Aruba & ProVision-based

Re: Aruba 2930F Multiple VLANS with DHCP & Trunk Ports

 
SOLVED
Go to solution
DeleshD
Member

Aruba 2930F Multiple VLANS with DHCP & Trunk Ports

Hi There,

I need assistance with Aruba 2930F Core switch configured with multiple Vlans & Differant DHCP Scopes connected with Trunk port to ISP Router, Also have HP 2530 switches in various Buidlings connected via SFP.

I have am not sure if all is configured correctly as my Voip Phones are not getting registered. Please assist.

module 1 type jl256a
trunk 48 trk1 trunk
ip route 0.0.0.0 0.0.0.0 192.168.5.1
ip routing
vlan 1
name "DATA"
untagged 1-47,49-52,Trk1
ip address 192.168.5.31 255.255.255.0
ipv6 enable
ipv6 address dhcp full
exit
vlan 2
name "VOICE"
tagged 1-47,49-52
ip address 192.168.4.1 255.255.255.0
voice
dhcp-server
exit
vlan 6
name " WMS"
tagged 1-47,49-52
ip address 192.168.6.1 255.255.255.0
exit
vlan 7
name "SECURITY"
tagged 1-47,49-52
ip address 192.168.7.1 255.255.255.0
exit
vlan 10
name "GUEST"
tagged 1-47,49-52
ip address 10.10.10.1 255.255.255.0
dhcp-server
exit
spanning-tree Trk1 priority 4
dhcp-server pool "GUEST"
authoritative
default-router "192.168.5.1"
dns-server "168.210.2.2,8.8.8.8"
lease 00:12:00
network 10.10.10.0 255.255.255.0
range 10.10.10.11 10.10.10.240
exit
dhcp-server pool "VOICE"
authoritative
default-router "192.168.5.1"
dns-server "168.210.2.2,8.8.8.8"
lease 08:00:00
network 192.168.4.0 255.255.255.0
range 192.168.4.11 192.168.4.200
exit
dhcp-server enable


sh ip route

IP Route Entries

Destination Gateway VLAN Type Sub-Type Metric Dist.
------------------ --------------- ---- --------- ---------- ---------- -----
0.0.0.0/0 192.168.5.1 1 static 1 1
10.10.10.0/24 GUEST 10 connected 1 0
127.0.0.0/8 reject static 0 0
127.0.0.1/32 lo0 connected 1 0
192.168.4.0/24 VOICE 2 connected 1 0
192.168.5.0/24 DATA 1 connected 1 0
192.168.6.0/24 WMS 6 connected 1 0
192.168.7.0/24 SECURITY 7 connected 1 0


sh vlans

Status and Counters - VLAN Information

Maximum VLANs to support : 256
Primary VLAN : DATA
Management VLAN :

VLAN ID Name | Status Voice Jumbo
------- -------------------------------- + ---------- ----- -----
1 DATA | Port-based No No
2 VOICE | Port-based Yes No
6 WMS | Port-based No No
7 SECURITY | Port-based No No
10 GUEST | Port-based No No

sh trunk

Load Balancing Method: L3-based (default)

Port | Name Type | Group Type
------ + -------------------------------- ---------- + ----- --------
48 | 100/1000T | Trk1 Trunk

 

 

 

6 REPLIES 6
parnassus
Honored Contributor

Re: Aruba 2930F Multiple VLANS with DHCP & Trunk Ports

Hi! first of all, are you sure about Trk1 configuration? Trk<trunk-port-id> means "Links aggregation", I don't see member interface 48 aggregated with any other similar port...so I suspect you confused the meaning of the word "Trunk" in HP ProCurve (or actual ArubaOS-Switch based switch series) jargon.


I'm not an HPE Employee
Kudos and Accepted Solution banner
DeleshD
Member

Re: Aruba 2930F Multiple VLANS with DHCP & Trunk Ports

Hi There @parnassus ,

Thank you for your response.

I needed to setup this port to the ISP router and allow all my Vlans access to the internet via this port. I also need my Vlans to be able to route to each other. Can you please guide me as how to achieve this ?

Thank you.

parnassus
Honored Contributor

Re: Aruba 2930F Multiple VLANS with DHCP & Trunk Ports

Hi, you should delete Trk1 (made of only port 48) and so the port 48 could be configured directly.

Once you remove Trk1, perform a show vlan port ethernet 48 detail to see how port 48 is tagged (and untagged).

You should then tag/untag it to match the VLAN tagging settings you have on the corresponding Router LAN port.

Since IP Routing is enabled on your Aruba 2930F I presume you're performing inter-VLAN routing directly at Switch level and then you want to forward all non-local traffic to the Router (which will act as the Gateway to Internet). Correct?


I'm not an HPE Employee
Kudos and Accepted Solution banner
DeleshD
Member

Re: Aruba 2930F Multiple VLANS with DHCP & Trunk Ports

Hi Parnassus,

Thank you for your reply, I have removed trunk, show vlan :

sh vlan ports ethernet 48 detail

Status and Counters - VLAN Information - for ports 48

VLAN ID Name        | Status              Voice    Jumbo     Mode
------- -------------------- + ----------   -----       -----    --------
1               DATA        | Port-based        No       No     Untagged

I want all devices on variuos Vlans to have internet access and see this only shows Vlan 1, So does this mean that other Vlans will not get breakout ?, Do I need to add all the Vlans to this Interface 48 to get internet breakout for all devices?

Yes, I need to have InterVlan Routing on the switch level.

Thank you.

parnassus
Honored Contributor
Solution

Re: Aruba 2930F Multiple VLANS with DHCP

Hi, if you need the inter-VLAN routing to happen directly on the switch
you're automatically accepting that (a) IP routing must be enabled on the
Switch and (b) all your directly connected VLANs should have an IP assegned
on the Switch.

Hosts will use those IP as their gateways.

A Static Route (called Default Route or Route of Last Resort) of type 0/0
via your Firewall LAN IP address will address connections to "external"
nets (such Internet)...this could be applied on two scenarios: first, your
Firewall has LAN IP on a Switch VLAN shared also with access devices (Bad)
or second, you create a dedicated Transit VLAN (say a /31) and assign your
Router an IP Address on that VLAN...in both cases you are advised to use
tagged traffic between your Switch (so uplink port 48 should be tagged on a
VLAN) and your Router LAN...this requires you to correctly configure Router
LAN interface and create static routes on the Router to let return traffic
with VLANs as destinations to flow back from.your router to your routing
Switch.

ACLs on the Switch are required to segregate traffic of different VLAN
segments.

I'm not an HPE Employee
Kudos and Accepted Solution banner
DeleshD
Member

Re: Aruba 2930F Multiple VLANS with DHCP

Thank you Parnassus, I manged to get this working. I just need to correct the transit Vlan & then also setup ACL which i'm not familiar with. Thnak you for all your assistance.