Prefix Nexthop Interface VRF(egress) Origin/ Distance/ Age
Type Metric
----------------------------------------------------------------------------------------------
0.0.0.0/0 192.168.132.254 vlan130 - S [1/0] 03d:15h:57m
14.1.232.0/24 - vlan230 - C [0/0] -
14.1.232.250/32 - vlan230 - L [0/0] -
192.168.132.0/24 - vlan130 - C [0/0] -
192.168.132.250/32 - vlan130 - L [0/0] -
I created static route for management access. But if I understand correctly, after my first SVI (vlan 130) and IP route creation my switch started route packet self, yes?
And when in switch not was SVI 230 it routed packets to my static route GW (vlan 130) ? And because in router vlan 230 is isolated packets was drooped.
After I created SVI 230 in switch, switch knows that vlan 230 it's 'own' network and routed those packet to connected vlan route ignoring static route?
Maybe without any static route all traffic would be forwarded to route directly ? But without static route I can't use ssh from other network...
And if I created SVI vlan 230 in switch (witch one is isolated by acl in router) how I still can't reach others vlan
And more confused me if vlan 230 isolated by acl in router and I created SVI 230 in switch. So how i still not able ping to vlan 230 devices from other same switch vlan with SVI? If I understand corectlly, switch doing all L3 switching between vlans with SVI?
Original Message:
Sent: Aug 05, 2024 12:24 AM
From: ProbeRequest
Subject: Aruba 6000 help me understand vlan and route
From what I can understand in your details it sounds like the ACLs on the router are likely to be where the traffic is being stopped. If you add an SVI on the switch for VLAN 230 and then can reach that VLAN from the switch (directly) then that makes sense. I can't explain why the router could not reach devices on VLAN 230 prior to adding the SVI, however.
Original Message:
Sent: Aug 02, 2024 05:30 AM
From: Kasparas
Subject: Aruba 6000 help me understand vlan and route
Hello, first sorry for my english it's not my native language..
I'm prety new with Aruba OS CX and routes also, so maybe you could help me to understand why my config did not work and why after few edits it start work.
Equipment:
Router with WAN port (MPLS network)
Directly to Router plugged Aruba 6000 (int 1/1/24)
Are 3 vlan.
130
135
230 (this vlan in huawei configured by acl isolated from others vlans)
-----------------------------------------------------------------
My first config in 6000 was (copied just related lines)
vlan 130
vlan 135
vlan 230
interface 1/1/1
no shutdown
vlan access 130
loop-protect
loop-protect action tx-rx-disable
interface 1/1/15
no shutdown
vlan trunk native 135
vlan trunk allowed 135,230
loop-protect
loop-protect action tx-rx-disable
interface 1/1/23
no shutdown
vlan access 230
loop-protect
loop-protect action tx-rx-disable
interface 1/1/24
no shutdown
vlan trunk native 1
vlan trunk allowed all
loop-protect
loop-protect action tx-rx-disable
interface vlan 130
ip address 192.168.132.250/24
ip route 0.0.0.0/0 192.168.132.254
My IP route was:
Prefix Nexthop Interface VRF(egress) Origin/ Distance/ Age
Type Metric
0.0.0.0/0 192.168.132.254 vlan130 - S [1/0] 20h:32m:52s
192.168.132.0/24 - vlan130 - C [0/0] -
192.168.132.250/32 - vlan130 - L [0/0] -
With this config from other network I successfully can reach devices on int 1/1/1 and device on 1/1/15 vlan 135. Also i can ssh to switch.
In int 1/1/15 also is configured wifi ssid with tagged 230 vlan (devices got IP from DHCP in huawei).
In int 1/1/23 plugged devices also got IP.
But from switch and also from huawei router I can't ping and reach vlan 230 devices. After a lot of googling I created another SVI:
interface vlan 230
ip address 14.1.232.250/24
My IP routes become:
Prefix Nexthop Interface VRF(egress) Origin/ Distance/ Age
Type Metric
0.0.0.0/0 192.168.132.254 vlan130 - S [1/0] 20h:35m:39s
14.1.232.0/24 - vlan230 - C [0/0] -
14.1.232.250/32 - vlan230 - L [0/0] -
192.168.132.0/24 - vlan130 - C [0/0] -
192.168.132.250/32 - vlan130 - L [0/0] -
And finally i could ping to vlan 230 device from switch and can reach them from router
Why this happened?
Because my switch routed vlan packets to primary route? And because of ACL packet were dropped by router?
If yes, so why my primary route routed other vlan packets?
Sorry if in this writing are a lot of mess, i learning.