Well the switches in question are at a remote site but I have another one of those switches here at home so I am getting it brought up to date and then will go after it. It is presently at factory so there is nothing that I have added to it but to upgrade the boot/firmware. At this moment I am stuffing the latest and greatest into it, then I am going to see if I can conquer the SSH thing. It is SUPPOSED to have a SSH server on board but so far I have not seen it. I see the client side but not the server side. But yet there is the CLI command list and I see comments about a box to be checked to enable the SSH server, (have yet to see said box). So I shall start with this one and get it going then I will use it as my reference with the other two.
On Wed, Sep 9, 2020 at 10:25 PM Mike C. <[email protected]> wrote: > At this point, it prolly makes more sense to just factory reset the switch > and then just put all the camera ports in vlan 20 and then tag port 50 as a > member of vlan 20. > > I'm not sure how old this OS is but when Cisco and other vendors first > started rolling out their GUIs, it wasn't uncommon for folks to get > confused while provisioning, troubleshooting and even for config files > being corrupted. > > So, it's just force of habit for me to look at the actual running config. > > I hope this helps you get this all sorted out soon. > > On Wed, Sep 9, 2020 at 6:30 PM Chuck Hast <[email protected]> wrote: > > > Mike, > > I have done all of the upgrades to those switches in order to > > obtain the coveted CLI access (there is no console port, but > > according to the docs there should now be a SSH server on > > the device with the upgrades to the latest code but so far no > > joy. I will go over all of that and figure out how to translate it > > to the GUI, and do it that way. Or figure out what is missing > > to SSH into the box. According to some of the documentation > > after I did the upgrade to 14.x there should be a ssh server > > box to tick in order to activate it but so far no joy. > > > > See my comments below regarding your observations: > > > > On Tue, Sep 8, 2020 at 7:54 PM Mike C. <[email protected]> wrote: > > > > > Thanks Chuck, > > > > > > I did quite a bit of reading and although this configuration should > work, > > > it's outside of norms / best practices. > > > > > > The way I was taught and always configured vlans is that by default all > > > ports and packets are untagged and are in the default vlan. Which is > > vlan 1 > > > for Cisco.Then tag ports with the vlan you want them to be a part of. > > > > > > Your configuration is the exact opposite. You've tagged the default > vlan > > 1 > > > on the trunk and left vlan 20 untagged > > > > > > Wow, I thought I was tagging the ports for VLAN 20 based on what I see > > on the GUI. I will go back into it and see what I have screwed up. > > > > > > > switchport trunk native vlan 20 > > > switchport default-vlan tagged . > > > > > > > This should be reversed. I was of the idea (based on what I see on the > > GUI) that VLAN 1 was the default and administrative and it was not > > tagged... > > > > > > > > The switchport default-vlan tagged command is to provide backward > > > compatibility support for devices that don't support 802.1 Q vlan tags. > > In > > > effect, the port functions in both access & trunk mode at the same > time. > > > > > > But your switches are vlan aware, so this config is unnecessary and I > > think > > > the cause of your problems. > > > > > > > I shall look into it and figure out how to get rid of it from the GUI if > I > > cannot > > figure out why it does not allow a SSH server to run. > > > > > > > > What I recommend trying is disabling the switchport default-vlan > tagged > > > .w. "no switchport default-vlan tagged" command or GUI. > > > > > > And the removing the native vlan 20 on the trunk with the "no > switchport > > > trunk native vlan 20" comand. > > > > > > This will set the default and the native vlan that was set to vlan 20 > > both > > > to vlan 1. > > > > > > > I wonder if I would not be faster to just set the switch to factory and > > then > > go in and and set up the VLAN 20 ports. > > > > After reset all of the ports of course are on VLAN 1. I was thinking > that I > > was moving the camera ports to VLAN 20. > > > > > > > > Then run the command "switchport mode trunk allow vlan 20" which will > > make > > > the trunk port also a member of vlan 20 and will pass tagged packets > from > > > the camera ports that are only members of vlan 20. > > > > > > > I have got to figure out how to get to a CLI... > > > > > > > > Then change the camera ports from general to access. Those ports will > > only > > > be a member of 1 vlan and that is the pvid vlan 20. The port will > accept > > > both untagged and tagged packets from the cameras and only send > untagged > > > packets to the cameras. > > > > > > I will get those ports changed and see how that goes. Thank you again > for > > the guidance. > > > > > > > That should do the trick for you. > > > > > > Here's a link to the CLI reference for your switch, > > > > > > > > > https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbss/sf200e/command_line_reference/OL-22850.pdf > > > > > > As this is a more standard way of configuring vlans, this is the best > > > config to start with. Let's see what this gets you. > > > > > > > > > > > > > > > > > > > > > > > > > > > On Sun, Sep 6, 2020 at 9:39 AM Chuck Hast <[email protected]> wrote: > > > > > > > Mike, > > > > I finally got the switches to give up the config files. Getting these > > > > things from firmware 1.2 to 1.4.11 took 4 firmware upgrades and > > > > 1 boot upgrade. Below is the url to the switch config files > > > > * > > > > > > > > > > http://www.fileconvoy.com/dfl.php?id=g440c3055c46aeeae1000279093dea129f9edbcfc24 > > > > < > > > > > > > > > > http://www.fileconvoy.com/dfl.php?id=g440c3055c46aeeae1000279093dea129f9edbcfc24 > > > > >* > > > > > > > > > > > > On Sun, Aug 30, 2020 at 10:16 AM Chuck Hast <[email protected]> > wrote: > > > > > > > > > Well, I have been trying to get a backup file out of this so I can > > > > > send it to you, but so far when I try to do http/https backup it > > > > > fails the only thing is I get a network error, and if I look in the > > > > > switch logs, it says it cannot find the file. > > > > > > > > > > I have a SG300-28 at home, it was never this cantankerous, > > > > > I can do file backups and uploads to it with no issues whatsoever. > > > > > > > > > > They must have cut some major corners somewhere with these > > > > > switches. > > > > > > > > > > > > > > > On Sun, Aug 23, 2020 at 11:30 AM Chuck Hast <[email protected]> > > wrote: > > > > > > > > > >> Well, I went to pull the backed up config files out of both > switches > > > > >> and got a "network failure." I setup a tftp server on my > > > > >> laptop and tried to go that way and got a "file not found" error. > > > > >> > > > > >> Appears that I have to upgrade to a later rev of the firmware/boot > > > > >> file. Both switches are presently at Rev 1.2.9.44, which has no > > > > >> ssh, and appears that it "likes" some old version of i.e. So > perhaps > > > > >> doing that upgrade will take care of these issues. Who knows. > > > > >> Once I do the upgrades I will let you know what happens, if it > still > > > > >> does not want to pass the vlan 20 to switch 02 I will pull the > > > > >> config file and send it. This rev level has NO CLI whatsoever, > > > > >> but it is installed in one of the later revs, got to get to that. > > > > >> > > > > >> > > > > >> On Mon, Aug 17, 2020 at 11:38 PM Chuck Hast <[email protected]> > > wrote: > > > > >> > > > > >>> Let me get you the config files, let us not break our heads on it > > > > >>> until you can look at them. I know on the web screens I set up > > > > >>> port 50 to have vlan 20 tagged on both ends. In my megre work > > > > >>> in this area, it seems that I always did the same thing, the link > > > > >>> carrying the camera VLAN went on a separate path to keep > > > > >>> possible latence down due to competition for the link path. > > > > >>> > > > > >>> This is the same case the cameras are on VLAN 20, it is a > > > > >>> total network island because the stinking cameras call home, > > > > >>> and the best way to avoid it is just to put them on and island > > > > >>> network. This is the first time I can recall having this issue. > in > > > > >>> the past I just tagged the two ends of the link and my video > > > > >>> data went that direction. All the rest went with VLAN 1 on > > > > >>> the other link. > > > > >>> > > > > >>> On Mon, Aug 17, 2020 at 4:15 AM Mike C. <[email protected]> > > wrote: > > > > >>> > > > > >>>> > > > > > >>>> > That is what I was thinking based on the other Cisco doc I > read > > > all > > > > I > > > > >>>> need > > > > >>>> > to do is set both of the two fibre links up as trunks and it > > > should > > > > >>>> work, > > > > >>>> > but there is another one that also said the part about > tagging. > > I > > > > >>>> have VLAN > > > > >>>> > 20 (the VLANS are 1, 10 and 20) on port 50 on both ends, I > have > > > also > > > > >>>> removed > > > > >>>> > it but still no joy.\ > > > > >>>> > > > > >>>> > > > > >>>> Just to be clear, with port based vlans, which is what you > have, a > > > > port > > > > >>>> can > > > > >>>> only belong to 1 untagged vlan. So when you have a port set to > > > > untagged > > > > >>>> w. > > > > >>>> the pvid set, then that port will only be in the default / > native > > > > vlan, > > > > >>>> which is VLAN 1 on most network equipment vendors. This is often > > > used > > > > as > > > > >>>> the management vlan. > > > > >>>> > > > > >>>> However, you can only have 1 untagged vlan per port. Any other > > vlans > > > > you > > > > >>>> want that port to handle must be tagged. Otherwise, all those > > > packets > > > > >>>> will > > > > >>>> be treated as they're part of the default / native vlan. > > > > >>>> > > > > >>>> Which seems to be what you have configured. VLAN 1 untagged pvid > > on > > > > P49 > > > > >>>> and > > > > >>>> VLAN 20 untagged pvid on P50 on both switches. > > > > >>>> > > > > >>>> And that makes me reconsider my earlier statement: > > > > >>>> > > > > >>>> Switch B > > > > >>>> > > > > > >>>> > 49 GE49 Enabled Disabled STP Root 20000 128 Forwarding > > > > >>>> > 32768-f0:29:29:f5:43:bd 128-97 0 1 > > > > >>>> > 50 GE50 Enabled Disabled STP Alternate 20000 128 Discarding > > > > >>>> > 32768-f0:29:29:f5:43:bd 128-98 0 0 > > > > >>>> > This one says discarding for port 50, so suspect that is the > > > issue. > > > > >>>> > > > > > >>>> > > > > >>>> Normally, the way this is designed and configured when there's > > > > multiple > > > > >>>> uplinks is to create a LAG or MLT, a trunk group that carries > all > > > > VLANs. > > > > >>>> This provides more bandwidth and failover redundancy. > > > > >>>> > > > > >>>> But you haven't said anything about a LAG configuration and if > you > > > > don't > > > > >>>> have any traffic traversing P50, if memory serves until you take > > the > > > > >>>> fibre > > > > >>>> link down on P49. Is that correct? > > > > >>>> > > > > >>>> Therefore, if you want this to work you will have to tag vlan > 10, > > 20 > > > > on > > > > >>>> port 49 and port 50 and you will have only 1 active uplink over > > > which > > > > >>>> all > > > > >>>> VLANs traverse. > > > > >>>> > > > > >>>> Then in the event of a failure of the active uplink, Spanning > Tree > > > > will > > > > >>>> reconfigure and use P50. > > > > >>>> > > > > >>>> Does that make sense at all? This is difficult to troubleshoot > and > > > > >>>> explain > > > > >>>> over email without the configs. > > > > >>>> _______________________________________________ > > > > >>>> PLUG: https://pdxlinux.org > > > > >>>> PLUG mailing list > > > > >>>> [email protected] > > > > >>>> http://lists.pdxlinux.org/mailman/listinfo/plug > > > > >>>> > > > > >>> > > > > >>> > > > > >>> -- > > > > >>> > > > > >>> Chuck Hast -- KP4DJT -- > > > > >>> I can do all things through Christ which strengtheneth me. > > > > >>> Ph 4:13 KJV > > > > >>> Todo lo puedo en Cristo que me fortalece. > > > > >>> Fil 4:13 RVR1960 > > > > >>> > > > > >>> > > > > >> > > > > >> -- > > > > >> > > > > >> Chuck Hast -- KP4DJT -- > > > > >> I can do all things through Christ which strengtheneth me. > > > > >> Ph 4:13 KJV > > > > >> Todo lo puedo en Cristo que me fortalece. > > > > >> Fil 4:13 RVR1960 > > > > >> > > > > >> > > > > > > > > > > -- > > > > > > > > > > Chuck Hast -- KP4DJT -- > > > > > I can do all things through Christ which strengtheneth me. > > > > > Ph 4:13 KJV > > > > > Todo lo puedo en Cristo que me fortalece. > > > > > Fil 4:13 RVR1960 > > > > > > > > > > > > > > > > > > -- > > > > > > > > Chuck Hast -- KP4DJT -- > > > > I can do all things through Christ which strengtheneth me. > > > > Ph 4:13 KJV > > > > Todo lo puedo en Cristo que me fortalece. > > > > Fil 4:13 RVR1960 > > > > _______________________________________________ > > > > PLUG: https://pdxlinux.org > > > > PLUG mailing list > > > > [email protected] > > > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > > > > > _______________________________________________ > > > PLUG: https://pdxlinux.org > > > PLUG mailing list > > > [email protected] > > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > > > > > > > -- > > > > Chuck Hast -- KP4DJT -- > > I can do all things through Christ which strengtheneth me. > > Ph 4:13 KJV > > Todo lo puedo en Cristo que me fortalece. > > Fil 4:13 RVR1960 > > _______________________________________________ > > PLUG: https://pdxlinux.org > > PLUG mailing list > > [email protected] > > http://lists.pdxlinux.org/mailman/listinfo/plug > > > _______________________________________________ > PLUG: https://pdxlinux.org > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug > -- Chuck Hast -- KP4DJT -- I can do all things through Christ which strengtheneth me. Ph 4:13 KJV Todo lo puedo en Cristo que me fortalece. Fil 4:13 RVR1960 _______________________________________________ PLUG: https://pdxlinux.org PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
