NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
Solved
trying to get tftp upload to work on XS748T
System information:
XS748T ProSAFE 48-Port 10-Gigabit Smart Managed Switch, S/W version 6.5.1.31, Boot version 1.0.0.0
I've been having some trouble configuring this switch so that I can...
Figured it out. Removed all the routing on the A server, and on the switch and added back in only the minimum as follows
DefaultRoute 0.0.0.0 0.0.0.0 C.x.x.250 1 And now it's been working most of the afternoon. I'll see how it goes over the next few days :-P
Breaking it down to one senence: It appears that the switch CPU/management interface on subnet C does ignore configured static routes neither allowing to use the Web UI nor allowing to use tftp from/to the A and B subnets.
On a side note, you wrote "Our switches are on a private network C, though they are routing traffic from two public networks A and B, which is all nat'ed by an ubuntu server." The switches (at least the subject XS748T) are not routing, but plain L2 VLAN switching, isn't it?
What I don't understand - why adding static default routes if the gateway (you have only one on your switch, because there are no other VLAN interfaces with IPs) is the same like the default gateway anyway?
ip default-gateway C.x.x.250
ip route A.x.x.0 /24 C.x.x.250
ip route B.x.x.0 /24 C.x.x.250
While quickly testing I found the XS748T on 6.5.1.31 Web UI does not show static routes configured (and active - VLAN routing here) - re-adding is refused as the route does already exist, and updaing is possible by re-adding the static route and change e.g. the gateway or the metric and [Update] LaurentMa bradleyv whoever is in charge:
Well I added the static routes to try and troubleshoot, but I'm not sure that's what's needed. Now that it is Monday and I am back at work (with access to the private network), I notice the following:
- I can't ping to the switch anymore from any of the networks
- I can't reach the web UI admin anymore
- BUT, my testserver that's on its port 37 is happy as a clam. this test server has an A network address and it boots, gets PXE etc all just fine
- ANOTHER testserver that I connected to another of its ports, with a C network IP address, does NOT get any connection ...
Networks A, B, C are all on the same vlan 441, but C is nat'ed through a server on the A network. I intended for the switch to have a C network address in part for security.
I suspect part of the issue might be arp? Because it seems like it lost the arp route, which suggests I need to add to the arp table, but I was unable to do so when I tried, First, I wen tto Routing->ARP and I tried to add the NAT server on its own A subnet IP address, and got told "ARP IP must be from a directly connected network.."
So I tried again, this time checking the static box and this time it told me "ARP IP must be from a directly connected network. Might be missing parameters (data Tblchk) in page." Now, I was only given three possible bits of info to enter: the checkbox for static or not, a text box for the IP Address (which I filled) and a text box for the MAC Address (which I filled) so that part about the "dataTblchk" doesn't help.
I've managed a number of switches before, but this one is killing me. I don't want to factory reset and start over, I think I'll just wind up right here again, so I need to figure out why it's so unreachable.
OK, I removed all settings from the switch and started over. I left VLANs strictly alone (the uplink basically only provides one VLAN tag anyway). I'm trying to figure out a reachability/router issue. I think this is the core problem I've been having. Everything I describe is on one VLAN, so we can dismiss that for the moment. So let's SIMPLIFY what I've got here (maybe I should do another post? :-/ )
There are two networks involved, let's call them A and C. A is our public network space and interfaces out to the internet at large. C is our private network space, where we typically put our switches, CAS, PDU, idrac, IPMI and other network infrastructure. We have an ubuntu server running 14.04 that is our NAT to the C network. So it's eth0:0 IP is a A.x.x.3 and its eth0:1 IP address is C.x.x.250.
The netgear itself gets a static IP address in the C network (C.x.x.102) but it will be providing connectivity to servers that are on either A or C subnets. At present I have one of each connected to the switch (and they're doing fine, actually).
What I am having trouble with is getting the switch to consistently connect with servers (other than the NAT) on the A network.
Looking at the User Manual (yes, I have been all over this thing), http://www.downloads.netgear.com/files/GDC/XS728T/XS728T_XS748T_UM_EN.pdf to be exact, on page 173, I can see that I need to set the routing as follows:
Network Address: A.x.x.0
Subnet Mask: 255.255.255.0
Next Hop IP Address: C.x.x.102
Preference: 1(ie the next hop is the IP address of the switch). But the error message is "Gateway cannot be one of the addresses configured on this device."
I do have routing enabled (that's the default) under Routing/IP/IP configuration.
Here's the relevant portion of the manual I'm looking at:
Thoughts? The connection works intermittently (as if various arp tables are briefly in alignment until something times out, but I can't consistently get them to talk. Then when I did get a connection (see below), I went over to do a traceroute on the switch right
after the traceroute from the A server below. Then immediately the connection was lost. You can see the timestamps before and after on the 'date' commands...it's within a minute :-/ I can consistently ping the NAT and I can consistently ping C subnet servers on any of our switches and I can consistently ping A servers that are connected to THIS switch. So it's a routing problem. But I can't add the route I want! I've tried various other things, like listing the A network IP address of the NAT server (that error message response says "Only a directly connected router can be defined as the gateway" -- and that's NAT's C.x.x.250 address).
root@ctrl:~# ping sw-b11 PING sw-b11.private.example.com (C.x.x.102) 56(84) bytes of data. 64 bytes from sw-b11.private.example.com (C.x.x.102): icmp_seq=1 ttl=63 time=1.05 ms 64 bytes from sw-b11.private.example.com (C.x.x.102): icmp_seq=2 ttl=63 time=1.05 ms 64 bytes from sw-b11.private.example.com (C.x.x.102): icmp_seq=3 ttl=63 time=1.09 ms ^C --- sw-b11.private.example.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 1.051/1.068/1.099/0.043 ms root@ctrl:~# arp | grep b11 sw-b11.private.example.com ether xx:xx:xx:xx:xx:xx C eth0 root@ctrl:~# date Tue Oct 30 09:08:00 PDT 2018 root@ctrl:~# traceroute sw-b11 traceroute to sw-b11 (C.x.x.102), 30 hops max, 60 byte packets 1 sw-b11.private.example.com (C.x.x.102) 4.034 ms 4.127 ms 4.247 ms root@ctrl:~# ping sw-b11 PING sw-b11.private.example.com (C.x.x.102) 56(84) bytes of data. From ctrl.public.example.com (A.x.x.8) icmp_seq=1 Destination Host Unreachable From ctrl.public.example.com (A.x.x.8) icmp_seq=2 Destination Host Unreachable From ctrl.example.com (A.x.x.8) icmp_seq=3 Destination Host Unreachable ^C --- sw-b11.private.example.com ping statistics --- 5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4022ms pipe 3 root@ctrl:~# arp | grep b11 sw-b11.private.example.com (incomplete) eth0 root@ctrl:~# date Tue Oct 30 09:09:22 PDT 2018 root@ctrl:~#
Figured it out. Removed all the routing on the A server, and on the switch and added back in only the minimum as follows
DefaultRoute 0.0.0.0 0.0.0.0 C.x.x.250 1 And now it's been working most of the afternoon. I'll see how it goes over the next few days :-P
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
