Page MenuHomeVyOS Platform
Feed All Stories

Today

c-po changed the status of T3104: LLDP Traceback error from Confirmed to Needs testing.
Wed, Dec 2, 7:01 PM · VyOS 1.3 Equuleus
c-po added a comment to T3106: 802.11ax support.

Calculating setting is always the smartest idea. I also have a WIFI6 NIC with me, the problem is it is not supported by Linux 4.19. which we currently are forced to use.

Wed, Dec 2, 6:15 PM · VyOS 1.3 Equuleus
Dmitry added a comment to T3104: LLDP Traceback error.

It seems related to this patch https://github.com/vyos/vyos-1x/commit/b39d623170377b2e99fd7e88b627afea71e4d00c#diff-e4557e4a7b41f0e9328ac0e7d7c0305416f0f1e42d46af27c2135ca976434fce
Appears only if you have 2 or more lldp neighbors.

Wed, Dec 2, 1:39 PM · VyOS 1.3 Equuleus
thadrumr added a comment to T3104: LLDP Traceback error.

set firewall all-ping 'enable'
set firewall broadcast-ping 'disable'
set firewall config-trap 'disable'
set firewall group address-group kasa address '192.168.2.109'
set firewall group address-group kasa address '192.168.2.110'
set firewall group address-group kasa address '192.168.2.101'
set firewall group address-group kasa address '192.168.2.102'
set firewall group address-group kasa address '192.168.2.103'
set firewall group address-group ring address '192.168.2.105'
set firewall group address-group ring address '192.168.2.113'
set firewall group address-group ring address '192.168.2.195'
set firewall group address-group trusted-sip address '*'
set firewall group address-group trusted-sip address '
**'
set firewall group address-group trusted-sip address '
**'
set firewall group port-group VOIP description ''
set firewall group port-group VOIP port '5060'
set firewall group port-group VOIP port '10001-20000'
set firewall ipv6-receive-redirects 'disable'
set firewall ipv6-src-route 'disable'
set firewall ip-src-route 'disable'
set firewall log-martians 'enable'
set firewall name IOT_IN default-action 'drop'
set firewall name IOT_IN enable-default-log
set firewall name IOT_IN rule 10 action 'accept'
set firewall name IOT_IN rule 10 description 'Allow Kasa to HomeAssistant'
set firewall name IOT_IN rule 10 destination address '10.22.87.143'
set firewall name IOT_IN rule 10 source group address-group 'kasa'
set firewall name IOT_IN rule 20 action 'accept'
set firewall name IOT_IN rule 20 description 'Allow HTTPS'
set firewall name IOT_IN rule 20 destination port '443'
set firewall name IOT_IN rule 20 protocol 'tcp'
set firewall name IOT_IN rule 30 action 'accept'
set firewall name IOT_IN rule 30 description 'Allow HTTP'
set firewall name IOT_IN rule 30 destination port '80'
set firewall name IOT_IN rule 30 protocol 'tcp'
set firewall name IOT_IN rule 40 action 'accept'
set firewall name IOT_IN rule 40 description 'Orbit-Behyve'
set firewall name IOT_IN rule 40 destination port '8887'
set firewall name IOT_IN rule 40 protocol 'tcp'
set firewall name IOT_IN rule 50 action 'accept'
set firewall name IOT_IN rule 50 description 'Allow NTP'
set firewall name IOT_IN rule 50 destination port '123'
set firewall name IOT_IN rule 50 protocol 'udp'
set firewall name IOT_IN rule 60 action 'accept'
set firewall name IOT_IN rule 60 description 'Allow DNS'
set firewall name IOT_IN rule 60 destination port '53'
set firewall name IOT_IN rule 60 protocol 'udp'
set firewall name IOT_IN rule 70 action 'accept'
set firewall name IOT_IN rule 70 description 'Ring Allow All'
set firewall name IOT_IN rule 70 protocol 'ip'
set firewall name IOT_IN rule 70 source group address-group 'ring'
set firewall name IOT_IN rule 80 action 'accept'
set firewall name IOT_IN rule 80 description 'MYQ'
set firewall name IOT_IN rule 80 destination port '8883'
set firewall name IOT_IN rule 80 protocol 'tcp'
set firewall name IOT_IN rule 90 action 'accept'
set firewall name IOT_IN rule 90 description 'Allow all from Dude Server'
set firewall name IOT_IN rule 90 protocol 'ip'
set firewall name IOT_IN rule 90 source address '192.168.2.2'
set firewall name IOT_IN rule 100 action 'accept'
set firewall name IOT_IN rule 100 description 'Allow ICMP'
set firewall name IOT_IN rule 100 protocol 'icmp'
set firewall name IOT_IN rule 110 action 'drop'
set firewall name IOT_IN rule 110 description 'Drop Guest to Lan'
set firewall name IOT_IN rule 110 destination address '10.22.87.0/24'
set firewall name IOT_IN rule 110 source
set firewall name WAN_IN default-action 'drop'
set firewall name WAN_IN description 'WAN to internal'
set firewall name WAN_IN rule 10 action 'accept'
set firewall name WAN_IN rule 10 description 'Allow established/related'
set firewall name WAN_IN rule 10 state established 'enable'
set firewall name WAN_IN rule 10 state related 'enable'
set firewall name WAN_IN rule 20 action 'drop'
set firewall name WAN_IN rule 20 description 'Drop invalid state'
set firewall name WAN_IN rule 20 state invalid 'enable'
set firewall name WAN_IN rule 21 action 'accept'
set firewall name WAN_IN rule 21 description 'Allow VOIP'
set firewall name WAN_IN rule 21 log 'disable'
set firewall name WAN_IN rule 21 protocol 'all'
set firewall name WAN_IN rule 21 source group port-group 'VOIP'
set firewall name WAN_IN rule 30 action 'accept'
set firewall name WAN_IN rule 30 destination address '10.22.87.14'
set firewall name WAN_IN rule 30 destination port '5000,16881,9025-9040,8080'
set firewall name WAN_IN rule 30 protocol 'tcp'
set firewall name WAN_IN rule 30 state new 'enable'
set firewall name WAN_IN rule 31 action 'accept'
set firewall name WAN_IN rule 31 destination address '10.22.87.19'
set firewall name WAN_IN rule 31 destination port '1194'
set firewall name WAN_IN rule 31 protocol 'udp'
set firewall name WAN_IN rule 40 action 'accept'
set firewall name WAN_IN rule 40 description 'Allow SIP'
set firewall name WAN_IN rule 40 destination address '10.22.87.7'
set firewall name WAN_IN rule 40 destination port '5060,10000-20000'
set firewall name WAN_IN rule 40 protocol 'udp'
set firewall name WAN_IN rule 40 source group address-group 'trusted-sip'
set firewall name WAN_IN rule 50 action 'accept'
set firewall name WAN_IN rule 50 description 'Allow My Parents LAN IPSec'
set firewall name WAN_IN rule 50 source address '192.168.0.0/24'
set firewall name WAN_IN rule 60 action 'accept'
set firewall name WAN_IN rule 60 description 'Allow Home Assistant'
set firewall name WAN_IN rule 60 destination address '10.22.87.143'
set firewall name WAN_IN rule 60 destination port '8123'
set firewall name WAN_IN rule 60 protocol 'tcp'
set firewall name WAN_IN rule 70 action 'accept'
set firewall name WAN_IN rule 70 description 'Allow Plex Nvidia Shield'
set firewall name WAN_IN rule 70 destination address '10.22.87.115'
set firewall name WAN_IN rule 70 destination port '32400'
set firewall name WAN_IN rule 70 protocol 'tcp'
set firewall name WAN_LOCAL default-action 'drop'
set firewall name WAN_LOCAL description 'WAN to router'
set firewall name WAN_LOCAL rule 10 action 'accept'
set firewall name WAN_LOCAL rule 10 description 'Allow established/related'
set firewall name WAN_LOCAL rule 10 state established 'enable'
set firewall name WAN_LOCAL rule 10 state related 'enable'
set firewall name WAN_LOCAL rule 20 action 'drop'
set firewall name WAN_LOCAL rule 20 description 'Drop invalid state'
set firewall name WAN_LOCAL rule 20 state invalid 'enable'
set firewall name WAN_LOCAL rule 21 action 'drop'
set firewall name WAN_LOCAL rule 21 description 'Allow limited SSH Attempts'
set firewall name WAN_LOCAL rule 21 destination port '22'
set firewall name WAN_LOCAL rule 21 log 'disable'
set firewall name WAN_LOCAL rule 21 protocol 'tcp'
set firewall name WAN_LOCAL rule 21 recent count '4'
set firewall name WAN_LOCAL rule 21 recent time '60'
set firewall name WAN_LOCAL rule 21 state new 'enable'
set firewall name WAN_LOCAL rule 22 action 'accept'
set firewall name WAN_LOCAL rule 22 description 'Allow New SSH Attemtps'
set firewall name WAN_LOCAL rule 22 destination port '22'
set firewall name WAN_LOCAL rule 22 protocol 'tcp'
set firewall name WAN_LOCAL rule 22 state new 'enable'
set firewall name WAN_LOCAL rule 30 action 'accept'
set firewall name WAN_LOCAL rule 30 description 'Allow ISAKMP'
set firewall name WAN_LOCAL rule 30 destination port '500'
set firewall name WAN_LOCAL rule 30 protocol 'udp'
set firewall name WAN_LOCAL rule 31 action 'accept'
set firewall name WAN_LOCAL rule 31 description 'Allow ESP'
set firewall name WAN_LOCAL rule 31 protocol 'esp'
set firewall name WAN_LOCAL rule 32 action 'accept'
set firewall name WAN_LOCAL rule 32 destination port '4500'
set firewall name WAN_LOCAL rule 32 protocol 'udp'
set firewall name WAN_LOCAL rule 33 action 'accept'
set firewall name WAN_LOCAL rule 33 destination port '1701'
set firewall name WAN_LOCAL rule 33 ipsec match-ipsec
set firewall name WAN_LOCAL rule 33 protocol 'udp'
set firewall name WAN_LOCAL rule 40 action 'accept'
set firewall name WAN_LOCAL rule 40 protocol 'all'
set firewall name WAN_LOCAL rule 40 source address '
**'
set firewall name WAN_LOCAL rule 43 action 'accept'
set firewall name WAN_LOCAL rule 50 action 'accept'
set firewall name WAN_LOCAL rule 50 destination port 'openvpn'
set firewall name WAN_LOCAL rule 50 protocol 'udp'
set firewall name WAN_LOCAL rule 60 action 'accept'
set firewall name WAN_LOCAL rule 60 protocol 'all'
set firewall name WAN_LOCAL rule 60 source address '*.*.*.*'
set firewall receive-redirects 'disable'
set firewall send-redirects 'enable'
set firewall source-validation 'disable'
set firewall syn-cookies 'enable'
set firewall twa-hazards-protection 'disable'
set interfaces ethernet eth0 address 'dhcp'
set interfaces ethernet eth0 address 'dhcpv6'
set interfaces ethernet eth0 description 'Internet'
set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1 address '1'
set interfaces ethernet eth0 dhcpv6-options pd 0 interface eth1 sla-id '0'
set interfaces ethernet eth0 duplex 'auto'
set interfaces ethernet eth0 firewall in name 'WAN_IN'
set interfaces ethernet eth0 firewall local name 'WAN_LOCAL'
set interfaces ethernet eth0 hw-id '
**'
set interfaces ethernet eth0 ipv6 address autoconf
set interfaces ethernet eth0 speed 'auto'
set interfaces ethernet eth0 traffic-policy out 'wanshaper'
set interfaces ethernet eth1 address '10.22.87.1/24'
set interfaces ethernet eth1 description 'Lan'
set interfaces ethernet eth1 duplex 'auto'
set interfaces ethernet eth1 hw-id '**'
set interfaces ethernet eth1 speed 'auto'
set interfaces ethernet eth2 address '192.168.2.1/24'
set interfaces ethernet eth2 description 'IOT'
set interfaces ethernet eth2 duplex 'auto'
set interfaces ethernet eth2 firewall in name 'IOT_IN'
set interfaces ethernet eth2 hw-id '*'
set interfaces ethernet eth2 speed 'auto'
set interfaces loopback lo
set nat destination rule 10 description 'Port Forward: Plex and Download Station to 10.22.87.14'
set nat destination rule 10 destination port '5000,16881,9025-9040,8080'
set nat destination rule 10 inbound-interface 'eth0'
set nat destination rule 10 protocol 'tcp'
set nat destination rule 10 translation address '10.22.87.14'
set nat destination rule 11 description 'Port Forward: OpenVPN to 10.22.87.19'
set nat destination rule 11 destination port '1194'
set nat destination rule 11 inbound-interface 'eth0'
set nat destination rule 11 protocol 'udp'
set nat destination rule 11 translation address '10.22.87.19'
set nat destination rule 12 description 'Port Forward: SIP and RTP to FreePBX'
set nat destination rule 12 destination port '5060,10000-20000'
set nat destination rule 12 inbound-interface 'eth0'
set nat destination rule 12 protocol 'udp'
set nat destination rule 12 translation address '10.22.87.7'
set nat destination rule 13 description 'Port Forward Home Assistant'
set nat destination rule 13 destination port '8123'
set nat destination rule 13 inbound-interface 'eth0'
set nat destination rule 13 protocol 'tcp'
set nat destination rule 13 translation address '10.22.87.143'
set nat destination rule 14 description 'NAT Reflection: Xpenology Inside'
set nat destination rule 14 destination port '5000'
set nat destination rule 14 inbound-interface 'eth1'
set nat destination rule 14 protocol 'tcp'
set nat destination rule 14 translation address '10.22.87.14'
set nat destination rule 15 description 'Plex Nvidia Shield'
set nat destination rule 15 destination port '32400'
set nat destination rule 15 inbound-interface 'eth0'
set nat destination rule 15 protocol 'tcp'
set nat destination rule 15 translation address '10.22.87.115'
set nat source rule 10 destination address '192.168.0.0/24'
set nat source rule 10 exclude
set nat source rule 10 outbound-interface 'eth0'
set nat source rule 10 source address '10.22.87.0/24'
set nat source rule 110 outbound-interface 'eth0'
set nat source rule 110 source address '10.80.1.0/24'
set nat source rule 110 translation address 'masquerade'
set nat source rule 120 destination address '10.22.87.0/24'
set nat source rule 120 outbound-interface 'eth1'
set nat source rule 120 protocol 'tcp'
set nat source rule 120 source address '10.22.87.0/24'
set nat source rule 120 translation address 'masquerade'
set nat source rule 5010 outbound-interface 'eth0'
set nat source rule 5010 translation address 'masquerade'
set protocols static route 172.17.0.0/16 next-hop 10.22.87.14 distance '1'
set service dns dynamic interface eth0 service afraid host-name '
*'
set service dns dynamic interface eth0 service afraid login '
'
set service dns dynamic interface eth0 service afraid password '
'
set service https virtual-host vhost0 listen-address '10.22.87.1'
set service lldp interface all
set service lldp interface eth1
set service lldp legacy-protocols cdp
set service lldp management-address '10.22.87.1'
set service lldp snmp enable
set service router-advert interface eth1 prefix ::/64 valid-lifetime '2592000'
set service snmp community
** authorization 'rw'
set service snmp community
* network '10.22.87.0/24'
set service snmp contact '*'
set service snmp location '
*'
set service snmp trap-target 10.22.87.8
set service snmp trap-target 10.22.87.15 community '
'
set service ssh ciphers 'aes256-ctr'
set service ssh ciphers 'aes128-ctr'
set service ssh ciphers 'aes256-gcm@openssh.com'
set service ssh ciphers 'aes128-gcm@openssh.com'
set service ssh key-exchange 'diffie-hellman-group14-sha256'
set service ssh key-exchange 'diffie-hellman-group16-sha512'
set service ssh key-exchange 'diffie-hellman-group18-sha512'
set service ssh key-exchange 'diffie-hellman-group-exchange-sha256'
set service ssh port '22'
set system config-management commit-revisions '20'
set system host-name 'vyos'
set system login user mlaney authentication encrypted-password '
**'
set system login user mlaney authentication plaintext-password ''
set system login user mlaney full-name 'Me'
set system name-server '1.1.1.1'
set system name-servers-dhcp 'eth0'
set system ntp allow-clients address '10.22.87.0/24'
set system ntp server 0.pool.ntp.org
set system ntp server 1.pool.ntp.org
set system ntp server 2.pool.ntp.org
set system syslog global facility all level 'notice'
set system syslog global facility protocols level 'debug'
set system time-zone 'America/New_York'
set traffic-policy shaper lanshaper bandwidth '230mbit'
set traffic-policy shaper lanshaper class 2 bandwidth '30%'
set traffic-policy shaper lanshaper class 2 burst '2kb'
set traffic-policy shaper lanshaper class 2 ceiling '100%'
set traffic-policy shaper lanshaper class 2 description 'syn ack bufferbloat'
set traffic-policy shaper lanshaper class 2 match tiny4 ip tcp ack
set traffic-policy shaper lanshaper class 2 match tiny4 ip tcp syn
set traffic-policy shaper lanshaper class 2 match tiny6 ipv6 tcp ack
set traffic-policy shaper lanshaper class 2 match tiny6 ipv6 tcp syn
set traffic-policy shaper lanshaper class 2 queue-type 'fq-codel'
set traffic-policy shaper lanshaper class 10 bandwidth '15%'
set traffic-policy shaper lanshaper class 10 burst '2kb'
set traffic-policy shaper lanshaper class 10 ceiling '100%'
set traffic-policy shaper lanshaper class 10 description 'voip rtp traffic'
set traffic-policy shaper lanshaper class 10 match voip-rtp ip dscp '46'
set traffic-policy shaper lanshaper class 10 queue-type 'fq-codel'
set traffic-policy shaper lanshaper class 20 bandwidth '5%'
set traffic-policy shaper lanshaper class 20 burst '2kb'
set traffic-policy shaper lanshaper class 20 ceiling '100%'
set traffic-policy shaper lanshaper class 20 description 'voip sip traffic'
set traffic-policy shaper lanshaper class 20 match voip-sip ip dscp '24'
set traffic-policy shaper lanshaper class 20 queue-type 'fq-codel'
set traffic-policy shaper lanshaper default bandwidth '50%'
set traffic-policy shaper lanshaper default burst '2kb'
set traffic-policy shaper lanshaper default ceiling '100%'
set traffic-policy shaper lanshaper default queue-type 'fq-codel'
set traffic-policy shaper lanshaper description 'lan output policy'
set traffic-policy shaper wanshaper bandwidth '12mbit'
set traffic-policy shaper wanshaper class 2 bandwidth '30%'
set traffic-policy shaper wanshaper class 2 burst '2kb'
set traffic-policy shaper wanshaper class 2 ceiling '100%'
set traffic-policy shaper wanshaper class 2 description 'syn ack bufferbloat'
set traffic-policy shaper wanshaper class 2 match tiny4 ip tcp ack
set traffic-policy shaper wanshaper class 2 match tiny4 ip tcp syn
set traffic-policy shaper wanshaper class 2 match tiny6 ipv6 tcp ack
set traffic-policy shaper wanshaper class 2 match tiny6 ipv6 tcp syn
set traffic-policy shaper wanshaper class 2 queue-type 'fq-codel'
set traffic-policy shaper wanshaper class 10 bandwidth '15%'
set traffic-policy shaper wanshaper class 10 burst '2kb'
set traffic-policy shaper wanshaper class 10 ceiling '100%'
set traffic-policy shaper wanshaper class 10 description 'voip rtp traffic'
set traffic-policy shaper wanshaper class 10 match att-wifi-calling1 ip destination address '166.216.153.132/32'
set traffic-policy shaper wanshaper class 10 match att-wifi-calling2 ip destination address '166.216.150.131/32'
set traffic-policy shaper wanshaper class 10 match att-wifi-calling3 ip destination address '107.225.52.51/32'
set traffic-policy shaper wanshaper class 10 match workvpn3 ip destination address '**'
set traffic-policy shaper wanshaper class 10 match workvpn1 ip destination address '*.*.*.*'
set traffic-policy shaper wanshaper class 10 match work1 ip destination address '*.*.*.*'
set traffic-policy shaper wanshaper class 10 match vnet01 ip destination address '*.*.*.*'
set traffic-policy shaper wanshaper class 10 match vnet02 ip destination address '*.*.*.*'
set traffic-policy shaper wanshaper class 10 match voip-rtp ip dscp '46'
set traffic-policy shaper wanshaper class 10 queue-type 'fq-codel'
set traffic-policy shaper wanshaper class 20 bandwidth '5%'
set traffic-policy shaper wanshaper class 20 burst '2kb'
set traffic-policy shaper wanshaper class 20 ceiling '100%'
set traffic-policy shaper wanshaper class 20 description 'voip sip traffic'
set traffic-policy shaper wanshaper class 20 match voip-sip ip dscp '24'
set traffic-policy shaper wanshaper class 20 queue-type 'fq-codel'
set traffic-policy shaper wanshaper default bandwidth '50%'
set traffic-policy shaper wanshaper default burst '2kb'
set traffic-policy shaper wanshaper default ceiling '100%'
set traffic-policy shaper wanshaper default queue-type 'fq-codel'
set traffic-policy shaper wanshaper description 'wan output policy'
set vpn ipsec esp-group home-esp compression 'disable'
set vpn ipsec esp-group home-esp lifetime '3600'
set vpn ipsec esp-group home-esp mode 'tunnel'
set vpn ipsec esp-group home-esp pfs 'enable'
set vpn ipsec esp-group home-esp proposal 1 encryption 'aes256'
set vpn ipsec esp-group home-esp proposal 1 hash 'sha256'
set vpn ipsec ike-group home-ike close-action 'none'
set vpn ipsec ike-group home-ike dead-peer-detection action 'hold'
set vpn ipsec ike-group home-ike dead-peer-detection interval '120'
set vpn ipsec ike-group home-ike dead-peer-detection timeout '120'
set vpn ipsec ike-group home-ike ikev2-reauth 'no'
set vpn ipsec ike-group home-ike key-exchange 'ikev2'
set vpn ipsec ike-group home-ike lifetime '3600'
set vpn ipsec ike-group home-ike proposal 1 dh-group '21'
set vpn ipsec ike-group home-ike proposal 1 encryption 'aes256'
set vpn ipsec ike-group home-ike proposal 1 hash 'sha256'
set vpn ipsec ipsec-interfaces interface 'eth0'
set vpn ipsec nat-networks allowed-network 0.0.0.0/0
set vpn ipsec site-to-site peer *.*.*.* authentication mode 'pre-shared-secret'
set vpn ipsec site-to-site peer *.*.*.* authentication pre-shared-secret 'mysupersecretpasswored'
set vpn ipsec site-to-site peer *.*.*.* connection-type 'initiate'
set vpn ipsec site-to-site peer *.*.*.* ike-group 'home-ike'
set vpn ipsec site-to-site peer *.*.*.* ikev2-reauth 'inherit'
set vpn ipsec site-to-site peer *.*.*.* local-address '***'
set vpn ipsec site-to-site peer *.*.*.* tunnel 0 allow-nat-networks 'disable'
set vpn ipsec site-to-site peer *.*.*.* tunnel 0 allow-public-networks 'disable'
set vpn ipsec site-to-site peer *.*.*.* tunnel 0 esp-group 'home-esp'
set vpn ipsec site-to-site peer *.*.*.* tunnel 0 local prefix '10.22.87.0/24'
set vpn ipsec site-to-site peer *.*.*.* tunnel 0 remote prefix '192.168.0.0/24'

Wed, Dec 2, 1:28 PM · VyOS 1.3 Equuleus
Dmitry changed the status of T3104: LLDP Traceback error from Open to Confirmed.

Ok, with cisco device and added vif 1 I can reproduce this issue

vyos@vyos# run show lldp neighbors 
Traceback (most recent call last):
  File "/usr/libexec/vyos/op_mode/lldp_op.py", line 121, in <module>
    config_text = tmpl.render(parse_data(neighbors))
  File "/usr/libexec/vyos/op_mode/lldp_op.py", line 50, in parse_data
    for local_if, values in data.items():
AttributeError: 'list' object has no attribute 'items'
Wed, Dec 2, 1:22 PM · VyOS 1.3 Equuleus
Dmitry added a comment to T3104: LLDP Traceback error.

I still can't reproduce this issue.

vyos@vyos:~$ show configuration commands | match lldp
set service lldp interface eth1
set service lldp legacy-protocols cdp
set service lldp management-address '192.168.255.31'
set service lldp snmp enable
vyos@vyos:~$ show lldp neighbors 
Capability Codes: R - Router, B - Bridge, W - Wlan r - Repeater, S - Station
                  D - Docsis, T - Telephone, O - Other
Wed, Dec 2, 12:54 PM · VyOS 1.3 Equuleus
thadrumr added a comment to T3104: LLDP Traceback error.

It looks like the issue is CDP. If I remove the CDP piece of the config then it works.

Wed, Dec 2, 12:53 PM · VyOS 1.3 Equuleus
thadrumr added a comment to T3104: LLDP Traceback error.

I just upgraded to the absolute latest rolling release that came out early this morning and it has the same issue.

Wed, Dec 2, 12:49 PM · VyOS 1.3 Equuleus
jack9603301 added a comment to T3106: 802.11ax support.

As far as I know, you only need to work in the vyos-1x code base

Wed, Dec 2, 12:43 PM · VyOS 1.3 Equuleus
thadrumr added a comment to T3104: LLDP Traceback error.

I just tried the show lldp neighbors again and it doesn't work but sudo lldpcli show neighbors works

Wed, Dec 2, 12:34 PM · VyOS 1.3 Equuleus
thadrumr added a comment to T3104: LLDP Traceback error.

mlaney@vyos:~$ sudo lldpcli show neighbors

LLDP neighbors:

Interface: eth1, via: CDPv2, RID: 1, Time: 0 day, 08:19:01

Chassis:     
  ChassisID:    local Cisco-Sw1.local
  SysName:      Cisco-Sw1.local
  SysDescr:     cisco WS-C2960S-48LPS-L running on
                Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 15.2(2)E9, RELEASE SOFTWARE (fc4)
                Technical Support: http://www.cisco.com/techsupport
                Copyright (c) 1986-2018 by Cisco Systems, Inc.
                Compiled Sat 08-Sep-18 14:56 by prod_rel_team
  MgmtIP:       10.22.87.254
  Capability:   Bridge, on
Port:        
  PortID:       ifname GigabitEthernet1/0/9
  PortDescr:    GigabitEthernet1/0/9
  TTL:          180

Interface: eth1, via: CDPv2, RID: 1, Time: 0 day, 08:18:47

Chassis:     
  ChassisID:    local Cisco-Sw1.local
  SysName:      Cisco-Sw1.local
  SysDescr:     cisco WS-C2960S-48LPS-L running on
                Cisco IOS Software, C2960S Software (C2960S-UNIVERSALK9-M), Version 15.2(2)E9, RELEASE SOFTWARE (fc4)
                Technical Support: http://www.cisco.com/techsupport
                Copyright (c) 1986-2018 by Cisco Systems, Inc.
                Compiled Sat 08-Sep-18 14:56 by prod_rel_team
Wed, Dec 2, 12:33 PM · VyOS 1.3 Equuleus
thadrumr added a comment to T3104: LLDP Traceback error.

Here is my lldp config. ETH0 is WAN ETH1 is lan that is why only eth1 has lldp enabled.

Wed, Dec 2, 12:31 PM · VyOS 1.3 Equuleus
akvadrako created T3106: 802.11ax support.
Wed, Dec 2, 12:31 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T3105: static-host-mapping writing in one line.

maybe it happened after that commit https://github.com/vyos/vyos-1x/commit/c87ad948999c28c3c9449f98d60b545481ea29d5
because it was work in VyOS 1.3-rolling-202011250217

Wed, Dec 2, 11:30 AM · VyOS 1.3 Equuleus
Viacheslav updated the task description for T3105: static-host-mapping writing in one line.
Wed, Dec 2, 10:20 AM · VyOS 1.3 Equuleus
Viacheslav created T3105: static-host-mapping writing in one line.
Wed, Dec 2, 10:18 AM · VyOS 1.3 Equuleus
jack9603301 added a comment to T973: Create Prometheus Exporter for VyOS .

Hi, guys, I found an interesting script in frrouter's github repo. In fact, this is purely because someone wrote a script and submitted the following bug report:

Wed, Dec 2, 9:48 AM · VyOS 1.3 Equuleus
Dmitry added a comment to T3104: LLDP Traceback error.

@thadrumr please provide your lldp configuration. show configuration commands | match lldp
I can't reproduce this issue in lab with the latest rolling. Provide please detailed reproducing steps, also will be helpful to get an output

sudo lldpcli show neighbors
Wed, Dec 2, 7:20 AM · VyOS 1.3 Equuleus
runar added a comment to T3096: Add a build option to disallow live CD boot.

Does this mean to to disallow installing the syslinux bootloader to the iso by default? The reason for asking is the arm builds we try to make, as syslinux is incompatible with arm, and a iso cant be generated for such a system as it tries to install syslinux when building the image.

Wed, Dec 2, 5:59 AM · VyOS 1.3 Equuleus
jack9603301 added a comment to T3096: Add a build option to disallow live CD boot.

LiveCD is usually only used for temporary testing and installation, isn't it? Will using this restriction cause the normal use of livecd to become troublesome?

Wed, Dec 2, 5:17 AM · VyOS 1.3 Equuleus
thadrumr created T3104: LLDP Traceback error.
Wed, Dec 2, 4:17 AM · VyOS 1.3 Equuleus
Asteroza added a comment to T3096: Add a build option to disallow live CD boot.

I think the intention here is by default build with no liveCD support, and use the flag to explicitly build liveCD images when needed. The justification is if an image is cloud type image, there are certain security assumptions about the live network the image is connected to (because many cloud providers provision an image via information over specific link local addresses). If you boot a physical PC with a cloud ISO, you run the risk of exposing cloud-init to the local network, which would allow trivial takeover.

Wed, Dec 2, 2:40 AM · VyOS 1.3 Equuleus

Yesterday

runar created T3103: Rewrite parts of vyos\frr.py for readability, logging and to fix mulitiline regex "bugs".
Tue, Dec 1, 11:13 PM
c-po closed T3102: Destination NAT fails to commit as Resolved.
Tue, Dec 1, 10:04 PM · VyOS 1.3 Equuleus
c-po added a comment to T3102: Destination NAT fails to commit.
table ip nat {
        chain PREROUTING {
                type nat hook prerouting priority dstnat; policy accept;
                iifname "eth1" tcp dport { 22 } counter packets 0 bytes 0 dnat to 192.168.1.4 comment "DST-NAT-100"
        }
}
Tue, Dec 1, 10:03 PM · VyOS 1.3 Equuleus
c-po added a comment to T3102: Destination NAT fails to commit.

Thank you @Dmitry, it will be in tomorrows rolling release.

Tue, Dec 1, 9:59 PM · VyOS 1.3 Equuleus
c-po changed the status of T3102: Destination NAT fails to commit from In progress to Needs testing.
Tue, Dec 1, 9:58 PM · VyOS 1.3 Equuleus
Dmitry assigned T3102: Destination NAT fails to commit to c-po.
Tue, Dec 1, 8:55 PM · VyOS 1.3 Equuleus
Dmitry changed the status of T3102: Destination NAT fails to commit from Open to In progress.

PR https://github.com/vyos/vyos-1x/pull/628

Tue, Dec 1, 8:55 PM · VyOS 1.3 Equuleus
arfbarky created T3102: Destination NAT fails to commit.
Tue, Dec 1, 8:43 PM · VyOS 1.3 Equuleus
Viacheslav changed the status of T3093: Add xml for vpn ipsec, a subtask of T2816: Rewrite IPsec scripts with the new XML/Python approach, from Open to Needs testing.
Tue, Dec 1, 5:26 PM · VyOS 1.3 Equuleus
Viacheslav changed the status of T3093: Add xml for vpn ipsec from Open to Needs testing.
Tue, Dec 1, 5:26 PM · VyOS 1.3 Equuleus
syncer renamed T3099: invalid from How to attract Zero cost Microsoft Office? to invalid.
Tue, Dec 1, 5:24 PM · Rejected
jack9603301 added a comment to T3096: Add a build option to disallow live CD boot.

I am a little confused. What is the specific function of the --allow-cd-boot compilation parameter that this task hopes to add? Forgive me for not seeming to understand!

Tue, Dec 1, 3:39 PM · VyOS 1.3 Equuleus
c-po added a subtask for T3100: Migrate DHCP server to get_config_dict(): T2562: VyOS can't be used as a DHCP server for a DHCP relay.
Tue, Dec 1, 3:07 PM · VyOS 1.3 Equuleus
c-po added a parent task for T2562: VyOS can't be used as a DHCP server for a DHCP relay: T3100: Migrate DHCP server to get_config_dict().
Tue, Dec 1, 3:07 PM · VyOS 1.3 Equuleus
c-po merged T3101: Support configuration of DHCP scopes even when there is no locally attached subnet into T2562: VyOS can't be used as a DHCP server for a DHCP relay.
Tue, Dec 1, 3:07 PM · VyOS 1.3 Equuleus
c-po merged task T3101: Support configuration of DHCP scopes even when there is no locally attached subnet into T2562: VyOS can't be used as a DHCP server for a DHCP relay.
Tue, Dec 1, 3:07 PM · VyOS 1.3 Equuleus
c-po created T3101: Support configuration of DHCP scopes even when there is no locally attached subnet.
Tue, Dec 1, 3:05 PM · VyOS 1.3 Equuleus
c-po changed the status of T3100: Migrate DHCP server to get_config_dict() from Open to In progress.
Tue, Dec 1, 3:05 PM · VyOS 1.3 Equuleus
c-po created T3100: Migrate DHCP server to get_config_dict().
Tue, Dec 1, 3:04 PM · VyOS 1.3 Equuleus
jhonmaccuine created T3099: invalid.
Tue, Dec 1, 2:40 PM · Rejected
c-po closed T3094: Can not specify multiple deny ports in FW rule as Resolved.
Tue, Dec 1, 2:29 PM · VyOS 1.2 Crux (VyOS 1.2.7), VyOS 1.3 Equuleus
c-po closed T2713: VyOS must not change permissions on files in /config/auth as Resolved.
Tue, Dec 1, 1:22 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T1316: Support for IS-IS .

Perhaps replace config (from_re "interface") delete also and route-maps/prefix-lists from FRR configuration.
https://github.com/vyos/vyos-1x/blob/current/src/conf_mode/protocols_isis.py#L121

Tue, Dec 1, 10:47 AM · VyOS 1.3 Equuleus
Opacha triaged T3098: Cannot talk to rtnetlink: Message too long Command failed -:1 as Normal priority.
Tue, Dec 1, 10:36 AM
Opacha created T3097: Cannot talk to rtnetlink: Message too long Command failed -:1.
Tue, Dec 1, 10:32 AM
Viacheslav added a comment to T2713: VyOS must not change permissions on files in /config/auth.

Before update

Tue, Dec 1, 8:28 AM · VyOS 1.3 Equuleus
dmbaturin created T3096: Add a build option to disallow live CD boot.
Tue, Dec 1, 7:48 AM · VyOS 1.3 Equuleus

Mon, Nov 30

c-po added a comment to T3094: Can not specify multiple deny ports in FW rule.

Ah, thanks for the clarification.

Mon, Nov 30, 6:29 PM · VyOS 1.2 Crux (VyOS 1.2.7), VyOS 1.3 Equuleus
Viacheslav added a comment to T3094: Can not specify multiple deny ports in FW rule.

@c-po It's mean all NOT ports. If you want to drop not 22,23,24,25

Mon, Nov 30, 6:28 PM · VyOS 1.2 Crux (VyOS 1.2.7), VyOS 1.3 Equuleus
Cheeze_It added a comment to T1316: Support for IS-IS .

This will be on my list to test here in a little bit. I'm almost done with stuff relating to LDP.

Mon, Nov 30, 5:03 PM · VyOS 1.3 Equuleus
Viacheslav closed T3091: Add "tag" for static route as Resolved.
Mon, Nov 30, 3:30 PM · VyOS 1.3 Equuleus
Dmitry closed T1207: DMVPN behind NAT as Resolved.

PR with changed types in docs https://github.com/vyos/vyos-documentation/pull/380
ESP transport mode works properly on Cisco Router and VyOS routers together.

Mon, Nov 30, 2:28 PM · VyOS 1.3 Equuleus
Viacheslav changed the status of T1316: Support for IS-IS from Open to Needs testing.
Mon, Nov 30, 11:03 AM · VyOS 1.3 Equuleus
Viacheslav added a comment to T3093: Add xml for vpn ipsec.

PR https://github.com/vyos/vyos-1x/pull/626

Mon, Nov 30, 9:03 AM · VyOS 1.3 Equuleus
Dmitry changed the status of T1207: DMVPN behind NAT from Open to In progress.

DMVPN Spokes works properly behind a NAT if we use transport mode instead of tunnel. e.g.

set vpn ipsec esp-group ESP-HUB mode transport

So I think we need to add this info to docs.vyos.io and close this Feature Request

Mon, Nov 30, 7:27 AM · VyOS 1.3 Equuleus

Sun, Nov 29

Cheeze_It added a comment to T915: MPLS Support.

Put in a new PR to enable ethernet sub interface MPLS enablement. I screwed up the first one...but here's hoping this one is good.

Sun, Nov 29, 9:17 PM · VyOS 1.3 Equuleus
c-po renamed T3095: Migrate dhcp-relay and dhcpv6-relay to get_config_dict() from Migrate dhcp-relay to get_config_dict() to Migrate dhcp-relay and dhcpv6-relay to get_config_dict().
Sun, Nov 29, 6:48 PM · VyOS 1.3 Equuleus
c-po added a comment to T2297: NTP add support for pool configuration.

See documentation https://docs.vyos.io/en/latest/system/ntp.html, support will be in next rolling release

Sun, Nov 29, 12:50 PM · VyOS 1.3 Equuleus
c-po renamed T2297: NTP add support for pool configuration from ntp configuration to NTP add support for pool configuration.
Sun, Nov 29, 12:31 PM · VyOS 1.3 Equuleus
c-po closed T3095: Migrate dhcp-relay and dhcpv6-relay to get_config_dict() as Resolved.
Sun, Nov 29, 11:31 AM · VyOS 1.3 Equuleus
c-po triaged T3095: Migrate dhcp-relay and dhcpv6-relay to get_config_dict() as Low priority.
Sun, Nov 29, 10:52 AM · VyOS 1.3 Equuleus
c-po changed the status of T3095: Migrate dhcp-relay and dhcpv6-relay to get_config_dict() from Open to In progress.
Sun, Nov 29, 10:52 AM · VyOS 1.3 Equuleus
c-po created T3095: Migrate dhcp-relay and dhcpv6-relay to get_config_dict().
Sun, Nov 29, 10:51 AM · VyOS 1.3 Equuleus
c-po added a project to T3094: Can not specify multiple deny ports in FW rule: VyOS 1.2 Crux (VyOS 1.2.7).
Sun, Nov 29, 9:56 AM · VyOS 1.2 Crux (VyOS 1.2.7), VyOS 1.3 Equuleus
c-po created T3094: Can not specify multiple deny ports in FW rule.
Sun, Nov 29, 9:56 AM · VyOS 1.2 Crux (VyOS 1.2.7), VyOS 1.3 Equuleus
Viacheslav claimed T3093: Add xml for vpn ipsec.
Sun, Nov 29, 9:30 AM · VyOS 1.3 Equuleus
Viacheslav created T3093: Add xml for vpn ipsec.
Sun, Nov 29, 9:30 AM · VyOS 1.3 Equuleus
c-po added a comment to T2947: Nat translation many-many with prefix does not map 1-1..

Even on Kernel 5.4 this is not supported.

Sun, Nov 29, 7:32 AM · VyOS 1.3 Equuleus

Sat, Nov 28

c-po closed T3092: nat: migrate to get_config_dict() as Resolved.
Sat, Nov 28, 8:56 PM · VyOS 1.3 Equuleus
c-po added a comment to T2947: Nat translation many-many with prefix does not map 1-1..

The command works on the experimental Kernel 5.9.9 VyOS ISO, but not using a 4.19 series Kernel. looks like it's not yet supported in nftables.

Sat, Nov 28, 8:55 PM · VyOS 1.3 Equuleus
c-po added a comment to T2947: Nat translation many-many with prefix does not map 1-1..

We actually need this:
http://git.nftables.org/nftables/commit/?id=35a6b10c1bc488ca195e9c641563c29251f725f3

Sat, Nov 28, 8:07 PM · VyOS 1.3 Equuleus
c-po changed the status of T3092: nat: migrate to get_config_dict() from Open to In progress.
Sat, Nov 28, 7:03 PM · VyOS 1.3 Equuleus
c-po added a subtask for T3092: nat: migrate to get_config_dict(): T2947: Nat translation many-many with prefix does not map 1-1..
Sat, Nov 28, 7:03 PM · VyOS 1.3 Equuleus
c-po added a parent task for T2947: Nat translation many-many with prefix does not map 1-1.: T3092: nat: migrate to get_config_dict().
Sat, Nov 28, 7:03 PM · VyOS 1.3 Equuleus
c-po created T3092: nat: migrate to get_config_dict().
Sat, Nov 28, 7:03 PM · VyOS 1.3 Equuleus
Viacheslav changed the status of T3091: Add "tag" for static route from Open to Needs testing.
Sat, Nov 28, 4:41 PM · VyOS 1.3 Equuleus
Viacheslav closed T2890: NAT error adding translation address range as Resolved.

Fixed.

Sat, Nov 28, 4:39 PM · VyOS 1.3 Equuleus
Viacheslav closed T2539: Issues with parsing ip range for source nat translation address as Resolved.

Fixed

set nat source rule 1000 outbound-interface 'eth1'
set nat source rule 1000 source address '203.0.113.1-203.0.113.4'
set nat source rule 1000 translation address '10.0.0.1-10.0.0.4'
vyos@r5# commit
[ nat ]
Warning: IP address 10.0.0.1 does not exist on the system!
Warning: IP address 10.0.0.4 does not exist on the system!
Sat, Nov 28, 4:37 PM · VyConf
Viacheslav changed the status of T3020: The "scp" example is wrong in the bash-completion for "set system config-management commit-archive location" from In progress to Needs testing.
Sat, Nov 28, 4:20 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T3091: Add "tag" for static route.

PR https://github.com/vyos/vyatta-cfg-quagga/pull/57

Sat, Nov 28, 4:16 PM · VyOS 1.3 Equuleus
Viacheslav updated the task description for T3091: Add "tag" for static route.
Sat, Nov 28, 4:03 PM · VyOS 1.3 Equuleus
Viacheslav updated the task description for T3091: Add "tag" for static route.
Sat, Nov 28, 3:07 PM · VyOS 1.3 Equuleus
Viacheslav created T3091: Add "tag" for static route.
Sat, Nov 28, 2:37 PM · VyOS 1.3 Equuleus
c-po claimed T2947: Nat translation many-many with prefix does not map 1-1..
Sat, Nov 28, 2:28 PM · VyOS 1.3 Equuleus
Viacheslav created T3090: Move 'adjust-mss' firewall options to the interface section..
Sat, Nov 28, 2:16 PM · VyOS 1.3 Equuleus
Viacheslav closed T2868: Tcp-mss option in policy calls kernel-panic as Resolved.
Sat, Nov 28, 1:14 PM · VyOS 1.3 Equuleus
Viacheslav added a comment to T2713: VyOS must not change permissions on files in /config/auth.

@jjakob can you check the latest rolling?

Sat, Nov 28, 10:41 AM · VyOS 1.3 Equuleus
jack9603301 updated the task description for T3089: Migrate port mirroring to vyos-1x and support two-way traffic mirroring.
Sat, Nov 28, 10:36 AM · VyOS 1.3 Equuleus
jack9603301 updated the task description for T3089: Migrate port mirroring to vyos-1x and support two-way traffic mirroring.
Sat, Nov 28, 10:32 AM · VyOS 1.3 Equuleus
jack9603301 added a comment to T3089: Migrate port mirroring to vyos-1x and support two-way traffic mirroring.

https://github.com/vyos/vyatta-cfg-qos/pull/8
https://github.com/vyos/vyos-1x/pull/621

Sat, Nov 28, 9:57 AM · VyOS 1.3 Equuleus
jack9603301 updated the task description for T3089: Migrate port mirroring to vyos-1x and support two-way traffic mirroring.
Sat, Nov 28, 8:23 AM · VyOS 1.3 Equuleus
jack9603301 updated the task description for T3030: Support ERSPAN Tunnel Protocol.
Sat, Nov 28, 8:23 AM · VyOS 1.3 Equuleus
jack9603301 renamed T3030: Support ERSPAN Tunnel Protocol from Support ERSPAN port mirroring to Support ERSPAN Tunnel Protocol.
Sat, Nov 28, 8:22 AM · VyOS 1.3 Equuleus
jack9603301 changed the subtype of T3089: Migrate port mirroring to vyos-1x and support two-way traffic mirroring from "Task" to "Feature Request".
Sat, Nov 28, 4:38 AM · VyOS 1.3 Equuleus

Fri, Nov 27

c-po changed the status of T2947: Nat translation many-many with prefix does not map 1-1. from Open to Confirmed.
Fri, Nov 27, 9:31 PM · VyOS 1.3 Equuleus
c-po added a comment to T2947: Nat translation many-many with prefix does not map 1-1..

The root cause here is that there is yet no nftables map support in our template.

Fri, Nov 27, 9:30 PM · VyOS 1.3 Equuleus
ossicoinc added a comment to T2947: Nat translation many-many with prefix does not map 1-1..

This one is holding us back from some great 1.3 features... would love to get it looked at!

Fri, Nov 27, 7:27 PM · VyOS 1.3 Equuleus
jack9603301 closed T2714: A collection of utilities supporting IPv6 or ipv4 as Resolved.
Fri, Nov 27, 3:29 PM · VyOS 1.3 Equuleus