did you follow my guide on both of them to reset them to factory defaults? sounds like the second one is still configured to be a stack member. theres a blurb in the update guide about removing stack configs
Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)
- Thread starter fohdeesha
- Start date
Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
did you follow my guide on both of them to reset them to factory defaults? sounds like the second one is still configured to be a stack member. theres a blurb in the update guide about removing stack configs
Whatthe.... ?? How could one just hit with "chirurgical precision" just the SFP cages block this way?
I wouldn't buy that... not for even 10$ or so... who knows what might be broken inside and on the circuit board.
that is brilliant.. no scratches on the casing at all .. 
.. luckily you can use the backend 2x4x10G connections as well
.. luckily you can use the backend 2x4x10G connections as well
guys the SFP ports are just a little shy today
Yes, but when I enter the command "stack unconfigure clean", I get the message "This command is not available on standalone or Active Controller".
When entering "show stack" it returns:
***** Warning! stack is not enabled. *****
T=18m55.0: alone: standalone, D: dynamic cfg, S: static
ID Type Role Mac Address Pri State Comment
2 S ICX6610-48P alone xxxx.xxxx.xxxx 0 local None:0
+---+
2/1| 2 |2/6
+---+
Current stack management MAC is xxxx.xxxx.xxxx
I'm having issues getting internet access to my VLANs. I have a PFSense router and a Brocade ICX6610. The VLANs can all see each other, and the switch can ping out to google, but I can't get anything on any VLAN to see outside of my LAN.
My PFSense router is 10.0.0.1 and I've added a gateway of 10.0.0.2 for the switch, I've then added static routes for all of the VLANs on the switch (10.0.xx.0/24). The router connects to port 47 on the switch.
I'm currently using the DHCP server on the brocade and was relying on PFSense for DNS.
My PFSense router is 10.0.0.1 and I've added a gateway of 10.0.0.2 for the switch, I've then added static routes for all of the VLANs on the switch (10.0.xx.0/24). The router connects to port 47 on the switch.
I'm currently using the DHCP server on the brocade and was relying on PFSense for DNS.
Code:
Startup configuration:
!
ver 08.0.30tT7f3
!
stack unit 1
module 1 icx6610-48p-poe-port-management-module
module 2 icx6610-qsfp-10-port-160g-module
module 3 icx6610-8-port-10g-dual-mode-module
!
!
!
!
vlan 1 name TRASNIT by port
untagged ethe 1/1/47
router-interface ve 1
!
vlan 3 name DEFAULT-VLAN by port
!
vlan 10 name Servers by port
untagged ethe 1/1/25 to 1/1/32
router-interface ve 10
!
vlan 20 name Storage by port
untagged ethe 1/1/35 to 1/1/36
router-interface ve 20
!
vlan 30 name Media by port
untagged ethe 1/1/33 to 1/1/34
router-interface ve 30
!
vlan 99 name Management by port
untagged ethe 1/1/13 to 1/1/24
router-interface ve 99
!
!
!
!
!
aaa authentication web-server default local
aaa authentication enable default local
aaa authentication login default local
default-vlan-id 3
enable telnet authentication
enable aaa console
hostname switch
ip dhcp-client disable
ip dhcp-server enable
!
ip dhcp-server pool servers
dhcp-default-router 10.0.10.1
dns-server 10.0.0.1
excluded-address 10.0.10.1
lease 1 0 0
network 10.0.10.0 255.255.255.0
deploy
!
!
ip dhcp-server pool storage
dhcp-default-router 10.0.20.1
dns-server 10.0.0.1
excluded-address 10.0.20.1
lease 1 0 0
network 10.0.20.0 255.255.255.0
deploy
!
!
ip dhcp-server pool media
dhcp-default-router 10.0.30.1
dns-server 10.0.0.1
excluded-address 10.0.30.1
lease 1 0 0
network 10.0.30.0 255.255.255.0
deploy
!
!
ip dhcp-server pool management
dhcp-default-router 10.0.99.1
dns-server 10.0.0.1
excluded-address 10.0.99.1
lease 1 0 0
network 10.0.99.0 255.255.255.0
deploy
!
ip dns server-address 10.0.0.1
ip route 0.0.0.0/0 10.0.0.1
!
no telnet server
username admin password .....
snmp-server community ..... ro
!
!
clock summer-time
clock timezone gmt GMT-06
!
ntp
disable serve
server 216.239.35.0
server 216.239.35.4
!
!
web-management https
!
!
!
!
!
!
!
interface management 1
disable
!
interface ethernet 1/3/1
speed-duplex 10G-full
!
interface ethernet 1/3/2
speed-duplex 10G-full
!
interface ethernet 1/3/3
speed-duplex 10G-full
!
interface ethernet 1/3/4
speed-duplex 10G-full
!
interface ethernet 1/3/5
speed-duplex 10G-full
!
interface ethernet 1/3/6
speed-duplex 10G-full
!
interface ethernet 1/3/7
speed-duplex 10G-full
!
interface ethernet 1/3/8
speed-duplex 10G-full
!
interface ve 1
ip address 10.0.0.2 255.255.255.0
!
interface ve 10
ip address 10.0.10.1 255.255.255.0
ip helper-address 1 10.0.0.1
!
interface ve 20
ip address 10.0.20.1 255.255.255.0
ip helper-address 1 10.0.0.1
!
interface ve 30
ip address 10.0.30.1 255.255.255.0
ip helper-address 1 10.0.0.1
!
interface ve 99
ip address 10.0.99.1 255.255.255.0
ip helper-address 1 10.0.0.1
!
!
!
!
!
!
!
ip ssh password-authentication no
!
end@JacobRhea ,
Is your DHCP working right? To me it looks like it shouldn't for two reasons.....
1) Don't use the switch's DHCP server - it is non-authorative on the ICX6xxx series and this will not work with many devices. ISC's dhcpd server + BIND named for DNS is easy to configure together,, lightweight, and reliable.
2) You have your IP helper address as your pfSense. If it's using the default DHCP server, it will not work for any VLANs not configured and the DHCP server running on those VLANs - it will not work with a transport setup like you have.
Bonus tips:
3) Though it's certainly not necessary, it is common to use /30s for point-to-point links.
4) You can skip the VLAN to connect to your pfSense box and simply assign the port an IP address.
Regarding your specific issue......
5) Can you show the pfSense routing table?
6) Perhaps your DNS server is resolving AAAA (IPv6) but your devices have no global IPv6 addresses (the VEs and pfSense LAN/VLAN would need to have IPv6 addresses as well)[/code]
Is your DHCP working right? To me it looks like it shouldn't for two reasons.....
1) Don't use the switch's DHCP server - it is non-authorative on the ICX6xxx series and this will not work with many devices. ISC's dhcpd server + BIND named for DNS is easy to configure together,, lightweight, and reliable.
2) You have your IP helper address as your pfSense. If it's using the default DHCP server, it will not work for any VLANs not configured and the DHCP server running on those VLANs - it will not work with a transport setup like you have.
Bonus tips:
3) Though it's certainly not necessary, it is common to use /30s for point-to-point links.
4) You can skip the VLAN to connect to your pfSense box and simply assign the port an IP address.
Code:
int eth 1/1/47
ip address 10.0.0.2/30
route-only5) Can you show the pfSense routing table?
6) Perhaps your DNS server is resolving AAAA (IPv6) but your devices have no global IPv6 addresses (the VEs and pfSense LAN/VLAN would need to have IPv6 addresses as well)[/code]
@ArmedAviator
Here is the routing table for PFSense:
Currently, all devices connected to the switch aren't having issues getting an ip address. I know that many people have issues with IoT devices but I don't have any of those on this network currently and just figured I'd stick to using the switches DHCP until I have to setup a separate server.
Are the IP Helper addresses not necessary for this setup?
Here is the routing table for PFSense:
Code:
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default c-73-183-224-1.hsd UGS igb0
10.0.0.0/24 link#1 U em0
router link#1 UHS lo0
10.0.10.0/24 10.0.0.2 UGS em0
10.0.20.0/24 10.0.0.2 UGS em0
10.0.30.0/24 10.0.0.2 UGS em0
10.0.99.0/24 10.0.0.2 UGS em0
10.0.100.0/24 10.0.0.2 UGS em0
10.10.10.1 link#4 UH lo0
73.183.224.0/22 link#2 U igb0
c-73-183-224-186.h link#2 UHS lo0
localhost link#4 UH lo0
Internet6:
Destination Gateway Flags Netif Expire
default fe80::256:2bff:fe7 UG igb0
localhost link#4 UH lo0
fe80::256:2bff:fe7 fe80::256:2bff:fe7 UGHS igb0
fe80::%em0/64 link#1 U em0
fe80::ec4:7aff:fe0 link#1 UHS lo0
fe80::%igb0/64 link#2 U igb0
fe80::ec4:7aff:fe0 link#2 UHS lo0
fe80::%lo0/64 link#4 U lo0
fe80::1%lo0 link#4 UHS lo0Are the IP Helper addresses not necessary for this setup?
The IP helper address is used when the DHCP server is not on the same L2 network. In your case, the DHCP server is on each L2 network so no need, besides you have yours pointing to pfSense which should not also be offering DHCP leases on those VLANs since you're using the switch's DHCP server.
Your routing table looks good. You can combine them all into one if you want for simplicity and easier adding of subnets, e.g. 10.0.0.0/16.
Thinking about it, I ran into this issue before and know exactly what it is. You must add the subnets to pfSense's NAT Outbound settings. By default, it only translates the networks configured on pfSense through NAT. In this case, you need to add the subnets that is not configured on pfSense. Again, probably easiest to just do a single netmask of 10.0.0.0/16.
Your routing table looks good. You can combine them all into one if you want for simplicity and easier adding of subnets, e.g. 10.0.0.0/16.
Thinking about it, I ran into this issue before and know exactly what it is. You must add the subnets to pfSense's NAT Outbound settings. By default, it only translates the networks configured on pfSense through NAT. In this case, you need to add the subnets that is not configured on pfSense. Again, probably easiest to just do a single netmask of 10.0.0.0/16.
Change it to Manual mode and make a copy of each rule. Change the source of the copied rules to 10.0.0/16. That should fix your issue.
I tried that and still had issues, I realized I could actually ping out to google from one of the systems I was having trouble with so I went into pfSense DNS Resolver and added that vlan subnet to the access list and everything seems to be working. I'm not sure if this is the correct fix, but it works.
Thanks for checking!
I'm running FW 8080e like in your guide. Is the 8092d a newer version I should try? I didn't see any reference to it.
My switch had been up for 180 days so I did reboot it. No change sadly. I really don't see how it's not the switch, considering I don't own anything else Brocade/Ruckus. I haven't done a WireShark or anything so perhaps I'll have to try it and see.
EDIT: I changed my switch DNS to only use the pi-hole and I can see the direct hits from my main switch to the ruckus domains. It is 100% doing the DNS hits directly even though all of the sz stuff is disabled.
Rebooting the switch did clear all the junk from the sz logs. I have this now with current data only, but it doesn't look very exciting.
Code:
>show sz logs
Start i/max/iter 0/5/1
Jan 7 23:48:52:ca_stop_timer>Cancelled Timer id 0, rc=0
Jan 7 23:48:52:ca_start_timer:95912>Started timer with l/p 30000/30000 for u17, rc 0, id 167172236
Jan 7 23:48:53:ca_stop_timer>Cancelled Timer id 0, rc=41
Jan 7 23:48:53:sz_execute_state_machine>Entering with state/event: INIT/0, DISABLE/2005
Jan 7 23:48:53:sz_execute_state_machine>Exit with state/event: DISABLED/1, NONE/2000 RC: 1
End i/max/iter 5/5/0
Last edited:
A list of all FW versions you can find on the support page.
Software Downloads | Ruckus Wireless Support
What I am asking myself is if there is somewhere a simple overview if the different "branches". At least to me it looks like branches. Please correct me if this is wrong. Old and newer branches are getting maintained in parallel: 08.0.80, 08.0.90, 08.0.92, 08.0.95
Nah, I'm good. The seller refunded so I replaced with a 6610-48P. All good.Buy my shiny "new" vdx! No bashed in ports.
this is the closest you'll get but it hasn't been updated in a while Ruckus ICX Target Path Selection Guide | Technical Documents | Ruckus Wireless Support
8090 is the "recommended" train, 8092 is slightly newer but still stable in my experience, 8095 is brand new and still has issues
that's really strange, it shows as exiting the sz daemon entirely like mine does "sz_execute_state_machine>Exit with state/event" with no further logs. when it IS on, it logs each DNS request, but you don't have any such logs. it could be a bug in your version, 8092 is indeed newer but still stable, I would flash to that