just finished, copy-pasting what I DMd him:Let us know how it goes!
ICX6450-48P-Router>show pid-prom -cut-for-privacy-
since those older gens aren't running linux (which is why accessing linux does not work on them ) they're definitely not caching metadata under linux (and if the monolithic fastiron app that boots is, it's entirely wiped out by a primary slot OS reflash)
Normally what you do, is that you create an ssh key for only this, which you then distribute to the people and/or computers who/which need it.Is it possible to set the switch up with more than one SSH public key? I don't share private keys across my machines, but it'd be nice to be able to SSH into the switch from more than one computer.
Sounds like it reverted to booting from the secondary firmware slot, which has an old version from before licenses were made free. You can verify by running show version and see what it's running. If it's old it might have gotten rid of some of your config too. Just follow the guide to flash the new firmware back to primary again, and ensure it's set to boot from primary (if it's booting from secondary, you may have to knock some sense into it by running "boot system flash primary" at the configure terminal level, then write mem to save it)Hello!
I've got a icx7250 running my network core
After a power outage, my switch which had happily been running for a year straight seems to have forgotten it's license!
What's worse, when I type "license" and hit tab, the only option is "delete" and "license install" is giving invalid syntax errors!
Google has not helped me. I can't easily post command output since I can only easily console into the switch the moment and I am posting from my phone...
Done. Now about to try my hand at some paper clip MPO trunks.
Sheeit. All this time and I've just been freeloading! Donated!Done. Now about to try my hand at some paper clip MPO trunks.
I’ll post some pics of our setup when we’re done. Setting up some 40G uplinks for our Truenas box to serve video and rendering editors.
OK. I've been banging my head against this for a bunch of hours and I would love it if someone could just point out where I'm being dumb. I cannot for the life of me get my 7250 to route between VLANs. I'm running pfsense/opnsense (virtualized and switching between back and forth between the two while I get my opnsense install fully operational--for the purposes of this question, it doesn't matter which firewall I'm running). I have a bunch of VLANs--more than I need, but whatever. 3 of the VLANs are trusted, and I want to be able to route between them via the switch rather than going out to the firewall. The rest of the VLANs I want to go ahead and use the firewall to the extent there needs to be routing between them (rare), because I'm substantially more comfortable with filter rules than ACLs. At the bottom of this message is my current running config, and here is the output of 'sh ip route':
The three VLANs between which I want to route are 2, 10, and 1010. 2161 and 2162 are transit VLANs for WAN and LAN, respectively. When I set the gateway on any of the trusted VLANs for the firewall (X.X.X.1), everything works as expected. The firewall routes between VLANs according to my rules and I can get out to the internet. On the other hand, when I set the gateway on any of the trusted VLANs for the switch (X.X.X.254), I cannot reach one subnet from another. SSH/HTTPS are both inaccessible between local subnets. However, going out to the internet works, and for some reason I can ping between local subnets. This behavior is the same whether I'm running pfsense and opnsense, and even if I yank the LAN transit cable between the switch and the firewall.Code:
SSH@coreswitch(config)#sh ip route Total number of IP routes: 6 Type Codes - B:BGP D:Connected O:OSPF R:RIP S:Static; Cost - Dist/Metric BGP Codes - i:iBGP e:eBGP OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2 STATIC Codes - v:Inter-VRF Destination Gateway Port Cost Type Uptime 1 0.0.0.0/0 172.16.2.1 ve 2162 1/1 S 10h49m 2 10.10.10.0/24 DIRECT ve 1010 0/0 D 10h49m 3 172.16.1.0/24 DIRECT ve 2161 0/0 D 10h49m 4 172.16.2.0/24 DIRECT ve 2162 0/0 D 10h49m 5 192.168.0.0/24 DIRECT ve 2 0/0 D 10h49m 6 192.168.10.0/24 DIRECT ve 10 0/0 D 10h49m
At this point I'm ready to give up and just let the firewall handle all the routing, even thought it's not quite up to the task of linespeed routing. As an aside, how much CPU do you need to max iperf on 10gbe? Brief testing I can get ~7gbit with my i3-8100t.
Anyway, any suggestions would be awesome.
SSH@coreswitch>sh run Current configuration: ! ver 08.0.95fT213 ! stack unit 1 module 1 icx7250-24p-poe-port-management-module module 2 icx7250-sfp-plus-8port-80g-module ! ! global-stp ! ! ! vlan 1 name DEFAULT-VLAN by port spanning-tree ! vlan 2 name infra by port tagged ethe 1/2/2 to 1/2/4 untagged ethe 1/1/2 to 1/1/3 ethe 1/1/5 to 1/1/7 ethe 1/1/15 ethe 1/1/20 to 1/1/21 ethe 1/1/24 router-interface ve 2 spanning-tree ! vlan 10 name home by port tagged ethe 1/1/2 ethe 1/1/7 ethe 1/1/15 ethe 1/1/20 to 1/1/21 ethe 1/1/24 ethe 1/2/2 to 1/2/4 untagged ethe 1/1/4 ethe 1/1/8 to 1/1/9 ethe 1/1/11 ethe 1/1/14 ethe 1/1/16 ethe 1/2/5 router-interface ve 10 spanning-tree ! vlan 11 name voip by port tagged ethe 1/1/2 ethe 1/1/15 ethe 1/1/20 to 1/1/21 ethe 1/1/24 ethe 1/2/2 untagged ethe 1/1/12 ethe 1/1/18 spanning-tree ! vlan 12 name guest by port tagged ethe 1/1/2 ethe 1/1/15 ethe 1/1/20 to 1/1/21 ethe 1/1/24 ethe 1/2/2 spanning-tree ! vlan 20 name kids by port tagged ethe 1/1/2 ethe 1/1/5 ethe 1/1/15 ethe 1/1/20 to 1/1/21 ethe 1/1/24 ethe 1/2/2 spanning-tree ! vlan 30 name IOT by port tagged ethe 1/1/2 ethe 1/1/7 ethe 1/1/15 ethe 1/1/20 to 1/1/21 ethe 1/1/24 ethe 1/2/2 to 1/2/4 untagged ethe 1/1/13 ethe 1/1/17 ethe 1/1/19 ethe 1/1/22 to 1/1/23 ethe 1/2/7 spanning-tree ! ! vlan 999 by port tagged ethe 1/1/24 ethe 1/2/2 ! vlan 1010 name data by port tagged ethe 1/1/2 ethe 1/1/15 ethe 1/1/20 to 1/1/21 ethe 1/1/24 ethe 1/2/2 untagged ethe 1/2/3 to 1/2/4 router-interface ve 1010 spanning-tree ! ! ! ! vlan 2161 name wansit_176_16_1 by port untagged ethe 1/2/1 router-interface ve 2161 ! vlan 2162 name lansit_176_16_2 by port untagged ethe 1/2/2 router-interface ve 2162 ! vlan 2222 name wan_vlan by port tagged ethe 1/2/1 untagged ethe 1/1/1 spanning-tree ! ! ! vlan 3333 name 5g_wan_vlan by port tagged ethe 1/1/24 ethe 1/2/1 untagged ethe 1/1/10 spanning-tree ! ! ! ! ! ! ! ! aaa authentication web-server default local aaa authentication login default local enable aaa console hostname coreswitch ip dhcp-client disable ip dns server-address 192.168.0.1 ip route 0.0.0.0/0 172.16.2.1 ! no telnet server username super password ..... ! ! ! ! clock summer-time clock timezone gmt GMT-06 ! ! ntp disable serve server 192.168.0.1 server 10.10.10.1 ! ! no web-management http web-management https ! manager disable ! ! manager port-list 987 ! ! ! ! ! ! ! ! ! interface management 1 ip address 10.10.2.254 255.255.255.0 ! interface ethernet 1/1/1 port-name cablemodem ! interface ethernet 1/1/2 port-name firemox ! interface ethernet 1/1/3 port-name prox-enp35 ! interface ethernet 1/1/4 port-name printer ! interface ethernet 1/1/5 port-name minimox-eno1 ! interface ethernet 1/1/6 port-name piman ! interface ethernet 1/1/7 port-name micromox1 ! interface ethernet 1/1/8 port-name IPMI1 ! interface ethernet 1/1/9 port-name note-nook ! interface ethernet 1/1/12 port-name obi200 ! interface ethernet 1/1/15 port-name kitchen-no-poe ! interface ethernet 1/1/17 port-name master-bed ! interface ethernet 1/1/18 port-name security ! interface ethernet 1/1/19 port-name garage ! interface ethernet 1/1/20 port-name foyer ! interface ethernet 1/1/21 port-name kitchen ! interface ethernet 1/1/22 port-name garage-south-2 ! interface ethernet 1/1/23 port-name 2nd-bed ! interface ethernet 1/1/24 port-name 4th-floor ! interface ethernet 1/2/1 port-name WANuplink ! interface ethernet 1/2/2 port-name LANuplink ! interface ethernet 1/2/3 port-name mmx-10g ! interface ethernet 1/2/4 port-name prox-10g ! interface ethernet 1/2/5 port-name m1mini ! interface ve 2 ip address 192.168.0.254 255.255.255.0 ! interface ve 10 ip address 192.168.10.254 255.255.255.0 ! interface ve 1010 ip address 10.10.10.254 255.255.255.0 ! interface ve 2161 ip address 172.16.1.254 255.255.255.0 ! interface ve 2162 ip address 172.16.2.254 255.255.255.0 ! ! ! ! ! ! ! ! ! ! ip ssh password-authentication no ip ssh idle-time 0 ip ssh interactive-authentication no ! ! ! ! ! end