CommScope RUCKUS Community Forums

I'm trying to add a second switch below the core which is connected directly to the router.

My current topology is as follows:

router -> core switch (icx 7150-24p)

I would like it to be:

router -> core switch (icx 7150-24p) -> switch 2 (icx 7150-12p)


core switch implements:

vlan 30 name users
untagged ethernet 1/1/1 to 1/1/24
router-interface ve 30

vlan 200 name voip
tagged ethernet 1/1/1 to 1/1/24
router-interface ve 200

lag main static id 1
ports ethernet 1/2/1 to 1/2/2

interface ve 30
ip address 10.0.3.0/24

interface ve 200
ip address 10.0.4.0/24

inteface lag 1
ip address 10.0.0.2/24

ip route 0.0.0.0/0 192.168.1.1


second switch should implement vlan 200 (shared between switched) and an extra vlan 40:

vlan 40
untagged ethernet 1/1/1 to 1/1/12
router-interface ve 40

interface ve 40
ip address 10.0.0.3/24


All vlans should be able to talk between them.

Is this a correct setup? Sorry if this is a stupid question but it's my second week trying to learn this 🙂

Thanks!

If all the VLANS need to go across then your configuration is not correct. You need to match at every point. Not having your full topology definition makes it hard to tell you what to do but here is an example and hopefully that helps.

Corerouter[A]-----[B]coreswitch[C]------[D]accessswitch[E]-------PC

Where:
[A, B, C, D, E] are interfaces in the respective device mentioned.


The connection between PC and accessswitch[E] needs to be untagged (considered access).
The connection between [D]accesswitch and coreswitch[C] needs to be tagged on both sides
The connection between [B]coreswicth and corerouter[A] needs to be tagged

Meaning:

configuration on accessswitch:
vlan 30 
untagged ethernet [E]
tagged ethernet [D]

configuration on coreswitch:
vlan 30 
tagged ethernet [C]
tagged ethernet [B]

configuration on Corerouter (not sure what your core router is so I'm just illustrating):
vlan 30 
tagge ethernet[A]


With the above configuration, PC will be able to send packets to corerouter on VLAN 30. You would repeat the same process for other VLANS. Please watch the video I sent you. There are other ways to accomplish this as well but not knowing your ultimate goal, it would be hard for me to suggest anything.

Good Morning, sir:

On both the 7150-24P and the 7150-C12-PD, I would run the Layer-2 firmware if the routing process is on the router.

Next, I would not create a LAG unless you are using LACP.  From the router I would enable TAGGED or TRUNKING (terminology varies by vendor) and at any rate set it to use 802.1q AKA dot1q for the trucking.  Some vendors implement this as a sub-interface.  That said, you generally need a static lag if going to Brocade/Foundry/Ruckus equipment, and even then I do not know if the router is going to support sub-interfaces over LACP etc. 


At any rate looking at your 7150-24P I see you have it setup with a routing process, and it is hosting several subnets 10.0.3.0/24, 10.0.4.0/24, and 10.0.0.0/24

Please keep in mind this for example won't work because this is a network address or subnet-id; specifically, it is not a usable IP within the range of the subnet - I do not even know that it would actually take this:

interface ve 30
ip address 10.0.3.0/24
!

In contrast this would work and be the most common implementation (most folks start at one):

interface ve 30
ip address 10.0.3.1/24
!

Either way, the switch would insert 10.0.3.0/24 into its routing table as a directly connected network available via SVI of ve 30.


**************

The next issue is this:

inteface lag 1
ip address 10.0.0.2/24

ip route 0.0.0.0/0 192.168.1.1


The Router and the 7150-24P must be physically connected with layer-3 interfaces in the same subnet - they must be within the same layer-2 for any shared link.  It would appear the router is probably within 192.168.1.0/24 (specifically 192.168.1.1) though I cannot see the mask on the router.  Regardless, nothing from 192.168.1.0/24 can communicate with 10.0.0.0/24 when connected on a shared link because there are no routing tables.

Specifically, from your Brocade you would not be able to ping 192.168.1.1 because the router would have to source the ping from 10.0.0.2, which is not in the same subnet.


*********

Next once you get the routing working, the router needs a route back.  Specifically, the router that has the 192.168.1.1/24 assigned to one of its interfaces needs to know that to get to 10.0.0.0/24, 10.0.3.0/24, and 10.0.2.0/24 that it needs to do it via some entry in its routing table to point it at that Ruckus 7150 via an IP in the same network on its physically connected link.  Otherwise that router is just going to drop the traffic.

***********

Next, I presume the router is setup to access the network given its IP configuration looks like a consumer-grade product... that it is unlikely to be an Enterprise WAN router.  Hence, the next question is with regard to NAT translation for Internet sharing.  Specifically, is it translating for other subnets than 192.168.1.0/24??


**********

On the next switch, the 12-port, you implement another VLAN #40.  I am not certain the purpose, but not only that you have a routing process for it there by creating an SVI by defining an IP/mask on that VE interface for it.


Now as far as that 7150-C12-PD is concerned, it is the source of truth and being directly connected 10.0.0.0/24 is available with a metric of 0 (higher priority than even a static route)...


... but you have this same subnet on the 7150-24P on the LAG interface for connectivity to the router.  Yes, you have a different IP


I think the solution here would be to dispose of that VLAN all together and trunk (tag) VLAN 30 from the 7150-24P to the 7150-C12-PD then make all the other ports access ports (untagged) in VLAN 30.


You would also TAG your phones VLAN 200 into the C12 unit the same way and deliver that to the 12 interfaces via TAGGED as well presuming the phones are configured to TAG traffic onto VLAN 200.  Typically, we call this a Voice VLAN in the field because that name stuck.  The untagged VLAN on an interface that is the Native VLAN.  Prior to 08.0.80, Brocade/Ruckus used the dual-mode key-word in configuration to configure native VLANS.  Now you can make any specific interface untagged in only one VLAN and tagged to as many VLANS as you like.


Regardless, these rules exist because any Layer-2 frame can either have an 802.1q field in the header (i.e. tagged) or not, and if it is tagged then that specific frame can belong to only one specific VLAN.  An Interface can read the tag and sort the frame into the proper VLAN for which it is marked, or if no tag is present (untagged) it needs to know what to do with it and can send it to only one VLAN (that is whichever one it is untagged within).  That would be dual-mode with older firmware Ruckus/Brocade/Foundry, and other vendors would refer to this as the Native VLAN.


***********


If these are within the same wiring closet, you may want to stack the units if the reason you have the 24p and the C12 units are to get 36 ports.  It would reduce the overhead of configuration and management.  Realistically, if the router hosts both the Voice and Data, you would probably be better off just TAGGING/TRUNKING all VLANS from the router to the Ruckus units (or logical unit if stacked)... You would likely be better served with the Layer-2 firmware on the Ruckus units leaving the entire routing process on the Router.


Lastly, you may want to look into lldp-med on the Ruckus.  It properly configures the switch to talk to the phones and announce the Voice VLAN and other configuration details via the network discovery protocol LLDP (Link-Layer-Discovery-Protocol).  It actually works with Cisco phones, too... The MED part of the acronym is Media-Endpoint-Detection - it is a supplement of LLDP.


Best of luck, sir


Justin