LAN Routing

Re: Aruba 2530 Tagged VLAN no network connection

 
TAEDEKA
Occasional Advisor

Re: Aruba 2530 Tagged VLAN no network connection

Thank you for the reply. If I untag that port, how will any other tagged VLAN that connects to that same port at a later time be able to get an IP and connect to network resources for their respective VLAN?
akg7
HPE Pro

Re: Aruba 2530 Tagged VLAN no network connection

Hello,

If you will untag port 13 for vlan 2 then PC will work only for vlan 2 only not for any other vlan.

Thanks!

I am an HPE Employee

Accept or Kudo

TAEDEKA
Occasional Advisor

Re: Aruba 2530 Tagged VLAN no network connection

Thank you for the reply. Yes, I know. However, it does not allow me to configure multiple tagged VLANS on the router, configure tagged ports on the switch and connect to corresponding VLANS with various devices. It is almost as if the 2530 needs a route but it is not a layer 3 switch.

Oddly, this works without issue using an HP procurve 1820 switch. The 1820 allows for changing the PVID on a per port basis which seems to allow the tagged traffic to be directed to and from the router instead of staying in the switch. As such, I would believe the same could be made to work with the Aruba 2530. However, I do not see a setting for changing the PVID per port.

Additionally the 1950 series works as well if you change the port type to Hybrid keeping untagged on default VLAN and allowing tagged traffic on other VLANS.

Thank you for your contributions.
akg7
HPE Pro

Re: Aruba 2530 Tagged VLAN no network connection

Hello,

 

PVID concepts comes when port is hybrid port.

Here Port 13 is not a hybrid.

Thanks!

I am an HPE Employee

Accept or Kudo

TAEDEKA
Occasional Advisor

Re: Aruba 2530 Tagged VLAN no network connection

Thank you for the reply.

Do you know how to make a port on the 2530 a hybrid port?

 

parnassus
Honored Contributor

Re: Aruba 2530 Tagged VLAN no network connection

Why you need Hybrid port?

I don't see an issue in wanting a NIC port VLAN id tagged (example VLAN id = 2) to be connected on a port tagged member of the very same VLAN id...you can do it and it must work.

A port can be untagged member of one VLAN only but can be tagged member of more tagged VLAN (and can be "orphaned" by being without a untag membership...to do that it need to be tagged on another VLAN first).

Say port 13 is untagged member of VLAN id 1 (default) then:

vlan 2

tagged 13

exit

vlan 1

no untagged 13

make port 13 only tagged member of VLAN id 2.

An host need to be properly set to speak (sending tagged outgoing packets and accepting tagged incoming packets) with VLAN id 2 set as VLAN id of its NIC's port...in other terms that host needs to be VLAN aware.


I'm not an HPE Employee
Kudos and Accepted Solution banner
TAEDEKA
Occasional Advisor

Re: Aruba 2530 Tagged VLAN no network connection

Thank you for the reply. I understand. I suppose what has confused me the most is why, if the port is tagged on VLAN 2 and the computer nic is set to VLAN 2, does the computer get an ip address from the DHCP server (on VLAN2) but can not communicate with the network (VLAN2)? A route issue??

In order to get the computer to communicate, to the network with a tagged VLAN, I must connect a switch port to the router using an untagged VLAN. This means I am using two ports of my router and switch. (VLAN 1 and VLAN 2) both untagged on two seperate switch ports (with the opposite excluded). Further, in this config I can not use a ROUTER VLAN port to send multiple VLAN's on one interface because once it gets to the switch the device connected to a switch port will not be able to communicate (again will receive ip address but no further communcation).  The 2530 is a layer 2 switch but it is almost active like a layer 3 switch at the OSI level? (No route back out to the router once DHCP has sent the ack for address?)

 

parnassus
Honored Contributor

Re: Aruba 2530 Tagged VLAN no network connection

Can you draw it?

The Aruba 2530 has no routing features so you really need to use an
external router to route between directly connected VLANs.

Suppose you have VLAN 10 and 20 defined and addressed on your Router, say
10.0.10.254 and 10.0.20.254 just as example (that way the router is
configured to act as the "gateway" for its connected peers located on those
subnets), and suppose both VLANs are configured on the very same physical
Ethernet interface (how you do that it depends by the router), the same is
valid if you use separate Ethernet interfaces on your Router, each one
carrying just one VLAN (in any case outgoing packets originating from VLAN
10 are tagged leaving the interface going to your switch and, conversly,
incoming VLAN 10 tagged packets are accepted on the very same interface
reaching the Router VLAN IP interface from the Switch...the same is valid
for VLAN 20)...well...in this case your switch needs that the uplink
interface (or interfaces) to the router is a tagged member of both VLAN 10
and 20. That is...now you can have, access side connected to your Aruba
switch, a VLAN unaware host connected to a port which is an untagged member
of VLAN 10 or 20 (not both) or you can have an aware VLAN host (you set a
VLAN id explicitly, say 10 or 20) connected to a port which is a tagged
member on the same VLAN id of the host (no VLAN ids match, no traffic)...in
both cases...that host, properly IP addressed, should be able to - at least
- ping its gateway and hosts in the very same VLAN (Subnet). That is the
basic to start with.

It's just one among some possible scenarios.

Nobody will force you proceeding by tagging or untagging a particular port
(access use, uplink use), I mean that it could also work by using - say -
different uplink ports each one untagged respectively on VLAN 10 or 20 but,
you know, why not to use a single link uplink carrying multiple VLANs at
once instead (Cisco guys will call it "a trunk port" while for HP ProCurve
guys the term "trunk" is used to represent a links aggregation which is not
necessarily related to VLAN tagging, even if a links aggregation interface
acts quite like a physical port in terms of VLAN tagging capabilities):
each port can carry (send outgoing/accept received) untagged packets (so no
tag, only one choice here) and eventually packets with various tags (many
tags)...so it's up to you to decide the way a packet flows along its
journey through your network (considering that internally to a switch
packets travel with tags).

I'm not an HPE Employee
Kudos and Accepted Solution banner