Configuring Other Parameters for VLAN

Complete the following tasks to configure the VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. parameters:

1. To configure Gateway group or Gateway, complete either one of these steps:

• To select a gateway group:

  1. In the Aruba Central app, set the filter to a group that contains at least one Branch Gateway.

     The dashboard context for a group is displayed.
     

  2. Under Manage, click Devices > Gateways.

     A list of gateways is displayed in the List view.

  3. Click Config.

     The configuration page is displayed for the selected group.

• To select a gateway:

  1. In the Aruba Central app, set the filter to Global or a group that contains at least one Branch Gateway.

  2. Under Manage, click Devices > Gateways.

     A list of gateways is displayed in the List view.
     

  3. Click a gateway under Device Name.

     The dashboard context for the gateway is displayed.

  4. Under Manage, click Device.

     The gateway device configuration page is displayed.

2. If you are in the Basic Mode, click Advanced Mode to access the advanced configuration options.

3. Click Interface > VLANs.

4. To configure the parameters for a VLAN ID, select the required VLAN from the VLANs table. The VLAN IDs table is displayed.

5. From the VLAN IDs table, select a VLAN that you want to configure. The VLAN details are displayed in the following tabs:

   • IPv4

   • Port Members

   • Other Options

6. In the the IPv4 tab, configure the following parameters based on your network requirements:

   Table 1: VLAN IPv4 Tab Parameters

   Parameter	Description
   Enable routing	Enable this option to route traffic between the VLANs that are mapped to the IP sub-networks.
   IP assignment	Select one of the following IP assignment types for the Aruba Gateways to select the system IP address: Static—Specify an IP address in the IPv4 address field.   NOTE: From AOS 10.5.0.0. version, /31 subnet Subnet is the logical division of an IP network. addresses are supported in the VLAN static IP configuration. You can also optionally enable the following DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network.  settings: Act as DHCP server—Enables the device to act as a DHCP server with the specified Network, Netmask, Pool name, Default router, DNS servers, and Netbios name server configurations. Relay to external—Relays the DHCP requests for the interface to the external DHCP servers configured in the DHCP helpers table. You need not configure this parameter if the VLAN interface is in the same subnetwork as that of the DHCP server. DHCP—Specify the Client ID for the DHCP client. PPPoE—Configure the PPPoE Point-to-Point Protocol over Ethernet. PPPoE is a method of connecting to the Internet, typically used with DSL services, where the client connects to the DSL modem. server credentials in the Service name, User name, Password, and Retype password fields. To configure CHAP Challenge-Handshake Authentication Protocol. CHAP is a challenge and response authentication method used to verify the identity of a remote user. secret, enable Configure CHAP Secret and enter CHAP secret key. Based on the request from the PPPoE server, either the PAP Password Authentication Protocol. PAP validates users by password. PAP does not encrypt passwords for transmission and is thus considered insecure. or the CHAP credentials are used for authentication. When you enable CHAP authentication on VLAN  interface, the interface and its peer use the CHAP secret key for mutual authentication. Dynamic DHCP Pool—Select a DHCP pool from the Dynamic DHCP pool drop-down list. You can also optionally enable the Relay to external setting to relay the DHCP requests for the interface to the external DHCP servers. You can add the DHCP server IP addresses in the DHCP helpers table. You need not configure this parameter if the VLAN interface is in the same subnetwork as that of the DHCP server. Gateway Pool—Select the required gateway pool from the VLAN pool drop-down list. Dynamic DHCP Pool and Gateway Pool options are applicable only for group level configurations and not for device level configuration.
   MTU	Provide the MTU Maximum Transmission Unit. MTU is the largest size packet or frame specified in octets (eight-bit bytes) that can be sent in networks such as the Internet. setting for the VLAN. The allowed range is 1280-1500. The default value is 1500.
   Suppress ARP	Select this option to prevent flooding of ARP Address Resolution Protocol. ARP is used for mapping IP network address to the hardware MAC address of a device.  broadcasts on all the untrusted interfaces. By default, this is disabled. This option is not applicable if you selected DHCP or PPPoE as the IP assignment option.
   Force Operational status UP	Select this option to enable the operational state of the VLAN ID. By default, this is disabled. Enabling this option keeps the state of the VLAN interface as up irrespective of the state of the physical interface.
   NAT inside	Select this option to perform NAT Network Address Translation. NAT is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. with the desired IP address of the VLAN interface as the source address.
   NAT outside	Select this option to enable NAT only for the outbound traffic on public-facing egress VLAN interfaces. When this feature is enabled on an uplink VLAN interface, the source address is translated with the IP address of the VLAN interface to all the outbound traffic. Ensure that the NAT pool is configured for source NAT Source NAT changes the source address of the packets passing through the router. Source NAT is typically used when an internal (private) host initiates a session to an external (public) host. IP allocation. For more information see, Configuring NAT Pools.
   Admin state	Select this option to enable the admin state of the VLAN interface.

7. Click Save Settings.

8. To add or modify the port members associated to a VLAN ID, complete the following tasks:

   1. Select the Port Members tab.

   2. Click Edit.

      The Available/Selected Ports window is displayed.

   3. Select the required ports from the list of available ports and click OK.

   4. Click Save Settings.

9. Select the Other Options tab and configure the following parameters:

   Table 2: VLAN IPv4 Tab Parameters

   Parameter	Description
   Description	A text string to describe the VLAN interface.
   Local-proxy ARP	Select this option to activate the local proxy ARP feature on the interface. NOTE: From ArubaOS 8.7.0.0-2.3.0.0 release version onwards, Aruba SD-Branch gateways, with proxy-ARP enabled, can now be configured to either respond to ARP requests with their own MAC Media Access Control. A MAC address is a unique identifier assigned to network interfaces for communications on a network. address or the MAC address of any client in the user table.
   Broadcast multicast optimisation	Select this option to enable controlled flooding of broadcast or multicast traffic without compromising the client connectivity.
   Bandwidth contract	Select the bandwidth contract policy to be applied to the VLAN interface. The selected contract policy limits both broadcast and multicast traffic on the interface.
   Enable OSPF	Select this to enable OSPF Open Shortest Path First. OSPF is a link-state routing protocol for IP networks. It uses a link-state routing algorithm and falls into the group of interior routing protocols that operates within a single Autonomous System (AS). protocol on the interface and configure the following OSPF parameters: Area network (eg. 0.0.0.0) Authentication Password Retype password Cost [1-65535] Dead interval [1-65535] Hello interval [1-65535] Priority [0-255] Retransmit interval [1-65535] Transmit delay [1-65535]
   AAA profile	Select a AAA Authentication, Authorization, and Accounting. AAA is a security framework to authenticate users, authorize the type of access based on user credentials, and record authentication events and information about the network access and network resource consumption. profile to be applied to the VLAN interface. Alternately, you can assign AAA profiles to the VLAN interfaces from the Apply Policies tab under Gateway Management > Security. For more information, see Applying Policies to Gateway Interfaces.
   ACL	Select a routing policy to be applied to the VLAN interface. Alternately, you can assign routing policies to the VLAN interfaces from the Apply Policies tab under Gateway Management > Security. For more information, see Applying Policies to Gateway Interfaces.

10. Click Save Settings.

The following animation shows you to to configure the VLAN parameters.