ICX 6450 Config

gistfile1.txt

Startup-config data location is flash memory
!
Startup configuration:
!
ver 08.0.30tT313
!
stack unit 1
  module 1 icx6450-48p-poe-port-management-module
  module 2 icx6450-sfp-plus-4port-40g-module
!
global-stp
!
!
!
spanning-tree single
!
vlan 1 name DEFAULT-VLAN by port
 router-interface ve 1
 spanning-tree
!
vlan 50 name Guest_Network by port
 tagged ethe 1/1/13 ethe 1/1/15 ethe 1/2/1 to 1/2/2
 spanning-tree
!
vlan 100 name IoT by port
 tagged ethe 1/1/13 ethe 1/1/15 ethe 1/2/1 to 1/2/2
 untagged ethe 1/1/48
 router-interface ve 100
 spanning-tree
!
vlan 200 name Kubernetes by port
 tagged ethe 1/1/13 ethe 1/1/15 ethe 1/1/20 ethe 1/2/1 to 1/2/2
 untagged ethe 1/1/2 ethe 1/1/4 ethe 1/1/6 to 1/1/12 ethe 1/1/14 ethe 1/1/16 ethe 1/1/18 ethe 1/1/22 ethe 1/1/24 ethe 1/1/26 ethe 1/1/28 ethe 1/1/30
 router-interface ve 200
 spanning-tree
!
vlan 666 name ISP_Facing by port
 no spanning-tree
!
vlan 2000 name Management by port
 tagged ethe 1/1/20 ethe 1/2/1
 router-interface ve 2000
 spanning-tree
!
vlan 2001 name Cluster-1 by port
 tagged ethe 1/1/20 ethe 1/2/1
 untagged ethe 1/1/37 ethe 1/1/39 ethe 1/1/41
 router-interface ve 2001
 no spanning-tree
!
!
spanning-tree single 802-1w
!
!
!
!
system-max vlan 4095
system-max spanning-tree 254
!
aaa authentication web-server default local
aaa authentication enable default local
aaa authentication login default local
enable telnet authentication
enable acl-per-port-per-vlan
fast uplink-span ethe 1/2/1
no fast port-span
hostname switch01
ip dhcp snooping vlan 1
ip dhcp snooping vlan 50
ip dhcp snooping vlan 100
ip dhcp snooping vlan 200
ip dhcp snooping vlan 2000
ip dhcp snooping vlan 2001
ip dhcp-client disable
ip dns domain-list elcarpenter.com
ip dns server-address 10.10.1.1 10.10.200.1 10.200.1.1 10.200.0.1
ip forward-protocol udp 4011
ip route 0.0.0.0/0 10.10.1.1
!
telnet access-group Allow_PrivateIPs_Only
!
!
clock summer-time
clock timezone us Pacific
web-management https
!
router ospf
 area 0
!
!
!
interface ethernet 1/1/1
 port-name WAN
!
interface ethernet 1/1/2
 port-name node00 - 1GB
!
interface ethernet 1/1/4
 port-name node01 - 2.5GB
!
interface ethernet 1/1/6
 port-name node02
!
interface ethernet 1/1/8
 port-name node03
!
interface ethernet 1/1/10
 port-name node04 - 2.5GB
!
interface ethernet 1/1/13
 port-name UnifiAP
 dual-mode
 inline power
!
interface ethernet 1/1/15
 dual-mode
!
interface ethernet 1/1/20
 port-name Proxmox (Router) Internal NIC
 dual-mode
!
interface ethernet 1/1/22
 port-name Pi00
 inline power
!
interface ethernet 1/1/24
 port-name UnifiAppliance
 inline power
!
interface ethernet 1/1/25
 port-name Android TV
!
interface ethernet 1/1/30
 port-name nas00
!
interface ethernet 1/1/37
 port-name Cluster-1 NUC11 #1
 no spanning-tree
!
interface ethernet 1/1/39
 port-name Cluster-1 NUC11 #2
 no spanning-tree
!
interface ethernet 1/1/41
 no spanning-tree
!
interface ethernet 1/1/48
 port-name ZigbeePoE
 inline power
!
interface ethernet 1/2/1
 port-name Router (VyOS)
 dual-mode
 dhcp snooping trust
!
interface ethernet 1/2/2
 dual-mode
!
interface ve 1
 ip address 10.10.1.3 255.255.255.0
 ip helper-address 1 10.10.1.1
!
interface ve 100
 ip address 10.10.100.3 255.255.255.0
 ip helper-address 1 10.10.100.1
!
interface ve 200
 ip address 10.10.200.3 255.255.255.0
 ip helper-address 1 10.10.200.1
!
interface ve 2000
 ip address 10.200.0.3 255.255.255.0
 ip helper-address 1 10.200.0.1
!
interface ve 2001
 ip address 10.200.1.3 255.255.255.0
 ip helper-address 1 10.200.1.1
!
!
!
access-list 10 permit 10.0.0.0 0.255.255.255
!
ip access-list standard Allow_PrivateIPs_Only
 permit 10.0.0.0 0.255.255.255
 permit 172.16.0.0 0.15.255.255
 permit 192.168.0.0 0.0.255.255
!
ip access-list standard Allow_PublicIPs_Only
 deny 10.0.0.0 0.255.255.255
 deny 172.16.0.0 0.15.255.255
 deny 192.168.0.0 0.0.255.255
 permit any
!
!
!
lldp tagged-packets process
lldp run
!
!
!
!
end