29 times
  • 1.  Aruba 6200F cannot access connected devices

    Posted Oct 21, 2021 10:42 AM
    Hello,

    I am having an issue with 2 x 6200F switches I have recently added to my network(2). The network(2) is a mix of HPE 1950 series and Aruba 2540 and now 2 x Aruba 6200F included.

    This is quite a large network and I have included a diagram of the main components, renamed to simplify.

    The office CCTV network sits on network 2, contains 22 switches and is segregated from the main data network (network 1), I have a static route from network 1 to network 2 and can access all switches devices in the network 2 (10.21.32.0/21) subnet with no issue, except the devices on the 6200F's

    I added the 6200F switches, and configured as follows:
    MGMT interface is connected to network 1 and is in VSF MGMT
    Switchports are connected to network 2 in VSF default
    I can access the switches from network 1 using either the mgmt interface addresses or the network 2 subnet addresses with no issue
    I can ping devices on the 6200F switches from CCTV2 but not from CCTV1 however I can ping every other device on the network from CCTV1

    All of the end devices are configured with the following:
    10.21.32.x
    255.255.248.0
    10.21.32.1

    10.21.33.x
    255.255.248.0
    10.21.32.1

    Any suggestions would be gratefully appreciated


    6200F Config:
    Current configuration:
    !
    !Version ArubaOS-CX ML.10.08.1010
    hostname CCTV3
    user (details removed)
    !
    !
    !
    !
    ssh server vrf default
    ssh server vrf mgmt
    vsf member 1
    type jl727a
    vlan 1
    vlan 380
    description CCTV VLAN380
    vlan 381
    description CCTV VLAN381
    spanning-tree
    interface mgmt
    no shutdown
    ip static 172.16.254.98/24
    default-gateway 172.16.254.1
    nameserver 172.16.10.15
    interface 1/1/1 (Same config on all access ports to 48)
    no shutdown
    vlan access 380
    interface 1/1/49
    no shutdown
    vlan trunk native 380
    vlan trunk allowed 380-381
    interface 1/1/50
    no shutdown
    vlan trunk native 380
    vlan trunk allowed 380-381
    interface 1/1/51
    no shutdown
    vlan trunk native 380
    vlan trunk allowed 380-381
    interface 1/1/52
    no shutdown
    vlan trunk native 380
    vlan trunk allowed 380-381
    interface vlan 1
    ip dhcp
    interface vlan 380
    ip address 10.21.32.21/21
    interface vlan 381
    ip address 10.22.32.21/21
    ip route 0.0.0.0/0 10.21.32.1
    !
    !
    !
    !
    !
    https-server vrf default
    https-server vrf mgmt


    And


    Aruba 2540 Config:
    Running configuration:

    ; JL356A Configuration Editor; Created on release #YC.16.02.0012
    ; Ver #0e:01.b0.ef.74.47.fc.68.f3.8c.fc.e3.ff.37.2f:70

    hostname "CCTV2"
    module 1 type jl356a
    console idle-timeout 300
    console idle-timeout serial-usb 300
    no telnet-server
    ip default-gateway 10.21.32.1
    snmp-server community "public" unrestricted
    vlan 1
    name "DEFAULT_VLAN"
    no untagged 1-28
    no ip address
    exit
    vlan 380
    name "*** CCTV SYSTEM VLAN 380 ****"
    untagged 1-24,26-28
    ip address 10.21.32.14 255.255.248.0
    exit
    vlan 381
    name "*** CCTV SYSTEM VLAN 381 ****"
    tagged 26-28
    ip address 10.22.32.14 255.255.248.0
    exit
    spanning-tree
    allow-unsupported-transceiver
    no tftp server
    no autorun
    no dhcp config-file-update
    no dhcp image-file-update
    no dhcp tr69-acs-url

    And

    CCTV1 Config:
    version 7.1.045, Release 3113P05
    #
    sysname CCTV1
    #
    telnet server enable
    #
    irf mac-address persistent timer
    irf auto-update enable
    undo irf link-delay
    irf member 1 priority 1
    #
    lldp global enable
    #
    transceiver phony-alarm-disable
    password-recovery enable
    #
    vlan 1
    #
    vlan 380 to 381
    #
    stp instance 0 root primary
    stp bpdu-protection
    stp global enable
    #
    interface NULL0
    #
    interface Vlan-interface1
    ip address 172.16.254.34 255.255.255.0
    #
    interface Vlan-interface380
    ip address 10.21.32.1 255.255.248.0
    #
    interface Vlan-interface381
    ip address 10.22.32.1 255.255.248.0
    #
    interface GigabitEthernet1/0/1 (all access ports same config)
    description *** CCTV SYSTEM VLAN 380 ****
    port access vlan 380
    stp edged-port
    poe enable
    #
    interface GigabitEthernet1/0/48
    description 1/0/48 *** LINK to Network 1 ***

    #
    interface Ten-GigabitEthernet1/0/49
    description LINK PORTS TO OTHER SWITCHES
    port link-type trunk
    undo port trunk permit vlan 1
    port trunk permit vlan 380 to 381 480
    port trunk pvid vlan 380
    #
    interface Ten-GigabitEthernet1/0/50
    description LINK PORTS TO OTHER SWITCHES
    port link-type trunk
    undo port trunk permit vlan 1
    port trunk permit vlan 380 to 381 480
    port trunk pvid vlan 380
    #
    interface Ten-GigabitEthernet1/0/51
    description LINK PORTS TO OTHER SWITCHES
    port link-type trunk
    undo port trunk permit vlan 1
    port trunk permit vlan 380 to 381 480
    port trunk pvid vlan 380
    #
    ip route-static 0.0.0.0 0 172.16.10.1 (this is the firewall IP)
    ip route-static 172.16.10.0 24 172.16.254.1
    ip route-static 172.16.12.0 24 172.16.254.1
    ip route-static 172.16.19.0 24 172.16.254.1

    IP routes:
    CCTV3:
    0.0.0.0/0 10.21.32.1 vlan380 - S [1/0] 01h:36m:44s
    10.21.32.0/21 - vlan380 - C [0/0] -
    10.21.32.21/32 - vlan380 - L [0/0] -
    10.22.32.0/21 - vlan381 - C [0/0] -
    10.22.32.21/32 - vlan381 - L [0/0] -

    CCTV2:
    0.0.0.0/0 10.21.32.1 380 static 1 1
    10.21.32.0/21 *** CCTV SYS... 380 connected 1 0
    10.22.32.0/21 *** CCTV SYS... 381 connected 1 0
    127.0.0.0/8 reject static 0 0
    127.0.0.1/32 lo0 connected 1 0

    CCTV1:
    0.0.0.0/0 Static 60 0 172.16.10.1 Vlan1
    0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
    10.21.32.0/21 Direct 0 0 10.21.32.1 Vlan380
    10.21.32.0/32 Direct 0 0 10.21.32.1 Vlan380
    10.21.32.1/32 Direct 0 0 127.0.0.1 InLoop0
    10.21.39.255/32 Direct 0 0 10.21.32.1 Vlan380
    10.22.32.0/21 Direct 0 0 10.22.32.1 Vlan381
    10.22.32.0/32 Direct 0 0 10.22.32.1 Vlan381
    10.22.32.1/32 Direct 0 0 127.0.0.1 InLoop0
    10.22.39.255/32 Direct 0 0 10.22.32.1 Vlan381
    127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
    127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
    127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
    127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
    172.16.10.0/24 Static 60 0 172.16.254.1 Vlan1
    172.16.12.0/24 Static 60 0 172.16.254.1 Vlan1
    172.16.19.0/24 Static 60 0 172.16.254.1 Vlan1
    172.16.254.0/24 Direct 0 0 172.16.254.34 Vlan1
    172.16.254.0/32 Direct 0 0 172.16.254.34 Vlan1
    172.16.254.34/32 Direct 0 0 127.0.0.1 InLoop0
    172.16.254.255/32 Direct 0 0 172.16.254.34 Vlan1
    224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
    224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
    255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

    ------------------------------
    JP
    ------------------------------


  • 2.  RE: Aruba 6200F cannot access connected devices
    Best Answer

    Posted Oct 22, 2021 01:00 AM
    Hello JP!

    1950 has an ARP limit of 256 records, so in a relatively large network like this it may be that the table is full and 1950 can't learn new records. This is the first thing that I would check. Unlock the full CLI of the 1950 and ​check the ARP table state with following commands:

    display arp all count
    display arp entry-limit​


    In general when you try to ping a host and the ping doesn't go through it is important to check the ARP table for the MAC address record of the target host. Also check the MAC table on CCTV1 and CCTV2 for the MAC address of that host - it should be known on the downstream trunks to the 6200F.

    Another thing, since you've got STP enabled, check all ports along the way between CCTV1 and 6200F for their state. I highly doubt there will be a blocking port in such topology, but you never know.


    ------------------------------
    Ivan Bondar
    ------------------------------



  • 3.  RE: Aruba 6200F cannot access connected devices

    Posted Oct 22, 2021 06:20 AM
    Hello Ivan,

    Thank you for taking the time to respond, much appreciated!

    I believe you have hit the nail on the head there, yes it does indeed look like the table is full:

    <CCTV01>dis arp all count
    Total number of entries: 256
    <CCTV01>dis arp entry-limit
    ARP entries: 256

    I will look to swap this switch out with either a 2930F or a 5130, that should be all the issue resolved

    Many thanks again!
    JP