English Community

Datacenter NetworkingDatacenter Networking Hardware
All Forum Topics
Options

6 Posts

07-30-2020

DK

7 Signins

25 Page Views

  • Posts: 6
  • Registered: ‎07-30-2020
  • Location: DK
  • Views: 25
  • Message 1 of 13

Configuration of NE1032 with ISL and connection to Aruba 2930F switch

2020-07-30, 11:36 AM

Hi

 

I am setting up 2 NE1032 switches with ISL between.

They should uplink to our Aruba 2930F switch, where our old servers are attached.

 

I cannot figure out the smartest way of doing this.

 

And what type of STP are best practise. Now we are running MSTP on our Aruba switches, but dont know if I should change this to RPVST?

 

The 2 switch configurations are show below.

 

Switch SW1 is our management switch, purely for ILM, iLo and connected to mgmt port on the NE1032 switche.

Switch SW4 is our Aruba 2930F swich.

 

 

!

version "10.10.5.0"

!

hostname SW2

!

!

vrf context management

ip route 0.0.0.0/0 172.16.255.1

# Change 172.16.255.1 to default gateway on management network

!

!

username admin role network-admin password encrypted $6$S5aoVuAF$7EetKqT6m1uSHsDycqHT6jLzFPu6.e1ZIpEh6T3PpmiSZGGiNAOpzYN9H4zXYRsJ5gzniMtiet/cjley0up8t/

feature restApi

ovsdb pki ovsdb_mgmt vrf management

ovsdb pki ovsdb_default vrf default

!

vlag tier-id 30

vlag isl port-channel 32

vlag hlthchk peer-ip 172.16.255.17 vrf management

# Change 172.16.255.17 to switch management IP of SW3

vlag enable

vlag instance 2 port-channel 2

vlag instance 2 enable

vlag instance 3 port-channel 3

vlag instance 3 enable

!

vlan 1

!

vlan 2

name VLAN2

!

vlan 3

name VLAN3

!

vlan 4

name VLAN4

!

vlan 5

name VLAN5

!

vlan 6

name VLAN6

!

vlan 7

name VLAN7

!

vlan 8

name VLAN8

!

vlan 9

name VLAN9

!

vlan 10

name VLAN10

!

vlan 11

name IVC-DC-WAN

!

vlan 12

name IVC-DC-PC

!

vlan 13

name IVC-DC-GUEST

!

vlan 14

name IVC-DC-PRINT

!

vlan 15

name IVC-DC-IOT

!

vlan 16

name IVC-DC-SRV

!

vlan 17

name IVC-DC-DMZ

!

vlan 18

name IVC-DC-ITV

!

vlan 19

name IVC-DC-MGMT

!

vlan 20

name IVC-HEDE-EXT

!

vlan 21

name IVC-HEDE-NOACC

!

vlan 22

name IVC-HEDE-PC

!

vlan 23

name IVC-HEDE-GUEST

!

vlan 24

name IVC-HEDE-PRINT

!

vlan 25

name IVC-HEDE-IOT

!

vlan 26

name IVC-HEDE

!

vlan 27

name IVC-HEDE-

!

vlan 28

name IVC-HEDE-TVO

!

vlan 29

name IVC-HEDE-MGMT

!

vlan 30

name IVC-TOFT-EXT

!

vlan 31

name IVC-TOFT-NOACC

!

vlan 32

name IVC-TOFT-PC

!

vlan 33

name IVC-TOFT-GUEST

!

vlan 34

name IVC-TOFT-PRINT

!

vlan 35

name IVC-TOFT-IOT

!

vlan 36

name IVC-TOFT

!

vlan 37

name IVC-TOFT-

!

vlan 38

name IVC-TOFT-TVO

!

vlan 39

name IVC-TOFT-MGMT

!

vlan 40

name IVC-EGT-EXT

!

vlan 41

name IVC-EGT-NOACC

!

vlan 42

name IVC-EGT-PC

!

vlan 43

name IVC-EGT-GUEST

!

vlan 44

name IVC-EGT-PRINT

!

vlan 45

name IVC-EGT-IOT

!

vlan 46

name IVC-EGT

!

vlan 47

name IVC-EGT-

!

vlan 48

name IVC-EGT-TVO

!

vlan 49

name IVC-EGT-MGMT

!

vlan 71

name IVC-GREVE-NOACC

!

vlan 72

name IVC-GREVE-PC

!

vlan 73

name IVC-GREVE-GUEST

!

vlan 74

name IVC-GREVE-PRINT

!

vlan 75

name IVC-GREVE

!

vlan 76

name IVE-GREVE-

!

vlan 77

name IVC-GREVE-

!

vlan 78

name IVC-GREVE-TVO

!

vlan 79

name IVC-GREVE-MGMT

!

vlan 200

name IPN-MGMT

!

vlan 201

name IPN-PC

!

vlan 202

name IPN-IOT

!

vlan 203

name IPN-GUEST

!

vlan 204

name IPN-TVO

!

vlan 205

name IPN-Vaerksted

!

vlan 206-209

!

vlan 210

name IPN-SrvMgmt

!

vlan 211

name IPN-IpnServices

!

vlan 212

name IPN-Backup

!

vlan 213

name IPN-MMITS

!

vlan 214

!

vlan 215

name IPMail

!

vlan 216

name JLrevision

!

vlan 217

name SaebyGods

!

vlan 218

name LokkenTurist

!

vlan 219

name JISport

!

vlan 220

name DOF

!

vlan 221

name VLAN221

!

vlan 222

name VLAN222

!

vlan 223

name VLAN223

!

vlan 224

name VLAN224

!

vlan 225

name VLAN225

!

vlan 226

name VLAN226

!

vlan 227

name VLAN227

!

vlan 228

name VLAN228

!

vlan 229

name VLAN229

!

vlan 230

name VLAN230

!

vlan 231

name VLAN231

!

vlan 232

name VLAN232

!

vlan 233

name VLAN233

!

vlan 234

name VLAN234

!

vlan 235

name VLAN235

!

vlan 236

name VLAN236

!

vlan 237

name VLAN237

!

vlan 238

name VLAN238

!

vlan 239

name VLAN239

!

vlan 240

name VLAN240

!

vlan 241

name VLAN241

!

vlan 242

name VLAN242

!

vlan 243

name VLAN243

!

vlan 244

name VLAN244

!

vlan 245

name VLAN245

!

vlan 246

name VLAN246

!

vlan 247

name VLAN247

!

vlan 248

name VLAN248

!

vlan 249

name VLAN249

!

vlan 250

name VLAN250

!

vlan 251

name VLAN251

!

vlan 500

name VLAN500

!

vlan 501

name VLAN501

!

vlan 750

name VLAN750

!

vlan 751

name VLAN751

!

vlan 1000

name ISL-LAG-VLAN

!

interface Ethernet1/1

description SW3-1

switchport mode trunk

channel-group 32 mode active

!

interface Ethernet1/2

description SW3-2

switchport mode trunk

channel-group 32 mode active

!

interface Ethernet1/3

description not_in_use

shutdown

!

interface Ethernet1/4

description not_in_use

shutdown

!

interface Ethernet1/5

description NetApp CT1 C

switchport mode trunk

channel-group 2 mode active

!

interface Ethernet1/6

description NetApp CT1 D

switchport mode trunk

channel-group 2 mode active

!

interface Ethernet1/7

description NetApp CT2 C

switchport mode trunk

channel-group 2 mode active

!

interface Ethernet1/8

description NetApp CT2 D

switchport mode trunk

channel-group 2 mode active

!

interface Ethernet1/9

description not_in_use

shutdown

!

interface Ethernet1/10

description not_in_use

shutdown

!

interface Ethernet1/11

description not_in_use

shutdown

!

interface Ethernet1/12

description not_in_use

shutdown

!

interface Ethernet1/13

description not_in_use

shutdown

!

interface Ethernet1/14

description not_in_use

shutdown

!

interface Ethernet1/15

description not_in_use

shutdown

!

interface Ethernet1/16

description not_in_use

shutdown

!

interface Ethernet1/17

description SRV1_Emul1

switchport mode trunk

spanning-tree port type edge

!

interface Ethernet1/18

description SRV1_LOM1

switchport mode trunk

spanning-tree port type edge

!

interface Ethernet1/19

description SRV2_Emul1

switchport mode trunk

spanning-tree port type edge

!

interface Ethernet1/20

description SRV2_LOM1

switchport mode trunk

spanning-tree port type edge

!

interface Ethernet1/21

description SRV3_Emul1

switchport mode trunk

spanning-tree port type edge

!

interface Ethernet1/22

description SRV3_LOM1

switchport mode trunk

spanning-tree port type edge

!

interface Ethernet1/23

description SRV4_Emul1

switchport mode trunk

spanning-tree port type edge

!

interface Ethernet1/24

description SRV4_LOM1

switchport mode trunk

spanning-tree port type edge

!

interface Ethernet1/25

description IVC_SRV1-1

switchport mode trunk

switchport trunk allowed vlan 11-49,71-79

spanning-tree port type edge

!

interface Ethernet1/26

description IVC_SRV2-1

switchport mode trunk

switchport trunk allowed vlan 11-49,71-79

spanning-tree port type edge

!

interface Ethernet1/27

description IVC_SRV3-1

switchport mode trunk

switchport trunk allowed vlan 11-49,71-79

spanning-tree port type edge

!

interface Ethernet1/28

description IVC_SRV4-1

switchport mode trunk

switchport trunk allowed vlan 11-49,71-79

spanning-tree port type edge

!

interface Ethernet1/29

description IVC_SW4-51

switchport mode trunk

channel-group 3 mode active

!

interface Ethernet1/30

description not_in_use

shutdown

!

interface Ethernet1/31

description not_in_use

shutdown

!

interface Ethernet1/32

description not_in_use

shutdown

!

interface loopback0

no switchport

!

interface mgmt0

no switchport

vrf member management

no ip address dhcp

ip address 172.16.255.16/24

# Change 172.16.255.16/24 to the correct management IP and scope for this switch.

no ip address default

!

interface Vlan1

no switchport

!

interface port-channel2

switchport mode trunk

!

interface port-channel3

switchport mode trunk

!

interface port-channel32

switchport mode trunk

!

line con 0

line vty 0 39

!

!

!

end

 

 

!

version "10.10.5.0"

!

hostname SW3

!

!

vrf context management

ip route 0.0.0.0/0 172.16.255.1

# Change 172.16.255.1 to default gateway on management network

!

!

username admin role network-admin password encrypted $6$U2.bKg60$tdPpRA4Ov3tDXRJ1O1uegMrgs8b.dtLnUaHFcL.O2joLS4oJaTLvp6QoIXiHe1V0CqsQK.xZ.g5/km7216QYT.

feature restApi

ovsdb pki ovsdb_mgmt vrf management

ovsdb pki ovsdb_default vrf default

!

vlag tier-id 30

vlag isl port-channel 32

vlag hlthchk peer-ip 172.16.255.16 vrf management

# Change 172.16.255.16 to switch management IP of SW2

vlag enable

vlag instance 2 port-channel 2

vlag instance 2 enable

vlag instance 3 port-channel 3

vlag instance 3 enable

!

vlan 1

!

vlan 2

name VLAN2

!

vlan 3

name VLAN3

!

vlan 4

name VLAN4

!

vlan 5

name VLAN5

!

vlan 6

name VLAN6

!

vlan 7

name VLAN7

!

vlan 8

name VLAN8

!

vlan 9

name VLAN9

!

vlan 10

name VLAN10

!

vlan 11

name IVC-DC-WAN

!

vlan 12

name IVC-DC-PC

!

vlan 13

name IVC-DC-GUEST

!

vlan 14

name IVC-DC-PRINT

!

vlan 15

name IVC-DC-IOT

!

vlan 16

name IVC-DC-SRV

!

vlan 17

name IVC-DC-DMZ

!

vlan 18

name IVC-DC-ITV

!

vlan 19

name IVC-DC-MGMT

!

vlan 20

name IVC-HEDE-EXT

!

vlan 21

name IVC-HEDE-NOACC

!

vlan 22

name IVC-HEDE-PC

!

vlan 23

name IVC-HEDE-GUEST

!

vlan 24

name IVC-HEDE-PRINT

!

vlan 25

name IVC-HEDE-IOT

!

vlan 26

name IVC-HEDE

!

vlan 27

name IVC-HEDE-

!

vlan 28

name IVC-HEDE-TVO

!

vlan 29

name IVC-HEDE-MGMT

!

vlan 30

name IVC-TOFT-EXT

!

vlan 31

name IVC-TOFT-NOACC

!

vlan 32

name IVC-TOFT-PC

!

vlan 33

name IVC-TOFT-GUEST

!

vlan 34

name IVC-TOFT-PRINT

!

vlan 35

name IVC-TOFT-IOT

!

vlan 36

name IVC-TOFT

!

vlan 37

name IVC-TOFT-

!

vlan 38

name IVC-TOFT-TVO

!

vlan 39

name IVC-TOFT-MGMT

!

vlan 40

name IVC-EGT-EXT

!

vlan 41

name IVC-EGT-NOACC

!

vlan 42

name IVC-EGT-PC

!

vlan 43

name IVC-EGT-GUEST

!

vlan 44

name IVC-EGT-PRINT

!

vlan 45

name IVC-EGT-IOT

!

vlan 46

name IVC-EGT

!

vlan 47

name IVC-EGT-

!

vlan 48

name IVC-EGT-TVO

!

vlan 49

name IVC-EGT-MGMT

!

vlan 71

name IVC-GREVE-NOACC

!

vlan 72

name IVC-GREVE-PC

!

vlan 73

name IVC-GREVE-GUEST

!

vlan 74

name IVC-GREVE-PRINT

!

vlan 75

name IVC-GREVE

!

vlan 76

name IVE-GREVE-

!

vlan 77

name IVC-GREVE-

!

vlan 78

name IVC-GREVE-TVO

!

vlan 79

name IVC-GREVE-MGMT

!

vlan 200

name IPN-MGMT

!

vlan 201

name IPN-PC

!

vlan 202

name IPN-IOT

!

vlan 203

name IPN-GUEST

!

vlan 204

name IPN-TVO

!

vlan 205

name IPN-Vaerksted

!

vlan 206-209

!

vlan 210

name IPN-SrvMgmt

!

vlan 211

name IPN-IpnServices

!

vlan 212

name IPN-Backup

!

vlan 213

name IPN-MMITS

!

vlan 214

!

vlan 215

name IPMail

!

vlan 216

name JLrevision

!

vlan 217

name SaebyGods

!

vlan 218

name LokkenTurist

!

vlan 219

name JISport

!

vlan 220

name DOF

!

vlan 221

name VLAN221

!

vlan 222

name VLAN222

!

vlan 223

name VLAN223

!

vlan 224

name VLAN224

!

vlan 225

name VLAN225

!

vlan 226

name VLAN226

!

vlan 227

name VLAN227

!

vlan 228

name VLAN228

!

vlan 229

name VLAN229

!

vlan 230

name VLAN230

!

vlan 231

name VLAN231

!

vlan 232

name VLAN232

!

vlan 233

name VLAN233

!

vlan 234

name VLAN234

!

vlan 235

name VLAN235

!

vlan 236

name VLAN236

!

vlan 237

name VLAN237

!

vlan 238

name VLAN238

!

vlan 239

name VLAN239

!

vlan 240

name VLAN240

!

vlan 241

name VLAN241

!

vlan 242

name VLAN242

!

vlan 243

name VLAN243

!

vlan 244

name VLAN244

!

vlan 245

name VLAN245

!

vlan 246

name VLAN246

!

vlan 247

name VLAN247

!

vlan 248

name VLAN248

!

vlan 249

name VLAN249

!

vlan 250

name VLAN250

!

vlan 251

name VLAN251

!

vlan 500

name VLAN500

!

vlan 501

name VLAN501

!

vlan 750

name VLAN750

!

vlan 751

name VLAN751

!

vlan 1000

name ISL-LAG-VLAN

!

interface Ethernet1/1

description SW2-1

switchport mode trunk

channel-group 32 mode active

!

interface Ethernet1/2

description SW2-2

switchport mode trunk

channel-group 32 mode active

!

interface Ethernet1/3

description not_in_use

shutdown

!

interface Ethernet1/4

description not_in_use

shutdown

!

interface Ethernet1/5

description NetApp CT1 E

switchport mode trunk

channel-group 2 mode active

!

interface Ethernet1/6

description NetApp CT1 F

switchport mode trunk

channel-group 2 mode active

!

interface Ethernet1/7

description NetApp CT2 E

switchport mode trunk

channel-group 2 mode active

!

interface Ethernet1/8

description NetApp CT2 F

switchport mode trunk

channel-group 2 mode active

!

interface Ethernet1/9

description not_in_use

shutdown

!

interface Ethernet1/10

description not_in_use

shutdown

!

interface Ethernet1/11

description not_in_use

shutdown

!

interface Ethernet1/12

description not_in_use

shutdown

!

interface Ethernet1/13

description not_in_use

shutdown

!

interface Ethernet1/14

description not_in_use

shutdown

!

interface Ethernet1/15

description not_in_use

shutdown

!

interface Ethernet1/16

description not_in_use

shutdown

!

interface Ethernet1/17

description SRV1_Emul2

 switchport mode trunk

spanning-tree port type edge

!

interface Ethernet1/18

description SRV1_LOM2

switchport mode trunk

spanning-tree port type edge

!

interface Ethernet1/19

description SRV2_Emul2

switchport mode trunk

spanning-tree port type edge

!

interface Ethernet1/20

description SRV2_LOM2

switchport mode trunk

spanning-tree port type edge

!

interface Ethernet1/21

description SRV3_Emul2

switchport mode trunk

spanning-tree port type edge

!

interface Ethernet1/22

description SRV3_LOM2

switchport mode trunk

spanning-tree port type edge

!

interface Ethernet1/23

description SRV4_Emul2

switchport mode trunk

spanning-tree port type edge

!

interface Ethernet1/24

description SRV4_LOM2

switchport mode trunk

spanning-tree port type edge

!

interface Ethernet1/25

description IVC_SRV1-2

switchport mode trunk

switchport trunk allowed vlan 11-49,71-79

spanning-tree port type edge

!

interface Ethernet1/26

description IVC_SRV2-2

switchport mode trunk

switchport trunk allowed vlan 11-49,71-79

spanning-tree port type edge

!

interface Ethernet1/27

description IVC_SRV3-2

switchport mode trunk

switchport trunk allowed vlan 11-49,71-79

spanning-tree port type edge

!

interface Ethernet1/28

description IVC_SRV4-2

switchport mode trunk

switchport trunk allowed vlan 11-49,71-79

spanning-tree port type edge

!

interface Ethernet1/29

description IVC_SW4-52

switchport mode trunk

channel-group 3 mode active

!

interface Ethernet1/30

description not_in_use

shutdown

!

interface Ethernet1/31

description not_in_use

shutdown

!

interface Ethernet1/32

description not_in_use

shutdown

!

interface loopback0

no switchport

!

interface mgmt0

no switchport

vrf member management

no ip address dhcp

ip address 172.16.255.17/24

# Change 172.16.255.17/24 to the correct management IP and scope for this switch.

no ip address default

!

interface Vlan1

no switchport

!

interface port-channel2

switchport mode trunk

!

interface port-channel3

switchport mode trunk

!

interface port-channel32

switchport mode trunk

!

line con 0

line vty 0 39

!

!

!

end

 

Reply
Options

105 Posts

06-03-2020

US

83 Signins

890 Page Views

  • Posts: 105
  • Registered: ‎06-03-2020
  • Location: US
  • Views: 890
  • Message 2 of 13

Re:Configuration of NE1032 with ISL and connection to Aruba 2930F switch

2020-07-30, 12:31 PM

Hello,

 

Your basic config looks fine. The decision of what spanning-tree to use is really a judgement call and there is really not a right or wrong answer. Assuming you have built a loop free design, the type of STP really does not matter.  You could even chose to disable it all together, since there are no loops that STP would need to block. Personally I prefer to leave STP enabled, even without loops, in case someone down the road plugs in cables in the wrong place an accidentally induces a loop. On that note:

 

  1. If you do disable spanning-tree on the NE1032's, you should enable any "portfast" type of functionality (i.e. spanning-tree edge" mode) on the upstream connecting ports on the Aruba. This is to make sure the links on the Aruba go forwarding on "link up", rather than waste 30 seconds going through STP stages after the links firs come up.
  2. If you plan to keep spanning-tree enabled, it would be best if both the NE1032's and the connecting upstream switch are running the same spanning-tree (both MSTP or both PVRST). While this current design (no loops) does not really matter, if someone does induce a loop later, having both sides agree on ST Poperation will help ensure any induced loop is correctly blocked.
  3. If you plan to change spanning-tree type or disable STP on the NE1032,s, you will need to disable vLAG while making the changes (CNOS on the NE1032's will not let you change STP type while vLAG is enabled). This is a potentially disruptive operation, so if the switches are already connected  to the upstream Aruba, I recommend shutting down the uplinks first (to prevent inducing any loops while changing STP type), make the desired changes, re-enable vLAG on both switches, and then bring the uplinks back up. Note this will be an outage for devices using the path to the Aruba, which is shy this type of change is typically done before putting switches into service, rather than after.

 

I also recommend running the following commands on the NE1032's after everything is up and operational:

A) "show int brief" to confirm all desired links are up

B) "show port-chan sum" to confirm any local LAGs are in the "P" state. 

C) "show vlag info" to confirm: ISL is reporting "active"; health check is reporting "up"; and the two vLAG aggregations are reporting current state as "formed".

 

Hope this helps but let us know if you still have questions.

 

Thanks, Matt

 

Reply
Options

501 Posts

07-17-2018

US

853 Signins

7467 Page Views

  • Posts: 501
  • Registered: ‎07-17-2018
  • Location: US
  • Views: 7467
  • Message 3 of 13

Re:Configuration of NE1032 with ISL and connection to Aruba 2930F switch

2020-07-30, 12:31 PM

Hello IPNord,

 

Welcome to the community!

 

Have you considered VLAG? This would allow you to prevent loops without blocking. The requirements are two identical switches running the same version of code.  The NE1032's would be configured for VLAG and the Aruba switch would need a min 2 port lag where each port goes to one of the NE1032.

Reply
Options

6 Posts

07-30-2020

DK

7 Signins

25 Page Views

  • Posts: 6
  • Registered: ‎07-30-2020
  • Location: DK
  • Views: 25
  • Message 4 of 13

Re:Configuration of NE1032 with ISL and connection to Aruba 2930F switch

2020-07-31, 6:24 AM

Hi

 

Thanks for a quick and explaning answer.

 

Can you confirm that the ISL healtcheck is running inside the ISL link, and not directly on the mgmt port 0 and through the iLM switch SW1?

 

My plan was to use VLAG between NE1032 interface Ethernet1/29 and A2930F, but not shure which config commands that are the rigth ones, since equipment isn't the same.

Do you have an idea or example?

 

Best regards

Thomas

Reply
Options

105 Posts

06-03-2020

US

83 Signins

890 Page Views

  • Posts: 105
  • Registered: ‎06-03-2020
  • Location: US
  • Views: 890
  • Message 5 of 13

Re:Configuration of NE1032 with ISL and connection to Aruba 2930F switch

2020-07-31, 11:33 AM

Hello Thomas,

 

Your health check is currently configured to use the OOB management port. This is typical and usually what is recommended. Putting the vLAG health check over the ISL defeats the purpose of the health check. The purpose is to detect when an ISL is down but both switches are still up. In your current correct config, if the ISL goes down, the health check will still see the other switch is up, and know it is just an ISL failure, and not a partner switch failure, and in this case, the "Primary" of the vLAG pair will take over traffic and the secondary will err-disable its' vLAG aggregations. If the health check went over the ISL, and the ISL went down, both the ISL AND the health check go down at the same time, and both switches think the other switch is dead, and both go active forwarding, which will lead to black holing of traffic and intermittent issues at best. So the vLAG health check should ALWAYS use a path different from the ISL (typically as you have done, with the OOB management port). But you could use one of the 10G ports and set it on an unused VLAN, configure an IP on that VLAN, and run a cable between the two ports for the vLAG health check) But that uses up an expensive 10G port for the health check so most people do not use that method.

 

For the connection to Aruba, the config is currently correct, assuming you want an LACP aggregation in "trunk" mode to allow all VLANs. You have set up each port 1/29 as an LACP aggregation (set to Po3 with the command "channel-group 3 mode active") and set it to trunk mode to allow all VLANs. You have then added port-channel 3 to the vLAG aggregation with the commands "vlag instance 3 port-channel 3" and " vlag instance 3 enable". In this config you have created a two port LACP port channel made up of port 1/29 from each switch. On the Aruba side (assuming it is a single Aruba switch) you want to set up a single two port LACP aggregation, and also set it to allow all VLANs (AKA "trunk" mode), with the native untagged VLAN as 1, to match the Lenovo config on ports 1/29 and po3.  Note if the upstream is actually two Aruba switches, they will need to support some form of cross-switch aggregation like vLAG does, or stacking to virtualize the aggregation across multiple switches.

 

I do not have the Aruba versions of the commands to create an LACP aggregation and set it to trunk mode, but it should be something you can google for. I did a quick search on Aruba and LACP and got the following link:

https://www.arubanetworks.com/techdocs/ArubaOS_60/UserGuide/LACP.php

Since configs can be code version dependent, you probably want to find the docs for the exact version of code you are using on your Aruba.

 

Hope this helps.

 

Thanks, Matt

 

 

 

Reply
Options

6 Posts

07-30-2020

DK

7 Signins

25 Page Views

  • Posts: 6
  • Registered: ‎07-30-2020
  • Location: DK
  • Views: 25
  • Message 6 of 13

Re:Configuration of NE1032 with ISL and connection to Aruba 2930F switch

2020-09-22, 11:56 AM

Hi

 

Please help me with this problem

 

I have connected the 2 x NE1032 switches (SW2 and SW3) with my Aruba 2930F switch (SW4)

 

On the NE1032:

vlag instance 3 port-channel 3

vlag instance 3 enable

 

interface port-channel3

switchport mode trunk

 

interface Ethernet1/29

description IVC_SW4-50

switchport mode trunk

channel-group 3 mode active

 

 

On the Aruba2930F:

trunk 49-50 trk1 lacp

 

vlan 49

  name "EGTV-VLAN49-MGMT"

  tagged 38,41-42,Trk1

  no ip address

 

vlan 88

  name "PADB-VLAN88-ITV"

  tagged 41-42,51,Trk1

  no ip address

 

vlan 11

  name "VLAN11-WAN"

  untagged 25-32,46-48

  no ip address

 

---

I have fine access on Vlan49 and 88. Which run on the trunk.

Vlan11 is some access ports that is connected to our ISP, and to our routers etc.

I want to have Vlan11 accessible on the NE1032, so our new virtual firewall can be connected here.

But when taggin Vlan11 on the Trk1 interface, the ISP make an shotdown on the port to us.

 

ISP reporting this error:

Sep 21 20:13:23.167 MET-DST: %SPANTREE-7-RECV_1Q_NON_TRUNK: Received 802.1Q BPDU on non trunk GigabitEthernet1/8 VLAN2001.
Sep 21 20:13:23.167 MET-DST: %SPANTREE-7-BLOCK_PORT_TYPE: Blocking GigabitEthernet1/8 on VLAN2001. Inconsistent port type.

 

 

Aruba2930F SW4 config is below and NE1032 SW2 confic is attached.

 

Aruba-2930F-48G-4SFPP# show running-config

 

Running configuration:

 

; JL254A Configuration Editor; Created on release #WC.16.05.0004

; Ver #12:08.1d.9b.3f.bf.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:ba

hostname "Aruba-2930F-48G-4SFPP"

module 1 type jl254a

trunk 49-50 trk1 lacp

include-credentials

password operator user-name "operator" sha1

"507a42a89f25ff9247874f5b0f00bc6e675071d6"

password manager user-name "manager" sha1

"f29f3167ad454fcbf75a0771c403ed5d7b111cce"

timesync sntp

sntp unicast

sntp server priority 1 192.168.13.99

time daylight-time-rule middle-europe-and-portugal

time timezone 60

no web-management

web-management ssl

ip default-gateway 192.168.13.99

interface 35

  name "MPLS GREVE"

  exit

interface 36

  name "MPLS TOFTLUND"

  exit

interface 37

  name "MPLS HEDENSTED"

  exit

interface 38

  name "MPLS EGTVED"

  exit

interface 39

  name "VLAN HEDE-WG"

  exit

interface 40

  name "VLAN HEDE-WG"

  exit

interface 41

  name "VLAN EGTV-WG"

  exit

interface 42

  name "VLAN EGTV-WG"

  exit

interface 43

  name "VLAN TOFT-WG"

  exit

interface 44

  name "VLAN TOFT-WG"

  exit

snmp-server community "public" operator

snmp-server enable traps mac-notify

snmp-server enable traps startup-config-change

snmp-server enable traps running-config-change

snmp-server enable traps mac-count-notify

snmp-server contact "Thomas Gustafsson" location "NIANET DC SW1"

snmpv3 engineid "00:00:00:0b:00:00:b0:5a:da:97:d7:c0"

snmpv3 enable

snmpv3 only

snmpv3 restricted-access

snmpv3 group operatorauth user "readonly" sec-model ver3

snmpv3 group managerpriv user "readwrite" sec-model ver3

snmpv3 user "readonly" auth sha "280efba12eab316017ed2dbb0d8c6a8885f361f6" priv

aes "885a347ca34445767398684f34fb7819"

snmpv3 user "readwrite" auth sha "434ba979c15cffe9e3bd15c6fa62e2655db4b4a9"

priv aes "b25417358066f2bda334935cec86bc22"

vlan 1

  name "DEFAULT_VLAN"

  no untagged 2-36,45-48,51,Trk1

  untagged 1,37-44,52

  ip address dhcp-bootp

  exit

vlan 10

  name "DC-VLAN10-GL_SERVER"

  untagged 2-24,33-34,45

  ip address 192.168.13.151 255.255.255.0

  exit

vlan 11

  name "DC-VLAN11-WAN"

  untagged 25-32,46-48

  no ip address

  exit

vlan 12

  name "DC-VLAN12-PC"

  no ip address

  exit

vlan 13

  name "DC-VLAN13-GUEST"

  no ip address

  exit

vlan 14

  name "DC-VLAN14-PRINT"

  no ip address

  exit

vlan 15

  name "DC-VLAN15-IOT"

  no ip address

  exit

vlan 16

  name "DC-VLAN16-SRV"

  no ip address

  exit

vlan 17

  name "DC-VLAN17-DMZ"

  no ip address

  exit

vlan 18

  name "DC-VLAN18-ITV"

  no ip address

  exit

vlan 19

  name "DC-VLAN19-MGMT"

  no ip address

  exit

vlan 20

  name "HEDE-VLAN20-EXT"

  tagged 37,39-40

  no ip address

  exit

vlan 21

  name "HEDE-VLAN21-NOACC"

  tagged 37,39-40

  no ip address

  exit

vlan 22

  name "HEDE-VLAN22-PC"

  tagged 35,37,39-40

  no ip address

  exit

vlan 23

  name "HEDE-VLAN23-GUEST"

  tagged 37,39-40

  no ip address

  exit

vlan 24

  name "HEDE-VLAN24-PRINT"

  tagged 37,39-40

  no ip address

  exit

vlan 25

  name "HEDE-VLAN25-IOT"

  tagged 37,39-40

  no ip address

  exit

vlan 28

  name "HEDE-VLAN28-ITV"

  tagged 37,39-40

  no ip address

  exit

vlan 29

  name "HEDE-VLAN29-MGMT"

  tagged 35,37,39-40

  no ip address

  exit

vlan 30

  name "TOFT-VLAN30-EXT"

  tagged 36,43-44

  no ip address

  exit

vlan 31

  name "TOFT-VLAN31-NOACC"

  tagged 36,43-44

  no ip address

  exit

vlan 32

  name "TOFT-VLAN32-PC"

  tagged 36,43-44

  no ip address

  exit

vlan 33

  name "TOFT-VLAN33-GUEST"

  tagged 36,43-44

  no ip address

  exit

vlan 34

  name "TOFT-VLAN34-PRINT"

  tagged 36,43-44

  no ip address

  exit

vlan 35

  name "TOFT-VLAN35-IOT"

  tagged 36,43-44

  no ip address

  exit

vlan 38

  name "TOFT-VLAN38-ITV"

  tagged 36,43-44

  no ip address

  exit

vlan 39

  name "TOFT-VLAN39-MGMT"

  tagged 36,43-44

  no ip address

  exit

vlan 40

  name "EGTV-VLAN40-EXT"

  tagged 38,41-42

  no ip address

  exit

vlan 41

  name "EGTV-VLAN41-NOACC"

  tagged 38,41-42

  no ip address

  exit

vlan 42

  name "EGTV-VLAN42-PC"

  tagged 38,41-42

  no ip address

  exit

vlan 43

  name "EGTV-VLAN43-GUEST"

  tagged 38,41-42

  no ip address

  exit

vlan 44

  name "EGTV-VLAN44-PRINT"

  tagged 38,41-42

  no ip address

  exit

vlan 45

  name "EGTV-VLAN45-IOT"

  tagged 38,41-42

  no ip address

  exit

vlan 48

  name "EGTV-VLAN48-ITV"

  tagged 38,41-42

  no ip address

  exit

vlan 49

  name "EGTV-VLAN49-MGMT"

  tagged 38,41-42,Trk1

  no ip address

  exit

vlan 50

  name "UK-VLAN50-WAN"

  no ip address

  exit

vlan 51

  name "UK-VLAN51-NOACC"

  no ip address

  exit

vlan 52

  name "UK-VLAN52-PC"

  no ip address

  exit

vlan 53

  name "UK-VLAN53-GUEST"

  no ip address

  exit

vlan 54

  name "UK-VLAN54-PRINT"

  no ip address

  exit

vlan 55

  name "UK-VLAN55-IOT"

  no ip address

  exit

vlan 58

  name "UK-VLAN58-ITV"

  no ip address

  exit

vlan 59

  name "UK-VLAN59-MGMT"

  no ip address

  exit

vlan 60

  name "JENS-VLAN60-EXT"

  no ip address

  exit

vlan 61

  name "JENS-VLAN61-NOACC"

  no ip address

  exit

vlan 62

  name "JENS-VLAN62-PC"

  no ip address

  exit

vlan 63

  name "JENS-VLAN63-GUEST"

  no ip address

  exit

vlan 64

  name "JENS-VLAN64-PRINT"

  no ip address

  exit

vlan 65

  name "JENS-VLAN65-IOT"

  no ip address

  exit

vlan 68

  name "JENS-VLAN68-ITV"

  no ip address

  exit

vlan 69

  name "JENS-VLAN69-MGMT"

  no ip address

  exit

vlan 70

  name "GREVE-VLAN70-EXT"

  no ip address

  exit

vlan 71

  name "GREVE-VLAN71-NOACC"

  tagged 35,41-42

  no ip address

  exit

vlan 72

  name "GREVE-VLAN72-PC"

  tagged 35,41-42

  no ip address

  exit

vlan 73

  name "GREVE-VLAN73-GUEST"

  tagged 35,41-42

  no ip address

  exit

vlan 74

  name "GREVE-VLAN74-PRINT"

  untagged 35

  tagged 41-42

  no ip address

  exit

vlan 75

  name "GREVE-VLAN75-IOT"

  no ip address

  exit

vlan 78

  name "GREVE-VLAN78-ITV"

  tagged 35,41-42

  no ip address

  exit

vlan 79

  name "GREVE-VLAN79-MGMT"

  tagged 35,41-42

  no ip address

  exit

vlan 80

  name "PADB-VLAN80-EXT"

  tagged 41-42

  no ip address

  exit

vlan 81

  name "PADB-VLAN81-NOACC"

  tagged 41-42

  no ip address

  forbid 51

  exit

vlan 82

  name "PADB-VLAN82-PC"

  tagged 41-42,51

  no ip address

  exit

vlan 83

  name "PADB-VLAN83-GUEST"

  tagged 41-42,51

  no ip address

  exit

vlan 84

  name "PADB-VLAN84-PRINT"

  tagged 41-42,51

  no ip address

  exit

vlan 85

  name "PADB-VLAN85-IOT"

  tagged 41-42,51

  no ip address

  exit

vlan 88

  name "PADB-VLAN88-ITV"

  tagged 41-42,51,Trk1

  no ip address

  exit

vlan 89

  name "PADB-VLAN89-MGMT"

  untagged 51

  tagged 41-42

  no ip address

  exit

spanning-tree Trk1 priority 4

no tftp client

no tftp server

no autorun

no dhcp config-file-update

no dhcp image-file-update

no dhcp tr69-acs-url

activate software-update disable

activate provision disable

 

Reply
Options

105 Posts

06-03-2020

US

83 Signins

890 Page Views

  • Posts: 105
  • Registered: ‎06-03-2020
  • Location: US
  • Views: 890
  • Message 7 of 13

Re:Configuration of NE1032 with ISL and connection to Aruba 2930F switch

2020-09-22, 14:33 PM

Hello,

 

This sounds more like a compatibility issue when mixing vendors with different types of STP.

 

The Lenovo switch emulates Cisco Per VLAN Rapid STP, and will be sending BPDU's tagged for each VLAN allowed on a trunk port. Including VLAN 11 in this case. But Aruba looks to run the IEEE standards based STP (looks like it defaults to MSTP on recent code).  Since Cisco-style Per VLAN STP is not part of any IEEE standard, it is up to vendors on how they want to interact with tagged BPDU's coming from a Cisco-like device such as a Cisco switch or these Lenovo switches emulating Cisco.  And it sounds like Aruba has decided it is going to treat it as a multicast packet (since it is a form of such) and flooded it on other ports with the VLAN 11. So the upstream device is seeing this tagged BPDU but the upstream port looks to also be Cisco like, and the other side is set for an Access VLAN (untagged VLAN 2001 on the other side). When the other side sees a tagged BPDU on an untagged port, it thinks there is a problem (Cisco being overly protective in my opinion, but maybe better safe than sorry) and slams the port down.

 

Since I'm guessing you do not have access to make changes to the other side (i.e. request the provider turn on BPDU filter). Then you probably can not have the upstream fix the issue. That and I do not know enough about your specific environment to know if this is a looped design using STP blocking for high availability (and if so, then turning on BPDU filter will almost certainly take the network down with a loop).

 

To fix this correctly we would need to know EXACTLY how all parts of this network connect to that upstream provider. And exactly what that upstream provider is (vendor-wise, although the message looks like Cisco, but other vendors copy Cisco syntax in messages some times).

 

If we assumed there were no loops between the Aruba and the upstream device, and the team running the upstream device will work with you, you could request one of the following:

1) Have the upstream port configured for BPDU filter

2) Have the upstream port put into trunk mode, and tagging VLAN 11 (requires provider change their VLAN from 2001 to 11, and also a change on Aruba as well to tag vlan 11).

I suspect either of these would resolve this issue, but again, ONLY if this is a non-looped design between Aruba and the upstream device, and ONLY if the provider will work with you.

 

Another approach that does not require changes on the upstream: If the Lenovo environment (the NE1032's) only have a single path to the Aruba environment (i.e via trunk 1 on the Aruba), than you could disable STP on both Lenovo switches. Or just put BPDU filter on the Lenovo port-channel facing the Aruba (Again, on both Lenovo switches). Both of these should stop the Lenovo’s from sending any BPDUs (tagged or otherwise) toward the Aruba. And should stop any tagged BPDUs then from being sent to the device upstream to the Aruba that is complaining.

 

Hope this helps and wish it was not so "wishy washy", but the nature of mixing vendors and their implementation of standards, and not knowing enough about all of the exact subtleties of a specific environment such as yours.

 

Thanks, Matt

 

Reply
Options

6 Posts

07-30-2020

DK

7 Signins

25 Page Views

  • Posts: 6
  • Registered: ‎07-30-2020
  • Location: DK
  • Views: 25
  • Message 8 of 13

Re:Configuration of NE1032 with ISL and connection to Aruba 2930F switch

2020-09-22, 18:06 PM
Hi Matt Thanks for you quick answer. The ISP provider isn't further fun of making that kind of changes. The Aruba running MSTP per default. Would it be possible to do this on the Lenovo's or just disable the PvRSTP? I'm only having servers and the Aruba switches attached. Kind regards Thomas
Reply
Options

105 Posts

06-03-2020

US

83 Signins

890 Page Views

  • Posts: 105
  • Registered: ‎06-03-2020
  • Location: US
  • Views: 890
  • Message 9 of 13

Re:Configuration of NE1032 with ISL and connection to Aruba 2930F switch

2020-09-23, 18:10 PM

Hello,

 

You can do either. Change the Lenovo switches to MSTP, or disable STP all together on them. Either way, when you change STP type (to MST or disabled) vLAG must be disabled (command will be rejected if trying to change STP type when vLAG is enabled). So I recommend taking down the Lenovo uplinks, disabling VLAG on both switches, change STP, re-enable vLAG and then bring the links back up. This will prevent any unexpected interactions with the upstream network while vLAG is disabled. 

 

Thanks, Matt

 

Reply
Options

6 Posts

07-30-2020

DK

7 Signins

25 Page Views

  • Posts: 6
  • Registered: ‎07-30-2020
  • Location: DK
  • Views: 25
  • Message 10 of 13

Re:Configuration of NE1032 with ISL and connection to Aruba 2930F switch

2020-09-28, 20:28 PM

Hi

 

I have changed to MSTP now.

Can you please take a look at the configuration to see if anything is missing or wrong? - Thanks

 

SW2 and SW3 are Lenovo 1032 switches connected on ISL Vlag. SW4 is th Uplink Aruba 2930 Switch.

 

 

NOS 10.10.2.0 Lenovo ThinkSystem NE1032 RackSwitch, Aug 21 14:23:13 PDT 2019

SW2>en

SW2#configure

Enter configuration commands, one per line.  End with CNTL/Z.

SW2(config)#show running-config

!

version "10.10.2.0"

!

hostname SW2

!

!

vrf context management

ip route 0.0.0.0/0 172.17.49.1

!

!

username admin role network-admin password encrypted $6$S5aoVuAF$7EetKqT6m1uSHsD

ycqHT6jLzFPu6.e1ZIpEh6T3PpmiSZGGiNAOpzYN9H4zXYRsJ5gzniMtiet/cjley0up8t/

feature restApi

ovsdb pki ovsdb_mgmt vrf management

ovsdb pki ovsdb_default vrf default

spanning-tree mode mst

!

vlag tier-id 30

vlag isl port-channel 32

vlag hlthchk peer-ip 172.17.49.108 vrf management

vlag enable

vlag instance 2 port-channel 2

vlag instance 2 enable

vlag instance 3 port-channel 3

vlag instance 3 enable

vlag instance 4 port-channel 4

vlag instance 4 enable

!

vlan 1

!

vlan 2

name VLAN2

!

vlan 3

name VLAN3

!

vlan 4

name VLAN4

!

vlan 5

name VLAN5

!

vlan 6

name VLAN6

!

vlan 7

name VLAN7

!

vlan 8

name VLAN8

!

vlan 9

name VLAN9

!

vlan 10

name VLAN10

!

vlan 11

name IVC-DC-WAN

!

vlan 12

name IVC-DC-PC

!

vlan 13

name IVC-DC-GUEST

!

vlan 14

name IVC-DC-PRINT

!

vlan 15

name IVC-DC-IOT

!

vlan 16

name IVC-DC-SRV

!

vlan 17

name IVC-DC-DMZ

!

vlan 18

name IVC-DC-ITV

!

vlan 19

name IVC-DC-MGMT

!

vlan 20

name IVC-HEDE-EXT

!

vlan 21

name IVC-HEDE-NOACC

!

vlan 22

name IVC-HEDE-PC

!

vlan 23

name IVC-HEDE-GUEST

!

vlan 24

name IVC-HEDE-PRINT

!

vlan 25

name IVC-HEDE-IOT

!

vlan 26

name IVC-HEDE

!

vlan 27

name IVC-HEDE-

!

vlan 28

name IVC-HEDE-TVO

!

vlan 29

name IVC-HEDE-MGMT

!

vlan 30

name IVC-TOFT-EXT

!

vlan 31

name IVC-TOFT-NOACC

!

vlan 32

name IVC-TOFT-PC

!

vlan 33

name IVC-TOFT-GUEST

!

vlan 34

name IVC-TOFT-PRINT

!

vlan 35

name IVC-TOFT-IOT

!

vlan 36

name IVC-TOFT

!

vlan 37

name IVC-TOFT-

!

vlan 38

name IVC-TOFT-TVO

!

vlan 39

name IVC-TOFT-MGMT

!

vlan 40

name IVC-EGT-EXT

!

vlan 41

name IVC-EGT-NOACC

!

vlan 42

name IVC-EGT-PC

!

vlan 43

name IVC-EGT-GUEST

!

vlan 44

name IVC-EGT-PRINT

!

vlan 45

name IVC-EGT-IOT

!

vlan 46

name IVC-EGT

!

vlan 47

name IVC-EGT-

!

vlan 48

name IVC-EGT-TVO

!

vlan 49

name IVC-EGT-MGMT

!

vlan 71

name IVC-GREVE-NOACC

!

vlan 72

name IVC-GREVE-PC

!

vlan 73

name IVC-GREVE-GUEST

!

vlan 74

name IVC-GREVE-PRINT

!

vlan 75

name IVC-GREVE-IOT

!

vlan 76

name IVE-GREVE

!

vlan 77

name IVC-GREVE-

!

vlan 78

name IVC-GREVE-TVO

!

vlan 79

name IVC-GREVE-MGMT

!

vlan 81

name IVC-PADB-NOACC

!

vlan 82

name IVC-PADB-PC

!

vlan 83

name IVC-PADB-GUEST

!

vlan 84

name IVC-PADB-PRINT

!

vlan 85

name IVC-PADB-IOT

!

vlan 86

name IVE-PADB

!

vlan 87

name IVC-PADB-

!

vlan 88

name IVC-PADB-TVO

!

vlan 89

name IVC-PADB-MGMT

!

vlan 200

name IPN-MGMT

!

vlan 201

name IPN-PC

!

vlan 202

name IPN-IOT

!

vlan 203

name IPN-GUEST

!

vlan 204

name IPN-TVO

!

vlan 205

name IPN-Vaerksted

!

vlan 210

name IPN-SrvMgmt

!

vlan 211

name IPN-IpnServices

!

vlan 212

name IPN-Backup

!

vlan 213

name IPN-MMITS

!

vlan 214

!

vlan 215

name IPMail

!

vlan 216

name JLrevision

!

vlan 217

name SaebyGods

!

vlan 218

name LokkenTurist

!

vlan 219

name JISport

!

vlan 220

name DOF

!

vlan 221

name VLAN221

!

vlan 222

name VLAN222

!

vlan 223

name VLAN223

!

vlan 224

name VLAN224

!

vlan 225

name VLAN225

!

vlan 226

name VLAN226

!

vlan 227

name VLAN227

!

vlan 228

name VLAN228

!

vlan 229

name VLAN229

!

vlan 230

name VLAN230

!

vlan 231

name VLAN231

!

vlan 232

name VLAN232

!

vlan 233

name VLAN233

!

vlan 234

name VLAN234

!

vlan 235

name VLAN235

!

vlan 236

name VLAN236

!

vlan 237

name VLAN237

!

vlan 238

name VLAN238

!

vlan 239

name VLAN239

!

vlan 240

name VLAN240

!

vlan 241

name VLAN241

!

vlan 242

name VLAN242

!

vlan 243

name VLAN243

!

vlan 244

name VLAN244

!

vlan 245

name VLAN245

!

vlan 246

name VLAN246

!

vlan 247

name VLAN247

!

vlan 248

name VLAN248

!

vlan 249

name VLAN249

!

vlan 250

name VLAN250

!

vlan 251

name VLAN251

!

vlan 500

name VLAN500

!

vlan 501

name VLAN501

!

vlan 750

name VLAN750

!

vlan 751

name VLAN751

!

vlan 1000

name ISL-LAG-VLAN

!

spanning-tree mst configuration

name ipn-hosting

revision 5

instance 1 vlan 200-1001

exit

!

interface Ethernet1/1

description SW3-1

switchport mode trunk

channel-group 32 mode active

!

interface Ethernet1/2

description SW3-2

switchport mode trunk

channel-group 32 mode active

!

interface Ethernet1/3

description not_in_use

shutdown

!

interface Ethernet1/4

description not_in_use

shutdown

!

interface Ethernet1/5

description NetApp CT1 C

switchport mode trunk

channel-group 2 mode active

!

interface Ethernet1/6

description NetApp CT1 D

switchport mode trunk

channel-group 2 mode active

!

interface Ethernet1/7

description NetApp CT2 C

switchport mode trunk

channel-group 2 mode active

!

interface Ethernet1/8

description NetApp CT2 D

switchport mode trunk

channel-group 2 mode active

!

interface Ethernet1/9

description not_in_use

shutdown

!

interface Ethernet1/10

description not_in_use

shutdown

!

interface Ethernet1/11

description not_in_use

shutdown

!

interface Ethernet1/12

description not_in_use

shutdown

!

interface Ethernet1/13

description EthLan

switchport access vlan 49

!

interface Ethernet1/14

description not_in_use

shutdown

!

interface Ethernet1/15

description not_in_use

shutdown

!

interface Ethernet1/16

description not_in_use

shutdown

!

interface Ethernet1/17

description SRV1_Emul1

switchport mode trunk

switchport trunk native vlan 49

spanning-tree port type edge

!

interface Ethernet1/18

description SRV1_LOM1

switchport mode trunk

switchport trunk native vlan 49

spanning-tree port type edge

!

interface Ethernet1/19

description SRV2_Emul1

switchport mode trunk

switchport trunk native vlan 49

spanning-tree port type edge

!

interface Ethernet1/20

description SRV2_LOM1

switchport mode trunk

switchport trunk native vlan 49

spanning-tree port type edge

!

interface Ethernet1/21

description SRV3_Emul1

switchport mode trunk

switchport trunk native vlan 49

spanning-tree port type edge

!

interface Ethernet1/22

description SRV3_LOM1

switchport mode trunk

switchport trunk native vlan 49

spanning-tree port type edge

!

interface Ethernet1/23

description SRV4_Emul1

switchport mode trunk

switchport trunk native vlan 49

spanning-tree port type edge

!

interface Ethernet1/24

description SRV4_LOM1

switchport mode trunk

switchport trunk native vlan 49

spanning-tree port type edge

!

interface Ethernet1/25

description IVC_SRV1-1

switchport mode trunk

switchport trunk allowed vlan 11-49,71-89

spanning-tree port type edge

!

interface Ethernet1/26

description IVC_SRV2-1

switchport mode trunk

switchport trunk allowed vlan 11-49,71-89

spanning-tree port type edge

!

interface Ethernet1/27

description IVC_SRV3-1

switchport mode trunk

switchport trunk allowed vlan 11-49,71-89

spanning-tree port type edge

!

interface Ethernet1/28

description IVC_SRV4-1

switchport mode trunk

switchport trunk allowed vlan 11-49,71-89

spanning-tree port type edge

!

interface Ethernet1/29

description IVC_SW4-51

switchport mode trunk

switchport trunk allowed vlan 12-49

channel-group 3 mode active

!

interface Ethernet1/30

description not_in_use

shutdown

!

interface Ethernet1/31

description IVC_SW1-25

switchport mode trunk

channel-group 4 mode active

!

interface Ethernet1/32

description not_in_use

shutdown

!

interface loopback0

no switchport

!

interface mgmt0

no switchport

vrf member management

no ip address dhcp

ip address 172.17.49.107/24

no ip address default

!

interface Vlan1

no switchport

!

interface port-channel2

switchport mode trunk

!

interface port-channel3

switchport mode trunk

switchport trunk allowed vlan 12-49

!

interface port-channel4

switchport mode trunk

!

interface port-channel32

switchport mode trunk

!

line con 0

line vty 0 39

!

!

!

end

 

 

 

 

 

 

-----------------------------------------------------------------------------

 

 

 

 

 

 

Aruba-2930F-48G-4SFPP(config)# show running-config

 

Running configuration:

 

; JL254A Configuration Editor; Created on release #WC.16.05.0004

; Ver #12:08.1d.9b.3f.bf.bb.ef.7c.59.fc.6b.fb.9f.fc.ff.ff.37.ef:ba

hostname "Aruba-2930F-48G-4SFPP"

module 1 type jl254a

trunk 49-50 trk1 lacp

include-credentials

password operator user-name "operator" sha1

"507a42a89f25ff9247874f5b0f00bc6e675071d6"

password manager user-name "manager" sha1

"f29f3167ad454fcbf75a0771c403ed5d7b111cce"

timesync sntp

sntp unicast

sntp server priority 1 192.168.13.99

time daylight-time-rule middle-europe-and-portugal

time timezone 60

no web-management

web-management ssl

ip default-gateway 192.168.13.99

interface 35

  name "MPLS GREVE"

  exit

interface 36

  name "MPLS TOFTLUND"

  exit

interface 37

  name "MPLS HEDENSTED"

  exit

interface 38

  name "MPLS EGTVED"

  exit

interface 39

  name "VLAN HEDE-WG"

  exit

interface 40

  name "VLAN HEDE-WG"

  exit

interface 41

  name "VLAN EGTV-WG"

  exit

interface 42

  name "VLAN EGTV-WG"

  exit

interface 43

  name "VLAN TOFT-WG"

  exit

interface 44

  name "VLAN TOFT-WG"

  exit

interface 50

  disable

  exit

snmp-server community "public" operator

snmp-server enable traps mac-notify

snmp-server enable traps startup-config-change

snmp-server enable traps running-config-change

snmp-server enable traps mac-count-notify

snmp-server contact "Thomas Gustafsson" location "NIANET DC SW1"

snmpv3 engineid "00:00:00:0b:00:00:b0:5a:da:97:d7:c0"

snmpv3 enable

snmpv3 only

snmpv3 restricted-access

snmpv3 group operatorauth user "readonly" sec-model ver3

snmpv3 group managerpriv user "readwrite" sec-model ver3

snmpv3 user "readonly" auth sha "280efba12eab316017ed2dbb0d8c6a8885f361f6" priv

aes "885a347ca34445767398684f34fb7819"

snmpv3 user "readwrite" auth sha "434ba979c15cffe9e3bd15c6fa62e2655db4b4a9"

priv aes "b25417358066f2bda334935cec86bc22"

vlan 1

  name "DEFAULT_VLAN"

  no untagged 2-36,45-48,51,Trk1

  untagged 1,37-44,52

  ip address dhcp-bootp

  exit

vlan 10

  name "DC-VLAN10-GL_SERVER"

  untagged 2-24,33-34,45

  ip address 192.168.13.151 255.255.255.0

  exit

vlan 11

  name "DC-VLAN11-WAN"

  untagged 25-32,46-48

  tagged Trk1

  no ip address

  exit

vlan 12

  name "DC-VLAN12-PC"

  no ip address

  exit

vlan 13

  name "DC-VLAN13-GUEST"

  no ip address

  exit

vlan 14

  name "DC-VLAN14-PRINT"

  no ip address

  exit

vlan 15

  name "DC-VLAN15-IOT"

  no ip address

  exit

vlan 16

  name "DC-VLAN16-SRV"

  no ip address

  exit

vlan 17

  name "DC-VLAN17-DMZ"

  no ip address

  exit

vlan 18

  name "DC-VLAN18-ITV"

  no ip address

  exit

vlan 19

  name "DC-VLAN19-MGMT"

  no ip address

  exit

vlan 20

  name "HEDE-VLAN20-EXT"

  tagged 37,39-40

  no ip address

  exit

vlan 21

  name "HEDE-VLAN21-NOACC"

  tagged 37,39-40

  no ip address

  exit

vlan 22

  name "HEDE-VLAN22-PC"

  tagged 35,37,39-40

  no ip address

  exit

vlan 23

  name "HEDE-VLAN23-GUEST"

  tagged 37,39-40

  no ip address

  exit

vlan 24

  name "HEDE-VLAN24-PRINT"

  tagged 37,39-40

  no ip address

  exit

vlan 25

  name "HEDE-VLAN25-IOT"

  tagged 37,39-40

  no ip address

  exit

vlan 28

  name "HEDE-VLAN28-ITV"

  tagged 37,39-40

  no ip address

  exit

vlan 29

  name "HEDE-VLAN29-MGMT"

  tagged 35,37,39-40

  no ip address

  exit

vlan 30

  name "TOFT-VLAN30-EXT"

  tagged 36,43-44

  no ip address

  exit

vlan 31

  name "TOFT-VLAN31-NOACC"

  tagged 36,43-44

  no ip address

  exit

vlan 32

  name "TOFT-VLAN32-PC"

  tagged 36,43-44

  no ip address

  exit

vlan 33

  name "TOFT-VLAN33-GUEST"

  tagged 36,43-44

  no ip address

  exit

vlan 34

  name "TOFT-VLAN34-PRINT"

  tagged 36,43-44

  no ip address

  exit

vlan 35

  name "TOFT-VLAN35-IOT"

  tagged 36,43-44

  no ip address

  exit

vlan 38

  name "TOFT-VLAN38-ITV"

  tagged 36,43-44

  no ip address

  exit

vlan 39

  name "TOFT-VLAN39-MGMT"

  tagged 36,43-44

  no ip address

  exit

vlan 40

  name "EGTV-VLAN40-EXT"

  tagged 38,41-42

  no ip address

  exit

vlan 41

  name "EGTV-VLAN41-NOACC"

  tagged 38,41-42

  no ip address

  exit

vlan 42

  name "EGTV-VLAN42-PC"

  tagged 38,41-42

  no ip address

  exit

vlan 43

  name "EGTV-VLAN43-GUEST"

  tagged 38,41-42

  no ip address

  exit

vlan 44

  name "EGTV-VLAN44-PRINT"

  tagged 38,41-42

  no ip address

  exit

vlan 45

  name "EGTV-VLAN45-IOT"

  tagged 38,41-42

  no ip address

  exit

vlan 48

  name "EGTV-VLAN48-ITV"

  tagged 38,41-42

  no ip address

  exit

vlan 49

  name "EGTV-VLAN49-MGMT"

  tagged 38,41-42,Trk1

  no ip address

  exit

vlan 50

  name "UK-VLAN50-WAN"

  no ip address

  exit

vlan 51

  name "UK-VLAN51-NOACC"

  no ip address

  exit

vlan 52

  name "UK-VLAN52-PC"

  no ip address

  exit

vlan 53

  name "UK-VLAN53-GUEST"

  no ip address

  exit

vlan 54

  name "UK-VLAN54-PRINT"

  no ip address

  exit

vlan 55

  name "UK-VLAN55-IOT"

  no ip address

  exit

vlan 58

  name "UK-VLAN58-ITV"

  no ip address

  exit

vlan 59

  name "UK-VLAN59-MGMT"

  no ip address

  exit

vlan 60

  name "JENS-VLAN60-EXT"

  no ip address

  exit

vlan 61

  name "JENS-VLAN61-NOACC"

  no ip address

  exit

vlan 62

  name "JENS-VLAN62-PC"

  no ip address

  exit

vlan 63

  name "JENS-VLAN63-GUEST"

  no ip address

  exit

vlan 64

  name "JENS-VLAN64-PRINT"

  no ip address

  exit

vlan 65

  name "JENS-VLAN65-IOT"

  no ip address

  exit

vlan 68

  name "JENS-VLAN68-ITV"

  no ip address

  exit

vlan 69

  name "JENS-VLAN69-MGMT"

  no ip address

  exit

vlan 70

  name "GREVE-VLAN70-EXT"

  no ip address

  exit

vlan 71

  name "GREVE-VLAN71-NOACC"

  tagged 35,41-42

  no ip address

  exit

vlan 72

  name "GREVE-VLAN72-PC"

  tagged 35,41-42

  no ip address

  exit

vlan 73

  name "GREVE-VLAN73-GUEST"

  tagged 35,41-42

  no ip address

  exit

vlan 74

  name "GREVE-VLAN74-PRINT"

  untagged 35

  tagged 41-42

  no ip address

  exit

vlan 75

  name "GREVE-VLAN75-IOT"

  no ip address

  exit

vlan 78

  name "GREVE-VLAN78-ITV"

  tagged 35,41-42

  no ip address

  exit

vlan 79

  name "GREVE-VLAN79-MGMT"

  tagged 35,41-42

  no ip address

  exit

vlan 80

  name "PADB-VLAN80-EXT"

  tagged 41-42

  no ip address

  exit

vlan 81

  name "PADB-VLAN81-NOACC"

  tagged 41-42

  no ip address

  forbid 51

  exit

vlan 82

  name "PADB-VLAN82-PC"

  tagged 41-42,51

  no ip address

  exit

vlan 83

  name "PADB-VLAN83-GUEST"

  tagged 41-42,51

  no ip address

  exit

vlan 84

  name "PADB-VLAN84-PRINT"

  tagged 41-42,51

  no ip address

  exit

vlan 85

  name "PADB-VLAN85-IOT"

  tagged 41-42,51

  no ip address

  exit

vlan 88

  name "PADB-VLAN88-ITV"

  tagged 41-42,51,Trk1

  no ip address

  exit

vlan 89

  name "PADB-VLAN89-MGMT"

  untagged 51

  tagged 41-42

  no ip address

  exit

spanning-tree

spanning-tree Trk1 priority 4

spanning-tree config-name "investcos"

spanning-tree config-revision 10

spanning-tree instance 1 vlan 10-199

spanning-tree instance 1 Trk1 priority 4

spanning-tree priority 3

no tftp client

no tftp server

no autorun

no dhcp config-file-update

no dhcp image-file-update

no dhcp tr69-acs-url

activate software-update disable

activate provision disable

Reply
Forum Home

Community Guidelines

Please review our Guidelines before posting.

Learn More

Check out current deals!

Go Shop
X

Save

X

Delete