Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

[eduncan911]

7450 supports the 4x SFP+ modules in the back slots; I needed more ports and just bought another 4x10G module and it worked fine. As far as I have found, it does not have the commands to enable breakout and all the documentation I found for configuring 40g breakout applies to the 7750. I don't know why the breakout cable is listed unless when you use the breakout QSFP it auto-configures the breakout.

Yeah, those modules are cheap too on eBay ($25). That's what I would most likely do, installing two of those in the back to give me the spec'd 12x SPF+ ports.

And it leaves a good upgrade path in the future: I can add another switch and swap back in the QSFP+ module to link them.

 

[LodeRunner]

I missed out on a 7750-48F or 7750-26Q for under $1k on eBay a while back, I regret it a lot. I want the 7750 as a core; 40G link to the 7450 for access and PoE, and 10G to my 7150-c12's around the house. Setup the control bridge and have the 7450 and 7150s be port extenders off the 7750.

 

[eduncan911]

I missed out on a 7750-48F or 7750-26Q for under $1k on eBay a while back, I regret it a lot. I want the 7750 as a core; 40G link to the 7450 for access and PoE, and 10G to my 7150-c12's around the house. Setup the control bridge and have the 7450 and 7150s be port extenders off the 7750.

I've been eyeing these for a while. But do not have the cash/real need for them, and it needs a fan/psu.

Brocade ICX 40G - ICX 7750-26Q for sale online | eBay

Find many great new & used options and get the best deals for Brocade ICX 40G - ICX 7750-26Q at the best online prices at eBay! Free shipping for many products!

www.ebay.com

 

[BlackCat]

Does anybody have experiense to stack two icx6610 over 10gb sfp+ front ports? Is it possible?

 

[TZann]

I have a icx6450-24p and trying to configure it so that some clients only have internet access but no access to the lan. If possible I would even like to prevent these internet only clients to communicate between them.
I am testing this by implementing the following ACL based on information from this thread and other sites. At the moment this is for on a single ip and ve 1.
Once I get this working for a single client I plan to modify this so it's more generic and assign it to a guest VLAN.

192.168.1.80 is the ve 1 ip
192.168.1.140 is the host with internet only access

ip access-list extended nolan
remark Deny access to the switch
deny tcp host 192.168.1.140 host 192.168.1.80 eq ssh log
deny tcp host 192.168.1.140 host 192.168.1.80 eq telnet log
deny tcp host 192.168.1.140 host 192.168.1.80 eq http log
deny tcp host 192.168.1.140 host 192.168.1.80 eq 443 log
remark allow dhcp
permit udp any any eq bootps
permit udp any any eq bootpc
remark allow dns requests
permit udp any any eq dns
permit tcp any any eq dns
remark allow icmp
permit icmp host 192.168.1.140 host 192.168.1.1 echo
permit tcp any any gt 1023 established
remark block inter vlan traffic for this host
deny ip host 192.168.1.140 192.168.0.0 0.0.255.255 log
remark allow everything else
permit ip any any

1. Is the above correct or am I missing something that should really be there. Also is there another better way to implement this?
2. Even though the client (testing using my phone) could not ssh to the switch, it seems it could still "see" my network. I used a network tool and it could still list other devices in my lan.
3. While testing this I had to restart the switch. Is there a reason the above or issuing "no ip access-list extended nolan" would lock up the switch?
4. General acl question, to alter the acl rules do I need to drop it using "no ip access-list extended nolan" and re-issue all the rules?

Appreciate any help on this

 

[ArmedAviator]

@TZann ,

1. It can be shorted some by removing the switch rules at the top as these would be covered in the catchall deny ip host 192.168.1.140 192.168.0.0 0.0.255.255 log.
2. I'm not certain, but this is likely because you're still on the same L2 network (same VLAN). The ACLs are only applied at L3 so L2 traffic (MAC-to-MAC) is not filtered. Don't quote me on technical details, but I do know that all it would take is your phone to use a different manually assigned IP or broadcast address to access anything on the same VLAN, bypassing the ACL.
3. No this shouldn't ever lock up the switch. It may lock you out of the switch if it's applied to the VE and an incorrect deny rule was in the ACL which locked you out.
4. Yes, you delete the entire ACL and then re-create the ACL and all rules therein.

If you really want to restrict access to the rest of your network but not the internet, you'd be better off with a separate VLAN.

Consider this:
VLAN 99 for all wireless devices with subnet 192.168.99.0/24

ip access-list extended nolan
remark Deny access to the switch
deny tcp any host 192.168.99.80 eq ssh log
deny tcp any host 192.168.99.80 eq telnet log
deny tcp any host 192.168.99.80 eq http log
deny tcp any host 192.168.99.80 eq 443 log
remark allow intra vlan traffic
permit ip 192.168.99.0 0.0.0.255 192.168.99.0 0.0.0.255
remark allow dhcp
permit udp any any eq bootps
permit udp any any eq bootpc
remark allow dns requests
permit udp any any eq dns
permit tcp any any eq dns
permit tcp any any gt 1023 established
****insert any allowed inter vlan traffic rules here****
remark block inter vlan traffic
deny ip 192.168.99.0 0.0.0.255 192.168.0.0 0.0.255.255 log
remark allow everything else
permit ip any any

To isolate wireless devices on same L2/SSID from eachother, your wireless AP may have that feature. Unifi has that as an easy toggle switch in the wireless network settings.

 

[tubs-ffm]

1. Is the above correct or am I missing something that should really be there. Also is there another better way to implement this?

I would use a different VLAN for the clients that should not communicate to LAN. No ACL requird.
In case of limit access from clients to client on different ports of the switch it is easy to do by ACL. But in case of multiple clients outside the switch like AP it is better to handle by the AP.

3. While testing this I had to restart the switch. Is there a reason the above or issuing "no ip access-list extended nolan" would lock up the switch?

When I was "playing" with ACL I never rebooted (only when I locked out myself ).
Set the rules with "ip acess-list ..." or deleted the rules with "no ip acess-list ...". That's it. Once it is working as expected save with "write mem".

4. General acl question, to alter the acl rules do I need to drop it using "no ip access-list extended nolan" and re-issue all the rules?

You can modify the ACL. But for me it was the easiest to delete all with "no ip acess-list" and re-issue again. I maintained simple text file and did copy-paste of the complete block at once. For testing and learning purpose I could keep and modify different versions in this way.

 

[Harr_cami]

Hi, Recently bought the ICX 7250-24p however its too noisy for my living room, and i was wondering if anyone had any solutions to the fan noise?
already spent $700 on the switch so not scared to pay another $300 max to make it quiet/silent...

Any help greatly appreciated

PS. i bought noctua fans and SUNON Cooling Fan KDE1204PKVX and installed them however they dont power on or spin

 

[fohdeesha]

Does anybody have experiense to stack two icx6610 over 10gb sfp+ front ports? Is it possible?

no, must be stacked using rear QSFP+ ports

 

[fohdeesha]

Yeah, those modules are cheap too on eBay ($25). That's what I would most likely do, installing two of those in the back to give me the spec'd 12x SPF+ ports.

And it leaves a good upgrade path in the future: I can add another switch and swap back in the QSFP+ module to link them.

7450 does not support QSFP+ breakout in any configuration, the QSFP+ modules are single link 40gbE only. You'll need the 4x SFP+ modules from the start

 

[tubs-ffm]

Hi, Recently bought the ICX 7250-24p however its too noisy for my living room, and i was wondering if anyone had any solutions to the fan noise?
already spent $700 on the switch so not scared to pay another $300 max to make it quiet/silent...

Any help greatly appreciated

PS. i bought noctua fans and SUNON Cooling Fan KDE1204PKVX and installed them however they dont power on or spin

Don't do it! At least not with the PoE version.
I paid my lessons. My power supply exploded. See post linked below.

The reason why your fans do not turn on is because the pin layout on this switch is different to a standard PC fan connection layout. Two pin you need to switch. The pin layout you can find in this thread somewhere.

ICX 7250-24P exploded.

The joy with my ICX 7250-24P suddenly came to an end when the PSU exploded yesterday. Smoke, flames and electrical "bzzzz sound" included.

To go back in time. I modified my device by replacing the fans to for noise reasons. There is no heavy load on my device and I used only one PoE device. Temperature of both sensors are fine. See record of last 24 h till crash below. The device is running like this for 3 weeks or so. The up and down is because of changing ambient temperature during day and night. But suddenly an "explosion" and it was over.

I cannot say for sure if it is because of the modification I did or by chance. Theoretically the temperature at the sensor could be fine but not in other areas. In every case I would not recommend to anybody to do this type of modification.

Anybody who wants to exchange my broken ICX 7250-24P to a running ICX 7150-24 or ICX 7150-24P?

View attachment 17835
View attachment 17836

 

[Harr_cami]

Don't do it! At least not with the PoE version.
I paid my lessons. My power supply exploded. See post linked below.

The reason why your fans do not turn on is because the pin layout on this switch is different to a standard PC fan connection layout. Two pin you need to switch. The pin layout you can find in this thread somewhere.

Thanks for your response man, and holy shit im scared to run this thing 24/7 now in my house hahahha, sometimes the room can get 30 to 35 degrees ambiant on a hot day i might just cut my losses and sell the unit!

 

[LodeRunner]

7450 does not support QSFP+ breakout in any configuration, the QSFP+ modules are single link 40gbE only. You'll need the 4x SFP+ modules from the start

I wonder why they even list the QSFP breakout on the compatible transceiver list. I'm not saying you're wrong, it's just weird they would list that unless it's copy/paste laziness; like they grabbed the compatibility table from the 7750 and pasted it into the 7450 material.

 

[LodeRunner]

Thanks for your response man, and holy shit im scared to run this thing 24/7 now in my house hahahha, sometimes the room can get 30 to 35 degrees ambiant on a hot day i might just cut my losses and sell the unit!

That ambient temperature shouldn't be enough to kill a 7250. Either tubs-ffm had insufficient airflow and it overheated and blew, or it had a faulty component and the failure was coincidence.

Edit: from the manual: Operating temperature: −5°C to 50°C/23°F to 122°F

 

[richtj99]

Hi - I am going to pull the trigger on a Brocade ICX 6450-48P. I see that some units say 10gb, some say 1gb. Is the hardware all the same?

Is it still possible to get a free license to unlock the 6450?

This is what I am looking at & some feedback is that it did not come with working 10gb ports.

Brocade ICX6450-48P 48-Port PoE+ Enterprise-Class Stackable Switch - Tested | eBay

Find many great new & used options and get the best deals for Brocade ICX6450-48P 48-Port PoE+ Enterprise-Class Stackable Switch - Tested at the best online prices at eBay! Free shipping for many products!

www.ebay.com

 

[RoachedCoach]

Thanks for your response man, and holy shit im scared to run this thing 24/7 now in my house hahahha, sometimes the room can get 30 to 35 degrees ambiant on a hot day i might just cut my losses and sell the unit!

So I'm going to totally disagree and say you can do it safely. I modified a 48P and quieted it down quite a bit. It's been running for a year continuously in a poorly ventilated closet under moderate POE load with no issues. That said, I feel terrible for tubs - that is NOT something I'd want to wake up to.

Here's my fan mod post. The weird pinouts for fans are in the post that the below post quotes.

https://forums.servethehome.com/index.php?threads/brocade-icx-series-cheap-powerful-10gbe-40gbe-switching.21107/page-159#post-256375

I would also add, if you feel the PSU sensor is running on the hot side, you could always side mount a fan next to PSU externally (there's vents there). Not the cleanest look in the world, but it'd be effective. I tried it for kicks and it dropped around 5 - 7 C off the PSU, but didn't stick with it since mine never climbed to a point that was anywhere close to unsafe for its tolerances.

 

[kapone]

some units say 10gb, some say 1gb. Is the hardware all the same

Nope. The 10gb version has RGB lights inside. Makes it go faster.

Is it still possible to get a free license to unlock the 6450?

Nope. Gotta pay $3,500 to Ruckus.

 

[nivedita]

Thanks for your response man, and holy shit im scared to run this thing 24/7 now in my house hahahha, sometimes the room can get 30 to 35 degrees ambiant on a hot day i might just cut my losses and sell the unit!

The wire switch needed is to swap the tachometer and ground pins. It's rather easy: use a flat-blade screwdriver or the end of a tweezer to push the pin in, pull the wires out, and reinsert them after swapping.

I found that the Delta FFB0412VHN (40x28, 15.8CFM, 9500RPM, 45 dbA) is a reasonable swap. They are loud at boot, but after switching to fan speed 1, they run at 3400RPM and aren't audible at that speed unless you listen for them. On my 7250-48P, ASIC temperature is currently about 77C and the POE sensor is only at 28.5C. The FFBs also have an operating voltage range down to 4.5V, while the EFB's are only specced to a 7V minimum voltage.

Btw, does anyone know what the temperature thresholds for the 7250P model POE sensor are supposed to be? My unit says 41/34, but the Ruckus docs say that's for the 7250-24P, and the -48P is supposed to be 57/49 -- is that a typo in their table?

CFM requirements from data sheet:
ICX 7250-24G: 14.3 CFM (Maximum), 5.7 CFM (Typical) ICX 7250-24 : 14.0 CFM (Maximum), 5.7 CFM (Typical) ICX 7250-24P: 34.4 CFM (Maximum), 13.7 CFM (Typical) ICX 7250-48: 34.8 CFM (Maximum), 13.8 CFM (Typical) ICX 7250-48P: 45.2 CFM (Maximum), 21.4 CFM (Typical)

 

[nivedita]

So I'm going to totally disagree and say you can do it safely. I modified a 48P and quieted it down quite a bit. It's been running for a year continuously in a poorly ventilated closet under moderate POE load with no issues. That said, I feel terrible for tubs - that is NOT something I'd want to wake up to.

Here's my fan mod post. The weird pinouts for fans are in the post that the below post quotes.

https://forums.servethehome.com/index.php?threads/brocade-icx-series-cheap-powerful-10gbe-40gbe-switching.21107/page-159#post-256375

I would also add, if you feel the PSU sensor is running on the hot side, you could always side mount a fan next to PSU externally (there's vents there). Not the cleanest look in the world, but it'd be effective. I tried it for kicks and it dropped around 5 - 7 C off the PSU, but didn't stick with it since mine never climbed to a point that was anywhere close to unsafe for its tolerances.

That mechatronics fan has better specs than the Delta I suggested: lower noise and slightly higher CFM.

 

[klui]

Don't do it! At least not with the PoE version.
I paid my lessons. My power supply exploded. See post linked below.

The reason why your fans do not turn on is because the pin layout on this switch is different to a standard PC fan connection layout. Two pin you need to switch. The pin layout you can find in this thread somewhere.

Although anecdotal advice, I ran into the same thing a long time ago with an Extreme Summit 400-48T. It lasted roughly a year and it started to reboot continuously every 5 minutes or so. Opened it up and the caps were bulging. Used some Noctuas--never again for me on a data switch. I also did it on a Digi terminal server but no issues with it for over 5 years.