At this point, it prolly makes more sense to just factory reset the switch and then just put all the camera ports in vlan 20 and then tag port 50 as a member of vlan 20.
I'm not sure how old this OS is but when Cisco and other vendors first started rolling out their GUIs, it wasn't uncommon for folks to get confused while provisioning, troubleshooting and even for config files being corrupted. So, it's just force of habit for me to look at the actual running config. I hope this helps you get this all sorted out soon. On Wed, Sep 9, 2020 at 6:30 PM Chuck Hast <[email protected]> wrote: > Mike, > I have done all of the upgrades to those switches in order to > obtain the coveted CLI access (there is no console port, but > according to the docs there should now be a SSH server on > the device with the upgrades to the latest code but so far no > joy. I will go over all of that and figure out how to translate it > to the GUI, and do it that way. Or figure out what is missing > to SSH into the box. According to some of the documentation > after I did the upgrade to 14.x there should be a ssh server > box to tick in order to activate it but so far no joy. > > See my comments below regarding your observations: > > On Tue, Sep 8, 2020 at 7:54 PM Mike C. <[email protected]> wrote: > > > Thanks Chuck, > > > > I did quite a bit of reading and although this configuration should work, > > it's outside of norms / best practices. > > > > The way I was taught and always configured vlans is that by default all > > ports and packets are untagged and are in the default vlan. Which is > vlan 1 > > for Cisco.Then tag ports with the vlan you want them to be a part of. > > > > Your configuration is the exact opposite. You've tagged the default vlan > 1 > > on the trunk and left vlan 20 untagged > > > > Wow, I thought I was tagging the ports for VLAN 20 based on what I see > on the GUI. I will go back into it and see what I have screwed up. > > > > switchport trunk native vlan 20 > > switchport default-vlan tagged . > > > > This should be reversed. I was of the idea (based on what I see on the > GUI) that VLAN 1 was the default and administrative and it was not > tagged... > > > > > The switchport default-vlan tagged command is to provide backward > > compatibility support for devices that don't support 802.1 Q vlan tags. > In > > effect, the port functions in both access & trunk mode at the same time. > > > > But your switches are vlan aware, so this config is unnecessary and I > think > > the cause of your problems. > > > > I shall look into it and figure out how to get rid of it from the GUI if I > cannot > figure out why it does not allow a SSH server to run. > > > > > What I recommend trying is disabling the switchport default-vlan tagged > > .w. "no switchport default-vlan tagged" command or GUI. > > > > And the removing the native vlan 20 on the trunk with the "no switchport > > trunk native vlan 20" comand. > > > > This will set the default and the native vlan that was set to vlan 20 > both > > to vlan 1. > > > > I wonder if I would not be faster to just set the switch to factory and > then > go in and and set up the VLAN 20 ports. > > After reset all of the ports of course are on VLAN 1. I was thinking that I > was moving the camera ports to VLAN 20. > > > > > Then run the command "switchport mode trunk allow vlan 20" which will > make > > the trunk port also a member of vlan 20 and will pass tagged packets from > > the camera ports that are only members of vlan 20. > > > > I have got to figure out how to get to a CLI... > > > > > Then change the camera ports from general to access. Those ports will > only > > be a member of 1 vlan and that is the pvid vlan 20. The port will accept > > both untagged and tagged packets from the cameras and only send untagged > > packets to the cameras. > > > > I will get those ports changed and see how that goes. Thank you again for > the guidance. > > > > That should do the trick for you. > > > > Here's a link to the CLI reference for your switch, > > > > > https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbss/sf200e/command_line_reference/OL-22850.pdf > > > > As this is a more standard way of configuring vlans, this is the best > > config to start with. Let's see what this gets you. > > > > > > > > > > > > > > > > > > On Sun, Sep 6, 2020 at 9:39 AM Chuck Hast <[email protected]> wrote: > > > > > Mike, > > > I finally got the switches to give up the config files. Getting these > > > things from firmware 1.2 to 1.4.11 took 4 firmware upgrades and > > > 1 boot upgrade. Below is the url to the switch config files > > > * > > > > > > http://www.fileconvoy.com/dfl.php?id=g440c3055c46aeeae1000279093dea129f9edbcfc24 > > > < > > > > > > http://www.fileconvoy.com/dfl.php?id=g440c3055c46aeeae1000279093dea129f9edbcfc24 > > > >* > > > > > > > > > On Sun, Aug 30, 2020 at 10:16 AM Chuck Hast <[email protected]> wrote: > > > > > > > Well, I have been trying to get a backup file out of this so I can > > > > send it to you, but so far when I try to do http/https backup it > > > > fails the only thing is I get a network error, and if I look in the > > > > switch logs, it says it cannot find the file. > > > > > > > > I have a SG300-28 at home, it was never this cantankerous, > > > > I can do file backups and uploads to it with no issues whatsoever. > > > > > > > > They must have cut some major corners somewhere with these > > > > switches. > > > > > > > > > > > > On Sun, Aug 23, 2020 at 11:30 AM Chuck Hast <[email protected]> > wrote: > > > > > > > >> Well, I went to pull the backed up config files out of both switches > > > >> and got a "network failure." I setup a tftp server on my > > > >> laptop and tried to go that way and got a "file not found" error. > > > >> > > > >> Appears that I have to upgrade to a later rev of the firmware/boot > > > >> file. Both switches are presently at Rev 1.2.9.44, which has no > > > >> ssh, and appears that it "likes" some old version of i.e. So perhaps > > > >> doing that upgrade will take care of these issues. Who knows. > > > >> Once I do the upgrades I will let you know what happens, if it still > > > >> does not want to pass the vlan 20 to switch 02 I will pull the > > > >> config file and send it. This rev level has NO CLI whatsoever, > > > >> but it is installed in one of the later revs, got to get to that. > > > >> > > > >> > > > >> On Mon, Aug 17, 2020 at 11:38 PM Chuck Hast <[email protected]> > wrote: > > > >> > > > >>> Let me get you the config files, let us not break our heads on it > > > >>> until you can look at them. I know on the web screens I set up > > > >>> port 50 to have vlan 20 tagged on both ends. In my megre work > > > >>> in this area, it seems that I always did the same thing, the link > > > >>> carrying the camera VLAN went on a separate path to keep > > > >>> possible latence down due to competition for the link path. > > > >>> > > > >>> This is the same case the cameras are on VLAN 20, it is a > > > >>> total network island because the stinking cameras call home, > > > >>> and the best way to avoid it is just to put them on and island > > > >>> network. This is the first time I can recall having this issue. in > > > >>> the past I just tagged the two ends of the link and my video > > > >>> data went that direction. All the rest went with VLAN 1 on > > > >>> the other link. > > > >>> > > > >>> On Mon, Aug 17, 2020 at 4:15 AM Mike C. <[email protected]> > wrote: > > > >>> > > > >>>> > > > > >>>> > That is what I was thinking based on the other Cisco doc I read > > all > > > I > > > >>>> need > > > >>>> > to do is set both of the two fibre links up as trunks and it > > should > > > >>>> work, > > > >>>> > but there is another one that also said the part about tagging. > I > > > >>>> have VLAN > > > >>>> > 20 (the VLANS are 1, 10 and 20) on port 50 on both ends, I have > > also > > > >>>> removed > > > >>>> > it but still no joy.\ > > > >>>> > > > >>>> > > > >>>> Just to be clear, with port based vlans, which is what you have, a > > > port > > > >>>> can > > > >>>> only belong to 1 untagged vlan. So when you have a port set to > > > untagged > > > >>>> w. > > > >>>> the pvid set, then that port will only be in the default / native > > > vlan, > > > >>>> which is VLAN 1 on most network equipment vendors. This is often > > used > > > as > > > >>>> the management vlan. > > > >>>> > > > >>>> However, you can only have 1 untagged vlan per port. Any other > vlans > > > you > > > >>>> want that port to handle must be tagged. Otherwise, all those > > packets > > > >>>> will > > > >>>> be treated as they're part of the default / native vlan. > > > >>>> > > > >>>> Which seems to be what you have configured. VLAN 1 untagged pvid > on > > > P49 > > > >>>> and > > > >>>> VLAN 20 untagged pvid on P50 on both switches. > > > >>>> > > > >>>> And that makes me reconsider my earlier statement: > > > >>>> > > > >>>> Switch B > > > >>>> > > > > >>>> > 49 GE49 Enabled Disabled STP Root 20000 128 Forwarding > > > >>>> > 32768-f0:29:29:f5:43:bd 128-97 0 1 > > > >>>> > 50 GE50 Enabled Disabled STP Alternate 20000 128 Discarding > > > >>>> > 32768-f0:29:29:f5:43:bd 128-98 0 0 > > > >>>> > This one says discarding for port 50, so suspect that is the > > issue. > > > >>>> > > > > >>>> > > > >>>> Normally, the way this is designed and configured when there's > > > multiple > > > >>>> uplinks is to create a LAG or MLT, a trunk group that carries all > > > VLANs. > > > >>>> This provides more bandwidth and failover redundancy. > > > >>>> > > > >>>> But you haven't said anything about a LAG configuration and if you > > > don't > > > >>>> have any traffic traversing P50, if memory serves until you take > the > > > >>>> fibre > > > >>>> link down on P49. Is that correct? > > > >>>> > > > >>>> Therefore, if you want this to work you will have to tag vlan 10, > 20 > > > on > > > >>>> port 49 and port 50 and you will have only 1 active uplink over > > which > > > >>>> all > > > >>>> VLANs traverse. > > > >>>> > > > >>>> Then in the event of a failure of the active uplink, Spanning Tree > > > will > > > >>>> reconfigure and use P50. > > > >>>> > > > >>>> Does that make sense at all? This is difficult to troubleshoot and > > > >>>> explain > > > >>>> over email without the configs. > > > >>>> _______________________________________________ > > > >>>> PLUG: https://pdxlinux.org > > > >>>> PLUG mailing list > > > >>>> [email protected] > > > >>>> http://lists.pdxlinux.org/mailman/listinfo/plug > > > >>>> > > > >>> > > > >>> > > > >>> -- > > > >>> > > > >>> Chuck Hast -- KP4DJT -- > > > >>> I can do all things through Christ which strengtheneth me. > > > >>> Ph 4:13 KJV > > > >>> Todo lo puedo en Cristo que me fortalece. > > > >>> Fil 4:13 RVR1960 > > > >>> > > > >>> > > > >> > > > >> -- > > > >> > > > >> Chuck Hast -- KP4DJT -- > > > >> I can do all things through Christ which strengtheneth me. > > > >> Ph 4:13 KJV > > > >> Todo lo puedo en Cristo que me fortalece. > > > >> Fil 4:13 RVR1960 > > > >> > > > >> > > > > > > > > -- > > > > > > > > Chuck Hast -- KP4DJT -- > > > > I can do all things through Christ which strengtheneth me. > > > > Ph 4:13 KJV > > > > Todo lo puedo en Cristo que me fortalece. > > > > Fil 4:13 RVR1960 > > > > > > > > > > > > > > -- > > > > > > Chuck Hast -- KP4DJT -- > > > I can do all things through Christ which strengtheneth me. > > > Ph 4:13 KJV > > > Todo lo puedo en Cristo que me fortalece. > > > Fil 4:13 RVR1960 > > > _______________________________________________ > > > PLUG: https://pdxlinux.org > > > PLUG mailing list > > > [email protected] > > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > > > _______________________________________________ > > PLUG: https://pdxlinux.org > > PLUG mailing list > > [email protected] > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > > > -- > > Chuck Hast -- KP4DJT -- > I can do all things through Christ which strengtheneth me. > Ph 4:13 KJV > Todo lo puedo en Cristo que me fortalece. > Fil 4:13 RVR1960 > _______________________________________________ > PLUG: https://pdxlinux.org > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug > _______________________________________________ PLUG: https://pdxlinux.org PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
