Ruckus ICX 7150-48ZP configuration help

  • 1
  • Question
  • Updated 4 weeks ago
  • Acknowledged
 We have a Ruckus ICX 7150-48ZP connected a server (eth 1/1/1), and two Cisco switches A and B (eth 1/1/47 and 1/1/48). We want to configure the Ruckus ICX 7150 switch only to achieve following requirements, please advice the configuration of ICX 7150, Thanks in advance!
1. All units ( connected to Cisco switches A and B ) are possible to communicate with the server (eth 1/1/1 of Ruckus) 
2. The units of Cisco switch A and Cisco switch B can not communicate

Thanks for any answer, seems the PVLAN can be applied, but unfortunately it required configure two Cisco switch too.
Photo of Lyna Jian

Lyna Jian

  • 2 Posts
  • 0 Reply Likes

Posted 4 weeks ago

  • 1
Photo of Ravi Vatsavai

Ravi Vatsavai, Employee

  • 3 Posts
  • 1 Reply Like
ICX switches have a feature called protected ports. On the ports 1/1/47 and 1/1/48 , configure 'protected-port' under the interface level. That should get you going.. 

PVLAN on ICX switch is an alternative option. Ports 1/1/47 and 1/1/48 can be placed in isolated VLAN and port 1/1/1 can be placed in primary VLAN. There is no need to configure any additional settings on Cisco switches for PVLAN to work on ICX.
(Edited)
Photo of Lyna Jian

Lyna Jian

  • 2 Posts
  • 0 Reply Likes
Thanks Ravi, But seems it does not work for both ways. 

if  configure the ports 1/1/47 and 1/1/48 as 'protected-port' under the interface level, all units connected to Cisco switches also can communicate.

if using the PVLAN, errdisable on the port 1/1/47 and 1/1/48...

ICX7150-48ZP Switch(config-vlan-100)#Jan  8 22:25:31 STP: Received BPDU on secondary vlan member Port 1/1/29 (vlan=10), errdisable Port 1/1/47
Jan  8 22:25:48 STP: Received BPDU on secondary vlan member Port 1/1/16 (vlan=10), errdisable Port 1/1/48



Photo of NETWizz

NETWizz

  • 56 Posts
  • 18 Reply Likes
Is #2 a problem statement or a desired configuration?

Do you merely want everything to communicate?

I read it that you simply want everything to communicate that the problem is they are not communicating.  Protected-port will make communication even worse much like PVLANs.

If you want communication to work we would need to know more about your VLAN config.  Basically, from the Cisco side you need to configure a trunk.

Switchport Mode Truck
Swithcport trunk allowed vlan 7,19
switchport trunk encapsulation dot1q


On the Ruckus side, you would use tagged ports like:

vlan 7 name Data by port
tagged ethe 1/1/47 to 1/1/48
!
vlan 19 name Something by port
tagged ethe 1/1/47 to 1/1/48
untagged ethe 1/1/1
!



You get the idea.  Face the tagged at the Cisco Trunk.  In this case, we setup VLAN 7 and 19 to communicate to two different Cisco switches which both send VLAN 7 and 19 on their trunk.  Hence one Cisco on 47 and one on 48.

Obviously, I am making an assumption the server is in only one VLAN.  It would be connected to a Cisco access port or a Ruckus untagged port - same thing... different terminology.  What you cannot do is have an untagged or an access port a member of more than one VLAN.