Aruba MAS series SFP+ & POE+ switches sub-$100

Decoy

New Member
May 11, 2020
8
3
3
18+ months later and the thread is still kicking:D
...Some of us feel like it has only been a month or so! (but thanks for starting it ;))

Also, FS.com have responded to my query re DAC lengths making any difference in this case with a resounding "no". They are sending another 1.5m DAC with 'different' coding to trial. Hopefully I'll have more luck this time!
For anyone interested, I received the replacement 'generic' 1.5m FS.com DAC - it works well! (It does report itself as a 3m length this time though...)
 

tillburn

Member
Aug 23, 2020
31
26
18
FYI I am running these transceivers amazon Hifiber and I am getting 9.2 to 9.7 Gbit/s with MTU 1500 settings. Most of the 10GbE cards are Intel 540x series with Cat7 series cable, one run is about 50 meters with no loss.

On another note I discovered the hidden gem to pair with my 2500P, STH article on the X10SLH-N6-ST031 Overkill is under-rated when running Pfsense w/heavy Squid, Snort and PFBlocker usage. My poor little quad core J1900 CPU pegs out to 100% usage all too often, can't wait for this upgrade :)
 
  • Like
Reactions: Samir

myrison

Member
Jan 26, 2011
47
33
18
Hi all -- I'm hoping I can lean on your collective wisdom with these switches to get MDNS traffic working correctly between wired and wireless clients on these switches. I was one of the early buyers in this thread and have lived without my chromecasts properly working for the last 1.5-2 years but it's finally annoyed me enough to try and fix it.

Summary of the problem:
All within a single VLAN, Chromecasts (actually NVidia ShieldTVs with chromecast built in) connected to wireless can be found and streamed to reliably. Chromecasts that are connected via ethernet into the Aruba switch cannot be seen on the network. I've done a wireshark packet capture on another computer on the network, and it will show me the MDNS traffic coming from the wireless clients, but traffic from the wired clients doesn't seem to pass back out of the switch to other devices on the network. I'm also having problems with other things relying on broadcast traffic between wired / wireless, but I suspect if I solve it for Chromecast, I'll solve it or everything.

I've reset my Aruba switch to factory config, and have only set up 2 VLANs to support my kids network vs. default network. All of the chromecasts are on the default VLAN, so there should be no complexity communicating between VLANs yet. Below is a screenshot of my basic config on the switch. Thank you for taking a look!

Edit to add a bit more info:
I have several Unifi access points that I use to create my wifi networks. Most are connected to the Aruba switch, one is connected to a Unifi managed switch. I also have one Chromecast connected to a wired Unifi managed switch before uplinking to the Aruba switch. This chromecast always works fine, which points me back to thinking that it must be the config of the Aruba switch that is not passing on the broadcast traffic consistently.

Summary: devices connected via wifi to Unifi APs (which uplink to Aruba) and devices connected via ethernet to Unifi managed switches (uplinked to Aruba) work. Devices hard-wired to Aruba switch are usually not visible to stream to.

I realize this may be confusing, if I can provide more info that makes this easier to troubleshoot, I'd be happy to.


Screen Shot 2020-09-25 at 4.27.21 PM.png
 
Last edited:
  • Like
Reactions: Samir

madmailman

New Member
May 4, 2020
4
4
3
Hi all -- I'm hoping I can lean on your collective wisdom with these switches to get MDNS traffic working correctly between wired and wireless clients on these switches. I was one of the early buyers in this thread and have lived without my chromecasts properly working for the last 1.5-2 years but it's finally annoyed me enough to try and fix it.

Summary of the problem:
All within a single VLAN, Chromecasts (actually NVidia ShieldTVs with chromecast built in) connected to wireless can be found and streamed to reliably. Chromecasts that are connected via ethernet into the Aruba switch cannot be seen on the network. I've done a wireshark packet capture on another computer on the network, and it will show me the MDNS traffic coming from the wireless clients, but traffic from the wired clients doesn't seem to pass back out of the switch to other devices on the network. I'm also having problems with other things relying on broadcast traffic between wired / wireless, but I suspect if I solve it for Chromecast, I'll solve it or everything.

I've reset my Aruba switch to factory config, and have only set up 2 VLANs to support my kids network vs. default network. All of the chromecasts are on the default VLAN, so there should be no complexity communicating between VLANs yet. Below is a screenshot of my basic config on the switch. Thank you for taking a look!

Edit to add a bit more info:
I have several Unifi access points that I use to create my wifi networks. Most are connected to the Aruba switch, one is connected to a Unifi managed switch. I also have one Chromecast connected to a wired Unifi managed switch before uplinking to the Aruba switch. This chromecast always works fine, which points me back to thinking that it must be the config of the Aruba switch that is not passing on the broadcast traffic consistently.

Summary: devices connected via wifi to Unifi APs (which uplink to Aruba) and devices connected via ethernet to Unifi managed switches (uplinked to Aruba) work. Devices hard-wired to Aruba switch are usually not visible to stream to.

I realize this may be confusing, if I can provide more info that makes this easier to troubleshoot, I'd be happy to.


View attachment 15886
Have you by any chance set up a vlan on your unifi controller?
 
  • Like
Reactions: Samir

myrison

Member
Jan 26, 2011
47
33
18
Have you by any chance set up a vlan on your unifi controller?
Thanks for the quick answer. Yeah, VLAN is up and working fine on the Unfi setup. The default VLAN is the same on both, and I'm only testing Chromecasts from within the default VLAN, so I don't think that's the issue. Screenshot below just to make sure I'm not missing something obvious.

One thing I'm still hunting down... I don't understand bridge vs. tunneled mode settings for an interface well enough , but one article I read made me wonder if I have to put the ports in tunnel mode to make sure traffic goes back to the edgerouter to distribute to the rest of the network vs. allowing the switch to manage it. Still reading up on this, but thought I'd mention it to see if there is a best practice for an interface connected to a downstream AP vs. an interface connected to a single endpoint device.Screen Shot 2020-09-25 at 5.34.13 PM.png
 
  • Like
Reactions: Samir

madmailman

New Member
May 4, 2020
4
4
3
I may be completely wrong on this but to me it looks like your unifi vlan is not the same as your Aruba vlan for you main network. If it were my setup I would scrap all the clans and get all the traffic flowing between all devices and only then start to implement the vlans so you can see where it breaks. A lot of work and probably a lot of complaining from the “users” but maybe start by trying to match up the default vlan to the Aruba main vlan. Good luck!
 
  • Like
Reactions: Samir

ske4za

Member
Feb 4, 2019
78
43
18
Also, I would change all of those switch mode profiles to access except for the upstream profile to the switch. No point in having all trunk ports if your end devices are just on the access VLAN. Your kids VLAN won't work properly because access VLAN is ignored when the profile is in trunk.

Switch-Port Mode—Specifies whether the port is an access port connected to an end device or a trunk port for uplink connectivity.
Access VLAN—Specifies the VLAN ID for the port, when the switch-port mode is access.
Native VLAN—Specifies the VLAN for incoming untagged packets, when the switch-port mode is trunk. When a packet goes out of a trunk interface in native VLAN, it will be untagged. By default, VLAN 1 is the native VLAN. The native VLAN should be part of the trunk allowed VLANs.
edit: you're and your :p
 
Last edited:
  • Like
Reactions: myrison and Samir

myrison

Member
Jan 26, 2011
47
33
18
Also, I would change all of those switch mode profiles to access except for the upstream profile to the switch. No point in having all trunk ports if you're end devices are just on the access VLAN. Your kids VLAN won't work properly because access VLAN is ignored when the profile is in trunk.
This is very helpful, thank you. I made a few changes this direction yesterday and things seem to be improving. I'll continue along these lines today. Thank you!
 
  • Like
Reactions: Samir

myrison

Member
Jan 26, 2011
47
33
18
Also, I would change all of those switch mode profiles to access except for the upstream profile to the switch. No point in having all trunk ports if your end devices are just on the access VLAN. Your kids VLAN won't work properly because access VLAN is ignored when the profile is in trunk.
Turns out this was the solution! Man... what a simple thing I'd had wrong for so long. It was deceptive because everything else worked... all I had to switch to get MDNS working for Chromecast discovery and streaming was to assign the ShieldTV interfaces to access mode as you suggested. I haven't worked through the others yet, but am tempted to stop now and avoid breaking something else given everything is now working as expected!

For my downstream Unifi wireless access points that do carry both VLAN 30 (tagged) and VLAN 1 (default / untagged) traffic, those interfaces on the Aruba switch also need to remain in trunk mode to function properly, right?
 
  • Like
Reactions: Samir

ske4za

Member
Feb 4, 2019
78
43
18
For my downstream Unifi wireless access points that do carry both VLAN 30 (tagged) and VLAN 1 (default / untagged) traffic, those interfaces on the Aruba switch also need to remain in trunk mode to function properly, right?
Glad that fixed it! And yes you'd leave those in trunk as well to pass the tagged VLAN traffic.
 
  • Like
Reactions: Samir

tillburn

Member
Aug 23, 2020
31
26
18
Hey Vicious and crew, I posted on the proxmox forums, but maybe you already ran into this before.

"When ENO1 10GbE on server is plugged into Aruba switch via SFP+ 10G trans (0/1/1) and is part of linux bridge vmbr0 I can not access the proxmox webui or the webui for FreeNAS (also on vmbr0). When I simply move the ethernet cable on the switch from a 10G port to a 1G port I can then access the webui for proxmox and the webui for one of on of my vm's FreeNAS."

FYI this post linked below is pending "approval"...


@ViciousXUSMC
 

Attachments

Last edited:
  • Like
Reactions: Samir

HaxSmash

New Member
Oct 15, 2020
8
2
3
For those using the 10G-Base-T SFP+ modules, have you had any luck running those at 2.5G or 5G?
Super late reply to a zombie thread, but for anyone else wondering like I was, yes, I was able to get 2.5gbe links to work between an Ipolex 10GbaseT sfp+ module and a generic Realtek 2.5gbe nic. Iperf numbers average 2.3gbit. I haven’t had any issues with it at all.
 

crookedview

New Member
Nov 4, 2020
2
2
1
Hoping someone can assist -

I picked up an Aruba S2500-48P, and I'm trying to do a MAC-based VLAN.

I have an unmanaged switch with a few devices connected to one of the ports on the S2500, and I'd like to have one of the devices on the unmanaged switch be assigned to a particular VLAN. From cursory research, this seemed possible via a MAC-based VLAN, but maybe I'm missing something.

Thank you!
 
  • Like
Reactions: Samir

klui

Well-Known Member
Feb 3, 2019
589
279
63
Your VLANs won't help separate devices from one another within the unmanaged switch's layer 2 broadcast domain. Having never done this, the S2500's ArubaOS 7.4.x User Guide gives a clue on how.
  • Assign user role as default role for MAC-based authenticated clients.
  • Configure default user role for MAC-based authentication in the AAA profile.
  • Configure server group the switch uses to validate the clients.
There is already a "default" MAC authentication profile but this is just looks like options on how it parses things
aaa authentication mac "default"

Configure clients
local-userdb add username <macaddr> password <macaddr>

Then the user guide assumes you know what to do. There is a section in the webUI (Configuration > Authentication > Profiles) that allow a VLAN/port be assigned for an AAA Profile. Applying some changes there will show you how to configure it in the CLI.

Play around with it. Looks like...
aaa profile "mac-auth-1"
initial-role "authenticated"
authentication-mac "default"
mac-default-role "authenticated"
user-role authenticated
vlan xx
access-list stateless allowall-stateless
interface gigabitethernet x/y/z
aaa-profile "mac-auth-1"
vlan xx
aaa-profile "mac-auth-1"
 
Last edited:

crookedview

New Member
Nov 4, 2020
2
2
1
Thank you for the reply - that at least got me a little more familiar with the CLI. However, it seems like I must still be missing a critical step.

I ran the commands you provided (just changed the profile name), which seem to have gotten a user created with a MAC address as the user/pass, and a profile created to do MAC authentication.

I basically have an unmanaged switch with four devices on it attached to port 0/0/1, and one of those devices I want to be assigned VLAN 20 based on its MAC address, say its MAC address is aabbccddeeff. The rest of the devices attached to the unmanaged switch wouldn't have any special VLAN assignments.

1604878631000.png

I don't have anything crazy in the VLAN page. VLAN 20 is created, and there are no ports assigned to that VLAN on the Ports page of the UI.




Your VLANs won't help separate devices from one another within the unmanaged switch's layer 2 broadcast domain. Having never done this, the S2500's ArubaOS 7.4.x User Guide gives a clue on how.
  • Assign user role as default role for MAC-based authenticated clients.
  • Configure default user role for MAC-based authentication in the AAA profile.
  • Configure server group the switch uses to validate the clients.
There is already a "default" MAC authentication profile but this is just looks like options on how it parses things
aaa authentication mac "default"

Configure clients
local-userdb add username <macaddr> password <macaddr>

Then the user guide assumes you know what to do. There is a section in the webUI (Configuration > Authentication > Profiles) that allow a VLAN/port be assigned for an AAA Profile. Applying some changes there will show you how to configure it in the CLI.

Play around with it. Looks like...
aaa profile "mac-auth-1"
initial-role "authenticated"
authentication-mac "default"
mac-default-role "authenticated"
user-role authenticated
vlan xx
access-list stateless allowall-stateless
interface gigabitethernet x/y/z
aaa-profile "mac-auth-1"
vlan xx
aaa-profile "mac-auth-1"
 
  • Like
Reactions: Samir

klui

Well-Known Member
Feb 3, 2019
589
279
63
Play around with aaa authentication mac "default" options. Maybe those parameters need to match your your local-userdb's entries. Also do you have ge-0/0/1 defined as a trunk allowing tagged VLAN 20?
 
Last edited:
  • Like
Reactions: Samir

AERuffy

Member
Dec 12, 2013
103
18
18
Soooooo. Prices have gone up slightly but not by much. I'm seeing roughly $100 shipped.
This or a Brocade FCX648S + 4port SFP+ module. Both are roughly the same.

Looking to replace some power hungry Netgear GSM7352Sv2
 
  • Like
Reactions: Samir

tRens

New Member
Jan 2, 2021
9
4
3
I just want you all to know this thread has been a great help!!

In two ways.. helping find / update / setup my new (to me) Aruba s2500 and in the second way of making the wife angry at all of the new computer hardware showing up.. hehe ;)

Thank you!
 

mimino

Active Member
Nov 2, 2018
193
75
28
I just want you all to know this thread has been a great help!!

In two ways.. helping find / update / setup my new (to me) Aruba s2500 and in the second way of making the wife angry at all of the new computer hardware showing up.. hehe ;)

Thank you!
If your wife complains about the noise more than anything else, I'd suggest doing the fan mod. I've replaced mine with SUNON MagLev HA40201V4-0000-C99 ordered on aliexpress from China. I didn't think that spending almost as much on Noctuas as I paid for the switch made a lot of sense. SUNONs are doing a pretty good job and the unit is much quieter than with OM fans. I only use 6 ports (2 PoE) + 2 SFP+ so it's not fully loaded, but the temperatures are well within limits. Enjoy your new toy!