cancel
Showing results for 
Search instead for 
Did you mean: 

Add second ICX switch

fernando_fl_rez
New Contributor III
First of all, great product and great community! Thank you!

So today I went out and bought another ICX switch (7150-c12p) and would like to use it on another room. It is running the router image (layer 3)

My core router has two vlans: vlan 30 (users) and vlan 200 (phones).

How would I go if I want to configure this new router to support both vlans.

Here is my try (didn't work btw):

lag test static id 1
ports ethernet 1/2/1 to 1/2/2

vlan 30 name users
untagged ethernet 1/1/1 to 1/1/12
tagged lag 1

vlan 200 name phones
tagged ethernet 1/1/1 to 1/1/12 lag 1

ip route 0.0.0.0/0 192.168.1.1


192.168.1.1 is my gateway.

Am I over complicating things?

Thanks!
14 REPLIES 14

netwizz
Contributor III
Sounds good.

Now, LLDP is not a prioritization protocol but rather a network discovery protocol similar to FDP (Foundry Discovery Protocol) used by the Ruckus/Brocade switches.  It is similar to CDP, which is Cisco Discovery Protocol.

For prioritization, you usually use QoS.  Typically, this is done on the router itself as it hands-off to the provider and they prioritize the traffic back to you.  The prioritization queue expedites packets that match a classification reducing latency, and it also provides a bandwidth reservation/guarantee.


What you normally do within a network is flag or mark the traffic as close to the source as possible.  Most phones set the DSCP field to EF (46) for Expedited Forwarding.  This is a Lyer-3 field in the packet that other devices can read and classify the traffic into QoS queues.


Hope that helps.  What LLDP does is announce the VLAN the phones should use etc.

scott_farrand_f
New Contributor III
If the phone's setting the dscp and/or COS, and if the traffic is tagged, I believe the DSCP and COS tagging are "trusted"... but you may want to specifically enable dscp trust on these ports.

This might be meaningful to take the time to read... http://www.netadmin.us/docs/IP_Phone_Port_Configuration.pdf

Also, I believe this is a good thing to configure as well.

qos mechanism mixed-sp-wrr

fernando_fl_rez
New Contributor III
After some testing I found out that this is actually not solved.

Could someone please give me some guidance on how to connect two switches (one as a core and the other one as an access switch)? Can both be on router mode?

Thank you!

netwizz
Contributor III
While you can run routing processes wherever you want and on as many devices as you would like, any given subnet originates from one device where it is a "directly connected" network.  A device that performs routing we refer to as a Layer-3 device (referencing the OSI model for the layers).  Another term I commonly see is multi-layer switching, and that term seems to be predominant with Cisco.

That said, any specific Layer-3 device knows only about its "directly-connected" networks.  That is to say if there were two (2) directly connected networks (subnets) and it saw a packet (the PDU for Layer-3 is "packet" - it has the To/From IP addresses), the layer-3 device recognizes the packet belongs to a different directly-connected network it has, and that device will route the packet.

However, there is a problem where any given device knows only about its own directly-connected networks.  It is unaware how to get to networks that are directly-connected on other devices.  For this, you build routing tables via simple static route entries or you use a dynamic routing protocol, typically an IGP to dynamically create and update these routing tables.  Predominantly, the most popular ones are OSPF (multi-vendor) and EIGRP (Cisco proprietary). 


When you connect Layer-3 devices, you MUST connect them on a shared subnet.

For example, if you have two (2) routers each with the following networks:

192.168.1.0/24

172.16.0.0/16

and the next one

172.16.0.0/16

10.0.0.0/8


The first layer-3 device has no idea how to get to 10.0.0.0/8 and the second layer-3 device has know idea how to get to 192.168.1.0/24.

You would connect them on the shared subnet they both know how to get to, the 172.16.0.0/16, and they would each get a unique IP in that network.

For example:  172.16.0.1 and 172.16.0.2 could be used.

Then if you were to enter a static route you could describe how to get to the network you don't have via a network you do have.

For example (172.16.0.1 would be the IP on R1, and 172.16.0.2 is the IP on R2):

R2:  ip route 192.168.1.0 255.255.255.0 172.16.0.1

R1:  ip route 10.0.0.0 255.0.0.0 172.16.0.2

*************
*************


Now you asked, "Could someone please give me some guidance on how to connect two switches (one as a core and the other one as an access switch)?"


Here is an example:



************

hostname Access


vlan 10 name Data by port
   untagged ethe 1/1/1 to 1/1/24
   tagged ethe 1/2/1
!

vlan 20 name Voice by port
   tagged ethe 1/1/1 to 1/1/24 ethe 1/2/1
!


interface ethernet 1/1/1
trust-dscp
inline-power
!



lldp run
cdp run
fdp run

lldp med network-policy application voice tagged vlan 20 priority 5 dscp 46 ports ethe 1/1/1 to 1/1/24



****************

hostname Core


vlan 10 name Data by port
   tagged ethe 1/2/1
   router interface ve 10
!

vlan 20 name Voice by port
   tagged  ethe 1/2/1
   router interface ve 20
!

vlan 100 name WAN by port
  untagged ethe 1/2/2
  router ve 100
!

ip route 0.0.0.0/0 10.123.1.1

lldp run
cdp run
fdp run

interface ve 10
 port-name Data Network Default-Gateway
 ip address 10.0.0.1 255.255.0.0
 ip helper-address 1 10.1.2.3
!

interface ve 20
port-name Voice Network Default-Gateway
 ip address 192.168.1.1 255.255.255.0
 ip helper-address 1 10.1.2.3
!

interface ve 100
 port-name to WAN router or Internet Firewall
 ip add 10.123.1.2 255.255.255.252
!

****************

Explanation of the examples above:

The Access switch is a Layer-2 device or a Layer-3 device with no directly-connected networks configured.  At any rate, you just connect the shared VLANs as trunk links (tagged).


In the above example an access switch (Layer-2) is connected to a core switch (Layer-3).  There are two VL AN 10 for Data and 20 for Voice.  Both devices are connected via port 1/2/1, which is a trunk using 802.1q to carry both "tagged" VLANS through the one, shared cable.


The access switch does NOT do any routing whatsoever, but it trusts DSCP and has inline-power enabled even though that wouldn't be shown in 08.0.80x firmware, which is what you used above, so it is with respect to this I make the configuration..  For any older firmware, you would use "dual-mode 10" on each interface to configure the Native VLAN.


We have all the discovery protocols on for the phones, which we are configuring to pick-up VLAN 20 automatically via lldp-med.


The Core does ALL of the routing via some SVIs (software virtual interfaces) known as VE's on Brocade/Ruckus/Foundry.  These would be "interface vlan 123" if you ever come across Cisco.  At any rate, they are configured with the subnet, so we have a 10.0.0.0/16 subnet to carry data, and a 192.168.100.0/24 subnet to carry Voice.


The core is forwarding DHCP requests to your DHCP server 10.1.2.3, which is presumably somewhere else in your WAN or your router wherever.  On the Core, I added VLAN 100 for routing, and made it untagged 1/2/2 for its uplink to your router, an Internet firewall, a WAN, something...

At any rate... the IP route statement sets the route of last resort to point to the other side of that WAN link (or your router).  Pretty much for anything not directly connected it just forwards it along.  Presumably, this next device knows how to get to your DHCP server 10.1.2.3 because I don't have that off of the core though you certainly could do that.  😉



*************

You asked: "Can both be on router mode?" ???

Each subnet should be created on only one(1) device that does the routing.  While you could put one of the VE's on one device and the other subnet on the VE of the other device, it would just become a mess because now you would need a shared subnet between the two devices for routing and routing tables constructed somehow, so each device knows how to find each respective subnet.

In the real-world, this is usually done with an aggregation-layer (or distribution-layer) added between the edge and the core.  From the aggregation-layer switch is often located at a site off of a WAN circuit and you would generally trunk your VLANS to the edge switches in the wiring closets, which would then have access-ports to the computers or more likely it would carry both Data and Voice by presenting a Native VLAN (no 802.1q tag) and Voice VLAN available by placing an 802.1q tag on the ethernet frames (frames are the PDU for layer-2 - they have MAC addresses instead of IP addresses though they encapsulate the Layer-3 packets within).  The aggregation-switch would have the VEs for the subnets available at that site or area because these would be directly connected networks, and it would have a point-to-point link typically a /30 back to the core.  This is where you would probably run OSPF (or similar) such that the aggregation-layer switch would announce its directly-connected networks to the core.


In your small network, I strongly recommend ALL subnets are created as being directly-connected to your Core, which has its VLANs stretched directly to the access switches that are simple, layer-2 switches.  No need to overcomplicate it.  The example above should work great if you tweak the subnets to the ones you actually use, and you let your router know that the Data and Voice subnets are available via your Core, too.

fernando_fl_rez
New Contributor III
Thank you! Thank you!