Aruba MAS series SFP+ & POE+ switches sub-$100

konowl

New Member
Mar 19, 2020
5
3
3
Wondering if I bit off more than i can chew.

I performed the initial setup and connected to my existing switch (nothing complicated going on) but I can't even ping the existing switch interface from the S2500 and vice versa. I tried a trunked port, a non trunked port, everything.
 
  • Like
Reactions: Samir

Markess

Active Member
May 19, 2018
428
165
43
Wondering if I bit off more than i can chew.

I performed the initial setup and connected to my existing switch (nothing complicated going on) but I can't even ping the existing switch interface from the S2500 and vice versa. I tried a trunked port, a non trunked port, everything.
Apologies if you already did this, but besides a factory reset, did you update the firmware to current? I had a hard time with my S3500 (which I bought new off Ebay, but had the ancient original firmware). I followed all the steps in this tutorial (which I believe is from forum member @ViciousXUSMC) and it got me up and running.

https://youtu.be/HegeBkglsec
 
  • Like
Reactions: Samir

konowl

New Member
Mar 19, 2020
5
3
3
Have you tried serial connection to see what IP it's grabbing, if any?
Sorry I was devoid of any useful information in my original post LOL (municipal government worker in IT so very busy). I assigned the vlan 1 interface an IP address (10.0.0.11) that's on the same subnet as the gateway of hte other switch (10.0.0.253) but there is absolutely no communication between the switches at all (there is tx/rx traffic but cannot ping, no arp entries show up).

I put switch on latest firmware. Did a couple of factory resets to try some other settings (creating a trunk uplink port etc etc). If I put the interface on DHCP it won't pull an IP either.
 
  • Like
Reactions: Samir

gregsachs

Active Member
Aug 14, 2018
298
82
28
Sorry I was devoid of any useful information in my original post LOL (municipal government worker in IT so very busy). I assigned the vlan 1 interface an IP address (10.0.0.11) that's on the same subnet as the gateway of hte other switch (10.0.0.253) but there is absolutely no communication between the switches at all (there is tx/rx traffic but cannot ping, no arp entries show up).

I put switch on latest firmware. Did a couple of factory resets to try some other settings (creating a trunk uplink port etc etc). If I put the interface on DHCP it won't pull an IP either.
My memory is the initial setup wizard defines one port as an uplink port, I think you need to first connect to that one. Make sure that port is access, with the correct vlan tag to match the switch address.
See this link, I think it helped me.
there is a 10 minute window for setup
Airheads Community
7.4 quick start:
https://community.arubanetworks.com...itching/836/1/ArubaOS_7.4_QuickStartGuide.pdf
 
Last edited:
  • Like
Reactions: Samir

konowl

New Member
Mar 19, 2020
5
3
3
My memory is the initial setup wizard defines one port as an uplink port, I think you need to first connect to that one. Make sure that port is access, with the correct vlan tag to match the switch address.
See this link, I think it helped me.
there is a 10 minute window for setup
Airheads Community
7.4 quick start:
https://community.arubanetworks.com...itching/836/1/ArubaOS_7.4_QuickStartGuide.pdf
I've tried both. I created a switching profile and associated to 0/0/0. I tried access/trunk with all allowed vlans, access vlan 1, native vlan 1. I also tried associating the profile manually, via the gui, via the wizard etc.
 
  • Like
Reactions: Samir

gregsachs

Active Member
Aug 14, 2018
298
82
28
I've tried both. I created a switching profile and associated to 0/0/0. I tried access/trunk with all allowed vlans, access vlan 1, native vlan 1. I also tried associating the profile manually, via the gui, via the wizard etc.
I just can't remember how I did it, too long ago....I know one hidden thing is that the management port web ui is not active by default, you need to enable it. Are you trying to access the switch via the normal ports or the management port?
 
  • Like
Reactions: Samir

gregsachs

Active Member
Aug 14, 2018
298
82
28
It would help if you post your run config.
What is the show command?

My configuration is pretty simple, and note that I'm not doing routing on the switch.

VLAN 1 is .15/24 subnet, normal home network
VLAN 98 is .98/24, IOT
VLAN 99 is .99/24, guest
VLAN 10 is .10/24, management
Switch is on .2 inside each vlan.
All are trunked to a USG via port 0, which has a USG doing the routing and firewall.
Ports 1/2/4/10 are all trunk/native 1 to drops inside the house.
Port 4 is vlan tagged 1 for a single device.
Ports 22 and 23 are access ports for server, and the first 10gbe port is a trunk to server 10gbe adapter.
Everything is native vlan 1

(ArubaS2500-24P-US) #show vlan
VLAN CONFIGURATION
------------------
VLAN Description Ports
---- ----------- -----
1 VLAN0001 GE0/0/0-4 GE0/0/6-23 GE0/1/0-1
10 mgmt GE0/0/0-3 GE0/0/5 GE0/0/10 GE0/1/0
15 private GE0/0/0-3 GE0/0/10 GE0/1/0
98 iot GE0/0/0-3 GE0/0/10 GE0/1/0
99 Guest GE0/0/0-3 GE0/0/10 GE0/1/0
(ArubaS2500-24P-US) #show trunk
Trunk Port Table
----------------
Port Vlans Allowed Vlans Active Native Vlan
---- ------------- ------------ -----------
GE0/0/0 ALL 1,10,15,98-99 1
GE0/0/1 ALL 1,10,15,98-99 1
GE0/0/10 ALL 1,10,15,98-99 1
GE0/0/2 ALL 1,10,15,98-99 1
GE0/0/3 ALL 1,10,15,98-99 1
GE0/1/0 ALL 1,10,15,98-99 1
 
  • Like
Reactions: Samir

klui

Active Member
Feb 3, 2019
132
50
28
What is the show command?
Code:
show run
There is another variation
Code:
show start
The first shows your current active configuration. The second shows the configuration after a reboot/power cycle.

Look at your MAC address table to see if the ports are actually behaving as you expect.
Code:
show mac-address-table
 
  • Like
Reactions: Samir

gregsachs

Active Member
Aug 14, 2018
298
82
28
Code:
show run
There is another variation
Code:
show start
The first shows your current active configuration. The second shows the configuration after a reboot/power cycle.

Look at your MAC address table to see if the ports are actually behaving as you expect.
Code:
show mac-address-table
Sure..
Like I said, I've got a pretty simple setup, I'm not really using any features other than POE and vlans
(ArubaS2500-24P-US) #show run
Building Configuration...
#
# Configuration file for ArubaOS
# ArubaOS Version 7.4.1.12 72393
version 7.4
enable secret "******"
loginsession timeout 0
hostname "ArubaS2500-24P-US"
clock timezone EDT -4
controller config 125
ip access-list eth validuserethacl
permit any
!
netservice svc-dhcp udp 67 68
netservice svc-dns udp 53
netservice svc-ftp tcp 21
netservice svc-h323-tcp tcp 1720
netservice svc-h323-udp udp 1718 1719
netservice svc-http tcp 80
netservice svc-https tcp 443
netservice svc-icmp 1
netservice svc-kerberos udp 88
netservice svc-natt udp 4500
netservice svc-ntp udp 123
netservice svc-sip-tcp tcp 5060
netservice svc-sip-udp udp 5060
netservice svc-sips tcp 5061
netservice svc-smtp tcp 25
netservice svc-ssh tcp 22
netservice svc-telnet tcp 23
netservice svc-tftp udp 69
netservice svc-vocera udp 5002
ip access-list stateless allowall-stateless
any any any permit
!
ip access-list session cplogout
user alias controller svc-https dst-nat 8081
!
ip access-list stateless cplogout-stateless
user alias controller sys-svc-https dst-nat 8081
!
ip access-list stateless dhcp-acl-stateless
any any svc-dhcp permit
!
ip access-list stateless dns-acl-stateless
any any svc-dns permit
!
ip access-list stateless http-acl-stateless
any any svc-http permit
!
ip access-list stateless https-acl-stateless
any any svc-https permit
!
ip access-list stateless icmp-acl-stateless
any any svc-icmp permit
!
ip access-list stateless logon-control-stateless
any any svc-icmp permit
any any svc-dns permit
any any svc-dhcp permit
any any svc-natt permit
!
ip access-list session validuser
network 169.254.0.0 255.255.0.0 any any deny
any any any permit
!
user-role authenticated
access-list stateless allowall-stateless
!
user-role denyall
!
user-role denydhcp
!
user-role guest
access-list stateless http-acl-stateless
access-list stateless https-acl-stateless
access-list stateless dhcp-acl-stateless
access-list stateless icmp-acl-stateless
access-list stateless dns-acl-stateless
!
user-role logon
access-list stateless logon-control-stateless
!
user-role preauth
!
!
crypto ipsec transform-set default-boc-bm-transform esp-aes256 esp-sha-hmac
crypto ipsec transform-set default-rap-transform esp-aes256 esp-sha-hmac
mgmt-user admin root
ntp server 216.239.35.0
firewall disable-stateful-h323-processing
!
ip domain lookup
!
aaa authentication mac "default"
!
aaa authentication dot1x "default"
!
aaa server-group "default"
auth-server Internal
set role condition role value-of
!
aaa profile "default"
!
aaa authentication captive-portal "default"
!
aaa authentication vpn "default"
!
aaa authentication mgmt
!
aaa authentication wired
!
web-server
session-timeout 3600
!
papi-security
!
aaa password-policy mgmt
!
traceoptions
!
service dhcp
!
probe-profile "default"
protocol icmp
!
qos-profile "default"
dscp 0
!
policer-profile "default"
!
ip-profile
controller-ip vlan 1
!
lcd-menu
!
interface-profile ospf-profile "default"
area 0.0.0.0
!
interface-profile pim-profile "default"
!
interface-profile igmp-profile "default"
!
stack-profile
!
ipv6-profile
!
service rmon
!
activate-service-firmware
!
aruba-central
!
rogue-ap-containment
!
interface-profile switching-profile "default"
!
interface-profile switching-profile "mgmt"
access-vlan 10
native-vlan 10
!
interface-profile switching-profile "Private"
!
interface-profile switching-profile "Trunking"
switchport-mode trunk
!
interface-profile switching-profile "Upstream-profile"
switchport-mode trunk
!
interface-profile tunneled-node-profile "default"
!
interface-profile poe-profile "default"
!
interface-profile poe-profile "poe-factory-initial"
enable
!
interface-profile enet-link-profile "default"
!
interface-profile lldp-profile "default"
!
interface-profile lldp-profile "lldp-factory-initial"
lldp transmit
lldp receive
!
interface-profile mstp-profile "default"
!
interface-profile pvst-port-profile "default"
!
vlan-profile dhcp-snooping-profile "default"
!
vlan-profile mld-snooping-profile "default"
!
vlan-profile igmp-snooping-profile "default"
!
vlan-profile igmp-snooping-profile "igmp-snooping-factory-initial"
!
spanning-tree
mode mstp
!
gvrp
!
mstp
!
lacp
!
vlan "1"
igmp-snooping-profile "igmp-snooping-factory-initial"
!
vlan "10"
description "mgmt"
!
vlan "15"
description "private"
!
vlan "98"
description "iot"
!
vlan "99"
description "Guest"
!
interface gigabitethernet "0/0/0"
description "Firewall"
qos-profile "default"
switching-profile "Upstream-profile"
!
interface gigabitethernet "0/0/1"
description "Office Link"
switching-profile "Trunking"
!
interface gigabitethernet "0/0/2"
description "Family Room"
switching-profile "Trunking"
!
interface gigabitethernet "0/0/3"
description "usg3p"
switching-profile "Trunking"
!
interface gigabitethernet "0/0/4"
description "Mel Office"
switching-profile "Private"
!
interface gigabitethernet "0/0/5"
switching-profile "mgmt"
!
interface gigabitethernet "0/0/10"
description "Kitchen"
switching-profile "Trunking"
!
interface gigabitethernet "0/0/12"
!
interface gigabitethernet "0/0/14"
!
interface gigabitethernet "0/0/15"
switching-profile "Private"
!
interface gigabitethernet "0/0/21"
!
interface gigabitethernet "0/0/22"
description "Server_Nic_2_VPN"
switching-profile "Private"
!
interface gigabitethernet "0/0/23"
description "Server_Management"
switching-profile "Private"
!
interface gigabitethernet "0/1/0"
description "server_10gb"
mtu 9000
switching-profile "Trunking"
!
interface vlan "1"
ip address 192.168.15.2 255.255.255.0
!
interface vlan "10"
ip address 192.168.10.2 255.255.255.0
!
interface vlan "15"
ip address 192.168.115.2 255.255.255.0
!
interface vlan "98"
ip address 192.168.98.2 255.255.255.0
!
interface vlan "99"
ip address 192.168.99.2 255.255.255.0
!
interface loopback "0"
description "default"
!
interface loopback "1"
description "vlan98"
!
interface mgmt
!
device-group ap
!
interface-group gigabitethernet "default"
apply-to ALL
lldp-profile "lldp-factory-initial"
poe-profile "poe-factory-initial"
!
snmp-server community Zer0t0uchpr0visi0ning view ALL
snmp-server community public view ALL
snmp-server view ALL oid-tree iso included
snmp-server group public v1 read ALL
snmp-server group public v2c read ALL
snmp-server group ALLPRIV v1 read ALL notify ALL
snmp-server group ALLPRIV v2c read ALL notify ALL
snmp-server group ALLPRIV v3 noauth read ALL notify ALL
snmp-server group AUTHPRIV v3 priv read ALL notify ALL
snmp-server group AUTHNOPRIV v3 auth read ALL notify ALL
snmp-server group Zer0t0uchpr0visi0ning v1 read ALL
snmp-server group Zer0t0uchpr0visi0ning v2c read ALL
snmp-server enable trap
process monitor log
end
(ArubaS2500-24P-US) #
 
  • Like
Reactions: Samir

klui

Active Member
Feb 3, 2019
132
50
28
Sure..
Like I said, I've got a pretty simple setup, I'm not really using any features other than POE and vlans
The obvious thing is your "Upstream-profile" and "Trunking" profiles are defined as a trunk but don't state what VLANs are allowed and what their native PVIDs are.
Code:
interface-profile switching-profile "Trunking"
    switchport-mode trunk
    native-vlan nn
    trunk allowed vlan oo,pp,...
You should use your management interface for OOB.
Code:
interface mgmt
    ip address xx.yy.zz.ww net.mask.aa.bb
 
  • Like
Reactions: Samir

gregsachs

Active Member
Aug 14, 2018
298
82
28
The obvious thing is your "Upstream-profile" and "Trunking" profiles are defined as a trunk but don't state what VLANs are allowed and what their native PVIDs are.
Code:
interface-profile switching-profile "Trunking"
    switchport-mode trunk
    native-vlan nn
    trunk allowed vlan oo,pp,...
You should use your management interface for OOB.
Code:
interface mgmt
    ip address xx.yy.zz.ww net.mask.aa.bb
I had an uplink port before, but now I'm trunking the vlans to my USG. The switch created uplink as part of the wizard.
Re: management port: I could, but it would just get looped back to one of the front ports.
 
  • Like
Reactions: Samir

ske4za

New Member
Feb 4, 2019
24
12
3
When I hooked it up to my network initially, I couldn't access it either. My issue turned out to be STP though, but you can do show spanning-tree to see if that's your problem.
 
  • Like
Reactions: Samir

konowl

New Member
Mar 19, 2020
5
3
3
When I hooked it up to my network initially, I couldn't access it either. My issue turned out to be STP though, but you can do show spanning-tree to see if that's your problem.
Had some time from my billion hours of public health overtime to play quickly. Forgot about this thread revisit and holy crap spanning tree shows a blockage on any port I test when connecting to another router. Ty so much, will find the command to allow.
 

klui

Active Member
Feb 3, 2019
132
50
28
Had some time from my billion hours of public health overtime to play quickly. Forgot about this thread revisit and holy crap spanning tree shows a blockage on any port I test when connecting to another router. Ty so much, will find the command to allow.
The most likely reason is many people don't understand spanning tree and their devices just has the default priority. Since most every network device has the same priority as soon as you connect another the root gets changed because the new device's MAC address has a lower ID.
 
  • Like
Reactions: Markess

konowl

New Member
Mar 19, 2020
5
3
3
The most likely reason is many people don't understand spanning tree and their devices just has the default priority. Since most every network device has the same priority as soon as you connect another the root gets changed because the new device's MAC address has a lower ID.
Yup, spanning tree was definitly the issue. Turning it off resolved the issue. I knew it was something straight foward.

That being said - you're absolutely right. I don't understand STP that much at all, and I'm very hesitant leaving it off long term.
 
Last edited:

brandonneur

New Member
Apr 9, 2020
4
1
3
Hey forumites....long time lurker here....had to hop on and give kudos for this thread so far. Thanks @cheezehead for starting the thread, and shoutout to @ViciousXUSMC for the excellent videos, both in content and in production. Your contributions are appreciated throughout.

I am in the midst of upgrading my server network from Unifi 1G to a hybrid 10G. Sad to see the Unifi equipment be replaced, though mostly for aesthetic reasons. They make strong commercial grade equipment for the price and they've served me well. So, my first 10G switch purchase was two Aruba S2500-24P just a couple of days ago. I am anxiously awaiting them, and have continued to accessorize with SFP+ transceivers and DAC.

10GBASE-SR SFP+ => SFP+ - switch => switch, switch => card
The modules I purchased were on the Aurba compatibility chart.
FTLX8571D3BNL-E5 - Genuine Finisar 10GB 850nm LC Duplex Base-SR GBIC | eBay
with OM3 patch cables
OM3 is good, no reason to not get OM4 unless it cost a lot more.
This is what I used: Amazon

DAC - switch => switch, switch => card
I'm able to confirm connectivity between the servers-->switches and switch-->switch with the following knock-off J9283B equivilant: Amazon

EDIT: To be clear, the servers have HP 530FLR NICs installed in them (part number 647581-B21/684210-B21).
I'm rolling the dice on DAC switch => card compatibility. @Emulsifide indicates switch => switch compatibility, so I am testing switch => HP NC523SFP Dual Port 10Gb card.

Unfortunately most of my server boards have onboard 10GBASE-T RJ45 connections, not SFP+, so I also rolling the dice there as well and have ordered some 10GBASE-T transceivers to try. If they work I will post details but don't want to junk up any searches at the moment.

Anyway, can't wait to get hands on equipment and put the great knowledge gleaned here to use. Thanks again and I will update middle of next week hopefully!
 

Arbies

New Member
Apr 16, 2020
2
4
3
Hello all,
First off thanks to everyone for this thread.
Been watching and picking up many of the advised items, figured I would share.

Took a gamble on a ipolex SFP+ 10GBase-T (https://www.amazon.com/gp/product/B078K7BLJL) due to the price, shipping (which took a while non-essential items and all), and it doing good in the shoot out (https://www.servethehome.com/sfp-to-10gbase-t-adapter-module-buyers-guide/).
Happy to report it was plug and play. Both the Aruba and my PFSense box are reporting 10G full duplex. 10GBase-T b/c this server has onboard chipset similar to Intel X540.

Also got picked up the DAC (74752-1301 Molex) @ske4za recommended) to go between the Aruba and a 110-1159-40 CHELSIO in my FreeNAS. In the same rack so DAC was a good price option.

Finally I have some FTLX8571D3BNL-E5 Finisar's (@ViciousXUSMC again) on order to go to another Chelsio in a desktop. Longer run so fiber wins the price point.

Wiped, loaded latest firmware and Turned off stack already. (Thanks @ViciousXUSMC for the posts and videos)
Have a few POE cameras. A pair of Ruckus POE APs.
When it is all said and done I will have taken a 4 port, an 8 port, and 4 port POE un-managed switches out of the network with most devices plugged directly into the Aruba.
 
  • Like
Reactions: klui and n17ikh