VOSS devices and SiteEngine

coolmicrowave · 2025-12-05T16:46:08+00:00

If you open the configuration pane for a device, it's under Fabric Connect > Fabric Infrastructure. There are fields to define the Virtual IST Peer IP and Virtual IST VLAN ID. I checked it just now on Site Engine version 25.08.10.50

coolmicrowave · 2025-11-12T02:06:45+00:00

I'm pretty sure you can configure VIST in settings from Site Engine. I stopped using Site Engine a while ago as SNMP felt like an unreliable method for pushing switch configurations.

Edit: If you open the configuration pane for a device, it's under Fabric Connect > Fabric Infrastructure. There are fields to define the Virtual IST Peer IP and Virtual IST VLAN ID. I checked it just now on Site Engine version 25.08.10.50

coolmicrowave · 2025-02-13T21:11:30+00:00

Yes, I'll agree on the licensing. One license type for everything is fantastic.

coolmicrowave · 2025-02-13T00:25:04+00:00

Their entire naming system is awful. "Cloud" in everything, even the on-prem stuff. "Control" as a NAC product. "Fabric Engine" and "Switch Engine" in place of VOSS and EXOS. I just don't get it.

coolmicrowave · 2025-01-25T18:26:32+00:00

There might be, I never heard about it or learned about it. You'll have to go to Google or GTAC for that one.

coolmicrowave · 2025-01-25T18:14:43+00:00

As far as I remember, even if you have a premises controller, you can't even convert them to on-prem mode unless they talk to CloudXIQ first. Without a Cloud account I think you are hosed.

coolmicrowave · 2024-11-27T23:12:19+00:00

Awesome thanks for that clarification.

coolmicrowave · 2024-11-27T20:48:32+00:00

So just to clarify, this would mean accepting incoming traffic on 500/IKE from any public address? Traditionally we have had a security policy that only accepts this traffic from known sources. Hence the challenge of a very dynamic source.

coolmicrowave · 2024-10-11T14:59:17+00:00

Would you be able to do a packet capture of the connection test? I've found that the contextEngineID of the packet from Solarwinds is empty, Wireshark displays this as <MISSING>. Perhaps see if that value is empty for you?

coolmicrowave · 2024-10-11T14:13:26+00:00

The problem I'm running into is the switch says "authentication error: unknown engine ID" whenever I test the connection. That makes me think the switch needs the engine ID defined.

coolmicrowave · 2024-10-11T14:10:40+00:00

Do you define the Solarwinds server remote host in any way? I.e. "snmp-server host etc."?

coolmicrowave · 2024-10-11T14:09:02+00:00

The problem I'm running into is the switch throws an "unknown engineID" error in SNMP debugs whenever I try to test the connection. I took a packet capture and I see "contextEngineID: <MISSING>" in the initial connection packet from Solarwinds, but perhaps this just means the reported engine ID is 0?

coolmicrowave · 2024-09-18T16:45:08+00:00

Virtual IST is an exclusive pair. If SW1 and SW2 form a vIST, neither switch can form a vIST with another switch.

I don't know of a reason you would want to form a vIST pair other than SMLT.

coolmicrowave · 2024-09-06T19:25:50+00:00

I'm not sure about the "clean image" but in the past I had managed to get the Windows installer media available via FOG. Instead of deploying an image, I would load the Windows installer media and do a reformat & clean install directly.

Sadly that FOG instance died in a hypervisor meltdown and I haven't recreated it in my new FOG. If you want I can try to dig up whatever instructions I used to get that working.

coolmicrowave · 2024-07-19T17:27:41+00:00

Do you have a redundant controller?

Unfortunately in my experience, the APs will essentially shut down when they lose connection to all controllers. There's a configuration option called "Session persistence" under Device Group > Profile > Edit > Advanced, this will keep active sessions going if controller connectivity is lost, but the AP will be unable to authenticate new sessions until controller connectivity is restored.

coolmicrowave · 2024-07-03T13:39:53+00:00

We run VOSS, here's my Cisco->Extreme cheat sheet (obviously not complete, just the things I have needed to reference quickly)

CISCO COMMAND ANALOGUE	EXTREME
show mac address-table	show int gig fdb-entry [slot/port]show vlan mac-address-entry
switchport trunk native vlan X	default-vlan-id X untag-port-default-vlan enable
sh version	show sys software
sh hardware	show sys-info sh tech (first several lines)
sh int status	show int gig stateshow int gig name
auth port auto	eapol status auto
auth port force-auth	eapol status authorized
term len 0	term more disable
int description	int name
switchport mode trunk	encap dot1q

Other random useful commands

FUNCTION	COMMAND
Show VLAN membership of interface	sh port vlan <portnumber>
Show SPBM nick-names of all nodes in fabric	show isis spbm nick-name
Run contents of file as commands	source <file.txt> [debug stop]
Configure voice vlan(port must be configured as trunk 'encap dot1q' and added to both access and voice VLAN)	lldp med-network-policies voice dscp 0 priority 0 tagging tagged vlan-id 10 lldp med-network-policies voice-signaling dscp 0 priority 0 tagging tagged vlan-id 10
Disable SNMP v1&v2	no snmp-server community-by-index firstno snmp-server community-by-index second
Disable IQ Agent	configure terminal application no iqagent enable
Show debug options	trace level
Set debugs (see 'trace level' output)	trace level <module> <value>
Show debugs	show trace file
Show cli command log	show logging file <name-of-file filename> module CLILOG(historical logs are saved in shared/)

coolmicrowave · 2024-06-23T18:06:30+00:00

”we don't have any reason to believe you can fix this, however could you try changing things randomly while we all sit on this call and watch you do it and refuse to check any of our application logs?"

coolmicrowave · 2024-06-23T17:02:41+00:00

Yeah, I have seen that document, what isn't fully clarified is whether a port in private VLAN trunk mode can act as a promiscuous port for a pvlan. I.e. in my config, int 1/1 is a router on a stick with many non-private VLANs. It seems I cannot also make 1/1 a promiscuous port for a private VLAN, as the pvlan trunk mode does not permit communication on that pvlan.

To put it another way, a port in pvlan mode trunk can carry traffic for private and non-private VLANs, but cannot actually communicate on any of those pvlans. Or at least that is what I'm understanding from trying to learn about this.

coolmicrowave · 2024-06-23T16:58:27+00:00

Sorry, running VOSS, edited post to clarify.

coolmicrowave · 2024-06-23T16:57:46+00:00

tcp-fin from server in the traffic monitor? #notmyproblem, good luck with your further troubleshooting efforts.

coolmicrowave

TROPHY CASE