- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Aruba & ProVision-based
- >
- Re: New 3810M and 2530 Deployment questions
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-08-2017 05:55 AM
тАО11-08-2017 05:55 AM
New 3810M and 2530 Deployment questions
I am new to HPE switching but have worked with Cisco switching for the past 15 years. I have setup my configuration and everything seems to be working in the test environment.
I wondered if someone with more HPE switching experience than me could look over the configuration and let me know if the configs look ok? Also should i configure jumbo frames on all the switch to switch DAC connections or is 10GB connection sufficent?
Here is the inventory of what i am configuring.
Core Switch - Aruba 3810M 16SFP 2 Slot with 1 expansion SFP Installed.
Access Switches - 10 Aruba 2530-48G 2SFP.
All 2530 will connect to the 3810 with a 10GB DAC cable.
Most all ports on the 2530's will be on VLAN10.
3810M - Core Config
hostname "core1"
module 1 type jl075x
module 2 type jl075y
module 3 type jl075z
flexible-module A type JL083A
telnet-server listen data
web-management listen data
ip ssh listen data
ip route 0.0.0.0 0.0.0.0 10.2.2.2
ip route 10.200.1.0 255.255.255.0 172.1.2.2
ip route 10.201.1.0 255.255.255.0 172.1.2.2
ip route 10.202.1.0 255.255.255.0 172.1.2.2
ip routing
snmp-server community "public" unrestricted
snmp-server listen data
oobm
disable
no ip address
exit
vlan 1
name "DEFAULT_VLAN"
no untagged 1-16,A1-A2
untagged A3-A4
no ip address
exit
vlan 2
name "mgmt"
tagged 1-16
ip address 10.1.1.250 255.255.255.0
exit
vlan 7
name "wifi"
ip address 10.7.1.1 255.255.255.0
ip helper-address 10.1.1.100
exit
vlan 10
name "access"
tagged 1-16
ip address 10.20.1.1 255.255.254.0
ip helper-address 10.1.1.100
exit
vlan 30
name "main"
tagged 1-16
ip address 10.30.1.1 255.255.255.0
ip helper-address 10.1.1.100
exit
vlan 40
name "staff"
tagged 1-16
ip address 10.40.1.1 255.255.255.0
ip helper-address 10.1.1.100
exit
vlan 172
name "wan"
untagged A2
ip address 172.1.1.1 255.255.255.252
exit
vlan 254
name "secure"
untagged A1
ip address 10.2.2.2 255.255.255.252
exit
primary-vlan 2
no tftp server
tftp server listen data
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager
password operator
2530 Access Switch 1 thru 10 Config.
hostname "accessXX"
ip default-gateway 10.1.1.250
vlan 1
name "DEFAULT_VLAN"
no untagged 1-48,50
untagged 49
no ip address
exit
vlan 2
name "mgmt"
tagged 50
ip address 10.1.1.221 255.255.255.0
exit
vlan 10
name "access"
untagged 1-48
tagged 50
no ip address
exit
primary-vlan 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-09-2017 03:17 AM
тАО11-09-2017 03:17 AM
Re: New 3810M and 2530 Deployment questions
Here are a few things I would consider:
* disable telnet/tftp and use SSH/SCP instead
* switch to SSL for webmanagement of the switches
* set the public SNMP community as read-only and use a separate community for read-write access
* enable Spanning Tree and maybe use loop-protection on interfaces where users can connect
* use NTP for time sync
* logging to a Syslog server if you don't use a separate management system with builtin logging
* broadcast limit on all interfaces
* DHCP snooping on the switches where end users will connect
I wouldn't worry about jumbo frames unless you know that the links will be highly utilized.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-09-2017 06:33 AM
тАО11-09-2017 06:33 AM
Re: New 3810M and 2530 Deployment questions
Thanks for the great info.
I am on the fence about enabling spanning tree. With my configuration is it something you would be concered with?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-09-2017 11:46 PM
тАО11-09-2017 11:46 PM
Re: New 3810M and 2530 Deployment questions
I regularly get log entries on my switches about Spanning Tree blocking ports, so I would seriously think about it.