Brocade, how to test if L3 is working?

Caennanu

Member
May 18, 2021
87
4
8
Haha yeah, subtitles would be your department for sure!

It does seem to add it automatically. But doesn't seem to add next hops.
1637706291880.png

I'm geussing you want the traceroute -d 1.1.1.1 from behind the brocade? ill have to post that tommorow i'm afraid.

Current configuration:
!
ver 08.0.30uT313
!
stack unit 1
module 1 icx6450-48p-poe-port-management-module
module 2 icx6450-sfp-plus-4port-40g-module
no legacy-inline-power
!
global-stp
!
!
!
vlan 1 name DEFAULT-VLAN by port
router-interface ve 1
spanning-tree 802-1w
!
vlan 2 name Default2 by port
untagged ethe 1/2/1
router-interface ve 2
spanning-tree 802-1w
!
vlan 4 name iTV by port
tagged ethe 1/1/48 ethe 1/2/2 to 1/2/4
untagged ethe 1/1/20 ethe 1/1/22
router-interface ve 4
spanning-tree 802-1w
multicast fast-leave-v2
!
vlan 30 name Home by port
tagged ethe 1/1/12 ethe 1/1/48 ethe 1/2/2 to 1/2/4
untagged ethe 1/1/2 ethe 1/1/4 ethe 1/1/6 ethe 1/1/8
router-interface ve 30
spanning-tree 802-1w
multicast active
multicast fast-leave-v2
!
vlan 84 name Security by port
tagged ethe 1/1/12 ethe 1/1/48 ethe 1/2/2 to 1/2/4
untagged ethe 1/1/1 ethe 1/1/3 ethe 1/1/5 ethe 1/1/7 ethe 1/1/9 ethe 1/1/11 ethe 1/1/13 ethe 1/1/15 ethe 1/1/17 ethe 1/1/19 ethe 1/1/21 ethe 1/1/23 ethe 1/1/25 ethe 1/1/27 ethe 1/1/29 ethe 1/1/31 ethe 1/1/33 ethe 1/1/35 ethe 1/1/37 ethe 1/1/39 ethe 1/1/41 ethe 1/1/43 ethe 1/1/45 ethe 1/1/47
router-interface ve 84
spanning-tree 802-1w
multicast fast-leave-v2
multicast version 2
!
vlan 120 name Server by port
tagged ethe 1/1/48 ethe 1/2/2 to 1/2/4
router-interface ve 120
spanning-tree 802-1w
multicast fast-leave-v2
!
!
!
!
!
optical-monitor
aaa authentication web-server default local
aaa authentication login default local
jumbo
enable aaa console
hostname 10g48p
ip dhcp-client disable
ip dns server-address 192.168.2.1
ip route 0.0.0.0/0 192.168.2.1
ip route 0.0.0.0/0 172.31.255.1
ip multicast active
ip multicast leave-wait-time 5
ip multicast age-interval 280
!
username root password .....
snmp-server community ..... ro
!
!
clock summer-time
clock timezone gmt GMT+01
!
!
ntp
disable serve
server 216.239.35.0
server 216.239.35.4
!
!
web-management https
web-management frame bottom
web-management page-menu
web-management session-timeout 3600
!
!
!
interface ethernet 1/1/1
inline power
!
interface ethernet 1/1/2
inline power power-limit 1000
!
interface ethernet 1/1/3
inline power
!
interface ethernet 1/1/4
inline power
!
interface ethernet 1/1/5
inline power
!
interface ethernet 1/1/6
inline power
!
interface ethernet 1/1/7
inline power
!
interface ethernet 1/1/8
inline power
!
interface ethernet 1/1/9
inline power
!
interface ethernet 1/1/11
inline power
!
interface ethernet 1/1/12
dual-mode 30
inline power
!
interface ethernet 1/1/13
inline power
!
interface ethernet 1/1/15
inline power
!
interface ethernet 1/1/17
inline power
!
interface ethernet 1/1/19
inline power
!
interface ethernet 1/1/21
inline power
!
interface ethernet 1/1/23
inline power
!
interface ethernet 1/1/25
inline power
!
interface ethernet 1/1/27
inline power
!
interface ethernet 1/1/29
inline power
!
interface ethernet 1/1/31
inline power
!
interface ethernet 1/1/33
inline power
!
interface ethernet 1/1/35
inline power
!
interface ethernet 1/1/37
inline power
!
interface ethernet 1/1/39
inline power
!
interface ethernet 1/1/41
inline power
!
interface ethernet 1/1/43
inline power
!
interface ethernet 1/1/45
inline power
!
interface ethernet 1/1/48
dual-mode
!
interface ethernet 1/2/1
port-name Uplink ER12
speed-duplex 1000-full-master
!
interface ethernet 1/2/2
port-name Uplink ER12 Vlans
dual-mode
speed-duplex 1000-full-master
!
interface ethernet 1/2/3
dual-mode
!
interface ethernet 1/2/4
dual-mode
!
interface ve 1
ip address 192.168.2.22 255.255.255.0
ip helper-address 1 172.31.255.1
!
interface ve 2
ip address 172.31.255.2 255.255.255.248
!
interface ve 4
ip address 192.168.4.40 255.255.255.0
ip helper-address 1 172.31.255.1
!
interface ve 30
ip address 192.168.30.40 255.255.255.0
ip helper-address 1 172.31.255.1
!
interface ve 84
ip address 192.168.84.40 255.255.255.0
ip helper-address 1 172.31.255.1
!
interface ve 120
ip address 192.168.120.40 255.255.255.0
ip helper-address 1 172.31.255.1
!
!
!
!
!
!
!
!
!
end
 

Attachments

Caennanu

Member
May 18, 2021
87
4
8
@LodeRunner Right, so i haven't gotten around to do the traceroute yet.
There is one thing i have noticed tho, which i find odd.

The server has an active-backup connection configured between the LGS318P (which is connected directly to ER12)
And a direct connection to the brocade.
So the only 'linking pin' between the 2 physical networks, is the server and the ER12

Now, the port on the ER12 that is the uplink to the brocade, shows little to no data. But the camera's behind the brocade are working just fine on the server. Which, if you ask me, should state that routing is working?

But when i pull the plug from the ER12 to the LGS318P. basically everything goes down. Server can't be reached either.
the other funny part is . . . my local acces point is connected to the brocade. when i perform a speedtest on the phone while connected to it. data flows thru the LGS318P ethernet port on the ER12 . . .

So, data seems to be going ... Brocade > Server > LGS318P > ER12

----- edit -----

nevermind the entire story above.
It seems i was dealing with frozen images and buffers on the CCTV software.
 
Last edited:

nerdalertdk

Fleet Admiral
Mar 9, 2017
216
103
43
::1
You can only have one default route


ip route 0.0.0.0/0 192.168.2.1
ip route 0.0.0.0/0 172.31.255.1

Try no ip route 0.0.0.0/0 192.168.2.1
 

Caennanu

Member
May 18, 2021
87
4
8
@nerdalertdk thanks for the response.

I removed the route, and that works. somewhat . .
Now i'm back to the 'old' issue.
Download speeds are around 5mbps/5mbps.
Ping internal is 300+ external between 60 en 200.

SSH@10g48p>sh run
Current configuration:
!
ver 08.0.30uT313
!
stack unit 1
module 1 icx6450-48p-poe-port-management-module
module 2 icx6450-sfp-plus-4port-40g-module
no legacy-inline-power
!
global-stp
!
!
!
vlan 1 name DEFAULT-VLAN by port
router-interface ve 1
spanning-tree 802-1w
!
vlan 2 name Default2 by port
untagged ethe 1/2/1
router-interface ve 2
spanning-tree 802-1w
!
vlan 4 name iTV by port
tagged ethe 1/1/48 ethe 1/2/2 to 1/2/4
untagged ethe 1/1/20 ethe 1/1/22
router-interface ve 4
spanning-tree 802-1w
multicast fast-leave-v2
!
vlan 30 name Home by port
tagged ethe 1/1/12 ethe 1/1/48 ethe 1/2/2 to 1/2/4
untagged ethe 1/1/2 ethe 1/1/4 ethe 1/1/6 ethe 1/1/8
router-interface ve 30
spanning-tree 802-1w
multicast active
multicast fast-leave-v2
!
vlan 84 name Security by port
tagged ethe 1/1/12 ethe 1/1/48 ethe 1/2/2 to 1/2/4
untagged ethe 1/1/1 ethe 1/1/3 ethe 1/1/5 ethe 1/1/7 ethe 1/1/9 ethe 1/1/11 ethe 1/1/13 ethe 1/1/15 ethe 1/1/17 ethe 1/1/19 ethe 1/1/21 ethe 1/1/23 ethe 1/1/25 ethe 1/1/27 ethe 1/1/29 ethe 1/1/31 ethe 1/1/33 ethe 1/1/35 ethe 1/1/37 ethe 1/1/39 ethe 1/1/41 ethe 1/1/43 ethe 1/1/45 ethe 1/1/47
router-interface ve 84
spanning-tree 802-1w
multicast fast-leave-v2
multicast version 2
!
vlan 120 name Server by port
tagged ethe 1/1/48 ethe 1/2/2 to 1/2/4
router-interface ve 120
spanning-tree 802-1w
multicast fast-leave-v2
!
!
!
!
!
optical-monitor
aaa authentication web-server default local
aaa authentication login default local
jumbo
enable aaa console
hostname 10g48p
ip dhcp-client disable
ip dns server-address 192.168.2.1
ip route 0.0.0.0/0 172.31.255.1
ip multicast active
ip multicast leave-wait-time 5
ip multicast age-interval 280
!
username root password .....
snmp-server community ..... ro
!
!
clock summer-time
clock timezone gmt GMT+01
!
!
ntp
disable serve
server 216.239.35.0
server 216.239.35.4
!
!
web-management https
web-management frame bottom
web-management page-menu
web-management session-timeout 3600
!
!
!
interface ethernet 1/1/1
inline power
!
interface ethernet 1/1/2
inline power power-limit 1000
!
interface ethernet 1/1/3
inline power
!
interface ethernet 1/1/4
inline power
!
interface ethernet 1/1/5
inline power
!
interface ethernet 1/1/6
inline power
!
interface ethernet 1/1/7
inline power
!
interface ethernet 1/1/8
inline power
!
interface ethernet 1/1/9
inline power
!
interface ethernet 1/1/11
inline power
!
interface ethernet 1/1/12
dual-mode 30
inline power
!
interface ethernet 1/1/13
inline power
!
interface ethernet 1/1/15
inline power
!
interface ethernet 1/1/17
inline power
!
interface ethernet 1/1/19
inline power
!
interface ethernet 1/1/21
inline power
!
interface ethernet 1/1/23
inline power
!
interface ethernet 1/1/25
inline power
!
interface ethernet 1/1/27
inline power
!
interface ethernet 1/1/29
inline power
!
interface ethernet 1/1/31
inline power
!
interface ethernet 1/1/33
inline power
!
interface ethernet 1/1/35
inline power
!
interface ethernet 1/1/37
inline power
!
interface ethernet 1/1/39
inline power
!
interface ethernet 1/1/41
inline power
!
interface ethernet 1/1/43
inline power
!
interface ethernet 1/1/45
inline power
!
interface ethernet 1/1/48
dual-mode
!
interface ethernet 1/2/1
port-name Uplink ER12
speed-duplex 1000-full-master
!
interface ethernet 1/2/2
port-name Uplink ER12 Vlans
dual-mode
speed-duplex 1000-full-master
!
interface ethernet 1/2/3
dual-mode
!
interface ethernet 1/2/4
dual-mode
!
interface ve 1
ip address 192.168.2.22 255.255.255.0
ip helper-address 1 172.31.255.1
!
interface ve 2
ip address 172.31.255.2 255.255.255.248
!
interface ve 4
ip address 192.168.4.40 255.255.255.0
ip helper-address 1 172.31.255.1
!
interface ve 30
ip address 192.168.30.40 255.255.255.0
ip helper-address 1 172.31.255.1
!
interface ve 84
ip address 192.168.84.40 255.255.255.0
ip helper-address 1 172.31.255.1
!
interface ve 120
ip address 192.168.120.40 255.255.255.0
ip helper-address 1 172.31.255.1
!
!
!
!
!
!
!
!
!
end
 

LodeRunner

Active Member
Apr 27, 2019
272
114
43
All righty, so I dug up a 7150, wiped it and it has this config (cleaned up to remove extraneous lines and config bits that don't matter for this):
Code:
ICX7150-C12 Router#sh run
Current configuration:
!
ver 08.0.95eT213
!
stack unit 1
  module 1 icx7150-c12-poe-port-management-module
  module 2 icx7150-2-copper-port-2g-module
  module 3 icx7150-2-sfp-plus-port-20g-module
  stack-port 1/3/1
  stack-port 1/3/2
!
global-stp
vlan 1 name DEFAULT-VLAN by port
spanning-tree
!
vlan 11 by port
tagged ethe 1/1/1
untagged ethe 1/1/11
router-interface ve 11
!                                                                
vlan 12 by port
tagged ethe 1/1/1
untagged ethe 1/1/3
router-interface ve 12
!
vlan 20 by port
tagged ethe 1/1/1
router-interface ve 20
!
ip dhcp-client disable
ip route 0.0.0.0/0 172.16.21.2
!

!                                                                
interface ve 11
ip address 10.100.11.1 255.255.255.0
!
interface ve 12
ip address 10.100.12.1 255.255.255.0
ip helper-address 1 10.100.11.2
!
interface ve 20
ip address 172.16.21.1 255.255.255.0
end

Switch IP and route tables:
Code:
ICX7150-C12 Router#sh ip add
        IP Address       Type      Lease Time       Interface
       10.100.11.1       Static    N/A             ve11
       10.100.12.1       Static    N/A             ve12
       172.16.21.1       Static    N/A             ve20
ICX7150-C12 Router#sh ip rout
Total number of IP routes: 4
Type Codes - B:BGP D:Connected O:OSPF R:RIP S:Static; Cost - Dist/Metric
BGP  Codes - i:iBGP e:eBGP
OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2
STATIC Codes - v:Inter-VRF
        Destination        Gateway         Port          Cost          Type Uptime
1       0.0.0.0/0          172.16.21.2     ve 20         1/1           S    18m57s
2       10.100.11.0/24     DIRECT          ve 11         0/0           D    26m26s
3       10.100.12.0/24     DIRECT          ve 12         0/0           D    28m5s
4       172.16.21.0/24     DIRECT          ve 20         0/0           D    19m28s
ICX7150-C12 Router#
pfSense gateway and routes:
1641533188020.png
1641533226133.png

Windows VM in VLAN 11, IP 10.100.11.2/24, running DHCP server, showing client with IP 10.100.12.2/24:
1641533276270.png

Fast.com results from laptop:
1641533324401.png

So if there's a performance issue with this setup, it's most likely not the ICX. Or if it is, there's a misconfiguration somewhere causing asymmetric routing or spanning tree issues.
 

Caennanu

Member
May 18, 2021
87
4
8
@LodeRunner Alright, thank you for testing.
From what im seeing, there is no configuration difference, except for the dns ip not being the default route and double default route.

Geuss ill whipe it too and see . .
 

Caennanu

Member
May 18, 2021
87
4
8
Right, so i whiped the machine. And did the following commands in order

enable
SSH@10g48p#config t
no ip route 0.0.0.0/0 192.168.2.1
ip route 0.0.0.0/0 172.31.255.1
SSH@10g48p(config-vif-4)#int ve2
ip address 172.31.255.2/29
SSH@10g48p(config)#int ve1
ip address 192.168.2.22/24
SSH@10g48p(config-vif-1)#ip helper-address 1 172.31.255.1
SSH@10g48p(config-vif-1)#int ve4
ip address 192.168.4.40/24
SSH@10g48p(config-vif-4)#ip helper-address 1 172.31.255.1
SSH@10g48p(config-vif-2)#int ve30
ip address 192.168.30.40/24
ip helper-address 1 172.31.255.1
SSH@10g48p(config)#int ve84
ip address 192.168.84.40/24
SSH@10g48p(config-vif-84)#ip helper-address 1 172.31.255.1
SSH@10g48p(config-vif-84)#int ve120
ip address 192.168.120.40/24
SSH@10g48p(config-vif-120)#ip helper-address 1 172.31.255.1
SSH@10g48p(config)#ip route 0.0.0.0/0 172.31.255.1
Kept the tagging and untagging away from this.
enable the static gateway route on the ER-12.
Everything on my LAN works (at max 100mbps), internet does too, at very low speeds with extremely high ping and jitter.

When monitoring my ER-12. i can see the traffic going thru my Unraid server instead of the uplink from the brocade to the ER-12. And automatigically the DNS addres is set to 192.168.2.1, which is an address for the ER-12.

So . . . im at a loss to whats happening.
 
Last edited:

LodeRunner

Active Member
Apr 27, 2019
272
114
43
Sounds like you've somehow bridged interfaces in Unraid and made a loop or something. In several L3 setups like this I've done I've never had symptoms as you describe. It's typically either worked or not due to a missing VLAN tag or a missing route.

As far as the 6450, please post the full output of 'sh run', 'sh ip add', 'sh ip rout', and 'sh vlan'
 

Caennanu

Member
May 18, 2021
87
4
8
@LodeRunner well it appears the issue has been fixed.
In the dhcp i still had the er as router, not the brocade.

It all works as smooth as a baby's Bottom! Thanks very much for all the support!
 

Caennanu

Member
May 18, 2021
87
4
8
Very true. But it was a eureka moment for me. The realisation that an interface doesn't have to be physical. It all makes more sence now!
 

Caennanu

Member
May 18, 2021
87
4
8
So . . . unfortunately i am back.
Finally had a chance to try and finalize the network. Remove all the abundant and redundant cables, and . . . i come across an issue.
When disconnecting the interface that has the vlan's going tagged to the L3 brocade from the ER, the network pretty much goes down in terms of DHCP.

After a couple of ping testing and what not. i can see that switch0.XX interferes with ping requests, so turns one off and found out that when switch0.xx interface is turned off, a ping will reach the interwebs (excecuted from the L3 CLI with the source ip belonging to the vlan).
However . . . for some odd reason, i cannot get DHCP requests to pass thru the L3 brocade and reach the ER.

Ip helper is set on all VE's on the L3 brocade (with exception of the 172 static route interface, even tho i did try that). and static 0.0.0.0/0 is still set with next hop address of the ER on L3 brocade.
ER still has a static route for 192.168.0.0/16 (also tried 192.168.xx.0/24, but no luck) with next hop the ip for the L3 brocade.

Why don't the DHCP requests forward from the L3 to the ER?