Ethernet Switches & Routers

Reply
Regular Visitor
Posts: 1
Registered: ‎12-24-2016

Inter Vlan fox ICX 7250


I don't have any Firewall/router, but i have one brocade icx 7250-24port with L3 premium license,

I need to connect my wan directly to ICX7250 ethernet port 1/1/1 Valn 101 with ip address of 111.93.146.238/30 and dns 8.8.8.8 and untagged.


And i created Valn 102 ethernet 1/1/3 to 1/1/4 untagged with the ip address 192.168.102.1/24

 

how i can share the internet from 1/1/1

 

Contributor
Posts: 63
Registered: ‎07-20-2015

Re: Inter Vlan fox ICX 7250

Unless you really want to separate the VLAN of the traffic to 102, being it is untagged, it would end up on the default VLAN of the switch.

 

In other words, whatever port untagged traffic comes in on will end up being a member of whatever VLAN that port is an untagged member of.

 

 

For my answer, I am presuming 192.168.102.1/24 is what you intend the Default Gateway of your LAN to be for UNTAGGED traffic...  This also assumes the WAN provider is using 111.93.146.237; since, you are using .238 and those are the only two (2) usable:

 

Here is how I would go about it (different Brocade model but should be similar)... Feel free to add to, change, or redact portions you do not want:

 

In this config ALL ports are untagged in VLAN 1 except 1/1/1,w hcih is in  VLAN 101.

 

 

 

ver 08.0.30hT313
!
!
!
!
vlan 1 name DEFAULT-VLAN by port
router-interface ve 1
!
vlan 101 name WAN by port
untagged ethe 1/1/1
router-interface ve 101
!
!
!
!
!
aaa authentication web-server default local
aaa authentication enable default local
aaa authentication login default local
aaa authentication login privilege-mode
console timeout 30
enable aaa console
hostname <YOURHOSTNAME>
ip dns domain-list yourcompany.com
ip dns server-address 8.8.8.8
ip route 0.0.0.0/0 111.93.146.237
!
logging host <IP of your Syslog Server>
logging console
logging persistence
no telnet server
username <USERNAME> password .....
cdp run
fdp run
snmp-server community ..... ro 99
snmp-server contact YOURDEPARTMENT
!
!
clock summer-time
clock timezone us Eastern
!
!
ntp
server <IP of your NTP server>
!
!
web access-group 99
no web-management http
web-management https
banner motd ^
------------------------------------------------------------------------

YOUR SITE DETAILS... Your Message here i.e.
Authorized access only!!

------------------------------------------------------------------------
^
!
ssh access-group 99
!
!
!
interface ethernet 1/1/1
port-name Port Speed and Duplex MUST Match ISP CHECK IT
speed-duplex 100-full
sflow forwarding
!

interface ve 1
port-name Default Gateway
ip address 192.168.102.1/24
ip helper-address 1 <your DHCP Server>
ip helper-address 2 <Another DHCP Server>
!
interface ve 101
port-name WAN Circuit
ip address 111.93.146.238 255.255.255.252
!
!
!
access-list 99 permit host 10.1.2.3
access-list 99 permit 10.2.0.0 0.0.255.255
access-list 99 deny any log
!
!
sflow agent-ip 111.93.146.238
sflow sample 512
sflow polling-interval 30
sflow destination <IP of your Syslog Server> 2055
sflow enable
!
lldp run
!
!
ip ssh authentication-retries 2
ip ssh timeout 30
ip ssh idle-time 30
ip ssh scp disable
ip ssh encryption disable-aes-cbc
!
!
end

 

 

 

 

Contributor
Posts: 63
Registered: ‎07-20-2015

Re: Inter Vlan fox ICX 7250

If you just want the bare snipits to make it run, this would probably work:

 

vlan 1 name DEFAULT-VLAN by port
router-interface ve 1
!
vlan 101 name WAN by port
untagged ethe 1/1/1
router-interface ve 101


ip dns server-address 8.8.8.8
ip route 0.0.0.0/0 111.93.146.237

interface ethernet 1/1/1
port-name Port Speed and Duplex MUST Match ISP CHECK IT
speed-duplex 100-full
!
interface ve 1
port-name Default Gateway
ip address 192.168.102.1/24
ip helper-address 1 <your DHCP Server>
ip helper-address 2 <Another DHCP Server>
!
interface ve 101
port-name WAN Circuit
ip address 111.93.146.238 255.255.255.252
!

 

 

Now, if you really want to run teh other ports, untagged in a different VLAN, go for it.

Just make sure that they are UNTAGGED (since computers usually do not send tagged FRAMES) in that VLAN and that you put in a "router-interface ve #" and your Gateway options under the corresponding "interface ve #" that matches.

 

For good measure, I personally use hte same number as the actual VLAN, but you don't have to do it that way.

Contributor
Posts: 54
Registered: ‎01-27-2010

Re: Inter Vlan fox ICX 7250

Private IP addresses like 192.168.x.x won't work on the public Internet which by design can't send traffic to them. So you need a device which will translate your private IPs to the public IP from your Internet provider.  Unfortunately, Network Address Translation (NAT) is not supported on Brocade ICX switches, even with the new 8.0.50 firmware. But any Internet router/gateway includes the feature.

 

Also, unless all your systems are running good built-in firewalls, putting them directly on the Internet without more security protection (like a stateful firewall) is approximately as risky as skydiving without a parachute.

Contributor
Posts: 63
Registered: ‎07-20-2015

Re: Inter Vlan fox ICX 7250

True, but we know nothing about his network topology.  He clearly indicates he has a WAN, and I invision it as going backto a datacenter with a Firewlal connecting to the Internet taking care of the NAT pool.

 

My thought is he has no firewall on the WAN traffic, but I am not certain how it is setup.

 

Regardless, there is nothing stopping an ICX 7250 from serving as a WAN Router to get his clients on the Internet if that is how it is setup.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.