Wired Intelligent Edge

Need help getting my 2930F in central. I have an AP345 and 2930F on the same network and my AP shows online but my switch shows offilne (Although oddly it has a green dot in device inventory). Both have been added with serial/mac and licenses applied.

Switch has basic config static IP, NM, GW, and DNS with very little other config. Is there something I'm missing? Activate isn't required is it as I assume this is for ZTP only. I read somewhere that "device.arubanetworks.com" needs to resolve but that doesn't seem to be accessible as you can see below.

Aruba-2930F-8G-PoEP-2SFPP# ping google.com
google.com is alive, time = 55 ms
Aruba-2930F-8G-PoEP-2SFPP# ping yahoo.com
yahoo.com is alive, time = 78 ms
Aruba-2930F-8G-PoEP-2SFPP# ping device.arubanetworks.com
Request timed out.
Aruba-2930F-8G-PoEP-2SFPP#

Hi daflava190,

Activate is important for all devices to connect to central, as activate will send the information to each device, which central instance is the correct one. 

But as tested by myself while writing this, activate is not reachable. I think there is some maintenance going on. We should wait until Activate is reachable again and then you should check the output of 

show activate provision

Not sure I follow here, so an AP can instantly get into central without activate when I put in serial/mac as that's what i've done but a switch has to use activate although serial/mac is in central? I went to activate and only option for switch is to airwave and even with that I'm not sure how I'd tell activate to push my device to central since I can't use IP or DNS.

For show activate provision no key would show without "activate provision force" even after reboots etc. I see this as a problem if activate has issues and I can't just put things in central which is online. Also shoudl I not be able to ping device.arubanetworks.com?

Aruba-2930F-8G-PoEP-2SFPP# show activate provision

Configuration and Status - Activate Provision Service

Activate Provision Service : Enabled
Activate Server Address : device.arubanetworks.com
Activation Key : YRGSAUVL
Aruba-2930F-8G-PoEP-2SFPP# show aruba-central

Configuration and Status - Aruba Central

Server URL : None
Connected : No
Mode : NA
Last Disconnect Time : NA
Aruba-2930F-8G-PoEP-2SFPP# ping device.arubanetworks.com
Request timed out.
Aruba-2930F-8G-PoEP-2SFPP# ping arubanetworks.com
arubanetworks.com is alive, time = 71 ms

hi daflava190,

The switch is able to communicate to activate successfully. You know, because the switch has a Cloud Activation Key:

Activation Key : YRGSAUVL

Are you sure, the switch is added to your central account? Does the switch has a valid subscription? 

What does the log of the switch is telling you? 

So turns out my major issue was I added a different switch serial/mac and didn't realize so the switch I was bringing up wouldn't get to central because it wasn't in central...

I do have one other issue I'm trying to solve switch related, best practice would be not to use VLAN 1 but when I make a VLAN like 10 for example and set it to "ip address dhcp-bootp" as I'd like it to be assigned from my router than statically assign it never gives the default gateway or DNS unless its on VLAN 1.

Examples (MGMT = VLAN 10)

2930F-01(config)# show ip

Internet (IP) Service

IP Routing : Disabled

Default Gateway : 192.168.1.1
Default TTL : 64
Arp Age : 20
Domain Suffix : routerlogin.net
DNS server : 192.168.1.1

| Proxy ARP
VLAN | IP Config IP Address Subnet Mask Std Local
-------------------- + ---------- --------------- --------------- ----------
DEFAULT_VLAN | DHCP/Bootp 192.168.1.41 255.255.255.0 No No
MGMT | DHCP/Bootp
LAN_WLAN | Disabled

2930F-01(config)# show ip

Internet (IP) Service

IP Routing : Disabled

Default Gateway :
Default TTL : 64
Arp Age : 20
Domain Suffix :
DNS server :

| Proxy ARP
VLAN | IP Config IP Address Subnet Mask Std Local
-------------------- + ---------- --------------- --------------- ----------
DEFAULT_VLAN | DHCP/Bootp
MGMT | DHCP/Bootp 192.168.1.41 255.255.255.0 No No

LAN_WLAN | Disabled

Also it seems that when I assign port 1 and port 8 in VLAN 10 both untagged which should be standard access port I don't get DHCP to a device although the router is doing DHCP in the VLAN, only works in VLAN 1. I feel like I'm completely missing something here!

can share the port config of the port, where the router is connected to? Does this port is also configured for VLAN 10 untagged? 

Router on port 1 doing DHCP for MGMT, AP port 7 doing DHCP for everything else, Client on port 10 (although I've moved ports around untagged) Idea is to get everythign off VLAN1, put switch/AP/router on MGMT VLAN 10 allwoing router to do DHCP and eventually rest of the switch will be on VLAN 20 LAN_WLAN with AP doing DHCP.

hostname "2930F-01"
module 1 type jl258a
aruba-central disable
include-credentials
password manager user-name "admin" sha1
"9df3343f45e54709985a1dbf1aa2b3a895fd5537"
snmp-server community "public" unrestricted
snmpv3 engineid "00:00:00:0b:00:00:38:21:c7:b9:46:20"
vlan 1
name "DEFAULT_VLAN"
no untagged 1,6-10
untagged 2-5
ip address dhcp-bootp
ipv6 enable
ipv6 address dhcp full
exit
vlan 10
name "MGMT"
untagged 1,7,10
tagged 8-9
ip address dhcp-bootp
exit
vlan 20
name "LAN_WLAN"
untagged 6,8-9
tagged 7
no ip address
exit
allow-unsupported-transceiver
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
no dhcp tr69-acs-url

Ok, so client, AP, switch and router are all in VLAN 10 and the client, nor the AP is getting an IP from the router? correct? 

Correct essentially I'm just trying to get everything of VLAN 1 to VLAN 10 using DHCP from my router which will live on VLAN 10 as well. The AP and any client like a laptop will get an IP, GW, and DNS but the switch itself will only get an IP in VLAN 10 but no GW/DNS server so that's an issue with me using VLAN 10 connecting up to an ISP in this case an LTE router giving a DHCP address.

So I spent almost all day with TAC, two seperate engineers. Neither could really say if this should be a possibility to populate GW/DNS if not using VLAN1. Took packet captures from both VLAN 1 and 10 and both show my DHCP server issuing options 3 and 15 which are router/DNS settings only VLAN 1 takes these. They are shooting these logs up to engineering it seems. Guess update if they find something....

That's really strange, as, from my point of view, this should happen in every VLAN. But one thing came into my mind. Did the switch support this command:

management-vlan 10

same idea like florian about management vlan...

"management-vlan 10" did work on the switch but still no GW/DNS

Internet (IP) Service

IP Routing : Disabled

Default Gateway :
Default TTL : 64
Arp Age : 20
Domain Suffix :
DNS server :

| Proxy ARP
VLAN | IP Config IP Address Subnet Mask Std Local
-------------------- + ---------- --------------- --------------- ----------
DEFAULT_VLAN | DHCP/Bootp
VLAN10 | DHCP/Bootp 192.168.1.40 255.255.255.0 No No

Need don't have a management vlan X

from the display, there is a no default gateway

what do you have with show ip route ?

TAC finally came back, wish they would have known this from the two different engineers and 8hrs of troubleshooting as it's something simple.

Resolved by doing "primary-vlan VLAN-ID"

this was my second thought but management VLAN popped up before that. 

is that "primary vlan VLAN-ID" done on CLI or on Central gui? I also need to onboard switches not using vlan1  as connection to central

Anyone has a how to?  Better with template or with a cli snippet?

still searching how to activate another vlan as primary from central without loosing the central connection or config, in central is the option not available 

Last Central update includes the option for primary vlan in GUI