Re: Help with Configuring HP2920's, stacking, two stacks, vlans and voip etc

I configured the trunking in the GUI on both stacks.. there was a choice of active or passive lacp, but it wouldnt let me set stack01 to active and the other stack to passive.. threw an error.. i assume just on the type i need lacp, but not passive or active.  I also got spanning tree set and set the one stack to prioirty 1 and the other one to 0.

And on the subject of VLANS..

I have  50 : Management, 100 Servers, 150 Workstations-LAN and 200 VOIP set manually in the gui (where 50 is the ID).. I assume these are typical vlan names, but i'm on clear aside from VOIP where the advantage is to setting vlans here.

Also unclear on where tagging vs untagged should come in.. the one switch in the 2 switch stack is definitely entirely voip connections (i assume this could be untagged?), for the rest, wouldnt i need to know exactly which ports are which before assigning tagged ports.. that is.. i've not migrated wiring yet... i was trying to get the vlans setup then do the full re-wiring in a week over two days basically.

I also assume ill need to set the vlan names and ids identically on both stacks ? (would the voip vlan even exist on the 4 switch stack that doesnt have voip connections at all)?

---

@markm75 wrote:

I configured the trunking in the GUI on both stacks.. there was a choice of active or passive lacp, but it wouldnt let me set stack01 to active and the other stack to passive.. threw an error.. i assume just on the type i need lacp, but not passive or active.  I also got spanning tree set and set the one stack to prioirty 1 and the other one to 0.

 Creating a Port Trunk with members interfaces the interfaces on which you have (not yet) to attach DAC Cables should be simple (I suggest you to set LACP Active on both sides for each created Port Trunk Group).

Then you can attach both DAC Cables on both ends, not before.

 

And on the subject of VLANS..

I have  50 : Management, 100 Servers, 150 Workstations-LAN and 200 VOIP set manually in the gui (where 50 is the ID).. I assume these are typical vlan names, but i'm on clear aside from VOIP where the advantage is to setting vlans here.

Also unclear on where tagging vs untagged should come in.. the one switch in the 2 switch stack is definitely entirely voip connections (i assume this could be untagged?), for the rest, wouldnt i need to know exactly which ports are which before assigning tagged ports.. that is.. i've not migrated wiring yet... i was trying to get the vlans setup then do the full re-wiring in a week over two days basically.

I also assume ill need to set the vlan names and ids identically on both stacks ? (would the voip vlan even exist on the 4 switch stack that doesnt have voip connections at all)?

---

VLAN IDs must be the same, VLANs Descriptions and Names are (string) labels only (those labes help you identifiyng and associating VLAN IDs with their purposes).

VLANs basic purposes: broadcast segmentation and attached Hosts isolation...so it's a matter of understanding what you want to achive and what are the Switches involved (keep in mind that a Stack is seen as one big logical Switch...so its configuration is one and just one).

I'm not an HPE Employee

---

@parnassus wrote:

---

@markm75 wrote:

I configured the trunking in the GUI on both stacks.. there was a choice of active or passive lacp, but it wouldnt let me set stack01 to active and the other stack to passive.. threw an error.. i assume just on the type i need lacp, but not passive or active.  I also got spanning tree set and set the one stack to prioirty 1 and the other one to 0.

 Creating a Port Trunk with members interfaces the interfaces on which you have (not yet) to attach DAC Cables should be simple (I suggest you to set LACP Active on both sides for each created Port Trunk Group).

Then you can attach both DAC Cables on both ends, not before.

 

And on the subject of VLANS..

I have  50 : Management, 100 Servers, 150 Workstations-LAN and 200 VOIP set manually in the gui (where 50 is the ID).. I assume these are typical vlan names, but i'm on clear aside from VOIP where the advantage is to setting vlans here.

Also unclear on where tagging vs untagged should come in.. the one switch in the 2 switch stack is definitely entirely voip connections (i assume this could be untagged?), for the rest, wouldnt i need to know exactly which ports are which before assigning tagged ports.. that is.. i've not migrated wiring yet... i was trying to get the vlans setup then do the full re-wiring in a week over two days basically.

I also assume ill need to set the vlan names and ids identically on both stacks ? (would the voip vlan even exist on the 4 switch stack that doesnt have voip connections at all)?

---

VLAN IDs must be the same, VLANs Descriptions and Names are (string) labels only (those labes help you identifiyng and associating VLAN IDs with their purposes).

VLANs basic purposes: broadcast segmentation and attached Hosts isolation...so it's a matter of understanding what you want to achive and what are the Switches involved (keep in mind that a Stack is seen as one big logical Switch...so its configuration is one and just one).

---

A few questions based on this ..

Would it make more sense to migrate the connections from the old switch, make sure everything talks, then enable the VLANs for the 3 or 4 groups i think ill create?

In either case, those all need to talk to each other, but I assume ill either have to map out what ports on the switch will be for which VLans or do it after i move all the wiring from the old switches to these 2 new stacks.

IE: the voice portion needs to communicate to at least the server Vlan.. i would assume the same on mangement, though i'm unclear what i'd use for managment vlan members (maybe just my gateway and vpn devices, so two total ports), which need to talk to the other vlans as well.

back tracking to the recommendation to set the trunk to active.. 

If i use the gui and try to use the pull down and set it to active.. it throws an error:

"dynamic LACP can not be activated on a manual trunk port"

What does the active setting do exactly, if i could get it to stick, that the current one does not?

So i guess a key piece of info that was missing from mind at least when planning all this was that each vlan cant be on the same subnet as we have things now?

That is, we have the 255.255.248.0 mask on 172.16.x for all our devices in our network, along with a gateway / router which is our sonicwall gateway.. dhcp is spit out from our windows domain to all devices or manually set.

Its my current understanding that i'd probably need to configure various subnets for each of the vlans..

Currently I have these listed as vlans:

Default_vlan
Management (which i think would be default_vlan, i'd just rename)
Servers
Workstations-LAN
Wifi
VOIP

It sounds as if the management vlan would be "untagged" for the ports for the wifi access points and sonicwall interface etc.. while the Wifi vlan would be what spits out ip addresses to wifi devices?

In either case, many of these need to talk to each other, which is why i thought they could just exist on the same set of ips/subnet originally.. like VOIP needs to talk to servers minimally and of course servers need to talk to workstations.  I'm assuming there is some command that sets that option. 

Its also my understanding that for stack1 i'd somehow have it set as the default gateway for that stack.. and for stack2 its ip would be the default gateway for that stack (and not our sonicwall router).

Either way its a big mess.. not sure i can implement this in a days time which is what i have to work with (starting migration of old wires mid day in a day or so).. i'll probably end up just migrating the wires and figuring this out later.

Biggest concerns are how the devices would get fresh ips (usually a shutdown / restart needed), so many pcs would be in limbo at first.. and also if it creates headaches for everything communicating in general windows wise.  Sounds like it adds big security but may create major headaches, at first.

Hello @markm75, sorry for delay in answering...I saw your latest posts but was busy enough since Monday (HPE Discover 2017 Madrid!) and hadn't time to answer in time for all your questions/doubts.

I generally try to solve a problem at time...so back to the oldest I was able to recognize: actually, have you still issues with Port Trunking between your two Aruba 2920's fabric stacks or were you able to manage them?

Supposing you still have some issue can you share the outputs of show lacp and show trunk commands (eventually you can add the show lldp info remote-device too to gather more detail about the peer trunked device) issued on both Aruba stacks?

Generally setting up a IEEE 802.3ad (LACP) Port Trunking on HP ProCurve/Aruba should be simple (starting from a default configuration):

1. choose if you are going to deploy Non Protocol Port Trunking (trunk) or Protocol based Port Trunking (lacp) specifically IEEE 802.3ad LACP).
2. choose if you are going to configure Protocol based Port Trunking (lacp) as active or passive.
3. choose which members ports you will include in the Port Trunk logical port.

So, assuming you want to setup a LACP Port Trunking (active on both ends) between your two stacks you should issue this single simple command: interface n m lacp active (where here n and m represent the interface numbers you are planning to add as member ports). Nothing more, nothing less.

I've the strong suspect you didn't started from a default port configuration with regard to Port Trunk's members ports...

Then we can discuss about VLANs.

I'm not an HPE Employee

---

@parnassus wrote:

Hello @markm75, sorry for delay in answering...I saw your latest posts but was busy enough since Monday (HPE Discover 2017 Madrid!) and hadn't time to answer in time for all your questions/doubts.

I generally try to solve a problem at time...so back to the oldest I was able to recognize: actually, have you still issues with Port Trunking between your two Aruba 2920's fabric stacks or were you able to manage them?

Supposing you still have some issue can you share the outputs of show lacp and show trunk commands (eventually you can add the show lldp info remote-device too to gather more detail about the peer trunked device) issued on both Aruba stacks?

Generally setting up a IEEE 802.3ad (LACP) Port Trunking on HP ProCurve/Aruba should be simple (starting from a default configuration):

1. choose if you are going to deploy Non Protocol Port Trunking (trunk) or Protocol based Port Trunking (lacp) specifically IEEE 802.3ad LACP).
2. choose if you are going to configure Protocol based Port Trunking (lacp) as active or passive.
3. choose which members ports you will include in the Port Trunk logical port.

So, assuming you want to setup a LACP Port Trunking (active on both ends) between your two stacks you should issue this single simple command: interface n m lacp active (where here n and m represent the interface numbers you are planning to add as member ports). Nothing more, nothing less.

I've the strong suspect you didn't started from a default port configuration with regard to Port Trunk's members ports...

Then we can discuss about VLANs.

 

---

Well, i had the issue where if, in the gui, i tried to enable active it would fail with ""dynamic LACP can not be activated on a manual trunk port"

I'm not sure i understand the difference between lacp and regular trunking (and active/passive).. which is best to use.. i assumed active and lacp.. 

I did start from default, but used the gui to configure the trunk.. i disconnected the cables.. enabled them on the first stack, then repeated on second and connected cables (?)

Here are the commands

Stack1:

show lacp

LACP Trunk Port LACP Admin Oper
Port Enabled Group Status Partner Status Key Key
----- ------- ------- ------- ------- ------- ------ ------
2/A1 Active Trk1 Up Yes Success 0 210
2/A2 Active Trk1 Up Yes Success 0 210

show trunk:

Load Balancing Method: L3-based (default)

Port | Name Type | Group Type
------ + -------------------------------- ---------- + ----- --------
2/A1 | Stack01DACTrunkA1 SFP+SR | Trk1 LACP
2/A2 | Stack01DACTrunkA2 SFP+SR | Trk1 LACP

LLDP Remote Devices Information

LocalPort | ChassisId PortId PortDescr SysName
--------- + ------------------ ------------------ --------- ------------------
2/A1 | d0 bf 9c cf 56 c9 205 4/A1 HP4Member-Stack02
2/A2 | d0 bf 9c cf 56 c9 206 4/A2 HP4Member-Stack02

stack2:

show lacp

LACP Trunk Port LACP Admin Oper
Port Enabled Group Status Partner Status Key Key
----- ------- ------- ------- ------- ------- ------ ------
4/A1 Active Trk1 Up Yes Success 0 210
4/A2 Active Trk1 Up Yes Success 0 210

show trunk:

Load Balancing Method: L3-based (default)

Port | Name Type | Group Type
------ + -------------------------------- ---------- + ----- --------
4/A1 | Stack02DACTrunkA1 SFP+SR | Trk1 LACP
4/A2 | Stack02DACTrunkA2 SFP+SR | Trk1 LACP

LLDP Remote Devices Information

LocalPort | ChassisId PortId PortDescr SysName
--------- + ------------------ ------------------ --------- ------------------
4/31 | a0 b3 cc 4c 21 70 a0 b3 cc 4c 21 70
4/A1 | 70 10 6f 3d b5 cb 101 2/A1 HP2MEMB-stack01
4/A2 | 70 10 6f 3d b5 cb 102 2/A2 HP2MEMB-stack01

 edit:  the show trunks seem to show "active", but is this lacp active.. if so maybe i'm good to go.

Vlan wise, i'm holding off on that till after all wires are migrated (today), in the future, i feel thats a bigger mess than just getting things working at default + trunking

Hi,

those outputs look good.

On Stack 1:

                          LACP
      LACP    Trunk   Port             LACP   Admin  Oper
Port  Enabled Group   Status  Partner Status  Key    Key
----- ------- ------- ------- ------- ------- ------ ------
2/A1  Active  Trk1    Up      Yes     Success 0      210
2/A2  Active  Trk1    Up      Yes     Success 0      210

Immediately Trk1 naming for Port Trunking means that you configured a Static LACP Port Trunking made of A1 and A2 interfaces of Stack 1's Member n°2.

The LACP Enabled parameter reports both 2/A1 and 2/A2 physical interfaces as Active, it just means that those ports automatically send LACP protocol packets.

Trunk Group reports Trkx (and not Dynx), it means that you used Static LACP instead of Dynamic LACP. (this also explains why you see it on the output of show trunk), LACP Status parameter reports Success, LACP Partner reports Yes so, in the end, you are pretty much good with regard to your Stack 1 <--> Stack 2 ports trunking.

The same can be said about Trk1 (with member ports 4/A1 and 4/A2) defined on your Stack 2's Member n°4:

                          LACP
      LACP    Trunk   Port             LACP   Admin  Oper
Port  Enabled Group   Status  Partner Status  Key    Key
----- ------- ------- ------- ------- ------- ------ ------
4/A1  Active  Trk1    Up      Yes     Success 0      210
4/A2  Active  Trk1    Up      Yes     Success 0      210

I'm not an HPE Employee