HPE Community
Aruba & ProVision-based
1753404 Members
7247 Online
108793 Solutions
New Discussion юеВ

Re: New 3810M and 2530 Deployment questions

 
slciec
Visitor

тАО11-08-2017 05:55 AM

тАО11-08-2017 05:55 AM

New 3810M and 2530 Deployment questions

I am new to HPE switching but have worked with Cisco switching for the past 15 years. I have setup my configuration and everything seems to be working in the test environment.
I wondered if someone with more HPE switching experience than me could look over the configuration and let me know if the configs look ok? Also should i configure jumbo frames on all the switch to switch DAC connections or is 10GB connection sufficent?

Here is the inventory of what i am configuring.
Core Switch - Aruba 3810M 16SFP 2 Slot with 1 expansion SFP Installed.
Access Switches - 10 Aruba 2530-48G 2SFP.
All 2530 will connect to the 3810 with a 10GB DAC cable.
Most all ports on the 2530's will be on VLAN10.

3810M - Core Config
hostname "core1"
module 1 type jl075x
module 2 type jl075y
module 3 type jl075z
flexible-module A type JL083A
telnet-server listen data
web-management listen data
ip ssh listen data
ip route 0.0.0.0 0.0.0.0 10.2.2.2
ip route 10.200.1.0 255.255.255.0 172.1.2.2
ip route 10.201.1.0 255.255.255.0 172.1.2.2
ip route 10.202.1.0 255.255.255.0 172.1.2.2
ip routing
snmp-server community "public" unrestricted
snmp-server listen data
oobm
disable
no ip address
exit
vlan 1
name "DEFAULT_VLAN"
no untagged 1-16,A1-A2
untagged A3-A4
no ip address
exit
vlan 2
name "mgmt"
tagged 1-16
ip address 10.1.1.250 255.255.255.0
exit
vlan 7
name "wifi"
ip address 10.7.1.1 255.255.255.0
ip helper-address 10.1.1.100
exit
vlan 10
name "access"
tagged 1-16
ip address 10.20.1.1 255.255.254.0
ip helper-address 10.1.1.100
exit
vlan 30
name "main"
tagged 1-16
ip address 10.30.1.1 255.255.255.0
ip helper-address 10.1.1.100
exit
vlan 40
name "staff"
tagged 1-16
ip address 10.40.1.1 255.255.255.0
ip helper-address 10.1.1.100
exit
vlan 172
name "wan"
untagged A2
ip address 172.1.1.1 255.255.255.252
exit
vlan 254
name "secure"
untagged A1
ip address 10.2.2.2 255.255.255.252
exit
primary-vlan 2
no tftp server
tftp server listen data
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager
password operator

2530 Access Switch 1 thru 10 Config.
hostname "accessXX"
ip default-gateway 10.1.1.250
vlan 1
name "DEFAULT_VLAN"
no untagged 1-48,50
untagged 49
no ip address
exit
vlan 2
name "mgmt"
tagged 50
ip address 10.1.1.221 255.255.255.0
exit
vlan 10
name "access"
untagged 1-48
tagged 50
no ip address
exit
primary-vlan 2

0 Kudos
3 REPLIES 3
TerjeAFK
Respected Contributor

тАО11-09-2017 03:17 AM

тАО11-09-2017 03:17 AM

Re: New 3810M and 2530 Deployment questions

Here are a few things I would consider:

* disable telnet/tftp and use SSH/SCP instead
* switch to SSL for webmanagement of the switches
* set the public SNMP community as read-only and use a separate community for read-write access
* enable Spanning Tree and maybe use loop-protection on interfaces where users can connect
* use NTP for time sync
* logging to a Syslog server if you don't use a separate management system with builtin logging
* broadcast limit on all interfaces
* DHCP snooping on the switches where end users will connect

I wouldn't worry about jumbo frames unless you know that the links will be highly utilized.

0 Kudos
slciec
Visitor

тАО11-09-2017 06:33 AM

тАО11-09-2017 06:33 AM

Re: New 3810M and 2530 Deployment questions

Thanks for the great info.

I am on the fence about enabling spanning tree. With my configuration is it something you would be concered with?

0 Kudos
TerjeAFK
Respected Contributor

тАО11-09-2017 11:46 PM

тАО11-09-2017 11:46 PM

Re: New 3810M and 2530 Deployment questions

I regularly get log entries on my switches about Spanning Tree blocking ports, so I would seriously think about it.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.