Hi all. I have Aruba 2930M switches here, all configured and working just fine. I have a couple of CISCO SG350 switches that have come along to spoil the party!<\/p>\n

Advertisement

Close

Basically, I need to run a couple of CISCO switches in situ with our HPE Aruba kit for now. It should be easy peasy, but why is it causing me so much headache! The reason is simple, and it’s my complete lack of experience with CISCO switches in terms of config around VLANs specifically. I have never been a networking guy I should add, I just get by. But most networking people know one or the other mostly, but enough of either to get by. On that note, can anybody solve this ‘simple’ one please?<\/p>\n

Advertisement

Close

On the Aruba kit, the config is basically something like…<\/p>\n

NOTE<\/strong> Trk1, Trk2 are ‘uplinks’. 1/1-1/4 are CCTV cameras. 1/45-1/48 are Wifi APs.<\/p>\n

vlan 1
\nname “Data”
\nno untagged 1/1-1/4,1/45-1/48
\nuntagged Trk1-Trk2<\/p>\n

vlan 50
\nname “WIFI Access Points”
\nuntagged 1/45-1/48
\ntagged Trk1-Trk2<\/p>\n

vlan 51
\nname “Staff WiFi”
\ntagged 1/45-1/48,Trk1-Trk2<\/p>\n

vlan 52
\nname “Guest WiFi”
\ntagged 1/45-1/48,Trk1-Trk2<\/p>\n

vlan 53
\nname “CCTV”
\nuntagged 1/1-1/4
\ntagged Trk1-Trk2<\/p>\n

All fine. Easy. On CISCO kit, I cannot get it to work at all. I have the following config on the CISCO kit, I am doing something really silly I’m sure…<\/p>\n

NOTE<\/strong> GigabitEthernet1 is an ‘uplink’. GigabitEthernet2 is a WiFi AP. I have not bothered with a CCTV camera yet!<\/p>\n

vlan database
\nvlan 50-53
\nexit
\n!
\ninterface vlan 1
\nip address xxxxxx
\n!
\ninterface vlan 50
\nname “Wifi Access Points”
\n!
\ninterface vlan 51
\nname “Staff WiFi”
\n!
\ninterface vlan 52
\nname “Guest WiFi”
\n!
\ninterface vlan 53
\nname CCTV
\n!
\ninterface GigabitEthernet1
\nspanning-tree portfast
\nswitchport mode trunk
\nswitchport general allowed vlan add 50-53 tagged
\nswitchport general allowed vlan add 1 untagged
\nswitchport access vlan 53
\nswitchport trunk allowed vlan 1,50-53
\n!
\ninterface GigabitEthernet2
\nswitchport mode trunk
\nswitchport general allowed vlan add 51-52 tagged
\nswitchport general allowed vlan add 50 untagged
\nswitchport general forbidden vlan add 1,53
\nswitchport trunk allowed vlan 50-52
\n!<\/p>\n

The AP does not get an IP address (VLAN 50), so there’s no hope of even getting onto dishing out Staff or Guest wifi.<\/p>\n

Thanks in advance anybody!<\/p>","upvoteCount":5,"answerCount":11,"datePublished":"2025-07-09T14:56:27.283Z","author":{"@type":"Person","name":"alanfromit","url":"https://community.spiceworks.com/u/alanfromit"},"acceptedAnswer":{"@type":"Answer","text":"

First things first - what is the topology?
\nWhat are the cisco devices connecting to? are they uplinking to an existing core switch like the Aruba devices appear to?<\/p>\n

Must dos:
\nensure device that cisco are uplinking to are running compatible spanning tree to the cisco and be set as root bridge.
\nOn the Cisco uplink both ends must use same vlan set and the same untagged vlan.<\/p>\n

good ideas:
\nOn the cisco - disable smart ports<\/p>\n

Useful knowledge - the Cisco SG350 is a small business range switch and it’s CLI configuration and behaviour is not exactly the same as a ‘standard’ cisco enterprise switch. e..g a quick google on cisco config may misslead you as an enterprise cisco switch has worked in the same way for 30+ years but these differ.
\nCisco terminology - native = untagged. port type should be ‘trunk’. General is a port type that allows both trunk and access it is equivalent on ‘hybrid’ in other makes.<\/p>\n

You do not need interfaces for vlans that do not have an ip address and will not route.
\nso on the cisco only vlan 1 should have an interface and IP address (if vlan 1 is used to manage them).<\/p>\n

SG350 config`uplink needs vlan 1 untagged and vlan 50-53 tagged\nWifi AP needs vlan 50 untagged and vlan 51,52 tagged\n\n\ninterface vlan 1\nip address xxxxxx\n!\nvlan 50\nname “Wifi Access Points”\n!\nvlan 51\nname “Staff WiFi”\n!\nvlan 52\nname “Guest WiFi”\n!\nvlan 53\nname CCTV\n!\ninterface GigabitEthernet1\ndescription Uplink to xxx\nno spanning-tree portfast\nswitchport mode trunk\nswitchport trunk allowed vlan 1,50-53\nswitchport trunk native vlan 1\n!\ninterface GigabitEthernet2\ndescription Wifi AP port\nswitchport mode trunk\nswitchport trunk allowed vlan 50-52\nswitchport trunk native vlan 1 ( note edited to correct a typo in orignal)\n!\n<\/code><\/pre>\n
To check your vlans are working correctly (with ports 1 and 2 up) use the command:
\nshow spanning tree
\nit should list vlan 1,50,51,52 active on uplink and wifi port. It should show that gig1 uplink is the path to root and that gig2 is forwarding.
\nshow mac address vlan 50 should show the AP mac address in this vlan.<\/p>","upvoteCount":1,"datePublished":"2025-07-10T11:35:59.948Z","url":"https://community.spiceworks.com/t/aruba-aos-config-to-cisco-config/1222437/7","author":{"@type":"Person","name":"matt7863","url":"https://community.spiceworks.com/u/matt7863"}},"suggestedAnswer":[{"@type":"Answer","text":"
Hi all. I have Aruba 2930M switches here, all configured and working just fine. I have a couple of CISCO SG350 switches that have come along to spoil the party!<\/p>\n
Basically, I need to run a couple of CISCO switches in situ with our HPE Aruba kit for now. It should be easy peasy, but why is it causing me so much headache! The reason is simple, and it’s my complete lack of experience with CISCO switches in terms of config around VLANs specifically. I have never been a networking guy I should add, I just get by. But most networking people know one or the other mostly, but enough of either to get by. On that note, can anybody solve this ‘simple’ one please?<\/p>\n
On the Aruba kit, the config is basically something like…<\/p>\n
NOTE<\/strong> Trk1, Trk2 are ‘uplinks’. 1/1-1/4 are CCTV cameras. 1/45-1/48 are Wifi APs.<\/p>\n
vlan 1
\nname “Data”
\nno untagged 1/1-1/4,1/45-1/48
\nuntagged Trk1-Trk2<\/p>\n
vlan 50
\nname “WIFI Access Points”
\nuntagged 1/45-1/48
\ntagged Trk1-Trk2<\/p>\n
vlan 51
\nname “Staff WiFi”
\ntagged 1/45-1/48,Trk1-Trk2<\/p>\n
vlan 52
\nname “Guest WiFi”
\ntagged 1/45-1/48,Trk1-Trk2<\/p>\n
vlan 53
\nname “CCTV”
\nuntagged 1/1-1/4
\ntagged Trk1-Trk2<\/p>\n
All fine. Easy. On CISCO kit, I cannot get it to work at all. I have the following config on the CISCO kit, I am doing something really silly I’m sure…<\/p>\n
NOTE<\/strong> GigabitEthernet1 is an ‘uplink’. GigabitEthernet2 is a WiFi AP. I have not bothered with a CCTV camera yet!<\/p>\n
vlan database
\nvlan 50-53
\nexit
\n!
\ninterface vlan 1
\nip address xxxxxx
\n!
\ninterface vlan 50
\nname “Wifi Access Points”
\n!
\ninterface vlan 51
\nname “Staff WiFi”
\n!
\ninterface vlan 52
\nname “Guest WiFi”
\n!
\ninterface vlan 53
\nname CCTV
\n!
\ninterface GigabitEthernet1
\nspanning-tree portfast
\nswitchport mode trunk
\nswitchport general allowed vlan add 50-53 tagged
\nswitchport general allowed vlan add 1 untagged
\nswitchport access vlan 53
\nswitchport trunk allowed vlan 1,50-53
\n!
\ninterface GigabitEthernet2
\nswitchport mode trunk
\nswitchport general allowed vlan add 51-52 tagged
\nswitchport general allowed vlan add 50 untagged
\nswitchport general forbidden vlan add 1,53
\nswitchport trunk allowed vlan 50-52
\n!<\/p>\n
The AP does not get an IP address (VLAN 50), so there’s no hope of even getting onto dishing out Staff or Guest wifi.<\/p>\n
Thanks in advance anybody!<\/p>","upvoteCount":5,"datePublished":"2025-07-09T14:56:27.456Z","url":"https://community.spiceworks.com/t/aruba-aos-config-to-cisco-config/1222437/1","author":{"@type":"Person","name":"alanfromit","url":"https://community.spiceworks.com/u/alanfromit"}},{"@type":"Answer","text":"
Main thing is not mixing general and trunk modes on the Cisco like you’ve done. Just set the uplink as a trunk with VLAN 1 native, and the AP port as access on VLAN 50. That should sort it<\/p>\n
something like the below might help for the uplink port<\/p>\n
interface GigabitEthernet1
\nswitchport mode trunk
\nswitchport trunk native vlan 1
\nswitchport trunk allowed vlan 1,50,51,52,53
\nspanning-tree portfast trunk<\/p>\n
then for wifi wap port<\/p>\n
interface GigabitEthernet2
\nswitchport mode access
\nswitchport access vlan 50
\nspanning-tree portfast<\/p>\n
if im wrong or missed anything let me know <\/p>","upvoteCount":3,"datePublished":"2025-07-09T15:15:02.460Z","url":"https://community.spiceworks.com/t/aruba-aos-config-to-cisco-config/1222437/2","author":{"@type":"Person","name":"spiceuser-62ai","url":"https://community.spiceworks.com/u/spiceuser-62ai"}},{"@type":"Answer","text":"
The AP is still going to need to be able to get to the VLANs for the corp and guest WiFi networks. It has to be a trunk (Cisco trunk) to the AP.<\/p>\n
int gi 1/0/1
\nswitchport mode trunk
\nswitchport trunk native vlan 1
\nswitchport trunk allowed vlan 1,50-53
\nspanning-tree portfast<\/p>\n
int gi 1/0/2
\nswitchport mode trunk
\nswitchport trunk native vlan 50
\nswitchport trunk allowed vlan 50-52
\nspanning-tree portfast<\/p>\n
I think your issue derives from mixing switchport mode trunk<\/strong> and switchport general<\/strong> commands.
\nWhen in doubt, assign a VLAN interface and start pinging to see if it communicates upstream<\/p>","upvoteCount":1,"datePublished":"2025-07-09T20:15:45.935Z","url":"https://community.spiceworks.com/t/aruba-aos-config-to-cisco-config/1222437/3","author":{"@type":"Person","name":"phildrew","url":"https://community.spiceworks.com/u/phildrew"}},{"@type":"Answer","text":"
Thanks all, I will give this a go, makes sense to not mix trunk and general, but honestly I tried and failed a good few times doing it manually from documentation, so moved to the web GUI - I think that mix of commands is what the GUI spat out. Or maybe a bit of both. Thanks for the responses, I will give it a bash as above later.<\/p>","upvoteCount":1,"datePublished":"2025-07-10T06:38:58.613Z","url":"https://community.spiceworks.com/t/aruba-aos-config-to-cisco-config/1222437/4","author":{"@type":"Person","name":"alanfromit","url":"https://community.spiceworks.com/u/alanfromit"}},{"@type":"Answer","text":"
Also, with your example config, there’s no TAGGED and UNTAGGED - is that right then with CISCO trunks?<\/p>","upvoteCount":1,"datePublished":"2025-07-10T07:03:09.352Z","url":"https://community.spiceworks.com/t/aruba-aos-config-to-cisco-config/1222437/5","author":{"@type":"Person","name":"alanfromit","url":"https://community.spiceworks.com/u/alanfromit"}},{"@type":"Answer","text":"
Another hour on this and still no luck. I tried a combination of things, the exact config above does not issue a DHCP to the AP’s, and then when I tried using switchport mode general with tagged and untagged ports, to try and mirror the Aruba config, still no DHCP to the AP’s. I should point out that the network VLAN 50 is not tagging any packets. It’s an interface on our FW that’s running a DHCP server.<\/p>","upvoteCount":1,"datePublished":"2025-07-10T08:38:15.339Z","url":"https://community.spiceworks.com/t/aruba-aos-config-to-cisco-config/1222437/6","author":{"@type":"Person","name":"alanfromit","url":"https://community.spiceworks.com/u/alanfromit"}},{"@type":"Answer","text":"
Many thanks, will try this out.
\nswitchport trunk native vlan 50-52 <— That’s a typo, right?<\/p>","upvoteCount":1,"datePublished":"2025-07-10T12:47:06.899Z","url":"https://community.spiceworks.com/t/aruba-aos-config-to-cisco-config/1222437/8","author":{"@type":"Person","name":"alanfromit","url":"https://community.spiceworks.com/u/alanfromit"}},{"@type":"Answer","text":"
@matt7863<\/a> thank you, that was just the thing I needed, simple syntax explanation, which to be fair I think I’d already read but clearly not well enough! It’s all good now - thanks again, cheques in the post!<\/p>","upvoteCount":1,"datePublished":"2025-07-10T13:02:12.421Z","url":"https://community.spiceworks.com/t/aruba-aos-config-to-cisco-config/1222437/9","author":{"@type":"Person","name":"alanfromit","url":"https://community.spiceworks.com/u/alanfromit"}},{"@type":"Answer","text":"