When I look quickly, I don't see NAT configured on the S2500.. there is too much configuration to do a full comparison between the two configs, but high-level many things like VLAN and VLAN interfaces look similar. I would move out routing from the switch as much as possible in a network with just a few switches, let the gateway/router do the routing between VLANs, as well NAT towards the internet.
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Feb 08, 2024 03:56 PM
From: dudeman
Subject: Set up Comcast EDI on Aruba 6200F
Thanks, Herman.
I have not set it up on the S2500. The switch is EOL and starting to
lose connectivity on ports 1-24. The 6200 is new.
Original Message:
Sent: 2/8/2024 10:27:00 AM
From: Herman Robers
Subject: RE: Set up Comcast EDI on Aruba 6200F
Does it work already with the S2500 switch, and do you need to move that to the 6200? Or are both switches new?
The 6200 will not to NAT, and normally you do NAT on the gateway/router instead of on the switch.
You probably should connect that Comcast device to your UDMPRO in some way. Not sure if it supports multiple uplinks, and if you want to replace the current internet connection or have them in parallel. In either case you probably should not route this on your switch but let the switch do L2 connectivity and a router/gateway handle the L3 routing/NAT. Having multiple internet connections can be quite challenging from a routing/failover perspective, but your switches will probably not play a role in here (in this type of deployment).
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Feb 07, 2024 06:40 PM
From: dudeman
Subject: Set up Comcast EDI on Aruba 6200F
Hi,
I've just recently become responsible for maintaining the company network and am trying to set up Comcast EDI on a 2500 Mobility Access Switch and then migrate to a HPE Aruba CX 6200F. The gateway router is a Ubiquiti UDMPRO. I am reading the fundamentals guide and reviewing comcast information, trying to understand how I can set up a NAT on both switches and I am at a loss for how to proceed. I have verified the link is active by plugging a laptop to the comcast port and configuring the laptop interface with the WAN Block IP address, netmask and gateway. TIA.
The Comcast information is below.
|
Customer Layer 3 IP Information (WAN Block) | Customer Usable IP Information (LAN Block) |
Link IP Address: | 50.xx.xx.0/30 | Usable IP Block: | 50.xx.xx.44/29 |
Gateway: | 50.xx.xx.1 | Usable IP Ranges: | 50.xx.xx.45-50.xx.xx.50 |
Layer 3 IP: | 50.xx.xx.2 | Usable Subnet Mask: | 255.255.255.248 |
Layer 3 Subnet Mask: | 255.255.255.252 | Usable IPv6 Block: | N/A |
The configuration for the mobility switch
# ArubaOS Version 7.4
version 7.4
enable secret "******"
enable bypass
hostname "main"
clock timezone PST -8
controller config 1
ip access-list eth validuserethacl
permit any
!
netservice svc-dhcp udp 67 68
netservice svc-dns udp 53
netservice svc-ftp tcp 21
netservice svc-h323-tcp tcp 1720
netservice svc-h323-udp udp 1718 1719
netservice svc-http tcp 80
netservice svc-https tcp 443
netservice svc-icmp 1
netservice svc-kerberos udp 88
netservice svc-natt udp 4500
netservice svc-ntp udp 123
netservice svc-sip-tcp tcp 5060
netservice svc-sip-udp udp 5060
netservice svc-sips tcp 5061
netservice svc-smtp tcp 25
netservice svc-ssh tcp 22
netservice svc-telnet tcp 23
netservice svc-tftp udp 69
netservice svc-vocera udp 5002
ip access-list stateless allowall-stateless
any any any permit
!
ip access-list stateless cplogout-stateless
user alias controller sys-svc-https dst-nat 8081
!
ip access-list stateless dhcp-acl-stateless
any any svc-dhcp permit
!
ip access-list stateless dns-acl-stateless
any any svc-dns permit
!
ip access-list stateless http-acl-stateless
any any svc-http permit
!
ip access-list stateless https-acl-stateless
any any svc-https permit
!
ip access-list stateless icmp-acl-stateless
any any svc-icmp permit
!
ip access-list stateless logon-control-stateless
any any svc-icmp permit
any any svc-dns permit
any any svc-dhcp permit
any any svc-natt permit
!
ip access-list session validuser
network 169.254.0.0 255.255.0.0 any any deny
any any any permit
!
user-role authenticated
access-list stateless allowall-stateless
!
user-role denyall
!
user-role denydhcp
!
user-role guest
access-list stateless http-acl-stateless
access-list stateless https-acl-stateless
access-list stateless dhcp-acl-stateless
access-list stateless icmp-acl-stateless
access-list stateless dns-acl-stateless
!
user-role logon
access-list stateless logon-control-stateless
!
user-role preauth
!
!
crypto ipsec transform-set default-boc-bm-transform esp-aes256 esp-sha-hmac
crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac
mgmt-user ntwrkadmin root XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
no firewall prohibit-ip-spoofing
firewall disable-stateful-sip-processing
firewall disable-stateful-h323-processing
firewall disable-stateful-sccp-processing
!
ip domain lookup
!
aaa authentication mac "default"
!
aaa authentication dot1x "default"
!
aaa server-group "default"
auth-server Internal
set role condition role value-of
!
aaa profile "default"
!
aaa authentication captive-portal "default"
!
aaa authentication vpn "default"
!
aaa authentication mgmt
!
aaa authentication wired
!
web-server
!
papi-security
!
aaa password-policy mgmt
!
traceoptions
!
probe-profile "default"
protocol icmp
!
qos-profile "default"
!
policer-profile "default"
!
ip-profile
default-gateway 172.16.1.1
route 172.16.18.0 255.255.255.0 172.16.4.10 0
route 172.16.21.0 255.255.255.0 172.16.4.10 0
controller-ip vlan 1
!
lcd-menu
!
interface-profile ospf-profile "default"
area 0.0.0.0
!
interface-profile pim-profile "default"
!
interface-profile igmp-profile "default"
!
stack-profile
!
ipv6-profile
!
activate-service-firmware
!
aruba-central
!
rogue-ap-containment
!
interface-profile switching-profile "default"
access-vlan 8
!
interface-profile switching-profile "trunk"
switchport-mode trunk
trunk allowed vlan 1-1999
!
interface-profile switching-profile "trunk-with-wan"
switchport-mode trunk
!
interface-profile switching-profile "wan-primary"
access-vlan 4002
!
interface-profile switching-profile "wan-comcast"
access-vlan 4007
!
interface-profile switching-profile "wan-old-primary"
access-vlan 4004
!
interface-profile switching-profile "wan-secondary"
access-vlan 4001
!
interface-profile switching-profile "wan-mobile"
access-vlan 4006
!
interface-profile poe-profile "default"
enable
!
interface-profile poe-profile "poe-factory-initial"
enable
!
interface-profile enet-link-profile "default"
!
interface-profile lldp-profile "default"
!
interface-profile lldp-profile "lldp-factory-initial"
lldp transmit
lldp receive
!
interface-profile mstp-profile "default"
!
interface-profile pvst-port-profile "default"
!
vlan-profile dhcp-snooping-profile "default"
!
vlan-profile mld-snooping-profile "default"
!
vlan-profile igmp-snooping-profile "default"
!
vlan-profile igmp-snooping-profile "igmp-snooping-factory-initial"
!
spanning-tree
mode mstp
!
gvrp
!
mstp
!
lacp
!
vlan "1"
description "Management"
!
vlan "4"
description "DC"
!
vlan "5"
description "Clients"
!
vlan "8"
description "OOO"
!
vlan "9"
description "IOT"
!
vlan "4001"
description "WAN Secondary"
!
vlan "4002"
description "WAN Primary"
!
vlan "4003"
description "WAN via gw"
!
vlan "4004"
description "WAN old Primary"
!
vlan "4006"
description "WAN Mobile"
!
vlan "4007"
description "WAN Comcast"
!
interface gigabitethernet "0/0/24"
switching-profile "trunk"
!
interface gigabitethernet "0/0/25"
switching-profile "trunk"
!
interface gigabitethernet "0/0/26"
switching-profile "trunk"
!
interface gigabitethernet "0/0/27"
switching-profile "trunk"
!
interface gigabitethernet "0/0/28"
switching-profile "trunk"
!
interface gigabitethernet "0/0/29"
switching-profile "trunk"
!
interface gigabitethernet "0/0/30"
switching-profile "trunk"
!
interface gigabitethernet "0/0/31"
switching-profile "trunk"
!
interface gigabitethernet "0/0/32"
switching-profile "trunk"
!
interface gigabitethernet "0/0/33"
switching-profile "trunk"
!
interface gigabitethernet "0/0/34"
switching-profile "trunk"
!
interface gigabitethernet "0/0/35"
switching-profile "trunk"
!
interface gigabitethernet "0/0/36"
switching-profile "trunk"
!
interface gigabitethernet "0/0/37"
switching-profile "trunk"
!
interface gigabitethernet "0/0/38"
switching-profile "trunk"
!
interface gigabitethernet "0/0/39"
switching-profile "wan-comcast"
!
interface gigabitethernet "0/0/40"
switching-profile "trunk-with-wan"
!
interface gigabitethernet "0/0/41"
switching-profile "wan-mobile"
!
interface gigabitethernet "0/0/42"
switching-profile "trunk-with-wan"
!
interface gigabitethernet "0/0/43"
switching-profile "wan-old-primary"
!
interface gigabitethernet "0/0/44"
switching-profile "trunk-with-wan"
!
interface gigabitethernet "0/0/45"
switching-profile "wan-primary"
!
interface gigabitethernet "0/0/46"
switching-profile "trunk-with-wan"
!
interface gigabitethernet "0/0/47"
switching-profile "wan-secondary"
!
interface gigabitethernet "0/1/0"
switching-profile "trunk"
!
interface gigabitethernet "0/1/1"
switching-profile "trunk-with-wan"
!
interface gigabitethernet "0/1/2"
switching-profile "trunk"
!
interface gigabitethernet "0/1/3"
switching-profile "trunk"
!
interface vlan "1"
ip address 172.16.1.2 255.255.255.0
!
interface mgmt
ip address 10.0.0.1 255.255.255.0
!
device-group ap
!
interface-group gigabitethernet "default"
apply-to ALL
lldp-profile "lldp-factory-initial"
poe-profile "poe-factory-initial"
!
snmp-server community Zer0t0uchpr0visi0ning view ALL
snmp-server view ALL oid-tree iso included
snmp-server group ALLPRIV v1 read ALL notify ALL
snmp-server group ALLPRIV v2c read ALL notify ALL
snmp-server group ALLPRIV v3 noauth read ALL notify ALL
snmp-server group AUTHPRIV v3 priv read ALL notify ALL
snmp-server group AUTHNOPRIV v3 auth read ALL notify ALL
snmp-server group Zer0t0uchpr0visi0ning v1 read ALL
snmp-server group Zer0t0uchpr0visi0ning v2c read ALL
snmp-server enable trap
process monitor log
end
Configuration for the 6200F
!Version ArubaOS-CX ML.10.10
!export-password: default
hostname sw1
banner motd !
sw1!
user ntwrkadmin group administrators password ciphertext XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
!
!
!
!
!
!
ssh server vrf default
ssh server vrf mgmt
vsf member 1
type jl727a
system internal-vlan-range 3000-3051
vlan 1
vlan 4
name Datacenter Tunnel
vlan 5
name Clients
vlan 8
name OOO
vlan 9
name IOT
vlan 4001
name WAN Secondary
vlan 4002
name WAN Primary
vlan 4003
name WAN via gw
vlan 4004
name WAN Old Primary
vlan 4006
name WAN Mobile
vlan 4007
name WAN Comcast
spanning-tree
interface mgmt
no shutdown
ip dhcp
qos dscp-map 0 local-priority 0
qos dscp-map 1 local-priority 0
qos dscp-map 2 local-priority 0
qos dscp-map 3 local-priority 0
qos dscp-map 4 local-priority 0
qos dscp-map 5 local-priority 0
qos dscp-map 6 local-priority 0
qos dscp-map 7 local-priority 0
qos dscp-map 8 local-priority 1
qos dscp-map 9 local-priority 1
qos dscp-map 10 local-priority 1
qos dscp-map 11 local-priority 1
qos dscp-map 12 local-priority 1
qos dscp-map 13 local-priority 1
qos dscp-map 14 local-priority 1
qos dscp-map 15 local-priority 1
interface 1/1/1
no shutdown
no routing
vlan access 8
interface 1/1/2
no shutdown
no routing
vlan access 8
interface 1/1/3
no shutdown
no routing
vlan access 8
interface 1/1/4
no shutdown
no routing
vlan access 8
interface 1/1/5
no shutdown
no routing
vlan access 8
interface 1/1/6
no shutdown
no routing
vlan access 8
interface 1/1/7
no shutdown
no routing
vlan access 8
interface 1/1/8
no shutdown
no routing
vlan access 8
interface 1/1/9
no shutdown
no routing
vlan access 8
interface 1/1/10
no shutdown
no routing
vlan access 8
interface 1/1/11
no shutdown
no routing
vlan access 8
interface 1/1/12
no shutdown
no routing
vlan access 8
interface 1/1/13
no shutdown
no routing
vlan access 8
interface 1/1/14
no shutdown
no routing
vlan access 8
interface 1/1/15
no shutdown
no routing
vlan access 8
interface 1/1/16
no shutdown
no routing
vlan access 8
interface 1/1/17
no shutdown
no routing
vlan access 8
interface 1/1/18
no shutdown
no routing
vlan access 8
interface 1/1/19
no shutdown
no routing
vlan access 8
interface 1/1/20
no shutdown
no routing
vlan access 8
interface 1/1/21
no shutdown
no routing
vlan access 8
interface 1/1/22
no shutdown
no routing
vlan access 8
interface 1/1/23
no shutdown
no routing
vlan access 8
interface 1/1/24
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 1,4-5,8-9
interface 1/1/25
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 1,4-5,8-9
interface 1/1/26
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 1,4-5,8-9
interface 1/1/27
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 1,4-5,8-9
interface 1/1/28
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 1,4-5,8-9
interface 1/1/29
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 1,4-5,8-9
interface 1/1/30
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 1,4-5,8-9
interface 1/1/31
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 1,4-5,8-9
interface 1/1/32
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 1,4-5,8-9
interface 1/1/33
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 1,4-5,8-9
interface 1/1/34
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 1,4-5,8-9
interface 1/1/35
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 1,4-5,8-9
interface 1/1/36
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 1,4-5,8-9
interface 1/1/37
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 1,4-5,8-9
interface 1/1/38
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 1,4-5,8-9
interface 1/1/39
description WAN Comcast Port1
no shutdown
routing
ip address 50.xx.xx.2/30
interface 1/1/40
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 1,4-5,8-9,4001-4004,4006-4007
interface 1/1/41
description WAN Mobile
no shutdown
no routing
vlan access 4006
interface 1/1/42
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 1,4-5,8-9,4001-4004,4006-4007
interface 1/1/43
description WAN old Primary port5
no shutdown
no routing
vlan access 4004
interface 1/1/44
description Port10 UDMPRO
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 1,4-5,8-9,4001-4004,4006-4007
interface 1/1/45
description WAN Primary Port6
no shutdown
no routing
vlan access 4002
interface 1/1/46
description Port9 UDMPRO
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 1,4-5,8-9,4001-4004,4006-4007
interface 1/1/47
description Secondary
no shutdown
no routing
vlan access 4001
interface 1/1/48
no shutdown
no routing
vlan access 1
interface 1/1/49
description sw2
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 1,4-5,8-9
interface 1/1/50
description ssw
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 1,4-5,8-9,4001-4004,4006-4007
interface 1/1/51
description sw
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 1,4-5,8-9
interface 1/1/52
description Port11 UDMRO
no shutdown
no routing
vlan trunk native 1
vlan trunk allowed 1,4-5,8-9
interface vlan 1
description Management
interface vlan 4
description DC
interface vlan 5
description Clients
interface vlan 8
description OOO
interface vlan 9
description IOT
interface vlan 4001
description WAN Secondary
interface vlan 4002
description WAN Primary
interface vlan 4003
description WAN via gw
interface vlan 4004
description WAN old Primary
interface vlan 4006
description WAN Mobile
interface vlan 4007
description WAN Comcast
ip address 50.xx.xx.44/29
ip route 0.0.0.0/0 172.16.1.1
ip route 50.xx.xx.0/30 50.xx.xx.1
ip route 172.16.17.0/24 172.16.4.10
ip route 172.16.21.0/24 172.16.4.10
ip dns domain-name corp.company.com
ip dns domain-list company.com
ip dns domain-list company.com
ip dns server-address 172.16.8.1
ip dns server-address 172.16.4.10
!
!
!
!
!
https-server vrf default
https-server vrf mgmt