Search results

It looks like you can plug the laptop into 1/1/5, manually assign 10.10.10.49/24, and ping the desktop at 10.10.10.50. This will demonstrate that modules 1 and 2 can pass traffic to each other. You might also try running tcpdump at various points to determine where traffic is breaking down...

You don't happen to have the desktop plugged into 1/2/4, do you?

On my ICX6450 with 8.0.30u, the protocol "ip" doesn't take "established". I thought that only belonged to TCP. In which case, maybe you just have a "permit all" rule, rather than a "permit all established"

The 6430 is not a router. It is only a switch.

If it's like the ones being show here at Serve the Home (https://www.servethehome.com/ienron-hg0801xg-8-port-2-5gbe-1-port-10gbe-fanless-switch-review/), that switch enables port isolation between the 2.5 ports but NOT between the 10 Gb ports. Though, the article shows an 8 port x 2.5 with 1 x...

I dunno. I haven't done anything with jumbo frames. Fohdeesha is sour on them, and I don't know any better. No. In fact, if they *are* on the same IP subnet, they ought to be on the same L2 segment (in ethernet, anyway) and therefore wouldn't need ip helper at all! The way IP Helper works...

You have a line "ip route 10.10.10.0/24 10.10.10.4". I believe this line says "send all traffic for 10.10.10.0/24 to IP 10.10.10.4, which is circular. How does it find 10.10.10.4? I'd want to step back a few steps and identify where the problem first starts. Clear the config, statically...

Me too. "Full of enthusiasm, but not very professional". This seems excessively complex. Couldn't you tag all of your VLANs to a single port, and set up multiple interfaces on the probe computer? At that point, it seems like you're doing something similar to NAGIOS/Icinga with running the...

Very cool. I would think that OpenTofu would be a tool to deploy "parts of configuration", though there's no provider that I know of to do it to ICX Switches. The first thing that springs to my mind would be being able to deploy firewall rules (access control lists). Or are you describing...

Sorry to interrupt the current discussion, but I'd like a sanity check: When setting up port monitoring, how are you supposed to turn off the monitor? I've got an ICX6450 on 08.0.30. I configure e.g. 1/1/23 to be a mirror, I configure 1/1/48 to be monitored. When I issue "no mirror-port...

Complete guess? Your certificate uses some algorithm the ICX doesn't. Too big RSA key? SHA256 signature?

1. Ah, I see. My fault, I didn't know the newer firmware did so. It's a sensible change, I'll keep it in mind for future discussion. 2. I've got a setup where my Internet Gateway Device (OpenWRT on an EspressoBIN) has a point to point connection. I don't send all the VLANs to it. If I did, I...

@Gerhen First of all, in neither config does it look like you've assigned VEs to your VLANs. Within your VLAN configurations, you need to issue "router-interface ve N" statements. I'm confused by your statement "router-on-a-stick" but also "switch handling inter-vlan". I understand inter-VLAN...

And I do. Though I keep running into edge cases where it doesn't work, and I consider going back to having a Linux router... Things the ICX6450 doesn't do: IPv6 Prefix Delegation, SSDP relay. My user IPv6 and guest network ipv4 "firewalls", so far... ipv6 access-list permissive permit tcp...

No. The VE has an address in the VLAN 1, but regardless of your netmask, it's not going to talk on the other VLANs. To do that, you need to have VEs in those VLANs to do the routing. But I don't think this is what you're trying to do... You want pfSense to do your routing, right? That's why...

IP Helper is for unicast forwarding the packets from a broadcast in a VLAN. It should not be necessary when the client and server are on the same VLAN. You're saying it works when you don't have the LAG setup, and just one port, but when you enable the LAG, and you've checked that the...

I'm not particularly competent at reading these things, but it looks like you don't have your LAG within vlan 1. So the ICX router doesn't know where 10.10.10.1 is from VE 1. I believe you want to add "deploy" to your LAG configuration. I believe you want to add either "tagged lag 1" or...

[cheering from the sidelines]

You need to set up a tftp server, then do a "copy running-mem tftp add.res.sof.tftp filename.txt". There's no reason to need things "written down" when you can copy the configuration in digital form, and reload it in digital form, in moments. I can't explain your "factory reset", but the...

So it turns out, if I have a DHCP-server pool configured for the address space, then the dhcp relay will not work. I had thought that putting the pool in "pending" status ("no deploy") would be enough. But when I undefined it ("no ip dhcp-server pool guests"), the relay immedately started...