Network Management

Hello,
I am new with Aruba switches, I used to work with Cisco's. I would like to setup two switches, 1st switch connected to ISP router on port 1 and the second switch connected to another ISP router on port 1 as well. Internet line redundancy.

I would like both switches to be connected together on port 2.

The goal I would like to achieve, is to have a fail over on the Internet connections and a kind of manual fail over if a switch fail. (Manual re-patching)
Both switches are configured exactly the same except IP and host-name. I did check the config file with Winmerge.

Any idea how to achieve this?

Here is my vlan config:

vlan 1
name "DEFAULT_VLAN"
no untagged 39-48
untagged 1-38,49-52
ip address 10.25.88.62 255.255.0.0
exit
vlan 5
name "camera"
untagged 39-48
tagged 1-2
no ip address
exit
vlan 10
name "voice"
tagged 1-38
no ip address
voice
exit

During my tests,  the switch 1 is connected to the internet but not the switch 2. Both switches are connected to each other on port 2.
Radius authentication works on the switch 1 but not on switch 2. Both IP are registered in the NPS server. I have tried from network and from the consols port as well.

Thanks a lot for your help.

Nicky

------------------------------
Nicky Maddison
------------------------------

Hi,
???
The switch 2530 is a pure L2 switch
Using your VLAN-Config in this way on both switches is slow, since the same IP is then set on both switches.
Switch 1 VLAN 1 (internal) 10.25.88.62/16
Switch 2 VLAN1 (internal example) 10.25.88.63/16
Port 1 on both switches to the ISP router
Port 2 on both switches as an interconnect SW1
vlan 1
name "DEFAULT_VLAN"
no untagged 39-48
untagged 1,3-38,49-52
tagged 2
ip address 10.25.88.62 255.255.0.0
exit
vlan 5
name "camera"
untagged 39-48
tagged 2
no ip address
exit
vlan 10
name "voice"
tagged 2-38
no ip address
voice
exit
###############################
SW2
vlan 1
name "DEFAULT_VLAN"
no untagged 39-48
untagged 1,3-38,49-52
tagged 2
ip address 10.25.88.63 255.255.0.0
exit
vlan 5
name "camera"
untagged 39-48
tagged 2
no ip address
exit
vlan 10
name "voice"
tagged 2-38
no ip address
voice
exit
####################
## Port ISP
sh vlan po 1
VLAN 1 untag
## Port interconnect
sh vlan po 2
tagged vlan 1,5,10

Or should the VLAN 5 and 10 also be available from the ISP router then
int 1 tagged vlan 5,10
but then the port would be untagged. in VLAN 1 and tag in VLAN 5 and 10

and 10.25.88.62 and .88.63 register in the NPS

Thomas

------------------------------
Thomas Ley
------------------------------

Original Message:
Sent: Jul 15, 2021 08:58 AM
From: Nicky Maddison
Subject: 2530-48G PoE+ special config for fail over.

Hello,
I am new with Aruba switches, I used to work with Cisco's. I would like to setup two switches, 1st switch connected to ISP router on port 1 and the second switch connected to another ISP router on port 1 as well. Internet line redundancy.

I would like both switches to be connected together on port 2.

The goal I would like to achieve, is to have a fail over on the Internet connections and a kind of manual fail over if a switch fail. (Manual re-patching)
Both switches are configured exactly the same except IP and host-name. I did check the config file with Winmerge.

Any idea how to achieve this?

Here is my vlan config:

vlan 1
name "DEFAULT_VLAN"
no untagged 39-48
untagged 1-38,49-52
ip address 10.25.88.62 255.255.0.0
exit
vlan 5
name "camera"
untagged 39-48
tagged 1-2
no ip address
exit
vlan 10
name "voice"
tagged 1-38
no ip address
voice
exit

During my tests,  the switch 1 is connected to the internet but not the switch 2. Both switches are connected to each other on port 2.
Radius authentication works on the switch 1 but not on switch 2. Both IP are registered in the NPS server. I have tried from network and from the consols port as well.

Thanks a lot for your help.

Nicky

------------------------------
Nicky Maddison
------------------------------

Hi Thomas,
thanks a lot for answering.
I forgot to mention that both switches have a different IP. 10.25.88.62 and 63 both registered in the NPS.
Do you think I should use L3 switches?
Thanks a lot.

------------------------------
Nicky Maddison
------------------------------

Original Message:
Sent: Jul 16, 2021 02:33 AM
From: Thomas Ley
Subject: 2530-48G PoE+ special config for fail over.

Hi,
???
The switch 2530 is a pure L2 switch
Using your VLAN-Config in this way on both switches is slow, since the same IP is then set on both switches.
Switch 1 VLAN 1 (internal) 10.25.88.62/16
Switch 2 VLAN1 (internal example) 10.25.88.63/16
Port 1 on both switches to the ISP router
Port 2 on both switches as an interconnect SW1
vlan 1
name "DEFAULT_VLAN"
no untagged 39-48
untagged 1,3-38,49-52
tagged 2
ip address 10.25.88.62 255.255.0.0
exit
vlan 5
name "camera"
untagged 39-48
tagged 2
no ip address
exit
vlan 10
name "voice"
tagged 2-38
no ip address
voice
exit
###############################
SW2
vlan 1
name "DEFAULT_VLAN"
no untagged 39-48
untagged 1,3-38,49-52
tagged 2
ip address 10.25.88.63 255.255.0.0
exit
vlan 5
name "camera"
untagged 39-48
tagged 2
no ip address
exit
vlan 10
name "voice"
tagged 2-38
no ip address
voice
exit
####################
## Port ISP
sh vlan po 1
VLAN 1 untag
## Port interconnect
sh vlan po 2
tagged vlan 1,5,10

Or should the VLAN 5 and 10 also be available from the ISP router then
int 1 tagged vlan 5,10
but then the port would be untagged. in VLAN 1 and tag in VLAN 5 and 10

and 10.25.88.62 and .88.63 register in the NPS

Thomas

------------------------------
Thomas Ley

Original Message:
Sent: Jul 15, 2021 08:58 AM
From: Nicky Maddison
Subject: 2530-48G PoE+ special config for fail over.

Hello,
I am new with Aruba switches, I used to work with Cisco's. I would like to setup two switches, 1st switch connected to ISP router on port 1 and the second switch connected to another ISP router on port 1 as well. Internet line redundancy.

I would like both switches to be connected together on port 2.

The goal I would like to achieve, is to have a fail over on the Internet connections and a kind of manual fail over if a switch fail. (Manual re-patching)
Both switches are configured exactly the same except IP and host-name. I did check the config file with Winmerge.

Any idea how to achieve this?

Here is my vlan config:

vlan 1
name "DEFAULT_VLAN"
no untagged 39-48
untagged 1-38,49-52
ip address 10.25.88.62 255.255.0.0
exit
vlan 5
name "camera"
untagged 39-48
tagged 1-2
no ip address
exit
vlan 10
name "voice"
tagged 1-38
no ip address
voice
exit

During my tests,  the switch 1 is connected to the internet but not the switch 2. Both switches are connected to each other on port 2.
Radius authentication works on the switch 1 but not on switch 2. Both IP are registered in the NPS server. I have tried from network and from the consols port as well.

Thanks a lot for your help.

Nicky

------------------------------
Nicky Maddison
------------------------------

Hi
we always use a routing switch / L3 between internal core and firewall system/ISP router.
A transfer network is then set up between the two systems.

Thomas

------------------------------
Thomas Ley
------------------------------

Original Message:
Sent: Jul 16, 2021 02:44 AM
From: Nicky Maddison
Subject: 2530-48G PoE+ special config for fail over.

Hi Thomas,
thanks a lot for answering.
I forgot to mention that both switches have a different IP. 10.25.88.62 and 63 both registered in the NPS.
Do you think I should use L3 switches?
Thanks a lot.

------------------------------
Nicky Maddison

Original Message:
Sent: Jul 16, 2021 02:33 AM
From: Thomas Ley
Subject: 2530-48G PoE+ special config for fail over.

Hi,
???
The switch 2530 is a pure L2 switch
Using your VLAN-Config in this way on both switches is slow, since the same IP is then set on both switches.
Switch 1 VLAN 1 (internal) 10.25.88.62/16
Switch 2 VLAN1 (internal example) 10.25.88.63/16
Port 1 on both switches to the ISP router
Port 2 on both switches as an interconnect SW1
vlan 1
name "DEFAULT_VLAN"
no untagged 39-48
untagged 1,3-38,49-52
tagged 2
ip address 10.25.88.62 255.255.0.0
exit
vlan 5
name "camera"
untagged 39-48
tagged 2
no ip address
exit
vlan 10
name "voice"
tagged 2-38
no ip address
voice
exit
###############################
SW2
vlan 1
name "DEFAULT_VLAN"
no untagged 39-48
untagged 1,3-38,49-52
tagged 2
ip address 10.25.88.63 255.255.0.0
exit
vlan 5
name "camera"
untagged 39-48
tagged 2
no ip address
exit
vlan 10
name "voice"
tagged 2-38
no ip address
voice
exit
####################
## Port ISP
sh vlan po 1
VLAN 1 untag
## Port interconnect
sh vlan po 2
tagged vlan 1,5,10

Or should the VLAN 5 and 10 also be available from the ISP router then
int 1 tagged vlan 5,10
but then the port would be untagged. in VLAN 1 and tag in VLAN 5 and 10

and 10.25.88.62 and .88.63 register in the NPS

Thomas

------------------------------
Thomas Ley

Original Message:
Sent: Jul 15, 2021 08:58 AM
From: Nicky Maddison
Subject: 2530-48G PoE+ special config for fail over.

Hello,
I am new with Aruba switches, I used to work with Cisco's. I would like to setup two switches, 1st switch connected to ISP router on port 1 and the second switch connected to another ISP router on port 1 as well. Internet line redundancy.

I would like both switches to be connected together on port 2.

The goal I would like to achieve, is to have a fail over on the Internet connections and a kind of manual fail over if a switch fail. (Manual re-patching)
Both switches are configured exactly the same except IP and host-name. I did check the config file with Winmerge.

Any idea how to achieve this?

Here is my vlan config:

vlan 1
name "DEFAULT_VLAN"
no untagged 39-48
untagged 1-38,49-52
ip address 10.25.88.62 255.255.0.0
exit
vlan 5
name "camera"
untagged 39-48
tagged 1-2
no ip address
exit
vlan 10
name "voice"
tagged 1-38
no ip address
voice
exit

During my tests,  the switch 1 is connected to the internet but not the switch 2. Both switches are connected to each other on port 2.
Radius authentication works on the switch 1 but not on switch 2. Both IP are registered in the NPS server. I have tried from network and from the consols port as well.

Thanks a lot for your help.

Nicky

------------------------------
Nicky Maddison
------------------------------