Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

fohdeesha · Jan 4, 2023

Code:

SSH@switch-garage-rack-2>show ip int
Interface           IP-Address      OK?  Method    Status             Protocol   VRF
Eth mgmt1           172.16.0.13     YES  NVRAM     up                 up         default-vrf
SSH@switch-garage-rack-2>show int ve 1
Error - ve 1 was not configured

There's a bit in here. Sorry in advance!

Code:

SSH@sw-core#show config
!
Startup-config data location is flash memory
!
Startup configuration:
!
ver 08.0.30uT7f3
!
stack unit 1
  module 1 icx6610-48p-poe-port-management-module
  module 2 icx6610-qsfp-10-port-160g-module
  module 3 icx6610-8-port-10g-dual-mode-module
stack disable
!
global-stp
!
!
lag LAG-SW-R2-TOR dynamic id 2
ports ethernet 1/3/5 to 1/3/6
primary-port 1/3/5
deploy
sflow forwarding ethernet 1/3/5
port-name SW-R2-TOR ethernet 1/3/5
sflow forwarding ethernet 1/3/6
port-name SW-R2-TOR ethernet 1/3/6
!
!
vlan 1 name DEFAULT-VLAN by port
router-interface ve 1
spanning-tree 802-1w
!
vlan 2 name VLAN-VIDEO by port
tagged ethe 1/1/1 to 1/1/2 ethe 1/2/7 to 1/2/10 ethe 1/3/1 to 1/3/8
untagged ethe 1/1/41 to 1/1/48
router-interface ve 2
!
vlan 3 name VLAN-VOIP by port
tagged ethe 1/1/1 to 1/1/2 ethe 1/2/7 to 1/2/10 ethe 1/3/1 to 1/3/8
router-interface ve 3
spanning-tree 802-1w
!
vlan 4 name VLAN-CORP-WIFI by port
tagged ethe 1/1/1 to 1/1/2 ethe 1/2/7 to 1/2/10 ethe 1/3/1 to 1/3/8
router-interface ve 4
spanning-tree 802-1w
!
vlan 5 name VLAN-GUEST by port
tagged ethe 1/1/1 to 1/1/2 ethe 1/2/7 to 1/2/10
router-interface ve 5
spanning-tree 802-1w
!
vlan 6 name VLAN-CORPORATE by port
tagged ethe 1/1/1 ethe 1/2/7 to 1/2/10 ethe 1/3/1 to 1/3/8
router-interface ve 6
spanning-tree 802-1w
!
vlan 7 name VLAN-DMZ-1 by port
tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8
router-interface ve 7
spanning-tree 802-1w
!
vlan 8 name VLAN-IOT by port
tagged ethe 1/1/1 to 1/1/2 ethe 1/2/7 to 1/2/10 ethe 1/3/1 to 1/3/8
untagged ethe 1/1/35
router-interface ve 8
spanning-tree 802-1w
!
vlan 9 name VLAN-KIDS-WIFI by port
tagged ethe 1/1/1 to 1/1/2 ethe 1/2/7 to 1/2/10 ethe 1/3/1 to 1/3/8
router-interface ve 9
spanning-tree 802-1w
!
vlan 10 name VLAN-NET-SVC by port
tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8
untagged ethe 1/1/4
router-interface ve 10
spanning-tree 802-1w
!
vlan 11 name VLAN-APT-CACHE by port
tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8
router-interface ve 11
spanning-tree 802-1w
!
vlan 20 name VLAN-APPS by port
tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8
router-interface ve 20
spanning-tree 802-1w
!
vlan 30 name VLAN-DEV by port
tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8
router-interface ve 30
spanning-tree 802-1w
!
vlan 71 name VLAN-ALEXA by port
tagged ethe 1/1/1 ethe 1/2/7 to 1/2/10 ethe 1/3/1 to 1/3/8
router-interface ve 71
spanning-tree 802-1w
!
vlan 72 name VLAN-SONOS by port
tagged ethe 1/1/1 ethe 1/2/7 to 1/2/10 ethe 1/3/1 to 1/3/8
router-interface ve 72
spanning-tree 802-1w
!
vlan 73 name VLAN-MAILBOX by port
tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8
router-interface ve 73
spanning-tree 802-1w
!
vlan 74 name VLAN-TV by port
tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8
router-interface ve 74
spanning-tree 802-1w
!
vlan 75 name VLAN-PLEX by port
tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8
router-interface ve 75
spanning-tree 802-1w
!
vlan 76 name VLAN-SYNCTHING by port
tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8
router-interface ve 76
spanning-tree 802-1w
!
vlan 77 name VLAN-GAMING by port
tagged ethe 1/1/1 ethe 1/2/2 ethe 1/2/4 to 1/2/10 ethe 1/3/1 to 1/3/8
untagged ethe 1/1/10
router-interface ve 77
spanning-tree 802-1w
!
vlan 78 name VLAN-LOGGING by port
tagged ethe 1/1/1 to 1/1/2 ethe 1/2/1 to 1/2/10 ethe 1/3/1 to 1/3/8
router-interface ve 78
spanning-tree 802-1w
!
vlan 81 name VLAN-NEST by port
tagged ethe 1/1/1 ethe 1/2/1 to 1/2/10 ethe 1/3/1 to 1/3/8
router-interface ve 81
spanning-tree 802-1w
!
vlan 82 name VLAN-ESP-HOME by port
tagged ethe 1/1/1 ethe 1/2/1 to 1/2/10 ethe 1/3/1 to 1/3/8
router-interface ve 82
spanning-tree 802-1w
!
vlan 83 name VLAN-XIAOMI by port
tagged ethe 1/1/1 ethe 1/2/1 to 1/2/10 ethe 1/3/1 to 1/3/8
router-interface ve 83
spanning-tree 802-1w
!
vlan 88 name VLAN-MIKROTIK by port
tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8
router-interface ve 88
spanning-tree 802-1w
!
vlan 95 name VLAN-BASTION by port
tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8
untagged ethe 1/1/8
router-interface ve 95
spanning-tree 802-1w
!
vlan 96 name VLAN-BACKUP by port
tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8
untagged ethe 1/1/6 ethe 1/1/12 ethe 1/1/16
router-interface ve 96
spanning-tree 802-1w
!
vlan 97 name VLAN-TRUENAS by port
tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8
router-interface ve 97
spanning-tree 802-1w
!
vlan 98 name VLAN-PROXMOX by port
tagged ethe 1/1/1 ethe 1/2/1 ethe 1/2/3 ethe 1/3/1 to 1/3/8
router-interface ve 98
spanning-tree 802-1w
!
vlan 99 name VLAN-IPMI by port
tagged ethe 1/1/1 ethe 1/2/1 ethe 1/2/3 ethe 1/3/1 to 1/3/2 ethe 1/3/8
untagged ethe 1/1/9 ethe 1/1/11 ethe 1/1/15
router-interface ve 99
spanning-tree 802-1w
!
vlan 100 name VLAN-STORAGE by port
tagged ethe 1/1/1 ethe 1/3/1 to 1/3/8
router-interface ve 100
spanning-tree 802-1w
!
vlan 202 name VLAN-HIKVISION by port
tagged ethe 1/3/1 to 1/3/8
spanning-tree 802-1w
!
!
!
!
!
system-max l3-vlan 64
system-max ip-route 4096
system-max ip-route-default-vrf 1024
system-max ip6-route-default-vrf 100
system-max ip-route-vrf 128
system-max ip6-route-vrf 64
system-max max-dhcp-snoop-entries 2048
!
aaa authentication web-server default local
aaa authentication login default local
jumbo
enable password-display
enable telnet authentication
enable aaa console
enable user password-masking
hostname sw-core
ip dhcp-client disable
ip dns domain-list kellgari.local
ip dns domain-list kellgari
ip dns server-address 10.0.1.1 10.0.10.10 10.0.10.20 1.1.1.1
ip forward-protocol udp 5353
ip forward-protocol udp bootps
ip proxy-arp
ip route 0.0.0.0/0 172.16.0.1
ip router-id 172.16.0.14
ip multicast query-interval 120
!
logging host 10.0.78.10
logging console
mirror-port ethernet 1/1/3
!
username root password 8 XXXXXXX
radius-server host 10.0.1.1 auth-port 1812 acct-port 1813 default key 2 XXXXXXX
cdp run
fdp run
snmp-server community 2 $JiYmJiY= ro
snmp-server community 2 $U2kyXj1k ro
!
!
clock timezone gmt GMT+10
!
!
ntp
disable serve
server 10.0.1.1
!
!
web-management https
ssh access-group 90
ip multicast-routing
!
router ospf
area 0
redistribute connected
!
!
!
!
!
!
router pim
bsr-candidate ethernet 1/1/1 30 255
!
!
interface ethernet 1/1/1
port-name ROUTER
dual-mode
sflow forwarding
!
interface ethernet 1/1/2
port-name AP-GARAGE
dual-mode
inline power
sflow forwarding
!
interface ethernet 1/1/3
port-name SRV-FIREWALL
sflow forwarding
!
interface ethernet 1/1/4
port-name PI-DHCP-1
dhcp snooping trust
inline power priority 1 power-by-class 4
sflow forwarding
!
interface ethernet 1/1/5
port-name PI-MONITORING-1
inline power
sflow forwarding
!
interface ethernet 1/1/6
port-name SW-R1-TOR-MANAGEMENT
sflow forwarding
!
interface ethernet 1/1/7
sflow forwarding
!
interface ethernet 1/1/8
port-name PI-BASTION-1
inline power
sflow forwarding
!
interface ethernet 1/1/9
port-name SRV-FIREWALL-IPMI
sflow forwarding
!
interface ethernet 1/1/10
port-name PC-GAMING
sflow forwarding
!
interface ethernet 1/1/11
port-name SRV-BACKUP-1-IPMI
sflow forwarding
!
interface ethernet 1/1/12
port-name SRV-BACKUP-1
sflow forwarding
!
interface ethernet 1/1/13
port-name PC-LOCAL-MGMT
sflow forwarding
!
interface ethernet 1/1/14
port-name PI-KVM-1
inline power priority 2 power-by-class 4
sflow forwarding
!
interface ethernet 1/1/15
port-name SRV-BACKUP-2-IPMI
sflow forwarding
!
interface ethernet 1/1/16
port-name SRV-BACKUP-2
sflow forwarding
!
interface ethernet 1/1/17
sflow forwarding
!
interface ethernet 1/1/18
sflow forwarding
!
interface ethernet 1/1/19
sflow forwarding
!
interface ethernet 1/1/20
sflow forwarding
!
interface ethernet 1/1/21
sflow forwarding
!
interface ethernet 1/1/22
sflow forwarding
!
interface ethernet 1/1/23
sflow forwarding
!
interface ethernet 1/1/24
sflow forwarding
!
interface ethernet 1/1/25
sflow forwarding
!
interface ethernet 1/1/26
sflow forwarding
!
interface ethernet 1/1/27
sflow forwarding
!
interface ethernet 1/1/28
sflow forwarding
!
interface ethernet 1/1/29
sflow forwarding
!
interface ethernet 1/1/30
sflow forwarding
!
interface ethernet 1/1/31
sflow forwarding
!
interface ethernet 1/1/32
sflow forwarding
!
interface ethernet 1/1/33
sflow forwarding
!
interface ethernet 1/1/34
sflow forwarding
!
interface ethernet 1/1/35
port-name TRADFRI
sflow forwarding
!
interface ethernet 1/1/36
sflow forwarding
!
interface ethernet 1/1/37
sflow forwarding
!
interface ethernet 1/1/38
sflow forwarding
!
interface ethernet 1/1/39
sflow forwarding
!
interface ethernet 1/1/40
sflow forwarding
!
interface ethernet 1/1/41
port-name CAM-1
inline power
sflow forwarding
!
interface ethernet 1/1/42
port-name CAM-2
inline power
sflow forwarding
!
interface ethernet 1/1/43
port-name CAM-3
inline power
sflow forwarding
!
interface ethernet 1/1/44
port-name CAM-4
inline power
sflow forwarding
!
interface ethernet 1/1/45
port-name CAM-5
inline power
sflow forwarding
!
interface ethernet 1/1/46
port-name CAM-6
inline power
sflow forwarding
!
interface ethernet 1/1/47
inline power
sflow forwarding
!
interface ethernet 1/1/48
inline power
sflow forwarding
!
interface ethernet 1/2/1
dual-mode
sflow forwarding
!
interface ethernet 1/2/2
sflow forwarding
!
interface ethernet 1/2/3
dual-mode
sflow forwarding
!
interface ethernet 1/2/4
sflow forwarding
!
interface ethernet 1/2/5
sflow forwarding
!
interface ethernet 1/2/6
sflow forwarding
!
interface ethernet 1/2/7
dual-mode
sflow forwarding
!
interface ethernet 1/2/8
port-name SW-LOUNGE
dual-mode
sflow forwarding
!
interface ethernet 1/2/9
port-name SW-OFFICE
dual-mode
sflow forwarding
!
interface ethernet 1/2/10
port-name SW-MASTER
dual-mode
sflow forwarding
!
interface ethernet 1/3/1
dual-mode
speed-duplex 10G-full
tag-profile enable
!
interface ethernet 1/3/2
dual-mode
speed-duplex 10G-full
tag-profile enable
!
interface ethernet 1/3/3
dual-mode
speed-duplex 10G-full
!
interface ethernet 1/3/4
dual-mode
disable
speed-duplex 10G-full
!
interface ethernet 1/3/5
port-name SW-R2-TOR
dual-mode
speed-duplex 10G-full
!
interface ethernet 1/3/7
dual-mode
speed-duplex 10G-full
!
interface ethernet 1/3/8
dual-mode
speed-duplex 10G-full
!
interface ve 1
ip address 172.16.0.14 255.255.255.0
ip helper-address 1 10.0.10.34
ip ospf area 0
!
interface ve 2
port-name VLAN-VIDEO
ip access-group VIDEO-IN in
ip address 192.168.1.250 255.255.255.0
ip helper-address 1 10.0.10.34
!
interface ve 3
port-name VLAN-VOIP
ip address 172.16.3.250 255.255.255.0
ip helper-address 1 10.0.10.34
!
interface ve 4
port-name CORP-WIRELESS
acl-logging
ip access-group CORP-IN in
ip address 172.16.4.250 255.255.255.0
ip pim
ip helper-address 1 10.0.10.34
!
interface ve 5
port-name VLAN-GUEST
ip access-group GUEST-IN in
ip address 172.16.5.250 255.255.255.0
ip helper-address 1 10.0.10.34
!
interface ve 6
port-name CORP-WIRED
ip access-group CORP-IN in
ip address 172.16.6.250 255.255.255.0
ip pim
ip helper-address 1 10.0.10.34
!
interface ve 7
port-name VLAN-DMZ-1
ip address 10.0.7.250 255.255.255.0
ip helper-address 1 10.0.10.34
!
interface ve 8
port-name VLAN-IOT
ip address 10.0.8.250 255.255.255.0
ip helper-address 1 10.0.10.34
!
interface ve 9
port-name "VLAN-KIDS"
ip access-group KIDS-IN in
ip address 10.0.9.250 255.255.255.0
ip helper-address 1 10.0.10.34
!
interface ve 10
port-name VLAN-NET-SVC
ip address 10.0.10.250 255.255.255.0
!
interface ve 11
port-name VLAN-APT-CACHE
ip access-group APT-CACHE-IN in
ip address 10.0.11.250 255.255.255.0
ip helper-address 1 10.0.10.34
!
interface ve 20
port-name VLAN-APPS
ip address 10.0.20.250 255.255.255.0
ip helper-address 1 10.0.10.34
!
interface ve 30
port-name VLAN-DEV
ip address 10.0.30.250 255.255.255.0
ip helper-address 1 10.0.10.34
!
interface ve 71
port-name VLAN-ALEXA
ip access-group ALEXA-IN in
ip address 10.0.71.250 255.255.255.0
ip pim
ip helper-address 1 10.0.10.34
!
interface ve 72
port-name VLAN-SONOS
ip address 10.0.72.250 255.255.255.0
ip pim
ip helper-address 1 10.0.10.34
!
interface ve 73
port-name VLAN-MAILBOX
ip address 10.0.73.250 255.255.255.0
ip helper-address 1 10.0.10.34
!
interface ve 74
port-name VLAN-TV
ip address 10.0.74.250 255.255.255.0
ip helper-address 1 10.0.10.34
!
interface ve 75
port-name VLAN-PLEX
ip address 10.0.75.250 255.255.255.0
ip helper-address 1 10.0.10.34
!
interface ve 76
port-name VLAN-SYNCTHING
ip access-group ALL-IN in
ip address 10.0.76.250 255.255.255.0
ip helper-address 1 10.0.10.34
!
interface ve 77
port-name VLAN-GAMING
ip access-group GAMING-IN in
ip address 10.0.77.250 255.255.255.0
ip helper-address 1 10.0.10.34
!
interface ve 78
port-name VLAN-LOGGING
ip access-group LOGGING-IN in
ip address 10.0.78.250 255.255.255.0
ip helper-address 1 10.0.10.34
!
interface ve 81
port-name VLAN-NEST
ip access-group IOT-NEST-IN in
ip address 10.0.81.250 255.255.255.0
ip helper-address 1 10.0.10.34
!
interface ve 82
port-name VLAN-ESP-HOME
ip helper-address 1 10.0.10.34
!
interface ve 83
port-name VLAN-XIAOMI
ip access-group IOT-XAIOMI-IN in
ip address 10.0.83.250 255.255.255.0
ip helper-address 1 10.0.10.34
!
interface ve 88
port-name VLAN-MIKROTIK
ip address 192.168.88.1 255.255.255.0
ip helper-address 1 10.0.10.34
!
interface ve 95
port-name VLAN-BASTION
ip address 172.16.95.250 255.255.255.0
ip helper-address 1 10.0.10.34
!
interface ve 96
port-name VLAN-BACKUP
ip access-group BACKUP-IN in
ip address 172.16.96.250 255.255.255.0
ip helper-address 1 10.0.10.34
!
interface ve 97
port-name VLAN-TRUENAS
ip access-group ALL-IN in
ip address 172.16.97.250 255.255.255.0
ip helper-address 1 10.0.10.34
!
interface ve 98
port-name VLAN-PROXMOX
ip address 172.16.98.250 255.255.255.0
ip helper-address 1 10.0.10.34
!
interface ve 99
port-name VLAN-IPMI
ip address 172.16.99.250 255.255.255.0
ip helper-address 1 10.0.10.34
!
interface ve 100
port-name VLAN-STORAGE
ip address 10.0.100.250 255.255.255.0
ip helper-address 1 10.0.10.34
!
!
!
ip access-list extended ALEXA-IN
remark permit local DHCP udp access
permit udp any eq bootps any eq bootpc
remark permit local DHCP udp access
permit udp any eq bootpc any eq bootps
remark permit all ICMP from internal networks
permit icmp 10.0.0.0 0.255.255.255 any
permit icmp 172.16.0.0 0.15.255.255 any
permit icmp 192.168.0.0 0.0.255.255 any
remark permit responses to any tcp established sessions
permit tcp any any established
remark permit ntp udp
permit udp any host 10.0.1.1 eq ntp
remark permit ntp tcp
permit tcp any host 10.0.1.1 eq 123
remark deny local networks
deny ip any 10.0.0.0 0.255.255.255 log
deny ip any 172.16.0.0 0.15.255.255 log
deny ip any 192.168.0.0 0.0.255.255 log
remark permit all networks (ie internet)
permit ip any any
!
ip access-list extended ALL-IN
permit ip any any
!
ip access-list extended APPS-IN
remark permit all ICMP from internal networks
permit icmp 10.0.0.0 0.255.255.255 any
permit icmp 172.16.0.0 0.15.255.255 any
permit icmp 192.168.0.0 0.0.255.255 any
remark permit responses to any tcp established sessions
permit tcp any any established
remark permit ntp udp
permit udp any host 10.0.1.1 eq ntp
remark permit ntp tcp
permit tcp any host 10.0.1.1 eq 123
remark permit site dns udp access
permit udp any host 10.0.1.1 eq dns
remark permit site dns tcp access
permit tcp any host 10.0.1.1 eq dns
remark permit igmp in
permit igmp any any
remark permit ssdp udp
permit ip any host 239.255.255.250
remark permit local DHCP udp access
permit udp any eq bootps any eq bootpc
remark permit local DHCP udp access
permit udp any eq bootpc any eq bootps
remark permit ad udp access
permit udp any host 10.0.10.10 eq dns
permit udp any host 10.0.10.10 eq kerberos
permit udp any host 10.0.10.10 eq ntp
permit udp any host 10.0.10.10 eq ldap
permit udp any host 10.0.10.10 eq kpasswd
permit udp any host 10.0.10.20 eq dns
permit udp any host 10.0.10.20 eq kerberos
permit udp any host 10.0.10.20 eq ntp
permit udp any host 10.0.10.20 eq ldap
permit udp any host 10.0.10.20 eq kpasswd
remark permit ad tcp access
permit tcp any host 10.0.10.10 eq dns
permit tcp any host 10.0.10.10 eq kerberos
permit tcp any host 10.0.10.10 eq loc-srv
permit tcp any host 10.0.10.10 eq ldap
permit tcp any host 10.0.10.10 eq microsoft-ds
permit tcp any host 10.0.10.10 eq kpasswd
permit tcp any host 10.0.10.10 eq ldaps
permit tcp any host 10.0.10.10 eq 3268
permit tcp any host 10.0.10.10 eq 3269
permit tcp any host 10.0.10.20 eq dns
permit tcp any host 10.0.10.20 eq kerberos
permit tcp any host 10.0.10.20 eq loc-srv
permit tcp any host 10.0.10.20 eq ldap
permit tcp any host 10.0.10.20 eq microsoft-ds
permit tcp any host 10.0.10.20 eq kpasswd
permit tcp any host 10.0.10.20 eq ldaps
permit tcp any host 10.0.10.20 eq 3268
permit tcp any host 10.0.10.20 eq 3269
remark permit apt proxy tcp in
permit tcp any host 10.0.11.10 eq 3142
remark permit sonos controller tcp in
permit tcp any 10.0.72.0 0.0.0.255 eq 1400
permit tcp any 10.0.72.0 0.0.0.255 eq 1433
permit tcp any 10.0.72.0 0.0.0.255 eq 1443
permit tcp any 10.0.72.0 0.0.0.255 eq 4444
remark permit airplay controller udp in
permit udp any 10.0.72.0 0.0.0.255 eq ptp-event
permit udp any 10.0.72.0 0.0.0.255 eq ptp-gen
permit udp any 10.0.72.0 0.0.0.255 range 30000 65535
remark permit airplay controller udp in
permit tcp any 10.0.72.0 0.0.0.255 eq 7000
permit tcp any 10.0.72.0 0.0.0.255 range 30000 65535
remark permit site smtp tcp access
permit tcp any host 10.0.1.1 eq smtp
remark deny dns udp access
deny udp any any eq dns log
remark deny dns tcp access
deny tcp any any eq dns log
remark permit all networks (ie internet)
permit ip any any
!
ip access-list extended APT-CACHE-IN
remark permit local DHCP udp access
permit udp any eq bootps any eq bootpc
remark permit local DHCP udp access
permit udp any eq bootpc any eq bootps
remark permit all ICMP from internal networks
permit icmp 10.0.0.0 0.255.255.255 any
permit icmp 172.16.0.0 0.15.255.255 any
permit icmp 192.168.0.0 0.0.255.255 any
remark permit responses to any tcp established sessions
permit tcp any any established
remark permit ntp udp
permit udp any host 10.0.1.1 eq ntp
remark permit ntp tcp
permit tcp any host 10.0.1.1 eq 123
remark permit site dns udp access
permit udp any host 10.0.1.1 eq dns
remark permit site dns tcp access
permit tcp any host 10.0.1.1 eq dns
remark deny local networks
deny ip any 10.0.0.0 0.255.255.255 log
deny ip any 172.16.0.0 0.15.255.255 log
deny ip any 192.168.0.0 0.0.255.255 log
remark permit all networks (ie internet)
permit ip any any
!
ip access-list extended BACKUP-IN
remark permit all ICMP from internal networks
permit icmp 10.0.0.0 0.255.255.255 any
permit icmp 172.16.0.0 0.15.255.255 any
permit icmp 192.168.0.0 0.0.255.255 any
remark permit responses to any tcp established sessions
permit tcp any any established
remark permit ntp udp
permit udp any host 10.0.1.1 eq ntp
remark permit ntp tcp
permit tcp any host 10.0.1.1 eq 123
remark permit site dns udp access
permit udp any host 10.0.1.1 eq dns
remark permit site dns tcp access
permit tcp any host 10.0.1.1 eq dns
remark permit local DHCP udp access
permit udp any eq bootps any eq bootpc
remark permit local DHCP udp access
permit udp any eq bootpc any eq bootps
remark permit local app servers
permit tcp any 10.0.20.0 0.0.0.255
remark deny dns udp access
deny udp any any eq dns log
remark deny dns tcp access
deny tcp any any eq dns log
remark permit all networks (ie internet)
permit ip any any
!
ip access-list extended CORP-IN
remark permit all ICMP from internal networks
permit icmp 10.0.0.0 0.255.255.255 any
permit icmp 172.16.0.0 0.15.255.255 any
permit icmp 192.168.0.0 0.0.255.255 any
remark permit responses to any tcp established sessions
permit tcp any any established
remark permit ntp udp
permit udp any host 10.0.1.1 eq ntp
remark permit ntp tcp
permit tcp any host 10.0.1.1 eq 123
remark permit site dns udp access
permit udp any host 10.0.1.1 eq dns
remark permit site dns tcp access
permit tcp any host 10.0.1.1 eq dns
remark permit igmp in
permit igmp any any
remark permit ssdp udp
permit ip any host 239.255.255.250
remark permit local DHCP udp access
permit udp any eq bootps any eq bootpc
remark permit local DHCP udp access
permit udp any eq bootpc any eq bootps
remark permit ad udp access
permit udp any host 10.0.10.10 eq dns
permit udp any host 10.0.10.10 eq kerberos
permit udp any host 10.0.10.10 eq ntp
permit udp any host 10.0.10.10 eq ldap
permit udp any host 10.0.10.10 eq kpasswd
permit udp any host 10.0.10.20 eq dns
permit udp any host 10.0.10.20 eq kerberos
permit udp any host 10.0.10.20 eq ntp
permit udp any host 10.0.10.20 eq ldap
permit udp any host 10.0.10.20 eq kpasswd
remark permit ad tcp access
permit tcp any host 10.0.10.10 eq dns
permit tcp any host 10.0.10.10 eq kerberos
permit tcp any host 10.0.10.10 eq loc-srv
permit tcp any host 10.0.10.10 eq ldap
permit tcp any host 10.0.10.10 eq microsoft-ds
permit tcp any host 10.0.10.10 eq kpasswd
permit tcp any host 10.0.10.10 eq ldaps
permit tcp any host 10.0.10.10 eq 3268
permit tcp any host 10.0.10.10 eq 3269
permit tcp any host 10.0.10.20 eq dns
permit tcp any host 10.0.10.20 eq kerberos
permit tcp any host 10.0.10.20 eq loc-srv
permit tcp any host 10.0.10.20 eq ldap
permit tcp any host 10.0.10.20 eq microsoft-ds
permit tcp any host 10.0.10.20 eq kpasswd
permit tcp any host 10.0.10.20 eq ldaps
permit tcp any host 10.0.10.20 eq 3268
permit tcp any host 10.0.10.20 eq 3269
remark permit plex tcp ingress
permit tcp any host 10.0.20.41 eq 32400
remark permit sonos controller tcp in
permit tcp any 10.0.72.0 0.0.0.255 eq 1400
permit tcp any 10.0.72.0 0.0.0.255 eq 1433
permit tcp any 10.0.72.0 0.0.0.255 eq 1443
permit tcp any 10.0.72.0 0.0.0.255 eq 4444
remark permit airplay controller udp in
permit udp any 10.0.72.0 0.0.0.255 eq ptp-event
permit udp any 10.0.72.0 0.0.0.255 eq ptp-gen
permit udp any 10.0.72.0 0.0.0.255 range 30000 65535
remark permit airplay controller udp in
permit tcp any 10.0.72.0 0.0.0.255 eq 7000
permit tcp any 10.0.72.0 0.0.0.255 range 30000 65535
remark permit local app servers
permit tcp any 10.0.20.0 0.0.0.255
remark permit corp tcp in
permit tcp any 172.16.4.0 0.0.0.255
permit tcp any 172.16.6.0 0.0.0.255
remark permit corp udp in
permit udp any 172.16.4.0 0.0.0.255
permit udp any 172.16.6.0 0.0.0.255
remark permit smb tcp ingress
permit tcp any host 10.0.100.20 range 137 netbios-ssn
permit tcp any host 10.0.100.20 eq microsoft-ds
remark permit smb tcp ingress
permit udp any host 10.0.100.20 range netbios-ns netbios-ssn
permit udp any host 10.0.100.20 eq microsoft-ds
remark permit management-workstations tcp ingress
permit tcp host 172.16.6.103 any
remark permit management-workstations udp ingress
permit udp host 172.16.6.103 any
remark deny dns udp access
deny udp any any eq dns log
remark deny dns tcp access
deny tcp any any eq dns log
remark permit gaming tcp in
permit tcp any 10.0.77.0 0.0.0.255
remark permit gaming udp in
permit udp any 10.0.77.0 0.0.0.255
remark permit all networks (ie internet)
permit ip any any
!
ip access-list extended GAMING-IN
remark permit all ICMP from internal networks
permit icmp 10.0.0.0 0.255.255.255 any
permit icmp 172.16.0.0 0.15.255.255 any
permit icmp 192.168.0.0 0.0.255.255 any
remark permit responses to any tcp established sessions
permit tcp any any established
remark permit ntp udp
permit udp any host 10.0.1.1 eq ntp
remark permit ntp tcp
permit tcp any host 10.0.1.1 eq 123
remark permit site dns udp access
permit udp any host 10.0.1.1 eq dns
remark permit site dns tcp access
permit tcp any host 10.0.1.1 eq dns
remark permit local DHCP udp access
permit udp any eq bootps any eq bootpc
remark permit local DHCP udp access
permit udp any eq bootpc any eq bootps
remark permit virtualhere USB access to desktop PC
permit udp any host 172.16.6.103 eq 7575
remark permit virtualhere USB access to desktop PC
permit tcp any host 172.16.6.103 eq 7575
remark permit Parsec access to corp network
permit udp any 172.16.4.0 0.0.0.255 eq 9000
permit udp any 172.16.6.0 0.0.0.255 eq 9000
remark permit Parsec access to corp network
permit udp any range 8000 8010 172.16.4.0 0.0.0.255
permit udp any range 8000 8010 172.16.6.0 0.0.0.255
remark permit RDP udp access to corp network
permit udp any eq 3389 172.16.4.0 0.0.0.255
permit udp any eq 3389 172.16.6.0 0.0.0.255
remark permit RDP tcp access to corp network
permit tcp any eq 3389 172.16.4.0 0.0.0.255
permit tcp any eq 3389 172.16.6.0 0.0.0.255
remark permit steamlink access to corp network
permit udp any eq 27031 172.16.4.0 0.0.0.255
permit udp any eq 27036 172.16.4.0 0.0.0.255
permit udp any eq 27031 172.16.6.0 0.0.0.255
permit udp any eq 27036 172.16.6.0 0.0.0.255
remark permit RDP tcp access to corp network
permit tcp any eq 27036 172.16.4.0 0.0.0.255
permit tcp any eq 27037 172.16.4.0 0.0.0.255
permit tcp any eq 27036 172.16.6.0 0.0.0.255
permit tcp any eq 27037 172.16.6.0 0.0.0.255
remark deny local networks
deny ip any 10.0.0.0 0.255.255.255 log
deny ip any 172.16.0.0 0.15.255.255 log
deny ip any 192.168.0.0 0.0.255.255 log
remark permit all networks (ie internet)
permit ip any any
remark deny all networks
deny ip any any
!
ip access-list extended GUEST-IN
remark permit all ICMP from internal networks
permit icmp 10.0.0.0 0.255.255.255 any
permit icmp 172.16.0.0 0.15.255.255 any
permit icmp 192.168.0.0 0.0.255.255 any
remark permit responses to any tcp established sessions
permit tcp any any established
remark permit ntp udp
permit udp any host 10.0.1.1 eq ntp
remark permit ntp tcp
permit tcp any host 10.0.1.1 eq 123
remark permit local DHCP udp access
permit udp any eq bootps any eq bootpc
remark permit local DHCP udp access
permit udp any eq bootpc any eq bootps
remark deny local networks
deny ip any 10.0.0.0 0.255.255.255 log
deny ip any 172.16.0.0 0.15.255.255 log
deny ip any 192.168.0.0 0.0.255.255 log
remark permit all networks (ie internet)
permit ip any any
!
ip access-list extended IOT-NEST-IN
remark permit all ICMP from internal networks
permit icmp 10.0.0.0 0.255.255.255 any
permit icmp 172.16.0.0 0.15.255.255 any
permit icmp 192.168.0.0 0.0.255.255 any
remark permit responses to any tcp established sessions
permit tcp any any established
remark permit ntp udp
permit udp any host 10.0.1.1 eq ntp
remark permit ntp tcp
permit tcp any host 10.0.1.1 eq 123
remark permit local DHCP udp access
permit udp any eq bootps any eq bootpc
remark permit local DHCP udp access
permit udp any eq bootpc any eq bootps
remark deny local networks
deny ip any 10.0.0.0 0.255.255.255 log
deny ip any 172.16.0.0 0.15.255.255 log
deny ip any 192.168.0.0 0.0.255.255 log
remark permit all networks (ie internet)
permit ip any any
!
ip access-list extended IOT-XAIOMI-IN
remark permit all ICMP from internal networks
permit icmp 10.0.0.0 0.255.255.255 any
permit icmp 172.16.0.0 0.15.255.255 any
permit icmp 192.168.0.0 0.0.255.255 any
remark permit responses to any tcp established sessions
permit tcp any any established
remark permit ntp udp
permit udp any host 10.0.1.1 eq ntp
remark permit ntp tcp
permit tcp any host 10.0.1.1 eq 123
remark permit local DHCP udp access
permit udp any eq bootps any eq bootpc
remark permit local DHCP udp access
permit udp any eq bootpc any eq bootps
remark deny local networks
deny ip any 10.0.0.0 0.255.255.255 log
deny ip any 172.16.0.0 0.15.255.255 log
deny ip any 192.168.0.0 0.0.255.255 log
remark permit all networks (ie internet)
permit ip any any
!
ip access-list extended KIDS-IN
remark permit all ICMP from internal networks
permit icmp 10.0.0.0 0.255.255.255 any
permit icmp 172.16.0.0 0.15.255.255 any
permit icmp 192.168.0.0 0.0.255.255 any
remark permit responses to any tcp established sessions
permit tcp any any established
remark permit ntp udp
permit udp any host 10.0.1.1 eq ntp
remark permit ntp tcp
permit tcp any host 10.0.1.1 eq 123
remark permit local DHCP udp access
permit udp any eq bootps any eq bootpc
remark permit local DHCP udp access
permit udp any eq bootpc any eq bootps
remark permit kids dns udp access
permit udp any host 10.0.10.30 eq dns
remark permit kids dns tcp access
permit tcp any host 10.0.10.30 eq dns
remark deny dns udp access
deny udp any any eq dns log
remark deny dns tcp access
deny tcp any any eq dns log
remark deny local networks
deny ip any 10.0.0.0 0.255.255.255 log
deny ip any 172.16.0.0 0.15.255.255 log
deny ip any 192.168.0.0 0.0.255.255 log
remark permit all networks (ie internet)
permit ip any any
!
ip access-list extended LOGGING-IN
remark permit all ICMP from internal networks
permit icmp 10.0.0.0 0.255.255.255 any
permit icmp 172.16.0.0 0.15.255.255 any
permit icmp 192.168.0.0 0.0.255.255 any
remark permit responses to any tcp established sessions
permit tcp any any established
remark permit ntp udp
permit udp any host 10.0.1.1 eq ntp
remark permit ntp tcp
permit tcp any host 10.0.1.1 eq 123
remark permit site dns udp access
permit udp any host 10.0.1.1 eq dns
remark permit site dns tcp access
permit tcp any host 10.0.1.1 eq dns
remark permit local DHCP udp access
permit udp any eq bootps any eq bootpc
remark permit local DHCP udp access
permit udp any eq bootpc any eq bootps
remark permit apt proxy tcp in
permit tcp any host 10.0.11.10 eq 3142
remark deny dns udp access
deny udp any any eq dns log
remark deny dns tcp access
deny tcp any any eq dns log
remark permit all networks (ie internet)
permit ip any any
!
ip access-list extended NET-SVC-IN
remark permit all ICMP from internal networks
permit icmp 10.0.0.0 0.255.255.255 any
permit icmp 172.16.0.0 0.15.255.255 any
permit icmp 192.168.0.0 0.0.255.255 any
remark permit responses to any tcp established sessions
permit tcp any any established
remark permit ntp udp
permit udp any host 10.0.1.1 eq ntp
remark permit ntp tcp
permit tcp any host 10.0.1.1 eq 123
remark permit site dns udp access
permit udp any host 10.0.1.1 eq dns
remark permit site dns tcp access
permit tcp any host 10.0.1.1 eq dns
remark permit all networks (ie internet)
permit ip any any
!
ip access-list extended SONOS-IN
remark permit all ICMP from internal networks
permit icmp 10.0.0.0 0.255.255.255 any
permit icmp 172.16.0.0 0.15.255.255 any
permit icmp 192.168.0.0 0.0.255.255 any
remark permit responses to any tcp established sessions
permit tcp any any established
remark permit ntp udp
permit udp any host 10.0.1.1 eq ntp
remark permit ntp tcp
permit tcp any host 10.0.1.1 eq 123
remark permit local DHCP udp access
permit udp any eq bootps any eq bootpc
remark permit local DHCP udp access
permit udp any eq bootpc any eq bootps
remark permit igmp in
permit igmp any any
remark permit ssdp udp
permit ip any host 239.255.255.250
remark permit sonos device tcp in
permit tcp any host 10.0.20.35 eq 3400
permit tcp any host 10.0.20.35 eq 3401
permit tcp any host 10.0.20.35 eq 3500
permit tcp any 172.16.4.0 0.0.0.255 eq 3400
permit tcp any 172.16.4.0 0.0.0.255 eq 3401
permit tcp any 172.16.4.0 0.0.0.255 eq 3500
permit tcp any 172.16.6.0 0.0.0.255 eq 3400
permit tcp any 172.16.6.0 0.0.0.255 eq 3401
permit tcp any 172.16.6.0 0.0.0.255 eq 3500
remark permit airplay device udp in
permit udp any host 10.0.20.35 eq ptp-event
permit udp any host 10.0.20.35 eq ptp-gen
permit udp any 172.16.4.0 0.0.0.255 eq ptp-event
permit udp any 172.16.4.0 0.0.0.255 eq ptp-gen
permit udp any 172.16.6.0 0.0.0.255 eq ptp-event
permit udp any 172.16.6.0 0.0.0.255 eq ptp-gen
remark permit all networks (ie internet)
permit ip any any
!
ip access-list extended TRUENAS-IN
remark permit all ICMP from internal networks
permit icmp 10.0.0.0 0.255.255.255 any
permit icmp 172.16.0.0 0.15.255.255 any
permit icmp 192.168.0.0 0.0.255.255 any
remark permit responses to any tcp established sessions
permit tcp any any established
remark permit ntp udp
permit udp any host 10.0.1.1 eq ntp
remark permit ntp tcp
permit tcp any host 10.0.1.1 eq 123
remark permit site dns udp access
permit udp any host 10.0.1.1 eq dns
remark permit site dns tcp access
permit tcp any host 10.0.1.1 eq dns
remark permit local DHCP udp access
permit udp any eq bootps any eq bootpc
remark permit local DHCP udp access
permit udp any eq bootpc any eq bootps
remark permit ad udp access
permit udp any host 10.0.10.10 eq dns
permit udp any host 10.0.10.10 eq kerberos
permit udp any host 10.0.10.10 eq ntp
permit udp any host 10.0.10.10 eq ldap
permit udp any host 10.0.10.10 eq kpasswd
permit udp any host 10.0.10.20 eq dns
permit udp any host 10.0.10.20 eq kerberos
permit udp any host 10.0.10.20 eq ntp
permit udp any host 10.0.10.20 eq ldap
permit udp any host 10.0.10.20 eq kpasswd
remark permit ad tcp access
permit tcp any host 10.0.10.10 eq dns
permit tcp any host 10.0.10.10 eq kerberos
permit tcp any host 10.0.10.10 eq loc-srv
permit tcp any host 10.0.10.10 eq ldap
permit tcp any host 10.0.10.10 eq microsoft-ds
permit tcp any host 10.0.10.10 eq kpasswd
permit tcp any host 10.0.10.10 eq ldaps
permit tcp any host 10.0.10.10 eq 3268
permit tcp any host 10.0.10.10 eq 3269
permit tcp any host 10.0.10.20 eq dns
permit tcp any host 10.0.10.20 eq kerberos
permit tcp any host 10.0.10.20 eq loc-srv
permit tcp any host 10.0.10.20 eq ldap
permit tcp any host 10.0.10.20 eq microsoft-ds
permit tcp any host 10.0.10.20 eq kpasswd
permit tcp any host 10.0.10.20 eq ldaps
permit tcp any host 10.0.10.20 eq 3268
permit tcp any host 10.0.10.20 eq 3269
remark permit apt proxy tcp in
permit tcp any host 10.0.11.10 eq 3142
remark permit site smtp tcp access
permit tcp any host 10.0.1.1 eq smtp
remark deny dns udp access
deny udp any any eq dns log
remark deny dns tcp access
deny tcp any any eq dns log
remark permit all networks (ie internet)
permit ip any any
!
ip access-list extended TV-IN
permit icmp any any
permit tcp any any established
remark allow multicast
permit ip any 224.0.0.0 15.255.255.255
remark allow DNS
permit udp any host 10.0.1.1 eq dns
remark allow NTP
permit tcp any host 10.0.1.1 eq 123
permit udp any host 10.0.1.1 eq ntp
remark deny all local networks
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.0.255.255
deny ip any 192.16.0.0 0.0.0.255
remark allow internet
permit ip any any
!
ip access-list extended VIDEO-IN
remark permit all ICMP from internal networks
permit icmp 10.0.0.0 0.255.255.255 any
permit icmp 172.16.0.0 0.15.255.255 any
permit icmp 192.168.0.0 0.0.255.255 any
remark permit responses to any tcp established sessions
permit tcp any any established
remark permit ntp udp
permit udp any host 10.0.1.1 eq ntp
remark permit ntp tcp
permit tcp any host 10.0.1.1 eq 123
remark deny dns udp access
deny udp any any eq dns log
remark deny dns tcp access
deny tcp any any eq dns log
remark permit local DHCP udp access
permit udp any eq bootps any eq bootpc
remark permit local DHCP udp access
permit udp any eq bootpc any eq bootps
remark permit rtsp udp access to blue iris servers
permit udp any host 10.0.20.28 eq rtsp
remark permit rtsp tcp access to blue iris servers
permit tcp any host 10.0.20.28 eq rtsp
remark deny all networks
deny ip any any
!
ip access-list extended XBOX-IN
permit icmp any any
permit tcp any any established
remark allow multicast
permit ip any 224.0.0.0 15.255.255.255
remark allow DNS
permit udp any host 10.0.1.1 eq dns
remark allow NTP
permit tcp any host 10.0.1.1 eq 123
permit udp any host 10.0.1.1 eq ntp
remark allow parsec ports
permit udp any 172.16.4.0 0.0.0.255 eq 9000
permit udp any 172.16.6.0 0.0.0.255 eq 9000
permit udp any eq 3389 172.16.4.0 0.0.0.255
permit tcp any eq 3389 172.16.4.0 0.0.0.255
permit udp any eq 3389 172.16.6.0 0.0.0.255
permit tcp any eq 3389 172.16.6.0 0.0.0.255
remark deny all local networks
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.0.255.255 log
deny ip any 192.16.0.0 0.0.0.255
remark allow internet
permit ip any any
!
!
sflow destination 10.0.1.1
!
lldp run
!
!
!
!
end

SSH@sw-core#

right off the bat I see you have that port (1/1/3) configured as a mirror port, which obviously can't have an IP

simbo · Jan 4, 2023

fohdeesha said:
right off the bat I see you have that port (1/1/3) configured as a mirror port, which obviously can't have an IP

Thanks that was stupid of me. I've removed the mirror port and it's still not allowing me to add an IP addr. For the sake of testing, here's another port 1/1/19 that's unused.

Code:

SSH@sw-core(config)#show int ethe 1/1/19
GigabitEthernet1/1/19 is down, line protocol is down
  Port down for 9 day(s) 23 hour(s) 4 minute(s) 24 second(s)
  Hardware is GigabitEthernet, address is 748e.f8fe.c148 (bia 748e.f8fe.c15a)
  Configured speed auto, actual unknown, configured duplex fdx, actual unknown
  Configured mdi mode AUTO, actual unknown
  Member of L2 VLAN ID 1, port is untagged, port state is BLOCKING
  BPDU guard is Disabled, ROOT protect is Disabled, Designated protect is Disabled
  Link Error Dampening is Disabled
  STP configured to ON, priority is level0, mac-learning is enabled
  Openflow is Disabled, Openflow Hybrid mode is Disabled,  Flow Control is config enabled, oper disabled, negotiation disabled
  Mirror disabled, Monitor disabled
  Mac-notification is disabled
  Not member of any active trunks
  Not member of any configured trunks
  No port name
  Inter-Packet Gap (IPG) is 96 bit times
  MTU 10200 bytes, encapsulation ethernet
  300 second input rate: 0 bits/sec, 0 packets/sec, 0.00% utilization
  300 second output rate: 0 bits/sec, 0 packets/sec, 0.00% utilization
  0 packets input, 0 bytes, 0 no buffer
  Received 0 broadcasts, 0 multicasts, 0 unicasts
  0 input errors, 0 CRC, 0 frame, 0 ignored
  0 runts, 0 giants
  0 packets output, 0 bytes, 0 underruns
  Transmitted 0 broadcasts, 0 multicasts, 0 unicasts
  0 output errors, 0 collisions
  Relay Agent Information option: Disabled

Egress queues:
Queue counters    Queued packets    Dropped Packets
    0                   0                   0
    1                   0                   0
    2                   0                   0
    3                   0                   0
    4                   0                   0
    5                   0                   0
    6                   0                   0
    7                   0                   0

Here's trying to add the IP

Code:

SSH@sw-core(config)#int ethe 1/1/19
SSH@sw-core(config-if-e1000-1/1/19)#ip add
  add-host-route-first          Add host route before sending buffered packets
SSH@sw-core(config-if-e1000-1/1/19)#ip address 10.0.0.6/30
Invalid input -> address 10.0.0.6/30
Type ? for a list

fohdeesha · Jan 4, 2023

simbo said:

Thanks that was stupid of me. I've removed the mirror port and it's still not allowing me to add an IP addr. For the sake of testing, here's another port 1/1/19 that's unused.

Code:

SSH@sw-core(config)#show int ethe 1/1/19
GigabitEthernet1/1/19 is down, line protocol is down
  Port down for 9 day(s) 23 hour(s) 4 minute(s) 24 second(s)
  Hardware is GigabitEthernet, address is 748e.f8fe.c148 (bia 748e.f8fe.c15a)
  Configured speed auto, actual unknown, configured duplex fdx, actual unknown
  Configured mdi mode AUTO, actual unknown
  Member of L2 VLAN ID 1, port is untagged, port state is BLOCKING
  BPDU guard is Disabled, ROOT protect is Disabled, Designated protect is Disabled
  Link Error Dampening is Disabled
  STP configured to ON, priority is level0, mac-learning is enabled
  Openflow is Disabled, Openflow Hybrid mode is Disabled,  Flow Control is config enabled, oper disabled, negotiation disabled
  Mirror disabled, Monitor disabled
  Mac-notification is disabled
  Not member of any active trunks
  Not member of any configured trunks
  No port name
  Inter-Packet Gap (IPG) is 96 bit times
  MTU 10200 bytes, encapsulation ethernet
  300 second input rate: 0 bits/sec, 0 packets/sec, 0.00% utilization
  300 second output rate: 0 bits/sec, 0 packets/sec, 0.00% utilization
  0 packets input, 0 bytes, 0 no buffer
  Received 0 broadcasts, 0 multicasts, 0 unicasts
  0 input errors, 0 CRC, 0 frame, 0 ignored
  0 runts, 0 giants
  0 packets output, 0 bytes, 0 underruns
  Transmitted 0 broadcasts, 0 multicasts, 0 unicasts
  0 output errors, 0 collisions
  Relay Agent Information option: Disabled

Egress queues:
Queue counters    Queued packets    Dropped Packets
    0                   0                   0
    1                   0                   0
    2                   0                   0
    3                   0                   0
    4                   0                   0
    5                   0                   0
    6                   0                   0
    7                   0                   0

Here's trying to add the IP

Code:

SSH@sw-core(config)#int ethe 1/1/19
SSH@sw-core(config-if-e1000-1/1/19)#ip add
  add-host-route-first          Add host route before sending buffered packets
SSH@sw-core(config-if-e1000-1/1/19)#ip address 10.0.0.6/30
Invalid input -> address 10.0.0.6/30
Type ? for a list

can you create a new vlan with nothing in it, no other ports or VEs, and put 1/1/3 in it? then try to add an ip? I don't remember shit about adding IPs directly to ports as I almost never do it (use VEs)

simbo · Jan 4, 2023

fohdeesha said:
can you create a new vlan with nothing in it, no other ports or VEs, and put 1/1/3 in it? then try to add an ip? I don't remember shit about adding IPs directly to ports as I almost never do it (use VEs)

Code:

SSH@sw-core(config)#vlan 250 name VLAN-CORE-FW by port
SSH@sw-core(config-vlan-250)# untagged ethe 1/1/3
Added untagged port(s) ethe 1/1/3 to port-vlan 250.
SSH@sw-core(config-vlan-250)# router-interface ve 250
SSH@sw-core(config-vlan-250)#!
SSH@sw-core(config-vlan-250)#
SSH@sw-core(config-vlan-250)#interface ve 250
SSH@sw-core(config-vif-250)# port-name VLAN-CORE-FW
SSH@sw-core(config-vif-250)# ip address 10.0.0.6 255.255.255.252
SSH@sw-core(config-vif-250)#!
SSH@sw-core(config-vif-250)#
SSH@sw-core(config-vif-250)#
SSH@sw-core(config-vif-250)#exit
SSH@sw-core(config)#write mem
........Write startup-config done.
SSH@sw-core(config)#Flash Memory Write (8192 bytes per dot) .....
Copy Done.
SSH@sw-core(config)#show int e 1/1/3
GigabitEthernet1/1/3 is up, line protocol is up
  Port up for 2 hour(s) 46 minute(s) 42 second(s)
  Hardware is GigabitEthernet, address is 748e.f8fe.c148 (bia 748e.f8fe.c14a)
  Configured speed auto, actual 1Gbit, configured duplex fdx, actual fdx
  Configured mdi mode AUTO, actual MDI
  Member of L2 VLAN ID 250, port is untagged, port state is FORWARDING
  BPDU guard is Disabled, ROOT protect is Disabled, Designated protect is Disabled
  Link Error Dampening is Disabled
  STP configured to ON, priority is level0, mac-learning is enabled
  Openflow is Disabled, Openflow Hybrid mode is Disabled,  Flow Control is config enabled, oper enabled, negotiation disabled
  Mirror disabled, Monitor disabled
  Mac-notification is disabled
  Not member of any active trunks
  Not member of any configured trunks
  Port name is SRV-FIREWALL
  Inter-Packet Gap (IPG) is 96 bit times
  MTU 10200 bytes, encapsulation ethernet
  300 second input rate: 136 bits/sec, 0 packets/sec, 0.00% utilization
  300 second output rate: 3408 bits/sec, 6 packets/sec, 0.00% utilization
  698 packets input, 180887 bytes, 0 no buffer
  Received 0 broadcasts, 697 multicasts, 1 unicasts
  0 input errors, 0 CRC, 0 frame, 0 ignored
  0 runts, 0 giants
  22372 packets output, 1690568 bytes, 0 underruns
  Transmitted 15290 broadcasts, 7068 multicasts, 14 unicasts
  0 output errors, 0 collisions
  Relay Agent Information option: Disabled

Egress queues:
Queue counters    Queued packets    Dropped Packets
    0               13296                   0
    1                   0                   0
    2                   0                   0
    3                   0                   0
    4                   0                   0
    5                4250                   0
    6                   0                   0
    7                4826                   0

SSH@sw-core(config)#show vlan br

System-max vlan Params: Max(4095) Default(64) Current(64)
Default vlan Id :1
Total Number of Vlan Configured :33
VLANs Configured :1 to 11 20 30 71 to 78 81 to 83 88 95 to 100 202 250

fohdeesha · Jan 4, 2023

simbo said:

Code:

SSH@sw-core(config)#vlan 250 name VLAN-CORE-FW by port
SSH@sw-core(config-vlan-250)# untagged ethe 1/1/3
Added untagged port(s) ethe 1/1/3 to port-vlan 250.
SSH@sw-core(config-vlan-250)# router-interface ve 250
SSH@sw-core(config-vlan-250)#!
SSH@sw-core(config-vlan-250)#
SSH@sw-core(config-vlan-250)#interface ve 250
SSH@sw-core(config-vif-250)# port-name VLAN-CORE-FW
SSH@sw-core(config-vif-250)# ip address 10.0.0.6 255.255.255.252
SSH@sw-core(config-vif-250)#!
SSH@sw-core(config-vif-250)#
SSH@sw-core(config-vif-250)#
SSH@sw-core(config-vif-250)#exit
SSH@sw-core(config)#write mem
........Write startup-config done.
SSH@sw-core(config)#Flash Memory Write (8192 bytes per dot) .....
Copy Done.
SSH@sw-core(config)#show int e 1/1/3
GigabitEthernet1/1/3 is up, line protocol is up
  Port up for 2 hour(s) 46 minute(s) 42 second(s)
  Hardware is GigabitEthernet, address is 748e.f8fe.c148 (bia 748e.f8fe.c14a)
  Configured speed auto, actual 1Gbit, configured duplex fdx, actual fdx
  Configured mdi mode AUTO, actual MDI
  Member of L2 VLAN ID 250, port is untagged, port state is FORWARDING
  BPDU guard is Disabled, ROOT protect is Disabled, Designated protect is Disabled
  Link Error Dampening is Disabled
  STP configured to ON, priority is level0, mac-learning is enabled
  Openflow is Disabled, Openflow Hybrid mode is Disabled,  Flow Control is config enabled, oper enabled, negotiation disabled
  Mirror disabled, Monitor disabled
  Mac-notification is disabled
  Not member of any active trunks
  Not member of any configured trunks
  Port name is SRV-FIREWALL
  Inter-Packet Gap (IPG) is 96 bit times
  MTU 10200 bytes, encapsulation ethernet
  300 second input rate: 136 bits/sec, 0 packets/sec, 0.00% utilization
  300 second output rate: 3408 bits/sec, 6 packets/sec, 0.00% utilization
  698 packets input, 180887 bytes, 0 no buffer
  Received 0 broadcasts, 697 multicasts, 1 unicasts
  0 input errors, 0 CRC, 0 frame, 0 ignored
  0 runts, 0 giants
  22372 packets output, 1690568 bytes, 0 underruns
  Transmitted 15290 broadcasts, 7068 multicasts, 14 unicasts
  0 output errors, 0 collisions
  Relay Agent Information option: Disabled

Egress queues:
Queue counters    Queued packets    Dropped Packets
    0               13296                   0
    1                   0                   0
    2                   0                   0
    3                   0                   0
    4                   0                   0
    5                4250                   0
    6                   0                   0
    7                4826                   0

SSH@sw-core(config)#show vlan br

System-max vlan Params: Max(4095) Default(64) Current(64)
Default vlan Id :1
Total Number of Vlan Configured :33
VLANs Configured :1 to 11 20 30 71 to 78 81 to 83 88 95 to 100 202 250

well I meant put it in a new empty vlan *without* a VE to see if you could assign an IP directly to the port then, but that works too lol

Craig Curtin · Jan 4, 2023

simbo said:

Code:

SSH@sw-core(config)#vlan 250 name VLAN-CORE-FW by port
SSH@sw-core(config-vlan-250)# untagged ethe 1/1/3
Added untagged port(s) ethe 1/1/3 to port-vlan 250.
SSH@sw-core(config-vlan-250)# router-interface ve 250
SSH@sw-core(config-vlan-250)#!
SSH@sw-core(config-vlan-250)#
SSH@sw-core(config-vlan-250)#interface ve 250
SSH@sw-core(config-vif-250)# port-name VLAN-CORE-FW
SSH@sw-core(config-vif-250)# ip address 10.0.0.6 255.255.255.252
SSH@sw-core(config-vif-250)#!
SSH@sw-core(config-vif-250)#
SSH@sw-core(config-vif-250)#
SSH@sw-core(config-vif-250)#exit
SSH@sw-core(config)#write mem
........Write startup-config done.
SSH@sw-core(config)#Flash Memory Write (8192 bytes per dot) .....
Copy Done.
SSH@sw-core(config)#show int e 1/1/3
GigabitEthernet1/1/3 is up, line protocol is up
  Port up for 2 hour(s) 46 minute(s) 42 second(s)
  Hardware is GigabitEthernet, address is 748e.f8fe.c148 (bia 748e.f8fe.c14a)
  Configured speed auto, actual 1Gbit, configured duplex fdx, actual fdx
  Configured mdi mode AUTO, actual MDI
  Member of L2 VLAN ID 250, port is untagged, port state is FORWARDING
  BPDU guard is Disabled, ROOT protect is Disabled, Designated protect is Disabled
  Link Error Dampening is Disabled
  STP configured to ON, priority is level0, mac-learning is enabled
  Openflow is Disabled, Openflow Hybrid mode is Disabled,  Flow Control is config enabled, oper enabled, negotiation disabled
  Mirror disabled, Monitor disabled
  Mac-notification is disabled
  Not member of any active trunks
  Not member of any configured trunks
  Port name is SRV-FIREWALL
  Inter-Packet Gap (IPG) is 96 bit times
  MTU 10200 bytes, encapsulation ethernet
  300 second input rate: 136 bits/sec, 0 packets/sec, 0.00% utilization
  300 second output rate: 3408 bits/sec, 6 packets/sec, 0.00% utilization
  698 packets input, 180887 bytes, 0 no buffer
  Received 0 broadcasts, 697 multicasts, 1 unicasts
  0 input errors, 0 CRC, 0 frame, 0 ignored
  0 runts, 0 giants
  22372 packets output, 1690568 bytes, 0 underruns
  Transmitted 15290 broadcasts, 7068 multicasts, 14 unicasts
  0 output errors, 0 collisions
  Relay Agent Information option: Disabled

Egress queues:
Queue counters    Queued packets    Dropped Packets
    0               13296                   0
    1                   0                   0
    2                   0                   0
    3                   0                   0
    4                   0                   0
    5                4250                   0
    6                   0                   0
    7                4826                   0

SSH@sw-core(config)#show vlan br

System-max vlan Params: Max(4095) Default(64) Current(64)
Default vlan Id :1
Total Number of Vlan Configured :33
VLANs Configured :1 to 11 20 30 71 to 78 81 to 83 88 95 to 100 202 250

I think @fohdeesha meant to create a VLAN without adding a VE to it and then adding an IP address to the port.

i.e. it is a member of a L2 VLAN and you give it an IP address.

Craig

simbo · Jan 4, 2023

fohdeesha said:
well I meant put it in a new empty vlan *without* a VE to see if you could assign an IP directly to the port then, but that works too lol

Yeah that works. I can ping the VE 10.0.0.6 ok. But I can't ping the firewall that's sitting on the other side of 1/1/3 on 10.0.0.5 when using a VE

Code:

SSH@sw-core#show ip route
Total number of IP routes: 32
Type Codes - B:BGP D:Connected O:OSPF R:RIP S:Static; Cost - Dist/Metric
BGP  Codes - i:iBGP e:eBGP
OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2
        Destination        Gateway         Port          Cost          Type Uptime
1       0.0.0.0/0          172.16.0.1      ve 1          1/1           S    9d23h
2       10.0.0.4/30        DIRECT          ve 250        0/0           D    8m29s
3       10.0.7.0/24        DIRECT          ve 7          0/0           D    9d23h
4       10.0.8.0/24        DIRECT          ve 8          0/0           D    9d23h
5       10.0.9.0/24        DIRECT          ve 9          0/0           D    9d23h
6       10.0.10.0/24       DIRECT          ve 10         0/0           D    9d23h
7       10.0.11.0/24       DIRECT          ve 11         0/0           D    9d23h
8       10.0.20.0/24       DIRECT          ve 20         0/0           D    9d23h
9       10.0.30.0/24       DIRECT          ve 30         0/0           D    9d23h
10      10.0.71.0/24       DIRECT          ve 71         0/0           D    9d23h
11      10.0.72.0/24       DIRECT          ve 72         0/0           D    9d23h
12      10.0.73.0/24       DIRECT          ve 73         0/0           D    9d23h
13      10.0.74.0/24       DIRECT          ve 74         0/0           D    9d23h
14      10.0.75.0/24       DIRECT          ve 75         0/0           D    9d23h
15      10.0.76.0/24       DIRECT          ve 76         0/0           D    9d23h
16      10.0.77.0/24       DIRECT          ve 77         0/0           D    9d23h
17      10.0.78.0/24       DIRECT          ve 78         0/0           D    9d23h
18      10.0.81.0/24       DIRECT          ve 81         0/0           D    9d23h
19      10.0.83.0/24       DIRECT          ve 83         0/0           D    9d23h
20      10.0.100.0/24      DIRECT          ve 100        0/0           D    9d23h
21      172.16.0.0/24      DIRECT          ve 1          0/0           D    9d23h
22      172.16.3.0/24      DIRECT          ve 3          0/0           D    9d23h
23      172.16.4.0/24      DIRECT          ve 4          0/0           D    9d23h
24      172.16.5.0/24      DIRECT          ve 5          0/0           D    9d23h
25      172.16.6.0/24      DIRECT          ve 6          0/0           D    9d23h
26      172.16.95.0/24     DIRECT          ve 95         0/0           D    9d23h
27      172.16.96.0/24     DIRECT          ve 96         0/0           D    9d23h
28      172.16.97.0/24     DIRECT          ve 97         0/0           D    9d23h
29      172.16.98.0/24     DIRECT          ve 98         0/0           D    9d23h
30      172.16.99.0/24     DIRECT          ve 99         0/0           D    9d23h
31      192.168.1.0/24     DIRECT          ve 2          0/0           D    9d23h
32      192.168.88.0/24    DIRECT          ve 88         0/0           D    9d23h

simbo · Jan 4, 2023

Ok...by creating a VLAN with no VE and then putting the port in the VLAN I can now assign an IP to that interface.

Code:

SH@sw-core(config-if-e1000-1/1/3)#no vlan 250
SSH@sw-core(config-if-e1000-1/1/3)#
SSH@sw-core(config-if-e1000-1/1/3)#
SSH@sw-core(config-if-e1000-1/1/3)#no ve 250
SSH@sw-core(config-if-e1000-1/1/3)#
SSH@sw-core(config-if-e1000-1/1/3)#
SSH@sw-core(config-if-e1000-1/1/3)#vlan 250 name VLAN-CORE-FW by port
SSH@sw-core(config-vlan-250)# untagged ethe 1/1/3
Added untagged port(s) ethe 1/1/3 to port-vlan 250.
SSH@sw-core(config-vlan-250)#!
SSH@sw-core(config-vlan-250)#int ethe 1/1/3
SSH@sw-core(config-if-e1000-1/1/3)#ip address 10.0.0.6/30
SSH@sw-core(config-if-e1000-1/1/3)#exit
SSH@sw-core(config)#

SSH@sw-core#sho ip route
Total number of IP routes: 32
Type Codes - B:BGP D:Connected O:OSPF R:RIP S:Static; Cost - Dist/Metric
BGP  Codes - i:iBGP e:eBGP
OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2
        Destination        Gateway         Port          Cost          Type Uptime
1       0.0.0.0/0          172.16.0.1      ve 1          1/1           S    9d23h
2       10.0.0.4/30        DIRECT          e 1/1/3       0/0           D    0m47s
3       10.0.7.0/24        DIRECT          ve 7          0/0           D    9d23h
4       10.0.8.0/24        DIRECT          ve 8          0/0           D    9d23h
5       10.0.9.0/24        DIRECT          ve 9          0/0           D    9d23h
6       10.0.10.0/24       DIRECT          ve 10         0/0           D    9d23h
7       10.0.11.0/24       DIRECT          ve 11         0/0           D    9d23h
8       10.0.20.0/24       DIRECT          ve 20         0/0           D    9d23h
9       10.0.30.0/24       DIRECT          ve 30         0/0           D    9d23h
10      10.0.71.0/24       DIRECT          ve 71         0/0           D    9d23h
11      10.0.72.0/24       DIRECT          ve 72         0/0           D    9d23h
12      10.0.73.0/24       DIRECT          ve 73         0/0           D    9d23h
13      10.0.74.0/24       DIRECT          ve 74         0/0           D    9d23h
14      10.0.75.0/24       DIRECT          ve 75         0/0           D    9d23h
15      10.0.76.0/24       DIRECT          ve 76         0/0           D    9d23h
16      10.0.77.0/24       DIRECT          ve 77         0/0           D    9d23h
17      10.0.78.0/24       DIRECT          ve 78         0/0           D    9d23h
18      10.0.81.0/24       DIRECT          ve 81         0/0           D    9d23h
19      10.0.83.0/24       DIRECT          ve 83         0/0           D    9d23h
20      10.0.100.0/24      DIRECT          ve 100        0/0           D    9d23h
21      172.16.0.0/24      DIRECT          ve 1          0/0           D    9d23h
22      172.16.3.0/24      DIRECT          ve 3          0/0           D    9d23h
23      172.16.4.0/24      DIRECT          ve 4          0/0           D    9d23h
24      172.16.5.0/24      DIRECT          ve 5          0/0           D    9d23h
25      172.16.6.0/24      DIRECT          ve 6          0/0           D    9d23h
26      172.16.95.0/24     DIRECT          ve 95         0/0           D    9d23h
27      172.16.96.0/24     DIRECT          ve 96         0/0           D    9d23h
28      172.16.97.0/24     DIRECT          ve 97         0/0           D    9d23h
29      172.16.98.0/24     DIRECT          ve 98         0/0           D    9d23h
30      172.16.99.0/24     DIRECT          ve 99         0/0           D    9d23h
31      192.168.1.0/24     DIRECT          ve 2          0/0           D    9d23h
32      192.168.88.0/24    DIRECT          ve 88         0/0           D    9d23h

simbo · Jan 4, 2023

Thanks champs Craig Curtin and fohdeesha

LodeRunner · Jan 5, 2023

ProZak512 said:
Camera is an Amcrest IP8M-2693EW-AI, works fine (though a different switch) using a Ubiquiti POE injector I had laying around.

Code:

1/1/41 Off Off 0 0 n/a n/a 3 n/a 1/1/42 On Off 0 0 n/a n/a 3 n/a 1/1/43 Off Off 0 0 n/a n/a 3 n/a

Maybe I should nuke the switch from orbit and start over? Could I have missed something in the firmware / licensing / etc from the instructions? (I'm still in testing mode, this isn't a production switch yet)

The manual and product page for that camera do not specify which PoE version the camera supports other than (HD IP POE). No listing of if it's 802.3af, at, or bt. The 6610 supports af and at modes. I would remove the power limits from the inline-power statements in case this camera is trying to negotiate for 30W. You're capping all your ports at 15.

At a guess, the injector you were using before is a 802.3at unit supporting 30W. I see lower models of Amcrest cameras saying 802.3at is required in the manual.

NablaSquaredG · Jan 6, 2023

RIP 7250-48P...

http://imgur.com/a/8hwEdPk

Bought as "fully functional"

Code:

PoE Severe Error: Hardware Fault with ports 1/1/33 to 1/1/40. Remove PDs and then configure "no inline power" on these ports.
..
show inline power detail
...
Hardware
Version
----------------
UNKNOWN

Device HW version         : 0:V1R3      1:V1R3      2:V1R3      3:V1R3      4:UNKNOWN   5:V1R3     
Device Temperature(deg-C) : 0:37        1:39        2:37        3:37        4:n/a       5:31       
Device Status             : 0:Good      1:Good      2:VOP-Sev1  3:Good      4:Failed    5:Good     



Cumulative Port State Data:
+++++++++++++++++++++++++++

#Ports    #Ports     #Ports   #Ports    #Ports       #Ports     #Ports
Admin-On  Admin-Off  Oper-On  Oper-Off  Off-Denied   Off-No-PD  Off-Fault
-------------------------------------------------------------------------
48        0          0        48        24           24         0

Sea Monkey · Jan 7, 2023

For anyone struggling setting up key-based SSH authentication, as I did, use

Code:

ssh-keygen -t ssh-rsa -b 2048

when generating keys. The default on my system was greater than 2048. Also, add the following to /etc/ssh/ssh_config client-side, replacing values where appropriate.

Code:

Host sens-o-matic sens-o-matic.thegalaxy 192.168.0.100
    HostKeyAlgorithms +ssh-rsa
    PubkeyAcceptedAlgorithms=+ssh-rsa
    KexAlgorithms +diffie-hellman-group1-sha1
    IdentityFile /home/seamonkey/.ssh/brocade

kpfleming · Jan 7, 2023

Sea Monkey said:
For anyone struggling setting up key-based SSH authentication, as I did, use

Code:

ssh-keygen -t ssh-rsa 2048

when generating keys. The default on my system was greater than 2048. Also, add the following to /etc/ssh/ssh_config client-side, replacing values where appropriate.

Code:

Host sens-o-matic sens-o-matic.thegalaxy 192.168.0.100 HostKeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms=+ssh-rsa KexAlgorithms +diffie-hellman-group1-sha1 IdentityFile /home/seamonkey/.ssh/brocade

Also note that various Linux distributions are putting new security policies in place which disallow usage of SHA1 for various purposes, and that might mean that even a configuration like this won't work unless the system-wide security policy is relaxed. If you try to follow these instructions and your SSH client still won't accept the switch's host key, that may be the reason why.

Jorge Perez · Jan 7, 2023

Anyone know how to set up DHCP relay on an icx6450?

I set an IP Helper Address on the VIF "ip helper-address 1 10.100.255.1"

I can't seem to enable "DHCP Snooping Relay Information"

Silly Valley Serf · Jan 7, 2023

Sea Monkey said:
For anyone struggling setting up key-based SSH authentication, as I did, use

Code:

ssh-keygen -t ssh-rsa 2048

when generating keys. The default on my system was greater than 2048. Also, add the following to /etc/ssh/ssh_config client-side, replacing values where appropriate.

Code:

Host sens-o-matic sens-o-matic.thegalaxy 192.168.0.100 HostKeyAlgorithms +ssh-rsa PubkeyAcceptedAlgorithms=+ssh-rsa KexAlgorithms +diffie-hellman-group1-sha1 IdentityFile /home/seamonkey/.ssh/brocade

I ran into this today. In my case I put the authentication tweaks in ~/.ssh/config - since it's unlikely anyone else will be using my Linux box, or needing to log into the switch.

Silly Valley Serf · Jan 7, 2023

Forgot to mention, I picked up an ICX6450-48P for $125 + tax from an eBay seller in my area last week. It will serve as the nexus of a home network, with multiple PoE APs and IP cameras, once I get enough round tuits. I mostly wanted it for PoE, VLANs, and for the 10GbE to use with a storage server I've got. But it looks like this thing could almost replace my pfSense router. Thanks @fohdeesha for the docs & downloads!

kpfleming · Jan 8, 2023

Silly Valley Serf said:
But it looks like this thing could almost replace my pfSense router.

As long as you aren't using NAT of any kind, or tunneling, or DHCPv6 prefix delegation, or ... There are lots of things that the boxes we call 'routers' today can do which the ICX L3 'router' software does not do.

Silly Valley Serf · Jan 8, 2023

Right, that's why I said "almost".

Jorge Perez · Jan 8, 2023

kpfleming said:
As long as you aren't using NAT of any kind, or tunneling, or DHCPv6 prefix delegation, or ... There are lots of things that the boxes we call 'routers' today can do which the ICX L3 'router' software does not do.

They do support IPv6-PD though?

kpfleming · Jan 8, 2023

Jorge Perez said:
They do support IPv6-PD though?

That depends on how you define 'support' I suppose. In a home LAN/homelab environment, the most useful support would be for the ICX to act as a DHCPv6-PD client to get a prefix from the ISP and then allocate subnets from that prefix to the VLANs it is managing. As best I can tell the ICX software has no ability to do that.

The ICX DHCPv6 server can delegate prefixes though, and the DHCPv6 relay is able to do some sort of notifications based on PD messages passing through.

Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

Kaini Industries

New Member

Kaini Industries

New Member

Kaini Industries

Member

New Member

New Member

New Member

Active Member

Bringing 100G switches to homelabs

New Member

Active Member

Active Member

New Member

New Member

Active Member

New Member

Active Member

Active Member