For a long time, I had always assumed that hardware with no moving parts was almost bullet proof. Well the other day I had a switch loose is configuration out of the blue. Everything. When a bunch of machines dropped off the network it took me some time to track it down. When I finally connected a console to this switch I found it at the initial setup dialog.
Whoops!
So I set about restoring its configuration. No, I did not have a backup but I borrowed the configuration from another switch. The tricky part was working out the port configurations. I started by putting them all on the same VLAN which worked for most machines, until I discovered a PIX firewall that should have a trunking port.
Trunking to a firewall? Not the best way to do things, but hey it was a pissy little 506E so I didn't have a lot of choice beyond the two physical NICs. Configured on the firewall were two logical interfaces onto the physical. My first mistake was assuming that the physical interface would correspond to the native VLAN and the other two would be tagged via 802.1q
Well, would you believe that's not the case? I was scratching my head for a while since the other two interfaces were working fine as the switch was tagging their traffic but since I'd made the VLAN of the physical interface a native VLAN this meant its frames were not getting tagged by the switch and thus the firewall was not recognising them.
So after much deliberation I tested this by changing the native VLAN back to 1 and what do you know? It worked. Upon closer inspection of the firewall configuration it should have been obvious. Despite being listed as a physical interface there was still and entry in the VLAN field which meant that interface was looking for tagged traffic.
So now I know. Did you know?
