I have the following setup to work on:
The 2930 is the core/distribution layer while the other switches make up the access layer. The aruba contains all the vlans, and the access switches only have the LAN and the Management vlan on them
I've got all my vlans correctly setup, STP is also working to prevent loops and I can reach everything from anything on the network, however i'm still not satisfied 100% with it, despite it being working. There are 2 major points that I'm really not happy with:
1- That Etherchannel(or trunk for HP people) has been selected by STP as a secondary path to the root bridge (the aruba, i manually set it up to be the root with a priority 0) and thus that link is disabled. I'm not even sure if Etherchannel is a good idea on access switches but my supervisors insist on having it...I tried changing port costs, priority etc and still nothing changed
2-I configured the Aruba to be only accessible through the management vlan using `ip authroized-managers` command, however I can not do the same on the 1920S access switches. They are set to be managed through the management vlan only, but i can still reach them through the LAN. I've tried ACLs, but I didn't know where i should apply them exactly, and when i did they prevented all traffic from reaching the switches, even though i only defined the ACLs to block connections on ports 80/443 to the 1920S from the LAN
Please note that the 1920S DON'T HAVE A CLI MODE, webgui is the only way to manage those switches, hell they don't have a console port...I'd appreciate any advice the wise people of /r/networking can offer
Edit:Typos
No comments:
Post a Comment