What is a proper way to change management vlan? I checked the documentation and I was almost sure that my approach is correct.
What I plan to do:
> Have separate VLANS and restrict access to Aruba Instant On only to VLAN 15(new Management VLAN) - firewall will block unwanted traffic and switch will have admin console disabled for ports.
What I did:
1) I setup VLANs on pfSense connected it to Aruba. I was able to assign devices their specific vlans - I tested if device is receving correct IP from VLANs 1, 15 and some others so DHCP is working. I tested it it by having some ports untagged with different VLAN's.
2) I setup two trunk ports 23 and 24 to have all vlans included and tagged except VLAN 1(default management port) and VLAN 15(new management port). Those two VLANS I left untagged on those ports in case I would have to switch a port to get IP from VLAN 15.
3) I checked if I have DHCP enabled in Network Setup > Get Connected, and I changed Management VLAN to 15, I accepted that I might lose access to if VLANs are not configured properly.
And then I lost connection with GUI - all the communication between devices was still working, I had access to the internet, so I thought ok I need to change port from untagged VLAN 1 to untagged VLAN 15 to get new ip.
But everything died the moment I did that. All the ports started blinking in sync like the same action was taking place on all ports, I lost internet connection and I could not ping anything from any host. But when I switched back to port having Untagget VLAN 1 everything started working again except the GUI.
So I thought that I need to reboot the switch so changes can be updated, but management VLAN was restored to VLAN 1 and now I am confused.
Checking the logs I can only see that Aruba did not get any DHCP lease after the change.
Is there something that I might be missing?