Help with setting up VLAN trunk ports on ICX switches - is this possible?

  • 1
  • Question
  • Updated 1 month ago
I have several Ruckus ICX7150-12P switches, running 08.0.92d (SPR08092d.bin).

Our router is a pfSense.

I'm trying to setup trunk ports to act as uplink ports between the ICX switches.

I'm normally used to Cisco/Arista, and their concept of access/trunk ports - so I'm still getting used to configuring things on Ruckus.

I've created the VLANs, and I've designated some ports as access ports like so:
vlan 16 name Office
tagged ethernet 1/1/12
However, when I try to create the trunk ports, I hit an issue:

ICX7150-C12 Router(config-if-e1000-1/1/1)#vlan-config add all-tagged 
INFO : Command may take approximately 0 Seconds
error - IP routing, vrf, ip policy, route-only, rpf-mode, ip-mac or ip tcp mss was configured on ports  1/1/1
I checked, and port 1/1/1 does have an IP address - it seems to have pulled one via DHCP by default. (And I can also use this IP address to SSH into the switch and configure things).

I found out that I can remove the IP address, then apply the above VLAN configuration:
ICX7150-C12 Router(config-if-e1000-1/1/1)#int eth 1/1/1
ICX7150-C12 Router(config-if-e1000-1/1/1)#no ip address * 
ICX7150-C12 Router(config-if-e1000-1/1/1)#vlan-config add all-tagged 
INFO : Command may take approximately 0 Seconds
ICX7150-C12 Router(config-if-e1000-1/1/1)#
 VLAN : [  82] 
Port(s) ethe 1/1/1  add to 2 vlan(s) complete.....
However, the IP address seems to come back on its own after a couple of minutes.

Obviously, I assume this isn't the correct way to configure things.

The other issue is - devices don't seem to be talking correctly through the uplink ports I've configured between two ICX switches.

Anyhow - what is the correct way of setting up some ports as access ports (e.g. Ports 2-4 are VLAN 10, ports 5-10 are VLAN 20, ports 11-12 are VLAN 30), and then also trunk ports that connect between the switches, and to our router, that carry all the VLANs?
Photo of victorhooi

victorhooi

  • 3 Posts
  • 0 Reply Likes

Posted 1 month ago

  • 1
Photo of Paul McGuire

Paul McGuire

  • 36 Posts
  • 15 Reply Likes
Here are a few of my VLAN configs that uplink to a cisco switch via fiber from a icx7150-48p stack running 08.0.92b

Vlan with management IP address:

vlan 101 name "VLan name" by port
 tagged ethe 1/3/2 ethe 1/3/4 ethe 3/2/1 ethe 3/3/2 ethe 3/3/4
 untagged ethe 1/1/2 to 1/1/48 ethe 2/1/1 to 2/1/48 ethe 3/1/2 to 3/1/48
 spanning-tree 802-1w
 management-vlan
 default-gateway  10.54.1.1 1

Other Vlans without IP address:

vlan 22 name "Voice" by port
 tagged ethe 1/3/2 ethe 1/3/4 ethe 3/1/2 to 3/1/48 ethe 3/3/2 ethe 3/3/4
 untagged ethe 3/1/1
 spanning-tree 802-1w
!
vlan 90 name Wireless by port
 tagged ethe 1/3/2 ethe 1/3/4 ethe 3/3/2 ethe 3/3/4
 untagged ethe 4/1/1 to 4/1/8
 spanning-tree 802-1w
!
vlan 91 name "Guest Wireless" by port
 tagged ethe 1/3/2 ethe 1/3/4 ethe 3/3/2 ethe 3/3/4 ethe 4/1/1 to 4/1/8
 spanning-tree 802-1w

hostname MDF
ip address 10.54.1.16 255.255.255.0

Tagged ports are uplink ports IE in cisco terms "trunk" ports
Untagged ports are access ports

The only config I have on the ports themselves is for qos and speed-duplex

interface ethernet 3/1/7
 voice-vlan 22
 trust dscp

interface ethernet 1/3/2
 speed-duplex 1000-full


Hope this helps

PJM

Photo of Dacvar

Dacvar

  • 14 Posts
  • 1 Reply Like
Hi,

Un fastiron OS what we calle access ports should be SET as "untagged"

So for example:
VLAN 20
untag ethernet 1/1/5 to 1/1/10. (One Port can be untagged un one clan only)

For the "trunk ports" these needs to be Tagged one Port can be Tagged in More than one VLAN.

VLAN 12
Tag ethernet 1/1/1

For the IP addess you can create a virtual interface (VE) under the VLAN 12 for example so int 1/1/1 uses that IP.
Photo of Andre Paiva

Andre Paiva

  • 5 Posts
  • 1 Reply Like
Hi ...
Commands tips

# Add/remove vlan access in interface
ICX7150-C12 Switch(config)# vlan 200
ICX7150-C12 Router(config-vlan-200)# untagged ethernet 1/1/3
ICX7150-C12 Switch(config)# vlan 300
ICX7150-C12 Router(config-vlan-300)# untagged ethernet 1/1/5 to 1/1/7
ICX7150-C12 Router(config-vlan-300)# no untagged ethernet 1/1/5 to 1/1/7
ICX7150-C12 Switch(config)# show vlan

# Add/remove vlan trunk in interface
ICX7150-C12 Switch(config)# vlan 200
ICX7150-C12 Router(config-vlan-200)# tagged ethernet 1/1/4
ICX7150-C12 Router(config-vlan-300)# tagged ethernet 1/1/5 to 1/1/7
ICX7150-C12 Router(config-vlan-300)# no tagged ethernet 1/1/5 to 1/1/7

# Create interface IP (MODE FIRMWARE SWITCH - SPS08080b)
ICX7150-C12 Switch# ip address 192.168.1.27 255.255.255.0
ICX7150-C12 Switch# show ip
ICX7150-C12 Switch# ip default-gateway 192.168.1.1

# Create interface vlan IP (MODE FIRMWARE ROUTER - SPR08061b)
ICX7150-C12 Switch(config)# vlan 1
ICX7150-C12 Router(config-vlan-1)# router-interface ve1
ICX7150-C12 Router(config-vlan-1)# exit
ICX7150-C12 Switch(config)# interface ve1
ICX7150-C12 Switch(config-vif-1)# ip address 192.168.1.170/24
ICX7150-C12 Switch(config-vif-1)# exit
ICX7150-C12 Switch(config)# ip route 0.0.0.0/0 192.168.158.151
ICX7150-C12 Switch(config)# show ip interface

# Disable ip dhcp-client 
ICX7150-C12 Switch(config)# no ip dhcp-client enable

ICX7150-C12 Switch(config-if-e1000-2/1/1)# no ip dhcp-client enable 


Photo of Bob Heathote

Bob Heathote

  • 6 Posts
  • 0 Reply Likes

I haven't seen an example of multiple VLAN tagged which I think is what he wanted so here goes

First state the vlans (five in this example, 2, 4, 7, 10, 40)

config)# VLAN 2 4 7 10 40 

Then tag those to the interface

config-vlan 2*40# tag int e 1/1/1

Done!


save your work, tho :-)



Photo of Paul McGuire

Paul McGuire

  • 36 Posts
  • 15 Reply Likes
Running the router (layer 3) code is a big difference than running the switch (Layer 2) code.  If you have pfsense as your router I would think you would be better off running the switch code.