Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23
  1. #11
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,298

    Default

    Quote Originally Posted by dbh1 View Post
    Or is this rare?
    it is rare until it happens to you, and then it's 100% of the time. untangle does a slow rollout of upgrades to avoid exactly this sort of issue, there are theoretically enough boxes in the early-upgrade queue that most problems should be caught before many boxes in the regular queue get the upgrade. doesn't always work out that way, I've caught more than my share of upgrade bugs despite not having any boxes in the early-upgrade queue. none were outright failures, just software bugs in the new version or upgrade process not caught in time.

    upgrades, major ones especially like 15.1, tend to expose bad/failing hardware that would've bitten you sooner or later anyway, and I suspect most outright failures during/after upgrades are due to this reason

    the downside to disabling upgrades is that you may fall far behind if you're not paying attention.

  2. #12
    Untanglit
    Join Date
    Feb 2015
    Posts
    19

    Default

    Thanks. And now, of course, can’t get the new machine to upgrade to 15.1 as, I presume, it is still being rolled out. Will have to figure out how to force it.

  3. #13
    Untangle Ninja
    Join Date
    May 2008
    Posts
    1,288

    Default

    Quote Originally Posted by dbh1 View Post
    Maybe it isn’t worth allow auto upgrades? Or is this rare?
    The upgrade may or may not be the problem. You must have had auto upgrade turned off to still be on 14.0. So benefits and pitfalls either way. With auto off you control when the upgrades happen so you can do a backup to be safe. But you have to do them. There may be a way to get a notification?

  4. #14
    Untangle Ninja
    Join Date
    May 2008
    Posts
    1,288

    Default

    Do a backup and reinstall to 15.1. LOL Or wait.

  5. #15
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,298

    Default

    Quote Originally Posted by dbh1 View Post
    Thanks. And now, of course, can’t get the new machine to upgrade to 15.1 as, I presume, it is still being rolled out. Will have to figure out how to force it.
    it won't let you upgrade until your UID group gets into the regular upgrade queue. if you really want it to upgrade now, you can contact support and ask for your UID to be put in the early-upgrade queue (it can be one-time or always). otherwise as donhwyo said, backup/re-install/restore or just wait. I think most boxes will upgrade pretty soon now. most of mine have.

  6. #16
    Untanglit
    Join Date
    Feb 2015
    Posts
    19

    Default

    Thank you all for your help. I am now back up and running. I called support and they put me on the upgrade list to instantly upgrade. I was then able to restore from my v15.1 backup (sorry for the confusion, I had an old v14 backup and then was able to make a v15.1 one by using safe mode on the crashed machine).

    I created a new set of challenges for myself as I reversed the ports and exposed the wrong machines to the wrong subnets. After catching the error, it took a while to DHCP to re-propagate and fix the mess that I made.

    The only strange thing that may somehow relate to this is that I cannot get my smart switch (Netgear JGS516PE100NAS) to pick up DHCP from the correct subnet. My setup is an untangle server with 5 ethernet ports. Interface #3 is bridged to Internal. Camera Vlan's parent is Internal and is bridged to Camera Network. Basement Vlan's parent is internal and bridged to Basement Network. Guest Vlan's parent is internal and addressed. Internal physically has all of the wifi access points along with most of my personal stuff. Basement is for a tenant's apartment's hardwire and the basement vlan is for the tenant's use of a guest network on my wifi access points (unifi). Camera network goes to a dumb switch that has hard wired cameras and camera vlan is for future wifi cameras. Guest vlan is to give to guests using my wifi via a guest setup on unifi.

    My switch is plugged into eth1. I have a static entry for its mac address in DHCP as 192.168.1.XXX However it keeps getting a random address from the 192.168.9.X subnet. Note that it shows up on the arp table of the Basement Network and Basement Vlan.

    Ideally it would behave and pick up the .1 address. However, I have also tried to make a filter exception to allow my primary workstation to access the device. However, even with that filter exception it won't respond to a ping (it will respond from untangle's troubleshooter ping).


    1.jpg

  7. #17
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,523

    Default

    Quote Originally Posted by dbh1 View Post
    I created a new set of challenges for myself as I reversed the ports and exposed the wrong machines to the wrong subnets. After catching the error, it took a while to DHCP to re-propagate and fix the mess that I made.
    You can speed that up by cycling power to the switch. There are other, more graceful ways to rebuild the Arp tables.


    The only strange thing that may somehow relate to this is that I cannot get my smart switch (Netgear JGS516PE100NAS) to pick up DHCP from the correct subnet.

    My switch is plugged into eth1. I have a static entry for its mac address in DHCP as 192.168.1.XXX However it keeps getting a random address from the 192.168.9.X subnet. Note that it shows up on the arp table of the Basement Network and Basement Vlan.
    You haven't given us the logical layout to include the VLAN tagging so I am taking a stab in the dark.
    I also don't see where you have stated what the VLANs are bridged to, but I guess it is easy to assume by the names.

    With my limited experience w/ VLANs, I believe that you will need an untagged VLAN #1 on your uplink port of the switch. This logically connects to your underlying physical Interface on NGFW. This base connection (and untagged VLAN) is where the switch expects to be managed.
    Last edited by Jim.Alles; 06-18-2020 at 11:32 AM.

  8. #18
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,523

    Default

    It might be best to step back and draw a network layout. I did the minimum of making a list for each managed switch. You can't get the whole picture by just looking at NGFW GUI anymore.

    And the moral of the story is don't use VLAN (802.1q) Tag: 1 on Untangle. It is reserved for the switches' use --by convention.
    Last edited by Jim.Alles; 06-18-2020 at 11:31 AM. Reason: relevance

  9. #19
    Untangle Ninja
    Join Date
    Jan 2011
    Posts
    1,298

    Default

    Quote Originally Posted by Jim.Alles View Post
    And the moral of the story is don't use VLAN (802.1q) Tag: 1 on Untangle. It is reserved for the switches' use --by convention.
    that was an interesting thing I learned when I first started messing with VLANs - internally the switches deal with all traffic as tagged, and by default they use VLAN 1 for traffic that comes in untagged and leaves untagged. In my switches (Netgear) I don't see anything that would prevent you from re-configuring VLAN 1 to be a "real" VLAN, and using some other VLAN # for untagged traffic, or not accepting untagged traffic at all.
    But yes, trying to use VLAN 1 would be a lot of extra work, when there are 4093 other VLAN ID's available.
    Jim.Alles likes this.

  10. #20
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,093

    Default

    VLAN 1 is special on Unifi gear for other reasons... so yeah don't use it there ever.

    And of course 4095 on VMWare to move all tags...
    Last edited by sky-knight; 06-18-2020 at 02:56 PM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2