Wireless Access

Hello Airheads;

I've been struggling to setup a new Aruba 7030 in my school enviroment. I've spent the better part of two days on what I'm sure is going to amount to something trivial, but as of yet its not obvious to me.

Ultimately I want my controller on my Management VLAN (ex: VLAN-1), my APs on another (VLAN-2), and my users on their own VLAN (VLAN-3). My controller currently has GE0/0/0 connected to my switch, and planned to put this on a untagged VLAN1 port on my switch. GE0/0/4-7 I planned to create an LACP bond with VLAN2-VLAN4  ( I would *like* to have my SSID's on different VLANS to set different rules on my content filter ).

Please see the attached diagram. I have decided to start from scratch on a config, so I didn't post that. I am migrating from an Aruba Instant based system consisting of AP-105s.

If there is a better way, I'd love to learn.

Update 1: I now have my controller sorta working the way I want - I can manage it on the management VLAN, it has IPs in different subnets, and actually got it providing a WLAN on the desired VLAN. However, I cannot seem to get any kind of bonding via LACP or Trunk to work..

Here is the config from the 7030:

interface gigabitethernet 0/0/4
description "GE0/0/4"
trusted
trusted vlan 1-4094
switchport mode trunk
switchport trunk native vlan 20
switchport trunk allowed vlan 20
lacp timeout short
lacp group 0 mode active
!

interface gigabitethernet 0/0/5
description "GE0/0/5"
trusted
trusted vlan 1-4094
switchport mode trunk
switchport trunk native vlan 20
switchport trunk allowed vlan
lacp timeout short
lacp group 0 mode active
!

interface gigabitethernet 0/0/6
description "GE0/0/6"
trusted
trusted vlan 1-4094
switchport mode trunk
switchport trunk native vlan 20
switchport trunk allowed vlan
lacp timeout short
lacp group 0 mode active
!

interface gigabitethernet 0/0/7
description "GE0/0/7"
trusted
trusted vlan 1-4094
switchport mode trunk
switchport trunk native vlan 20
switchport trunk allowed vlan
lacp timeout short
lacp group 0 mode active
!

interface port-channel 0
trusted
trusted vlan 1-4094
switchport access vlan 20
switchport trunk native vlan 20
!

And from my HP 5406zl:

...

trunk D21-D24 trk6 lacp

( D21-D24 are connected to ports 0/0/4-0/0/7 on the Aruba 7030 )

...

vlan 20
name "AP"
untagged C3,C7,C11,D1,D13,D15-D16,E4,E12-E13,E16,Trk6
tagged A3-A6,B1-B22,B24,D11,E20,F21,Trk1,Trk5,Trk7-Trk8,Trk57-Trk58,Trk128-Trk129
ip address 10.17.64.1 255.255.224.0
ip helper-address 10.17.0.50
...

Update 2: So, I've given up on making LACP work. I made the 4 ports between the HP 5406zl and the Aruba 7030 into a regular trunk and stacked my VLANs on that.

For my wifi clients, it appears to be working just fine. However, from other hosts on my network, it comes and goes - I can ping the IP of the Aruba 7030 on the VLAN assigned to that trunk, and it just seems to come and go. I'm lost as to why.

Here is the updated relevant parts of my configuration:

HP 5406zl:

...

trunk D21-D24 trk6 trunk

...

ip routing

...
vlan 20
name "AP"
untagged C3,C7,C11,D1,D13,D15-D16,E4,E12-E13,E16
tagged A3-A6,B1-B22,B24,D11,E20,F21,Trk1,Trk5-Trk8,Trk57-Trk58,Trk128-Trk129
ip address 10.17.64.1 255.255.224.0
ip helper-address 10.17.0.50
!

vlan 62
name "Wifi Staff"
untagged E17
tagged F21,Trk5-Trk6
ip address 10.17.162.1 255.255.255.0
ip helper-address 10.17.0.50
!

Aruba 7030:

...

vlan 20

vlan-name AP
vlan AP 20

vlan 62

vlan-name Wifi_Staff
vlan Wifi_Staff 62

...

interface gigabitethernet 0/0/4
description "GE0/0/4"
trusted
trusted vlan 1-4094
no poe
!

interface gigabitethernet 0/0/5
description "GE0/0/5"
trusted
trusted vlan 1-4094
no poe
!

interface gigabitethernet 0/0/6
description "GE0/0/6"
trusted
trusted vlan 1-4094
no poe
!

interface gigabitethernet 0/0/7
description "GE0/0/7"
trusted
trusted vlan 1-4094
no poe
!

interface port-channel 0
add gigabitethernet 0/0/4
add gigabitethernet 0/0/5
add gigabitethernet 0/0/6
add gigabitethernet 0/0/7
trusted
trusted vlan 1,20,62
switchport mode trunk
switchport access vlan 20
switchport trunk allowed vlan 20,62
!

Is Spanning Tree running on the 5400 and/or 7030? If so, what does each device show the links between them to be operating as?

Are you able to see the LACP trunks on both sides?

From what you've described, it sounds like there is either some links in the channel that aren't active, or something causing links to come in and out of service leading to the dropped traffic.

When I was trying LACP, according to the console on both my switch and my controller, the links were active - I couldn't find any reason they weren't working. 

I didn't think of spanning tree, but here is what I have:

Aruba 7030:

(aruba-7030) [mynode] #show spantree

Spanning tree instance vlan 1
Designated Root MAC 00:18:fe:84:59:00
Designated Root Priority 32768
Root Cost 40000
Root Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec

Bridge MAC 20:4c:03:07:13:c0
Bridge Priority 32768
Configured Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec

Rapid Spanning Tree port configuration
--------------------------------------
Port State Cost Prio PortFast BpduGuard P-to-P Role
---- ----- ---- ---- -------- --------- ------ ----
GE 0/0/0 Discarding 20000 128 Disable Disable Enable Alternate
GE 0/0/1 Forwarding 20000 128 Disable Disable Enable Root
GE 0/0/2 Discarding 20000 128 Disable Disable Enable Disabled
GE 0/0/3 Discarding 20000 128 Disable Disable Enable Disabled
GE 0/0/4 Off 20000 128 Disable Disable Enable Disabled
GE 0/0/5 Off 20000 128 Disable Disable Enable Disabled
GE 0/0/6 Off 20000 128 Disable Disable Enable Disabled
GE 0/0/7 Off 20000 128 Disable Disable Enable Disabled
Pc 0 Discarding 20000 128 Disable Disable Enable Alternate
Pc 1 Discarding 2000000 128 Disable Disable Enable Disabled
Pc 2 Discarding 2000000 128 Disable Disable Enable Disabled
Pc 3 Discarding 2000000 128 Disable Disable Enable Disabled
Pc 4 Discarding 2000000 128 Disable Disable Enable Disabled
Pc 5 Discarding 2000000 128 Disable Disable Enable Disabled
Pc 6 Discarding 2000000 128 Disable Disable Enable Disabled
Pc 7 Discarding 2000000 128 Disable Disable Enable Disabled

(aruba-7030) [mynode] #show spantree vlan 20
Spanning-Tree is disabled

HP 5406zl:

mdf-hp-5406zl-0(config)# show spanning-tree

Multiple Spanning Tree (MST) Information

STP Enabled : Yes
Force Version : MSTP-operation
IST Mapped VLANs : 1-4094
Switch MAC Address : d4c9ef-944900
Switch Priority : 32768
Max Age : 20
Max Hops : 20
Forward Delay : 15

Topology Change Count : 1035
Time Since Last Change : 2 hours

CST Root MAC Address : 0018fe-845900
CST Root Priority : 32768
CST Root Path Cost : 20000
CST Root Port : B1

IST Regional Root MAC Address : d4c9ef-944900
IST Regional Root Priority : 32768
IST Regional Root Path Cost : 0
IST Remaining Hops : 20

Root Guard Ports :
Loop Guard Ports :
TCN Guard Ports :
BPDU Protected Ports :
BPDU Filtered Ports :
PVST Protected Ports :
PVST Filtered Ports :

Root Inconsistent Ports :
Loop Inconsistent Ports :

| Prio | Designated Hello
Port Type | Cost rity State | Bridge Time PtP Edge
------ ---------- + --------- ---- ------------ + ------------- ---- --- ----

...

Trk6 | 20000 64 Forwarding | d4c9ef-944900 2 Yes No

...

Do I need to explictly enable spanning tree on the Aruba for that VLAN?

---

@joshvogelgesangwrote:

I didn't think of spanning tree, but here is what I have:

Aruba 7030:

(aruba-7030) [mynode] #show spantree

Spanning tree instance vlan 1
Designated Root MAC 00:18:fe:84:59:00
Designated Root Priority 32768
Root Cost 40000
Root Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec

Bridge MAC 20:4c:03:07:13:c0
Bridge Priority 32768
Configured Max Age 20 sec Hello Time 2 sec Forward Delay 15 sec

Rapid Spanning Tree port configuration
--------------------------------------
Port State Cost Prio PortFast BpduGuard P-to-P Role
---- ----- ---- ---- -------- --------- ------ ----
GE 0/0/0 Discarding 20000 128 Disable Disable Enable Alternate
GE 0/0/1 Forwarding 20000 128 Disable Disable Enable Root
GE 0/0/2 Discarding 20000 128 Disable Disable Enable Disabled
GE 0/0/3 Discarding 20000 128 Disable Disable Enable Disabled
GE 0/0/4 Off 20000 128 Disable Disable Enable Disabled
GE 0/0/5 Off 20000 128 Disable Disable Enable Disabled
GE 0/0/6 Off 20000 128 Disable Disable Enable Disabled
GE 0/0/7 Off 20000 128 Disable Disable Enable Disabled
Pc 0 Discarding 20000 128 Disable Disable Enable Alternate
Pc 1 Discarding 2000000 128 Disable Disable Enable Disabled
Pc 2 Discarding 2000000 128 Disable Disable Enable Disabled
Pc 3 Discarding 2000000 128 Disable Disable Enable Disabled
Pc 4 Discarding 2000000 128 Disable Disable Enable Disabled
Pc 5 Discarding 2000000 128 Disable Disable Enable Disabled
Pc 6 Discarding 2000000 128 Disable Disable Enable Disabled
Pc 7 Discarding 2000000 128 Disable Disable Enable Disabled

(aruba-7030) [mynode] #show spantree vlan 20
Spanning-Tree is disabled

 

HP 5406zl:

mdf-hp-5406zl-0(config)# show spanning-tree

Multiple Spanning Tree (MST) Information

STP Enabled : Yes
Force Version : MSTP-operation
IST Mapped VLANs : 1-4094
Switch MAC Address : d4c9ef-944900
Switch Priority : 32768
Max Age : 20
Max Hops : 20
Forward Delay : 15

Topology Change Count : 1035
Time Since Last Change : 2 hours

CST Root MAC Address : 0018fe-845900
CST Root Priority : 32768
CST Root Path Cost : 20000
CST Root Port : B1

IST Regional Root MAC Address : d4c9ef-944900
IST Regional Root Priority : 32768
IST Regional Root Path Cost : 0
IST Remaining Hops : 20

Root Guard Ports :
Loop Guard Ports :
TCN Guard Ports :
BPDU Protected Ports :
BPDU Filtered Ports :
PVST Protected Ports :
PVST Filtered Ports :

Root Inconsistent Ports :
Loop Inconsistent Ports :

| Prio | Designated Hello
Port Type | Cost rity State | Bridge Time PtP Edge
------ ---------- + --------- ---- ------------ + ------------- ---- --- ----

...

Trk6 | 20000 64 Forwarding | d4c9ef-944900 2 Yes No

...

 

Do I need to explictly enable spanning tree on the Aruba for that VLAN?

---

The 7030 shows STP is forwarding on Gig0/0/1, which from your previous documentation I believe is your mgmt interface, correct? It also shows as discarding on the port channel.

There might be an STP mismatch here, with the 7030 running RSTP and the 5400 running MST.

I suspect that what's happening here is that since there is one spanning tree instance, the port channel and the single mgmt interface between the 7030 and 5400 are being treated as a loop, and consequently getting blocked. I would either move the mgmt vlan into the port channel rather than have it as it's own unique interface, or possibly disconnect the mgmt interface for quick testing to see if the port channel transitions to the forwarding state.

I don't know that I fully grasp the implications of MSTP/RSTP/STP, or in other words, whats involved in switching from MSTP to RSTP, as it appears the Aruba supports just RSTP or RSTP-PVST. 

That being said, I have disabled the other interfaces, so now there is just the portchannel-0. However everything appears to be in the discarding state, and I do not know how to change that.

(aruba-7030) [mynode] #show spantree enable

Rapid Spanning Tree port configuration
--------------------------------------
Port State Cost Prio PortFast BpduGuard P-to-P Role
---- ----- ---- ---- -------- --------- ------ ----
GE 0/0/0 Discarding 20000 128 Disable Disable Enable Disabled
GE 0/0/1 Discarding 20000 128 Disable Disable Enable Disabled
GE 0/0/2 Discarding 20000 128 Disable Disable Enable Disabled
GE 0/0/3 Discarding 20000 128 Disable Disable Enable Disabled
Pc 1 Discarding 2000000 128 Disable Disable Enable Disabled
Pc 2 Discarding 2000000 128 Disable Disable Enable Disabled
Pc 3 Discarding 2000000 128 Disable Disable Enable Disabled
Pc 4 Discarding 2000000 128 Disable Disable Enable Disabled
Pc 5 Discarding 2000000 128 Disable Disable Enable Disabled
Pc 6 Discarding 2000000 128 Disable Disable Enable Disabled
Pc 7 Discarding 2000000 128 Disable Disable Enable Disabled

I do believe that you may be correct - that STP may be my issue, but I don't know what I need to do to make the 5406 and the Aruba play nicely. I suppose I could dump the rest of the trunk and just use one interface.... but that seems like a bad solution.

I will try that... I'm assuming the procedure is as follows?

(config) #spanning-tree
(spanning-tree) #no mode
(spanning-tree) #exit

Thank you btw

---

@joshvogelgesangwrote:

I will try that... I'm assuming the procedure is as follows?

 

(config) #spanning-tree
(spanning-tree) #no mode
(spanning-tree) #exit

 

Thank you btw

---

To disable spanning-tree, simply:

(config) #no spanning-tree

(config) #exit

You can confirm spanning-tree is disabled with the command "show spanning-tree". The response should be "Spanning-Tree is disabled".

Done. I'll do some more testing on it as the day goes on, and post the results. In the meantime, thank you very much. I know this is probably the wrong forum to ask, but is moving to RSTP better in the long run? I don't have a large network ( 18 switches, almost all HPE YL or ZL series ); I'd imagine I'd start at the farthest switches and move inward toward the MDF.

With Spanning-Tree, it's finding a version that is supported across all of the network devices that need to speak it. MST is backwards compatible with RSTP, but does depend on some configuration to ensure that compatibility. At this point, my suggestion to disable STP on the 7030 was just to eliminate or identify STP as the problem source, in order to move forward with getting this working.

So after a few days of testing, disabling STP and moving management and access to a trunk port group solved my issue. Thank you cclemmer!!!