Airheads Community

5. RE: Port Config

Kudos

Nomis8849

Posted Dec 11, 2020 06:48 AM

| view attached

Morning Aaron, yep I was getting to that conclusion, if I do a Tracert 10.81.54.1 on the client connected to VLAN 53 it loops between 10.81.53.26 and 10.81.16.5.

I'm not a networking guy by trade, but I can follow most things but my only frame of reference is Cisco so I may have misconfigured the switch.

Any help would be grateful, config attached

Thanks, Simon

------------------------------
Simon Harbinson
------------------------------

Attachment(s)

CoreSWAirHeads.txt 10 KB 1 version

Original Message

Original Message:
Sent: Dec 11, 2020 06:15 AM
From: Aaron Fuentes Ohnell
Subject: Port Config

Hey Simon,

If the computer with IP 10.81.53.26 states this -> Reply from 10.81.53.26: Destination net unreachable it means that that specific computer has no way to kwow how to reach the network 10.81.54.0/24, does the computer have a default gateway configured?

Please post the whole configuration (removing sensitive data) and the show interface brief, that way we may see what's wrong.

Best regards,

Aarón

------------------------------
Aaron Fuentes Ohnell

Original Message:
Sent: Dec 10, 2020 09:11 AM
From: Simon Harbinson
Subject: Port Config

Hi, yep 2930M for routing, seems like it was a good idea when we started as it supports routing, according to the spec sheet, in practice maybe not as we had hoped. Yes I have enabled IP Routing (#IP Route) and Tagg and Untagged are configured already on Port 3

interface 3
tagged vlan 54,65
untagged vlan 67
spanning-tree bpdu-protection
exit

So this morning I confirmed that there is a routing issue. from a client on port 21 with an IP 10.81.53.26 attempting to ping the gateway of VLAN 54 (10.81.54.1) we get

Reply from 10.81.53.26: Destination net unreachable

As far as I can tell there are no SVI (sorry if that is Cisco terminology) on the VLANs, the two VLANs in question are configured like so

vlan 53
name "Wired_Admin_VLAN"
untagged 21-32
ip helper-address 10.81.16.10
ip address 10.81.53.1 255.255.255.0
exit

vlan 54
name "Wired_Staff_VLAN"
tagged 3
ip helper-address 10.81.16.10
ip address 10.81.54.1 255.255.255.0
exit

then creating this I did use:

conf t
int vlan 53
name "Wired_Admin_VLAN"
untagged 21-32
ip helper-address 10.81.16.10
ip address 10.81.53.1 255.255.255.0

I'm sure on the old Cisco's (cores not edges) we had that worked.

Simon

------------------------------
Simon Harbinson

Original Message:
Sent: Dec 10, 2020 08:47 AM
From: Alexis La Goutte
Subject: Port Config

Hi,

you are uisng 2930M for routing ?
Do you have enable the routing ? (ip routing)

For IAP, you need to untagged management vlan (67) and tagged other vlan

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281

Original Message:
Sent: Dec 09, 2020 04:11 PM
From: Simon Harbinson
Subject: Port Config

I'm looking for some guidance.

on Ports 1, 2 & 3 I have a cluster of IAPs with a virtual controller, IAPs are on VLAN 67, I have two Networks setup (Guest VLAN 65 & Corp. Staff VLAN 54).

The Client devices connect to the SSIDs without an issue, they are getting DHCP from the server, they (Phone, Tablet or Laptop) ping themself but not the gateway on the VLAN or any other device on teh network, other devices in the network can ping all gateways and other devices but not the Phone, Tablet or Laptop connected via Wifi.

The diagram I have attached hopefully make to easier, but the question is :

How do I configure the Port connecting the IAP cluster? (that the switch end)

I have tried setting tagged and untagged VLANs on a port but I'm still not able to ping the gateway between VLANs

I had tagged vlans 54,65 and untagged vlan 67 on ports 1, 2 & 3 but I may have gotten it wrong.

Any help would be great.

Thanks Simon

6. RE: Port Config
Best Answer

Kudos

fefa2k1

Posted Dec 11, 2020 07:04 AM

Hey Simon,

Your configuration is fine but you haven't passed VLANs 53 and 54 through ports that are UP, that's why it's not routing anything. To be able to use those SVIs you have to configure them on ports that are UP.

This should do the trick to enable those SVIs (you should see those being UP on the logs show log -r)
vlan 53 tagged 1
vlan 54 tagged 1

But do pass them to correct uplink ports (where you really need them to go) and to the computer where you are trying it out.

Please try it out and see if it works.

------------------------------
Aaron Fuentes Ohnell
------------------------------

Original Message

Original Message:
Sent: Dec 11, 2020 06:47 AM
From: Simon Harbinson
Subject: Port Config

Morning Aaron, yep I was getting to that conclusion, if I do a Tracert 10.81.54.1 on the client connected to VLAN 53 it loops between 10.81.53.26 and 10.81.16.5.

I'm not a networking guy by trade, but I can follow most things but my only frame of reference is Cisco so I may have misconfigured the switch.

Any help would be grateful, config attached

Thanks, Simon

------------------------------
Simon Harbinson

Original Message:
Sent: Dec 11, 2020 06:15 AM
From: Aaron Fuentes Ohnell
Subject: Port Config

Hey Simon,

If the computer with IP 10.81.53.26 states this -> Reply from 10.81.53.26: Destination net unreachable it means that that specific computer has no way to kwow how to reach the network 10.81.54.0/24, does the computer have a default gateway configured?

Please post the whole configuration (removing sensitive data) and the show interface brief, that way we may see what's wrong.

Best regards,

Aarón

------------------------------
Aaron Fuentes Ohnell

Original Message:
Sent: Dec 10, 2020 09:11 AM
From: Simon Harbinson
Subject: Port Config

Hi, yep 2930M for routing, seems like it was a good idea when we started as it supports routing, according to the spec sheet, in practice maybe not as we had hoped. Yes I have enabled IP Routing (#IP Route) and Tagg and Untagged are configured already on Port 3

interface 3
tagged vlan 54,65
untagged vlan 67
spanning-tree bpdu-protection
exit

So this morning I confirmed that there is a routing issue. from a client on port 21 with an IP 10.81.53.26 attempting to ping the gateway of VLAN 54 (10.81.54.1) we get

Reply from 10.81.53.26: Destination net unreachable

As far as I can tell there are no SVI (sorry if that is Cisco terminology) on the VLANs, the two VLANs in question are configured like so

vlan 53
name "Wired_Admin_VLAN"
untagged 21-32
ip helper-address 10.81.16.10
ip address 10.81.53.1 255.255.255.0
exit

vlan 54
name "Wired_Staff_VLAN"
tagged 3
ip helper-address 10.81.16.10
ip address 10.81.54.1 255.255.255.0
exit

then creating this I did use:

conf t
int vlan 53
name "Wired_Admin_VLAN"
untagged 21-32
ip helper-address 10.81.16.10
ip address 10.81.53.1 255.255.255.0

I'm sure on the old Cisco's (cores not edges) we had that worked.

Simon

------------------------------
Simon Harbinson

Original Message:
Sent: Dec 10, 2020 08:47 AM
From: Alexis La Goutte
Subject: Port Config

Hi,

you are uisng 2930M for routing ?
Do you have enable the routing ? (ip routing)

For IAP, you need to untagged management vlan (67) and tagged other vlan

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281

Original Message:
Sent: Dec 09, 2020 04:11 PM
From: Simon Harbinson
Subject: Port Config

I'm looking for some guidance.

on Ports 1, 2 & 3 I have a cluster of IAPs with a virtual controller, IAPs are on VLAN 67, I have two Networks setup (Guest VLAN 65 & Corp. Staff VLAN 54).

The Client devices connect to the SSIDs without an issue, they are getting DHCP from the server, they (Phone, Tablet or Laptop) ping themself but not the gateway on the VLAN or any other device on teh network, other devices in the network can ping all gateways and other devices but not the Phone, Tablet or Laptop connected via Wifi.

The diagram I have attached hopefully make to easier, but the question is :

How do I configure the Port connecting the IAP cluster? (that the switch end)

I have tried setting tagged and untagged VLANs on a port but I'm still not able to ping the gateway between VLANs

I had tagged vlans 54,65 and untagged vlan 67 on ports 1, 2 & 3 but I may have gotten it wrong.

Any help would be great.

Thanks Simon

7. RE: Port Config

Kudos

Nomis8849

Posted Dec 11, 2020 07:21 AM

Hi Aaron, thanks for that,

can I confirm, from what you're saying, (I may be misunderstanding you) if I configured 20 VLANs but only assigned then 15 of them to numerous port I can only ping those 15 the other 5 would be unreachable?

is that a networking thing or an Aruba thing?.

Simon

------------------------------
Simon Harbinson
------------------------------

Original Message

Original Message:
Sent: Dec 11, 2020 07:04 AM
From: Aaron Fuentes Ohnell
Subject: Port Config

Hey Simon,

Your configuration is fine but you haven't passed VLANs 53 and 54 through ports that are UP, that's why it's not routing anything. To be able to use those SVIs you have to configure them on ports that are UP.

This should do the trick to enable those SVIs (you should see those being UP on the logs show log -r)
vlan 53 tagged 1
vlan 54 tagged 1

But do pass them to correct uplink ports (where you really need them to go) and to the computer where you are trying it out.

Please try it out and see if it works.

------------------------------
Aaron Fuentes Ohnell

Original Message:
Sent: Dec 11, 2020 06:47 AM
From: Simon Harbinson
Subject: Port Config

Morning Aaron, yep I was getting to that conclusion, if I do a Tracert 10.81.54.1 on the client connected to VLAN 53 it loops between 10.81.53.26 and 10.81.16.5.

I'm not a networking guy by trade, but I can follow most things but my only frame of reference is Cisco so I may have misconfigured the switch.

Any help would be grateful, config attached

Thanks, Simon

------------------------------
Simon Harbinson

Original Message:
Sent: Dec 11, 2020 06:15 AM
From: Aaron Fuentes Ohnell
Subject: Port Config

Hey Simon,

If the computer with IP 10.81.53.26 states this -> Reply from 10.81.53.26: Destination net unreachable it means that that specific computer has no way to kwow how to reach the network 10.81.54.0/24, does the computer have a default gateway configured?

Please post the whole configuration (removing sensitive data) and the show interface brief, that way we may see what's wrong.

Best regards,

Aarón

------------------------------
Aaron Fuentes Ohnell

Original Message:
Sent: Dec 10, 2020 09:11 AM
From: Simon Harbinson
Subject: Port Config

Hi, yep 2930M for routing, seems like it was a good idea when we started as it supports routing, according to the spec sheet, in practice maybe not as we had hoped. Yes I have enabled IP Routing (#IP Route) and Tagg and Untagged are configured already on Port 3

interface 3
tagged vlan 54,65
untagged vlan 67
spanning-tree bpdu-protection
exit

So this morning I confirmed that there is a routing issue. from a client on port 21 with an IP 10.81.53.26 attempting to ping the gateway of VLAN 54 (10.81.54.1) we get

Reply from 10.81.53.26: Destination net unreachable

As far as I can tell there are no SVI (sorry if that is Cisco terminology) on the VLANs, the two VLANs in question are configured like so

vlan 53
name "Wired_Admin_VLAN"
untagged 21-32
ip helper-address 10.81.16.10
ip address 10.81.53.1 255.255.255.0
exit

vlan 54
name "Wired_Staff_VLAN"
tagged 3
ip helper-address 10.81.16.10
ip address 10.81.54.1 255.255.255.0
exit

then creating this I did use:

conf t
int vlan 53
name "Wired_Admin_VLAN"
untagged 21-32
ip helper-address 10.81.16.10
ip address 10.81.53.1 255.255.255.0

I'm sure on the old Cisco's (cores not edges) we had that worked.

Simon

------------------------------
Simon Harbinson

Original Message:
Sent: Dec 10, 2020 08:47 AM
From: Alexis La Goutte
Subject: Port Config

Hi,

you are uisng 2930M for routing ?
Do you have enable the routing ? (ip routing)

For IAP, you need to untagged management vlan (67) and tagged other vlan

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281

Original Message:
Sent: Dec 09, 2020 04:11 PM
From: Simon Harbinson
Subject: Port Config

I'm looking for some guidance.

on Ports 1, 2 & 3 I have a cluster of IAPs with a virtual controller, IAPs are on VLAN 67, I have two Networks setup (Guest VLAN 65 & Corp. Staff VLAN 54).

The Client devices connect to the SSIDs without an issue, they are getting DHCP from the server, they (Phone, Tablet or Laptop) ping themself but not the gateway on the VLAN or any other device on teh network, other devices in the network can ping all gateways and other devices but not the Phone, Tablet or Laptop connected via Wifi.

The diagram I have attached hopefully make to easier, but the question is :

How do I configure the Port connecting the IAP cluster? (that the switch end)

I have tried setting tagged and untagged VLANs on a port but I'm still not able to ping the gateway between VLANs

I had tagged vlans 54,65 and untagged vlan 67 on ports 1, 2 & 3 but I may have gotten it wrong.

Any help would be great.

Thanks Simon

8. RE: Port Config

Kudos

fefa2k1

Posted Dec 11, 2020 07:32 AM

Hi Simon,

No, if a VLAN is not tagged/untagged through a port that is UP then that VLAN is in a down state, ie. you can't ping it no matter what, not even from the switch itself. That's a network thing, not just Aruba.

If you need a computer to be on the same network as VLAN 53 then you have to pass that VLAN up to that computer, if not, the computer won't even reach the IP address configured on the switch (it's gateway).

Hope this makes sense.

------------------------------
Aaron Fuentes Ohnell
------------------------------

Original Message

Original Message:
Sent: Dec 11, 2020 07:21 AM
From: Simon Harbinson
Subject: Port Config

Hi Aaron, thanks for that,

can I confirm, from what you're saying, (I may be misunderstanding you) if I configured 20 VLANs but only assigned then 15 of them to numerous port I can only ping those 15 the other 5 would be unreachable?

is that a networking thing or an Aruba thing?.

Simon

------------------------------
Simon Harbinson

Original Message:
Sent: Dec 11, 2020 07:04 AM
From: Aaron Fuentes Ohnell
Subject: Port Config

Hey Simon,

Your configuration is fine but you haven't passed VLANs 53 and 54 through ports that are UP, that's why it's not routing anything. To be able to use those SVIs you have to configure them on ports that are UP.

This should do the trick to enable those SVIs (you should see those being UP on the logs show log -r)
vlan 53 tagged 1
vlan 54 tagged 1

But do pass them to correct uplink ports (where you really need them to go) and to the computer where you are trying it out.

Please try it out and see if it works.

------------------------------
Aaron Fuentes Ohnell

Original Message:
Sent: Dec 11, 2020 06:47 AM
From: Simon Harbinson
Subject: Port Config

Morning Aaron, yep I was getting to that conclusion, if I do a Tracert 10.81.54.1 on the client connected to VLAN 53 it loops between 10.81.53.26 and 10.81.16.5.

I'm not a networking guy by trade, but I can follow most things but my only frame of reference is Cisco so I may have misconfigured the switch.

Any help would be grateful, config attached

Thanks, Simon

------------------------------
Simon Harbinson

Original Message:
Sent: Dec 11, 2020 06:15 AM
From: Aaron Fuentes Ohnell
Subject: Port Config

Hey Simon,

If the computer with IP 10.81.53.26 states this -> Reply from 10.81.53.26: Destination net unreachable it means that that specific computer has no way to kwow how to reach the network 10.81.54.0/24, does the computer have a default gateway configured?

Please post the whole configuration (removing sensitive data) and the show interface brief, that way we may see what's wrong.

Best regards,

Aarón

------------------------------
Aaron Fuentes Ohnell

Original Message:
Sent: Dec 10, 2020 09:11 AM
From: Simon Harbinson
Subject: Port Config

Hi, yep 2930M for routing, seems like it was a good idea when we started as it supports routing, according to the spec sheet, in practice maybe not as we had hoped. Yes I have enabled IP Routing (#IP Route) and Tagg and Untagged are configured already on Port 3

interface 3
tagged vlan 54,65
untagged vlan 67
spanning-tree bpdu-protection
exit

So this morning I confirmed that there is a routing issue. from a client on port 21 with an IP 10.81.53.26 attempting to ping the gateway of VLAN 54 (10.81.54.1) we get

Reply from 10.81.53.26: Destination net unreachable

As far as I can tell there are no SVI (sorry if that is Cisco terminology) on the VLANs, the two VLANs in question are configured like so

vlan 53
name "Wired_Admin_VLAN"
untagged 21-32
ip helper-address 10.81.16.10
ip address 10.81.53.1 255.255.255.0
exit

vlan 54
name "Wired_Staff_VLAN"
tagged 3
ip helper-address 10.81.16.10
ip address 10.81.54.1 255.255.255.0
exit

then creating this I did use:

conf t
int vlan 53
name "Wired_Admin_VLAN"
untagged 21-32
ip helper-address 10.81.16.10
ip address 10.81.53.1 255.255.255.0

I'm sure on the old Cisco's (cores not edges) we had that worked.

Simon

------------------------------
Simon Harbinson

Original Message:
Sent: Dec 10, 2020 08:47 AM
From: Alexis La Goutte
Subject: Port Config

Hi,

you are uisng 2930M for routing ?
Do you have enable the routing ? (ip routing)

For IAP, you need to untagged management vlan (67) and tagged other vlan

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281

Original Message:
Sent: Dec 09, 2020 04:11 PM
From: Simon Harbinson
Subject: Port Config

I'm looking for some guidance.

on Ports 1, 2 & 3 I have a cluster of IAPs with a virtual controller, IAPs are on VLAN 67, I have two Networks setup (Guest VLAN 65 & Corp. Staff VLAN 54).

The Client devices connect to the SSIDs without an issue, they are getting DHCP from the server, they (Phone, Tablet or Laptop) ping themself but not the gateway on the VLAN or any other device on teh network, other devices in the network can ping all gateways and other devices but not the Phone, Tablet or Laptop connected via Wifi.

The diagram I have attached hopefully make to easier, but the question is :

How do I configure the Port connecting the IAP cluster? (that the switch end)

I have tried setting tagged and untagged VLANs on a port but I'm still not able to ping the gateway between VLANs

I had tagged vlans 54,65 and untagged vlan 67 on ports 1, 2 & 3 but I may have gotten it wrong.

Any help would be great.

Thanks Simon

9. RE: Port Config

Kudos

Nomis8849

Posted Dec 11, 2020 08:08 AM
Edited by Nomis8849 Dec 11, 2020 08:25 AM

OK, I think I got it, but if not don't worry slow brain filter I'll get it in about an hour or two.:)

So we are saying is that regardless that VLAN 54 is tagged to port 3 because Port 3 down the VLAN is down.

Again Aaron, thanks this has helped.

Simon

------------------------------
Simon Harbinson
------------------------------

Original Message

Original Message:
Sent: Dec 11, 2020 07:31 AM
From: Aaron Fuentes Ohnell
Subject: Port Config

Hi Simon,

No, if a VLAN is not tagged/untagged through a port that is UP then that VLAN is in a down state, ie. you can't ping it no matter what, not even from the switch itself. That's a network thing, not just Aruba.

If you need a computer to be on the same network as VLAN 53 then you have to pass that VLAN up to that computer, if not, the computer won't even reach the IP address configured on the switch (it's gateway).

Hope this makes sense.

------------------------------
Aaron Fuentes Ohnell

Original Message:
Sent: Dec 11, 2020 07:21 AM
From: Simon Harbinson
Subject: Port Config

Hi Aaron, thanks for that,

can I confirm, from what you're saying, (I may be misunderstanding you) if I configured 20 VLANs but only assigned then 15 of them to numerous port I can only ping those 15 the other 5 would be unreachable?

is that a networking thing or an Aruba thing?.

Simon

------------------------------
Simon Harbinson

Original Message:
Sent: Dec 11, 2020 07:04 AM
From: Aaron Fuentes Ohnell
Subject: Port Config

Hey Simon,

Your configuration is fine but you haven't passed VLANs 53 and 54 through ports that are UP, that's why it's not routing anything. To be able to use those SVIs you have to configure them on ports that are UP.

This should do the trick to enable those SVIs (you should see those being UP on the logs show log -r)
vlan 53 tagged 1
vlan 54 tagged 1

But do pass them to correct uplink ports (where you really need them to go) and to the computer where you are trying it out.

Please try it out and see if it works.

------------------------------
Aaron Fuentes Ohnell

Original Message:
Sent: Dec 11, 2020 06:47 AM
From: Simon Harbinson
Subject: Port Config

Morning Aaron, yep I was getting to that conclusion, if I do a Tracert 10.81.54.1 on the client connected to VLAN 53 it loops between 10.81.53.26 and 10.81.16.5.

I'm not a networking guy by trade, but I can follow most things but my only frame of reference is Cisco so I may have misconfigured the switch.

Any help would be grateful, config attached

Thanks, Simon

------------------------------
Simon Harbinson

Original Message:
Sent: Dec 11, 2020 06:15 AM
From: Aaron Fuentes Ohnell
Subject: Port Config

Hey Simon,

If the computer with IP 10.81.53.26 states this -> Reply from 10.81.53.26: Destination net unreachable it means that that specific computer has no way to kwow how to reach the network 10.81.54.0/24, does the computer have a default gateway configured?

Please post the whole configuration (removing sensitive data) and the show interface brief, that way we may see what's wrong.

Best regards,

Aarón

------------------------------
Aaron Fuentes Ohnell

Original Message:
Sent: Dec 10, 2020 09:11 AM
From: Simon Harbinson
Subject: Port Config

Hi, yep 2930M for routing, seems like it was a good idea when we started as it supports routing, according to the spec sheet, in practice maybe not as we had hoped. Yes I have enabled IP Routing (#IP Route) and Tagg and Untagged are configured already on Port 3

interface 3
tagged vlan 54,65
untagged vlan 67
spanning-tree bpdu-protection
exit

So this morning I confirmed that there is a routing issue. from a client on port 21 with an IP 10.81.53.26 attempting to ping the gateway of VLAN 54 (10.81.54.1) we get

Reply from 10.81.53.26: Destination net unreachable

As far as I can tell there are no SVI (sorry if that is Cisco terminology) on the VLANs, the two VLANs in question are configured like so

vlan 53
name "Wired_Admin_VLAN"
untagged 21-32
ip helper-address 10.81.16.10
ip address 10.81.53.1 255.255.255.0
exit

vlan 54
name "Wired_Staff_VLAN"
tagged 3
ip helper-address 10.81.16.10
ip address 10.81.54.1 255.255.255.0
exit

then creating this I did use:

conf t
int vlan 53
name "Wired_Admin_VLAN"
untagged 21-32
ip helper-address 10.81.16.10
ip address 10.81.53.1 255.255.255.0

I'm sure on the old Cisco's (cores not edges) we had that worked.

Simon

------------------------------
Simon Harbinson

Original Message:
Sent: Dec 10, 2020 08:47 AM
From: Alexis La Goutte
Subject: Port Config

Hi,

you are uisng 2930M for routing ?
Do you have enable the routing ? (ip routing)

For IAP, you need to untagged management vlan (67) and tagged other vlan

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281

Original Message:
Sent: Dec 09, 2020 04:11 PM
From: Simon Harbinson
Subject: Port Config

I'm looking for some guidance.

on Ports 1, 2 & 3 I have a cluster of IAPs with a virtual controller, IAPs are on VLAN 67, I have two Networks setup (Guest VLAN 65 & Corp. Staff VLAN 54).

The Client devices connect to the SSIDs without an issue, they are getting DHCP from the server, they (Phone, Tablet or Laptop) ping themself but not the gateway on the VLAN or any other device on teh network, other devices in the network can ping all gateways and other devices but not the Phone, Tablet or Laptop connected via Wifi.

The diagram I have attached hopefully make to easier, but the question is :

How do I configure the Port connecting the IAP cluster? (that the switch end)

I have tried setting tagged and untagged VLANs on a port but I'm still not able to ping the gateway between VLANs

I had tagged vlans 54,65 and untagged vlan 67 on ports 1, 2 & 3 but I may have gotten it wrong.

Any help would be great.

Thanks Simon

10. RE: Port Config

Kudos

fefa2k1

Posted Dec 11, 2020 08:57 AM

Yes, as soon as you tag/untag that VLAN to a port that is UP then the VLAN will come UP.

Cheers

------------------------------
Aaron Fuentes Ohnell
------------------------------

Original Message

Original Message:
Sent: Dec 11, 2020 08:08 AM
From: Simon Harbinson
Subject: Port Config

OK, I think I got it, but if not don't worry slow brain filter I'll get it in about an hour or two.:)

So we are saying is that regardless that VLAN 54 is tagged to port 3 because Port 3 down the VLAN is down.

Again Aaron, thanks this has helped.

Simon

------------------------------
Simon Harbinson

Original Message:
Sent: Dec 11, 2020 07:31 AM
From: Aaron Fuentes Ohnell
Subject: Port Config

Hi Simon,

No, if a VLAN is not tagged/untagged through a port that is UP then that VLAN is in a down state, ie. you can't ping it no matter what, not even from the switch itself. That's a network thing, not just Aruba.

If you need a computer to be on the same network as VLAN 53 then you have to pass that VLAN up to that computer, if not, the computer won't even reach the IP address configured on the switch (it's gateway).

Hope this makes sense.

------------------------------
Aaron Fuentes Ohnell

Original Message:
Sent: Dec 11, 2020 07:21 AM
From: Simon Harbinson
Subject: Port Config

Hi Aaron, thanks for that,

can I confirm, from what you're saying, (I may be misunderstanding you) if I configured 20 VLANs but only assigned then 15 of them to numerous port I can only ping those 15 the other 5 would be unreachable?

is that a networking thing or an Aruba thing?.

Simon

------------------------------
Simon Harbinson

Original Message:
Sent: Dec 11, 2020 07:04 AM
From: Aaron Fuentes Ohnell
Subject: Port Config

Hey Simon,

Your configuration is fine but you haven't passed VLANs 53 and 54 through ports that are UP, that's why it's not routing anything. To be able to use those SVIs you have to configure them on ports that are UP.

This should do the trick to enable those SVIs (you should see those being UP on the logs show log -r)
vlan 53 tagged 1
vlan 54 tagged 1

But do pass them to correct uplink ports (where you really need them to go) and to the computer where you are trying it out.

Please try it out and see if it works.

------------------------------
Aaron Fuentes Ohnell

Original Message:
Sent: Dec 11, 2020 06:47 AM
From: Simon Harbinson
Subject: Port Config

Morning Aaron, yep I was getting to that conclusion, if I do a Tracert 10.81.54.1 on the client connected to VLAN 53 it loops between 10.81.53.26 and 10.81.16.5.

I'm not a networking guy by trade, but I can follow most things but my only frame of reference is Cisco so I may have misconfigured the switch.

Any help would be grateful, config attached

Thanks, Simon

------------------------------
Simon Harbinson

Original Message:
Sent: Dec 11, 2020 06:15 AM
From: Aaron Fuentes Ohnell
Subject: Port Config

Hey Simon,

If the computer with IP 10.81.53.26 states this -> Reply from 10.81.53.26: Destination net unreachable it means that that specific computer has no way to kwow how to reach the network 10.81.54.0/24, does the computer have a default gateway configured?

Please post the whole configuration (removing sensitive data) and the show interface brief, that way we may see what's wrong.

Best regards,

Aarón

------------------------------
Aaron Fuentes Ohnell

Original Message:
Sent: Dec 10, 2020 09:11 AM
From: Simon Harbinson
Subject: Port Config

Hi, yep 2930M for routing, seems like it was a good idea when we started as it supports routing, according to the spec sheet, in practice maybe not as we had hoped. Yes I have enabled IP Routing (#IP Route) and Tagg and Untagged are configured already on Port 3

interface 3
tagged vlan 54,65
untagged vlan 67
spanning-tree bpdu-protection
exit

So this morning I confirmed that there is a routing issue. from a client on port 21 with an IP 10.81.53.26 attempting to ping the gateway of VLAN 54 (10.81.54.1) we get

Reply from 10.81.53.26: Destination net unreachable

As far as I can tell there are no SVI (sorry if that is Cisco terminology) on the VLANs, the two VLANs in question are configured like so

vlan 53
name "Wired_Admin_VLAN"
untagged 21-32
ip helper-address 10.81.16.10
ip address 10.81.53.1 255.255.255.0
exit

vlan 54
name "Wired_Staff_VLAN"
tagged 3
ip helper-address 10.81.16.10
ip address 10.81.54.1 255.255.255.0
exit

then creating this I did use:

conf t
int vlan 53
name "Wired_Admin_VLAN"
untagged 21-32
ip helper-address 10.81.16.10
ip address 10.81.53.1 255.255.255.0

I'm sure on the old Cisco's (cores not edges) we had that worked.

Simon

------------------------------
Simon Harbinson

Original Message:
Sent: Dec 10, 2020 08:47 AM
From: Alexis La Goutte
Subject: Port Config

Hi,

you are uisng 2930M for routing ?
Do you have enable the routing ? (ip routing)

For IAP, you need to untagged management vlan (67) and tagged other vlan

------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..

ACEP / ACMX #107 / ACDX #1281

Original Message:
Sent: Dec 09, 2020 04:11 PM
From: Simon Harbinson
Subject: Port Config

I'm looking for some guidance.

on Ports 1, 2 & 3 I have a cluster of IAPs with a virtual controller, IAPs are on VLAN 67, I have two Networks setup (Guest VLAN 65 & Corp. Staff VLAN 54).

The Client devices connect to the SSIDs without an issue, they are getting DHCP from the server, they (Phone, Tablet or Laptop) ping themself but not the gateway on the VLAN or any other device on teh network, other devices in the network can ping all gateways and other devices but not the Phone, Tablet or Laptop connected via Wifi.

The diagram I have attached hopefully make to easier, but the question is :

How do I configure the Port connecting the IAP cluster? (that the switch end)

I have tried setting tagged and untagged VLANs on a port but I'm still not able to ping the gateway between VLANs

I had tagged vlans 54,65 and untagged vlan 67 on ports 1, 2 & 3 but I may have gotten it wrong.

Any help would be great.

Thanks Simon

Wired Intelligent Edge

Port Config

Nomis8849Dec 09, 2020 04:12 PM

alagoutteDec 10, 2020 08:47 AM

Nomis8849Dec 10, 2020 09:12 AM

fefa2k1Dec 11, 2020 06:16 AM

Nomis8849Dec 11, 2020 06:48 AM

fefa2k1Dec 11, 2020 07:04 AMBest Answer

Nomis8849Dec 11, 2020 07:21 AM

fefa2k1Dec 11, 2020 07:32 AM

Nomis8849Dec 11, 2020 08:08 AM

fefa2k1Dec 11, 2020 08:57 AM

1. Port Config

2. RE: Port Config

3. RE: Port Config

4. RE: Port Config

5. RE: Port Config

6. RE: Port Config
Best Answer

7. RE: Port Config

8. RE: Port Config

9. RE: Port Config

10. RE: Port Config