MadClownCisco Storage Area Networking Operating System (SAN-OS) Software
MadClownsystem compile time: 5/22/2007
MadClownkernel uptime is 207 days 3 hours 56 minute(s) 16 second(s)
Claude__Can somebody help me get my Switch to route my vlans through my router?
no_sleepyou must create a sub-interface
no_sleepinterface <g/f>.<vlan>
Claude__Ok, Like a port-channel?
no_sleepencapsulation dot1q <vlan>
no_sleepdo you want a sample config?
Claude__Yes please
Claude__The router will not take the comands
Claude__Its a 870 with only Fastethernet but it does not have the option of encapsulation
Atrono_sleep: you cant create subinterfaces on all routers
AtroClaude__: make the same config as on the switch
AtroClaude__: the core concepts are : make vlan (vlan <id>) then on interfaces you do "switchport mode trunk"
Atrothen if you wanna trunk only specific stuff , you do switchport trunk allowed vlan x
no_sleeplol ok
Claude__Wow... Not enough space on flsh to store vlan databases
no_sleepthose ISR routers can do their own switching
no_sleeplol I did not see the router model before commenting @Atro
Claude__Deleted an old file and it saved it
Claude__Ok my PC's Gateway is set to Vlan 1 on the switch it responds Destination host unreachable
pffsnothing like a 6 hour change that you only have to do anything in the first 3 minutes of
pffsbut who knows, if we roll back I have to be there
Eterispffs: Yep, had that fun before
Whitor_Anyone have experience working with Extreme switches interfacing with Cisco switches? I'm having trouble with an Extreme X440 and a 2960. I can ping the X440 but I can't ping devices attached to it. (but from those I can ping the 440 as well. Honestly I think this is an X440 problem, but I'm not familiar with an EXOS IRC channel. Do any of you have any clues? Everyone is in the default vlan.
Whitor_Expensive switch, that won't switch. : )
Whitor_Your packets die here! tread carefully!
Whitor_I'm not even with the equipment... (Saturday and all) But I thought I'd just put it out there and see if anyone had any thoughts.
xousWhitor_: Purple Packet Eaters!
xousyou likely have frames getting tagged incorrectly
xousthe first thing I'd suggest is verifying you have a trunk configured correctly between the switches
xousthen verify each switch is tagging the frames correctly
Whitor_Switches can ping each other.. and trunking is setup on the cisco side. (trunking all vlans atm)
xousthat only means one vlan is passing
xoushave you confirmed the native vlan is the same on both sides?
Whitor_exos has a 'different' way of setting up trunks. there is no trunk or access mode explicit settings.
Whitor_Native vlan is 1 and I've hard set it on both sides with no effect. I know this is an extreme issue... two machines attached to the same switch with static ips each, can ping the switch, but not each other. /sigh
xouswhat vlan is your SVI in on the extreme?
Whitor_1 afaik. I'm not with the unit right now... so I'm just looking for thoughts / conversation.
xouswhat vlan is your SVI in on the cisco?
Whitor_default (1) But I know cisco doesn't tag default vlan packets.
xousis vlan 1 configured as untagged on the trunk port?
xouson the extreme?
Whitor_but I don't think this is a cisco <-> x440 issue... I think it's just an x440 issue
xousit's a configuration issue
Whitor_but I don't kow of an extreme specific channel... thought about voicing this in #networking too
xousyou can have the cisco accept tagged native frames if you want
xousso how is the interface on the extreme side of the trunk configured
xousis vlan 1 tagged or untagged
Whitor_the switch itself can ping through to any remote lan or vlan on the oterside... Clients on the X440 can't ping each other. (or stuff on the otherside... but I think that is somewhat irrelevant)
xouspastebin the configs
Whitor_yeah. Oh well. I agree, its a configuration issue. : )
Whitor_no worries. I'll get it. just need more time with it.
Syncopixclients on the x440 can't ping each other... in different vlans i assume?
Whitor_Thanks for the chat!
xousmost likely you've created a situation where the vlan tagging is asyymetric
Whitor_Syncopix, lol, no same vlan. default.
Syncopixso the fact there's a cisco switch in the topology is actualy a mute point :)
Whitor_Added to the unknowns, is that this switch was handed to me after one of our techs handed it to me and said, my attempts failed... you try. Oh,and I don't remember everything I did...
Whitor_ok that was poor english.
Syncopixnever worked on extreme so i'm not help to you! but all i can offer is starting at layer 2 - when you ping B from A, does A get an ARP entry for B?
Syncopix...and that's all i have! sorry :)
Whitor_Still thanks... I was hoping for someone to say "Oh! this happens all the time... It's this - ... " but I think I really need to be with the units to have a valuable conversation.
Whitor_Syncopix, Yeah, I've got wireshark ready to examine... But I think it is simpler than that. The packets aren't making it across the switch, but they are making it to the switch... On both sides! ha!
Whitor_We just need it to act like a dumb sg300
SyncopixWhitor_: good luck! sounds like it'll be a facepalm moment when you figure it out.
Whitor_Syncopix, yeah! I can't wait. I love those moments.
Whitor_thanks again
Whitor_xous, ty too
Whitor_ACTION afk
OnionnionCisco be like, "we're going to relabel acl port 80 to www and not http but not bother with port 22 to ssh"
MadClowntrying to configure SAN-OS and tacacs+ is proving fun
zapotahfun as in "sawing my own leg off with a hacksaw and enjoying it" kind of fun?
MadClownyeah, that would be a fairly accurate statement
MadClownit's essentially pre NX-OS, so I'm hoping it will be similar
zapotahit bears some similarity
zapotahthe san config side is the same-ish, the rest, not so much
MadClownzapotah: the aaa configuration looks very similar, but for reason it isn't digging the NX-OS attrribute of shell:roles*"network-admin vdc-admin" which works fine with our Nexus gear
MadClowngranted, vdc-admin doesn't exist
MadClownwonder if I need to create a new attribute without vdc-admin and create a new device group of SAN-OS
MadClownI've already tried opening a TAC case and they responded with "upgrade your shit, fool"
zapotahi remember the radius attribute was different for that
zapotahand there is a document for that
MadClownthis is tacacs and ACS so they might be different
zapotahwell, good luck
MadClownthanks :)
zapotahpretty sure the tacacs attributes are also documented
MadClownthey are for NX-OS
zapotahoh well
wonder if I need to create a new attribute without vdc-admin and create a new device group of SAN-OS
MadClownthat worked
MadClownfuck yeah
zapotahyou do
zapotahi couldve told you that from the get-go
zapotahits the same with ISE
MadClownSAN-OS didn't like vdc-admin
zapotahid imagine it doesnt like a lot of things
MadClownI generally don't fuck around with ACS or ISE
MadClownthe dude is on PTO
zapotahyou could though limit the returned attributes and whatnot with other groupings besides device groups
MadClownPaid Time Off
zapotahACS is even more of a pita than ISE imho
MadClownI hope to never touch any of this again
zapotahwith the whole two days of experience i have with it
zapotahISE is tolerable once you get into it
zapotahmakes somewhat of sense
zapotahACS, not so much
zapotahwell, 2.x anyway
zapotahbut god forbid if the upgrades arent buggy AF
MadClownI think ACS was created by a misanthropic cult
MadClownprobably the same dudes who made PIX/ASA
zapotahcould very well be
zapotahthe new cisco application framework that the current apic and whatnot are built on is not much better
zapotahits built not so much efficiently, but as to how to effectively monitor license usage
zapotahCisco application hosting framework
zapotahthats the monstrosity
zapotahthe current version is based on centos 7
zapotahbut as someone said elsewhere, cisco seems to have stopped to be a technology company and has become instead a profit company
zapotahbusiness clowns and lawyers have taken over the directorial roles everywhere
zapotaheven as CTOs
zapotahhow does that even work
zapotahim fucking ashamed to work for a major regional VAR at this point
zapotahand trying to not bash our largest vendor at every turn because their shit is shit
MadClownit doesn't really work
zapotahthe only product line i can vouch for at this point is UCS and nexus (for the converged infra point of view) and even that advantage is diminishing every day
zapotah3650 and 3850 switches have some cool shit, but thats about it
zapotahthe denali and everest softwares are still buggy