Mike, I did all of the upgrades, there were some totally different screens after the final upgrade, I have uploaded a test config file for you to look at. *http://www.fileconvoy.com/dfl.php?id=ga1a6f14cc72ae98a100028043901eb98b17d036d59 <http://www.fileconvoy.com/dfl.php?id=ga1a6f14cc72ae98a100028043901eb98b17d036d59>*
On Wed, Sep 9, 2020 at 11:28 PM Chuck Hast <[email protected]> wrote: > Found the guide for the GUI. Now to see if it can show me how to > get SSH working so I can get to the CLI. > > https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbss/sf20x_sg20x/administration_guide/Cisco_200Sx_v1_4_AG.pdf > > On Wed, Sep 9, 2020 at 10:48 PM Chuck Hast <[email protected]> wrote: > >> Well the switches in question are at a remote site but >> I have another one of those switches here at home so >> I am getting it brought up to date and then will go after >> it. It is presently at factory so there is nothing that I have >> added to it but to upgrade the boot/firmware. At this >> moment I am stuffing the latest and greatest into it, >> then I am going to see if I can conquer the SSH thing. >> It is SUPPOSED to have a SSH server on board but >> so far I have not seen it. I see the client side but not >> the server side. But yet there is the CLI command list >> and I see comments about a box to be checked to >> enable the SSH server, (have yet to see said box). >> So I shall start with this one and get it going then I >> will use it as my reference with the other two. >> >> >> On Wed, Sep 9, 2020 at 10:25 PM Mike C. <[email protected]> wrote: >> >>> At this point, it prolly makes more sense to just factory reset the >>> switch >>> and then just put all the camera ports in vlan 20 and then tag port 50 >>> as a >>> member of vlan 20. >>> >>> I'm not sure how old this OS is but when Cisco and other vendors first >>> started rolling out their GUIs, it wasn't uncommon for folks to get >>> confused while provisioning, troubleshooting and even for config files >>> being corrupted. >>> >>> So, it's just force of habit for me to look at the actual running config. >>> >>> I hope this helps you get this all sorted out soon. >>> >>> On Wed, Sep 9, 2020 at 6:30 PM Chuck Hast <[email protected]> wrote: >>> >>> > Mike, >>> > I have done all of the upgrades to those switches in order to >>> > obtain the coveted CLI access (there is no console port, but >>> > according to the docs there should now be a SSH server on >>> > the device with the upgrades to the latest code but so far no >>> > joy. I will go over all of that and figure out how to translate it >>> > to the GUI, and do it that way. Or figure out what is missing >>> > to SSH into the box. According to some of the documentation >>> > after I did the upgrade to 14.x there should be a ssh server >>> > box to tick in order to activate it but so far no joy. >>> > >>> > See my comments below regarding your observations: >>> > >>> > On Tue, Sep 8, 2020 at 7:54 PM Mike C. <[email protected]> wrote: >>> > >>> > > Thanks Chuck, >>> > > >>> > > I did quite a bit of reading and although this configuration should >>> work, >>> > > it's outside of norms / best practices. >>> > > >>> > > The way I was taught and always configured vlans is that by default >>> all >>> > > ports and packets are untagged and are in the default vlan. Which is >>> > vlan 1 >>> > > for Cisco.Then tag ports with the vlan you want them to be a part of. >>> > > >>> > > Your configuration is the exact opposite. You've tagged the default >>> vlan >>> > 1 >>> > > on the trunk and left vlan 20 untagged >>> > > >>> > > Wow, I thought I was tagging the ports for VLAN 20 based on what I >>> see >>> > on the GUI. I will go back into it and see what I have screwed up. >>> > >>> > >>> > > switchport trunk native vlan 20 >>> > > switchport default-vlan tagged . >>> > > >>> > >>> > This should be reversed. I was of the idea (based on what I see on the >>> > GUI) that VLAN 1 was the default and administrative and it was not >>> > tagged... >>> > >>> > > >>> > > The switchport default-vlan tagged command is to provide backward >>> > > compatibility support for devices that don't support 802.1 Q vlan >>> tags. >>> > In >>> > > effect, the port functions in both access & trunk mode at the same >>> time. >>> > > >>> > > But your switches are vlan aware, so this config is unnecessary and I >>> > think >>> > > the cause of your problems. >>> > > >>> > >>> > I shall look into it and figure out how to get rid of it from the GUI >>> if I >>> > cannot >>> > figure out why it does not allow a SSH server to run. >>> > >>> > > >>> > > What I recommend trying is disabling the switchport default-vlan >>> tagged >>> > > .w. "no switchport default-vlan tagged" command or GUI. >>> > > >>> > > And the removing the native vlan 20 on the trunk with the "no >>> switchport >>> > > trunk native vlan 20" comand. >>> > > >>> > > This will set the default and the native vlan that was set to vlan 20 >>> > both >>> > > to vlan 1. >>> > > >>> > >>> > I wonder if I would not be faster to just set the switch to factory and >>> > then >>> > go in and and set up the VLAN 20 ports. >>> > >>> > After reset all of the ports of course are on VLAN 1. I was thinking >>> that I >>> > was moving the camera ports to VLAN 20. >>> > >>> > > >>> > > Then run the command "switchport mode trunk allow vlan 20" which will >>> > make >>> > > the trunk port also a member of vlan 20 and will pass tagged packets >>> from >>> > > the camera ports that are only members of vlan 20. >>> > > >>> > >>> > I have got to figure out how to get to a CLI... >>> > >>> > > >>> > > Then change the camera ports from general to access. Those ports will >>> > only >>> > > be a member of 1 vlan and that is the pvid vlan 20. The port will >>> accept >>> > > both untagged and tagged packets from the cameras and only send >>> untagged >>> > > packets to the cameras. >>> > > >>> > > I will get those ports changed and see how that goes. Thank you >>> again for >>> > the guidance. >>> > >>> > >>> > > That should do the trick for you. >>> > > >>> > > Here's a link to the CLI reference for your switch, >>> > > >>> > > >>> > >>> https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbss/sf200e/command_line_reference/OL-22850.pdf >>> > > >>> > > As this is a more standard way of configuring vlans, this is the best >>> > > config to start with. Let's see what this gets you. >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > On Sun, Sep 6, 2020 at 9:39 AM Chuck Hast <[email protected]> wrote: >>> > > >>> > > > Mike, >>> > > > I finally got the switches to give up the config files. Getting >>> these >>> > > > things from firmware 1.2 to 1.4.11 took 4 firmware upgrades and >>> > > > 1 boot upgrade. Below is the url to the switch config files >>> > > > * >>> > > > >>> > > >>> > >>> http://www.fileconvoy.com/dfl.php?id=g440c3055c46aeeae1000279093dea129f9edbcfc24 >>> > > > < >>> > > > >>> > > >>> > >>> http://www.fileconvoy.com/dfl.php?id=g440c3055c46aeeae1000279093dea129f9edbcfc24 >>> > > > >* >>> > > > >>> > > > >>> > > > On Sun, Aug 30, 2020 at 10:16 AM Chuck Hast <[email protected]> >>> wrote: >>> > > > >>> > > > > Well, I have been trying to get a backup file out of this so I >>> can >>> > > > > send it to you, but so far when I try to do http/https backup it >>> > > > > fails the only thing is I get a network error, and if I look in >>> the >>> > > > > switch logs, it says it cannot find the file. >>> > > > > >>> > > > > I have a SG300-28 at home, it was never this cantankerous, >>> > > > > I can do file backups and uploads to it with no issues >>> whatsoever. >>> > > > > >>> > > > > They must have cut some major corners somewhere with these >>> > > > > switches. >>> > > > > >>> > > > > >>> > > > > On Sun, Aug 23, 2020 at 11:30 AM Chuck Hast <[email protected]> >>> > wrote: >>> > > > > >>> > > > >> Well, I went to pull the backed up config files out of both >>> switches >>> > > > >> and got a "network failure." I setup a tftp server on my >>> > > > >> laptop and tried to go that way and got a "file not found" >>> error. >>> > > > >> >>> > > > >> Appears that I have to upgrade to a later rev of the >>> firmware/boot >>> > > > >> file. Both switches are presently at Rev 1.2.9.44, which has no >>> > > > >> ssh, and appears that it "likes" some old version of i.e. So >>> perhaps >>> > > > >> doing that upgrade will take care of these issues. Who knows. >>> > > > >> Once I do the upgrades I will let you know what happens, if it >>> still >>> > > > >> does not want to pass the vlan 20 to switch 02 I will pull the >>> > > > >> config file and send it. This rev level has NO CLI whatsoever, >>> > > > >> but it is installed in one of the later revs, got to get to >>> that. >>> > > > >> >>> > > > >> >>> > > > >> On Mon, Aug 17, 2020 at 11:38 PM Chuck Hast <[email protected]> >>> > wrote: >>> > > > >> >>> > > > >>> Let me get you the config files, let us not break our heads on >>> it >>> > > > >>> until you can look at them. I know on the web screens I set up >>> > > > >>> port 50 to have vlan 20 tagged on both ends. In my megre work >>> > > > >>> in this area, it seems that I always did the same thing, the >>> link >>> > > > >>> carrying the camera VLAN went on a separate path to keep >>> > > > >>> possible latence down due to competition for the link path. >>> > > > >>> >>> > > > >>> This is the same case the cameras are on VLAN 20, it is a >>> > > > >>> total network island because the stinking cameras call home, >>> > > > >>> and the best way to avoid it is just to put them on and island >>> > > > >>> network. This is the first time I can recall having this >>> issue. in >>> > > > >>> the past I just tagged the two ends of the link and my video >>> > > > >>> data went that direction. All the rest went with VLAN 1 on >>> > > > >>> the other link. >>> > > > >>> >>> > > > >>> On Mon, Aug 17, 2020 at 4:15 AM Mike C. <[email protected]> >>> > wrote: >>> > > > >>> >>> > > > >>>> > >>> > > > >>>> > That is what I was thinking based on the other Cisco doc I >>> read >>> > > all >>> > > > I >>> > > > >>>> need >>> > > > >>>> > to do is set both of the two fibre links up as trunks and it >>> > > should >>> > > > >>>> work, >>> > > > >>>> > but there is another one that also said the part about >>> tagging. >>> > I >>> > > > >>>> have VLAN >>> > > > >>>> > 20 (the VLANS are 1, 10 and 20) on port 50 on both ends, I >>> have >>> > > also >>> > > > >>>> removed >>> > > > >>>> > it but still no joy.\ >>> > > > >>>> >>> > > > >>>> >>> > > > >>>> Just to be clear, with port based vlans, which is what you >>> have, a >>> > > > port >>> > > > >>>> can >>> > > > >>>> only belong to 1 untagged vlan. So when you have a port set to >>> > > > untagged >>> > > > >>>> w. >>> > > > >>>> the pvid set, then that port will only be in the default / >>> native >>> > > > vlan, >>> > > > >>>> which is VLAN 1 on most network equipment vendors. This is >>> often >>> > > used >>> > > > as >>> > > > >>>> the management vlan. >>> > > > >>>> >>> > > > >>>> However, you can only have 1 untagged vlan per port. Any other >>> > vlans >>> > > > you >>> > > > >>>> want that port to handle must be tagged. Otherwise, all those >>> > > packets >>> > > > >>>> will >>> > > > >>>> be treated as they're part of the default / native vlan. >>> > > > >>>> >>> > > > >>>> Which seems to be what you have configured. VLAN 1 untagged >>> pvid >>> > on >>> > > > P49 >>> > > > >>>> and >>> > > > >>>> VLAN 20 untagged pvid on P50 on both switches. >>> > > > >>>> >>> > > > >>>> And that makes me reconsider my earlier statement: >>> > > > >>>> >>> > > > >>>> Switch B >>> > > > >>>> > >>> > > > >>>> > 49 GE49 Enabled Disabled STP Root 20000 128 Forwarding >>> > > > >>>> > 32768-f0:29:29:f5:43:bd 128-97 0 1 >>> > > > >>>> > 50 GE50 Enabled Disabled STP Alternate 20000 128 Discarding >>> > > > >>>> > 32768-f0:29:29:f5:43:bd 128-98 0 0 >>> > > > >>>> > This one says discarding for port 50, so suspect that is the >>> > > issue. >>> > > > >>>> > >>> > > > >>>> >>> > > > >>>> Normally, the way this is designed and configured when there's >>> > > > multiple >>> > > > >>>> uplinks is to create a LAG or MLT, a trunk group that carries >>> all >>> > > > VLANs. >>> > > > >>>> This provides more bandwidth and failover redundancy. >>> > > > >>>> >>> > > > >>>> But you haven't said anything about a LAG configuration and >>> if you >>> > > > don't >>> > > > >>>> have any traffic traversing P50, if memory serves until you >>> take >>> > the >>> > > > >>>> fibre >>> > > > >>>> link down on P49. Is that correct? >>> > > > >>>> >>> > > > >>>> Therefore, if you want this to work you will have to tag vlan >>> 10, >>> > 20 >>> > > > on >>> > > > >>>> port 49 and port 50 and you will have only 1 active uplink >>> over >>> > > which >>> > > > >>>> all >>> > > > >>>> VLANs traverse. >>> > > > >>>> >>> > > > >>>> Then in the event of a failure of the active uplink, Spanning >>> Tree >>> > > > will >>> > > > >>>> reconfigure and use P50. >>> > > > >>>> >>> > > > >>>> Does that make sense at all? This is difficult to >>> troubleshoot and >>> > > > >>>> explain >>> > > > >>>> over email without the configs. >>> > > > >>>> _______________________________________________ >>> > > > >>>> PLUG: https://pdxlinux.org >>> > > > >>>> PLUG mailing list >>> > > > >>>> [email protected] >>> > > > >>>> http://lists.pdxlinux.org/mailman/listinfo/plug >>> > > > >>>> >>> > > > >>> >>> > > > >>> >>> > > > >>> -- >>> > > > >>> >>> > > > >>> Chuck Hast -- KP4DJT -- >>> > > > >>> I can do all things through Christ which strengtheneth me. >>> > > > >>> Ph 4:13 KJV >>> > > > >>> Todo lo puedo en Cristo que me fortalece. >>> > > > >>> Fil 4:13 RVR1960 >>> > > > >>> >>> > > > >>> >>> > > > >> >>> > > > >> -- >>> > > > >> >>> > > > >> Chuck Hast -- KP4DJT -- >>> > > > >> I can do all things through Christ which strengtheneth me. >>> > > > >> Ph 4:13 KJV >>> > > > >> Todo lo puedo en Cristo que me fortalece. >>> > > > >> Fil 4:13 RVR1960 >>> > > > >> >>> > > > >> >>> > > > > >>> > > > > -- >>> > > > > >>> > > > > Chuck Hast -- KP4DJT -- >>> > > > > I can do all things through Christ which strengtheneth me. >>> > > > > Ph 4:13 KJV >>> > > > > Todo lo puedo en Cristo que me fortalece. >>> > > > > Fil 4:13 RVR1960 >>> > > > > >>> > > > > >>> > > > >>> > > > -- >>> > > > >>> > > > Chuck Hast -- KP4DJT -- >>> > > > I can do all things through Christ which strengtheneth me. >>> > > > Ph 4:13 KJV >>> > > > Todo lo puedo en Cristo que me fortalece. >>> > > > Fil 4:13 RVR1960 >>> > > > _______________________________________________ >>> > > > PLUG: https://pdxlinux.org >>> > > > PLUG mailing list >>> > > > [email protected] >>> > > > http://lists.pdxlinux.org/mailman/listinfo/plug >>> > > > >>> > > _______________________________________________ >>> > > PLUG: https://pdxlinux.org >>> > > PLUG mailing list >>> > > [email protected] >>> > > http://lists.pdxlinux.org/mailman/listinfo/plug >>> > > >>> > >>> > >>> > -- >>> > >>> > Chuck Hast -- KP4DJT -- >>> > I can do all things through Christ which strengtheneth me. >>> > Ph 4:13 KJV >>> > Todo lo puedo en Cristo que me fortalece. >>> > Fil 4:13 RVR1960 >>> > _______________________________________________ >>> > PLUG: https://pdxlinux.org >>> > PLUG mailing list >>> > [email protected] >>> > http://lists.pdxlinux.org/mailman/listinfo/plug >>> > >>> _______________________________________________ >>> PLUG: https://pdxlinux.org >>> PLUG mailing list >>> [email protected] >>> http://lists.pdxlinux.org/mailman/listinfo/plug >>> >> >> >> -- >> >> Chuck Hast -- KP4DJT -- >> I can do all things through Christ which strengtheneth me. >> Ph 4:13 KJV >> Todo lo puedo en Cristo que me fortalece. >> Fil 4:13 RVR1960 >> >> > > -- > > Chuck Hast -- KP4DJT -- > I can do all things through Christ which strengtheneth me. > Ph 4:13 KJV > Todo lo puedo en Cristo que me fortalece. > Fil 4:13 RVR1960 > > -- Chuck Hast -- KP4DJT -- I can do all things through Christ which strengtheneth me. Ph 4:13 KJV Todo lo puedo en Cristo que me fortalece. Fil 4:13 RVR1960 _______________________________________________ PLUG: https://pdxlinux.org PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
