Controllerless Networks

Greetings All, 

(Preface, please assume I know absolutely nothing)

I've recently purchased a 48 port Aruba S2500 Mobility Access switch. I am using it in conjunction with my PfSense router in my home network. 

I am only trying to set up one extra VLAN (VLAN 2), but am having trouble getting VLAN 1 (the default) and VLAN 2 to communicate. 

The first thing I do is set up VLAN 2 on my PfSense router, configure DHCP, and assign it's parent interface as my LAN port (Which is where the S2500 is plugged into). I assign the gateway for VLAN 2 as the starting IP in the address pool, which is 192.168.5.1, the rest of the pool starts at 192.168.5.100. Then I set up an allow all firewall rule on my VLAN2 interface (Any source to any destination), as well as an allow VLAN 2 rule on my LAN interface (Any VLAN2 net to any Lan net).

The Aruba S2500 automatically picks up the interface and the correct gateway address as well as the subnet mask, as well as the VLAN itself (Both in the CLI and the Web GUI).

guide me on how to get VLAN2 traffic from 0/0/37(where my router connects to the switch) to 0/0/1(my server), PLS. I can configure the rules properly after i have successful PING and DHCP! 

Thank you. 

EDIT: I should note the switch is running ArubaOS v 7.4.1.12. I have no idea what Instant OS is. I do not know what a controller is. 

Configure vlan 2 on switch first. Then untagged port 0/0/1 and 0/0/37 into vlan 2.

Could you give me a step by step to do so? through CLI or GUI ? 

Thank you. 

Cli configuration

Step 1 go to configure terminal

Step 2 create vlan 2 

Step 3 create switching profile for vlan 2

Step 4 add swswitching profile to port 0/0/1 and 0/0/37

Sent from Yahoo Mail on Android

Attachment(s)

ArubaOS 7.4 CLI Reference Guide.pdf   2.35 MB 1 version

I would avoid using VLAN1, and use a different number in production. Here is an example to configure the vlans 2,10,11 tagged on port 0/0/37 and port 0/0/1 in vlan 2, 0/0/2 in vlan 10, 0/0/3 in vlan 11:

interface-profile switching-profile "fw-trust"
   switchport-mode trunk
   trunk allowed vlan 2,10,11
!
interface-profile switching-profile "vlan2"
   access-vlan 2
!
interface-profile switching-profile "vlan10"
   access-vlan 10
!
interface-profile switching-profile "vlan11"
   access-vlan 11
!
interface gigabitethernet "0/0/37"
   description "Uplink to pfSense em0"
   switching-profile "fw-trust"
!
interface gigabitethernet "0/0/1"
   description "Server"
   switching-profile "vlan2"
!
interface gigabitethernet "0/0/2"
   switching-profile "vlan10"
!
interface gigabitethernet "0/0/3"
   switching-profile "vlan11"
!

The switch should be pure switching, so no IP addresses assigned except for management. All routing and firewalling should happen on the pfSense in this case. Create VLAN interface on the pfSense for 2, 10 and 11; and assign them to the physical interface of your pfSense to get the traffic sent tagged between firewall and S2500 switch.

Herman, you're a lifesaver.