You got me thinking.The trunk port is the problem. In the Cisco world you use an access port not a trunk port. I don't know how to translate to your world. You can try uplink.
You are doing layer 2 from OpenWRT to your L3 switch.
ip helper-address 1 172.16.1.2
to VLAN 9 and VLAN 100 on the switch, so it knows where the DHCP server is.Yes, I wouldn't change anything to the VLANs defined on the switch.Seems like to me you need the 172 network also defined on the layer 3 switch
Same as currently, as per the instructions from kapone.How does the router route to the L3 switch in your example above?
As far as I understand, the Brocade does L3 because each VLAN has a virtual router interface defined.To me the problem lies with Brocade L3 switch not the OpenWRT router. How does the switch do layer 3?
ICX6450-48P-Router(config-vlan-9)#sh ip route
Total number of IP routes: 4
Type Codes - B:BGP D:Connected O:OSPF R:RIP S:Static; Cost - Dist/Metric
BGP Codes - i:iBGP e:eBGP
OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2
Destination Gateway Port Cost Type Uptime
1 0.0.0.0/0 172.16.1.2 ve 172 1/1 S 1d22h
2 10.25.9.0/24 DIRECT ve 9 0/0 D 3d10h
3 10.25.100.0/24 DIRECT ve 100 0/0 D 3d2h
4 172.16.1.0/24 DIRECT ve 172 0/0 D 1d22h
% traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets
1 10.10.10.1 (10.10.10.1) 0.607 ms 0.258 ms 0.263 ms
2 firewall1 (172.16.1.2) 0.433 ms 0.351 ms 0.361 ms
3 * * *
4 ae1316-21.artnvafc-mse01-aa-ie1.verizon-gni.net (100.41.24.204) 3.199 ms
ae1316-20.washdcdn-mse01-aa-ie1.verizon-gni.net (100.41.24.202) 2.362 ms
ae1316-21.artnvafc-mse01-aa-ie1.verizon-gni.net (100.41.24.204) 6.999 ms
5 0.ae2.gw16.iad8.alter.net (140.222.3.89) 3.618 ms 4.472 ms
0.ae1.gw16.iad8.alter.net (140.222.3.87) 4.085 ms
6 
.170.148.204.in-addr.arpa (204.148.170.158) 4.095 ms 5.060 ms 5.086 ms
7 10.252.69.254 (10.252.69.254) 4.189 ms
10.252.242.190 (10.252.242.190) 3.864 ms 3.559 ms
8 dns.google (8.8.8.8) 4.508 ms 4.590 ms 3.735 ms
@Nikotine - Notice in your traceroute output, that just your gateway on the Brocade (10.25.100.2) is taking almost 4ms to respond. That's WAY too long. That's the reason I'm focussing on the routing being "out of whack" even though it works for the intended purpose, but not traceroute.pi@rpi3-sdr:~ $ traceroute -i enxb827eb45a8ec 9.9.9.9
traceroute to 9.9.9.9 (9.9.9.9), 30 hops max, 60 byte packets
1 10.25.100.2 (10.25.100.2) 3.943 ms 3.995 ms 4.566 ms
2 WRT1900AC.lan (10.25.100.1) 3.190 ms 3.077 ms 2.982 ms
3 WRT1900AC.lan (10.25.100.1) 2.906 ms 2.812 ms 2.718 ms pi@rpi3-sdr:~ $
Current configuration:
!
ver 08.0.30tT313
!
stack unit 1
module 1 icx6450-48p-poe-port-management-module
module 2 icx6450-sfp-plus-4port-40g-module
!
global-stp
!
!
!
vlan 9 name main by port
untagged ethe 1/1/2 to 1/1/36 ethe 1/2/1 to 1/2/4
router-interface ve 9
!
vlan 100 name IPcams by port
untagged ethe 1/1/37 to 1/1/48
router-interface ve 100
!
vlan 172 name TRANSIT by port
untagged ethe 1/1/1
router-interface ve 172
!
vlan 4095 name DEFAULT-VLAN by port
!
!
!
!
!
aaa authentication web-server default local
aaa authentication enable default local
aaa authentication login default local
default-vlan-id 4095
enable telnet authentication
hostname ICX6450-48P-Router
ip dhcp-client disable
ip dns server-address 172.16.1.2
ip route 0.0.0.0/0 172.16.1.2
!
no telnet server
username root password .....
snmp-server community ..... ro
!
!
clock summer-time
clock timezone gmt GMT+01
!
!
ntp
disable serve
server 10.25.9.1
!
!
web-management https
web-management refresh front-panel 30
web-management session-timeout 3600
!
!
!
interface ethernet 1/1/37
inline power priority 1 power-by-class 3
!
interface ve 9
ip address 10.25.9.2 255.255.255.0
ip helper-address 1 172.16.1.2
!
interface ve 100
ip address 10.25.100.2 255.255.255.0
ip helper-address 1 172.16.1.2
!
interface ve 172
ip address 172.16.1.1 255.255.255.0
!
!
!
!
!
!
!
!
!
end
Yeah and I was kind of hoping that the switch would then route this DHCP offer from VLAN 172 to VLAN 9 or 100This is most likely not going to work.
- On the transit interface on the wrt we have told it that the route for 10.25.0.0/16 is over 172.16.1.1
- If the 10.25.x.x subnets are on that same interface, the static route above will kick in.
- When the DHCP discovery broadcast happens on 10.25.x.x wrt will respond over 172.16.x.x.
- er...
Do you still have the static route on the wrt? (10.25.0.0/16) Remove it.- the OpenWRT router can ping 172.16.1.1 but not 10.25.9.2 or 10.25.100.2
Of course. My DHCP/DNS server(s) is on a completely different subnet, isolated from everything else. All it does is DHCP/DNS (and Active Directory in my case). It's on a 10.10.4.x subnet, and scopes have been created in it for the various subnets.does your DHCP server offer IP addresses for different subnets?
I explained this problem already. You are using a trunk port between the switch and router so the routing is not happening to 172 network.This IS a routing problem.
Somewhere somehow the "first hop" for the 10.25.9.x and 10.25.100.x VLANs on the Brocade is being recognized as the .1 IP address respectively in those subnets (still completely on the Brocade). That should not be happening. As an e.g., if I run a traceroute:
- I don't have any VLANs defined on firewall (pfsense) because I don't use it for DHCP.Code:% traceroute 8.8.8.8 traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets 1 10.10.10.1 (10.10.10.1) 0.607 ms 0.258 ms 0.263 ms 2 firewall1 (172.16.1.2) 0.433 ms 0.351 ms 0.361 ms 3 * * * 4 ae1316-21.artnvafc-mse01-aa-ie1.verizon-gni.net (100.41.24.204) 3.199 ms ae1316-20.washdcdn-mse01-aa-ie1.verizon-gni.net (100.41.24.202) 2.362 ms ae1316-21.artnvafc-mse01-aa-ie1.verizon-gni.net (100.41.24.204) 6.999 ms 5 0.ae2.gw16.iad8.alter.net (140.222.3.89) 3.618 ms 4.472 ms 0.ae1.gw16.iad8.alter.net (140.222.3.87) 4.085 ms 6 
.170.148.204.in-addr.arpa (204.148.170.158) 4.095 ms 5.060 ms 5.086 ms 7 10.252.69.254 (10.252.69.254) 4.189 ms 10.252.242.190 (10.252.242.190) 3.864 ms 3.559 ms 8 dns.google (8.8.8.8) 4.508 ms 4.590 ms 3.735 ms
- The 10.10.10.1 IP is the gateway IP given out by my DHCP server (Windows Server 2016) for the 10.10.10.x VLAN. (I'm on a device in this VLAN)
- 172.16.1.2 is the TRANSIT VLAN between my Brocade (6610) and pfSense, where the switch is 172.16.1.1 and pfSense is 172.16.1.2
- I have a default route 0.0.0.0/0 defined on the switch that points to 172.16.1.2
- I do have helper IP addresses on VLANs in the Brocade, which is how my Windows Server does DHCP.
- My global-stp is off on the Brocade.
Notice that the traceroute command immediately jumps to the transit network as the next hop. That's how it should work.
Please look at post #50, I'm no longer using a trunk port.I explained this problem already. You are using a trunk port between the switch and router so the routing is not happening to 172 network.
I don't believe that is true. Just because you create a 172 network does not mean you will use it. If you are not using s trunk port then I would say the switch is broke because it still should not do layer 2 unless your trace route has changed.Please look at post #50, I'm no longer using a trunk port.
It's not that simple. Before @Nikotine ripped up his config and started again...I explained this problem already. You are using a trunk port between the switch and router so the routing is not happening to 172 network.
Think about it. Network 10.25.9.0/24 and 10.25.100.0/24 are known networks so they will not use the default gateway.