Wired

Hi Everyone,

I've recently replaced several Aruba 3810M L3 switches with the newer 6300M CX line at the distribution layer in our network.  I'm not sure that I've setup connections between distribution sites correctly in the 6300 switches to match what was in the 3810 models.  Everything is working fine with the exception of occasional one-way audio issues that I suspect may be caused by the new switch configs.     I'm looking for verification or correction in the configs between the two switches.  I'm concerned that I've created a large L2 network with the new configs on the 6300Ms which is not the goal.   We have 10 distribution sites, and I think it would be best to use L3 routing between these sites to break up traffic.

Below I'm posting the old 3810M config from our main core site along with the new 6300M.  Then below that I'll post the old and new config from one of the distribution sites.  Vlan 1 (default vlan) was originally tagged in the uplink port from distribution to core and this was corrected in the new 6300s and not tagged.   Vlan 300 is the network that connects distribution to the core and that should be the only Vlan tagged on the uplink which is interface 1/1/24.   I've scrubbed a good bit of the config to keep it short and relevant.

Core 3810 Config (Old Config)

; JL073A Configuration Editor; Created on release #KB.16.10.0012
; Ver #14:6f.6f.f8.1d.fb.7f.bf.bb.ff.7c.59.fc.7b.ff.ff.fc.ff.ff.3f.ef:00

hostname "Core"
module 1 type jl073x
flexible-module A type JL083A
include-credentials
<I've removed the routing table - routing for all connected sites is here>
ip routing
vlan 1
   name "DEFAULT_VLAN"
   no untagged 1,13
   untagged 3-10,12,14-16,18-20,22
   tagged 2,11,17,21,23-24,A1-A4
   ip address 10.50.1.1 255.255.255.0
   exit
vlan 5
   name "VLAN5"
   tagged 1-24,A1-A4
   ip address 192.168.5.1 255.255.255.0
   voice
   exit
vlan 510
   name "WiFi"
   tagged 11,17,21,23-24,A1-A4
   ip address 10.8.1.1 255.255.255.0
   exit
vlan 300
   name "VLAN300"
   tagged A3     (Port that connects to AT&T ASE L2 Network)
   ip address 10.5.25.1 255.255.255.0
   exit
spanning-tree
spanning-tree force-version rstp-operation
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update

Core 6300 Config (New Config)

!Version ArubaOS-CX FL.10.14.1010
hostname Core
vsf member 1
    type jl662a
vlan 1
vlan 5
    name Voice
    voice
vlan 510
    name WiFi
vlan 300
    name ASE
spanning-tree
interface mgmt
    no shutdown
    ip dhcp
interface 1/1/27    (Port that connects to AT&T ASE L2 Network)
    description AT&T ASE
    no shutdown
    no routing
    vlan trunk native 300 tag
    vlan trunk allowed 300

Distribution 6300 Config which connects to Core Switch through AT&T network
!Version ArubaOS-CX FL.10.14.1010
hostname WestOffice
vsf member 1
    type jl662a
vlan 1
vlan 5
    name Voice
    voice
vlan 300
    name ASE
spanning-tree
interface 1/1/24  (Port that connects to AT&T ASE L2 Network)
    description ASE
    no shutdown
    no routing
    vlan trunk native 300 tag
    vlan trunk allowed 300

I have some static point to point routes in this L3 Distribution Switch as well as others and I can verify that traffic routes correctly.  This makes me think that the sites are connecting with L3 routing, but with the "no routing" command on the AT&T interfaces I'm confused.

Your help is valued!

Maybe good to work with your HPE Aruba Networking partner on this... Not sure why you have a trunk interface with native & tag... If port has vlan 300 tagged, remove the native VLAN, just add trunk allowed 300. If port is untagged, make it an access port.

The routing / non-routing on an interface configures if you have the IP address on the interface (routing) or on the VLAN (no routing). So even with no routing on the interface, if there is a VLAN interface, there will be routing. I personally prefer VLAN based routing over port based routing as it's easier to expose the same VLAN on different ports for redundancy or easy migration.

Hi Everyone,

I've recently replaced several Aruba 3810M L3 switches with the newer 6300M CX line at the distribution layer in our network.  I'm not sure that I've setup connections between distribution sites correctly in the 6300 switches to match what was in the 3810 models.  Everything is working fine with the exception of occasional one-way audio issues that I suspect may be caused by the new switch configs.     I'm looking for verification or correction in the configs between the two switches.  I'm concerned that I've created a large L2 network with the new configs on the 6300Ms which is not the goal.   We have 10 distribution sites, and I think it would be best to use L3 routing between these sites to break up traffic.

Below I'm posting the old 3810M config from our main core site along with the new 6300M.  Then below that I'll post the old and new config from one of the distribution sites.  Vlan 1 (default vlan) was originally tagged in the uplink port from distribution to core and this was corrected in the new 6300s and not tagged.   Vlan 300 is the network that connects distribution to the core and that should be the only Vlan tagged on the uplink which is interface 1/1/24.   I've scrubbed a good bit of the config to keep it short and relevant.

Core 3810 Config (Old Config)

; JL073A Configuration Editor; Created on release #KB.16.10.0012
; Ver #14:6f.6f.f8.1d.fb.7f.bf.bb.ff.7c.59.fc.7b.ff.ff.fc.ff.ff.3f.ef:00

hostname "Core"
module 1 type jl073x
flexible-module A type JL083A
include-credentials
<I've removed the routing table - routing for all connected sites is here>
ip routing
vlan 1
   name "DEFAULT_VLAN"
   no untagged 1,13
   untagged 3-10,12,14-16,18-20,22
   tagged 2,11,17,21,23-24,A1-A4
   ip address 10.50.1.1 255.255.255.0
   exit
vlan 5
   name "VLAN5"
   tagged 1-24,A1-A4
   ip address 192.168.5.1 255.255.255.0
   voice
   exit
vlan 510
   name "WiFi"
   tagged 11,17,21,23-24,A1-A4
   ip address 10.8.1.1 255.255.255.0
   exit
vlan 300
   name "VLAN300"
   tagged A3     (Port that connects to AT&T ASE L2 Network)
   ip address 10.5.25.1 255.255.255.0
   exit
spanning-tree
spanning-tree force-version rstp-operation
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update

Core 6300 Config (New Config)

!Version ArubaOS-CX FL.10.14.1010
hostname Core
vsf member 1
    type jl662a
vlan 1
vlan 5
    name Voice
    voice
vlan 510
    name WiFi
vlan 300
    name ASE
spanning-tree
interface mgmt
    no shutdown
    ip dhcp
interface 1/1/27    (Port that connects to AT&T ASE L2 Network)
    description AT&T ASE
    no shutdown
    no routing
    vlan trunk native 300 tag
    vlan trunk allowed 300

Distribution 6300 Config which connects to Core Switch through AT&T network
!Version ArubaOS-CX FL.10.14.1010
hostname WestOffice
vsf member 1
    type jl662a
vlan 1
vlan 5
    name Voice
    voice
vlan 300
    name ASE
spanning-tree
interface 1/1/24  (Port that connects to AT&T ASE L2 Network)
    description ASE
    no shutdown
    no routing
    vlan trunk native 300 tag
    vlan trunk allowed 300

I have some static point to point routes in this L3 Distribution Switch as well as others and I can verify that traffic routes correctly.  This makes me think that the sites are connecting with L3 routing, but with the "no routing" command on the AT&T interfaces I'm confused.

Your help is valued!

Maybe good to work with your HPE Aruba Networking partner on this... Not sure why you have a trunk interface with native & tag... If port has vlan 300 tagged, remove the native VLAN, just add trunk allowed 300. If port is untagged, make it an access port.

The routing / non-routing on an interface configures if you have the IP address on the interface (routing) or on the VLAN (no routing). So even with no routing on the interface, if there is a VLAN interface, there will be routing. I personally prefer VLAN based routing over port based routing as it's easier to expose the same VLAN on different ports for redundancy or easy migration.

Hi Everyone,

I've recently replaced several Aruba 3810M L3 switches with the newer 6300M CX line at the distribution layer in our network.  I'm not sure that I've setup connections between distribution sites correctly in the 6300 switches to match what was in the 3810 models.  Everything is working fine with the exception of occasional one-way audio issues that I suspect may be caused by the new switch configs.     I'm looking for verification or correction in the configs between the two switches.  I'm concerned that I've created a large L2 network with the new configs on the 6300Ms which is not the goal.   We have 10 distribution sites, and I think it would be best to use L3 routing between these sites to break up traffic.

Below I'm posting the old 3810M config from our main core site along with the new 6300M.  Then below that I'll post the old and new config from one of the distribution sites.  Vlan 1 (default vlan) was originally tagged in the uplink port from distribution to core and this was corrected in the new 6300s and not tagged.   Vlan 300 is the network that connects distribution to the core and that should be the only Vlan tagged on the uplink which is interface 1/1/24.   I've scrubbed a good bit of the config to keep it short and relevant.

Core 3810 Config (Old Config)

; JL073A Configuration Editor; Created on release #KB.16.10.0012
; Ver #14:6f.6f.f8.1d.fb.7f.bf.bb.ff.7c.59.fc.7b.ff.ff.fc.ff.ff.3f.ef:00

hostname "Core"
module 1 type jl073x
flexible-module A type JL083A
include-credentials
<I've removed the routing table - routing for all connected sites is here>
ip routing
vlan 1
   name "DEFAULT_VLAN"
   no untagged 1,13
   untagged 3-10,12,14-16,18-20,22
   tagged 2,11,17,21,23-24,A1-A4
   ip address 10.50.1.1 255.255.255.0
   exit
vlan 5
   name "VLAN5"
   tagged 1-24,A1-A4
   ip address 192.168.5.1 255.255.255.0
   voice
   exit
vlan 510
   name "WiFi"
   tagged 11,17,21,23-24,A1-A4
   ip address 10.8.1.1 255.255.255.0
   exit
vlan 300
   name "VLAN300"
   tagged A3     (Port that connects to AT&T ASE L2 Network)
   ip address 10.5.25.1 255.255.255.0
   exit
spanning-tree
spanning-tree force-version rstp-operation
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update

Core 6300 Config (New Config)

!Version ArubaOS-CX FL.10.14.1010
hostname Core
vsf member 1
    type jl662a
vlan 1
vlan 5
    name Voice
    voice
vlan 510
    name WiFi
vlan 300
    name ASE
spanning-tree
interface mgmt
    no shutdown
    ip dhcp
interface 1/1/27    (Port that connects to AT&T ASE L2 Network)
    description AT&T ASE
    no shutdown
    no routing
    vlan trunk native 300 tag
    vlan trunk allowed 300

Distribution 6300 Config which connects to Core Switch through AT&T network
!Version ArubaOS-CX FL.10.14.1010
hostname WestOffice
vsf member 1
    type jl662a
vlan 1
vlan 5
    name Voice
    voice
vlan 300
    name ASE
spanning-tree
interface 1/1/24  (Port that connects to AT&T ASE L2 Network)
    description ASE
    no shutdown
    no routing
    vlan trunk native 300 tag
    vlan trunk allowed 300

I have some static point to point routes in this L3 Distribution Switch as well as others and I can verify that traffic routes correctly.  This makes me think that the sites are connecting with L3 routing, but with the "no routing" command on the AT&T interfaces I'm confused.

Your help is valued!

Hi, on the Aruba 3810M "Core" (old config - switch acting as a Router since IP Routing is enabled), the A3 interface - the one that connects to AT&T ASE L2 Network as you reported - is:

- tagged member of VLAN 1 (VLAN 1 SVI IP: 10.50.1.1 /24)
- tagged member of VLAN 5 (VLAN 5 SVI IP: 192.168.5.1 /24)
- tagged member of VLAN 300 (VLAN 300 SVI IP: 10.5.25.1 /24)

on the Aruba CX 6300 "Core" (new config - switch not acting as a Router since, even if the IP Routing is enabled, the VLANs have no SVI) the corresponding 1/1/27 interface is the one designated to connect to AT&T ASE L2 Network (as the A3 did on the Aruba 3810M) and it is:

- tagged member of VLAN 300: the VLAN 300 has no SVI IP assigned (so you haven't configured its VLAN Interface, you just created the VLAN 300 itself and assigned a physical interface to it <- the VLAN 300 doesn't partecipate to routing even if IP Routing is enabled on the Switch)

The "vlan trunk native 300 tag" assigns to the Native VLAN of that interface the property to be "tagged" (that's uncommon I know...because, generally, with "Native" - also known as the PVID Port VLAN ID - we are used to the fact that the VLAN assigned as Native is "untagged"...or, better wording, in this case the interface 1/1/27 will be an untagged member of its Native VLAN, in this case you configured the interface 1/1/27 to be a tagged member of its Native VLAN = PVID...as said this is uncommon but not a problem di-per-sè, on the contrary often that is required on interfaces operating in Trunk Mode for security reasons).

Now the next "vlan trunk allowed 300" command just declares what VLAN IDs are allowed over that interface operating in Trunk Mode (Trunk Mode = passing more than one VLAN and so not acting as a general purpose access port for edge devices...so for a port that is used to interconnect a peer switch or a server, as example, transporting more than one VLAN IDs).

The tricky part could be the one where the "allowed" - when you're allowing more than one VLAN - implicitly does:

- allow the Native VLAN as it is (untagged or tagged as it was set).
- allow all the other remaining VLAN listes as tagged (this is the part "behind the scenes")

so, if I've understood the buried logic correctly, we can have two scenarios for such of an interface:

Scenario 1:

- Native is untagged
- VLAN trunk allowed allows the Native as is (untagged) and all the other listed VLAN IDs are treated as tagged

Scenario 2:

- Native if tagged
- VLAN trunk allowed allows the Native as is (tagged) and all the other listed VLAN IDs are treated as tagged

The question could eventually be: if we miss to specify the Native VLAN ID among those allowed VLAN IDs what is going to happen to it?

I always specified it "explicitly" but even not specifiying it the Switch should not exclude it from the complete list of allowed VLAN IDs on that interface. Here I must add that specifying it (if I'm not wrong) is required when the Native VLAN ID is changed from the initial Default VLAN ID (VLAN 1). I do it on both cases (where the Native VLAN = PVID is left to Default VLAN 1 or where it is changed, as in your case 1 -> 300).

OTOH the Scenario 2 is the one used to be sure to create an interconnection where the peer interfaces are managing the incoming/outgoing traffic only tagged on all allowed VLAN IDs (often we see the opposite where the Native is left untouced - VLAN 1 default - and we see interface operating in Trunk Mode where all but one VLAN IDs are tagged but there is always one which is untagged <- this is an unsecure approach).

Now back to your migration from Aruba 3810M to Aruba CX 6300...on a like-for-like you should match what worked before (VLAN Membership and SVI), isn't it? or the scenario changed with the deployment of the Aruba CX 6300?

Maybe good to work with your HPE Aruba Networking partner on this... Not sure why you have a trunk interface with native & tag... If port has vlan 300 tagged, remove the native VLAN, just add trunk allowed 300. If port is untagged, make it an access port.

The routing / non-routing on an interface configures if you have the IP address on the interface (routing) or on the VLAN (no routing). So even with no routing on the interface, if there is a VLAN interface, there will be routing. I personally prefer VLAN based routing over port based routing as it's easier to expose the same VLAN on different ports for redundancy or easy migration.

Hi Everyone,

I've recently replaced several Aruba 3810M L3 switches with the newer 6300M CX line at the distribution layer in our network.  I'm not sure that I've setup connections between distribution sites correctly in the 6300 switches to match what was in the 3810 models.  Everything is working fine with the exception of occasional one-way audio issues that I suspect may be caused by the new switch configs.     I'm looking for verification or correction in the configs between the two switches.  I'm concerned that I've created a large L2 network with the new configs on the 6300Ms which is not the goal.   We have 10 distribution sites, and I think it would be best to use L3 routing between these sites to break up traffic.

Below I'm posting the old 3810M config from our main core site along with the new 6300M.  Then below that I'll post the old and new config from one of the distribution sites.  Vlan 1 (default vlan) was originally tagged in the uplink port from distribution to core and this was corrected in the new 6300s and not tagged.   Vlan 300 is the network that connects distribution to the core and that should be the only Vlan tagged on the uplink which is interface 1/1/24.   I've scrubbed a good bit of the config to keep it short and relevant.

Core 3810 Config (Old Config)

; JL073A Configuration Editor; Created on release #KB.16.10.0012
; Ver #14:6f.6f.f8.1d.fb.7f.bf.bb.ff.7c.59.fc.7b.ff.ff.fc.ff.ff.3f.ef:00

hostname "Core"
module 1 type jl073x
flexible-module A type JL083A
include-credentials
<I've removed the routing table - routing for all connected sites is here>
ip routing
vlan 1
   name "DEFAULT_VLAN"
   no untagged 1,13
   untagged 3-10,12,14-16,18-20,22
   tagged 2,11,17,21,23-24,A1-A4
   ip address 10.50.1.1 255.255.255.0
   exit
vlan 5
   name "VLAN5"
   tagged 1-24,A1-A4
   ip address 192.168.5.1 255.255.255.0
   voice
   exit
vlan 510
   name "WiFi"
   tagged 11,17,21,23-24,A1-A4
   ip address 10.8.1.1 255.255.255.0
   exit
vlan 300
   name "VLAN300"
   tagged A3     (Port that connects to AT&T ASE L2 Network)
   ip address 10.5.25.1 255.255.255.0
   exit
spanning-tree
spanning-tree force-version rstp-operation
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update

Core 6300 Config (New Config)

!Version ArubaOS-CX FL.10.14.1010
hostname Core
vsf member 1
    type jl662a
vlan 1
vlan 5
    name Voice
    voice
vlan 510
    name WiFi
vlan 300
    name ASE
spanning-tree
interface mgmt
    no shutdown
    ip dhcp
interface 1/1/27    (Port that connects to AT&T ASE L2 Network)
    description AT&T ASE
    no shutdown
    no routing
    vlan trunk native 300 tag
    vlan trunk allowed 300

Distribution 6300 Config which connects to Core Switch through AT&T network
!Version ArubaOS-CX FL.10.14.1010
hostname WestOffice
vsf member 1
    type jl662a
vlan 1
vlan 5
    name Voice
    voice
vlan 300
    name ASE
spanning-tree
interface 1/1/24  (Port that connects to AT&T ASE L2 Network)
    description ASE
    no shutdown
    no routing
    vlan trunk native 300 tag
    vlan trunk allowed 300

I have some static point to point routes in this L3 Distribution Switch as well as others and I can verify that traffic routes correctly.  This makes me think that the sites are connecting with L3 routing, but with the "no routing" command on the AT&T interfaces I'm confused.

Your help is valued!