We have a Ruckus ICX 7150-48ZP connected a server (eth 1/1/1), and two Cisco switches A and B (eth 1/1/47 and 1/1/48). We want to configure the Ruckus ICX 7150 switch only to achieve following requirements, please advice the configuration of ICX 7150, Thanks in advance!
1. All units ( connected to Cisco switches A and B ) are possible to communicate with the server (eth 1/1/1 of Ruckus)
2. The units of Cisco switch A and Cisco switch B can not communicate
Thanks for any answer, seems the PVLAN can be applied, but unfortunately it required configure two Cisco switch too.
ICX switches have a feature called protected ports. On the ports 1/1/47 and 1/1/48 , configure 'protected-port' under the interface level. That should get you going..
PVLAN on ICX switch is an alternative option. Ports 1/1/47 and 1/1/48 can be placed in isolated VLAN and port 1/1/1 can be placed in primary VLAN. There is no need to configure any additional settings on Cisco switches for PVLAN to work on ICX.
Thanks Ravi, But seems it does not work for both ways.
if configure the ports 1/1/47 and 1/1/48 as 'protected-port' under the interface level, all units connected to Cisco switches also can communicate.
if using the PVLAN, errdisable on the port 1/1/47 and 1/1/48...
ICX7150-48ZP Switch(config-vlan-100)#Jan 8 22:25:31 STP: Received BPDU on secondary vlan member Port 1/1/29 (vlan=10), errdisable Port 1/1/47 Jan 8 22:25:48 STP: Received BPDU on secondary vlan member Port 1/1/16 (vlan=10), errdisable Port 1/1/48
On the Ruckus side, you would use tagged ports like:
vlan 7 name Data by port tagged ethe 1/1/47 to 1/1/48 ! vlan 19 name Something by port tagged ethe 1/1/47 to 1/1/48 untagged ethe 1/1/1 !
You get the idea. Face the tagged at the Cisco Trunk. In this case, we setup VLAN 7 and 19 to communicate to two different Cisco switches which both send VLAN 7 and 19 on their trunk. Hence one Cisco on 47 and one on 48.
Obviously, I am making an assumption the server is in only one VLAN. It would be connected to a Cisco access port or a Ruckus untagged port - same thing... different terminology. What you cannot do is have an untagged or an access port a member of more than one VLAN.