Wired Intelligent Edge

Hi All,

 

I'm configuring new Aruba 2930M and this is the first time for me to configure aruba switch. My supervisor bought 2 switches 2930M for stacking and integrated with our core switch (cisco 4948). The stacking and the configuration for end devices (mostly servers) working well. the problem i'm facing now is connectivity to the core switch. we have 2 ports (1/24,2/24) trunked but the connectivity from core switch to the server sometimes intermittent.

below is my configuration for trunk port from Aruba and port channel from cisco.

 

Aruba :

trunk 1/24,2/24 trk1 trunk

vlan 10
name "vlan_A"
tagged 1/8,1/10,1/12,1/22-1/23,2/8,2/10,2/12,2/22,Trk1
vlan 20
name "vlan_B"
tagged 1/7,1/9-1/11,1/22-1/23,2/7,2/9,2/11,2/20,2/22,Trk1

Cisco :

interface Port-channel2
switchport
switchport trunk allowed vlan 10,20
switchport mode dot1q-tunnel

 

from above configuration now sometimes I can ping from core switch to the servers but sometimes I can't. is my configuration wrong?or do i need spanning tree to be configured?

oh one last question is aruba stacking concept use active-pasive or active-active? 

 

Aruba OS version WC.16.05.0007

 

Best Regards 

Hi,

 

Are you using LACP on the cisco side? you can try to to LACP on both end

 

trunk 1/24,2/24 trk1 LACP

 

Your config seems good. Also see the attachment file, is the equivalance between cisco and Aruba. Hope it help 

 

Also you can upgrade your switch to 16.08.XX 

Hi Mathias11,

 

Thank you for your respons.

i've tried to configure LACP on both side, it result i couldn't ping from core switch to the aruba switch nor the servers, but i would to test again as your recommendation to use LACP on both sides.

if i can configure LACP on both sides, do i need to configure STP protocol to prevent broadcast storm between aruba switch & cisco core switch?

 

i can't donwload your attachment file btw, it result "ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION".

could you please to upload again.

 

Thank You

 

Best Regards

Hi,

 

After did some analysis, i think the switch (2930M) not keep mac address table (CMIIW), if the router can't ping to the server ip address then i tried to ping from switch side to server ip address and get reply packet then the router can ping the server ip address after that.

 

here some output of show mac-address :

Aruba-Stack-2930M# show mac-address detail

Status and Counters - Port Address Table

MAC Address Port VLAN Age (d:h:m:s.ms)
----------------- ------------------------------- ---- ----------------
000c29-230aec Trk1 10 0000:00:04:34.00
000c29-dc9fed 1/10 10 0000:00:03:37.00
3821c7-4a3ac1 Trk1 10 0002:20:02:23.00
3821c7-4acac1 Trk1 10 0002:20:02:23.00
507b9d-68aa27 Trk1 10 0002:20:02:23.00
c471fe-eda306 Trk1 10 0002:20:02:23.00
c471fe-eda307 Trk1 10 0002:20:02:24.00
c471fe-eda33f Trk1 10 0000:00:07:12.00
000c29-dfcc2d 1/11 20 0000:00:00:30.00
00c0ff-447ee9 1/1 20 0000:00:07:26.00
00c0ff-448061 1/2 20 0000:00:07:18.00
08f1ea-98c2f0 Trk1 20 0000:00:01:32.00
08f1ea-98c2f2 2/7 20 0000:00:10:08.00
08f1ea-98c2f6 1/3 20 0000:00:00:48.00
08f1ea-98c2f8 2/11 20 0000:00:07:10.00
08f1ea-98c37a Trk1 20 0000:00:00:38.00
08f1ea-98c37c 1/9 20 0000:00:00:30.00
30e171-579a88 Trk1 20 0002:20:02:24.00
c471fe-eda306 Trk1 20 0002:20:02:24.00
c471fe-eda307 Trk1 20 0002:20:02:24.00
c471fe-eda33f Trk1 20 0002:20:02:24.00
c85b76-930020 Trk1 20 0002:20:02:24.00

 

the result seems change after i type the command after a moment.

any suggestion?

please take a look for the topology.

 

 

Best Regards.

 

Can you share your actual running configurations related to trk1 (Aruba side) and Port-Group 2 (Cisco side)?

Also a the outputs of typical diagnostic show/display trunk/lacp+etherchannel (adapted for Cisco/Aruba) commands would be of help.

Hi,

 

this is my configuration :

Aruba 2930M :

Running configuration:

stacking
member 1 type "JL319A" mac-address 3821c7-4a3xxx
member 1 priority 255
member 2 type "JL319A" mac-address 3821c7-4acxxx
exit
hostname "Aruba-Stack"
trunk 1/24,2/24 trk1 trunk
snmp-server community "public" unrestricted
oobm
ip address 192.168.xx.xxx 255.255.255.192
ip default-gateway 192.168.xx.xxx
exit
vlan 1
name "DEFAULT_VLAN"
no untagged 1/1-1/8,1/10,1/12-1/15,1/23,2/1-2/6,2/8,2/10-2/13,2/20,Trk1
untagged 1/9,1/11,1/16-1/22,2/7,2/9,2/14-2/19,2/21-2/23
no ip address
exit
vlan 10
name "vlan_A"
untagged 1/7,2/6
tagged 1/8,1/10,1/12,1/22-1/23,2/8,2/10,2/12,2/22,Trk1
no ip address
exit
vlan 20
name "vlan_B"
untagged 1/1-1/6,1/8,1/13-1/15,2/1-2/5,2/13
tagged 1/7,1/9-1/11,1/22-1/23,2/7,2/9,2/11,2/20,2/22,Trk1
no ip address

Aruba-Stack(config)# show trunks

Load Balancing Method: L3-based (default)

Port | Name Type | Group Type
------ + -------------------------------- ---------- + ----- --------
1/24 | 100/1000T | Trk1 Trunk
2/24 | 100/1000T | Trk1 Trunk

 

Cisco 4948:

vlan 10
name vlan_A
!
vlan 20
name vlan_B
!
!
!
!
interface Port-channel2
switchport
switchport trunk allowed vlan 10,20
switchport mode dot1q-tunnel
switchport nonegotiate

interface GigabitEthernet1/7
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20
switchport mode trunk
channel-protocol lacp
!
interface GigabitEthernet1/8
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20
switchport mode trunk
channel-protocol lacp
!

cisco#sh etherchannel 2 detail
Group state = L2
Ports: 0 Maxports = 8
Port-channels: 1 Max Port-channels = 1
Protocol: -
Minimum Links: 0
Port-channels in the group:
---------------------------

Port-channel: Po2
------------

Age of the Port-channel = 5d:16h:57m:01s
Logical slot/port = 11/2 Number of ports = 0
GC = 0x00000000
Port state = Port-channel Ag-Not-Inuse
Protocol = -
Port security = Disabled

Time since last port bundled: 5d:13h:32m:07s Gi1/7
Time since last port Un-bundled: 5d:13h:22m:50s Gi1/8

 

Do i need to configure  STP to prevent mesh packet traffic or loop?or it is enough to use LACP?my configuration use etherchannel "trunk".

and do LACP prevent looping/broadcast storm?

and just to make clear about configuration my server are ESX with 4 interfaces (2 interfaces for vmkernel traffic and 2 interfaces for data traffic). The interfaces just in tagged vlan mode with load balance "route based on originating virtual port", no LAG configured on aruba switch side.

kindly need your advice. Thank You

 

 

Best Regards 

 

First thing first, Aruba side...the trk1 configuration is wrong, you must use the lacp parameter instead of the trunk parameter:

 

trunk 1/24,2/24 trk1 lacp

Note that trk1 will carry only tagged traffic in your configuration (trk1 will not be an untagged member of a particular VLAN X, called the native one...since you defined that trk1 is no untagged in VLAN 1 <-- in this case native VLAN id is always 1 but this assignment can be changed if required...basically you oprhaned trk1 of its untagged VLAN).

 

Cisco side I'll restart fresh new by defaulting involved physical Gigabit Ethernet Interfaces 1/7, 1/8 and logical interface Channel-Group 2:

 

default interface GigabitEthernet1/7
default interface GigabitEthernet1/8
no interface port-channel2

and only then I will configure the LACP etherchannel reapplying to it necessary VLAN id tagging (native+allowed or only allowed) as you have now:

 

interface GigabitEthernet1/7
channel-protocol lacp
channel-group 2 mode active

interface GigabitEthernet1/8
channel-protocol lacp
channel-group 2 mode active

interface Port-channel2
switchport trunk native vlan X <-- specify an untagged=native VLAN id (PVID) if you plan to also permit untagged traffic (do not forget to add X to allowed VLAN id below)
switchport trunk allowed vlan X,10,20
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate

I'm not exactly sure if VLAN tagging (allowed) should defined before at interface level on Cisco...in other words if the order of commands committed is important or not...I suspect switchport trunk native vlan and switchport trunk allowed vlan commands exectuted at interface port-channel 2 context level (so on the logical interface) should diffuse back their relevant settings to physical member links of the that port-channel 2.

 

STP should be OK Aruba side...once you have a well formed trkN (of type trunk = Non Protocol or of type lacp= IEEE 802.3ad) Spanning Tree will see the logical interface trkN and not its physical members...so any loop will automatically be avoided...clearly the other peer should be correctly configured to cope with trkN (trunk or lacp).

 

Hi parnassus,

 

Thank you for your advice I will try to reconfigure lacp setup on both sides.

what do you mean about "STP should be ok"?is does the mean i don't need to configure STP if lacp configured properly?since default STP for cisco is pvst+ and aruba is mstp.

 

Thanks for your kindly help parnassus.

 

Best Regards 

Spanning Tree interoperability between Cisco IOS and Aruba ArubaOS-Switch needs further checks...so what's about starting to provide us the outputs of the show spanning-tree command executed on both platforms?

 

A good starting reference guide would be this one.

 

What I meant is that with a correctly setup of Spanning Tree the ports aggregation(s) should not be a matter to worry about.

Hi parnassus,

 

Thank you for your advice.

i'm not configure the STP yet between aruba and cisco, so the default cisco STP is use pvst and aruba is mstp.

So the other conclusion is i need to configure STP if i use LACP?

does LACP doesn't prevent loop?

 

Best Regards 

If CISCO is running PVST then configure rapid PVST on AOS switches for inter-operability.

 

and enable STP is always best practises.

 

Best Regards,

Suresh