ProCurve / ProVision-Based
cancel
Showing results for 
Search instead for 
Did you mean: 

Aruba 2920 PoE+ Switch - configuration & VLAN

mazimbela
Occasional Contributor

Aruba 2920 PoE+ Switch - configuration & VLAN

Hi Guys

I still new in HP/Aruba switch configuration.

I have 5 Aruba 2920 PoE+ (24 port) Switches that I want to configure for a new office. All 5 of them are going to be connected via fibre links.

Can you please assist with configuring all 5 switches to be able to communicate with each other using the IP info bellow.

  • server & switches IP range : 192.168.1.1 – 50 : VLAN 10 – Data VLAN
  • workstations IP range : 192.168.1.55 – 200 : VLAN 10 – Data VLAN
  • printers IP range : 192.168.1.205 – 254 : VLAN 10 – Data VLAN
  • wi-fi IP range : 192.168.2.1 – 254 : VLAN 130 – WiFi VLAN
  • cctv IP range : 192.168.5.1 – 254 : VLAN 135 – CCTV VLAN

I've also attached my network diagram. And your help will be VERY much APPRICIATED.

Pls note I dont have my router's IP address yet, so we can use any IP

3 REPLIES
Ian Vaughan
Honored Contributor

Re: Aruba 2920 PoE+ Switch - configuration & VLAN

Howdy,

I am a big fan of putting different things in different networks.

I would:

Create 3 seperate vlans with appropriate subnets for the 3 different communities that you are looking to put in VLAN10.

Give them a /24 (255.255.255.0) network each - it will only take you an extra 2 minutes on the DHCP server.

Use SW1 as a layer 3 switch for your site and create a little (maybe a /30 - 255.255.255.252 if you only have 2 devices in that subnet, maybe a /28 - 255.255.255.240 if you need a few more) "transit" network between SW and the router. 

Put a default route on SW1 that points at the LAN side of the Router.

Put an Ip address on each of the VLANs and enable inter-vlan routing on SW1.

If you can, get the fibre runs to go from the edge switches back to SW1 (like a hub and spoke) without daisy chaining through intermediate switches. Even chaining the fibre runs back to back (checking your TX and RX as you go) is better than using switches to bridge the traffic as the failure of, say, SW2 would also knock out SW3 and SW4. 

All switches should have spanning tree enabled.

All "user facing" ports should have portfast or admin edge mode enabled as well as bpdu detection and loop protect. Plenty posts on this forum on those subjects.

All uplinks should be untagged for the same VLAN (lots of people use vlan 1 for this but you really shouldn't) and tagged for the rest of the vlans to make sure that your traffic doesn't get black-holed and works end to end.

Make sure that you disable the unsecure protocols (all of the unencrypted ones such as telnet, tftp) and enable the like of ssh and sftp. 

Upgrade your switches to the 16.02 software image (latest at time of writing)

There is plenty documentation on the site. Make yourself comfortable with the Advanced Traffic Management Guide and the other manuals (Product Page -> Related Links: Tech Support / Manuals  -> Manuals -> "view all").

Sometimes it is better to break these things down into a sequence of tasks and work your way through them.

Get SW1 and one of the others built up and then as you gain confidence and get more understanding of the command structure just copy the bits of configuration that you need to the other switches. You can get terminal emulators (mtputty - secure CRT amongst others) that will let you run multiple SSH sessions to multiple switches at the same time and send a common command to all of them at once.

Hope that gives you a start - let us know how you get on.

Don't forget "Kudos" and "solved" buttons if posts are helpful / useful / amusing

Thanks

Ian

Hope that helps - please click "Thumbs up" for Kudos if it does
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
mazimbela
Occasional Contributor

Re: Aruba 2920 PoE+ Switch - configuration & VLAN

Thanks Ian fro your advise and contribution.

My DHCP will be running from Windows Domain Controller. Now tell me from each 24-port switch, how many ports or what ports should be tagged & not tagged for each each of my VLANs (vlan 10, vlan 130, vlan 135), in order to get every thing working

EG:

SW1:

SW2

SW3:

SW4:

SW5:

Ian Vaughan
Honored Contributor

Re: Aruba 2920 PoE+ Switch - configuration & VLAN

Howdy,

User facing ports - put into VLAN <NN> untagged - where NN is the VLAN that the user/server needs to be part of.

Uplink / downlink ports - 

Pick A. N. Other "spare" VLAN - say 777 put this as untagged

Put all the other downstream VLANs as "tagged" on the link 

So say port 24 was an uplink, you would see it as untagged in 777 and tagged in say  10, 20, 30, 130, 135 if they were the VLANs bound to user ports on downstream switches.

Make sure that the configuration  (vlans tagged and untagged) matches at each end of each inter-switch link. 

Make sure that all of the VLANs are configured on each switch (only SW1 needs IP addressing on more than the "management" VLAN if it is acting as the L3 "routing" switch). 

You will need an IP helper or DHCP relay configuration on each L3 interface on the switch (other than the one where the DHCP server resides)  in order to properly connect users looking for dynamic addresses with the DHCP server as they will be on different sides of a layer 3 gateway where broadcasts cannot naturally reach.  

Let us know how you get on

many thanks

Ian

 

Hope that helps - please click "Thumbs up" for Kudos if it does
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me