Aruba MAS series SFP+ & POE+ switches sub-$100

anonion

New Member
Feb 1, 2021
3
3
1
Anybody happen to try inserting a GPON ONT SFP into this switch? I keep getting link flap on the port.
 
  • Like
Reactions: Samir

james23

Active Member
Nov 18, 2014
441
112
43
50
Turns out this was the solution! Man... what a simple thing I'd had wrong for so long. It was deceptive because everything else worked... all I had to switch to get MDNS working for Chromecast discovery and streaming was to assign the ShieldTV interfaces to access mode as you suggested. I haven't worked through the others yet, but am tempted to stop now and avoid breaking something else given everything is now working as expected!

For my downstream Unifi wireless access points that do carry both VLAN 30 (tagged) and VLAN 1 (default / untagged) traffic, those interfaces on the Aruba switch also need to remain in trunk mode to function properly, right?
btw, if for some reason you dont want to set the aruba sw ports for "downstream Unifi wireless access points" TO trunk mode , you could still have those ports set to access mode but add the vlans you use as tagged on that port. (ie another "general way" to think of a port configed as a trunk port is that the port is just tagged for ALL vlans, ie is tagged for vlans 1-4096). not nessissary to change if all is working well now, but fyi
 
  • Like
Reactions: Samir and myrison

pr1malr8ge

Member
Nov 27, 2017
63
20
8
40
Anybody happen to try inserting a GPON ONT SFP into this switch? I keep getting link flap on the port.
Could you explain why you would consider doing this? Only reason I could think of, is that you are running your own Gpon setup to span multiple sites on a campus. If you're wanting to use this to access an ISP, not getting the reasoning behind it as the switch doesn't do NAT.. Just curious.
 
  • Like
Reactions: Samir

anonion

New Member
Feb 1, 2021
3
3
1
Could you explain why you would consider doing this? Only reason I could think of, is that you are running your own Gpon setup to span multiple sites on a campus. If you're wanting to use this to access an ISP, not getting the reasoning behind it as the switch doesn't do NAT.. Just curious.
If I was running something like that, I would hope to have better equipment than a S2500 :)

My goal was to have a pure fiber path from my desktop to the internet and to skip my ISP's modem. I am running PFSense as my router, so the S2500 would be just used as a switch, nothing more.
I know this would work as I have a C3750 which I used for testing.

No real reasoning behind it other than just for fun/experimentation. Right now I am connected to the WAN via the bridge port on my ISP's modem, which works just fine. Probably just going fiber crazy haha..
 
  • Like
Reactions: Samir

pr1malr8ge

Member
Nov 27, 2017
63
20
8
40
If I was running something like that, I would hope to have better equipment than a S2500 :)

My goal was to have a pure fiber path from my desktop to the internet and to skip my ISP's modem. I am running PFSense as my router, so the S2500 would be just used as a switch, nothing more.
I know this would work as I have a C3750 which I used for testing.

No real reasoning behind it other than just for fun/experimentation. Right now I am connected to the WAN via the bridge port on my ISP's modem, which works just fine. Probably just going fiber crazy haha..
That's what I was figuring you were wanting to do. The issue is that you're not gaining anything by doing this. As you would need to use one sfp+ for the ont then trunk to the pfsense wan on another sfp+, back to the switch on sfp+ on the lan side of pfsense then to your pc. you will burn 3 sfp+ slots doing this 4 if you count your pc. it would make more sense to get an sfp+ duel port card that works with the ont and place it directly into the pfsense and then go into the switch burning only 1 slot leaving 3 for pc/server/iot etc. Just my thinking anyways.
 
  • Like
Reactions: Samir

anonion

New Member
Feb 1, 2021
3
3
1
That's what I was figuring you were wanting to do. The issue is that you're not gaining anything by doing this. As you would need to use one sfp+ for the ont then trunk to the pfsense wan on another sfp+, back to the switch on sfp+ on the lan side of pfsense then to your pc. you will burn 3 sfp+ slots doing this 4 if you count your pc. it would make more sense to get an sfp+ duel port card that works with the ont and place it directly into the pfsense and then go into the switch burning only 1 slot leaving 3 for pc/server/iot etc. Just my thinking anyways.
Yes you're right, that's probably the better method. I only realized this after my plan to plug the GPON SFP into the S2500 didn't work. And after I already bought the single port SFP+ PCIE lol
What I wanted to do initially was to combine LAN & WAN on a single SFP+ going to PFSense and use VLANs to separate the traffic. I figured I'd have enough capacity on the 10G link to handle both.
 
  • Like
Reactions: Samir

pr1malr8ge

Member
Nov 27, 2017
63
20
8
40
Yes you're right, that's probably the better method. I only realized this after my plan to plug the GPON SFP into the S2500 didn't work. And after I already bought the single port SFP+ PCIE lol
What I wanted to do initially was to combine LAN & WAN on a single SFP+ going to PFSense and use VLANs to separate the traffic. I figured I'd have enough capacity on the 10G link to handle both.
not sure how well pfsense will handle doing wan/lan on same phy port.. but hey if it works do it.
 
  • Like
Reactions: Samir and anonion

Chadwide

New Member
Feb 16, 2021
4
5
1
Hi everyone. Wondering if anyone will help out a novice... I picked up a S2500-24P-US, updated the firmware and deleted the stacking ports without issue. I'm having problems with Apple Airplay speakers connected directly to the switch. The devices ping fine, but they are not showing up as airplay receivers. I've confirmed that they are have the default "Access" switch profile applied to their port. (I'm only running a single VLAN and all ports are configured as "access") What am I missing? Shouldn't it be passing all broadcast traffic inside the single vlan?
 
  • Like
Reactions: Samir

Chadwide

New Member
Feb 16, 2021
4
5
1
Well, I was able to modify the "Default" IGMP profile to "disabled" and assign that profile to the only vlan on the switch... That wasn't it... is there something else that would be messing with the multicast discovery protocol that airplay uses? (mDNS)
 
  • Like
Reactions: Samir

pr1malr8ge

Member
Nov 27, 2017
63
20
8
40
Well, I was able to modify the "Default" IGMP profile to "disabled" and assign that profile to the only vlan on the switch... That wasn't it... is there something else that would be messing with the multicast discovery protocol that airplay uses? (mDNS)
I like you just got the same switch and put into production with only the access vlan id 1 just like yours.. Apple airplay from my ipad to both my tv and my marantz reciever work just fine.
 
  • Like
Reactions: Samir

klui

Well-Known Member
Feb 3, 2019
589
279
63
You need to enable IGMP snooping. See Airheads Community.

I'm not versed in IP Multicast but there appears to be 2 methods to enable it on Aruba MAS. One on the VLAN per the article and another per an interface/interface-group where you can enable IP Multicast (mrouter-vlan) for a list of VLANs. ArubaOS 7.4.x CLI reference, p155.
int gig x/y/z | interface-group gig "name"
igmp-snooping mrouter-vlan add <vlan list>
Not sure which one is better, or correct. Also try enabling IGMP-snooping v3. Perhaps @pr1malr8ge can post portions of his igmp-snooping configuration.
 
  • Like
Reactions: Samir

pr1malr8ge

Member
Nov 27, 2017
63
20
8
40
You need to enable IGMP snooping. See Airheads Community.

I'm not versed in IP Multicast but there appears to be 2 methods to enable it on Aruba MAS. One on the VLAN per the article and another per an interface/interface-group where you can enable IP Multicast (mrouter-vlan) for a list of VLANs. ArubaOS 7.4.x CLI reference, p155.
int gig x/y/z | interface-group gig "name"
igmp-snooping mrouter-vlan add <vlan list>
Not sure which one is better, or correct. Also try enabling IGMP-snooping v3. Perhaps @pr1malr8ge can post portions of his igmp-snooping configuration.
Im looking at this right now.. V2 is on by default. whilst my airplay for my apple tv was working, I was not seeing plex or some other mdlna equipment on my windows 10 pc
I was trying to build a custom igmp profile but vlan 1 will not switch to it..
when I was trying to move igmp to a different profile I managed to remove it and now everything is showing up

en***
configure terminal
vlan 1
no igmp-snooping-profile


Code:
igmp-snooping-profile "igmp-snooping-factory-initial" (N/A)
-----------------------------------------------------------
Parameter                         Value
---------                         -----
IGMP snooping                     Enabled
IGMPv3 snooping                   Disabled
IGMP snooping proxy               Disabled
IGMPv3 snooping proxy             Disabled
Enable fast leave                 Disabled
startup-query-count               2
startup-query-interval(secs)      31
query-interval(secs)              125
query-response-interval(secs)     10
last-member-query-count           2
last-member-query-interval(secs)  1
robustness-variable               2
Code:
(ArubaS2500-24P-US) (config) #show vlan-profile igmp-snooping-profile IGMP_SNOOP

igmp-snooping-profile "IGMP_SNOOP" (N/A)
----------------------------------------
Parameter                         Value
---------                         -----
IGMP snooping                     Enabled
IGMPv3 snooping                   Enabled
IGMP snooping proxy               Enabled
IGMPv3 snooping proxy             Enabled
Enable fast leave                 Enabled
startup-query-count               5
startup-query-interval(secs)      6000
query-interval(secs)              6000
query-response-interval(secs)     5
last-member-query-count           2
last-member-query-interval(secs)  15
robustness-variable               2
 
Last edited:
  • Like
Reactions: Samir

pr1malr8ge

Member
Nov 27, 2017
63
20
8
40
Ok, just figured out what I was missing and why vlan 1 would not take the profile.
The hpe docs was exerting to using this
Code:
(host)(config)# vlan <vlan-id>
(host) (VLAN "1") vlan-profile igmp-snooping-profile <profile-name>
when it should be
Code:
(host)(config)# vlan <vlan-id>
(host) (VLAN "1") igmp-snooping-profile <profile-name>
My created profile shows igmpv3 enabled but the vlan is still reporting v2 but all mdns is showing/working.. I did use the example profile in the code below pulled from the hpe docs. here Document Display | HPE Support Center

Code:
Creating and Applying an IGMP Snooping Profile to a VLAN
Use the following command to create an IGMP Snooping profile:
(host)(config)# vlan-profile igmp-snooping-profile <profile-name>
clone <source>
You can use the following CLI command to enable IGMPv3 snooping in an igmp-snooping profile:
(host) (config) #vlan-profile igmp-snooping-profile <profile-name>
(host) (igmp-snooping-profile "<profile-name>") #snooping v3
To enable v2 snooping proxy, use the following command:
(host) (igmp-snooping-profile "<profile-name>") #snooping-proxy
To enable v3 snooping proxy, use the following command:
(host) (igmp-snooping-profile "<profile-name>") #snooping-proxy v3
To apply the IGMP snooping profile to a VLAN interface, use the following command:
(host)(config)# vlan <vlan-id>
igmp-snooping-profile <profile-name>
Sample Configuration
Use the following sample to configure an IGMP v2 Snooping:
(host)(config)# vlan-profile igmp-snooping-profile IGMP_SNOOP
ArubaOS 7.4.x | User Guide IGMP Snooping | 257
258 | IGMP Snooping ArubaOS 7.4.x | User Guide
(host) (igmp-snooping-profile "IGMP_SNOOP")fast-leave
(host) (igmp-snooping-profile "IGMP_SNOOP")last-member-query-count 2
(host) (igmp-snooping-profile "IGMP_SNOOP")last-member-query-interval 15
(host) (igmp-snooping-profile "IGMP_SNOOP")query-interval 6000
(host) (igmp-snooping-profile "IGMP_SNOOP")query-response-interval 5
(host) (igmp-snooping-profile "IGMP_SNOOP")robustness-variable 2
(host) (igmp-snooping-profile "IGMP_SNOOP")snooping
(host) (igmp-snooping-profile "IGMP_SNOOP")snooping-proxy
(host) (igmp-snooping-profile "IGMP_SNOOP")startup-query-count 5
(host) (igmp-snooping-profile "IGMP_SNOOP")startup-query-interval 6000
(host)(config)# vlan 200
(host) (VLAN "200") #igmp-snooping-profile IGMP_SNOOP
Use the following sample to configure an IGMP v3 Snooping:
(host) (config) #vlan-profile igmp-snooping-profile igmp-snoop-11
(host) (igmp-snooping-profile "igmp-snoop-11") #snooping v3
(host) (igmp-snooping-profile "igmp-snoop-11") #snooping-proxy v3
(host) (config) #vlan 11
(host) (VLAN "11") #igmp-snooping-profile igmp-snoop-11
Verifying IGMP Snooping Configuration
Use the following show command to verify the IGMP Snooping configuration:
(host) # show vlan-profile igmp-snooping-profile igmp-snoop-11
igmp-snooping-profile "igmp-snoop-11" (N/A)
-------------------------------------------
Parameter Value
--------- -----
IGMP snooping Enabled
IGMPv3 snooping Enabled
IGMP snooping proxy Enabled
IGMPv3 snooping proxy Enabled
Enable fast leave Enabled
startup-query-count 2
startup-query-interval(secs) 31
query-interval(secs) 15000
query-response-interval(secs) 10
last-member-query-count 2
last-member-query-interval(secs) 10
robustness-variable 2
You can use the following command on a VLAN interface to know the IGMP Snooping version in use:
(host) #show vlan 11 extensive
Dot1q tag: 11, Description: VLAN0011
IGMP-snooping profile name: igmp-snoop-11
IGMP-snooping: Enabled, Version: 3
IGMP-snooping proxy: Enabled, Version: 3
MAC aging time: 5 minutes
Number of interfaces: 28, Active: 22
VLAN membership:
GE0/0/2* Access Trusted Untagged
GE0/0/3* Access Trusted Untagged
GE0/0/4* Access Trusted Untagged
GE0/0/5* Access Trusted Untagged
GE0/0/6* Access Trusted Untagged
GE0/0/7* Access Trusted Untagged
Code:
(ArubaS2500-24P-US) (config) #show vlan-profile igmp-snooping-profile IGMP_SNOOP

igmp-snooping-profile "IGMP_SNOOP" (N/A)
----------------------------------------
Parameter                         Value
---------                         -----
IGMP snooping                     Enabled
IGMPv3 snooping                   Enabled
IGMP snooping proxy               Enabled
IGMPv3 snooping proxy             Enabled
Enable fast leave                 Enabled
startup-query-count               5
startup-query-interval(secs)      6000
query-interval(secs)              6000
query-response-interval(secs)     5
last-member-query-count           2
last-member-query-interval(secs)  15
robustness-variable               2
(ArubaS2500-24P-US) #show vlan 1 extensive

Dot1q tag: 1, Description: VLAN0001
IGMP-snooping profile name: IGMP_SNOOP
IGMP-snooping: Enabled, Version: 2
IGMP-snooping proxy: Enabled, Version: 2
MSTP instance: 0
MAC aging time: 5 minutes
Number of interfaces: 25, Active: 7, Non-Blocking: 6
VLAN membership:
        GE0/0/0*   Access Trusted   Untagged
        GE0/0/1*   Access Trusted   Untagged
        GE0/0/2*   Access Trusted   Untagged
        GE0/0/3    Access Trusted   Untagged
        GE0/0/4*   Access Trusted   Untagged
        GE0/0/5*   Access Trusted   Untagged
        GE0/0/6*   Access Trusted   Untagged
        GE0/0/7    Access Trusted   Untagged
        GE0/0/8    Access Trusted   Untagged
        GE0/0/9    Access Trusted   Untagged
        GE0/0/10   Access Trusted   Untagged
        GE0/0/11   Access Trusted   Untagged
        GE0/0/12   Access Trusted   Untagged
        GE0/0/13   Access Trusted   Untagged
 
Last edited:
  • Like
Reactions: Samir

Chadwide

New Member
Feb 16, 2021
4
5
1
Big Thanks pr1malr8ge. I was confused between applying an IGMP profile and an IGMP-Snooping profile. I re-enabled IGMP V2 by modifying the "default" igmp profile and applying it to Vlan1. I then removed the IGMP snooping profile with
(ArubaS2500-24P-US) (Vlan1) no igmp-snooping-profile. Airplay discovery is now propagating properly. I guess I don't quite understand what it means to have IGMP without IGMP Snooping, but it works and I'm happy. Thanks again.
 
  • Like
Reactions: Samir

pr1malr8ge

Member
Nov 27, 2017
63
20
8
40
Big Thanks pr1malr8ge. I was confused between applying an IGMP profile and an IGMP-Snooping profile. I re-enabled IGMP V2 by modifying the "default" igmp profile and applying it to Vlan1. I then removed the IGMP snooping profile with
(ArubaS2500-24P-US) (Vlan1) no igmp-snooping-profile. Airplay discovery is now propagating properly. I guess I don't quite understand what it means to have IGMP without IGMP Snooping, but it works and I'm happy. Thanks again.
Lol.. I blundered my way through that.. I will say that not having IGMP on will propigate multicast to all ports and is wastefull.. In my case it seems that when I removed the profile it resulted in the same propigation you just saw.. how ever re-enableing igmp did not stop the multicast.. how ever I did not use the defualt profile and used these settings
Code:
igmp-snooping-profile "IGMP_SNOOP" (N/A)
----------------------------------------
Parameter                         Value
---------                         -----
IGMP snooping                     Enabled
IGMPv3 snooping                   Enabled
IGMP snooping proxy               Enabled
IGMPv3 snooping proxy             Enabled
Enable fast leave                 Enabled
startup-query-count               5
startup-query-interval(secs)      6000
query-interval(secs)              6000
query-response-interval(secs)     5
last-member-query-count           2
last-member-query-interval(secs)  15
robustness-variable               2
 
  • Like
Reactions: Samir

fiftynine

New Member
May 12, 2020
21
7
3
I'm new to aruba switches but decided anyway to replace bunch of mikrotik 10G switches with s2500/s3500s. I wanted to start with a simple network without any vlans and in the long run configure these better - I just wanted to drop these in place of mikrotiks and call it a day.

However during initial config I chose all the ports as uplinks and maybe thats why connections via this switch dropped after every four minutes?

I thought about spanning-tree but didn't really find an example of the blocked output.
 
  • Like
Reactions: Samir

pr1malr8ge

Member
Nov 27, 2017
63
20
8
40
Having a bit of issues. My switch has been working for a year now but I've never really tried any through put testing.. Well when I run Iperf3 between my work station to my nas or to my pfsense build or any combination of the 3 the fastest I can get is just shy of 2Gbit/s
I first thought it was my work station as internal tests it was capping around 7gbps how ever pfsense and freenas are in the 23gig range and between them is the same as between my work station at just shy of 2g/s which means the switch is the issue. Unless im just not understanding something. If someone could help would be appreciated.

Freenas SM x9-dri-lnf4 with a melenox CX3 Finstar 10g mmo
Pfsense X10SDV-TP8F built in 10g sfp+ running finstar 10g mmo transciever
Pfsense to freenas.
Code:
Server listening on 5201
-----------------------------------------------------------
Accepted connection from 192.168.254.254, port 11302
[  5] local 192.168.254.200 port 5201 connected to 192.168.254.254 port 34145
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec   232 MBytes  1.95 Gbits/sec
[  5]   1.00-2.00   sec   231 MBytes  1.94 Gbits/sec
[  5]   2.00-3.00   sec   232 MBytes  1.94 Gbits/sec
[  5]   3.00-4.00   sec   230 MBytes  1.93 Gbits/sec
[  5]   4.00-5.00   sec   231 MBytes  1.94 Gbits/sec
[  5]   5.00-6.00   sec   231 MBytes  1.94 Gbits/sec
[  5]   6.00-7.00   sec   231 MBytes  1.94 Gbits/sec
[  5]   7.00-8.00   sec   232 MBytes  1.95 Gbits/sec
[  5]   8.00-9.00   sec   231 MBytes  1.94 Gbits/sec
[  5]   9.00-10.00  sec   232 MBytes  1.94 Gbits/sec
[  5]  10.00-10.00  sec  26.9 KBytes  2.20 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-10.00  sec  2.26 GBytes  1.94 Gbits/sec                  receiver
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
Nas internal test
Code:
root@aeronas:~ # iperf3 -B 127.0.0.1 -c 127.0.0.1
Connecting to host 127.0.0.1, port 5201
[  5] local 127.0.0.1 port 54516 connected to 127.0.0.1 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  2.98 GBytes  25.6 Gbits/sec    0   3.27 MBytes
[  5]   1.00-2.00   sec  2.97 GBytes  25.5 Gbits/sec    0   3.27 MBytes
[  5]   2.00-3.00   sec  2.96 GBytes  25.5 Gbits/sec    0   3.27 MBytes
[  5]   3.00-4.00   sec  2.96 GBytes  25.4 Gbits/sec    0   3.27 MBytes
[  5]   4.00-5.00   sec  2.95 GBytes  25.4 Gbits/sec    0   3.27 MBytes
[  5]   5.00-6.00   sec  2.94 GBytes  25.2 Gbits/sec    0   3.27 MBytes
[  5]   6.00-7.00   sec  2.96 GBytes  25.4 Gbits/sec    0   3.27 MBytes
[  5]   7.00-8.00   sec  2.97 GBytes  25.5 Gbits/sec    0   3.27 MBytes
[  5]   8.00-9.00   sec  2.96 GBytes  25.5 Gbits/sec    0   3.27 MBytes
[  5]   9.00-10.00  sec  2.96 GBytes  25.4 Gbits/sec    0   3.27 MBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  29.6 GBytes  25.4 Gbits/sec    0             sender
[  5]   0.00-10.00  sec  29.6 GBytes  25.4 Gbits/sec                  receiver
Pfsense Internal test
Code:
[2.5.2-RELEASE][admin@pfSense.localdomain]/root: iperf3 -B 127.0.0.1 -c 127.0.0.1
Connecting to host 127.0.0.1, port 5201
[  5] local 127.0.0.1 port 56269 connected to 127.0.0.1 port 5201
[ ID] Interval           Transfer     Bitrate         Retr  Cwnd
[  5]   0.00-1.00   sec  2.74 GBytes  23.6 Gbits/sec    0   2.00 MBytes
[  5]   1.00-2.00   sec  2.71 GBytes  23.3 Gbits/sec    0   2.00 MBytes
[  5]   2.00-3.00   sec  2.71 GBytes  23.3 Gbits/sec    0   2.00 MBytes
[  5]   3.00-4.00   sec  2.65 GBytes  22.8 Gbits/sec    0   2.00 MBytes
[  5]   4.00-5.00   sec  2.70 GBytes  23.2 Gbits/sec    0   2.00 MBytes
[  5]   5.00-6.00   sec  2.70 GBytes  23.2 Gbits/sec    0   2.00 MBytes
[  5]   6.00-7.00   sec  2.69 GBytes  23.1 Gbits/sec    0   2.00 MBytes
[  5]   7.00-8.00   sec  2.69 GBytes  23.1 Gbits/sec    0   2.00 MBytes
[  5]   8.00-9.00   sec  2.69 GBytes  23.1 Gbits/sec    0   2.00 MBytes
[  5]   9.00-10.00  sec  2.69 GBytes  23.1 Gbits/sec    0   2.00 MBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate         Retr
[  5]   0.00-10.00  sec  27.0 GBytes  23.2 Gbits/sec    0             sender
[  5]   0.00-10.00  sec  27.0 GBytes  23.2 Gbits/sec                  receiver

iperf Done.
 
Last edited:
  • Like
Reactions: Samir