Brocade ICX Series (cheap & powerful 10gbE/40gbE switching)

[dos]

Hi hi quick question on whether I've just a defective unit or I'm missing something in the setup guide. I'm trying to setup the 6450-48P.

Following Fohdeesha's guide, I have the master zip downloaded and I had PuTTy set up to connect to the switch. I have a USB to serial adapter cable hooked up to the serial port, and a standard Cat 6 ethernet cable to the existing router. After booting several times with the PuTTy settings in the guide (I turned off Flow control), the output in the image showed up. After waiting several minutes, It briefly flashed some messages about loading PoE and restarted. However, since then I haven't been able to get any serial output, and can't set the values to the factory default. I've tried using the reset button on the front of the switch but to no avail. Mashing or holding the B button doesn't seem to be able to stop the bootloader, though with no output I have no clue whether it's even loading anything.

Essentially I'm just wondering if it's borked. It starts up and has a period of high fan load before slowing down, so the behaviour seems to be the same as before. The cable I'm using is a FTDI cable and I've installed their drivers for it.

Many thanks in advance.

its going to depend on the what fdti cable you have. some of them are only 3.3v logic and all though you can "see" the output from the switch you can't actually send any commands because the high to low is only 3.3v and not enough to actually trigger a signal. pleanty of people have posted about this but the tl;dr is use a standard cisco console cable, use either a rj45 keystone jack (i used a rj45 breakout adapter as an alternative) to connect the green, white & black usb wires. from there you should be able to interacte and "talk" to the switch.

 

[Blue)(Fusion]

Hi - is it possible to have SSH available only vlan of choice?

My 7250 has two IP's

Vlan 10 - 192.168.10.10
Vlan 20 - 192.168.20.20

Is it possible to allow SSH access only on vlan 20 but not on vlan 10?

Thanks,
Rich

Set up an ACL on the VE that you wish to prevent SSH access on.

 

[Freebsd1976]

upgrade my 7250-24 firmware to 0.9.0.00a today, Ambient temperature 25C, running temperature 58-61C (add 0615 fan on asic ). very satisfied for its running cool and almost silence, expect the idle power consumption.

 

[metalpizza123]

its going to depend on the what fdti cable you have. some of them are only 3.3v logic and all though you can "see" the output from the switch you can't actually send any commands because the high to low is only 3.3v and not enough to actually trigger a signal. pleanty of people have posted about this but the tl;dr is use a standard cisco console cable, use either a rj45 keystone jack (i used a rj45 breakout adapter as an alternative) to connect the green, white & black usb wires. from there you should be able to interacte and "talk" to the switch.

Yeah and that's what I had bought from here:

Cisco Console Cable USB to RJ45 Cable FTDI for Windows 8, 7, Vista,MAC, Linux RS232 6 Ft (Blue) : Amazon.co.uk: Computers & Accessories

Free delivery and returns on eligible orders. Buy Cisco Console Cable USB to RJ45 Cable FTDI for Windows 8, 7, Vista,MAC, Linux RS232 6 Ft (Blue) at Amazon UK.

www.amazon.co.uk

I'd seen that others had similar problems so I'd hoped that this cable was appropriate. It seemed to match the solution that other users had, and I did have console control briefly in that screenshot, so I'm optimistic about the cable, just not sure about the switch itself since it's not spitting any console output anymore.

 

[dos]

Yeah and that's what I had bought from here:

Cisco Console Cable USB to RJ45 Cable FTDI for Windows 8, 7, Vista,MAC, Linux RS232 6 Ft (Blue) : Amazon.co.uk: Computers & Accessories

Free delivery and returns on eligible orders. Buy Cisco Console Cable USB to RJ45 Cable FTDI for Windows 8, 7, Vista,MAC, Linux RS232 6 Ft (Blue) at Amazon UK.

www.amazon.co.uk

I'd seen that others had similar problems so I'd hoped that this cable was appropriate. It seemed to match the solution that other users had, and I did have console control briefly in that screenshot, so I'm optimistic about the cable, just not sure about the switch itself since it's not spitting any console output anymore.

on second glance i saw you mentioned you had the 6450 (rj45 console), not 7250 ("usb" console), so disregard the comments on needing the custom cable. a couple things of note, these switches take a small eternity to boot so you may just need to wait longer. the older images seem to have less output during the boot process compaired to the newer ufi images. secondly did this switch ever fully boot? it might be possible it doesn't have a valid image to load. i'd suggest restart the switch and smash that like button 'b' key and see if you can get into the boot monitor. if you can you know the console cable is working correctly, and then you can inspect the flash and make sure you have something to actually boot to. hopefully thats somewhat helpful.

 

[tinfoil3d]

I recently boarded the ruckus train for the first time and it's pretty cool. I'm still in a process of a basic setup but it feels so close to hp that i kinda figured out with tab completion all by myself. Restricting access to vlan is a bit different for this system but will figure it out. So cool. Thanks guys.

 

[richtj99]

Set up an ACL on the VE that you wish to prevent SSH access on.

Im not 100% sure but:


conf t
ip access-list 22 deny 192.168.10.0/24 log
ssh access-group 22
wr mem


or

conf t
int ve 10
ip access-list 22 deny ve 10
ssh access-group 22
wr mem


or

conf t
no ip ssh client 192.168.10.0/24


Im a little hesitant to try it & lose ssh but figured I would ask here first - thanks!

 

[Blue)(Fusion]

Here's a modified example of what I have in place.

ip access-list extended noadmin4                                    
  remark DENY ADMIN ACCESS TO SWITCH
  deny tcp any host 192.168.10.1 eq ssh log
  deny tcp any host 192.168.10.1 eq telnet log
  deny tcp any host 192.168.10.1 eq http log
  deny tcp any host 192.168.10.1 eq ssl log
  remark PERMIT REMAINING TRAFFIC
  permit ip any any 
  enable-accounting
  exit

ipv6 access-list noadmin6 
  logging-enable
  remark DENY ADMIN ACCESS TO SWITCH
  remark LINK-LOCAL
  deny tcp any host fe80::768e:f8ff:fe3e:b28a eq ssh log
  deny tcp any host fe80::768e:f8ff:fe3e:b28a eq telnet log
  deny tcp any host fe80::768e:f8ff:fe3e:b28a eq http log
  deny tcp any host fe80::768e:f8ff:fe3e:b28a eq ssl log
  remark ULA
  deny tcp any host fdc6:3916:1234:10::1 eq ssh log
  deny tcp any host fdc6:3916:1234:10::1 eq telnet log
  deny tcp any host fdc6:3916:1234:10::1 eq http log
  deny tcp any host fdc6:3916:1234:10::1 eq ssl log
  remark GUA
  deny tcp any host 2603:6018:3393:1610::1 eq ssh log
  deny tcp any host 2603:6018:3393:1610::1 eq telnet log
  deny tcp any host 2603:6018:3393:1610::1 eq http log
  deny tcp any host 2603:6018:3393:1610::1 eq ssl log
  remark ALLOW REMAINING TRAFFIC
  permit ipv6 any any
  enable-accounting
  exit

interface ve 10
  ip access-group noadmin4 in
  ipv6 traffic-filter noadmin6 in
  exit

Important note: In the above example, a host on the VLAN can access the switch via another VE IP. You can either enter the IP addresses of each VE and loopback of the switch in the rule or block access to other VLANs by default using the ACL, depending on your needs.

 

[daboxx]

Has anyone found a source for 40gb transceivers that are LC? I purchased some Arista 40g transceivers only to find that the fiber cables are pricy. I need about 15M of length so the DAC's will not work. Or a source for cheap MPO fiber cabling?

Thanks

 

[itronin]

Has anyone found a source for 40gb transceivers that are LC? I purchased some Arista 40g transceivers only to find that the fiber cables are pricy. I need about 15M of length so the DAC's will not work. Or a source for cheap MPO fiber cabling?

Thanks

EDIT - Sorry I missed that you already purchased the transceivers. If you can return them then...

Have you looked at AOC? If you are in the united states then pricing might be right.

for example: NEW Mellanox MC2206310-015 15 Meter 40GB 40 Gb QSFP to QSFP AOC Fiber Cable 9782206310015 | eBay

 

[LodeRunner]

Has anyone found a source for 40gb transceivers that are LC? I purchased some Arista 40g transceivers only to find that the fiber cables are pricy. I need about 15M of length so the DAC's will not work. Or a source for cheap MPO fiber cabling?

Thanks

Have you checked fs.com?

A 40Gb using LC is going to be a BiDi, so not cheap compared to normal home budgets and pricing for a MTP/MPO type.

 

[daboxx]

Have you looked at AOC? If you are in the united states then pricing might be right.

for example: NEW Mellanox MC2206310-015 15 Meter 40GB 40 Gb QSFP to QSFP AOC Fiber Cable 9782206310015 | eBay

Nice. That's about $30 cheaper than the Fiber cables I was looking at. And because I messed up already... I can use these as stack links or uplinks correct?

 

[daboxx]

Have you checked fs.com?

A 40Gb using LC is going to be a BiDi, so not cheap compared to normal home budgets and pricing for a MTP/MPO type.

Yes I did look at FS and about choked. I figured 40G was all LC or breakout. I did not even think to check.

 

[itronin]

Nice. That's about $30 cheaper than the Fiber cables I was looking at. And because I messed up already... I can use these as stack links or uplinks correct?

yes. I have some shorter ones (2m) that I used to stack (till my spare 6610's got flakey) and now use as host interconnects to a TNC filer.

 

[itronin]

Nice. That's about $30 cheaper than the Fiber cables I was looking at. And because I messed up already... I can use these as stack links or uplinks correct?

btw, I did not search or look very hard. There may be some cheaper ones on the bay as well. Simply a quick check that met your criteria.

 

[daboxx]

yes. I have some shorter ones (2m) that I used to stack (till my spare 6610's got flakey) and now use as host interconnects to a TNC filer.

Thankyou. I added them to my watch list. I appreciate the quick response and follow up!

 

[dos]

first, im sure there is an answer posted already some where but having a heck of a time finding it or generating a search for what im trying to find. doing my due dilagents i've combed through the forum and get the impression its possible but can't seem to find a specific answer or method? that said, my outlet temp is kicking into fan speed 2 by 1 degree. how does one go about changing the fan threshold to increase the temp the second speed kicks in? again, sorry to just ask directly but i've searching for a while and can't seem to find what i'm looking for. feel free to post a link rather than explaining if it is possible.

 

[anomaly]

Does 'permit' support logging for extended ACL rules, or it can only be applied to 'deny'?

Warning - permit log is no action.

I would like to be able to log permitted matches too, in some cases.

 

[Blue)(Fusion]

first, im sure there is an answer posted already some where but having a heck of a time finding it or generating a search for what im trying to find. doing my due dilagents i've combed through the forum and get the impression its possible but can't seem to find a specific answer or method? that said, my outlet temp is kicking into fan speed 2 by 1 degree. how does one go about changing the fan threshold to increase the temp the second speed kicks in? again, sorry to just ask directly but i've searching for a while and can't seem to find what i'm looking for. feel free to post a link rather than explaining if it is possible.

What is the room temperature and load of the switch? There have been reports of the heatsinks popping off the ASICs and causing hell with temps until resecured.

Does 'permit' support logging for extended ACL rules, or it can only be applied to 'deny'?

Warning - permit log is no action.

I would like to be able to log permitted matches too, in some cases.

Unfortunately you can not log permit actions.

 

[metalpizza123]

Hi hi,

I still don't know what I'm doing wrong and now I'm just confused as to what's happening. As dos said, the 64xx series boots slower, but I somehow am unable to reach the bootloader. The switch is booting and functional, and I can see it on my network as an ethernet connected device(even when it's only on the management ethernet port). I can even navigate to the IP and reach the login page, but I am just so confused as to what I'm doing wrong with the serial cable. I'm still not getting output on PuTTy with the cisco console cable.