So I'm about to loose my mind. Jumped off into a VXRail project that would "solve all my problems" and the "Aruba switches can handle the routing". Now, I have vendors going MIA, some stuck at home due to virus scares, Dell Install technicians asking higher level Dell engineers how to reimage the server. Fingers are being pointed, throats are about to get choked and all I want is a beer. UGH!!! Sorry for the vent.
The past two weeks, I've been hammering on these Aruba 3810 switches to get them figured out. I feel I'm almost there at getting this to work for what we need, but my candle just went out and I need someone to shed some light.
Our company has a very traditional, very flat 192.168.0.x/24 VLAN 1 network. It connects up to a Sonicwall and out the Internet it goes. It has worked well for a number of years, but to the number of devices we are adding, we are out of IP addresses.
Our current network goes from a [Sonicwall] <--> [Aruba 2920-ServerRoom] <-->[Aruba 2920 (x2) at MainOffice] <--> [Non-Aruba Switches at fiber connected, remote facility] ALL SWITCHES AND FACILITIES ARE ONE BIG 192.168.0.x/24 network!
I've always wanted to do proper segmentation of our networks and subnet. I'm more of a Layer three routing/firewall guy. Layer two...I'm really weak in.
We recently purchased a VXRail Solution with two EMC Switches. TThis has accelerated our network upgrades. To help the bridge, we purchased an Aruba 3810 to function as our internal router. After our Aruba consultant told us everything would be fine, they decide to go MIA. I'm now trying to learn the device/commands and get this integrated into our network.
In the first phase and implementation of the VXRail Cluster, the plan is to connect the VxRail nodes to EMC Switchs, then those EMC Switches have a LACP Trunk to the 3810. from there, everything would route out to the firewall through the 192.168.0.254 default gateway (assigned on firewall).
I really cannot see the EMC Switches as Dell Services has not turned them over to me. But the LACP Peers on the 3810 appear to be good and working.
On our firewall, I put in a routing statement to route all 10.200.0.0 255.255.0.0 traffic to 192.168.0.1 (VLAN 1 IP on the 3810) I can ping all the VLAN interfaces.
The 3810 will have a few VLANS that will run on the VXRail/EMC setup. Eventually, I would like to push those same VLANS (yet different IP ranges) to our other facilities. Our other facilities will connect back to the 3810. Eventually the firewall will connect to the 3810, but will have to wait before we can pull that over.
Our 3810 looks similar to below.
ip route 0.0.0.0 0.0.0.0 192.168.0.254
ip routing
trunk 1-2 trk1 LACP
interface 1
name toEMCSwitch1-P1
interface 2
name toEMCSwitch2-P1
interface 3
name toAruba2920
VLAN 1
name "Default VLAN"
no untagged 12,4-16,A1-A4,B1-B4
untagged 3
ip address 192.168.1.1 255.255.255.0
ip helper-address 192.168.0.15
VLAN 10
name "Data"
tagged trk1
ip address 10.200.10.1 255.255.254.0
ip helper-address 192.168.0.15
VLAN 12
name "Voice"
tagged trk1
ip address 10.200.12.1 255.255.254.0
ip helper-address 192.168.0.15
VLAN 14
name "Video"
tagged trk1
ip address 10.200.14.1 255.255.254.0
ip helper-address 192.168.0.15
VLAN 16
name "Management"
tagged trk1
ip address 10.200.16.1 255.255.255.0
ip helper-address 192.168.0.15
spanning-tree priority 0 force-version rstp-operation
What is happening is that Dell says that the VLANS are not configured properly and are not passing traffic. I think there is a misconfiguration on the Dell Switches, but don't know enough or have seen the configurations. When they set the VLAN to 1, everything seems to work and the VXRail nodes can hit the gateway on the 3810. When they tell VMware that the management node is on VLAN 16, then can no longer access anything.
I know this is a lot, but I'm running on fumes and not sure what direction I need to be going.
Besides the problem above, our area does not have a lot of Aruba Engineers/Support/Campus network planners. Would anyone have any recommendations on partners who can support their clients, rather than just sell gear and configure the NTP settings?