Network Management

 View Only
last person joined: 2 days ago 

Keep an informative eye on your network with HPE Aruba Networking network management solutions

Connecting new Aruba 6000 to current network with Procurve 2910s

This thread has been viewed 3 times
  • 1.  Connecting new Aruba 6000 to current network with Procurve 2910s

    Posted 24 days ago

    Hi Everyone!

    Bit of a networking rookie here, working my way through my first switch refresh. We had 4 old procurve switches, 2910s and a 2510, that I am replacing with Aruba CXs. The first switch I replaced was a switch that helped with the HA for my fortigate firewall cluster. Basically, there are 4 VLANs on the switch that allow each firewall to talk to different segmented devices, since the devices (VPNs, routers, etc) don't have enough ports to talk to both firewalls. Finally, half the switch stays in VLAN 1 for normal network access. The current HP switches were all connected through access port-access port cables, there are no trunks. When I first connected the new Aruba (access port from VLAN1 to VLAN1 of an HP), you could ping its interface vlan IP from our network and it could reach Aruba Central. However, once I moved over the VLAN that holds the LAN interfaces for our firewalls (the default gateway for the network), the Aruba was cutoff from everything else. It couldn't ping and you couldn't ping it. I did try setting up a trunk from the Aruba to a neighboring HP and that re-established connection to the network, but it cut off the entire network from the default gateway and the internet, so I unplugged that trunk. I'll paste the two configs:

    HP Procurve

    ; J9147A Configuration Editor; Created on release #W.15.14.0018
    ; Ver #06:04.18.63.ff.35.05:b6
    hostname "CSL-HO-SWITCH04"
    module 1 type j9147a
    fault-finder bad-driver sensitivity high
    fault-finder bad-transceiver sensitivity high
    fault-finder bad-cable sensitivity high
    fault-finder too-long-cable sensitivity high
    fault-finder over-bandwidth sensitivity high
    fault-finder broadcast-storm sensitivity high
    fault-finder loss-of-link sensitivity high
    fault-finder duplex-mismatch-hdx sensitivity high
    fault-finder duplex-mismatch-fdx sensitivity high
    trunk 47 trk1 trunk
    logging 10.60.30.53
    port-security 15 learn-mode configured
    port-security 15 mac-address d89ef3-e1363e
    port-security 24 learn-mode configured
    port-security 24 mac-address 002673-f9b9e5
    timesync sntp
    sntp unicast
    sntp 60
    sntp server priority 1 10.60.30.59
    no stack
    no telnet-server
    time daylight-time-rule continental-us-and-canada
    time timezone -360
    no web-management
    ip dns server-address priority 1 10.60.30.58
    ip dns server-address priority 2 10.60.30.59
    ip timep manual 10.60.30.59
    ip route 0.0.0.0 0.0.0.0 10.60.30.55
    interface 44
       speed-duplex 100-full
       exit
    interface 45
       speed-duplex auto-1000
       exit
    snmp-server community "nocmon" operator
    snmp-server host 10.60.30.59 community "nocmon" trap-level all
    vlan 1
       name "DEFAULT_VLAN"
       no untagged 1-10,27-32
       untagged 11-26,33-46,48,Trk1
       ip address 10.60.30.62 255.255.255.0
       exit
    vlan 2
       name "Unused"
       untagged 1-3
       no ip address
       exit
    vlan 3
       name "Unused2"
       untagged 4-5
       no ip address
       exit
    vlan 4
       name "DMZ"
       untagged 6-10
       no ip address
       exit
    vlan 5
       name "vSphere"
       untagged 27-32
       no ip address
       jumbo
       exit
    spanning-tree
    spanning-tree Trk1 priority 4
    spanning-tree mode rapid-pvst
    spanning-tree vlan 1 root primary
    spanning-tree vlan 2 root primary
    spanning-tree vlan 3 root primary
    spanning-tree vlan 4 root primary
    spanning-tree root primary force-version rstp-operation
    no tftp server
    no autorun
    password manager

    Aruba CX 6000

    Current configuration:
    !
    !Version ArubaOS-CX PL.10.13.1005
    banner motd !
    This system is for authorized use only. Unauthorized use of this system could result in civil or criminal penalties. By continuing to use this system, you are agreeing to these terms of use.!
    password complexity
        enable
        minimum-length 12
    ntp server 10.60.30.36
    ntp server 10.60.30.58
    ntp server 10.60.30.59 prefer
    ntp enable
    !
    !
    !
    aaa authentication limit-login-attempts 3 lockout-time 60
    aaa authentication console-login-attempts 3 console-lockout-time 60
    !
    !
    !
    logging 10.60.30.12 tcp 514 severity crit
    logging 10.60.30.72 tcp 514 severity crit
    ssh server vrf default
    ssh key-exchange-algorithms curve25519-sha256 curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group14-sha256 diffie-hellman-group14-sha1
    vlan 1
    vlan 20
        name Finastra
    vlan 30
        name FED
    vlan 40
        name Sign
    vlan 50
        name LAN
    spanning-tree
    interface 1/1/1
        no shutdown
        flow-control rxtx
        vlan access 20
    interface 1/1/2
        no shutdown
        vlan access 20
    interface 1/1/3
        no shutdown
        flow-control rxtx
        vlan access 20
    interface 1/1/4
        no shutdown
        vlan access 20
    interface 1/1/5
        no shutdown
        flow-control rxtx
            !actual flow-control none
        vlan access 30
    interface 1/1/6
        no shutdown
        flow-control rxtx
        vlan access 30
    interface 1/1/7
        no shutdown
        flow-control rxtx
        vlan access 30
    interface 1/1/8
        no shutdown
        flow-control rxtx
        vlan access 30
    interface 1/1/9
        no shutdown
        vlan access 40
    interface 1/1/10
        no shutdown
        vlan access 40
    interface 1/1/11
        no shutdown
        vlan access 40
    interface 1/1/12
        no shutdown
        vlan access 40
    interface 1/1/13
        no shutdown
        vlan access 50
    interface 1/1/14
        no shutdown
        vlan access 50
    interface 1/1/15
        no shutdown
        vlan access 50
    interface 1/1/16
        no shutdown
        vlan access 50
    interface 1/1/17
        no shutdown
        vlan access 1
    interface 1/1/18
        no shutdown
        vlan access 1
    interface 1/1/19
        no shutdown
        vlan access 1
    interface 1/1/20
        no shutdown
        vlan access 1
    interface 1/1/21
        no shutdown
        vlan access 1
    interface 1/1/22
        no shutdown
        vlan access 1
    interface 1/1/23
        no shutdown
        vlan access 1
    interface 1/1/24
        no shutdown
        vlan access 1
    interface 1/1/25
        no shutdown
        vlan access 1
    interface 1/1/26
        no shutdown
        vlan access 1
    interface 1/1/27
        no shutdown
        vlan access 1
    interface 1/1/28
        no shutdown
        vlan access 1
    interface 1/1/29
        no shutdown
        vlan access 1
    interface 1/1/30
        no shutdown
        vlan access 1
    interface 1/1/31
        no shutdown
        vlan access 1
    interface 1/1/32
        no shutdown
        vlan access 1
    interface 1/1/33
        no shutdown
        vlan access 1
    interface 1/1/34
        no shutdown
        vlan access 1
    interface 1/1/35
        no shutdown
        vlan access 1
    interface 1/1/36
        no shutdown
        vlan access 1
    interface 1/1/37
        no shutdown
        vlan access 1
    interface 1/1/38
        no shutdown
        vlan access 1
    interface 1/1/39
        no shutdown
        vlan access 1
    interface 1/1/40
        no shutdown
        vlan access 1
    interface 1/1/41
        no shutdown
        vlan access 1
    interface 1/1/42
        no shutdown
        vlan access 1
    interface 1/1/43
        no shutdown
        vlan access 1
    interface 1/1/44
        no shutdown
        vlan access 1
    interface 1/1/45
        no shutdown
        vlan access 1
    interface 1/1/46
        no shutdown
        vlan access 1
    interface 1/1/47
        no shutdown
        vlan access 1
    interface 1/1/48
        no shutdown
        vlan trunk native 1
        vlan trunk allowed all
    interface 1/1/49
        no shutdown
        vlan access 1
    interface 1/1/50
        no shutdown
        vlan access 1
    interface 1/1/51
        no shutdown
        vlan access 1
    interface 1/1/52
        no shutdown
        vlan access 1
    interface vlan 1
        ip address 10.60.30.15/24
        ip dhcp
            ! ip dhcp is ignored when static ip is configured
    snmp-server snmpv3-only
    snmp-server community notusingthisservice
    ip route 0.0.0.0/0 10.60.30.55
    !
    !
    !
    !
    !
    https-server vrf default
    configuration-lockout central managed