I did absolutely nothing... all credit goes to @fohdeeshaI found it, set it and it's working now! Thanks!
And thank you @infoMatt for helping me to find what can be the problem!
But I'm glad that you've managed to solve the issue!
I did absolutely nothing... all credit goes to @fohdeeshaI found it, set it and it's working now! Thanks!
And thank you @infoMatt for helping me to find what can be the problem!
vlan 1 name DEFAULT-VLAN by port
monitor ethernet 1/1/15
router-interface ve 1
!
vlan 4 name guest by port
tagged ethe 1/1/17 ethe 1/2/5 ethe 1/2/8 lag 1 to 2
monitor ethernet 1/1/15
!
vlan 999 name monitor by port
untagged ethe 1/1/15
!
mirror-port ethernet 1/1/15 input
!
interface ethernet 1/1/15
no spanning-tree
no inline power
!
Can any of these switches or addon modules auto negotiate 2.5Gbe? I'm looking to pick up some Ruckus R750 wifi APs and hoping I can use the SFP+ ports with a 10BASE-T module conversion and POE injector to take full advantage of the 2.5gbps bandwidth of the AP.
just like the infographic says, 2 are 40gbe only, and 2 are 4x 10gbe only. those two cannot be used for 40gb connections to serversFrom what I can understand the 4 x 40GB port on the back, 2 of them could be used for servers @40GB but the 2 other ports are 40GB but breakout to 4 10GB? No way to connect those to servers @ 40GB?
mac filter 1 deny any any
mac filter 2 permit 1a2b.3c4d.5e6f ffff.ffff.ffff any
On your firmware page, for 7250; you still show 08080e from Oct 2019. That is your "approved" firmware version.added some hidden u-boot dev mode commands for more switch models, think I have them all now except for the new ICX7550 Hidden Dev Stuff - Fohdeesha Docs
What you need to do is get a 48U server rack completely full of Switches.....
made the mistake of gathering all the units I could find while organizing the basement (not including switches out on loan or units in use). I may have a problem
Normal convention of FW rules, ACLs, etc. will stop evaluation when the first rule meets the criteria. So your rules as they are defined will block everything because the first rule will match (any MACs). Imagine the inefficiency of the engine evaluating all rules every time a rule has to be invoked.Code:mac filter 1 deny any any mac filter 2 permit 1a2b.3c4d.5e6f ffff.ffff.ffff any
Ah I see. So I just had the order wrong? So have all mac address block as the last filter rule, and preceding filter rules are "allow" for each mac address?Normal convention of FW rules, ACLs, etc. will stop evaluation when the first rule meets the criteria. So your rules as they are defined will block everything because the first rule will match (any MACs). Imagine the inefficiency of the engine evaluating all rules every time a rule has to be invoked.
Follow Terry's video and have deny any any defined as the maximum filter id.
Are you concerned with manually entering every MAC address to your filter list? Yeah, that will be a hassle but it's your use case.Ah I see. So I just had the order wrong? So have all mac address block as the last filter rule, and preceding filter rules are "allow" for each mac address?
Is there a more efficient way to do this than to manually make a new allow filter rule for each mac address?
This is for small business and we have a new policy to block all devices by default and only allow a couple hundred company computers to be on our network. I thought about doing it via DHCP server, but that only prevents users from pulling an IP address. It doesn't stop them from setting up a static IP on their device. I'll look into firewall rules first.Are you concerned with manually entering every MAC address to your filter list? Yeah, that will be a hassle but it's your use case.
You can inspect all MACs on your network and figure out their common OUIs (first 3) and maybe some of their remainder octets and use a wildcard or forgo filtering it in this way and use rules from your firewall/DHCP server instead. You may have more flexibility with not using MAC filters as in the video that device only supports 64, but I assume you can reconfigure a global setting to have more.
dhcp snooping + ip source guard IP Source GuardThis is for small business and we have a new policy to block all devices by default and only allow a couple hundred company computers to be on our network. I thought about doing it via DHCP server, but that only prevents users from pulling an IP address. It doesn't stop them from setting up a static IP on their device. I'll look into firewall rules first.
I think Terry said there is a max of 512 mac filters, but that's for the ICX 7000 switches (hoping this ICX 6610 has the same max)
Hmmm... 802.1x enters the chat.This is for small business and we have a new policy to block all devices by default