Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
T_L
Contributor

Port Type Modifications

Good Afternoon - we are setting up a new Maestro install with 2xMHO-175 and 6xGWs (2 Sec Groups) - R81.20SP and we ran into some issues with changing the default MHO port types even though there are numerous configuration guide/ documentation examples indicating that it should be possible, with the exception of the Mgmt port#1 and Sync port #32.

We successfully changed default uplink ports 1/3/1, 1/5/1, and 1/7/1 to downlinks and the SGs are visible in the Orchestrator - but when we try to change default downlink ports to uplinks (1/29/1) we are prompted that it cannot be done *even though the the CLI provides the command option and the port is not being used for anything else.

We found a similar post in the community with an interesting explanation ("maestro port type can't change to uplink"), but it seemed to contradict the config guides/ documentation.  We reached out to TAC for more information and they were only able to reference the same Check Mates post.

Here are a couple of examples:

https://sc1.checkpoint.com/documents/Appliances/GSG_Maestro/EN/Topics/Hardware-Components.htm#PortMa...

https://sc1.checkpoint.com/documents/Appliances/GSG_Maestro/EN/Topics/Connecting-Cables-to-MHO-140.h...

Anyone had a similar issue?  Are all the configuration resources inaccurate?

 

Thanks!

0 Kudos
13 Replies
Wolfgang
Authority
Authority

Beside of the needed port change… it would be interesting to know why you have a requirement to change the port types?

T_L
Contributor

Based on the rack mounted positioning and cabling.

0 Kudos
Wolfgang
Authority
Authority

@T_L  I understand. But based on your mentioned post maestro port type can't change to uplink this is not possible on a MHO-175. 

0 Kudos
T_L
Contributor

What is throwing us off is that the config documentation says it CAN be done.

0 Kudos
Dario_Perez
Employee Employee
Employee

Max uplink is limited to 64 interfaces, you have to define other interface to downlink or management before add new uplink (65)

0 Kudos
T_L
Contributor

If the "interfaces" in GAIA are associated with the physical ports - 4 potential interfaces per port - then the 64 interfaces would equate to 16 ports - (ex. port 6 - eht1-21, eth1-22, eth1-23, eth1-24).  Can the interfaces from a physical downlink port (native 17-31) be re-assigned as uplink?

Or are ALL 64 interfaces locked to the first ports 2-16 (native Uplink)? 

------------------------------------------------------------------

If those 64 interfaces are 'locked' to ports 2-16 (native uplink) - and you are only limited to 64 interfaces - then the downlink ports (17-31 CANNOT be changed at all)

If it IS possible to change some downlink ports to uplink ports as we are reading it - and ports 17-31 are the native downlink ports, which ones can be changed and how?

0 Kudos
Dario_Perez
Employee Employee
Employee

AFAIK the only reserved ports are 31 and 32, rest of them, can be changed. but we have to keep in mind the limitation, if you reach the max of uplinks, first change 1 uplink to downlink, ssm-sync, site-sync, mgmt. in order to change desired one

0 Kudos
T_L
Contributor

Thanks!

We read it the same the same way too - they can be changed - everyone I have asked, engineers and non-engineers, read it that way.

I love your idea about only having a designated number or UL/DL and associated interfaces, and we would need to re-assign from one to give to another...unfortunately, I have three native uplinks assigned as downlink and functioning as expected, so by your rationale i would then be able to utilize three downlinks as uplinks.. but I am still going to play around with it - I am going to reset all ports to default/ disabled - and then I will try wit the uplinks.

TAC is giving us contradictory info - telling us to '...work with the sales teams...' to have all the documentation changed!  But they are also telling us they tested everything on the latest firmware, r81.10.....

0 Kudos
Dario_Perez
Employee Employee
Employee

let me know how is going

0 Kudos
T_L
Contributor

No go as of now. Both MHOs and all SGs were reset to defaults (R81.10sp). Everything had a clean install done (R81.20sp).

Baseline - utilized native downlink ports 17 and 18 to make sure everything was working to begin with - pass. Reset all ports.

Set a half dozen native uplinks (2-8) to downlink - then tried to change any/all the native downlinks (17-31) to uplink - fail. 

Set the half dozen native uplinks (2-8) to admin down - tried swapping any/all native downlinks to uplinks  - fail.

We are going to start the process over again with ATAM and PS even though we know where this is heading.

 

 

 

0 Kudos
T_L
Contributor

It looks like it is 'officical' -- our ATAM contacts confirmed that you CANNOT change ports 17-31 to uplink ports even though the documentation says you can and even though you are presented with the option in the CLI.

Previous notes in the thread/s were on the mark -- the max # of LOGICAL 'interfaces' is 64 - and those 64 ONLY apply to physical ports 2-16. 

0 Kudos
Wolfgang
Authority
Authority

Tagging @Alon_Cohen to ask for a reference from internal.

@T_L it appears sometimes the real world and documentation are not reflecting the same 😁

0 Kudos
T_L
Contributor

That is a polite way to put it...we are leaning more toward the colloquial, bait and switch...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

 
Upcoming Maestro Events