Brocade ICX 7250 - management port not responding

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

rdv4rjm

New Member
Feb 24, 2021
7
0
1
Bought this layer 3 switch on Ebay.
SFP ports are not working. I presumed it was a configuration issue.
I have worked on it for days to find a way to enter the configuration mode, and never succeeded.

Tried hard reset dozen of times, but it does not react as stated in the manual:
amber lights should start flashing when holding reset button on power up.

When connecting the serial port, it is not recognized as such nor in windows or Linux or Mac.
I have tried hundreds of times plugging the cable before, while of after booting.
It never worked.

I surfed the net and tried every suggestion I could find, nothing worked.

I opened it up. There is a battery like those used in computers for the cmos. Would pulling it out help or would it be risky? I couldn`t find anything about it on the internet.

If anyone had a suggestion, it would be much appreciated.

Thanks in advance.
 

tubs-ffm

Active Member
Sep 1, 2013
171
57
28
When connecting the serial port, it is not recognized as such nor in windows or Linux or Mac.
I have tried hundreds of times plugging the cable before, while of after booting.
It never worked.
Only to make sure.
The RJ45 management port is a network port that needs to be configured first
The serial console port is the mini USB port that requires a serial cable with mini USB connector.
 

niron

New Member
Feb 24, 2021
1
0
1
What kind of cable are you actually using to connect to it? I know you can use just mini-usb to usb cables on Juniper devices because they have a built in FTDI chip to provide the serial port, but the Brocade console cable looks to be just a mini-usb to rj45 cable that needs to be connected to an already configured serial port.
 
Feb 19, 2021
45
29
18
I own this switch. You need to search for "7250 console" in these forums. There you will find the pin-outs for the console port which you will be splicing to a male mini-usb. I built mine based off these forums using a typical cisco console cable which plugs into a keystone jack where I punched down 3 wires from the usb. At any time while it's running/booting you can use a terminal emulator like putty or securecrt using 9600, N, 8 , 1 you can the login to the switch and start your journey. Read the exhaustive guide that is in this forum on the icx 7250.
 

rdv4rjm

New Member
Feb 24, 2021
7
0
1
What kind of cable are you actually using to connect to it? I know you can use just mini-usb to usb cables on Juniper devices because they have a built in FTDI chip to provide the serial port, but the Brocade console cable looks to be just a mini-usb to rj45 cable that needs to be connected to an already configured serial port.
I am using a serial cable mini USB to usb. Same cable as I use on all my Aruba Switches.
 

rdv4rjm

New Member
Feb 24, 2021
7
0
1
I own this switch. You need to search for "7250 console" in these forums. There you will find the pin-outs for the console port which you will be splicing to a male mini-usb. I built mine based off these forums using a typical cisco console cable which plugs into a keystone jack where I punched down 3 wires from the usb. At any time while it's running/booting you can use a terminal emulator like putty or securecrt using 9600, N, 8 , 1 you can the login to the switch and start your journey. Read the exhaustive guide that is in this forum on the icx 7250.
Thanks for the lead.
Will check this out.
 

tubs-ffm

Active Member
Sep 1, 2013
171
57
28
What kind of cable are you actually using to connect to it? I know you can use just mini-usb to usb cables on Juniper devices because they have a built in FTDI chip to provide the serial port, but the Brocade console cable looks to be just a mini-usb to rj45 cable that needs to be connected to an already configured serial port.
The ICX 7250 does not have a build in FTDI chip. It is pure serial connection, but on a mini USB port. The original cable provided together with a new device is quite expensive if you want to buy it as a spare part and in in some areas difficult to get.

The pin layout is described in the manual. Here in this forum, you can find several different concepts for self-made cables, either build from scratch or as adaptor to other console cables.

I followed this instruction to build an adaptor for a Cisco console cable.

Got my 7250-24P today and initially I powered it up without the console plugged in. This unit takes way longer to boot than the 6610 and I thought it was DOA since the fans weren't coming down.

I built a mini-usb to RJ45 so I could use my standard Cisco cable and then I saw that it was in fact booting, it just sits at "Starting Kernel" for a long time before moving along..

Here is the pinout for the contraption I made. Seems to be working well.
Code:
Mini-USB           Keystone (568B)
========            ===============
1 (VCC)            N/C
2 (UART RX)        6 (Grn)
3 (UART TX)        3 (Grn/Wht)
4 (Reserved)       N/C
5 (GND)            4 (Blue)
Off to tinker!!

Thanks!!
Riley
 

rdv4rjm

New Member
Feb 24, 2021
7
0
1
I used my usb serial adapter, chopped a serial cable extension and used the part with appropriate DP9, and wired it to a mini-usb following the schematic.
No luck so far.

If I could at least reset the switch, but this doesn`t work either.

Not very promising so far.
 

rdv4rjm

New Member
Feb 24, 2021
7
0
1
I had to give a negative comment for something to give way.

I connected the out-of-band port to the network on same switch as my workstation.
I connected the serial cable I made, and booted.

Putty still cannot access the configuration panel.
On the other hand, my network scanner detected for the first time this new user: Brocade, on same the same subnet as my workstation.
I can access the web configuration page.


Trying to login It displays: The site says: Realm1

I tried the defaults:

  • default local username: super
  • default password: sp-admin
No luck.

The background display says: This object on the ICX7250 is protected.

So, I am at the door. a locked one.
Will keep knocking
 

rdv4rjm

New Member
Feb 24, 2021
7
0
1
Not able to SSH

Tried to Telnet : I am in.

Is programming language similar to Aruba and Cisco?

If so, I should be able to mange from here on, for a while.

Thanks for the help!!
 

tubs-ffm

Active Member
Sep 1, 2013
171
57
28
Not able to SSH
Tried to Telnet : I am in.

Is programming language similar to Aruba and Cisco?

If so, I should be able to mange from here on, for a while.
SSH of and telnet and http on was the default setting for me after reset.

I was not familiar with any switch language before. But with the good instruction of @fohdeesha I was able to set-up everything and get the basic understanding.
ICX7250 / ICX7450 - Fohdeesha Docs

The rest I found in the Fastiron manuals and in this huge thread linked below:

NOTE #1: do not PM me with switch questions unless they are license requests, they will be ignored. Post them in this public thread, where hundreds of other members can also answer, and the answer will be public for future users

NOTE #2: some of these models require license unlocks. PM or email me to request one (they are free).

Starting a master thread for a few of my favorite affordable switches - I've been using and reverse engineering this switch line for years and figured it's time to share the goodies. The prices below fluctuate a lot with demand and with the best offer feature can usually be beaten. Switches are listed in order of raw capacity/capability, not price.

Choice Beef Cuts:

Brocade FCX - ~$30 on ebay
  • original beef
  • 24/48 1gbE copper (PoE available)
  • I recommend these as a very cheap platform to learn networking with (as they support everything, including BGP), or a lab box. For switches to use in your permanent home network, you might want to look below at the newer models
  • Full layer 3, IPV4 + IPV6 routing, L2/L3/L4 ACL's, VRRP, OSPF, SNMP, sflow, VRFs, tunnels, BGP
  • No 10gbE by default. See Here for notes on adding 10gbE cards
  • The non-PoE models are a little quieter than a dell R710 or ICX6610
  • The PoE models are the loudest switch I've ever used - not recommended for home
  • Fans cannot be modified
  • ~40w power draw
  • 2x redundant hot-swap PSU's
  • Aggregate capacity: 152gbps / 114Mpps (wirespeed regardless of features enabled)
  • Again, these are best for a lab environment on a budget where you don't care about a bunch of 10gbE or noise, but want advanced networking features such as BGP and VRFs

  • Datasheet
Brocade ICX7150-C12P - ~$280 on ebay





Brocade ICX6450 - ~$120 on ebay
  • the beef snack
  • 24/48 1gbE copper (PoE available)
  • 4x 10gbE SFP+
  • Full layer 3, IPV4 + IPV6 routing, L2/L3/L4 ACL's, VRRP, OSPF, SNMP, sflow, all the usual
  • 25w power draw for the 24-port models with or without PoE
  • 50w power draw for the 48-port models with or without PoE
  • 1 small fan, nearly silent (48 port and PoE models have 2 or 3 fans, but they can be removed if you're not using near full PoE load)
  • single built in PSU
  • fans can be modified/replaced to run even quieter/near silent
  • Aggregate capacity: 176gbps / 132Mpps (wirespeed regardless of features enabled)

  • Datasheet
  • FAQ
  • Architecture Brief
Brocade ICX7250 - ~$300 on ebay

  • medium beef
  • 24/48 1gbE copper (PoE available)
  • 8x 10gbE SFP+
  • Full layer 3, IPV4 + IPV6 routing, L2/L3/L4 ACL's, VRRP, OSPF, SNMP, sflow, all the usual, but also adding VRFs and tunnels (but no BGP)
  • 50w power draw
  • nearly silent (same sound level as the ICX6450)
  • single built in PSU
  • fans can be modified/replaced to run even quieter/near silent
  • Aggregate capacity: 256gbps / 190Mpps (wirespeed regardless of features enabled)

  • Datasheet
  • STH post with detailed information




Brocade ICX6610 - ~$200 on ebay
  • the BEEF KING
  • 24/48 1gbE copper (PoE available)
  • 16x 10gbE (8x SFP+ in the front, 8x via 2 QSFP+ breakout ports on the rear)
  • 2x 40gbE (separate from the previously mentioned breakout ports)
  • Supports OpenFlow in hardware for SDN, including hybrid port mode
  • SupportS MACSEC on the SFP+ ports for 80gbps of real time L2 AES-128 encryption
  • Same OS features as ICX6450 but adds advanced protocols like BGP, VRFs, tunnels, everything
  • 80w power draw for the 24 port models with or without PoE
  • 110w power draw for the 48 port models with or without PoE
  • audible - about the same as an R710, little quieter than LB6M
  • 2x redundant hot-swap PSU's
  • Fans cannot be modified
  • Aggregate capacity: 528gbps / 396Mpps (wirespeed regardless of features enabled)

  • Datasheet
  • FAQ
  • Architecture Brief
  • (note: when the above PDF's say the QSFP ports can only be used for stacking, they're lying)
Brocade ICX6650 - ~$600 on ebay

  • beef overload
  • 64x 10gbE (56x SFP+ on front, 8x via 2x QSFP breakout on the rear)
  • 4x 40gbE via rear QSFP (separate from QSFP breakout ports)
  • Supports OpenFlow in hardware for SDN, including hybrid port mode
  • Same OS features as ICX6610 - everything including advanced protocols like BGP, VRFs, tunnels, etc
  • 120w power draw
  • audible - louder than the ICX6610, not screaming but would not want it next to you
  • 2x redundant hot-swap PSU's
  • Fans cannot be modified
  • Aggregate capacity: 1600gbps / 1190Mpps (wirespeed regardless of features enabled)
  • does NOT support stacking
  • DOES support MCT / MC-LAG (cross-chassis LACP)
  • These start to lose out cost wise compared to some Arista models with the same port count, such as the 7050T-64 which are a very good value - it's up to you if you prefer Arista's EOS or Brocade's FastIron OS

  • Datasheet
  • STH post with detailed information
Firmware + Docs:
NOTE: If you buy one of these switches, use the update guide at the following link. It will get you initially set up with a fresh slate, the latest firmware, & the latest documentation. Please do not post configuration questions, errors, etc unless you've followed this first to get set up and on the latest software:
---- Update + Config Guide ----



Software:
These all run Brocade's FastIron OS. If you've done the LB6M flash, it's the same as that (but a much newer version). If you've ever used cisco gear, the CLI is about 90% identical. It's still under active development for all of these switches (most recent firmware release for them was 2 weeks ago).

The firmware/docs are freely available from Ruckus's site (who acquired these from brocade), you just need to make a free account. I also mirror an easy to grab ZIP of the latest FW and docu on my update guide linked above.

Since it's been asked before, yes - all of these are proper ASIC L3 routers that do everything in hardware at line rate, with no oversubscription. Nothing is punted to the management CPU.

These are enterprise/datacenter switches, so the main focus is the CLI interface. However they do have a web UI - granted it's very minimal. You can see screenshots here: Imgur

Optics:
Brocade switches will take any make of optics, the brand does not matter. I've been using quite a few of the $7 dollar 10gbase-SR avago/jdsu/etc modules off of ebay with no issues for a few years. However since "official" Brocade SFP+ modules have come down in price to around $8, I would recommend those as they unlock optical monitoring, so you can see link strength, module temp, etc. They will take any manner of DAC's as well. Same goes for the 40gbE QSFP+ ports on the rear of the 6610 - optics or DACs, your choice.

NOTE: All Brocade switches are compatible with the Mikrotik S+RJ10 SFP+ 10gbase-T copper module, if you want to cheaply turn some of the sfp+ ports into rj45 10gbE copper ports: Mikrotik 6-Speed Rj-45 Module Up To 10Gbps Speeds

Other:
I've tried to keep these a secret hoping to not wreck the used market for them, but there seems to be enough on ebay now it shouldn't matter. Many STH members have already been using them and discussing them in PM's, and I figured all the info and stuff we've shared privately would be of much more use out in the open. I have reverse engineered quite a bit of all these switches and found some things that are nowhere else on the internet - I will post the discoveries I think won't get me in trouble here as I find time


 

texteditor

New Member
Oct 8, 2019
15
4
3
So the device doesn't even appear in Linux? Try a different Type-C/Type-C to Type-A cable. The cheap 10-foot ones I bought off Amazon forever ago worked and it got detected as /dev/ttyUSB0 immediately, but not all cable manufacturers follow the whole wiring spec for things just intended to be charging cables

SSH has been problematic for me though< I can only make it work with password logins work, it would take my SSH keys but not work with OpenSSH - at least with passwordless login, even if I forced kex downgrades and stuff). I ended up just setting SSH to only listen on a "secure" VLAN since I never leave non-publickey SSH open to the web in any way


(I'm running on a 7150, but effectively it should be similar)
 

tubs-ffm

Active Member
Sep 1, 2013
171
57
28
(I'm running on a 7150, but effectively it should be similar)
No need to do speculation or guessing. It is written in the manual.
The 7150 and the 7250 are different in regards of console ports.

Out of 7150 manual:
– Type-C USB console port (Type-C USB cable not included with the device)
– RS-232 console port with RJ-45 form factor (RJ-45 console cable not included with the device)
 
Last edited:

LodeRunner

Active Member
Apr 27, 2019
540
227
43
So the device doesn't even appear in Linux? Try a different Type-C/Type-C to Type-A cable. The cheap 10-foot ones I bought off Amazon forever ago worked and it got detected as /dev/ttyUSB0 immediately, but not all cable manufacturers follow the whole wiring spec for things just intended to be charging cables
Connecting a USB cable to a 7250/7450 will burn out the serial port on the switch as it is a USB port wired for serial data, not an actual USB to serial device.
 

rocketpanda40

Member
Dec 12, 2019
49
31
18
SSH has been problematic for me though< I can only make it work with password logins work, it would take my SSH keys but not work with OpenSSH - at least with passwordless login, even if I forced kex downgrades and stuff).
Fastiron requires the public key in a different format than generated by ssh-keygen. At least ime, it'll upload the normal one with no errors, but still fall back to password auth.

Where my ~/.ssh/id_rsa.pub looks like this:
Code:
ssh-rsa keydata username@hostname
the file needs to be modified like this for fastiron:
Code:
---- BEGIN SSH2 PUBLIC KEY ----
keydata 
---- END SSH2 PUBLIC KEY ----
Note the addition of the begin and end lines, and the removal of the username@hostname part.

I honestly don't remember how I figured this out, but this is what worked for me.
 

rdv4rjm

New Member
Feb 24, 2021
7
0
1
I bought the cable for Brocade Switches.
I can now access the ICX 7250 with serial port.

Thanks for the help.