I think that this will be a simple one.
I am attempting to set up an Aruba/HPE 5412R ZL2 Chassis switch. I have set up several VLANs on the switch and have got routing working between them. All of the VLANs have IP addresses assigned to them.
However, the addresses that I assign the VLANs can't be reached unless the VLAN has some tagged/untagged ports and something has been plugged into one of these ports. This suggests to me that the switch is selectively disabling the IP addresses until something is connected. For at least one of the VLANs, I'd prefer that the switch didn't do this because this IP address will be the one I designate as the management IP.
Other 5400 switches that I have on the network (which weren't configured by me) have VLAN addresses which aren't assigned to anything but can still be pinged so I think there must be an enable command somewhere, I just can't find it. Can anyone make any suggestions?
Switch config is as follows (still incomplete):
Running configuration:
; J9851A Configuration Editor; Created on release #KB.16.04.0009
; Ver #11:10.9b.7f.bf.bb.ff.7c.59.fc.7b.ff.ff.fc.ff.ff.3f.ef:90
hostname "HTGFS-CoreSw-HubRm-001"
module A type j9986a
module B type j9986a
module C type j9986a
module D type j9986a
module E type j9986a
module F type j9986a
module K type j9990a
module L type j9990a
console idle-timeout 2400
console idle-timeout serial-usb 2400
trunk K23-K24,L23-L24 trk1 lacp
mvrp enable
telnet-server listen data
web-management listen data
ip access-list extended "WirelessNetworks"
10 deny ip 172.24.0.0 0.0.255.255 10.0.0.0 0.255.255.255
20 deny ip 172.21.0.0 0.0.255.255 10.0.0.0 0.255.255.255
30 deny ip 172.22.0.0 0.0.255.255 10.0.0.0 0.255.255.255
40 deny ip 172.23.0.0 0.0.255.255 10.0.0.0 0.255.255.255
50 deny ip 172.25.0.0 0.0.255.255 10.0.0.0 0.255.255.255
60 deny ip 172.26.0.0 0.0.255.255 10.0.0.0 0.255.255.255
70 deny ip 172.27.0.0 0.0.255.255 10.0.0.0 0.255.255.255
80 deny ip 172.28.0.0 0.0.255.255 10.0.0.0 0.255.255.255
90 deny ip 172.29.0.0 0.0.255.255 10.0.0.0 0.255.255.255
100 deny ip 172.30.0.0 0.0.255.255 10.0.0.0 0.255.255.255
110 permit ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
exit
ip ssh listen data
ip route 0.0.0.0 0.0.0.0 192.168.1.150
ip route 172.16.0.0 255.255.0.0 192.168.1.1
ip route 192.168.1.0 255.255.255.0 192.168.1.1
ip router-id 10.0.0.2
ip routing
ip multicast-routing
snmp-server community "public" unrestricted
snmp-server listen data
oobm
disable
no ip address
exit
router ospf
area backbone
redistribute connected
enable
exit
router pim
enable
exit
vlan 1
name "DEFAULT_VLAN"
no untagged
A1-A24,B1-B24,C1-C24,D1-D24,E1-E24,F1-F24,K1-K14,K17-K20,L1-L14,L17-L19
untagged K15-K16,K21-K22,L15-L16,L20-L22,Trk1
no ip address
exit
vlan 56
name "***CCTV***"
untagged K17-K20,L17-L19
tagged L20,Trk1
no ip address
ip igmp
exit
vlan 100
name "WAN"
tagged L20,Trk1
ip address 10.0.0.2 255.255.255.0
ip address 192.168.1.20 255.255.240.0
ip igmp
ip ospf 10.0.0.2 area backbone
exit
vlan 140
name "Free School Data Range 1"
untagged A1-A24,C1-C24,E1-E24
ip address 10.2.140.1 255.255.254.0
ip helper-address 10.5.200.10
ip helper-address 10.5.200.11
ip igmp
exit
vlan 144
name "Free School Data Range 2"
untagged B1-B24,D1-D24,F1-F24
ip address 10.2.144.1 255.255.254.0
ip helper-address 10.5.200.10
ip helper-address 10.5.200.11
ip igmp
exit
vlan 200
name "Free School Server Range"
untagged K1,L1
ip address 10.2.200.1 255.255.255.0
ip helper-address 10.5.200.11
ip helper-address 10.5.200.10
ip igmp
exit
vlan 210
name "Free School Server Management"
untagged K2,L2
ip address 10.2.210.1 255.255.255.0
ip igmp
exit
vlan 212
name "Free School Network Management"
ip address 10.2.212.1 255.255.255.0
exit
vlan 214
name "Free School Wifi Management"
untagged K3-K14,L3-L14
ip address 10.2.214.1 255.255.255.0
ip helper-address 10.5.200.10
ip helper-address 10.5.200.11
exit
vlan 218
name "CCTV"
ip address 10.2.218.1 255.255.255.0
ip igmp
exit
vlan 220
name "Voice"
tagged A1-A24,B1-B24,C1-C24,D1-D24,E1-E24,F1-F24,K1-K20,L1-L19
ip address 10.2.220.1 255.255.255.0
ip helper-address 10.5.200.10
ip helper-address 10.5.200.11
ip igmp
voice
exit
vlan 222
name "Free School Guest Wifi"
tagged A1-A24,B1-B24,C1-C24,D1-D24,E1-E24,F1-F24,K1-K20,L1-L19
ip address 172.22.16.1 255.255.252.0
ip helper-address 10.5.200.10
ip helper-address 10.5.200.11
ip igmp
exit
vlan 224
name "Free School Trusted Wifi"
tagged A1-A24,B1-B24,C1-C24,D1-D24,E1-E24,F1-F24,K1-K20,L1-L19
ip address 10.2.224.1 255.255.240.0
ip helper-address 10.5.200.10
ip helper-address 10.5.200.11
ip igmp
exit
vlan 240
name "Free School BYOD Wifi"
tagged A1-A24,B1-B24,C1-C24,D1-D24,E1-E24,F1-F24,K1-K20,L1-L19
ip address 172.22.0.1 255.255.248.0
ip helper-address 10.5.200.11
ip helper-address 10.5.200.10
exit
spanning-tree
spanning-tree A1 admin-edge-port
spanning-tree A1 bpdu-protection
<same spanning tree config for the other ports>
spanning-tree Trk1 priority 4
spanning-tree bpdu-protection-timeout 300 priority 0
tftp server listen data
loop-protect A1-A24,B1-B24,C1-C24,D1-D24,E1-E24,F1-F24,K1-K20,L1-L19
loop-protect disable-timer 10
The VLAN interfaces that I can't ping are 212 and 218, either from the switch's management interface or from a computer attached to the network. 212 is likely never to have any ports (un)tagged.
Thanks
Best Answer
Some Cisco switches allow you to disable the auto state function on an SVI, which would give you what you want, but I’m not aware of an equivalent feature on Aruba/Procurve switches. An alternative would be to add the VLAN as a tagged VLAN for one of the ports you know will always be up.
Could I suggest as an alternative solution that you create a loopback interface and advertise that into OSPF and use that as the management IP? That would be a better management solution in my opinion and the IP would always be up.