RB260GSP is uplinked to an Ubiquiti Edgerouter X via port 1 on the RB260GSP. Ports are both configured as access ports and are in the same lan and subnet.
I can only access the RB260GSP http admin page if i connect a network cable directly on a port of the RB260GSP. If i’m connected to the Ubiquiti i cannot access the page.
I can ping the ip of the RB260GSP when i’m connected to the Ubiquiti, but that’s all. I already reset the Ubiquiti but that made no change.
Both devices are at the latest firmware btw. RB260GSP at 2.4. Any ideas?
Note: SwOS uses a simple algorithm to ensure TCP/IP communication - it just replies to the same IP and MAC address packet came from. This way there is no need for Default Gateway on the device itself.
If edgerouter is routing to carry your packets to the RB260GSP, you’ll experience this.
Possible fix:
Setup a port forward /src-nat on ER IP to the RB260GSP, say ER is 192.168.100.1 and RB260GSP is 192.168.100.2:
192.168.199.1:8080 ====> 192.168.100.2:80
src-natting so that traffic forwarded by the ER to the RB260GSP appears to the RB260GSP as coming from the ER.
I’m also having this problem intermittently with our CSS326. I was able to get to it earlier, but now I can’t. I can’t even ping it at the moment, but it’s working fine as far as I can tell.
I looked on the wiki and it seems it doesn’t work the way typical devices do. There’s no default gateway and it’s not clear to me how it actually functions. The wiki says it responds to whatever device it sees the packet from, but I can’t find it in the arp table of either router attached to it, so right now it doesn’t seem to be functioning normally. It doesn’t show up on IP Scan right now either. I think we’re running 2.3 on it, but I can’t check at the moment.
As long as this switch doesn’t crash like our old CSS 226 did it will be an improvement, but I had no idea swos worked this way. I hope this isn’t something permanent where we won’t be able to log into this switch when we need to.
I can always ping to the device. From a wireshark taken on a mac i can see initial communication is happening as i see it switching from http to https. But then it stalls. Haven’t had the time to look into this further though… It’s not a problem tied to a specific osx install. Happens on all my osx machines.
They were deployed today with config like attachment. Everything else (not shown on this image) is default.
Each is connected to:
24V 2.5A supply on power jack
edge router RB2011 on Port1 (30-70m cat6 cables)
3 mikrotik access points with (3-15m length cat5e cables) on Port2, Port3, Port4
1 IoT device (heat pump wireless to ethernet bridge) on Port5
Everything was fine for 4-5 hours. Now they are all dead from management point of view. They not respond to ping and I can’t access them via HTTP management interface. I have not tried to connect to switches directly, I have to access them via edge router vpn.
Switching functionality works fine at this moment.
Are you sure they still have the same IP address? Address acquisition method “DHCP with fallback” is IMO dangerous, it means primary means of address acquisition is via DHCP and any DHCP change can mean change in management IP address change.
The method is pretty fool proof, as long as there isn’t something blocking the mac address. The way it was explained to me was that the switch hijacks the ip and tcp/udp headers and swaps the source and destination mac address, ip addresses, and ports. (in the postal analogy, it creates a new envelope and put what was on the return address into the “to address” and puts the original to address in the return address location.
So this works regardless of whether the packet was routed, had nat applied, etc. All is needs to do is to get it back to the mac address it received it from (the host or router that forwarded the packet). It will be on the same L2 LAN in every case. You could cause it to fail will scapy to forge a packet with someone else’s mac address, but that’s intentional breakage.
The only downside is that you can’t initiate outbound connections from the switch, it can only respond. So when you upgrade software, the PC connected to the web interface has to be the one that establishes the connection to “upload the firmware” to the switch.
It won’t show up in an arp table until you ping the switch, then it should show up in the arp table. The switch itself never sends out arps, it doesn’t need to, because it already knows the mac address.
Primary address acquisition method is DHCP, because edge router has static DHCP server entry for this switch. Fallback is just in case when edge router is not working.
After reading the post instead of fixating on “but then it stalls”, since you said that this happens “as I see it switching from http to https.” SwOS on at least the RB260 (I have two CSS106-5G-1S RB260 switches) does not support https. And since you said it happens on OSX, my better guess is that the problem is Safari trying to promote http to https and thinking it is an HSTS site. Safari is automatically redirecting to an HTTPS site that does not exist
