Wired Intelligent Edge (Campus Switching and Routing)

Reply
Highlighted
Aruba Employee

Setting up a Trunk Group with Central GUI and Central Templates

Overview

The aim of this post is to show how to add a switch into an existing Central managed environment.

 

Everything will be done remotely; no local console access or cable swapping required. It is designed to simulate the process of manually expanding a remote network with no onsite skills required.


Environment
Central 2.4.9 is the base platform. It is expected that the coming upgrade to 2.5.0 will change some of the details, but the process flow remains consistent.
This demonstration environment has 3 existing switches, and the fourth one will be added:

  • Core switch = 5406R managed in Central with a template
  • 2930F-29 (24 port) managed in Central with GUI and CLI access (hybrid)
  • 2930F-28 (8 port) managed in Central with GUI and CLI access (hybrid)
  • Switch 4 = 2930F (8 port) <-- this is the new one to be deployed

Trk environment.png

 

Process Overview

  1. Prepare the core switch
  2. Plug and power new switch
  3. Wait for it to appear in Central
  4. Create a new group and assign the switch to it
  5. Initial switch configuration via the Central GUI
  6. Check link status
  7. Prepare new switch trunk
  8. Configure core trunk
  9. Verify connection status
  10. Complete GUI Config
  11. Additional switch config (eg colourless ports and other config not currently possible in the GUI)


1. Prepare the core switch

  • Assign the ports (in this case A22 & C22)
  • and set the appropriate VLAN
  • Shutdown one of the ports (not strictly necessary since spanning tree is running on the core already, but it makes downstream port identification easier)

Note that default startup VLAN is always VLAN 1, and Central does not change that.

 

Template changes
These are the changes made in the template and automatically pushed out to the 5406R:

Trk template.png

interface A22
   name "New switch"
   exit
interface C22
   disable
   name "New switch"
   exit
vlan 1
   name "DEFAULT_VLAN"
   no untagged A1-A20,A22,A24,B1-B24,C1-C20,C22,C24,D1-D8,Trk21-Trk23
vlan 930
   untagged A22,C19-C20,C22,C24,Trk21,Trk23

Ports in Bold above have been added to the command.

 

2. Plug in new switch

  • The new switch needs to be in the brand-new, out-of-the-box factory-default state
  • connect the new switch (using a pair of 3m DAC cables in this case)
  • New switch uplink ports are the two SFP+ ports 9 & 10
  • Power it on

3. Check Central
The new switch should appear in Central as an unassigned device.
If it doesn't, Activate may need to be updated to include it, or it may need to be manually added (Add Devices under Global Settings | Device Inventory)

 

It may take a few minutes to show up in Central.
Check in Global Settings | Device Inventory

 

4. New Group
Under Global Settings | Manage Groups, create a new switch GUI group (enter group name and password; don't tick the switch checkbox).

Trk Create new group.png

 

 

Move the new switch from unassigned into the new group (Sw-2930F-32).

It should be visible under Monitoring & Reports | Network Overview

Trk 4 online switches.png

 

Trk switch list.png

 


5. Central GUI Initial Switch Config
From Wired Management, choose the new switch group and make the initial config changes in the GUI.
Trk GUI config options for switch.png
I will initially configure the following:

  • SWITCHES: Switch name and contact/loctaion details
  • PORTS: I like to label the uplink ports, but it isn't necessary

 

Trk switch ports.png

 

  • VLANs: add the new management VLAN (250) and IP address (10.20.50.32/24)
  • SYSTEM: set a suitable name server (eg a local one or 8.8.8.8)

Once these changes are made, check that the config is still in sync with CONFIGURATION AUDIT.

 

6. Check Link Status

There are two connections, but only one is active. It is important to know which one is active so that the trunk configuration can be made to the other. That allows a roll-back process in case something goes wrong.


Using Central GUI
Sticking with the GUI theme, you can add the new switch to the existing group or site used to display the network topology. In this example, I added the new switch to the Site "Coffs Harbour"

 

The topology view for Coffs Harbour will soon show the new switch as well.

Trk new switch in topology.png

 

 

Note the link between the 2930F-32 (new switch) and Demo-Core doesn't have a 2 - just a single link from the pair is active. Spanning tree on the core will be blocking one connection to stop a loop forming.
Hovering over the link shows the active ports (9 - A22)

Trk 9-A22.png

 

 

Using Central CLI
The alternate method is to use the console from Central.

 

  • From Network Overview, choose Switches, List of Online Switches
  • Select the new switch
  • Click the drop-down "Actions" and select Console

Trk start console.png

 

Central will present a console login screen:

Trk console login.png

 

You now have console access to the switch!

Trk console access.png

 


7. Prepare New Switch Trunk
Navigate to Wired Management | TRUNK GROUPS for the new switch, and click the plus to add a new trunk.

Just add port 10 to trk1 LACP. Choose the management VLAN (250) as untagged.
Trk add trunk group.png
Add a default routing entry that will use the management VLAN link.

 

Trk add routing.png

 

Click the routing toggle to enable.

 

8. Configure Core Trunk
This core is configured with a Central template rather than the GUI.
The template will be modified to create the LACP trunk.

 

Make these changes to the existing template:

trunk A22,C22 trk22 lacp

interface C22
   enable
   exit

vlan 1
   no untagged A1-A20,A22,A24,B1-B24,C1-C20,C22,C24,D1-D8,Trk21-Trk23
   exit

vlan 250
   untagged A2-A20,A24,B1-B24,C1-C18,Trk22
   exit

vlan 930
   untagged C1-C4,C19-C20,C22,C24,Trk21,Trk23
   exit

9. Verify Connection Status
You should now have an aggregation (trunk) group between the core and the new switch. However, since port 9 on the new switch is still in access mode (so that there was a way to regain control if something went wrong), only one of the two links is actually working with LACP. This can be seen using Central CLI to the core:

Trk LACP A22 blocked.png

 

Using Central CLI to the new switch, we can see the one link is active, routing via the management VLAN is fuctional.

Trk new switch trk1 link.png

 

10. Complete GUI Config
The second port on the new switch can now be added to the trunk to complete the link configuration.
Edit the existing Trk1, and add the second port (9) to the trunk.

 

Trk added 9 to trk1.png

 

Turning on spanning tree is a good idea now too.

 

  • Enable MSTP
  • set priority
  • enable root-guard on access ports

After the config is pushed out, the LACP Trunk will show both connections with a partner.

Trk LACP active on 9-10.png
11. Central CLI Additional Switch Config
There will almost certainly be config options that are not currently supported by the GUI that can be entered here to complete the switch config.


Note that as new features are added to the GUI in Central, you should expect that they will overwrite CLI-configured settings.

 

 

One of my previous posts has examples of this:

https://community.arubanetworks.com/t5/Cloud-Managed-Networks/Managing-a-wired-and-wireless-site-with-Central/td-p/549194 

 

Console Access
Console access is required for making changes in hybrid mode, and can provide useful additional testing and troubleshooting capabilities.

 

One of the first things I do for switch hardening is to configure authorised-managers. However, this will stop Central console access with this error message:

 

Trk console error.png

 

This is easily fixed by adding 127.0.0.1 with this syntax:

ip authorized-managers 127.0.0.1 255.0.0.0 access manager

 



Richard Litchfield, HPE Aruba
Consulting System Engineer
Network Ambassador
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: