Drag to reposition cover

Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

iotapi322

Member
Sep 8, 2017
66
14
8
48
To the hard core brocade users, I don't know if this is possible or not, I have a CISCO VPN device that does 802.1X authentication and it would be AMAZING if I could pass that cisco port into the icx-6450 on to a VLAN and pass it through to my desktop machine on the other end of the house. Reading the documentation for the icx-6450 it supports
EAP pass-through support
I found this reference, but I don't think this is what I need for passthrough.

Flexible Authentication.

Has anyone ever tried any of this witchcraft?

Thanks,
Matt
 

Wasmachineman_NL

Wittgenstein the Supercomputer FTW!
Aug 7, 2019
1,864
613
113
Is there any interest ITT in ICX 6450, ICX 6610, ICX 6650 and ICX 7750 switches before they'll head to, god forbid, eBay? A acquaintance of mine is looking to unload a boatload of them.

He's got:
  • 20 ICX 6450-24's
  • 15 ICX 6450-24P's
  • 105 ICX 6450-48's
  • 16 ICX6450-48P's
  • 2 ICX6610-24F-E's
  • 19 ICX 6610-24F-E's
  • A lone ICX6610-24F-PE
  • 3 ICX 6650-32E-ADV's
  • And 6 ICX 7750-48F's
 

LodeRunner

Active Member
Apr 27, 2019
540
227
43
What's the ask for a 7750-48F, does it have all fans and both power supplies, and where's it shipping from?
 

LodeRunner

Active Member
Apr 27, 2019
540
227
43
Darn, no shipping to US. Picture shows all 4 fans and both PSUs and a list price of about a third of what is being asked on eBay.
 

fohdeesha

Kaini Industries
Nov 20, 2016
2,726
3,066
113
33
fohdeesha.com
I am finally getting around to a lot of changes/upgrades to the guide site, including eventually the stuff I promised I would add way back on the page 200 milestone. Just organizing stuff for now, but so far the changes:

- change color (life changing)
- fixed some fastiron linux root password info
- fixed some license dumping info (flash dump command size)
- added a singular main header with info like docu version and github links - I now have one singular file to update when pushing changes, instead of the old manual footer text I was putting in every single page
- on the new header I've added a paypal donate link - I told myself I would never solicit donations, however I occasionally get emails from people asking how to donate. I figure adding a button will kill these emails :)

The new header disappears as soon as you start scrolling, so hopefully it's not too intrusive


much more to come, including firmware updates including a (relatively) easy method to get the 7 series up to the newer UFI 8092+ images regardless of starting firmware version
 

Wasmachineman_NL

Wittgenstein the Supercomputer FTW!
Aug 7, 2019
1,864
613
113
Darn, no shipping to US. Picture shows all 4 fans and both PSUs and a list price of about a third of what is being asked on eBay.
You could always ask him about shipping, even though to the US it'll be retardedly expensive.
I spoke to him, shipping should be possible, he's looking into it.

EDIT: You're looking at €197,50 shipped with FedEx Economy.
 
Last edited:

bkvamme

New Member
Sep 23, 2018
11
4
3
Hi,
I managed to short out the 12V on the rear right fan module, and now the connector appears to be dead (doesn't recognize a fan module when inserted). The rear left fan module still works fine.

Does anyone by chance know if there is any resettable fuses for this, or anything that can be reset? Don't want to take too much risk on this, as the left module still works, and the switch works fine otherwise.
 

Wasmachineman_NL

Wittgenstein the Supercomputer FTW!
Aug 7, 2019
1,864
613
113
Hi,
I managed to short out the 12V on the rear right fan module, and now the connector appears to be dead (doesn't recognize a fan module when inserted). The rear left fan module still works fine.

Does anyone by chance know if there is any resettable fuses for this, or anything that can be reset? Don't want to take too much risk on this, as the left module still works, and the switch works fine otherwise.
Any obvious burnt components inside?
 

tinfoil3d

QSFP28
May 11, 2020
873
399
63
Japan
Sorry for busting in, is there actually some kind of up-to-date readme for us, non-brocade plebs that want to do some switching on brocades? Like, I genuinely have no idea what to look for and how, the initial post is out-of-date, there's some licensing involved too, I just dont know. Going through 277 pages of this thread is quite an effort. Maybe you can just link me to the most relevant posts here...
I only know mikrotik router/swos.
Thank you
 

Vesalius

Active Member
Nov 25, 2019
252
190
43
Sorry for busting in, is there actually some kind of up-to-date readme for us, non-brocade plebs that want to do some switching on brocades? Like, I genuinely have no idea what to look for and how, the initial post is out-of-date, there's some licensing involved too, I just dont know. Going through 277 pages of this thread is quite an effort. Maybe you can just link me to the most relevant posts here...
I only know mikrotik router/swos.
Thank you
initial post and the linked documents are not out of date for licensing or initial setup. They still work well. look up about 4 post to see that the OP is still hard at work and is currently refreshing those documents, which will mainly effect the ICX 7*** series switches to use the latest firmware after a few bigger changes made by Brocade.
 

CIR-Engineering

I am a functional adult?
Jan 14, 2021
85
30
18
48
Chicago USA
www.cir-engineering.com
So I've sent @fohdeesha a couple PM's on the subject of trying to convert/re-code my ipolex 10G SFP+ RJ45 copper transceivers to official Brocade in my ICX6450-24P. While I await his reply I figured I'd post here in case anyone else can help. These are the optics I am working with:

https://www.amazon.com/gp/product/B08NW1VBX6/

Here is what I get at the terminal when I show media:

SSH@switch(config)#show media ethernet 1/2/1
Port 1/2/1: Type : 10GE SR 300m ((SFP+))
Vendor: OEM Version: 02
Part# : SFP-10G-SR Serial#: CSF101L33816

I suspect that the eeprom may be unlocked because it looks like ipolex just copied the eeprom flash from a Cisco SFP-10G-SR and substituted Cicsco with "OEM." Obviously they are not Cisco, are not 300m, and are not 10GBASE SFP+. They are ipolex 10GBASE-T modules with RJ-45.

I'm trying to figure out if I can write to them or not using i2c. So far I have not been able to figure out the context. Firstly I looked at the post where he figured out how to recode the monoprice passive copper cables here and also several other posts.


Unfortunately, on the 6450 at the serial debug console "i2c read" is not a recognized command. In fact there are very few i2c commands here on the 6450 as far as I can tell using help or ?. That seems to be a dead end.

So next I looked at @fohdeesha's hidden dm menu inside enable config terminal. There are also some i2c commands their, but none of the seem helpful either.

Finally I used @fohdeesha's guide on "Hidden Brocade Dev Stuff" and then used "Hidden Bootloader Modes." This has proven to provide some answers. However, I cannot figure out the correct context. This is what I got so far inside the hidden bootloader.

ICX64XX-boot>> help i2cprobe
i2cprobe <device>
- probe special i2c device id
device : Valid devices are <pd69000|info_eeprom|sfp_port1|sfp_port2|sfp_port3|sfp_port4s
|cpld|rtc|pca9535_sfp|pca9535_led|pca9535_led_stack|pca9535_id|hwm>
ICX64XX-boot>> i2cprobe sfp_port1
I2C has probe the SFP Port 1.(Reg0=0x03)
loop: 1
i2cprobe PASS
ICX64XX-boot>>

We can see that the optics show up in SFP Port 1 and 3 using this command. In this hidden bootloader there is indeed an i2c read function, but this is where I am not sure about the correct syntax.

ICX64XX-boot>> help i2cread
i2cread <devAddr> <reg_addr> <addrlen> <get_len>
- Get special i2c device id
devAddr : I2C device address
reg_addr : I2c device register
addrlen : I2C device address size, [0/1/2] byte
get_len : Get data bytes

I have tried many variables for all of the switches above, but not to my surprise, nothing has worked. Here are some examples of my trials. Many don't make a lot of sense, but I was throwing the kitchen sink at it:

ICX64XX-boot>> i2cread 0=0x03 1 0 256
i2c read length fail (getLen=256)

ICX64XX-boot>> i2cread 0=0x03 1/2/1 0 FF
TWSI: mvTwsiRead: 977: mvTwsiAddrSet failed
i2c_halRead fail (ret=-200)

ICX64XX-boot>> i2cread 0 0x03 1/2/1 0 256
i2c_halRead fail (ret=-200)

ICX64XX-boot>> i2cread 0 0x03 0 256
i2c_halRead fail (ret=-200)

ICX64XX-boot>> i2cread 0 0x03 0 0 256
i2c_halRead fail (ret=-200)

ICX64XX-boot>> i2cread 0 0x03 1 0 256
i2c_halRead fail (ret=-200)

ICX64XX-boot>> i2cread 0 0x03 2 0 256
i2c_halRead fail (ret=-200)

ICX64XX-boot>> i2cread 0=0x03 1/2/1 0 256
i2c read length fail (getLen=256)

So what exactly is the syntax for devAddr (I2C device address), reg_addr (I2c device register), addrlen (I2C device address size) or do I even need to specify this one, and of course get_len (Get data bytes)? It was super late and I was really tired when I tried all this so it's a bit fuzzy already... I may have also been a bit inebriated o_O

Assuming I can figure out how to read the eeprom, after I back it up, I would then like to try and write one byte to see if it's unlocked. Anybody know the commands to write?

Thanks all,
craigr
 

CIR-Engineering

I am a functional adult?
Jan 14, 2021
85
30
18
48
Chicago USA
www.cir-engineering.com
There was also this I think from the default bootloader:

ICX64XX-boot>> i2cprobe
I2C has probe the PD69000.(Reg0=0x03)
I2C has probe the EEPROM.(Reg0=0x0000)
Read device SFP Port 4.0 fail
I2C has probe the SFP Port 3.(Reg0=0x03)
Read device SFP Port 2.0 fail
I2C has probe the SFP Port 1.(Reg0=0x03)
I2C has probe the CPLD Interrupt Mask Control.(Reg3=0xff)
I2C has probe the RTC.(Reg0=0x50)
I2C has probe the PCA9535 SFP.(Reg0=0x8d)
I2C has probe the PCA9535 LED.(Reg0=0xff)
I2C has probe the PCA9535 STACK LED.(Reg0=0xff)
I2C has probe the Hardware Monitor.(Regfd=0x50)
loop: 1
i2cprobe FAIL
ICX64XX-boot>>

craigr
 

vpadro

New Member
Jul 16, 2015
16
2
3
47
So I'm trying to figure out what went wrong trying to replicate kapone's post but can't seem to find the culprit of it.

First of all, you'll have to forgive me if I don't make too much sense, since English is not my first language but always try to do my best to communicate with it.

Right now my home gear network consists of the following:

PC Engines APU2 - PfSense
Cisco SG300-52 L3 enabled
ICX7250-48 L3 10Gb license (Thanks @fohdeesha)
ICX6610-48 Fully licensed too (1 PSU rev3, 1 FAN) - Not in use, too loud after a few minutes (maybe will sell it since PSU and fan will cost me as much as another unit)

What I am trying to achive?

Have a native L3 network after a while since FW was handling the VLANs as a Router on a Stick approach, right now it can't handle inter-vlan 1Gb network traffic after doing so for a "some time", since I have the gear that can do all the L3 at its core.

My core networking/services/servers (more APU2s) are on a 12U startech rack is hangin on my apartment's entrance corner and my office is a few meters away cabled with 6 CAT6 ethernet drops, maybe more, but don't tell my wife.

My first approach was to use the ICX7250 as a Core switch for my place on the aforementioned startech rack, and the ICX6610 for my 24U rack with 6 SM servers all with 10Gb NICs and a 40Gbps NIC on my main ESX/NAS server, short long story, as I mentioned the switch is too loud to have it 24/7 on my apartment I didn't even setup up correctly on both ends. - Currently discarded until further notice or until christmas bonus. lol

Then I tried to use the SG300 as my Core L3 switch and the ICX7250 as my rack switch with inter-VLAN routing on my main LAN, this worked "well" can access the SVIs, setup the firewall rules, static routes both the switches and FW can see and communicate, everything was ok but then I realized L3 routing was performed at the Cisco so 10Gb traffic was limited to 1Gb as you might guessed. - Discarded for the time being, maybe will get back to this if could find the routing issue on the ICX.

So third attempt, since the APU has 3 ethernet ports (WAN, LAN, OPT1) tried the Kapone's post guideline, using the OPT1 which was unused to connect one of the cable drops to my office directly to the ICX, created a /30 transit VLAN, gateway, static route on FW, static route on SW, FW rules and what not, but can't communicate from my main home network to the VLANs associated on the ICX, I'm still using the SG300 on my LAN, nothing has done yet in there (No L3 switching, VLANs SVIs, nothing really, just a dumb SW ATM), was thinking to use it as an access L2 SW for the VLANs needed for the APU2s VMs and LXC containers using a second drop back from my rack to the startech rack.

So with all this, which approach will be the best to execute, and more important, am I missing something on my config, steps that might be overlooked?

Basically TDLR;

Need to setup a L3 network using Cisco SG300, ICX7250 and pfsense, but have failed doing so.


Here's the precious data if needed:

VLANs: 40 (Transit), 51-54, 60, 65, 70, 80, 90-92

PfSense
LAN IP: 192.168.50.1/24
Transit IP: 192.168.40.1/30

ICX7250
VLAN/VE 1 IP: 192.168.50.254/24
VLAN/VE 40 (Transit) IP: 192.168.40.2/30

ICX7250 sh run:

Code:
Current configuration:
!
ver 08.0.80eT213
!
stack unit 1
  module 1 icx7250-48-port-management-module
  module 2 icx7250-sfp-plus-8port-80g-module
!
!
!
!
!
vlan 1 name DEFAULT-VLAN by port
 router-interface ve 1
 loop-detection
!
vlan 40 name Transit by port
 tagged ethe 1/1/1
 router-interface ve 40
!
vlan 51 name IPMI by port
 tagged ethe 1/1/1
 untagged ethe 1/1/3 to 1/1/12
 router-interface ve 51
!
vlan 52 name VoIP by port
 tagged ethe 1/1/1 ethe 1/1/13 to 1/1/36
 router-interface ve 52
!
vlan 53 name "Guest WiFi" by port
 tagged ethe 1/1/1 ethe 1/1/47 to 1/1/48
 router-interface ve 53
!
vlan 54 name IoT by port
 tagged ethe 1/1/1 ethe 1/1/47 to 1/1/48
 router-interface ve 54
!
vlan 55 name Management by port
 tagged ethe 1/1/1 ethe 1/1/13 to 1/1/40 ethe 1/2/1 to 1/2/8
 router-interface ve 55
!
vlan 60 name "Windows Server" by port
 tagged ethe 1/1/1 ethe 1/1/13 to 1/1/40
 router-interface ve 60
!
vlan 65 name "Linux Server" by port
 tagged ethe 1/1/1 ethe 1/1/13 to 1/1/40
 router-interface ve 65
!
vlan 70 name WORK by port
 tagged ethe 1/1/1 ethe 1/1/13 to 1/1/48 ethe 1/2/1 to 1/2/8
 router-interface ve 70
!
vlan 80 name "Dev Network" by port
 tagged ethe 1/1/1 ethe 1/1/13 to 1/1/40
 router-interface ve 80
!
vlan 90 name Storage by port
 tagged ethe 1/1/1 ethe 1/2/1 to 1/2/8
 router-interface ve 90
!
vlan 91 name Storage2 by port
 tagged ethe 1/1/1 ethe 1/2/1 to 1/2/8
 router-interface ve 91
!
vlan 92 name vMotion by port
 tagged ethe 1/1/1 ethe 1/2/1 to 1/2/8
 router-interface ve 92
!
!
!
!
!
!
!
!
!
!
!
!
!
aaa authentication web-server default local
aaa authentication enable default local
aaa authentication login default local
enable aaa console
no fast port-span
hostname icx7250
ip dhcp-client disable
ip dns domain-list padrosys.net
ip dns server-address 192.168.50.5 192.168.50.6
ip route 0.0.0.0/0 192.168.40.1
ip route 0.0.0.0/0 192.168.50.1
!
no telnet server
username root password .....
!
!
snmp-server community ..... rw
snmp-server contact vpadro
snmp-server location Noneedtoknow
!
!
clock summer-time
clock timezone gmt GMT-06
!
!
ntp
 disable serve
 server 192.168.50.1
!
!
no web-management http
web-management https
web-management page-menu
web-management session-timeout 3000
web-management list-menu
!
!
!
!
router ospf
 area 0
!
!
!
!
!
!
!
interface ethernet 1/1/1
 port-name Uplink
 no flow-control both
!
interface ethernet 1/1/2
 no flow-control both
!
interface ethernet 1/1/3
 no flow-control both
!
interface ethernet 1/1/4
 no flow-control both
!
interface ethernet 1/1/5
 no flow-control both
!
interface ethernet 1/1/6
 no flow-control both
!
interface ethernet 1/1/7
 no flow-control both
!
interface ethernet 1/1/8
 no flow-control both
!
interface ethernet 1/1/9
 no flow-control both
!
interface ethernet 1/1/10
 no flow-control both
!
interface ethernet 1/1/11
 no flow-control both
!
interface ethernet 1/1/12
 no flow-control both
!
interface ethernet 1/1/13
 no flow-control both
!
interface ethernet 1/1/14
 no flow-control both
!
interface ethernet 1/1/15
 no flow-control both
!
interface ethernet 1/1/16
 no flow-control both
!
interface ethernet 1/1/17
 no flow-control both
!
interface ethernet 1/1/18
 no flow-control both
!
interface ethernet 1/1/19
 no flow-control both
!
interface ethernet 1/1/20
 no flow-control both
!
interface ethernet 1/1/21
 no flow-control both
!
interface ethernet 1/1/22
 no flow-control both
!
interface ethernet 1/1/23
 no flow-control both
!
interface ethernet 1/1/24
 no flow-control both
!
interface ethernet 1/1/25
 no flow-control both
!
interface ethernet 1/1/26
 no flow-control both
!
interface ethernet 1/1/27
 no flow-control both
!
interface ethernet 1/1/28
 no flow-control both
!
interface ethernet 1/1/29
 no flow-control both
!
interface ethernet 1/1/30
 no flow-control both
!
interface ethernet 1/1/31
 no flow-control both
!
interface ethernet 1/1/32
 no flow-control both
!
interface ethernet 1/1/33
 no flow-control both
!
interface ethernet 1/1/34
 no flow-control both
!
interface ethernet 1/1/35
 no flow-control both
!
interface ethernet 1/1/36
 no flow-control both
!
interface ethernet 1/1/37
 no flow-control both
!
interface ethernet 1/1/38
 no flow-control both
!
interface ethernet 1/1/39
 no flow-control both
!
interface ethernet 1/1/40
 no flow-control both
!
interface ethernet 1/1/41
 no flow-control both
!
interface ethernet 1/1/42
 no flow-control both
!
interface ethernet 1/1/43
 no flow-control both
!
interface ethernet 1/1/44
 no flow-control both
!
interface ethernet 1/1/45
 no flow-control both
!
interface ethernet 1/1/46
 no flow-control both
!
interface ethernet 1/1/47
 no flow-control both
!
interface ethernet 1/1/48
 no flow-control both
!
interface ethernet 1/2/1
 no flow-control both
!
interface ethernet 1/2/2
 no flow-control both
!
interface ethernet 1/2/3
 no flow-control both
!
interface ethernet 1/2/4
 no flow-control both
!
interface ethernet 1/2/5
 no flow-control both
!
interface ethernet 1/2/6
 no flow-control both
!
interface ethernet 1/2/7
 no flow-control both
!
interface ethernet 1/2/8
 no flow-control both
!
interface ve 1
 ip address 192.168.50.254 255.255.255.0
!
interface ve 40
 ip address 192.168.40.2 255.255.255.252
!
interface ve 51
 ip address 192.168.51.1 255.255.255.224
!
interface ve 52
 ip address 192.168.52.1 255.255.255.224
!
interface ve 53
 ip address 192.168.53.1 255.255.255.224
!
interface ve 54
 ip address 192.168.54.1 255.255.255.224
!
interface ve 55
 ip address 192.168.55.1 255.255.255.192
!
interface ve 60
 ip address 192.168.60.1 255.255.255.0
!
interface ve 65
 ip address 192.168.65.1 255.255.255.0
!
interface ve 70
 ip address 192.168.70.1 255.255.255.192
!
interface ve 80
 ip address 192.168.80.1 255.255.255.192
!
interface ve 90
 ip address 192.168.90.1 255.255.255.128
!
interface ve 91
 ip address 192.168.91.1 255.255.255.128
!
interface ve 92
 ip address 10.10.76.1 255.255.255.192
!
!
!
!
!
!
!
!
!
!
end

ICX7250
Code:
Total number of IP routes: 15
Type Codes - B:BGP D:Connected O:OSPF R:RIP S:Static; Cost - Dist/Metric
BGP  Codes - i:iBGP e:eBGP
OSPF Codes - i:Inter Area 1:External Type 1 2:External Type 2
        Destination        Gateway         Port          Cost          Type Uptime
1       0.0.0.0/0          192.168.40.1    ve 40         1/1           S    8m37s
        0.0.0.0/0          192.168.50.1    ve 1          1/1           S    8m37s
2       10.10.76.0/26      DIRECT          ve 92         0/0           D    1d1h
3       192.168.40.0/30    DIRECT          ve 40         0/0           D    8m38s
4       192.168.50.0/24    DIRECT          ve 1          0/0           D    1d9h
5       192.168.51.0/27    DIRECT          ve 51         0/0           D    1d8h
6       192.168.52.0/27    DIRECT          ve 52         0/0           D    1d8h
7       192.168.53.0/27    DIRECT          ve 53         0/0           D    1d8h
8       192.168.54.0/27    DIRECT          ve 54         0/0           D    1d8h
9       192.168.55.0/26    DIRECT          ve 55         0/0           D    1d8h
10      192.168.60.0/24    DIRECT          ve 60         0/0           D    1d8h
11      192.168.65.0/24    DIRECT          ve 65         0/0           D    1d8h
12      192.168.70.0/26    DIRECT          ve 70         0/0           D    1d8h
13      192.168.80.0/26    DIRECT          ve 80         0/0           D    1d8h
14      192.168.90.0/25    DIRECT          ve 90         0/0           D    1d8h
15      192.168.91.0/25    DIRECT          ve 91         0/0           D    1d8h

Code:
icx7250#ping 192.168.40.1
Sending 1, 16-byte ICMP Echo to 192.168.40.1, timeout 5000 msec, TTL 64
Type Control-c to abort
Reply from 192.168.40.1    : bytes=16 time<1ms TTL=64
Success rate is 100 percent (1/1), round-trip min/avg/max=0/0/0 ms.
icx7250#ping 192.168.50.50
Sending 1, 16-byte ICMP Echo to 192.168.50.50, timeout 5000 msec, TTL 64
Type Control-c to abort
Request timed out.
No reply from remote host.
icx7250#
PfSense

pfping.jpg

pfinterfaces.jpg
pfnat.jpg
pfgateways.jpg
pfstaticroutes.jpg
pflanrules.jpg
pftransitrules.jpg

If you need more info I'd gladly provide it.