Aruba & ProVision-based
cancel
Showing results for 
Search instead for 
Did you mean: 

Configure VLAN in Aruba 2540 Switch

 
Daniel2604
Advisor

Configure VLAN in Aruba 2540 Switch

Hello,

today I want to create my first VLAN in Aruba switch, but I need some kind of help.

My environment:

Router, Switch1, Switch2, some Unifi Access Points

I need for the unifi APs a guest network (192.168.1.0), which is seperated from main network (192.168.0.0).

The router has 2 interfaces with both networks and both are connected with Switch1 (Port 1+2). Switch1 has fiber connection to Switch2 (Port 25). Unifi APs are connected to switch2. (Port 23+24)

First I create in Switch2 a VLAN (ID2) with (Port 23 + 24). Then I create in Switch1 a VLAN (ID2) with Port 2 (guest network) 

Primary VLAN is the default, no management VLAN is configured.

What I need to do in next step?

Goal: Both unifi APs should connected the router guest network without seeing any other device. The router is dhcp server for the guest network. 

I hope that somebody could support me a little bit

Greetings

 

3 REPLIES 3
parnassus
Honored Contributor

Re: Configure VLAN in Aruba 2540 Switch

Hello Daniel,

I think a similar setup for a PoC with Ubiquity UniFi AP (I've done one exactly yesterday although without a proper WiFi for Guest) would be setup by permitting the Router to be the IP Router device for your network (that's to semplify things a little bit):

  1. Your Router will perform IPv4 Routing for all your VLANs
  2. Your Router will own the ownership of VLAN's SVI (it means that each VLANs will have its IP interface on the Router LAN's sub-interface, in other words your Router will be the Default Gateway on each VLAN's Subnet)
  3. VLANs needs to be defined on each Switch
  4. The downlink between your Router LAN 1 will carry all VLANs except for VLAN dedicated to Guest-WiFi SSID (See below)
  5. Uplink port to Router LAN 1 on the Switch directly connected to your Router will be a tagged member on all those VLANs (you can remove the Untag on VLAN 1 Default since, basically, VLAN 1 will not be used)
  6. The downlink between your Router LAN 2 will carry only VLAN dedicated to Guest-WiFi SSID
  7. Uplink port  to Router LAN 2 on the Switch directly connected to your Router will be tagged member on just that VLANs (you can remove the Untag on VLAN 1 Default since, basically, VLAN 1 will not be used)
  8. Switch ports where WiFi AP are going to be connected need to be configured as untagged member of a "WiFi Management" dedicated VLAN id y (to over semplify it can be the very same VLAN id in which you're going to deploy your wired Clients, as example) and tagged member of any other VLAN dedicated to your WiFi SSIDs (example: Trusted-WiFi SSID will bind to VLAN Id x and Guest-WiFi SSID will bind VLAN id y)
  9. the above step (8) will require you configure LANs on Ubiquity UniFi APs to cope with that VLAN assignments (VLAN id x and VLAN id y)
  10. Inter-Switch link (Up/Down-link) between Switch 1 and 2 need to carry all VLAN Ids (so involved ports on both ends need to be tagged member of all VLAN ids you defined on your Router
  11. All VLAN ids you defined on your Routers need to be also defined on each involved Switch (here I consider both Switches as Layer 2 extensions of LAN1 and LAN 2 so Switch 1 and 2 are basically equals).
  12. Access ports (except those reserved for Uplinks and WiFi APs) clearly need to be untagged members of VLAN id dedicated to your wired clients
  13. All clients need to be configured (statically or via a DHCP Server) to have Default Gateway the respective VLAN id IP Address defined on the Router and the Router needs to have routes to let the traffic back (and between, if required) VLANs it manages (except for Guest-WiFi dedicated VLAN, it doesn't partecipate to inter-VLANs routing since it should be "logically" isolated).

That would be an approach and, clearly, your mileage may vary significantly.

Personally I approached enabling the IP Routing on one of our PoC Switch and using a Transport VLAN /29 to uplink to a Router (which is instructed to route back to our VLANs behinds our Layer 3 Switch acting as the LAN's router)...that's very similar but all the VLAN SVI (IP addressing) is set on that "router" Switch...and the rest is pretty much similar (connected Switches are just Layer 2 extensions from that "router" Switch. As written we haven't a Guest-WiFi so we didn't worked to carry it VLANs directly to the router through another physical uplink (as you want to do).

Technically you would also reach the same target by using just one LAN on your Router (LAN 2 is not strictly necessary) since you can carry WiFi-Guest dedicated VLAN packets tagged directly to it and let it to policy inter-VLAN routing and NAT to your ISP.

Daniel2604
Advisor

Re: Configure VLAN in Aruba 2540 Switch

Good morning from Salzhausen in Germany,

I will try in some hours to implement your solution. Thank you very much for your detailled guidance. Its my first vlan, so I am a little bit unskilled

Greetings

daniel

parnassus
Honored Contributor

Re: Configure VLAN in Aruba 2540 Switch

Hi Daniel, no worries...we're here to help so do not hesitate to ask further support.

I suggest you to first plan VLAN id, then their SVI (IP interface of each VLAN which will be routed by the Switch) and tagging pattern of involved ports (uplink to Firewall, uplink between Switches, access ports for VLAN-unaware hosts, etc.) and you will have 80% of the challenge already covered.