Aruba AOS-CX Basics 3 - VLAN Config Hands-On
Вставка
- Опубліковано 5 лип 2024
- VLANs are a fundamental part of networking but their misconfiguration is one of the most common reasons for network outages*.
In this video we take a close look at the intricacies of VLAN configuration using Aruba AOS-CX.
8320 config guide here:
asp.arubanetworks.com/downloa...
N.B. The diagram shows the addressing as .1 & .2 but I ping .101 to .102. I had to change the addressing mid-video because those addresses were already taken on my home lab 🙄🤦♂️....Networking!
I hope that doesn't confuse anyone. The principle is the same, ping from one IP address to another across the link connecting the 8320s.
Twitter:
/ joeneville_
*I used to work Ops and VLAN config error was high on the list of causes of outage.
#aruba - Наука та технологія
Brilliant use of tiled console and wireshark screens. Adding the logical diagram alongside for references would move the presentation into superior category. Thanks!!
I've been going through your videos. Thank you! I am still completely confused trying to setup VLANs, but you do a good job of explaining. I just need to learn more it appears.
This is great, just about to order 2 8320 switches for a new site. I'll be configuring a routed access design with OSPF and the 8320s in a VSX at the core so the timing of these videos is perfect, thanks. 👍
does networking pay better than helpdesk
And again a nice video from you, please keep up the series
Thank you so much for helping me understand this. First started working with Cisco switches, so I got confused when tasked to fix a network for another business that had an old HP switch with this CLI
Joe, These are very good. Please keep them coming.
Thanks Milton. More soon. 👍
@@null_zero Great Video. Would you mind doing a video on port configuration when a phone is connected to the port with a computer connected to the phone (passing a voice and access vlan)? Ideally on both CX and AOS and ideally with the ability to have it pre-configured to work regardless of a phone being present (i.e. just computer but ready for phone + computer)
@@adammtp1 Thanks for the suggestion but I must be honest and say that isn't the direction I was planning for this series. The 8320 is a core / agg switch rather than access. I'm looking to provide the basics in building up L2 / L3 networks rather than access. I'll pass the suggestion onto the team though and see what we can do.
Hi Joe, Great Video thank you for making it. Joe I just started working on Aruba, did you do make any videos on just Aruba switches 2930?
Another great video! I do however have a question about the tagging. I'm used to the OS's of the HP Layer 2+ switches where vlans work a bit different. For example, a switch to switch port on that OS would untag vlan 1 (where their management IPs are) then tag the other vlans for traffic flow. In AOS-CX, I had to set the port to native vlan 1, but then also allow vlan 1 with the other vlans. If I only had vlan 1 set to native but not also allowed, my pings would not flow. On the other hand, I could also only allow it and not set any vlan as native and it works fine. It seems that I'm not quite understanding the purpose of the native vlan function.
I'm rather proficient with the standard HP switch OS but oh my have I just been bumbling around AOS-CX 🥴 I've also heard many a time that using vlan 1 in practice is a bad idea, but this network has been built for over 15 years now and changing it isn't exactly in anyone's headspace.
The native VLAN is the VLAN that frames without an 802.1Q tag are placed into. By default this is VLAN 1, but is configurable.
Be aware that his is only locally significant, if Switch 1 has VLAN 1 as native and Switch 2 has VLAN 2 as native, the frame sent from Sw1 will be untagged and placed into VLAN2 on Sw2.
The allow feature is different, allowing you to select a subset of traffic to flow, be that tagged or untagged (native).
You say "On the other hand, I could also only allow it and not set any vlan as native and it works fine", the native VLAN on a trunk will just default to VLAN 1 in this case, you've allowed VLAN 1 and thus traffic will flow on it.
Some AOS-CX video suggestions (BTW: The snippet videos are brilliant...short and to the point): (1.) If one can create remote mirroring over a local network, how? (2.) Adding AOS-CX routing/switching to an existing AOS/Provision/Procurve environment?? (3.) What are the AOS-CX pros/cons of using Layer-3 routing versus Layer-2 VLANs for segmentation and switch speed in light of the 8320/6300 device speed??? (4.) Using Global routing versus Interface routing - advantages/disadvantages ++ design considerations ???? (5.) A summary video of all your current and planned basic AOS-CX videos include diagrams and other concept helps. Thanks.
Thanks for the suggestions. Mirroring and inter-op with AOS-Switch / procurve added to the list. Not sure what you mean by number 4, please could you give more details?
@@null_zero Yes, i was too vague ( "(4.) Using Global routing versus Interface routing - ") I have been confused why one activates global static routing and routing per interface. Must one activate global routing before one can use Interface routing? My confusing points and questions illustrate I do not have a grasp of the ROUTING concepts within AOS-CX...hence the needs for more BASIC static routing instructions / clarification. Thanks for your follow-up.
@@wx0084 AOS-CX has a default bias towards L3, using the old differentiation between router and switch, it is more like a router on boot than a switch. Global L3 routing is enabled by default and the interfaces on CX devices are layer 3 by default, they accept IP address configuration directly on the port, similar to a router port. In this mode, L2 switch port config, like access or trunk, will be rejected. One must alter the CX port mode with the "no routing' interface subcommand to transition the port akin to a switch. With 'no routing' one cannot configure an IP address directly on the port but now 'access' and 'trunk' can be configured. If you pause at 04:00 you will see that 1/1/1 port has no config under it. This is an L3 port. Port 1/1/2 is configured with 'no routing', this is an L2 port and can be configured as a trunk.
@@null_zero I am amazed you took the time, energy, and skill to reply. Your response helped remove more of the aos-cx "rooooooooting" fog.
@@wx0084 You're welcome. Thanks for watching.
it is possible to configure MVRP and RPVST+ at the same time? In the document of Aruba OS CX it said that the limitation of MVRP is it cannot be enabled MVRP and PVST at the same time.
At the 10:25 mark I think I could have done a better job of describing what's happening. The trunk on 8320-1 is sending frames tagged in VLAN150, the receiving port on 8320-2 is still an access port in VLAN150. In that state 8320-2 will switch the traffic to the end destination, so there will be one-way comms.
However, the return traffic will leave 8320-2's access port untagged and will hit 8320-1's 1/1/1 port but that switch will deem it to be in the native VLAN of 1, rather than 150, because it is untagged, and will not send it out on VLAN150 to the ubuntu VM.
For the ping to be successful, the return traffic needs to hit the source, hence why it is timing out.
Got all that? Phew 🥴 In conclusion though I would never recommend configuring one end differently from the other, it is just too easy to make mistakes. Identical VLAN config either end of the link is the desired state.
Consider: At about the 5:16 mark in this #3 Basic video, you correct yourself with a NOTE displayed in the upper right corner of the video window. You reference (my paraphrase), "you meant to say vid 2." Please state it as "video #2" or something similar. I am very new to AOS-CX and for much time, I thought you were referring to some CLI command when you wrote "vid"
Thanks for the comment. I'll keep that in mind.
Question, is there a command to setup multiple ports on a VLAN instead of one port at a time. I can easily do the commands in provision.
can you explain to me how to do network routing? and routing vlans
In the video you only configured Port 1/1/1 on 8320-1 for no routing and Vlan 150. Why you don`t have to configure the egress port 1/1/2 on 8320-1?
how to add dhcp pool to interface vlan bro ?
I don't understand why you teaching the WRONG PRACTICE FIRST before the correct best practice? Before the viewer see the correct configuration you are showing how to wrongly configure the switch that is not GOOD
Thanks for your insight, I disagree. I take the ports through various stages of configuration, showing correct and incorrect.
I agree. I was confused during the first half of the video. I re watched like 4 times trying to understand. Please show best practice then go into problems you could run into.
@@Damien-ii6ft Sorry that the video confused you, that is not the intention.
I go from access both ends to trunk with the same allowed VLAN at both ends, then go into a discussion about misconfigurations. Thus, I do show the correct configurations first, as you've asked. I even have a ping running successfully to show this.