I am working on setting up a home lab and would like to move all of my vlans from my UDM pro to the ICX-7150 c12P. I updated the firmware to 8095dT213 with the router image on primary and switch on secondary. I have tried to read through other posts that seem quite similar to my desired setup but am missing something undoubtedly simple.
My asus router is running merlinWRT and will continue to be my firewall/ad blocker/dns(dnscrypt) & ntp server for the foreseeable future. From a telnet session, the 7150 is able to ping the asus router, external addresses (126.96.36.199) and ntp is synced. From a computer connected to 1/1/3 I am getting a ip address from the pool and can ping all 7150 addresses, but cannot connect to the asus router at all.
My last attempt was to change the subnet mask on the asus and match it on VLAN 50 of the icx, which oddly is now preventing me from getting an ip address on system connected to 1/1/3. I am not sure that I need everything below and would really appreciate some help.
After getting past this I would like to setup LAG 1/2/1 to 1/2/2 to the asus router and will use the SPF ports to the UDM-Pro and home lab. Aside from this issue is there any thing that this could not be accomplished?
Current configuration: ! ver 08.0.95dT213 ! stack unit 1 module 1 icx7150-c12-poe-port-management-module module 2 icx7150-2-copper-port-2g-module module 3 icx7150-2-sfp-plus-port-20g-module ! global-stp ! default-vlan-id 75 ! vlan 50 by port tagged ethe 1/1/3 untagged ethe 1/2/1 router-interface ve 50 spanning-tree ! vlan 75 name DEFAULT-VLAN by port spanning-tree ! vlan 100 by port tagged ethe 1/2/1 untagged ethe 1/1/3 router-interface ve 100 spanning-tree ! aaa authentication web-server default local aaa authentication login default local console timeout 30 enable aaa console ip arp learn-gratuitous-arp ip dhcp-client disable ip dhcp-server enable ! ip dhcp-server pool 100 excluded-address 192.168.100.2 excluded-address 192.168.100.3 excluded-address 192.168.100.4 excluded-address 192.168.100.5 lease 3 0 0 network 192.168.100.0 255.255.255.0 option 3 ip 192.168.100.1 option 6 ip 192.168.50.1 option 15 ascii ruck100.net ! ip show-subnet-length ip forward-protocol udp ntp ip forward-protocol udp bootps no ip forward-protocol udp tacacs no ip forward-protocol udp tftp ip route 0.0.0.0/0 192.168.50.1 ip router-id 192.168.50.6 ! username super password ..... ! ntp disable serve server 192.168.50.1 ! manager disable ! manager port-list 987 ! router ospf ! interface ethernet 1/3/1 speed-duplex 1000-full ! interface ethernet 1/3/2 speed-duplex 1000-full ! interface ve 50 ip address 192.168.50.5/27 ! interface ve 100 ip address 192.168.100.1/24 ip helper-address 1 192.168.50.1 ! no ip ssh key-exchange-method dh-group1-sha1 ! end
I understand that the route once added solves the issue in this instance. If the questions below require a separate post please let me know.
Could you please clarify why connecting an ICX in router mode required a route to be added the asus, while a UDM-Pro (with VLANs) or consumer product (Linksys router GLI travel router) did not require the route to be added?
I don't want devices aside from the asus router itself to be able to communicate with any devices on the ICX. Will this require me to configure ACL's on the ICX?