Network Management

 View Only

  • 1.  Configuration Issue with 6100 -Switch not pingable

    Posted Aug 25, 2022 10:18 AM
    Dear Colleagues,

    I have a Aruba 6100 48 port switch in an environment with cisco switches. The swicht should be a access switch.

    I have all switches in the 192.168.0.xxx net.

    I can ping all switches and can ping from all switches except for the Aruba switch. The switch can ping the other switches and gets answers, but I cannot ping the switch. I programmed it through the USB Interface, but I cannot access it from another switch.

    All the interfaces work like expected. Only management is a little difficult, as I have to got to the switch and plug in the usb cable. What may I do wrong?

    I know pretty much how to work with the cisco switches, but this is the first Aruba switch for me. Maybe I make a very stupid mistake. But I did not find out after several days reading. Every help is appreciated...

    Attached find the config (the switch is connectet to the rest of the net via interface 1/1/40):

    !
    !
    ssh server vrf default
    vlan 1
    name "Management"
    Vlan 99
    name DMZ
    vlan 110
    name Work
    Vlan 120
    name WLAN

    spanning-tree
    interface 1/1/1
    no shutdown
    vlan access 110
    interface 1/1/2
    no shutdown
    vlan access 110
    ...
    ..
    ...
    interface 1/1/38
    no shutdown
    vlan access 110
    interface 1/1/39
    no shutdown
    vlan access 110
    interface 1/1/40
    no shutdown
    vlan trunk native 1
    vlan trunk allowed all
    interface 1/1/41
    no shutdown
    vlan access 1
    interface 1/1/42
    no shutdown
    vlan access 1
    interface 1/1/43
    no shutdown
    vlan access 99
    interface 1/1/44
    no shutdown
    vlan access 99
    interface 1/1/45
    no shutdown
    vlan access 120
    interface 1/1/46
    no shutdown
    vlan access 120
    interface 1/1/47
    no shutdown
    vlan trunk native 1
    vlan trunk allowed all
    interface 1/1/48
    no shutdown
    vlan trunk allowed all
    ...
    ..
    description Management VLAN
    ip address 192.168.0.104/24
    no ip dhcp
    ip route 0.0.0.0/0 172.16.0.254
    ip dns domain-name work.intern
    ip dns server-address 172.16.0.200
    !
    !
    !
    !
    !
    https-server vrf default


    Thanks and best Regards
    Josef



  • 2.  RE: Configuration Issue with 6100 -Switch not pingable

    Posted Aug 26, 2022 04:06 AM
    Edited by r.grossmann Aug 26, 2022 04:06 AM

    switch to switch in the same network should work, but as fas as i can see there is a default-route mistake:

    interface vlan1
    ip address 192.168.0.104/24
    ...
    ip route 0.0.0.0/0 172.16.0.254

    The destination of the default-route must belong to an active interface network, in this case like 192.168.0.1.

    Optionally:
    If it is possible change the managemant vlan to another than vlan id 1 and use an explicit vlan id for "vlan trunk native" (like 666 which should not be configured on any access port)
    It is a a recommendation to make all vlans on a trunk tagged if it is possible, even the native vlan, if both side support this.




  • 3.  RE: Configuration Issue with 6100 -Switch not pingable

    Posted Aug 31, 2022 05:41 AM
    Thanks for your answer Robert

    I changed the IP address for vlan 1 to 172.16.0.100 but it still is not pingable.

    Are there any settings, where the switch does not respond to pings? -Same with the web interface

    Best Regards
    Josef
    Original Message


  • 4.  RE: Configuration Issue with 6100 -Switch not pingable

    Posted Aug 31, 2022 09:47 AM
      |   view attached

    Hi Josef,

    didn't you say the 192.168.0.xxx is your switch network?

    Can you post the relevant parts of the neighboring switch?:
    - SVI (like interface vlan 1)
    - Physical Interface Configuration (like interface 1/1/40)
    - ACLs, if configured

    If you didn't change copp policy or any ACL for restricting management access, then access should be possible.

    Did you try to access locally?:
    - Configure an access port as "vlan access 1",
    - connecting a pc with static ip in the subnetwork of vlan 1 (switch management).
    - try ssh/https to switch ip

    If ping "6100 switch to any other device" (even outside switch management network) is possible with successfull reply, but not from any device outside the switch management vlan, consider of central firewall rules.
    If you can ping a switch in the same management vlan, but not the other way, then I do not know... Perhaps ACL ore VACL on the other switches?


    Maybe you can upload your complete configs (without passwords or hashes) of the 6100 Aruba and the neighboring (Cisco?) switch.
    additionally with:
    - show ip int brief
    - show ip int brief all-vrf
    - show int brief
    - show int status
    - show int phy
    - show lldp nei
    - show lldp nei PORT (PORT for example like 1/1/40)
    - show mac-add interface PORT
    - show mac-add PORT
    - show arp
    - show arp all-vrf
    - show ip arp
    - show vlan
    - show vrf
    - show spanning-tree
    - ping 8.8.8.8
    - ping 8.8.8.8 vrf default (Aruba CX: VRF AFTER destination)
    - ping vrf default 8.8.8.8 (Cisco: VRF BEFORE destination)
    - traceroute 8.8.8.8
    - traceroute 8.8.8.8 vrf default (Aruba CX: VRF AFTER destination)
    - traceroute vrf default 8.8.8.8 (Cisco: VRF BEFORE destination)

    I do only have 6100 12p Switches (12p w/Poe + 2p wo/PoE + 2p SFP+), which I am using as dedicated Out-of-Band-Management Switch Network.
    My Client-LAN switches are: Aruba 6200F and Server Access: Aruba 8360 and Distribution and Core: Aruba 8325


    Attachment(s)

    txt
    6100_example.txt   21 KB 1 version
    Original Message


Related Content