Thank you
@ArmedAviator for that info, never thought to do things that way at all! I presume I then also manage all of the ACL's with in the ICX also to limit access to systems between VLANS. I guess I was thinking as PFSense to manage all of this as it is very familiar and easy to do (spoiled by GUIs). On the other hand, i also do not want to be spending the next 2 weeks figuring our CLI syntax to create everything switch side. I also do a lot of IP reservations as well my home lab which is a lot of windows boxes and stuff. Managing it all from PfSense would be easier for me in the end with out needing to become a networking expert.
Using the ICX as the L3 router to handle all vlans and ACLs is the *proper* way, aka the way it's intended to be used. That being said, there are quite a few folks here that are simply using it as a L2 switch, and doing inter-VLAN routing on pfsense or whatever.
There are pros & cons of either approach. These are my opinions:
| Approach | Pro | Con |
| L3 Routing |
- Wire speed between vlans
- Robust ACLs support
|
- ICX DHCP server is not authoritative- need another box for DHCP
- Learning curve for CLI
|
| L2 Switch with pfsense (etc) |
- fancy GUI
- lots of examples
- firewall/ DHCP/ DNS all in one place
|
- not wire speed - can't do 10 GBit routing in SW
|
Personally I'm still using the L2 switch with OPNsense, as this was the way I had it setup before i acquired the ICX. It was easy to drop in the new switch and change some vlan tags, add some 10 Git DACs for servers and I'm off running. I have considered switching, but the DHCP sever challenge is my biggest hangup. I don't really want another box to "break the internet".
I don't know why your previous attempt didn't work, but it definitely can, and there are lot of working setups that do it that way.
