That you can't reach from the ISP VLAN to the LAN segments probably has to do with the NAT configuration on your router. The ISP interface has 'ip nat outside'; where the LAN interfaces have 'ip nat inside'. It may be well possible (good for the security) that traffic from an 'outside' interface to an 'inside' interface is not permitted. But that seems something related to your router config, and it's something that can be different from brand to brand and even model to model.
Tagging or extending VLAN1 to your switch would not make a difference as all routing (and NAT) is happening on your router.
You may create a third internal VLAN if you need access to the other devices on 'nat inside' interfaces.
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Nov 27, 2024 08:35 PM
From: herve Miezan
Subject: Connection Routeur Cisco 1900 to Aruba 2530 trunk not working
Hi Herman,
following your advice, I was able having all Vlan moved on the port tagged 24 ( Vlan 200 and 210) , I am able to ping from the routeur IP address generated by both Vlans and get internet. but here I noticed other issue , I have a computer direcly plugged on the ISP Modem (Vlan 1) since I did not finish my home lab setup and I can't ping any devices from the Vlans 210, 200 and vice versa
Computer plugged on ISP > 192.168.1.65 /24 > Vlan 200
Laptop plugged on the Aruba Sw > 192.168.3.11 /24
Aruba IP > 192.168.4.62 /26 > vlan 200
Do I need to tag the Vlan 1 on the Aruba port 24 ? I don't want to use that Vlan but want to use another one for security as well.
Thank for all your precious help
Original Message:
Sent: Nov 27, 2024 11:38 AM
From: herve Miezan
Subject: Connection Routeur Cisco 1900 to Aruba 2530 trunk not working
Thank you ,
i will to edit the config when I will get home and let you know . Thank you !!!
Original Message:
Sent: Nov 27, 2024 11:31 AM
From: Herman Robers
Subject: Connection Routeur Cisco 1900 to Aruba 2530 trunk not working
Yes, looks like you only have DHCP for your VLAN 200 192.168.3.0/24, and I have not 100% checked if the config is correct. But if you have all of your layer-3 (IP) on the router, including DHCP, you should just need to extend the VLANs over the link between the router (G0/1) and switch (port 24) and have the VLANs tagged (dot1Q on your router = tagged statement for the VLAN on the switch).
Remove the trunk config on the 2530 as trunk is something different in that context. Long history and you could debate what is better terminology, but:
Cisco/AOS-CX switchport trunk, with allowed-vlans to in interface == on the AOS-Switch (2530) interface tagged on a VLAN
(or phrased differently, interface is configured with native (untagged) and allowed (tagged) versus VLANs that are untagged (native) or tagged (allowed-vlan) to an interface).
Cisco/AOS-CX port-channel/ether-channel/LACP (aggregating multiple physicial links to a single logical link for redundancy and aggregated throughput) is referred to as a trunk in AOS-Switch (2530).
It's commonly confused by people moving over or working with both.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Nov 27, 2024 10:11 AM
From: herve Miezan
Subject: Connection Routeur Cisco 1900 to Aruba 2530 trunk not working
Thank you Herman,
Indeed I am a bit confused as well. In the G0/1 I have set a sub interface for VLAN 200/210.. I thought like on Cisco to connect a switch to another device it need to be Trunk that why I was trying to Trunk the port 24.. this might be my mistake ? Also if understand what you suggest is to remove the trunk port set from the port 24 using "no trunk trk1" and just tag the port 24 on both. Vlans.
I thought the since the VLAN and DHCP pool has been set on router, the port 24 will carry on all VLAN automatically on switch.
Thank you for you help Herman
Original Message:
Sent: Nov 27, 2024 09:47 AM
From: Herman Robers
Subject: Connection Routeur Cisco 1900 to Aruba 2530 trunk not working
What I read from it is that you configured gigabit 0/1 on the router with tagged vlans 200 and 210.
And I see that you configured a Trk port on the 2530, which may be confusing but Trk on the 2530 is what is a port channel on the Cisco (name difference).
If Gigabit 0/1 of the Cisco is connected to the 2530 on port 24; you would have the config on the 2530:
vlan 200 tagged 24vlan 210 tagged 24
And remove the Trk configuration unless you have redundant links and want to configure LACP. What Cisco calls trunk port is tagged VLAN on 2530; and untagged VLAN is the 'native VLAN'.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Nov 27, 2024 06:23 AM
From: herve Miezan
Subject: Connection Routeur Cisco 1900 to Aruba 2530 trunk not working
Hello Herman,
thank you for you reply , please find below my config
---------- ROuteur-----
Building configuration...
Current configuration : 1977 bytes
!
! Last configuration change at 03:47:49 UTC Wed Nov 27 2024
! NVRAM config last updated at 03:47:52 UTC Wed Nov 27 2024
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CyberRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$nw71$EMsl3UE1Aq9.aTQfncvZV/
!
no aaa new-model
!
!
!
!
no ipv6 cef
ip source-route
ip cef
!
!
ip dhcp excluded-address 192.168.3.1 192.168.3.10
!
ip dhcp pool General_user
network 192.168.3.0 255.255.255.0
default-router 192.168.3.254
dns-server 192.168.1.1
!
!
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FGL162424DG
license boot module c1900 technology-package securityk9
!
!
!
spanning-tree portfast bpduguard
!
redundancy
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
description ISP Uplink
ip address 192.168.1.2 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
!
interface GigabitEthernet0/1.200
description General-User
encapsulation dot1Q 200
ip address 192.168.3.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/1.210
description ManagementNT
encapsulation dot1Q 210
ip address 192.168.4.62 255.255.255.224
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1/0
!
!
interface FastEthernet0/1/1
!
!
interface FastEthernet0/1/2
!
!
interface FastEthernet0/1/3
!
!
interface Serial0/0/0
no ip address
shutdown
!
!
interface Vlan1
no ip address
!
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list Local interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
ip access-list standard Local
permit 192.168.3.0 0.0.0.255
permit 192.168.4.0 0.0.0.63
!
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end
-------------------- ARuba 2530 Sw
Running configuration:
; J9773A Configuration Editor; Created on release #YA.16.10.0009
; Ver #14:41.44.00.04.19.02.13.98.82.34.61.18.28.f3.84.9c.63.ff.37.27:05
hostname "HP-2530-24G-PoEP"
trunk 24 trk1 lacp
ip default-gateway 192.168.1.2
interface 23
mdix-mode mdi
exit
interface 24
mdix-mode mdi
exit
snmp-server community "public" unrestricted
vlan 1
name "DEFAULT_VLAN"
no untagged 1-12
untagged 13-21,23,25-28,Trk1
tagged 22
no ip address
exit
vlan 200
name "General-User"
untagged 1-12
ip address 192.168.3.254 255.255.255.0
exit
vlan 210
name "VLAN210"
no ip address
exit
spanning-tree
spanning-tree Trk1 priority 4
password manager
HP-2530-24G-PoEP#
Original Message:
Sent: Nov 27, 2024 03:16 AM
From: Herman Robers
Subject: Connection Routeur Cisco 1900 to Aruba 2530 trunk not working
Maybe you can share the switch and router configuration (at least the relevant parts, like vlan and interface configurations)?
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Nov 26, 2024 10:59 PM
From: herve Miezan
Subject: Connection Routeur Cisco 1900 to Aruba 2530 trunk not working
Hello,
I am new here and tryin to play with aruba in my home lab after using cisco swiches..
my issue is my doing a router on stick configuration where I did sert my router and subnetwork link Vlans.. on the Aruba side when I trrying to setup the trunk port, I don't havea ny communication at all.
-> Router Gi/0/0 link to ISP set up Vlan, Dhcp pool
> Aruba connected on the G1/0/1 on routeur and tagged the port 24 as trunk trk1.. same vlan created but can have a valid IP address base on the DHCP pool set on router.. did I missed something ?