Drag to reposition cover

Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

Eru0194

New Member
Jun 13, 2019
11
2
3
I’ve 2 x Mikrotik S+RJ10 SFP+ modules that my ICX6450-24P doesn’t identify and the slots just shows ”EMPTY”.
Yeah sorry, I was wrong about that. In an ICX7250 (probably works for other 7xxx switches) I was able to see some very basic information about rev. 2 S+RJ10.

Now I'm using a rev. 2 S+RJ10 in an ICX6610 but it just shows "EMPTY" like yours.
 

maes

Member
Nov 11, 2018
75
44
18
If you ever come across a way to program the PWM values to something other than the preset "low" and "high", that would be handy to know. I'd love for my low speed to be a little faster. Not much... just a little.
Not sure if that's possible at all on the 6450; they're 3-pin fans, so they're controlled by directly varying the supply voltage. There's no PWM pin.
 

D_Net

New Member
Nov 5, 2019
2
3
3
New York City
Stumbled upon this amazing thread a couple of weeks ago while researching 10Gb switches. Had previously narrowed the field down to Arista 7124SX or LB6M, when I found this treasure trove. What an amazing thread! Read the first 60 pages, and am slowing making it through the remaining 60+.

Thank you to the whole community here, but especially to fohdeesha. The wealth of information, the level of detail, the meticulous instructions the quantity of energy he has spent on this-- truly amazing! A huge thank you!

As a result, I will soon be a new owner of a ICX6610-48p. I could not resist, and pulled the trigger -- it should be arriving soon. Can't wait!
 

Jason Spangler

New Member
Nov 17, 2019
3
3
3
Austin, TX
Thanks @fohdeesha and others for all the great info here! I picked myself up an ICX6450-48P and have it running.

Does anyone know how to get the ICX6450-48P to obtain IPv6 ULA and Global addresses from an upstream router or dhcpv6 server?

I have a switch port using ipv4 dhcp and it gets the ipv4 address assignments from my dhcp server, etc so I can ssh to the switch. I've also enabled ipv6 on the port and it assigns a LLA to which I can ssh (example: ssh -6 root@fe80::6e6c:f1ef:aed2:800%internal1), but I can't find configuration options to direct the switch to also obtain an ipv6 ULA or Global address (which do work for all other ipv6 devices on my network) for that port.
 
  • Like
Reactions: Wolfstar

Wolfstar

Active Member
Nov 28, 2015
156
81
28
45
Thanks @fohdeesha and others for all the great info here! I picked myself up an ICX6450-48P and have it running.

Does anyone know how to get the ICX6450-48P to obtain IPv6 ULA and Global addresses from an upstream router or dhcpv6 server?

I have a switch port using ipv4 dhcp and it gets the ipv4 address assignments from my dhcp server, etc so I can ssh to the switch. I've also enabled ipv6 on the port and it assigns a LLA to which I can ssh (example: ssh -6 root@fe80::6e6c:f1ef:aed2:800%internal1), but I can't find configuration options to direct the switch to also obtain an ipv6 ULA or Global address (which do work for all other ipv6 devices on my network) for that port.
OH MY GOD YES THIS. I've been tearing my hair out for literally months trying to figure out how to get my 6450 to pull Global addresses from my upstream pfSense router. I'd recently come to the conclusion that the limited L3 stack on the 6450 just won't support it, but hadn't tried with my 6610 yet (still trying to figure out the best way to integrate into my network).
 

JoshDi

Active Member
Jun 13, 2019
177
58
28
I just setup my ICX6450-48 (non poe version) with the latest Layer 3 firmware and have all 4 SPF+ ports enabled.

Can I use the SPF+ uplink ports and assign them to a vlan / use them like the 48x 1gbe ports? Or are the true uplink ports and carry all VLANs?

I have a Qnap QSW-804-4C 8-Port Unmanaged 10GbE Switch that I use for 3 10gbe hosts, but now that I have all 4 SPF+ ports on the ICX 6450 enabled, I was wondering if I can get rid of it and just use the 4 SPF+ ports as 10gbe ports on a VLAN.

Please let me know if this possible
 

Wolfstar

Active Member
Nov 28, 2015
156
81
28
45
The SFP+ ports can all function in either manner - either they can be uplink/tagged ports or access/untagged ports - that's up to you to configure them the way you want.

By default, the SFP+ ports are untagged and would work just like an unmanaged switch without any configuration.
 
  • Like
Reactions: JoshDi

JoshDi

Active Member
Jun 13, 2019
177
58
28
sweet thanks. I guess I dont need my Qnap QSW-804-4C 8-Port Unmanaged 10GbE Switch anymore!

anyone have any experience running port mirroring with snort and a pfSense router with these switches?
 

Jason Spangler

New Member
Nov 17, 2019
3
3
3
Austin, TX
I have a switch port using ipv4 dhcp and it gets the ipv4 address assignments from my dhcp server, etc so I can ssh to the switch.
Apparently I got a little ahead of myself - the switch was not forwarding IPv4 traffic to/from my router machine over that same port that I had configured the dhcp client to assign an address (and to which I was ssh'ing). But when I moved the cable to another port it worked fine (basically functioning as a drop-in replacement for my previous dumb unmanaged consumer switch, which I though would be a good place to start before figuring out vlans, etc) but of course I can't ssh to the switch now.

Any advice on how to get the same port on the switch to both forward traffic to/from the rest of the switch ports while also using the dhcp client to assign an IPv4 address to the port for ssh in, etc (so that I only need one cable/port to go to the router machine)?

Apologizes in advance if this is something simple I just can't find in the documentation - I have little experience with managed switches. Thanks!

Edit: I suspected "port state is BLOCKING" vs "port state is FORWARDING" might be the cause of the issue, but apparently an empty port shows as BLOCKING.
 
Last edited:

fohdeesha

Kaini Industries
Nov 20, 2016
2,111
1,976
113
30
fohdeesha.com
I just setup my ICX6450-48 (non poe version) with the latest Layer 3 firmware and have all 4 SPF+ ports enabled.

Can I use the SPF+ uplink ports and assign them to a vlan / use them like the 48x 1gbe ports? Or are the true uplink ports and carry all VLANs?

I have a Qnap QSW-804-4C 8-Port Unmanaged 10GbE Switch that I use for 3 10gbe hosts, but now that I have all 4 SPF+ ports on the ICX 6450 enabled, I was wondering if I can get rid of it and just use the 4 SPF+ ports as 10gbe ports on a VLAN.

Please let me know if this possible
the SFP+ ports operate exactly like the copper ports, and just like them, come default set to untagged in vlan 1 - you can change them however you please
 
  • Like
Reactions: JoshDi

fohdeesha

Kaini Industries
Nov 20, 2016
2,111
1,976
113
30
fohdeesha.com
Apparently I got a little ahead of myself - the switch was not forwarding IPv4 traffic to/from my router machine over that same port that I had configured the dhcp client to assign an address (and to which I was ssh'ing). But when I moved the cable to another port it worked fine (basically functioning as a drop-in replacement for my previous dumb unmanaged consumer switch, which I though would be a good place to start before figuring out vlans, etc) but of course I can't ssh to the switch now.

Any advice on how to get the same port on the switch to both forward traffic to/from the rest of the switch ports while also using the dhcp client to assign an IPv4 address to the port for ssh in, etc (so that I only need one cable/port to go to the router machine)?

Apologizes in advance if this is something simple I just can't find in the documentation - I have little experience with managed switches. Thanks!

Edit: I suspected "port state is BLOCKING" vs "port state is FORWARDING" might be the cause of the issue, but apparently an empty port shows as BLOCKING.
skip DHCP altogether and just give it a static IP like the main update / config guide in this thread has you do, it will save you a lot of time and headache. The guide is aimed at exactly your use case, to configure it as a "drop-in dumb switch" that also happens to have an IP for management. just choose an IP yourself and assign it statically as the guide instructs
 
  • Like
Reactions: Jason Spangler

juey

Member
Oct 1, 2018
56
15
8
Germany
Apparently I got a little ahead of myself - the switch was not forwarding IPv4 traffic to/from my router machine over that same port that I had configured the dhcp client to assign an address (and to which I was ssh'ing). But when I moved the cable to another port it worked fine (basically functioning as a drop-in replacement for my previous dumb unmanaged consumer switch, which I though would be a good place to start before figuring out vlans, etc) but of course I can't ssh to the switch now.

Any advice on how to get the same port on the switch to both forward traffic to/from the rest of the switch ports while also using the dhcp client to assign an IPv4 address to the port for ssh in, etc (so that I only need one cable/port to go to the router machine)?

Apologizes in advance if this is something simple I just can't find in the documentation - I have little experience with managed switches. Thanks!

Edit: I suspected "port state is BLOCKING" vs "port state is FORWARDING" might be the cause of the issue, but apparently an empty port shows as BLOCKING.
Create a VE, assign that to your vlan and let the VE take the dhcp address, or, which i prefer, use static ip addresses as said by fohdeesha.

I would expect the blocking state on your uplink port ? be aware, if you do not know what you were doing, you can block your network with multiple vlans by using a single stp instance. Configure multiple instances (MSTP) for each of your vlans or disable spanning tree to avoid such nasty things where multiple vlans will be routed among each other and being sent/received on one uplink port.
 
Last edited:

Jason Spangler

New Member
Nov 17, 2019
3
3
3
Austin, TX
skip DHCP altogether and just give it a static IP like the main update / config guide in this thread has you do, it will save you a lot of time and headache. The guide is aimed at exactly your use case, to configure it as a "drop-in dumb switch" that also happens to have an IP for management. just choose an IP yourself and assign it statically as the guide instructs
This is what I eventually did and it worked - thanks.

After resetting the port back to default, I can't even find the commands I used to enable dhcpv4 and IPv6 on the port anymore - so I have lost the ipv6 connectivity into the switch console. I'm running FastIron 8.0.30t on an ICX 6450-48P, and it appears from docs that later versions have more dhcp-client commands available.

Edit: I got the ipv6 LLA back via interface ve 1 then ipv6 enable, and checked it via show ipv6 interface ve 1.

Edit #2: the interface is showing a GUA in the expected address range, but it does not respond to ping or ssh like the LLA does:

Code:
switch(config)#show ipv6 interface ve 1

Interface Ve 1  is up, line protocol is up
  vlan id: 1, vlan index: 1, ve type: 1
  members: ethe 1/1/1 to 1/1/48 ethe 1/2/1 to 1/2/4
  active: ethe 1/1/1 ethe 1/1/5 ethe 1/1/19 ethe 1/1/24 ethe 1/1/33 to 1/1/35 ethe 1/1/43 ethe 1/1/48
  IPv6 is enabled, link-local address is fe80::768e:f8ff:fed5:800 [Preferred]
  Global unicast address(es):
    2605:6000:ecc0:7e03:768e:f8ff:fed5:800 [Preferred],  subnet is 2605:6000:ecc0:7e03::/64
  Joined group address(es):
    ff02::1:ffd5:800
    ff02::1
  Port belongs to VRF: default-vrf
  MTU is 1500 bytes
  ICMP redirects are disabled,  Router preference: Medium
  ND DAD is enabled, number of DAD attempts: 3
  ND reachable time is 30000 miliseconds
  ND retransmit interval is 1000 miliseconds
  ND advertised reachable time is 0 seconds
  ND advertised retransmit interval is 0 miliseconds
  ND router advertisements are sent every 400 seconds
  ND router advertisements live for 1800 seconds
  Hosts use stateless autoconfig for addresses
  No Inbound Access List Set
  Outbound Access List
 
Last edited:

JSchuricht

Active Member
Apr 4, 2011
180
65
28
Need some help diagnosing the rear breakout ports on a ICX6610. I'm not sure if the switch I got has an issue or if I have a cable incompatibility or both.

I have one ICX6610 and two Dell P8T4W QSFP to SFP+ breakout cables. I can get 2/2/7 and 2/2/8 to link to a Intel X520 card but the other 6 ports appear dead with either cable and any NIC. My switch shows stack ID2 but stacking has been disabled, firmware updated with settings from fohdeesha's guides.

I am not sure if I missed something that is keeping 2/2/2 to 2/2/5 disabled and/or the cables I bought have an issue with two ports. I know I only tested one port on one cable when I had the switch on a bench but I thought I tried both QSFP ports on the switch before racking it which has me puzzled on why it's dead now.

I have tried setting speed-duplex 10g-full and disabling then enabling the ports with no change. The one thing that stands out to me is the web interface front panel view of the back panel shows 2/2/2 to 2/2/5 up and 2/2/7 to 2/2/10 down regardless of cables plugged into them.

Any ideas on how I can test this with only one ICX6610 and no other switches with QSFP breakout ports?

Code:
SSH@ICX6610-48P Router(config)#show interface brief ethernet 2/2/1 to 2/2/10

Port       Link    State   Dupl Speed Trunk Tag Pvid Pri MAC             Name
2/2/1      Down    None    None None  None  Yes 1    0         
2/2/2      Down    None    None None  None  Yes 1    0          
2/2/3      Down    None    None None  None  Yes 1    0           
2/2/4      Down    None    None None  None  Yes 1    0           
2/2/5      Down    None    None None  None  Yes 1    0        
2/2/6      Down    None    None None  None  Yes 1    0         
2/2/7      Up      Forward Full 10G   None  Yes 1    0           
2/2/8      Up      Forward Full 10G   None  Yes 1    0         
2/2/9      Down    None    None None  None  Yes 1    0        
2/2/10     Down    None    None None  None  Yes 1    0
Code:
SSH@ICX6610-48P Router(config)#show run
Current configuration:
!
ver 08.0.30tT7f3
!
stack unit 2
  module 1 icx6610-48p-poe-port-management-module
  module 2 icx6610-qsfp-10-port-160g-module
  module 3 icx6610-8-port-10g-dual-mode-module
stack suggested-id 1
!
!
!
 

JSchuricht

Active Member
Apr 4, 2011
180
65
28
No go.
Code:
SSH@ICX6610-48P Router(config)#no stack unit 2
Error - stack 2 can't be removed.
SSH@ICX6610-48P Router(config)#stack unconfigure clean
Invalid input -> unconfigure clean
Type ? for a list
SSH@ICX6610-48P Router(config)#
I did run the no stack commands from your guide, do you think this is a stack issue?
enable
conf t
stack unit 1
no stack-trunk 2/2/1 to 2/2/2
no stack-trunk 2/2/6 to 2/2/7
exit
write mem
 

JSchuricht

Active Member
Apr 4, 2011
180
65
28
Code:
SSH@ICX6610-48P Router#stack unconfigure clean
This command is not available on standalone or Active Controller
 

JSchuricht

Active Member
Apr 4, 2011
180
65
28
I'll do a reset in a bit. When I initially updated the firmware with your guide, I tried to clear the stack id 2. The only thing I came up with on google was that after removing a switch from a stack it retains it's stack id when in standalone mode and can only be changed during stack setup. Hopefully the factory set-default fixes the ports anyways, I had submitted to the stack id 2 as being a cosmetic nuisance. Thanks.