btw, if for some reason you dont want to set the aruba sw ports for "downstream Unifi wireless access points" TO trunk mode , you could still have those ports set to access mode but add the vlans you use as tagged on that port. (ie another "general way" to think of a port configed as a trunk port is that the port is just tagged for ALL vlans, ie is tagged for vlans 1-4096). not nessissary to change if all is working well now, but fyiTurns out this was the solution! Man... what a simple thing I'd had wrong for so long. It was deceptive because everything else worked... all I had to switch to get MDNS working for Chromecast discovery and streaming was to assign the ShieldTV interfaces to access mode as you suggested. I haven't worked through the others yet, but am tempted to stop now and avoid breaking something else given everything is now working as expected!
For my downstream Unifi wireless access points that do carry both VLAN 30 (tagged) and VLAN 1 (default / untagged) traffic, those interfaces on the Aruba switch also need to remain in trunk mode to function properly, right?
Could you explain why you would consider doing this? Only reason I could think of, is that you are running your own Gpon setup to span multiple sites on a campus. If you're wanting to use this to access an ISP, not getting the reasoning behind it as the switch doesn't do NAT.. Just curious.Anybody happen to try inserting a GPON ONT SFP into this switch? I keep getting link flap on the port.
If I was running something like that, I would hope to have better equipment than a S2500Could you explain why you would consider doing this? Only reason I could think of, is that you are running your own Gpon setup to span multiple sites on a campus. If you're wanting to use this to access an ISP, not getting the reasoning behind it as the switch doesn't do NAT.. Just curious.
That's what I was figuring you were wanting to do. The issue is that you're not gaining anything by doing this. As you would need to use one sfp+ for the ont then trunk to the pfsense wan on another sfp+, back to the switch on sfp+ on the lan side of pfsense then to your pc. you will burn 3 sfp+ slots doing this 4 if you count your pc. it would make more sense to get an sfp+ duel port card that works with the ont and place it directly into the pfsense and then go into the switch burning only 1 slot leaving 3 for pc/server/iot etc. Just my thinking anyways.If I was running something like that, I would hope to have better equipment than a S2500
My goal was to have a pure fiber path from my desktop to the internet and to skip my ISP's modem. I am running PFSense as my router, so the S2500 would be just used as a switch, nothing more.
I know this would work as I have a C3750 which I used for testing.
No real reasoning behind it other than just for fun/experimentation. Right now I am connected to the WAN via the bridge port on my ISP's modem, which works just fine. Probably just going fiber crazy haha..
Yes you're right, that's probably the better method. I only realized this after my plan to plug the GPON SFP into the S2500 didn't work. And after I already bought the single port SFP+ PCIE lolThat's what I was figuring you were wanting to do. The issue is that you're not gaining anything by doing this. As you would need to use one sfp+ for the ont then trunk to the pfsense wan on another sfp+, back to the switch on sfp+ on the lan side of pfsense then to your pc. you will burn 3 sfp+ slots doing this 4 if you count your pc. it would make more sense to get an sfp+ duel port card that works with the ont and place it directly into the pfsense and then go into the switch burning only 1 slot leaving 3 for pc/server/iot etc. Just my thinking anyways.
not sure how well pfsense will handle doing wan/lan on same phy port.. but hey if it works do it.Yes you're right, that's probably the better method. I only realized this after my plan to plug the GPON SFP into the S2500 didn't work. And after I already bought the single port SFP+ PCIE lol
What I wanted to do initially was to combine LAN & WAN on a single SFP+ going to PFSense and use VLANs to separate the traffic. I figured I'd have enough capacity on the 10G link to handle both.
I like you just got the same switch and put into production with only the access vlan id 1 just like yours.. Apple airplay from my ipad to both my tv and my marantz reciever work just fine.Well, I was able to modify the "Default" IGMP profile to "disabled" and assign that profile to the only vlan on the switch... That wasn't it... is there something else that would be messing with the multicast discovery protocol that airplay uses? (mDNS)
Im looking at this right now.. V2 is on by default. whilst my airplay for my apple tv was working, I was not seeing plex or some other mdlna equipment on my windows 10 pcYou need to enable IGMP snooping. See Airheads Community.
I'm not versed in IP Multicast but there appears to be 2 methods to enable it on Aruba MAS. One on the VLAN per the article and another per an interface/interface-group where you can enable IP Multicast (mrouter-vlan) for a list of VLANs. ArubaOS 7.4.x CLI reference, p155.
int gig x/y/z | interface-group gig "name"igmp-snooping mrouter-vlan add <vlan list>Not sure which one is better, or correct. Also try enabling IGMP-snooping v3. Perhaps @pr1malr8ge can post portions of his igmp-snooping configuration.
igmp-snooping-profile "igmp-snooping-factory-initial" (N/A)
-----------------------------------------------------------
Parameter Value
--------- -----
IGMP snooping Enabled
IGMPv3 snooping Disabled
IGMP snooping proxy Disabled
IGMPv3 snooping proxy Disabled
Enable fast leave Disabled
startup-query-count 2
startup-query-interval(secs) 31
query-interval(secs) 125
query-response-interval(secs) 10
last-member-query-count 2
last-member-query-interval(secs) 1
robustness-variable 2
(ArubaS2500-24P-US) (config) #show vlan-profile igmp-snooping-profile IGMP_SNOOP
igmp-snooping-profile "IGMP_SNOOP" (N/A)
----------------------------------------
Parameter Value
--------- -----
IGMP snooping Enabled
IGMPv3 snooping Enabled
IGMP snooping proxy Enabled
IGMPv3 snooping proxy Enabled
Enable fast leave Enabled
startup-query-count 5
startup-query-interval(secs) 6000
query-interval(secs) 6000
query-response-interval(secs) 5
last-member-query-count 2
last-member-query-interval(secs) 15
robustness-variable 2
(host)(config)# vlan <vlan-id>
(host) (VLAN "1") vlan-profile igmp-snooping-profile <profile-name>
(host)(config)# vlan <vlan-id>
(host) (VLAN "1") igmp-snooping-profile <profile-name>
Creating and Applying an IGMP Snooping Profile to a VLAN
Use the following command to create an IGMP Snooping profile:
(host)(config)# vlan-profile igmp-snooping-profile <profile-name>
clone <source>
You can use the following CLI command to enable IGMPv3 snooping in an igmp-snooping profile:
(host) (config) #vlan-profile igmp-snooping-profile <profile-name>
(host) (igmp-snooping-profile "<profile-name>") #snooping v3
To enable v2 snooping proxy, use the following command:
(host) (igmp-snooping-profile "<profile-name>") #snooping-proxy
To enable v3 snooping proxy, use the following command:
(host) (igmp-snooping-profile "<profile-name>") #snooping-proxy v3
To apply the IGMP snooping profile to a VLAN interface, use the following command:
(host)(config)# vlan <vlan-id>
igmp-snooping-profile <profile-name>
Sample Configuration
Use the following sample to configure an IGMP v2 Snooping:
(host)(config)# vlan-profile igmp-snooping-profile IGMP_SNOOP
ArubaOS 7.4.x | User Guide IGMP Snooping | 257
258 | IGMP Snooping ArubaOS 7.4.x | User Guide
(host) (igmp-snooping-profile "IGMP_SNOOP")fast-leave
(host) (igmp-snooping-profile "IGMP_SNOOP")last-member-query-count 2
(host) (igmp-snooping-profile "IGMP_SNOOP")last-member-query-interval 15
(host) (igmp-snooping-profile "IGMP_SNOOP")query-interval 6000
(host) (igmp-snooping-profile "IGMP_SNOOP")query-response-interval 5
(host) (igmp-snooping-profile "IGMP_SNOOP")robustness-variable 2
(host) (igmp-snooping-profile "IGMP_SNOOP")snooping
(host) (igmp-snooping-profile "IGMP_SNOOP")snooping-proxy
(host) (igmp-snooping-profile "IGMP_SNOOP")startup-query-count 5
(host) (igmp-snooping-profile "IGMP_SNOOP")startup-query-interval 6000
(host)(config)# vlan 200
(host) (VLAN "200") #igmp-snooping-profile IGMP_SNOOP
Use the following sample to configure an IGMP v3 Snooping:
(host) (config) #vlan-profile igmp-snooping-profile igmp-snoop-11
(host) (igmp-snooping-profile "igmp-snoop-11") #snooping v3
(host) (igmp-snooping-profile "igmp-snoop-11") #snooping-proxy v3
(host) (config) #vlan 11
(host) (VLAN "11") #igmp-snooping-profile igmp-snoop-11
Verifying IGMP Snooping Configuration
Use the following show command to verify the IGMP Snooping configuration:
(host) # show vlan-profile igmp-snooping-profile igmp-snoop-11
igmp-snooping-profile "igmp-snoop-11" (N/A)
-------------------------------------------
Parameter Value
--------- -----
IGMP snooping Enabled
IGMPv3 snooping Enabled
IGMP snooping proxy Enabled
IGMPv3 snooping proxy Enabled
Enable fast leave Enabled
startup-query-count 2
startup-query-interval(secs) 31
query-interval(secs) 15000
query-response-interval(secs) 10
last-member-query-count 2
last-member-query-interval(secs) 10
robustness-variable 2
You can use the following command on a VLAN interface to know the IGMP Snooping version in use:
(host) #show vlan 11 extensive
Dot1q tag: 11, Description: VLAN0011
IGMP-snooping profile name: igmp-snoop-11
IGMP-snooping: Enabled, Version: 3
IGMP-snooping proxy: Enabled, Version: 3
MAC aging time: 5 minutes
Number of interfaces: 28, Active: 22
VLAN membership:
GE0/0/2* Access Trusted Untagged
GE0/0/3* Access Trusted Untagged
GE0/0/4* Access Trusted Untagged
GE0/0/5* Access Trusted Untagged
GE0/0/6* Access Trusted Untagged
GE0/0/7* Access Trusted Untagged
(ArubaS2500-24P-US) (config) #show vlan-profile igmp-snooping-profile IGMP_SNOOP
igmp-snooping-profile "IGMP_SNOOP" (N/A)
----------------------------------------
Parameter Value
--------- -----
IGMP snooping Enabled
IGMPv3 snooping Enabled
IGMP snooping proxy Enabled
IGMPv3 snooping proxy Enabled
Enable fast leave Enabled
startup-query-count 5
startup-query-interval(secs) 6000
query-interval(secs) 6000
query-response-interval(secs) 5
last-member-query-count 2
last-member-query-interval(secs) 15
robustness-variable 2
(ArubaS2500-24P-US) #show vlan 1 extensive
Dot1q tag: 1, Description: VLAN0001
IGMP-snooping profile name: IGMP_SNOOP
IGMP-snooping: Enabled, Version: 2
IGMP-snooping proxy: Enabled, Version: 2
MSTP instance: 0
MAC aging time: 5 minutes
Number of interfaces: 25, Active: 7, Non-Blocking: 6
VLAN membership:
GE0/0/0* Access Trusted Untagged
GE0/0/1* Access Trusted Untagged
GE0/0/2* Access Trusted Untagged
GE0/0/3 Access Trusted Untagged
GE0/0/4* Access Trusted Untagged
GE0/0/5* Access Trusted Untagged
GE0/0/6* Access Trusted Untagged
GE0/0/7 Access Trusted Untagged
GE0/0/8 Access Trusted Untagged
GE0/0/9 Access Trusted Untagged
GE0/0/10 Access Trusted Untagged
GE0/0/11 Access Trusted Untagged
GE0/0/12 Access Trusted Untagged
GE0/0/13 Access Trusted Untagged
Lol.. I blundered my way through that.. I will say that not having IGMP on will propigate multicast to all ports and is wastefull.. In my case it seems that when I removed the profile it resulted in the same propigation you just saw.. how ever re-enableing igmp did not stop the multicast.. how ever I did not use the defualt profile and used these settingsBig Thanks pr1malr8ge. I was confused between applying an IGMP profile and an IGMP-Snooping profile. I re-enabled IGMP V2 by modifying the "default" igmp profile and applying it to Vlan1. I then removed the IGMP snooping profile with
(ArubaS2500-24P-US) (Vlan1) no igmp-snooping-profile. Airplay discovery is now propagating properly. I guess I don't quite understand what it means to have IGMP without IGMP Snooping, but it works and I'm happy. Thanks again.
igmp-snooping-profile "IGMP_SNOOP" (N/A)
----------------------------------------
Parameter Value
--------- -----
IGMP snooping Enabled
IGMPv3 snooping Enabled
IGMP snooping proxy Enabled
IGMPv3 snooping proxy Enabled
Enable fast leave Enabled
startup-query-count 5
startup-query-interval(secs) 6000
query-interval(secs) 6000
query-response-interval(secs) 5
last-member-query-count 2
last-member-query-interval(secs) 15
robustness-variable 2
Server listening on 5201
-----------------------------------------------------------
Accepted connection from 192.168.254.254, port 11302
[ 5] local 192.168.254.200 port 5201 connected to 192.168.254.254 port 34145
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 232 MBytes 1.95 Gbits/sec
[ 5] 1.00-2.00 sec 231 MBytes 1.94 Gbits/sec
[ 5] 2.00-3.00 sec 232 MBytes 1.94 Gbits/sec
[ 5] 3.00-4.00 sec 230 MBytes 1.93 Gbits/sec
[ 5] 4.00-5.00 sec 231 MBytes 1.94 Gbits/sec
[ 5] 5.00-6.00 sec 231 MBytes 1.94 Gbits/sec
[ 5] 6.00-7.00 sec 231 MBytes 1.94 Gbits/sec
[ 5] 7.00-8.00 sec 232 MBytes 1.95 Gbits/sec
[ 5] 8.00-9.00 sec 231 MBytes 1.94 Gbits/sec
[ 5] 9.00-10.00 sec 232 MBytes 1.94 Gbits/sec
[ 5] 10.00-10.00 sec 26.9 KBytes 2.20 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.00 sec 2.26 GBytes 1.94 Gbits/sec receiver
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
root@aeronas:~ # iperf3 -B 127.0.0.1 -c 127.0.0.1
Connecting to host 127.0.0.1, port 5201
[ 5] local 127.0.0.1 port 54516 connected to 127.0.0.1 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 2.98 GBytes 25.6 Gbits/sec 0 3.27 MBytes
[ 5] 1.00-2.00 sec 2.97 GBytes 25.5 Gbits/sec 0 3.27 MBytes
[ 5] 2.00-3.00 sec 2.96 GBytes 25.5 Gbits/sec 0 3.27 MBytes
[ 5] 3.00-4.00 sec 2.96 GBytes 25.4 Gbits/sec 0 3.27 MBytes
[ 5] 4.00-5.00 sec 2.95 GBytes 25.4 Gbits/sec 0 3.27 MBytes
[ 5] 5.00-6.00 sec 2.94 GBytes 25.2 Gbits/sec 0 3.27 MBytes
[ 5] 6.00-7.00 sec 2.96 GBytes 25.4 Gbits/sec 0 3.27 MBytes
[ 5] 7.00-8.00 sec 2.97 GBytes 25.5 Gbits/sec 0 3.27 MBytes
[ 5] 8.00-9.00 sec 2.96 GBytes 25.5 Gbits/sec 0 3.27 MBytes
[ 5] 9.00-10.00 sec 2.96 GBytes 25.4 Gbits/sec 0 3.27 MBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 29.6 GBytes 25.4 Gbits/sec 0 sender
[ 5] 0.00-10.00 sec 29.6 GBytes 25.4 Gbits/sec receiver
[2.5.2-RELEASE][admin@pfSense.localdomain]/root: iperf3 -B 127.0.0.1 -c 127.0.0.1
Connecting to host 127.0.0.1, port 5201
[ 5] local 127.0.0.1 port 56269 connected to 127.0.0.1 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 2.74 GBytes 23.6 Gbits/sec 0 2.00 MBytes
[ 5] 1.00-2.00 sec 2.71 GBytes 23.3 Gbits/sec 0 2.00 MBytes
[ 5] 2.00-3.00 sec 2.71 GBytes 23.3 Gbits/sec 0 2.00 MBytes
[ 5] 3.00-4.00 sec 2.65 GBytes 22.8 Gbits/sec 0 2.00 MBytes
[ 5] 4.00-5.00 sec 2.70 GBytes 23.2 Gbits/sec 0 2.00 MBytes
[ 5] 5.00-6.00 sec 2.70 GBytes 23.2 Gbits/sec 0 2.00 MBytes
[ 5] 6.00-7.00 sec 2.69 GBytes 23.1 Gbits/sec 0 2.00 MBytes
[ 5] 7.00-8.00 sec 2.69 GBytes 23.1 Gbits/sec 0 2.00 MBytes
[ 5] 8.00-9.00 sec 2.69 GBytes 23.1 Gbits/sec 0 2.00 MBytes
[ 5] 9.00-10.00 sec 2.69 GBytes 23.1 Gbits/sec 0 2.00 MBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 27.0 GBytes 23.2 Gbits/sec 0 sender
[ 5] 0.00-10.00 sec 27.0 GBytes 23.2 Gbits/sec receiver
iperf Done.