ICX-7750 routing and switching concurrently

  • 1
  • Question
  • Updated 2 months ago
  • Answered
We've used ICX-7750 switches for a while to support fiber links to all of our campus wings but now we are looking to use the devices to replace our aging router for each school.  We were able to configure the port 1 for our WAN link and port 2 for our LAN side and routing everything correctly (we only use simple RIP routing) but ports 20 through 48 go out to our wings that are on the same LAN as port 2.  I'm sure there is a simple way to bridge these ports, I'm just not familiar enough with the router software to know how to do it.

Any assistance is greatly appreciated
Photo of Jason Pomeroy

Jason Pomeroy

  • 5 Posts
  • 0 Reply Likes

Posted 3 months ago

  • 1
Photo of Duke Schweikert

Duke Schweikert

  • 7 Posts
  • 4 Reply Likes
Is everything to be in a flat network? Currently do you have an IP address applied to ethernet 1/1/2? If you want to bridge all the ports, it would be better to designate a vlan, whichever one you want, then create a router-interface ve X (good to go with VLAN number for VE number) then untag all the ports you require to be in the same VLAN, then go to the interface ve X sub-configuration and put your IP address and tie it to RIP.
Photo of NETWizz

NETWizz

  • 140 Posts
  • 37 Reply Likes
Duke answered first and correctly.  Essentially, what Duke is saying is that under the VLAN you can put your interfaces...

vlan 7 name WINGS by port
 untagged ethe 1/1/20 to 1/1/48
!

Tagged is for anything you want to be a Trunk port if you were to use Cisco's terminology.  Simply put, tagged will add an 802.1q tag on on the Layer-2 frames, such that you can carry multiple VLANS on a single interface.  A use case would be if you wanted to carry VoIP on another VLAN to the wings, too.  Untagged just makes these all access-ports meaning.  Generally, most network engineers design links between switches to be trunk ports with "tagged" terminology because it is easy to add another VLAN.  The edge switches in the WINGS will still have access-ports "untagged."  Some interfaces will support both such as TAGGED for VoIP and UNTAGGED for Data.  08.0.80 and later you simply use the tagged and untagged keywords.  In older software code families, you would use dual-mode.  In the Cisco world this is known as a native-VLAN. 

router-interface ve x belongs in the VLAN configuration.  It is what ICX devices refer to as a VRI (virtual router interface).  In the Cisco world this would be known as an SVI (software virtual interface), and it would be something like "interface vlan 7"

For example:

vlan 7 name WINGS by port
 untagged ethe 1/1/20 to 1/1/48
 router-interface ve 7
!
vlan 100 name WAN by port
 untagged ethe 1/2/1
 router-interface ve 100
!


interface ve 7
 port-name Data Gateway for WINGS
 ip address 10.1.0.1 255.255.0.0
 ip helper-address 1 10.1.2.3
 ip helper-address 2 10.4.5.6
!


interface ve 100
 port-name WAN Gateway
 ip address 10.250.120.46 255.255.255.252
!

(Edited)
Photo of Jason Pomeroy

Jason Pomeroy

  • 5 Posts
  • 0 Reply Likes

Thanks both for the replies.  We do send out 802.1q tagged VoIP and student VLANS out to the wings so we're used to using dual-mode on the switch side.

I'll play with the ve interfaces now. If I understand this correctly now we are in essence treating all the ports as router ports.  I'm not creating a bunch of overhead work for the ICX unit by doing this am I?

Thanks again for the point in the right direction.
Photo of NETWizz

NETWizz

  • 130 Posts
  • 30 Reply Likes
Awesome.

In that case you will use the "tagged" keyword for each VLAN you send to the WINGS including the Student and Voice VLAN.



It will be something more like this:

vlan 7 name DATA-WINGS by port
 tagged ethe 1/1/20 to 1/1/48
 router-interface ve 7
!
vlan 123 name VoIP-WINGS by port
 tagged ethe 1/1/20 to 1/1/48
 router-interface ve 123
!
vlan 100 name WAN by port
 untagged ethe 1/2/1
 router-interface ve 100
!


No only the ve interface is treated like a virtual router port.  Specifically, this port will show up as a directly-connected route for whatever subnet you assign to it (based on its IP and Mask).  This serves as the gateway for ALL devices within this VLAN to get off their respective subnet when they send packets to a destination IP in a different subnet via this IP as a default gateway..  This setup with an entire VLAN of ports mapping to a virtual routing interface (VRI) is in-fact an extremely common configuration for this or any vendor's multi-layer switch with the only difference being the terminology and configuration methodology.  This setup is like having a router and a switch inside the same chassis.

The overhead is of no concern whatsoever for the switching; the ICX 7750 is a workhorse with a line-speed ASIC to do the switching up to the full-speed of its switching capacity, which is a minimum of 1.92 Tbps depending upon which model.  That works out to where this device can run 40 Gbps per interface on all 48 interfaces at the same time.

You are probably running 1Gbps or 10Gbps connections via media types 1000BaseSX or LX or 10GBaseSR or LR to the wings. Depending upon if you have multimode or singlemode fiber.

Regardless, when you can look at the routing table if you do a "show ip route."  It isn't going to list it for each physical port but rater it is going to list it by its VE... something like this given the last post I made.  You may have some Rip routes"R"; since, you mentioned you use RIP.  It is also fairly common to have a default route 0.0.0.0/0 listed with its next-hop IP shown int the gateway column instead of "DIRECT."  Based on my last post, It will be something like:

[email protected]#sh ip route
Total number of IP routes: 4
Type Codes - B:BGP D:Connected O:OSPF R:RIP S:Static; Cost - Dist/Metric
BGP  Codes - i:iBGP e:eBGP
OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2
        Destination        Gateway         Port          Cost          Type Uptime
1       10.1.0.0/16      DIRECT          ve 7          0/0           D    12d13h
2       10.250.120.44/30  DIRECT          ve 100        0/0           D    12d13h




You really have to worry about the dual-mode or access-ports "untagged" only on the edge switches out in the wings.

Basically, in the above example, you would bring both VLANs 7 and 123 into the edge switches as TAGGED; since, they would have an 802.1q tag present on each frame crossing that link.  Then they would go to the end computers untagged to transmit that same layer-2 frame on the LAN segment without an 802.1q tag, so it is understood by the end computers or printers (for example).

 Usually phones are Tagged, so you can share the same physical ports.  Dual-mode was your native-vlan.  Now you just use untagged and tagged in 08.0.80 and later build families.  Th configuration is simply more streamlined.

***

If you have multiple pairs of fiber to the wings, I would highly suggest the switches in the wings be stacked, and that you have a stack of ICX-7750's.  You would then be able to make a Link Aggregation (LAG) to each wing using LACP.  Essentially, you would double the bandwidth and reliability in that you would be able to loose either ICX-7750 and still have half the LAG's virtual interface up and operational.

In the closets with the edge switches, I would terminate half the LAG on the active and the other half on the standby units in the stack.  This way you could loose any one switch in the stack and still have at least half the LAG operational maintaining connectivity.  With hitless-failover, you can even replace a broken switch in a stack without restarting the entire stack!

(Edited)
Photo of Jason Pomeroy

Jason Pomeroy

  • 5 Posts
  • 0 Reply Likes

I may be getting in over my head now but we do use vlan 1 for network hardware throughout the site so our Brocade switches all have a default of 7 and run ports in dual-mode 1 with the other vlans if phones or student devices are attached.

I've setup my 7750 as follows:
ver 08.0.70dT203
!
stack unit 1
  module 1 icx7750-48-xgf-port-management-module
  module 2 icx7750-qsfp-6port-qsfp-240g-module
!
!
default-vlan-id 7
!
vlan 1 by port
 untagged ethe 1/1/2 to 1/1/48
 router-interface ve 1
!
vlan 3 name Students by port
!
vlan 7 name DEFAULT-VLAN by port
!
vlan 100 name WAN by port
 untagged ethe 1/1/1
 router-interface ve 100
!
!
ip route 0.0.0.0/0 10.34.210.101
ip route 10.34.199.0/24 ve 1
ip route 10.34.210.100/30 ve 100
!
router rip
!
!
interface ethernet 1/1/1
 speed-duplex 1000-full
!
interface ve 1
 port-name LAN
 ip address 10.34.199.1 255.255.255.0
!
interface ve 100
 port-name WAN
 ip address 10.34.210.102 255.255.255.252
!
!

Had a cisco routers command wrong -  I have vlan 1 traffic working now!  Moving on to my student and voip vlans.

Thanks for all your assistance!

(Edited)