If the ethernet interface is a part of any VLAN, whether tagged or untagged, you can not assign it an IP address or set route-only mode. Using the VE as you are will work and for some cases are necessary - for example, running pfSense/OPSense/VyOS on a virtual machine. For your setup, I'd still recommend ditching the needless VLAN at all for the connection to your USG. Even if you set up a LAG between the USG and switch, you can set route-only and IPv4/IPv6 addresses on the lag (via the LAG's primary-port). route-only just disables L2 traffic on that interface.I did play around with this some, and ended up finding a setup that appears to do most of what I would like. For experimentation, I allocated a /20 block to play with. 192.168.48.0/20
As suggested, in the Unifi controller I configured the following:
- The transit/uplink network on LAN2, as 192.168.123.1/30 no DHCP services.
- Created a static route 192.168.48.0/20, next hop 192.168.123.2
On the Brocade:
- I wasn't able to figure out a way to get it to let me assign an IP directly to e 1/1/1, even without it tagged in any network, and no ip assigned to VE1. I ended up just assigning the 192.168.123.2 IP to VE1, which appears to be working.
- I set the default gateway to 192.168.123.1
- I then created my VLANs wholly within the switch, using the DHCP server built into the switch, as nothing I tried would get the USG to give out IP, since it doesn't know about those VLAN networks.
With things setup like this, I can plug into either my "50" vlan or "60" vlan on the switch, and get the correct IP, and can reach the rest of my network, and outside world correctly. The one oddity is that the Unifi controller lists the IP's as being owned by the MAC of the switch, but that isn't really an issue as far as I can tell.
Thank you so much for your suggestions, they did help guide me towards something that worked!
Once you get things working, since you're doing this for much of the same reasons I am - learning and home network performance, you might look into port security on the port(s) connected to your router. I don't believe the USG supports OSPF but if you do get your EdgeRouter working I believe that supports OSPF which would make LAN routing more automated vs. the static route.
Here's the pertinent configuration from a test I just did on my switch:
Code:
lag test dynamic id 2
ports ethernet 1/1/23 to 1/1/24
primary-port 1/1/23
lacp-timeout short
deploy
interface ethernet 1/1/23
route-only
ip address 192.168.123.2 255.255.255.252
no flow-control
Yes, there are still licenses available. See the original post of this thread for information on getting them (still for free).Hey everyone, Sort of long time lurker. first time poster. I've been using ebay cisco switches for a few years now and have always been happy. But want to expand my knowledge of other platforms as well as bring 10G to the home lab.
I got a ICX6610-48P-E on the way. Is getting licenses still a thing? Got the switch from a friend of a friend of a friend and I'm pretty sure it has no license on it. But I'll know more when I get my hands on it.
Thanks!
Last edited: