Wired Intelligent Edge

last person joined: 5 hours ago 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

VLAN Question on Aruba 2530

This thread has been viewed 3 times

  • 1.  VLAN Question on Aruba 2530

    Posted Jun 24, 2020 03:43 PM

    I'm replacing a switch with an Aruba 2530. The current switch has several Access Points plugged in to it that host two SSID's. Each SSID connects to a different network. For example, SSID1 connects me to the 192.168.0.x network and SSID2 connects me to the 192.168.1.x network. We have DHCP servers on each of these networks that farm out IP addresses. My question is, when I plug these access points into the switch, they obviously need to carry traffic for both of the VLANs. I'm familiar with how to create basic vlanning where one port is on one vlan and another port is on another vlan but I'm not familiar with how to configure these ports on the Aruba to handle this type of traffic. We currently have cisco switches and the vlan  setup is a bit different. Could anyone point me in the right direction on how these access point ports should be configured?



  • 2.  RE: VLAN Question on Aruba 2530

    Posted Jun 24, 2020 04:42 PM

    You can use tagged ports.

     

    You can to into the interface config and tag each vlan you are using. 

     

    Config 

    Interface x

    Tagged vlan x

    Tagged vlan y

     

    Normally I use the untagged port for management. 

     

    Also, I think you can use a ap profile where you put in the config and you don't have to configure the port manually. 



  • 3.  RE: VLAN Question on Aruba 2530

    Posted Jun 24, 2020 05:10 PM

    OK, so I would literally create two VLANs on the switch and then on those ports that contain Access Point,s I would tag traffic on both VLANs?



  • 4.  RE: VLAN Question on Aruba 2530

    EMPLOYEE
    Posted Jun 24, 2020 05:39 PM

    Hi,

     

    You can do it in two ways assuming you have APs that need to bridge traffic directly (no controller)

     

    Manual way, you go to each port where an AP is connected. You usually configure the management vlan as untagged and the user vlans for each SSID as tagged..

     

    interface <N>

     vlan <M> untagged

     vlan <X,Y,Z> tagged

     

    The other way is to leverage device profile. When the switch detects an Aruba AP is connected, it will automatically apply the MY-ARUBA-AP profile..

     

    device-profile name "MY-ARUBA-AP"
    untagged-vlan <M>
    tagged-vlan <X,Y,Z>
    exit


    device-profile type "aruba-ap"
    associate "MY-ARUBA-AP"
    enable
    exit

     



  • 5.  RE: VLAN Question on Aruba 2530

    Posted Jun 24, 2020 08:16 PM

    The way this is set up right now is the one SSID is on the same VLAN as the rest of the switch. In other words, they have a corporate network on 10.0.0.0. The AP has an IP on this network and also broadcasts a wireless network that connects you to the corporate network by giving you an IP on the 10.0.0.0 network. The other SSID that is broadcasted connects you to the guest WiFi which let’s say is 192.168.0.0. There is a vlan for this network on the existing switch and I can see only 1 port as a member of this vlan which is the port that connects the dhcp server for the 192.168.0.0 network. The other ports that connect the APs say something about encapsulation. I guess I’m confusion is how the AP ports should be configured so that they can handle traffic for both VLAns and how the one port should be configured that connects to the 192 dhcp server.



  • 6.  RE: VLAN Question on Aruba 2530

    MVP GURU
    Posted Jun 25, 2020 01:54 AM

    Wouldn't be better for you to show us the VLAN membership of the port where a working AP is actually connected into? ...that way we can easily understand how to reproduce the required port configuraton on the Aruba 2530.

     



  • 7.  RE: VLAN Question on Aruba 2530

    Posted Jun 25, 2020 08:35 AM

    Good point. If I look in the cisco config, here is what I see for the ports that have APs connected to them.

     

    interface GigabitEthernet2/0/32
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 50
    switchport mode trunk
    spanning-tree portfast

     

    interface GigabitEthernet2/0/34
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 50
    switchport mode trunk
    spanning-tree portfast

     

    interface GigabitEthernet2/0/36
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 50
    switchport mode trunk
    spanning-tree portfast

     

    The ports that don't have APs connected to them and are just on the corporate network all look similar to this:

     

    interface GigabitEthernet2/0/46
    switchport access vlan 50
    spanning-tree portfast

     

    The port that has the DHCP server connected to it that handles the guest WIFI network at 192.168.0.0 looks like this:

     

    interface GigabitEthernet1/0/6
    description Uplink to Firewall Eth4
    switchport access vlan 10
    spanning-tree portfast



  • 8.  RE: VLAN Question on Aruba 2530

    MVP GURU
    Posted Jun 25, 2020 11:28 AM

    Hi!

     

    This Cisco interface configuration:

    interface GigabitEthernet2/0/32
switchport trunk encapsulation dot1q
switchport trunk native vlan 50
switchport mode trunk
spanning-tree portfast

    can be translated into this ArubaOS-Switch port configuration: 

    vlan 50
untagged <port-id-n>
exit
spanning-tree ethernet <port-id-n> admin-edge-port
exit

     The point is that on your Cisco the command:

    switchport trunk native vlan 50
switchport mode trunk

    means, since no switchport trunk allowed vlan <vlan-id> is defined, simply that your interface 2/0/32 is in (cisco) trunk mode of operation (so capable of passing tagged traffic) BUT no VLAN tagged are specified...AND only the native (untagged) VLAN id 50 is specified...that simply means that interface 2/0/32 acts like an access port untagged on VLAN id 50 and, indeed, on Aruba the suggested translation is exactly the one of a port untagged member of VLAN id 50 (the portfast = admin-edge-port).

     

    The interesting thing of your Cisco config is that, actually (and for the same reason explained above <- the lack of the "switchport trunk allowed vlan <vlan-id>" setting), there is no difference between this:

    interface GigabitEthernet2/0/32
switchport trunk encapsulation dot1q
switchport trunk native vlan 50
switchport mode trunk
spanning-tree portfast

    and this:

    interface GigabitEthernet2/0/46
switchport access vlan 50
spanning-tree portfast


  • 9.  RE: VLAN Question on Aruba 2530

    Posted Jun 25, 2020 12:21 PM

    Unfortunately I can't explain the existing setup since those switches were already in place when I got here. So your saying the only thing I should do on these ports to replicate  the setup is untag the port on VLAN 50?



  • 10.  RE: VLAN Question on Aruba 2530
    Best Answer

    MVP GURU
    Posted Jun 25, 2020 06:28 PM

    Hi!

    @itdweeb99 wrote: Unfortunately I can't explain the existing setup since those switches were already in place when I got here.

    It's OK, it's not your fault. Things generally need to be discovered or, often, rediscovered.

    @itdweeb99 wrote: So your saying the only thing I should do on these ports to replicate  the setup is untag the port on VLAN 50?

    From your posted Cisco switch's configuration and considering a like-for-like switch replacement...yes: if WiFi APs worked correctly that way connected to those Cisco switch interfaces then reproducing - as per my above reply - the same VLAN ports' memberships on the HPE Aruba switch shouldn't change the way those WiFi APs used to work.