(1) untagged member of a particular VLAN ID only (this is the "real" Native VLAN ID or Port VLAN ID = PVID in PVOS jargon)
Remember that a port need to have at least a tagging (Tag or No Tag) membership with regard to a VLAN ID, in other terms a port can't be totally orphaned of a VLAN ID membership (it needs to have at least one membership) AND the other rule is that that port can be untagged member of just one VLAN ID (that VLAN ID indeed will represent the "Native" Port VLAN ID or PVID which default to VLAN 1 but can be changed as you already know) BUT that port can also be concurrently - when needed - a tagged member of any number VLAN ID in addition of being untagged member of a VLAN ID OR it can be just only a tagged member of one VLAN ID or more VLAN IDs.
So the only one restriction PVOS has is the fact a port can't be totally orphaned of VLAN tagging membership.
You can allow (tagged or untagged) the VLAN IDs you need...if the AOS-CX peer port is:
and you can easily verify that on PVOS with the command: show vlan port ethernet A1 details.
As a side note I will add that personally on a inter-switch link I prefer to pass (allow) only tagged VLAN IDs...so if I were you I will probably force this on the AOS-CX side and PVOS side:
Always check your changes with the CLI command show vlan port ethernet <port-id> details
Original Message:
Sent: Dec 30, 2021 07:38 AM
From: Killo Richards
Subject: Migrating from PVOS to AOS-CX & could use some help.
- Shieva, please forgive me for the wall of text. I was trying to be thorough and only managed to complicate the question / conversation.
+Currently PVOS switches 2910's, 2920's etc. throughout the environment
+Migrating to AOS-CX for core. 6200F stacks for L2 in warehouse and HQ and 6300M for L3 at datacenter
Last Thursday we attempted to replace a PVOS switch with an AOS-CX switch model 6200F. Existing config on the PVOS switch we were replacing looks like this (at least the relevant bits):
vlan 1 name "DEFAULT_VLAN" no untagged 1-40,42,B1-B2,Trk1-Trk4 no ip address exitvlan 21 name "Warehouse_Data" untagged 1-40,42,B1-B2,Trk1-Trk4 no ip address exitvlan 23 name "Warehouse_Voice" tagged 1-40,42,B1-B2,Trk1-Trk4 no ip address qos priority 7 voice exitvlan 100 name "Management" tagged 35,B1,Trk1-Trk4 ip address 192.168.100.2 255.255.255.0 exit
Our basic configuration to re-create this in AOS-CX 6200F switch looked something like this:
Interface 1/1/1-1/1/48no shutdownvlan trunk native 21vlan trunk allowed 21,23,100
Because of the environment, all ports are trunks and must carry vlan 21 and 23. Phones are configured for VLAN 23 / tagged and endpoints are vlan 21 untagged, only switches and networking equipment exist on vlan 100.
For whatever reason, interfacing the 6200F with a 2920 pvos switch resulted in very odd pings. We worked on this for 4 hours and were not able to figure out why things weren't working correctly. When I began to do some research I found this document: ArubaOS-CX 10.04 Fundamentals Guide 6200 Switch Series - Comparing VLAN commands on PVOS, Comware, and ArubaOS-CX (hpe.com)
Scenario 2 or Scenario 3 appears to be what I want. However; scenario 2 is not supported on PVOS "Inter-switch link with all traffic tagged EXCEPT for untagged traffic on a specific VLAN (21 for me). Ok, we will try scenario 3 "Interswitch link with all traffic tagged or untagged".
ArubaOS-CXinterface 1/1/1vlan trunk native 5vlan trunk allowed 5, 10,30,50VLAN 5 must be allowed on the trunk so that untagged traffic is not dropped.PVOSinterface A1 untagged vlan 5 no tagged vlan 10,30,50 <---!!!! HUH?!?!?!?
In the example provided by Aruba, they are suggesting to run the command "no tagged vlan 10, 30, 50" which would remove the command tagged vlan 10, 30, 50 and as such the only vlan that would move across this link would be vlan 5.
------------------------------
Killo Richards
Original Message:
Sent: Dec 29, 2021 11:34 PM
From: Shieva Eccles
Subject: Migrating from PVOS to AOS-CX & could use some help.
You provided a lot of context information. I am also gleaning the details, please forgive me.
What models of CX switch are you using?
To create a VLAN, it's either trunk or access.
Define the vlan, and then attach them to the interface.
below describes a native vlan 1 (access vlan) with trunk vlans.
if you have traffic on vlan 1, this will suffice.
the 71-74 means inclusive vlans.
interface 1/1/24
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 19,24,71-74,80
If you're trying to interconnect a CX switch to an AOS-S switch, you can use a trunk.
remember that the AOS-S port has to be tagged/trunk to accept the incoming trunked traffic.
my example on AOS-S
vlan 1
name "DEFAULT_VLAN"
no untagged 1-8,Trk1
ip address dhcp-bootp
ipv6 enable
ipv6 address dhcp full
exit
vlan 19
name "Infrastructure"
tagged 5,7-8
ip address 10.19.70.2 255.255.255.0
exit
vlan 24
name "Wired"
untagged 3-4
tagged 7-8,Trk1
no ip address
ipv6 enable
ipv6 address autoconfig
exit
Please let me know if you have questions...
------------------------------
Shieva Eccles
Original Message:
Sent: Dec 28, 2021 03:12 PM
From: Killo Richards
Subject: Migrating from PVOS to AOS-CX & could use some help.
Good afternoon. I've just about exhausted myself trying to figure this out on my own and figured I'd ask you fine folks for assistance. Disclaimer: despite at one time holding a CCNA, I'm NOT a networking guy, I'm a systems administrator who *thought* he knew a thing or two about networking but is quickly learning otherwise.
Small organization, 300 or so users. 3 buildings connected over fiber. Currently running PVOS switches and have AOS-CX switches to replace them with.
Warehouse<----->Datacenter<----->headquarters
Each building is home to 3 vlans:
Warehouse: 21 data, 23 phone + 100 management
Datacenter: 11 data, 13 phone + 100 management
Headquarters: 31 data, 33 phone + 100 management
All L3 switching happens at the datacenter. L2 switching happening at warehouse and hq and it's carried over fiber to the datacenter to get where it's going.
Typical configuration for a port looks like this:
vlan 21
name "warehouse data"
tagged 1-48
no ip address
exit
vlan 23
name "warehouse voice"
tagged 1-48
no ip address
exit
If you patch a computer into one of these switches, it will land on vlan 21. If you patch a phone into a switch, it will contact the DHCP server, get the ftp server option and config file, pull down config file that will bounce the phone over to vlan 23 where it will request a new IP address for vlan 23. A computer attached to the phone will end up on vlan 21. All pretty straight-forward stuff so far right?
On Thursday I went to replace the warehouse switch with a new AOS-CX switch. Configuration was fairly straightforward, or so I thought. Basically
vlan 21
vlan 23
vlan 100
interface 1/1/1-1/1/48
vlan trunk native 21
vlan trunk allowed 21, 23, 100
Connected fiber between AOS-CX switch in the warehouse and the PVOS switch running L3 in the datacenter and got some really, really, really odd pings and behavior. Spent about 4 hours banging on it on Thursday night before wrapping up for the holiday, but it's been wearing on me. My best guess was that AOS-CX native vlan was NOT EQUAL to PVOS untag.
I spent most of the day today pouring over existing configs, making sure that I wasn't missing something somewhere. I've been looking through a ton of documentation also, which I'm a little skeptical of.
Datacenter L3 switch relevant config looks like this
vlan 21
name "warehouse data"
untagged A2 (this is the fiber connection coming from the warehouse)
ip address 192.168.21.1 255.255.255.0
ip helper 192.168.11.3
exit
vlan 23
name "Warehouse Voice"
tagged A2 (fiber connection from warehouse)
ip address 192.168.23.1 255.255.255.0
ip helper-address 192.168.11.3
exit
This does not work. So I referenced this:
ArubaOS-CX 10.04 Fundamentals Guide 6200 Switch Series - Comparing VLAN commands on PVOS, Comware, and ArubaOS-CX (hpe.com)
I'm extremely skeptical of some of the commands here and am asking for insight. In scenario 1 there's inter-switch link with all traffic tagged.
AOS-CX reads interface 1/1/1
Vlan trunk native 1
vlan trunk allowed 10, 30, 50
Correct me if I'm wrong here but for ALL TRAFFIC TAGGED wouldn't we want vlan trunk native 1 TAG?
On the pvos side we've got
interface A1
tagged vlan 10,30,50
no untagged vlan 1?
HUH? wouldn't it just be untagged vlan 1?
Scenario 2 actually looks like what I want. "Interswitchc link with all traffic tagged, EXCEPT for untagged traffic on a specific vlan (21 for me).
Interface 1/1/1
vlan trunk native 10 tag? (what? pretty sure we don't want a tag here)
vlan trunk allowed 10, 30, 50
note specifically says "same as scenario 1 but allows untagged traffic on vlan 10 as well" how when we are running the vlan trunk native 10 TAG command?
On the PVOS side this isn't supported. Scenario 1 is a workaround.
Onto scenario 3. Interswitch link with all traffic tagged or untagged.
Interface 1/1/1
vlan trunk native 5
vlan trunk allowed 5, 10, 30, 50
Looks reasonable. This is actually what we came up with on our side for correct configuration of the AOS-CX switches. Ok, what do we need to do on the PVOS side to make stuff work?
interface A1
untagged vlan 5 - looks reasonable, matches to vlan trunk native 5
no tagged vlan 10,30,50
Wait what? can you actually do this? If I go into one of my vlans on a PVOS switch and type
"no tagged vlan 23, 100" you're telling me that it's not going to remove
tagged 1-48
Any help, insight, suggestions etc. would be greatly, greatly appreciated here. I wanted to roll out this upgrade in stages, do the warehouse and then headquarters and then replace the L3 switch with our AOS-CX switches...struggling here.
------------------------------
Killo Richards
------------------------------