DefinIT

Cisco SG300 – Static route not showing, but already exists?

| 17/07/2018 | Tags: , , ,

OK, so recently I had been setting up NSX in my lab and I wanted to create some static routes on my SG300-20 so I could access the VMs that were on my NSX network.

I added the VLAN I wanted to use and added a VLAN interface. All good.

I went ahead and added the static route as shown below.

As you can see it was applied successfully.

However looking at the static routes I could not see the route I had just added.

So I went ahead and re-added it thinking I had made a mistake or something had gone wrong. (pick a reason), it then told me the route already existed.

So I was stumped for a while, searched the web and then decided to login to the cli to see what I could find.

First of all I ran the command “show ip route”

Nope my route was not showing, however I was not convinced that was the whole picture so a little further digging I found I can append the same command with static.

So I ran the command “show ip route static”

And there it was, the route, but listed as inactive.

So I hit the web again and what it boils down to is that while I had created the VLAN 80 with an interface I had neglected to add the VLAN to any ports therefore this rendered the static route inactive.

So the bottom line is the Switch was perfectly fine, the user however needed to learn a new and valuable lesson.

 

 

Updating Cisco SG300 firmware the command line way

| 09/02/2015 | Tags: , , , , ,

Cisco SG300-20I recently had the “pleasure” of upgrading my lab switch, which is the excellent Cisco SG300-20, I’ve not had a chance to update the firmware since it was released 6 months ago because of the downtime. For some reason I prefer configuring the SG300 from the command line – a hangover from my old networking days I suppose, but somehow it doesn’t feel right to me to use the GUI!

I found an article by Chris Wahl which ran through the steps required to do it via the GUI. If you’re only interested in doing the update, then I suggest following Chris’ article – otherwise follow me for some CLI goodness!

(more…)

Trace cables the easy way with Cisco CDP on Windows

No matter how good your network diagrams are, sometimes you need to verify the port your server/desktop is in. Cisco Discovery Protocol is a great tool for network admins when you need to quickly map routers and switches, and if you’ve got an ESX server connected you’ll see that it picks up CDP info too – but the vast majority of my managed systems are Windows.

Here’s how to use TCPDUMP by Micro Olap to extend that functionality to your Windows boxes.

Firstly you need to find the interface number of the network adaptor you are trying to find CDP data for.  Use this command:

tcpdump -D

Which gives you a list of the interfaces on the computer:

clip_image002

My actual NIC is the third one in the list, so I can run the command:

tcpdump -i 3 -nn -v -s 1500 -c 1 ether[20:2] == 0x2000

-i n [interface and the number in the list, for me 3]

-nn [don’t resolve DNS, speeds things up]

-v [verbose mode, otherwise we won’t see all the packet details]

-s 1500 [set the maximum packet size to capture, the MTU is 1500 by default so it will capture the entire packet]

-c 1  [Capture one packet only, since we only want the CDP packet and filter using the header]

ether[20:2] == 0x2000 [Check the Ethernet header packet ID for the hex value 0x2000 – CDP protocol]

image

Some output is omitted, but you can see that the name of the switch and the port are both in there.

Easier than tracing a cable!

CCNA Qualified

| 08/02/2010 | Tags: , ,

ccna_medAfter some pretty heavy investment in terms of time and money, I’ve passed my ICND2 exam and am now qualified as a Cisco Certified Network Associate (anyone else find it odd that you’re not even considered a professional by Cisco at this level?!)

I do consider the Cisco qualifications as significantly more valuable than the others that I hold, simply because of the difficulty of the exams. I do find them “honest” in that they’re not trick questions, and you don’t need a technique to pass – just in depth knowledge.

Anyway, I think I’ll take few weeks before I look to my next study/exam.

Cisco Qualified!

| 07/12/2009 | Tags: , , ,

As is normally the case when I’m studying, I haven’t had time to post much on here lately. I’ve been studying to pass the ICND1 exam (snappily titled “Interconnecting Cisco Network Devices Part 1”)

I’m really pleased to say that neglecting this site paid off, or rather the study did – I passed with a score of 930! It was a LOT harder than I had expected, I thought I’d walk out after 20m! It does now mean that I am CCENT. I’ll be taking the ICND2 exam early in the new year which will move me up to CCNA.

Also in the exams category, I’m taking a beta exam “PRO: Design & Deploy Messaging Solutions with Microsoft Exchange Server 2010”. Another snappy title and another bundle of fun!

Sam

Teaming NICs with ESX 3.5 and Cisco Switches in an aggregate.

Here’s the setup. We have a core switch of 2 Cisco 3750s, connected together for fault tolerance as a single logical switch; we also have several ESX 3.5 hosts with 4 Gigabit Ethernet NICs installed each. The Virtual Machines will all be on VLAN 8 (reserved for internal servers) and the VMKernel will be on VLAN 107 (reserved for VMKernel traffic like VMotion).  I want to create a load balanced, fault tolerant aggregate of these four NICs over the Core Switch.

Configure ESX server’s vSwitch

Configuring the vSwitch is actually pretty simple, but there are a couple of gotchas, so don’t skip this bit! First thing to note is that if you are making changes to the vSwitch and the Service Console is on that vSwitch you can quite easily lock yourself out. Make sure you configure this correctly, first time! In this setup, I am adding all 4 NICs to vSwitch0, which will be the only vSwitch. I’ll then use Port Groups to assign VLANs and Active/Passive configurations to the VMKernel/Service Console.

First things first then – assign the four NICs to the vSwitch. This is done in the Configuration Tab in VMware Infrastructure Client, then the Networking page. Edit the properties of your vSwitch, then select the Network Adaptor tab. Add all the NICs you wish to team in there (they may already be in there, depending on your setup). You should end up with something that looks like this (note that I’ve not assigned any VLAN yet):

 

Now you need to configure the NIC teaming, so edit the vSwitch Properties and under the Ports tab select the vSwitch. Click edit, and then go to the NIC teaming tab. Configure the teaming options like this:

That’s the easy part over and done with! Time to move onto the Cisco!

Configuring the Cisco Core Switch

Firstly, we need to log on to the switch and enter enable mode; I’m going to assume you know how to do this – if not, you really shouldn’t be attempting this setup!

Determine the switches trunk load balancing setup by using the command “show etherchannel load-balance”. It should look something like this:

If the protocol is NOT src-dst-ip, then you won’t be able to establish a trunk connection with the ESX server. If your protocol is not src-dst-ip, change it with the command “port-channel load-balance src-dst-ip”. This now matches the “Route based on IP hash” setting you configured in ESX. Although ESX has a setting for MAC based hashing, as does the Cisco, I was unable to get it to work.

Moving on. You need to create a Port-Channel interface for the trunk (this is a virtual interface that binds the 4 GigabitEthernet interfaces together). As i’ve got other Port-channels in use for connections to other switches, I’m setting up port-channel 40. Move to config mode (conf t) and then enter the setup:

interface Port-channel40
 description VMTEST01 Aggregate
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 8
 switchport mode trunk
 switchport nonegotiate
 spanning-tree portfast trunk
end

Description simply adds a description, “switchport trunk encapsulation dot1q” sets the encapsulation of the trunk to 802.1Q. “switchport trunk native vlan 8” means that any traffic without a VLAN tag will be automatically assigned to VLAN 8. “switchport mode trunk” obviously designates that we want a trunk, rather than access. “switchport nonegotiate” means that it will not attempt to negotiate the protocol, and be a static trunk, rather than LCAP or PGaP. “spanning-tree portfast trunk” causes a Layer 2 LAN interface configured as an access port to enter the forwarding state immediately, bypassing the listening and learning states (i.e. if the link goes down and then comes back up, it will do so quickly).

With the Port-channel configured, you now need to edit your GigabitEthernet ports and assign them to the Port-channel. For each port in the trunk, enter the following config (this example is port 8 on the master switch in my stack, hence 1/0/8):

interface GigabitEthernet1/0/8
 description VMTEST01 VMNIC1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 8
 switchport mode trunk
 switchport nonegotiate
 channel-group 40 mode on
 spanning-tree portfast trunk
end

The difference between that and the Port-channel setup? “channel-group 40 mode on” is simply assigning the port-channel in static mode.

Once all four NICs are assigned you might have to wait a few minutes for every layer of the connection to settle down before the trunk comes up. To check the status of the etherchannel you can use the command “show etherchannel 40 summary”, replacing the 40 for whichever number you assigned to your port-channel.

I hope this helps navigate the minefield that I found to be setting up the NIC teaming!