Hi Everyone!
Bit of a networking rookie here, working my way through my first switch refresh. We had 4 old procurve switches, 2910s and a 2510, that I am replacing with Aruba CXs. The first switch I replaced was a switch that helped with the HA for my fortigate firewall cluster. Basically, there are 4 VLANs on the switch that allow each firewall to talk to different segmented devices, since the devices (VPNs, routers, etc) don't have enough ports to talk to both firewalls. Finally, half the switch stays in VLAN 1 for normal network access. The current HP switches were all connected through access port-access port cables, there are no trunks. When I first connected the new Aruba (access port from VLAN1 to VLAN1 of an HP), you could ping its interface vlan IP from our network and it could reach Aruba Central. However, once I moved over the VLAN that holds the LAN interfaces for our firewalls (the default gateway for the network), the Aruba was cutoff from everything else. It couldn't ping and you couldn't ping it. I did try setting up a trunk from the Aruba to a neighboring HP and that re-established connection to the network, but it cut off the entire network from the default gateway and the internet, so I unplugged that trunk. I'll paste the two configs:
HP Procurve
; J9147A Configuration Editor; Created on release #W.15.14.0018
; Ver #06:04.18.63.ff.35.05:b6
hostname "CSL-HO-SWITCH04"
module 1 type j9147a
fault-finder bad-driver sensitivity high
fault-finder bad-transceiver sensitivity high
fault-finder bad-cable sensitivity high
fault-finder too-long-cable sensitivity high
fault-finder over-bandwidth sensitivity high
fault-finder broadcast-storm sensitivity high
fault-finder loss-of-link sensitivity high
fault-finder duplex-mismatch-hdx sensitivity high
fault-finder duplex-mismatch-fdx sensitivity high
trunk 47 trk1 trunk
logging 10.60.30.53
port-security 15 learn-mode configured
port-security 15 mac-address d89ef3-e1363e
port-security 24 learn-mode configured
port-security 24 mac-address 002673-f9b9e5
timesync sntp
sntp unicast
sntp 60
sntp server priority 1 10.60.30.59
no stack
no telnet-server
time daylight-time-rule continental-us-and-canada
time timezone -360
no web-management
ip dns server-address priority 1 10.60.30.58
ip dns server-address priority 2 10.60.30.59
ip timep manual 10.60.30.59
ip route 0.0.0.0 0.0.0.0 10.60.30.55
interface 44
speed-duplex 100-full
exit
interface 45
speed-duplex auto-1000
exit
snmp-server community "nocmon" operator
snmp-server host 10.60.30.59 community "nocmon" trap-level all
vlan 1
name "DEFAULT_VLAN"
no untagged 1-10,27-32
untagged 11-26,33-46,48,Trk1
ip address 10.60.30.62 255.255.255.0
exit
vlan 2
name "Unused"
untagged 1-3
no ip address
exit
vlan 3
name "Unused2"
untagged 4-5
no ip address
exit
vlan 4
name "DMZ"
untagged 6-10
no ip address
exit
vlan 5
name "vSphere"
untagged 27-32
no ip address
jumbo
exit
spanning-tree
spanning-tree Trk1 priority 4
spanning-tree mode rapid-pvst
spanning-tree vlan 1 root primary
spanning-tree vlan 2 root primary
spanning-tree vlan 3 root primary
spanning-tree vlan 4 root primary
spanning-tree root primary force-version rstp-operation
no tftp server
no autorun
password manager
Aruba CX 6000
Current configuration:
!
!Version ArubaOS-CX PL.10.13.1005
banner motd !
This system is for authorized use only. Unauthorized use of this system could result in civil or criminal penalties. By continuing to use this system, you are agreeing to these terms of use.!
password complexity
enable
minimum-length 12
ntp server 10.60.30.36
ntp server 10.60.30.58
ntp server 10.60.30.59 prefer
ntp enable
!
!
!
aaa authentication limit-login-attempts 3 lockout-time 60
aaa authentication console-login-attempts 3 console-lockout-time 60
!
!
!
logging 10.60.30.12 tcp 514 severity crit
logging 10.60.30.72 tcp 514 severity crit
ssh server vrf default
ssh key-exchange-algorithms curve25519-sha256 curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group14-sha256 diffie-hellman-group14-sha1
vlan 1
vlan 20
name Finastra
vlan 30
name FED
vlan 40
name Sign
vlan 50
name LAN
spanning-tree
interface 1/1/1
no shutdown
flow-control rxtx
vlan access 20
interface 1/1/2
no shutdown
vlan access 20
interface 1/1/3
no shutdown
flow-control rxtx
vlan access 20
interface 1/1/4
no shutdown
vlan access 20
interface 1/1/5
no shutdown
flow-control rxtx
!actual flow-control none
vlan access 30
interface 1/1/6
no shutdown
flow-control rxtx
vlan access 30
interface 1/1/7
no shutdown
flow-control rxtx
vlan access 30
interface 1/1/8
no shutdown
flow-control rxtx
vlan access 30
interface 1/1/9
no shutdown
vlan access 40
interface 1/1/10
no shutdown
vlan access 40
interface 1/1/11
no shutdown
vlan access 40
interface 1/1/12
no shutdown
vlan access 40
interface 1/1/13
no shutdown
vlan access 50
interface 1/1/14
no shutdown
vlan access 50
interface 1/1/15
no shutdown
vlan access 50
interface 1/1/16
no shutdown
vlan access 50
interface 1/1/17
no shutdown
vlan access 1
interface 1/1/18
no shutdown
vlan access 1
interface 1/1/19
no shutdown
vlan access 1
interface 1/1/20
no shutdown
vlan access 1
interface 1/1/21
no shutdown
vlan access 1
interface 1/1/22
no shutdown
vlan access 1
interface 1/1/23
no shutdown
vlan access 1
interface 1/1/24
no shutdown
vlan access 1
interface 1/1/25
no shutdown
vlan access 1
interface 1/1/26
no shutdown
vlan access 1
interface 1/1/27
no shutdown
vlan access 1
interface 1/1/28
no shutdown
vlan access 1
interface 1/1/29
no shutdown
vlan access 1
interface 1/1/30
no shutdown
vlan access 1
interface 1/1/31
no shutdown
vlan access 1
interface 1/1/32
no shutdown
vlan access 1
interface 1/1/33
no shutdown
vlan access 1
interface 1/1/34
no shutdown
vlan access 1
interface 1/1/35
no shutdown
vlan access 1
interface 1/1/36
no shutdown
vlan access 1
interface 1/1/37
no shutdown
vlan access 1
interface 1/1/38
no shutdown
vlan access 1
interface 1/1/39
no shutdown
vlan access 1
interface 1/1/40
no shutdown
vlan access 1
interface 1/1/41
no shutdown
vlan access 1
interface 1/1/42
no shutdown
vlan access 1
interface 1/1/43
no shutdown
vlan access 1
interface 1/1/44
no shutdown
vlan access 1
interface 1/1/45
no shutdown
vlan access 1
interface 1/1/46
no shutdown
vlan access 1
interface 1/1/47
no shutdown
vlan access 1
interface 1/1/48
no shutdown
vlan trunk native 1
vlan trunk allowed all
interface 1/1/49
no shutdown
vlan access 1
interface 1/1/50
no shutdown
vlan access 1
interface 1/1/51
no shutdown
vlan access 1
interface 1/1/52
no shutdown
vlan access 1
interface vlan 1
ip address 10.60.30.15/24
ip dhcp
! ip dhcp is ignored when static ip is configured
snmp-server snmpv3-only
snmp-server community notusingthisservice
ip route 0.0.0.0/0 10.60.30.55
!
!
!
!
!
https-server vrf default
configuration-lockout central managed