Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

[klui]

Your best bet would probably be Mikrotik if you want 10GbaseT. Anything else you're looking at 48 ports idling at 200W with nothing connected. You can't disable/reconfigure them to save power like you could with the old Nortel 5510/5520. I hope I'm wrong here but I could not find any "energy saving" command in the CLI reference. Shutting down the ports made no difference in power consumption.

As an additional data point the current generation Arista 48-port 10GbaseT switches idle at 150W. The good thing is new or old, copper 10G switches' latency are the same per their datasheets, at least across Arista's entire portfolio and these VDX-Ts.

We all want cheap, good, fast. Here they are cheap because of high power use impacting your OpEx.

 

[Cncjerry]

pointer needed:

You bond two ports on a server and say they had addresses 192.168.1.16 and 192.168.1.116 before the bond. Then you make a bond0 for instance and static it to 192.168.1.16, does it present to the application as 192.168.1.16 or potentially both .116 and .16 depending on load?

I was playing around with bonding two 10Gb ports on win10 and ubuntu. Everything came up after some screwing around. An owncloud server was connected to my new 6610 through a bonded pair of the front 10Gb ports. That was the only connection to that server. The bond0 (bonded name) on the owncloud server address was set to 192.168.1.16, the usual address. I could ssh to it, share files using smb, etc but many, not all, of my clients couldn't connect to the owncloud server on .16. The .16 address pinged, etc. I took the server bond out and all is back up. To make things more interesting for me, the devices that could connect were on the same subnet but coming in wireless to an AP, all with their same addresses so it wasn't a DHCP plan sort of issue. All hitting the server had their usual addresses. All had to get to the server through the bond0 two 10Gb port link though. The devices that didn't work were all using 10Gb adapters, connected to the front of the 6610. The clients that worked came into the 6610 through a 1Gb link from the wireless access point. This doesn't make any sense.

Thanks, by the way, I love the 6610 performance. It allowed me to take out a switch needed to get to the outside world, merged it all into one box. Love it and this site.

Jerry

 

[Blue)(Fusion]

pointer needed:

You bond two ports on a server and say they had addresses 192.168.1.16 and 192.168.1.116 before the bond. Then you make a bond0 for instance and static it to 192.168.1.16, does it present to the application as 192.168.1.16 or potentially both .116 and .16 depending on load?

I was playing around with bonding two 10Gb ports on win10 and ubuntu. Everything came up after some screwing around. An owncloud server was connected to my new 6610 through a bonded pair of the front 10Gb ports. That was the only connection to that server. The bond0 (bonded name) on the owncloud server address was set to 192.168.1.16, the usual address. I could ssh to it, share files using smb, etc but many, not all, of my clients couldn't connect to the owncloud server on .16. The .16 address pinged, etc. I took the server bond out and all is back up. To make things more interesting for me, the devices that could connect were on the same subnet but coming in wireless to an AP, all with their same addresses so it wasn't a DHCP plan sort of issue. All hitting the server had their usual addresses. All had to get to the server through the bond0 two 10Gb port link though. The devices that didn't work were all using 10Gb adapters, connected to the front of the 6610. The clients that worked came into the 6610 through a 1Gb link from the wireless access point. This doesn't make any sense.

Thanks, by the way, I love the 6610 performance. It allowed me to take out a switch needed to get to the outside world, merged it all into one box. Love it and this site.

Jerry

Firstly, do not assign IPs whatsoever to the interfaces you intend to bond. Only apply an IP to the bond (bond0).

Secondly, it may be a listening interface issue with owncloud. I am not familiar with owncloud's configuration, but ensure it will listen in all interfaces or by an IP address (192.168.1.16). You can confirm what addresses it is listening on by using netstat -an | grep :<port> where <port> is the port used by the owncloud server.

 

[Cncjerry]

Firstly, do not assign IPs whatsoever to the interfaces you intend to bond. Only apply an IP to the bond (bond0).

Secondly, it may be a listening interface issue with owncloud. I am not familiar with owncloud's configuration, but ensure it will listen in all interfaces or by an IP address (192.168.1.16). You can confirm what addresses it is listening on by using netstat -an | grep :<port> where <port> is the port used by the owncloud server.

Thanks, I don't understand the address issue on the interfaces because the netplan didn't have them specified. I'll go back and look because "netplan apply" could be dragging a file in from someplace.

I did check owncloud and you have to specify the domain or IP address that would be the server's target. So I had the .16 address specified in owncloud and not the .116 address (the two addresses of the interfaces prior to bonding). Trying to access owncloud on any interface other than that in the domain configuration will post a message whereas the problem I was having was a hang.

This was the netplan I used when I bonded the interfaces. The indenting isn't working but you'll see no addresses. But before I bring up the bond0 or take it down, the interfaces have addresses. I don't know where it is getting them.


network:
version: 2
renderer: networkd
ethernets:
ens3f0:
dhcp4: no
ens3f1:
dhcp4: no
bonds:
bond0:
interfaces: [ens3f0, ens3f1]
addresses: [192.168.1.16/24]
gateway4: 192.168.1.1
nameservers:
addresses: [8.8.8.8,8.8.4.4]
parameters:
mode: 802.3ad
lacp-rate: fast
primary: ens3f0
mii-monitor-interval: 100


I'm going to bring the bond back up and see if I can figure it out. This command, netstat -an | grep :<port> , will help me.

Jerry

edit: one thing I just realized was that netplan apply adds to or changes configs but it doesn't look like it deletes other interfaces. so when I applied that plan above, the interfaces were still configured and therefore the addresses were still applied (to the interfaces.)

 

[Cncjerry]

maybe a simpler question:

I use a VPN for work and have to connect using Cisco Anyconnect from as many as 3 computers at a time. Problem is that while anyconnect is up, I can't get to my private email, printers, smb shares, etc. It blocks all of them.

Is there a way using the facilities of the ICX 6610 that I can bring-up an Anyconnect VPN from the switch? Maybe a dumb question but I am a sales person and I amaze myself that I got this far. I remember a while back Anyconnect allowed you to specify the TLD that was routed out that VPN bit that's been gone for a while.

Thanks

 

[klui]

You're experiencing that problem because your company has disallowed split-tunneling for its VPN connections. I've not used Cisco's AnyConnect for a long time and it was possible to override that in the past probably due to no formal setting.

 

[tinfoil3d]

Guys, I've recently bought 7150-24 and the screws it came with only permit to backside mount the ears(therefore, only mid-of-rack mount) which isn't gonna work for me. Does anyone know the exact screw type used there at the front? It's really crazy that they are designed different! 4 screw holes on the back of switch and on the front have completely different size!! I don't have these anywhere and need help finding these. Carrying around the switch at the hardware shop isn't gonna look or feel cool.

 

[RedX1]

Guys, I've recently bought 7150-24 and the screws it came with only permit to backside mount the ears(therefore, only mid-of-rack mount) which isn't gonna work for me. Does anyone know the exact screw type used there at the front? It's really crazy that they are designed different! 4 screw holes on the back of switch and on the front have completely different size!! I don't have these anywhere and need help finding these. Carrying around the switch at the hardware shop isn't gonna look or feel cool.

Hi

I have several Brocade switiches, including the 7150-24P


The Larger screws are 8/32 UNC and the Smaller screws are 6/32 UNC.

Check out - MS24693 MACHINE SCREWS (AN507) from some suppliers.

You will need 1/4" long countersunk, if you are using the standard brackets.


I hope that helps.


Take Care


RedX1

 

[tinfoil3d]

The Larger screws are 8/32 UNC and the Smaller screws are 6/32 UNC.

Check out - MS24693 MACHINE SCREWS (AN507) from some suppliers.

You will need 1/4" long countersunk, if you are using the standard brackets.

Thanks a lot, I did try standard 6/32 screws from pc cases but because their head is flat i can't rely on them to hold it tight, might collapse. MS24693 is apparently 8-32 thread which i already have, only fit rear. Do you know the front p/n?

 

[RedX1]

Thanks a lot, I did try standard 6/32 screws from pc cases but because their head is flat i can't rely on them to hold it tight, might collapse. MS24693 is apparently 8-32 thread which i already have, only fit rear. Do you know the front p/n?

Hi

MS24693 MACHINE SCREWS (AN507) is the generic screw type.

You will need to specify the Size and Length. They are 100 Deg Countersunk Angle. Some commercial syles have 90 Deg CS angles.

Both will work for your application.

Cad Plated

MS24693-S24

6-32

1/4

$0.05

Cad Plated

MS24693-S46

8-32

1/4

$0.06

These are from this supplier in the USA

MS24693 MACHINE SCREWS (AN507) | Aircraft Spruce


If you are in Europe.

MS24693 UNC/UNF Countersunk LAS Aerospace Ltd


Or you might try eBay.


Best of luck.


REdX1

 

[ccie4526]

maybe a simpler question:

I use a VPN for work and have to connect using Cisco Anyconnect from as many as 3 computers at a time. Problem is that while anyconnect is up, I can't get to my private email, printers, smb shares, etc. It blocks all of them.

Is there a way using the facilities of the ICX 6610 that I can bring-up an Anyconnect VPN from the switch? Maybe a dumb question but I am a sales person and I amaze myself that I got this far. I remember a while back Anyconnect allowed you to specify the TLD that was routed out that VPN bit that's been gone for a while.

Thanks

You're experiencing that problem because your company has disallowed split-tunneling for its VPN connections. I've not used Cisco's AnyConnect for a long time and it was possible to override that in the past probably due to no formal setting.

A little off topic from this thread, but @klui is correct. AnyConnect policies are defined by your corporate IT department, and you won't be able to change that locally. You *might* be able to talk your IT department into allowing access to a local printer, but access to your private email or local SMB shares is considered a security hole, and will likely be disallowed.

 

[Drewy]

This is kind of the point of corporate VPN access. Your employer doesn’t want your network connected to theirs.
I get around the printer problem by having my printer Ethernet connection on my network, for my stuff and the usb connection connected to my work laptop.
Back in the day when we were allowed to connect our own devices to work via vpn, I got my first and worse virus from work. So the current norm is safer both ways.

 

[liquidated]

I've just purchased three 6610's that I'll be adding into a rack and a single 7250 for a closet on the other side of the house. I have four cat6 cables going from the rack to the closet (about 15 - 20 meters.) My plan was to ring stack the 6610's using QSFP cables on the back stacking ports, then trunk to the 7250 using the cat6 cables. Does this make sense? Is there a way to include the 7250 into the stack with the 6610's without running any additional cables? Is there something else I should consider without having to run more cable?

 

[LodeRunner]

Trunking is your only option. You can't stack switches across families, only within them (so you can stack different versions of the 6610).

 

[Cncjerry]

Thanks for the hopeless replies. I thought at one time there was a way using Cisco's Anyconnect to only route to XYXCorp.com's domain and everything else stayed on the local lan. But once I fire-up Anyconnect, everything goes to the VPN including all my owncloud syncs, dropbox, printers, fileservers, etc. I see the point though. I was hoping there would be a way to hang a laptop on the network and bridge it's lan to the vpn and then in the switch, route that domain to the laptop, or something like that...

Thanks again,

Jerry

 

[phekno]

Registered here after reading the OP. Just took delivery of an ICX6610. I've loved getting it setup and learning on it so far. Now I'm debating using L3 on it, or sticking with a router-on-a-stick topology with OPNSense for my home.

Thanks for everything!

 

[Blue)(Fusion]

Registered here after reading the OP. Just took delivery of an ICX6610. I've loved getting it setup and learning on it so far. Now I'm debating using L3 on it, or sticking with a router-on-a-stick topology with OPNSense for my home.

Thanks for everything!

Don't do router-on-a-stick.

 

[Cncjerry]

quick question on the 6610:

Do the rear ports when fanned out (1/2/2 to 1/2/5) need to be configured as individual ports? I plugged an MTP fan out cable in with a QSFP and the ports are working yet the switch shows 1/2/2 as up and 1/2/3 to 1/2/5 as down. I have the 2nd port of a dual port card plugged into 1/2/3 and it is replying to pings yet the switch shows it as down and state as blocking as below. I tried to config enable it without luck.

Thanks

SSH@ioburger#show interface e 1/2/3
  10GigabitEthernet 1/2/3 is down, line protocol is down
  Port down for 1 hour(s) 47 minute(s) 8 second(s)
  Hardware is   10GigabitEthernet , address is cc4e.243b.ec14 (bia cc4e.243b.ec47)
  Configured speed 10Gbit, actual unknown, configured duplex fdx, actual unknown
  Configured mdi mode AUTO, actual unknown
  Member of L2 VLAN ID 1, port is untagged, port state is BLOCKING
  BPDU guard is Disabled, ROOT protect is Disabled, Designated protect is Disabled
  Link Error Dampening is Disabled
  STP configured to ON, priority is level0, mac-learning is enabled
  Openflow is Disabled, Openflow Hybrid mode is Disabled,  Flow Control is config enabled, oper enabled, negotiation disabled
  Mirror disabled, Monitor disabled
  Mac-notification is disabled
  Not member of any active trunks
  Not member of any configured trunks
  Port name is owc2
  MTU 1500 bytes, encapsulation ethernet
  300 second input rate: 0 bits/sec, 0 packets/sec, 0.00% utilization
  300 second output rate: 0 bits/sec, 0 packets/sec, 0.00% utilization
  43530328 packets input, 56998726541 bytes, 0 no buffer
  Received 3946 broadcasts, 704676 multicasts, 42821706 unicasts
  3 input errors, 3 CRC, 0 frame, 0 ignored
  0 runts, 0 giants
  22315910 packets output, 12573297677 bytes, 0 underruns
  Transmitted 98428 broadcasts, 293779 multicasts, 21923703 unicasts
  0 output errors, 0 collisions
  Relay Agent Information option: Disabled

Egress queues:
Queue counters    Queued packets    Dropped Packets
    0            22287511                   0
    1                   0                   0
    2                   0                   0
    3               28357                   0
    4                   0                   0
    5                  42                   0
    6                   0                   0
    7                   0                   0

 

[metalpizza123]

Hi hi quick question on whether I've just a defective unit or I'm missing something in the setup guide. I'm trying to setup the 6430-48P.

Following Fohdeesha's guide, I have the master zip downloaded and I had PuTTy set up to connect to the switch. I have a USB to serial adapter cable hooked up to the serial port, and a standard Cat 6 ethernet cable to the existing router. After booting several times with the PuTTy settings in the guide (I turned off Flow control), the output in the image showed up. After waiting several minutes, It briefly flashed some messages about loading PoE and restarted. However, since then I haven't been able to get any serial output, and can't set the values to the factory default. I've tried using the reset button on the front of the switch but to no avail. Mashing or holding the B button doesn't seem to be able to stop the bootloader, though with no output I have no clue whether it's even loading anything.

Essentially I'm just wondering if it's borked. It starts up and has a period of high fan load before slowing down, so the behaviour seems to be the same as before. The cable I'm using is a FTDI cable and I've installed their drivers for it.

Many thanks in advance.

 

[richtj99]

Hi - is it possible to have SSH available only vlan of choice?

My 7250 has two IP's

Vlan 10 - 192.168.10.10
Vlan 20 - 192.168.20.20

Is it possible to allow SSH access only on vlan 20 but not on vlan 10?

Thanks,
Rich