Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)
- Thread starter fohdeesha
- Start date
Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
Running config is here -> m4r1k/nfvi_lab
Tomorrow I'll share the system logs (but there is literally nothing)
Yes, I was directly connected to the mgmt port and also to various 10 and 40 Gbps ports.
Nothing in between (besides the switch).
Any network communication (ICMP, TCP, UDP, GRE etc) going through the switch has delay and packet drop.
This applies to the VE interfaces and anything attached to it (1, 10, and 40Gbps).
To be clear, until last week there wasn't any issue with the Switch.
Earlier today I opened it up and it looks all good: no dust and nothing looks burn down.
The main CPU in the middle was extremely hot tho, much hotter than what reported by the sensors (50-ish C)
Sorry I missed that you had the running-config linked already.
Th pasted ping shows the packet delays when pinging the switch. In your latest post, you say it happens to any traffic going through the switch (i.e. edge device to edge device). If the latter is true, than there may be an issue. If pings between edge devices are not experiencing this issue, than it is likely normal. Traffic sent to the switch itself is shunted to the management CPU and given low priority. The pings you see are higher than I've seen thus far on my setup, however I'm not sure how loaded up your switch is with traffic.
Th pasted ping shows the packet delays when pinging the switch. In your latest post, you say it happens to any traffic going through the switch (i.e. edge device to edge device). If the latter is true, than there may be an issue. If pings between edge devices are not experiencing this issue, than it is likely normal. Traffic sent to the switch itself is shunted to the management CPU and given low priority. The pings you see are higher than I've seen thus far on my setup, however I'm not sure how loaded up your switch is with traffic.
Sorry I missed this, this last year was bonkers and I didn't get to play with the switch at all after I got it!Digging up this old post from 9 months ago...
@EngineerNate Did that cable work? Also, are we able to assign individual ports on the rear module to systems? Ashamed to say I actually dug through your user history and rear all of your posts since that one above. Didn't see any follow-up.
Looks like fodeesha answered the question for me though. Shame it doesn't have that flexibility, though with the 4x10g modules being so cheap it's not a huge loss.
Hi,
I'm looking for a L3 switch and have been told to have a look at Brocade ICX. I'm interested in an ICX7250-48p for my homelab.
As I do need SFP+ 10Gb ports, I would like to have all the eight ports available with 10Gb. I used Mr. Google and saw an item ' 8X10G-LIC-POD' that I have to use. Is this the way to go - seems to be quite expensive...
Searching the forum for this item the result was '0'...
I'm sorry for this newbie question but I'm new to this and would like to get the correct switch...
Happy Easter!
Tom
I'm looking for a L3 switch and have been told to have a look at Brocade ICX. I'm interested in an ICX7250-48p for my homelab.
As I do need SFP+ 10Gb ports, I would like to have all the eight ports available with 10Gb. I used Mr. Google and saw an item ' 8X10G-LIC-POD' that I have to use. Is this the way to go - seems to be quite expensive...
Searching the forum for this item the result was '0'...
I'm sorry for this newbie question but I'm new to this and would like to get the correct switch...
Happy Easter!
Tom
First post in this thread has all the info you need.Hi,
I'm looking for a L3 switch and have been told to have a look at Brocade ICX. I'm interested in an ICX7250-48p for my homelab.
As I do need SFP+ 10Gb ports, I would like to have all the eight ports available with 10Gb. I used Mr. Google and saw an item ' 8X10G-LIC-POD' that I have to use. Is this the way to go - seems to be quite expensive...
Searching the forum for this item the result was '0'...
I'm sorry for this newbie question but I'm new to this and would like to get the correct switch...
Happy Easter!
Tom
Hi EngineerNate,
I read the first post already. This is why I decided to go for the ICX-7250-48p.
Reading:
...
medium beef
24/48 1gbE copper (PoE available)
8x 10gbE SFP+
...
I would expect all eight ports to run at 10Gb.
According to the datasheet the ports are upgradable... OK, there seems to be a way 1Gb->10Gb.
Searching for an offer at Ebay I saw something like 'ICX7250-48P-2X10G' or within the description '... ALSO HAVE 3 THAT HAVE THE CX7250-48P-8X10G-LIC-POD FOR $1300 EACH'. I haven't found an offer 'ICX7250-48P-8x10Gb'.
I just want to be sure to have all 8 ports at 10Gb. If I have to buy some specific device (Ebay description!?) I would like to know before I place an order.
Thank you!
Tom
Under the 7250 section click the link for the post with detailed info, it has a series of commands that will full license the switch for free.
all 8 sfp+ ports are 10g. Follow the guide and all will be available to you without additional purchase.
Search for "57-0000075-01" on eBay. They're Brocade 10G SR modules for around $10. Base price could be lower but you'd need to pay shipping in those cases.
I took @datanet's advice and got some 40G transceivers for $10. https://forums.servethehome.com/index.php?threads/mto-questions.31800/post-298142
Thanks. You have these with cable included, do they work?
Cisco Twinax SFP-H10GB-CU5M 37-0961-03 SFP+ 5M DAC Networking Cable Switch 10GB | eBay
Cisco Twinax SFP-H10GB-CU5M 37-0961-03 SFP+ 5M DAC Networking Cable Switch 10GB | Computers/Tablets & Networking, Computer Cables & Connectors, Networking Cables & Adapters | eBay!
www.benl.ebay.be
I don't have these specific passive copper direct attached cables. DACs are different from transceiver + fiber cables. You won't be able to get temperature, power readings, etc. from DACs.Thanks. You have these with cable included, do they work?
Cisco Twinax SFP-H10GB-CU5M 37-0961-03 SFP+ 5M DAC Networking Cable Switch 10GB | eBay
Cisco Twinax SFP-H10GB-CU5M 37-0961-03 SFP+ 5M DAC Networking Cable Switch 10GB | Computers/Tablets & Networking, Computer Cables & Connectors, Networking Cables & Adapters | eBay!www.benl.ebay.be
Hi
I am having troubles getting the computers on my VLAN's to be able to access the internet through my 6450. I can ping google and my firewall from the CLI on the 6450, but am unable to ping from any computer on my network (google or even my firewall).
I have been trying all day to get this to work. looked thru this forum and can not seem to find anything that says why I am unable to get this to work. I have included the ip route 0.0.0.0/0 192.168.1.1. below is the basic topology
ISP---- DSL modem--------- Watchguard firewall(192.168.1.1)-----------(192.168.1.250, 1/1/48)ICX 6450(1/1/4, VLAN5)--------(192.168.5.4)computer
Below is my config. and I also put the show IP route at the end. I have my firewall pluged into 1/1/48 and my computer into 1/1/4 with a IP of 192.168.5.4
from my computer I can ping 192.168.5.1, 192.168.1.250, but am not able to ping 192.168.1.1. but yet the switch can thru its CLI. I dont understand.
Can anyone help me with this?
Thanks
Current configuration:
!
ver 08.0.30uT313
!
stack unit 1
module 1 icx6450-48p-poe-port-management-module
module 2 icx6450-sfp-plus-4port-40g-module
priority 128
stack-port 1/2/1 1/2/3
stack unit 2
module 1 icx6450-48p-poe-port-management-module
module 2 icx6450-sfp-plus-4port-40g-module
priority 128
stack-port 2/2/1 2/2/3
stack enable
!
global-stp
!
!
!
vlan 1 name DEFAULT-VLAN by port
spanning-tree
!
vlan 2 name RMD by port
untagged ethe 1/1/1 ethe 1/1/7 to 1/1/47 ethe 2/1/1 to 2/1/48
spanning-tree 802-1w
spanning-tree 802-1w priority 1
!
vlan 5 name management by port
untagged ethe 1/1/4
router-interface ve 5
spanning-tree 802-1w
spanning-tree 802-1w priority 1
!
vlan 9 by port
untagged ethe 1/1/48
router-interface ve 9
!
vlan 10 name Voice by port
untagged ethe 1/1/2
spanning-tree 802-1w
spanning-tree 802-1w priority 1
!
!
!
!
!
aaa authentication web-server default local
aaa authentication enable default local
aaa authentication login default local
enable aaa console
ip dhcp-client disable
ip dns server-address 192.168.1.110 192.168.1.1
ip route 0.0.0.0/0 192.168.1.1
!
no telnet server
username root password .....
!
!
!
!
ntp
!
!
hitless-failover enable
!
!
!
interface ve 5
ip address 192.168.5.1 255.255.255.0
!
interface ve 9
ip address 192.168.1.250 255.255.255.0
!
!
!
!
!
!
!
!
!
end
1 0.0.0.0/0 192.168.1.1 ve 9 1/1 S 12m3s
2 192.168.1.0/24 DIRECT ve 9 0/0 D 12m5s
3 192.168.5.0/24 DIRECT ve 5 0/0 D 11m55s
I am having troubles getting the computers on my VLAN's to be able to access the internet through my 6450. I can ping google and my firewall from the CLI on the 6450, but am unable to ping from any computer on my network (google or even my firewall).
I have been trying all day to get this to work. looked thru this forum and can not seem to find anything that says why I am unable to get this to work. I have included the ip route 0.0.0.0/0 192.168.1.1. below is the basic topology
ISP---- DSL modem--------- Watchguard firewall(192.168.1.1)-----------(192.168.1.250, 1/1/48)ICX 6450(1/1/4, VLAN5)--------(192.168.5.4)computer
Below is my config. and I also put the show IP route at the end. I have my firewall pluged into 1/1/48 and my computer into 1/1/4 with a IP of 192.168.5.4
from my computer I can ping 192.168.5.1, 192.168.1.250, but am not able to ping 192.168.1.1. but yet the switch can thru its CLI. I dont understand.
Can anyone help me with this?
Thanks
Current configuration:
!
ver 08.0.30uT313
!
stack unit 1
module 1 icx6450-48p-poe-port-management-module
module 2 icx6450-sfp-plus-4port-40g-module
priority 128
stack-port 1/2/1 1/2/3
stack unit 2
module 1 icx6450-48p-poe-port-management-module
module 2 icx6450-sfp-plus-4port-40g-module
priority 128
stack-port 2/2/1 2/2/3
stack enable
!
global-stp
!
!
!
vlan 1 name DEFAULT-VLAN by port
spanning-tree
!
vlan 2 name RMD by port
untagged ethe 1/1/1 ethe 1/1/7 to 1/1/47 ethe 2/1/1 to 2/1/48
spanning-tree 802-1w
spanning-tree 802-1w priority 1
!
vlan 5 name management by port
untagged ethe 1/1/4
router-interface ve 5
spanning-tree 802-1w
spanning-tree 802-1w priority 1
!
vlan 9 by port
untagged ethe 1/1/48
router-interface ve 9
!
vlan 10 name Voice by port
untagged ethe 1/1/2
spanning-tree 802-1w
spanning-tree 802-1w priority 1
!
!
!
!
!
aaa authentication web-server default local
aaa authentication enable default local
aaa authentication login default local
enable aaa console
ip dhcp-client disable
ip dns server-address 192.168.1.110 192.168.1.1
ip route 0.0.0.0/0 192.168.1.1
!
no telnet server
username root password .....
!
!
!
!
ntp
!
!
hitless-failover enable
!
!
!
interface ve 5
ip address 192.168.5.1 255.255.255.0
!
interface ve 9
ip address 192.168.1.250 255.255.255.0
!
!
!
!
!
!
!
!
!
end
1 0.0.0.0/0 192.168.1.1 ve 9 1/1 S 12m3s
2 192.168.1.0/24 DIRECT ve 9 0/0 D 12m5s
3 192.168.5.0/24 DIRECT ve 5 0/0 D 11m55s
Your firewall doesn't have a static route back to 192.168.5.x.
When you ping the firewall from the switch CLI, you're on the same subnet as the firewall, so no specific route needed on the firewall. When you ping it from that .5.x computer....
computer (.5.x) --> switch-->firewall-->firewall goes...how the hell do I send a response back to .5.4?? I don't know where it is!
When you ping the firewall from the switch CLI, you're on the same subnet as the firewall, so no specific route needed on the firewall. When you ping it from that .5.x computer....
computer (.5.x) --> switch-->firewall-->firewall goes...how the hell do I send a response back to .5.4?? I don't know where it is!
There might also be an issue with NAT on your firewall. I know this is an issue with pfSense.OPNSense where you have to manually adjust NAT settings.
It would be to connect the switch (6450) to a NAS over a short distance, so not sure if fiber is needed.
My understanding is that copper is fine for short distances.
The options are very confusing.
Looking for 57-0000075-01, I find these for €15:
BROCADE 57 0000075 01 10GB SHORT WAVE SFP OPTICAL TRANCEIVER | eBay
Vind fantastische aanbiedingen voor BROCADE 57 0000075 01 10GB SHORT WAVE SFP OPTICAL TRANCEIVER. Winkel met vertrouwen.
www.benl.ebay.be
EXTREME NETWORKS / BROCADE 57-0000075-01 | eBay
EXTREME NETWORKS / BROCADE 57-0000075-01 | Computer, Tablets & Netzwerk, Firmennetzwerke & Server, Switches & Hubs | eBay!
www.benl.ebay.be
This doesn't make any sense to me...
Hey there!
Apologies for the late answer, in such shape my lab didn't really work, and setting something custom up takes time.
tl;dr is weird without ANY change, this morning re-applying my config (same as the one on GitHub) the issue is essentially gone (well, I of course upgraded to the latest firmware but two days ago the situation was unable)
I also created a much simpler setup: two 10Gbps interfaces of two different R630 in the same vlan, ping between the two and no drop nor delay whatsoever.
Should I take that the switch is about to die?
See below the system logs
Code:
#show logging
Syslog logging: enabled ( 0 messages dropped, 0 flushes, 0 overruns)
Buffer logging: level ACDMEINW, 58 messages logged
level code: A=alert C=critical D=debugging M=emergency E=error
I=informational N=notification W=warning
Static Log Buffer:
Apr 5 13:55:24:I:System: Stack unit 1 Power supply 1 is up
Apr 5 13:55:24:I:System: Stack unit 1 Power supply 2 is up
Dynamic Log Buffer (1000 lines):
Apr 5 13:58:51:I:Security: SSH login by un-authenticated SSH user from src IP 192.168.178.68 from src MAC 3023.03e2.2a39 to PRIVILEGED EXEC mode using RSA as Server Host Key.
Apr 5 13:58:50:I:Security: SSH login by un-authenticated SSH user from src IP 192.168.178.68 from src MAC 3023.03e2.2a39 to USER EXEC mode using RSA as Server Host Key.
Apr 5 13:57:44:I:NTP: System clock is synchronized to 82.161.139.11.
Apr 5 13:56:35:I:Security: Time is updated by NTP server "82.161.139.11" from "01:00:00.000 GMT+01 Mon Jan 01 1900 " to "13:56:35.499 GMT+01 Mon Apr 05 2021 "
Apr 5 13:55:30:I:System: Interface ethernet 1/1/5, state up
Apr 5 13:55:27:I:System: Interface ethernet 1/1/5, state down
Apr 5 13:55:27:I:System: Interface ethernet 1/1/14, state up
Apr 5 13:55:27:I:System: Logical link on dynamic lag interface ethernet 1/1/16 is force-up.
Apr 5 13:55:27:I:System: Logical link on dynamic lag interface ethernet 1/1/16 is up.
Apr 5 13:55:27:I:System: Interface ethernet 1/1/16, state up
Apr 5 13:55:26:I:System: Interface ethernet 1/1/13, state up
Apr 5 13:55:26:I:System: Logical link on dynamic lag interface ethernet 1/1/15 is force-up.
Apr 5 13:55:26:I:System: Logical link on dynamic lag interface ethernet 1/1/15 is up.
Apr 5 13:55:26:I:System: Interface ethernet 1/1/15, state up
Apr 5 13:55:26:I:System: Interface ethernet 1/1/5, state up
Apr 5 13:55:26:I:System: Logical link on dynamic lag interface ethernet 1/3/8 is up.
Apr 5 13:55:26:I:System: Interface ethernet 1/3/8, state up
Apr 5 13:55:26:I:System: Logical link on dynamic lag interface ethernet 1/3/7 is up.
Apr 5 13:55:26:I:System: Interface ve 140, state up
Apr 5 13:55:26:I:System: Interface ve 130, state up
Apr 5 13:55:26:I:System: Interface ve 120, state up
Apr 5 13:55:26:I:System: Interface ve 110, state up
Apr 5 13:55:26:I:System: Interface ve 100, state up
Apr 5 13:55:25:I:Trunk: Group (1/3/7, 1/3/8) created by 802.3ad link-aggregation module.
Apr 5 13:55:25:I:System: dynamic lag 30, has new peer info (priority=65535,id=e443.4b44.5b2e,key=15) (N/A)
Apr 5 13:55:25:I:System: Interface ethernet 1/1/7, state up
Apr 5 13:55:25:I:System: Interface ethernet 1/1/4, state up
Apr 5 13:55:25:I:System: Interface ethernet 1/1/6, state up
Apr 5 13:55:25:I:System: Interface ethernet 1/1/2, state up
Apr 5 13:55:24:I:System: Stack unit 1 Power supply 2 is up
Apr 5 13:55:24:I:System: Stack unit 1 Power supply 1 is up
Apr 5 13:55:24:I:System: Interface ethernet 1/1/1, state up
Apr 5 13:55:24:I:System: Interface ve 178, state up
Apr 5 13:55:23:I:System: Logical link on force-up dynamic lag interface ethernet 1/3/7 is back to LACP control.
Apr 5 13:55:23:I:System: Interface ve 178, state down
Apr 5 13:55:23:I:System: Interface ve 140, state down
Apr 5 13:55:23:I:System: Interface ve 130, state down
Apr 5 13:55:23:I:System: Interface ve 120, state down
Apr 5 13:55:23:I:System: Interface ve 110, state down
Apr 5 13:55:23:I:System: Interface ve 100, state down
Apr 5 13:55:23:I:System: Logical link on dynamic lag interface ethernet 1/3/7 is force-up.
Apr 5 13:55:23:I:System: Logical link on dynamic lag interface ethernet 1/3/7 is up.
Apr 5 13:55:23:I:System: Interface ethernet 1/3/7, state up
Apr 5 13:55:23:I:System: Interface ve 178, state up
Apr 5 13:55:23:I:System: Interface ve 140, state up
Apr 5 13:55:23:I:System: Interface ve 130, state up
Apr 5 13:55:23:I:System: Interface ve 120, state up
Apr 5 13:55:23:I:System: Interface ve 110, state up
Apr 5 13:55:23:I:System: Interface ve 100, state up
Apr 5 13:55:23:I:System: Warm start
Apr 5 13:55:00:I:System: Port init success Stack unit 1 Port 1/2/1 Lane 0 T 0 R 0 Type 0: 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x000
Apr 5 13:52:28:I:DHCPC: protocol disabled by user
Apr 5 13:52:28:I:NTP: client association is mobilized for 129.250.35.250.
Apr 5 13:52:28:I:NTP: client association is mobilized for 82.161.139.11.
Apr 5 13:52:28:I:NTP: client association is mobilized for 213.109.127.82.
Apr 5 13:52:28:I:NTP: The system clock is not synchronized to any time source.
Apr 5 13:52:28:I:NTP: client association is mobilized for 95.211.160.148.
Apr 5 13:52:28:I:NTP: The system clock is not synchronized and does not have a reference configured.