|
|
Ludovic
Vinsonnaud - Ingénieur Réseau basé à Bordeaux, bureau F108 (IOA, Rue François Mitterrand, 33400 Talence) 2 Avenue Augustin Fresnel - 91127 PALAISEAU Cedex Tel. +33 5 57 01 71 52 - Mob. +33 6 08 08 41 05 |
Hi! Thanks to Mr. Vinsonnaud and Mr. Westin we have a patch ready. I am just waiting for a review, and then those who want can apply the patch locally to see how it performs. The patch only affect Dell-devices - the only question is if we need a more detailed check of type of Dell-device to do this or that. I will let you know when it is ready.I'm coming back to you with my problem. I have tried some solutions provided by Dell without success (essentially updates). Here's the last answer from them (translated by me)Thank you for this. We have looked at the mibs and have the following to say: - We don't use this mib for Cisco - they have their own custom MIBs that we use for switching vlan. - That we need to be in General mode is the problem, and the default is to be in Access-mode - It looks like we can use the agentPortConfigTable to check for (and set) the mode of the interface. Then we need to agree on a workflow for this: - if general mode everything is ok and we set pvid - if access mode is set - switch to general and then set pvid? Or give information about wrong mode? - However, there is also an oid "agentPortAccessVlanID" with the following description: "Describes and Configures the VLAN ID of access switch port. A value of 0 indicates that the switch port is not configured as access port.". It might be possible to use this one to switch if the interface is in acces mode (perhaps also in general mode?). We need to test this. We don't have access to Dell equipment at the moment, but I will try to aquire it.Have you tested OID 1.3.6.1.2.1.17.7.1.4.5.1.1 on Cisco hardware, does it change vlan ID in access mode ? interface Gi1/0/40 switchport access vlan XXX The OID 1.3.6.1.2.1.17.7.1.4.5.1.1 is the same for Dell and Csico. I would like to know if on Cisco it modifies vlan ID in access mode, as on Dell Equipement it modifies PVID port in general mode, that is 2 different things. If you download the last version FW 6.3.3.10, in the directory oh the extracted file you will find a file named Release-6.3.3.10-mibs containing informations that could be usefull to Uninett team. https://downloads.dell.com/FOLDER04638308M/1/N2000v6.3.3.10a31.zip *Julien Guillou* *Dell **EMC***| Network Analyst, Ent Tech Support *Email*julien_guillou@Dell.com <mailto:julien_guillou@Dell.com> Cordialement, IOGS Logo <https://www.institutoptique.fr> *Ludovic Vinsonnaud * - Ingénieur Réseau basé à Bordeaux, bureau F108 (IOA, Rue François Mitterrand, 33400 Talence) *Institut Optique Graduate School* 2 Avenue Augustin Fresnel - 91127 PALAISEAU Cedex Tel. +33 5 57 01 71 52 - Mob. +33 6 08 08 41 05 Le 15/06/2017 à 11:21, Vinsonnaud Ludovic a écrit :I've just received an answer from Dell support : J’ai discuté avec un ingénieur du Niveau 3 qui m’a dit que c’est un bug connu qui est en cour de correction. Le correctif pourrais être inclus dans la prochaine version du firmware en juillet mais je n’en suis pas certain. De mon cote je pense que l’OID dot1qPvid requière que le port soit en mode général car le pvid est base sur le mode général, mais à ce que je vois le mode du port ne semble pas être modifie et les anciennes commandes persistent. Vers la fin juillet regardez si une nouvelle version est disponible et si le correctif est inclus dans celui-ci. Here's the translation. I talked with a level 3 engineer who told me it was a known bug which is going to be corrected. On my side, I think the dot1qPvid need the interface to be in "general mode" as the pvid is based en general mode, but as I see, port mode is not changed and old commands remains. At the end of July, look if a new version is available and if the correction is included. and he closed my ticket ... Cordialement, IOGS Logo <https://www.institutoptique.fr> *Ludovic Vinsonnaud * - Ingénieur Réseau basé à Bordeaux, bureau F108 (IOA, Rue François Mitterrand, 33400 Talence) *Institut Optique Graduate School* 2 Avenue Augustin Fresnel - 91127 PALAISEAU Cedex Tel. +33 5 57 01 71 52 - Mob. +33 6 08 08 41 05 Le 15/06/2017 à 10:05, Vinsonnaud Ludovic a écrit :I opened a ticket at Dell Support They understood the problem and they rose it to 2nd level (I don't know if it's the exact expression in english) To sum up : - interface in general mode : - set --> "switchport general pvid /number/" - get --> number of vlan in "switchport general pvid /number/" - interface in access mode : - set --> "switchport general pvid /number2/" --> added to existing "switchport access vlan /number1/" - get --> number of vlan in "switchport access vlan /number/1" special case : conf with existing "switchport general pvid /number2/" and "switchport access vlan /number1/" - interface in access mode : - set --> number1 is used --> nothing appens, both commands stay I hope having an answer soon. The technician told me they can't test every MIB so they put the switch for sale and are waiting for informations from customers. After that, new firmware versions are available. I don't know if Dell want to force customers using general mode instead of access/trunk mode, but it seems usefull when using 802.1X Cordialement, IOGS Logo <https://www.institutoptique.fr> *Ludovic Vinsonnaud * - Ingénieur Réseau basé à Bordeaux, bureau F108 (IOA, Rue François Mitterrand, 33400 Talence) *Institut Optique Graduate School* 2 Avenue Augustin Fresnel - 91127 PALAISEAU Cedex Tel. +33 5 57 01 71 52 - Mob. +33 6 08 08 41 05 Le 15/06/2017 à 09:11, John Magne Bredal a écrit :Marcus Westin kindly offered to set up a test environment. I think we will accept that and try to find a solution for Dell devices. The main theory is that setting the Pvid may trigger general mode - if we don't do that but set egress and untagged ports for the vlan, then we may have the desired result. On 09. juni 2017 15:08, Vinsonnaud Ludovic wrote:Hi, I've got answers from the Dell networking sales engineer Here's the translation : I did some tests. the SET and GET actions from this OID only take effect when the port is in General mode (switchport mode general). Once this is done, a SET action results with adding the command "switchport general pvid" followed by the value in the "show run", while a new GET action after that give the good value for that line. I invite you to open a ticket by calling the technical support, using the service tag of your switch, to check with them if this MIB is supported on ports in access mode or not. In access mode, a SET action creates the command line "switchport general pvid" while a GET action returns the value corresponding to the "switchport access vlan" line. So there is a dysfunction at that level. Do not hesitate to inform me of the follow-up that will be given. Bonjour M. Vinsonnaud, J’ai procédé à quelques tests de mon côté. Il s’avère que les actions SET et GET sur cet OID ne prennent effet qu’à partir du moment où le port est en mode General (switchport mode general). Une fois ceci fait, une action SET se traduit, comme vous l’avez remarqué, par l’apparition de la commande « switchport general pvid » suivi de la valeur dans le show run, tandis qu’une nouvelle action GET derrière renvoie bien la bonne valeur correspondant à cette ligne. Je vous invite à ouvrir un ticket au support technique, à l’aide du service tag de votre switch, afin de vérifier avec eux si cette MIB est supporté sur les ports en mode access ou pas. En effet, en mode access, une action SET créé la ligne de commande « switchport general pvid » tandis qu’une action GET renvoie la valeur correspondant à la ligne « switchport access vlan ». Il y a donc un dysfonctionnement à ce niveau-là. N’hésitez pas à m’informer des suites qui y seront données. Pour contacter le support : 0825 004 686 and then after some questions : My suggestion to contact technical support is precisely related to the fact that the behavior does not seem normal to me. This is not related to your switch or your firmware version, I tested on a N3000, with two versions of different firmware including the latest. Since the firmware has the same base for the N-Series, the behavior is the same on all N models (N2000, N3000, N4000). However, in General mode, the correct operation is observed, and therefore you can use the switches in this mode. General mode is required for some deployment contexts (especially for MAC address authentication). I add that the General mode allows you to more precisely control the VLANs assigned to a port, since in trunk mode, a port is automatically assigned to all existing VLANs on the switch as soon as you put it into this mode and is also automatically associated with any newly created VLANs. You can remove them later, but in General mode, you control explicitly the port / VLAN association. Ma suggestion de contacter le support technique est justement liée au fait que le comportement ne me parait pas normal. Ce n’est pas lié à votre switch ni à votre version de firmware, j’ai testé sur un N3000 de mon côté, avec deux versions de firmware différente dont la dernière. Le firmware ayant la même base sur l’ensemble de la gamme N, le comportement est donc le même sur tous les modèles N (N2000, N3000, N4000). Pour autant, en mode General, le fonctionnement correct est observé, et donc vous pouvez utiliser les switchs dans ce mode-là. Le mode General est obligatoire pour un certain nombre de contextes de déploiement (en particulier pour l’authentification par adresse MAC). J’ajoute que le mode General vous permet de contrôler plus finement les VLAN affectés à un port, puisqu’en mode trunk, un port est automatiquement affecté à l’ensemble des VLAN existants sur le switch dès que vous le basculez dans ce mode, et est également automatiquement associé à tout nouveau VLAN créé par la suite. On peut certes les en retirer par la suite, mais en mode General, c’est vous qui contrôlez explicitement l’association port/VLAN. So I will try calling the support to have more answers but the best solution seems to switch to general mode Cordialement, IOGS Logo<https://www.institutoptique.fr> *Ludovic Vinsonnaud * - Ingénieur Réseau basé à Bordeaux, bureau F108 (IOA, Rue François Mitterrand, 33400 Talence) *Institut Optique Graduate School* 2 Avenue Augustin Fresnel - 91127 PALAISEAU Cedex Tel. +33 5 57 01 71 52 - Mob. +33 6 08 08 41 05 Le 09/06/2017 à 12:43, John Magne Bredal a écrit :Thank you all for the information. I found an interesting post regarding Dell and setting vlan, and there is a solution in there. However it is not clear enough that I can write code without something to test on. The problem is the "general" mode that seem to exist on Dell and how to avoid using that. http://en.community.dell.com/support-forums/network-switches/f/866/t/19257012 Also the linked manual below has detailed instructions for setting vlan. Those instructions does not work however on HP which is the equipment we have available at the moment. More technically it also tells us that there are quite some differences in the MIBs based on which series the switch is - I quote: "On the E-Series and C-Series each position in the 8-character string is for one port, starting with Port 0at the left end of the string, and ending with Port 7 at the right end. A 0 indicates that the port is not amember of the VLAN; a 1 indicates VLAN membership.•On the S-Series, each position in the 8-character string is for one port, starting with Port 1 at the leftend of the string, and ending with Port 8 at the right end. A 0 indicates that the port is not a member ofthe VLAN; a 1 indicates VLAN membership." https://www.manualslib.com/manual/546511/Dell-Force10-S4810p.html?page=964#manual What is boils down to is equipment to test implementations on. I will make a separate post about this. On 08. juni 2017 10:28, Vinsonnaud Ludovic wrote:Hi, Here's the answer from Dell about N2000 Series (mail below and here's the translation) "I confirm that our switches are compatible with this MIB. It is part of the available MIBs within the switch firmware (http://www.dell.com/support/home/us/en/19/product-support/product/networking-n2000-series/drivers) This MIB is contained in the vlan.my file I ask in internal to try to get details about its implementation." -------- Message transféré -------- Sujet : RE: MIB N2048 Date : Thu, 8 Jun 2017 07:44:30 +0000 De : Nicolas.Roughol@dell.com Pour : Thierry.Favereaux@dell.com, ludovic.vinsonnaud@institutoptique.fr Copie à : gilbert.lucas@institutoptique.fr,Franck.Dufas@dell.com *Dell - Internal Use - Confidential * ** Bonjour M. Vinsonnaud, Je vous confirme que nos switches sont bien compatibles avec la MIB en question. Elle fait partie des MIBs disponibles au téléchargement avec le firmware des switchs (http://www.dell.com/support/home/us/en/19/product-support/product/networking-n2000-series/drivers) La MIB en question étant contenu dans le fichier vlan.my Je me renseigne en interne pour tenter d’obtenir des détails d’implémentation de celle-ci. Cordialement, *Nicolas ROUGHOL*** Networking Sales Engineer *Dell **EMC* | Enterprise Solutions, Networking *mobile:* +33 6 79 34 90 28 <tel:+33679349028> email:nicolas.roughol@dell.com <mailto:nicolas.roughol@dell.com> Learn about Dell Networking at:www.dell.com/networking <http://www.dell.com/networking> /Etes vous satisfait de notre collaboration?/ Pour tout commentaire n'hésitez pas à contacter mon manager,Gilles_Petit@DELL.com <mailto:Gilles_Petit@DELL.com> cid:image001.jpg@01D214EB.EA5CB520 Cordialement, IOGS Logo<https://www.institutoptique.fr> *Ludovic Vinsonnaud * - Ingénieur Réseau basé à Bordeaux, bureau F108 (IOA, Rue François Mitterrand, 33400 Talence) *Institut Optique Graduate School* 2 Avenue Augustin Fresnel - 91127 PALAISEAU Cedex Tel. +33 5 57 01 71 52 - Mob. +33 6 08 08 41 05 Le 07/06/2017 à 15:48, Vinsonnaud Ludovic a écrit :Hi, I've sent an email to my Dell Networking Sales Specialist and he transferred my questions to his Networking Sales Engineer I think I will have an answer today or tomorrow. Cordialement, IOGS Logo<https://www.institutoptique.fr> *Ludovic Vinsonnaud * - Ingénieur Réseau basé à Bordeaux, bureau F108 (IOA, Rue François Mitterrand, 33400 Talence) *Institut Optique Graduate School* 2 Avenue Augustin Fresnel - 91127 PALAISEAU Cedex Tel. +33 5 57 01 71 52 - Mob. +33 6 08 08 41 05 Le 07/06/2017 à 10:19, Marcus Westin a écrit :We also use Dell N2000-series switches to some extent, and cannot configure them through NAV at the time either (we’re primarily using Cisco, so it’s not been a huge issue so far). A configuration done manually (pretty much identical to Cisco): description "M-CB0271A12" spanning-tree portfast switchport access vlan 30 green-mode energy-detect green-mode eee and after changing the vlan from 30 to 206 through NAV: description "M-CB0271A12" spanning-tree portfast switchport general pvid 206 switchport access vlan 30 green-mode energy-detect green-mode eee Reverting to vlan 30 again does not remove the added configuration for 206. I’ve included mibs for the latest release for the N2000-series. Hope that there’s an easy solution ( Regards, Marcus W. Linnaeus University On 06/06/17 11:03, "John Magne Bredal"<nav-users-request@uninett.no on behalf of john.m.bredal@uninett.no> wrote: On 02. juni 2017 17:58, Vinsonnaud Ludovic wrote: > Hello, Hi! > > Sorry about my english, I'm french so everything may not be understood :-) > > I'm new to NAV and this software seems very interesting for my needs. Thats good to hear =) > > For Dell N2048, I'm a bit confused because if I have this command > "switchport access vlan 524" already set in the switch and I ask to > change the vlan from 524 to 525 with NAV, it adds this command > "switchport general pvid 525" but doesn't delete the old one. > So why change a "switchport access" by a "switchport general" ? Is it > better to have a "switchport mode general" in default config ? > Switchport mode access is the default mode, the 2 combined commands will > not work as intended I think ? We are unfamiliar with Dell switches - PortAdmin has been used extensively with Cisco and HP but I don't know about Dell. However, we use standard MIBs for all equipment except Cisco. So, what PortAdmin does when changing vlan is to alter the dot1qPvid-value which is located in the Q-BRIDGE-MIB. http://www.mibdepot.com/cgi-bin/getmib3.cgi?win=mib_a&r=alcatel&f=IETF_Q_BRIDGE.mib&v=v2&t=tree It seems Dell has another way of doing it that does not conform exactly to the Q-BRIDGE-MIB. If you have the MIB for the switch, then we could take a look at it and see if there is anything we can do. > I've not yet tested S4048 and N4064. > > -- > > Regards, > IOGS Logo<https://www.institutoptique.fr> > *Ludovic Vinsonnaud * - Ingénieur Réseau > basé à Bordeaux, bureau F108 (IOA, Rue François Mitterrand, 33400 Talence) > > *Institut Optique Graduate School* > 2 Avenue Augustin Fresnel - 91127 PALAISEAU Cedex > Tel. +33 5 57 01 71 52 - Mob. +33 6 08 08 41 05 > -- John Magne Bredal john.m.bredal@uninett.no +4791897366 Abels gt. 5- Teknobyen NO-7465 Trondheim