R

1 Message

 • 

70 Points

Tue, Mar 30, 2021 11:45 PM

ICX 6450 VLAN Help

Hey all,

My network currently consists of a pfsense firewall, ubiquiti 8 port switch, and an R610 AP. I've been slowly moving away from ubiquiti products and picked up an icx 6450-48p switch to replace what I have. The issue I've been having, and it's 100% because of my lack of knowledge on how to configure this switch (point goes to ubiquiti for making their GUI stupid simple), is that I'm not 100% sure how to properly setup the vlans for a single port that would connect to my AP.

I have a single LAN interface with 2 VLANs setup in pfsense (tags 43 and 63) which is plugged into port 1 of the switch. Port 48 on the switch will attach my AP w/PoE. I currently have 3 SSIDs on the AP as followed:

  • Main SSID - LAN
  • Work SSID - VLAN 43
  • Guest SSID - VLAN 63

Now when messing around with setting up the vlans and tagging the ports (dual-mode as well), I was able to get the AP to work properly over the VLANs (43 and 63), but was unsuccessful in getting the untagged LAN traffic working. Was I right in setting up dual mode? This seems like a very simple use case, but it's stumped me and I'm not sure where I need to go. Thanks in advance!

Here is a quick diagram that hopefully illustrates this issue more clearly

Official Rep

 • 

210 Messages

 • 

3.1K Points

8 m ago

Hi Ryan,


How to allow Un-tagged and tagged VLAN, in a Trunk port ? 

To achieve this, add desired VLANs as tagged into the interface and then use "dual-mode" command to make any of the added Tagged VLAN as Un-tagged.

Example:

User has VLAN 10 as native, VLAN 20 and 30 for wireless clients. User wants to add VLAN 10 as Un-tagged and VLAN 20,30 a tagged to switch port 
ethernet 1/1/1.

To enable the dual-mode feature on port 1/1/1, enter the following commands:

Access the Brocade ICX switch-

device# enable
device(config)# vlan 10 
device(config-vlan-10)# tagged ethernet 1/1/1  (This will allow VLAN 10 as tagged into interface ethernet 1/1/1)
device(config-vlan-10)# exit 
device(config)# interface ethernet 1/1/1 
device(config-if-e1/1/1)# dual-mode 10 (This will make VLAN 10 as Un-tagged into interface ethernet 1/1/1)
device(config-if-e1/1/1)# exit 
device(config)# vlan 20 
device(config-vlan-20)# tagged ethernet 1/1/1 (This will allow VLAN 20 as tagged into interface ethernet 1/1/1)
device(config-if-e1000-2/11)# exit 
device(config)# vlan 30 
device(config-vlan-30)# tagged ethernet 1/1/1 (This will allow VLAN 20 as tagged into interface ethernet 1/1/1)
device(config-if-e1000-2/11)# exit 


=====================================

To verify the VLAN setting, use below command:

device# show vlan
Total PORT-VLAN entries: 3
Maximum PORT-VLAN entries: 16
legend: [S=Slot]
PORT-VLAN 1, Name DEFAULT-VLAN, Priority level0, Spanning tree Off
 Untagged Ports: (S1)     2  3  4  5  6  7  8
 Untagged Ports: (S2)     2  3  4  5  6  7  8 12 13 14 15 16 17 18 19
 Untagged Ports: (S2) 20 21 22 23 24
   Tagged Ports: None
   Uplink Ports: None
 DualMode Ports: None
PORT-VLAN 10, Name [None], Priority level0, Spanning tree Off
 Untagged Ports: (S2) 
   Tagged Ports: None
   Uplink Ports: None
 DualMode Ports: (S2) 1
PORT-VLAN 20, Name [None], Priority level0, Spanning tree Off
 Untagged Ports: None

   Tagged Ports: (S2)  1
   Uplink Ports: None
 DualMode Ports: (S2) 
PORT-VLAN 30, Name [None], Priority level0, Spanning tree Off
 Untagged Ports: None
   Tagged Ports: (S2)  1
   Uplink Ports: None
 DualMode Ports: (S2) 

====================================

This is from our KB article, You can find the  full KB at https://support.ruckuswireless.com/articles/000006352

Thanks

Jijo 

Important Announcement