Messages

1

General Discussion / Re: I Set Up A VLAN But Can't Ping Systems On It

« on: December 28, 2023, 12:09:58 am »

Yeah when I graduate to big boy hardware I want to get away from Cisco, a lot of smart people seem to complain about it, this is just a cheapo used switch for learning purposes.

I'm extremely happy to have it all working, and now i can play around with things and learn all the little nuances. I'm taking a break for a day or two though as you suggest. Next I plan to try implementing LAGG stuff you mentioned, some intrusion prevention/detection stuff, WireGuard, the list goes on, it's all very fun. :p

Thanks for putting up with my insane levels of confusion here. Hugely appreciated.

2

General Discussion / Re: I Set Up A VLAN But Can't Ping Systems On It

« on: December 27, 2023, 11:47:24 pm »

Essentially... Everything you sent was correct but that old switch was not passing all the VLANs in the trunk to the AP. It has this default behaviour of only passing VLANs that meet both the following conditions:

1) There is a physical switch port, other than trunk, associated with the VLAN in question.
2) A device has already been successfully connected to this port.

Before 1, wireless connection to the VLAN fails, after 1 wireless connection to the VLAN succeeds but with not internet access, after 2 everything works.

3

General Discussion / Re: I Set Up A VLAN But Can't Ping Systems On It

« on: December 26, 2023, 08:28:02 am »

I managed to get it working!

I figured I should mention this so you don't return after holiday then put in more time when it's been resolved. I can explain what the issues were, if that's of interest, was a problem with the guest network and with my switch, not with your code. The help in this thread was very awesome and gave me a lot of insight without which I'd probably not have resolved it. Thank you so much for all the time and effort, really appreciated.

4

General Discussion / Re: I Set Up A VLAN But Can't Ping Systems On It

« on: December 22, 2023, 03:52:54 am »

Your probably still default to DHCP which explains previous errors you posted

I didn't know nmcli defaulted to DHCP. I modified the connection to use manual and now the error message is gone and I can see the connection is up. But i still can't ping 192.168.2.1 from the laptop or reach the GUI.

After reboot connect via WIRELESS, that's the whole point, you can do everything from here now (if you fix your client wifi), so also checking if the WIRED is working. Only THEN we switch back from WIRELESS to WIRED, first the validation...

Right, understood now. Do all tests on wireless management interface, then switch to wired only when that is all working. Fall back to wireless if anything breaks.

Can you also post the output of your bridges after boot, something like this:

Sure. Keep in mind, I still have not configured the VLANs. The two config files have not been touched since I last posted them, but only /etc/config/wireless is exactly like yours (except for radio0 which is now the same as the default radio0 settings for my device). My /etc/config/network is just the default, but with WiFi-MGMT added:

Code: [Select]

root@OpenWrt:~# brctl show
bridge name bridge id STP enabled interfaces
br-lan 7fff.c0c9e35dcfca no eth0.1

/etc/config/network:

Code: [Select]

interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'REDACTED'

config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'

config interface 'lan'
option device 'br-lan'
option proto 'static'
option ip6assign '60'
list ipaddr '10.0.7.2/24'
list ipaddr '192.168.1.1/24'
option gateway '10.0.7.1'

config device
option name 'eth0.2'
option macaddr 'REDACTED'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'

config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'

config interface 'WiFi_MGMT'
option device 'phy0-ap3'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option defaultroute '0'
option delegate '0'

/etc/config/wireless

Code: [Select]

config wifi-device 'radio0'
option type 'mac80211'
option path 'pci0000:00/0000:00:00.0'
option channel '36'
option band '5g'
option htmode 'VHT80'

config wifi-device 'radio1'
option type 'mac80211'
option path 'pci0000:00/0000:00:00.0'
option band '5g'
option country 'US'
option channel 'auto'
option htmode 'HT20'
option cell_density '0'

config wifi-iface 'wifinet0'
option device 'radio0'
option mode 'ap'
option ssid 'WiFi 1'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan4'

config wifi-iface 'wifinet1'
option device 'radio0'
option mode 'ap'
option ssid 'WiFi 2'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan5'

config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid 'WiFi 3'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan6'

config wifi-iface 'wifinet3'
option device 'radio0'
option mode 'ap'
option ssid 'WiFi-MGMT'
option encryption 'sae'
option key 'Very Secret'

config wifi-iface 'wifinet4'
option device 'radio1'
option mode 'ap'
option ssid 'WiFi 1'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan4'

config wifi-iface 'wifinet5'
option device 'radio1'
option mode 'ap'
option ssid 'WiFi 2'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan5'

config wifi-iface 'wifinet6'
option device 'radio1'
option mode 'ap'
option ssid 'WiFi 3'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan6'

config wifi-device 'radio2'
option type 'mac80211'
option path 'platform/ahb/18100000.wmac'
option channel '1'
option band '2g'
option htmode 'HT20'
option disabled '1'

config wifi-iface 'default_radio2'
option device 'radio2'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'


5

General Discussion / Re: I Set Up A VLAN But Can't Ping Systems On It

« on: December 22, 2023, 02:18:02 am »

I understand everything you said there. With my laptop connected to WiFi-MGMT, I will connect over SSH and copy/paste the exact changes you just gave to /etc/config/network for the WIRED interface, reboot, then connect VIA WIRED and try pinging WIRED from OPNsense and vice versa, then report back.

Before I can do that, as far as i can tell, I still have to fix the WiFi-MGMT connection problem I mentioned in my prior comments though. This is what happens:

On laptop, I scan with "nmcli devices wifi list" -> I see WiFi-MGMT -> I try to connect with "nmcli device wifi connect WiFi-MGMT password "Very Secret"" -> I see in OpenWrt Wireless Devices GUI area my laptop MAC, with host as "?" (pictured) -> I get "Error: Connection failed: IP configuration could not be reserved (no available address, timeout, etc)." on laptop.

This is with all config files same as last time I showed them.

6

General Discussion / Re: I Set Up A VLAN But Can't Ping Systems On It

« on: December 21, 2023, 09:36:08 pm »

I have been experimenting some more and I think I was confused in my prior reply (as is probably the case with all my replies..)

I can see my laptop's mac adderss show up in the Wireless Overview in OpenWrt and in the DHCPv4 leases in OPNsense now. Pictures included, code still same. I'm still getting the same message in the command line though on my laptop which says it can't connect. I have set the IP on my laptop appropriately before trying to connect.

7

General Discussion / Re: I Set Up A VLAN But Can't Ping Systems On It

« on: December 21, 2023, 03:27:43 am »

Use the radio config from your default /etc/config/wireless after factory reset, most options are generic (like country code). But the path to the WiFi device may vary with different models.

Ok, I've added it.

- Can you connect (associate) to the SSID / Wireless Network (Can be checked at the status overview in the OpenWRT web gui)

I can't see anything (photos included).

- Do you receive an IP address (Check the DHCP Service Log @ OPNsense if request are received)

No.

/etc/config/network:

Code: [Select]

config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'REDACTED'

config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'

config interface 'lan'
option device 'br-lan'
option proto 'static'
option ip6assign '60'
list ipaddr '10.0.7.2/24'
list ipaddr '192.168.1.1/24'
option gateway '10.0.7.1'

config device
option name 'eth0.2'
option macaddr 'REDACTED'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'

config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'

config interface 'WiFi_MGMT'
option device 'phy0-ap3'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option defaultroute '0'
option delegate '0'

/etc/config/wireless (same as before, but with radio changed to be like in default wireless config):

Code: [Select]

config wifi-device 'radio0'
option type 'mac80211'
option path 'pci0000:00/0000:00:00.0'
option channel '36'
option band '5g'
option htmode 'VHT80'

config wifi-device 'radio1'
option type 'mac80211'
option path 'pci0000:00/0000:00:00.0'
option band '5g'
option country 'US'
option channel 'auto'
option htmode 'HT20'
option cell_density '0'

config wifi-iface 'wifinet0'
option device 'radio0'
option mode 'ap'
option ssid 'WiFi 1'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan4'

config wifi-iface 'wifinet1'
option device 'radio0'
option mode 'ap'
option ssid 'WiFi 2'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan5'

config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid 'WiFi 3'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan6'

config wifi-iface 'wifinet3'
option device 'radio0'
option mode 'ap'
option ssid 'WiFi-MGMT'
option encryption 'sae'
option key 'Very Secret'

config wifi-iface 'wifinet4'
option device 'radio1'
option mode 'ap'
option ssid 'WiFi 1'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan4'

config wifi-iface 'wifinet5'
option device 'radio1'
option mode 'ap'
option ssid 'WiFi 2'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan5'

config wifi-iface 'wifinet6'
option device 'radio1'
option mode 'ap'
option ssid 'WiFi 3'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan6'

config wifi-device 'radio2'
option type 'mac80211'
option path 'platform/ahb/18100000.wmac'
option channel '1'
option band '2g'
option htmode 'HT20'
option disabled '1'

config wifi-iface 'default_radio2'
option device 'radio2'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'

/etc/config/wireless-OLD (the one it gives after factory reset, not currently active on system, just showing for reference so you can see original radio0):

Code: [Select]

config wifi-device 'radio0'
option type 'mac80211'
option path 'pci0000:00/0000:00:00.0'
option channel '36'
option band '5g'
option htmode 'VHT80'
option disabled '1'

config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'

config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/ahb/18100000.wmac'
option channel '1'
option band '2g'
option htmode 'HT20'
option disabled '1'

config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'


8

General Discussion / Re: I Set Up A VLAN But Can't Ping Systems On It

« on: December 21, 2023, 02:02:09 am »

Exactly! I assumed your "current" state of config, but if you're back to my wireless config it's the fourth SSID, so phy-ap3.

Ok good!

If your Wireless Management is working now...

It's not quite working. It's working in the sense that it is visible when I scan with my laptop. But it's not working in the sense that if I try to connect to it with the standard command "nmcli device wifi connect WiFi-MGMT password "Very Secret"" I get an error which says "ERROR: connection activation failed: IP configuration could not be resolved (no available address, timeout, etc)".

EDIT: I can change the country to CA since I'm in Canada, but I'm not sure how to determine the correct path.

Files currently unchanged from last post.

9

General Discussion / Re: I Set Up A VLAN But Can't Ping Systems On It

« on: December 21, 2023, 01:36:44 am »

You've explained your familiar with text editors (like VI), so it really suprises me if...

Even a single point, collon, hash or whatever can completly f*ck up your config...

It's not that I have any trouble with the editor or that I don't understand how even a slight difference in a config file, like a tab instead of a space, can mess things up. I've been programming for around 4 years, I understand these types of things for sure. The problem is I'm having trouble understanding what I'm trying to do here, which is 100% my fault. Right now I have directly copied your /etc/config/wireless. But I can't directly copy your /etc/config/network, because that will cause me to lose connectivity so although /etc/config/wireless is exactly like yours /etc/config/network is not. /etc/config/network is basically just the default after factory reset, but I've now added a section for the WiFi management interface. I think the correct thing to do for device is phy0-ap3, because WiFi-MGMT is the fourth SSID in the list under radio0 (picture included). Currently, when I scan on my laptop, I see WiFi 1, WiFi 2, WiFi 3, and WiFi-MGMT. Though I can't connect to WiFI-MGMT. I assume I need to do more to make /etc/config/network correct, again I would copy yours exactly, but for some reason that causes me to lose connection.

/etc/config/network

Code: [Select]

config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'REDACTED'

config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'

config interface 'lan'
option device 'br-lan'
option proto 'static'
option ip6assign '60'
option gateway '10.0.7.1'
list ipaddr '10.0.7.2/24'
list ipaddr '192.168.1.1/24'

config device
option name 'eth0.2'
option macaddr 'REDACTED'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'

config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'

config interface 'WiFi_MGMT'
option device 'phy0-ap3'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option defaultroute '0'
option delegate '0'

/etc/config/wireless

Code: [Select]

#
# OpenWRT Wireless Configuration
#
# !!! Don't use radio0 & radio1 from this file
# !!! Use your device specific radio config (with path, country code, etc)
# !!! Configure and add all custom wireless options (802k/v/r etc)
# !!! Only copy the SSID config
#

###
# Radio 0 - 2.4GHz
###

config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/ahb/18100000.wmac'
option band '2g'
        option country 'US'
        option channel 'auto'
option htmode 'HT20'
option cell_density '0'

###
# Radio 1 - 5GHz
###

config wifi-device 'radio1'
option type 'mac80211'
option path 'pci0000:00/0000:00:00.0'
option band '5g'
        option country 'US'
        option channel 'auto'
option htmode 'HT20'
option cell_density '0'

###
# SSID: WiFi 1 - 2.4GHz
###

config wifi-iface 'wifinet0'
option device 'radio0'
option mode 'ap'
option ssid 'WiFi 1'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan4'

###
# SSID: WiFi 2 - 2.4GHz
###

config wifi-iface 'wifinet1'
option device 'radio0'
option mode 'ap'
option ssid 'WiFi 2'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan5'

###
# SSID: WiFi 3 - 2.4GHz
###

config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid 'WiFi 3'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan6'

###
# SSID: WiFi-Management - 2.4GHz
###

config wifi-iface 'wifinet3'
option device 'radio0'
option mode 'ap'
        option ssid 'WiFi-MGMT'
option encryption 'sae'
option key 'Very Secret'

###
# SSID: WiFi 1 - 5GHz
###

config wifi-iface 'wifinet4'
option device 'radio1'
option mode 'ap'
option ssid 'WiFi 1'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan4'

###
# SSID: WiFi 2 - 5GHz
###

config wifi-iface 'wifinet5'
option device 'radio1'
option mode 'ap'
option ssid 'WiFi 2'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan5'

###
# SSID: WiFi 3 - 5GHz
###

config wifi-iface 'wifinet6'
option device 'radio1'
option mode 'ap'
option ssid 'WiFi 3'
option encryption 'sae'
option key 'Very Secret'
option network 'vlan6'


10

General Discussion / Re: I Set Up A VLAN But Can't Ping Systems On It

« on: December 20, 2023, 11:41:23 pm »

You wanted to create a so called OpenWRT Dumb Access Point with multiple VLAN's. As explained, your first task should be renaming the management interface to the br-vlanX naming scheme before going forward. You twice reported "loss of connectivity" and now you're connected again. 

I factory reset, sorry I should have said this. If I do the br-vlanX i lose connectivity. Sorry I will avoid making further changes without saying exactly what I'm doing.

I shared a _complete_ config file to work from, but

Yes, but when i switch to it I lose connectivity. So I factory reset, sorry, again I should have said something.

Here you are back at the default config and try to config networks already provided in my example, do you see this doesn't help to understand where you are. Are you using my config or are you playing around with something default/custom ?!?! It's hard to understand what your doing ;-)

Sorry, yes i see how it's unhelpful. I am back to square one, trying to do your previous suggestion with wireless management interface so I can avoid further factory resets.

That COULD be a bridging issue, BUT if you didn't successfully renamed your wired management interface first (br-vlanX) this ain't going to work.

I did not successfully rename it.

If there are any other things I say that are confusing please point them out, I don't mean to make you repeat yourself, I'm just confused.

From now on, I will include the current config at the bottom of each comment so it's clear what I am doing.

/etc/config/network

Code: [Select]

config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'REDACTED'

config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'

config interface 'lan'
option device 'br-lan'
option proto 'static'
option ip6assign '60'
option gateway '10.0.7.1'
list ipaddr '10.0.7.2/24'
list ipaddr '192.168.1.1/24'

config device
option name 'eth0.2'
option macaddr 'REDACTED

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'

config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'

config interface 'WIFI_MGMT'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option device 'phy0-ap0'

/etc/config/wireless

Code: [Select]

config wifi-device 'radio0'
option type 'mac80211'
option path 'pci0000:00/0000:00:00.0'
option channel '36'
option band '5g'
option htmode 'VHT80'
option cell_density '0'

config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'sae'
option key 'hello1234'

config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/ahb/18100000.wmac'
option channel '1'
option band '2g'
option htmode 'HT20'
option disabled '1'

config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'

With the current config I can see OpenWrt network when i scan on my laptop, but i can't connect to it. If I change WIFI_MGMT device to "lan" then I can connect wirelessly from the laptop.

11

General Discussion / Re: I Set Up A VLAN But Can't Ping Systems On It

« on: December 20, 2023, 10:37:52 pm »

Yeah, to be clear, I'm not blaming you at all. I did ask for full configuration. I thought maybe I could spot something off about mine.

To answer your 3:

- Wired is working right now. I can connect at 10.0.7.2 from CORE.

- Wireless I'm having trouble. I want to make sure to get this working since it's the fallback. If I follow your steps I get some trouble. First I set up SSID with unspecified network (picture 1), and enable it. Then I make an interface with a static address 192.168.2.1 and netmask 255.255.255.0 and select my SSID from dropdown, which defaults to radio0.network1, as you said it would (picture 2, and picture 3). But if I have it enabled, then the device becomes phy0-ap0 instead of radio0.network1 (picture 4). If I then try to connect on my laptop with 'nmcli device wifi connect OpenWrt password mypass` it fails to connect and says "ERROR: connection activation failed: IP configuration could not be resolved (no available address, timeout, etc)". This happens even if I assign my laptop an IP of 192.168.2.3 with ifconfig before I try connecting.

- VLANs having trouble with all, but probably should focus on wireless management interface first.

EDIT: If I set the SSID to lan instead of unspecified, I can connect with the laptop.

12

General Discussion / Re: I Set Up A VLAN But Can't Ping Systems On It

« on: December 20, 2023, 09:05:30 pm »

I'm willing to keep trying things here, I really would like to get this working, and I don't want to give up. But I'm starting to feel like I may be wasting your time, because no matter what I do, I just get the same behaviour. I can copy paste the exact files you've used, line for line, /etc/config/network and /etc/config/wireless, then reboot, and still I can't ping the device. I've checked and triple checked OPNsense and I really can't see the error. You said that config 100% works so if it fails for me there's something wrong with my infrastructure, but it's just totally beyond me what this could be. I've shown my topology, I've also checked over and over to make sure the topology is right. I even went and bought a patch panel just to make it almost impossible to plug anything into the wrong place, lol. The IPs are all exactly as described in my topology diagram. So I just really don't know what to do. If you want to keep suggesting things, I'm happy to keep trying but at this point I'm worrying about being a burden. I'm sure it's not fun to help someone when you put tons of time into writing solutions, and even go as far as to set up a dummy device at your house for testing, just to have them always say "sorry, same behaviour". Rest assured, I am carefully trying everything you post and reading your comments in detail and repeatedly, I'm just still failing for some reason. But I'm not half-assing it over here or anything.

13

General Discussion / Re: I Set Up A VLAN But Can't Ping Systems On It

« on: December 17, 2023, 08:43:07 pm »

Oh, I thought by IOS you meant the Apple OS for mobile devices. Haha.

I may just be confused here, but I really do not understand what you're asking me to do. You showed me this code:

Code: [Select]

config device
    option name 'br-vlan1'
    option type 'bridge'
    list ports 'eth0.7'    <--- Change this one

But I don't have any code that looks like that. Could you show me the whole config file maybe? That might clear it up. I find this very difficult, sorry.

14

General Discussion / Re: I Set Up A VLAN But Can't Ping Systems On It

« on: December 13, 2023, 07:08:09 pm »

Ok how about this?

Code: [Select]

switch#show running-config
Building configuration...

Current configuration : 5809 bytes
!
! Last configuration change at 13:01:15 UTC Wed Dec 13 2023
! NVRAM config last updated at 16:10:25 UTC Tue Dec 12 2023
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname switch
!
boot-start-marker
boot-end-marker
!
enable secret 5 REDACTED
!
!
!
no aaa new-model
clock timezone UTC -5
clock summer-time UTC recurring
switch 1 provision ws-c3750x-24
system mtu routing 1500
!
!
ip domain-name home
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 70 30
mls qos srr-queue input threshold 1 80 90
mls qos srr-queue input priority-queue 2 bandwidth 30
mls qos srr-queue input cos-map queue 1 threshold 2 3
mls qos srr-queue input cos-map queue 1 threshold 3 6 7
mls qos srr-queue input cos-map queue 2 threshold 1 4
mls qos srr-queue input dscp-map queue 1 threshold 2 24
mls qos srr-queue input dscp-map queue 1 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue input dscp-map queue 1 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 32 33 40 41 42 43 44 45
mls qos srr-queue input dscp-map queue 2 threshold 3 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 4 5
mls qos srr-queue output cos-map queue 2 threshold 1 2
mls qos srr-queue output cos-map queue 2 threshold 2 3
mls qos srr-queue output cos-map queue 2 threshold 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 0
mls qos srr-queue output cos-map queue 4 threshold 3 1
mls qos srr-queue output dscp-map queue 1 threshold 3 32 33 40 41 42 43 44 45
mls qos srr-queue output dscp-map queue 1 threshold 3 46 47
mls qos srr-queue output dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 2 threshold 1 26 27 28 29 30 31 34 35
mls qos srr-queue output dscp-map queue 2 threshold 1 36 37 38 39
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue output dscp-map queue 4 threshold 1 8 9 11 13 15
mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14
mls qos queue-set output 1 threshold 1 100 100 50 200
mls qos queue-set output 1 threshold 2 125 125 100 400
mls qos queue-set output 1 threshold 3 100 100 100 400
mls qos queue-set output 1 threshold 4 60 150 50 200
mls qos queue-set output 1 buffers 15 25 40 20
mls qos
!
!
spanning-tree mode pvst
spanning-tree extend system-id
auto qos srnd4
!
!
!
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
!
interface FastEthernet0
 no ip address
!
interface GigabitEthernet1/0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 srr-queue bandwidth share 1 30 35 5
 queue-set 2
 priority-queue out
 mls qos trust dscp
 macro description cisco-router
 auto qos trust
 spanning-tree portfast trunk
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/2
 switchport access vlan 2
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/3
 switchport access vlan 3
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/4
 switchport access vlan 4
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/5
 switchport access vlan 5
 switchport mode access
 switchport port-security
 switchport port-security aging time 2
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 macro description cisco-desktop
 spanning-tree portfast
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/6
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 7
 switchport mode trunk
 switchport nonegotiate
 srr-queue bandwidth share 1 30 35 5
 queue-set 2
 priority-queue out
 mls qos trust cos
 macro description cisco-wireless
 auto qos trust
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface Vlan1
 ip address 10.0.0.2 255.255.255.0
!
ip default-gateway 10.0.0.1
ip classless
ip http server
ip http secure-server
!
ip sla enable reaction-alerts
!
!
line con 0
line vty 0 4
 password REDACTED
 login
 length 0
line vty 5 15
 password REDACTED
 login
 length 0
!
end

As for the wireless backup, that's a good idea, much better than constantly factory resetting, lol, I should try to get my laptop to do that (no WIFI on desktop). Thanks.

Hmm, sorry I made an edit to my comment but I guess it didn't go through, did not mean to miss your other 2 questions:

I'm having trouble re-enabling SSH through Telnet since factory reset. The instructions in the manual are terrible. So I'm not sure I can answer whether that SSH command works. I'll keep trying to get it running again though.

No I'm not on IOS, I use NixOS.

15

General Discussion / Re: I Set Up A VLAN But Can't Ping Systems On It

« on: December 12, 2023, 10:20:39 pm »

Ok, I think I've got what you want.

It's really hard to get SSH to work on this switch, it's very old, just a device to learn on before I deem myself worthy of better hardware. Normally, on a new system I turn the SSH daemon on then add my public key, but in this case I had to do everything through Telnet, which was a pain because I've never used it before. I gave up for now on SSH and just looked up Telnet commands to get what I think is the info you want. I used this command:

Code: [Select]

show interfaces switchport


Note that there are really 24 ports, but I just showed the output for 1-7 since really only the first 6 are being used (see topology diagram) and 7 has the same config as all the other unused ports:

Code: [Select]

Name: Gi1/0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

Name: Gi1/0/2
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: negotiate
Negotiation of Trunking: Off
Access Mode VLAN: 2 (VLAN0002)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

Name: Gi1/0/3
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: negotiate
Negotiation of Trunking: Off
Access Mode VLAN: 3 (VLAN0003)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

Name: Gi1/0/4
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: negotiate
Negotiation of Trunking: Off
Access Mode VLAN: 4 (VLAN0004)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

Name: Gi1/0/5
Switchport: Enabled
Administrative Mode: static access
Operational Mode: down
Administrative Trunking Encapsulation: negotiate
Negotiation of Trunking: Off
Access Mode VLAN: 5 (VLAN0005)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

Name: Gi1/0/6
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: down
Administrative Trunking Encapsulation: dot1q
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 7 (VLAN0007)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

Name: Gi1/0/7
Switchport: Enabled
Administrative Mode: dynamic auto
Operational Mode: down
Administrative Trunking Encapsulation: negotiate
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL

Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

Also note that info on the corresponding smartport types is in the topology diagram. And note that I had nothing plugged in at the time of running this command except OPNsense LAN port feeding into switch port 1, and desktop plugged into one of the many non cofigured ports (number 7 or higher). I can only access the switch this way, not when desktop is on CORE.