Wired Intelligent Edge

HP Aruba 2530 (J9780A):

 

Bit of a broad question however I have created the attached configuration between my two switches with a voice VLAN configuration (and default for data) with little issue or complaint (config screenshot attached).

 

The uplink/tagged port between the 2 switches has been configured and is working fine (phones pick up the correct IP addresses, QoS tags and VLAN ID).

 

I was just keen to know if I was missing any setup features commonly used when uplinking 2 Aruba switches together - is there anything I can add to the configuration ? (LACP for example) what are the best practises on Aruba switches for these types of connections to give optimum performance ?

 

Thanks in advance.

Sanitized running configurations (of both Switches) and the output of show lldp info remote-device (executed on Switch 1 or on Switch 2) would be of great help to give your request a proper context.

Thanks for responding.

 

This is the output of the LLDP-MED command posted for an IP Phone.

Is this what you are looking for ?

Not interested about LLDP-MED, the command is: show lldp info remote-device.
Paste the sanitized output inside a code section inside your reply (avoid attaching screenshots for pure text outputs).

The results are as follow:

 

Switch 1 (closest to the firewall):

 

LLDP Remote Devices Information

LocalPort | ChassisId PortId PortDescr SysName
--------- + ------------------ ------------------ --------- ------------------
7 | 48 2a e3 25 1b 28 48 2a e3 25 1b 28
9 | 1c 98 ec 46 14 90 9 9 HP-2530-8-PoEP

 

Switch 2 (down the link and servicing the phones)

 

 LocalPort | ChassisId PortId PortDescr SysName
--------- + ------------------------- ------ --------- ----------------------
1 | 0.0.0.0 80 ... WAN PORT SIP-T46S
1 | T46S805EC052BE7B WAN...
9 | 94 f1 28 68 33 d0 9 9 HP-2530-8-PoEP

 

Please note that I am currently only testing with one laptop and one phone plugged into the necessary switches.

Well, from what I'm seeing one thing is sure: interface 9 (RJ45 Copper 9T or SFP Transceiver 9S) on both ends is devoted to Switches interconnection.

 

Interface 9 is Untagged member of VLAN 1 (Default) and Tagged member of VLAN 40 (dedicated and configured for Voice).

 

On the Switch (or on both Switches, if you need to use VoIP Terminals on both) you named "Switch 2 (down the link and servicing the phones)" I expect all remaining ports (1-8 eventually including port 10 too) to be tagged members of VLAN 40 (Voice).

 

But I think you reversed the references (Switch 2 looks the one with ports 1-10 all untagged members of VLAN 1 and with ports 9-10 tagged members of VLAN 40...where instead Switch 1 has ports 1-10 tagged members of VLAN 40 and ports 9-10 untagged members of VLAN 1, ports 1-8 are simply no untagged, so orphaned of VLAN 1...that summarizing data you posted).

 

Switch 1 (closest to the firewall):
Port	VLAN 1		VLAN 40 (Voice)
1			Tagged
2			Tagged
3			Tagged
4			Tagged
5			Tagged
6			Tagged
7			Tagged
8			Tagged
9	Untagged	Tagged
10	Untagged	Tagged

Switch 2 (down the link and servicing the phones)
Port	VLAN 1		VLAN 40 (Voice)
1	Untagged		
2	Untagged	
3	Untagged		
4	Untagged		
5	Untagged		
6	Untagged	
7	Untagged		
8	Untagged		
9	Untagged	Tagged
10	Untagged	Tagged

Port 9, from interconnection standpoint, looks good (you, eventually, can aggregate 9 with 10 to form trk1 by using LACP and then re-apply VLAN untagging/tagging directly - and only - on new logical trk1 port).

 

The "Switch 1 (closest to the firewall)" (I suggest you to change Switches' names accordingly - like sw-1 and sw-2 - with the command hostname, that's to avoid confusion) looks using port 7 to connect to Firewall/Router...if so it looks transporting only VLAN 40 tagged on this uplink. Not having the full view...I just quit here.

Thank-you for the very thorough response, I have for clarity attached a diagram of my setup currenlty and yes the remote switch I would like to use for voice and the primary (closest to the router) for data.

 

Correct, port 9 is the interconnection between the switches and I have created the ports as tagged ports (in both VLAN's despite the fact I dont really need to).

 

You are right, the remote switch should really only be for VLAN 40 voice but I am just thinking in the instance perhaps that maybe another switch is added to the link that could require both voice/data (daisy chaining) or data only.

 

Thank-you for your point:

 

"you, eventually, can aggregate 9 with 10 to form trk1 by using LACP and then re-apply VLAN untagging/tagging directly - and only - on new logical trk1 port"

 

This is what I was asking for, information on LACP/Trunking as at least with Aruba this is a new topic for me - if you can offer a little guidance on the correct setup I can simply follow the guide (Aruba is very well supported so have no issues doing this).

 

To clarify also on the data switch (closes to the firewall) it is the uplink port 10 that is connected to our firewall/router. I have made the below changes to the configuration however so we have a clear voice/data split.

 

switch_1_data# show lldp info remote-device

LLDP Remote Devices Information

LocalPort | ChassisId PortId PortDescr SysName
--------- + ------------------------- ------ --------- ----------------------
7 | 48 2a e3 25 1b 28 48 ...
9 | 94 f1 28 68 33 d0 9 9 switch_2_voice

 

switch_2_voice# show lldp info remote-device

LLDP Remote Devices Information

LocalPort | ChassisId PortId PortDescr SysName
--------- + ------------------ ------------------ --------- ------------------
1 | 0.0.0.0 80 5e c0 52 be 7b WAN PORT SIP-T46S
1 | T46S805EC052BE7B WAN PORT T46S
9 | 1c 98 ec 46 14 90 9 9 switch_1_data

I think you assigned Switch's name with the wrong order: on the topology your "Data" (Firewall/Gateway facing) switch is the n°2 - called "Switch 2 (Data)", but from LLDP it should be the Switch n°1.

 

Doesn't really matter...with regard to LACP you should simply configure a LAG Link Aggregation Group (Port Trunk in HP jargon) with two free member interfaces, example, on both ends:

 

trunk N,M trk1 lacp

 

where N and M are two free ports (it's a pity you used port 10 for Firewall, you can't use actually 9+10 to do an aggregate).

 

Then connect cable N with N and M with M (on both ends), it's not necessary that N and M be equal on the peer...you can use N,M on SW1 and P,Q on SW2...the important thing is configurations (must be equals) and ports speed (must be equals).

Then apply VLAN tagging/untagging directly on trk1 on both peer switches.

I dont have to use port 10 its only that this is the uplink to the firewall and thus should be a higher spec port (Dual personality).

 

I assume in a normal setup environment you would be able to use the fibre SFP ports with modules for the uplink and thus keep the dual personality ports free (which I can possibly arrange).

 

For the test however I can move the Firewall port so I can use LACP on both dual personality ports.

---

@eddv123 wrote: I assume in a normal setup environment you would be able to use the fibre SFP ports with modules for the uplink and thus keep the dual personality ports free (which I can possibly arrange).

---

You're missing here an important detail: Dual Personality ports are really...dual personality...and, as for humans, each personality is used at any give time (so two personalities can be used concurrently)...so if port 9T (RJ45) is used then port 9S (SFP) can't be concurrently used too...and vice versa (IIRC correctly first connected wins)...basically it's a either/or mode of operation...that's why I told you about port 9T and port 10T.

 

Yes, for uplinking two distant devices Fiber Optics links are generally preferred....but that's not a golder rule...it all depends on how far involved peers are located each others and which speed and media are preferred/required in any given scenario.