Recent content by Nikotine

  1. N

    Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

    Does the Brocade ICX 6450 have the equivalent for Cisco's "switchport protection"? I want to prevent the clients in my guest VLAN from talking to each other, and this seems to be solution in the Cisco world.
  2. N

    Switch inter-vlan routing with only WAN traffic going to a firewall

    VLAN 100 without WAN access: pi@rpi3-sdr:~ $ traceroute -i enxb827eb45a8ec 9.9.9.9 traceroute to 9.9.9.9 (9.9.9.9), 30 hops max, 60 byte packets 1 10.25.100.2 (10.25.100.2) 5.066 ms 4.822 ms 4.835 ms 2 WRT1900AC.lan (172.16.1.2) 4.151 ms 4.888 ms 5.354 ms 3 WRT1900AC.lan (172.16.1.2)...
  3. N

    Switch inter-vlan routing with only WAN traffic going to a firewall

    They are interfaces, there is just one VLAN 172 (device eth0.172). Yeah, confusing, I kept the interface names. Please note that the former static route was for the transit interface (I had by mistake pasted the firewall rule in my post above, I have corrected this now). Now I had to create...
  4. N

    Switch inter-vlan routing with only WAN traffic going to a firewall

    Hold on to your ethernet cables! I think I have it working as intended. Let's start with the traceroutes. VLAN 9 with WAN access: pi@rpi3-sdr:~ $ traceroute -i enxb827eb45a8ec 9.9.9.9 traceroute to 9.9.9.9 (9.9.9.9), 30 hops max, 60 byte packets 1 10.25.9.2 (10.25.9.2) 1.311 ms 1.725 ms...
  5. N

    Switch inter-vlan routing with only WAN traffic going to a firewall

    Please look at post #50, I'm no longer using a trunk port.
  6. N

    Switch inter-vlan routing with only WAN traffic going to a firewall

    @kapone, does your DHCP server offer IP addresses for different subnets? How did you get that to work? Current situation is: - the switch can ping 172.16.1.2, 192.168.0.1 and google.com - the OpenWRT router can ping 172.16.1.1 but not 10.25.9.2 or 10.25.100.2 - DHCP requests from a client...
  7. N

    Switch inter-vlan routing with only WAN traffic going to a firewall

    Yeah and I was kind of hoping that the switch would then route this DHCP offer from VLAN 172 to VLAN 9 or 100 :)
  8. N

    Switch inter-vlan routing with only WAN traffic going to a firewall

    Here you go: Meanwhile I started configuring like this, in an effort to get rid of the different interfaces and VLANs on the OpenWRT switch: OpenWRT: Switch config: Current configuration: ! ver 08.0.30tT313 ! stack unit 1 module 1 icx6450-48p-poe-port-management-module module 2...
  9. N

    Switch inter-vlan routing with only WAN traffic going to a firewall

    It is hardwired yes, with cat 6. Ok, I'm going to save my current config and rip it all up to experiment a bit. Tomorrow an HP T620 plus arrives and I'll install Opnsense... Then it will all start over :)
  10. N

    Switch inter-vlan routing with only WAN traffic going to a firewall

    Yes, I wouldn't change anything to the VLANs defined on the switch. Same as currently, as per the instructions from kapone. There's a route on the switch for 0.0.0.0/0 to 172.16.1.2 and on the OpenWRT router there's a route as well for 10.25.0.0/16 to 172.16.1.1. As far as I understand, the...
  11. N

    Switch inter-vlan routing with only WAN traffic going to a firewall

    You got me thinking. If the link between the switch and the OpenWRT router should be untagged, then there should only be one VLAN going over that link, right? I noticed I can assign more than one subnet to an interface on the OpenWRT router. What if I do something like this? I only keep...
  12. N

    Switch inter-vlan routing with only WAN traffic going to a firewall

    I really appreciate you guys troubleshooting this :) 192.168.0.1 is my ISP's router, connected to the WAN port of the OpenWRT router. OpenWRT is in the DMZ of my ISP router to keep it as dumb as possible. The connection between the switch and the OpenWRT router is trunked, yes. I haven't...
  13. N

    Switch inter-vlan routing with only WAN traffic going to a firewall

    Ok, here you go: pi@rpi3-sdr:~ $ traceroute -i enxb827eb45a8ec 9.9.9.9 traceroute to 9.9.9.9 (9.9.9.9), 30 hops max, 60 byte packets 1 10.25.9.2 (10.25.9.2) 2.116 ms 2.580 ms 3.142 ms 2 WRT1900AC.lan (10.25.9.1) 1.303 ms 1.205 ms 1.257 ms 3 192.168.0.1 (192.168.0.1) 6.632 ms 7.433 ms...
  14. N

    Switch inter-vlan routing with only WAN traffic going to a firewall

    With cable to OpenWRT connected or not? Because without it, it won't go anywhere?
  15. N

    Switch inter-vlan routing with only WAN traffic going to a firewall

    Right, I forgot about that. With the cable to OpenWRT detached, I can still ping between both VLANs. I should add that in the meantime I am no longer attached with a second cable between 172.16.1.1 on the switch, and 172.16.1.2 on OpenWRT. It's all going via one cable and tagged 1/1/1 now.