Does the Brocade ICX 6450 have the equivalent for Cisco's "switchport protection"? I want to prevent the clients in my guest VLAN from talking to each other, and this seems to be solution in the Cisco world.
VLAN 100 without WAN access:
pi@rpi3-sdr:~ $ traceroute -i enxb827eb45a8ec 9.9.9.9
traceroute to 9.9.9.9 (9.9.9.9), 30 hops max, 60 byte packets
1 10.25.100.2 (10.25.100.2) 5.066 ms 4.822 ms 4.835 ms
2 WRT1900AC.lan (172.16.1.2) 4.151 ms 4.888 ms 5.354 ms
3 WRT1900AC.lan (172.16.1.2)...
They are interfaces, there is just one VLAN 172 (device eth0.172). Yeah, confusing, I kept the interface names.
Please note that the former static route was for the transit interface (I had by mistake pasted the firewall rule in my post above, I have corrected this now).
Now I had to create...
Hold on to your ethernet cables! I think I have it working as intended.
Let's start with the traceroutes.
VLAN 9 with WAN access:
pi@rpi3-sdr:~ $ traceroute -i enxb827eb45a8ec 9.9.9.9
traceroute to 9.9.9.9 (9.9.9.9), 30 hops max, 60 byte packets
1 10.25.9.2 (10.25.9.2) 1.311 ms 1.725 ms...
@kapone, does your DHCP server offer IP addresses for different subnets?
How did you get that to work?
Current situation is:
- the switch can ping 172.16.1.2, 192.168.0.1 and google.com
- the OpenWRT router can ping 172.16.1.1 but not 10.25.9.2 or 10.25.100.2
- DHCP requests from a client...
Here you go:
Meanwhile I started configuring like this, in an effort to get rid of the different interfaces and VLANs on the OpenWRT switch:
OpenWRT:
Switch config:
Current configuration:
!
ver 08.0.30tT313
!
stack unit 1
module 1 icx6450-48p-poe-port-management-module
module 2...
It is hardwired yes, with cat 6.
Ok, I'm going to save my current config and rip it all up to experiment a bit.
Tomorrow an HP T620 plus arrives and I'll install Opnsense...
Then it will all start over :)
Yes, I wouldn't change anything to the VLANs defined on the switch.
Same as currently, as per the instructions from kapone.
There's a route on the switch for 0.0.0.0/0 to 172.16.1.2 and on the OpenWRT router there's a route as well for 10.25.0.0/16 to 172.16.1.1.
As far as I understand, the...
You got me thinking.
If the link between the switch and the OpenWRT router should be untagged, then there should only be one VLAN going over that link, right?
I noticed I can assign more than one subnet to an interface on the OpenWRT router.
What if I do something like this?
I only keep...
I really appreciate you guys troubleshooting this :)
192.168.0.1 is my ISP's router, connected to the WAN port of the OpenWRT router.
OpenWRT is in the DMZ of my ISP router to keep it as dumb as possible.
The connection between the switch and the OpenWRT router is trunked, yes.
I haven't...
Ok, here you go:
pi@rpi3-sdr:~ $ traceroute -i enxb827eb45a8ec 9.9.9.9
traceroute to 9.9.9.9 (9.9.9.9), 30 hops max, 60 byte packets
1 10.25.9.2 (10.25.9.2) 2.116 ms 2.580 ms 3.142 ms
2 WRT1900AC.lan (10.25.9.1) 1.303 ms 1.205 ms 1.257 ms
3 192.168.0.1 (192.168.0.1) 6.632 ms 7.433 ms...
Right, I forgot about that.
With the cable to OpenWRT detached, I can still ping between both VLANs.
I should add that in the meantime I am no longer attached with a second cable between 172.16.1.1 on the switch, and 172.16.1.2 on OpenWRT. It's all going via one cable and tagged 1/1/1 now.
This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.