Found the guide for the GUI. Now to see if it can show me how to get SSH working so I can get to the CLI. https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbss/sf20x_sg20x/administration_guide/Cisco_200Sx_v1_4_AG.pdf
On Wed, Sep 9, 2020 at 10:48 PM Chuck Hast <wch...@gmail.com> wrote: > Well the switches in question are at a remote site but > I have another one of those switches here at home so > I am getting it brought up to date and then will go after > it. It is presently at factory so there is nothing that I have > added to it but to upgrade the boot/firmware. At this > moment I am stuffing the latest and greatest into it, > then I am going to see if I can conquer the SSH thing. > It is SUPPOSED to have a SSH server on board but > so far I have not seen it. I see the client side but not > the server side. But yet there is the CLI command list > and I see comments about a box to be checked to > enable the SSH server, (have yet to see said box). > So I shall start with this one and get it going then I > will use it as my reference with the other two. > > > On Wed, Sep 9, 2020 at 10:25 PM Mike C. <mconno...@gmail.com> wrote: > >> At this point, it prolly makes more sense to just factory reset the switch >> and then just put all the camera ports in vlan 20 and then tag port 50 as >> a >> member of vlan 20. >> >> I'm not sure how old this OS is but when Cisco and other vendors first >> started rolling out their GUIs, it wasn't uncommon for folks to get >> confused while provisioning, troubleshooting and even for config files >> being corrupted. >> >> So, it's just force of habit for me to look at the actual running config. >> >> I hope this helps you get this all sorted out soon. >> >> On Wed, Sep 9, 2020 at 6:30 PM Chuck Hast <wch...@gmail.com> wrote: >> >> > Mike, >> > I have done all of the upgrades to those switches in order to >> > obtain the coveted CLI access (there is no console port, but >> > according to the docs there should now be a SSH server on >> > the device with the upgrades to the latest code but so far no >> > joy. I will go over all of that and figure out how to translate it >> > to the GUI, and do it that way. Or figure out what is missing >> > to SSH into the box. According to some of the documentation >> > after I did the upgrade to 14.x there should be a ssh server >> > box to tick in order to activate it but so far no joy. >> > >> > See my comments below regarding your observations: >> > >> > On Tue, Sep 8, 2020 at 7:54 PM Mike C. <mconno...@gmail.com> wrote: >> > >> > > Thanks Chuck, >> > > >> > > I did quite a bit of reading and although this configuration should >> work, >> > > it's outside of norms / best practices. >> > > >> > > The way I was taught and always configured vlans is that by default >> all >> > > ports and packets are untagged and are in the default vlan. Which is >> > vlan 1 >> > > for Cisco.Then tag ports with the vlan you want them to be a part of. >> > > >> > > Your configuration is the exact opposite. You've tagged the default >> vlan >> > 1 >> > > on the trunk and left vlan 20 untagged >> > > >> > > Wow, I thought I was tagging the ports for VLAN 20 based on what I see >> > on the GUI. I will go back into it and see what I have screwed up. >> > >> > >> > > switchport trunk native vlan 20 >> > > switchport default-vlan tagged . >> > > >> > >> > This should be reversed. I was of the idea (based on what I see on the >> > GUI) that VLAN 1 was the default and administrative and it was not >> > tagged... >> > >> > > >> > > The switchport default-vlan tagged command is to provide backward >> > > compatibility support for devices that don't support 802.1 Q vlan >> tags. >> > In >> > > effect, the port functions in both access & trunk mode at the same >> time. >> > > >> > > But your switches are vlan aware, so this config is unnecessary and I >> > think >> > > the cause of your problems. >> > > >> > >> > I shall look into it and figure out how to get rid of it from the GUI >> if I >> > cannot >> > figure out why it does not allow a SSH server to run. >> > >> > > >> > > What I recommend trying is disabling the switchport default-vlan >> tagged >> > > .w. "no switchport default-vlan tagged" command or GUI. >> > > >> > > And the removing the native vlan 20 on the trunk with the "no >> switchport >> > > trunk native vlan 20" comand. >> > > >> > > This will set the default and the native vlan that was set to vlan 20 >> > both >> > > to vlan 1. >> > > >> > >> > I wonder if I would not be faster to just set the switch to factory and >> > then >> > go in and and set up the VLAN 20 ports. >> > >> > After reset all of the ports of course are on VLAN 1. I was thinking >> that I >> > was moving the camera ports to VLAN 20. >> > >> > > >> > > Then run the command "switchport mode trunk allow vlan 20" which will >> > make >> > > the trunk port also a member of vlan 20 and will pass tagged packets >> from >> > > the camera ports that are only members of vlan 20. >> > > >> > >> > I have got to figure out how to get to a CLI... >> > >> > > >> > > Then change the camera ports from general to access. Those ports will >> > only >> > > be a member of 1 vlan and that is the pvid vlan 20. The port will >> accept >> > > both untagged and tagged packets from the cameras and only send >> untagged >> > > packets to the cameras. >> > > >> > > I will get those ports changed and see how that goes. Thank you again >> for >> > the guidance. >> > >> > >> > > That should do the trick for you. >> > > >> > > Here's a link to the CLI reference for your switch, >> > > >> > > >> > >> https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbss/sf200e/command_line_reference/OL-22850.pdf >> > > >> > > As this is a more standard way of configuring vlans, this is the best >> > > config to start with. Let's see what this gets you. >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > On Sun, Sep 6, 2020 at 9:39 AM Chuck Hast <wch...@gmail.com> wrote: >> > > >> > > > Mike, >> > > > I finally got the switches to give up the config files. Getting >> these >> > > > things from firmware 1.2 to 1.4.11 took 4 firmware upgrades and >> > > > 1 boot upgrade. Below is the url to the switch config files >> > > > * >> > > > >> > > >> > >> http://www.fileconvoy.com/dfl.php?id=g440c3055c46aeeae1000279093dea129f9edbcfc24 >> > > > < >> > > > >> > > >> > >> http://www.fileconvoy.com/dfl.php?id=g440c3055c46aeeae1000279093dea129f9edbcfc24 >> > > > >* >> > > > >> > > > >> > > > On Sun, Aug 30, 2020 at 10:16 AM Chuck Hast <wch...@gmail.com> >> wrote: >> > > > >> > > > > Well, I have been trying to get a backup file out of this so I can >> > > > > send it to you, but so far when I try to do http/https backup it >> > > > > fails the only thing is I get a network error, and if I look in >> the >> > > > > switch logs, it says it cannot find the file. >> > > > > >> > > > > I have a SG300-28 at home, it was never this cantankerous, >> > > > > I can do file backups and uploads to it with no issues whatsoever. >> > > > > >> > > > > They must have cut some major corners somewhere with these >> > > > > switches. >> > > > > >> > > > > >> > > > > On Sun, Aug 23, 2020 at 11:30 AM Chuck Hast <wch...@gmail.com> >> > wrote: >> > > > > >> > > > >> Well, I went to pull the backed up config files out of both >> switches >> > > > >> and got a "network failure." I setup a tftp server on my >> > > > >> laptop and tried to go that way and got a "file not found" error. >> > > > >> >> > > > >> Appears that I have to upgrade to a later rev of the >> firmware/boot >> > > > >> file. Both switches are presently at Rev 1.2.9.44, which has no >> > > > >> ssh, and appears that it "likes" some old version of i.e. So >> perhaps >> > > > >> doing that upgrade will take care of these issues. Who knows. >> > > > >> Once I do the upgrades I will let you know what happens, if it >> still >> > > > >> does not want to pass the vlan 20 to switch 02 I will pull the >> > > > >> config file and send it. This rev level has NO CLI whatsoever, >> > > > >> but it is installed in one of the later revs, got to get to that. >> > > > >> >> > > > >> >> > > > >> On Mon, Aug 17, 2020 at 11:38 PM Chuck Hast <wch...@gmail.com> >> > wrote: >> > > > >> >> > > > >>> Let me get you the config files, let us not break our heads on >> it >> > > > >>> until you can look at them. I know on the web screens I set up >> > > > >>> port 50 to have vlan 20 tagged on both ends. In my megre work >> > > > >>> in this area, it seems that I always did the same thing, the >> link >> > > > >>> carrying the camera VLAN went on a separate path to keep >> > > > >>> possible latence down due to competition for the link path. >> > > > >>> >> > > > >>> This is the same case the cameras are on VLAN 20, it is a >> > > > >>> total network island because the stinking cameras call home, >> > > > >>> and the best way to avoid it is just to put them on and island >> > > > >>> network. This is the first time I can recall having this issue. >> in >> > > > >>> the past I just tagged the two ends of the link and my video >> > > > >>> data went that direction. All the rest went with VLAN 1 on >> > > > >>> the other link. >> > > > >>> >> > > > >>> On Mon, Aug 17, 2020 at 4:15 AM Mike C. <mconno...@gmail.com> >> > wrote: >> > > > >>> >> > > > >>>> > >> > > > >>>> > That is what I was thinking based on the other Cisco doc I >> read >> > > all >> > > > I >> > > > >>>> need >> > > > >>>> > to do is set both of the two fibre links up as trunks and it >> > > should >> > > > >>>> work, >> > > > >>>> > but there is another one that also said the part about >> tagging. >> > I >> > > > >>>> have VLAN >> > > > >>>> > 20 (the VLANS are 1, 10 and 20) on port 50 on both ends, I >> have >> > > also >> > > > >>>> removed >> > > > >>>> > it but still no joy.\ >> > > > >>>> >> > > > >>>> >> > > > >>>> Just to be clear, with port based vlans, which is what you >> have, a >> > > > port >> > > > >>>> can >> > > > >>>> only belong to 1 untagged vlan. So when you have a port set to >> > > > untagged >> > > > >>>> w. >> > > > >>>> the pvid set, then that port will only be in the default / >> native >> > > > vlan, >> > > > >>>> which is VLAN 1 on most network equipment vendors. This is >> often >> > > used >> > > > as >> > > > >>>> the management vlan. >> > > > >>>> >> > > > >>>> However, you can only have 1 untagged vlan per port. Any other >> > vlans >> > > > you >> > > > >>>> want that port to handle must be tagged. Otherwise, all those >> > > packets >> > > > >>>> will >> > > > >>>> be treated as they're part of the default / native vlan. >> > > > >>>> >> > > > >>>> Which seems to be what you have configured. VLAN 1 untagged >> pvid >> > on >> > > > P49 >> > > > >>>> and >> > > > >>>> VLAN 20 untagged pvid on P50 on both switches. >> > > > >>>> >> > > > >>>> And that makes me reconsider my earlier statement: >> > > > >>>> >> > > > >>>> Switch B >> > > > >>>> > >> > > > >>>> > 49 GE49 Enabled Disabled STP Root 20000 128 Forwarding >> > > > >>>> > 32768-f0:29:29:f5:43:bd 128-97 0 1 >> > > > >>>> > 50 GE50 Enabled Disabled STP Alternate 20000 128 Discarding >> > > > >>>> > 32768-f0:29:29:f5:43:bd 128-98 0 0 >> > > > >>>> > This one says discarding for port 50, so suspect that is the >> > > issue. >> > > > >>>> > >> > > > >>>> >> > > > >>>> Normally, the way this is designed and configured when there's >> > > > multiple >> > > > >>>> uplinks is to create a LAG or MLT, a trunk group that carries >> all >> > > > VLANs. >> > > > >>>> This provides more bandwidth and failover redundancy. >> > > > >>>> >> > > > >>>> But you haven't said anything about a LAG configuration and if >> you >> > > > don't >> > > > >>>> have any traffic traversing P50, if memory serves until you >> take >> > the >> > > > >>>> fibre >> > > > >>>> link down on P49. Is that correct? >> > > > >>>> >> > > > >>>> Therefore, if you want this to work you will have to tag vlan >> 10, >> > 20 >> > > > on >> > > > >>>> port 49 and port 50 and you will have only 1 active uplink over >> > > which >> > > > >>>> all >> > > > >>>> VLANs traverse. >> > > > >>>> >> > > > >>>> Then in the event of a failure of the active uplink, Spanning >> Tree >> > > > will >> > > > >>>> reconfigure and use P50. >> > > > >>>> >> > > > >>>> Does that make sense at all? This is difficult to troubleshoot >> and >> > > > >>>> explain >> > > > >>>> over email without the configs. >> > > > >>>> _______________________________________________ >> > > > >>>> PLUG: https://pdxlinux.org >> > > > >>>> PLUG mailing list >> > > > >>>> PLUG@pdxlinux.org >> > > > >>>> http://lists.pdxlinux.org/mailman/listinfo/plug >> > > > >>>> >> > > > >>> >> > > > >>> >> > > > >>> -- >> > > > >>> >> > > > >>> Chuck Hast -- KP4DJT -- >> > > > >>> I can do all things through Christ which strengtheneth me. >> > > > >>> Ph 4:13 KJV >> > > > >>> Todo lo puedo en Cristo que me fortalece. >> > > > >>> Fil 4:13 RVR1960 >> > > > >>> >> > > > >>> >> > > > >> >> > > > >> -- >> > > > >> >> > > > >> Chuck Hast -- KP4DJT -- >> > > > >> I can do all things through Christ which strengtheneth me. >> > > > >> Ph 4:13 KJV >> > > > >> Todo lo puedo en Cristo que me fortalece. >> > > > >> Fil 4:13 RVR1960 >> > > > >> >> > > > >> >> > > > > >> > > > > -- >> > > > > >> > > > > Chuck Hast -- KP4DJT -- >> > > > > I can do all things through Christ which strengtheneth me. >> > > > > Ph 4:13 KJV >> > > > > Todo lo puedo en Cristo que me fortalece. >> > > > > Fil 4:13 RVR1960 >> > > > > >> > > > > >> > > > >> > > > -- >> > > > >> > > > Chuck Hast -- KP4DJT -- >> > > > I can do all things through Christ which strengtheneth me. >> > > > Ph 4:13 KJV >> > > > Todo lo puedo en Cristo que me fortalece. >> > > > Fil 4:13 RVR1960 >> > > > _______________________________________________ >> > > > PLUG: https://pdxlinux.org >> > > > PLUG mailing list >> > > > PLUG@pdxlinux.org >> > > > http://lists.pdxlinux.org/mailman/listinfo/plug >> > > > >> > > _______________________________________________ >> > > PLUG: https://pdxlinux.org >> > > PLUG mailing list >> > > PLUG@pdxlinux.org >> > > http://lists.pdxlinux.org/mailman/listinfo/plug >> > > >> > >> > >> > -- >> > >> > Chuck Hast -- KP4DJT -- >> > I can do all things through Christ which strengtheneth me. >> > Ph 4:13 KJV >> > Todo lo puedo en Cristo que me fortalece. >> > Fil 4:13 RVR1960 >> > _______________________________________________ >> > PLUG: https://pdxlinux.org >> > PLUG mailing list >> > PLUG@pdxlinux.org >> > http://lists.pdxlinux.org/mailman/listinfo/plug >> > >> _______________________________________________ >> PLUG: https://pdxlinux.org >> PLUG mailing list >> PLUG@pdxlinux.org >> http://lists.pdxlinux.org/mailman/listinfo/plug >> > > > -- > > Chuck Hast -- KP4DJT -- > I can do all things through Christ which strengtheneth me. > Ph 4:13 KJV > Todo lo puedo en Cristo que me fortalece. > Fil 4:13 RVR1960 > > -- Chuck Hast -- KP4DJT -- I can do all things through Christ which strengtheneth me. Ph 4:13 KJV Todo lo puedo en Cristo que me fortalece. Fil 4:13 RVR1960 _______________________________________________ PLUG: https://pdxlinux.org PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
