Drag to reposition cover

Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

tubs-ffm

Active Member
Sep 1, 2013
197
66
28
Hopefully the 60mm will help with the case closed,
Yes. My ASIC temperature with two modified exhaust fans and the Sunon MF60101V3-1000U-A99 on top of the ASIC was between 66 and 76 °C, depending on the ambient temperature.

I also toyed with the idea of an intake fan on the side vent. With these lower powered fans, seems like it'd be okay to run 3 off the one header.
Before you do a radical tuning and cut the case, I would start to cut out the "holes" in front of the exhaust fans. There is more metal sheet instead of hole. For safety and good locking fix a metal net from inside.
 
  • Like
Reactions: WampaCow

Roelf Zomerman

Active Member
Jan 10, 2019
149
28
28
blog.azureinfra.com
I was wondering if there is a technique in the ICX platform that allows me to intercept all DNS traffic from clients and redirect it on the switch itself..

I'm trying out Anycast on Windows Domain Controllers (blog.azureinfra.com) - and was wondering if there was a way to essentially force the clients (by the switch) to use a specific IP address for DNS resolving.. (and yes.. I also need to post on how to perform the BGP routes on the 6450 directly rather than the Juniper)....

so in short.. even if a client has 172.16.5.1 configured as their DNS server - I want the Brocade to intercept all this traffic and point it straight to 51.51.51.51 - my configured anycast IP
 

mfolnovic

New Member
Jun 7, 2021
6
2
3
My network consists of devices connected to 6450, which is connected to pfsense, which is then connected to modem (192.168.1.1).
I've setup inter-vlan routing on switch by following https://forums.servethehome.com/index.php?threads/layer-3-switch-w-pfsense.23236/.

For some reason, my ISP forces me to connected IPTV receivers directly to modem. But, I only have one ethernet port in living room. So my end goal is to have IPTV receiver and TV connected to a USW Flex Mini in living room, that's connected to 6450, if that's possible.

My idea was to have new VLAN 100, and all traffic on that VLAN would be routed directly to modem (not through pfsense). I didn't setup VLAN 100 on pfsense - should I?

At the moment, I have:
- pfsense connected to port 1
- modem connected to port 47
- Flex Mini in living room connected to port 24:
- port 1 is on VLAN70 - TV connected to it
- port 2 is on VLAN100 - laptop connected to it

I also tried to simplify things by connecting living room to port 43, which has untagged VLAN100.

In both scenarios, I can't get IP address from DHCP server. I've tried to play with static routes but couldn't make it work.
While diagnosing this, I've realised that as soon as I add ve 100, I can't ping modem (192.168.1.1).

Any ideas? Thanks in advance! :)

Here's my configuration:
Code:
ver 08.0.30tT313
!
stack unit 1
  module 1 icx6450-48p-poe-port-management-module
  module 2 icx6450-sfp-plus-4port-40g-module
!
!
!
!
vlan 1 name DEFAULT-VLAN by port
router-interface ve 1
!
vlan 30 name Trusted by port
tagged ethe 1/1/1 to 1/1/2 ethe 1/1/7 to 1/1/24
router-interface ve 30
!
vlan 40 name Management by port
tagged ethe 1/1/1 to 1/1/2 ethe 1/1/7 to 1/1/24
untagged ethe 1/1/3 to 1/1/4
router-interface ve 40
!
vlan 70 name IOT by port
tagged ethe 1/1/1 to 1/1/2 ethe 1/1/7 to 1/1/24
router-interface ve 70
!
vlan 100 name IPTV by port
tagged ethe 1/1/13 to 1/1/24 ethe 1/1/47
untagged ethe 1/1/43
router-interface ve 100
!
vlan 300 by port
tagged ethe 1/1/1 to 1/1/2
router-interface ve 300
!
!
!
!
!
aaa authentication web-server default local
aaa authentication enable default local
aaa authentication login default local
enable telnet authentication
hostname icx6450
ip route 0.0.0.0/0 172.26.1.1
!
username root password .....
!
!
!
!
!
interface ve 1
ip address 192.168.2.1 255.255.255.0
!
interface ve 30
ip address 192.168.30.2 255.255.255.0
!
interface ve 40
ip address 192.168.40.2 255.255.255.0
!
interface ve 70
ip address 192.168.70.2 255.255.255.0
!
interface ve 100
ip address 192.168.1.253 255.255.255.0
ip helper-address 1 192.168.1.1
!
interface ve 300
ip address 172.26.1.2 255.255.255.0
And also show ip route:

Code:
Total number of IP routes: 9
Type Codes - B:BGP D:Connected O:OSPF R:RIP S:Static; Cost - Dist/Metric
BGP  Codes - i:iBGP e:eBGP
OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2
        Destination        Gateway         Port          Cost          Type Uptime
1       0.0.0.0/0          172.26.1.1      ve 300        1/1           S    1h55m
2       172.26.1.0/24      DIRECT          ve 300        0/0           D    7d2h
3       192.168.1.0/24     DIRECT          ve 100        0/0           D    1h47m
4       192.168.20.0/24    DIRECT          ve 20         0/0           D    7d2h
5       192.168.30.0/24    DIRECT          ve 30         0/0           D    7d2h
6       192.168.40.0/24    DIRECT          ve 40         0/0           D    7d2h
7       192.168.70.0/24    DIRECT          ve 70         0/0           D    7d2h
8       192.168.80.0/24    DIRECT          ve 80         0/0           D    7d2h
9       192.168.90.0/24    DIRECT          ve 90         0/0           D    7d2h
 

Drewy

Active Member
Apr 23, 2016
208
56
28
55
Before you do a radical tuning and cut the case, I would start to cut out the "holes" in front of the exhaust fans. There is more metal sheet instead of hole. For safety and good locking fix a metal net from inside.
I’ve done this to my pair of 7250’s and while I think it makes (marginal) improvements in temps, it doesn’t (to my old ears) make much if any difference to the noise. To be honest I think it makes it worse

obviously your mileage and ears will vary.
 
  • Like
Reactions: noduck

covfefe

New Member
Jan 9, 2022
4
0
1
Could someone help me understand what I am doing wrong? Just got an ICX7250, and tried to follow the guide to enable the license, but failed.
It seems I'm missing an easy step, as the `enable` is not working

Code:
ICX7250-24 Switch#enable
Incomplete command.

ICX7250-24 Switch#license install perpetual 1 8x10g
Invalid input -> install perpetual 1 8x10g
Type ? for a list

ICX7250-24 Switch#conf t
ICX7250-24 Switch(config)#enable
Incomplete command.

ICX7250-24 Switch(config)#license install perpetual 1 8x10g
Invalid input -> license install perpetual 1 8x10g
Type ? for a list

ICX7250-24 Switch(config)#show license
Index  Lic Mode    Lic Name        Lid/Serial No Lic Type  Status   Lic Period  Lic Capacity  
Stack unit 1:
1    Node Lock    ICX7250-10G-LIC-POD  fwjxxxxxxxFOO  Normal   Active   Unlimited     2
ICX7250-24 Switch(config)#

ICX7250-24 Switch#show version
  Copyright (c) 2017 Ruckus Wireless, Inc. All rights reserved.
    UNIT 1: compiled on Nov 28 2018 at 10:32:45 labeled as SPS08070d
      (25707496 bytes) from Primary SPS08070d.bin
        SW: Version 08.0.70dT211
      Compressed Boot-Monitor Image size = 786944, Version:10.1.14T215 (spz10114)
       Compiled on Thu Nov 15 07:39:58 2018

  HW: Stackable ICX7250-24
==========================================================================
UNIT 1: SL 1: ICX7250-24 24-port Management Module
      Serial  #:DUxxxxxxx99
      License: BASE_SOFT_PACKAGE   (LID: fwxxxxxxFOO)
      P-ASIC  0: type B344, rev 01  Chip BCM56344_A0
==========================================================================
UNIT 1: SL 2: ICX7250-SFP-Plus 8-port 80G Module
==========================================================================
1000 MHz ARM processor ARMv7 88 MHz bus
8192 KB boot flash memory
2048 MB code flash memory
2048 MB DRAM
STACKID 1  system uptime is 2 minute(s) 18 second(s)
The system started at 06:20:59 GMT+00 Tue Feb 08 2022

The system : started=cold start                                  
2:48
 
Last edited:

fohdeesha

Kaini Industries
Nov 20, 2016
2,874
3,373
113
34
fohdeesha.com
Could someone help me understand what I am doing wrong? Just got an ICX7250, and tried to follow the guide to enable the license, but failed.
It seems I'm missing an easy step, as the `enable` is not working

Code:
ICX7250-24 Switch#enable
Incomplete command.

ICX7250-24 Switch#license install perpetual 1 8x10g
Invalid input -> install perpetual 1 8x10g
Type ? for a list

ICX7250-24 Switch#conf t
ICX7250-24 Switch(config)#enable
Incomplete command.

ICX7250-24 Switch(config)#license install perpetual 1 8x10g
Invalid input -> license install perpetual 1 8x10g
Type ? for a list

ICX7250-24 Switch(config)#show license
Index  Lic Mode    Lic Name        Lid/Serial No Lic Type  Status   Lic Period  Lic Capacity 
Stack unit 1:
1    Node Lock    ICX7250-10G-LIC-POD  fwjxxxxxxxFOO  Normal   Active   Unlimited     2
ICX7250-24 Switch(config)#

ICX7250-24 Switch#show version
  Copyright (c) 2017 Ruckus Wireless, Inc. All rights reserved.
    UNIT 1: compiled on Nov 28 2018 at 10:32:45 labeled as SPS08070d
      (25707496 bytes) from Primary SPS08070d.bin
        SW: Version 08.0.70dT211
      Compressed Boot-Monitor Image size = 786944, Version:10.1.14T215 (spz10114)
       Compiled on Thu Nov 15 07:39:58 2018

  HW: Stackable ICX7250-24
==========================================================================
UNIT 1: SL 1: ICX7250-24 24-port Management Module
      Serial  #:DUxxxxxxx99
      License: BASE_SOFT_PACKAGE   (LID: fwxxxxxxFOO)
      P-ASIC  0: type B344, rev 01  Chip BCM56344_A0
==========================================================================
UNIT 1: SL 2: ICX7250-SFP-Plus 8-port 80G Module
==========================================================================
1000 MHz ARM processor ARMv7 88 MHz bus
8192 KB boot flash memory
2048 MB code flash memory
2048 MB DRAM
STACKID 1  system uptime is 2 minute(s) 18 second(s)
The system started at 06:20:59 GMT+00 Tue Feb 08 2022

The system : started=cold start                                 
2:48
the part you're doing wrong is skipping the entire configuration guide, which the license page you're trying to follow says at the top should be followed first. also enable command isn't working because you were already at the enable level prompt when running it
 

fohdeesha

Kaini Industries
Nov 20, 2016
2,874
3,373
113
34
fohdeesha.com
I was wondering if there is a technique in the ICX platform that allows me to intercept all DNS traffic from clients and redirect it on the switch itself..

I'm trying out Anycast on Windows Domain Controllers (blog.azureinfra.com) - and was wondering if there was a way to essentially force the clients (by the switch) to use a specific IP address for DNS resolving.. (and yes.. I also need to post on how to perform the BGP routes on the 6450 directly rather than the Juniper)....

so in short.. even if a client has 172.16.5.1 configured as their DNS server - I want the Brocade to intercept all this traffic and point it straight to 51.51.51.51 - my configured anycast IP
that would be NAT, which L3 switches don't do. also the 6450 does not support bgp
 

vfxer

New Member
Feb 2, 2022
3
1
3
I just downloaded latest FI 09.0.10 for icx7150-c12p. Just curious what is the difference between SPR09010ufi.bin and SPS09010ufi.bin? Notice there is SPR vs SPS. Based the doc from ICX7150 - Fohdeesha Docs, I should be using SPR version yeah?
 

Rain

Active Member
May 13, 2013
279
125
43
I just downloaded latest FI 09.0.10 for icx7150-c12p. Just curious what is the difference between SPR09010ufi.bin and SPS09010ufi.bin? Notice there is SPR vs SPS. Based the doc from ICX7150 - Fohdeesha Docs, I should be using SPR version yeah?
SPR is the routing firmware (with L3 routing features, ect). SPS is the "basic" switch firmware. The routing firmware can do everything the switching firmware can do and more. If you don't need SPS for some specific reason, just go with SPR.
 
  • Like
Reactions: gseeley

mfolnovic

New Member
Jun 7, 2021
6
2
3
My network consists of devices connected to 6450, which is connected to pfsense, which is then connected to modem (192.168.1.1).
I've setup inter-vlan routing on switch by following https://forums.servethehome.com/index.php?threads/layer-3-switch-w-pfsense.23236/.

For some reason, my ISP forces me to connected IPTV receivers directly to modem. But, I only have one ethernet port in living room. So my end goal is to have IPTV receiver and TV connected to a USW Flex Mini in living room, that's connected to 6450, if that's possible.

My idea was to have new VLAN 100, and all traffic on that VLAN would be routed directly to modem (not through pfsense). I didn't setup VLAN 100 on pfsense - should I?

At the moment, I have:
- pfsense connected to port 1
- modem connected to port 47
- Flex Mini in living room connected to port 24:
- port 1 is on VLAN70 - TV connected to it
- port 2 is on VLAN100 - laptop connected to it

I also tried to simplify things by connecting living room to port 43, which has untagged VLAN100.

In both scenarios, I can't get IP address from DHCP server. I've tried to play with static routes but couldn't make it work.
While diagnosing this, I've realised that as soon as I add ve 100, I can't ping modem (192.168.1.1).

Any ideas? Thanks in advance! :)

Here's my configuration:
Code:
ver 08.0.30tT313
!
stack unit 1
  module 1 icx6450-48p-poe-port-management-module
  module 2 icx6450-sfp-plus-4port-40g-module
!
!
!
!
vlan 1 name DEFAULT-VLAN by port
router-interface ve 1
!
vlan 30 name Trusted by port
tagged ethe 1/1/1 to 1/1/2 ethe 1/1/7 to 1/1/24
router-interface ve 30
!
vlan 40 name Management by port
tagged ethe 1/1/1 to 1/1/2 ethe 1/1/7 to 1/1/24
untagged ethe 1/1/3 to 1/1/4
router-interface ve 40
!
vlan 70 name IOT by port
tagged ethe 1/1/1 to 1/1/2 ethe 1/1/7 to 1/1/24
router-interface ve 70
!
vlan 100 name IPTV by port
tagged ethe 1/1/13 to 1/1/24 ethe 1/1/47
untagged ethe 1/1/43
router-interface ve 100
!
vlan 300 by port
tagged ethe 1/1/1 to 1/1/2
router-interface ve 300
!
!
!
!
!
aaa authentication web-server default local
aaa authentication enable default local
aaa authentication login default local
enable telnet authentication
hostname icx6450
ip route 0.0.0.0/0 172.26.1.1
!
username root password .....
!
!
!
!
!
interface ve 1
ip address 192.168.2.1 255.255.255.0
!
interface ve 30
ip address 192.168.30.2 255.255.255.0
!
interface ve 40
ip address 192.168.40.2 255.255.255.0
!
interface ve 70
ip address 192.168.70.2 255.255.255.0
!
interface ve 100
ip address 192.168.1.253 255.255.255.0
ip helper-address 1 192.168.1.1
!
interface ve 300
ip address 172.26.1.2 255.255.255.0
And also show ip route:

Code:
Total number of IP routes: 9
Type Codes - B:BGP D:Connected O:OSPF R:RIP S:Static; Cost - Dist/Metric
BGP  Codes - i:iBGP e:eBGP
OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2
        Destination        Gateway         Port          Cost          Type Uptime
1       0.0.0.0/0          172.26.1.1      ve 300        1/1           S    1h55m
2       172.26.1.0/24      DIRECT          ve 300        0/0           D    7d2h
3       192.168.1.0/24     DIRECT          ve 100        0/0           D    1h47m
4       192.168.20.0/24    DIRECT          ve 20         0/0           D    7d2h
5       192.168.30.0/24    DIRECT          ve 30         0/0           D    7d2h
6       192.168.40.0/24    DIRECT          ve 40         0/0           D    7d2h
7       192.168.70.0/24    DIRECT          ve 70         0/0           D    7d2h
8       192.168.80.0/24    DIRECT          ve 80         0/0           D    7d2h
9       192.168.90.0/24    DIRECT          ve 90         0/0           D    7d2h
After good night sleep, I've added:

Code:
interface ethernet 1/1/47
dual-mode  100
!
And all I said above is working now.

I'm quite new at this, so my thought process was this. Packages directly from switch won't be tagged, and it needs to reach modem (192.168.1.1) because of udp helper. ip route says those packages should go through ve 100, whose uplink (port 47) until now only accepted packages tagged with vlan100 (but not untagged packages).

The only problem I have now is I can't reach modem from other vlans, but that'll probably be fixed after another good night sleep. If someone sees obvious mistake I did, please tell. :)

I'm trying this from device on vlan30, and I've updated it with:

Code:
vlan 30 name Trusted by port
tagged ethe 1/1/1 to 1/1/2 ethe 1/1/7 to 1/1/24 ethe 1/1/47
router-interface ve 30
So that port 47 accepts packages tagged with vlan30.
 

Didomir

New Member
Oct 13, 2019
4
0
1
51
I was wondering how the price/performance ratio looks like in 2022 ? I was looking to buy 7250/7450/6450/6610 24P models, however prices seems to be high. I'll need a pair of 24P in Q3/22 - Q1/22 shall I wait for good price of 7250/7450 (price and noise are in consideration) or I can go with 6610/6450 (8080vs8030) ?
Do someone have audio/video comparing noise from 6610/7450/6450/7250 24P models ? I'm trying to decide which switch will provide best price/performance/features ratio and for now I'm steering to 6610 but can figure out how noisier will be compared to the others...
 

Wolfcastle

Member
Jan 3, 2022
55
30
18
Do someone have audio/video comparing noise from 6610/7450/6450/7250 24P models ? I'm trying to decide which switch will provide best price/performance/features ratio and for now I'm steering to 6610 but can figure out how noisier will be compared to the others...
6610 and 7450 24P both are the same fans/power supplies and quite loud. Power supply revision makes no difference to my ears. Can’t speak to the other models but anything that has Delta 40mm 23k RPM fans will be loud.
 
  • Like
Reactions: Didomir

paxswill

New Member
Jul 12, 2019
2
0
1
So, I recently switched from my Brocade switch to a Cisco one. I was having problems mostly with multicast, mDNS/Bonjour stuff specifically. I would have Google Homes or Chromecasts not showing up in lists to cast to, light switches which wouldn't turn on and off, Airprint printers which would show up sometimes and then not others, and other weird behavior I otherwise couldn't explain. It was not all the time, and sometimes it worked fine.

Initially, I thought this was a result of how Brocade had implemented PIM, as I had phones and PCs in a separate L2 segment. For science, I merged all of my devices into the same vlan and the problem persisted. I tried turning PIM off and just used IGMP. I tried using Ubiquiti, Aruba and finally Cisco APs as I thought maybe one brand or another's WiFi would solve the problem with their various multicast features. The same weird behavior still existed no matter the vendor. Aruba and Cisco worked better and was more stable than Ubiquiti, but that is probably a result of tunneling/CAPWAPing the traffic to a controller, so the MAC addresses of all of the various devices were literally on the same port on the switch, However, if I ran them in Flexconnect or Bridging mode, the multicast behavior was just as unreliable as the Ubiquiti deployment. I even thought my Android phone's IP stack was just hokey (I was having other problems, too. Bluetooth and Wifi calling never worked reliably, as an example), so I switched to an iPhone. Problems persisted.
Were you using 09.0.00 or later for this? There's a poorly documented change (and possibly a bug) in multicast behavior starting with 09.0.00. From what I can tell, previous versions would by default flood unregistered multicast packets, while 09.0.00 and 09.0.10 default to the opposite. The only documentation I found for this was in the list of new and deprecated commands, where ip multicast disable-flooding has been deprecated, and there's a new ip multicast flood-unregistered command (with corresponding changes for the ipv6 commands as well).

Running the new command fixed a bunch of weird multicast issues I was having that I'm pretty sure boiled down to the new default being the opposite of the old default (which is also the default for other devices I've used so far).
 

brob

New Member
Feb 3, 2021
3
0
1
Hi

I am having issues with my ICX6450, I have 5 of these in a stack, and I have STP and dynamic arp inspection enabled. I have been getting constant ARP inspection failures and STP Blocking coming up. I have this happening on multiple ports, anywhere from every 10 mins to every hour on the same port. this is not happening to every port, just seems like certain ones. the ports this is happening to are on different VLAN's as well, mostly VLAN 2 and some VLAN 6. but most of the computers are on VLAN 2 and they are connected to just single computers.


2022-02-09 09:17:45 User.Info 192.168.1.1 Feb 9 09:17:45 STP: VLAN 2 Port 2/1/31 STP State -> FORWARDING (PortDown)
2022-02-09 09:17:45 User.Info 192.168.1.1 Feb 9 09:17:45 STP: VLAN 2 Port 2/1/31 STP State -> BLOCKING (DOT1wTransition)
2022-02-09 09:17:45 User.Info 192.168.1.1 Feb 9 09:17:45 STP: VLAN 2 Port 2/1/31 STP State -> DISABLED (PortDown)
2022-02-09 09:17:45 User.Info 192.168.1.1 Feb 9 09:17:45 System: Interface ethernet 2/1/31, state down
2022-02-09 09:17:47 User.Info 192.168.1.1 Feb 9 09:17:47 STP: VLAN 2 Port 2/1/31 STP State -> BLOCKING (DOT1wTransition)
2022-02-09 09:17:47 User.Info 192.168.1.1 Feb 9 09:17:47 System: Interface ethernet 2/1/31, state up
2022-02-09 09:17:52 User.Info 192.168.1.1 Feb 9 09:17:52 STP: VLAN 2 Port 2/1/31 STP State -> LEARNING (DOT1wTransition)
2022-02-09 09:17:52 User.Info 192.168.1.1 Feb 9 09:17:52 STP: VLAN 2 Port 2/1/31 STP State -> FORWARDING (DOT1wTransition)
2022-02-09 09:18:18 User.Info 192.168.1.1 Feb 9 09:18:18 STP: VLAN 2 Port 2/1/31 STP State -> FORWARDING (PortDown)
2022-02-09 09:18:18 User.Info 192.168.1.1 Feb 9 09:18:18 STP: VLAN 2 Port 2/1/31 STP State -> BLOCKING (DOT1wTransition)
2022-02-09 09:18:18 User.Info 192.168.1.1 Feb 9 09:18:18 STP: VLAN 2 Port 2/1/31 STP State -> DISABLED (PortDown)
2022-02-09 09:18:18 User.Info 192.168.1.1 Feb 9 09:18:18 System: Interface ethernet 2/1/31, state down
2022-02-09 09:18:20 User.Info 192.168.1.1 Feb 9 09:18:20 STP: VLAN 2 Port 2/1/31 STP State -> BLOCKING (DOT1wTransition)
2022-02-09 09:18:20 User.Info 192.168.1.1 Feb 9 09:18:20 System: Interface ethernet 2/1/31, state up
2022-02-09 09:18:25 User.Info 192.168.1.1 Feb 9 09:18:25 STP: VLAN 2 Port 2/1/31 STP State -> LEARNING (DOT1wTransition)
2022-02-09 09:18:25 User.Info 192.168.1.1 Feb 9 09:18:25 STP: VLAN 2 Port 2/1/31 STP State -> FORWARDING (DOT1wTransition)

I also have ARP inspection failures as below. it picks up on the DHCP and maps it, but still shows inspection failure. and they have the same mac address

2022-02-09 08:21:46 User.Info 192.168.1.1 Feb 9 08:21:47 DHCP: snooping on trusted port 2/2/2, type 5, VRF 0, 192.168.1.36->e04f.43e8.****
2022-02-09 08:21:46 User.Info 192.168.1.1 Feb 9 08:21:47 DHCP: snooping mapped to outgoing port 3/1/7 Interface v2 vlan 2 VRF 0
2022-02-09 08:21:47 User.Info 192.168.1.1 Feb 9 08:21:47 ARP: inspection failure, invalid src ip 0.0.0.0, (L2 src mac e04f.43e8.****, port 3/1/7)
2022-02-09 08:21:48 User.Info 192.168.1.1 Feb 9 08:21:48 ARP: inspection failure, invalid src ip 0.0.0.0, (L2 src mac e04f.43e8.****, port 3/1/7)
2022-02-09 08:21:49 User.Info 192.168.1.1 Feb 9 08:21:49 ARP: inspection failure, invalid src ip 0.0.0.0, (L2 src mac e04f.43e8.****, port 3/1/7)

Any help on what would be causing this would be appreciated

Thanks



Code:
ver 08.0.30uT313
!
stack unit 1
  module 1 icx6450-48p-poe-port-management-module
  module 2 icx6450-sfp-plus-4port-40g-module
  priority 128
  stack-port 1/2/1 1/2/3
stack unit 2
  module 1 icx6450-48p-poe-port-management-module
  module 2 icx6450-sfp-plus-4port-40g-module
  priority 128
  stack-port 2/2/1 2/2/3
stack unit 3
  module 1 icx6450-48p-poe-port-management-module
  module 2 icx6450-sfp-plus-4port-40g-module
  priority 62
  stack-port 3/2/1 3/2/3
stack unit 4
  module 1 icx6450-48p-poe-port-management-module
  module 2 icx6450-sfp-plus-4port-40g-module
  stack-port 4/2/1 4/2/3
stack unit 5
  module 1 icx6450-48p-poe-port-management-module
  module 2 icx6450-sfp-plus-4port-40g-module
  stack-port 5/2/1 5/2/3
stack enable
stack mac ****.****.****
!
global-stp
!
!
!
vlan 1 name DEFAULT-VLAN by port
spanning-tree
!
vlan 2 name RM by port
tagged ethe 1/1/15 ethe 1/1/30 ethe 1/1/32 ethe 1/1/45 ethe 1/2/2 ethe 2/1/38 ethe 2/2/2 ethe 3/1/26 ethe 3/1/34 ethe 5/1/5 to 5/1/6
untagged ethe 1/1/1 to 1/1/4 ethe 1/1/6 to 1/1/14 ethe 1/1/16 to 1/1/29 ethe 1/1/31 ethe 1/1/33 ethe 1/1/35 ethe 1/1/37 ethe 1/1/40 ethe 1/1/42 ethe 2/1/1 to 2/1/7 ethe 2/1/9 ethe 2/1/11 to 2/1/16 ethe 2/1/18 ethe 2/1/21 ethe 2/1/23 ethe 2/1/25 to 2/1/26 ethe 2/1/28 to 2/1/32 ethe 2/1/34 to 2/1/37 ethe 2/1/39 to 2/1/46 ethe 3/1/1 ethe 3/1/3 to 3/1/7 ethe 3/1/9 to 3/1/17 ethe 3/1/19 ethe 3/1/23 ethe 3/1/25 ethe 3/1/28 to 3/1/32 ethe 3/1/35 to 3/1/36 ethe 3/1/38 ethe 3/1/40 to 3/1/44 ethe 3/1/46 to 3/1/47 ethe 4/1/1 to 4/1/47 ethe 5/1/2 to 5/1/4 ethe 5/1/9 to 5/1/10 ethe 5/1/13 ethe 5/1/16 to 5/1/18 ethe 5/1/22 to 5/1/23 ethe 5/1/26 ethe 5/1/28 ethe 5/1/30 ethe 5/1/32 ethe 5/1/34 ethe 5/1/36 to 5/1/48
router-interface ve 2
spanning-tree 802-1w
spanning-tree 802-1w priority 1
!
vlan 3 name WAN by port
tagged ethe 1/1/48
router-interface ve 3
!
vlan 4 name E2 by port
tagged ethe 1/1/30
untagged ethe 1/1/34 ethe 2/1/10 ethe 2/1/19 ethe 3/1/8 ethe 3/1/21 ethe 5/1/14 to 5/1/15
router-interface ve 4
!
vlan 5 name secure by port
tagged ethe 1/1/30
untagged ethe 2/1/8
router-interface ve 5
!
vlan 6 name CR by port
tagged ethe 1/1/30 ethe 1/2/2 ethe 2/2/2
untagged ethe 1/1/5 ethe 1/1/36 ethe 1/1/38 to 1/1/39 ethe 2/1/17 ethe 2/1/27 ethe 2/1/33 ethe 2/1/47 to 2/1/48 ethe 3/1/33 ethe 3/1/37 ethe 3/1/39 ethe 3/1/45 ethe 5/1/11 to 5/1/12 ethe 5/1/21
router-interface ve 6
spanning-tree
!
vlan 15 name management by port
tagged ethe 1/1/15 ethe 1/1/30 ethe 1/1/32 ethe 1/1/45 ethe 1/2/2 ethe 2/1/38 ethe 2/2/2 ethe 3/1/26 ethe 3/1/34 ethe 5/1/5 to 5/1/6
untagged ethe 1/1/41 ethe 1/1/43 to 1/1/44 ethe 2/1/20 ethe 2/1/22 ethe 2/1/24 ethe 3/1/18 ethe 3/1/20 ethe 3/1/22 ethe 3/1/24 ethe 3/1/48 ethe 4/1/48 ethe 5/1/7 to 5/1/8 ethe 5/1/19 to 5/1/20
router-interface ve 15
!
vlan 20 name Brents by port
tagged ethe 1/1/15 ethe 1/1/30 ethe 1/1/32 ethe 1/1/45 ethe 2/1/38 ethe 3/1/26 ethe 3/1/34 ethe 5/1/5 to 5/1/6
untagged ethe 1/1/47
spanning-tree 802-1w
!
vlan 50 name guest by port
tagged ethe 1/1/15 ethe 1/1/30 ethe 1/1/32 ethe 1/1/45 ethe 1/1/48 ethe 2/1/38 ethe 3/1/26 ethe 3/1/34 ethe 5/1/5 to 5/1/6
spanning-tree 802-1w
spanning-tree 802-1w priority 1
!
vlan 100 name voice by port
tagged ethe 1/1/30 ethe 1/1/46 ethe 1/2/2 ethe 2/2/2
untagged ethe 3/1/2 ethe 3/1/27 ethe 5/1/1 ethe 5/1/24 to 5/1/25 ethe 5/1/27 ethe 5/1/29 ethe 5/1/31 ethe 5/1/33 ethe 5/1/35
!
!
!
!
!
optical-monitor
aaa authentication web-server default local
aaa authentication enable default local
aaa authentication login default local
enable aaa console
enable acl-per-port-per-vlan
ip arp inspection vlan 2
ip arp inspection vlan 5
ip arp inspection vlan 15
ip dhcp snooping vlan 2
ip dhcp snooping vlan 4
ip dhcp snooping vlan 5
ip dhcp snooping vlan 6
ip dhcp snooping vlan 15
ip dhcp-client disable
ip dhcp-server enable
ip dns server-address 192.168.1.110 192.168.3.1 8.8.8.8
ip route 0.0.0.0/0 192.168.3.1
!
logging host 192.168.1.5
no telnet server
username root password .....

!
!
clock timezone gmt GMT-06
!
!
ntp
server 192.168.1.110
!
!
web-management frame bottom
web-management page-menu
hitless-failover enable

interface ve 2
ip access-group RM in
ip address 192.168.1.1 255.255.255.0
!
interface ve 3
ip address 192.168.3.2 255.255.255.0
!
interface ve 4
ip access-group E2 in
ip address 192.168.4.1 255.255.255.0
ip helper-address 1 192.168.1.110
!
interface ve 5
ip access-group secure in
ip address 192.168.5.1 255.255.255.0
ip helper-address 1 192.168.1.110
!
interface ve 6
ip access-group CR in
ip address 172.18.1.254 255.255.255.0
ip helper-address 1 192.168.1.110
!
interface ve 15
ip address 192.168.15.1 255.255.255.0
ip helper-address 1 192.168.1.110
source-guard enable e 1/1/41
source-guard enable e 2/1/20
source-guard enable e 2/1/22
source-guard enable e 2/1/24
source-guard enable e 3/1/18
source-guard enable e 3/1/20
source-guard enable e 3/1/22
source-guard enable e 3/1/24
source-guard enable e 4/1/48
source-guard enable e 5/1/7
source-guard enable e 5/1/8
!


!
 

LodeRunner

Active Member
Apr 27, 2019
553
235
43