If the g12 connected to the uplink switch - you need a Layer 2 interface for the VLAN to act gateway, so you can make the switch as Layer 3 Switch create this VLAN and allow VLAN to Aruba, if Aruba already have VLANs ( Layer 3 for this VLAN) you need to configure relay on Aruba, so respected VLANs get IP address from DHCP Server

did Aruba has any of this VLAN and already getting IP address?

is this make sense?

Thanks,

the aruba and the sg350x are working out of the box, with no configuration or any VLAN.

I will try with a soho device (LANCOM or Sophos XG Firewall) at gi2 interface.
This device will present the DHCP Server, so i eliminate the other switches (aruba and 350) for testing.

I will disconnect company network with DHCP for this test. If this will work, i think i need more understanding of VLAN and other switches involved.

Thanks

Jürgen

sure that is the best approach once get  hands on understanding Layer3 with Layer 2 DHCP hand off, then you can make change as per the need.

let us know any further assitance required here .

Hi,

i have a new setup for my SG250-08

On GE2 i have a small AVM Fritzbox with IP 192.168.30.109 and a DHCP Range from 192.168.30.20 to 192.168.30.50.

I have 2 VLAN´s and i configured two IPv4 Management Interfaces for these two VLAN´s (1,30)

VLAN 1, Static with Management IP 192.168.0.10
VLAN 30, Static with Management IP 192.168.30.11

VLAN 1 is per default on GE1 
VLAN 30 has GE2 tagged, and GE6-7 Untagged

On GE2 is the trunk with the FritzBox attached.

I enabled and added DHCP Relay Server with 192.168.30.109

I still don´t get any IP on the Access Port GE6

Any idea

Hello

---

@Juergen.barth wrote:

he aruba and the sg350x are working out of the box, with no configuration or any VLAN.

 

 

i have a new setup for my SG250-08

On GE2 i have a small AVM Fritzbox with IP 192.168.30.109 and a DHCP Range from 192.168.30.20 to 192.168.30.50.

 

I have 2 VLAN´s and i configured two IPv4 Management Interfaces for these two VLAN´s (1,30)

VLAN 1, Static with Management IP 192.168.0.10
VLAN 30, Static with Management IP 192.168.30.11

 

VLAN 1 is per default on GE1 
VLAN 30 has GE2 tagged, and GE6-7 Untagged

On GE2 is the trunk with the FritzBox attached.

 

I enabled and added DHCP Relay Server with 192.168.30.109

I still don´t get any IP on the Access Port GE6

 

---

So your dhcp scope is servciing vlan 30 users if so then you need to create l2 vlan 30 on the SG230 and also on the aruba and allow those two vlans (1,30) to travsere the trunk between the Sg250 and the aruba switch unless that is you aruba is just going to serve vlan 30 users thenthe interconnect between SG250 and the aruba can be an access port.

Cisco
vlan 1, 30
exit

int vlan 1
ip address 192.168.0.10 255.255.255.0
ip dhcp relay enable

int vlan 30
ip address 192.168.30.11 255.255.255.0
ip dhcp relay enable

trunk interface
int x/x
switchport mode trunk
no shut

access-port
int x/x
switchport mode access
switchport access vlan 30

Aruba

trunk iinterface
trunk <int x/x> trk1
vlan 1
name xx
untagged trk1

vlan 30
name xx
tagged trk1

access port
vlan 30
name xxx
untagged <int x/x>

Thanks for you help,

i solved my problems so far, my DHCP was not able to provide more than 1 DHCP Scope.

Now i use a Windows 2019 with some VLAN's (1,20,30,40,50).

I configured the SG250-8 with IPv4 IP´s for all Scopes, activated DHCP Relay and added the IP for DHCP Server.

After settings the basic VLAN Parameters all is working now.

I started playing arroung with ACL's to deny inter vlan traffic and only allow with Servers on VLAN 1.
Looks fine now, next step will be some tests in a production environment with Firewall and Internet ...

Thanks for your help

Jürgen

config-file-header
switchdb055e
v2.5.7.85 / RCBS3.1_930_871_059
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end xxxxxx
!
!
unit-type-control-start
unit-type unit 1 network gi uplink none
unit-type-control-end
!
vlan database
vlan 20,30,40,50
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone
voice vlan oui-table add 00036b Cisco_phone
voice vlan oui-table add 00096e Avaya
voice vlan oui-table add 000fe2 H3C_Aolynk
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone
voice vlan oui-table add 00e075 Polycom/Veritel_phone
voice vlan oui-table add 00e0bb 3Com_phone
ip dhcp relay address 192.168.0.109
ip dhcp relay enable
bonjour interface range vlan 1
ip access-list extended "VLAN 20"
permit ip any 192.168.0.0 0.0.0.255 any any ace-priority 1
permit ip 192.168.0.0 0.0.0.255 any ace-priority 2
exit
hostname switchdb055e
username admin password encrypted xxxxxxxxxxxxxx privilege 15
ip ssh server
!
interface vlan 1
 name "VLAN 1"
 ip address 192.168.0.254 255.255.255.0
 no ip address dhcp
!
interface vlan 20
 name "VLAN 20"
 ip address 192.168.20.254 255.255.255.0
 ip dhcp relay enable
 service-acl input "VLAN 20" default-action permit-any
!
interface vlan 30
 name "VLAN 30"
 ip address 192.168.30.254 255.255.255.0
 ip dhcp relay enable
!
interface vlan 40
 name "VLAN 40"
 ip address 192.168.40.254 255.255.255.0
 ip dhcp relay enable
!
interface vlan 50
 name "VLAN 50"
 ip address 192.168.50.254 255.255.255.0
 ip dhcp relay enable
!
interface GigabitEthernet2
 switchport access vlan 20
 switchport general pvid 20
 switchport trunk native vlan 20
!
interface GigabitEthernet3
 switchport access vlan 30
 switchport general pvid 30
 switchport trunk native vlan 30
!
interface GigabitEthernet4
 switchport access vlan 40
 switchport general pvid 40
 switchport trunk native vlan 40
!
interface GigabitEthernet5
 switchport access vlan 50
 switchport general pvid 50
 switchport trunk native vlan 50
!
exit