Wireless Access

Hello All,

I am trying to test the bond config and verify its redundancy . However my check fails so far. Bond status shows up on both sides 

When I ping from PC1 src 192.168.0.1 to PC2 dst 192.168.0.2 , it fails both ways

PC1-->access VLAN 2 port ge0/0/0--> Aruba Sw---LACP:Trunk mode--->Juniper switch---> access VLAN 2  Ge0/0/0-> PC2

Config in Juniper switch:

interfaces {
ge-0/0/0 {
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members test;
}
}
}
}
ge-0/0/1 {
unit 0 {
family ethernet-switching {
port-mode access;
vlan {
members test;
}
}
}

ae0 {
aggregated-ether-options {
minimum-links 1;
link-speed 1g;
lacp {
active;
periodic fast;
}
}
unit 0 {
family ethernet-switching {
port-mode trunk;
vlan {
members all;
}
}
}

vlans {
test {
vlan-id 2;
}
}

root@juniper-lab# run show interfaces ae0 extensive
Physical interface: ae0, Enabled, Physical link is Up
Interface index: 128, SNMP ifIndex: 555, Generation: 131
Link-level type: Ethernet, MTU: 1514, Speed: 2Gbps, BPDU Error: None, MAC-REWRITE Error: None, Loopback: Disabled, Source filtering: Disabled, Flow control: Disabled,
Minimum links needed: 1, Minimum bandwidth needed: 0
Device flags : Present Running
Interface flags: SNMP-Traps Internal: 0x4000
Current address: 5c:5e:ab:6a:52:c3, Hardware address: 5c:5e:ab:6a:52:c3
Last flapped : 2020-04-29 09:28:06 UTC (04:44:28 ago)
Statistics last cleared: Never
Traffic statistics:
Input bytes : 5579951 3032 bps
Output bytes : 4823259 2048 bps
Input packets: 43739 3 pps
Output packets: 36351 2 pps
IPv6 transit statistics:
Input bytes : 0
Output bytes : 0
Input packets: 0
Output packets: 0
Input errors:
Errors: 0, Drops: 0, Framing errors: 0, Runts: 0, Giants: 0, Policed discards: 0, Resource errors: 0
Output errors:
Carrier transitions: 6, Errors: 0, Drops: 0, MTU errors: 0, Resource errors: 0

Logical interface ae0.0 (Index 65) (SNMP ifIndex 557) (Generation 130)
Flags: Up SNMP-Traps 0x40004000 Encapsulation: ENET2
Statistics Packets pps Bytes bps
Bundle:
Input : 8607 0 1034913 0
Output: 24 0 2340 0
Adaptive Statistics:
Adaptive Adjusts: 0
Adaptive Scans : 0
Adaptive Updates: 0
Link:
ge-0/0/10.0
ge-0/0/11.0
LACP info: Role System System Port Port Port
priority identifier priority number key
ge-0/0/10.0 Actor 127 5c:5e:ab:6a:52:c0 127 1 1
ge-0/0/10.0 Partner 32768 00:1a:1e:1a:c7:40 255 11 1
ge-0/0/11.0 Actor 127 5c:5e:ab:6a:52:c0 127 2 1
ge-0/0/11.0 Partner 32768 00:1a:1e:1a:c7:40 255 12 1
LACP Statistics: LACP Rx LACP Tx Unknown Rx Illegal Rx
ge-0/0/10.0 17105 17060 0 0
ge-0/0/11.0 17104 17059 0 0
Marker Statistics: Marker Rx Resp Tx Unknown Rx Illegal Rx
ge-0/0/10.0 0 0 0 0
ge-0/0/11.0 0 0 0 0
Protocol eth-switch, Generation: 147, Route table: 0
Flags: Is-Primary, Trunk-Mode

root@juniper-lab> show route

inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0.0.0.0/0 *[Static/5] 05:12:38
> to 192.168.2.1 via me0.0
192.168.2.0/24 *[Direct/0] 05:12:38
> via me0.0
192.168.2.50/32 *[Local/0] 05:12:38
Local via me0.0

Aruba Switch config :

(aruba-lab) #show vlan

VLAN CONFIGURATION
------------------
VLAN Description Ports
---- ----------- -----
1 VLAN0001 GE0/0/1-9 GE0/0/12-47 GE0/1/0-1 Pc0
2 test GE0/0/0 GE0/0/16 Pc0

(aruba-lab) #show trunk

Trunk Port Table
----------------
Port Vlans Allowed Vlans Active Native Vlan
---- ------------- ------------ -----------
GE0/0/16 ALL 1-2 1
Pc0 ALL 1-2 1

(aruba-lab) #show interface port-channel 0

port-channel 0 is administratively Up, Link is Up, Line protocol is Up
Hardware is Port-Channel, LACP enabled, Address is 00:1a:1e:1a:c7:40
Description: Link Aggregate
Member port(s):
GE0/0/10 is administratively Up, Link is Up, Line protocol is Up
GE0/0/11 is administratively Up, Link is Up, Line protocol is Up
Speed: 2 Gbps
Interface index: 1441
MTU 1514 bytes
Flags: Trunk, Trusted
Link status last changed: 0d 04h:22m:44s ago
Last clearing of counters: 0d 04h:22m:44s ago
Statistics:
Received 33499 frames, 4445555 octets
0 pps, 2.040 Kbps
435 broadcasts, 0 runts, 0 giants, 0 throttles
0 error octets, 0 CRC frames
33064 multicast, 0 unicast
Transmitted 40393 frames, 5154835 octets
1 pps, 2.694 Kbps
235 broadcasts, 0 throttles
0 errors octets, 0 deferred
0 collisions, 0 late collisions

GE0/0/10:
Statistics:
Received 16838 frames, 2235957 octets
0 pps, 1.020 Kbps
308 broadcasts, 0 runts, 0 giants, 0 throttles
0 error octets, 0 CRC frames
16530 multicast, 0 unicast
Transmitted 24466 frames, 3089783 octets
1 pps, 1.674 Kbps
186 broadcasts, 0 throttles
0 errors octets, 0 deferred
0 collisions, 0 late collisions

GE0/0/11:
Statistics:
Received 16661 frames, 2209598 octets
0 pps, 1.020 Kbps
127 broadcasts, 0 runts, 0 giants, 0 throttles
0 error octets, 0 CRC frames
16534 multicast, 0 unicast
Transmitted 15927 frames, 2065052 octets
0 pps, 1.020 Kbps
49 broadcasts, 0 throttles
0 errors octets, 0 deferred
0 collisions, 0 late collisions

(aruba-lab) # show lacp 0 internal

Flags: S - Device is requesting slow LACPDUs
F - Device is requesting fast LACPDUs
A - Device is in Active mode P - Device is in Passive mode
LACP Internal Table
-------------------
Port Flags Pri AdminKey OperKey State Num Status
---- ----- --- -------- ------- ----- --- ------
GE0/0/10 FP 255 0x1 0x1 0x3e 0xb up
GE0/0/11 FP 255 0x1 0x1 0x3e 0xc up

(aruba-lab) # show lacp 0 counters

LACP Counter Table
------------------
Port LACPDUTx LACPDURx MrkrTx MrkrRx MrkrRspTx MrkrRspRx ErrPktRx
---- -------- -------- ------ ------ --------- --------- --------
GE0/0/10 15839 15793 0 0 0 0 0
GE0/0/11 15836 15790 0 0 0 0 0

(aruba-lab) # show lacp 0 neighbor

Flags: S - Device is requesting slow LACPDUs
F - Device is requesting fast LACPDUs
A - Device is in Active mode P - Device is in Passive mode
LACP Neighbor Table
-------------------
Port Flags Pri OperKey State Num Dev Id
---- ----- --- ------- ----- --- ------
GE0/0/10 FA 127 0x1 0x3f 0x1 5c:5e:ab:6a:52:c0
GE0/0/11 FA 127 0x1 0x3f 0x2 5c:5e:ab:6a:52:c0

(aruba-lab) #show running-config
Building Configuration...

#
# Configuration file for ArubaOS
# ArubaOS Version 7.4.0.4 54198
version 7.4

interface-profile switching-profile "test"
access-vlan 2
!
interface-profile switching-profile "trunk-all"
switchport-mode trunk
!
interface-profile switching-profile "trunk-ports"
switchport-mode trunk
!
interface-profile tunneled-node-profile "default"
!
interface-profile poe-profile "default"
!
interface-profile poe-profile "poe-factory-initial"
enable
!
interface-profile enet-link-profile "default"
!
interface-profile lacp-profile "lacp1"
group-id 0
timeout short
!
interface-profile lldp-profile "default"
!
interface-profile lldp-profile "lldp-factory-initial"
lldp transmit
lldp receive
med enable
!
interface-profile mstp-profile "default"
!
interface-profile pvst-port-profile "default"
!
vlan-profile dhcp-snooping-profile "default"
!
vlan-profile mld-snooping-profile "default"
!
vlan-profile igmp-snooping-profile "default"
snooping
!
vlan-profile igmp-snooping-profile "igmp-snooping-factory-initial"
snooping
!
spanning-tree
mode mstp
!
gvrp
!
mstp
!
lacp
!
vlan "1"
igmp-snooping-profile "igmp-snooping-factory-initial"
!
vlan "2"
description "test"
!
interface gigabitethernet "0/0/0"
switching-profile "test"
!
interface gigabitethernet "0/0/5"
!
interface gigabitethernet "0/0/10"
lacp-profile "lacp1"
!
interface gigabitethernet "0/0/11"
lacp-profile "lacp1"
!
interface gigabitethernet "0/0/16"
switching-profile "trunk-ports"
!
interface vlan "1"
!
interface vlan "2"
ip address 192.168.0.60 255.255.255.0
!
interface mgmt
ip address 192.168.2.60 255.255.255.0
!
interface port-channel "0"
switching-profile "trunk-all"
enet-link-profile pc_default
!

(aruba-lab) #show ip route

Codes: C - connected
O - OSPF, O(IA) - OSPF inter area
O(E1) - OSPF external type 1, O(E2) - OSPF external type 2
O(N1) - OSPF NSSA type 1, O(N2) - OSPF NSSA type 2
M - mgmt, S - static, * - candidate default
D - DHCP

Gateway of last resort is 192.168.2.1 to network 0.0.0.0 at cost 0
S * 0.0.0.0 /0 [0] via 192.168.2.1
C 192.168.0.0/24 is directly connected: vlan2
C 192.168.0.60/32 is directly connected: vlan2
M 192.168.2.0/24 is directly connected: mgmt
M 192.168.2.60/32 is directly connected: mgmt

Any ideas what am I missing here ?

Apparently the LACP is working correctly; On both ends the bonds (Link Aggregations) are well formed and the communication between them looks good to me: physical links are Up, BPDU are flowing and nothing is being blocked.

If I were you I will point the finger against the VLAN memberships (especially on the ArubaOS side)...it's not clear to me - I admit I'm not an expert neither on Aruba MAS nor on Juniper Switches - if VLAN memberships are matching on both aggregated interfaces or not (I see VLAN ID 2 but I'm not sure how it is tagged on the Aruba MAS side).

What is the Native VLAN ID (PVID) on each logical aggregated interface (I would say that that VLAN ID gets "untagged")?

What are the permitted VLAN IDs on each logical aggregated interface (I would say that those VLAN IDs get "tagged")?

Hi,

In your Aruba MAS switches, you didn't specify the allowed vlans on your trunk

interface-profile switching-profile "trunk-all"
switchport-mode trunk
!

You should add "trunk allowed vlan <VLAN_ID>"  command

I allowed all , I am not sure why it wouldn't show up on the running config

But when I run show trunks I see it for port channel 0

----------------
Port Vlans Allowed Vlans Active Native Vlan
---- ------------- ------------ -----------
GE0/0/16 ALL 1-2 1
Pc0 ALL 1-2 1

Hi,

Did you check the mac-address table to make sure layer 2 connectivity is ok? Are you learning the mac-address on the right ports?

show mac-address-table vlan 2

Do you have by any chance firewall turned on the devices you are testing from?

Hello,

Thanks for your swift response . 

(aruba-lab) #show mac-address-table vlan 2

Total MAC address: 2
Learnt: 2, Static: 0, Auth: 0, Phone: 0, Sticky: 0

MAC Address Table
-----------------
MAC Address Address Type VLAN Interface
----------- ------------ ---- ---------
98:5a:eb:e2:22:9e Learned 0002 Pc0
a0:1e:0b:05:0b:0b Learned 0002 GE0/0/0

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GbE Family Controller
Physical Address. . . . . . . . . : A0-1E-0B-05-0B-0B
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b083:3801:4eb5:6b4b%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 195042827
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-25-EE-5C-5C-A0-1E-0B-05-0B-0B
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Even in juniper switch it knows where to forward

PC interface

en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=10b<RXCSUM,TXCSUM,VLAN_HWTAGGING,AV>
ether 98:5a:eb:e2:22:9e
inet6 fe80::c2e:c452:ea33:f26f%en0 prefixlen 64 secured scopeid 0x7
inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
nd6 options=201<PERFORMNUD,DAD>
media: autoselect (1000baseT <full-duplex,flow-control>)
status: active

root@juniper-lab# run show ethernet-switching table
Ethernet-switching table: 3 entries, 2 learned, 0 persistent entries
VLAN MAC address Type Age Interfaces
test * Flood - All-members
test 98:5a:eb:e2:22:9e Learn 0 ge-0/0/0.0
test a0:1e:0b:05:0b:0b Learn 57 ae0.0

Hi,

Can you verify the ARP table on the PCs using arp -a? Does PC1 learn the mac of PC2? Does PC2 learn the mac of PC1?

Are you sure there is no firewall on the PCs?