SF-300 sh running-config output

Unanswered Question
Oct 26th, 2011

Hi

Would it be possible to change output style of "sh running-config" in SF-300 switches to Cisco IOS-like format (eg.: options related to the specific interface put together, add tabs) in the next release? That would be much more readable.

Thanks for any replay.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
David Hornstein Wed, 10/26/2011 - 05:27

Hi Bartosz,

I will forward this feature request off to the product manager..

If you would be so kind as to send contact details to  dhornste  at  cisco.com ( remove spaces and replace 'at' with @)  I want to dig a little deeper into your request.

regards Dave

baroo_cisco Wed, 10/26/2011 - 06:29

Witam

The main thing is that "sh running-config" command in SF-300 is unreadable:

==== This is listing from SF-300:

interface gigabitethernet3

lldp med disable

exit

interface gigabitethernet4

lldp med disable

exit

interface vlan 1

ip address 10.0.1.102 255.255.255.0

exit

ip default-gateway 10.0.1.1

ip dhcp information option

interface vlan 1

no ip address dhcp

exit

no boot host auto-config

no bonjour enable

ip access-list extended ACL_PORT_1

permit ip 10.0.1.9 0.0.0.0 any

deny ip any any

exit

ipv6 access-list ACL6_PORT_1

permit ipv6 2001:e::1/128 any

deny ipv6 any any

exit

interface fastethernet1

service-acl input ACL_PORT_1 ACL6_PORT_1

=== And this is listing from C2950:

ip ssh time-out 120

ip ssh authentication-retries 3

ip ssh version 2

!

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

!

!

!

interface FastEthernet0/1

switchport access vlan 100

switchport mode access

ip access-group 101 in

spanning-tree portfast

spanning-tree bpdufilter enable

!

interface FastEthernet0/2

switchport access vlan 100

switchport mode access

ip access-group 102 in

spanning-tree portfast

spanning-tree bpdufilter enable

!

interface FastEthernet0/3

switchport access vlan 100

switchport mode access

ip access-group 103 in

spanning-tree portfast

spanning-tree bpdufilter enable

The commands are almost the same but the way in which they are presetend are totaly different. Main advantages are:

- all options related to a specific interface are in one place

- sections are divided by using "!" mark

- suboptions are prepended by a single space.

Is this possible to modify the output of this command in SF-300 in such a way?

Best regards

Bartosz Kois

Dnia 26-10-2011 o 14:27 otrzymano wiadomość od dhornste

David Hornstein David Hornstein created the discussion

"Re: SF-300 sh running-config output"

To view the discussion, visit: https://supportforums.cisco.com/message/3475061#3475061

Ivor Diedricks Wed, 10/26/2011 - 09:59

Yes, we're already working on it. The next major firmware version for the 300 Series switches will support what you're looking for.

Ivor

baroo_cisco Wed, 10/26/2011 - 10:09

Hi

That`s great. Could you tell me what is the expected EOL for this switch. I`m asking because we are planing to buy around 25 units in the next year for our network as a access switches.

Best regards

Bartosz Kois

baroo_cisco Fri, 10/28/2011 - 06:57

Hi

There is one more thing I`d like to report. Please compare the speed of CLI interface on Putty and Linux SSH client. There is something that let SSH Linux client display data faster than on Putty.

Best regards

Bartosz Kois

Dnia 26-10-2011 o 19:11 otrzymano wiadomość od idiedric

Ivor Diedricks Ivor Diedricks created the discussion

"Re: SF-300 sh running-config output"

To view the discussion, visit: https://supportforums.cisco.com/message/3475374#3475374

baroo_cisco Mon, 10/31/2011 - 05:54

Hi

There is also one missing option that I have found during tests. In “config-ip-al” submenu there is no “no” option that allow administrator to delete a specific rule. In case I want to modify a single rule I have to delete access-list and compose it from the beginning.

SWITCH-TEST(config-ip-al)#

  deny                 A deny-ip condition blocks traffic if the conditions

                       define in the deny statement are matched.

do                   execute an EXEC-level command

  end                  Exit from configure mode

  exit                 Exit from current context

  help                 Description of the interactive help system

  permit               A permit condition forward traffic if the conditions

                       define in the permit statement are matched.

Could you add that in the next release?

Best regards

Bartosz Kois

baroo_cisco Mon, 10/31/2011 - 10:23

Hi

I`ve probably found another bug. With my test configuration (included in the attachment) access lists apply only to traffic on fa1 port and not for fa2 and fa3 (on fa1 traffic is limted only to specified host whereas on fa2 and fa3 I can pass traffic from any host).

Another thing is that during reload switch should first disconnect SSH session otherwise session hangs.

Best regards

Bartosz Kois

Dnia 26-10-2011 o 19:11 otrzymano wiadomość od idiedric

Ivor Diedricks Ivor Diedricks created the discussion

"Re: SF-300 sh running-config output"

To view the discussion, visit: https://supportforums.cisco.com/message/3475374#3475374

iryao Tue, 11/01/2011 - 09:59

Hi Sir,

Related to ACL Binding issue, we like to know more details from you. Please help. What I understand is that one ACL e.g. Rule1 can bind to one interface e.g. fa1, but you like to bind this ACL "Rule1" to other interfaces e.g. fa2, and fa3. However, you cannot bind this Rule1 to fa2 and fa3 via CLI command. Am I right?

Please kindly advice. Thank you.

iryao Tue, 11/01/2011 - 21:53

Thank you for the reply. We will look into the details and give you update asap.

baroo_cisco Tue, 11/01/2011 - 10:58

Hi

My main goal is to provide some security for my network. In this case I want to allow just one specific ip address on each interface. To achive that I configured one acl per each interface (ACL_PORT_1, ACL_PORT_2 etc. …) and bind the respectively to interfaces. The problem is that somehow (in my configuration) traffic on Fa1 port is limited to ACL_PORT_1, but acl on port Fa2 and Fa3 doesn’t work at all (I can send traffic on Fa2 and Fa3 from any ip address).

Best regards

Bartosz Kois

iryao Mon, 11/14/2011 - 22:47

Hi Sir,

We will add "no" ACE command available in the future release. Thank you to point us out.

Meanwhile, we could able to re-produce the ACL binding issue in our lab. We're investigating this issue now. Will update you once we found out the root cause. Thank you.

iryao Mon, 11/21/2011 - 16:25

Hi Sir,

We found out the root cause of ACL binding problem. We will fix this problem. Thank you and report this issue to our attention.

baroo_cisco Sat, 12/03/2011 - 06:02

Hi

I`ve noticed that you published the new version of firmware for SF-300 switches (Sx300_FW-1.1.2.0.ros). I`ve tested it, but there is still problem with ACLs. When there will be avaible a fixed version of firmware?

Best regards

Bartosz Kois

iryao Sun, 12/04/2011 - 08:00

Hi Sir,

Unfortunately, we are not able to include this ACL fixing on this new 1.1.2.0 release. We will have this fix on the next maintenance release.

baroo_cisco Tue, 12/27/2011 - 06:19

Hi

There is also one more nice future that could be added. During TDR test switch could print the fact that one or more of the cooper wires are shorter than others (e.g. one cooper wire was cut in the middle).

iryao Tue, 01/03/2012 - 19:10

Hi Sir,

Thank you to bring out this to our attention. We will look into and see whether it's doable, especially for Cat5 cable.

Thank you again.

nicolelayne Tue, 01/10/2012 - 09:09

Hi,

I would like to report a bug with the management VLAN.

By default we set our management VLAN to another VLAN e.g. 25, so that we can remotely manage the switches via our management VLAN and respective IP.

After upgrading a switch out of the box with this new firmware, we cannot change the management VLAN from VLAN 1.

To change, we have to revert to the original firmware, change the management VLAN and then switch the image to the new.

Can you check on this?

Thanks.

iryao Tue, 01/10/2012 - 12:51

Sir,

Thank you to report this issue to our attention. For further investigation, can you let us know the version of "this new firmware"? Is it 1.1.2.0? How about the version of "original firmware"? Is it 1.1.1.8?

Please kindly advice if you got chance.

Thank you.

nicolelayne Thu, 01/19/2012 - 14:21

Hi, sorry for the much delayed response.

Here's the version info.

Firmware Version (Active Image):1.1.2.0
Firmware Version (Non-active):1.0.0.27
Boot Version:1.0.0.4

So if I need to change the management VLAN to something other than 1, e.g. 25, I have to do it with version 1.0.0.27 first and then change the active image to 1.1.2.0.

I can't upgrade a switch out of the box and then change the management VLAN from the default of 1.

Thanks.

baroo_cisco Tue, 01/17/2012 - 05:17

When the new firmware will be released? I'm asking because I have to know if the problem with ACL will be fixed or I return switch as it not functioning properly.

iryao Tue, 01/17/2012 - 17:15

Hi Sir,

The new firmware release will be available in May/June time frame. The early time we can provide the beta release is April time frame. Will this work out for you?

Thank you

baroo_cisco Wed, 01/18/2012 - 06:21

I wouldn`t say that half of a year is a proper time for fixing important bug in the software (especially if the device is branded by cisco).

Actions

Login or Register to take actions

This Discussion

Posted October 26, 2011 at 3:50 AM
Stats:
Replies:24 Avg. Rating:
Views:5321 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard