Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
173
Views
0
Helpful
4
Replies

Converting from Aruba switch to Cisco

chris-gavorcik
Level 1
Level 1

‎06-05-2025 05:19 AM

I hope this is easy questions.

I am converting a switch from an old Aruba Switch to a Cisco 9300.. Aruba configs are pretty straight forward with Tagged(trunk) and Untagged(access port) interfaces. But on this switch, I see a vlan that is tagged and also has untagged vlans on it. config from Aruba is Below. VLAN 2 is tagged on ports 1-14.. Then some of those same ports are untagged for vlan 601.. In Cisco cli how do I do this. I know voice does this by using the "switchport voice" but not sure how to interpret this otherwise. 

vlan 2
name "WIFI"
tagged 1-14,Trk1
no ip address
exit

!

vlan 601
name "VLAN 601 Business Operation"
untagged 1,3,5,7-14
tagged Trk1
no ip address
exit

Labels:
0 Helpful
4 Replies 4

Richard Burts
Hall of Fame
Hall of Fame

‎06-05-2025 06:10 AM

For the Aruba what is Trk1? Would I be correct in assuming that it is a trunk? What else is in the Aruba config using Trk1?

HTH

Rick
0 Helpful

chris-gavorcik
Level 1
Level 1
In response to Richard Burts

‎06-05-2025 06:31 AM

Trk1 is like a port Channel.. See below complete config from Aruba

 

Running configuration:

module 1 type jl693a
trunk 15-16 trk1 trunk
ip default-gateway 10.171.3.1
interface 11
name "Paint Shop Access Point"
exit
vlan 1
name "DEFAULT_VLAN"
no untagged 1-14,Trk1
no ip address
ipv6 enable
ipv6 address dhcp full
exit
vlan 2
name "WIFI"
tagged 1-14,Trk1
no ip address
exit
vlan 10
name "Servers-Delete-cameras"
untagged 4
tagged 6,Trk1
no ip address
forbid 1-3,5,7-14
exit
vlan 13
name "VLAN13"
no ip address
exit
vlan 600
name "VLAN 600 Engineering"
tagged Trk1
no ip address
exit
vlan 601
name "VLAN 601 Business Operation"
untagged 1,3,5,7-14
tagged Trk1
no ip address
exit
vlan 602
name "VLAN 602 Teammate Wifi"
tagged Trk1
no ip address
exit
vlan 603
name "VLAN 603 Engineering Wifi"
tagged Trk1
no ip address
exit
vlan 604
name "VLAN 604 Frasca Wifi"
tagged Trk1
no ip address
exit
vlan 667
name "VLAN 667 Mobile"
tagged Trk1
no ip address
exit
vlan 2216
name "VLAN 2216 Management"
tagged Trk1
ip address 10.171.3.5 255.255.255.0
exit
vlan 2219
name "VLAN 2219 Door Badging"
untagged 2,6
tagged Trk1
no ip address
exit
spanning-tree
spanning-tree Trk1 priority 4
password manager

0 Helpful

Jens Albrecht
Level 3
Level 3

‎06-05-2025 07:11 AM

Hello @chris-gavorcik ,

first of all, a few general statements:

Whenever you want to send tagged traffic on a port, then this port should be configured as a trunk port on a Cisco switch (the voice vlan you mentioned being one exception to this rule but you appear not to use IP phones on this switch).

By default, Vlan 1 is the untagged Vlan which Cisco calls the native Vlan. Whenever you want a different vlan as untagged on a port you need to change the native vlan.

By default all vlans are allowed on a Cisco trunk. So as soon as you configure a port as a trunk, then all Vlans that are enabled on this switch are allowed to run over this port.

If you want to restrict certain vlans from using a trunk port, then you need to configure allowed-vlan lists. As soon as you use allowed-vlan lists the logic is reversed, meaning only those vlans that you explicitly allow can use this trunk port. It is important to note that you also have to allow the native vlan in this list if you want it to run over this link.

You can use interface range commands to configure multiple ports with a single command to make life a bit easier.

As a starting point let's look at the vlans of your original post, i.e. vlans 2 and 601:

vlan 2
  name WIFI
vlan 601
  name VLAN 601 Business Operation
!
interface range gi1/0/1 - 14
  switchport mode trunk
interface range gi1/0/1, gi1/0/3, gi1/0/5, gi1/0/7 - 14
  switchport trunk native vlan 601

Now just one example for an allowed-vlan list.
If I want to only allow the vlans 2 and 601 on port gi1/0/1, it looks like this:

interface gi1/0/1
  switchport trunk allowed vlan 2,601

Verification of trunks and allowed-vlan lists can be done with the "show interface trunk" command.

If you have further questions or need some help to configure the EtherChannel or other features just let us know.

HTH!

0 Helpful

pieterh
VIP
VIP

‎06-05-2025 07:37 AM - edited ‎06-05-2025 07:38 AM

I cannot see use for a tagged wifi-vlan on the same ports as your "Business Operation" and suggest this is not actually used on your current configuration. It may just be the result of the precessing "no untagged 1 - 14" command for vlan 1.
the ports are deconfigured for the the default vlan, so are automatically configured for the next available vlan.

So i think the configuration as normal Cisco access port is sufficient for your needs,

>>>
vlan 601
name "VLAN 601 Business Operation"
untagged 1,3,5,7-14
<<<
would translate into ( "range" is used to configure multiple interfaces in a single command)
interface range gigabitethernet1/0/1,3,5,7-14               <--- mind use correct interface name for your model
switchport mode access
switchport access vlan 601
end

=================================

>>>
vlan 2
name "WIFI"
tagged 1-14,Trk1
<<<
would not be possible on the Cisco switch on the same ports unless you configure configure it as a voice vlan and allways trust the vlan tag (not only for voice-devices detected using CDP or LLDP)

alternatively you configure these switchport as vlan-trunk (not port-trunk/etherchannel)
interface <...>
switchport mode trunk
switchport trunk vlan allowed 2, 601
switchport trunk native vlan 601
end
-> this port config processes untagged packets for vlan 601 and tagged packts for vlan2

 

0 Helpful
Customers Also Viewed These Support Documents