Wired Intelligent Edge

So I'm about to loose my mind.  Jumped off into a VXRail project that would "solve all my problems" and the "Aruba switches can handle the routing".  Now, I have vendors going MIA, some stuck at home due to virus scares, Dell Install technicians asking higher level Dell engineers how to reimage the server.  Fingers are being pointed, throats are about to get choked and all I want is a beer.  UGH!!!  Sorry for the vent.

The past two weeks, I've been hammering on these Aruba 3810 switches to get them figured out.  I feel I'm almost there at getting this to work for what we need, but my candle just went out and I need someone to shed some light.

Our company has a very traditional, very flat 192.168.0.x/24 VLAN 1 network. It connects up to a Sonicwall and out the Internet it goes. It has worked well for a number of years, but  to the number of devices we are adding, we are out of IP addresses.  

Our current network goes from a [Sonicwall] <--> [Aruba 2920-ServerRoom] <-->[Aruba 2920 (x2) at MainOffice] <--> [Non-Aruba Switches at fiber connected, remote facility]  ALL SWITCHES AND FACILITIES ARE ONE BIG 192.168.0.x/24 network!

I've always wanted to do proper segmentation of our networks and subnet.  I'm more of a Layer three routing/firewall guy.  Layer two...I'm really weak in.

We recently purchased a VXRail Solution with two EMC Switches.  TThis has accelerated our network upgrades.  To help the bridge, we purchased an Aruba 3810 to function as our internal router.  After our Aruba consultant told us everything would be fine, they decide to go MIA.  I'm now trying to learn the device/commands and get this integrated into our network.

In the first phase and implementation of the VXRail Cluster, the plan is to connect the VxRail nodes to EMC Switchs, then those EMC Switches have a LACP Trunk to the 3810.  from there, everything would route out to the firewall through the 192.168.0.254 default gateway (assigned on firewall).

I really cannot see the EMC Switches as Dell Services has not turned them over to me.  But the LACP Peers on the 3810 appear to be good and working.

On our firewall, I put in a routing statement to route all 10.200.0.0 255.255.0.0 traffic to 192.168.0.1 (VLAN 1 IP on the 3810)  I can ping all the VLAN interfaces.

The 3810 will have a few VLANS that will run on the VXRail/EMC setup.  Eventually, I would like to push those same VLANS (yet different IP ranges) to our other facilities.  Our other facilities will connect back to the 3810.  Eventually the firewall will connect to the 3810, but will have to wait before we can pull that over.

Our 3810 looks similar to below.

ip route 0.0.0.0 0.0.0.0 192.168.0.254
ip routing

trunk 1-2 trk1 LACP

interface 1

  name toEMCSwitch1-P1

interface 2

  name toEMCSwitch2-P1

interface 3

  name toAruba2920

VLAN 1

  name "Default VLAN"

  no untagged 12,4-16,A1-A4,B1-B4

  untagged 3

  ip address 192.168.1.1 255.255.255.0

  ip helper-address 192.168.0.15

VLAN 10

  name "Data"

  tagged trk1 

  ip address 10.200.10.1 255.255.254.0

  ip helper-address 192.168.0.15

VLAN 12

  name "Voice"

  tagged trk1 

  ip address 10.200.12.1 255.255.254.0

  ip helper-address 192.168.0.15

VLAN 14

  name "Video"

  tagged trk1 

  ip address 10.200.14.1 255.255.254.0

  ip helper-address 192.168.0.15

VLAN 16

  name "Management"

  tagged trk1 

  ip address 10.200.16.1 255.255.255.0

  ip helper-address 192.168.0.15

spanning-tree priority 0 force-version rstp-operation

What is happening is that Dell says that the VLANS are not configured properly and are not passing traffic.  I think there is a misconfiguration on the Dell Switches, but don't know enough or have seen the configurations.  When they set the VLAN to 1, everything seems to work and the VXRail nodes can hit the gateway on the 3810.  When they tell VMware that the management node is on VLAN 16, then can no longer access anything.

I know this is a lot, but I'm running on fumes and not sure what direction I need to be going.  

Besides the problem above, our area does not have a lot of Aruba Engineers/Support/Campus network planners.  Would anyone have any recommendations on partners who can support their clients, rather than just sell gear and configure the NTP settings?

Hi jasona,

from a first view, all looks fine, except the reason that you are talking about the 192.168.0.0/24 subnet for VLAN 1 but the switch uses 192.168.1.1 for VLAN 1 IP address. this is a mismatch. 

could you recheck on this? 

BR

Florina

FlorianBaaske

I'm sorry.  That was a typo on my part.  The IP for VLAN 1 is 192.168.0.1.  Sorry about that.

OK.  Thanks all.  There was a typo on the VLAN 1 IP address when I typed it into the message.  The actual configurations were 192.168.0.1.

Being new to the Aruba switches, I just wanted to get a second set of eyes on things.  I thought this is how it should work, but just not as familiar with the product as I probably should be.  I know when we purchased the Aruba's, that was the direction I wanted to take (away from the previous Netgear switches!!!)  I was really relying on our Aruba partner to help us through this but...well, there has been issues.

As for the EMC switches, I'm trying to get my hands on the configurations.  Dell is still in process of the Pro-Deployment of the EMC Switches and the VxRail.  They were supposed to be on-site to perform these actions, as well as our Aruba partner, but travel restrictions has made this a remote job.  I feel there are times where I think I can point to where the problem might be, but who am I to guide the experts.  

This was my first post to the community and I'm blown away by the two responses and activity!  Kudo's to you guys for being active participants and helping people like, who have been kicked down, get back up!  THANK YOU!

Hi!

From the partial configuration posted we can say for sure that:

1. Aruba 3810M is responsible for IPv4 Routing on its SVIs (basically each VLAN with an IP Interface is a SVI).
2. Aruba 3810M has a route of last resort to 192.168.0.254 (the SonicWall Firewall)
3. SonicWall Firewall has (or should have) a route back to reach desired VLANs' subnets defined into the Aruba 3810M via the SVI you selected as your "transit" VLAN (the VLAN 1 where both the Aruba 3810M and the SonicWall have an IP address associated, the Aruba has the SVI of VLAN 1 and the SonicWall has - or will have - its LAN side interface downlinked to the Aruba)
4. Aruba 3810M has various VLANs associated Subnets (10.200.x.0/23 each one with its SVI on 10.200.x.1, where x=10, 12, 14 and 16) other than the Default VLAN 1.
5. Logical Interface trk1 (a Port Aggregation made of port 1 and port 2, called Port Trunk in HP jargon) is used to uplink to both your EMC Switch(es) concurrently using LACP (so EMC Switches should be virtualized to appear as one logical entity to the Aruba 3810M otherwise it will not work)
6. Logical Interface trk1 is tagged member of VLANs above (I suspect that trk1 is also untagged member of VLAN 1 since I don't see the no untagged trk1 on VLAN 1 context).
7. Physical port 3 is untagged member of just VLAN 1 (Default) so VLAN 1 is stretched to the Aruba 2920 connected through this downlink.
8. STP is enabled and working in RSTP mode with Root priority (0).

As FlorianBaaske wrote...posted configuration portion looks quite normal apart of what he correctly noted about the VLAN 1 SVI IP Address mismatch.

So...how are configured the EMC Switch(es)?