Wired Intelligent Edge

I am used to Aruba 29XX series switches but we are switching to Aruba 6XXX series as it seems the new 29XX are missing some of the features of their predecessors. I am working on replacing old Cisco 2960-S switches at a site (as they are physically failing) with Aruba 6100 but I have an odd issue where the switch is "accepting" vlans (particularly vlan 12 in the case of this site) but not passing them to the next switch.

General network layout:
Firewall
V
SW1-> SW2-> SW3
 \-> SW4-> SW5-> SW6-> SW7-> SW8-> SW9-> SW10

Voice router attaches to SW7 on VLANs 4 and 12 for either side of the router.

SW1, SW7, SW8, SW9, and SW10 are Aruba 2930
SW2, SW4, SW5, and SW6 are currently Cisco 2960-S and are nearly identical in config besides "description" and some have channel-group1/2 swapped.
SW3 is working fine as a Aruba 6100 and has nearly identical configs
SW5 replacement is not working.

SW5 replacement (nearly identical to SW3)

vlan 1
vlan 3
    name DMZ
vlan 4
    Server
vlan 12
    name Voice
    voice
vlan 101, 254
spanning-tree
spanning-tree config-name internal
spanning-tree config-revision 1
spanning-tree vlan 1,2,4,13,101,254
interface lag 1
    no shutdown
    vlan trunk native 1
    vlan trunk allowed all
    lacp mode active
    
interface lag 2
    no shutdown
    vlan trunk native 1
    vlan trunk allowed all
    lacp mode active

---------------------------

interface 1/1/44
    no shutdown
    vlan trunk native 4
    vlan trunk allowed all
interface 1/1/45
    no shutdown
    lag 2
interface 1/1/46
    no shutdown
    lag 2
interface 1/1/47
    no shutdown
    lag 1
interface 1/1/48
    no shutdown
    lag 1
    
---------------------------

interface vlan 1
    ip dhcp
interface vlan 4
    ip address 10.1.4.35/24
interface vlan 12

Cisco Catalyst 2960-S SW6:
`
spanning-tree mode mst
spanning-tree extend system-id
!
spanning-tree mst configuration
 name internal
 revision 1
 instance 1 vlan 1-4094

---------------------------

interface Port-channel1
 description Port Channel to SW5
!
interface Port-channel2
 description Port Channel to SW7

 
---------------------------

interface GigabitEthernet1/0/44
 switchport access vlan 4
 switchport mode access
 switchport voice vlan 12
 spanning-tree portfast
!
interface GigabitEthernet1/0/45
 description Port Channel to SW7
 switchport mode trunk
 channel-group 2 mode on
!
interface GigabitEthernet1/0/46
 description Port Channel to SW7
 switchport mode trunk
 channel-group 2 mode on
!
interface GigabitEthernet1/0/47
 description Port channel to SW5
 switchport mode trunk
 channel-group 1 mode on
!
interface GigabitEthernet1/0/48
 description Port channel to SW5
 switchport mode trunk
 channel-group 1 mode on

---------------------------

interface Vlan1
 ip address 10.1.0.4 255.255.255.0

After quite a bit of troubleshooting it seems the issue is that neither the Cisco or Aruba side seems to like having "vlan trunk allowed all" and wants the specific vlans in the command on both sides. Also there may or may not have been an extended issue with the Cisco which they dont always work with "channel-group 2 mode on" and prefer like "channel-group 2 mode active"

I am used to Aruba 29XX series switches but we are switching to Aruba 6XXX series as it seems the new 29XX are missing some of the features of their predecessors. I am working on replacing old Cisco 2960-S switches at a site (as they are physically failing) with Aruba 6100 but I have an odd issue where the switch is "accepting" vlans (particularly vlan 12 in the case of this site) but not passing them to the next switch.

General network layout:
Firewall
V
SW1-> SW2-> SW3
 \-> SW4-> SW5-> SW6-> SW7-> SW8-> SW9-> SW10

Voice router attaches to SW7 on VLANs 4 and 12 for either side of the router.

SW1, SW7, SW8, SW9, and SW10 are Aruba 2930
SW2, SW4, SW5, and SW6 are currently Cisco 2960-S and are nearly identical in config besides "description" and some have channel-group1/2 swapped.
SW3 is working fine as a Aruba 6100 and has nearly identical configs
SW5 replacement is not working.

SW5 replacement (nearly identical to SW3)

vlan 1
vlan 3
    name DMZ
vlan 4
    Server
vlan 12
    name Voice
    voice
vlan 101, 254
spanning-tree
spanning-tree config-name internal
spanning-tree config-revision 1
spanning-tree vlan 1,2,4,13,101,254
interface lag 1
    no shutdown
    vlan trunk native 1
    vlan trunk allowed all
    lacp mode active
    
interface lag 2
    no shutdown
    vlan trunk native 1
    vlan trunk allowed all
    lacp mode active

---------------------------

interface 1/1/44
    no shutdown
    vlan trunk native 4
    vlan trunk allowed all
interface 1/1/45
    no shutdown
    lag 2
interface 1/1/46
    no shutdown
    lag 2
interface 1/1/47
    no shutdown
    lag 1
interface 1/1/48
    no shutdown
    lag 1
    
---------------------------

interface vlan 1
    ip dhcp
interface vlan 4
    ip address 10.1.4.35/24
interface vlan 12

Cisco Catalyst 2960-S SW6:
`
spanning-tree mode mst
spanning-tree extend system-id
!
spanning-tree mst configuration
 name internal
 revision 1
 instance 1 vlan 1-4094

---------------------------

interface Port-channel1
 description Port Channel to SW5
!
interface Port-channel2
 description Port Channel to SW7

 
---------------------------

interface GigabitEthernet1/0/44
 switchport access vlan 4
 switchport mode access
 switchport voice vlan 12
 spanning-tree portfast
!
interface GigabitEthernet1/0/45
 description Port Channel to SW7
 switchport mode trunk
 channel-group 2 mode on
!
interface GigabitEthernet1/0/46
 description Port Channel to SW7
 switchport mode trunk
 channel-group 2 mode on
!
interface GigabitEthernet1/0/47
 description Port channel to SW5
 switchport mode trunk
 channel-group 1 mode on
!
interface GigabitEthernet1/0/48
 description Port channel to SW5
 switchport mode trunk
 channel-group 1 mode on

---------------------------

interface Vlan1
 ip address 10.1.0.4 255.255.255.0

Well, not sure whether "vlan trunk allowed all" is really the problem here. I did a lot of migrations in the past and never had issues with that. However, I prefer having an explicit list of vlans defined on the links rather than a dynamic list of vlans. 

Moreover, I wouln't say there is issues regarding port-channel mode with Cisco. It's simply that you should have the same config on both sides. Cisco's "channel-group mode on" means no negitiation or in other words static. This should be configured as "lag XX static" on Aruba side and will post probably work. If LACP is prefered (which it should), use "channel-group mode active/passive" on Cisco side and "lacp mode active" on Aruba side and it will again most probably work. If "channel-group mode auto/desired" is on Cisco side, you will never find an Aruba switch form a link-aggregation as this uses PAgP protocol (Cisco proprietary). 

After quite a bit of troubleshooting it seems the issue is that neither the Cisco or Aruba side seems to like having "vlan trunk allowed all" and wants the specific vlans in the command on both sides. Also there may or may not have been an extended issue with the Cisco which they dont always work with "channel-group 2 mode on" and prefer like "channel-group 2 mode active"

I am used to Aruba 29XX series switches but we are switching to Aruba 6XXX series as it seems the new 29XX are missing some of the features of their predecessors. I am working on replacing old Cisco 2960-S switches at a site (as they are physically failing) with Aruba 6100 but I have an odd issue where the switch is "accepting" vlans (particularly vlan 12 in the case of this site) but not passing them to the next switch.

General network layout:
Firewall
V
SW1-> SW2-> SW3
 \-> SW4-> SW5-> SW6-> SW7-> SW8-> SW9-> SW10

Voice router attaches to SW7 on VLANs 4 and 12 for either side of the router.

SW1, SW7, SW8, SW9, and SW10 are Aruba 2930
SW2, SW4, SW5, and SW6 are currently Cisco 2960-S and are nearly identical in config besides "description" and some have channel-group1/2 swapped.
SW3 is working fine as a Aruba 6100 and has nearly identical configs
SW5 replacement is not working.

SW5 replacement (nearly identical to SW3)

vlan 1
vlan 3
    name DMZ
vlan 4
    Server
vlan 12
    name Voice
    voice
vlan 101, 254
spanning-tree
spanning-tree config-name internal
spanning-tree config-revision 1
spanning-tree vlan 1,2,4,13,101,254
interface lag 1
    no shutdown
    vlan trunk native 1
    vlan trunk allowed all
    lacp mode active
    
interface lag 2
    no shutdown
    vlan trunk native 1
    vlan trunk allowed all
    lacp mode active

---------------------------

interface 1/1/44
    no shutdown
    vlan trunk native 4
    vlan trunk allowed all
interface 1/1/45
    no shutdown
    lag 2
interface 1/1/46
    no shutdown
    lag 2
interface 1/1/47
    no shutdown
    lag 1
interface 1/1/48
    no shutdown
    lag 1
    
---------------------------

interface vlan 1
    ip dhcp
interface vlan 4
    ip address 10.1.4.35/24
interface vlan 12

Cisco Catalyst 2960-S SW6:
`
spanning-tree mode mst
spanning-tree extend system-id
!
spanning-tree mst configuration
 name internal
 revision 1
 instance 1 vlan 1-4094

---------------------------

interface Port-channel1
 description Port Channel to SW5
!
interface Port-channel2
 description Port Channel to SW7

 
---------------------------

interface GigabitEthernet1/0/44
 switchport access vlan 4
 switchport mode access
 switchport voice vlan 12
 spanning-tree portfast
!
interface GigabitEthernet1/0/45
 description Port Channel to SW7
 switchport mode trunk
 channel-group 2 mode on
!
interface GigabitEthernet1/0/46
 description Port Channel to SW7
 switchport mode trunk
 channel-group 2 mode on
!
interface GigabitEthernet1/0/47
 description Port channel to SW5
 switchport mode trunk
 channel-group 1 mode on
!
interface GigabitEthernet1/0/48
 description Port channel to SW5
 switchport mode trunk
 channel-group 1 mode on

---------------------------

interface Vlan1
 ip address 10.1.0.4 255.255.255.0