From what you describe, I suspect there is a 'loop' in your network and it is running over that port G0/1/3 with a SFP cable 'doing nothing'. Spanning-tree will prevent loops in you network by disabling ports that form a loop as if you have a loop packets will start going around in the network forever till it is dropped when an interface fills up. That also matches your losing access to the switch experience.
If the G0/1/3 cable is doing nothing, where is it going?? I think if you remove it, and try again you may be in better luck.
Either enable spanning-tree (STP) to prevent loops, and accept spanning tree delays (or configure 'portfast' on your ports); or when you disable STP make sure you will not ever have a loop in your network.
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
Original Message:
Sent: Dec 10, 2020 10:02 PM
From: matt sorensen
Subject: S2500 30+ Seconds for clients to access the network
Thank you for the suggestions, DHCP Snooping was disabled, But Spanning tree was enabled. I was able to disable spanning tree, But then I lost access to the switch(The switch really lost access to random devices). I thought this was because I was doing it via ssh, So i bought a console cable. I have the same issue with the console cable. Once I disable spanning tree I lose access to random devices, I can ping the internet but not the router. I can ping some servers sometimes, I pinged on 3 times and got 40%, 100%, and 0%. So totally random results. Hopefully you can shed some light on this. I have a basic understanding of this but not enough apparently.
It seems like the switch has a hard time communicating across the VLANS when STP is disabled. I can access resources on the native Vlan reliably but anything else is spotty at best. Let me know what else would be helpful here.
My network is as follows.
Modem into Pfsense 1 cable into the switch Then cables off to end points, with nothing coming back around. There are about 6 Vlan's setup. All the routing should be happening on PfSense(not sure if this is the cause)
After the issues I was having I re-enabled spanning-tree and everything started working again, I ran "show spanning-tree" and it was blocking all the listed ports, not sure if this is normal as this was right after I enabled it again. Then I ran it later to paste into this thread and it is now mostly Forwarding.
We can ignore all the later ports as I can remove them for Troubleshooting, The devices are connected as follows
0/0 - Wan in(From PfSense)
0/1 - Out to WAP(Unifi)
0/2 - Out to Server (Proxmox, These ports are only for Corosync traffic(Internal communication between the Nodes of the Cluster))
0/3 - Out to second server
0/4 - Raspberry Pi
0/5 - goes to a 4 port switch connected to Cameras
0/10 - windows pc
0/11 windows pc
0/24 Another Pi
0/25 -Nvidia Shield
0/26 - Out to server
0/27- Out to second server Vlan.
PC0 is 2 ports in LACP for Freenas
1/0 1/3 is just a SFP+ cable from one port to the other, Filling the slot basically, no function currently.
(Aruba) #show spanning-treeMST 0Root ID Address: 000b.86b1.21c0, Priority: 32768Regional Root ID Address: 000b.86b1.21c0, Priority: 32768Bridge ID Address: 000b.86b1.21c0, Priority: 32768External root path cost 0, Internal root path cost 0Last TC received on intf GE0/1/3, on 2020-12-10 20:30:53 (MDT)Interface Role State Port Id Cost Type--------- ---- ----- ------- ---- ----GE0/0/0 Desg FWD 128.1 20000 P2pGE0/0/1 Desg FWD 128.2 20000 P2pGE0/0/2 Desg FWD 128.3 20000 P2pGE0/0/3 Desg FWD 128.4 20000 P2pGE0/0/5 Desg FWD 128.6 20000 P2pGE0/0/10 Desg FWD 128.11 20000 P2pGE0/0/11 Desg FWD 128.12 2000000 P2pGE0/0/24 Desg FWD 128.25 20000 P2pGE0/0/25 Desg FWD 128.26 20000 P2pGE0/0/26 Desg FWD 128.27 20000 P2pGE0/0/27 Desg FWD 128.28 20000 P2pGE0/1/0 Desg FWD 128.129 2000 P2pGE0/1/3 Bkup BLK 128.132 2000 P2pPc0 Desg FWD 128.1441 18000 P2p
(Aruba) #show vlan DetailU - Untagged member, T - Tagged member* - Active interfaceDot1q tag: 1, Description: VLAN0001Number of interfaces: 42, Active: 6, Non-Blocking: 5VLAN membership:Access: GE0/0/8(U) GE0/0/9(U)Trunk: GE0/0/0*(U) GE0/0/0*(T) GE0/0/1*(U) GE0/0/1*(T) GE0/0/2*(U) GE0/0/2*(T) GE0/0/3*(U) GE0/0/3*(T) GE0/0/6(U) GE0/0/6(T) GE0/0/7(U) GE0/0/7(T) GE0/0/12(U) GE0/0/12(T) GE0/0/13(U) GE0/0/13(T) GE0/0/14(U) GE0/0/14(T) GE0/0/15(U) GE0/0/15(T) GE0/0/16(U) GE0/0/16(T) GE0/0/17(U) GE0/0/17(T) GE0/0/18(U) GE0/0/18(T) GE0/0/19(U) GE0/0/19(T) GE0/0/20(U) GE0/0/20(T) GE0/0/21(U) GE0/0/21(T) GE0/0/22(U) GE0/0/22(T) GE0/0/23(U) GE0/0/23(T) GE0/0/28(U) GE0/0/28(T) GE0/0/29(U) GE0/0/29(T) GE0/0/30(U) GE0/0/30(T) GE0/0/31(U) GE0/0/31(T) GE0/0/32(U) GE0/0/32(T) GE0/0/33(U) GE0/0/33(T) GE0/0/34(U) GE0/0/34(T) GE0/0/35(U) GE0/0/35(T) GE0/0/36(U) GE0/0/36(T) GE0/0/37(U) GE0/0/37(T) GE0/0/38(U) GE0/0/38(T) GE0/0/39(U) GE0/0/39(T) GE0/0/40(U) GE0/0/40(T) GE0/0/41(U) GE0/0/41(T) GE0/0/42(U) GE0/0/42(T) GE0/0/43(U) GE0/0/43(T) GE0/0/44(U) GE0/0/44(T) GE0/0/45(U) GE0/0/45(T) GE0/1/0*(U) GE0/1/0*(T) GE0/1/1(U) GE0/1/1(T) GE0/1/2(U) GE0/1/2(T) GE0/1/3*(U) GE0/1/3*(T)Dot1q tag: 2, Description: SecureNumber of interfaces: 46, Active: 12, Non-Blocking: 11VLAN membership:Access: GE0/0/10*(U) GE0/0/11*(U) GE0/0/25*(U) GE0/0/26*(U) GE0/0/27*(U) Pc0*(U)Trunk: GE0/0/0*(T) GE0/0/1*(T) GE0/0/2*(T) GE0/0/3*(T) GE0/0/6(T) GE0/0/7(T) GE0/0/12(T) GE0/0/13(T) GE0/0/14(T) GE0/0/15(T) GE0/0/16(T) GE0/0/17(T) GE0/0/18(T) GE0/0/19(T) GE0/0/20(T) GE0/0/21(T) GE0/0/22(T) GE0/0/23(T) GE0/0/28(T) GE0/0/29(T) GE0/0/30(T) GE0/0/31(T) GE0/0/32(T) GE0/0/33(T) GE0/0/34(T) GE0/0/35(T) GE0/0/36(T) GE0/0/37(T) GE0/0/38(T) GE0/0/39(T) GE0/0/40(T) GE0/0/41(T) GE0/0/42(T) GE0/0/43(T) GE0/0/44(T) GE0/0/45(T) GE0/1/0*(T) GE0/1/1(T) GE0/1/2(T) GE0/1/3*(T)Dot1q tag: 5, Description: CamNumber of interfaces: 41, Active: 7, Non-Blocking: 6VLAN membership:Access: GE0/0/5*(U)Trunk: GE0/0/0*(T) GE0/0/1*(T) GE0/0/2*(T) GE0/0/3*(T) GE0/0/6(T) GE0/0/7(T) GE0/0/12(T) GE0/0/13(T) GE0/0/14(T) GE0/0/15(T) GE0/0/16(T) GE0/0/17(T) GE0/0/18(T) GE0/0/19(T) GE0/0/20(T) GE0/0/21(T) GE0/0/22(T) GE0/0/23(T) GE0/0/28(T) GE0/0/29(T) GE0/0/30(T) GE0/0/31(T) GE0/0/32(T) GE0/0/33(T) GE0/0/34(T) GE0/0/35(T) GE0/0/36(T) GE0/0/37(T) GE0/0/38(T) GE0/0/39(T) GE0/0/40(T) GE0/0/41(T) GE0/0/42(T) GE0/0/43(T) GE0/0/44(T) GE0/0/45(T) GE0/1/0*(T) GE0/1/1(T) GE0/1/2(T) GE0/1/3*(T)Dot1q tag: 8, Description: KidsNumber of interfaces: 40, Active: 6, Non-Blocking: 5VLAN membership:Trunk: GE0/0/0*(T) GE0/0/1*(T) GE0/0/2*(T) GE0/0/3*(T) GE0/0/6(T) GE0/0/7(T) GE0/0/12(T) GE0/0/13(T) GE0/0/14(T) GE0/0/15(T) GE0/0/16(T) GE0/0/17(T) GE0/0/18(T) GE0/0/19(T) GE0/0/20(T) GE0/0/21(T) GE0/0/22(T) GE0/0/23(T) GE0/0/28(T) GE0/0/29(T) GE0/0/30(T) GE0/0/31(T) GE0/0/32(T) GE0/0/33(T) GE0/0/34(T) GE0/0/35(T) GE0/0/36(T) GE0/0/37(T) GE0/0/38(T) GE0/0/39(T) GE0/0/40(T) GE0/0/41(T) GE0/0/42(T) GE0/0/43(T) GE0/0/44(T) GE0/0/45(T) GE0/1/0*(T) GE0/1/1(T) GE0/1/2(T) GE0/1/3*(T)Dot1q tag: 10, Description: IOTNumber of interfaces: 42, Active: 7, Non-Blocking: 6VLAN membership:Access: GE0/0/4(U) GE0/0/24*(U)Trunk: GE0/0/0*(T) GE0/0/1*(T) GE0/0/2*(T) GE0/0/3*(T) GE0/0/6(T) GE0/0/7(T) GE0/0/12(T) GE0/0/13(T) GE0/0/14(T) GE0/0/15(T) GE0/0/16(T) GE0/0/17(T) GE0/0/18(T) GE0/0/19(T) GE0/0/20(T) GE0/0/21(T) GE0/0/22(T) GE0/0/23(T) GE0/0/28(T) GE0/0/29(T) GE0/0/30(T) GE0/0/31(T) GE0/0/32(T) GE0/0/33(T) GE0/0/34(T) GE0/0/35(T) GE0/0/36(T) GE0/0/37(T) GE0/0/38(T) GE0/0/39(T) GE0/0/40(T) GE0/0/41(T) GE0/0/42(T) GE0/0/43(T) GE0/0/44(T) GE0/0/45(T) GE0/1/0*(T) GE0/1/1(T) GE0/1/2(T) GE0/1/3*(T)Dot1q tag: 14, Description: workNumber of interfaces: 40, Active: 6, Non-Blocking: 5VLAN membership:Trunk: GE0/0/0*(T) GE0/0/1*(T) GE0/0/2*(T) GE0/0/3*(T) GE0/0/6(T) GE0/0/7(T) GE0/0/12(T) GE0/0/13(T) GE0/0/14(T) GE0/0/15(T) GE0/0/16(T) GE0/0/17(T) GE0/0/18(T) GE0/0/19(T) GE0/0/20(T) GE0/0/21(T) GE0/0/22(T) GE0/0/23(T) GE0/0/28(T) GE0/0/29(T) GE0/0/30(T) GE0/0/31(T) GE0/0/32(T) GE0/0/33(T) GE0/0/34(T) GE0/0/35(T) GE0/0/36(T) GE0/0/37(T) GE0/0/38(T) GE0/0/39(T) GE0/0/40(T) GE0/0/41(T) GE0/0/42(T) GE0/0/43(T) GE0/0/44(T) GE0/0/45(T) GE0/1/0*(T) GE0/1/1(T) GE0/1/2(T) GE0/1/3*(T)
(Aruba) #show port statusInterface Admin Line Protocol Link PoE Trusted Mode--------- ----- ------------- ---- --- ------- ----GE0/0/0 Enable Up Up Enable Yes TrunkGE0/0/1 Enable Up Up Enable Yes TrunkGE0/0/2 Enable Up Up Enable Yes TrunkGE0/0/3 Enable Up Up Enable Yes TrunkGE0/0/4 Enable Down Down Enable Yes AccessGE0/0/5 Enable Up Up Enable Yes AccessGE0/0/6 Enable Down Down Enable Yes TrunkGE0/0/7 Enable Down Down Enable Yes TrunkGE0/0/8 Enable Down Down Enable Yes AccessGE0/0/9 Enable Down Down Enable Yes AccessGE0/0/10 Enable Up Up Enable Yes AccessGE0/0/11 Enable Up Up Enable Yes AccessGE0/0/12 Enable Down Down Enable Yes TrunkGE0/0/13 Enable Down Down Enable Yes TrunkGE0/0/14 Enable Down Down Enable Yes TrunkGE0/0/15 Enable Down Down Enable Yes TrunkGE0/0/16 Enable Down Down Enable Yes TrunkGE0/0/17 Enable Down Down Enable Yes TrunkGE0/0/18 Enable Down Down Enable Yes TrunkGE0/0/19 Enable Down Down Enable Yes TrunkGE0/0/20 Enable Down Down Enable Yes TrunkGE0/0/21 Enable Down Down Enable Yes TrunkGE0/0/22 Enable Down Down Enable Yes TrunkGE0/0/23 Enable Down Down Enable Yes TrunkGE0/0/24 Enable Up Up Enable Yes AccessGE0/0/25 Enable Up Up Enable Yes AccessGE0/0/26 Enable Up Up Enable Yes AccessGE0/0/27 Enable Up Up Enable Yes AccessGE0/0/28 Enable Down Down Enable Yes TrunkGE0/0/29 Enable Down Down Enable Yes TrunkGE0/0/30 Enable Down Down Enable Yes TrunkGE0/0/31 Enable Down Down Enable Yes TrunkGE0/0/32 Enable Down Down Enable Yes TrunkGE0/0/33 Enable Down Down Enable Yes TrunkGE0/0/34 Enable Down Down Enable Yes TrunkGE0/0/35 Enable Down Down Enable Yes TrunkGE0/0/36 Enable Down Down Enable Yes TrunkGE0/0/37 Enable Down Down Enable Yes TrunkGE0/0/38 Enable Down Down Enable Yes TrunkGE0/0/39 Enable Down Down Enable Yes TrunkGE0/0/40 Enable Down Down Enable Yes TrunkGE0/0/41 Enable Down Down Enable Yes TrunkGE0/0/42 Enable Down Down Enable Yes TrunkGE0/0/43 Enable Down Down Enable Yes TrunkGE0/0/44 Enable Down Down Enable Yes TrunkGE0/0/45 Enable Down Down Enable Yes TrunkGE0/0/46 Enable Up Up DisableGE0/0/47 Enable Up Up DisableGE0/1/0 Enable Up Up Yes TrunkGE0/1/1 Enable Down Down Yes TrunkGE0/1/2 Enable Down Down Yes TrunkGE0/1/3 Enable Up Up Yes TrunkPc0 Enable Up Up Yes Access(Aruba) #show port statusInterface Admin Line Protocol Link PoE Trusted Mode--------- ----- ------------- ---- --- ------- ----GE0/0/0 Enable Up Up Enable Yes TrunkGE0/0/1 Enable Up Up Enable Yes TrunkGE0/0/2 Enable Up Up Enable Yes TrunkGE0/0/3 Enable Up Up Enable Yes TrunkGE0/0/4 Enable Down Down Enable Yes AccessGE0/0/5 Enable Up Up Enable Yes AccessGE0/0/6 Enable Down Down Enable Yes TrunkGE0/0/7 Enable Down Down Enable Yes TrunkGE0/0/8 Enable Down Down Enable Yes AccessGE0/0/9 Enable Down Down Enable Yes AccessGE0/0/10 Enable Up Up Enable Yes AccessGE0/0/11 Enable Up Up Enable Yes AccessGE0/0/12 Enable Down Down Enable Yes TrunkGE0/0/13 Enable Down Down Enable Yes TrunkGE0/0/14 Enable Down Down Enable Yes TrunkGE0/0/15 Enable Down Down Enable Yes TrunkGE0/0/16 Enable Down Down Enable Yes TrunkGE0/0/17 Enable Down Down Enable Yes TrunkGE0/0/18 Enable Down Down Enable Yes TrunkGE0/0/19 Enable Down Down Enable Yes TrunkGE0/0/20 Enable Down Down Enable Yes TrunkGE0/0/21 Enable Down Down Enable Yes TrunkGE0/0/22 Enable Down Down Enable Yes TrunkGE0/0/23 Enable Down Down Enable Yes TrunkGE0/0/24 Enable Up Up Enable Yes AccessGE0/0/25 Enable Up Up Enable Yes AccessGE0/0/26 Enable Up Up Enable Yes AccessGE0/0/27 Enable Up Up Enable Yes AccessGE0/0/28 Enable Down Down Enable Yes TrunkGE0/0/29 Enable Down Down Enable Yes TrunkGE0/0/30 Enable Down Down Enable Yes TrunkGE0/0/31 Enable Down Down Enable Yes TrunkGE0/0/32 Enable Down Down Enable Yes TrunkGE0/0/33 Enable Down Down Enable Yes TrunkGE0/0/34 Enable Down Down Enable Yes TrunkGE0/0/35 Enable Down Down Enable Yes TrunkGE0/0/36 Enable Down Down Enable Yes TrunkGE0/0/37 Enable Down Down Enable Yes TrunkGE0/0/38 Enable Down Down Enable Yes TrunkGE0/0/39 Enable Down Down Enable Yes TrunkGE0/0/40 Enable Down Down Enable Yes TrunkGE0/0/41 Enable Down Down Enable Yes TrunkGE0/0/42 Enable Down Down Enable Yes TrunkGE0/0/43 Enable Down Down Enable Yes TrunkGE0/0/44 Enable Down Down Enable Yes TrunkGE0/0/45 Enable Down Down Enable Yes TrunkGE0/0/46 Enable Up Up DisableGE0/0/47 Enable Up Up DisableGE0/1/0 Enable Up Up Yes TrunkGE0/1/1 Enable Down Down Yes TrunkGE0/1/2 Enable Down Down Yes TrunkGE0/1/3 Enable Up Up Yes TrunkPc0 Enable Up Up Yes Access
------------------------------
matt sorensen
Original Message:
Sent: Dec 08, 2020 09:33 AM
From: Herman Robers
Subject: S2500 30+ Seconds for clients to access the network
The description points to Spanning Tree Protocol (STP), which blocks ports for 30 seconds to detect network loops before a port becomes on-line.
Do you have spanning tree possibly enabled (show spanning-tree)?
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
Original Message:
Sent: Dec 06, 2020 03:48 PM
From: matt sorensen
Subject: S2500 30+ Seconds for clients to access the network
<><<><><
Sorry I didn't notice the "To" Section until I hit post, Sorry for the inconvenience. This is not feedback, But rather seeking help.
<><><><<><<
I recently installed an Aruba S2500 48P into my network, Ever since clients have been taking over 30 seconds to get an address and successfully access the network. I've tried removing the switch and going straight into the DHCP/DNS Server, This drops the time to network access to less than 5 seconds. I'm not sure what logs would be helpful here so please let me know what would help. This is reproducible, every time I start these computers, or disable/enable an interface this will happen. Once they have their Connection all is well. I'm not 100% it's DHCP but seems the likely place as during the setup they can't access internal resources even via IP.
I've tried going back to the Firmware that was on the switch when I got it, 7.4.0.2 - Issue persists here as well.
I've tried on the native Vlan, and off - Same delay
I've tried having the ports set as truck and access - same delay.
Hardware
Pfsense as Router/Firewall/DNS server/DHCP server
Connected directly to Aruba S2500
The switch has DHCP Disabled, DHCP Relay is also disabled.
Windows machines, servers, and AP's then plugged into the switch.
Software
I've defined 5 Vlans both on the switch and in Pfsense. All other functionality is working correctly as far as I've seen.
Again, I'm not sure exactly what would be helpful here, So please let me know and I will be sure to include it. Any help is greatly appreciated. Thanks for your time.
Switch - Aruba S2500-48P 7.4.0.2/7.4.1.12
DHCP Server - Pfsense 2.5.X
Clients - Windows 10, Unifi AP, Ubuntu 20.04
------------------------------
Matt S
Model: ArubaS2500-48P (Primary)
Version: 7.4.1.12
------------------------------