This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Advice on how to implement a 12port ICX7150

Go to solution
JD
New Contributor

‎02-15-2023 11:05 AM

Hello All,

We are currently working on a way to setup a sort of out-of-band management system in our small environment. Basically a mini PC will be connected to the 12port ICX7150 and the 12port will be connected to other ruckus switches in our other sites. The end goal is that if/when a resource in one of the sites isn't responding we can simply get on the mini pc remotely and then get to the site with the the 12port and its connection to that site's switch and subsequently its resources . The topology is akin to a hub and spoke but instead of all devices being connected to one central device we want the 12port ICX7150 to connect to all the sites we have. The problem is I am unsure of how the configuration on the 12port would be and what configuration would be on the switches on our remote sites as I don't want to cause any loops or broadcast storms I was wondering how I may achieve this goal. I appreciate any help or any advice on the matter.

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Mayank
RUCKUS Team Member

‎02-17-2023 01:26 AM

 

Hi JD ,

Thank You For Posting Your Requirement !!!

Let us understand you concern with a diagram first !!

Mayank_1-1676624368279.png

If  you are planning to have  mini pc basically a jump server installed in your infrastructure first .

Then it should be planned in the DMZ zone as mention in the above diagram .

The Firewall should have appropriate policy configuration for this mini server so that only management network should be access from there.

Take SSL VPN connectivity from outside world on your firewall .Initiate a RDP session of your mini pc and start doing your stuff

CONFIGURATION DETAILS ON DMZ SWITCH :

Design A /30 Free Subnet for connectivity to your firewall and dmz switch and assign 1 ip on firewall and other on dmz switch

Configure the management vlan on dmz switch and assign the physical ports to the same vlan.

From each of your infrastructure device take a physical cable and connect its obb port with dmz switch .

Configure the ssh on the switch and default gateway ip as the firewall interface ip

Also assign an acl rule for ssh access so that you can only access via mini pc

CONFIGURATION ON FIREWALL :

Configure the policy from /30 free subnet on port connecting the dmz switch

Create a policy allowing ssl vpn subnet / user to allow mini pc

Create another policy to allow this mini pc to access the required subnet  

Note : Above diagram is just a reference diagram not a complete one.

View solution in original post

6 REPLIES 6

Go to solution
JD
New Contributor
In response to jdryan

‎02-16-2023 12:14 PM

Hello,

Thank you for the reply! Just so I understand correctly, on the 12 port switch (with the SPR firmware) I would need to set a VLAN up (or use default VLAN 1) and then untag the port where the mini pc is connected on that VLAN, setup up a router-interface on that VLAN and an IP for it. The next part is what I'm a little confused by, so then I would tag the ports on the 12port switch with the VLAN that I made and plug the other switches at the other sites to those ports and make sure that the ports on the switch in the other sites are tagged as well on the same VLAN? Am I understanding that correctly? If so, then would I still be able to get to the devices at the remote sites, even with the different IP address and VLAN? Apologies in advance for the intrusive questions.

0 Kudos

Go to solution
Chandini
RUCKUS Team Member

‎02-16-2023 09:42 AM

Adding to the thread . Please check the below quick start up guide for initial steps on working with the switch. I hope this helps. 

Quick start guide : 

https://docs.commscope.com/en-US/bundle/icx-quickstart/page/GUID-C44737B7-9844-47FE-BFCA-04944AF19C9...

Below link has details with accessing support and software details.

https://docs.commscope.com/bundle/icx-quickstart/page/GUID-9E975253-3763-4EB0-A0C4-37D4A0AA2DBA.html

Refer Layer 2 switching guide for all details on vlan config and spanning tree details 

https://docs.commscope.com/bundle/fastiron-08095-l2guide/page/GUID-63824063-904C-4E15-9760-121BCD9BF...

Thanks 

Go to solution
JD
New Contributor
In response to Chandini

‎02-16-2023 12:15 PM

Hi,

Thank you I will definitely give those a try.

0 Kudos

Go to solution
Mayank
RUCKUS Team Member

‎02-17-2023 01:26 AM

 

Hi JD ,

Thank You For Posting Your Requirement !!!

Let us understand you concern with a diagram first !!

Mayank_1-1676624368279.png

If  you are planning to have  mini pc basically a jump server installed in your infrastructure first .

Then it should be planned in the DMZ zone as mention in the above diagram .

The Firewall should have appropriate policy configuration for this mini server so that only management network should be access from there.

Take SSL VPN connectivity from outside world on your firewall .Initiate a RDP session of your mini pc and start doing your stuff

CONFIGURATION DETAILS ON DMZ SWITCH :

Design A /30 Free Subnet for connectivity to your firewall and dmz switch and assign 1 ip on firewall and other on dmz switch

Configure the management vlan on dmz switch and assign the physical ports to the same vlan.

From each of your infrastructure device take a physical cable and connect its obb port with dmz switch .

Configure the ssh on the switch and default gateway ip as the firewall interface ip

Also assign an acl rule for ssh access so that you can only access via mini pc

CONFIGURATION ON FIREWALL :

Configure the policy from /30 free subnet on port connecting the dmz switch

Create a policy allowing ssl vpn subnet / user to allow mini pc

Create another policy to allow this mini pc to access the required subnet  

Note : Above diagram is just a reference diagram not a complete one.

Copyright © 2024 Khoros, LLC