Drag to reposition cover

Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

dasbooter

New Member
Mar 16, 2022
5
0
1
Can somebody take pity on me and just get me up and running. I am trying to get to number 2 in the picture if that's possible. Its just a matter of infrastructure and positioning of AP's right now. My ICX 6450p is set up as per instruction by fodheesha with one Vlan. I think this would be a router on a stick situation but I'm not sure . Devices wired to the switch in the second picture cant be reached whereas everything attached to the router wireless or wired is good. How can I get the devices routed that are wired to the switch in number 2? 1 works ok so far1653674074352 (1).jpg
 

sergi0

Active Member
Dec 4, 2016
131
44
28
67
What model was the Netgear you previously had? If it wasn't VLAN aware (unmanaged) and the TV equipment is using VLAN tags, the unmanaged switch will happily pass the traffic. The unconfigured ports on the 6450 just default to untagged VLAN 1; if the Freebox packets are VLAN tagged, the switch is either discarding the VLAN tagged packets or honoring them, but has no tagged ports to send them to. Was the Netgear that the TV system was plugged into shared by the rest of your network? Have you also confirmed that the Freebox connected to the TV is pulling the correct IP address to work?

I could be very wrong about what the 6450 is doing though. As this is supplied by your ISP, if their support is worth anything, they might be able to give you some guidance as well.

You can use diagrams.net to draw quick diagrams of how it was before and how it is now.
The switch was a Netgear GS116Ev2. It has basic admin config but I never use them besides for update.

With these hints I seach a little deeper in the freebox config and I found that freebox server and player communicate via VLAN100 (tagged) and they also are visible via the standard LAN (untagged). the freebox player always gets its IP via the freebox server DHCP.

I am still not familiar to what I need to config on the switch, but I am closer to a solution. Is it possible to have a RJ45 port with both VLAN100 (tagged) and standard LAN (untagged) packets ?

Thanks for the link about the diagram, I will use it.
 
Last edited:

kpfleming

Active Member
Dec 28, 2021
383
205
43
Pelham NY USA
I am still not familiar to what I need to config on the switch, but I am closer to a solution. Is it possible to have a RJ45 port with both VLAN100 (tagged) and standard LAN (untagged) packets ?
Yes, it most certainly is. This is a very common thing to do. Setup two ports that way, and your two VLAN 100 devices will be able to talk directly to each other over that VLAN (you shouldn't put anything else in that VLAN or do any other configuration of it).
 

kpfleming

Active Member
Dec 28, 2021
383
205
43
Pelham NY USA
Sorry, help me please I have ICX6610-48 with Maximum PORT-VLAN entries: 64. I need more vlan, best will be 4095. How I can remove a limit for 64 vlan
It's probably a hardware limitation, in which case you can't use more VLAN tags simultaneously. Do you really have more than 64 VLANs?
 

dasbooter

New Member
Mar 16, 2022
5
0
1
If you're connecting the switch to the R8000's WAN port in #2 you can't.
Yes I was. With the xb6 in bridgemode the Linksys R8000 does all the routing(which is better) but the R8000 is also the AP for everything wireless in the house and now it is relegated to the basement. The savages are getting restless lol is there any hope with the current hardware to solve the problem or do I have to have another router or add a wireless AP?
 

LodeRunner

Active Member
Apr 27, 2019
540
227
43
The switch was a Netgear GS116Ev2. It has basic admin config but I never use them besides for update.

With these hints I seach a little deeper in the freebox config and I found that freebox server and player communicate via VLAN100 (tagged) and they also are visible via the standard LAN (untagged). the freebox player always gets its IP via the freebox server DHCP.

I am still not familiar to what I need to config on the switch, but I am closer to a solution. Is it possible to have a RJ45 port with both VLAN100 (tagged) and standard LAN (untagged) packets ?

Thanks for the link about the diagram, I will use it.
That Netgear does appear to have support for VLANs, so either it was configured once upon a time, or it can optionally ignore tags, which wouldn't surprise me on a consumer or 'prosumer' switch. Enterprise switches tend to be far stricter about such things.

In Brocade syntax (this may be slightly different, I run 7k series with 8.0.95), and using ports 23 and 24 as the example:
Code:
conf t
int e 1/1/23
port-name Freebox Server
int e 1/1/24
port-name Freebox STB
vlan 100 name TV by port
tag e 1/1/23 e 1/1/24
end
wr me
If you have more than one STB, then you'd setup additional ports the same way.

For the TV equipment, you don't need to worry about untagged, since the only thing using these ports will be the TV equipment which is applying tags. If you were linking multiple switches and needed to pass multiple VLANs, you can tag one port in multiple VLANs to make a trunk.

Untagged VLANs are for when devices are not applying the tags themselves; then traffic entering the port gets tagged by the switch. In most cases you will not need to mix tagged and untagged traffic on a port. For a 6k series switch, if you needed to do so, there's a 'dual-mode' option or some such that I have no experience with as it stopped being a thing in v8.0.80 I believe.
 
Last edited:

fohdeesha

Kaini Industries
Nov 20, 2016
2,728
3,078
113
33
fohdeesha.com
Sorry, help me please I have ICX6610-48 with Maximum PORT-VLAN entries: 64. I need more vlan, best will be 4095. How I can remove a limit for 64 vlan
run "show default values" to see a table of how the default TCAM limits are arranged, I believe on the 6450 you'll get:

Code:
System Parameters    Default    Maximum    Current    Configured
ip-arp               1024       4096       1024       1024
ip-static-arp        256        1024       256        256
ip-cache             13212      13212      13212      13212
ip-filter-port       3068       3068       3068       3068
ip-filter-sys        2048       8192       2048       2048
l3-vlan              32         1024       32         32
ip-qos-session       128        256        128        128
mac                  16384      16384      16384      16384
ip-route             12000      12000      12000      12000
ip-static-route      64         2048       64         64
---trimmed---
vlan                 64         4095       64         64
---trimmed---
showing the default max is 64, but can be configured up to 4095. To go that high you may have to free up some TCAM by reducing the max of other things here, but to change vlan would be "system-max vlan 2000" for example, then a write mem and reload of the switch is required
 
  • Like
Reactions: klui and nillok

sergi0

Active Member
Dec 4, 2016
131
44
28
67
For the TV equipment, you don't need to worry about untagged, since the only thing using these ports will be the TV equipment which is applying tags. If you were linking multiple switches and needed to pass multiple VLANs, you can tag one port in multiple VLANs to make a trunk.

Thanks for the help, I was able to manage some tests. The problem is not resolved yet, but I am close.

Using the GUI, I created a VLAN100 and assigned 2 ports in it. I plugged the freebox server (directly from the back of the device, no switch between) and the TV wall plug in the other ports. It worked and I was able to get the TV flux from the freebox server onto the player. BUT...

What I did not explicited is that on the TV side there are on RJ45 in the wall and 3 devices behind via a simple switch (tv, freebox player and nvidia shield - so 2 differents networks and a VLAN for the freebox player). this plug then gets into the brocade in the VLAN100 tagged port. I was not able to get the NAS from the shield. It is plugged on the VLAN100 tagged port so that is probably why I can't reach it.

I have a totally newbie question: if I put all the brocade ports in the VLAN100, with both network (10.11.12.x and 192.168.1.x), will it work ?

S.
 

Lone Wolf

Member
Apr 3, 2022
47
9
8
What I did not explicited is that on the TV side there are on RJ45 in the wall and 3 devices behind via a simple switch (tv, freebox player and nvidia shield - so 2 differents networks and a VLAN for the freebox player). this plug then gets into the brocade in the VLAN100 tagged port. I was not able to get the NAS from the shield. It is plugged on the VLAN100 tagged port so that is probably why I can't reach it.
If you assign 'dual-mode' on the port where it plugs into the Brocade, it will allow your tagged freebox player on VLAN 100 to communicate, plus the other devices which don't use tags to talk on the default untagged VLAN - assuming that the switch everything is plugged into behind the TV supports VLAN tags. If it doesn't then the switch will need to be replaced with one that does, or a network cable run just for the freebox player.
 

LodeRunner

Active Member
Apr 27, 2019
540
227
43
I have a totally newbie question: if I put all the brocade ports in the VLAN100, with both network (10.11.12.x and 192.168.1.x), will it work ?
You would potentially have two DHCP servers in the same broadcast domain (VLAN 100) so devices could get the wrong subnet.

Use dual-mode as indicated by Lone Wolf so that devices with no tagging get put in the default VLAN.
 

sergi0

Active Member
Dec 4, 2016
131
44
28
67
I manage to find some good manual to dual-mode the 2 ports. It was not possible via GUI but I did it using the terminal (the doc I have present a GUI sligthly different from the one I have - I use foshdeesha guide to update everything).

Here is what I have after dual-moded the 2 ports :

Code:
SSH@bro6450#show vlan
Total PORT-VLAN entries: 2
Maximum PORT-VLAN entries: 64

Legend: [Stk=Stack-Id, S=Slot]

PORT-VLAN 1, Name DEFAULT-VLAN, Priority level0, Spanning tree Off
 Untagged Ports: (U1/M1)   1   2   3   4   5   6   7   8   9  10  11  12
 Untagged Ports: (U1/M1)  13  14  16  18  19  20  21  22  23  24
 Untagged Ports: (U1/M2)   1   2   3   4
   Tagged Ports: None
   Uplink Ports: None
 DualMode Ports: None
 Mac-Vlan Ports: None
     Monitoring: Disabled

PORT-VLAN 100, Name TV, Priority level0, Spanning tree Off
 Untagged Ports: None
   Tagged Ports: None
   Uplink Ports: None
 DualMode Ports: (U1/M1)  15  17
 Mac-Vlan Ports: None
     Monitoring: Disabled

SSH@bro6450#

I plugged the freebox server into 1/1/15 and TV one into 1/1/17 and I did not have Internet on the rest of the network (10.11.12.x), and I did not get the TV either on the freebox player.

Of course, if I plugged the freebox server into any other ports, I have Internet access, but the TV does not get in touch with freebox server, neither did the shield gets access to Internet (which it should considering the port is in dual mode configuration and the shield is on the same network as 10.11.12.x.
 

sergi0

Active Member
Dec 4, 2016
131
44
28
67
You would potentially have two DHCP servers in the same broadcast domain (VLAN 100) so devices could get the wrong subnet.

Use dual-mode as indicated by Lone Wolf so that devices with no tagging get put in the default VLAN.
I have only one DHCP server on my network, it is on the freebox server for 192.168.1.x network. For 10.11.12.x everything is manually set.

Regarding the VLAN stuff, it is clearly a little bit out of my area of expertise so I need to read more on it. The specific configuration of the STB is also painfull. I won't have these problems if I put 2 differents RJ45 inside the wall on the TV area. I put only one so I must deal with this shitup ;).
 

sergi0

Active Member
Dec 4, 2016
131
44
28
67
Which port goes to your router? That port must also be tagged with VLAN 100 and dual mode
The freebox server goes into port 15 and the freebox player is behind a switch that goes into port 17. Both in VLAN100. The switch near the TV is a very simple one that let everything pass.
 

Lone Wolf

Member
Apr 3, 2022
47
9
8
I looked up what a freebox server is since I had no idea what it is, and I see that it IS your router.


How do you have things wired up now? Earlier you said, if I understood your diagram properly, that the freebox player was plugged directly into the freebox server, and an OpenBSD firewall was plugged directly into the freebox server as well with the rest of your network behind that. Is it still like that? I am guessing not.

What happens if you plug the TV directly into port 17, bypassing the switch near the TV? Does it still work? What happens if you then plug the Shield directly into port 17? Does it work? This should help you determine if you have the VLANs and dual modes set up correctly.

I am also assuming that the freebox talks on VLAN 100 and untagged VLAN at the same time, rather than expecting everything to be tagged VLAN100.
 
Last edited:

Lone Wolf

Member
Apr 3, 2022
47
9
8
I had a closer look and compared your 'show vlan' to mine. Yours looks quite different than mine. I don't think you have it set up right. Here is my config:

PORT-VLAN 1, Name DEFAULT-VLAN, Priority level0, Spanning tree Off
Untagged Ports: (U1/M1) 1 2 3 4 5 6 7 8 9 10 11 12
Untagged Ports: (U1/M1) 13 14 15 16 17 18 19 20 21 22 23 24
Untagged Ports: (U1/M1) 25 26 27 28 29 30 31 32 33 34 35 36
Untagged Ports: (U1/M1) 37 38 39 40 41 42 43 44 45 46 47
Untagged Ports: (U1/M2) 1 2 4
Tagged Ports: None
Uplink Ports: None
DualMode Ports: (U1/M1) 48
DualMode Ports: (U1/M2) 3
Mac-Vlan Ports: None
Monitoring: Disabled

PORT-VLAN 5, Name [None], Priority level0, Spanning tree Off
Untagged Ports: None
Tagged Ports: (U1/M1) 48
Tagged Ports: (U1/M2) 3
Uplink Ports: None
DualMode Ports: None
Mac-Vlan Ports: None
Monitoring: Disabled

And here is yours:

PORT-VLAN 1, Name DEFAULT-VLAN, Priority level0, Spanning tree Off
Untagged Ports: (U1/M1) 1 2 3 4 5 6 7 8 9 10 11 12
Untagged Ports: (U1/M1) 13 14 16 18 19 20 21 22 23 24
Untagged Ports: (U1/M2) 1 2 3 4
Tagged Ports: None
Uplink Ports: None
DualMode Ports: None
Mac-Vlan Ports: None
Monitoring: Disabled

PORT-VLAN 100, Name TV, Priority level0, Spanning tree Off
Untagged Ports: None
Tagged Ports: None
Uplink Ports: None
DualMode Ports: (U1/M1) 15 17
Mac-Vlan Ports: None
Monitoring: Disabled

Your setup is different than mine. Here are the commands from my documentation of how I got my VLANs to work with both tagged and untagged. I adjusted it for your VLAN. You may have to undo some of the settings in your VLAN100 first:

enable
conf t
vlan 100
tagged ethernet 1/1/15
tagged ethernet 1/1/17
exit
interface ethernet 1/1/15
dual-mode
interface ethernet 1/1/17
dual-mode

Try it out and see if it works. If it does, don't forget to do a 'write mem'
 

sergi0

Active Member
Dec 4, 2016
131
44
28
67
Arff, my explanation were clearly lacking of a good diagram... the FW is behind the freebox server (router) and deserve only 10.11.12.x lan. right now I have a setup that works but need another switch besides the brocade (the one with the TV is not an issue, see later).

For my setup to work, I have the freebox server plugged in a switch (netgear without management - 5 ports) and the TV RJ45 is also plugged in this switch (my walls are wired, so when i say TV RJ45 I mean the cables that get out of the wall and comes from the TV area RJ45 plug). There is another RJ45 cables between this switch and the brocade. I don't use the 15 and 17 ports (VLAN100) in this setup.
In this configuration, everything work fine as the brocade don't have to deal with the VLAN stuff.

I may have not correctly configure the VLAN as when instead of the 5 ports switch, I plug the freebox player/server in port 15 and 17 I still don't have the TV or I should have it.

Did you give a look at my show vlan command ?