My current setup:
[AttGateway] --> [Asus Router] --> [UDM-Pro (VLANS)] --> [Unifi AP (VLANS)]
My desired setup:
[AttGateway] --> [Asus Router] -LAG-> [ICX7150 (VLANS)] --> [Unifi AP (VLANS)] --> [UDM-Pro (Home lab VLANS)]
I am working on setting up a home lab and would like to move all of my vlans from my UDM pro to the ICX-7150 c12P. I updated the firmware to 8095dT213 with the router image on primary and switch on secondary. I have tried to read through other posts that seem quite similar to my desired setup but am missing something undoubtedly simple.
My asus router is running merlinWRT and will continue to be my firewall/ad blocker/dns(dnscrypt) & ntp server for the foreseeable future. From a telnet session, the 7150 is able to ping the asus router, external addresses (188.8.131.52) and ntp is synced. From a computer connected to 1/1/3 I am getting a ip address from the pool and can ping all 7150 addresses, but cannot connect to the asus router at all.
My last attempt was to change the subnet mask on the asus and match it on VLAN 50 of the icx, which oddly is now preventing me from getting an ip address on system connected to 1/1/3. I am not sure that I need everything below and would really appreciate some help.
After getting past this I would like to setup LAG 1/2/1 to 1/2/2 to the asus router and will use the SPF ports to the UDM-Pro and home lab. Aside from this issue is there any thing that this could not be accomplished?
stack unit 1
module 1 icx7150-c12-poe-port-management-module
module 2 icx7150-2-copper-port-2g-module
module 3 icx7150-2-sfp-plus-port-20g-module
vlan 50 by port
tagged ethe 1/1/3
untagged ethe 1/2/1
router-interface ve 50
vlan 75 name DEFAULT-VLAN by port
vlan 100 by port
tagged ethe 1/2/1
untagged ethe 1/1/3
router-interface ve 100
aaa authentication web-server default local
aaa authentication login default local
console timeout 30
enable aaa console
ip arp learn-gratuitous-arp
ip dhcp-client disable
ip dhcp-server enable
ip dhcp-server pool 100
lease 3 0 0
network 192.168.100.0 255.255.255.0
option 3 ip 192.168.100.1
option 6 ip 192.168.50.1
option 15 ascii ruck100.net
ip forward-protocol udp ntp
ip forward-protocol udp bootps
no ip forward-protocol udp tacacs
no ip forward-protocol udp tftp
ip route 0.0.0.0/0 192.168.50.1
ip router-id 192.168.50.6
username super password .....
manager port-list 987
interface ethernet 1/3/1
interface ethernet 1/3/2
interface ve 50
ip address 192.168.50.5/27
interface ve 100
ip address 192.168.100.1/24
ip helper-address 1 192.168.50.1
no ip ssh key-exchange-method dh-group1-sha1
Solved! Go to Solution.
Thank you for the response, it went through immediately upon adding the static route.
What would be the reason I haven't had to add routes to my Asus router before? Is it NAT?
Are there any benefits to making the Asus aware of the VLANs? Would I be able to enable a feature on the ICX that would allow me to keep the Asus unaware of the VLANs on the ICX?
I understand that the route once added solves the issue in this instance. If the questions below require a separate post please let me know.
Could you please clarify why connecting an ICX in router mode required a route to be added the asus, while a UDM-Pro (with VLANs) or consumer product (Linksys router GLI travel router) did not require the route to be added?
I don't want devices aside from the asus router itself to be able to communicate with any devices on the ICX. Will this require me to configure ACL's on the ICX?
Yes I'm a noob.
Thanks for the help!