Wired Intelligent Edge

Have 2 seperate 2930M stacks both having an issues peering with 2 different OSFP peers at the same time.

So the below vlan 2008 is working fine and peers ok with Comware switch 1(Peer1) but Vlan 2009 sits in INIT state going to switch 2(Peer2) and i cannot even ping the peer IP address.

If i shut down 1/48 VLan 2009 peer comes up fine and OSPF then works fine but it would appear both cannot peer at the same time?

 

vlan 2008
tagged 1/48
ip address 172.31.255.42 255.255.255.252
ip ospf 172.31.255.42 area backbone
ip ospf 172.31.255.42 md5-auth-key-chain "1"
ip ospf 172.31.255.42 cost 100

vlan 2009
tagged 2/47
ip address 172.31.255.38 255.255.255.252
ip ospf 172.31.255.38 area backbone
ip ospf 172.31.255.38 md5-auth-key-chain "1"
ip ospf 172.31.255.38 cost 65500
ip ospf 172.31.255.38 network-type point-to-point

What do you have on the log ?

---- Reverse event Log listing: Events Since Boot ----
I 01/28/20 10:25:05 00001 vlan: ST1-CMDR: OSPF-2-SIMMS virtual LAN enabled
I 01/28/20 10:25:05 00076 ports: ST1-CMDR: port 2/48 is now on-line
I 01/28/20 10:25:03 00435 ports: ST1-CMDR: port 2/48 is Blocked by STP

 

Nothing else in the logs, could it be spanning tree?

 

interface 2/48
tagged vlan 2009
untagged vlan 1
exit

Yes, the port is blocked by Spanning Tree...

 

Check if you don't have a loop...

May be better to use access port ? (and disable spanning tree ?)

But the port goes into blocking first then forwarding so that does not appear to the be issue?

 

2/48 1000LX | 20000 128 Forwarding | 883a30-93e4ca 2 Yes No

ok ! on it is on the reverse :)

 

what do you have on show ip ospf neighbor ?

I only see 1 peer connection to my working switch 1 nothing to switch 2, cant even ping switch 2 until i disable the link to switch 1

 

i see that you untagged vlan 1 on one of the uplink ports,did you to that on both ports? you must remove that otherwise a loop is detected on vlan 1, that's why only one interface at a time works, propably the peer is blocking. Check both spanning tree and loop detect.

 

Before troubleshooting anythong with ospf, make sure your mac and ip connectivity are good, so: make sure you can ping your ospf peer and learn the mac-adress of the peers on both ports.

 

Can you validate the untagged vlan 1 with:

show run in 1/48

show run in 2/47

 

Please verify it on the peer as well.

Yes i have it untagged on all 4 interfaces.

If is shutdown the interface on peer switch1 then OSPF forms on sw2 fine everthing can be pinged fine.

 

Nothing obivious so its a limitation in the switch or a misconfiguation 

I think what Fabian meant was with all the interfaces up (not shut) you should be able to ping each peers IP address. If you can't do that, then OSPF neigbors will never form

If these are just going to be layer 3 connected interfaces, i'd recommend making them access ports as well. If you really want to have layer 3 connectivity and trunk VLANs across, I think creating a trunk group would be the better path

trunk 1/48 trk1 trunk
vlan 2009 tagged trk1

If both interfaces are up, what happens if you run
show mac-address 1/48
show mac-address 2/47

 

 

 

 

Is it not an access port now as it is only tagged 1 vlan or is there a command i need to run?

 

I can only not ping to switch2 when the peer to switch 1 is up so it is like there is connectivity but something only allows 1 peer up at a time.

I saw this comment and thought was your whole configuration

---

@preddy1980 wrote:

interface 2/48
tagged vlan 2009
untagged vlan 1
exit

---

My apologies.

I read through your initial configuration again. Do you need two OSPF Areas? I believe the 2930 series is limited to one OSPF area, and 8 neighbors.

 

See here

https://community.arubanetworks.com/t5/Wired-Intelligent-Edge-Campus/Access-OSPF-2930F/td-p/281002

 

 

router ospf
area backbone
redistribute connected
enable
exit

 

So we only have 1 area?

vlan 2008
name "OSPF-2-MGMT"
tagged 1/48
ip address 172.31.255.42 255.255.255.252
ip ospf 172.31.255.42 area backbone
ip ospf 172.31.255.42 cost 100
exit
vlan 2009
name "OSPF-2-SIMMS"
tagged 1/47,2/47-2/48
ip address 172.31.255.38 255.255.255.252
ip ospf 172.31.255.38 area backbone
ip ospf 172.31.255.38 cost 65500
ip ospf 172.31.255.38 network-type point-to-point
exit

Would you mind sharing the output of these commands with both interfaces up?

 

show spanning-tree 1/48

show spanning-tree 2/47

 

show mac-address 1/48

show mac-address 2/47

 

show arp vlan 2008

show arp vlan 2009

 

show ip ospf general

 

show ip ospf neighbor detail

 

 

The other thing we can try is getting more logging information

debug destination buffer

debug ip ospf

 

show debug buffer

 

If you do the debug, make sure you turn it off when you've collected the appropiate logs

 

no debug destination buffer

 

 

HPE2930M-CRAD# show spanning-tree 1/48

Multiple Spanning Tree (MST) Information

STP Enabled : Yes
Force Version : MSTP-operation
IST Mapped VLANs : 1-4094
Switch MAC Address : 883a30-93e4ca
Switch Priority : 32768
Max Age : 20
Max Hops : 20
Forward Delay : 15

Topology Change Count : 29
Time Since Last Change : 4 days

CST Root MAC Address : 943fc2-d4f1b0
CST Root Priority : 0
CST Root Path Cost : 20001
CST Root Port : 1/48

IST Regional Root MAC Address : 883a30-93e4ca
IST Regional Root Priority : 32768
IST Regional Root Path Cost : 0
IST Remaining Hops : 20

Root Guard Ports :
Loop Guard Ports : 1/1-1/44,2/1-2/44
TCN Guard Ports :
BPDU Protected Ports : 1/1-1/44,2/1-2/44
BPDU Filtered Ports :
PVST Protected Ports :
PVST Filtered Ports :

Root Inconsistent Ports :
Loop Inconsistent Ports :

| Prio | Designated Hello
Port Type | Cost rity State | Bridge Time PtP Edge
----- ---------- + --------- ---- ------------ + ----------------- ---- --- ----
1/48 1000LX | 20000 128 Forwarding | 943fc2-b78946 2 Yes No

HPE2930M-CRAD# show spanning-tree 2/48

Multiple Spanning Tree (MST) Information

STP Enabled : Yes
Force Version : MSTP-operation
IST Mapped VLANs : 1-4094
Switch MAC Address : 883a30-93e4ca
Switch Priority : 32768
Max Age : 20
Max Hops : 20
Forward Delay : 15

Topology Change Count : 29
Time Since Last Change : 4 days

CST Root MAC Address : 943fc2-d4f1b0
CST Root Priority : 0
CST Root Path Cost : 20001
CST Root Port : 1/48

IST Regional Root MAC Address : 883a30-93e4ca
IST Regional Root Priority : 32768
IST Regional Root Path Cost : 0
IST Remaining Hops : 20

Root Guard Ports :
Loop Guard Ports : 1/1-1/44,2/1-2/44
TCN Guard Ports :
BPDU Protected Ports : 1/1-1/44,2/1-2/44
BPDU Filtered Ports :
PVST Protected Ports :
PVST Filtered Ports :

Root Inconsistent Ports :
Loop Inconsistent Ports :

| Prio | Designated Hello
Port Type | Cost rity State | Bridge Time PtP Edge
----- ---------- + --------- ---- ------------ + ----------------- ---- --- ----
2/48 1000LX | 20000 128 Forwarding | 883a30-93e4ca 2 Yes No

|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
show mac-address 1/48

Status and Counters - Port Address Table - 1/48

MAC Address VLANs
----------------- ------------
4caea3-2ee50a 1
943fc2-b78967 2008

show mac-address 2/48

Status and Counters - Port Address Table - 2/48

MAC Address VLANs
----------------- ------------
943fc2-68eed0 1

|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

show arp vlan 2008

IP ARP table - VLAN 2008

IP Address MAC Address Type Port
--------------- ----------------- ------- ----
172.31.255.41 943fc2-b78967 dynamic 1/48

HPE2930M-CRAD# show arp vlan 2009

IP ARP table - VLAN 2009

IP Address MAC Address Type Port
--------------- ----------------- ------- ----

||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
show ip ospf general

OSPF General Status

OSPF protocol : enabled
Router ID : 10.53.181.3
RFC 1583 compatibility : compatible

Intra-area distance : 110
Inter-area distance : 110
AS-external distance : 110

Default import metric : 10
Default import metric type : external type 2
Global Reference cost : 0
Area Border : no
AS Border : yes
External LSA Count : 4
External LSA Checksum Sum : 68959
Originate New LSA Count : 8
Receive New LSA Count : 6

Graceful Restart Interval : 120
Graceful Restart Strict-Lsa Checking : Enabled
Nonstop forwarding : Disabled
Log Neighbor Adjacency Changes : Enabled

SPF Throttling

Start Interval : 0
Wait Interval : 0
Maximum Wait Time : 0
Current Wait Interval : 5

||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

show ip ospf neighbor detail

OSPF Neighbor Information for neighbor 172.31.255.41

IP Address : 172.31.255.41
Router ID : 172.31.255.49 State : FULL
Interface : vlan-2008 Designated Router : 172.31.255.41
Area : backbone Backup Designated Router : 172.31.25...
Priority : 1 Retransmit Queue Length : 0
Options : 0x42 Neighbor Uptime : 4days
Events : 7 Dead Timer Expires : 31 sec

 

---

@preddy1980 wrote:

4caea3-2ee50a 1
943fc2-b78967 2008

show mac-address 2/48

Status and Counters - Port Address Table - 2/48

MAC Address VLANs
----------------- ------------
943fc2-68eed0 1

|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

 

---

This seems interesting for a few reasons. First, I had thought your previous post had said these were set as access ports, but 1/47 appears to have mac address' on 2 different vlans?

What's the output of these commands?

show run int 1/47

show run int 2/47

 

show loop-protect

 

Do you need VLAN 1 to be across all the interfaces? What's the use case of that?

 

 

You probably saw that while interface 1/47 has 2 mac address, one on VLAN 1 and one on VLAN 2008, interface 2/48 only has 1 mac address, on VLAN 1. Since the switch never learns a MAC-Address on VLAN 2009, it'll never ARP, and then from there form the OSPF neighbor. My first guess would be a VLAN tagging issue or a loop-protect issue

 

Sorry just for clarity interfaces in use are 1/48 and 2/48

So we have tagged the Vlans 2008 and 2009 on the interfaces but untagged Vlan 1 and on the 5510 switches on other end we have them set as a trunk.

Little new to Aruba OS should i set ports as a trunk or how do i set as access port if not using the untagged command?

5510:   

description *** To CRAD ***
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2009

 

Running configuration:

interface 1/48
tagged vlan 2008
untagged vlan 1
exit

 

show run int 2/48

Running configuration:

interface 2/48
tagged vlan 2009
untagged vlan 1
exit

||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

sh loop-protect

Status and Counters - Loop Protection Information

Transmit Interval (sec) : 5
Port Disable Timer (sec) : Disabled
Loop Detected Trap : Disabled
Loop Protect Mode : Port
Loop Protect Enabled VLANs :

Loop Loop Detected Loop Time Since Rx Port
Port Protect Detected on VLAN Count Last Loop Action Status
------ ------- -------- --------- ------ ----------- ------------- --------

I've never used a 5500, so just to clarify

description *** To CRAD ***
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2009

 

That is only making VLAN 2009 tagged, with no untagged VLAN? And both sides have that same exact config, just with appropiate VLAN?

There are 2 ways to accomplish what you want on the Aruba's, however I'm not sure which is best practice...

1) - This way will only make the interface send out the tagged VLAN

interface 1/48

no untagged vlan 1

interface 2/48

no untagged vlan 1

 

2) This creates a new logical interface (trk#), and then tags a VLAN onto that. 

trunk 1/48 trk1 trunk

vlan 2008 tagged trk1

trunk 2/48 trk2 trunk

vlan 2009 tagged trk1

 

Before you do those, it might be worthwhile to try this command just to see if it makes any difference

vlan 2009 untagged 2/48

 

After that command, I'd shut the interface, bring it back up, and see if the neighbor joins. (I realize that probably isn't the way you want the setup to be, but I'm curious to see if maybe one of the 5505s is sending an untagged VLAN, while the Aruba is expecting a tagged)

 

 

 

So i removed vlan 1 from the 2 interfaces and now i only see 1 mac address on each interface.

I shut down the interface on both 2/48 and the remote end and still i cannot ping the peer 2 until i disable the port 1/48 to peer 1.

 

I may have to try the trunk configuration 

 

 

So you saw one mac address on each interface?  on 2/48 was it showing up on VLAN 2009, or VLAN 1?

 

If it was showing as VLAN 1, I'd try this

 

vlan 2009 untagged 2/48

please do not mistake: the trunk on the 5500 is not the same as a trunk on aruba, a trunk on aruba is a etherchannel, trunk on 5500 means you are using vlan tagging.
 
you should not configure any trunk on aruba, remove that if you are not using etherchannels/lacp.
 
for aruba:
- remove all trunks 
- configure 2 interfaces individualy on aruba:
interface 1/48
tagged vlan 2008
no untagged vlan 1



interface 2/48
tagged vlan 2009
no untagged vlan 1
 
on the 5500, configure 2 ports:
 
port 1, connect to aruba 1/48:
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2008
 
port2, connect to aruba 2/48
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2009
 after that:
- verify link status (link up, no stp blocking)
- verify mac-adress on the port for the vlan
- verifiy ip connectivity

I am seeing the MAC addresses in vlans 2008 only not 2009 or any arp entries no Vlan 1.

I have not enabled the trunk on Aruba so I have configured as above.
STP has the ports forwarding on Aruba switch.

Config on 5510 has above settings as a trunk but I think with IP on the interface but will check in the morning.

description *** To CRAD ***
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2009

 

interface Vlan-interface2009
description *** To CRAD ***
ip address 172.31.255.37 255.255.255.252
ospf cost 65500
ospf network-type p2p