Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

iotapi322

New Member
Sep 8, 2017
19
2
3
44
Does anyone have a design or a link to a design for 3D printed rack mount ears for the ICX 6450?
Please and Thank you,
Matt
 

Wolfstar

Active Member
Nov 28, 2015
155
81
28
45
Does anyone have a design or a link to a design for 3D printed rack mount ears for the ICX 6450?
Please and Thank you,
Matt
Even the relatively light 6450 should not be using a 3D-printed rack mount - the odds of the mount cracking under the weight and the switch plummeting to its doom is very high.

You'd be better off getting either a standard rail shelf (like this one: Adjustable Rack Mount Server Shelf Shelves Rail Rails 1U 695974747404 | eBay) or maybe a regular shelf and using that.

I have that shelf (and that listing is straight from the manufacturer), and for about 8 months I had that exact shelf holding a fully-loaded 5U Intel SC5600LX Pedestal case with 14 hard drives in it. The only "damage" was to the washers I used with the cage nuts/bolts. It'd hold any switch you would want to run in a homelab with ease, and I'd even consider it (and I'm a network engineer) as a valid support option for chassis switches.
 

iotapi322

New Member
Sep 8, 2017
19
2
3
44
Yeah I was worried about that... I can't believe how difficult it is to find some damn rack ears for these things.
Thank you @Wolfstar
I actually have a set of the Adustable Rack Mount shelves you were talking about, but I want something to hold the ICX6450 in a network rack.
 

Wolfstar

Active Member
Nov 28, 2015
155
81
28
45
Yeah I was worried about that... I can't believe how difficult it is to find some damn rack ears for these things.
Thank you @Wolfstar
I actually have a set of the Adustable Rack Mount shelves you were talking about, but I want something to hold the ICX6450 in a network rack.
Yeah, it's not a trivial find, though you'd think it would be. On the other hand, we have an absolute beast of a time finding FCX648 rack ears as well for work, and people hoard them like misers when they do find them.
 

Wolfstar

Active Member
Nov 28, 2015
155
81
28
45

infoMatt

Active Member
Apr 16, 2019
157
60
28
Does anyone have a design or a link to a design for 3D printed rack mount ears for the ICX 6450?
Please and Thank you,
Matt
Read the last few pages, I've posted the measurements of the ears of my switch, you can recreate those with a piece of sheet metal and a drill... nothing fancy, it's just an "L shaped" piece of steel...
Paying $65 for those simple items it's crazy, IMHO... Heck, you can even just place it on top of the equipment placed below it, it weighs nothing...
 

LodeRunner

Member
Apr 27, 2019
49
26
18
I think I have a bad NAND chip, or something. Any things I can try to revive this unit via uboot?
I have already used FTFP in uboot to reload the primary, secondary, and boot images, same result; and I tried a full TFTP boot, but it still errors out at the same point. I trimmed a lot of data (very long hex dumps), but I have the original PuTTY log that I can share if needed.
Code:
Ruckus Wireless Bootloader: 10.1.14T225 (Nov 15 2018 - 04:59:18 -0800)

Booted from partition 2
DRAM:  Validate Shmoo parameters stored in flash ..... OK

ICX7150-12 (POE), PVT1
SYS CPLD VER: 0x4 Released Ver: 0xa

device 0 offset 0x0, size 0xc0000
Enter 'b' to stop at boot monitor:
device 0 offset 0x0, size 0xc0000
bootdelay: ===
Booting image from Primary

NAND read: device 0 offset 0x0, size 0x2000000
 33554432 bytes read: OK
## Loading kernel from FIT Image at 70000200 ...
   Using 'conf@1' configuration
   Trying 'kernel@2' kernel subimage
     Description:  Ruckus Linux MN VER=08.0.80e
     Type:         Kernel Image
     Compression:  lzma compressed
     Data Start:   0x70213ff0
     Data Size:    2184164 Bytes = 2.1 MiB
     Architecture: ARM
     OS:           Linux
     Load Address: 0x61008000
     Entry Point:  0x61008000
     Hash algo:    crc32
     Hash value:   29a83c27
## Loading kernel from FIT Image at 70000200 ...
   Using 'conf@1' configuration
   Trying 'kernel@2' kernel subimage
     Description:  Ruckus Linux MN VER=08.0.80e
     Type:         Kernel Image
     Compression:  lzma compressed
     Data Start:   0x70213ff0
     Data Size:    2184164 Bytes = 2.1 MiB
     Architecture: ARM
     OS:           Linux
     Load Address: 0x61008000
     Entry Point:  0x61008000
     Hash algo:    crc32
     Hash value:   29a83c27
   Verifying Hash Integrity ... crc32+ OK
## Loading ramdisk from FIT Image at 70000200 ...
   Using 'conf@1' configuration
   Trying 'ramdisk@1' ramdisk subimage
     Description:  Ramdisk -rootfs
     Type:         RAMDisk Image
     Compression:  lzma compressed
     Data Start:   0x7042fd88
     Data Size:    25430519 Bytes = 24.3 MiB
     Architecture: ARM
     OS:           Linux
     Load Address: 0x00000000
     Entry Point:  0x00000000
     Hash algo:    crc32
     Hash value:   960fb2cd
   Verifying Hash Integrity ... crc32+ OK
## Loading fdt from FIT Image at 70000200 ...
   Using 'conf@1' configuration
   Trying 'fdt@3' fdt subimage
     Description:  Flattened Device Tree blob
     Type:         Flat Device Tree
     Compression:  uncompressed
     Data Start:   0x7042db30
     Data Size:    8607 Bytes = 8.4 KiB
     Architecture: ARM
     Hash algo:    crc32
     Hash value:   6fc9a37b
   Verifying Hash Integrity ... crc32+ OK
   Loading fdt from 0x7042db30 to 0x65008000
   Booting using the fdt blob at 0x65008000
   Uncompressing Kernel Image ... OK
   Using Device Tree in place at 65008000, end 6500d19e

Starting kernel ...

booting with 4.4 kernel
NAND Type: Micron NAND 2GiB (x 1)
PLATFORM MN
dd cmd: UBI
ubi0 error: ubi_io_read: error -74 (ECC error) while reading 1040384 bytes from PEB 841:8192, read 1040384 bytes
UBIFS error (ubi0:0 pid 565): ubifs_recover_leb: corruption -3
UBIFS error (ubi0:0 pid 565): ubifs_check_node: bad node length 263218
UBIFS error (ubi0:0 pid 565): ubifs_check_node: bad node at LEB 1134:884736
    magic          0x6101831
    crc            0x87f8e43e
    node_type      1 (data node)
    group_type     128 (unknown)
    sqnum          1378685144455
    len            263218
    key            (4194457, xentry, 0x00205e)
    size           335548416
    compr_typ      1344
    data size      263170
    data:
    00000000: d6 c1 c7 35 d4 a1 e1 f2 c1 d0 ef 02 7e 99 b9 63 4f 17 43 76 22 8a 8d f7 1e d1 49 19 d3 0b a3 60
    [trimmed]
    00025fa0: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
Unable to handle kernel paging request at virtual address f0ca1000
pgd = d0d14000
[f0ca1000] *pgd=86155811, *pte=00000000, *ppte=00000000
Internal error: Oops - BUG: 7 [#1] PREEMPT SMP ARM
Modules linked in:
CPU: 0 PID: 565 Comm: mount Not tainted 4.4.0 #1
Hardware name: BRCM XGS iProc
task: e51c2600 ti: d0c2c000 task.ti: d0c2c000
PC is at hex_dump_to_buffer+0x158/0x4d0
LR is at 0xd0c2db9a
pc : [<c0225670>]    lr : [<d0c2db9a>]    psr: 20000213
sp : d0c2db00  ip : 00000034  fp : d0c2db4c
r10: 00000020  r9 : c0432298  r8 : 00000020
r7 : f0ca0fff  r6 : 00000010  r5 : 00000066  r4 : 00000083
r3 : 00000066  r2 : 00000030  r1 : 00000032  r0 : 00000031
Flags: nzCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment none
Control: 12c5387d  Table: 71d14059  DAC: 00000051
Process mount (pid: 565, stack limit = 0xd0c2c190)
Stack: (0xd0c2db00 to 0xd0c2e000)
db00: c0066134 c0065a4c 00000001 f0ca0ff0 00000061 00000000 00000020 00000020
[trimmed]
dfe0: b6e2d071 beab4a18 00051149 b6e2d078 80000230 beab4f18 00000000 00000000
Backtrace:
[<c0225518>] (hex_dump_to_buffer) from [<c0225a8c>] (print_hex_dump+0xa4/0x118)
[<c02259e8>] (print_hex_dump) from [<c01ca444>] (ubifs_dump_node+0x97c/0xbe0)
[<c01c9ac8>] (ubifs_dump_node) from [<c01a8224>] (ubifs_check_node+0x1c0/0x308)
[<c01a8064>] (ubifs_check_node) from [<c01af8e4>] (ubifs_scan_a_node+0xd0/0x1f4)
[<c01af814>] (ubifs_scan_a_node) from [<c01c1f80>] (ubifs_recover_leb+0x578/0x7e0)
[<c01c1a08>] (ubifs_recover_leb) from [<c01b11f0>] (ubifs_replay_journal+0xdd0/0x1540)
[<c01b0420>] (ubifs_replay_journal) from [<c01a5adc>] (ubifs_mount+0x1190/0x192c)
[<c01a494c>] (ubifs_mount) from [<c00d9bdc>] (mount_fs+0x14/0x40)
[<c00d9bc8>] (mount_fs) from [<c00f1bf4>] (vfs_kern_mount+0x50/0xf8)
[<c00f1ba4>] (vfs_kern_mount) from [<c00f4cc4>] (do_mount+0x1a8/0xc40)
[<c00f4b1c>] (do_mount) from [<c00f5acc>] (SyS_mount+0x7c/0xa8)
[<c00f5a50>] (SyS_mount) from [<c000a4a0>] (ret_fast_syscall+0x0/0x3c)
Code: 02a0cee5 cf00000a 010054e1 d100003a (0130f7e5)
[BrcdSoftlockup]: BUG: soft lockup - CPU#0 stuck for 524s! [mount:565]
---[ end trace a6e623cfc8e5011c ]---
note: mount[565] exited with preempt_count 1
Segmentation fault

Mounting Config partition failed, non-recoverable file system corruption
Reformatting the flash, please download config and keys again ...

ubidetach: error!: cannot detach mtd2
           error 16 (Device or resource busy)
ubiformat: error!: please, first detach mtd2 (/dev/mtd2) from ubi0
Formatting Doneubi0 error: ubi_attach_mtd_dev: mtd2 is already attached to ubi0

ubiattach: error!: cannot attach mtd2
           error 17 (File exists)
ubimkvol: error!: UBI device does not have free logical erasebloubi1: attaching mtd3
cks
!!!ERROR:ubimkvol failed for config partition
ubi1: scanning is finished
ubi1: attached mtd3 (name "resources", size 512 MiB)
ubi1: PEB size: 1048576 bytes (1024 KiB), LEB size: 1040384 bytes
ubi1: min./max. I/O unit sizes: 4096/4096, sub-page size 4096
ubi1: VID header offset: 4096 (aligned 4096), data offset: 8192
ubi1: good PEBs: 504, bad PEBs: 8, corrupted PEBs: 0
ubi1: user volume: 1, internal volumes: 1, max. volumes count: 128
ubi1: max/mean erase counter: 1/0, WL threshold: 4096, image sequence number: 677597375
ubi1: available PEBs: 0, total reserved PEBs: 504, PEBs reserved for bad PEB handling: 32
ubi1: background thread "ubi_bgt1d" started, PID 582
UBIFS (ubi1:0): background thread "ubifs_bgt1_0" started, PID 586
UBIFS (ubi1:0): recovery needed
UBIFS (ubi1:0): recovery completed
UBIFS (ubi1:0): UBIFS: mounted UBI device 1, volume 0, name "resources"
UBIFS (ubi1:0): LEB size: 1040384 bytes (1016 KiB), min./max. I/O unit sizes: 4096 bytes/4096 bytes
UBIFS (ubi1:0): FS size: 476495872 bytes (454 MiB, 458 LEBs), journal size 23928832 bytes (22 MiB, 23 LEBs)
UBIFS (ubi1:0): reserved for root: 4952683 bytes (4836 KiB)
UBIFS (ubi1:0): media format: w4/r0 (latest is w4/r0), UUID 8068C335-3096-4AA2-983E-4659B278DEBA, small LPT model
UBIFS (ubi1:0): full atime support is enabled.
Resource partition is mounted!!
Restore is Done
Kernel crashdump is disabled.
Backup is fine
dma_mem_base: 0x96000000, dma_mem_len: 0x8000000, warm_mem_base: 0x9f500000, warm_mem_len: 0xb00000
Creating TUN device
Starting TPM Infra
Group tss and User tss created
kernel.hostname = localhost
hostname set to localhost
Starting TCSD Daemon
TCSD Up and Running
Enabling time stamp.
Starting the FastIron.
USER=root
HOME=/
GCOV_PREFIX=/fast_iron
ethaddr=78:a6:e1:2e:48:29?
TERM=vt102
PATH=/sbin:/usr/sbin:/bin:/usr/bin
crashkernel=64M@0x70000000
ip=192.168.0.210:192.168.0.14::255.255.255.0:MN:eth0:off
SHELL=/bin/sh
PWD=/
i2c-0    i2c          Broadcom iProc I2C adapter          I2C adapter    2
i2c-1    i2c          Broadcom iProc I2C adapter          I2C adapter    2
!!!WARNING: Unable to read Filesystem information!!!
Total no. of blocks in FS = 0
Total no. of free blocks = 0
FIPS Disabled:PORT NOT DISABLED
platform type 90
OS>
Loaded Image SPR08080e from Pri Built on (UTC): Tue Apr  9 10:25:33 2019
Enabling Console Logging
flash_file=0.
Upgrade from pre 8.0.80 image. Dual mode to VLAN config upgrade needed

Hotplugger Daemon Initialized ..
External USB disk is not mounted or plugged in.
set_board_level: gi_board_type = 116[  628.362222] linux-kernel-bde: map phys range 0x3200000-0x3240000 to 0xb0d09000-0xb0d49000
[  628.544467] linux-kernel-bde: map phys range 0x88100000-0x90100000 to 0xa8c00000-0xb0c00000
DMA pool size: 134217728
PHY Reset De-asserted

sw_pp_sdk_init:137 ToR init

SOC unit 0 attached to PCI device BCM56160_B0
Firmware version from File: 2.1.1
Pre Parsing Config Data ...


Done with Pre-allocating nexthop id's for Unicast & Openflow
 
  • Like
Reactions: am45931472

LodeRunner

Member
Apr 27, 2019
49
26
18
I took a leap and issued nand erase.chip in uboot, then reloaded uboot, primary, and seconday images from my tftp server and got a clean startup.
 

LodeRunner

Member
Apr 27, 2019
49
26
18
All right, next issue. Unsure if this is doing more than spamming the console, but this command fails:
ICX7150-C12 Router#dm verify-device-certs
Commencing sanity check for device certs ...
Verifying TPM files ...
Failed: Check TCSD_PS Files

And the console is being spammed with Info: Device Key or Cert file is not available

My Google skills are apparently deficient for this issue.
 

LodeRunner

Member
Apr 27, 2019
49
26
18
Awesome, thanks. Saw those commands in your hidden commands list, but was unsure if I could just generate my own RSA stuff and load it it.

Edit:
Looks like those commands won't do that. The rsa key/cert parameters are for key based scp between devices or an scp server apparently. Found over on SmartZone troubleshooting:

So on a 7150, if the TPM or the device cert/key get munged, it requires an RMA. Unless there's a way into the TPM via Linux or uBoot.

I have Linux access on this unit if anyone wants me to try anything, or has a working one and can export key and cert (probably not, kinda the thing a TPM is meant to prevent, isn't it?).

My other 7150 came up with no issues post PSU replacement and has replaced a Cisco SG300-10 that I was using in my office; it had a password on Linux that was not the default root. It also let me ditch 2 POE injectors for my UniFI AP's, so that's nice too. Seriously looking into R610 or R710s to replace them due to several neighbors with very noisy APs that sit on overlapping channels at maximum power.

Edit 2: Interestingly, after updating the unit to 8080e, Linux requires a password and it's not the root password in the guides. Initially, I had loaded 8060 after erasing the NAND.
 
Last edited:

fohdeesha

Kaini Industries
Nov 20, 2016
1,906
1,713
113
29
fohdeesha.com
interesting, since you only zero'd the flash the TPM contents should still be good. I have a feeling this is a case of an undocumented command or linux script somewhere that needs to be executed but it could take some digging to find it. I highly doubt they're throwing RMAs with this issue in the trash and replacing the unit

also the root pass is wYbRaMWrYIJgg - just checked the 8080e binary - this is what is listed in the guide as well, which root pass were you trying?
 

fohdeesha

Kaini Industries
Nov 20, 2016
1,906
1,713
113
29
fohdeesha.com
any way you can provide me remote access to the serial port? found a couple TPM things I'd like to try - only 7xxx series stuff I have here is non TPM
 

LodeRunner

Member
Apr 27, 2019
49
26
18
any way you can provide me remote access to the serial port? found a couple TPM things I'd like to try - only 7xxx series stuff I have here is non TPM
Sent you a DM.

I used that root password, I wonder if it was not pasting properly? I have not had issues pasting anything else in via PuTTY, but I did not try manually keying it.

I have a suspicion, which I can test later, that enabling authentication on the switch locks down the Linux side somehow? With the NAND erased and the system restored to v8060, it boots right to Linux with no password.
 

Loto_Bak

New Member
Mar 10, 2011
24
12
3
Does anyone have a design or a link to a design for 3D printed rack mount ears for the ICX 6450?
Please and Thank you,
Matt
I made one but as others have mentioned it will not support the switch's weight.
I have most of the weight sitting on a couple ears mounted under my desk from a print on thingiverse.

Also the holes are slightly small for the screws into the switch.
The screws will tap a thread in the print if you don't enlarge them.
 

Attachments

jzeus

New Member
Jan 22, 2017
19
4
3
interesting, since you only zero'd the flash the TPM contents should still be good. I have a feeling this is a case of an undocumented command or linux script somewhere that needs to be executed but it could take some digging to find it. I highly doubt they're throwing RMAs with this issue in the trash and replacing the unit

also the root pass is wYbRaMWrYIJgg - just checked the 8080e binary - this is what is listed in the guide as well, which root pass were you trying?
That was a DES encrypted password with salt.

openssl passwd --crypt --salt=wY --stdin <pswd

where pswd contains the default barcode password, see attached file.brocade_root.png
 
  • Like
Reactions: klui

jzeus

New Member
Jan 22, 2017
19
4
3
That password worked, thanks!
The cert and keys are stored in a ubifs volume mounted as /opt

mount -t ubifs -o sync ubi1:resources /opt

I got this from a bad update:

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Resources partition is factory-corrupted! Formatting!!
Formatting will destroy all the certificates and licenses!!
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

printed from /etc/preinit.sh .

All tpm stuff is in /opt/tpm:
/opt/tpm/system.data
/opt/tpm/bkp-mfg-system.data
/opt/tpm/mfg-wrapped-key.pem
/opt/tpm/mfg-md5sum.txt
/opt/tpm/mfg-cert.pem
/opt/tpm/mfg-key.pem