Wired Intelligent Edge

Hi,

I'm trying to understand why the 8320 doesn't let me use the ID 4094.

As per docs, pg 21 Aruba 8320 Layer 2 Bridging Guide for ArubaOS-CX 10.01 just the IDs VLAN 1-4040 are avaliable.

Version : TL.10.00.0008
Build Date : 2018-02-15 11:00:41 PST
Build ID : ArubaOS-CX:TL.10.00.0008:4d4e3b0caef5:201802151853
Build SHA : 4d4e3b0caef546ab5e2b6a4e4c99e8947b55fdff
Active Image : secondary

We have the ID 4094 as the management VLAN. The old 5500 use this ID for management.

Is there any workaroud?

Interesting, it looks like the admitted range is really 1-4040...I noticed that the creation of any VLAN from 4041 to 4094 is not permitted (is the range 4041-4094 internally reserved?) providing the message you saw "Ignoring the operation on internal VLAN(s) x" where x is any VLAN between 4041 included and 4094 included.

So, you beleve that I cannot use the 4094 for management VLAN?

There are quite a few switch using the 4094 as management VLAN. Is there any workaround?

Hello,

Yes, this is correct.

On 8320: 1-4040 can be used for VLAN. 4041-4094 are reserved VLANs and can't be used for any purpose than what they are reserved for.

On 8400: 1-4094 can be used. Reserved VLANs are in a separate range (8000~, you may see that range using the API to list the VLANs).

This is no workaround to use 4094 on 8320.

Regards,

Vincent

Interesting that we can't find any information for what reason there are reserved VLANs on 8340.

The next test I'm going to do is to check if it can a least "pass the tag" to a trunk port from one switch to another.

Just to let you know.

It doesn't pass any traffic on 4094.

---

@vincent.giles wrote: On 8320: 1-4040 can be used for VLAN. 4041-4094 are reserved VLANs and can't be used for any purpose than what they are reserved for.

---

Hello Vincent, that's interesting...just curious, a question: why then on Aruba 8320 the show capacities vlan-count CLI Command (which is supposed to show the maximum number of VLANs supported in the system) still outputs 4094?

This is because they are used internally. That being said, it is good feedback and there is on-going CLI improvment to get better clarity.

Regards,

Vincent

There will be an update on this thread for reserved-vlan in a couple of weeks.

In 10.5, internal VLANs range is now configurable.

To be extremely clear:

ArubaOS-CX 10.5, in comparison to previous versions, permits to modify the default VLAN IDs range (4041-4094, 54 continuous IDs) internally used by Aruba 8320 switch in order to be able to reuse exactly those VLAN IDs.

Internally reserved VLAN IDs' range - made of 54 VLAN IDs - can't be "avoided" on Aruba 8320: it's mandatory.

Does relocation need to be, like-for-like, by selecting another continuous range of 54 VLAN IDs or the range should be extended/shrank due to particular consideration related to route-only/LAG ports? say example 1000-1053 instead of 4041-4094?

ArubaOS-CX 10.5 CLI manual specifies only that "The reserved range must be between 2 and 4094 and cannot exceed 256 VLANs. Default: 4041-4094." but also it warns "If the number of internal VLANs is less than the number of route-only ports and LAGs, some ports will be blocked and unable to be used." at the point that setting the range to be none (with the system internal-vlan-range none command) that warning become an explicit "All route-only ports and LAGs will be blocked.".

I'm guessing If a particular Aruba 8320 scenario hasn't any route-only ports or any LAGs (apart of having VSX LAGs!)...can the internal-vlan-range be safely disabled with the above command? or the reference about LAG includes VSX LAG?