Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

AOS8.5: Untrusted VLAN on LACP Portchannel

This thread has been viewed 5 times

  • 1.  AOS8.5: Untrusted VLAN on LACP Portchannel

    Posted Jul 03, 2019 05:57 AM
      |   view attached

    Hi all,

     

    I currently have a problem configuring a LACP PO on two 7010 Controllers (managed by an virtual MM) all with AOS8.5.

     

    The controllers both have an IPv4-Adress in VLAN200 (which is the Internet). We want this VLAN to be untrusted so that the controller doesn't offer any services in the internet direction.

     

    Connection between the (Aruba) Core and Controllers is made via a four port LACP PO. I marked the PO itself as trusted and added some trusted VLANs. I then wanted to add VLAN 200 as untrused (but allowed) VLAN. Apparently the GUI doesn't let me click the "Submit"-Button (see Screenshot attached). And yes: I tried different browsers (Firefox and Chrome).

     

    Please help me. Is there a explaining reason why I am not allowed to add an unstrued VLAN to the PO?

    According to Table 1 here it should work like that (as far as I understood).

     

    Best regards

    Stefan



  • 2.  RE: AOS8.5: Untrusted VLAN on LACP Portchannel

    Posted Jul 03, 2019 06:44 AM
      |   view attached

    HI,

     

    I tried similar to this on my devices you can see the attached output.

     

    can try once with trusted only ports and check and only untrusted ports.

     

    or try with CLI you may get proper warning related to it.

     

     

     

     

     

     



  • 3.  RE: AOS8.5: Untrusted VLAN on LACP Portchannel

    Posted Jul 03, 2019 09:12 AM
      |   view attached

    Thx for the fast reply.

    Apparently there is no way to configure this behavious via CLI.

    In the Userguide I also can't find any appropriate instruction (see Screenshot)

     

    Could somebody from Aruba please make a statement about this?

     

    Best regards,

    Stefan



  • 4.  RE: AOS8.5: Untrusted VLAN on LACP Portchannel

    Posted Jul 03, 2019 09:26 AM

    Hi Stefan,

     

    Nothing to help you but we have exactly the same problem here. One Port-Channel configured and we'd like to untrust some vlans but nothing more. We tried everything CLI + GUI and we're stuck.

    Cause : VRRP is not working on these VLANs

     

    Good luck, i'm following the thread.

     



  • 5.  RE: AOS8.5: Untrusted VLAN on LACP Portchannel

    Posted Jul 03, 2019 01:06 PM

    I had a call with the TAC. Nothing more, they'll call me back asap.

     

    But I maybe have a solution

     

    In CLI try : 

    interface port-channel x

    switchport trunk allowed vlan all (or no switchport trunk allowed vlan)

    trusted vlan add 1-4094

    trusted vlan remove "your vlans"

    wr mem

     

    You should have the following config (all the vlan not trusted are considered as untrusted)

    tac-case.PNG

    /!\ Don't change settings of your port-channel through the GUI after that :(

    Let's see the TAC answer.