Greetings,
I have a fleet of CRS326, and one CRS317. I have a premade config file that I copy/paste into terminal (with minor changes) to get the switches ready for deployment. I just set up a bunch of CCR2004s this way without issue.
What is happening, is I paste my config into Winbox terminal and hit enter, some of the commands are processed, but I lose Winbox connection to the switch before completion every time (I shouldn't lose connection). VLAN filtering is turned off (but not relevant, see below) - the last command is to turn that on. The switch is still powered up, and I can still access it through another port. I normally use a DHCP client on one port, then have the management port separate. These ports are NOT part of the bridge (I remove these two). So if one of the ports drops connection, I can connect through the other port. But the other port seems to not be accepting connections anymore, although the link light is still active.
This is a new feature, as I never had issue before with doing this (and thought this was how you were supposed to provision Tiks). Anyone else experience this? Tomorrow, I'll try to provision through SSH. It has to be either ROS firmware (6.47.3) or Winbox (3.27).
If I power cycle the switch, I can connect to the “dead” port again.
Re: CRS326/CRS317 provision failing
Does the provisioning fail if you copy-paste individual commands into command window? If yes, then you should be able to identify command which breaks config ... If no, then it might have something to do with timing of commands (e.g. command referring to item which is defined by preceding commands but ROS did not finish setting up that item just yet).
Re: CRS326/CRS317 provision failing
Along with the previous suggestion, I would recommend a console cable (if the device supports it - which a crs326 does) or copy over the rsc file and do a resset-configuration and set it to no default config, no backup, and have it run the rsc after reset.
It basically means you copy a file and run one command, that's it. With the console cable you can just plug in and just paste the commands like you are currently doing without any fear of disconnect due to switch config changes.
It basically means you copy a file and run one command, that's it. With the console cable you can just plug in and just paste the commands like you are currently doing without any fear of disconnect due to switch config changes.
-
-
Aerowinder
newbie
- Posts: 27
- Joined:
Re: CRS326/CRS317 provision failing
Thanks for the advice thus far. I discovered that the provision does not fail, it actually completes as it should. However, I do get disconnected from the device in roughly the same place in my config every time. Normally I lose connectivity on the /interface bridge port. See below.
Connect to port 1 on the switch, then run this code.
Now that port 23 is not in the bridge, and a DHCP client, I connect to port 23 to get updated firmware, then proceed with the rest of the provision. Below is the snippet that is disconnecting me:
As stated, I lose access to the device typically in the /interface bridge port section. I'm connected to port 23 via DHCP, and I'm not modifying that port at all after the initial addition of the DHCP Client.
Provisioning through SSH has same behavior as Winbox. I lose access, but if I power cycle the switch, port 23 is working fine again. When I provisioned the last switch, I lost connection after. Initially, I suspected maybe generating a certificate was making the switch run out of memory. So I tried that first, then rebooted the switch and ran the rest of the commands. Still get disconnected for no reason.
I don't have particular interest in using the console port. I am trying to determine if this is a bug, and if so, report it so it can be fixed. I do still need to attempt to send the commands one at a time, but I have a feeling that will work fine.
Connect to port 1 on the switch, then run this code.
Code: Select all
/interface bridge port
remove [ find interface=ether23 ]
remove [ find interface=ether24 ]
/ip address
add address=10.xx.xx.xx/24 interface=ether24 network=10.xx.xx.xx
/ip dhcp-client
add interface=ether23 disabled=no
Code: Select all
/certificate
add name="xyz" common-name="xyz" days-valid="3650"
sign "xyz" name="xyz"
/interface vlan
add interface=bridge name=vlan2 vlan-id=2
add interface=bridge name=vlan3 vlan-id=3
add interface=bridge name=vlan4 vlan-id=4
add interface=bridge name=vlan5 vlan-id=5
add interface=bridge name=vlan6 vlan-id=6
/ip address
remove [ find address="192.168.88.1/24" ]
add address=10.xx.xx.4/24 interface=vlan5 network=10.xx.xx.0
/ip cloud
set update-time=no
/ip route
add distance=1 gateway=10.xx.xx.1
/ip dns
set servers=10.xx.xx.xx,10.xx.xx.xx
/interface bridge
set [ find name=bridge ] comment=""
/interface bridge vlan
add vlan-ids=2 bridge=bridge tagged=sfp-sfpplus2,ether4 untagged=ether16
add vlan-ids=3 bridge=bridge tagged=sfp-sfpplus2,ether4 untagged=ether1,ether2
add vlan-ids=4 bridge=bridge tagged=sfp-sfpplus2,ether4
add vlan-ids=5 bridge=bridge tagged=bridge,ether4 untagged=ether3,ether5,ether6,ether22
add vlan-ids=6 bridge=bridge tagged=sfp-sfpplus2,ether4
add vlan-ids=666 bridge=bridge untagged=ether15
/interface bridge port
set [ find interface=ether1 ] pvid=3
set [ find interface=ether2 ] pvid=3
set [ find interface=ether3 ] pvid=5
set [ find interface=ether4 ] frame-types=admit-only-vlan-tagged
set [ find interface=ether5 ] pvid=5
set [ find interface=ether6 ] pvid=5
set [ find interface=ether15 ] pvid=666
set [ find interface=ether16 ] pvid=2
set [ find interface=ether22 ] pvid=5
set [ find interface=sfp-sfpplus2 ] frame-types=admit-only-vlan-tagged
Provisioning through SSH has same behavior as Winbox. I lose access, but if I power cycle the switch, port 23 is working fine again. When I provisioned the last switch, I lost connection after
Code: Select all
set [ find interface=ether6 ] pvid=5I don't have particular interest in using the console port. I am trying to determine if this is a bug, and if so, report it so it can be fixed. I do still need to attempt to send the commands one at a time, but I have a feeling that will work fine.
-
-
Aerowinder
newbie
- Posts: 27
- Joined:
Re: CRS326/CRS317 provision failing
With further testing, I have been able to isolate the problem to this code:
Specifically the add address line. The address that is being added as a static IP is in the same subnet as the provisioning port's DHCP lease. However, this VLAN strictly belongs to bridge, of which my DHCP client port is not a member. And there are no connections to this switch at all, other than my provisioning connection. So I don't see a technical cause for this issue, especially since a reboot solves the issue.
If I attempt to provision from another subnet, no problems. Could this be some kind of STP bug?
Code: Select all
/ip address
remove [ find address="192.168.88.1/24" ]
add address=10.xx.xx.x/24 interface=vlan5 network=10.xx.xx.0If I attempt to provision from another subnet, no problems. Could this be some kind of STP bug?
Re: CRS326/CRS317 provision failing
If router has two IP addresses from same subnet, then it has two possible routes to reach target IP address. Mind that interface, used for inbound packets, does not define interface to be used for return packets.
So yes, unless you configure some kind of routing priority[*], setting second IP address from the same subnet but on different interface is an error in configuration. You could do it if both addresses were set on same interface though.
[*]You could get away if you added route towards computer you're running provisioning to correct interface, e.g.
It would work because when deciding upon next routing hop among matching routes router chooses the route with longest subnet mask.
So yes, unless you configure some kind of routing priority[*], setting second IP address from the same subnet but on different interface is an error in configuration. You could do it if both addresses were set on same interface though.
[*]You could get away if you added route towards computer you're running provisioning to correct interface, e.g.
Code: Select all
/ip route add dst-address=<management station IP address>/32 gateway=ether23
-
-
Aerowinder
newbie
- Posts: 27
- Joined:
Re: CRS326/CRS317 provision failing
Is it not relevant that the static IP is on the bridge, and the DHCP client is not on the bridge? And that my only connection was to the DHCP client port? How could a second IP address on the same subnet cause issue if the link is down?
Re: CRS326/CRS317 provision failing [SOLVED]
Is it not relevant that the static IP is on the bridge, and the DHCP client is not on the bridge? And that my only connection was to the DHCP client port? How could a second IP address on the same subnet cause issue if the link is down?
The location of IP address (bridge vs. stand-alone ethernet port) does not matter when it comes to routing decisions. I.e.: when router needs to pass an IP packet to next hop (it might be destination), it first checks the routing table. When it finds a suitable entry in the table, it will also get particular interface to be used (not the other way around). As I wrote, it doesn't matter which interface it received "forward" packet through (unless one bothers with connection and routing marking which you don't while you're provisioning router). And it doesn't matter if L2 interface is down, IP address (and associated routing entries) are still valid.
The most elegant way out of (IP related) connection issues is to use winbox with MAC connection to do initial provisioning. It's not entirely fail safe though, it still relies on L2 connectivity which can get changed (to the extent that connection breaks) specially so when configuring VLANs.
-
-
Aerowinder
newbie
- Posts: 27
- Joined:
Re: CRS326/CRS317 provision failing
Thanks for the info, this answers my question.
Who is online
Users browsing this forum: Google [Bot] and 39 guests