Drag to reposition cover

Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

rootwyrm

Member
Mar 25, 2017
48
59
18
www.rootwyrm.com
Thank you!

So you'd recommend getting a icx 7xxx model if we want to have ipv6 working as intended?
The only one I can get for an acceptable price is the 7450, but from previous posts it appears to be even more noisy than the 6610.
Pretty much you are going to have to get an ICX 7000 series if you want to do any sort of SLAAC or dynamic addressing on it. The 6000's can, as I mentioned, do IPv6 BGP and OSPF fine. They can do static routing fine. They can even do router advertisements fine (use the raguard statement, etc.) But that's all they can do because that's what we had.

There's some low-cost 7250's out there, but they're not from major resellers. I wouldn't expect to see prices on the 7000's to drop quickly, because they're current supportable models.
 

Fallen Kell

Member
Mar 10, 2020
45
13
8
So I can't seem to find this in the thread (but it probably is), I have been trying and failing to configure a port that uses a default VLAN (even just vlan 1) but can also access other VLANs via tagging.

The moment I add a tagged VLAN to the port I loose access to the device connected to the port on the default vlan, even though the untagged vlan is still configured to vlan 1.

The use case is attempting to connect to a wifi router/access point which has multiple VAPs and VLANs configured on it and accessing it over a SFP+ interface. The SFP+ works fine when I just have the port set as untagged (but I can not reach the other VLANs obviously). Yes it could be an issue with that device, but I should still at least have access to the default VLAN after adding the other tagged VLANs using the untagged VLAN.

My switch is a 6610.
 
Last edited:

pod

New Member
Mar 31, 2020
15
6
3
So I can't seem to find this in the thread (but it probably is), I have been trying and failing to configure a port that uses a default VLAN (even just vlan 1) but can also access other VLANs via tagging.

The moment I add a tagged VLAN to the port I loose access to the device connected to the port on the default vlan, even though the untagged vlan is still configured to vlan 1.

The use case is attempting to connect to a wifi router/access point which has multiple VAPs and VLANs configured on it and accessing it over a SFP+ interface. The SFP+ works fine when I just have the port set as untagged (but I can not reach the other VLANs obviously). Yes it could be an issue with that device, but I should still at least have access to the default VLAN after adding the other tagged VLANs using the untagged VLAN.

My switch is a 6610.
Seems you're looking for dual mode or dual-mode. Search forum for same.
 
  • Like
Reactions: fohdeesha

Fallen Kell

Member
Mar 10, 2020
45
13
8
Thanks. That looks like it is what I am missing (at least from documentation). I probably won't be able to try it out until next weekend when I get a couple hours to possibly break/bring down my current network.
 

fohdeesha

Kaini Industries
Nov 20, 2016
2,271
2,341
113
30
fohdeesha.com
vlan 20
tag e 1/1/1

int e 1/1/1
dual-mode 1
# "1" is the vlan you want untagged traffic to be. if you want untagged traffic on this port to be assigned to vlan 12, it'd be
dual-mode 12
 
  • Like
Reactions: tommybackeast

rootwyrm

Member
Mar 25, 2017
48
59
18
www.rootwyrm.com
By the way, I forgot to link this for folks who want to do IPv6 on 08.0.30: Arris guide on using IPv6 raguard in L2/L3 environments.

And yes, I know it seems to imply that 08.0.30 and below are more IPv6 aware, but I assure you, router advertisements and stateless are still not actually in there. raguard is just layer 3 STP guarding in a sense. Inter-VLAN will still have you tromboning traffic if you're using SLAAC and RAs.
 
  • Like
Reactions: kache

safado

New Member
Aug 21, 2020
23
1
3
The revC post has me curious to know how loud the 6610 is exactly? Like compared to a Cisco 3750 POE?
 

kache

New Member
Jun 27, 2020
11
2
3
Concerning the ipv6 discussion, there is a seller in EU selling a ICX 7450 - 48p with Rev C power supplies (he confirmed that via PM).
I'm not sure if I can link to the ebay listing, so just search for feldsam-inc on ebay and you'll find it.

Me I sadly can't afford that high of a price so I'll wait until prices for 7xxx switches come a bit down and stay without ipv6 for now I think. :D

Many many thanks to rootwyrm for all the amazing explanations!
 

kapone

Well-Known Member
May 23, 2015
1,045
618
113
So I can't seem to find this in the thread (but it probably is), I have been trying and failing to configure a port that uses a default VLAN (even just vlan 1) but can also access other VLANs via tagging.

The moment I add a tagged VLAN to the port I loose access to the device connected to the port on the default vlan, even though the untagged vlan is still configured to vlan 1.

The use case is attempting to connect to a wifi router/access point which has multiple VAPs and VLANs configured on it and accessing it over a SFP+ interface. The SFP+ works fine when I just have the port set as untagged (but I can not reach the other VLANs obviously). Yes it could be an issue with that device, but I should still at least have access to the default VLAN after adding the other tagged VLANs using the untagged VLAN.

My switch is a 6610.
Having owned these (and other enterprise switches) for years, and running them in both, a business and home environment, I can almost guarantee that "dual mode" has a very edge case, in any configuration.

If you think you need dual mode, think again about your network topology. You're trying to solve a problem with a machete when it really needs a scalpel.
 

Scarlet

Member
Jul 29, 2019
63
22
8
If you think you need dual mode, think again about your network topology. You're trying to solve a problem with a machete when it really needs a scalpel.
Well, not all home users are professional network-engineers. For me there was a valid use for dual-mode. I owned a Cisco AP that used vlan 1 untagged for management and other vlans tagged for different WLAN SSIDs. I did not want to lock myself out of the AP management interface so I chose dual-mode 1 to solve my problem. Sometimes the machete works well in the hand of the user that does not know how to operate a scalpel :)
 
  • Like
Reactions: Vesalius

fohdeesha

Kaini Industries
Nov 20, 2016
2,271
2,341
113
30
fohdeesha.com
Well, not all home users are professional network-engineers. For me there was a valid use for dual-mode. I owned a Cisco AP that used vlan 1 untagged for management and other vlans tagged for different WLAN SSIDs. I did not want to lock myself out of the AP management interface so I chose dual-mode 1 to solve my problem. Sometimes the machete works well in the hand of the user that does not know how to operate a scalpel :)
sadly that's one of the edge cases he speaks of, a surprising number of equipment that supports tags, but forces "management" or some other traffic onto untagged vlan 1 at the same time. UBNT does the same thing and it's obnoxious
 

rootwyrm

Member
Mar 25, 2017
48
59
18
www.rootwyrm.com
Well, not all home users are professional network-engineers. For me there was a valid use for dual-mode. I owned a Cisco AP that used vlan 1 untagged for management and other vlans tagged for different WLAN SSIDs. I did not want to lock myself out of the AP management interface so I chose dual-mode 1 to solve my problem. Sometimes the machete works well in the hand of the user that does not know how to operate a scalpel :)
It's not just this, either. I AM a professional engineer and I can tell you as a point of fact that dual-mode is needed MUCH more frequently than it was in the past. For example, there is an IPMI/iKVM vendor where you MUST use a dual-mode analog for both the 'true' IPMI port and the shared failover port, even when the IPMI/iKVM is configured to tag traffic.
Yes, even when it's tagging the traffic.
Because the IP 'heartbeat' sense and the failover motion itself does not tag the traffic. It can't. Because the failover side cannot operate with a tagged VLAN. And if you are using the shared port on the host with certain tagging modes, the IPMI will cease to function because it sees the VLAN tag on both the active and failover and reads that as 'both hot.'
Nevermind when we get into other stuff where it's a shared port that just doesn't tag period. Or my favorite, the one that won't tag until late in the boot stage, but also drops the IP if it can't ping the gateway while not tagging. (You know, because that makes sense.) And that's not even touching on UBNT's utter incompetence.

Shitty, amateur, incompetent 'design' in "enterprise" hardware really has run rampant.
 
  • Like
Reactions: tommybackeast

Vesalius

Active Member
Nov 25, 2019
151
114
43
Those of us with Ruckus AP’s that have unleashed firmware are stuck with vlan 1 for management as well. their zone directors can change the management vlan tag, but not unleashed. I use dual-mode for those. Thinking of changing the default vlan on my 6450 so that I can prpoerly segregate management interfaces to vlan 1 given those constraints.
 

dragonian

Member
Jan 3, 2020
34
19
8
The comment about UNBT confuses me. I am able to specify a VLAN for management for my unifi aps..? I'm not using dual mode at all.
 

fohdeesha

Kaini Industries
Nov 20, 2016
2,271
2,341
113
30
fohdeesha.com
The comment about UNBT confuses me. I am able to specify a VLAN for management for my unifi aps..? I'm not using dual mode at all.
It must be new then, last time I tried it wasn't possible and there were quite a bit of complaints on their forum about it. Granted this was a couple years ago
 

gregsachs

Active Member
Aug 14, 2018
426
125
43
(Is there no way to search in a specific thread? I could not find!)
Question: I'm trying to use a couple cisco DAC cables. When I plug a cable in to my 6450, even if i plug it into two ports, i get a message "optics inserted, wait for PHY initialization", and nothing else happens.
Should I be able to loop 1/2/2 and 1/2/3 for testing, at least to get a link?