Drag to reposition cover

Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

Wolfstar

Active Member
Nov 28, 2015
159
83
28
48
Thanks @fohdeesha and others for all the great info here! I picked myself up an ICX6450-48P and have it running.

Does anyone know how to get the ICX6450-48P to obtain IPv6 ULA and Global addresses from an upstream router or dhcpv6 server?

I have a switch port using ipv4 dhcp and it gets the ipv4 address assignments from my dhcp server, etc so I can ssh to the switch. I've also enabled ipv6 on the port and it assigns a LLA to which I can ssh (example: ssh -6 root@fe80::6e6c:f1ef:aed2:800%internal1), but I can't find configuration options to direct the switch to also obtain an ipv6 ULA or Global address (which do work for all other ipv6 devices on my network) for that port.
OH MY GOD YES THIS. I've been tearing my hair out for literally months trying to figure out how to get my 6450 to pull Global addresses from my upstream pfSense router. I'd recently come to the conclusion that the limited L3 stack on the 6450 just won't support it, but hadn't tried with my 6610 yet (still trying to figure out the best way to integrate into my network).
 

JoshDi

Active Member
Jun 13, 2019
246
120
43
I just setup my ICX6450-48 (non poe version) with the latest Layer 3 firmware and have all 4 SPF+ ports enabled.

Can I use the SPF+ uplink ports and assign them to a vlan / use them like the 48x 1gbe ports? Or are the true uplink ports and carry all VLANs?

I have a Qnap QSW-804-4C 8-Port Unmanaged 10GbE Switch that I use for 3 10gbe hosts, but now that I have all 4 SPF+ ports on the ICX 6450 enabled, I was wondering if I can get rid of it and just use the 4 SPF+ ports as 10gbe ports on a VLAN.

Please let me know if this possible
 

Wolfstar

Active Member
Nov 28, 2015
159
83
28
48
The SFP+ ports can all function in either manner - either they can be uplink/tagged ports or access/untagged ports - that's up to you to configure them the way you want.

By default, the SFP+ ports are untagged and would work just like an unmanaged switch without any configuration.
 
  • Like
Reactions: JoshDi

JoshDi

Active Member
Jun 13, 2019
246
120
43
sweet thanks. I guess I dont need my Qnap QSW-804-4C 8-Port Unmanaged 10GbE Switch anymore!

anyone have any experience running port mirroring with snort and a pfSense router with these switches?
 

Jason Spangler

New Member
Nov 17, 2019
3
3
3
Austin, TX
I have a switch port using ipv4 dhcp and it gets the ipv4 address assignments from my dhcp server, etc so I can ssh to the switch.
Apparently I got a little ahead of myself - the switch was not forwarding IPv4 traffic to/from my router machine over that same port that I had configured the dhcp client to assign an address (and to which I was ssh'ing). But when I moved the cable to another port it worked fine (basically functioning as a drop-in replacement for my previous dumb unmanaged consumer switch, which I though would be a good place to start before figuring out vlans, etc) but of course I can't ssh to the switch now.

Any advice on how to get the same port on the switch to both forward traffic to/from the rest of the switch ports while also using the dhcp client to assign an IPv4 address to the port for ssh in, etc (so that I only need one cable/port to go to the router machine)?

Apologizes in advance if this is something simple I just can't find in the documentation - I have little experience with managed switches. Thanks!

Edit: I suspected "port state is BLOCKING" vs "port state is FORWARDING" might be the cause of the issue, but apparently an empty port shows as BLOCKING.
 
Last edited:

fohdeesha

Kaini Industries
Nov 20, 2016
2,728
3,075
113
33
fohdeesha.com
I just setup my ICX6450-48 (non poe version) with the latest Layer 3 firmware and have all 4 SPF+ ports enabled.

Can I use the SPF+ uplink ports and assign them to a vlan / use them like the 48x 1gbe ports? Or are the true uplink ports and carry all VLANs?

I have a Qnap QSW-804-4C 8-Port Unmanaged 10GbE Switch that I use for 3 10gbe hosts, but now that I have all 4 SPF+ ports on the ICX 6450 enabled, I was wondering if I can get rid of it and just use the 4 SPF+ ports as 10gbe ports on a VLAN.

Please let me know if this possible
the SFP+ ports operate exactly like the copper ports, and just like them, come default set to untagged in vlan 1 - you can change them however you please
 
  • Like
Reactions: JoshDi

fohdeesha

Kaini Industries
Nov 20, 2016
2,728
3,075
113
33
fohdeesha.com
Apparently I got a little ahead of myself - the switch was not forwarding IPv4 traffic to/from my router machine over that same port that I had configured the dhcp client to assign an address (and to which I was ssh'ing). But when I moved the cable to another port it worked fine (basically functioning as a drop-in replacement for my previous dumb unmanaged consumer switch, which I though would be a good place to start before figuring out vlans, etc) but of course I can't ssh to the switch now.

Any advice on how to get the same port on the switch to both forward traffic to/from the rest of the switch ports while also using the dhcp client to assign an IPv4 address to the port for ssh in, etc (so that I only need one cable/port to go to the router machine)?

Apologizes in advance if this is something simple I just can't find in the documentation - I have little experience with managed switches. Thanks!

Edit: I suspected "port state is BLOCKING" vs "port state is FORWARDING" might be the cause of the issue, but apparently an empty port shows as BLOCKING.
skip DHCP altogether and just give it a static IP like the main update / config guide in this thread has you do, it will save you a lot of time and headache. The guide is aimed at exactly your use case, to configure it as a "drop-in dumb switch" that also happens to have an IP for management. just choose an IP yourself and assign it statically as the guide instructs
 
  • Like
Reactions: Jason Spangler

juey

Member
Oct 1, 2018
56
16
8
Germany
Apparently I got a little ahead of myself - the switch was not forwarding IPv4 traffic to/from my router machine over that same port that I had configured the dhcp client to assign an address (and to which I was ssh'ing). But when I moved the cable to another port it worked fine (basically functioning as a drop-in replacement for my previous dumb unmanaged consumer switch, which I though would be a good place to start before figuring out vlans, etc) but of course I can't ssh to the switch now.

Any advice on how to get the same port on the switch to both forward traffic to/from the rest of the switch ports while also using the dhcp client to assign an IPv4 address to the port for ssh in, etc (so that I only need one cable/port to go to the router machine)?

Apologizes in advance if this is something simple I just can't find in the documentation - I have little experience with managed switches. Thanks!

Edit: I suspected "port state is BLOCKING" vs "port state is FORWARDING" might be the cause of the issue, but apparently an empty port shows as BLOCKING.
Create a VE, assign that to your vlan and let the VE take the dhcp address, or, which i prefer, use static ip addresses as said by fohdeesha.

I would expect the blocking state on your uplink port ? be aware, if you do not know what you were doing, you can block your network with multiple vlans by using a single stp instance. Configure multiple instances (MSTP) for each of your vlans or disable spanning tree to avoid such nasty things where multiple vlans will be routed among each other and being sent/received on one uplink port.
 
Last edited:

Jason Spangler

New Member
Nov 17, 2019
3
3
3
Austin, TX
skip DHCP altogether and just give it a static IP like the main update / config guide in this thread has you do, it will save you a lot of time and headache. The guide is aimed at exactly your use case, to configure it as a "drop-in dumb switch" that also happens to have an IP for management. just choose an IP yourself and assign it statically as the guide instructs
This is what I eventually did and it worked - thanks.

After resetting the port back to default, I can't even find the commands I used to enable dhcpv4 and IPv6 on the port anymore - so I have lost the ipv6 connectivity into the switch console. I'm running FastIron 8.0.30t on an ICX 6450-48P, and it appears from docs that later versions have more dhcp-client commands available.

Edit: I got the ipv6 LLA back via interface ve 1 then ipv6 enable, and checked it via show ipv6 interface ve 1.

Edit #2: the interface is showing a GUA in the expected address range, but it does not respond to ping or ssh like the LLA does:

Code:
switch(config)#show ipv6 interface ve 1

Interface Ve 1  is up, line protocol is up
  vlan id: 1, vlan index: 1, ve type: 1
  members: ethe 1/1/1 to 1/1/48 ethe 1/2/1 to 1/2/4
  active: ethe 1/1/1 ethe 1/1/5 ethe 1/1/19 ethe 1/1/24 ethe 1/1/33 to 1/1/35 ethe 1/1/43 ethe 1/1/48
  IPv6 is enabled, link-local address is fe80::768e:f8ff:fed5:800 [Preferred]
  Global unicast address(es):
    2605:6000:ecc0:7e03:768e:f8ff:fed5:800 [Preferred],  subnet is 2605:6000:ecc0:7e03::/64
  Joined group address(es):
    ff02::1:ffd5:800
    ff02::1
  Port belongs to VRF: default-vrf
  MTU is 1500 bytes
  ICMP redirects are disabled,  Router preference: Medium
  ND DAD is enabled, number of DAD attempts: 3
  ND reachable time is 30000 miliseconds
  ND retransmit interval is 1000 miliseconds
  ND advertised reachable time is 0 seconds
  ND advertised retransmit interval is 0 miliseconds
  ND router advertisements are sent every 400 seconds
  ND router advertisements live for 1800 seconds
  Hosts use stateless autoconfig for addresses
  No Inbound Access List Set
  Outbound Access List
 
Last edited:

JSchuricht

Active Member
Apr 4, 2011
198
74
28
Need some help diagnosing the rear breakout ports on a ICX6610. I'm not sure if the switch I got has an issue or if I have a cable incompatibility or both.

I have one ICX6610 and two Dell P8T4W QSFP to SFP+ breakout cables. I can get 2/2/7 and 2/2/8 to link to a Intel X520 card but the other 6 ports appear dead with either cable and any NIC. My switch shows stack ID2 but stacking has been disabled, firmware updated with settings from fohdeesha's guides.

I am not sure if I missed something that is keeping 2/2/2 to 2/2/5 disabled and/or the cables I bought have an issue with two ports. I know I only tested one port on one cable when I had the switch on a bench but I thought I tried both QSFP ports on the switch before racking it which has me puzzled on why it's dead now.

I have tried setting speed-duplex 10g-full and disabling then enabling the ports with no change. The one thing that stands out to me is the web interface front panel view of the back panel shows 2/2/2 to 2/2/5 up and 2/2/7 to 2/2/10 down regardless of cables plugged into them.

Any ideas on how I can test this with only one ICX6610 and no other switches with QSFP breakout ports?

Code:
SSH@ICX6610-48P Router(config)#show interface brief ethernet 2/2/1 to 2/2/10

Port       Link    State   Dupl Speed Trunk Tag Pvid Pri MAC             Name
2/2/1      Down    None    None None  None  Yes 1    0         
2/2/2      Down    None    None None  None  Yes 1    0          
2/2/3      Down    None    None None  None  Yes 1    0           
2/2/4      Down    None    None None  None  Yes 1    0           
2/2/5      Down    None    None None  None  Yes 1    0        
2/2/6      Down    None    None None  None  Yes 1    0         
2/2/7      Up      Forward Full 10G   None  Yes 1    0           
2/2/8      Up      Forward Full 10G   None  Yes 1    0         
2/2/9      Down    None    None None  None  Yes 1    0        
2/2/10     Down    None    None None  None  Yes 1    0
Code:
SSH@ICX6610-48P Router(config)#show run
Current configuration:
!
ver 08.0.30tT7f3
!
stack unit 2
  module 1 icx6610-48p-poe-port-management-module
  module 2 icx6610-qsfp-10-port-160g-module
  module 3 icx6610-8-port-10g-dual-mode-module
stack suggested-id 1
!
!
!
 

JSchuricht

Active Member
Apr 4, 2011
198
74
28
No go.
Code:
SSH@ICX6610-48P Router(config)#no stack unit 2
Error - stack 2 can't be removed.
SSH@ICX6610-48P Router(config)#stack unconfigure clean
Invalid input -> unconfigure clean
Type ? for a list
SSH@ICX6610-48P Router(config)#
I did run the no stack commands from your guide, do you think this is a stack issue?
enable
conf t
stack unit 1
no stack-trunk 2/2/1 to 2/2/2
no stack-trunk 2/2/6 to 2/2/7
exit
write mem
 

JSchuricht

Active Member
Apr 4, 2011
198
74
28
Code:
SSH@ICX6610-48P Router#stack unconfigure clean
This command is not available on standalone or Active Controller
 

JSchuricht

Active Member
Apr 4, 2011
198
74
28
I'll do a reset in a bit. When I initially updated the firmware with your guide, I tried to clear the stack id 2. The only thing I came up with on google was that after removing a switch from a stack it retains it's stack id when in standalone mode and can only be changed during stack setup. Hopefully the factory set-default fixes the ports anyways, I had submitted to the stack id 2 as being a cosmetic nuisance. Thanks.
 

JSchuricht

Active Member
Apr 4, 2011
198
74
28
Missed the bootloader during reload and spotted something that may be useful.



Code:
ICX6610-48P Router>Parsing Config Data ...
Invalid input -> Parsing Config Data ...
Type ? for a list
ICX6610-48P Router>------------------------------------------------------------------
Invalid input -> ------------------------------------------------------------------
Type ? for a list
ICX6610-48P Router>M:9 L:0 - chow_qsfp_read, qsfp 2, error in seting up mux
Invalid input -> M:9 L:0 - chow_qsfp_read, qsfp 2, error in seting up mux
Type ? for a list
ICX6610-48P Router>------------------------------------------------------------------
Invalid input -> ------------------------------------------------------------------
Type ? for a list
ICX6610-48P Router>M:9 L:0 - link_40G_4x10G_get_media: qsfp 2, port 2/2/2 error in reading qsfp
Invalid input -> M:9 L:0 - link_40G_4x10G_get_media: qsfp 2, port 2/2/2 error in reading qsfp
Type ? for a list
ICX6610-48P Router>chow_40G_4x10G_get_media: error in reading qsfp 2/2/2
Invalid input -> chow_40G_4x10G_get_media: error in reading qsfp 2/2/2
Type ? for a list
ICX6610-48P Router>------------------------------------------------------------------
Invalid input -> ------------------------------------------------------------------
Type ? for a list
ICX6610-48P Router>M:9 L:0 - chow_qsfp_read, qsfp 3, error in seting up mux
Invalid input -> M:9 L:0 - chow_qsfp_read, qsfp 3, error in seting up mux
Type ? for a list
ICX6610-48P Router>------------------------------------------------------------------
Invalid input -> ------------------------------------------------------------------
Type ? for a list
ICX6610-48P Router>M:9 L:0 - link_40G_4x10G_get_media: qsfp 3, port 2/2/7 error in reading qsfp
Invalid input -> M:9 L:0 - link_40G_4x10G_get_media: qsfp 3, port 2/2/7 error in reading qsfp
Type ? for a list
ICX6610-48P Router>chow_40G_4x10G_get_media: error in reading qsfp 2/2/7
Invalid input -> chow_40G_4x10G_get_media: error in reading qsfp 2/2/7
Type ? for a list
ICX6610-48P Router>
Power supply 1  detected.
 
Last edited:

JSchuricht

Active Member
Apr 4, 2011
198
74
28
factory set-default worked on all 8 breakout ports.

Weird thing is googling chow_qsfp_read had just one hit which is page 50 of this thread. It looks like vlan tagging might be a common cause. I tagged 6 vlans with one being dual mode for all 8 ports just before connecting them. Didn't think anything of it at the time since vlans shouldn't prevent a link.

Thanks again.
 

Smbaker

New Member
Oct 9, 2019
23
17
3
Not sure if that's possible at all on the 6450; they're 3-pin fans, so they're controlled by directly varying the supply voltage. There's no PWM pin.
You can still PWM a 3-pin fan, you just use a transistor to drive the power (or the ground) pin. A little tricky to read the tachometer, but there's a solution for that too -- you pulse stretch the PWM every so often long enough to take a tach reading from it.

Has anyone put an oscilloscope on the fan output on the 6450 to see exactly what's going on there? A multimeter on a PWM signal will often read as a voltage, particularly if there's a capacitor filter involved.
 

JoshDi

Active Member
Jun 13, 2019
246
120
43
I have two extra Sunon MB40201VX-0000-G99 10CFM, low noise replacement fans that I didnt use for my ICX6450 switch (mine only need 1 fan replaced). I have changed the pin order so that it works correctly with the brocade switch.

I can also include two 1.25" machine head 8-32 bolts and nuts so you can mount this fan, and I have a low noise adapter, if you want to make these extra quiet. PM me if you are interested in 1 or both of these kits.