Wired Intelligent Edge

All,

Please Help..............

We have a S3500 in production in our own office. We are trying to set it up with VLAN's and IP routing. I have the commands, but the switch is running 7.0.2.0. We know we have to upgrade to 7.3.0.1 which we will be doing that tonight.

My questions are:

I keep getting this error when I try and interface VLAN 2.

"Error: Maximum number of VLAN interface(s) supported is 1".

Why?

1. How do I set up a DHCP relay on a VLAN. It looks like I have to setup a profile for the relay.
2. How do I setup an IP on the VLAN. I have the commands, but its not working due to the error above
3. How do I make sure the VLAN's route between each other

Are there added commands from code 7.0.2.0 to 7.3.0.1?

Any help would be appreciated.......

Thanks,

Wally

7.0.2.0 is a very, very early version of code. I would definitely upgrade the switch before configuring anything.

Once you upgrade to a more recent version of code, here are some of the commands:

1)

create a dhcp-relay-profile

interface-profile dhcp-relay-profile "RELAY-PROFILE-DATA-B"
    helper-address 10.10.10.10
    helper-address 10.10.10.10
!

 apply the dhcp-relay-profile to the vlan interface

interface vlan "11"
   pim-profile "default"
   dhcp-relay-profile "RELAY-PROFILE-DATA-B"
   ip address 10.10.8.1 255.255.255.0
!

2)

(stack) (config)# vlan 2
(stack) (config)# interface vlan 2
(stack) (vlan "2")# ip address 172.16.10.1 255.255.255.0

3) Inter-vlan routing is enabled by default between SVIs/RVIs on the same stack.

I totally agree, but are my bullet points correct?

Also, how do I get a switch port to associate to the VLAN. I know I can do it thru the GUI, but I don't see a command for the CLI line.

Thanks for the quick response too........

Wally

Tom,

i didnt see your responses after......this is great.....Thank you......

So if you are using trusted ports (no authentication), you would do the following:

1) create a switching-profile for the VLAN:

interface-profile switching-profile "VLAN100-DATA"
   access-vlan 100
!

2) create an interface-group containing the switchports you'd like to have this configuration

interface-group gigabitethernet "TRUSTED-GROUP-1"
   apply-to 0/0/0,0/0/2,0/0/4,0/0/6,0/0/8,0/0/10
   lldp-profile "LLDP-PROF-1"
   poe-profile "POE-PROFILE-1"
   switching-profile "VLAN100-DATA"
!

For untrusted ports (authentication and user-roles), you attach the VLAN to the user-role. There is a bit more setup with this as you need to setup authentication servers.

Create a user-role and attach a VLAN to the user-role:

user-role MEDIA-PLAYER
 vlan 200
 access-list stateless mDNS-AirGroup
 access-list stateless DLNA-AirGroup
 access-list stateless allowall-stateless
!

Create an interface-group containing the switchports you'd like to have this configuration. This interface-group will have more configuration because of authentication.

interface-group gigabitethernet "UNTRUSTED-GROUP-1"
   apply-to 0/0/1,0/0/3,0/0/5,0/0/7,0/0/9,0/0/11
   lldp-profile "LLDP-PROF-1"
   poe-profile "POE-PROFILE-1"
   aaa-profile "UNTRUSTED-AAA-1"
   no trusted port
!

Thanks so much. I haven't really programmed a Aruba data switch before. I appreciate all the help. You are on point. I appreciate it........Have a great day.....................

Wally

The profile-based configuration takes some getting used to but in the end, it saves a lot of time and makes configuration changes very easy.