Network Management

Hi All

Please forgive my lack of knowledge on the following post.  

I have an Aruba 8100.  It has 2 VLANs . One is the default VLAN and so it untagged and the other is tagged.  The default VLAN is used to allow communication between a number of servers that are hosting a virtual environment . All the servers connect to the switch and the VLAN is used for storage and management traffic. 

The second VLAN is tagged within the switch and provides access to our wider network, which is itself another default VLAN so none of the traffic is tagged except for the single link between the 8100 and the 5406r campus stack. Traffic flows back and forth without issue.

there is a single interface connecting the 8100 and the 5406. This interface has both the default VLAN and that tagged VLAN.. The internal VLAN subnet is 10.1.15.0 and the wider is 10.1.1..0. There are two IPs assigned to this interface, 10.1.15.1 for the internal VLAN and 10.1.1.100 for access to the broader network.  

I have a routing table on the 6506r. It can ping and trace route the interface on the 8100 for 10.1.1.100 and also ping and trace route the devices beyond the interface also on 10.1.1.0.  I have a route setup to locate network 10.1.15.0 and the gateway is 10.1.15.1, which is the interface. I cannot ping this , traceroute it, or reach it by and method. If I leave the routing table as such I also cannot reach any management endpoints on the virtual environment either. However if I change the route for 10.1.15.1 and set the gateway at 10.1.100.1, then I can ping the devices on 10.1.15.0 and I can reach my management endpoints. Traceroute fails however.

This does not seem right to me. I thought that layer 3 devices would ignore tagging and find the switch that is advertising the 10.1.15.1 gateway. Since its the same interface , it has the same MAC address as the 10.1.1.100  which can be reached.  

I think this should be simple, but I do now know why the 5406 cannot discover the other subnet on the 8100 if I add what I think is the correct gateway address.

-------------------------------------------

I think the 5406r can't reach VLAN 1 over the trunk. Even though the 8100 interface has 10.1.15.1 on VLAN 1 (untagged), the 5406r must receive VLAN 1 traffic correctly for that to work. If VLAN 1 is untagged on the Aruba 8100 but not configured as untagged or native VLAN on the 5406r side, traffic will not match. That possibly would explain why you can ping 10.1.1.100 (tagged VLAN works), but not 10.1.15.1.

Layer 3 ignores VLAN tags, but the physical interface delivering those packets must have the correct VLAN handling, or the packets never get routed to begin with. 

On 5406r uplink interface checked the uplink port if its untagged vlan 1 and tagged vlan <x>
Make sure you have ip routing enabled on both switches 8100 and 5406r
Then restore the correct route

------------------------------
Shpat | ACEP | ACMP | ACCP | ACDP
Just an Aruba enthusiast and contributor by cases
If you find my comment helpful, KUDOS are appreciated.
------------------------------

Thanks for the response.  Its difficult to adapt at the moment since endpoints on one network have no problem traversing to endpoints on the other, so it is , essentially , live at the moment. So desktops one the main network can see and use resources on the second network servers. And the host VM management ports are also accessible to browsers. What is not working is traceroute, which lives me to believe that the network, while ostensibly working, has something wrong in its configuration. This weekend I can try your recommendation.

-------------------------------------------

Original Message:
Sent: Oct 01, 2025 07:09 PM
From: shpat
Subject: VLANs and Subnets

I think the 5406r can't reach VLAN 1 over the trunk. Even though the 8100 interface has 10.1.15.1 on VLAN 1 (untagged), the 5406r must receive VLAN 1 traffic correctly for that to work. If VLAN 1 is untagged on the Aruba 8100 but not configured as untagged or native VLAN on the 5406r side, traffic will not match. That possibly would explain why you can ping 10.1.1.100 (tagged VLAN works), but not 10.1.15.1.

Layer 3 ignores VLAN tags, but the physical interface delivering those packets must have the correct VLAN handling, or the packets never get routed to begin with. 

On 5406r uplink interface checked the uplink port if its untagged vlan 1 and tagged vlan <x>
Make sure you have ip routing enabled on both switches 8100 and 5406r
Then restore the correct route

------------------------------
Shpat | ACEP | ACMP | ACCP | ACDP
Just an Aruba enthusiast and contributor by cases
If you find my comment helpful, KUDOS are appreciated.
------------------------------

Hi Peter,

maybe you can post extra details concerning de configuration of the interfaces involved:

On 8100 :

show run interface 1/1/x

show ip interface brief all-vrf

On 5406r : 

show run interface A1

show ip

(replace the port numbers with what applies)

------------------------------
Frederic
(kudos welcome)
------------------------------

Original Message:
Sent: Oct 02, 2025 05:16 PM
From: Peter
Subject: VLANs and Subnets

Thanks for the response.  Its difficult to adapt at the moment since endpoints on one network have no problem traversing to endpoints on the other, so it is , essentially , live at the moment. So desktops one the main network can see and use resources on the second network servers. And the host VM management ports are also accessible to browsers. What is not working is traceroute, which lives me to believe that the network, while ostensibly working, has something wrong in its configuration. This weekend I can try your recommendation.