Needing a little help here please. We have an environment with no router, but we do have a layer 3 switch. Please refer to the diagram; we have a server with IP address 192.168.1.3 connected to Ethernet port 1 of the Brocade Ruckus ICX 7150 switch. We have a fiber link on port 9 that goes out to a layer 2 switch. On port 9 we have virtual interfaces for vlan 51 at 10.174.241.99 and vlan 351 at 220.127.116.11. From the Brocade Ruckus we can ping the Camera at 18.104.22.168, so we are routing traffic as intended from the Brocade through the layer 2 switch (that has tagging) to the camera at 22.214.171.124. What we need to do is have the server connect from its IP address of 192.168.1.3 to the camera at 126.96.36.199. What configuration method would work best to achieve this goal?
It is hard to visualize your setup because the masks weren't mentioned, but the 7150 can serve teh same function as a router. Presumably, you create the router-interface ve interfaces??? and on int ve 51 set an IP within the subnet, and on int ve 351 set an IP within the subnet.
Then presumably, you carried port 9 to the Layer-2 switch, but I presume you used a media converter??? because there are no 7150 units with SFP or SFP+ slots to connect a fiber traceiver from port 1/1/9. On the 7150, it is common place to place a fiber tranceiver into 1/3/x the way they are numbered.
None the less, the port you are sending to the Layer-2 switch needs to carry both VLANS using 802.1q, so under each VLAN you would set that as TAGGED..
vlan 52 name something by port tagged e 1/1/9 router-interface ve 52 ! vlan 351 name something-different by port tagged e 1/1/9 router interface ve 251 !
int ve 52 port-name default gateway for 10.x network ip add 10.x.x.x/yy !
int ve 351 port-name default gateway for 11.x network ip add 11.x.x.x/yy !
On your layer-2 switch, I am confused that you said, "NATIVE" because that usually refers to an untagged interface that is also tagged in another VLAN. In ICX terminology, this used to be referred to as a dual-mode port, which regardless of terminology carries untagged ethernet frames into a particular vlan. That said any particular interface can be untagged into only one vlan given the constraint the switch needs to know what VLAN to sort untagged frames it receives into (as well as transmit).
The reason your ping is likley working is that most likely your ICX 7150 is sourcing the ping from 11.x.x.x, which is on a directly-connected network, but this is just speculation being I cannot see your environment.
Regardless, to make this work, you will need some routing to occur between your 192.168.1.0/24 (presumably I am guessing at the mask) network.
vlan 192 name servers by port untagged ethe 1/1/1 router-interface ve 192 !
int ve 192 port-name Default gateway for 192.168.1 network used by servers. ip add 192.168.1.1/24 !
This assumes the server is directly connected to interface 1 on the 7150 and that you have the default-gateway defined on the server as 192.168.1.1, that the mask is 255.255.255.0, that the server sends traffic without an 802.1q tag on the frame... that your network is not more complex than diagramed.
Lastly, may I suggest for private use to stick with the RFC1918 IPs. 11's are Internet routable.
You want to variably subset your private network subnets from these larger subnets:
Very Helpful NetWizz! You are so correct, we are actually in port 1/3/1 for the fiber link. I was trying to simplify things and I made it more confusing. Thank you! We are running subnet mask of 255.255.255.0 on all subnets. You are also correct on our ve settings:
vlan 51 tagged ethernet 1/3/1 router-interface ve 51 int ve 51 ip address 10.174.241.99/24
vlan 351 tagged ethernet 1/3/1 router-interface ve 351 int ve 351 ip address 188.8.131.52/24
The vlan of the layer 2 switch is 51 for its subnet address of 10.174.241.20.
The server only has ip of 192.168.1.3 and mask of 255.255.255.0, we left the gateway empty.
We are adding this now: vlan 192 untagged ethe 1/1/1 router-interface ve 192 ! int ve 192 ip add 192.168.1.1/24
We will set the server gateway to 192.168.1.1 and do some testing and get back to you. Thank you so much!!! You are awesome
Hi Adam. The server did not have a gateway, but with NetWizz's input we added a ve on port 1/1/1 with ip 192.168.1.1, and now have added the gateway of 192.168.1.1 to the server. We can ping the ve port of 192.168.1.1 now, but if we try to ping the tagged ve's on 1/3/1 we fail in transit.