Instant On - Wired

Expand all | Collapse all

Instant On 1930 Management / VLAN Questions

  • 1.  Instant On 1930 Management / VLAN Questions

    Posted 12-15-2020 06:17 PM
    I'm currently looking at purchasing several Instant On 1930 switches to replace some older Dell and HP switches.

    I had been looking at he HP 1920S series (we have a couple deployed), but it looks like those are basically end-of-life.  The closest, modern replacement I could find seems to be the Instant On 1930 series.
    Is this correct?

    We'd likely be using the switches in local mode, and not use the cloud features.  One of our requirements is to have multi-factor authentication enabled for management.  On our existing switches, we do this with ACLs to limit management to a single host, then protect that host with a multi-factor layer.

    On the HP 1920S line, you're able to configure a specific management VLAN, then assign a single port to be a member of that VLAN.  Then only that physical port can access the web GUI, for example.

    On the HP 1920 line, I believe any VLAN interface IP can be used as a management IP, so you were stuck using an ACL to restrict web management access to specific IPs, for example.  You can't segregate a single port as the only management port.


    Can anyone confirm whether the Aruba Instant On 1930 line would let me effectively designate a single physical port as the management port, preventing any other port from accessing the web management GUI?  Again, we'd be using local management, not cloud management.

    The configuration guide has a reference to a Management VLAN option similar to the 1920S documentation, but it's not as detailed as in the 1920S documentation.  From what I can tell, I should be able to leave VLAN 1 as-is, set the management VLAN to VLAN 1, then exclude all but one port from membership in VLAN 1.
    Am I correct?

    Would the port that's still on VLAN 1 also be able to be a member of other VLANs on the switch?

    Thanks

    ------------------------------
    BMS
    ------------------------------


  • 2.  RE: Instant On 1930 Management / VLAN Questions

    Posted 01-20-2021 11:49 AM
    We're in a similar situation with multiple HP 1920/S switches that are EOL, so we're trying to find a reasonable replacement.  Like you, we also found the 1930, based on spec comparison.

    After having dealt with two 1930s over the past couple weeks, my advice to you [and anyone else reading this]: run far and run fast! The GUI is fluffy and welcoming, when it works, but there is No shell access, so if the GUI is inconsistently reporting settings, good luck.  And VLANs..?  Bahahahhaha!  We have an incredibly simple setup, VLAN2 on the inside, default VLAN1 on the outside, with VLAN1 and VLAN2 sharing the uplink switchport.  Nope! Doesn't work.. traffic on the inside is fine, traffic on the outside is fine, traffic refuses to route thru the uplink port.  Obviously, we've contacted aruba support many many times; each tech confirms the config is correct and should be working. We've been waiting for them to get back to us, literally for two weeks. We've had to throw out our VLAN plans and just go with default VLAN and klunky firewall/ip range rules as a workaround.

    I'd suggest to stay away from the 1930, at least for another several firmware updates (years). aruba itself is rather questionable, imho, as well.  if only i could go back and warn myself.​

    ------------------------------
    frank fennell
    ------------------------------



  • 3.  RE: Instant On 1930 Management / VLAN Questions

    Posted 01-20-2021 12:21 PM
    Thanks for the reply. We've ordered 1 for testing, with plans to replace a dozen or so aging switches if it works out.
    We absolutely need basic VLAN functionality to work, so if we encounter issues we can't use these switches.

    I agree about support. It seems like HP (HPE) just gave up on networking and spun everything off into a brand focusing on image and not functionality. The fact that you have to go through a forum and blog to search for documentation and firmware is pretty absurd to me.  The fact that no one from Aruba responded to my query in over a month is pretty bad, too.

    As long as everything works I don't really care.  We don't do anything fancy with our switches and just need something reliable to replace HP's older products.

    ------------------------------
    BMS
    ------------------------------



  • 4.  RE: Instant On 1930 Management / VLAN Questions

    Posted 01-22-2021 09:53 AM
    EDIT: I'll leave what I wrote so people can see where I went wrong. The following commenter is completely correct, and I retract my regrettable comment. As I have posted elsewhere, the criticisms I have had of this switch so far were largely the result of my own errors: missing important links, not reading documentation, making assumptions about interfaces based on other switch lines, and so forth. I maintain that the GUI could use a little improvement, and that I'd like to see a "allow-unsupported" option on the optics, but as for the rest, it's a good switch that has worked fine since I installed it, and will work better as I become more familiar with the interface.



    "As long as everything works."

    Glad to see you are getting a test switch. These are unsupported units--all there is is a forum. The first time it breaks will cost thousands of dollars in downtime. It's not a small-business switch, or even a SOHO switch. It's a home switch, at best, and not really even suited for that.-------------------------------------------


  • 5.  RE: Instant On 1930 Management / VLAN Questions

    Posted 01-26-2021 11:01 PM
    > These are unsupported units--all there is is a forum.

    I mean, you can criticize the quality of such offerings, but making false statements that are easily refuted by reading their product page doesn't seem terribly helpful.

    Support:
    Contact Support

    Warranty:
    Warranty and Support FAQ




    ------------------------------
    F L
    ------------------------------



  • 6.  RE: Instant On 1930 Management / VLAN Questions

    Posted 02-01-2021 12:14 PM
    Well, you're right, there is a phone number for support. And it really is right there, in the upper right-hand corner, under the support drop-down. I leapt to a conclusion from what I read elsewhere, and from the amateurish aspect of blog-based firmware sourcing. For that I apologize. I will attempt to go back and retract or edit my post.


  • 7.  RE: Instant On 1930 Management / VLAN Questions

    Posted 02-01-2021 11:27 AM
    Aruba Instant On 1930 Switch Series Management and Configuration Guide.  wired network name and a default management VLAN ID is set during this process. At a later point in  scenarios for Outdoor APs help mitigate these problems.


    ------------------------------
    Jane Jane
    ------------------------------