Thanks for you reply. We did do this so thanks for you confirmation. I found that the problem we were having was due to our redundancy. Traffic from our Aruba switch was being forwarded to our Meraki switch from our firewall since the Meraki still had the Mac address of our 2nd ISP that we were testing with. Once the Meraki was disconnected from the firewall traffic starting flowing through as designed. Now we just have to figure out what addresses the Aruba switches need to communicate with since the still aren't seen by Aruba Central.
Original Message:
Sent: Sep 12, 2024 01:49 AM
From: Stephan Kögler
Subject: CX6000 Internet Switch Configuration
Hi,
I've also made a few mistakes an my first CX6000 configuration. Maybe I can help.
First, Management Interfaces on different VLANs is possible. This is our solution:
interface vlan 123
ip address 10.10.0.11/22
Sometimes you have to add a default route to reach your device:
ip route 0.0.0.0/0 10.10.0.1
If you want a AccessPort with no additional VLANs transfered you can use this syntax:
interface 1/1/2
no shutdown
vlan access 9
If you want to transmit additional VLANs over one Interface use this syntax: (be aware that your native VLAN must be in the allowed list)
interface 1/1/13
no shutdown
vlan trunk native 9
vlan trunk allowed 9,200,123
Hopefully I could help you,
Regards
Original Message:
Sent: Sep 10, 2024 01:49 PM
From: AZPhanus
Subject: CX6000 Internet Switch Configuration
Hi hopefully I'm posting in the right place. We purchased a pair of CX6000 switches to connect our ISP connections to our firewalls. Currently we have Meraki Switches performing this task but are moving away from them. Anyway, we consoled into one of the Aruba switches and setup the switch essentially the same as the Meraki. The Internet port to the ISP and Firewall are on the same VLAN667 access port. We then tried to use VLAN502 as the management VLAN (this was how it was setup in Meraki) but have since moved the management back to VLAN1 as we aren't sure if the 6000 series supports Management Interface on other VLANs.
From what I have seen what we are doing should be basic but we are unable to ping the internet, the firewall anything. We do see broadcasts from the interface associated with the Internet but it appears nothing is going back out that interface. Any type of ping from the switch goes no where "Network is unreachable". This is confirmed on the firewall as no packets are being recorded from the interface on the switch associated with VLAN1.
So I'm wondering if what I'm attempting to do is possible and if so what could be we be missing. This may need to be a TAC case but I think what we are trying to do is so simple that something simple might just have been missed.
Any help is appreciated.