For more details, please see ourCookie Policy.

Ethernet Switches & Routers

New Contributor
Posts: 2
Registered: ‎10-31-2017

switch vs router setting ip address for the web portal

I am new to networking let alone the brocade brand.  I was able to setup the icx6450 in switch mode to allow access to the web management protal.  Which basically set an ip address for the entire switch and was accessable from every port.  On the other hand Im confused about the setup of the web portal in router mode.  It seems that the router you have to set an ip address to a specific port and somehow allow access from the port to the web portal.  Can someone explain exactly how this is done.  And can you set a different ip address for each port on a router?  Im used to home routers where the deviece as a whole has an ip address not a port. thank you

Frequent Contributor
Posts: 137
Registered: ‎07-20-2015

Re: switch vs router setting ip address for the web portal

[ Edited ]

It is pretty much the same.


The difference is a router routes for directly connected routes by default.  If you put an IP on an Interface, that network gets added to the routing table.  If you add it to a a SVI (Software Virtual Interface) which brocade calls a VE, it then routes for entire collections of interfaces that are a member of that VLAN where the VE is assigned.


Static routes tell a router where to find subnets that are not directly connected, and dynamic routes build routing tables automatically.




Personally, I don't like the web interface.  I can make changes in seconds at the terminal via SSH, and I can confgure an entire switch in maybe 5 to 10 minutes by pasting in blocks from a template.


Here are items from my standard router configureation for an ICX 6450:



As for the web interface it merely needs to be reachable.


Here is kind of what I do:


hostname somename

username myuser password somepassword


Setup SSH keying:


crypto key zeroize rsa

cryoto key zeroize dsa


crypto key generate rsa mod 2048



<wait until it gens>



crypto-ssl certificate generate


<wait until it gens>



Next I usually provision a couple VLANs and assign the VEs.  Untagged simply means we are using Access Ports not trunk ports...


vlan 1 name Data by port
router-interface ve 1
vlan 100 name WAN by port
untagged ethe 1/2/1
router-interface ve 100


<show vlan shows what you have>

<dual-mode is a native vlan>


Setup AAA Behavior.  You would change this if you are doing RADIUS or similar: 

aaa authentication web-server default local
aaa authentication enable default local
aaa authentication login default local
aaa authentication login privilege-mode


enable aaa console



console timeout 30



A default route if you want one:
ip route



For security:

no telnet server


If you want discovery protocols:

cdp run
fdp run
lldp run


 Secure web management only:


no web-management http
web-management https



You probably want to do routing:


interface ve 1
port-name Data Gateway
ip address
ip helper-address 1
ip helper-address 2


interface ve 100
port-name Metro-E Circuit
ip address




At this point, you have got it.  You will probably want to create an ACL to limit access to SSH and the website.  Remember there is an implicit deny at the end and a simple standard ACL is what you need.


Something like:


access-list 99 permit host
access-list 99 permit



To apply it:


ssh access-group 99
web access-group 99



If you want to sync time set your zone and an NTP source:



clock summer-time
clock timezone us Eastern


If you want a banner:


banner motd ^

your banner here



To describe your ports:


interface ethernet 1/2/1
port-name My WAN Circuit





Secureing SSH:


ip ssh authentication-retries 2
ip ssh timeout 30
ip ssh idle-time 30
ip ssh scp disable
ip ssh encryption disable-aes-cbc



Improve Logging:


logging console
logging persistence




Perhaps you want to capture flows:

sflow agent-ip

sflow sample 512
sflow polling-interval 30
sflow destination 2055
sflow enable


For whatever interfaces you want to report flows:


interface ethernet 1/1/1 
sflow forwarding


New Contributor
Posts: 2
Registered: ‎10-31-2017

Re: switch vs router setting ip address for the web portal

Thank you very much for your help do you mind if I msg you if I hit a snag with setting it up?
Frequent Contributor
Posts: 137
Registered: ‎07-20-2015

Re: switch vs router setting ip address for the web portal

That's fine.... Go ahead. In fact if you make it after 4 PM EDT, you can even call me.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.