Wireless Access

last person joined: 2 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Port Channels

Jump to Best Answer
  • 1.  Port Channels

    Posted Jul 28, 2016 11:13 PM

    So I'm seeing two different ways to configure port channels, is there a difference or both acheieve the same results?

    1) Configure port channel and then add members to it

    2) Configure port channel, configure all members and then under the members add channel-group x command?

    *** 6.4.4.x user guide shows to configure individual links and then add "channel-group x mode active" command under them.  However when I do that and try to set a Native VLAN I can't, I have to remove "channel-group" add native VLAN and re add it.

     

    Secondly I'm a bit confused about the whole Trusted and UnTrusted concept of VLAN's and Ports.  Does Trusted mean no policies and ACL's and Un Trusted mean I can apply ACL's for that VLAN?

     

    Is it a best practice to turn off spanning tree globally?



  • 2.  RE: Port Channels

    Posted Jul 28, 2016 11:18 PM
    Trusted = traditional switchport
    Untrusted = role based authentication and access enabled.

    I generally let the upstream device handle STP and disable on the controller.


  • 3.  RE: Port Channels

    Posted Jul 28, 2016 11:22 PM

    Thank you, what about the port channel config?  Any pointers as I have read multiple ways so not sure which one is right.  Results either way are not making sense.



  • 4.  RE: Port Channels
    Best Answer

    Posted Jul 28, 2016 11:33 PM
    I always do the following:

    1) Configure individual interface descriptions
    2) Configure individual interface lldp settings
    3) Add the lacp config to the individual interfaces (lacp group X mode Y)
    4) Add switching configuration to the port-channel interface.


  • 5.  RE: Port Channels

    Posted Jul 28, 2016 11:38 PM

    So is this good?

     

    interface gigabitethernet 0/0/0
     trusted vlan 1-4094
     switchport trunk native vlan 10
     switchport mode trunk
     lacp timeout short
     lacp group 0 mode active
    !
    interface gigabitethernet 0/0/1
     trusted vlan 1-4094
     switchport trunk native vlan 10
     switchport mode trunk
     lacp timeout short
     lacp group 0 mode active

    !

    interface portchannel 0

      trusted vlan 1-4094
     switchport trunk native vlan 10
     switchport mode trunk

     add gigabitethernet 0/0/0

     add gigabitethernet 0/0/1

     

    Thank you.



  • 6.  RE: Port Channels

    Posted Jul 28, 2016 11:51 PM
    Yes but you don't need the add commands since you're using LACP and it's negotiated.


  • 7.  RE: Port Channels

    Posted Jul 29, 2016 11:12 AM

    So apparently in order to bring up the VLAN interface I had to add it under the port channel as access VLAN on top of it being a trunk.  Is that right?

     

    So everytime I create a new VLAN interface I will need to add it under the port channel as an access VLAN? 

     

    interface gigabitethernet 0/0/1
            description "GE0/0/1"
            trusted
            trusted vlan 1-4094
            switchport trunk native vlan 206
            switchport trunk allowed vlan 15,23,32,99,134-138,200-206,812,1001
            lacp timeout short
            lacp group 0 mode active

    !
    interface port-channel 0
            trusted
            trusted vlan 1-4094
            switchport mode trunk
            switchport access vlan 206
            switchport trunk native vlan 206
            switchport trunk allowed vlan 15,23,32,99,134-138,200-206,812,1001



  • 8.  RE: Port Channels

    Posted Jul 29, 2016 12:18 PM

    On an interface (port channel included), commands that start with "switchport access VLAN" is ignored if you have "switchport mode trunk" configured on that port.  You most likely have to have that vlan in the "switchport trunk allowed vlan" list for it to pass traffic on that trunk.



  • 9.  RE: Port Channels

    Posted Jul 29, 2016 01:26 PM

    That is what I figured how it should be.  But no joke VLAN206 interface would not come up or work until I added the switch port access vlan 206 under the port channel.  Took it out after that and it started to work but I think it was weird that I had to do that. 

     

    Not sure if there are bugs with the Aruba Code or its by design like this.



  • 10.  RE: Port Channels
    Best Answer

    Posted Jul 29, 2016 04:50 AM
    I'm not sure about the best way but what I've noticed is I could not get the port channel up on the cisco switch side when i used the first method. The members were up and functioning with no issues but port channel on cusco switch side was showing down. It came up once I reconfigured the mobility controllers interfaces using the 2nd way.


    #AirheadsMobile