Network Management

 View Only
  • 1.  Connection Routeur Cisco 1900 to Aruba 2530 trunk not working

    Posted 11 days ago

    Hello,

    I am new here and tryin to play with aruba in my home lab after using cisco swiches..

    my issue is my  doing a router on stick  configuration where I did sert my  router and  subnetwork link Vlans.. on  the Aruba side when I trrying to  setup the trunk port, I don't havea ny communication at  all.

    -> Router Gi/0/0 link to  ISP set  up Vlan, Dhcp pool

    > Aruba connected on the G1/0/1 on routeur and tagged the port 24 as trunk trk1..  same vlan created but  can have a valid IP address  base on the DHCP pool set on router.. did I missed something ?



  • 2.  RE: Connection Routeur Cisco 1900 to Aruba 2530 trunk not working

    Posted 11 days ago

    Maybe you can share the switch and router configuration (at least the relevant parts, like vlan and interface configurations)?



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: Connection Routeur Cisco 1900 to Aruba 2530 trunk not working

    Posted 11 days ago

    Hello Herman,

    thank you  for you reply ,  please find below my config

    ---------- ROuteur-----

    Building configuration...

    Current configuration : 1977 bytes
    !
    ! Last configuration change at 03:47:49 UTC Wed Nov 27 2024
    ! NVRAM config last updated at 03:47:52 UTC Wed Nov 27 2024
    !
    version 15.0
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname CyberRouter
    !
    boot-start-marker
    boot-end-marker
    !
    enable secret 5 $1$nw71$EMsl3UE1Aq9.aTQfncvZV/
    !
    no aaa new-model
    !
    !
    !
    !
    no ipv6 cef
    ip source-route
    ip cef
    !
    !
    ip dhcp excluded-address 192.168.3.1 192.168.3.10
    !
    ip dhcp pool General_user
       network 192.168.3.0 255.255.255.0
       default-router 192.168.3.254
       dns-server 192.168.1.1
    !
    !
    !
    multilink bundle-name authenticated
    !
    !
    !
    license udi pid CISCO1921/K9 sn FGL162424DG
    license boot module c1900 technology-package securityk9
    !
    !
    !
    spanning-tree portfast bpduguard
    !
    redundancy
    !
    !
    !
    !
    !
    !
    !
    !
    !
    interface GigabitEthernet0/0
     description ISP Uplink
     ip address 192.168.1.2 255.255.255.0
     ip nat outside
     ip virtual-reassembly
     duplex auto
     speed auto
     !
    !
    interface GigabitEthernet0/1
     no ip address
     duplex auto
     speed auto
     !
    !
    interface GigabitEthernet0/1.200
     description General-User
     encapsulation dot1Q 200
     ip address 192.168.3.254 255.255.255.0
     ip nat inside
     ip virtual-reassembly
    !
    interface GigabitEthernet0/1.210
     description ManagementNT
     encapsulation dot1Q 210
     ip address 192.168.4.62 255.255.255.224
     ip nat inside
     ip virtual-reassembly
    !
    interface FastEthernet0/1/0
     !
    !
    interface FastEthernet0/1/1
     !
    !
    interface FastEthernet0/1/2
     !
    !
    interface FastEthernet0/1/3
     !
    !
    interface Serial0/0/0
     no ip address
     shutdown
     !
    !
    interface Vlan1
     no ip address
     !
    !
    ip forward-protocol nd
    !
    no ip http server
    no ip http secure-server
    !
    ip nat inside source list Local interface GigabitEthernet0/0 overload
    ip route 0.0.0.0 0.0.0.0 192.168.1.1
    !
    ip access-list standard Local
     permit 192.168.3.0 0.0.0.255
     permit 192.168.4.0 0.0.0.63
    !
    !
    !
    !
    !
    !
    !
    control-plane
     !
    !
    !
    line con 0
    line aux 0
    line vty 0 4
     login
    !
    scheduler allocate 20000 1000
    end

    -------------------- ARuba 2530 Sw

    Running configuration:

    ; J9773A Configuration Editor; Created on release #YA.16.10.0009
    ; Ver #14:41.44.00.04.19.02.13.98.82.34.61.18.28.f3.84.9c.63.ff.37.27:05
    hostname "HP-2530-24G-PoEP"
    trunk 24 trk1 lacp
    ip default-gateway 192.168.1.2
    interface 23
       mdix-mode mdi
       exit
    interface 24
       mdix-mode mdi
       exit
    snmp-server community "public" unrestricted
    vlan 1
       name "DEFAULT_VLAN"
       no untagged 1-12
       untagged 13-21,23,25-28,Trk1
       tagged 22
       no ip address
       exit
    vlan 200
       name "General-User"
       untagged 1-12
       ip address 192.168.3.254 255.255.255.0
       exit
    vlan 210
       name "VLAN210"
       no ip address
       exit
    spanning-tree
    spanning-tree Trk1 priority 4
    password manager

    HP-2530-24G-PoEP#




  • 4.  RE: Connection Routeur Cisco 1900 to Aruba 2530 trunk not working

    Posted 10 days ago

    What I read from it is that you configured gigabit 0/1 on the router with tagged vlans 200 and 210.

    And I see that you configured a Trk port on the 2530, which may be confusing but Trk on the 2530 is what is a port channel on the Cisco (name difference).

    If Gigabit 0/1 of the Cisco is connected to the 2530 on port 24; you would have the config on the 2530:

    vlan 200
        tagged 24
    vlan 210
        tagged 24

    And remove the Trk configuration unless you have redundant links and want to configure LACP. What Cisco calls trunk port is tagged VLAN on 2530; and untagged VLAN is the 'native VLAN'.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 5.  RE: Connection Routeur Cisco 1900 to Aruba 2530 trunk not working

    Posted 10 days ago
    Thank you Herman,
    Indeed I am a bit confused as well. In the G0/1 I have set a sub interface for VLAN 200/210.. I thought like on Cisco to connect a switch to another device it need to be Trunk that why I was trying to Trunk the port 24.. this might be my mistake ? Also if understand what you suggest is to remove the trunk port set from the port 24 using "no trunk trk1" and just tag the port 24 on both. Vlans.
    I thought the since the VLAN and DHCP pool has been set on router, the port 24 will carry on all VLAN automatically on switch. 

    Thank you for you help Herman



  • 6.  RE: Connection Routeur Cisco 1900 to Aruba 2530 trunk not working

    Posted 10 days ago

    Yes, looks like you only have DHCP for your VLAN 200 192.168.3.0/24, and I have not 100% checked if the config is correct. But if you have all of your layer-3 (IP) on the router, including DHCP, you should just need to extend the VLANs over the link between the router (G0/1) and switch (port 24) and have the VLANs tagged (dot1Q on your router = tagged statement for the VLAN on the switch).

    Remove the trunk config on the 2530 as trunk is something different in that context. Long history and you could debate what is better terminology, but:

    Cisco/AOS-CX switchport trunk, with allowed-vlans to in interface == on the AOS-Switch (2530) interface tagged on a VLAN
    (or phrased differently, interface is configured with native (untagged) and allowed (tagged) versus VLANs that are untagged (native) or tagged (allowed-vlan) to an interface).

    Cisco/AOS-CX port-channel/ether-channel/LACP (aggregating multiple physicial links to a single logical link for redundancy and aggregated throughput) is referred to as a trunk in AOS-Switch (2530).

    It's commonly confused by people moving over or working with both.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 7.  RE: Connection Routeur Cisco 1900 to Aruba 2530 trunk not working

    Posted 10 days ago

    Thank you ,

    i will to edit the config when I will get home and let you know . Thank you !!!




  • 8.  RE: Connection Routeur Cisco 1900 to Aruba 2530 trunk not working

    Posted 10 days ago

    Hi Herman,
    following your advice, I was able having all Vlan moved on the port tagged 24 ( Vlan 200 and 210) , I am able to ping from the routeur IP address generated by both  Vlans and get internet. but here I noticed other issue , I have a computer direcly plugged on the ISP Modem (Vlan 1) since I did not finish my home lab setup and I can't ping any devices from the Vlans 210, 200 and vice versa

    Computer plugged on ISP > 192.168.1.65 /24 > Vlan 200

    Laptop plugged on the Aruba Sw > 192.168.3.11 /24 

    Aruba IP > 192.168.4.62 /26  > vlan 200

    Do I need to tag the Vlan 1 on the Aruba port 24 ? I don't want to use that Vlan but want to use another one for security as well.

    Thank for all your precious help




  • 9.  RE: Connection Routeur Cisco 1900 to Aruba 2530 trunk not working

    Posted 10 days ago

    That you can't reach from the ISP VLAN to the LAN segments probably has to do with the NAT configuration on your router. The ISP interface has 'ip nat outside'; where the LAN interfaces have 'ip nat inside'. It may be well possible (good for the security) that traffic from an 'outside' interface to an 'inside' interface is not permitted. But that seems something related to your router config, and it's something that can be different from brand to brand and even model to model.

    Tagging or extending VLAN1 to your switch would not make a difference as all routing (and NAT) is happening on your router.

    You may create a third internal VLAN if you need access to the other devices on 'nat inside' interfaces.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------