cancel
Showing results for 
Search instead for 
Did you mean: 

icx 7150 routing

tony_butler_9y6
New Contributor III
Image_ images_messages_5f91c3fe135b77e24790f07f_7e42e015151b89749014b8b8e974665e_RackMultipart2020021311540817o-aa93c19c-9f5b-42e6-ae6d-e9775d4b2618-901360473.png1581624813
Needing a little help here please.  We have an environment with no router, but we do have a layer 3 switch.  Please refer to the diagram; we have a server with IP address 192.168.1.3 connected to Ethernet port 1 of the Brocade Ruckus ICX 7150 switch.  We have a fiber link on port 9 that goes out to a layer 2 switch.  On port 9 we have virtual interfaces for vlan 51 at 10.174.241.99 and vlan 351 at 11.174.246.99.  From the Brocade Ruckus we can ping the Camera at 11.174.246.30, so we are routing traffic as intended from the Brocade through the layer 2 switch (that has tagging) to the camera at 11.174.246.30.  What we need to do is have the server connect from its IP address of 192.168.1.3 to the camera at 11.174.246.30.  What configuration method would work best to achieve this goal?
15 REPLIES 15

netwizz
Contributor III
Good Afternoon:

It is hard to visualize your setup because the masks weren't mentioned, but the 7150 can serve teh same function as a router.  Presumably, you create the router-interface ve interfaces??? and on int ve 51 set an IP within the subnet, and on int ve 351 set an IP within the subnet.

Then presumably, you carried port 9 to the Layer-2 switch, but I presume you used a media converter??? because there are no 7150 units with SFP or SFP+ slots to connect a fiber traceiver from port 1/1/9.  On the 7150, it is common place to place a fiber tranceiver into 1/3/x the way they are numbered.

None the less, the port you are sending to the Layer-2 switch needs to carry both VLANS using 802.1q, so under each VLAN you would set that as TAGGED..


vlan 52 name something by port
tagged e 1/1/9
router-interface ve 52
!
vlan 351 name something-different by port
tagged e 1/1/9
router interface ve 251
!

int ve 52
port-name default gateway for 10.x network
ip add 10.x.x.x/yy
!

int ve 351
port-name default gateway for 11.x network
ip add 11.x.x.x/yy
!

On your layer-2 switch, I am confused that you said, "NATIVE" because that usually refers to an untagged interface that is also tagged in another VLAN.  In ICX terminology, this used to be referred to as a dual-mode port, which regardless of terminology  carries untagged ethernet frames into a particular vlan.  That said any particular interface can be untagged into only one vlan given the constraint the switch needs to know what VLAN to sort untagged frames it receives into (as well as transmit).


***

The reason your ping is likley working is that most likely your ICX 7150 is sourcing the ping from 11.x.x.x, which is on a directly-connected network, but this is just speculation being I cannot see your environment.

Regardless, to make this work, you will need some routing to occur between your 192.168.1.0/24 (presumably I am guessing at the mask) network.


Perhaps:

vlan 192 name servers by port
untagged ethe 1/1/1
router-interface ve 192
!

int ve 192
port-name Default gateway for 192.168.1 network used by servers.
ip add 192.168.1.1/24
!

***

This assumes the server is directly connected to interface 1 on the 7150 and that you have the default-gateway defined on the server as 192.168.1.1, that the mask is 255.255.255.0, that the server sends traffic without an 802.1q tag on the frame... that your network is not more complex than diagramed.

***

Lastly, may I suggest for private use to stick with the RFC1918 IPs.  11's are Internet routable.

You want to variably subset your private network subnets from these larger subnets:

192.168.0.0/16
172.16.0.0/12
10.0.0.0/8


Hope this helps.

Very Helpful NetWizz!  You are so correct, we are actually in port 1/3/1 for the fiber link.  I was trying to simplify things and I made it more confusing.  Thank you!  We are running subnet mask of 255.255.255.0 on all subnets.   You are also correct on our ve settings:

vlan 51
tagged ethernet 1/3/1
router-interface ve 51
int ve 51
ip address 10.174.241.99/24

vlan 351
tagged ethernet 1/3/1
router-interface ve 351
int ve 351
ip address 11.174.246.99/24

The vlan of the layer 2 switch is 51 for its subnet address of 10.174.241.20.

The server only has ip of 192.168.1.3 and mask of 255.255.255.0, we left the gateway empty.  

We are adding this now:
vlan 192
untagged ethe 1/1/1
router-interface ve 192
!
int ve 192
ip add 192.168.1.1/24

We will set the server gateway to 192.168.1.1 and do some testing and get back to you.  Thank you so much!!!  You are awesome

adam_foss
New Contributor II
Does the server already have an existing gateway configured?
It may need a static route put in to point at the network the camera is on.

if the server doesn't have a gateway configured, Create another VE on the L3 switch for that vlan.


Hi Adam.  The server did not have a gateway, but with NetWizz's input we added a ve on port 1/1/1 with ip 192.168.1.1, and now have added the gateway of 192.168.1.1 to the server.  We can ping the ve port of 192.168.1.1 now, but if we try to ping the tagged ve's on 1/3/1 we fail in transit.