cancel
Showing results for 
Search instead for 
Did you mean: 

ICX7150 vlan setup

data_ninja
New Contributor

My current setup:

[AttGateway] --> [Asus Router] --> [UDM-Pro (VLANS)] --> [Unifi AP (VLANS)]

My desired setup:

[AttGateway] --> [Asus Router] -LAG-> [ICX7150 (VLANS)] --> [Unifi AP (VLANS)] --> [UDM-Pro (Home lab VLANS)]

I am working on setting up a home lab and would like to move all of my vlans from my UDM pro to the ICX-7150 c12P. I updated the firmware to 8095dT213 with the router image on primary and switch on secondary. I have tried to read through other posts that seem quite similar to my desired setup but am missing something undoubtedly simple.

My asus router is running merlinWRT and will continue to be my firewall/ad blocker/dns(dnscrypt) & ntp server for the foreseeable future. From a telnet session, the 7150 is able to ping the asus router, external addresses (8.8.8.8) and ntp is synced. From a computer connected to 1/1/3 I am getting a ip address from the pool and can ping all 7150 addresses, but cannot connect to the asus router at all.

My last attempt was to change the subnet mask on the asus and match it on VLAN 50 of the icx, which oddly is now preventing me from getting an ip address on system connected to 1/1/3. I am not sure that I need everything below and would really appreciate some help.

After getting past this I would like to setup LAG 1/2/1 to 1/2/2  to the asus router and will use the SPF ports to the UDM-Pro and home lab. Aside from this issue is there any thing that this could not be accomplished?

Current configuration:
!
ver 08.0.95dT213
!
stack unit 1
  module 1 icx7150-c12-poe-port-management-module
  module 2 icx7150-2-copper-port-2g-module
  module 3 icx7150-2-sfp-plus-port-20g-module
!
global-stp
!
default-vlan-id 75
!
vlan 50 by port
 tagged ethe 1/1/3
 untagged ethe 1/2/1
 router-interface ve 50
 spanning-tree
!
vlan 75 name DEFAULT-VLAN by port
 spanning-tree
!
vlan 100 by port
 tagged ethe 1/2/1
 untagged ethe 1/1/3
 router-interface ve 100
 spanning-tree
!
aaa authentication web-server default local
aaa authentication login default local
console timeout 30
enable aaa console
ip arp learn-gratuitous-arp
ip dhcp-client disable
ip dhcp-server enable
!
ip dhcp-server pool 100
 excluded-address 192.168.100.2
 excluded-address 192.168.100.3
 excluded-address 192.168.100.4
 excluded-address 192.168.100.5
 lease 3 0 0
 network 192.168.100.0 255.255.255.0
 option  3 ip 192.168.100.1
 option  6 ip 192.168.50.1
 option  15 ascii ruck100.net
!
ip show-subnet-length
ip forward-protocol udp ntp
ip forward-protocol udp bootps
no ip forward-protocol udp tacacs
no ip forward-protocol udp tftp
ip route 0.0.0.0/0 192.168.50.1
ip router-id 192.168.50.6
!
username super password .....
!
ntp
 disable serve
 server 192.168.50.1
!
manager disable
!
manager port-list 987
!
router ospf
!
interface ethernet 1/3/1
 speed-duplex 1000-full
!
interface ethernet 1/3/2
 speed-duplex 1000-full
!
interface ve 50
 ip address 192.168.50.5/27
!
interface ve 100
 ip address 192.168.100.1/24
 ip helper-address 1 192.168.50.1
!
no ip ssh  key-exchange-method dh-group1-sha1
!
end

1 ACCEPTED SOLUTION

paul_mcguire_20
Contributor

you need a route statement on the Asus router to route the vlans to the icx 7150

ip route 192.168.100.0/24 to 192.168.50.1

View solution in original post

6 REPLIES 6

paul_mcguire_20
Contributor

The udm pro pulled 1 one wan address and all traffic to and from the asus was with one IP address. The icx in router mode if setup as a routed port connecting to the asus might not require the route statements. Seems like a complex setup for a noob. I agree that acl will be needed. 

It is in router mode, and physically there is only one connection. I believe, logically (see below) that's what I've done. Should I eliminate the 50 vlan and just give assign an IP address to 1/2/1?

vlan 50 by port
 tagged ethe 1/1/3
 untagged ethe 1/2/1
 router-interface ve 50
 spanning-tree

interface ve 50
 ip address 192.168.50.5/27

ip route 0.0.0.0/0 192.168.50.1