Background:
We are migrating away from our Cisco Ecosystem to HPE Aruba. Our Cisco Switches have an Access VLAN and Voice VLAN, which to emulate on Aruba requires making the port a trunk port with the Native VLAN being the Access VLAN, and the Allowed VLANs being the Access and Voice VLAN. We are trying to put Spanning-Tree on these Trunk "Access" Ports to make it as close as possible to how Cisco would process.
Device:
6200F 48G CL4 4SFP+740W with ML.10.13.1010 Firmware
The issue:
It appears that when the port is in Trunk mode it disregards Spanning-Tree safeguards that would otherwise work. Cisco does not have this behavior on its Trunk Ports.
The Configurations:
Cisco
-------
udld aggressive
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree extend system-id
errdisable recovery cause link-flap
errdisable recovery interval 60
interface GigabitEthernet1/0/1
description *** TEST ***
switchport access vlan 50
switchport voice vlan 70
switchport mode access
switchport port-security maximum 2
switchport port-security violation restrict
switchport port-security aging time 2
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
ARUBA
---------
spanning-tree
spanning-tree mode rpvst
spanning-tree extend-system-id
fault-monitor profile ERRDISABLE
excessive-link-flaps action notify-and-disable auto-enable 60
interface 1/1/1
description *** TEST ***
vlan trunk native 50
vlan trunk allowed 50,70
udld
udld mode rfc5171 aggressive
udld interval 15000
spanning-tree bpdu-guard
spanning-tree loop-guard
spanning-tree port-type admin-edge
port-access port-security enable
port-access port-security client-limit 2
port-access security violation action shutdown recovery-timer 60
apply fault-monitor profile ERRDISABLE
Current Conclusions:
-I have verified that UDLD works between the Cisco and HPE Aruba switch.
-I have verified that if the HPE Aruba switch has the port in "Access" mode that Spanning-Tree works. Just doesn't work in Trunk mode, which we need for the Voice/Access VLAN combo.
-I have verified that two Cisco Switches in Trunk mode still go errdisable as long as BPDU-Guard is enabled.
-Even in Access Mode, the Aruba Spanning-Tree is spotty at best, and UDLD usually kicks in before BPDU protections do.
Questions:
Is there a better way to do the Access/Voice VLAN on Aruba without losing Spanning-Tree?
Is this ignoring of Spanning-Tree lines intentional on Aruba switches if the port is in Trunk Mode?
Are there missing lines to allow STP to work properly?