I looked at another file I did after a change, all of the ports on VLAN 20 have this format: interface gigabitethernet36 switchport mode access switchport access vlan 20 ! Regarding the trunk, I have twiddled all of the knobs I can find but this is all I get.
interface gigabitethernet50 switchport trunk allowed vlan add 20 On Fri, Sep 11, 2020 at 9:58 AM Chuck Hast <[email protected]> wrote: > Here is a scrape from the Port VLAN Membership screen. I sure wish > I could get into the CLI for sure on this one, but it shows these ports > as being members of VLAN 20. > Interface Mode Administrative Operational > VLANS VLANS > GE25 Access 20UP 20UP > GE26 Access 20UP 20UP > GE27 Access 20UP 20UP > GE28 Access 20UP 20UP > GE29 Access 20UP 20UP > GE30 Access 20UP 20UP > GE31 Access 20UP 20UP > GE32 Access 20UP 20UP > GE33 Access 20UP 20UP > GE34 Access 20UP 20UP > GE35 Access 20UP 20UP > GE36 Access 20UP 20UP > GE50 Trunk 1UP, 20T 1UP, 20T > > Here is a scrape from the Port to VLAN screen > Interface VLAN Mode Membership PVID > Name Type > GE25 Access Untagged [x] > GE26 Access Untagged [x] > GE27 Access Untagged [x] > GE28 Access Untagged [x] > GE29 Access Untagged [x] > GE30 Access Untagged [x] > GE31 Access Untagged [x] > GE32 Access Untagged [x] > GE33 Access Untagged [x] > GE34 Access Untagged [x] > GE35 Access Untagged [x] > GE36 Access Untagged [x] > GE50 Trunk Tagged > > That is how it is shown on the GUI. > > I looked at the config file and see what you mean, I will > make changes then dump the file and see what it does. > > > On Fri, Sep 11, 2020 at 12:13 AM Mike C. <[email protected]> wrote: > >> The config looks more like I'd expect to see it with the exception of >> these >> omissions: >> >> 1. The camera ports don't have a vlan id set. I'd expect to see a config >> statement like this for the camera ports: >> >> switchport access vlan 20 >> >> 2. No trunk switchport mode config statement. I'd expect to see a config >> statement for port 50 that sets the port mode to trunk. This is the >> equivalent to all the other ports set to access mode. "switchport mode >> access" >> >> switchport mode trunk >> >> >> >> On Thu, Sep 10, 2020 at 5:32 PM Chuck Hast <[email protected]> wrote: >> >> > Mike, >> > I did all of the upgrades, there were some totally different >> > screens after the final upgrade, I have uploaded a test >> > config file for you to look at. >> > * >> > >> http://www.fileconvoy.com/dfl.php?id=ga1a6f14cc72ae98a100028043901eb98b17d036d59 >> > < >> > >> http://www.fileconvoy.com/dfl.php?id=ga1a6f14cc72ae98a100028043901eb98b17d036d59 >> > >* >> > >> > >> > On Wed, Sep 9, 2020 at 11:28 PM Chuck Hast <[email protected]> wrote: >> > >> > > Found the guide for the GUI. Now to see if it can show me how to >> > > get SSH working so I can get to the CLI. >> > > >> > > >> > >> https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbss/sf20x_sg20x/administration_guide/Cisco_200Sx_v1_4_AG.pdf >> > > >> > > On Wed, Sep 9, 2020 at 10:48 PM Chuck Hast <[email protected]> wrote: >> > > >> > >> Well the switches in question are at a remote site but >> > >> I have another one of those switches here at home so >> > >> I am getting it brought up to date and then will go after >> > >> it. It is presently at factory so there is nothing that I have >> > >> added to it but to upgrade the boot/firmware. At this >> > >> moment I am stuffing the latest and greatest into it, >> > >> then I am going to see if I can conquer the SSH thing. >> > >> It is SUPPOSED to have a SSH server on board but >> > >> so far I have not seen it. I see the client side but not >> > >> the server side. But yet there is the CLI command list >> > >> and I see comments about a box to be checked to >> > >> enable the SSH server, (have yet to see said box). >> > >> So I shall start with this one and get it going then I >> > >> will use it as my reference with the other two. >> > >> >> > >> >> > >> On Wed, Sep 9, 2020 at 10:25 PM Mike C. <[email protected]> wrote: >> > >> >> > >>> At this point, it prolly makes more sense to just factory reset the >> > >>> switch >> > >>> and then just put all the camera ports in vlan 20 and then tag port >> 50 >> > >>> as a >> > >>> member of vlan 20. >> > >>> >> > >>> I'm not sure how old this OS is but when Cisco and other vendors >> first >> > >>> started rolling out their GUIs, it wasn't uncommon for folks to get >> > >>> confused while provisioning, troubleshooting and even for config >> files >> > >>> being corrupted. >> > >>> >> > >>> So, it's just force of habit for me to look at the actual running >> > config. >> > >>> >> > >>> I hope this helps you get this all sorted out soon. >> > >>> >> > >>> On Wed, Sep 9, 2020 at 6:30 PM Chuck Hast <[email protected]> wrote: >> > >>> >> > >>> > Mike, >> > >>> > I have done all of the upgrades to those switches in order to >> > >>> > obtain the coveted CLI access (there is no console port, but >> > >>> > according to the docs there should now be a SSH server on >> > >>> > the device with the upgrades to the latest code but so far no >> > >>> > joy. I will go over all of that and figure out how to translate it >> > >>> > to the GUI, and do it that way. Or figure out what is missing >> > >>> > to SSH into the box. According to some of the documentation >> > >>> > after I did the upgrade to 14.x there should be a ssh server >> > >>> > box to tick in order to activate it but so far no joy. >> > >>> > >> > >>> > See my comments below regarding your observations: >> > >>> > >> > >>> > On Tue, Sep 8, 2020 at 7:54 PM Mike C. <[email protected]> >> wrote: >> > >>> > >> > >>> > > Thanks Chuck, >> > >>> > > >> > >>> > > I did quite a bit of reading and although this configuration >> should >> > >>> work, >> > >>> > > it's outside of norms / best practices. >> > >>> > > >> > >>> > > The way I was taught and always configured vlans is that by >> default >> > >>> all >> > >>> > > ports and packets are untagged and are in the default vlan. >> Which >> > is >> > >>> > vlan 1 >> > >>> > > for Cisco.Then tag ports with the vlan you want them to be a >> part >> > of. >> > >>> > > >> > >>> > > Your configuration is the exact opposite. You've tagged the >> default >> > >>> vlan >> > >>> > 1 >> > >>> > > on the trunk and left vlan 20 untagged >> > >>> > > >> > >>> > > Wow, I thought I was tagging the ports for VLAN 20 based on >> what I >> > >>> see >> > >>> > on the GUI. I will go back into it and see what I have screwed up. >> > >>> > >> > >>> > >> > >>> > > switchport trunk native vlan 20 >> > >>> > > switchport default-vlan tagged . >> > >>> > > >> > >>> > >> > >>> > This should be reversed. I was of the idea (based on what I see on >> > the >> > >>> > GUI) that VLAN 1 was the default and administrative and it was >> not >> > >>> > tagged... >> > >>> > >> > >>> > > >> > >>> > > The switchport default-vlan tagged command is to provide >> backward >> > >>> > > compatibility support for devices that don't support 802.1 Q >> vlan >> > >>> tags. >> > >>> > In >> > >>> > > effect, the port functions in both access & trunk mode at the >> same >> > >>> time. >> > >>> > > >> > >>> > > But your switches are vlan aware, so this config is unnecessary >> > and I >> > >>> > think >> > >>> > > the cause of your problems. >> > >>> > > >> > >>> > >> > >>> > I shall look into it and figure out how to get rid of it from the >> GUI >> > >>> if I >> > >>> > cannot >> > >>> > figure out why it does not allow a SSH server to run. >> > >>> > >> > >>> > > >> > >>> > > What I recommend trying is disabling the switchport >> default-vlan >> > >>> tagged >> > >>> > > .w. "no switchport default-vlan tagged" command or GUI. >> > >>> > > >> > >>> > > And the removing the native vlan 20 on the trunk with the "no >> > >>> switchport >> > >>> > > trunk native vlan 20" comand. >> > >>> > > >> > >>> > > This will set the default and the native vlan that was set to >> vlan >> > 20 >> > >>> > both >> > >>> > > to vlan 1. >> > >>> > > >> > >>> > >> > >>> > I wonder if I would not be faster to just set the switch to >> factory >> > and >> > >>> > then >> > >>> > go in and and set up the VLAN 20 ports. >> > >>> > >> > >>> > After reset all of the ports of course are on VLAN 1. I was >> thinking >> > >>> that I >> > >>> > was moving the camera ports to VLAN 20. >> > >>> > >> > >>> > > >> > >>> > > Then run the command "switchport mode trunk allow vlan 20" which >> > will >> > >>> > make >> > >>> > > the trunk port also a member of vlan 20 and will pass tagged >> > packets >> > >>> from >> > >>> > > the camera ports that are only members of vlan 20. >> > >>> > > >> > >>> > >> > >>> > I have got to figure out how to get to a CLI... >> > >>> > >> > >>> > > >> > >>> > > Then change the camera ports from general to access. Those ports >> > will >> > >>> > only >> > >>> > > be a member of 1 vlan and that is the pvid vlan 20. The port >> will >> > >>> accept >> > >>> > > both untagged and tagged packets from the cameras and only send >> > >>> untagged >> > >>> > > packets to the cameras. >> > >>> > > >> > >>> > > I will get those ports changed and see how that goes. Thank you >> > >>> again for >> > >>> > the guidance. >> > >>> > >> > >>> > >> > >>> > > That should do the trick for you. >> > >>> > > >> > >>> > > Here's a link to the CLI reference for your switch, >> > >>> > > >> > >>> > > >> > >>> > >> > >>> >> > >> https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbss/sf200e/command_line_reference/OL-22850.pdf >> > >>> > > >> > >>> > > As this is a more standard way of configuring vlans, this is the >> > best >> > >>> > > config to start with. Let's see what this gets you. >> > >>> > > >> > >>> > > >> > >>> > > >> > >>> > > >> > >>> > > >> > >>> > > >> > >>> > > >> > >>> > > >> > >>> > > On Sun, Sep 6, 2020 at 9:39 AM Chuck Hast <[email protected]> >> > wrote: >> > >>> > > >> > >>> > > > Mike, >> > >>> > > > I finally got the switches to give up the config files. >> Getting >> > >>> these >> > >>> > > > things from firmware 1.2 to 1.4.11 took 4 firmware upgrades >> and >> > >>> > > > 1 boot upgrade. Below is the url to the switch config files >> > >>> > > > * >> > >>> > > > >> > >>> > > >> > >>> > >> > >>> >> > >> http://www.fileconvoy.com/dfl.php?id=g440c3055c46aeeae1000279093dea129f9edbcfc24 >> > >>> > > > < >> > >>> > > > >> > >>> > > >> > >>> > >> > >>> >> > >> http://www.fileconvoy.com/dfl.php?id=g440c3055c46aeeae1000279093dea129f9edbcfc24 >> > >>> > > > >* >> > >>> > > > >> > >>> > > > >> > >>> > > > On Sun, Aug 30, 2020 at 10:16 AM Chuck Hast <[email protected] >> > >> > >>> wrote: >> > >>> > > > >> > >>> > > > > Well, I have been trying to get a backup file out of this >> so I >> > >>> can >> > >>> > > > > send it to you, but so far when I try to do http/https >> backup >> > it >> > >>> > > > > fails the only thing is I get a network error, and if I >> look in >> > >>> the >> > >>> > > > > switch logs, it says it cannot find the file. >> > >>> > > > > >> > >>> > > > > I have a SG300-28 at home, it was never this cantankerous, >> > >>> > > > > I can do file backups and uploads to it with no issues >> > >>> whatsoever. >> > >>> > > > > >> > >>> > > > > They must have cut some major corners somewhere with these >> > >>> > > > > switches. >> > >>> > > > > >> > >>> > > > > >> > >>> > > > > On Sun, Aug 23, 2020 at 11:30 AM Chuck Hast < >> [email protected]> >> > >>> > wrote: >> > >>> > > > > >> > >>> > > > >> Well, I went to pull the backed up config files out of both >> > >>> switches >> > >>> > > > >> and got a "network failure." I setup a tftp server on my >> > >>> > > > >> laptop and tried to go that way and got a "file not found" >> > >>> error. >> > >>> > > > >> >> > >>> > > > >> Appears that I have to upgrade to a later rev of the >> > >>> firmware/boot >> > >>> > > > >> file. Both switches are presently at Rev 1.2.9.44, which >> has >> > no >> > >>> > > > >> ssh, and appears that it "likes" some old version of i.e. >> So >> > >>> perhaps >> > >>> > > > >> doing that upgrade will take care of these issues. Who >> knows. >> > >>> > > > >> Once I do the upgrades I will let you know what happens, >> if it >> > >>> still >> > >>> > > > >> does not want to pass the vlan 20 to switch 02 I will pull >> the >> > >>> > > > >> config file and send it. This rev level has NO CLI >> whatsoever, >> > >>> > > > >> but it is installed in one of the later revs, got to get to >> > >>> that. >> > >>> > > > >> >> > >>> > > > >> >> > >>> > > > >> On Mon, Aug 17, 2020 at 11:38 PM Chuck Hast < >> [email protected] >> > > >> > >>> > wrote: >> > >>> > > > >> >> > >>> > > > >>> Let me get you the config files, let us not break our >> heads >> > on >> > >>> it >> > >>> > > > >>> until you can look at them. I know on the web screens I >> set >> > up >> > >>> > > > >>> port 50 to have vlan 20 tagged on both ends. In my megre >> work >> > >>> > > > >>> in this area, it seems that I always did the same thing, >> the >> > >>> link >> > >>> > > > >>> carrying the camera VLAN went on a separate path to keep >> > >>> > > > >>> possible latence down due to competition for the link >> path. >> > >>> > > > >>> >> > >>> > > > >>> This is the same case the cameras are on VLAN 20, it is a >> > >>> > > > >>> total network island because the stinking cameras call >> home, >> > >>> > > > >>> and the best way to avoid it is just to put them on and >> > island >> > >>> > > > >>> network. This is the first time I can recall having this >> > >>> issue. in >> > >>> > > > >>> the past I just tagged the two ends of the link and my >> video >> > >>> > > > >>> data went that direction. All the rest went with VLAN 1 on >> > >>> > > > >>> the other link. >> > >>> > > > >>> >> > >>> > > > >>> On Mon, Aug 17, 2020 at 4:15 AM Mike C. < >> [email protected] >> > > >> > >>> > wrote: >> > >>> > > > >>> >> > >>> > > > >>>> > >> > >>> > > > >>>> > That is what I was thinking based on the other Cisco >> doc I >> > >>> read >> > >>> > > all >> > >>> > > > I >> > >>> > > > >>>> need >> > >>> > > > >>>> > to do is set both of the two fibre links up as trunks >> and >> > it >> > >>> > > should >> > >>> > > > >>>> work, >> > >>> > > > >>>> > but there is another one that also said the part about >> > >>> tagging. >> > >>> > I >> > >>> > > > >>>> have VLAN >> > >>> > > > >>>> > 20 (the VLANS are 1, 10 and 20) on port 50 on both >> ends, I >> > >>> have >> > >>> > > also >> > >>> > > > >>>> removed >> > >>> > > > >>>> > it but still no joy.\ >> > >>> > > > >>>> >> > >>> > > > >>>> >> > >>> > > > >>>> Just to be clear, with port based vlans, which is what >> you >> > >>> have, a >> > >>> > > > port >> > >>> > > > >>>> can >> > >>> > > > >>>> only belong to 1 untagged vlan. So when you have a port >> set >> > to >> > >>> > > > untagged >> > >>> > > > >>>> w. >> > >>> > > > >>>> the pvid set, then that port will only be in the default >> / >> > >>> native >> > >>> > > > vlan, >> > >>> > > > >>>> which is VLAN 1 on most network equipment vendors. This >> is >> > >>> often >> > >>> > > used >> > >>> > > > as >> > >>> > > > >>>> the management vlan. >> > >>> > > > >>>> >> > >>> > > > >>>> However, you can only have 1 untagged vlan per port. Any >> > other >> > >>> > vlans >> > >>> > > > you >> > >>> > > > >>>> want that port to handle must be tagged. Otherwise, all >> > those >> > >>> > > packets >> > >>> > > > >>>> will >> > >>> > > > >>>> be treated as they're part of the default / native vlan. >> > >>> > > > >>>> >> > >>> > > > >>>> Which seems to be what you have configured. VLAN 1 >> untagged >> > >>> pvid >> > >>> > on >> > >>> > > > P49 >> > >>> > > > >>>> and >> > >>> > > > >>>> VLAN 20 untagged pvid on P50 on both switches. >> > >>> > > > >>>> >> > >>> > > > >>>> And that makes me reconsider my earlier statement: >> > >>> > > > >>>> >> > >>> > > > >>>> Switch B >> > >>> > > > >>>> > >> > >>> > > > >>>> > 49 GE49 Enabled Disabled STP Root 20000 128 Forwarding >> > >>> > > > >>>> > 32768-f0:29:29:f5:43:bd 128-97 0 1 >> > >>> > > > >>>> > 50 GE50 Enabled Disabled STP Alternate 20000 128 >> > Discarding >> > >>> > > > >>>> > 32768-f0:29:29:f5:43:bd 128-98 0 0 >> > >>> > > > >>>> > This one says discarding for port 50, so suspect that >> is >> > the >> > >>> > > issue. >> > >>> > > > >>>> > >> > >>> > > > >>>> >> > >>> > > > >>>> Normally, the way this is designed and configured when >> > there's >> > >>> > > > multiple >> > >>> > > > >>>> uplinks is to create a LAG or MLT, a trunk group that >> > carries >> > >>> all >> > >>> > > > VLANs. >> > >>> > > > >>>> This provides more bandwidth and failover redundancy. >> > >>> > > > >>>> >> > >>> > > > >>>> But you haven't said anything about a LAG configuration >> and >> > >>> if you >> > >>> > > > don't >> > >>> > > > >>>> have any traffic traversing P50, if memory serves until >> you >> > >>> take >> > >>> > the >> > >>> > > > >>>> fibre >> > >>> > > > >>>> link down on P49. Is that correct? >> > >>> > > > >>>> >> > >>> > > > >>>> Therefore, if you want this to work you will have to tag >> > vlan >> > >>> 10, >> > >>> > 20 >> > >>> > > > on >> > >>> > > > >>>> port 49 and port 50 and you will have only 1 active >> uplink >> > >>> over >> > >>> > > which >> > >>> > > > >>>> all >> > >>> > > > >>>> VLANs traverse. >> > >>> > > > >>>> >> > >>> > > > >>>> Then in the event of a failure of the active uplink, >> > Spanning >> > >>> Tree >> > >>> > > > will >> > >>> > > > >>>> reconfigure and use P50. >> > >>> > > > >>>> >> > >>> > > > >>>> Does that make sense at all? This is difficult to >> > >>> troubleshoot and >> > >>> > > > >>>> explain >> > >>> > > > >>>> over email without the configs. >> > >>> > > > >>>> _______________________________________________ >> > >>> > > > >>>> PLUG: https://pdxlinux.org >> > >>> > > > >>>> PLUG mailing list >> > >>> > > > >>>> [email protected] >> > >>> > > > >>>> http://lists.pdxlinux.org/mailman/listinfo/plug >> > >>> > > > >>>> >> > >>> > > > >>> >> > >>> > > > >>> >> > >>> > > > >>> -- >> > >>> > > > >>> >> > >>> > > > >>> Chuck Hast -- KP4DJT -- >> > >>> > > > >>> I can do all things through Christ which strengtheneth me. >> > >>> > > > >>> Ph 4:13 KJV >> > >>> > > > >>> Todo lo puedo en Cristo que me fortalece. >> > >>> > > > >>> Fil 4:13 RVR1960 >> > >>> > > > >>> >> > >>> > > > >>> >> > >>> > > > >> >> > >>> > > > >> -- >> > >>> > > > >> >> > >>> > > > >> Chuck Hast -- KP4DJT -- >> > >>> > > > >> I can do all things through Christ which strengtheneth me. >> > >>> > > > >> Ph 4:13 KJV >> > >>> > > > >> Todo lo puedo en Cristo que me fortalece. >> > >>> > > > >> Fil 4:13 RVR1960 >> > >>> > > > >> >> > >>> > > > >> >> > >>> > > > > >> > >>> > > > > -- >> > >>> > > > > >> > >>> > > > > Chuck Hast -- KP4DJT -- >> > >>> > > > > I can do all things through Christ which strengtheneth me. >> > >>> > > > > Ph 4:13 KJV >> > >>> > > > > Todo lo puedo en Cristo que me fortalece. >> > >>> > > > > Fil 4:13 RVR1960 >> > >>> > > > > >> > >>> > > > > >> > >>> > > > >> > >>> > > > -- >> > >>> > > > >> > >>> > > > Chuck Hast -- KP4DJT -- >> > >>> > > > I can do all things through Christ which strengtheneth me. >> > >>> > > > Ph 4:13 KJV >> > >>> > > > Todo lo puedo en Cristo que me fortalece. >> > >>> > > > Fil 4:13 RVR1960 >> > >>> > > > _______________________________________________ >> > >>> > > > PLUG: https://pdxlinux.org >> > >>> > > > PLUG mailing list >> > >>> > > > [email protected] >> > >>> > > > http://lists.pdxlinux.org/mailman/listinfo/plug >> > >>> > > > >> > >>> > > _______________________________________________ >> > >>> > > PLUG: https://pdxlinux.org >> > >>> > > PLUG mailing list >> > >>> > > [email protected] >> > >>> > > http://lists.pdxlinux.org/mailman/listinfo/plug >> > >>> > > >> > >>> > >> > >>> > >> > >>> > -- >> > >>> > >> > >>> > Chuck Hast -- KP4DJT -- >> > >>> > I can do all things through Christ which strengtheneth me. >> > >>> > Ph 4:13 KJV >> > >>> > Todo lo puedo en Cristo que me fortalece. >> > >>> > Fil 4:13 RVR1960 >> > >>> > _______________________________________________ >> > >>> > PLUG: https://pdxlinux.org >> > >>> > PLUG mailing list >> > >>> > [email protected] >> > >>> > http://lists.pdxlinux.org/mailman/listinfo/plug >> > >>> > >> > >>> _______________________________________________ >> > >>> PLUG: https://pdxlinux.org >> > >>> PLUG mailing list >> > >>> [email protected] >> > >>> http://lists.pdxlinux.org/mailman/listinfo/plug >> > >>> >> > >> >> > >> >> > >> -- >> > >> >> > >> Chuck Hast -- KP4DJT -- >> > >> I can do all things through Christ which strengtheneth me. >> > >> Ph 4:13 KJV >> > >> Todo lo puedo en Cristo que me fortalece. >> > >> Fil 4:13 RVR1960 >> > >> >> > >> >> > > >> > > -- >> > > >> > > Chuck Hast -- KP4DJT -- >> > > I can do all things through Christ which strengtheneth me. >> > > Ph 4:13 KJV >> > > Todo lo puedo en Cristo que me fortalece. >> > > Fil 4:13 RVR1960 >> > > >> > > >> > >> > -- >> > >> > Chuck Hast -- KP4DJT -- >> > I can do all things through Christ which strengtheneth me. >> > Ph 4:13 KJV >> > Todo lo puedo en Cristo que me fortalece. >> > Fil 4:13 RVR1960 >> > _______________________________________________ >> > PLUG: https://pdxlinux.org >> > PLUG mailing list >> > [email protected] >> > http://lists.pdxlinux.org/mailman/listinfo/plug >> > >> _______________________________________________ >> PLUG: https://pdxlinux.org >> PLUG mailing list >> [email protected] >> http://lists.pdxlinux.org/mailman/listinfo/plug >> > > > -- > > Chuck Hast -- KP4DJT -- > I can do all things through Christ which strengtheneth me. > Ph 4:13 KJV > Todo lo puedo en Cristo que me fortalece. > Fil 4:13 RVR1960 > > -- Chuck Hast -- KP4DJT -- I can do all things through Christ which strengtheneth me. Ph 4:13 KJV Todo lo puedo en Cristo que me fortalece. Fil 4:13 RVR1960 _______________________________________________ PLUG: https://pdxlinux.org PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
