HPE Community
Switches, Hubs, and Modems
1754316 Members
2504 Online
108813 Solutions
New Discussion юеВ

Set up vlan on HP 2530-24G

 
radicsferenc
Occasional Contributor

тАО11-03-2021 03:57 AM

тАО11-03-2021 03:57 AM

Set up vlan on HP 2530-24G

I would like to setup an untagged vlan port on a HP aruba J9776A switch. This is my current config:

xxx-switch# show config

Startup configuration: 37

; J9776A Configuration Editor; Created on release #YA.16.11.0001
; Ver #14:41.44.00.04.19.02.13.98.82.34.61.18.28.f3.84.9c.63.ff.37.27:05
hostname "aaa"
ip default-gateway 192.168.1.254
snmp-server community "public"
snmp-server contact "bbb"
vlan 1
name "DEFAULT_VLAN"
no untagged 5
untagged 1-4,6-28
ip address 192.168.0.206 255.255.254.0
exit
vlan 5
name "CCC"
untagged 5
tagged 25,27
no ip address
ipv6 enable
ipv6 address autoconfig
exit
allow-unsupported-transceiver
password manager

I have a firewall in the LAN that handles vlans, and this switch is connecting to the LAN with SFP connection (port 25 and 27). As this config is set up I think the port 5 should be in VLAN 5, so if i connect a device to the port 5 that should be connected directly to VLAN 5. But it isn't. It can't reach other devices in vlan5. Please could anyone help me? What did I do wrong?

0 Kudos
3 REPLIES 3
Ivan_B
HPE Pro

тАО11-03-2021 04:08 AM

тАО11-03-2021 04:08 AM

Re: Set up vlan on HP 2530-24G

Hi @radicsferenc !

Port 5 is in VLAN 5. It is untagged, so any host that doesn't tag its traffic should be fine. Why do you think the issue is with port 5 and not with 25 or 27? 

I am an HPE employee

Accept or Kudo

0 Kudos
parnassus
Honored Contributor

тАО11-03-2021 05:17 PM

тАО11-03-2021 05:17 PM

Re: Set up vlan on HP 2530-24G

Hi @radicsferenc, you wrote:

@radicsferenc wrote: I have a firewall in the LAN that handles vlans, and this switch is connecting to the LAN with SFP connection (port 25 and 27). As this config is set up I think the port 5 should be in VLAN 5, so if i connect a device to the port 5 that should be connected directly to VLAN 5. But it isn't. It can't reach other devices in vlan5. Please could anyone help me? What did I do wrong?

What other devices on VLAN 5 you have on that switch (and that the client connected on interface 5 can't reach) if the only access port (untagged) member of VLAN 5 is exactly the interface 5?

Are you trying to tell us that devices on VLAN 1 and device on VLAN 5 can't ping each others? if so check the Firewall since it should route those packets between those two segments (the Aruba 2530 Switch acts just as a Layer 2 device).

Please paste the output of show vlan ports ethernet 5,25,27 details CLI command.

As @Ivan_B answered you, interface 5 is an access port on VLAN 5 so we guess you're connecting a VLAN unaware host into that port, then interfaces 25 and 27 are both tagged members of VLAN 5 and both untagged member of VLAN 1, both these two interfaces are, following what you described, connected to your Firewall which is acting as the router and gateway (it should own the VLAN 5 and VLAN 1 IP Addresses, isn't it?) for your internal networks (segments), those on VLAN 1 and VLAN 5...maybe the issue is exactly on the Firewall.


I'm not an HPE Employee
Kudos and Accepted Solution banner
0 Kudos
radicsferenc
Occasional Contributor

тАО11-05-2021 03:46 AM

тАО11-05-2021 03:46 AM

Re: Set up vlan on HP 2530-24G

Today I realized something really weird is happening here.

I have another vlan (id 175) on another port on the aruba that is working great. This vlan175 is a wifi network. This is connected to an AP and a few android phones can access the internet there.

If I connect a LAPTOP to port5 it is working fine. It is connecting to the vlan and can ping other vlan5 devices. So vlan5 is working great.
The device that I'd like to connect to port5 is an IP phone. (Vlan5 is our IP phone network) When I connect the phone on port5, it can't find its server so I thought the phone is broken. I changed it but the same happened. Can't connect. Tried both of the phones elsewhere on another switch on vlan5 and they work!

So a laptop can work on that port5 but an IP phone can't.

I tried the untagged port5 to change to tagged, and connected an another (dell) switch temporarily on that port. On that dell switch i changed the connecting port to tagged and made an untagged vlan5 port. I connected the IP phone to that switch. And the phone is working. I'm confused.

 

Port 5 is in VLAN5. It is untagged, so any host that doesn't tag its traffic should be fine. Why do you think the issue is with port 5 and not with 25 or 27?

Port 25 and 27 is handling the tags fine. Tried and I could connect to vlans with laptops through untagged ports on that aruba.

 

What other devices on VLAN 5 you have on that switch (and that the client connected on interface 5 can't reach) if the only access port (untagged) member of VLAN 5 is exactly the interface 5?

There are no other vlan5 devices on that switch. The server of the IP phone is elsewhere on the LAN.

 

Are you trying to tell us that devices on VLAN 1 and device on VLAN 5 can't ping each others? if so check the Firewall since it should route those packets between those two segments (the Aruba 2530 Switch acts just as a Layer 2 device).

Yes, vlan1 and vlan5 devices can't ping each other. It is by design. It is fine. I know it is a layer 2 device.

 

Please paste the output of show vlan ports ethernet 5,25,27 details CLI command.

Now I think that this is not a tagged-untagged config problem. But here is the output:

switch# show vlan ports ethernet 5,25,27 detail

Status and Counters - VLAN Information - for ports 5

VLAN ID Name | Status Voice Jumbo Mode
------- -------------------- + ---------- ----- ----- --------
5 TELEFON | Port-based No No Untagged

Status and Counters - VLAN Information - for ports 25

VLAN ID Name | Status Voice Jumbo Mode
------- -------------------- + ---------- ----- ----- --------
1 DEFAULT_VLAN | Port-based No No Untagged
5 TELEFON | Port-based No No Tagged
172 VENDEG WIFI | Port-based No No Tagged
175 SERTES WIFI | Port-based No No Tagged

Status and Counters - VLAN Information - for ports 27

VLAN ID Name | Status Voice Jumbo Mode
------- -------------------- + ---------- ----- ----- --------
1 DEFAULT_VLAN | Port-based No No Untagged
5 TELEFON | Port-based No No Tagged
172 VENDEG WIFI | Port-based No No Tagged
175 SERTES WIFI | Port-based No No Tagged

 

As @Ivan_B answered you, interface 5 is an access port on VLAN 5 so we guess you're connecting a VLAN unaware host into that port, then interfaces 25 and 27 are both tagged members of VLAN 5 and both untagged member of VLAN 1, both these two interfaces are, following what you described, connected to your Firewall which is acting as the router and gateway (it should own the VLAN 5 and VLAN 1 IP Addresses, isn't it?) for your internal networks (segments), those on VLAN 1 and VLAN 5...maybe the issue is exactly on the Firewall.

Yes, at a point I thought that vlan unaware host is the problem. But that IP phone works anywhere else. And other hosts (laptops) can connect to vlan5 and other vlans on that aruba switch. So phone is working and the switch is working, but they can not work together. I'm really confused.
Our firewall is the dhcp server in the vlan172 and vlan 175. We are not using dhcp in vlan5. The ip addresses of the IP phones are setup manually.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.