First of all, I'd like to start my first post by saying thank you to everyone here that has helped build a forum full of so much useful information. I know I'm not the only lurker that picks up a good tip or two without giving proper thanks.
Now, I recently picked up a pair of Brocade ICX 6430s. They will be going in my parents house and detached workshop. The main motivation for the upgrade is for a handful of IP cams to monitor their property. Since it's a bit of a trip to their house, I have everything stacked on my desk at home for testing and rough setup so I can spend time on my next visit running Ethernet and hanging cameras. Hopefully everything else will be plug and play for the most part.
I plan to segregate the cameras and NVR to contain them and keep them from touching the internet. There will be a guest subnet which will only be needed for WiFi guests. And of course, a main, trusted subnet. Currently I'm running an SG-1100, some dumb desktop switch (as the network was flat and there was no need for VLANs), and a pair of EAP 225v3s. The plan is to ditch the dumb switch in the house and throw one of the 6430s there and put the second one in the workshop. There are currently two Cat6 runs between the house and the workshop, <150ft. One of these runs directly to an AP out there so it is powered from the house while the other is unused and was run for just this kind of future upgrade.
So, the relevant VLANs here are 2000 for the "trusted" subnet, 2008 for the guest subnet, and 2016 for cameras. The house switch needs to trunk all three with the router, trunk 2000/2016 with the workshop switch, and trunk 2000/2008 with the two APs. A handful of ports on both are untagged 2016 for the cameras and everything else (that isn't already tagged) are untagged 2000. With one exception. I have a Debian host that is running a couple of VMs so it's tagged 2000/2016 on the house switch so I can bridge VMs to either. Simple enough.
However, when setting this up at my desk, I guess it isn't so simple. When I'm only connected to the first switch (2000 is connected to my home trusted subnet and 2016 is connected to my home untrusted/no-internet subnet), I can reach everything just fine. When connecting the two switches, almost everything on the VLAN2016 grinds to a halt. The only hosts on 2016 that I can reach are the ones that are going out that tagged port to the Debian host (some VMs bridged to that VLAN, the host itself isn't on that VLAN).
Now that sounds a bit like I have a loop somewhere, but I don't know where that'd be coming from. This isn't my first rodeo. My home network has seen shitty home class Netgear switches, "small business" Cisco, enterprise HP, and now I'm running a Brocade ICX 6450. I have no problem trunking VLANs on the 6450 with the little Netgear ProSafe sitting on my desk to allow me to do this setup from my desk instead of going into the basement. I have four VLANs going across that trunk just fine, it would seem.
If anyone has any ideas, I'd be grateful for the help. My next move is probably going to take out some moving parts and move this pile of gear down to the basement. At least then I don't have to think about mapping my home VLANs to these new VLANs. But I don't see how that would really cause any issue here.
Now, I recently picked up a pair of Brocade ICX 6430s. They will be going in my parents house and detached workshop. The main motivation for the upgrade is for a handful of IP cams to monitor their property. Since it's a bit of a trip to their house, I have everything stacked on my desk at home for testing and rough setup so I can spend time on my next visit running Ethernet and hanging cameras. Hopefully everything else will be plug and play for the most part.
I plan to segregate the cameras and NVR to contain them and keep them from touching the internet. There will be a guest subnet which will only be needed for WiFi guests. And of course, a main, trusted subnet. Currently I'm running an SG-1100, some dumb desktop switch (as the network was flat and there was no need for VLANs), and a pair of EAP 225v3s. The plan is to ditch the dumb switch in the house and throw one of the 6430s there and put the second one in the workshop. There are currently two Cat6 runs between the house and the workshop, <150ft. One of these runs directly to an AP out there so it is powered from the house while the other is unused and was run for just this kind of future upgrade.
So, the relevant VLANs here are 2000 for the "trusted" subnet, 2008 for the guest subnet, and 2016 for cameras. The house switch needs to trunk all three with the router, trunk 2000/2016 with the workshop switch, and trunk 2000/2008 with the two APs. A handful of ports on both are untagged 2016 for the cameras and everything else (that isn't already tagged) are untagged 2000. With one exception. I have a Debian host that is running a couple of VMs so it's tagged 2000/2016 on the house switch so I can bridge VMs to either. Simple enough.
However, when setting this up at my desk, I guess it isn't so simple. When I'm only connected to the first switch (2000 is connected to my home trusted subnet and 2016 is connected to my home untrusted/no-internet subnet), I can reach everything just fine. When connecting the two switches, almost everything on the VLAN2016 grinds to a halt. The only hosts on 2016 that I can reach are the ones that are going out that tagged port to the Debian host (some VMs bridged to that VLAN, the host itself isn't on that VLAN).
Now that sounds a bit like I have a loop somewhere, but I don't know where that'd be coming from. This isn't my first rodeo. My home network has seen shitty home class Netgear switches, "small business" Cisco, enterprise HP, and now I'm running a Brocade ICX 6450. I have no problem trunking VLANs on the 6450 with the little Netgear ProSafe sitting on my desk to allow me to do this setup from my desk instead of going into the basement. I have four VLANs going across that trunk just fine, it would seem.
If anyone has any ideas, I'd be grateful for the help. My next move is probably going to take out some moving parts and move this pile of gear down to the basement. At least then I don't have to think about mapping my home VLANs to these new VLANs. But I don't see how that would really cause any issue here.