Cloud Managed Networks

Hi,

I have a new CX6100 with latest firmware, my issue is on port 2>6 non device in those ports are able to access vlan 1 untagged, why ?


6100(config)# sh running-config
Current configuration:
!
!Version ArubaOS-CX PL.10.09.1020
!export-password: default
user admin group administrators password ciphertext AQBapRpxfMwp/3HdMt6ajgP81LWrUa2Gom8REcJJuJKOb00xlUbeZf8
ntp server pool.ntp.org minpoll 4 maxpoll 4 iburst
ntp enable
!
!
!
!
!
!
ssh server vrf default
ssh key-exchange-algorithms curve25519-sha256 curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group14-sha256 diffie-hellman-group14-sha1
vlan 1
vlan 322
name WiFi-Guest
spanning-tree
interface 1/1/1
no shutdown
description Sonicwall X0
vlan access 1
interface 1/1/2
no shutdown
description Sonicwall X2
vlan trunk native 1
vlan trunk allowed 322
interface 1/1/3
no shutdown
description AccessPoint
vlan trunk native 1
vlan trunk allowed 322
interface 1/1/4
no shutdown
description AccessPoint
vlan trunk native 1
vlan trunk allowed 322
interface 1/1/5
no shutdown
description AccessPoint
vlan trunk native 1
vlan trunk allowed 322
interface 1/1/6
no shutdown
description AccessPoint
vlan trunk native 1
vlan trunk allowed 322
interface 1/1/7
no shutdown
vlan access 1
interface 1/1/8
no shutdown
vlan access 1
interface vlan 1
ip address 192.168.16.2/24
no ip dhcp
ip route 0.0.0.0/0 192.168.16.1
!
!
!
!
!
https-server vrf default

------------------------------
Mark Pallesen
------------------------------

Hi, try using the following config for the trunk ports:

interface 1/1/2
no shutdown
vlan trunk native 1
vlan trunk allowed 1,322​

------------------------------
Jorge Arriaza
------------------------------

Original Message:
Sent: May 28, 2022 06:05 AM
From: Mark Pallesen
Subject: CX6100 vlan issue

Hi,

I have a new CX6100 with latest firmware, my issue is on port 2>6 non device in those ports are able to access vlan 1 untagged, why ?


6100(config)# sh running-config
Current configuration:
!
!Version ArubaOS-CX PL.10.09.1020
!export-password: default
user admin group administrators password ciphertext AQBapRpxfMwp/3HdMt6ajgP81LWrUa2Gom8REcJJuJKOb00xlUbeZf8
ntp server pool.ntp.org minpoll 4 maxpoll 4 iburst
ntp enable
!
!
!
!
!
!
ssh server vrf default
ssh key-exchange-algorithms curve25519-sha256 curve25519-sha256@libssh.org ecdh-sha2-nistp256 ecdh-sha2-nistp384 ecdh-sha2-nistp521 diffie-hellman-group-exchange-sha256 diffie-hellman-group16-sha512 diffie-hellman-group18-sha512 diffie-hellman-group14-sha256 diffie-hellman-group14-sha1
vlan 1
vlan 322
name WiFi-Guest
spanning-tree
interface 1/1/1
no shutdown
description Sonicwall X0
vlan access 1
interface 1/1/2
no shutdown
description Sonicwall X2
vlan trunk native 1
vlan trunk allowed 322
interface 1/1/3
no shutdown
description AccessPoint
vlan trunk native 1
vlan trunk allowed 322
interface 1/1/4
no shutdown
description AccessPoint
vlan trunk native 1
vlan trunk allowed 322
interface 1/1/5
no shutdown
description AccessPoint
vlan trunk native 1
vlan trunk allowed 322
interface 1/1/6
no shutdown
description AccessPoint
vlan trunk native 1
vlan trunk allowed 322
interface 1/1/7
no shutdown
vlan access 1
interface 1/1/8
no shutdown
vlan access 1
interface vlan 1
ip address 192.168.16.2/24
no ip dhcp
ip route 0.0.0.0/0 192.168.16.1
!
!
!
!
!
https-server vrf default

------------------------------
Mark Pallesen
------------------------------