VLAN Profile

A single layer-2 network can be partitioned into multiple distinct and isolated broadcast domains so that packets can only pass between them through one or more routers. This domain is referred to as Virtual Local Area Networks, Virtual LAN, or VLAN.

Note:

  • To enable Layer 3 on a VLAN and maintain consistent L3 configuration across devices within a scope, create the VLAN profile with Enable L3 at the higher scope.

  • Define and assign VLAN IP aliases to the created VLAN profile. Aliases enable you to override only the IP address (instead of overriding the entire VLAN profile) and can be managed or updated using the bulk alias workflow.

  • At the device scope, override the alias with device-specific IPs or configurations as needed, and remove any existing device-level VLAN profile overrides.

  • If device has only an L2 VLAN during onboarding, remove L2 VLAN override and then create L2 and L3 VLANs together.

Creating a VLAN Profile

To create a VLAN profile, complete the following steps:

  1. In the HPE Aruba Networking Central landing page, click the configurationicon.
    The Profiles tab is displayed.

  2. In the left navigation menu, select one of the following options:

    • Library—This level is the default selection. If you create profiles in the Library, then you must assign scope and device functions to the profiles. For more information, see Assigning Scope to VLAN Profile.

    • Global—If you create profiles at the Global level, then the profiles have Global scope assigned by default.

    • Site Collections—If you create profiles at the Site Collections level, then the profiles have site collection scope assigned by default.

    • Sites—If you create profiles at the Site level, then the profiles have site scope assigned by default.

    • Devices—If you create profiles at the Device level, then the profiles have device scope assigned by default.

    • Device Groups—If you create profiles at the Device Group level, then the profiles have device group scope assigned by default.

    Note:

    • To create profiles at the Global level, select the device type from the Device Function drop-down list before step 4.
    • To create profiles at the Sites, Devices, and Device Group level, complete the following steps before step 4:
      1. Select Site Collection, Site, Device, or Device Group in the left navigation menu.
      2. Select a Site Collection, Site, Device, or Device Group from the list view depending on what level you are creating the profile.
      3. Select the device type from the Device Function drop-down list.

  3. On the VLANs & Networks card, click VLAN.

    Alternatively, you can complete the following steps:

    1. On the VLANs & Networks card, click Manage.

    2. On the VLAN card, click Manage.

    The VLAN list view is displayed.

  4. Click Create Profile.

    The Create Profile side panel is displayed.

  5. Configure the following VLAN profile parameters as described in Table 1.

    Table 1: VLAN Profile Parameters

    Parameter

    Description

    Create as a local profile

    Select this option if you want to configure this profile as local.

    The Create as a local profile option is available at the Global, Site Collections, Sites, Devices, and Device Groups levels; it is not available at the Library level.

    VLAN ID

    Enter the numeric VLAN ID.

    Name

    Enter the name for the VLAN.

    Note:

    This configuration is applicable only to switches.

    Description

    Enter the description for the VLAN profile.

    Description Alias

    Select this check box to assign a VLAN description alias. 

    • Alias—Select an alias from the Alias drop-down menu.

    Switch Specific Parameters

    Select the check box to enable the following switch parameters for the VLAN profile:

    • Enable VLAN—Select the check box to enable VLAN.

    • Policy—Select the policy that you want to apply for the inbound traffic or outbound traffic from the drop-down.

      • Inbound Network Policy—Select the policy or access list for inbound network for the VLAN profile.

      • Outbound Network Policy—Select the policy or access list for outbound network for the VLAN profile.

    • DHCP v4 Snooping—Select this check box to enable DHCPv4 snooping. This option is disabled by default. Clearing the check box, disables DHCPv4 snooping on the specified VLAN, flushing all the IP bindings learned for this VLAN since DHCPv4 snooping was enabled for this VLAN.

    • Enable ARP Inspection—Select this checkbox to enable ARP inspection.

    • DHCPv6 Snooping—Select this check box to enable DHCPv6 snooping. This option is disabled by default. Clearing the check box, disables DHCPv6 snooping on the specified VLAN, flushing all the IPv6 bindings learned for this VLAN since DHCPv6 snooping was enabled for this VLAN.

    • Voice—Enable the check box to support voice VLANs.

    IGMP Snooping

    Select the Enable IGMP Snooping checkbox to enable the IGMP snooping on the VLAN. Expand the Advanced accordion and configure the following parameters:

    • IGMP Version—Select the IGMP version. The available options are: None, Version 2, and Version 3.

    • Enable Strict Version Match—Select the checkbox to accept only IGMP packets that match the chosen version. Packets with a different version will be ignored.

    • Static Group—Specify the IGMP static multicast group IP address and click +.

    MLD Snooping

    Select the Enable MLD Snooping checkbox to enable the MLD snooping on the VLAN and configure the following parameters:

    • MLD Version—Select the MLD version. The available options are: None, Version 2, and Version 3.

    • Enable Strict Version Match—Select the checkbox to accept only MLD packets that match the chosen version. Packets with a different version will be ignored. This field is applicable only for AOS-S switch only.

    • Static Group—Specify the MLD static multicast group IP address and click +.

    Gateway Specific Parameters

    Select the check box to configure gateway specific parameters for the VLAN profile.

    • Authentication Profile—Select an authentication profile from the drop-down list.

    Layer 3

    Enable L3—Select this check box to configure the following L3 VLAN parameters:

    • Use IPv4 Alias—Select this check box and select a VLAN IPv4 address alias from the drop-down list. For more information about VLAN IPv4 Address, see Creating an Alias.

    • Use IPv6 Alias—Select this check box and select a VLAN IPv6 address alias from the drop-down list. For more information about VLAN IPv6 Address, see Creating an Alias.

    • IP Address Assignment—Select one of the following options:

      • Static—Select this option to manually configure a static IP address to the VLAN interface.
      • DHCP—Select this option to assign VLAN IPv4 address automatically from a DHCP server to the VLAN interface.
        Note:

        Ensure that DHCP is enabled on only one VLAN profile. Enabling DHCP on multiple VLAN profiles is not supported.

    • Relay to External—Select this check box to enable DHCP relay configuration. Relays the DHCP requests for the interface to the external DHCP servers configured in the DHCP Helper table. You need not configure this parameter if the VLAN interface is in the same sub-network as the DHCP server.

    • DHCPv4 Helper Address—Specify the DHCPv4 helper addresses of a remote DHCP server or DHCP relay agent. You can add up to 16 helper addresses. The DHCP relay agent forwards DHCP client requests to all configured servers.

      To add DHCPv4 helper addresses, click the add icon and configure the following parameters:

      • Helper address—Enter the helper IP address of the DHCP server in IPv4 format.
      • Use Custom VRF—Select this check box to configure a VRF. Helper address configured on a custom VRF is applicable only for AOS-CX switches
      • VRF—Select the VRF from the drop-down list. To add a new VRF, click New VRF Profile from the drop-down list.

    • IPv6 Unicast DHCP Helper—Enter the DHCPv6 unicast helper addresses of a remote DHCPv6 server or DHCPv6 relay agent. You can add up to eight helper addresses. The DHCPv6 relay agent forwards DHCP client requests to all configured servers.

    • IPv6 Multicast DHCP Helper—Enter the DHCPv6 multicast helper addresses of a remote DHCPv6 server or DHCPv6 relay agent. You can add up to eight helper addresses. The DHCPv6 relay agent forwards DHCP client requests to all configured servers.

      To add DHCPv6 multicast helper addresses, click the Add icon and configure the following parameters:

      • Helper address—Enter the helper IP address of the DHCP server in IPv6 format.
      • VLAN—Select the VLANs from the drop-down list. To add a new VLAN, click New VLAN from the drop-down list.
      • Interface—Select the interfaces from the drop-down list.
      • LAG—Select the LAGs from the drop-down list.

    • Egress for all multicast DHCP server—Select this check box to permit egress traffic for all multicast DHCP servers and configure the interfaces from the drop-down list.

    • Admin State—Select this check box to enable the admin state of the VLAN interface.

    • MTU—Enter the MTU (maximum transmission unit) for the interface. To support jumbo frames (frames larger than 1522 bytes), increase the MTU as required by your network. A frame size of up to 9198 bytes is supported.

      Note:

      Jumbo Frames is not supported on Gateway devices.

    • VRRP Router—Select a VRRP Router profile to be assigned from the drop-down list.

    • Switch Specific Parameters—Select this check box to configure switch parameters.

    • IGMP—Select the enable check box to enable IGMP and configure the following AOS-CX specific parameters:

      • IGMP Version—Select the IGMP version. The available options are: None, Version 2, and Version 3.
      • Enable IGMP Strict Version Match—Select the checkbox to accept only IGMPpackets that match the chosen version. Packets with a different version will be ignored.
      • IGMP Static Group—Specify the IGMP static multicast group IP address and click +.

      To configure advanced IGMP parameters, click the Advanced drop-down arrow, and configure the following:

      • Set ACL to Filter IGMP Packets—Select this check box to filter IGMP packets. If selected, select an access list from the Access List drop-down menu.
      • Enable Querier—Select this check box to enable the querier.
      • Querier Interval—Enter the querier interval.
      • Last Member Query Interval—Enter the last member querier interval.
      • Max Response Time—Enter the maximum response time.

    • MLD—Select the enable check box to enable MLD and configure the following MLD - AOS-CX Specific Parameters:

      • MLD Version—Select the MLD version. The available options are: None, Version 2, and Version 3.
      • Enable MLD Strict Version Match—Select the checkbox to accept only MLD packets that match the chosen version. Packets with a different version will be ignored. This field is applicable only for AOS-S switch only.
      • MLD Static Group—Specify the MLD static multicast group IP address and click +.

      To configure advanced MLD parameters, click the Advanced drop-down arrow, and configure the following:

      • Set ACL to Filter MLD Packets—Select this check box to filter MLD packets. If selected, select an access list from the Access List drop-down menu.
      • Enable Querier—Select this check box to enable the querier.
      • Querier Interval—Enter the querier interval.
      • Last Member Query Interval—Enter the last member querier interval.
      • Max Response Time—Enter the maximum response time.
    • PIM Mode—Select the PIM mode from the drop-down list under PIM or PIM6:
      • PIM Dense—Uses dense multicast routing.
      • PIM Sparse—Uses sparse multicast routing.
      • PIM BiDir—Uses bidirectional multicast routing. This mode is not applicable for PIM6.
      • None—Disables the PIM mode.

    • Enable PIM or Enable PIM6—Select the checkbox to enable the PIM routing.

    • Enable BFD—Select this checkbox to enable Bidirectional Forwarding Detection (BFD).

    • Enable mDNS—Select this checkbox to enable mDNS and configure the following parameters. This is applicable only to AOS-CX switches.
      • mDNS Profile—Select the AOS-CX mDNS profile from the drop-down list.
      • mDNS Service Discovery Profile—Select the mDNS service discovery from the drop-down list.
    • Advanced—Expand the Advanced accordion to configure the following parameters:
      • Hello Interval—Specify the frequency at which the router transmits PIM hello messages on the interface.
      • Override Interval—Specify the override interval that gets inserted into the Override Interval field of a LAN prune delay option.
      • Propagation Delay—Specify the propagation delay that gets inserted into the LAN prune delay field of a LAN Prune Delay option.
      • Enable LAN Prune Delay—Select the checkbox to enable LAN prune delay on the interface. With this enabled, the router informs downstream neighbors how long it will wait before pruning a flow after receiving a prune request.

    • VRF Profile—Select a profile from the drop-down list.

    • Detection Multiplier—Specify the BFD detection multiplier. Range: 1 to 5.

    • Minimum receive Interval—Specify the minimum time interval between transmitted BFD control packets on an interface in milliseconds.

    • Minimum Transmit Interval —Specify the minimum time interval between received BFD control packets on an interface in milliseconds.

    • Echo—Enable or Disable support for BFD echo packets using the check box. Echo packet support is enabled by default. With Echo enabled, an operating device periodically sends BFD echo packets. The peer device returns the received BFD echo packets back without processing them. If the sending device does not receive BFD echo packet from the peer within the specified interval, the session is considered down.

    • Gateway-Specific Parameters—Select this check box to configure gateway parameters.

      • Force Operational Status Up—Select this check box to enable the operational state of the VLAN ID. By default, this check box is disabled. Enabling this option keeps the state of the VLAN interface as up irrespective of the state of the physical interface.

      • Enable Routing—Enable this option to route traffic between the VLANs that are mapped to the IP sub-networks.

      • Broadcast Multicast Optimizations—Select this check box to enable controlled flooding of broadcast or multicast traffic without compromising the client connectivity.

      • Suppress ARP—Select this check box to prevent flooding of ARP broadcasts on all the untrusted interfaces. By default, this option is disabled.

      • Local Proxy ARP—Select this check box to activate the local proxy ARP feature on the interface.

      • Client Mode—Select the mode as one of the following options:

        • Host MAC

        • Gateway MAC

      • NAT Inside—Select this check box to perform NAT with the desired IP address of the VLAN interface as the source address.

      • NAT Outside—Select this check box to enable NAT only for the outbound traffic on public-facing egress VLAN interfaces. When this feature is enabled on an uplink VLAN interface, the source address is translated with the IP address of the VLAN interface to all the outbound traffic.

      • Adjust TCP MSS—Enter the value to configure the TCP maximum segment size. If you set the TCP MSS on an interface, the size of each TCP segment received or sent on the interface cannot exceed the MSS value.

    Note:

    HPE Aruba Networking Central does not support IPv6.
       

  6. Click Create to create the VLAN profile.

  7. To edit a VLAN profile, complete the following steps:

    1. Click anywhere on the row of the profile in the list view.

      The profile edit view is displayed in the side panel.

    2. Edit the required parameters.

    3. Click Update.

  8. To delete a VLAN profile, hover over the profile name, and click the delete icon.

    Note:

    • Ethernet Interfaces and Port Channel Interfaces must not include configurations that reference non-existent VLANs. Interfaces containing such references must be updated to remove the deleted VLANs.
    • If a configuration push fails with messages such as Ignoring the operation for non-configured VLAN(s) 40–49 or VLAN 40 not configured, it indicates that an interface or switchport alias still contains references to unconfigured VLANs and requires cleanup.

  9. To search for a profile, type the VLAN profile ID in the search bar.
    The search bar displays dynamic results as soon as you start typing.

The following image displays the Create Profile side panel of a VLAN profile.

Figure 1: Create VLAN Profile

Assigning Scope to VLAN Profile

For profiles created under Library, you must assign a scope and device function to be able to use its features and functionality.

To assign scope to a profile, complete the following steps:

  1. In the HPE Aruba Networking Central landing page, click the configurationicon.
    The Profiles tab is displayed.

  2. Ensure that the default option Library is selected in the left navigation menu.

  3. On the VLANs & Networks card, click VLAN.

    Alternatively, you can complete the following steps:

    1. On the VLANs & Networks card, click Manage.

    2. On the VLAN card, click Manage.

    The VLAN list view is displayed.

  4. Hover over the profile to which you want to assign a scope, and click the ellipsis icon.

  5. Select Assign.

    The Assign Profile side panel is displayed.

    Figure 2: Assign Profile Side Panel

  6. Select the device types from Device Function list.

  7. To add a scope, click the Add icon on the Scopes table.

  8. Select a scope from the following Scope Level options in the drop-down list.

    • Global—Selecting this option assigns the scope at the Global level.

    • Site Collections—Select the site collections from the Assign to Scope drop-down list.

    • Sites—Select the sites from the Assign to Scope drop-down list.

    • Devices—Select the devices from the Assign to Scope drop-down list.

    • Device Groups—Select the device groups from the Assign to Scope drop-down list.

  9. Click Add.

    The Scopes table displays the newly assigned scopes.

  10. Click Assign.

    The VLAN list displays the device functions and number of scopes assigned to the profile.

  11. To unassign a scope from a profile, complete the following steps:

    1. Hover over the profile name and click the ellipsis icon.

    2. Select Unassign.

      The Unassign pop-up window is displayed.

    3. Select the required scope and click Unassign.

    Figure 3: VLAN List Page

  12. To customize the VLAN profile list, click the Customize Columns icon . For more information, see Customizing List.