Wired Intelligent Edge

Hi experts,

In a few days I have to implement the following scenario where I have a network where the management VLAN for IAPs is 800 and is tagged in the core:

For this to work I have to set the uplink management VLAN to 800 for each IAP. I wouldn't like to change the uplink management VLAN of each IAP, leave the default setting where the IAP management traffic will be untagged and which is the Aruba recommendation.

What can I do to not change the uplink management VLAN? Is the only way for this to work to change the uplink management VLAN in each IAP? By the way it will be tedious since I have a lot of IAPs.

The Aruba Instant VRD says "An uplink management VLAN is a “per AP” configuration and you must modify it only in an environment in which you cannot modify the native VLAN of a trunk to be functional."

I guess if a set the native VLAN to 800 on the trunks which connect to the IAPs, this scenario will not work because the native VLAN on the trunk connected to the core is different (VLAN 1). What do you think? Any other solution? Please help.

Many thanks in advance,

Julián

Set your management VLAN 800 as native/untagged on the switch ports that connect the IAPs.

It is not recommended to change the Management VLAN id in the IAP for the reasons you mention and more. If you need a specific VLAN on your infrastructure (800 in your case) to be the management VLAN for the IAP's, just put that as untagged/native on the IAP uplink ports. The IAP will internally see it as native VLAN and will not have notice of the actual VLAN id, but does not need that either.

Here an example for Aruba switches, where the AP connected to port 1 is assigned VLAN10 for management:

sw-workshop-01# show running-config interface 1
Running configuration:

interface 1
   tagged vlan 11-14
   untagged vlan 10

There is NO management VLAN configuration on the IAP side, leave that option default.

Hi Herman,

Many thanks for the clarification!

Regards,

Julián

Is this still the best case though? I have 12 Aruba IAP-215-US access points; they are all behind trunk ports with native 1, tagged: 2, 3, 100.
I want to move the Aruba's onto DHCP in VLAN100 for management, they currently are grabbing DHCP from VLAN 1 (native). The instant virtual contoller has a uplink management vlan option per access point and per vitrual controller. I could set that setting to vlan 100 to move them over right?

I have seen that it is recommened to set the native vlan on the trunk to your management vlan; in this case 100*. And I can see the benifit to that, like if an access point was system reset for some reason, it would grab VLAN100 natively again and not get stuck in VLAN 1. But my concern is having tagged VLAN 1 traffic over the trunks but also untagged VLAN 1 traffic on the network else where, as our switches use a native untagged VLAN 1. Would this be an issue? 

sw-workshop-01# show running-config interface 1Running configuration:interface 1   tagged vlan 11-14   untagged vlan 10

VLAN1 is a bit a strange thing on some types of equipment. I believe that technically you can tag VLAN id 1, but Instant APs consider VLAN 1 as untagged/native.

Since I started working in networking, I teached myself to avoid the use of VLAN1, and consider it as 'unconfigured'. Also because when you add new switches to your network, all ports by default are in VLAN1, which by this approach will not be functional until you configured the switch explicitly for another VLAN. You may try to get rid of VLAN1 in your environment.

sw-workshop-01# show running-config interface 1Running configuration:interface 1   tagged vlan 11-14   untagged vlan 10