Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

[iotapi322]

That'd depend on the modem, here's the SB8200 config, looks like it's LACP.

You'd want to tag your 10g port as well, something like
vlan 10
tag eth 1/3/1

That would get your WAN link online for PFsense. It looks like your LAN is untagged, are you intending to have the WAN/LAN share the same 10g port?

Yes, that's the plan... so the ix0 interface should do all the LAN port stuff and ix0.10 should do all the WAN stuff.

SSH@switchpoe(config)#show vlan
Total PORT-VLAN entries: 2
Maximum PORT-VLAN entries: 64

Legend: [Stk=Stack-Id, S=Slot]

PORT-VLAN 1, Name DEFAULT-VLAN, Priority level0, Spanning tree Off
 Untagged Ports: (U1/M1)   1   2   3   4   5   6   7   8   9  10  11  12
 Untagged Ports: (U1/M1)  13  14  15  16  17  18  19  20  21  22  23  24
 Untagged Ports: (U1/M1)  25  26  27  28  29  30  31  32  33  34  35  36
 Untagged Ports: (U1/M1)  37  38  39  40  41  42  43  44  45  46
 Untagged Ports: (U1/M2)   1   2   3
   Tagged Ports: None
   Uplink Ports: None
 DualMode Ports: (U1/M2)   4
 Mac-Vlan Ports: None
     Monitoring: Disabled

PORT-VLAN 10, Name CM_WAN, Priority level0, Spanning tree Off
 Untagged Ports: (U1/M1)  47  48
   Tagged Ports: (U1/M2)   4
   Uplink Ports: None
 DualMode Ports: None
 Mac-Vlan Ports: None
     Monitoring: Disabled

 

[gsrfan01]

so the ix0 interface should do all the LAN port stuff and ix0.10 should do all the WAN stuff.

I had the dual-mode config typed out but noticed you have that already. They looks like it should probably be working.

 

[iotapi322]

Ok I Finally got it working....
A lot of fickle stuff going on here. I DID in fact have to use dynamic lag not static and I had to reboot the modem and restart pfsense lots of times. Also had a lot of problems getting DNS working for some crazy reason... very strange. I haven't turned on any buffer bloat settings. I've been using IPFIRE as my firewall router, but i'm going to play around with pfsense to see if they fixed their QoS controls.

 

[gsrfan01]

Ok I Finally got it working....
A lot of fickle stuff going on here. I DID in fact have to use dynamic lag not static and I had to reboot the modem and restart pfsense lots of times. Also had a lot of problems getting DNS working for some crazy reason... very strange. I haven't turned on any buffer bloat settings. I've been using IPFIRE as my firewall router, but i'm going to play around with pfsense to see if they fixed their QoS controls.

Rebooting a bunch makes sense, I know my modem won't hand out an IP to another MAC address without a reboot.

For what it's worth, I think OPNsense is a bit better virtualized and you can get various tools like XCP-NG's and VMware's as packages. Might be worth looking into if you're not sold on PFsense.

The DNS bit is strange, can't say I've seen that before.

 

[pktrab]

This is probably a stupid question, but will the ICX6450 do BGP v4 & v6, and sustain a full table?

 

[gsrfan01]

This is probably a stupid question, but will the ICX6450 do BGP v4 & v6, and sustain a full table?

Based on the breakdown of the switches, it looks like you need the ICX6610 to do BGP.