Drag to reposition cover

Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.

ArmedAviator

Member
May 16, 2020
91
56
18
Kansas
@m4r1k

Paste the running-config and the log and are you pinging from a device directly connected to the switch? Is the switch being used as the primary gateway of the device doing the pinging?
 

m4r1k

Member
Nov 4, 2016
75
8
8
36
@m4r1k

Paste the running-config and the log
Running config is here -> m4r1k/nfvi_lab
Tomorrow I'll share the system logs (but there is literally nothing)

and are you pinging from a device directly connected to the switch?
Yes, I was directly connected to the mgmt port and also to various 10 and 40 Gbps ports.
Nothing in between (besides the switch).

Is the switch being used as the primary gateway of the device doing the pinging?
Any network communication (ICMP, TCP, UDP, GRE etc) going through the switch has delay and packet drop.

This applies to the VE interfaces and anything attached to it (1, 10, and 40Gbps).

To be clear, until last week there wasn't any issue with the Switch.

Earlier today I opened it up and it looks all good: no dust and nothing looks burn down.
The main CPU in the middle was extremely hot tho, much hotter than what reported by the sensors (50-ish C)
 

ArmedAviator

Member
May 16, 2020
91
56
18
Kansas
Sorry I missed that you had the running-config linked already.

Th pasted ping shows the packet delays when pinging the switch. In your latest post, you say it happens to any traffic going through the switch (i.e. edge device to edge device). If the latter is true, than there may be an issue. If pings between edge devices are not experiencing this issue, than it is likely normal. Traffic sent to the switch itself is shunted to the management CPU and given low priority. The pings you see are higher than I've seen thus far on my setup, however I'm not sure how loaded up your switch is with traffic.
 

EngineerNate

Member
Jun 3, 2017
74
17
8
36
Digging up this old post from 9 months ago...

@EngineerNate Did that cable work? Also, are we able to assign individual ports on the rear module to systems? Ashamed to say I actually dug through your user history and rear all of your posts since that one above. Didn't see any follow-up. ;)
Sorry I missed this, this last year was bonkers and I didn't get to play with the switch at all after I got it!

Looks like fodeesha answered the question for me though. Shame it doesn't have that flexibility, though with the 4x10g modules being so cheap it's not a huge loss.
 
  • Like
Reactions: eduncan911

DerTom

New Member
Mar 30, 2021
13
1
3
Hi,

I'm looking for a L3 switch and have been told to have a look at Brocade ICX. I'm interested in an ICX7250-48p for my homelab.

As I do need SFP+ 10Gb ports, I would like to have all the eight ports available with 10Gb. I used Mr. Google and saw an item ' 8X10G-LIC-POD' that I have to use. Is this the way to go - seems to be quite expensive... :cool:
Searching the forum for this item the result was '0'...

I'm sorry for this newbie question but I'm new to this and would like to get the correct switch...

Happy Easter!

Tom
 

EngineerNate

Member
Jun 3, 2017
74
17
8
36
Hi,

I'm looking for a L3 switch and have been told to have a look at Brocade ICX. I'm interested in an ICX7250-48p for my homelab.

As I do need SFP+ 10Gb ports, I would like to have all the eight ports available with 10Gb. I used Mr. Google and saw an item ' 8X10G-LIC-POD' that I have to use. Is this the way to go - seems to be quite expensive... :cool:
Searching the forum for this item the result was '0'...

I'm sorry for this newbie question but I'm new to this and would like to get the correct switch...

Happy Easter!

Tom
First post in this thread has all the info you need.
 

DerTom

New Member
Mar 30, 2021
13
1
3
First post in this thread has all the info you need.
Hi EngineerNate,

I read the first post already. This is why I decided to go for the ICX-7250-48p.

Reading:
...
medium beef
24/48 1gbE copper (PoE available)
8x 10gbE SFP+
...
I would expect all eight ports to run at 10Gb.

According to the datasheet the ports are upgradable... OK, there seems to be a way 1Gb->10Gb.

Searching for an offer at Ebay I saw something like 'ICX7250-48P-2X10G' or within the description '... ALSO HAVE 3 THAT HAVE THE CX7250-48P-8X10G-LIC-POD FOR $1300 EACH'. I haven't found an offer 'ICX7250-48P-8x10Gb'.

I just want to be sure to have all 8 ports at 10Gb. If I have to buy some specific device (Ebay description!?) I would like to know before I place an order.

Thank you!

Tom
 

Vesalius

Active Member
Nov 25, 2019
261
202
43
all 8 sfp+ ports are 10g. Follow the guide and all will be available to you without additional purchase.
I just want to be sure to have all 8 ports at 10Gb. If I have to buy some specific device (Ebay description!?) I would like to know before I place an order.

Thank you!

Tom
 
  • Like
Reactions: DerTom

Nikotine

Member
Mar 17, 2021
35
0
6
From the opening post:
Brocade switches will take any make of optics, the brand does not matter. I've been using quite a few of the $7 dollar 10gbase-SR avago/jdsu/etc modules off of ebay with no issues for a few years. However since "official" Brocade SFP+ modules have come down in price to around $8, I would recommend those as they unlock optical monitoring, so you can see link strength, module temp, etc. They will take any manner of DAC's as well. Same goes for the 40gbE QSFP+ ports on the rear of the 6610 - optics or DACs, your choice.
Where do you find these for $7??
Cheapest I can find is around $50...
 

Nikotine

Member
Mar 17, 2021
35
0
6
Search for "57-0000075-01" on eBay. They're Brocade 10G SR modules for around $10. Base price could be lower but you'd need to pay shipping in those cases.

I took @datanet's advice and got some 40G transceivers for $10. https://forums.servethehome.com/index.php?threads/mto-questions.31800/post-298142
Thanks. You have these with cable included, do they work?
 

klui

༺༻
Feb 3, 2019
977
570
93
Thanks. You have these with cable included, do they work?
I don't have these specific passive copper direct attached cables. DACs are different from transceiver + fiber cables. You won't be able to get temperature, power readings, etc. from DACs.
 

brob

New Member
Feb 3, 2021
3
0
1
Hi

I am having troubles getting the computers on my VLAN's to be able to access the internet through my 6450. I can ping google and my firewall from the CLI on the 6450, but am unable to ping from any computer on my network (google or even my firewall).

I have been trying all day to get this to work. looked thru this forum and can not seem to find anything that says why I am unable to get this to work. I have included the ip route 0.0.0.0/0 192.168.1.1. below is the basic topology


ISP---- DSL modem--------- Watchguard firewall(192.168.1.1)-----------(192.168.1.250, 1/1/48)ICX 6450(1/1/4, VLAN5)--------(192.168.5.4)computer


Below is my config. and I also put the show IP route at the end. I have my firewall pluged into 1/1/48 and my computer into 1/1/4 with a IP of 192.168.5.4


from my computer I can ping 192.168.5.1, 192.168.1.250, but am not able to ping 192.168.1.1. but yet the switch can thru its CLI. I dont understand.


Can anyone help me with this?

Thanks








Current configuration:
!
ver 08.0.30uT313
!
stack unit 1
module 1 icx6450-48p-poe-port-management-module
module 2 icx6450-sfp-plus-4port-40g-module
priority 128
stack-port 1/2/1 1/2/3
stack unit 2
module 1 icx6450-48p-poe-port-management-module
module 2 icx6450-sfp-plus-4port-40g-module
priority 128
stack-port 2/2/1 2/2/3
stack enable
!
global-stp
!
!
!
vlan 1 name DEFAULT-VLAN by port
spanning-tree
!
vlan 2 name RMD by port
untagged ethe 1/1/1 ethe 1/1/7 to 1/1/47 ethe 2/1/1 to 2/1/48
spanning-tree 802-1w
spanning-tree 802-1w priority 1
!
vlan 5 name management by port
untagged ethe 1/1/4
router-interface ve 5
spanning-tree 802-1w
spanning-tree 802-1w priority 1
!
vlan 9 by port
untagged ethe 1/1/48
router-interface ve 9
!
vlan 10 name Voice by port
untagged ethe 1/1/2
spanning-tree 802-1w
spanning-tree 802-1w priority 1
!
!
!
!
!
aaa authentication web-server default local
aaa authentication enable default local
aaa authentication login default local
enable aaa console
ip dhcp-client disable
ip dns server-address 192.168.1.110 192.168.1.1
ip route 0.0.0.0/0 192.168.1.1
!
no telnet server
username root password .....
!
!
!
!
ntp
!
!
hitless-failover enable
!
!
!
interface ve 5
ip address 192.168.5.1 255.255.255.0
!
interface ve 9
ip address 192.168.1.250 255.255.255.0
!
!
!
!
!
!
!
!
!
end


1 0.0.0.0/0 192.168.1.1 ve 9 1/1 S 12m3s
2 192.168.1.0/24 DIRECT ve 9 0/0 D 12m5s
3 192.168.5.0/24 DIRECT ve 5 0/0 D 11m55s
 

kapone

Well-Known Member
May 23, 2015
1,355
801
113
Your firewall doesn't have a static route back to 192.168.5.x.

When you ping the firewall from the switch CLI, you're on the same subnet as the firewall, so no specific route needed on the firewall. When you ping it from that .5.x computer....:)

computer (.5.x) --> switch-->firewall-->firewall goes...how the hell do I send a response back to .5.4?? I don't know where it is!
 
  • Like
Reactions: fohdeesha

brob

New Member
Feb 3, 2021
3
0
1
Thank you very much Kapone. That was the ticket!

Been doing a lot of learning on networking recently..
 

ArmedAviator

Member
May 16, 2020
91
56
18
Kansas
There might also be an issue with NAT on your firewall. I know this is an issue with pfSense.OPNSense where you have to manually adjust NAT settings.
 

Nikotine

Member
Mar 17, 2021
35
0
6
I don't have these specific passive copper direct attached cables. DACs are different from transceiver + fiber cables. You won't be able to get temperature, power readings, etc. from DACs.
It would be to connect the switch (6450) to a NAS over a short distance, so not sure if fiber is needed.
My understanding is that copper is fine for short distances.
The options are very confusing.

Looking for 57-0000075-01, I find these for €15:
Or the same for €238:

This doesn't make any sense to me...
 

m4r1k

Member
Nov 4, 2016
75
8
8
36
Sorry I missed that you had the running-config linked already.

Th pasted ping shows the packet delays when pinging the switch.
Hey there!

Apologies for the late answer, in such shape my lab didn't really work, and setting something custom up takes time.

tl;dr is weird without ANY change, this morning re-applying my config (same as the one on GitHub) the issue is essentially gone (well, I of course upgraded to the latest firmware but two days ago the situation was unable)

I also created a much simpler setup: two 10Gbps interfaces of two different R630 in the same vlan, ping between the two and no drop nor delay whatsoever.

Should I take that the switch is about to die?

In your latest post, you say it happens to any traffic going through the switch (i.e. edge device to edge device). If the latter is true, than there may be an issue. If pings between edge devices are not experiencing this issue, than it is likely normal. Traffic sent to the switch itself is shunted to the management CPU and given low priority. The pings you see are higher than I've seen thus far on my setup, however I'm not sure how loaded up your switch is with traffic.
See below the system logs
Code:
#show logging
Syslog logging: enabled ( 0 messages dropped, 0 flushes, 0 overruns)
    Buffer logging: level ACDMEINW, 58 messages logged
    level code: A=alert C=critical D=debugging M=emergency E=error
                I=informational N=notification W=warning

Static Log Buffer:
Apr  5 13:55:24:I:System: Stack unit 1   Power supply 1  is up
Apr  5 13:55:24:I:System: Stack unit 1   Power supply 2  is up

Dynamic Log Buffer (1000 lines):
Apr  5 13:58:51:I:Security: SSH login by un-authenticated SSH user from src IP 192.168.178.68 from src MAC 3023.03e2.2a39 to PRIVILEGED EXEC mode using RSA as Server Host Key.
Apr  5 13:58:50:I:Security: SSH login by un-authenticated SSH user from src IP 192.168.178.68 from src MAC 3023.03e2.2a39 to USER EXEC mode using RSA as Server Host Key.
Apr  5 13:57:44:I:NTP: System clock is synchronized to 82.161.139.11.
Apr  5 13:56:35:I:Security: Time is updated by NTP server "82.161.139.11" from  "01:00:00.000 GMT+01 Mon Jan 01 1900 " to "13:56:35.499 GMT+01 Mon Apr 05 2021 "
Apr  5 13:55:30:I:System: Interface ethernet 1/1/5, state up
Apr  5 13:55:27:I:System: Interface ethernet 1/1/5, state down
Apr  5 13:55:27:I:System: Interface ethernet 1/1/14, state up
Apr  5 13:55:27:I:System: Logical link on dynamic lag interface ethernet 1/1/16 is force-up.
Apr  5 13:55:27:I:System: Logical link on dynamic lag interface ethernet 1/1/16 is up.
Apr  5 13:55:27:I:System: Interface ethernet 1/1/16, state up
Apr  5 13:55:26:I:System: Interface ethernet 1/1/13, state up
Apr  5 13:55:26:I:System: Logical link on dynamic lag interface ethernet 1/1/15 is force-up.
Apr  5 13:55:26:I:System: Logical link on dynamic lag interface ethernet 1/1/15 is up.
Apr  5 13:55:26:I:System: Interface ethernet 1/1/15, state up
Apr  5 13:55:26:I:System: Interface ethernet 1/1/5, state up
Apr  5 13:55:26:I:System: Logical link on dynamic lag interface ethernet 1/3/8 is up.
Apr  5 13:55:26:I:System: Interface ethernet 1/3/8, state up
Apr  5 13:55:26:I:System: Logical link on dynamic lag interface ethernet 1/3/7 is up.
Apr  5 13:55:26:I:System: Interface ve 140, state up
Apr  5 13:55:26:I:System: Interface ve 130, state up
Apr  5 13:55:26:I:System: Interface ve 120, state up
Apr  5 13:55:26:I:System: Interface ve 110, state up
Apr  5 13:55:26:I:System: Interface ve 100, state up
Apr  5 13:55:25:I:Trunk: Group (1/3/7, 1/3/8) created by 802.3ad link-aggregation module.
Apr  5 13:55:25:I:System: dynamic lag 30, has new peer info (priority=65535,id=e443.4b44.5b2e,key=15) (N/A)
Apr  5 13:55:25:I:System: Interface ethernet 1/1/7, state up
Apr  5 13:55:25:I:System: Interface ethernet 1/1/4, state up
Apr  5 13:55:25:I:System: Interface ethernet 1/1/6, state up
Apr  5 13:55:25:I:System: Interface ethernet 1/1/2, state up
Apr  5 13:55:24:I:System: Stack unit 1   Power supply 2  is up
Apr  5 13:55:24:I:System: Stack unit 1   Power supply 1  is up
Apr  5 13:55:24:I:System: Interface ethernet 1/1/1, state up
Apr  5 13:55:24:I:System: Interface ve 178, state up
Apr  5 13:55:23:I:System: Logical link on force-up dynamic lag interface ethernet 1/3/7 is back to LACP control.
Apr  5 13:55:23:I:System: Interface ve 178, state down
Apr  5 13:55:23:I:System: Interface ve 140, state down
Apr  5 13:55:23:I:System: Interface ve 130, state down
Apr  5 13:55:23:I:System: Interface ve 120, state down
Apr  5 13:55:23:I:System: Interface ve 110, state down
Apr  5 13:55:23:I:System: Interface ve 100, state down
Apr  5 13:55:23:I:System: Logical link on dynamic lag interface ethernet 1/3/7 is force-up.
Apr  5 13:55:23:I:System: Logical link on dynamic lag interface ethernet 1/3/7 is up.
Apr  5 13:55:23:I:System: Interface ethernet 1/3/7, state up
Apr  5 13:55:23:I:System: Interface ve 178, state up
Apr  5 13:55:23:I:System: Interface ve 140, state up
Apr  5 13:55:23:I:System: Interface ve 130, state up
Apr  5 13:55:23:I:System: Interface ve 120, state up
Apr  5 13:55:23:I:System: Interface ve 110, state up
Apr  5 13:55:23:I:System: Interface ve 100, state up
Apr  5 13:55:23:I:System: Warm start
Apr  5 13:55:00:I:System: Port init success Stack unit 1 Port 1/2/1 Lane 0 T 0 R 0 Type 0:  00x00000x0000 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x0000 00x00000x000
Apr  5 13:52:28:I:DHCPC: protocol disabled by user
Apr  5 13:52:28:I:NTP: client association is mobilized for 129.250.35.250.
Apr  5 13:52:28:I:NTP: client association is mobilized for 82.161.139.11.
Apr  5 13:52:28:I:NTP: client association is mobilized for 213.109.127.82.
Apr  5 13:52:28:I:NTP: The system clock is not synchronized to any time source.
Apr  5 13:52:28:I:NTP: client association is mobilized for 95.211.160.148.
Apr  5 13:52:28:I:NTP: The system clock is not synchronized and does not have a reference configured.