yes, and even then you aren't guaranteed to have ARP entries on the switch for every device in that VLAN, they'll have to talk to that switch IP first to generate an entry. The place to check arp tables is pretty much *always* the router/gateway for said subnet. In your case it sounds like that's pfsense/opnsense (Diagnostics > ARP Table). trying to move this functionality to a layer 2 device in your network is indeed a pretty bizarre use caseI like being able to monitor IP addresses by looking at the ARP table. As said previously, this won't work for other than VLAN 1 if I am running a vanilla switched image, since the switch won't have an IP address in a subnet used by hosts in that VLAN. Assume I understand this correctly, is my only alternative to run the routing image instead? And define a virtual interface in each VLAN, with a unique IP address in a subnet used by hosts in that VLAN?
it just completely depends on the device/software on the other end. some devices behave normally and won't send out an ARP response with it's IP info unless it sees an arp request directed at it from said device (your switch), others will send gratuitous arps (arp responses that weren't provoked by an arp request), gARP messages are also broadcast instead of unicast, so they'll get picked up and entered into the arp table of everything in the subnet, including your switchThe router is also my home gateway, and is unaware of any other VLANs. This is only a convenience for me, not a requirement. I'm puzzled about the assertion that the switch will only add hosts to the ARP cache if that host talks to the switch first. I see a number of entries in the ARP cache of both switches (the 7250 stack and the 7150 by my desk) for hosts who shouldn't even know about either switch directly. Odd.
Not only that, but they tend to flood the network with a lot of multicast/broadcast traffic (as for example, every discovery that runs on top of mDNS, such as Chromecast and Bonjour, to name a few). Usually, multicast flows are being sent to the switch CPU for IGMP Snooping and flow control, so it can obtain a IP-MAC address tuple, ie. an ARP entry.IOT crap is bad about this
If you have a used switch: not without using the instructions in the first post. There is no reset switch / procedure for the 6450.Hey! I just got a 6450-24P!
I am trying to set it up and I am having a hard time. I want it to grab a DHCP IP from my router on one of the 24 ports (not the mgmt port) and manage it from there. How can I do that?
I have serial access to the switch, as well as through the mgmt port. I just don't know how to enable the dhcp client for all or at least one interface.If you have a used switch: not without using the instructions in the first post. There is no reset switch / procedure for the 6450.
You have to enable on a router interface, not on a port (unless it is a pure layer 3 interface, ie. "no switchport"), and the interface tied to your DHCP server must be an untagged member of the same VLAN that contains the router interface.I have serial access to the switch, as well as through the mgmt port. I just don't know how to enable the dhcp client for all or at least one interface.
I tried to enable it on 1/1/1 but it is not requesting an ip.
Please check if you have already a VE defined on this VLAN, and it should, as you said that it took an IP address.I cannot add a virtual interface on VLAN 1
Yes, but you have to enable "dual mode" on an interface to make it accept both tagged and untagged frames. It is written on the documentation that @fohdeesha made available on the first page.nor can I tag the 1/1/1 port in other VLANs
You can't have a VLAN as tagged and untagged at the same time. This is normal.Furthermore, I cannot tag the 1/1/1 port on VLAN 1 and as such, I cannot switch it to dual mode.
conf t
int ethe 1/1/1
dual mode
Please check if you have already a VE defined on this VLAN, and it shoud, as you said that it took an IP address.
SSH@icx645024p(config-if-e1000-1/1/1)#show int e 1/1/1
GigabitEthernet1/1/1 is up, line protocol is up
Port up for 3 hour(s) 43 minute(s) 27 second(s)
Hardware is GigabitEthernet, address is cc4e.2451.cc60 (bia cc4e.2451.cc60)
Configured speed auto, actual 1Gbit, configured duplex fdx, actual fdx
Configured mdi mode AUTO, actual MDIX
Member of L2 VLAN ID 1, port is untagged, port state is FORWARDING
BPDU guard is Disabled, ROOT protect is Disabled, Designated protect is Disabled
Link Error Dampening is Disabled
STP configured to ON, priority is level0, mac-learning is enabled
Flow Control is config enabled, oper enabled, negotiation disabled
Mirror disabled, Monitor disabled
Mac-notification is disabled
Not member of any active trunks
Not member of any configured trunks
No port name
Inter-Packet Gap (IPG) is 96 bit times
Internet address is 10.0.10.202/24, MTU 1500 bytes, encapsulation ethernet
300 second input rate: 9632 bits/sec, 7 packets/sec, 0.00% utilization
300 second output rate: 1504 bits/sec, 1 packets/sec, 0.00% utilization
136542 packets input, 18555997 bytes, 0 no buffer
Received 51299 broadcasts, 77567 multicasts, 7676 unicasts
0 input errors, 0 CRC, 0 frame, 0 ignored
0 runts, 0 giants
7784 packets output, 2635763 bytes, 0 underruns
Transmitted 11 broadcasts, 0 multicasts, 7773 unicasts
0 output errors, 0 collisions
Relay Agent Information option: Disabled
Egress queues:
Queue counters Queued packets Dropped Packets
0 0 0
1 0 0
2 0 0
3 0 0
4 0 0
5 0 0
6 0 0
7 0 0
SSH@icx645024p(config-if-e1000-1/1/1)#show int ve 1
Error - ve 1 was not configured
SSH@icx645024p(config-vlan-1)#router-interface ve 1
error - IP routing, vrf, ip policy or route-only was configured on ports 1/1/1
SSH@icx645024p(config-vlan-200)#show vlan
Total PORT-VLAN entries: 2
Maximum PORT-VLAN entries: 64
Legend: [Stk=Stack-Id, S=Slot]
PORT-VLAN 1, Name DEFAULT-VLAN, Priority level0, Spanning tree Off
Untagged Ports: (U1/M1) 1 4 5 6 7 8 9 10 11 12 13 14
Untagged Ports: (U1/M1) 15 16 17 18 19 20 21 22 23 24
Untagged Ports: (U1/M2) 1 2 3 4
Tagged Ports: None
Uplink Ports: None
DualMode Ports: None
Mac-Vlan Ports: None
Monitoring: Disabled
PORT-VLAN 200, Name family, Priority level0, Spanning tree Off
Untagged Ports: None
Tagged Ports: (U1/M1) 2 3
Uplink Ports: None
DualMode Ports: None
Mac-Vlan Ports: None
Monitoring: Disabled
Issue a
To enable other VLAN as tagged on if 1/1/1.Code:conf t int ethe 1/1/1 dual mode
SSH@icx645024p(config-if-e1000-1/1/1)#int ethe 1/1/1
SSH@icx645024p(config-if-e1000-1/1/1)#dual-mode
error - cannot set untagged port 1/1/1 to dual mode
SSH@icx645024p(config-if-e1000-1/1/1)#vlan 200
SSH@icx645024p(config-vlan-200)#tag e 1/1/1
error - IP routing, vrf, ip policy or route-only was configured on ports 1/1/1
Please post a "show run" output, but to me there's something strange on your configuration...It seems that the physical interface has grabbed the IP and is not letting me make changes to it. This is on a 6450 with 8030t firmware, not a 7250. AFAIK, DHCP on VEs is not allowed on 8030t.
Yeah I actually followed your guides for resetting and setting up the switch, I just thought I would try with DHCP first. I am using pfSense for DHCP and DNS so I set my static DHCP mappings there and then access my stuff through their hostnames. I figured that this is not really the way to use these switches since they are L3, I just thought I would try it my usual way first. So to recap, it seems like it is working as designed and we really need to set a static IP since that was how it was supposed to be used.VEs cannot grab an address via DHCP, at least on the icx6xxx series. If you plug in an otherwise blankly configged switch to a network with a dhcp server, fastiron will grab a lease and throw it on the physical port you've plugged in. One of the first steps in my config guide in the OP of this thread is to disable dhcp-client so this doesn't happen, and it instructs you to set up a VE with a static IP so you can manage it in-band. Not sure why you'd want a dynamically assigned address for management of something as important as a core switch. Just pick an unused IP outside of your dhcp range to give the switch, and follow the config guide
I don't think I did, I think it does it (or something else) automatically on DHCP.Please post a "show run" output, but to me there's something strange on your configuration...
Have you issued a "route-only" on ethe 1/1/1? In case, yes, in can't be tagged or untagged, as it will work as a pure layer3 only interface, no switching operations can be done. But it may cause havoc on the relative vlan, as it shouldn't forward traffic to other clients -- I've never used it, I must be sincere with you.
But you're right, it seems that only route only ports can obtain a dhcp lease, not the virtual interfaces. But, they should be the gateway of the relative vlan/broadcast domain, so it is a reasonable assumption that they must have a static IP only.
SSH@icx645024p(config-vlan-200)#show run
Current configuration:
!
ver 08.0.30tT313
!
stack unit 1
module 1 icx6450-24p-poe-port-management-module
module 2 icx6450-sfp-plus-4port-40g-module
!
!
!
!
vlan 1 name DEFAULT-VLAN by port
!
vlan 200 name family by port
tagged ethe 1/1/2 to 1/1/3
!
!
!
!
!
aaa authentication web-server default local
aaa authentication enable default local
aaa authentication login default local
enable aaa console
hostname icx645024p
ip dns domain-list thes
ip dns server-address 10.0.10.1
!
no telnet server
username root password .....
!
!
!
!
!
interface ethernet 1/1/1
ip address 10.0.10.202 255.255.255.0 dynamic
!
!
!
!
!
!
!
!
!
end
Yes, it's a mainly blank config. I have to apologize, I hadn't noticed the behavior that @fohdeesha said, as every time I've reconfigured the switch I've assigned a static IP to a VE. SorryI don't think I did, I think it does it (or something else) automatically on DHCP.