Wired Intelligent Edge

 View Only
last person joined: yesterday 

Bring performance and reliability to your network with the HPE Aruba Networking Core, Aggregation, and Access layer switches. Discuss the latest features and functionality of your switching devices, and find ways to improve security across your network to bring together a mobile-first solution
Back to discussions
Expand all | Collapse all

Struggling with an odd issue with three aruba switches, 1-6200 and 2- cx 8320's

This thread has been viewed 16 times

  • 1.  Struggling with an odd issue with three aruba switches, 1-6200 and 2- cx 8320's

    Posted Feb 22, 2024 04:16 PM

    So i've got a "core" switch that is the 1gb with 4 sfp port 6200 and two 10gb cx8320 switches.  Both 8320s have 10gb trunk ports to the 10gb ports on the 6200.   Here's where things get weird.  One of the cx8320's is communicating just fine, no issues at all.  The other 8320 (which houses vmware VMs on default vlan 1), I can ping from my laptop plugged into to the 6200 without issue, however that's the only communication I can achieve with the devices on that 8320.   The other is receiving data through the firewall without issue.  I've set ip routes on both the problematic 8320 and 6200 "core", including making that the ip address of vlan 1 without any success.  Here's my core config, I'm about at the end of my rope with this one, someone please help!


    drcore# show run
    Current configuration:
    !
    !Version ArubaOS-CX ML.10.10.1090
    !export-password: default
    hostname drcore
    user admin group administrators password ciphertext 
    !
    !
    !
    !
    !
    !
    ssh server vrf default
    ssh server vrf mgmt
    vsf member 1
        type jl726a
    system internal-vlan-range 2-3
    vlan 1,20,30,110-122,140-142
    spanning-tree
    interface mgmt
        no shutdown
        ip static 10.100.1.35/22
        default-gateway 10.100.0.1
    interface 1/1/1
        description To DR440a
        no shutdown
        no routing
        vlan trunk native 1
        vlan trunk allowed all
    interface 1/1/2
        description To DR440b
        no shutdown
        no routing
        vlan trunk native 1
        vlan trunk allowed all
    interface 1/1/3
        description dr440a test
        no shutdown
        no routing
        vlan trunk native 1
        vlan trunk allowed 20,30,110-122,140-142
    interface 1/1/4
        no shutdown
        no routing
        vlan access 1
    interface 1/1/5
        no shutdown
        no routing
        vlan access 1
    interface 1/1/6
        no shutdown
        no routing
        vlan access 1
    interface 1/1/7
        no shutdown
        no routing
        vlan access 1
    interface 1/1/8
        no shutdown
        no routing
        vlan access 1
    interface 1/1/9
        no shutdown
        no routing
        vlan access 1
    interface 1/1/10
        no shutdown
        no routing
        vlan access 1
    interface 1/1/11
        no shutdown
        no routing
        vlan access 1
    interface 1/1/12
        no shutdown
        no routing
        vlan access 1
    interface 1/1/13
        no shutdown
        no routing
        vlan access 1
    interface 1/1/14
        no shutdown
        no routing
        vlan access 1
    interface 1/1/15
        no shutdown
        no routing
        vlan access 1
    interface 1/1/16
        no shutdown
        no routing
        vlan access 1
    interface 1/1/17
        no shutdown
        no routing
        vlan access 1
    interface 1/1/18
        no shutdown
        no routing
        vlan access 1
    interface 1/1/19
        no shutdown
        no routing
        vlan access 1
    interface 1/1/20
        no shutdown
        no routing
        vlan access 1
    interface 1/1/21
        no shutdown
        no routing
        vlan access 1
    interface 1/1/22
        no shutdown
        no routing
        vlan access 1
    interface 1/1/23
        no shutdown
        no routing
        vlan access 1
    interface 1/1/24
        no shutdown
        no routing
        vlan access 1
    interface 1/1/25
        no shutdown
        no routing
        vlan access 1
    interface 1/1/26
        no shutdown
        no routing
        vlan access 1
    interface 1/1/27
        no shutdown
        no routing
        vlan access 1
    interface 1/1/28
        no shutdown
        no routing
        vlan access 1
    interface 1/1/29
        no shutdown
        no routing
        vlan access 1
    interface 1/1/30
        no shutdown
        no routing
        vlan access 1
    interface 1/1/31
        no shutdown
        no routing
        vlan access 1
    interface 1/1/32
        no shutdown
        no routing
        vlan access 1
    interface 1/1/33
        no shutdown
        no routing
        vlan access 1
    interface 1/1/34
        no shutdown
        no routing
        vlan access 1
    interface 1/1/35
        no shutdown
        no routing
        vlan access 1
    interface 1/1/36
        no shutdown
        no routing
        vlan access 1
    interface 1/1/37
        no shutdown
        no routing
        vlan access 1
    interface 1/1/38
        no shutdown
        no routing
        vlan access 1
    interface 1/1/39
        no shutdown
        no routing
        vlan access 1
    interface 1/1/40
        no shutdown
        no routing
        vlan access 1
    interface 1/1/41
        no shutdown
        no routing
        vlan access 1
    interface 1/1/42
        no shutdown
        no routing
        vlan access 1
    interface 1/1/43
        no shutdown
        no routing
        vlan access 1
    interface 1/1/44
        no shutdown
        no routing
        vlan access 1
    interface 1/1/45
        no shutdown
        no routing
        vlan access 1
    interface 1/1/46
        no shutdown
        no routing
        vlan access 1
    interface 1/1/47
        no shutdown
        no routing
        vlan access 1
    interface 1/1/48
        no shutdown
        no routing
        vlan access 1
    interface 1/1/49
        description Core to 10gb Internal
        no shutdown
        no routing
        vlan trunk native 1
        vlan trunk allowed 1,20
    interface 1/1/50
        shutdown
        no routing
        vlan trunk native 1
        vlan trunk allowed all
    interface 1/1/51
        description Core to ISCSI/DMZ
        no shutdown
        no routing
        vlan trunk native 1
        vlan trunk allowed 30,110-122,140-142
    interface 1/1/52
        no shutdown
        no routing
        vlan trunk native 1
        vlan trunk allowed all
    interface vlan 1
    ip route 10.100.0.0/22 vlan1 tag 1
    !
    !
    !
    !
    !
    https-server vrf default
    https-server vrf mgmt



  • 2.  RE: Struggling with an odd issue with three aruba switches, 1-6200 and 2- cx 8320's

    MVP GURU
    Posted Feb 22, 2024 04:51 PM
    Hi, given the description of your switches interconnections (two 10G links from two Aruba 8320 switches - one link for each 8320 - to one 6200) and given this part of 6200's uplink interfaces configuration:

    interface 1/1/49
        description Core to 10gb Internal <----- Aruba 8320
        no shutdown
        no routing
        vlan trunk native 1
        vlan trunk allowed 1,20
    interface 1/1/50
        shutdown
        no routing
        vlan trunk native 1
        vlan trunk allowed all
    interface 1/1/51
        description Core to ISCSI/DMZ <----- ?
        no shutdown
        no routing
        vlan trunk native 1
        vlan trunk allowed 30,110-122,140-142
    interface 1/1/52
        no shutdown
        no routing
        vlan trunk native 1
        vlan trunk allowed all

    where is the second 10G link to 8320?

    Were the two Aruba 8320 deployed as a VSX (thus clustered) or are they working independently each other (two standalone switches)?



    Original Message


  • 3.  RE: Struggling with an odd issue with three aruba switches, 1-6200 and 2- cx 8320's

    Posted Feb 22, 2024 05:12 PM

    Hello,

    Yes it's port 51 and they were deployed as two stand alone switches and the 8320 connected to port 51 is the one that is working properly.

    Thanks!

    Adam


    Original Message


  • 4.  RE: Struggling with an odd issue with three aruba switches, 1-6200 and 2- cx 8320's

    MVP GURU
    Posted Feb 23, 2024 01:08 AM
    Ports 1/1/49 and 1/1/51 show different (allowed) VLANs membership and identical (native) VLAN membership: is this correct considering your current network design (I mean: compliant with the way your VLANs are needed and transported across your switches)?

    Who is doing the IP Routing duties to permit inter-VLAN traffic (you cited a Firewall...)?





    Original Message


  • 5.  RE: Struggling with an odd issue with three aruba switches, 1-6200 and 2- cx 8320's

    Posted Feb 23, 2024 08:43 AM

    Yes, they are separate networks on those vlans, the 8320 switch that's working (attached to port 51 contains our DMZ and ISCSI networks) whereas the 8320 that isn't working properly (attached to port 49) contains our internal network and vmotion network only.  Ports 1 and 2 on the 6200 are connections to our two palo alto 440's, which are the virtual routers for all networks.

     

    Thanks!

     

    Adam

     



    The information contained in this e-mail message is intended only for the personal and confidential use of the recipient(s) named above. If the reader of this message is not the intended recipient or an agent responsible for delivering it to the intended recipient, you are hereby notified that you have received this communication in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please notify the sender immediately and delete the original message and any attachments.



    Original Message


  • 6.  RE: Struggling with an odd issue with three aruba switches, 1-6200 and 2- cx 8320's

    MVP GURU
    Posted Feb 23, 2024 03:06 PM
    If, as you told, the VLAN Ids memberships are correct on each ports (you know), then the issue could be at higher level...personally I use another approach while assessing a problem but each network is the results of its design...so it's up to you to check each involved piece.



    Original Message