Wired Intelligent Edge (Campus Switching and Routing)

Reply
Highlighted

Re: Aruba-2540 InterVlan Routing

All the basics are correct that I can see. I feel like something simple might be tripping you up here.

 

Are you testing with a single client? Or do you have a client in both VLANs 20 and 30 simultaneously? The ArubaOS Switch platform will disable the VLAN interface if there is no active link for that VLAN. The VLAN IP interface (SVI) will go down if you only have one client and are switching it over to test.

 

Could you show me the most recent output from 'show log -r' which would possibly verify this. You might see something like "vlan: Drucker virtual LAN disabled".

Highlighted
Occasional Contributor I

Re: Aruba-2540 InterVlan Routing

This is the result of show log -r

 

Spoiler

Aruba-2540-48G-4SFPP# show log -r
Keys: W=Warning I=Information
M=Major D=Debug E=Error
---- Reverse event Log listing: Events Since Boot ----
I 07/27/20 12:35:04 00001 vlan: Drucker virtual LAN enabled
I 07/27/20 12:35:04 00076 ports: port 32 is now on-line
I 07/27/20 12:35:01 00435 ports: port 32 is Blocked by STP
W 07/27/20 12:18:52 05228 activate: Received failure response from the Activate
server with status code: fail-prov-no-device
I 07/27/20 12:18:49 05226 activate: Successfully resolved the Activate server
address devices-v2.arubanetworks.com to 34.217.246.112.
I 07/27/20 12:18:49 05627 activate: Time sync with NTP server is successful.
I 07/11/20 19:40:53 05225 activate: Loading security certificates and
synchronizing time.
I 07/11/20 19:32:00 00179 mgr: SME SSH from 192.168.1.176 - MANAGER Mode
I 07/11/20 19:31:57 03362 auth: User 'Admin' logged in from 192.168.1.176 to SSH
session
I 07/11/20 19:31:25 00025 ip: DEFAULT_VLAN: ip address 192.168.1.163/24
configured on vlan 1
I 07/11/20 19:31:25 00083 dhcp: DEFAULT_VLAN: updating IP address and subnet
mask
I 07/11/20 19:31:14 00025 ip: DEFAULT_VLAN: ip address
fe80::8a3a:30ff:fe5c:7180/64 configured on vlan 1
I 07/11/20 19:31:13 00025 ip: Clients: ip address fe80::8a3a:30ff:fe5c:7180/64
configured on vlan 20
I 07/11/20 19:31:11 00001 vlan: DEFAULT_VLAN virtual LAN enabled
I 07/11/20 19:31:11 00076 ports: port 1 is now on-line
I 07/11/20 19:31:10 00001 vlan: Clients virtual LAN enabled
I 07/11/20 19:31:10 00076 ports: port 46 is now on-line
I 07/11/20 19:31:08 00828 lldp: PVID mismatch on port 2(VID 10)with peer device
port 18(VID 1)(1)
I 07/11/20 19:31:07 00435 ports: port 46 is Blocked by STP
I 07/11/20 19:31:07 00435 ports: port 2 is Blocked by STP
I 07/11/20 19:31:07 00435 ports: port 1 is Blocked by STP
I 07/11/20 19:31:03 02555 chassis: Co-processor Ready
I 07/11/20 19:31:01 03803 chassis: System Self test completed on 1-52
I 07/11/20 19:30:55 03802 chassis: System Self test started on 1-52
I 07/11/20 19:30:55 03401 crypto: Function POWER UP passed selftest.
I 07/11/20 19:30:55 04262 dhcp-server: All IP addresses are removed from the
conflict-logging database
I 07/11/20 19:30:55 04250 dhcp-server: DHCP server is enabled globally
I 07/11/20 19:30:54 02553 chassis: Loading of Co-processor OS image complete.
I 07/11/20 19:30:53 02552 chassis: Loading of Co-processor OS image in progress.
I 07/11/20 19:30:53 02550 chassis: Requesting Co-processor OS image location in
flash.
I 07/11/20 19:30:53 00066 system: System Booted
I 07/11/20 19:30:52 04274 dhcp-server: DHCP server is listening for DHCP packets
I 07/11/20 19:30:52 04255 dhcp-server: DHCP server is enabled on VLAN 30
I 07/11/20 19:30:52 04255 dhcp-server: DHCP server is enabled on VLAN 20
I 07/11/20 19:30:52 04260 dhcp-server: Conflict-logging is disabled
I 07/11/20 19:30:52 04257 dhcp-server: Ping-check configured with retry count =
2, timeout = 1
I 07/11/20 19:30:51 00410 SNTP: Client is enabled.
I 07/11/20 19:30:51 02633 SNTP: Client authentication is disabled.
I 07/11/20 19:30:51 00688 lldp: LLDP - enabled
I 07/11/20 19:30:51 00417 cdp: CDP enabled
I 07/11/20 19:30:51 04695 auth: Command authorization method set to none.
I 07/11/20 19:30:51 04695 auth: Command authorization method set to none.
I 07/11/20 19:30:51 00433 ssh: Ssh server enabled
I 07/11/20 19:30:51 00056 stp: Spanning Tree Protocol enabled
I 07/11/20 19:30:51 00463 ssl: SSL HTTP server enabled on TCP port 443
I 07/11/20 19:30:50 00110 telnet: telnetd service enabled
I 07/11/20 19:30:50 02638 srcip: SFLOW oper policy for IPv6 is 'outgoing
interface'
I 07/11/20 19:30:50 02637 srcip: SFLOW admin policy for IPv6 is 'outgoing
interface'
I 07/11/20 19:30:50 02638 srcip: SNTP oper policy for IPv6 is 'outgoing
interface'
I 07/11/20 19:30:50 02637 srcip: SNTP admin policy for IPv6 is 'outgoing
interface'
I 07/11/20 19:30:50 02638 srcip: TFTP oper policy for IPv6 is 'outgoing
interface'
I 07/11/20 19:30:50 02637 srcip: TFTP admin policy for IPv6 is 'outgoing
interface'
I 07/11/20 19:30:50 02638 srcip: TELNET oper policy for IPv6 is 'outgoing
interface'
I 07/11/20 19:30:50 02637 srcip: TELNET admin policy for IPv6 is 'outgoing
interface'
I 07/11/20 19:30:50 02638 srcip: SYSLOG oper policy for IPv6 is 'outgoing
interface'
I 07/11/20 19:30:50 02637 srcip: SYSLOG admin policy for IPv6 is 'outgoing
interface'
I 07/11/20 19:30:50 02638 srcip: RADIUS oper policy for IPv6 is 'outgoing
interface'
I 07/11/20 19:30:50 02637 srcip: RADIUS admin policy for IPv6 is 'outgoing
interface'
I 07/11/20 19:30:50 02638 srcip: SFLOW oper policy is 'outgoing interface'
I 07/11/20 19:30:50 02637 srcip: SFLOW admin policy is 'outgoing interface'
I 07/11/20 19:30:50 02638 srcip: SNTP oper policy is 'outgoing interface'
I 07/11/20 19:30:50 02637 srcip: SNTP admin policy is 'outgoing interface'
I 07/11/20 19:30:50 02638 srcip: TFTP oper policy is 'outgoing interface'
I 07/11/20 19:30:50 02637 srcip: TFTP admin policy is 'outgoing interface'
I 07/11/20 19:30:50 02638 srcip: TELNET oper policy is 'outgoing interface'
I 07/11/20 19:30:50 02637 srcip: TELNET admin policy is 'outgoing interface'
I 07/11/20 19:30:50 02638 srcip: SYSLOG oper policy is 'outgoing interface'
I 07/11/20 19:30:50 02637 srcip: SYSLOG admin policy is 'outgoing interface'
I 07/11/20 19:30:50 02638 srcip: RADIUS oper policy is 'outgoing interface'
I 07/11/20 19:30:50 02637 srcip: RADIUS admin policy is 'outgoing interface'
I 07/11/20 19:30:50 02638 srcip: TACACS oper policy is 'outgoing interface'
I 07/11/20 19:30:50 02637 srcip: TACACS admin policy is 'outgoing interface'
I 07/11/20 19:30:50 00690 udpf: DHCP relay agent feature enabled
I 07/11/20 19:30:50 02604 dhcpv6r: Inclusion of client link-layer address in
DHCPv6 relay message is disabled.
I 07/11/20 19:30:50 00965 dhcpv6c: DHCPv6 client has been enabled on Vlan-id: 1
M 07/11/20 19:30:49 02797 chassis: Internal power supply 1 is OK. Total fault
count: 0.
M 07/11/20 19:30:49 02796 chassis: Internal power supply 1 inserted. Total fault
count: 0.
I 07/11/20 19:30:49 02759 chassis: Savepower LED timer is OFF.
I 07/11/20 19:30:49 02712 console: USB console cable disconnected
I 07/11/20 19:30:49 02712 console: USB console cable disconnected
M 07/11/20 19:30:49 00064 system: Operator warm reload.
I 07/11/20 19:30:49 00063 system: Member 1 went down: 07/11/20 19:30:34
I 07/11/20 19:30:49 00061 system: -----------------------------------------
I 07/11/20 19:30:49 05578 profile-manager: With this SW release the poe-value
field is not allowed to be set when poe-alloc-by is not value.
Changing to default value of 17w.
I 07/11/20 19:30:48 03803 chassis: System Self test completed on Master
I 07/11/20 19:30:48 03802 chassis: System Self test started on Master
I 07/11/20 19:30:48 03803 chassis: System Self test completed on Master
I 07/11/20 19:30:48 03802 chassis: System Self test started on Master
---- Top of Log : Events Listed = 88 ----
Highlighted
MVP Guru

Re: Aruba-2540 InterVlan Routing

With "clients can't reach the gateway", do you mean that the can't ping to 192.168.1.10?

 

Also, I understand that the clients in VLAN20 can ping clients in VLAN30 (and vice-versa)?

 

Can the clients in VLAN20/30 ping to the switch in it's default VLAN (192.168.1.163)?

 

If you can ping between the VLANs, and ping addresses on the switch, but not to and beyond the router, does the router have routes back to the subnets for vlan 20/30? It seems not, as the IP on the default VLAN is 1. The router needs to have a route back otherwise the packets for 10.1.x.x will go out of its default route which is towards the ISP.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Highlighted
Occasional Contributor I

Re: Aruba-2540 InterVlan Routing

Hi,

 

the VLAN 20/30 can't reach the 192.168.1.163 IP.

 

what i have to do, if i have only a mpls router from the ISP?

I can't configure the mpls router

 

 

Highlighted
MVP Guru

Re: Aruba-2540 InterVlan Routing

You will need to get the subnets for VLAN 20 and 30 routed by your MPLS provider or use subnets that are already routed by your ISP to your switch (if any). One possible alternative is to put a NAT device between your switch and the ISP router, but with just the switch you can't add additional IP subnets, but that is probably not what you want.

 

Seems you will need to work with your ISP to get the additional VLANs routed.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Highlighted

Re: Aruba-2540 InterVlan Routing

Hi Geh,

You should should be able to make ping from the 2540 to any station in any of your VLANs (1,20,30). If so, your virtuals interfaces on the 2540 are up and forwarding. 

You have configured your default route to your default gateway (192.168.1.10) with these commands:

ip default-gateway 192.168.1.10
ip route 0.0.0.0 0.0.0.0 192.168.1.10

I would use just only one, both do the same, so, just in case, delete one of them.

If you could ping from any station in any VLAN to any other station in another VLAN (avoid doing it from any router as the source or the destination for the ping command), then your 2540 is routing correctly among all your VLANs directly connected to your 2540.

 

Now go to any station in VLAN 20 and make a trace route to any station behind your MPLS network (behind your default gateway 192.168.1.10), if you cannot see answers from any hop farther than your 2540, it would mean that your default gateway 192.168.1.10 does not know the next hop to return packets to VLAN 20, and it is routing towards any other gateway. So, as Herman said, I think you should talk to your provider in order to add the return routes in your default gateway and the MPLS behind it.

 

Regards


PS: If you feel this information is useful and solved your question or problem, please do not forget to mark it as a solution and give me some kudos.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: