i agree with all the opinios i opened a case in Aruba but take to long to answer, as you reques the sh run | begin vrrp thi is the ouput
(Aruba3200-US) #show running-config | begin vrrp
Building Configuration...
(Aruba3200-US) #
I will explain more and sorry for my english but i will write as best i can, ok? I ATTACHED AND IMAGE of the phisical configuration.
The network are working fine with only one controller the 3400, i create a VRRP instances in this controller :
vrrp 1
priority 120
authentication c0L1M4n&
ip address 192.168.170.2
description "Preferred-Master"
vlan 170
tracking master-up-time 30 add 20
no shutdown
The firewall fortinet it faces to the internet and this dude is made the NAT form the public ip to the interla IP of the VRRP IP 192.168.170.2, from here everithink is ok
This Aruba3400 is in trunk in the interface GigE:
interface gigabitethernet 1/0
description "GE1/0"
trusted
trusted vlan 1-4094
switchport mode trunk
switchport trunk allowed vlan 10,20,30,40,50,60,70,80,90,100-101,110,150,170
!
(Aruba3400) #show ip interface br
Interface IP Address / IP Netmask Admin Protocol
vlan 1 172.16.0.254 / 255.255.255.0 up down
vlan 170 192.168.170.1 / 255.255.255.0 up up
vlan 100 unassigned / unassigned up up
vlan 101 unassigned / unassigned up up
vlan 10 unassigned / unassigned up up
vlan 20 unassigned / unassigned up up
vlan 30 unassigned / unassigned up up
vlan 40 unassigned / unassigned up up
vlan 50 unassigned / unassigned up up
vlan 60 unassigned / unassigned up up
vlan 70 unassigned / unassigned up up
vlan 80 unassigned / unassigned up up
vlan 90 unassigned / unassigned up up
vlan 110 unassigned / unassigned up up
vlan 150 192.168.150.1 / 255.255.255.0 up up
loopback 192.168.170.10 / 255.255.255.255 up up
mgmt unassigned / unassigned down down
This port is connected in trunk with the Cisco Siwtch SGE2000, and this swithc is in trunk in other port facing the fortinet, in the fortinet the customer create the sub interfaces. Each VLAN belong to each branch office we connect in the branch an RAP5WN from here all the network is working great!!! the customer is not using autentication all the ports of the RAP are trusted, authenticated allowall and tunnel mode
in the 3200 i create the same vlans number as the 3400 with no duplicate IP, only 2 VLANS have IP address the VLAN 170 for the VRRP and the VLAN 150 for the DHCP for the wireless users in case of the primary 3400 fails
3200
(Aruba3200-US) #show ip interface br
Interface IP Address / IP Netmask Admin Protocol
vlan 1 172.16.0.253 / 255.255.255.0 up up
vlan 170 192.168.170.110 / 255.255.255.0 up down
vlan 10 unassigned / unassigned up down
vlan 20 unassigned / unassigned up down
vlan 30 unassigned / unassigned up down
vlan 40 unassigned / unassigned up down
vlan 50 unassigned / unassigned up down
vlan 60 unassigned / unassigned up down
vlan 70 unassigned / unassigned up down
vlan 80 unassigned / unassigned up down
vlan 90 unassigned / unassigned up down
vlan 100 unassigned / unassigned up down
vlan 110 unassigned / unassigned up down
vlan 150 192.168.150.110 / 255.255.255.0 up down
vlan 101 unassigned / unassigned up down
loopback 192.168.170.11 / 255.255.255.255 up up
mgmt unassigned / unassigned down down
interface gigabitethernet 1/0
description "GE1/0"
trusted
trusted vlan 1-4094
switchport mode trunk
switchport trunk allowed vlan 10,20,30,40,50,60,70,80,90,100-101,110,150,170
The connection betwenn cisco switches are in trunks with the sames VLANS i mentioned in this post......
A Im clear wtih my writing?
:)